91.rm Ve
92.sp
93For Sendmail Version 8.11
94.)l
95.(f
96Sendmail is a trademark of Sendmail, Inc.
97.)f
98.sp 2
99.pp
100.i Sendmail \u\s-2TM\s0\d
101implements a general purpose internetwork mail routing facility
102under the UNIX\(rg
103operating system.
104It is not tied to any one transport protocol \*-
105its function may be likened to a crossbar switch,
106relaying messages from one domain into another.
107In the process,
108it can do a limited amount of message header editing
109to put the message into a format that is appropriate
110for the receiving domain.
111All of this is done under the control of a configuration file.
112.pp
113Due to the requirements of flexibility
114for
115.i sendmail ,
116the configuration file can seem somewhat unapproachable.
117However, there are only a few basic configurations
118for most sites,
119for which standard configuration files have been supplied.
120Most other configurations
121can be built by adjusting an existing configuration file
122incrementally.
123.pp
124.i Sendmail
125is based on
126RFC821 (Simple Mail Transport Protocol),
127RFC822 (Internet Mail Headers Format),
128RFC974 (MX routing),
129RFC1123 (Internet Host Requirements),
130RFC2045 (MIME),
131RFC1869 (SMTP Service Extensions),
132RFC1652 (SMTP 8BITMIME Extension),
133RFC1870 (SMTP SIZE Extension),
134RFC1891 (SMTP Delivery Status Notifications),
135RFC1892 (Multipart/Report),
136RFC1893 (Enhanced Mail System Status Codes),
137RFC1894 (Delivery Status Notifications),
138RFC1985 (SMTP Service Extension for Remote Message Queue Starting),
139RFC2033 (Local Message Transmission Protocol),
140RFC2034 (SMTP Service Extension for Returning Enhanced Error Codes),
141RFC2476 (Message Submission),
142RFC2487 (SMTP Service Extension for Secure SMTP over TLS),
143and
144RFC2554 (SMTP Service Extension for Authentication).
145However, since
146.i sendmail
147is designed to work in a wider world,
148in many cases it can be configured to exceed these protocols.
149These cases are described herein.
150.pp
151Although
152.i sendmail
153is intended to run
154without the need for monitoring,
155it has a number of features
156that may be used to monitor or adjust the operation
157under unusual circumstances.
158These features are described.
159.pp
160Section one describes how to do a basic
161.i sendmail
162installation.
163Section two
164explains the day-to-day information you should know
165to maintain your mail system.
166If you have a relatively normal site,
167these two sections should contain sufficient information
168for you to install
169.i sendmail
170and keep it happy.
171Section three
172describes some parameters that may be safely tweaked.
173Section four
174has information regarding the command line arguments.
175Section five
176contains the nitty-gritty information about the configuration
177file.
178This section is for masochists
179and people who must write their own configuration file.
180Section six
181describes configuration that can be done at compile time.
182The appendixes give a brief
183but detailed explanation of a number of features
184not described in the rest of the paper.
185.bp 7
186.sh 1 "BASIC INSTALLATION"
187.pp
188There are two basic steps to installing
189.i sendmail .
190First, you have to compile and install the binary.
191If
192.i sendmail
193has already been ported to your operating system
194that should be simple.
195Second, you must build a run-time configuration file.
196This is a file that
197.i sendmail
198reads when it starts up
199that describes the mailers it knows about,
200how to parse addresses,
201how to rewrite the message header,
202and the settings of various options.
203Although the configuration file can be quite complex,
204a configuration can usually be built
205using an M4-based configuration language.
206.pp
207The remainder of this section will describe the installation of
208.i sendmail
209assuming you can use one of the existing configurations
210and that the standard installation parameters are acceptable.
211All pathnames and examples
212are given from the root of the
213.i sendmail
214subtree,
215normally
216.i /usr/src/usr.\*(SD/sendmail
217on 4.4BSD.
218.pp
219If you are loading this off the tape,
220continue with the next section.
221If you have a running binary already on your system,
222you should probably skip to section 1.2.
223.sh 2 "Compiling Sendmail"
224.pp
225All
226.i sendmail
227source is in the
228.i sendmail
229subdirectory.
230To compile sendmail,
231.q cd
232into the
233.i sendmail
234directory and type
235.(b
236\&./Build
237.)b
238This will leave the binary in an appropriately named subdirectory,
239e.g.,
240obj.BSD-OS.2.1.i386.
241It works for multiple object versions
242compiled out of the same directory.
243.sh 3 "Tweaking the Build Invocation"
244.pp
245You can give parameters on the
246.i Build
247command.
248In most cases these are only used when the
249.i obj.*
250directory is first created.
251These commands include:
252.nr ii 0.5i
253.ip "\-L \fIlibdirs\fP"
254A list of directories to search for libraries.
255.ip "\-I \fIincdirs\fP"
256A list of directories to search for include files.
257.ip "\-E \fIenvar\fP=\fIvalue\fP"
258Set an environment variable to an indicated
259.i value
260before compiling.
261.ip "\-c"
262Create a new
263.i obj.*
264tree before running.
265.ip "\-f \fIsiteconfig\fP"
266Read the indicated site configuration file.
267If this parameter is not specified,
268.i Build
269includes
270.i all
271of the files
272.i $BUILDTOOLS/Site/site.$oscf.m4
273and
274.i $BUILDTOOLS/Site/site.config.m4 ,
275where $BUILDTOOLS is normally
276.i \&../devtools
277and $oscf is the same name as used on the
278.i obj.*
279directory.
280See below for a description of the site configuration file.
281.ip "\-S"
282Skip auto-configuration.
283.i Build
284will avoid auto-detecting libraries if this is set.
285All libraries and map definitions must be specified
286in the site configuration file.
287.lp
288Any other parameters are passed to the
289.i make
290program.
291.sh 3 "Creating a Site Configuration File"
292.\"XXX
293.pp
294(This section is not yet complete.
295For now, see the file devtools/README for details.)
296See sendmail/README for various compilation flags that can be set.
297.sh 3 "Tweaking the Makefile"
298.pp
299.\" .b "XXX This should all be in the Site Configuration File section."
300.i Sendmail
301supports two different formats
302for the local (on disk) version of databases,
303notably the
304.i aliases
305database.
306At least one of these should be defined if at all possible.
307.nr ii 1i
308.ip NDBM
309The ``new DBM'' format,
310available on nearly all systems around today.
311This was the preferred format prior to 4.4BSD.
312It allows such complex things as multiple databases
313and closing a currently open database.
314.ip NEWDB
315The Berkeley DB package.
316If you have this, use it.
317It allows
318long records,
319multiple open databases,
320real in-memory caching,
321and so forth.
322You can define this in conjunction with
323.sm NDBM ;
324if you do,
325old alias databases are read,
326but when a new database is created it will be in NEWDB format.
327As a nasty hack,
328if you have NEWDB, NDBM, and NIS defined,
329and if the alias file name includes the substring
330.q /yp/ ,
331.i sendmail
332will create both new and old versions of the alias file
333during a
334.i newalias
335command.
336This is required because the Sun NIS/YP system
337reads the DBM version of the alias file.
338It's ugly as sin,
339but it works.
340.lp
341If neither of these are defined,
342.i sendmail
343reads the alias file into memory on every invocation.
344This can be slow and should be avoided.
345There are also several methods for remote database access:
346.ip NIS
347Sun's Network Information Services (formerly YP).
348.ip NISPLUS
349Sun's NIS+ services.
350.ip NETINFO
351NeXT's NetInfo service.
352.ip HESIOD
353Hesiod service (from Athena).
354.lp
355Other compilation flags are set in conf.h
356and should be predefined for you
357unless you are porting to a new environment.
358.sh 3 "Compilation and installation"
359.pp
360After making the local system configuration described above,
361You should be able to compile and install the system.
362The script
363.q Build
364is the best approach on most systems:
365.(b
366\&./Build
367.)b
368This will use
369.i uname (1)
370to create a custom Makefile for your environment.
371.pp
372If you are installing in the standard places,
373you should be able to install using
374.(b
375\&./Build install
376.)b
377This should install the binary in
378/usr/\*(SD
379and create links from
380/usr/\*(SB/newaliases
381and
382/usr/\*(SB/mailq
383to
384/usr/\*(SD/sendmail.
385On 4.4BSD systems it will also format and install man pages.
386.sh 2 "Configuration Files"
387.pp
388.i Sendmail
389cannot operate without a configuration file.
390The configuration defines the mail delivery mechanisms understood at this site,
391how to access them,
392how to forward email to remote mail systems,
393and a number of tuning parameters.
394This configuration file is detailed
395in the later portion of this document.
396.pp
397The
398.i sendmail
399configuration can be daunting at first.
400The world is complex,
401and the mail configuration reflects that.
402The distribution includes an m4-based configuration package
403that hides a lot of the complexity.
404.pp
405These configuration files are simpler than old versions
406largely because the world has become simpler;
407in particular,
408text-based host files are officially eliminated,
409obviating the need to
410.q hide
411hosts behind a registered internet gateway.
412.pp
413These files also assume that most of your neighbors
414use domain-based UUCP addressing;
415that is,
416instead of naming hosts as
417.q host!user
418they will use
419.q host.domain!user .
420The configuration files can be customized to work around this,
421but it is more complex.
422.pp
423Our configuration files are processed by
424.i m4
425to facilitate local customization;
426the directory
427.i cf
428of the
429.i sendmail
430distribution directory
431contains the source files.
432This directory contains several subdirectories:
433.nr ii 1i
434.ip cf
435Both site-dependent and site-independent descriptions of hosts.
436These can be literal host names
437(e.g.,
438.q ucbvax.mc )
439when the hosts are gateways
440or more general descriptions
441(such as
442.q "generic-solaris2.mc"
443as a general description of an SMTP-connected host
444running Solaris 2.x.
445Files ending
446.b \&.mc
447(``Master Configuration'')
448are the input descriptions;
449the output is in the corresponding
450.b \&.cf
451file.
452The general structure of these files is described below.
453.ip domain
454Site-dependent subdomain descriptions.
455These are tied to the way your organization wants to do addressing.
456For example,
457.b domain/CS.Berkeley.EDU.m4
458is our description for hosts in the CS.Berkeley.EDU subdomain.
459These are referenced using the
460.sm DOMAIN
461.b m4
462macro in the
463.b \&.mc
464file.
465.ip feature
466Definitions of specific features that some particular host in your site
467might want.
468These are referenced using the
469.sm FEATURE
470.b m4
471macro.
472An example feature is
473use_cw_file
474(which tells
475.i sendmail
476to read an /etc/mail/local-host-names file on startup
477to find the set of local names).
478.ip hack
479Local hacks, referenced using the
480.sm HACK
481.b m4
482macro.
483Try to avoid these.
484The point of having them here is to make it clear that they smell.
485.ip m4
486Site-independent
487.i m4 (1)
488include files that have information common to all configuration files.
489This can be thought of as a
490.q #include
491directory.
492.ip mailer
493Definitions of mailers,
494referenced using the
495.sm MAILER
496.b m4
497macro.
498The mailer types that are known in this distribution are
499fax,
500local,
501smtp,
502uucp,
503and usenet.
504For example, to include support for the UUCP-based mailers,
505use
506.q MAILER(uucp) .
507.ip ostype
508Definitions describing various operating system environments
509(such as the location of support files).
510These are referenced using the
511.sm OSTYPE
512.b m4
513macro.
514.ip sh
515Shell files used by the
516.b m4
517build process.
518You shouldn't have to mess with these.
519.ip siteconfig
520Local UUCP connectivity information.
521This directory has been supplanted by the mailertable feature;
522any new configurations should use that feature to do UUCP
523(and other) routing.
524.pp
525If you are in a new domain
526(e.g., a company),
527you will probably want to create a
528cf/domain
529file for your domain.
530This consists primarily of relay definitions
531and features you want enabled site-wide:
532for example, Berkeley's domain definition
533defines relays for
534BitNET
535and UUCP.
536These are specific to Berkeley,
537and should be fully-qualified internet-style domain names.
538Please check to make certain they are reasonable for your domain.
539.pp
540Subdomains at Berkeley are also represented in the
541cf/domain
542directory.
543For example,
544the domain
545CS.Berkeley.EDU
546is the Computer Science subdomain,
547EECS.Berkeley.EDU
548is the Electrical Engineering and Computer Sciences subdomain,
549and
550S2K.Berkeley.EDU
551is the Sequoia 2000 subdomain.
552You will probably have to add an entry to this directory
553to be appropriate for your domain.
554.pp
555You will have to use or create
556.b \&.mc
557files in the
558.i cf/cf
559subdirectory for your hosts.
560This is detailed in the
561cf/README
562file.
563.sh 2 "Details of Installation Files"
564.pp
565This subsection describes the files that
566comprise the
567.i sendmail
568installation.
569.sh 3 "/usr/\*(SD/sendmail"
570.pp
571The binary for
572.i sendmail
573is located in /usr/\*(SD\**.
574.(f
575\**This is usually
576/usr/sbin
577on 4.4BSD and newer systems;
578many systems install it in
579/usr/lib.
580I understand it is in /usr/ucblib
581on System V Release 4.
582.)f
583It should be setuid root.
584For security reasons,
585/, /usr, and /usr/\*(SD
586should be owned by root, mode 755\**.
587.(f
588\**Some vendors ship them owned by bin;
589this creates a security hole that is not actually related to
590.i sendmail .
591Other important directories that should have restrictive ownerships
592and permissions are
593/bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
594.)f
595.sh 3 "/etc/mail/sendmail.cf"
596.pp
597This is the configuration file for
598.i sendmail \**.
599.(f
600\**Actually, the pathname varies depending on the operating system;
601/etc/mail is the preferred directory.
602Some older systems install it in
603.b /usr/lib/sendmail.cf ,
604and I've also seen it in
605.b /usr/ucblib .
606If you want to move this file,
607add -D_PATH_SENDMAILCF=\e"/file/name\e"
608to the flags passed to the C compiler.
609Moving this file is not recommended:
610other programs and scripts know of this location.
611.)f
612This is the only non-library file name compiled into
613.i sendmail \**.
614.(f
615\**The system libraries can reference other files;
616in particular, system library subroutines that
617.i sendmail
618calls probably reference
619.i /etc/passwd
620and
621.i /etc/resolv.conf .
622.)f
623.pp
624The configuration file is normally created
625using the distribution files described above.
626If you have a particularly unusual system configuration
627you may need to create a special version.
628The format of this file is detailed in later sections
629of this document.
630.sh 3 "/usr/\*(SB/newaliases"
631.pp
632The
633.i newaliases
634command should just be a link to
635.i sendmail :
636.(b
637rm \-f /usr/\*(SB/newaliases
638ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
639.)b
640This can be installed in whatever search path you prefer
641for your system.
642.sh 3 "/usr/\*(SB/hoststat"
643.pp
644The
645.i hoststat
646command should just be a link to
647.i sendmail ,
648in a fashion similar to
649.i newaliases .
650This command lists the status of the last mail transaction
651with all remote hosts. The
652.b \-v
653flag will prevent the status display from being truncated.
654It functions only when the
655.b HostStatusDirectory
656option is set.
657.sh 3 "/usr/\*(SB/purgestat"
658.pp
659This command is also a link to
660.i sendmail .
661It flushes expired (Timeout.hoststatus) information that is stored in the
662.b HostStatusDirectory
663tree.
664.sh 3 "/var/spool/mqueue"
665.pp
666The directory
667.i /var/spool/mqueue
668should be created to hold the mail queue.
669This directory should be mode 700
670and owned by root.
671.pp
672The actual path of this directory
673is defined in the
674.b Q
675option of the
676.i sendmail.cf
677file.
678To use multiple queues,
679supply a value ending with an asterisk.
680For example,
681.i /var/spool/mqueue/qd*
682will use all of the directories or symbolic links to directories
683beginning with `qd' in
684.i /var/spool/mqueue
685as queue directories.
686Do not change the queue directory structure
687while sendmail is running.
688.pp
689If these directories have subdirectories or symbolic links to directories
690named `qf', `df', and `xf', then these will be used for the different
691queue file types.
692That is, the data files are stored in the `df' subdirectory,
693the transcript files are stored in the `xf' subdirectory, and
694all others are stored in the `qf' subdirectory.
695.sh 3 "/var/spool/mqueue/.hoststat"
696.pp
697This is a typical value for the
698.b HostStatusDirectory
699option,
700containing one file per host
701that this sendmail has chatted with recently.
702It is normally a subdirectory of
703.i mqueue .
704.sh 3 "/etc/mail/aliases*"
705.pp
706The system aliases are held in
707.q /etc/mail/aliases .
708A sample is given in
709.q sendmail/aliases
710which includes some aliases which
711.i must
712be defined:
713.(b
714cp lib/aliases /etc/mail/aliases
715.i "edit /etc/mail/aliases"
716.)b
717You should extend this file with any aliases that are apropos to your system.
718.pp
719Normally
720.i sendmail
721looks at a database version of the files,
722stored either in
723.q /etc/mail/aliases.dir
724and
725.q /etc/mail/aliases.pag
726or
727.q /etc/mail/aliases.db
728depending on which database package you are using.
729The actual path of this file
730is defined in the
731.b AliasFile
732option of the
733.i sendmail.cf
734file.
735.sh 3 "/etc/rc or /etc/init.d/sendmail"
736.pp
737It will be necessary to start up the
738.i sendmail
739daemon when your system reboots.
740This daemon performs two functions:
741it listens on the SMTP socket for connections
742(to receive mail from a remote system)
743and it processes the queue periodically
744to insure that mail gets delivered when hosts come up.
745.pp
746Add the following lines to
747.q /etc/rc
748(or
749.q /etc/rc.local
750as appropriate)
751in the area where it is starting up the daemons
752on a BSD-base system,
753or on a System-V-based system
754in one of the startup files, typically
755.q /etc/init.d/sendmail :
756.(b
757if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
758 (cd /var/spool/mqueue; rm \-f [lnx]f*)
759 /usr/\*(SD/sendmail \-bd \-q30m &
760 echo \-n ' sendmail' >/dev/console
761fi
762.)b
763The
764.q cd
765and
766.q rm
767commands insure that all lock files have been removed;
768extraneous lock files may be left around
769if the system goes down in the middle of processing a message.
770The line that actually invokes
771.i sendmail
772has two flags:
773.q \-bd
774causes it to listen on the SMTP port,
775and
776.q \-q30m
777causes it to run the queue every half hour.
778.pp
779Some people use a more complex startup script,
780removing zero length qf files and df files for which there is no qf file.
781For example, see Figure 1
782for an example of a complex script which does this clean up.
783.(z
784.hl
785#!/bin/sh
786# remove zero length qf files
787for qffile in qf*
788do
789 if [ \-r $qffile ]
790 then
791 if [ ! \-s $qffile ]
792 then
793 echo \-n " <zero: $qffile>" > /dev/console
794 rm \-f $qffile
795 fi
796 fi
797done
798# rename tf files to be qf if the qf does not exist
799for tffile in tf*
800do
801 qffile=`echo $tffile | sed 's/t/q/'`
802 if [ \-r $tffile \-a ! \-f $qffile ]
803 then
804 echo \-n " <recovering: $tffile>" > /dev/console
805 mv $tffile $qffile
806 else
807 if [ \-f $tffile ]
808 then
809 echo \-n " <extra: $tffile>" > /dev/console
810 rm \-f $tffile
811 fi
812 fi
813done
814# remove df files with no corresponding qf files
815for dffile in df*
816do
817 qffile=`echo $dffile | sed 's/d/q/'`
818 if [ \-r $dffile \-a ! \-f $qffile ]
819 then
820 echo \-n " <incomplete: $dffile>" > /dev/console
821 mv $dffile `echo $dffile | sed 's/d/D/'`
822 fi
823done
824# announce files that have been saved during disaster recovery
825for xffile in [A-Z]f*
826do
827 if [ \-f $xffile ]
828 then
829 echo \-n " <panic: $xffile>" > /dev/console
830 fi
831done
832.sp
833.ce
834Figure 1 \(em A complex startup script
835.hl
836.)z
837.pp
838If you are not running a version of UNIX
839that supports Berkeley TCP/IP,
840do not include the
841.b \-bd
842flag.
843.sh 3 "/etc/mail/helpfile"
844.pp
845This is the help file used by the SMTP
846.b HELP
847command.
848It should be copied from
849.q sendmail/helpfile :
850.(b
851cp sendmail/helpfile /etc/mail/helpfile
852.)b
853The actual path of this file
854is defined in the
855.b HelpFile
856option of the
857.i sendmail.cf
858file.
859.sh 3 "/etc/mail/statistics"
860.pp
861If you wish to collect statistics
862about your mail traffic,
863you should create the file
864.q /etc/mail/statistics :
865.(b
866cp /dev/null /etc/mail/statistics
867chmod 644 /etc/mail/statistics
868.)b
869This file does not grow.
870It is printed with the program
871.q mailstats/mailstats.c.
872The actual path of this file
873is defined in the
874.b S
875option of the
876.i sendmail.cf
877file.
878.sh 3 "/usr/\*(SB/mailq"
879.pp
880If
881.i sendmail
882is invoked as
883.q mailq,
884it will simulate the
885.b \-bp
886flag
887(i.e.,
888.i sendmail
889will print the contents of the mail queue;
890see below).
891This should be a link to /usr/\*(SD/sendmail.
892.sh 1 "NORMAL OPERATIONS"
893.sh 2 "The System Log"
894.pp
895The system log is supported by the
896.i syslogd \|(8)
897program.
898All messages from
899.i sendmail
900are logged under the
901.sm LOG_MAIL
902facility\**.
903.(f
904\**Except on Ultrix,
905which does not support facilities in the syslog.
906.)f
907.sh 3 "Format"
908.pp
909Each line in the system log
910consists of a timestamp,
911the name of the machine that generated it
912(for logging from several machines
913over the local area network),
914the word
915.q sendmail: ,
916and a message\**.
917.(f
918\**This format may vary slightly if your vendor has changed
919the syntax.
920.)f
921Most messages are a sequence of
922.i name \c
923=\c
924.i value
925pairs.
926.pp
927The two most common lines are logged when a message is processed.
928The first logs the receipt of a message;
929there will be exactly one of these per message.
930Some fields may be omitted if they do not contain interesting information.
931Fields are:
932.ip from
933The envelope sender address.
934.ip size
935The size of the message in bytes.
936.ip class
937The class (i.e., numeric precedence) of the message.
938.ip pri
939The initial message priority (used for queue sorting).
940.ip nrcpts
941The number of envelope recipients for this message
942(after aliasing and forwarding).
943.ip msgid
944The message id of the message (from the header).
945.ip proto
946The protocol used to receive this message (e.g., ESMTP or UUCP)
947.ip daemon
948The daemon name from the
949.b DaemonPortOptions
950setting.
951.ip relay
952The machine from which it was received.
953.lp
954There is also one line logged per delivery attempt
955(so there can be several per message if delivery is deferred
956or there are multiple recipients).
957Fields are:
958.ip to
959A comma-separated list of the recipients to this mailer.
960.ip ctladdr
961The ``controlling user'', that is, the name of the user
962whose credentials we use for delivery.
963.ip delay
964The total delay between the time this message was received
965and the current delivery attempt.
966.ip xdelay
967The amount of time needed in this delivery attempt
968(normally indicative of the speed of the connection).
969.ip mailer
970The name of the mailer used to deliver to this recipient.
971.ip relay
972The name of the host that actually accepted (or rejected) this recipient.
973.ip dsn
974The enhanced error code (RFC2034) if available.
975.ip stat
976The delivery status.
977.lp
978Not all fields are present in all messages;
979for example, the relay is not listed for local deliveries.
980.sh 3 "Levels"
981.pp
982If you have
983.i syslogd \|(8)
984or an equivalent installed,
985you will be able to do logging.
986There is a large amount of information that can be logged.
987The log is arranged as a succession of levels.
988At the lowest level
989only extremely strange situations are logged.
990At the highest level,
991even the most mundane and uninteresting events
992are recorded for posterity.
993As a convention,
994log levels under ten
995are considered generally
996.q useful;
997log levels above 64
998are reserved for debugging purposes.
999Levels from 11\-64 are reserved for verbose information
1000that some sites might want.
1001.pp
1002A complete description of the log levels
1003is given in section
1004.\" XREF
10054.6.
1006.sh 2 "Dumping State"
1007.pp
1008You can ask
1009.i sendmail
1010to log a dump of the open files
1011and the connection cache
1012by sending it a
1013.sm SIGUSR1
1014signal.
1015The results are logged at
1016.sm LOG_DEBUG
1017priority.
1018.sh 2 "The Mail Queue"
1019.pp
1020Sometimes a host cannot handle a message immediately.
1021For example, it may be down or overloaded, causing it to refuse connections.
1022The sending host is then expected to save this message in
1023its mail queue
1024and attempt to deliver it later.
1025.pp
1026Under normal conditions the mail queue will be processed transparently.
1027However, you may find that manual intervention is sometimes necessary.
1028For example,
1029if a major host is down for a period of time
1030the queue may become clogged.
1031Although
1032.i sendmail
1033ought to recover gracefully when the host comes up,
1034you may find performance unacceptably bad in the meantime.
1035.sh 3 "Printing the queue"
1036.pp
1037The contents of the queue can be printed
1038using the
1039.i mailq
1040command
1041(or by specifying the
1042.b \-bp
1043flag to
1044.i sendmail ):
1045.(b
1046mailq
1047.)b
1048This will produce a listing of the queue id's,
1049the size of the message,
1050the date the message entered the queue,
1051and the sender and recipients.
1052.sh 3 "Forcing the queue"
1053.pp
1054.i Sendmail
1055should run the queue automatically
1056at intervals.
1057When using multiple queues,
1058a separate process will be created to
1059run each of the queues
1060unless the queue run is initiated by a user
1061with the verbose flag.
1062The algorithm is to read and sort the queue,
1063and then to attempt to process all jobs in order.
1064When it attempts to run the job,
1065.i sendmail
1066first checks to see if the job is locked.
1067If so, it ignores the job.
1068.pp
1069There is no attempt to insure that only one queue processor
1070exists at any time,
1071since there is no guarantee that a job cannot take forever
1072to process
1073(however,
1074.i sendmail
1075does include heuristics to try to abort jobs
1076that are taking absurd amounts of time;
1077technically, this violates RFC 821, but is blessed by RFC 1123).
1078Due to the locking algorithm,
1079it is impossible for one job to freeze the entire queue.
1080However,
1081an uncooperative recipient host
1082or a program recipient
1083that never returns
1084can accumulate many processes in your system.
1085Unfortunately,
1086there is no completely general way to solve this.
1087.pp
1088In some cases,
1089you may find that a major host going down
1090for a couple of days
1091may create a prohibitively large queue.
1092This will result in
1093.i sendmail
1094spending an inordinate amount of time
1095sorting the queue.
1096This situation can be fixed by moving the queue to a temporary place
1097and creating a new queue.
1098The old queue can be run later when the offending host returns to service.
1099.pp
1100To do this,
1101it is acceptable to move the entire queue directory:
1102.(b
1103cd /var/spool
1104mv mqueue omqueue; mkdir mqueue; chmod 700 mqueue
1105.)b
1106You should then kill the existing daemon
1107(since it will still be processing in the old queue directory)
1108and create a new daemon.
1109.pp
1110To run the old mail queue,
1111run the following command:
1112.(b
1113/usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
1114.)b
1115The
1116.b \-oQ
1117flag specifies an alternate queue directory
1118and the
1119.b \-q
1120flag says to just run every job in the queue.
1121If you have a tendency toward voyeurism,
1122you can use the
1123.b \-v
1124flag to watch what is going on.
1125.pp
1126When the queue is finally emptied,
1127you can remove the directory:
1128.(b
1129rmdir /var/spool/omqueue
1130.)b
1131.sh 2 "Disk Based Connection Information"
1132.pp
1133.i Sendmail
1134stores a large amount of information about each remote system it
1135has connected to in memory. It is now possible to preserve some
1136of this information on disk as well, by using the
1137.b HostStatusDirectory
1138option, so that it may be shared between several invocations of
1139.i sendmail .
1140This allows mail to be queued immediately or skipped during a queue run if
1141there has been a recent failure in connecting to a remote machine.
1142.pp
1143Additionally enabling
1144.b SingleThreadDelivery
1145has the added effect of single-threading mail delivery to a destination.
1146This can be quite helpful
1147if the remote machine is running an SMTP server that is easily overloaded
1148or cannot accept more than a single connection at a time,
1149but can cause some messages to be punted to a future queue run.
1150It also applies to
1151.i all
1152hosts, so setting this because you have one machine on site
1153that runs some software that is easily overrun
1154can cause mail to other hosts to be slowed down.
1155If this option is set,
1156you probably want to set the
1157.b MinQueueAge
1158option as well and run the queue fairly frequently;
1159this way jobs that are skipped because another
1160.i sendmail
1161is talking to the same host will be tried again quickly
1162rather than being delayed for a long time.
1163.pp
1164The disk based host information is stored in a subdirectory of the
1165.b mqueue
1166directory called
1167.b \&.hoststat \**.
1168.(f
1169\**This is the usual value of the
1170.b HostStatusDirectory
1171option;
1172it can, of course, go anywhere you like in your filesystem.
1173.)f
1174Removing this directory and its subdirectories has an effect similar to
1175the
1176.i purgestat
1177command and is completely safe.
1178However,
1179.i purgestat
1180only removes expired (Timeout.hoststatus) data.
1181The information in these directories can
1182be perused with the
1183.i hoststat
1184command, which will indicate the host name, the last access, and the
1185status of that access.
1186An asterisk in the left most column indicates that a
1187.i sendmail
1188process currently has the host locked for mail delivery.
1189.pp
1190The disk based connection information is treated the same way as memory based
1191connection information for the purpose of timeouts.
1192By default, information about host failures is valid for 30 minutes.
1193This can be adjusted with
1194the
1195.b Timeout.hoststatus
1196option.
1197.pp
1198The connection information stored on disk may be expired at any time
1199with the
1200.i purgestat
1201command or by invoking sendmail with the
1202.b \-bH
1203switch.
1204The connection information may be viewed with the
1205.i hoststat
1206command or by invoking sendmail with the
1207.b \-bh
1208switch.
1209.sh 2 "The Service Switch"
1210.pp
1211The implementation of certain system services
1212such as host and user name lookup
1213is controlled by the service switch.
1214If the host operating system supports such a switch,
1215and sendmail knows about it,
1216.i sendmail
1217will use the native version.
1218Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**.
1219.(f
1220\**HP-UX 10 has service switch support,
1221but since the APIs are apparently not available in the libraries
1222.i sendmail
1223does not use the native service switch in this release.
1224.)f
1225.pp
1226If the underlying operating system does not support a service switch
1227(e.g., SunOS 4.X, HP-UX, BSD)
1228then
1229.i sendmail
1230will provide a stub implementation.
1231The
1232.b ServiceSwitchFile
1233option points to the name of a file that has the service definitions.
1234Each line has the name of a service
1235and the possible implementations of that service.
1236For example, the file:
1237.(b
1238hosts dns files nis
1239aliases files nis
1240.)b
1241will ask
1242.i sendmail
1243to look for hosts in the Domain Name System first.
1244If the requested host name is not found,
1245it tries local files,
1246and if that fails it tries NIS.
1247Similarly,
1248when looking for aliases
1249it will try the local files first
1250followed by NIS.
1251.pp
1252Service switches are not completely integrated.
1253For example, despite the fact that the host entry listed in the above example
1254specifies to look in NIS,
1255on SunOS this won't happen because the system implementation of
1256.i gethostbyname \|(3)
1257doesn't understand this.
1258If there is enough demand
1259.i sendmail
1260may reimplement
1261.i gethostbyname \|(3),
1262.i gethostbyaddr \|(3),
1263.i getpwent \|(3),
1264and the other system routines that would be necessary
1265to make this work seamlessly.
1266.sh 2 "The Alias Database"
1267.pp
1268After recipient addresses are read from the SMTP connection
1269or command line
1270they are parsed by ruleset 0,
1271which must resolve to a
1272{\c
1273.i mailer ,
1274.i host ,
1275.i address }
1276triple.
1277If the flags selected by the
1278.i mailer
1279include the
1280.b A
1281(aliasable) flag,
1282the
1283.i address
1284part of the triple is looked up as the key
1285(i.e., the left hand side)
1286into the alias database.
1287If there is a match, the address is deleted from the send queue
1288and all addresses on the right hand side of the alias
1289are added in place of the alias that was found.
1290This is a recursive operation,
1291so aliases found in the right hand side of the alias
1292are similarly expanded.
1293.pp
1294The alias database exists in two forms.
1295One is a text form,
1296maintained in the file
1297.i /etc/mail/aliases.
1298The aliases are of the form
1299.(b
1300name: name1, name2, ...
1301.)b
1302Only local names may be aliased;
1303e.g.,
1304.(b
1305eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
1306.)b
1307will not have the desired effect
1308(except on prep.ai.MIT.EDU,
1309and they probably don't want me)\**.
1310.(f
1311\**Actually, any mailer that has the `A' mailer flag set
1312will permit aliasing;
1313this is normally limited to the local mailer.
1314.)f
1315Aliases may be continued by starting any continuation lines
1316with a space or a tab or by putting a backslash directly before
1317the newline.
1318Blank lines and lines beginning with a sharp sign
1319(\c
1320.q # )
1321are comments.
1322.pp
1323The second form is processed by the
1324.i ndbm \|(3)\**
1325.(f
1326\**The
1327.i gdbm
1328package does not work.
1329.)f
1330or the Berkeley DB library.
1331This form is in the file
1332.i /etc/mail/aliases.db
1333(if using NEWDB)
1334or
1335.i /etc/mail/aliases.dir
1336and
1337.i /etc/mail/aliases.pag
1338(if using NDBM).
1339This is the form that
1340.i sendmail
1341actually uses to resolve aliases.
1342This technique is used to improve performance.
1343.pp
1344The control of search order is actually set by the service switch.
1345Essentially, the entry
1346.(b
1347O AliasFile=switch:aliases
1348.)b
1349is always added as the first alias entry;
1350also, the first alias file name without a class
1351(e.g., without
1352.q nis:
1353on the front)
1354will be used as the name of the file for a ``files'' entry
1355in the aliases switch.
1356For example, if the configuration file contains
1357.(b
1358O AliasFile=/etc/mail/aliases
1359.)b
1360and the service switch contains
1361.(b
1362aliases nis files nisplus
1363.)b
1364then aliases will first be searched in the NIS database,
1365then in /etc/mail/aliases,
1366then in the NIS+ database.
1367.pp
1368You can also use
1369.sm NIS -based
1370alias files.
1371For example, the specification:
1372.(b
1373O AliasFile=/etc/mail/aliases
1374O AliasFile=nis:mail.aliases@my.nis.domain
1375.)b
1376will first search the /etc/mail/aliases file
1377and then the map named
1378.q mail.aliases
1379in
1380.q my.nis.domain .
1381Warning: if you build your own
1382.sm NIS -based
1383alias files,
1384be sure to provide the
1385.b \-l
1386flag to
1387.i makedbm (8)
1388to map upper case letters in the keys to lower case;
1389otherwise, aliases with upper case letters in their names
1390won't match incoming addresses.
1391.pp
1392Additional flags can be added after the colon
1393exactly like a
1394.b K
1395line \(em for example:
1396.(b
1397O AliasFile=nis:\-N mail.aliases@my.nis.domain
1398.)b
1399will search the appropriate NIS map and always include null bytes in the key.
1400Also:
1401.(b
1402O AliasFile=nis:\-f mail.aliases@my.nis.domain
1403.)b
1404will prevent sendmail from downcasing the key before the alias lookup.
1405.sh 3 "Rebuilding the alias database"
1406.pp
1407The
1408.i hash
1409or
1410.i dbm
1411version of the database
1412may be rebuilt explicitly by executing the command
1413.(b
1414newaliases
1415.)b
1416This is equivalent to giving
1417.i sendmail
1418the
1419.b \-bi
1420flag:
1421.(b
1422/usr/\*(SD/sendmail \-bi
1423.)b
1424.pp
1425If the
1426.b RebuildAliases
1427(old
1428.b D )
1429option is specified in the configuration,
1430.i sendmail
1431will rebuild the alias database automatically
1432if possible
1433when it is out of date.
1434Auto-rebuild can be dangerous
1435on heavily loaded machines
1436with large alias files;
1437if it might take more than the rebuild timeout
1438(option
1439.b AliasWait ,
1440old
1441.b a ,
1442which is normally five minutes)
1443to rebuild the database,
1444there is a chance that several processes will start the rebuild process
1445simultaneously.
1446.pp
1447If you have multiple aliases databases specified,
1448the
1449.b \-bi
1450flag rebuilds all the database types it understands
1451(for example, it can rebuild NDBM databases but not NIS databases).
1452.sh 3 "Potential problems"
1453.pp
1454There are a number of problems that can occur
1455with the alias database.
1456They all result from a
1457.i sendmail
1458process accessing the DBM version
1459while it is only partially built.
1460This can happen under two circumstances:
1461One process accesses the database
1462while another process is rebuilding it,
1463or the process rebuilding the database dies
1464(due to being killed or a system crash)
1465before completing the rebuild.
1466.pp
1467Sendmail has three techniques to try to relieve these problems.
1468First, it ignores interrupts while rebuilding the database;
1469this avoids the problem of someone aborting the process
1470leaving a partially rebuilt database.
1471Second,
1472it locks the database source file during the rebuild \(em
1473but that may not work over NFS or if the file is unwritable.
1474Third,
1475at the end of the rebuild
1476it adds an alias of the form
1477.(b
1478@: @
1479.)b
1480(which is not normally legal).
1481Before
1482.i sendmail
1483will access the database,
1484it checks to insure that this entry exists\**.
1485.(f
1486\**The
1487.b AliasWait
1488option is required in the configuration
1489for this action to occur.
1490This should normally be specified.
1491.)f
1492.sh 3 "List owners"
1493.pp
1494If an error occurs on sending to a certain address,
1495say
1496.q \fIx\fP ,
1497.i sendmail
1498will look for an alias
1499of the form
1500.q owner-\fIx\fP
1501to receive the errors.
1502This is typically useful
1503for a mailing list
1504where the submitter of the list
1505has no control over the maintenance of the list itself;
1506in this case the list maintainer would be the owner of the list.
1507For example:
1508.(b
1509unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
1510 sam@matisse
1511owner-unix-wizards: unix-wizards-request
1512unix-wizards-request: eric@ucbarpa
1513.)b
1514would cause
1515.q eric@ucbarpa
1516to get the error that will occur
1517when someone sends to
1518unix-wizards
1519due to the inclusion of
1520.q nosuchuser
1521on the list.
1522.pp
1523List owners also cause the envelope sender address to be modified.
1524The contents of the owner alias are used if they point to a single user,
1525otherwise the name of the alias itself is used.
1526For this reason, and to obey Internet conventions,
1527the
1528.q owner-
1529address normally points at the
1530.q -request
1531address; this causes messages to go out with the typical Internet convention
1532of using ``\c
1533.i list -request''
1534as the return address.
1535.sh 2 "User Information Database"
1536.pp
1537If you have a version of
1538.i sendmail
1539with the user information database
1540compiled in,
1541and you have specified one or more databases using the
1542.b U
1543option,
1544the databases will be searched for a
1545.i user :maildrop
1546entry.
1547If found, the mail will be sent to the specified address.
1548.sh 2 "Per-User Forwarding (.forward Files)"
1549.pp
1550As an alternative to the alias database,
1551any user may put a file with the name
1552.q .forward
1553in his or her home directory.
1554If this file exists,
1555.i sendmail
1556redirects mail for that user
1557to the list of addresses listed in the .forward file.
1558Note that aliases are fully expanded before forward files are referenced.
1559For example, if the home directory for user
1560.q mckusick
1561has a .forward file with contents:
1562.(b
1563mckusick@ernie
1564kirk@calder
1565.)b
1566then any mail arriving for
1567.q mckusick
1568will be redirected to the specified accounts.
1569.pp
1570Actually, the configuration file defines a sequence of filenames to check.
1571By default, this is the user's .forward file,
1572but can be defined to be more generally using the
1573.b ForwardPath
1574option.
1575If you change this,
1576you will have to inform your user base of the change;
1577\&.forward is pretty well incorporated into the collective subconscious.
1578.sh 2 "Special Header Lines"
1579.pp
1580Several header lines have special interpretations
1581defined by the configuration file.
1582Others have interpretations built into
1583.i sendmail
1584that cannot be changed without changing the code.
1585These builtins are described here.
1586.sh 3 "Errors-To:"
1587.pp
1588If errors occur anywhere during processing,
1589this header will cause error messages to go to
1590the listed addresses.
1591This is intended for mailing lists.
1592.pp
1593The Errors-To: header was created in the bad old days
1594when UUCP didn't understand the distinction between an envelope and a header;
1595this was a hack to provide what should now be passed
1596as the envelope sender address.
1597It should go away.
1598It is only used if the
1599.b UseErrorsTo
1600option is set.
1601.pp
1602The Errors-To: header is officially deprecated
1603and will go away in a future release.
1604.sh 3 "Apparently-To:"
1605.pp
1606RFC 822 requires at least one recipient field
1607(To:, Cc:, or Bcc: line)
1608in every message.
1609If a message comes in with no recipients listed in the message
1610then
1611.i sendmail
1612will adjust the header based on the
1613.q NoRecipientAction
1614option.
1615One of the possible actions is to add an
1616.q "Apparently-To:"
1617header line for any recipients it is aware of.
1618.pp
1619The Apparently-To: header is non-standard
1620and is deprecated.
1621.sh 3 "Precedence"
1622.pp
1623The Precedence: header can be used as a crude control of message priority.
1624It tweaks the sort order in the queue
1625and can be configured to change the message timeout values.
1626The precedence of a message also controls how
1627delivery status notifications (DSNs)
1628are processed for that message.
1629.sh 2 "IDENT Protocol Support"
1630.pp
1631.i Sendmail
1632supports the IDENT protocol as defined in RFC 1413.
1633Note that the RFC states
1634a client should wait at least 30 seconds for a response.
1635The default Timeout.ident is 5 seconds
1636as many sites have adopted the practice of dropping IDENT queries.
1637This has lead to delays processing mail.
1638Although this enhances identification
1639of the author of an email message
1640by doing a ``call back'' to the originating system to include
1641the owner of a particular TCP connection
1642in the audit trail
1643it is in no sense perfect;
1644a determined forger can easily spoof the IDENT protocol.
1645The following description is excerpted from RFC 1413:
1646.ba +5
1647.lp
16486. Security Considerations
1649.lp
1650The information returned by this protocol is at most as trustworthy
1651as the host providing it OR the organization operating the host. For
1652example, a PC in an open lab has few if any controls on it to prevent
1653a user from having this protocol return any identifier the user
1654wants. Likewise, if the host has been compromised the information
1655returned may be completely erroneous and misleading.
1656.lp
1657The Identification Protocol is not intended as an authorization or
1658access control protocol. At best, it provides some additional
1659auditing information with respect to TCP connections. At worst, it
1660can provide misleading, incorrect, or maliciously incorrect
1661information.
1662.lp
1663The use of the information returned by this protocol for other than
1664auditing is strongly discouraged. Specifically, using Identification
1665Protocol information to make access control decisions - either as the
1666primary method (i.e., no other checks) or as an adjunct to other
1667methods may result in a weakening of normal host security.
1668.lp
1669An Identification server may reveal information about users,
1670entities, objects or processes which might normally be considered
1671private. An Identification server provides service which is a rough
1672analog of the CallerID services provided by some phone companies and
1673many of the same privacy considerations and arguments that apply to
1674the CallerID service apply to Identification. If you wouldn't run a
1675"finger" server due to privacy considerations you may not want to run
1676this protocol.
1677.ba
1678.lp
1679In some cases your system may not work properly with IDENT support
1680due to a bug in the TCP/IP implementation.
1681The symptoms will be that for some hosts
1682the SMTP connection will be closed
1683almost immediately.
1684If this is true or if you do not want to use IDENT,
1685you should set the IDENT timeout to zero;
1686this will disable the IDENT protocol.
1687.sh 1 "ARGUMENTS"
1688.pp
1689The complete list of arguments to
1690.i sendmail
1691is described in detail in Appendix A.
1692Some important arguments are described here.
1693.sh 2 "Queue Interval"
1694.pp
1695The amount of time between forking a process
1696to run through the queue
1697is defined by the
1698.b \-q
1699flag.
1700If you run with delivery mode set to
1701.b i
1702or
1703.b b
1704this can be relatively large,
1705since it will only be relevant
1706when a host that was down comes back up.
1707If you run in
1708.b q
1709mode
1710it should be relatively short,
1711since it defines the maximum amount of time that a message
1712may sit in the queue.
1713(See also the MinQueueAge option.)
1714.pp
1715RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
1716(although that probably doesn't make sense if you use ``queue-only'' mode).
1717.sh 2 "Daemon Mode"
1718.pp
1719If you allow incoming mail over an IPC connection,
1720you should have a daemon running.
1721This should be set by your
1722.i /etc/rc
1723file using the
1724.b \-bd
1725flag.
1726The
1727.b \-bd
1728flag and the
1729.b \-q
1730flag may be combined in one call:
1731.(b
1732/usr/\*(SD/sendmail \-bd \-q30m
1733.)b
1734.pp
1735An alternative approach is to invoke sendmail from
1736.i inetd (8)
1737(use the
1738.b \-bs
1739flag to ask sendmail to speak SMTP on its standard input and output).
1740This works and allows you to wrap
1741.i sendmail
1742in a TCP wrapper program,
1743but may be a bit slower since the configuration file
1744has to be re-read on every message that comes in.
1745If you do this, you still need to have a
1746.i sendmail
1747running to flush the queue:
1748.(b
1749/usr/\*(SD/sendmail \-q30m
1750.)b
1751.sh 2 "Forcing the Queue"
1752.pp
1753In some cases you may find that the queue has gotten clogged for some reason.
1754You can force a queue run
1755using the
1756.b \-q
1757flag (with no value).
1758It is entertaining to use the
1759.b \-v
1760flag (verbose)
1761when this is done to watch what happens:
1762.(b
1763/usr/\*(SD/sendmail \-q \-v
1764.)b
1765.pp
1766You can also limit the jobs to those with a particular queue identifier,
1767sender, or recipient
1768using one of the queue modifiers.
1769For example,
1770.q \-qRberkeley
1771restricts the queue run to jobs that have the string
1772.q berkeley
1773somewhere in one of the recipient addresses.
1774Similarly,
1775.q \-qSstring
1776limits the run to particular senders and
1777.q \-qIstring
1778limits it to particular queue identifiers.
1779.sh 2 "Debugging"
1780.pp
1781There are a fairly large number of debug flags
1782built into
1783.i sendmail .
1784Each debug flag has a number and a level,
1785where higher levels means to print out more information.
1786The convention is that levels greater than nine are
1787.q absurd,
1788i.e.,
1789they print out so much information that you wouldn't normally
1790want to see them except for debugging that particular piece of code.
1791Debug flags are set using the
1792.b \-d
1793option;
1794the syntax is:
1795.(b
1796.ta \w'debug-option 'u
1797debug-flag: \fB\-d\fP debug-list
1798debug-list: debug-option [ , debug-option ]*
1799debug-option: debug-range [ . debug-level ]
1800debug-range: integer | integer \- integer
1801debug-level: integer
1802.)b
1803where spaces are for reading ease only.
1804For example,
1805.(b
1806\-d12 Set flag 12 to level 1
1807\-d12.3 Set flag 12 to level 3
1808\-d3\-17 Set flags 3 through 17 to level 1
1809\-d3\-17.4 Set flags 3 through 17 to level 4
1810.)b
1811For a complete list of the available debug flags
1812you will have to look at the code
1813and the
1814.i TRACEFLAGS
1815file in the sendmail distribution
1816(they are too dynamic to keep this document up to date).
1817.sh 2 "Changing the Values of Options"
1818.pp
1819Options can be overridden using the
1820.b \-o
1821or
1822.b \-O
1823command line flags.
1824For example,
1825.(b
1826/usr/\*(SD/sendmail \-oT2m
1827.)b
1828sets the
1829.b T
1830(timeout) option to two minutes
1831for this run only;
1832the equivalent line using the long option name is
1833.(b
1834/usr/\*(SD/sendmail -OTimeout.queuereturn=2m
1835.)b
1836.pp
1837Some options have security implications.
1838Sendmail allows you to set these,
1839but relinquishes its setuid root permissions thereafter\**.
1840.(f
1841\**That is, it sets its effective uid to the real uid;
1842thus, if you are executing as root,
1843as from root's crontab file or during system startup
1844the root permissions will still be honored.
1845.)f
1846.sh 2 "Trying a Different Configuration File"
1847.pp
1848An alternative configuration file
1849can be specified using the
1850.b \-C
1851flag; for example,
1852.(b
1853/usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
1854.)b
1855uses the configuration file
1856.i test.cf
1857instead of the default
1858.i /etc/mail/sendmail.cf.
1859If the
1860.b \-C
1861flag has no value
1862it defaults to
1863.i sendmail.cf
1864in the current directory.
1865.pp
1866.i Sendmail
1867gives up its setuid root permissions
1868when you use this flag, so it is common to use a publicly writable directory
1869(such as /tmp)
1870as the queue directory (QueueDirectory or Q option) while testing.
1871.sh 2 "Logging Traffic"
1872.pp
1873Many SMTP implementations do not fully implement the protocol.
1874For example, some personal computer based SMTPs
1875do not understand continuation lines in reply codes.
1876These can be very hard to trace.
1877If you suspect such a problem, you can set traffic logging using the
1878.b \-X
1879flag.
1880For example,
1881.(b
1882/usr/\*(SD/sendmail \-X /tmp/traffic \-bd
1883.)b
1884will log all traffic in the file
1885.i /tmp/traffic .
1886.pp
1887This logs a lot of data very quickly and should
1888.b NEVER
1889be used
1890during normal operations.
1891After starting up such a daemon,
1892force the errant implementation to send a message to your host.
1893All message traffic in and out of
1894.i sendmail ,
1895including the incoming SMTP traffic,
1896will be logged in this file.
1897.sh 2 "Testing Configuration Files"
1898.pp
1899When you build a configuration table,
1900you can do a certain amount of testing
1901using the
1902.q "test mode"
1903of
1904.i sendmail .
1905For example,
1906you could invoke
1907.i sendmail
1908as:
1909.(b
1910sendmail \-bt \-Ctest.cf
1911.)b
1912which would read the configuration file
1913.q test.cf
1914and enter test mode.
1915In this mode,
1916you enter lines of the form:
1917.(b
1918rwset address
1919.)b
1920where
1921.i rwset
1922is the rewriting set you want to use
1923and
1924.i address
1925is an address to apply the set to.
1926Test mode shows you the steps it takes
1927as it proceeds,
1928finally showing you the address it ends up with.
1929You may use a comma separated list of rwsets
1930for sequential application of rules to an input.
1931For example:
1932.(b
19333,1,21,4 monet:bollard
1934.)b
1935first applies ruleset three to the input
1936.q monet:bollard.
1937Ruleset one is then applied to the output of ruleset three,
1938followed similarly by rulesets twenty-one and four.
1939.pp
1940If you need more detail,
1941you can also use the
1942.q \-d21
1943flag to turn on more debugging.
1944For example,
1945.(b
1946sendmail \-bt \-d21.99
1947.)b
1948turns on an incredible amount of information;
1949a single word address
1950is probably going to print out several pages worth of information.
1951.pp
1952You should be warned that internally,
1953.i sendmail
1954applies ruleset 3 to all addresses.
1955In test mode
1956you will have to do that manually.
1957For example, older versions allowed you to use
1958.(b
19590 bruce@broadcast.sony.com
1960.)b
1961This version requires that you use:
1962.(b
19633,0 bruce@broadcast.sony.com
1964.)b
1965.pp
1966As of version 8.7,
1967some other syntaxes are available in test mode:
1968.bu
1969\&.D\|x\|value
1970defines macro
1971.i x
1972to have the indicated
1973.i value .
1974This is useful when debugging rules that use the
1975.b $& \c
1976.i x
1977syntax.
1978.bu
1979\&.C\|c\|value
1980adds the indicated
1981.i value
1982to class
1983.i c .
1984.bu
1985\&.S\|ruleset
1986dumps the contents of the indicated ruleset.
1987.bu
1988\-d\|debug-spec
1989is equivalent to the command-line flag.
1990.sh 2 "Persistent Host Status Information"
1991.pp
1992When
1993.b HostStatusDirectory
1994is enabled,
1995information about the status of hosts is maintained on disk
1996and can thus be shared between different instantiations of
1997.i sendmail .
1998The status of the last connection with each remote host
1999may be viewed with the command:
2000.(b
2001sendmail \-bh
2002.)b
2003This information may be flushed with the command:
2004.(b
2005sendmail \-bH
2006.)b
2007Flushing the information prevents new
2008.i sendmail
2009processes from loading it,
2010but does not prevent existing processes from using the status information
2011that they already have.
2012.sh 1 "TUNING"
2013.pp
2014There are a number of configuration parameters
2015you may want to change,
2016depending on the requirements of your site.
2017Most of these are set
2018using an option in the configuration file.
2019For example,
2020the line
2021.q "O Timeout.queuereturn=5d"
2022sets option
2023.q Timeout.queuereturn
2024to the value
2025.q 5d
2026(five days).
2027.pp
2028Most of these options have appropriate defaults for most sites.
2029However,
2030sites having very high mail loads may find they need to tune them
2031as appropriate for their mail load.
2032In particular,
2033sites experiencing a large number of small messages,
2034many of which are delivered to many recipients,
2035may find that they need to adjust the parameters
2036dealing with queue priorities.
2037.pp
2038All versions of
2039.i sendmail
2040prior to 8.7
2041had single character option names.
2042As of 8.7,
2043options have long (multi-character names).
2044Although old short names are still accepted,
2045most new options do not have short equivalents.
2046.pp
2047This section only describes the options you are most likely
2048to want to tweak;
2049read section
2050.\"XREF
20515
2052for more details.
2053.sh 2 "Timeouts"
2054.pp
2055All time intervals are set
2056using a scaled syntax.
2057For example,
2058.q 10m
2059represents ten minutes, whereas
2060.q 2h30m
2061represents two and a half hours.
2062The full set of scales is:
2063.(b
2064.ta 4n
2065s seconds
2066m minutes
2067h hours
2068d days
2069w weeks
2070.)b
2071.sh 3 "Queue interval"
2072.pp
2073The argument to the
2074.b \-q
2075flag
2076specifies how often a sub-daemon will run the queue.
2077This is typically set to between fifteen minutes
2078and one hour.
2079If not set,
2080or set to zero,
2081the queue will not be run automatically.
2082RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
2083.sh 3 "Read timeouts"
2084.pp
2085Timeouts all have option names
2086.q Timeout.\fIsuboption\fP .
2087The recognized
2088.i suboption s,
2089their default values, and the minimum values
2090allowed by RFC 1123 section 5.3.2 are:
2091.nr ii 1i
2092.ip connect
2093The time to wait for an SMTP connection to open
2094(the
2095.i connect (2)
2096system call)
2097[0, unspecified].
2098If zero, uses the kernel default.
2099In no case can this option extend the timeout
2100longer than the kernel provides, but it can shorten it.
2101This is to get around kernels that provide an absurdly long connection timeout
2102(90 minutes in one case).
2103.ip iconnect
2104The same as
2105.i connect,
2106except it applies only to the initial attempt to connect to a host
2107for a given message
2108[0, unspecified].
2109The concept is that this should be very short (a few seconds);
2110hosts that are well connected and responsive will thus be serviced immediately.
2111Hosts that are slow will not hold up other deliveries in the initial
2112delivery attempt.
2113.ip initial
2114The wait for the initial 220 greeting message
2115[5m, 5m].
2116.ip helo
2117The wait for a reply from a HELO or EHLO command
2118[5m, unspecified].
2119This may require a host name lookup, so
2120five minutes is probably a reasonable minimum.
2121.ip mail\(dg
2122The wait for a reply from a MAIL command
2123[10m, 5m].
2124.ip rcpt\(dg
2125The wait for a reply from a RCPT command
2126[1h, 5m].
2127This should be long
2128because it could be pointing at a list
2129that takes a long time to expand
2130(see below).
2131.ip datainit\(dg
2132The wait for a reply from a DATA command
2133[5m, 2m].
2134.ip datablock\(dg\(dd
2135The wait for reading a data block
2136(that is, the body of the message).
2137[1h, 3m].
2138This should be long because it also applies to programs
2139piping input to
2140.i sendmail
2141which have no guarantee of promptness.
2142.ip datafinal\(dg
2143The wait for a reply from the dot terminating a message.
2144[1h, 10m].
2145If this is shorter than the time actually needed
2146for the receiver to deliver the message,
2147duplicates will be generated.
2148This is discussed in RFC 1047.
2149.ip rset
2150The wait for a reply from a RSET command
2151[5m, unspecified].
2152.ip quit
2153The wait for a reply from a QUIT command
2154[2m, unspecified].
2155.ip misc
2156The wait for a reply from miscellaneous (but short) commands
2157such as NOOP (no-operation) and VERB (go into verbose mode).
2158[2m, unspecified].
2159.ip command\(dg\(dd
2160In server SMTP,
2161the time to wait for another command.
2162[1h, 5m].
2163.ip ident\(dd
2164The timeout waiting for a reply to an IDENT query
2165[30s\**, unspecified].
2166.(f
2167\**On some systems the default is zero to turn the protocol off entirely.
2168.)f
2169.ip fileopen\(dd
2170The timeout for opening .forward and :include: files [60s, none].
2171.ip control\(dd
2172The timeout for a complete control socket transaction to complete [2m, none].
2173.ip hoststatus\(dd
2174How long status information about a host
2175(e.g., host down)
2176will be cached before it is considered stale
2177[30m, unspecified].
2178.ip resolver.retrans
2179The resolver's
2180retransmission time interval
2181(in seconds)
2182[varies].
2183Sets both
2184.i Timeout.resolver.retrans.first
2185and
2186.i Timeout.resolver.retrans.normal .
2187.ip resolver.retrans.first
2188The resolver's
2189retransmission time interval
2190(in seconds)
2191for the first attempt to
2192deliver a message
2193[varies].
2194.ip resolver.retrans.normal
2195The resolver's
2196retransmission time interval
2197(in seconds)
2198for all resolver lookups
2199except the first delivery attempt
2200[varies].
2201.ip resolver.retry
2202The number of times
2203to retransmit a resolver query.
2204Sets both
2205.i Timeout.resolver.retry.first
2206and
2207.i Timeout.resolver.retry.normal
2208[varies].
2209.ip resolver.retry.first
2210The number of times
2211to retransmit a resolver query
2212for the first attempt
2213to deliver a message
2214[varies].
2215.ip resolver.retry.normal
2216The number of times
2217to retransmit a resolver query
2218for all resolver lookups
2219 except the first delivery attempt
2220[varies].
2221.lp
2222For compatibility with old configuration files,
2223if no
2224.i suboption
2225is specified,
2226all the timeouts marked with
2227.DG
2228(\(dg) are set to the indicated value.
2229All but those marked with
2230.DD
2231(\(dd) apply to client SMTP.
2232.pp
2233Many of the RFC 1123 minimum values
2234may well be too short.
2235.i Sendmail
2236was designed to the RFC 822 protocols,
2237which did not specify read timeouts;
2238hence, versions of
2239.i sendmail
2240prior to version 8.1 did not guarantee to reply to messages promptly.
2241In particular, a
2242.q RCPT
2243command specifying a mailing list
2244will expand and verify the entire list;
2245a large list on a slow system
2246may easily take more than five minutes\**.
2247.(f
2248\**This verification includes looking up every address
2249with the name server;
2250this involves network delays,
2251and can in some cases can be considerable.
2252.)f
2253I recommend a one hour timeout \*-
2254since a communications failure during the RCPT phase is rare,
2255a long timeout is not onerous
2256and may ultimately help reduce network load
2257and duplicated messages.
2258.pp
2259For example, the lines:
2260.(b
2261O Timeout.command=25m
2262O Timeout.datablock=3h
2263.)b
2264sets the server SMTP command timeout to 25 minutes
2265and the input data block timeout to three hours.
2266.sh 3 "Message timeouts"
2267.pp
2268After sitting in the queue for a few days,
2269a message will time out.
2270This is to insure that at least the sender is aware
2271of the inability to send a message.
2272The timeout is typically set to five days.
2273It is sometimes considered convenient to also send a warning message
2274if the message is in the queue longer than a few hours
2275(assuming you normally have good connectivity;
2276if your messages normally took several hours to send
2277you wouldn't want to do this because it wouldn't be an unusual event).
2278These timeouts are set using the
2279.b Timeout.queuereturn
2280and
2281.b Timeout.queuewarn
2282options in the configuration file
2283(previously both were set using the
2284.b T
2285option).
2286.pp
2287If the message is submitted using the
2288.sm NOTIFY
2289.sm SMTP
2290extension,
2291warning messages will only be sent if
2292.sm NOTIFY=DELAY
2293is specified.
2294The queuereturn and queuewarn timeouts
2295can be further qualified with a tag based on the Precedence: field
2296in the message;
2297they must be one of
2298.q urgent
2299(indicating a positive non-zero precedence)
2300.q normal
2301(indicating a zero precedence), or
2302.q non-urgent
2303(indicating negative precedences).
2304For example, setting
2305.q Timeout.queuewarn.urgent=1h
2306sets the warning timeout for urgent messages only
2307to one hour.
2308The default if no precedence is indicated
2309is to set the timeout for all precedences.
2310The value "now" can be used for
2311-O Timeout.queuereturn
2312to return entries immediately during a queue run,
2313e.g., to bounce messages independent of their time in the queue.
2314.pp
2315Since these options are global,
2316and since you can not know
2317.i "a priori"
2318how long another host outside your domain will be down,
2319a five day timeout is recommended.
2320This allows a recipient to fix the problem even if it occurs
2321at the beginning of a long weekend.
2322RFC 1123 section 5.3.1.1 says that this parameter
2323should be ``at least 4\-5 days''.
2324.pp
2325The
2326.b Timeout.queuewarn
2327value can be piggybacked on the
2328.b T
2329option by indicating a time after which
2330a warning message should be sent;
2331the two timeouts are separated by a slash.
2332For example, the line
2333.(b
2334OT5d/4h
2335.)b
2336causes email to fail after five days,
2337but a warning message will be sent after four hours.
2338This should be large enough that the message will have been tried
2339several times.
2340.sh 2 "Forking During Queue Runs"
2341.pp
2342By setting the
2343.b ForkEachJob
2344(\c
2345.b Y )
2346option,
2347.i sendmail
2348will fork before each individual message
2349while running the queue.
2350This will prevent
2351.i sendmail
2352from consuming large amounts of memory,
2353so it may be useful in memory-poor environments.
2354However, if the
2355.b ForkEachJob
2356option is not set,
2357.i sendmail
2358will keep track of hosts that are down during a queue run,
2359which can improve performance dramatically.
2360.pp
2361If the
2362.b ForkEachJob
2363option is set,
2364.i sendmail
2365can not use connection caching.
2366.sh 2 "Queue Priorities"
2367.pp
2368Every message is assigned a priority when it is first instantiated,
2369consisting of the message size (in bytes)
2370offset by the message class
2371(which is determined from the Precedence: header)
2372times the
2373.q "work class factor"
2374and the number of recipients times the
2375.q "work recipient factor."
2376The priority is used to order the queue.
2377Higher numbers for the priority mean that the message will be processed later
2378when running the queue.
2379.pp
2380The message size is included so that large messages are penalized
2381relative to small messages.
2382The message class allows users to send
2383.q "high priority"
2384messages by including a
2385.q Precedence:
2386field in their message;
2387the value of this field is looked up in the
2388.b P
2389lines of the configuration file.
2390Since the number of recipients affects the amount of load a message presents
2391to the system,
2392this is also included into the priority.
2393.pp
2394The recipient and class factors
2395can be set in the configuration file using the
2396.b RecipientFactor
2397(\c
2398.b y )
2399and
2400.b ClassFactor
2401(\c
2402.b z )
2403options respectively.
2404They default to 30000 (for the recipient factor)
2405and 1800
2406(for the class factor).
2407The initial priority is:
2408.EQ
2409pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
2410.EN
2411(Remember, higher values for this parameter actually mean
2412that the job will be treated with lower priority.)
2413.pp
2414The priority of a job can also be adjusted each time it is processed
2415(that is, each time an attempt is made to deliver it)
2416using the
2417.q "work time factor,"
2418set by the
2419.b RetryFactor
2420(\c
2421.b Z )
2422option.
2423This is added to the priority,
2424so it normally decreases the precedence of the job,
2425on the grounds that jobs that have failed many times
2426will tend to fail again in the future.
2427The
2428.b RetryFactor
2429option defaults to 90000.
2430.sh 2 "Load Limiting"
2431.pp
2432.i Sendmail
2433can be asked to queue (but not deliver)
2434mail if the system load average gets too high
2435using the
2436.b QueueLA
2437(\c
2438.b x )
2439option.
2440When the load average exceeds the value of the
2441.b QueueLA
2442option,
2443the delivery mode is set to
2444.b q
2445(queue only)
2446if the
2447.b QueueFactor
2448(\c
2449.b q )
2450option divided by the difference in the current load average and the
2451.b QueueLA
2452option
2453plus one
2454is less than the priority of the message \(em
2455that is, the message is queued iff:
2456.EQ
2457pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
2458.EN
2459The
2460.b QueueFactor
2461option defaults to 600000,
2462so each point of load average is worth 600000
2463priority points
2464(as described above).
2465.pp
2466For drastic cases,
2467the
2468.b RefuseLA
2469(\c
2470.b X )
2471option defines a load average at which
2472.i sendmail
2473will refuse
2474to accept network connections.
2475Locally generated mail
2476(including incoming UUCP mail)
2477is still accepted.
2478.sh 2 "Delivery Mode"
2479.pp
2480There are a number of delivery modes that
2481.i sendmail
2482can operate in,
2483set by the
2484.b DeliveryMode
2485(\c
2486.b d )
2487configuration option.
2488These modes
2489specify how quickly mail will be delivered.
2490Legal modes are:
2491.(b
2492.ta 4n
2493i deliver interactively (synchronously)
2494b deliver in background (asynchronously)
2495q queue only (don't deliver)
2496d defer delivery attempts (don't deliver)
2497.)b
2498There are tradeoffs.
2499Mode
2500.q i
2501gives the sender the quickest feedback,
2502but may slow down some mailers and
2503is hardly ever necessary.
2504Mode
2505.q b
2506delivers promptly but
2507can cause large numbers of processes
2508if you have a mailer that takes a long time to deliver a message.
2509Mode
2510.q q
2511minimizes the load on your machine,
2512but means that delivery may be delayed for up to the queue interval.
2513Mode
2514.q d
2515is identical to mode
2516.q q
2517except that it also prevents all the early map lookups from working;
2518it is intended for ``dial on demand'' sites where DNS lookups
2519might cost real money.
