Contains the configuration information for the sendmail command.
The /etc/mail/sendmail.cf configuration file contains the configuration information for the sendmail command. Information contained in this file includes such items as the host name and domain, and the sendmail rule sets.
The /etc/mail/sendmail.cf file:
If your environment includes only these types of mail delivery, you can use the supplied /etc/mail/sendmail.cf file with few, if any, changes.
Control Lines
The /etc/mail/sendmail.cf file consists of a series of control lines, each of which begins with a single character defining how the rest of the line is used. Lines beginning with a space or a tab are continuation lines. Blank lines and lines beginning with a # (pound sign) are comments. Control lines are used for defining:
Each of these control line types are discussed in detail below.
Rewrite Rules
The sendmail command receives addresses in a number of different formats because different mailers use different formats to deliver mail messages. The sendmail command changes the addresses to the format needed to route the message for the mailer program being used. To perform this translation, the sendmail command uses a set of rewrite rules, or rule sets, that are defined in the /etc/mail/sendmail.cf configuration file. Rewrite rules have the following format:
Snumber
Rbefore after
where number is a integer greater than or equal to zero indicating which rule set this is, and before and after are symbolic expressions representing a particular pattern of characters. The line beginning with R means rewrite the expression before so that it has the same format as the expression after. Sendmail scans through the set of rewrite rules looking for a match on the left-hand side (LHS) of the rule. When a rule matches, the address is replaced by the right-hand side (RHS) of the rule.
The /etc/mail/sendmail.cf file installed with the sendmail command contains enough rules to perform the translation for BNU and TCP/IP networks using a domain address structure. You should not have to change these rules unless connecting to a system that uses a different addressing scheme.
Macro expansions of the form $x are performed when the configuration file is read. Expansions of the form $&x are performed at run time, using a somewhat less general algorithm. This form is intended only for referencing internally defined macros such as $h that are changed at runtime.
Left-Hand Side (LHS) of Rewrite Rules
The left-hand side of rewrite rules contains a pattern. Normal words are simply matched directly. Metasyntax is introduced using a dollar sign. The metasymbols are:
Metasymbol | Meaning |
---|---|
$* | Match zero or more tokens |
$+ | Match one or more tokens |
$- | Match exactly one token |
$=x | Match any phrase in class x |
$~x | Match any word not in class x |
If any of these match, they are assigned to the symbol $n for replacement on the right-hand side, where n is the index in the LHS. For example, if the LHS:
$-:$+
is applied to the input:
UCBARPA:linda
the rule will match, and the values passed to the RHS will be:
$1 UCBARPA
$2 linda
Right-Hand Side (RHS) of Rewrite Rules
When the left-hand side of a rewrite rule matches, the input is deleted and replaced by the right-hand side. Tokens are copied directly from the RHS unless they begin with a dollar sign. Metasymbols are:
Metasymbol | Meaning |
---|---|
$n | Substitute indefinite token n from LHS |
$[name$] | Canonicalize name |
$(map key$@arguments $:default $) | Generalized keyed mapping function |
$>n | "Call" ruleset n |
$#mailer | Resolve to mailer |
$@host | Specify host |
$:user | Specify user |
The $n syntax substitutes the corresponding value from a $+, $-, $*, $=, or $~ match on the LHS. It may be used anywhere.
A host name enclosed between $[ and $] is looked up in the host database(s) and replaced by the canonical name. For example, $[merlin] might become merlin.magician and $[[128.32.130.2]$] would become king.arthur.
The $( ... $) syntax is a more general form of lookup; it uses a named map instead of an implicit map. If no lookup is found, the indicated default is inserted; if no default is specified and no lookup matches, the value is left unchanged. The arguments are passed to the map for possible use.
The $>n syntax causes the remainder of the line to be substituted as usual and then passed as the argument to ruleset n. The final value of ruleset n then becomes the substitution for this rule. The $> syntax can only be used at the beginning of the right hand side; it can be only be preceded by $@ or $:.
The $# syntax should only be used in ruleset zero or a subroutine of ruleset zero. It causes evaluation of the ruleset to terminate immediately, and signals to sendmail that the address has completely resolved. The complete syntax is:
$#mailer $@host $:user
This specifies the {mailer, host, user} 3-tuple necessary to direct the mailer. If the mailer is local, the host part may be omitted. The mailer must be a single word, but the host and user may be multi-part. If the mailer is the built-in IPC mailer, the host may be a colon-separated list of hosts that are searched in order for the first working address, exactly like MX (machine exchange) records. The user is later rewritten by the mailer-specific envelope rewrite set and assigned to the $u macro. As a special case, if the value to $# is "local" and the first character of the $: value is "@", the "@" is stripped off, and a flag is set in the address descriptor that causes sendmail to not do ruleset 5 processing.
Normally, a rule that matches is retried, that is, the rule loops until it fails. An RHS may also be preceded by a $@ or a $: to change this behavior. A $@ prefix causes the ruleset to return with the remainder of the RHS as the value. A $: prefix causes the rule to terminate immediately, but the ruleset to continue; this can be used to avoid continued application of a rule. The prefix is stripped before continuing.
R$+ $: $>7 $1
matches anything, passes that to ruleset seven, and continues; the $: is necessary to avoid an infinite loop.
Substitution occurs in the order described; that is, parameters from the LHS are substituted, host names are canonicalized, "subroutines" are called, and finally $#, $@, and $: are processed.
Semantics of Rewrite Rule Sets
There are five rewrite sets that have specific semantics.
local-part@host-domain-spec
Ruleset three is applied by sendmail before doing anything with any address.
If no "@" sign is specified, then the host-domain-spec may be appended (box "D" in "Rewrite Set Semantics") from the sender address (if the C flag is set in the mailer definition corresponding to the sending mailer).
Ruleset zero is applied after ruleset three to addresses that are going to actually specify recipients. It must resolve to a {mailer, host, user} triple. The mailer must be defined in the mailer definitions from the configuration file. The host is defined into the $h macro for use in the argv expansion of the specified mailer.
IPC Mailers
Some special processing occurs if the ruleset zero resolves to an IPC mailer (that is, a mailer that has "[IPC]" listed as the Path in the M configuration line. The host name passed after "$@" has MX expansion performed; this looks the name up in DNS to find alternate delivery sites.
The host name can also be provided as a dotted quad in square brackets; for example:
[128.32.149.78]
This causes direct conversion of the numeric value to a TCP/IP host address.
The host name passed in after the "$@" may also be a colon-separated list of hosts. Each is separately MX expanded and the results are concatenated to make (essentially) one long MX list. The intent here is to create "fake" MX records that are not published in DNS for private internal networks.
[any.internet.addr]
Macros in the sendmail.cf File
Macros in the /etc/mail/sendmail.cf file are interpreted by the sendmail command. A macro is a symbol that represents a value or string. A macro is defined by a D command in the /etc/mail/sendmail.cf file.
D — Define Macro
Macros are named with a single character or with a word in {braces}. Single-character names may be selected from the entire ASCII set, but user-defined macros should be selected from the set of uppercase letters only. Lowercase letters and special symbols are used internally. Long names beginning with a lowercase letter or a punctuation character are reserved for use by sendmail, so user-defined long macro names should begin with an uppercase letter.
Dxval
where x is the name of the macro (which may be a single character or a word in braces) and val is the value it should have. There should be no spaces given that do not actually belong in the macro value.
Macros are interpolated using the construct $x, where x is the name of the macro to be interpolated. This interpolation is done when the configuration file is read, except in M lines. The special construct $&x can be used in R lines to get deferred interpolation.
$?x text1 $| text2 $.
This interpolates text1 if the macro $x is set, and text2 otherwise. The "else" ($|) clause may be omitted.
Lowercase macro names are reserved to have special semantics, used to pass information in or out of sendmail, and special characters are reserved to provide conditionals, and so on. Uppercase names (that is, $A through $Z) are specifically reserved for configuration file authors.
The following macros are defined and/or used internally by sendmail for interpolation into argv's for mailers or for other contexts. The ones marked - are information passed into sendmail, the ones marked = are information passed both in and out of sendmail, and the unmarked macros are passed out of sendmail but are not otherwise used internally:
Macro | Definition |
---|---|
$_ | RFC1413-validation & IP source route (V8.1 and above). |
$a | The origin date in RFC822 format. |
${auth_authen} | The client’s authentication credentials as determined by authentication (only set if successful). The format depends on the mechanism used, it might be just user, or user@realm, or something similar (SMTP AUTH only). |
${auth_author} | The authorization identity, that is the AUTH=parameter of the SMTP MAIL command if supplied. |
${alg_bits} | The maximum key length (in bits) of the symmetric encryption algorithm used for a TLS connection. This may be less than the effective key length, which is stored in ${cipher_bits}, for export controlled algorithms. |
${addr_type} | The type of the address which is currently being rewritten. This macro contains up to three characters, the first is either e or h for envelope/header address, the second is a space, and the third is either s or r for sender/recipient address. |
${auth_type} | The mechanism used for SMTP authentication (only set if successful). |
$b | The current date in RFC822 format. |
$(bodytype) | The ESMTP BODY parameter. |
$B | The BITNET relay. |
$c | The hop count. |
$(client_addr) | The connecting host's IP address. |
${cert_issuer} | The DN (distinguished name) of the CA (certificate authority) that signed the presented certificate (the cert issuer) (STARTTLS only). |
${cert_md5} | The MD5 hash of the presented certificate (STARTTLS only). |
$(client_name) | The connecting host's canonical name. |
$(client_port) | The connecting host's port name. |
$(client_resolve) | Holds the result of the resolve call for $(client_name). |
${cert_subject} | The DN of the presented certificate (called the cert subject) (STARTTLS only). |
$(currHeader) | Header value as quoted string. |
${cipher} | The cipher suite used for the connection, for example, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DESCBC-SHA, DES-CBC-MD5, and DES-CBC3-SHA (STARTTLS only). |
${cipher_bits} | The effective key length (in bits) of the symmetric encryption algorithm used for a TLS connection. |
${client_connections} | The number of open connections in the SMTP server for the client IP address. |
${client_flags} | The flags specified by the Modifier= part of ClientPortOptions where flags are separated from each other by spaces and upper case flags are doubled. That is, Modifier=hA is represented as h AAin ${client_flags}, which is required for testing the flags in rulesets. |
${client_ptr} | The result of the PTR lookup for the client
IP address. Note: This is the same as ${client_name} if and
only if ${client_resolve} is OK. This is defined in the SMTP
server only.
