mirror of
https://git.FreeBSD.org/src.git
synced 2025-01-05 12:56:08 +00:00
da7d7b9c86
MFC after: 3 days
11761 lines
310 KiB
Plaintext
11761 lines
310 KiB
Plaintext
.\" Copyright (c) 1998-2013 Proofpoint, Inc. and its suppliers.
|
|
.\" All rights reserved.
|
|
.\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved.
|
|
.\" Copyright (c) 1983, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" By using this file, you agree to the terms and conditions set
|
|
.\" forth in the LICENSE file which can be found at the top level of
|
|
.\" the sendmail distribution.
|
|
.\"
|
|
.\"
|
|
.\" $Id: op.me,v 8.759 2014-01-13 14:40:05 ca Exp $
|
|
.\"
|
|
.\" eqn op.me | pic | troff -me
|
|
.\"
|
|
.\" Define \(sc if not defined (for text output)
|
|
.\"
|
|
.if !c \(sc .char \(sc S
|
|
.\"
|
|
.\" Define \(dg as "*" for text output and create a new .DG macro
|
|
.\" which describes the symbol.
|
|
.\"
|
|
.if n .ds { [
|
|
.if n .ds } ]
|
|
.ie !c \(dg \{\
|
|
.char \(dg *
|
|
.de DG
|
|
an asterick
|
|
..
|
|
.\}
|
|
.el \{\
|
|
.de DG
|
|
a dagger
|
|
..
|
|
.\}
|
|
.\"
|
|
.\" Define \(dd as "#" for text output and create a new .DD macro
|
|
.\" which describes the symbol.
|
|
.\"
|
|
.ie !c \(dd \{\
|
|
.char \(dd #
|
|
.de DD
|
|
a pound sign
|
|
..
|
|
.\}
|
|
.el \{\
|
|
.de DD
|
|
a double dagger
|
|
..
|
|
.\}
|
|
.eh 'SMM:08-%''Sendmail Installation and Operation Guide'
|
|
.oh 'Sendmail Installation and Operation Guide''SMM:08-%'
|
|
.\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin
|
|
.ds SD sbin
|
|
.\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb
|
|
.ds SB bin
|
|
.nr si 3n
|
|
.de $0
|
|
.(x
|
|
.in \\$3u*3n
|
|
.ti -3n
|
|
\\$2. \\$1
|
|
.)x
|
|
..
|
|
.de $C
|
|
.(x
|
|
.in 0
|
|
\\$1 \\$2. \\$3
|
|
.)x
|
|
..
|
|
.+c
|
|
.(l C
|
|
.sz 16
|
|
.b SENDMAIL\u\s-6TM\s0\d
|
|
.sz 12
|
|
.sp
|
|
.b "INSTALLATION AND OPERATION GUIDE"
|
|
.(f
|
|
.b DISCLAIMER:
|
|
This documentation is under modification.
|
|
.)f
|
|
.sz 10
|
|
.sp
|
|
.r
|
|
Eric Allman
|
|
Claus Assmann
|
|
Gregory Neil Shapiro
|
|
Proofpoint, Inc.
|
|
.sp
|
|
.de Ve
|
|
Version \\$2
|
|
..
|
|
.Ve $Revision: 8.759 $
|
|
.rm Ve
|
|
.sp
|
|
For Sendmail Version 8.15
|
|
.)l
|
|
.(f
|
|
Sendmail is a trademark of Proofpoint, Inc.
|
|
US Patent Numbers 6865671, 6986037.
|
|
.)f
|
|
.sp 2
|
|
.pp
|
|
.i Sendmail \u\s-2TM\s0\d
|
|
implements a general purpose internetwork mail routing facility
|
|
under the UNIX\(rg
|
|
operating system.
|
|
It is not tied to any one transport protocol \*-
|
|
its function may be likened to a crossbar switch,
|
|
relaying messages from one domain into another.
|
|
In the process,
|
|
it can do a limited amount of message header editing
|
|
to put the message into a format that is appropriate
|
|
for the receiving domain.
|
|
All of this is done under the control of a configuration file.
|
|
.pp
|
|
Due to the requirements of flexibility
|
|
for
|
|
.i sendmail ,
|
|
the configuration file can seem somewhat unapproachable.
|
|
However, there are only a few basic configurations
|
|
for most sites,
|
|
for which standard configuration files have been supplied.
|
|
Most other configurations
|
|
can be built by adjusting an existing configuration file
|
|
incrementally.
|
|
.pp
|
|
.i Sendmail
|
|
is based on
|
|
RFC 821 (Simple Mail Transport Protocol),
|
|
RFC 822 (Internet Mail Headers Format),
|
|
RFC 974 (MX routing),
|
|
RFC 1123 (Internet Host Requirements),
|
|
RFC 1413 (Identification server),
|
|
RFC 1652 (SMTP 8BITMIME Extension),
|
|
RFC 1869 (SMTP Service Extensions),
|
|
RFC 1870 (SMTP SIZE Extension),
|
|
RFC 1891 (SMTP Delivery Status Notifications),
|
|
RFC 1892 (Multipart/Report),
|
|
RFC 1893 (Enhanced Mail System Status Codes),
|
|
RFC 1894 (Delivery Status Notifications),
|
|
RFC 1985 (SMTP Service Extension for Remote Message Queue Starting),
|
|
RFC 2033 (Local Message Transmission Protocol),
|
|
RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes),
|
|
RFC 2045 (MIME),
|
|
RFC 2476 (Message Submission),
|
|
RFC 2487 (SMTP Service Extension for Secure SMTP over TLS),
|
|
RFC 2554 (SMTP Service Extension for Authentication),
|
|
RFC 2821 (Simple Mail Transfer Protocol),
|
|
RFC 2822 (Internet Message Format),
|
|
RFC 2852 (Deliver By SMTP Service Extension),
|
|
and
|
|
RFC 2920 (SMTP Service Extension for Command Pipelining).