2520Some simple error messages
2521(e.g., host unknown during the SMTP protocol)
2522will be delayed using this mode.
2523Mode
2524.q b
2525is the usual default.
2526.pp
2527If you run in mode
2528.q q
2529(queue only),
2530.q d
2531(defer),
2532or
2533.q b
2534(deliver in background)
2535.i sendmail
2536will not expand aliases and follow .forward files
2537upon initial receipt of the mail.
2538This speeds up the response to RCPT commands.
2539Mode
2540.q i
2541cannot be used by the SMTP server.
2542.sh 2 "Log Level"
2543.pp
2544The level of logging can be set for
2545.i sendmail .
2546The default using a standard configuration table is level 9.
2547The levels are as follows:
2548.nr ii 0.5i
2549.ip 0
2550Minimal logging.
2551.ip 1
2552Serious system failures and potential security problems.
2553.ip 2
2554Lost communications (network problems) and protocol failures.
2555.ip 3
2556Other serious failures, malformed addresses, transient forward/include
2557errors, connection timeouts.
2558.ip 4
2559Minor failures, out of date alias databases, connection rejections
2560via check_ rulesets.
2561.ip 5
2562Message collection statistics.
2563.ip 6
2564Creation of error messages,
2565VRFY and EXPN commands.
2566.ip 7
2567Delivery failures (host or user unknown, etc.).
2568.ip 8
2569Successful deliveries and alias database rebuilds.
2570.ip 9
2571Messages being deferred
2572(due to a host being down, etc.).
2573.ip 10
2574Database expansion (alias, forward, and userdb lookups)
2575and authentication information.
2576.ip 11
2577NIS errors and end of job processing.
2578.ip 12
2579Logs all SMTP connections.
2580.ip 13
2581Log bad user shells, files with improper permissions, and other
2582questionable situations.
2583.ip 14
2584Logs refused connections.
2585.ip 15
2586Log all incoming and outgoing SMTP commands.
2587.ip 20
2588Logs attempts to run locked queue files.
2589These are not errors,
2590but can be useful to note if your queue appears to be clogged.
2591.ip 30
2592Lost locks (only if using lockf instead of flock).
2593.lp
2594Additionally,
2595values above 64 are reserved for extremely verbose debugging output.
2596No normal site would ever set these.
2597.sh 2 "File Modes"
2598.pp
2599The modes used for files depend on what functionality you want
2600and the level of security you require.
2601In many cases
2602.i sendmail
2603does careful checking of the modes
2604of files and directories
2605to avoid accidental compromise;
2606if you want to make it possible to have group-writable support files
2607you may need to use the
2608.b DontBlameSendmail
2609option to turn off some of these checks.
2610.sh 3 "To suid or not to suid?"
2611.pp
2612.i Sendmail
2613is normally installed
2614setuid to root.
2615At the point where it is about to
2616.i exec \|(2)
2617a mailer,
2618it checks to see if the userid is zero (root);
2619if so,
2620it resets the userid and groupid to a default
2621(set by the
2622.b U=
2623equate in the mailer line;
2624if that is not set, the
2625.b DefaultUser
2626option is used).
2627This can be overridden
2628by setting the
2629.b S
2630flag to the mailer
2631for mailers that are trusted
2632and must be called as root.
2633However,
2634this will cause mail processing
2635to be accounted
2636(using
2637.i sa \|(8))
2638to root
2639rather than to the user sending the mail.
2640.pp
2641If you don't make
2642.i sendmail
2643setuid to root, it will still run but you lose a lot of functionality
2644and a lot of privacy, since you'll have to make the queue directory
2645world readable.
2646You could also make
2647.i sendmail
2648setuid to some pseudo-user
2649(e.g., create a user called
2650.q sendmail
2651and make
2652.i sendmail
2653setuid to that)
2654which will fix the privacy problems
2655but not the functionality issues.
2656It also introduces problems on some operating systems
2657if sendmail needs to give up the setuid special privileges.
2658Also, this isn't a guarantee of security:
2659for example,
2660root occasionally sends mail,
2661and the daemon often runs as root.
2662Note however that
2663.i sendmail
2664must run as root or the trusted user in order to create the SMTP listener
2665socket.
2666.pp
2667A middle ground is to make
2668.i sendmail
2669setuid to root,
2670but set the
2671.b RunAsUser
2672option.
2673This causes
2674.i sendmail
2675to become the indicated user as soon as it has done the startup
2676that requires root privileges
2677(primarily, opening the
2678.sm SMTP
2679socket).
2680If you use
2681.b RunAsUser ,
2682the queue directory
2683(normally
2684.i /var/spool/mqueue )
2685should be owned by that user,
2686and all files and databases
2687(including user
2688.i \&.forward
2689files,
2690alias files,
2691:include: files,
2692and external databases)
2693must be readable by that user.
2694Also, since sendmail will not be able to change it's uid,
2695delivery to programs or files will be marked as unsafe,
2696e.g., undeliverable,
2697in
2698.i \&.forward ,
2699aliases,
2700and :include: files.
2701Administrators can override this by setting the
2702.b DontBlameSendmail
2703option to the setting
2704.b NonRootSafeAddr .
2705.b RunAsUser
2706is probably best suited for firewall configurations
2707that don't have regular user logins.
2708.sh 3 "Turning off security checks"
2709.pp
2710.i Sendmail
2711is very particular about the modes of files that it reads or writes.
2712For example, by default it will refuse to read most files
2713that are group writable
2714on the grounds that they might have been tampered with
2715by someone other than the owner;
2716it will even refuse to read files in group writable directories.
2717.pp
2718If you are
2719.i quite
2720sure that your configuration is safe and you want
2721.i sendmail
2722to avoid these security checks,
2723you can turn off certain checks using the
2724.b DontBlameSendmail
2725option.
2726This option takes one or more names that disable checks.
2727In the descriptions that follow,
2728.q "unsafe directory"
2729means a directory that is writable by anyone other than the owner.
2730The values are:
2731.nr ii 0.5i
2732.ip Safe
2733No special handling.
2734.ip AssumeSafeChown
2735Assume that the
2736.i chown
2737system call is restricted to root.
2738Since some versions of UNIX permit regular users
2739to give away their files to other users on some filesystems,
2740.i sendmail
2741often cannot assume that a given file was created by the owner,
2742particularly when it is in a writable directory.
2743You can set this flag if you know that file giveaway is restricted
2744on your system.
2745.ip ClassFileInUnsafeDirPath
2746When reading class files (using the
2747.b F
2748line in the configuration file),
2749allow files that are in unsafe directories.
2750.ip DontWarnForwardFileInUnsafeDirPath
2751Prevent logging of
2752unsafe directory path warnings
2753for non-existent forward files.
2754.ip ErrorHeaderInUnsafeDirPath
2755Allow the file named in the
2756.b ErrorHeader
2757option to be in an unsafe directory.
2758.ip FileDeliveryToHardLink
2759Allow delivery to files that are hard links.
2760.ip FileDeliveryToSymLink
2761Allow delivery to files that are symbolic links.
2762.ip ForwardFileInGroupWritableDirPath
2763Allow
2764.i \&.forward
2765files in group writable directories.
2766.ip ForwardFileInUnsafeDirPath
2767Allow
2768.i \&.forward
2769files in unsafe directories.
2770.ip ForwardFileInUnsafeDirPathSafe
2771Allow a
2772.i \&.forward
2773file that is in an unsafe directory to include references
2774to program and files.
2775.ip GroupWritableAliasFile
2776Allow group-writable alias files.
2777.ip GroupWritableDirPathSafe
2778Change the definition of
2779.q "unsafe directory"
2780to consider group-writable directories to be safe.
2781World-writable directories are always unsafe.
2782.ip GroupWritableForwardFileSafe
2783Accept group-writable
2784.i \&.forward
2785files as safe for program and file delivery.
2786.ip GroupWritableIncludeFileSafe
2787Accept group-writable
2788.i :include:
2789files as safe for program and file delivery.
2790.ip HelpFileInUnsafeDirPath
2791Allow the file named in the
2792.b HelpFile
2793option to be in an unsafe directory.
2794.ip IncludeFileInGroupWritableDirPath
2795Allow
2796.i :include:
2797files in group writable directories.
2798.ip IncludeFileInUnsafeDirPath
2799Allow
2800.i :include:
2801files in unsafe directories.
2802.ip IncludeFileInUnsafeDirPathSafe
2803Allow a
2804.i :include:
2805file that is in an unsafe directory to include references
2806to program and files.
2807.ip InsufficientEntropy
2808Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
2809despite the security problems.
2810.ip LinkedAliasFileInWritableDir
2811Allow an alias file that is a link in a writable directory.
2812.ip LinkedClassFileInWritableDir
2813Allow class files that are links in writable directories.
2814.ip LinkedForwardFileInWritableDir
2815Allow
2816.i \&.forward
2817files that are links in writable directories.
2818.ip LinkedIncludeFileInWritableDir
2819Allow
2820.i :include:
2821files that are links in writable directories.
2822.ip LinkedMapInWritableDir
2823Allow map files that are links in writable directories.
2824.ip LinkedServiceSwitchFileInWritableDir
2825Allow the service switch file to be a link
2826even if the directory is writable.
2827.ip MapInUnsafeDirPath
2828Allow maps (e.g.,
2829.i hash ,
2830.i btree ,
2831and
2832.i dbm
2833files)
2834in unsafe directories.
2835.ip NonRootSafeAddr
2836Do not mark file and program deliveries as unsafe
2837if sendmail is not running with root privileges.
2838.ip RunProgramInUnsafeDirPath
2839Go ahead and run programs that are in writable directories.
2840.ip RunWritableProgram
2841Go ahead and run programs that are group- or world-writable.
2842.ip TrustStickyBit
2843Allow group or world writable directories
2844if the sticky bit is set on the directory.
2845Do not set this on systems which do not honor
2846the sticky bit on directories.
2847.ip WorldWritableAliasFile
2848Accept world-writable alias files.
2849.ip WriteMapToHardLink
2850Allow writes to maps that are hard links.
2851.ip WriteMapToSymLink
2852Allow writes to maps that are symbolic links.
2853.ip WriteStatsToHardLink
2854Allow the status file to be a hard link.
2855.ip WriteStatsToSymLink
2856Allow the status file to be a symbolic link.
2857.sh 2 "Connection Caching"
2858.pp
2859When processing the queue,
2860.i sendmail
2861will try to keep the last few open connections open
2862to avoid startup and shutdown costs.
2863This only applies to IPC connections.
2864.pp
2865When trying to open a connection
2866the cache is first searched.
2867If an open connection is found, it is probed to see if it is still active
2868by sending a
2869.sm RSET
2870command.
2871It is not an error if this fails;
2872instead, the connection is closed and reopened.
2873.pp
2874Two parameters control the connection cache.
2875The
2876.b ConnectionCacheSize
2877(\c
2878.b k )
2879option defines the number of simultaneous open connections
2880that will be permitted.
2881If it is set to zero,
2882connections will be closed as quickly as possible.
2883The default is one.
2884This should be set as appropriate for your system size;
2885it will limit the amount of system resources that
2886.i sendmail
2887will use during queue runs.
2888Never set this higher than 4.
2889.pp
2890The
2891.b ConnectionCacheTimeout
2892(\c
2893.b K )
2894option specifies the maximum time that any cached connection
2895will be permitted to idle.
2896When the idle time exceeds this value
2897the connection is closed.
2898This number should be small
2899(under ten minutes)
2900to prevent you from grabbing too many resources
2901from other hosts.
2902The default is five minutes.
2903.sh 2 "Name Server Access"
2904.pp
2905Control of host address lookups is set by the
2906.b hosts
2907service entry in your service switch file.
2908If you are on a system that has built-in service switch support
2909(e.g., Ultrix, Solaris, or DEC OSF/1)
2910then your system is probably configured properly already.
2911Otherwise,
2912.i sendmail
2913will consult the file
2914.b /etc/mail/service.switch ,
2915which should be created.
2916.i Sendmail
2917only uses two entries:
2918.b hosts
2919and
2920.b aliases ,
2921although system routines may use other services
2922(notably the
2923.b passwd
2924service for user name lookups by
2925.i getpwname ).
2926.pp
2927However, some systems (such as SunOS 4.X)
2928will do DNS lookups
2929regardless of the setting of the service switch entry.
2930In particular, the system routine
2931.i gethostbyname (3)
2932is used to look up host names,
2933and many vendor versions try some combination of DNS, NIS,
2934and file lookup in /etc/hosts
2935without consulting a service switch.
2936.i Sendmail
2937makes no attempt to work around this problem,
2938and the DNS lookup will be done anyway.
2939If you do not have a nameserver configured at all,
2940such as at a UUCP-only site,
2941.i sendmail
2942will get a
2943.q "connection refused"
2944message when it tries to connect to the name server.
2945If the
2946.b hosts
2947switch entry has the service
2948.q dns
2949listed somewhere in the list,
2950.i sendmail
2951will interpret this to mean a temporary failure
2952and will queue the mail for later processing;
2953otherwise, it ignores the name server data.
2954.pp
2955The same technique is used to decide whether to do MX lookups.
2956If you want MX support, you
2957.i must
2958have
2959.q dns
2960listed as a service in the
2961.b hosts
2962switch entry.
2963.pp
2964The
2965.b ResolverOptions
2966(\c
2967.b I )
2968option allows you to tweak name server options.
2969The command line takes a series of flags as documented in
2970.i resolver (3)
2971(with the leading
2972.q RES_
2973deleted).
2974Each can be preceded by an optional `+' or `\(mi'.
2975For example, the line
2976.(b
2977O ResolverOptions=+AAONLY \(miDNSRCH
2978.)b
2979turns on the AAONLY (accept authoritative answers only)
2980and turns off the DNSRCH (search the domain path) options.
2981Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
2982flags on and all others off.
2983You can also include
2984.q HasWildcardMX
2985to specify that there is a wildcard MX record matching your domain;
2986this turns off MX matching when canonifying names,
2987which can lead to inappropriate canonifications.
2988.pp
2989Version level 1 configurations
2990turn DNSRCH and DEFNAMES off when doing delivery lookups,
2991but leave them on everywhere else.
2992Version 8 of
2993.i sendmail
2994ignores them when doing canonification lookups
2995(that is, when using $[ ... $]),
2996and always does the search.
2997If you don't want to do automatic name extension,
2998don't call $[ ... $].
2999.pp
3000The search rules for $[ ... $] are somewhat different than usual.
3001If the name being looked up
3002has at least one dot, it always tries the unmodified name first.
3003If that fails, it tries the reduced search path,
3004and lastly tries the unmodified name
3005(but only for names without a dot,
3006since names with a dot have already been tried).
3007This allows names such as
3008``utc.CS''
3009to match the site in Czechoslovakia
3010rather than the site in your local Computer Science department.
3011It also prefers A and CNAME records over MX records \*-
3012that is, if it finds an MX record it makes note of it,
3013but keeps looking.
3014This way, if you have a wildcard MX record matching your domain,
3015it will not assume that all names match.
3016.pp
3017To completely turn off all name server access
3018on systems without service switch support
3019(such as SunOS 4.X)
3020you will have to recompile with
3021\-DNAMED_BIND=0
3022and remove \-lresolv from the list of libraries to be searched
3023when linking.
3024.sh 2 "Moving the Per-User Forward Files"
3025.pp
3026Some sites mount each user's home directory
3027from a local disk on their workstation,
3028so that local access is fast.
3029However, the result is that .forward file lookups are slow.
3030In some cases,
3031mail can even be delivered on machines inappropriately
3032because of a file server being down.
3033The performance can be especially bad if you run the automounter.
3034.pp
3035The
3036.b ForwardPath
3037(\c
3038.b J )
3039option allows you to set a path of forward files.
3040For example, the config file line
3041.(b
3042O ForwardPath=/var/forward/$u:$z/.forward.$w
3043.)b
3044would first look for a file with the same name as the user's login
3045in /var/forward;
3046if that is not found (or is inaccessible)
3047the file
3048``.forward.\c
3049.i machinename ''
3050in the user's home directory is searched.
3051A truly perverse site could also search by sender
3052by using $r, $s, or $f.
3053.pp
3054If you create a directory such as /var/forward,
3055it should be mode 1777
3056(that is, the sticky bit should be set).
3057Users should create the files mode 644.
3058Note that you must use the
3059forwardfileinunsafedirpath and
3060forwardfileinunsafedirpathsafe
3061flags with the DontBlameSendmail option
3062to allow forward files in a world
3063writable directory.
3064This might also be used as a
3065denial of service
3066attack (users could create forward files for other users);
3067a better approach might be to create
3068/var/forward
3069mode 755
3070and create empty files for each user,
3071owned by that user,
3072mode 644.
3073If you do this, you don't have to set the DontBlameSendmail options
3074indicated above.
3075.sh 2 "Free Space"
3076.pp
3077On systems that have one of the system calls in the
3078.i statfs (2)
3079family
3080(including
3081.i statvfs
3082and
3083.i ustat ),
3084you can specify a minimum number of free blocks on the queue filesystem
3085using the
3086.b MinFreeBlocks
3087(\c
3088.b b )
3089option.
3090If there are fewer than the indicated number of blocks free
3091on the filesystem on which the queue is mounted
3092the SMTP server will reject mail
3093with the
3094452 error code.
3095This invites the SMTP client to try again later.
3096.pp
3097Beware of setting this option too high;
3098it can cause rejection of email
3099when that mail would be processed without difficulty.
3100.sh 2 "Maximum Message Size"
3101.pp
3102To avoid overflowing your system with a large message,
3103the
3104.b MaxMessageSize
3105option can be set to set an absolute limit
3106on the size of any one message.
3107This will be advertised in the ESMTP dialogue
3108and checked during message collection.
3109.sh 2 "Privacy Flags"
3110.pp
3111The
3112.b PrivacyOptions
3113(\c
3114.b p )
3115option allows you to set certain
3116``privacy''
3117flags.
3118Actually, many of them don't give you any extra privacy,
3119rather just insisting that client SMTP servers
3120use the HELO command
3121before using certain commands
3122or adding extra headers to indicate possible spoof attempts.
3123.pp
3124The option takes a series of flag names;
3125the final privacy is the inclusive or of those flags.
3126For example:
3127.(b
3128O PrivacyOptions=needmailhelo, noexpn
3129.)b
3130insists that the HELO or EHLO command be used before a MAIL command is accepted
3131and disables the EXPN command.
3132.pp
3133The flags are detailed in section
3134.\"XREF
31355.6.
3136.sh 2 "Send to Me Too"
3137.pp
3138Beginning with version 8.10,
3139.i sendmail
3140includes by default the (envelope) sender in any list expansions.
3141For example, if
3142.q matt
3143sends to a list that contains
3144.q matt
3145as one of the members he will get a copy of the message.
3146If the
3147.b MeToo
3148option is set to
3149.sm FALSE
3150(in the configuration file or via the command line),
3151this behavior is changed, i.e.,
3152the (envelope) sender is excluded in list expansions.
3153.sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
3154.pp
3155This section describes the configuration file
3156in detail.
3157.pp
3158There is one point that should be made clear immediately:
3159the syntax of the configuration file
3160is designed to be reasonably easy to parse,
3161since this is done every time
3162.i sendmail
3163starts up,
3164rather than easy for a human to read or write.
3165On the
3166.q "future project"
3167list is a
3168configuration-file compiler.
3169.pp
3170The configuration file is organized as a series of lines,
3171each of which begins with a single character
3172defining the semantics for the rest of the line.
3173Lines beginning with a space or a tab
3174are continuation lines
3175(although the semantics are not well defined in many places).
3176Blank lines and lines beginning with a sharp symbol
3177(`#')
3178are comments.
3179.sh 2 "R and S \*- Rewriting Rules"
3180.pp
3181The core of address parsing
3182are the rewriting rules.
3183These are an ordered production system.
3184.i Sendmail
3185scans through the set of rewriting rules
3186looking for a match on the left hand side
3187(LHS)
3188of the rule.
3189When a rule matches,
3190the address is replaced by the right hand side
3191(RHS)
3192of the rule.
3193.pp
3194There are several sets of rewriting rules.
3195Some of the rewriting sets are used internally
3196and must have specific semantics.
3197Other rewriting sets
3198do not have specifically assigned semantics,
3199and may be referenced by the mailer definitions
3200or by other rewriting sets.
3201.pp
3202The syntax of these two commands are:
3203.(b F
3204.b S \c
3205.i n
3206.)b
3207Sets the current ruleset being collected to
3208.i n .
3209If you begin a ruleset more than once
3210it appends to the old definition.
3211.(b F
3212.b R \c
3213.i lhs
3214.i rhs
3215.i comments
3216.)b
3217The
3218fields must be separated
3219by at least one tab character;
3220there may be embedded spaces
3221in the fields.
3222The
3223.i lhs
3224is a pattern that is applied to the input.
3225If it matches,
3226the input is rewritten to the
3227.i rhs .
3228The
3229.i comments
3230are ignored.
3231.pp
3232Macro expansions of the form
3233.b $ \c
3234.i x
3235are performed when the configuration file is read.
3236A literal
3237.b $
3238can be included using
3239.b $$ .
3240Expansions of the form
3241.b $& \c
3242.i x
3243are performed at run time using a somewhat less general algorithm.
3244This is intended only for referencing internally defined macros
3245such as
3246.b $h
3247that are changed at runtime.
3248.sh 3 "The left hand side"
3249.pp
3250The left hand side of rewriting rules contains a pattern.
3251Normal words are simply matched directly.
3252Metasyntax is introduced using a dollar sign.
3253The metasymbols are:
3254.(b
3255.ta \w'\fB$=\fP\fIx\fP 'u
3256\fB$*\fP Match zero or more tokens
3257\fB$+\fP Match one or more tokens
3258\fB$\-\fP Match exactly one token
3259\fB$=\fP\fIx\fP Match any phrase in class \fIx\fP
3260\fB$~\fP\fIx\fP Match any word not in class \fIx\fP
3261.)b
3262If any of these match,
3263they are assigned to the symbol
3264.b $ \c
3265.i n
3266for replacement on the right hand side,
3267where
3268.i n
3269is the index in the LHS.
3270For example,
3271if the LHS:
3272.(b
3273$\-:$+
3274.)b
3275is applied to the input:
3276.(b
3277UCBARPA:eric
3278.)b
3279the rule will match, and the values passed to the RHS will be:
3280.(b
3281.ta 4n
3282$1 UCBARPA
3283$2 eric
3284.)b
3285.pp
3286Additionally, the LHS can include
3287.b $@
3288to match zero tokens.
3289This is
3290.i not
3291bound to a
3292.b $ \c
3293.i n
3294on the RHS, and is normally only used when it stands alone
3295in order to match the null input.
3296.sh 3 "The right hand side"
3297.pp
3298When the left hand side of a rewriting rule matches,
3299the input is deleted and replaced by the right hand side.
3300Tokens are copied directly from the RHS
3301unless they begin with a dollar sign.
3302Metasymbols are:
3303.(b
3304.ta \w'$#mailer\0\0\0'u
3305\fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS
3306\fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP
3307\fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
3308 Generalized keyed mapping function
3309\fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP
3310\fB$#\fP\fImailer\fP Resolve to \fImailer\fP
3311\fB$@\fP\fIhost\fP Specify \fIhost\fP
3312\fB$:\fP\fIuser\fP Specify \fIuser\fP
3313.)b
3314.pp
3315The
3316.b $ \c
3317.i n
3318syntax substitutes the corresponding value from a
3319.b $+ ,
3320.b $\- ,
3321.b $* ,
3322.b $= ,
3323or
3324.b $~
3325match on the LHS.
3326It may be used anywhere.
3327.pp
3328A host name enclosed between
3329.b $[
3330and
3331.b $]
3332is looked up in the host database(s)
3333and replaced by the canonical name\**.
3334.(f
3335\**This is actually
3336completely equivalent
3337to $(host \fIhostname\fP$).
3338In particular, a
3339.b $:
3340default can be used.
3341.)f
3342For example,
3343.q $[ftp$]
3344might become
3345.q ftp.CS.Berkeley.EDU
3346and
3347.q $[[128.32.130.2]$]
3348would become
3349.q vangogh.CS.Berkeley.EDU.
3350.i Sendmail
3351recognizes its numeric IP address
3352without calling the name server
3353and replaces it with its canonical name.
3354.pp
3355The
3356.b $(
3357\&...
3358.b $)
3359syntax is a more general form of lookup;
3360it uses a named map instead of an implicit map.
3361If no lookup is found, the indicated
3362.i default
3363is inserted;
3364if no default is specified and no lookup matches,
3365the value is left unchanged.
3366The
3367.i arguments
3368are passed to the map for possible use.
3369.pp
3370The
3371.b $> \c
3372.i n
3373syntax
3374causes the remainder of the line to be substituted as usual
3375and then passed as the argument to ruleset
3376.i n .
3377The final value of ruleset
3378.i n
3379then becomes
3380the substitution for this rule.
3381The
3382.b $>
3383syntax expands everything after the ruleset name
3384to the end of the replacement string
3385and then passes that as the initial input to the ruleset.
3386Recursive calls are allowed.
3387For example,
3388.(b
3389$>0 $>3 $1
3390.)b
3391expands $1, passes that to ruleset 3, and then passes the result
3392of ruleset 3 to ruleset 0.
3393.pp
3394The
3395.b $#
3396syntax should
3397.i only
3398be used in ruleset zero,
3399a subroutine of ruleset zero,
3400or rulesets that return decisions (e.g., check_rcpt).
3401It causes evaluation of the ruleset to terminate immediately,
3402and signals to
3403.i sendmail
3404that the address has completely resolved.
3405The complete syntax for ruleset 0 is:
3406.(b
3407\fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
3408.)b
3409This specifies the
3410{mailer, host, user}
34113-tuple necessary to direct the mailer.
3412If the mailer is local
3413the host part may be omitted\**.
3414.(f
3415\**You may want to use it for special
3416.q "per user"
3417extensions.
3418For example, in the address
3419.q jgm+foo@CMU.EDU ;
3420the
3421.q +foo
3422part is not part of the user name,
3423and is passed to the local mailer for local use.
3424.)f
3425The
3426.i mailer
3427must be a single word,
3428but the
3429.i host
3430and
3431.i user
3432may be multi-part.
3433If the
3434.i mailer
3435is the builtin IPC mailer,
3436the
3437.i host
3438may be a colon-separated list of hosts
3439that are searched in order for the first working address
3440(exactly like MX records).
3441The
3442.i user
3443is later rewritten by the mailer-specific envelope rewriting set
3444and assigned to the
3445.b $u
3446macro.
3447As a special case, if the mailer specified has the
3448.b F=@
3449flag specified
3450and the first character of the
3451.b $:
3452value is
3453.q @ ,
3454the
3455.q @
3456is stripped off, and a flag is set in the address descriptor
3457that causes sendmail to not do ruleset 5 processing.
3458.pp
3459Normally, a rule that matches is retried,
3460that is,
3461the rule loops until it fails.
3462A RHS may also be preceded by a
3463.b $@
3464or a
3465.b $:
3466to change this behavior.
3467A
3468.b $@
3469prefix causes the ruleset to return with the remainder of the RHS
3470as the value.
3471A
3472.b $:
3473prefix causes the rule to terminate immediately,
3474but the ruleset to continue;
3475this can be used to avoid continued application of a rule.
3476The prefix is stripped before continuing.
3477.pp
3478The
3479.b $@
3480and
3481.b $:
3482prefixes may precede a
3483.b $>
3484spec;
3485for example:
3486.(b
3487.ta 8n
3488R$+ $: $>7 $1
3489.)b
3490matches anything,
3491passes that to ruleset seven,
3492and continues;
3493the
3494.b $:
3495is necessary to avoid an infinite loop.
3496.pp
3497Substitution occurs in the order described,
3498that is,
3499parameters from the LHS are substituted,
3500hostnames are canonicalized,
3501.q subroutines
3502are called,
3503and finally
3504.b $# ,
3505.b $@ ,
3506and
3507.b $:
3508are processed.
3509.sh 3 "Semantics of rewriting rule sets"
3510.pp
3511There are six rewriting sets
3512that have specific semantics.
3513Five of these are related as depicted by figure 1.
3514.(z
3515.hl
3516.ie n \{\
3517.(c
3518 +---+
3519 -->| 0 |-->resolved address
3520 / +---+
3521 / +---+ +---+
3522 / ---->| 1 |-->| S |--
3523 +---+ / +---+ / +---+ +---+ \e +---+
3524addr-->| 3 |-->| D |-- --->| 4 |-->msg
3525 +---+ +---+ \e +---+ +---+ / +---+
3526 --->| 2 |-->| R |--
3527 +---+ +---+
3528.)c
3529
3530.\}
3531.el \{\
3532.ie !"\*(.T"" \{\
3533.PS
3534boxwid = 0.3i
3535boxht = 0.3i
3536movewid = 0.3i
3537moveht = 0.3i
3538linewid = 0.3i
3539lineht = 0.3i
3540
3541 box invis "addr"; arrow
3542Box3: box "3"
3543A1: arrow
3544BoxD: box "D"; line; L1: Here
3545C: [
3546 C1: arrow; box "1"; arrow; box "S"; line; E1: Here
3547 move to C1 down 0.5; right
3548 C2: arrow; box "2"; arrow; box "R"; line; E2: Here
3549 ] with .w at L1 + (0.5, 0)
3550 move to C.e right 0.5
3551L4: arrow; box "4"; arrow; box invis "msg"
3552 line from L1 to C.C1
3553 line from L1 to C.C2
3554 line from C.E1 to L4
3555 line from C.E2 to L4
3556 move to BoxD.n up 0.6; right
3557Box0: arrow; box "0"
3558 arrow; box invis "resolved address" width 1.3
3559 line from 1/3 of the way between A1 and BoxD.w to Box0
3560.PE
3561.\}
3562.el .sp 2i
3563.\}
3564.ce
3565Figure 1 \*- Rewriting set semantics
3566.(c
3567D \*- sender domain addition
3568S \*- mailer-specific sender rewriting
3569R \*- mailer-specific recipient rewriting
3570.)c
3571.hl
3572.)z
3573.pp
3574Ruleset three
3575should turn the address into
3576.q "canonical form."
3577This form should have the basic syntax:
3578.(b
3579local-part@host-domain-spec
3580.)b
3581Ruleset three
3582is applied by
3583.i sendmail
3584before doing anything with any address.
3585.pp
3586If no
3587.q @
3588sign is specified,
3589then the
3590host-domain-spec
3591.i may
3592be appended (box
3593.q D
3594in Figure 1)
3595from the
3596sender address
3597(if the
3598.b C
3599flag is set in the mailer definition
3600corresponding to the
3601.i sending
3602mailer).
3603.pp
3604Ruleset zero
3605is applied after ruleset three
3606to addresses that are going to actually specify recipients.
3607It must resolve to a
3608.i "{mailer, host, address}"
3609triple.
3610The
3611.i mailer
3612must be defined in the mailer definitions
3613from the configuration file.
3614The
3615.i host
3616is defined into the
3617.b $h
3618macro
3619for use in the argv expansion of the specified mailer.
3620.pp
3621Rulesets one and two
3622are applied to all sender and recipient addresses respectively.
3623They are applied before any specification
3624in the mailer definition.
3625They must never resolve.
3626.pp
3627Ruleset four is applied to all addresses
3628in the message.
3629It is typically used
3630to translate internal to external form.
3631.pp
3632In addition,
3633ruleset 5 is applied to all local addresses
3634(specifically, those that resolve to a mailer with the `F=5'
3635flag set)
3636that do not have aliases.
3637This allows a last minute hook for local names.
3638.sh 3 "Ruleset hooks"
3639.pp
3640A few extra rulesets are defined as
3641.q hooks
3642that can be defined to get special features.
3643They are all named rulesets.
3644The
3645.q check_*
3646forms all give accept/reject status;
3647falling off the end or returning normally is an accept,
3648and resolving to
3649.b $#error
3650is a reject.
3651Many of these can also resolve to the special mailer name
3652.b $#discard ;
3653this accepts the message as though it were successful
3654but then discards it without delivery.
3655Note,
3656this mailer can not be chosen as a mailer in ruleset 0.
3657.sh 4 "check_relay"
3658.pp
3659The
3660.i check_relay
3661ruleset is called after a connection is accepted by the daemon.
3662It is not called when sendmail is started using the
3663.b \-bs
3664option.
3665It is passed
3666.(b
3667client.host.name $| client.host.address
3668.)b
3669where
3670.b $|
3671is a metacharacter separating the two parts.
3672This ruleset can reject connections from various locations.
3673.sh 4 "check_mail"
3674.pp
3675The
3676.i check_mail
3677ruleset is passed the user name parameter of the
3678.sm "SMTP MAIL"
3679command.
3680It can accept or reject the address.
3681.sh 4 "check_rcpt"
3682.pp
3683The
3684.i check_rcpt
3685ruleset is passed the user name parameter of the
3686.sm "SMTP RCPT"
3687command.
3688It can accept or reject the address.
3689.sh 4 "check_compat"
3690.pp
3691The
3692.i check_compat
3693ruleset is passed
3694.(b
3695sender-address $| recipient-address
3696.)b
3697where
3698.b $|
3699is a metacharacter separating the addresses.
3700It can accept or reject mail transfer between these two addresses
3701much like the
3702.i checkcompat()
3703function.
3704.sh 4 "check_eoh"
3705.pp
3706The
3707.i check_eoh
3708ruleset is passed
3709.(b
3710number-of-headers $| size-of-headers
3711.)b
3712where
3713.b $|
3714is a metacharacter separating the numbers.
3715These numbers can be used for size comparisons with the
3716.b arith
3717map.
3718The ruleset is triggered after
3719all of the headers have been read.
3720It can be used to correlate information gathered
3721from those headers using the
3722.b macro
3723storage map.
3724One possible use is to check for a missing header.
3725For example:
3726.(b
3727.ta 1.5i
3728Kstorage macro
3729HMessage-Id: $>CheckMessageId
3730
3731SCheckMessageId
3732# Record the presence of the header
3733R$* $: $(storage {MessageIdCheck} $@ OK $) $1
3734R< $+ @ $+ > $@ OK
3735R$* $#error $: 553 Header Error
3736
3737Scheck_eoh
3738# Check the macro
3739R$* $: < $&{MessageIdCheck} >
3740# Clear the macro for the next message
3741R$* $: $(storage {MessageIdCheck} $) $1
3742# Has a Message-Id: header
3743R< $+ > $@ OK
3744# Allow missing Message-Id: from local mail
3745R$* $: < $&{client_name} >
3746R< > $@ OK
3747R< $=w > $@ OK
3748# Otherwise, reject the mail
3749R$* $#error $: 553 Header Error
3750.)b
3751Keep in mind the Message-Id: header is not a required header and
3752is not a guaranteed spam indicator.
3753This ruleset is an example and
3754should probably not be used in production.
3755.sh 4 "check_etrn"
3756.pp
3757The
3758.i check_etrn
3759ruleset is passed the parameter of the
3760.sm "SMTP ETRN"
3761command.
3762It can accept or reject the command.
3763.sh 4 "check_expn"
3764.pp
3765The
3766.i check_expn
3767ruleset is passed the user name parameter of the
3768.sm "SMTP EXPN"
3769command.
3770It can accept or reject the address.
3771.sh 4 "check_vrfy"
3772.pp
3773The
3774.i check_vrfy
3775ruleset is passed the user name parameter of the
3776.sm "SMTP VRFY"
3777command.
3778It can accept or reject the command.
3779.sh 4 "trust_auth"
3780.pp
3781The
3782.i trust_auth
3783ruleset is passed the AUTH= parameter of the
3784.sm "SMTP MAIL"
3785command.
3786It is used to determine whether this value should be
3787trusted. In order to make this decision, the ruleset
3788may make use of the various
3789.b ${auth_*}
3790macros.
3791If the ruleset does resolve to the
3792.q error
3793mailer the AUTH= parameter is not trusted and hence
3794not passed on to the next relay.
3795.sh 4 "tls_client"
3796.pp
3797The
3798.i tls_client
3799ruleset is called when sendmail acts as server, after a STARTTLS command
3800has been issued, and from
3801.i check_mail.
3802The parameter is the value of
3803.b ${verify}
3804and STARTTLS or MAIL, respectively.
3805If the ruleset does resolve to the
3806.q error
3807mailer, the appropriate error code is returned to the client.
3808.sh 4 "tls_server"
3809.pp
3810The
3811.i tls_server
3812ruleset is called when sendmail acts as client after a STARTTLS command
3813(should) have been issued.
3814The parameter is the value of
3815.b ${verify} .
3816If the ruleset does resolve to the
3817.q error
3818mailer, the connection is aborted
3819(treated as non-deliverable with a permanent or temporary error).
3820.sh 3 "IPC mailers"
3821.pp
3822Some special processing occurs
3823if the ruleset zero resolves to an IPC mailer
3824(that is, a mailer that has
3825.q [IPC]
3826listed as the Path in the
3827.b M
3828configuration line.
3829The host name passed after
3830.q $@
3831has MX expansion performed if not delivering via a named socket;
3832this looks the name up in DNS to find alternate delivery sites.
3833.pp
3834The host name can also be provided as a dotted quad in square brackets;
3835for example:
3836.(b
3837[128.32.149.78]
3838.)b
3839This causes direct conversion of the numeric value
3840to an IP host address.
3841.pp
3842The host name passed in after the
3843.q $@
3844may also be a colon-separated list of hosts.
3845Each is separately MX expanded and the results are concatenated
3846to make (essentially) one long MX list.
3847The intent here is to create
3848.q fake
3849MX records that are not published in DNS
3850for private internal networks.
3851.pp
3852As a final special case, the host name can be passed in
3853as a text string
3854in square brackets:
3855.(b
3856[ucbvax.berkeley.edu]
3857.)b
3858This form avoids the MX mapping.
3859.b N.B.:
3860.i
3861This is intended only for situations where you have a network firewall
3862or other host that will do special processing for all your mail,
3863so that your MX record points to a gateway machine;
3864this machine could then do direct delivery to machines
3865within your local domain.
3866Use of this feature directly violates RFC 1123 section 5.3.5:
3867it should not be used lightly.
3868.r
3869.sh 2 "D \*- Define Macro"
3870.pp
3871Macros are named with a single character
3872or with a word in {braces}.
3873The names ``x'' and ``{x}'' denote the same macro
3874for every single character ``x''.
3875Single character names may be selected from the entire ASCII set,
3876but user-defined macros
3877should be selected from the set of upper case letters only.
3878Lower case letters
3879and special symbols
3880are used internally.
3881Long names beginning with a lower case letter or a punctuation character
3882are reserved for use by sendmail,
3883so user-defined long macro names should begin with an upper case letter.
3884.pp
3885The syntax for macro definitions is:
3886.(b F
3887.b D \c
3888.i x\|val
3889.)b
3890where
3891.i x
3892is the name of the macro
3893(which may be a single character
3894or a word in braces)
3895and
3896.i val
3897is the value it should have.
3898There should be no spaces given
3899that do not actually belong in the macro value.
3900.pp
3901Macros are interpolated
3902using the construct
3903.b $ \c
3904.i x ,
3905where
3906.i x
3907is the name of the macro to be interpolated.
3908This interpolation is done when the configuration file is read,
3909except in
3910.b M
3911lines.
3912The special construct
3913.b $& \c
3914.i x
3915can be used in
3916.b R
3917lines to get deferred interpolation.
3918.pp
3919Conditionals can be specified using the syntax:
3920.(b
3921$?x text1 $| text2 $.
3922.)b
3923This interpolates
3924.i text1
3925if the macro
3926.b $x
3927is set and non-null,
3928and
3929.i text2
3930otherwise.
3931The
3932.q else
3933(\c
3934.b $| )
3935clause may be omitted.
3936.pp
3937Lower case macro names are reserved to have
3938special semantics,
3939used to pass information in or out of
3940.i sendmail ,
3941and special characters are reserved to
3942provide conditionals, etc.
3943Upper case names
3944(that is,
3945.b $A
3946through
3947.b $Z )
3948are specifically reserved for configuration file authors.
3949.pp
3950The following macros are defined and/or used internally by
3951.i sendmail
3952for interpolation into argv's for mailers
3953or for other contexts.
3954The ones marked \(dg are information passed into sendmail\**,
3955.(f
3956\**As of version 8.6,
3957all of these macros have reasonable defaults.
3958Previous versions required that they be defined.
3959.)f
3960the ones marked \(dd are information passed both in and out of sendmail,
3961and the unmarked macros are passed out of sendmail
3962but are not otherwise used internally.
3963These macros are:
3964.nr ii 5n
3965.ip $a
3966The origination date in RFC 822 format.
3967This is extracted from the Date: line.
3968.ip $b
3969The current date in RFC 822 format.
3970.ip $c
3971The hop count.
3972This is a count of the number of Received: lines
3973plus the value of the
3974.b \-h
3975command line flag.
3976.ip $d
3977The current date in UNIX (ctime) format.
3978.ip $e\(dg
3979(Obsolete; use SmtpGreetingMessage option instead.)
3980The SMTP entry message.
3981This is printed out when SMTP starts up.
3982The first word must be the
3983.b $j
3984macro as specified by RFC821.
3985Defaults to
3986.q "$j Sendmail $v ready at $b" .
3987Commonly redefined to include the configuration version number, e.g.,
3988.q "$j Sendmail $v/$Z ready at $b"
3989.ip $f
3990The envelope sender (from) address.
3991.ip $g
3992The sender address relative to the recipient.
3993For example, if
3994.b $f
3995is
3996.q foo ,
3997.b $g
3998will be
3999.q host!foo ,
4000.q foo@host.domain ,
4001or whatever is appropriate for the receiving mailer.
4002.ip $h
4003The recipient host.
4004This is set in ruleset 0 from the $@ field of a parsed address.
4005.ip $i
4006The queue id,
4007e.g.,
4008.q HAA12345 .
4009.ip $j\(dd
4010The \*(lqofficial\*(rq domain name for this site.
4011This is fully qualified if the full qualification can be found.
4012It
4013.i must
4014be redefined to be the fully qualified domain name
4015if your system is not configured so that information can find
4016it automatically.
4017.ip $k
4018The UUCP node name (from the uname system call).
4019.ip $l\(dg
4020(Obsolete; use UnixFromLine option instead.)
4021The format of the UNIX from line.
4022Unless you have changed the UNIX mailbox format,
4023you should not change the default,
4024which is
4025.q "From $g $d" .
4026.ip $m
4027The domain part of the \fIgethostname\fP return value.
4028Under normal circumstances,
4029.b $j
4030is equivalent to
4031.b $w.$m .
4032.ip $n\(dg
4033The name of the daemon (for error messages).
4034Defaults to
4035.q MAILER-DAEMON .
4036.ip $o\(dg
4037(Obsolete: use OperatorChars option instead.)
4038The set of \*(lqoperators\*(rq in addresses.
4039A list of characters
4040which will be considered tokens
4041and which will separate tokens
4042when doing parsing.
4043For example, if
4044.q @
4045were in the
4046.b $o
4047macro, then the input
4048.q a@b
4049would be scanned as three tokens:
4050.q a,
4051.q @,
4052and
4053.q b.
4054Defaults to
4055.q ".:@[]" ,
4056which is the minimum set necessary to do RFC 822 parsing;
4057a richer set of operators is
4058.q ".:%@!/[]" ,
4059which adds support for UUCP, the %-hack, and X.400 addresses.
4060.ip $p
4061Sendmail's process id.
4062.ip $q\(dg
4063Default format of sender address.
4064The
4065.b $q
4066macro specifies how an address should appear in a message
4067when it is defaulted.
4068Defaults to
4069.q "<$g>" .
4070It is commonly redefined to be
4071.q "$?x$x <$g>$|$g$."
4072or
4073.q "$g$?x ($x)$." ,
4074corresponding to the following two formats:
4075.(b
4076Eric Allman <eric@CS.Berkeley.EDU>
4077eric@CS.Berkeley.EDU (Eric Allman)
4078.)b
4079.i Sendmail
4080properly quotes names that have special characters
4081if the first form is used.
4082.ip $r
4083Protocol used to receive the message.
4084Set from the
4085.b \-p
4086command line flag or by the SMTP server code.
4087.ip $s
4088Sender's host name.
4089Set from the
4090.b \-p
4091command line flag or by the SMTP server code.
4092.ip $t
4093A numeric representation of the current time.
4094.ip $u
4095The recipient user.
4096.ip $v
4097The version number of the
4098.i sendmail
4099binary.
4100.ip $w\(dd
4101The hostname of this site.
4102This is the root name of this host (but see below for caveats).
4103.ip $x
4104The full name of the sender.
4105.ip $z
4106The home directory of the recipient.
4107.ip $_
4108The validated sender address.
4109.ip ${auth_authen}
4110The client's authentication credentials as determined by authentication
4111(only set if successful).
4112.ip ${auth_author}
4113The authorization identity, i.e. the AUTH= parameter of the
4114.sm "SMTP MAIL"
4115command if supplied.
4116.ip ${auth_type}
4117The mechanism used for authentication
4118(only set if successful).
4119.ip ${auth_ssf}
4120The keylength (in bits) of the symmetric encryption algorithm
4121used for the security layer of a SASL mechanism.
4122.ip ${bodytype}
4123The message body type
4124(7BIT or 8BITMIME),
4125as determined from the envelope.
4126.ip ${cert_issuer}
4127The DN (distinguished name) of the CA (certificate authority)
4128that signed the presented certificate (the cert issuer).
4129.ip ${cert_subject}
4130The DN of the presented certificate (called the cert subject).
4131.ip ${cipher}
4132The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
4133EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
4134.ip ${cipher_bits}
4135The keylength (in bits) of the symmetric encryption algorithm
4136used for a TLS connection.
4137.ip ${client_addr}
4138The IP address of the SMTP client.
4139Defined in the SMTP server only.
4140.ip ${client_name}
4141The host name of the SMTP client.
4142This may be the client's bracketed IP address
4143in the form [ nnn.nnn.nnn.nnn ] if the client's
4144IP address is not resolvable, or if it is resolvable
4145but the IP address of the resolved hostname
4146doesn't match the original IP address.
4147Defined in the SMTP server only.
4148.ip ${client_port}
4149The port number of the SMTP client.
4150Defined in the SMTP server only.
4151.ip ${client_resolve}
4152Holds the result of the resolve call for
4153.b ${client_name}
4154: OK, FAIL, FORGED, TEMP.
4155Defined in the SMTP server only.
4156.ip ${currHeader}
4157Header value as quoted string
4158(possibly truncated to
4159.b MAXNAME ).
4160.ip ${daemon_addr}
4161The IP address the daemon is listening on for connections.
4162Unless
4163.b DaemonPortOptions
4164is set, this will be
4165.q 0.0.0.0 .
4166.ip ${daemon_family}
4167The network family
4168if the daemon is accepting network connections.
4169Possible values include
4170.q inet ,
4171.q inet6 ,
4172.q iso ,
4173.q ns ,
4174.q x.25
4175.ip ${daemon_flags}
4176The flags for the daemon as specified by the
4177Modifier= part of
4178.b DaemonPortOptions
4179whereby the flags are separated from each other by spaces,
4180and upper case flags are doubled.
4181That is,
4182Modifier=Ea
4183will be represented as
4184"EE a" in
4185.b ${daemon_flags} ,
4186which is required for testing the flags in rulesets.
4187.ip ${daemon_info}
4188Some information about a daemon as a text string.
4189For example,
4190.q SMTP+queueing@00:30:00 .
4191.ip ${daemon_name}
4192The name of the daemon from
4193.b DaemonPortOptions
4194Name= suboption.
4195If this suboption is not set,
4196"Daemon#",
4197where # is the daemon number,
4198is used.
4199.ip ${daemon_port}
4200The port the daemon is accepting connection on.
4201Unless
4202.b DaemonPortOptions
4203is set, this will most likely be
4204.q 25 .
4205.ip ${deliveryMode}
4206The current delivery mode sendmail is using.
4207It is initially set to the value of the
4208.b DeliveryMode
4209option.
4210.ip ${envid}
4211The envelope id passed to sendmail as part of the envelope.
4212.ip ${hdrlen}
4213The length of the header value which is stored in
4214${currHeader} (before possible truncation).
4215If this value is greater than or equal
4216.b MAXNAME
4217the header has been truncated.
4218.ip ${hdr_name}
4219The name of the header field for which the current header
4220check ruleset has been called.
4221This is useful for a default header check ruleset to get
4222the name of the header.
4223.ip ${if_addr}
4224The IP address of the interface of an incoming connection
4225unless it is in the loopback net.
4226.ip ${if_family}
4227The IP family of the interface of an incoming connection
4228unless it is in the loopback net.
4229.ip ${if_name}
4230The name of the interface of an incoming connection.
4231This macro can be used for
4232SmtpGreetingMessage and HReceived for virtual hosting.
4233For example:
4234.(b
4235O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
4236.)b
4237.ip ${mail_addr}
4238The address part of the resolved triple of the address given for the
4239.sm "SMTP MAIL"
4240command.
4241Defined in the SMTP server only.
4242.ip ${mail_host}
4243The host from the resolved triple of the address given for the
4244.sm "SMTP MAIL"
4245command.
4246Defined in the SMTP server only.
4247.ip ${mail_mailer}
4248The mailer from the resolved triple of the address given for the
4249.sm "SMTP MAIL"
4250command.
4251Defined in the SMTP server only.
4252.ip ${msg_size}
4253The value of the SIZE= parameter,
4254i.e., usually the size of the message (in an ESMTP dialogue),
4255before the message has been collected, thereafter
4256the message size as computed by
4257.i sendmail
4258(and can be used in check_compat).
4259.ip ${ntries}
4260The number of delivery attempts.
4261.ip ${opMode}
4262The current operation mode (from the
4263.b \-b
4264flag).
4265.ip ${queue_interval}
4266The queue run interval given by the
4267.b \-q
4268flag.
4269For example,
4270.b \-q30m
4271would set
4272.b ${queue_interval}
4273to
4274.q 00:30:00 .
4275.ip ${rcpt_addr}
4276The address part of the resolved triple of the address given for the
4277.sm "SMTP RCPT"
4278command.
4279Defined in the SMTP server only.
4280.ip ${rcpt_host}
4281The host from the resolved triple of the address given for the
4282.sm "SMTP RCPT"
4283command.
4284Defined in the SMTP server only.
4285.ip ${rcpt_mailer}
4286The mailer from the resolved triple of the address given for the
4287.sm "SMTP RCPT"
4288command.
4289Defined in the SMTP server only.
4290.ip ${server_addr}
4291The address of the server of the current outgoing SMTP connection.
4292.ip ${server_name}
4293The name of the server of the current outgoing SMTP connection.
4294.ip ${tls_version}
4295The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2.
4296.ip ${verify}
4297The result of the verification of the presented cert.
4298Possible values are:
4299.(b
4300.ta 9n
4301OK verification succeeded.
4302NO no cert presented.
4303FAIL cert presented but could not be verified,
4304 e.g., the signing CA is missing.
4305NONE STARTTLS has not been performed.
4306TEMP temporary error occurred.
4307PROTOCOL some protocol error occurred.
4308SOFTWARE STARTTLS handshake failed,
4309 which is a fatal error for this session,
4310 the e-mail will be queued.
4311.)b
4312.pp
4313There are three types of dates that can be used.
4314The
4315.b $a
4316and
4317.b $b
4318macros are in RFC 822 format;
4319.b $a
4320is the time as extracted from the
4321.q Date:
4322line of the message
4323(if there was one),
4324and
4325.b $b
4326is the current date and time
4327(used for postmarks).
4328If no
4329.q Date:
4330line is found in the incoming message,
4331.b $a
4332is set to the current time also.
4333The
4334.b $d
4335macro is equivalent to the
4336.b $b
4337macro in UNIX
4338(ctime)
4339format.
4340.pp
4341The macros
4342.b $w ,
4343.b $j ,
4344and
4345.b $m
4346are set to the identity of this host.
4347.i Sendmail
4348tries to find the fully qualified name of the host
4349if at all possible;
4350it does this by calling
4351.i gethostname (2)
4352to get the current hostname
4353and then passing that to
4354.i gethostbyname (3)
4355which is supposed to return the canonical version of that host name.\**
4356.(f
4357\**For example, on some systems
4358.i gethostname
4359might return
4360.q foo
4361which would be mapped to
4362.q foo.bar.com
4363by
4364.i gethostbyname .
4365.)f
4366Assuming this is successful,
4367.b $j
4368is set to the fully qualified name
4369and
4370.b $m
4371is set to the domain part of the name
4372(everything after the first dot).
4373The
4374.b $w
4375macro is set to the first word
4376(everything before the first dot)
4377if you have a level 5 or higher configuration file;
4378otherwise, it is set to the same value as
4379.b $j .
4380If the canonification is not successful,
4381it is imperative that the config file set
4382.b $j
4383to the fully qualified domain name\**.
4384.(f
4385\**Older versions of sendmail didn't pre-define
4386.b $j
4387at all, so up until 8.6,
4388config files
4389.i always
4390had to define
4391.b $j .
4392.)f
4393.pp
4394The
4395.b $f
4396macro is the id of the sender
4397as originally determined;
4398when mailing to a specific host
4399the
4400.b $g
4401macro is set to the address of the sender
4402.ul
4403relative to the recipient.
4404For example,
4405if I send to
4406.q bollard@matisse.CS.Berkeley.EDU
4407from the machine
4408.q vangogh.CS.Berkeley.EDU
4409the
4410.b $f
4411macro will be
4412.q eric
4413and the
4414.b $g
4415macro will be
4416.q eric@vangogh.CS.Berkeley.EDU.
4417.pp
4418The
4419.b $x
4420macro is set to the full name of the sender.
4421This can be determined in several ways.
4422It can be passed as flag to
4423.i sendmail .
4424It can be defined in the
4425.sm NAME
4426environment variable.
4427The third choice is the value of the
4428.q Full-Name:
4429line in the header if it exists,
4430and the fourth choice is the comment field
4431of a
4432.q From:
4433line.
4434If all of these fail,
4435and if the message is being originated locally,
4436the full name is looked up in the
4437.i /etc/passwd
4438file.
4439.pp
4440When sending,
4441the
4442.b $h ,
4443.b $u ,
4444and
4445.b $z
4446macros get set to the host, user, and home directory
4447(if local)
4448of the recipient.
4449The first two are set from the
4450.b $@
4451and
4452.b $:
4453part of the rewriting rules, respectively.
4454.pp
4455The
4456.b $p
4457and
4458.b $t
4459macros are used to create unique strings
4460(e.g., for the
4461.q Message-Id:
4462field).
4463The
4464.b $i
4465macro is set to the queue id on this host;
4466if put into the timestamp line
4467it can be extremely useful for tracking messages.
4468The
4469.b $v
4470macro is set to be the version number of
4471.i sendmail ;
4472this is normally put in timestamps
4473and has been proven extremely useful for debugging.
4474.pp
4475The
4476.b $c
4477field is set to the
4478.q "hop count,"
4479i.e., the number of times this message has been processed.
4480This can be determined
4481by the
4482.b \-h
4483flag on the command line
4484or by counting the timestamps in the message.
4485.pp
4486The
4487.b $r
4488and
4489.b $s
4490fields are set to the protocol used to communicate with
4491.i sendmail
4492and the sending hostname.
4493They can be set together using the
4494.b \-p
4495command line flag or separately using the
4496.b \-M
4497or
4498.b \-oM
4499flags.
4500.pp
4501The
4502.b $_
4503is set to a validated sender host name.
4504If the sender is running an RFC 1413 compliant IDENT server
4505and the receiver has the IDENT protocol turned on,
4506it will include the user name on that host.
4507.pp
4508The
4509.b ${client_name} ,
4510.b ${client_addr} ,
4511and
4512.b ${client_port}
4513macros
4514are set to the name, address, and port number of the SMTP client
4515who is invoking
4516.i sendmail
4517as a server.
4518These can be used in the
4519.i check_*
4520rulesets (using the
4521.b $&
4522deferred evaluation form, of course!).
4523.sh 2 "C and F \*- Define Classes"
4524.pp
4525Classes of phrases may be defined
4526to match on the left hand side of rewriting rules,
4527where a
4528.q phrase
4529is a sequence of characters that does not contain space characters.
4530For example
4531a class of all local names for this site
4532might be created
4533so that attempts to send to oneself
4534can be eliminated.
4535These can either be defined directly in the configuration file
4536or read in from another file.
4537Classes are named as a single letter or a word in {braces}.
4538Class names beginning with lower case letters
4539and special characters are reserved for system use.
4540Classes defined in config files may be given names
4541from the set of upper case letters for short names
4542or beginning with an upper case letter for long names.
4543.pp
4544The syntax is:
4545.(b F
4546.b C \c
4547.i c\|phrase1
4548.i phrase2...
4549.br
4550.b F \c
4551.i c\|file
4552.br
4553.b F \c
4554.i c\||program
4555.)b
4556The first form defines the class
4557.i c
4558to match any of the named words.
4559If
4560.i phrase1
4561or
4562.i phrase2
4563is another class,
4564e.g.,
4565.i $=S ,
4566the contents of class
4567.i S
4568are added to class
4569.i c .
4570It is permissible to split them among multiple lines;
4571for example, the two forms:
4572.(b
4573CHmonet ucbmonet
4574.)b
4575and
4576.(b
4577CHmonet
4578CHucbmonet
4579.)b
4580are equivalent.
4581The ``F'' forms
4582read the elements of the class
4583.i c
4584from the named
4585.i file
4586or
4587.i program .
4588Each element should be listed on a separate line.
4589To specify an optional file, use ``-o'' between the class
4590name and the file name, e.g.,
4591.(b
4592Fc -o /path/to/file
4593.)b
4594If the file can't be used,
4595.i sendmail
4596will not complain but silently ignore it.
4597.pp
4598Elements of classes can be accessed in rules using
4599.b $=
4600or
4601.b $~ .
4602The
4603.b $~
4604(match entries not in class)
4605only matches a single word;
4606multi-word entries in the class are ignored in this context.
4607.pp
4608Some classes have internal meaning to
4609.i sendmail :
4610.nr ii 0.5i
4611.\".ip $=b
4612.\"A set of Content-Types that will not have the newline character
4613.\"translated to CR-LF before encoding into base64 MIME.
4614.\"The class can have major times
4615.\"(e.g.,
4616.\".q image )
4617.\"or full types
4618.\"(such as
4619.\".q application/octet-stream ).
4620.\"The class is initialized with
4621.\".q application/octet-stream ,
4622.\".q image ,
4623.\".q audio ,
4624.\"and
4625.\".q video .
4626.ip $=e
4627contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
4628It is predefined to contain
4629.q 7bit ,
4630.q 8bit ,
4631and
4632.q binary .
4633.ip $=k
4634set to be the same as
4635.b $k ,
4636that is, the UUCP node name.
4637.ip $=m
4638set to the set of domains by which this host is known,
4639initially just
4640.b $m .
4641.ip $=n
4642can be set to the set of MIME body types
4643that can never be eight to seven bit encoded.
4644It defaults to
4645.q multipart/signed .
4646Message types
4647.q message/*
4648and
4649.q multipart/*
4650are never encoded directly.
4651Multipart messages are always handled recursively.
4652The handling of message/* messages
4653are controlled by class
4654.b $=s .
4655.ip $=q
4656A set of Content-Types that will never be encoded as base64
4657(if they have to be encoded, they will be encoded as quoted-printable).
4658It can have primary types
4659(e.g.,
4660.q text )
4661or full types
4662(such as
4663.q text/plain ).
4664The class is initialized to have
4665.q text/plain
4666only.
4667.ip $=s
4668contains the set of subtypes of message that can be treated recursively.
4669By default it contains only
4670.q rfc822 .
4671Other
4672.q message/*
4673types cannot be 8\(->7 bit encoded.
4674If a message containing eight bit data is sent to a seven bit host,
4675and that message cannot be encoded into seven bits,
4676it will be stripped to 7 bits.
4677.ip $=t
4678set to the set of trusted users by the
4679.b T
4680configuration line.
4681If you want to read trusted users from a file, use
4682.b Ft \c
4683.i /file/name .
4684.ip $=w
4685set to be the set of all names
4686this host is known by.
4687This can be used to match local hostnames.
4688.ip $={persistentMacros}
4689set to the macros would should be saved across queue runs.
4690Care should be taken when adding macro names to this class.
4691.pp
4692.i Sendmail
4693can be compiled to allow a
4694.i scanf (3)
4695string on the
4696.b F
4697line.
4698This lets you do simplistic parsing of text files.
4699For example, to read all the user names in your system
4700.i /etc/passwd
4701file into a class, use
4702.(b
4703FL/etc/passwd %[^:]
4704.)b
4705which reads every line up to the first colon.
4706.sh 2 "M \*- Define Mailer"
4707.pp
4708Programs and interfaces to mailers
4709are defined in this line.
4710The format is:
4711.(b F
4712.b M \c
4713.i name ,
4714{\c
4715.i field =\c
4716.i value \|}*
4717.)b
4718where
4719.i name
4720is the name of the mailer
4721(used internally only)
4722and the
4723.q field=name
4724pairs define attributes of the mailer.
4725Fields are:
4726.(b
4727.ta 1i
4728Path The pathname of the mailer
4729Flags Special flags for this mailer
4730Sender Rewriting set(s) for sender addresses
4731Recipient Rewriting set(s) for recipient addresses
4732Argv An argument vector to pass to this mailer
4733Eol The end-of-line string for this mailer
4734Maxsize The maximum message length to this mailer
4735maxmessages The maximum message deliveries per connection
4736Linelimit The maximum line length in the message body
4737Directory The working directory for the mailer
4738Userid The default user and group id to run as
4739Nice The nice(2) increment for the mailer
4740Charset The default character set for 8-bit characters
4741Type Type information for DSN diagnostics
4742Wait The maximum time to wait for the mailer
4743/ The root directory for the mailer
4744.)b
4745Only the first character of the field name is checked.
4746.pp
4747The following flags may be set in the mailer description.
4748Any other flags may be used freely
4749to conditionally assign headers to messages
4750destined for particular mailers.
4751Flags marked with \(dg
4752are not interpreted by the
4753.i sendmail
4754binary;
4755these are the conventionally used to correlate to the flags portion
4756of the
4757.b H
4758line.
4759Flags marked with \(dd
4760apply to the mailers for the sender address
4761rather than the usual recipient mailers.
4762.nr ii 4n
4763.ip a
4764Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870).
4765This flag defaults on if the SMTP greeting message includes the word
4766.q ESMTP .
4767.ip A
4768Look up the user part of the address in the alias database.
4769Normally this is only set for local mailers.
4770.ip b
4771Force a blank line on the end of a message.
4772This is intended to work around some stupid versions of
4773/bin/mail
4774that require a blank line, but do not provide it themselves.
4775It would not normally be used on network mail.
4776.ip c
4777Do not include comments in addresses.
4778This should only be used if you have to work around
4779a remote mailer that gets confused by comments.
4780This strips addresses of the form
4781.q "Phrase <address>"
4782or
4783.q "address (Comment)"
4784down to just
4785.q address .
4786.ip C\(dd
4787If mail is
4788.i received
4789from a mailer with this flag set,
4790any addresses in the header that do not have an at sign
4791(\c
4792.q @ )
4793after being rewritten by ruleset three
4794will have the
4795.q @domain
4796clause from the sender envelope address
4797tacked on.
4798This allows mail with headers of the form:
4799.(b
4800From: usera@hosta
4801To: userb@hostb, userc
4802.)b
4803to be rewritten as:
4804.(b
4805From: usera@hosta
4806To: userb@hostb, userc@hosta
4807.)b
4808automatically.
4809However, it doesn't really work reliably.
4810.ip d
4811Do not include angle brackets around route-address syntax addresses.
4812This is useful on mailers that are going to pass addresses to a shell
4813that might interpret angle brackets as I/O redirection.
4814However, it does not protect against other shell metacharacters.
4815Therefore, passing addresses to a shell should not be considered secure.
4816.ip D\(dg
4817This mailer wants a
4818.q Date:
4819header line.
4820.ip e
4821This mailer is expensive to connect to,
4822so try to avoid connecting normally;
4823any necessary connection will occur during a queue run.
4824See also option
4825.b HoldExpensive .
4826.ip E
4827Escape lines beginning with
4828.q From\0
4829in the message with a `>' sign.
4830.ip f
4831The mailer wants a
4832.b \-f
4833.i from
4834flag,
4835but only if this is a network forward operation
4836(i.e.,
4837the mailer will give an error
4838if the executing user
4839does not have special permissions).
4840.ip F\(dg
4841This mailer wants a
4842.q From:
4843header line.
4844.ip g
4845Normally,
4846.i sendmail
4847sends internally generated email (e.g., error messages)
4848using the null return address
4849as required by RFC 1123.
4850However, some mailers don't accept a null return address.
4851If necessary,
4852you can set the
4853.b g
4854flag to prevent
4855.i sendmail
4856from obeying the standards;
4857error messages will be sent as from the MAILER-DAEMON
4858(actually, the value of the
4859.b $n
4860macro).
4861.ip h
4862Upper case should be preserved in host names
4863(the $@ portion of the mailer triplet resolved from ruleset 0)
4864for this mailer.
4865.ip i
4866Do User Database rewriting on envelope sender address.
4867.ip I
4868This mailer will be speaking SMTP
4869to another
4870.i sendmail
4871\*-
4872as such it can use special protocol features.
4873This option is not required
4874(i.e.,
4875if this option is omitted the transmission will still operate successfully,
4876although perhaps not as efficiently as possible).
4877.ip j
4878Do User Database rewriting on recipients as well as senders.
4879.ip k
4880Normally when
4881.i sendmail
4882connects to a host via SMTP,
4883it checks to make sure that this isn't accidently the same host name
4884as might happen if
4885.i sendmail
4886is misconfigured or if a long-haul network interface is set in loopback mode.
4887This flag disables the loopback check.
4888It should only be used under very unusual circumstances.
4889.ip K
4890Currently unimplemented.
4891Reserved for chunking.
4892.ip l
4893This mailer is local
4894(i.e.,
4895final delivery will be performed).
4896.ip L
4897Limit the line lengths as specified in RFC821.
4898This deprecated option should be replaced by the
4899.b L=
4900mail declaration.
4901For historic reasons, the
4902.b L
4903flag also sets the
4904.b 7
4905flag.
4906.ip m
4907This mailer can send to multiple users
4908on the same host
4909in one transaction.
4910When a
4911.b $u
4912macro occurs in the
4913.i argv
4914part of the mailer definition,
4915that field will be repeated as necessary
4916for all qualifying users.
4917Removing this flag can defeat duplicate supression on a remote site
4918as each recipient is sent in a separate transaction.
4919.ip M\(dg
4920This mailer wants a
4921.q Message-Id:
4922header line.
4923.ip n
4924Do not insert a UNIX-style
4925.q From
4926line on the front of the message.
4927.ip o
4928Always run as the owner of the recipient mailbox.
