Cross Reference: /freebsd-11-stable/contrib/sendmail/doc/op/op.me

Deleted Added

sdiff udiff text old ( 223067 ) new ( 244833 )

full compact

op.me (223067)	op.me (244833)
1.\" Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers. 2.\" All rights reserved. 3.\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. 4.\" Copyright (c) 1983, 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" By using this file, you agree to the terms and conditions set 8.\" forth in the LICENSE file which can be found at the top level of 9.\" the sendmail distribution. 10.\" 11.\"	1.\" Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers. 2.\" All rights reserved. 3.\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. 4.\" Copyright (c) 1983, 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" 7.\" By using this file, you agree to the terms and conditions set 8.\" forth in the LICENSE file which can be found at the top level of 9.\" the sendmail distribution. 10.\" 11.\"
12.\" $Id: op.me,v 8.747 2010/05/08 04:18:27 ca Exp $	12.\" $Id: op.me,v 8.749 2012/03/02 22:37:11 ca Exp $
13.\" 14.\" eqn op.me \| pic \| troff -me 15.\" 16.\" Define \(sc if not defined (for text output) 17.\" 18.if !c \(sc .char \(sc S 19.\" 20.\" Define \(dg as "" for text output and create a new .DG macro 21.\" which describes the symbol. 22.\" 23.if n .ds { [ 24.if n .ds } ] 25.ie !c \(dg \{\ 26.char \(dg 27.de DG 28an asterick 29.. 30.\} 31.el \{\ 32.de DG 33a dagger 34.. 35.\} 36.\" 37.\" Define \(dd as "#" for text output and create a new .DD macro 38.\" which describes the symbol. 39.\" 40.ie !c \(dd \{\ 41.char \(dd # 42.de DD 43a pound sign 44.. 45.\} 46.el \{\ 47.de DD 48a double dagger 49.. 50.\} 51.eh 'SMM:08-%''Sendmail Installation and Operation Guide' 52.oh 'Sendmail Installation and Operation Guide''SMM:08-%' 53.\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin 54.ds SD sbin 55.\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb 56.ds SB bin 57.nr si 3n 58.de $0 59.(x 60.in \\$3u*3n 61.ti -3n 62\\$2. \\$1 63.)x 64.. 65.de $C 66.(x 67.in 0 68\\$1 \\$2. \\$3 69.)x 70.. 71.+c 72.(l C 73.sz 16 74.b SENDMAIL\u\s-6TM\s0\d 75.sz 12 76.sp 77.b "INSTALLATION AND OPERATION GUIDE" 78.(f 79.b DISCLAIMER: 80This documentation is under modification. 81.)f 82.sz 10 83.sp 84.r 85Eric Allman 86Claus Assmann 87Gregory Neil Shapiro 88Sendmail, Inc. 89.sp 90.de Ve 91Version \\$2 92..	13.\" 14.\" eqn op.me \| pic \| troff -me 15.\" 16.\" Define \(sc if not defined (for text output) 17.\" 18.if !c \(sc .char \(sc S 19.\" 20.\" Define \(dg as "" for text output and create a new .DG macro 21.\" which describes the symbol. 22.\" 23.if n .ds { [ 24.if n .ds } ] 25.ie !c \(dg \{\ 26.char \(dg 27.de DG 28an asterick 29.. 30.\} 31.el \{\ 32.de DG 33a dagger 34.. 35.\} 36.\" 37.\" Define \(dd as "#" for text output and create a new .DD macro 38.\" which describes the symbol. 39.\" 40.ie !c \(dd \{\ 41.char \(dd # 42.de DD 43a pound sign 44.. 45.\} 46.el \{\ 47.de DD 48a double dagger 49.. 50.\} 51.eh 'SMM:08-%''Sendmail Installation and Operation Guide' 52.oh 'Sendmail Installation and Operation Guide''SMM:08-%' 53.\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin 54.ds SD sbin 55.\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb 56.ds SB bin 57.nr si 3n 58.de $0 59.(x 60.in \\$3u*3n 61.ti -3n 62\\$2. \\$1 63.)x 64.. 65.de $C 66.(x 67.in 0 68\\$1 \\$2. \\$3 69.)x 70.. 71.+c 72.(l C 73.sz 16 74.b SENDMAIL\u\s-6TM\s0\d 75.sz 12 76.sp 77.b "INSTALLATION AND OPERATION GUIDE" 78.(f 79.b DISCLAIMER: 80This documentation is under modification. 81.)f 82.sz 10 83.sp 84.r 85Eric Allman 86Claus Assmann 87Gregory Neil Shapiro 88Sendmail, Inc. 89.sp 90.de Ve 91Version \\$2 92..
93.Ve $Revision: 8.747 $	93.Ve $Revision: 8.749 $
94.rm Ve 95.sp 96For Sendmail Version 8.14 97.)l 98.(f 99Sendmail is a trademark of Sendmail, Inc. 100US Patent Numbers 6865671, 6986037. 101.)f 102.sp 2 103.pp 104.i Sendmail \u\s-2TM\s0\d 105implements a general purpose internetwork mail routing facility 106under the UNIX\(rg 107operating system. 108It is not tied to any one transport protocol \- 109its function may be likened to a crossbar switch, 110relaying messages from one domain into another. 111In the process, 112it can do a limited amount of message header editing 113to put the message into a format that is appropriate 114for the receiving domain. 115All of this is done under the control of a configuration file. 116.pp 117Due to the requirements of flexibility 118for 119.i sendmail , 120the configuration file can seem somewhat unapproachable. 121However, there are only a few basic configurations 122for most sites, 123for which standard configuration files have been supplied. 124Most other configurations 125can be built by adjusting an existing configuration file 126incrementally. 127.pp 128.i Sendmail 129is based on 130RFC 821 (Simple Mail Transport Protocol), 131RFC 822 (Internet Mail Headers Format), 132RFC 974 (MX routing), 133RFC 1123 (Internet Host Requirements), 134RFC 1413 (Identification server), 135RFC 1652 (SMTP 8BITMIME Extension), 136RFC 1869 (SMTP Service Extensions), 137RFC 1870 (SMTP SIZE Extension), 138RFC 1891 (SMTP Delivery Status Notifications), 139RFC 1892 (Multipart/Report), 140RFC 1893 (Enhanced Mail System Status Codes), 141RFC 1894 (Delivery Status Notifications), 142RFC 1985 (SMTP Service Extension for Remote Message Queue Starting), 143RFC 2033 (Local Message Transmission Protocol), 144RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes), 145RFC 2045 (MIME), 146RFC 2476 (Message Submission), 147RFC 2487 (SMTP Service Extension for Secure SMTP over TLS), 148RFC 2554 (SMTP Service Extension for Authentication), 149RFC 2821 (Simple Mail Transfer Protocol), 150RFC 2822 (Internet Message Format), 151RFC 2852 (Deliver By SMTP Service Extension), 152and 153RFC 2920 (SMTP Service Extension for Command Pipelining). 154However, since 155.i sendmail 156is designed to work in a wider world, 157in many cases it can be configured to exceed these protocols. 158These cases are described herein. 159.pp 160Although 161.i sendmail 162is intended to run 163without the need for monitoring, 164it has a number of features 165that may be used to monitor or adjust the operation 166under unusual circumstances. 167These features are described. 168.pp 169Section one describes how to do a basic 170.i sendmail 171installation. 172Section two 173explains the day-to-day information you should know 174to maintain your mail system. 175If you have a relatively normal site, 176these two sections should contain sufficient information 177for you to install 178.i sendmail 179and keep it happy. 180Section three 181has information regarding the command line arguments. 182Section four 183describes some parameters that may be safely tweaked. 184Section five 185contains the nitty-gritty information about the configuration 186file. 187This section is for masochists 188and people who must write their own configuration file. 189Section six 190describes configuration that can be done at compile time. 191The appendixes give a brief 192but detailed explanation of a number of features 193not described in the rest of the paper. 194.bp 7 195.sh 1 "BASIC INSTALLATION" 196.pp 197There are two basic steps to installing 198.i sendmail . 199First, you have to compile and install the binary. 200If 201.i sendmail 202has already been ported to your operating system 203that should be simple. 204Second, you must build a run-time configuration file. 205This is a file that 206.i sendmail 207reads when it starts up 208that describes the mailers it knows about, 209how to parse addresses, 210how to rewrite the message header, 211and the settings of various options. 212Although the configuration file can be quite complex, 213a configuration can usually be built 214using an M4-based configuration language. 215Assuming you have the standard 216.i sendmail 217distribution, see 218.i cf/README 219for further information. 220.pp 221The remainder of this section will describe the installation of 222.i sendmail 223assuming you can use one of the existing configurations 224and that the standard installation parameters are acceptable. 225All pathnames and examples 226are given from the root of the 227.i sendmail 228subtree, 229normally 230.i /usr/src/usr.\(SD/sendmail 231on 4.4BSD-based systems. 232.pp 233Continue with the next section if you need/want to compile 234.i sendmail 235yourself. 236If you have a running binary already on your system, 237you should probably skip to section 1.2. 238.sh 2 "Compiling Sendmail" 239.pp 240All 241.i sendmail 242source is in the 243.i sendmail 244subdirectory. 245To compile sendmail, 246.q cd 247into the 248.i sendmail 249directory and type 250.(b 251\&./Build 252.)b 253This will leave the binary in an appropriately named subdirectory, 254e.g., 255obj.BSD-OS.2.1.i386. 256It works for multiple object versions 257compiled out of the same directory. 258.sh 3 "Tweaking the Build Invocation" 259.pp 260You can give parameters on the 261.i Build 262command. 263In most cases these are only used when the 264.i obj.* 265directory is first created. 266To restart from scratch, use 267.i -c . 268These commands include: 269.nr ii 0.5i 270.ip "\-L \fIlibdirs\fP" 271A list of directories to search for libraries. 272.ip "\-I \fIincdirs\fP" 273A list of directories to search for include files. 274.ip "\-E \fIenvar\fP=\fIvalue\fP" 275Set an environment variable to an indicated 276.i value 277before compiling. 278.ip "\-c" 279Create a new 280.i obj.* 281tree before running. 282.ip "\-f \fIsiteconfig\fP" 283Read the indicated site configuration file. 284If this parameter is not specified, 285.i Build 286includes 287.i all 288of the files 289.i $BUILDTOOLS/Site/site.$oscf.m4 290and 291.i $BUILDTOOLS/Site/site.config.m4 , 292where $BUILDTOOLS is normally 293.i \&../devtools 294and $oscf is the same name as used on the 295.i obj.* 296directory. 297See below for a description of the site configuration file. 298.ip "\-S" 299Skip auto-configuration. 300.i Build 301will avoid auto-detecting libraries if this is set. 302All libraries and map definitions must be specified 303in the site configuration file. 304.lp 305Most other parameters are passed to the 306.i make 307program; for details see 308.i $BUILDTOOLS/README . 309.sh 3 "Creating a Site Configuration File" 310.\"XXX 311.pp 312(This section is not yet complete. 313For now, see the file devtools/README for details.) 314See sendmail/README for various compilation flags that can be set. 315.sh 3 "Tweaking the Makefile" 316.pp 317.\" .b "XXX This should all be in the Site Configuration File section." 318.i Sendmail 319supports two different formats 320for the local (on disk) version of databases, 321notably the 322.i aliases 323database. 324At least one of these should be defined if at all possible. 325.nr ii 1i 326.ip NDBM 327The ``new DBM'' format, 328available on nearly all systems around today. 329This was the preferred format prior to 4.4BSD. 330It allows such complex things as multiple databases 331and closing a currently open database. 332.ip NEWDB 333The Berkeley DB package. 334If you have this, use it. 335It allows 336long records, 337multiple open databases, 338real in-memory caching, 339and so forth. 340You can define this in conjunction with 341.sm NDBM ; 342if you do, 343old alias databases are read, 344but when a new database is created it will be in NEWDB format. 345As a nasty hack, 346if you have NEWDB, NDBM, and NIS defined, 347and if the alias file name includes the substring 348.q /yp/ , 349.i sendmail 350will create both new and old versions of the alias file 351during a 352.i newalias 353command. 354This is required because the Sun NIS/YP system 355reads the DBM version of the alias file. 356It's ugly as sin, 357but it works. 358.lp 359If neither of these are defined, 360.i sendmail 361reads the alias file into memory on every invocation. 362This can be slow and should be avoided. 363There are also several methods for remote database access: 364.ip LDAP 365Lightweight Directory Access Protocol. 366.ip NIS 367Sun's Network Information Services (formerly YP). 368.ip NISPLUS 369Sun's NIS+ services. 370.ip NETINFO 371NeXT's NetInfo service. 372.ip HESIOD 373Hesiod service (from Athena). 374.lp 375Other compilation flags are set in 376.i conf.h 377and should be predefined for you 378unless you are porting to a new environment. 379For more options see 380.i sendmail/README . 381.sh 3 "Compilation and installation" 382.pp 383After making the local system configuration described above, 384You should be able to compile and install the system. 385The script 386.q Build 387is the best approach on most systems: 388.(b 389\&./Build 390.)b 391This will use 392.i uname (1) 393to create a custom Makefile for your environment. 394.pp 395If you are installing in the standard places, 396you should be able to install using 397.(b 398\&./Build install 399.)b 400This should install the binary in 401/usr/\(SD 402and create links from 403/usr/\(SB/newaliases 404and 405/usr/\(SB/mailq 406to 407/usr/\(SD/sendmail. 408On most systems it will also format and install man pages. 409Notice: as of version 8.12 410.i sendmail 411will no longer be installed set-user-ID root by default. 412If you really want to use the old method, you can specify it as target: 413.(b 414\&./Build install-set-user-id 415.)b 416.sh 2 "Configuration Files" 417.pp 418.i Sendmail 419cannot operate without a configuration file. 420The configuration defines the mail delivery mechanisms understood at this site, 421how to access them, 422how to forward email to remote mail systems, 423and a number of tuning parameters. 424This configuration file is detailed 425in the later portion of this document. 426.pp 427The 428.i sendmail 429configuration can be daunting at first. 430The world is complex, 431and the mail configuration reflects that. 432The distribution includes an m4-based configuration package 433that hides a lot of the complexity. 434See 435.i cf/README 436for details. 437.pp 438Our configuration files are processed by 439.i m4 440to facilitate local customization; 441the directory 442.i cf 443of the 444.i sendmail 445distribution directory 446contains the source files. 447This directory contains several subdirectories: 448.nr ii 1i 449.ip cf 450Both site-dependent and site-independent descriptions of hosts. 451These can be literal host names 452(e.g., 453.q ucbvax.mc ) 454when the hosts are gateways 455or more general descriptions 456(such as 457.q "generic-solaris2.mc" 458as a general description of an SMTP-connected host 459running Solaris 2.x. 460Files ending 461.b \&.mc 462(``M4 Configuration'') 463are the input descriptions; 464the output is in the corresponding 465.b \&.cf 466file. 467The general structure of these files is described below. 468.ip domain 469Site-dependent subdomain descriptions. 470These are tied to the way your organization wants to do addressing. 471For example, 472.b domain/CS.Berkeley.EDU.m4 473is our description for hosts in the CS.Berkeley.EDU subdomain. 474These are referenced using the 475.sm DOMAIN 476.b m4 477macro in the 478.b \&.mc 479file. 480.ip feature 481Definitions of specific features that some particular host in your site 482might want. 483These are referenced using the 484.sm FEATURE 485.b m4 486macro. 487An example feature is 488use_cw_file 489(which tells 490.i sendmail 491to read an /etc/mail/local-host-names file on startup 492to find the set of local names). 493.ip hack 494Local hacks, referenced using the 495.sm HACK 496.b m4 497macro. 498Try to avoid these. 499The point of having them here is to make it clear that they smell. 500.ip m4 501Site-independent 502.i m4 (1) 503include files that have information common to all configuration files. 504This can be thought of as a 505.q #include 506directory. 507.ip mailer 508Definitions of mailers, 509referenced using the 510.sm MAILER 511.b m4 512macro. 513The mailer types that are known in this distribution are 514fax, 515local, 516smtp, 517uucp, 518and usenet. 519For example, to include support for the UUCP-based mailers, 520use 521.q MAILER(uucp) . 522.ip ostype 523Definitions describing various operating system environments 524(such as the location of support files). 525These are referenced using the 526.sm OSTYPE 527.b m4 528macro. 529.ip sh 530Shell files used by the 531.b m4 532build process. 533You shouldn't have to mess with these. 534.ip siteconfig 535Local UUCP connectivity information. 536This directory has been supplanted by the mailertable feature; 537any new configurations should use that feature to do UUCP 538(and other) routing. 539The use of this directory is deprecated. 540.pp 541If you are in a new domain 542(e.g., a company), 543you will probably want to create a 544cf/domain 545file for your domain. 546This consists primarily of relay definitions 547and features you want enabled site-wide: 548for example, Berkeley's domain definition 549defines relays for 550BitNET 551and UUCP. 552These are specific to Berkeley, 553and should be fully-qualified internet-style domain names. 554Please check to make certain they are reasonable for your domain. 555.pp 556Subdomains at Berkeley are also represented in the 557cf/domain 558directory. 559For example, 560the domain 561CS.Berkeley.EDU 562is the Computer Science subdomain, 563EECS.Berkeley.EDU 564is the Electrical Engineering and Computer Sciences subdomain, 565and 566S2K.Berkeley.EDU 567is the Sequoia 2000 subdomain. 568You will probably have to add an entry to this directory 569to be appropriate for your domain. 570.pp 571You will have to use or create 572.b \&.mc 573files in the 574.i cf/cf 575subdirectory for your hosts. 576This is detailed in the 577cf/README 578file. 579.sh 2 "Details of Installation Files" 580.pp 581This subsection describes the files that 582comprise the 583.i sendmail 584installation. 585.sh 3 "/usr/\(SD/sendmail" 586.pp 587The binary for 588.i sendmail 589is located in /usr/\(SD\*. 590.(f 591\This is usually 592/usr/sbin 593on 4.4BSD and newer systems; 594many systems install it in 595/usr/lib. 596I understand it is in /usr/ucblib 597on System V Release 4. 598.)f 599It should be set-group-ID smmsp as described in 600sendmail/SECURITY. 601For security reasons, 602/, /usr, and /usr/\(SD 603should be owned by root, mode 0755\*. 604.(f 605\Some vendors ship them owned by bin; 606this creates a security hole that is not actually related to 607.i sendmail . 608Other important directories that should have restrictive ownerships 609and permissions are 610/bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib. 611.)f 612.sh 3 "/etc/mail/sendmail.cf" 613.pp 614This is the main configuration file for 615.i sendmail \. 616.(f 617\Actually, the pathname varies depending on the operating system; 618/etc/mail is the preferred directory. 619Some older systems install it in 620.b /usr/lib/sendmail.cf , 621and I've also seen it in 622.b /usr/ucblib . 623If you want to move this file, 624add -D_PATH_SENDMAILCF=\e"/file/name\e" 625to the flags passed to the C compiler. 626Moving this file is not recommended: 627other programs and scripts know of this location. 628.)f 629This is one of the two non-library file names compiled into 630.i sendmail \, 631the other is /etc/mail/submit.cf. 632.(f 633\The system libraries can reference other files; 634in particular, system library subroutines that 635.i sendmail 636calls probably reference 637.i /etc/passwd 638and 639.i /etc/resolv.conf . 640.)f 641.pp 642The configuration file is normally created 643using the distribution files described above. 644If you have a particularly unusual system configuration 645you may need to create a special version. 646The format of this file is detailed in later sections 647of this document. 648.sh 3 "/etc/mail/submit.cf" 649.pp 650This is the configuration file for 651.i sendmail 652when it is used for initial mail submission, in which case 653it is also called ``Mail Submission Program'' (MSP) 654in contrast to ``Mail Transfer Agent'' (MTA). 655Starting with version 8.12, 656.i sendmail 657uses one of two different configuration files based on its operation mode 658(or the new 659.b \-A 660option). 661For initial mail submission, i.e., if one of the options 662.b \-bm 663(default), 664.b \-bs , 665or 666.b \-t 667is specified, submit.cf is used (if available), 668for other operations sendmail.cf is used. 669Details can be found in 670.i sendmail/SECURITY . 671submit.cf is shipped with sendmail (in cf/cf/) and is installed by default. 672If changes to the configuration need to be made, start with 673cf/cf/submit.mc and follow the instruction in cf/README. 674.sh 3 "/usr/\(SB/newaliases" 675.pp 676The 677.i newaliases 678command should just be a link to 679.i sendmail : 680.(b 681rm \-f /usr/\(SB/newaliases 682ln \-s /usr/\(SD/sendmail /usr/\(SB/newaliases 683.)b 684This can be installed in whatever search path you prefer 685for your system. 686.sh 3 "/usr/\(SB/hoststat" 687.pp 688The 689.i hoststat 690command should just be a link to 691.i sendmail , 692in a fashion similar to 693.i newaliases . 694This command lists the status of the last mail transaction 695with all remote hosts. The 696.b \-v 697flag will prevent the status display from being truncated. 698It functions only when the 699.b HostStatusDirectory 700option is set. 701.sh 3 "/usr/\(SB/purgestat" 702.pp 703This command is also a link to 704.i sendmail . 705It flushes expired (Timeout.hoststatus) information that is stored in the 706.b HostStatusDirectory 707tree. 708.sh 3 "/var/spool/mqueue" 709.pp 710The directory 711.i /var/spool/mqueue 712should be created to hold the mail queue. 713This directory should be mode 0700 714and owned by root. 715.pp 716The actual path of this directory 717is defined by the 718.b QueueDirectory 719option of the 720.i sendmail.cf 721file. 722To use multiple queues, 723supply a value ending with an asterisk. 724For example, 725.i /var/spool/mqueue/qd 726will use all of the directories or symbolic links to directories 727beginning with `qd' in 728.i /var/spool/mqueue 729as queue directories. 730Do not change the queue directory structure 731while sendmail is running. 732.pp 733If these directories have subdirectories or symbolic links to directories 734named `qf', `df', and `xf', then these will be used for the different 735queue file types. 736That is, the data files are stored in the `df' subdirectory, 737the transcript files are stored in the `xf' subdirectory, and 738all others are stored in the `qf' subdirectory. 739.pp 740If shared memory support is compiled in, 741.i sendmail 742stores the available diskspace in a shared memory segment 743to make the values readily available to all children without 744incurring system overhead. 745In this case, only the daemon updates the data; 746i.e., the sendmail daemon creates the shared memory segment 747and deletes it if it is terminated. 748To use this, 749.i sendmail 750must have been compiled with support for shared memory 751(-DSM_CONF_SHM) 752and the option 753.b SharedMemoryKey 754must be set. 755Notice: do not use the same key for 756.i sendmail 757invocations with different queue directories 758or different queue group declarations. 759Access to shared memory is not controlled by locks, 760i.e., there is a race condition when data in the shared memory is updated. 761However, since operation of 762.i sendmail 763does not rely on the data in the shared memory, this does not negatively 764influence the behavior. 765.sh 3 "/var/spool/clientmqueue" 766.pp 767The directory 768.i /var/spool/clientmqueue 769should be created to hold the mail queue. 770This directory should be mode 0770 771and owned by user smmsp, group smmsp. 772.pp 773The actual path of this directory 774is defined by the 775.b QueueDirectory 776option of the 777.i submit.cf 778file. 779.sh 3 "/var/spool/mqueue/.hoststat" 780.pp 781This is a typical value for the 782.b HostStatusDirectory 783option, 784containing one file per host 785that this sendmail has chatted with recently. 786It is normally a subdirectory of 787.i mqueue . 788.sh 3 "/etc/mail/aliases" 789.pp 790The system aliases are held in 791.q /etc/mail/aliases . 792A sample is given in 793.q sendmail/aliases 794which includes some aliases which 795.i must 796be defined: 797.(b 798cp sendmail/aliases /etc/mail/aliases 799.i "edit /etc/mail/aliases" 800.)b 801You should extend this file with any aliases that are apropos to your system. 802.pp 803Normally 804.i sendmail 805looks at a database version of the files, 806stored either in 807.q /etc/mail/aliases.dir 808and 809.q /etc/mail/aliases.pag 810or 811.q /etc/mail/aliases.db 812depending on which database package you are using. 813The actual path of this file 814is defined in the 815.b AliasFile 816option of the 817.i sendmail.cf 818file. 819.pp 820The permissions of the alias file and the database versions 821should be 0640 to prevent local denial of service attacks 822as explained in the top level 823.b README 824in the sendmail distribution. 825If the permissions 0640 are used, be sure that only trusted users belong 826to the group assigned to those files. Otherwise, files should not even 827be group readable. 828.sh 3 "/etc/rc or /etc/init.d/sendmail" 829.pp 830It will be necessary to start up the 831.i sendmail 832daemon when your system reboots. 833This daemon performs two functions: 834it listens on the SMTP socket for connections 835(to receive mail from a remote system) 836and it processes the queue periodically 837to insure that mail gets delivered when hosts come up. 838.pp 839If necessary, add the following lines to 840.q /etc/rc 841(or 842.q /etc/rc.local 843as appropriate) 844in the area where it is starting up the daemons 845on a BSD-base system, 846or on a System-V-based system 847in one of the startup files, typically 848.q /etc/init.d/sendmail : 849.(b 850if [ \-f /usr/\(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then 851 (cd /var/spool/mqueue; rm \-f xf) 852* /usr/\(SD/sendmail \-bd \-q30m & 853* echo \-n ' sendmail' >/dev/console 854fi 855.)b 856The 857.q cd 858and 859.q rm 860commands insure that all transcript files have been removed; 861extraneous transcript files may be left around 862if the system goes down in the middle of processing a message. 863The line that actually invokes 864.i sendmail 865has two flags: 866.q \-bd 867causes it to listen on the SMTP port, 868and 869.q \-q30m 870causes it to run the queue every half hour. 871.pp 872Some people use a more complex startup script, 873removing zero length qf/hf/Qf files and df files for which there is no 874qf/hf/Qf file. 875Note this is not advisable. 876For example, see Figure 1 877for an example of a complex script which does this clean up. 878.(z 879.hl 880#!/bin/sh 881# remove zero length qf/hf/Qf files 882for qffile in qf* hf* Qf* 883do 884 if [ \-r $qffile ] 885 then 886 if [ ! \-s $qffile ] 887 then 888 echo \-n " <zero: $qffile>" > /dev/console 889 rm \-f $qffile 890 fi 891 fi 892done 893# rename tf files to be qf if the qf does not exist 894for tffile in tf* 895do 896 qffile=`echo $tffile \| sed 's/t/q/'` 897 if [ \-r $tffile \-a ! \-f $qffile ] 898 then 899 echo \-n " <recovering: $tffile>" > /dev/console 900 mv $tffile $qffile 901 else 902 if [ \-f $tffile ] 903 then 904 echo \-n " <extra: $tffile>" > /dev/console 905 rm \-f $tffile 906 fi 907 fi 908done 909# remove df files with no corresponding qf/hf/Qf files 910for dffile in df* 911do 912 qffile=`echo $dffile \| sed 's/d/q/'` 913 hffile=`echo $dffile \| sed 's/d/h/'` 914 Qffile=`echo $dffile \| sed 's/d/Q/'` 915 if [ \-r $dffile \-a ! \-f $qffile \-a ! \-f $hffile \-a ! \-f $Qffile ] 916 then 917 echo \-n " <incomplete: $dffile>" > /dev/console 918 mv $dffile `echo $dffile \| sed 's/d/D/'` 919 fi 920done 921# announce files that have been saved during disaster recovery 922for xffile in [A-Z]f* 923do 924 if [ \-f $xffile ] 925 then 926 echo \-n " <panic: $xffile>" > /dev/console 927 fi 928done 929.sp 930.ce 931Figure 1 \(em A complex startup script 932.hl 933.)z 934.sh 3 "/etc/mail/helpfile" 935.pp 936This is the help file used by the SMTP 937.b HELP 938command. 939It should be copied from 940.q sendmail/helpfile : 941.(b 942cp sendmail/helpfile /etc/mail/helpfile 943.)b 944The actual path of this file 945is defined in the 946.b HelpFile 947option of the 948.i sendmail.cf 949file. 950.sh 3 "/etc/mail/statistics" 951.pp 952If you wish to collect statistics 953about your mail traffic, 954you should create the file 955.q /etc/mail/statistics : 956.(b 957cp /dev/null /etc/mail/statistics 958chmod 0600 /etc/mail/statistics 959.)b 960This file does not grow. 961It is printed with the program 962.q mailstats/mailstats.c. 963The actual path of this file 964is defined in the 965.b S 966option of the 967.i sendmail.cf 968file. 969.sh 3 "/usr/\(SB/mailq" 970.pp 971If 972.i sendmail 973is invoked as 974.q mailq, 975it will simulate the 976.b \-bp 977flag 978(i.e., 979.i sendmail 980will print the contents of the mail queue; 981see below). 982This should be a link to /usr/\(SD/sendmail. 983.sh 3 "sendmail.pid" 984.pp 985.i sendmail 986stores its current pid in the file specified by the 987.b PidFile 988option (default is _PATH_SENDMAILPID). 989.i sendmail 990uses 991.b TempFileMode 992(which defaults to 0600) as 993the permissions of that file 994to prevent local denial of service attacks 995as explained in the top level 996.b README 997in the sendmail distribution. 998If the file already exists, then it might be necessary to 999change the permissions accordingly, e.g., 1000.(b 1001chmod 0600 /var/run/sendmail.pid 1002.)b 1003Note that as of version 8.13, this file is unlinked when 1004.i sendmail 1005exits. 1006As a result of this change, a script such as the following, 1007which may have worked prior to 8.13, will no longer work: 1008.(b 1009# stop & start sendmail 1010PIDFILE=/var/run/sendmail.pid 1011kill `head -1 $PIDFILE` 1012`tail -1 $PIDFILE` 1013.)b 1014because it assumes that the pidfile will still exist even 1015after killing the process to which it refers. 1016Below is a script which will work correctly 1017on both newer and older versions: 1018.(b 1019# stop & start sendmail 1020PIDFILE=/var/run/sendmail.pid 1021pid=`head -1 $PIDFILE` 1022cmd=`tail -1 $PIDFILE` 1023kill $pid 1024$cmd 1025.)b 1026This is just an example script, it does not perform any error checks, 1027e.g., whether the pidfile exists at all. 1028.sh 3 "Map Files" 1029.pp 1030To prevent local denial of service attacks 1031as explained in the top level 1032.b README 1033in the sendmail distribution, 1034the permissions of map files created by 1035.i makemap 1036should be 0640. 1037The use of 0640 implies that only trusted users belong to the group 1038assigned to those files. 1039If those files already exist, then it might be necessary to 1040change the permissions accordingly, e.g., 1041.(b 1042cd /etc/mail 1043chmod 0640 .db .pag .dir 1044.)b 1045.sh 1 "NORMAL OPERATIONS" 1046.sh 2 "The System Log" 1047.pp 1048The system log is supported by the 1049.i syslogd \\|(8) 1050program. 1051All messages from 1052.i sendmail 1053are logged under the 1054.sm LOG_MAIL 1055facility\. 1056.(f 1057\Except on Ultrix, 1058which does not support facilities in the syslog. 1059.)f 1060.sh 3 "Format" 1061.pp 1062Each line in the system log 1063consists of a timestamp, 1064the name of the machine that generated it 1065(for logging from several machines 1066over the local area network), 1067the word 1068.q sendmail: , 1069and a message\. 1070.(f 1071\This format may vary slightly if your vendor has changed 1072the syntax. 1073.)f 1074Most messages are a sequence of 1075.i name \c 1076=\c 1077.i value 1078pairs. 1079.pp 1080The two most common lines are logged when a message is processed. 1081The first logs the receipt of a message; 1082there will be exactly one of these per message. 1083Some fields may be omitted if they do not contain interesting information. 1084Fields are: 1085.ip from 1086The envelope sender address. 1087.ip size 1088The size of the message in bytes. 1089.ip class 1090The class (i.e., numeric precedence) of the message. 1091.ip pri 1092The initial message priority (used for queue sorting). 1093.ip nrcpts 1094The number of envelope recipients for this message 1095(after aliasing and forwarding). 1096.ip msgid 1097The message id of the message (from the header). 1098.ip bodytype 1099The message body type (7BIT or 8BITMIME), 1100as determined from the envelope. 1101.ip proto 1102The protocol used to receive this message (e.g., ESMTP or UUCP) 1103.ip daemon 1104The daemon name from the 1105.b DaemonPortOptions 1106setting. 1107.ip relay 1108The machine from which it was received. 1109.lp 1110There is also one line logged per delivery attempt 1111(so there can be several per message if delivery is deferred 1112or there are multiple recipients). 1113Fields are: 1114.ip to 1115A comma-separated list of the recipients to this mailer. 1116.ip ctladdr 1117The ``controlling user'', that is, the name of the user 1118whose credentials we use for delivery. 1119.ip delay 1120The total delay between the time this message was received 1121and the current delivery attempt. 1122.ip xdelay 1123The amount of time needed in this delivery attempt 1124(normally indicative of the speed of the connection). 1125.ip mailer 1126The name of the mailer used to deliver to this recipient. 1127.ip relay 1128The name of the host that actually accepted (or rejected) this recipient. 1129.ip dsn 1130The enhanced error code (RFC 2034) if available. 1131.ip stat 1132The delivery status. 1133.lp 1134Not all fields are present in all messages; 1135for example, the relay is usually not listed for local deliveries. 1136.sh 3 "Levels" 1137.pp 1138If you have 1139.i syslogd \\|(8) 1140or an equivalent installed, 1141you will be able to do logging. 1142There is a large amount of information that can be logged. 1143The log is arranged as a succession of levels. 1144At the lowest level 1145only extremely strange situations are logged. 1146At the highest level, 1147even the most mundane and uninteresting events 1148are recorded for posterity. 1149As a convention, 1150log levels under ten 1151are considered generally 1152.q useful; 1153log levels above 64 1154are reserved for debugging purposes. 1155Levels from 11\-64 are reserved for verbose information 1156that some sites might want. 1157.pp 1158A complete description of the log levels 1159is given in section ``Log Level''. 1160.sh 2 "Dumping State" 1161.pp 1162You can ask 1163.i sendmail 1164to log a dump of the open files 1165and the connection cache 1166by sending it a 1167.sm SIGUSR1 1168signal. 1169The results are logged at 1170.sm LOG_DEBUG 1171priority. 1172.sh 2 "The Mail Queues" 1173.pp 1174Mail messages may either be delivered immediately or be held for later 1175delivery. 1176Held messages are placed into a holding directory called a mail queue. 1177.pp 1178A mail message may be queued for these reasons: 1179.bu 1180If a mail message is temporarily undeliverable, it is queued 1181and delivery is attempted later. 1182If the message is addressed to multiple recipients, it is queued 1183only for those recipients to whom delivery is not immediately possible. 1184.bu 1185If the SuperSafe option is set to true, 1186all mail messages are queued while delivery is attempted. 1187.bu 1188If the DeliveryMode option is set to queue-only or defer, 1189all mail is queued, and no immediate delivery is attempted. 1190.bu 1191If the load average becomes higher than the value of the QueueLA option 1192and the 1193.b QueueFactor 1194(\c 1195.b q ) 1196option divided by the difference in the current load average and the 1197.b QueueLA 1198option plus one 1199is less than the priority of the message, 1200messages are queued rather than immediately delivered. 1201.bu 1202One or more addresses are marked as expensive and delivery is postponed 1203until the next queue run or one or more address are marked as held via 1204mailer which uses the hold mailer flag. 1205.bu 1206The mail message has been marked as quarantined via a mail filter or 1207rulesets. 1208.bu 1209.sh 3 "Queue Groups and Queue Directories" 1210.pp 1211There are one or more mail queues. 1212Each mail queue belongs to a queue group. 1213There is always a default queue group that is called ``mqueue'' 1214(which is where messages go by default unless otherwise specified). 1215The directory or directories which comprise the default queue group 1216are specified by the QueueDirectory option. 1217There are zero or more 1218additional named queue groups declared using the 1219.b Q 1220command in the configuration file. 1221.pp 1222By default, a queued message is placed in the queue group 1223associated with the first recipient in the recipient list. 1224A recipient address is mapped to a queue group as follows. 1225First, if there is a ruleset called ``queuegroup'', 1226and if this ruleset maps the address to a queue group name, 1227then that queue group is chosen. 1228That is, the argument for the ruleset is the recipient address 1229and the result should be 1230.b $# 1231followed by the name of a queue group. 1232Otherwise, if the mailer associated with the address specifies 1233a queue group, then that queue group is chosen. 1234Otherwise, the default queue group is chosen. 1235.pp 1236A message with multiple recipients will be split 1237if different queue groups are chosen 1238by the mapping of recipients to queue groups. 1239.pp 1240When a message is placed in a queue group, and the queue group has 1241more than one queue, a queue is selected randomly. 1242.pp 1243If a message with multiple recipients is placed into a queue group 1244with the 'r' option (maximum number of recipients per message) 1245set to a positive value 1246.i N , 1247and if there are more than 1248.i N 1249recipients 1250in the message, then the message will be split into multiple messages, 1251each of which have at most 1252.i N 1253recipients. 1254.pp 1255Notice: if multiple queue groups are used, do 1256.b not 1257move queue files around, e.g., into a different queue directory. 1258This may have weird effects and can cause mail not to be delivered. 1259Queue files and directories should be treated as opaque 1260and should not be manipulated directly. 1261.sh 3 "Queue Runs" 1262.pp 1263.i sendmail 1264has two different ways to process the queue(s). 1265The first one is to start queue runners after certain intervals 1266(``normal'' queue runners), 1267the second one is to keep queue runner processes around 1268(``persistent'' queue runners). 1269How to select either of these types is discussed in the appendix 1270``COMMAND LINE FLAGS''. 1271Persistent queue runners have the advantage that no new processes 1272need to be spawned at certain intervals; they just sleep for 1273a specified time after they finished a queue run. 1274Another advantage of persistent queue runners is that only one process 1275belonging to a workgroup (a workgroup is a set of queue groups) 1276collects the data for a queue run 1277and then multiple queue runner may go ahead using that data. 1278This can significantly reduce the disk I/O necessary to read the 1279queue files compared to starting multiple queue runners directly. 1280Their disadvantage is that a new queue run is only started 1281after all queue runners belonging to a group finished their tasks. 1282In case one of the queue runners tries delivery to a slow recipient site 1283at the end of a queue run, the next queue run may be substantially delayed. 1284In general this should be smoothed out due to the distribution of 1285those slow jobs, however, for sites with small number of 1286queue entries this might introduce noticable delays. 1287In general, persistent queue runners are only useful for 1288sites with big queues. 1289.sh 3 "Manual Intervention" 1290.pp 1291Under normal conditions the mail queue will be processed transparently. 1292However, you may find that manual intervention is sometimes necessary. 1293For example, 1294if a major host is down for a period of time 1295the queue may become clogged. 1296Although 1297.i sendmail 1298ought to recover gracefully when the host comes up, 1299you may find performance unacceptably bad in the meantime. 1300In that case you want to check the content of the queue 1301and manipulate it as explained in the next two sections. 1302.sh 3 "Printing the queue" 1303.pp 1304The contents of the queue(s) can be printed 1305using the 1306.i mailq 1307command 1308(or by specifying the 1309.b \-bp 1310flag to 1311.i sendmail ): 1312.(b 1313mailq 1314.)b 1315This will produce a listing of the queue id's, 1316the size of the message, 1317the date the message entered the queue, 1318and the sender and recipients. 1319If shared memory support is compiled in, 1320the flag 1321.b \-bP 1322can be used to print the number of entries in the queue(s), 1323provided a process updates the data. 1324However, as explained earlier, the output might be slightly wrong, 1325since access to the shared memory is not locked. 1326For example, 1327``unknown number of entries'' 1328might be shown. 1329The internal counters are updated after each queue run 1330to the correct value again. 1331.sh 3 "Forcing the queue" 1332.pp 1333.i Sendmail 1334should run the queue automatically at intervals. 1335When using multiple queues, 1336a separate process will by default be created to 1337run each of the queues 1338unless the queue run is initiated by a user 1339with the verbose flag. 1340The algorithm is to read and sort the queue, 1341and then to attempt to process all jobs in order. 1342When it attempts to run the job, 1343.i sendmail 1344first checks to see if the job is locked. 1345If so, it ignores the job. 1346.pp 1347There is no attempt to insure that only one queue processor 1348exists at any time, 1349since there is no guarantee that a job cannot take forever 1350to process 1351(however, 1352.i sendmail 1353does include heuristics to try to abort jobs 1354that are taking absurd amounts of time; 1355technically, this violates RFC 821, but is blessed by RFC 1123). 1356Due to the locking algorithm, 1357it is impossible for one job to freeze the entire queue. 1358However, 1359an uncooperative recipient host 1360or a program recipient 1361that never returns 1362can accumulate many processes in your system. 1363Unfortunately, 1364there is no completely general way to solve this. 1365.pp 1366In some cases, 1367you may find that a major host going down 1368for a couple of days 1369may create a prohibitively large queue. 1370This will result in 1371.i sendmail 1372spending an inordinate amount of time 1373sorting the queue. 1374This situation can be fixed by moving the queue to a temporary place 1375and creating a new queue. 1376The old queue can be run later when the offending host returns to service. 1377.pp 1378To do this, 1379it is acceptable to move the entire queue directory: 1380.(b 1381cd /var/spool 1382mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue 1383.)b 1384You should then kill the existing daemon 1385(since it will still be processing in the old queue directory) 1386and create a new daemon. 1387.pp 1388To run the old mail queue, issue the following command: 1389.(b 1390/usr/\(SD/sendmail \-C /etc/mail/queue.cf \-q 1391.)b 1392The 1393.b \-C 1394flag specifies an alternate configuration file 1395.b queue.cf 1396which should refer to the moved queue directory 1397.(b 1398O QueueDirectory=/var/spool/omqueue 1399.)b 1400and the 1401.b \-q 1402flag says to just run every job in the queue. 1403You can also specify the moved queue directory on the command line 1404.(b 1405/usr/\(SD/sendmail \-oQ/var/spool/omqueue \-q 1406.)b 1407but this requires that you do not have 1408queue groups in the configuration file, 1409because those are not subdirectories of the moved directory. 1410See the section about ``Queue Group Declaration'' for details; 1411you most likely need a different configuration file to correctly deal 1412with this problem. 1413However, a proper configuration of queue groups should avoid 1414filling up queue directories, so you shouldn't run into 1415this problem. 1416If you have a tendency toward voyeurism, 1417you can use the 1418.b \-v 1419flag to watch what is going on. 1420.pp 1421When the queue is finally emptied, 1422you can remove the directory: 1423.(b 1424rmdir /var/spool/omqueue 1425.)b 1426.sh 3 "Quarantined Queue Items" 1427.pp 1428It is possible to "quarantine" mail messages, 1429otherwise known as envelopes. 1430Envelopes (queue files) are stored but not considered for delivery or 1431display unless the "quarantine" state of the envelope is undone or 1432delivery or display of quarantined items is requested. 1433Quarantined messages are tagged by using a different name for the queue 1434file, 'hf' instead of 'qf', and by adding the quarantine reason to the 1435queue file. 1436.pp 1437Delivery or display of quarantined items can be requested using the 1438.b \-qQ 1439flag to 1440.i sendmail 1441or 1442.i mailq . 1443Additionally, messages already in the queue can be quarantined or 1444unquarantined using the new 1445.b \-Q 1446flag to sendmail. 1447For example, 1448.(b 1449sendmail -Qreason -q[!][I\|R\|S][matchstring] 1450.)b 1451Quarantines the normal queue items matching the criteria specified by the 1452.b "-q[!][I\|R\|S][matchstring]" 1453using the reason given on the 1454.b \-Q 1455flag. 1456Likewise, 1457.(b 1458sendmail -qQ -Q[reason] -q[!][I\|R\|S\|Q][matchstring] 1459.)b 1460Change the quarantine reason for the quarantined items matching the 1461criteria specified by the 1462.b "-q[!][I\|R\|S\|Q][matchstring]" 1463using the reason given on the 1464.b \-Q 1465flag. 1466If there is no reason, 1467* unquarantine the matching items and make them normal queue items. 1468Note that the 1469.b \-qQ 1470flag tells sendmail to operate on quarantined items instead of normal items. 1471.sh 2 "Disk Based Connection Information" 1472.pp 1473.i Sendmail 1474stores a large amount of information about each remote system it 1475has connected to in memory. It is possible to preserve some 1476of this information on disk as well, by using the 1477.b HostStatusDirectory 1478option, so that it may be shared between several invocations of 1479.i sendmail . 1480This allows mail to be queued immediately or skipped during a queue run if 1481there has been a recent failure in connecting to a remote machine. 1482Note: information about a remote system is stored in a file 1483whose pathname consists of the components of the hostname in reverse order. 1484For example, the information for 1485.b host.example.com 1486is stored in 1487.b com./example./host . 1488For top-level domains like 1489.b com 1490this can create a large number of subdirectories 1491which on some filesystems can exhaust some limits. 1492Moreover, the performance of lookups in directory with thousands of entries 1493can be fairly slow depending on the filesystem implementation. 1494.pp 1495Additionally enabling 1496.b SingleThreadDelivery 1497has the added effect of single-threading mail delivery to a destination. 1498This can be quite helpful 1499if the remote machine is running an SMTP server that is easily overloaded 1500or cannot accept more than a single connection at a time, 1501but can cause some messages to be punted to a future queue run. 1502It also applies to 1503.i all 1504hosts, so setting this because you have one machine on site 1505that runs some software that is easily overrun 1506can cause mail to other hosts to be slowed down. 1507If this option is set, 1508you probably want to set the 1509.b MinQueueAge 1510option as well and run the queue fairly frequently; 1511this way jobs that are skipped because another 1512.i sendmail 1513is talking to the same host will be tried again quickly 1514rather than being delayed for a long time. 1515.pp 1516The disk based host information is stored in a subdirectory of the 1517.b mqueue 1518directory called 1519.b \&.hoststat \*. 1520.(f 1521\This is the usual value of the 1522.b HostStatusDirectory 1523option; 1524it can, of course, go anywhere you like in your filesystem. 1525.)f 1526Removing this directory and its subdirectories has an effect similar to 1527the 1528.i purgestat 1529command and is completely safe. 1530However, 1531.i purgestat 1532only removes expired (Timeout.hoststatus) data. 1533The information in these directories can 1534be perused with the 1535.i hoststat 1536command, which will indicate the host name, the last access, and the 1537status of that access. 1538An asterisk in the left most column indicates that a 1539.i sendmail 1540process currently has the host locked for mail delivery. 1541.pp 1542The disk based connection information is treated the same way as memory based 1543connection information for the purpose of timeouts. 1544By default, information about host failures is valid for 30 minutes. 1545This can be adjusted with 1546the 1547.b Timeout.hoststatus 1548option. 1549.pp 1550The connection information stored on disk may be expired at any time 1551with the 1552.i purgestat 1553command or by invoking sendmail with the 1554.b \-bH 1555switch. 1556The connection information may be viewed with the 1557.i hoststat 1558command or by invoking sendmail with the 1559.b \-bh 1560switch. 1561.sh 2 "The Service Switch" 1562.pp 1563The implementation of certain system services 1564such as host and user name lookup 1565is controlled by the service switch. 1566If the host operating system supports such a switch, 1567and sendmail knows about it, 1568.i sendmail 1569will use the native version. 1570Ultrix, Solaris, and DEC OSF/1 are examples of such systems\. 1571.(f 1572\HP-UX 10 has service switch support, 1573but since the APIs are apparently not available in the libraries 1574.i sendmail 1575does not use the native service switch in this release. 1576.)f 1577.pp 1578If the underlying operating system does not support a service switch 1579(e.g., SunOS 4.X, HP-UX, BSD) 1580then 1581.i sendmail 1582will provide a stub implementation. 1583The 1584.b ServiceSwitchFile 1585option points to the name of a file that has the service definitions. 1586Each line has the name of a service 1587and the possible implementations of that service. 1588For example, the file: 1589.(b 1590hosts dns files nis 1591aliases files nis 1592.)b 1593will ask 1594.i sendmail 1595to look for hosts in the Domain Name System first. 1596If the requested host name is not found, it tries local files, 1597and if that fails it tries NIS. 1598Similarly, when looking for aliases 1599it will try the local files first followed by NIS. 1600.pp 1601Notice: since 1602.i sendmail 1603must access MX records for correct operation, it will use 1604DNS if it is configured in the 1605.b ServiceSwitchFile 1606file. 1607Hence an entry like 1608.(b 1609hosts files dns 1610.)b 1611will not avoid DNS lookups even if a host can be found 1612in /etc/hosts. 1613.pp 1614Service switches are not completely integrated. 1615For example, despite the fact that the host entry listed in the above example 1616specifies to look in NIS, 1617on SunOS this won't happen because the system implementation of 1618.i gethostbyname \\|(3) 1619doesn't understand this. 1620.sh 2 "The Alias Database" 1621.pp 1622After recipient addresses are read from the SMTP connection 1623or command line 1624they are parsed by ruleset 0, 1625which must resolve to a 1626{\c 1627.i mailer , 1628.i host , 1629.i address } 1630triple. 1631If the flags selected by the 1632.i mailer 1633include the 1634.b A 1635(aliasable) flag, 1636the 1637.i address 1638part of the triple is looked up as the key 1639(i.e., the left hand side) 1640in the alias database. 1641If there is a match, the address is deleted from the send queue 1642and all addresses on the right hand side of the alias 1643are added in place of the alias that was found. 1644This is a recursive operation, 1645so aliases found in the right hand side of the alias 1646are similarly expanded. 1647.pp 1648The alias database exists in two forms. 1649One is a text form, 1650maintained in the file 1651.i /etc/mail/aliases. 1652The aliases are of the form 1653.(b 1654name: name1, name2, ... 1655.)b 1656Only local names may be aliased; 1657e.g., 1658.(b 1659eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU 1660.)b 1661will not have the desired effect 1662(except on prep.ai.MIT.EDU, 1663and they probably don't want me)\. 1664.(f 1665\Actually, any mailer that has the `A' mailer flag set 1666will permit aliasing; 1667this is normally limited to the local mailer. 1668.)f 1669Aliases may be continued by starting any continuation lines 1670with a space or a tab or by putting a backslash directly before 1671the newline. 1672Blank lines and lines beginning with a sharp sign 1673(\c 1674.q # ) 1675are comments. 1676.pp 1677The second form is processed by the 1678.i ndbm \\|(3)\* 1679.(f 1680\*The 1681.i gdbm 1682package does not work. 1683.)f 1684or the Berkeley DB library. 1685This form is in the file 1686.i /etc/mail/aliases.db 1687(if using NEWDB) 1688or 1689.i /etc/mail/aliases.dir 1690and 1691.i /etc/mail/aliases.pag 1692(if using NDBM). 1693This is the form that 1694.i sendmail 1695actually uses to resolve aliases. 1696This technique is used to improve performance. 1697.pp 1698The control of search order is actually set by the service switch. 1699Essentially, the entry 1700.(b 1701O AliasFile=switch:aliases 1702.)b 1703is always added as the first alias entry; 1704also, the first alias file name without a class 1705(e.g., without 1706.q nis: 1707on the front) 1708will be used as the name of the file for a ``files'' entry 1709in the aliases switch. 1710For example, if the configuration file contains 1711.(b 1712O AliasFile=/etc/mail/aliases 1713.)b 1714and the service switch contains 1715.(b 1716aliases nis files nisplus 1717.)b 1718then aliases will first be searched in the NIS database, 1719then in /etc/mail/aliases, 1720then in the NIS+ database. 1721.pp 1722You can also use 1723.sm NIS -based 1724alias files. 1725For example, the specification: 1726.(b 1727O AliasFile=/etc/mail/aliases 1728O AliasFile=nis:mail.aliases@my.nis.domain 1729.)b 1730will first search the /etc/mail/aliases file 1731and then the map named 1732.q mail.aliases 1733in 1734.q my.nis.domain . 1735Warning: if you build your own 1736.sm NIS -based 1737alias files, 1738be sure to provide the 1739.b \-l 1740flag to 1741.i makedbm (8) 1742to map upper case letters in the keys to lower case; 1743otherwise, aliases with upper case letters in their names 1744won't match incoming addresses. 1745.pp 1746Additional flags can be added after the colon 1747exactly like a 1748.b K 1749line \(em for example: 1750.(b 1751O AliasFile=nis:\-N mail.aliases@my.nis.domain 1752.)b 1753will search the appropriate NIS map and always include null bytes in the key. 1754Also: 1755.(b 1756O AliasFile=nis:\-f mail.aliases@my.nis.domain 1757.)b 1758will prevent sendmail from downcasing the key before the alias lookup. 1759.sh 3 "Rebuilding the alias database" 1760.pp 1761The 1762.i hash 1763or 1764.i dbm 1765version of the database 1766may be rebuilt explicitly by executing the command 1767.(b 1768newaliases 1769.)b 1770This is equivalent to giving 1771.i sendmail 1772the 1773.b \-bi 1774flag: 1775.(b 1776/usr/\(SD/sendmail \-bi 1777.)b 1778.pp 1779If you have multiple aliases databases specified, 1780the 1781.b \-bi 1782flag rebuilds all the database types it understands 1783(for example, it can rebuild NDBM databases but not NIS databases). 1784.sh 3 "Potential problems" 1785.pp 1786There are a number of problems that can occur 1787with the alias database. 1788They all result from a 1789.i sendmail 1790process accessing the DBM version 1791while it is only partially built. 1792This can happen under two circumstances: 1793One process accesses the database 1794while another process is rebuilding it, 1795or the process rebuilding the database dies 1796(due to being killed or a system crash) 1797before completing the rebuild. 1798.pp 1799Sendmail has three techniques to try to relieve these problems. 1800First, it ignores interrupts while rebuilding the database; 1801this avoids the problem of someone aborting the process 1802leaving a partially rebuilt database. 1803Second, 1804it locks the database source file during the rebuild \(em 1805but that may not work over NFS or if the file is unwritable. 1806Third, 1807at the end of the rebuild 1808it adds an alias of the form 1809.(b 1810@: @ 1811.)b 1812(which is not normally legal). 1813Before 1814.i sendmail 1815will access the database, 1816it checks to insure that this entry exists\*. 1817.(f 1818\The 1819.b AliasWait 1820option is required in the configuration 1821for this action to occur. 1822This should normally be specified. 1823.)f 1824.sh 3 "List owners" 1825.pp 1826If an error occurs on sending to a certain address, 1827say 1828.q \fIx\fP , 1829.i sendmail 1830will look for an alias 1831of the form 1832.q owner-\fIx\fP 1833to receive the errors. 1834This is typically useful 1835for a mailing list 1836where the submitter of the list 1837has no control over the maintenance of the list itself; 1838in this case the list maintainer would be the owner of the list. 1839For example: 1840.(b 1841unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser, 1842* sam@matisse 1843owner-unix-wizards: unix-wizards-request 1844unix-wizards-request: eric@ucbarpa 1845.)b 1846would cause 1847.q eric@ucbarpa 1848to get the error that will occur 1849when someone sends to 1850unix-wizards 1851due to the inclusion of 1852.q nosuchuser 1853on the list. 1854.pp 1855List owners also cause the envelope sender address to be modified. 1856The contents of the owner alias are used if they point to a single user, 1857otherwise the name of the alias itself is used. 1858For this reason, and to obey Internet conventions, 1859the 1860.q owner- 1861address normally points at the 1862.q -request 1863address; this causes messages to go out with the typical Internet convention 1864of using ``\c 1865.i list -request'' 1866as the return address. 1867.sh 2 "User Information Database" 1868.pp 1869This option is deprecated, use virtusertable and genericstable instead 1870as explained in 1871.i cf/README . 1872If you have a version of 1873.i sendmail 1874with the user information database 1875compiled in, 1876and you have specified one or more databases using the 1877.b U 1878option, 1879the databases will be searched for a 1880.i user :maildrop 1881entry. 1882If found, the mail will be sent to the specified address. 1883.sh 2 "Per-User Forwarding (.forward Files)" 1884.pp 1885As an alternative to the alias database, 1886any user may put a file with the name 1887.q .forward 1888in his or her home directory. 1889If this file exists, 1890.i sendmail 1891redirects mail for that user 1892to the list of addresses listed in the .forward file. 1893Note that aliases are fully expanded before forward files are referenced. 1894For example, if the home directory for user 1895.q mckusick 1896has a .forward file with contents: 1897.(b 1898mckusick@ernie 1899kirk@calder 1900.)b 1901then any mail arriving for 1902.q mckusick 1903will be redirected to the specified accounts. 1904.pp 1905Actually, the configuration file defines a sequence of filenames to check. 1906By default, this is the user's .forward file, 1907but can be defined to be more generally using the 1908.b ForwardPath 1909option. 1910If you change this, 1911you will have to inform your user base of the change; 1912\&.forward is pretty well incorporated into the collective subconscious. 1913.sh 2 "Special Header Lines" 1914.pp 1915Several header lines have special interpretations 1916defined by the configuration file. 1917Others have interpretations built into 1918.i sendmail 1919that cannot be changed without changing the code. 1920These built-ins are described here. 1921.sh 3 "Errors-To:" 1922.pp 1923If errors occur anywhere during processing, 1924this header will cause error messages to go to 1925the listed addresses. 1926This is intended for mailing lists. 1927.pp 1928The Errors-To: header was created in the bad old days 1929when UUCP didn't understand the distinction between an envelope and a header; 1930this was a hack to provide what should now be passed 1931as the envelope sender address. 1932It should go away. 1933It is only used if the 1934.b UseErrorsTo 1935option is set. 1936.pp 1937The Errors-To: header is officially deprecated 1938and will go away in a future release. 1939.sh 3 "Apparently-To:" 1940.pp 1941RFC 822 requires at least one recipient field 1942(To:, Cc:, or Bcc: line) 1943in every message. 1944If a message comes in with no recipients listed in the message 1945then 1946.i sendmail 1947will adjust the header based on the 1948.q NoRecipientAction 1949option. 1950One of the possible actions is to add an 1951.q "Apparently-To:" 1952header line for any recipients it is aware of. 1953.pp 1954The Apparently-To: header is non-standard 1955and is both deprecated and strongly discouraged. 1956.sh 3 "Precedence" 1957.pp 1958The Precedence: header can be used as a crude control of message priority. 1959It tweaks the sort order in the queue 1960and can be configured to change the message timeout values. 1961The precedence of a message also controls how 1962delivery status notifications (DSNs) 1963are processed for that message. 1964.sh 2 "IDENT Protocol Support" 1965.pp 1966.i Sendmail 1967supports the IDENT protocol as defined in RFC 1413. 1968Note that the RFC states 1969a client should wait at least 30 seconds for a response. 1970The default Timeout.ident is 5 seconds 1971as many sites have adopted the practice of dropping IDENT queries. 1972This has lead to delays processing mail. 1973Although this enhances identification 1974of the author of an email message 1975by doing a ``call back'' to the originating system to include 1976the owner of a particular TCP connection 1977in the audit trail 1978it is in no sense perfect; 1979a determined forger can easily spoof the IDENT protocol. 1980The following description is excerpted from RFC 1413: 1981.ba +5 1982.lp 19836. Security Considerations 1984.lp 1985The information returned by this protocol is at most as trustworthy 1986as the host providing it OR the organization operating the host. For 1987example, a PC in an open lab has few if any controls on it to prevent 1988a user from having this protocol return any identifier the user 1989wants. Likewise, if the host has been compromised the information 1990returned may be completely erroneous and misleading. 1991.lp 1992The Identification Protocol is not intended as an authorization or 1993access control protocol. At best, it provides some additional 1994auditing information with respect to TCP connections. At worst, it 1995can provide misleading, incorrect, or maliciously incorrect 1996information. 1997.lp 1998The use of the information returned by this protocol for other than 1999auditing is strongly discouraged. Specifically, using Identification 2000Protocol information to make access control decisions - either as the 2001primary method (i.e., no other checks) or as an adjunct to other 2002methods may result in a weakening of normal host security. 2003.lp 2004An Identification server may reveal information about users, 2005entities, objects or processes which might normally be considered 2006private. An Identification server provides service which is a rough 2007analog of the CallerID services provided by some phone companies and 2008many of the same privacy considerations and arguments that apply to 2009the CallerID service apply to Identification. If you wouldn't run a 2010"finger" server due to privacy considerations you may not want to run 2011this protocol. 2012.ba 2013.lp 2014In some cases your system may not work properly with IDENT support 2015due to a bug in the TCP/IP implementation. 2016The symptoms will be that for some hosts 2017the SMTP connection will be closed 2018almost immediately. 2019If this is true or if you do not want to use IDENT, 2020you should set the IDENT timeout to zero; 2021this will disable the IDENT protocol. 2022.sh 1 "ARGUMENTS" 2023.pp 2024The complete list of arguments to 2025.i sendmail 2026is described in detail in Appendix A. 2027Some important arguments are described here. 2028.sh 2 "Queue Interval" 2029.pp 2030The amount of time between forking a process 2031to run through the queue is defined by the 2032.b \-q 2033flag. 2034If you run with delivery mode set to 2035.b i 2036or 2037.b b 2038this can be relatively large, since it will only be relevant 2039when a host that was down comes back up. 2040If you run in 2041.b q 2042mode it should be relatively short, 2043since it defines the maximum amount of time that a message 2044may sit in the queue. 2045(See also the MinQueueAge option.) 2046.pp 2047RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes 2048(although that probably doesn't make sense if you use ``queue-only'' mode). 2049.pp 2050Notice: the meaning of the interval time depends on whether normal 2051queue runners or persistent queue runners are used. 2052For the former, it is the time between subsequent starts of a queue run. 2053For the latter, it is the time sendmail waits after a persistent queue 2054runner has finished its work to start the next one. 2055Hence for persistent queue runners this interval should be very low, 2056typically no more than two minutes. 2057.sh 2 "Daemon Mode" 2058.pp 2059If you allow incoming mail over an IPC connection, 2060you should have a daemon running. 2061This should be set by your 2062.i /etc/rc 2063file using the 2064.b \-bd 2065flag. 2066The 2067.b \-bd 2068flag and the 2069.b \-q 2070flag may be combined in one call: 2071.(b 2072/usr/\(SD/sendmail \-bd \-q30m 2073.)b 2074.pp 2075An alternative approach is to invoke sendmail from 2076.i inetd (8) 2077(use the 2078.b \-bs \ \-Am 2079flags to ask sendmail to speak SMTP on its standard input and output 2080and to run as MTA). 2081This works and allows you to wrap 2082.i sendmail 2083in a TCP wrapper program, 2084but may be a bit slower since the configuration file 2085has to be re-read on every message that comes in. 2086If you do this, you still need to have a 2087.i sendmail 2088running to flush the queue: 2089.(b 2090/usr/\(SD/sendmail \-q30m 2091.)b 2092.sh 2 "Forcing the Queue" 2093.pp 2094In some cases you may find that the queue has gotten clogged for some reason. 2095You can force a queue run 2096using the 2097.b \-q 2098flag (with no value). 2099It is entertaining to use the 2100.b \-v 2101flag (verbose) 2102when this is done to watch what happens: 2103.(b 2104/usr/\(SD/sendmail \-q \-v 2105.)b 2106.pp 2107You can also limit the jobs to those with a particular queue identifier, 2108recipient, sender, quarantine reason, or queue group 2109using one of the queue modifiers. 2110For example, 2111.q \-qRberkeley 2112restricts the queue run to jobs that have the string 2113.q berkeley 2114somewhere in one of the recipient addresses. 2115Similarly, 2116.q \-qSstring 2117limits the run to particular senders, 2118.q \-qIstring 2119limits it to particular queue identifiers, and 2120.q \-qQstring 2121limits it to particular quarantined reasons and only operated on 2122quarantined queue items, and 2123.q \-qGstring 2124limits it to a particular queue group. 2125The named queue group will be run even if it is set to have 0 runners. 2126You may also place an 2127.b ! 2128before the 2129.b I 2130or 2131.b R 2132or 2133.b S 2134or 2135.b Q 2136to indicate that jobs are limited to not including a particular queue 2137identifier, recipient or sender. 2138For example, 2139.q \-q!Rseattle 2140limits the queue run to jobs that do not have the string 2141.q seattle 2142somewhere in one of the recipient addresses. 2143Should you need to terminate the queue jobs currently active then a SIGTERM 2144to the parent of the process (or processes) will cleanly stop the jobs. 2145.sh 2 "Debugging" 2146.pp 2147There are a fairly large number of debug flags 2148built into 2149.i sendmail . 2150Each debug flag has a category and a level. 2151Higher levels increase the level of debugging activity; 2152in most cases, this means to print out more information. 2153The convention is that levels greater than nine are 2154.q absurd, 2155i.e., 2156they print out so much information that you wouldn't normally 2157want to see them except for debugging that particular piece of code. 2158.pp 2159You should 2160.b never 2161run a production sendmail server in debug mode. 2162Many of the debug flags will result in debug output being sent over the 2163SMTP channel unless the option 2164.b \-D 2165is used. 2166This will confuse many mail programs. 2167However, for testing purposes, it can be useful 2168when sending mail manually via 2169telnet to the port you are using while debugging. 2170.pp 2171A debug category is either an integer, like 42, 2172or a name, like ANSI. 2173You can specify a range of numeric debug categories 2174using the syntax 17-42. 2175You can specify a set of named debug categories using 2176a glob pattern like 2177.q sm_trace_ . 2178At present, only 2179.q * 2180and 2181.q ? 2182are supported in these glob patterns. 2183.pp 2184Debug flags are set using the 2185.b \-d 2186option; 2187the syntax is: 2188.(b 2189.ta \w'debug-categories:M 'u 2190debug-flag: \fB\-d\fP debug-list 2191debug-list: debug-option [ , debug-option ]* 2192debug-option: debug-categories [ . debug-level ] 2193debug-categories: integer \| integer \- integer \| category-pattern 2194category-pattern: [a-zA-Z_?][a-zA-Z0-9_?]* 2195debug-level: integer 2196.)b 2197where spaces are for reading ease only. 2198For example, 2199.(b 2200\-d12 Set category 12 to level 1 2201\-d12.3 Set category 12 to level 3 2202\-d3\-17 Set categories 3 through 17 to level 1 2203\-d3\-17.4 Set categories 3 through 17 to level 4 2204\-dANSI Set category ANSI to level 1 2205\-dsm_trace_.3 Set all named categories matching sm_trace_ to level 3 2206.)b 2207For a complete list of the available debug flags 2208you will have to look at the code 2209and the 2210.i TRACEFLAGS 2211file in the sendmail distribution 2212(they are too dynamic to keep this document up to date). 2213For a list of named debug categories in the sendmail binary, use 2214.(b 2215ident /usr/sbin/sendmail \| grep Debug 2216.)b 2217.sh 2 "Changing the Values of Options" 2218.pp 2219Options can be overridden using the 2220.b \-o 2221or 2222.b \-O 2223command line flags. 2224For example, 2225.(b 2226/usr/\(SD/sendmail \-oT2m 2227.)b 2228sets the 2229.b T 2230(timeout) option to two minutes 2231for this run only; 2232the equivalent line using the long option name is 2233.(b 2234/usr/\(SD/sendmail -OTimeout.queuereturn=2m 2235.)b 2236.pp 2237Some options have security implications. 2238Sendmail allows you to set these, 2239but relinquishes its set-user-ID or set-group-ID permissions thereafter\*. 2240.(f 2241\That is, it sets its effective uid to the real uid; 2242thus, if you are executing as root, 2243as from root's crontab file or during system startup 2244the root permissions will still be honored. 2245.)f 2246.sh 2 "Trying a Different Configuration File" 2247.pp 2248An alternative configuration file 2249can be specified using the 2250.b \-C 2251flag; for example, 2252.(b 2253/usr/\(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue 2254.)b 2255uses the configuration file 2256.i test.cf 2257instead of the default 2258.i /etc/mail/sendmail.cf. 2259If the 2260.b \-C 2261flag has no value 2262it defaults to 2263.i sendmail.cf 2264in the current directory. 2265.pp 2266.i Sendmail 2267gives up set-user-ID root permissions 2268(if it has been installed set-user-ID root) 2269when you use this flag, so it is common to use a publicly writable directory 2270(such as /tmp) 2271as the queue directory (QueueDirectory or Q option) while testing. 2272.sh 2 "Logging Traffic" 2273.pp 2274Many SMTP implementations do not fully implement the protocol. 2275For example, some personal computer based SMTPs 2276do not understand continuation lines in reply codes. 2277These can be very hard to trace. 2278If you suspect such a problem, you can set traffic logging using the 2279.b \-X 2280flag. 2281For example, 2282.(b 2283/usr/\(SD/sendmail \-X /tmp/traffic \-bd 2284.)b 2285will log all traffic in the file 2286.i /tmp/traffic . 2287.pp 2288This logs a lot of data very quickly and should 2289.b NEVER 2290be used 2291during normal operations. 2292After starting up such a daemon, 2293force the errant implementation to send a message to your host. 2294All message traffic in and out of 2295.i sendmail , 2296including the incoming SMTP traffic, 2297will be logged in this file. 2298.sh 2 "Testing Configuration Files" 2299.pp 2300When you build a configuration table, 2301you can do a certain amount of testing 2302using the 2303.q "test mode" 2304of 2305.i sendmail . 2306For example, 2307you could invoke 2308.i sendmail 2309as: 2310.(b 2311sendmail \-bt \-Ctest.cf 2312.)b 2313which would read the configuration file 2314.q test.cf 2315and enter test mode. 2316In this mode, 2317you enter lines of the form: 2318.(b 2319rwset address 2320.)b 2321where 2322.i rwset 2323is the rewriting set you want to use 2324and 2325.i address 2326is an address to apply the set to. 2327Test mode shows you the steps it takes 2328as it proceeds, 2329finally showing you the address it ends up with. 2330You may use a comma separated list of rwsets 2331for sequential application of rules to an input. 2332For example: 2333.(b 23343,1,21,4 monet:bollard 2335.)b 2336first applies ruleset three to the input 2337.q monet:bollard. 2338Ruleset one is then applied to the output of ruleset three, 2339followed similarly by rulesets twenty-one and four. 2340.pp 2341If you need more detail, 2342you can also use the 2343.q \-d21 2344flag to turn on more debugging. 2345For example, 2346.(b 2347sendmail \-bt \-d21.99 2348.)b 2349turns on an incredible amount of information; 2350a single word address 2351is probably going to print out several pages worth of information. 2352.pp 2353You should be warned that internally, 2354.i sendmail 2355applies ruleset 3 to all addresses. 2356In test mode 2357you will have to do that manually. 2358For example, older versions allowed you to use 2359.(b 23600 bruce@broadcast.sony.com 2361.)b 2362This version requires that you use: 2363.(b 23643,0 bruce@broadcast.sony.com 2365.)b 2366.pp 2367As of version 8.7, 2368some other syntaxes are available in test mode: 2369.nr ii 1i 2370.ip \&.D\\|x\\|value 2371defines macro 2372.i x 2373to have the indicated 2374.i value . 2375This is useful when debugging rules that use the 2376.b $& \c 2377.i x 2378syntax. 2379.ip \&.C\\|c\\|value 2380adds the indicated 2381.i value 2382to class 2383.i c . 2384.ip \&=S\\|ruleset 2385dumps the contents of the indicated ruleset. 2386.ip \-d\\|debug-spec 2387is equivalent to the command-line flag. 2388.lp 2389Version 8.9 introduced more features: 2390.nr ii 1i 2391.ip ? 2392shows a help message. 2393.ip =M 2394display the known mailers. 2395.ip $m 2396print the value of macro m. 2397.ip $=c 2398print the contents of class c. 2399.ip /mx\ host 2400returns the MX records for `host'. 2401.ip /parse\ address 2402parse address, returning the value of 2403.i crackaddr , 2404and the parsed address. 2405.ip /try\ mailer\ addr 2406rewrite address into the form it will have when 2407presented to the indicated mailer. 2408.ip /tryflags\ flags 2409set flags used by parsing. The flags can be `H' for 2410Header or `E' for Envelope, and `S' for Sender or `R' 2411for Recipient. These can be combined, `HR' sets 2412flags for header recipients. 2413.ip /canon\ hostname 2414try to canonify hostname. 2415.ip /map\ mapname\ key 2416look up `key' in the indicated `mapname'. 2417.ip /quit 2418quit address test mode. 2419.lp 2420.sh 2 "Persistent Host Status Information" 2421.pp 2422When 2423.b HostStatusDirectory 2424is enabled, 2425information about the status of hosts is maintained on disk 2426and can thus be shared between different instantiations of 2427.i sendmail . 2428The status of the last connection with each remote host 2429may be viewed with the command: 2430.(b 2431sendmail \-bh 2432.)b 2433This information may be flushed with the command: 2434.(b 2435sendmail \-bH 2436.)b 2437Flushing the information prevents new 2438.i sendmail 2439processes from loading it, 2440but does not prevent existing processes from using the status information 2441that they already have. 2442.sh 1 "TUNING" 2443.pp 2444There are a number of configuration parameters 2445you may want to change, 2446depending on the requirements of your site. 2447Most of these are set 2448using an option in the configuration file. 2449For example, 2450the line 2451.q "O Timeout.queuereturn=5d" 2452sets option 2453.q Timeout.queuereturn 2454to the value 2455.q 5d 2456(five days). 2457.pp 2458Most of these options have appropriate defaults for most sites. 2459However, 2460sites having very high mail loads may find they need to tune them 2461as appropriate for their mail load. 2462In particular, 2463sites experiencing a large number of small messages, 2464many of which are delivered to many recipients, 2465may find that they need to adjust the parameters 2466dealing with queue priorities. 2467.pp 2468All versions of 2469.i sendmail 2470prior to 8.7 2471had single character option names. 2472As of 8.7, 2473options have long (multi-character names). 2474Although old short names are still accepted, 2475most new options do not have short equivalents. 2476.pp 2477This section only describes the options you are most likely 2478to want to tweak; 2479read section 2480.\"XREF 24815 2482for more details. 2483.sh 2 "Timeouts" 2484.pp 2485All time intervals are set 2486using a scaled syntax. 2487For example, 2488.q 10m 2489represents ten minutes, whereas 2490.q 2h30m 2491represents two and a half hours. 2492The full set of scales is: 2493.(b 2494.ta 4n 2495s seconds 2496m minutes 2497h hours 2498d days 2499w weeks 2500.)b 2501.sh 3 "Queue interval" 2502.pp 2503The argument to the 2504.b \-q 2505flag specifies how often a sub-daemon will run the queue. 2506This is typically set to between fifteen minutes and one hour. 2507If not set, or set to zero, 2508the queue will not be run automatically. 2509RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes. 2510Should you need to terminate the queue jobs currently active then a SIGTERM 2511to the parent of the process (or processes) will cleanly stop the jobs. 2512.sh 3 "Read timeouts" 2513.pp 2514Timeouts all have option names 2515.q Timeout.\fIsuboption\fP . 2516Most of these control SMTP operations. 2517The recognized 2518.i suboption s, 2519their default values, and the minimum values 2520allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are: 2521.nr ii 1i 2522.ip connect 2523The time to wait for an SMTP connection to open 2524(the 2525.i connect (2) 2526system call) 2527[0, unspecified]. 2528If zero, uses the kernel default. 2529In no case can this option extend the timeout 2530longer than the kernel provides, but it can shorten it. 2531This is to get around kernels that provide an absurdly long connection timeout 2532(90 minutes in one case). 2533.ip iconnect 2534The same as 2535.i connect, 2536except it applies only to the initial attempt to connect to a host 2537for a given message 2538[0, unspecified]. 2539The concept is that this should be very short (a few seconds); 2540hosts that are well connected and responsive will thus be serviced immediately. 2541Hosts that are slow will not hold up other deliveries in the initial 2542delivery attempt. 2543.ip aconnect 2544[0, unspecified] 2545The overall timeout waiting for all connection for a single delivery 2546attempt to succeed. 2547If 0, no overall limit is applied. 2548This can be used to restrict the total amount of time trying to connect to 2549a long list of host that could accept an e-mail for the recipient. 2550This timeout does not apply to 2551.b FallbackMXhost , 2552i.e., if the time is exhausted, the 2553.b FallbackMXhost 2554is tried next. 2555.ip initial 2556The wait for the initial 220 greeting message 2557[5m, 5m]. 2558.ip helo 2559The wait for a reply from a HELO or EHLO command 2560[5m, unspecified]. 2561This may require a host name lookup, so 2562five minutes is probably a reasonable minimum. 2563.ip mail\(dg 2564The wait for a reply from a MAIL command 2565[10m, 5m]. 2566.ip rcpt\(dg 2567The wait for a reply from a RCPT command 2568[1h, 5m]. 2569This should be long 2570because it could be pointing at a list 2571that takes a long time to expand 2572(see below). 2573.ip datainit\(dg 2574The wait for a reply from a DATA command 2575[5m, 2m]. 2576.ip datablock\(dg\(dd 2577The wait for reading a data block 2578(that is, the body of the message). 2579[1h, 3m]. 2580This should be long because it also applies to programs 2581piping input to 2582.i sendmail 2583which have no guarantee of promptness. 2584.ip datafinal\(dg 2585The wait for a reply from the dot terminating a message. 2586[1h, 10m]. 2587If this is shorter than the time actually needed 2588for the receiver to deliver the message, 2589duplicates will be generated. 2590This is discussed in RFC 1047. 2591.ip rset 2592The wait for a reply from a RSET command 2593[5m, unspecified]. 2594.ip quit 2595The wait for a reply from a QUIT command 2596[2m, unspecified]. 2597.ip misc 2598The wait for a reply from miscellaneous (but short) commands 2599such as NOOP (no-operation) and VERB (go into verbose mode). 2600[2m, unspecified]. 2601.ip command\(dg\(dd 2602In server SMTP, 2603the time to wait for another command. 2604[1h, 5m]. 2605.ip ident\(dd 2606The timeout waiting for a reply to an IDENT query 2607[5s\, unspecified]. 2608.(f 2609\On some systems the default is zero to turn the protocol off entirely. 2610.)f 2611.ip lhlo 2612The wait for a reply to an LMTP LHLO command 2613[2m, unspecified]. 2614.ip auth 2615The timeout for a reply in an SMTP AUTH dialogue 2616[10m, unspecified]. 2617.ip starttls 2618The timeout for a reply to an SMTP STARTTLS command and the TLS handshake 2619[1h, unspecified]. 2620.ip fileopen\(dd 2621The timeout for opening .forward and :include: files [60s, none]. 2622.ip control\(dd 2623The timeout for a complete control socket transaction to complete [2m, none]. 2624.ip hoststatus\(dd 2625How long status information about a host 2626(e.g., host down) 2627will be cached before it is considered stale 2628[30m, unspecified]. 2629.ip resolver.retrans\(dd 2630The resolver's 2631retransmission time interval 2632(in seconds) 2633[varies]. 2634Sets both 2635.i Timeout.resolver.retrans.first 2636and 2637.i Timeout.resolver.retrans.normal . 2638.ip resolver.retrans.first\(dd 2639The resolver's 2640retransmission time interval 2641(in seconds) 2642for the first attempt to 2643deliver a message 2644[varies]. 2645.ip resolver.retrans.normal\(dd 2646The resolver's 2647retransmission time interval 2648(in seconds) 2649for all resolver lookups 2650except the first delivery attempt 2651[varies]. 2652.ip resolver.retry\(dd 2653The number of times 2654to retransmit a resolver query. 2655Sets both 2656.i Timeout.resolver.retry.first 2657and 2658.i Timeout.resolver.retry.normal 2659[varies]. 2660.ip resolver.retry.first\(dd 2661The number of times 2662to retransmit a resolver query 2663for the first attempt 2664to deliver a message 2665[varies]. 2666.ip resolver.retry.normal\(dd 2667The number of times 2668to retransmit a resolver query 2669for all resolver lookups 2670* except the first delivery attempt 2671[varies]. 2672.lp 2673For compatibility with old configuration files, 2674if no 2675.i suboption 2676is specified, 2677all the timeouts marked with 2678.DG 2679(\(dg) are set to the indicated value. 2680All but those marked with 2681.DD 2682(\(dd) apply to client SMTP. 2683.pp 2684For example, the lines: 2685.(b 2686O Timeout.command=25m 2687O Timeout.datablock=3h 2688.)b 2689sets the server SMTP command timeout to 25 minutes 2690and the input data block timeout to three hours. 2691.sh 3 "Message timeouts" 2692.pp 2693After sitting in the queue for a few days, 2694an undeliverable message will time out. 2695This is to insure that at least the sender is aware 2696of the inability to send a message. 2697The timeout is typically set to five days. 2698It is sometimes considered convenient to also send a warning message 2699if the message is in the queue longer than a few hours 2700(assuming you normally have good connectivity; 2701if your messages normally took several hours to send 2702you wouldn't want to do this because it wouldn't be an unusual event). 2703These timeouts are set using the 2704.b Timeout.queuereturn 2705and 2706.b Timeout.queuewarn 2707options in the configuration file 2708(previously both were set using the 2709.b T 2710option). 2711.pp 2712If the message is submitted using the 2713.sm NOTIFY 2714.sm SMTP 2715extension, 2716warning messages will only be sent if 2717.sm NOTIFY=DELAY 2718is specified. 2719The queuereturn and queuewarn timeouts 2720can be further qualified with a tag based on the Precedence: field 2721in the message; 2722they must be one of 2723.q urgent 2724(indicating a positive non-zero precedence), 2725.q normal 2726(indicating a zero precedence), or 2727.q non-urgent 2728(indicating negative precedences). 2729For example, setting 2730.q Timeout.queuewarn.urgent=1h 2731sets the warning timeout for urgent messages only 2732to one hour. 2733The default if no precedence is indicated 2734is to set the timeout for all precedences. 2735If the message has a normal (default) precedence 2736and it is a delivery status notification (DSN), 2737.b Timeout.queuereturn.dsn 2738and 2739.b Timeout.queuewarn.dsn 2740can be used to give an alternative warn and return time 2741for DSNs. 2742The value "now" can be used for 2743-O Timeout.queuereturn 2744to return entries immediately during a queue run, 2745e.g., to bounce messages independent of their time in the queue. 2746.pp 2747Since these options are global, 2748and since you cannot know 2749.i "a priori" 2750how long another host outside your domain will be down, 2751a five day timeout is recommended. 2752This allows a recipient to fix the problem even if it occurs 2753at the beginning of a long weekend. 2754RFC 1123 section 5.3.1.1 says that this parameter 2755should be ``at least 4\-5 days''. 2756.pp 2757The 2758.b Timeout.queuewarn 2759value can be piggybacked on the 2760.b T 2761option by indicating a time after which 2762a warning message should be sent; 2763the two timeouts are separated by a slash. 2764For example, the line 2765.(b 2766OT5d/4h 2767.)b 2768causes email to fail after five days, 2769but a warning message will be sent after four hours. 2770This should be large enough that the message will have been tried 2771several times. 2772.sh 2 "Forking During Queue Runs" 2773.pp 2774By setting the 2775.b ForkEachJob 2776(\c 2777.b Y ) 2778option, 2779.i sendmail 2780will fork before each individual message 2781while running the queue. 2782This option was used with earlier releases to prevent 2783.i sendmail 2784from consuming large amounts of memory. 2785It should no longer be necessary with 2786.i sendmail 27878.12. 2788If the 2789.b ForkEachJob 2790option is not set, 2791.i sendmail 2792will keep track of hosts that are down during a queue run, 2793which can improve performance dramatically. 2794.pp 2795If the 2796.b ForkEachJob 2797option is set, 2798.i sendmail 2799cannot use connection caching. 2800.sh 2 "Queue Priorities" 2801.pp 2802Every message is assigned a priority when it is first instantiated, 2803consisting of the message size (in bytes) 2804offset by the message class 2805(which is determined from the Precedence: header) 2806times the 2807.q "work class factor" 2808and the number of recipients times the 2809.q "work recipient factor." 2810The priority is used to order the queue. 2811Higher numbers for the priority mean that the message will be processed later 2812when running the queue. 2813.pp 2814The message size is included so that large messages are penalized 2815relative to small messages. 2816The message class allows users to send 2817.q "high priority" 2818messages by including a 2819.q Precedence: 2820field in their message; 2821the value of this field is looked up in the 2822.b P 2823lines of the configuration file. 2824Since the number of recipients affects the amount of load a message presents 2825to the system, 2826this is also included into the priority. 2827.pp 2828The recipient and class factors 2829can be set in the configuration file using the 2830.b RecipientFactor 2831(\c 2832.b y ) 2833and 2834.b ClassFactor 2835(\c 2836.b z ) 2837options respectively. 2838They default to 30000 (for the recipient factor) 2839and 1800 2840(for the class factor). 2841The initial priority is: 2842.EQ 2843pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor) 2844.EN 2845(Remember, higher values for this parameter actually mean 2846that the job will be treated with lower priority.) 2847.pp 2848The priority of a job can also be adjusted each time it is processed 2849(that is, each time an attempt is made to deliver it) 2850using the 2851.q "work time factor," 2852set by the 2853.b RetryFactor 2854(\c 2855.b Z ) 2856option. 2857This is added to the priority, 2858so it normally decreases the precedence of the job, 2859on the grounds that jobs that have failed many times 2860will tend to fail again in the future. 2861The 2862.b RetryFactor 2863option defaults to 90000. 2864.sh 2 "Load Limiting" 2865.pp 2866.i Sendmail 2867can be asked to queue (but not deliver) mail 2868if the system load average gets too high using the 2869.b QueueLA 2870(\c 2871.b x ) 2872option. 2873When the load average exceeds the value of the 2874.b QueueLA 2875option, the delivery mode is set to 2876.b q 2877(queue only) if the 2878.b QueueFactor 2879(\c 2880.b q ) 2881option divided by the difference in the current load average and the 2882.b QueueLA 2883option plus one 2884is less than the priority of the message \(em 2885that is, the message is queued iff: 2886.EQ 2887pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 } 2888.EN 2889The 2890.b QueueFactor 2891option defaults to 600000, 2892so each point of load average is worth 600000 priority points 2893(as described above). 2894.pp 2895For drastic cases, the 2896.b RefuseLA 2897(\c 2898.b X ) 2899option defines a load average at which 2900.i sendmail 2901will refuse to accept network connections. 2902Locally generated mail, i.e., mail which is not submitted via SMTP 2903(including incoming UUCP mail), 2904is still accepted. 2905Notice that the MSP submits mail to the MTA via SMTP, and hence 2906mail will be queued in the client queue in such a case. 2907Therefore it is necessary to run the client mail queue periodically. 2908.sh 2 "Resource Limits" 2909.pp 2910.i Sendmail 2911has several parameters to control resource usage. 2912Besides those mentionted in the previous section, there are at least 2913.b MaxDaemonChildren , 2914.b ConnectionRateThrottle , 2915.b MaxQueueChildren , 2916and 2917.b MaxRunnersPerQueue . 2918The latter two limit the number of 2919.i sendmail 2920processes that operate on the queue. 2921These are discussed in the section 2922``Queue Group Declaration''. 2923The former two can be used to limit the number of incoming connections. 2924Their appropriate values depend on the host operating system and 2925the hardware, e.g., amount of memory. 2926In many situations it might be useful to set limits to prevent 2927to have too many 2928.i sendmail 2929processes, however, these limits can be abused to mount a 2930denial of service attack. 2931For example, if 2932.b MaxDaemonChildren=10 2933then an attacker needs to open only 10 SMTP sessions to the server, 2934leave them idle for most of the time, 2935and no more connections will be accepted. 2936If this option is set then the timeouts used in a SMTP session 2937should be lowered from their default values to 2938their minimum values as specified in RFC 2821 and listed in 2939section 2940.\"XREF 29414.1.2. 2942.sh 2 "Measures against Denial of Service Attacks" 2943.pp 2944.i Sendmail 2945has some built-in measures against simple denial of service (DoS) attacks. 2946The SMTP server by default slows down if too many bad commands are 2947issued or if some commands are repeated too often within a session. 2948Details can be found in the source file 2949.b sendmail/srvrsmtp.c 2950by looking for the macro definitions of 2951.b MAXBADCOMMANDS , 2952.b MAXNOOPCOMMANDS , 2953.b MAXHELOCOMMANDS , 2954.b MAXVRFYCOMMANDS , 2955and 2956.b MAXETRNCOMMANDS . 