|
|
However, since
|
|
.i sendmail
|
|
is designed to work in a wider world,
|
|
in many cases it can be configured to exceed these protocols.
|
|
These cases are described herein.
|
|
.pp
|
|
Although
|
|
.i sendmail
|
|
is intended to run
|
|
without the need for monitoring,
|
|
it has a number of features
|
|
that may be used to monitor or adjust the operation
|
|
under unusual circumstances.
|
|
These features are described.
|
|
.pp
|
|
Section one describes how to do a basic
|
|
.i sendmail
|
|
installation.
|
|
Section two
|
|
explains the day-to-day information you should know
|
|
to maintain your mail system.
|
|
If you have a relatively normal site,
|
|
these two sections should contain sufficient information
|
|
for you to install
|
|
.i sendmail
|
|
and keep it happy.
|
|
Section three
|
|
has information regarding the command line arguments.
|
|
Section four
|
|
describes some parameters that may be safely tweaked.
|
|
Section five
|
|
contains the nitty-gritty information about the configuration
|
|
file.
|
|
This section is for masochists
|
|
and people who must write their own configuration file.
|
|
Section six
|
|
describes configuration that can be done at compile time.
|
|
The appendixes give a brief
|
|
but detailed explanation of a number of features
|
|
not described in the rest of the paper.
|
|
.bp 7
|
|
.sh 1 "BASIC INSTALLATION"
|
|
.pp
|
|
There are two basic steps to installing
|
|
.i sendmail .
|
|
First, you have to compile and install the binary.
|
|
If
|
|
.i sendmail
|
|
has already been ported to your operating system
|
|
that should be simple.
|
|
Second, you must build a run-time configuration file.
|
|
This is a file that
|
|
.i sendmail
|
|
reads when it starts up
|
|
that describes the mailers it knows about,
|
|
how to parse addresses,
|
|
how to rewrite the message header,
|
|
and the settings of various options.
|
|
Although the configuration file can be quite complex,
|
|
a configuration can usually be built
|
|
using an M4-based configuration language.
|
|
Assuming you have the standard
|
|
.i sendmail
|
|
distribution, see
|
|
.i cf/README
|
|
for further information.
|
|
.pp
|
|
The remainder of this section will describe the installation of
|
|
.i sendmail
|
|
assuming you can use one of the existing configurations
|
|
and that the standard installation parameters are acceptable.
|
|
All pathnames and examples
|
|
are given from the root of the
|
|
.i sendmail
|
|
subtree,
|
|
normally
|
|
.i /usr/src/usr.\*(SD/sendmail
|
|
on 4.4BSD-based systems.
|
|
.pp
|
|
Continue with the next section if you need/want to compile
|
|
.i sendmail
|
|
yourself.
|
|
If you have a running binary already on your system,
|
|
you should probably skip to section 1.2.
|
|
.sh 2 "Compiling Sendmail"
|
|
.pp
|
|
All
|
|
.i sendmail
|
|
source is in the
|
|
.i sendmail
|
|
subdirectory.
|
|
To compile sendmail,
|
|
.q cd
|
|
into the
|
|
.i sendmail
|
|
directory and type
|
|
.(b
|
|
\&./Build
|
|
.)b
|
|
This will leave the binary in an appropriately named subdirectory,
|
|
e.g.,
|
|
obj.BSD-OS.2.1.i386.
|
|
It works for multiple object versions
|
|
compiled out of the same directory.
|
|
.sh 3 "Tweaking the Build Invocation"
|
|
.pp
|
|
You can give parameters on the
|
|
.i Build
|
|
command.
|
|
In most cases these are only used when the
|
|
.i obj.*
|
|
directory is first created.
|
|
To restart from scratch, use
|
|
.i -c .
|
|
These commands include:
|
|
.nr ii 0.5i
|
|
.ip "\-L \fIlibdirs\fP"
|
|
A list of directories to search for libraries.
|
|
.ip "\-I \fIincdirs\fP"
|
|
A list of directories to search for include files.
|
|
.ip "\-E \fIenvar\fP=\fIvalue\fP"
|
|
Set an environment variable to an indicated
|
|
.i value
|
|
before compiling.
|
|
.ip "\-c"
|
|
Create a new
|
|
.i obj.*
|
|
tree before running.
|
|
.ip "\-f \fIsiteconfig\fP"
|
|
Read the indicated site configuration file.
|
|
If this parameter is not specified,
|
|
.i Build
|
|
includes
|
|
.i all
|
|
of the files
|
|
.i $BUILDTOOLS/Site/site.$oscf.m4
|
|
and
|
|
.i $BUILDTOOLS/Site/site.config.m4 ,
|
|
where $BUILDTOOLS is normally
|
|
.i \&../devtools
|
|
and $oscf is the same name as used on the
|
|
.i obj.*
|
|
directory.
|
|
See below for a description of the site configuration file.
|
|
.ip "\-S"
|
|
Skip auto-configuration.
|
|
.i Build
|
|
will avoid auto-detecting libraries if this is set.
|
|
All libraries and map definitions must be specified
|
|
in the site configuration file.
|
|
.lp
|
|
Most other parameters are passed to the
|
|
.i make
|
|
program; for details see
|
|
.i $BUILDTOOLS/README .
|
|
.sh 3 "Creating a Site Configuration File"
|
|
.\"XXX
|
|
.pp
|
|
(This section is not yet complete.
|
|
For now, see the file devtools/README for details.)
|
|
See sendmail/README for various compilation flags that can be set.
