SENDMAILTM
INSTALLATION AND OPERATION GUIDE
Eric Allman
Gregory Neil Shapiro
Claus Assmann
Sendmail, Inc.
Version 1.21
For Sendmail Version 8.12
SendmailTM implements a general purpose internetwork mail routing facility under the UNIX® operating system. It is not tied to any one transport protocol -- its function may be likened to a crossbar switch, relaying messages from one domain into another. In the process, it can do a limited amount of message header editing to put the message into a format that is appropriate for the receiving domain. All of this is done under the control of a configuration file.
Due to the requirements of flexibility for sendmail, the configuration file can seem somewhat unap- proachable. However, there are only a few basic configurations for most sites, for which standard con- figuration files have been supplied. Most other configurations can be built by adjusting an existing config- uration file incrementally.
Sendmail is based on RFC 821 (Simple Mail Transport Protocol), RFC 822 (Internet Mail Headers Format), RFC 974 (MX routing), RFC 1123 (Internet Host Requirements), RFC 1413 (Identification server), RFC 1652 (SMTP 8BITMIME Extension), RFC 1869 (SMTP Service Extensions), RFC 1870 (SMTP SIZE Extension), RFC 1891 (SMTP Delivery Status Notifications), RFC 1892 (Multi- part/Report), RFC 1893 (Enhanced Mail System Status Codes), RFC 1894 (Delivery Status Notifica- tions), RFC 1985 (SMTP Service Extension for Remote Message Queue Starting), RFC 2033 (Local Message Transmission Protocol), RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes), RFC 2045 (MIME), RFC 2476 (Message Submission), RFC 2487 (SMTP Service Extension for Secure SMTP over TLS), RFC 2554 (SMTP Service Extension for Authentication), RFC 2821 (Simple Mail Transfer Protocol), RFC 2822 (Internet Message Format), RFC 2852 (Deliver By SMTP Service Extension), and RFC 2920 (SMTP Service Extension for Command Pipelining). However, since send- mail is designed to work in a wider world, in many cases it can be configured to exceed these protocols. These cases are described herein.
Although sendmail is intended to run without the need for monitoring, it has a number of features that may be used to monitor or adjust the operation under unusual circumstances. These features are described.
Section one describes how to do a basic sendmail installation. Section two explains the day-to-day information you should know to maintain your mail system. If you have a relatively normal site, these two sections should contain sufficient information for you to install sendmail and keep it happy. Section three has information regarding the command line arguments. Section four describes some parameters that may be safely tweaked. Section five contains the nitty-gritty information about the configuration file. This section is for masochists and people who must write their own configuration file. Section six describes
DISCLAIMER: This documentation is under modification.
Sendmail is a trademark of Sendmail, Inc.
Sendmail Installation and Operation Guide SMM:08-3 configuration that can be done at compile time. The appendixes give a brief but detailed explanation of a number of features not described in the rest of the paper.
|
There are two basic steps to installing sendmail. First, you have to compile and install the binary. If sendmail has already been ported to your operating system that should be simple. Second, you must build a run-time configuration file. This is a file that sendmail reads when it starts up that describes the mailers it knows about, how to parse addresses, how to rewrite the message header, and the settings of various options. Although the configuration file can be quite complex, a configuration can usually be built using an M4-based configuration language. Assuming you have the standard sendmail distribu- tion, see cf/README for further information. The remainder of this section will describe the installation of sendmail assuming you can use one of the existing configurations and that the standard installation parameters are acceptable. All path- names and examples are given from the root of the sendmail subtree, normally /usr/src/usr.sbin/send- mail on 4.4BSD-based systems. Continue with the next section if you need/want to compile sendmail yourself. If you have a run- ning binary already on your system, you should probably skip to section 1.2. 1.1. Compiling Sendmail All sendmail source is in the sendmail subdirectory. To compile sendmail, ``cd'' into the ./Build This will leave the binary in an appropriately named subdirectory, e.g., obj.BSD-OS.2.1.i386. It 1.1.1. Tweaking the Build Invocation You can give parameters on the Build command. In most cases these are only used when -L libdirs -I incdirs -E envar=value -c Create a new obj.* tree before running. -f siteconfig -S Skip auto-configuration. Build will avoid auto-detecting libraries if this is set. All Most other parameters are passed to the make program; for details see $BUILD- 1.1.2. Creating a Site Configuration File (This section is not yet complete. For now, see the file devtools/README for details.) 1.1.3. Tweaking the Makefile Sendmail supports two different formats for the local (on disk) version of databases, |
SMM:08-8 Sendmail Installation and Operation Guide
NDBM The ``new DBM'' format, available on nearly all systems around today. This
was the preferred format prior to 4.4BSD. It allows such complex things as
multiple databases and closing a currently open database.
|
NEWDB |
The Berkeley DB package. If you have this, use it. It allows long records, multiple open databases, real in-memory caching, and so forth. You can define this in conjunction with |
||
|
NDBM; if you do, old alias databases are read, |
|||
|
but when a new database is created it will be in NEWDB format. As a nasty hack, if you have NEWDB, NDBM, and NIS defined, and if the alias file name includes the substring ``/yp/'', sendmail will create both new and old versions of the alias file during a newalias command. This is required because the Sun NIS/YP system reads the DBM version of the alias file. It's ugly as sin, but it works. |
|
If neither of these are defined, sendmail reads the alias file into memory on every invocation. LDAP Lightweight Directory Access Protocol. NIS Sun's Network Information Services (formerly YP). NISPLUS Sun's NIS+ services. NETINFO NeXT's NetInfo service. HESIOD Hesiod service (from Athena). Other compilation flags are set in conf.h and should be predefined for you unless you are porting 1.1.4. Compilation and installation After making the local system configuration described above, You should be able to com- ./Build This will use uname(1) to create a custom Makefile for your environment. If you are installing in the standard places, you should be able to install using ./Build install This should install the binary in /usr/sbin and create links from /usr/bin/newaliases and ./Build install-set-user-id 1.2. Configuration Files Sendmail cannot operate without a configuration file. The configuration defines the mail deliv- The sendmail configuration can be daunting at first. The world is complex, and the mail con- Our configuration files are processed by m4 to facilitate local customization; the directory cf of cf Both site-dependent and site-independent descriptions of hosts. These can be lit- |
Sendmail Installation and Operation Guide SMM:08-9
general descriptions (such as ``generic-solaris2.mc'' as a general description of
an SMTP-connected host running Solaris 2.x. Files ending .mc (``M4 Configura-
tion'') are the input descriptions; the output is in the corresponding .cf file. The
general structure of these files is described below.
|
domain |
Site-dependent subdomain descriptions. These are tied to the way your organiza- tion wants to do addressing. For example, domain/CS.Berkeley.EDU.m4 is our description for hosts in the CS.Berkeley.EDU subdomain. These are referenced using the |
||
|
DOMAIN m4 macro in the .mc file. |
|||
|
feature |
Definitions of specific features that some particular host in your site might want. These are referenced using the |
||
|
FEATURE m4 macro. An example feature is |
|||
|
use_cw_file (which tells sendmail to read an /etc/mail/local-host-names file on startup to find the set of local names). |
|||
|
hack |
Local hacks, referenced using the |
||
|
HACK m4 macro. Try to avoid these. The |
|||
|
point of having them here is to make it clear that they smell. |
|||
|
m4 |
Site-independent m4(1) include files that have information common to all configu- ration files. This can be thought of as a ``#include'' directory. |
||
|
mailer |
Definitions of mailers, referenced using the |
||
|
MAILER m4 macro. The mailer types |
|||
|
that are known in this distribution are fax, local, smtp, uucp, and usenet. For example, to include support for the UUCP-based mailers, use ``MAILER(uucp)''. |
|||
|
ostype |
Definitions describing various operating system environments (such as the loca- tion of support files). These are referenced using the |
||
|
OSTYPE m4 macro. |
|||
|
sh siteconfig |
Shell files used by the m4 build process. You shouldn't have to mess with these. Local UUCP connectivity information. This directory has been supplanted by the mailertable feature; any new configurations should use that feature to do UUCP (and other) routing. The use of this directory is deprecated. |
|
If you are in a new domain (e.g., a company), you will probably want to create a cf/domain Subdomains at Berkeley are also represented in the cf/domain directory. For example, the You will have to use or create .mc files in the cf/cf subdirectory for your hosts. This is detailed 1.3. Details of Installation Files This subsection describes the files that comprise the sendmail installation. 1.3.1. /usr/sbin/sendmail The binary for sendmail is located in /usr/sbin1. It should be set-group-ID smmsp as |
described in sendmail/SECURITY. For security reasons, /, /usr, and /usr/sbin should be owned
1This is usually /usr/sbin on 4.4BSD and newer systems; many systems install it in /usr/lib. I understand it is in /usr/ucblib on System V Release 4.
SMM:08-10 Sendmail Installation and Operation Guide
by root, mode 07552.
|
1.3.2. /etc/mail/sendmail.cf This is the main configuration file for sendmail3. This is one of the two non-library file |
|
|
names compiled into sendmail4, the other is /etc/mail/submit.cf. |
|
|
The configuration file is normally created using the distribution files described above. If 1.3.3. /etc/mail/submit.cf This is the configuration file for sendmail when it is used for initial mail submission, in 1.3.4. /usr/bin/newaliases The newaliases command should just be a link to sendmail: rm -f /usr/bin/newaliases This can be installed in whatever search path you prefer for your system. 1.3.5. /usr/bin/hoststat The hoststat command should just be a link to sendmail, in a fashion similar to newaliases. 1.3.6. /usr/bin/purgestat This command is also a link to sendmail. It flushes expired (Timeout.hoststatus) informa- 1.3.7. /var/spool/mqueue The directory /var/spool/mqueue should be created to hold the mail queue. This directory The actual path of this directory is defined by the QueueDirectory option of the sendmail.cf |
ture while sendmail is running.
2Some vendors ship them owned by bin; this creates a security hole that is not actually related to sendmail. Other impor- tant directories that should have restrictive ownerships and permissions are /bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
3Actually, the pathname varies depending on the operating system; /etc/mail is the preferred directory. Some older sys- tems install it in /usr/lib/sendmail.cf, and I've also seen it in /usr/ucblib. If you want to move this file, add -D_PATH_SENDMAIL- CF=\"/file/name\" to the flags passed to the C compiler. Moving this file is not recommended: other programs and scripts know of this location.
4The system libraries can reference other files; in particular, system library subroutines that sendmail calls probably refer- ence /etc/passwd and /etc/resolv.conf.
Sendmail Installation and Operation Guide SMM:08-11
If these directories have subdirectories or symbolic links to directories named `qf', `df', and
`xf', then these will be used for the different queue file types. That is, the data files are stored in
the `df' subdirectory, the transcript files are stored in the `xf' subdirectory, and all others are
stored in the `qf' subdirectory.
|
If shared memory support is compiled in, sendmail stores the available diskspace in a 1.3.8. /var/spool/clientmqueue The directory /var/spool/clientmqueue should be created to hold the mail queue. This The actual path of this directory is defined by the QueueDirectory option of the submit.cf 1.3.9. /var/spool/mqueue/.hoststat This is a typical value for the HostStatusDirectory option, containing one file per host that 1.3.10. /etc/mail/aliases* The system aliases are held in ``/etc/mail/aliases''. A sample is given in ``send- cp sendmail/aliases /etc/mail/aliases You should extend this file with any aliases that are apropos to your system. Normally sendmail looks at a database version of the files, stored either in The permissions of the alias file and the database versions should be 0640 to prevent local 1.3.11. /etc/rc or /etc/init.d/sendmail It will be necessary to start up the sendmail daemon when your system reboots. This dae- If necessary, add the following lines to ``/etc/rc'' (or ``/etc/rc.local'' as appropriate) in the |
SMM:08-12 Sendmail Installation and Operation Guide
if [ -f /usr/sbin/sendmail -a -f /etc/mail/sendmail.cf ]; then
|
fi |
(cd /var/spool/mqueue; rm -f xf*) |
|
The ``cd'' and ``rm'' commands insure that all transcript files have been removed; extraneous Some people use a more complex startup script, removing zero length qf files and df files 1.3.12. /etc/mail/helpfile This is the help file used by the SMTP HELP command. It should be copied from ``send- cp sendmail/helpfile /etc/mail/helpfile The actual path of this file is defined in the HelpFile option of the sendmail.cf file. 1.3.13. /etc/mail/statistics If you wish to collect statistics about your mail traffic, you should create the file cp /dev/null /etc/mail/statistics This file does not grow. It is printed with the program ``mailstats/mailstats.c.'' The actual path 1.3.14. /usr/bin/mailq If sendmail is invoked as ``mailq,'' it will simulate the -bp flag (i.e., sendmail will print the 1.3.15. sendmail.pid sendmail stores its current pid in the file specified by the PidFile option (default is chmod 0600 /var/run/sendmail.pid 1.3.16. Map Files To prevent local denial of service attacks as explained in the top level README in the cd /etc/mail |
Sendmail Installation and Operation Guide SMM:08-13
|
#!/bin/sh |
|
done |
if [ -r $qffile ] |
# rename tf files to be qf if the qf does not exist
for tffile in tf*
|
do |
|||
|
qffile=`echo $tffile | sed 's/t/q/'` |
|||
|
done |
# remove df files with no corresponding qf files
for dffile in df*
|
do |
|||
|
qffile=`echo $dffile | sed 's/d/q/'` |
|||
|
done |
# announce files that have been saved during disaster recovery
for xffile in [A-Z]f*
|
do |
|||
|
if [ -f $xffile ] |
|||
|
done |
Figure 1 -- A complex startup script
2.1. The System Log
SMM:08-14 Sendmail Installation and Operation Guide
The system log is supported by the syslogd (8) program. All messages from sendmail are
logged under the LOG_MAIL facility5.
|
2.1.1. Format Each line in the system log consists of a timestamp, the name of the machine that gener- and a message6. Most messages are a sequence of name=value pairs. |
|
|
The two most common lines are logged when a message is processed. The first logs the from The envelope sender address. size The size of the message in bytes. class The class (i.e., numeric precedence) of the message. pri The initial message priority (used for queue sorting). nrcpts The number of envelope recipients for this message (after aliasing and for- msgid The message id of the message (from the header). proto The protocol used to receive this message (e.g., ESMTP or UUCP) daemon The daemon name from the DaemonPortOptions setting. relay The machine from which it was received. There is also one line logged per delivery attempt (so there can be several per message if deliv- to A comma-separated list of the recipients to this mailer. ctladdr The ``controlling user'', that is, the name of the user whose credentials we use delay The total delay between the time this message was received and the current xdelay The amount of time needed in this delivery attempt (normally indicative of the mailer The name of the mailer used to deliver to this recipient. relay The name of the host that actually accepted (or rejected) this recipient. dsn The enhanced error code (RFC 2034) if available. stat The delivery status. Not all fields are present in all messages; for example, the relay is usually not listed for local 2.1.2. Levels If you have syslogd (8) or an equivalent installed, you will be able to do logging. There is a |
purposes. Levels from 11-64 are reserved for verbose information that some sites might want.
5Except on Ultrix, which does not support facilities in the syslog.
6This format may vary slightly if your vendor has changed the syntax.