4929Normally
4930.i sendmail
4931runs as the sender for locally generated mail
4932or as
4933.q daemon
4934(actually, the user specified in the
4935.b u
4936option)
4937when delivering network mail.
4938The normal behavior is required by most local mailers,
4939which will not allow the envelope sender address
4940to be set unless the mailer is running as daemon.
4941This flag is ignored if the
4942.b S
4943flag is set.
4944.ip p
4945Use the route-addr style reverse-path in the SMTP
4946.q "MAIL FROM:"
4947command
4948rather than just the return address;
4949although this is required in RFC821 section 3.1,
4950many hosts do not process reverse-paths properly.
4951Reverse-paths are officially discouraged by RFC 1123.
4952.ip P\(dg
4953This mailer wants a
4954.q Return-Path:
4955line.
4956.ip q
4957When an address that resolves to this mailer is verified
4958(SMTP VRFY command),
4959generate 250 responses instead of 252 responses.
4960This will imply that the address is local.
4961.ip r
4962Same as
4963.b f ,
4964but sends a
4965.b \-r
4966flag.
4967.ip R
4968Open SMTP connections from a
4969.q secure
4970port.
4971Secure ports aren't
4972(secure, that is)
4973except on UNIX machines,
4974so it is unclear that this adds anything.
4975.ip s
4976Strip quote characters (" and \e) off of the address
4977before calling the mailer.
4978.ip S
4979Don't reset the userid
4980before calling the mailer.
4981This would be used in a secure environment
4982where
4983.i sendmail
4984ran as root.
4985This could be used to avoid forged addresses.
4986If the
4987.b U=
4988field is also specified,
4989this flag causes the effective user id to be set to that user.
4990.ip u
4991Upper case should be preserved in user names
4992for this mailer.
4993Standards require preservation of case in the local part of addresses,
4994except for those address for which your system accepts responsibility.
4995.ip U
4996This mailer wants UUCP-style
4997.q From
4998lines with the ugly
4999.q "remote from <host>"
5000on the end.
5001.ip w
5002The user must have a valid account on this machine,
5003i.e.,
5004getpwnam
5005must succeed.
5006If not,
5007the mail is bounced.
5008This is required to get
5009.q \&.forward
5010capability.
5011.ip x\(dg
5012This mailer wants a
5013.q Full-Name:
5014header line.
5015.ip X
5016This mailer want to use the hidden dot algorithm
5017as specified in RFC821;
5018basically,
5019any line beginning with a dot
5020will have an extra dot prepended
5021(to be stripped at the other end).
5022This insures that lines in the message containing a dot
5023will not terminate the message prematurely.
5024.ip z
5025Run Local Mail Transfer Protocol (LMTP)
5026between
5027.i sendmail
5028and the local mailer.
5029This is a variant on SMTP
5030defined in RFC 2033
5031that is specifically designed for delivery to a local mailbox.
5032.ip 0
5033Don't look up MX records for hosts sent via SMTP.
5034.ip 3
5035Extend the list of characters converted to =XX notation
5036when converting to Quoted-Printable
5037to include those that don't map cleanly between ASCII and EBCDIC.
5038Useful if you have IBM mainframes on site.
5039.ip 5
5040If no aliases are found for this address,
5041pass the address through ruleset 5 for possible alternate resolution.
5042This is intended to forward the mail to an alternate delivery spot.
5043.ip 6
5044Strip headers to seven bits.
5045.ip 7
5046Strip all output to seven bits.
5047This is the default if the
5048.b L
5049flag is set.
5050Note that clearing this option is not
5051sufficient to get full eight bit data passed through
5052.i sendmail .
5053If the
5054.b 7
5055option is set, this is essentially always set,
5056since the eighth bit was stripped on input.
5057Note that this option will only impact messages
5058that didn't have 8\(->7 bit MIME conversions performed.
5059.ip 8
5060If set,
5061it is acceptable to send eight bit data to this mailer;
5062the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
5063.ip 9
5064If set,
5065do
5066.i limited
50677\(->8 bit MIME conversions.
5068These conversions are limited to text/plain data.
5069.ip :
5070Check addresses to see if they begin
5071.q :include: ;
5072if they do, convert them to the
5073.q *include*
5074mailer.
5075.ip |
5076Check addresses to see if they begin with a `|';
5077if they do, convert them to the
5078.q prog
5079mailer.
5080.ip /
5081Check addresses to see if they begin with a `/';
5082if they do, convert them to the
5083.q *file*
5084mailer.
5085.ip @
5086Look up addresses in the user database.
5087.ip %
5088Do not attempt delivery on initial recipient of a message
5089or on queue runs
5090unless the queued message is selected
5091using one of the -qI/-qR/-qS queue run modifiers
5092or an ETRN request.
5093.pp
5094Configuration files prior to level 6
5095assume the `A', `w', `5', `:', `|', `/', and `@' options
5096on the mailer named
5097.q local .
5098.pp
5099The mailer with the special name
5100.q error
5101can be used to generate a user error.
5102The (optional) host field is an exit status to be returned,
5103and the user field is a message to be printed.
5104The exit status may be numeric or one of the values
5105USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
5106to return the corresponding EX_ exit code,
5107or an enhanced error code as described in RFC 1893,
5108.ul
5109Enhanced Mail System Status Codes.
5110For example, the entry:
5111.(b
5112$#error $@ NOHOST $: Host unknown in this domain
5113.)b
5114on the RHS of a rule
5115will cause the specified error to be generated
5116and the
5117.q "Host unknown"
5118exit status to be returned
5119if the LHS matches.
5120This mailer is only functional in rulesets 0, 5,
5121or one of the check_* rulesets.
5122.pp
5123The mailer with the special name
5124.q discard
5125causes any mail sent to it to be discarded
5126but otherwise treated as though it were successfully delivered.
5127This mailer can not be used in ruleset 0,
5128only in the various address checking rulesets.
5129.pp
5130The mailer named
5131.q local
5132.i must
5133be defined in every configuration file.
5134This is used to deliver local mail,
5135and is treated specially in several ways.
5136Additionally, three other mailers named
5137.q prog ,
5138.q *file* ,
5139and
5140.q *include*
5141may be defined to tune the delivery of messages to programs,
5142files,
5143and :include: lists respectively.
5144They default to:
5145.(b
5146Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
5147M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
5148M*include*, P=/dev/null, F=su, A=INCLUDE $u
5149.)b
5150.pp
5151The Sender and Recipient rewriting sets
5152may either be a simple ruleset id
5153or may be two ids separated by a slash;
5154if so, the first rewriting set is applied to envelope
5155addresses
5156and the second is applied to headers.
5157Setting any value zero disables corresponding mailer-specific rewriting.
5158.pp
5159The Directory
5160is actually a colon-separated path of directories to try.
5161For example, the definition
5162.q D=$z:/
5163first tries to execute in the recipient's home directory;
5164if that is not available,
5165it tries to execute in the root of the filesystem.
5166This is intended to be used only on the
5167.q prog
5168mailer,
5169since some shells (such as
5170.i csh )
5171refuse to execute if they cannot read the home directory.
5172Since the queue directory is not normally readable by unprivileged users
5173.i csh
5174scripts as recipients can fail.
5175.pp
5176The Userid
5177specifies the default user and group id to run as,
5178overriding the
5179.b DefaultUser
5180option (q.v.).
5181If the
5182.b S
5183mailer flag is also specified,
5184this user and group will be set as the
5185effective uid and gid for the process.
5186This may be given as
5187.i user:group
5188to set both the user and group id;
5189either may be an integer or a symbolic name to be looked up
5190in the
5191.i passwd
5192and
5193.i group
5194files respectively.
5195If only a symbolic user name is specified,
5196the group id in the
5197.i passwd
5198file for that user is used as the group id.
5199.pp
5200The Charset field
5201is used when converting a message to MIME;
5202this is the character set used in the
5203Content-Type: header.
5204If this is not set, the
5205.b DefaultCharset
5206option is used,
5207and if that is not set, the value
5208.q unknown-8bit
5209is used.
5210.b WARNING:
5211this field applies to the sender's mailer,
5212not the recipient's mailer.
5213For example, if the envelope sender address
5214lists an address on the local network
5215and the recipient is on an external network,
5216the character set will be set from the Charset= field
5217for the local network mailer,
5218not that of the external network mailer.
5219.pp
5220The Type= field
5221sets the type information
5222used in MIME error messages
5223as defined by
5224RFC 1894.
5225It is actually three values separated by slashes:
5226the MTA-type (that is, the description of how hosts are named),
5227the address type (the description of e-mail addresses),
5228and the diagnostic type (the description of error diagnostic codes).
5229Each of these must be a registered value
5230or begin with
5231.q X\- .
5232The default is
5233.q dns/rfc822/smtp .
5234.pp
5235The m= field specifies the maximum number of messages to attempt to deliver
5236on a single SMTP or LMTP connection.
5237.pp
5238The /= field specifies a new root directory for the mailer. The path is
5239macro expanded and then passed to the
5240.q chroot
5241system call. The root directory is changed before the Directory field is
5242consulted or the uid is changed.
5243.pp
5244The Wait= field specifies the maximum time to wait for the
5245mailer to return after sending all data to it.
5246This applies to mailers that have been forked by
5247.i sendmail .
5248.sh 2 "H \*- Define Header"
5249.pp
5250The format of the header lines that
5251.i sendmail
5252inserts into the message
5253are defined by the
5254.b H
5255line.
5256The syntax of this line is one of the following:
5257.(b F
5258.b H \c
5259.i hname \c
5260.b :
5261.i htemplate
5262.)b
5263.(b F
5264.b H [\c
5265.b ? \c
5266.i mflags \c
5267.b ? \c
5268.b ]\c
5269.i hname \c
5270.b :
5271.i htemplate
5272.)b
5273.(b F
5274.b H [\c
5275.b ? \c
5276.i ${macro} \c
5277.b ? \c
5278.b ]\c
5279.i hname \c
5280.b :
5281.i htemplate
5282.)b
5283Continuation lines in this spec
5284are reflected directly into the outgoing message.
5285The
5286.i htemplate
5287is macro-expanded before insertion into the message.
5288If the
5289.i mflags
5290(surrounded by question marks)
5291are specified,
5292at least one of the specified flags
5293must be stated in the mailer definition
5294for this header to be automatically output.
5295If a
5296.i ${macro}
5297(surrounded by question marks)
5298is specified,
5299the header will be automatically output
5300if the macro is set.
5301The macro may be set using any of the normal methods,
5302including using the
5303.b macro
5304storage map in a ruleset.
5305If one of these headers is in the input
5306it is reflected to the output
5307regardless of these flags or macros.
5308.pp
5309Some headers have special semantics
5310that will be described later.
5311.pp
5312A secondary syntax allows validation of headers as they are being read.
5313To enable validation, use:
5314.(b
5315.b H \c
5316.i Header \c
5317.b ": $>" \c
5318.i Ruleset
5319.b H \c
5320.i Header \c
5321.b ": $>+" \c
5322.i Ruleset
5323.)b
5324The indicated
5325.i Ruleset
5326is called for the specified
5327.i Header ,
5328and can return
5329.b $#error
5330to reject the message or
5331.b $#discard
5332to discard the message
5333(as with the other
5334.b check_ *
5335rulesets).
5336The ruleset receives the header field-body as argument,
5337i.e., not the header field-name; see also
5338${hdr_name} and ${currHeader}.
5339The header is treated as a structured field,
5340that is,
5341text in parentheses is deleted before processing,
5342unless the second form
5343.b $>+
5344is used.
5345Note: only one ruleset can be associated with a header;
5346.i sendmail
5347will silently ignore multiple entries.
5348.pp
5349For example, the configuration lines:
5350.(b
5351HMessage-Id: $>CheckMessageId
5352
5353SCheckMessageId
5354R< $+ @ $+ > $@ OK
5355R$* $#error $: Illegal Message-Id header
5356.)b
5357would refuse any message that had a Message-Id: header of any of the
5358following forms:
5359.(b
5360Message-Id: <>
5361Message-Id: some text
5362Message-Id: <legal text@domain> extra crud
5363.)b
5364A default ruleset that is called for headers which don't have a
5365specific ruleset defined for them can be specified by:
5366.(b
5367.b H \c
5368.i * \c
5369.b ": $>" \c
5370.i Ruleset
5371.)b
5372or
5373.(b
5374.b H \c
5375.i * \c
5376.b ": $>+" \c
5377.i Ruleset
5378.)b
5379.sh 2 "O \*- Set Option"
5380.pp
5381There are a number of
5382global
5383options that
5384can be set from a configuration file.
5385Options are represented by full words;
5386some are also representable as single characters
5387for back compatibility.
5388The syntax of this line is:
5389.(b F
5390.b O \0
5391.i option \c
5392.b = \c
5393.i value
5394.)b
5395This sets option
5396.i option
5397to be
5398.i value .
5399Note that there
5400.i must
5401be a space between the letter `O' and the name of the option.
5402An older version is:
5403.(b F
5404.b O \c
5405.i o\|value
5406.)b
5407where the option
5408.i o
5409is a single character.
5410Depending on the option,
5411.i value
5412may be a string, an integer,
5413a boolean
5414(with legal values
5415.q t ,
5416.q T ,
5417.q f ,
5418or
5419.q F ;
5420the default is TRUE),
5421or
5422a time interval.
5423.pp
5424The options supported (with the old, one character names in brackets) are:
5425.nr ii 1i
5426.ip "AliasFile=\fIspec, spec, ...\fP"
5427[A]
5428Specify possible alias file(s).
5429Each
5430.i spec
5431should be in the format
5432``\c
5433.i class \c
5434.b :
5435.i info ''
5436where
5437.i class \c
5438.b :
5439is optional and defaults to ``implicit''.
5440Depending on how
5441.i sendmail
5442is compiled, valid classes are
5443.q implicit
5444(search through a compiled-in list of alias file types,
5445for back compatibility),
5446.q hash
5447(if
5448.sm NEWDB
5449is specified),
5450.q btree
5451(if
5452.sm NEWDB
5453is specified),
5454.q dbm
5455(if
5456.sm NDBM
5457is specified),
5458.q stab
5459(internal symbol table \*- not normally used
5460unless you have no other database lookup),
5461.q sequence
5462(use a sequence of maps
5463previously declared),
5464.q ldap
5465(if
5466.sm LDAPMAP
5467is specified),
5468or
5469.q nis
5470(if
5471.sm NIS
5472is specified).
5473If a list of
5474.i spec s
5475are provided,
5476.i sendmail
5477searches them in order.
5478.ip AliasWait=\fItimeout\fP
5479[a]
5480If set,
5481wait up to
5482.i timeout
5483(units default to minutes)
5484for an
5485.q @:@
5486entry to exist in the alias database
5487before starting up.
5488If it does not appear in the
5489.i timeout
5490interval
5491rebuild the database
5492(if the
5493.b AutoRebuildAliases
5494option is also set)
5495or issue a warning.
5496.ip AllowBogusHELO
5497[no short name]
5498If set, allow HELO SMTP commands that don't include a host name.
5499Setting this violates RFC 1123 section 5.2.5,
5500but is necessary to interoperate with several SMTP clients.
5501If there is a value, it is still checked for legitimacy.
5502.ip AuthMechanisms
5503[no short name]
5504List of authentication mechanisms for AUTH (separated by spaces).
5505The advertised list of authentication mechanisms will be the
5506intersection of this list and the list of available mechanisms as
5507determined by the Cyrus SASL library.
5508.ip AuthOptions
5509[no short name]
5510When to use the AUTH= parameter for the MAIL FROM command;
5511.(b
5512.ta 1i
5513A Only when authentication succeeded.
5514.)b
5515The default is to try whenever SMTP AUTH is available.
5516.ip AutoRebuildAliases
5517[D]
5518If set,
5519rebuild the alias database if necessary and possible.
5520The rebuild will happen the next time an alias is looked up.
5521If this option is not set,
5522.i sendmail
5523will never rebuild the alias database
5524unless explicitly requested
5525using
5526.b \-bi .
5527.b NOTE :
5528There is a potential for a denial of service attack if this is set.
5529This option is deprecated and
5530will be removed from a future version.
5531.ip BlankSub=\fIc\fP
5532[B]
5533Set the blank substitution character to
5534.i c .
5535Unquoted spaces in addresses are replaced by this character.
5536Defaults to space (i.e., no change is made).
5537.ip CACERTPath
5538[no short name]
5539Path to directory with certificates of CAs.
5540This directory directory must contain the hashes of each CA certificate
5541as filenames (or as links to them).
5542.ip CACERTFile
5543[no short name]
5544File containing one CA certificate.
5545.ip CheckAliases
5546[n]
5547Validate the RHS of aliases when rebuilding the alias database.
5548.ip CheckpointInterval=\fIN\fP
5549[C]
5550Checkpoints the queue every
5551.i N
5552(default 10)
5553addresses sent.
5554If your system crashes during delivery to a large list,
5555this prevents retransmission to any but the last
5556.i N
5557recipients.
5558.ip ClassFactor=\fIfact\fP
5559[z]
5560The indicated
5561.i fact or
5562is multiplied by the message class
5563(determined by the Precedence: field in the user header
5564and the
5565.b P
5566lines in the configuration file)
5567and subtracted from the priority.
5568Thus, messages with a higher Priority: will be favored.
5569Defaults to 1800.
5570.ip ClientCertFile
5571[no short name]
5572File containing the certificate of the client, i.e., this certificate
5573is used when sendmail acts as client.
5574.ip ClientPortOptions=\fIoptions\fP
5575[O]
5576Set client SMTP options.
5577The options are
5578.i key=value
5579pairs separated by commas.
5580Known keys are:
5581.(b
5582.ta 1i
5583Port Name/number of source port for connection (defaults to any free port)
5584Addr Address mask (defaults INADDR_ANY)
5585Family Address family (defaults to INET)
5586SndBufSize Size of TCP send buffer
5587RcvBufSize Size of TCP receive buffer
5588Modifier Options (flags) for the daemon
5589.)b
5590The
5591.i Addr ess
5592mask may be a numeric address in dot notation
5593or a network name.
5594.i Modifier
5595can be the following character:
5596.(b
5597.ta 1i
5598h use name of interface for HELO command
5599.)b
5600If ``h'' is set, the name corresponding to the outgoing interface
5601address (whether chosen via the Connection parameter or
5602the default) is used for the HELO/EHLO command.
5603.ip ClientKeyFile
5604[no short name]
5605File containing the private key belonging to the client certificate.
5606.ip ColonOkInAddr
5607[no short name]
5608If set, colons are acceptable in e-mail addresses
5609(e.g.,
5610.q host:user ).
5611If not set, colons indicate the beginning of a RFC 822 group construct
5612(\c
5613.q "groupname: member1, member2, ... memberN;" ).
5614Doubled colons are always acceptable
5615(\c
5616.q nodename::user )
5617and proper route-addr nesting is understood
5618(\c
5619.q <@relay:user@host> ).
5620Furthermore, this option defaults on if the configuration version level
5621is less than 6 (for back compatibility).
5622However, it must be off for full compatibility with RFC 822.
5623.ip ConnectionCacheSize=\fIN\fP
5624[k]
5625The maximum number of open connections that will be cached at a time.
5626The default is one.
5627This delays closing the current connection until
5628either this invocation of
5629.i sendmail
5630needs to connect to another host
5631or it terminates.
5632Setting it to zero defaults to the old behavior,
5633that is, connections are closed immediately.
5634Since this consumes file descriptors,
5635the connection cache should be kept small:
56364 is probably a practical maximum.
5637.ip ConnectionCacheTimeout=\fItimeout\fP
5638[K]
5639The maximum amount of time a cached connection will be permitted to idle
5640without activity.
5641If this time is exceeded,
5642the connection is immediately closed.
5643This value should be small (on the order of ten minutes).
5644Before
5645.i sendmail
5646uses a cached connection,
5647it always sends a RSET command
5648to check the connection;
5649if this fails, it reopens the connection.
5650This keeps your end from failing if the other end times out.
5651The point of this option is to be a good network neighbor
5652and avoid using up excessive resources
5653on the other end.
5654The default is five minutes.
5655.ip ConnectOnlyTo=\fIaddress\fP
5656[no short name]
5657This can be used to
5658override the connection address (for testing purposes).
5659.ip ConnectionRateThrottle=\fIN\fP
5660[no short name]
5661If set to a positive value,
5662allow no more than
5663.i N
5664incoming daemon connections in a one second period.
5665This is intended to flatten out peaks
5666and allow the load average checking to cut in.
5667Defaults to zero (no limits).
5668.ip ControlSocketName=\fIname\fP
5669[no short name]
5670Name of the control socket for daemon management.
5671A running
5672.i sendmail
5673daemon can be controlled through this named socket.
5674Available commands are:
5675.i help,
5676.i restart,
5677.i shutdown,
5678and
5679.i status.
5680The
5681.i status
5682command returns the current number of daemon children,
5683the maximum number of daemon children,
5684the free disk space (in blocks) of the queue directory,
5685and the load average of the machine expressed as an integer.
5686If not set, no control socket will be available.
5687Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
5688.ip DHParameters
5689File with DH parameters for STARTTLS.
5690This is only required if DSA/DH is used.
5691.ip DaemonPortOptions=\fIoptions\fP
5692[O]
5693Set server SMTP options.
5694Each instance of DaemonPortOptions leads to an additional incoming socket.
5695The options are
5696.i key=value
5697pairs.
5698Known keys are:
5699.(b
5700.ta 1i
5701Name User-definable name for the daemon (defaults to "Daemon#")
5702Port Name/number of listening port (defaults to "smtp")
5703Addr Address mask (defaults INADDR_ANY)
5704Family Address family (defaults to INET)
5705Listen Size of listen queue (defaults to 10)
5706Modifier Options (flags) for the daemon
5707SndBufSize Size of TCP send buffer
5708RcvBufSize Size of TCP receive buffer
5709.)b
5710The
5711.i Name
5712field is used for error messages and logging.
5713The
5714.i Addr ess
5715mask may be a numeric address in dot notation
5716or a network name.
5717The
5718.i Family
5719key defaults to INET (IPv4).
5720IPv6 users who wish to also accept IPv6 connections
5721should add additional Family=inet6 DaemonPortOptions lines.
5722.i Modifier
5723can be a sequence (without any delimiters)
5724of the following characters:
5725.(b
5726.ta 1i
5727a always require authentication
5728b bind to interface through which mail has been received
5729c perform hostname canonification (.cf)
5730f require fully qualified hostname (.cf)
5731u allow unqualified addresses (.cf)
5732C don't perform hostname canonification
5733E disallow ETRN (see RFC 2476)
5734.)b
5735That is, one way to specify a message submission agent (MSA) that
5736always requires authentication is:
5737.(b
5738O DaemonPortOptions=Name=MSA, Port=587, M=Ea
5739.)b
5740The modifiers that are marked with "(.cf)" have only
5741effect in the standard configuration file, in which
5742they are available via
5743.b ${daemon_flags} .
5744Notice: Do
5745.b not
5746use the ``a'' modifier on a public accessible MTA!
5747It should only be used for a MSA that is accessed by authorized
5748users for initial mail submission.
5749Users must authenticate to use a MSA which has this option turned on.
5750The flags ``c'' and ``C'' can change the default for
5751hostname canonification in the
5752.i sendmail.cf
5753file.
5754See the relevant documentation for
5755.sm FEATURE(nocanonify) .
5756The modifier ``f'' disallows addresses of the form
5757.b user@host
5758unless they are submitted directly.
5759The flag ``u'' allows unqualified sender addresses.
5760``b'' forces sendmail to bind to the interface
5761through which the e-mail has been
5762received for the outgoing connection.
5763.b WARNING:
5764Use ``b''
5765only if outgoing mail can be routed through the incoming connection's
5766interface to its destination. No attempt is made to catch problems due to a
5767misconfiguration of this parameter, use it only for virtual hosting
5768where each virtual interface can connect to every possible location.
5769This will also override possible settings via
5770.b ClientPortOptions.
5771Note,
5772.i sendmail
5773will listen on a new socket
5774for each occurence of the DaemonPortOptions option
5775in a configuration file.
5776.ip DefaultAuthInfo
5777[no short name]
5778Filename that contains default authentication information for outgoing
5779connections. This file must contain the user id, the authorization id,
5780the password (plain text), and the realm to use
5781on separate lines and must be readable by
5782root (or the trusted user) only.
5783If no realm is specified,
5784.b $j
5785is used.
5786.ip DefaultCharSet=\fIcharset\fP
5787[no short name]
5788When a message that has 8-bit characters but is not in MIME format
5789is converted to MIME
5790(see the EightBitMode option)
5791a character set must be included in the Content-Type: header.
5792This character set is normally set from the Charset= field
5793of the mailer descriptor.
5794If that is not set, the value of this option is used.
5795If this option is not set, the value
5796.q unknown-8bit
5797is used.
5798.ip DataFileBufferSize=\fIthreshold\fP
5799[no short name]
5800Set the
5801.i threshold ,
5802in bytes,
5803before a memory-based
5804queue data file
5805becomes disk-based.
5806The default is 4096 bytes.
5807.ip DeadLetterDrop=\fIfile\fP
5808[no short name]
5809Defines the location of the system-wide dead.letter file,
5810formerly hardcoded to /usr/tmp/dead.letter.
5811If this option is not set (the default),
5812sendmail will not attempt to save to a system-wide dead.letter file
5813in the event
5814it can not bounce the mail to the user or postmaster.
5815Instead, it will rename the qf file
5816as it has in the past
5817when the dead.letter file could not be opened.
5818.ip DefaultUser=\fIuser:group\fP
5819[u]
5820Set the default userid for mailers to
5821.i user:group .
5822If
5823.i group
5824is omitted and
5825.i user
5826is a user name
5827(as opposed to a numeric user id)
5828the default group listed in the /etc/passwd file for that user is used
5829as the default group.
5830Both
5831.i user
5832and
5833.i group
5834may be numeric.
5835Mailers without the
5836.i S
5837flag in the mailer definition
5838will run as this user.
5839Defaults to 1:1.
5840The value can also be given as a symbolic user name.\**
5841.(f
5842\**The old
5843.b g
5844option has been combined into the
5845.b DefaultUser
5846option.
5847.)f
5848.ip DeliveryMode=\fIx\fP
5849[d]
5850Deliver in mode
5851.i x .
5852Legal modes are:
5853.(b
5854.ta 4n
5855i Deliver interactively (synchronously)
5856b Deliver in background (asynchronously)
5857q Just queue the message (deliver during queue run)
5858d Defer delivery and all map lookups (deliver during queue run)
5859.)b
5860Defaults to ``b'' if no option is specified,
5861``i'' if it is specified but given no argument
5862(i.e., ``Od'' is equivalent to ``Odi'').
5863The
5864.b \-v
5865command line flag sets this to
5866.b i .
5867.ip DialDelay=\fIsleeptime\fP
5868[no short name]
5869Dial-on-demand network connections can see timeouts
5870if a connection is opened before the call is set up.
5871If this is set to an interval and a connection times out
5872on the first connection being attempted
5873.i sendmail
5874will sleep for this amount of time and try again.
5875This should give your system time to establish the connection
5876to your service provider.
5877Units default to seconds, so
5878.q DialDelay=5
5879uses a five second delay.
5880Defaults to zero
5881(no retry).
5882.ip DontBlameSendmail=\fIoption,option,...\fP
5883[no short name]
5884In order to avoid possible cracking attempts
5885caused by world- and group-writable files and directories,
5886.i sendmail
5887does paranoid checking when opening most of its support files.
5888If for some reason you absolutely must run with,
5889for example,
5890a group-writable
5891.i /etc
5892directory,
5893then you will have to turn off this checking
5894(at the cost of making your system more vulnerable to attack).
5895The arguments are individual options that turn off checking:
5896.(b
5897Safe
5898AssumeSafeChown
5899ClassFileInUnsafeDirPath
5900DontWarnForwardFileInUnsafeDirPath
5901ErrorHeaderInUnsafeDirPath
5902FileDeliveryToHardLink
5903FileDeliveryToSymLink
5904ForwardFileInUnsafeDirPath
5905ForwardFileInUnsafeDirPathSafe
5906ForwardFileIngroupWritableDirPath
5907GroupWritableAliasFile
5908GroupWritableDirPathSafe
5909GroupWritableForwardFileSafe
5910GroupWritableIncludeFileSafe
5911HelpFileinUnsafeDirPath
5912IncludeFileInUnsafeDirPath
5913IncludeFileInUnsafeDirPathSafe
5914IncludeFileIngroupWritableDirPath
5915InsufficientEntropy
5916LinkedAliasFileInWritableDir
5917LinkedClassFileInWritableDir
5918LinkedForwardFileInWritableDir
5919LinkedIncludeFileInWritableDir
5920LinkedMapInWritableDir
5921LinkedServiceSwitchFileInWritableDir
5922MapInUnsafeDirPath
5923NonRootSafeAddr
5924RunProgramInUnsafeDirPath
5925RunWritableProgram
5926TrustStickyBit
5927WorldWritableAliasFile
5928WriteMapToHardLink
5929WriteMapToSymLink
5930WriteStatsToHardLink
5931WriteStatsToSymLink
5932.)b
5933.b Safe
5934is the default.
5935The details of these flags are described above.
5936.\"XXX should have more here!!! XXX
5937.b "Use of this option is not recommended."
5938.ip DontExpandCnames
5939[no short name]
5940The standards say that all host addresses used in a mail message
5941must be fully canonical.
5942For example, if your host is named
5943.q Cruft.Foo.ORG
5944and also has an alias of
5945.q FTP.Foo.ORG ,
5946the former name must be used at all times.
5947This is enforced during host name canonification
5948($[ ... $] lookups).
5949If this option is set, the protocols are ignored and the
5950.q wrong
5951thing is done.
5952However, the IETF is moving toward changing this standard,
5953so the behavior may become acceptable.
5954Please note that hosts downstream may still rewrite the address
5955to be the true canonical name however.
5956.ip DontInitGroups
5957[no short name]
5958If set,
5959.i sendmail
5960will avoid using the initgroups(3) call.
5961If you are running NIS,
5962this causes a sequential scan of the groups.byname map,
5963which can cause your NIS server to be badly overloaded in a large domain.
5964The cost of this is that the only group found for users
5965will be their primary group (the one in the password file),
5966which will make file access permissions somewhat more restrictive.
5967Has no effect on systems that don't have group lists.
5968.ip DontProbeInterfaces
5969[no short name]
5970.i Sendmail
5971normally finds the names of all interfaces active on your machine
5972when it starts up
5973and adds their name to the
5974.b $=w
5975class of known host aliases.
5976If you have a large number of virtual interfaces
5977or if your DNS inverse lookups are slow
5978this can be time consuming.
5979This option turns off that probing.
5980However, you will need to be certain to include all variant names
5981in the
5982.b $=w
5983class by some other mechanism.
5984.ip DontPruneRoutes
5985[R]
5986Normally,
5987.i sendmail
5988tries to eliminate any unnecessary explicit routes
5989when sending an error message
5990(as discussed in RFC 1123 \(sc 5.2.6).
5991For example,
5992when sending an error message to
5993.(b
5994<@known1,@known2,@known3:user@unknown>
5995.)b
5996.i sendmail
5997will strip off the
5998.q @known1,@known2
5999in order to make the route as direct as possible.
6000However, if the
6001.b R
6002option is set, this will be disabled,
6003and the mail will be sent to the first address in the route,
6004even if later addresses are known.
6005This may be useful if you are caught behind a firewall.
6006.ip DoubleBounceAddress=\fIerror-address\fP
6007[no short name]
6008If an error occurs when sending an error message,
6009send the error report
6010(termed a
6011.q "double bounce"
6012because it is an error
6013.q bounce
6014that occurs when trying to send another error
6015.q bounce )
6016to the indicated address.
6017The address is macro expanded
6018at the time of delivery.
6019If not set, defaults to
6020.q postmaster .
6021.ip EightBitMode=\fIaction\fP
6022[8]
6023Set handling of eight-bit data.
6024There are two kinds of eight-bit data:
6025that declared as such using the
6026.b BODY=8BITMIME
6027ESMTP declaration or the
6028.b \-B8BITMIME
6029command line flag,
6030and undeclared 8-bit data, that is,
6031input that just happens to be eight bits.
6032There are three basic operations that can happen:
6033undeclared 8-bit data can be automatically converted to 8BITMIME,
6034undeclared 8-bit data can be passed as-is without conversion to MIME
6035(``just send 8''),
6036and declared 8-bit data can be converted to 7-bits
6037for transmission to a non-8BITMIME mailer.
6038The possible
6039.i action s
6040are:
6041.(b
6042.\" r Reject undeclared 8-bit data;
6043.\" don't convert 8BITMIME\(->7BIT (``reject'')
6044 s Reject undeclared 8-bit data (``strict'')
6045.\" do convert 8BITMIME\(->7BIT (``strict'')
6046.\" c Convert undeclared 8-bit data to MIME;
6047.\" don't convert 8BITMIME\(->7BIT (``convert'')
6048 m Convert undeclared 8-bit data to MIME (``mime'')
6049.\" do convert 8BITMIME\(->7BIT (``mime'')
6050.\" j Pass undeclared 8-bit data;
6051.\" don't convert 8BITMIME\(->7BIT (``just send 8'')
6052 p Pass undeclared 8-bit data (``pass'')
6053.\" do convert 8BITMIME\(->7BIT (``pass'')
6054.\" a Adaptive algorithm: see below
6055.)b
6056.\"The adaptive algorithm is to accept 8-bit data,
6057.\"converting it to 8BITMIME only if the receiver understands that,
6058.\"otherwise just passing it as undeclared 8-bit data;
6059.\"8BITMIME\(->7BIT conversions are done.
6060In all cases properly declared 8BITMIME data will be converted to 7BIT
6061as needed.
6062.ip ErrorHeader=\fIfile-or-message\fP
6063[E]
6064Prepend error messages with the indicated message.
6065If it begins with a slash,
6066it is assumed to be the pathname of a file
6067containing a message (this is the recommended setting).
6068Otherwise, it is a literal message.
6069The error file might contain the name, email address, and/or phone number
6070of a local postmaster who could provide assistance
6071to end users.
6072If the option is missing or null,
6073or if it names a file which does not exist or which is not readable,
6074no message is printed.
6075.ip ErrorMode=\fIx\fP
6076[e]
6077Dispose of errors using mode
6078.i x .
6079The values for
6080.i x
6081are:
6082.(b
6083p Print error messages (default)
6084q No messages, just give exit status
6085m Mail back errors
6086w Write back errors (mail if user not logged in)
6087e Mail back errors and give zero exit stat always
6088.)b
6089.ip FallbackMXhost=\fIfallbackhost\fP
6090[V]
6091If specified, the
6092.i fallbackhost
6093acts like a very low priority MX
6094on every host.
6095This is intended to be used by sites with poor network connectivity.
6096Messages which are undeliverable due to temporary address failures
6097(e.g., DNS failure)
6098also go to the FallBackMX host.
6099.ip ForkEachJob
6100[Y]
6101If set,
6102deliver each job that is run from the queue in a separate process.
6103Use this option if you are short of memory,
6104since the default tends to consume considerable amounts of memory
6105while the queue is being processed.
6106.ip ForwardPath=\fIpath\fP
6107[J]
6108Set the path for searching for users' .forward files.
6109The default is
6110.q $z/.forward .
6111Some sites that use the automounter may prefer to change this to
6112.q /var/forward/$u
6113to search a file with the same name as the user in a system directory.
6114It can also be set to a sequence of paths separated by colons;
6115.i sendmail
6116stops at the first file it can successfully and safely open.
6117For example,
6118.q /var/forward/$u:$z/.forward
6119will search first in /var/forward/\c
6120.i username
6121and then in
6122.i ~username /.forward
6123(but only if the first file does not exist).
6124.ip HelpFile=\fIfile\fP
6125[H]
6126Specify the help file
6127for SMTP.
6128If no file name is specified, "helpfile" is used.
6129.ip HoldExpensive
6130[c]
6131If an outgoing mailer is marked as being expensive,
6132don't connect immediately.
6133This requires that queueing be compiled in,
6134since it will depend on a queue run process to
6135actually send the mail.
6136.ip HostsFile=\fIpath\fP
6137[no short name]
6138The path to the hosts database,
6139normally
6140.q /etc/hosts .
6141This option is only consulted when sendmail
6142is canonifying addresses,
6143and then only when
6144.q files
6145is in the
6146.q hosts
6147service switch entry.
6148In particular, this file is
6149.i never
6150used when looking up host addresses;
6151that is under the control of the system
6152.i gethostbyname (3)
6153routine.
6154.ip HostStatusDirectory=\fIpath\fP
6155[no short name]
6156The location of the long term host status information.
6157When set,
6158information about the status of hosts
6159(e.g., host down or not accepting connections)
6160will be shared between all
6161.i sendmail
6162processes;
6163normally, this information is only held within a single queue run.
6164This option requires a connection cache of at least 1 to function.
6165If the option begins with a leading `/',
6166it is an absolute pathname;
6167otherwise,
6168it is relative to the mail queue directory.
6169A suggested value for sites desiring persistent host status is
6170.q \&.hoststat
6171(i.e., a subdirectory of the queue directory).
6172.ip IgnoreDots
6173[i]
6174Ignore dots in incoming messages.
6175This is always disabled (that is, dots are always accepted)
6176when reading SMTP mail.
6177.ip LDAPDefaultSpec=\fIspec\fP
6178[no short name]
6179Sets a default map specification for LDAP maps.
6180The value should only contain LDAP specific settings
6181such as
6182.q "-h host -p port -d bindDN" .
6183The settings will be used for all LDAP maps
6184unless the individual map specification overrides a setting.
6185This option should be set before any LDAP maps are defined.
6186.ip LogLevel=\fIn\fP
6187[L]
6188Set the log level to
6189.i n .
6190Defaults to 9.
6191.ip M\fIx\|value\fP
6192[no long version]
6193Set the macro
6194.i x
6195to
6196.i value .
6197This is intended only for use from the command line.
6198The
6199.b \-M
6200flag is preferred.
6201.ip MatchGECOS
6202[G]
6203Allow fuzzy matching on the GECOS field.
6204If this flag is set,
6205and the usual user name lookups fail
6206(that is, there is no alias with this name and a
6207.i getpwnam
6208fails),
6209sequentially search the password file
6210for a matching entry in the GECOS field.
6211This also requires that MATCHGECOS
6212be turned on during compilation.
6213This option is not recommended.
6214.ip MaxAliasRecursion=\fIN\fP
6215[no short name]
6216The maximum depth of alias recursion (default: 10).
6217.ip MaxDaemonChildren=\fIN\fP
6218[no short name]
6219If set,
6220.i sendmail
6221will refuse connections when it has more than
6222.i N
6223children processing incoming mail or automatic queue runs.
6224This does not limit the number of outgoing connections.
6225If not set, there is no limit to the number of children --
6226that is, the system load averaging controls this.
6227.ip MaxHeadersLength=\fIN\fP
6228[no short name]
6229The maximum length of the sum of all headers.
6230This can be used to prevent a denial of service attack.
6231The default is no limit.
6232.ip MaxHopCount=\fIN\fP
6233[h]
6234The maximum hop count.
6235Messages that have been processed more than
6236.i N
6237times are assumed to be in a loop and are rejected.
6238Defaults to 25.
6239.ip MaxMessageSize=\fIN\fP
6240[no short name]
6241Specify the maximum message size
6242to be advertised in the ESMTP EHLO response.
6243Messages larger than this will be rejected.
6244.ip MaxMimeHeaderLength=\fIN[/M]\fP
6245[no short name]
6246Sets the maximum length of certain MIME header field values
6247to
6248.i N
6249characters.
6250For some of these headers which take parameters,
6251the maximum length of each parameter is set to
6252.i M
6253if specified. If
6254.i /M
6255is not specified, one half of
6256.i N
6257will be used.
6258By default,
6259these values are 0, meaning no checks are done.
6260.ip MaxQueueRunSize=\fIN\fP
6261[no short name]
6262The maximum number of jobs that will be processed
6263in a single queue run.
6264If not set, there is no limit on the size.
6265If you have very large queues or a very short queue run interval
6266this could be unstable.
6267However, since the first
6268.i N
6269jobs in queue directory order are run (rather than the
6270.i N
6271highest priority jobs)
6272this should be set as high as possible to avoid
6273.q losing
6274jobs that happen to fall late in the queue directory.
6275.ip MaxRecipientsPerMessage=\fIN\fP
6276[no short name]
6277The maximum number of recipients that will be accepted per message
6278in an SMTP transaction.
6279Note: setting this too low can interfere with sending mail from
6280MUAs that use SMTP for initial submission.
6281If not set, there is no limit on the number of recipients per envelope.
6282.ip MeToo
6283[m]
6284Send to me too,
6285even if I am in an alias expansion.
6286This option is deprecated
6287and will be removed from a future version.
6288.ip MinFreeBlocks=\fIN\fP
6289[b]
6290Insist on at least
6291.i N
6292blocks free on the filesystem that holds the queue files
6293before accepting email via SMTP.
6294If there is insufficient space
6295.i sendmail
6296gives a 452 response
6297to the MAIL command.
6298This invites the sender to try again later.
6299.ip MinQueueAge=\fIage\fP
6300[no short name]
6301Don't process any queued jobs
6302that have been in the queue less than the indicated time interval.
6303This is intended to allow you to get responsiveness
6304by processing the queue fairly frequently
6305without thrashing your system by trying jobs too often.
6306The default units are minutes.
6307.ip MustQuoteChars=\fIs\fP
6308[no short name]
6309Sets the list of characters that must be quoted if used in a full name
6310that is in the phrase part of a ``phrase <address>'' syntax.
6311The default is ``\'.''.
6312The characters ``@,;:\e()[]'' are always added to this list.
6313.ip NoRecipientAction
6314[no short name]
6315The action to take when you receive a message that has no valid
6316recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
6317the last included for back compatibility with old
6318.i sendmail s).
6319It can be
6320.b None
6321to pass the message on unmodified,
6322which violates the protocol,
6323.b Add-To
6324to add a To: header with any recipients it can find in the envelope
6325(which might expose Bcc: recipients),
6326.b Add-Apparently-To
6327to add an Apparently-To: header
6328(this is only for back-compatibility
6329and is officially deprecated),
6330.b Add-To-Undisclosed
6331to add a header
6332.q "To: undisclosed-recipients:;"
6333to make the header legal without disclosing anything,
6334or
6335.b Add-Bcc
6336to add an empty Bcc: header.
6337.ip OldStyleHeaders
6338[o]
6339Assume that the headers may be in old format,
6340i.e.,
6341spaces delimit names.
6342This actually turns on
6343an adaptive algorithm:
6344if any recipient address contains a comma, parenthesis,
6345or angle bracket,
6346it will be assumed that commas already exist.
6347If this flag is not on,
6348only commas delimit names.
6349Headers are always output with commas between the names.
6350Defaults to off.
6351.ip OperatorChars=\fIcharlist\fP
6352[$o macro]
6353The list of characters that are considered to be
6354.q operators ,
6355that is, characters that delimit tokens.
6356All operator characters are tokens by themselves;
6357sequences of non-operator characters are also tokens.
6358White space characters separate tokens
6359but are not tokens themselves \(em for example,
6360.q AAA.BBB
6361has three tokens, but
6362.q "AAA BBB"
6363has two.
6364If not set, OperatorChars defaults to
6365.q \&.\|:\|@\|[\|] ;
6366additionally, the characters
6367.q (\|)\|<\|>\|,\|;
6368are always operators.
6369Note that OperatorChars must be set in the
6370configuration file before any rulesets.
6371.ip PidFile=\fIfilename\fP
6372[no short name]
6373Filename of the pid file.
6374(default is _PATH_SENDMAILPID).
6375The
6376.i filename
6377is macro-expanded before it is opened.
6378.ip PostmasterCopy=\fIpostmaster\fP
6379[P]
6380If set,
6381copies of error messages will be sent to the named
6382.i postmaster .
6383Only the header of the failed message is sent.
6384Errors resulting from messages with a negative precedence will not be sent.
6385Since most errors are user problems,
6386this is probably not a good idea on large sites,
6387and arguably contains all sorts of privacy violations,
6388but it seems to be popular with certain operating systems vendors.
6389The address is macro expanded
6390at the time of delivery.
6391Defaults to no postmaster copies.
6392.ip PrivacyOptions=\fI\|opt,opt,...\fP
6393[p]
6394Set the privacy
6395.i opt ions.
6396``Privacy'' is really a misnomer;
6397many of these are just a way of insisting on stricter adherence
6398to the SMTP protocol.
6399The
6400.i opt ions
6401can be selected from:
6402.(b
6403.ta \w'needvrfyhelo'u+3n
6404public Allow open access
6405needmailhelo Insist on HELO or EHLO command before MAIL
6406needexpnhelo Insist on HELO or EHLO command before EXPN
6407noexpn Disallow EXPN entirely, implies noverb.
6408needvrfyhelo Insist on HELO or EHLO command before VRFY
6409novrfy Disallow VRFY entirely
6410noetrn Disallow ETRN entirely
6411noverb Disallow VERB entirely
6412restrictmailq Restrict mailq command
6413restrictqrun Restrict \-q command line flag
6414noreceipts Don't return success DSNs\**
6415nobodyreturn Don't return the body of a message with DSNs
6416goaway Disallow essentially all SMTP status queries
6417authwarnings Put X-Authentication-Warning: headers in messages
6418 and log warnings
6419.)b
6420.(f
6421\**N.B.:
6422the
6423.b noreceipts
6424flag turns off support for RFC 1891
6425(Delivery Status Notification).
6426.)f
6427The
6428.q goaway
6429pseudo-flag sets all flags except
6430.q noreceipts ,
6431.q restrictmailq ,
6432.q restrictqrun ,
6433.q noetrn ,
6434and
6435.q nobodyreturn .
6436If mailq is restricted,
6437only people in the same group as the queue directory
6438can print the queue.
6439If queue runs are restricted,
6440only root and the owner of the queue directory
6441can run the queue.
6442Authentication Warnings add warnings about various conditions
6443that may indicate attempts to spoof the mail system,
| 91.rm Ve
92.sp
93For Sendmail Version 8.11
94.)l
95.(f
96Sendmail is a trademark of Sendmail, Inc.
97.)f
98.sp 2
99.pp
100.i Sendmail \u\s-2TM\s0\d
101implements a general purpose internetwork mail routing facility
102under the UNIX\(rg
103operating system.
104It is not tied to any one transport protocol \*-
105its function may be likened to a crossbar switch,
106relaying messages from one domain into another.
107In the process,
108it can do a limited amount of message header editing
109to put the message into a format that is appropriate
110for the receiving domain.
111All of this is done under the control of a configuration file.
112.pp
113Due to the requirements of flexibility
114for
115.i sendmail ,
116the configuration file can seem somewhat unapproachable.
117However, there are only a few basic configurations
118for most sites,
119for which standard configuration files have been supplied.
120Most other configurations
121can be built by adjusting an existing configuration file
122incrementally.
123.pp
124.i Sendmail
125is based on
126RFC821 (Simple Mail Transport Protocol),
127RFC822 (Internet Mail Headers Format),
128RFC974 (MX routing),
129RFC1123 (Internet Host Requirements),
130RFC2045 (MIME),
131RFC1869 (SMTP Service Extensions),
132RFC1652 (SMTP 8BITMIME Extension),
133RFC1870 (SMTP SIZE Extension),
134RFC1891 (SMTP Delivery Status Notifications),
135RFC1892 (Multipart/Report),
136RFC1893 (Enhanced Mail System Status Codes),
137RFC1894 (Delivery Status Notifications),
138RFC1985 (SMTP Service Extension for Remote Message Queue Starting),
139RFC2033 (Local Message Transmission Protocol),
140RFC2034 (SMTP Service Extension for Returning Enhanced Error Codes),
141RFC2476 (Message Submission),
142RFC2487 (SMTP Service Extension for Secure SMTP over TLS),
143and
144RFC2554 (SMTP Service Extension for Authentication).
145However, since
146.i sendmail
147is designed to work in a wider world,
148in many cases it can be configured to exceed these protocols.
149These cases are described herein.
150.pp
151Although
152.i sendmail
153is intended to run
154without the need for monitoring,
155it has a number of features
156that may be used to monitor or adjust the operation
157under unusual circumstances.
158These features are described.
159.pp
160Section one describes how to do a basic
161.i sendmail
162installation.
163Section two
164explains the day-to-day information you should know
165to maintain your mail system.
166If you have a relatively normal site,
167these two sections should contain sufficient information
168for you to install
169.i sendmail
170and keep it happy.
171Section three
172describes some parameters that may be safely tweaked.
173Section four
174has information regarding the command line arguments.
175Section five
176contains the nitty-gritty information about the configuration
177file.
178This section is for masochists
179and people who must write their own configuration file.
180Section six
181describes configuration that can be done at compile time.
182The appendixes give a brief
183but detailed explanation of a number of features
184not described in the rest of the paper.
185.bp 7
186.sh 1 "BASIC INSTALLATION"
187.pp
188There are two basic steps to installing
189.i sendmail .
190First, you have to compile and install the binary.
191If
192.i sendmail
193has already been ported to your operating system
194that should be simple.
195Second, you must build a run-time configuration file.
196This is a file that
197.i sendmail
198reads when it starts up
199that describes the mailers it knows about,
200how to parse addresses,
201how to rewrite the message header,
202and the settings of various options.
203Although the configuration file can be quite complex,
204a configuration can usually be built
205using an M4-based configuration language.
206.pp
207The remainder of this section will describe the installation of
208.i sendmail
209assuming you can use one of the existing configurations
210and that the standard installation parameters are acceptable.
211All pathnames and examples
212are given from the root of the
213.i sendmail
214subtree,
215normally
216.i /usr/src/usr.\*(SD/sendmail
217on 4.4BSD.
218.pp
219If you are loading this off the tape,
220continue with the next section.
221If you have a running binary already on your system,
222you should probably skip to section 1.2.
223.sh 2 "Compiling Sendmail"
224.pp
225All
226.i sendmail
227source is in the
228.i sendmail
229subdirectory.
230To compile sendmail,
231.q cd
232into the
233.i sendmail
234directory and type
235.(b
236\&./Build
237.)b
238This will leave the binary in an appropriately named subdirectory,
239e.g.,
240obj.BSD-OS.2.1.i386.
241It works for multiple object versions
242compiled out of the same directory.
243.sh 3 "Tweaking the Build Invocation"
244.pp
245You can give parameters on the
246.i Build
247command.
248In most cases these are only used when the
249.i obj.*
250directory is first created.
251These commands include:
252.nr ii 0.5i
253.ip "\-L \fIlibdirs\fP"
254A list of directories to search for libraries.
255.ip "\-I \fIincdirs\fP"
256A list of directories to search for include files.
257.ip "\-E \fIenvar\fP=\fIvalue\fP"
258Set an environment variable to an indicated
259.i value
260before compiling.
261.ip "\-c"
262Create a new
263.i obj.*
264tree before running.
265.ip "\-f \fIsiteconfig\fP"
266Read the indicated site configuration file.
267If this parameter is not specified,
268.i Build
269includes
270.i all
271of the files
272.i $BUILDTOOLS/Site/site.$oscf.m4
273and
274.i $BUILDTOOLS/Site/site.config.m4 ,
275where $BUILDTOOLS is normally
276.i \&../devtools
277and $oscf is the same name as used on the
278.i obj.*
279directory.
280See below for a description of the site configuration file.
281.ip "\-S"
282Skip auto-configuration.
283.i Build
284will avoid auto-detecting libraries if this is set.
285All libraries and map definitions must be specified
286in the site configuration file.
287.lp
288Any other parameters are passed to the
289.i make
290program.
291.sh 3 "Creating a Site Configuration File"
292.\"XXX
293.pp
294(This section is not yet complete.
295For now, see the file devtools/README for details.)
296See sendmail/README for various compilation flags that can be set.
297.sh 3 "Tweaking the Makefile"
298.pp
299.\" .b "XXX This should all be in the Site Configuration File section."
300.i Sendmail
301supports two different formats
302for the local (on disk) version of databases,
303notably the
304.i aliases
305database.
306At least one of these should be defined if at all possible.
307.nr ii 1i
308.ip NDBM
309The ``new DBM'' format,
310available on nearly all systems around today.
311This was the preferred format prior to 4.4BSD.
312It allows such complex things as multiple databases
313and closing a currently open database.
314.ip NEWDB
315The Berkeley DB package.
316If you have this, use it.
317It allows
318long records,
319multiple open databases,
320real in-memory caching,
321and so forth.
322You can define this in conjunction with
323.sm NDBM ;
324if you do,
325old alias databases are read,
326but when a new database is created it will be in NEWDB format.
327As a nasty hack,
328if you have NEWDB, NDBM, and NIS defined,
329and if the alias file name includes the substring
330.q /yp/ ,
331.i sendmail
332will create both new and old versions of the alias file
333during a
334.i newalias
335command.
336This is required because the Sun NIS/YP system
337reads the DBM version of the alias file.
338It's ugly as sin,
339but it works.
340.lp
341If neither of these are defined,
342.i sendmail
343reads the alias file into memory on every invocation.
344This can be slow and should be avoided.
345There are also several methods for remote database access:
346.ip NIS
347Sun's Network Information Services (formerly YP).
348.ip NISPLUS
349Sun's NIS+ services.
350.ip NETINFO
351NeXT's NetInfo service.
352.ip HESIOD
353Hesiod service (from Athena).
354.lp
355Other compilation flags are set in conf.h
356and should be predefined for you
357unless you are porting to a new environment.
358.sh 3 "Compilation and installation"
359.pp
360After making the local system configuration described above,
361You should be able to compile and install the system.
362The script
363.q Build
364is the best approach on most systems:
365.(b
366\&./Build
367.)b
368This will use
369.i uname (1)
370to create a custom Makefile for your environment.
371.pp
372If you are installing in the standard places,
373you should be able to install using
374.(b
375\&./Build install
376.)b
377This should install the binary in
378/usr/\*(SD
379and create links from
380/usr/\*(SB/newaliases
381and
382/usr/\*(SB/mailq
383to
384/usr/\*(SD/sendmail.
385On 4.4BSD systems it will also format and install man pages.
386.sh 2 "Configuration Files"
387.pp
388.i Sendmail
389cannot operate without a configuration file.
390The configuration defines the mail delivery mechanisms understood at this site,
391how to access them,
392how to forward email to remote mail systems,
393and a number of tuning parameters.
394This configuration file is detailed
395in the later portion of this document.
396.pp
397The
398.i sendmail
399configuration can be daunting at first.
400The world is complex,
401and the mail configuration reflects that.
402The distribution includes an m4-based configuration package
403that hides a lot of the complexity.
404.pp
405These configuration files are simpler than old versions
406largely because the world has become simpler;
407in particular,
408text-based host files are officially eliminated,
409obviating the need to
410.q hide
411hosts behind a registered internet gateway.
412.pp
413These files also assume that most of your neighbors
414use domain-based UUCP addressing;
415that is,
416instead of naming hosts as
417.q host!user
418they will use
419.q host.domain!user .
420The configuration files can be customized to work around this,
421but it is more complex.
422.pp
423Our configuration files are processed by
424.i m4
425to facilitate local customization;
426the directory
427.i cf
428of the
429.i sendmail
430distribution directory
431contains the source files.
432This directory contains several subdirectories:
433.nr ii 1i
434.ip cf
435Both site-dependent and site-independent descriptions of hosts.
436These can be literal host names
437(e.g.,
438.q ucbvax.mc )
439when the hosts are gateways
440or more general descriptions
441(such as
442.q "generic-solaris2.mc"
443as a general description of an SMTP-connected host
444running Solaris 2.x.
445Files ending
446.b \&.mc
447(``Master Configuration'')
448are the input descriptions;
449the output is in the corresponding
450.b \&.cf
451file.
452The general structure of these files is described below.
453.ip domain
454Site-dependent subdomain descriptions.
455These are tied to the way your organization wants to do addressing.
456For example,
457.b domain/CS.Berkeley.EDU.m4
458is our description for hosts in the CS.Berkeley.EDU subdomain.
459These are referenced using the
460.sm DOMAIN
461.b m4
462macro in the
463.b \&.mc
464file.
465.ip feature
466Definitions of specific features that some particular host in your site
467might want.
468These are referenced using the
469.sm FEATURE
470.b m4
471macro.
472An example feature is
473use_cw_file
474(which tells
475.i sendmail
476to read an /etc/mail/local-host-names file on startup
477to find the set of local names).
478.ip hack
479Local hacks, referenced using the
480.sm HACK
481.b m4
482macro.
483Try to avoid these.
484The point of having them here is to make it clear that they smell.
485.ip m4
486Site-independent
487.i m4 (1)
488include files that have information common to all configuration files.
489This can be thought of as a
490.q #include
491directory.
492.ip mailer
493Definitions of mailers,
494referenced using the
495.sm MAILER
496.b m4
497macro.
498The mailer types that are known in this distribution are
499fax,
500local,
501smtp,
502uucp,
503and usenet.
504For example, to include support for the UUCP-based mailers,
505use
506.q MAILER(uucp) .
507.ip ostype
508Definitions describing various operating system environments
509(such as the location of support files).
510These are referenced using the
511.sm OSTYPE
512.b m4
513macro.
514.ip sh
515Shell files used by the
516.b m4
517build process.
518You shouldn't have to mess with these.
519.ip siteconfig
520Local UUCP connectivity information.
521This directory has been supplanted by the mailertable feature;
522any new configurations should use that feature to do UUCP
523(and other) routing.
524.pp
525If you are in a new domain
526(e.g., a company),
527you will probably want to create a
528cf/domain
529file for your domain.
530This consists primarily of relay definitions
531and features you want enabled site-wide:
532for example, Berkeley's domain definition
533defines relays for
534BitNET
535and UUCP.
536These are specific to Berkeley,
537and should be fully-qualified internet-style domain names.
538Please check to make certain they are reasonable for your domain.
539.pp
540Subdomains at Berkeley are also represented in the
541cf/domain
542directory.
543For example,
544the domain
545CS.Berkeley.EDU
546is the Computer Science subdomain,
547EECS.Berkeley.EDU
548is the Electrical Engineering and Computer Sciences subdomain,
549and
550S2K.Berkeley.EDU
551is the Sequoia 2000 subdomain.
552You will probably have to add an entry to this directory
553to be appropriate for your domain.
554.pp
555You will have to use or create
556.b \&.mc
557files in the
558.i cf/cf
559subdirectory for your hosts.
560This is detailed in the
561cf/README
562file.
563.sh 2 "Details of Installation Files"
564.pp
565This subsection describes the files that
566comprise the
567.i sendmail
568installation.
569.sh 3 "/usr/\*(SD/sendmail"
570.pp
571The binary for
572.i sendmail
573is located in /usr/\*(SD\**.
574.(f
575\**This is usually
576/usr/sbin
577on 4.4BSD and newer systems;
578many systems install it in
579/usr/lib.
580I understand it is in /usr/ucblib
581on System V Release 4.
582.)f
583It should be setuid root.
584For security reasons,
585/, /usr, and /usr/\*(SD
586should be owned by root, mode 755\**.
587.(f
588\**Some vendors ship them owned by bin;
589this creates a security hole that is not actually related to
590.i sendmail .
591Other important directories that should have restrictive ownerships
592and permissions are
593/bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
594.)f
595.sh 3 "/etc/mail/sendmail.cf"
596.pp
597This is the configuration file for
598.i sendmail \**.
599.(f
600\**Actually, the pathname varies depending on the operating system;
601/etc/mail is the preferred directory.
602Some older systems install it in
603.b /usr/lib/sendmail.cf ,
604and I've also seen it in
605.b /usr/ucblib .
606If you want to move this file,
607add -D_PATH_SENDMAILCF=\e"/file/name\e"
608to the flags passed to the C compiler.
609Moving this file is not recommended:
610other programs and scripts know of this location.
611.)f
612This is the only non-library file name compiled into
613.i sendmail \**.
614.(f
615\**The system libraries can reference other files;
616in particular, system library subroutines that
617.i sendmail
618calls probably reference
619.i /etc/passwd
620and
621.i /etc/resolv.conf .
622.)f
623.pp
624The configuration file is normally created
625using the distribution files described above.
626If you have a particularly unusual system configuration
627you may need to create a special version.
628The format of this file is detailed in later sections
629of this document.
630.sh 3 "/usr/\*(SB/newaliases"
631.pp
632The
633.i newaliases
634command should just be a link to
635.i sendmail :
636.(b
637rm \-f /usr/\*(SB/newaliases
638ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
639.)b
640This can be installed in whatever search path you prefer
641for your system.
642.sh 3 "/usr/\*(SB/hoststat"
643.pp
644The
645.i hoststat
646command should just be a link to
647.i sendmail ,
648in a fashion similar to
649.i newaliases .
650This command lists the status of the last mail transaction
651with all remote hosts. The
652.b \-v
653flag will prevent the status display from being truncated.
654It functions only when the
655.b HostStatusDirectory
656option is set.
657.sh 3 "/usr/\*(SB/purgestat"
658.pp
659This command is also a link to
660.i sendmail .
661It flushes expired (Timeout.hoststatus) information that is stored in the
662.b HostStatusDirectory
663tree.
664.sh 3 "/var/spool/mqueue"
665.pp
666The directory
667.i /var/spool/mqueue
668should be created to hold the mail queue.
669This directory should be mode 700
670and owned by root.
671.pp
672The actual path of this directory
673is defined in the
674.b Q
675option of the
676.i sendmail.cf
677file.
678To use multiple queues,
679supply a value ending with an asterisk.
680For example,
681.i /var/spool/mqueue/qd*
682will use all of the directories or symbolic links to directories
683beginning with `qd' in
684.i /var/spool/mqueue
685as queue directories.
686Do not change the queue directory structure
687while sendmail is running.
688.pp
689If these directories have subdirectories or symbolic links to directories
690named `qf', `df', and `xf', then these will be used for the different
691queue file types.
692That is, the data files are stored in the `df' subdirectory,
693the transcript files are stored in the `xf' subdirectory, and
694all others are stored in the `qf' subdirectory.
695.sh 3 "/var/spool/mqueue/.hoststat"
696.pp
697This is a typical value for the
698.b HostStatusDirectory
699option,
700containing one file per host
701that this sendmail has chatted with recently.
702It is normally a subdirectory of
703.i mqueue .
704.sh 3 "/etc/mail/aliases*"
705.pp
706The system aliases are held in
707.q /etc/mail/aliases .
708A sample is given in
709.q sendmail/aliases
710which includes some aliases which
711.i must
712be defined:
713.(b
714cp lib/aliases /etc/mail/aliases
715.i "edit /etc/mail/aliases"
716.)b
717You should extend this file with any aliases that are apropos to your system.
718.pp
719Normally
720.i sendmail
721looks at a database version of the files,
722stored either in
723.q /etc/mail/aliases.dir
724and
725.q /etc/mail/aliases.pag
726or
727.q /etc/mail/aliases.db
728depending on which database package you are using.
729The actual path of this file
730is defined in the
731.b AliasFile
732option of the
733.i sendmail.cf
734file.
735.sh 3 "/etc/rc or /etc/init.d/sendmail"
736.pp
737It will be necessary to start up the
738.i sendmail
739daemon when your system reboots.
740This daemon performs two functions:
741it listens on the SMTP socket for connections
742(to receive mail from a remote system)
743and it processes the queue periodically
744to insure that mail gets delivered when hosts come up.
745.pp
746Add the following lines to
747.q /etc/rc
748(or
749.q /etc/rc.local
750as appropriate)
751in the area where it is starting up the daemons
752on a BSD-base system,
753or on a System-V-based system
754in one of the startup files, typically
755.q /etc/init.d/sendmail :
756.(b
757if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
758 (cd /var/spool/mqueue; rm \-f [lnx]f*)
759 /usr/\*(SD/sendmail \-bd \-q30m &
760 echo \-n ' sendmail' >/dev/console
761fi
762.)b
763The
764.q cd
765and
766.q rm
767commands insure that all lock files have been removed;
768extraneous lock files may be left around
769if the system goes down in the middle of processing a message.
770The line that actually invokes
771.i sendmail
772has two flags:
773.q \-bd
774causes it to listen on the SMTP port,
775and
776.q \-q30m
777causes it to run the queue every half hour.
778.pp
779Some people use a more complex startup script,
780removing zero length qf files and df files for which there is no qf file.
781For example, see Figure 1
782for an example of a complex script which does this clean up.
783.(z
784.hl
785#!/bin/sh
786# remove zero length qf files
787for qffile in qf*
788do
789 if [ \-r $qffile ]
790 then
791 if [ ! \-s $qffile ]
792 then
793 echo \-n " <zero: $qffile>" > /dev/console
794 rm \-f $qffile
795 fi
796 fi
797done
798# rename tf files to be qf if the qf does not exist
799for tffile in tf*
800do
801 qffile=`echo $tffile | sed 's/t/q/'`
802 if [ \-r $tffile \-a ! \-f $qffile ]
803 then
804 echo \-n " <recovering: $tffile>" > /dev/console
805 mv $tffile $qffile
806 else
807 if [ \-f $tffile ]
808 then
809 echo \-n " <extra: $tffile>" > /dev/console
810 rm \-f $tffile
811 fi
812 fi
813done
814# remove df files with no corresponding qf files
815for dffile in df*
816do
817 qffile=`echo $dffile | sed 's/d/q/'`
818 if [ \-r $dffile \-a ! \-f $qffile ]
819 then
820 echo \-n " <incomplete: $dffile>" > /dev/console
821 mv $dffile `echo $dffile | sed 's/d/D/'`
822 fi
823done
824# announce files that have been saved during disaster recovery
825for xffile in [A-Z]f*
826do
827 if [ \-f $xffile ]
828 then
829 echo \-n " <panic: $xffile>" > /dev/console
830 fi
831done
832.sp
833.ce
834Figure 1 \(em A complex startup script
835.hl
836.)z
837.pp
838If you are not running a version of UNIX
839that supports Berkeley TCP/IP,
840do not include the
841.b \-bd
842flag.
843.sh 3 "/etc/mail/helpfile"
844.pp
845This is the help file used by the SMTP
846.b HELP
847command.
848It should be copied from
849.q sendmail/helpfile :
850.(b
851cp sendmail/helpfile /etc/mail/helpfile
852.)b
853The actual path of this file
854is defined in the
855.b HelpFile
856option of the
857.i sendmail.cf
858file.
859.sh 3 "/etc/mail/statistics"
860.pp
861If you wish to collect statistics
862about your mail traffic,
863you should create the file
864.q /etc/mail/statistics :
865.(b
866cp /dev/null /etc/mail/statistics
867chmod 644 /etc/mail/statistics
868.)b
869This file does not grow.
870It is printed with the program
871.q mailstats/mailstats.c.
872The actual path of this file
873is defined in the
874.b S
875option of the
876.i sendmail.cf
877file.
878.sh 3 "/usr/\*(SB/mailq"
879.pp
880If
881.i sendmail
882is invoked as
883.q mailq,
884it will simulate the
885.b \-bp
886flag
887(i.e.,
888.i sendmail
889will print the contents of the mail queue;
890see below).