|
|
.sh 3 "Tweaking the Makefile"
|
|
.pp
|
|
.\" .b "XXX This should all be in the Site Configuration File section."
|
|
.i Sendmail
|
|
supports two different formats
|
|
for the local (on disk) version of databases,
|
|
notably the
|
|
.i aliases
|
|
database.
|
|
At least one of these should be defined if at all possible.
|
|
.nr ii 1i
|
|
.ip NDBM
|
|
The ``new DBM'' format,
|
|
available on nearly all systems around today.
|
|
This was the preferred format prior to 4.4BSD.
|
|
It allows such complex things as multiple databases
|
|
and closing a currently open database.
|
|
.ip NEWDB
|
|
The Berkeley DB package.
|
|
If you have this, use it.
|
|
It allows
|
|
long records,
|
|
multiple open databases,
|
|
real in-memory caching,
|
|
and so forth.
|
|
You can define this in conjunction with
|
|
.sm NDBM ;
|
|
if you do,
|
|
old alias databases are read,
|
|
but when a new database is created it will be in NEWDB format.
|
|
As a nasty hack,
|
|
if you have NEWDB, NDBM, and NIS defined,
|
|
and if the alias file name includes the substring
|
|
.q /yp/ ,
|
|
.i sendmail
|
|
will create both new and old versions of the alias file
|
|
during a
|
|
.i newalias
|
|
command.
|
|
This is required because the Sun NIS/YP system
|
|
reads the DBM version of the alias file.
|
|
It's ugly as sin,
|
|
but it works.
|
|
.lp
|
|
If neither of these are defined,
|
|
.i sendmail
|
|
reads the alias file into memory on every invocation.
|
|
This can be slow and should be avoided.
|
|
There are also several methods for remote database access:
|
|
.ip LDAP
|
|
Lightweight Directory Access Protocol.
|
|
.ip NIS
|
|
Sun's Network Information Services (formerly YP).
|
|
.ip NISPLUS
|
|
Sun's NIS+ services.
|
|
.ip NETINFO
|
|
NeXT's NetInfo service.
|
|
.ip HESIOD
|
|
Hesiod service (from Athena).
|
|
.lp
|
|
Other compilation flags are set in
|
|
.i conf.h
|
|
and should be predefined for you
|
|
unless you are porting to a new environment.
|
|
For more options see
|
|
.i sendmail/README .
|
|
.sh 3 "Compilation and installation"
|
|
.pp
|
|
After making the local system configuration described above,
|
|
You should be able to compile and install the system.
|
|
The script
|
|
.q Build
|
|
is the best approach on most systems:
|
|
.(b
|
|
\&./Build
|
|
.)b
|
|
This will use
|
|
.i uname (1)
|
|
to create a custom Makefile for your environment.
|
|
.pp
|
|
If you are installing in the standard places,
|
|
you should be able to install using
|
|
.(b
|
|
\&./Build install
|
|
.)b
|
|
This should install the binary in
|
|
/usr/\*(SD
|
|
and create links from
|
|
/usr/\*(SB/newaliases
|
|
and
|
|
/usr/\*(SB/mailq
|
|
to
|
|
/usr/\*(SD/sendmail.
|
|
On most systems it will also format and install man pages.
|
|
Notice: as of version 8.12
|
|
.i sendmail
|
|
will no longer be installed set-user-ID root by default.
|
|
If you really want to use the old method, you can specify it as target:
|
|
.(b
|
|
\&./Build install-set-user-id
|
|
.)b
|
|
.sh 2 "Configuration Files"
|
|
.pp
|
|
.i Sendmail
|
|
cannot operate without a configuration file.
|
|
The configuration defines the mail delivery mechanisms understood at this site,
|
|
how to access them,
|
|
how to forward email to remote mail systems,
|
|
and a number of tuning parameters.
|
|
This configuration file is detailed
|
|
in the later portion of this document.
|
|
.pp
|
|
The
|
|
.i sendmail
|
|
configuration can be daunting at first.
|
|
The world is complex,
|
|
and the mail configuration reflects that.
|
|
The distribution includes an m4-based configuration package
|
|
that hides a lot of the complexity.
|
|
See
|
|
.i cf/README
|
|
for details.
|
|
.pp
|
|
Our configuration files are processed by
|
|
.i m4
|
|
to facilitate local customization;
|
|
the directory
|
|
.i cf
|
|
of the
|
|
.i sendmail
|
|
distribution directory
|
|
contains the source files.
|
|
This directory contains several subdirectories:
|
|
.nr ii 1i
|
|
.ip cf
|
|
Both site-dependent and site-independent descriptions of hosts.
|
|
These can be literal host names
|
|
(e.g.,
|
|
.q ucbvax.mc )
|
|
when the hosts are gateways
|
|
or more general descriptions
|
|
(such as
|
|
.q "generic-solaris2.mc"
|
|
as a general description of an SMTP-connected host
|
|
running Solaris 2.x.
|
|
Files ending
|
|
.b \&.mc
|
|
(``M4 Configuration'')
|
|
are the input descriptions;
|
|
the output is in the corresponding
|
|
.b \&.cf
|
|
file.
|
|
The general structure of these files is described below.
|
|
.ip domain
|
|
Site-dependent subdomain descriptions.
|
|
These are tied to the way your organization wants to do addressing.
|
|
For example,
|
|
.b domain/CS.Berkeley.EDU.m4
|
|
is our description for hosts in the CS.Berkeley.EDU subdomain.
|
|
These are referenced using the
|
|
.sm DOMAIN
|
|
.b m4
|
|
macro in the
|
|
.b \&.mc
|
|
file.
|
|
.ip feature
|
|
Definitions of specific features that some particular host in your site
|
|
might want.