Sendmail Installation and Operation Guide SMM:08-15
A complete description of the log levels is given in section 4.7.
|
2.2. Dumping State You can ask sendmail to log a dump of the open files and the connection cache by sending it a SIGUSR1 signal. The results are logged at LOG_DEBUG priority. |
|
|
2.3. The Mail Queues Mail messages may either be delivered immediately or be held for later delivery. Held mes- A mail message may be queued for these reasons: · If a mail message is temporarily undeliverable, it is queued and delivery is attempted later. If 2.3.1. Queue Groups and Queue Directories There are one or more mail queues. Each mail queue belongs to a queue group. There is By default, a queued message is placed in the queue group associated with the first recipi- A message with multiple recipients will be split if different queue groups are chosen by the When a message is placed in a queue group, and the queue group has more than one If a message with multiple recipients is placed into a queue group with the 'r' option (maxi- Notice: if multiple queue groups are used, do not move queue files around, e.g., into a dif- 2.3.2. Queue Runs sendmail has two different ways to process the queue(s). The first one is to start queue |
SMM:08-16 Sendmail Installation and Operation Guide
discussed in the appendix ``COMMAND LINE FLAGS''. Persistent queue runners have the
advantage that no new processes need to be spawned at certain intervals; they just sleep for a
specified time after they finished a queue run. Another advantage of persistent queue runners is
that only one process belonging to a workgroup (a workgroup is a set of queue groups) collects
the data for a queue run and then multiple queue runner may go ahead using that data. This can
significantly reduce the disk I/O necessary to read the queue files compared to starting multiple
queue runners directly. Their disadvantage is that a new queue run is only started after all
queue runners belonging to a group finished their tasks. In case one of the queue runners tries
delivery to a slow recipient site at the end of a queue run, the next queue run may be substan-
tially delayed. In general this should be smoothed out due to the distribution of those slow jobs,
however, for sites with small number of queue entries this might introduce noticable delays. In
general, persistent queue runners are only useful for sites with big queues.
|
2.3.3. Manual Intervention Under normal conditions the mail queue will be processed transparently. However, you 2.3.4. Printing the queue The contents of the queue(s) can be printed using the mailq command (or by specifying the mailq This will produce a listing of the queue id's, the size of the message, the date the message 2.3.5. Forcing the queue Sendmail should run the queue automatically at intervals. When using multiple queues, a There is no attempt to insure that only one queue processor exists at any time, since there In some cases, you may find that a major host going down for a couple of days may create To do this, it is acceptable to move the entire queue directory: |
Sendmail Installation and Operation Guide SMM:08-17
cd /var/spool
|
mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue You should then kill the existing daemon (since it will still be processing in the old queue direc- To run the old mail queue, issue the following command: /usr/sbin/sendmail -C /etc/mail/queue.cf -q The -C flag specifies an alternate configuration file queue.cf which should refer to the moved O QueueDirectory=/var/spool/omqueue and the -q flag says to just run every job in the queue. You can also specify the moved queue /usr/sbin/sendmail -oQ/var/spool/omqueue -q but this requires that you do not have queue groups in the configuration file, because those are When the queue is finally emptied, you can remove the directory: rmdir /var/spool/omqueue 2.4. Disk Based Connection Information Sendmail stores a large amount of information about each remote system it has connected to Additionally enabling SingleThreadDelivery has the added effect of single-threading mail The disk based host information is stored in a subdirectory of the mqueue directory called .hoststat7. Removing this directory and its subdirectories has an effect similar to the purgestat |
|
|
command and is completely safe. However, purgestat only removes expired (Timeout.hoststatus) data. The information in these directories can be perused with the hoststat command, which will indicate the host name, the last access, and the status of that access. An asterisk in the left most column indicates that a sendmail process currently has the host locked for mail delivery. The disk based connection information is treated the same way as memory based connection information for the purpose of timeouts. By default, information about host failures is valid for 30 minutes. This can be adjusted with the Timeout.hoststatus option. The connection information stored on disk may be expired at any time with the purgestat |
command or by invoking sendmail with the -bH switch. The connection information may be
7This is the usual value of the HostStatusDirectory option; it can, of course, go anywhere you like in your filesystem.
SMM:08-18 Sendmail Installation and Operation Guide
viewed with the hoststat command or by invoking sendmail with the -bh switch.
|
2.5. The Service Switch The implementation of certain system services such as host and user name lookup is con- of such systems8. |
|
|
If the underlying operating system does not support a service switch (e.g., SunOS 4.X, HP- hosts dns files nis will ask sendmail to look for hosts in the Domain Name System first. If the requested host name is Notice: since sendmail must access MX records for correct operation, it will use DNS if it is hosts files dns will not avoid DNS lookups even if a host can be found in /etc/hosts. Service switches are not completely integrated. For example, despite the fact that the host 2.6. The Alias Database After recipient addresses are read from the SMTP connection or command line they are The alias database exists in two forms. One is a text form, maintained in the file name: name1, name2, ... Only local names may be aliased; e.g., eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU will not have the desired effect (except on prep.ai.MIT.EDU, and they probably don't want me)9. |
|
|
Aliases may be continued by starting any continuation lines with a space or a tab or by putting a backslash directly before the newline. Blank lines and lines beginning with a sharp sign (``#'') are comments. The second form is processed by the ndbm (3)10 or the Berkeley DB library. This form is in |
|
|
the file /etc/mail/aliases.db (if using NEWDB) or /etc/mail/aliases.dir and /etc/mail/aliases.pag (if |
using NDBM). This is the form that sendmail actually uses to resolve aliases. This technique is
8HP-UX 10 has service switch support, but since the APIs are apparently not available in the libraries sendmail does not use the native service switch in this release.
9Actually, any mailer that has the `A' mailer flag set will permit aliasing; this is normally limited to the local mailer.
10The gdbm package does not work.
Sendmail Installation and Operation Guide SMM:08-19
used to improve performance.
|
The control of search order is actually set by the service switch. Essentially, the entry O AliasFile=switch:aliases is always added as the first alias entry; also, the first alias file name without a class (e.g., without ``nis:'' on the front) will be used as the name of the file for a ``files'' entry in the aliases switch. For example, if the configuration file contains O AliasFile=/etc/mail/aliases and the service switch contains aliases nis files nisplus then aliases will first be searched in the NIS database, then in /etc/mail/aliases, then in the NIS+ database. You can also use |
|
|
NIS-based alias files. For example, the specification: |
|
|
O AliasFile=/etc/mail/aliases will first search the /etc/mail/aliases file and then the map named ``mail.aliases'' in ``my.nis.domain''. Warning: if you build your own |
|
|
NIS-based alias files, be sure to provide the -l |
|
|
flag to makedbm(8) to map upper case letters in the keys to lower case; otherwise, aliases with upper case letters in their names won't match incoming addresses. Additional flags can be added after the colon exactly like a K line -- for example: O AliasFile=nis:-N mail.aliases@my.nis.domain will search the appropriate NIS map and always include null bytes in the key. Also: O AliasFile=nis:-f mail.aliases@my.nis.domain will prevent sendmail from downcasing the key before the alias lookup. 2.6.1. Rebuilding the alias database The hash or dbm version of the database may be rebuilt explicitly by executing the com- newaliases This is equivalent to giving sendmail the -bi flag: /usr/sbin/sendmail -bi If you have multiple aliases databases specified, the -bi flag rebuilds all the database types 2.6.2. Potential problems There are a number of problems that can occur with the alias database. They all result Sendmail has three techniques to try to relieve these problems. First, it ignores interrupts @: @ (which is not normally legal). Before sendmail will access the database, it checks to insure that |
SMM:08-20 Sendmail Installation and Operation Guide
this entry exists11.
|
2.6.3. List owners If an error occurs on sending to a certain address, say ``x'', sendmail will look for an alias unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser, would cause ``eric@ucbarpa'' to get the error that will occur when someone sends to unix-wiz- List owners also cause the envelope sender address to be modified. The contents of the 2.7. User Information Database This option is deprecated, use virtusertable and genericstable instead as explained in 2.8. Per-User Forwarding (.forward Files) As an alternative to the alias database, any user may put a file with the name ``.forward'' in mckusick@ernie then any mail arriving for ``mckusick'' will be redirected to the specified accounts. Actually, the configuration file defines a sequence of filenames to check. By default, this is 2.9. Special Header Lines Several header lines have special interpretations defined by the configuration file. Others 2.9.1. Errors-To: If errors occur anywhere during processing, this header will cause error messages to go to The Errors-To: header was created in the bad old days when UUCP didn't understand the |
distinction between an envelope and a header; this was a hack to provide what should now be
11The AliasWait option is required in the configuration for this action to occur. This should normally be specified.
Sendmail Installation and Operation Guide SMM:08-21
passed as the envelope sender address. It should go away. It is only used if the UseErrorsTo
option is set.
|
The Errors-To: header is officially deprecated and will go away in a future release. 2.9.2. Apparently-To: RFC 822 requires at least one recipient field (To:, Cc:, or Bcc: line) in every message. If a The Apparently-To: header is non-standard and is both deprecated and strongly discour- 2.9.3. Precedence The Precedence: header can be used as a crude control of message priority. It tweaks the 2.10. IDENT Protocol Support Sendmail supports the IDENT protocol as defined in RFC 1413. Note that the RFC states a 6. Security Considerations The information returned by this protocol is at most as trustworthy as the host providing it OR The Identification Protocol is not intended as an authorization or access control protocol. At The use of the information returned by this protocol for other than auditing is strongly discour- An Identification server may reveal information about users, entities, objects or processes In some cases your system may not work properly with IDENT support due to a bug in the TCP/IP |
|
The complete list of arguments to sendmail is described in detail in Appendix A. Some important arguments are described here. 3.1. Queue Interval The amount of time between forking a process to run through the queue is defined by the -q RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes (although that Notice: the meaning of the interval time depends on whether normal queue runners or persis- 3.2. Daemon Mode If you allow incoming mail over an IPC connection, you should have a daemon running. This /usr/sbin/sendmail -bd -q30m An alternative approach is to invoke sendmail from inetd(8) (use the -bs -Am flags to ask /usr/sbin/sendmail -q30m 3.3. Forcing the Queue In some cases you may find that the queue has gotten clogged for some reason. You can /usr/sbin/sendmail -q -v You can also limit the jobs to those with a particular queue identifier, recipient, sender, or 3.4. Debugging There are a fairly large number of debug flags built into sendmail. Each debug flag has a cate- |
Sendmail Installation and Operation Guide SMM:08-23
debugging that particular piece of code.
|
You should never run a production sendmail server in debug mode. Many of the debug flags A debug category is either an integer, like 42, or a name, like ANSI. You can specify a range Debug flags are set using the -d option; the syntax is: debug-flag: -d debug-list where spaces are for reading ease only. For example, -d12 Set category 12 to level 1 For a complete list of the available debug flags you will have to look at the code and the TRACE- ident /usr/sbin/sendmail | grep Debug 3.5. Changing the Values of Options Options can be overridden using the -o or -O command line flags. For example, /usr/sbin/sendmail -oT2m sets the T (timeout) option to two minutes for this run only; the equivalent line using the long option /usr/sbin/sendmail -OTimeout.queuereturn=2m Some options have security implications. Sendmail allows you to set these, but relinquishes its set-user-ID or set-group-ID permissions thereafter12. |
|
|
3.6. Trying a Different Configuration File An alternative configuration file can be specified using the -C flag; for example, /usr/sbin/sendmail -Ctest.cf -oQ/tmp/mqueue uses the configuration file test.cf instead of the default /etc/mail/sendmail.cf. If the -C flag has no Sendmail gives up set-user-ID root permissions (if it has been installed set-user-ID root) when |
directory (QueueDirectory or Q option) while testing.
12That is, it sets its effective uid to the real uid; thus, if you are executing as root, as from root's crontab file or during system startup the root permissions will still be honored.
|
Many SMTP implementations do not fully implement the protocol. For example, some per- /usr/sbin/sendmail -X /tmp/traffic -bd will log all traffic in the file /tmp/traffic. This logs a lot of data very quickly and should NEVER be used during normal operations. 3.8. Testing Configuration Files When you build a configuration table, you can do a certain amount of testing using the ``test sendmail -bt -Ctest.cf which would read the configuration file ``test.cf'' and enter test mode. In this mode, you enter lines rwset address where rwset is the rewriting set you want to use and address is an address to apply the set to. Test 3,1,21,4 monet:bollard first applies ruleset three to the input ``monet:bollard.'' Ruleset one is then applied to the output of If you need more detail, you can also use the ``-d21'' flag to turn on more debugging. For sendmail -bt -d21.99 turns on an incredible amount of information; a single word address is probably going to print out You should be warned that internally, sendmail applies ruleset 3 to all addresses. In test mode 0 bruce@broadcast.sony.com This version requires that you use: 3,0 bruce@broadcast.sony.com As of version 8.7, some other syntaxes are available in test mode: .D x value defines macro x to have the indicated value. This is useful when debugging rules .C c value adds the indicated value to class c. =S ruleset dumps the contents of the indicated ruleset. -d debug-spec is equivalent to the command-line flag. Version 8.9 introduced more features: ? shows a help message. =M display the known mailers. $m print the value of macro m. |
Sendmail Installation and Operation Guide SMM:08-25
$=c print the contents of class c.
|
/mx host /parse address /try mailer addr /tryflags flags |
returns the MX records for `host'. parse address, returning the value of crackaddr, and the parsed address. rewrite address into the form it will have when presented to the indicated mailer. set flags used by parsing. The flags can be `H' for Header or `E' for Envelope, and `S' for Sender or `R' for Recipient. These can be combined, `HR' sets flags for header recipients. |
||
|
/canon hostname |
try to canonify hostname. |
|
/map mapname key /quit quit address test mode. 3.9. Persistent Host Status Information When HostStatusDirectory is enabled, information about the status of hosts is maintained on sendmail -bh This information may be flushed with the command: sendmail -bH Flushing the information prevents new sendmail processes from loading it, but does not prevent |
|
There are a number of configuration parameters you may want to change, depending on the requirements of your site. Most of these are set using an option in the configuration file. For example, the line ``O Timeout.queuereturn=5d'' sets option ``Timeout.queuereturn'' to the value ``5d'' (five days). Most of these options have appropriate defaults for most sites. However, sites having very high mail loads may find they need to tune them as appropriate for their mail load. In particular, sites expe- riencing a large number of small messages, many of which are delivered to many recipients, may find that they need to adjust the parameters dealing with queue priorities. All versions of sendmail prior to 8.7 had single character option names. As of 8.7, options have long (multi-character names). Although old short names are still accepted, most new options do not have short equivalents. This section only describes the options you are most likely to want to tweak; read section 5 for more details. 4.1. Timeouts All time intervals are set using a scaled syntax. For example, ``10m'' represents ten minutes, s seconds 4.1.1. Queue interval The argument to the -q flag specifies how often a sub-daemon will run the queue. This is |
SMM:08-26 Sendmail Installation and Operation Guide
minutes. Should you need to terminate the queue jobs currently active then a SIGTERM to the
parent of the process (or processes) will cleanly stop the jobs.
|
4.1.2. Read timeouts Timeouts all have option names ``Timeout.suboption''. Most of these control SMTP oper- connect The time to wait for an SMTP connection to open (the connect(2) system call) iconnect The same as connect, except it applies only to the initial attempt to connect to aconnect [0, unspecified] The overall timeout waiting for all connection for a single initial The wait for the initial 220 greeting message [5m, 5m]. helo The wait for a reply from a HELO or EHLO command [5m, unspecified]. |
|
because it could be pointing at a list that takes a long time to expand (see |
|
This should be long because it also applies to programs piping input to send- |
|
shorter than the time actually needed for the receiver to deliver the message, |
|
rset quit misc |
The wait for a reply from a RSET command [5m, unspecified]. The wait for a reply from a QUIT command [2m, unspecified]. The wait for a reply from miscellaneous (but short) commands such as NOOP |
|
lhlo auth |
The wait for a reply to an LMTP LHLO command [2m, unspecified]. The timeout for a reply in an SMTP AUTH dialogue [10m, unspecified]. |
13On some systems the default is zero to turn the protocol off entirely.