|
${client_rate} | The number of incoming connections for the client IP address over the time interval specified by ConnectionRateWindowSize. |
${client_resolve} | Holds the result of the resolve call for ${client_name}. The possible values are:
|
${cn_issuer} | The CN (common name) of the CA that signed the
presented certificate (STARTTLS only). Note: If the CN can not be
extracted properly it is replaced by one of these strings based on
the encountered error:
In the
last case, some other (unspecific) error occurred. |
${cn_subject} | The CN (common name) of the presented certificate (STARTTLS only). See ${cn_issuer} for possible replacements. |
${currHeader} | Header value as quoted string (possibly truncated to MAXNAME). This macro is only available in header check rulesets. |
$C | The hostname of the DECnet relay (m4 technique). |
$d | enrealThe current date in UNIX (ctime)(3) format. |
$(daemon_addr) | The IP address on which the daemon is listening for connections. Unless DaemonPortOptions is set, this will be 0.0.0.0. |
$(daemon_family) | If the daemon is accepting network connections, this is the network family. |
$(daemon_flags) | The flags for the daemon as specified by the Modifiers= part of DaemonPortOptions where the flags are separated from each other by spaces and upper case flags are doubled. |
$(daemon_info) | Information about a daemon as a text string. For example, SMTP+queueing@00. |
$(daemon_name) | The name of the daemon from DaemonPortOptions Name= suboption. If this suboption is not used, the default will be set to Daemon#, where # is the daemon number. |
$(daemon_port) | The port on which the daemon is accepting connections. Unless DaemonPortOptions is set, this will most likely be set to the default of 25. |
$(deliveryMode) | The current delivery mode used by sendmail. |
$e | Obsolete. Used SmtpGreetingMessage option instead. |
$(envid) | The original DSN envelope ID. |
$E | X400 relay (unused) (m4 technique). |
$f | The sender's address. |
$F | FAX relay (m4 technique). |
$g | The sender's address relative to the recipient. |
$h | Host part of the recipient address. |
${hdrlen} | The length of the header value which is stored in ${currHeader} (before possible truncation). If this value is greater than or equal to MAXNAME the header has been truncated. |
${hdr_name} | The name of the header field for which the current header check ruleset has been called. This is useful for a default header check ruleset to get the name of the header; the macro is only available in header check rulesets. |
$H | The mail hub (m4 technique). |
$(hdrlen) | The length of the header value, which is stored in $(currHeader). |
$(hdr_name) | The name of the header field for which the current header check ruleset has been called. |
$i | The queue identifier. |
$(if_addr) | The IP address of an incoming connection interface unless it is in the loopback net. |
${if_addr_out} | The IP address of the interface of an outgoing connection unless it is in the loopback net. The IPv6 addresses are tagged with IPv6: before the address. |
${if_family} | The IP family of the interface of an incoming connection unless it is in the loopback net. |
${if_family_out} | The IP family of the interface of an outgoing connection unless it is in the loopback net. |
$(if_name) | The name of an incoming connection interface. |
${if_name_out} | The name of the interface of an outgoing connection. |
$j= | The official canonical name. |
$k | The UUCP node name (V8.1 and above). |
${load_avg} | The current load average. |
${msg_id} | The value of the Message-Id: header. |
${msg_size} | The value of the SIZE= parameter, that is, usually the size of the message (in an ESMTP dialogue), before the message has been collected, thereafter the message size as computed by the sendmail command. |
${nbadrcpts} | The number of bad recipients for a single message. |
${nrcpts} | The number of validated recipients for a single
message. Note: Since recipient validation happens after check_rcpt has been called, the value in this ruleset is one less than what
might be expected.
|
${time} | The output of the time(3) function, that is, the number of seconds since 0 hours, 0 minutes, 0 seconds, January 1, 1970, Coordinated Universal Time (UTC). |
${tls_version} | The TLS/SSL version used for the connection, for example, TLSv1, SSLv3, and SSLv2; defined after STARTTLS has been used. |
${total_rate} | The total number of incoming connections over the time interval specified by Connection-RateWindowSize. |
${verify} | The result of the verification of the presented
cert, only defined after STARTTLS has been used (or attempted). The
possible values are:
|
Item | Description |
---|---|
$l | Obsolete. Use UnixFromLine option instead. |
$L | Local user relay (m4 technique). |
$m | The DNS domain name (V8.1 and above). |
$M | Who we are masquerading as (m4 technique). |
$(mail_addr) | The address part of the resolved triple of the address given for the SMTP MAIL command. |
$(mail_host) | The host from the resolved triple of the address given for the SMTP MAIL command. |
$(mail_mailer) | The mailer from the resolved triple of the address given for the SMTP MAIL command. |
$n | The error messages sender. |
$(ntries) | The number of delivery attempts. |
$o | Obsolete. Use OperatorChars option instead. |
$opMode | The startup operating mode (V8.7 and above). |
$p | The sendmail process ID. |
$q- | Default form of the sender address. |
$(queue_interval) | The queue run interval as defined in the -q flag. |
$r | The protocol used. |
$R | The relay for unqualified names (m4 technique). |
$(rcpt_addr) | The address part of the resolved triple of the address given for the SMTP RCPT command. |
$(rcpt_host) | The host from the resolved triple of the address given for the SMTP RCPT command. |
$(rcpt_mailer) | The mailer from the resolved triple of the address given for the SMTP RCPT command. |
$s | The sender's host name. |
$S | The Smart host (m4 technique). |
$(server_addr) | The address of the server of the current outgoing SMTP connection. |
$(server_name) | The name of the server of the current outgoing SMTP connection. |
$t | Current time in seconds. |
$u | The recipient's user name. |
$U | The UUCP name to override $k. |
$v | The sendmail program's version. |
$V | The UUCP relay (for class $=V) (m4 technique). |
$w | The short name of this host. |
$W | The UUCP relay (for class $=W) (m4 technique). |
$x | The full name of the sender. |
$X | The UUCP relay (for class $=X) (m4 technique). |
$y | The home directory of the recipient. |
$z | The name of the controlling TTY. |
$Y | The UUCP relay for unclassified hosts. |
$z | The recipient's home directory. |
$Z | The version of this m4 configuration (m4 technique). |
There are three types of dates that can be used. The $a and $b macros are in RFC 822 format; $a is the time as extracted from the "Date:" line of the message (if there was one), and $b is the current date and time (used for postmarks). If no "Date:" line is found in the incoming message, $a is set to the current time also. The $d macro is equivalent to the $b macro in UNIX (ctime) format. The $t macro is the current time in seconds.
The macros $w, $j, and $m are set to the identity of this host. Sendmail tries to find the fully qualified name of the host if at all possible; it does this by calling gethostname(2) to get the current hostname and then passing that to gethostbyname(3) which is supposed to return the canonical version of that host name. Assuming this is successful, $j is set to the fully qualified name, and $m is set to the domain part of the name (everything after the first dot). The $w macro is set to the first word (everything before the first dot) if you have a level 5 or higher configuration file; otherwise, it is set to the same value as $j. If the canonicalization is not successful, it is imperative that the config file set $j to the fully qualified domain name.
The $f macro is the ID of the sender as originally determined; when mailing to a specific host, the $g macro is set to the address of the sender relative to the recipient. For example, if a user sends to king@castle.com from the machine vangogh.painter.com, the $f macro will be vincent and the $g macro will be vincent@vangogh.painter.com.
The $x macro is set to the full name of the sender. This can be determined in several ways. It can be passed as flag to sendmail. It can be defined in the NAME environment variable. The third choice is the value of the "Full-Name:" line in the header if it exists, and the fourth choice is the comment field of a "From:" line. If all of these fail, and if the message is being originated locally, the full name is looked up in the /etc/passwd file.
When sending, the $h, $u, and $z macros get set to the host, user, and home directory (if local) of the recipient. The first two are set from the $@ and $: part of the rewrite rules, respectively.
The $p and $t macros are used to create unique strings (for example, for the "Message-Id:" field). The $i macro is set to the queue ID on this host; if put into the timestamp line, it can be useful for tracking messages. The $v macro is set to be the version number of sendmail; this is normally put in timestamps and has been proven useful for debugging.
The $c field is set to the "hop count," that is, the number of times this message has been processed. This can be determined by the -h flag on the command line or by counting the timestamps in the message.
The $r and $s fields are set to the protocol used to communicate with sendmail and the sending hostname. They can be set together using the -p command line flag or separately using the -M or -oM flags.
The $_ is set to a validated sender host name. If the sender is running an RFC 1413 compliant IDENT server and the receiver has the IDENT protocol turned on, it will include the user name on that host.
The $(client_name), $(client_addr), and $(client_port) macros are set to the name, address, and port number of the connecting host who is invoking sendmail as a server. These can be used in the check_* rulesets (using the $& deferred evaluation form).
Changing the Domain Name Macro
DDname1.name2.name3.name4
This macro can be set automatically through the hostname command. The sendmail command reads what has been set with the hostname command and uses it to initialize the host and domain macros and classes. The configuration file macros only need to be changed if you want the sendmail host and domain names to be different from those set by the hostname command.
To change the domain name macro:
vi /etc/mail/sendmail.cf
DDnewyork.abc.com
Changing the Host Name Macro
The host name macro, Dw, specifies the name of your host system used in the return address of all messages you generate. The format of the host name macro is Dw followed by the hostname of this machine, for example:
Dwhostname
By default, the sendmail command reads what has been set with the hostname command and uses it to initialize the host and domain name macros and classes. Change the configuration file macros only if you want the sendmail command host and domain names to be different from those set by the hostname command.
To change the host name macro:
vi /etc/mail/sendmail.cf
Dwbrown
Modifying the sendmail.cf File
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.working
If the changes you make cause the mail system not to work properly, you can return to using a copy of the /etc/mail/sendmail.cf file that you know works.
You can modify the /etc/mail/sendmail.cf file by using your favorite text editor. However, some editors store tabs as the number of spaces they represent, not the tab character itself. This can cause unexpected results if the tab character is defined as the field-separator character in rule sets. Use the vi editor to avoid this problem, or change the field-separator character with the J option. (For ease of reference, this discussion assumes you use the vi editor to modify the /etc/mail/sendmail.cf file.)
After changing any information in the /etc/mail/sendmail.cf file, you must instruct the daemon to reread the file. See section, Making the sendmail Daemon Reread the Configuration Information for those instructions.
After you have made changes to the sendmail.cf file, instruct the daemon to reread the file. If you started the sendmail command using the startsrc command, enter the command:
refresh -s sendmail
kill -1 `cat /etc/mail/sendmail.pid`
Both of these commands cause the daemon to reread the /etc/mail/sendmail.cf file, the /etc/mail/aliases file, and the /etc/sendmail.nl file.
Alias Database
name: name1, name2, ...
linda@cloud.ai.acme.org: linda@CS.
has the desired effect. Aliases may be continued by starting any continuation lines with a space or a tab. Blank lines and lines beginning with a pound sign (#) are comments.
The second form is processed by the new database manager (NDBM) or Berkeley DB library. This form is in the file /etc/mail/aliases.db (if using NEWDB) or /etc/mail/aliases.dir and /etc/mail/aliases.pag (if using NDBM). This is the form that sendmail actually uses to resolve aliases. This technique is used to improve performance.
AliasFile=switch:aliases
AliasFile=/etc/mail/aliases
aliases nis files nisplus
then aliases will first be searched in the NIS database, then in /etc/mail/aliases, and finally in the NIS+ database.
Rebuilding the Alias Database
newaliases
/usr/sbin/sendmail -bi
If the RebuildAliases option is specified in the configuration, sendmail will rebuild the alias database automatically if possible when it is out of date. Auto-rebuild can be dangerous on heavily loaded machines with large alias files. If it might take more than the rebuild time-out (option AliasWait, which is normally five minutes) to rebuild the database, there is a chance that several processes will start the rebuild process simultaneously.
If you have multiple aliases databases specified, the -bi flag rebuilds all the database types. II understands, for example, it can rebuild NDBM databases, but not NIS databases.
Potential Problems with the Alias Database
There are a number of problems that can occur with the alias database. They all result from a sendmail process accessing the DBM version while it is only partially built. This can happen under two circumstances: One process accesses the database while another process is rebuilding it, or the process rebuilding the database dies (due to being killed or a system crash) before completing the rebuild.
Sendmail has three techniques to try to relieve these problems. First, it ignores interrupts while rebuilding the database; this avoids the problem of someone aborting the process leaving a partially rebuilt database. Second, it locks the database source file during the rebuild, but that may not work over NFS or if the file is not writable. Third, at the end of the rebuild, it adds an alias of the form:
@: @
(which is not normally legal). Before sendmail will access the database, it checks to ensure that this entry exists.