|
|
These are referenced using the
|
|
.sm FEATURE
|
|
.b m4
|
|
macro.
|
|
An example feature is
|
|
use_cw_file
|
|
(which tells
|
|
.i sendmail
|
|
to read an /etc/mail/local-host-names file on startup
|
|
to find the set of local names).
|
|
.ip hack
|
|
Local hacks, referenced using the
|
|
.sm HACK
|
|
.b m4
|
|
macro.
|
|
Try to avoid these.
|
|
The point of having them here is to make it clear that they smell.
|
|
.ip m4
|
|
Site-independent
|
|
.i m4 (1)
|
|
include files that have information common to all configuration files.
|
|
This can be thought of as a
|
|
.q #include
|
|
directory.
|
|
.ip mailer
|
|
Definitions of mailers,
|
|
referenced using the
|
|
.sm MAILER
|
|
.b m4
|
|
macro.
|
|
The mailer types that are known in this distribution are
|
|
fax,
|
|
local,
|
|
smtp,
|
|
uucp,
|
|
and usenet.
|
|
For example, to include support for the UUCP-based mailers,
|
|
use
|
|
.q MAILER(uucp) .
|
|
.ip ostype
|
|
Definitions describing various operating system environments
|
|
(such as the location of support files).
|
|
These are referenced using the
|
|
.sm OSTYPE
|
|
.b m4
|
|
macro.
|
|
.ip sh
|
|
Shell files used by the
|
|
.b m4
|
|
build process.
|
|
You shouldn't have to mess with these.
|
|
.ip siteconfig
|
|
Local UUCP connectivity information.
|
|
This directory has been supplanted by the mailertable feature;
|
|
any new configurations should use that feature to do UUCP
|
|
(and other) routing.
|
|
The use of this directory is deprecated.
|
|
.pp
|
|
If you are in a new domain
|
|
(e.g., a company),
|
|
you will probably want to create a
|
|
cf/domain
|
|
file for your domain.
|
|
This consists primarily of relay definitions
|
|
and features you want enabled site-wide:
|
|
for example, Berkeley's domain definition
|
|
defines relays for
|
|
BitNET
|
|
and UUCP.
|
|
These are specific to Berkeley,
|
|
and should be fully-qualified internet-style domain names.
|
|
Please check to make certain they are reasonable for your domain.
|
|
.pp
|
|
Subdomains at Berkeley are also represented in the
|
|
cf/domain
|
|
directory.
|
|
For example,
|
|
the domain
|
|
CS.Berkeley.EDU
|
|
is the Computer Science subdomain,
|
|
EECS.Berkeley.EDU
|
|
is the Electrical Engineering and Computer Sciences subdomain,
|
|
and
|
|
S2K.Berkeley.EDU
|
|
is the Sequoia 2000 subdomain.
|
|
You will probably have to add an entry to this directory
|
|
to be appropriate for your domain.
|
|
.pp
|
|
You will have to use or create
|
|
.b \&.mc
|
|
files in the
|
|
.i cf/cf
|
|
subdirectory for your hosts.
|
|
This is detailed in the
|
|
cf/README
|
|
file.
|
|
.sh 2 "Details of Installation Files"
|
|
.pp
|
|
This subsection describes the files that
|
|
comprise the
|
|
.i sendmail
|
|
installation.
|
|
.sh 3 "/usr/\*(SD/sendmail"
|
|
.pp
|
|
The binary for
|
|
.i sendmail
|
|
is located in /usr/\*(SD\**.
|
|
.(f
|
|
\**This is usually
|
|
/usr/sbin
|
|
on 4.4BSD and newer systems;
|
|
many systems install it in
|
|
/usr/lib.
|
|
I understand it is in /usr/ucblib
|
|
on System V Release 4.
|
|
.)f
|
|
It should be set-group-ID smmsp as described in
|
|
sendmail/SECURITY.
|
|
For security reasons,
|
|
/, /usr, and /usr/\*(SD
|
|
should be owned by root, mode 0755\**.
|
|
.(f
|
|
\**Some vendors ship them owned by bin;
|
|
this creates a security hole that is not actually related to
|
|
.i sendmail .
|
|
Other important directories that should have restrictive ownerships
|
|
and permissions are
|
|
/bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib.
|
|
.)f
|
|
.sh 3 "/etc/mail/sendmail.cf"
|
|
.pp
|
|
This is the main configuration file for
|
|
.i sendmail \**.
|
|
.(f
|
|
\**Actually, the pathname varies depending on the operating system;
|
|
/etc/mail is the preferred directory.
|
|
Some older systems install it in
|
|
.b /usr/lib/sendmail.cf ,
|
|
and I've also seen it in
|
|
.b /usr/ucblib .
|
|
If you want to move this file,
|
|
add -D_PATH_SENDMAILCF=\e"/file/name\e"
|
|
to the flags passed to the C compiler.
|
|
Moving this file is not recommended:
|
|
other programs and scripts know of this location.
|
|
.)f
|
|
This is one of the two non-library file names compiled into
|
|
.i sendmail \**,
|
|
the other is /etc/mail/submit.cf.
|
|
.(f
|
|
\**The system libraries can reference other files;
|
|
in particular, system library subroutines that
|
|
.i sendmail
|
|
calls probably reference
|
|
.i /etc/passwd
|
|
and
|
|
.i /etc/resolv.conf .
|
|
.)f
|
|
.pp
|
|
The configuration file is normally created
|
|
using the distribution files described above.
|
|
If you have a particularly unusual system configuration
|
|
you may need to create a special version.
|
|
The format of this file is detailed in later sections
|
|
of this document.