Sendmail Installation and Operation Guide SMM:08-27
starttls The timeout for a reply to an SMTP STARTTLS command and the TLS hand-
shake [1h, unspecified].
|
resolver.retrans |
before it is considered stale [30m, unspecified]. The resolver's retransmission time interval (in seconds) [varies]. Sets both |
|
Timeout.resolver.retrans.first and Timeout.resolver.retrans.normal. resolver.retrans.first |
|
The resolver's retransmission time interval (in seconds) for the first attempt to |
|
The resolver's retransmission time interval (in seconds) for all resolver |
|
out.resolver.retry.first and Timeout.resolver.retry.normal [varies]. resolver.retry.first |
|
The number of times to retransmit a resolver query for the first attempt to |
The number of times to retransmit a resolver query for all resolver lookups
|
except the first delivery attempt [varies]. For compatibility with old configuration files, if no suboption is specified, all the timeouts marked |
|
apply to client SMTP. For example, the lines: O Timeout.command=25m sets the server SMTP command timeout to 25 minutes and the input data block timeout to three 4.1.3. Message timeouts After sitting in the queue for a few days, an undeliverable message will time out. This is to If the message is submitted using the |
|
|
NOTIFY SMTP extension, warning messages will only |
|
|
be sent if |
|
|
NOTIFY=DELAY is specified. The queuereturn and queuewarn timeouts can be further |
|
|
qualified with a tag based on the Precedence: field in the message; they must be one of ``urgent'' (indicating a positive non-zero precedence) ``normal'' (indicating a zero precedence), or ``non-urgent'' (indicating negative precedences). For example, setting ``Timeout.queue- warn.urgent=1h'' sets the warning timeout for urgent messages only to one hour. The default if no precedence is indicated is to set the timeout for all precedences. The value "now" can be used for -O Timeout.queuereturn to return entries immediately during a queue run, e.g., to bounce messages independent of their time in the queue. Since these options are global, and since you cannot know a priori how long another host outside your domain will be down, a five day timeout is recommended. This allows a recipient |
SMM:08-28 Sendmail Installation and Operation Guide
to fix the problem even if it occurs at the beginning of a long weekend. RFC 1123 section
5.3.1.1 says that this parameter should be ``at least 4-5 days''.
|
The Timeout.queuewarn value can be piggybacked on the T option by indicating a time OT5d/4h causes email to fail after five days, but a warning message will be sent after four hours. This 4.2. Forking During Queue Runs By setting the ForkEachJob (Y) option, sendmail will fork before each individual message If the ForkEachJob option is set, sendmail cannot use connection caching. 4.3. Queue Priorities Every message is assigned a priority when it is first instantiated, consisting of the message The message size is included so that large messages are penalized relative to small messages. The recipient and class factors can be set in the configuration file using the RecipientFactor |
1800 (for the class factor). The initial priority is:
|
(Remember, higher values for this parameter actually mean that the job will be treated with lower The priority of a job can also be adjusted each time it is processed (that is, each time an 4.4. Load Limiting Sendmail can be asked to queue (but not deliver) mail if the system load average gets too high |
that is, the message is queued iff:
The QueueFactor option defaults to 600000, so each point of load average is worth 600000 priority
Sendmail Installation and Operation Guide SMM:08-29
points (as described above).
|
For drastic cases, the RefuseLA (X) option defines a load average at which sendmail will 4.5. Resource Limits Sendmail has several parameters to control resource usage. Besides those mentionted in the 4.6. Delivery Mode There are a number of delivery modes that sendmail can operate in, set by the DeliveryMode i deliver interactively (synchronously) There are tradeoffs. Mode ``i'' gives the sender the quickest feedback, but may slow down some If you run in mode ``q'' (queue only), ``d'' (defer), or ``b'' (deliver in background) sendmail 4.7. Log Level The level of logging can be set for sendmail. The default using a standard configuration table 0 Minimal logging. 1 Serious system failures and potential security problems. 2 Lost communications (network problems) and protocol failures. 3 Other serious failures, malformed addresses, transient forward/include errors, connection 4 Minor failures, out of date alias databases, connection rejections via check_ rulesets. 5 Message collection statistics. 6 Creation of error messages, VRFY and EXPN commands. |
SMM:08-30 Sendmail Installation and Operation Guide
7 Delivery failures (host or user unknown, etc.).
|
8 9 10 11 12 13 14 15 20 |
Successful deliveries and alias database rebuilds. Messages being deferred (due to a host being down, etc.). Database expansion (alias, forward, and userdb lookups) and authentication information. NIS errors and end of job processing. Logs all SMTP connections. Log bad user shells, files with improper permissions, and other questionable situations. Logs refused connections. Log all incoming and outgoing SMTP commands. Logs attempts to run locked queue files. These are not errors, but can be useful to note if |
||
|
30 |
Lost locks (only if using lockf instead of flock). |
|
Additionally, values above 64 are reserved for extremely verbose debugging output. No normal 4.8. File Modes The modes used for files depend on what functionality you want and the level of security you 4.8.1. To suid or not to suid? Sendmail is no longer installed set-user-ID to root. sendmail/SECURITY explains how to The daemon usually runs as root, unless other measures are taken. At the point where A middle ground is to set the RunAsUser option. This causes sendmail to become the indi- SMTP socket). If you use RunAsUser, the queue directory (normally /var/spool/mqueue) should |
|
|
be owned by that user, and all files and databases (including user .forward files, alias files, 4.8.2. Turning off security checks Sendmail is very particular about the modes of files that it reads or writes. For example, by |
Sendmail Installation and Operation Guide SMM:08-31
If you are quite sure that your configuration is safe and you want sendmail to avoid these
security checks, you can turn off certain checks using the DontBlameSendmail option. This
option takes one or more names that disable checks. In the descriptions that follow, ``unsafe
directory'' means a directory that is writable by anyone other than the owner. The values are:
|
Safe No special handling. AssumeSafeChown ClassFileInUnsafeDirPath DontWarnForwardFileInUnsafeDirPath ErrorHeaderInUnsafeDirPath FileDeliveryToHardLink FileDeliveryToSymLink ForwardFileInGroupWritableDirPath ForwardFileInUnsafeDirPath ForwardFileInUnsafeDirPathSafe GroupReadableKeyFile GroupReadableSASLDBFile GroupWritableAliasFile GroupWritableDirPathSafe GroupWritableForwardFile GroupWritableForwardFileSafe GroupWritableIncludeFile GroupWritableIncludeFileSafe GroupWritableSASLDBFile |
SMM:08-32 Sendmail Installation and Operation Guide
HelpFileInUnsafeDirPath
|
Allow the file named in the HelpFile option to be in an unsafe directory. IncludeFileInGroupWritableDirPath IncludeFileInUnsafeDirPath IncludeFileInUnsafeDirPathSafe InsufficientEntropy LinkedAliasFileInWritableDir LinkedClassFileInWritableDir LinkedForwardFileInWritableDir LinkedIncludeFileInWritableDir LinkedMapInWritableDir MapInUnsafeDirPath NonRootSafeAddr RunProgramInUnsafeDirPath RunWritableProgram TrustStickyBit WorldWritableAliasFile WorldWritableForwardfile WorldWritableIncludefile WriteMapToHardLink WriteMapToSymLink WriteStatsToHardLink |
Sendmail Installation and Operation Guide SMM:08-33
WriteStatsToSymLink
|
Allow the status file to be a symbolic link. 4.9. Connection Caching When processing the queue, sendmail will try to keep the last few open connections open to When trying to open a connection the cache is first searched. If an open connection is found, |
|
|
RSET command. It is not an error if this fails; |
|
|
instead, the connection is closed and reopened. Two parameters control the connection cache. The ConnectionCacheSize (k) option defines The ConnectionCacheTimeout (K) option specifies the maximum time that any cached con- 4.10. Name Server Access Control of host address lookups is set by the hosts service entry in your service switch file. If However, some systems (such as SunOS 4.X) will do DNS lookups regardless of the setting The same technique is used to decide whether to do MX lookups. If you want MX support, The ResolverOptions (I) option allows you to tweak name server options. The command O ResolverOptions=+AAONLY -DNSRCH turns on the AAONLY (accept authoritative answers only) and turns off the DNSRCH (search the Version level 1 configurations (see the section about Configuration Version Level) turn |
SMM:08-34 Sendmail Installation and Operation Guide
$]), and always does the search. If you don't want to do automatic name extension, don't call $[ ...
$].
|
The search rules for $[ ... $] are somewhat different than usual. If the name being looked up To completely turn off all name server access on systems without service switch support 4.11. Moving the Per-User Forward Files Some sites mount each user's home directory from a local disk on their workstation, so that The ForwardPath (J) option allows you to set a path of forward files. For example, the config O ForwardPath=/var/forward/$u:$z/.forward.$w would first look for a file with the same name as the user's login in /var/forward; if that is not found If you create a directory such as /var/forward, it should be mode 1777 (that is, the sticky bit 4.12. Free Space On systems that have one of the system calls in the statfs(2) family (including statvfs and Beware of setting this option too high; it can cause rejection of email when that mail would be 4.13. Maximum Message Size To avoid overflowing your system with a large message, the MaxMessageSize option can be 4.14. Privacy Flags The PrivacyOptions (p) option allows you to set certain ``privacy'' flags. Actually, many of |
Sendmail Installation and Operation Guide SMM:08-35
The option takes a series of flag names; the final privacy is the inclusive or of those flags. For
example:
|
O PrivacyOptions=needmailhelo, noexpn insists that the HELO or EHLO command be used before a MAIL command is accepted and dis- The flags are detailed in section 5.6. 4.15. Send to Me Too Beginning with version 8.10, sendmail includes by default the (envelope) sender in any list |
|
|
FALSE (in the configuration file or via |
|
|
the command line), this behavior is changed, i.e., the (envelope) sender is excluded in list expan- |
|
This section describes the configuration file in detail. There is one point that should be made clear immediately: the syntax of the configuration file is designed to be reasonably easy to parse, since this is done every time sendmail starts up, rather than easy for a human to read or write. The configuration file should be generated via the method described in cf/README, it should not be edited directly unless someone is familiar with the internals of the syntax described here and it is not possible to achieve the desired result via the default method. The configuration file is organized as a series of lines, each of which begins with a single charac- ter defining the semantics for the rest of the line. Lines beginning with a space or a tab are continua- tion lines (although the semantics are not well defined in many places). Blank lines and lines beginning with a sharp symbol (`#') are comments. 5.1. R and S -- Rewriting Rules The core of address parsing are the rewriting rules. These are an ordered production system. There are several sets of rewriting rules. Some of the rewriting sets are used internally and The syntax of these two commands are: Sn Sets the current ruleset being collected to n. If you begin a ruleset more than once it appends to the Rlhs rhs comments The fields must be separated by at least one tab character; there may be embedded spaces in the Macro expansions of the form $x are performed when the configuration file is read. A literal $ 5.1.1. The left hand side The left hand side of rewriting rules contains a pattern. Normal words are simply matched |
SMM:08-36 Sendmail Installation and Operation Guide
$* Match zero or more tokens
|
$+ |
Match one or more tokens |
|
If any of these match, they are assigned to the symbol $n for replacement on the right hand side, $-:$+ is applied to the input: UCBARPA:eric the rule will match, and the values passed to the RHS will be: $1 UCBARPA Additionally, the LHS can include $@ to match zero tokens. This is not bound to a $n on 5.1.2. The right hand side When the left hand side of a rewriting rule matches, the input is deleted and replaced by $n Substitute indefinite token n from LHS The $n syntax substitutes the corresponding value from a $+, $-, $*, $=, or $~ match on |
|
|
the LHS. It may be used anywhere. A host name enclosed between $[ and $] is looked up in the host database(s) and replaced by the canonical name14. For example, ``$[ftp$]'' might become ``ftp.CS.Berkeley.EDU'' and |
|
|
``$[[128.32.130.2]$]'' would become ``vangogh.CS.Berkeley.EDU.'' Sendmail recognizes its numeric IP address without calling the name server and replaces it with its canonical name. The $( ... $) syntax is a more general form of lookup; it uses a named map instead of an implicit map. If no lookup is found, the indicated default is inserted; if no default is specified and no lookup matches, the value is left unchanged. The arguments are passed to the map for possi- ble use. The $>n syntax causes the remainder of the line to be substituted as usual and then passed as the argument to ruleset n. The final value of ruleset n then becomes the substitution for this rule. The $> syntax expands everything after the ruleset name to the end of the replacement string and then passes that as the initial input to the ruleset. Recursive calls are allowed. For example, $>0 $>3 $1 |
expands $1, passes that to ruleset 3, and then passes the result of ruleset 3 to ruleset 0.
14This is actually completely equivalent to $(host hostname$). In particular, a $: default can be used.
Sendmail Installation and Operation Guide SMM:08-37
The $# syntax should only be used in ruleset zero, a subroutine of ruleset zero, or rulesets
that return decisions (e.g., check_rcpt). It causes evaluation of the ruleset to terminate immedi-
ately, and signals to sendmail that the address has completely resolved. The complete syntax
for ruleset 0 is:
|
$#mailer $@host $:user This specifies the {mailer, host, user} 3-tuple necessary to direct the mailer. If the mailer is local the host part may be omitted15. The mailer must be a single word, but the host and user |
|
|
may be multi-part. If the mailer is the built-in IPC mailer, the host may be a colon-separated list Normally, a rule that matches is retried, that is, the rule loops until it fails. A RHS may also The $@ and $: prefixes may precede a $> spec; for example: R$+ $: $>7 $1 matches anything, passes that to ruleset seven, and continues; the $: is necessary to avoid an Substitution occurs in the order described, that is, parameters from the LHS are substi- 5.1.3. Semantics of rewriting rule sets There are six rewriting sets that have specific semantics. Five of these are related as Ruleset three should turn the address into ``canonical form.'' This form should have the local-part@host-domain-spec Ruleset three is applied by sendmail before doing anything with any address. If no ``@'' sign is specified, then the host-domain-spec may be appended (box ``D'' in Fig- Ruleset zero is applied after ruleset three to addresses that are going to actually specify Rulesets one and two are applied to all sender and recipient addresses respectively. They Ruleset four is applied to all addresses in the message. It is typically used to translate inter- In addition, ruleset 5 is applied to all local addresses (specifically, those that resolve to a |
mailer with the `F=5' flag set) that do not have aliases. This allows a last minute hook for local
15You may want to use it for special ``per user'' extensions. For example, in the address ``jgm+foo@CMU.EDU''; the ``+foo'' part is not part of the user name, and is passed to the local mailer for local use.
SMM:08-38 Sendmail Installation and Operation Guide
Figure 1 -- Rewriting set semantics
|
D -- sender domain addition |
R -- mailer-specific recipient rewriting
|
names. 5.1.4. Ruleset hooks A few extra rulesets are defined as ``hooks'' that can be defined to get special features. 5.1.4.1. check_relay The check_relay ruleset is called after a connection is accepted by the daemon. It is client.host.name $| client.host.address where $| is a metacharacter separating the two parts. This ruleset can reject connections 5.1.4.2. check_mail The check_mail ruleset is passed the user name parameter of the |
|
|
SMTP MAIL command. |
|
|
It can accept or reject the address. 5.1.4.3. check_rcpt The check_rcpt ruleset is passed the user name parameter of the |
|
|
SMTP RCPT command. |
|
|
It can accept or reject the address. 5.1.4.4. check_data The check_data ruleset is called after the |
|
|
SMTP DATA command, its parameter is the |
|
|
number of recipients. It can accept or reject the command. |
|
The check_compat ruleset is passed sender-address $| recipient-address where $| is a metacharacter separating the addresses. It can accept or reject mail transfer 5.1.4.6. check_eoh The check_eoh ruleset is passed number-of-headers $| size-of-headers where $| is a metacharacter separating the numbers. These numbers can be used for size Kstorage macro SCheckMessageId Scheck_eoh Keep in mind the Message-Id: header is not a required header and is not a guaranteed spam 5.1.4.7. check_etrn The check_etrn ruleset is passed the parameter of the |
|
|
SMTP ETRN command. It can |
|
|
accept or reject the command. 5.1.4.8. check_expn The check_expn ruleset is passed the user name parameter of the |
|
|
SMTP EXPN com- |
|
|
mand. It can accept or reject the address. 5.1.4.9. check_vrfy The check_vrfy ruleset is passed the user name parameter of the |
|
|
SMTP VRFY command. |
|
|
It can accept or reject the command. |
|
The trust_auth ruleset is passed the AUTH= parameter of the |
|
|
SMTP MAIL command. It |
|
|
is used to determine whether this value should be trusted. In order to make this decision, the 5.1.4.11. tls_client The tls_client ruleset is called when sendmail acts as server, after a STARTTLS com- 5.1.4.12. tls_server The tls_server ruleset is called when sendmail acts as client after a STARTTLS com- 5.1.4.13. tls_rcpt The tls_rcpt ruleset is called each time before a RCPT TO command is sent. The 5.1.4.14. srv_features The srv_features ruleset is called with the connecting client's host name when a client 5.1.4.15. try_tls The try_tls ruleset is called when sendmail connects to another MTA. If the ruleset 5.1.4.16. authinfo The authinfo ruleset is called when sendmail tries to authenticate to another MTA. It |
Sendmail Installation and Operation Guide SMM:08-41
T Tag which describes the item
D Delimiter: ':' simple text follows
|
string |
'=' string is base64 encoded |
|
Valid values for the tag are: U user (authorization) id If this ruleset is defined, the option DefaultAuthInfo is ignored (even if the ruleset does not 5.1.4.17. queuegroup The queuegroup ruleset is used to map a recipient address to a queue group name. The |
|
|
SMTP RCPT command. The rule- |
|
|
set should return $# followed by the name of a queue group. If the return value starts with 5.1.5. IPC mailers Some special processing occurs if the ruleset zero resolves to an IPC mailer (that is, a The host name can also be provided as a dotted quad or an IPv6 address in square brack- [128.32.149.78] or [IPv6:2002:c0a8:51d2::23f4] This causes direct conversion of the numeric value to an IP host address. The host name passed in after the ``$@'' may also be a colon-separated list of hosts. Each As a final special case, the host name can be passed in as a text string in square brackets: [ucbvax.berkeley.edu] This form avoids the MX mapping. N.B.: This is intended only for situations where you have a 5.2. D -- Define Macro Macros are named with a single character or with a word in {braces}. The names ``x'' and |
SMM:08-42 Sendmail Installation and Operation Guide
The syntax for macro definitions is:
|
Dx val where x is the name of the macro (which may be a single character or a word in braces) and val is the value it should have. There should be no spaces given that do not actually belong in the macro value. Macros are interpolated using the construct $x, where x is the name of the macro to be inter- polated. This interpolation is done when the configuration file is read, except in M lines. The spe- cial construct $&x can be used in R lines to get deferred interpolation. Conditionals can be specified using the syntax: $?x text1 $| text2 $. This interpolates text1 if the macro $x is set and non-null, and text2 otherwise. The ``else'' ($|) clause may be omitted. The following macros are defined and/or used internally by sendmail for interpolation into |
|
unmarked macros are passed out of sendmail but are not otherwise used internally. These macros are: $a The origination date in RFC 822 format. This is extracted from the Date: line. $b The current date in RFC 822 format. $c The hop count. This is a count of the number of Received: lines plus the value of the -h com- $d The current date in UNIX (ctime) format. |
printed out when SMTP starts up. The first word must be the $j macro as specified by RFC
821. Defaults to ``$j Sendmail $v ready at $b''. Commonly redefined to include the configura-
tion version number, e.g., ``$j Sendmail $v/$Z ready at $b''
$f The envelope sender (from) address.
|
$g |
The sender address relative to the recipient. For example, if $f is ``foo'', $g will be |
||
|
$h $i |
The recipient host. This is set in ruleset 0 from the $@ field of a parsed address. The queue id, e.g., ``f344MXxp018717''. |
|
found. It must be redefined to be the fully qualified domain name if your system is not config- |
$k The UUCP node name (from the uname system call).
|
have changed the UNIX mailbox format, you should not change the default, which is ``From |
$m The domain part of the gethostname return value. Under normal circumstances, $j is equiva-
lent to $w.$m.
|
characters which will be considered tokens and which will separate tokens when doing pars- ing. For example, if ``@'' were in the $o macro, then the input ``a@b'' would be scanned as |
three tokens: ``a,'' ``@,'' and ``b.'' Defaults to ``.:@[]'', which is the minimum set necessary
16As of version 8.6, all of these macros have reasonable defaults. Previous versions required that they be defined.