2957If an SMTP command is issued more often than the corresponding 2958.b MAXcmdCOMMANDS 2959value, then the response is delayed exponentially, 2960starting with a sleep time of one second, 2961up to a maximum of four minutes (as defined by 2962.b MAXTIMEOUT ). 2963If the option 2964.b MaxDaemonChildren 2965is set to a value greater than zero, 2966then this could make a DoS attack even worse since it 2967keeps a connection open longer than necessary. 2968Therefore a connection is terminated with a 421 SMTP reply code 2969if the number of commands exceeds the limit by a factor of two and 2970.b MAXBADCOMMANDS 2971is set to a value greater than zero (the default is 25). 2972.sh 2 "Delivery Mode" 2973.pp 2974There are a number of delivery modes that 2975.i sendmail 2976can operate in, 2977set by the 2978.b DeliveryMode 2979(\c 2980.b d ) 2981configuration option. 2982These modes 2983specify how quickly mail will be delivered. 2984Legal modes are: 2985.(b 2986.ta 4n 2987i deliver interactively (synchronously) 2988b deliver in background (asynchronously) 2989q queue only (don't deliver) 2990d defer delivery attempts (don't deliver) 2991.)b 2992There are tradeoffs. 2993Mode 2994.q i 2995gives the sender the quickest feedback, 2996but may slow down some mailers and 2997is hardly ever necessary. 2998Mode 2999.q b 3000delivers promptly but 3001can cause large numbers of processes 3002if you have a mailer that takes a long time to deliver a message. 3003Mode 3004.q q 3005minimizes the load on your machine, 3006but means that delivery may be delayed for up to the queue interval. 3007Mode 3008.q d 3009is identical to mode 3010.q q 3011except that it also prevents lookups in maps including the 3012.b -D 3013flag from working during the initial queue phase; 3014it is intended for ``dial on demand'' sites where DNS lookups 3015might cost real money. 3016Some simple error messages 3017(e.g., host unknown during the SMTP protocol) 3018will be delayed using this mode. 3019Mode 3020.q b 3021is the usual default. 3022.pp 3023If you run in mode 3024.q q 3025(queue only), 3026.q d 3027(defer), 3028or 3029.q b 3030(deliver in background) 3031.i sendmail 3032will not expand aliases and follow .forward files 3033upon initial receipt of the mail. 3034This speeds up the response to RCPT commands. 3035Mode 3036.q i 3037should not be used by the SMTP server. 3038.sh 2 "Log Level" 3039.pp 3040The level of logging can be set for 3041.i sendmail . 3042The default using a standard configuration table is level 9. 3043The levels are as follows: 3044.nr ii 0.5i 3045.ip 0 3046Minimal logging. 3047.ip 1 3048Serious system failures and potential security problems. 3049.ip 2 3050Lost communications (network problems) and protocol failures. 3051.ip 3 3052Other serious failures, malformed addresses, transient forward/include 3053errors, connection timeouts. 3054.ip 4 3055Minor failures, out of date alias databases, connection rejections 3056via check_ rulesets. 3057.ip 5 3058Message collection statistics. 3059.ip 6 3060Creation of error messages, 3061VRFY and EXPN commands. 3062.ip 7 3063Delivery failures (host or user unknown, etc.). 3064.ip 8 3065Successful deliveries and alias database rebuilds. 3066.ip 9 3067Messages being deferred 3068(due to a host being down, etc.). 3069.ip 10 3070Database expansion (alias, forward, and userdb lookups) 3071and authentication information. 3072.ip 11 3073NIS errors and end of job processing. 3074.ip 12 3075Logs all SMTP connections. 3076.ip 13 3077Log bad user shells, files with improper permissions, and other 3078questionable situations. 3079.ip 14 3080Logs refused connections. 3081.ip 15 3082Log all incoming and outgoing SMTP commands. 3083.ip 20 3084Logs attempts to run locked queue files. 3085These are not errors, 3086but can be useful to note if your queue appears to be clogged. 3087.ip 30 3088Lost locks (only if using lockf instead of flock). 3089.lp 3090Additionally, 3091values above 64 are reserved for extremely verbose debugging output. 3092No normal site would ever set these. 3093.sh 2 "File Modes" 3094.pp 3095The modes used for files depend on what functionality you want 3096and the level of security you require. 3097In many cases 3098.i sendmail 3099does careful checking of the modes 3100of files and directories 3101to avoid accidental compromise; 3102if you want to make it possible to have group-writable support files 3103you may need to use the 3104.b DontBlameSendmail 3105option to turn off some of these checks. 3106.sh 3 "To suid or not to suid?" 3107.pp 3108.i Sendmail 3109is no longer installed 3110set-user-ID to root. 3111sendmail/SECURITY 3112explains how to configure and install 3113.i sendmail 3114without set-user-ID to root but set-group-ID 3115which is the default configuration starting with 8.12. 3116.pp 3117The daemon usually runs as root, unless other measures are taken. 3118At the point where 3119.i sendmail 3120is about to 3121.i exec \\|(2) 3122a mailer, 3123it checks to see if the userid is zero (root); 3124if so, 3125it resets the userid and groupid to a default 3126(set by the 3127.b U= 3128equate in the mailer line; 3129if that is not set, the 3130.b DefaultUser 3131option is used). 3132This can be overridden 3133by setting the 3134.b S 3135flag to the mailer 3136for mailers that are trusted 3137and must be called as root. 3138However, 3139this will cause mail processing 3140to be accounted 3141(using 3142.i sa \\|(8)) 3143to root 3144rather than to the user sending the mail. 3145.pp 3146A middle ground is to set the 3147.b RunAsUser 3148option. 3149This causes 3150.i sendmail 3151to become the indicated user as soon as it has done the startup 3152that requires root privileges 3153(primarily, opening the 3154.sm SMTP 3155socket). 3156If you use 3157.b RunAsUser , 3158the queue directory 3159(normally 3160.i /var/spool/mqueue ) 3161should be owned by that user, 3162and all files and databases 3163(including user 3164.i \&.forward 3165files, 3166alias files, 3167:include: files, 3168and external databases) 3169must be readable by that user. 3170Also, since sendmail will not be able to change its uid, 3171delivery to programs or files will be marked as unsafe, 3172e.g., undeliverable, 3173in 3174.i \&.forward , 3175aliases, 3176and :include: files. 3177Administrators can override this by setting the 3178.b DontBlameSendmail 3179option to the setting 3180.b NonRootSafeAddr . 3181.b RunAsUser 3182is probably best suited for firewall configurations 3183that don't have regular user logins. 3184If the option is used on a system which performs local delivery, 3185then the local delivery agent must have the proper permissions 3186(i.e., usually set-user-ID root) 3187since it will be invoked by the 3188.b RunAsUser , 3189not by root. 3190.sh 3 "Turning off security checks" 3191.pp 3192.i Sendmail 3193is very particular about the modes of files that it reads or writes. 3194For example, by default it will refuse to read most files 3195that are group writable 3196on the grounds that they might have been tampered with 3197by someone other than the owner; 3198it will even refuse to read files in group writable directories. 3199Also, sendmail will refuse to create a new aliases database in an 3200unsafe directory. You can get around this by manually creating the 3201database file as a trusted user ahead of time and then rebuilding the 3202aliases database with 3203.b newaliases . 3204.pp 3205If you are 3206.i quite 3207sure that your configuration is safe and you want 3208.i sendmail 3209to avoid these security checks, 3210you can turn off certain checks using the 3211.b DontBlameSendmail 3212option. 3213This option takes one or more names that disable checks. 3214In the descriptions that follow, 3215.q "unsafe directory" 3216means a directory that is writable by anyone other than the owner. 3217The values are: 3218.nr ii 0.5i 3219.ip Safe 3220No special handling. 3221.ip AssumeSafeChown 3222Assume that the 3223.i chown 3224system call is restricted to root. 3225Since some versions of UNIX permit regular users 3226to give away their files to other users on some filesystems, 3227.i sendmail 3228often cannot assume that a given file was created by the owner, 3229particularly when it is in a writable directory. 3230You can set this flag if you know that file giveaway is restricted 3231on your system. 3232.ip ClassFileInUnsafeDirPath 3233When reading class files (using the 3234.b F 3235line in the configuration file), 3236allow files that are in unsafe directories. 3237.ip DontWarnForwardFileInUnsafeDirPath 3238Prevent logging of 3239unsafe directory path warnings 3240for non-existent forward files. 3241.ip ErrorHeaderInUnsafeDirPath 3242Allow the file named in the 3243.b ErrorHeader 3244option to be in an unsafe directory. 3245.ip FileDeliveryToHardLink 3246Allow delivery to files that are hard links. 3247.ip FileDeliveryToSymLink 3248Allow delivery to files that are symbolic links. 3249.ip ForwardFileInGroupWritableDirPath 3250Allow 3251.i \&.forward 3252files in group writable directories. 3253.ip ForwardFileInUnsafeDirPath 3254Allow 3255.i \&.forward 3256files in unsafe directories. 3257.ip ForwardFileInUnsafeDirPathSafe 3258Allow a 3259.i \&.forward 3260file that is in an unsafe directory to include references 3261to program and files. 3262.ip GroupReadableKeyFile 3263Accept a group-readable key file for STARTTLS. 3264.ip GroupReadableSASLDBFile 3265Accept a group-readable Cyrus SASL password file. 3266.ip GroupWritableAliasFile 3267Allow group-writable alias files. 3268.ip GroupWritableDirPathSafe 3269Change the definition of 3270.q "unsafe directory" 3271to consider group-writable directories to be safe. 3272World-writable directories are always unsafe. 3273.ip GroupWritableForwardFile 3274Allow group writable 3275.i \&.forward 3276files. 3277.ip GroupWritableForwardFileSafe 3278Accept group-writable 3279.i \&.forward 3280files as safe for program and file delivery. 3281.ip GroupWritableIncludeFile 3282Allow group wriable 3283.i :include: 3284files. 3285.ip GroupWritableIncludeFileSafe 3286Accept group-writable 3287.i :include: 3288files as safe for program and file delivery. 3289.ip GroupWritableSASLDBFile 3290Accept a group-writable Cyrus SASL password file. 3291.ip HelpFileInUnsafeDirPath 3292Allow the file named in the 3293.b HelpFile 3294option to be in an unsafe directory. 3295.ip IncludeFileInGroupWritableDirPath 3296Allow 3297.i :include: 3298files in group writable directories. 3299.ip IncludeFileInUnsafeDirPath 3300Allow 3301.i :include: 3302files in unsafe directories. 3303.ip IncludeFileInUnsafeDirPathSafe 3304Allow a 3305.i :include: 3306file that is in an unsafe directory to include references 3307to program and files. 3308.ip InsufficientEntropy 3309Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded 3310despite the security problems. 3311.ip LinkedAliasFileInWritableDir 3312Allow an alias file that is a link in a writable directory. 3313.ip LinkedClassFileInWritableDir 3314Allow class files that are links in writable directories. 3315.ip LinkedForwardFileInWritableDir 3316Allow 3317.i \&.forward 3318files that are links in writable directories. 3319.ip LinkedIncludeFileInWritableDir 3320Allow 3321.i :include: 3322files that are links in writable directories. 3323.ip LinkedMapInWritableDir 3324Allow map files that are links in writable directories. 3325This includes alias database files. 3326.ip LinkedServiceSwitchFileInWritableDir 3327Allow the service switch file to be a link 3328even if the directory is writable. 3329.ip MapInUnsafeDirPath 3330Allow maps (e.g., 3331.i hash , 3332.i btree , 3333and 3334.i dbm 3335files) 3336in unsafe directories. 3337This includes alias database files. 3338.ip NonRootSafeAddr 3339Do not mark file and program deliveries as unsafe 3340if sendmail is not running with root privileges. 3341.ip RunProgramInUnsafeDirPath 3342Run programs that are in writable directories without logging a warning. 3343.ip RunWritableProgram 3344Run programs that are group- or world-writable without logging a warning. 3345.ip TrustStickyBit 3346Allow group or world writable directories 3347if the sticky bit is set on the directory. 3348Do not set this on systems which do not honor 3349the sticky bit on directories. 3350.ip WorldWritableAliasFile 3351Accept world-writable alias files. 3352.ip WorldWritableForwardfile 3353Allow world writable 3354.i \&.forward 3355files. 3356.ip WorldWritableIncludefile 3357Allow world wriable 3358.i :include: 3359files. 3360.ip WriteMapToHardLink 3361Allow writes to maps that are hard links. 3362.ip WriteMapToSymLink 3363Allow writes to maps that are symbolic links. 3364.ip WriteStatsToHardLink 3365Allow the status file to be a hard link. 3366.ip WriteStatsToSymLink 3367Allow the status file to be a symbolic link. 3368.sh 2 "Connection Caching" 3369.pp 3370When processing the queue, 3371.i sendmail 3372will try to keep the last few open connections open 3373to avoid startup and shutdown costs. 3374This only applies to IPC and LPC connections. 3375.pp 3376When trying to open a connection 3377the cache is first searched. 3378If an open connection is found, it is probed to see if it is still active 3379by sending a 3380.sm RSET 3381command. 3382It is not an error if this fails; 3383instead, the connection is closed and reopened. 3384.pp 3385Two parameters control the connection cache. 3386The 3387.b ConnectionCacheSize 3388(\c 3389.b k ) 3390option defines the number of simultaneous open connections 3391that will be permitted. 3392If it is set to zero, 3393connections will be closed as quickly as possible. 3394The default is one. 3395This should be set as appropriate for your system size; 3396it will limit the amount of system resources that 3397.i sendmail 3398will use during queue runs. 3399Never set this higher than 4. 3400.pp 3401The 3402.b ConnectionCacheTimeout 3403(\c 3404.b K ) 3405option specifies the maximum time that any cached connection 3406will be permitted to idle. 3407When the idle time exceeds this value 3408the connection is closed. 3409This number should be small 3410(under ten minutes) 3411to prevent you from grabbing too many resources 3412from other hosts. 3413The default is five minutes. 3414.sh 2 "Name Server Access" 3415.pp 3416Control of host address lookups is set by the 3417.b hosts 3418service entry in your service switch file. 3419If you are on a system that has built-in service switch support 3420(e.g., Ultrix, Solaris, or DEC OSF/1) 3421then your system is probably configured properly already. 3422Otherwise, 3423.i sendmail 3424will consult the file 3425.b /etc/mail/service.switch , 3426which should be created. 3427.i Sendmail 3428only uses two entries: 3429.b hosts 3430and 3431.b aliases , 3432although system routines may use other services 3433(notably the 3434.b passwd 3435service for user name lookups by 3436.i getpwname ). 3437.pp 3438However, some systems (such as SunOS 4.X) 3439will do DNS lookups 3440regardless of the setting of the service switch entry. 3441In particular, the system routine 3442.i gethostbyname (3) 3443is used to look up host names, 3444and many vendor versions try some combination of DNS, NIS, 3445and file lookup in /etc/hosts 3446without consulting a service switch. 3447.i Sendmail 3448makes no attempt to work around this problem, 3449and the DNS lookup will be done anyway. 3450If you do not have a nameserver configured at all, 3451such as at a UUCP-only site, 3452.i sendmail 3453will get a 3454.q "connection refused" 3455message when it tries to connect to the name server. 3456If the 3457.b hosts 3458switch entry has the service 3459.q dns 3460listed somewhere in the list, 3461.i sendmail 3462will interpret this to mean a temporary failure 3463and will queue the mail for later processing; 3464otherwise, it ignores the name server data. 3465.pp 3466The same technique is used to decide whether to do MX lookups. 3467If you want MX support, you 3468.i must 3469have 3470.q dns 3471listed as a service in the 3472.b hosts 3473switch entry. 3474.pp 3475The 3476.b ResolverOptions 3477(\c 3478.b I ) 3479option allows you to tweak name server options. 3480The command line takes a series of flags as documented in 3481.i resolver (3) 3482(with the leading 3483.q RES_ 3484deleted). 3485Each can be preceded by an optional `+' or `\(mi'. 3486For example, the line 3487.(b 3488O ResolverOptions=+AAONLY \(miDNSRCH 3489.)b 3490turns on the AAONLY (accept authoritative answers only) 3491and turns off the DNSRCH (search the domain path) options. 3492Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE 3493flags on and all others off. 3494If NETINET6 is enabled, most libraries default to USE_INET6 as well. 3495You can also include 3496.q HasWildcardMX 3497to specify that there is a wildcard MX record matching your domain; 3498this turns off MX matching when canonifying names, 3499which can lead to inappropriate canonifications. 3500Use 3501.q WorkAroundBrokenAAAA 3502when faced with a broken nameserver that returns SERVFAIL 3503(a temporary failure) 3504on T_AAAA (IPv6) lookups 3505during hostname canonification. 3506Notice: it might be necessary to apply the same (or similar) options to 3507.i submit.cf 3508too. 3509.pp 3510Version level 1 configurations (see the section about 3511``Configuration Version Level'') 3512turn DNSRCH and DEFNAMES off when doing delivery lookups, 3513but leave them on everywhere else. 3514Version 8 of 3515.i sendmail 3516ignores them when doing canonification lookups 3517(that is, when using $[ ... $]), 3518and always does the search. 3519If you don't want to do automatic name extension, 3520don't call $[ ... $]. 3521.pp 3522The search rules for $[ ... $] are somewhat different than usual. 3523If the name being looked up 3524has at least one dot, it always tries the unmodified name first. 3525If that fails, it tries the reduced search path, 3526and lastly tries the unmodified name 3527(but only for names without a dot, 3528since names with a dot have already been tried). 3529This allows names such as 3530``utc.CS'' 3531to match the site in Czechoslovakia 3532rather than the site in your local Computer Science department. 3533It also prefers A and CNAME records over MX records \- 3534that is, if it finds an MX record it makes note of it, 3535but keeps looking. 3536This way, if you have a wildcard MX record matching your domain, 3537it will not assume that all names match. 3538.pp 3539To completely turn off all name server access 3540on systems without service switch support 3541(such as SunOS 4.X) 3542you will have to recompile with 3543\-DNAMED_BIND=0 3544and remove \-lresolv from the list of libraries to be searched 3545when linking. 3546.sh 2 "Moving the Per-User Forward Files" 3547.pp 3548Some sites mount each user's home directory 3549from a local disk on their workstation, 3550so that local access is fast. 3551However, the result is that .forward file lookups 3552from a central mail server are slow. 3553In some cases, 3554mail can even be delivered on machines inappropriately 3555because of a file server being down. 3556The performance can be especially bad if you run the automounter. 3557.pp 3558The 3559.b ForwardPath 3560(\c 3561.b J ) 3562option allows you to set a path of forward files. 3563For example, the config file line 3564.(b 3565O ForwardPath=/var/forward/$u:$z/.forward.$w 3566.)b 3567would first look for a file with the same name as the user's login 3568in /var/forward; 3569if that is not found (or is inaccessible) 3570the file 3571``.forward.\c 3572.i machinename '' 3573in the user's home directory is searched. 3574A truly perverse site could also search by sender 3575by using $r, $s, or $f. 3576.pp 3577If you create a directory such as /var/forward, 3578it should be mode 1777 3579(that is, the sticky bit should be set). 3580Users should create the files mode 0644. 3581Note that you must use the 3582ForwardFileInUnsafeDirPath and 3583ForwardFileInUnsafeDirPathSafe 3584flags with the 3585.b DontBlameSendmail 3586option to allow forward files in a world writable directory. 3587This might also be used as a denial of service attack 3588(users could create forward files for other users); 3589a better approach might be to create 3590/var/forward 3591mode 0755 3592and create empty files for each user, 3593owned by that user, 3594mode 0644. 3595If you do this, you don't have to set the DontBlameSendmail options 3596indicated above. 3597.sh 2 "Free Space" 3598.pp 3599On systems that have one of the system calls in the 3600.i statfs (2) 3601family 3602(including 3603.i statvfs 3604and 3605.i ustat ), 3606you can specify a minimum number of free blocks on the queue filesystem 3607using the 3608.b MinFreeBlocks 3609(\c 3610.b b ) 3611option. 3612If there are fewer than the indicated number of blocks free 3613on the filesystem on which the queue is mounted 3614the SMTP server will reject mail 3615with the 3616452 error code. 3617This invites the SMTP client to try again later. 3618.pp 3619Beware of setting this option too high; 3620it can cause rejection of email 3621when that mail would be processed without difficulty. 3622.sh 2 "Maximum Message Size" 3623.pp 3624To avoid overflowing your system with a large message, 3625the 3626.b MaxMessageSize 3627option can be set to set an absolute limit 3628on the size of any one message. 3629This will be advertised in the ESMTP dialogue 3630and checked during message collection. 3631.sh 2 "Privacy Flags" 3632.pp 3633The 3634.b PrivacyOptions 3635(\c 3636.b p ) 3637option allows you to set certain 3638``privacy'' 3639flags. 3640Actually, many of them don't give you any extra privacy, 3641rather just insisting that client SMTP servers 3642use the HELO command 3643before using certain commands 3644or adding extra headers to indicate possible spoof attempts. 3645.pp 3646The option takes a series of flag names; 3647the final privacy is the inclusive or of those flags. 3648For example: 3649.(b 3650O PrivacyOptions=needmailhelo, noexpn 3651.)b 3652insists that the HELO or EHLO command be used before a MAIL command is accepted 3653and disables the EXPN command. 3654.pp 3655The flags are detailed in section 3656.\"XREF 36575.6. 3658.sh 2 "Send to Me Too" 3659.pp 3660Beginning with version 8.10, 3661.i sendmail 3662includes by default the (envelope) sender in any list expansions. 3663For example, if 3664.q matt 3665sends to a list that contains 3666.q matt 3667as one of the members he will get a copy of the message. 3668If the 3669.b MeToo 3670option is set to 3671.sm FALSE 3672(in the configuration file or via the command line), 3673this behavior is changed, i.e., 3674the (envelope) sender is excluded in list expansions. 3675.sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE" 3676.pp 3677This section describes the configuration file 3678in detail. 3679.pp 3680There is one point that should be made clear immediately: 3681the syntax of the configuration file 3682is designed to be reasonably easy to parse, 3683since this is done every time 3684.i sendmail 3685starts up, 3686rather than easy for a human to read or write. 3687The configuration file should be generated via the method described in 3688.b cf/README , 3689it should not be edited directly unless someone is familiar 3690with the internals of the syntax described here and it is 3691not possible to achieve the desired result via the default method. 3692.pp 3693The configuration file is organized as a series of lines, 3694each of which begins with a single character 3695defining the semantics for the rest of the line. 3696Lines beginning with a space or a tab 3697are continuation lines 3698(although the semantics are not well defined in many places). 3699Blank lines and lines beginning with a sharp symbol 3700(`#') 3701are comments. 3702.sh 2 "R and S \- Rewriting Rules" 3703.pp 3704The core of address parsing 3705are the rewriting rules. 3706These are an ordered production system. 3707.i Sendmail 3708scans through the set of rewriting rules 3709looking for a match on the left hand side 3710(LHS) 3711of the rule. 3712When a rule matches, 3713the address is replaced by the right hand side 3714(RHS) 3715of the rule. 3716.pp 3717There are several sets of rewriting rules. 3718Some of the rewriting sets are used internally 3719and must have specific semantics. 3720Other rewriting sets 3721do not have specifically assigned semantics, 3722and may be referenced by the mailer definitions 3723or by other rewriting sets. 3724.pp 3725The syntax of these two commands are: 3726.(b F 3727.b S \c 3728.i n 3729.)b 3730Sets the current ruleset being collected to 3731.i n . 3732If you begin a ruleset more than once 3733it appends to the old definition. 3734.(b F 3735.b R \c 3736.i lhs 3737.i rhs 3738.i comments 3739.)b 3740The 3741fields must be separated 3742by at least one tab character; 3743there may be embedded spaces 3744in the fields. 3745The 3746.i lhs 3747is a pattern that is applied to the input. 3748If it matches, 3749the input is rewritten to the 3750.i rhs . 3751The 3752.i comments 3753are ignored. 3754.pp 3755Macro expansions of the form 3756.b $ \c 3757.i x 3758are performed when the configuration file is read. 3759A literal 3760.b $ 3761can be included using 3762.b $$ . 3763Expansions of the form 3764.b $& \c 3765.i x 3766are performed at run time using a somewhat less general algorithm. 3767This is intended only for referencing internally defined macros 3768such as 3769.b $h 3770that are changed at runtime. 3771.sh 3 "The left hand side" 3772.pp 3773The left hand side of rewriting rules contains a pattern. 3774Normal words are simply matched directly. 3775Metasyntax is introduced using a dollar sign. 3776The metasymbols are: 3777.(b 3778.ta \w'\fB$=\fP\fIx\fP 'u 3779\fB$\fP Match zero or more tokens 3780\fB$+\fP Match one or more tokens 3781\fB$\-\fP Match exactly one token 3782\fB$=\fP\fIx\fP Match any phrase in class \fIx\fP 3783\fB$~\fP\fIx\fP Match any word not in class \fIx\fP 3784.)b 3785If any of these match, 3786they are assigned to the symbol 3787.b $ \c 3788.i n 3789for replacement on the right hand side, 3790where 3791.i n 3792is the index in the LHS. 3793For example, 3794if the LHS: 3795.(b 3796$\-:$+ 3797.)b 3798is applied to the input: 3799.(b 3800UCBARPA:eric 3801.)b 3802the rule will match, and the values passed to the RHS will be: 3803.(b 3804.ta 4n 3805$1 UCBARPA 3806$2 eric 3807.)b 3808.pp 3809Additionally, the LHS can include 3810.b $@ 3811to match zero tokens. 3812This is 3813.i not 3814bound to a 3815.b $ \c 3816.i n 3817on the RHS, and is normally only used when it stands alone 3818in order to match the null input. 3819.sh 3 "The right hand side" 3820.pp 3821When the left hand side of a rewriting rule matches, 3822the input is deleted and replaced by the right hand side. 3823Tokens are copied directly from the RHS 3824unless they begin with a dollar sign. 3825Metasymbols are: 3826.(b 3827.ta \w'$#mailer\0\0\0'u 3828\fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS 3829\fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP 3830\fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP 3831* Generalized keyed mapping function 3832\fB$>\fP\fIn\fP \(lqCall\(rq ruleset \fIn\fP 3833\fB$#\fP\fImailer\fP Resolve to \fImailer\fP 3834\fB$@\fP\fIhost\fP Specify \fIhost\fP 3835\fB$:\fP\fIuser\fP Specify \fIuser\fP 3836.)b 3837.pp 3838The 3839.b $ \c 3840.i n 3841syntax substitutes the corresponding value from a 3842.b $+ , 3843.b $\- , 3844.b $* , 3845.b $= , 3846or 3847.b $~ 3848match on the LHS. 3849It may be used anywhere. 3850.pp 3851A host name enclosed between 3852.b $[ 3853and 3854.b $] 3855is looked up in the host database(s) 3856and replaced by the canonical name\*. 3857.(f 3858\This is actually 3859completely equivalent 3860to $(host \fIhostname\fP$). 3861In particular, a 3862.b $: 3863default can be used. 3864.)f 3865For example, 3866.q $[ftp$] 3867might become 3868.q ftp.CS.Berkeley.EDU 3869and 3870.q $[[128.32.130.2]$] 3871would become 3872.q vangogh.CS.Berkeley.EDU. 3873.i Sendmail 3874recognizes its numeric IP address 3875without calling the name server 3876and replaces it with its canonical name. 3877.pp 3878The 3879.b $( 3880\&... 3881.b $) 3882syntax is a more general form of lookup; 3883it uses a named map instead of an implicit map. 3884If no lookup is found, the indicated 3885.i default 3886is inserted; 3887if no default is specified and no lookup matches, 3888the value is left unchanged. 3889The 3890.i arguments 3891are passed to the map for possible use. 3892.pp 3893The 3894.b $> \c 3895.i n 3896syntax 3897causes the remainder of the line to be substituted as usual 3898and then passed as the argument to ruleset 3899.i n . 3900The final value of ruleset 3901.i n 3902then becomes 3903the substitution for this rule. 3904The 3905.b $> 3906syntax expands everything after the ruleset name 3907to the end of the replacement string 3908and then passes that as the initial input to the ruleset. 3909Recursive calls are allowed. 3910For example, 3911.(b 3912$>0 $>3 $1 3913.)b 3914expands $1, passes that to ruleset 3, and then passes the result 3915of ruleset 3 to ruleset 0. 3916.pp 3917The 3918.b $# 3919syntax should 3920.i only 3921be used in ruleset zero, 3922a subroutine of ruleset zero, 3923or rulesets that return decisions (e.g., check_rcpt). 3924It causes evaluation of the ruleset to terminate immediately, 3925and signals to 3926.i sendmail 3927that the address has completely resolved. 3928The complete syntax for ruleset 0 is: 3929.(b 3930\fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP 3931.)b 3932This specifies the 3933{mailer, host, user} 39343-tuple necessary to direct the mailer. 3935Note: the third element ( 3936.i user 3937) is often also called 3938.i address 3939part. 3940If the mailer is local 3941the host part may be omitted\. 3942.(f 3943\You may want to use it for special 3944.q "per user" 3945extensions. 3946For example, in the address 3947.q jgm+foo@CMU.EDU ; 3948the 3949.q +foo 3950part is not part of the user name, 3951and is passed to the local mailer for local use. 3952.)f 3953The 3954.i mailer 3955must be a single word, 3956but the 3957.i host 3958and 3959.i user 3960may be multi-part. 3961If the 3962.i mailer 3963is the built-in IPC mailer, 3964the 3965.i host 3966may be a colon-separated list of hosts 3967that are searched in order for the first working address 3968(exactly like MX records). 3969The 3970.i user 3971is later rewritten by the mailer-specific envelope rewriting set 3972and assigned to the 3973.b $u 3974macro. 3975As a special case, if the mailer specified has the 3976.b F=@ 3977flag specified 3978and the first character of the 3979.b $: 3980value is 3981.q @ , 3982the 3983.q @ 3984is stripped off, and a flag is set in the address descriptor 3985that causes sendmail to not do ruleset 5 processing. 3986.pp 3987Normally, a rule that matches is retried, 3988that is, 3989the rule loops until it fails. 3990A RHS may also be preceded by a 3991.b $@ 3992or a 3993.b $: 3994to change this behavior. 3995A 3996.b $@ 3997prefix causes the ruleset to return with the remainder of the RHS 3998as the value. 3999A 4000.b $: 4001prefix causes the rule to terminate immediately, 4002but the ruleset to continue; 4003this can be used to avoid continued application of a rule. 4004The prefix is stripped before continuing. 4005.pp 4006The 4007.b $@ 4008and 4009.b $: 4010prefixes may precede a 4011.b $> 4012spec; 4013for example: 4014.(b 4015.ta 8n 4016R$+ $: $>7 $1 4017.)b 4018matches anything, 4019passes that to ruleset seven, 4020and continues; 4021the 4022.b $: 4023is necessary to avoid an infinite loop. 4024.pp 4025Substitution occurs in the order described, 4026that is, 4027parameters from the LHS are substituted, 4028hostnames are canonicalized, 4029.q subroutines 4030are called, 4031and finally 4032.b $# , 4033.b $@ , 4034and 4035.b $: 4036are processed. 4037.sh 3 "Semantics of rewriting rule sets" 4038.pp 4039There are six rewriting sets 4040that have specific semantics. 4041Five of these are related as depicted by figure 1. 4042.(z 4043.hl 4044.ie n \{\ 4045.(c 4046* +---+ 4047 -->\| 0 \|-->resolved address 4048 / +---+ 4049 / +---+ +---+ 4050 / ---->\| 1 \|-->\| S \|-- 4051 +---+ / +---+ / +---+ +---+ \e +---+ 4052addr-->\| 3 \|-->\| D \|-- --->\| 4 \|-->msg 4053 +---+ +---+ \e +---+ +---+ / +---+ 4054 --->\| 2 \|-->\| R \|-- 4055 +---+ +---+ 4056.)c 4057 4058.\} 4059.el \{\ 4060.ie !"\(.T"" \{\ 4061.PS 4062boxwid = 0.3i 4063boxht = 0.3i 4064movewid = 0.3i 4065moveht = 0.3i 4066linewid = 0.3i 4067lineht = 0.3i 4068* 4069 box invis "addr"; arrow 4070Box3: box "3" 4071A1: arrow 4072BoxD: box "D"; line; L1: Here 4073C: [ 4074 C1: arrow; box "1"; arrow; box "S"; line; E1: Here 4075 move to C1 down 0.5; right 4076 C2: arrow; box "2"; arrow; box "R"; line; E2: Here 4077 ] with .w at L1 + (0.5, 0) 4078 move to C.e right 0.5 4079L4: arrow; box "4"; arrow; box invis "msg" 4080 line from L1 to C.C1 4081 line from L1 to C.C2 4082 line from C.E1 to L4 4083 line from C.E2 to L4 4084 move to BoxD.n up 0.6; right 4085Box0: arrow; box "0" 4086 arrow; box invis "resolved address" width 1.3 4087 line from 1/3 of the way between A1 and BoxD.w to Box0 4088.PE 4089.\} 4090.el .sp 2i 4091.\} 4092.ce 4093Figure 1 \- Rewriting set semantics 4094.(c 4095D \- sender domain addition 4096S \- mailer-specific sender rewriting 4097R \- mailer-specific recipient rewriting 4098.)c 4099.hl 4100.)z 4101.pp 4102Ruleset three 4103should turn the address into 4104.q "canonical form." 4105This form should have the basic syntax: 4106.(b 4107local-part@host-domain-spec 4108.)b 4109Ruleset three 4110is applied by 4111.i sendmail 4112before doing anything with any address. 4113.pp 4114If no 4115.q @ 4116sign is specified, 4117then the 4118host-domain-spec 4119.i may 4120be appended (box 4121.q D 4122in Figure 1) 4123from the 4124sender address 4125(if the 4126.b C 4127flag is set in the mailer definition 4128corresponding to the 4129.i sending 4130mailer). 4131.pp 4132Ruleset zero 4133is applied after ruleset three 4134to addresses that are going to actually specify recipients. 4135It must resolve to a 4136.i "{mailer, host, address}" 4137triple. 4138The 4139.i mailer 4140must be defined in the mailer definitions 4141from the configuration file. 4142The 4143.i host 4144is defined into the 4145.b $h 4146macro 4147for use in the argv expansion of the specified mailer. 4148Notice: since the envelope sender address will be used if 4149a delivery status notification must be send, 4150i.e., is may specify a recipient, 4151it is also run through ruleset zero. 4152If ruleset zero returns a temporary error 4153.b 4xy 4154then delivery is deferred. 4155This can be used to temporarily disable delivery, 4156e.g., based on the time of the day or other varying parameters. 4157It should not be used to quarantine e-mails. 4158.pp 4159Rulesets one and two 4160are applied to all sender and recipient addresses respectively. 4161They are applied before any specification 4162in the mailer definition. 4163They must never resolve. 4164.pp 4165Ruleset four is applied to all addresses 4166in the message. 4167It is typically used 4168to translate internal to external form. 4169.pp 4170In addition, 4171ruleset 5 is applied to all local addresses 4172(specifically, those that resolve to a mailer with the `F=5' 4173flag set) 4174that do not have aliases. 4175This allows a last minute hook for local names. 4176.sh 3 "Ruleset hooks" 4177.pp 4178A few extra rulesets are defined as 4179.q hooks 4180that can be defined to get special features. 4181They are all named rulesets. 4182The 4183.q check_* 4184forms all give accept/reject status; 4185falling off the end or returning normally is an accept, 4186and resolving to 4187.b $#error 4188is a reject or quarantine. 4189Quarantining is chosen by specifying 4190.b quarantine 4191in the second part of the mailer triplet: 4192.(b 4193$#error $@ quarantine $: Reason for quarantine 4194.)b 4195Many of these can also resolve to the special mailer name 4196.b $#discard ; 4197this accepts the message as though it were successful 4198but then discards it without delivery. 4199Note, 4200this mailer cannot be chosen as a mailer in ruleset 0. 4201Note also that all 4202.q check_* 4203rulesets have to deal with temporary failures, especially for map lookups, 4204themselves, i.e., they should return a temporary error code 4205or at least they should make a proper decision in those cases. 4206.sh 4 "check_relay" 4207.pp 4208The 4209.i check_relay 4210ruleset is called after a connection is accepted by the daemon. 4211It is not called when sendmail is started using the 4212.b \-bs 4213option. 4214It is passed 4215.(b 4216client.host.name $\| client.host.address 4217.)b 4218where 4219.b $\| 4220is a metacharacter separating the two parts. 4221This ruleset can reject connections from various locations. 4222Note that it only checks the connecting SMTP client IP address and hostname. 4223It does not check for third party message relaying. 4224The 4225.i check_rcpt 4226ruleset discussed below usually does third party message relay checking. 4227.sh 4 "check_mail" 4228.pp 4229The 4230.i check_mail 4231ruleset is passed the user name parameter of the 4232.sm "SMTP MAIL" 4233command. 4234It can accept or reject the address. 4235.sh 4 "check_rcpt" 4236.pp 4237The 4238.i check_rcpt 4239ruleset is passed the user name parameter of the 4240.sm "SMTP RCPT" 4241command. 4242It can accept or reject the address. 4243.sh 4 "check_data" 4244.pp 4245The 4246.i check_data 4247ruleset is called after the 4248.sm "SMTP DATA" 4249command, its parameter is the number of recipients. 4250It can accept or reject the command. 4251.sh 4 "check_compat" 4252.pp 4253The 4254.i check_compat 4255ruleset is passed 4256.(b 4257sender-address $\| recipient-address 4258.)b 4259where 4260.b $\| 4261is a metacharacter separating the addresses. 4262It can accept or reject mail transfer between these two addresses 4263much like the 4264.i checkcompat() 4265function. 4266Note: 4267while other 4268.i check_* 4269rulesets are invoked during the SMTP mail receiption stage 4270(i.e., in the SMTP server), 4271.i check_compat 4272is invoked during the mail delivery stage. 4273.sh 4 "check_eoh" 4274.pp 4275The 4276.i check_eoh 4277ruleset is passed 4278.(b 4279number-of-headers $\| size-of-headers 4280.)b 4281where 4282.b $\| 4283is a metacharacter separating the numbers. 4284These numbers can be used for size comparisons with the 4285.b arith 4286map. 4287The ruleset is triggered after 4288all of the headers have been read. 4289It can be used to correlate information gathered 4290from those headers using the 4291.b macro 4292storage map. 4293One possible use is to check for a missing header. 4294For example: 4295.(b 4296.ta 1.5i 4297Kstorage macro 4298HMessage-Id: $>CheckMessageId 4299 4300SCheckMessageId 4301# Record the presence of the header 4302R$* $: $(storage {MessageIdCheck} $@ OK $) $1 4303R< $+ @ $+ > $@ OK 4304R$* $#error $: 553 Header Error 4305 4306Scheck_eoh 4307# Check the macro 4308R$* $: < $&{MessageIdCheck} > 4309# Clear the macro for the next message 4310R$* $: $(storage {MessageIdCheck} $) $1 4311# Has a Message-Id: header 4312R< $+ > $@ OK 4313# Allow missing Message-Id: from local mail 4314R$* $: < $&{client_name} > 4315R< > $@ OK 4316R< $=w > $@ OK 4317# Otherwise, reject the mail 4318R$* $#error $: 553 Header Error 4319.)b 4320Keep in mind the Message-Id: header is not a required header and 4321is not a guaranteed spam indicator. 4322This ruleset is an example and 4323should probably not be used in production. 4324.sh 4 "check_eom" 4325.pp 4326The 4327.i check_eom 4328ruleset is called after the end of a message, 4329its parameter is the message size. 4330It can accept or reject the message. 4331.sh 4 "check_etrn" 4332.pp 4333The 4334.i check_etrn 4335ruleset is passed the parameter of the 4336.sm "SMTP ETRN" 4337command. 4338It can accept or reject the command. 4339.sh 4 "check_expn" 4340.pp 4341The 4342.i check_expn 4343ruleset is passed the user name parameter of the 4344.sm "SMTP EXPN" 4345command. 4346It can accept or reject the address. 4347.sh 4 "check_vrfy" 4348.pp 4349The 4350.i check_vrfy 4351ruleset is passed the user name parameter of the 4352.sm "SMTP VRFY" 4353command. 4354It can accept or reject the command. 4355.sh 4 "trust_auth" 4356.pp 4357The 4358.i trust_auth 4359ruleset is passed the AUTH= parameter of the 4360.sm "SMTP MAIL" 4361command. 4362It is used to determine whether this value should be 4363trusted. In order to make this decision, the ruleset 4364may make use of the various 4365.b ${auth_} 4366macros. 4367If the ruleset does resolve to the 4368.q error 4369mailer the AUTH= parameter is not trusted and hence 4370not passed on to the next relay. 4371.sh 4 "tls_client" 4372.pp 4373The 4374.i tls_client 4375ruleset is called when sendmail acts as server, after a STARTTLS command 4376has been issued, and from 4377.i check_mail. 4378The parameter is the value of 4379.b ${verify} 4380and STARTTLS or MAIL, respectively. 4381If the ruleset does resolve to the 4382.q error 4383mailer, the appropriate error code is returned to the client. 4384.sh 4 "tls_server" 4385.pp 4386The 4387.i tls_server 4388ruleset is called when sendmail acts as client after a STARTTLS command 4389(should) have been issued. 4390The parameter is the value of 4391.b ${verify} . 4392If the ruleset does resolve to the 4393.q error 4394mailer, the connection is aborted 4395(treated as non-deliverable with a permanent or temporary error). 4396.sh 4 "tls_rcpt" 4397.pp 4398The 4399.i tls_rcpt 4400ruleset is called each time before a RCPT TO command is sent. 4401The parameter is the current recipient. 4402If the ruleset does resolve to the 4403.q error 4404mailer, the RCPT TO command is suppressed 4405(treated as non-deliverable with a permanent or temporary error). 4406This ruleset allows to require encryption or verification of 4407the recipient's MTA even if the mail is somehow redirected 4408to another host. 4409For example, sending mail to 4410.i luke@endmail.org 4411may get redirected to a host named 4412.i death.star 4413and hence the tls_server ruleset won't apply. 4414By introducing per recipient restrictions such attacks 4415(e.g., via DNS spoofing) can be made impossible. 4416See 4417.i cf/README 4418how this ruleset can be used. 4419.sh 4 "srv_features" 4420.pp 4421The 4422.i srv_features 4423ruleset is called with the connecting client's host name 4424when a client connects to sendmail. 4425This ruleset should return 4426.b $# 4427followed by a list of options (single characters 4428delimited by white space). 4429If the return value starts with anything else it is silently ignored. 4430Generally upper case characters turn off a feature 4431while lower case characters turn it on. 4432Option `S' causes the server not to offer STARTTLS, 4433which is useful to interact with MTAs/MUAs that have broken 4434STARTTLS implementations by simply not offering it. 4435`V' turns off the request for a client certificate during the TLS handshake. 4436Options `A' and `P' suppress SMTP AUTH and PIPELINING, respectively. 4437`c' is the equivalent to AuthOptions=p, i.e., 4438it doesn't permit mechanisms susceptible to simple 4439passive attack (e.g., PLAIN, LOGIN), unless a security layer is active. 4440Option `l' requires SMTP AUTH for a connection. 4441Options 'B', 'D', 'E', and 'X' suppress SMTP VERB, DSN, ETRN, and EXPN, 4442respectively. 4443.(b 4444.ta 9n 4445A Do not offer AUTH 4446a Offer AUTH (default) 4447B Do not offer VERB 4448b Offer VERB (default) 4449C Do not require security layer for 4450* plaintext AUTH (default) 4451c Require security layer for plaintext AUTH 4452D Do not offer DSN 4453d Offer DSN (default) 4454E Do not offer ETRN 4455e Offer ETRN (default) 4456L Do not require AUTH (default) 4457l Require AUTH 4458P Do not offer PIPELINING 4459p Offer PIPELINING (default) 4460S Do not offer STARTTLS 4461s Offer STARTTLS (default) 4462V Do not request a client certificate 4463v Request a client certificate (default) 4464X Do not offer EXPN 4465x Offer EXPN (default) 4466.)b 4467Note: the entries marked as ``(default)'' may require that some 4468configuration has been made, e.g., SMTP AUTH is only available if 4469properly configured. 4470Moreover, many options can be changed on a global basis via other 4471settings as explained in this document, e.g., via DaemonPortOptions. 4472.pp 4473The ruleset may return `$#temp' to indicate that there is a temporary 4474problem determining the correct features, e.g., if a map is unavailable. 4475In that case, the SMTP server issues a temporary failure and does not 4476accept email. 4477.sh 4 "try_tls" 4478.pp 4479The 4480.i try_tls 4481ruleset is called when sendmail connects to another MTA. 4482If the ruleset does resolve to the 4483.q error 4484mailer, sendmail does not try STARTTLS even if it is offered. 4485This is useful to interact with MTAs that have broken 4486STARTTLS implementations by simply not using it. 4487.sh 4 "authinfo" 4488.pp 4489The 4490.i authinfo 4491ruleset is called when sendmail tries to authenticate to another MTA. 4492It should return 4493.b $# 4494followed by a list of tokens that are used for SMTP AUTH. 4495If the return value starts with anything else it is silently ignored. 4496Each token is a tagged string of the form: 4497"TDstring" 4498(including the quotes), where 4499.(b 4500.ta 9n 4501T Tag which describes the item 4502D Delimiter: ':' simple text follows 4503 '=' string is base64 encoded 4504string Value of the item 4505.)b 4506Valid values for the tag are: 4507.(b 4508.ta 9n 4509U user (authorization) id 4510I authentication id 4511P password 4512R realm 4513M list of mechanisms delimited by spaces 4514.)b 4515If this ruleset is defined, the option 4516.b DefaultAuthInfo 4517is ignored (even if the ruleset does not return a ``useful'' result). 4518.sh 4 "queuegroup" 4519.pp 4520The 4521.i queuegroup 4522ruleset is used to map a recipient address to a queue group name. 4523The input for the ruleset is a recipient address as specified by the 4524.sm "SMTP RCPT" 4525command. 4526The ruleset should return 4527.b $# 4528followed by the name of a queue group. 4529If the return value starts with anything else it is silently ignored. 4530See the section about ``Queue Groups and Queue Directories'' 4531for further information. 4532.sh 4 "greet_pause" 4533.pp 4534The 4535.i greet_pause 4536ruleset is used to specify the amount of time to pause before sending the 4537initial SMTP 220 greeting. 4538If any traffic is received during that pause, an SMTP 554 rejection 4539response is given instead of the 220 greeting and all SMTP commands are 4540rejected during that connection. 4541This helps protect sites from open proxies and SMTP slammers. 4542The ruleset should return 4543.b $# 4544followed by the number of milliseconds (thousandths of a second) to 4545pause. 4546If the return value starts with anything else or is not a number, 4547it is silently ignored. 4548Note: this ruleset is not invoked (and hence the feature is disabled) 4549when the smtps (SMTP over SSL) is used, i.e., 4550the 4551.i s 4552modifier is set for the daemon via 4553.b DaemonPortOptions , 4554because in this case the SSL handshake is performed before 4555the greeting is sent. 4556.sh 3 "IPC mailers" 4557.pp 4558Some special processing occurs 4559if the ruleset zero resolves to an IPC mailer 4560(that is, a mailer that has 4561.q [IPC] 4562listed as the Path in the 4563.b M 4564configuration line. 4565The host name passed after 4566.q $@ 4567has MX expansion performed if not delivering via a named socket; 4568this looks the name up in DNS to find alternate delivery sites. 4569.pp 4570The host name can also be provided as a dotted quad 4571or an IPv6 address in square brackets; 4572for example: 4573.(b 4574[128.32.149.78] 4575.)b 4576or 4577.(b 4578[IPv6:2002:c0a8:51d2::23f4] 4579.)b 4580This causes direct conversion of the numeric value 4581to an IP host address. 4582.pp 4583The host name passed in after the 4584.q $@ 4585may also be a colon-separated list of hosts. 4586Each is separately MX expanded and the results are concatenated 4587to make (essentially) one long MX list. 4588The intent here is to create 4589.q fake 4590MX records that are not published in DNS 4591for private internal networks. 4592.pp 4593As a final special case, the host name can be passed in 4594as a text string 4595in square brackets: 4596.(b 4597[ucbvax.berkeley.edu] 4598.)b 4599This form avoids the MX mapping. 4600.b N.B.: 4601.i 4602This is intended only for situations where you have a network firewall 4603or other host that will do special processing for all your mail, 4604so that your MX record points to a gateway machine; 4605this machine could then do direct delivery to machines 4606within your local domain. 4607Use of this feature directly violates RFC 1123 section 5.3.5: 4608it should not be used lightly. 4609.r 4610.sh 2 "D \- Define Macro" 4611.pp 4612Macros are named with a single character 4613or with a word in {braces}. 4614The names ``x'' and ``{x}'' denote the same macro 4615for every single character ``x''. 4616Single character names may be selected from the entire ASCII set, 4617but user-defined macros 4618should be selected from the set of upper case letters only. 4619Lower case letters 4620and special symbols 4621are used internally. 4622Long names beginning with a lower case letter or a punctuation character 4623are reserved for use by sendmail, 4624so user-defined long macro names should begin with an upper case letter. 4625.pp 4626The syntax for macro definitions is: 4627.(b F 4628.b D \c 4629.i x\\|val 4630.)b 4631where 4632.i x 4633is the name of the macro 4634(which may be a single character 4635or a word in braces) 4636and 4637.i val 4638is the value it should have. 4639There should be no spaces given 4640that do not actually belong in the macro value. 4641.pp 4642Macros are interpolated 4643using the construct 4644.b $ \c 4645.i x , 4646where 4647.i x 4648is the name of the macro to be interpolated. 4649This interpolation is done when the configuration file is read, 4650except in 4651.b M 4652lines. 4653The special construct 4654.b $& \c 4655.i x 4656can be used in 4657.b R 4658lines to get deferred interpolation. 4659.pp 4660Conditionals can be specified using the syntax: 4661.(b 4662$?x text1 $\| text2 $. 4663.)b 4664This interpolates 4665.i text1 4666if the macro 4667.b $x 4668is set and non-null, 4669and 4670.i text2 4671otherwise. 4672The 4673.q else 4674(\c 4675.b $\| ) 4676clause may be omitted. 4677.pp 4678The following macros are defined and/or used internally by 4679.i sendmail 4680for interpolation into argv's for mailers 4681or for other contexts. 4682The ones marked \(dg are information passed into sendmail\, 4683.(f 4684\As of version 8.6, 4685all of these macros have reasonable defaults. 4686Previous versions required that they be defined. 4687.)f 4688the ones marked \(dd are information passed both in and out of sendmail, 4689and the unmarked macros are passed out of sendmail 4690but are not otherwise used internally. 4691These macros are: 4692.nr ii 5n 4693.ip $a 4694The origination date in RFC 822 format. 4695This is extracted from the Date: line. 4696.ip $b 4697The current date in RFC 822 format. 4698.ip $c 4699The hop count. 4700This is a count of the number of Received: lines 4701plus the value of the 4702.b \-h 4703command line flag. 4704.ip $d 4705The current date in UNIX (ctime) format. 4706.ip $e\(dg 4707(Obsolete; use SmtpGreetingMessage option instead.) 4708The SMTP entry message. 4709This is printed out when SMTP starts up. 4710The first word must be the 4711.b $j 4712macro as specified by RFC 821. 4713Defaults to 4714.q "$j Sendmail $v ready at $b" . 4715Commonly redefined to include the configuration version number, e.g., 4716.q "$j Sendmail $v/$Z ready at $b" 4717.ip $f 4718The envelope sender (from) address. 4719.ip $g 4720The sender address relative to the recipient. 4721For example, if 4722.b $f 4723is 4724.q foo , 4725.b $g 4726will be 4727.q host!foo , 4728.q foo@host.domain , 4729or whatever is appropriate for the receiving mailer. 4730.ip $h 4731The recipient host. 4732This is set in ruleset 0 from the $@ field of a parsed address. 4733.ip $i 4734The queue id, 4735e.g., 4736.q f344MXxp018717 . 4737.ip $j\(dd 4738The \(lqofficial\(rq domain name for this site. 4739This is fully qualified if the full qualification can be found. 4740It 4741.i must 4742be redefined to be the fully qualified domain name 4743if your system is not configured so that information can find 4744it automatically. 4745.ip $k 4746The UUCP node name (from the uname system call). 4747.ip $l\(dg 4748(Obsolete; use UnixFromLine option instead.) 4749The format of the UNIX from line. 4750Unless you have changed the UNIX mailbox format, 4751you should not change the default, 4752which is 4753.q "From $g $d" . 4754.ip $m 4755The domain part of the \fIgethostname\fP return value. 4756Under normal circumstances, 4757.b $j 4758is equivalent to 4759.b $w.$m . 4760.ip $n\(dg 4761The name of the daemon (for error messages). 4762Defaults to 4763.q MAILER-DAEMON . 4764.ip $o\(dg 4765(Obsolete: use OperatorChars option instead.) 4766The set of \(lqoperators\(rq in addresses. 4767A list of characters 4768which will be considered tokens 4769and which will separate tokens 4770when doing parsing. 4771For example, if 4772.q @ 4773were in the 4774.b $o 4775macro, then the input 4776.q a@b 4777would be scanned as three tokens: 4778.q a, 4779.q @, 4780and 4781.q b. 4782Defaults to 4783.q ".:@[]" , 4784which is the minimum set necessary to do RFC 822 parsing; 4785a richer set of operators is 4786.q ".:%@!/[]" , 4787which adds support for UUCP, the %-hack, and X.400 addresses. 4788.ip $p 4789Sendmail's process id. 4790.ip $q\(dg 4791Default format of sender address. 4792The 4793.b $q 4794macro specifies how an address should appear in a message 4795when it is defaulted. 4796Defaults to 4797.q "<$g>" . 4798It is commonly redefined to be 4799.q "$?x$x <$g>$\|$g$." 4800or 4801.q "$g$?x ($x)$." , 4802corresponding to the following two formats: 4803.(b 4804Eric Allman <eric@CS.Berkeley.EDU> 4805eric@CS.Berkeley.EDU (Eric Allman) 4806.)b 4807.i Sendmail 4808properly quotes names that have special characters 4809if the first form is used. 4810.ip $r 4811Protocol used to receive the message. 4812Set from the 4813.b \-p 4814command line flag or by the SMTP server code. 4815.ip $s 4816Sender's host name. 4817Set from the 4818.b \-p 4819command line flag or by the SMTP server code 4820(in which case it is set to the EHLO/HELO parameter). 4821.ip $t 4822A numeric representation of the current time in the format YYYYMMDDHHmm 4823(4 digit year 1900-9999, 2 digit month 01-12, 2 digit day 01-31, 48242 digit hours 00-23, 2 digit minutes 00-59). 4825.ip $u 4826The recipient user. 4827.ip $v 4828The version number of the 4829.i sendmail 4830binary. 4831.ip $w\(dd 4832The hostname of this site. 4833This is the root name of this host (but see below for caveats). 4834.ip $x 4835The full name of the sender. 4836.ip $z 4837The home directory of the recipient. 4838.ip $_ 4839The validated sender address. 4840See also 4841.b ${client_resolve} . 4842.ip ${addr_type} 4843The type of the address which is currently being rewritten. 4844This macro contains up to three characters, the first 4845is either `e' or `h' for envelope/header address, 4846the second is a space, 4847and the third is either `s' or `r' for sender/recipient address. 4848.ip ${alg_bits} 4849The maximum keylength (in bits) of the symmetric encryption algorithm 4850used for a TLS connection. 4851This may be less than the effective keylength, 4852which is stored in 4853.b ${cipher_bits} , 4854for ``export controlled'' algorithms. 4855.ip ${auth_authen} 4856The client's authentication credentials as determined by authentication 4857(only set if successful). 4858The format depends on the mechanism used, it might be just `user', 4859or `user@realm', or something similar (SMTP AUTH only). 4860.ip ${auth_author} 4861The authorization identity, i.e. the AUTH= parameter of the 4862.sm "SMTP MAIL" 4863command if supplied. 4864.ip ${auth_type} 4865The mechanism used for SMTP authentication 4866(only set if successful). 4867.ip ${auth_ssf} 4868The keylength (in bits) of the symmetric encryption algorithm 4869used for the security layer of a SASL mechanism. 4870.ip ${bodytype} 4871The message body type 4872(7BIT or 8BITMIME), 4873as determined from the envelope. 4874.ip ${cert_issuer} 4875The DN (distinguished name) of the CA (certificate authority) 4876that signed the presented certificate (the cert issuer) 4877(STARTTLS only). 4878.ip ${cert_md5} 4879The MD5 hash of the presented certificate (STARTTLS only). 4880.ip ${cert_subject} 4881The DN of the presented certificate (called the cert subject) 4882(STARTTLS only). 4883.ip ${cipher} 4884The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 4885EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA 4886(STARTTLS only). 4887.ip ${cipher_bits} 4888The effective keylength (in bits) of the symmetric encryption algorithm 4889used for a TLS connection. 4890.ip ${client_addr} 4891The IP address of the SMTP client. 4892IPv6 addresses are tagged with "IPv6:" before the address. 4893Defined in the SMTP server only. 4894.ip ${client_connections} 4895The number of open connections in the SMTP server for the client IP address. 4896.ip ${client_flags} 4897The flags specified by the 4898Modifier= part of 4899.b ClientPortOptions 4900where flags are separated from each other by spaces 4901and upper case flags are doubled. 4902That is, 4903Modifier=hA 4904will be represented as 4905"h AA" in 4906.b ${client_flags} , 4907which is required for testing the flags in rulesets. 4908.ip ${client_name} 4909The host name of the SMTP client. 4910This may be the client's bracketed IP address 4911in the form [ nnn.nnn.nnn.nnn ] for IPv4 4912and [ IPv6:nnnn:...:nnnn ] for IPv6 4913if the client's 4914IP address is not resolvable, or if it is resolvable 4915but the IP address of the resolved hostname 4916doesn't match the original IP address. 4917Defined in the SMTP server only. 4918See also 4919.b ${client_resolve} . 4920.ip ${client_port} 4921The port number of the SMTP client. 4922Defined in the SMTP server only. 4923.ip ${client_ptr} 4924The result of the PTR lookup for the client IP address. 4925Note: this is the same as 4926.b ${client_name} 4927if and only if 4928.b ${client_resolve} 4929is OK. 4930Defined in the SMTP server only. 4931.ip ${client_rate} 4932The number of incoming connections for the client IP address 4933over the time interval specified by ConnectionRateWindowSize. 4934.ip ${client_resolve} 4935Holds the result of the resolve call for 4936.b ${client_name} . 4937Possible values are: 4938.(b 4939.ta 10n 4940OK resolved successfully 4941FAIL permanent lookup failure 4942FORGED forward lookup doesn't match reverse lookup 4943TEMP temporary lookup failure 4944.)b 4945Defined in the SMTP server only. 4946.i sendmail 4947performs a hostname lookup on the IP address of the connecting client. 4948Next the IP addresses of that hostname are looked up. 4949If the client IP address does not appear in that list, 4950then the hostname is maybe forged. 4951This is reflected as the value FORGED for 4952.b ${client_resolve} 4953and it also shows up in 4954.b $_ 4955as "(may be forged)". 4956.ip ${cn_issuer} 4957The CN (common name) of the CA that signed the presented certificate 4958(STARTTLS only). 4959Note: if the CN cannot be extracted properly it will be replaced by 4960one of these strings based on the encountered error: 4961.(b 4962.ta 25n 4963BadCertificateContainsNUL CN contains a NUL character 4964BadCertificateTooLong CN is too long 4965BadCertificateUnknown CN could not be extracted 4966.)b 4967In the last case, some other (unspecific) error occurred. 4968.ip ${cn_subject} 4969The CN (common name) of the presented certificate 4970(STARTTLS only). 4971See 4972.b ${cn_issuer} 4973for possible replacements. 4974.ip ${currHeader} 4975Header value as quoted string 4976(possibly truncated to 4977.b MAXNAME ). 4978This macro is only available in header check rulesets. 4979.ip ${daemon_addr} 4980The IP address the daemon is listening on for connections. 4981.ip ${daemon_family} 4982The network family 4983if the daemon is accepting network connections. 4984Possible values include 4985.q inet , 4986.q inet6 , 4987.q iso , 4988.q ns , 4989.q x.25 4990.ip ${daemon_flags} 4991The flags for the daemon as specified by the 4992Modifier= part of 4993.b DaemonPortOptions 4994whereby the flags are separated from each other by spaces, 4995and upper case flags are doubled. 4996That is, 4997Modifier=Ea 4998will be represented as 4999"EE a" in 5000.b ${daemon_flags} , 5001which is required for testing the flags in rulesets. 5002.ip ${daemon_info} 5003Some information about a daemon as a text string. 5004For example, 5005.q SMTP+queueing@00:30:00 . 5006.ip ${daemon_name} 5007The name of the daemon from 5008.b DaemonPortOptions 5009Name= suboption. 5010If this suboption is not set, 5011"Daemon#", 5012where # is the daemon number, 5013is used. 5014.ip ${daemon_port} 5015The port the daemon is accepting connection on. 5016Unless 5017.b DaemonPortOptions 5018is set, this will most likely be 5019.q 25 . 5020.ip ${deliveryMode} 5021The current delivery mode sendmail is using. 5022It is initially set to the value of the 5023.b DeliveryMode 5024option. 5025.ip ${envid} 5026The envelope id parameter (ENVID=) passed to sendmail as part of the envelope. 5027.ip ${hdrlen} 5028The length of the header value which is stored in 5029${currHeader} (before possible truncation). 5030If this value is greater than or equal to 5031.b MAXNAME 5032the header has been truncated. 5033.ip ${hdr_name} 5034The name of the header field for which the current header 5035check ruleset has been called. 5036This is useful for a default header check ruleset to get 5037the name of the header; 5038the macro is only available in header check rulesets. 5039.ip ${if_addr} 5040The IP address of the interface of an incoming connection 5041unless it is in the loopback net. 5042IPv6 addresses are tagged with "IPv6:" before the address. 5043.ip ${if_addr_out} 5044The IP address of the interface of an outgoing connection 5045unless it is in the loopback net. 5046IPv6 addresses are tagged with "IPv6:" before the address. 5047.ip ${if_family} 5048The IP family of the interface of an incoming connection 5049unless it is in the loopback net. 5050.ip ${if_family_out} 5051The IP family of the interface of an outgoing connection 5052unless it is in the loopback net. 5053.ip ${if_name} 5054The hostname associated with the interface of an incoming connection. 5055This macro can be used for 5056SmtpGreetingMessage and HReceived for virtual hosting. 5057For example: 5058.(b 5059O SmtpGreetingMessage=$?{if_name}${if_name}$\|$j$. MTA 5060.)b 5061.ip ${if_name_out} 5062The name of the interface of an outgoing connection. 5063.ip ${load_avg} 5064The current load average. 5065.ip ${mail_addr} 5066The address part of the resolved triple of the address given for the 5067.sm "SMTP MAIL" 5068command. 5069Defined in the SMTP server only. 5070.ip ${mail_host} 5071The host from the resolved triple of the address given for the 5072.sm "SMTP MAIL" 5073command. 5074Defined in the SMTP server only. 5075.ip ${mail_mailer} 5076The mailer from the resolved triple of the address given for the 5077.sm "SMTP MAIL" 5078command. 5079Defined in the SMTP server only. 5080.ip ${msg_id} 5081The value of the Message-Id: header. 5082.ip ${msg_size} 5083The value of the SIZE= parameter, 5084i.e., usually the size of the message (in an ESMTP dialogue), 5085before the message has been collected, thereafter 5086the message size as computed by 5087.i sendmail 5088(and can be used in check_compat). 5089.ip ${nbadrcpts} 5090The number of bad recipients for a single message. 5091.ip ${nrcpts} 5092The number of validated recipients for a single message. 5093Note: since recipient validation happens after 5094.i check_rcpt 5095has been called, the value in this ruleset 5096is one less than what might be expected. 5097.ip ${ntries} 5098The number of delivery attempts. 5099.ip ${opMode} 5100The current operation mode (from the 5101.b \-b 5102flag). 5103.ip ${quarantine} 5104The quarantine reason for the envelope, 5105if it is quarantined. 5106.ip ${queue_interval} 5107The queue run interval given by the 5108.b \-q 5109flag. 5110For example, 5111.b \-q30m 5112would set 5113.b ${queue_interval} 5114to 5115.q 00:30:00 . 5116.ip ${rcpt_addr} 5117The address part of the resolved triple of the address given for the 5118.sm "SMTP RCPT" 5119command. 5120Defined in the SMTP server only after a RCPT command. 5121.ip ${rcpt_host} 5122The host from the resolved triple of the address given for the 5123.sm "SMTP RCPT" 5124command. 5125Defined in the SMTP server only after a RCPT command. 5126.ip ${rcpt_mailer} 5127The mailer from the resolved triple of the address given for the 5128.sm "SMTP RCPT" 5129command. 5130Defined in the SMTP server only after a RCPT command. 5131.ip ${server_addr} 5132The address of the server of the current outgoing SMTP connection. 5133For LMTP delivery the macro is set to the name of the mailer. 5134.ip ${server_name} 5135The name of the server of the current outgoing SMTP or LMTP connection. 5136.ip ${time} 5137The output of the 5138.i time (3) 5139function, i.e., the number of seconds since 0 hours, 0 minutes, 51400 seconds, January 1, 1970, Coordinated Universal Time (UTC). 5141.ip ${tls_version} 5142The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2; 5143defined after STARTTLS has been used. 5144.ip ${total_rate} 5145The total number of incoming connections over the time interval specified 5146by ConnectionRateWindowSize. 5147.ip ${verify} 5148The result of the verification of the presented cert; 5149only defined after STARTTLS has been used (or attempted). 5150Possible values are: 5151.(b 5152.ta 13n 5153OK verification succeeded. 5154NO no cert presented. 5155NOT no cert requested. 5156FAIL cert presented but could not be verified, 5157* e.g., the signing CA is missing. 5158NONE STARTTLS has not been performed. 5159TEMP temporary error occurred. 5160PROTOCOL some protocol error occurred 5161 at the ESMTP level (not TLS). 5162SOFTWARE STARTTLS handshake failed, 5163 which is a fatal error for this session, 5164 the e-mail will be queued. 5165.)b 5166.pp 5167There are three types of dates that can be used. 5168The 5169.b $a 5170and 5171.b $b 5172macros are in RFC 822 format; 5173.b $a 5174is the time as extracted from the 5175.q Date: 5176line of the message 5177(if there was one), 5178and 5179.b $b 5180is the current date and time 5181(used for postmarks). 5182If no 5183.q Date: 5184line is found in the incoming message, 5185.b $a 5186is set to the current time also. 5187The 5188.b $d 5189macro is equivalent to the 5190.b $b 5191macro in UNIX 5192(ctime) 5193format. 5194.pp 5195The macros 5196.b $w , 5197.b $j , 5198and 5199.b $m 5200are set to the identity of this host. 5201.i Sendmail 5202tries to find the fully qualified name of the host 5203if at all possible; 5204it does this by calling 5205.i gethostname (2) 5206to get the current hostname 5207and then passing that to 5208.i gethostbyname (3) 5209which is supposed to return the canonical version of that host name.\** 5210.(f 5211\*For example, on some systems 5212.i gethostname 5213might return 5214.q foo 5215which would be mapped to 5216.q foo.bar.com 5217by 5218.i gethostbyname . 5219.)f 5220Assuming this is successful, 5221.b $j 5222is set to the fully qualified name 5223and 5224.b $m 5225is set to the domain part of the name 5226(everything after the first dot). 5227The 5228.b $w 5229macro is set to the first word 5230(everything before the first dot) 5231if you have a level 5 or higher configuration file; 5232otherwise, it is set to the same value as 5233.b $j . 5234If the canonification is not successful, 5235it is imperative that the config file set 5236.b $j 5237to the fully qualified domain name\. 5238.(f 5239\Older versions of sendmail didn't pre-define 5240.b $j 5241at all, so up until 8.6, 5242config files 5243.i always 5244had to define 5245.b $j . 5246.)f 5247.pp 5248The 5249.b $f 5250macro is the id of the sender 5251as originally determined; 5252when mailing to a specific host 5253the 5254.b $g 5255macro is set to the address of the sender 5256.ul 5257relative to the recipient. 5258For example, 5259if I send to 5260.q bollard@matisse.CS.Berkeley.EDU 5261from the machine 5262.q vangogh.CS.Berkeley.EDU 5263the 5264.b $f 5265macro will be 5266.q eric 5267and the 5268.b $g 5269macro will be 5270.q eric@vangogh.CS.Berkeley.EDU. 5271.pp 5272The 5273.b $x 5274macro is set to the full name of the sender. 5275This can be determined in several ways. 5276It can be passed as flag to 5277.i sendmail . 5278It can be defined in the 5279.sm NAME 5280environment variable. 5281The third choice is the value of the 5282.q Full-Name: 5283line in the header if it exists, 5284and the fourth choice is the comment field 5285of a 5286.q From: 5287line. 5288If all of these fail, 5289and if the message is being originated locally, 5290the full name is looked up in the 5291.i /etc/passwd 5292file. 5293.pp 5294When sending, 5295the 5296.b $h , 5297.b $u , 5298and 5299.b $z 5300macros get set to the host, user, and home directory 5301(if local) 5302of the recipient. 5303The first two are set from the 5304.b $@ 5305and 5306.b $: 5307part of the rewriting rules, respectively. 5308.pp 5309The 5310.b $p 5311and 5312.b $t 5313macros are used to create unique strings 5314(e.g., for the 5315.q Message-Id: 5316field). 5317The 5318.b $i 5319macro is set to the queue id on this host; 5320if put into the timestamp line 5321it can be extremely useful for tracking messages. 5322The 5323.b $v 5324macro is set to be the version number of 5325.i sendmail ; 5326this is normally put in timestamps 5327and has been proven extremely useful for debugging. 5328.pp 5329The 5330.b $c 5331field is set to the 5332.q "hop count," 5333i.e., the number of times this message has been processed. 5334This can be determined 5335by the 5336.b \-h 5337flag on the command line 5338or by counting the timestamps in the message. 5339.pp 5340The 5341.b $r 5342and 5343.b $s 5344fields are set to the protocol used to communicate with 5345.i sendmail 5346and the sending hostname. 5347They can be set together using the 5348.b \-p 5349command line flag or separately using the 5350.b \-M 5351or 5352.b \-oM 5353flags. 5354.pp 5355The 5356.b $_ 5357is set to a validated sender host name. 5358If the sender is running an RFC 1413 compliant IDENT server 5359and the receiver has the IDENT protocol turned on, 5360it will include the user name on that host. 5361.pp 5362The 5363.b ${client_name} , 5364.b ${client_addr} , 5365and 5366.b ${client_port} 5367macros 5368are set to the name, address, and port number of the SMTP client 5369who is invoking 5370.i sendmail 5371as a server. 5372These can be used in the 5373.i check_ 5374rulesets (using the 5375.b $& 5376deferred evaluation form, of course!). 5377.sh 2 "C and F \- Define Classes" 5378.pp 5379Classes of phrases may be defined 5380to match on the left hand side of rewriting rules, 5381where a 5382.q phrase 5383is a sequence of characters that does not contain space characters. 5384For example 5385a class of all local names for this site 5386might be created 5387so that attempts to send to oneself 5388can be eliminated. 5389These can either be defined directly in the configuration file 5390or read in from another file. 5391Classes are named as a single letter or a word in {braces}. 5392Class names beginning with lower case letters 5393and special characters are reserved for system use. 5394Classes defined in config files may be given names 5395from the set of upper case letters for short names 5396or beginning with an upper case letter for long names. 5397.pp 5398The syntax is: 5399.(b F 5400.b C \c 5401.i c\\|phrase1 5402.i phrase2... 5403.br 5404.b F \c 5405.i c\\|file 5406.br 5407.b F \c 5408.i c\\|\|program 5409.br 5410.b F \c 5411.i c\\|[mapkey]@mapclass:mapspec 5412.)b 5413The first form defines the class 5414.i c 5415to match any of the named words. 5416If 5417.i phrase1 5418or 5419.i phrase2 5420is another class, 5421e.g., 5422.i $=S , 5423the contents of class 5424.i S 5425are added to class 5426.i c . 5427It is permissible to split them among multiple lines; 5428for example, the two forms: 5429.(b 5430CHmonet ucbmonet 5431.)b 5432and 5433.(b 5434CHmonet 5435CHucbmonet 5436.)b 5437are equivalent. 5438The ``F'' forms 5439read the elements of the class 5440.i c 5441from the named 5442.i file , 5443.i program , 5444or 5445.i "map specification" . 5446Each element should be listed on a separate line. 5447To specify an optional file, use ``\-o'' between the class 5448name and the file name, e.g., 5449.(b 5450Fc \-o /path/to/file 5451.)b 5452If the file can't be used, 5453.i sendmail 5454will not complain but silently ignore it. 5455The map form should be an optional map key, an at sign, 5456and a map class followed by the specification for that map. 5457Examples include: 5458.(b 5459F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=)) \-v host 5460F{MyClass}foo@hash:/etc/mail/classes 5461.)b 5462will fill the class 5463.b $={VirtHosts} 5464from an LDAP map lookup and 5465.b $={MyClass} 5466from a hash database map lookup of the 5467.b foo . 5468There is also a built-in schema that can be accessed by only specifying: 5469.(b 5470F{\c 5471.i ClassName }@LDAP 5472.)b 5473This will tell sendmail to use the default schema: 5474.(b 5475\-k (&(objectClass=sendmailMTAClass) 5476 (sendmailMTAClassName=\c 5477.i ClassName ) 5478 (\|(sendmailMTACluster=${sendmailMTACluster}) 5479 (sendmailMTAHost=$j))) 5480\-v sendmailMTAClassValue 5481.)b 5482Note that the lookup is only done when sendmail is initially started. 5483.pp 5484Elements of classes can be accessed in rules using 5485.b $= 5486or 5487.b $~ . 5488The 5489.b $~ 5490(match entries not in class) 5491only matches a single word; 5492multi-word entries in the class are ignored in this context. 5493.pp 5494Some classes have internal meaning to 5495.i sendmail : 5496.nr ii 0.5i 5497.\".ip $=b 5498.\"A set of Content-Types that will not have the newline character 5499.\"translated to CR-LF before encoding into base64 MIME. 5500.\"The class can have major times 5501.\"(e.g., 5502.\".q image ) 5503.\"or full types 5504.\"(such as 5505.\".q application/octet-stream ). 5506.\"The class is initialized with 5507.\".q application/octet-stream , 5508.\".q image , 5509.\".q audio , 5510.\"and 5511.\".q video . 5512.ip $=e 5513contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded. 5514It is predefined to contain 5515.q 7bit , 5516.q 8bit , 5517and 5518.q binary . 5519.ip $=k 5520set to be the same as 5521.b $k , 5522that is, the UUCP node name. 5523.ip $=m 5524set to the set of domains by which this host is known, 5525initially just 5526.b $m . 5527.ip $=n 5528can be set to the set of MIME body types 5529that can never be eight to seven bit encoded. 5530It defaults to 5531.q multipart/signed . 5532Message types 5533.q message/* 5534and 5535.q multipart/* 5536are never encoded directly. 5537Multipart messages are always handled recursively. 5538The handling of message/* messages 5539are controlled by class 5540.b $=s . 5541.ip $=q 5542A set of Content-Types that will never be encoded as base64 5543(if they have to be encoded, they will be encoded as quoted-printable). 5544It can have primary types 5545(e.g., 5546.q text ) 5547or full types 5548(such as 5549.q text/plain ). 5550The class is initialized to have 5551.q text/plain 5552only. 5553.ip $=s 5554contains the set of subtypes of message that can be treated recursively. 5555By default it contains only 5556.q rfc822 . 5557Other 5558.q message/* 5559types cannot be 8\(->7 bit encoded. 5560If a message containing eight bit data is sent to a seven bit host, 5561and that message cannot be encoded into seven bits, 5562it will be stripped to 7 bits. 5563.ip $=t 5564set to the set of trusted users by the 5565.b T 5566configuration line. 5567If you want to read trusted users from a file, use 5568.b Ft \c 5569.i /file/name . 5570.ip $=w 5571set to be the set of all names 5572this host is known by. 5573This can be used to match local hostnames. 5574.ip $={persistentMacros} 5575set to the macros that should be saved across queue runs. 5576Care should be taken when adding macro names to this class. 5577.pp 5578.i Sendmail 5579can be compiled to allow a 5580.i scanf (3) 5581string on the 5582.b F 5583line. 5584This lets you do simplistic parsing of text files. 5585For example, to read all the user names in your system 5586.i /etc/passwd 5587file into a class, use 5588.(b 5589FL/etc/passwd %[^:] 5590.)b 5591which reads every line up to the first colon. 5592.sh 2 "M \- Define Mailer" 5593.pp 5594Programs and interfaces to mailers 5595are defined in this line. 5596The format is: 5597.(b F 5598.b M \c 5599.i name , 5600{\c 5601.i field =\c 5602.i value \\|} 5603.)b 5604where 5605.i name 5606is the name of the mailer 5607(used internally only) 5608and the 5609.q field=name 5610pairs define attributes of the mailer. 5611Fields are: 5612.(b 5613.ta 1i 5614Path The pathname of the mailer 5615Flags Special flags for this mailer 5616Sender Rewriting set(s) for sender addresses 5617Recipient Rewriting set(s) for recipient addresses 5618recipients Maximum number of recipients per connection 5619Argv An argument vector to pass to this mailer 5620Eol The end-of-line string for this mailer 5621Maxsize The maximum message length to this mailer 5622maxmessages The maximum message deliveries per connection 5623Linelimit The maximum line length in the message body 5624Directory The working directory for the mailer 5625Userid The default user and group id to run as 5626Nice The nice(2) increment for the mailer 5627Charset The default character set for 8-bit characters 5628Type Type information for DSN diagnostics 5629Wait The maximum time to wait for the mailer 5630Queuegroup The default queue group for the mailer 5631/ The root directory for the mailer 5632.)b 5633Only the first character of the field name is checked 5634(it's case-sensitive). 5635.pp 5636The following flags may be set in the mailer description. 5637Any other flags may be used freely 5638to conditionally assign headers to messages 5639destined for particular mailers. 5640Flags marked with \(dg 5641are not interpreted by the 5642.i sendmail 5643binary; 5644these are the conventionally used to correlate to the flags portion 5645of the 5646.b H 5647line. 5648Flags marked with \(dd 5649apply to the mailers for the sender address 5650rather than the usual recipient mailers. 5651.nr ii 4n 5652.ip a 5653Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870). 5654This flag defaults on if the SMTP greeting message includes the word 5655.q ESMTP . 5656.ip A 5657Look up the user (address) part of the resolved mailer triple, 5658in the alias database. 5659Normally this is only set for local mailers. 5660.ip b 5661Force a blank line on the end of a message. 5662This is intended to work around some stupid versions of 5663/bin/mail 5664that require a blank line, but do not provide it themselves. 5665It would not normally be used on network mail. 5666.ip B 5667Strip leading backslashes (\e) off of the address; 5668this is a subset of the functionality of the 5669.b s 5670flag. 5671.ip c 5672Do not include comments in addresses. 5673This should only be used if you have to work around 5674a remote mailer that gets confused by comments. 5675This strips addresses of the form 5676.q "Phrase <address>" 5677or 5678.q "address (Comment)" 5679down to just 5680.q address . 5681.ip C\(dd 5682If mail is 5683.i received 5684from a mailer with this flag set, 5685any addresses in the header that do not have an at sign 5686(\c 5687.q @ ) 5688after being rewritten by ruleset three 5689will have the 5690.q @domain 5691clause from the sender envelope address 5692tacked on. 5693This allows mail with headers of the form: 5694.(b 5695From: usera@hosta 5696To: userb@hostb, userc 5697.)b 5698to be rewritten as: 5699.(b 5700From: usera@hosta 5701To: userb@hostb, userc@hosta 5702.)b 5703automatically. 5704However, it doesn't really work reliably. 5705.ip d 5706Do not include angle brackets around route-address syntax addresses. 5707This is useful on mailers that are going to pass addresses to a shell 5708that might interpret angle brackets as I/O redirection. 5709However, it does not protect against other shell metacharacters. 5710Therefore, passing addresses to a shell should not be considered secure. 5711.ip D\(dg 5712This mailer wants a 5713.q Date: 5714header line. 5715.ip e 5716This mailer is expensive to connect to, 5717so try to avoid connecting normally; 5718any necessary connection will occur during a queue run. 5719See also option 5720.b HoldExpensive . 5721.ip E 5722Escape lines beginning with 5723.q From\0 5724in the message with a `>' sign. 5725.ip f 5726The mailer wants a 5727.b \-f 5728.i from 5729flag, 5730but only if this is a network forward operation 5731(i.e., 5732the mailer will give an error 5733if the executing user 5734does not have special permissions). 5735.ip F\(dg 5736This mailer wants a 5737.q From: 5738header line. 5739.ip g 5740Normally, 5741.i sendmail 5742sends internally generated email (e.g., error messages) 5743using the null return address 5744as required by RFC 1123. 5745However, some mailers don't accept a null return address. 5746If necessary, 5747you can set the 5748.b g 5749flag to prevent 5750.i sendmail 5751from obeying the standards; 5752error messages will be sent as from the MAILER-DAEMON 5753(actually, the value of the 5754.b $n 5755macro). 5756.ip h 5757Upper case should be preserved in host names 5758(the $@ portion of the mailer triplet resolved from ruleset 0) 5759for this mailer. 5760.ip i 5761Do User Database rewriting on envelope sender address. 5762.ip I 5763This mailer will be speaking SMTP 5764to another 5765.i sendmail 5766\- 5767as such it can use special protocol features. 5768This flag should not be used except for debugging purposes 5769because it uses 5770.b VERB 5771as SMTP command. 5772.ip j 5773Do User Database rewriting on recipients as well as senders. 5774.ip k 5775Normally when 5776.i sendmail 5777connects to a host via SMTP, 5778it checks to make sure that this isn't accidently the same host name 5779as might happen if 5780.i sendmail 5781is misconfigured or if a long-haul network interface is set in loopback mode. 5782This flag disables the loopback check. 5783It should only be used under very unusual circumstances. 5784.ip K 5785Currently unimplemented. 5786Reserved for chunking. 5787.ip l 5788This mailer is local 5789(i.e., 5790final delivery will be performed). 5791.ip L 5792Limit the line lengths as specified in RFC 821. 5793This deprecated option should be replaced by the 5794.b L= 5795mail declaration. 5796For historic reasons, the 5797.b L 5798flag also sets the 5799.b 7 5800flag. 5801.ip m 5802This mailer can send to multiple users 5803on the same host 5804in one transaction. 5805When a 5806.b $u 5807macro occurs in the 5808.i argv 5809part of the mailer definition, 5810that field will be repeated as necessary 5811for all qualifying users. 5812Removing this flag can defeat duplicate supression on a remote site 5813as each recipient is sent in a separate transaction. 5814.ip M\(dg 5815This mailer wants a 5816.q Message-Id: 5817header line. 5818.ip n 5819Do not insert a UNIX-style 5820.q From 5821line on the front of the message. 5822.ip o 5823Always run as the owner of the recipient mailbox. 5824Normally 5825.i sendmail 5826runs as the sender for locally generated mail 5827or as 5828.q daemon 5829(actually, the user specified in the 5830.b u 5831option) 5832when delivering network mail. 5833The normal behavior is required by most local mailers, 5834which will not allow the envelope sender address 5835to be set unless the mailer is running as daemon. 5836This flag is ignored if the 5837.b S 5838flag is set. 5839.ip p 5840Use the route-addr style reverse-path in the SMTP 5841.q "MAIL FROM:" 5842command 5843rather than just the return address; 5844although this is required in RFC 821 section 3.1, 5845many hosts do not process reverse-paths properly. 5846Reverse-paths are officially discouraged by RFC 1123. 5847.ip P\(dg 5848This mailer wants a 5849.q Return-Path: 5850line. 5851.ip q 5852When an address that resolves to this mailer is verified 5853(SMTP VRFY command), 5854generate 250 responses instead of 252 responses. 5855This will imply that the address is local. 5856.ip r 5857Same as 5858.b f , 5859but sends a 5860.b \-r 5861flag. 5862.ip R 5863Open SMTP connections from a 5864.q secure 5865port. 5866Secure ports aren't 5867(secure, that is) 5868except on UNIX machines, 5869so it is unclear that this adds anything. 5870.i sendmail 5871must be running as root to be able to use this flag. 5872.ip s 5873Strip quote characters (" and \e) off of the address 5874before calling the mailer. 5875.ip S 5876Don't reset the userid 5877before calling the mailer. 5878This would be used in a secure environment 5879where 5880.i sendmail 5881ran as root. 5882This could be used to avoid forged addresses. 5883If the 5884.b U= 5885field is also specified, 5886this flag causes the effective user id to be set to that user. 5887.ip u 5888Upper case should be preserved in user names for this mailer. Standards 5889require preservation of case in the local part of addresses, except for 5890those address for which your system accepts responsibility. 5891RFC 2142 provides a long list of addresses which should be case 5892insensitive. 5893If you use this flag, you may be violating RFC 2142. 5894Note that postmaster is always treated as a case insensitive address 5895regardless of this flag. 5896.ip U 5897This mailer wants UUCP-style 5898.q From 5899lines with the ugly 5900.q "remote from <host>" 5901on the end. 5902.ip w 5903The user must have a valid account on this machine, 5904i.e., 5905.i getpwnam 5906must succeed. 5907If not, the mail is bounced. 5908See also the 5909.b MailBoxDatabase 5910option. 5911This is required to get 5912.q \&.forward 5913capability. 5914.ip W 5915Ignore long term host status information (see Section 5916"Persistent Host Status Information"). 5917.ip x\(dg 5918This mailer wants a 5919.q Full-Name: 5920header line. 5921.ip X 5922This mailer wants to use the hidden dot algorithm as specified in RFC 821; 5923basically, any line beginning with a dot will have an extra dot prepended 5924(to be stripped at the other end). 5925This insures that lines in the message containing a dot 5926will not terminate the message prematurely. 5927.ip z 5928Run Local Mail Transfer Protocol (LMTP) 5929between 5930.i sendmail 5931and the local mailer. 5932This is a variant on SMTP 5933defined in RFC 2033 5934that is specifically designed for delivery to a local mailbox. 5935.ip Z 5936Apply DialDelay (if set) to this mailer. 5937.ip 0 5938Don't look up MX records for hosts sent via SMTP/LMTP. 5939Do not apply 5940.b FallbackMXhost 5941either. 5942.ip 1 5943Don't send null characters ('\\0') to this mailer. 5944.ip 2 5945Don't use ESMTP even if offered; this is useful for broken 5946systems that offer ESMTP but fail on EHLO (without recovering 5947when HELO is tried next). 5948.ip 3 5949Extend the list of characters converted to =XX notation 5950when converting to Quoted-Printable 5951to include those that don't map cleanly between ASCII and EBCDIC. 5952Useful if you have IBM mainframes on site. 5953.ip 5 5954If no aliases are found for this address, 5955pass the address through ruleset 5 for possible alternate resolution. 5956This is intended to forward the mail to an alternate delivery spot. 5957.ip 6 5958Strip headers to seven bits. 5959.ip 7 5960Strip all output to seven bits. 5961This is the default if the 5962.b L 5963flag is set. 5964Note that clearing this option is not 5965sufficient to get full eight bit data passed through 5966.i sendmail . 5967If the 5968.b 7 5969option is set, this is essentially always set, 5970since the eighth bit was stripped on input. 5971Note that this option will only impact messages 5972that didn't have 8\(->7 bit MIME conversions performed. 5973.ip 8 5974If set, 5975it is acceptable to send eight bit data to this mailer; 5976the usual attempt to do 8\(->7 bit MIME conversions will be bypassed. 5977.ip 9 5978If set, 5979do 5980.i limited 59817\(->8 bit MIME conversions. 5982These conversions are limited to text/plain data. 5983.ip : 5984Check addresses to see if they begin 5985.q :include: ; 5986if they do, convert them to the 5987.q include* 5988mailer. 5989.ip \| 5990Check addresses to see if they begin with a `\|'; 5991if they do, convert them to the 5992.q prog 5993mailer. 5994.ip / 5995Check addresses to see if they begin with a `/'; 5996if they do, convert them to the 5997.q file 5998mailer. 5999.ip @ 6000Look up addresses in the user database. 6001.ip %	94.rm Ve 95.sp 96For Sendmail Version 8.14 97.)l 98.(f 99Sendmail is a trademark of Sendmail, Inc. 100US Patent Numbers 6865671, 6986037. 101.)f 102.sp 2 103.pp 104.i Sendmail \u\s-2TM\s0\d 105implements a general purpose internetwork mail routing facility 106under the UNIX\(rg 107operating system. 108It is not tied to any one transport protocol \- 109its function may be likened to a crossbar switch, 110relaying messages from one domain into another. 111In the process, 112it can do a limited amount of message header editing 113to put the message into a format that is appropriate 114for the receiving domain. 115All of this is done under the control of a configuration file. 116.pp 117Due to the requirements of flexibility 118for 119.i sendmail , 120the configuration file can seem somewhat unapproachable. 121However, there are only a few basic configurations 122for most sites, 123for which standard configuration files have been supplied. 124Most other configurations 125can be built by adjusting an existing configuration file 126incrementally. 127.pp 128.i Sendmail 129is based on 130RFC 821 (Simple Mail Transport Protocol), 131RFC 822 (Internet Mail Headers Format), 132RFC 974 (MX routing), 133RFC 1123 (Internet Host Requirements), 134RFC 1413 (Identification server), 135RFC 1652 (SMTP 8BITMIME Extension), 136RFC 1869 (SMTP Service Extensions), 137RFC 1870 (SMTP SIZE Extension), 138RFC 1891 (SMTP Delivery Status Notifications), 139RFC 1892 (Multipart/Report), 140RFC 1893 (Enhanced Mail System Status Codes), 141RFC 1894 (Delivery Status Notifications), 142RFC 1985 (SMTP Service Extension for Remote Message Queue Starting), 143RFC 2033 (Local Message Transmission Protocol), 144RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes), 145RFC 2045 (MIME), 146RFC 2476 (Message Submission), 147RFC 2487 (SMTP Service Extension for Secure SMTP over TLS), 148RFC 2554 (SMTP Service Extension for Authentication), 149RFC 2821 (Simple Mail Transfer Protocol), 150RFC 2822 (Internet Message Format), 151RFC 2852 (Deliver By SMTP Service Extension), 152and 153RFC 2920 (SMTP Service Extension for Command Pipelining). 154However, since 155.i sendmail 156is designed to work in a wider world, 157in many cases it can be configured to exceed these protocols. 158These cases are described herein. 159.pp 160Although 161.i sendmail 162is intended to run 163without the need for monitoring, 164it has a number of features 165that may be used to monitor or adjust the operation 166under unusual circumstances. 167These features are described. 168.pp 169Section one describes how to do a basic 170.i sendmail 171installation. 172Section two 173explains the day-to-day information you should know 174to maintain your mail system. 175If you have a relatively normal site, 176these two sections should contain sufficient information 177for you to install 178.i sendmail 179and keep it happy. 180Section three 181has information regarding the command line arguments. 182Section four 183describes some parameters that may be safely tweaked. 184Section five 185contains the nitty-gritty information about the configuration 186file. 187This section is for masochists 188and people who must write their own configuration file. 189Section six 190describes configuration that can be done at compile time. 191The appendixes give a brief 192but detailed explanation of a number of features 193not described in the rest of the paper. 