|
|
.sh 3 "/etc/mail/submit.cf"
|
|
.pp
|
|
This is the configuration file for
|
|
.i sendmail
|
|
when it is used for initial mail submission, in which case
|
|
it is also called ``Mail Submission Program'' (MSP)
|
|
in contrast to ``Mail Transfer Agent'' (MTA).
|
|
Starting with version 8.12,
|
|
.i sendmail
|
|
uses one of two different configuration files based on its operation mode
|
|
(or the new
|
|
.b \-A
|
|
option).
|
|
For initial mail submission, i.e., if one of the options
|
|
.b \-bm
|
|
(default),
|
|
.b \-bs ,
|
|
or
|
|
.b \-t
|
|
is specified, submit.cf is used (if available),
|
|
for other operations sendmail.cf is used.
|
|
Details can be found in
|
|
.i sendmail/SECURITY .
|
|
submit.cf is shipped with sendmail (in cf/cf/) and is installed by default.
|
|
If changes to the configuration need to be made, start with
|
|
cf/cf/submit.mc and follow the instruction in cf/README.
|
|
.sh 3 "/usr/\*(SB/newaliases"
|
|
.pp
|
|
The
|
|
.i newaliases
|
|
command should just be a link to
|
|
.i sendmail :
|
|
.(b
|
|
rm \-f /usr/\*(SB/newaliases
|
|
ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
|
|
.)b
|
|
This can be installed in whatever search path you prefer
|
|
for your system.
|
|
.sh 3 "/usr/\*(SB/hoststat"
|
|
.pp
|
|
The
|
|
.i hoststat
|
|
command should just be a link to
|
|
.i sendmail ,
|
|
in a fashion similar to
|
|
.i newaliases .
|
|
This command lists the status of the last mail transaction
|
|
with all remote hosts. The
|
|
.b \-v
|
|
flag will prevent the status display from being truncated.
|
|
It functions only when the
|
|
.b HostStatusDirectory
|
|
option is set.
|
|
.sh 3 "/usr/\*(SB/purgestat"
|
|
.pp
|
|
This command is also a link to
|
|
.i sendmail .
|
|
It flushes expired (Timeout.hoststatus) information that is stored in the
|
|
.b HostStatusDirectory
|
|
tree.
|
|
.sh 3 "/var/spool/mqueue"
|
|
.pp
|
|
The directory
|
|
.i /var/spool/mqueue
|
|
should be created to hold the mail queue.
|
|
This directory should be mode 0700
|
|
and owned by root.
|
|
.pp
|
|
The actual path of this directory
|
|
is defined by the
|
|
.b QueueDirectory
|
|
option of the
|
|
.i sendmail.cf
|
|
file.
|
|
To use multiple queues,
|
|
supply a value ending with an asterisk.
|
|
For example,
|
|
.i /var/spool/mqueue/qd*
|
|
will use all of the directories or symbolic links to directories
|
|
beginning with `qd' in
|
|
.i /var/spool/mqueue
|
|
as queue directories.
|
|
Do not change the queue directory structure
|
|
while sendmail is running.
|
|
.pp
|
|
If these directories have subdirectories or symbolic links to directories
|
|
named `qf', `df', and `xf', then these will be used for the different
|
|
queue file types.
|
|
That is, the data files are stored in the `df' subdirectory,
|
|
the transcript files are stored in the `xf' subdirectory, and
|
|
all others are stored in the `qf' subdirectory.
|
|
.pp
|
|
If shared memory support is compiled in,
|
|
.i sendmail
|
|
stores the available diskspace in a shared memory segment
|
|
to make the values readily available to all children without
|
|
incurring system overhead.
|
|
In this case, only the daemon updates the data;
|
|
i.e., the sendmail daemon creates the shared memory segment
|
|
and deletes it if it is terminated.
|
|
To use this,
|
|
.i sendmail
|
|
must have been compiled with support for shared memory
|
|
(-DSM_CONF_SHM)
|
|
and the option
|
|
.b SharedMemoryKey
|
|
must be set.
|
|
Notice: do not use the same key for
|
|
.i sendmail
|
|
invocations with different queue directories
|
|
or different queue group declarations.
|
|
Access to shared memory is not controlled by locks,
|
|
i.e., there is a race condition when data in the shared memory is updated.
|
|
However, since operation of
|
|
.i sendmail
|
|
does not rely on the data in the shared memory, this does not negatively
|
|
influence the behavior.
|
|
.sh 3 "/var/spool/clientmqueue"
|
|
.pp
|
|
The directory
|
|
.i /var/spool/clientmqueue
|
|
should be created to hold the mail queue.
|
|
This directory should be mode 0770
|
|
and owned by user smmsp, group smmsp.
|
|
.pp
|
|
The actual path of this directory
|
|
is defined by the
|
|
.b QueueDirectory
|
|
option of the
|
|
.i submit.cf
|
|
file.
|
|
.sh 3 "/var/spool/mqueue/.hoststat"
|
|
.pp
|
|
This is a typical value for the
|
|
.b HostStatusDirectory
|
|
option,
|
|
containing one file per host
|
|
that this sendmail has chatted with recently.
|
|
It is normally a subdirectory of
|
|
.i mqueue .
|
|
.sh 3 "/etc/mail/aliases*"
|
|
.pp
|
|
The system aliases are held in
|
|
.q /etc/mail/aliases .
|
|
A sample is given in
|
|
.q sendmail/aliases
|
|
which includes some aliases which
|
|
.i must
|
|
be defined:
|
|
.(b
|
|
cp sendmail/aliases /etc/mail/aliases
|
|
.i "edit /etc/mail/aliases"
|
|
.)b
|
|
You should extend this file with any aliases that are apropos to your system.