Sendmail Installation and Operation Guide SMM:08-43
to do RFC 822 parsing; a richer set of operators is ``.:%@!/[]'', which adds support for
UUCP, the %-hack, and X.400 addresses.
$p Sendmail's process id.
|
message when it is defaulted. Defaults to ``<$g>''. It is commonly redefined to be ``$?x$x Eric Allman <eric@CS.Berkeley.EDU> Sendmail properly quotes names that have special characters if the first form is used. |
|
$r |
Protocol used to receive the message. Set from the -p command line flag or by the SMTP |
||
|
$s $t $u $v |
Sender's host name. Set from the -p command line flag or by the SMTP server code. A numeric representation of the current time. The recipient user. The version number of the sendmail binary. |
$x The full name of the sender.
$z The home directory of the recipient.
|
$_ The validated sender address. See also ${client_resolve}. ${addr_type} ${alg_bits} ${auth_authen} ${auth_author} |
|
|
SMTP MAIL command if supplied. |
|
|
${auth_type} ${auth_ssf} ${bodytype} ${cert_issuer} ${cert_md5} ${cert_subject} |
SMM:08-44 Sendmail Installation and Operation Guide
${cipher}
|
The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES- ${cipher_bits} ${client_addr} ${client_name} ${client_port} ${client_resolve} OK resolved successfully Defined in the SMTP server only. sendmail performs a hostname lookup on the IP address of ${cn_issuer} ${cn_subject} ${currHeader} ${daemon_addr} ${daemon_family} ${daemon_flags} ${daemon_info} ${daemon_name} ${daemon_port} |
Sendmail Installation and Operation Guide SMM:08-45
most likely be ``25''.
|
${deliveryMode} ${envid} ${hdrlen} ${hdr_name} ${if_addr} ${if_addr_out} ${if_family} ${if_family_out} ${if_name} O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA ${if_name_out} ${load_avg} ${mail_addr} |
|
|
SMTP MAIL command. |
|
|
Defined in the SMTP server only. ${mail_host} |
|
|
SMTP MAIL command. Defined in |
|
|
the SMTP server only. ${mail_mailer} |
|
|
SMTP MAIL command. Defined |
|
|
in the SMTP server only. ${msg_size} ${nrcpts} ${ntries} |
SMM:08-46 Sendmail Installation and Operation Guide
${opMode}
|
The current operation mode (from the -b flag). ${queue_interval} ${rcpt_addr} |
|
|
SMTP RCPT command. |
|
|
Defined in the SMTP server only after a RCPT command. ${rcpt_host} |
|
|
SMTP RCPT command. Defined in |
|
|
the SMTP server only after a RCPT command. ${rcpt_mailer} |
|
|
SMTP RCPT command. Defined |
|
|
in the SMTP server only after a RCPT command. ${server_addr} ${server_name} ${tls_version} ${verify} OK verification succeeded. There are three types of dates that can be used. The $a and $b macros are in RFC 822 for- mat; $a is the time as extracted from the ``Date:'' line of the message (if there was one), and $b is the current date and time (used for postmarks). If no ``Date:'' line is found in the incoming mes- sage, $a is set to the current time also. The $d macro is equivalent to the $b macro in UNIX (ctime) format. The macros $w, $j, and $m are set to the identity of this host. Sendmail tries to find the fully qualified name of the host if at all possible; it does this by calling gethostname(2) to get the current hostname and then passing that to gethostbyname(3) which is supposed to return the canonical version of that host name.17 Assuming this is successful, $j is set to the fully qualified name and $m |
|
|
is set to the domain part of the name (everything after the first dot). The $w macro is set to the first |
word (everything before the first dot) if you have a level 5 or higher configuration file; otherwise, it
17For example, on some systems gethostname might return ``foo'' which would be mapped to ``foo.bar.com'' by gethost- byname.
Sendmail Installation and Operation Guide SMM:08-47
is set to the same value as $j. If the canonification is not successful, it is imperative that the config
file set $j to the fully qualified domain name18.
|
The $f macro is the id of the sender as originally determined; when mailing to a specific host The $x macro is set to the full name of the sender. This can be determined in several ways. It |
|
|
NAME environment variable. The third |
|
|
choice is the value of the ``Full-Name:'' line in the header if it exists, and the fourth choice is the When sending, the $h, $u, and $z macros get set to the host, user, and home directory (if The $p and $t macros are used to create unique strings (e.g., for the ``Message-Id:'' field). The $c field is set to the ``hop count,'' i.e., the number of times this message has been pro- The $r and $s fields are set to the protocol used to communicate with sendmail and the send- The $_ is set to a validated sender host name. If the sender is running an RFC 1413 compliant The ${client_name}, ${client_addr}, and ${client_port} macros are set to the name, 5.3. C and F -- Define Classes Classes of phrases may be defined to match on the left hand side of rewriting rules, where a The syntax is: Cc phrase1 phrase2... The first form defines the class c to match any of the named words. If phrase1 or phrase2 is |
among multiple lines; for example, the two forms:
18Older versions of sendmail didn't pre-define $j at all, so up until 8.6, config files always had to define $j.
SMM:08-48 Sendmail Installation and Operation Guide
CHmonet ucbmonet
and
|
CHmonet are equivalent. The ``F'' forms read the elements of the class c from the named file, program, or map specification. Each element should be listed on a separate line. To specify an optional file, use ``-o'' between the class name and the file name, e.g., Fc -o /path/to/file If the file can't be used, sendmail will not complain but silently ignore it. The map form should be an optional map key, an at sign, and a map class followed by the specification for that map. Exam- ples include: F{VirtHosts}@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host will fill the class $={VirtHosts} from an LDAP map lookup and $={MyClass} from a hash database map lookup of the foo. There is also a built-in schema that can be accessed by only speci- fying: F{ClassName}@LDAP This will tell sendmail to use the default schema: -k (&(objectClass=sendmailMTAClass) Note that the lookup is only done when sendmail is initially started. Elements of classes can be accessed in rules using $= or $~. The $~ (match entries not in |
|
|
class) only matches a single word; multi-word entries in the class are ignored in this context. Some classes have internal meaning to sendmail: $=e contains the Content-Transfer-Encodings that can be 8®7 bit encoded. It is predefined to $=k set to be the same as $k, that is, the UUCP node name. $=m set to the set of domains by which this host is known, initially just $m. $=n can be set to the set of MIME body types that can never be eight to seven bit encoded. It $=q A set of Content-Types that will never be encoded as base64 (if they have to be encoded, $=s contains the set of subtypes of message that can be treated recursively. By default it con- $=t set to the set of trusted users by the T configuration line. If you want to read trusted users $=w set to be the set of all names this host is known by. This can be used to match local host- $={persistentMacros} |
Sendmail Installation and Operation Guide SMM:08-49
Sendmail can be compiled to allow a scanf(3) string on the F line. This lets you do simplistic
parsing of text files. For example, to read all the user names in your system /etc/passwd file into a
class, use
|
FL/etc/passwd %[^:] |
|
|
which reads every line up to the first colon. 5.4. M -- Define Mailer Programs and interfaces to mailers are defined in this line. The format is: Mname, {field=value }* where name is the name of the mailer (used internally only) and the ``field=name'' pairs define Path The pathname of the mailer Only the first character of the field name is checked (it's case-sensitive). The following flags may be set in the mailer description. Any other flags may be used freely |
|
than the usual recipient mailers. a Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870). This flag A Look up the user part of the address in the alias database. Normally this is only set for local b Force a blank line on the end of a message. This is intended to work around some stupid ver- c Do not include comments in addresses. This should only be used if you have to work around a |
|
an at sign (``@'') after being rewritten by ruleset three will have the ``@domain'' clause from From: usera@hosta to be rewritten as: |
SMM:08-50 Sendmail Installation and Operation Guide
From: usera@hosta
|
To: userb@hostb, userc@hosta automatically. However, it doesn't really work reliably. |
|||
|
d |
Do not include angle brackets around route-address syntax addresses. This is useful on mail- ers that are going to pass addresses to a shell that might interpret angle brackets as I/O redi- rection. However, it does not protect against other shell metacharacters. Therefore, passing addresses to a shell should not be considered secure. |
|
e |
This mailer is expensive to connect to, so try to avoid connecting normally; any necessary con- nection will occur during a queue run. See also option HoldExpensive. |
||
|
E f |
Escape lines beginning with ``From '' in the message with a `>' sign. The mailer wants a -f from flag, but only if this is a network forward operation (i.e., the mailer |
|
g |
Normally, sendmail sends internally generated email (e.g., error messages) using the null return address as required by RFC 1123. However, some mailers don't accept a null return address. If necessary, you can set the g flag to prevent sendmail from obeying the standards; error messages will be sent as from the MAILER-DAEMON (actually, the value of the $n macro). |
||
|
h |
Upper case should be preserved in host names (the $@ portion of the mailer triplet resolved from ruleset 0) for this mailer. |
||
|
i I |
Do User Database rewriting on envelope sender address. This mailer will be speaking SMTP to another sendmail -- as such it can use special protocol features. This flag should not be used except for debugging purposes because it uses VERB as SMTP command. |
||
|
j k |
Do User Database rewriting on recipients as well as senders. Normally when sendmail connects to a host via SMTP, it checks to make sure that this isn't accidently the same host name as might happen if sendmail is misconfigured or if a long-haul network interface is set in loopback mode. This flag disables the loopback check. It should only be used under very unusual circumstances. |
||
|
K l L |
Currently unimplemented. Reserved for chunking. This mailer is local (i.e., final delivery will be performed). Limit the line lengths as specified in RFC 821. This deprecated option should be replaced by the L= mail declaration. For historic reasons, the L flag also sets the 7 flag. |
||
|
m |
This mailer can send to multiple users on the same host in one transaction. When a $u macro occurs in the argv part of the mailer definition, that field will be repeated as necessary for all qualifying users. Removing this flag can defeat duplicate supression on a remote site as each recipient is sent in a separate transaction. |
|
n o |
Do not insert a UNIX-style ``From'' line on the front of the message. Always run as the owner of the recipient mailbox. Normally sendmail runs as the sender for locally generated mail or as ``daemon'' (actually, the user specified in the u option) when deliv- ering network mail. The normal behavior is required by most local mailers, which will not allow the envelope sender address to be set unless the mailer is running as daemon. This flag is ignored if the S flag is set. |
||
|
p |
Use the route-addr style reverse-path in the SMTP ``MAIL FROM:'' command rather than just the return address; although this is required in RFC 821 section 3.1, many hosts do not pro- cess reverse-paths properly. Reverse-paths are officially discouraged by RFC 1123. |
Sendmail Installation and Operation Guide SMM:08-51
|
q |
When an address that resolves to this mailer is verified (SMTP VRFY command), generate 250 responses instead of 252 responses. This will imply that the address is local. |
||
|
r R |
Same as f, but sends a -r flag. Open SMTP connections from a ``secure'' port. Secure ports aren't (secure, that is) except on UNIX machines, so it is unclear that this adds anything. sendmail must be running as root to be able to use this flag. |
||
|
s S |
Strip quote characters (" and \) off of the address before calling the mailer. Don't reset the userid before calling the mailer. This would be used in a secure environment where sendmail ran as root. This could be used to avoid forged addresses. If the U= field is also specified, this flag causes the effective user id to be set to that user. |
||
|
u |
Upper case should be preserved in user names for this mailer. Standards require preservation of case in the local part of addresses, except for those address for which your system accepts responsibility. RFC 2142 provides a long list of addresses which should be case insensitive. If you use this flag, you may be violating RFC 2142. Note that postmaster is always treated as a case insensitive address regardless of this flag. |
||
|
U w |
This mailer wants UUCP-style ``From'' lines with the ugly ``remote from <host>'' on the end. The user must have a valid account on this machine, i.e., getpwnam must succeed. If not, the mail is bounced. See also the MailBoxDatabase option. This is required to get ``.forward'' capability. |
|
X |
This mailer wants to use the hidden dot algorithm as specified in RFC 821; basically, any line beginning with a dot will have an extra dot prepended (to be stripped at the other end). This insures that lines in the message containing a dot will not terminate the message prematurely. |
||
|
z |
Run Local Mail Transfer Protocol (LMTP) between sendmail and the local mailer. This is a variant on SMTP defined in RFC 2033 that is specifically designed for delivery to a local mail- box. |
||
|
Z 0 |
Apply DialDelay (if set) to this mailer. Don't look up MX records for hosts sent via SMTP/LMTP. Do not apply FallbackMXhost either. |
||
|
1 2 |
Don't send null characters ('\0') to this mailer. Don't use ESMTP even if offered; this is useful for broken systems that offer ESMTP but fail on EHLO (without recovering when HELO is tried next). |
||
|
3 |
Extend the list of characters converted to =XX notation when converting to Quoted-Printable to include those that don't map cleanly between ASCII and EBCDIC. Useful if you have IBM mainframes on site. |
||
|
5 |
If no aliases are found for this address, pass the address through ruleset 5 for possible alternate resolution. This is intended to forward the mail to an alternate delivery spot. |
||
|
6 7 |
Strip headers to seven bits. Strip all output to seven bits. This is the default if the L flag is set. Note that clearing this option is not sufficient to get full eight bit data passed through sendmail. If the 7 option is set, this is essentially always set, since the eighth bit was stripped on input. Note that this option will only impact messages that didn't have 8®7 bit MIME conversions performed. |
||
|
8 |
If set, it is acceptable to send eight bit data to this mailer; the usual attempt to do 8®7 bit MIME conversions will be bypassed. |
||
|
9 : |
If set, do limited 7®8 bit MIME conversions. These conversions are limited to text/plain data. Check addresses to see if they begin ``:include:''; if they do, convert them to the ``*include*'' mailer. |
SMM:08-52 Sendmail Installation and Operation Guide
| Check addresses to see if they begin with a `|'; if they do, convert them to the ``prog'' mailer.
|
/ @ % |
Check addresses to see if they begin with a `/'; if they do, convert them to the ``*file*'' mailer. Look up addresses in the user database. Do not attempt delivery on initial recipient of a message or on queue runs unless the queued message is selected using one of the -qI/-qR/-qS queue run modifiers or an ETRN request. Configuration files prior to level 6 assume the `A', `w', `5', `:', `|', `/', and `@' options on the |
mailer named ``local''.