List Owners
If an error occurs on sending to a certain address, x, sendmail will look for an alias of the form owner-x to receive the errors. This is typically useful for a mailing list where the submitter of the list has no control over the maintenance of the list itself. In this case, the list maintainer would be the owner of the list. For example:
unix-wizards: linda@paintbox, wnj@monet, nosuchuser,
sam@matisse
owner-unix-wizards: unix-wizards-request
unix-wizards-request: linda@paintbox
would cause linda@paintbox to get the error that will occur when someone sends to unix-wizards due to the inclusion of nosuchuser on the list.
List owners also cause the envelope sender address to be modified. The contents of the owner alias are used if they point to a single user. Otherwise, the name of the alias itself is used. For this reason, and to conform to Internet conventions, the "owner-" address normally points at the "-request" address; this causes messages to go out with the typical Internet convention of using "list-request" as the return address.
Per-User Forwarding (.forward Files)
As an alternative to the alias database, users may put a file with the name ".forward" in their home directory. If this file exists, sendmail redirects mail for that user to the list of addresses listed in the .forward file. For example, if the home directory for user "kenly" has a .forward file with contents:
kenly@ernie
joel@renoir
then any mail arriving for "kenly" will be redirected to the specified accounts.
The configuration file defines a sequence of file names to check. By default, this is the user's .forward file, but can be defined to be more general using the ForwardPath (J) option. If you change this option, you must inform your user base of the change.
IDENT Protocol Support
UCB sendmail supports the IDENT protocol as defined in RFC 1413. Although this enhances identification of the author of an e-mail message by doing a "callback" to the originating system to include the owner of a particular TCP connection in the audit trail, it is in no sense perfect; a determined forger can easily violate the security of the IDENT protocol.
The following description is excerpted from RFC 1413:
6. Security Considerations
The information returned by this protocol is at most as trustworthy as the host providing it OR the organization operating the host. For example, a PC in an open lab has few if any controls on it to prevent a user from having this protocol return any identifier the user wants. Likewise, if the host has been compromised the information returned may be completely erroneous and misleading.
The Identification Protocol is not intended as an authorization or access control protocol. At best, it provides some additional auditing information with respect to TCP connections. At worst, it can provide misleading, incorrect, or maliciously incorrect information.
The use of the information returned by this protocol for other than auditing is strongly discouraged. Specifically, using Identification Protocol information to make access control decisions, either as the primary method (that is, no other checks) or as an adjunct to other methods may result in a weakening of normal host security.
An Identification server may reveal information about users, entities, objects or processes which might normally be considered private. An Identification server provides service which is a rough analog of the CallerID services provided by some phone companies and many of the same privacy considerations and arguments that apply to the CallerID service apply to Identification. If you would not run a "finger" server due to privacy considerations you may not want to run this protocol.
Tuning
There are a number of configuration parameters you may want to change, depending on the requirements of your site. Most of these are set using an option in sendmail.cf. For example, the line "O Time-out.queuereturn=5d" sets option "Timeout.queuereturn" to the value "5d" (five days).
Most of these options have appropriate defaults for most sites. However, sites having very high mail loads may find they need to tune them as appropriate for their mail load. In particular, sites experiencing a large number of small messages, many of which are delivered to many recipients, may find that they need to adjust the parameters dealing with queue priorities.
All prior versions of sendmail had single-character option names. Although old short names are still accepted, most new options do not have short equivalents.
Timeouts
All time intervals are set using a scaled syntax. For example, "10m" represents ten minutes, whereas "2h30m" represents two and a half hours. The full set of scales is:
Timeouts all have option names "Time-out.suboption". The recognized suboptions, their default values, and the minimum values allowed by RFC 1123 section 5.3.2 are:
Suboption | Description |
---|---|
aconnect | The overall timeout waiting for all connection for a single delivery attempt to succeed [0, unspecified] . If 0, no overall limit is applied. This can be used to restrict the total amount of time trying to connect to a long list of host that could accept an e-mail for the recipient. This timeout does not apply to FallbackMXhost, that is, if the time is exhausted, the FallbackMXhost is tried next. |
auth | The timeout for a reply in an SMTP AUTH dialogue [10m, unspecified]. |
command- | In server SMTP, the time to wait for another command. [1h, 5m]. |
connect | The time to wait for an SMTP connection to open (the connect(2) system call) [0, unspecified]. If zero, uses the kernel default. In no case can this option extend the time-out longer than the kernel provides, but it can shorten it. This is to get around kernels that provide an extremely long connection time-out (90 minutes in one case). |
control | The time-out for a complete control socket transaction to complete [2m, none]. |
datablock- | The wait for reading a data block (that is, the body of the message). [1h, 3m]. This should be long because it also applies to programs piping input to sendmail which have no guarantee of promptness. |
datafinal- | The wait for a reply from the dot terminating a message. [1h,10m]. If this is shorter than the time actually needed for the receiver to deliver the message, duplicates will be generated. This is discussed in RFC1047. |
datainit- | The wait for a reply from a DATA command [5m, 2m]. |
fileopen | The time-out for opening .forward and :include:files [60s, none]. |
iconnect | The same as connect, except it applies only to the initial attempt to connect to a host for a given message [0, unspecified]. This period should be very short (a few seconds). Hosts that are well-connected and responsive will be serviced immediately. Hosts that are slow do not detain other deliveries in the initial delivery attempt. |
ident- | The time-out waiting for a reply to an IDENT query [30s11, unspecified]. |
initial | The wait for the initial 220 greeting message [5m, 5m]. |
helo | The wait for a reply from a HELO or EHLO command [5m, unspecified]. This may require a host name lookup, so five minutes is probably a reasonable minimum. |
hoststatus | The time that long status information about a host (for example, host down) will be cached before it is considered stale [30m, unspecified]. |
mail- | The wait for a reply from a MAIL command [10m, 5m]. |
misc | The wait for a reply from miscellaneous (but short) commands such as NOOP (no-operation) and VERB (go into verbose mode). [2m, unspecified]. |
quit | The wait for a reply from a QUIT command [2m, unspecified]. |
rcpt- | The wait for a reply from a RCPT command [1h, 5m]. This should be long because it could be pointing at a list that takes a long time to expand (see below). |
rset | The wait for a reply from a RSET command [5m, unspecified]. |
resolver.retrans | Sets resolver retransmission time interval in seconds. Sets both the Timeout.resolver.retrans.first and Timeout.resolver.retrans.normal. |
resolver.retrans.first | Sets resolver retransmission time interval in seconds for the first attempt to deliver a message. |
resolver.retrans.normal | Sets the retransmission time interval in seconds for all resolver lookups except for the first delivery attempt. |
resolver.retry | Sets the number of attempts to retransmit a resolver query. Sets both Timeout.resolver.retry.first and Timeout.resolver.retry.normal. |
resolver.retry.first | Sets the number of attempts to retransmit a resolver query for the first delivery attempt. |
resolver.retry.normal | Sets the number of attempts to retransmit a resolver query for all resolver lookups except the first delivery attempt. |
starttls | The timeout for a reply to an SMTP STARTTLS command, and the TLS handshake [1h, unspecified]. |
For compatibility with old configuration files, if no suboption is specified, all the timeouts marked with - are set to the indicated value.
Message Timeouts
After sitting in the queue for a few days, a message will time out. This is to ensure that at least the sender is aware of the inability to send a message. The time-out is typically set to five days. It is sometimes considered convenient to also send a warning message if the message is in the queue longer than a few hours (assuming you normally have good connectivity; if your messages normally took several hours to send, you would not want to do this because it would not be an unusual event). These timeouts are set using the Timeout.queuereturn and Timeout.queuewarn options in the configuration file (previously both were set using the T option).
Because these options are global and you cannot know how long another host outside your domain will be down, a five-day time-out is recommended. This allows a recipient to fix the problem even if it occurs at the beginning of a long weekend. RFC 1123 section 5.3.1.1 says that this parameter should be "at least 4-5 days".
The Timeout.queuewarn value can be piggybacked on the T option by indicating a time after which a warning message should be sent; the two timeouts are separated by a slash. For example, the line:
OT5d/4h
causes e-mail to fail after five days, but a warning message will be sent after four hours. This should be large enough that the message will have been tried several times.
Queue interval
The argument to the -q flag specifies how often a subdaemon will run the queue. This is typically set to between fifteen minutes and one hour. RFC 1123, section 5.3.1.1 recommends this be at least 30 minutes.
Forking During Queue Runs
By setting the ForkEachJob (Y) option, sendmail will fork before each individual message while running the queue. This will prevent sendmail from consuming large amounts of memory, so it may be useful in memory-poor environments. However, if the ForkEachJob option is not set, sendmail will keep track of hosts that are down during a queue run, which can improve performance dramatically.
If the ForkEachJob option is set, sendmail cannot use connection caching.
Queue Priorities
Every message is assigned a priority when it is first instantiated, consisting of the message size (in bytes) offset by the message class (which is determined from the Precedence: header) times the "work class factor" and the number of recipients times the "work recipient factor." The priority is used to order the queue. Higher numbers for the priority mean that the message will be processed later when running the queue.
The message size is included so that large messages are penalized relative to small messages. The message class allows users to send "high priority" messages by including a "Precedence:" field in their message; the value of this field is looked up in the P lines of the configuration file. Because the number of recipients affects the amount of load a message presents to the system, this is also included into the priority.
The recipient and class factors can be set in the configuration file using the RecipientFactor (y) and ClassFactor (z) options respectively. They default to 30000 (for the recipient factor) and 1800 (for the class factor). The initial priority is:
pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold
RecipientFactor)
(Remember that higher values for this parameter actually mean that the job will be treated with lower priority.)
The priority of a job can also be adjusted each time it is processed (that is, each time an attempt is made to deliver it) using the "work time factor," set by the RetryFactor(Z) option. This is added to the priority, so it normally decreases the precedence of the job, on the grounds that jobs that have failed many times will tend to fail again in the future. The RetryFactor option defaults to 90000.
Load Limiting
Sendmail can be asked to queue (but not deliver) mail if the system load average gets too high using the QueueLA (x) option. When the load average exceeds the value of the QueueLA option, the delivery mode is set to q (queue only) if the QueueFactor (q) option divided by the difference in the current load average and the QueueLA option plus one exceeds the priority of the message; that is, the message is queued if:
pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
The QueueFactor option defaults to 600000, so each point of load average is worth 600000 priority points (as described above).
For drastic cases, the RefuseLA (X) option defines a load average at which sendmail will refuse to accept network connections. Locally generated mail (including incoming UUCP mail) is still accepted.
Delivery Mode
There are a number of delivery modes that sendmail can operate in, set by the DeliveryMode (d) configuration option. These modes specify how quickly mail will be delivered. Legal modes are:
Delivery Mode | Definition |
---|---|
i | Deliver interactively (synchronously) |
b | Deliver in background (asynchronously) |
q | Queue only (do not deliver) |
d | Defer delivery attempts (do not deliver). |
There are trade-offs. Mode i gives the sender the quickest feedback, but may slow down some mailers and is hardly ever necessary. Mode b delivers promptly, but can cause large numbers of processes if you have a mailer that takes a long time to deliver a message. Mode q minimizes the load on your machine, but means that delivery may be delayed for up to the queue interval. Mode d is identical to mode q except that it also prevents all the early map lookups from working; it is intended for "dial on demand" sites where DNS lookups might be very expensive. Some simple error messages (for example, host unknown during the SMTP protocol) will be delayed using this mode. Mode b is the default.
If you run in mode q (queue only), d (defer), or b (deliver in background), sendmail will not expand aliases and follow .forward files upon initial receipt of the mail. This speeds up the response to RCPT commands. Mode i cannot be used by the SMTP server.