194.bp 7 195.sh 1 "BASIC INSTALLATION" 196.pp 197There are two basic steps to installing 198.i sendmail . 199First, you have to compile and install the binary. 200If 201.i sendmail 202has already been ported to your operating system 203that should be simple. 204Second, you must build a run-time configuration file. 205This is a file that 206.i sendmail 207reads when it starts up 208that describes the mailers it knows about, 209how to parse addresses, 210how to rewrite the message header, 211and the settings of various options. 212Although the configuration file can be quite complex, 213a configuration can usually be built 214using an M4-based configuration language. 215Assuming you have the standard 216.i sendmail 217distribution, see 218.i cf/README 219for further information. 220.pp 221The remainder of this section will describe the installation of 222.i sendmail 223assuming you can use one of the existing configurations 224and that the standard installation parameters are acceptable. 225All pathnames and examples 226are given from the root of the 227.i sendmail 228subtree, 229normally 230.i /usr/src/usr.\(SD/sendmail 231on 4.4BSD-based systems. 232.pp 233Continue with the next section if you need/want to compile 234.i sendmail 235yourself. 236If you have a running binary already on your system, 237you should probably skip to section 1.2. 238.sh 2 "Compiling Sendmail" 239.pp 240All 241.i sendmail 242source is in the 243.i sendmail 244subdirectory. 245To compile sendmail, 246.q cd 247into the 248.i sendmail 249directory and type 250.(b 251\&./Build 252.)b 253This will leave the binary in an appropriately named subdirectory, 254e.g., 255obj.BSD-OS.2.1.i386. 256It works for multiple object versions 257compiled out of the same directory. 258.sh 3 "Tweaking the Build Invocation" 259.pp 260You can give parameters on the 261.i Build 262command. 263In most cases these are only used when the 264.i obj.* 265directory is first created. 266To restart from scratch, use 267.i -c . 268These commands include: 269.nr ii 0.5i 270.ip "\-L \fIlibdirs\fP" 271A list of directories to search for libraries. 272.ip "\-I \fIincdirs\fP" 273A list of directories to search for include files. 274.ip "\-E \fIenvar\fP=\fIvalue\fP" 275Set an environment variable to an indicated 276.i value 277before compiling. 278.ip "\-c" 279Create a new 280.i obj.* 281tree before running. 282.ip "\-f \fIsiteconfig\fP" 283Read the indicated site configuration file. 284If this parameter is not specified, 285.i Build 286includes 287.i all 288of the files 289.i $BUILDTOOLS/Site/site.$oscf.m4 290and 291.i $BUILDTOOLS/Site/site.config.m4 , 292where $BUILDTOOLS is normally 293.i \&../devtools 294and $oscf is the same name as used on the 295.i obj.* 296directory. 297See below for a description of the site configuration file. 298.ip "\-S" 299Skip auto-configuration. 300.i Build 301will avoid auto-detecting libraries if this is set. 302All libraries and map definitions must be specified 303in the site configuration file. 304.lp 305Most other parameters are passed to the 306.i make 307program; for details see 308.i $BUILDTOOLS/README . 309.sh 3 "Creating a Site Configuration File" 310.\"XXX 311.pp 312(This section is not yet complete. 313For now, see the file devtools/README for details.) 314See sendmail/README for various compilation flags that can be set. 315.sh 3 "Tweaking the Makefile" 316.pp 317.\" .b "XXX This should all be in the Site Configuration File section." 318.i Sendmail 319supports two different formats 320for the local (on disk) version of databases, 321notably the 322.i aliases 323database. 324At least one of these should be defined if at all possible. 325.nr ii 1i 326.ip NDBM 327The ``new DBM'' format, 328available on nearly all systems around today. 329This was the preferred format prior to 4.4BSD. 330It allows such complex things as multiple databases 331and closing a currently open database. 332.ip NEWDB 333The Berkeley DB package. 334If you have this, use it. 335It allows 336long records, 337multiple open databases, 338real in-memory caching, 339and so forth. 340You can define this in conjunction with 341.sm NDBM ; 342if you do, 343old alias databases are read, 344but when a new database is created it will be in NEWDB format. 345As a nasty hack, 346if you have NEWDB, NDBM, and NIS defined, 347and if the alias file name includes the substring 348.q /yp/ , 349.i sendmail 350will create both new and old versions of the alias file 351during a 352.i newalias 353command. 354This is required because the Sun NIS/YP system 355reads the DBM version of the alias file. 356It's ugly as sin, 357but it works. 358.lp 359If neither of these are defined, 360.i sendmail 361reads the alias file into memory on every invocation. 362This can be slow and should be avoided. 363There are also several methods for remote database access: 364.ip LDAP 365Lightweight Directory Access Protocol. 366.ip NIS 367Sun's Network Information Services (formerly YP). 368.ip NISPLUS 369Sun's NIS+ services. 370.ip NETINFO 371NeXT's NetInfo service. 372.ip HESIOD 373Hesiod service (from Athena). 374.lp 375Other compilation flags are set in 376.i conf.h 377and should be predefined for you 378unless you are porting to a new environment. 379For more options see 380.i sendmail/README . 381.sh 3 "Compilation and installation" 382.pp 383After making the local system configuration described above, 384You should be able to compile and install the system. 385The script 386.q Build 387is the best approach on most systems: 388.(b 389\&./Build 390.)b 391This will use 392.i uname (1) 393to create a custom Makefile for your environment. 394.pp 395If you are installing in the standard places, 396you should be able to install using 397.(b 398\&./Build install 399.)b 400This should install the binary in 401/usr/\(SD 402and create links from 403/usr/\(SB/newaliases 404and 405/usr/\(SB/mailq 406to 407/usr/\(SD/sendmail. 408On most systems it will also format and install man pages. 409Notice: as of version 8.12 410.i sendmail 411will no longer be installed set-user-ID root by default. 412If you really want to use the old method, you can specify it as target: 413.(b 414\&./Build install-set-user-id 415.)b 416.sh 2 "Configuration Files" 417.pp 418.i Sendmail 419cannot operate without a configuration file. 420The configuration defines the mail delivery mechanisms understood at this site, 421how to access them, 422how to forward email to remote mail systems, 423and a number of tuning parameters. 424This configuration file is detailed 425in the later portion of this document. 426.pp 427The 428.i sendmail 429configuration can be daunting at first. 430The world is complex, 431and the mail configuration reflects that. 432The distribution includes an m4-based configuration package 433that hides a lot of the complexity. 434See 435.i cf/README 436for details. 437.pp 438Our configuration files are processed by 439.i m4 440to facilitate local customization; 441the directory 442.i cf 443of the 444.i sendmail 445distribution directory 446contains the source files. 447This directory contains several subdirectories: 448.nr ii 1i 449.ip cf 450Both site-dependent and site-independent descriptions of hosts. 451These can be literal host names 452(e.g., 453.q ucbvax.mc ) 454when the hosts are gateways 455or more general descriptions 456(such as 457.q "generic-solaris2.mc" 458as a general description of an SMTP-connected host 459running Solaris 2.x. 460Files ending 461.b \&.mc 462(``M4 Configuration'') 463are the input descriptions; 464the output is in the corresponding 465.b \&.cf 466file. 467The general structure of these files is described below. 468.ip domain 469Site-dependent subdomain descriptions. 470These are tied to the way your organization wants to do addressing. 471For example, 472.b domain/CS.Berkeley.EDU.m4 473is our description for hosts in the CS.Berkeley.EDU subdomain. 474These are referenced using the 475.sm DOMAIN 476.b m4 477macro in the 478.b \&.mc 479file. 480.ip feature 481Definitions of specific features that some particular host in your site 482might want. 483These are referenced using the 484.sm FEATURE 485.b m4 486macro. 487An example feature is 488use_cw_file 489(which tells 490.i sendmail 491to read an /etc/mail/local-host-names file on startup 492to find the set of local names). 493.ip hack 494Local hacks, referenced using the 495.sm HACK 496.b m4 497macro. 498Try to avoid these. 499The point of having them here is to make it clear that they smell. 500.ip m4 501Site-independent 502.i m4 (1) 503include files that have information common to all configuration files. 504This can be thought of as a 505.q #include 506directory. 507.ip mailer 508Definitions of mailers, 509referenced using the 510.sm MAILER 511.b m4 512macro. 513The mailer types that are known in this distribution are 514fax, 515local, 516smtp, 517uucp, 518and usenet. 519For example, to include support for the UUCP-based mailers, 520use 521.q MAILER(uucp) . 522.ip ostype 523Definitions describing various operating system environments 524(such as the location of support files). 525These are referenced using the 526.sm OSTYPE 527.b m4 528macro. 529.ip sh 530Shell files used by the 531.b m4 532build process. 533You shouldn't have to mess with these. 534.ip siteconfig 535Local UUCP connectivity information. 536This directory has been supplanted by the mailertable feature; 537any new configurations should use that feature to do UUCP 538(and other) routing. 539The use of this directory is deprecated. 540.pp 541If you are in a new domain 542(e.g., a company), 543you will probably want to create a 544cf/domain 545file for your domain. 546This consists primarily of relay definitions 547and features you want enabled site-wide: 548for example, Berkeley's domain definition 549defines relays for 550BitNET 551and UUCP. 552These are specific to Berkeley, 553and should be fully-qualified internet-style domain names. 554Please check to make certain they are reasonable for your domain. 555.pp 556Subdomains at Berkeley are also represented in the 557cf/domain 558directory. 559For example, 560the domain 561CS.Berkeley.EDU 562is the Computer Science subdomain, 563EECS.Berkeley.EDU 564is the Electrical Engineering and Computer Sciences subdomain, 565and 566S2K.Berkeley.EDU 567is the Sequoia 2000 subdomain. 568You will probably have to add an entry to this directory 569to be appropriate for your domain. 570.pp 571You will have to use or create 572.b \&.mc 573files in the 574.i cf/cf 575subdirectory for your hosts. 576This is detailed in the 577cf/README 578file. 579.sh 2 "Details of Installation Files" 580.pp 581This subsection describes the files that 582comprise the 583.i sendmail 584installation. 585.sh 3 "/usr/\(SD/sendmail" 586.pp 587The binary for 588.i sendmail 589is located in /usr/\(SD\*. 590.(f 591\This is usually 592/usr/sbin 593on 4.4BSD and newer systems; 594many systems install it in 595/usr/lib. 596I understand it is in /usr/ucblib 597on System V Release 4. 598.)f 599It should be set-group-ID smmsp as described in 600sendmail/SECURITY. 601For security reasons, 602/, /usr, and /usr/\(SD 603should be owned by root, mode 0755\*. 604.(f 605\Some vendors ship them owned by bin; 606this creates a security hole that is not actually related to 607.i sendmail . 608Other important directories that should have restrictive ownerships 609and permissions are 610/bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib. 611.)f 612.sh 3 "/etc/mail/sendmail.cf" 613.pp 614This is the main configuration file for 615.i sendmail \. 616.(f 617\Actually, the pathname varies depending on the operating system; 618/etc/mail is the preferred directory. 619Some older systems install it in 620.b /usr/lib/sendmail.cf , 621and I've also seen it in 622.b /usr/ucblib . 623If you want to move this file, 624add -D_PATH_SENDMAILCF=\e"/file/name\e" 625to the flags passed to the C compiler. 626Moving this file is not recommended: 627other programs and scripts know of this location. 628.)f 629This is one of the two non-library file names compiled into 630.i sendmail \, 631the other is /etc/mail/submit.cf. 632.(f 633\The system libraries can reference other files; 634in particular, system library subroutines that 635.i sendmail 636calls probably reference 637.i /etc/passwd 638and 639.i /etc/resolv.conf . 640.)f 641.pp 642The configuration file is normally created 643using the distribution files described above. 644If you have a particularly unusual system configuration 645you may need to create a special version. 646The format of this file is detailed in later sections 647of this document. 648.sh 3 "/etc/mail/submit.cf" 649.pp 650This is the configuration file for 651.i sendmail 652when it is used for initial mail submission, in which case 653it is also called ``Mail Submission Program'' (MSP) 654in contrast to ``Mail Transfer Agent'' (MTA). 655Starting with version 8.12, 656.i sendmail 657uses one of two different configuration files based on its operation mode 658(or the new 659.b \-A 660option). 661For initial mail submission, i.e., if one of the options 662.b \-bm 663(default), 664.b \-bs , 665or 666.b \-t 667is specified, submit.cf is used (if available), 668for other operations sendmail.cf is used. 669Details can be found in 670.i sendmail/SECURITY . 671submit.cf is shipped with sendmail (in cf/cf/) and is installed by default. 672If changes to the configuration need to be made, start with 673cf/cf/submit.mc and follow the instruction in cf/README. 674.sh 3 "/usr/\(SB/newaliases" 675.pp 676The 677.i newaliases 678command should just be a link to 679.i sendmail : 680.(b 681rm \-f /usr/\(SB/newaliases 682ln \-s /usr/\(SD/sendmail /usr/\(SB/newaliases 683.)b 684This can be installed in whatever search path you prefer 685for your system. 686.sh 3 "/usr/\(SB/hoststat" 687.pp 688The 689.i hoststat 690command should just be a link to 691.i sendmail , 692in a fashion similar to 693.i newaliases . 694This command lists the status of the last mail transaction 695with all remote hosts. The 696.b \-v 697flag will prevent the status display from being truncated. 698It functions only when the 699.b HostStatusDirectory 700option is set. 701.sh 3 "/usr/\(SB/purgestat" 702.pp 703This command is also a link to 704.i sendmail . 705It flushes expired (Timeout.hoststatus) information that is stored in the 706.b HostStatusDirectory 707tree. 708.sh 3 "/var/spool/mqueue" 709.pp 710The directory 711.i /var/spool/mqueue 712should be created to hold the mail queue. 713This directory should be mode 0700 714and owned by root. 715.pp 716The actual path of this directory 717is defined by the 718.b QueueDirectory 719option of the 720.i sendmail.cf 721file. 722To use multiple queues, 723supply a value ending with an asterisk. 724For example, 725.i /var/spool/mqueue/qd 726will use all of the directories or symbolic links to directories 727beginning with `qd' in 728.i /var/spool/mqueue 729as queue directories. 730Do not change the queue directory structure 731while sendmail is running. 732.pp 733If these directories have subdirectories or symbolic links to directories 734named `qf', `df', and `xf', then these will be used for the different 735queue file types. 736That is, the data files are stored in the `df' subdirectory, 737the transcript files are stored in the `xf' subdirectory, and 738all others are stored in the `qf' subdirectory. 739.pp 740If shared memory support is compiled in, 741.i sendmail 742stores the available diskspace in a shared memory segment 743to make the values readily available to all children without 744incurring system overhead. 745In this case, only the daemon updates the data; 746i.e., the sendmail daemon creates the shared memory segment 747and deletes it if it is terminated. 748To use this, 749.i sendmail 750must have been compiled with support for shared memory 751(-DSM_CONF_SHM) 752and the option 753.b SharedMemoryKey 754must be set. 755Notice: do not use the same key for 756.i sendmail 757invocations with different queue directories 758or different queue group declarations. 759Access to shared memory is not controlled by locks, 760i.e., there is a race condition when data in the shared memory is updated. 761However, since operation of 762.i sendmail 763does not rely on the data in the shared memory, this does not negatively 764influence the behavior. 765.sh 3 "/var/spool/clientmqueue" 766.pp 767The directory 768.i /var/spool/clientmqueue 769should be created to hold the mail queue. 770This directory should be mode 0770 771and owned by user smmsp, group smmsp. 772.pp 773The actual path of this directory 774is defined by the 775.b QueueDirectory 776option of the 777.i submit.cf 778file. 779.sh 3 "/var/spool/mqueue/.hoststat" 780.pp 781This is a typical value for the 782.b HostStatusDirectory 783option, 784containing one file per host 785that this sendmail has chatted with recently. 786It is normally a subdirectory of 787.i mqueue . 788.sh 3 "/etc/mail/aliases" 789.pp 790The system aliases are held in 791.q /etc/mail/aliases . 792A sample is given in 793.q sendmail/aliases 794which includes some aliases which 795.i must 796be defined: 797.(b 798cp sendmail/aliases /etc/mail/aliases 799.i "edit /etc/mail/aliases" 800.)b 801You should extend this file with any aliases that are apropos to your system. 802.pp 803Normally 804.i sendmail 805looks at a database version of the files, 806stored either in 807.q /etc/mail/aliases.dir 808and 809.q /etc/mail/aliases.pag 810or 811.q /etc/mail/aliases.db 812depending on which database package you are using. 813The actual path of this file 814is defined in the 815.b AliasFile 816option of the 817.i sendmail.cf 818file. 819.pp 820The permissions of the alias file and the database versions 821should be 0640 to prevent local denial of service attacks 822as explained in the top level 823.b README 824in the sendmail distribution. 825If the permissions 0640 are used, be sure that only trusted users belong 826to the group assigned to those files. Otherwise, files should not even 827be group readable. 828.sh 3 "/etc/rc or /etc/init.d/sendmail" 829.pp 830It will be necessary to start up the 831.i sendmail 832daemon when your system reboots. 833This daemon performs two functions: 834it listens on the SMTP socket for connections 835(to receive mail from a remote system) 836and it processes the queue periodically 837to insure that mail gets delivered when hosts come up. 838.pp 839If necessary, add the following lines to 840.q /etc/rc 841(or 842.q /etc/rc.local 843as appropriate) 844in the area where it is starting up the daemons 845on a BSD-base system, 846or on a System-V-based system 847in one of the startup files, typically 848.q /etc/init.d/sendmail : 849.(b 850if [ \-f /usr/\(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then 851 (cd /var/spool/mqueue; rm \-f xf) 852* /usr/\(SD/sendmail \-bd \-q30m & 853* echo \-n ' sendmail' >/dev/console 854fi 855.)b 856The 857.q cd 858and 859.q rm 860commands insure that all transcript files have been removed; 861extraneous transcript files may be left around 862if the system goes down in the middle of processing a message. 863The line that actually invokes 864.i sendmail 865has two flags: 866.q \-bd 867causes it to listen on the SMTP port, 868and 869.q \-q30m 870causes it to run the queue every half hour. 871.pp 872Some people use a more complex startup script, 873removing zero length qf/hf/Qf files and df files for which there is no 874qf/hf/Qf file. 875Note this is not advisable. 876For example, see Figure 1 877for an example of a complex script which does this clean up. 878.(z 879.hl 880#!/bin/sh 881# remove zero length qf/hf/Qf files 882for qffile in qf* hf* Qf* 883do 884 if [ \-r $qffile ] 885 then 886 if [ ! \-s $qffile ] 887 then 888 echo \-n " <zero: $qffile>" > /dev/console 889 rm \-f $qffile 890 fi 891 fi 892done 893# rename tf files to be qf if the qf does not exist 894for tffile in tf* 895do 896 qffile=`echo $tffile \| sed 's/t/q/'` 897 if [ \-r $tffile \-a ! \-f $qffile ] 898 then 899 echo \-n " <recovering: $tffile>" > /dev/console 900 mv $tffile $qffile 901 else 902 if [ \-f $tffile ] 903 then 904 echo \-n " <extra: $tffile>" > /dev/console 905 rm \-f $tffile 906 fi 907 fi 908done 909# remove df files with no corresponding qf/hf/Qf files 910for dffile in df* 911do 912 qffile=`echo $dffile \| sed 's/d/q/'` 913 hffile=`echo $dffile \| sed 's/d/h/'` 914 Qffile=`echo $dffile \| sed 's/d/Q/'` 915 if [ \-r $dffile \-a ! \-f $qffile \-a ! \-f $hffile \-a ! \-f $Qffile ] 916 then 917 echo \-n " <incomplete: $dffile>" > /dev/console 918 mv $dffile `echo $dffile \| sed 's/d/D/'` 919 fi 920done 921# announce files that have been saved during disaster recovery 922for xffile in [A-Z]f* 923do 924 if [ \-f $xffile ] 925 then 926 echo \-n " <panic: $xffile>" > /dev/console 927 fi 928done 929.sp 930.ce 931Figure 1 \(em A complex startup script 932.hl 933.)z 934.sh 3 "/etc/mail/helpfile" 935.pp 936This is the help file used by the SMTP 937.b HELP 938command. 939It should be copied from 940.q sendmail/helpfile : 941.(b 942cp sendmail/helpfile /etc/mail/helpfile 943.)b 944The actual path of this file 945is defined in the 946.b HelpFile 947option of the 948.i sendmail.cf 949file. 950.sh 3 "/etc/mail/statistics" 951.pp 952If you wish to collect statistics 953about your mail traffic, 954you should create the file 955.q /etc/mail/statistics : 956.(b 957cp /dev/null /etc/mail/statistics 958chmod 0600 /etc/mail/statistics 959.)b 960This file does not grow. 961It is printed with the program 962.q mailstats/mailstats.c. 963The actual path of this file 964is defined in the 965.b S 966option of the 967.i sendmail.cf 968file. 969.sh 3 "/usr/\(SB/mailq" 970.pp 971If 972.i sendmail 973is invoked as 974.q mailq, 975it will simulate the 976.b \-bp 977flag 978(i.e., 979.i sendmail 980will print the contents of the mail queue; 981see below). 982This should be a link to /usr/\(SD/sendmail. 983.sh 3 "sendmail.pid" 984.pp 985.i sendmail 986stores its current pid in the file specified by the 987.b PidFile 988option (default is _PATH_SENDMAILPID). 989.i sendmail 990uses 991.b TempFileMode 992(which defaults to 0600) as 993the permissions of that file 994to prevent local denial of service attacks 995as explained in the top level 996.b README 997in the sendmail distribution. 998If the file already exists, then it might be necessary to 999change the permissions accordingly, e.g., 1000.(b 1001chmod 0600 /var/run/sendmail.pid 1002.)b 1003Note that as of version 8.13, this file is unlinked when 1004.i sendmail 1005exits. 1006As a result of this change, a script such as the following, 1007which may have worked prior to 8.13, will no longer work: 1008.(b 1009# stop & start sendmail 1010PIDFILE=/var/run/sendmail.pid 1011kill `head -1 $PIDFILE` 1012`tail -1 $PIDFILE` 1013.)b 1014because it assumes that the pidfile will still exist even 1015after killing the process to which it refers. 1016Below is a script which will work correctly 1017on both newer and older versions: 1018.(b 1019# stop & start sendmail 1020PIDFILE=/var/run/sendmail.pid 1021pid=`head -1 $PIDFILE` 1022cmd=`tail -1 $PIDFILE` 1023kill $pid 1024$cmd 1025.)b 1026This is just an example script, it does not perform any error checks, 1027e.g., whether the pidfile exists at all. 1028.sh 3 "Map Files" 1029.pp 1030To prevent local denial of service attacks 1031as explained in the top level 1032.b README 1033in the sendmail distribution, 1034the permissions of map files created by 1035.i makemap 1036should be 0640. 1037The use of 0640 implies that only trusted users belong to the group 1038assigned to those files. 1039If those files already exist, then it might be necessary to 1040change the permissions accordingly, e.g., 1041.(b 1042cd /etc/mail 1043chmod 0640 .db .pag .dir 1044.)b 1045.sh 1 "NORMAL OPERATIONS" 1046.sh 2 "The System Log" 1047.pp 1048The system log is supported by the 1049.i syslogd \\|(8) 1050program. 1051All messages from 1052.i sendmail 1053are logged under the 1054.sm LOG_MAIL 1055facility\. 1056.(f 1057\Except on Ultrix, 1058which does not support facilities in the syslog. 1059.)f 1060.sh 3 "Format" 1061.pp 1062Each line in the system log 1063consists of a timestamp, 1064the name of the machine that generated it 1065(for logging from several machines 1066over the local area network), 1067the word 1068.q sendmail: , 1069and a message\. 1070.(f 1071\This format may vary slightly if your vendor has changed 1072the syntax. 1073.)f 1074Most messages are a sequence of 1075.i name \c 1076=\c 1077.i value 1078pairs. 1079.pp 1080The two most common lines are logged when a message is processed. 1081The first logs the receipt of a message; 1082there will be exactly one of these per message. 1083Some fields may be omitted if they do not contain interesting information. 1084Fields are: 1085.ip from 1086The envelope sender address. 1087.ip size 1088The size of the message in bytes. 1089.ip class 1090The class (i.e., numeric precedence) of the message. 1091.ip pri 1092The initial message priority (used for queue sorting). 1093.ip nrcpts 1094The number of envelope recipients for this message 1095(after aliasing and forwarding). 1096.ip msgid 1097The message id of the message (from the header). 1098.ip bodytype 1099The message body type (7BIT or 8BITMIME), 1100as determined from the envelope. 1101.ip proto 1102The protocol used to receive this message (e.g., ESMTP or UUCP) 1103.ip daemon 1104The daemon name from the 1105.b DaemonPortOptions 1106setting. 1107.ip relay 1108The machine from which it was received. 1109.lp 1110There is also one line logged per delivery attempt 1111(so there can be several per message if delivery is deferred 1112or there are multiple recipients). 1113Fields are: 1114.ip to 1115A comma-separated list of the recipients to this mailer. 1116.ip ctladdr 1117The ``controlling user'', that is, the name of the user 1118whose credentials we use for delivery. 1119.ip delay 1120The total delay between the time this message was received 1121and the current delivery attempt. 1122.ip xdelay 1123The amount of time needed in this delivery attempt 1124(normally indicative of the speed of the connection). 1125.ip mailer 1126The name of the mailer used to deliver to this recipient. 1127.ip relay 1128The name of the host that actually accepted (or rejected) this recipient. 1129.ip dsn 1130The enhanced error code (RFC 2034) if available. 1131.ip stat 1132The delivery status. 1133.lp 1134Not all fields are present in all messages; 1135for example, the relay is usually not listed for local deliveries. 1136.sh 3 "Levels" 1137.pp 1138If you have 1139.i syslogd \\|(8) 1140or an equivalent installed, 1141you will be able to do logging. 1142There is a large amount of information that can be logged. 1143The log is arranged as a succession of levels. 1144At the lowest level 1145only extremely strange situations are logged. 1146At the highest level, 1147even the most mundane and uninteresting events 1148are recorded for posterity. 1149As a convention, 1150log levels under ten 1151are considered generally 1152.q useful; 1153log levels above 64 1154are reserved for debugging purposes. 1155Levels from 11\-64 are reserved for verbose information 1156that some sites might want. 1157.pp 1158A complete description of the log levels 1159is given in section ``Log Level''. 1160.sh 2 "Dumping State" 1161.pp 1162You can ask 1163.i sendmail 1164to log a dump of the open files 1165and the connection cache 1166by sending it a 1167.sm SIGUSR1 1168signal. 1169The results are logged at 1170.sm LOG_DEBUG 1171priority. 1172.sh 2 "The Mail Queues" 1173.pp 1174Mail messages may either be delivered immediately or be held for later 1175delivery. 1176Held messages are placed into a holding directory called a mail queue. 1177.pp 1178A mail message may be queued for these reasons: 1179.bu 1180If a mail message is temporarily undeliverable, it is queued 1181and delivery is attempted later. 1182If the message is addressed to multiple recipients, it is queued 1183only for those recipients to whom delivery is not immediately possible. 1184.bu 1185If the SuperSafe option is set to true, 1186all mail messages are queued while delivery is attempted. 1187.bu 1188If the DeliveryMode option is set to queue-only or defer, 1189all mail is queued, and no immediate delivery is attempted. 1190.bu 1191If the load average becomes higher than the value of the QueueLA option 1192and the 1193.b QueueFactor 1194(\c 1195.b q ) 1196option divided by the difference in the current load average and the 1197.b QueueLA 1198option plus one 1199is less than the priority of the message, 1200messages are queued rather than immediately delivered. 1201.bu 1202One or more addresses are marked as expensive and delivery is postponed 1203until the next queue run or one or more address are marked as held via 1204mailer which uses the hold mailer flag. 1205.bu 1206The mail message has been marked as quarantined via a mail filter or 1207rulesets. 1208.bu 1209.sh 3 "Queue Groups and Queue Directories" 1210.pp 1211There are one or more mail queues. 1212Each mail queue belongs to a queue group. 1213There is always a default queue group that is called ``mqueue'' 1214(which is where messages go by default unless otherwise specified). 1215The directory or directories which comprise the default queue group 1216are specified by the QueueDirectory option. 1217There are zero or more 1218additional named queue groups declared using the 1219.b Q 1220command in the configuration file. 1221.pp 1222By default, a queued message is placed in the queue group 1223associated with the first recipient in the recipient list. 1224A recipient address is mapped to a queue group as follows. 1225First, if there is a ruleset called ``queuegroup'', 1226and if this ruleset maps the address to a queue group name, 1227then that queue group is chosen. 1228That is, the argument for the ruleset is the recipient address 1229and the result should be 1230.b $# 1231followed by the name of a queue group. 1232Otherwise, if the mailer associated with the address specifies 1233a queue group, then that queue group is chosen. 1234Otherwise, the default queue group is chosen. 1235.pp 1236A message with multiple recipients will be split 1237if different queue groups are chosen 1238by the mapping of recipients to queue groups. 1239.pp 1240When a message is placed in a queue group, and the queue group has 1241more than one queue, a queue is selected randomly. 1242.pp 1243If a message with multiple recipients is placed into a queue group 1244with the 'r' option (maximum number of recipients per message) 1245set to a positive value 1246.i N , 1247and if there are more than 1248.i N 1249recipients 1250in the message, then the message will be split into multiple messages, 1251each of which have at most 1252.i N 1253recipients. 1254.pp 1255Notice: if multiple queue groups are used, do 1256.b not 1257move queue files around, e.g., into a different queue directory. 1258This may have weird effects and can cause mail not to be delivered. 1259Queue files and directories should be treated as opaque 1260and should not be manipulated directly. 1261.sh 3 "Queue Runs" 1262.pp 1263.i sendmail 1264has two different ways to process the queue(s). 1265The first one is to start queue runners after certain intervals 1266(``normal'' queue runners), 1267the second one is to keep queue runner processes around 1268(``persistent'' queue runners). 1269How to select either of these types is discussed in the appendix 1270``COMMAND LINE FLAGS''. 1271Persistent queue runners have the advantage that no new processes 1272need to be spawned at certain intervals; they just sleep for 1273a specified time after they finished a queue run. 1274Another advantage of persistent queue runners is that only one process 1275belonging to a workgroup (a workgroup is a set of queue groups) 1276collects the data for a queue run 1277and then multiple queue runner may go ahead using that data. 1278This can significantly reduce the disk I/O necessary to read the 1279queue files compared to starting multiple queue runners directly. 1280Their disadvantage is that a new queue run is only started 1281after all queue runners belonging to a group finished their tasks. 1282In case one of the queue runners tries delivery to a slow recipient site 1283at the end of a queue run, the next queue run may be substantially delayed. 1284In general this should be smoothed out due to the distribution of 1285those slow jobs, however, for sites with small number of 1286queue entries this might introduce noticable delays. 1287In general, persistent queue runners are only useful for 1288sites with big queues. 1289.sh 3 "Manual Intervention" 1290.pp 1291Under normal conditions the mail queue will be processed transparently. 1292However, you may find that manual intervention is sometimes necessary. 1293For example, 1294if a major host is down for a period of time 1295the queue may become clogged. 1296Although 1297.i sendmail 1298ought to recover gracefully when the host comes up, 1299you may find performance unacceptably bad in the meantime. 1300In that case you want to check the content of the queue 1301and manipulate it as explained in the next two sections. 1302.sh 3 "Printing the queue" 1303.pp 1304The contents of the queue(s) can be printed 1305using the 1306.i mailq 1307command 1308(or by specifying the 1309.b \-bp 1310flag to 1311.i sendmail ): 1312.(b 1313mailq 1314.)b 1315This will produce a listing of the queue id's, 1316the size of the message, 1317the date the message entered the queue, 1318and the sender and recipients. 1319If shared memory support is compiled in, 1320the flag 1321.b \-bP 1322can be used to print the number of entries in the queue(s), 1323provided a process updates the data. 1324However, as explained earlier, the output might be slightly wrong, 1325since access to the shared memory is not locked. 1326For example, 1327``unknown number of entries'' 1328might be shown. 1329The internal counters are updated after each queue run 1330to the correct value again. 1331.sh 3 "Forcing the queue" 1332.pp 1333.i Sendmail 1334should run the queue automatically at intervals. 1335When using multiple queues, 1336a separate process will by default be created to 1337run each of the queues 1338unless the queue run is initiated by a user 1339with the verbose flag. 1340The algorithm is to read and sort the queue, 1341and then to attempt to process all jobs in order. 1342When it attempts to run the job, 1343.i sendmail 1344first checks to see if the job is locked. 1345If so, it ignores the job. 1346.pp 1347There is no attempt to insure that only one queue processor 1348exists at any time, 1349since there is no guarantee that a job cannot take forever 1350to process 1351(however, 1352.i sendmail 1353does include heuristics to try to abort jobs 1354that are taking absurd amounts of time; 1355technically, this violates RFC 821, but is blessed by RFC 1123). 1356Due to the locking algorithm, 1357it is impossible for one job to freeze the entire queue. 1358However, 1359an uncooperative recipient host 1360or a program recipient 1361that never returns 1362can accumulate many processes in your system. 1363Unfortunately, 1364there is no completely general way to solve this. 1365.pp 1366In some cases, 1367you may find that a major host going down 1368for a couple of days 1369may create a prohibitively large queue. 1370This will result in 1371.i sendmail 1372spending an inordinate amount of time 1373sorting the queue. 1374This situation can be fixed by moving the queue to a temporary place 1375and creating a new queue. 1376The old queue can be run later when the offending host returns to service. 1377.pp 1378To do this, 1379it is acceptable to move the entire queue directory: 1380.(b 1381cd /var/spool 1382mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue 1383.)b 1384You should then kill the existing daemon 1385(since it will still be processing in the old queue directory) 1386and create a new daemon. 1387.pp 1388To run the old mail queue, issue the following command: 1389.(b 1390/usr/\(SD/sendmail \-C /etc/mail/queue.cf \-q 1391.)b 1392The 1393.b \-C 1394flag specifies an alternate configuration file 1395.b queue.cf 1396which should refer to the moved queue directory 1397.(b 1398O QueueDirectory=/var/spool/omqueue 1399.)b 1400and the 1401.b \-q 1402flag says to just run every job in the queue. 1403You can also specify the moved queue directory on the command line 1404.(b 1405/usr/\(SD/sendmail \-oQ/var/spool/omqueue \-q 1406.)b 1407but this requires that you do not have 1408queue groups in the configuration file, 1409because those are not subdirectories of the moved directory. 1410See the section about ``Queue Group Declaration'' for details; 1411you most likely need a different configuration file to correctly deal 1412with this problem. 1413However, a proper configuration of queue groups should avoid 1414filling up queue directories, so you shouldn't run into 1415this problem. 1416If you have a tendency toward voyeurism, 1417you can use the 1418.b \-v 1419flag to watch what is going on. 1420.pp 1421When the queue is finally emptied, 1422you can remove the directory: 1423.(b 1424rmdir /var/spool/omqueue 1425.)b 1426.sh 3 "Quarantined Queue Items" 1427.pp 1428It is possible to "quarantine" mail messages, 1429otherwise known as envelopes. 1430Envelopes (queue files) are stored but not considered for delivery or 1431display unless the "quarantine" state of the envelope is undone or 1432delivery or display of quarantined items is requested. 1433Quarantined messages are tagged by using a different name for the queue 1434file, 'hf' instead of 'qf', and by adding the quarantine reason to the 1435queue file. 1436.pp 1437Delivery or display of quarantined items can be requested using the 1438.b \-qQ 1439flag to 1440.i sendmail 1441or 1442.i mailq . 1443Additionally, messages already in the queue can be quarantined or 1444unquarantined using the new 1445.b \-Q 1446flag to sendmail. 1447For example, 1448.(b 1449sendmail -Qreason -q[!][I\|R\|S][matchstring] 1450.)b 1451Quarantines the normal queue items matching the criteria specified by the 1452.b "-q[!][I\|R\|S][matchstring]" 1453using the reason given on the 1454.b \-Q 1455flag. 1456Likewise, 1457.(b 1458sendmail -qQ -Q[reason] -q[!][I\|R\|S\|Q][matchstring] 1459.)b 1460Change the quarantine reason for the quarantined items matching the 1461criteria specified by the 1462.b "-q[!][I\|R\|S\|Q][matchstring]" 1463using the reason given on the 1464.b \-Q 1465flag. 1466If there is no reason, 1467* unquarantine the matching items and make them normal queue items. 1468Note that the 1469.b \-qQ 1470flag tells sendmail to operate on quarantined items instead of normal items. 1471.sh 2 "Disk Based Connection Information" 1472.pp 1473.i Sendmail 1474stores a large amount of information about each remote system it 1475has connected to in memory. It is possible to preserve some 1476of this information on disk as well, by using the 1477.b HostStatusDirectory 1478option, so that it may be shared between several invocations of 1479.i sendmail . 1480This allows mail to be queued immediately or skipped during a queue run if 1481there has been a recent failure in connecting to a remote machine. 1482Note: information about a remote system is stored in a file 1483whose pathname consists of the components of the hostname in reverse order. 1484For example, the information for 1485.b host.example.com 1486is stored in 1487.b com./example./host . 1488For top-level domains like 1489.b com 1490this can create a large number of subdirectories 1491which on some filesystems can exhaust some limits. 1492Moreover, the performance of lookups in directory with thousands of entries 1493can be fairly slow depending on the filesystem implementation. 1494.pp 1495Additionally enabling 1496.b SingleThreadDelivery 1497has the added effect of single-threading mail delivery to a destination. 1498This can be quite helpful 1499if the remote machine is running an SMTP server that is easily overloaded 1500or cannot accept more than a single connection at a time, 1501but can cause some messages to be punted to a future queue run. 1502It also applies to 1503.i all 1504hosts, so setting this because you have one machine on site 1505that runs some software that is easily overrun 1506can cause mail to other hosts to be slowed down. 1507If this option is set, 1508you probably want to set the 1509.b MinQueueAge 1510option as well and run the queue fairly frequently; 1511this way jobs that are skipped because another 1512.i sendmail 1513is talking to the same host will be tried again quickly 1514rather than being delayed for a long time. 1515.pp 1516The disk based host information is stored in a subdirectory of the 1517.b mqueue 1518directory called 1519.b \&.hoststat \*. 1520.(f 1521\This is the usual value of the 1522.b HostStatusDirectory 1523option; 1524it can, of course, go anywhere you like in your filesystem. 1525.)f 1526Removing this directory and its subdirectories has an effect similar to 1527the 1528.i purgestat 1529command and is completely safe. 1530However, 1531.i purgestat 1532only removes expired (Timeout.hoststatus) data. 1533The information in these directories can 1534be perused with the 1535.i hoststat 1536command, which will indicate the host name, the last access, and the 1537status of that access. 1538An asterisk in the left most column indicates that a 1539.i sendmail 1540process currently has the host locked for mail delivery. 1541.pp 1542The disk based connection information is treated the same way as memory based 1543connection information for the purpose of timeouts. 1544By default, information about host failures is valid for 30 minutes. 1545This can be adjusted with 1546the 1547.b Timeout.hoststatus 1548option. 1549.pp 1550The connection information stored on disk may be expired at any time 1551with the 1552.i purgestat 1553command or by invoking sendmail with the 1554.b \-bH 1555switch. 1556The connection information may be viewed with the 1557.i hoststat 1558command or by invoking sendmail with the 1559.b \-bh 1560switch. 1561.sh 2 "The Service Switch" 1562.pp 1563The implementation of certain system services 1564such as host and user name lookup 1565is controlled by the service switch. 1566If the host operating system supports such a switch, 1567and sendmail knows about it, 1568.i sendmail 1569will use the native version. 1570Ultrix, Solaris, and DEC OSF/1 are examples of such systems\. 1571.(f 1572\HP-UX 10 has service switch support, 1573but since the APIs are apparently not available in the libraries 1574.i sendmail 1575does not use the native service switch in this release. 1576.)f 1577.pp 1578If the underlying operating system does not support a service switch 1579(e.g., SunOS 4.X, HP-UX, BSD) 1580then 1581.i sendmail 1582will provide a stub implementation. 1583The 1584.b ServiceSwitchFile 1585option points to the name of a file that has the service definitions. 1586Each line has the name of a service 1587and the possible implementations of that service. 1588For example, the file: 1589.(b 1590hosts dns files nis 1591aliases files nis 1592.)b 1593will ask 1594.i sendmail 1595to look for hosts in the Domain Name System first. 1596If the requested host name is not found, it tries local files, 1597and if that fails it tries NIS. 1598Similarly, when looking for aliases 1599it will try the local files first followed by NIS. 1600.pp 1601Notice: since 1602.i sendmail 1603must access MX records for correct operation, it will use 1604DNS if it is configured in the 1605.b ServiceSwitchFile 1606file. 1607Hence an entry like 1608.(b 1609hosts files dns 1610.)b 1611will not avoid DNS lookups even if a host can be found 1612in /etc/hosts. 1613.pp 1614Service switches are not completely integrated. 1615For example, despite the fact that the host entry listed in the above example 1616specifies to look in NIS, 1617on SunOS this won't happen because the system implementation of 1618.i gethostbyname \\|(3) 1619doesn't understand this. 1620.sh 2 "The Alias Database" 1621.pp 1622After recipient addresses are read from the SMTP connection 1623or command line 1624they are parsed by ruleset 0, 1625which must resolve to a 1626{\c 1627.i mailer , 1628.i host , 1629.i address } 1630triple. 1631If the flags selected by the 1632.i mailer 1633include the 1634.b A 1635(aliasable) flag, 1636the 1637.i address 1638part of the triple is looked up as the key 1639(i.e., the left hand side) 1640in the alias database. 1641If there is a match, the address is deleted from the send queue 1642and all addresses on the right hand side of the alias 1643are added in place of the alias that was found. 1644This is a recursive operation, 1645so aliases found in the right hand side of the alias 1646are similarly expanded. 1647.pp 1648The alias database exists in two forms. 1649One is a text form, 1650maintained in the file 1651.i /etc/mail/aliases. 1652The aliases are of the form 1653.(b 1654name: name1, name2, ... 1655.)b 1656Only local names may be aliased; 1657e.g., 1658.(b 1659eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU 1660.)b 1661will not have the desired effect 1662(except on prep.ai.MIT.EDU, 1663and they probably don't want me)\. 1664.(f 1665\Actually, any mailer that has the `A' mailer flag set 1666will permit aliasing; 1667this is normally limited to the local mailer. 1668.)f 1669Aliases may be continued by starting any continuation lines 1670with a space or a tab or by putting a backslash directly before 1671the newline. 1672Blank lines and lines beginning with a sharp sign 1673(\c 1674.q # ) 1675are comments. 1676.pp 1677The second form is processed by the 1678.i ndbm \\|(3)\* 1679.(f 1680\*The 1681.i gdbm 1682package does not work. 1683.)f 1684or the Berkeley DB library. 1685This form is in the file 1686.i /etc/mail/aliases.db 1687(if using NEWDB) 1688or 1689.i /etc/mail/aliases.dir 1690and 1691.i /etc/mail/aliases.pag 1692(if using NDBM). 1693This is the form that 1694.i sendmail 1695actually uses to resolve aliases. 1696This technique is used to improve performance. 1697.pp 1698The control of search order is actually set by the service switch. 1699Essentially, the entry 1700.(b 1701O AliasFile=switch:aliases 1702.)b 1703is always added as the first alias entry; 1704also, the first alias file name without a class 1705(e.g., without 1706.q nis: 1707on the front) 1708will be used as the name of the file for a ``files'' entry 1709in the aliases switch. 1710For example, if the configuration file contains 1711.(b 1712O AliasFile=/etc/mail/aliases 1713.)b 1714and the service switch contains 1715.(b 1716aliases nis files nisplus 1717.)b 1718then aliases will first be searched in the NIS database, 1719then in /etc/mail/aliases, 1720then in the NIS+ database. 1721.pp 1722You can also use 1723.sm NIS -based 1724alias files. 1725For example, the specification: 1726.(b 1727O AliasFile=/etc/mail/aliases 1728O AliasFile=nis:mail.aliases@my.nis.domain 1729.)b 1730will first search the /etc/mail/aliases file 1731and then the map named 1732.q mail.aliases 1733in 1734.q my.nis.domain . 1735Warning: if you build your own 1736.sm NIS -based 1737alias files, 1738be sure to provide the 1739.b \-l 1740flag to 1741.i makedbm (8) 1742to map upper case letters in the keys to lower case; 1743otherwise, aliases with upper case letters in their names 1744won't match incoming addresses. 1745.pp 1746Additional flags can be added after the colon 1747exactly like a 1748.b K 1749line \(em for example: 1750.(b 1751O AliasFile=nis:\-N mail.aliases@my.nis.domain 1752.)b 1753will search the appropriate NIS map and always include null bytes in the key. 1754Also: 1755.(b 1756O AliasFile=nis:\-f mail.aliases@my.nis.domain 1757.)b 1758will prevent sendmail from downcasing the key before the alias lookup. 1759.sh 3 "Rebuilding the alias database" 1760.pp 1761The 1762.i hash 1763or 1764.i dbm 1765version of the database 1766may be rebuilt explicitly by executing the command 1767.(b 1768newaliases 1769.)b 1770This is equivalent to giving 1771.i sendmail 1772the 1773.b \-bi 1774flag: 1775.(b 1776/usr/\(SD/sendmail \-bi 1777.)b 1778.pp 1779If you have multiple aliases databases specified, 1780the 1781.b \-bi 1782flag rebuilds all the database types it understands 1783(for example, it can rebuild NDBM databases but not NIS databases). 1784.sh 3 "Potential problems" 1785.pp 1786There are a number of problems that can occur 1787with the alias database. 1788They all result from a 1789.i sendmail 1790process accessing the DBM version 1791while it is only partially built. 1792This can happen under two circumstances: 1793One process accesses the database 1794while another process is rebuilding it, 1795or the process rebuilding the database dies 1796(due to being killed or a system crash) 1797before completing the rebuild. 1798.pp 1799Sendmail has three techniques to try to relieve these problems. 1800First, it ignores interrupts while rebuilding the database; 1801this avoids the problem of someone aborting the process 1802leaving a partially rebuilt database. 1803Second, 1804it locks the database source file during the rebuild \(em 1805but that may not work over NFS or if the file is unwritable. 1806Third, 1807at the end of the rebuild 1808it adds an alias of the form 1809.(b 1810@: @ 1811.)b 1812(which is not normally legal). 1813Before 1814.i sendmail 1815will access the database, 1816it checks to insure that this entry exists\*. 1817.(f 1818\The 1819.b AliasWait 1820option is required in the configuration 1821for this action to occur. 1822This should normally be specified. 1823.)f 1824.sh 3 "List owners" 1825.pp 1826If an error occurs on sending to a certain address, 1827say 1828.q \fIx\fP , 1829.i sendmail 1830will look for an alias 1831of the form 1832.q owner-\fIx\fP 1833to receive the errors. 1834This is typically useful 1835for a mailing list 1836where the submitter of the list 1837has no control over the maintenance of the list itself; 1838in this case the list maintainer would be the owner of the list. 1839For example: 1840.(b 1841unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser, 1842* sam@matisse 1843owner-unix-wizards: unix-wizards-request 1844unix-wizards-request: eric@ucbarpa 1845.)b 1846would cause 1847.q eric@ucbarpa 1848to get the error that will occur 1849when someone sends to 1850unix-wizards 1851due to the inclusion of 1852.q nosuchuser 1853on the list. 1854.pp 1855List owners also cause the envelope sender address to be modified. 1856The contents of the owner alias are used if they point to a single user, 1857otherwise the name of the alias itself is used. 1858For this reason, and to obey Internet conventions, 1859the 1860.q owner- 1861address normally points at the 1862.q -request 1863address; this causes messages to go out with the typical Internet convention 1864of using ``\c 1865.i list -request'' 1866as the return address. 1867.sh 2 "User Information Database" 1868.pp 1869This option is deprecated, use virtusertable and genericstable instead 1870as explained in 1871.i cf/README . 1872If you have a version of 1873.i sendmail 1874with the user information database 1875compiled in, 1876and you have specified one or more databases using the 1877.b U 1878option, 1879the databases will be searched for a 1880.i user :maildrop 1881entry. 1882If found, the mail will be sent to the specified address. 1883.sh 2 "Per-User Forwarding (.forward Files)" 1884.pp 1885As an alternative to the alias database, 1886any user may put a file with the name 1887.q .forward 1888in his or her home directory. 1889If this file exists, 1890.i sendmail 1891redirects mail for that user 1892to the list of addresses listed in the .forward file. 1893Note that aliases are fully expanded before forward files are referenced. 1894For example, if the home directory for user 1895.q mckusick 1896has a .forward file with contents: 1897.(b 1898mckusick@ernie 1899kirk@calder 1900.)b 1901then any mail arriving for 1902.q mckusick 1903will be redirected to the specified accounts. 1904.pp 1905Actually, the configuration file defines a sequence of filenames to check. 1906By default, this is the user's .forward file, 1907but can be defined to be more generally using the 1908.b ForwardPath 1909option. 1910If you change this, 1911you will have to inform your user base of the change; 1912\&.forward is pretty well incorporated into the collective subconscious. 1913.sh 2 "Special Header Lines" 1914.pp 1915Several header lines have special interpretations 1916defined by the configuration file. 1917Others have interpretations built into 1918.i sendmail 1919that cannot be changed without changing the code. 1920These built-ins are described here. 1921.sh 3 "Errors-To:" 1922.pp 1923If errors occur anywhere during processing, 1924this header will cause error messages to go to 1925the listed addresses. 1926This is intended for mailing lists. 1927.pp 1928The Errors-To: header was created in the bad old days 1929when UUCP didn't understand the distinction between an envelope and a header; 1930this was a hack to provide what should now be passed 1931as the envelope sender address. 1932It should go away. 1933It is only used if the 1934.b UseErrorsTo 1935option is set. 1936.pp 1937The Errors-To: header is officially deprecated 1938and will go away in a future release. 1939.sh 3 "Apparently-To:" 1940.pp 1941RFC 822 requires at least one recipient field 1942(To:, Cc:, or Bcc: line) 1943in every message. 1944If a message comes in with no recipients listed in the message 1945then 1946.i sendmail 1947will adjust the header based on the 1948.q NoRecipientAction 1949option. 1950One of the possible actions is to add an 1951.q "Apparently-To:" 1952header line for any recipients it is aware of. 1953.pp 1954The Apparently-To: header is non-standard 1955and is both deprecated and strongly discouraged. 1956.sh 3 "Precedence" 1957.pp 1958The Precedence: header can be used as a crude control of message priority. 1959It tweaks the sort order in the queue 1960and can be configured to change the message timeout values. 1961The precedence of a message also controls how 1962delivery status notifications (DSNs) 1963are processed for that message. 1964.sh 2 "IDENT Protocol Support" 1965.pp 1966.i Sendmail 1967supports the IDENT protocol as defined in RFC 1413. 1968Note that the RFC states 1969a client should wait at least 30 seconds for a response. 1970The default Timeout.ident is 5 seconds 1971as many sites have adopted the practice of dropping IDENT queries. 1972This has lead to delays processing mail. 1973Although this enhances identification 1974of the author of an email message 1975by doing a ``call back'' to the originating system to include 1976the owner of a particular TCP connection 1977in the audit trail 1978it is in no sense perfect; 1979a determined forger can easily spoof the IDENT protocol. 1980The following description is excerpted from RFC 1413: 1981.ba +5 1982.lp 19836. Security Considerations 1984.lp 1985The information returned by this protocol is at most as trustworthy 1986as the host providing it OR the organization operating the host. For 1987example, a PC in an open lab has few if any controls on it to prevent 1988a user from having this protocol return any identifier the user 1989wants. Likewise, if the host has been compromised the information 1990returned may be completely erroneous and misleading. 1991.lp 1992The Identification Protocol is not intended as an authorization or 1993access control protocol. At best, it provides some additional 1994auditing information with respect to TCP connections. At worst, it 1995can provide misleading, incorrect, or maliciously incorrect 1996information. 1997.lp 1998The use of the information returned by this protocol for other than 1999auditing is strongly discouraged. Specifically, using Identification 2000Protocol information to make access control decisions - either as the 2001primary method (i.e., no other checks) or as an adjunct to other 2002methods may result in a weakening of normal host security. 2003.lp 2004An Identification server may reveal information about users, 2005entities, objects or processes which might normally be considered 2006private. An Identification server provides service which is a rough 2007analog of the CallerID services provided by some phone companies and 2008many of the same privacy considerations and arguments that apply to 2009the CallerID service apply to Identification. If you wouldn't run a 2010"finger" server due to privacy considerations you may not want to run 2011this protocol. 2012.ba 2013.lp 2014In some cases your system may not work properly with IDENT support 2015due to a bug in the TCP/IP implementation. 2016The symptoms will be that for some hosts 2017the SMTP connection will be closed 2018almost immediately. 2019If this is true or if you do not want to use IDENT, 2020you should set the IDENT timeout to zero; 2021this will disable the IDENT protocol. 2022.sh 1 "ARGUMENTS" 2023.pp 2024The complete list of arguments to 2025.i sendmail 2026is described in detail in Appendix A. 2027Some important arguments are described here. 2028.sh 2 "Queue Interval" 2029.pp 2030The amount of time between forking a process 2031to run through the queue is defined by the 2032.b \-q 2033flag. 2034If you run with delivery mode set to 2035.b i 2036or 2037.b b 2038this can be relatively large, since it will only be relevant 2039when a host that was down comes back up. 2040If you run in 2041.b q 2042mode it should be relatively short, 2043since it defines the maximum amount of time that a message 2044may sit in the queue. 2045(See also the MinQueueAge option.) 2046.pp 2047RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes 2048(although that probably doesn't make sense if you use ``queue-only'' mode). 2049.pp 2050Notice: the meaning of the interval time depends on whether normal 2051queue runners or persistent queue runners are used. 2052For the former, it is the time between subsequent starts of a queue run. 2053For the latter, it is the time sendmail waits after a persistent queue 2054runner has finished its work to start the next one. 2055Hence for persistent queue runners this interval should be very low, 2056typically no more than two minutes. 2057.sh 2 "Daemon Mode" 2058.pp 2059If you allow incoming mail over an IPC connection, 2060you should have a daemon running. 2061This should be set by your 2062.i /etc/rc 2063file using the 2064.b \-bd 2065flag. 2066The 2067.b \-bd 2068flag and the 2069.b \-q 2070flag may be combined in one call: 2071.(b 2072/usr/\(SD/sendmail \-bd \-q30m 2073.)b 2074.pp 2075An alternative approach is to invoke sendmail from 2076.i inetd (8) 2077(use the 2078.b \-bs \ \-Am 2079flags to ask sendmail to speak SMTP on its standard input and output 2080and to run as MTA). 2081This works and allows you to wrap 2082.i sendmail 2083in a TCP wrapper program, 2084but may be a bit slower since the configuration file 2085has to be re-read on every message that comes in. 2086If you do this, you still need to have a 2087.i sendmail 2088running to flush the queue: 2089.(b 2090/usr/\(SD/sendmail \-q30m 2091.)b 2092.sh 2 "Forcing the Queue" 2093.pp 2094In some cases you may find that the queue has gotten clogged for some reason. 2095You can force a queue run 2096using the 2097.b \-q 2098flag (with no value). 2099It is entertaining to use the 2100.b \-v 2101flag (verbose) 2102when this is done to watch what happens: 2103.(b 2104/usr/\(SD/sendmail \-q \-v 2105.)b 2106.pp 2107You can also limit the jobs to those with a particular queue identifier, 2108recipient, sender, quarantine reason, or queue group 2109using one of the queue modifiers. 2110For example, 2111.q \-qRberkeley 2112restricts the queue run to jobs that have the string 2113.q berkeley 2114somewhere in one of the recipient addresses. 2115Similarly, 2116.q \-qSstring 2117limits the run to particular senders, 2118.q \-qIstring 2119limits it to particular queue identifiers, and 2120.q \-qQstring 2121limits it to particular quarantined reasons and only operated on 2122quarantined queue items, and 2123.q \-qGstring 2124limits it to a particular queue group. 2125The named queue group will be run even if it is set to have 0 runners. 2126You may also place an 2127.b ! 2128before the 2129.b I 2130or 2131.b R 2132or 2133.b S 2134or 2135.b Q 2136to indicate that jobs are limited to not including a particular queue 2137identifier, recipient or sender. 2138For example, 2139.q \-q!Rseattle 2140limits the queue run to jobs that do not have the string 2141.q seattle 2142somewhere in one of the recipient addresses. 2143Should you need to terminate the queue jobs currently active then a SIGTERM 2144to the parent of the process (or processes) will cleanly stop the jobs. 2145.sh 2 "Debugging" 2146.pp 2147There are a fairly large number of debug flags 2148built into 2149.i sendmail . 2150Each debug flag has a category and a level. 2151Higher levels increase the level of debugging activity; 2152in most cases, this means to print out more information. 2153The convention is that levels greater than nine are 2154.q absurd, 2155i.e., 2156they print out so much information that you wouldn't normally 2157want to see them except for debugging that particular piece of code. 2158.pp 2159You should 2160.b never 2161run a production sendmail server in debug mode. 2162Many of the debug flags will result in debug output being sent over the 2163SMTP channel unless the option 2164.b \-D 2165is used. 2166This will confuse many mail programs. 2167However, for testing purposes, it can be useful 2168when sending mail manually via 2169telnet to the port you are using while debugging. 2170.pp 2171A debug category is either an integer, like 42, 2172or a name, like ANSI. 2173You can specify a range of numeric debug categories 2174using the syntax 17-42. 2175You can specify a set of named debug categories using 2176a glob pattern like 2177.q sm_trace_ . 2178At present, only 2179.q * 2180and 2181.q ? 2182are supported in these glob patterns. 2183.pp 2184Debug flags are set using the 2185.b \-d 2186option; 2187the syntax is: 2188.(b 2189.ta \w'debug-categories:M 'u 2190debug-flag: \fB\-d\fP debug-list 2191debug-list: debug-option [ , debug-option ]* 2192debug-option: debug-categories [ . debug-level ] 2193debug-categories: integer \| integer \- integer \| category-pattern 2194category-pattern: [a-zA-Z_?][a-zA-Z0-9_?]* 2195debug-level: integer 2196.)b 2197where spaces are for reading ease only. 2198For example, 2199.(b 2200\-d12 Set category 12 to level 1 2201\-d12.3 Set category 12 to level 3 2202\-d3\-17 Set categories 3 through 17 to level 1 2203\-d3\-17.4 Set categories 3 through 17 to level 4 2204\-dANSI Set category ANSI to level 1 2205\-dsm_trace_.3 Set all named categories matching sm_trace_ to level 3 2206.)b 2207For a complete list of the available debug flags 2208you will have to look at the code 2209and the 2210.i TRACEFLAGS 2211file in the sendmail distribution 2212(they are too dynamic to keep this document up to date). 2213For a list of named debug categories in the sendmail binary, use 2214.(b 2215ident /usr/sbin/sendmail \| grep Debug 2216.)b 2217.sh 2 "Changing the Values of Options" 2218.pp 2219Options can be overridden using the 2220.b \-o 2221or 2222.b \-O 2223command line flags. 2224For example, 2225.(b 2226/usr/\(SD/sendmail \-oT2m 2227.)b 2228sets the 2229.b T 2230(timeout) option to two minutes 2231for this run only; 2232the equivalent line using the long option name is 2233.(b 2234/usr/\(SD/sendmail -OTimeout.queuereturn=2m 2235.)b 2236.pp 2237Some options have security implications. 2238Sendmail allows you to set these, 2239but relinquishes its set-user-ID or set-group-ID permissions thereafter\*. 2240.(f 2241\That is, it sets its effective uid to the real uid; 2242thus, if you are executing as root, 2243as from root's crontab file or during system startup 2244the root permissions will still be honored. 2245.)f 2246.sh 2 "Trying a Different Configuration File" 2247.pp 2248An alternative configuration file 2249can be specified using the 2250.b \-C 2251flag; for example, 2252.(b 2253/usr/\(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue 2254.)b 2255uses the configuration file 2256.i test.cf 2257instead of the default 2258.i /etc/mail/sendmail.cf. 2259If the 2260.b \-C 2261flag has no value 2262it defaults to 2263.i sendmail.cf 2264in the current directory. 2265.pp 2266.i Sendmail 2267gives up set-user-ID root permissions 2268(if it has been installed set-user-ID root) 2269when you use this flag, so it is common to use a publicly writable directory 2270(such as /tmp) 2271as the queue directory (QueueDirectory or Q option) while testing. 2272.sh 2 "Logging Traffic" 2273.pp 2274Many SMTP implementations do not fully implement the protocol. 2275For example, some personal computer based SMTPs 2276do not understand continuation lines in reply codes. 2277These can be very hard to trace. 2278If you suspect such a problem, you can set traffic logging using the 2279.b \-X 2280flag. 2281For example, 2282.(b 2283/usr/\(SD/sendmail \-X /tmp/traffic \-bd 2284.)b 2285will log all traffic in the file 2286.i /tmp/traffic . 2287.pp 2288This logs a lot of data very quickly and should 2289.b NEVER 2290be used 2291during normal operations. 2292After starting up such a daemon, 2293force the errant implementation to send a message to your host. 2294All message traffic in and out of 2295.i sendmail , 2296including the incoming SMTP traffic, 2297will be logged in this file. 2298.sh 2 "Testing Configuration Files" 2299.pp 2300When you build a configuration table, 2301you can do a certain amount of testing 2302using the 2303.q "test mode" 2304of 2305.i sendmail . 2306For example, 2307you could invoke 2308.i sendmail 2309as: 2310.(b 2311sendmail \-bt \-Ctest.cf 2312.)b 2313which would read the configuration file 2314.q test.cf 2315and enter test mode. 2316In this mode, 2317you enter lines of the form: 2318.(b 2319rwset address 2320.)b 2321where 2322.i rwset 2323is the rewriting set you want to use 2324and 2325.i address 2326is an address to apply the set to. 2327Test mode shows you the steps it takes 2328as it proceeds, 2329finally showing you the address it ends up with. 2330You may use a comma separated list of rwsets 2331for sequential application of rules to an input. 2332For example: 2333.(b 23343,1,21,4 monet:bollard 2335.)b 2336first applies ruleset three to the input 2337.q monet:bollard. 2338Ruleset one is then applied to the output of ruleset three, 2339followed similarly by rulesets twenty-one and four. 2340.pp 2341If you need more detail, 2342you can also use the 2343.q \-d21 2344flag to turn on more debugging. 2345For example, 2346.(b 2347sendmail \-bt \-d21.99 2348.)b 2349turns on an incredible amount of information; 2350a single word address 2351is probably going to print out several pages worth of information. 2352.pp 2353You should be warned that internally, 2354.i sendmail 2355applies ruleset 3 to all addresses. 2356In test mode 2357you will have to do that manually. 2358For example, older versions allowed you to use 2359.(b 23600 bruce@broadcast.sony.com 2361.)b 2362This version requires that you use: 2363.(b 23643,0 bruce@broadcast.sony.com 2365.)b 2366.pp 2367As of version 8.7, 2368some other syntaxes are available in test mode: 2369.nr ii 1i 2370.ip \&.D\\|x\\|value 2371defines macro 2372.i x 2373to have the indicated 2374.i value . 2375This is useful when debugging rules that use the 2376.b $& \c 2377.i x 2378syntax. 2379.ip \&.C\\|c\\|value 2380adds the indicated 2381.i value 2382to class 2383.i c . 2384.ip \&=S\\|ruleset 2385dumps the contents of the indicated ruleset. 2386.ip \-d\\|debug-spec 2387is equivalent to the command-line flag. 2388.lp 2389Version 8.9 introduced more features: 2390.nr ii 1i 2391.ip ? 2392shows a help message. 2393.ip =M 2394display the known mailers. 2395.ip $m 2396print the value of macro m. 2397.ip $=c 2398print the contents of class c. 2399.ip /mx\ host 2400returns the MX records for `host'. 2401.ip /parse\ address 2402parse address, returning the value of 2403.i crackaddr , 2404and the parsed address. 2405.ip /try\ mailer\ addr 2406rewrite address into the form it will have when 2407presented to the indicated mailer. 2408.ip /tryflags\ flags 2409set flags used by parsing. The flags can be `H' for 2410Header or `E' for Envelope, and `S' for Sender or `R' 2411for Recipient. These can be combined, `HR' sets 2412flags for header recipients. 2413.ip /canon\ hostname 2414try to canonify hostname. 2415.ip /map\ mapname\ key 2416look up `key' in the indicated `mapname'. 2417.ip /quit 2418quit address test mode. 2419.lp 2420.sh 2 "Persistent Host Status Information" 2421.pp 2422When 2423.b HostStatusDirectory 2424is enabled, 2425information about the status of hosts is maintained on disk 2426and can thus be shared between different instantiations of 2427.i sendmail . 2428The status of the last connection with each remote host 2429may be viewed with the command: 2430.(b 2431sendmail \-bh 2432.)b 2433This information may be flushed with the command: 2434.(b 2435sendmail \-bH 2436.)b 2437Flushing the information prevents new 2438.i sendmail 2439processes from loading it, 2440but does not prevent existing processes from using the status information 2441that they already have. 2442.sh 1 "TUNING" 2443.pp 2444There are a number of configuration parameters 2445you may want to change, 2446depending on the requirements of your site. 2447Most of these are set 2448using an option in the configuration file. 2449For example, 2450the line 2451.q "O Timeout.queuereturn=5d" 2452sets option 2453.q Timeout.queuereturn 2454to the value 2455.q 5d 2456(five days). 2457.pp 2458Most of these options have appropriate defaults for most sites. 2459However, 2460sites having very high mail loads may find they need to tune them 2461as appropriate for their mail load. 2462In particular, 2463sites experiencing a large number of small messages, 2464many of which are delivered to many recipients, 2465may find that they need to adjust the parameters 2466dealing with queue priorities. 2467.pp 2468All versions of 2469.i sendmail 2470prior to 8.7 2471had single character option names. 2472As of 8.7, 2473options have long (multi-character names). 2474Although old short names are still accepted, 2475most new options do not have short equivalents. 2476.pp 2477This section only describes the options you are most likely 2478to want to tweak; 2479read section 2480.\"XREF 24815 2482for more details. 2483.sh 2 "Timeouts" 2484.pp 2485All time intervals are set 2486using a scaled syntax. 2487For example, 2488.q 10m 2489represents ten minutes, whereas 2490.q 2h30m 2491represents two and a half hours. 2492The full set of scales is: 2493.(b 2494.ta 4n 2495s seconds 2496m minutes 2497h hours 2498d days 2499w weeks 2500.)b 2501.sh 3 "Queue interval" 2502.pp 2503The argument to the 2504.b \-q 2505flag specifies how often a sub-daemon will run the queue. 2506This is typically set to between fifteen minutes and one hour. 2507If not set, or set to zero, 2508the queue will not be run automatically. 2509RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes. 2510Should you need to terminate the queue jobs currently active then a SIGTERM 2511to the parent of the process (or processes) will cleanly stop the jobs. 2512.sh 3 "Read timeouts" 2513.pp 2514Timeouts all have option names 2515.q Timeout.\fIsuboption\fP . 2516Most of these control SMTP operations. 2517The recognized 2518.i suboption s, 2519their default values, and the minimum values 2520allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are: 2521.nr ii 1i 2522.ip connect 2523The time to wait for an SMTP connection to open 2524(the 2525.i connect (2) 2526system call) 2527[0, unspecified]. 2528If zero, uses the kernel default. 2529In no case can this option extend the timeout 2530longer than the kernel provides, but it can shorten it. 2531This is to get around kernels that provide an absurdly long connection timeout 2532(90 minutes in one case). 2533.ip iconnect 2534The same as 2535.i connect, 2536except it applies only to the initial attempt to connect to a host 2537for a given message 2538[0, unspecified]. 2539The concept is that this should be very short (a few seconds); 2540hosts that are well connected and responsive will thus be serviced immediately. 2541Hosts that are slow will not hold up other deliveries in the initial 2542delivery attempt. 2543.ip aconnect 2544[0, unspecified] 2545The overall timeout waiting for all connection for a single delivery 2546attempt to succeed. 2547If 0, no overall limit is applied. 2548This can be used to restrict the total amount of time trying to connect to 2549a long list of host that could accept an e-mail for the recipient. 2550This timeout does not apply to 2551.b FallbackMXhost , 2552i.e., if the time is exhausted, the 2553.b FallbackMXhost 2554is tried next. 2555.ip initial 2556The wait for the initial 220 greeting message 2557[5m, 5m]. 2558.ip helo 2559The wait for a reply from a HELO or EHLO command 2560[5m, unspecified]. 2561This may require a host name lookup, so 2562five minutes is probably a reasonable minimum. 2563.ip mail\(dg 2564The wait for a reply from a MAIL command 2565[10m, 5m]. 2566.ip rcpt\(dg 2567The wait for a reply from a RCPT command 2568[1h, 5m]. 2569This should be long 2570because it could be pointing at a list 2571that takes a long time to expand 2572(see below). 2573.ip datainit\(dg 2574The wait for a reply from a DATA command 2575[5m, 2m]. 2576.ip datablock\(dg\(dd 2577The wait for reading a data block 2578(that is, the body of the message). 2579[1h, 3m]. 2580This should be long because it also applies to programs 2581piping input to 2582.i sendmail 2583which have no guarantee of promptness. 2584.ip datafinal\(dg 2585The wait for a reply from the dot terminating a message. 2586[1h, 10m]. 2587If this is shorter than the time actually needed 2588for the receiver to deliver the message, 2589duplicates will be generated. 2590This is discussed in RFC 1047. 2591.ip rset 2592The wait for a reply from a RSET command 2593[5m, unspecified]. 2594.ip quit 2595The wait for a reply from a QUIT command 2596[2m, unspecified]. 2597.ip misc 2598The wait for a reply from miscellaneous (but short) commands 2599such as NOOP (no-operation) and VERB (go into verbose mode). 2600[2m, unspecified]. 2601.ip command\(dg\(dd 2602In server SMTP, 2603the time to wait for another command. 2604[1h, 5m]. 2605.ip ident\(dd 2606The timeout waiting for a reply to an IDENT query 2607[5s\, unspecified]. 2608.(f 2609\On some systems the default is zero to turn the protocol off entirely. 2610.)f 2611.ip lhlo 2612The wait for a reply to an LMTP LHLO command 2613[2m, unspecified]. 2614.ip auth 2615The timeout for a reply in an SMTP AUTH dialogue 2616[10m, unspecified]. 2617.ip starttls 2618The timeout for a reply to an SMTP STARTTLS command and the TLS handshake 2619[1h, unspecified]. 2620.ip fileopen\(dd 2621The timeout for opening .forward and :include: files [60s, none]. 2622.ip control\(dd 2623The timeout for a complete control socket transaction to complete [2m, none]. 2624.ip hoststatus\(dd 2625How long status information about a host 2626(e.g., host down) 2627will be cached before it is considered stale 2628[30m, unspecified]. 2629.ip resolver.retrans\(dd 2630The resolver's 2631retransmission time interval 2632(in seconds) 2633[varies]. 2634Sets both 2635.i Timeout.resolver.retrans.first 2636and 2637.i Timeout.resolver.retrans.normal . 2638.ip resolver.retrans.first\(dd 2639The resolver's 2640retransmission time interval 2641(in seconds) 2642for the first attempt to 2643deliver a message 2644[varies]. 2645.ip resolver.retrans.normal\(dd 2646The resolver's 2647retransmission time interval 2648(in seconds) 2649for all resolver lookups 2650except the first delivery attempt 2651[varies]. 2652.ip resolver.retry\(dd 2653The number of times 2654to retransmit a resolver query. 2655Sets both 2656.i Timeout.resolver.retry.first 2657and 2658.i Timeout.resolver.retry.normal 2659[varies]. 2660.ip resolver.retry.first\(dd 2661The number of times 2662to retransmit a resolver query 2663for the first attempt 2664to deliver a message 2665[varies]. 2666.ip resolver.retry.normal\(dd 2667The number of times 2668to retransmit a resolver query 2669for all resolver lookups 2670* except the first delivery attempt 2671[varies]. 2672.lp 2673For compatibility with old configuration files, 2674if no 2675.i suboption 2676is specified, 2677all the timeouts marked with 2678.DG 2679(\(dg) are set to the indicated value. 2680All but those marked with 2681.DD 2682(\(dd) apply to client SMTP. 2683.pp 2684For example, the lines: 2685.(b 2686O Timeout.command=25m 2687O Timeout.datablock=3h 2688.)b 2689sets the server SMTP command timeout to 25 minutes 2690and the input data block timeout to three hours. 2691.sh 3 "Message timeouts" 2692.pp 2693After sitting in the queue for a few days, 2694an undeliverable message will time out. 2695This is to insure that at least the sender is aware 2696of the inability to send a message. 2697The timeout is typically set to five days. 2698It is sometimes considered convenient to also send a warning message 2699if the message is in the queue longer than a few hours 2700(assuming you normally have good connectivity; 2701if your messages normally took several hours to send 2702you wouldn't want to do this because it wouldn't be an unusual event). 2703These timeouts are set using the 2704.b Timeout.queuereturn 2705and 2706.b Timeout.queuewarn 2707options in the configuration file 2708(previously both were set using the 2709.b T 2710option). 2711.pp 2712If the message is submitted using the 2713.sm NOTIFY 2714.sm SMTP 2715extension, 2716warning messages will only be sent if 2717.sm NOTIFY=DELAY 2718is specified. 2719The queuereturn and queuewarn timeouts 2720can be further qualified with a tag based on the Precedence: field 2721in the message; 2722they must be one of 2723.q urgent 2724(indicating a positive non-zero precedence), 2725.q normal 2726(indicating a zero precedence), or 2727.q non-urgent 2728(indicating negative precedences). 2729For example, setting 2730.q Timeout.queuewarn.urgent=1h 2731sets the warning timeout for urgent messages only 2732to one hour. 2733The default if no precedence is indicated 2734is to set the timeout for all precedences. 2735If the message has a normal (default) precedence 2736and it is a delivery status notification (DSN), 2737.b Timeout.queuereturn.dsn 2738and 2739.b Timeout.queuewarn.dsn 2740can be used to give an alternative warn and return time 2741for DSNs. 2742The value "now" can be used for 2743-O Timeout.queuereturn 2744to return entries immediately during a queue run, 2745e.g., to bounce messages independent of their time in the queue. 2746.pp 2747Since these options are global, 2748and since you cannot know 2749.i "a priori" 2750how long another host outside your domain will be down, 2751a five day timeout is recommended. 2752This allows a recipient to fix the problem even if it occurs 2753at the beginning of a long weekend. 2754RFC 1123 section 5.3.1.1 says that this parameter 2755should be ``at least 4\-5 days''. 2756.pp 2757The 2758.b Timeout.queuewarn 2759value can be piggybacked on the 2760.b T 2761option by indicating a time after which 2762a warning message should be sent; 2763the two timeouts are separated by a slash. 2764For example, the line 2765.(b 2766OT5d/4h 2767.)b 2768causes email to fail after five days, 2769but a warning message will be sent after four hours. 2770This should be large enough that the message will have been tried 2771several times. 2772.sh 2 "Forking During Queue Runs" 2773.pp 2774By setting the 2775.b ForkEachJob 2776(\c 2777.b Y ) 2778option, 2779.i sendmail 2780will fork before each individual message 2781while running the queue. 2782This option was used with earlier releases to prevent 2783.i sendmail 2784from consuming large amounts of memory. 2785It should no longer be necessary with 2786.i sendmail 27878.12. 2788If the 2789.b ForkEachJob 2790option is not set, 2791.i sendmail 2792will keep track of hosts that are down during a queue run, 2793which can improve performance dramatically. 2794.pp 2795If the 2796.b ForkEachJob 2797option is set, 2798.i sendmail 2799cannot use connection caching. 2800.sh 2 "Queue Priorities" 2801.pp 2802Every message is assigned a priority when it is first instantiated, 2803consisting of the message size (in bytes) 2804offset by the message class 2805(which is determined from the Precedence: header) 2806times the 2807.q "work class factor" 2808and the number of recipients times the 2809.q "work recipient factor." 2810The priority is used to order the queue. 2811Higher numbers for the priority mean that the message will be processed later 2812when running the queue. 2813.pp 2814The message size is included so that large messages are penalized 2815relative to small messages. 2816The message class allows users to send 2817.q "high priority" 2818messages by including a 2819.q Precedence: 2820field in their message; 2821the value of this field is looked up in the 2822.b P 2823lines of the configuration file. 2824Since the number of recipients affects the amount of load a message presents 2825to the system, 2826this is also included into the priority. 2827.pp 2828The recipient and class factors 2829can be set in the configuration file using the 2830.b RecipientFactor 2831(\c 2832.b y ) 2833and 2834.b ClassFactor 2835(\c 2836.b z ) 2837options respectively. 2838They default to 30000 (for the recipient factor) 2839and 1800 2840(for the class factor). 2841The initial priority is: 2842.EQ 2843pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor) 2844.EN 2845(Remember, higher values for this parameter actually mean 2846that the job will be treated with lower priority.) 2847.pp 2848The priority of a job can also be adjusted each time it is processed 2849(that is, each time an attempt is made to deliver it) 2850using the 2851.q "work time factor," 2852set by the 2853.b RetryFactor 2854(\c 2855.b Z ) 2856option. 2857This is added to the priority, 2858so it normally decreases the precedence of the job, 2859on the grounds that jobs that have failed many times 2860will tend to fail again in the future. 2861The 2862.b RetryFactor 2863option defaults to 90000. 2864.sh 2 "Load Limiting" 2865.pp 2866.i Sendmail 2867can be asked to queue (but not deliver) mail 2868if the system load average gets too high using the 2869.b QueueLA 2870(\c 2871.b x ) 2872option. 2873When the load average exceeds the value of the 2874.b QueueLA 2875option, the delivery mode is set to 2876.b q 2877(queue only) if the 2878.b QueueFactor 2879(\c 2880.b q ) 2881option divided by the difference in the current load average and the 2882.b QueueLA 2883option plus one 2884is less than the priority of the message \(em 2885that is, the message is queued iff: 2886.EQ 2887pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 } 2888.EN 2889The 2890.b QueueFactor 2891option defaults to 600000, 2892so each point of load average is worth 600000 priority points 2893(as described above). 2894.pp 2895For drastic cases, the 2896.b RefuseLA 2897(\c 2898.b X ) 2899option defines a load average at which 2900.i sendmail 2901will refuse to accept network connections. 2902Locally generated mail, i.e., mail which is not submitted via SMTP 2903(including incoming UUCP mail), 2904is still accepted. 2905Notice that the MSP submits mail to the MTA via SMTP, and hence 2906mail will be queued in the client queue in such a case. 2907Therefore it is necessary to run the client mail queue periodically. 2908.sh 2 "Resource Limits" 2909.pp 2910.i Sendmail 2911has several parameters to control resource usage. 2912Besides those mentionted in the previous section, there are at least 2913.b MaxDaemonChildren , 2914.b ConnectionRateThrottle , 2915.b MaxQueueChildren , 2916and 2917.b MaxRunnersPerQueue . 2918The latter two limit the number of 2919.i sendmail 2920processes that operate on the queue. 2921These are discussed in the section 2922``Queue Group Declaration''. 2923The former two can be used to limit the number of incoming connections. 2924Their appropriate values depend on the host operating system and 2925the hardware, e.g., amount of memory. 2926In many situations it might be useful to set limits to prevent 2927to have too many 2928.i sendmail 2929processes, however, these limits can be abused to mount a 2930denial of service attack. 2931For example, if 2932.b MaxDaemonChildren=10 2933then an attacker needs to open only 10 SMTP sessions to the server, 2934leave them idle for most of the time, 2935and no more connections will be accepted. 2936If this option is set then the timeouts used in a SMTP session 2937should be lowered from their default values to 2938their minimum values as specified in RFC 2821 and listed in 2939section 2940.\"XREF 29414.1.2. 2942.sh 2 "Measures against Denial of Service Attacks" 2943.pp 2944.i Sendmail 2945has some built-in measures against simple denial of service (DoS) attacks. 2946The SMTP server by default slows down if too many bad commands are 2947issued or if some commands are repeated too often within a session. 2948Details can be found in the source file 2949.b sendmail/srvrsmtp.c 2950by looking for the macro definitions of 2951.b MAXBADCOMMANDS , 2952.b MAXNOOPCOMMANDS , 2953.b MAXHELOCOMMANDS , 2954.b MAXVRFYCOMMANDS , 2955and 2956.b MAXETRNCOMMANDS . 2957If an SMTP command is issued more often than the corresponding 2958.b MAXcmdCOMMANDS 2959value, then the response is delayed exponentially, 2960starting with a sleep time of one second, 2961up to a maximum of four minutes (as defined by 2962.b MAXTIMEOUT ). 2963If the option 2964.b MaxDaemonChildren 2965is set to a value greater than zero, 2966then this could make a DoS attack even worse since it 2967keeps a connection open longer than necessary. 2968Therefore a connection is terminated with a 421 SMTP reply code 2969if the number of commands exceeds the limit by a factor of two and 2970.b MAXBADCOMMANDS 2971is set to a value greater than zero (the default is 25). 2972.sh 2 "Delivery Mode" 2973.pp 2974There are a number of delivery modes that 2975.i sendmail 2976can operate in, 2977set by the 2978.b DeliveryMode 2979(\c 2980.b d ) 2981configuration option. 2982These modes 2983specify how quickly mail will be delivered. 2984Legal modes are: 2985.(b 2986.ta 4n 2987i deliver interactively (synchronously) 2988b deliver in background (asynchronously) 2989q queue only (don't deliver) 2990d defer delivery attempts (don't deliver) 2991.)b 2992There are tradeoffs. 2993Mode 2994.q i 2995gives the sender the quickest feedback, 2996but may slow down some mailers and 2997is hardly ever necessary. 2998Mode 2999.q b 3000delivers promptly but 3001can cause large numbers of processes 3002if you have a mailer that takes a long time to deliver a message. 3003Mode 3004.q q 3005minimizes the load on your machine, 3006but means that delivery may be delayed for up to the queue interval. 3007Mode 3008.q d 3009is identical to mode 3010.q q 3011except that it also prevents lookups in maps including the 3012.b -D 3013flag from working during the initial queue phase; 3014it is intended for ``dial on demand'' sites where DNS lookups 3015might cost real money. 3016Some simple error messages 3017(e.g., host unknown during the SMTP protocol) 3018will be delayed using this mode. 3019Mode 3020.q b 3021is the usual default. 3022.pp 3023If you run in mode 3024.q q 3025(queue only), 3026.q d 3027(defer), 3028or 3029.q b 3030(deliver in background) 3031.i sendmail 3032will not expand aliases and follow .forward files 3033upon initial receipt of the mail. 3034This speeds up the response to RCPT commands. 3035Mode 3036.q i 3037should not be used by the SMTP server. 3038.sh 2 "Log Level" 3039.pp 3040The level of logging can be set for 3041.i sendmail . 3042The default using a standard configuration table is level 9. 3043The levels are as follows: 3044.nr ii 0.5i 3045.ip 0 3046Minimal logging. 3047.ip 1 3048Serious system failures and potential security problems. 3049.ip 2 3050Lost communications (network problems) and protocol failures. 3051.ip 3 3052Other serious failures, malformed addresses, transient forward/include 3053errors, connection timeouts. 3054.ip 4 3055Minor failures, out of date alias databases, connection rejections 3056via check_ rulesets. 3057.ip 5 3058Message collection statistics. 3059.ip 6 3060Creation of error messages, 3061VRFY and EXPN commands. 3062.ip 7 3063Delivery failures (host or user unknown, etc.). 3064.ip 8 3065Successful deliveries and alias database rebuilds. 3066.ip 9 3067Messages being deferred 3068(due to a host being down, etc.). 3069.ip 10 3070Database expansion (alias, forward, and userdb lookups) 3071and authentication information. 3072.ip 11 3073NIS errors and end of job processing. 3074.ip 12 3075Logs all SMTP connections. 3076.ip 13 3077Log bad user shells, files with improper permissions, and other 3078questionable situations. 3079.ip 14 3080Logs refused connections. 3081.ip 15 3082Log all incoming and outgoing SMTP commands. 3083.ip 20 3084Logs attempts to run locked queue files. 3085These are not errors, 3086but can be useful to note if your queue appears to be clogged. 3087.ip 30 3088Lost locks (only if using lockf instead of flock). 3089.lp 3090Additionally, 3091values above 64 are reserved for extremely verbose debugging output. 3092No normal site would ever set these. 3093.sh 2 "File Modes" 3094.pp 3095The modes used for files depend on what functionality you want 3096and the level of security you require. 3097In many cases 3098.i sendmail 3099does careful checking of the modes 3100of files and directories 3101to avoid accidental compromise; 3102if you want to make it possible to have group-writable support files 3103you may need to use the 3104.b DontBlameSendmail 3105option to turn off some of these checks. 3106.sh 3 "To suid or not to suid?" 3107.pp 3108.i Sendmail 3109is no longer installed 3110set-user-ID to root. 3111sendmail/SECURITY 3112explains how to configure and install 3113.i sendmail 3114without set-user-ID to root but set-group-ID 3115which is the default configuration starting with 8.12. 3116.pp 3117The daemon usually runs as root, unless other measures are taken. 3118At the point where 3119.i sendmail 3120is about to 3121.i exec \\|(2) 3122a mailer, 3123it checks to see if the userid is zero (root); 3124if so, 3125it resets the userid and groupid to a default 3126(set by the 3127.b U= 3128equate in the mailer line; 3129if that is not set, the 3130.b DefaultUser 3131option is used). 3132This can be overridden 3133by setting the 3134.b S 3135flag to the mailer 3136for mailers that are trusted 3137and must be called as root. 3138However, 3139this will cause mail processing 3140to be accounted 3141(using 3142.i sa \\|(8)) 3143to root 3144rather than to the user sending the mail. 3145.pp 3146A middle ground is to set the 3147.b RunAsUser 3148option. 3149This causes 3150.i sendmail 3151to become the indicated user as soon as it has done the startup 3152that requires root privileges 3153(primarily, opening the 3154.sm SMTP 3155socket). 3156If you use 3157.b RunAsUser , 3158the queue directory 3159(normally 3160.i /var/spool/mqueue ) 3161should be owned by that user, 3162and all files and databases 3163(including user 3164.i \&.forward 3165files, 3166alias files, 3167:include: files, 3168and external databases) 3169must be readable by that user. 3170Also, since sendmail will not be able to change its uid, 3171delivery to programs or files will be marked as unsafe, 3172e.g., undeliverable, 3173in 3174.i \&.forward , 3175aliases, 3176and :include: files. 3177Administrators can override this by setting the 3178.b DontBlameSendmail 3179option to the setting 3180.b NonRootSafeAddr . 3181.b RunAsUser 3182is probably best suited for firewall configurations 3183that don't have regular user logins. 3184If the option is used on a system which performs local delivery, 3185then the local delivery agent must have the proper permissions 3186(i.e., usually set-user-ID root) 3187since it will be invoked by the 3188.b RunAsUser , 3189not by root. 3190.sh 3 "Turning off security checks" 3191.pp 3192.i Sendmail 3193is very particular about the modes of files that it reads or writes. 