|
|
.pp
|
|
Normally
|
|
.i sendmail
|
|
looks at a database version of the files,
|
|
stored either in
|
|
.q /etc/mail/aliases.dir
|
|
and
|
|
.q /etc/mail/aliases.pag
|
|
or
|
|
.q /etc/mail/aliases.db
|
|
depending on which database package you are using.
|
|
The actual path of this file
|
|
is defined in the
|
|
.b AliasFile
|
|
option of the
|
|
.i sendmail.cf
|
|
file.
|
|
.pp
|
|
The permissions of the alias file and the database versions
|
|
should be 0640 to prevent local denial of service attacks
|
|
as explained in the top level
|
|
.b README
|
|
in the sendmail distribution.
|
|
If the permissions 0640 are used, be sure that only trusted users belong
|
|
to the group assigned to those files. Otherwise, files should not even
|
|
be group readable.
|
|
.sh 3 "/etc/rc or /etc/init.d/sendmail"
|
|
.pp
|
|
It will be necessary to start up the
|
|
.i sendmail
|
|
daemon when your system reboots.
|
|
This daemon performs two functions:
|
|
it listens on the SMTP socket for connections
|
|
(to receive mail from a remote system)
|
|
and it processes the queue periodically
|
|
to insure that mail gets delivered when hosts come up.
|
|
.pp
|
|
If necessary, add the following lines to
|
|
.q /etc/rc
|
|
(or
|
|
.q /etc/rc.local
|
|
as appropriate)
|
|
in the area where it is starting up the daemons
|
|
on a BSD-base system,
|
|
or on a System-V-based system
|
|
in one of the startup files, typically
|
|
.q /etc/init.d/sendmail :
|
|
.(b
|
|
if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
|
|
(cd /var/spool/mqueue; rm \-f xf*)
|
|
/usr/\*(SD/sendmail \-bd \-q30m &
|
|
echo \-n ' sendmail' >/dev/console
|
|
fi
|
|
.)b
|
|
The
|
|
.q cd
|
|
and
|
|
.q rm
|
|
commands insure that all transcript files have been removed;
|
|
extraneous transcript files may be left around
|
|
if the system goes down in the middle of processing a message.
|
|
The line that actually invokes
|
|
.i sendmail
|
|
has two flags:
|
|
.q \-bd
|
|
causes it to listen on the SMTP port,
|
|
and
|
|
.q \-q30m
|
|
causes it to run the queue every half hour.
|
|
.pp
|
|
Some people use a more complex startup script,
|
|
removing zero length qf/hf/Qf files and df files for which there is no
|
|
qf/hf/Qf file.
|
|
Note this is not advisable.
|
|
For example, see Figure 1
|
|
for an example of a complex script which does this clean up.
|
|
.(z
|
|
.hl
|
|
#!/bin/sh
|
|
# remove zero length qf/hf/Qf files
|
|
for qffile in qf* hf* Qf*
|
|
do
|
|
if [ \-r $qffile ]
|
|
then
|
|
if [ ! \-s $qffile ]
|
|
then
|
|
echo \-n " <zero: $qffile>" > /dev/console
|
|
rm \-f $qffile
|
|
fi
|
|
fi
|
|
done
|
|
# rename tf files to be qf if the qf does not exist
|
|
for tffile in tf*
|
|
do
|
|
qffile=`echo $tffile | sed 's/t/q/'`
|
|
if [ \-r $tffile \-a ! \-f $qffile ]
|
|
then
|
|
echo \-n " <recovering: $tffile>" > /dev/console
|
|
mv $tffile $qffile
|
|
else
|
|
if [ \-f $tffile ]
|
|
then
|
|
echo \-n " <extra: $tffile>" > /dev/console
|
|
rm \-f $tffile
|
|
fi
|
|
fi
|
|
done
|
|
# remove df files with no corresponding qf/hf/Qf files
|
|
for dffile in df*
|
|
do
|
|
qffile=`echo $dffile | sed 's/d/q/'`
|
|
hffile=`echo $dffile | sed 's/d/h/'`
|
|
Qffile=`echo $dffile | sed 's/d/Q/'`
|
|
if [ \-r $dffile \-a ! \-f $qffile \-a ! \-f $hffile \-a ! \-f $Qffile ]
|
|
then
|
|
echo \-n " <incomplete: $dffile>" > /dev/console
|
|
mv $dffile `echo $dffile | sed 's/d/D/'`
|
|
fi
|
|
done
|
|
# announce files that have been saved during disaster recovery
|
|
for xffile in [A-Z]f*
|
|
do
|
|
if [ \-f $xffile ]
|
|
then
|
|
echo \-n " <panic: $xffile>" > /dev/console
|
|
fi
|
|
done
|
|
.sp
|
|
.ce
|
|
Figure 1 \(em A complex startup script
|
|
.hl
|
|
.)z
|
|
.sh 3 "/etc/mail/helpfile"
|
|
.pp
|
|
This is the help file used by the SMTP
|
|
.b HELP
|
|
command.
|
|
It should be copied from
|
|
.q sendmail/helpfile :
|
|
.(b
|
|
cp sendmail/helpfile /etc/mail/helpfile
|
|
.)b
|
|
The actual path of this file
|
|
is defined in the
|
|
.b HelpFile
|
|
option of the
|
|
.i sendmail.cf
|
|
file.
|
|
.sh 3 "/etc/mail/statistics"
|
|
.pp
|
|
If you wish to collect statistics
|
|
about your mail traffic,
|
|
you should create the file
|
|
.q /etc/mail/statistics :
|
|
.(b
|
|
cp /dev/null /etc/mail/statistics
|
|
chmod 0600 /etc/mail/statistics
|
|
.)b
|
|
This file does not grow.