891This should be a link to /usr/\*(SD/sendmail.
892.sh 1 "NORMAL OPERATIONS"
893.sh 2 "The System Log"
894.pp
895The system log is supported by the
896.i syslogd \|(8)
897program.
898All messages from
899.i sendmail
900are logged under the
901.sm LOG_MAIL
902facility\**.
903.(f
904\**Except on Ultrix,
905which does not support facilities in the syslog.
906.)f
907.sh 3 "Format"
908.pp
909Each line in the system log
910consists of a timestamp,
911the name of the machine that generated it
912(for logging from several machines
913over the local area network),
914the word
915.q sendmail: ,
916and a message\**.
917.(f
918\**This format may vary slightly if your vendor has changed
919the syntax.
920.)f
921Most messages are a sequence of
922.i name \c
923=\c
924.i value
925pairs.
926.pp
927The two most common lines are logged when a message is processed.
928The first logs the receipt of a message;
929there will be exactly one of these per message.
930Some fields may be omitted if they do not contain interesting information.
931Fields are:
932.ip from
933The envelope sender address.
934.ip size
935The size of the message in bytes.
936.ip class
937The class (i.e., numeric precedence) of the message.
938.ip pri
939The initial message priority (used for queue sorting).
940.ip nrcpts
941The number of envelope recipients for this message
942(after aliasing and forwarding).
943.ip msgid
944The message id of the message (from the header).
945.ip proto
946The protocol used to receive this message (e.g., ESMTP or UUCP)
947.ip daemon
948The daemon name from the
949.b DaemonPortOptions
950setting.
951.ip relay
952The machine from which it was received.
953.lp
954There is also one line logged per delivery attempt
955(so there can be several per message if delivery is deferred
956or there are multiple recipients).
957Fields are:
958.ip to
959A comma-separated list of the recipients to this mailer.
960.ip ctladdr
961The ``controlling user'', that is, the name of the user
962whose credentials we use for delivery.
963.ip delay
964The total delay between the time this message was received
965and the current delivery attempt.
966.ip xdelay
967The amount of time needed in this delivery attempt
968(normally indicative of the speed of the connection).
969.ip mailer
970The name of the mailer used to deliver to this recipient.
971.ip relay
972The name of the host that actually accepted (or rejected) this recipient.
973.ip dsn
974The enhanced error code (RFC2034) if available.
975.ip stat
976The delivery status.
977.lp
978Not all fields are present in all messages;
979for example, the relay is not listed for local deliveries.
980.sh 3 "Levels"
981.pp
982If you have
983.i syslogd \|(8)
984or an equivalent installed,
985you will be able to do logging.
986There is a large amount of information that can be logged.
987The log is arranged as a succession of levels.
988At the lowest level
989only extremely strange situations are logged.
990At the highest level,
991even the most mundane and uninteresting events
992are recorded for posterity.
993As a convention,
994log levels under ten
995are considered generally
996.q useful;
997log levels above 64
998are reserved for debugging purposes.
999Levels from 11\-64 are reserved for verbose information
1000that some sites might want.
1001.pp
1002A complete description of the log levels
1003is given in section
1004.\" XREF
10054.6.
1006.sh 2 "Dumping State"
1007.pp
1008You can ask
1009.i sendmail
1010to log a dump of the open files
1011and the connection cache
1012by sending it a
1013.sm SIGUSR1
1014signal.
1015The results are logged at
1016.sm LOG_DEBUG
1017priority.
1018.sh 2 "The Mail Queue"
1019.pp
1020Sometimes a host cannot handle a message immediately.
1021For example, it may be down or overloaded, causing it to refuse connections.
1022The sending host is then expected to save this message in
1023its mail queue
1024and attempt to deliver it later.
1025.pp
1026Under normal conditions the mail queue will be processed transparently.
1027However, you may find that manual intervention is sometimes necessary.
1028For example,
1029if a major host is down for a period of time
1030the queue may become clogged.
1031Although
1032.i sendmail
1033ought to recover gracefully when the host comes up,
1034you may find performance unacceptably bad in the meantime.
1035.sh 3 "Printing the queue"
1036.pp
1037The contents of the queue can be printed
1038using the
1039.i mailq
1040command
1041(or by specifying the
1042.b \-bp
1043flag to
1044.i sendmail ):
1045.(b
1046mailq
1047.)b
1048This will produce a listing of the queue id's,
1049the size of the message,
1050the date the message entered the queue,
1051and the sender and recipients.
1052.sh 3 "Forcing the queue"
1053.pp
1054.i Sendmail
1055should run the queue automatically
1056at intervals.
1057When using multiple queues,
1058a separate process will be created to
1059run each of the queues
1060unless the queue run is initiated by a user
1061with the verbose flag.
1062The algorithm is to read and sort the queue,
1063and then to attempt to process all jobs in order.
1064When it attempts to run the job,
1065.i sendmail
1066first checks to see if the job is locked.
1067If so, it ignores the job.
1068.pp
1069There is no attempt to insure that only one queue processor
1070exists at any time,
1071since there is no guarantee that a job cannot take forever
1072to process
1073(however,
1074.i sendmail
1075does include heuristics to try to abort jobs
1076that are taking absurd amounts of time;
1077technically, this violates RFC 821, but is blessed by RFC 1123).
1078Due to the locking algorithm,
1079it is impossible for one job to freeze the entire queue.
1080However,
1081an uncooperative recipient host
1082or a program recipient
1083that never returns
1084can accumulate many processes in your system.
1085Unfortunately,
1086there is no completely general way to solve this.
1087.pp
1088In some cases,
1089you may find that a major host going down
1090for a couple of days
1091may create a prohibitively large queue.
1092This will result in
1093.i sendmail
1094spending an inordinate amount of time
1095sorting the queue.
1096This situation can be fixed by moving the queue to a temporary place
1097and creating a new queue.
1098The old queue can be run later when the offending host returns to service.
1099.pp
1100To do this,
1101it is acceptable to move the entire queue directory:
1102.(b
1103cd /var/spool
1104mv mqueue omqueue; mkdir mqueue; chmod 700 mqueue
1105.)b
1106You should then kill the existing daemon
1107(since it will still be processing in the old queue directory)
1108and create a new daemon.
1109.pp
1110To run the old mail queue,
1111run the following command:
1112.(b
1113/usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
1114.)b
1115The
1116.b \-oQ
1117flag specifies an alternate queue directory
1118and the
1119.b \-q
1120flag says to just run every job in the queue.
1121If you have a tendency toward voyeurism,
1122you can use the
1123.b \-v
1124flag to watch what is going on.
1125.pp
1126When the queue is finally emptied,
1127you can remove the directory:
1128.(b
1129rmdir /var/spool/omqueue
1130.)b
1131.sh 2 "Disk Based Connection Information"
1132.pp
1133.i Sendmail
1134stores a large amount of information about each remote system it
1135has connected to in memory. It is now possible to preserve some
1136of this information on disk as well, by using the
1137.b HostStatusDirectory
1138option, so that it may be shared between several invocations of
1139.i sendmail .
1140This allows mail to be queued immediately or skipped during a queue run if
1141there has been a recent failure in connecting to a remote machine.
1142.pp
1143Additionally enabling
1144.b SingleThreadDelivery
1145has the added effect of single-threading mail delivery to a destination.
1146This can be quite helpful
1147if the remote machine is running an SMTP server that is easily overloaded
1148or cannot accept more than a single connection at a time,
1149but can cause some messages to be punted to a future queue run.
1150It also applies to
1151.i all
1152hosts, so setting this because you have one machine on site
1153that runs some software that is easily overrun
1154can cause mail to other hosts to be slowed down.
1155If this option is set,
1156you probably want to set the
1157.b MinQueueAge
1158option as well and run the queue fairly frequently;
1159this way jobs that are skipped because another
1160.i sendmail
1161is talking to the same host will be tried again quickly
1162rather than being delayed for a long time.
1163.pp
1164The disk based host information is stored in a subdirectory of the
1165.b mqueue
1166directory called
1167.b \&.hoststat \**.
1168.(f
1169\**This is the usual value of the
1170.b HostStatusDirectory
1171option;
1172it can, of course, go anywhere you like in your filesystem.
1173.)f
1174Removing this directory and its subdirectories has an effect similar to
1175the
1176.i purgestat
1177command and is completely safe.
1178However,
1179.i purgestat
1180only removes expired (Timeout.hoststatus) data.
1181The information in these directories can
1182be perused with the
1183.i hoststat
1184command, which will indicate the host name, the last access, and the
1185status of that access.
1186An asterisk in the left most column indicates that a
1187.i sendmail
1188process currently has the host locked for mail delivery.
1189.pp
1190The disk based connection information is treated the same way as memory based
1191connection information for the purpose of timeouts.
1192By default, information about host failures is valid for 30 minutes.
1193This can be adjusted with
1194the
1195.b Timeout.hoststatus
1196option.
1197.pp
1198The connection information stored on disk may be expired at any time
1199with the
1200.i purgestat
1201command or by invoking sendmail with the
1202.b \-bH
1203switch.
1204The connection information may be viewed with the
1205.i hoststat
1206command or by invoking sendmail with the
1207.b \-bh
1208switch.
1209.sh 2 "The Service Switch"
1210.pp
1211The implementation of certain system services
1212such as host and user name lookup
1213is controlled by the service switch.
1214If the host operating system supports such a switch,
1215and sendmail knows about it,
1216.i sendmail
1217will use the native version.
1218Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**.
1219.(f
1220\**HP-UX 10 has service switch support,
1221but since the APIs are apparently not available in the libraries
1222.i sendmail
1223does not use the native service switch in this release.
1224.)f
1225.pp
1226If the underlying operating system does not support a service switch
1227(e.g., SunOS 4.X, HP-UX, BSD)
1228then
1229.i sendmail
1230will provide a stub implementation.
1231The
1232.b ServiceSwitchFile
1233option points to the name of a file that has the service definitions.
1234Each line has the name of a service
1235and the possible implementations of that service.
1236For example, the file:
1237.(b
1238hosts dns files nis
1239aliases files nis
1240.)b
1241will ask
1242.i sendmail
1243to look for hosts in the Domain Name System first.
1244If the requested host name is not found,
1245it tries local files,
1246and if that fails it tries NIS.
1247Similarly,
1248when looking for aliases
1249it will try the local files first
1250followed by NIS.
1251.pp
1252Service switches are not completely integrated.
1253For example, despite the fact that the host entry listed in the above example
1254specifies to look in NIS,
1255on SunOS this won't happen because the system implementation of
1256.i gethostbyname \|(3)
1257doesn't understand this.
1258If there is enough demand
1259.i sendmail
1260may reimplement
1261.i gethostbyname \|(3),
1262.i gethostbyaddr \|(3),
1263.i getpwent \|(3),
1264and the other system routines that would be necessary
1265to make this work seamlessly.
1266.sh 2 "The Alias Database"
1267.pp
1268After recipient addresses are read from the SMTP connection
1269or command line
1270they are parsed by ruleset 0,
1271which must resolve to a
1272{\c
1273.i mailer ,
1274.i host ,
1275.i address }
1276triple.
1277If the flags selected by the
1278.i mailer
1279include the
1280.b A
1281(aliasable) flag,
1282the
1283.i address
1284part of the triple is looked up as the key
1285(i.e., the left hand side)
1286into the alias database.
1287If there is a match, the address is deleted from the send queue
1288and all addresses on the right hand side of the alias
1289are added in place of the alias that was found.
1290This is a recursive operation,
1291so aliases found in the right hand side of the alias
1292are similarly expanded.
1293.pp
1294The alias database exists in two forms.
1295One is a text form,
1296maintained in the file
1297.i /etc/mail/aliases.
1298The aliases are of the form
1299.(b
1300name: name1, name2, ...
1301.)b
1302Only local names may be aliased;
1303e.g.,
1304.(b
1305eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
1306.)b
1307will not have the desired effect
1308(except on prep.ai.MIT.EDU,
1309and they probably don't want me)\**.
1310.(f
1311\**Actually, any mailer that has the `A' mailer flag set
1312will permit aliasing;
1313this is normally limited to the local mailer.
1314.)f
1315Aliases may be continued by starting any continuation lines
1316with a space or a tab or by putting a backslash directly before
1317the newline.
1318Blank lines and lines beginning with a sharp sign
1319(\c
1320.q # )
1321are comments.
1322.pp
1323The second form is processed by the
1324.i ndbm \|(3)\**
1325.(f
1326\**The
1327.i gdbm
1328package does not work.
1329.)f
1330or the Berkeley DB library.
1331This form is in the file
1332.i /etc/mail/aliases.db
1333(if using NEWDB)
1334or
1335.i /etc/mail/aliases.dir
1336and
1337.i /etc/mail/aliases.pag
1338(if using NDBM).
1339This is the form that
1340.i sendmail
1341actually uses to resolve aliases.
1342This technique is used to improve performance.
1343.pp
1344The control of search order is actually set by the service switch.
1345Essentially, the entry
1346.(b
1347O AliasFile=switch:aliases
1348.)b
1349is always added as the first alias entry;
1350also, the first alias file name without a class
1351(e.g., without
1352.q nis:
1353on the front)
1354will be used as the name of the file for a ``files'' entry
1355in the aliases switch.
1356For example, if the configuration file contains
1357.(b
1358O AliasFile=/etc/mail/aliases
1359.)b
1360and the service switch contains
1361.(b
1362aliases nis files nisplus
1363.)b
1364then aliases will first be searched in the NIS database,
1365then in /etc/mail/aliases,
1366then in the NIS+ database.
1367.pp
1368You can also use
1369.sm NIS -based
1370alias files.
1371For example, the specification:
1372.(b
1373O AliasFile=/etc/mail/aliases
1374O AliasFile=nis:mail.aliases@my.nis.domain
1375.)b
1376will first search the /etc/mail/aliases file
1377and then the map named
1378.q mail.aliases
1379in
1380.q my.nis.domain .
1381Warning: if you build your own
1382.sm NIS -based
1383alias files,
1384be sure to provide the
1385.b \-l
1386flag to
1387.i makedbm (8)
1388to map upper case letters in the keys to lower case;
1389otherwise, aliases with upper case letters in their names
1390won't match incoming addresses.
1391.pp
1392Additional flags can be added after the colon
1393exactly like a
1394.b K
1395line \(em for example:
1396.(b
1397O AliasFile=nis:\-N mail.aliases@my.nis.domain
1398.)b
1399will search the appropriate NIS map and always include null bytes in the key.
1400Also:
1401.(b
1402O AliasFile=nis:\-f mail.aliases@my.nis.domain
1403.)b
1404will prevent sendmail from downcasing the key before the alias lookup.
1405.sh 3 "Rebuilding the alias database"
1406.pp
1407The
1408.i hash
1409or
1410.i dbm
1411version of the database
1412may be rebuilt explicitly by executing the command
1413.(b
1414newaliases
1415.)b
1416This is equivalent to giving
1417.i sendmail
1418the
1419.b \-bi
1420flag:
1421.(b
1422/usr/\*(SD/sendmail \-bi
1423.)b
1424.pp
1425If the
1426.b RebuildAliases
1427(old
1428.b D )
1429option is specified in the configuration,
1430.i sendmail
1431will rebuild the alias database automatically
1432if possible
1433when it is out of date.
1434Auto-rebuild can be dangerous
1435on heavily loaded machines
1436with large alias files;
1437if it might take more than the rebuild timeout
1438(option
1439.b AliasWait ,
1440old
1441.b a ,
1442which is normally five minutes)
1443to rebuild the database,
1444there is a chance that several processes will start the rebuild process
1445simultaneously.
1446.pp
1447If you have multiple aliases databases specified,
1448the
1449.b \-bi
1450flag rebuilds all the database types it understands
1451(for example, it can rebuild NDBM databases but not NIS databases).
1452.sh 3 "Potential problems"
1453.pp
1454There are a number of problems that can occur
1455with the alias database.
1456They all result from a
1457.i sendmail
1458process accessing the DBM version
1459while it is only partially built.
1460This can happen under two circumstances:
1461One process accesses the database
1462while another process is rebuilding it,
1463or the process rebuilding the database dies
1464(due to being killed or a system crash)
1465before completing the rebuild.
1466.pp
1467Sendmail has three techniques to try to relieve these problems.
1468First, it ignores interrupts while rebuilding the database;
1469this avoids the problem of someone aborting the process
1470leaving a partially rebuilt database.
1471Second,
1472it locks the database source file during the rebuild \(em
1473but that may not work over NFS or if the file is unwritable.
1474Third,
1475at the end of the rebuild
1476it adds an alias of the form
1477.(b
1478@: @
1479.)b
1480(which is not normally legal).
1481Before
1482.i sendmail
1483will access the database,
1484it checks to insure that this entry exists\**.
1485.(f
1486\**The
1487.b AliasWait
1488option is required in the configuration
1489for this action to occur.
1490This should normally be specified.
1491.)f
1492.sh 3 "List owners"
1493.pp
1494If an error occurs on sending to a certain address,
1495say
1496.q \fIx\fP ,
1497.i sendmail
1498will look for an alias
1499of the form
1500.q owner-\fIx\fP
1501to receive the errors.
1502This is typically useful
1503for a mailing list
1504where the submitter of the list
1505has no control over the maintenance of the list itself;
1506in this case the list maintainer would be the owner of the list.
1507For example:
1508.(b
1509unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
1510 sam@matisse
1511owner-unix-wizards: unix-wizards-request
1512unix-wizards-request: eric@ucbarpa
1513.)b
1514would cause
1515.q eric@ucbarpa
1516to get the error that will occur
1517when someone sends to
1518unix-wizards
1519due to the inclusion of
1520.q nosuchuser
1521on the list.
1522.pp
1523List owners also cause the envelope sender address to be modified.
1524The contents of the owner alias are used if they point to a single user,
1525otherwise the name of the alias itself is used.
1526For this reason, and to obey Internet conventions,
1527the
1528.q owner-
1529address normally points at the
1530.q -request
1531address; this causes messages to go out with the typical Internet convention
1532of using ``\c
1533.i list -request''
1534as the return address.
1535.sh 2 "User Information Database"
1536.pp
1537If you have a version of
1538.i sendmail
1539with the user information database
1540compiled in,
1541and you have specified one or more databases using the
1542.b U
1543option,
1544the databases will be searched for a
1545.i user :maildrop
1546entry.
1547If found, the mail will be sent to the specified address.
1548.sh 2 "Per-User Forwarding (.forward Files)"
1549.pp
1550As an alternative to the alias database,
1551any user may put a file with the name
1552.q .forward
1553in his or her home directory.
1554If this file exists,
1555.i sendmail
1556redirects mail for that user
1557to the list of addresses listed in the .forward file.
1558Note that aliases are fully expanded before forward files are referenced.
1559For example, if the home directory for user
1560.q mckusick
1561has a .forward file with contents:
1562.(b
1563mckusick@ernie
1564kirk@calder
1565.)b
1566then any mail arriving for
1567.q mckusick
1568will be redirected to the specified accounts.
1569.pp
1570Actually, the configuration file defines a sequence of filenames to check.
1571By default, this is the user's .forward file,
1572but can be defined to be more generally using the
1573.b ForwardPath
1574option.
1575If you change this,
1576you will have to inform your user base of the change;
1577\&.forward is pretty well incorporated into the collective subconscious.
1578.sh 2 "Special Header Lines"
1579.pp
1580Several header lines have special interpretations
1581defined by the configuration file.
1582Others have interpretations built into
1583.i sendmail
1584that cannot be changed without changing the code.
1585These builtins are described here.
1586.sh 3 "Errors-To:"
1587.pp
1588If errors occur anywhere during processing,
1589this header will cause error messages to go to
1590the listed addresses.
1591This is intended for mailing lists.
1592.pp
1593The Errors-To: header was created in the bad old days
1594when UUCP didn't understand the distinction between an envelope and a header;
1595this was a hack to provide what should now be passed
1596as the envelope sender address.
1597It should go away.
1598It is only used if the
1599.b UseErrorsTo
1600option is set.
1601.pp
1602The Errors-To: header is officially deprecated
1603and will go away in a future release.
1604.sh 3 "Apparently-To:"
1605.pp
1606RFC 822 requires at least one recipient field
1607(To:, Cc:, or Bcc: line)
1608in every message.
1609If a message comes in with no recipients listed in the message
1610then
1611.i sendmail
1612will adjust the header based on the
1613.q NoRecipientAction
1614option.
1615One of the possible actions is to add an
1616.q "Apparently-To:"
1617header line for any recipients it is aware of.
1618.pp
1619The Apparently-To: header is non-standard
1620and is deprecated.
1621.sh 3 "Precedence"
1622.pp
1623The Precedence: header can be used as a crude control of message priority.
1624It tweaks the sort order in the queue
1625and can be configured to change the message timeout values.
1626The precedence of a message also controls how
1627delivery status notifications (DSNs)
1628are processed for that message.
1629.sh 2 "IDENT Protocol Support"
1630.pp
1631.i Sendmail
1632supports the IDENT protocol as defined in RFC 1413.
1633Note that the RFC states
1634a client should wait at least 30 seconds for a response.
1635The default Timeout.ident is 5 seconds
1636as many sites have adopted the practice of dropping IDENT queries.
1637This has lead to delays processing mail.
1638Although this enhances identification
1639of the author of an email message
1640by doing a ``call back'' to the originating system to include
1641the owner of a particular TCP connection
1642in the audit trail
1643it is in no sense perfect;
1644a determined forger can easily spoof the IDENT protocol.
1645The following description is excerpted from RFC 1413:
1646.ba +5
1647.lp
16486. Security Considerations
1649.lp
1650The information returned by this protocol is at most as trustworthy
1651as the host providing it OR the organization operating the host. For
1652example, a PC in an open lab has few if any controls on it to prevent
1653a user from having this protocol return any identifier the user
1654wants. Likewise, if the host has been compromised the information
1655returned may be completely erroneous and misleading.
1656.lp
1657The Identification Protocol is not intended as an authorization or
1658access control protocol. At best, it provides some additional
1659auditing information with respect to TCP connections. At worst, it
1660can provide misleading, incorrect, or maliciously incorrect
1661information.
1662.lp
1663The use of the information returned by this protocol for other than
1664auditing is strongly discouraged. Specifically, using Identification
1665Protocol information to make access control decisions - either as the
1666primary method (i.e., no other checks) or as an adjunct to other
1667methods may result in a weakening of normal host security.
1668.lp
1669An Identification server may reveal information about users,
1670entities, objects or processes which might normally be considered
1671private. An Identification server provides service which is a rough
1672analog of the CallerID services provided by some phone companies and
1673many of the same privacy considerations and arguments that apply to
1674the CallerID service apply to Identification. If you wouldn't run a
1675"finger" server due to privacy considerations you may not want to run
1676this protocol.
1677.ba
1678.lp
1679In some cases your system may not work properly with IDENT support
1680due to a bug in the TCP/IP implementation.
1681The symptoms will be that for some hosts
1682the SMTP connection will be closed
1683almost immediately.
1684If this is true or if you do not want to use IDENT,
1685you should set the IDENT timeout to zero;
1686this will disable the IDENT protocol.
1687.sh 1 "ARGUMENTS"
1688.pp
1689The complete list of arguments to
1690.i sendmail
1691is described in detail in Appendix A.
1692Some important arguments are described here.
1693.sh 2 "Queue Interval"
1694.pp
1695The amount of time between forking a process
1696to run through the queue
1697is defined by the
1698.b \-q
1699flag.
1700If you run with delivery mode set to
1701.b i
1702or
1703.b b
1704this can be relatively large,
1705since it will only be relevant
1706when a host that was down comes back up.
1707If you run in
1708.b q
1709mode
1710it should be relatively short,
1711since it defines the maximum amount of time that a message
1712may sit in the queue.
1713(See also the MinQueueAge option.)
1714.pp
1715RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
1716(although that probably doesn't make sense if you use ``queue-only'' mode).
1717.sh 2 "Daemon Mode"
1718.pp
1719If you allow incoming mail over an IPC connection,
1720you should have a daemon running.
1721This should be set by your
1722.i /etc/rc
1723file using the
1724.b \-bd
1725flag.
1726The
1727.b \-bd
1728flag and the
1729.b \-q
1730flag may be combined in one call:
1731.(b
1732/usr/\*(SD/sendmail \-bd \-q30m
1733.)b
1734.pp
1735An alternative approach is to invoke sendmail from
1736.i inetd (8)
1737(use the
1738.b \-bs
1739flag to ask sendmail to speak SMTP on its standard input and output).
1740This works and allows you to wrap
1741.i sendmail
1742in a TCP wrapper program,
1743but may be a bit slower since the configuration file
1744has to be re-read on every message that comes in.
1745If you do this, you still need to have a
1746.i sendmail
1747running to flush the queue:
1748.(b
1749/usr/\*(SD/sendmail \-q30m
1750.)b
1751.sh 2 "Forcing the Queue"
1752.pp
1753In some cases you may find that the queue has gotten clogged for some reason.
1754You can force a queue run
1755using the
1756.b \-q
1757flag (with no value).
1758It is entertaining to use the
1759.b \-v
1760flag (verbose)
1761when this is done to watch what happens:
1762.(b
1763/usr/\*(SD/sendmail \-q \-v
1764.)b
1765.pp
1766You can also limit the jobs to those with a particular queue identifier,
1767sender, or recipient
1768using one of the queue modifiers.
1769For example,
1770.q \-qRberkeley
1771restricts the queue run to jobs that have the string
1772.q berkeley
1773somewhere in one of the recipient addresses.
1774Similarly,
1775.q \-qSstring
1776limits the run to particular senders and
1777.q \-qIstring
1778limits it to particular queue identifiers.
1779.sh 2 "Debugging"
1780.pp
1781There are a fairly large number of debug flags
1782built into
1783.i sendmail .
1784Each debug flag has a number and a level,
1785where higher levels means to print out more information.
1786The convention is that levels greater than nine are
1787.q absurd,
1788i.e.,
1789they print out so much information that you wouldn't normally
1790want to see them except for debugging that particular piece of code.
1791Debug flags are set using the
1792.b \-d
1793option;
1794the syntax is:
1795.(b
1796.ta \w'debug-option 'u
1797debug-flag: \fB\-d\fP debug-list
1798debug-list: debug-option [ , debug-option ]*
1799debug-option: debug-range [ . debug-level ]
1800debug-range: integer | integer \- integer
1801debug-level: integer
1802.)b
1803where spaces are for reading ease only.
1804For example,
1805.(b
1806\-d12 Set flag 12 to level 1
1807\-d12.3 Set flag 12 to level 3
1808\-d3\-17 Set flags 3 through 17 to level 1
1809\-d3\-17.4 Set flags 3 through 17 to level 4
1810.)b
1811For a complete list of the available debug flags
1812you will have to look at the code
1813and the
1814.i TRACEFLAGS
1815file in the sendmail distribution
1816(they are too dynamic to keep this document up to date).
1817.sh 2 "Changing the Values of Options"
1818.pp
1819Options can be overridden using the
1820.b \-o
1821or
1822.b \-O
1823command line flags.
1824For example,
1825.(b
1826/usr/\*(SD/sendmail \-oT2m
1827.)b
1828sets the
1829.b T
1830(timeout) option to two minutes
1831for this run only;
1832the equivalent line using the long option name is
1833.(b
1834/usr/\*(SD/sendmail -OTimeout.queuereturn=2m
1835.)b
1836.pp
1837Some options have security implications.
1838Sendmail allows you to set these,
1839but relinquishes its setuid root permissions thereafter\**.
1840.(f
1841\**That is, it sets its effective uid to the real uid;
1842thus, if you are executing as root,
1843as from root's crontab file or during system startup
1844the root permissions will still be honored.
1845.)f
1846.sh 2 "Trying a Different Configuration File"
1847.pp
1848An alternative configuration file
1849can be specified using the
1850.b \-C
1851flag; for example,
1852.(b
1853/usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
1854.)b
1855uses the configuration file
1856.i test.cf
1857instead of the default
1858.i /etc/mail/sendmail.cf.
1859If the
1860.b \-C
1861flag has no value
1862it defaults to
1863.i sendmail.cf
1864in the current directory.
1865.pp
1866.i Sendmail
1867gives up its setuid root permissions
1868when you use this flag, so it is common to use a publicly writable directory
1869(such as /tmp)
1870as the queue directory (QueueDirectory or Q option) while testing.
1871.sh 2 "Logging Traffic"
1872.pp
1873Many SMTP implementations do not fully implement the protocol.
1874For example, some personal computer based SMTPs
1875do not understand continuation lines in reply codes.
1876These can be very hard to trace.
1877If you suspect such a problem, you can set traffic logging using the
1878.b \-X
1879flag.
1880For example,
1881.(b
1882/usr/\*(SD/sendmail \-X /tmp/traffic \-bd
1883.)b
1884will log all traffic in the file
1885.i /tmp/traffic .
1886.pp
1887This logs a lot of data very quickly and should
1888.b NEVER
1889be used
1890during normal operations.
1891After starting up such a daemon,
1892force the errant implementation to send a message to your host.
1893All message traffic in and out of
1894.i sendmail ,
1895including the incoming SMTP traffic,
1896will be logged in this file.
1897.sh 2 "Testing Configuration Files"
1898.pp
1899When you build a configuration table,
1900you can do a certain amount of testing
1901using the
1902.q "test mode"
1903of
1904.i sendmail .
1905For example,
1906you could invoke
1907.i sendmail
1908as:
1909.(b
1910sendmail \-bt \-Ctest.cf
1911.)b
1912which would read the configuration file
1913.q test.cf
1914and enter test mode.
1915In this mode,
1916you enter lines of the form:
1917.(b
1918rwset address
1919.)b
1920where
1921.i rwset
1922is the rewriting set you want to use
1923and
1924.i address
1925is an address to apply the set to.
1926Test mode shows you the steps it takes
1927as it proceeds,
1928finally showing you the address it ends up with.
1929You may use a comma separated list of rwsets
1930for sequential application of rules to an input.
1931For example:
1932.(b
19333,1,21,4 monet:bollard
1934.)b
1935first applies ruleset three to the input
1936.q monet:bollard.
1937Ruleset one is then applied to the output of ruleset three,
1938followed similarly by rulesets twenty-one and four.
1939.pp
1940If you need more detail,
1941you can also use the
1942.q \-d21
1943flag to turn on more debugging.
1944For example,
1945.(b
1946sendmail \-bt \-d21.99
1947.)b
1948turns on an incredible amount of information;
1949a single word address
1950is probably going to print out several pages worth of information.
1951.pp
1952You should be warned that internally,
1953.i sendmail
1954applies ruleset 3 to all addresses.
1955In test mode
1956you will have to do that manually.
1957For example, older versions allowed you to use
1958.(b
19590 bruce@broadcast.sony.com
1960.)b
1961This version requires that you use:
1962.(b
19633,0 bruce@broadcast.sony.com
1964.)b
1965.pp
1966As of version 8.7,
1967some other syntaxes are available in test mode:
1968.bu
1969\&.D\|x\|value
1970defines macro
1971.i x
1972to have the indicated
1973.i value .
1974This is useful when debugging rules that use the
1975.b $& \c
1976.i x
1977syntax.
1978.bu
1979\&.C\|c\|value
1980adds the indicated
1981.i value
1982to class
1983.i c .
1984.bu
1985\&.S\|ruleset
1986dumps the contents of the indicated ruleset.
1987.bu
1988\-d\|debug-spec
1989is equivalent to the command-line flag.
1990.sh 2 "Persistent Host Status Information"
1991.pp
1992When
1993.b HostStatusDirectory
1994is enabled,
1995information about the status of hosts is maintained on disk
1996and can thus be shared between different instantiations of
1997.i sendmail .
1998The status of the last connection with each remote host
1999may be viewed with the command:
2000.(b
2001sendmail \-bh
2002.)b
2003This information may be flushed with the command:
2004.(b
2005sendmail \-bH
2006.)b
2007Flushing the information prevents new
2008.i sendmail
2009processes from loading it,
2010but does not prevent existing processes from using the status information
2011that they already have.
2012.sh 1 "TUNING"
2013.pp
2014There are a number of configuration parameters
2015you may want to change,
2016depending on the requirements of your site.
2017Most of these are set
2018using an option in the configuration file.
2019For example,
2020the line
2021.q "O Timeout.queuereturn=5d"
2022sets option
2023.q Timeout.queuereturn
2024to the value
2025.q 5d
2026(five days).
2027.pp
2028Most of these options have appropriate defaults for most sites.
2029However,
2030sites having very high mail loads may find they need to tune them
2031as appropriate for their mail load.
2032In particular,
2033sites experiencing a large number of small messages,
2034many of which are delivered to many recipients,
2035may find that they need to adjust the parameters
2036dealing with queue priorities.
2037.pp
2038All versions of
2039.i sendmail
2040prior to 8.7
2041had single character option names.
2042As of 8.7,
2043options have long (multi-character names).
2044Although old short names are still accepted,
2045most new options do not have short equivalents.
2046.pp
2047This section only describes the options you are most likely
2048to want to tweak;
2049read section
2050.\"XREF
20515
2052for more details.
2053.sh 2 "Timeouts"
2054.pp
2055All time intervals are set
2056using a scaled syntax.
2057For example,
2058.q 10m
2059represents ten minutes, whereas
2060.q 2h30m
2061represents two and a half hours.
2062The full set of scales is:
2063.(b
2064.ta 4n
2065s seconds
2066m minutes
2067h hours
2068d days
2069w weeks
2070.)b
2071.sh 3 "Queue interval"
2072.pp
2073The argument to the
2074.b \-q
2075flag
2076specifies how often a sub-daemon will run the queue.
2077This is typically set to between fifteen minutes
2078and one hour.
2079If not set,
2080or set to zero,
2081the queue will not be run automatically.
2082RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
2083.sh 3 "Read timeouts"
2084.pp
2085Timeouts all have option names
2086.q Timeout.\fIsuboption\fP .
2087The recognized
2088.i suboption s,
2089their default values, and the minimum values
2090allowed by RFC 1123 section 5.3.2 are:
2091.nr ii 1i
2092.ip connect
2093The time to wait for an SMTP connection to open
2094(the
2095.i connect (2)
2096system call)
2097[0, unspecified].
2098If zero, uses the kernel default.
2099In no case can this option extend the timeout
2100longer than the kernel provides, but it can shorten it.
2101This is to get around kernels that provide an absurdly long connection timeout
2102(90 minutes in one case).
2103.ip iconnect
2104The same as
2105.i connect,
2106except it applies only to the initial attempt to connect to a host
2107for a given message
2108[0, unspecified].
2109The concept is that this should be very short (a few seconds);
2110hosts that are well connected and responsive will thus be serviced immediately.
2111Hosts that are slow will not hold up other deliveries in the initial
2112delivery attempt.
2113.ip initial
2114The wait for the initial 220 greeting message
2115[5m, 5m].
2116.ip helo
2117The wait for a reply from a HELO or EHLO command
2118[5m, unspecified].
2119This may require a host name lookup, so
2120five minutes is probably a reasonable minimum.
2121.ip mail\(dg
2122The wait for a reply from a MAIL command
2123[10m, 5m].
2124.ip rcpt\(dg
2125The wait for a reply from a RCPT command
2126[1h, 5m].
2127This should be long
2128because it could be pointing at a list
2129that takes a long time to expand
2130(see below).
2131.ip datainit\(dg
2132The wait for a reply from a DATA command
2133[5m, 2m].
2134.ip datablock\(dg\(dd
2135The wait for reading a data block
2136(that is, the body of the message).
2137[1h, 3m].
2138This should be long because it also applies to programs
2139piping input to
2140.i sendmail
2141which have no guarantee of promptness.
2142.ip datafinal\(dg
2143The wait for a reply from the dot terminating a message.
2144[1h, 10m].
2145If this is shorter than the time actually needed
2146for the receiver to deliver the message,
2147duplicates will be generated.
2148This is discussed in RFC 1047.
2149.ip rset
2150The wait for a reply from a RSET command
2151[5m, unspecified].
2152.ip quit
2153The wait for a reply from a QUIT command
2154[2m, unspecified].
2155.ip misc
2156The wait for a reply from miscellaneous (but short) commands
2157such as NOOP (no-operation) and VERB (go into verbose mode).
2158[2m, unspecified].
2159.ip command\(dg\(dd
2160In server SMTP,
2161the time to wait for another command.
2162[1h, 5m].
2163.ip ident\(dd
2164The timeout waiting for a reply to an IDENT query
2165[30s\**, unspecified].
2166.(f
2167\**On some systems the default is zero to turn the protocol off entirely.
2168.)f
2169.ip fileopen\(dd
2170The timeout for opening .forward and :include: files [60s, none].
2171.ip control\(dd
2172The timeout for a complete control socket transaction to complete [2m, none].
2173.ip hoststatus\(dd
2174How long status information about a host
2175(e.g., host down)
2176will be cached before it is considered stale
2177[30m, unspecified].
2178.ip resolver.retrans
2179The resolver's
2180retransmission time interval
2181(in seconds)
2182[varies].
2183Sets both
2184.i Timeout.resolver.retrans.first
2185and
2186.i Timeout.resolver.retrans.normal .
2187.ip resolver.retrans.first
2188The resolver's
2189retransmission time interval
2190(in seconds)
2191for the first attempt to
2192deliver a message
2193[varies].
2194.ip resolver.retrans.normal
2195The resolver's
2196retransmission time interval
2197(in seconds)
2198for all resolver lookups
2199except the first delivery attempt
2200[varies].
2201.ip resolver.retry
2202The number of times
2203to retransmit a resolver query.
2204Sets both
2205.i Timeout.resolver.retry.first
2206and
2207.i Timeout.resolver.retry.normal
2208[varies].
2209.ip resolver.retry.first
2210The number of times
2211to retransmit a resolver query
2212for the first attempt
2213to deliver a message
2214[varies].
2215.ip resolver.retry.normal
2216The number of times
2217to retransmit a resolver query
2218for all resolver lookups
2219 except the first delivery attempt
2220[varies].
2221.lp
2222For compatibility with old configuration files,
2223if no
2224.i suboption
2225is specified,
2226all the timeouts marked with
2227.DG
2228(\(dg) are set to the indicated value.
2229All but those marked with
2230.DD
2231(\(dd) apply to client SMTP.
2232.pp
2233Many of the RFC 1123 minimum values
2234may well be too short.
2235.i Sendmail
2236was designed to the RFC 822 protocols,
2237which did not specify read timeouts;
2238hence, versions of
2239.i sendmail
2240prior to version 8.1 did not guarantee to reply to messages promptly.
2241In particular, a
2242.q RCPT
2243command specifying a mailing list
2244will expand and verify the entire list;
2245a large list on a slow system
2246may easily take more than five minutes\**.
2247.(f
2248\**This verification includes looking up every address
2249with the name server;
2250this involves network delays,
2251and can in some cases can be considerable.
2252.)f
2253I recommend a one hour timeout \*-
2254since a communications failure during the RCPT phase is rare,
2255a long timeout is not onerous
2256and may ultimately help reduce network load
2257and duplicated messages.
2258.pp
2259For example, the lines:
2260.(b
2261O Timeout.command=25m
2262O Timeout.datablock=3h
2263.)b
2264sets the server SMTP command timeout to 25 minutes
2265and the input data block timeout to three hours.
2266.sh 3 "Message timeouts"
2267.pp
2268After sitting in the queue for a few days,
2269a message will time out.
2270This is to insure that at least the sender is aware
2271of the inability to send a message.
2272The timeout is typically set to five days.
2273It is sometimes considered convenient to also send a warning message
2274if the message is in the queue longer than a few hours
2275(assuming you normally have good connectivity;
2276if your messages normally took several hours to send
2277you wouldn't want to do this because it wouldn't be an unusual event).
2278These timeouts are set using the
2279.b Timeout.queuereturn
2280and
2281.b Timeout.queuewarn
2282options in the configuration file
2283(previously both were set using the
2284.b T
2285option).
2286.pp
2287If the message is submitted using the
2288.sm NOTIFY
2289.sm SMTP
2290extension,
2291warning messages will only be sent if
2292.sm NOTIFY=DELAY
2293is specified.
2294The queuereturn and queuewarn timeouts
2295can be further qualified with a tag based on the Precedence: field
2296in the message;
2297they must be one of
2298.q urgent
2299(indicating a positive non-zero precedence)
2300.q normal
2301(indicating a zero precedence), or
2302.q non-urgent
2303(indicating negative precedences).
2304For example, setting
2305.q Timeout.queuewarn.urgent=1h
2306sets the warning timeout for urgent messages only
2307to one hour.
2308The default if no precedence is indicated
2309is to set the timeout for all precedences.
2310The value "now" can be used for
2311-O Timeout.queuereturn
2312to return entries immediately during a queue run,
2313e.g., to bounce messages independent of their time in the queue.
2314.pp
2315Since these options are global,
2316and since you can not know
2317.i "a priori"
2318how long another host outside your domain will be down,
2319a five day timeout is recommended.
2320This allows a recipient to fix the problem even if it occurs
2321at the beginning of a long weekend.
2322RFC 1123 section 5.3.1.1 says that this parameter
2323should be ``at least 4\-5 days''.
2324.pp
2325The
2326.b Timeout.queuewarn
2327value can be piggybacked on the
2328.b T
2329option by indicating a time after which
2330a warning message should be sent;
2331the two timeouts are separated by a slash.
2332For example, the line
2333.(b
2334OT5d/4h
2335.)b
2336causes email to fail after five days,
2337but a warning message will be sent after four hours.
2338This should be large enough that the message will have been tried
2339several times.
2340.sh 2 "Forking During Queue Runs"
2341.pp
2342By setting the
2343.b ForkEachJob
2344(\c
2345.b Y )
2346option,
2347.i sendmail
2348will fork before each individual message
2349while running the queue.
2350This will prevent
2351.i sendmail
2352from consuming large amounts of memory,
2353so it may be useful in memory-poor environments.
2354However, if the
2355.b ForkEachJob
2356option is not set,
2357.i sendmail
2358will keep track of hosts that are down during a queue run,
2359which can improve performance dramatically.
2360.pp
2361If the
2362.b ForkEachJob
2363option is set,
2364.i sendmail
2365can not use connection caching.
2366.sh 2 "Queue Priorities"
2367.pp
2368Every message is assigned a priority when it is first instantiated,
2369consisting of the message size (in bytes)
2370offset by the message class
2371(which is determined from the Precedence: header)
2372times the
2373.q "work class factor"
2374and the number of recipients times the
2375.q "work recipient factor."
2376The priority is used to order the queue.
2377Higher numbers for the priority mean that the message will be processed later
2378when running the queue.
2379.pp
2380The message size is included so that large messages are penalized
2381relative to small messages.
2382The message class allows users to send
2383.q "high priority"
2384messages by including a
2385.q Precedence:
2386field in their message;
2387the value of this field is looked up in the
2388.b P
2389lines of the configuration file.
2390Since the number of recipients affects the amount of load a message presents
2391to the system,
2392this is also included into the priority.
2393.pp
2394The recipient and class factors
2395can be set in the configuration file using the
2396.b RecipientFactor
2397(\c
2398.b y )
2399and
2400.b ClassFactor
2401(\c
2402.b z )
2403options respectively.
2404They default to 30000 (for the recipient factor)
2405and 1800
2406(for the class factor).
2407The initial priority is:
2408.EQ
2409pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
2410.EN
2411(Remember, higher values for this parameter actually mean
2412that the job will be treated with lower priority.)
2413.pp
2414The priority of a job can also be adjusted each time it is processed
2415(that is, each time an attempt is made to deliver it)
2416using the
2417.q "work time factor,"
2418set by the
2419.b RetryFactor
2420(\c
2421.b Z )
2422option.
2423This is added to the priority,
2424so it normally decreases the precedence of the job,
2425on the grounds that jobs that have failed many times
2426will tend to fail again in the future.
2427The
2428.b RetryFactor
2429option defaults to 90000.
2430.sh 2 "Load Limiting"
2431.pp
2432.i Sendmail
2433can be asked to queue (but not deliver)
2434mail if the system load average gets too high
2435using the
2436.b QueueLA
2437(\c
2438.b x )
2439option.
2440When the load average exceeds the value of the
2441.b QueueLA
2442option,
2443the delivery mode is set to
2444.b q
2445(queue only)
2446if the
2447.b QueueFactor
2448(\c
2449.b q )
2450option divided by the difference in the current load average and the
2451.b QueueLA
2452option
2453plus one
2454is less than the priority of the message \(em
2455that is, the message is queued iff:
2456.EQ
2457pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
2458.EN
2459The
2460.b QueueFactor
2461option defaults to 600000,
2462so each point of load average is worth 600000
2463priority points
2464(as described above).
2465.pp
2466For drastic cases,
2467the
2468.b RefuseLA
2469(\c
2470.b X )
2471option defines a load average at which
2472.i sendmail
2473will refuse
2474to accept network connections.
2475Locally generated mail
2476(including incoming UUCP mail)
2477is still accepted.
2478.sh 2 "Delivery Mode"
2479.pp
2480There are a number of delivery modes that
2481.i sendmail
2482can operate in,
2483set by the
2484.b DeliveryMode
2485(\c
2486.b d )
2487configuration option.
2488These modes
2489specify how quickly mail will be delivered.
2490Legal modes are:
2491.(b
2492.ta 4n
2493i deliver interactively (synchronously)
2494b deliver in background (asynchronously)
2495q queue only (don't deliver)
2496d defer delivery attempts (don't deliver)
2497.)b
2498There are tradeoffs.
2499Mode
2500.q i
2501gives the sender the quickest feedback,
2502but may slow down some mailers and
2503is hardly ever necessary.
2504Mode
2505.q b
2506delivers promptly but
2507can cause large numbers of processes
2508if you have a mailer that takes a long time to deliver a message.
2509Mode
2510.q q
2511minimizes the load on your machine,
2512but means that delivery may be delayed for up to the queue interval.
2513Mode
2514.q d
2515is identical to mode
2516.q q
2517except that it also prevents all the early map lookups from working;
2518it is intended for ``dial on demand'' sites where DNS lookups
2519might cost real money.
2520Some simple error messages
2521(e.g., host unknown during the SMTP protocol)
2522will be delayed using this mode.
2523Mode
2524.q b
2525is the usual default.
2526.pp
2527If you run in mode
2528.q q
2529(queue only),
2530.q d
2531(defer),
2532or
2533.q b
2534(deliver in background)
2535.i sendmail
2536will not expand aliases and follow .forward files
2537upon initial receipt of the mail.
2538This speeds up the response to RCPT commands.
2539Mode
2540.q i
2541cannot be used by the SMTP server.
2542.sh 2 "Log Level"
2543.pp
2544The level of logging can be set for
2545.i sendmail .
2546The default using a standard configuration table is level 9.
2547The levels are as follows:
2548.nr ii 0.5i
2549.ip 0
2550Minimal logging.
2551.ip 1
2552Serious system failures and potential security problems.
2553.ip 2
2554Lost communications (network problems) and protocol failures.
2555.ip 3
2556Other serious failures, malformed addresses, transient forward/include
2557errors, connection timeouts.
2558.ip 4
2559Minor failures, out of date alias databases, connection rejections
2560via check_ rulesets.
2561.ip 5
2562Message collection statistics.
2563.ip 6
2564Creation of error messages,
2565VRFY and EXPN commands.
2566.ip 7
2567Delivery failures (host or user unknown, etc.).
2568.ip 8
2569Successful deliveries and alias database rebuilds.
2570.ip 9
2571Messages being deferred
2572(due to a host being down, etc.).
2573.ip 10
2574Database expansion (alias, forward, and userdb lookups)
2575and authentication information.
2576.ip 11
2577NIS errors and end of job processing.
2578.ip 12
2579Logs all SMTP connections.
2580.ip 13
2581Log bad user shells, files with improper permissions, and other
2582questionable situations.
2583.ip 14
2584Logs refused connections.
2585.ip 15
2586Log all incoming and outgoing SMTP commands.
2587.ip 20
2588Logs attempts to run locked queue files.
2589These are not errors,
2590but can be useful to note if your queue appears to be clogged.
2591.ip 30
2592Lost locks (only if using lockf instead of flock).
2593.lp
2594Additionally,
2595values above 64 are reserved for extremely verbose debugging output.
2596No normal site would ever set these.
2597.sh 2 "File Modes"
2598.pp
2599The modes used for files depend on what functionality you want
2600and the level of security you require.
2601In many cases
2602.i sendmail
2603does careful checking of the modes
2604of files and directories
2605to avoid accidental compromise;
2606if you want to make it possible to have group-writable support files
2607you may need to use the
2608.b DontBlameSendmail
2609option to turn off some of these checks.
2610.sh 3 "To suid or not to suid?"
2611.pp
2612.i Sendmail
2613is normally installed
2614setuid to root.
2615At the point where it is about to
2616.i exec \|(2)
2617a mailer,
2618it checks to see if the userid is zero (root);
2619if so,
2620it resets the userid and groupid to a default
2621(set by the
2622.b U=
2623equate in the mailer line;
2624if that is not set, the
2625.b DefaultUser
2626option is used).
2627This can be overridden
2628by setting the
2629.b S
2630flag to the mailer
2631for mailers that are trusted
2632and must be called as root.
2633However,
2634this will cause mail processing
2635to be accounted
2636(using
2637.i sa \|(8))
2638to root
2639rather than to the user sending the mail.
2640.pp
2641If you don't make
2642.i sendmail
2643setuid to root, it will still run but you lose a lot of functionality
2644and a lot of privacy, since you'll have to make the queue directory
2645world readable.
2646You could also make
2647.i sendmail
2648setuid to some pseudo-user
2649(e.g., create a user called
2650.q sendmail
2651and make
2652.i sendmail
2653setuid to that)
2654which will fix the privacy problems
2655but not the functionality issues.
2656It also introduces problems on some operating systems
2657if sendmail needs to give up the setuid special privileges.
2658Also, this isn't a guarantee of security:
2659for example,
2660root occasionally sends mail,
2661and the daemon often runs as root.
2662Note however that
2663.i sendmail
2664must run as root or the trusted user in order to create the SMTP listener
2665socket.
2666.pp
2667A middle ground is to make
2668.i sendmail
2669setuid to root,
2670but set the
2671.b RunAsUser
2672option.
2673This causes
2674.i sendmail
2675to become the indicated user as soon as it has done the startup
2676that requires root privileges
2677(primarily, opening the
2678.sm SMTP
2679socket).
2680If you use
2681.b RunAsUser ,
2682the queue directory
2683(normally
2684.i /var/spool/mqueue )
2685should be owned by that user,
2686and all files and databases
2687(including user
2688.i \&.forward
2689files,
2690alias files,
2691:include: files,
2692and external databases)
2693must be readable by that user.
2694Also, since sendmail will not be able to change it's uid,
2695delivery to programs or files will be marked as unsafe,
2696e.g., undeliverable,
2697in
2698.i \&.forward ,
2699aliases,
2700and :include: files.
2701Administrators can override this by setting the
2702.b DontBlameSendmail
2703option to the setting
2704.b NonRootSafeAddr .
2705.b RunAsUser
2706is probably best suited for firewall configurations
2707that don't have regular user logins.
2708.sh 3 "Turning off security checks"
2709.pp
2710.i Sendmail
2711is very particular about the modes of files that it reads or writes.
2712For example, by default it will refuse to read most files
2713that are group writable
2714on the grounds that they might have been tampered with
2715by someone other than the owner;
2716it will even refuse to read files in group writable directories.
2717.pp
2718If you are
2719.i quite
2720sure that your configuration is safe and you want
2721.i sendmail
2722to avoid these security checks,
2723you can turn off certain checks using the
2724.b DontBlameSendmail
2725option.
2726This option takes one or more names that disable checks.
2727In the descriptions that follow,
2728.q "unsafe directory"
2729means a directory that is writable by anyone other than the owner.
2730The values are:
2731.nr ii 0.5i
2732.ip Safe
2733No special handling.
2734.ip AssumeSafeChown
2735Assume that the
2736.i chown
2737system call is restricted to root.
2738Since some versions of UNIX permit regular users
2739to give away their files to other users on some filesystems,
2740.i sendmail
2741often cannot assume that a given file was created by the owner,
2742particularly when it is in a writable directory.
2743You can set this flag if you know that file giveaway is restricted
2744on your system.
2745.ip ClassFileInUnsafeDirPath
2746When reading class files (using the
2747.b F
2748line in the configuration file),
2749allow files that are in unsafe directories.
2750.ip DontWarnForwardFileInUnsafeDirPath
2751Prevent logging of
2752unsafe directory path warnings
2753for non-existent forward files.
2754.ip ErrorHeaderInUnsafeDirPath
2755Allow the file named in the
2756.b ErrorHeader
2757option to be in an unsafe directory.
2758.ip FileDeliveryToHardLink
2759Allow delivery to files that are hard links.
2760.ip FileDeliveryToSymLink
2761Allow delivery to files that are symbolic links.
2762.ip ForwardFileInGroupWritableDirPath
2763Allow
2764.i \&.forward
2765files in group writable directories.
2766.ip ForwardFileInUnsafeDirPath
2767Allow
2768.i \&.forward
2769files in unsafe directories.
2770.ip ForwardFileInUnsafeDirPathSafe
2771Allow a
2772.i \&.forward
2773file that is in an unsafe directory to include references
2774to program and files.
2775.ip GroupWritableAliasFile
2776Allow group-writable alias files.
2777.ip GroupWritableDirPathSafe
2778Change the definition of
2779.q "unsafe directory"
2780to consider group-writable directories to be safe.
2781World-writable directories are always unsafe.
2782.ip GroupWritableForwardFileSafe
2783Accept group-writable
2784.i \&.forward
2785files as safe for program and file delivery.
2786.ip GroupWritableIncludeFileSafe
2787Accept group-writable
2788.i :include:
2789files as safe for program and file delivery.
2790.ip HelpFileInUnsafeDirPath
2791Allow the file named in the
2792.b HelpFile
2793option to be in an unsafe directory.
2794.ip IncludeFileInGroupWritableDirPath
2795Allow
2796.i :include:
2797files in group writable directories.
2798.ip IncludeFileInUnsafeDirPath
2799Allow
2800.i :include:
2801files in unsafe directories.
2802.ip IncludeFileInUnsafeDirPathSafe
2803Allow a
2804.i :include:
2805file that is in an unsafe directory to include references
2806to program and files.
2807.ip InsufficientEntropy
2808Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
2809despite the security problems.
2810.ip LinkedAliasFileInWritableDir
2811Allow an alias file that is a link in a writable directory.
2812.ip LinkedClassFileInWritableDir
2813Allow class files that are links in writable directories.
2814.ip LinkedForwardFileInWritableDir
2815Allow
2816.i \&.forward
2817files that are links in writable directories.
2818.ip LinkedIncludeFileInWritableDir
2819Allow
2820.i :include:
2821files that are links in writable directories.
2822.ip LinkedMapInWritableDir
2823Allow map files that are links in writable directories.
2824.ip LinkedServiceSwitchFileInWritableDir
2825Allow the service switch file to be a link
2826even if the directory is writable.
2827.ip MapInUnsafeDirPath
2828Allow maps (e.g.,
2829.i hash ,
2830.i btree ,
2831and
2832.i dbm
2833files)
2834in unsafe directories.
2835.ip NonRootSafeAddr
2836Do not mark file and program deliveries as unsafe
2837if sendmail is not running with root privileges.
2838.ip RunProgramInUnsafeDirPath
2839Go ahead and run programs that are in writable directories.
2840.ip RunWritableProgram
2841Go ahead and run programs that are group- or world-writable.
2842.ip TrustStickyBit
2843Allow group or world writable directories
2844if the sticky bit is set on the directory.
2845Do not set this on systems which do not honor
2846the sticky bit on directories.
2847.ip WorldWritableAliasFile
2848Accept world-writable alias files.
2849.ip WriteMapToHardLink
2850Allow writes to maps that are hard links.
2851.ip WriteMapToSymLink
2852Allow writes to maps that are symbolic links.
2853.ip WriteStatsToHardLink
2854Allow the status file to be a hard link.
2855.ip WriteStatsToSymLink
2856Allow the status file to be a symbolic link.
2857.sh 2 "Connection Caching"
2858.pp
2859When processing the queue,
2860.i sendmail
2861will try to keep the last few open connections open
2862to avoid startup and shutdown costs.
2863This only applies to IPC connections.
2864.pp
2865When trying to open a connection
2866the cache is first searched.
2867If an open connection is found, it is probed to see if it is still active
2868by sending a
2869.sm RSET
2870command.
2871It is not an error if this fails;
2872instead, the connection is closed and reopened.
2873.pp
2874Two parameters control the connection cache.
2875The
2876.b ConnectionCacheSize
2877(\c
2878.b k )
2879option defines the number of simultaneous open connections
2880that will be permitted.
2881If it is set to zero,
2882connections will be closed as quickly as possible.
2883The default is one.
2884This should be set as appropriate for your system size;
2885it will limit the amount of system resources that
2886.i sendmail
2887will use during queue runs.
2888Never set this higher than 4.
2889.pp
2890The
2891.b ConnectionCacheTimeout
2892(\c
2893.b K )
2894option specifies the maximum time that any cached connection
2895will be permitted to idle.
2896When the idle time exceeds this value
2897the connection is closed.
2898This number should be small
2899(under ten minutes)
2900to prevent you from grabbing too many resources
2901from other hosts.
2902The default is five minutes.
2903.sh 2 "Name Server Access"
2904.pp
2905Control of host address lookups is set by the
2906.b hosts
2907service entry in your service switch file.
2908If you are on a system that has built-in service switch support
2909(e.g., Ultrix, Solaris, or DEC OSF/1)
2910then your system is probably configured properly already.
2911Otherwise,
2912.i sendmail
2913will consult the file
2914.b /etc/mail/service.switch ,
2915which should be created.
2916.i Sendmail
2917only uses two entries:
2918.b hosts
2919and
2920.b aliases ,
2921although system routines may use other services
2922(notably the
2923.b passwd
2924service for user name lookups by
2925.i getpwname ).
2926.pp
2927However, some systems (such as SunOS 4.X)
2928will do DNS lookups
2929regardless of the setting of the service switch entry.
2930In particular, the system routine
2931.i gethostbyname (3)
2932is used to look up host names,
2933and many vendor versions try some combination of DNS, NIS,
2934and file lookup in /etc/hosts
2935without consulting a service switch.
2936.i Sendmail
2937makes no attempt to work around this problem,
2938and the DNS lookup will be done anyway.
2939If you do not have a nameserver configured at all,
2940such as at a UUCP-only site,
2941.i sendmail
2942will get a
2943.q "connection refused"
2944message when it tries to connect to the name server.
2945If the
2946.b hosts
2947switch entry has the service
2948.q dns
2949listed somewhere in the list,
2950.i sendmail
2951will interpret this to mean a temporary failure
2952and will queue the mail for later processing;
2953otherwise, it ignores the name server data.
2954.pp
2955The same technique is used to decide whether to do MX lookups.
2956If you want MX support, you
2957.i must
2958have
2959.q dns
2960listed as a service in the
2961.b hosts
2962switch entry.
2963.pp
2964The
2965.b ResolverOptions
2966(\c
2967.b I )
2968option allows you to tweak name server options.
2969The command line takes a series of flags as documented in
2970.i resolver (3)
2971(with the leading
2972.q RES_
2973deleted).
2974Each can be preceded by an optional `+' or `\(mi'.
2975For example, the line
2976.(b
2977O ResolverOptions=+AAONLY \(miDNSRCH
2978.)b
2979turns on the AAONLY (accept authoritative answers only)
2980and turns off the DNSRCH (search the domain path) options.
2981Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
2982flags on and all others off.
2983You can also include
2984.q HasWildcardMX
2985to specify that there is a wildcard MX record matching your domain;
2986this turns off MX matching when canonifying names,
2987which can lead to inappropriate canonifications.
2988.pp
2989Version level 1 configurations
2990turn DNSRCH and DEFNAMES off when doing delivery lookups,
2991but leave them on everywhere else.
2992Version 8 of
2993.i sendmail
2994ignores them when doing canonification lookups
2995(that is, when using $[ ... $]),
2996and always does the search.
2997If you don't want to do automatic name extension,
2998don't call $[ ... $].
2999.pp
3000The search rules for $[ ... $] are somewhat different than usual.
3001If the name being looked up
3002has at least one dot, it always tries the unmodified name first.
3003If that fails, it tries the reduced search path,
3004and lastly tries the unmodified name
3005(but only for names without a dot,
3006since names with a dot have already been tried).
3007This allows names such as
3008``utc.CS''
3009to match the site in Czechoslovakia
3010rather than the site in your local Computer Science department.
3011It also prefers A and CNAME records over MX records \*-
3012that is, if it finds an MX record it makes note of it,
3013but keeps looking.
3014This way, if you have a wildcard MX record matching your domain,
3015it will not assume that all names match.
3016.pp
3017To completely turn off all name server access
3018on systems without service switch support
3019(such as SunOS 4.X)
3020you will have to recompile with
3021\-DNAMED_BIND=0
3022and remove \-lresolv from the list of libraries to be searched
3023when linking.
3024.sh 2 "Moving the Per-User Forward Files"
3025.pp
3026Some sites mount each user's home directory
3027from a local disk on their workstation,
3028so that local access is fast.
3029However, the result is that .forward file lookups are slow.
3030In some cases,
3031mail can even be delivered on machines inappropriately
3032because of a file server being down.
3033The performance can be especially bad if you run the automounter.
3034.pp
3035The
3036.b ForwardPath
3037(\c
3038.b J )
3039option allows you to set a path of forward files.
3040For example, the config file line
3041.(b
3042O ForwardPath=/var/forward/$u:$z/.forward.$w
3043.)b
3044would first look for a file with the same name as the user's login
3045in /var/forward;
3046if that is not found (or is inaccessible)
3047the file
3048``.forward.\c
3049.i machinename ''
3050in the user's home directory is searched.
3051A truly perverse site could also search by sender
3052by using $r, $s, or $f.
3053.pp
3054If you create a directory such as /var/forward,
3055it should be mode 1777
3056(that is, the sticky bit should be set).
3057Users should create the files mode 644.
3058Note that you must use the
3059forwardfileinunsafedirpath and
3060forwardfileinunsafedirpathsafe
3061flags with the DontBlameSendmail option
3062to allow forward files in a world
3063writable directory.
3064This might also be used as a
3065denial of service
3066attack (users could create forward files for other users);
3067a better approach might be to create
3068/var/forward
3069mode 755
3070and create empty files for each user,
3071owned by that user,
3072mode 644.
3073If you do this, you don't have to set the DontBlameSendmail options
3074indicated above.
3075.sh 2 "Free Space"
3076.pp
3077On systems that have one of the system calls in the
3078.i statfs (2)
3079family
3080(including
3081.i statvfs
3082and
3083.i ustat ),
3084you can specify a minimum number of free blocks on the queue filesystem
3085using the
3086.b MinFreeBlocks
3087(\c
3088.b b )
3089option.
3090If there are fewer than the indicated number of blocks free
3091on the filesystem on which the queue is mounted
3092the SMTP server will reject mail
3093with the
3094452 error code.
3095This invites the SMTP client to try again later.
3096.pp
3097Beware of setting this option too high;
3098it can cause rejection of email
3099when that mail would be processed without difficulty.
3100.sh 2 "Maximum Message Size"
3101.pp
3102To avoid overflowing your system with a large message,
3103the
3104.b MaxMessageSize
3105option can be set to set an absolute limit
3106on the size of any one message.
3107This will be advertised in the ESMTP dialogue
3108and checked during message collection.
3109.sh 2 "Privacy Flags"
3110.pp
3111The
3112.b PrivacyOptions
3113(\c
3114.b p )
3115option allows you to set certain
3116``privacy''
3117flags.
3118Actually, many of them don't give you any extra privacy,
3119rather just insisting that client SMTP servers
3120use the HELO command
3121before using certain commands
3122or adding extra headers to indicate possible spoof attempts.
3123.pp
3124The option takes a series of flag names;
3125the final privacy is the inclusive or of those flags.
3126For example:
3127.(b
3128O PrivacyOptions=needmailhelo, noexpn
3129.)b
3130insists that the HELO or EHLO command be used before a MAIL command is accepted
3131and disables the EXPN command.
3132.pp
3133The flags are detailed in section
3134.\"XREF
31355.6.
3136.sh 2 "Send to Me Too"
3137.pp
3138Beginning with version 8.10,
3139.i sendmail
3140includes by default the (envelope) sender in any list expansions.
3141For example, if
3142.q matt
3143sends to a list that contains
3144.q matt
3145as one of the members he will get a copy of the message.
3146If the
3147.b MeToo
3148option is set to
3149.sm FALSE
3150(in the configuration file or via the command line),
3151this behavior is changed, i.e.,
3152the (envelope) sender is excluded in list expansions.
3153.sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
3154.pp
3155This section describes the configuration file
3156in detail.
3157.pp
3158There is one point that should be made clear immediately:
3159the syntax of the configuration file
3160is designed to be reasonably easy to parse,
3161since this is done every time
3162.i sendmail
3163starts up,
3164rather than easy for a human to read or write.
3165On the
3166.q "future project"
3167list is a
3168configuration-file compiler.
3169.pp
3170The configuration file is organized as a series of lines,
3171each of which begins with a single character
3172defining the semantics for the rest of the line.
3173Lines beginning with a space or a tab
3174are continuation lines
3175(although the semantics are not well defined in many places).
3176Blank lines and lines beginning with a sharp symbol
3177(`#')
3178are comments.
3179.sh 2 "R and S \*- Rewriting Rules"
3180.pp
3181The core of address parsing
3182are the rewriting rules.
3183These are an ordered production system.
3184.i Sendmail
3185scans through the set of rewriting rules
3186looking for a match on the left hand side
3187(LHS)
3188of the rule.
3189When a rule matches,
3190the address is replaced by the right hand side
3191(RHS)
3192of the rule.
3193.pp
3194There are several sets of rewriting rules.
3195Some of the rewriting sets are used internally
3196and must have specific semantics.
3197Other rewriting sets
3198do not have specifically assigned semantics,
3199and may be referenced by the mailer definitions
3200or by other rewriting sets.
3201.pp
3202The syntax of these two commands are:
3203.(b F
3204.b S \c
3205.i n
3206.)b
3207Sets the current ruleset being collected to
3208.i n .
3209If you begin a ruleset more than once
3210it appends to the old definition.
3211.(b F
3212.b R \c
3213.i lhs
3214.i rhs
3215.i comments
3216.)b
3217The
3218fields must be separated
3219by at least one tab character;
3220there may be embedded spaces
3221in the fields.
3222The
3223.i lhs
3224is a pattern that is applied to the input.
3225If it matches,
3226the input is rewritten to the
3227.i rhs .
3228The
3229.i comments
3230are ignored.
3231.pp
3232Macro expansions of the form
3233.b $ \c
3234.i x
3235are performed when the configuration file is read.
3236A literal
3237.b $
3238can be included using
3239.b $$ .
3240Expansions of the form
3241.b $& \c
3242.i x
3243are performed at run time using a somewhat less general algorithm.