3194For example, by default it will refuse to read most files 3195that are group writable 3196on the grounds that they might have been tampered with 3197by someone other than the owner; 3198it will even refuse to read files in group writable directories. 3199Also, sendmail will refuse to create a new aliases database in an 3200unsafe directory. You can get around this by manually creating the 3201database file as a trusted user ahead of time and then rebuilding the 3202aliases database with 3203.b newaliases . 3204.pp 3205If you are 3206.i quite 3207sure that your configuration is safe and you want 3208.i sendmail 3209to avoid these security checks, 3210you can turn off certain checks using the 3211.b DontBlameSendmail 3212option. 3213This option takes one or more names that disable checks. 3214In the descriptions that follow, 3215.q "unsafe directory" 3216means a directory that is writable by anyone other than the owner. 3217The values are: 3218.nr ii 0.5i 3219.ip Safe 3220No special handling. 3221.ip AssumeSafeChown 3222Assume that the 3223.i chown 3224system call is restricted to root. 3225Since some versions of UNIX permit regular users 3226to give away their files to other users on some filesystems, 3227.i sendmail 3228often cannot assume that a given file was created by the owner, 3229particularly when it is in a writable directory. 3230You can set this flag if you know that file giveaway is restricted 3231on your system. 3232.ip ClassFileInUnsafeDirPath 3233When reading class files (using the 3234.b F 3235line in the configuration file), 3236allow files that are in unsafe directories. 3237.ip DontWarnForwardFileInUnsafeDirPath 3238Prevent logging of 3239unsafe directory path warnings 3240for non-existent forward files. 3241.ip ErrorHeaderInUnsafeDirPath 3242Allow the file named in the 3243.b ErrorHeader 3244option to be in an unsafe directory. 3245.ip FileDeliveryToHardLink 3246Allow delivery to files that are hard links. 3247.ip FileDeliveryToSymLink 3248Allow delivery to files that are symbolic links. 3249.ip ForwardFileInGroupWritableDirPath 3250Allow 3251.i \&.forward 3252files in group writable directories. 3253.ip ForwardFileInUnsafeDirPath 3254Allow 3255.i \&.forward 3256files in unsafe directories. 3257.ip ForwardFileInUnsafeDirPathSafe 3258Allow a 3259.i \&.forward 3260file that is in an unsafe directory to include references 3261to program and files. 3262.ip GroupReadableKeyFile 3263Accept a group-readable key file for STARTTLS. 3264.ip GroupReadableSASLDBFile 3265Accept a group-readable Cyrus SASL password file. 3266.ip GroupWritableAliasFile 3267Allow group-writable alias files. 3268.ip GroupWritableDirPathSafe 3269Change the definition of 3270.q "unsafe directory" 3271to consider group-writable directories to be safe. 3272World-writable directories are always unsafe. 3273.ip GroupWritableForwardFile 3274Allow group writable 3275.i \&.forward 3276files. 3277.ip GroupWritableForwardFileSafe 3278Accept group-writable 3279.i \&.forward 3280files as safe for program and file delivery. 3281.ip GroupWritableIncludeFile 3282Allow group wriable 3283.i :include: 3284files. 3285.ip GroupWritableIncludeFileSafe 3286Accept group-writable 3287.i :include: 3288files as safe for program and file delivery. 3289.ip GroupWritableSASLDBFile 3290Accept a group-writable Cyrus SASL password file. 3291.ip HelpFileInUnsafeDirPath 3292Allow the file named in the 3293.b HelpFile 3294option to be in an unsafe directory. 3295.ip IncludeFileInGroupWritableDirPath 3296Allow 3297.i :include: 3298files in group writable directories. 3299.ip IncludeFileInUnsafeDirPath 3300Allow 3301.i :include: 3302files in unsafe directories. 3303.ip IncludeFileInUnsafeDirPathSafe 3304Allow a 3305.i :include: 3306file that is in an unsafe directory to include references 3307to program and files. 3308.ip InsufficientEntropy 3309Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded 3310despite the security problems. 3311.ip LinkedAliasFileInWritableDir 3312Allow an alias file that is a link in a writable directory. 3313.ip LinkedClassFileInWritableDir 3314Allow class files that are links in writable directories. 3315.ip LinkedForwardFileInWritableDir 3316Allow 3317.i \&.forward 3318files that are links in writable directories. 3319.ip LinkedIncludeFileInWritableDir 3320Allow 3321.i :include: 3322files that are links in writable directories. 3323.ip LinkedMapInWritableDir 3324Allow map files that are links in writable directories. 3325This includes alias database files. 3326.ip LinkedServiceSwitchFileInWritableDir 3327Allow the service switch file to be a link 3328even if the directory is writable. 3329.ip MapInUnsafeDirPath 3330Allow maps (e.g., 3331.i hash , 3332.i btree , 3333and 3334.i dbm 3335files) 3336in unsafe directories. 3337This includes alias database files. 3338.ip NonRootSafeAddr 3339Do not mark file and program deliveries as unsafe 3340if sendmail is not running with root privileges. 3341.ip RunProgramInUnsafeDirPath 3342Run programs that are in writable directories without logging a warning. 3343.ip RunWritableProgram 3344Run programs that are group- or world-writable without logging a warning. 3345.ip TrustStickyBit 3346Allow group or world writable directories 3347if the sticky bit is set on the directory. 3348Do not set this on systems which do not honor 3349the sticky bit on directories. 3350.ip WorldWritableAliasFile 3351Accept world-writable alias files. 3352.ip WorldWritableForwardfile 3353Allow world writable 3354.i \&.forward 3355files. 3356.ip WorldWritableIncludefile 3357Allow world wriable 3358.i :include: 3359files. 3360.ip WriteMapToHardLink 3361Allow writes to maps that are hard links. 3362.ip WriteMapToSymLink 3363Allow writes to maps that are symbolic links. 3364.ip WriteStatsToHardLink 3365Allow the status file to be a hard link. 3366.ip WriteStatsToSymLink 3367Allow the status file to be a symbolic link. 3368.sh 2 "Connection Caching" 3369.pp 3370When processing the queue, 3371.i sendmail 3372will try to keep the last few open connections open 3373to avoid startup and shutdown costs. 3374This only applies to IPC and LPC connections. 3375.pp 3376When trying to open a connection 3377the cache is first searched. 3378If an open connection is found, it is probed to see if it is still active 3379by sending a 3380.sm RSET 3381command. 3382It is not an error if this fails; 3383instead, the connection is closed and reopened. 3384.pp 3385Two parameters control the connection cache. 3386The 3387.b ConnectionCacheSize 3388(\c 3389.b k ) 3390option defines the number of simultaneous open connections 3391that will be permitted. 3392If it is set to zero, 3393connections will be closed as quickly as possible. 3394The default is one. 3395This should be set as appropriate for your system size; 3396it will limit the amount of system resources that 3397.i sendmail 3398will use during queue runs. 3399Never set this higher than 4. 3400.pp 3401The 3402.b ConnectionCacheTimeout 3403(\c 3404.b K ) 3405option specifies the maximum time that any cached connection 3406will be permitted to idle. 3407When the idle time exceeds this value 3408the connection is closed. 3409This number should be small 3410(under ten minutes) 3411to prevent you from grabbing too many resources 3412from other hosts. 3413The default is five minutes. 3414.sh 2 "Name Server Access" 3415.pp 3416Control of host address lookups is set by the 3417.b hosts 3418service entry in your service switch file. 3419If you are on a system that has built-in service switch support 3420(e.g., Ultrix, Solaris, or DEC OSF/1) 3421then your system is probably configured properly already. 3422Otherwise, 3423.i sendmail 3424will consult the file 3425.b /etc/mail/service.switch , 3426which should be created. 3427.i Sendmail 3428only uses two entries: 3429.b hosts 3430and 3431.b aliases , 3432although system routines may use other services 3433(notably the 3434.b passwd 3435service for user name lookups by 3436.i getpwname ). 3437.pp 3438However, some systems (such as SunOS 4.X) 3439will do DNS lookups 3440regardless of the setting of the service switch entry. 3441In particular, the system routine 3442.i gethostbyname (3) 3443is used to look up host names, 3444and many vendor versions try some combination of DNS, NIS, 3445and file lookup in /etc/hosts 3446without consulting a service switch. 3447.i Sendmail 3448makes no attempt to work around this problem, 3449and the DNS lookup will be done anyway. 3450If you do not have a nameserver configured at all, 3451such as at a UUCP-only site, 3452.i sendmail 3453will get a 3454.q "connection refused" 3455message when it tries to connect to the name server. 3456If the 3457.b hosts 3458switch entry has the service 3459.q dns 3460listed somewhere in the list, 3461.i sendmail 3462will interpret this to mean a temporary failure 3463and will queue the mail for later processing; 3464otherwise, it ignores the name server data. 3465.pp 3466The same technique is used to decide whether to do MX lookups. 3467If you want MX support, you 3468.i must 3469have 3470.q dns 3471listed as a service in the 3472.b hosts 3473switch entry. 3474.pp 3475The 3476.b ResolverOptions 3477(\c 3478.b I ) 3479option allows you to tweak name server options. 3480The command line takes a series of flags as documented in 3481.i resolver (3) 3482(with the leading 3483.q RES_ 3484deleted). 3485Each can be preceded by an optional `+' or `\(mi'. 3486For example, the line 3487.(b 3488O ResolverOptions=+AAONLY \(miDNSRCH 3489.)b 3490turns on the AAONLY (accept authoritative answers only) 3491and turns off the DNSRCH (search the domain path) options. 3492Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE 3493flags on and all others off. 3494If NETINET6 is enabled, most libraries default to USE_INET6 as well. 3495You can also include 3496.q HasWildcardMX 3497to specify that there is a wildcard MX record matching your domain; 3498this turns off MX matching when canonifying names, 3499which can lead to inappropriate canonifications. 3500Use 3501.q WorkAroundBrokenAAAA 3502when faced with a broken nameserver that returns SERVFAIL 3503(a temporary failure) 3504on T_AAAA (IPv6) lookups 3505during hostname canonification. 3506Notice: it might be necessary to apply the same (or similar) options to 3507.i submit.cf 3508too. 3509.pp 3510Version level 1 configurations (see the section about 3511``Configuration Version Level'') 3512turn DNSRCH and DEFNAMES off when doing delivery lookups, 3513but leave them on everywhere else. 3514Version 8 of 3515.i sendmail 3516ignores them when doing canonification lookups 3517(that is, when using $[ ... $]), 3518and always does the search. 3519If you don't want to do automatic name extension, 3520don't call $[ ... $]. 3521.pp 3522The search rules for $[ ... $] are somewhat different than usual. 3523If the name being looked up 3524has at least one dot, it always tries the unmodified name first. 3525If that fails, it tries the reduced search path, 3526and lastly tries the unmodified name 3527(but only for names without a dot, 3528since names with a dot have already been tried). 3529This allows names such as 3530``utc.CS'' 3531to match the site in Czechoslovakia 3532rather than the site in your local Computer Science department. 3533It also prefers A and CNAME records over MX records \- 3534that is, if it finds an MX record it makes note of it, 3535but keeps looking. 3536This way, if you have a wildcard MX record matching your domain, 3537it will not assume that all names match. 3538.pp 3539To completely turn off all name server access 3540on systems without service switch support 3541(such as SunOS 4.X) 3542you will have to recompile with 3543\-DNAMED_BIND=0 3544and remove \-lresolv from the list of libraries to be searched 3545when linking. 3546.sh 2 "Moving the Per-User Forward Files" 3547.pp 3548Some sites mount each user's home directory 3549from a local disk on their workstation, 3550so that local access is fast. 3551However, the result is that .forward file lookups 3552from a central mail server are slow. 3553In some cases, 3554mail can even be delivered on machines inappropriately 3555because of a file server being down. 3556The performance can be especially bad if you run the automounter. 3557.pp 3558The 3559.b ForwardPath 3560(\c 3561.b J ) 3562option allows you to set a path of forward files. 3563For example, the config file line 3564.(b 3565O ForwardPath=/var/forward/$u:$z/.forward.$w 3566.)b 3567would first look for a file with the same name as the user's login 3568in /var/forward; 3569if that is not found (or is inaccessible) 3570the file 3571``.forward.\c 3572.i machinename '' 3573in the user's home directory is searched. 3574A truly perverse site could also search by sender 3575by using $r, $s, or $f. 3576.pp 3577If you create a directory such as /var/forward, 3578it should be mode 1777 3579(that is, the sticky bit should be set). 3580Users should create the files mode 0644. 3581Note that you must use the 3582ForwardFileInUnsafeDirPath and 3583ForwardFileInUnsafeDirPathSafe 3584flags with the 3585.b DontBlameSendmail 3586option to allow forward files in a world writable directory. 3587This might also be used as a denial of service attack 3588(users could create forward files for other users); 3589a better approach might be to create 3590/var/forward 3591mode 0755 3592and create empty files for each user, 3593owned by that user, 3594mode 0644. 3595If you do this, you don't have to set the DontBlameSendmail options 3596indicated above. 3597.sh 2 "Free Space" 3598.pp 3599On systems that have one of the system calls in the 3600.i statfs (2) 3601family 3602(including 3603.i statvfs 3604and 3605.i ustat ), 3606you can specify a minimum number of free blocks on the queue filesystem 3607using the 3608.b MinFreeBlocks 3609(\c 3610.b b ) 3611option. 3612If there are fewer than the indicated number of blocks free 3613on the filesystem on which the queue is mounted 3614the SMTP server will reject mail 3615with the 3616452 error code. 3617This invites the SMTP client to try again later. 3618.pp 3619Beware of setting this option too high; 3620it can cause rejection of email 3621when that mail would be processed without difficulty. 3622.sh 2 "Maximum Message Size" 3623.pp 3624To avoid overflowing your system with a large message, 3625the 3626.b MaxMessageSize 3627option can be set to set an absolute limit 3628on the size of any one message. 3629This will be advertised in the ESMTP dialogue 3630and checked during message collection. 3631.sh 2 "Privacy Flags" 3632.pp 3633The 3634.b PrivacyOptions 3635(\c 3636.b p ) 3637option allows you to set certain 3638``privacy'' 3639flags. 3640Actually, many of them don't give you any extra privacy, 3641rather just insisting that client SMTP servers 3642use the HELO command 3643before using certain commands 3644or adding extra headers to indicate possible spoof attempts. 3645.pp 3646The option takes a series of flag names; 3647the final privacy is the inclusive or of those flags. 3648For example: 3649.(b 3650O PrivacyOptions=needmailhelo, noexpn 3651.)b 3652insists that the HELO or EHLO command be used before a MAIL command is accepted 3653and disables the EXPN command. 3654.pp 3655The flags are detailed in section 3656.\"XREF 36575.6. 3658.sh 2 "Send to Me Too" 3659.pp 3660Beginning with version 8.10, 3661.i sendmail 3662includes by default the (envelope) sender in any list expansions. 3663For example, if 3664.q matt 3665sends to a list that contains 3666.q matt 3667as one of the members he will get a copy of the message. 3668If the 3669.b MeToo 3670option is set to 3671.sm FALSE 3672(in the configuration file or via the command line), 3673this behavior is changed, i.e., 3674the (envelope) sender is excluded in list expansions. 3675.sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE" 3676.pp 3677This section describes the configuration file 3678in detail. 3679.pp 3680There is one point that should be made clear immediately: 3681the syntax of the configuration file 3682is designed to be reasonably easy to parse, 3683since this is done every time 3684.i sendmail 3685starts up, 3686rather than easy for a human to read or write. 3687The configuration file should be generated via the method described in 3688.b cf/README , 3689it should not be edited directly unless someone is familiar 3690with the internals of the syntax described here and it is 3691not possible to achieve the desired result via the default method. 3692.pp 3693The configuration file is organized as a series of lines, 3694each of which begins with a single character 3695defining the semantics for the rest of the line. 3696Lines beginning with a space or a tab 3697are continuation lines 3698(although the semantics are not well defined in many places). 3699Blank lines and lines beginning with a sharp symbol 3700(`#') 3701are comments. 3702.sh 2 "R and S \- Rewriting Rules" 3703.pp 3704The core of address parsing 3705are the rewriting rules. 3706These are an ordered production system. 3707.i Sendmail 3708scans through the set of rewriting rules 3709looking for a match on the left hand side 3710(LHS) 3711of the rule. 3712When a rule matches, 3713the address is replaced by the right hand side 3714(RHS) 3715of the rule. 3716.pp 3717There are several sets of rewriting rules. 3718Some of the rewriting sets are used internally 3719and must have specific semantics. 3720Other rewriting sets 3721do not have specifically assigned semantics, 3722and may be referenced by the mailer definitions 3723or by other rewriting sets. 3724.pp 3725The syntax of these two commands are: 3726.(b F 3727.b S \c 3728.i n 3729.)b 3730Sets the current ruleset being collected to 3731.i n . 3732If you begin a ruleset more than once 3733it appends to the old definition. 3734.(b F 3735.b R \c 3736.i lhs 3737.i rhs 3738.i comments 3739.)b 3740The 3741fields must be separated 3742by at least one tab character; 3743there may be embedded spaces 3744in the fields. 3745The 3746.i lhs 3747is a pattern that is applied to the input. 3748If it matches, 3749the input is rewritten to the 3750.i rhs . 3751The 3752.i comments 3753are ignored. 3754.pp 3755Macro expansions of the form 3756.b $ \c 3757.i x 3758are performed when the configuration file is read. 3759A literal 3760.b $ 3761can be included using 3762.b $$ . 3763Expansions of the form 3764.b $& \c 3765.i x 3766are performed at run time using a somewhat less general algorithm. 3767This is intended only for referencing internally defined macros 3768such as 3769.b $h 3770that are changed at runtime. 3771.sh 3 "The left hand side" 3772.pp 3773The left hand side of rewriting rules contains a pattern. 3774Normal words are simply matched directly. 3775Metasyntax is introduced using a dollar sign. 3776The metasymbols are: 3777.(b 3778.ta \w'\fB$=\fP\fIx\fP 'u 3779\fB$\fP Match zero or more tokens 3780\fB$+\fP Match one or more tokens 3781\fB$\-\fP Match exactly one token 3782\fB$=\fP\fIx\fP Match any phrase in class \fIx\fP 3783\fB$~\fP\fIx\fP Match any word not in class \fIx\fP 3784.)b 3785If any of these match, 3786they are assigned to the symbol 3787.b $ \c 3788.i n 3789for replacement on the right hand side, 3790where 3791.i n 3792is the index in the LHS. 3793For example, 3794if the LHS: 3795.(b 3796$\-:$+ 3797.)b 3798is applied to the input: 3799.(b 3800UCBARPA:eric 3801.)b 3802the rule will match, and the values passed to the RHS will be: 3803.(b 3804.ta 4n 3805$1 UCBARPA 3806$2 eric 3807.)b 3808.pp 3809Additionally, the LHS can include 3810.b $@ 3811to match zero tokens. 3812This is 3813.i not 3814bound to a 3815.b $ \c 3816.i n 3817on the RHS, and is normally only used when it stands alone 3818in order to match the null input. 3819.sh 3 "The right hand side" 3820.pp 3821When the left hand side of a rewriting rule matches, 3822the input is deleted and replaced by the right hand side. 3823Tokens are copied directly from the RHS 3824unless they begin with a dollar sign. 3825Metasymbols are: 3826.(b 3827.ta \w'$#mailer\0\0\0'u 3828\fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS 3829\fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP 3830\fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP 3831* Generalized keyed mapping function 3832\fB$>\fP\fIn\fP \(lqCall\(rq ruleset \fIn\fP 3833\fB$#\fP\fImailer\fP Resolve to \fImailer\fP 3834\fB$@\fP\fIhost\fP Specify \fIhost\fP 3835\fB$:\fP\fIuser\fP Specify \fIuser\fP 3836.)b 3837.pp 3838The 3839.b $ \c 3840.i n 3841syntax substitutes the corresponding value from a 3842.b $+ , 3843.b $\- , 3844.b $* , 3845.b $= , 3846or 3847.b $~ 3848match on the LHS. 3849It may be used anywhere. 3850.pp 3851A host name enclosed between 3852.b $[ 3853and 3854.b $] 3855is looked up in the host database(s) 3856and replaced by the canonical name\*. 3857.(f 3858\This is actually 3859completely equivalent 3860to $(host \fIhostname\fP$). 3861In particular, a 3862.b $: 3863default can be used. 3864.)f 3865For example, 3866.q $[ftp$] 3867might become 3868.q ftp.CS.Berkeley.EDU 3869and 3870.q $[[128.32.130.2]$] 3871would become 3872.q vangogh.CS.Berkeley.EDU. 3873.i Sendmail 3874recognizes its numeric IP address 3875without calling the name server 3876and replaces it with its canonical name. 3877.pp 3878The 3879.b $( 3880\&... 3881.b $) 3882syntax is a more general form of lookup; 3883it uses a named map instead of an implicit map. 3884If no lookup is found, the indicated 3885.i default 3886is inserted; 3887if no default is specified and no lookup matches, 3888the value is left unchanged. 3889The 3890.i arguments 3891are passed to the map for possible use. 3892.pp 3893The 3894.b $> \c 3895.i n 3896syntax 3897causes the remainder of the line to be substituted as usual 3898and then passed as the argument to ruleset 3899.i n . 3900The final value of ruleset 3901.i n 3902then becomes 3903the substitution for this rule. 3904The 3905.b $> 3906syntax expands everything after the ruleset name 3907to the end of the replacement string 3908and then passes that as the initial input to the ruleset. 3909Recursive calls are allowed. 3910For example, 3911.(b 3912$>0 $>3 $1 3913.)b 3914expands $1, passes that to ruleset 3, and then passes the result 3915of ruleset 3 to ruleset 0. 3916.pp 3917The 3918.b $# 3919syntax should 3920.i only 3921be used in ruleset zero, 3922a subroutine of ruleset zero, 3923or rulesets that return decisions (e.g., check_rcpt). 3924It causes evaluation of the ruleset to terminate immediately, 3925and signals to 3926.i sendmail 3927that the address has completely resolved. 3928The complete syntax for ruleset 0 is: 3929.(b 3930\fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP 3931.)b 3932This specifies the 3933{mailer, host, user} 39343-tuple necessary to direct the mailer. 3935Note: the third element ( 3936.i user 3937) is often also called 3938.i address 3939part. 3940If the mailer is local 3941the host part may be omitted\. 3942.(f 3943\You may want to use it for special 3944.q "per user" 3945extensions. 3946For example, in the address 3947.q jgm+foo@CMU.EDU ; 3948the 3949.q +foo 3950part is not part of the user name, 3951and is passed to the local mailer for local use. 3952.)f 3953The 3954.i mailer 3955must be a single word, 3956but the 3957.i host 3958and 3959.i user 3960may be multi-part. 3961If the 3962.i mailer 3963is the built-in IPC mailer, 3964the 3965.i host 3966may be a colon-separated list of hosts 3967that are searched in order for the first working address 3968(exactly like MX records). 3969The 3970.i user 3971is later rewritten by the mailer-specific envelope rewriting set 3972and assigned to the 3973.b $u 3974macro. 3975As a special case, if the mailer specified has the 3976.b F=@ 3977flag specified 3978and the first character of the 3979.b $: 3980value is 3981.q @ , 3982the 3983.q @ 3984is stripped off, and a flag is set in the address descriptor 3985that causes sendmail to not do ruleset 5 processing. 3986.pp 3987Normally, a rule that matches is retried, 3988that is, 3989the rule loops until it fails. 3990A RHS may also be preceded by a 3991.b $@ 3992or a 3993.b $: 3994to change this behavior. 3995A 3996.b $@ 3997prefix causes the ruleset to return with the remainder of the RHS 3998as the value. 3999A 4000.b $: 4001prefix causes the rule to terminate immediately, 4002but the ruleset to continue; 4003this can be used to avoid continued application of a rule. 4004The prefix is stripped before continuing. 4005.pp 4006The 4007.b $@ 4008and 4009.b $: 4010prefixes may precede a 4011.b $> 4012spec; 4013for example: 4014.(b 4015.ta 8n 4016R$+ $: $>7 $1 4017.)b 4018matches anything, 4019passes that to ruleset seven, 4020and continues; 4021the 4022.b $: 4023is necessary to avoid an infinite loop. 4024.pp 4025Substitution occurs in the order described, 4026that is, 4027parameters from the LHS are substituted, 4028hostnames are canonicalized, 4029.q subroutines 4030are called, 4031and finally 4032.b $# , 4033.b $@ , 4034and 4035.b $: 4036are processed. 4037.sh 3 "Semantics of rewriting rule sets" 4038.pp 4039There are six rewriting sets 4040that have specific semantics. 4041Five of these are related as depicted by figure 1. 4042.(z 4043.hl 4044.ie n \{\ 4045.(c 4046* +---+ 4047 -->\| 0 \|-->resolved address 4048 / +---+ 4049 / +---+ +---+ 4050 / ---->\| 1 \|-->\| S \|-- 4051 +---+ / +---+ / +---+ +---+ \e +---+ 4052addr-->\| 3 \|-->\| D \|-- --->\| 4 \|-->msg 4053 +---+ +---+ \e +---+ +---+ / +---+ 4054 --->\| 2 \|-->\| R \|-- 4055 +---+ +---+ 4056.)c 4057 4058.\} 4059.el \{\ 4060.ie !"\(.T"" \{\ 4061.PS 4062boxwid = 0.3i 4063boxht = 0.3i 4064movewid = 0.3i 4065moveht = 0.3i 4066linewid = 0.3i 4067lineht = 0.3i 4068* 4069 box invis "addr"; arrow 4070Box3: box "3" 4071A1: arrow 4072BoxD: box "D"; line; L1: Here 4073C: [ 4074 C1: arrow; box "1"; arrow; box "S"; line; E1: Here 4075 move to C1 down 0.5; right 4076 C2: arrow; box "2"; arrow; box "R"; line; E2: Here 4077 ] with .w at L1 + (0.5, 0) 4078 move to C.e right 0.5 4079L4: arrow; box "4"; arrow; box invis "msg" 4080 line from L1 to C.C1 4081 line from L1 to C.C2 4082 line from C.E1 to L4 4083 line from C.E2 to L4 4084 move to BoxD.n up 0.6; right 4085Box0: arrow; box "0" 4086 arrow; box invis "resolved address" width 1.3 4087 line from 1/3 of the way between A1 and BoxD.w to Box0 4088.PE 4089.\} 4090.el .sp 2i 4091.\} 4092.ce 4093Figure 1 \- Rewriting set semantics 4094.(c 4095D \- sender domain addition 4096S \- mailer-specific sender rewriting 4097R \- mailer-specific recipient rewriting 4098.)c 4099.hl 4100.)z 4101.pp 4102Ruleset three 4103should turn the address into 4104.q "canonical form." 4105This form should have the basic syntax: 4106.(b 4107local-part@host-domain-spec 4108.)b 4109Ruleset three 4110is applied by 4111.i sendmail 4112before doing anything with any address. 4113.pp 4114If no 4115.q @ 4116sign is specified, 4117then the 4118host-domain-spec 4119.i may 4120be appended (box 4121.q D 4122in Figure 1) 4123from the 4124sender address 4125(if the 4126.b C 4127flag is set in the mailer definition 4128corresponding to the 4129.i sending 4130mailer). 4131.pp 4132Ruleset zero 4133is applied after ruleset three 4134to addresses that are going to actually specify recipients. 4135It must resolve to a 4136.i "{mailer, host, address}" 4137triple. 4138The 4139.i mailer 4140must be defined in the mailer definitions 4141from the configuration file. 4142The 4143.i host 4144is defined into the 4145.b $h 4146macro 4147for use in the argv expansion of the specified mailer. 4148Notice: since the envelope sender address will be used if 4149a delivery status notification must be send, 4150i.e., is may specify a recipient, 4151it is also run through ruleset zero. 4152If ruleset zero returns a temporary error 4153.b 4xy 4154then delivery is deferred. 4155This can be used to temporarily disable delivery, 4156e.g., based on the time of the day or other varying parameters. 4157It should not be used to quarantine e-mails. 4158.pp 4159Rulesets one and two 4160are applied to all sender and recipient addresses respectively. 4161They are applied before any specification 4162in the mailer definition. 4163They must never resolve. 4164.pp 4165Ruleset four is applied to all addresses 4166in the message. 4167It is typically used 4168to translate internal to external form. 4169.pp 4170In addition, 4171ruleset 5 is applied to all local addresses 4172(specifically, those that resolve to a mailer with the `F=5' 4173flag set) 4174that do not have aliases. 4175This allows a last minute hook for local names. 4176.sh 3 "Ruleset hooks" 4177.pp 4178A few extra rulesets are defined as 4179.q hooks 4180that can be defined to get special features. 4181They are all named rulesets. 4182The 4183.q check_* 4184forms all give accept/reject status; 4185falling off the end or returning normally is an accept, 4186and resolving to 4187.b $#error 4188is a reject or quarantine. 4189Quarantining is chosen by specifying 4190.b quarantine 4191in the second part of the mailer triplet: 4192.(b 4193$#error $@ quarantine $: Reason for quarantine 4194.)b 4195Many of these can also resolve to the special mailer name 4196.b $#discard ; 4197this accepts the message as though it were successful 4198but then discards it without delivery. 4199Note, 4200this mailer cannot be chosen as a mailer in ruleset 0. 4201Note also that all 4202.q check_* 4203rulesets have to deal with temporary failures, especially for map lookups, 4204themselves, i.e., they should return a temporary error code 4205or at least they should make a proper decision in those cases. 4206.sh 4 "check_relay" 4207.pp 4208The 4209.i check_relay 4210ruleset is called after a connection is accepted by the daemon. 4211It is not called when sendmail is started using the 4212.b \-bs 4213option. 4214It is passed 4215.(b 4216client.host.name $\| client.host.address 4217.)b 4218where 4219.b $\| 4220is a metacharacter separating the two parts. 4221This ruleset can reject connections from various locations. 4222Note that it only checks the connecting SMTP client IP address and hostname. 4223It does not check for third party message relaying. 4224The 4225.i check_rcpt 4226ruleset discussed below usually does third party message relay checking. 4227.sh 4 "check_mail" 4228.pp 4229The 4230.i check_mail 4231ruleset is passed the user name parameter of the 4232.sm "SMTP MAIL" 4233command. 4234It can accept or reject the address. 4235.sh 4 "check_rcpt" 4236.pp 4237The 4238.i check_rcpt 4239ruleset is passed the user name parameter of the 4240.sm "SMTP RCPT" 4241command. 4242It can accept or reject the address. 4243.sh 4 "check_data" 4244.pp 4245The 4246.i check_data 4247ruleset is called after the 4248.sm "SMTP DATA" 4249command, its parameter is the number of recipients. 4250It can accept or reject the command. 4251.sh 4 "check_compat" 4252.pp 4253The 4254.i check_compat 4255ruleset is passed 4256.(b 4257sender-address $\| recipient-address 4258.)b 4259where 4260.b $\| 4261is a metacharacter separating the addresses. 4262It can accept or reject mail transfer between these two addresses 4263much like the 4264.i checkcompat() 4265function. 4266Note: 4267while other 4268.i check_* 4269rulesets are invoked during the SMTP mail receiption stage 4270(i.e., in the SMTP server), 4271.i check_compat 4272is invoked during the mail delivery stage. 4273.sh 4 "check_eoh" 4274.pp 4275The 4276.i check_eoh 4277ruleset is passed 4278.(b 4279number-of-headers $\| size-of-headers 4280.)b 4281where 4282.b $\| 4283is a metacharacter separating the numbers. 4284These numbers can be used for size comparisons with the 4285.b arith 4286map. 4287The ruleset is triggered after 4288all of the headers have been read. 4289It can be used to correlate information gathered 4290from those headers using the 4291.b macro 4292storage map. 4293One possible use is to check for a missing header. 4294For example: 4295.(b 4296.ta 1.5i 4297Kstorage macro 4298HMessage-Id: $>CheckMessageId 4299 4300SCheckMessageId 4301# Record the presence of the header 4302R$* $: $(storage {MessageIdCheck} $@ OK $) $1 4303R< $+ @ $+ > $@ OK 4304R$* $#error $: 553 Header Error 4305 4306Scheck_eoh 4307# Check the macro 4308R$* $: < $&{MessageIdCheck} > 4309# Clear the macro for the next message 4310R$* $: $(storage {MessageIdCheck} $) $1 4311# Has a Message-Id: header 4312R< $+ > $@ OK 4313# Allow missing Message-Id: from local mail 4314R$* $: < $&{client_name} > 4315R< > $@ OK 4316R< $=w > $@ OK 4317# Otherwise, reject the mail 4318R$* $#error $: 553 Header Error 4319.)b 4320Keep in mind the Message-Id: header is not a required header and 4321is not a guaranteed spam indicator. 4322This ruleset is an example and 4323should probably not be used in production. 4324.sh 4 "check_eom" 4325.pp 4326The 4327.i check_eom 4328ruleset is called after the end of a message, 4329its parameter is the message size. 4330It can accept or reject the message. 4331.sh 4 "check_etrn" 4332.pp 4333The 4334.i check_etrn 4335ruleset is passed the parameter of the 4336.sm "SMTP ETRN" 4337command. 4338It can accept or reject the command. 4339.sh 4 "check_expn" 4340.pp 4341The 4342.i check_expn 4343ruleset is passed the user name parameter of the 4344.sm "SMTP EXPN" 4345command. 4346It can accept or reject the address. 4347.sh 4 "check_vrfy" 4348.pp 4349The 4350.i check_vrfy 4351ruleset is passed the user name parameter of the 4352.sm "SMTP VRFY" 4353command. 4354It can accept or reject the command. 4355.sh 4 "trust_auth" 4356.pp 4357The 4358.i trust_auth 4359ruleset is passed the AUTH= parameter of the 4360.sm "SMTP MAIL" 4361command. 4362It is used to determine whether this value should be 4363trusted. In order to make this decision, the ruleset 4364may make use of the various 4365.b ${auth_} 4366macros. 4367If the ruleset does resolve to the 4368.q error 4369mailer the AUTH= parameter is not trusted and hence 4370not passed on to the next relay. 4371.sh 4 "tls_client" 4372.pp 4373The 4374.i tls_client 4375ruleset is called when sendmail acts as server, after a STARTTLS command 4376has been issued, and from 4377.i check_mail. 4378The parameter is the value of 4379.b ${verify} 4380and STARTTLS or MAIL, respectively. 4381If the ruleset does resolve to the 4382.q error 4383mailer, the appropriate error code is returned to the client. 4384.sh 4 "tls_server" 4385.pp 4386The 4387.i tls_server 4388ruleset is called when sendmail acts as client after a STARTTLS command 4389(should) have been issued. 4390The parameter is the value of 4391.b ${verify} . 4392If the ruleset does resolve to the 4393.q error 4394mailer, the connection is aborted 4395(treated as non-deliverable with a permanent or temporary error). 4396.sh 4 "tls_rcpt" 4397.pp 4398The 4399.i tls_rcpt 4400ruleset is called each time before a RCPT TO command is sent. 4401The parameter is the current recipient. 4402If the ruleset does resolve to the 4403.q error 4404mailer, the RCPT TO command is suppressed 4405(treated as non-deliverable with a permanent or temporary error). 4406This ruleset allows to require encryption or verification of 4407the recipient's MTA even if the mail is somehow redirected 4408to another host. 4409For example, sending mail to 4410.i luke@endmail.org 4411may get redirected to a host named 4412.i death.star 4413and hence the tls_server ruleset won't apply. 4414By introducing per recipient restrictions such attacks 4415(e.g., via DNS spoofing) can be made impossible. 4416See 4417.i cf/README 4418how this ruleset can be used. 4419.sh 4 "srv_features" 4420.pp 4421The 4422.i srv_features 4423ruleset is called with the connecting client's host name 4424when a client connects to sendmail. 4425This ruleset should return 4426.b $# 4427followed by a list of options (single characters 4428delimited by white space). 4429If the return value starts with anything else it is silently ignored. 4430Generally upper case characters turn off a feature 4431while lower case characters turn it on. 4432Option `S' causes the server not to offer STARTTLS, 4433which is useful to interact with MTAs/MUAs that have broken 4434STARTTLS implementations by simply not offering it. 4435`V' turns off the request for a client certificate during the TLS handshake. 4436Options `A' and `P' suppress SMTP AUTH and PIPELINING, respectively. 4437`c' is the equivalent to AuthOptions=p, i.e., 4438it doesn't permit mechanisms susceptible to simple 4439passive attack (e.g., PLAIN, LOGIN), unless a security layer is active. 4440Option `l' requires SMTP AUTH for a connection. 4441Options 'B', 'D', 'E', and 'X' suppress SMTP VERB, DSN, ETRN, and EXPN, 4442respectively. 4443.(b 4444.ta 9n 4445A Do not offer AUTH 4446a Offer AUTH (default) 4447B Do not offer VERB 4448b Offer VERB (default) 4449C Do not require security layer for 4450* plaintext AUTH (default) 4451c Require security layer for plaintext AUTH 4452D Do not offer DSN 4453d Offer DSN (default) 4454E Do not offer ETRN 4455e Offer ETRN (default) 4456L Do not require AUTH (default) 4457l Require AUTH 4458P Do not offer PIPELINING 4459p Offer PIPELINING (default) 4460S Do not offer STARTTLS 4461s Offer STARTTLS (default) 4462V Do not request a client certificate 4463v Request a client certificate (default) 4464X Do not offer EXPN 4465x Offer EXPN (default) 4466.)b 4467Note: the entries marked as ``(default)'' may require that some 4468configuration has been made, e.g., SMTP AUTH is only available if 4469properly configured. 4470Moreover, many options can be changed on a global basis via other 4471settings as explained in this document, e.g., via DaemonPortOptions. 4472.pp 4473The ruleset may return `$#temp' to indicate that there is a temporary 4474problem determining the correct features, e.g., if a map is unavailable. 4475In that case, the SMTP server issues a temporary failure and does not 4476accept email. 4477.sh 4 "try_tls" 4478.pp 4479The 4480.i try_tls 4481ruleset is called when sendmail connects to another MTA. 4482If the ruleset does resolve to the 4483.q error 4484mailer, sendmail does not try STARTTLS even if it is offered. 4485This is useful to interact with MTAs that have broken 4486STARTTLS implementations by simply not using it. 4487.sh 4 "authinfo" 4488.pp 4489The 4490.i authinfo 4491ruleset is called when sendmail tries to authenticate to another MTA. 4492It should return 4493.b $# 4494followed by a list of tokens that are used for SMTP AUTH. 4495If the return value starts with anything else it is silently ignored. 4496Each token is a tagged string of the form: 4497"TDstring" 4498(including the quotes), where 4499.(b 4500.ta 9n 4501T Tag which describes the item 4502D Delimiter: ':' simple text follows 4503 '=' string is base64 encoded 4504string Value of the item 4505.)b 4506Valid values for the tag are: 4507.(b 4508.ta 9n 4509U user (authorization) id 4510I authentication id 4511P password 4512R realm 4513M list of mechanisms delimited by spaces 4514.)b 4515If this ruleset is defined, the option 4516.b DefaultAuthInfo 4517is ignored (even if the ruleset does not return a ``useful'' result). 4518.sh 4 "queuegroup" 4519.pp 4520The 4521.i queuegroup 4522ruleset is used to map a recipient address to a queue group name. 4523The input for the ruleset is a recipient address as specified by the 4524.sm "SMTP RCPT" 4525command. 4526The ruleset should return 4527.b $# 4528followed by the name of a queue group. 4529If the return value starts with anything else it is silently ignored. 4530See the section about ``Queue Groups and Queue Directories'' 4531for further information. 4532.sh 4 "greet_pause" 4533.pp 4534The 4535.i greet_pause 4536ruleset is used to specify the amount of time to pause before sending the 4537initial SMTP 220 greeting. 4538If any traffic is received during that pause, an SMTP 554 rejection 4539response is given instead of the 220 greeting and all SMTP commands are 4540rejected during that connection. 4541This helps protect sites from open proxies and SMTP slammers. 4542The ruleset should return 4543.b $# 4544followed by the number of milliseconds (thousandths of a second) to 4545pause. 4546If the return value starts with anything else or is not a number, 4547it is silently ignored. 4548Note: this ruleset is not invoked (and hence the feature is disabled) 4549when the smtps (SMTP over SSL) is used, i.e., 4550the 4551.i s 4552modifier is set for the daemon via 4553.b DaemonPortOptions , 4554because in this case the SSL handshake is performed before 4555the greeting is sent. 4556.sh 3 "IPC mailers" 4557.pp 4558Some special processing occurs 4559if the ruleset zero resolves to an IPC mailer 4560(that is, a mailer that has 4561.q [IPC] 4562listed as the Path in the 4563.b M 4564configuration line. 4565The host name passed after 4566.q $@ 4567has MX expansion performed if not delivering via a named socket; 4568this looks the name up in DNS to find alternate delivery sites. 4569.pp 4570The host name can also be provided as a dotted quad 4571or an IPv6 address in square brackets; 4572for example: 4573.(b 4574[128.32.149.78] 4575.)b 4576or 4577.(b 4578[IPv6:2002:c0a8:51d2::23f4] 4579.)b 4580This causes direct conversion of the numeric value 4581to an IP host address. 4582.pp 4583The host name passed in after the 4584.q $@ 4585may also be a colon-separated list of hosts. 4586Each is separately MX expanded and the results are concatenated 4587to make (essentially) one long MX list. 4588The intent here is to create 4589.q fake 4590MX records that are not published in DNS 4591for private internal networks. 4592.pp 4593As a final special case, the host name can be passed in 4594as a text string 4595in square brackets: 4596.(b 4597[ucbvax.berkeley.edu] 4598.)b 4599This form avoids the MX mapping. 4600.b N.B.: 4601.i 4602This is intended only for situations where you have a network firewall 4603or other host that will do special processing for all your mail, 4604so that your MX record points to a gateway machine; 4605this machine could then do direct delivery to machines 4606within your local domain. 4607Use of this feature directly violates RFC 1123 section 5.3.5: 4608it should not be used lightly. 4609.r 4610.sh 2 "D \- Define Macro" 4611.pp 4612Macros are named with a single character 4613or with a word in {braces}. 4614The names ``x'' and ``{x}'' denote the same macro 4615for every single character ``x''. 4616Single character names may be selected from the entire ASCII set, 4617but user-defined macros 4618should be selected from the set of upper case letters only. 4619Lower case letters 4620and special symbols 4621are used internally. 4622Long names beginning with a lower case letter or a punctuation character 4623are reserved for use by sendmail, 4624so user-defined long macro names should begin with an upper case letter. 4625.pp 4626The syntax for macro definitions is: 4627.(b F 4628.b D \c 4629.i x\\|val 4630.)b 4631where 4632.i x 4633is the name of the macro 4634(which may be a single character 4635or a word in braces) 4636and 4637.i val 4638is the value it should have. 4639There should be no spaces given 4640that do not actually belong in the macro value. 4641.pp 4642Macros are interpolated 4643using the construct 4644.b $ \c 4645.i x , 4646where 4647.i x 4648is the name of the macro to be interpolated. 4649This interpolation is done when the configuration file is read, 4650except in 4651.b M 4652lines. 4653The special construct 4654.b $& \c 4655.i x 4656can be used in 4657.b R 4658lines to get deferred interpolation. 4659.pp 4660Conditionals can be specified using the syntax: 4661.(b 4662$?x text1 $\| text2 $. 4663.)b 4664This interpolates 4665.i text1 4666if the macro 4667.b $x 4668is set and non-null, 4669and 4670.i text2 4671otherwise. 4672The 4673.q else 4674(\c 4675.b $\| ) 4676clause may be omitted. 4677.pp 4678The following macros are defined and/or used internally by 4679.i sendmail 4680for interpolation into argv's for mailers 4681or for other contexts. 4682The ones marked \(dg are information passed into sendmail\, 4683.(f 4684\As of version 8.6, 4685all of these macros have reasonable defaults. 4686Previous versions required that they be defined. 4687.)f 4688the ones marked \(dd are information passed both in and out of sendmail, 4689and the unmarked macros are passed out of sendmail 4690but are not otherwise used internally. 4691These macros are: 4692.nr ii 5n 4693.ip $a 4694The origination date in RFC 822 format. 4695This is extracted from the Date: line. 4696.ip $b 4697The current date in RFC 822 format. 4698.ip $c 4699The hop count. 4700This is a count of the number of Received: lines 4701plus the value of the 4702.b \-h 4703command line flag. 4704.ip $d 4705The current date in UNIX (ctime) format. 4706.ip $e\(dg 4707(Obsolete; use SmtpGreetingMessage option instead.) 4708The SMTP entry message. 4709This is printed out when SMTP starts up. 4710The first word must be the 4711.b $j 4712macro as specified by RFC 821. 4713Defaults to 4714.q "$j Sendmail $v ready at $b" . 4715Commonly redefined to include the configuration version number, e.g., 4716.q "$j Sendmail $v/$Z ready at $b" 4717.ip $f 4718The envelope sender (from) address. 4719.ip $g 4720The sender address relative to the recipient. 4721For example, if 4722.b $f 4723is 4724.q foo , 4725.b $g 4726will be 4727.q host!foo , 4728.q foo@host.domain , 4729or whatever is appropriate for the receiving mailer. 4730.ip $h 4731The recipient host. 4732This is set in ruleset 0 from the $@ field of a parsed address. 4733.ip $i 4734The queue id, 4735e.g., 4736.q f344MXxp018717 . 4737.ip $j\(dd 4738The \(lqofficial\(rq domain name for this site. 4739This is fully qualified if the full qualification can be found. 4740It 4741.i must 4742be redefined to be the fully qualified domain name 4743if your system is not configured so that information can find 4744it automatically. 4745.ip $k 4746The UUCP node name (from the uname system call). 4747.ip $l\(dg 4748(Obsolete; use UnixFromLine option instead.) 4749The format of the UNIX from line. 4750Unless you have changed the UNIX mailbox format, 4751you should not change the default, 4752which is 4753.q "From $g $d" . 4754.ip $m 4755The domain part of the \fIgethostname\fP return value. 4756Under normal circumstances, 4757.b $j 4758is equivalent to 4759.b $w.$m . 4760.ip $n\(dg 4761The name of the daemon (for error messages). 4762Defaults to 4763.q MAILER-DAEMON . 4764.ip $o\(dg 4765(Obsolete: use OperatorChars option instead.) 4766The set of \(lqoperators\(rq in addresses. 4767A list of characters 4768which will be considered tokens 4769and which will separate tokens 4770when doing parsing. 4771For example, if 4772.q @ 4773were in the 4774.b $o 4775macro, then the input 4776.q a@b 4777would be scanned as three tokens: 4778.q a, 4779.q @, 4780and 4781.q b. 4782Defaults to 4783.q ".:@[]" , 4784which is the minimum set necessary to do RFC 822 parsing; 4785a richer set of operators is 4786.q ".:%@!/[]" , 4787which adds support for UUCP, the %-hack, and X.400 addresses. 4788.ip $p 4789Sendmail's process id. 4790.ip $q\(dg 4791Default format of sender address. 4792The 4793.b $q 4794macro specifies how an address should appear in a message 4795when it is defaulted. 4796Defaults to 4797.q "<$g>" . 4798It is commonly redefined to be 4799.q "$?x$x <$g>$\|$g$." 4800or 4801.q "$g$?x ($x)$." , 4802corresponding to the following two formats: 4803.(b 4804Eric Allman <eric@CS.Berkeley.EDU> 4805eric@CS.Berkeley.EDU (Eric Allman) 4806.)b 4807.i Sendmail 4808properly quotes names that have special characters 4809if the first form is used. 4810.ip $r 4811Protocol used to receive the message. 4812Set from the 4813.b \-p 4814command line flag or by the SMTP server code. 4815.ip $s 4816Sender's host name. 4817Set from the 4818.b \-p 4819command line flag or by the SMTP server code 4820(in which case it is set to the EHLO/HELO parameter). 4821.ip $t 4822A numeric representation of the current time in the format YYYYMMDDHHmm 4823(4 digit year 1900-9999, 2 digit month 01-12, 2 digit day 01-31, 48242 digit hours 00-23, 2 digit minutes 00-59). 4825.ip $u 4826The recipient user. 4827.ip $v 4828The version number of the 4829.i sendmail 4830binary. 4831.ip $w\(dd 4832The hostname of this site. 4833This is the root name of this host (but see below for caveats). 4834.ip $x 4835The full name of the sender. 4836.ip $z 4837The home directory of the recipient. 4838.ip $_ 4839The validated sender address. 4840See also 4841.b ${client_resolve} . 4842.ip ${addr_type} 4843The type of the address which is currently being rewritten. 4844This macro contains up to three characters, the first 4845is either `e' or `h' for envelope/header address, 4846the second is a space, 4847and the third is either `s' or `r' for sender/recipient address. 4848.ip ${alg_bits} 4849The maximum keylength (in bits) of the symmetric encryption algorithm 4850used for a TLS connection. 4851This may be less than the effective keylength, 4852which is stored in 4853.b ${cipher_bits} , 4854for ``export controlled'' algorithms. 4855.ip ${auth_authen} 4856The client's authentication credentials as determined by authentication 4857(only set if successful). 4858The format depends on the mechanism used, it might be just `user', 4859or `user@realm', or something similar (SMTP AUTH only). 4860.ip ${auth_author} 4861The authorization identity, i.e. the AUTH= parameter of the 4862.sm "SMTP MAIL" 4863command if supplied. 4864.ip ${auth_type} 4865The mechanism used for SMTP authentication 4866(only set if successful). 4867.ip ${auth_ssf} 4868The keylength (in bits) of the symmetric encryption algorithm 4869used for the security layer of a SASL mechanism. 4870.ip ${bodytype} 4871The message body type 4872(7BIT or 8BITMIME), 4873as determined from the envelope. 4874.ip ${cert_issuer} 4875The DN (distinguished name) of the CA (certificate authority) 4876that signed the presented certificate (the cert issuer) 4877(STARTTLS only). 4878.ip ${cert_md5} 4879The MD5 hash of the presented certificate (STARTTLS only). 4880.ip ${cert_subject} 4881The DN of the presented certificate (called the cert subject) 4882(STARTTLS only). 4883.ip ${cipher} 4884The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, 4885EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA 4886(STARTTLS only). 4887.ip ${cipher_bits} 4888The effective keylength (in bits) of the symmetric encryption algorithm 4889used for a TLS connection. 4890.ip ${client_addr} 4891The IP address of the SMTP client. 4892IPv6 addresses are tagged with "IPv6:" before the address. 4893Defined in the SMTP server only. 4894.ip ${client_connections} 4895The number of open connections in the SMTP server for the client IP address. 4896.ip ${client_flags} 4897The flags specified by the 4898Modifier= part of 4899.b ClientPortOptions 4900where flags are separated from each other by spaces 4901and upper case flags are doubled. 4902That is, 4903Modifier=hA 4904will be represented as 4905"h AA" in 4906.b ${client_flags} , 4907which is required for testing the flags in rulesets. 4908.ip ${client_name} 4909The host name of the SMTP client. 4910This may be the client's bracketed IP address 4911in the form [ nnn.nnn.nnn.nnn ] for IPv4 4912and [ IPv6:nnnn:...:nnnn ] for IPv6 4913if the client's 4914IP address is not resolvable, or if it is resolvable 4915but the IP address of the resolved hostname 4916doesn't match the original IP address. 4917Defined in the SMTP server only. 4918See also 4919.b ${client_resolve} . 4920.ip ${client_port} 4921The port number of the SMTP client. 4922Defined in the SMTP server only. 4923.ip ${client_ptr} 4924The result of the PTR lookup for the client IP address. 4925Note: this is the same as 4926.b ${client_name} 4927if and only if 4928.b ${client_resolve} 4929is OK. 4930Defined in the SMTP server only. 4931.ip ${client_rate} 4932The number of incoming connections for the client IP address 4933over the time interval specified by ConnectionRateWindowSize. 4934.ip ${client_resolve} 4935Holds the result of the resolve call for 4936.b ${client_name} . 4937Possible values are: 4938.(b 4939.ta 10n 4940OK resolved successfully 4941FAIL permanent lookup failure 4942FORGED forward lookup doesn't match reverse lookup 4943TEMP temporary lookup failure 4944.)b 4945Defined in the SMTP server only. 4946.i sendmail 4947performs a hostname lookup on the IP address of the connecting client. 4948Next the IP addresses of that hostname are looked up. 4949If the client IP address does not appear in that list, 4950then the hostname is maybe forged. 4951This is reflected as the value FORGED for 4952.b ${client_resolve} 4953and it also shows up in 4954.b $_ 4955as "(may be forged)". 4956.ip ${cn_issuer} 4957The CN (common name) of the CA that signed the presented certificate 4958(STARTTLS only). 4959Note: if the CN cannot be extracted properly it will be replaced by 4960one of these strings based on the encountered error: 4961.(b 4962.ta 25n 4963BadCertificateContainsNUL CN contains a NUL character 4964BadCertificateTooLong CN is too long 4965BadCertificateUnknown CN could not be extracted 4966.)b 4967In the last case, some other (unspecific) error occurred. 4968.ip ${cn_subject} 4969The CN (common name) of the presented certificate 4970(STARTTLS only). 4971See 4972.b ${cn_issuer} 4973for possible replacements. 4974.ip ${currHeader} 4975Header value as quoted string 4976(possibly truncated to 4977.b MAXNAME ). 4978This macro is only available in header check rulesets. 4979.ip ${daemon_addr} 4980The IP address the daemon is listening on for connections. 4981.ip ${daemon_family} 4982The network family 4983if the daemon is accepting network connections. 4984Possible values include 4985.q inet , 4986.q inet6 , 4987.q iso , 4988.q ns , 4989.q x.25 4990.ip ${daemon_flags} 4991The flags for the daemon as specified by the 4992Modifier= part of 4993.b DaemonPortOptions 4994whereby the flags are separated from each other by spaces, 4995and upper case flags are doubled. 4996That is, 4997Modifier=Ea 4998will be represented as 4999"EE a" in 5000.b ${daemon_flags} , 5001which is required for testing the flags in rulesets. 5002.ip ${daemon_info} 5003Some information about a daemon as a text string. 5004For example, 5005.q SMTP+queueing@00:30:00 . 5006.ip ${daemon_name} 5007The name of the daemon from 5008.b DaemonPortOptions 5009Name= suboption. 5010If this suboption is not set, 5011"Daemon#", 5012where # is the daemon number, 5013is used. 5014.ip ${daemon_port} 5015The port the daemon is accepting connection on. 5016Unless 5017.b DaemonPortOptions 5018is set, this will most likely be 5019.q 25 . 5020.ip ${deliveryMode} 5021The current delivery mode sendmail is using. 5022It is initially set to the value of the 5023.b DeliveryMode 5024option. 5025.ip ${envid} 5026The envelope id parameter (ENVID=) passed to sendmail as part of the envelope. 5027.ip ${hdrlen} 5028The length of the header value which is stored in 5029${currHeader} (before possible truncation). 5030If this value is greater than or equal to 5031.b MAXNAME 5032the header has been truncated. 5033.ip ${hdr_name} 5034The name of the header field for which the current header 5035check ruleset has been called. 5036This is useful for a default header check ruleset to get 5037the name of the header; 5038the macro is only available in header check rulesets. 5039.ip ${if_addr} 5040The IP address of the interface of an incoming connection 5041unless it is in the loopback net. 5042IPv6 addresses are tagged with "IPv6:" before the address. 5043.ip ${if_addr_out} 5044The IP address of the interface of an outgoing connection 5045unless it is in the loopback net. 5046IPv6 addresses are tagged with "IPv6:" before the address. 5047.ip ${if_family} 5048The IP family of the interface of an incoming connection 5049unless it is in the loopback net. 5050.ip ${if_family_out} 5051The IP family of the interface of an outgoing connection 5052unless it is in the loopback net. 5053.ip ${if_name} 5054The hostname associated with the interface of an incoming connection. 5055This macro can be used for 5056SmtpGreetingMessage and HReceived for virtual hosting. 5057For example: 5058.(b 5059O SmtpGreetingMessage=$?{if_name}${if_name}$\|$j$. MTA 5060.)b 5061.ip ${if_name_out} 5062The name of the interface of an outgoing connection. 5063.ip ${load_avg} 5064The current load average. 5065.ip ${mail_addr} 5066The address part of the resolved triple of the address given for the 5067.sm "SMTP MAIL" 5068command. 5069Defined in the SMTP server only. 5070.ip ${mail_host} 5071The host from the resolved triple of the address given for the 5072.sm "SMTP MAIL" 5073command. 5074Defined in the SMTP server only. 5075.ip ${mail_mailer} 5076The mailer from the resolved triple of the address given for the 5077.sm "SMTP MAIL" 5078command. 5079Defined in the SMTP server only. 5080.ip ${msg_id} 5081The value of the Message-Id: header. 5082.ip ${msg_size} 5083The value of the SIZE= parameter, 5084i.e., usually the size of the message (in an ESMTP dialogue), 5085before the message has been collected, thereafter 5086the message size as computed by 5087.i sendmail 5088(and can be used in check_compat). 5089.ip ${nbadrcpts} 5090The number of bad recipients for a single message. 5091.ip ${nrcpts} 5092The number of validated recipients for a single message. 5093Note: since recipient validation happens after 5094.i check_rcpt 5095has been called, the value in this ruleset 5096is one less than what might be expected. 5097.ip ${ntries} 5098The number of delivery attempts. 5099.ip ${opMode} 5100The current operation mode (from the 5101.b \-b 5102flag). 5103.ip ${quarantine} 5104The quarantine reason for the envelope, 5105if it is quarantined. 5106.ip ${queue_interval} 5107The queue run interval given by the 5108.b \-q 5109flag. 5110For example, 5111.b \-q30m 5112would set 5113.b ${queue_interval} 5114to 5115.q 00:30:00 . 5116.ip ${rcpt_addr} 5117The address part of the resolved triple of the address given for the 5118.sm "SMTP RCPT" 5119command. 5120Defined in the SMTP server only after a RCPT command. 5121.ip ${rcpt_host} 5122The host from the resolved triple of the address given for the 5123.sm "SMTP RCPT" 5124command. 5125Defined in the SMTP server only after a RCPT command. 5126.ip ${rcpt_mailer} 5127The mailer from the resolved triple of the address given for the 5128.sm "SMTP RCPT" 5129command. 5130Defined in the SMTP server only after a RCPT command. 5131.ip ${server_addr} 5132The address of the server of the current outgoing SMTP connection. 5133For LMTP delivery the macro is set to the name of the mailer. 5134.ip ${server_name} 5135The name of the server of the current outgoing SMTP or LMTP connection. 5136.ip ${time} 5137The output of the 5138.i time (3) 5139function, i.e., the number of seconds since 0 hours, 0 minutes, 51400 seconds, January 1, 1970, Coordinated Universal Time (UTC). 5141.ip ${tls_version} 5142The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2; 5143defined after STARTTLS has been used. 5144.ip ${total_rate} 5145The total number of incoming connections over the time interval specified 5146by ConnectionRateWindowSize. 5147.ip ${verify} 5148The result of the verification of the presented cert; 5149only defined after STARTTLS has been used (or attempted). 5150Possible values are: 5151.(b 5152.ta 13n 5153OK verification succeeded. 5154NO no cert presented. 5155NOT no cert requested. 5156FAIL cert presented but could not be verified, 5157* e.g., the signing CA is missing. 5158NONE STARTTLS has not been performed. 5159TEMP temporary error occurred. 5160PROTOCOL some protocol error occurred 5161 at the ESMTP level (not TLS). 5162SOFTWARE STARTTLS handshake failed, 5163 which is a fatal error for this session, 5164 the e-mail will be queued. 5165.)b 5166.pp 5167There are three types of dates that can be used. 5168The 5169.b $a 5170and 5171.b $b 5172macros are in RFC 822 format; 5173.b $a 5174is the time as extracted from the 5175.q Date: 5176line of the message 5177(if there was one), 5178and 5179.b $b 5180is the current date and time 5181(used for postmarks). 5182If no 5183.q Date: 5184line is found in the incoming message, 5185.b $a 5186is set to the current time also. 5187The 5188.b $d 5189macro is equivalent to the 5190.b $b 5191macro in UNIX 5192(ctime) 5193format. 5194.pp 5195The macros 5196.b $w , 5197.b $j , 5198and 5199.b $m 5200are set to the identity of this host. 5201.i Sendmail 5202tries to find the fully qualified name of the host 5203if at all possible; 5204it does this by calling 5205.i gethostname (2) 5206to get the current hostname 5207and then passing that to 5208.i gethostbyname (3) 5209which is supposed to return the canonical version of that host name.\** 5210.(f 5211\*For example, on some systems 5212.i gethostname 5213might return 5214.q foo 5215which would be mapped to 5216.q foo.bar.com 5217by 5218.i gethostbyname . 5219.)f 5220Assuming this is successful, 5221.b $j 5222is set to the fully qualified name 5223and 5224.b $m 5225is set to the domain part of the name 5226(everything after the first dot). 5227The 5228.b $w 5229macro is set to the first word 5230(everything before the first dot) 5231if you have a level 5 or higher configuration file; 5232otherwise, it is set to the same value as 5233.b $j . 5234If the canonification is not successful, 5235it is imperative that the config file set 5236.b $j 5237to the fully qualified domain name\. 5238.(f 5239\Older versions of sendmail didn't pre-define 5240.b $j 5241at all, so up until 8.6, 5242config files 5243.i always 5244had to define 5245.b $j . 5246.)f 5247.pp 5248The 5249.b $f 5250macro is the id of the sender 5251as originally determined; 5252when mailing to a specific host 5253the 5254.b $g 5255macro is set to the address of the sender 5256.ul 5257relative to the recipient. 5258For example, 5259if I send to 5260.q bollard@matisse.CS.Berkeley.EDU 5261from the machine 5262.q vangogh.CS.Berkeley.EDU 5263the 5264.b $f 5265macro will be 5266.q eric 5267and the 5268.b $g 5269macro will be 5270.q eric@vangogh.CS.Berkeley.EDU. 5271.pp 5272The 5273.b $x 5274macro is set to the full name of the sender. 5275This can be determined in several ways. 5276It can be passed as flag to 5277.i sendmail . 5278It can be defined in the 5279.sm NAME 5280environment variable. 5281The third choice is the value of the 5282.q Full-Name: 5283line in the header if it exists, 5284and the fourth choice is the comment field 5285of a 5286.q From: 5287line. 5288If all of these fail, 5289and if the message is being originated locally, 5290the full name is looked up in the 5291.i /etc/passwd 5292file. 5293.pp 5294When sending, 5295the 5296.b $h , 5297.b $u , 5298and 5299.b $z 5300macros get set to the host, user, and home directory 5301(if local) 5302of the recipient. 5303The first two are set from the 5304.b $@ 5305and 5306.b $: 5307part of the rewriting rules, respectively. 5308.pp 5309The 5310.b $p 5311and 5312.b $t 5313macros are used to create unique strings 5314(e.g., for the 5315.q Message-Id: 5316field). 5317The 5318.b $i 5319macro is set to the queue id on this host; 5320if put into the timestamp line 5321it can be extremely useful for tracking messages. 5322The 5323.b $v 5324macro is set to be the version number of 5325.i sendmail ; 5326this is normally put in timestamps 5327and has been proven extremely useful for debugging. 5328.pp 5329The 5330.b $c 5331field is set to the 5332.q "hop count," 5333i.e., the number of times this message has been processed. 5334This can be determined 5335by the 5336.b \-h 5337flag on the command line 5338or by counting the timestamps in the message. 5339.pp 5340The 5341.b $r 5342and 5343.b $s 5344fields are set to the protocol used to communicate with 5345.i sendmail 5346and the sending hostname. 5347They can be set together using the 5348.b \-p 5349command line flag or separately using the 5350.b \-M 5351or 5352.b \-oM 5353flags. 5354.pp 5355The 5356.b $_ 5357is set to a validated sender host name. 5358If the sender is running an RFC 1413 compliant IDENT server 5359and the receiver has the IDENT protocol turned on, 5360it will include the user name on that host. 5361.pp 5362The 5363.b ${client_name} , 5364.b ${client_addr} , 5365and 5366.b ${client_port} 5367macros 5368are set to the name, address, and port number of the SMTP client 5369who is invoking 5370.i sendmail 5371as a server. 5372These can be used in the 5373.i check_ 5374rulesets (using the 5375.b $& 5376deferred evaluation form, of course!). 5377.sh 2 "C and F \- Define Classes" 5378.pp 5379Classes of phrases may be defined 5380to match on the left hand side of rewriting rules, 5381where a 5382.q phrase 5383is a sequence of characters that does not contain space characters. 5384For example 5385a class of all local names for this site 5386might be created 5387so that attempts to send to oneself 5388can be eliminated. 5389These can either be defined directly in the configuration file 5390or read in from another file. 5391Classes are named as a single letter or a word in {braces}. 5392Class names beginning with lower case letters 5393and special characters are reserved for system use. 5394Classes defined in config files may be given names 5395from the set of upper case letters for short names 5396or beginning with an upper case letter for long names. 5397.pp 5398The syntax is: 5399.(b F 5400.b C \c 5401.i c\\|phrase1 5402.i phrase2... 5403.br 5404.b F \c 5405.i c\\|file 5406.br 5407.b F \c 5408.i c\\|\|program 5409.br 5410.b F \c 5411.i c\\|[mapkey]@mapclass:mapspec 5412.)b 5413The first form defines the class 5414.i c 5415to match any of the named words. 5416If 5417.i phrase1 5418or 5419.i phrase2 5420is another class, 5421e.g., 5422.i $=S , 5423the contents of class 5424.i S 5425are added to class 5426.i c . 5427It is permissible to split them among multiple lines; 5428for example, the two forms: 5429.(b 5430CHmonet ucbmonet 5431.)b 5432and 5433.(b 5434CHmonet 5435CHucbmonet 5436.)b 5437are equivalent. 5438The ``F'' forms 5439read the elements of the class 5440.i c 5441from the named 5442.i file , 5443.i program , 5444or 5445.i "map specification" . 5446Each element should be listed on a separate line. 5447To specify an optional file, use ``\-o'' between the class 5448name and the file name, e.g., 5449.(b 5450Fc \-o /path/to/file 5451.)b 5452If the file can't be used, 5453.i sendmail 5454will not complain but silently ignore it. 5455The map form should be an optional map key, an at sign, 5456and a map class followed by the specification for that map. 5457Examples include: 5458.(b 5459F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=)) \-v host 5460F{MyClass}foo@hash:/etc/mail/classes 5461.)b 5462will fill the class 5463.b $={VirtHosts} 5464from an LDAP map lookup and 5465.b $={MyClass} 5466from a hash database map lookup of the 5467.b foo . 5468There is also a built-in schema that can be accessed by only specifying: 5469.(b 5470F{\c 5471.i ClassName }@LDAP 5472.)b 5473This will tell sendmail to use the default schema: 5474.(b 5475\-k (&(objectClass=sendmailMTAClass) 5476 (sendmailMTAClassName=\c 5477.i ClassName ) 5478 (\|(sendmailMTACluster=${sendmailMTACluster}) 5479 (sendmailMTAHost=$j))) 5480\-v sendmailMTAClassValue 5481.)b 5482Note that the lookup is only done when sendmail is initially started. 5483.pp 5484Elements of classes can be accessed in rules using 5485.b $= 5486or 5487.b $~ . 5488The 5489.b $~ 5490(match entries not in class) 5491only matches a single word; 5492multi-word entries in the class are ignored in this context. 5493.pp 5494Some classes have internal meaning to 5495.i sendmail : 5496.nr ii 0.5i 5497.\".ip $=b 5498.\"A set of Content-Types that will not have the newline character 5499.\"translated to CR-LF before encoding into base64 MIME. 5500.\"The class can have major times 5501.\"(e.g., 5502.\".q image ) 5503.\"or full types 5504.\"(such as 5505.\".q application/octet-stream ). 5506.\"The class is initialized with 5507.\".q application/octet-stream , 5508.\".q image , 5509.\".q audio , 5510.\"and 5511.\".q video . 5512.ip $=e 5513contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded. 5514It is predefined to contain 5515.q 7bit , 5516.q 8bit , 5517and 5518.q binary . 5519.ip $=k 5520set to be the same as 5521.b $k , 5522that is, the UUCP node name. 5523.ip $=m 5524set to the set of domains by which this host is known, 5525initially just 5526.b $m . 5527.ip $=n 5528can be set to the set of MIME body types 5529that can never be eight to seven bit encoded. 5530It defaults to 5531.q multipart/signed . 5532Message types 5533.q message/* 5534and 5535.q multipart/* 5536are never encoded directly. 5537Multipart messages are always handled recursively. 5538The handling of message/* messages 5539are controlled by class 5540.b $=s . 5541.ip $=q 5542A set of Content-Types that will never be encoded as base64 5543(if they have to be encoded, they will be encoded as quoted-printable). 5544It can have primary types 5545(e.g., 5546.q text ) 5547or full types 5548(such as 5549.q text/plain ). 5550The class is initialized to have 5551.q text/plain 5552only. 5553.ip $=s 5554contains the set of subtypes of message that can be treated recursively. 5555By default it contains only 5556.q rfc822 . 5557Other 5558.q message/* 5559types cannot be 8\(->7 bit encoded. 5560If a message containing eight bit data is sent to a seven bit host, 5561and that message cannot be encoded into seven bits, 5562it will be stripped to 7 bits. 5563.ip $=t 5564set to the set of trusted users by the 5565.b T 5566configuration line. 5567If you want to read trusted users from a file, use 5568.b Ft \c 5569.i /file/name . 5570.ip $=w 5571set to be the set of all names 5572this host is known by. 5573This can be used to match local hostnames. 5574.ip $={persistentMacros} 5575set to the macros that should be saved across queue runs. 5576Care should be taken when adding macro names to this class. 5577.pp 5578.i Sendmail 5579can be compiled to allow a 5580.i scanf (3) 5581string on the 5582.b F 5583line. 5584This lets you do simplistic parsing of text files. 5585For example, to read all the user names in your system 5586.i /etc/passwd 5587file into a class, use 5588.(b 5589FL/etc/passwd %[^:] 5590.)b 5591which reads every line up to the first colon. 5592.sh 2 "M \- Define Mailer" 5593.pp 5594Programs and interfaces to mailers 5595are defined in this line. 5596The format is: 5597.(b F 5598.b M \c 5599.i name , 5600{\c 5601.i field =\c 5602.i value \\|} 5603.)b 5604where 5605.i name 5606is the name of the mailer 5607(used internally only) 5608and the 5609.q field=name 5610pairs define attributes of the mailer. 5611Fields are: 5612.(b 5613.ta 1i 5614Path The pathname of the mailer 5615Flags Special flags for this mailer 5616Sender Rewriting set(s) for sender addresses 5617Recipient Rewriting set(s) for recipient addresses 5618recipients Maximum number of recipients per connection 5619Argv An argument vector to pass to this mailer 5620Eol The end-of-line string for this mailer 5621Maxsize The maximum message length to this mailer 5622maxmessages The maximum message deliveries per connection 5623Linelimit The maximum line length in the message body 5624Directory The working directory for the mailer 5625Userid The default user and group id to run as 5626Nice The nice(2) increment for the mailer 5627Charset The default character set for 8-bit characters 5628Type Type information for DSN diagnostics 5629Wait The maximum time to wait for the mailer 5630Queuegroup The default queue group for the mailer 5631/ The root directory for the mailer 5632.)b 5633Only the first character of the field name is checked 5634(it's case-sensitive). 5635.pp 5636The following flags may be set in the mailer description. 5637Any other flags may be used freely 5638to conditionally assign headers to messages 5639destined for particular mailers. 5640Flags marked with \(dg 5641are not interpreted by the 5642.i sendmail 5643binary; 5644these are the conventionally used to correlate to the flags portion 5645of the 5646.b H 5647line. 5648Flags marked with \(dd 5649apply to the mailers for the sender address 5650rather than the usual recipient mailers. 5651.nr ii 4n 5652.ip a 5653Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870). 5654This flag defaults on if the SMTP greeting message includes the word 5655.q ESMTP . 5656.ip A 5657Look up the user (address) part of the resolved mailer triple, 5658in the alias database. 5659Normally this is only set for local mailers. 5660.ip b 5661Force a blank line on the end of a message. 5662This is intended to work around some stupid versions of 5663/bin/mail 5664that require a blank line, but do not provide it themselves. 5665It would not normally be used on network mail. 5666.ip B 5667Strip leading backslashes (\e) off of the address; 5668this is a subset of the functionality of the 5669.b s 5670flag. 5671.ip c 5672Do not include comments in addresses. 5673This should only be used if you have to work around 5674a remote mailer that gets confused by comments. 5675This strips addresses of the form 5676.q "Phrase <address>" 5677or 5678.q "address (Comment)" 5679down to just 5680.q address . 5681.ip C\(dd 5682If mail is 5683.i received 5684from a mailer with this flag set, 5685any addresses in the header that do not have an at sign 5686(\c 5687.q @ ) 5688after being rewritten by ruleset three 5689will have the 5690.q @domain 5691clause from the sender envelope address 5692tacked on. 5693This allows mail with headers of the form: 5694.(b 5695From: usera@hosta 5696To: userb@hostb, userc 5697.)b 5698to be rewritten as: 5699.(b 5700From: usera@hosta 5701To: userb@hostb, userc@hosta 5702.)b 5703automatically. 5704However, it doesn't really work reliably. 5705.ip d 5706Do not include angle brackets around route-address syntax addresses. 5707This is useful on mailers that are going to pass addresses to a shell 5708that might interpret angle brackets as I/O redirection. 5709However, it does not protect against other shell metacharacters. 5710Therefore, passing addresses to a shell should not be considered secure. 5711.ip D\(dg 5712This mailer wants a 5713.q Date: 5714header line. 5715.ip e 5716This mailer is expensive to connect to, 5717so try to avoid connecting normally; 5718any necessary connection will occur during a queue run. 5719See also option 5720.b HoldExpensive . 5721.ip E 5722Escape lines beginning with 5723.q From\0 5724in the message with a `>' sign. 5725.ip f 5726The mailer wants a 5727.b \-f 5728.i from 5729flag, 5730but only if this is a network forward operation 5731(i.e., 5732the mailer will give an error 5733if the executing user 5734does not have special permissions). 5735.ip F\(dg 5736This mailer wants a 5737.q From: 5738header line. 5739.ip g 5740Normally, 5741.i sendmail 5742sends internally generated email (e.g., error messages) 5743using the null return address 5744as required by RFC 1123. 5745However, some mailers don't accept a null return address. 5746If necessary, 5747you can set the 5748.b g 5749flag to prevent 5750.i sendmail 5751from obeying the standards; 5752error messages will be sent as from the MAILER-DAEMON 5753(actually, the value of the 5754.b $n 5755macro). 5756.ip h 5757Upper case should be preserved in host names 5758(the $@ portion of the mailer triplet resolved from ruleset 0) 5759for this mailer. 5760.ip i 5761Do User Database rewriting on envelope sender address. 5762.ip I 5763This mailer will be speaking SMTP 5764to another 5765.i sendmail 5766\- 5767as such it can use special protocol features. 5768This flag should not be used except for debugging purposes 5769because it uses 5770.b VERB 5771as SMTP command. 5772.ip j 5773Do User Database rewriting on recipients as well as senders. 5774.ip k 5775Normally when 5776.i sendmail 5777connects to a host via SMTP, 5778it checks to make sure that this isn't accidently the same host name 5779as might happen if 5780.i sendmail 5781is misconfigured or if a long-haul network interface is set in loopback mode. 5782This flag disables the loopback check. 5783It should only be used under very unusual circumstances. 5784.ip K 5785Currently unimplemented. 5786Reserved for chunking. 5787.ip l 5788This mailer is local 5789(i.e., 5790final delivery will be performed). 5791.ip L 5792Limit the line lengths as specified in RFC 821. 5793This deprecated option should be replaced by the 5794.b L= 5795mail declaration. 5796For historic reasons, the 5797.b L 5798flag also sets the 5799.b 7 5800flag. 5801.ip m 5802This mailer can send to multiple users 5803on the same host 5804in one transaction. 5805When a 5806.b $u 5807macro occurs in the 5808.i argv 5809part of the mailer definition, 5810that field will be repeated as necessary 5811for all qualifying users. 5812Removing this flag can defeat duplicate supression on a remote site 5813as each recipient is sent in a separate transaction. 5814.ip M\(dg 5815This mailer wants a 5816.q Message-Id: 5817header line. 5818.ip n 5819Do not insert a UNIX-style 5820.q From 5821line on the front of the message. 5822.ip o 5823Always run as the owner of the recipient mailbox. 5824Normally 5825.i sendmail 5826runs as the sender for locally generated mail 5827or as 5828.q daemon 5829(actually, the user specified in the 5830.b u 5831option) 5832when delivering network mail. 5833The normal behavior is required by most local mailers, 5834which will not allow the envelope sender address 5835to be set unless the mailer is running as daemon. 5836This flag is ignored if the 5837.b S 5838flag is set. 5839.ip p 5840Use the route-addr style reverse-path in the SMTP 5841.q "MAIL FROM:" 5842command 5843rather than just the return address; 5844although this is required in RFC 821 section 3.1, 5845many hosts do not process reverse-paths properly. 5846Reverse-paths are officially discouraged by RFC 1123. 5847.ip P\(dg 5848This mailer wants a 5849.q Return-Path: 5850line. 5851.ip q 5852When an address that resolves to this mailer is verified 5853(SMTP VRFY command), 5854generate 250 responses instead of 252 responses. 5855This will imply that the address is local. 5856.ip r 5857Same as 5858.b f , 5859but sends a 5860.b \-r 5861flag. 5862.ip R 5863Open SMTP connections from a 5864.q secure 5865port. 5866Secure ports aren't 5867(secure, that is) 5868except on UNIX machines, 5869so it is unclear that this adds anything. 5870.i sendmail 5871must be running as root to be able to use this flag. 5872.ip s 5873Strip quote characters (" and \e) off of the address 5874before calling the mailer. 5875.ip S 5876Don't reset the userid 5877before calling the mailer. 5878This would be used in a secure environment 5879where 5880.i sendmail 5881ran as root. 5882This could be used to avoid forged addresses. 5883If the 5884.b U= 5885field is also specified, 5886this flag causes the effective user id to be set to that user. 5887.ip u 5888Upper case should be preserved in user names for this mailer. Standards 5889require preservation of case in the local part of addresses, except for 5890those address for which your system accepts responsibility. 5891RFC 2142 provides a long list of addresses which should be case 5892insensitive. 5893If you use this flag, you may be violating RFC 2142. 5894Note that postmaster is always treated as a case insensitive address 5895regardless of this flag. 5896.ip U 5897This mailer wants UUCP-style 5898.q From 5899lines with the ugly 5900.q "remote from <host>" 5901on the end. 5902.ip w 5903The user must have a valid account on this machine, 5904i.e., 5905.i getpwnam 5906must succeed. 5907If not, the mail is bounced. 5908See also the 5909.b MailBoxDatabase 5910option. 5911This is required to get 5912.q \&.forward 5913capability. 5914.ip W 5915Ignore long term host status information (see Section 5916"Persistent Host Status Information"). 5917.ip x\(dg 5918This mailer wants a 5919.q Full-Name: 5920header line. 5921.ip X 5922This mailer wants to use the hidden dot algorithm as specified in RFC 821; 5923basically, any line beginning with a dot will have an extra dot prepended 5924(to be stripped at the other end). 5925This insures that lines in the message containing a dot 5926will not terminate the message prematurely. 5927.ip z 5928Run Local Mail Transfer Protocol (LMTP) 5929between 5930.i sendmail 5931and the local mailer. 5932This is a variant on SMTP 5933defined in RFC 2033 5934that is specifically designed for delivery to a local mailbox. 5935.ip Z 5936Apply DialDelay (if set) to this mailer. 5937.ip 0 5938Don't look up MX records for hosts sent via SMTP/LMTP. 5939Do not apply 5940.b FallbackMXhost 5941either. 5942.ip 1 5943Don't send null characters ('\\0') to this mailer. 5944.ip 2 5945Don't use ESMTP even if offered; this is useful for broken 5946systems that offer ESMTP but fail on EHLO (without recovering 5947when HELO is tried next). 5948.ip 3 5949Extend the list of characters converted to =XX notation 5950when converting to Quoted-Printable 5951to include those that don't map cleanly between ASCII and EBCDIC. 5952Useful if you have IBM mainframes on site. 5953.ip 5 5954If no aliases are found for this address, 5955pass the address through ruleset 5 for possible alternate resolution. 5956This is intended to forward the mail to an alternate delivery spot. 5957.ip 6 5958Strip headers to seven bits. 5959.ip 7 5960Strip all output to seven bits. 5961This is the default if the 5962.b L 5963flag is set. 5964Note that clearing this option is not 5965sufficient to get full eight bit data passed through 5966.i sendmail . 5967If the 5968.b 7 5969option is set, this is essentially always set, 5970since the eighth bit was stripped on input. 5971Note that this option will only impact messages 5972that didn't have 8\(->7 bit MIME conversions performed. 5973.ip 8 5974If set, 5975it is acceptable to send eight bit data to this mailer; 5976the usual attempt to do 8\(->7 bit MIME conversions will be bypassed. 5977.ip 9 5978If set, 5979do 5980.i limited 59817\(->8 bit MIME conversions. 5982These conversions are limited to text/plain data. 5983.ip : 5984Check addresses to see if they begin 5985.q :include: ; 5986if they do, convert them to the 5987.q include* 5988mailer. 5989.ip \| 5990Check addresses to see if they begin with a `\|'; 5991if they do, convert them to the 5992.q prog 5993mailer. 5994.ip / 5995Check addresses to see if they begin with a `/'; 5996if they do, convert them to the 5997.q file 5998mailer. 5999.ip @ 6000Look up addresses in the user database. 6001.ip %
6002Do not attempt delivery on initial recipient of a message	6002Do not attempt delivery on initial receipt of a message