Log Level
The level of logging can be set for sendmail. The default using a standard configuration table is level 9. The levels are as follows:
Log Level | Definition |
---|---|
0 | Minimum logging. |
1 | Serious system failures and potential security problems. |
2 | Lost communications (network problems) and protocol failures. |
3 | Other serious failures. |
4 | Minor failures. |
5 | Message collection statistics. |
6 | Creation of error messages, VRFY and EXPN commands. |
7 | Delivery failures (for example, host or user unknown). |
8 | Successful deliveries and alias database rebuilds. |
9 | Messages being deferred (for example, due to a host being down). |
10 | Database expansion (alias, forward, and userdb lookups). |
11 | NIS errors and end-of-job processing. |
12 | Logs all SMTP connections. |
13 | Logs bad user shells, files with improper permissions, and other questionable situations. |
14 | Logs refused connections. |
15 | Log all incoming and outgoing SMTP commands. |
20 | Logs attempts to run locked queue files. These are not errors, but can be useful to note if your queue appears to be clogged. |
30 | Lost locks (only if using lockf instead of flock). |
File Modes
The modes used for files depend on what functionality you want and the level of security you require.
The database that sendmail actually uses is represented by the following file:
The mode on these files should match the mode of /etc/mail/aliases. If aliases is writable and the files are not, users will be unable to reflect their desired changes through to the actual database. However, if aliases is read-only and DBM files are writable, a slightly sophisticated user can arrange to steal mail anyway.
If your DBM files are not writable, or you do not have auto-rebuild enabled (with the AutoRebuildAliases option), then you must be careful to reconstruct the alias database each time you change the text version:
newaliases
If this step is ignored or forgotten, any intended changes will be lost.
Connection Caching
When processing the queue, sendmail will try to keep the last few open connections open to avoid startup and shutdown costs. This only applies to IPC connections.
When trying to open a connection, the cache is first searched. If an open connection is found, it is probed to see if it is still active by sending a RSET command. It is not an error if this fails; instead, the connection is closed and reopened.
Two parameters control the connection cache. The ConnectionCacheSize (k) option defines the number of simultaneous open connections that will be permitted. If it is set to zero, connections will be closed as quickly as possible. The default is one. This should be set as appropriate for your system size; it will limit the amount of system resources that sendmail will use during queue runs. Never set this higher than 4.
The ConnectionCacheTimeout (K) option specifies the maximum time that any cached connection will be permitted to idle. When the idle time exceeds this value, the connection is closed. This number should be small (under ten minutes) to prevent you from grabbing too many resources from other hosts. The default is five minutes.
Name Server Access
If you want machine exchange (MX) support, you must be using Domain Name Services (DNS).
The ResolverOptions(I) option allows you to tweak name server options. The command line takes a series of flags as documented inresolver(3) (with the leading "RES_" deleted). Each can be preceded by an optional `+' or `-'. For example, the line:
O ResolverOptions=+AAONLY -DNSRCH
turns on the AAONLY (Accept Authoritative Answers only) and turns off the DNSRCH (search the domain path) options. Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE flags on and all others off. You can also include "HasWildcardMX" to specify that there is a wildcard MX record matching your domain; this turns off MX matching when canonicalizing names, which can lead to inappropriate canonicalizations.
Moving the Per-User Forward Files
Some sites mount each user's home directory from a local disk on their workstation, so that local access is fast. However, the result is that .forward file lookups are slow. In some cases, mail can even be delivered on machines inappropriately because of a file server being down. The performance can be especially bad if you run the automounter.
The ForwardPath (J) option allows you to set a path of forward files. For example, the config file line:
O ForwardPath=/var/forward/$u:$z/.forward.$w
would first look for a file with the same name as the user's login in /var/forward. If that is not found (or is inaccessible), the file ".forward.machinename" in the user's home directory is searched.
If you create a directory such as /var/forward, it should be mode 1777 (that is, the sticky bit should be set). Users should create the files mode 644.
Free Space
On systems that have one of the system calls in the statfs(2) family (including statvfs and ustat), you can specify a minimum number of free blocks on the queue file system using the MinFreeBlocks (b) option. If there are fewer than the indicated number of blocks free on the filesystem on which the queue is mounted, the SMTP server will reject mail with the 452 error code. This invites the SMTP client to try again later.
Maximum Message Size
To avoid overflowing your system with a large message, the MaxMessageSize option can set an absolute limit on the size of any one message. This will be advertised in the ESMTP dialogue and checked during message collection.
Privacy Flags
The PrivacyOptions (p) option allows you to set certain "privacy" flags. Actually, many of them do not give you any extra privacy, rather just insisting that client SMTP servers use the HELO command before using certain commands or adding extra headers to indicate possible security violations.
The option takes a series of flag names; the final privacy is the inclusive or of those flags. For example:
O PrivacyOptions=needmailhelo, noexpn
insists that the HELO or EHLO command be used before a MAIL command is accepted and disables the EXPN command.
The flags are detailed in RFC 1123 S 5.1.6.
Send to Me Too
Normally, sendmail deletes the (envelope) sender from any list expansions. For example, if "linda" sends to a list that contains "linda" as one of the members, she will not get a copy of the message. If the -m (me too) command line flag, or if the MeToo (m) option is set in the configuration file, this behavior is suppressed.
C and F — Define Classes
Ccphrase1 phrase2...
Fcfile
CHmonet ucbmonet
CHmonet
CHucbmonet
are equivalent. The "F" form reads the elements of the class c from the named file.
Elements of classes can be accessed in rules using $= or $~. The $~ (match entries not in class) only matches a single word; multi-word entries in the class are ignored in this context.
The class $=w is set to be the set of all names this host is known by. This can be used to match local host names.
The class $=k is set to be the same as $k, that is, the UUCP node name.
The class $=m is set to the set of domains by which this host is known, initially just $m.
The class $=t is set to the set of trusted users by the T configuration line. If you want to read trusted users from a file, use Ft/file/name.
The class $=n can be set to the set of MIME body types that can never be eight to seven bit encoded. It defaults to "multipart/signed". Message types "message/*" and "multipart/*" are never encoded directly. Multipart messages are always handled recursively. The handling of message/* messages are controlled by class $=s. The class $=e contains the Content-Transfer-Encodings that can be 8->7 bit encoded. It is predefined to contain "7bit", "8bit", and "binary". The class $=s contains the set of subtypes of message that can be treated recursively. By default it contains only "rfc822". Other "message/*" types cannot be 8->7 bit encoded. If a message containing eight-bit data is sent to a seven-bit host, and that message cannot be encoded into seven bits, it will be stripped to 7 bits.
The three classes $=U, $=Y, and $=Z are defined to describe the hosts requiring the use of a uucp mailer. Specifically, $=U should contain all hosts requiring the uucp-old mailer. $=Y should contain all hosts requiring the uucp-new mailer. Finally, $=Z should contain all hosts requiring the uucp-uudom mailer. Each uucp host should belong to one of these classes.
FL/etc/passwd %[^:]
which reads every line up to the first colon.
Changing the Host Name
CwCw alias aliasn...
By default, the sendmail command reads what has been set with the hostname command and uses it to initialize the host and domain name macros and classes. Change the configuration file macros only if you want the sendmail host and domain names to be different from those set by the hostname command.
To change the host name:
vi /etc/mail/sendmail.cf
Creating a Class Using a File
FClass FileName [Format]
Class is the name of the class that matches any of the words listed in FileName. Filename is the full path name of file (for convenience, you may wish to put the file in the /etc/mail directory). Format is an optional scanf subroutine format specifier that indicates the format of the elements of the class in FileName. The Format specifier can contain only one conversion specification.
M — Define Mailer
Programs and interfaces to mailers are defined in this line. The format is:
Mname, {field=value}*
where name is the name of the mailer (used internally only) and the "field=name" pairs define attributes of the mailer. Fields are:
Field | Description |
---|---|
Path | The path name of the mailer |
Flags | Special flags for this mailer |
Sender | Rewrite set(s) for sender addresses |
Recipient | Rewrite set(s) for recipient addresses |
Argv | An argument vector to pass to this mailer |
Eol | The end-of-line string for this mail |
Maxsize | The maximum message length to this mailer |
maxmessages | The maximum message delivers per connection |
Linelimit | The maximum line length in the message body |
Directory | The working directory for the mailer |
Userid | The default user and group ID to run |
Nice | The nice(2) increment for the mailer |
Charset | The default character set for 8-bit characters |
Type | The MTS type information (used for error messages) |
Wait | The maximum time to wait for the mailer |
/ | The root directory for the mailer |
Queuegroup | The default queue group for the mailer. |
Only the first character of the field name is checked.
The flags in the following list may be set in the mailer description. Any other flags may be used freely to conditionally assign headers to messages destined for particular mailers. Flags marked with - are not interpreted by the sendmail binary; these are conventionally used to correlate to the flags portion of the H line. Flags marked with = apply to the mailers for the sender address rather than the usual recipient mailers.