|
The mailer with the special name ``error'' can be used to generate a user error. The (optional) host field is an exit status to be returned, and the user field is a message to be printed. The exit status may be numeric or one of the values USAGE, NOUSER, NOHOST, UNAVAIL- ABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG to return the corresponding EX_ exit code, or an enhanced error code as described in RFC 1893, Enhanced Mail System Status Codes. For example, the entry: $#error $@ NOHOST $: Host unknown in this domain on the RHS of a rule will cause the specified error to be generated and the ``Host unknown'' exit status to be returned if the LHS matches. This mailer is only functional in rulesets 0, 5, or one of the check_* rulesets. The mailer with the special name ``discard'' causes any mail sent to it to be discarded but oth- erwise treated as though it were successfully delivered. This mailer cannot be used in ruleset 0, only in the various address checking rulesets. The mailer named ``local'' must be defined in every configuration file. This is used to deliver local mail, and is treated specially in several ways. Additionally, three other mailers named ``prog'', ``*file*'', and ``*include*'' may be defined to tune the delivery of messages to programs, files, and :include: lists respectively. They default to: Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh -c $u Builtin pathnames are [FILE] and [IPC], the former is used for delivery to files, the latter for delivery via interprocess communication. For mailers that use [IPC] as pathname the argument vector (A=) must start with TCP or FILE for delivery via a TCP or a Unix domain socket. If TCP is used, the second argument must be the name of the host to contact. Optionally a third argument can be used to specify a port, the default is smtp (port 25). If FILE is used, the second argument must be the name of the Unix domain socket. If the argument vector does not contain $u then sendmail will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer. If no Eol field is defined, then the default is "\r\n" for SMTP mailers and "\n" of others. The Sender and Recipient rewriting sets may either be a simple ruleset id or may be two ids separated by a slash; if so, the first rewriting set is applied to envelope addresses and the second is applied to headers. Setting any value to zero disables corresponding mailer-specific rewriting. The Directory is actually a colon-separated path of directories to try. For example, the defini- tion ``D=$z:/'' first tries to execute in the recipient's home directory; if that is not available, it tries to execute in the root of the filesystem. This is intended to be used only on the ``prog'' mailer, since some shells (such as csh) refuse to execute if they cannot read the current directory. Since the queue directory is not normally readable by unprivileged users csh scripts as recipients can fail. The Userid specifies the default user and group id to run as, overriding the DefaultUser option (q.v.). If the S mailer flag is also specified, this user and group will be set as the effective uid and gid for the process. This may be given as user:group to set both the user and group id; either may be an integer or a symbolic name to be looked up in the passwd and group files respectively. If only a symbolic user name is specified, the group id in the passwd file for that user is used as the group id. |
Sendmail Installation and Operation Guide SMM:08-53
The Charset field is used when converting a message to MIME; this is the character set used
in the Content-Type: header. If this is not set, the DefaultCharset option is used, and if that is not
set, the value ``unknown-8bit'' is used. WARNING: this field applies to the sender's mailer, not the
recipient's mailer. For example, if the envelope sender address lists an address on the local net-
work and the recipient is on an external network, the character set will be set from the Charset=
field for the local network mailer, not that of the external network mailer.
|
The Type= field sets the type information used in MIME error messages as defined by RFC The m= field specifies the maximum number of messages to attempt to deliver on a single The r= field specifies the maximum number of recipients to attempt to deliver in a single enve- The /= field specifies a new root directory for the mailer. The path is macro expanded and The Wait= field specifies the maximum time to wait for the mailer to return after sending all The Queuegroup= field specifies the default queue group in which received mail should be 5.5. H -- Define Header The format of the header lines that sendmail inserts into the message are defined by the H Hhname: htemplate H[?mflags?]hname: htemplate H[?${macro}?]hname: htemplate Continuation lines in this spec are reflected directly into the outgoing message. The htemplate is Some headers have special semantics that will be described later. A secondary syntax allows validation of headers as they are being read. To enable validation, HHeader: $>Ruleset The indicated Ruleset is called for the specified Header, and can return $#error to reject the mes- |
SMM:08-54 Sendmail Installation and Operation Guide
For example, the configuration lines:
|
HMessage-Id: $>CheckMessageId SCheckMessageId would refuse any message that had a Message-Id: header of any of the following forms: Message-Id: <> A default ruleset that is called for headers which don't have a specific ruleset defined for them can H*: $>Ruleset or H*: $>+Ruleset 5.6. O -- Set Option There are a number of global options that can be set from a configuration file. Options are O option=value This sets option option to be value. Note that there must be a space between the letter `O' and the Oo value where the option o is a single character. Depending on the option, value may be a string, an inte- All filenames used in options should be absolute paths, i.e., starting with '/'. Relative file- The options supported (with the old, one character names in brackets) are: AliasFile=spec, spec, ... -k (&(objectClass=sendmailMTAAliasObject) Depending on how sendmail is compiled, valid classes are ``implicit'' (search NEWDB is specified), ``btree'' (if NEWDB is specified), ``dbm'' (if NDBM is speci- |
|
|
fied), ``stab'' (internal symbol table -- not normally used unless you have no other |
|
|
LDAPMAP is specified), or ``nis'' (if NIS is specified). If a list of specs |
|
|
are provided, sendmail searches them in order. AliasWait=timeout |
Sendmail Installation and Operation Guide SMM:08-55
interval issue a warning.
|
AllowBogusHELO AuthMaxBits=N [no short name] Limit the maximum encryption strength for the security layer in AuthMechanisms AuthOptions [no short name] List of options for SMTP AUTH consisting of single characters A Use the AUTH= parameter for the MAIL FROM The first option applies to sendmail as a client, the others to a server. Example: O AuthOptions=p,y would disallow ANONYMOUS as AUTH mechanism and would allow PLAIN BadRcptThrottle=N BlankSub=c [B] Set the blank substitution character to c. Unquoted spaces in addresses are |
|
CACertPath |
[no short name] Path to directory with certificates of CAs. This directory direc- tory must contain the hashes of each CA certificate as filenames (or as links to them). |
|||
|
CACertFile |
[no short name] File containing one or more CA certificates; see section about |
|||
|
CheckAliases |
[n] Validate the RHS of aliases when rebuilding the alias database. |
|
CheckpointInterval=N ClassFactor=fact ClientCertFile [no short name] File containing the certificate of the client, i.e., this certificate is ClientKeyFile [no short name] File containing the private key belonging to the client certificate ClientPortOptions=options Port Name/number of source port for connection (defaults to |
any free port) |
|
|
Addr Address mask (defaults INADDR_ANY) The Address mask may be a numeric address in dot notation or a network name. h use name of interface for HELO command If ``h'' is set, the name corresponding to the outgoing interface address (whether ColonOkInAddr [no short name] If set, colons are acceptable in e-mail addresses (e.g., ConnectionCacheSize=N |
|
zero defaults to the old behavior, that is, connections are closed immediately. ConnectionCacheTimeout=timeout ConnectOnlyTo=address ConnectionRateThrottle=N ControlSocketName=name DHParameters File with DH parameters for STARTTLS. This is only required if a ciphersuite DaemonPortOptions=options Name User-definable name for the daemon (defaults to "Daemon#") The Name key is used for error messages and logging. The Address mask may |
SMM:08-58 Sendmail Installation and Operation Guide
a always require authentication
|
b |
bind to interface through which mail has been received |
|
That is, one way to specify a message submission agent (MSA) that always requires authentication is: O DaemonPortOptions=Name=MSA, Port=587, M=Ea The modifiers that are marked with "(.cf)" have only effect in the standard config- uration file, in which they are available via ${daemon_flags}. Notice: Do not use the ``a'' modifier on a public accessible MTA! It should only be used for a MSA that is accessed by authorized users for initial mail submission. Users must authenticate to use a MSA which has this option turned on. The flags ``c'' and ``C'' can change the default for hostname canonification in the sendmail.cf file. See the relevant documentation for |
|
|
FEATURE(nocanonify). The modifier ``f'' disal- |
|
|
lows addresses of the form user@host unless they are submitted directly. The flag ``u'' allows unqualified sender addresses, i.e., those without @host. ``b'' forces sendmail to bind to the interface through which the e-mail has been received for the outgoing connection. WARNING: Use ``b'' only if outgoing mail can be routed through the incoming connection's interface to its destination. No attempt is made to catch problems due to a misconfiguration of this parameter, use it only for virtual hosting where each virtual interface can connect to every possible location. This will also override possible settings via ClientPortOptions. Note, sendmail will listen on a new socket for each occurence of the Daemon- PortOptions option in a configuration file. The modifier ``O'' causes sendmail to ignore a socket if it can't be opened. This applies to failures from the socket(2) and bind(2) calls. |
|
DefaultAuthInfo [no short name] Filename that contains default authentication information for out- DefaultCharSet=charset DataFileBufferSize=threshold DeadLetterDrop=file |
Sendmail Installation and Operation Guide SMM:08-59
will not attempt to save to a system-wide dead.letter file in the event it cannot
bounce the mail to the user or postmaster. Instead, it will rename the qf file as it
has in the past when the dead.letter file could not be opened.
|
DefaultUser=user:group user. Defaults to 1:1. The value can also be given as a symbolic user name.19 |
|
|
DelayLA=LA [no short name] When the system load average exceeds LA, sendmail will sleep DeliverByMin=time DeliveryMode=x [d] Deliver in mode x. Legal modes are: i Deliver interactively (synchronously) Defaults to ``b'' if no option is specified, ``i'' if it is specified but given no argument DialDelay=sleeptime DirectSubmissionModifiers=modifiers DontBlameSendmail=option,option,... DontExpandCnames |
the IETF is moving toward changing this standard, so the behavior may become
19The old g option has been combined into the DefaultUser option.
SMM:08-60 Sendmail Installation and Operation Guide
acceptable. Please note that hosts downstream may still rewrite the address to
be the true canonical name however.
|
DontInitGroups |
[no short name] If set, sendmail will avoid using the initgroups(3) call. If you are running NIS, this causes a sequential scan of the groups.byname map, which can cause your NIS server to be badly overloaded in a large domain. The cost of this is that the only group found for users will be their primary group (the one in the password file), which will make file access permissions somewhat more restric- tive. Has no effect on systems that don't have group lists. |
|
DontProbeInterfaces DontPruneRoutes <@known1,@known2,@known3:user@unknown> sendmail will strip off the ``@known1,@known2'' in order to make the route as DoubleBounceAddress=error-address EightBitMode=action s Reject undeclared 8-bit data (``strict'') In all cases properly declared 8BITMIME data will be converted to 7BIT as ErrorHeader=file-or-message |
Sendmail Installation and Operation Guide SMM:08-61
ErrorMode=x [e] Dispose of errors using mode x. The values for x are:
|
p |
Print error messages (default) |
|
Note that the last mode, ``e'', is for Berknet error processing and should not be FallbackMXhost=fallbackhost FastSplit [no short name] If set to a value greater than zero (the default is one), it sup- ForkEachJob [Y] If set, deliver each job that is run from the queue in a separate process. ForwardPath=path |
|
|
username/.forward (but only if the first file does not exist). HelpFile=file [H] Specify the help file for SMTP. If no file name is specified, "helpfile" is used. HoldExpensive [c] If an outgoing mailer is marked as being expensive, don't connect immedi- HostsFile=path [no short name] The path to the hosts database, normally ``/etc/hosts''. This HostStatusDirectory=path |
SMM:08-62 Sendmail Installation and Operation Guide
IgnoreDots [i] Ignore dots in incoming messages. This is always disabled (that is, dots are
always accepted) when reading SMTP mail.
|
InputMailFilters=name,name,... LogLevel=n [L] Set the log level to n. Defaults to 9. Mx value [no long version] Set the macro x to value. This is intended only for use from the MailboxDatabase UseMSP [no short name] Use as mail submission program, i.e., allow group writable MatchGECOS [G] Allow fuzzy matching on the GECOS field. If this flag is set, and the usual MaxAliasRecursion=N MaxDaemonChildren=N MaxHeadersLength=N MaxHopCount=N MaxMessageSize=N MaxMimeHeaderLength=N[/M] |
Sendmail Installation and Operation Guide SMM:08-63
respectively. To allow any length, a value of 0 can be specified.
|
MaxQueueChildren=N MaxQueueRunSize=N MaxRecipientsPerMessage=N MaxRunnersPerQueue=N MeToo [m] Send to me too, even if I am in an alias expansion. This option is deprecated Milter [no short name] This option has several sub(sub)options. The names of the sub- LogLevel Log level for input mail filter actions, defaults to LogLevel. The ``macros'' option has the following suboptions which specify the list of macro connect After session connection start By default the lists of macros are empty. Example: |
SMM:08-64 Sendmail Installation and Operation Guide
O Milter.LogLevel=12
O Milter.macros.connect=j, _, {daemon_name}
|
MinFreeBlocks=N MinQueueAge=age MustQuoteChars=s NiceQueueRun [no short name] The priority of queue runners (nice(3)). This value must be NoRecipientAction OldStyleHeaders [o] Assume that the headers may be in old format, i.e., spaces delimit names. OperatorChars=charlist PidFile=filename [no short name] Filename of the pid file. (default is _PATH_SENDMAILPID). PostmasterCopy=postmaster |
Sendmail Installation and Operation Guide SMM:08-65
PrivacyOptions= opt,opt,...
|
[p] Set the privacy options. ``Privacy'' is really a misnomer; many of these are public Allow open access noreceipts Don't return success DSNs20 |
|
|
nobodyreturn Don't return the body of a message with DSNs The ``goaway'' pseudo-flag sets all flags except ``noreceipts'', ``restrictmailq'', ProcessTitlePrefix=string QueueDirectory=dir |
mail is running.
20N.B.: the noreceipts flag turns off support for RFC 1891 (Delivery Status Notification).
SMM:08-66 Sendmail Installation and Operation Guide
QueueFactor=factor
|
[q] Use factor as the multiplier in the map function to decide when to just queue up jobs rather than run them. This value is divided by the difference between the current load average and the load average limit (QueueLA option) to determine the maximum message priority that will be sent. Defaults to 600000. |
|
QueueLA=LA |
[x] When the system load average exceeds LA and the QueueFactor (q) option divided by the difference in the current load average and the QueueLA option plus one is less than the priority of the message, just queue messages (i.e., don't try to send them). Defaults to 8 multiplied by the number of processors online on the system (if that can be determined). |
|
QueueFileMode=mode QueueTimeout=timeout RandFile [no short name] Name of file containing random data or the name of the UNIX ResolverOptions=options RrtImpliesDsn [R] If this option is set, a ``Return-Receipt-To:'' header causes the request of a RunAsUser=user |
Sendmail Installation and Operation Guide SMM:08-67
(where group can be numeric or symbolic). If set to a non-zero (non-root) value,
sendmail will change to this user id shortly after startup21. This avoids a certain
class of security problems. However, this means that all ``.forward'' and
``:include:'' files must be readable by the indicated user and all files to be written
must be writable by user Also, all file and program deliveries will be marked
unsafe unless the option DontBlameSendmail=NonRootSafeAddr is set, in
which case the delivery will be done as user. It is also incompatible with the
SafeFileEnvironment option. In other words, it may not actually add much to
security on an average system, and may in fact detract from security (because
other file permissions must be loosened). However, it should be useful on fire-
walls and other places where users don't have accounts and the aliases file is
well constrained.
|
RecipientFactor=fact RefuseLA=LA [X] When the system load average exceeds LA, refuse incoming SMTP connec- RetryFactor=fact SafeFileEnvironment=dir SaveFromLine [f] Save UNIX-style ``From'' lines at the front of headers. Normally they are SharedMemoryKey SendMimeErrors ServerCertFile [no short name] File containing the certificate of the server, i.e., this certificate is |
used when sendmail acts as server (used for STARTTLS).
21When running as a daemon, it changes to this user after accepting a connection but before reading any SMTP com- mands.