6003or on queue runs 6004unless the queued message is selected 6005using one of the -qI/-qR/-qS queue run modifiers 6006or an ETRN request. 6007.pp 6008Configuration files prior to level 6 6009assume the `A', `w', `5', `:', `\|', `/', and `@' options 6010on the mailer named 6011.q local . 6012.pp 6013The mailer with the special name 6014.q error 6015can be used to generate a user error. 6016The (optional) host field is an exit status to be returned, 6017and the user field is a message to be printed. 6018The exit status may be numeric or one of the values 6019USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG 6020to return the corresponding EX_ exit code, 6021or an enhanced error code as described in RFC 1893, 6022.ul 6023Enhanced Mail System Status Codes. 6024For example, the entry: 6025.(b 6026$#error $@ NOHOST $: Host unknown in this domain 6027.)b 6028on the RHS of a rule 6029will cause the specified error to be generated 6030and the 6031.q "Host unknown" 6032exit status to be returned 6033if the LHS matches. 6034This mailer is only functional in rulesets 0, 5, 6035or one of the check_* rulesets. 6036The host field can also contain the special token 6037.b quarantine 6038which instructs sendmail to quarantine the current message. 6039.pp 6040The mailer with the special name 6041.q discard 6042causes any mail sent to it to be discarded 6043but otherwise treated as though it were successfully delivered. 6044This mailer cannot be used in ruleset 0, 6045only in the various address checking rulesets. 6046.pp 6047The mailer named 6048.q local 6049.i must 6050be defined in every configuration file. 6051This is used to deliver local mail, 6052and is treated specially in several ways. 6053Additionally, three other mailers named 6054.q prog , 6055.q file , 6056and 6057.q include 6058may be defined to tune the delivery of messages to programs, 6059files, 6060and :include: lists respectively. 6061They default to: 6062.(b 6063Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u 6064Mfile, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u 6065Minclude, P=/dev/null, F=su, A=INCLUDE $u 6066.)b 6067.pp 6068Builtin pathnames are [FILE] and [IPC], the former is used for 6069delivery to files, the latter for delivery via interprocess communication. 6070For mailers that use [IPC] as pathname the argument vector (A=) 6071must start with TCP or FILE for delivery via a TCP or a Unix domain socket. 6072If TCP is used, the second argument must be the name of the host 6073to contact. 6074Optionally a third argument can be used to specify a port, 6075the default is smtp (port 25). 6076If FILE is used, the second argument must be the name of 6077the Unix domain socket. 6078.pp 6079If the argument vector does not contain $u then 6080.i sendmail 6081will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer. 6082.pp 6083If no Eol field is defined, then the default is "\\r\\n" for 6084SMTP mailers and "\\n" of others. 6085.pp 6086The Sender and Recipient rewriting sets 6087may either be a simple ruleset id 6088or may be two ids separated by a slash; 6089if so, the first rewriting set is applied to envelope 6090addresses 6091and the second is applied to headers. 6092Setting any value to zero disables corresponding mailer-specific rewriting. 6093.pp 6094The Directory 6095is actually a colon-separated path of directories to try. 6096For example, the definition 6097.q D=$z:/ 6098first tries to execute in the recipient's home directory; 6099if that is not available, 6100it tries to execute in the root of the filesystem. 6101This is intended to be used only on the 6102.q prog 6103mailer, 6104since some shells (such as 6105.i csh ) 6106refuse to execute if they cannot read the current directory. 6107Since the queue directory is not normally readable by unprivileged users 6108.i csh 6109scripts as recipients can fail. 6110.pp 6111The Userid 6112specifies the default user and group id to run as, 6113overriding the 6114.b DefaultUser 6115option (q.v.). 6116If the 6117.b S 6118mailer flag is also specified, 6119this user and group will be set as the 6120effective uid and gid for the process. 6121This may be given as 6122.i user:group 6123to set both the user and group id; 6124either may be an integer or a symbolic name to be looked up 6125in the 6126.i passwd 6127and 6128.i group 6129files respectively. 6130If only a symbolic user name is specified, 6131the group id in the 6132.i passwd 6133file for that user is used as the group id. 6134.pp 6135The Charset field 6136is used when converting a message to MIME; 6137this is the character set used in the 6138Content-Type: header. 6139If this is not set, the 6140.b DefaultCharset 6141option is used, 6142and if that is not set, the value 6143.q unknown-8bit 6144is used. 6145.b WARNING: 6146this field applies to the sender's mailer, 6147not the recipient's mailer. 6148For example, if the envelope sender address 6149lists an address on the local network 6150and the recipient is on an external network, 6151the character set will be set from the Charset= field 6152for the local network mailer, 6153not that of the external network mailer. 6154.pp 6155The Type= field 6156sets the type information 6157used in MIME error messages 6158as defined by 6159RFC 1894. 6160It is actually three values separated by slashes: 6161the MTA-type (that is, the description of how hosts are named), 6162the address type (the description of e-mail addresses), 6163and the diagnostic type (the description of error diagnostic codes). 6164Each of these must be a registered value 6165or begin with 6166.q X\- . 6167The default is 6168.q dns/rfc822/smtp . 6169.pp 6170The m= field specifies the maximum number of messages 6171to attempt to deliver on a single SMTP or LMTP connection. 6172The default is infinite. 6173.pp 6174The r= field specifies the maximum number of recipients 6175to attempt to deliver in a single envelope. 6176It defaults to 100. 6177.pp 6178The /= field specifies a new root directory for the mailer. The path is 6179macro expanded and then passed to the 6180.q chroot 6181system call. The root directory is changed before the Directory field is 6182consulted or the uid is changed. 6183.pp 6184The Wait= field specifies the maximum time to wait for the 6185mailer to return after sending all data to it. 6186This applies to mailers that have been forked by 6187.i sendmail . 6188.pp 6189The Queuegroup= field specifies the default queue group in which 6190received mail should be queued. 6191This can be overridden by other means as explained in section 6192``Queue Groups and Queue Directories''. 6193.sh 2 "H \- Define Header" 6194.pp 6195The format of the header lines that 6196.i sendmail 6197inserts into the message 6198are defined by the 6199.b H 6200line. 6201The syntax of this line is one of the following: 6202.(b F 6203.b H \c 6204.i hname \c 6205.b : 6206.i htemplate 6207.)b 6208.(b F 6209.b H [\c 6210.b ? \c 6211.i mflags \c 6212.b ? \c 6213.b ]\c 6214.i hname \c 6215.b : 6216.i htemplate 6217.)b 6218.(b F 6219.b H [\c 6220.b ?$ \c 6221.i {macro} \c 6222.b ? \c 6223.b ]\c 6224.i hname \c 6225.b : 6226.i htemplate 6227.)b 6228Continuation lines in this spec 6229are reflected directly into the outgoing message. 6230The 6231.i htemplate 6232is macro-expanded before insertion into the message. 6233If the 6234.i mflags 6235(surrounded by question marks) 6236are specified, 6237at least one of the specified flags 6238must be stated in the mailer definition 6239for this header to be automatically output. 6240If a 6241.i ${macro} 6242(surrounded by question marks) 6243is specified, 6244the header will be automatically output 6245if the macro is set. 6246The macro may be set using any of the normal methods, 6247including using the 6248.b macro 6249storage map in a ruleset. 6250If one of these headers is in the input 6251it is reflected to the output 6252regardless of these flags or macros. 6253Notice: 6254If a 6255.i ${macro} 6256is used to set a header, then it is useful to add that macro to class 6257.i $={persistentMacros} 6258which consists of the macros that should be saved across queue runs. 6259.pp 6260Some headers have special semantics 6261that will be described later. 6262.pp 6263A secondary syntax allows validation of headers as they are being read. 6264To enable validation, use: 6265.(b 6266.b H \c 6267.i Header \c 6268.b ": $>" \c 6269.i Ruleset 6270.b H \c 6271.i Header \c 6272.b ": $>+" \c 6273.i Ruleset 6274.)b 6275The indicated 6276.i Ruleset 6277is called for the specified 6278.i Header , 6279and can return 6280.b $#error 6281to reject or quarantine the message or 6282.b $#discard 6283to discard the message 6284(as with the other 6285.b check_ 6286rulesets). 6287The ruleset receives the header field-body as argument, 6288i.e., not the header field-name; see also 6289${hdr_name} and ${currHeader}. 6290The header is treated as a structured field, 6291that is, 6292text in parentheses is deleted before processing, 6293unless the second form 6294.b $>+ 6295is used. 6296Note: only one ruleset can be associated with a header; 6297.i sendmail 6298will silently ignore multiple entries. 6299.pp 6300For example, the configuration lines: 6301.(b 6302HMessage-Id: $>CheckMessageId 6303 6304SCheckMessageId 6305R< $+ @ $+ > $@ OK 6306R$* $#error $: Illegal Message-Id header 6307.)b 6308would refuse any message that had a Message-Id: header of any of the 6309following forms: 6310.(b 6311Message-Id: <> 6312Message-Id: some text 6313Message-Id: <legal text@domain> extra crud 6314.)b 6315A default ruleset that is called for headers which don't have a 6316specific ruleset defined for them can be specified by: 6317.(b 6318.b H \c 6319.i * \c 6320.b ": $>" \c 6321.i Ruleset 6322.)b 6323or 6324.(b 6325.b H \c 6326.i * \c 6327.b ": $>+" \c 6328.i Ruleset 6329.)b 6330.sh 2 "O \- Set Option" 6331.pp 6332There are a number of global options that 6333can be set from a configuration file. 6334Options are represented by full words; 6335some are also representable as single characters for back compatibility. 6336The syntax of this line is: 6337.(b F 6338.b O \0 6339.i option \c 6340.b = \c 6341.i value 6342.)b 6343This sets option 6344.i option 6345to be 6346.i value . 6347Note that there 6348.i must 6349be a space between the letter `O' and the name of the option. 6350An older version is: 6351.(b F 6352.b O \c 6353.i o\\|value 6354.)b 6355where the option 6356.i o 6357is a single character. 6358Depending on the option, 6359.i value 6360may be a string, an integer, 6361a boolean 6362(with legal values 6363.q t , 6364.q T , 6365.q f , 6366or 6367.q F ; 6368the default is TRUE), 6369or 6370a time interval. 6371.pp 6372All filenames used in options should be absolute paths, 6373i.e., starting with '/'. 6374Relative filenames most likely cause surprises during operation 6375(unless otherwise noted). 6376.pp 6377The options supported (with the old, one character names in brackets) are: 6378.nr ii 1i 6379.ip "AliasFile=\fIspec, spec, ...\fP" 6380[A] 6381Specify possible alias file(s). 6382Each 6383.i spec 6384should be in the format 6385``\c 6386.i class \c 6387.b : 6388.i info '' 6389where 6390.i class \c 6391.b : 6392is optional and defaults to ``implicit''. 6393Note that 6394.i info 6395is required for all 6396.i class es 6397except 6398.q ldap . 6399For the 6400.q ldap 6401class, 6402if 6403.i info 6404is not specified, 6405a default 6406.i info 6407value is used as follows: 6408.(b 6409\-k (&(objectClass=sendmailMTAAliasObject) 6410* (sendmailMTAAliasName=aliases) 6411 (\|(sendmailMTACluster=${sendmailMTACluster}) 6412 (sendmailMTAHost=$j)) 6413 (sendmailMTAKey=%0)) 6414\-v sendmailMTAAliasValue 6415.)b 6416Depending on how 6417.i sendmail 6418is compiled, valid classes are 6419.q implicit 6420(search through a compiled-in list of alias file types, 6421for back compatibility), 6422.q hash 6423(if 6424.sm NEWDB 6425is specified), 6426.q btree 6427(if 6428.sm NEWDB 6429is specified), 6430.q dbm 6431(if 6432.sm NDBM 6433is specified), 6434.q stab 6435(internal symbol table \- not normally used 6436unless you have no other database lookup), 6437.q sequence 6438(use a sequence of maps 6439previously declared), 6440.q ldap 6441(if 6442.sm LDAPMAP 6443is specified), 6444or 6445.q nis 6446(if 6447.sm NIS 6448is specified). 6449If a list of 6450.i spec s 6451are provided, 6452.i sendmail 6453searches them in order. 6454.ip AliasWait=\fItimeout\fP 6455[a] 6456If set, 6457wait up to 6458.i timeout 6459(units default to minutes) 6460for an 6461.q @:@ 6462entry to exist in the alias database 6463before starting up. 6464If it does not appear in the 6465.i timeout 6466interval issue a warning. 6467.ip AllowBogusHELO 6468[no short name] 6469If set, allow HELO SMTP commands that don't include a host name. 6470Setting this violates RFC 1123 section 5.2.5, 6471but is necessary to interoperate with several SMTP clients. 6472If there is a value, it is still checked for legitimacy. 6473.ip AuthMaxBits=\fIN\fP 6474[no short name] 6475Limit the maximum encryption strength for the security layer in 6476SMTP AUTH (SASL). Default is essentially unlimited. 6477This allows to turn off additional encryption in SASL if 6478STARTTLS is already encrypting the communication, because the 6479existing encryption strength is taken into account when choosing 6480an algorithm for the security layer. 6481For example, if STARTTLS is used and the symmetric cipher is 3DES, 6482then the the keylength (in bits) is 168. 6483Hence setting 6484.b AuthMaxBits 6485to 168 will disable any encryption in SASL. 6486.ip AuthMechanisms 6487[no short name] 6488List of authentication mechanisms for AUTH (separated by spaces). 6489The advertised list of authentication mechanisms will be the 6490intersection of this list and the list of available mechanisms as 6491determined by the Cyrus SASL library. 6492If STARTTLS is active, EXTERNAL will be added to this list. 6493In that case, the value of {cert_subject} is used as authentication id. 6494.ip AuthOptions 6495[no short name] 6496List of options for SMTP AUTH consisting of single characters 6497with intervening white space or commas. 6498.(b 6499.ta 4n 6500A Use the AUTH= parameter for the MAIL FROM 6501* command only when authentication succeeded. 6502 This can be used as a workaround for broken 6503 MTAs that do not implement RFC 2554 correctly. 6504a protection from active (non-dictionary) attacks 6505 during authentication exchange. 6506c require mechanisms which pass client credentials, 6507 and allow mechanisms which can pass credentials 6508 to do so. 6509d don't permit mechanisms susceptible to passive 6510 dictionary attack. 6511f require forward secrecy between sessions 6512 (breaking one won't help break next). 6513m require mechanisms which provide mutual authentication 6514 (only available if using Cyrus SASL v2 or later). 6515p don't permit mechanisms susceptible to simple 6516 passive attack (e.g., PLAIN, LOGIN), unless a 6517 security layer is active. 6518y don't permit mechanisms that allow anonymous login. 6519.)b 6520The first option applies to sendmail as a client, the others to a server. 6521Example: 6522.(b 6523O AuthOptions=p,y 6524.)b 6525would disallow ANONYMOUS as AUTH mechanism and would 6526allow PLAIN and LOGIN only if a security layer (e.g., 6527provided by STARTTLS) is already active. 6528The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the 6529selected SASL mechanisms. 6530Explanations of these properties can be found in the Cyrus SASL documentation. 6531.ip AuthRealm 6532[no short name] 6533The authentication realm that is passed to the Cyrus SASL library. 6534If no realm is specified, 6535.b $j 6536is used. 6537.ip BadRcptThrottle=\fIN\fP 6538[no short name] 6539If set and the specified number of recipients in a single SMTP 6540transaction have been rejected, sleep for one second after each subsequent 6541RCPT command in that transaction. 6542.ip BlankSub=\fIc\fP 6543[B] 6544Set the blank substitution character to 6545.i c . 6546Unquoted spaces in addresses are replaced by this character. 6547Defaults to space (i.e., no change is made). 6548.ip CACertPath 6549[no short name] 6550Path to directory with certificates of CAs. 6551This directory directory must contain the hashes of each CA certificate 6552as filenames (or as links to them). 6553.ip CACertFile 6554[no short name] 6555File containing one or more CA certificates; 6556see section about STARTTLS for more information. 6557.ip CheckAliases 6558[n] 6559Validate the RHS of aliases when rebuilding the alias database. 6560.ip CheckpointInterval=\fIN\fP 6561[C] 6562Checkpoints the queue every 6563.i N 6564(default 10) 6565addresses sent. 6566If your system crashes during delivery to a large list, 6567this prevents retransmission to any but the last 6568.i N 6569recipients. 6570.ip ClassFactor=\fIfact\fP 6571[z] 6572The indicated 6573.i fact or 6574is multiplied by the message class 6575(determined by the Precedence: field in the user header 6576and the 6577.b P 6578lines in the configuration file) 6579and subtracted from the priority. 6580Thus, messages with a higher Priority: will be favored. 6581Defaults to 1800. 6582.ip ClientCertFile 6583[no short name] 6584File containing the certificate of the client, i.e., this certificate 6585is used when 6586.i sendmail 6587acts as client (for STARTTLS). 6588.ip ClientKeyFile 6589[no short name] 6590File containing the private key belonging to the client certificate 6591(for STARTTLS if 6592.i sendmail 6593runs as client). 6594.ip ClientPortOptions=\fIoptions\fP 6595[O] 6596Set client SMTP options. 6597The options are 6598.i key=value 6599pairs separated by commas. 6600Known keys are: 6601.(b 6602.ta 1i 6603Port Name/number of source port for connection (defaults to any free port) 6604Addr Address mask (defaults INADDR_ANY) 6605Family Address family (defaults to INET) 6606SndBufSize Size of TCP send buffer 6607RcvBufSize Size of TCP receive buffer 6608Modifier Options (flags) for the client 6609.)b 6610The 6611.i Addr ess 6612mask may be a numeric address in dot notation 6613or a network name. 6614.i Modifier 6615can be the following character: 6616.(b 6617.ta 1i 6618h use name of interface for HELO command 6619A don't use AUTH when sending e-mail 6620S don't use STARTTLS when sending e-mail 6621.)b 6622If ``h'' is set, the name corresponding to the outgoing interface 6623address (whether chosen via the Connection parameter or 6624the default) is used for the HELO/EHLO command. 6625However, the name must not start with a square bracket 6626and it must contain at least one dot. 6627This is a simple test whether the name is not 6628an IP address (in square brackets) but a qualified hostname. 6629Note that multiple ClientPortOptions settings are allowed 6630in order to give settings for each protocol family 6631(e.g., one for Family=inet and one for Family=inet6). 6632A restriction placed on one family only affects 6633outgoing connections on that particular family. 6634.ip ColonOkInAddr 6635[no short name] 6636If set, colons are acceptable in e-mail addresses 6637(e.g., 6638.q host:user ). 6639If not set, colons indicate the beginning of a RFC 822 group construct 6640(\c 6641.q "groupname: member1, member2, ... memberN;" ). 6642Doubled colons are always acceptable 6643(\c 6644.q nodename::user ) 6645and proper route-addr nesting is understood 6646(\c 6647.q <@relay:user@host> ). 6648Furthermore, this option defaults on if the configuration version level 6649is less than 6 (for back compatibility). 6650However, it must be off for full compatibility with RFC 822. 6651.ip ConnectionCacheSize=\fIN\fP 6652[k] 6653The maximum number of open connections that will be cached at a time. 6654The default is one. 6655This delays closing the current connection until 6656either this invocation of 6657.i sendmail 6658needs to connect to another host 6659or it terminates. 6660Setting it to zero defaults to the old behavior, 6661that is, connections are closed immediately. 6662Since this consumes file descriptors, 6663the connection cache should be kept small: 66644 is probably a practical maximum. 6665.ip ConnectionCacheTimeout=\fItimeout\fP 6666[K] 6667The maximum amount of time a cached connection will be permitted to idle 6668without activity. 6669If this time is exceeded, 6670the connection is immediately closed. 6671This value should be small (on the order of ten minutes). 6672Before 6673.i sendmail 6674uses a cached connection, 6675it always sends a RSET command 6676to check the connection; 6677if this fails, it reopens the connection. 6678This keeps your end from failing if the other end times out. 6679The point of this option is to be a good network neighbor 6680and avoid using up excessive resources 6681on the other end. 6682The default is five minutes. 6683.ip ConnectOnlyTo=\fIaddress\fP 6684[no short name] 6685This can be used to 6686override the connection address (for testing purposes). 6687.ip ConnectionRateThrottle=\fIN\fP 6688[no short name] 6689If set to a positive value, 6690allow no more than 6691.i N 6692incoming connections in a one second period per daemon. 6693This is intended to flatten out peaks 6694and allow the load average checking to cut in. 6695Defaults to zero (no limits). 6696.ip ConnectionRateWindowSize=\fIN\fP 6697[no short name] 6698Define the length of the interval for which 6699the number of incoming connections is maintained. 6700The default is 60 seconds. 6701.ip ControlSocketName=\fIname\fP 6702[no short name] 6703Name of the control socket for daemon management. 6704A running 6705.i sendmail 6706daemon can be controlled through this named socket. 6707Available commands are: 6708.i help, 6709.i mstat, 6710.i restart, 6711.i shutdown, 6712and 6713.i status. 6714The 6715.i status 6716command returns the current number of daemon children, 6717the maximum number of daemon children, 6718the free disk space (in blocks) of the queue directory, 6719and the load average of the machine expressed as an integer. 6720If not set, no control socket will be available. 6721Solaris and pre-4.4BSD kernel users should see the note in sendmail/README . 6722.ip CRLFile=\fIname\fP 6723[no short name] 6724Name of file that contains certificate 6725revocation status, useful for X.509v3 authentication. 6726CRL checking requires at least OpenSSL version 0.9.7. 6727Note: if a CRLFile is specified but the file is unusable, 6728STARTTLS is disabled. 6729.ip DHParameters 6730Possible values are: 6731.(b 6732.ta 1i 67335 use 512 bit prime 67341 use 1024 bit prime 6735none do not use Diffie-Hellman 6736NAME load prime from file 6737.)b 6738This is only required if a ciphersuite containing DSA/DH is used. 6739If ``5'' is selected, then precomputed, fixed primes are used. 6740This is the default for the client side. 6741If ``1'' is selected, then prime values are computed during startup. 6742This is the default for the server side. 6743Note: this operation can take a significant amount of time on a 6744slow machine (several seconds), but it is only done once at startup. 6745If ``none'' is selected, then TLS ciphersuites containing DSA/DH 6746cannot be used. 6747If a file name is specified (which must be an absolute path), 6748then the primes are read from it. 6749.ip DaemonPortOptions=\fIoptions\fP 6750[O] 6751Set server SMTP options. 6752Each instance of 6753.b DaemonPortOptions 6754leads to an additional incoming socket. 6755The options are 6756.i key=value 6757pairs. 6758Known keys are: 6759.(b 6760.ta 1i 6761Name User-definable name for the daemon (defaults to "Daemon#") 6762Port Name/number of listening port (defaults to "smtp") 6763Addr Address mask (defaults INADDR_ANY) 6764Family Address family (defaults to INET) 6765InputMailFilters List of input mail filters for the daemon 6766Listen Size of listen queue (defaults to 10) 6767Modifier Options (flags) for the daemon 6768SndBufSize Size of TCP send buffer 6769RcvBufSize Size of TCP receive buffer 6770children maximum number of children per daemon, see \fBMaxDaemonChildren\fP. 6771DeliveryMode Delivery mode per daemon, see \fBDeliveryMode\fP. 6772refuseLA RefuseLA per daemon 6773delayLA DelayLA per daemon 6774queueLA QueueLA per daemon 6775.)b 6776The 6777.i Name 6778key is used for error messages and logging. 6779The 6780.i Addr ess 6781mask may be a numeric address in dot notation 6782or a network name. 6783The 6784.i Family 6785key defaults to INET (IPv4). 6786IPv6 users who wish to also accept IPv6 connections 6787should add additional Family=inet6 6788.b DaemonPortOptions 6789lines. 6790The 6791.i InputMailFilters 6792key overrides the default list of input mail filters listed in the 6793.b InputMailFilters 6794option. 6795If multiple input mail filters are required, they must be separated 6796by semicolons (not commas). 6797.i Modifier 6798can be a sequence (without any delimiters) 6799of the following characters: 6800.(b 6801.ta 1i 6802a always require authentication 6803b bind to interface through which mail has been received 6804c perform hostname canonification (.cf) 6805f require fully qualified hostname (.cf) 6806s Run smtps (SMTP over SSL) instead of smtp 6807u allow unqualified addresses (.cf) 6808A disable AUTH (overrides 'a' modifier) 6809C don't perform hostname canonification 6810E disallow ETRN (see RFC 2476) 6811O optional; if opening the socket fails ignore it 6812S don't offer STARTTLS 6813.)b 6814That is, one way to specify a message submission agent (MSA) that 6815always requires authentication is: 6816.(b 6817O DaemonPortOptions=Name=MSA, Port=587, M=Ea 6818.)b 6819The modifiers that are marked with "(.cf)" have only 6820effect in the standard configuration file, in which 6821they are available via 6822.b ${daemon_flags} . 6823Notice: Do 6824.b not 6825use the ``a'' modifier on a public accessible MTA! 6826It should only be used for a MSA that is accessed by authorized 6827users for initial mail submission. 6828Users must authenticate to use a MSA which has this option turned on. 6829The flags ``c'' and ``C'' can change the default for 6830hostname canonification in the 6831.i sendmail.cf 6832file. 6833See the relevant documentation for 6834.sm FEATURE(nocanonify) . 6835The modifier ``f'' disallows addresses of the form 6836.b user@host 6837unless they are submitted directly. 6838The flag ``u'' allows unqualified sender addresses, 6839i.e., those without @host. 6840``b'' forces sendmail to bind to the interface 6841through which the e-mail has been 6842received for the outgoing connection. 6843.b WARNING: 6844Use ``b'' 6845only if outgoing mail can be routed through the incoming connection's 6846interface to its destination. No attempt is made to catch problems due to a 6847misconfiguration of this parameter, use it only for virtual hosting 6848where each virtual interface can connect to every possible location. 6849This will also override possible settings via 6850.b ClientPortOptions. 6851Note, 6852.i sendmail 6853will listen on a new socket 6854for each occurence of the 6855.b DaemonPortOptions 6856option in a configuration file. 6857The modifier ``O'' causes sendmail to ignore a socket 6858if it can't be opened. 6859This applies to failures from the socket(2) and bind(2) calls. 6860.ip DefaultAuthInfo 6861[no short name] 6862Filename that contains default authentication information for outgoing 6863connections. This file must contain the user id, the authorization id, 6864the password (plain text), the realm and the list of mechanisms to use 6865on separate lines and must be readable by 6866root (or the trusted user) only. 6867If no realm is specified, 6868.b $j 6869is used. 6870If no mechanisms are specified, the list given by 6871.b AuthMechanisms 6872is used. 6873Notice: this option is deprecated and will be removed in future versions. 6874Moreover, it doesn't work for the MSP since it can't read the file 6875(the file must not be group/world-readable otherwise 6876.i sendmail 6877will complain). 6878Use the authinfo ruleset instead which provides more control over 6879the usage of the data anyway. 6880.ip DefaultCharSet=\fIcharset\fP 6881[no short name] 6882When a message that has 8-bit characters but is not in MIME format 6883is converted to MIME 6884(see the EightBitMode option) 6885a character set must be included in the Content-Type: header. 6886This character set is normally set from the Charset= field 6887of the mailer descriptor. 6888If that is not set, the value of this option is used. 6889If this option is not set, the value 6890.q unknown-8bit 6891is used. 6892.ip DataFileBufferSize=\fIthreshold\fP 6893[no short name] 6894Set the 6895.i threshold , 6896in bytes, 6897before a memory-based 6898queue data file 6899becomes disk-based. 6900The default is 4096 bytes. 6901.ip DeadLetterDrop=\fIfile\fP 6902[no short name] 6903Defines the location of the system-wide dead.letter file, 6904formerly hardcoded to /usr/tmp/dead.letter. 6905If this option is not set (the default), 6906sendmail will not attempt to save to a system-wide dead.letter file 6907in the event 6908it cannot bounce the mail to the user or postmaster. 6909Instead, it will rename the qf file 6910as it has in the past 6911when the dead.letter file could not be opened. 6912.ip DefaultUser=\fIuser:group\fP 6913[u] 6914Set the default userid for mailers to 6915.i user:group . 6916If 6917.i group 6918is omitted and 6919.i user 6920is a user name 6921(as opposed to a numeric user id) 6922the default group listed in the /etc/passwd file for that user is used 6923as the default group. 6924Both 6925.i user 6926and 6927.i group 6928may be numeric. 6929Mailers without the 6930.i S 6931flag in the mailer definition 6932will run as this user. 6933Defaults to 1:1. 6934The value can also be given as a symbolic user name.\** 6935.(f 6936\*The old 6937.b g 6938option has been combined into the 6939.b DefaultUser 6940option. 6941.)f 6942.ip DelayLA=\fILA\fP 6943[no short name] 6944When the system load average exceeds 6945.i LA , 6946.i sendmail 6947will sleep for one second on most SMTP commands and 6948before accepting connections. 6949.ip DeliverByMin=\fItime\fP 6950[0] 6951Set minimum time for Deliver By SMTP Service Extension (RFC 2852). 6952If 0, no time is listed, if less than 0, the extension is not offered, 6953if greater than 0, it is listed as minimum time 6954for the EHLO keyword DELIVERBY. 6955.ip DeliveryMode=\fIx\fP 6956[d] 6957Deliver in mode 6958.i x . 6959Legal modes are: 6960.(b 6961.ta 4n 6962i Deliver interactively (synchronously) 6963b Deliver in background (asynchronously) 6964q Just queue the message (deliver during queue run) 6965d Defer delivery and all map lookups (deliver during queue run) 6966.)b 6967Defaults to ``b'' if no option is specified, 6968``i'' if it is specified but given no argument 6969(i.e., ``Od'' is equivalent to ``Odi''). 6970The 6971.b \-v 6972command line flag sets this to 6973.b i . 6974Note: for internal reasons, 6975``i'' does not work 6976if a milter is enabled which can reject or delete recipients. 6977In that case the mode will be changed to ``b''. 6978.ip DialDelay=\fIsleeptime\fP 6979[no short name] 6980Dial-on-demand network connections can see timeouts 6981if a connection is opened before the call is set up. 6982If this is set to an interval and a connection times out 6983on the first connection being attempted 6984.i sendmail 6985will sleep for this amount of time and try again. 6986This should give your system time to establish the connection 6987to your service provider. 6988Units default to seconds, so 6989.q DialDelay=5 6990uses a five second delay. 6991Defaults to zero 6992(no retry). 6993This delay only applies to mailers which have the 6994Z flag set. 6995.ip DirectSubmissionModifiers=\fImodifiers\fP 6996Defines 6997.b ${daemon_flags} 6998for direct (command line) submissions. 6999If not set, 7000.b ${daemon_flags} 7001is either "CC f" if the option 7002.b \-G 7003is used or "c u" otherwise. 7004Note that only the the "CC", "c", "f", and "u" flags are checked. 7005.ip DontBlameSendmail=\fIoption,option,...\fP 7006[no short name] 7007In order to avoid possible cracking attempts 7008caused by world- and group-writable files and directories, 7009.i sendmail 7010does paranoid checking when opening most of its support files. 7011If for some reason you absolutely must run with, 7012for example, 7013a group-writable 7014.i /etc 7015directory, 7016then you will have to turn off this checking 7017(at the cost of making your system more vulnerable to attack). 7018The possible arguments have been described earlier. 7019The details of these flags are described above. 7020.\"XXX should have more here!!! XXX 7021.b "Use of this option is not recommended." 7022.ip DontExpandCnames 7023[no short name] 7024The standards say that all host addresses used in a mail message 7025must be fully canonical. 7026For example, if your host is named 7027.q Cruft.Foo.ORG 7028and also has an alias of 7029.q FTP.Foo.ORG , 7030the former name must be used at all times. 7031This is enforced during host name canonification 7032($[ ... $] lookups). 7033If this option is set, the protocols are ignored and the 7034.q wrong 7035thing is done. 7036However, the IETF is moving toward changing this standard, 7037so the behavior may become acceptable. 7038Please note that hosts downstream may still rewrite the address 7039to be the true canonical name however. 7040.ip DontInitGroups 7041[no short name] 7042If set, 7043.i sendmail 7044will avoid using the initgroups(3) call. 7045If you are running NIS, 7046this causes a sequential scan of the groups.byname map, 7047which can cause your NIS server to be badly overloaded in a large domain. 7048The cost of this is that the only group found for users 7049will be their primary group (the one in the password file), 7050which will make file access permissions somewhat more restrictive. 7051Has no effect on systems that don't have group lists. 7052.ip DontProbeInterfaces 7053[no short name] 7054.i Sendmail 7055normally finds the names of all interfaces active on your machine 7056when it starts up 7057and adds their name to the 7058.b $=w 7059class of known host aliases. 7060If you have a large number of virtual interfaces 7061or if your DNS inverse lookups are slow 7062this can be time consuming. 7063This option turns off that probing. 7064However, you will need to be certain to include all variant names 7065in the 7066.b $=w 7067class by some other mechanism. 7068If set to 7069.b loopback , 7070loopback interfaces (e.g., lo0) will not be probed. 7071.ip DontPruneRoutes 7072[R] 7073Normally, 7074.i sendmail 7075tries to eliminate any unnecessary explicit routes 7076when sending an error message 7077(as discussed in RFC 1123 \(sc 5.2.6). 7078For example, 7079when sending an error message to 7080.(b 7081<@known1,@known2,@known3:user@unknown> 7082.)b 7083.i sendmail 7084will strip off the 7085.q @known1,@known2 7086in order to make the route as direct as possible. 7087However, if the 7088.b R 7089option is set, this will be disabled, 7090and the mail will be sent to the first address in the route, 7091even if later addresses are known. 7092This may be useful if you are caught behind a firewall. 7093.ip DoubleBounceAddress=\fIerror-address\fP 7094[no short name] 7095If an error occurs when sending an error message, 7096send the error report 7097(termed a 7098.q "double bounce" 7099because it is an error 7100.q bounce 7101that occurs when trying to send another error 7102.q bounce ) 7103to the indicated address. 7104The address is macro expanded 7105at the time of delivery. 7106If not set, defaults to 7107.q postmaster . 7108If set to an empty string, double bounces are dropped. 7109.ip EightBitMode=\fIaction\fP 7110[8] 7111Set handling of eight-bit data. 7112There are two kinds of eight-bit data: 7113that declared as such using the 7114.b BODY=8BITMIME 7115ESMTP declaration or the 7116.b \-B8BITMIME 7117command line flag, 7118and undeclared 8-bit data, that is, 7119input that just happens to be eight bits. 7120There are three basic operations that can happen: 7121undeclared 8-bit data can be automatically converted to 8BITMIME, 7122undeclared 8-bit data can be passed as-is without conversion to MIME 7123(``just send 8''), 7124and declared 8-bit data can be converted to 7-bits 7125for transmission to a non-8BITMIME mailer. 7126The possible 7127.i action s 7128are: 7129.(b 7130.\" r Reject undeclared 8-bit data; 7131.\" don't convert 8BITMIME\(->7BIT (``reject'') 7132* s Reject undeclared 8-bit data (``strict'') 7133.\" do convert 8BITMIME\(->7BIT (``strict'') 7134.\" c Convert undeclared 8-bit data to MIME; 7135.\" don't convert 8BITMIME\(->7BIT (``convert'') 7136 m Convert undeclared 8-bit data to MIME (``mime'') 7137.\" do convert 8BITMIME\(->7BIT (``mime'') 7138.\" j Pass undeclared 8-bit data; 7139.\" don't convert 8BITMIME\(->7BIT (``just send 8'') 7140 p Pass undeclared 8-bit data (``pass'') 7141.\" do convert 8BITMIME\(->7BIT (``pass'') 7142.\" a Adaptive algorithm: see below 7143.)b 7144.\"The adaptive algorithm is to accept 8-bit data, 7145.\"converting it to 8BITMIME only if the receiver understands that, 7146.\"otherwise just passing it as undeclared 8-bit data; 7147.\"8BITMIME\(->7BIT conversions are done. 7148In all cases properly declared 8BITMIME data will be converted to 7BIT 7149as needed. 7150.ip ErrorHeader=\fIfile-or-message\fP 7151[E] 7152Prepend error messages with the indicated message. 7153If it begins with a slash, 7154it is assumed to be the pathname of a file 7155containing a message (this is the recommended setting). 7156Otherwise, it is a literal message. 7157The error file might contain the name, email address, and/or phone number 7158of a local postmaster who could provide assistance 7159to end users. 7160If the option is missing or null, 7161or if it names a file which does not exist or which is not readable, 7162no message is printed. 7163.ip ErrorMode=\fIx\fP 7164[e] 7165Dispose of errors using mode 7166.i x . 7167The values for 7168.i x 7169are: 7170.(b 7171p Print error messages (default) 7172q No messages, just give exit status 7173m Mail back errors 7174w Write back errors (mail if user not logged in) 7175e Mail back errors (when applicable) and give zero exit stat always 7176.)b 7177Note that the last mode, 7178.q e , 7179is for Berknet error processing and 7180should not be used in normal circumstances. 7181Note, too, that mode 7182.q q , 7183only applies to errors recognized before sendmail forks for 7184background delivery. 7185.ip FallbackMXhost=\fIfallbackhost\fP 7186[V] 7187If specified, the 7188.i fallbackhost 7189acts like a very low priority MX 7190on every host. 7191MX records will be looked up for this host, 7192unless the name is surrounded by square brackets. 7193This is intended to be used by sites with poor network connectivity. 7194Messages which are undeliverable due to temporary address failures 7195(e.g., DNS failure) 7196also go to the FallbackMXhost. 7197.ip FallBackSmartHost=\fIhostname\fP 7198If specified, the 7199.i FallBackSmartHost 7200will be used in a last-ditch effort for each host. 7201This is intended to be used by sites with "fake internal DNS", 7202e.g., a company whose DNS accurately reflects the world 7203inside that company's domain but not outside. 7204.ip FastSplit 7205[no short name] 7206If set to a value greater than zero (the default is one), 7207it suppresses the MX lookups on addresses 7208when they are initially sorted, i.e., for the first delivery attempt. 7209This usually results in faster envelope splitting unless the MX records 7210are readily available in a local DNS cache. 7211To enforce initial sorting based on MX records set 7212.b FastSplit 7213to zero. 7214If the mail is submitted directly from the command line, then 7215the value also limits the number of processes to deliver the envelopes; 7216if more envelopes are created they are only queued up 7217and must be taken care of by a queue run. 7218Since the default submission method is via SMTP (either from a MUA 7219or via the MSP), the value of 7220.b FastSplit 7221is seldom used to limit the number of processes to deliver the envelopes. 7222.ip ForkEachJob 7223[Y] 7224If set, 7225deliver each job that is run from the queue in a separate process. 7226.ip ForwardPath=\fIpath\fP 7227[J] 7228Set the path for searching for users' .forward files. 7229The default is 7230.q $z/.forward . 7231Some sites that use the automounter may prefer to change this to 7232.q /var/forward/$u 7233to search a file with the same name as the user in a system directory. 7234It can also be set to a sequence of paths separated by colons; 7235.i sendmail 7236stops at the first file it can successfully and safely open. 7237For example, 7238.q /var/forward/$u:$z/.forward 7239will search first in /var/forward/\c 7240.i username 7241and then in 7242.i ~username /.forward 7243(but only if the first file does not exist). 7244.ip HeloName=\fIname\fP 7245[no short name] 7246Set the name to be used for HELO/EHLO (instead of $j). 7247.ip HoldExpensive 7248[c] 7249If an outgoing mailer is marked as being expensive, 7250don't connect immediately. 7251.ip HostsFile=\fIpath\fP 7252[no short name] 7253The path to the hosts database, 7254normally 7255.q /etc/hosts . 7256This option is only consulted when sendmail 7257is canonifying addresses, 7258and then only when 7259.q files 7260is in the 7261.q hosts 7262service switch entry. 7263In particular, this file is 7264.i never 7265used when looking up host addresses; 7266that is under the control of the system 7267.i gethostbyname (3) 7268routine. 7269.ip HostStatusDirectory=\fIpath\fP 7270[no short name] 7271The location of the long term host status information. 7272When set, 7273information about the status of hosts 7274(e.g., host down or not accepting connections) 7275will be shared between all 7276.i sendmail 7277processes; 7278normally, this information is only held within a single queue run. 7279This option requires a connection cache of at least 1 to function. 7280If the option begins with a leading `/', 7281it is an absolute pathname; 7282otherwise, 7283it is relative to the mail queue directory. 7284A suggested value for sites desiring persistent host status is 7285.q \&.hoststat 7286(i.e., a subdirectory of the queue directory). 7287.ip IgnoreDots 7288[i] 7289Ignore dots in incoming messages. 7290This is always disabled (that is, dots are always accepted) 7291when reading SMTP mail. 7292.ip InputMailFilters=\fIname,name,...\fP 7293A comma separated list of filters which determines which filters 7294(see the "X \- Mail Filter (Milter) Definitions" section) 7295and the invocation sequence are contacted for incoming SMTP messages. 7296If none are set, no filters will be contacted. 7297.ip LDAPDefaultSpec=\fIspec\fP 7298[no short name] 7299Sets a default map specification for LDAP maps. 7300The value should only contain LDAP specific settings 7301such as 7302.q "-h host -p port -d bindDN" . 7303The settings will be used for all LDAP maps 7304unless the individual map specification overrides a setting. 7305This option should be set before any LDAP maps are defined. 7306.ip LogLevel=\fIn\fP 7307[L] 7308Set the log level to 7309.i n . 7310Defaults to 9. 7311.ip M\fIx\\|value\fP 7312[no long version] 7313Set the macro 7314.i x 7315to 7316.i value . 7317This is intended only for use from the command line. 7318The 7319.b \-M 7320flag is preferred. 7321.ip MailboxDatabase 7322[no short name] 7323Type of lookup to find information about local mailboxes, 7324defaults to ``pw'' which uses 7325.i getpwnam . 7326Other types can be introduced by adding them to the source code, 7327see libsm/mbdb.c for details. 7328.ip UseMSP 7329[no short name] 7330Use as mail submission program, i.e., 7331allow group writable queue files 7332if the group is the same as that of a set-group-ID sendmail binary. 7333See the file 7334.b sendmail/SECURITY 7335in the distribution tarball. 7336.ip MatchGECOS 7337[G] 7338Allow fuzzy matching on the GECOS field. 7339If this flag is set, 7340and the usual user name lookups fail 7341(that is, there is no alias with this name and a 7342.i getpwnam 7343fails), 7344sequentially search the password file 7345for a matching entry in the GECOS field. 7346This also requires that MATCHGECOS 7347be turned on during compilation. 7348This option is not recommended. 7349.ip MaxAliasRecursion=\fIN\fP 7350[no short name] 7351The maximum depth of alias recursion (default: 10). 7352.ip MaxDaemonChildren=\fIN\fP 7353[no short name] 7354If set, 7355.i sendmail 7356will refuse connections when it has more than 7357.i N 7358children processing incoming mail or automatic queue runs. 7359This does not limit the number of outgoing connections. 7360If the default 7361.b DeliveryMode 7362(background) is used, then 7363.i sendmail 7364may create an almost unlimited number of children 7365(depending on the number of transactions and the 7366relative execution times of mail receiption and mail delivery). 7367If the limit should be enforced, then a 7368.b DeliveryMode 7369other than background must be used. 7370If not set, there is no limit to the number of children -- 7371that is, the system load average controls this. 7372.ip MaxHeadersLength=\fIN\fP 7373[no short name] 7374The maximum length of the sum of all headers. 7375This can be used to prevent a denial of service attack. 7376The default is no limit. 7377.ip MaxHopCount=\fIN\fP 7378[h] 7379The maximum hop count. 7380Messages that have been processed more than 7381.i N 7382times are assumed to be in a loop and are rejected. 7383Defaults to 25. 7384.ip MaxMessageSize=\fIN\fP 7385[no short name] 7386Specify the maximum message size 7387to be advertised in the ESMTP EHLO response. 7388Messages larger than this will be rejected. 7389If set to a value greater than zero, 7390that value will be listed in the SIZE response, 7391otherwise SIZE is advertised in the ESMTP EHLO response 7392without a parameter. 7393.ip MaxMimeHeaderLength=\fIN[/M]\fP 7394[no short name] 7395Sets the maximum length of certain MIME header field values to 7396.i N 7397characters. 7398These MIME header fields are determined by being a member of 7399class {checkMIMETextHeaders}, which currently contains only 7400the header Content-Description. 7401For some of these headers which take parameters, 7402the maximum length of each parameter is set to 7403.i M 7404if specified. If 7405.i /M 7406is not specified, one half of 7407.i N 7408will be used. 7409By default, 7410these values are 2048 and 1024, respectively. 7411To allow any length, a value of 0 can be specified. 7412.ip MaxNOOPCommands=\fIN\fP 7413Override the default of 7414.b MAXNOOPCOMMANDS 7415for the number of 7416.i useless 7417commands, see Section 7418"Measures against Denial of Service Attacks". 7419.ip MaxQueueChildren=\fIN\fP 7420[no short name] 7421When set, this limits the number of concurrent queue runner processes to 7422.i N. 7423This helps to control the amount of system resources used when processing 7424the queue. When there are multiple queue groups defined and the total number 7425of queue runners for these queue groups would exceed 7426.i MaxQueueChildren 7427then the queue groups will not all run concurrently. That is, some portion 7428of the queue groups will run concurrently such that 7429.i MaxQueueChildren 7430will not be exceeded, while the remaining queue groups will be run later (in 7431round robin order). See also 7432.i MaxRunnersPerQueue 7433and the section \fBQueue Group Declaration\fP. 7434Notice: 7435.i sendmail 7436does not count individual queue runners, but only sets of processes 7437that act on a workgroup. 7438Hence the actual number of queue runners may be lower than the limit 7439imposed by 7440.i MaxQueueChildren . 7441This discrepancy can be large if some queue runners have to wait 7442for a slow server and if short intervals are used. 7443.ip MaxQueueRunSize=\fIN\fP 7444[no short name] 7445The maximum number of jobs that will be processed 7446in a single queue run. 7447If not set, there is no limit on the size. 7448If you have very large queues or a very short queue run interval 7449this could be unstable. 7450However, since the first 7451.i N 7452jobs in queue directory order are run (rather than the 7453.i N 7454highest priority jobs) 7455this should be set as high as possible to avoid 7456.q losing 7457jobs that happen to fall late in the queue directory. 7458Note: this option also restricts the number of entries printed by 7459.i mailq . 7460That is, if 7461.i MaxQueueRunSize 7462is set to a value 7463.b N 7464larger than zero, 7465then only 7466.b N 7467entries are printed per queue group. 7468.ip MaxRecipientsPerMessage=\fIN\fP 7469[no short name] 7470The maximum number of recipients that will be accepted per message 7471in an SMTP transaction. 7472Note: setting this too low can interfere with sending mail from 7473MUAs that use SMTP for initial submission. 7474If not set, there is no limit on the number of recipients per envelope. 7475.ip MaxRunnersPerQueue=\fIN\fP 7476[no short name] 7477This sets the default maximum number of queue runners for queue groups. 7478Up to 7479.i N 7480queue runners will work in parallel on a queue group's messages. 7481This is useful where the processing of a message in the queue might 7482delay the processing of subsequent messages. Such a delay may be the result 7483of non-erroneous situations such as a low bandwidth connection. 7484May be overridden on a per queue group basis by setting the 7485.i Runners 7486option; see the section \fBQueue Group Declaration\fP. 7487The default is 1 when not set. 7488.ip MeToo 7489[m] 7490Send to me too, 7491even if I am in an alias expansion. 7492This option is deprecated 7493and will be removed from a future version. 7494.ip Milter 7495[no short name] 7496This option has several sub(sub)options. 7497The names of the suboptions are separated by dots. 7498At the first level the following options are available: 7499.(b 7500.ta \w'LogLevel'u+3n 7501LogLevel Log level for input mail filter actions, defaults to LogLevel. 7502macros Specifies list of macro to transmit to filters. 7503* See list below. 7504.)b 7505The ``macros'' option has the following suboptions 7506which specify the list of macro to transmit to milters 7507after a certain event occurred. 7508.(b 7509.ta \w'envfrom'u+3n 7510connect After session connection start 7511helo After EHLO/HELO command 7512envfrom After MAIL From command 7513envrcpt After RCPT To command 7514data After DATA command. 7515eoh After DATA command and header 7516eom After DATA command and terminating ``.'' 7517.)b 7518By default the lists of macros are empty. 7519Example: 7520.(b 7521O Milter.LogLevel=12 7522O Milter.macros.connect=j, _, {daemon_name} 7523.)b 7524.ip MinFreeBlocks=\fIN\fP 7525[b] 7526Insist on at least 7527.i N 7528blocks free on the filesystem that holds the queue files 7529before accepting email via SMTP. 7530If there is insufficient space 7531.i sendmail 7532gives a 452 response 7533to the MAIL command. 7534This invites the sender to try again later. 7535.ip MinQueueAge=\fIage\fP 7536[no short name] 7537Don't process any queued jobs 7538that have been in the queue less than the indicated time interval. 7539This is intended to allow you to get responsiveness 7540by processing the queue fairly frequently 7541without thrashing your system by trying jobs too often. 7542The default units are minutes.	6003or on queue runs 6004unless the queued message is selected 6005using one of the -qI/-qR/-qS queue run modifiers 6006or an ETRN request. 6007.pp 6008Configuration files prior to level 6 6009assume the `A', `w', `5', `:', `\|', `/', and `@' options 6010on the mailer named 6011.q local . 6012.pp 6013The mailer with the special name 6014.q error 6015can be used to generate a user error. 6016The (optional) host field is an exit status to be returned, 6017and the user field is a message to be printed. 6018The exit status may be numeric or one of the values 6019USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG 6020to return the corresponding EX_ exit code, 6021or an enhanced error code as described in RFC 1893, 6022.ul 6023Enhanced Mail System Status Codes. 6024For example, the entry: 6025.(b 6026$#error $@ NOHOST $: Host unknown in this domain 6027.)b 6028on the RHS of a rule 6029will cause the specified error to be generated 6030and the 6031.q "Host unknown" 6032exit status to be returned 6033if the LHS matches. 6034This mailer is only functional in rulesets 0, 5, 6035or one of the check_* rulesets. 6036The host field can also contain the special token 6037.b quarantine 6038which instructs sendmail to quarantine the current message. 6039.pp 6040The mailer with the special name 6041.q discard 6042causes any mail sent to it to be discarded 6043but otherwise treated as though it were successfully delivered. 6044This mailer cannot be used in ruleset 0, 6045only in the various address checking rulesets. 6046.pp 6047The mailer named 6048.q local 6049.i must 6050be defined in every configuration file. 6051This is used to deliver local mail, 6052and is treated specially in several ways. 6053Additionally, three other mailers named 6054.q prog , 6055.q file , 6056and 6057.q include 6058may be defined to tune the delivery of messages to programs, 6059files, 6060and :include: lists respectively. 6061They default to: 6062.(b 6063Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u 6064Mfile, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u 6065Minclude, P=/dev/null, F=su, A=INCLUDE $u 6066.)b 6067.pp 6068Builtin pathnames are [FILE] and [IPC], the former is used for 6069delivery to files, the latter for delivery via interprocess communication. 6070For mailers that use [IPC] as pathname the argument vector (A=) 6071must start with TCP or FILE for delivery via a TCP or a Unix domain socket. 6072If TCP is used, the second argument must be the name of the host 6073to contact. 6074Optionally a third argument can be used to specify a port, 6075the default is smtp (port 25). 6076If FILE is used, the second argument must be the name of 6077the Unix domain socket. 6078.pp 6079If the argument vector does not contain $u then 6080.i sendmail 6081will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer. 6082.pp 6083If no Eol field is defined, then the default is "\\r\\n" for 6084SMTP mailers and "\\n" of others. 6085.pp 6086The Sender and Recipient rewriting sets 6087may either be a simple ruleset id 6088or may be two ids separated by a slash; 6089if so, the first rewriting set is applied to envelope 6090addresses 6091and the second is applied to headers. 6092Setting any value to zero disables corresponding mailer-specific rewriting. 6093.pp 6094The Directory 6095is actually a colon-separated path of directories to try. 6096For example, the definition 6097.q D=$z:/ 6098first tries to execute in the recipient's home directory; 6099if that is not available, 6100it tries to execute in the root of the filesystem. 6101This is intended to be used only on the 6102.q prog 6103mailer, 6104since some shells (such as 6105.i csh ) 6106refuse to execute if they cannot read the current directory. 6107Since the queue directory is not normally readable by unprivileged users 6108.i csh 6109scripts as recipients can fail. 6110.pp 6111The Userid 6112specifies the default user and group id to run as, 6113overriding the 6114.b DefaultUser 6115option (q.v.). 6116If the 6117.b S 6118mailer flag is also specified, 6119this user and group will be set as the 6120effective uid and gid for the process. 6121This may be given as 6122.i user:group 6123to set both the user and group id; 6124either may be an integer or a symbolic name to be looked up 6125in the 6126.i passwd 6127and 6128.i group 6129files respectively. 6130If only a symbolic user name is specified, 6131the group id in the 6132.i passwd 6133file for that user is used as the group id. 6134.pp 6135The Charset field 6136is used when converting a message to MIME; 6137this is the character set used in the 6138Content-Type: header. 6139If this is not set, the 6140.b DefaultCharset 6141option is used, 6142and if that is not set, the value 6143.q unknown-8bit 6144is used. 6145.b WARNING: 6146this field applies to the sender's mailer, 6147not the recipient's mailer. 6148For example, if the envelope sender address 6149lists an address on the local network 6150and the recipient is on an external network, 6151the character set will be set from the Charset= field 6152for the local network mailer, 6153not that of the external network mailer. 6154.pp 6155The Type= field 6156sets the type information 6157used in MIME error messages 6158as defined by 6159RFC 1894. 6160It is actually three values separated by slashes: 6161the MTA-type (that is, the description of how hosts are named), 6162the address type (the description of e-mail addresses), 6163and the diagnostic type (the description of error diagnostic codes). 6164Each of these must be a registered value 6165or begin with 6166.q X\- . 6167The default is 6168.q dns/rfc822/smtp . 6169.pp 6170The m= field specifies the maximum number of messages 6171to attempt to deliver on a single SMTP or LMTP connection. 6172The default is infinite. 6173.pp 6174The r= field specifies the maximum number of recipients 6175to attempt to deliver in a single envelope. 6176It defaults to 100. 6177.pp 6178The /= field specifies a new root directory for the mailer. The path is 6179macro expanded and then passed to the 6180.q chroot 6181system call. The root directory is changed before the Directory field is 6182consulted or the uid is changed. 6183.pp 6184The Wait= field specifies the maximum time to wait for the 6185mailer to return after sending all data to it. 6186This applies to mailers that have been forked by 6187.i sendmail . 6188.pp 6189The Queuegroup= field specifies the default queue group in which 6190received mail should be queued. 6191This can be overridden by other means as explained in section 6192``Queue Groups and Queue Directories''. 6193.sh 2 "H \- Define Header" 6194.pp 6195The format of the header lines that 6196.i sendmail 6197inserts into the message 6198are defined by the 6199.b H 6200line. 6201The syntax of this line is one of the following: 6202.(b F 6203.b H \c 6204.i hname \c 6205.b : 6206.i htemplate 6207.)b 6208.(b F 6209.b H [\c 6210.b ? \c 6211.i mflags \c 6212.b ? \c 6213.b ]\c 6214.i hname \c 6215.b : 6216.i htemplate 6217.)b 6218.(b F 6219.b H [\c 6220.b ?$ \c 6221.i {macro} \c 6222.b ? \c 6223.b ]\c 6224.i hname \c 6225.b : 6226.i htemplate 6227.)b 6228Continuation lines in this spec 6229are reflected directly into the outgoing message. 6230The 6231.i htemplate 6232is macro-expanded before insertion into the message. 6233If the 6234.i mflags 6235(surrounded by question marks) 6236are specified, 6237at least one of the specified flags 6238must be stated in the mailer definition 6239for this header to be automatically output. 6240If a 6241.i ${macro} 6242(surrounded by question marks) 6243is specified, 6244the header will be automatically output 6245if the macro is set. 6246The macro may be set using any of the normal methods, 6247including using the 6248.b macro 6249storage map in a ruleset. 6250If one of these headers is in the input 6251it is reflected to the output 6252regardless of these flags or macros. 6253Notice: 6254If a 6255.i ${macro} 6256is used to set a header, then it is useful to add that macro to class 6257.i $={persistentMacros} 6258which consists of the macros that should be saved across queue runs. 6259.pp 6260Some headers have special semantics 6261that will be described later. 6262.pp 6263A secondary syntax allows validation of headers as they are being read. 6264To enable validation, use: 6265.(b 6266.b H \c 6267.i Header \c 6268.b ": $>" \c 6269.i Ruleset 6270.b H \c 6271.i Header \c 6272.b ": $>+" \c 6273.i Ruleset 6274.)b 6275The indicated 6276.i Ruleset 6277is called for the specified 6278.i Header , 6279and can return 6280.b $#error 6281to reject or quarantine the message or 6282.b $#discard 6283to discard the message 6284(as with the other 6285.b check_ 6286rulesets). 6287The ruleset receives the header field-body as argument, 6288i.e., not the header field-name; see also 6289${hdr_name} and ${currHeader}. 6290The header is treated as a structured field, 6291that is, 6292text in parentheses is deleted before processing, 6293unless the second form 6294.b $>+ 6295is used. 6296Note: only one ruleset can be associated with a header; 6297.i sendmail 6298will silently ignore multiple entries. 6299.pp 6300For example, the configuration lines: 6301.(b 6302HMessage-Id: $>CheckMessageId 6303 6304SCheckMessageId 6305R< $+ @ $+ > $@ OK 6306R$* $#error $: Illegal Message-Id header 6307.)b 6308would refuse any message that had a Message-Id: header of any of the 6309following forms: 6310.(b 6311Message-Id: <> 6312Message-Id: some text 6313Message-Id: <legal text@domain> extra crud 6314.)b 6315A default ruleset that is called for headers which don't have a 6316specific ruleset defined for them can be specified by: 6317.(b 6318.b H \c 6319.i * \c 6320.b ": $>" \c 6321.i Ruleset 6322.)b 6323or 6324.(b 6325.b H \c 6326.i * \c 6327.b ": $>+" \c 6328.i Ruleset 6329.)b 6330.sh 2 "O \- Set Option" 6331.pp 6332There are a number of global options that 6333can be set from a configuration file. 6334Options are represented by full words; 6335some are also representable as single characters for back compatibility. 6336The syntax of this line is: 6337.(b F 6338.b O \0 6339.i option \c 6340.b = \c 6341.i value 6342.)b 6343This sets option 6344.i option 6345to be 6346.i value . 6347Note that there 6348.i must 6349be a space between the letter `O' and the name of the option. 6350An older version is: 6351.(b F 6352.b O \c 6353.i o\\|value 6354.)b 6355where the option 6356.i o 6357is a single character. 6358Depending on the option, 6359.i value 6360may be a string, an integer, 6361a boolean 6362(with legal values 6363.q t , 6364.q T , 6365.q f , 6366or 6367.q F ; 6368the default is TRUE), 6369or 6370a time interval. 6371.pp 6372All filenames used in options should be absolute paths, 6373i.e., starting with '/'. 6374Relative filenames most likely cause surprises during operation 6375(unless otherwise noted). 6376.pp 6377The options supported (with the old, one character names in brackets) are: 6378.nr ii 1i 6379.ip "AliasFile=\fIspec, spec, ...\fP" 6380[A] 6381Specify possible alias file(s). 6382Each 6383.i spec 6384should be in the format 6385``\c 6386.i class \c 6387.b : 6388.i info '' 6389where 6390.i class \c 6391.b : 6392is optional and defaults to ``implicit''. 6393Note that 6394.i info 6395is required for all 6396.i class es 6397except 6398.q ldap . 6399For the 6400.q ldap 6401class, 6402if 6403.i info 6404is not specified, 6405a default 6406.i info 6407value is used as follows: 6408.(b 6409\-k (&(objectClass=sendmailMTAAliasObject) 6410* (sendmailMTAAliasName=aliases) 6411 (\|(sendmailMTACluster=${sendmailMTACluster}) 6412 (sendmailMTAHost=$j)) 6413 (sendmailMTAKey=%0)) 6414\-v sendmailMTAAliasValue 6415.)b 6416Depending on how 6417.i sendmail 6418is compiled, valid classes are 6419.q implicit 6420(search through a compiled-in list of alias file types, 6421for back compatibility), 6422.q hash 6423(if 6424.sm NEWDB 6425is specified), 6426.q btree 6427(if 6428.sm NEWDB 6429is specified), 6430.q dbm 6431(if 6432.sm NDBM 6433is specified), 6434.q stab 6435(internal symbol table \- not normally used 6436unless you have no other database lookup), 6437.q sequence 6438(use a sequence of maps 6439previously declared), 6440.q ldap 6441(if 6442.sm LDAPMAP 6443is specified), 6444or 6445.q nis 6446(if 6447.sm NIS 6448is specified). 6449If a list of 6450.i spec s 6451are provided, 6452.i sendmail 6453searches them in order. 6454.ip AliasWait=\fItimeout\fP 6455[a] 6456If set, 6457wait up to 6458.i timeout 6459(units default to minutes) 6460for an 6461.q @:@ 6462entry to exist in the alias database 6463before starting up. 6464If it does not appear in the 6465.i timeout 6466interval issue a warning. 6467.ip AllowBogusHELO 6468[no short name] 6469If set, allow HELO SMTP commands that don't include a host name. 6470Setting this violates RFC 1123 section 5.2.5, 6471but is necessary to interoperate with several SMTP clients. 6472If there is a value, it is still checked for legitimacy. 6473.ip AuthMaxBits=\fIN\fP 6474[no short name] 6475Limit the maximum encryption strength for the security layer in 6476SMTP AUTH (SASL). Default is essentially unlimited. 6477This allows to turn off additional encryption in SASL if 6478STARTTLS is already encrypting the communication, because the 6479existing encryption strength is taken into account when choosing 6480an algorithm for the security layer. 6481For example, if STARTTLS is used and the symmetric cipher is 3DES, 6482then the the keylength (in bits) is 168. 6483Hence setting 6484.b AuthMaxBits 6485to 168 will disable any encryption in SASL. 6486.ip AuthMechanisms 6487[no short name] 6488List of authentication mechanisms for AUTH (separated by spaces). 6489The advertised list of authentication mechanisms will be the 6490intersection of this list and the list of available mechanisms as 6491determined by the Cyrus SASL library. 6492If STARTTLS is active, EXTERNAL will be added to this list. 6493In that case, the value of {cert_subject} is used as authentication id. 6494.ip AuthOptions 6495[no short name] 6496List of options for SMTP AUTH consisting of single characters 6497with intervening white space or commas. 6498.(b 6499.ta 4n 6500A Use the AUTH= parameter for the MAIL FROM 6501* command only when authentication succeeded. 6502 This can be used as a workaround for broken 6503 MTAs that do not implement RFC 2554 correctly. 6504a protection from active (non-dictionary) attacks 6505 during authentication exchange. 6506c require mechanisms which pass client credentials, 6507 and allow mechanisms which can pass credentials 6508 to do so. 6509d don't permit mechanisms susceptible to passive 6510 dictionary attack. 6511f require forward secrecy between sessions 6512 (breaking one won't help break next). 6513m require mechanisms which provide mutual authentication 6514 (only available if using Cyrus SASL v2 or later). 6515p don't permit mechanisms susceptible to simple 6516 passive attack (e.g., PLAIN, LOGIN), unless a 6517 security layer is active. 6518y don't permit mechanisms that allow anonymous login. 6519.)b 6520The first option applies to sendmail as a client, the others to a server. 6521Example: 6522.(b 6523O AuthOptions=p,y 6524.)b 6525would disallow ANONYMOUS as AUTH mechanism and would 6526allow PLAIN and LOGIN only if a security layer (e.g., 6527provided by STARTTLS) is already active. 6528The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the 6529selected SASL mechanisms. 6530Explanations of these properties can be found in the Cyrus SASL documentation. 6531.ip AuthRealm 6532[no short name] 6533The authentication realm that is passed to the Cyrus SASL library. 6534If no realm is specified, 6535.b $j 6536is used. 6537.ip BadRcptThrottle=\fIN\fP 6538[no short name] 6539If set and the specified number of recipients in a single SMTP 6540transaction have been rejected, sleep for one second after each subsequent 6541RCPT command in that transaction. 6542.ip BlankSub=\fIc\fP 6543[B] 6544Set the blank substitution character to 6545.i c . 6546Unquoted spaces in addresses are replaced by this character. 6547Defaults to space (i.e., no change is made). 6548.ip CACertPath 6549[no short name] 6550Path to directory with certificates of CAs. 6551This directory directory must contain the hashes of each CA certificate 6552as filenames (or as links to them). 6553.ip CACertFile 6554[no short name] 6555File containing one or more CA certificates; 6556see section about STARTTLS for more information. 6557.ip CheckAliases 6558[n] 6559Validate the RHS of aliases when rebuilding the alias database. 6560.ip CheckpointInterval=\fIN\fP 6561[C] 6562Checkpoints the queue every 6563.i N 6564(default 10) 6565addresses sent. 6566If your system crashes during delivery to a large list, 6567this prevents retransmission to any but the last 6568.i N 6569recipients. 6570.ip ClassFactor=\fIfact\fP 6571[z] 6572The indicated 6573.i fact or 6574is multiplied by the message class 6575(determined by the Precedence: field in the user header 6576and the 6577.b P 6578lines in the configuration file) 6579and subtracted from the priority. 6580Thus, messages with a higher Priority: will be favored. 6581Defaults to 1800. 6582.ip ClientCertFile 6583[no short name] 6584File containing the certificate of the client, i.e., this certificate 6585is used when 6586.i sendmail 6587acts as client (for STARTTLS). 6588.ip ClientKeyFile 6589[no short name] 6590File containing the private key belonging to the client certificate 6591(for STARTTLS if 6592.i sendmail 6593runs as client). 6594.ip ClientPortOptions=\fIoptions\fP 6595[O] 6596Set client SMTP options. 6597The options are 6598.i key=value 6599pairs separated by commas. 6600Known keys are: 6601.(b 6602.ta 1i 6603Port Name/number of source port for connection (defaults to any free port) 6604Addr Address mask (defaults INADDR_ANY) 6605Family Address family (defaults to INET) 6606SndBufSize Size of TCP send buffer 6607RcvBufSize Size of TCP receive buffer 6608Modifier Options (flags) for the client 6609.)b 6610The 6611.i Addr ess 6612mask may be a numeric address in dot notation 6613or a network name. 6614.i Modifier 6615can be the following character: 6616.(b 6617.ta 1i 6618h use name of interface for HELO command 6619A don't use AUTH when sending e-mail 6620S don't use STARTTLS when sending e-mail 6621.)b 6622If ``h'' is set, the name corresponding to the outgoing interface 6623address (whether chosen via the Connection parameter or 6624the default) is used for the HELO/EHLO command. 6625However, the name must not start with a square bracket 6626and it must contain at least one dot. 6627This is a simple test whether the name is not 6628an IP address (in square brackets) but a qualified hostname. 6629Note that multiple ClientPortOptions settings are allowed 6630in order to give settings for each protocol family 6631(e.g., one for Family=inet and one for Family=inet6). 6632A restriction placed on one family only affects 6633outgoing connections on that particular family. 6634.ip ColonOkInAddr 6635[no short name] 6636If set, colons are acceptable in e-mail addresses 6637(e.g., 6638.q host:user ). 6639If not set, colons indicate the beginning of a RFC 822 group construct 6640(\c 6641.q "groupname: member1, member2, ... memberN;" ). 6642Doubled colons are always acceptable 6643(\c 6644.q nodename::user ) 6645and proper route-addr nesting is understood 6646(\c 6647.q <@relay:user@host> ). 6648Furthermore, this option defaults on if the configuration version level 6649is less than 6 (for back compatibility). 6650However, it must be off for full compatibility with RFC 822. 6651.ip ConnectionCacheSize=\fIN\fP 6652[k] 6653The maximum number of open connections that will be cached at a time. 6654The default is one. 6655This delays closing the current connection until 6656either this invocation of 6657.i sendmail 6658needs to connect to another host 6659or it terminates. 6660Setting it to zero defaults to the old behavior, 6661that is, connections are closed immediately. 6662Since this consumes file descriptors, 6663the connection cache should be kept small: 66644 is probably a practical maximum. 6665.ip ConnectionCacheTimeout=\fItimeout\fP 6666[K] 6667The maximum amount of time a cached connection will be permitted to idle 6668without activity. 6669If this time is exceeded, 6670the connection is immediately closed. 6671This value should be small (on the order of ten minutes). 6672Before 6673.i sendmail 6674uses a cached connection, 6675it always sends a RSET command 6676to check the connection; 6677if this fails, it reopens the connection. 6678This keeps your end from failing if the other end times out. 6679The point of this option is to be a good network neighbor 6680and avoid using up excessive resources 6681on the other end. 6682The default is five minutes. 6683.ip ConnectOnlyTo=\fIaddress\fP 6684[no short name] 6685This can be used to 6686override the connection address (for testing purposes). 6687.ip ConnectionRateThrottle=\fIN\fP 6688[no short name] 6689If set to a positive value, 6690allow no more than 6691.i N 6692incoming connections in a one second period per daemon. 6693This is intended to flatten out peaks 6694and allow the load average checking to cut in. 6695Defaults to zero (no limits). 6696.ip ConnectionRateWindowSize=\fIN\fP 6697[no short name] 6698Define the length of the interval for which 6699the number of incoming connections is maintained. 6700The default is 60 seconds. 6701.ip ControlSocketName=\fIname\fP 6702[no short name] 6703Name of the control socket for daemon management. 6704A running 6705.i sendmail 6706daemon can be controlled through this named socket. 6707Available commands are: 6708.i help, 6709.i mstat, 6710.i restart, 6711.i shutdown, 6712and 6713.i status. 6714The 6715.i status 6716command returns the current number of daemon children, 6717the maximum number of daemon children, 6718the free disk space (in blocks) of the queue directory, 6719and the load average of the machine expressed as an integer. 6720If not set, no control socket will be available. 6721Solaris and pre-4.4BSD kernel users should see the note in sendmail/README . 6722.ip CRLFile=\fIname\fP 6723[no short name] 6724Name of file that contains certificate 6725revocation status, useful for X.509v3 authentication. 6726CRL checking requires at least OpenSSL version 0.9.7. 6727Note: if a CRLFile is specified but the file is unusable, 6728STARTTLS is disabled. 6729.ip DHParameters 6730Possible values are: 6731.(b 6732.ta 1i 67335 use 512 bit prime 67341 use 1024 bit prime 6735none do not use Diffie-Hellman 6736NAME load prime from file 6737.)b 6738This is only required if a ciphersuite containing DSA/DH is used. 6739If ``5'' is selected, then precomputed, fixed primes are used. 6740This is the default for the client side. 6741If ``1'' is selected, then prime values are computed during startup. 6742This is the default for the server side. 6743Note: this operation can take a significant amount of time on a 6744slow machine (several seconds), but it is only done once at startup. 6745If ``none'' is selected, then TLS ciphersuites containing DSA/DH 6746cannot be used. 6747If a file name is specified (which must be an absolute path), 6748then the primes are read from it. 6749.ip DaemonPortOptions=\fIoptions\fP 6750[O] 6751Set server SMTP options. 6752Each instance of 6753.b DaemonPortOptions 6754leads to an additional incoming socket. 6755The options are 6756.i key=value 6757pairs. 6758Known keys are: 6759.(b 6760.ta 1i 6761Name User-definable name for the daemon (defaults to "Daemon#") 6762Port Name/number of listening port (defaults to "smtp") 6763Addr Address mask (defaults INADDR_ANY) 6764Family Address family (defaults to INET) 6765InputMailFilters List of input mail filters for the daemon 6766Listen Size of listen queue (defaults to 10) 6767Modifier Options (flags) for the daemon 6768SndBufSize Size of TCP send buffer 6769RcvBufSize Size of TCP receive buffer 6770children maximum number of children per daemon, see \fBMaxDaemonChildren\fP. 6771DeliveryMode Delivery mode per daemon, see \fBDeliveryMode\fP. 6772refuseLA RefuseLA per daemon 6773delayLA DelayLA per daemon 6774queueLA QueueLA per daemon 6775.)b 6776The 6777.i Name 6778key is used for error messages and logging. 6779The 6780.i Addr ess 6781mask may be a numeric address in dot notation 6782or a network name. 6783The 6784.i Family 6785key defaults to INET (IPv4). 6786IPv6 users who wish to also accept IPv6 connections 6787should add additional Family=inet6 6788.b DaemonPortOptions 6789lines. 6790The 6791.i InputMailFilters 6792key overrides the default list of input mail filters listed in the 6793.b InputMailFilters 6794option. 6795If multiple input mail filters are required, they must be separated 6796by semicolons (not commas). 6797.i Modifier 6798can be a sequence (without any delimiters) 6799of the following characters: 6800.(b 6801.ta 1i 6802a always require authentication 6803b bind to interface through which mail has been received 6804c perform hostname canonification (.cf) 6805f require fully qualified hostname (.cf) 6806s Run smtps (SMTP over SSL) instead of smtp 6807u allow unqualified addresses (.cf) 6808A disable AUTH (overrides 'a' modifier) 6809C don't perform hostname canonification 6810E disallow ETRN (see RFC 2476) 6811O optional; if opening the socket fails ignore it 6812S don't offer STARTTLS 6813.)b 6814That is, one way to specify a message submission agent (MSA) that 6815always requires authentication is: 6816.(b 6817O DaemonPortOptions=Name=MSA, Port=587, M=Ea 6818.)b 6819The modifiers that are marked with "(.cf)" have only 6820effect in the standard configuration file, in which 6821they are available via 6822.b ${daemon_flags} . 6823Notice: Do 6824.b not 6825use the ``a'' modifier on a public accessible MTA! 6826It should only be used for a MSA that is accessed by authorized 6827users for initial mail submission. 6828Users must authenticate to use a MSA which has this option turned on. 6829The flags ``c'' and ``C'' can change the default for 6830hostname canonification in the 6831.i sendmail.cf 6832file. 6833See the relevant documentation for 6834.sm FEATURE(nocanonify) . 6835The modifier ``f'' disallows addresses of the form 6836.b user@host 6837unless they are submitted directly. 6838The flag ``u'' allows unqualified sender addresses, 6839i.e., those without @host. 6840``b'' forces sendmail to bind to the interface 6841through which the e-mail has been 6842received for the outgoing connection. 6843.b WARNING: 6844Use ``b'' 6845only if outgoing mail can be routed through the incoming connection's 6846interface to its destination. No attempt is made to catch problems due to a 6847misconfiguration of this parameter, use it only for virtual hosting 6848where each virtual interface can connect to every possible location. 6849This will also override possible settings via 6850.b ClientPortOptions. 6851Note, 6852.i sendmail 6853will listen on a new socket 6854for each occurence of the 6855.b DaemonPortOptions 6856option in a configuration file. 6857The modifier ``O'' causes sendmail to ignore a socket 6858if it can't be opened. 6859This applies to failures from the socket(2) and bind(2) calls. 6860.ip DefaultAuthInfo 6861[no short name] 6862Filename that contains default authentication information for outgoing 6863connections. This file must contain the user id, the authorization id, 6864the password (plain text), the realm and the list of mechanisms to use 6865on separate lines and must be readable by 6866root (or the trusted user) only. 6867If no realm is specified, 6868.b $j 6869is used. 6870If no mechanisms are specified, the list given by 6871.b AuthMechanisms 6872is used. 6873Notice: this option is deprecated and will be removed in future versions. 6874Moreover, it doesn't work for the MSP since it can't read the file 6875(the file must not be group/world-readable otherwise 6876.i sendmail 6877will complain). 6878Use the authinfo ruleset instead which provides more control over 6879the usage of the data anyway. 6880.ip DefaultCharSet=\fIcharset\fP 6881[no short name] 6882When a message that has 8-bit characters but is not in MIME format 6883is converted to MIME 6884(see the EightBitMode option) 6885a character set must be included in the Content-Type: header. 6886This character set is normally set from the Charset= field 6887of the mailer descriptor. 6888If that is not set, the value of this option is used. 6889If this option is not set, the value 6890.q unknown-8bit 6891is used. 6892.ip DataFileBufferSize=\fIthreshold\fP 6893[no short name] 6894Set the 6895.i threshold , 6896in bytes, 6897before a memory-based 6898queue data file 6899becomes disk-based. 6900The default is 4096 bytes. 6901.ip DeadLetterDrop=\fIfile\fP 6902[no short name] 6903Defines the location of the system-wide dead.letter file, 6904formerly hardcoded to /usr/tmp/dead.letter. 6905If this option is not set (the default), 6906sendmail will not attempt to save to a system-wide dead.letter file 6907in the event 6908it cannot bounce the mail to the user or postmaster. 6909Instead, it will rename the qf file 6910as it has in the past 6911when the dead.letter file could not be opened. 6912.ip DefaultUser=\fIuser:group\fP 6913[u] 6914Set the default userid for mailers to 6915.i user:group . 6916If 6917.i group 6918is omitted and 6919.i user 6920is a user name 6921(as opposed to a numeric user id) 6922the default group listed in the /etc/passwd file for that user is used 6923as the default group. 6924Both 6925.i user 6926and 6927.i group 6928may be numeric. 6929Mailers without the 6930.i S 6931flag in the mailer definition 6932will run as this user. 6933Defaults to 1:1. 6934The value can also be given as a symbolic user name.\** 6935.(f 6936\*The old 6937.b g 6938option has been combined into the 6939.b DefaultUser 6940option. 6941.)f 6942.ip DelayLA=\fILA\fP 6943[no short name] 6944When the system load average exceeds 6945.i LA , 6946.i sendmail 6947will sleep for one second on most SMTP commands and 6948before accepting connections. 6949.ip DeliverByMin=\fItime\fP 6950[0] 6951Set minimum time for Deliver By SMTP Service Extension (RFC 2852). 6952If 0, no time is listed, if less than 0, the extension is not offered, 6953if greater than 0, it is listed as minimum time 6954for the EHLO keyword DELIVERBY. 6955.ip DeliveryMode=\fIx\fP 6956[d] 6957Deliver in mode 6958.i x . 6959Legal modes are: 6960.(b 6961.ta 4n 6962i Deliver interactively (synchronously) 6963b Deliver in background (asynchronously) 6964q Just queue the message (deliver during queue run) 6965d Defer delivery and all map lookups (deliver during queue run) 6966.)b 6967Defaults to ``b'' if no option is specified, 6968``i'' if it is specified but given no argument 6969(i.e., ``Od'' is equivalent to ``Odi''). 6970The 6971.b \-v 6972command line flag sets this to 6973.b i . 6974Note: for internal reasons, 6975``i'' does not work 6976if a milter is enabled which can reject or delete recipients. 6977In that case the mode will be changed to ``b''. 6978.ip DialDelay=\fIsleeptime\fP 6979[no short name] 6980Dial-on-demand network connections can see timeouts 6981if a connection is opened before the call is set up. 6982If this is set to an interval and a connection times out 6983on the first connection being attempted 6984.i sendmail 6985will sleep for this amount of time and try again. 6986This should give your system time to establish the connection 6987to your service provider. 6988Units default to seconds, so 6989.q DialDelay=5 6990uses a five second delay. 6991Defaults to zero 6992(no retry). 6993This delay only applies to mailers which have the 6994Z flag set. 6995.ip DirectSubmissionModifiers=\fImodifiers\fP 6996Defines 6997.b ${daemon_flags} 6998for direct (command line) submissions. 6999If not set, 7000.b ${daemon_flags} 7001is either "CC f" if the option 7002.b \-G 7003is used or "c u" otherwise. 7004Note that only the the "CC", "c", "f", and "u" flags are checked. 7005.ip DontBlameSendmail=\fIoption,option,...\fP 7006[no short name] 7007In order to avoid possible cracking attempts 7008caused by world- and group-writable files and directories, 7009.i sendmail 7010does paranoid checking when opening most of its support files. 7011If for some reason you absolutely must run with, 7012for example, 7013a group-writable 7014.i /etc 7015directory, 7016then you will have to turn off this checking 7017(at the cost of making your system more vulnerable to attack). 7018The possible arguments have been described earlier. 7019The details of these flags are described above. 7020.\"XXX should have more here!!! XXX 7021.b "Use of this option is not recommended." 7022.ip DontExpandCnames 7023[no short name] 7024The standards say that all host addresses used in a mail message 7025must be fully canonical. 7026For example, if your host is named 7027.q Cruft.Foo.ORG 7028and also has an alias of 7029.q FTP.Foo.ORG , 7030the former name must be used at all times. 7031This is enforced during host name canonification 7032($[ ... $] lookups). 7033If this option is set, the protocols are ignored and the 7034.q wrong 7035thing is done. 7036However, the IETF is moving toward changing this standard, 7037so the behavior may become acceptable. 7038Please note that hosts downstream may still rewrite the address 7039to be the true canonical name however. 7040.ip DontInitGroups 7041[no short name] 7042If set, 7043.i sendmail 7044will avoid using the initgroups(3) call. 7045If you are running NIS, 7046this causes a sequential scan of the groups.byname map, 7047which can cause your NIS server to be badly overloaded in a large domain. 7048The cost of this is that the only group found for users 7049will be their primary group (the one in the password file), 7050which will make file access permissions somewhat more restrictive. 7051Has no effect on systems that don't have group lists. 7052.ip DontProbeInterfaces 7053[no short name] 7054.i Sendmail 7055normally finds the names of all interfaces active on your machine 7056when it starts up 7057and adds their name to the 7058.b $=w 7059class of known host aliases. 7060If you have a large number of virtual interfaces 7061or if your DNS inverse lookups are slow 7062this can be time consuming. 7063This option turns off that probing. 7064However, you will need to be certain to include all variant names 7065in the 7066.b $=w 7067class by some other mechanism. 7068If set to 7069.b loopback , 7070loopback interfaces (e.g., lo0) will not be probed. 7071.ip DontPruneRoutes 7072[R] 7073Normally, 7074.i sendmail 7075tries to eliminate any unnecessary explicit routes 7076when sending an error message 7077(as discussed in RFC 1123 \(sc 5.2.6). 7078For example, 7079when sending an error message to 7080.(b 7081<@known1,@known2,@known3:user@unknown> 7082.)b 7083.i sendmail 7084will strip off the 7085.q @known1,@known2 7086in order to make the route as direct as possible. 7087However, if the 7088.b R 7089option is set, this will be disabled, 7090and the mail will be sent to the first address in the route, 7091even if later addresses are known. 7092This may be useful if you are caught behind a firewall. 7093.ip DoubleBounceAddress=\fIerror-address\fP 7094[no short name] 7095If an error occurs when sending an error message, 7096send the error report 7097(termed a 7098.q "double bounce" 7099because it is an error 7100.q bounce 7101that occurs when trying to send another error 7102.q bounce ) 7103to the indicated address. 7104The address is macro expanded 7105at the time of delivery. 7106If not set, defaults to 7107.q postmaster . 7108If set to an empty string, double bounces are dropped. 7109.ip EightBitMode=\fIaction\fP 7110[8] 7111Set handling of eight-bit data. 7112There are two kinds of eight-bit data: 7113that declared as such using the 7114.b BODY=8BITMIME 7115ESMTP declaration or the 7116.b \-B8BITMIME 7117command line flag, 7118and undeclared 8-bit data, that is, 7119input that just happens to be eight bits. 7120There are three basic operations that can happen: 7121undeclared 8-bit data can be automatically converted to 8BITMIME, 7122undeclared 8-bit data can be passed as-is without conversion to MIME 7123(``just send 8''), 7124and declared 8-bit data can be converted to 7-bits 7125for transmission to a non-8BITMIME mailer. 7126The possible 7127.i action s 7128are: 7129.(b 7130.\" r Reject undeclared 8-bit data; 7131.\" don't convert 8BITMIME\(->7BIT (``reject'') 7132* s Reject undeclared 8-bit data (``strict'') 7133.\" do convert 8BITMIME\(->7BIT (``strict'') 7134.\" c Convert undeclared 8-bit data to MIME; 7135.\" don't convert 8BITMIME\(->7BIT (``convert'') 7136 m Convert undeclared 8-bit data to MIME (``mime'') 7137.\" do convert 8BITMIME\(->7BIT (``mime'') 7138.\" j Pass undeclared 8-bit data; 7139.\" don't convert 8BITMIME\(->7BIT (``just send 8'') 7140 p Pass undeclared 8-bit data (``pass'') 7141.\" do convert 8BITMIME\(->7BIT (``pass'') 7142.\" a Adaptive algorithm: see below 7143.)b 7144.\"The adaptive algorithm is to accept 8-bit data, 7145.\"converting it to 8BITMIME only if the receiver understands that, 7146.\"otherwise just passing it as undeclared 8-bit data; 7147.\"8BITMIME\(->7BIT conversions are done. 7148In all cases properly declared 8BITMIME data will be converted to 7BIT 7149as needed. 7150.ip ErrorHeader=\fIfile-or-message\fP 7151[E] 7152Prepend error messages with the indicated message. 7153If it begins with a slash, 7154it is assumed to be the pathname of a file 7155containing a message (this is the recommended setting). 7156Otherwise, it is a literal message. 7157The error file might contain the name, email address, and/or phone number 7158of a local postmaster who could provide assistance 7159to end users. 7160If the option is missing or null, 7161or if it names a file which does not exist or which is not readable, 7162no message is printed. 7163.ip ErrorMode=\fIx\fP 7164[e] 7165Dispose of errors using mode 7166.i x . 7167The values for 7168.i x 7169are: 7170.(b 7171p Print error messages (default) 7172q No messages, just give exit status 7173m Mail back errors 7174w Write back errors (mail if user not logged in) 7175e Mail back errors (when applicable) and give zero exit stat always 7176.)b 7177Note that the last mode, 7178.q e , 7179is for Berknet error processing and 7180should not be used in normal circumstances. 7181Note, too, that mode 7182.q q , 7183only applies to errors recognized before sendmail forks for 7184background delivery. 7185.ip FallbackMXhost=\fIfallbackhost\fP 7186[V] 7187If specified, the 7188.i fallbackhost 7189acts like a very low priority MX 7190on every host. 7191MX records will be looked up for this host, 7192unless the name is surrounded by square brackets. 7193This is intended to be used by sites with poor network connectivity. 7194Messages which are undeliverable due to temporary address failures 7195(e.g., DNS failure) 7196also go to the FallbackMXhost. 7197.ip FallBackSmartHost=\fIhostname\fP 7198If specified, the 7199.i FallBackSmartHost 7200will be used in a last-ditch effort for each host. 7201This is intended to be used by sites with "fake internal DNS", 7202e.g., a company whose DNS accurately reflects the world 7203inside that company's domain but not outside. 7204.ip FastSplit 7205[no short name] 7206If set to a value greater than zero (the default is one), 7207it suppresses the MX lookups on addresses 7208when they are initially sorted, i.e., for the first delivery attempt. 7209This usually results in faster envelope splitting unless the MX records 7210are readily available in a local DNS cache. 7211To enforce initial sorting based on MX records set 7212.b FastSplit 7213to zero. 7214If the mail is submitted directly from the command line, then 7215the value also limits the number of processes to deliver the envelopes; 7216if more envelopes are created they are only queued up 7217and must be taken care of by a queue run. 7218Since the default submission method is via SMTP (either from a MUA 7219or via the MSP), the value of 7220.b FastSplit 7221is seldom used to limit the number of processes to deliver the envelopes. 7222.ip ForkEachJob 7223[Y] 7224If set, 7225deliver each job that is run from the queue in a separate process. 7226.ip ForwardPath=\fIpath\fP 7227[J] 7228Set the path for searching for users' .forward files. 7229The default is 7230.q $z/.forward . 7231Some sites that use the automounter may prefer to change this to 7232.q /var/forward/$u 7233to search a file with the same name as the user in a system directory. 7234It can also be set to a sequence of paths separated by colons; 7235.i sendmail 7236stops at the first file it can successfully and safely open. 7237For example, 7238.q /var/forward/$u:$z/.forward 7239will search first in /var/forward/\c 7240.i username 7241and then in 7242.i ~username /.forward 7243(but only if the first file does not exist). 7244.ip HeloName=\fIname\fP 7245[no short name] 7246Set the name to be used for HELO/EHLO (instead of $j). 7247.ip HoldExpensive 7248[c] 7249If an outgoing mailer is marked as being expensive, 7250don't connect immediately. 7251.ip HostsFile=\fIpath\fP 7252[no short name] 7253The path to the hosts database, 7254normally 7255.q /etc/hosts . 7256This option is only consulted when sendmail 7257is canonifying addresses, 7258and then only when 7259.q files 7260is in the 7261.q hosts 7262service switch entry. 7263In particular, this file is 7264.i never 7265used when looking up host addresses; 7266that is under the control of the system 7267.i gethostbyname (3) 7268routine. 7269.ip HostStatusDirectory=\fIpath\fP 7270[no short name] 7271The location of the long term host status information. 7272When set, 7273information about the status of hosts 7274(e.g., host down or not accepting connections) 7275will be shared between all 7276.i sendmail 7277processes; 7278normally, this information is only held within a single queue run. 7279This option requires a connection cache of at least 1 to function. 7280If the option begins with a leading `/', 7281it is an absolute pathname; 7282otherwise, 7283it is relative to the mail queue directory. 7284A suggested value for sites desiring persistent host status is 7285.q \&.hoststat 7286(i.e., a subdirectory of the queue directory). 7287.ip IgnoreDots 7288[i] 7289Ignore dots in incoming messages. 7290This is always disabled (that is, dots are always accepted) 7291when reading SMTP mail. 7292.ip InputMailFilters=\fIname,name,...\fP 7293A comma separated list of filters which determines which filters 7294(see the "X \- Mail Filter (Milter) Definitions" section) 7295and the invocation sequence are contacted for incoming SMTP messages. 7296If none are set, no filters will be contacted. 7297.ip LDAPDefaultSpec=\fIspec\fP 7298[no short name] 7299Sets a default map specification for LDAP maps. 7300The value should only contain LDAP specific settings 7301such as 7302.q "-h host -p port -d bindDN" . 7303The settings will be used for all LDAP maps 7304unless the individual map specification overrides a setting. 7305This option should be set before any LDAP maps are defined. 7306.ip LogLevel=\fIn\fP 7307[L] 7308Set the log level to 7309.i n . 7310Defaults to 9. 7311.ip M\fIx\\|value\fP 7312[no long version] 7313Set the macro 7314.i x 7315to 7316.i value . 7317This is intended only for use from the command line. 7318The 7319.b \-M 7320flag is preferred. 7321.ip MailboxDatabase 7322[no short name] 7323Type of lookup to find information about local mailboxes, 7324defaults to ``pw'' which uses 7325.i getpwnam . 7326Other types can be introduced by adding them to the source code, 7327see libsm/mbdb.c for details. 7328.ip UseMSP 7329[no short name] 7330Use as mail submission program, i.e., 7331allow group writable queue files 7332if the group is the same as that of a set-group-ID sendmail binary. 7333See the file 7334.b sendmail/SECURITY 7335in the distribution tarball. 7336.ip MatchGECOS 7337[G] 7338Allow fuzzy matching on the GECOS field. 7339If this flag is set, 7340and the usual user name lookups fail 7341(that is, there is no alias with this name and a 7342.i getpwnam 7343fails), 7344sequentially search the password file 7345for a matching entry in the GECOS field. 7346This also requires that MATCHGECOS 7347be turned on during compilation. 7348This option is not recommended. 7349.ip MaxAliasRecursion=\fIN\fP 7350[no short name] 7351The maximum depth of alias recursion (default: 10). 7352.ip MaxDaemonChildren=\fIN\fP 7353[no short name] 7354If set, 7355.i sendmail 7356will refuse connections when it has more than 7357.i N 7358children processing incoming mail or automatic queue runs. 7359This does not limit the number of outgoing connections. 7360If the default 7361.b DeliveryMode 7362(background) is used, then 7363.i sendmail 7364may create an almost unlimited number of children 7365(depending on the number of transactions and the 7366relative execution times of mail receiption and mail delivery). 7367If the limit should be enforced, then a 7368.b DeliveryMode 7369other than background must be used. 7370If not set, there is no limit to the number of children -- 7371that is, the system load average controls this. 7372.ip MaxHeadersLength=\fIN\fP 7373[no short name] 7374The maximum length of the sum of all headers. 7375This can be used to prevent a denial of service attack. 7376The default is no limit. 7377.ip MaxHopCount=\fIN\fP 7378[h] 7379The maximum hop count. 7380Messages that have been processed more than 7381.i N 7382times are assumed to be in a loop and are rejected. 7383Defaults to 25. 7384.ip MaxMessageSize=\fIN\fP 7385[no short name] 7386Specify the maximum message size 7387to be advertised in the ESMTP EHLO response. 7388Messages larger than this will be rejected. 7389If set to a value greater than zero, 7390that value will be listed in the SIZE response, 7391otherwise SIZE is advertised in the ESMTP EHLO response 7392without a parameter. 7393.ip MaxMimeHeaderLength=\fIN[/M]\fP 7394[no short name] 7395Sets the maximum length of certain MIME header field values to 7396.i N 7397characters. 7398These MIME header fields are determined by being a member of 7399class {checkMIMETextHeaders}, which currently contains only 7400the header Content-Description. 7401For some of these headers which take parameters, 7402the maximum length of each parameter is set to 7403.i M 7404if specified. If 7405.i /M 7406is not specified, one half of 7407.i N 7408will be used. 7409By default, 7410these values are 2048 and 1024, respectively. 7411To allow any length, a value of 0 can be specified. 7412.ip MaxNOOPCommands=\fIN\fP 7413Override the default of 7414.b MAXNOOPCOMMANDS 7415for the number of 7416.i useless 7417commands, see Section 7418"Measures against Denial of Service Attacks". 7419.ip MaxQueueChildren=\fIN\fP 7420[no short name] 7421When set, this limits the number of concurrent queue runner processes to 7422.i N. 7423This helps to control the amount of system resources used when processing 7424the queue. When there are multiple queue groups defined and the total number 7425of queue runners for these queue groups would exceed 7426.i MaxQueueChildren 7427then the queue groups will not all run concurrently. That is, some portion 7428of the queue groups will run concurrently such that 7429.i MaxQueueChildren 7430will not be exceeded, while the remaining queue groups will be run later (in 7431round robin order). See also 7432.i MaxRunnersPerQueue 7433and the section \fBQueue Group Declaration\fP. 7434Notice: 7435.i sendmail 7436does not count individual queue runners, but only sets of processes 7437that act on a workgroup. 7438Hence the actual number of queue runners may be lower than the limit 7439imposed by 7440.i MaxQueueChildren . 7441This discrepancy can be large if some queue runners have to wait 7442for a slow server and if short intervals are used. 7443.ip MaxQueueRunSize=\fIN\fP 7444[no short name] 7445The maximum number of jobs that will be processed 7446in a single queue run. 7447If not set, there is no limit on the size. 7448If you have very large queues or a very short queue run interval 7449this could be unstable. 7450However, since the first 7451.i N 7452jobs in queue directory order are run (rather than the 7453.i N 7454highest priority jobs) 7455this should be set as high as possible to avoid 7456.q losing 7457jobs that happen to fall late in the queue directory. 7458Note: this option also restricts the number of entries printed by 7459.i mailq . 7460That is, if 7461.i MaxQueueRunSize 7462is set to a value 7463.b N 7464larger than zero, 7465then only 7466.b N 7467entries are printed per queue group. 7468.ip MaxRecipientsPerMessage=\fIN\fP 7469[no short name] 7470The maximum number of recipients that will be accepted per message 7471in an SMTP transaction. 7472Note: setting this too low can interfere with sending mail from 7473MUAs that use SMTP for initial submission. 7474If not set, there is no limit on the number of recipients per envelope. 7475.ip MaxRunnersPerQueue=\fIN\fP 7476[no short name] 7477This sets the default maximum number of queue runners for queue groups. 7478Up to 7479.i N 7480queue runners will work in parallel on a queue group's messages. 7481This is useful where the processing of a message in the queue might 7482delay the processing of subsequent messages. Such a delay may be the result 7483of non-erroneous situations such as a low bandwidth connection. 7484May be overridden on a per queue group basis by setting the 7485.i Runners 7486option; see the section \fBQueue Group Declaration\fP. 7487The default is 1 when not set. 7488.ip MeToo 7489[m] 7490Send to me too, 7491even if I am in an alias expansion. 7492This option is deprecated 7493and will be removed from a future version. 7494.ip Milter 7495[no short name] 7496This option has several sub(sub)options. 7497The names of the suboptions are separated by dots. 7498At the first level the following options are available: 7499.(b 7500.ta \w'LogLevel'u+3n 7501LogLevel Log level for input mail filter actions, defaults to LogLevel. 7502macros Specifies list of macro to transmit to filters. 7503* See list below. 7504.)b 7505The ``macros'' option has the following suboptions 7506which specify the list of macro to transmit to milters 7507after a certain event occurred. 7508.(b 7509.ta \w'envfrom'u+3n 7510connect After session connection start 7511helo After EHLO/HELO command 7512envfrom After MAIL From command 7513envrcpt After RCPT To command 7514data After DATA command. 7515eoh After DATA command and header 7516eom After DATA command and terminating ``.'' 7517.)b 7518By default the lists of macros are empty. 7519Example: 7520.(b 7521O Milter.LogLevel=12 7522O Milter.macros.connect=j, _, {daemon_name} 7523.)b 7524.ip MinFreeBlocks=\fIN\fP 7525[b] 7526Insist on at least 7527.i N 7528blocks free on the filesystem that holds the queue files 7529before accepting email via SMTP. 7530If there is insufficient space 7531.i sendmail 7532gives a 452 response 7533to the MAIL command. 7534This invites the sender to try again later. 7535.ip MinQueueAge=\fIage\fP 7536[no short name] 7537Don't process any queued jobs 7538that have been in the queue less than the indicated time interval. 7539This is intended to allow you to get responsiveness 7540by processing the queue fairly frequently 7541without thrashing your system by trying jobs too often. 7542The default units are minutes.