3244This is intended only for referencing internally defined macros
3245such as
3246.b $h
3247that are changed at runtime.
3248.sh 3 "The left hand side"
3249.pp
3250The left hand side of rewriting rules contains a pattern.
3251Normal words are simply matched directly.
3252Metasyntax is introduced using a dollar sign.
3253The metasymbols are:
3254.(b
3255.ta \w'\fB$=\fP\fIx\fP 'u
3256\fB$*\fP Match zero or more tokens
3257\fB$+\fP Match one or more tokens
3258\fB$\-\fP Match exactly one token
3259\fB$=\fP\fIx\fP Match any phrase in class \fIx\fP
3260\fB$~\fP\fIx\fP Match any word not in class \fIx\fP
3261.)b
3262If any of these match,
3263they are assigned to the symbol
3264.b $ \c
3265.i n
3266for replacement on the right hand side,
3267where
3268.i n
3269is the index in the LHS.
3270For example,
3271if the LHS:
3272.(b
3273$\-:$+
3274.)b
3275is applied to the input:
3276.(b
3277UCBARPA:eric
3278.)b
3279the rule will match, and the values passed to the RHS will be:
3280.(b
3281.ta 4n
3282$1 UCBARPA
3283$2 eric
3284.)b
3285.pp
3286Additionally, the LHS can include
3287.b $@
3288to match zero tokens.
3289This is
3290.i not
3291bound to a
3292.b $ \c
3293.i n
3294on the RHS, and is normally only used when it stands alone
3295in order to match the null input.
3296.sh 3 "The right hand side"
3297.pp
3298When the left hand side of a rewriting rule matches,
3299the input is deleted and replaced by the right hand side.
3300Tokens are copied directly from the RHS
3301unless they begin with a dollar sign.
3302Metasymbols are:
3303.(b
3304.ta \w'$#mailer\0\0\0'u
3305\fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS
3306\fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP
3307\fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
3308 Generalized keyed mapping function
3309\fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP
3310\fB$#\fP\fImailer\fP Resolve to \fImailer\fP
3311\fB$@\fP\fIhost\fP Specify \fIhost\fP
3312\fB$:\fP\fIuser\fP Specify \fIuser\fP
3313.)b
3314.pp
3315The
3316.b $ \c
3317.i n
3318syntax substitutes the corresponding value from a
3319.b $+ ,
3320.b $\- ,
3321.b $* ,
3322.b $= ,
3323or
3324.b $~
3325match on the LHS.
3326It may be used anywhere.
3327.pp
3328A host name enclosed between
3329.b $[
3330and
3331.b $]
3332is looked up in the host database(s)
3333and replaced by the canonical name\**.
3334.(f
3335\**This is actually
3336completely equivalent
3337to $(host \fIhostname\fP$).
3338In particular, a
3339.b $:
3340default can be used.
3341.)f
3342For example,
3343.q $[ftp$]
3344might become
3345.q ftp.CS.Berkeley.EDU
3346and
3347.q $[[128.32.130.2]$]
3348would become
3349.q vangogh.CS.Berkeley.EDU.
3350.i Sendmail
3351recognizes its numeric IP address
3352without calling the name server
3353and replaces it with its canonical name.
3354.pp
3355The
3356.b $(
3357\&...
3358.b $)
3359syntax is a more general form of lookup;
3360it uses a named map instead of an implicit map.
3361If no lookup is found, the indicated
3362.i default
3363is inserted;
3364if no default is specified and no lookup matches,
3365the value is left unchanged.
3366The
3367.i arguments
3368are passed to the map for possible use.
3369.pp
3370The
3371.b $> \c
3372.i n
3373syntax
3374causes the remainder of the line to be substituted as usual
3375and then passed as the argument to ruleset
3376.i n .
3377The final value of ruleset
3378.i n
3379then becomes
3380the substitution for this rule.
3381The
3382.b $>
3383syntax expands everything after the ruleset name
3384to the end of the replacement string
3385and then passes that as the initial input to the ruleset.
3386Recursive calls are allowed.
3387For example,
3388.(b
3389$>0 $>3 $1
3390.)b
3391expands $1, passes that to ruleset 3, and then passes the result
3392of ruleset 3 to ruleset 0.
3393.pp
3394The
3395.b $#
3396syntax should
3397.i only
3398be used in ruleset zero,
3399a subroutine of ruleset zero,
3400or rulesets that return decisions (e.g., check_rcpt).
3401It causes evaluation of the ruleset to terminate immediately,
3402and signals to
3403.i sendmail
3404that the address has completely resolved.
3405The complete syntax for ruleset 0 is:
3406.(b
3407\fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
3408.)b
3409This specifies the
3410{mailer, host, user}
34113-tuple necessary to direct the mailer.
3412If the mailer is local
3413the host part may be omitted\**.
3414.(f
3415\**You may want to use it for special
3416.q "per user"
3417extensions.
3418For example, in the address
3419.q jgm+foo@CMU.EDU ;
3420the
3421.q +foo
3422part is not part of the user name,
3423and is passed to the local mailer for local use.
3424.)f
3425The
3426.i mailer
3427must be a single word,
3428but the
3429.i host
3430and
3431.i user
3432may be multi-part.
3433If the
3434.i mailer
3435is the builtin IPC mailer,
3436the
3437.i host
3438may be a colon-separated list of hosts
3439that are searched in order for the first working address
3440(exactly like MX records).
3441The
3442.i user
3443is later rewritten by the mailer-specific envelope rewriting set
3444and assigned to the
3445.b $u
3446macro.
3447As a special case, if the mailer specified has the
3448.b F=@
3449flag specified
3450and the first character of the
3451.b $:
3452value is
3453.q @ ,
3454the
3455.q @
3456is stripped off, and a flag is set in the address descriptor
3457that causes sendmail to not do ruleset 5 processing.
3458.pp
3459Normally, a rule that matches is retried,
3460that is,
3461the rule loops until it fails.
3462A RHS may also be preceded by a
3463.b $@
3464or a
3465.b $:
3466to change this behavior.
3467A
3468.b $@
3469prefix causes the ruleset to return with the remainder of the RHS
3470as the value.
3471A
3472.b $:
3473prefix causes the rule to terminate immediately,
3474but the ruleset to continue;
3475this can be used to avoid continued application of a rule.
3476The prefix is stripped before continuing.
3477.pp
3478The
3479.b $@
3480and
3481.b $:
3482prefixes may precede a
3483.b $>
3484spec;
3485for example:
3486.(b
3487.ta 8n
3488R$+ $: $>7 $1
3489.)b
3490matches anything,
3491passes that to ruleset seven,
3492and continues;
3493the
3494.b $:
3495is necessary to avoid an infinite loop.
3496.pp
3497Substitution occurs in the order described,
3498that is,
3499parameters from the LHS are substituted,
3500hostnames are canonicalized,
3501.q subroutines
3502are called,
3503and finally
3504.b $# ,
3505.b $@ ,
3506and
3507.b $:
3508are processed.
3509.sh 3 "Semantics of rewriting rule sets"
3510.pp
3511There are six rewriting sets
3512that have specific semantics.
3513Five of these are related as depicted by figure 1.
3514.(z
3515.hl
3516.ie n \{\
3517.(c
3518 +---+
3519 -->| 0 |-->resolved address
3520 / +---+
3521 / +---+ +---+
3522 / ---->| 1 |-->| S |--
3523 +---+ / +---+ / +---+ +---+ \e +---+
3524addr-->| 3 |-->| D |-- --->| 4 |-->msg
3525 +---+ +---+ \e +---+ +---+ / +---+
3526 --->| 2 |-->| R |--
3527 +---+ +---+
3528.)c
3529
3530.\}
3531.el \{\
3532.ie !"\*(.T"" \{\
3533.PS
3534boxwid = 0.3i
3535boxht = 0.3i
3536movewid = 0.3i
3537moveht = 0.3i
3538linewid = 0.3i
3539lineht = 0.3i
3540
3541 box invis "addr"; arrow
3542Box3: box "3"
3543A1: arrow
3544BoxD: box "D"; line; L1: Here
3545C: [
3546 C1: arrow; box "1"; arrow; box "S"; line; E1: Here
3547 move to C1 down 0.5; right
3548 C2: arrow; box "2"; arrow; box "R"; line; E2: Here
3549 ] with .w at L1 + (0.5, 0)
3550 move to C.e right 0.5
3551L4: arrow; box "4"; arrow; box invis "msg"
3552 line from L1 to C.C1
3553 line from L1 to C.C2
3554 line from C.E1 to L4
3555 line from C.E2 to L4
3556 move to BoxD.n up 0.6; right
3557Box0: arrow; box "0"
3558 arrow; box invis "resolved address" width 1.3
3559 line from 1/3 of the way between A1 and BoxD.w to Box0
3560.PE
3561.\}
3562.el .sp 2i
3563.\}
3564.ce
3565Figure 1 \*- Rewriting set semantics
3566.(c
3567D \*- sender domain addition
3568S \*- mailer-specific sender rewriting
3569R \*- mailer-specific recipient rewriting
3570.)c
3571.hl
3572.)z
3573.pp
3574Ruleset three
3575should turn the address into
3576.q "canonical form."
3577This form should have the basic syntax:
3578.(b
3579local-part@host-domain-spec
3580.)b
3581Ruleset three
3582is applied by
3583.i sendmail
3584before doing anything with any address.
3585.pp
3586If no
3587.q @
3588sign is specified,
3589then the
3590host-domain-spec
3591.i may
3592be appended (box
3593.q D
3594in Figure 1)
3595from the
3596sender address
3597(if the
3598.b C
3599flag is set in the mailer definition
3600corresponding to the
3601.i sending
3602mailer).
3603.pp
3604Ruleset zero
3605is applied after ruleset three
3606to addresses that are going to actually specify recipients.
3607It must resolve to a
3608.i "{mailer, host, address}"
3609triple.
3610The
3611.i mailer
3612must be defined in the mailer definitions
3613from the configuration file.
3614The
3615.i host
3616is defined into the
3617.b $h
3618macro
3619for use in the argv expansion of the specified mailer.
3620.pp
3621Rulesets one and two
3622are applied to all sender and recipient addresses respectively.
3623They are applied before any specification
3624in the mailer definition.
3625They must never resolve.
3626.pp
3627Ruleset four is applied to all addresses
3628in the message.
3629It is typically used
3630to translate internal to external form.
3631.pp
3632In addition,
3633ruleset 5 is applied to all local addresses
3634(specifically, those that resolve to a mailer with the `F=5'
3635flag set)
3636that do not have aliases.
3637This allows a last minute hook for local names.
3638.sh 3 "Ruleset hooks"
3639.pp
3640A few extra rulesets are defined as
3641.q hooks
3642that can be defined to get special features.
3643They are all named rulesets.
3644The
3645.q check_*
3646forms all give accept/reject status;
3647falling off the end or returning normally is an accept,
3648and resolving to
3649.b $#error
3650is a reject.
3651Many of these can also resolve to the special mailer name
3652.b $#discard ;
3653this accepts the message as though it were successful
3654but then discards it without delivery.
3655Note,
3656this mailer can not be chosen as a mailer in ruleset 0.
3657.sh 4 "check_relay"
3658.pp
3659The
3660.i check_relay
3661ruleset is called after a connection is accepted by the daemon.
3662It is not called when sendmail is started using the
3663.b \-bs
3664option.
3665It is passed
3666.(b
3667client.host.name $| client.host.address
3668.)b
3669where
3670.b $|
3671is a metacharacter separating the two parts.
3672This ruleset can reject connections from various locations.
3673.sh 4 "check_mail"
3674.pp
3675The
3676.i check_mail
3677ruleset is passed the user name parameter of the
3678.sm "SMTP MAIL"
3679command.
3680It can accept or reject the address.
3681.sh 4 "check_rcpt"
3682.pp
3683The
3684.i check_rcpt
3685ruleset is passed the user name parameter of the
3686.sm "SMTP RCPT"
3687command.
3688It can accept or reject the address.
3689.sh 4 "check_compat"
3690.pp
3691The
3692.i check_compat
3693ruleset is passed
3694.(b
3695sender-address $| recipient-address
3696.)b
3697where
3698.b $|
3699is a metacharacter separating the addresses.
3700It can accept or reject mail transfer between these two addresses
3701much like the
3702.i checkcompat()
3703function.
3704.sh 4 "check_eoh"
3705.pp
3706The
3707.i check_eoh
3708ruleset is passed
3709.(b
3710number-of-headers $| size-of-headers
3711.)b
3712where
3713.b $|
3714is a metacharacter separating the numbers.
3715These numbers can be used for size comparisons with the
3716.b arith
3717map.
3718The ruleset is triggered after
3719all of the headers have been read.
3720It can be used to correlate information gathered
3721from those headers using the
3722.b macro
3723storage map.
3724One possible use is to check for a missing header.
3725For example:
3726.(b
3727.ta 1.5i
3728Kstorage macro
3729HMessage-Id: $>CheckMessageId
3730
3731SCheckMessageId
3732# Record the presence of the header
3733R$* $: $(storage {MessageIdCheck} $@ OK $) $1
3734R< $+ @ $+ > $@ OK
3735R$* $#error $: 553 Header Error
3736
3737Scheck_eoh
3738# Check the macro
3739R$* $: < $&{MessageIdCheck} >
3740# Clear the macro for the next message
3741R$* $: $(storage {MessageIdCheck} $) $1
3742# Has a Message-Id: header
3743R< $+ > $@ OK
3744# Allow missing Message-Id: from local mail
3745R$* $: < $&{client_name} >
3746R< > $@ OK
3747R< $=w > $@ OK
3748# Otherwise, reject the mail
3749R$* $#error $: 553 Header Error
3750.)b
3751Keep in mind the Message-Id: header is not a required header and
3752is not a guaranteed spam indicator.
3753This ruleset is an example and
3754should probably not be used in production.
3755.sh 4 "check_etrn"
3756.pp
3757The
3758.i check_etrn
3759ruleset is passed the parameter of the
3760.sm "SMTP ETRN"
3761command.
3762It can accept or reject the command.
3763.sh 4 "check_expn"
3764.pp
3765The
3766.i check_expn
3767ruleset is passed the user name parameter of the
3768.sm "SMTP EXPN"
3769command.
3770It can accept or reject the address.
3771.sh 4 "check_vrfy"
3772.pp
3773The
3774.i check_vrfy
3775ruleset is passed the user name parameter of the
3776.sm "SMTP VRFY"
3777command.
3778It can accept or reject the command.
3779.sh 4 "trust_auth"
3780.pp
3781The
3782.i trust_auth
3783ruleset is passed the AUTH= parameter of the
3784.sm "SMTP MAIL"
3785command.
3786It is used to determine whether this value should be
3787trusted. In order to make this decision, the ruleset
3788may make use of the various
3789.b ${auth_*}
3790macros.
3791If the ruleset does resolve to the
3792.q error
3793mailer the AUTH= parameter is not trusted and hence
3794not passed on to the next relay.
3795.sh 4 "tls_client"
3796.pp
3797The
3798.i tls_client
3799ruleset is called when sendmail acts as server, after a STARTTLS command
3800has been issued, and from
3801.i check_mail.
3802The parameter is the value of
3803.b ${verify}
3804and STARTTLS or MAIL, respectively.
3805If the ruleset does resolve to the
3806.q error
3807mailer, the appropriate error code is returned to the client.
3808.sh 4 "tls_server"
3809.pp
3810The
3811.i tls_server
3812ruleset is called when sendmail acts as client after a STARTTLS command
3813(should) have been issued.
3814The parameter is the value of
3815.b ${verify} .
3816If the ruleset does resolve to the
3817.q error
3818mailer, the connection is aborted
3819(treated as non-deliverable with a permanent or temporary error).
3820.sh 3 "IPC mailers"
3821.pp
3822Some special processing occurs
3823if the ruleset zero resolves to an IPC mailer
3824(that is, a mailer that has
3825.q [IPC]
3826listed as the Path in the
3827.b M
3828configuration line.
3829The host name passed after
3830.q $@
3831has MX expansion performed if not delivering via a named socket;
3832this looks the name up in DNS to find alternate delivery sites.
3833.pp
3834The host name can also be provided as a dotted quad in square brackets;
3835for example:
3836.(b
3837[128.32.149.78]
3838.)b
3839This causes direct conversion of the numeric value
3840to an IP host address.
3841.pp
3842The host name passed in after the
3843.q $@
3844may also be a colon-separated list of hosts.
3845Each is separately MX expanded and the results are concatenated
3846to make (essentially) one long MX list.
3847The intent here is to create
3848.q fake
3849MX records that are not published in DNS
3850for private internal networks.
3851.pp
3852As a final special case, the host name can be passed in
3853as a text string
3854in square brackets:
3855.(b
3856[ucbvax.berkeley.edu]
3857.)b
3858This form avoids the MX mapping.
3859.b N.B.:
3860.i
3861This is intended only for situations where you have a network firewall
3862or other host that will do special processing for all your mail,
3863so that your MX record points to a gateway machine;
3864this machine could then do direct delivery to machines
3865within your local domain.
3866Use of this feature directly violates RFC 1123 section 5.3.5:
3867it should not be used lightly.
3868.r
3869.sh 2 "D \*- Define Macro"
3870.pp
3871Macros are named with a single character
3872or with a word in {braces}.
3873The names ``x'' and ``{x}'' denote the same macro
3874for every single character ``x''.
3875Single character names may be selected from the entire ASCII set,
3876but user-defined macros
3877should be selected from the set of upper case letters only.
3878Lower case letters
3879and special symbols
3880are used internally.
3881Long names beginning with a lower case letter or a punctuation character
3882are reserved for use by sendmail,
3883so user-defined long macro names should begin with an upper case letter.
3884.pp
3885The syntax for macro definitions is:
3886.(b F
3887.b D \c
3888.i x\|val
3889.)b
3890where
3891.i x
3892is the name of the macro
3893(which may be a single character
3894or a word in braces)
3895and
3896.i val
3897is the value it should have.
3898There should be no spaces given
3899that do not actually belong in the macro value.
3900.pp
3901Macros are interpolated
3902using the construct
3903.b $ \c
3904.i x ,
3905where
3906.i x
3907is the name of the macro to be interpolated.
3908This interpolation is done when the configuration file is read,
3909except in
3910.b M
3911lines.
3912The special construct
3913.b $& \c
3914.i x
3915can be used in
3916.b R
3917lines to get deferred interpolation.
3918.pp
3919Conditionals can be specified using the syntax:
3920.(b
3921$?x text1 $| text2 $.
3922.)b
3923This interpolates
3924.i text1
3925if the macro
3926.b $x
3927is set and non-null,
3928and
3929.i text2
3930otherwise.
3931The
3932.q else
3933(\c
3934.b $| )
3935clause may be omitted.
3936.pp
3937Lower case macro names are reserved to have
3938special semantics,
3939used to pass information in or out of
3940.i sendmail ,
3941and special characters are reserved to
3942provide conditionals, etc.
3943Upper case names
3944(that is,
3945.b $A
3946through
3947.b $Z )
3948are specifically reserved for configuration file authors.
3949.pp
3950The following macros are defined and/or used internally by
3951.i sendmail
3952for interpolation into argv's for mailers
3953or for other contexts.
3954The ones marked \(dg are information passed into sendmail\**,
3955.(f
3956\**As of version 8.6,
3957all of these macros have reasonable defaults.
3958Previous versions required that they be defined.
3959.)f
3960the ones marked \(dd are information passed both in and out of sendmail,
3961and the unmarked macros are passed out of sendmail
3962but are not otherwise used internally.
3963These macros are:
3964.nr ii 5n
3965.ip $a
3966The origination date in RFC 822 format.
3967This is extracted from the Date: line.
3968.ip $b
3969The current date in RFC 822 format.
3970.ip $c
3971The hop count.
3972This is a count of the number of Received: lines
3973plus the value of the
3974.b \-h
3975command line flag.
3976.ip $d
3977The current date in UNIX (ctime) format.
3978.ip $e\(dg
3979(Obsolete; use SmtpGreetingMessage option instead.)
3980The SMTP entry message.
3981This is printed out when SMTP starts up.
3982The first word must be the
3983.b $j
3984macro as specified by RFC821.
3985Defaults to
3986.q "$j Sendmail $v ready at $b" .
3987Commonly redefined to include the configuration version number, e.g.,
3988.q "$j Sendmail $v/$Z ready at $b"
3989.ip $f
3990The envelope sender (from) address.
3991.ip $g
3992The sender address relative to the recipient.
3993For example, if
3994.b $f
3995is
3996.q foo ,
3997.b $g
3998will be
3999.q host!foo ,
4000.q foo@host.domain ,
4001or whatever is appropriate for the receiving mailer.
4002.ip $h
4003The recipient host.
4004This is set in ruleset 0 from the $@ field of a parsed address.
4005.ip $i
4006The queue id,
4007e.g.,
4008.q HAA12345 .
4009.ip $j\(dd
4010The \*(lqofficial\*(rq domain name for this site.
4011This is fully qualified if the full qualification can be found.
4012It
4013.i must
4014be redefined to be the fully qualified domain name
4015if your system is not configured so that information can find
4016it automatically.
4017.ip $k
4018The UUCP node name (from the uname system call).
4019.ip $l\(dg
4020(Obsolete; use UnixFromLine option instead.)
4021The format of the UNIX from line.
4022Unless you have changed the UNIX mailbox format,
4023you should not change the default,
4024which is
4025.q "From $g $d" .
4026.ip $m
4027The domain part of the \fIgethostname\fP return value.
4028Under normal circumstances,
4029.b $j
4030is equivalent to
4031.b $w.$m .
4032.ip $n\(dg
4033The name of the daemon (for error messages).
4034Defaults to
4035.q MAILER-DAEMON .
4036.ip $o\(dg
4037(Obsolete: use OperatorChars option instead.)
4038The set of \*(lqoperators\*(rq in addresses.
4039A list of characters
4040which will be considered tokens
4041and which will separate tokens
4042when doing parsing.
4043For example, if
4044.q @
4045were in the
4046.b $o
4047macro, then the input
4048.q a@b
4049would be scanned as three tokens:
4050.q a,
4051.q @,
4052and
4053.q b.
4054Defaults to
4055.q ".:@[]" ,
4056which is the minimum set necessary to do RFC 822 parsing;
4057a richer set of operators is
4058.q ".:%@!/[]" ,
4059which adds support for UUCP, the %-hack, and X.400 addresses.
4060.ip $p
4061Sendmail's process id.
4062.ip $q\(dg
4063Default format of sender address.
4064The
4065.b $q
4066macro specifies how an address should appear in a message
4067when it is defaulted.
4068Defaults to
4069.q "<$g>" .
4070It is commonly redefined to be
4071.q "$?x$x <$g>$|$g$."
4072or
4073.q "$g$?x ($x)$." ,
4074corresponding to the following two formats:
4075.(b
4076Eric Allman <eric@CS.Berkeley.EDU>
4077eric@CS.Berkeley.EDU (Eric Allman)
4078.)b
4079.i Sendmail
4080properly quotes names that have special characters
4081if the first form is used.
4082.ip $r
4083Protocol used to receive the message.
4084Set from the
4085.b \-p
4086command line flag or by the SMTP server code.
4087.ip $s
4088Sender's host name.
4089Set from the
4090.b \-p
4091command line flag or by the SMTP server code.
4092.ip $t
4093A numeric representation of the current time.
4094.ip $u
4095The recipient user.
4096.ip $v
4097The version number of the
4098.i sendmail
4099binary.
4100.ip $w\(dd
4101The hostname of this site.
4102This is the root name of this host (but see below for caveats).
4103.ip $x
4104The full name of the sender.
4105.ip $z
4106The home directory of the recipient.
4107.ip $_
4108The validated sender address.
4109.ip ${auth_authen}
4110The client's authentication credentials as determined by authentication
4111(only set if successful).
4112.ip ${auth_author}
4113The authorization identity, i.e. the AUTH= parameter of the
4114.sm "SMTP MAIL"
4115command if supplied.
4116.ip ${auth_type}
4117The mechanism used for authentication
4118(only set if successful).
4119.ip ${auth_ssf}
4120The keylength (in bits) of the symmetric encryption algorithm
4121used for the security layer of a SASL mechanism.
4122.ip ${bodytype}
4123The message body type
4124(7BIT or 8BITMIME),
4125as determined from the envelope.
4126.ip ${cert_issuer}
4127The DN (distinguished name) of the CA (certificate authority)
4128that signed the presented certificate (the cert issuer).
4129.ip ${cert_subject}
4130The DN of the presented certificate (called the cert subject).
4131.ip ${cipher}
4132The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
4133EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
4134.ip ${cipher_bits}
4135The keylength (in bits) of the symmetric encryption algorithm
4136used for a TLS connection.
4137.ip ${client_addr}
4138The IP address of the SMTP client.
4139Defined in the SMTP server only.
4140.ip ${client_name}
4141The host name of the SMTP client.
4142This may be the client's bracketed IP address
4143in the form [ nnn.nnn.nnn.nnn ] if the client's
4144IP address is not resolvable, or if it is resolvable
4145but the IP address of the resolved hostname
4146doesn't match the original IP address.
4147Defined in the SMTP server only.
4148.ip ${client_port}
4149The port number of the SMTP client.
4150Defined in the SMTP server only.
4151.ip ${client_resolve}
4152Holds the result of the resolve call for
4153.b ${client_name}
4154: OK, FAIL, FORGED, TEMP.
4155Defined in the SMTP server only.
4156.ip ${currHeader}
4157Header value as quoted string
4158(possibly truncated to
4159.b MAXNAME ).
4160.ip ${daemon_addr}
4161The IP address the daemon is listening on for connections.
4162Unless
4163.b DaemonPortOptions
4164is set, this will be
4165.q 0.0.0.0 .
4166.ip ${daemon_family}
4167The network family
4168if the daemon is accepting network connections.
4169Possible values include
4170.q inet ,
4171.q inet6 ,
4172.q iso ,
4173.q ns ,
4174.q x.25
4175.ip ${daemon_flags}
4176The flags for the daemon as specified by the
4177Modifier= part of
4178.b DaemonPortOptions
4179whereby the flags are separated from each other by spaces,
4180and upper case flags are doubled.
4181That is,
4182Modifier=Ea
4183will be represented as
4184"EE a" in
4185.b ${daemon_flags} ,
4186which is required for testing the flags in rulesets.
4187.ip ${daemon_info}
4188Some information about a daemon as a text string.
4189For example,
4190.q SMTP+queueing@00:30:00 .
4191.ip ${daemon_name}
4192The name of the daemon from
4193.b DaemonPortOptions
4194Name= suboption.
4195If this suboption is not set,
4196"Daemon#",
4197where # is the daemon number,
4198is used.
4199.ip ${daemon_port}
4200The port the daemon is accepting connection on.
4201Unless
4202.b DaemonPortOptions
4203is set, this will most likely be
4204.q 25 .
4205.ip ${deliveryMode}
4206The current delivery mode sendmail is using.
4207It is initially set to the value of the
4208.b DeliveryMode
4209option.
4210.ip ${envid}
4211The envelope id passed to sendmail as part of the envelope.
4212.ip ${hdrlen}
4213The length of the header value which is stored in
4214${currHeader} (before possible truncation).
4215If this value is greater than or equal
4216.b MAXNAME
4217the header has been truncated.
4218.ip ${hdr_name}
4219The name of the header field for which the current header
4220check ruleset has been called.
4221This is useful for a default header check ruleset to get
4222the name of the header.
4223.ip ${if_addr}
4224The IP address of the interface of an incoming connection
4225unless it is in the loopback net.
4226.ip ${if_family}
4227The IP family of the interface of an incoming connection
4228unless it is in the loopback net.
4229.ip ${if_name}
4230The name of the interface of an incoming connection.
4231This macro can be used for
4232SmtpGreetingMessage and HReceived for virtual hosting.
4233For example:
4234.(b
4235O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
4236.)b
4237.ip ${mail_addr}
4238The address part of the resolved triple of the address given for the
4239.sm "SMTP MAIL"
4240command.
4241Defined in the SMTP server only.
4242.ip ${mail_host}
4243The host from the resolved triple of the address given for the
4244.sm "SMTP MAIL"
4245command.
4246Defined in the SMTP server only.
4247.ip ${mail_mailer}
4248The mailer from the resolved triple of the address given for the
4249.sm "SMTP MAIL"
4250command.
4251Defined in the SMTP server only.
4252.ip ${msg_size}
4253The value of the SIZE= parameter,
4254i.e., usually the size of the message (in an ESMTP dialogue),
4255before the message has been collected, thereafter
4256the message size as computed by
4257.i sendmail
4258(and can be used in check_compat).
4259.ip ${ntries}
4260The number of delivery attempts.
4261.ip ${opMode}
4262The current operation mode (from the
4263.b \-b
4264flag).
4265.ip ${queue_interval}
4266The queue run interval given by the
4267.b \-q
4268flag.
4269For example,
4270.b \-q30m
4271would set
4272.b ${queue_interval}
4273to
4274.q 00:30:00 .
4275.ip ${rcpt_addr}
4276The address part of the resolved triple of the address given for the
4277.sm "SMTP RCPT"
4278command.
4279Defined in the SMTP server only.
4280.ip ${rcpt_host}
4281The host from the resolved triple of the address given for the
4282.sm "SMTP RCPT"
4283command.
4284Defined in the SMTP server only.
4285.ip ${rcpt_mailer}
4286The mailer from the resolved triple of the address given for the
4287.sm "SMTP RCPT"
4288command.
4289Defined in the SMTP server only.
4290.ip ${server_addr}
4291The address of the server of the current outgoing SMTP connection.
4292.ip ${server_name}
4293The name of the server of the current outgoing SMTP connection.
4294.ip ${tls_version}
4295The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2.
4296.ip ${verify}
4297The result of the verification of the presented cert.
4298Possible values are:
4299.(b
4300.ta 9n
4301OK verification succeeded.
4302NO no cert presented.
4303FAIL cert presented but could not be verified,
4304 e.g., the signing CA is missing.
4305NONE STARTTLS has not been performed.
4306TEMP temporary error occurred.
4307PROTOCOL some protocol error occurred.
4308SOFTWARE STARTTLS handshake failed,
4309 which is a fatal error for this session,
4310 the e-mail will be queued.
4311.)b
4312.pp
4313There are three types of dates that can be used.
4314The
4315.b $a
4316and
4317.b $b
4318macros are in RFC 822 format;
4319.b $a
4320is the time as extracted from the
4321.q Date:
4322line of the message
4323(if there was one),
4324and
4325.b $b
4326is the current date and time
4327(used for postmarks).
4328If no
4329.q Date:
4330line is found in the incoming message,
4331.b $a
4332is set to the current time also.
4333The
4334.b $d
4335macro is equivalent to the
4336.b $b
4337macro in UNIX
4338(ctime)
4339format.
4340.pp
4341The macros
4342.b $w ,
4343.b $j ,
4344and
4345.b $m
4346are set to the identity of this host.
4347.i Sendmail
4348tries to find the fully qualified name of the host
4349if at all possible;
4350it does this by calling
4351.i gethostname (2)
4352to get the current hostname
4353and then passing that to
4354.i gethostbyname (3)
4355which is supposed to return the canonical version of that host name.\**
4356.(f
4357\**For example, on some systems
4358.i gethostname
4359might return
4360.q foo
4361which would be mapped to
4362.q foo.bar.com
4363by
4364.i gethostbyname .
4365.)f
4366Assuming this is successful,
4367.b $j
4368is set to the fully qualified name
4369and
4370.b $m
4371is set to the domain part of the name
4372(everything after the first dot).
4373The
4374.b $w
4375macro is set to the first word
4376(everything before the first dot)
4377if you have a level 5 or higher configuration file;
4378otherwise, it is set to the same value as
4379.b $j .
4380If the canonification is not successful,
4381it is imperative that the config file set
4382.b $j
4383to the fully qualified domain name\**.
4384.(f
4385\**Older versions of sendmail didn't pre-define
4386.b $j
4387at all, so up until 8.6,
4388config files
4389.i always
4390had to define
4391.b $j .
4392.)f
4393.pp
4394The
4395.b $f
4396macro is the id of the sender
4397as originally determined;
4398when mailing to a specific host
4399the
4400.b $g
4401macro is set to the address of the sender
4402.ul
4403relative to the recipient.
4404For example,
4405if I send to
4406.q bollard@matisse.CS.Berkeley.EDU
4407from the machine
4408.q vangogh.CS.Berkeley.EDU
4409the
4410.b $f
4411macro will be
4412.q eric
4413and the
4414.b $g
4415macro will be
4416.q eric@vangogh.CS.Berkeley.EDU.
4417.pp
4418The
4419.b $x
4420macro is set to the full name of the sender.
4421This can be determined in several ways.
4422It can be passed as flag to
4423.i sendmail .
4424It can be defined in the
4425.sm NAME
4426environment variable.
4427The third choice is the value of the
4428.q Full-Name:
4429line in the header if it exists,
4430and the fourth choice is the comment field
4431of a
4432.q From:
4433line.
4434If all of these fail,
4435and if the message is being originated locally,
4436the full name is looked up in the
4437.i /etc/passwd
4438file.
4439.pp
4440When sending,
4441the
4442.b $h ,
4443.b $u ,
4444and
4445.b $z
4446macros get set to the host, user, and home directory
4447(if local)
4448of the recipient.
4449The first two are set from the
4450.b $@
4451and
4452.b $:
4453part of the rewriting rules, respectively.
4454.pp
4455The
4456.b $p
4457and
4458.b $t
4459macros are used to create unique strings
4460(e.g., for the
4461.q Message-Id:
4462field).
4463The
4464.b $i
4465macro is set to the queue id on this host;
4466if put into the timestamp line
4467it can be extremely useful for tracking messages.
4468The
4469.b $v
4470macro is set to be the version number of
4471.i sendmail ;
4472this is normally put in timestamps
4473and has been proven extremely useful for debugging.
4474.pp
4475The
4476.b $c
4477field is set to the
4478.q "hop count,"
4479i.e., the number of times this message has been processed.
4480This can be determined
4481by the
4482.b \-h
4483flag on the command line
4484or by counting the timestamps in the message.
4485.pp
4486The
4487.b $r
4488and
4489.b $s
4490fields are set to the protocol used to communicate with
4491.i sendmail
4492and the sending hostname.
4493They can be set together using the
4494.b \-p
4495command line flag or separately using the
4496.b \-M
4497or
4498.b \-oM
4499flags.
4500.pp
4501The
4502.b $_
4503is set to a validated sender host name.
4504If the sender is running an RFC 1413 compliant IDENT server
4505and the receiver has the IDENT protocol turned on,
4506it will include the user name on that host.
4507.pp
4508The
4509.b ${client_name} ,
4510.b ${client_addr} ,
4511and
4512.b ${client_port}
4513macros
4514are set to the name, address, and port number of the SMTP client
4515who is invoking
4516.i sendmail
4517as a server.
4518These can be used in the
4519.i check_*
4520rulesets (using the
4521.b $&
4522deferred evaluation form, of course!).
4523.sh 2 "C and F \*- Define Classes"
4524.pp
4525Classes of phrases may be defined
4526to match on the left hand side of rewriting rules,
4527where a
4528.q phrase
4529is a sequence of characters that does not contain space characters.
4530For example
4531a class of all local names for this site
4532might be created
4533so that attempts to send to oneself
4534can be eliminated.
4535These can either be defined directly in the configuration file
4536or read in from another file.
4537Classes are named as a single letter or a word in {braces}.
4538Class names beginning with lower case letters
4539and special characters are reserved for system use.
4540Classes defined in config files may be given names
4541from the set of upper case letters for short names
4542or beginning with an upper case letter for long names.
4543.pp
4544The syntax is:
4545.(b F
4546.b C \c
4547.i c\|phrase1
4548.i phrase2...
4549.br
4550.b F \c
4551.i c\|file
4552.br
4553.b F \c
4554.i c\||program
4555.)b
4556The first form defines the class
4557.i c
4558to match any of the named words.
4559If
4560.i phrase1
4561or
4562.i phrase2
4563is another class,
4564e.g.,
4565.i $=S ,
4566the contents of class
4567.i S
4568are added to class
4569.i c .
4570It is permissible to split them among multiple lines;
4571for example, the two forms:
4572.(b
4573CHmonet ucbmonet
4574.)b
4575and
4576.(b
4577CHmonet
4578CHucbmonet
4579.)b
4580are equivalent.
4581The ``F'' forms
4582read the elements of the class
4583.i c
4584from the named
4585.i file
4586or
4587.i program .
4588Each element should be listed on a separate line.
4589To specify an optional file, use ``-o'' between the class
4590name and the file name, e.g.,
4591.(b
4592Fc -o /path/to/file
4593.)b
4594If the file can't be used,
4595.i sendmail
4596will not complain but silently ignore it.
4597.pp
4598Elements of classes can be accessed in rules using
4599.b $=
4600or
4601.b $~ .
4602The
4603.b $~
4604(match entries not in class)
4605only matches a single word;
4606multi-word entries in the class are ignored in this context.
4607.pp
4608Some classes have internal meaning to
4609.i sendmail :
4610.nr ii 0.5i
4611.\".ip $=b
4612.\"A set of Content-Types that will not have the newline character
4613.\"translated to CR-LF before encoding into base64 MIME.
4614.\"The class can have major times
4615.\"(e.g.,
4616.\".q image )
4617.\"or full types
4618.\"(such as
4619.\".q application/octet-stream ).
4620.\"The class is initialized with
4621.\".q application/octet-stream ,
4622.\".q image ,
4623.\".q audio ,
4624.\"and
4625.\".q video .
4626.ip $=e
4627contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
4628It is predefined to contain
4629.q 7bit ,
4630.q 8bit ,
4631and
4632.q binary .
4633.ip $=k
4634set to be the same as
4635.b $k ,
4636that is, the UUCP node name.
4637.ip $=m
4638set to the set of domains by which this host is known,
4639initially just
4640.b $m .
4641.ip $=n
4642can be set to the set of MIME body types
4643that can never be eight to seven bit encoded.
4644It defaults to
4645.q multipart/signed .
4646Message types
4647.q message/*
4648and
4649.q multipart/*
4650are never encoded directly.
4651Multipart messages are always handled recursively.
4652The handling of message/* messages
4653are controlled by class
4654.b $=s .
4655.ip $=q
4656A set of Content-Types that will never be encoded as base64
4657(if they have to be encoded, they will be encoded as quoted-printable).
4658It can have primary types
4659(e.g.,
4660.q text )
4661or full types
4662(such as
4663.q text/plain ).
4664The class is initialized to have
4665.q text/plain
4666only.
4667.ip $=s
4668contains the set of subtypes of message that can be treated recursively.
4669By default it contains only
4670.q rfc822 .
4671Other
4672.q message/*
4673types cannot be 8\(->7 bit encoded.
4674If a message containing eight bit data is sent to a seven bit host,
4675and that message cannot be encoded into seven bits,
4676it will be stripped to 7 bits.
4677.ip $=t
4678set to the set of trusted users by the
4679.b T
4680configuration line.
4681If you want to read trusted users from a file, use
4682.b Ft \c
4683.i /file/name .
4684.ip $=w
4685set to be the set of all names
4686this host is known by.
4687This can be used to match local hostnames.
4688.ip $={persistentMacros}
4689set to the macros would should be saved across queue runs.
4690Care should be taken when adding macro names to this class.
4691.pp
4692.i Sendmail
4693can be compiled to allow a
4694.i scanf (3)
4695string on the
4696.b F
4697line.
4698This lets you do simplistic parsing of text files.
4699For example, to read all the user names in your system
4700.i /etc/passwd
4701file into a class, use
4702.(b
4703FL/etc/passwd %[^:]
4704.)b
4705which reads every line up to the first colon.
4706.sh 2 "M \*- Define Mailer"
4707.pp
4708Programs and interfaces to mailers
4709are defined in this line.
4710The format is:
4711.(b F
4712.b M \c
4713.i name ,
4714{\c
4715.i field =\c
4716.i value \|}*
4717.)b
4718where
4719.i name
4720is the name of the mailer
4721(used internally only)
4722and the
4723.q field=name
4724pairs define attributes of the mailer.
4725Fields are:
4726.(b
4727.ta 1i
4728Path The pathname of the mailer
4729Flags Special flags for this mailer
4730Sender Rewriting set(s) for sender addresses
4731Recipient Rewriting set(s) for recipient addresses
4732Argv An argument vector to pass to this mailer
4733Eol The end-of-line string for this mailer
4734Maxsize The maximum message length to this mailer
4735maxmessages The maximum message deliveries per connection
4736Linelimit The maximum line length in the message body
4737Directory The working directory for the mailer
4738Userid The default user and group id to run as
4739Nice The nice(2) increment for the mailer
4740Charset The default character set for 8-bit characters
4741Type Type information for DSN diagnostics
4742Wait The maximum time to wait for the mailer
4743/ The root directory for the mailer
4744.)b
4745Only the first character of the field name is checked.
4746.pp
4747The following flags may be set in the mailer description.
4748Any other flags may be used freely
4749to conditionally assign headers to messages
4750destined for particular mailers.
4751Flags marked with \(dg
4752are not interpreted by the
4753.i sendmail
4754binary;
4755these are the conventionally used to correlate to the flags portion
4756of the
4757.b H
4758line.
4759Flags marked with \(dd
4760apply to the mailers for the sender address
4761rather than the usual recipient mailers.
4762.nr ii 4n
4763.ip a
4764Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870).
4765This flag defaults on if the SMTP greeting message includes the word
4766.q ESMTP .
4767.ip A
4768Look up the user part of the address in the alias database.
4769Normally this is only set for local mailers.
4770.ip b
4771Force a blank line on the end of a message.
4772This is intended to work around some stupid versions of
4773/bin/mail
4774that require a blank line, but do not provide it themselves.
4775It would not normally be used on network mail.
4776.ip c
4777Do not include comments in addresses.
4778This should only be used if you have to work around
4779a remote mailer that gets confused by comments.
4780This strips addresses of the form
4781.q "Phrase <address>"
4782or
4783.q "address (Comment)"
4784down to just
4785.q address .
4786.ip C\(dd
4787If mail is
4788.i received
4789from a mailer with this flag set,
4790any addresses in the header that do not have an at sign
4791(\c
4792.q @ )
4793after being rewritten by ruleset three
4794will have the
4795.q @domain
4796clause from the sender envelope address
4797tacked on.
4798This allows mail with headers of the form:
4799.(b
4800From: usera@hosta
4801To: userb@hostb, userc
4802.)b
4803to be rewritten as:
4804.(b
4805From: usera@hosta
4806To: userb@hostb, userc@hosta
4807.)b
4808automatically.
4809However, it doesn't really work reliably.
4810.ip d
4811Do not include angle brackets around route-address syntax addresses.
4812This is useful on mailers that are going to pass addresses to a shell
4813that might interpret angle brackets as I/O redirection.
4814However, it does not protect against other shell metacharacters.
4815Therefore, passing addresses to a shell should not be considered secure.
4816.ip D\(dg
4817This mailer wants a
4818.q Date:
4819header line.
4820.ip e
4821This mailer is expensive to connect to,
4822so try to avoid connecting normally;
4823any necessary connection will occur during a queue run.
4824See also option
4825.b HoldExpensive .
4826.ip E
4827Escape lines beginning with
4828.q From\0
4829in the message with a `>' sign.
4830.ip f
4831The mailer wants a
4832.b \-f
4833.i from
4834flag,
4835but only if this is a network forward operation
4836(i.e.,
4837the mailer will give an error
4838if the executing user
4839does not have special permissions).
4840.ip F\(dg
4841This mailer wants a
4842.q From:
4843header line.
4844.ip g
4845Normally,
4846.i sendmail
4847sends internally generated email (e.g., error messages)
4848using the null return address
4849as required by RFC 1123.
4850However, some mailers don't accept a null return address.
4851If necessary,
4852you can set the
4853.b g
4854flag to prevent
4855.i sendmail
4856from obeying the standards;
4857error messages will be sent as from the MAILER-DAEMON
4858(actually, the value of the
4859.b $n
4860macro).
4861.ip h
4862Upper case should be preserved in host names
4863(the $@ portion of the mailer triplet resolved from ruleset 0)
4864for this mailer.
4865.ip i
4866Do User Database rewriting on envelope sender address.
4867.ip I
4868This mailer will be speaking SMTP
4869to another
4870.i sendmail
4871\*-
4872as such it can use special protocol features.
4873This option is not required
4874(i.e.,
4875if this option is omitted the transmission will still operate successfully,
4876although perhaps not as efficiently as possible).
4877.ip j
4878Do User Database rewriting on recipients as well as senders.
4879.ip k
4880Normally when
4881.i sendmail
4882connects to a host via SMTP,
4883it checks to make sure that this isn't accidently the same host name
4884as might happen if
4885.i sendmail
4886is misconfigured or if a long-haul network interface is set in loopback mode.
4887This flag disables the loopback check.
4888It should only be used under very unusual circumstances.
4889.ip K
4890Currently unimplemented.
4891Reserved for chunking.
4892.ip l
4893This mailer is local
4894(i.e.,
4895final delivery will be performed).
4896.ip L
4897Limit the line lengths as specified in RFC821.
4898This deprecated option should be replaced by the
4899.b L=
4900mail declaration.
4901For historic reasons, the
4902.b L
4903flag also sets the
4904.b 7
4905flag.
4906.ip m
4907This mailer can send to multiple users
4908on the same host
4909in one transaction.
4910When a
4911.b $u
4912macro occurs in the
4913.i argv
4914part of the mailer definition,
4915that field will be repeated as necessary
4916for all qualifying users.
4917Removing this flag can defeat duplicate supression on a remote site
4918as each recipient is sent in a separate transaction.
4919.ip M\(dg
4920This mailer wants a
4921.q Message-Id:
4922header line.
4923.ip n
4924Do not insert a UNIX-style
4925.q From
4926line on the front of the message.
4927.ip o
4928Always run as the owner of the recipient mailbox.
4929Normally
4930.i sendmail
4931runs as the sender for locally generated mail
4932or as
4933.q daemon
4934(actually, the user specified in the
4935.b u
4936option)
4937when delivering network mail.
4938The normal behavior is required by most local mailers,
4939which will not allow the envelope sender address
4940to be set unless the mailer is running as daemon.
4941This flag is ignored if the
4942.b S
4943flag is set.
4944.ip p
4945Use the route-addr style reverse-path in the SMTP
4946.q "MAIL FROM:"
4947command
4948rather than just the return address;
4949although this is required in RFC821 section 3.1,
4950many hosts do not process reverse-paths properly.
4951Reverse-paths are officially discouraged by RFC 1123.
4952.ip P\(dg
4953This mailer wants a
4954.q Return-Path:
4955line.
4956.ip q
4957When an address that resolves to this mailer is verified
4958(SMTP VRFY command),
4959generate 250 responses instead of 252 responses.
4960This will imply that the address is local.
4961.ip r
4962Same as
4963.b f ,
4964but sends a
4965.b \-r
4966flag.
4967.ip R
4968Open SMTP connections from a
4969.q secure
4970port.
4971Secure ports aren't
4972(secure, that is)
4973except on UNIX machines,
4974so it is unclear that this adds anything.
4975.ip s
4976Strip quote characters (" and \e) off of the address
4977before calling the mailer.
4978.ip S
4979Don't reset the userid
4980before calling the mailer.
4981This would be used in a secure environment
4982where
4983.i sendmail
4984ran as root.
4985This could be used to avoid forged addresses.
4986If the
4987.b U=
4988field is also specified,
4989this flag causes the effective user id to be set to that user.
4990.ip u
4991Upper case should be preserved in user names
4992for this mailer.
4993Standards require preservation of case in the local part of addresses,
4994except for those address for which your system accepts responsibility.
4995.ip U
4996This mailer wants UUCP-style
4997.q From
4998lines with the ugly
4999.q "remote from <host>"
5000on the end.
5001.ip w
5002The user must have a valid account on this machine,
5003i.e.,
5004getpwnam
5005must succeed.
5006If not,
5007the mail is bounced.
5008This is required to get
5009.q \&.forward
5010capability.
5011.ip x\(dg
5012This mailer wants a
5013.q Full-Name:
5014header line.
5015.ip X
5016This mailer want to use the hidden dot algorithm
5017as specified in RFC821;
5018basically,
5019any line beginning with a dot
5020will have an extra dot prepended
5021(to be stripped at the other end).
5022This insures that lines in the message containing a dot
5023will not terminate the message prematurely.
5024.ip z
5025Run Local Mail Transfer Protocol (LMTP)
5026between
5027.i sendmail
5028and the local mailer.
5029This is a variant on SMTP
5030defined in RFC 2033
5031that is specifically designed for delivery to a local mailbox.
5032.ip 0
5033Don't look up MX records for hosts sent via SMTP.
5034.ip 3
5035Extend the list of characters converted to =XX notation
5036when converting to Quoted-Printable
5037to include those that don't map cleanly between ASCII and EBCDIC.
5038Useful if you have IBM mainframes on site.
5039.ip 5
5040If no aliases are found for this address,
5041pass the address through ruleset 5 for possible alternate resolution.
5042This is intended to forward the mail to an alternate delivery spot.
5043.ip 6
5044Strip headers to seven bits.
5045.ip 7
5046Strip all output to seven bits.
5047This is the default if the
5048.b L
5049flag is set.
5050Note that clearing this option is not
5051sufficient to get full eight bit data passed through
5052.i sendmail .
5053If the
5054.b 7
5055option is set, this is essentially always set,
5056since the eighth bit was stripped on input.
5057Note that this option will only impact messages
5058that didn't have 8\(->7 bit MIME conversions performed.
5059.ip 8
5060If set,
5061it is acceptable to send eight bit data to this mailer;
5062the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
5063.ip 9
5064If set,
5065do
5066.i limited
50677\(->8 bit MIME conversions.
5068These conversions are limited to text/plain data.
5069.ip :
5070Check addresses to see if they begin
5071.q :include: ;
5072if they do, convert them to the
5073.q *include*
5074mailer.
5075.ip |
5076Check addresses to see if they begin with a `|';
5077if they do, convert them to the
5078.q prog
5079mailer.
5080.ip /
5081Check addresses to see if they begin with a `/';
5082if they do, convert them to the
5083.q *file*
5084mailer.
5085.ip @
5086Look up addresses in the user database.
5087.ip %
5088Do not attempt delivery on initial recipient of a message
5089or on queue runs
5090unless the queued message is selected
5091using one of the -qI/-qR/-qS queue run modifiers
5092or an ETRN request.
5093.pp
5094Configuration files prior to level 6
5095assume the `A', `w', `5', `:', `|', `/', and `@' options
5096on the mailer named
5097.q local .
5098.pp
5099The mailer with the special name
5100.q error
5101can be used to generate a user error.
5102The (optional) host field is an exit status to be returned,
5103and the user field is a message to be printed.
5104The exit status may be numeric or one of the values
5105USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
5106to return the corresponding EX_ exit code,
5107or an enhanced error code as described in RFC 1893,
5108.ul
5109Enhanced Mail System Status Codes.
5110For example, the entry:
5111.(b
5112$#error $@ NOHOST $: Host unknown in this domain
5113.)b
5114on the RHS of a rule
5115will cause the specified error to be generated
5116and the
5117.q "Host unknown"
5118exit status to be returned
5119if the LHS matches.
5120This mailer is only functional in rulesets 0, 5,
5121or one of the check_* rulesets.
5122.pp
5123The mailer with the special name
5124.q discard
5125causes any mail sent to it to be discarded
5126but otherwise treated as though it were successfully delivered.
5127This mailer can not be used in ruleset 0,
5128only in the various address checking rulesets.
5129.pp
5130The mailer named
5131.q local
5132.i must
5133be defined in every configuration file.
5134This is used to deliver local mail,
5135and is treated specially in several ways.
5136Additionally, three other mailers named
5137.q prog ,
5138.q *file* ,
5139and
5140.q *include*
5141may be defined to tune the delivery of messages to programs,
5142files,
5143and :include: lists respectively.
5144They default to:
5145.(b
5146Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
5147M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
5148M*include*, P=/dev/null, F=su, A=INCLUDE $u
5149.)b
5150.pp
5151The Sender and Recipient rewriting sets
5152may either be a simple ruleset id
5153or may be two ids separated by a slash;
5154if so, the first rewriting set is applied to envelope
5155addresses
5156and the second is applied to headers.
5157Setting any value zero disables corresponding mailer-specific rewriting.
5158.pp
5159The Directory
5160is actually a colon-separated path of directories to try.
5161For example, the definition
5162.q D=$z:/
5163first tries to execute in the recipient's home directory;
5164if that is not available,
5165it tries to execute in the root of the filesystem.
5166This is intended to be used only on the
5167.q prog
5168mailer,
5169since some shells (such as
5170.i csh )
5171refuse to execute if they cannot read the home directory.
5172Since the queue directory is not normally readable by unprivileged users
5173.i csh
5174scripts as recipients can fail.
5175.pp
5176The Userid
5177specifies the default user and group id to run as,
5178overriding the
5179.b DefaultUser
5180option (q.v.).
5181If the
5182.b S
5183mailer flag is also specified,
5184this user and group will be set as the
5185effective uid and gid for the process.
5186This may be given as
5187.i user:group
5188to set both the user and group id;
5189either may be an integer or a symbolic name to be looked up
5190in the
5191.i passwd
5192and
5193.i group
5194files respectively.
5195If only a symbolic user name is specified,
5196the group id in the
5197.i passwd
5198file for that user is used as the group id.
5199.pp
5200The Charset field
5201is used when converting a message to MIME;
5202this is the character set used in the
5203Content-Type: header.
5204If this is not set, the
5205.b DefaultCharset
5206option is used,
5207and if that is not set, the value
5208.q unknown-8bit
5209is used.
5210.b WARNING:
5211this field applies to the sender's mailer,
5212not the recipient's mailer.
5213For example, if the envelope sender address
5214lists an address on the local network
5215and the recipient is on an external network,
5216the character set will be set from the Charset= field
5217for the local network mailer,
5218not that of the external network mailer.
5219.pp
5220The Type= field
5221sets the type information
5222used in MIME error messages
5223as defined by
5224RFC 1894.
5225It is actually three values separated by slashes:
5226the MTA-type (that is, the description of how hosts are named),
5227the address type (the description of e-mail addresses),
5228and the diagnostic type (the description of error diagnostic codes).
5229Each of these must be a registered value
5230or begin with
5231.q X\- .
5232The default is
5233.q dns/rfc822/smtp .
5234.pp
5235The m= field specifies the maximum number of messages to attempt to deliver
5236on a single SMTP or LMTP connection.
5237.pp
5238The /= field specifies a new root directory for the mailer. The path is
5239macro expanded and then passed to the
5240.q chroot
5241system call. The root directory is changed before the Directory field is
5242consulted or the uid is changed.
5243.pp
5244The Wait= field specifies the maximum time to wait for the
5245mailer to return after sending all data to it.
5246This applies to mailers that have been forked by
5247.i sendmail .
5248.sh 2 "H \*- Define Header"
5249.pp
5250The format of the header lines that
5251.i sendmail
5252inserts into the message
5253are defined by the
5254.b H
5255line.
5256The syntax of this line is one of the following:
5257.(b F
5258.b H \c
5259.i hname \c
5260.b :
5261.i htemplate
5262.)b
5263.(b F
5264.b H [\c
5265.b ? \c
5266.i mflags \c
5267.b ? \c
5268.b ]\c
5269.i hname \c
5270.b :
5271.i htemplate
5272.)b
5273.(b F
5274.b H [\c
5275.b ? \c
5276.i ${macro} \c
5277.b ? \c
5278.b ]\c
5279.i hname \c
5280.b :
5281.i htemplate
5282.)b
5283Continuation lines in this spec
5284are reflected directly into the outgoing message.
5285The
5286.i htemplate
5287is macro-expanded before insertion into the message.
5288If the
5289.i mflags
5290(surrounded by question marks)
5291are specified,
5292at least one of the specified flags
5293must be stated in the mailer definition
5294for this header to be automatically output.
5295If a
5296.i ${macro}
5297(surrounded by question marks)
5298is specified,
5299the header will be automatically output
5300if the macro is set.
5301The macro may be set using any of the normal methods,
5302including using the
5303.b macro
5304storage map in a ruleset.
5305If one of these headers is in the input
5306it is reflected to the output
5307regardless of these flags or macros.
5308.pp
5309Some headers have special semantics
5310that will be described later.
5311.pp
5312A secondary syntax allows validation of headers as they are being read.
5313To enable validation, use:
5314.(b
5315.b H \c
5316.i Header \c
5317.b ": $>" \c
5318.i Ruleset
5319.b H \c
5320.i Header \c
5321.b ": $>+" \c
5322.i Ruleset
5323.)b
5324The indicated
5325.i Ruleset
5326is called for the specified
5327.i Header ,
5328and can return
5329.b $#error
5330to reject the message or
5331.b $#discard
5332to discard the message
5333(as with the other
5334.b check_ *
5335rulesets).
5336The ruleset receives the header field-body as argument,
5337i.e., not the header field-name; see also
5338${hdr_name} and ${currHeader}.
5339The header is treated as a structured field,
5340that is,
5341text in parentheses is deleted before processing,
5342unless the second form
5343.b $>+
5344is used.
5345Note: only one ruleset can be associated with a header;
5346.i sendmail
5347will silently ignore multiple entries.
5348.pp
5349For example, the configuration lines:
5350.(b
5351HMessage-Id: $>CheckMessageId
5352
5353SCheckMessageId
5354R< $+ @ $+ > $@ OK
5355R$* $#error $: Illegal Message-Id header
5356.)b
5357would refuse any message that had a Message-Id: header of any of the
5358following forms:
5359.(b
5360Message-Id: <>
5361Message-Id: some text
5362Message-Id: <legal text@domain> extra crud
5363.)b
5364A default ruleset that is called for headers which don't have a
5365specific ruleset defined for them can be specified by:
5366.(b
5367.b H \c
5368.i * \c
5369.b ": $>" \c
5370.i Ruleset
5371.)b
5372or
5373.(b
5374.b H \c
5375.i * \c
5376.b ": $>+" \c
5377.i Ruleset
5378.)b
5379.sh 2 "O \*- Set Option"
5380.pp
5381There are a number of
5382global
5383options that
5384can be set from a configuration file.
5385Options are represented by full words;
5386some are also representable as single characters
5387for back compatibility.
5388The syntax of this line is:
5389.(b F
5390.b O \0
5391.i option \c
5392.b = \c
5393.i value
5394.)b
5395This sets option
5396.i option
5397to be
5398.i value .
5399Note that there
5400.i must
5401be a space between the letter `O' and the name of the option.
5402An older version is:
5403.(b F
5404.b O \c
5405.i o\|value
5406.)b
5407where the option
5408.i o
5409is a single character.
5410Depending on the option,
5411.i value
5412may be a string, an integer,
5413a boolean
5414(with legal values
5415.q t ,
5416.q T ,
5417.q f ,
5418or
5419.q F ;
5420the default is TRUE),
5421or
5422a time interval.
5423.pp
5424The options supported (with the old, one character names in brackets) are:
5425.nr ii 1i
5426.ip "AliasFile=\fIspec, spec, ...\fP"
5427[A]
5428Specify possible alias file(s).
5429Each
5430.i spec
5431should be in the format
5432``\c
5433.i class \c
5434.b :
5435.i info ''
5436where
5437.i class \c
5438.b :
5439is optional and defaults to ``implicit''.
5440Depending on how
5441.i sendmail
5442is compiled, valid classes are
5443.q implicit
5444(search through a compiled-in list of alias file types,
5445for back compatibility),
5446.q hash
5447(if
5448.sm NEWDB
5449is specified),
5450.q btree
5451(if
5452.sm NEWDB
5453is specified),
5454.q dbm
5455(if
5456.sm NDBM
5457is specified),
5458.q stab
5459(internal symbol table \*- not normally used
5460unless you have no other database lookup),
5461.q sequence
5462(use a sequence of maps
5463previously declared),
5464.q ldap
5465(if
5466.sm LDAPMAP
5467is specified),
5468or
5469.q nis
5470(if
5471.sm NIS
5472is specified).
5473If a list of
5474.i spec s
5475are provided,
5476.i sendmail
5477searches them in order.
5478.ip AliasWait=\fItimeout\fP
5479[a]
5480If set,
5481wait up to
5482.i timeout
5483(units default to minutes)
5484for an
5485.q @:@
5486entry to exist in the alias database
5487before starting up.
5488If it does not appear in the
5489.i timeout
5490interval
5491rebuild the database
5492(if the
5493.b AutoRebuildAliases
5494option is also set)
5495or issue a warning.
5496.ip AllowBogusHELO
5497[no short name]
5498If set, allow HELO SMTP commands that don't include a host name.
5499Setting this violates RFC 1123 section 5.2.5,
5500but is necessary to interoperate with several SMTP clients.
5501If there is a value, it is still checked for legitimacy.
5502.ip AuthMechanisms
5503[no short name]
5504List of authentication mechanisms for AUTH (separated by spaces).
5505The advertised list of authentication mechanisms will be the
5506intersection of this list and the list of available mechanisms as
5507determined by the Cyrus SASL library.
5508.ip AuthOptions
5509[no short name]
5510When to use the AUTH= parameter for the MAIL FROM command;
5511.(b
5512.ta 1i
5513A Only when authentication succeeded.
5514.)b
5515The default is to try whenever SMTP AUTH is available.
5516.ip AutoRebuildAliases
5517[D]
5518If set,
5519rebuild the alias database if necessary and possible.
5520The rebuild will happen the next time an alias is looked up.
5521If this option is not set,
5522.i sendmail
5523will never rebuild the alias database
5524unless explicitly requested
5525using
5526.b \-bi .
5527.b NOTE :
5528There is a potential for a denial of service attack if this is set.
5529This option is deprecated and
5530will be removed from a future version.
5531.ip BlankSub=\fIc\fP
5532[B]
5533Set the blank substitution character to
5534.i c .
5535Unquoted spaces in addresses are replaced by this character.
5536Defaults to space (i.e., no change is made).
5537.ip CACERTPath
5538[no short name]
5539Path to directory with certificates of CAs.
5540This directory directory must contain the hashes of each CA certificate
5541as filenames (or as links to them).
5542.ip CACERTFile
5543[no short name]
5544File containing one CA certificate.
5545.ip CheckAliases
5546[n]
5547Validate the RHS of aliases when rebuilding the alias database.
5548.ip CheckpointInterval=\fIN\fP
5549[C]
5550Checkpoints the queue every
5551.i N
5552(default 10)
5553addresses sent.
5554If your system crashes during delivery to a large list,
5555this prevents retransmission to any but the last
5556.i N
5557recipients.
5558.ip ClassFactor=\fIfact\fP
5559[z]
5560The indicated
5561.i fact or
5562is multiplied by the message class
5563(determined by the Precedence: field in the user header
5564and the
5565.b P
5566lines in the configuration file)
5567and subtracted from the priority.
5568Thus, messages with a higher Priority: will be favored.
5569Defaults to 1800.
5570.ip ClientCertFile
5571[no short name]
5572File containing the certificate of the client, i.e., this certificate
5573is used when sendmail acts as client.
5574.ip ClientPortOptions=\fIoptions\fP
5575[O]
5576Set client SMTP options.
5577The options are
5578.i key=value
5579pairs separated by commas.
5580Known keys are:
5581.(b
5582.ta 1i
5583Port Name/number of source port for connection (defaults to any free port)
5584Addr Address mask (defaults INADDR_ANY)
5585Family Address family (defaults to INET)
5586SndBufSize Size of TCP send buffer
5587RcvBufSize Size of TCP receive buffer
5588Modifier Options (flags) for the daemon
5589.)b
5590The
5591.i Addr ess
5592mask may be a numeric address in dot notation
5593or a network name.
5594.i Modifier
5595can be the following character:
5596.(b
5597.ta 1i
5598h use name of interface for HELO command
5599.)b
5600If ``h'' is set, the name corresponding to the outgoing interface
5601address (whether chosen via the Connection parameter or
5602the default) is used for the HELO/EHLO command.
5603.ip ClientKeyFile
5604[no short name]
5605File containing the private key belonging to the client certificate.
5606.ip ColonOkInAddr
5607[no short name]
5608If set, colons are acceptable in e-mail addresses
5609(e.g.,
5610.q host:user ).
5611If not set, colons indicate the beginning of a RFC 822 group construct
5612(\c
5613.q "groupname: member1, member2, ... memberN;" ).
5614Doubled colons are always acceptable
5615(\c
5616.q nodename::user )
5617and proper route-addr nesting is understood
5618(\c
5619.q <@relay:user@host> ).
5620Furthermore, this option defaults on if the configuration version level
5621is less than 6 (for back compatibility).
5622However, it must be off for full compatibility with RFC 822.
5623.ip ConnectionCacheSize=\fIN\fP
5624[k]
5625The maximum number of open connections that will be cached at a time.
5626The default is one.
5627This delays closing the current connection until
5628either this invocation of
5629.i sendmail
5630needs to connect to another host
5631or it terminates.
5632Setting it to zero defaults to the old behavior,
5633that is, connections are closed immediately.
5634Since this consumes file descriptors,
5635the connection cache should be kept small:
56364 is probably a practical maximum.
5637.ip ConnectionCacheTimeout=\fItimeout\fP
5638[K]
5639The maximum amount of time a cached connection will be permitted to idle
5640without activity.
5641If this time is exceeded,
5642the connection is immediately closed.
5643This value should be small (on the order of ten minutes).
5644Before
5645.i sendmail
5646uses a cached connection,
5647it always sends a RSET command
5648to check the connection;
5649if this fails, it reopens the connection.
5650This keeps your end from failing if the other end times out.
5651The point of this option is to be a good network neighbor
5652and avoid using up excessive resources
5653on the other end.
5654The default is five minutes.
5655.ip ConnectOnlyTo=\fIaddress\fP
5656[no short name]
5657This can be used to
5658override the connection address (for testing purposes).
5659.ip ConnectionRateThrottle=\fIN\fP
5660[no short name]
5661If set to a positive value,
5662allow no more than
5663.i N
5664incoming daemon connections in a one second period.
5665This is intended to flatten out peaks
5666and allow the load average checking to cut in.
5667Defaults to zero (no limits).
5668.ip ControlSocketName=\fIname\fP
5669[no short name]
5670Name of the control socket for daemon management.
5671A running
5672.i sendmail
5673daemon can be controlled through this named socket.
5674Available commands are:
5675.i help,
5676.i restart,
5677.i shutdown,
5678and
5679.i status.
5680The
5681.i status
5682command returns the current number of daemon children,
5683the maximum number of daemon children,
5684the free disk space (in blocks) of the queue directory,
5685and the load average of the machine expressed as an integer.
5686If not set, no control socket will be available.
5687Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
5688.ip DHParameters
5689File with DH parameters for STARTTLS.
5690This is only required if DSA/DH is used.
5691.ip DaemonPortOptions=\fIoptions\fP
5692[O]
5693Set server SMTP options.