Flag | Description |
---|---|
a | Run Extended SMTP (ESMTP) protocol (defined in RFCs 1651, 1652, and 1653). This flag defaults on if the SMTP greeting message includes the word "ESMTP". |
A | Look up the user part of the address in the alias database. Normally this is only set for local mailers. |
b | Force a blank line on the end of a message. This is intended to work around some versions of /bin/mail that require a blank line, but do not provide it themselves. It would not normally be used on network mail. |
c | Do not include comments in addresses. This should only be used if you have to work around a remote mailer that gets confused by comments. This strips addresses of the form "Phrase <address>" or "address (Comment)" down to just "address". |
C= | If mail is received from a mailer with this flag set, any addresses
in the header that do not have an at sign ("@") after being rewritten
by ruleset three will have the "@domain" clause from the sender envelope
address tacked on. This allows mail with headers of the form:
to be rewritten automatically (although not reliably) as:
|
d | Do not include angle brackets around route-address syntax addresses. This is useful on mailers that are going to pass addresses to a shell that might interpret angle brackets as I/O redirection. |
D- | This mailer wants a "Date:" header line. |
e | This mailer is expensive to connect to, so try to avoid connecting normally. Any necessary connection will occur during a queue run. |
E | Escape lines beginning with "From" in the message with a `>' sign. |
f | The mailer wants a -f from flag, but only if this is a network forward operation (that is, the mailer will give an error if the executing user does not have special permissions). |
F- | This mailer wants a "From:" header line. |
g | Normally, sendmail sends internally generated error messages using the null return address as required by RFC 1123. However, some mailers do not accept a null return address. If necessary, you can set the g flag to prevent sendmail from obeying the standards; error messages will be sent as from the MAILER-DAEMON (actually, the value of the $n macro). |
h | Uppercase should be preserved in host names for this mailer. |
i | Do User Database rewriting on envelope sender address. |
I | This mailer will be speaking SMTP to another sendmail, as such it can use special protocol features. This option is not required (that is, if this option is omitted the transmission will still operate successfully, although perhaps not as efficiently as possible). |
j | Do User Database rewriting on recipients as well as senders. |
k | Normally when sendmail connects to a host via SMTP, it checks to make sure that this is not accidentally the same host name as might happen if sendmail is misconfigured or if a long-haul network interface is set in loopback mode. This flag disables the loopback check. It should only be used under very unusual circumstances. |
K | Currently unimplemented. Reserved for chunking. |
l | This mailer is local (that is, final delivery will be performed). |
L | Limit the line lengths as specified in RFC821. This deprecated option should be replaced by the L= mail declaration. For historic reasons, the L flag also sets the 7 flag. |
m | This mailer can send to multiple users on the same host in one transaction. When a $u macro occurs in the argv part of the mailer definition, that field will be repeated as necessary for all qualifying users. |
M- | This mailer wants a "Message-Id:" header line. |
n | Do not insert a UNIX-style "From" line on the front of the message. |
o | Always run as the owner of the recipient mailbox. Normally sendmail runs as the sender for locally generated mail or as "daemon" (actually, the user specified in the u option) when delivering network mail. The normal behavior is required by most local mailers, which will not allow the envelope sender address to be set unless the mailer is running as daemon. This flag is ignored if the S flag is set. |
p | Use the route-addr style reverse-path in the SMTP "MAIL FROM:" command rather than just the return address; although this is required in RFC821 section 3.1, many hosts do not process reverse-paths properly. Reverse-paths are officially discouraged by RFC 1123. |
P- | This mailer wants a "Return-Path:" line. |
q | When an address that resolves to this mailer is verified (SMTP VRFY command), generate 250 responses instead of 252 responses. This will imply that the address is local. |
Item | Description |
---|---|
r | Same as f, but sends an -r flag. |
R | Open SMTP connections from a "secure" port. Secure ports are not secure except on UNIX machines, so it is unclear that this adds anything. |
s | Strip quote characters (" and \) off the address before calling the mailer. |
S | Do not reset the userid before calling the mailer. This would be used in a secure environment where sendmail ran as root. This could be used to avoid forged addresses. If the U= field is also specified, this flag causes the userid to always be set to that user and group (instead of leaving it as root). |
u | Uppercase should be preserved in user names for this mailer. |
U | This mailer wants UUCP-style "From" lines with the "remote from <host>" on the end. |
w | The user must have a valid account on this machine (getpwnam must succeed). If not, the mail is bounced. This is required to get ".forward" capability. |
x- | This mailer wants a "Full-Name:" header line. |
X | This mailer wants to use the hidden dot algorithm as specified in RFC821; basically, any line beginning with a dot will have an extra dot prepended (to be stripped at the other end). This ensures that lines in the message containing a dot will not terminate the message prematurely. |
z | Run Local Mail Transfer Protocol (LMTP) between sendmail and the local mailer. This is a variant on SMTP defined in RFC 2033 that is specially designed for delivery to a local mailbox. |
0 | Do not look up Mx records for hosts via SMTP. |
3 | Extend the list of characters converted to =XX notation when converting to Quoted-Printable to include those that do not map cleanly between ASCII and EBCDIC. Useful if you have IBM® mainframes on site. |
5 | If no aliases are found for this address, pass the address through ruleset 5 for possible alternate resolution. This is intended to forward the mail to an alternate delivery spot. |
6 | Strip headers to seven bits. |
7 | Strip all output to seven bits. This is the default if the L flag is set. Note that clearing this option is not sufficient to get full eight-bit data passed through sendmail. If the 7 option is set, this is essentially always set, because the eighth bit was stripped on input. Note that this option will only impact messages that did not have 8->7 bit MIME conversions performed. |
8 | If set, it is acceptable to send eight bit data to this mailer; the usual attempt to do 8->7 bit MIME conversions will be bypassed. |
9 | If set, do limited 7->8 bit MIME conversions. These conversions are limited to text/plain data. |
: | Check addresses to see if they begin ":include:". If they do, convert them to the "*include*" mailer. |
| | Check addresses to see if they begin with a `|'. If they do, convert them to the "prog" mailer. |
/ | Check addresses to see if they begin with a `/'. If they do, convert them to the "*file*" mailer. |
@ | Look up addresses in the user database. |
% | Do not attempt delivery on initial recipient of a message or on queue runs unless the queued message is selected using one of the -qI/-qR/-qS queue run modifiers or an ETRN request. |
The mailer with the special name "error" can be used to generate a user error. The (optional) host field is an exit status to be returned, and the user field is a message to be printed. The exit status may be numeric or one of the values USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG to return the corresponding EX_ exit code. For example, the entry:
$#error $@ NOHOST $: Host unknown in this domain
on the RHS of a rule will cause the specified error to be generated and the "Host unknown" exit status to be returned if the LHS matches. It is always available for use in O, S, and check_ ... rulesets and it cannot be defined with M commands.
The mailer named "local" must be defined in every configuration file. This is used to deliver local mail, and is treated specially in several ways. Additionally, three other mailers named "prog", "*file*", and "*include*" may be defined to tune the delivery of messages to programs, files, and :include: lists respectively. They default to:
Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh -c $u
M*file*, P=[FILE], F=lsDFMPEuq9, T=DNS/RFC822/X-Unix, A=FILE $u
M*include*, P=/dev/null, F=su, A=INCLUDE $u
The Sender and Recipient rewrite sets may either be a simple ruleset ID or may be two IDs separated by a slash If so, the first rewrite set is applied to envelope addresses, and the second is applied to headers. Setting any value to zero disables the corresponding mailer-specific rewriting.
The Directory field is a path of directories to try. For example, the definition D=$z:/ tries to execute the recipient's home directory, but if that is not available, it tries to execute in the root of the filesystem. Use this on the prog mailer only, because some shells (e.g., csh) do not execute if they cannot read the home directory. Because the queue directory usually cannot be read by unauthorized users, csh scripts can fail if they are used as recipients.
The Userid field specifies the default user and group ID to run. It overrides the DefaultUser option q.v. If the S mailer flag is also specified, the user and group ID will run in all circumstances. Use the form user:group to set both the user and group ID. Either of these variables may be an integer or a symbolic name that is looked up in the passwd and group files respectively.
The Charset field is used when converting a message to MIME. It is the character set used in the Content-Type: header. If it is not set, the DefaultCharset option is used. If the DefaultCharset is not set, the value unknown-8bit is used. The Charset field applies to the sender's mailer; not the recipient's mailer. For example: if the envelope sender address is on the local network and the recipient is on an external network, the character set is set from the Charset= field for the local network mailer, not the external network mailer.
The Type field sets the type of information used in MIME error messages (as defined by RFC 1984). It contains three values that are separated by slashes: the MTA type (a description of how hosts are named), address type (a description of e-mail addresses), and diagnostic type (a description of error diagnostic codes). Each must be a registered value or begin with X-. The default is dns/rfc822/smtp.
Mailer Specifications Examples
Mlocal, P=/usr/bin/bellmail, F=lsDFMmn, S=10, R=20, A=mail $u
The mailer is called local. Its path name is /usr/bin/bellmail. The mailer uses the following flags: Item | Description |
---|---|
l | Specifies local delivery. |
s | Strips quotation marks from addresses. |
DFM | Requires Date:, From:, and Message-ID: fields. |
m | Delivers to multiple users. |
n | Does not need an operating system From line at the start of the message. |
H — Define Header
The format of the header lines that sendmail inserts into the message are defined by the H line. The syntax of this line is one of the following:
Hhname:htemplate
H[?mflags?]hname: htemplate
H[?${macro}?hname:htemplate
Continuation lines in this spec are reflected directly into the outgoing message. The htemplate is macro expanded before insertion into the message. If the mflags (surrounded by question marks) are specified, at least one of the specified flags must be stated in the mailer definition for this header to be automatically output. If one of these headers is in the input, it is reflected to the output regardless of these flags.
Some headers have special semantics that will be described later.
A secondary syntax allows validation of headers as they being read. To enable validation, use:
HHeader: $>Ruleset
HHeader: $>+Ruleset
The indicated Ruleset is called for the specified Header. Like other check_* rulesets, it can return $#error to reject the message or $#discard to discard the message. The header is treated as a structured field, so comments (in parentheses) are deleted before processing, unless the second form $>+ is used.
HMessage-Id: $>CheckMessageId
SCheckMessageId
R<$+@$+> $@OK
R$* $#error $: Illegal Message-Id header
would refuse any message header that had a Message-Id: header of any of the following forms:
Message-Id: <>
Message-Id: some text
Message-Id: <legal test@domain> extra text
Message Headings in the sendmail.cf File
Lines in the configuration file that begin with a capital letter H, define the format of the headers used in messages. The format of the H command is:
H[?MailerFlags?]FieldName: Content
The variable parameters are defined as:
Parameter | Definition |
---|---|
MailerFlags | Determines whether the H line is used. This parameter is optional. If you supply this parameter, surround it with ? (question marks). If the mailer requires the field defined by this control line (as indicated in the mailer definition's flags field), then the H control line is included when formatting the heading. Otherwise, the H control line is ignored. |
FieldName | Contains the text displayed as the name of the field in the heading information. Typical field names include From:, To:, and Subject:. |
Content | Defines the information that is displayed following the field name. Usually macros specify this information. |
These example lines are from a typical /etc/mail/sendmail.cf file:
Example | Meaning |
---|---|
H?P?Return-Path: <$g> | Defines a field called Return-Path that displays the content of the $g macro (sender address relative to the recipient). The ?P? portion indicates this line is only used if the mailer uses the P flag (the mailer requires a Return-Path line). The header is generated only if the mailer has the indicated flag. If the header appears in the input message, it is passed through unchanged. |
HReceived: $?sfrom $s $.by $j ($v/$Z) id $i; $b | Defines a field called Received. This field includes:
|
There are several global options that can be set from a configuration file. The syntax of this line is:
O option=value
This sets option equal to value. The options supported are listed in the following table.
Option | Description |
---|---|
AliasFile=spec, spec, ... | Specify possible alias file(s). Each spec should be in the format class:: file where class:: is optional and defaults to implicit if not included. Depending on how sendmail is compiled, valid classes are:
If a list of specs are provided, sendmail searches them in order. |
AliasWait=time-out | Waits up to time-out (units default to minutes) for an @:@ entry to exist in the alias database before starting up. If it does not appear in the time-out interval and the AutoRebuildAliases option is also set, rebuild the database. Otherwise, issue a warning. |
AllowBogusHELO | Allows HELO SMTP commands that do not include a host name. Setting this violates RFC 1123 section 5.2.5, but is necessary to interoperate with several SMTP clients. If there is a value, it is still checked for legitimacy. |
BlankSub=c | Sets the blank substitution character to c. Unquoted spaces in addresses are replaced by this character. If not defined, it defaults to a space and no replacement is made. |
CACERTPath | Path to directory with certificates of CAs. |
CACERTFile | File containing one CA certificate. |
CheckAliases | Validate the RHS of aliases when rebuilding the alias database. |
CheckpointInterval=N | Defines the queue checkpoint interval to every N addresses sent. If not specified, the default is 10. If your system crashes during delivery to a large list, this prevents retransmission to any but the last recipients. |
ClassFactor=fact | The indicated factor is multiplied by the message class and subtracted from the priority. The message class is determined by the Precedence: field in the user header and the P lines in the configuration file. Messages with a higher Priority: will be favored. If not specified, the defaults is 1800. |
ClientCertFile | The file containing the certificate of the client. This certificate is used when sendmail acts as client. |
ClientPortOptions=options | Sets client SMTP options.