	7543Note: 7544This option is ignored for queue runs that select a subset 7545of the queue, i.e., 7546.q \-q[!][I\|R\|S\|Q][string]
7543.ip MustQuoteChars=\fIs\fP 7544[no short name] 7545Sets the list of characters that must be quoted if used in a full name 7546that is in the phrase part of a ``phrase <address>'' syntax. 7547The default is ``\'.''. 7548The characters ``@,;:\e()[]'' are always added to this list. 7549.ip NiceQueueRun 7550[no short name] 7551The priority of queue runners (nice(3)). 7552This value must be greater or equal zero. 7553.ip NoRecipientAction 7554[no short name] 7555The action to take when you receive a message that has no valid 7556recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em 7557the last included for back compatibility with old 7558.i sendmail s). 7559It can be 7560.b None 7561to pass the message on unmodified, 7562which violates the protocol, 7563.b Add-To 7564to add a To: header with any recipients it can find in the envelope 7565(which might expose Bcc: recipients), 7566.b Add-Apparently-To 7567to add an Apparently-To: header 7568(this is only for back-compatibility 7569and is officially deprecated), 7570.b Add-To-Undisclosed 7571to add a header 7572.q "To: undisclosed-recipients:;" 7573to make the header legal without disclosing anything, 7574or 7575.b Add-Bcc 7576to add an empty Bcc: header. 7577.ip OldStyleHeaders 7578[o] 7579Assume that the headers may be in old format, 7580i.e., 7581spaces delimit names. 7582This actually turns on 7583an adaptive algorithm: 7584if any recipient address contains a comma, parenthesis, 7585or angle bracket, 7586it will be assumed that commas already exist. 7587If this flag is not on, 7588only commas delimit names. 7589Headers are always output with commas between the names. 7590Defaults to off. 7591.ip OperatorChars=\fIcharlist\fP 7592[$o macro] 7593The list of characters that are considered to be 7594.q operators , 7595that is, characters that delimit tokens. 7596All operator characters are tokens by themselves; 7597sequences of non-operator characters are also tokens. 7598White space characters separate tokens 7599but are not tokens themselves \(em for example, 7600.q AAA.BBB 7601has three tokens, but 7602.q "AAA BBB" 7603has two. 7604If not set, OperatorChars defaults to 7605.q \&.\\|:\\|@\\|[\\|] ; 7606additionally, the characters 7607.q (\\|)\\|<\\|>\\|,\\|; 7608are always operators. 7609Note that OperatorChars must be set in the 7610configuration file before any rulesets. 7611.ip PidFile=\fIfilename\fP 7612[no short name] 7613Filename of the pid file. 7614(default is _PATH_SENDMAILPID). 7615The 7616.i filename 7617is macro-expanded before it is opened, and unlinked when 7618.i sendmail 7619exits. 7620.ip PostmasterCopy=\fIpostmaster\fP 7621[P] 7622If set, 7623copies of error messages will be sent to the named 7624.i postmaster . 7625Only the header of the failed message is sent. 7626Errors resulting from messages with a negative precedence will not be sent. 7627Since most errors are user problems, 7628this is probably not a good idea on large sites, 7629and arguably contains all sorts of privacy violations, 7630but it seems to be popular with certain operating systems vendors. 7631The address is macro expanded 7632at the time of delivery. 7633Defaults to no postmaster copies. 7634.ip PrivacyOptions=\fI\\|opt,opt,...\fP 7635[p] 7636Set the privacy 7637.i opt ions. 7638``Privacy'' is really a misnomer; 7639many of these are just a way of insisting on stricter adherence 7640to the SMTP protocol. 7641The 7642.i opt ions 7643can be selected from: 7644.(b 7645.ta \w'noactualrecipient'u+3n 7646public Allow open access 7647needmailhelo Insist on HELO or EHLO command before MAIL 7648needexpnhelo Insist on HELO or EHLO command before EXPN 7649noexpn Disallow EXPN entirely, implies noverb. 7650needvrfyhelo Insist on HELO or EHLO command before VRFY 7651novrfy Disallow VRFY entirely 7652noetrn Disallow ETRN entirely 7653noverb Disallow VERB entirely 7654restrictmailq Restrict mailq command 7655restrictqrun Restrict \-q command line flag 7656restrictexpand Restrict \-bv and \-v command line flags 7657noreceipts Don't return success DSNs\** 7658nobodyreturn Don't return the body of a message with DSNs 7659goaway Disallow essentially all SMTP status queries 7660authwarnings Put X-Authentication-Warning: headers in messages 7661 and log warnings 7662noactualrecipient Don't put X-Actual-Recipient lines in DSNs 7663 which reveal the actual account that addresses map to. 7664.)b 7665.(f 7666\*N.B.: 7667the 7668.b noreceipts 7669flag turns off support for RFC 1891 7670(Delivery Status Notification). 7671.)f 7672The 7673.q goaway 7674pseudo-flag sets all flags except 7675.q noreceipts , 7676.q restrictmailq , 7677.q restrictqrun , 7678.q restrictexpand , 7679.q noetrn , 7680and 7681.q nobodyreturn . 7682If mailq is restricted, 7683only people in the same group as the queue directory 7684can print the queue. 7685If queue runs are restricted, 7686only root and the owner of the queue directory 7687can run the queue. 7688The 7689.q restrictexpand 7690pseudo-flag instructs 7691.i sendmail 7692to drop privileges when the 7693.b \-bv 7694option is given by users who are neither root nor the TrustedUser 7695so users cannot read private aliases, forwards, or :include: files. 7696It will add the 7697.q NonRootSafeAddr 7698to the 7699.q DontBlameSendmail 7700option to prevent misleading unsafe address warnings. 7701It also overrides the 7702.b \-v 7703(verbose) command line option to prevent information leakage. 7704Authentication Warnings add warnings about various conditions 7705that may indicate attempts to spoof the mail system, 7706such as using a non-standard queue directory. 7707.ip ProcessTitlePrefix=\fIstring\fP 7708[no short name] 7709Prefix the process title shown on 'ps' listings with 7710.i string . 7711The 7712.i string 7713will be macro processed. 7714.ip QueueDirectory=\fIdir\fP 7715[Q] 7716The QueueDirectory option serves two purposes. 7717First, it specifies the directory or set of directories that comprise 7718the default queue group. 7719Second, it specifies the directory D which is the ancestor of all queue 7720directories, and which sendmail uses as its current working directory. 7721When sendmail dumps core, it leaves its core files in D. 7722There are two cases. 7723If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd\fR), 7724then all of the directories or symbolic links to directories 7725beginning with `qd' in 7726.i /var/spool/mqueue 7727will be used as queue directories of the default queue group, 7728and 7729.i /var/spool/mqueue 7730will be used as the working directory D. 7731Otherwise, 7732\fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR): 7733the default queue group consists of the single queue directory \fIdir\fR, 7734and the working directory D is set to \fIdir\fR. 7735To define additional groups of queue directories, 7736use the configuration file `Q' command. 7737Do not change the queue directory structure 7738while sendmail is running. 7739.ip QueueFactor=\fIfactor\fP 7740[q] 7741Use 7742.i factor 7743as the multiplier in the map function 7744to decide when to just queue up jobs rather than run them. 7745This value is divided by the difference between the current load average 7746and the load average limit 7747(\c 7748.b QueueLA 7749option) 7750to determine the maximum message priority 7751that will be sent. 7752Defaults to 600000. 7753.ip QueueLA=\fILA\fP 7754[x] 7755When the system load average exceeds 7756.i LA 7757and the 7758.b QueueFactor 7759(\c 7760.b q ) 7761option divided by the difference in the current load average and the 7762.b QueueLA 7763option plus one 7764is less than the priority of the message, 7765just queue messages 7766(i.e., don't try to send them). 7767Defaults to 8 multiplied by 7768the number of processors online on the system 7769(if that can be determined). 7770.ip QueueFileMode=\fImode\fP 7771[no short name] 7772Default permissions for queue files (octal). 7773If not set, sendmail uses 0600 unless its real 7774and effective uid are different in which case it uses 0644. 7775.ip QueueSortOrder=\fIalgorithm\fP 7776[no short name] 7777Sets the 7778.i algorithm 7779used for sorting the queue. 7780Only the first character of the value is used. 7781Legal values are 7782.q host 7783(to order by the name of the first host name of the first recipient), 7784.q filename 7785(to order by the name of the queue file name), 7786.q time 7787(to order by the submission/creation time), 7788.q random 7789(to order randomly), 7790.q modification 7791(to order by the modification time of the qf file (older entries first)), 7792.q none 7793(to not order), 7794and 7795.q priority 7796(to order by message priority). 7797Host ordering makes better use of the connection cache, 7798but may tend to process low priority messages 7799that go to a single host 7800over high priority messages that go to several hosts; 7801it probably shouldn't be used on slow network links. 7802Filename and modification time ordering saves the overhead of 7803reading all of the queued items 7804before starting the queue run. 7805Creation (submission) time ordering is almost always a bad idea, 7806since it allows large, bulk mail to go out 7807before smaller, personal mail, 7808but may have applicability on some hosts with very fast connections. 7809Random is useful if several queue runners are started by hand 7810which try to drain the same queue since odds are they will be working 7811on different parts of the queue at the same time. 7812Priority ordering is the default. 7813.ip QueueTimeout=\fItimeout\fP 7814[T] 7815A synonym for 7816.q Timeout.queuereturn . 7817Use that form instead of the 7818.q QueueTimeout 7819form. 7820.ip RandFile 7821[no short name] 7822Name of file containing random data or the name of the UNIX socket 7823if EGD is used. 7824A (required) prefix "egd:" or "file:" specifies the type. 7825STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set 7826(see sendmail/README). 7827.ip ResolverOptions=\fIoptions\fP 7828[I] 7829Set resolver options. 7830Values can be set using 7831.b + \c 7832.i flag 7833and cleared using 7834.b \- \c 7835.i flag ; 7836the 7837.i flag s 7838can be 7839.q debug , 7840.q aaonly , 7841.q usevc , 7842.q primary , 7843.q igntc , 7844.q recurse , 7845.q defnames , 7846.q stayopen , 7847.q use_inet6 , 7848or 7849.q dnsrch . 7850The string 7851.q HasWildcardMX 7852(without a 7853.b + 7854or 7855.b \- ) 7856can be specified to turn off matching against MX records 7857when doing name canonifications. 7858The string 7859.q WorkAroundBrokenAAAA 7860(without a 7861.b + 7862or 7863.b \- ) 7864can be specified to work around some broken nameservers 7865which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. 7866Notice: it might be necessary to apply the same (or similar) options to 7867.i submit.cf 7868too. 7869.ip RequiresDirfsync 7870[no short name] 7871This option can be used to override the compile time flag 7872.b REQUIRES_DIR_FSYNC 7873at runtime by setting it to 7874.sm false . 7875If the compile time flag is not set, the option is ignored. 7876The flag turns on support for file systems that require to call 7877.i fsync() 7878for a directory if the meta-data in it has been changed. 7879This should be turned on at least for older versions of ReiserFS; 7880it is enabled by default for Linux. 7881According to some information this flag is not needed 7882anymore for kernel 2.4.16 and newer. 7883.ip RrtImpliesDsn 7884[R] 7885If this option is set, a 7886.q Return-Receipt-To: 7887header causes the request of a DSN, which is sent to 7888the envelope sender as required by RFC 1891, 7889not to the address given in the header. 7890.ip RunAsUser=\fIuser\fP 7891[no short name] 7892The 7893.i user 7894parameter may be a user name 7895(looked up in 7896.i /etc/passwd ) 7897or a numeric user id; 7898either form can have 7899.q ":group" 7900attached 7901(where group can be numeric or symbolic). 7902If set to a non-zero (non-root) value, 7903.i sendmail 7904will change to this user id shortly after startup\*. 7905.(f 7906\When running as a daemon, 7907it changes to this user after accepting a connection 7908but before reading any 7909.sm SMTP 7910commands. 7911.)f 7912This avoids a certain class of security problems. 7913However, this means that all 7914.q \&.forward 7915and 7916.q :include: 7917files must be readable by the indicated 7918.i user 7919and all files to be written must be writable by 7920.i user 7921Also, all file and program deliveries will be marked unsafe 7922unless the option 7923.b DontBlameSendmail=NonRootSafeAddr 7924is set, 7925in which case the delivery will be done as 7926.i user . 7927It is also incompatible with the 7928.b SafeFileEnvironment 7929option. 7930In other words, it may not actually add much to security on an average system, 7931and may in fact detract from security 7932(because other file permissions must be loosened). 7933However, it should be useful on firewalls and other 7934places where users don't have accounts and the aliases file is 7935well constrained. 7936.ip RecipientFactor=\fIfact\fP 7937[y] 7938The indicated 7939.i fact or 7940is added to the priority (thus 7941.i lowering 7942the priority of the job) 7943for each recipient, 7944i.e., this value penalizes jobs with large numbers of recipients. 7945Defaults to 30000. 7946.ip RefuseLA=\fILA\fP 7947[X] 7948When the system load average exceeds 7949.i LA , 7950refuse incoming SMTP connections. 7951Defaults to 12 multiplied by 7952the number of processors online on the system 7953(if that can be determined). 7954.ip RejectLogInterval=\fItimeout\fP 7955[no short name] 7956Log interval when refusing connections for this long 7957(default: 3h). 7958.ip RetryFactor=\fIfact\fP 7959[Z] 7960The 7961.i fact or 7962is added to the priority 7963every time a job is processed. 7964Thus, 7965each time a job is processed, 7966its priority will be decreased by the indicated value. 7967In most environments this should be positive, 7968since hosts that are down are all too often down for a long time. 7969Defaults to 90000. 7970.ip SafeFileEnvironment=\fIdir\fP 7971[no short name] 7972If this option is set, 7973.i sendmail 7974will do a 7975.i chroot (2) 7976call into the indicated 7977.i dir ectory 7978before doing any file writes. 7979If the file name specified by the user begins with 7980.i dir , 7981that partial path name will be stripped off before writing, 7982so (for example) 7983if the SafeFileEnvironment variable is set to 7984.q /safe 7985then aliases of 7986.q /safe/logs/file 7987and 7988.q /logs/file 7989actually indicate the same file. 7990Additionally, if this option is set, 7991.i sendmail 7992refuses to deliver to symbolic links. 7993.ip SaveFromLine 7994[f] 7995Save 7996UNIX-style 7997.q From 7998lines at the front of headers. 7999Normally they are assumed redundant 8000and discarded. 8001.ip SendMimeErrors 8002[j] 8003If set, send error messages in MIME format 8004(see RFC 2045 and RFC 1344 for details). 8005If disabled, 8006.i sendmail 8007will not return the DSN keyword in response to an EHLO 8008and will not do Delivery Status Notification processing as described in 8009RFC 1891. 8010.ip ServerCertFile 8011[no short name] 8012File containing the certificate of the server, i.e., this certificate 8013is used when sendmail acts as server 8014(used for STARTTLS). 8015.ip ServerKeyFile 8016[no short name] 8017File containing the private key belonging to the server certificate 8018(used for STARTTLS). 8019.ip ServiceSwitchFile=\fIfilename\fP 8020[no short name] 8021If your host operating system has a service switch abstraction 8022(e.g., /etc/nsswitch.conf on Solaris 8023or /etc/svc.conf on Ultrix and DEC OSF/1) 8024that service will be consulted and this option is ignored. 8025Otherwise, this is the name of a file 8026that provides the list of methods used to implement particular services. 8027The syntax is a series of lines, 8028each of which is a sequence of words. 8029The first word is the service name, 8030and following words are service types. 8031The services that 8032.i sendmail 8033consults directly are 8034.q aliases 8035and 8036.q hosts. 8037Service types can be 8038.q dns , 8039.q nis , 8040.q nisplus , 8041or 8042.q files 8043(with the caveat that the appropriate support 8044must be compiled in 8045before the service can be referenced). 8046If ServiceSwitchFile is not specified, it defaults to 8047/etc/mail/service.switch. 8048If that file does not exist, the default switch is: 8049.(b 8050aliases files 8051hosts dns nis files 8052.)b 8053The default file is 8054.q /etc/mail/service.switch . 8055.ip SevenBitInput 8056[7] 8057Strip input to seven bits for compatibility with old systems. 8058This shouldn't be necessary. 8059.ip SharedMemoryKey 8060[no short name] 8061Key to use for shared memory segment; 8062if not set (or 0), shared memory will not be used. 8063If set to 8064-1 8065.i sendmail 8066can select a key itself provided that also 8067.b SharedMemoryKeyFile 8068is set. 8069Requires support for shared memory to be compiled into 8070.i sendmail . 8071If this option is set, 8072.i sendmail 8073can share some data between different instances. 8074For example, the number of entries in a queue directory 8075or the available space in a file system. 8076This allows for more efficient program execution, since only 8077one process needs to update the data instead of each individual 8078process gathering the data each time it is required. 8079.ip SharedMemoryKeyFile 8080[no short name] 8081If 8082.b SharedMemoryKey 8083is set to 8084-1 8085then the automatically selected shared memory key will be stored 8086in the specified file. 8087.ip SingleLineFromHeader 8088[no short name] 8089If set, From: lines that have embedded newlines are unwrapped 8090onto one line. 8091This is to get around a botch in Lotus Notes 8092that apparently cannot understand legally wrapped RFC 822 headers. 8093.ip SingleThreadDelivery 8094[no short name] 8095If set, a client machine will never try to open two SMTP connections 8096to a single server machine at the same time, 8097even in different processes. 8098That is, if another 8099.i sendmail 8100is already talking to some host a new 8101.i sendmail 8102will not open another connection. 8103This property is of mixed value; 8104although this reduces the load on the other machine, 8105it can cause mail to be delayed 8106(for example, if one 8107.i sendmail 8108is delivering a huge message, other 8109.i sendmail s 8110won't be able to send even small messages). 8111Also, it requires another file descriptor 8112(for the lock file) 8113per connection, so you may have to reduce the 8114.b ConnectionCacheSize 8115option to avoid running out of per-process file descriptors. 8116Requires the 8117.b HostStatusDirectory 8118option. 8119.ip SmtpGreetingMessage=\fImessage\fP 8120[$e macro] 8121The message printed when the SMTP server starts up. 8122Defaults to 8123.q "$j Sendmail $v ready at $b". 8124.ip SoftBounce 8125If set, issue temporary errors (4xy) instead of permanent errors (5xy). 8126This can be useful during testing of a new configuration to avoid 8127erroneous bouncing of mails. 8128.ip StatusFile=\fIfile\fP 8129[S] 8130Log summary statistics in the named 8131.i file . 8132If no file name is specified, "statistics" is used. 8133If not set, 8134no summary statistics are saved. 8135This file does not grow in size. 8136It can be printed using the 8137.i mailstats (8) 8138program. 8139.ip SuperSafe 8140[s] 8141This option can be set to True, False, Interactive, or PostMilter. 8142If set to True, 8143.i sendmail 8144will be super-safe when running things, 8145i.e., always instantiate the queue file, 8146even if you are going to attempt immediate delivery. 8147.i Sendmail 8148always instantiates the queue file 8149before returning control to the client 8150under any circumstances. 8151This should really 8152.i always 8153be set to True. 8154The Interactive value has been introduced in 8.12 and can 8155be used together with 8156.b DeliveryMode=i . 8157It skips some synchronization calls which are effectively 8158doubled in the code execution path for this mode. 8159If set to PostMilter, 8160.i sendmail 8161defers synchronizing the queue file until any milters have 8162signaled acceptance of the message. 8163PostMilter is useful only when 8164.i sendmail 8165is running as an SMTP server; in all other situations it 8166acts the same as True. 8167.ip TLSSrvOptions 8168[no short name] 8169List of options for SMTP STARTTLS for the server 8170consisting of single characters 8171with intervening white space or commas. 8172The flag ``V'' disables client verification, and hence 8173it is not possible to use a client certificate for relaying. 8174Currently there are no other flags available. 8175.ip TempFileMode=\fImode\fP 8176[F] 8177The file mode for transcript files, files to which 8178.i sendmail 8179delivers directly, files in the 8180.b HostStatusDirectory , 8181and 8182.b StatusFile . 8183It is interpreted in octal by default. 8184Defaults to 0600. 8185.ip Timeout.\fItype\fP=\\|\fItimeout\fP 8186[r; subsumes old T option as well] 8187Set timeout values. 8188For more information, 8189see section 8190.\" XREF 81914.1. 8192.ip TimeZoneSpec=\fItzinfo\fP 8193[t] 8194Set the local time zone info to 8195.i tzinfo 8196\- for example, 8197.q PST8PDT . 8198Actually, if this is not set, 8199the TZ environment variable is cleared (so the system default is used); 8200if set but null, the user's TZ variable is used, 8201and if set and non-null the TZ variable is set to this value. 8202.ip TrustedUser=\fIuser\fP 8203[no short name] 8204The 8205.i user 8206parameter may be a user name 8207(looked up in 8208.i /etc/passwd ) 8209or a numeric user id. 8210Trusted user for file ownership and starting the daemon. If set, generated 8211alias databases and the control socket (if configured) will automatically 8212be owned by this user. 8213.ip TryNullMXList 8214[w] 8215If this system is the 8216.q best 8217(that is, lowest preference) 8218MX for a given host, 8219its configuration rules should normally detect this situation 8220and treat that condition specially 8221by forwarding the mail to a UUCP feed, 8222treating it as local, 8223or whatever. 8224However, in some cases (such as Internet firewalls) 8225you may want to try to connect directly to that host 8226as though it had no MX records at all. 8227Setting this option causes 8228.i sendmail 8229to try this. 8230The downside is that errors in your configuration 8231are likely to be diagnosed as 8232.q "host unknown" 8233or 8234.q "message timed out" 8235instead of something more meaningful. 8236This option is disrecommended. 8237.ip UnixFromLine=\fIfromline\fP 8238[$l macro] 8239Defines the format used when 8240.i sendmail 8241must add a UNIX-style From_ line 8242(that is, a line beginning 8243.q From<space>user ). 8244Defaults to 8245.q "From $g $d" . 8246Don't change this unless your system uses a different UNIX mailbox format 8247(very unlikely). 8248.ip UnsafeGroupWrites 8249[no short name] 8250If set (default), 8251:include: and .forward files that are group writable are considered 8252.q unsafe , 8253that is, 8254they cannot reference programs or write directly to files. 8255World writable :include: and .forward files 8256are always unsafe. 8257Note: use 8258.b DontBlameSendmail 8259instead; this option is deprecated. 8260.ip UseErrorsTo 8261[l] 8262If there is an 8263.q Errors-To: 8264header, send error messages to the addresses listed there. 8265They normally go to the envelope sender. 8266Use of this option causes 8267.i sendmail 8268to violate RFC 1123. 8269This option is disrecommended and deprecated. 8270.ip UserDatabaseSpec=\fIudbspec\fP 8271[U] 8272The user database specification. 8273.ip Verbose 8274[v] 8275Run in verbose mode. 8276If this is set, 8277.i sendmail 8278adjusts options 8279.b HoldExpensive 8280(old 8281.b c ) 8282and 8283.b DeliveryMode 8284(old 8285.b d ) 8286so that all mail is delivered completely 8287in a single job 8288so that you can see the entire delivery process. 8289Option 8290.b Verbose 8291should 8292.i never 8293be set in the configuration file; 8294it is intended for command line use only. 8295Note that the use of option 8296.b Verbose 8297can cause authentication information to leak, if you use a 8298sendmail client to authenticate to a server. 8299If the authentication mechanism uses plain text passwords 8300(as with LOGIN or PLAIN), 8301then the password could be compromised. 8302To avoid this, do not install sendmail set-user-ID root, 8303and disable the 8304.b VERB 8305SMTP command with a suitable 8306.b PrivacyOptions 8307setting. 8308.ip XscriptFileBufferSize=\fIthreshold\fP 8309[no short name] 8310Set the 8311.i threshold , 8312in bytes, 8313before a memory-based 8314queue transcript file 8315becomes disk-based. 8316The default is 4096 bytes. 8317.lp 8318All options can be specified on the command line using the 8319\-O or \-o flag, 8320but most will cause 8321.i sendmail 8322to relinquish its set-user-ID permissions. 8323The options that will not cause this are 8324SevenBitInput [7], 8325EightBitMode [8], 8326MinFreeBlocks [b], 8327CheckpointInterval [C], 8328DeliveryMode [d], 8329ErrorMode [e], 8330IgnoreDots [i], 8331SendMimeErrors [j], 8332LogLevel [L], 8333MeToo [m], 8334OldStyleHeaders [o], 8335PrivacyOptions [p], 8336SuperSafe [s], 8337Verbose [v], 8338QueueSortOrder, 8339MinQueueAge, 8340DefaultCharSet, 8341Dial Delay, 8342NoRecipientAction, 8343ColonOkInAddr, 8344MaxQueueRunSize, 8345SingleLineFromHeader, 8346and 8347AllowBogusHELO. 8348Actually, PrivacyOptions [p] given on the command line 8349are added to those already specified in the 8350.i sendmail.cf 8351file, i.e., they can't be reset. 8352Also, M (define macro) when defining the r or s macros 8353is also considered 8354.q safe . 8355.sh 2 "P \- Precedence Definitions" 8356.pp 8357Values for the 8358.q "Precedence:" 8359field may be defined using the 8360.b P 8361control line. 8362The syntax of this field is: 8363.(b 8364\fBP\fP\fIname\fP\fB=\fP\fInum\fP 8365.)b 8366When the 8367.i name 8368is found in a 8369.q Precedence: 8370field, 8371the message class is set to 8372.i num . 8373Higher numbers mean higher precedence. 8374Numbers less than zero 8375have the special property 8376that if an error occurs during processing 8377the body of the message will not be returned; 8378this is expected to be used for 8379.q "bulk" 8380mail such as through mailing lists. 8381The default precedence is zero. 8382For example, 8383our list of precedences is: 8384.(b 8385Pfirst-class=0 8386Pspecial-delivery=100 8387Plist=\-30 8388Pbulk=\-60 8389Pjunk=\-100 8390.)b 8391People writing mailing list exploders 8392are encouraged to use 8393.q "Precedence: list" . 8394Older versions of 8395.i sendmail 8396(which discarded all error returns for negative precedences) 8397didn't recognize this name, giving it a default precedence of zero. 8398This allows list maintainers to see error returns 8399on both old and new versions of 8400.i sendmail . 8401.sh 2 "V \- Configuration Version Level" 8402.pp 8403To provide compatibility with old configuration files, 8404the 8405.b V 8406line has been added to define some very basic semantics 8407of the configuration file. 8408These are not intended to be long term supports; 8409rather, they describe compatibility features 8410which will probably be removed in future releases. 8411.pp 8412.b N.B.: 8413these version 8414.i levels 8415have nothing 8416to do with the version 8417.i number 8418on the files. 8419For example, 8420as of this writing 8421version 10 config files 8422(specifically, 8.10) 8423used version level 9 configurations. 8424.pp 8425.q Old 8426configuration files are defined as version level one. 8427Version level two files make the following changes: 8428.np 8429Host name canonification ($[ ... $]) 8430appends a dot if the name is recognized; 8431this gives the config file a way of finding out if anything matched. 8432(Actually, this just initializes the 8433.q host 8434map with the 8435.q \-a. 8436flag \- you can reset it to anything you prefer 8437by declaring the map explicitly.) 8438.np 8439Default host name extension is consistent throughout processing; 8440version level one configurations turned off domain extension 8441(that is, adding the local domain name) 8442during certain points in processing. 8443Version level two configurations are expected to include a trailing dot 8444to indicate that the name is already canonical. 8445.np 8446Local names that are not aliases 8447are passed through a new distinguished ruleset five; 8448this can be used to append a local relay. 8449This behavior can be prevented by resolving the local name 8450with an initial `@'. 8451That is, something that resolves to a local mailer and a user name of 8452.q vikki 8453will be passed through ruleset five, 8454but a user name of 8455.q @vikki 8456will have the `@' stripped, 8457will not be passed through ruleset five, 8458but will otherwise be treated the same as the prior example. 8459The expectation is that this might be used to implement a policy 8460where mail sent to 8461.q vikki 8462was handled by a central hub, 8463but mail sent to 8464.q vikki@localhost 8465was delivered directly. 8466.pp 8467Version level three files 8468allow # initiated comments on all lines. 8469Exceptions are backslash escaped # marks 8470and the $# syntax. 8471.pp 8472Version level four configurations 8473are completely equivalent to level three 8474for historical reasons. 8475.pp 8476Version level five configuration files 8477change the default definition of 8478.b $w 8479to be just the first component of the hostname. 8480.pp 8481Version level six configuration files 8482change many of the local processing options 8483(such as aliasing and matching the beginning of the address for 8484`\|' characters) 8485to be mailer flags; 8486this allows fine-grained control over the special local processing. 8487Level six configuration files may also use long option names. 8488The 8489.b ColonOkInAddr 8490option (to allow colons in the local-part of addresses) 8491defaults 8492.b on 8493for lower numbered configuration files; 8494the configuration file requires some additional intelligence 8495to properly handle the RFC 822 group construct. 8496.pp 8497Version level seven configuration files 8498used new option names to replace old macros 8499(\c 8500.b $e 8501became 8502.b SmtpGreetingMessage , 8503.b $l 8504became 8505.b UnixFromLine , 8506and 8507.b $o 8508became 8509.b OperatorChars . 8510Also, prior to version seven, 8511the 8512.b F=q 8513flag (use 250 instead of 252 return value for 8514.sm "SMTP VRFY" 8515commands) 8516was assumed. 8517.pp 8518Version level eight configuration files allow 8519.b $# 8520on the left hand side of ruleset lines. 8521.pp 8522Version level nine configuration files allow 8523parentheses in rulesets, i.e. they are not treated 8524as comments and hence removed. 8525.pp 8526Version level ten configuration files allow 8527queue group definitions. 8528.pp 8529The 8530.b V 8531line may have an optional 8532.b / \c 8533.i vendor 8534to indicate that this configuration file uses modifications 8535specific to a particular vendor\. 8536.(f 8537\And of course, vendors are encouraged to add themselves 8538to the list of recognized vendors by editing the routine 8539.i setvendor 8540in 8541.i conf.c . 8542Please send e-mail to sendmail@Sendmail.ORG 8543to register your vendor dialect. 8544.)f 8545You may use 8546.q /Berkeley 8547to emphasize that this configuration file 8548uses the Berkeley dialect of 8549.i sendmail . 8550.sh 2 "K \- Key File Declaration" 8551.pp 8552Special maps can be defined using the line: 8553.(b 8554Kmapname mapclass arguments 8555.)b 8556The 8557.i mapname 8558is the handle by which this map is referenced in the rewriting rules. 8559The 8560.i mapclass 8561is the name of a type of map; 8562these are compiled in to 8563.i sendmail . 8564The 8565.i arguments 8566are interpreted depending on the class; 8567typically, 8568there would be a single argument naming the file containing the map. 8569.pp 8570Maps are referenced using the syntax: 8571.(b 8572$( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $) 8573.)b 8574where either or both of the 8575.i arguments 8576or 8577.i default 8578portion may be omitted. 8579The 8580.i "$@ arguments" 8581may appear more than once. 8582The indicated 8583.i key 8584and 8585.i arguments 8586are passed to the appropriate mapping function. 8587If it returns a value, it replaces the input. 8588If it does not return a value and the 8589.i default 8590is specified, the 8591.i default 8592replaces the input. 8593Otherwise, the input is unchanged. 8594.pp 8595The 8596.i arguments 8597are passed to the map for arbitrary use. 8598Most map classes can interpolate these arguments 8599into their values using the syntax 8600.q %\fIn\fP 8601(where 8602.i n 8603is a digit) 8604to indicate the corresponding 8605.i argument . 8606Argument 8607.q %0 8608indicates the database key. 8609For example, the rule 8610.(b 8611.ta 1.5i 8612R$\- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $) 8613.)b 8614Looks up the UUCP name in a (user defined) UUCP map; 8615if not found it turns it into 8616.q \&.UUCP 8617form. 8618The database might contain records like: 8619.(b 8620decvax %1@%0.DEC.COM 8621research %1@%0.ATT.COM 8622.)b 8623Note that 8624.i default 8625clauses never do this mapping. 8626.pp 8627The built-in map with both name and class 8628.q host 8629is the host name canonicalization lookup. 8630Thus, 8631the syntax: 8632.(b 8633$(host \fIhostname\fP$) 8634.)b 8635is equivalent to: 8636.(b 8637$[\fIhostname\fP$] 8638.)b 8639.pp 8640There are many defined classes. 8641.ip dbm 8642Database lookups using the ndbm(3) library. 8643.i Sendmail 8644must be compiled with 8645.b NDBM 8646defined. 8647.ip btree 8648Database lookups using the btree interface to the Berkeley DB 8649library. 8650.i Sendmail 8651must be compiled with 8652.b NEWDB 8653defined. 8654.ip hash 8655Database lookups using the hash interface to the Berkeley DB 8656library. 8657.i Sendmail 8658must be compiled with 8659.b NEWDB 8660defined. 8661.ip nis 8662NIS lookups. 8663.i Sendmail 8664must be compiled with 8665.b NIS 8666defined. 8667.ip nisplus 8668NIS+ lookups. 8669.i Sendmail 8670must be compiled with 8671.b NISPLUS 8672defined. 8673The argument is the name of the table to use for lookups, 8674and the 8675.b \-k 8676and 8677.b \-v 8678flags may be used to set the key and value columns respectively. 8679.ip hesiod 8680Hesiod lookups. 8681.i Sendmail 8682must be compiled with 8683.b HESIOD 8684defined. 8685.ip ldap 8686LDAP X500 directory lookups. 8687.i Sendmail 8688must be compiled with 8689.b LDAPMAP 8690defined. 8691The map supports most of the standard arguments 8692and most of the command line arguments of the 8693.i ldapsearch 8694program. 8695Note that, 8696by default, 8697if a single query matches multiple values, 8698only the first value will be returned 8699unless the 8700.b \-z 8701(value separator) 8702map flag is set. 8703Also, the 8704.b \-1 8705map flag will treat a multiple value return 8706as if there were no matches. 8707.ip netinfo 8708NeXT NetInfo lookups. 8709.i Sendmail 8710must be compiled with 8711.b NETINFO 8712defined. 8713.ip text 8714Text file lookups. 8715The format of the text file is defined by the 8716.b \-k 8717(key field number), 8718.b \-v 8719(value field number), 8720and 8721.b \-z 8722(field delimiter) 8723flags. 8724.ip ph 8725PH query map. 8726Contributed and supported by 8727Mark Roth, roth@uiuc.edu. 8728For more information, 8729consult the web site 8730.q http://www-dev.cites.uiuc.edu/sendmail/ . 8731.ip nsd 8732nsd map for IRIX 6.5 and later. 8733Contributed and supported by Bob Mende of SGI, 8734mende@sgi.com. 8735.ip stab 8736Internal symbol table lookups. 8737Used internally for aliasing. 8738.ip implicit 8739Really should be called 8740.q alias 8741\(em this is used to get the default lookups 8742for alias files, 8743and is the default if no class is specified for alias files. 8744.ip user 8745Looks up users using 8746.i getpwnam (3). 8747The 8748.b \-v 8749flag can be used to specify the name of the field to return 8750(although this is normally used only to check the existence 8751of a user). 8752.ip host 8753Canonifies host domain names. 8754Given a host name it calls the name server 8755to find the canonical name for that host. 8756.ip bestmx 8757Returns the best MX record for a host name given as the key. 8758The current machine is always preferred \- 8759that is, if the current machine is one of the hosts listed as a 8760lowest-preference MX record, then it will be guaranteed to be returned. 8761This can be used to find out if this machine is the target for an MX record, 8762and mail can be accepted on that basis. 8763If the 8764.b \-z 8765flag is given, then all MX names are returned, 8766separated by the given delimiter. 8767.ip dns 8768This map requires the option -R to specify the DNS resource record 8769type to lookup. The following types are supported: 8770A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT. 8771A map lookup will return only one record. 8772Hence for some types, e.g., MX records, the return value might be a random 8773element of the list due to randomizing in the DNS resolver. 8774.ip sequence 8775The arguments on the `K' line are a list of maps; 8776the resulting map searches the argument maps in order 8777until it finds a match for the indicated key. 8778For example, if the key definition is: 8779.(b 8780Kmap1 ... 8781Kmap2 ... 8782Kseqmap sequence map1 map2 8783.)b 8784then a lookup against 8785.q seqmap 8786first does a lookup in map1. 8787If that is found, it returns immediately. 8788Otherwise, the same key is used for map2. 8789.ip syslog 8790the key is logged via 8791.i syslogd \\|(8). 8792The lookup returns the empty string. 8793.ip switch 8794Much like the 8795.q sequence 8796map except that the order of maps is determined by the service switch. 8797The argument is the name of the service to be looked up; 8798the values from the service switch are appended to the map name 8799to create new map names. 8800For example, consider the key definition: 8801.(b 8802Kali switch aliases 8803.)b 8804together with the service switch entry: 8805.(b 8806aliases nis files 8807.)b 8808This causes a query against the map 8809.q ali 8810to search maps named 8811.q ali.nis 8812and 8813.q ali.files 8814in that order. 8815.ip dequote 8816Strip double quotes (") from a name. 8817It does not strip backslashes, 8818and will not strip quotes if the resulting string 8819would contain unscannable syntax 8820(that is, basic errors like unbalanced angle brackets; 8821more sophisticated errors such as unknown hosts are not checked). 8822The intent is for use when trying to accept mail from systems such as 8823DECnet 8824that routinely quote odd syntax such as 8825.(b 8826"49ers::ubell" 8827.)b 8828A typical usage is probably something like: 8829.(b 8830Kdequote dequote 8831* 8832\&... 8833 8834R$\- $: $(dequote $1 $) 8835R$\- $+ $: $>3 $1 $2 8836.)b 8837Care must be taken to prevent unexpected results; 8838for example, 8839.(b 8840"\|someprogram < input > output" 8841.)b 8842will have quotes stripped, 8843but the result is probably not what you had in mind. 8844Fortunately these cases are rare. 8845.ip regex 8846The map definition on the 8847.b K 8848line contains a regular expression. 8849Any key input is compared to that expression using the 8850POSIX regular expressions routines regcomp(), regerr(), and regexec(). 8851Refer to the documentation for those routines for more information 8852about the regular expression matching. 8853No rewriting of the key is done if the 8854.b \-m 8855flag is used. Without it, the key is discarded or if 8856.b \-s 8857if used, it is substituted by the substring matches, delimited by 8858.b $\| 8859or the string specified with the the 8860.b \-d 8861flag. The flags available for the map are 8862.(b 8863.ta 4n 8864-n not 8865-f case sensitive 8866-b basic regular expressions (default is extended) 8867-s substring match 8868-d set the delimiter used for -s 8869-a append string to key 8870-m match only, do not replace/discard value 8871-D perform no lookup in deferred delivery mode. 8872.)b 8873The 8874.b \-s 8875flag can include an optional parameter which can be used 8876to select the substrings in the result of the lookup. For example, 8877.(b 8878-s1,3,4 8879.)b 8880Notes: to match a 8881.b $ 8882in a string, 8883\\$$ 8884must be used. 8885If the pattern contains spaces, they must be replaced 8886with the blank substitution character, unless it is 8887space itself. 8888.ip program 8889The arguments on the 8890.b K 8891line are the pathname to a program and any initial parameters to be passed. 8892When the map is called, 8893the key is added to the initial parameters 8894and the program is invoked 8895as the default user/group id. 8896The first line of standard output is returned as the value of the lookup. 8897This has many potential security problems, 8898and has terrible performance; 8899it should be used only when absolutely necessary. 8900.ip macro 8901Set or clear a macro value. 8902To set a macro, 8903pass the value as the first argument in the map lookup. 8904To clear a macro, 8905do not pass an argument in the map lookup. 8906The map always returns the empty string. 8907Example of typical usage include: 8908.(b 8909Kstorage macro 8910 8911\&... 8912 8913# set macro ${MyMacro} to the ruleset match 8914R$+ $: $(storage {MyMacro} $@ $1 $) $1 8915# set macro ${MyMacro} to an empty string 8916R$* $: $(storage {MyMacro} $@ $) $1 8917# clear macro ${MyMacro} 8918R$\- $: $(storage {MyMacro} $) $1 8919.)b 8920.ip arith 8921Perform simple arithmetic operations. 8922The operation is given as key, currently 8923+, -, , /, %, 8924\|, & (bitwise OR, AND), 8925l (for less than), =, 8926and r (for random) are supported. 8927The two operands are given as arguments. 8928The lookup returns the result of the computation, 8929i.e., 8930.sm TRUE 8931or 8932.sm FALSE 8933for comparisons, integer values otherwise. 8934The r operator returns a pseudo-random number whose value 8935lies between the first and second operand 8936(which requires that the first operand is smaller than the second). 8937All options which are possible for maps are ignored. 8938A simple example is: 8939.(b 8940Kcomp arith 8941* 8942\&... 8943 8944Scheck_etrn 8945R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1 8946RFALSE $# error \&... 8947.)b 8948.ip socket 8949The socket map uses a simple request/reply protocol over TCP or UNIX domain 8950sockets to query an external server. 8951Both requests and replies are text based and encoded as netstrings, 8952i.e., a string "hello there" becomes: 8953.(b 895411:hello there, 8955.)b 8956Note: neither requests nor replies end with CRLF. 8957 8958The request consists of the database map name and the lookup key separated 8959by a space character: 8960 8961.(b 8962<mapname> ' ' <key> 8963.)b 8964 8965The server responds with a status indicator and the result (if any): 8966 8967.(b 8968<status> ' ' <result> 8969.)b 8970 8971The status indicator specifies the result of the lookup operation itself 8972and is one of the following upper case words: 8973.(b 8974.ta 9n 8975OK the key was found, result contains the looked up value 8976NOTFOUND the key was not found, the result is empty 8977TEMP a temporary failure occured 8978TIMEOUT a timeout occured on the server side 8979PERM a permanent failure occured 8980.)b 8981 8982In case of errors (status TEMP, TIMEOUT or PERM) the result field may 8983contain an explanatory message. 8984However, the explanatory message is not used any further by 8985.i sendmail . 8986 8987Example replies: 8988.(b 898931:OK resolved.address@example.com, 8990.)b 8991 8992.(b 899356:OK error:550 5.7.1 User does not accept mail from sender, 8994.)b 8995 8996in case of successful lookups, or: 8997.(b 89988:NOTFOUND, 8999.)b 9000 9001in case the key was not found, or: 9002.(b 900355:TEMP this text explains that we had a temporary failure, 9004.)b 9005 9006in case of a temporary map lookup failure. 9007 9008The socket map uses the same syntax as milters 9009(see Section "X \- Mail Filter (Milter) Definitions") 9010to specify the remote endpoint, e.g., 9011.(b 9012Ksocket mySocketMap inet:12345@127.0.0.1 9013.)b 9014* 9015If multiple socket maps define the same remote endpoint, they will share 9016a single connection to this endpoint. 9017.pp 9018Most of these accept as arguments the same optional flags 9019and a filename 9020(or a mapname for NIS; 9021the filename is the root of the database path, 9022so that 9023.q .db 9024or some other extension appropriate for the database type 9025will be added to get the actual database name). 9026Known flags are: 9027.ip "\-o" 9028Indicates that this map is optional \- that is, 9029if it cannot be opened, 9030no error is produced, 9031and 9032.i sendmail 9033will behave as if the map existed but was empty. 9034.ip "\-N, \-O" 9035If neither 9036.b \-N 9037or 9038.b \-O 9039are specified, 9040.i sendmail 9041uses an adaptive algorithm to decide whether or not to look for null bytes 9042on the end of keys. 9043It starts by trying both; 9044if it finds any key with a null byte it never tries again without a null byte 9045and vice versa. 9046If 9047.b \-N 9048is specified it never tries without a null byte and 9049if 9050.b \-O 9051is specified it never tries with a null byte. 9052Setting one of 9053these can speed matches but are never necessary. 9054If both 9055.b \-N 9056and 9057.b \-O 9058are specified, 9059.i sendmail 9060will never try any matches at all \(em 9061that is, everything will appear to fail. 9062.ip "\-a\fIx\fP" 9063Append the string 9064.i x 9065on successful matches. 9066For example, the default 9067.i host 9068map appends a dot on successful matches. 9069.ip "\-T\fIx\fP" 9070Append the string 9071.i x 9072on temporary failures. 9073For example, 9074.i x 9075would be appended if a DNS lookup returned 9076.q "server failed" 9077or an NIS lookup could not locate a server. 9078See also the 9079.b \-t 9080flag. 9081.ip "\-f" 9082Do not fold upper to lower case before looking up the key. 9083.ip "\-m" 9084Match only (without replacing the value). 9085If you only care about the existence of a key and not the value 9086(as you might when searching the NIS map 9087.q hosts.byname 9088for example), 9089this flag prevents the map from substituting the value. 9090However, 9091The \-a argument is still appended on a match, 9092and the default is still taken if the match fails. 9093.ip "\-k\fIkeycol\fP" 9094The key column name (for NIS+) or number 9095(for text lookups). 9096For LDAP maps this is an LDAP filter string 9097in which %s is replaced with the literal contents of the lookup key 9098and %0 is replaced with the LDAP escaped contents of the lookup key 9099according to RFC 2254. 9100If the flag 9101.b \-K 9102is used, then %1 through %9 are replaced with the LDAP escaped contents 9103of the arguments specified in the map lookup. 9104.ip "\-v\fIvalcol\fP" 9105The value column name (for NIS+) or number 9106(for text lookups). 9107For LDAP maps this is the name of one or more 9108attributes to be returned; 9109multiple attributes can be separated by commas. 9110If not specified, all attributes found in the match 9111will be returned. 9112The attributes listed can also include a type and one or more 9113objectClass values for matching as described in the LDAP section. 9114.ip "\-z\fIdelim\fP" 9115The column delimiter (for text lookups). 9116It can be a single character or one of the special strings 9117.q \\|\en 9118or 9119.q \\|\et 9120to indicate newline or tab respectively. 9121If omitted entirely, 9122the column separator is any sequence of white space. 9123For LDAP maps this is the separator character 9124to combine multiple values 9125into a single return string. 9126If not set, 9127the LDAP lookup will only return the first match found. 9128For DNS maps this is the separator character at which 9129the result of a query is cut off if is too long. 9130.ip "\-t" 9131Normally, when a map attempts to do a lookup 9132and the server fails 9133(e.g., 9134.i sendmail 9135couldn't contact any name server; 9136this is 9137.i not 9138the same as an entry not being found in the map), 9139the message being processed is queued for future processing. 9140The 9141.b \-t 9142flag turns off this behavior, 9143letting the temporary failure (server down) 9144act as though it were a permanent failure (entry not found). 9145It is particularly useful for DNS lookups, 9146where someone else's misconfigured name server can cause problems 9147on your machine. 9148However, care must be taken to ensure that you don't bounce mail 9149that would be resolved correctly if you tried again. 9150A common strategy is to forward such mail 9151to another, possibly better connected, mail server. 9152.ip "\-D" 9153Perform no lookup in deferred delivery mode. 9154This flag is set by default for the 9155.i host 9156map. 9157.ip "\-S\fIspacesub\fP 9158The character to use to replace space characters 9159after a successful map lookup (esp. useful for regex 9160and syslog maps). 9161.ip "\-s\fIspacesub\fP 9162For the dequote map only, 9163the character to use to replace space characters 9164after a successful dequote. 9165.ip "\-q" 9166Don't dequote the key before lookup. 9167.ip "\-L\fIlevel\fP 9168For the syslog map only, it specifies the level 9169to use for the syslog call. 9170.ip "\-A" 9171When rebuilding an alias file, 9172the 9173.b \-A 9174flag causes duplicate entries in the text version 9175to be merged. 9176For example, two entries: 9177.(b 9178list: user1, user2 9179list: user3 9180.)b 9181would be treated as though it were the single entry 9182.(b 9183list: user1, user2, user3 9184.)b 9185in the presence of the 9186.b \-A 9187flag. 9188.pp 9189Some additional flags are available for the host and dns maps: 9190.ip "\-d" 9191delay: specify the resolver's retransmission time interval (in seconds). 9192.ip "\-r" 9193retry: specify the number of times to retransmit a resolver query. 9194.pp 9195The dns map has another flag: 9196.ip "\-B" 9197basedomain: specify a domain that is always appended to queries. 9198.pp 9199The following additional flags are present in the ldap map only: 9200.ip "\-R" 9201Do not auto chase referrals. sendmail must be compiled with 9202.b \-DLDAP_REFERRALS 9203to use this flag. 9204.ip "\-n" 9205Retrieve attribute names only. 9206.ip "\-V\fIsep\fP" 9207Retrieve both attributes name and value(s), 9208separated by 9209.i sep . 9210.ip "\-r\fIderef\fP" 9211Set the alias dereference option to one of never, always, search, or find. 9212.ip "\-s\fIscope\fP" 9213Set search scope to one of base, one (one level), or sub (subtree). 9214.ip "\-h\fIhost\fP" 9215LDAP server hostname. 9216Some LDAP libraries allow you to specify multiple, space-separated hosts for 9217redundancy. 9218In addition, each of the hosts listed can be followed by a colon and a port 9219number to override the default LDAP port. 9220.ip "\-p\fIport\fP" 9221LDAP service port. 9222.ip "\-H \fILDAPURI\fP" 9223Use the specified LDAP URI instead of specifying the hostname and port 9224separately with the the 9225.b \-h 9226and 9227.b \-p 9228options shown above. 9229For example, 9230.(b 9231-h server.example.com -p 389 -b dc=example,dc=com 9232.)b 9233is equivalent to 9234.(b 9235-H ldap://server.example.com:389 -b dc=example,dc=com 9236.)b 9237If the LDAP library supports it, 9238the LDAP URI format however can also request LDAP over SSL by using 9239.b ldaps:// 9240instead of 9241.b ldap:// . 9242For example: 9243.(b 9244O LDAPDefaultSpec=-H ldaps://ldap.example.com -b dc=example,dc=com 9245.)b 9246Similarly, if the LDAP library supports it, 9247It can also be used to specify a UNIX domain socket using 9248.b ldapi:// : 9249.(b 9250O LDAPDefaultSpec=-H ldapi://socketfile -b dc=example,dc=com 9251.)b 9252.ip "\-b\fIbase\fP" 9253LDAP search base. 9254.ip "\-l\fItimelimit\fP" 9255Time limit for LDAP queries. 9256.ip "\-Z\fIsizelimit\fP" 9257Size (number of matches) limit for LDAP or DNS queries. 9258.ip "\-d\fIdistinguished_name\fP" 9259The distinguished name to use to login to the LDAP server. 9260.ip "\-M\fImethod\fP" 9261The method to authenticate to the LDAP server. 9262Should be one of 9263.b LDAP_AUTH_NONE , 9264.b LDAP_AUTH_SIMPLE , 9265or 9266.b LDAP_AUTH_KRBV4 . 9267.ip "\-P\fIpasswordfile\fP" 9268The file containing the secret key for the 9269.b LDAP_AUTH_SIMPLE 9270authentication method 9271or the name of the Kerberos ticket file for 9272.b LDAP_AUTH_KRBV4 . 9273.ip "\-1" 9274Force LDAP searches to only succeed if a single match is found. 9275If multiple values are found, 9276the search is treated as if no match was found. 9277.ip "\-w\fIversion\fP" 9278Set the LDAP API/protocol version to use. 9279The default depends on the LDAP client libraries in use. 9280For example, 9281.b "\-w 3" 9282will cause 9283.i sendmail 9284to use LDAPv3 when communicating with the LDAP server. 9285.ip "\-K" 9286Treat the LDAP search key as multi-argument and 9287replace %1 through %9 in the key with 9288the LDAP escaped contents of the lookup arguments specified in the map lookup. 9289.pp 9290The 9291.i dbm 9292map appends the strings 9293.q \&.pag 9294and 9295.q \&.dir 9296to the given filename; 9297the 9298.i hash 9299and 9300.i btree 9301maps append 9302.q \&.db . 9303For example, the map specification 9304.(b 9305Kuucp dbm \-o \-N /etc/mail/uucpmap 9306.)b 9307specifies an optional map named 9308.q uucp 9309of class 9310.q dbm ; 9311it always has null bytes at the end of every string, 9312and the data is located in 9313/etc/mail/uucpmap.{dir,pag}. 9314.pp 9315The program 9316.i makemap (8) 9317can be used to build any of the three database-oriented maps. 9318It takes the following flags: 9319.ip \-f 9320Do not fold upper to lower case in the map. 9321.ip \-N 9322Include null bytes in keys. 9323.ip \-o 9324Append to an existing (old) file. 9325.ip \-r 9326Allow replacement of existing keys; 9327normally, re-inserting an existing key is an error. 9328.ip \-v 9329Print what is happening. 9330.lp 9331The 9332.i sendmail 9333daemon does not have to be restarted to read the new maps 9334as long as you change them in place; 9335file locking is used so that the maps won't be read 9336while they are being updated. 9337.pp 9338New classes can be added in the routine 9339.b setupmaps 9340in file 9341.b conf.c . 9342.sh 2 "Q \- Queue Group Declaration" 9343.pp 9344In addition to the option 9345.i QueueDirectory, 9346queue groups can be declared that define a (group of) queue directories 9347under a common name. 9348The syntax is as follows: 9349.(b F 9350.b Q \c 9351.i name 9352{, \c 9353.i field =\c 9354.i value \\|}+ 9355.)b 9356where 9357.i name 9358is the symbolic name of the queue group under which 9359it can be referenced in various places 9360and the 9361.q field=value 9362pairs define attributes of the queue group. 9363The name must only consist of alphanumeric characters. 9364Fields are: 9365.ip Flags 9366Flags for this queue group. 9367.ip Nice 9368The nice(2) increment for the queue group. 9369This value must be greater or equal zero. 9370.ip Interval 9371The time between two queue runs. 9372.ip Path 9373The queue directory of the group (required). 9374.ip Runners 9375The number of parallel runners processing the queue. 9376Note that 9377.b F=f 9378must be set if this value is greater than one. 9379.ip Jobs 9380The maximum number of jobs (messages delivered) per queue run. 9381.ip recipients 9382The maximum number of recipients per envelope. 9383Envelopes with more than this number of recipients will be split 9384into multiple envelopes in the same queue directory. 9385The default value 0 means no limit. 9386.lp 9387Only the first character of the field name is checked. 9388.pp 9389By default, a queue group named 9390.i mqueue 9391is defined that uses the value of the 9392.i QueueDirectory 9393option as path. 9394Notice: all paths that are used for queue groups must 9395be subdirectories of 9396.i QueueDirectory . 9397Since they can be symbolic links, this isn't a real restriction, 9398If 9399.i QueueDirectory 9400uses a wildcard, then the directory one level up is considered 9401the ``base'' directory which all other queue directories must share. 9402Please make sure that the queue directories do not overlap, 9403e.g., do not specify 9404.(b 9405O QueueDirectory=/var/spool/mqueue/* 9406Qone, P=/var/spool/mqueue/dir1 9407Qtwo, P=/var/spool/mqueue/dir2 9408.)b 9409because this also includes 9410.q dir1 9411and 9412.q dir2 9413in the default queue group. 9414However, 9415.(b 9416O QueueDirectory=/var/spool/mqueue/main* 9417Qone, P=/var/spool/mqueue/dir 9418Qtwo, P=/var/spool/mqueue/other* 9419.)b 9420is a valid queue group specification. 9421.pp 9422Options listed in the ``Flags'' field can be used to modify 9423the behavior of a queue group. 9424The ``f'' flag must be set if multiple queue runners are 9425supposed to work on the entries in a queue group. 9426Otherwise 9427.i sendmail 9428will work on the entries strictly sequentially. 9429.pp 9430The ``Interval'' field sets the time between queue runs. 9431If no queue group specific interval is set, then the parameter of the 9432.b -q 9433option from the command line is used. 9434.pp 9435To control the overall number of concurrently active queue runners 9436the option 9437.b MaxQueueChildren 9438can be set. 9439This limits the number of processes used for running the queues to 9440.b MaxQueueChildren , 9441though at any one time fewer processes may be active 9442as a result of queue options, completed queue runs, system load, etc. 9443.pp 9444The maximum number of queue runners for an individual queue group can be 9445controlled via the 9446.b Runners 9447option. 9448If set to 0, entries in the queue will not be processed, which 9449is useful to ``quarantine'' queue files. 9450The number of runners per queue group may also be set with the option 9451.b MaxRunnersPerQueue , 9452which applies to queue groups that have no individual limit. 9453That is, the default value for 9454.b Runners 9455is 9456.b MaxRunnersPerQueue 9457if set, otherwise 1. 9458.pp 9459The field Jobs describes the maximum number of jobs 9460(messages delivered) per queue run, which is the queue group specific 9461value of 9462.b MaxQueueRunSize . 9463.pp 9464Notice: queue groups should be declared after all queue related options 9465have been set because queue groups take their defaults from those options. 9466If an option is set after a queue group declaration, the values of 9467options in the queue group are set to the defaults of 9468.i sendmail 9469unless explicitly set in the declaration. 9470.pp 9471Each envelope is assigned to a queue group based on the algorithm 9472described in section 9473``Queue Groups and Queue Directories''. 9474.sh 2 "X \- Mail Filter (Milter) Definitions" 9475.pp 9476The 9477.i sendmail 9478Mail Filter API (Milter) is designed to allow third-party programs access 9479to mail messages as they are being processed in order to filter 9480meta-information and content. 9481They are declared in the configuration file as: 9482.(b F 9483.b X \c 9484.i name 9485{, \c 9486.i field =\c 9487.i value \\|} 9488.)b 9489where 9490.i name 9491is the name of the filter 9492(used internally only) 9493and the 9494.q field=name 9495pairs define attributes of the filter. 9496Also see the documentation for the 9497.b InputMailFilters 9498option for more information. 9499.pp 9500Fields are: 9501.(b 9502.ta 1i 9503Socket The socket specification 9504Flags Special flags for this filter 9505Timeouts Timeouts for this filter 9506.)b 9507Only the first character of the field name is checked 9508(it's case-sensitive). 9509.pp 9510The socket specification is one of the following forms: 9511.(b F 9512.b S= \c 9513.b inet \c 9514.b : 9515.i port 9516.b @ 9517.i host 9518.)b 9519.(b F 9520.b S= \c 9521.b inet6 \c 9522.b : 9523.i port 9524.b @ 9525.i host 9526.)b 9527.(b F 9528.b S= \c 9529.b local \c 9530.b : 9531.i path 9532.)b 9533The first two describe an IPv4 or IPv6 socket listening on a certain 9534.i port 9535at a given 9536.i host 9537or IP address. 9538The final form describes a named socket on the filesystem at the given 9539.i path . 9540.pp 9541The following flags may be set in the filter description. 9542.nr ii 4n 9543.ip R 9544Reject connection if filter unavailable. 9545.ip T 9546Temporary fail connection if filter unavailable. 9547.pp 9548If neither F=R nor F=T is specified, the message is passed through 9549.i sendmail 9550in case of filter errors as if the failing filters were not present. 9551.pp 9552The timeouts can be set using the four fields inside of the 9553.b T= 9554equate: 9555.nr ii 4n 9556.ip C 9557Timeout for connecting to a filter. 9558If set to 0, the system's 9559.i connect() 9560timeout will be used. 9561.ip S 9562Timeout for sending information from the MTA to a filter. 9563.ip R 9564Timeout for reading reply from the filter. 9565.ip E 9566Overall timeout between sending end-of-message to filter and waiting for 9567the final acknowledgment. 9568.pp 9569Note the separator between each timeout field is a 9570.b ';' . 9571The default values (if not set) are: 9572.b T=C:5m;S:10s;R:10s;E:5m 9573where 9574.b s 9575is seconds and 9576.b m 9577is minutes. 9578.pp 9579Examples: 9580.(b 9581Xfilter1, S=local:/var/run/f1.sock, F=R 9582Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m 9583Xfilter3, S=inet:3333@localhost, T=C:2m 9584.)b 9585.sh 2 "The User Database" 9586.pp 9587The user database is deprecated in favor of ``virtusertable'' 9588and ``genericstable'' as explained in the file 9589.b cf/README . 9590If you have a version of 9591.i sendmail 9592with the user database package 9593compiled in, 9594the handling of sender and recipient addresses 9595is modified. 9596.pp 9597The location of this database is controlled with the 9598.b UserDatabaseSpec 9599option. 9600.sh 3 "Structure of the user database" 9601.pp 9602The database is a sorted (BTree-based) structure. 9603User records are stored with the key: 9604.(b 9605\fIuser-name\fP\fB:\fP\fIfield-name\fP 9606.)b 9607The sorted database format ensures that user records are clustered together. 9608Meta-information is always stored with a leading colon. 9609.pp 9610Field names define both the syntax and semantics of the value. 9611Defined fields include: 9612.nr ii 1i 9613.ip maildrop 9614The delivery address for this user. 9615There may be multiple values of this record. 9616In particular, 9617mailing lists will have one 9618.i maildrop 9619record for each user on the list. 9620.ip "mailname" 9621The outgoing mailname for this user. 9622For each outgoing name, 9623there should be an appropriate 9624.i maildrop 9625record for that name to allow return mail. 9626See also 9627.i :default:mailname . 9628.ip mailsender 9629Changes any mail sent to this address to have the indicated envelope sender. 9630This is intended for mailing lists, 9631and will normally be the name of an appropriate -request address. 9632It is very similar to the owner-\c 9633.i list 9634syntax in the alias file. 9635.ip fullname 9636The full name of the user. 9637.ip office-address 9638The office address for this user. 9639.ip office-phone 9640The office phone number for this user. 9641.ip office-fax 9642The office FAX number for this user. 9643.ip home-address 9644The home address for this user. 9645.ip home-phone 9646The home phone number for this user. 9647.ip home-fax 9648The home FAX number for this user. 9649.ip project 9650A (short) description of the project this person is affiliated with. 9651In the University this is often just the name of their graduate advisor. 9652.ip plan 9653A pointer to a file from which plan information can be gathered. 9654.pp 9655As of this writing, 9656only a few of these fields are actually being used by 9657.i sendmail : 9658.i maildrop 9659and 9660.i mailname . 9661A 9662.i finger 9663program that uses the other fields is planned. 9664.sh 3 "User database semantics" 9665.pp 9666When the rewriting rules submit an address to the local mailer, 9667the user name is passed through the alias file. 9668If no alias is found (or if the alias points back to the same address), 9669the name (with 9670.q :maildrop 9671appended) 9672is then used as a key in the user database. 9673If no match occurs (or if the maildrop points at the same address), 9674forwarding is tried. 9675.pp 9676If the first token of the user name returned by ruleset 0 9677is an 9678.q @ 9679sign, the user database lookup is skipped. 9680The intent is that the user database will act as a set of defaults 9681for a cluster (in our case, the Computer Science Division); 9682mail sent to a specific machine should ignore these defaults. 9683.pp 9684When mail is sent, 9685the name of the sending user is looked up in the database. 9686If that user has a 9687.q mailname 9688record, 9689the value of that record is used as their outgoing name. 9690For example, I might have a record: 9691.(b 9692eric:mailname Eric.Allman@CS.Berkeley.EDU 9693.)b 9694This would cause my outgoing mail to be sent as Eric.Allman. 9695.pp 9696If a 9697.q maildrop 9698is found for the user, 9699but no corresponding 9700.q mailname 9701record exists, 9702the record 9703.q :default:mailname 9704is consulted. 9705If present, this is the name of a host to override the local host. 9706For example, in our case we would set it to 9707.q CS.Berkeley.EDU . 9708The effect is that anyone known in the database 9709gets their outgoing mail stamped as 9710.q user@CS.Berkeley.EDU , 9711but people not listed in the database use the local hostname. 9712.sh 3 "Creating the database\*" 9713.(f 9714\These instructions are known to be incomplete. 9715Other features are available which provide similar functionality, 9716e.g., virtual hosting and mapping local addresses into a 9717generic form as explained in cf/README. 9718.)f 9719.pp 9720The user database is built from a text file 9721using the 9722.i makemap 9723utility 9724(in the distribution in the makemap subdirectory). 9725The text file is a series of lines corresponding to userdb records; 9726each line has a key and a value separated by white space. 9727The key is always in the format described above \- 9728for example: 9729.(b 9730eric:maildrop 9731.)b 9732This file is normally installed in a system directory; 9733for example, it might be called 9734.i /etc/mail/userdb . 9735To make the database version of the map, run the program: 9736.(b 9737makemap btree /etc/mail/userdb < /etc/mail/userdb 9738.)b 9739Then create a config file that uses this. 9740For example, using the V8 M4 configuration, include the 9741following line in your .mc file: 9742.(b 9743define(\`confUSERDB_SPEC\', /etc/mail/userdb) 9744.)b 9745.sh 1 "OTHER CONFIGURATION" 9746.pp 9747There are some configuration changes that can be made by 9748recompiling 9749.i sendmail . 9750This section describes what changes can be made 9751and what has to be modified to make them. 9752In most cases this should be unnecessary 9753unless you are porting 9754.i sendmail 9755to a new environment. 9756.sh 2 "Parameters in devtools/OS/$oscf" 9757.pp 9758These parameters are intended to describe the compilation environment, 9759not site policy, 9760and should normally be defined in the operating system 9761configuration file. 9762.b "This section needs a complete rewrite." 9763.ip NDBM 9764If set, 9765the new version of the DBM library 9766that allows multiple databases will be used. 9767If neither NDBM nor NEWDB are set, 9768a much less efficient method of alias lookup is used. 9769.ip NEWDB 9770If set, use the new database package from Berkeley (from 4.4BSD). 9771This package is substantially faster than DBM or NDBM. 9772If NEWDB and NDBM are both set, 9773.i sendmail 9774will read DBM files, 9775but will create and use NEWDB files. 9776.ip NIS 9777Include support for NIS. 9778If set together with 9779.i both 9780NEWDB and NDBM, 9781.i sendmail 9782will create both DBM and NEWDB files if and only if 9783an alias file includes the substring 9784.q /yp/ 9785in the name. 9786This is intended for compatibility with Sun Microsystems' 9787.i mkalias 9788program used on YP masters. 9789.ip NISPLUS 9790Compile in support for NIS+. 9791.ip NETINFO 9792Compile in support for NetInfo (NeXT stations). 9793.ip LDAPMAP 9794Compile in support for LDAP X500 queries. 9795Requires libldap and liblber 9796from the Umich LDAP 3.2 or 3.3 release 9797or equivalent libraries for other LDAP libraries 9798such as OpenLDAP. 9799.ip HESIOD 9800Compile in support for Hesiod. 9801.ip MAP_NSD 9802Compile in support for IRIX NSD lookups. 9803.ip MAP_REGEX 9804Compile in support for regular expression matching. 9805.ip DNSMAP 9806Compile in support for DNS map lookups in the 9807.i sendmail.cf 9808file. 9809.ip PH_MAP 9810Compile in support for ph lookups. 9811.ip SASL 9812Compile in support for SASL, 9813a required component for SMTP Authentication support. 9814.ip STARTTLS 9815Compile in support for STARTTLS. 9816.ip EGD 9817Compile in support for the "Entropy Gathering Daemon" 9818to provide better random data for TLS. 9819.ip TCPWRAPPERS 9820Compile in support for TCP Wrappers. 9821.ip _PATH_SENDMAILCF 9822The pathname of the sendmail.cf file. 9823.ip _PATH_SENDMAILPID 9824The pathname of the sendmail.pid file. 9825.ip SM_CONF_SHM 9826Compile in support for shared memory, see section about 9827"/var/spool/mqueue". 9828.ip MILTER 9829Compile in support for contacting external mail filters built with the 9830Milter API. 9831.pp 9832There are also several compilation flags to indicate the environment 9833such as 9834.q _AIX3 9835and 9836.q _SCO_unix_ . 9837See the sendmail/README 9838file for the latest scoop on these flags. 9839.sh 2 "Parameters in sendmail/conf.h" 9840.pp 9841Parameters and compilation options 9842are defined in conf.h. 9843Most of these need not normally be tweaked; 9844common parameters are all in sendmail.cf. 9845However, the sizes of certain primitive vectors, etc., 9846are included in this file. 9847The numbers following the parameters 9848are their default value. 9849.pp 9850This document is not the best source of information 9851for compilation flags in conf.h \(em 9852see sendmail/README or sendmail/conf.h itself. 9853.nr ii 1.2i 9854.ip "MAXLINE [2048]" 9855The maximum line length of any input line. 9856If message lines exceed this length 9857they will still be processed correctly; 9858however, header lines, 9859configuration file lines, 9860alias lines, 9861etc., 9862must fit within this limit. 9863.ip "MAXNAME [256]" 9864The maximum length of any name, 9865such as a host or a user name. 9866.ip "MAXPV [256]" 9867The maximum number of parameters to any mailer. 9868This limits the number of recipients that may be passed in one transaction. 9869It can be set to any arbitrary number above about 10, 9870since 9871.i sendmail 9872will break up a delivery into smaller batches as needed. 9873A higher number may reduce load on your system, however. 9874.ip "MAXQUEUEGROUPS [50]" 9875The maximum number of queue groups. 9876.ip "MAXATOM [1000]" 9877The maximum number of atoms 9878(tokens) 9879in a single address. 9880For example, 9881the address 9882.q "eric@CS.Berkeley.EDU" 9883is seven atoms. 9884.ip "MAXMAILERS [25]" 9885The maximum number of mailers that may be defined 9886in the configuration file. 9887This value is defined in include/sendmail/sendmail.h. 9888.ip "MAXRWSETS [200]" 9889The maximum number of rewriting sets 9890that may be defined. 9891The first half of these are reserved for numeric specification 9892(e.g., ``S92''), 9893while the upper half are reserved for auto-numbering 9894(e.g., ``Sfoo''). 9895Thus, with a value of 200 an attempt to use ``S99'' will succeed, 9896but ``S100'' will fail. 9897.ip "MAXPRIORITIES [25]" 9898The maximum number of values for the 9899.q Precedence: 9900field that may be defined 9901(using the 9902.b P 9903line in sendmail.cf). 9904.ip "MAXUSERENVIRON [100]" 9905The maximum number of items in the user environment 9906that will be passed to subordinate mailers. 9907.ip "MAXMXHOSTS [100]" 9908The maximum number of MX records we will accept for any single host. 9909.ip "MAXMAPSTACK [12]" 9910The maximum number of maps that may be "stacked" in a 9911.b sequence 9912class map. 9913.ip "MAXMIMEARGS [20]" 9914The maximum number of arguments in a MIME Content-Type: header; 9915additional arguments will be ignored. 9916.ip "MAXMIMENESTING [20]" 9917The maximum depth to which MIME messages may be nested 9918(that is, nested Message or Multipart documents; 9919this does not limit the number of components in a single Multipart document). 9920.ip "MAXDAEMONS [10]" 9921The maximum number of sockets sendmail will open for accepting connections 9922on different ports. 9923.ip "MAXMACNAMELEN [25]" 9924The maximum length of a macro name. 9925.lp 9926A number of other compilation options exist. 9927These specify whether or not specific code should be compiled in. 9928Ones marked with \(dg 9929are 0/1 valued. 9930.nr ii 1.2i 9931.ip NETINET\(dg 9932If set, 9933support for Internet protocol networking is compiled in. 9934Previous versions of 9935.i sendmail 9936referred to this as 9937.sm DAEMON ; 9938this old usage is now incorrect. 9939Defaults on; 9940turn it off in the Makefile 9941if your system doesn't support the Internet protocols. 9942.ip NETINET6\(dg 9943If set, 9944support for IPv6 networking is compiled in. 9945It must be separately enabled by adding 9946.b DaemonPortOptions 9947settings. 9948.ip NETISO\(dg 9949If set, 9950support for ISO protocol networking is compiled in 9951(it may be appropriate to #define this in the Makefile instead of conf.h). 9952.ip NETUNIX\(dg 9953If set, 9954support for UNIX domain sockets is compiled in. 9955This is used for control socket support. 9956.ip LOG 9957If set, 9958the 9959.i syslog 9960routine in use at some sites is used. 9961This makes an informational log record 9962for each message processed, 9963and makes a higher priority log record 9964for internal system errors. 9965.b "STRONGLY RECOMMENDED" 9966\(em if you want no logging, turn it off in the configuration file. 9967.ip MATCHGECOS\(dg 9968Compile in the code to do ``fuzzy matching'' on the GECOS field 9969in /etc/passwd. 9970This also requires that the 9971.b MatchGECOS 9972option be turned on. 9973.ip NAMED_BIND\(dg 9974Compile in code to use the 9975Berkeley Internet Name Domain (BIND) server 9976to resolve TCP/IP host names. 9977.ip NOTUNIX 9978If you are using a non-UNIX mail format, 9979you can set this flag to turn off special processing 9980of UNIX-style 9981.q "From " 9982lines. 9983.ip USERDB\(dg 9984Include the 9985.b experimental 9986Berkeley user information database package. 9987This adds a new level of local name expansion 9988between aliasing and forwarding. 9989It also uses the NEWDB package. 9990This may change in future releases. 9991.lp 9992The following options are normally turned on 9993in per-operating-system clauses in conf.h. 9994.ip IDENTPROTO\(dg 9995Compile in the IDENT protocol as defined in RFC 1413. 9996This defaults on for all systems except Ultrix, 9997which apparently has the interesting 9998.q feature 9999that when it receives a 10000.q "host unreachable" 10001message it closes all open connections to that host. 10002Since some firewall gateways send this error code 10003when you access an unauthorized port (such as 113, used by IDENT), 10004Ultrix cannot receive email from such hosts. 10005.ip SYSTEM5 10006Set all of the compilation parameters appropriate for System V. 10007.ip HASFLOCK\(dg 10008Use Berkeley-style 10009.b flock 10010instead of System V 10011.b lockf 10012to do file locking. 10013Due to the highly unusual semantics of locks 10014across forks in 10015.b lockf , 10016this should always be used if at all possible. 10017.ip HASINITGROUPS 10018Set this if your system has the 10019.i initgroups() 10020call 10021(if you have multiple group support). 10022This is the default if SYSTEM5 is 10023.i not 10024defined or if you are on HPUX. 10025.ip HASUNAME 10026Set this if you have the 10027.i uname (2) 10028system call (or corresponding library routine). 10029Set by default if 10030SYSTEM5 10031is set. 10032.ip HASGETDTABLESIZE 10033Set this if you have the 10034.i getdtablesize (2) 10035system call. 10036.ip HASWAITPID 10037Set this if you have the 10038.i haswaitpid (2) 10039system call. 10040.ip FAST_PID_RECYCLE 10041Set this if your system can possibly 10042reuse the same pid in the same second of time. 10043.ip SFS_TYPE 10044The mechanism that can be used to get file system capacity information. 10045The values can be one of 10046SFS_USTAT (use the ustat(2) syscall), 10047SFS_4ARGS (use the four argument statfs(2) syscall), 10048SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>), 10049SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>), 10050SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>), 10051SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>), 10052or 10053SFS_NONE (no way to get this information). 10054.ip LA_TYPE 10055The load average type. 10056Details are described below. 10057.lp 10058The are several built-in ways of computing the load average. 10059.i Sendmail 10060tries to auto-configure them based on imperfect guesses; 10061you can select one using the 10062.i cc 10063option 10064.b \-DLA_TYPE= \c 10065.i type , 10066where 10067.i type 10068is: 10069.ip LA_INT 10070The kernel stores the load average in the kernel as an array of long integers. 10071The actual values are scaled by a factor FSCALE 10072(default 256). 10073.ip LA_SHORT 10074The kernel stores the load average in the kernel as an array of short integers. 10075The actual values are scaled by a factor FSCALE 10076(default 256). 10077.ip LA_FLOAT 10078The kernel stores the load average in the kernel as an array of 10079double precision floats. 10080.ip LA_MACH 10081Use MACH-style load averages. 10082.ip LA_SUBR 10083Call the 10084.i getloadavg 10085routine to get the load average as an array of doubles. 10086.ip LA_ZERO 10087Always return zero as the load average. 10088This is the fallback case. 10089.lp 10090If type 10091.sm LA_INT , 10092.sm LA_SHORT , 10093or 10094.sm LA_FLOAT 10095is specified, 10096you may also need to specify 10097.sm _PATH_UNIX 10098(the path to your system binary) 10099and 10100.sm LA_AVENRUN 10101(the name of the variable containing the load average in the kernel; 10102usually 10103.q _avenrun 10104or 10105.q avenrun ). 10106.sh 2 "Configuration in sendmail/conf.c" 10107.pp 10108The following changes can be made in conf.c. 10109.sh 3 "Built-in Header Semantics" 10110.pp 10111Not all header semantics are defined in the configuration file. 10112Header lines that should only be included by certain mailers 10113(as well as other more obscure semantics) 10114must be specified in the 10115.i HdrInfo 10116table in 10117.i conf.c . 10118This table contains the header name 10119(which should be in all lower case) 10120and a set of header control flags (described below), 10121The flags are: 10122.ip H_ACHECK 10123Normally when the check is made to see if a header line is compatible 10124with a mailer, 10125.i sendmail 10126will not delete an existing line. 10127If this flag is set, 10128.i sendmail 10129will delete 10130even existing header lines. 10131That is, 10132if this bit is set and the mailer does not have flag bits set 10133that intersect with the required mailer flags 10134in the header definition in 10135sendmail.cf, 10136the header line is 10137.i always 10138deleted. 10139.ip H_EOH 10140If this header field is set, 10141treat it like a blank line, 10142i.e., 10143it will signal the end of the header 10144and the beginning of the message text. 10145.ip H_FORCE 10146Add this header entry 10147even if one existed in the message before. 10148If a header entry does not have this bit set, 10149.i sendmail 10150will not add another header line if a header line 10151of this name already existed. 10152This would normally be used to stamp the message 10153by everyone who handled it. 10154.ip H_TRACE 10155If set, 10156this is a timestamp 10157(trace) 10158field. 10159If the number of trace fields in a message 10160exceeds a preset amount 10161the message is returned 10162on the assumption that it has an aliasing loop. 10163.ip H_RCPT 10164If set, 10165this field contains recipient addresses. 10166This is used by the 10167.b \-t 10168flag to determine who to send to 10169when it is collecting recipients from the message. 10170.ip H_FROM 10171This flag indicates that this field 10172specifies a sender. 10173The order of these fields in the 10174.i HdrInfo 10175table specifies 10176.i sendmail 's 10177preference 10178for which field to return error messages to. 10179.ip H_ERRORSTO 10180Addresses in this header should receive error messages. 10181.ip H_CTE 10182This header is a Content-Transfer-Encoding header. 10183.ip H_CTYPE 10184This header is a Content-Type header. 10185.ip H_STRIPVAL 10186Strip the value from the header (for Bcc:). 10187.nr ii 5n 10188.lp 10189Let's look at a sample 10190.i HdrInfo 10191specification: 10192.(b 10193.ta 4n +\w'"content-transfer-encoding", 'u 10194struct hdrinfo HdrInfo[] = 10195\&{ 10196 /* originator fields, most to least significant / 10197* "resent-sender", H_FROM, 10198 "resent-from", H_FROM, 10199 "sender", H_FROM, 10200 "from", H_FROM, 10201 "full-name", H_ACHECK, 10202 "errors-to", H_FROM\^\|\^H_ERRORSTO, 10203 /* destination fields / 10204* "to", H_RCPT, 10205 "resent-to", H_RCPT, 10206 "cc", H_RCPT, 10207 "bcc", H_RCPT\^\|\^H_STRIPVAL, 10208 /* message identification and control / 10209* "message", H_EOH, 10210 "text", H_EOH, 10211 /* trace fields / 10212* "received", H_TRACE\^\|\^H_FORCE, 10213 /* miscellaneous fields / 10214* "content-transfer-encoding", H_CTE, 10215 "content-type", H_CTYPE, 10216 10217 NULL, 0, 10218}; 10219.)b 10220This structure indicates that the 10221.q To: , 10222.q Resent-To: , 10223and 10224.q Cc: 10225fields 10226all specify recipient addresses. 