5694Each instance of DaemonPortOptions leads to an additional incoming socket.
5695The options are
5696.i key=value
5697pairs.
5698Known keys are:
5699.(b
5700.ta 1i
5701Name User-definable name for the daemon (defaults to "Daemon#")
5702Port Name/number of listening port (defaults to "smtp")
5703Addr Address mask (defaults INADDR_ANY)
5704Family Address family (defaults to INET)
5705Listen Size of listen queue (defaults to 10)
5706Modifier Options (flags) for the daemon
5707SndBufSize Size of TCP send buffer
5708RcvBufSize Size of TCP receive buffer
5709.)b
5710The
5711.i Name
5712field is used for error messages and logging.
5713The
5714.i Addr ess
5715mask may be a numeric address in dot notation
5716or a network name.
5717The
5718.i Family
5719key defaults to INET (IPv4).
5720IPv6 users who wish to also accept IPv6 connections
5721should add additional Family=inet6 DaemonPortOptions lines.
5722.i Modifier
5723can be a sequence (without any delimiters)
5724of the following characters:
5725.(b
5726.ta 1i
5727a always require authentication
5728b bind to interface through which mail has been received
5729c perform hostname canonification (.cf)
5730f require fully qualified hostname (.cf)
5731u allow unqualified addresses (.cf)
5732C don't perform hostname canonification
5733E disallow ETRN (see RFC 2476)
5734.)b
5735That is, one way to specify a message submission agent (MSA) that
5736always requires authentication is:
5737.(b
5738O DaemonPortOptions=Name=MSA, Port=587, M=Ea
5739.)b
5740The modifiers that are marked with "(.cf)" have only
5741effect in the standard configuration file, in which
5742they are available via
5743.b ${daemon_flags} .
5744Notice: Do
5745.b not
5746use the ``a'' modifier on a public accessible MTA!
5747It should only be used for a MSA that is accessed by authorized
5748users for initial mail submission.
5749Users must authenticate to use a MSA which has this option turned on.
5750The flags ``c'' and ``C'' can change the default for
5751hostname canonification in the
5752.i sendmail.cf
5753file.
5754See the relevant documentation for
5755.sm FEATURE(nocanonify) .
5756The modifier ``f'' disallows addresses of the form
5757.b user@host
5758unless they are submitted directly.
5759The flag ``u'' allows unqualified sender addresses.
5760``b'' forces sendmail to bind to the interface
5761through which the e-mail has been
5762received for the outgoing connection.
5763.b WARNING:
5764Use ``b''
5765only if outgoing mail can be routed through the incoming connection's
5766interface to its destination. No attempt is made to catch problems due to a
5767misconfiguration of this parameter, use it only for virtual hosting
5768where each virtual interface can connect to every possible location.
5769This will also override possible settings via
5770.b ClientPortOptions.
5771Note,
5772.i sendmail
5773will listen on a new socket
5774for each occurence of the DaemonPortOptions option
5775in a configuration file.
5776.ip DefaultAuthInfo
5777[no short name]
5778Filename that contains default authentication information for outgoing
5779connections. This file must contain the user id, the authorization id,
5780the password (plain text), and the realm to use
5781on separate lines and must be readable by
5782root (or the trusted user) only.
5783If no realm is specified,
5784.b $j
5785is used.
5786.ip DefaultCharSet=\fIcharset\fP
5787[no short name]
5788When a message that has 8-bit characters but is not in MIME format
5789is converted to MIME
5790(see the EightBitMode option)
5791a character set must be included in the Content-Type: header.
5792This character set is normally set from the Charset= field
5793of the mailer descriptor.
5794If that is not set, the value of this option is used.
5795If this option is not set, the value
5796.q unknown-8bit
5797is used.
5798.ip DataFileBufferSize=\fIthreshold\fP
5799[no short name]
5800Set the
5801.i threshold ,
5802in bytes,
5803before a memory-based
5804queue data file
5805becomes disk-based.
5806The default is 4096 bytes.
5807.ip DeadLetterDrop=\fIfile\fP
5808[no short name]
5809Defines the location of the system-wide dead.letter file,
5810formerly hardcoded to /usr/tmp/dead.letter.
5811If this option is not set (the default),
5812sendmail will not attempt to save to a system-wide dead.letter file
5813in the event
5814it can not bounce the mail to the user or postmaster.
5815Instead, it will rename the qf file
5816as it has in the past
5817when the dead.letter file could not be opened.
5818.ip DefaultUser=\fIuser:group\fP
5819[u]
5820Set the default userid for mailers to
5821.i user:group .
5822If
5823.i group
5824is omitted and
5825.i user
5826is a user name
5827(as opposed to a numeric user id)
5828the default group listed in the /etc/passwd file for that user is used
5829as the default group.
5830Both
5831.i user
5832and
5833.i group
5834may be numeric.
5835Mailers without the
5836.i S
5837flag in the mailer definition
5838will run as this user.
5839Defaults to 1:1.
5840The value can also be given as a symbolic user name.\**
5841.(f
5842\**The old
5843.b g
5844option has been combined into the
5845.b DefaultUser
5846option.
5847.)f
5848.ip DeliveryMode=\fIx\fP
5849[d]
5850Deliver in mode
5851.i x .
5852Legal modes are:
5853.(b
5854.ta 4n
5855i Deliver interactively (synchronously)
5856b Deliver in background (asynchronously)
5857q Just queue the message (deliver during queue run)
5858d Defer delivery and all map lookups (deliver during queue run)
5859.)b
5860Defaults to ``b'' if no option is specified,
5861``i'' if it is specified but given no argument
5862(i.e., ``Od'' is equivalent to ``Odi'').
5863The
5864.b \-v
5865command line flag sets this to
5866.b i .
5867.ip DialDelay=\fIsleeptime\fP
5868[no short name]
5869Dial-on-demand network connections can see timeouts
5870if a connection is opened before the call is set up.
5871If this is set to an interval and a connection times out
5872on the first connection being attempted
5873.i sendmail
5874will sleep for this amount of time and try again.
5875This should give your system time to establish the connection
5876to your service provider.
5877Units default to seconds, so
5878.q DialDelay=5
5879uses a five second delay.
5880Defaults to zero
5881(no retry).
5882.ip DontBlameSendmail=\fIoption,option,...\fP
5883[no short name]
5884In order to avoid possible cracking attempts
5885caused by world- and group-writable files and directories,
5886.i sendmail
5887does paranoid checking when opening most of its support files.
5888If for some reason you absolutely must run with,
5889for example,
5890a group-writable
5891.i /etc
5892directory,
5893then you will have to turn off this checking
5894(at the cost of making your system more vulnerable to attack).
5895The arguments are individual options that turn off checking:
5896.(b
5897Safe
5898AssumeSafeChown
5899ClassFileInUnsafeDirPath
5900DontWarnForwardFileInUnsafeDirPath
5901ErrorHeaderInUnsafeDirPath
5902FileDeliveryToHardLink
5903FileDeliveryToSymLink
5904ForwardFileInUnsafeDirPath
5905ForwardFileInUnsafeDirPathSafe
5906ForwardFileIngroupWritableDirPath
5907GroupWritableAliasFile
5908GroupWritableDirPathSafe
5909GroupWritableForwardFileSafe
5910GroupWritableIncludeFileSafe
5911HelpFileinUnsafeDirPath
5912IncludeFileInUnsafeDirPath
5913IncludeFileInUnsafeDirPathSafe
5914IncludeFileIngroupWritableDirPath
5915InsufficientEntropy
5916LinkedAliasFileInWritableDir
5917LinkedClassFileInWritableDir
5918LinkedForwardFileInWritableDir
5919LinkedIncludeFileInWritableDir
5920LinkedMapInWritableDir
5921LinkedServiceSwitchFileInWritableDir
5922MapInUnsafeDirPath
5923NonRootSafeAddr
5924RunProgramInUnsafeDirPath
5925RunWritableProgram
5926TrustStickyBit
5927WorldWritableAliasFile
5928WriteMapToHardLink
5929WriteMapToSymLink
5930WriteStatsToHardLink
5931WriteStatsToSymLink
5932.)b
5933.b Safe
5934is the default.
5935The details of these flags are described above.
5936.\"XXX should have more here!!! XXX
5937.b "Use of this option is not recommended."
5938.ip DontExpandCnames
5939[no short name]
5940The standards say that all host addresses used in a mail message
5941must be fully canonical.
5942For example, if your host is named
5943.q Cruft.Foo.ORG
5944and also has an alias of
5945.q FTP.Foo.ORG ,
5946the former name must be used at all times.
5947This is enforced during host name canonification
5948($[ ... $] lookups).
5949If this option is set, the protocols are ignored and the
5950.q wrong
5951thing is done.
5952However, the IETF is moving toward changing this standard,
5953so the behavior may become acceptable.
5954Please note that hosts downstream may still rewrite the address
5955to be the true canonical name however.
5956.ip DontInitGroups
5957[no short name]
5958If set,
5959.i sendmail
5960will avoid using the initgroups(3) call.
5961If you are running NIS,
5962this causes a sequential scan of the groups.byname map,
5963which can cause your NIS server to be badly overloaded in a large domain.
5964The cost of this is that the only group found for users
5965will be their primary group (the one in the password file),
5966which will make file access permissions somewhat more restrictive.
5967Has no effect on systems that don't have group lists.
5968.ip DontProbeInterfaces
5969[no short name]
5970.i Sendmail
5971normally finds the names of all interfaces active on your machine
5972when it starts up
5973and adds their name to the
5974.b $=w
5975class of known host aliases.
5976If you have a large number of virtual interfaces
5977or if your DNS inverse lookups are slow
5978this can be time consuming.
5979This option turns off that probing.
5980However, you will need to be certain to include all variant names
5981in the
5982.b $=w
5983class by some other mechanism.
5984.ip DontPruneRoutes
5985[R]
5986Normally,
5987.i sendmail
5988tries to eliminate any unnecessary explicit routes
5989when sending an error message
5990(as discussed in RFC 1123 \(sc 5.2.6).
5991For example,
5992when sending an error message to
5993.(b
5994<@known1,@known2,@known3:user@unknown>
5995.)b
5996.i sendmail
5997will strip off the
5998.q @known1,@known2
5999in order to make the route as direct as possible.
6000However, if the
6001.b R
6002option is set, this will be disabled,
6003and the mail will be sent to the first address in the route,
6004even if later addresses are known.
6005This may be useful if you are caught behind a firewall.
6006.ip DoubleBounceAddress=\fIerror-address\fP
6007[no short name]
6008If an error occurs when sending an error message,
6009send the error report
6010(termed a
6011.q "double bounce"
6012because it is an error
6013.q bounce
6014that occurs when trying to send another error
6015.q bounce )
6016to the indicated address.
6017The address is macro expanded
6018at the time of delivery.
6019If not set, defaults to
6020.q postmaster .
6021.ip EightBitMode=\fIaction\fP
6022[8]
6023Set handling of eight-bit data.
6024There are two kinds of eight-bit data:
6025that declared as such using the
6026.b BODY=8BITMIME
6027ESMTP declaration or the
6028.b \-B8BITMIME
6029command line flag,
6030and undeclared 8-bit data, that is,
6031input that just happens to be eight bits.
6032There are three basic operations that can happen:
6033undeclared 8-bit data can be automatically converted to 8BITMIME,
6034undeclared 8-bit data can be passed as-is without conversion to MIME
6035(``just send 8''),
6036and declared 8-bit data can be converted to 7-bits
6037for transmission to a non-8BITMIME mailer.
6038The possible
6039.i action s
6040are:
6041.(b
6042.\" r Reject undeclared 8-bit data;
6043.\" don't convert 8BITMIME\(->7BIT (``reject'')
6044 s Reject undeclared 8-bit data (``strict'')
6045.\" do convert 8BITMIME\(->7BIT (``strict'')
6046.\" c Convert undeclared 8-bit data to MIME;
6047.\" don't convert 8BITMIME\(->7BIT (``convert'')
6048 m Convert undeclared 8-bit data to MIME (``mime'')
6049.\" do convert 8BITMIME\(->7BIT (``mime'')
6050.\" j Pass undeclared 8-bit data;
6051.\" don't convert 8BITMIME\(->7BIT (``just send 8'')
6052 p Pass undeclared 8-bit data (``pass'')
6053.\" do convert 8BITMIME\(->7BIT (``pass'')
6054.\" a Adaptive algorithm: see below
6055.)b
6056.\"The adaptive algorithm is to accept 8-bit data,
6057.\"converting it to 8BITMIME only if the receiver understands that,
6058.\"otherwise just passing it as undeclared 8-bit data;
6059.\"8BITMIME\(->7BIT conversions are done.
6060In all cases properly declared 8BITMIME data will be converted to 7BIT
6061as needed.
6062.ip ErrorHeader=\fIfile-or-message\fP
6063[E]
6064Prepend error messages with the indicated message.
6065If it begins with a slash,
6066it is assumed to be the pathname of a file
6067containing a message (this is the recommended setting).
6068Otherwise, it is a literal message.
6069The error file might contain the name, email address, and/or phone number
6070of a local postmaster who could provide assistance
6071to end users.
6072If the option is missing or null,
6073or if it names a file which does not exist or which is not readable,
6074no message is printed.
6075.ip ErrorMode=\fIx\fP
6076[e]
6077Dispose of errors using mode
6078.i x .
6079The values for
6080.i x
6081are:
6082.(b
6083p Print error messages (default)
6084q No messages, just give exit status
6085m Mail back errors
6086w Write back errors (mail if user not logged in)
6087e Mail back errors and give zero exit stat always
6088.)b
6089.ip FallbackMXhost=\fIfallbackhost\fP
6090[V]
6091If specified, the
6092.i fallbackhost
6093acts like a very low priority MX
6094on every host.
6095This is intended to be used by sites with poor network connectivity.
6096Messages which are undeliverable due to temporary address failures
6097(e.g., DNS failure)
6098also go to the FallBackMX host.
6099.ip ForkEachJob
6100[Y]
6101If set,
6102deliver each job that is run from the queue in a separate process.
6103Use this option if you are short of memory,
6104since the default tends to consume considerable amounts of memory
6105while the queue is being processed.
6106.ip ForwardPath=\fIpath\fP
6107[J]
6108Set the path for searching for users' .forward files.
6109The default is
6110.q $z/.forward .
6111Some sites that use the automounter may prefer to change this to
6112.q /var/forward/$u
6113to search a file with the same name as the user in a system directory.
6114It can also be set to a sequence of paths separated by colons;
6115.i sendmail
6116stops at the first file it can successfully and safely open.
6117For example,
6118.q /var/forward/$u:$z/.forward
6119will search first in /var/forward/\c
6120.i username
6121and then in
6122.i ~username /.forward
6123(but only if the first file does not exist).
6124.ip HelpFile=\fIfile\fP
6125[H]
6126Specify the help file
6127for SMTP.
6128If no file name is specified, "helpfile" is used.
6129.ip HoldExpensive
6130[c]
6131If an outgoing mailer is marked as being expensive,
6132don't connect immediately.
6133This requires that queueing be compiled in,
6134since it will depend on a queue run process to
6135actually send the mail.
6136.ip HostsFile=\fIpath\fP
6137[no short name]
6138The path to the hosts database,
6139normally
6140.q /etc/hosts .
6141This option is only consulted when sendmail
6142is canonifying addresses,
6143and then only when
6144.q files
6145is in the
6146.q hosts
6147service switch entry.
6148In particular, this file is
6149.i never
6150used when looking up host addresses;
6151that is under the control of the system
6152.i gethostbyname (3)
6153routine.
6154.ip HostStatusDirectory=\fIpath\fP
6155[no short name]
6156The location of the long term host status information.
6157When set,
6158information about the status of hosts
6159(e.g., host down or not accepting connections)
6160will be shared between all
6161.i sendmail
6162processes;
6163normally, this information is only held within a single queue run.
6164This option requires a connection cache of at least 1 to function.
6165If the option begins with a leading `/',
6166it is an absolute pathname;
6167otherwise,
6168it is relative to the mail queue directory.
6169A suggested value for sites desiring persistent host status is
6170.q \&.hoststat
6171(i.e., a subdirectory of the queue directory).
6172.ip IgnoreDots
6173[i]
6174Ignore dots in incoming messages.
6175This is always disabled (that is, dots are always accepted)
6176when reading SMTP mail.
6177.ip LDAPDefaultSpec=\fIspec\fP
6178[no short name]
6179Sets a default map specification for LDAP maps.
6180The value should only contain LDAP specific settings
6181such as
6182.q "-h host -p port -d bindDN" .
6183The settings will be used for all LDAP maps
6184unless the individual map specification overrides a setting.
6185This option should be set before any LDAP maps are defined.
6186.ip LogLevel=\fIn\fP
6187[L]
6188Set the log level to
6189.i n .
6190Defaults to 9.
6191.ip M\fIx\|value\fP
6192[no long version]
6193Set the macro
6194.i x
6195to
6196.i value .
6197This is intended only for use from the command line.
6198The
6199.b \-M
6200flag is preferred.
6201.ip MatchGECOS
6202[G]
6203Allow fuzzy matching on the GECOS field.
6204If this flag is set,
6205and the usual user name lookups fail
6206(that is, there is no alias with this name and a
6207.i getpwnam
6208fails),
6209sequentially search the password file
6210for a matching entry in the GECOS field.
6211This also requires that MATCHGECOS
6212be turned on during compilation.
6213This option is not recommended.
6214.ip MaxAliasRecursion=\fIN\fP
6215[no short name]
6216The maximum depth of alias recursion (default: 10).
6217.ip MaxDaemonChildren=\fIN\fP
6218[no short name]
6219If set,
6220.i sendmail
6221will refuse connections when it has more than
6222.i N
6223children processing incoming mail or automatic queue runs.
6224This does not limit the number of outgoing connections.
6225If not set, there is no limit to the number of children --
6226that is, the system load averaging controls this.
6227.ip MaxHeadersLength=\fIN\fP
6228[no short name]
6229The maximum length of the sum of all headers.
6230This can be used to prevent a denial of service attack.
6231The default is no limit.
6232.ip MaxHopCount=\fIN\fP
6233[h]
6234The maximum hop count.
6235Messages that have been processed more than
6236.i N
6237times are assumed to be in a loop and are rejected.
6238Defaults to 25.
6239.ip MaxMessageSize=\fIN\fP
6240[no short name]
6241Specify the maximum message size
6242to be advertised in the ESMTP EHLO response.
6243Messages larger than this will be rejected.
6244.ip MaxMimeHeaderLength=\fIN[/M]\fP
6245[no short name]
6246Sets the maximum length of certain MIME header field values
6247to
6248.i N
6249characters.
6250For some of these headers which take parameters,
6251the maximum length of each parameter is set to
6252.i M
6253if specified. If
6254.i /M
6255is not specified, one half of
6256.i N
6257will be used.
6258By default,
6259these values are 0, meaning no checks are done.
6260.ip MaxQueueRunSize=\fIN\fP
6261[no short name]
6262The maximum number of jobs that will be processed
6263in a single queue run.
6264If not set, there is no limit on the size.
6265If you have very large queues or a very short queue run interval
6266this could be unstable.
6267However, since the first
6268.i N
6269jobs in queue directory order are run (rather than the
6270.i N
6271highest priority jobs)
6272this should be set as high as possible to avoid
6273.q losing
6274jobs that happen to fall late in the queue directory.
6275.ip MaxRecipientsPerMessage=\fIN\fP
6276[no short name]
6277The maximum number of recipients that will be accepted per message
6278in an SMTP transaction.
6279Note: setting this too low can interfere with sending mail from
6280MUAs that use SMTP for initial submission.
6281If not set, there is no limit on the number of recipients per envelope.
6282.ip MeToo
6283[m]
6284Send to me too,
6285even if I am in an alias expansion.
6286This option is deprecated
6287and will be removed from a future version.
6288.ip MinFreeBlocks=\fIN\fP
6289[b]
6290Insist on at least
6291.i N
6292blocks free on the filesystem that holds the queue files
6293before accepting email via SMTP.
6294If there is insufficient space
6295.i sendmail
6296gives a 452 response
6297to the MAIL command.
6298This invites the sender to try again later.
6299.ip MinQueueAge=\fIage\fP
6300[no short name]
6301Don't process any queued jobs
6302that have been in the queue less than the indicated time interval.
6303This is intended to allow you to get responsiveness
6304by processing the queue fairly frequently
6305without thrashing your system by trying jobs too often.
6306The default units are minutes.
6307.ip MustQuoteChars=\fIs\fP
6308[no short name]
6309Sets the list of characters that must be quoted if used in a full name
6310that is in the phrase part of a ``phrase <address>'' syntax.
6311The default is ``\'.''.
6312The characters ``@,;:\e()[]'' are always added to this list.
6313.ip NoRecipientAction
6314[no short name]
6315The action to take when you receive a message that has no valid
6316recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
6317the last included for back compatibility with old
6318.i sendmail s).
6319It can be
6320.b None
6321to pass the message on unmodified,
6322which violates the protocol,
6323.b Add-To
6324to add a To: header with any recipients it can find in the envelope
6325(which might expose Bcc: recipients),
6326.b Add-Apparently-To
6327to add an Apparently-To: header
6328(this is only for back-compatibility
6329and is officially deprecated),
6330.b Add-To-Undisclosed
6331to add a header
6332.q "To: undisclosed-recipients:;"
6333to make the header legal without disclosing anything,
6334or
6335.b Add-Bcc
6336to add an empty Bcc: header.
6337.ip OldStyleHeaders
6338[o]
6339Assume that the headers may be in old format,
6340i.e.,
6341spaces delimit names.
6342This actually turns on
6343an adaptive algorithm:
6344if any recipient address contains a comma, parenthesis,
6345or angle bracket,
6346it will be assumed that commas already exist.
6347If this flag is not on,
6348only commas delimit names.
6349Headers are always output with commas between the names.
6350Defaults to off.
6351.ip OperatorChars=\fIcharlist\fP
6352[$o macro]
6353The list of characters that are considered to be
6354.q operators ,
6355that is, characters that delimit tokens.
6356All operator characters are tokens by themselves;
6357sequences of non-operator characters are also tokens.
6358White space characters separate tokens
6359but are not tokens themselves \(em for example,
6360.q AAA.BBB
6361has three tokens, but
6362.q "AAA BBB"
6363has two.
6364If not set, OperatorChars defaults to
6365.q \&.\|:\|@\|[\|] ;
6366additionally, the characters
6367.q (\|)\|<\|>\|,\|;
6368are always operators.
6369Note that OperatorChars must be set in the
6370configuration file before any rulesets.
6371.ip PidFile=\fIfilename\fP
6372[no short name]
6373Filename of the pid file.
6374(default is _PATH_SENDMAILPID).
6375The
6376.i filename
6377is macro-expanded before it is opened.
6378.ip PostmasterCopy=\fIpostmaster\fP
6379[P]
6380If set,
6381copies of error messages will be sent to the named
6382.i postmaster .
6383Only the header of the failed message is sent.
6384Errors resulting from messages with a negative precedence will not be sent.
6385Since most errors are user problems,
6386this is probably not a good idea on large sites,
6387and arguably contains all sorts of privacy violations,
6388but it seems to be popular with certain operating systems vendors.
6389The address is macro expanded
6390at the time of delivery.
6391Defaults to no postmaster copies.
6392.ip PrivacyOptions=\fI\|opt,opt,...\fP
6393[p]
6394Set the privacy
6395.i opt ions.
6396``Privacy'' is really a misnomer;
6397many of these are just a way of insisting on stricter adherence
6398to the SMTP protocol.
6399The
6400.i opt ions
6401can be selected from:
6402.(b
6403.ta \w'needvrfyhelo'u+3n
6404public Allow open access
6405needmailhelo Insist on HELO or EHLO command before MAIL
6406needexpnhelo Insist on HELO or EHLO command before EXPN
6407noexpn Disallow EXPN entirely, implies noverb.
6408needvrfyhelo Insist on HELO or EHLO command before VRFY
6409novrfy Disallow VRFY entirely
6410noetrn Disallow ETRN entirely
6411noverb Disallow VERB entirely
6412restrictmailq Restrict mailq command
6413restrictqrun Restrict \-q command line flag
6414noreceipts Don't return success DSNs\**
6415nobodyreturn Don't return the body of a message with DSNs
6416goaway Disallow essentially all SMTP status queries
6417authwarnings Put X-Authentication-Warning: headers in messages
6418 and log warnings
6419.)b
6420.(f
6421\**N.B.:
6422the
6423.b noreceipts
6424flag turns off support for RFC 1891
6425(Delivery Status Notification).
6426.)f
6427The
6428.q goaway
6429pseudo-flag sets all flags except
6430.q noreceipts ,
6431.q restrictmailq ,
6432.q restrictqrun ,
6433.q noetrn ,
6434and
6435.q nobodyreturn .
6436If mailq is restricted,
6437only people in the same group as the queue directory
6438can print the queue.
6439If queue runs are restricted,
6440only root and the owner of the queue directory
6441can run the queue.
6442Authentication Warnings add warnings about various conditions
6443that may indicate attempts to spoof the mail system,
|
6445.ip ProcessTitlePrefix=\fIstring\fP
6446[no short name]
6447Prefix the process title shown on 'ps' listings with
6448.i string .
6449The
6450.i string
6451will be macro processed.
6452.ip QueueDirectory=\fIdir\fP
6453[Q]
6454Use the named
6455.i dir
6456as the queue directory.
6457To use multiple queues, supply a value ending with an asterisk.
6458For example,
6459.i /var/spool/mqueue/q*
6460will use all of the directories or symbolic links to directories
6461beginning with
6462.i q
6463in
6464.i /var/spool/mqueue
6465as queue directories.
6466Do not change the queue directory structure
6467while sendmail is running.
6468.ip QueueFactor=\fIfactor\fP
6469[q]
6470Use
6471.i factor
6472as the multiplier in the map function
6473to decide when to just queue up jobs rather than run them.
6474This value is divided by the difference between the current load average
6475and the load average limit
6476(\c
6477.b QueueLA
6478option)
6479to determine the maximum message priority
6480that will be sent.
6481Defaults to 600000.
6482.ip QueueLA=\fILA\fP
6483[x]
6484When the system load average exceeds
6485.i LA
6486and the
6487.b QueueFactor
6488(\c
6489.b q )
6490option divided by the difference in the current load average and the
6491.b QueueLA
6492option plus one
6493is less than the priority of the message,
6494just queue messages
6495(i.e., don't try to send them).
6496Defaults to 8 multiplied by
6497the number of processors online on the system
6498(if that can be determined).
6499.ip QueueSortOrder=\fIalgorithm\fP
6500[no short name]
6501Sets the
6502.i algorithm
6503used for sorting the queue.
6504Only the first character of the value is used.
6505Legal values are
6506.q host
6507(to order by the name of the first host name of the first recipient),
6508.q filename
6509(to order by the name of the queue file name),
6510.q time
6511(to order by the submission time),
6512and
6513.q priority
6514(to order by message priority).
6515Host ordering makes better use of the connection cache,
6516but may tend to process low priority messages
6517that go to a single host
6518over high priority messages that go to several hosts;
6519it probably shouldn't be used on slow network links.
6520Filename ordering saves the overhead of
6521reading all of the queued items
6522before starting the queue run.
6523Time ordering is almost always a bad idea,
6524since it allows large, bulk mail to go out
6525before smaller, personal mail,
6526but may have applicability on some hosts with very fast connections.
6527Priority ordering is the default.
6528.ip QueueTimeout=\fItimeout\fP
6529[T]
6530A synonym for
6531.q Timeout.queuereturn .
6532Use that form instead of the
6533.q QueueTimeout
6534form.
6535.ip RandFile
6536[no short name]
6537Name of file containing random data or the name of the UNIX socket
6538if EGD is used.
6539A (required) prefix "egd:" or "file:" specifies the type.
6540STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set
6541(see sendmail/README).
6542.ip ResolverOptions=\fIoptions\fP
6543[I]
6544Set resolver options.
6545Values can be set using
6546.b + \c
6547.i flag
6548and cleared using
6549.b \- \c
6550.i flag ;
6551the
6552.i flag s
6553can be
6554.q debug ,
6555.q aaonly ,
6556.q usevc ,
6557.q primary ,
6558.q igntc ,
6559.q recurse ,
6560.q defnames ,
6561.q stayopen ,
6562or
6563.q dnsrch .
6564The string
6565.q HasWildcardMX
6566(without a
6567.b +
6568or
6569.b \- )
6570can be specified to turn off matching against MX records
6571when doing name canonifications.
6572.b N.B.
6573Prior to 8.7,
6574this option indicated that the name server be responding
6575in order to accept addresses.
6576This has been replaced by checking to see
6577if the
6578.q dns
6579method is listed in the service switch entry for the
6580.q hosts
6581service.
6582.ip RrtImpliesDsn
6583[R]
6584If this option is set, a
6585.q Return-Receipt-To:
6586header causes the request of a DSN, which is sent to
6587the envelope sender as required by RFC1891,
6588not to the address given in the header.
6589.ip RunAsUser=\fIuser\fP
6590[no short name]
6591The
6592.i user
6593parameter may be a user name
6594(looked up in
6595.i /etc/passwd )
6596or a numeric user id;
6597either form can have
6598.q ":group"
6599attached
6600(where group can be numeric or symbolic).
6601If set to a non-zero (non-root) value,
6602.i sendmail
6603will change to this user id shortly after startup\**.
6604.(f
6605\**When running as a daemon,
6606it changes to this user after accepting a connection
6607but before reading any
6608.sm SMTP
6609commands.
6610.)f
6611This avoids a certain class of security problems.
6612However, this means that all
6613.q \&.forward
6614and
6615.q :include:
6616files must be readable by the indicated
6617.i user
6618and all files to be written must be writable by
6619.i user
6620Also, all file and program deliveries will be marked unsafe
6621unless the option
6622.b DontBlameSendmail=NonRootSafeAddr
6623is set,
6624in which case the delivery will be done as
6625.i user .
6626It is also incompatible with the
6627.b SafeFileEnvironment
6628option.
6629In other words, it may not actually add much to security on an average system,
6630and may in fact detract from security
6631(because other file permissions must be loosened).
6632However, it should be useful on firewalls and other
6633places where users don't have accounts and the aliases file is
6634well constrained.
6635.ip RecipientFactor=\fIfact\fP
6636[y]
6637The indicated
6638.i fact or
6639is added to the priority (thus
6640.i lowering
6641the priority of the job)
6642for each recipient,
6643i.e., this value penalizes jobs with large numbers of recipients.
6644Defaults to 30000.
6645.ip RefuseLA=\fILA\fP
6646[X]
6647When the system load average exceeds
6648.i LA ,
6649refuse incoming SMTP connections.
6650Defaults to 12 multiplied by
6651the number of processors online on the system
6652(if that can be determined).
6653.ip RetryFactor=\fIfact\fP
6654[Z]
6655The
6656.i fact or
6657is added to the priority
6658every time a job is processed.
6659Thus,
6660each time a job is processed,
6661its priority will be decreased by the indicated value.
6662In most environments this should be positive,
6663since hosts that are down are all too often down for a long time.
6664Defaults to 90000.
6665.ip SafeFileEnvironment=\fIdir\fP
6666[no short name]
6667If this option is set,
6668.i sendmail
6669will do a
6670.i chroot (2)
6671call into the indicated
6672.i dir ectory
6673before doing any file writes.
6674If the file name specified by the user begins with
6675.i dir ,
6676that partial path name will be stripped off before writing,
6677so (for example)
6678if the SafeFileEnvironment variable is set to
6679.q /safe
6680then aliases of
6681.q /safe/logs/file
6682and
6683.q /logs/file
6684actually indicate the same file.
6685Additionally, if this option is set,
6686.i sendmail
6687refuses to deliver to symbolic links.
6688.ip SaveFromLine
6689[f]
6690Save
6691UNIX-style
6692.q From
6693lines at the front of headers.
6694Normally they are assumed redundant
6695and discarded.
6696.ip SendMimeErrors
6697[j]
6698If set, send error messages in MIME format
6699(see RFC2045 and RFC1344 for details).
6700If disabled,
6701.i sendmail
6702will not return the DSN keyword in response to an EHLO
6703and will not do Delivery Status Notification processing as described in
6704RFC1891.
6705.ip ServerCertFile
6706[no short name]
6707File containing the certificate of the server, i.e., this certificate
6708is used when sendmail acts as server.
6709.ip ServerKeyFile
6710[no short name]
6711File containing the private key belonging to the server certificate.
6712.ip ServiceSwitchFile=\fIfilename\fP
6713[no short name]
6714If your host operating system has a service switch abstraction
6715(e.g., /etc/nsswitch.conf on Solaris
6716or /etc/svc.conf on Ultrix and DEC OSF/1)
6717that service will be consulted and this option is ignored.
6718Otherwise, this is the name of a file
6719that provides the list of methods used to implement particular services.
6720The syntax is a series of lines,
6721each of which is a sequence of words.
6722The first word is the service name,
6723and following words are service types.
6724The services that
6725.i sendmail
6726consults directly are
6727.q aliases
6728and
6729.q hosts.
6730Service types can be
6731.q dns ,
6732.q nis ,
6733.q nisplus ,
6734or
6735.q files
6736(with the caveat that the appropriate support
6737must be compiled in
6738before the service can be referenced).
6739If ServiceSwitchFile is not specified, it defaults to
6740/etc/mail/service.switch.
6741If that file does not exist, the default switch is:
6742.(b
6743aliases files
6744hosts dns nis files
6745.)b
6746The default file is
6747.q /etc/mail/service.switch .
6748.ip SevenBitInput
6749[7]
6750Strip input to seven bits for compatibility with old systems.
6751This shouldn't be necessary.
6752.ip SingleLineFromHeader
6753[no short name]
6754If set, From: lines that have embedded newlines are unwrapped
6755onto one line.
6756This is to get around a botch in Lotus Notes
6757that apparently cannot understand legally wrapped RFC822 headers.
6758.ip SingleThreadDelivery
6759[no short name]
6760If set, a client machine will never try to open two SMTP connections
6761to a single server machine at the same time,
6762even in different processes.
6763That is, if another
6764.i sendmail
6765is already talking to some host a new
6766.i sendmail
6767will not open another connection.
6768This property is of mixed value;
6769although this reduces the load on the other machine,
6770it can cause mail to be delayed
6771(for example, if one
6772.i sendmail
6773is delivering a huge message, other
6774.i sendmail s
6775won't be able to send even small messages).
6776Also, it requires another file descriptor
6777(for the lock file)
6778per connection, so you may have to reduce the
6779.b ConnectionCacheSize
6780option to avoid running out of per-process file descriptors.
6781Requires the
6782.b HostStatusDirectory
6783option.
6784.ip SmtpGreetingMessage=\fImessage\fP
6785[$e macro]
6786The message printed when the SMTP server starts up.
6787Defaults to
6788.q "$j Sendmail $v ready at $b".
6789.ip StatusFile=\fIfile\fP
6790[S]
6791Log summary statistics in the named
6792.i file .
6793If no file name is specified, "statistics" is used.
6794If not set,
6795no summary statistics are saved.
6796This file does not grow in size.
6797It can be printed using the
6798.i mailstats (8)
6799program.
6800.ip SuperSafe
6801[s]
6802Be super-safe when running things,
6803i.e.,
6804always instantiate the queue file,
6805even if you are going to attempt immediate delivery.
6806.i Sendmail
6807always instantiates the queue file
6808before returning control to the client
6809under any circumstances.
6810This should really
6811.i always
6812be set.
6813.ip TempFileMode=\fImode\fP
6814[F]
6815The file mode for queue files, files to which
6816.i sendmail
6817delivers directly, and files in the
6818.b HostStatusDirectory .
6819It is interpreted in octal by default.
6820Defaults to 0600.
6821.ip Timeout.\fItype\fP=\|\fItimeout\fP
6822[r; subsumes old T option as well]
6823Set timeout values.
6824For more information,
6825see section
6826.\" XREF
68274.1.
6828.ip TimeZoneSpec=\fItzinfo\fP
6829[t]
6830Set the local time zone info to
6831.i tzinfo
6832\*- for example,
6833.q PST8PDT .
6834Actually, if this is not set,
6835the TZ environment variable is cleared (so the system default is used);
6836if set but null, the user's TZ variable is used,
6837and if set and non-null the TZ variable is set to this value.
6838.ip TrustedUser=\fIuser\fP
6839[no short name]
6840The
6841.i user
6842parameter may be a user name
6843(looked up in
6844.i /etc/passwd )
6845or a numeric user id.
6846Trusted user for file ownership and starting the daemon. If set, generated
6847alias databases and the control socket (if configured) will automatically
6848be owned by this user.
6849.ip TryNullMXList
6850[w]
6851If this system is the
6852.q best
6853(that is, lowest preference)
6854MX for a given host,
6855its configuration rules should normally detect this situation
6856and treat that condition specially
6857by forwarding the mail to a UUCP feed,
6858treating it as local,
6859or whatever.
6860However, in some cases (such as Internet firewalls)
6861you may want to try to connect directly to that host
6862as though it had no MX records at all.
6863Setting this option causes
6864.i sendmail
6865to try this.
6866The downside is that errors in your configuration
6867are likely to be diagnosed as
6868.q "host unknown"
6869or
6870.q "message timed out"
6871instead of something more meaningful.
6872This option is disrecommended.
6873.ip UnixFromLine=\fIfromline\fP
6874[$l macro]
6875Defines the format used when
6876.i sendmail
6877must add a UNIX-style From_ line
6878(that is, a line beginning
6879.q From<space>user ).
6880Defaults to
6881.q "From $g $d" .
6882Don't change this unless your system uses a different UNIX mailbox format
6883(very unlikely).
6884.ip UnsafeGroupWrites
6885[no short name]
6886If set (default),
6887:include: and .forward files that are group writable are considered
6888.q unsafe ,
6889that is,
6890they cannot reference programs or write directly to files.
6891World writable :include: and .forward files
6892are always unsafe.
6893.ip UseErrorsTo
6894[l]
6895If there is an
6896.q Errors-To:
6897header, send error messages to the addresses listed there.
6898They normally go to the envelope sender.
6899Use of this option causes
6900.i sendmail
6901to violate RFC 1123.
6902This option is disrecommended and deprecated.
6903.ip UserDatabaseSpec=\fIudbspec\fP
6904[U]
6905The user database specification.
6906.ip Verbose
6907[v]
6908Run in verbose mode.
6909If this is set,
6910.i sendmail
6911adjusts options
6912.b HoldExpensive
6913(old
6914.b c )
6915and
6916.b DeliveryMode
6917(old
6918.b d )
6919so that all mail is delivered completely
6920in a single job
6921so that you can see the entire delivery process.
6922Option
6923.b Verbose
6924should
6925.i never
6926be set in the configuration file;
6927it is intended for command line use only.
6928.ip XscriptFileBufferSize=\fIthreshold\fP
6929[no short name]
6930Set the
6931.i threshold ,
6932in bytes,
6933before a memory-based
6934queue transcript file
6935becomes disk-based.
6936The default is 4096 bytes.
6937.lp
6938All options can be specified on the command line using the
6939\-O or \-o flag,
6940but most will cause
6941.i sendmail
6942to relinquish its setuid permissions.
6943The options that will not cause this are
6944SevenBitInput [7],
6945EightBitMode [8],
6946MinFreeBlocks [b],
6947CheckpointInterval [C],
6948DeliveryMode [d],
6949ErrorMode [e],
6950IgnoreDots [i],
6951SendMimeErrors [j],
6952LogLevel [L],
6953MeToo [m],
6954OldStyleHeaders [o],
6955PrivacyOptions [p],
6956SuperSafe [s],
6957Verbose [v],
6958QueueSortOrder,
6959MinQueueAge,
6960DefaultCharSet,
6961Dial Delay,
6962NoRecipientAction,
6963ColonOkInAddr,
6964MaxQueueRunSize,
6965SingleLineFromHeader,
6966and
6967AllowBogusHELO.
6968Actually, PrivacyOptions [p] given on the command line
6969are added to those already specified in the
6970.i sendmail.cf
6971file, i.e., they can't be reset.
6972Also, M (define macro) when defining the r or s macros
6973is also considered
6974.q safe .
6975.sh 2 "P \*- Precedence Definitions"
6976.pp
6977Values for the
6978.q "Precedence:"
6979field may be defined using the
6980.b P
6981control line.
6982The syntax of this field is:
6983.(b
6984\fBP\fP\fIname\fP\fB=\fP\fInum\fP
6985.)b
6986When the
6987.i name
6988is found in a
6989.q Precedence:
6990field,
6991the message class is set to
6992.i num .
6993Higher numbers mean higher precedence.
6994Numbers less than zero
6995have the special property
6996that if an error occurs during processing
6997the body of the message will not be returned;
6998this is expected to be used for
6999.q "bulk"
7000mail such as through mailing lists.
7001The default precedence is zero.
7002For example,
7003our list of precedences is:
7004.(b
7005Pfirst-class=0
7006Pspecial-delivery=100
7007Plist=\-30
7008Pbulk=\-60
7009Pjunk=\-100
7010.)b
7011People writing mailing list exploders
7012are encouraged to use
7013.q "Precedence: list" .
7014Older versions of
7015.i sendmail
7016(which discarded all error returns for negative precedences)
7017didn't recognize this name, giving it a default precedence of zero.
7018This allows list maintainers to see error returns
7019on both old and new versions of
7020.i sendmail .
7021.sh 2 "V \*- Configuration Version Level"
7022.pp
7023To provide compatibility with old configuration files,
7024the
7025.b V
7026line has been added to define some very basic semantics
7027of the configuration file.
7028These are not intended to be long term supports;
7029rather, they describe compatibility features
7030which will probably be removed in future releases.
7031.pp
7032.b N.B.:
7033these version
7034.i levels
7035have nothing
7036to do with the version
7037.i number
7038on the files.
7039For example,
7040as of this writing
7041version 8 config files
7042(specifically, 8.10)
7043used version level 9 configurations.
7044.pp
7045.q Old
7046configuration files are defined as version level one.
7047Version level two files make the following changes:
7048.np
7049Host name canonification ($[ ... $])
7050appends a dot if the name is recognized;
7051this gives the config file a way of finding out if anything matched.
7052(Actually, this just initializes the
7053.q host
7054map with the
7055.q \-a.
7056flag \*- you can reset it to anything you prefer
7057by declaring the map explicitly.)
7058.np
7059Default host name extension is consistent throughout processing;
7060version level one configurations turned off domain extension
7061(that is, adding the local domain name)
7062during certain points in processing.
7063Version level two configurations are expected to include a trailing dot
7064to indicate that the name is already canonical.
7065.np
7066Local names that are not aliases
7067are passed through a new distinguished ruleset five;
7068this can be used to append a local relay.
7069This behavior can be prevented by resolving the local name
7070with an initial `@'.
7071That is, something that resolves to a local mailer and a user name of
7072.q vikki
7073will be passed through ruleset five,
7074but a user name of
7075.q @vikki
7076will have the `@' stripped,
7077will not be passed through ruleset five,
7078but will otherwise be treated the same as the prior example.
7079The expectation is that this might be used to implement a policy
7080where mail sent to
7081.q vikki
7082was handled by a central hub,
7083but mail sent to
7084.q vikki@localhost
7085was delivered directly.
7086.pp
7087Version level three files
7088allow # initiated comments on all lines.
7089Exceptions are backslash escaped # marks
7090and the $# syntax.
7091.pp
7092Version level four configurations
7093are completely equivalent to level three
7094for historical reasons.
7095.pp
7096Version level five configuration files
7097change the default definition of
7098.b $w
7099to be just the first component of the hostname.
7100.pp
7101Version level six configuration files
7102change many of the local processing options
7103(such as aliasing and matching the beginning of the address for
7104`|' characters)
7105to be mailer flags;
7106this allows fine-grained control over the special local processing.
7107Level six configuration files may also use long option names.
7108The
7109.b ColonOkInAddr
7110option (to allow colons in the local-part of addresses)
7111defaults
7112.b on
7113for lower numbered configuration files;
7114the configuration file requires some additional intelligence
7115to properly handle the RFC 822 group construct.
7116.pp
7117Version level seven configuration files
7118used new option names to replace old macros
7119(\c
7120.b $e
7121became
7122.b SmtpGreetingMessage ,
7123.b $l
7124became
7125.b UnixFromLine ,
7126and
7127.b $o
7128became
7129.b OperatorChars .
7130Also, prior to version seven,
7131the
7132.b F=q
7133flag (use 250 instead of 252 return value for
7134.sm "SMTP VRFY"
7135commands)
7136was assumed.
7137.pp
7138Version level eight configuration files allow
7139.b $#
7140on the left hand side of ruleset lines.
7141.pp
7142Version level nine configuration files allow
7143parentheses in rulesets, i.e. they are not treated
7144as comments and hence removed.
7145.pp
7146The
7147.b V
7148line may have an optional
7149.b / \c
7150.i vendor
7151to indicate that this configuration file uses modifications
7152specific to a particular vendor\**.
7153.(f
7154\**And of course, vendors are encouraged to add themselves
7155to the list of recognized vendors by editing the routine
7156.i setvendor
7157in
7158.i conf.c .
7159Please send e-mail to sendmail@Sendmail.ORG
7160to register your vendor dialect.
7161.)f
7162You may use
7163.q /Berkeley
7164to emphasize that this configuration file
7165uses the Berkeley dialect of
7166.i sendmail .
7167.sh 2 "K \*- Key File Declaration"
7168.pp
7169Special maps can be defined using the line:
7170.(b
7171Kmapname mapclass arguments
7172.)b
7173The
7174.i mapname
7175is the handle by which this map is referenced in the rewriting rules.
7176The
7177.i mapclass
7178is the name of a type of map;
7179these are compiled in to
7180.i sendmail .
7181The
7182.i arguments
7183are interpreted depending on the class;
7184typically,
7185there would be a single argument naming the file containing the map.
7186.pp
7187Maps are referenced using the syntax:
7188.(b
7189$( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
7190.)b
7191where either or both of the
7192.i arguments
7193or
7194.i default
7195portion may be omitted.
7196The
7197.i "$@ arguments"
7198may appear more than once.
7199The indicated
7200.i key
7201and
7202.i arguments
7203are passed to the appropriate mapping function.
7204If it returns a value, it replaces the input.
7205If it does not return a value and the
7206.i default
7207is specified, the
7208.i default
7209replaces the input.
7210Otherwise, the input is unchanged.
7211.pp
7212The
7213.i arguments
7214are passed to the map for arbitrary use.
7215Most map classes can interpolate these arguments
7216into their values using the syntax
7217.q %\fIn\fP
7218(where
7219.i n
7220is a digit)
7221to indicate the corresponding
7222.i argument .
7223Argument
7224.q %0
7225indicates the database key.
7226For example, the rule
7227.(b
7228.ta 1.5i
7229R$\- ! $+ $: $(uucp $1 $@ $2 $: %1 @ %0 . UUCP $)
7230.)b
7231Looks up the UUCP name in a (user defined) UUCP map;
7232if not found it turns it into
7233.q \&.UUCP
7234form.
7235The database might contain records like:
7236.(b
7237decvax %1@%0.DEC.COM
7238research %1@%0.ATT.COM
7239.)b
7240Note that
7241.i default
7242clauses never do this mapping.
7243.pp
7244The built in map with both name and class
7245.q host
7246is the host name canonicalization lookup.
7247Thus,
7248the syntax:
7249.(b
7250$(host \fIhostname\fP$)
7251.)b
7252is equivalent to:
7253.(b
7254$[\fIhostname\fP$]
7255.)b
7256.pp
7257There are many defined classes.
7258.ip dbm
7259Database lookups using the ndbm(3) library.
7260.i Sendmail
7261must be compiled with
7262.b NDBM
7263defined.
7264.ip btree
7265Database lookups using the btree interface to the Berkeley DB
7266library.
7267.i Sendmail
7268must be compiled with
7269.b NEWDB
7270defined.
7271.ip hash
7272Database lookups using the hash interface to the Berkeley DB
7273library.
7274.i Sendmail
7275must be compiled with
7276.b NEWDB
7277defined.
7278.ip nis
7279NIS lookups.
7280.i Sendmail
7281must be compiled with
7282.b NIS
7283defined.
7284.ip nisplus
7285NIS+ lookups.
7286.i Sendmail
7287must be compiled with
7288.b NISPLUS
7289defined.
7290The argument is the name of the table to use for lookups,
7291and the
7292.b \-k
7293and
7294.b \-v
7295flags may be used to set the key and value columns respectively.
7296.ip hesiod
7297Hesiod lookups.
7298.i Sendmail
7299must be compiled with
7300.b HESIOD
7301defined.
7302.ip ldap
7303LDAP X500 directory lookups.
7304.i Sendmail
7305must be compiled with
7306.b LDAPMAP
7307defined.
7308The map supports most of the standard arguments
7309and most of the command line arguments of the
7310.i ldapsearch
7311program.
7312Note that,
7313by default,
7314if a single query matches multiple values,
7315only the first value will be returned
7316unless the
7317.b \-z
7318(value separator)
7319map flag is set.
7320Also, the
7321.b \-1
7322map flag will treat a multiple value return
7323as if there were no matches.
7324.ip netinfo
7325NeXT NetInfo lookups.
7326.i Sendmail
7327must be compiled with
7328.b NETINFO
7329defined.
7330.ip text
7331Text file lookups.
7332The format of the text file is defined by the
7333.b \-k
7334(key field number),
7335.b \-v
7336(value field number),
7337and
7338.b \-z
7339(field delimiter)
7340flags.
7341.ip ph
7342PH query map.
7343Contributed and supported by
7344Mark Roth, roth@uiuc.edu.
7345For more information,
7346consult the web site
7347.q http://www-dev.cso.uiuc.edu/sendmail/ .
7348.ip nsd
7349nsd map for IRIX 6.5 and later.
7350Contributed and supported by Bob Mende of SGI,
7351mende@sgi.com.
7352.ip stab
7353Internal symbol table lookups.
7354Used internally for aliasing.
7355.ip implicit
7356Really should be called
7357.q alias
7358\(em this is used to get the default lookups
7359for alias files,
7360and is the default if no class is specified for alias files.
7361.ip user
7362Looks up users using
7363.i getpwnam (3).
7364The
7365.b \-v
7366flag can be used to specify the name of the field to return
7367(although this is normally used only to check the existence
7368of a user).
7369.ip host
7370Canonifies host domain names.
7371Given a host name it calls the name server
7372to find the canonical name for that host.
7373.ip bestmx
7374Returns the best MX record for a host name given as the key.
7375The current machine is always preferred \*-
7376that is, if the current machine is one of the hosts listed as a
7377lowest-preference MX record, then it will be guaranteed to be returned.
7378This can be used to find out if this machine is the target for an MX record,
7379and mail can be accepted on that basis.
7380If the
7381.b \-z
7382flag is given, then all MX names are returned,
7383separated by the given delimiter.
7384.ip sequence
7385The arguments on the `K' line are a list of maps;
7386the resulting map searches the argument maps in order
7387until it finds a match for the indicated key.
7388For example, if the key definition is:
7389.(b
7390Kmap1 ...
7391Kmap2 ...
7392Kseqmap sequence map1 map2
7393.)b
7394then a lookup against
7395.q seqmap
7396first does a lookup in map1.
7397If that is found, it returns immediately.
7398Otherwise, the same key is used for map2.
7399.ip syslog
7400the key is logged via
7401.i syslogd \|(8).
7402The lookup returns the empty string.
7403.ip switch
7404Much like the
7405.q sequence
7406map except that the order of maps is determined by the service switch.
7407The argument is the name of the service to be looked up;
7408the values from the service switch are appended to the map name
7409to create new map names.
7410For example, consider the key definition:
7411.(b
7412Kali switch aliases
7413.)b
7414together with the service switch entry:
7415.(b
7416aliases nis files
7417.)b
7418This causes a query against the map
7419.q ali
7420to search maps named
7421.q ali.nis
7422and
7423.q ali.files
7424in that order.
7425.ip dequote
7426Strip double quotes (") from a name.
7427It does not strip backslashes,
7428and will not strip quotes if the resulting string
7429would contain unscannable syntax
7430(that is, basic errors like unbalanced angle brackets;
7431more sophisticated errors such as unknown hosts are not checked).
7432The intent is for use when trying to accept mail from systems such as
7433DECnet
7434that routinely quote odd syntax such as
7435.(b
7436"49ers::ubell"
7437.)b
7438A typical usage is probably something like:
7439.(b
7440Kdequote dequote
7441
7442\&...
7443
7444R$\- $: $(dequote $1 $)
7445R$\- $+ $: $>3 $1 $2
7446.)b
7447Care must be taken to prevent unexpected results;
7448for example,
7449.(b
7450"|someprogram < input > output"
7451.)b
7452will have quotes stripped,
7453but the result is probably not what you had in mind.
7454Fortunately these cases are rare.
7455.ip regex
7456The map definition on the
7457.b K
7458line contains a regular expression.
7459Any key input is compared to that expression using the
7460POSIX regular expressions routines regcomp(), regerr(), and regexec().
7461Refer to the documentation for those routines for more information
7462about the regular expression matching.
7463No rewriting of the key is done if the
7464.b \-m
7465flag is used. Without it, the key is discarded or if
7466.b \-s
7467if used, it is substituted by the substring matches, delimited by
7468.b $|
7469or the string specified with the the
7470.b \-d
7471flag. The flags available for the map are
7472.(b
7473-n not
7474-f case sensitive
7475-b basic regular expressions
7476 (default is extended)
7477-s substring match
7478-d set the delimiter used for -s
7479-a append string to key
7480-m match only, do not
7481 replace/discard value
7482-D perform no lookup in deferred delivery mode.
7483.)b
7484The
7485.b \-s
7486flag can include an optional parameter which can be used
7487to select the substrings in the result of the lookup. For example,
7488.(b
7489-s1,3,4
7490.)b
7491Notes: to match a
7492.b $
7493in a string,
7494\\$$
7495must be used.
7496If the pattern contains spaces, they must be replaced
7497with the blank substitution character, unless it is
7498space itself.
7499.ip program
7500The arguments on the
7501.b K
7502line are the pathname to a program and any initial parameters to be passed.
7503When the map is called,
7504the key is added to the initial parameters
7505and the program is invoked
7506as the default user/group id.
7507The first line of standard output is returned as the value of the lookup.
7508This has many potential security problems,
7509and has terrible performance;
7510it should be used only when absolutely necessary.
7511.ip macro
7512Set or clear a macro value.
7513To set a macro,
7514pass the value as the first argument in the map lookup.
7515To clear a macro,
7516do not pass an argument in the map lookup.
7517The map always returns the empty string.
7518Example of typical usage include:
7519.(b
7520Kstorage macro
7521
7522\&...
7523
7524# set macro ${MyMacro} to the ruleset match
7525R$+ $: $(storage {MyMacro} $@ $1 $) $1
7526# set macro ${MyMacro} to an empty string
7527R$* $: $(storage {MyMacro} $@ $) $1
7528# clear macro ${MyMacro}
7529R$\- $: $(storage {MyMacro} $) $1
7530.)b
7531.ip arith
7532Perform simple arithmetic operations.
7533The operation is given as key, currently +, -, *, /,
7534l (for less than), and = are supported.
7535The two operands are given as arguments.
7536The lookup returns the result of the computation,
7537i.e.
7538.sm TRUE
7539or
7540.sm FALSE
7541for comparisons, integer values otherwise.
7542All options which are possible for maps are ignored.
7543A simple example is:
7544.(b
7545Kcomp arith
7546
7547\&...
7548
7549Scheck_etrn
7550R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1
7551RFALSE $# error \&...
7552.)b
7553.pp
7554Most of these accept as arguments the same optional flags
7555and a filename
7556(or a mapname for NIS;
7557the filename is the root of the database path,
7558so that
7559.q .db
7560or some other extension appropriate for the database type
7561will be added to get the actual database name).
7562Known flags are:
7563.ip "\-o"
7564Indicates that this map is optional \*- that is,
7565if it cannot be opened,
7566no error is produced,
7567and
7568.i sendmail
7569will behave as if the map existed but was empty.
7570.ip "\-N, \-O"
7571If neither
7572.b \-N
7573or
7574.b \-O
7575are specified,
7576.i sendmail
7577uses an adaptive algorithm to decide whether or not to look for null bytes
7578on the end of keys.
7579It starts by trying both;
7580if it finds any key with a null byte it never tries again without a null byte
7581and vice versa.
7582If
7583.b \-N
7584is specified it never tries without a null byte and
7585if
7586.b \-O
7587is specified it never tries with a null byte.
7588Setting one of
7589these can speed matches but are never necessary.
7590If both
7591.b \-N
7592and
7593.b \-O
7594are specified,
7595.i sendmail
7596will never try any matches at all \(em
7597that is, everything will appear to fail.
7598.ip "\-a\fIx\fP"
7599Append the string
7600.i x
7601on successful matches.
7602For example, the default
7603.i host
7604map appends a dot on successful matches.
7605.ip "\-T\fIx\fP"
7606Append the string
7607.i x
7608on temporary failures.
7609For example,
7610.i x
7611would be appended if a DNS lookup returned
7612.q "server failed"
7613or an NIS lookup could not locate a server.
7614See also the
7615.b \-t
7616flag.
7617.ip "\-f"
7618Do not fold upper to lower case before looking up the key.
7619.ip "\-m"
7620Match only (without replacing the value).
7621If you only care about the existence of a key and not the value
7622(as you might when searching the NIS map
7623.q hosts.byname
7624for example),
7625this flag prevents the map from substituting the value.
7626However,
7627The \-a argument is still appended on a match,
7628and the default is still taken if the match fails.
7629.ip "\-k\fIkeycol\fP"
7630The key column name (for NIS+) or number
7631(for text lookups).
7632For LDAP maps this is an LDAP filter string
7633in which %s is replaced with the literal contents of the lookup key
7634and %0 is replaced with the LDAP escaped contents of the lookup key
7635according to RFC2254.
7636.ip "\-v\fIvalcol\fP"
7637The value column name (for NIS+) or number
7638(for text lookups).
7639For LDAP maps this is the name of one or more
7640attributes to be returned;
7641multiple attributes can be separated by commas.
7642If not specified, all attributes found in the match
7643will be returned.
7644.ip "\-z\fIdelim\fP"
7645The column delimiter (for text lookups).
7646It can be a single character or one of the special strings
7647.q \|\en
7648or
7649.q \|\et
7650to indicate newline or tab respectively.
7651If omitted entirely,
7652the column separator is any sequence of white space.
7653For LDAP maps this is the separator character
7654to combine multiple values
7655into a single return string.
7656If not set,
7657the LDAP lookup will only return the first match found.
7658.ip "\-t"
7659Normally, when a map attempts to do a lookup
7660and the server fails
7661(e.g.,
7662.i sendmail
7663couldn't contact any name server;
7664this is
7665.i not
7666the same as an entry not being found in the map),
7667the message being processed is queued for future processing.
7668The
7669.b \-t
7670flag turns off this behavior,
7671letting the temporary failure (server down)
7672act as though it were a permanent failure (entry not found).
7673It is particularly useful for DNS lookups,
7674where someone else's misconfigured name server can cause problems
7675on your machine.
7676However, care must be taken to ensure that you don't bounce mail
7677that would be resolved correctly if you tried again.
7678A common strategy is to forward such mail
7679to another, possibly better connected, mail server.
7680.ip "\-D"
7681Perform no lookup in deferred delivery mode.
7682This flag is set by default for the
7683.i host
7684map.
7685.ip "\-S\fIspacesub\fP
7686The character to use to replace space characters
7687after a successful map lookup (esp. useful for regex
7688and syslog maps).
7689.ip "\-s\fIspacesub\fP
7690For the dequote map only,
7691the character to use to replace space characters
7692after a successful dequote.
7693.ip "\-q"
7694Don't dequote the key before lookup.
7695.ip "\-L\fIlevel\fP
7696For the syslog map only, it specifies the level
7697to use for the syslog call.
7698.ip "\-A"
7699When rebuilding an alias file,
7700the
7701.b \-A
7702flag causes duplicate entries in the text version
7703to be merged.
7704For example, two entries:
7705.(b
7706list: user1, user2
7707list: user3
7708.)b
7709would be treated as though it were the single entry
7710.(b
7711list: user1, user2, user3
7712.)b
7713in the presence of the
7714.b \-A
7715flag.
7716.pp
7717The following additional flags are present in the ldap map only:
7718.ip "\-R"
7719Do not auto chase referrals. sendmail must be compiled with
7720.b \-DLDAP_REFERRALS
7721to use this flag.
7722.ip "\-n"
7723Retrieve attribute names only.
7724.ip "\-r\fIderef\fP"
7725Set the alias dereference option to one of never, always, search, or find.
7726.ip "\-s\fIscope\fP"
7727Set search scope to one of base, one (one level), or sub (subtree).
7728.ip "\-h\fIhost\fP"
7729LDAP server hostname.
7730Some LDAP libraries allow you to specify multiple, space-separated hosts for
7731redundancy.
7732In addition, each of the hosts listed can be followed by a colon and a port
7733number to override the default LDAP port.
7734.ip "\-b\fIbase\fP"
7735LDAP search base.
7736.ip "\-p\fIport\fP"
7737LDAP service port.
7738.ip "\-l\fItimelimit\fP"
7739Time limit for LDAP queries.
7740.ip "\-Z\fIsizelimit\fP"
7741Size (number of matches) limit for LDAP queries.
7742.ip "\-d\fIdistinguished_name\fP"
7743The distinguished name to use to login to the LDAP server.
7744.ip "\-M\fImethod\fP"
7745The method to authenticate to the LDAP server.
7746Should be one of
7747.b LDAP_AUTH_NONE ,
7748.b LDAP_AUTH_SIMPLE ,
7749or
7750.b LDAP_AUTH_KRBV4 .
7751.ip "\-P\fIpasswordfile\fP"
7752The file containing the secret key for the
7753.b LDAP_AUTH_SIMPLE
7754authentication method
7755or the name of the Kerberos ticket file for
7756.b LDAP_AUTH_KRBV4 .
7757.ip "\-1"
7758Force LDAP searches to only succeed if a single match is found.
7759If multiple values are found,
7760the search is treated as if no match was found.
7761.pp
7762The
7763.i dbm
7764map appends the strings
7765.q \&.pag
7766and
7767.q \&.dir
7768to the given filename;
7769the
7770.i hash
7771and
7772.i btree
7773maps append
7774.q \&.db .
7775For example, the map specification
7776.(b
7777Kuucp dbm \-o \-N /etc/mail/uucpmap
7778.)b
7779specifies an optional map named
7780.q uucp
7781of class
7782.q dbm ;
7783it always has null bytes at the end of every string,
7784and the data is located in
7785/etc/mail/uucpmap.{dir,pag}.
7786.pp
7787The program
7788.i makemap (8)
7789can be used to build any of the three database-oriented maps.
7790It takes the following flags:
7791.ip \-f
7792Do not fold upper to lower case in the map.
7793.ip \-N
7794Include null bytes in keys.
7795.ip \-o
7796Append to an existing (old) file.
7797.ip \-r
7798Allow replacement of existing keys;
7799normally, re-inserting an existing key is an error.
7800.ip \-v
7801Print what is happening.
7802.lp
7803The
7804.i sendmail
7805daemon does not have to be restarted to read the new maps
7806as long as you change them in place;
7807file locking is used so that the maps won't be read
7808while they are being updated.
7809.pp
7810New classes can be added in the routine
7811.b setupmaps
7812in file
7813.b conf.c .
7814.sh 2 "The User Database"
7815.pp
7816If you have a version of
7817.i sendmail
7818with the user database package
7819compiled in,
7820the handling of sender and recipient addresses
7821is modified.
7822.pp
7823The location of this database is controlled with the
7824.b UserDatabaseSpec
7825option.
7826.sh 3 "Structure of the user database"
7827.pp
7828The database is a sorted (BTree-based) structure.
7829User records are stored with the key:
7830.(b
7831\fIuser-name\fP\fB:\fP\fIfield-name\fP
7832.)b
7833The sorted database format ensures that user records are clustered together.
7834Meta-information is always stored with a leading colon.
7835.pp
7836Field names define both the syntax and semantics of the value.
7837Defined fields include:
7838.nr ii 1i
7839.ip maildrop
7840The delivery address for this user.
7841There may be multiple values of this record.
7842In particular,
7843mailing lists will have one
7844.i maildrop
7845record for each user on the list.
7846.ip "mailname"
7847The outgoing mailname for this user.
7848For each outgoing name,
7849there should be an appropriate
7850.i maildrop
7851record for that name to allow return mail.
7852See also
7853.i :default:mailname .
7854.ip mailsender
7855Changes any mail sent to this address to have the indicated envelope sender.
7856This is intended for mailing lists,
7857and will normally be the name of an appropriate -request address.
7858It is very similar to the owner-\c
7859.i list
7860syntax in the alias file.
7861.ip fullname
7862The full name of the user.
7863.ip office-address
7864The office address for this user.
7865.ip office-phone
7866The office phone number for this user.
7867.ip office-fax
7868The office FAX number for this user.
7869.ip home-address
7870The home address for this user.
7871.ip home-phone
7872The home phone number for this user.
7873.ip home-fax
7874The home FAX number for this user.
7875.ip project
7876A (short) description of the project this person is affiliated with.
7877In the University this is often just the name of their graduate advisor.
7878.ip plan
7879A pointer to a file from which plan information can be gathered.
7880.pp
7881As of this writing,
7882only a few of these fields are actually being used by
7883.i sendmail :
7884.i maildrop
7885and
7886.i mailname .
7887A
7888.i finger
7889program that uses the other fields is planned.
7890.sh 3 "User database semantics"
7891.pp
7892When the rewriting rules submit an address to the local mailer,
7893the user name is passed through the alias file.
7894If no alias is found (or if the alias points back to the same address),
7895the name (with
7896.q :maildrop
7897appended)
7898is then used as a key in the user database.
7899If no match occurs (or if the maildrop points at the same address),
7900forwarding is tried.
7901.pp
7902If the first token of the user name returned by ruleset 0
7903is an
7904.q @
7905sign, the user database lookup is skipped.
7906The intent is that the user database will act as a set of defaults
7907for a cluster (in our case, the Computer Science Division);
7908mail sent to a specific machine should ignore these defaults.
7909.pp
7910When mail is sent,
7911the name of the sending user is looked up in the database.
7912If that user has a
7913.q mailname
7914record,
7915the value of that record is used as their outgoing name.
7916For example, I might have a record:
7917.(b
7918eric:mailname Eric.Allman@CS.Berkeley.EDU
7919.)b
7920This would cause my outgoing mail to be sent as Eric.Allman.
7921.pp
7922If a
7923.q maildrop
7924is found for the user,
7925but no corresponding
7926.q mailname
7927record exists,
7928the record
7929.q :default:mailname
7930is consulted.
7931If present, this is the name of a host to override the local host.
7932For example, in our case we would set it to
7933.q CS.Berkeley.EDU .
7934The effect is that anyone known in the database
7935gets their outgoing mail stamped as
7936.q user@CS.Berkeley.EDU ,
7937but people not listed in the database use the local hostname.