SMM:08-68 Sendmail Installation and Operation Guide
ServerKeyFile [no short name] File containing the private key belonging to the server certificate
(used for STARTTLS).
|
ServiceSwitchFile=filename aliases files The default file is ``/etc/mail/service.switch''. SevenBitInput [7] Strip input to seven bits for compatibility with old systems. This shouldn't be SingleLineFromHeader SingleThreadDelivery SmtpGreetingMessage=message StatusFile=file [S] Log summary statistics in the named file. If no file name is specified, "statis- SuperSafe [s] This option can be set to True, False, or Interactive. If set to True, sendmail TLSSrvOptions [no short name] List of options for SMTP STARTTLS for the server consisting of |
Sendmail Installation and Operation Guide SMM:08-69
TempFileMode=mode
|
[F] The file mode for transcript files, files to which sendmail delivers directly, files Timeout.type= timeout TimeZoneSpec=tzinfo TrustedUser=user TryNullMXList [w] If this system is the ``best'' (that is, lowest preference) MX for a given host, UnixFromLine=fromline UnsafeGroupWrites UseErrorsTo [l] If there is an ``Errors-To:'' header, send error messages to the addresses UserDatabaseSpec=udbspec Verbose [v] Run in verbose mode. If this is set, sendmail adjusts options HoldExpensive XscriptFileBufferSize=threshold All options can be specified on the command line using the -O or -o flag, but most will cause send- mail to relinquish its set-user-ID permissions. The options that will not cause this are SevenBitIn- put [7], EightBitMode [8], MinFreeBlocks [b], CheckpointInterval [C], DeliveryMode [d], Error- Mode [e], IgnoreDots [i], SendMimeErrors [j], LogLevel [L], MeToo [m], OldStyleHeaders [o], PrivacyOptions [p], SuperSafe [s], Verbose [v], QueueSortOrder, MinQueueAge, |
SMM:08-70 Sendmail Installation and Operation Guide
DefaultCharSet, Dial Delay, NoRecipientAction, ColonOkInAddr, MaxQueueRunSize, Single-
LineFromHeader, and AllowBogusHELO. Actually, PrivacyOptions [p] given on the command
line are added to those already specified in the sendmail.cf file, i.e., they can't be reset. Also, M
(define macro) when defining the r or s macros is also considered ``safe''.
|
5.7. P -- Precedence Definitions Values for the ``Precedence:'' field may be defined using the P control line. The syntax of this Pname=num When the name is found in a ``Precedence:'' field, the message class is set to num. Higher numbers Pfirst-class=0 People writing mailing list exploders are encouraged to use ``Precedence: list''. Older versions of 5.8. V -- Configuration Version Level To provide compatibility with old configuration files, the V line has been added to define some N.B.: these version levels have nothing to do with the version number on the files. For exam- ``Old'' configuration files are defined as version level one. Version level two files make the fol- (1) Host name canonification ($[ ... $]) appends a dot if the name is recognized; this gives the (2) Default host name extension is consistent throughout processing; version level one configu- (3) Local names that are not aliases are passed through a new distinguished ruleset five; this Version level three files allow # initiated comments on all lines. Exceptions are backslash Version level four configurations are completely equivalent to level three for historical rea- |
Sendmail Installation and Operation Guide SMM:08-71
Version level five configuration files change the default definition of $w to be just the first com-
ponent of the hostname.
|
Version level six configuration files change many of the local processing options (such as Version level seven configuration files used new option names to replace old macros ($e |
|
|
SMTP VRFY com- |
|
|
mands) was assumed. Version level eight configuration files allow $# on the left hand side of ruleset lines. Version level nine configuration files allow parentheses in rulesets, i.e. they are not treated as Version level ten configuration files allow queue group definitions. The V line may have an optional /vendor to indicate that this configuration file uses modifica- tions specific to a particular vendor22. You may use ``/Berkeley'' to emphasize that this configura- |
|
|
tion file uses the Berkeley dialect of sendmail. 5.9. K -- Key File Declaration Special maps can be defined using the line: Kmapname mapclass arguments The mapname is the handle by which this map is referenced in the rewriting rules. The mapclass is Maps are referenced using the syntax: $( map key $@ arguments $: default $) where either or both of the arguments or default portion may be omitted. The $@ arguments may The arguments are passed to the map for arbitrary use. Most map classes can interpolate R$- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $) Looks up the UUCP name in a (user defined) UUCP map; if not found it turns it into ``.UUCP'' decvax %1@%0.DEC.COM Note that default clauses never do this mapping. The built-in map with both name and class ``host'' is the host name canonicalization lookup. |
Thus, the syntax:
22And of course, vendors are encouraged to add themselves to the list of recognized vendors by editing the routine setvendor in conf.c. Please send e-mail to sendmail@Sendmail.ORG to register your vendor dialect.
SMM:08-72 Sendmail Installation and Operation Guide
$(host hostname$)
|
is equivalent to: $[hostname$] There are many defined classes. dbm Database lookups using the ndbm(3) library. Sendmail must be compiled with btree Database lookups using the btree interface to the Berkeley DB library. Sendmail hash Database lookups using the hash interface to the Berkeley DB library. Sendmail nis NIS lookups. Sendmail must be compiled with NIS defined. nisplus NIS+ lookups. Sendmail must be compiled with NISPLUS defined. The argu- hesiod Hesiod lookups. Sendmail must be compiled with HESIOD defined. ldap LDAP X500 directory lookups. Sendmail must be compiled with LDAPMAP netinfo NeXT NetInfo lookups. Sendmail must be compiled with NETINFO defined. text Text file lookups. The format of the text file is defined by the -k (key field num- ph PH query map. Contributed and supported by Mark Roth, roth@uiuc.edu. For nsd nsd map for IRIX 6.5 and later. Contributed and supported by Bob Mende of stab Internal symbol table lookups. Used internally for aliasing. implicit Really should be called ``alias'' -- this is used to get the default lookups for alias user Looks up users using getpwnam(3). The -v flag can be used to specify the name host Canonifies host domain names. Given a host name it calls the name server to find bestmx Returns the best MX record for a host name given as the key. The current dns This map requires the option -R to specify the DNS resource record type to |
Sendmail Installation and Operation Guide SMM:08-73
sequence The arguments on the `K' line are a list of maps; the resulting map searches the
argument maps in order until it finds a match for the indicated key. For example,
if the key definition is:
|
Kmap1 ... then a lookup against ``seqmap'' first does a lookup in map1. If that is found, it |
|
syslog switch |
the key is logged via syslogd (8). The lookup returns the empty string. Much like the ``sequence'' map except that the order of maps is determined by the service switch. The argument is the name of the service to be looked up; the values from the service switch are appended to the map name to create new map names. For example, consider the key definition: Kali switch aliases together with the service switch entry: aliases nis files This causes a query against the map ``ali'' to search maps named ``ali.nis'' and ``ali.files'' in that order. |
||
|
dequote |
Strip double quotes (") from a name. It does not strip backslashes, and will not strip quotes if the resulting string would contain unscannable syntax (that is, basic errors like unbalanced angle brackets; more sophisticated errors such as unknown hosts are not checked). The intent is for use when trying to accept mail from systems such as DECnet that routinely quote odd syntax such as "49ers::ubell" A typical usage is probably something like: Kdequote dequote ... R$- $: $(dequote $1 $) Care must be taken to prevent unexpected results; for example, "|someprogram < input > output" will have quotes stripped, but the result is probably not what you had in mind. Fortunately these cases are rare. |
||
|
regex |
The map definition on the K line contains a regular expression. Any key input is compared to that expression using the POSIX regular expressions routines reg- comp(), regerr(), and regexec(). Refer to the documentation for those routines for more information about the regular expression matching. No rewriting of the key is done if the -m flag is used. Without it, the key is discarded or if -s if used, it is substituted by the substring matches, delimited by $| or the string specified with the the -d flag. The flags available for the map are |
SMM:08-74 Sendmail Installation and Operation Guide
-n not
|
-f |
case sensitive |
|
The -s flag can include an optional parameter which can be used to select the substrings in the result of the lookup. For example, -s1,3,4 Notes: to match a $ in a string, \$$ must be used. If the pattern contains spaces, they must be replaced with the blank substitution character, unless it is space itself. |
|
program |
The arguments on the K line are the pathname to a program and any initial parameters to be passed. When the map is called, the key is added to the initial parameters and the program is invoked as the default user/group id. The first line of standard output is returned as the value of the lookup. This has many potential security problems, and has terrible performance; it should be used only when absolutely necessary. |
||
|
macro |
Set or clear a macro value. To set a macro, pass the value as the first argument in the map lookup. To clear a macro, do not pass an argument in the map lookup. The map always returns the empty string. Example of typical usage include: Kstorage macro ... # set macro ${MyMacro} to the ruleset match |
||
|
arith |
Perform simple arithmetic operations. The operation is given as key, currently +, -, *, /, %, |, & (bitwise OR, AND), l (for less than), and = are supported. The two operands are given as arguments. The lookup returns the result of the computa- tion, i.e. |
||
|
TRUE or FALSE for comparisons, integer values otherwise. All options |
|||
|
which are possible for maps are ignored. A simple example is: Kcomp arith ... Scheck_etrn |
|
Most of these accept as arguments the same optional flags and a filename (or a mapname for NIS; the filename is the root of the database path, so that ``.db'' or some other extension appropri- ate for the database type will be added to get the actual database name). Known flags are: -o Indicates that this map is optional -- that is, if it cannot be opened, no error is pro- -N, -O If neither -N or -O are specified, sendmail uses an adaptive algorithm to decide |
Sendmail Installation and Operation Guide SMM:08-75
it finds any key with a null byte it never tries again without a null byte and vice
versa. If -N is specified it never tries without a null byte and if -O is specified it
never tries with a null byte. Setting one of these can speed matches but are never
necessary. If both -N and -O are specified, sendmail will never try any matches
at all -- that is, everything will appear to fail.
|
-ax |
Append the string x on successful matches. For example, the default host map appends a dot on successful matches. |
||
|
-Tx |
Append the string x on temporary failures. For example, x would be appended if a DNS lookup returned ``server failed'' or an NIS lookup could not locate a server. See also the -t flag. |
||
|
-f -m |
Do not fold upper to lower case before looking up the key. Match only (without replacing the value). If you only care about the existence of a key and not the value (as you might when searching the NIS map ``hosts.byname'' for example), this flag prevents the map from substituting the value. However, The -a argument is still appended on a match, and the default is still taken if the match fails. |
||
|
-kkeycol |
The key column name (for NIS+) or number (for text lookups). For LDAP maps this is an LDAP filter string in which %s is replaced with the literal contents of the lookup key and %0 is replaced with the LDAP escaped contents of the lookup key according to RFC 2254. |
||
|
-vvalcol |
The value column name (for NIS+) or number (for text lookups). For LDAP maps this is the name of one or more attributes to be returned; multiple attributes can be separated by commas. If not specified, all attributes found in the match will be returned. |
||
|
-zdelim |
The column delimiter (for text lookups). It can be a single character or one of the special strings `` \n'' or `` \t'' to indicate newline or tab respectively. If omitted entirely, the column separator is any sequence of white space. For LDAP maps this is the separator character to combine multiple values into a single return string. If not set, the LDAP lookup will only return the first match found. |
||
|
-t |
Normally, when a map attempts to do a lookup and the server fails (e.g., send- mail couldn't contact any name server; this is not the same as an entry not being found in the map), the message being processed is queued for future processing. The -t flag turns off this behavior, letting the temporary failure (server down) act as though it were a permanent failure (entry not found). It is particularly useful for DNS lookups, where someone else's misconfigured name server can cause problems on your machine. However, care must be taken to ensure that you don't bounce mail that would be resolved correctly if you tried again. A common strategy is to forward such mail to another, possibly better connected, mail server. |
||
|
-D |
Perform no lookup in deferred delivery mode. This flag is set by default for the host map. |
||
|
-Sspacesub |
The character to use to replace space characters after a successful map lookup (esp. useful for regex and syslog maps). |
||
|
-sspacesub |
For the dequote map only, the character to use to replace space characters after a successful dequote. |
||
|
-q -Llevel -A |
Don't dequote the key before lookup. For the syslog map only, it specifies the level to use for the syslog call. When rebuilding an alias file, the -A flag causes duplicate entries in the text ver- |
SMM:08-76 Sendmail Installation and Operation Guide
list: user1, user2
|
list: user3 would be treated as though it were the single entry list: user1, user2, user3 in the presence of the -A flag. Some additional flags are available for the host and dns maps: |
|||
|
-d -r |
delay: specify the resolver's retransmission time interval (in seconds). retry: specify the number of times to retransmit a resolver query. The following additional flags are present in the ldap map only: |
||
|
-R |
Do not auto chase referrals. sendmail must be compiled with -DLDAP_REFER- |
||
|
-n |
Retrieve attribute names only. |
|
-Vsep -rderef -sscope -hhost |
Retrieve both attributes name and value(s), separated by sep. Set the alias dereference option to one of never, always, search, or find. Set search scope to one of base, one (one level), or sub (subtree). LDAP server hostname. Some LDAP libraries allow you to specify multiple, space-separated hosts for redundancy. In addition, each of the hosts listed can be followed by a colon and a port number to override the default LDAP port. |
||
|
-bbase -pport -ltimelimit -Zsizelimit |
LDAP search base. LDAP service port. Time limit for LDAP queries. Size (number of matches) limit for LDAP queries. |
|
-ddistinguished_name -Mmethod The method to authenticate to the LDAP server. Should be one of -Ppasswordfile The file containing the secret key for the LDAP_AUTH_SIMPLE authentication -1 Force LDAP searches to only succeed if a single match is found. If multiple val- The dbm map appends the strings ``.pag'' and ``.dir'' to the given filename; the hash and btree maps append ``.db''. For example, the map specification Kuucp dbm -o -N /etc/mail/uucpmap specifies an optional map named ``uucp'' of class ``dbm''; it always has null bytes at the end of every string, and the data is located in /etc/mail/uucpmap.{dir,pag}. The program makemap(8) can be used to build any of the three database-oriented maps. It takes the following flags: -f Do not fold upper to lower case in the map. -N Include null bytes in keys. -o Append to an existing (old) file. -r Allow replacement of existing keys; normally, re-inserting an existing key is an -v Print what is happening. The sendmail daemon does not have to be restarted to read the new maps as long as you change them in place; file locking is used so that the maps won't be read while they are being updated. |
Sendmail Installation and Operation Guide SMM:08-77
New classes can be added in the routine setupmaps in file conf.c.
|
5.10. Q -- Queue Group Declaration In addition to the option QueueDirectory, queue groups can be declared that define a (group Qname {, field=value }+ where name is the symbolic name of the queue group under which it can be referenced in various Flags Flags for this queue group. Nice The nice(2) increment for the queue group. This value must be greater or equal Interval The time between two queue runs. Path The queue directory of the group (required). Runners The number of parallel runners processing the queue. Note that F=f must be set Jobs The maximum number of jobs (messages delivered) per queue run. recipients The maximum number of recipients per envelope. Envelopes with more than this Only the first character of the field name is checked. By default, a queue group named mqueue is defined that uses the value of the QueueDirectory O QueueDirectory=/var/spool/mqueue/* because this also includes ``dir1'' and ``dir2'' in the default queue group. However, O QueueDirectory=/var/spool/mqueue/main* is a valid queue group specification. Options listed in the ``Flags'' field can be used to modify the behavior of a queue group. The The ``Interval'' field sets the time between queue runs. If no queue group specific interval is To control the overall number of concurrently active queue runners the option The maximum number of queue runners for an individual queue group can be controlled via |
SMM:08-78 Sendmail Installation and Operation Guide
The field Jobs describes the maximum number of jobs (messages delivered) per queue run,
which is the queue group specific value of MaxQueueRunSize.
|
Notice: queue groups should be declared after all queue related options have been set Each envelope is assigned to a queue group based on the algorithm described in section 5.11. X -- Mail Filter (Milter) Definitions The sendmail Mail Filter API (Milter) is designed to allow third-party programs access to mail Xname {, field=value }* where name is the name of the filter (used internally only) and the ``field=name'' pairs define Fields are: Socket The socket specification Only the first character of the field name is checked (it's case-sensitive). The socket specification is one of the following forms: S=inet: port @ host S=inet6: port @ host S=local: path The first two describe an IPv4 or IPv6 socket listening on a certain port at a given host or IP The following flags may be set in the filter description. R Reject connection if filter unavailable. T Temporary fail connection if filter unavailable. If neither F=R nor F=T is specified, the message is passed through sendmail in case of filter The timeouts can be set using the four fields inside of the T= equate: C Timeout for connecting to a filter. If set to 0, the system's connect() timeout will be used. S Timeout for sending information from the MTA to a filter. R Timeout for reading reply from the filter. E Overall timeout between sending end-of-message to filter and waiting for the final acknowledg- Note the separator between each timeout field is a ';'. The default values (if not set) are: Examples: Xfilter1, S=local:/var/run/f1.sock, F=R |
|
The user database is deprecated in favor of ``virtusertable'' and ``genericstable'' as explained in the file cf/README. If you have a version of sendmail with the user database package com- piled in, the handling of sender and recipient addresses is modified. The location of this database is controlled with the UserDatabaseSpec option. 5.12.1. Structure of the user database The database is a sorted (BTree-based) structure. User records are stored with the key: user-name:field-name The sorted database format ensures that user records are clustered together. Meta-information Field names define both the syntax and semantics of the value. Defined fields include: maildrop The delivery address for this user. There may be multiple values of this mailname The outgoing mailname for this user. For each outgoing name, there should be mailsender Changes any mail sent to this address to have the indicated envelope sender. fullname The full name of the user. office-address The office address for this user. office-phone The office phone number for this user. office-fax The office FAX number for this user. home-address The home address for this user. home-phone The home phone number for this user. home-fax The home FAX number for this user. project A (short) description of the project this person is affiliated with. In the Univer- plan A pointer to a file from which plan information can be gathered. As of this writing, only a few of these fields are actually being used by sendmail: maildrop 5.12.2. User database semantics When the rewriting rules submit an address to the local mailer, the user name is passed If the first token of the user name returned by ruleset 0 is an ``@'' sign, the user database When mail is sent, the name of the sending user is looked up in the database. If that user eric:mailname Eric.Allman@CS.Berkeley.EDU This would cause my outgoing mail to be sent as Eric.Allman. |
SMM:08-80 Sendmail Installation and Operation Guide
If a ``maildrop'' is found for the user, but no corresponding ``mailname'' record exists, the
record ``:default:mailname'' is consulted. If present, this is the name of a host to override the
local host. For example, in our case we would set it to ``CS.Berkeley.EDU''. The effect is that
anyone known in the database gets their outgoing mail stamped as ``user@CS.Berkeley.EDU'',
but people not listed in the database use the local hostname.
|
5.12.3. Creating the database23 |
|
|
The user database is built from a text file using the makemap utility (in the distribution in the makemap subdirectory). The text file is a series of lines corresponding to userdb records; each line has a key and a value separated by white space. The key is always in the format described above -- for example: eric:maildrop This file is normally installed in a system directory; for example, it might be called /etc/mail/userdb. To make the database version of the map, run the program: makemap btree /etc/mail/userdb < /etc/mail/userdb Then create a config file that uses this. For example, using the V8 M4 configuration, include the following line in your .mc file: |
|
There are some configuration changes that can be made by recompiling sendmail. This section describes what changes can be made and what has to be modified to make them. In most cases this should be unnecessary unless you are porting sendmail to a new environment. 6.1. Parameters in devtools/OS/$oscf These parameters are intended to describe the compilation environment, not site policy, and NDBM If set, the new version of the DBM library that allows multiple databases will be NEWDB If set, use the new database package from Berkeley (from 4.4BSD). This pack- NIS Include support for NIS. If set together with both NEWDB and NDBM, send- NISPLUS Compile in support for NIS+. NETINFO Compile in support for NetInfo (NeXT stations). LDAPMAP Compile in support for LDAP X500 queries. Requires libldap and liblber from the HESIOD Compile in support for Hesiod. |
MAP_NSD Compile in support for IRIX NSD lookups.