10227Any 10228.q Full-Name: 10229field will be deleted unless the required mailer flag 10230(indicated in the configuration file) 10231is specified. 10232The 10233.q Message: 10234and 10235.q Text: 10236fields will terminate the header; 10237these are used by random dissenters around the network world. 10238The 10239.q Received: 10240field will always be added, 10241and can be used to trace messages. 10242.pp 10243There are a number of important points here. 10244First, 10245header fields are not added automatically just because they are in the 10246.i HdrInfo 10247structure; 10248they must be specified in the configuration file 10249in order to be added to the message. 10250Any header fields mentioned in the configuration file but not 10251mentioned in the 10252.i HdrInfo 10253structure have default processing performed; 10254that is, 10255they are added unless they were in the message already. 10256Second, 10257the 10258.i HdrInfo 10259structure only specifies cliched processing; 10260certain headers are processed specially by ad hoc code 10261regardless of the status specified in 10262.i HdrInfo . 10263For example, 10264the 10265.q Sender: 10266and 10267.q From: 10268fields are always scanned on ARPANET mail 10269to determine the sender\*; 10270.(f 10271\Actually, this is no longer true in SMTP; 10272this information is contained in the envelope. 10273The older ARPANET protocols did not completely distinguish 10274envelope from header. 10275.)f 10276this is used to perform the 10277.q "return to sender" 10278function. 10279The 10280.q "From:" 10281and 10282.q "Full-Name:" 10283fields are used to determine the full name of the sender 10284if possible; 10285this is stored in the macro 10286.b $x 10287and used in a number of ways. 10288.sh 3 "Restricting Use of Email" 10289.pp 10290If it is necessary to restrict mail through a relay, 10291the 10292.i checkcompat 10293routine can be modified. 10294This routine is called for every recipient address. 10295It returns an exit status 10296indicating the status of the message. 10297The status 10298.sm EX_OK 10299accepts the address, 10300.sm EX_TEMPFAIL 10301queues the message for a later try, 10302and other values 10303(commonly 10304.sm EX_UNAVAILABLE ) 10305reject the message. 10306It is up to 10307.i checkcompat 10308to print an error message 10309(using 10310.i usrerr ) 10311if the message is rejected. 10312For example, 10313.i checkcompat 10314could read: 10315.(b 10316.re 10317.sz -1 10318.ta 4n +4n +4n +4n +4n +4n +4n 10319int 10320checkcompat(to, e) 10321* register ADDRESS to; 10322* register ENVELOPE e; 10323\&{ 10324* register STAB s; 10325* 10326 s = stab("private", ST_MAILER, ST_FIND); 10327 if (s != NULL && e\->e_from.q_mailer != LocalMailer && 10328 to->q_mailer == s->s_mailer) 10329 { 10330 usrerr("No private net mail allowed through this machine"); 10331 return (EX_UNAVAILABLE); 10332 } 10333 if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer)) 10334 { 10335 usrerr("Message too large for non-local delivery"); 10336 e\->e_flags \|= EF_NORETURN; 10337 return (EX_UNAVAILABLE); 10338 } 10339 return (EX_OK); 10340} 10341.sz 10342.)b 10343This would reject messages greater than 50000 bytes 10344unless they were local. 10345The 10346.i EF_NORETURN 10347flag can be set in 10348.i e\(->e_flags 10349to suppress the return of the actual body 10350of the message in the error return. 10351The actual use of this routine is highly dependent on the 10352implementation, 10353and use should be limited. 10354.sh 3 "New Database Map Classes" 10355.pp 10356New key maps can be added by creating a class initialization function 10357and a lookup function. 10358These are then added to the routine 10359.i setupmaps. 10360.pp 10361The initialization function is called as 10362.(b 10363\fIxxx\fP_map_init(MAP map, char args) 10364.)b 10365The 10366.i map 10367is an internal data structure. 10368The 10369.i args 10370is a pointer to the portion of the configuration file line 10371following the map class name; 10372flags and filenames can be extracted from this line. 10373The initialization function must return 10374.sm true 10375if it successfully opened the map, 10376.sm false 10377otherwise. 10378.pp 10379The lookup function is called as 10380.(b 10381\fIxxx\fP_map_lookup(MAP map, char buf[], char av, int statp) 10382.)b 10383The 10384.i map 10385defines the map internally. 10386The 10387.i buf 10388has the input key. 10389This may be (and often is) used destructively. 10390The 10391.i av 10392is a list of arguments passed in from the rewrite line. 10393The lookup function should return a pointer to the new value. 10394If the map lookup fails, 10395.i statp 10396should be set to an exit status code; 10397in particular, it should be set to 10398.sm EX_TEMPFAIL 10399if recovery is to be attempted by the higher level code. 10400.sh 3 "Queueing Function" 10401.pp 10402The routine 10403.i shouldqueue 10404is called to decide if a message should be queued 10405or processed immediately. 10406Typically this compares the message priority to the current load average. 10407The default definition is: 10408.(b 10409bool 10410shouldqueue(pri, ctime) 10411* long pri; 10412 time_t ctime; 10413{ 10414 if (CurrentLA < QueueLA) 10415 return false; 10416 return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1))); 10417} 10418.)b 10419If the current load average 10420(global variable 10421.i CurrentLA , 10422which is set before this function is called) 10423is less than the low threshold load average 10424(option 10425.b x , 10426variable 10427.i QueueLA ), 10428.i shouldqueue 10429returns 10430.sm false 10431immediately 10432(that is, it should 10433.i not 10434queue). 10435If the current load average exceeds the high threshold load average 10436(option 10437.b X , 10438variable 10439.i RefuseLA ), 10440.i shouldqueue 10441returns 10442.sm true 10443immediately. 10444Otherwise, it computes the function based on the message priority, 10445the queue factor 10446(option 10447.b q , 10448global variable 10449.i QueueFactor ), 10450and the current and threshold load averages. 10451.pp 10452An implementation wishing to take the actual age of the message into account 10453can also use the 10454.i ctime 10455parameter, 10456which is the time that the message was first submitted to 10457.i sendmail . 10458Note that the 10459.i pri 10460parameter is already weighted 10461by the number of times the message has been tried 10462(although this tends to lower the priority of the message with time); 10463the expectation is that the 10464.i ctime 10465would be used as an 10466.q "escape clause" 10467to ensure that messages are eventually processed. 10468.sh 3 "Refusing Incoming SMTP Connections" 10469.pp 10470The function 10471.i refuseconnections 10472returns 10473.sm true 10474if incoming SMTP connections should be refused. 10475The current implementation is based exclusively on the current load average 10476and the refuse load average option 10477(option 10478.b X , 10479global variable 10480.i RefuseLA ): 10481.(b 10482bool 10483refuseconnections() 10484{ 10485 return (RefuseLA > 0 && CurrentLA >= RefuseLA); 10486} 10487.)b 10488A more clever implementation 10489could look at more system resources. 10490.sh 3 "Load Average Computation" 10491.pp 10492The routine 10493.i getla 10494returns the current load average (as a rounded integer). 10495The distribution includes several possible implementations. 10496If you are porting to a new environment 10497you may need to add some new tweaks.\** 10498.(f 10499\*If you do, please send updates to 10500sendmail@Sendmail.ORG. 10501.)f 10502.sh 2 "Configuration in sendmail/daemon.c" 10503.pp 10504The file 10505.i sendmail/daemon.c 10506contains a number of routines that are dependent 10507on the local networking environment. 10508The version supplied assumes you have BSD style sockets. 10509.pp 10510In previous releases, 10511we recommended that you modify the routine 10512.i maphostname 10513if you wanted to generalize 10514.b $[ 10515\&...\& 10516.b $] 10517lookups. 10518We now recommend that you create a new keyed map instead. 10519.sh 2 "LDAP" 10520.pp 10521In this section we assume that 10522.i sendmail 10523has been compiled with support for LDAP. 10524.sh 3 "LDAP Recursion" 10525.pp 10526LDAP Recursion allows you to add types to the search attributes on an 10527LDAP map specification. 10528The syntax is: 10529.ip "\-v \fIATTRIBUTE\fP[:\fITYPE\fP[:\fIOBJECTCLASS\fP[\|\fIOBJECTCLASS\fP\|...]]] 10530.pp 10531The new \fITYPE\fPs are: 10532.nr ii 1i 10533.ip NORMAL 10534This attribute type specifies the attribute to add to the results string. 10535This is the default. 10536.ip DN 10537Any matches for this attribute are expected to have a value of a 10538fully qualified distinguished name. 10539.i sendmail 10540will lookup that DN and apply the attributes requested to the 10541returned DN record. 10542.ip FILTER 10543Any matches for this attribute are expected to have a value of an 10544LDAP search filter. 10545.i sendmail 10546will perform a lookup with the same parameters as the original 10547search but replaces the search filter with the one specified here. 10548.ip URL 10549Any matches for this attribute are expected to have a value of an LDAP URL. 10550.i sendmail 10551will perform a lookup of that URL and use the results from the attributes 10552named in that URL. 10553Note however that the search is done using the current LDAP connection, 10554regardless of what is specified as the scheme, LDAP host, and LDAP 10555port in the LDAP URL. 10556.lp 10557Any untyped attributes are considered 10558.sm NORMAL 10559attributes as described above. 10560.pp 10561The optional \fIOBJECTCLASS\fP (\| separated) list contains the 10562objectClass values for which that attribute applies. 10563If the list is given, 10564the attribute named will only be used if the LDAP record being returned is a 10565member of that object class. 10566Note that if these new value attribute \fITYPE\fPs are used in an 10567AliasFile 10568option setting, it will need to be double quoted to prevent 10569.i sendmail 10570from misparsing the colons. 10571.pp 10572Note that LDAP recursion attributes which do not ultimately point to an 10573LDAP record are not considered an error. 10574.sh 4 "Example" 10575.pp 10576Since examples usually help clarify, here is an example which uses all 10577four of the new types: 10578.(b 10579O LDAPDefaultSpec=-h ldap.example.com -b dc=example,dc=com 10580* 10581Kexample ldap 10582 -z, 10583 -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0)) 10584 -v sendmailMTAAliasValue,mail:NORMAL:inetOrgPerson, 10585 uniqueMember:DN:groupOfUniqueNames, 10586 sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject, 10587 sendmailMTAAliasURL:URL:sendmailMTAAliasObject 10588.)b 10589.pp 10590That definition specifies that: 10591.bu 10592Any value in a 10593.sm sendmailMTAAliasValue 10594attribute will be added to the result string regardless of object class. 10595.bu 10596The 10597.sm mail 10598attribute will be added to the result string if 10599the LDAP record is a member of the 10600.sm inetOrgPerson 10601object class. 10602.bu 10603The 10604.sm uniqueMember 10605attribute is a recursive attribute, used only in 10606.sm groupOfUniqueNames 10607records, and should contain an LDAP DN pointing to another LDAP record. 10608The desire here is to return the 10609.sm mail 10610attribute from those DNs. 10611.bu 10612The 10613.sm sendmailMTAAliasSearch 10614attribute and 10615.sm sendmailMTAAliasURL 10616are both used only if referenced in a 10617.sm sendmailMTAAliasObject . 10618They are both recursive, the first for a new LDAP search string and the 10619latter for an LDAP URL. 10620.sh 2 "STARTTLS" 10621.pp 10622In this section we assume that 10623.i sendmail 10624has been compiled with support for STARTTLS. 10625To properly understand the use of STARTTLS in 10626.i sendmail , 10627it is necessary to understand at least some basics about X.509 certificates 10628and public key cryptography. 10629This information can be found in books about SSL/TLS 10630or on WWW sites, e.g., 10631.q http://www.OpenSSL.org/ . 10632.sh 3 "Certificates for STARTTLS" 10633.pp 10634When acting as a server, 10635.i sendmail 10636requires X.509 certificates to support STARTTLS: 10637one as certificate for the server (ServerCertFile and corresponding 10638private ServerKeyFile) 10639at least one root CA (CACertFile), 10640i.e., a certificate that is used to sign other certificates, 10641and a path to a directory which contains other CAs (CACertPath). 10642The file specified via 10643CACertFile 10644can contain several certificates of CAs. 10645The DNs of these certificates are sent 10646to the client during the TLS handshake (as part of the 10647CertificateRequest) as the list of acceptable CAs. 10648However, do not list too many root CAs in that file, otherwise 10649the TLS handshake may fail; e.g., 10650.(b 10651error:14094417:SSL routines:SSL3_READ_BYTES: 10652sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47 10653.)b 10654You should probably put only the CA cert into that file 10655that signed your own cert(s), or at least only those you trust. 10656The CACertPath directory must contain the hashes of each CA certificate 10657as filenames (or as links to them). 10658Symbolic links can be generated with the following 10659two (Bourne) shell commands: 10660.(b 10661C=FileName_of_CA_Certificate 10662ln -s $C `openssl x509 -noout -hash < $C`.0 10663.)b 10664An X.509 certificate is also required for authentication in client mode 10665(ClientCertFile and corresponding private ClientKeyFile), however, 10666.i sendmail 10667will always use STARTTLS when offered by a server. 10668The client and server certificates can be identical. 10669Certificates can be obtained from a certificate authority 10670or created with the help of OpenSSL. 10671The required format for certificates and private keys is PEM. 10672To allow for automatic startup of sendmail, private keys 10673(ServerKeyFile, ClientKeyFile) 10674must be stored unencrypted. 10675The keys are only protected by the permissions of the file system. 10676Never make a private key available to a third party. 10677.sh 3 "PRNG for STARTTLS" 10678.pp 10679STARTTLS requires a strong pseudo random number generator (PRNG) 10680to operate properly. 10681Depending on the TLS library you use, it may be required to explicitly 10682initialize the PRNG with random data. 10683OpenSSL makes use of 10684.b /dev/urandom(4) 10685if available (this corresponds to the compile flag HASURANDOMDEV). 10686On systems which lack this support, a random file must be specified in the 10687.i sendmail.cf 10688file using the option RandFile. 10689It is 10690.b strongly 10691advised to use the "Entropy Gathering Daemon" EGD 10692from Brian Warner on those systems to provide useful random data. 10693In this case, 10694.i sendmail 10695must be compiled with the flag EGD, and the 10696RandFile option must point to the EGD socket. 10697If neither 10698.b /dev/urandom(4) 10699nor EGD are available, you have to make sure 10700that useful random data is available all the time in RandFile. 10701If the file hasn't been modified in the last 10 minutes before 10702it is supposed to be used by 10703.i sendmail 10704the content is considered obsolete. 10705One method for generating this file is: 10706.(b 10707openssl rand -out /etc/mail/randfile -rand \c 10708.i /path/to/file:... \c 10709256 10710.)b 10711See the OpenSSL documentation for more information. 10712In this case, the PRNG for TLS is only 10713seeded with other random data if the 10714.b DontBlameSendmail 10715option 10716.b InsufficientEntropy 10717is set. 10718This is most likely not sufficient for certain actions, e.g., 10719generation of (temporary) keys. 10720.pp 10721Please see the OpenSSL documentation or other sources 10722for further information about certificates, their creation and their usage, 10723the importance of a good PRNG, and other aspects of TLS. 10724.sh 2 "Encoding of STARTTLS and AUTH related Macros" 10725.pp 10726Macros that contain STARTTLS and AUTH related data which comes from outside 10727sources, e.g., all macros containing information from certificates, 10728are encoded to avoid problems with non-printable or special characters. 10729The latter are '\\', '<', '>', '(', ')', '"', '+', and ' '. 10730All of these characters are replaced by their value in hexadecimal 10731with a leading '+'. 10732For example: 10733.(b 10734/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/ 10735Email=darth+cert@endmail.org 10736.)b 10737is encoded as: 10738.(b 10739/C=US/ST=California/O=endmail.org/OU=private/ 10740CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 10741.)b 10742(line breaks have been inserted for readability). 10743The macros which are subject to this encoding are 10744{cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer}, 10745as well as 10746{auth_authen} and {auth_author}. 10747.sh 1 "ACKNOWLEDGEMENTS" 10748.pp 10749I've worked on 10750.i sendmail 10751for many years, 10752and many employers have been remarkably patient 10753about letting me work on a large project 10754that was not part of my official job. 10755This includes time on the INGRES Project at 10756the University of California at Berkeley, 10757at Britton Lee, 10758and again on the Mammoth and Titan Projects at Berkeley. 10759.pp 10760Much of the second wave of improvements 10761resulting in version 8.1 10762should be credited to Bryan Costales of the 10763International Computer Science Institute. 10764As he passed me drafts of his book on 10765.i sendmail 10766I was inspired to start working on things again. 10767Bryan was also available to bounce ideas off of. 10768.pp 10769Gregory Neil Shapiro 10770of Worcester Polytechnic Institute 10771has become instrumental in all phases of 10772.i sendmail 10773support and development, 10774and was largely responsible for getting versions 8.8 and 8.9 10775out the door. 10776.pp 10777Many, many people contributed chunks of code and ideas to 10778.i sendmail . 10779It has proven to be a group network effort. 10780Version 8 in particular was a group project. 10781The following people and organizations made notable contributions: 10782.(l 10783Claus Assmann 10784John Beck, Hewlett-Packard & Sun Microsystems 10785Keith Bostic, CSRG, University of California, Berkeley 10786Andrew Cheng, Sun Microsystems 10787Michael J. Corrigan, University of California, San Diego 10788Bryan Costales, International Computer Science Institute & InfoBeat 10789Pa\:r (Pell) Emanuelsson 10790Craig Everhart, Transarc Corporation 10791Per Hedeland, Ericsson 10792Tom Ivar Helbekkmo, Norwegian School of Economics 10793Kari Hurtta, Finnish Meteorological Institute 10794Allan E. Johannesen, WPI 10795Jonathan Kamens, OpenVision Technologies, Inc. 10796Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd. 10797Brian Kantor, University of California, San Diego 10798John Kennedy, Cal State University, Chico 10799Murray S. Kucherawy, HookUp Communication Corp. 10800Bruce Lilly, Sony U.S. 10801Karl London 10802Motonori Nakamura, Ritsumeikan University & Kyoto University 10803John Gardiner Myers, Carnegie Mellon University 10804Neil Rickert, Northern Illinois University 10805Gregory Neil Shapiro, WPI 10806Eric Schnoebelen, Convex Computer Corp. 10807Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam 10808Randall Winchester, University of Maryland 10809Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris) 10810Exactis.com, Inc. 10811.)l 10812I apologize for anyone I have omitted, misspelled, misattributed, or 10813otherwise missed. 10814At this point, I suspect that at least a hundred people 10815have contributed code, 10816and many more have contributed ideas, comments, and encouragement. 10817I've tried to list them in the RELEASE_NOTES in the distribution directory. 10818I appreciate their contribution as well. 10819.pp 10820Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel, 10821who besides being wonderful guinea pigs and contributors 10822have also consented to be added to the ``sendmail@Sendmail.ORG'' list 10823and, by answering the bulk of the questions sent to that list, 10824have freed me up to do other work. 10825.++ A 10826.+c "COMMAND LINE FLAGS" 10827.ba 0 10828.nr ii 1i 10829.pp 10830Arguments must be presented with flags before addresses. 10831The flags are: 10832.ip \-A\fIx\fP 10833Select an alternative .cf file which is either 10834.i sendmail.cf 10835for 10836.b \-Am 10837or 10838.i submit.cf 10839for 10840.b \-Ac . 10841By default the .cf file is chosen based on the operation mode. 10842For 10843.b -bm 10844(default), 10845.b -bs , 10846and 10847.b -t 10848it is 10849.i submit.cf 10850if it exists, for all others it is 10851.i sendmail.cf . 10852.ip \-b\fIx\fP 10853Set operation mode to 10854.i x . 10855Operation modes are: 10856.(b 10857.ta 4n 10858m Deliver mail (default) 10859s Speak SMTP on input side 10860a\(dg ``Arpanet'' mode (get envelope sender information from header) 10861d Run as a daemon in background 10862D Run as a daemon in foreground 10863t Run in test mode 10864v Just verify addresses, don't collect or deliver 10865i Initialize the alias database 10866p Print the mail queue 10867P Print overview over the mail queue (requires shared memory) 10868h Print the persistent host status database 10869H Purge expired entries from the persistent host status database 10870.)b 10871.(f 10872\(dgDeprecated. 10873.)f 10874.ip \-B\fItype\fP 10875Indicate body type. 10876.ip \-C\fIfile\fP 10877Use a different configuration file. 10878.i Sendmail 10879runs as the invoking user (rather than root) 10880when this flag is specified. 10881.ip "\-D \fIlogfile\fP" 10882Send debugging output to the indicated 10883.i logfile 10884instead of stdout. 10885.ip \-d\fIlevel\fP 10886Set debugging level. 10887.ip "\-f\ \fIaddr\fP" 10888The envelope sender address is set to 10889.i addr . 10890This address may also be used in the From: header 10891if that header is missing during initial submission. 10892The envelope sender address is used as the recipient 10893for delivery status notifications 10894and may also appear in a Return-Path: header. 10895.ip \-F\ \fIname\fP 10896Sets the full name of this user to 10897.i name . 10898.ip \-G 10899When accepting messages via the command line, 10900indicate that they are for relay (gateway) submission. 10901sendmail may complain about syntactically invalid messages, 10902e.g., unqualified host names, 10903rather than fixing them when this flag is set. 10904sendmail will not do any canonicalization in this mode. 10905.ip "\-h\ \fIcnt\fP" 10906Sets the 10907.q "hop count" 10908to 10909.i cnt . 10910This represents the number of times this message has been processed 10911by 10912.i sendmail 10913(to the extent that it is supported by the underlying networks). 10914.i Cnt 10915is incremented during processing, 10916and if it reaches 10917MAXHOP 10918(currently 25) 10919.i sendmail 10920throws away the message with an error. 10921.ip "\-L \fItag\fP" 10922Sets the identifier used for syslog. 10923Note that this identifier is set 10924as early as possible. 10925However, 10926.i sendmail 10927may be used 10928if problems arise 10929before the command line arguments 10930are processed. 10931.ip \-n 10932Don't do aliasing or forwarding. 10933.ip "\-N \fInotifications\fP" 10934Tag all addresses being sent as wanting the indicated 10935.i notifications , 10936which consists of the word 10937.q NEVER 10938or a comma-separated list of 10939.q SUCCESS , 10940.q FAILURE , 10941and 10942.q DELAY 10943for successful delivery, 10944failure, 10945and a message that is stuck in a queue somewhere. 10946The default is 10947.q FAILURE,DELAY . 10948.ip "\-r\ \fIaddr\fP" 10949An obsolete form of 10950.b \-f . 10951.ip \-o\fIx\\|value\fP 10952Set option 10953.i x 10954to the specified 10955.i value . 10956These options are described in Section 5.6. 10957.ip \-O\fIoption\fP\fB=\fP\fIvalue\fP 10958Set 10959.i option 10960to the specified 10961.i value 10962(for long form option names). 10963These options are described in Section 5.6. 10964.ip \-M\fIx\\|value\fP 10965Set macro 10966.i x 10967to the specified 10968.i value . 10969.ip \-p\fIprotocol\fP 10970Set the sending protocol. 10971Programs are encouraged to set this. 10972The protocol field can be in the form 10973.i protocol \c 10974.b : \c 10975.i host 10976to set both the sending protocol and sending host. 10977For example, 10978.q \-pUUCP:uunet 10979sets the sending protocol to UUCP 10980and the sending host to uunet. 10981(Some existing programs use \-oM to set the r and s macros; 10982this is equivalent to using \-p.) 10983.ip \-q\fItime\fP 10984Try to process the queued up mail. 10985If the time is given, 10986a 10987.i sendmail 10988will start one or more processes to run through the queue(s) at the specified 10989time interval to deliver queued mail; otherwise, it only runs once. 10990Each of these processes acts on a workgroup. 10991These processes are also known as workgroup processes or WGP's for short. 10992Each workgroup is responsible for controlling the processing of one or 10993more queues; workgroups help manage the use of system resources by sendmail. 10994Each workgroup may have one or more children concurrently processing 10995queues depending on the setting of \fIMaxQueueChildren\fP. 10996.ip \-qp\fItime\fP 10997Similar to \-q with a time argument, 10998except that instead of periodically starting WGP's 10999sendmail starts persistent WGP's 11000that alternate between processing queues and sleeping. 11001The sleep time is specified by the time argument; it defaults to 1 second, 11002except that a WGP always sleeps at least 5 seconds if their queues were 11003empty in the previous run. 11004Persistent processes are managed by a queue control process (QCP). 11005The QCP is the parent process of the WGP's. 11006Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD) 11007or a special process (named Queue control) (when started without \-bd or \-bD). 11008If a persistent WGP ceases to be active for some reason 11009another WGP will be started by the QCP for the same workgroup 11010in most cases. When a persistent WGP has core dumped, the debug flag 11011\fIno_persistent_restart\fP is set or the specific persistent WGP has been 11012restarted too many times already then the WGP will not be started again 11013and a message will be logged to this effect. 11014To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate 11015signal should be sent to the QCP. The QCP will propagate the signal to all of 11016the WGP's and if appropriate restart the persistent WGP's. 11017.ip \-q\fIGname\fP 11018Run the jobs in the queue group 11019.i name 11020once. 11021.ip \-q[!]\fIXstring\fP 11022Run the queue once, 11023limiting the jobs to those matching 11024.i Xstring . 11025The key letter 11026.i X 11027can be 11028.b I 11029to limit based on queue identifier, 11030.b R 11031to limit based on recipient, 11032.b S 11033to limit based on sender, 11034or 11035.b Q 11036to limit based on quarantine reason for quarantined jobs. 11037A particular queued job is accepted if one of the corresponding attributes 11038contains the indicated 11039.i string . 11040The optional ! character negates the condition tested. 11041Multiple 11042.i \-q\fIX\fP 11043flags are permitted, 11044with items with the same key letter 11045.q or'ed 11046together, and items with different key letters 11047.q and'ed 11048together. 11049.ip "\-Q[reason]" 11050Quarantine a normal queue items with the given reason or 11051unquarantine quarantined queue items if no reason is given. 11052This should only be used with some sort of item matching using 11053.b \-q[!]\fIXstring\fP 11054as described above. 11055.ip "\-R ret" 11056What information you want returned if the message bounces; 11057.i ret 11058can be 11059.q HDRS 11060for headers only or 11061.q FULL 11062for headers plus body. 11063This is a request only; 11064the other end is not required to honor the parameter. 11065If 11066.q HDRS 11067is specified local bounces also return only the headers. 11068.ip \-t 11069Read the header for 11070.q To: , 11071.q Cc: , 11072and 11073.q Bcc: 11074lines, and send to everyone listed in those lists. 11075The 11076.q Bcc: 11077line will be deleted before sending. 11078Any addresses in the argument vector will be deleted 11079from the send list. 11080.ip "\-V envid" 11081The indicated 11082.i envid 11083is passed with the envelope of the message 11084and returned if the message bounces. 11085.ip "\-X \fIlogfile\fP" 11086Log all traffic in and out of 11087.i sendmail 11088in the indicated 11089.i logfile 11090for debugging mailer problems. 11091This produces a lot of data very quickly and should be used sparingly. 11092.pp 11093There are a number of options that may be specified as 11094primitive flags. 11095These are the e, i, m, and v options. 11096Also, 11097the f option 11098may be specified as the 11099.b \-s 11100flag. 11101The DSN related options 11102.q "\-N" , 11103.q "\-R" , 11104and 11105.q "\-V" 11106have no effects on 11107.i sendmail 11108running as daemon. 11109.+c "QUEUE FILE FORMATS" 11110.pp 11111This appendix describes the format of the queue files. 11112These files live in a queue directory. 11113The individual qf, hf, Qf, df, and xf files 11114may be stored in separate 11115.i qf/ , 11116.i df/ , 11117and 11118.i xf/ 11119subdirectories 11120if they are present in the queue directory. 11121.pp 11122All queue files have the name 11123.i ttYMDhmsNNppppp 11124where 11125.i YMDhmsNNppppp 11126is the 11127.i id 11128for this message 11129and the 11130.i tt 11131is a type. 11132The individual letters in the 11133.i id 11134are: 11135.nr ii 0.5i 11136.ip Y 11137Encoded year 11138.ip M 11139Encoded month 11140.ip D 11141Encoded day 11142.ip h 11143Encoded hour 11144.ip m 11145Encoded minute 11146.ip s 11147Encoded second 11148.ip NN 11149Encoded envelope number 11150.ip ppppp 11151At least five decimal digits of the process ID 11152.pp 11153All files with the same id collectively define one message. 11154Due to the use of memory-buffered files, 11155some of these files may never appear on disk. 11156.pp 11157The types are: 11158.nr ii 0.5i 11159.ip qf 11160The queue control file. 11161This file contains the information necessary to process the job. 11162.ip hf 11163The same as a queue control file, but for a quarantined queue job. 11164.ip df 11165The data file. 11166The message body (excluding the header) is kept in this file. 11167Sometimes the df file is not stored in the same directory as the qf file; 11168in this case, 11169the qf file contains a `d' record which names the queue directory 11170that contains the df file. 11171.ip tf 11172A temporary file. 11173This is an image of the 11174.b qf 11175file when it is being rebuilt. 11176It should be renamed to a 11177.b qf 11178file very quickly. 11179.ip xf 11180A transcript file, 11181existing during the life of a session 11182showing everything that happens 11183during that session. 11184Sometimes the xf file must be generated before a queue group has been selected; 11185in this case, 11186the xf file will be stored in a directory of the default queue group. 11187.ip Qf 11188A ``lost'' queue control file. 11189.i sendmail 11190renames a 11191.b qf 11192file to 11193.b Qf 11194if there is a severe (configuration) problem that cannot be solved without 11195human intervention. 11196Search the logfile for the queue file id to figure out what happened. 11197After you resolved the problem, you can rename the 11198.b Qf 11199file to 11200.b qf 11201and send it again. 11202.pp 11203The queue control file is structured as a series of lines 11204each beginning with a code letter. 11205The lines are as follows: 11206.ip V 11207The version number of the queue file format, 11208used to allow new 11209.i sendmail 11210binaries to read queue files created by older versions. 11211Defaults to version zero. 11212Must be the first line of the file if present. 11213For 8.12 the version number is 6. 11214.ip A 11215The information given by the AUTH= parameter of the 11216.q "MAIL FROM:" 11217command or $f@$j 11218if sendmail has been called directly. 11219.ip H 11220A header definition. 11221There may be any number of these lines. 11222The order is important: 11223they represent the order in the final message. 11224These use the same syntax 11225as header definitions in the configuration file. 11226.ip C 11227The controlling address. 11228The syntax is 11229.q localuser:aliasname . 11230Recipient addresses following this line 11231will be flagged so that deliveries will be run as the 11232.i localuser 11233(a user name from the /etc/passwd file); 11234.i aliasname 11235is the name of the alias that expanded to this address 11236(used for printing messages). 11237.ip q 11238The quarantine reason for quarantined queue items. 11239.ip Q 11240The ``original recipient'', 11241specified by the ORCPT= field in an ESMTP transaction. 11242Used exclusively for Delivery Status Notifications. 11243It applies only to the following `R' line. 11244.ip r 11245The ``final recipient'' 11246used for Delivery Status Notifications. 11247It applies only to the following `R' line. 11248.ip R 11249A recipient address. 11250This will normally be completely aliased, 11251but is actually realiased when the job is processed. 11252There will be one line for each recipient. 11253Version 1 qf files 11254also include a leading colon-terminated list of flags, 11255which can be 11256`S' to return a message on successful final delivery, 11257`F' to return a message on failure, 11258`D' to return a message if the message is delayed, 11259`B' to indicate that the body should be returned, 11260`N' to suppress returning the body, 11261and 11262`P' to declare this as a ``primary'' (command line or SMTP-session) address. 11263.ip S 11264The sender address. 11265There may only be one of these lines. 11266.ip T 11267The job creation time. 11268This is used to compute when to time out the job. 11269.ip P 11270The current message priority. 11271This is used to order the queue. 11272Higher numbers mean lower priorities. 11273The priority changes 11274as the message sits in the queue. 11275The initial priority depends on the message class 11276and the size of the message. 11277.ip M 11278A message. 11279This line is printed by the 11280.i mailq 11281command, 11282and is generally used to store status information. 11283It can contain any text. 11284.ip F 11285Flag bits, represented as one letter per flag. 11286Defined flag bits are 11287.b r 11288indicating that this is a response message 11289and 11290.b w 11291indicating that a warning message has been sent 11292announcing that the mail has been delayed. 11293Other flag bits are: 11294.b 8 : 11295the body contains 8bit data, 11296.b b : 11297a Bcc: header should be removed, 11298.b d : 11299the mail has RET parameters (see RFC 1894), 11300.b n : 11301the body of the message should not be returned 11302in case of an error, 11303.b s : 11304the envelope has been split. 11305.ip N 11306The total number of delivery attempts. 11307.ip K 11308The time (as seconds since January 1, 1970) 11309of the last delivery attempt. 11310.ip d 11311If the df file is in a different directory than the qf file, 11312then a `d' record is present, 11313specifying the directory in which the df file resides. 11314.ip I 11315The i-number of the data file; 11316this can be used to recover your mail queue 11317after a disastrous disk crash. 11318.ip $ 11319A macro definition. 11320The values of certain macros 11321are passed through to the queue run phase. 11322.ip B 11323The body type. 11324The remainder of the line is a text string defining the body type. 11325If this field is missing, 11326the body type is assumed to be 11327.q "undefined" 11328and no special processing is attempted. 11329Legal values are 11330.q 7BIT 11331and 11332.q 8BITMIME . 11333.ip Z 11334The original envelope id (from the ESMTP transaction). 11335For Deliver Status Notifications only. 11336.pp 11337As an example, 11338the following is a queue file sent to 11339.q eric@mammoth.Berkeley.EDU 11340and 11341.q bostic@okeeffe.CS.Berkeley.EDU \: 11342.(f 11343\This example is contrived and probably inaccurate for your environment. 11344Glance over it to get an idea; 11345nothing can replace looking at what your own system generates. 11346.)f 11347.(b 11348V4 11349T711358135 11350K904446490 11351N0 11352P2100941 11353$_eric@localhost 11354${daemon_flags} 11355Seric 11356Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU 11357RPFD:eric@mammoth.Berkeley.EDU 11358RPFD:bostic@okeeffe.CS.Berkeley.EDU 11359H?P?Return-path: <^g> 11360H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703; 11361* Fri, 17 Jul 1992 00:28:55 -0700 11362H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7) 11363 id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700 11364H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5) 11365 id AA22777; Fri, 17 Jul 1992 03:29:14 -0400 11366H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C) 11367 id AA22757; Fri, 17 Jul 1992 09:31:25 GMT 11368H?F?From: eric@foo.bar.baz.de (Eric Allman) 11369H?x?Full-name: Eric Allman 11370H??Message-id: <9207170931.AA22757@foo.bar.baz.de> 11371H??To: sendmail@vangogh.CS.Berkeley.EDU 11372H??Subject: this is an example message 11373.)b 11374This shows 11375the person who sent the message, 11376the submission time 11377(in seconds since January 1, 1970), 11378the message priority, 11379the message class, 11380the recipients, 11381and the headers for the message. 11382.+c "SUMMARY OF SUPPORT FILES" 11383.pp 11384This is a summary of the support files 11385that 11386.i sendmail 11387creates or generates. 11388Many of these can be changed by editing the sendmail.cf file; 11389check there to find the actual pathnames. 11390.nr ii 1i 11391.ip "/usr/\(SD/sendmail" 11392The binary of 11393.i sendmail . 11394.ip /usr/\(SB/newaliases 11395A link to /usr/\(SD/sendmail; 11396causes the alias database to be rebuilt. 11397Running this program is completely equivalent to giving 11398.i sendmail 11399the 11400.b \-bi 11401flag. 11402.ip /usr/\(SB/mailq 11403Prints a listing of the mail queue. 11404This program is equivalent to using the 11405.b \-bp 11406flag to 11407.i sendmail . 11408.ip /etc/mail/sendmail.cf 11409The configuration file, 11410in textual form. 11411.ip /etc/mail/helpfile 11412The SMTP help file. 11413.ip /etc/mail/statistics 11414A statistics file; need not be present. 11415.ip /etc/mail/sendmail.pid 11416Created in daemon mode; 11417it contains the process id of the current SMTP daemon. 11418If you use this in scripts; 11419use ``head \-1'' to get just the first line; 11420the second line contains the command line used to invoke the daemon, 11421and later versions of 11422.i sendmail 11423may add more information to subsequent lines. 11424.ip /etc/mail/aliases 11425The textual version of the alias file. 11426.ip /etc/mail/aliases.db 11427The alias file in 11428.i hash \\|(3) 11429format. 11430.ip /etc/mail/aliases.{pag,dir} 11431The alias file in 11432.i ndbm \\|(3) 11433format. 11434.ip /var/spool/mqueue 11435The directory in which the mail queue(s) 11436and temporary files reside. 11437.ip /var/spool/mqueue/qf* 11438Control (queue) files for messages. 11439.ip /var/spool/mqueue/df* 11440Data files. 11441.ip /var/spool/mqueue/tf* 11442Temporary versions of the qf files, 11443used during queue file rebuild. 11444.ip /var/spool/mqueue/xf* 11445A transcript of the current session. 11446.if o \ 11447\{\ 11448. bp 11449. rs 11450. sp \|4i 11451. ce 2 11452This page intentionally left blank; 11453replace it with a blank sheet for double-sided output. 11454.\} 11455.\".ro 11456.\".ls 1 11457.\".tp 11458.\".sp 2i 11459.\".in 0 11460.\".ce 100 11461.\".sz 24 11462.\".b SENDMAIL 11463.\".sz 14 11464.\".sp 11465.\"INSTALLATION AND OPERATION GUIDE 11466.\".sp 11467.\".sz 10 11468.\"Eric Allman 11469.\".sp	7547.ip MustQuoteChars=\fIs\fP 7548[no short name] 7549Sets the list of characters that must be quoted if used in a full name 7550that is in the phrase part of a ``phrase <address>'' syntax. 7551The default is ``\'.''. 7552The characters ``@,;:\e()[]'' are always added to this list. 7553.ip NiceQueueRun 7554[no short name] 7555The priority of queue runners (nice(3)). 7556This value must be greater or equal zero. 7557.ip NoRecipientAction 7558[no short name] 7559The action to take when you receive a message that has no valid 7560recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em 7561the last included for back compatibility with old 7562.i sendmail s). 7563It can be 7564.b None 7565to pass the message on unmodified, 7566which violates the protocol, 7567.b Add-To 7568to add a To: header with any recipients it can find in the envelope 7569(which might expose Bcc: recipients), 7570.b Add-Apparently-To 7571to add an Apparently-To: header 7572(this is only for back-compatibility 7573and is officially deprecated), 7574.b Add-To-Undisclosed 7575to add a header 7576.q "To: undisclosed-recipients:;" 7577to make the header legal without disclosing anything, 7578or 7579.b Add-Bcc 7580to add an empty Bcc: header. 7581.ip OldStyleHeaders 7582[o] 7583Assume that the headers may be in old format, 7584i.e., 7585spaces delimit names. 7586This actually turns on 7587an adaptive algorithm: 7588if any recipient address contains a comma, parenthesis, 7589or angle bracket, 7590it will be assumed that commas already exist. 7591If this flag is not on, 7592only commas delimit names. 7593Headers are always output with commas between the names. 7594Defaults to off. 7595.ip OperatorChars=\fIcharlist\fP 7596[$o macro] 7597The list of characters that are considered to be 7598.q operators , 7599that is, characters that delimit tokens. 7600All operator characters are tokens by themselves; 7601sequences of non-operator characters are also tokens. 7602White space characters separate tokens 7603but are not tokens themselves \(em for example, 7604.q AAA.BBB 7605has three tokens, but 7606.q "AAA BBB" 7607has two. 7608If not set, OperatorChars defaults to 7609.q \&.\\|:\\|@\\|[\\|] ; 7610additionally, the characters 7611.q (\\|)\\|<\\|>\\|,\\|; 7612are always operators. 7613Note that OperatorChars must be set in the 7614configuration file before any rulesets. 7615.ip PidFile=\fIfilename\fP 7616[no short name] 7617Filename of the pid file. 7618(default is _PATH_SENDMAILPID). 7619The 7620.i filename 7621is macro-expanded before it is opened, and unlinked when 7622.i sendmail 7623exits. 7624.ip PostmasterCopy=\fIpostmaster\fP 7625[P] 7626If set, 7627copies of error messages will be sent to the named 7628.i postmaster . 7629Only the header of the failed message is sent. 7630Errors resulting from messages with a negative precedence will not be sent. 7631Since most errors are user problems, 7632this is probably not a good idea on large sites, 7633and arguably contains all sorts of privacy violations, 7634but it seems to be popular with certain operating systems vendors. 7635The address is macro expanded 7636at the time of delivery. 7637Defaults to no postmaster copies. 7638.ip PrivacyOptions=\fI\\|opt,opt,...\fP 7639[p] 7640Set the privacy 7641.i opt ions. 7642``Privacy'' is really a misnomer; 7643many of these are just a way of insisting on stricter adherence 7644to the SMTP protocol. 7645The 7646.i opt ions 7647can be selected from: 7648.(b 7649.ta \w'noactualrecipient'u+3n 7650public Allow open access 7651needmailhelo Insist on HELO or EHLO command before MAIL 7652needexpnhelo Insist on HELO or EHLO command before EXPN 7653noexpn Disallow EXPN entirely, implies noverb. 7654needvrfyhelo Insist on HELO or EHLO command before VRFY 7655novrfy Disallow VRFY entirely 7656noetrn Disallow ETRN entirely 7657noverb Disallow VERB entirely 7658restrictmailq Restrict mailq command 7659restrictqrun Restrict \-q command line flag 7660restrictexpand Restrict \-bv and \-v command line flags 7661noreceipts Don't return success DSNs\** 7662nobodyreturn Don't return the body of a message with DSNs 7663goaway Disallow essentially all SMTP status queries 7664authwarnings Put X-Authentication-Warning: headers in messages 7665 and log warnings 7666noactualrecipient Don't put X-Actual-Recipient lines in DSNs 7667 which reveal the actual account that addresses map to. 7668.)b 7669.(f 7670\*N.B.: 7671the 7672.b noreceipts 7673flag turns off support for RFC 1891 7674(Delivery Status Notification). 7675.)f 7676The 7677.q goaway 7678pseudo-flag sets all flags except 7679.q noreceipts , 7680.q restrictmailq , 7681.q restrictqrun , 7682.q restrictexpand , 7683.q noetrn , 7684and 7685.q nobodyreturn . 7686If mailq is restricted, 7687only people in the same group as the queue directory 7688can print the queue. 7689If queue runs are restricted, 7690only root and the owner of the queue directory 7691can run the queue. 7692The 7693.q restrictexpand 7694pseudo-flag instructs 7695.i sendmail 7696to drop privileges when the 7697.b \-bv 7698option is given by users who are neither root nor the TrustedUser 7699so users cannot read private aliases, forwards, or :include: files. 7700It will add the 7701.q NonRootSafeAddr 7702to the 7703.q DontBlameSendmail 7704option to prevent misleading unsafe address warnings. 7705It also overrides the 7706.b \-v 7707(verbose) command line option to prevent information leakage. 7708Authentication Warnings add warnings about various conditions 7709that may indicate attempts to spoof the mail system, 7710such as using a non-standard queue directory. 7711.ip ProcessTitlePrefix=\fIstring\fP 7712[no short name] 7713Prefix the process title shown on 'ps' listings with 7714.i string . 7715The 7716.i string 7717will be macro processed. 7718.ip QueueDirectory=\fIdir\fP 7719[Q] 7720The QueueDirectory option serves two purposes. 7721First, it specifies the directory or set of directories that comprise 7722the default queue group. 7723Second, it specifies the directory D which is the ancestor of all queue 7724directories, and which sendmail uses as its current working directory. 7725When sendmail dumps core, it leaves its core files in D. 7726There are two cases. 7727If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd\fR), 7728then all of the directories or symbolic links to directories 7729beginning with `qd' in 7730.i /var/spool/mqueue 7731will be used as queue directories of the default queue group, 7732and 7733.i /var/spool/mqueue 7734will be used as the working directory D. 7735Otherwise, 7736\fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR): 7737the default queue group consists of the single queue directory \fIdir\fR, 7738and the working directory D is set to \fIdir\fR. 7739To define additional groups of queue directories, 7740use the configuration file `Q' command. 7741Do not change the queue directory structure 7742while sendmail is running. 7743.ip QueueFactor=\fIfactor\fP 7744[q] 7745Use 7746.i factor 7747as the multiplier in the map function 7748to decide when to just queue up jobs rather than run them. 7749This value is divided by the difference between the current load average 7750and the load average limit 7751(\c 7752.b QueueLA 7753option) 7754to determine the maximum message priority 7755that will be sent. 7756Defaults to 600000. 7757.ip QueueLA=\fILA\fP 7758[x] 7759When the system load average exceeds 7760.i LA 7761and the 7762.b QueueFactor 7763(\c 7764.b q ) 7765option divided by the difference in the current load average and the 7766.b QueueLA 7767option plus one 7768is less than the priority of the message, 7769just queue messages 7770(i.e., don't try to send them). 7771Defaults to 8 multiplied by 7772the number of processors online on the system 7773(if that can be determined). 7774.ip QueueFileMode=\fImode\fP 7775[no short name] 7776Default permissions for queue files (octal). 7777If not set, sendmail uses 0600 unless its real 7778and effective uid are different in which case it uses 0644. 7779.ip QueueSortOrder=\fIalgorithm\fP 7780[no short name] 7781Sets the 7782.i algorithm 7783used for sorting the queue. 7784Only the first character of the value is used. 7785Legal values are 7786.q host 7787(to order by the name of the first host name of the first recipient), 7788.q filename 7789(to order by the name of the queue file name), 7790.q time 7791(to order by the submission/creation time), 7792.q random 7793(to order randomly), 7794.q modification 7795(to order by the modification time of the qf file (older entries first)), 7796.q none 7797(to not order), 7798and 7799.q priority 7800(to order by message priority). 7801Host ordering makes better use of the connection cache, 7802but may tend to process low priority messages 7803that go to a single host 7804over high priority messages that go to several hosts; 7805it probably shouldn't be used on slow network links. 7806Filename and modification time ordering saves the overhead of 7807reading all of the queued items 7808before starting the queue run. 7809Creation (submission) time ordering is almost always a bad idea, 7810since it allows large, bulk mail to go out 7811before smaller, personal mail, 7812but may have applicability on some hosts with very fast connections. 7813Random is useful if several queue runners are started by hand 7814which try to drain the same queue since odds are they will be working 7815on different parts of the queue at the same time. 7816Priority ordering is the default. 7817.ip QueueTimeout=\fItimeout\fP 7818[T] 7819A synonym for 7820.q Timeout.queuereturn . 7821Use that form instead of the 7822.q QueueTimeout 7823form. 7824.ip RandFile 7825[no short name] 7826Name of file containing random data or the name of the UNIX socket 7827if EGD is used. 7828A (required) prefix "egd:" or "file:" specifies the type. 7829STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set 7830(see sendmail/README). 7831.ip ResolverOptions=\fIoptions\fP 7832[I] 7833Set resolver options. 7834Values can be set using 7835.b + \c 7836.i flag 7837and cleared using 7838.b \- \c 7839.i flag ; 7840the 7841.i flag s 7842can be 7843.q debug , 7844.q aaonly , 7845.q usevc , 7846.q primary , 7847.q igntc , 7848.q recurse , 7849.q defnames , 7850.q stayopen , 7851.q use_inet6 , 7852or 7853.q dnsrch . 7854The string 7855.q HasWildcardMX 7856(without a 7857.b + 7858or 7859.b \- ) 7860can be specified to turn off matching against MX records 7861when doing name canonifications. 7862The string 7863.q WorkAroundBrokenAAAA 7864(without a 7865.b + 7866or 7867.b \- ) 7868can be specified to work around some broken nameservers 7869which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. 7870Notice: it might be necessary to apply the same (or similar) options to 7871.i submit.cf 7872too. 7873.ip RequiresDirfsync 7874[no short name] 7875This option can be used to override the compile time flag 7876.b REQUIRES_DIR_FSYNC 7877at runtime by setting it to 7878.sm false . 7879If the compile time flag is not set, the option is ignored. 7880The flag turns on support for file systems that require to call 7881.i fsync() 7882for a directory if the meta-data in it has been changed. 7883This should be turned on at least for older versions of ReiserFS; 7884it is enabled by default for Linux. 7885According to some information this flag is not needed 7886anymore for kernel 2.4.16 and newer. 7887.ip RrtImpliesDsn 7888[R] 7889If this option is set, a 7890.q Return-Receipt-To: 7891header causes the request of a DSN, which is sent to 7892the envelope sender as required by RFC 1891, 7893not to the address given in the header. 7894.ip RunAsUser=\fIuser\fP 7895[no short name] 7896The 7897.i user 7898parameter may be a user name 7899(looked up in 7900.i /etc/passwd ) 7901or a numeric user id; 7902either form can have 7903.q ":group" 7904attached 7905(where group can be numeric or symbolic). 7906If set to a non-zero (non-root) value, 7907.i sendmail 7908will change to this user id shortly after startup\*. 7909.(f 7910\When running as a daemon, 7911it changes to this user after accepting a connection 7912but before reading any 7913.sm SMTP 7914commands. 7915.)f 7916This avoids a certain class of security problems. 7917However, this means that all 7918.q \&.forward 7919and 7920.q :include: 7921files must be readable by the indicated 7922.i user 7923and all files to be written must be writable by 7924.i user 7925Also, all file and program deliveries will be marked unsafe 7926unless the option 7927.b DontBlameSendmail=NonRootSafeAddr 7928is set, 7929in which case the delivery will be done as 7930.i user . 7931It is also incompatible with the 7932.b SafeFileEnvironment 7933option. 7934In other words, it may not actually add much to security on an average system, 7935and may in fact detract from security 7936(because other file permissions must be loosened). 7937However, it should be useful on firewalls and other 7938places where users don't have accounts and the aliases file is 7939well constrained. 7940.ip RecipientFactor=\fIfact\fP 7941[y] 7942The indicated 7943.i fact or 7944is added to the priority (thus 7945.i lowering 7946the priority of the job) 7947for each recipient, 7948i.e., this value penalizes jobs with large numbers of recipients. 7949Defaults to 30000. 7950.ip RefuseLA=\fILA\fP 7951[X] 7952When the system load average exceeds 7953.i LA , 7954refuse incoming SMTP connections. 7955Defaults to 12 multiplied by 7956the number of processors online on the system 7957(if that can be determined). 7958.ip RejectLogInterval=\fItimeout\fP 7959[no short name] 7960Log interval when refusing connections for this long 7961(default: 3h). 7962.ip RetryFactor=\fIfact\fP 7963[Z] 7964The 7965.i fact or 7966is added to the priority 7967every time a job is processed. 7968Thus, 7969each time a job is processed, 7970its priority will be decreased by the indicated value. 7971In most environments this should be positive, 7972since hosts that are down are all too often down for a long time. 7973Defaults to 90000. 7974.ip SafeFileEnvironment=\fIdir\fP 7975[no short name] 7976If this option is set, 7977.i sendmail 7978will do a 7979.i chroot (2) 7980call into the indicated 7981.i dir ectory 7982before doing any file writes. 7983If the file name specified by the user begins with 7984.i dir , 7985that partial path name will be stripped off before writing, 7986so (for example) 7987if the SafeFileEnvironment variable is set to 7988.q /safe 7989then aliases of 7990.q /safe/logs/file 7991and 7992.q /logs/file 7993actually indicate the same file. 7994Additionally, if this option is set, 7995.i sendmail 7996refuses to deliver to symbolic links. 7997.ip SaveFromLine 7998[f] 7999Save 8000UNIX-style 8001.q From 8002lines at the front of headers. 8003Normally they are assumed redundant 8004and discarded. 8005.ip SendMimeErrors 8006[j] 8007If set, send error messages in MIME format 8008(see RFC 2045 and RFC 1344 for details). 8009If disabled, 8010.i sendmail 8011will not return the DSN keyword in response to an EHLO 8012and will not do Delivery Status Notification processing as described in 8013RFC 1891. 8014.ip ServerCertFile 8015[no short name] 8016File containing the certificate of the server, i.e., this certificate 8017is used when sendmail acts as server 8018(used for STARTTLS). 8019.ip ServerKeyFile 8020[no short name] 8021File containing the private key belonging to the server certificate 8022(used for STARTTLS). 8023.ip ServiceSwitchFile=\fIfilename\fP 8024[no short name] 8025If your host operating system has a service switch abstraction 8026(e.g., /etc/nsswitch.conf on Solaris 8027or /etc/svc.conf on Ultrix and DEC OSF/1) 8028that service will be consulted and this option is ignored. 8029Otherwise, this is the name of a file 8030that provides the list of methods used to implement particular services. 8031The syntax is a series of lines, 8032each of which is a sequence of words. 8033The first word is the service name, 8034and following words are service types. 8035The services that 8036.i sendmail 8037consults directly are 8038.q aliases 8039and 8040.q hosts. 8041Service types can be 8042.q dns , 8043.q nis , 8044.q nisplus , 8045or 8046.q files 8047(with the caveat that the appropriate support 8048must be compiled in 8049before the service can be referenced). 8050If ServiceSwitchFile is not specified, it defaults to 8051/etc/mail/service.switch. 8052If that file does not exist, the default switch is: 8053.(b 8054aliases files 8055hosts dns nis files 8056.)b 8057The default file is 8058.q /etc/mail/service.switch . 8059.ip SevenBitInput 8060[7] 8061Strip input to seven bits for compatibility with old systems. 8062This shouldn't be necessary. 8063.ip SharedMemoryKey 8064[no short name] 8065Key to use for shared memory segment; 8066if not set (or 0), shared memory will not be used. 8067If set to 8068-1 8069.i sendmail 8070can select a key itself provided that also 8071.b SharedMemoryKeyFile 8072is set. 8073Requires support for shared memory to be compiled into 8074.i sendmail . 8075If this option is set, 8076.i sendmail 8077can share some data between different instances. 8078For example, the number of entries in a queue directory 8079or the available space in a file system. 8080This allows for more efficient program execution, since only 8081one process needs to update the data instead of each individual 8082process gathering the data each time it is required. 8083.ip SharedMemoryKeyFile 8084[no short name] 8085If 8086.b SharedMemoryKey 8087is set to 8088-1 8089then the automatically selected shared memory key will be stored 8090in the specified file. 8091.ip SingleLineFromHeader 8092[no short name] 8093If set, From: lines that have embedded newlines are unwrapped 8094onto one line. 8095This is to get around a botch in Lotus Notes 8096that apparently cannot understand legally wrapped RFC 822 headers. 8097.ip SingleThreadDelivery 8098[no short name] 8099If set, a client machine will never try to open two SMTP connections 8100to a single server machine at the same time, 8101even in different processes. 8102That is, if another 8103.i sendmail 8104is already talking to some host a new 8105.i sendmail 8106will not open another connection. 8107This property is of mixed value; 8108although this reduces the load on the other machine, 8109it can cause mail to be delayed 8110(for example, if one 8111.i sendmail 8112is delivering a huge message, other 8113.i sendmail s 8114won't be able to send even small messages). 8115Also, it requires another file descriptor 8116(for the lock file) 8117per connection, so you may have to reduce the 8118.b ConnectionCacheSize 8119option to avoid running out of per-process file descriptors. 8120Requires the 8121.b HostStatusDirectory 8122option. 8123.ip SmtpGreetingMessage=\fImessage\fP 8124[$e macro] 8125The message printed when the SMTP server starts up. 8126Defaults to 8127.q "$j Sendmail $v ready at $b". 8128.ip SoftBounce 8129If set, issue temporary errors (4xy) instead of permanent errors (5xy). 8130This can be useful during testing of a new configuration to avoid 8131erroneous bouncing of mails. 8132.ip StatusFile=\fIfile\fP 8133[S] 8134Log summary statistics in the named 8135.i file . 8136If no file name is specified, "statistics" is used. 8137If not set, 8138no summary statistics are saved. 8139This file does not grow in size. 8140It can be printed using the 8141.i mailstats (8) 8142program. 8143.ip SuperSafe 8144[s] 8145This option can be set to True, False, Interactive, or PostMilter. 8146If set to True, 8147.i sendmail 8148will be super-safe when running things, 8149i.e., always instantiate the queue file, 8150even if you are going to attempt immediate delivery. 8151.i Sendmail 8152always instantiates the queue file 8153before returning control to the client 8154under any circumstances. 8155This should really 8156.i always 8157be set to True. 8158The Interactive value has been introduced in 8.12 and can 8159be used together with 8160.b DeliveryMode=i . 8161It skips some synchronization calls which are effectively 8162doubled in the code execution path for this mode. 8163If set to PostMilter, 8164.i sendmail 8165defers synchronizing the queue file until any milters have 8166signaled acceptance of the message. 8167PostMilter is useful only when 8168.i sendmail 8169is running as an SMTP server; in all other situations it 8170acts the same as True. 8171.ip TLSSrvOptions 8172[no short name] 8173List of options for SMTP STARTTLS for the server 8174consisting of single characters 8175with intervening white space or commas. 8176The flag ``V'' disables client verification, and hence 8177it is not possible to use a client certificate for relaying. 8178Currently there are no other flags available. 8179.ip TempFileMode=\fImode\fP 8180[F] 8181The file mode for transcript files, files to which 8182.i sendmail 8183delivers directly, files in the 8184.b HostStatusDirectory , 8185and 8186.b StatusFile . 8187It is interpreted in octal by default. 8188Defaults to 0600. 8189.ip Timeout.\fItype\fP=\\|\fItimeout\fP 8190[r; subsumes old T option as well] 8191Set timeout values. 8192For more information, 8193see section 8194.\" XREF 81954.1. 8196.ip TimeZoneSpec=\fItzinfo\fP 8197[t] 8198Set the local time zone info to 8199.i tzinfo 8200\- for example, 8201.q PST8PDT . 8202Actually, if this is not set, 8203the TZ environment variable is cleared (so the system default is used); 8204if set but null, the user's TZ variable is used, 8205and if set and non-null the TZ variable is set to this value. 8206.ip TrustedUser=\fIuser\fP 8207[no short name] 8208The 8209.i user 8210parameter may be a user name 8211(looked up in 8212.i /etc/passwd ) 8213or a numeric user id. 8214Trusted user for file ownership and starting the daemon. If set, generated 8215alias databases and the control socket (if configured) will automatically 8216be owned by this user. 8217.ip TryNullMXList 8218[w] 8219If this system is the 8220.q best 8221(that is, lowest preference) 8222MX for a given host, 8223its configuration rules should normally detect this situation 8224and treat that condition specially 8225by forwarding the mail to a UUCP feed, 8226treating it as local, 8227or whatever. 8228However, in some cases (such as Internet firewalls) 8229you may want to try to connect directly to that host 8230as though it had no MX records at all. 8231Setting this option causes 8232.i sendmail 8233to try this. 8234The downside is that errors in your configuration 8235are likely to be diagnosed as 8236.q "host unknown" 8237or 8238.q "message timed out" 8239instead of something more meaningful. 8240This option is disrecommended. 8241.ip UnixFromLine=\fIfromline\fP 8242[$l macro] 8243Defines the format used when 8244.i sendmail 8245must add a UNIX-style From_ line 8246(that is, a line beginning 8247.q From<space>user ). 8248Defaults to 8249.q "From $g $d" . 8250Don't change this unless your system uses a different UNIX mailbox format 8251(very unlikely). 8252.ip UnsafeGroupWrites 8253[no short name] 8254If set (default), 8255:include: and .forward files that are group writable are considered 8256.q unsafe , 8257that is, 8258they cannot reference programs or write directly to files. 8259World writable :include: and .forward files 8260are always unsafe. 8261Note: use 8262.b DontBlameSendmail 8263instead; this option is deprecated. 8264.ip UseErrorsTo 8265[l] 8266If there is an 8267.q Errors-To: 8268header, send error messages to the addresses listed there. 8269They normally go to the envelope sender. 8270Use of this option causes 8271.i sendmail 8272to violate RFC 1123. 8273This option is disrecommended and deprecated. 8274.ip UserDatabaseSpec=\fIudbspec\fP 8275[U] 8276The user database specification. 8277.ip Verbose 8278[v] 8279Run in verbose mode. 8280If this is set, 8281.i sendmail 8282adjusts options 8283.b HoldExpensive 8284(old 8285.b c ) 8286and 8287.b DeliveryMode 8288(old 8289.b d ) 8290so that all mail is delivered completely 8291in a single job 8292so that you can see the entire delivery process. 8293Option 8294.b Verbose 8295should 8296.i never 8297be set in the configuration file; 8298it is intended for command line use only. 8299Note that the use of option 8300.b Verbose 8301can cause authentication information to leak, if you use a 8302sendmail client to authenticate to a server. 8303If the authentication mechanism uses plain text passwords 8304(as with LOGIN or PLAIN), 8305then the password could be compromised. 8306To avoid this, do not install sendmail set-user-ID root, 8307and disable the 8308.b VERB 8309SMTP command with a suitable 8310.b PrivacyOptions 8311setting. 8312.ip XscriptFileBufferSize=\fIthreshold\fP 8313[no short name] 8314Set the 8315.i threshold , 8316in bytes, 8317before a memory-based 8318queue transcript file 8319becomes disk-based. 8320The default is 4096 bytes. 8321.lp 8322All options can be specified on the command line using the 8323\-O or \-o flag, 8324but most will cause 8325.i sendmail 8326to relinquish its set-user-ID permissions. 8327The options that will not cause this are 8328SevenBitInput [7], 8329EightBitMode [8], 8330MinFreeBlocks [b], 8331CheckpointInterval [C], 8332DeliveryMode [d], 8333ErrorMode [e], 8334IgnoreDots [i], 8335SendMimeErrors [j], 8336LogLevel [L], 8337MeToo [m], 8338OldStyleHeaders [o], 8339PrivacyOptions [p], 8340SuperSafe [s], 8341Verbose [v], 8342QueueSortOrder, 8343MinQueueAge, 8344DefaultCharSet, 8345Dial Delay, 8346NoRecipientAction, 8347ColonOkInAddr, 8348MaxQueueRunSize, 8349SingleLineFromHeader, 8350and 8351AllowBogusHELO. 8352Actually, PrivacyOptions [p] given on the command line 8353are added to those already specified in the 8354.i sendmail.cf 8355file, i.e., they can't be reset. 8356Also, M (define macro) when defining the r or s macros 8357is also considered 8358.q safe . 8359.sh 2 "P \- Precedence Definitions" 8360.pp 8361Values for the 8362.q "Precedence:" 8363field may be defined using the 8364.b P 8365control line. 8366The syntax of this field is: 8367.(b 8368\fBP\fP\fIname\fP\fB=\fP\fInum\fP 8369.)b 8370When the 8371.i name 8372is found in a 8373.q Precedence: 8374field, 8375the message class is set to 8376.i num . 8377Higher numbers mean higher precedence. 8378Numbers less than zero 8379have the special property 8380that if an error occurs during processing 8381the body of the message will not be returned; 8382this is expected to be used for 8383.q "bulk" 8384mail such as through mailing lists. 8385The default precedence is zero. 8386For example, 8387our list of precedences is: 8388.(b 8389Pfirst-class=0 8390Pspecial-delivery=100 8391Plist=\-30 8392Pbulk=\-60 8393Pjunk=\-100 8394.)b 8395People writing mailing list exploders 8396are encouraged to use 8397.q "Precedence: list" . 8398Older versions of 8399.i sendmail 8400(which discarded all error returns for negative precedences) 8401didn't recognize this name, giving it a default precedence of zero. 8402This allows list maintainers to see error returns 8403on both old and new versions of 8404.i sendmail . 8405.sh 2 "V \- Configuration Version Level" 8406.pp 8407To provide compatibility with old configuration files, 8408the 8409.b V 8410line has been added to define some very basic semantics 8411of the configuration file. 8412These are not intended to be long term supports; 8413rather, they describe compatibility features 8414which will probably be removed in future releases. 8415.pp 8416.b N.B.: 8417these version 8418.i levels 8419have nothing 8420to do with the version 8421.i number 8422on the files. 8423For example, 8424as of this writing 8425version 10 config files 8426(specifically, 8.10) 8427used version level 9 configurations. 8428.pp 8429.q Old 8430configuration files are defined as version level one. 8431Version level two files make the following changes: 8432.np 8433Host name canonification ($[ ... $]) 8434appends a dot if the name is recognized; 8435this gives the config file a way of finding out if anything matched. 8436(Actually, this just initializes the 8437.q host 8438map with the 8439.q \-a. 8440flag \- you can reset it to anything you prefer 8441by declaring the map explicitly.) 8442.np 8443Default host name extension is consistent throughout processing; 8444version level one configurations turned off domain extension 8445(that is, adding the local domain name) 8446during certain points in processing. 8447Version level two configurations are expected to include a trailing dot 8448to indicate that the name is already canonical. 8449.np 8450Local names that are not aliases 8451are passed through a new distinguished ruleset five; 8452this can be used to append a local relay. 8453This behavior can be prevented by resolving the local name 8454with an initial `@'. 8455That is, something that resolves to a local mailer and a user name of 8456.q vikki 8457will be passed through ruleset five, 8458but a user name of 8459.q @vikki 8460will have the `@' stripped, 8461will not be passed through ruleset five, 8462but will otherwise be treated the same as the prior example. 8463The expectation is that this might be used to implement a policy 8464where mail sent to 8465.q vikki 8466was handled by a central hub, 8467but mail sent to 8468.q vikki@localhost 8469was delivered directly. 8470.pp 8471Version level three files 8472allow # initiated comments on all lines. 8473Exceptions are backslash escaped # marks 8474and the $# syntax. 8475.pp 8476Version level four configurations 8477are completely equivalent to level three 8478for historical reasons. 8479.pp 8480Version level five configuration files 8481change the default definition of 8482.b $w 8483to be just the first component of the hostname. 8484.pp 8485Version level six configuration files 8486change many of the local processing options 8487(such as aliasing and matching the beginning of the address for 8488`\|' characters) 8489to be mailer flags; 8490this allows fine-grained control over the special local processing. 8491Level six configuration files may also use long option names. 8492The 8493.b ColonOkInAddr 8494option (to allow colons in the local-part of addresses) 8495defaults 8496.b on 8497for lower numbered configuration files; 8498the configuration file requires some additional intelligence 8499to properly handle the RFC 822 group construct. 8500.pp 8501Version level seven configuration files 8502used new option names to replace old macros 8503(\c 8504.b $e 8505became 8506.b SmtpGreetingMessage , 8507.b $l 8508became 8509.b UnixFromLine , 8510and 8511.b $o 8512became 8513.b OperatorChars . 8514Also, prior to version seven, 8515the 8516.b F=q 8517flag (use 250 instead of 252 return value for 8518.sm "SMTP VRFY" 8519commands) 8520was assumed. 8521.pp 8522Version level eight configuration files allow 8523.b $# 8524on the left hand side of ruleset lines. 8525.pp 8526Version level nine configuration files allow 8527parentheses in rulesets, i.e. they are not treated 8528as comments and hence removed. 8529.pp 8530Version level ten configuration files allow 8531queue group definitions. 8532.pp 8533The 8534.b V 8535line may have an optional 8536.b / \c 8537.i vendor 8538to indicate that this configuration file uses modifications 8539specific to a particular vendor\. 8540.(f 8541\And of course, vendors are encouraged to add themselves 8542to the list of recognized vendors by editing the routine 8543.i setvendor 8544in 8545.i conf.c . 8546Please send e-mail to sendmail@Sendmail.ORG 8547to register your vendor dialect. 8548.)f 8549You may use 8550.q /Berkeley 8551to emphasize that this configuration file 8552uses the Berkeley dialect of 8553.i sendmail . 8554.sh 2 "K \- Key File Declaration" 8555.pp 8556Special maps can be defined using the line: 8557.(b 8558Kmapname mapclass arguments 8559.)b 8560The 8561.i mapname 8562is the handle by which this map is referenced in the rewriting rules. 8563The 8564.i mapclass 8565is the name of a type of map; 8566these are compiled in to 8567.i sendmail . 8568The 8569.i arguments 8570are interpreted depending on the class; 8571typically, 8572there would be a single argument naming the file containing the map. 8573.pp 8574Maps are referenced using the syntax: 8575.(b 8576$( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $) 8577.)b 8578where either or both of the 8579.i arguments 8580or 8581.i default 8582portion may be omitted. 8583The 8584.i "$@ arguments" 8585may appear more than once. 8586The indicated 8587.i key 8588and 8589.i arguments 8590are passed to the appropriate mapping function. 8591If it returns a value, it replaces the input. 8592If it does not return a value and the 8593.i default 8594is specified, the 8595.i default 8596replaces the input. 8597Otherwise, the input is unchanged. 8598.pp 8599The 8600.i arguments 8601are passed to the map for arbitrary use. 8602Most map classes can interpolate these arguments 8603into their values using the syntax 8604.q %\fIn\fP 8605(where 8606.i n 8607is a digit) 8608to indicate the corresponding 8609.i argument . 8610Argument 8611.q %0 8612indicates the database key. 8613For example, the rule 8614.(b 8615.ta 1.5i 8616R$\- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $) 8617.)b 8618Looks up the UUCP name in a (user defined) UUCP map; 8619if not found it turns it into 8620.q \&.UUCP 8621form. 8622The database might contain records like: 8623.(b 8624decvax %1@%0.DEC.COM 8625research %1@%0.ATT.COM 8626.)b 8627Note that 8628.i default 8629clauses never do this mapping. 8630.pp 8631The built-in map with both name and class 8632.q host 8633is the host name canonicalization lookup. 8634Thus, 8635the syntax: 8636.(b 8637$(host \fIhostname\fP$) 8638.)b 8639is equivalent to: 8640.(b 8641$[\fIhostname\fP$] 8642.)b 8643.pp 8644There are many defined classes. 8645.ip dbm 8646Database lookups using the ndbm(3) library. 8647.i Sendmail 8648must be compiled with 8649.b NDBM 8650defined. 8651.ip btree 8652Database lookups using the btree interface to the Berkeley DB 8653library. 8654.i Sendmail 8655must be compiled with 8656.b NEWDB 8657defined. 8658.ip hash 8659Database lookups using the hash interface to the Berkeley DB 8660library. 8661.i Sendmail 8662must be compiled with 8663.b NEWDB 8664defined. 8665.ip nis 8666NIS lookups. 8667.i Sendmail 8668must be compiled with 8669.b NIS 8670defined. 8671.ip nisplus 8672NIS+ lookups. 8673.i Sendmail 8674must be compiled with 8675.b NISPLUS 8676defined. 8677The argument is the name of the table to use for lookups, 8678and the 8679.b \-k 8680and 8681.b \-v 8682flags may be used to set the key and value columns respectively. 8683.ip hesiod 8684Hesiod lookups. 8685.i Sendmail 8686must be compiled with 8687.b HESIOD 8688defined. 8689.ip ldap 8690LDAP X500 directory lookups. 8691.i Sendmail 8692must be compiled with 8693.b LDAPMAP 8694defined. 8695The map supports most of the standard arguments 8696and most of the command line arguments of the 8697.i ldapsearch 8698program. 8699Note that, 8700by default, 8701if a single query matches multiple values, 8702only the first value will be returned 8703unless the 8704.b \-z 8705(value separator) 8706map flag is set. 8707Also, the 8708.b \-1 8709map flag will treat a multiple value return 8710as if there were no matches. 8711.ip netinfo 8712NeXT NetInfo lookups. 8713.i Sendmail 8714must be compiled with 8715.b NETINFO 8716defined. 8717.ip text 8718Text file lookups. 8719The format of the text file is defined by the 8720.b \-k 8721(key field number), 8722.b \-v 8723(value field number), 8724and 8725.b \-z 8726(field delimiter) 8727flags. 8728.ip ph 8729PH query map. 8730Contributed and supported by 8731Mark Roth, roth@uiuc.edu. 8732For more information, 8733consult the web site 8734.q http://www-dev.cites.uiuc.edu/sendmail/ . 8735.ip nsd 8736nsd map for IRIX 6.5 and later. 8737Contributed and supported by Bob Mende of SGI, 8738mende@sgi.com. 8739.ip stab 8740Internal symbol table lookups. 8741Used internally for aliasing. 8742.ip implicit 8743Really should be called 8744.q alias 8745\(em this is used to get the default lookups 8746for alias files, 8747and is the default if no class is specified for alias files. 8748.ip user 8749Looks up users using 8750.i getpwnam (3). 8751The 8752.b \-v 8753flag can be used to specify the name of the field to return 8754(although this is normally used only to check the existence 8755of a user). 8756.ip host 8757Canonifies host domain names. 8758Given a host name it calls the name server 8759to find the canonical name for that host. 8760.ip bestmx 8761Returns the best MX record for a host name given as the key. 8762The current machine is always preferred \- 8763that is, if the current machine is one of the hosts listed as a 8764lowest-preference MX record, then it will be guaranteed to be returned. 8765This can be used to find out if this machine is the target for an MX record, 8766and mail can be accepted on that basis. 8767If the 8768.b \-z 8769flag is given, then all MX names are returned, 8770separated by the given delimiter. 8771.ip dns 8772This map requires the option -R to specify the DNS resource record 8773type to lookup. The following types are supported: 8774A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT. 8775A map lookup will return only one record. 8776Hence for some types, e.g., MX records, the return value might be a random 8777element of the list due to randomizing in the DNS resolver. 8778.ip sequence 8779The arguments on the `K' line are a list of maps; 8780the resulting map searches the argument maps in order 8781until it finds a match for the indicated key. 8782For example, if the key definition is: 8783.(b 8784Kmap1 ... 8785Kmap2 ... 8786Kseqmap sequence map1 map2 8787.)b 8788then a lookup against 8789.q seqmap 8790first does a lookup in map1. 8791If that is found, it returns immediately. 8792Otherwise, the same key is used for map2. 8793.ip syslog 8794the key is logged via 8795.i syslogd \\|(8). 8796The lookup returns the empty string. 8797.ip switch 8798Much like the 8799.q sequence 8800map except that the order of maps is determined by the service switch. 8801The argument is the name of the service to be looked up; 8802the values from the service switch are appended to the map name 8803to create new map names. 8804For example, consider the key definition: 8805.(b 8806Kali switch aliases 8807.)b 8808together with the service switch entry: 8809.(b 8810aliases nis files 8811.)b 8812This causes a query against the map 8813.q ali 8814to search maps named 8815.q ali.nis 8816and 8817.q ali.files 8818in that order. 8819.ip dequote 8820Strip double quotes (") from a name. 8821It does not strip backslashes, 8822and will not strip quotes if the resulting string 8823would contain unscannable syntax 8824(that is, basic errors like unbalanced angle brackets; 8825more sophisticated errors such as unknown hosts are not checked). 8826The intent is for use when trying to accept mail from systems such as 8827DECnet 8828that routinely quote odd syntax such as 8829.(b 8830"49ers::ubell" 8831.)b 8832A typical usage is probably something like: 8833.(b 8834Kdequote dequote 8835* 8836\&... 8837 8838R$\- $: $(dequote $1 $) 8839R$\- $+ $: $>3 $1 $2 8840.)b 8841Care must be taken to prevent unexpected results; 8842for example, 8843.(b 8844"\|someprogram < input > output" 8845.)b 8846will have quotes stripped, 8847but the result is probably not what you had in mind. 8848Fortunately these cases are rare. 8849.ip regex 8850The map definition on the 8851.b K 8852line contains a regular expression. 8853Any key input is compared to that expression using the 8854POSIX regular expressions routines regcomp(), regerr(), and regexec(). 8855Refer to the documentation for those routines for more information 8856about the regular expression matching. 8857No rewriting of the key is done if the 8858.b \-m 8859flag is used. Without it, the key is discarded or if 8860.b \-s 8861if used, it is substituted by the substring matches, delimited by 8862.b $\| 8863or the string specified with the the 8864.b \-d 8865flag. The flags available for the map are 8866.(b 8867.ta 4n 8868-n not 8869-f case sensitive 8870-b basic regular expressions (default is extended) 8871-s substring match 8872-d set the delimiter used for -s 8873-a append string to key 8874-m match only, do not replace/discard value 8875-D perform no lookup in deferred delivery mode. 8876.)b 8877The 8878.b \-s 8879flag can include an optional parameter which can be used 8880to select the substrings in the result of the lookup. For example, 8881.(b 8882-s1,3,4 8883.)b 8884Notes: to match a 8885.b $ 8886in a string, 8887\\$$ 8888must be used. 8889If the pattern contains spaces, they must be replaced 8890with the blank substitution character, unless it is 8891space itself. 8892.ip program 8893The arguments on the 8894.b K 8895line are the pathname to a program and any initial parameters to be passed. 8896When the map is called, 8897the key is added to the initial parameters 8898and the program is invoked 8899as the default user/group id. 8900The first line of standard output is returned as the value of the lookup. 8901This has many potential security problems, 8902and has terrible performance; 8903it should be used only when absolutely necessary. 8904.ip macro 8905Set or clear a macro value. 8906To set a macro, 8907pass the value as the first argument in the map lookup. 8908To clear a macro, 8909do not pass an argument in the map lookup. 8910The map always returns the empty string. 