|
|
It is printed with the program
|
|
.q mailstats/mailstats.c.
|
|
The actual path of this file
|
|
is defined in the
|
|
.b S
|
|
option of the
|
|
.i sendmail.cf
|
|
file.
|
|
.sh 3 "/usr/\*(SB/mailq"
|
|
.pp
|
|
If
|
|
.i sendmail
|
|
is invoked as
|
|
.q mailq,
|
|
it will simulate the
|
|
.b \-bp
|
|
flag
|
|
(i.e.,
|
|
.i sendmail
|
|
will print the contents of the mail queue;
|
|
see below).
|
|
This should be a link to /usr/\*(SD/sendmail.
|
|
.sh 3 "sendmail.pid"
|
|
.pp
|
|
.i sendmail
|
|
stores its current pid in the file specified by the
|
|
.b PidFile
|
|
option (default is _PATH_SENDMAILPID).
|
|
.i sendmail
|
|
uses
|
|
.b TempFileMode
|
|
(which defaults to 0600) as
|
|
the permissions of that file
|
|
to prevent local denial of service attacks
|
|
as explained in the top level
|
|
.b README
|
|
in the sendmail distribution.
|
|
If the file already exists, then it might be necessary to
|
|
change the permissions accordingly, e.g.,
|
|
.(b
|
|
chmod 0600 /var/run/sendmail.pid
|
|
.)b
|
|
Note that as of version 8.13, this file is unlinked when
|
|
.i sendmail
|
|
exits.
|
|
As a result of this change, a script such as the following,
|
|
which may have worked prior to 8.13, will no longer work:
|
|
.(b
|
|
# stop & start sendmail
|
|
PIDFILE=/var/run/sendmail.pid
|
|
kill `head -1 $PIDFILE`
|
|
`tail -1 $PIDFILE`
|
|
.)b
|
|
because it assumes that the pidfile will still exist even
|
|
after killing the process to which it refers.
|
|
Below is a script which will work correctly
|
|
on both newer and older versions:
|
|
.(b
|
|
# stop & start sendmail
|
|
PIDFILE=/var/run/sendmail.pid
|
|
pid=`head -1 $PIDFILE`
|
|
cmd=`tail -1 $PIDFILE`
|
|
kill $pid
|
|
$cmd
|
|
.)b
|
|
This is just an example script, it does not perform any error checks,
|
|
e.g., whether the pidfile exists at all.
|
|
.sh 3 "Map Files"
|
|
.pp
|
|
To prevent local denial of service attacks
|
|
as explained in the top level
|
|
.b README
|
|
in the sendmail distribution,
|
|
the permissions of map files created by
|
|
.i makemap
|
|
should be 0640.
|
|
The use of 0640 implies that only trusted users belong to the group
|
|
assigned to those files.
|
|
If those files already exist, then it might be necessary to
|
|
change the permissions accordingly, e.g.,
|
|
.(b
|
|
cd /etc/mail
|
|
chmod 0640 *.db *.pag *.dir
|
|
.)b
|
|
.sh 1 "NORMAL OPERATIONS"
|
|
.sh 2 "The System Log"
|
|
.pp
|
|
The system log is supported by the
|
|
.i syslogd \|(8)
|
|
program.
|
|
All messages from
|
|
.i sendmail
|
|
are logged under the
|
|
.sm LOG_MAIL
|
|
facility\**.
|
|
.(f
|
|
\**Except on Ultrix,
|
|
which does not support facilities in the syslog.
|
|
.)f
|
|
.sh 3 "Format"
|
|
.pp
|
|
Each line in the system log
|
|
consists of a timestamp,
|
|
the name of the machine that generated it
|
|
(for logging from several machines
|
|
over the local area network),
|
|
the word
|
|
.q sendmail: ,
|
|
and a message\**.
|
|
.(f
|
|
\**This format may vary slightly if your vendor has changed
|
|
the syntax.
|
|
.)f
|
|
Most messages are a sequence of
|
|
.i name \c
|
|
=\c
|
|
.i value
|
|
pairs.
|
|
.pp
|
|
The two most common lines are logged when a message is processed.
|
|
The first logs the receipt of a message;
|
|
there will be exactly one of these per message.
|
|
Some fields may be omitted if they do not contain interesting information.
|
|
Fields are:
|
|
.ip from
|
|
The envelope sender address.
|
|
.ip size
|
|
The size of the message in bytes.
|
|
.ip class
|
|
The class (i.e., numeric precedence) of the message.
|
|
.ip pri
|
|
The initial message priority (used for queue sorting).
|
|
.ip nrcpts
|
|
The number of envelope recipients for this message
|
|
(after aliasing and forwarding).
|
|
.ip msgid
|
|
The message id of the message (from the header).
|
|
.ip bodytype
|
|
The message body type (7BIT or 8BITMIME),
|
|
as determined from the envelope.
|
|
.ip proto
|
|
The protocol used to receive this message (e.g., ESMTP or UUCP)
|
|
.ip daemon
|
|
The daemon name from the
|
|
.b DaemonPortOptions
|
|
setting.
|
|
.ip relay
|
|
The machine from which it was received.
|
|
.lp
|
|
There is also one line logged per delivery attempt
|
|
(so there can be several per message if delivery is deferred
|
|
or there are multiple recipients).
|
|
Fields are:
|
|
.ip to
|
|
A comma-separated list of the recipients to this mailer.
|
|
.ip ctladdr
|
|
The ``controlling user'', that is, the name of the user
|
|
whose credentials we use for delivery.
|
|
.ip delay
|
|
The total delay between the time this message was received
|
|
and the current delivery attempt.
|
|
.ip xdelay
|
|
The amount of time needed in this delivery attempt
|
|
(normally indicative of the speed of the connection).