The options are key=value pairs separated by commas. Known
keys are:
|
ClientKeyFile | The file containing the private key belonging to the client certificate. |
ColonOkInAddr | If set, colons are
acceptable in e-mail addresses, for example:
If not set, colons indicate the beginning
of a RFC 822 group construct, illustrated below:
Doubled colons are always acceptable, such as in
and proper routeaddr nesting is
understood, for example:
This option defaults to on if the configuration version level is less than 6, for backward compatibility. However, it must be set to off for full compatibility with RFC 822. |
ConnectionCacheSize=N | N is the maximum number of open connections that will be cached at a time. If not specified, the default is 1. This delays closing the current connection until either this invocation of sendmail connects to another host or it terminates. Setting it to 0 causes connections to closed immediately. Because this consumes file descriptors, the connection cache should be kept small: 4 is a practical maximum. |
ConnectionCacheTimeout =time-out | Timeout is the maximum amount of time a cached connection will be permitted to be idle. If this time is exceeded, the connection is immediately closed. This value should be small: 10 minutes is a practical maximum; the default is 5 minutes. Before sendmail uses a cached connection, it always sends a RSET command to check the connection. If this fails, it reopens the connection. This keeps your end from failing if the other end times out. |
ConnectOnlyTo=address | Can be used to override the connection address for testing purposes. |
ConnectionRateThrottle=N | If set, allows no more than N incoming daemon connections in a one second period. This is intended to flatten peaks and allow the load-average checking to cut in. If not specified, the default is 0 (no limits). |
ControlSocketName=name | Defines the name of the control socket for daemon management. A running sendmail daemon can be controlled through this named socket. Available commands are: help, restart, shutdown, and status. The status command returns the current number of daemon children, the maximum number of daemon children, free disk space blocks of the queue directory, and the load average of the machine expressed as an integer. If not set, no control socket will be available. |
DaemonPortOptions=options | Set server SMTP options. Each instance of DaemonPortOptions leads to an additional incoming socket. The options are key=value pairs. Known keys are:
|
DaemonPortOptions=options cont. |
|
DefaultAuthInfo | Filename that contains default authentication information for outgoing connections. This file must contain the user ID, authorization ID, password (plain text), and the realm to use on separate lines and must be readable only by root (or the trusted user). If no realm is specified, $j is used. |
DefaultCharSet=charset | When a message that has 8-bit characters, but is not in MIME format, is converted to MIME (see the EightBitMode option) a character set must be included in the Content-Type: header. This character set is normally set from the Charset= field of the mailer descriptor. If that is not set, the value of this option is used. If this option is not set, the value unknown-8bit is used. |
DataFileBufferSize=threshold | Sets threshold in bytes before a memory-based queue data file becomes disk-based. The default is 4096 bytes. |
DeadLetterDrop=file | Defines the location of the systemwide dead.letter file, formerly hardcoded to /usr/tmp/dead.letter. If this option is not set, sendmail will not attempt to save to a systemwide dead.letter file in the event it cannot bounce the mail to the user or postmaster. Instead, it will rename the qf file. |
DefaultUser=user:group | Set the default user ID for mailers to user:group. If group is omitted and user is a user name (as opposed to a numeric user ID) the default group listed in the /etc/passwd file for that user is used as the default group. Both user and group may be numeric. Mailers without the S flag in the mailer definition will run as this user. When not specified, the default is 1:1. The value can also be given as a symbolic user name. |
DeliveryMode=x | Deliver in mode x. Legal modes are:
Note: For internal reasons, i does not
work if a milter is enabled which can reject or delete recipients.
In that case the mode is changed to b.
|
DialDelay=sleeptime | Dial-on-demand network connections can see time-outs if a connection is opened before the call is set up. If this is set to an interval and a connection times out on the first connection being attempted, sendmail will sleep for this amount of time and try again. This should give your system time to establish the connection to your service provider. Units default to seconds, so DialDelay=5 would use a five second delay. If not specified, the default is 0 (no retry). |
DontBlameSendmail =option,option,... | In order to avoid possible cracking attempts caused by world- and group-writable files and directories, sendmail does paranoid checking when opening most of its support files. However, if a system must run with a group-writable /etc directory, then this checking must be turned off. Note that turning off this checking will make your system more vulnerable to attack. The arguments are individual options that turn off checking:
|
|
|
|
|
|
|
|
|
Safe is the default. The details of these flags are described above. Use of this option is not recommended. |
|
DontExpandCnames | The standards say that all host addresses used in a mail message must be fully canonical. For example, if your host is named Cruft.Foo.ORG and also has an alias of FTP.Foo.ORG, the name Cruft.Foo.ORG must be used at all times. This is enforced during host name canonicalization ($[ ... $] lookups). If this option is set, the protocols will be ignored and the wrong name will be used. However, the IETF is moving toward changing this standard, so the behavior may become acceptable. Please note that hosts downstream may still rewrite the address to be the true canonical name. |
DontInitGroups | If set, sendmail will avoid using the initgroups(3) call. If you are running NIS, this causes a sequential scan of the groups.byname map, which can cause your NIS server to be badly overloaded in a large domain. The cost of this is that the only group found for users will be their primary group (the one in the password file), which will make file access permissions somewhat more restrictive. Has no effect on systems that do not have group lists. |
DontProbeInterfaces | Sendmail normally finds the names of all interfaces active on your machine when it starts up and adds their name to the $=w class of known host aliases. If you have a large number of virtual interfaces or if your DNS inverse lookups are slow this can be time consuming. This option turns off that probing. However, you will need to be certain to include all variant names in the $=w class by some other mechanism. |
DontPruneRoutes | Sendmail tries to eliminate any unnecessary explicit routes when sending an error message (as discussed in RFC 1123 S 5.2.6). For example, when sending an error message to <@known1,@known2,@known3:user@unknown>, sendmail will strip off the @known1,@known2 in order to make the route as direct as possible. However, if the RR option is set, this will be disabled, and the mail will be sent to the first address in the route, even if later addresses are known. This may be useful if you are caught behind a firewall. |
DoubleBounceAddress =error-address | If an error occurs when sending an error message, send the error report to the indicated address. This is termed a double bounce because it is an error bounce that occurs when trying to send another error bounce. The address is macro expanded at the time of delivery. If not set, it defaults to postmaster. |
Item | Description |
---|---|
EightBitMode=action | Set handling of eight-bit
data. There are two kinds of eight-bit data:
There are three basic operations that can happen:
Possible actions are:
In all cases properly declared 8BITMIME data will be converted to 7BIT as needed. |
ErrorHeader=file-or-message | Prepend error messages with the indicated message. If it begins with a slash (/), it is assumed to be the pathname of a file containing a message, which is the recommended setting. Otherwise, it is a literal message. The error file might contain the name, e-mail address, and/or phone number of a local postmaster who could provide assistance to end users. If the option is missing or null, or if it names a file which does not exist or are not readable, no message is printed. |
ErrorMode=x | Dispose of errors using mode x. The values for x are:
|
.llbackMXhost=fallbackhost | If specified, the fallbackhost acts like a very low priority MX on every host. This is intended to be used by sites with poor network connectivity. Messages which are undeliverable due to temporary address failures, such as in a DNS failure, also go to the FallBackMX host. |
FallBackSmartHost=hostname | If specified, the FallBackSmartHost is be used in a last-ditch effort for each host. |
FastSplit | If set to a value greater than zero (the default is one), it suppresses the MX lookups on addresses when they are initially sorted, that is, for the first delivery attempt. This usually results in faster envelope splitting unless the MX records are readily available in a local DNS cache. |
ForkEachJob | If set, deliver each job that is run from the queue in a separate process. Use this option if you are short of memory, because the default tends to consume considerable amounts of memory while the queue is being processed. |
ForwardPath=path | Sets the path for searching
for users' .forward files. The default is $z/.forward. Some sites that use the automounter may prefer to change this to /var/forward/$u to search a file with the same name as the
user in a system directory. It can also be set to a sequence of paths
separated by colons. Sendmail stops at the first file it can
successfully and safely open. For example,
will search first in /var/forward/username and then in ~username/.forward, but only if the first file does not exist. |
HelpFile=file | Specifies the help file for SMTP. If no file name is specified, helpfile is used. |
HoldExpensive | If an outgoing mailer is marked as being expensive, do not connect immediately. This requires that queueing be compiled in, because it will depend on a queue run process to actually send the mail. |
HostsFile=path | Specifies the path to the hosts database, normally /etc/hosts. This option is only consulted when sendmail is canonicalizing addresses, and then only when files is in the hosts service switch entry. In particular, this file is never used when looking up host addresses; that is under the control of the system gethostbyname(3) routine. |
HostStatusDirectory=path | Sets the location of the long term host status information. When set, information about the status of hosts (such as if the host down or not accepting connections) will be shared between all sendmail processes. Normally, this information is only held within a single queue run. This option requires a connection cache of at least 1 to function. If the option begins with a leading /, it is an absolute pathname; otherwise, it is relative to the mail queue directory. A suggested value for sites desiring persistent host status is .hoststat, which is a subdirectory of the queue directory. |
IgnoreDots | Ignore dots in incoming messages. This is always disabled when reading SMTP mail, and as a result, dots are always accepted. |
LDAPDefaultSpec=spec | Sets a default map specification for LDAP maps. The value should only contain LDAP specific settings such as -h host -p port -d bindDN. The settings will be used for all LDAP maps unless the individual map specification overrides a setting. This option should be set before any LDAP maps are defined. |
LogLevel=n | Set the log level to n. Defaults to 9. |
Mxvalue | Set the macro x to value. This is intended only for use from the command line. The -M flag is preferred. |
MatchGECOS | Allow fuzzy matching on
the GECOS field. If this flag is set, and the usual user name
lookups fail (that is, there is no alias with this name and a getpwnam fails), sequentially search the password file for a matching entry
in the GECOS field. This also requires that MATCHGECOS be turned on during compilation. This option is not recommended. Note: Fuzzy matching is performed only on the NIS modules
and on local users in the system.
|
MaxAliasRecursion=N | N is the maximum depth of alias recursion. Default is 10. |
MaxDaemonChildren=N | If set, sendmail will refuse connections when it has more than N children
processing incoming mail or automatic queue runs. This does not limit
the number of outgoing connections. If not set, there is no limit
to the number of children; the system load averaging will controls
this. If the default DeliveryMode (background) is used, then sendmail may create an almost unlimited number of children (depending on the number of transactions and the relative execution times of mail reception and mail delivery). If the limit should be enforced, then a DeliveryMode other than background must be used. If not set, there is no limit to the number of children, that is, the system load average controls this. |
MaxHeadersLength=N | N is the maximum length of the sum of all headers. This can be used to prevent a denial of service attack. The default is no limit. |
MaxHopCount=N | The maximum hop count. Messages that have been processed more than N times are assumed to be in a loop and are rejected. Default is 25. |
MaxMessageSize=N | Specify the maximum message size to be advertised in the ESMTP EHLO response. Messages larger than N will be rejected. |
MaxMimeHeaderLength =N[/M] | Sets the maximum length of certain MIME header field values to N characters. If M is specified, certain headers that take parameters will use M instead of N. If M is not specified, these headers will use one half of N. By default, these values are 0, which indicates no checks are done. |
MaxQueueRunSize=N | N is the maximum
number of jobs that will be processed in a single queue run. If not
set, there is no limit on the size. If you have very large queues
or a very short queue run interval this could be unstable. However,
because the first N jobs in queue directory order are run (rather
than the N highest priority jobs) this should be set as high
as possible to avoid losing jobs that happen to fall late in the queue
directory. Note: This option also restricts the number of entries
printed by mailq. That is, if the MaxQueueRunSize is
set to a value N larger than zero, then only N entries are printed
per queue group.
|
MaxRecipientsPerMessage =N | The maximum number of recipients that will be accepted per message in an SMTP transaction. If not set, there is no limit on the number of recipients per envelope. Note: Setting this too low can interfere with sending mail from
MUAs that use SMTP for initial submission.