8911Example of typical usage include: 8912.(b 8913Kstorage macro 8914 8915\&... 8916 8917# set macro ${MyMacro} to the ruleset match 8918R$+ $: $(storage {MyMacro} $@ $1 $) $1 8919# set macro ${MyMacro} to an empty string 8920R$* $: $(storage {MyMacro} $@ $) $1 8921# clear macro ${MyMacro} 8922R$\- $: $(storage {MyMacro} $) $1 8923.)b 8924.ip arith 8925Perform simple arithmetic operations. 8926The operation is given as key, currently 8927+, -, , /, %, 8928\|, & (bitwise OR, AND), 8929l (for less than), =, 8930and r (for random) are supported. 8931The two operands are given as arguments. 8932The lookup returns the result of the computation, 8933i.e., 8934.sm TRUE 8935or 8936.sm FALSE 8937for comparisons, integer values otherwise. 8938The r operator returns a pseudo-random number whose value 8939lies between the first and second operand 8940(which requires that the first operand is smaller than the second). 8941All options which are possible for maps are ignored. 8942A simple example is: 8943.(b 8944Kcomp arith 8945* 8946\&... 8947 8948Scheck_etrn 8949R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1 8950RFALSE $# error \&... 8951.)b 8952.ip socket 8953The socket map uses a simple request/reply protocol over TCP or UNIX domain 8954sockets to query an external server. 8955Both requests and replies are text based and encoded as netstrings, 8956i.e., a string "hello there" becomes: 8957.(b 895811:hello there, 8959.)b 8960Note: neither requests nor replies end with CRLF. 8961 8962The request consists of the database map name and the lookup key separated 8963by a space character: 8964 8965.(b 8966<mapname> ' ' <key> 8967.)b 8968 8969The server responds with a status indicator and the result (if any): 8970 8971.(b 8972<status> ' ' <result> 8973.)b 8974 8975The status indicator specifies the result of the lookup operation itself 8976and is one of the following upper case words: 8977.(b 8978.ta 9n 8979OK the key was found, result contains the looked up value 8980NOTFOUND the key was not found, the result is empty 8981TEMP a temporary failure occured 8982TIMEOUT a timeout occured on the server side 8983PERM a permanent failure occured 8984.)b 8985 8986In case of errors (status TEMP, TIMEOUT or PERM) the result field may 8987contain an explanatory message. 8988However, the explanatory message is not used any further by 8989.i sendmail . 8990 8991Example replies: 8992.(b 899331:OK resolved.address@example.com, 8994.)b 8995 8996.(b 899756:OK error:550 5.7.1 User does not accept mail from sender, 8998.)b 8999 9000in case of successful lookups, or: 9001.(b 90028:NOTFOUND, 9003.)b 9004 9005in case the key was not found, or: 9006.(b 900755:TEMP this text explains that we had a temporary failure, 9008.)b 9009 9010in case of a temporary map lookup failure. 9011 9012The socket map uses the same syntax as milters 9013(see Section "X \- Mail Filter (Milter) Definitions") 9014to specify the remote endpoint, e.g., 9015.(b 9016Ksocket mySocketMap inet:12345@127.0.0.1 9017.)b 9018* 9019If multiple socket maps define the same remote endpoint, they will share 9020a single connection to this endpoint. 9021.pp 9022Most of these accept as arguments the same optional flags 9023and a filename 9024(or a mapname for NIS; 9025the filename is the root of the database path, 9026so that 9027.q .db 9028or some other extension appropriate for the database type 9029will be added to get the actual database name). 9030Known flags are: 9031.ip "\-o" 9032Indicates that this map is optional \- that is, 9033if it cannot be opened, 9034no error is produced, 9035and 9036.i sendmail 9037will behave as if the map existed but was empty. 9038.ip "\-N, \-O" 9039If neither 9040.b \-N 9041or 9042.b \-O 9043are specified, 9044.i sendmail 9045uses an adaptive algorithm to decide whether or not to look for null bytes 9046on the end of keys. 9047It starts by trying both; 9048if it finds any key with a null byte it never tries again without a null byte 9049and vice versa. 9050If 9051.b \-N 9052is specified it never tries without a null byte and 9053if 9054.b \-O 9055is specified it never tries with a null byte. 9056Setting one of 9057these can speed matches but are never necessary. 9058If both 9059.b \-N 9060and 9061.b \-O 9062are specified, 9063.i sendmail 9064will never try any matches at all \(em 9065that is, everything will appear to fail. 9066.ip "\-a\fIx\fP" 9067Append the string 9068.i x 9069on successful matches. 9070For example, the default 9071.i host 9072map appends a dot on successful matches. 9073.ip "\-T\fIx\fP" 9074Append the string 9075.i x 9076on temporary failures. 9077For example, 9078.i x 9079would be appended if a DNS lookup returned 9080.q "server failed" 9081or an NIS lookup could not locate a server. 9082See also the 9083.b \-t 9084flag. 9085.ip "\-f" 9086Do not fold upper to lower case before looking up the key. 9087.ip "\-m" 9088Match only (without replacing the value). 9089If you only care about the existence of a key and not the value 9090(as you might when searching the NIS map 9091.q hosts.byname 9092for example), 9093this flag prevents the map from substituting the value. 9094However, 9095The \-a argument is still appended on a match, 9096and the default is still taken if the match fails. 9097.ip "\-k\fIkeycol\fP" 9098The key column name (for NIS+) or number 9099(for text lookups). 9100For LDAP maps this is an LDAP filter string 9101in which %s is replaced with the literal contents of the lookup key 9102and %0 is replaced with the LDAP escaped contents of the lookup key 9103according to RFC 2254. 9104If the flag 9105.b \-K 9106is used, then %1 through %9 are replaced with the LDAP escaped contents 9107of the arguments specified in the map lookup. 9108.ip "\-v\fIvalcol\fP" 9109The value column name (for NIS+) or number 9110(for text lookups). 9111For LDAP maps this is the name of one or more 9112attributes to be returned; 9113multiple attributes can be separated by commas. 9114If not specified, all attributes found in the match 9115will be returned. 9116The attributes listed can also include a type and one or more 9117objectClass values for matching as described in the LDAP section. 9118.ip "\-z\fIdelim\fP" 9119The column delimiter (for text lookups). 9120It can be a single character or one of the special strings 9121.q \\|\en 9122or 9123.q \\|\et 9124to indicate newline or tab respectively. 9125If omitted entirely, 9126the column separator is any sequence of white space. 9127For LDAP maps this is the separator character 9128to combine multiple values 9129into a single return string. 9130If not set, 9131the LDAP lookup will only return the first match found. 9132For DNS maps this is the separator character at which 9133the result of a query is cut off if is too long. 9134.ip "\-t" 9135Normally, when a map attempts to do a lookup 9136and the server fails 9137(e.g., 9138.i sendmail 9139couldn't contact any name server; 9140this is 9141.i not 9142the same as an entry not being found in the map), 9143the message being processed is queued for future processing. 9144The 9145.b \-t 9146flag turns off this behavior, 9147letting the temporary failure (server down) 9148act as though it were a permanent failure (entry not found). 9149It is particularly useful for DNS lookups, 9150where someone else's misconfigured name server can cause problems 9151on your machine. 9152However, care must be taken to ensure that you don't bounce mail 9153that would be resolved correctly if you tried again. 9154A common strategy is to forward such mail 9155to another, possibly better connected, mail server. 9156.ip "\-D" 9157Perform no lookup in deferred delivery mode. 9158This flag is set by default for the 9159.i host 9160map. 9161.ip "\-S\fIspacesub\fP 9162The character to use to replace space characters 9163after a successful map lookup (esp. useful for regex 9164and syslog maps). 9165.ip "\-s\fIspacesub\fP 9166For the dequote map only, 9167the character to use to replace space characters 9168after a successful dequote. 9169.ip "\-q" 9170Don't dequote the key before lookup. 9171.ip "\-L\fIlevel\fP 9172For the syslog map only, it specifies the level 9173to use for the syslog call. 9174.ip "\-A" 9175When rebuilding an alias file, 9176the 9177.b \-A 9178flag causes duplicate entries in the text version 9179to be merged. 9180For example, two entries: 9181.(b 9182list: user1, user2 9183list: user3 9184.)b 9185would be treated as though it were the single entry 9186.(b 9187list: user1, user2, user3 9188.)b 9189in the presence of the 9190.b \-A 9191flag. 9192.pp 9193Some additional flags are available for the host and dns maps: 9194.ip "\-d" 9195delay: specify the resolver's retransmission time interval (in seconds). 9196.ip "\-r" 9197retry: specify the number of times to retransmit a resolver query. 9198.pp 9199The dns map has another flag: 9200.ip "\-B" 9201basedomain: specify a domain that is always appended to queries. 9202.pp 9203The following additional flags are present in the ldap map only: 9204.ip "\-R" 9205Do not auto chase referrals. sendmail must be compiled with 9206.b \-DLDAP_REFERRALS 9207to use this flag. 9208.ip "\-n" 9209Retrieve attribute names only. 9210.ip "\-V\fIsep\fP" 9211Retrieve both attributes name and value(s), 9212separated by 9213.i sep . 9214.ip "\-r\fIderef\fP" 9215Set the alias dereference option to one of never, always, search, or find. 9216.ip "\-s\fIscope\fP" 9217Set search scope to one of base, one (one level), or sub (subtree). 9218.ip "\-h\fIhost\fP" 9219LDAP server hostname. 9220Some LDAP libraries allow you to specify multiple, space-separated hosts for 9221redundancy. 9222In addition, each of the hosts listed can be followed by a colon and a port 9223number to override the default LDAP port. 9224.ip "\-p\fIport\fP" 9225LDAP service port. 9226.ip "\-H \fILDAPURI\fP" 9227Use the specified LDAP URI instead of specifying the hostname and port 9228separately with the the 9229.b \-h 9230and 9231.b \-p 9232options shown above. 9233For example, 9234.(b 9235-h server.example.com -p 389 -b dc=example,dc=com 9236.)b 9237is equivalent to 9238.(b 9239-H ldap://server.example.com:389 -b dc=example,dc=com 9240.)b 9241If the LDAP library supports it, 9242the LDAP URI format however can also request LDAP over SSL by using 9243.b ldaps:// 9244instead of 9245.b ldap:// . 9246For example: 9247.(b 9248O LDAPDefaultSpec=-H ldaps://ldap.example.com -b dc=example,dc=com 9249.)b 9250Similarly, if the LDAP library supports it, 9251It can also be used to specify a UNIX domain socket using 9252.b ldapi:// : 9253.(b 9254O LDAPDefaultSpec=-H ldapi://socketfile -b dc=example,dc=com 9255.)b 9256.ip "\-b\fIbase\fP" 9257LDAP search base. 9258.ip "\-l\fItimelimit\fP" 9259Time limit for LDAP queries. 9260.ip "\-Z\fIsizelimit\fP" 9261Size (number of matches) limit for LDAP or DNS queries. 9262.ip "\-d\fIdistinguished_name\fP" 9263The distinguished name to use to login to the LDAP server. 9264.ip "\-M\fImethod\fP" 9265The method to authenticate to the LDAP server. 9266Should be one of 9267.b LDAP_AUTH_NONE , 9268.b LDAP_AUTH_SIMPLE , 9269or 9270.b LDAP_AUTH_KRBV4 . 9271.ip "\-P\fIpasswordfile\fP" 9272The file containing the secret key for the 9273.b LDAP_AUTH_SIMPLE 9274authentication method 9275or the name of the Kerberos ticket file for 9276.b LDAP_AUTH_KRBV4 . 9277.ip "\-1" 9278Force LDAP searches to only succeed if a single match is found. 9279If multiple values are found, 9280the search is treated as if no match was found. 9281.ip "\-w\fIversion\fP" 9282Set the LDAP API/protocol version to use. 9283The default depends on the LDAP client libraries in use. 9284For example, 9285.b "\-w 3" 9286will cause 9287.i sendmail 9288to use LDAPv3 when communicating with the LDAP server. 9289.ip "\-K" 9290Treat the LDAP search key as multi-argument and 9291replace %1 through %9 in the key with 9292the LDAP escaped contents of the lookup arguments specified in the map lookup. 9293.pp 9294The 9295.i dbm 9296map appends the strings 9297.q \&.pag 9298and 9299.q \&.dir 9300to the given filename; 9301the 9302.i hash 9303and 9304.i btree 9305maps append 9306.q \&.db . 9307For example, the map specification 9308.(b 9309Kuucp dbm \-o \-N /etc/mail/uucpmap 9310.)b 9311specifies an optional map named 9312.q uucp 9313of class 9314.q dbm ; 9315it always has null bytes at the end of every string, 9316and the data is located in 9317/etc/mail/uucpmap.{dir,pag}. 9318.pp 9319The program 9320.i makemap (8) 9321can be used to build any of the three database-oriented maps. 9322It takes the following flags: 9323.ip \-f 9324Do not fold upper to lower case in the map. 9325.ip \-N 9326Include null bytes in keys. 9327.ip \-o 9328Append to an existing (old) file. 9329.ip \-r 9330Allow replacement of existing keys; 9331normally, re-inserting an existing key is an error. 9332.ip \-v 9333Print what is happening. 9334.lp 9335The 9336.i sendmail 9337daemon does not have to be restarted to read the new maps 9338as long as you change them in place; 9339file locking is used so that the maps won't be read 9340while they are being updated. 9341.pp 9342New classes can be added in the routine 9343.b setupmaps 9344in file 9345.b conf.c . 9346.sh 2 "Q \- Queue Group Declaration" 9347.pp 9348In addition to the option 9349.i QueueDirectory, 9350queue groups can be declared that define a (group of) queue directories 9351under a common name. 9352The syntax is as follows: 9353.(b F 9354.b Q \c 9355.i name 9356{, \c 9357.i field =\c 9358.i value \\|}+ 9359.)b 9360where 9361.i name 9362is the symbolic name of the queue group under which 9363it can be referenced in various places 9364and the 9365.q field=value 9366pairs define attributes of the queue group. 9367The name must only consist of alphanumeric characters. 9368Fields are: 9369.ip Flags 9370Flags for this queue group. 9371.ip Nice 9372The nice(2) increment for the queue group. 9373This value must be greater or equal zero. 9374.ip Interval 9375The time between two queue runs. 9376.ip Path 9377The queue directory of the group (required). 9378.ip Runners 9379The number of parallel runners processing the queue. 9380Note that 9381.b F=f 9382must be set if this value is greater than one. 9383.ip Jobs 9384The maximum number of jobs (messages delivered) per queue run. 9385.ip recipients 9386The maximum number of recipients per envelope. 9387Envelopes with more than this number of recipients will be split 9388into multiple envelopes in the same queue directory. 9389The default value 0 means no limit. 9390.lp 9391Only the first character of the field name is checked. 9392.pp 9393By default, a queue group named 9394.i mqueue 9395is defined that uses the value of the 9396.i QueueDirectory 9397option as path. 9398Notice: all paths that are used for queue groups must 9399be subdirectories of 9400.i QueueDirectory . 9401Since they can be symbolic links, this isn't a real restriction, 9402If 9403.i QueueDirectory 9404uses a wildcard, then the directory one level up is considered 9405the ``base'' directory which all other queue directories must share. 9406Please make sure that the queue directories do not overlap, 9407e.g., do not specify 9408.(b 9409O QueueDirectory=/var/spool/mqueue/* 9410Qone, P=/var/spool/mqueue/dir1 9411Qtwo, P=/var/spool/mqueue/dir2 9412.)b 9413because this also includes 9414.q dir1 9415and 9416.q dir2 9417in the default queue group. 9418However, 9419.(b 9420O QueueDirectory=/var/spool/mqueue/main* 9421Qone, P=/var/spool/mqueue/dir 9422Qtwo, P=/var/spool/mqueue/other* 9423.)b 9424is a valid queue group specification. 9425.pp 9426Options listed in the ``Flags'' field can be used to modify 9427the behavior of a queue group. 9428The ``f'' flag must be set if multiple queue runners are 9429supposed to work on the entries in a queue group. 9430Otherwise 9431.i sendmail 9432will work on the entries strictly sequentially. 9433.pp 9434The ``Interval'' field sets the time between queue runs. 9435If no queue group specific interval is set, then the parameter of the 9436.b -q 9437option from the command line is used. 9438.pp 9439To control the overall number of concurrently active queue runners 9440the option 9441.b MaxQueueChildren 9442can be set. 9443This limits the number of processes used for running the queues to 9444.b MaxQueueChildren , 9445though at any one time fewer processes may be active 9446as a result of queue options, completed queue runs, system load, etc. 9447.pp 9448The maximum number of queue runners for an individual queue group can be 9449controlled via the 9450.b Runners 9451option. 9452If set to 0, entries in the queue will not be processed, which 9453is useful to ``quarantine'' queue files. 9454The number of runners per queue group may also be set with the option 9455.b MaxRunnersPerQueue , 9456which applies to queue groups that have no individual limit. 9457That is, the default value for 9458.b Runners 9459is 9460.b MaxRunnersPerQueue 9461if set, otherwise 1. 9462.pp 9463The field Jobs describes the maximum number of jobs 9464(messages delivered) per queue run, which is the queue group specific 9465value of 9466.b MaxQueueRunSize . 9467.pp 9468Notice: queue groups should be declared after all queue related options 9469have been set because queue groups take their defaults from those options. 9470If an option is set after a queue group declaration, the values of 9471options in the queue group are set to the defaults of 9472.i sendmail 9473unless explicitly set in the declaration. 9474.pp 9475Each envelope is assigned to a queue group based on the algorithm 9476described in section 9477``Queue Groups and Queue Directories''. 9478.sh 2 "X \- Mail Filter (Milter) Definitions" 9479.pp 9480The 9481.i sendmail 9482Mail Filter API (Milter) is designed to allow third-party programs access 9483to mail messages as they are being processed in order to filter 9484meta-information and content. 9485They are declared in the configuration file as: 9486.(b F 9487.b X \c 9488.i name 9489{, \c 9490.i field =\c 9491.i value \\|} 9492.)b 9493where 9494.i name 9495is the name of the filter 9496(used internally only) 9497and the 9498.q field=name 9499pairs define attributes of the filter. 9500Also see the documentation for the 9501.b InputMailFilters 9502option for more information. 9503.pp 9504Fields are: 9505.(b 9506.ta 1i 9507Socket The socket specification 9508Flags Special flags for this filter 9509Timeouts Timeouts for this filter 9510.)b 9511Only the first character of the field name is checked 9512(it's case-sensitive). 9513.pp 9514The socket specification is one of the following forms: 9515.(b F 9516.b S= \c 9517.b inet \c 9518.b : 9519.i port 9520.b @ 9521.i host 9522.)b 9523.(b F 9524.b S= \c 9525.b inet6 \c 9526.b : 9527.i port 9528.b @ 9529.i host 9530.)b 9531.(b F 9532.b S= \c 9533.b local \c 9534.b : 9535.i path 9536.)b 9537The first two describe an IPv4 or IPv6 socket listening on a certain 9538.i port 9539at a given 9540.i host 9541or IP address. 9542The final form describes a named socket on the filesystem at the given 9543.i path . 9544.pp 9545The following flags may be set in the filter description. 9546.nr ii 4n 9547.ip R 9548Reject connection if filter unavailable. 9549.ip T 9550Temporary fail connection if filter unavailable. 9551.pp 9552If neither F=R nor F=T is specified, the message is passed through 9553.i sendmail 9554in case of filter errors as if the failing filters were not present. 9555.pp 9556The timeouts can be set using the four fields inside of the 9557.b T= 9558equate: 9559.nr ii 4n 9560.ip C 9561Timeout for connecting to a filter. 9562If set to 0, the system's 9563.i connect() 9564timeout will be used. 9565.ip S 9566Timeout for sending information from the MTA to a filter. 9567.ip R 9568Timeout for reading reply from the filter. 9569.ip E 9570Overall timeout between sending end-of-message to filter and waiting for 9571the final acknowledgment. 9572.pp 9573Note the separator between each timeout field is a 9574.b ';' . 9575The default values (if not set) are: 9576.b T=C:5m;S:10s;R:10s;E:5m 9577where 9578.b s 9579is seconds and 9580.b m 9581is minutes. 9582.pp 9583Examples: 9584.(b 9585Xfilter1, S=local:/var/run/f1.sock, F=R 9586Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m 9587Xfilter3, S=inet:3333@localhost, T=C:2m 9588.)b 9589.sh 2 "The User Database" 9590.pp 9591The user database is deprecated in favor of ``virtusertable'' 9592and ``genericstable'' as explained in the file 9593.b cf/README . 9594If you have a version of 9595.i sendmail 9596with the user database package 9597compiled in, 9598the handling of sender and recipient addresses 9599is modified. 9600.pp 9601The location of this database is controlled with the 9602.b UserDatabaseSpec 9603option. 9604.sh 3 "Structure of the user database" 9605.pp 9606The database is a sorted (BTree-based) structure. 9607User records are stored with the key: 9608.(b 9609\fIuser-name\fP\fB:\fP\fIfield-name\fP 9610.)b 9611The sorted database format ensures that user records are clustered together. 9612Meta-information is always stored with a leading colon. 9613.pp 9614Field names define both the syntax and semantics of the value. 9615Defined fields include: 9616.nr ii 1i 9617.ip maildrop 9618The delivery address for this user. 9619There may be multiple values of this record. 9620In particular, 9621mailing lists will have one 9622.i maildrop 9623record for each user on the list. 9624.ip "mailname" 9625The outgoing mailname for this user. 9626For each outgoing name, 9627there should be an appropriate 9628.i maildrop 9629record for that name to allow return mail. 9630See also 9631.i :default:mailname . 9632.ip mailsender 9633Changes any mail sent to this address to have the indicated envelope sender. 9634This is intended for mailing lists, 9635and will normally be the name of an appropriate -request address. 9636It is very similar to the owner-\c 9637.i list 9638syntax in the alias file. 9639.ip fullname 9640The full name of the user. 9641.ip office-address 9642The office address for this user. 9643.ip office-phone 9644The office phone number for this user. 9645.ip office-fax 9646The office FAX number for this user. 9647.ip home-address 9648The home address for this user. 9649.ip home-phone 9650The home phone number for this user. 9651.ip home-fax 9652The home FAX number for this user. 9653.ip project 9654A (short) description of the project this person is affiliated with. 9655In the University this is often just the name of their graduate advisor. 9656.ip plan 9657A pointer to a file from which plan information can be gathered. 9658.pp 9659As of this writing, 9660only a few of these fields are actually being used by 9661.i sendmail : 9662.i maildrop 9663and 9664.i mailname . 9665A 9666.i finger 9667program that uses the other fields is planned. 9668.sh 3 "User database semantics" 9669.pp 9670When the rewriting rules submit an address to the local mailer, 9671the user name is passed through the alias file. 9672If no alias is found (or if the alias points back to the same address), 9673the name (with 9674.q :maildrop 9675appended) 9676is then used as a key in the user database. 9677If no match occurs (or if the maildrop points at the same address), 9678forwarding is tried. 9679.pp 9680If the first token of the user name returned by ruleset 0 9681is an 9682.q @ 9683sign, the user database lookup is skipped. 9684The intent is that the user database will act as a set of defaults 9685for a cluster (in our case, the Computer Science Division); 9686mail sent to a specific machine should ignore these defaults. 9687.pp 9688When mail is sent, 9689the name of the sending user is looked up in the database. 9690If that user has a 9691.q mailname 9692record, 9693the value of that record is used as their outgoing name. 9694For example, I might have a record: 9695.(b 9696eric:mailname Eric.Allman@CS.Berkeley.EDU 9697.)b 9698This would cause my outgoing mail to be sent as Eric.Allman. 9699.pp 9700If a 9701.q maildrop 9702is found for the user, 9703but no corresponding 9704.q mailname 9705record exists, 9706the record 9707.q :default:mailname 9708is consulted. 9709If present, this is the name of a host to override the local host. 9710For example, in our case we would set it to 9711.q CS.Berkeley.EDU . 9712The effect is that anyone known in the database 9713gets their outgoing mail stamped as 9714.q user@CS.Berkeley.EDU , 9715but people not listed in the database use the local hostname. 9716.sh 3 "Creating the database\*" 9717.(f 9718\These instructions are known to be incomplete. 9719Other features are available which provide similar functionality, 9720e.g., virtual hosting and mapping local addresses into a 9721generic form as explained in cf/README. 9722.)f 9723.pp 9724The user database is built from a text file 9725using the 9726.i makemap 9727utility 9728(in the distribution in the makemap subdirectory). 9729The text file is a series of lines corresponding to userdb records; 9730each line has a key and a value separated by white space. 9731The key is always in the format described above \- 9732for example: 9733.(b 9734eric:maildrop 9735.)b 9736This file is normally installed in a system directory; 9737for example, it might be called 9738.i /etc/mail/userdb . 9739To make the database version of the map, run the program: 9740.(b 9741makemap btree /etc/mail/userdb < /etc/mail/userdb 9742.)b 9743Then create a config file that uses this. 9744For example, using the V8 M4 configuration, include the 9745following line in your .mc file: 9746.(b 9747define(\`confUSERDB_SPEC\', /etc/mail/userdb) 9748.)b 9749.sh 1 "OTHER CONFIGURATION" 9750.pp 9751There are some configuration changes that can be made by 9752recompiling 9753.i sendmail . 9754This section describes what changes can be made 9755and what has to be modified to make them. 9756In most cases this should be unnecessary 9757unless you are porting 9758.i sendmail 9759to a new environment. 9760.sh 2 "Parameters in devtools/OS/$oscf" 9761.pp 9762These parameters are intended to describe the compilation environment, 9763not site policy, 9764and should normally be defined in the operating system 9765configuration file. 9766.b "This section needs a complete rewrite." 9767.ip NDBM 9768If set, 9769the new version of the DBM library 9770that allows multiple databases will be used. 9771If neither NDBM nor NEWDB are set, 9772a much less efficient method of alias lookup is used. 9773.ip NEWDB 9774If set, use the new database package from Berkeley (from 4.4BSD). 9775This package is substantially faster than DBM or NDBM. 9776If NEWDB and NDBM are both set, 9777.i sendmail 9778will read DBM files, 9779but will create and use NEWDB files. 9780.ip NIS 9781Include support for NIS. 9782If set together with 9783.i both 9784NEWDB and NDBM, 9785.i sendmail 9786will create both DBM and NEWDB files if and only if 9787an alias file includes the substring 9788.q /yp/ 9789in the name. 9790This is intended for compatibility with Sun Microsystems' 9791.i mkalias 9792program used on YP masters. 9793.ip NISPLUS 9794Compile in support for NIS+. 9795.ip NETINFO 9796Compile in support for NetInfo (NeXT stations). 9797.ip LDAPMAP 9798Compile in support for LDAP X500 queries. 9799Requires libldap and liblber 9800from the Umich LDAP 3.2 or 3.3 release 9801or equivalent libraries for other LDAP libraries 9802such as OpenLDAP. 9803.ip HESIOD 9804Compile in support for Hesiod. 9805.ip MAP_NSD 9806Compile in support for IRIX NSD lookups. 9807.ip MAP_REGEX 9808Compile in support for regular expression matching. 9809.ip DNSMAP 9810Compile in support for DNS map lookups in the 9811.i sendmail.cf 9812file. 9813.ip PH_MAP 9814Compile in support for ph lookups. 9815.ip SASL 9816Compile in support for SASL, 9817a required component for SMTP Authentication support. 9818.ip STARTTLS 9819Compile in support for STARTTLS. 9820.ip EGD 9821Compile in support for the "Entropy Gathering Daemon" 9822to provide better random data for TLS. 9823.ip TCPWRAPPERS 9824Compile in support for TCP Wrappers. 9825.ip _PATH_SENDMAILCF 9826The pathname of the sendmail.cf file. 9827.ip _PATH_SENDMAILPID 9828The pathname of the sendmail.pid file. 9829.ip SM_CONF_SHM 9830Compile in support for shared memory, see section about 9831"/var/spool/mqueue". 9832.ip MILTER 9833Compile in support for contacting external mail filters built with the 9834Milter API. 9835.pp 9836There are also several compilation flags to indicate the environment 9837such as 9838.q _AIX3 9839and 9840.q _SCO_unix_ . 9841See the sendmail/README 9842file for the latest scoop on these flags. 9843.sh 2 "Parameters in sendmail/conf.h" 9844.pp 9845Parameters and compilation options 9846are defined in conf.h. 9847Most of these need not normally be tweaked; 9848common parameters are all in sendmail.cf. 9849However, the sizes of certain primitive vectors, etc., 9850are included in this file. 9851The numbers following the parameters 9852are their default value. 9853.pp 9854This document is not the best source of information 9855for compilation flags in conf.h \(em 9856see sendmail/README or sendmail/conf.h itself. 9857.nr ii 1.2i 9858.ip "MAXLINE [2048]" 9859The maximum line length of any input line. 9860If message lines exceed this length 9861they will still be processed correctly; 9862however, header lines, 9863configuration file lines, 9864alias lines, 9865etc., 9866must fit within this limit. 9867.ip "MAXNAME [256]" 9868The maximum length of any name, 9869such as a host or a user name. 9870.ip "MAXPV [256]" 9871The maximum number of parameters to any mailer. 9872This limits the number of recipients that may be passed in one transaction. 9873It can be set to any arbitrary number above about 10, 9874since 9875.i sendmail 9876will break up a delivery into smaller batches as needed. 9877A higher number may reduce load on your system, however. 9878.ip "MAXQUEUEGROUPS [50]" 9879The maximum number of queue groups. 9880.ip "MAXATOM [1000]" 9881The maximum number of atoms 9882(tokens) 9883in a single address. 9884For example, 9885the address 9886.q "eric@CS.Berkeley.EDU" 9887is seven atoms. 9888.ip "MAXMAILERS [25]" 9889The maximum number of mailers that may be defined 9890in the configuration file. 9891This value is defined in include/sendmail/sendmail.h. 9892.ip "MAXRWSETS [200]" 9893The maximum number of rewriting sets 9894that may be defined. 9895The first half of these are reserved for numeric specification 9896(e.g., ``S92''), 9897while the upper half are reserved for auto-numbering 9898(e.g., ``Sfoo''). 9899Thus, with a value of 200 an attempt to use ``S99'' will succeed, 9900but ``S100'' will fail. 9901.ip "MAXPRIORITIES [25]" 9902The maximum number of values for the 9903.q Precedence: 9904field that may be defined 9905(using the 9906.b P 9907line in sendmail.cf). 9908.ip "MAXUSERENVIRON [100]" 9909The maximum number of items in the user environment 9910that will be passed to subordinate mailers. 9911.ip "MAXMXHOSTS [100]" 9912The maximum number of MX records we will accept for any single host. 9913.ip "MAXMAPSTACK [12]" 9914The maximum number of maps that may be "stacked" in a 9915.b sequence 9916class map. 9917.ip "MAXMIMEARGS [20]" 9918The maximum number of arguments in a MIME Content-Type: header; 9919additional arguments will be ignored. 9920.ip "MAXMIMENESTING [20]" 9921The maximum depth to which MIME messages may be nested 9922(that is, nested Message or Multipart documents; 9923this does not limit the number of components in a single Multipart document). 9924.ip "MAXDAEMONS [10]" 9925The maximum number of sockets sendmail will open for accepting connections 9926on different ports. 9927.ip "MAXMACNAMELEN [25]" 9928The maximum length of a macro name. 9929.lp 9930A number of other compilation options exist. 9931These specify whether or not specific code should be compiled in. 9932Ones marked with \(dg 9933are 0/1 valued. 9934.nr ii 1.2i 9935.ip NETINET\(dg 9936If set, 9937support for Internet protocol networking is compiled in. 9938Previous versions of 9939.i sendmail 9940referred to this as 9941.sm DAEMON ; 9942this old usage is now incorrect. 9943Defaults on; 9944turn it off in the Makefile 9945if your system doesn't support the Internet protocols. 9946.ip NETINET6\(dg 9947If set, 9948support for IPv6 networking is compiled in. 9949It must be separately enabled by adding 9950.b DaemonPortOptions 9951settings. 9952.ip NETISO\(dg 9953If set, 9954support for ISO protocol networking is compiled in 9955(it may be appropriate to #define this in the Makefile instead of conf.h). 9956.ip NETUNIX\(dg 9957If set, 9958support for UNIX domain sockets is compiled in. 9959This is used for control socket support. 9960.ip LOG 9961If set, 9962the 9963.i syslog 9964routine in use at some sites is used. 9965This makes an informational log record 9966for each message processed, 9967and makes a higher priority log record 9968for internal system errors. 9969.b "STRONGLY RECOMMENDED" 9970\(em if you want no logging, turn it off in the configuration file. 9971.ip MATCHGECOS\(dg 9972Compile in the code to do ``fuzzy matching'' on the GECOS field 9973in /etc/passwd. 9974This also requires that the 9975.b MatchGECOS 9976option be turned on. 9977.ip NAMED_BIND\(dg 9978Compile in code to use the 9979Berkeley Internet Name Domain (BIND) server 9980to resolve TCP/IP host names. 9981.ip NOTUNIX 9982If you are using a non-UNIX mail format, 9983you can set this flag to turn off special processing 9984of UNIX-style 9985.q "From " 9986lines. 9987.ip USERDB\(dg 9988Include the 9989.b experimental 9990Berkeley user information database package. 9991This adds a new level of local name expansion 9992between aliasing and forwarding. 9993It also uses the NEWDB package. 9994This may change in future releases. 9995.lp 9996The following options are normally turned on 9997in per-operating-system clauses in conf.h. 9998.ip IDENTPROTO\(dg 9999Compile in the IDENT protocol as defined in RFC 1413. 10000This defaults on for all systems except Ultrix, 10001which apparently has the interesting 10002.q feature 10003that when it receives a 10004.q "host unreachable" 10005message it closes all open connections to that host. 10006Since some firewall gateways send this error code 10007when you access an unauthorized port (such as 113, used by IDENT), 10008Ultrix cannot receive email from such hosts. 10009.ip SYSTEM5 10010Set all of the compilation parameters appropriate for System V. 10011.ip HASFLOCK\(dg 10012Use Berkeley-style 10013.b flock 10014instead of System V 10015.b lockf 10016to do file locking. 10017Due to the highly unusual semantics of locks 10018across forks in 10019.b lockf , 10020this should always be used if at all possible. 10021.ip HASINITGROUPS 10022Set this if your system has the 10023.i initgroups() 10024call 10025(if you have multiple group support). 10026This is the default if SYSTEM5 is 10027.i not 10028defined or if you are on HPUX. 10029.ip HASUNAME 10030Set this if you have the 10031.i uname (2) 10032system call (or corresponding library routine). 10033Set by default if 10034SYSTEM5 10035is set. 10036.ip HASGETDTABLESIZE 10037Set this if you have the 10038.i getdtablesize (2) 10039system call. 10040.ip HASWAITPID 10041Set this if you have the 10042.i haswaitpid (2) 10043system call. 10044.ip FAST_PID_RECYCLE 10045Set this if your system can possibly 10046reuse the same pid in the same second of time. 10047.ip SFS_TYPE 10048The mechanism that can be used to get file system capacity information. 10049The values can be one of 10050SFS_USTAT (use the ustat(2) syscall), 10051SFS_4ARGS (use the four argument statfs(2) syscall), 10052SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>), 10053SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>), 10054SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>), 10055SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>), 10056or 10057SFS_NONE (no way to get this information). 10058.ip LA_TYPE 10059The load average type. 10060Details are described below. 10061.lp 10062The are several built-in ways of computing the load average. 10063.i Sendmail 10064tries to auto-configure them based on imperfect guesses; 10065you can select one using the 10066.i cc 10067option 10068.b \-DLA_TYPE= \c 10069.i type , 10070where 10071.i type 10072is: 10073.ip LA_INT 10074The kernel stores the load average in the kernel as an array of long integers. 10075The actual values are scaled by a factor FSCALE 10076(default 256). 10077.ip LA_SHORT 10078The kernel stores the load average in the kernel as an array of short integers. 10079The actual values are scaled by a factor FSCALE 10080(default 256). 10081.ip LA_FLOAT 10082The kernel stores the load average in the kernel as an array of 10083double precision floats. 10084.ip LA_MACH 10085Use MACH-style load averages. 10086.ip LA_SUBR 10087Call the 10088.i getloadavg 10089routine to get the load average as an array of doubles. 10090.ip LA_ZERO 10091Always return zero as the load average. 10092This is the fallback case. 10093.lp 10094If type 10095.sm LA_INT , 10096.sm LA_SHORT , 10097or 10098.sm LA_FLOAT 10099is specified, 10100you may also need to specify 10101.sm _PATH_UNIX 10102(the path to your system binary) 10103and 10104.sm LA_AVENRUN 10105(the name of the variable containing the load average in the kernel; 10106usually 10107.q _avenrun 10108or 10109.q avenrun ). 10110.sh 2 "Configuration in sendmail/conf.c" 10111.pp 10112The following changes can be made in conf.c. 10113.sh 3 "Built-in Header Semantics" 10114.pp 10115Not all header semantics are defined in the configuration file. 10116Header lines that should only be included by certain mailers 10117(as well as other more obscure semantics) 10118must be specified in the 10119.i HdrInfo 10120table in 10121.i conf.c . 10122This table contains the header name 10123(which should be in all lower case) 10124and a set of header control flags (described below), 10125The flags are: 10126.ip H_ACHECK 10127Normally when the check is made to see if a header line is compatible 10128with a mailer, 10129.i sendmail 10130will not delete an existing line. 10131If this flag is set, 10132.i sendmail 10133will delete 10134even existing header lines. 10135That is, 10136if this bit is set and the mailer does not have flag bits set 10137that intersect with the required mailer flags 10138in the header definition in 10139sendmail.cf, 10140the header line is 10141.i always 10142deleted. 10143.ip H_EOH 10144If this header field is set, 10145treat it like a blank line, 10146i.e., 10147it will signal the end of the header 10148and the beginning of the message text. 10149.ip H_FORCE 10150Add this header entry 10151even if one existed in the message before. 10152If a header entry does not have this bit set, 10153.i sendmail 10154will not add another header line if a header line 10155of this name already existed. 10156This would normally be used to stamp the message 10157by everyone who handled it. 10158.ip H_TRACE 10159If set, 10160this is a timestamp 10161(trace) 10162field. 10163If the number of trace fields in a message 10164exceeds a preset amount 10165the message is returned 10166on the assumption that it has an aliasing loop. 10167.ip H_RCPT 10168If set, 10169this field contains recipient addresses. 10170This is used by the 10171.b \-t 10172flag to determine who to send to 10173when it is collecting recipients from the message. 10174.ip H_FROM 10175This flag indicates that this field 10176specifies a sender. 10177The order of these fields in the 10178.i HdrInfo 10179table specifies 10180.i sendmail 's 10181preference 10182for which field to return error messages to. 10183.ip H_ERRORSTO 10184Addresses in this header should receive error messages. 10185.ip H_CTE 10186This header is a Content-Transfer-Encoding header. 10187.ip H_CTYPE 10188This header is a Content-Type header. 10189.ip H_STRIPVAL 10190Strip the value from the header (for Bcc:). 10191.nr ii 5n 10192.lp 10193Let's look at a sample 10194.i HdrInfo 10195specification: 10196.(b 10197.ta 4n +\w'"content-transfer-encoding", 'u 10198struct hdrinfo HdrInfo[] = 10199\&{ 10200 /* originator fields, most to least significant / 10201* "resent-sender", H_FROM, 10202 "resent-from", H_FROM, 10203 "sender", H_FROM, 10204 "from", H_FROM, 10205 "full-name", H_ACHECK, 10206 "errors-to", H_FROM\^\|\^H_ERRORSTO, 10207 /* destination fields / 10208* "to", H_RCPT, 10209 "resent-to", H_RCPT, 10210 "cc", H_RCPT, 10211 "bcc", H_RCPT\^\|\^H_STRIPVAL, 10212 /* message identification and control / 10213* "message", H_EOH, 10214 "text", H_EOH, 10215 /* trace fields / 10216* "received", H_TRACE\^\|\^H_FORCE, 10217 /* miscellaneous fields / 10218* "content-transfer-encoding", H_CTE, 10219 "content-type", H_CTYPE, 10220 10221 NULL, 0, 10222}; 10223.)b 10224This structure indicates that the 10225.q To: , 10226.q Resent-To: , 10227and 10228.q Cc: 10229fields 10230all specify recipient addresses. 10231Any 10232.q Full-Name: 10233field will be deleted unless the required mailer flag 10234(indicated in the configuration file) 10235is specified. 10236The 10237.q Message: 10238and 10239.q Text: 10240fields will terminate the header; 10241these are used by random dissenters around the network world. 10242The 10243.q Received: 10244field will always be added, 10245and can be used to trace messages. 10246.pp 10247There are a number of important points here. 10248First, 10249header fields are not added automatically just because they are in the 10250.i HdrInfo 10251structure; 10252they must be specified in the configuration file 10253in order to be added to the message. 10254Any header fields mentioned in the configuration file but not 10255mentioned in the 10256.i HdrInfo 10257structure have default processing performed; 10258that is, 10259they are added unless they were in the message already. 10260Second, 10261the 10262.i HdrInfo 10263structure only specifies cliched processing; 10264certain headers are processed specially by ad hoc code 10265regardless of the status specified in 10266.i HdrInfo . 10267For example, 10268the 10269.q Sender: 10270and 10271.q From: 10272fields are always scanned on ARPANET mail 10273to determine the sender\*; 10274.(f 10275\Actually, this is no longer true in SMTP; 10276this information is contained in the envelope. 10277The older ARPANET protocols did not completely distinguish 10278envelope from header. 10279.)f 10280this is used to perform the 10281.q "return to sender" 10282function. 10283The 10284.q "From:" 10285and 10286.q "Full-Name:" 10287fields are used to determine the full name of the sender 10288if possible; 10289this is stored in the macro 10290.b $x 10291and used in a number of ways. 10292.sh 3 "Restricting Use of Email" 10293.pp 10294If it is necessary to restrict mail through a relay, 10295the 10296.i checkcompat 10297routine can be modified. 10298This routine is called for every recipient address. 10299It returns an exit status 10300indicating the status of the message. 10301The status 10302.sm EX_OK 10303accepts the address, 10304.sm EX_TEMPFAIL 10305queues the message for a later try, 10306and other values 10307(commonly 10308.sm EX_UNAVAILABLE ) 10309reject the message. 10310It is up to 10311.i checkcompat 10312to print an error message 10313(using 10314.i usrerr ) 10315if the message is rejected. 10316For example, 10317.i checkcompat 10318could read: 10319.(b 10320.re 10321.sz -1 10322.ta 4n +4n +4n +4n +4n +4n +4n 10323int 10324checkcompat(to, e) 10325* register ADDRESS to; 10326* register ENVELOPE e; 10327\&{ 10328* register STAB s; 10329* 10330 s = stab("private", ST_MAILER, ST_FIND); 10331 if (s != NULL && e\->e_from.q_mailer != LocalMailer && 10332 to->q_mailer == s->s_mailer) 10333 { 10334 usrerr("No private net mail allowed through this machine"); 10335 return (EX_UNAVAILABLE); 10336 } 10337 if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer)) 10338 { 10339 usrerr("Message too large for non-local delivery"); 10340 e\->e_flags \|= EF_NORETURN; 10341 return (EX_UNAVAILABLE); 10342 } 10343 return (EX_OK); 10344} 10345.sz 10346.)b 10347This would reject messages greater than 50000 bytes 10348unless they were local. 10349The 10350.i EF_NORETURN 10351flag can be set in 10352.i e\(->e_flags 10353to suppress the return of the actual body 10354of the message in the error return. 10355The actual use of this routine is highly dependent on the 10356implementation, 10357and use should be limited. 10358.sh 3 "New Database Map Classes" 10359.pp 10360New key maps can be added by creating a class initialization function 10361and a lookup function. 10362These are then added to the routine 10363.i setupmaps. 10364.pp 10365The initialization function is called as 10366.(b 10367\fIxxx\fP_map_init(MAP map, char args) 10368.)b 10369The 10370.i map 10371is an internal data structure. 10372The 10373.i args 10374is a pointer to the portion of the configuration file line 10375following the map class name; 10376flags and filenames can be extracted from this line. 10377The initialization function must return 10378.sm true 10379if it successfully opened the map, 10380.sm false 10381otherwise. 10382.pp 10383The lookup function is called as 10384.(b 10385\fIxxx\fP_map_lookup(MAP map, char buf[], char av, int statp) 10386.)b 10387The 10388.i map 10389defines the map internally. 10390The 10391.i buf 10392has the input key. 10393This may be (and often is) used destructively. 10394The 10395.i av 10396is a list of arguments passed in from the rewrite line. 10397The lookup function should return a pointer to the new value. 10398If the map lookup fails, 10399.i statp 10400should be set to an exit status code; 10401in particular, it should be set to 10402.sm EX_TEMPFAIL 10403if recovery is to be attempted by the higher level code. 10404.sh 3 "Queueing Function" 10405.pp 10406The routine 10407.i shouldqueue 10408is called to decide if a message should be queued 10409or processed immediately. 10410Typically this compares the message priority to the current load average. 10411The default definition is: 10412.(b 10413bool 10414shouldqueue(pri, ctime) 10415* long pri; 10416 time_t ctime; 10417{ 10418 if (CurrentLA < QueueLA) 10419 return false; 10420 return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1))); 10421} 10422.)b 10423If the current load average 10424(global variable 10425.i CurrentLA , 10426which is set before this function is called) 10427is less than the low threshold load average 10428(option 10429.b x , 10430variable 10431.i QueueLA ), 10432.i shouldqueue 10433returns 10434.sm false 10435immediately 10436(that is, it should 10437.i not 10438queue). 10439If the current load average exceeds the high threshold load average 10440(option 10441.b X , 10442variable 10443.i RefuseLA ), 10444.i shouldqueue 10445returns 10446.sm true 10447immediately. 10448Otherwise, it computes the function based on the message priority, 10449the queue factor 10450(option 10451.b q , 10452global variable 10453.i QueueFactor ), 10454and the current and threshold load averages. 10455.pp 10456An implementation wishing to take the actual age of the message into account 10457can also use the 10458.i ctime 10459parameter, 10460which is the time that the message was first submitted to 10461.i sendmail . 10462Note that the 10463.i pri 10464parameter is already weighted 10465by the number of times the message has been tried 10466(although this tends to lower the priority of the message with time); 10467the expectation is that the 10468.i ctime 10469would be used as an 10470.q "escape clause" 10471to ensure that messages are eventually processed. 10472.sh 3 "Refusing Incoming SMTP Connections" 10473.pp 10474The function 10475.i refuseconnections 10476returns 10477.sm true 10478if incoming SMTP connections should be refused. 10479The current implementation is based exclusively on the current load average 10480and the refuse load average option 10481(option 10482.b X , 10483global variable 10484.i RefuseLA ): 10485.(b 10486bool 10487refuseconnections() 10488{ 10489 return (RefuseLA > 0 && CurrentLA >= RefuseLA); 10490} 10491.)b 10492A more clever implementation 10493could look at more system resources. 10494.sh 3 "Load Average Computation" 10495.pp 10496The routine 10497.i getla 10498returns the current load average (as a rounded integer). 10499The distribution includes several possible implementations. 10500If you are porting to a new environment 10501you may need to add some new tweaks.\** 10502.(f 10503\*If you do, please send updates to 10504sendmail@Sendmail.ORG. 10505.)f 10506.sh 2 "Configuration in sendmail/daemon.c" 10507.pp 10508The file 10509.i sendmail/daemon.c 10510contains a number of routines that are dependent 10511on the local networking environment. 10512The version supplied assumes you have BSD style sockets. 10513.pp 10514In previous releases, 10515we recommended that you modify the routine 10516.i maphostname 10517if you wanted to generalize 10518.b $[ 10519\&...\& 10520.b $] 10521lookups. 10522We now recommend that you create a new keyed map instead. 10523.sh 2 "LDAP" 10524.pp 10525In this section we assume that 10526.i sendmail 10527has been compiled with support for LDAP. 10528.sh 3 "LDAP Recursion" 10529.pp 10530LDAP Recursion allows you to add types to the search attributes on an 10531LDAP map specification. 10532The syntax is: 10533.ip "\-v \fIATTRIBUTE\fP[:\fITYPE\fP[:\fIOBJECTCLASS\fP[\|\fIOBJECTCLASS\fP\|...]]] 10534.pp 10535The new \fITYPE\fPs are: 10536.nr ii 1i 10537.ip NORMAL 10538This attribute type specifies the attribute to add to the results string. 10539This is the default. 10540.ip DN 10541Any matches for this attribute are expected to have a value of a 10542fully qualified distinguished name. 10543.i sendmail 10544will lookup that DN and apply the attributes requested to the 10545returned DN record. 10546.ip FILTER 10547Any matches for this attribute are expected to have a value of an 10548LDAP search filter. 10549.i sendmail 10550will perform a lookup with the same parameters as the original 10551search but replaces the search filter with the one specified here. 10552.ip URL 10553Any matches for this attribute are expected to have a value of an LDAP URL. 10554.i sendmail 10555will perform a lookup of that URL and use the results from the attributes 10556named in that URL. 10557Note however that the search is done using the current LDAP connection, 10558regardless of what is specified as the scheme, LDAP host, and LDAP 10559port in the LDAP URL. 10560.lp 10561Any untyped attributes are considered 10562.sm NORMAL 10563attributes as described above. 10564.pp 10565The optional \fIOBJECTCLASS\fP (\| separated) list contains the 10566objectClass values for which that attribute applies. 10567If the list is given, 10568the attribute named will only be used if the LDAP record being returned is a 10569member of that object class. 10570Note that if these new value attribute \fITYPE\fPs are used in an 10571AliasFile 10572option setting, it will need to be double quoted to prevent 10573.i sendmail 10574from misparsing the colons. 10575.pp 10576Note that LDAP recursion attributes which do not ultimately point to an 10577LDAP record are not considered an error. 10578.sh 4 "Example" 10579.pp 10580Since examples usually help clarify, here is an example which uses all 10581four of the new types: 10582.(b 10583O LDAPDefaultSpec=-h ldap.example.com -b dc=example,dc=com 10584* 10585Kexample ldap 10586 -z, 10587 -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0)) 10588 -v sendmailMTAAliasValue,mail:NORMAL:inetOrgPerson, 10589 uniqueMember:DN:groupOfUniqueNames, 10590 sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject, 10591 sendmailMTAAliasURL:URL:sendmailMTAAliasObject 10592.)b 10593.pp 10594That definition specifies that: 10595.bu 10596Any value in a 10597.sm sendmailMTAAliasValue 10598attribute will be added to the result string regardless of object class. 10599.bu 10600The 10601.sm mail 10602attribute will be added to the result string if 10603the LDAP record is a member of the 10604.sm inetOrgPerson 10605object class. 10606.bu 10607The 10608.sm uniqueMember 10609attribute is a recursive attribute, used only in 10610.sm groupOfUniqueNames 10611records, and should contain an LDAP DN pointing to another LDAP record. 10612The desire here is to return the 10613.sm mail 10614attribute from those DNs. 10615.bu 10616The 10617.sm sendmailMTAAliasSearch 10618attribute and 10619.sm sendmailMTAAliasURL 10620are both used only if referenced in a 10621.sm sendmailMTAAliasObject . 10622They are both recursive, the first for a new LDAP search string and the 10623latter for an LDAP URL. 10624.sh 2 "STARTTLS" 10625.pp 10626In this section we assume that 10627.i sendmail 10628has been compiled with support for STARTTLS. 10629To properly understand the use of STARTTLS in 10630.i sendmail , 10631it is necessary to understand at least some basics about X.509 certificates 10632and public key cryptography. 10633This information can be found in books about SSL/TLS 10634or on WWW sites, e.g., 10635.q http://www.OpenSSL.org/ . 10636.sh 3 "Certificates for STARTTLS" 10637.pp 10638When acting as a server, 10639.i sendmail 10640requires X.509 certificates to support STARTTLS: 10641one as certificate for the server (ServerCertFile and corresponding 10642private ServerKeyFile) 10643at least one root CA (CACertFile), 10644i.e., a certificate that is used to sign other certificates, 10645and a path to a directory which contains other CAs (CACertPath). 10646The file specified via 10647CACertFile 10648can contain several certificates of CAs. 10649The DNs of these certificates are sent 10650to the client during the TLS handshake (as part of the 10651CertificateRequest) as the list of acceptable CAs. 10652However, do not list too many root CAs in that file, otherwise 10653the TLS handshake may fail; e.g., 10654.(b 10655error:14094417:SSL routines:SSL3_READ_BYTES: 10656sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47 10657.)b 10658You should probably put only the CA cert into that file 10659that signed your own cert(s), or at least only those you trust. 10660The CACertPath directory must contain the hashes of each CA certificate 10661as filenames (or as links to them). 10662Symbolic links can be generated with the following 10663two (Bourne) shell commands: 10664.(b 10665C=FileName_of_CA_Certificate 10666ln -s $C `openssl x509 -noout -hash < $C`.0 10667.)b 10668An X.509 certificate is also required for authentication in client mode 10669(ClientCertFile and corresponding private ClientKeyFile), however, 10670.i sendmail 10671will always use STARTTLS when offered by a server. 10672The client and server certificates can be identical. 10673Certificates can be obtained from a certificate authority 10674or created with the help of OpenSSL. 10675The required format for certificates and private keys is PEM. 10676To allow for automatic startup of sendmail, private keys 10677(ServerKeyFile, ClientKeyFile) 10678must be stored unencrypted. 10679The keys are only protected by the permissions of the file system. 10680Never make a private key available to a third party. 10681.sh 3 "PRNG for STARTTLS" 10682.pp 10683STARTTLS requires a strong pseudo random number generator (PRNG) 10684to operate properly. 10685Depending on the TLS library you use, it may be required to explicitly 10686initialize the PRNG with random data. 10687OpenSSL makes use of 10688.b /dev/urandom(4) 10689if available (this corresponds to the compile flag HASURANDOMDEV). 10690On systems which lack this support, a random file must be specified in the 10691.i sendmail.cf 10692file using the option RandFile. 10693It is 10694.b strongly 10695advised to use the "Entropy Gathering Daemon" EGD 10696from Brian Warner on those systems to provide useful random data. 10697In this case, 10698.i sendmail 10699must be compiled with the flag EGD, and the 10700RandFile option must point to the EGD socket. 10701If neither 10702.b /dev/urandom(4) 10703nor EGD are available, you have to make sure 10704that useful random data is available all the time in RandFile. 10705If the file hasn't been modified in the last 10 minutes before 10706it is supposed to be used by 10707.i sendmail 10708the content is considered obsolete. 10709One method for generating this file is: 10710.(b 10711openssl rand -out /etc/mail/randfile -rand \c 10712.i /path/to/file:... \c 10713256 10714.)b 10715See the OpenSSL documentation for more information. 10716In this case, the PRNG for TLS is only 10717seeded with other random data if the 10718.b DontBlameSendmail 10719option 10720.b InsufficientEntropy 10721is set. 10722This is most likely not sufficient for certain actions, e.g., 10723generation of (temporary) keys. 10724.pp 10725Please see the OpenSSL documentation or other sources 10726for further information about certificates, their creation and their usage, 10727the importance of a good PRNG, and other aspects of TLS. 10728.sh 2 "Encoding of STARTTLS and AUTH related Macros" 10729.pp 10730Macros that contain STARTTLS and AUTH related data which comes from outside 10731sources, e.g., all macros containing information from certificates, 10732are encoded to avoid problems with non-printable or special characters. 10733The latter are '\\', '<', '>', '(', ')', '"', '+', and ' '. 10734All of these characters are replaced by their value in hexadecimal 10735with a leading '+'. 10736For example: 10737.(b 10738/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/ 10739Email=darth+cert@endmail.org 10740.)b 10741is encoded as: 10742.(b 10743/C=US/ST=California/O=endmail.org/OU=private/ 10744CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org 10745.)b 10746(line breaks have been inserted for readability). 10747The macros which are subject to this encoding are 10748{cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer}, 10749as well as 10750{auth_authen} and {auth_author}. 10751.sh 1 "ACKNOWLEDGEMENTS" 10752.pp 10753I've worked on 10754.i sendmail 10755for many years, 10756and many employers have been remarkably patient 10757about letting me work on a large project 10758that was not part of my official job. 10759This includes time on the INGRES Project at 10760the University of California at Berkeley, 10761at Britton Lee, 10762and again on the Mammoth and Titan Projects at Berkeley. 10763.pp 10764Much of the second wave of improvements 10765resulting in version 8.1 10766should be credited to Bryan Costales of the 10767International Computer Science Institute. 10768As he passed me drafts of his book on 10769.i sendmail 10770I was inspired to start working on things again. 10771Bryan was also available to bounce ideas off of. 10772.pp 10773Gregory Neil Shapiro 10774of Worcester Polytechnic Institute 10775has become instrumental in all phases of 10776.i sendmail 10777support and development, 10778and was largely responsible for getting versions 8.8 and 8.9 10779out the door. 10780.pp 10781Many, many people contributed chunks of code and ideas to 10782.i sendmail . 10783It has proven to be a group network effort. 10784Version 8 in particular was a group project. 10785The following people and organizations made notable contributions: 10786.(l 10787Claus Assmann 10788John Beck, Hewlett-Packard & Sun Microsystems 10789Keith Bostic, CSRG, University of California, Berkeley 10790Andrew Cheng, Sun Microsystems 10791Michael J. Corrigan, University of California, San Diego 10792Bryan Costales, International Computer Science Institute & InfoBeat 10793Pa\:r (Pell) Emanuelsson 10794Craig Everhart, Transarc Corporation 10795Per Hedeland, Ericsson 10796Tom Ivar Helbekkmo, Norwegian School of Economics 10797Kari Hurtta, Finnish Meteorological Institute 10798Allan E. Johannesen, WPI 10799Jonathan Kamens, OpenVision Technologies, Inc. 10800Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd. 10801Brian Kantor, University of California, San Diego 10802John Kennedy, Cal State University, Chico 10803Murray S. Kucherawy, HookUp Communication Corp. 10804Bruce Lilly, Sony U.S. 10805Karl London 10806Motonori Nakamura, Ritsumeikan University & Kyoto University 10807John Gardiner Myers, Carnegie Mellon University 10808Neil Rickert, Northern Illinois University 10809Gregory Neil Shapiro, WPI 10810Eric Schnoebelen, Convex Computer Corp. 10811Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam 10812Randall Winchester, University of Maryland 10813Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris) 10814Exactis.com, Inc. 10815.)l 10816I apologize for anyone I have omitted, misspelled, misattributed, or 10817otherwise missed. 10818At this point, I suspect that at least a hundred people 10819have contributed code, 10820and many more have contributed ideas, comments, and encouragement. 10821I've tried to list them in the RELEASE_NOTES in the distribution directory. 10822I appreciate their contribution as well. 10823.pp 10824Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel, 10825who besides being wonderful guinea pigs and contributors 10826have also consented to be added to the ``sendmail@Sendmail.ORG'' list 10827and, by answering the bulk of the questions sent to that list, 10828have freed me up to do other work. 10829.++ A 10830.+c "COMMAND LINE FLAGS" 10831.ba 0 10832.nr ii 1i 10833.pp 10834Arguments must be presented with flags before addresses. 10835The flags are: 10836.ip \-A\fIx\fP 10837Select an alternative .cf file which is either 10838.i sendmail.cf 10839for 10840.b \-Am 10841or 10842.i submit.cf 10843for 10844.b \-Ac . 10845By default the .cf file is chosen based on the operation mode. 10846For 10847.b -bm 10848(default), 10849.b -bs , 10850and 10851.b -t 10852it is 10853.i submit.cf 10854if it exists, for all others it is 10855.i sendmail.cf . 10856.ip \-b\fIx\fP 10857Set operation mode to 10858.i x . 10859Operation modes are: 10860.(b 10861.ta 4n 10862m Deliver mail (default) 10863s Speak SMTP on input side 10864a\(dg ``Arpanet'' mode (get envelope sender information from header) 10865d Run as a daemon in background 10866D Run as a daemon in foreground 10867t Run in test mode 10868v Just verify addresses, don't collect or deliver 10869i Initialize the alias database 10870p Print the mail queue 10871P Print overview over the mail queue (requires shared memory) 10872h Print the persistent host status database 10873H Purge expired entries from the persistent host status database 10874.)b 10875.(f 10876\(dgDeprecated. 10877.)f 10878.ip \-B\fItype\fP 10879Indicate body type. 10880.ip \-C\fIfile\fP 10881Use a different configuration file. 10882.i Sendmail 10883runs as the invoking user (rather than root) 10884when this flag is specified. 10885.ip "\-D \fIlogfile\fP" 10886Send debugging output to the indicated 10887.i logfile 10888instead of stdout. 10889.ip \-d\fIlevel\fP 10890Set debugging level. 10891.ip "\-f\ \fIaddr\fP" 10892The envelope sender address is set to 10893.i addr . 10894This address may also be used in the From: header 10895if that header is missing during initial submission. 10896The envelope sender address is used as the recipient 10897for delivery status notifications 10898and may also appear in a Return-Path: header. 10899.ip \-F\ \fIname\fP 10900Sets the full name of this user to 10901.i name . 10902.ip \-G 10903When accepting messages via the command line, 10904indicate that they are for relay (gateway) submission. 10905sendmail may complain about syntactically invalid messages, 10906e.g., unqualified host names, 10907rather than fixing them when this flag is set. 10908sendmail will not do any canonicalization in this mode. 10909.ip "\-h\ \fIcnt\fP" 10910Sets the 10911.q "hop count" 10912to 10913.i cnt . 10914This represents the number of times this message has been processed 10915by 10916.i sendmail 10917(to the extent that it is supported by the underlying networks). 10918.i Cnt 10919is incremented during processing, 10920and if it reaches 10921MAXHOP 10922(currently 25) 10923.i sendmail 10924throws away the message with an error. 10925.ip "\-L \fItag\fP" 10926Sets the identifier used for syslog. 10927Note that this identifier is set 10928as early as possible. 10929However, 10930.i sendmail 10931may be used 10932if problems arise 10933before the command line arguments 10934are processed. 10935.ip \-n 10936Don't do aliasing or forwarding. 10937.ip "\-N \fInotifications\fP" 10938Tag all addresses being sent as wanting the indicated 10939.i notifications , 10940which consists of the word 10941.q NEVER 10942or a comma-separated list of 10943.q SUCCESS , 10944.q FAILURE , 10945and 10946.q DELAY 10947for successful delivery, 10948failure, 10949and a message that is stuck in a queue somewhere. 10950The default is 10951.q FAILURE,DELAY . 10952.ip "\-r\ \fIaddr\fP" 10953An obsolete form of 10954.b \-f . 10955.ip \-o\fIx\\|value\fP 10956Set option 10957.i x 10958to the specified 10959.i value . 10960These options are described in Section 5.6. 10961.ip \-O\fIoption\fP\fB=\fP\fIvalue\fP 10962Set 10963.i option 10964to the specified 10965.i value 10966(for long form option names). 10967These options are described in Section 5.6. 10968.ip \-M\fIx\\|value\fP 10969Set macro 10970.i x 10971to the specified 10972.i value . 10973.ip \-p\fIprotocol\fP 10974Set the sending protocol. 10975Programs are encouraged to set this. 10976The protocol field can be in the form 10977.i protocol \c 10978.b : \c 10979.i host 10980to set both the sending protocol and sending host. 10981For example, 10982.q \-pUUCP:uunet 10983sets the sending protocol to UUCP 10984and the sending host to uunet. 10985(Some existing programs use \-oM to set the r and s macros; 10986this is equivalent to using \-p.) 10987.ip \-q\fItime\fP 10988Try to process the queued up mail. 10989If the time is given, 10990a 10991.i sendmail 10992will start one or more processes to run through the queue(s) at the specified 10993time interval to deliver queued mail; otherwise, it only runs once. 10994Each of these processes acts on a workgroup. 10995These processes are also known as workgroup processes or WGP's for short. 10996Each workgroup is responsible for controlling the processing of one or 10997more queues; workgroups help manage the use of system resources by sendmail. 10998Each workgroup may have one or more children concurrently processing 10999queues depending on the setting of \fIMaxQueueChildren\fP. 11000.ip \-qp\fItime\fP 11001Similar to \-q with a time argument, 11002except that instead of periodically starting WGP's 11003sendmail starts persistent WGP's 11004that alternate between processing queues and sleeping. 11005The sleep time is specified by the time argument; it defaults to 1 second, 11006except that a WGP always sleeps at least 5 seconds if their queues were 11007empty in the previous run. 11008Persistent processes are managed by a queue control process (QCP). 11009The QCP is the parent process of the WGP's. 11010Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD) 11011or a special process (named Queue control) (when started without \-bd or \-bD). 11012If a persistent WGP ceases to be active for some reason 11013another WGP will be started by the QCP for the same workgroup 11014in most cases. When a persistent WGP has core dumped, the debug flag 11015\fIno_persistent_restart\fP is set or the specific persistent WGP has been 11016restarted too many times already then the WGP will not be started again 11017and a message will be logged to this effect. 11018To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate 11019signal should be sent to the QCP. The QCP will propagate the signal to all of 11020the WGP's and if appropriate restart the persistent WGP's. 11021.ip \-q\fIGname\fP 11022Run the jobs in the queue group 11023.i name 11024once. 11025.ip \-q[!]\fIXstring\fP 11026Run the queue once, 11027limiting the jobs to those matching 11028.i Xstring . 11029The key letter 11030.i X 11031can be 11032.b I 11033to limit based on queue identifier, 11034.b R 11035to limit based on recipient, 11036.b S 11037to limit based on sender, 11038or 11039.b Q 11040to limit based on quarantine reason for quarantined jobs. 11041A particular queued job is accepted if one of the corresponding attributes 11042contains the indicated 11043.i string . 11044The optional ! character negates the condition tested. 11045Multiple 11046.i \-q\fIX\fP 11047flags are permitted, 11048with items with the same key letter 11049.q or'ed 11050together, and items with different key letters 11051.q and'ed 11052together. 11053.ip "\-Q[reason]" 11054Quarantine a normal queue items with the given reason or 11055unquarantine quarantined queue items if no reason is given. 11056This should only be used with some sort of item matching using 11057.b \-q[!]\fIXstring\fP 11058as described above. 11059.ip "\-R ret" 11060What information you want returned if the message bounces; 11061.i ret 11062can be 11063.q HDRS 11064for headers only or 11065.q FULL 11066for headers plus body. 11067This is a request only; 11068the other end is not required to honor the parameter. 11069If 11070.q HDRS 11071is specified local bounces also return only the headers. 11072.ip \-t 11073Read the header for 11074.q To: , 11075.q Cc: , 11076and 11077.q Bcc: 11078lines, and send to everyone listed in those lists. 11079The 11080.q Bcc: 11081line will be deleted before sending. 11082Any addresses in the argument vector will be deleted 11083from the send list. 11084.ip "\-V envid" 11085The indicated 11086.i envid 11087is passed with the envelope of the message 11088and returned if the message bounces. 11089.ip "\-X \fIlogfile\fP" 11090Log all traffic in and out of 11091.i sendmail 11092in the indicated 11093.i logfile 11094for debugging mailer problems. 11095This produces a lot of data very quickly and should be used sparingly. 11096.pp 11097There are a number of options that may be specified as 11098primitive flags. 11099These are the e, i, m, and v options. 11100Also, 11101the f option 11102may be specified as the 11103.b \-s 11104flag. 11105The DSN related options 11106.q "\-N" , 11107.q "\-R" , 11108and 11109.q "\-V" 11110have no effects on 11111.i sendmail 11112running as daemon. 11113.+c "QUEUE FILE FORMATS" 11114.pp 11115This appendix describes the format of the queue files. 11116These files live in a queue directory. 11117The individual qf, hf, Qf, df, and xf files 11118may be stored in separate 11119.i qf/ , 11120.i df/ , 11121and 11122.i xf/ 11123subdirectories 11124if they are present in the queue directory. 11125.pp 11126All queue files have the name 11127.i ttYMDhmsNNppppp 11128where 11129.i YMDhmsNNppppp 11130is the 11131.i id 11132for this message 11133and the 11134.i tt 11135is a type. 11136The individual letters in the 11137.i id 11138are: 11139.nr ii 0.5i 11140.ip Y 11141Encoded year 11142.ip M 11143Encoded month 11144.ip D 11145Encoded day 11146.ip h 11147Encoded hour 11148.ip m 11149Encoded minute 11150.ip s 11151Encoded second 11152.ip NN 11153Encoded envelope number 11154.ip ppppp 11155At least five decimal digits of the process ID 11156.pp 11157All files with the same id collectively define one message. 11158Due to the use of memory-buffered files, 11159some of these files may never appear on disk. 11160.pp 11161The types are: 11162.nr ii 0.5i 11163.ip qf 11164The queue control file. 11165This file contains the information necessary to process the job. 11166.ip hf 11167The same as a queue control file, but for a quarantined queue job. 11168.ip df 11169The data file. 11170The message body (excluding the header) is kept in this file. 11171Sometimes the df file is not stored in the same directory as the qf file; 11172in this case, 11173the qf file contains a `d' record which names the queue directory 11174that contains the df file. 11175.ip tf 11176A temporary file. 11177This is an image of the 11178.b qf 11179file when it is being rebuilt. 11180It should be renamed to a 11181.b qf 11182file very quickly. 11183.ip xf 11184A transcript file, 11185existing during the life of a session 11186showing everything that happens 11187during that session. 11188Sometimes the xf file must be generated before a queue group has been selected; 11189in this case, 11190the xf file will be stored in a directory of the default queue group. 11191.ip Qf 11192A ``lost'' queue control file. 11193.i sendmail 11194renames a 11195.b qf 11196file to 11197.b Qf 11198if there is a severe (configuration) problem that cannot be solved without 11199human intervention. 11200Search the logfile for the queue file id to figure out what happened. 11201After you resolved the problem, you can rename the 11202.b Qf 11203file to 11204.b qf 11205and send it again. 11206.pp 11207The queue control file is structured as a series of lines 11208each beginning with a code letter. 11209The lines are as follows: 11210.ip V 11211The version number of the queue file format, 11212used to allow new 11213.i sendmail 11214binaries to read queue files created by older versions. 11215Defaults to version zero. 11216Must be the first line of the file if present. 11217For 8.12 the version number is 6. 11218.ip A 11219The information given by the AUTH= parameter of the 11220.q "MAIL FROM:" 11221command or $f@$j 11222if sendmail has been called directly. 11223.ip H 11224A header definition. 11225There may be any number of these lines. 11226The order is important: 11227they represent the order in the final message. 11228These use the same syntax 11229as header definitions in the configuration file. 11230.ip C 11231The controlling address. 11232The syntax is 11233.q localuser:aliasname . 11234Recipient addresses following this line 11235will be flagged so that deliveries will be run as the 11236.i localuser 11237(a user name from the /etc/passwd file); 11238.i aliasname 11239is the name of the alias that expanded to this address 11240(used for printing messages). 11241.ip q 11242The quarantine reason for quarantined queue items. 11243.ip Q 11244The ``original recipient'', 11245specified by the ORCPT= field in an ESMTP transaction. 11246Used exclusively for Delivery Status Notifications. 11247It applies only to the following `R' line. 11248.ip r 11249The ``final recipient'' 11250used for Delivery Status Notifications. 11251It applies only to the following `R' line. 11252.ip R 11253A recipient address. 11254This will normally be completely aliased, 11255but is actually realiased when the job is processed. 11256There will be one line for each recipient. 11257Version 1 qf files 11258also include a leading colon-terminated list of flags, 11259which can be 11260`S' to return a message on successful final delivery, 11261`F' to return a message on failure, 11262`D' to return a message if the message is delayed, 11263`B' to indicate that the body should be returned, 11264`N' to suppress returning the body, 11265and 11266`P' to declare this as a ``primary'' (command line or SMTP-session) address. 11267.ip S 11268The sender address. 11269There may only be one of these lines. 11270.ip T 11271The job creation time. 11272This is used to compute when to time out the job. 11273.ip P 11274The current message priority. 11275This is used to order the queue. 11276Higher numbers mean lower priorities. 11277The priority changes 11278as the message sits in the queue. 11279The initial priority depends on the message class 11280and the size of the message. 11281.ip M 11282A message. 11283This line is printed by the 11284.i mailq 11285command, 11286and is generally used to store status information. 11287It can contain any text. 11288.ip F 11289Flag bits, represented as one letter per flag. 11290Defined flag bits are 11291.b r 11292indicating that this is a response message 11293and 11294.b w 11295indicating that a warning message has been sent 11296announcing that the mail has been delayed. 11297Other flag bits are: 11298.b 8 : 11299the body contains 8bit data, 11300.b b : 11301a Bcc: header should be removed, 11302.b d : 11303the mail has RET parameters (see RFC 1894), 11304.b n : 11305the body of the message should not be returned 11306in case of an error, 11307.b s : 11308the envelope has been split. 11309.ip N 11310The total number of delivery attempts. 11311.ip K 11312The time (as seconds since January 1, 1970) 11313of the last delivery attempt. 11314.ip d 11315If the df file is in a different directory than the qf file, 11316then a `d' record is present, 11317specifying the directory in which the df file resides. 11318.ip I 11319The i-number of the data file; 11320this can be used to recover your mail queue 11321after a disastrous disk crash. 11322.ip $ 11323A macro definition. 11324The values of certain macros 11325are passed through to the queue run phase. 11326.ip B 11327The body type. 11328The remainder of the line is a text string defining the body type. 11329If this field is missing, 11330the body type is assumed to be 11331.q "undefined" 11332and no special processing is attempted. 11333Legal values are 11334.q 7BIT 11335and 11336.q 8BITMIME . 11337.ip Z 11338The original envelope id (from the ESMTP transaction). 11339For Deliver Status Notifications only. 11340.pp 11341As an example, 11342the following is a queue file sent to 11343.q eric@mammoth.Berkeley.EDU 11344and 11345.q bostic@okeeffe.CS.Berkeley.EDU \: 11346.(f 11347\This example is contrived and probably inaccurate for your environment. 11348Glance over it to get an idea; 11349nothing can replace looking at what your own system generates. 11350.)f 11351.(b 11352V4 11353T711358135 11354K904446490 11355N0 11356P2100941 11357$_eric@localhost 11358${daemon_flags} 11359Seric 11360Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU 11361RPFD:eric@mammoth.Berkeley.EDU 11362RPFD:bostic@okeeffe.CS.Berkeley.EDU 11363H?P?Return-path: <^g> 11364H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703; 11365* Fri, 17 Jul 1992 00:28:55 -0700 11366H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7) 11367 id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700 11368H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5) 11369 id AA22777; Fri, 17 Jul 1992 03:29:14 -0400 11370H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C) 11371 id AA22757; Fri, 17 Jul 1992 09:31:25 GMT 11372H?F?From: eric@foo.bar.baz.de (Eric Allman) 11373H?x?Full-name: Eric Allman 11374H??Message-id: <9207170931.AA22757@foo.bar.baz.de> 11375H??To: sendmail@vangogh.CS.Berkeley.EDU 11376H??Subject: this is an example message 11377.)b 11378This shows 11379the person who sent the message, 11380the submission time 11381(in seconds since January 1, 1970), 11382the message priority, 11383the message class, 11384the recipients, 11385and the headers for the message. 11386.+c "SUMMARY OF SUPPORT FILES" 11387.pp 11388This is a summary of the support files 11389that 11390.i sendmail 11391creates or generates. 11392Many of these can be changed by editing the sendmail.cf file; 11393check there to find the actual pathnames. 11394.nr ii 1i 11395.ip "/usr/\(SD/sendmail" 11396The binary of 11397.i sendmail . 11398.ip /usr/\(SB/newaliases 11399A link to /usr/\(SD/sendmail; 11400causes the alias database to be rebuilt. 11401Running this program is completely equivalent to giving 11402.i sendmail 11403the 11404.b \-bi 11405flag. 11406.ip /usr/\(SB/mailq 11407Prints a listing of the mail queue. 11408This program is equivalent to using the 11409.b \-bp 11410flag to 11411.i sendmail . 11412.ip /etc/mail/sendmail.cf 11413The configuration file, 11414in textual form. 11415.ip /etc/mail/helpfile 11416The SMTP help file. 11417.ip /etc/mail/statistics 11418A statistics file; need not be present. 11419.ip /etc/mail/sendmail.pid 11420Created in daemon mode; 11421it contains the process id of the current SMTP daemon. 11422If you use this in scripts; 11423use ``head \-1'' to get just the first line; 11424the second line contains the command line used to invoke the daemon, 11425and later versions of 11426.i sendmail 11427may add more information to subsequent lines. 11428.ip /etc/mail/aliases 11429The textual version of the alias file. 11430.ip /etc/mail/aliases.db 11431The alias file in 11432.i hash \\|(3) 11433format. 11434.ip /etc/mail/aliases.{pag,dir} 11435The alias file in 11436.i ndbm \\|(3) 11437format. 11438.ip /var/spool/mqueue 11439The directory in which the mail queue(s) 11440and temporary files reside. 11441.ip /var/spool/mqueue/qf* 11442Control (queue) files for messages. 11443.ip /var/spool/mqueue/df* 11444Data files. 11445.ip /var/spool/mqueue/tf* 11446Temporary versions of the qf files, 11447used during queue file rebuild. 11448.ip /var/spool/mqueue/xf* 11449A transcript of the current session. 11450.if o \ 11451\{\ 11452. bp 11453. rs 11454. sp \|4i 11455. ce 2 11456This page intentionally left blank; 11457replace it with a blank sheet for double-sided output. 11458.\} 11459.\".ro 11460.\".ls 1 11461.\".tp 11462.\".sp 2i 11463.\".in 0 11464.\".ce 100 11465.\".sz 24 11466.\".b SENDMAIL 11467.\".sz 14 11468.\".sp 11469.\"INSTALLATION AND OPERATION GUIDE 11470.\".sp 11471.\".sz 10 11472.\"Eric Allman 11473.\".sp
11470.\"Version $Revision: 8.747 $	11474.\"Version $Revision: 8.749 $
11471.\".ce 0 11472.bp 3 11473.ce 11474.sz 12 11475TABLE OF CONTENTS 11476.sz 10 11477.sp 11478.\" remove some things to avoid "out of temp file space" problem 11479.rm sh 11480.rm (x 11481.rm )x 11482.rm ip 11483.rm pp 11484.rm lp 11485.rm he 11486.rm fo 11487.rm eh 11488.rm oh 11489.rm ef 11490.rm of 11491.xp 11492.if o \ 11493\{\ 11494. bp 11495. rs 11496. sp \|4i 11497. ce 2 11498This page intentionally left blank; 11499replace it with a blank sheet for double-sided output. 11500.\}	11475.\".ce 0 11476.bp 3 11477.ce 11478.sz 12 11479TABLE OF CONTENTS 11480.sz 10 11481.sp 11482.\" remove some things to avoid "out of temp file space" problem 11483.rm sh 11484.rm (x 11485.rm )x 11486.rm ip 11487.rm pp 11488.rm lp 11489.rm he 11490.rm fo 11491.rm eh 11492.rm oh 11493.rm ef 11494.rm of 11495.xp 11496.if o \ 11497\{\ 11498. bp 11499. rs 11500. sp \|4i 11501. ce 2 11502This page intentionally left blank; 11503replace it with a blank sheet for double-sided output. 11504.\}