7938.sh 3 "Creating the database\**"
7939.(f
7940\**These instructions are known to be incomplete.
7941Other features are available which provide similar functionality,
7942e.g., virtual hosting and mapping local addresses into a
7943generic form as explained in cf/README.
7944.)f
7945.pp
7946The user database is built from a text file
7947using the
7948.i makemap
7949utility
7950(in the distribution in the makemap subdirectory).
7951The text file is a series of lines corresponding to userdb records;
7952each line has a key and a value separated by white space.
7953The key is always in the format described above \*-
7954for example:
7955.(b
7956eric:maildrop
7957.)b
7958This file is normally installed in a system directory;
7959for example, it might be called
7960.i /etc/mail/userdb .
7961To make the database version of the map, run the program:
7962.(b
7963makemap btree /etc/mail/userdb < /etc/mail/userdb
7964.)b
7965Then create a config file that uses this.
7966For example, using the V8 M4 configuration, include the
7967following line in your .mc file:
7968.(b
7969define(\`confUSERDB_SPEC\', /etc/mail/userdb.db)
7970.)b
7971.sh 1 "OTHER CONFIGURATION"
7972.pp
7973There are some configuration changes that can be made by
7974recompiling
7975.i sendmail .
7976This section describes what changes can be made
7977and what has to be modified to make them.
7978In most cases this should be unnecessary
7979unless you are porting
7980.i sendmail
7981to a new environment.
7982.sh 2 "Parameters in devtools/OS/$oscf"
7983.pp
7984These parameters are intended to describe the compilation environment,
7985not site policy,
7986and should normally be defined in the operating system
7987configuration file.
7988.b "This section needs a complete rewrite."
7989.ip NDBM
7990If set,
7991the new version of the DBM library
7992that allows multiple databases will be used.
7993If neither NDBM nor NEWDB are set,
7994a much less efficient method of alias lookup is used.
7995.ip NEWDB
7996If set, use the new database package from Berkeley (from 4.4BSD).
7997This package is substantially faster than DBM or NDBM.
7998If NEWDB and NDBM are both set,
7999.i sendmail
8000will read DBM files,
8001but will create and use NEWDB files.
8002.ip NIS
8003Include support for NIS.
8004If set together with
8005.i both
8006NEWDB and NDBM,
8007.i sendmail
8008will create both DBM and NEWDB files if and only if
8009an alias file includes the substring
8010.q /yp/
8011in the name.
8012This is intended for compatibility with Sun Microsystems'
8013.i mkalias
8014program used on YP masters.
8015.ip NISPLUS
8016Compile in support for NIS+.
8017.ip NETINFO
8018Compile in support for NetInfo (NeXT stations).
8019.ip LDAPMAP
8020Compile in support for LDAP X500 queries.
8021Requires libldap and liblber
8022from the Umich LDAP 3.2 or 3.3 release
8023or equivalent libraries for other LDAP libraries
8024such as OpenLDAP.
8025.ip HESIOD
8026Compile in support for Hesiod.
8027.ip MAP_NSD
8028Compile in support for IRIX NSD lookups.
8029.ip MAP_REGEX
8030Compile in support for regular expression matching.
8031.ip PH_MAP
8032Compile in support for ph lookups.
8033.ip SASL
8034Compile in support for SASL,
8035a required component for SMTP Authentication support.
8036.ip STARTTLS
8037Compile in support for STARTTLS.
8038.ip EGD
8039Compile in support for the "Entropy Gathering Daemon"
8040to provide better random data for TLS.
8041.ip SFIO
8042Compile in support for sfio, which is required to enable encryption,
8043e.g., STARTTLS.
8044.ip TCPWRAPPERS
8045Compile in support for TCP Wrappers.
8046.ip _PATH_SENDMAILCF
8047The pathname of the sendmail.cf file.
8048.ip _PATH_SENDMAILPID
8049The pathname of the sendmail.pid file.
8050.pp
8051There are also several compilation flags to indicate the environment
8052such as
8053.q _AIX3
8054and
8055.q _SCO_unix_ .
8056See the sendmail/README
8057file for the latest scoop on these flags.
8058.sh 2 "Parameters in sendmail/conf.h"
8059.pp
8060Parameters and compilation options
8061are defined in conf.h.
8062Most of these need not normally be tweaked;
8063common parameters are all in sendmail.cf.
8064However, the sizes of certain primitive vectors, etc.,
8065are included in this file.
8066The numbers following the parameters
8067are their default value.
8068.pp
8069This document is not the best source of information
8070for compilation flags in conf.h \(em
8071see sendmail/README or sendmail/conf.h itself.
8072.nr ii 1.2i
8073.ip "MAXLINE [2048]"
8074The maximum line length of any input line.
8075If message lines exceed this length
8076they will still be processed correctly;
8077however, header lines,
8078configuration file lines,
8079alias lines,
8080etc.,
8081must fit within this limit.
8082.ip "MAXNAME [256]"
8083The maximum length of any name,
8084such as a host or a user name.
8085.ip "MAXPV [256]"
8086The maximum number of parameters to any mailer.
8087This limits the number of recipients that may be passed in one transaction.
8088It can be set to any arbitrary number above about 10,
8089since
8090.i sendmail
8091will break up a delivery into smaller batches as needed.
8092A higher number may reduce load on your system, however.
8093.ip "MAXATOM [1000]"
8094The maximum number of atoms
8095(tokens)
8096in a single address.
8097For example,
8098the address
8099.q "eric@CS.Berkeley.EDU"
8100is seven atoms.
8101.ip "MAXMAILERS [25]"
8102The maximum number of mailers that may be defined
8103in the configuration file.
8104This value is defined in include/sendmail/sendmail.h.
8105.ip "MAXRWSETS [200]"
8106The maximum number of rewriting sets
8107that may be defined.
8108The first half of these are reserved for numeric specification
8109(e.g., ``S92''),
8110while the upper half are reserved for auto-numbering
8111(e.g., ``Sfoo'').
8112Thus, with a value of 200 an attempt to use ``S99'' will succeed,
8113but ``S100'' will fail.
8114.ip "MAXPRIORITIES [25]"
8115The maximum number of values for the
8116.q Precedence:
8117field that may be defined
8118(using the
8119.b P
8120line in sendmail.cf).
8121.ip "MAXUSERENVIRON [100]"
8122The maximum number of items in the user environment
8123that will be passed to subordinate mailers.
8124.ip "MAXMXHOSTS [100]"
8125The maximum number of MX records we will accept for any single host.
8126.ip "MAXALIASDB [12]"
8127The maximum number of alias databases that can be open at any time.
8128Note that there may also be an open file limit.
8129.ip "MAXMAPSTACK [12]"
8130The maximum number of maps that may be "stacked" in a
8131.b sequence
8132class map.
8133.ip "MAXMIMEARGS [20]"
8134The maximum number of arguments in a MIME Content-Type: header;
8135additional arguments will be ignored.
8136.ip "MAXMIMENESTING [20]"
8137The maximum depth to which MIME messages may be nested
8138(that is, nested Message or Multipart documents;
8139this does not limit the number of components in a single Multipart document).
8140.ip "MAXDAEMONS [10]"
8141The maximum number of sockets sendmail will open for accepting connections
8142on different ports.
8143.ip "MAXMACNAMELEN [25]"
8144The maximum length of a macro name.
8145.lp
8146A number of other compilation options exist.
8147These specify whether or not specific code should be compiled in.
8148Ones marked with \(dg
8149are 0/1 valued.
8150.nr ii 1.2i
8151.ip NETINET\(dg
8152If set,
8153support for Internet protocol networking is compiled in.
8154Previous versions of
8155.i sendmail
8156referred to this as
8157.sm DAEMON ;
8158this old usage is now incorrect.
8159Defaults on;
8160turn it off in the Makefile
8161if your system doesn't support the Internet protocols.
8162.ip NETINET6\(dg
8163If set,
8164support for IPv6 networking is compiled in.
8165It must be separately enabled by adding DaemonPortOptions settings.
8166.ip NETISO\(dg
8167If set,
8168support for ISO protocol networking is compiled in
8169(it may be appropriate to #define this in the Makefile instead of conf.h).
8170.ip NETUNIX\(dg
8171If set,
8172support for UNIX domain sockets is compiled in.
8173This is used for control socket support.
8174.ip LOG
8175If set,
8176the
8177.i syslog
8178routine in use at some sites is used.
8179This makes an informational log record
8180for each message processed,
8181and makes a higher priority log record
8182for internal system errors.
8183.b "STRONGLY RECOMMENDED"
8184\(em if you want no logging, turn it off in the configuration file.
8185.ip MATCHGECOS\(dg
8186Compile in the code to do ``fuzzy matching'' on the GECOS field
8187in /etc/passwd.
8188This also requires that the
8189.b MatchGECOS
8190option be turned on.
8191.ip NAMED_BIND\(dg
8192Compile in code to use the
8193Berkeley Internet Name Domain (BIND) server
8194to resolve TCP/IP host names.
8195.ip NOTUNIX
8196If you are using a non-UNIX mail format,
8197you can set this flag to turn off special processing
8198of UNIX-style
8199.q "From "
8200lines.
8201.ip QUEUE\(dg
8202This flag should be set to compile in the queueing code.
8203If this is not set,
8204mailers must accept the mail immediately
8205or it will be returned to the sender.
8206.ip SMTP\(dg
8207If set,
8208the code to handle user and server SMTP will be compiled in.
8209This is only necessary if your machine has some mailer
8210that speaks SMTP
8211(this means most machines everywhere).
8212.ip USERDB\(dg
8213Include the
8214.b experimental
8215Berkeley user information database package.
8216This adds a new level of local name expansion
8217between aliasing and forwarding.
8218It also uses the NEWDB package.
8219This may change in future releases.
8220.lp
8221The following options are normally turned on
8222in per-operating-system clauses in conf.h.
8223.ip IDENTPROTO\(dg
8224Compile in the IDENT protocol as defined in RFC 1413.
8225This defaults on for all systems except Ultrix,
8226which apparently has the interesting
8227.q feature
8228that when it receives a
8229.q "host unreachable"
8230message it closes all open connections to that host.
8231Since some firewall gateways send this error code
8232when you access an unauthorized port (such as 113, used by IDENT),
8233Ultrix cannot receive email from such hosts.
8234.ip SYSTEM5
8235Set all of the compilation parameters appropriate for System V.
8236.ip HASFLOCK\(dg
8237Use Berkeley-style
8238.b flock
8239instead of System V
8240.b lockf
8241to do file locking.
8242Due to the highly unusual semantics of locks
8243across forks in
8244.b lockf ,
8245this should always be used if at all possible.
8246.ip HASINITGROUPS
8247Set this if your system has the
8248.i initgroups()
8249call
8250(if you have multiple group support).
8251This is the default if SYSTEM5 is
8252.i not
8253defined or if you are on HPUX.
8254.ip HASUNAME
8255Set this if you have the
8256.i uname (2)
8257system call (or corresponding library routine).
8258Set by default if
8259SYSTEM5
8260is set.
8261.ip HASGETDTABLESIZE
8262Set this if you have the
8263.i getdtablesize (2)
8264system call.
8265.ip HASWAITPID
8266Set this if you have the
8267.i haswaitpid (2)
8268system call.
8269.ip FAST_PID_RECYCLE
8270Set this if your system can possibly
8271reuse the same pid in the same second of time.
8272.ip SFS_TYPE
8273The mechanism that can be used to get file system capacity information.
8274The values can be one of
8275SFS_USTAT (use the ustat(2) syscall),
8276SFS_4ARGS (use the four argument statfs(2) syscall),
8277SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>),
8278SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>),
8279SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>),
8280SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>),
8281or
8282SFS_NONE (no way to get this information).
8283.ip LA_TYPE
8284The load average type.
8285Details are described below.
8286.lp
8287The are several built-in ways of computing the load average.
8288.i Sendmail
8289tries to auto-configure them based on imperfect guesses;
8290you can select one using the
8291.i cc
8292option
8293.b \-DLA_TYPE= \c
8294.i type ,
8295where
8296.i type
8297is:
8298.ip LA_INT
8299The kernel stores the load average in the kernel as an array of long integers.
8300The actual values are scaled by a factor FSCALE
8301(default 256).
8302.ip LA_SHORT
8303The kernel stores the load average in the kernel as an array of short integers.
8304The actual values are scaled by a factor FSCALE
8305(default 256).
8306.ip LA_FLOAT
8307The kernel stores the load average in the kernel as an array of
8308double precision floats.
8309.ip LA_MACH
8310Use MACH-style load averages.
8311.ip LA_SUBR
8312Call the
8313.i getloadavg
8314routine to get the load average as an array of doubles.
8315.ip LA_ZERO
8316Always return zero as the load average.
8317This is the fallback case.
8318.lp
8319If type
8320.sm LA_INT ,
8321.sm LA_SHORT ,
8322or
8323.sm LA_FLOAT
8324is specified,
8325you may also need to specify
8326.sm _PATH_UNIX
8327(the path to your system binary)
8328and
8329.sm LA_AVENRUN
8330(the name of the variable containing the load average in the kernel;
8331usually
8332.q _avenrun
8333or
8334.q avenrun ).
8335.sh 2 "Configuration in sendmail/conf.c"
8336.pp
8337The following changes can be made in conf.c.
8338.sh 3 "Built-in Header Semantics"
8339.pp
8340Not all header semantics are defined in the configuration file.
8341Header lines that should only be included by certain mailers
8342(as well as other more obscure semantics)
8343must be specified in the
8344.i HdrInfo
8345table in
8346.i conf.c .
8347This table contains the header name
8348(which should be in all lower case)
8349and a set of header control flags (described below),
8350The flags are:
8351.ip H_ACHECK
8352Normally when the check is made to see if a header line is compatible
8353with a mailer,
8354.i sendmail
8355will not delete an existing line.
8356If this flag is set,
8357.i sendmail
8358will delete
8359even existing header lines.
8360That is,
8361if this bit is set and the mailer does not have flag bits set
8362that intersect with the required mailer flags
8363in the header definition in
8364sendmail.cf,
8365the header line is
8366.i always
8367deleted.
8368.ip H_EOH
8369If this header field is set,
8370treat it like a blank line,
8371i.e.,
8372it will signal the end of the header
8373and the beginning of the message text.
8374.ip H_FORCE
8375Add this header entry
8376even if one existed in the message before.
8377If a header entry does not have this bit set,
8378.i sendmail
8379will not add another header line if a header line
8380of this name already existed.
8381This would normally be used to stamp the message
8382by everyone who handled it.
8383.ip H_TRACE
8384If set,
8385this is a timestamp
8386(trace)
8387field.
8388If the number of trace fields in a message
8389exceeds a preset amount
8390the message is returned
8391on the assumption that it has an aliasing loop.
8392.ip H_RCPT
8393If set,
8394this field contains recipient addresses.
8395This is used by the
8396.b \-t
8397flag to determine who to send to
8398when it is collecting recipients from the message.
8399.ip H_FROM
8400This flag indicates that this field
8401specifies a sender.
8402The order of these fields in the
8403.i HdrInfo
8404table specifies
8405.i sendmail 's
8406preference
8407for which field to return error messages to.
8408.ip H_ERRORSTO
8409Addresses in this header should receive error messages.
8410.ip H_CTE
8411This header is a Content-Transfer-Encoding header.
8412.ip H_CTYPE
8413This header is a Content-Type header.
8414.ip H_STRIPVAL
8415Strip the value from the header (for Bcc:).
8416.nr ii 5n
8417.lp
8418Let's look at a sample
8419.i HdrInfo
8420specification:
8421.(b
8422.ta 4n +\w'"content-transfer-encoding", 'u
8423struct hdrinfo HdrInfo[] =
8424\&{
8425 /* originator fields, most to least significant */
8426 "resent-sender", H_FROM,
8427 "resent-from", H_FROM,
8428 "sender", H_FROM,
8429 "from", H_FROM,
8430 "full-name", H_ACHECK,
8431 "errors-to", H_FROM\^|\^H_ERRORSTO,
8432 /* destination fields */
8433 "to", H_RCPT,
8434 "resent-to", H_RCPT,
8435 "cc", H_RCPT,
8436 "bcc", H_RCPT\^|\^H_STRIPVAL,
8437 /* message identification and control */
8438 "message", H_EOH,
8439 "text", H_EOH,
8440 /* trace fields */
8441 "received", H_TRACE\^|\^H_FORCE,
8442 /* miscellaneous fields */
8443 "content-transfer-encoding", H_CTE,
8444 "content-type", H_CTYPE,
8445
8446 NULL, 0,
8447};
8448.)b
8449This structure indicates that the
8450.q To: ,
8451.q Resent-To: ,
8452and
8453.q Cc:
8454fields
8455all specify recipient addresses.
8456Any
8457.q Full-Name:
8458field will be deleted unless the required mailer flag
8459(indicated in the configuration file)
8460is specified.
8461The
8462.q Message:
8463and
8464.q Text:
8465fields will terminate the header;
8466these are used by random dissenters around the network world.
8467The
8468.q Received:
8469field will always be added,
8470and can be used to trace messages.
8471.pp
8472There are a number of important points here.
8473First,
8474header fields are not added automatically just because they are in the
8475.i HdrInfo
8476structure;
8477they must be specified in the configuration file
8478in order to be added to the message.
8479Any header fields mentioned in the configuration file but not
8480mentioned in the
8481.i HdrInfo
8482structure have default processing performed;
8483that is,
8484they are added unless they were in the message already.
8485Second,
8486the
8487.i HdrInfo
8488structure only specifies cliched processing;
8489certain headers are processed specially by ad hoc code
8490regardless of the status specified in
8491.i HdrInfo .
8492For example,
8493the
8494.q Sender:
8495and
8496.q From:
8497fields are always scanned on ARPANET mail
8498to determine the sender\**;
8499.(f
8500\**Actually, this is no longer true in SMTP;
8501this information is contained in the envelope.
8502The older ARPANET protocols did not completely distinguish
8503envelope from header.
8504.)f
8505this is used to perform the
8506.q "return to sender"
8507function.
8508The
8509.q "From:"
8510and
8511.q "Full-Name:"
8512fields are used to determine the full name of the sender
8513if possible;
8514this is stored in the macro
8515.b $x
8516and used in a number of ways.
8517.sh 3 "Restricting Use of Email"
8518.pp
8519If it is necessary to restrict mail through a relay,
8520the
8521.i checkcompat
8522routine can be modified.
8523This routine is called for every recipient address.
8524It returns an exit status
8525indicating the status of the message.
8526The status
8527.sm EX_OK
8528accepts the address,
8529.sm EX_TEMPFAIL
8530queues the message for a later try,
8531and other values
8532(commonly
8533.sm EX_UNAVAILABLE )
8534reject the message.
8535It is up to
8536.i checkcompat
8537to print an error message
8538(using
8539.i usrerr )
8540if the message is rejected.
8541For example,
8542.i checkcompat
8543could read:
8544.(b
8545.re
8546.sz -1
8547.ta 4n +4n +4n +4n +4n +4n +4n
8548int
8549checkcompat(to, e)
8550 register ADDRESS *to;
8551 register ENVELOPE *e;
8552\&{
8553 register STAB *s;
8554
8555 s = stab("private", ST_MAILER, ST_FIND);
8556 if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
8557 to->q_mailer == s->s_mailer)
8558 {
8559 usrerr("No private net mail allowed through this machine");
8560 return (EX_UNAVAILABLE);
8561 }
8562 if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
8563 {
8564 usrerr("Message too large for non-local delivery");
8565 e\->e_flags |= EF_NORETURN;
8566 return (EX_UNAVAILABLE);
8567 }
8568 return (EX_OK);
8569}
8570.sz
8571.)b
8572This would reject messages greater than 50000 bytes
8573unless they were local.
8574The
8575.i EF_NORETURN
8576flag can be set in
8577.i e\(->e_flags
8578to suppress the return of the actual body
8579of the message in the error return.
8580The actual use of this routine is highly dependent on the
8581implementation,
8582and use should be limited.
8583.sh 3 "New Database Map Classes"
8584.pp
8585New key maps can be added by creating a class initialization function
8586and a lookup function.
8587These are then added to the routine
8588.i setupmaps.
8589.pp
8590The initialization function is called as
8591.(b
8592\fIxxx\fP_map_init(MAP *map, char *args)
8593.)b
8594The
8595.i map
8596is an internal data structure.
8597The
8598.i args
8599is a pointer to the portion of the configuration file line
8600following the map class name;
8601flags and filenames can be extracted from this line.
8602The initialization function must return
8603.sm TRUE
8604if it successfully opened the map,
8605.sm FALSE
8606otherwise.
8607.pp
8608The lookup function is called as
8609.(b
8610\fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp)
8611.)b
8612The
8613.i map
8614defines the map internally.
8615The
8616.i buf
8617has the input key.
8618This may be (and often is) used destructively.
8619The
8620.i av
8621is a list of arguments passed in from the rewrite line.
8622The lookup function should return a pointer to the new value.
8623If the map lookup fails,
8624.i *statp
8625should be set to an exit status code;
8626in particular, it should be set to
8627.sm EX_TEMPFAIL
8628if recovery is to be attempted by the higher level code.
8629.sh 3 "Queueing Function"
8630.pp
8631The routine
8632.i shouldqueue
8633is called to decide if a message should be queued
8634or processed immediately.
8635Typically this compares the message priority to the current load average.
8636The default definition is:
8637.(b
8638bool
8639shouldqueue(pri, ctime)
8640 long pri;
8641 time_t ctime;
8642{
8643 if (CurrentLA < QueueLA)
8644 return (FALSE);
8645 return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
8646}
8647.)b
8648If the current load average
8649(global variable
8650.i CurrentLA ,
8651which is set before this function is called)
8652is less than the low threshold load average
8653(option
8654.b x ,
8655variable
8656.i QueueLA ),
8657.i shouldqueue
8658returns
8659.sm FALSE
8660immediately
8661(that is, it should
8662.i not
8663queue).
8664If the current load average exceeds the high threshold load average
8665(option
8666.b X ,
8667variable
8668.i RefuseLA ),
8669.i shouldqueue
8670returns
8671.sm TRUE
8672immediately.
8673Otherwise, it computes the function based on the message priority,
8674the queue factor
8675(option
8676.b q ,
8677global variable
8678.i QueueFactor ),
8679and the current and threshold load averages.
8680.pp
8681An implementation wishing to take the actual age of the message into account
8682can also use the
8683.i ctime
8684parameter,
8685which is the time that the message was first submitted to
8686.i sendmail .
8687Note that the
8688.i pri
8689parameter is already weighted
8690by the number of times the message has been tried
8691(although this tends to lower the priority of the message with time);
8692the expectation is that the
8693.i ctime
8694would be used as an
8695.q "escape clause"
8696to ensure that messages are eventually processed.
8697.sh 3 "Refusing Incoming SMTP Connections"
8698.pp
8699The function
8700.i refuseconnections
8701returns
8702.sm TRUE
8703if incoming SMTP connections should be refused.
8704The current implementation is based exclusively on the current load average
8705and the refuse load average option
8706(option
8707.b X ,
8708global variable
8709.i RefuseLA ):
8710.(b
8711bool
8712refuseconnections()
8713{
8714 return (RefuseLA > 0 && CurrentLA >= RefuseLA);
8715}
8716.)b
8717A more clever implementation
8718could look at more system resources.
8719.sh 3 "Load Average Computation"
8720.pp
8721The routine
8722.i getla
8723returns the current load average (as a rounded integer).
8724The distribution includes several possible implementations.
8725If you are porting to a new environment
8726you may need to add some new tweaks.\**
8727.(f
8728\**If you do, please send updates to
8729sendmail@Sendmail.ORG.
8730.)f
8731.sh 2 "Configuration in sendmail/daemon.c"
8732.pp
8733The file
8734.i sendmail/daemon.c
8735contains a number of routines that are dependent
8736on the local networking environment.
8737The version supplied assumes you have BSD style sockets.
8738.pp
8739In previous releases,
8740we recommended that you modify the routine
8741.i maphostname
8742if you wanted to generalize
8743.b $[
8744\&...\&
8745.b $]
8746lookups.
8747We now recommend that you create a new keyed map instead.
8748.sh 2 "Certificates for STARTTLS"
8749.pp
8750In this section we assume that
8751.i sendmail
8752has been compiled with support for STARTTLS.
8753When acting as a server,
8754.i sendmail
8755requires X.509 certificates to support STARTTLS:
8756one as certificate for the server (ServerCertFile and corresponding
8757private ServerKeyFile)
8758at least one root CA (CACERTFile),
8759i.e., a certificate that is used to sign other certificates,
8760and a path to a directory which contains other CAs (CACERTPath).
8761The file specified via
8762CACERTFile
8763can contain several certificates of CAs.
8764The DNs of these certificates are sent
8765to the client during the TLS handshake (as part of the
8766CertificateRequest) as the list of acceptable CAs.
8767The CACERTPath directory must contain the hashes of each CA certificate
8768as filenames (or as links to them).
8769Symbolic links can be generated with the following
8770two (Bourne) shell commands:
8771.(b
8772C=FileName_of_CA_Certificate
8773ln -s $C `openssl x509 -noout -hash < $C`.0
8774.)b
8775An X.509 certificate is also required for authentication in client mode
8776(ClientCertFile and corresponding private ClientKeyFile), however,
8777.i sendmail
8778will always use STARTTLS when offered by a server.
8779The client and server certificates can be identical.
8780Certificates can be obtained from a certificate authority
8781or created with the help of OpenSSL.
8782The required format for certificates and private keys is PEM.
8783To allow for automatic startup of sendmail, private keys
8784(ServerKeyFile, ClientKeyFile)
8785must be stored unencrypted.
8786The keys are only protected by the permissions of the file system.
8787Never make a private key available to a third party.
8788.sh 2 "PRNG for STARTTLS"
8789.pp
8790STARTTLS requires a strong pseudo random number generator (PRNG)
8791to operate properly.
8792Depending on the TLS library you use, it may be required to explicitly
8793initialize the PRNG with random data.
8794OpenSSL makes use of
8795.b /dev/urandom(4)
8796if available (this corresponds to the compile flag HASURANDOMDEV).
8797On systems which lack this support, a random file must be specified in the
8798.i sendmail.cf
8799file using the option RandFile.
8800It is
8801.b strongly
8802advised to use the "Entropy Gathering Daemon" EGD
8803from Brian Warner on those systems to provide useful random data.
8804In this case,
8805.i sendmail
8806must be compiled with the flag EGD, and the
8807RandFile option must point to the EGD socket.
8808If neither
8809.b /dev/urandom(4)
8810nor EGD are available, you have to make sure
8811that useful random data is available all the time in RandFile.
8812If the file hasn't been modified in the last 10 minutes before
8813it is supposed to be used by
8814.i sendmail
8815the content is considered obsolete.
8816One method for generating this file is:
8817.(b
8818openssl rand -out /etc/mail/randfile -rand \c
8819.i /path/to/file:... \c
8820256
8821.)b
8822See the OpenSSL documentation for more information.
8823In this case, the PRNG for TLS is only
8824seeded with other random data if the
8825.b DontBlameSendmail
8826option
8827.b InsufficientEntropy
8828is set.
8829This is most likely not sufficient for certain actions, e.g.,
8830generation of (temporary) keys.
8831.pp
8832Please see the OpenSSL documentation or other sources
8833for further information about certificates, their creation and their usage,
8834the importance of a good PRNG, and other aspects of TLS.
8835.sh 1 "ACKNOWLEDGEMENTS"
8836.pp
8837I've worked on
8838.i sendmail
8839for many years,
8840and many employers have been remarkably patient
8841about letting me work on a large project
8842that was not part of my official job.
8843This includes time on the INGRES Project at
8844the University of California at Berkeley,
8845at Britton Lee,
8846and again on the Mammoth and Titan Projects at Berkeley.
8847.pp
8848Much of the second wave of improvements
8849resulting in version 8.1
8850should be credited to Bryan Costales of the
8851International Computer Science Institute.
8852As he passed me drafts of his book on
8853.i sendmail
8854I was inspired to start working on things again.
8855Bryan was also available to bounce ideas off of.
8856.pp
8857Gregory Neil Shapiro
8858of Worcester Polytechnic Institute
8859has become instrumental in all phases of
8860.i sendmail
8861support and development,
8862and was largely responsible for getting versions 8.8 and 8.9
8863out the door.
8864.pp
8865Many, many people contributed chunks of code and ideas to
8866.i sendmail .
8867It has proven to be a group network effort.
8868Version 8 in particular was a group project.
8869The following people and organizations made notable contributions:
8870.(l
8871Claus Assmann
8872John Beck, Hewlett-Packard & Sun Microsystems
8873Keith Bostic, CSRG, University of California, Berkeley
8874Andrew Cheng, Sun Microsystems
8875Michael J. Corrigan, University of California, San Diego
8876Bryan Costales, International Computer Science Institute & InfoBeat
8877Pa\*:r (Pell) Emanuelsson
8878Craig Everhart, Transarc Corporation
8879Per Hedeland, Ericsson
8880Tom Ivar Helbekkmo, Norwegian School of Economics
8881Kari Hurtta, Finnish Meteorological Institute
8882Allan E. Johannesen, WPI
8883Jonathan Kamens, OpenVision Technologies, Inc.
8884Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.
8885Brian Kantor, University of California, San Diego
8886John Kennedy, Cal State University, Chico
8887Murray S. Kucherawy, HookUp Communication Corp.
8888Bruce Lilly, Sony U.S.
8889Karl London
8890Motonori Nakamura, Ritsumeikan University & Kyoto University
8891John Gardiner Myers, Carnegie Mellon University
8892Neil Rickert, Northern Illinois University
8893Gregory Neil Shapiro, WPI
8894Eric Schnoebelen, Convex Computer Corp.
8895Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
8896Randall Winchester, University of Maryland
8897Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
8898Exactis.com, Inc.
8899.)l
8900I apologize for anyone I have omitted, misspelled, misattributed, or
8901otherwise missed.
8902At this point, I suspect that at least a hundred people
8903have contributed code,
8904and many more have contributed ideas, comments, and encouragement.
8905I've tried to list them in the RELEASE_NOTES in the distribution directory.
8906I appreciate their contribution as well.
8907.pp
8908Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel,
8909who besides being wonderful guinea pigs and contributors
8910have also consented to be added to the ``sendmail@Sendmail.ORG'' list
8911and, by answering the bulk of the questions sent to that list,
8912have freed me up to do other work.
8913.++ A
8914.+c "COMMAND LINE FLAGS"
8915.ba 0
8916.nr ii 1i
8917.pp
8918Arguments must be presented with flags before addresses.
8919The flags are:
8920.ip \-b\fIx\fP
8921Set operation mode to
8922.i x .
8923Operation modes are:
8924.(b
8925.ta 4n
8926m Deliver mail (default)
8927s Speak SMTP on input side
8928a\(dg ``Arpanet'' mode (get envelope sender information from header)
8929d Run as a daemon in background
8930D Run as a daemon in foreground
8931t Run in test mode
8932v Just verify addresses, don't collect or deliver
8933i Initialize the alias database
8934p Print the mail queue
8935h Print the persistent host status database
8936H Purge expired entries from the persistent host status database
8937.)b
8938.(f
8939\(dgDeprecated.
8940.)f
8941.ip \-B\fItype\fP
8942Indicate body type.
8943.ip \-C\fIfile\fP
8944Use a different configuration file.
8945.i Sendmail
8946runs as the invoking user (rather than root)
8947when this flag is specified.
8948.ip \-d\fIlevel\fP
8949Set debugging level.
8950.ip "\-f\ \fIaddr\fP"
8951The envelope sender address is set to
8952.i addr .
8953This address may also be used in the From: header
8954if that header is missing during initial submission.
8955The envelope sender address is used as the recipient
8956for delivery status notifications
8957and may also appear in a Return-Path: header.
8958.ip \-F\ \fIname\fP
8959Sets the full name of this user to
8960.i name .
8961.ip \-G
8962When accepting messages via the command line,
8963indicate that they are for relay (gateway) submission.
8964sendmail may complain about syntactically invalid messages,
8965e.g., unqualified host names,
8966rather than fixing them when this flag is set.
8967sendmail will not do any canonicalization in this mode.
8968.ip "\-h\ \fIcnt\fP"
8969Sets the
8970.q "hop count"
8971to
8972.i cnt .
8973This represents the number of times this message has been processed
8974by
8975.i sendmail
8976(to the extent that it is supported by the underlying networks).
8977.i Cnt
8978is incremented during processing,
8979and if it reaches
8980MAXHOP
8981(currently 30)
8982.i sendmail
8983throws away the message with an error.
8984.ip "\-L \fItag\fP"
8985Sets the identifier used for syslog.
8986Note that this identifier is set
8987as early as possible.
8988However,
8989.i sendmail
8990may be used
8991if problems arise
8992before the command line arguments
8993are processed.
8994.ip \-n
8995Don't do aliasing or forwarding.
8996.ip "\-N \fInotifications\fP"
8997Tag all addresses being sent as wanting the indicated
8998.i notifications ,
8999which consists of the word
9000.q NEVER
9001or a comma-separated list of
9002.q SUCCESS ,
9003.q FAILURE ,
9004and
9005.q DELAY
9006for successful delivery,
9007failure,
9008and a message that is stuck in a queue somewhere.
9009The default is
9010.q FAILURE,DELAY .
9011.ip "\-r\ \fIaddr\fP"
9012An obsolete form of
9013.b \-f .
9014.ip \-o\fIx\|value\fP
9015Set option
9016.i x
9017to the specified
9018.i value .
9019These options are described in Section 5.6.
9020.ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
9021Set
9022.i option
9023to the specified
9024.i value
9025(for long form option names).
9026These options are described in Section 5.6.
9027.ip \-M\fIx\|value\fP
9028Set macro
9029.i x
9030to the specified
9031.i value .
9032.ip \-p\fIprotocol\fP
9033Set the sending protocol.
9034Programs are encouraged to set this.
9035The protocol field can be in the form
9036.i protocol \c
9037.b : \c
9038.i host
9039to set both the sending protocol and sending host.
9040For example,
9041.q \-pUUCP:uunet
9042sets the sending protocol to UUCP
9043and the sending host to uunet.
9044(Some existing programs use \-oM to set the r and s macros;
9045this is equivalent to using \-p.)
9046.ip \-q\fItime\fP
9047Try to process the queued up mail.
9048If the time is given,
9049a
9050.i sendmail
9051will run through the queue at the specified interval
9052to deliver queued mail;
9053otherwise, it only runs once.
9054.ip \-q\fIXstring\fP
9055Run the queue once,
9056limiting the jobs to those matching
9057.i Xstring .
9058The key letter
9059.i X
9060can be
9061.b I
9062to limit based on queue identifier,
9063.b R
9064to limit based on recipient,
9065or
9066.b S
9067to limit based on sender.
9068A particular queued job is accepted if one of the corresponding addresses
9069contains the indicated
9070.i string .
9071Multiple
9072.i \-q\fIX\fP
9073flags are permitted,
9074with items with the same key letter
9075.q or'ed
9076together, and items with different key letters
9077.q and'ed
9078together.
9079.ip "\-R ret"
9080What information you want returned if the message bounces;
9081.i ret
9082can be
9083.q HDRS
9084for headers only or
9085.q FULL
9086for headers plus body.
9087This is a request only;
9088the other end is not required to honor the parameter.
9089If
9090.q HDRS
9091is specified local bounces also return only the headers.
9092.ip \-t
9093Read the header for
9094.q To: ,
9095.q Cc: ,
9096and
9097.q Bcc:
9098lines, and send to everyone listed in those lists.
9099The
9100.q Bcc:
9101line will be deleted before sending.
9102Any addresses in the argument vector will be deleted
9103from the send list.
9104.ip "\-U"
9105Indicate that this is an initial User Agent submission.
9106This flag is deprecated.
9107Future releases will ignore this flag and
9108assume all submissions from the command line are
9109initial submissions.
9110.ip "\-V envid"
9111The indicated
9112.i envid
9113is passed with the envelope of the message
9114and returned if the message bounces.
9115.ip "\-X \fIlogfile\fP"
9116Log all traffic in and out of
9117.i sendmail
9118in the indicated
9119.i logfile
9120for debugging mailer problems.
9121This produces a lot of data very quickly and should be used sparingly.
9122.pp
9123There are a number of options that may be specified as
9124primitive flags.
9125These are the e, i, m, and v options.
9126Also,
9127the f option
9128may be specified as the
9129.b \-s
9130flag.
9131The DSN related options
9132.q "\-N" ,
9133.q "\-R" ,
9134and
9135.q "\-V"
9136have no effects on
9137.i sendmail
9138running as daemon.
9139.+c "QUEUE FILE FORMATS"
9140.pp
9141This appendix describes the format of the queue files.
9142These files live in the directory defined by the
9143.b Q
9144option in the
9145.i sendmail.cf
9146file, usually
9147.i /var/spool/mqueue
9148or
9149.i /usr/spool/mqueue .
9150The individual qf, df, and xf files
9151may be stored in separate
9152.i qf/ ,
9153.i df/ ,
9154and
9155.i xf/
9156subdirectories
9157if they are present in the queue directory.
9158.pp
9159To use multiple queues,
9160supply a value ending with an asterisk.
9161For example,
9162.i /var/spool/mqueue/q*
9163will use all of the directories or symbolic links to directories
9164beginning with `q' in
9165.i /var/spool/mqueue
9166as queue directories.
9167New messages will be randomly placed
9168into one of the queues.
9169Do not change the queue directory structure
9170while sendmail is running.
9171.pp
9172All queue files have the name
9173\fIx\fP\|\fBf\fP\fIYMDhmsNPPPPP\fP
9174where
9175.i YMDhmsNPPPPP
9176is the
9177.i id
9178for this message
9179and the
9180.i x
9181is a type.
9182The individual letters in the
9183.i id
9184are:
9185.nr ii 0.5i
9186.ip Y
9187Encoded year
9188.ip M
9189Encoded month
9190.ip D
9191Encoded day
9192.ip h
9193Encoded hour
9194.ip m
9195Encoded minute
9196.ip s
9197Encoded second
9198.ip N
9199Envelope number
9200.ip PPPPP
9201At least five digits of the process ID
9202.pp
9203All files with the same id collectively define one message.
9204If memory-buffered files are available,
9205some of these files may never appear
9206on disk.
9207.pp
9208The types are:
9209.nr ii 0.5i
9210.ip d
9211The data file.
9212The message body (excluding the header) is kept in this file.
9213.ip q
9214The queue control file.
9215This file contains the information necessary to process the job.
9216.ip t
9217A temporary file.
9218These are an image of the
9219.b qf
9220file when it is being rebuilt.
9221It should be renamed to a
9222.b qf
9223file very quickly.
9224.ip x
9225A transcript file,
9226existing during the life of a session
9227showing everything that happens
9228during that session.
9229.pp
9230The
9231.b qf
9232file is structured as a series of lines
9233each beginning with a code letter.
9234The lines are as follows:
9235.ip V
9236The version number of the queue file format,
9237used to allow new
9238.i sendmail
9239binaries to read queue files created by older versions.
9240Defaults to version zero.
9241Must be the first line of the file if present.
9242For 8.10 the version number is 4.
9243.ip A
9244The information given by the AUTH= parameter of the
9245.q "MAIL FROM:"
9246command or $f@$j
9247if sendmail has been called directly.
9248.ip H
9249A header definition.
9250There may be any number of these lines.
9251The order is important:
9252they represent the order in the final message.
9253These use the same syntax
9254as header definitions in the configuration file.
9255.ip C
9256The controlling address.
9257The syntax is
9258.q localuser:aliasname .
9259Recipient addresses following this line
9260will be flagged so that deliveries will be run as the
9261.i localuser
9262(a user name from the /etc/passwd file);
9263.i aliasname
9264is the name of the alias that expanded to this address
9265(used for printing messages).
9266.ip Q
9267The ``original recipient'',
9268specified by the ORCPT= field in an ESMTP transaction.
9269Used exclusively for Delivery Status Notifications.
9270It applies only to the immediately following `R' line.
9271.ip R
9272A recipient address.
9273This will normally be completely aliased,
9274but is actually realiased when the job is processed.
9275There will be one line
9276for each recipient.
9277Version 1 qf files
9278also include a leading colon-terminated list of flags,
9279which can be
9280`S' to return a message on successful final delivery,
9281`F' to return a message on failure,
9282`D' to return a message if the message is delayed,
9283`B' to indicate that the body should be returned,
9284`N' to suppress returning the body,
9285and
9286`P' to declare this as a ``primary'' (command line or SMTP-session) address.
9287.ip S
9288The sender address.
9289There may only be one of these lines.
9290.ip T
9291The job creation time.
9292This is used to compute when to time out the job.
9293.ip P
9294The current message priority.
9295This is used to order the queue.
9296Higher numbers mean lower priorities.
9297The priority changes
9298as the message sits in the queue.
9299The initial priority depends on the message class
9300and the size of the message.
9301.ip M
9302A message.
9303This line is printed by the
9304.i mailq
9305command,
9306and is generally used to store status information.
9307It can contain any text.
9308.ip F
9309Flag bits, represented as one letter per flag.
9310Defined flag bits are
9311.b r
9312indicating that this is a response message
9313and
9314.b w
9315indicating that a warning message has been sent
9316announcing that the mail has been delayed.
9317.ip N
9318The total number of delivery attempts.
9319.ip K
9320The time (as seconds since January 1, 1970)
9321of the last delivery attempt.
9322.ip I
9323The i-number of the data file;
9324this can be used to recover your mail queue
9325after a disastrous disk crash.
9326.ip $
9327A macro definition.
9328The values of certain macros
9329are passed through to the queue run phase.
9330.ip B
9331The body type.
9332The remainder of the line is a text string defining the body type.
9333If this field is missing,
9334the body type is assumed to be
9335.q "undefined"
9336and no special processing is attempted.
9337Legal values are
9338.q 7BIT
9339and
9340.q 8BITMIME .
9341.ip Z
9342The original envelope id (from the ESMTP transaction).
9343For Deliver Status Notifications only.
9344.pp
9345As an example,
9346the following is a queue file sent to
9347.q eric@mammoth.Berkeley.EDU
9348and
9349.q bostic@okeeffe.CS.Berkeley.EDU \**:
9350.(f
9351\**This example is contrived and probably inaccurate for your environment.
9352Glance over it to get an idea;
9353nothing can replace looking at what your own system generates.
9354.)f
9355.(b
9356V4
9357T711358135
9358K904446490
9359N0
9360P2100941
9361$_eric@localhost
9362${daemon_flags}
9363Seric
9364Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU
9365RPFD:eric@mammoth.Berkeley.EDU
9366RPFD:bostic@okeeffe.CS.Berkeley.EDU
9367H?P?Return-path: <^g>
9368H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
9369 Fri, 17 Jul 1992 00:28:55 -0700
9370H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
9371 id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
9372H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
9373 id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
9374H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
9375 id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
9376H?F?From: eric@foo.bar.baz.de (Eric Allman)
9377H?x?Full-name: Eric Allman
9378H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
9379H??To: sendmail@vangogh.CS.Berkeley.EDU
9380H??Subject: this is an example message
9381.)b
9382This shows
9383the person who sent the message,
9384the submission time
9385(in seconds since January 1, 1970),
9386the message priority,
9387the message class,
9388the recipients,
9389and the headers for the message.
9390.+c "SUMMARY OF SUPPORT FILES"
9391.pp
9392This is a summary of the support files
9393that
9394.i sendmail
9395creates or generates.
9396Many of these can be changed by editing the sendmail.cf file;
9397check there to find the actual pathnames.
9398.nr ii 1i
9399.ip "/usr/\*(SD/sendmail"
9400The binary of
9401.i sendmail .
9402.ip /usr/\*(SB/newaliases
9403A link to /usr/\*(SD/sendmail;
9404causes the alias database to be rebuilt.
9405Running this program is completely equivalent to giving
9406.i sendmail
9407the
9408.b \-bi
9409flag.
9410.ip /usr/\*(SB/mailq
9411Prints a listing of the mail queue.
9412This program is equivalent to using the
9413.b \-bp
9414flag to
9415.i sendmail .
9416.ip /etc/mail/sendmail.cf
9417The configuration file,
9418in textual form.
9419.ip /etc/mail/helpfile
9420The SMTP help file.
9421.ip /etc/mail/statistics
9422A statistics file; need not be present.
9423.ip /etc/mail/sendmail.pid
9424Created in daemon mode;
9425it contains the process id of the current SMTP daemon.
9426If you use this in scripts;
9427use ``head \-1'' to get just the first line;
9428the second line contains the command line used to invoke the daemon,
9429and later versions of
9430.i sendmail
9431may add more information to subsequent lines.
9432.ip /etc/mail/aliases
9433The textual version of the alias file.
9434.ip /etc/mail/aliases.db
9435The alias file in
9436.i hash \|(3)
9437format.
9438.ip /etc/mail/aliases.{pag,dir}
9439The alias file in
9440.i ndbm \|(3)
9441format.
9442.ip /var/spool/mqueue
9443The directory in which the mail queue(s)
9444and temporary files reside.
9445.ip /var/spool/mqueue/qf*
9446Control (queue) files for messages.
9447.ip /var/spool/mqueue/df*
9448Data files.
9449.ip /var/spool/mqueue/tf*
9450Temporary versions of the qf files,
9451used during queue file rebuild.
9452.ip /var/spool/mqueue/xf*
9453A transcript of the current session.
9454.if o \
9455\{\
9456. bp
9457. rs
9458. sp |4i
9459. ce 2
9460This page intentionally left blank;
9461replace it with a blank sheet for double-sided output.
9462.\}
9463.\".ro
9464.\".ls 1
9465.\".tp
9466.\".sp 2i
9467.\".in 0
9468.\".ce 100
9469.\".sz 24
9470.\".b SENDMAIL
9471.\".sz 14
9472.\".sp
9473.\"INSTALLATION AND OPERATION GUIDE
9474.\".sp
9475.\".sz 10
9476.\"Eric Allman
9477.\".sp
| 6445.ip ProcessTitlePrefix=\fIstring\fP
6446[no short name]
6447Prefix the process title shown on 'ps' listings with
6448.i string .
6449The
6450.i string
6451will be macro processed.
6452.ip QueueDirectory=\fIdir\fP
6453[Q]
6454Use the named
6455.i dir
6456as the queue directory.
6457To use multiple queues, supply a value ending with an asterisk.
6458For example,
6459.i /var/spool/mqueue/q*
6460will use all of the directories or symbolic links to directories
6461beginning with
6462.i q
6463in
6464.i /var/spool/mqueue
6465as queue directories.
6466Do not change the queue directory structure
6467while sendmail is running.
6468.ip QueueFactor=\fIfactor\fP
6469[q]
6470Use
6471.i factor
6472as the multiplier in the map function
6473to decide when to just queue up jobs rather than run them.
6474This value is divided by the difference between the current load average
6475and the load average limit
6476(\c
6477.b QueueLA
6478option)
6479to determine the maximum message priority
6480that will be sent.
6481Defaults to 600000.
6482.ip QueueLA=\fILA\fP
6483[x]
6484When the system load average exceeds
6485.i LA
6486and the
6487.b QueueFactor
6488(\c
6489.b q )
6490option divided by the difference in the current load average and the
6491.b QueueLA
6492option plus one
6493is less than the priority of the message,
6494just queue messages
6495(i.e., don't try to send them).
6496Defaults to 8 multiplied by
6497the number of processors online on the system
6498(if that can be determined).
6499.ip QueueSortOrder=\fIalgorithm\fP
6500[no short name]
6501Sets the
6502.i algorithm
6503used for sorting the queue.
6504Only the first character of the value is used.
6505Legal values are
6506.q host
6507(to order by the name of the first host name of the first recipient),
6508.q filename
6509(to order by the name of the queue file name),
6510.q time
6511(to order by the submission time),
6512and
6513.q priority
6514(to order by message priority).
6515Host ordering makes better use of the connection cache,
6516but may tend to process low priority messages
6517that go to a single host
6518over high priority messages that go to several hosts;
6519it probably shouldn't be used on slow network links.
6520Filename ordering saves the overhead of
6521reading all of the queued items
6522before starting the queue run.
6523Time ordering is almost always a bad idea,
6524since it allows large, bulk mail to go out
6525before smaller, personal mail,
6526but may have applicability on some hosts with very fast connections.
6527Priority ordering is the default.
6528.ip QueueTimeout=\fItimeout\fP
6529[T]
6530A synonym for
6531.q Timeout.queuereturn .
6532Use that form instead of the
6533.q QueueTimeout
6534form.
6535.ip RandFile
6536[no short name]
6537Name of file containing random data or the name of the UNIX socket
6538if EGD is used.
6539A (required) prefix "egd:" or "file:" specifies the type.
6540STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set
6541(see sendmail/README).
6542.ip ResolverOptions=\fIoptions\fP
6543[I]
6544Set resolver options.
6545Values can be set using
6546.b + \c
6547.i flag
6548and cleared using
6549.b \- \c
6550.i flag ;
6551the
6552.i flag s
6553can be
6554.q debug ,
6555.q aaonly ,
6556.q usevc ,
6557.q primary ,
6558.q igntc ,
6559.q recurse ,
6560.q defnames ,
6561.q stayopen ,
6562or
6563.q dnsrch .
6564The string
6565.q HasWildcardMX
6566(without a
6567.b +
6568or
6569.b \- )
6570can be specified to turn off matching against MX records
6571when doing name canonifications.
6572.b N.B.
6573Prior to 8.7,
6574this option indicated that the name server be responding
6575in order to accept addresses.
6576This has been replaced by checking to see
6577if the
6578.q dns
6579method is listed in the service switch entry for the
6580.q hosts
6581service.
6582.ip RrtImpliesDsn
6583[R]
6584If this option is set, a
6585.q Return-Receipt-To:
6586header causes the request of a DSN, which is sent to
6587the envelope sender as required by RFC1891,
6588not to the address given in the header.
6589.ip RunAsUser=\fIuser\fP
6590[no short name]
6591The
6592.i user
6593parameter may be a user name
6594(looked up in
6595.i /etc/passwd )
6596or a numeric user id;
6597either form can have
6598.q ":group"
6599attached
6600(where group can be numeric or symbolic).
6601If set to a non-zero (non-root) value,
6602.i sendmail
6603will change to this user id shortly after startup\**.
6604.(f
6605\**When running as a daemon,
6606it changes to this user after accepting a connection
6607but before reading any
6608.sm SMTP
6609commands.
6610.)f
6611This avoids a certain class of security problems.
6612However, this means that all
6613.q \&.forward
6614and
6615.q :include:
6616files must be readable by the indicated
6617.i user
6618and all files to be written must be writable by
6619.i user
6620Also, all file and program deliveries will be marked unsafe
6621unless the option
6622.b DontBlameSendmail=NonRootSafeAddr
6623is set,
6624in which case the delivery will be done as
6625.i user .
6626It is also incompatible with the
6627.b SafeFileEnvironment
6628option.
6629In other words, it may not actually add much to security on an average system,
6630and may in fact detract from security
6631(because other file permissions must be loosened).
6632However, it should be useful on firewalls and other
6633places where users don't have accounts and the aliases file is
6634well constrained.
6635.ip RecipientFactor=\fIfact\fP
6636[y]
6637The indicated
6638.i fact or
6639is added to the priority (thus
6640.i lowering
6641the priority of the job)
6642for each recipient,
6643i.e., this value penalizes jobs with large numbers of recipients.
6644Defaults to 30000.
6645.ip RefuseLA=\fILA\fP
6646[X]
6647When the system load average exceeds
6648.i LA ,
6649refuse incoming SMTP connections.
6650Defaults to 12 multiplied by
6651the number of processors online on the system
6652(if that can be determined).
6653.ip RetryFactor=\fIfact\fP
6654[Z]
6655The
6656.i fact or
6657is added to the priority
6658every time a job is processed.
6659Thus,
6660each time a job is processed,
6661its priority will be decreased by the indicated value.
6662In most environments this should be positive,
6663since hosts that are down are all too often down for a long time.
6664Defaults to 90000.
6665.ip SafeFileEnvironment=\fIdir\fP
6666[no short name]
6667If this option is set,
6668.i sendmail
6669will do a
6670.i chroot (2)
6671call into the indicated
6672.i dir ectory
6673before doing any file writes.
6674If the file name specified by the user begins with
6675.i dir ,
6676that partial path name will be stripped off before writing,
6677so (for example)
6678if the SafeFileEnvironment variable is set to
6679.q /safe
6680then aliases of
6681.q /safe/logs/file
6682and
6683.q /logs/file
6684actually indicate the same file.
6685Additionally, if this option is set,
6686.i sendmail
6687refuses to deliver to symbolic links.
6688.ip SaveFromLine
6689[f]
6690Save
6691UNIX-style
6692.q From
6693lines at the front of headers.
6694Normally they are assumed redundant
6695and discarded.
6696.ip SendMimeErrors
6697[j]
6698If set, send error messages in MIME format
6699(see RFC2045 and RFC1344 for details).
6700If disabled,
6701.i sendmail
6702will not return the DSN keyword in response to an EHLO
6703and will not do Delivery Status Notification processing as described in
6704RFC1891.
6705.ip ServerCertFile
6706[no short name]
6707File containing the certificate of the server, i.e., this certificate
6708is used when sendmail acts as server.
6709.ip ServerKeyFile
6710[no short name]
6711File containing the private key belonging to the server certificate.
6712.ip ServiceSwitchFile=\fIfilename\fP
6713[no short name]
6714If your host operating system has a service switch abstraction
6715(e.g., /etc/nsswitch.conf on Solaris
6716or /etc/svc.conf on Ultrix and DEC OSF/1)
6717that service will be consulted and this option is ignored.
6718Otherwise, this is the name of a file
6719that provides the list of methods used to implement particular services.
6720The syntax is a series of lines,
6721each of which is a sequence of words.
6722The first word is the service name,
6723and following words are service types.
6724The services that
6725.i sendmail
6726consults directly are
6727.q aliases
6728and
6729.q hosts.
6730Service types can be
6731.q dns ,
6732.q nis ,
6733.q nisplus ,
6734or
6735.q files
6736(with the caveat that the appropriate support
6737must be compiled in
6738before the service can be referenced).
6739If ServiceSwitchFile is not specified, it defaults to
6740/etc/mail/service.switch.
6741If that file does not exist, the default switch is:
6742.(b
6743aliases files
6744hosts dns nis files
6745.)b
6746The default file is
6747.q /etc/mail/service.switch .
6748.ip SevenBitInput
6749[7]
6750Strip input to seven bits for compatibility with old systems.
6751This shouldn't be necessary.
6752.ip SingleLineFromHeader
6753[no short name]
6754If set, From: lines that have embedded newlines are unwrapped
6755onto one line.
6756This is to get around a botch in Lotus Notes
6757that apparently cannot understand legally wrapped RFC822 headers.
6758.ip SingleThreadDelivery
6759[no short name]
6760If set, a client machine will never try to open two SMTP connections
6761to a single server machine at the same time,
6762even in different processes.
6763That is, if another
6764.i sendmail
6765is already talking to some host a new
6766.i sendmail
6767will not open another connection.
6768This property is of mixed value;
6769although this reduces the load on the other machine,
6770it can cause mail to be delayed
6771(for example, if one
6772.i sendmail
6773is delivering a huge message, other
6774.i sendmail s
6775won't be able to send even small messages).
6776Also, it requires another file descriptor
6777(for the lock file)
6778per connection, so you may have to reduce the
6779.b ConnectionCacheSize
6780option to avoid running out of per-process file descriptors.
6781Requires the
6782.b HostStatusDirectory
6783option.
6784.ip SmtpGreetingMessage=\fImessage\fP
6785[$e macro]
6786The message printed when the SMTP server starts up.
6787Defaults to
6788.q "$j Sendmail $v ready at $b".
6789.ip StatusFile=\fIfile\fP
6790[S]
6791Log summary statistics in the named
6792.i file .
6793If no file name is specified, "statistics" is used.
6794If not set,
6795no summary statistics are saved.
6796This file does not grow in size.
6797It can be printed using the
6798.i mailstats (8)
6799program.
6800.ip SuperSafe
6801[s]
6802Be super-safe when running things,
6803i.e.,
6804always instantiate the queue file,
6805even if you are going to attempt immediate delivery.
6806.i Sendmail
6807always instantiates the queue file
6808before returning control to the client
6809under any circumstances.
6810This should really
6811.i always
6812be set.
6813.ip TempFileMode=\fImode\fP
6814[F]
6815The file mode for queue files, files to which
6816.i sendmail
6817delivers directly, and files in the
6818.b HostStatusDirectory .
6819It is interpreted in octal by default.
6820Defaults to 0600.
6821.ip Timeout.\fItype\fP=\|\fItimeout\fP
6822[r; subsumes old T option as well]
6823Set timeout values.
6824For more information,
6825see section
6826.\" XREF
68274.1.
6828.ip TimeZoneSpec=\fItzinfo\fP
6829[t]
6830Set the local time zone info to
6831.i tzinfo
6832\*- for example,
6833.q PST8PDT .
6834Actually, if this is not set,
6835the TZ environment variable is cleared (so the system default is used);
6836if set but null, the user's TZ variable is used,
6837and if set and non-null the TZ variable is set to this value.
6838.ip TrustedUser=\fIuser\fP
6839[no short name]
6840The
6841.i user
6842parameter may be a user name
6843(looked up in
6844.i /etc/passwd )
6845or a numeric user id.
6846Trusted user for file ownership and starting the daemon. If set, generated
6847alias databases and the control socket (if configured) will automatically
6848be owned by this user.
6849.ip TryNullMXList
6850[w]
6851If this system is the
6852.q best
6853(that is, lowest preference)
6854MX for a given host,
6855its configuration rules should normally detect this situation
6856and treat that condition specially
6857by forwarding the mail to a UUCP feed,
6858treating it as local,
6859or whatever.
6860However, in some cases (such as Internet firewalls)
6861you may want to try to connect directly to that host
6862as though it had no MX records at all.
6863Setting this option causes
6864.i sendmail
6865to try this.
6866The downside is that errors in your configuration
6867are likely to be diagnosed as
6868.q "host unknown"
6869or
6870.q "message timed out"
6871instead of something more meaningful.
6872This option is disrecommended.
6873.ip UnixFromLine=\fIfromline\fP
6874[$l macro]
6875Defines the format used when
6876.i sendmail
6877must add a UNIX-style From_ line
6878(that is, a line beginning
6879.q From<space>user ).
6880Defaults to
6881.q "From $g $d" .
6882Don't change this unless your system uses a different UNIX mailbox format
6883(very unlikely).
6884.ip UnsafeGroupWrites
6885[no short name]
6886If set (default),
6887:include: and .forward files that are group writable are considered
6888.q unsafe ,
6889that is,
6890they cannot reference programs or write directly to files.
6891World writable :include: and .forward files
6892are always unsafe.
6893.ip UseErrorsTo
6894[l]
6895If there is an
6896.q Errors-To:
6897header, send error messages to the addresses listed there.
6898They normally go to the envelope sender.
6899Use of this option causes
6900.i sendmail
6901to violate RFC 1123.
6902This option is disrecommended and deprecated.
6903.ip UserDatabaseSpec=\fIudbspec\fP
6904[U]
6905The user database specification.
6906.ip Verbose
6907[v]
6908Run in verbose mode.
6909If this is set,
6910.i sendmail
6911adjusts options
6912.b HoldExpensive
6913(old
6914.b c )
6915and
6916.b DeliveryMode
6917(old
6918.b d )
6919so that all mail is delivered completely
6920in a single job
6921so that you can see the entire delivery process.
6922Option
6923.b Verbose
6924should
6925.i never
6926be set in the configuration file;
6927it is intended for command line use only.
6928.ip XscriptFileBufferSize=\fIthreshold\fP
6929[no short name]
6930Set the
6931.i threshold ,
6932in bytes,
6933before a memory-based
6934queue transcript file
6935becomes disk-based.
6936The default is 4096 bytes.
6937.lp
6938All options can be specified on the command line using the
6939\-O or \-o flag,
6940but most will cause
6941.i sendmail
6942to relinquish its setuid permissions.
6943The options that will not cause this are
6944SevenBitInput [7],
6945EightBitMode [8],
6946MinFreeBlocks [b],
6947CheckpointInterval [C],
6948DeliveryMode [d],
6949ErrorMode [e],
6950IgnoreDots [i],
6951SendMimeErrors [j],
6952LogLevel [L],
6953MeToo [m],
6954OldStyleHeaders [o],
6955PrivacyOptions [p],
6956SuperSafe [s],
6957Verbose [v],
6958QueueSortOrder,
6959MinQueueAge,
6960DefaultCharSet,
6961Dial Delay,
6962NoRecipientAction,
6963ColonOkInAddr,
6964MaxQueueRunSize,
6965SingleLineFromHeader,
6966and
6967AllowBogusHELO.
6968Actually, PrivacyOptions [p] given on the command line
6969are added to those already specified in the
6970.i sendmail.cf
6971file, i.e., they can't be reset.
6972Also, M (define macro) when defining the r or s macros
6973is also considered
6974.q safe .
6975.sh 2 "P \*- Precedence Definitions"
6976.pp
6977Values for the
6978.q "Precedence:"
6979field may be defined using the
6980.b P
6981control line.
6982The syntax of this field is:
6983.(b
6984\fBP\fP\fIname\fP\fB=\fP\fInum\fP
6985.)b
6986When the
6987.i name
6988is found in a
6989.q Precedence:
6990field,
6991the message class is set to
6992.i num .
6993Higher numbers mean higher precedence.
6994Numbers less than zero
6995have the special property
6996that if an error occurs during processing
6997the body of the message will not be returned;
6998this is expected to be used for
6999.q "bulk"
7000mail such as through mailing lists.
7001The default precedence is zero.
7002For example,
7003our list of precedences is:
7004.(b
7005Pfirst-class=0
7006Pspecial-delivery=100
7007Plist=\-30
7008Pbulk=\-60
7009Pjunk=\-100
7010.)b
7011People writing mailing list exploders
7012are encouraged to use
7013.q "Precedence: list" .
7014Older versions of
7015.i sendmail
7016(which discarded all error returns for negative precedences)
7017didn't recognize this name, giving it a default precedence of zero.
7018This allows list maintainers to see error returns
7019on both old and new versions of
7020.i sendmail .
7021.sh 2 "V \*- Configuration Version Level"
7022.pp
7023To provide compatibility with old configuration files,
7024the
7025.b V
7026line has been added to define some very basic semantics
7027of the configuration file.
7028These are not intended to be long term supports;
7029rather, they describe compatibility features
7030which will probably be removed in future releases.
7031.pp
7032.b N.B.:
7033these version
7034.i levels
7035have nothing
7036to do with the version
7037.i number
7038on the files.
7039For example,
7040as of this writing
7041version 8 config files
7042(specifically, 8.10)
7043used version level 9 configurations.
7044.pp
7045.q Old
7046configuration files are defined as version level one.
7047Version level two files make the following changes:
7048.np
7049Host name canonification ($[ ... $])
7050appends a dot if the name is recognized;
7051this gives the config file a way of finding out if anything matched.
7052(Actually, this just initializes the
7053.q host
7054map with the
7055.q \-a.
7056flag \*- you can reset it to anything you prefer
7057by declaring the map explicitly.)
7058.np
7059Default host name extension is consistent throughout processing;
7060version level one configurations turned off domain extension
7061(that is, adding the local domain name)
7062during certain points in processing.
7063Version level two configurations are expected to include a trailing dot
7064to indicate that the name is already canonical.
7065.np
7066Local names that are not aliases
7067are passed through a new distinguished ruleset five;
7068this can be used to append a local relay.
7069This behavior can be prevented by resolving the local name
7070with an initial `@'.
7071That is, something that resolves to a local mailer and a user name of
7072.q vikki
7073will be passed through ruleset five,
7074but a user name of
7075.q @vikki
7076will have the `@' stripped,
7077will not be passed through ruleset five,
7078but will otherwise be treated the same as the prior example.
7079The expectation is that this might be used to implement a policy
7080where mail sent to
7081.q vikki
7082was handled by a central hub,
7083but mail sent to
7084.q vikki@localhost
7085was delivered directly.
7086.pp
7087Version level three files
7088allow # initiated comments on all lines.
7089Exceptions are backslash escaped # marks
7090and the $# syntax.
7091.pp
7092Version level four configurations
7093are completely equivalent to level three
7094for historical reasons.
7095.pp
7096Version level five configuration files
7097change the default definition of
7098.b $w
7099to be just the first component of the hostname.
7100.pp
7101Version level six configuration files
7102change many of the local processing options
7103(such as aliasing and matching the beginning of the address for
7104`|' characters)
7105to be mailer flags;
7106this allows fine-grained control over the special local processing.
7107Level six configuration files may also use long option names.
7108The
7109.b ColonOkInAddr
7110option (to allow colons in the local-part of addresses)
7111defaults
7112.b on
7113for lower numbered configuration files;
7114the configuration file requires some additional intelligence
7115to properly handle the RFC 822 group construct.
7116.pp
7117Version level seven configuration files
7118used new option names to replace old macros
7119(\c
7120.b $e
7121became
7122.b SmtpGreetingMessage ,
7123.b $l
7124became
7125.b UnixFromLine ,
7126and
7127.b $o
7128became
7129.b OperatorChars .
7130Also, prior to version seven,
7131the
7132.b F=q
7133flag (use 250 instead of 252 return value for
7134.sm "SMTP VRFY"
7135commands)
7136was assumed.
7137.pp
7138Version level eight configuration files allow
7139.b $#
7140on the left hand side of ruleset lines.
7141.pp
7142Version level nine configuration files allow
7143parentheses in rulesets, i.e. they are not treated
7144as comments and hence removed.
7145.pp
7146The
7147.b V
7148line may have an optional
7149.b / \c
7150.i vendor
7151to indicate that this configuration file uses modifications
7152specific to a particular vendor\**.
7153.(f
7154\**And of course, vendors are encouraged to add themselves
7155to the list of recognized vendors by editing the routine
7156.i setvendor
7157in
7158.i conf.c .
7159Please send e-mail to sendmail@Sendmail.ORG
7160to register your vendor dialect.
7161.)f
7162You may use
7163.q /Berkeley
7164to emphasize that this configuration file
7165uses the Berkeley dialect of
7166.i sendmail .
7167.sh 2 "K \*- Key File Declaration"
7168.pp
7169Special maps can be defined using the line:
7170.(b
7171Kmapname mapclass arguments
7172.)b
7173The
7174.i mapname
7175is the handle by which this map is referenced in the rewriting rules.
7176The
7177.i mapclass
7178is the name of a type of map;
7179these are compiled in to
7180.i sendmail .
7181The
7182.i arguments
7183are interpreted depending on the class;
7184typically,
7185there would be a single argument naming the file containing the map.
7186.pp
7187Maps are referenced using the syntax:
7188.(b
7189$( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
7190.)b
7191where either or both of the
7192.i arguments
7193or
7194.i default
7195portion may be omitted.