|
MeToo | Send to me too, even if I am in an alias expansion. This option is deprecated and will be removed from a future version. |
MinFreeBlocks=N | Sets at least N blocks free on the file system that holds the queue files before accepting e-mail via SMTP. If there is insufficient space, sendmail gives a 452 response to the MAIL command and invites the sender to try again later. |
MinQueueAge=age | Do not process any queued jobs that have been in the queue less than the indicated time interval. This promotes system responsiveness by processing the queue frequently without taxing the system by trying jobs too often. The default units are minutes. |
MustQuoteChars=s | Sets the list of characters that must be quoted if used in a full name that is in the phrase part of a phrase <address> syntax. The default is '.. The characters @,;:\()[] are always added to this list. |
NoRecipientAction | The action to take when you receive a message that has no valid recipient headers, such as To:, Cc:, or Bcc:. It can be:
|
OldStyleHeaders | Assume that the headers may be in old format with spaces delimit names. This actually turns on an adaptive algorithm: if any recipient address contains a comma, parenthesis, or angle bracket, it will be assumed that commas already exist. If this flag is not on, only commas delimit names. Headers are always output with commas between the names. Defaults to off. |
OperatorChars=charlist | The list of characters that are considered to be operators, that is, characters that delimit tokens. All operator characters are tokens by themselves; sequences of non-operator characters are also tokens. White space characters separate tokens but are not tokens themselves. For example, AAA.BBB has three tokens, but AAA BBB has two. If not set, OperatorChars defaults to .:@[]". In addition, the characters "()<>,;" are always operators. Note that OperatorChars must be set in the configuration file before any rulesets. |
PidFile=filename | Sets the filename of the pid file. Default is PATHSENDMAILPID. The filename is macro-expanded before it is opened. |
PostmasterCopy=postmaster | If set, copies of error messages will be sent to the named postmaster. Only the header of the failed message is sent. Errors resulting from messages with a negative precedence will not be sent. Because most errors are user problems, this is not a good idea on large sites, and may contain privacy violations. The address is macro expanded at the time of delivery. Defaults to no postmaster copies. |
PrivacyOptions=opt,opt,... | Sets privacy options. These are a way of insisting on stricter adherence to the SMTP protocol. The options can be one of the following:
|
Item | Description |
---|---|
ProcessTitlePrefix=string | Prefix the process title shown on ps listings with string. The string will be macro processed. |
QueueDirectory=dir | Use the named dir as the queue directory. To use multiple queues, supply a value ending with an asterisk. For example, entering /var/spool/mqueue/q* will use all of the directories or symbolic links to directories beginning with q in /var/spool/mqueue as queue directories. Do not change the queue directory structure while sendmail is running. |
QueueFactor=factor | Use factor as the multiplier in the map function to decide when to just queue up jobs rather than run them. This value is divided by the difference between the current load average and the load average limit (QueueLA option) to determine the maximum message priority that will be sent. Default is 600000. |
QueueLA=LA | When the system load average exceeds LA, just queue messages, do not try to send them. Defaults to 8 multiplied by the number of processors online on the system, if that can be determined. |
QueueSortOrder=algorithm | Sets the algorithm used for sorting the queue. Only the first character of the value is used. Legal values are:
|
QueueTimeout=time-out | Do not use. Use Timeout.queuereturn. |
RandFile | Name of file containing random data or the name of the socket if EGD is used. A required prefix egd: or file: specifies the type. STARTTLS requires this filename if the compile flag HASURANDOM is not set (see /user/samples/tcpip/sendmail/README). |
ResolverOptions=options | Set resolver options.
Values can be set using +flag and cleared using -flag. Available flags are:
The string HasWildcardMX (without a + or -) can be specified to turn off matching
against MX records when doing name canonicalizations.
Note: In previous
releases, this option indicated that the name server be responding
in order to accept addresses. This has been replaced by checking to
see if the DNS method is listed in the service switch entry for the
hosts service.
|
RrtImpliesDsn | If this option is set, a ReturnReceipt-To: header causes the request of a DSN to be sent to the envelope sender as required by RFC1891, not to the address given in the header. |
RunAsUser=user | The user parameter may be a user name (looked up in /etc/passwd) or a numeric user ID. Either form can have :group attached, group can be numeric or symbolic. If set to a non-zero/non-root value, sendmail will change to this user ID shortly after startup. This avoids a certain class of security problems. However, this means that all .forward and :include: files must be readable by the indicated user and all files to be written must be writable by user. Also, all file and program deliveries will be marked unsafe unless the option DontBlameSendmail=NonRootAddrSafe is set, in which case the delivery will be done as user. It is also incompatible with the SafeFileEnvironment option. It may not actually add much to security on an average system, and may in fact detract from security, because other file permissions must be loosened. However, it may be useful on firewalls and other places where users do not have accounts and the aliases file is well constrained. |
RecipientFactor=fact | The indicated factor is added to the priority for each recipient, thus lowering the priority of the job. This value penalizes jobs with large numbers of recipients. Defaults to 30000. |
RefuseLA=LA | When the system load average exceeds LA, refuse incoming SMTP connections. Defaults to 12 multiplied by the number of processors online on the system, if that can be determined. |
RetryFactor=fact | The factor is added to the priority every time a job is processed. Each time a job is processed, its priority will be decreased by the indicated value. In most environments this should be positive, because hosts that are down may be down for a long time. Default is 90000. |
SafeFileEnvironment=dir | If this option is set, sendmail will do a chroot(2) call into the indicated directory before doing any file writes. If the file name specified by the user begins with dir, that partial path name will be stripped off before writing. For example, if the SafeFileEnvironment variable is set to /safe then aliases of /safe/logs/file and /logs/file actually indicate the same file. Additionally, if this option is set, sendmail will refuse to deliver to symbolic links. |
SaveFromLine | Save From lines at the front of headers. They are assumed to be redundant and are discarded. |
SendMimeErrors | If set, send error messages in MIME format (see RFC2045 and RFC1344 for details). If disabled, sendmail will not return the DSN keyword in response to an EHLO and will not do Delivery Status Notification processing as described in RFC1891. |
ServerCertFile | File containing the certificate of the server. This certificate is used when sendmail acts as server. |
ServerKeyFile | File containing the private key belonging to the server certificate. |
ServiceSwitchFile=filename | If your host operating
system has a service switch abstraction, that service will be consulted
and this option is ignored. Otherwise, this is the name of a file
that provides the list of methods used to implement particular services.
The syntax is a series of lines, each of which is a sequence of words.
The first word is the service name, and following words are service
types. The services that sendmail consults directly are aliases and hosts. Service types can be dns, nis, nisplus, or files. The appropriate support
must be compiled in before the service can be referenced. If ServiceSwitchFile is not specified, it defaults to /etc/mail/service.switch. If that file does not exist, the default switch is
The default file is /etc/mail/service.switch. |
SevenBitInput | Strip input to seven bits for compatibility with old systems. This should not be necessary. |
SingleLineFromHeader | If set, From: lines that have embedded newlines are unwrapped onto one line. This is to get around a bug in Lotus Notes® that apparently cannot understand legally wrapped RFC822 headers. |
SingleThreadDelivery | If set, a client machine will never try to open two SMTP connections to a single server machine at the same time, even in different processes. That is, if another sendmail is already talking to some host, a new sendmail will not open another connection. Although this reduces the load on the other machine, it can cause mail to be delayed. For example, if one sendmail is delivering a huge message, other sendmail processes will not be able to send even small messages. Also, it requires another file descriptor (for the lock file) per connection, so you may have to reduce the ConnectionCacheSize option to avoid running out of per-process file descriptors. Requires the HostStatusDirectory option. |
SmtpGreetingMessage =message | Specifies the message to print when the SMTP server starts up. Defaults to $j Sendmail $v ready at $b. |
StatusFile=file | Log summary statistics in the named file. If no file name is specified, statistics is used. If not set, no summary statistics will be saved. This file does not grow in size. It can be printed using the mailstats(8) program. |
SuperSafe | Always instantiate the queue file, even if you are going to attempt immediate delivery. Sendmail always instantiates the queue file before returning control to the client under any circumstances. This should always be set. |
TempFileMode=mode | Specifies the file mode for queue files. It is interpreted in octal by default. Default is 0600. |
Timeout.type=time-out | Sets time-out values. For more information, see Read Timeouts. |
TimeZoneSpec=tzinfo | Set the local time zone info to tzinfo. If this is not set, the TZ environment variable is cleared and the system default is used. If set but null, the user's TZ variable is used. If set and non-null, the TZ variable is set to this value. |
TrustedUser=user | The user parameter can be a user name (looked up in /etc/passwd) or a numeric user ID. Trusted user for file ownership and starting the daemon. If set, generated alias databases and the control socket (if configured) will automatically be owned by this user. |
TryNullMXList | If this system is the best (that is, lowest preference) MX for a given host, its configuration rules should detect this situation and treat that condition specially by forwarding the mail to a UUCP feed, treating it as local, and so on. However, in some cases, such as in the case with Internet firewalls, you may want to try to connect directly to that host as though it had no MX records at all. Setting this option causes sendmail to try this. Unfortunately, errors in your configuration are likely to be diagnosed as "host unknown" or "message timed out" instead of something more meaningful. This option is not recommended. |
UnixFromLine=fromline | Defines the format used when sendmail must add a UNIX-style From line, such as a line beginning From<space>user). Defaults to From $g $d. Do not change this unless your system uses a different mailbox format. |
UnsafeGroupWrites | If set, :include: and .forward files that are group writable are considered unsafe, and they will not be able to reference programs or write directly to files. World writable :include: and .forward files are always unsafe. |
UserDatabaseSpec =udbspec | The user database specification. |
Verbose | Run in Verbose mode. If this is set, sendmail adjusts options HoldExpensive and DeliveryMode so that all mail is delivered completely in a single job so that you can see the entire delivery process. The Verbose option should never be set in the configuration file; it is intended for command line use only. |
XscriptFileBufferSize =threshold | Defines the threshold in bytes, before a memory-based queue transcript file becomes disk-based. The default is 4096 bytes. |
All options can be specified on the command line using the -O or -o flag, but most will cause sendmail to relinquish its setuid permissions. The options that will not cause this are SevenBitInput, EightBitMode, MinFreeBlocks, CheckpointInterval, DeliveryMode, ErrorMode, IgnoreDots, SendMimeErrors, LogLevel, OldStyleHeaders, PrivacyOptions, SuperSafe, Verbose, QueueSortOrder, MinQueueAge, DefaultCharSet, DialDelay, NoRecipientAction, ColonOkInAddr, MaxQueueRunSize, SingleLineFromHeader, and AllowBogusHELO. Actually, PrivacyOptions given on the command line are added to those already specified in the sendmail.cf file and cannot be reset. Also, M (define macro) when defining the r or s macros is also considered safe.
P - Precedence Definitions
Pname=num
When the name is found in a "Precedence:" field, the message class is set to num. Higher numbers mean higher precedence. Numbers less than zero have the special property that if an error occurs during processing, the body of the message will not be returned; this is expected to be used for "bulk" mail such as through mailing lists. The default precedence is zero. For example, the list of default precedences is:
V - Configuration Version Level
To provide compatibility with old configuration files, the V line has been added to define basic semantics of the configuration file. This is not intended as long term support. These compatibility features may be removed in future releases.
"Old" configuration files are defined as version level one.
Version level two files make the following changes:
Version level three files allow # initiated comments on all lines. Exceptions are backslash escaped # marks and the $# syntax.
Version level four files are equivalent to level three files.
Version level five files change the default definition of $w to be the first component of the hostname.
Version level six configuration files change many of the local processing options (i.e., aliasing and matching the address beginning for the | character) to mailer flags. This allows fine grained control over the special local processing. Version level six files may also use long option names. The ColonOkInAddr option (which allows colons in the local part of the address) defaults to on in configuration files with lower version numbers. The configuration file requires additional "intelligence" to properly handle the RFC 822 group construct.
Version level seven configuration files use new option names to replace old macros.
Option | Old Macro |
---|---|
$e became | SmtpGreetingMessage |
$1 became | UnixFromLine |
$o became | OperatorChars |
Prior to version seven, the F=q flag (use the return value 250 instead of 252 for SMTP VRFY commands) was assumed.
Version level eight configuration files allow $# on the left side of ruleset lines.
Version level nine configuration files allow parentheses in rulesets, which means they are not treated as comments and are removed.