23These instructions are known to be incomplete. Other features are available which provide similar functionality, e.g., vir- tual hosting and mapping local addresses into a generic form as explained in cf/README.
Sendmail Installation and Operation Guide SMM:08-81
MAP_REGEX Compile in support for regular expression matching.
|
DNSMAP PH_MAP SASL |
Compile in support for DNS map lookups in the sendmail.cf file. Compile in support for ph lookups. Compile in support for SASL, a required component for SMTP Authentication support. |
||
|
STARTTLS EGD |
Compile in support for STARTTLS. Compile in support for the "Entropy Gathering Daemon" to provide better ran- |
|
TCPWRAPPERS _PATH_SENDMAILCF _PATH_SENDMAILPID SM_CONF_SHM MILTER Compile in support for contacting external mail filters built with the Milter API. There are also several compilation flags to indicate the environment such as ``_AIX3'' and 6.2. Parameters in sendmail/conf.h Parameters and compilation options are defined in conf.h. Most of these need not normally be This document is not the best source of information for compilation flags in conf.h -- see send- MAXLINE [2048] The maximum line length of any input line. If message lines exceed this length MAXNAME [256] The maximum length of any name, such as a host or a user name. MAXPV [256] The maximum number of parameters to any mailer. This limits the number of MAXQUEUEGROUPS [50] MAXATOM [1000] The maximum number of atoms (tokens) in a single address. For example, MAXMAILERS [25] MAXRWSETS [200] MAXPRIORITIES [25] |
SMM:08-82 Sendmail Installation and Operation Guide
defined (using the P line in sendmail.cf).
|
MAXUSERENVIRON [100] MAXMXHOSTS [100] MAXMAPSTACK [12] MAXMIMEARGS [20] MAXMIMENESTING [20] MAXDAEMONS [10] MAXMACNAMELEN [25] A number of other compilation options exist. These specify whether or not specific code should be |
sions of sendmail referred to this as DAEMON; this old usage is now incorrect.
Defaults on; turn it off in the Makefile if your system doesn't support the Inter-
net protocols.
|
NETISO |
enabled by adding DaemonPortOptions settings. If set, support for ISO protocol networking is compiled in (it may be appropri- |
|
NETUNIX |
ate to #define this in the Makefile instead of conf.h). If set, support for UNIX domain sockets is compiled in. This is used for con- |
|
trol socket support. |
|||
|
LOG |
If set, the syslog routine in use at some sites is used. This makes an informa- tional log record for each message processed, and makes a higher priority log record for internal system errors. STRONGLY RECOMMENDED -- if you want no logging, turn it off in the configuration file. |
/etc/passwd. This also requires that the MatchGECOS option be turned on.
resolve TCP/IP host names.
|
NOTUNIX |
If you are using a non-UNIX mail format, you can set this flag to turn off spe- |
adds a new level of local name expansion between aliasing and forwarding. It
also uses the NEWDB package. This may change in future releases.
The following options are normally turned on in per-operating-system clauses in conf.h.
all systems except Ultrix, which apparently has the interesting ``feature'' that
when it receives a ``host unreachable'' message it closes all open connections
Sendmail Installation and Operation Guide SMM:08-83
to that host. Since some firewall gateways send this error code when you
access an unauthorized port (such as 113, used by IDENT), Ultrix cannot
receive email from such hosts.
SYSTEM5 Set all of the compilation parameters appropriate for System V.
|
the highly unusual semantics of locks across forks in lockf, this should always |
|
HASINITGROUPS Set this if your system has the initgroups() call (if you have multiple group sup- HASUNAME Set this if you have the uname(2) system call (or corresponding library rou- HASGETDTABLESIZE HASWAITPID Set this if you have the haswaitpid(2) system call. FAST_PID_RECYCLE SFS_TYPE The mechanism that can be used to get file system capacity information. The LA_TYPE The load average type. Details are described below. The are several built-in ways of computing the load average. Sendmail tries to auto-configure them LA_INT The kernel stores the load average in the kernel as an array of long integers. LA_SHORT The kernel stores the load average in the kernel as an array of short integers. LA_FLOAT The kernel stores the load average in the kernel as an array of double preci- LA_MACH Use MACH-style load averages. LA_SUBR Call the getloadavg routine to get the load average as an array of doubles. LA_ZERO Always return zero as the load average. This is the fallback case. If type |
|
|
LA_INT, LA_SHORT, or LA_FLOAT is specified, you may also need to specify _PATH_UNIX |
|
|
(the path to your system binary) and |
|
|
LA_AVENRUN (the name of the variable containing the load |
|
|
average in the kernel; usually ``_avenrun'' or ``avenrun''). 6.3. Configuration in sendmail/conf.c The following changes can be made in conf.c. 6.3.1. Built-in Header Semantics Not all header semantics are defined in the configuration file. Header lines that should only |
SMM:08-84 Sendmail Installation and Operation Guide
H_ACHECK Normally when the check is made to see if a header line is compatible with
a mailer, sendmail will not delete an existing line. If this flag is set, send-
mail will delete even existing header lines. That is, if this bit is set and the
mailer does not have flag bits set that intersect with the required mailer
flags in the header definition in sendmail.cf, the header line is always
deleted.
|
H_EOH |
If this header field is set, treat it like a blank line, i.e., it will signal the end of the header and the beginning of the message text. |
||
|
H_FORCE |
Add this header entry even if one existed in the message before. If a header entry does not have this bit set, sendmail will not add another header line if a header line of this name already existed. This would nor- mally be used to stamp the message by everyone who handled it. |
||
|
H_TRACE |
If set, this is a timestamp (trace) field. If the number of trace fields in a message exceeds a preset amount the message is returned on the assump- tion that it has an aliasing loop. |
||
|
H_RCPT |
If set, this field contains recipient addresses. This is used by the -t flag to determine who to send to when it is collecting recipients from the mes- sage. |
||
|
H_FROM |
This flag indicates that this field specifies a sender. The order of these fields in the HdrInfo table specifies sendmail's preference for which field to return error messages to. |
||
|
H_ERRORSTO H_CTE H_CTYPE H_STRIPVAL |
Addresses in this header should receive error messages. This header is a Content-Transfer-Encoding header. This header is a Content-Type header. Strip the value from the header (for Bcc:). |
|
Let's look at a sample HdrInfo specification: struct hdrinfo HdrInfo[] = NULL, 0, This structure indicates that the ``To:'', ``Resent-To:'', and ``Cc:'' fields |
``Cc:'' fields all specify recipient |
Sendmail Installation and Operation Guide SMM:08-85
addresses. Any ``Full-Name:'' field will be deleted unless the required mailer flag (indicated in
the configuration file) is specified. The ``Message:'' and ``Text:'' fields will terminate the
header; these are used by random dissenters around the network world. The ``Received:'' field
will always be added, and can be used to trace messages.
|
cally |
There are a number of important points here. First, header fields are not added automati- just because they are in the HdrInfo structure; they must be specified in the configuration |
file in order to be added to the message. Any header fields mentioned in the configuration file
but not mentioned in the HdrInfo structure have default processing performed; that is, they are
added unless they were in the message already. Second, the HdrInfo structure only specifies
cliched processing; certain headers are processed specially by ad hoc code regardless of the
status specified in HdrInfo. For example, the ``Sender:'' and ``From:'' fields are always
scanned on ARPANET mail to determine the sender24; this is used to perform the ``return to
sender'' function. The ``From:'' and ``Full-Name:'' fields are used to determine the full name of
the sender if possible; this is stored in the macro $x and used in a number of ways.
|
6.3.2. Restricting Use of Email If it is necessary to restrict mail through a relay, the checkcompat routine can be modified. |
|
|
EX_OK accepts the address, EX_TEMPFAIL queues the message for a |
|
|
later try, and other values (commonly |
|
|
EX_UNAVAILABLE) reject the message. It is up to check- |
|
|
compat to print an error message (using usrerr) if the message is rejected. For example, check- int s = stab("private", ST_MAILER, ST_FIND); This would reject messages greater than 50000 bytes unless they were local. The EF_NORE- 6.3.3. New Database Map Classes New key maps can be added by creating a class initialization function and a lookup func- |
tion. These are then added to the routine setupmaps.
24Actually, this is no longer true in SMTP; this information is contained in the envelope. The older ARPANET protocols did not completely distinguish envelope from header.
SMM:08-86 Sendmail Installation and Operation Guide
The initialization function is called as
|
xxx_map_init(MAP *map, char *args) The map is an internal data structure. The args is a pointer to the portion of the configuration file |
|
|
true if it successfully opened the map, false otherwise. |
|
|
The lookup function is called as xxx_map_lookup(MAP *map, char buf[], char **av, int *statp) The map defines the map internally. The buf has the input key. This may be (and often is) used |
|
|
EX_TEMPFAIL if recovery is to be attempted by the |
|
|
higher level code. 6.3.4. Queueing Function The routine shouldqueue is called to decide if a message should be queued or processed bool If the current load average (global variable CurrentLA, which is set before this function is |
|
|
false immediately (that is, it should not queue). If the current load average exceeds the |
|
|
high threshold load average (option X, variable RefuseLA), shouldqueue returns |
|
|
true immedi- |
|
|
ately. Otherwise, it computes the function based on the message priority, the queue factor An implementation wishing to take the actual age of the message into account can also use 6.3.5. Refusing Incoming SMTP Connections The function refuseconnections returns |
|
|
true if incoming SMTP connections should be |
|
|
refused. The current implementation is based exclusively on the current load average and the bool A more clever implementation could look at more system resources. 6.3.6. Load Average Computation The routine getla returns the current load average (as a rounded integer). The distribution |
Sendmail Installation and Operation Guide SMM:08-87
need to add some new tweaks.25
|
6.4. Configuration in sendmail/daemon.c The file sendmail/daemon.c contains a number of routines that are dependent on the local net- In previous releases, we recommended that you modify the routine maphostname if you 6.5. STARTTLS In this section we assume that sendmail has been compiled with support for STARTTLS. To 6.5.1. Certificates for STARTTLS When acting as a server, sendmail requires X.509 certificates to support STARTTLS: one error:14094417:SSL routines:SSL3_READ_BYTES: You should probably put only the CA cert into that file that signed your own cert(s), or at least C=FileName_of_CA_Certificate An X.509 certificate is also required for authentication in client mode (ClientCertFile and corre- 6.5.2. Encoding of STARTTLS related Macros Macros that contain STARTTLS related data which comes from outside sources, e.g., all /C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/ |
is encoded as:
25If you do, please send updates to sendmail@Sendmail.ORG.
SMM:08-88 Sendmail Installation and Operation Guide
/C=US/ST=California/O=endmail.org/OU=private/
|
CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org (line breaks have been inserted for readability). The macros which are subject to this encoding 6.5.3. PRNG for STARTTLS STARTTLS requires a strong pseudo random number generator (PRNG) to operate prop- openssl rand -out /etc/mail/randfile -rand /path/to/file:...256 See the OpenSSL documentation for more information. In this case, the PRNG for TLS is only Please see the OpenSSL documentation or other sources for further information about cer- |
|
I've worked on sendmail for many years, and many employers have been remarkably patient about letting me work on a large project that was not part of my official job. This includes time on the INGRES Project at the University of California at Berkeley, at Britton Lee, and again on the Mam- moth and Titan Projects at Berkeley. Much of the second wave of improvements resulting in version 8.1 should be credited to Bryan Costales of the International Computer Science Institute. As he passed me drafts of his book on send- mail I was inspired to start working on things again. Bryan was also available to bounce ideas off of. Gregory Neil Shapiro of Worcester Polytechnic Institute has become instrumental in all phases of sendmail support and development, and was largely responsible for getting versions 8.8 and 8.9 out the door. Many, many people contributed chunks of code and ideas to sendmail. It has proven to be a group network effort. Version 8 in particular was a group project. The following people and organiza- tions made notable contributions: Claus Assmann |
|
|
Craig Everhart, Transarc Corporation |
Sendmail Installation and Operation Guide SMM:08-89
Brian Kantor, University of California, San Diego
|
John Kennedy, Cal State University, Chico I apologize for anyone I have omitted, misspelled, misattributed, or otherwise missed. At this point, I suspect that at least a hundred people have contributed code, and many more have contributed ideas, comments, and encouragement. I've tried to list them in the RELEASE_NOTES in the distribution directory. I appreciate their contribution as well. Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel, who besides being wonderful guinea pigs and contributors have also consented to be added to the ``sendmail@Send- mail.ORG'' list and, by answering the bulk of the questions sent to that list, have freed me up to do other work. |
|
APPENDIX A COMMAND LINE FLAGS Arguments must be presented with flags before addresses. The flags are: |
||
|
-Ax |
Select an alternative .cf file which is either sendmail.cf for -Am or submit.cf for -Ac. By default the .cf file is chosen based on the operation mode. For -bm (default), -bs, and -t it is submit.cf if it exists, for all others it is sendmail.cf. |
|
|
-bx |
Set operation mode to x. Operation modes are: m Deliver mail (default) |
|
d |
Run as a daemon in background |
|
-Btype -Cfile |
Indicate body type. Use a different configuration file. Sendmail runs as the invoking user (rather than root) when this flag is specified. |
|
|
-dlevel -f addr |
Set debugging level. The envelope sender address is set to addr. This address may also be used in the From: header if that header is missing during initial submission. The envelope sender address is used as the recipient for delivery status notifications and may also appear in a Return- Path: header. |
|
|
-F name -G |
Sets the full name of this user to name. When accepting messages via the command line, indicate that they are for relay (gate- way) submission. sendmail may complain about syntactically invalid messages, e.g., unqualified host names, rather than fixing them when this flag is set. sendmail will not do any canonicalization in this mode. |
|
|
-h cnt |
Sets the ``hop count'' to cnt. This represents the number of times this message has been processed by sendmail (to the extent that it is supported by the underlying net- works). Cnt is incremented during processing, and if it reaches MAXHOP (currently 25) sendmail throws away the message with an error. |
|
|
-L tag |
Sets the identifier used for syslog. Note that this identifier is set as early as possible. However, sendmail may be used if problems arise before the command line arguments are processed. |
-n Don't do aliasing or forwarding.