7196The
7197.i "$@ arguments"
7198may appear more than once.
7199The indicated
7200.i key
7201and
7202.i arguments
7203are passed to the appropriate mapping function.
7204If it returns a value, it replaces the input.
7205If it does not return a value and the
7206.i default
7207is specified, the
7208.i default
7209replaces the input.
7210Otherwise, the input is unchanged.
7211.pp
7212The
7213.i arguments
7214are passed to the map for arbitrary use.
7215Most map classes can interpolate these arguments
7216into their values using the syntax
7217.q %\fIn\fP
7218(where
7219.i n
7220is a digit)
7221to indicate the corresponding
7222.i argument .
7223Argument
7224.q %0
7225indicates the database key.
7226For example, the rule
7227.(b
7228.ta 1.5i
7229R$\- ! $+ $: $(uucp $1 $@ $2 $: %1 @ %0 . UUCP $)
7230.)b
7231Looks up the UUCP name in a (user defined) UUCP map;
7232if not found it turns it into
7233.q \&.UUCP
7234form.
7235The database might contain records like:
7236.(b
7237decvax %1@%0.DEC.COM
7238research %1@%0.ATT.COM
7239.)b
7240Note that
7241.i default
7242clauses never do this mapping.
7243.pp
7244The built in map with both name and class
7245.q host
7246is the host name canonicalization lookup.
7247Thus,
7248the syntax:
7249.(b
7250$(host \fIhostname\fP$)
7251.)b
7252is equivalent to:
7253.(b
7254$[\fIhostname\fP$]
7255.)b
7256.pp
7257There are many defined classes.
7258.ip dbm
7259Database lookups using the ndbm(3) library.
7260.i Sendmail
7261must be compiled with
7262.b NDBM
7263defined.
7264.ip btree
7265Database lookups using the btree interface to the Berkeley DB
7266library.
7267.i Sendmail
7268must be compiled with
7269.b NEWDB
7270defined.
7271.ip hash
7272Database lookups using the hash interface to the Berkeley DB
7273library.
7274.i Sendmail
7275must be compiled with
7276.b NEWDB
7277defined.
7278.ip nis
7279NIS lookups.
7280.i Sendmail
7281must be compiled with
7282.b NIS
7283defined.
7284.ip nisplus
7285NIS+ lookups.
7286.i Sendmail
7287must be compiled with
7288.b NISPLUS
7289defined.
7290The argument is the name of the table to use for lookups,
7291and the
7292.b \-k
7293and
7294.b \-v
7295flags may be used to set the key and value columns respectively.
7296.ip hesiod
7297Hesiod lookups.
7298.i Sendmail
7299must be compiled with
7300.b HESIOD
7301defined.
7302.ip ldap
7303LDAP X500 directory lookups.
7304.i Sendmail
7305must be compiled with
7306.b LDAPMAP
7307defined.
7308The map supports most of the standard arguments
7309and most of the command line arguments of the
7310.i ldapsearch
7311program.
7312Note that,
7313by default,
7314if a single query matches multiple values,
7315only the first value will be returned
7316unless the
7317.b \-z
7318(value separator)
7319map flag is set.
7320Also, the
7321.b \-1
7322map flag will treat a multiple value return
7323as if there were no matches.
7324.ip netinfo
7325NeXT NetInfo lookups.
7326.i Sendmail
7327must be compiled with
7328.b NETINFO
7329defined.
7330.ip text
7331Text file lookups.
7332The format of the text file is defined by the
7333.b \-k
7334(key field number),
7335.b \-v
7336(value field number),
7337and
7338.b \-z
7339(field delimiter)
7340flags.
7341.ip ph
7342PH query map.
7343Contributed and supported by
7344Mark Roth, roth@uiuc.edu.
7345For more information,
7346consult the web site
7347.q http://www-dev.cso.uiuc.edu/sendmail/ .
7348.ip nsd
7349nsd map for IRIX 6.5 and later.
7350Contributed and supported by Bob Mende of SGI,
7351mende@sgi.com.
7352.ip stab
7353Internal symbol table lookups.
7354Used internally for aliasing.
7355.ip implicit
7356Really should be called
7357.q alias
7358\(em this is used to get the default lookups
7359for alias files,
7360and is the default if no class is specified for alias files.
7361.ip user
7362Looks up users using
7363.i getpwnam (3).
7364The
7365.b \-v
7366flag can be used to specify the name of the field to return
7367(although this is normally used only to check the existence
7368of a user).
7369.ip host
7370Canonifies host domain names.
7371Given a host name it calls the name server
7372to find the canonical name for that host.
7373.ip bestmx
7374Returns the best MX record for a host name given as the key.
7375The current machine is always preferred \*-
7376that is, if the current machine is one of the hosts listed as a
7377lowest-preference MX record, then it will be guaranteed to be returned.
7378This can be used to find out if this machine is the target for an MX record,
7379and mail can be accepted on that basis.
7380If the
7381.b \-z
7382flag is given, then all MX names are returned,
7383separated by the given delimiter.
7384.ip sequence
7385The arguments on the `K' line are a list of maps;
7386the resulting map searches the argument maps in order
7387until it finds a match for the indicated key.
7388For example, if the key definition is:
7389.(b
7390Kmap1 ...
7391Kmap2 ...
7392Kseqmap sequence map1 map2
7393.)b
7394then a lookup against
7395.q seqmap
7396first does a lookup in map1.
7397If that is found, it returns immediately.
7398Otherwise, the same key is used for map2.
7399.ip syslog
7400the key is logged via
7401.i syslogd \|(8).
7402The lookup returns the empty string.
7403.ip switch
7404Much like the
7405.q sequence
7406map except that the order of maps is determined by the service switch.
7407The argument is the name of the service to be looked up;
7408the values from the service switch are appended to the map name
7409to create new map names.
7410For example, consider the key definition:
7411.(b
7412Kali switch aliases
7413.)b
7414together with the service switch entry:
7415.(b
7416aliases nis files
7417.)b
7418This causes a query against the map
7419.q ali
7420to search maps named
7421.q ali.nis
7422and
7423.q ali.files
7424in that order.
7425.ip dequote
7426Strip double quotes (") from a name.
7427It does not strip backslashes,
7428and will not strip quotes if the resulting string
7429would contain unscannable syntax
7430(that is, basic errors like unbalanced angle brackets;
7431more sophisticated errors such as unknown hosts are not checked).
7432The intent is for use when trying to accept mail from systems such as
7433DECnet
7434that routinely quote odd syntax such as
7435.(b
7436"49ers::ubell"
7437.)b
7438A typical usage is probably something like:
7439.(b
7440Kdequote dequote
7441
7442\&...
7443
7444R$\- $: $(dequote $1 $)
7445R$\- $+ $: $>3 $1 $2
7446.)b
7447Care must be taken to prevent unexpected results;
7448for example,
7449.(b
7450"|someprogram < input > output"
7451.)b
7452will have quotes stripped,
7453but the result is probably not what you had in mind.
7454Fortunately these cases are rare.
7455.ip regex
7456The map definition on the
7457.b K
7458line contains a regular expression.
7459Any key input is compared to that expression using the
7460POSIX regular expressions routines regcomp(), regerr(), and regexec().
7461Refer to the documentation for those routines for more information
7462about the regular expression matching.
7463No rewriting of the key is done if the
7464.b \-m
7465flag is used. Without it, the key is discarded or if
7466.b \-s
7467if used, it is substituted by the substring matches, delimited by
7468.b $|
7469or the string specified with the the
7470.b \-d
7471flag. The flags available for the map are
7472.(b
7473-n not
7474-f case sensitive
7475-b basic regular expressions
7476 (default is extended)
7477-s substring match
7478-d set the delimiter used for -s
7479-a append string to key
7480-m match only, do not
7481 replace/discard value
7482-D perform no lookup in deferred delivery mode.
7483.)b
7484The
7485.b \-s
7486flag can include an optional parameter which can be used
7487to select the substrings in the result of the lookup. For example,
7488.(b
7489-s1,3,4
7490.)b
7491Notes: to match a
7492.b $
7493in a string,
7494\\$$
7495must be used.
7496If the pattern contains spaces, they must be replaced
7497with the blank substitution character, unless it is
7498space itself.
7499.ip program
7500The arguments on the
7501.b K
7502line are the pathname to a program and any initial parameters to be passed.
7503When the map is called,
7504the key is added to the initial parameters
7505and the program is invoked
7506as the default user/group id.
7507The first line of standard output is returned as the value of the lookup.
7508This has many potential security problems,
7509and has terrible performance;
7510it should be used only when absolutely necessary.
7511.ip macro
7512Set or clear a macro value.
7513To set a macro,
7514pass the value as the first argument in the map lookup.
7515To clear a macro,
7516do not pass an argument in the map lookup.
7517The map always returns the empty string.
7518Example of typical usage include:
7519.(b
7520Kstorage macro
7521
7522\&...
7523
7524# set macro ${MyMacro} to the ruleset match
7525R$+ $: $(storage {MyMacro} $@ $1 $) $1
7526# set macro ${MyMacro} to an empty string
7527R$* $: $(storage {MyMacro} $@ $) $1
7528# clear macro ${MyMacro}
7529R$\- $: $(storage {MyMacro} $) $1
7530.)b
7531.ip arith
7532Perform simple arithmetic operations.
7533The operation is given as key, currently +, -, *, /,
7534l (for less than), and = are supported.
7535The two operands are given as arguments.
7536The lookup returns the result of the computation,
7537i.e.
7538.sm TRUE
7539or
7540.sm FALSE
7541for comparisons, integer values otherwise.
7542All options which are possible for maps are ignored.
7543A simple example is:
7544.(b
7545Kcomp arith
7546
7547\&...
7548
7549Scheck_etrn
7550R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1
7551RFALSE $# error \&...
7552.)b
7553.pp
7554Most of these accept as arguments the same optional flags
7555and a filename
7556(or a mapname for NIS;
7557the filename is the root of the database path,
7558so that
7559.q .db
7560or some other extension appropriate for the database type
7561will be added to get the actual database name).
7562Known flags are:
7563.ip "\-o"
7564Indicates that this map is optional \*- that is,
7565if it cannot be opened,
7566no error is produced,
7567and
7568.i sendmail
7569will behave as if the map existed but was empty.
7570.ip "\-N, \-O"
7571If neither
7572.b \-N
7573or
7574.b \-O
7575are specified,
7576.i sendmail
7577uses an adaptive algorithm to decide whether or not to look for null bytes
7578on the end of keys.
7579It starts by trying both;
7580if it finds any key with a null byte it never tries again without a null byte
7581and vice versa.
7582If
7583.b \-N
7584is specified it never tries without a null byte and
7585if
7586.b \-O
7587is specified it never tries with a null byte.
7588Setting one of
7589these can speed matches but are never necessary.
7590If both
7591.b \-N
7592and
7593.b \-O
7594are specified,
7595.i sendmail
7596will never try any matches at all \(em
7597that is, everything will appear to fail.
7598.ip "\-a\fIx\fP"
7599Append the string
7600.i x
7601on successful matches.
7602For example, the default
7603.i host
7604map appends a dot on successful matches.
7605.ip "\-T\fIx\fP"
7606Append the string
7607.i x
7608on temporary failures.
7609For example,
7610.i x
7611would be appended if a DNS lookup returned
7612.q "server failed"
7613or an NIS lookup could not locate a server.
7614See also the
7615.b \-t
7616flag.
7617.ip "\-f"
7618Do not fold upper to lower case before looking up the key.
7619.ip "\-m"
7620Match only (without replacing the value).
7621If you only care about the existence of a key and not the value
7622(as you might when searching the NIS map
7623.q hosts.byname
7624for example),
7625this flag prevents the map from substituting the value.
7626However,
7627The \-a argument is still appended on a match,
7628and the default is still taken if the match fails.
7629.ip "\-k\fIkeycol\fP"
7630The key column name (for NIS+) or number
7631(for text lookups).
7632For LDAP maps this is an LDAP filter string
7633in which %s is replaced with the literal contents of the lookup key
7634and %0 is replaced with the LDAP escaped contents of the lookup key
7635according to RFC2254.
7636.ip "\-v\fIvalcol\fP"
7637The value column name (for NIS+) or number
7638(for text lookups).
7639For LDAP maps this is the name of one or more
7640attributes to be returned;
7641multiple attributes can be separated by commas.
7642If not specified, all attributes found in the match
7643will be returned.
7644.ip "\-z\fIdelim\fP"
7645The column delimiter (for text lookups).
7646It can be a single character or one of the special strings
7647.q \|\en
7648or
7649.q \|\et
7650to indicate newline or tab respectively.
7651If omitted entirely,
7652the column separator is any sequence of white space.
7653For LDAP maps this is the separator character
7654to combine multiple values
7655into a single return string.
7656If not set,
7657the LDAP lookup will only return the first match found.
7658.ip "\-t"
7659Normally, when a map attempts to do a lookup
7660and the server fails
7661(e.g.,
7662.i sendmail
7663couldn't contact any name server;
7664this is
7665.i not
7666the same as an entry not being found in the map),
7667the message being processed is queued for future processing.
7668The
7669.b \-t
7670flag turns off this behavior,
7671letting the temporary failure (server down)
7672act as though it were a permanent failure (entry not found).
7673It is particularly useful for DNS lookups,
7674where someone else's misconfigured name server can cause problems
7675on your machine.
7676However, care must be taken to ensure that you don't bounce mail
7677that would be resolved correctly if you tried again.
7678A common strategy is to forward such mail
7679to another, possibly better connected, mail server.
7680.ip "\-D"
7681Perform no lookup in deferred delivery mode.
7682This flag is set by default for the
7683.i host
7684map.
7685.ip "\-S\fIspacesub\fP
7686The character to use to replace space characters
7687after a successful map lookup (esp. useful for regex
7688and syslog maps).
7689.ip "\-s\fIspacesub\fP
7690For the dequote map only,
7691the character to use to replace space characters
7692after a successful dequote.
7693.ip "\-q"
7694Don't dequote the key before lookup.
7695.ip "\-L\fIlevel\fP
7696For the syslog map only, it specifies the level
7697to use for the syslog call.
7698.ip "\-A"
7699When rebuilding an alias file,
7700the
7701.b \-A
7702flag causes duplicate entries in the text version
7703to be merged.
7704For example, two entries:
7705.(b
7706list: user1, user2
7707list: user3
7708.)b
7709would be treated as though it were the single entry
7710.(b
7711list: user1, user2, user3
7712.)b
7713in the presence of the
7714.b \-A
7715flag.
7716.pp
7717The following additional flags are present in the ldap map only:
7718.ip "\-R"
7719Do not auto chase referrals. sendmail must be compiled with
7720.b \-DLDAP_REFERRALS
7721to use this flag.
7722.ip "\-n"
7723Retrieve attribute names only.
7724.ip "\-r\fIderef\fP"
7725Set the alias dereference option to one of never, always, search, or find.
7726.ip "\-s\fIscope\fP"
7727Set search scope to one of base, one (one level), or sub (subtree).
7728.ip "\-h\fIhost\fP"
7729LDAP server hostname.
7730Some LDAP libraries allow you to specify multiple, space-separated hosts for
7731redundancy.
7732In addition, each of the hosts listed can be followed by a colon and a port
7733number to override the default LDAP port.
7734.ip "\-b\fIbase\fP"
7735LDAP search base.
7736.ip "\-p\fIport\fP"
7737LDAP service port.
7738.ip "\-l\fItimelimit\fP"
7739Time limit for LDAP queries.
7740.ip "\-Z\fIsizelimit\fP"
7741Size (number of matches) limit for LDAP queries.
7742.ip "\-d\fIdistinguished_name\fP"
7743The distinguished name to use to login to the LDAP server.
7744.ip "\-M\fImethod\fP"
7745The method to authenticate to the LDAP server.
7746Should be one of
7747.b LDAP_AUTH_NONE ,
7748.b LDAP_AUTH_SIMPLE ,
7749or
7750.b LDAP_AUTH_KRBV4 .
7751.ip "\-P\fIpasswordfile\fP"
7752The file containing the secret key for the
7753.b LDAP_AUTH_SIMPLE
7754authentication method
7755or the name of the Kerberos ticket file for
7756.b LDAP_AUTH_KRBV4 .
7757.ip "\-1"
7758Force LDAP searches to only succeed if a single match is found.
7759If multiple values are found,
7760the search is treated as if no match was found.
7761.pp
7762The
7763.i dbm
7764map appends the strings
7765.q \&.pag
7766and
7767.q \&.dir
7768to the given filename;
7769the
7770.i hash
7771and
7772.i btree
7773maps append
7774.q \&.db .
7775For example, the map specification
7776.(b
7777Kuucp dbm \-o \-N /etc/mail/uucpmap
7778.)b
7779specifies an optional map named
7780.q uucp
7781of class
7782.q dbm ;
7783it always has null bytes at the end of every string,
7784and the data is located in
7785/etc/mail/uucpmap.{dir,pag}.
7786.pp
7787The program
7788.i makemap (8)
7789can be used to build any of the three database-oriented maps.
7790It takes the following flags:
7791.ip \-f
7792Do not fold upper to lower case in the map.
7793.ip \-N
7794Include null bytes in keys.
7795.ip \-o
7796Append to an existing (old) file.
7797.ip \-r
7798Allow replacement of existing keys;
7799normally, re-inserting an existing key is an error.
7800.ip \-v
7801Print what is happening.
7802.lp
7803The
7804.i sendmail
7805daemon does not have to be restarted to read the new maps
7806as long as you change them in place;
7807file locking is used so that the maps won't be read
7808while they are being updated.
7809.pp
7810New classes can be added in the routine
7811.b setupmaps
7812in file
7813.b conf.c .
7814.sh 2 "The User Database"
7815.pp
7816If you have a version of
7817.i sendmail
7818with the user database package
7819compiled in,
7820the handling of sender and recipient addresses
7821is modified.
7822.pp
7823The location of this database is controlled with the
7824.b UserDatabaseSpec
7825option.
7826.sh 3 "Structure of the user database"
7827.pp
7828The database is a sorted (BTree-based) structure.
7829User records are stored with the key:
7830.(b
7831\fIuser-name\fP\fB:\fP\fIfield-name\fP
7832.)b
7833The sorted database format ensures that user records are clustered together.
7834Meta-information is always stored with a leading colon.
7835.pp
7836Field names define both the syntax and semantics of the value.
7837Defined fields include:
7838.nr ii 1i
7839.ip maildrop
7840The delivery address for this user.
7841There may be multiple values of this record.
7842In particular,
7843mailing lists will have one
7844.i maildrop
7845record for each user on the list.
7846.ip "mailname"
7847The outgoing mailname for this user.
7848For each outgoing name,
7849there should be an appropriate
7850.i maildrop
7851record for that name to allow return mail.
7852See also
7853.i :default:mailname .
7854.ip mailsender
7855Changes any mail sent to this address to have the indicated envelope sender.
7856This is intended for mailing lists,
7857and will normally be the name of an appropriate -request address.
7858It is very similar to the owner-\c
7859.i list
7860syntax in the alias file.
7861.ip fullname
7862The full name of the user.
7863.ip office-address
7864The office address for this user.
7865.ip office-phone
7866The office phone number for this user.
7867.ip office-fax
7868The office FAX number for this user.
7869.ip home-address
7870The home address for this user.
7871.ip home-phone
7872The home phone number for this user.
7873.ip home-fax
7874The home FAX number for this user.
7875.ip project
7876A (short) description of the project this person is affiliated with.
7877In the University this is often just the name of their graduate advisor.
7878.ip plan
7879A pointer to a file from which plan information can be gathered.
7880.pp
7881As of this writing,
7882only a few of these fields are actually being used by
7883.i sendmail :
7884.i maildrop
7885and
7886.i mailname .
7887A
7888.i finger
7889program that uses the other fields is planned.
7890.sh 3 "User database semantics"
7891.pp
7892When the rewriting rules submit an address to the local mailer,
7893the user name is passed through the alias file.
7894If no alias is found (or if the alias points back to the same address),
7895the name (with
7896.q :maildrop
7897appended)
7898is then used as a key in the user database.
7899If no match occurs (or if the maildrop points at the same address),
7900forwarding is tried.
7901.pp
7902If the first token of the user name returned by ruleset 0
7903is an
7904.q @
7905sign, the user database lookup is skipped.
7906The intent is that the user database will act as a set of defaults
7907for a cluster (in our case, the Computer Science Division);
7908mail sent to a specific machine should ignore these defaults.
7909.pp
7910When mail is sent,
7911the name of the sending user is looked up in the database.
7912If that user has a
7913.q mailname
7914record,
7915the value of that record is used as their outgoing name.
7916For example, I might have a record:
7917.(b
7918eric:mailname Eric.Allman@CS.Berkeley.EDU
7919.)b
7920This would cause my outgoing mail to be sent as Eric.Allman.
7921.pp
7922If a
7923.q maildrop
7924is found for the user,
7925but no corresponding
7926.q mailname
7927record exists,
7928the record
7929.q :default:mailname
7930is consulted.
7931If present, this is the name of a host to override the local host.
7932For example, in our case we would set it to
7933.q CS.Berkeley.EDU .
7934The effect is that anyone known in the database
7935gets their outgoing mail stamped as
7936.q user@CS.Berkeley.EDU ,
7937but people not listed in the database use the local hostname.
7938.sh 3 "Creating the database\**"
7939.(f
7940\**These instructions are known to be incomplete.
7941Other features are available which provide similar functionality,
7942e.g., virtual hosting and mapping local addresses into a
7943generic form as explained in cf/README.
7944.)f
7945.pp
7946The user database is built from a text file
7947using the
7948.i makemap
7949utility
7950(in the distribution in the makemap subdirectory).
7951The text file is a series of lines corresponding to userdb records;
7952each line has a key and a value separated by white space.
7953The key is always in the format described above \*-
7954for example:
7955.(b
7956eric:maildrop
7957.)b
7958This file is normally installed in a system directory;
7959for example, it might be called
7960.i /etc/mail/userdb .
7961To make the database version of the map, run the program:
7962.(b
7963makemap btree /etc/mail/userdb < /etc/mail/userdb
7964.)b
7965Then create a config file that uses this.
7966For example, using the V8 M4 configuration, include the
7967following line in your .mc file:
7968.(b
7969define(\`confUSERDB_SPEC\', /etc/mail/userdb.db)
7970.)b
7971.sh 1 "OTHER CONFIGURATION"
7972.pp
7973There are some configuration changes that can be made by
7974recompiling
7975.i sendmail .
7976This section describes what changes can be made
7977and what has to be modified to make them.
7978In most cases this should be unnecessary
7979unless you are porting
7980.i sendmail
7981to a new environment.
7982.sh 2 "Parameters in devtools/OS/$oscf"
7983.pp
7984These parameters are intended to describe the compilation environment,
7985not site policy,
7986and should normally be defined in the operating system
7987configuration file.
7988.b "This section needs a complete rewrite."
7989.ip NDBM
7990If set,
7991the new version of the DBM library
7992that allows multiple databases will be used.
7993If neither NDBM nor NEWDB are set,
7994a much less efficient method of alias lookup is used.
7995.ip NEWDB
7996If set, use the new database package from Berkeley (from 4.4BSD).
7997This package is substantially faster than DBM or NDBM.
7998If NEWDB and NDBM are both set,
7999.i sendmail
8000will read DBM files,
8001but will create and use NEWDB files.
8002.ip NIS
8003Include support for NIS.
8004If set together with
8005.i both
8006NEWDB and NDBM,
8007.i sendmail
8008will create both DBM and NEWDB files if and only if
8009an alias file includes the substring
8010.q /yp/
8011in the name.
8012This is intended for compatibility with Sun Microsystems'
8013.i mkalias
8014program used on YP masters.
8015.ip NISPLUS
8016Compile in support for NIS+.
8017.ip NETINFO
8018Compile in support for NetInfo (NeXT stations).
8019.ip LDAPMAP
8020Compile in support for LDAP X500 queries.
8021Requires libldap and liblber
8022from the Umich LDAP 3.2 or 3.3 release
8023or equivalent libraries for other LDAP libraries
8024such as OpenLDAP.
8025.ip HESIOD
8026Compile in support for Hesiod.
8027.ip MAP_NSD
8028Compile in support for IRIX NSD lookups.
8029.ip MAP_REGEX
8030Compile in support for regular expression matching.
8031.ip PH_MAP
8032Compile in support for ph lookups.
8033.ip SASL
8034Compile in support for SASL,
8035a required component for SMTP Authentication support.
8036.ip STARTTLS
8037Compile in support for STARTTLS.
8038.ip EGD
8039Compile in support for the "Entropy Gathering Daemon"
8040to provide better random data for TLS.
8041.ip SFIO
8042Compile in support for sfio, which is required to enable encryption,
8043e.g., STARTTLS.
8044.ip TCPWRAPPERS
8045Compile in support for TCP Wrappers.
8046.ip _PATH_SENDMAILCF
8047The pathname of the sendmail.cf file.
8048.ip _PATH_SENDMAILPID
8049The pathname of the sendmail.pid file.
8050.pp
8051There are also several compilation flags to indicate the environment
8052such as
8053.q _AIX3
8054and
8055.q _SCO_unix_ .
8056See the sendmail/README
8057file for the latest scoop on these flags.
8058.sh 2 "Parameters in sendmail/conf.h"
8059.pp
8060Parameters and compilation options
8061are defined in conf.h.
8062Most of these need not normally be tweaked;
8063common parameters are all in sendmail.cf.
8064However, the sizes of certain primitive vectors, etc.,
8065are included in this file.
8066The numbers following the parameters
8067are their default value.
8068.pp
8069This document is not the best source of information
8070for compilation flags in conf.h \(em
8071see sendmail/README or sendmail/conf.h itself.
8072.nr ii 1.2i
8073.ip "MAXLINE [2048]"
8074The maximum line length of any input line.
8075If message lines exceed this length
8076they will still be processed correctly;
8077however, header lines,
8078configuration file lines,
8079alias lines,
8080etc.,
8081must fit within this limit.
8082.ip "MAXNAME [256]"
8083The maximum length of any name,
8084such as a host or a user name.
8085.ip "MAXPV [256]"
8086The maximum number of parameters to any mailer.
8087This limits the number of recipients that may be passed in one transaction.
8088It can be set to any arbitrary number above about 10,
8089since
8090.i sendmail
8091will break up a delivery into smaller batches as needed.
8092A higher number may reduce load on your system, however.
8093.ip "MAXATOM [1000]"
8094The maximum number of atoms
8095(tokens)
8096in a single address.
8097For example,
8098the address
8099.q "eric@CS.Berkeley.EDU"
8100is seven atoms.
8101.ip "MAXMAILERS [25]"
8102The maximum number of mailers that may be defined
8103in the configuration file.
8104This value is defined in include/sendmail/sendmail.h.
8105.ip "MAXRWSETS [200]"
8106The maximum number of rewriting sets
8107that may be defined.
8108The first half of these are reserved for numeric specification
8109(e.g., ``S92''),
8110while the upper half are reserved for auto-numbering
8111(e.g., ``Sfoo'').
8112Thus, with a value of 200 an attempt to use ``S99'' will succeed,
8113but ``S100'' will fail.
8114.ip "MAXPRIORITIES [25]"
8115The maximum number of values for the
8116.q Precedence:
8117field that may be defined
8118(using the
8119.b P
8120line in sendmail.cf).
8121.ip "MAXUSERENVIRON [100]"
8122The maximum number of items in the user environment
8123that will be passed to subordinate mailers.
8124.ip "MAXMXHOSTS [100]"
8125The maximum number of MX records we will accept for any single host.
8126.ip "MAXALIASDB [12]"
8127The maximum number of alias databases that can be open at any time.
8128Note that there may also be an open file limit.
8129.ip "MAXMAPSTACK [12]"
8130The maximum number of maps that may be "stacked" in a
8131.b sequence
8132class map.
8133.ip "MAXMIMEARGS [20]"
8134The maximum number of arguments in a MIME Content-Type: header;
8135additional arguments will be ignored.
8136.ip "MAXMIMENESTING [20]"
8137The maximum depth to which MIME messages may be nested
8138(that is, nested Message or Multipart documents;
8139this does not limit the number of components in a single Multipart document).
8140.ip "MAXDAEMONS [10]"
8141The maximum number of sockets sendmail will open for accepting connections
8142on different ports.
8143.ip "MAXMACNAMELEN [25]"
8144The maximum length of a macro name.
8145.lp
8146A number of other compilation options exist.
8147These specify whether or not specific code should be compiled in.
8148Ones marked with \(dg
8149are 0/1 valued.
8150.nr ii 1.2i
8151.ip NETINET\(dg
8152If set,
8153support for Internet protocol networking is compiled in.
8154Previous versions of
8155.i sendmail
8156referred to this as
8157.sm DAEMON ;
8158this old usage is now incorrect.
8159Defaults on;
8160turn it off in the Makefile
8161if your system doesn't support the Internet protocols.
8162.ip NETINET6\(dg
8163If set,
8164support for IPv6 networking is compiled in.
8165It must be separately enabled by adding DaemonPortOptions settings.
8166.ip NETISO\(dg
8167If set,
8168support for ISO protocol networking is compiled in
8169(it may be appropriate to #define this in the Makefile instead of conf.h).
8170.ip NETUNIX\(dg
8171If set,
8172support for UNIX domain sockets is compiled in.
8173This is used for control socket support.
8174.ip LOG
8175If set,
8176the
8177.i syslog
8178routine in use at some sites is used.
8179This makes an informational log record
8180for each message processed,
8181and makes a higher priority log record
8182for internal system errors.
8183.b "STRONGLY RECOMMENDED"
8184\(em if you want no logging, turn it off in the configuration file.
8185.ip MATCHGECOS\(dg
8186Compile in the code to do ``fuzzy matching'' on the GECOS field
8187in /etc/passwd.
8188This also requires that the
8189.b MatchGECOS
8190option be turned on.
8191.ip NAMED_BIND\(dg
8192Compile in code to use the
8193Berkeley Internet Name Domain (BIND) server
8194to resolve TCP/IP host names.
8195.ip NOTUNIX
8196If you are using a non-UNIX mail format,
8197you can set this flag to turn off special processing
8198of UNIX-style
8199.q "From "
8200lines.
8201.ip QUEUE\(dg
8202This flag should be set to compile in the queueing code.
8203If this is not set,
8204mailers must accept the mail immediately
8205or it will be returned to the sender.
8206.ip SMTP\(dg
8207If set,
8208the code to handle user and server SMTP will be compiled in.
8209This is only necessary if your machine has some mailer
8210that speaks SMTP
8211(this means most machines everywhere).
8212.ip USERDB\(dg
8213Include the
8214.b experimental
8215Berkeley user information database package.
8216This adds a new level of local name expansion
8217between aliasing and forwarding.
8218It also uses the NEWDB package.
8219This may change in future releases.
8220.lp
8221The following options are normally turned on
8222in per-operating-system clauses in conf.h.
8223.ip IDENTPROTO\(dg
8224Compile in the IDENT protocol as defined in RFC 1413.
8225This defaults on for all systems except Ultrix,
8226which apparently has the interesting
8227.q feature
8228that when it receives a
8229.q "host unreachable"
8230message it closes all open connections to that host.
8231Since some firewall gateways send this error code
8232when you access an unauthorized port (such as 113, used by IDENT),
8233Ultrix cannot receive email from such hosts.
8234.ip SYSTEM5
8235Set all of the compilation parameters appropriate for System V.
8236.ip HASFLOCK\(dg
8237Use Berkeley-style
8238.b flock
8239instead of System V
8240.b lockf
8241to do file locking.
8242Due to the highly unusual semantics of locks
8243across forks in
8244.b lockf ,
8245this should always be used if at all possible.
8246.ip HASINITGROUPS
8247Set this if your system has the
8248.i initgroups()
8249call
8250(if you have multiple group support).
8251This is the default if SYSTEM5 is
8252.i not
8253defined or if you are on HPUX.
8254.ip HASUNAME
8255Set this if you have the
8256.i uname (2)
8257system call (or corresponding library routine).
8258Set by default if
8259SYSTEM5
8260is set.
8261.ip HASGETDTABLESIZE
8262Set this if you have the
8263.i getdtablesize (2)
8264system call.
8265.ip HASWAITPID
8266Set this if you have the
8267.i haswaitpid (2)
8268system call.
8269.ip FAST_PID_RECYCLE
8270Set this if your system can possibly
8271reuse the same pid in the same second of time.
8272.ip SFS_TYPE
8273The mechanism that can be used to get file system capacity information.
8274The values can be one of
8275SFS_USTAT (use the ustat(2) syscall),
8276SFS_4ARGS (use the four argument statfs(2) syscall),
8277SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>),
8278SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>),
8279SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>),
8280SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>),
8281or
8282SFS_NONE (no way to get this information).
8283.ip LA_TYPE
8284The load average type.
8285Details are described below.
8286.lp
8287The are several built-in ways of computing the load average.
8288.i Sendmail
8289tries to auto-configure them based on imperfect guesses;
8290you can select one using the
8291.i cc
8292option
8293.b \-DLA_TYPE= \c
8294.i type ,
8295where
8296.i type
8297is:
8298.ip LA_INT
8299The kernel stores the load average in the kernel as an array of long integers.
8300The actual values are scaled by a factor FSCALE
8301(default 256).
8302.ip LA_SHORT
8303The kernel stores the load average in the kernel as an array of short integers.
8304The actual values are scaled by a factor FSCALE
8305(default 256).
8306.ip LA_FLOAT
8307The kernel stores the load average in the kernel as an array of
8308double precision floats.
8309.ip LA_MACH
8310Use MACH-style load averages.
8311.ip LA_SUBR
8312Call the
8313.i getloadavg
8314routine to get the load average as an array of doubles.
8315.ip LA_ZERO
8316Always return zero as the load average.
8317This is the fallback case.
8318.lp
8319If type
8320.sm LA_INT ,
8321.sm LA_SHORT ,
8322or
8323.sm LA_FLOAT
8324is specified,
8325you may also need to specify
8326.sm _PATH_UNIX
8327(the path to your system binary)
8328and
8329.sm LA_AVENRUN
8330(the name of the variable containing the load average in the kernel;
8331usually
8332.q _avenrun
8333or
8334.q avenrun ).
8335.sh 2 "Configuration in sendmail/conf.c"
8336.pp
8337The following changes can be made in conf.c.
8338.sh 3 "Built-in Header Semantics"
8339.pp
8340Not all header semantics are defined in the configuration file.
8341Header lines that should only be included by certain mailers
8342(as well as other more obscure semantics)
8343must be specified in the
8344.i HdrInfo
8345table in
8346.i conf.c .
8347This table contains the header name
8348(which should be in all lower case)
8349and a set of header control flags (described below),
8350The flags are:
8351.ip H_ACHECK
8352Normally when the check is made to see if a header line is compatible
8353with a mailer,
8354.i sendmail
8355will not delete an existing line.
8356If this flag is set,
8357.i sendmail
8358will delete
8359even existing header lines.
8360That is,
8361if this bit is set and the mailer does not have flag bits set
8362that intersect with the required mailer flags
8363in the header definition in
8364sendmail.cf,
8365the header line is
8366.i always
8367deleted.
8368.ip H_EOH
8369If this header field is set,
8370treat it like a blank line,
8371i.e.,
8372it will signal the end of the header
8373and the beginning of the message text.
8374.ip H_FORCE
8375Add this header entry
8376even if one existed in the message before.
8377If a header entry does not have this bit set,
8378.i sendmail
8379will not add another header line if a header line
8380of this name already existed.
8381This would normally be used to stamp the message
8382by everyone who handled it.
8383.ip H_TRACE
8384If set,
8385this is a timestamp
8386(trace)
8387field.
8388If the number of trace fields in a message
8389exceeds a preset amount
8390the message is returned
8391on the assumption that it has an aliasing loop.
8392.ip H_RCPT
8393If set,
8394this field contains recipient addresses.
8395This is used by the
8396.b \-t
8397flag to determine who to send to
8398when it is collecting recipients from the message.
8399.ip H_FROM
8400This flag indicates that this field
8401specifies a sender.
8402The order of these fields in the
8403.i HdrInfo
8404table specifies
8405.i sendmail 's
8406preference
8407for which field to return error messages to.
8408.ip H_ERRORSTO
8409Addresses in this header should receive error messages.
8410.ip H_CTE
8411This header is a Content-Transfer-Encoding header.
8412.ip H_CTYPE
8413This header is a Content-Type header.
8414.ip H_STRIPVAL
8415Strip the value from the header (for Bcc:).
8416.nr ii 5n
8417.lp
8418Let's look at a sample
8419.i HdrInfo
8420specification:
8421.(b
8422.ta 4n +\w'"content-transfer-encoding", 'u
8423struct hdrinfo HdrInfo[] =
8424\&{
8425 /* originator fields, most to least significant */
8426 "resent-sender", H_FROM,
8427 "resent-from", H_FROM,
8428 "sender", H_FROM,
8429 "from", H_FROM,
8430 "full-name", H_ACHECK,
8431 "errors-to", H_FROM\^|\^H_ERRORSTO,
8432 /* destination fields */
8433 "to", H_RCPT,
8434 "resent-to", H_RCPT,
8435 "cc", H_RCPT,
8436 "bcc", H_RCPT\^|\^H_STRIPVAL,
8437 /* message identification and control */
8438 "message", H_EOH,
8439 "text", H_EOH,
8440 /* trace fields */
8441 "received", H_TRACE\^|\^H_FORCE,
8442 /* miscellaneous fields */
8443 "content-transfer-encoding", H_CTE,
8444 "content-type", H_CTYPE,
8445
8446 NULL, 0,
8447};
8448.)b
8449This structure indicates that the
8450.q To: ,
8451.q Resent-To: ,
8452and
8453.q Cc:
8454fields
8455all specify recipient addresses.
8456Any
8457.q Full-Name:
8458field will be deleted unless the required mailer flag
8459(indicated in the configuration file)
8460is specified.
8461The
8462.q Message:
8463and
8464.q Text:
8465fields will terminate the header;
8466these are used by random dissenters around the network world.
8467The
8468.q Received:
8469field will always be added,
8470and can be used to trace messages.
8471.pp
8472There are a number of important points here.
8473First,
8474header fields are not added automatically just because they are in the
8475.i HdrInfo
8476structure;
8477they must be specified in the configuration file
8478in order to be added to the message.
8479Any header fields mentioned in the configuration file but not
8480mentioned in the
8481.i HdrInfo
8482structure have default processing performed;
8483that is,
8484they are added unless they were in the message already.
8485Second,
8486the
8487.i HdrInfo
8488structure only specifies cliched processing;
8489certain headers are processed specially by ad hoc code
8490regardless of the status specified in
8491.i HdrInfo .
8492For example,
8493the
8494.q Sender:
8495and
8496.q From:
8497fields are always scanned on ARPANET mail
8498to determine the sender\**;
8499.(f
8500\**Actually, this is no longer true in SMTP;
8501this information is contained in the envelope.
8502The older ARPANET protocols did not completely distinguish
8503envelope from header.
8504.)f
8505this is used to perform the
8506.q "return to sender"
8507function.
8508The
8509.q "From:"
8510and
8511.q "Full-Name:"
8512fields are used to determine the full name of the sender
8513if possible;
8514this is stored in the macro
8515.b $x
8516and used in a number of ways.
8517.sh 3 "Restricting Use of Email"
8518.pp
8519If it is necessary to restrict mail through a relay,
8520the
8521.i checkcompat
8522routine can be modified.
8523This routine is called for every recipient address.
8524It returns an exit status
8525indicating the status of the message.
8526The status
8527.sm EX_OK
8528accepts the address,
8529.sm EX_TEMPFAIL
8530queues the message for a later try,
8531and other values
8532(commonly
8533.sm EX_UNAVAILABLE )
8534reject the message.
8535It is up to
8536.i checkcompat
8537to print an error message
8538(using
8539.i usrerr )
8540if the message is rejected.
8541For example,
8542.i checkcompat
8543could read:
8544.(b
8545.re
8546.sz -1
8547.ta 4n +4n +4n +4n +4n +4n +4n
8548int
8549checkcompat(to, e)
8550 register ADDRESS *to;
8551 register ENVELOPE *e;
8552\&{
8553 register STAB *s;
8554
8555 s = stab("private", ST_MAILER, ST_FIND);
8556 if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
8557 to->q_mailer == s->s_mailer)
8558 {
8559 usrerr("No private net mail allowed through this machine");
8560 return (EX_UNAVAILABLE);
8561 }
8562 if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
8563 {
8564 usrerr("Message too large for non-local delivery");
8565 e\->e_flags |= EF_NORETURN;
8566 return (EX_UNAVAILABLE);
8567 }
8568 return (EX_OK);
8569}
8570.sz
8571.)b
8572This would reject messages greater than 50000 bytes
8573unless they were local.
8574The
8575.i EF_NORETURN
8576flag can be set in
8577.i e\(->e_flags
8578to suppress the return of the actual body
8579of the message in the error return.
8580The actual use of this routine is highly dependent on the
8581implementation,
8582and use should be limited.
8583.sh 3 "New Database Map Classes"
8584.pp
8585New key maps can be added by creating a class initialization function
8586and a lookup function.
8587These are then added to the routine
8588.i setupmaps.
8589.pp
8590The initialization function is called as
8591.(b
8592\fIxxx\fP_map_init(MAP *map, char *args)
8593.)b
8594The
8595.i map
8596is an internal data structure.
8597The
8598.i args
8599is a pointer to the portion of the configuration file line
8600following the map class name;
8601flags and filenames can be extracted from this line.
8602The initialization function must return
8603.sm TRUE
8604if it successfully opened the map,
8605.sm FALSE
8606otherwise.
8607.pp
8608The lookup function is called as
8609.(b
8610\fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp)
8611.)b
8612The
8613.i map
8614defines the map internally.
8615The
8616.i buf
8617has the input key.
8618This may be (and often is) used destructively.
8619The
8620.i av
8621is a list of arguments passed in from the rewrite line.
8622The lookup function should return a pointer to the new value.
8623If the map lookup fails,
8624.i *statp
8625should be set to an exit status code;
8626in particular, it should be set to
8627.sm EX_TEMPFAIL
8628if recovery is to be attempted by the higher level code.
8629.sh 3 "Queueing Function"
8630.pp
8631The routine
8632.i shouldqueue
8633is called to decide if a message should be queued
8634or processed immediately.
8635Typically this compares the message priority to the current load average.
8636The default definition is:
8637.(b
8638bool
8639shouldqueue(pri, ctime)
8640 long pri;
8641 time_t ctime;
8642{
8643 if (CurrentLA < QueueLA)
8644 return (FALSE);
8645 return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
8646}
8647.)b
8648If the current load average
8649(global variable
8650.i CurrentLA ,
8651which is set before this function is called)
8652is less than the low threshold load average
8653(option
8654.b x ,
8655variable
8656.i QueueLA ),
8657.i shouldqueue
8658returns
8659.sm FALSE
8660immediately
8661(that is, it should
8662.i not
8663queue).
8664If the current load average exceeds the high threshold load average
8665(option
8666.b X ,
8667variable
8668.i RefuseLA ),
8669.i shouldqueue
8670returns
8671.sm TRUE
8672immediately.
8673Otherwise, it computes the function based on the message priority,
8674the queue factor
8675(option
8676.b q ,
8677global variable
8678.i QueueFactor ),
8679and the current and threshold load averages.
8680.pp
8681An implementation wishing to take the actual age of the message into account
8682can also use the
8683.i ctime
8684parameter,
8685which is the time that the message was first submitted to
8686.i sendmail .
8687Note that the
8688.i pri
8689parameter is already weighted
8690by the number of times the message has been tried
8691(although this tends to lower the priority of the message with time);
8692the expectation is that the
8693.i ctime
8694would be used as an
8695.q "escape clause"
8696to ensure that messages are eventually processed.
8697.sh 3 "Refusing Incoming SMTP Connections"
8698.pp
8699The function
8700.i refuseconnections
8701returns
8702.sm TRUE
8703if incoming SMTP connections should be refused.
8704The current implementation is based exclusively on the current load average
8705and the refuse load average option
8706(option
8707.b X ,
8708global variable
8709.i RefuseLA ):
8710.(b
8711bool
8712refuseconnections()
8713{
8714 return (RefuseLA > 0 && CurrentLA >= RefuseLA);
8715}
8716.)b
8717A more clever implementation
8718could look at more system resources.
8719.sh 3 "Load Average Computation"
8720.pp
8721The routine
8722.i getla
8723returns the current load average (as a rounded integer).
8724The distribution includes several possible implementations.
8725If you are porting to a new environment
8726you may need to add some new tweaks.\**
8727.(f
8728\**If you do, please send updates to
8729sendmail@Sendmail.ORG.
8730.)f
8731.sh 2 "Configuration in sendmail/daemon.c"
8732.pp
8733The file
8734.i sendmail/daemon.c
8735contains a number of routines that are dependent
8736on the local networking environment.
8737The version supplied assumes you have BSD style sockets.
8738.pp
8739In previous releases,
8740we recommended that you modify the routine
8741.i maphostname
8742if you wanted to generalize
8743.b $[
8744\&...\&
8745.b $]
8746lookups.
8747We now recommend that you create a new keyed map instead.
8748.sh 2 "Certificates for STARTTLS"
8749.pp
8750In this section we assume that
8751.i sendmail
8752has been compiled with support for STARTTLS.
8753When acting as a server,
8754.i sendmail
8755requires X.509 certificates to support STARTTLS:
8756one as certificate for the server (ServerCertFile and corresponding
8757private ServerKeyFile)
8758at least one root CA (CACERTFile),
8759i.e., a certificate that is used to sign other certificates,
8760and a path to a directory which contains other CAs (CACERTPath).
8761The file specified via
8762CACERTFile
8763can contain several certificates of CAs.
8764The DNs of these certificates are sent
8765to the client during the TLS handshake (as part of the
8766CertificateRequest) as the list of acceptable CAs.
8767The CACERTPath directory must contain the hashes of each CA certificate
8768as filenames (or as links to them).
8769Symbolic links can be generated with the following
8770two (Bourne) shell commands:
8771.(b
8772C=FileName_of_CA_Certificate
8773ln -s $C `openssl x509 -noout -hash < $C`.0
8774.)b
8775An X.509 certificate is also required for authentication in client mode
8776(ClientCertFile and corresponding private ClientKeyFile), however,
8777.i sendmail
8778will always use STARTTLS when offered by a server.
8779The client and server certificates can be identical.
8780Certificates can be obtained from a certificate authority
8781or created with the help of OpenSSL.
8782The required format for certificates and private keys is PEM.
8783To allow for automatic startup of sendmail, private keys
8784(ServerKeyFile, ClientKeyFile)
8785must be stored unencrypted.
8786The keys are only protected by the permissions of the file system.
8787Never make a private key available to a third party.
8788.sh 2 "PRNG for STARTTLS"
8789.pp
8790STARTTLS requires a strong pseudo random number generator (PRNG)
8791to operate properly.
8792Depending on the TLS library you use, it may be required to explicitly
8793initialize the PRNG with random data.
8794OpenSSL makes use of
8795.b /dev/urandom(4)
8796if available (this corresponds to the compile flag HASURANDOMDEV).
8797On systems which lack this support, a random file must be specified in the
8798.i sendmail.cf
8799file using the option RandFile.
8800It is
8801.b strongly
8802advised to use the "Entropy Gathering Daemon" EGD
8803from Brian Warner on those systems to provide useful random data.
8804In this case,
8805.i sendmail
8806must be compiled with the flag EGD, and the
8807RandFile option must point to the EGD socket.
8808If neither
8809.b /dev/urandom(4)
8810nor EGD are available, you have to make sure
8811that useful random data is available all the time in RandFile.
8812If the file hasn't been modified in the last 10 minutes before
8813it is supposed to be used by
8814.i sendmail
8815the content is considered obsolete.
8816One method for generating this file is:
8817.(b
8818openssl rand -out /etc/mail/randfile -rand \c
8819.i /path/to/file:... \c
8820256
8821.)b
8822See the OpenSSL documentation for more information.
8823In this case, the PRNG for TLS is only
8824seeded with other random data if the
8825.b DontBlameSendmail
8826option
8827.b InsufficientEntropy
8828is set.
8829This is most likely not sufficient for certain actions, e.g.,
8830generation of (temporary) keys.
8831.pp
8832Please see the OpenSSL documentation or other sources
8833for further information about certificates, their creation and their usage,
8834the importance of a good PRNG, and other aspects of TLS.
8835.sh 1 "ACKNOWLEDGEMENTS"
8836.pp
8837I've worked on
8838.i sendmail
8839for many years,
8840and many employers have been remarkably patient
8841about letting me work on a large project
8842that was not part of my official job.
8843This includes time on the INGRES Project at
8844the University of California at Berkeley,
8845at Britton Lee,
8846and again on the Mammoth and Titan Projects at Berkeley.
8847.pp
8848Much of the second wave of improvements
8849resulting in version 8.1
8850should be credited to Bryan Costales of the
8851International Computer Science Institute.
8852As he passed me drafts of his book on
8853.i sendmail
8854I was inspired to start working on things again.
8855Bryan was also available to bounce ideas off of.
8856.pp
8857Gregory Neil Shapiro
8858of Worcester Polytechnic Institute
8859has become instrumental in all phases of
8860.i sendmail
8861support and development,
8862and was largely responsible for getting versions 8.8 and 8.9
8863out the door.
8864.pp
8865Many, many people contributed chunks of code and ideas to
8866.i sendmail .
8867It has proven to be a group network effort.
8868Version 8 in particular was a group project.
8869The following people and organizations made notable contributions:
8870.(l
8871Claus Assmann
8872John Beck, Hewlett-Packard & Sun Microsystems
8873Keith Bostic, CSRG, University of California, Berkeley
8874Andrew Cheng, Sun Microsystems
8875Michael J. Corrigan, University of California, San Diego
8876Bryan Costales, International Computer Science Institute & InfoBeat
8877Pa\*:r (Pell) Emanuelsson
8878Craig Everhart, Transarc Corporation
8879Per Hedeland, Ericsson
8880Tom Ivar Helbekkmo, Norwegian School of Economics
8881Kari Hurtta, Finnish Meteorological Institute
8882Allan E. Johannesen, WPI
8883Jonathan Kamens, OpenVision Technologies, Inc.
8884Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.
8885Brian Kantor, University of California, San Diego
8886John Kennedy, Cal State University, Chico
8887Murray S. Kucherawy, HookUp Communication Corp.
8888Bruce Lilly, Sony U.S.
8889Karl London
8890Motonori Nakamura, Ritsumeikan University & Kyoto University
8891John Gardiner Myers, Carnegie Mellon University
8892Neil Rickert, Northern Illinois University
8893Gregory Neil Shapiro, WPI
8894Eric Schnoebelen, Convex Computer Corp.
8895Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
8896Randall Winchester, University of Maryland
8897Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
8898Exactis.com, Inc.
8899.)l
8900I apologize for anyone I have omitted, misspelled, misattributed, or
8901otherwise missed.
8902At this point, I suspect that at least a hundred people
8903have contributed code,
8904and many more have contributed ideas, comments, and encouragement.
8905I've tried to list them in the RELEASE_NOTES in the distribution directory.
8906I appreciate their contribution as well.
8907.pp
8908Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel,
8909who besides being wonderful guinea pigs and contributors
8910have also consented to be added to the ``sendmail@Sendmail.ORG'' list
8911and, by answering the bulk of the questions sent to that list,
8912have freed me up to do other work.
8913.++ A
8914.+c "COMMAND LINE FLAGS"
8915.ba 0
8916.nr ii 1i
8917.pp
8918Arguments must be presented with flags before addresses.
8919The flags are:
8920.ip \-b\fIx\fP
8921Set operation mode to
8922.i x .
8923Operation modes are:
8924.(b
8925.ta 4n
8926m Deliver mail (default)
8927s Speak SMTP on input side
8928a\(dg ``Arpanet'' mode (get envelope sender information from header)
8929d Run as a daemon in background
8930D Run as a daemon in foreground
8931t Run in test mode
8932v Just verify addresses, don't collect or deliver
8933i Initialize the alias database
8934p Print the mail queue
8935h Print the persistent host status database
8936H Purge expired entries from the persistent host status database
8937.)b
8938.(f
8939\(dgDeprecated.
8940.)f
8941.ip \-B\fItype\fP
8942Indicate body type.
8943.ip \-C\fIfile\fP
8944Use a different configuration file.
8945.i Sendmail
8946runs as the invoking user (rather than root)
8947when this flag is specified.
8948.ip \-d\fIlevel\fP
8949Set debugging level.
8950.ip "\-f\ \fIaddr\fP"
8951The envelope sender address is set to
8952.i addr .
8953This address may also be used in the From: header
8954if that header is missing during initial submission.
8955The envelope sender address is used as the recipient
8956for delivery status notifications
8957and may also appear in a Return-Path: header.
8958.ip \-F\ \fIname\fP
8959Sets the full name of this user to
8960.i name .
8961.ip \-G
8962When accepting messages via the command line,
8963indicate that they are for relay (gateway) submission.
8964sendmail may complain about syntactically invalid messages,
8965e.g., unqualified host names,
8966rather than fixing them when this flag is set.
8967sendmail will not do any canonicalization in this mode.
8968.ip "\-h\ \fIcnt\fP"
8969Sets the
8970.q "hop count"
8971to
8972.i cnt .
8973This represents the number of times this message has been processed
8974by
8975.i sendmail
8976(to the extent that it is supported by the underlying networks).
8977.i Cnt
8978is incremented during processing,
8979and if it reaches
8980MAXHOP
8981(currently 30)
8982.i sendmail
8983throws away the message with an error.
8984.ip "\-L \fItag\fP"
8985Sets the identifier used for syslog.
8986Note that this identifier is set
8987as early as possible.
8988However,
8989.i sendmail
8990may be used
8991if problems arise
8992before the command line arguments
8993are processed.
8994.ip \-n
8995Don't do aliasing or forwarding.
8996.ip "\-N \fInotifications\fP"
8997Tag all addresses being sent as wanting the indicated
8998.i notifications ,
8999which consists of the word
9000.q NEVER
9001or a comma-separated list of
9002.q SUCCESS ,
9003.q FAILURE ,
9004and
9005.q DELAY
9006for successful delivery,
9007failure,
9008and a message that is stuck in a queue somewhere.
9009The default is
9010.q FAILURE,DELAY .
9011.ip "\-r\ \fIaddr\fP"
9012An obsolete form of
9013.b \-f .
9014.ip \-o\fIx\|value\fP
9015Set option
9016.i x
9017to the specified
9018.i value .
9019These options are described in Section 5.6.
9020.ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
9021Set
9022.i option
9023to the specified
9024.i value
9025(for long form option names).
9026These options are described in Section 5.6.
9027.ip \-M\fIx\|value\fP
9028Set macro
9029.i x
9030to the specified
9031.i value .
9032.ip \-p\fIprotocol\fP
9033Set the sending protocol.
9034Programs are encouraged to set this.
9035The protocol field can be in the form
9036.i protocol \c
9037.b : \c
9038.i host
9039to set both the sending protocol and sending host.
9040For example,
9041.q \-pUUCP:uunet
9042sets the sending protocol to UUCP
9043and the sending host to uunet.
9044(Some existing programs use \-oM to set the r and s macros;
9045this is equivalent to using \-p.)
9046.ip \-q\fItime\fP
9047Try to process the queued up mail.
9048If the time is given,
9049a
9050.i sendmail
9051will run through the queue at the specified interval
9052to deliver queued mail;
9053otherwise, it only runs once.
9054.ip \-q\fIXstring\fP
9055Run the queue once,
9056limiting the jobs to those matching
9057.i Xstring .
9058The key letter
9059.i X
9060can be
9061.b I
9062to limit based on queue identifier,
9063.b R
9064to limit based on recipient,
9065or
9066.b S
9067to limit based on sender.
9068A particular queued job is accepted if one of the corresponding addresses
9069contains the indicated
9070.i string .
9071Multiple
9072.i \-q\fIX\fP
9073flags are permitted,
9074with items with the same key letter
9075.q or'ed
9076together, and items with different key letters
9077.q and'ed
9078together.
9079.ip "\-R ret"
9080What information you want returned if the message bounces;
9081.i ret
9082can be
9083.q HDRS
9084for headers only or
9085.q FULL
9086for headers plus body.
9087This is a request only;
9088the other end is not required to honor the parameter.
9089If
9090.q HDRS
9091is specified local bounces also return only the headers.
9092.ip \-t
9093Read the header for
9094.q To: ,
9095.q Cc: ,
9096and
9097.q Bcc:
9098lines, and send to everyone listed in those lists.
9099The
9100.q Bcc:
9101line will be deleted before sending.
9102Any addresses in the argument vector will be deleted
9103from the send list.
9104.ip "\-U"
9105Indicate that this is an initial User Agent submission.
9106This flag is deprecated.
9107Future releases will ignore this flag and
9108assume all submissions from the command line are
9109initial submissions.
9110.ip "\-V envid"
9111The indicated
9112.i envid
9113is passed with the envelope of the message
9114and returned if the message bounces.
9115.ip "\-X \fIlogfile\fP"
9116Log all traffic in and out of
9117.i sendmail
9118in the indicated
9119.i logfile
9120for debugging mailer problems.
9121This produces a lot of data very quickly and should be used sparingly.
9122.pp
9123There are a number of options that may be specified as
9124primitive flags.
9125These are the e, i, m, and v options.
9126Also,
9127the f option
9128may be specified as the
9129.b \-s
9130flag.
9131The DSN related options
9132.q "\-N" ,
9133.q "\-R" ,
9134and
9135.q "\-V"
9136have no effects on
9137.i sendmail
9138running as daemon.
9139.+c "QUEUE FILE FORMATS"
9140.pp
9141This appendix describes the format of the queue files.
9142These files live in the directory defined by the
9143.b Q
9144option in the
9145.i sendmail.cf
9146file, usually
9147.i /var/spool/mqueue
9148or
9149.i /usr/spool/mqueue .
9150The individual qf, df, and xf files
9151may be stored in separate
9152.i qf/ ,
9153.i df/ ,
9154and
9155.i xf/
9156subdirectories
9157if they are present in the queue directory.
9158.pp
9159To use multiple queues,
9160supply a value ending with an asterisk.
9161For example,
9162.i /var/spool/mqueue/q*
9163will use all of the directories or symbolic links to directories
9164beginning with `q' in
9165.i /var/spool/mqueue
9166as queue directories.
9167New messages will be randomly placed
9168into one of the queues.
9169Do not change the queue directory structure
9170while sendmail is running.
9171.pp
9172All queue files have the name
9173\fIx\fP\|\fBf\fP\fIYMDhmsNPPPPP\fP
9174where
9175.i YMDhmsNPPPPP
9176is the
9177.i id
9178for this message
9179and the
9180.i x
9181is a type.
9182The individual letters in the
9183.i id
9184are:
9185.nr ii 0.5i
9186.ip Y
9187Encoded year
9188.ip M
9189Encoded month
9190.ip D
9191Encoded day
9192.ip h
9193Encoded hour
9194.ip m
9195Encoded minute
9196.ip s
9197Encoded second
9198.ip N
9199Envelope number
9200.ip PPPPP
9201At least five digits of the process ID
9202.pp
9203All files with the same id collectively define one message.
9204If memory-buffered files are available,
9205some of these files may never appear
9206on disk.
9207.pp
9208The types are:
9209.nr ii 0.5i
9210.ip d
9211The data file.
9212The message body (excluding the header) is kept in this file.
9213.ip q
9214The queue control file.
9215This file contains the information necessary to process the job.
9216.ip t
9217A temporary file.
9218These are an image of the
9219.b qf
9220file when it is being rebuilt.
9221It should be renamed to a
9222.b qf
9223file very quickly.
9224.ip x
9225A transcript file,
9226existing during the life of a session
9227showing everything that happens
9228during that session.
9229.pp
9230The
9231.b qf
9232file is structured as a series of lines
9233each beginning with a code letter.
9234The lines are as follows:
9235.ip V
9236The version number of the queue file format,
9237used to allow new
9238.i sendmail
9239binaries to read queue files created by older versions.
9240Defaults to version zero.
9241Must be the first line of the file if present.
9242For 8.10 the version number is 4.
9243.ip A
9244The information given by the AUTH= parameter of the
9245.q "MAIL FROM:"
9246command or $f@$j
9247if sendmail has been called directly.
9248.ip H
9249A header definition.
9250There may be any number of these lines.
9251The order is important:
9252they represent the order in the final message.
9253These use the same syntax
9254as header definitions in the configuration file.
9255.ip C
9256The controlling address.
9257The syntax is
9258.q localuser:aliasname .
9259Recipient addresses following this line
9260will be flagged so that deliveries will be run as the
9261.i localuser
9262(a user name from the /etc/passwd file);
9263.i aliasname
9264is the name of the alias that expanded to this address
9265(used for printing messages).
9266.ip Q
9267The ``original recipient'',
9268specified by the ORCPT= field in an ESMTP transaction.
9269Used exclusively for Delivery Status Notifications.
9270It applies only to the immediately following `R' line.
9271.ip R
9272A recipient address.
9273This will normally be completely aliased,
9274but is actually realiased when the job is processed.
9275There will be one line
9276for each recipient.
9277Version 1 qf files
9278also include a leading colon-terminated list of flags,
9279which can be
9280`S' to return a message on successful final delivery,
9281`F' to return a message on failure,
9282`D' to return a message if the message is delayed,
9283`B' to indicate that the body should be returned,
9284`N' to suppress returning the body,
9285and
9286`P' to declare this as a ``primary'' (command line or SMTP-session) address.
9287.ip S
9288The sender address.
9289There may only be one of these lines.
9290.ip T
9291The job creation time.
9292This is used to compute when to time out the job.
9293.ip P
9294The current message priority.
9295This is used to order the queue.
9296Higher numbers mean lower priorities.
9297The priority changes
9298as the message sits in the queue.
9299The initial priority depends on the message class
9300and the size of the message.
9301.ip M
9302A message.
9303This line is printed by the
9304.i mailq
9305command,
9306and is generally used to store status information.
9307It can contain any text.
9308.ip F
9309Flag bits, represented as one letter per flag.
9310Defined flag bits are
9311.b r
9312indicating that this is a response message
9313and
9314.b w
9315indicating that a warning message has been sent
9316announcing that the mail has been delayed.
9317.ip N
9318The total number of delivery attempts.
9319.ip K
9320The time (as seconds since January 1, 1970)
9321of the last delivery attempt.
9322.ip I
9323The i-number of the data file;
9324this can be used to recover your mail queue
9325after a disastrous disk crash.
9326.ip $
9327A macro definition.
9328The values of certain macros
9329are passed through to the queue run phase.
9330.ip B
9331The body type.
9332The remainder of the line is a text string defining the body type.
9333If this field is missing,
9334the body type is assumed to be
9335.q "undefined"
9336and no special processing is attempted.
9337Legal values are
9338.q 7BIT
9339and
9340.q 8BITMIME .
9341.ip Z
9342The original envelope id (from the ESMTP transaction).
9343For Deliver Status Notifications only.
9344.pp
9345As an example,
9346the following is a queue file sent to
9347.q eric@mammoth.Berkeley.EDU
9348and
9349.q bostic@okeeffe.CS.Berkeley.EDU \**:
9350.(f
9351\**This example is contrived and probably inaccurate for your environment.
9352Glance over it to get an idea;
9353nothing can replace looking at what your own system generates.
9354.)f
9355.(b
9356V4
9357T711358135
9358K904446490
9359N0
9360P2100941
9361$_eric@localhost
9362${daemon_flags}
9363Seric
9364Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU
9365RPFD:eric@mammoth.Berkeley.EDU
9366RPFD:bostic@okeeffe.CS.Berkeley.EDU
9367H?P?Return-path: <^g>
9368H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
9369 Fri, 17 Jul 1992 00:28:55 -0700
9370H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
9371 id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
9372H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
9373 id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
9374H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
9375 id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
9376H?F?From: eric@foo.bar.baz.de (Eric Allman)
9377H?x?Full-name: Eric Allman
9378H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
9379H??To: sendmail@vangogh.CS.Berkeley.EDU
9380H??Subject: this is an example message
9381.)b
9382This shows
9383the person who sent the message,
9384the submission time
9385(in seconds since January 1, 1970),
9386the message priority,
9387the message class,
9388the recipients,
9389and the headers for the message.
9390.+c "SUMMARY OF SUPPORT FILES"
9391.pp
9392This is a summary of the support files
9393that
9394.i sendmail
9395creates or generates.
9396Many of these can be changed by editing the sendmail.cf file;
9397check there to find the actual pathnames.
9398.nr ii 1i
9399.ip "/usr/\*(SD/sendmail"
9400The binary of
9401.i sendmail .
9402.ip /usr/\*(SB/newaliases
9403A link to /usr/\*(SD/sendmail;
9404causes the alias database to be rebuilt.
9405Running this program is completely equivalent to giving
9406.i sendmail
9407the
9408.b \-bi
9409flag.
9410.ip /usr/\*(SB/mailq
9411Prints a listing of the mail queue.
9412This program is equivalent to using the
9413.b \-bp
9414flag to
9415.i sendmail .
9416.ip /etc/mail/sendmail.cf
9417The configuration file,
9418in textual form.
9419.ip /etc/mail/helpfile
9420The SMTP help file.
9421.ip /etc/mail/statistics
9422A statistics file; need not be present.
9423.ip /etc/mail/sendmail.pid
9424Created in daemon mode;
9425it contains the process id of the current SMTP daemon.
9426If you use this in scripts;
9427use ``head \-1'' to get just the first line;
9428the second line contains the command line used to invoke the daemon,
9429and later versions of
9430.i sendmail
9431may add more information to subsequent lines.
9432.ip /etc/mail/aliases
9433The textual version of the alias file.
9434.ip /etc/mail/aliases.db
9435The alias file in
9436.i hash \|(3)
9437format.
9438.ip /etc/mail/aliases.{pag,dir}
9439The alias file in
9440.i ndbm \|(3)
9441format.
9442.ip /var/spool/mqueue
9443The directory in which the mail queue(s)
9444and temporary files reside.
9445.ip /var/spool/mqueue/qf*
9446Control (queue) files for messages.
9447.ip /var/spool/mqueue/df*
9448Data files.
9449.ip /var/spool/mqueue/tf*
9450Temporary versions of the qf files,
9451used during queue file rebuild.
9452.ip /var/spool/mqueue/xf*
9453A transcript of the current session.
9454.if o \
9455\{\
9456. bp
9457. rs
9458. sp |4i
9459. ce 2
9460This page intentionally left blank;
9461replace it with a blank sheet for double-sided output.
9462.\}
9463.\".ro
9464.\".ls 1
9465.\".tp
9466.\".sp 2i
9467.\".in 0
9468.\".ce 100
9469.\".sz 24
9470.\".b SENDMAIL
9471.\".sz 14
9472.\".sp
9473.\"INSTALLATION AND OPERATION GUIDE
9474.\".sp
9475.\".sz 10
9476.\"Eric Allman
9477.\".sp
|