The V line may have an optional /vendor variable to indicate that the configuration file uses vendor specific modifications. You may use /Berkeley to indicate that the file uses the Berkeley sendmail dialect.
K - Key File Declaration
Kmapname mapclass arguments
The mapname is the name by which this map is referenced in the rewrite rules. The mapclass is the name of a type of map; these are compiled in to sendmail. The arguments are interpreted depending on the class; typically, there would be a single argument naming the file containing the map.
$( map key $@ arguments $: default $)
where either or both of the arguments or default portion may be omitted. The $@ arguments may appear more than once. The indicated key and arguments are passed to the appropriate mapping function. If it returns a value, it replaces the input. If it does not return a value and the default is specified, the default replaces the input. Otherwise, the input is unchanged.
R$- ! $+ $: $(uucp $1 $@ $2 $: %1 @ %0 . UUCP $)
decvax %1@ %0.DEC.COM
research %1@%0.ATT.COM
$(host hostname$)
$[hostname$]
There are many defined classes.
Class | Description |
---|---|
dbm | Database lookups using the ndbm(3) library. Sendmail must be compiled with NDBM defined. |
btree | Database lookups using the btree interface to the Berkeley DB library. Sendmail must be compiled with NEWDB defined. |
hash | Database lookups using the hash interface to the Berkeley DB library. Sendmail must be compiled with NEWDB defined. |
nis | NIS lookups. Sendmail must be compiled with NEWDB defined. |
nisplus | NIS+ lookups. Sendmail must be compiled with NISPLUS defined. The argument is the name of the table to use for lookups, and the -k and -v flags may be used to set the key and value columns respectively. |
ldap | LDAP X500 directory lookups. Sendmail must be compiled with LDAPMAP defined. The map supports most of the standard arguments and command line arguments of the ldapsearch program. By default, if a single query matches multiple values, only the first value will be returned unless the -z (value separator) map flag is set. Also, the -1 map flag will treat a multiple value return as if there were no matches. |
ldapx | LDAP X500 directory lookups. Sendmail must be compiled with LDAPMAP defined. The map supports most of the standard arguments and command line arguments of the ldapsearch program. |
text | Text file lookups. The format of the text file is defined by the -k (key field number), -v (value field number), and -z (field delimiter) flags. |
stab | Internal symbol table lookups. Used internally for aliasing. |
implicit | Really should be called "alias." This is used to get the default lookups for alias files, and is the default if no class is specified for alias files. |
user | Looks up users using getpwnam(3). The -v flag can be used to specify the name of the field to return (although this is normally used only to check the existence of a user). |
host | Canonicalizes host domain names. Given a host name, it calls the name server to find the canonical name for that host. |
bestmx | Returns the best MX record for a host name given as the key. The current machine is always preferred. For example, if the current machine is one of the hosts listed as the lowest preference MX record, it will be guaranteed to be returned. This can be used to find out if this machine is the target for an MX record and mail can be accepted on that basis. If the -z flag is given, all MX names are returned (separated by the given delimiter). |
sequence | The arguments on the `K' line are a list of maps; the resulting
map searches the argument maps in order until it finds a match for
the indicated key. For example, if the key definition is:
then a lookup against "seqmap" first does a lookup in map1. If that is found, it returns immediately. Otherwise, the same key is used for map2. |
syslog | The key is logged via syslogd(8). The lookup returns the empty string. |
switch | Much like the "sequence" map except that the order of maps
is determined by the service switch. The argument is the name of the
service to be looked up; the values from the service switch are appended
to the map name to create new map names. For example, consider the
key definition:
together with the service switch entry:
This causes a query against the map "ali" to search maps named "ali.nis" and "ali.files" in that order. |
dequote | Strip double quotes (") from a name. It does not strip backslashes,
and will not strip quotes if the resulting string would contain unscannable
syntax (that is, basic errors like unbalanced angle brackets; more
sophisticated errors such as unknown hosts are not checked). The intent
is for use when trying to accept mail from systems such as DECnet
that routinely quote odd syntax such as:
A typical use is probably something like:
Care must be taken to prevent unexpected results;
for example,
will have quotes stripped, but the result is probably not what was intended. Fortunately, these cases are rare. |
regex | The map definition on the K line contains a regular
expression. Any key input is compared to that expression using the
POSIX regular expressions routines regcomp( ), regerr( ), and regexec( ). Refer to the documentation for those routines
for more information about regular expression matching. No rewriting
of the key is done if the -m flag is used. Without it, the
key is discarded, or if -s is used, it is substituted by the
substring matches, delimited by the $| or the string specified
with the -d flag. The flags available for the map are:
The -s flag can include an optional parameter which can be used to select the substrings in the result of the lookup. For example, -s1,3,4. |
program | The arguments on the K line are the path name to a program and any initial parameters to be passed. When the map is called, the key is added to the initial parameters and the program is invoked as the default user/group ID. The first line of standard output is returned as the value of the lookup. This has many potential security problems and terrible performance. It should be used only when absolutely necessary. |
macro | Set or clear a macro value. To set a macro,
pass the value as the first argument in the map lookup. To clear a
macro, do not pass an argument in the map lookup. The map always returns
the empty string. Examples of typical usage includes:
|
arith | Perform simple arithmetic operations. The operation is given as key, currently +, -, *, /, l (for less than), and = are supported. The two operands are given as arguments. The lookup returns the result of the computation (True or False) for comparisons, integer values otherwise. All options that are possible for maps are ignored. A simple example is:
|
Most of these accept as arguments the same optional flags and a filename (or a mapname for NIS; the filename is the root of the database path, so that .db or some other extension appropriate for the database type will be added to get the actual database name). Known flags are:
Flag | Description |
---|---|
-o | Indicates that this map is optional. That is, if it cannot be opened, no error is produced, and sendmail will behave as if the map existed but was empty. |
-N, -O | If neither -N or -O are specified, sendmail uses an adaptive algorithm to decide whether or not to look for null bytes on the end of keys. It starts by trying both; if it finds any key with a null byte, it never tries again without a null byte and vice versa. If -N is specified, it never tries without a null byte and if -O is specified, it never tries with a null byte. Setting one of these can speed matches but are never necessary. If both -N and -O are specified, sendmail will never try any matches at all. That is, everything will appear to fail. |
-ax | Append the string x on successful matches. For example, the default host map appends a dot on successful matches. |
-Tx | Append the string x on temporary failures. For example, x would be appended if a DNS lookup returned server failed or an NIS lookup could not locate a server. See the -t flag for additional information. |
-f | Do not fold upper to lower case before looking up the key. |
-m | Match only (without replacing the value). If you only care about the existence of a key and not the value (as you might when searching the NIS map "hosts.byname" for example), this flag prevents the map from substituting the value. However, The -a argument is still appended on a match, and the default is still taken if the match fails. |
-kkeycol | The key column name (for NIS+) or number (for text lookups). |
-vvalcol | The value column name (for NIS+) or number (for text lookups). |
-zdelim | The column delimiter (for text lookups). It can be a single character or one of the special strings "\n" or "\t" to indicate newline or tab respectively. If omitted entirely, the column separator is any sequence of whitespace. |
-t | Normally, when a map attempts to do a lookup and the server fails (e.g., sendmail could not contact any name server — this is not the same as an entry not being found in the map), the message being processed is queued for future processing. The -t flag turns off this behavior, letting the temporary failure (server down) act as though it were a permanent failure (entry not found). It is particularly useful for DNS lookups, where another's misconfigured name server can cause problems on your machine. Care must be taken to avoid "bouncing" mail that would be resolved correctly if another attempt were made. A common strategy is to forward such mail to another mail server. |
-D | Perform no lookup in deferred delivery mode. This flag is set by default for the host map. |
-Sspacesub | The character to use to replace space characters after a successful map lookup. This is especially useful for regex and syslog maps. |
-q | Do not dequote the key before lookup. |
-A | When rebuilding an alias file, the -A flag causes duplicate
entries in the text version to be merged. For example, the following
two entries:
would be treated as if they were the following single entry:
|
The following additional flags are present in the LDAP map only:
Flag | Description |
---|---|
-R | Do not auto chase referrals. Sendmail must be compiled with -DLAP_REFERRALS to use this flag. |
-n | Retrieve attribute names only. |
-rderef | Set the alias dereference option to one of the following: never, always, search, or find. |
-sscope | Set search scope to one of the following: base, one (one level), or sub (subtree). |
-hhost | LDAP server host name. |
-bbase | LDAP search base. |
-pport | LDAP service port. |
-ltimelimit | Time limit for LDAP queries. |
-Zsizelimit | Size (number of matches) limit for LDAP queries. |
-ddistinguished_name | The distinguished name to use to log in to the LDAP server. |
-Mmethod | The method to authenticate to the LDAP server. Should be one of the following: LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, OR LDAP_AUTH_KRBV4. |
-Ppasswordfile | The file containing the secret key for the LDAP_AUTH_SIMPLE authentication method or the name of the Kerberos ticket file for LDAP_AUTH_KRBV4. |
-1 | Force LDAP searches to succeed only if a single match is found. If multiple values are found, the search will be treated as if no match was found. |
Kuucp dbm -o -N /usr/lib/uucpmap
specifies an optional map named "uucp" of class "dbm"; it always has null bytes at the end of every string, and the data is located in /usr/lib/uucpmap.{dir,pag}.
Commands and Operands
Command and Operand | Description |
---|---|
CXWord1 Word2... | Defines the class of words that can be used to match the left-hand side of rewrite rules. Class specifiers (X) may be any of the uppercase letters from the ASCII character set. Lowercase letters and special characters are reserved for system use. |
DXValue | Defines a macro (X) and its associated Value. Macro specifiers may be any of the uppercase letters from the ASCII character set. Lowercase letters and special characters are reserved for system use. |
FXFileName [Format] | Reads the elements of the class (X) from the FileName variable, using an optional scanf format specifier. The format specifier contains only one conversion specification. One class number is read for each line in the FileName variable. |
H[?MFlags?]HeaderName: HeaderTemplate | Defines the header format the sendmail command inserts into a message. Continuation lines are a part of the definition. The HeaderTemplate is macro-expanded before insertion into the message. If the MFlags are specified and at least one of the specified flags is included in the mailer definition, this header is automatically written to the output message. If the header appears in the input message, it is written to the output message regardless of the MFlags variable. |
MName, [Field=Value] | Defines a Mail program where the Name variable is the name of the Mail program and Field=Value pair defines the attributes of the mailer. |
Ox[Value] | Sets the option to the value of x. If the option is
a valued option, you must also specify the Value variable.
Options may also be selected from the command line. Note: For valid
values, see O — Set Option.
|
PName=Number | Defines values for the Precedence: header field. When the Name variables found in a message's Precedence: field, the message's precedence is set to the Number variable. Higher numbers indicate higher precedences. Negative numbers indicate that error messages are not returned. The default Number is 0. |
RLeftHandSide RightHandSide Comments | Defines a rewrite rule. One or more tab characters separate the three fields of this command. If space characters are used as field separators, option J must be set. The J option allows spaces as well as tabs to separate the left- and right-hand sides of rewrite rules. The J option allows rewrite rules to be modified using an editor that replaces tabs with spaces. |
Sx | Sets the rule set currently defined to the specified number(x). If a rule set definition is started more than once, the new definition overwrites the old. |
TUser1 User2 ... | Defines user IDs for the system administrators. These IDs have permission to override the sender address using the -f flag. More than one ID can be specified per line. |
Files
Item | Description |
---|---|
/etc/mail/sendmail.cf | Specifies the path of the sendmail.cf file. |
/etc/passwd | Contains basic user attributes. |
/etc/mail/aliases | Contains alias definitions for the sendmail command. |