Sendmail Installation and Operation Guide SMM:08-91 -N notifications Tag all addresses being sent as wanting the indicated notifications, which consists of
the word ``NEVER'' or a comma-separated list of ``SUCCESS'', ``FAILURE'', and
``DELAY'' for successful delivery, failure, and a message that is stuck in a queue some-
where. The default is ``FAILURE,DELAY''.
|
-r addr -ox value -Ooption=value |
An obsolete form of -f. Set option x to the specified value. These options are described in Section 5.6. Set option to the specified value (for long form option names). These options are described in Section 5.6. |
|
|
-Mx value -pprotocol |
Set macro x to the specified value. Set the sending protocol. Programs are encouraged to set this. The protocol field can be in the form protocol:host to set both the sending protocol and sending host. For example, ``-pUUCP:uunet'' sets the sending protocol to UUCP and the sending host to uunet. (Some existing programs use -oM to set the r and s macros; this is equivalent to using -p.) |
|
|
-qtime |
Try to process the queued up mail. If the time is given, a sendmail will start one or more processes to run through the queue(s) at the specified time interval to deliver queued mail; otherwise, it only runs once. Each of these processes acts on a workgroup. These processes are also known as workgroup processes or WGP's for short. Each workgroup is responsible for controlling the processing of one or more queues; work- groups help manage the use of system resources by sendmail. Each workgroup may have one or more children concurrently processing queues depending on the setting of MaxQueueChildren. |
|
|
-qptime |
Similar to -q with a time argument, except that instead of periodically starting WGP's sendmail starts persistent WGP's that alternate between processing queues and sleep- ing. The sleep time is specified by the time argument; it defaults to 1 second, except that a WGP always sleeps at least 5 seconds if their queues were empty in the previous run. Persistent processes are managed by a queue control process (QCP). The QCP is the parent process of the WGP's. Typically the QCP will be the sendmail daemon (when started with -bd or -bD) or a special process (named Queue control) (when started without -bd or -bD). If a persistent WGP ceases to be active for some reason another WGP will be started by the QCP for the same workgroup in most cases. When a persistent WGP has core dumped, the debug flag no_persistent_restart is set or the specific persistent WGP has been restarted too many times already then the WGP will not be started again and a message will be logged to this effect. To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate signal should be sent to the QCP. The QCP will propagate the signal to all of the WGP's and if appropriate restart the per- sistent WGP's. |
|
|
-qGname -q[!]Xstring |
Run the jobs in the queue group name once. Run the queue once, limiting the jobs to those matching Xstring. The key letter X can be I to limit based on queue identifier, R to limit based on recipient, or S to limit based on sender. A particular queued job is accepted if one of the corresponding addresses con- tains the indicated string. The optional ! character negates the condition tested. Multi- ple -qX flags are permitted, with items with the same key letter ``or'ed'' together, and items with different key letters ``and'ed'' together. |
|
|
-R ret |
What information you want returned if the message bounces; ret can be ``HDRS'' for headers only or ``FULL'' for headers plus body. This is a request only; the other end is not required to honor the parameter. If ``HDRS'' is specified local bounces also return only the headers. |
|
|
-t |
Read the header for ``To:'', ``Cc:'', and ``Bcc:'' lines, and send to everyone listed in those lists. The ``Bcc:'' line will be deleted before sending. Any addresses in the argu- ment vector will be deleted from the send list. |
SMM:08-92 Sendmail Installation and Operation Guide -V envid The indicated envid is passed with the envelope of the message and returned if the mes-
sage bounces.
-X logfile Log all traffic in and out of sendmail in the indicated logfile for debugging mailer prob-
lems. This produces a lot of data very quickly and should be used sparingly.
There are a number of options that may be specified as primitive flags. These are the e, i, m, and v options. Also, the f option may be specified as the -s flag. The DSN related options ``-N'', ``-R'', and ``-V'' have no effects on sendmail running as daemon.
APPENDIX B
QUEUE FILE FORMATS
This appendix describes the format of the queue files. These files live in a queue directory. The indi- vidual qf, df, and xf files may be stored in separate qf/, df/, and xf/ subdirectories if they are present in the queue directory.
|
All queue files have the name ttYMDhmsNNppppp where YMDhmsNNppppp is the id for this mes- |
||
|
sage Y M D h m s NN |
and the tt is a type. The individual letters in the id are: Encoded year Encoded month Encoded day Encoded hour Encoded minute Encoded second Encoded envelope number |
ppppp At least five decimal digits of the process ID
All files with the same id collectively define one message. Due to the use of memory-buffered files, some of these files may never appear on disk.
|
The types are: |
||
|
qf df |
The queue control file. This file contains the information necessary to process the job. The data file. The message body (excluding the header) is kept in this file. Sometimes the df file |
|
|
tf |
A temporary file. This is an image of the qf file when it is being rebuilt. It should be renamed to a |
|
|
xf |
A transcript file, existing during the life of a session showing everything that happens during that |
|
|
Qf |
A ``lost'' queue control file. sendmail renames a qf file to Qf if there is a severe (configuration) The qf file is structured as a series of lines each beginning with a code letter. The lines are as fol- |
lows:
|
V |
The version number of the queue file format, used to allow new sendmail binaries to read queue files created by older versions. Defaults to version zero. Must be the first line of the file if pre- sent. For 8.12 the version number is 6. |
|
|
A |
The information given by the AUTH= parameter of the ``MAIL FROM:'' command or $f@$j if sendmail has been called directly. |
|
|
H |
A header definition. There may be any number of these lines. The order is important: they rep- resent the order in the final message. These use the same syntax as header definitions in the configuration file. |
|
|
C |
The controlling address. The syntax is ``localuser:aliasname''. Recipient addresses following this line will be flagged so that deliveries will be run as the localuser (a user name from the |
|
SMM:08-94 Sendmail Installation and Operation Guide
/etc/passwd file); aliasname is the name of the alias that expanded to this address (used for print-
ing messages).
|
Q |
The ``original recipient'', specified by the ORCPT= field in an ESMTP transaction. Used exclu- |
|
|
r |
The ``final recipient'' used for Delivery Status Notifications. It applies only to the following `R' |
|
|
R |
A recipient address. This will normally be completely aliased, but is actually realiased when the |
|
|
S T P |
The sender address. There may only be one of these lines. The job creation time. This is used to compute when to time out the job. The current message priority. This is used to order the queue. Higher numbers mean lower pri- |
|
|
M |
A message. This line is printed by the mailq command, and is generally used to store status |
|
|
F |
Flag bits, represented as one letter per flag. Defined flag bits are r indicating that this is a |
|
|
N K d |
The total number of delivery attempts. The time (as seconds since January 1, 1970) of the last delivery attempt. If the df file is in a different directory than the qf file, then a `d' record is present, specifying the |
|
|
I |
The i-number of the data file; this can be used to recover your mail queue after a disastrous disk |
|
|
$ B |
A macro definition. The values of certain macros are passed through to the queue run phase. The body type. The remainder of the line is a text string defining the body type. If this field is |
|
|
Z |
The original envelope id (from the ESMTP transaction). For Deliver Status Notifications only. As an example, the following is a queue file sent to ``eric@mammoth.Berkeley.EDU'' and |
``bostic@okeeffe.CS.Berkeley.EDU''1:
1This example is contrived and probably inaccurate for your environment. Glance over it to get an idea; nothing can re- place looking at what your own system generates.
Sendmail Installation and Operation Guide SMM:08-95
V4
T711358135
K904446490
N0
P2100941
$_eric@localhost
${daemon_flags}
Seric
Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU
RPFD:eric@mammoth.Berkeley.EDU
RPFD:bostic@okeeffe.CS.Berkeley.EDU
H?P?Return-path: <^g>
H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
Fri, 17 Jul 1992 00:28:55 -0700
H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
H?F?From: eric@foo.bar.baz.de (Eric Allman)
H?x?Full-name: Eric Allman
H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
|
H??To: sendmail@vangogh.CS.Berkeley.EDU |
This shows the person who sent the message, the submission time (in seconds since January 1, 1970), the message priority, the message class, the recipients, and the headers for the message.
APPENDIX C
SUMMARY OF SUPPORT FILES
This is a summary of the support files that sendmail creates or generates. Many of these can be changed by editing the sendmail.cf file; check there to find the actual pathnames.
/usr/sbin/sendmail
The binary of sendmail.
/usr/bin/newaliases
|
A link to /usr/sbin/sendmail; causes the alias database to be rebuilt. Running this pro- |
/usr/bin/mailq Prints a listing of the mail queue. This program is equivalent to using the -bp flag to
sendmail.
|
/etc/mail/sendmail.cf /etc/mail/helpfile The SMTP help file. /etc/mail/statistics |
A statistics file; need not be present.
/etc/mail/sendmail.pid
|
Created in daemon mode; it contains the process id of the current SMTP daemon. If you use this in scripts; use ``head -1'' to get just the first line; the second line contains the command line used to invoke the daemon, and later versions of sendmail may add more information to subsequent lines. |
/etc/mail/aliases The textual version of the alias file.
/etc/mail/aliases.db
The alias file in hash (3) format.
/etc/mail/aliases.{pag,dir}
The alias file in ndbm (3) format.
/var/spool/mqueue
The directory in which the mail queue(s) and temporary files reside.
/var/spool/mqueue/qf*
Control (queue) files for messages.
/var/spool/mqueue/df*
Data files.
/var/spool/mqueue/tf*
Temporary versions of the qf files, used during queue file rebuild.
/var/spool/mqueue/xf*
A transcript of the current session.
Sendmail Installation and Operation Guide SMM:08-3
TABLE OF CONTENTS
|
1. BASIC INSTALLATION .............................................................................................. 1.1. Compiling Sendmail ................................................................................................ 1.1.1. Tweaking the Build Invocation .......................................................................... 1.1.2. Creating a Site Configuration File ...................................................................... 1.1.3. Tweaking the Makefile .................................................................................... 1.1.4. Compilation and installation .............................................................................. 1.2. Configuration Files .................................................................................................. 1.3. Details of Installation Files ....................................................................................... 1.3.1. /usr/sbin/sendmail ............................................................................................ 1.3.2. /etc/mail/sendmail.cf ........................................................................................ 1.3.3. /etc/mail/submit.cf ........................................................................................... 1.3.4. /usr/bin/newaliases .......................................................................................... 1.3.5. /usr/bin/hoststat ............................................................................................... 1.3.6. /usr/bin/purgestat ............................................................................................ 1.3.7. /var/spool/mqueue ........................................................................................... 1.3.8. /var/spool/clientmqueue ................................................................................... 1.3.9. /var/spool/mqueue/.hoststat .............................................................................. 1.3.10. /etc/mail/aliases* ........................................................................................... 1.3.11. /etc/rc or /etc/init.d/sendmail ........................................................................... 1.3.12. /etc/mail/helpfile ............................................................................................ 1.3.13. /etc/mail/statistics .......................................................................................... 1.3.14. /usr/bin/mailq ................................................................................................ 1.3.15. sendmail.pid .................................................................................................. 1.3.16. Map Files ...................................................................................................... 2. NORMAL OPERATIONS ............................................................................................. 2.1. The System Log ..................................................................................................... 2.1.1. Format ........................................................................................................... 2.1.2. Levels ............................................................................................................ 2.2. Dumping State ........................................................................................................ 2.3. The Mail Queues .................................................................................................... 2.3.1. Queue Groups and Queue Directories ................................................................ 2.3.2. Queue Runs .................................................................................................... 2.3.3. Manual Intervention ........................................................................................ 2.3.4. Printing the queue ............................................................................................ 2.3.5. Forcing the queue ............................................................................................ 2.4. Disk Based Connection Information .......................................................................... 2.5. The Service Switch ................................................................................................. 2.6. The Alias Database ................................................................................................ 2.6.1. Rebuilding the alias database ............................................................................ 2.6.2. Potential problems ........................................................................................... 2.6.3. List owners ..................................................................................................... 2.7. User Information Database ...................................................................................... 2.8. Per-User Forwarding (.forward Files) ....................................................................... 2.9. Special Header Lines .............................................................................................. 2.9.1. Errors-To: ...................................................................................................... |
7 7 7 7 7 8 8 9 9 10 10 10 10 10 10 11 11 11 11 12 12 12 12 12 12 13 14 14 15 15 15 15 16 16 16 17 18 18 19 19 20 20 20 20 20 |
SMM:08-4 Sendmail Installation and Operation Guide
2.9.2. Apparently-To: ............................................................................................... 21
2.9.3. Precedence .................................................................................................... 21
2.10. IDENT Protocol Support ....................................................................................... 21 3. ARGUMENTS ............................................................................................................. 22
3.1. Queue Interval ....................................................................................................... 22
3.2. Daemon Mode ....................................................................................................... 22
3.3. Forcing the Queue .................................................................................................. 22
3.4. Debugging ............................................................................................................. 22
3.5. Changing the Values of Options ................................................................................ 23
3.6. Trying a Different Configuration File ......................................................................... 23
3.7. Logging Traffic ....................................................................................................... 24
3.8. Testing Configuration Files ...................................................................................... 24
3.9. Persistent Host Status Information ............................................................................ 25 4. TUNING ...................................................................................................................... 25
4.1. Timeouts ............................................................................................................... 25
4.1.1. Queue interval ................................................................................................. 25
4.1.2. Read timeouts ................................................................................................. 26
4.1.3. Message timeouts ........................................................................................... 27
4.2. Forking During Queue Runs ..................................................................................... 28
4.3. Queue Priorities ...................................................................................................... 28
4.4. Load Limiting ......................................................................................................... 28
4.5. Resource Limits ..................................................................................................... 29
4.6. Delivery Mode ....................................................................................................... 29
4.7. Log Level .............................................................................................................. 29
4.8. File Modes ............................................................................................................. 30
4.8.1. To suid or not to suid? ...................................................................................... 30
4.8.2. Turning off security checks ............................................................................... 30
4.9. Connection Caching ................................................................................................ 33
4.10. Name Server Access ............................................................................................ 33
4.11. Moving the Per-User Forward Files ........................................................................ 34
4.12. Free Space ........................................................................................................... 34
4.13. Maximum Message Size ........................................................................................ 34
4.14. Privacy Flags ........................................................................................................ 34
4.15. Send to Me Too .................................................................................................... 35 5. THE WHOLE SCOOP ON THE CONFIGURATION FILE .............................................. 35
5.1. R and S -- Rewriting Rules ........................................................................................ 35
5.1.1. The left hand side ............................................................................................ 35
5.1.2. The right hand side .......................................................................................... 36
5.1.3. Semantics of rewriting rule sets ......................................................................... 37
5.1.4. Ruleset hooks .................................................................................................. 38
5.1.4.1. check_relay ............................................................................................. 38
5.1.4.2. check_mail .............................................................................................. 38
5.1.4.3. check_rcpt .............................................................................................. 38
5.1.4.4. check_data .............................................................................................. 38
5.1.4.5. check_compat ......................................................................................... 39
5.1.4.6. check_eoh ............................................................................................... 39
5.1.4.7. check_etrn .............................................................................................. 39
Sendmail Installation and Operation Guide SMM:08-5
5.1.4.8. check_expn ............................................................................................. 39
5.1.4.9. check_vrfy .............................................................................................. 39
5.1.4.10. trust_auth .............................................................................................. 40
5.1.4.11. tls_client ................................................................................................ 40
5.1.4.12. tls_server .............................................................................................. 40
5.1.4.13. tls_rcpt .................................................................................................. 40
5.1.4.14. srv_features ........................................................................................... 40
5.1.4.15. try_tls .................................................................................................... 40
5.1.4.16. authinfo ................................................................................................. 40
5.1.4.17. queuegroup ............................................................................................ 41
5.1.5. IPC mailers ..................................................................................................... 41
5.2. D -- Define Macro ................................................................................................... 41
5.3. C and F -- Define Classes ......................................................................................... 47
5.4. M -- Define Mailer .................................................................................................. 49
5.5. H -- Define Header .................................................................................................. 53
5.6. O -- Set Option ........................................................................................................ 54
5.7. P -- Precedence Definitions ...................................................................................... 70
5.8. V -- Configuration Version Level ............................................................................... 70
5.9. K -- Key File Declaration ......................................................................................... 71
5.10. Q -- Queue Group Declaration ................................................................................ 77
5.11. X -- Mail Filter (Milter) Definitions .......................................................................... 78
5.12. The User Database ............................................................................................... 79
5.12.1. Structure of the user database ......................................................................... 79
5.12.2. User database semantics ................................................................................ 79
5.12.3. Creating the database23 ................................................................................. 80 6. OTHER CONFIGURATION .......................................................................................... 80
6.1. Parameters in devtools/OS/$oscf .............................................................................. 80
6.2. Parameters in sendmail/conf.h ................................................................................. 81
6.3. Configuration in sendmail/conf.c ............................................................................... 83
6.3.1. Built-in Header Semantics ................................................................................ 83
6.3.2. Restricting Use of Email ................................................................................... 85
6.3.3. New Database Map Classes ............................................................................ 85
6.3.4. Queueing Function ........................................................................................... 86
6.3.5. Refusing Incoming SMTP Connections .............................................................. 86
6.3.6. Load Average Computation ............................................................................. 86
6.4. Configuration in sendmail/daemon.c ......................................................................... 87
6.5. STARTTLS ........................................................................................................... 87
6.5.1. Certificates for STARTTLS ............................................................................. 87
6.5.2. Encoding of STARTTLS related Macros ........................................................... 87
6.5.3. PRNG for STARTTLS .................................................................................... 88 7. ACKNOWLEDGEMENTS ........................................................................................... 88 Appendix A. COMMAND LINE FLAGS ........................................................................... 90 Appendix B. QUEUE FILE FORMATS ............................................................................... 93 Appendix C. SUMMARY OF SUPPORT FILES .................................................................. 96
SMM:08-6 Sendmail Installation and Operation Guide
This page intentionally left blank;
replace it with a blank sheet for double-sided output.