|
|
.ip mailer
|
|
The name of the mailer used to deliver to this recipient.
|
|
.ip relay
|
|
The name of the host that actually accepted (or rejected) this recipient.
|
|
.ip dsn
|
|
The enhanced error code (RFC 2034) if available.
|
|
.ip stat
|
|
The delivery status.
|
|
.lp
|
|
Not all fields are present in all messages;
|
|
for example, the relay is usually not listed for local deliveries.
|
|
.sh 3 "Levels"
|
|
.pp
|
|
If you have
|
|
.i syslogd \|(8)
|
|
or an equivalent installed,
|
|
you will be able to do logging.
|
|
There is a large amount of information that can be logged.
|
|
The log is arranged as a succession of levels.
|
|
At the lowest level
|
|
only extremely strange situations are logged.
|
|
At the highest level,
|
|
even the most mundane and uninteresting events
|
|
are recorded for posterity.
|
|
As a convention,
|
|
log levels under ten
|
|
are considered generally
|
|
.q useful;
|
|
log levels above 64
|
|
are reserved for debugging purposes.
|
|
Levels from 11\-64 are reserved for verbose information
|
|
that some sites might want.
|
|
.pp
|
|
A complete description of the log levels
|
|
is given in section ``Log Level''.
|
|
.sh 2 "Dumping State"
|
|
.pp
|
|
You can ask
|
|
.i sendmail
|
|
to log a dump of the open files
|
|
and the connection cache
|
|
by sending it a
|
|
.sm SIGUSR1
|
|
signal.
|
|
The results are logged at
|
|
.sm LOG_DEBUG
|
|
priority.
|
|
.sh 2 "The Mail Queues"
|
|
.pp
|
|
Mail messages may either be delivered immediately or be held for later
|
|
delivery.
|
|
Held messages are placed into a holding directory called a mail queue.
|
|
.pp
|
|
A mail message may be queued for these reasons:
|
|
.bu
|
|
If a mail message is temporarily undeliverable, it is queued
|
|
and delivery is attempted later.
|
|
If the message is addressed to multiple recipients, it is queued
|
|
only for those recipients to whom delivery is not immediately possible.
|
|
.bu
|
|
If the SuperSafe option is set to true,
|
|
all mail messages are queued while delivery is attempted.
|
|
.bu
|
|
If the DeliveryMode option is set to queue-only or defer,
|
|
all mail is queued, and no immediate delivery is attempted.
|
|
.bu
|
|
If the load average becomes higher than the value of the QueueLA option
|
|
and the
|
|
.b QueueFactor
|
|
(\c
|
|
.b q )
|
|
option divided by the difference in the current load average and the
|
|
.b QueueLA
|
|
option plus one
|
|
is less than the priority of the message,
|
|
messages are queued rather than immediately delivered.
|
|
.bu
|
|
One or more addresses are marked as expensive and delivery is postponed
|
|
until the next queue run or one or more address are marked as held via
|
|
mailer which uses the hold mailer flag.
|
|
.bu
|
|
The mail message has been marked as quarantined via a mail filter or
|
|
rulesets.
|
|
.sh 3 "Queue Groups and Queue Directories"
|
|
.pp
|
|
There are one or more mail queues.
|
|
Each mail queue belongs to a queue group.
|
|
There is always a default queue group that is called ``mqueue''
|
|
(which is where messages go by default unless otherwise specified).
|
|
The directory or directories which comprise the default queue group
|
|
are specified by the QueueDirectory option.
|
|
There are zero or more
|
|
additional named queue groups declared using the
|
|
.b Q
|
|
command in the configuration file.
|
|
.pp
|
|
By default, a queued message is placed in the queue group
|
|
associated with the first recipient in the recipient list.
|
|
A recipient address is mapped to a queue group as follows.
|
|
First, if there is a ruleset called ``queuegroup'',
|
|
and if this ruleset maps the address to a queue group name,
|
|
then that queue group is chosen.
|
|
That is, the argument for the ruleset is the recipient address
|
|
and the result should be
|
|
.b $#
|
|
followed by the name of a queue group.
|
|
Otherwise, if the mailer associated with the address specifies
|
|
a queue group, then that queue group is chosen.
|
|
Otherwise, the default queue group is chosen.
|
|
.pp
|
|
A message with multiple recipients will be split
|
|
if different queue groups are chosen
|
|
by the mapping of recipients to queue groups.
|
|
.pp
|
|
When a message is placed in a queue group, and the queue group has
|
|
more than one queue, a queue is selected randomly.
|
|
.pp
|
|
If a message with multiple recipients is placed into a queue group
|
|
with the 'r' option (maximum number of recipients per message)
|
|
set to a positive value
|
|
.i N ,
|
|
and if there are more than
|
|
.i N
|
|
recipients
|
|
in the message, then the message will be split into multiple messages,
|
|
each of which have at most
|
|
.i N
|
|
recipients.
|
|
.pp
|
|
Notice: if multiple queue groups are used, do
|
|
.b not
|
|
move queue files around, e.g., into a different queue directory.
|
|
This may have weird effects and can cause mail not to be delivered.
|
|
Queue files and directories should be treated as opaque
|
|
and should not be manipulated directly.
|
|
.sh 3 "Queue Runs"
|
|
.pp
|
|
.i sendmail
|
|
has two different ways to process the queue(s).
|
|
The first one is to start queue runners after certain intervals
|
|
(``normal'' queue runners),
|
|
the second one is to keep queue runner processes around
|
|
(``persistent'' queue runners).
|
|
How to select either of these types is discussed in the appendix
|
|
``COMMAND LINE FLAGS''.
|
|
Persistent queue runners have the advantage that no new processes
|
|
need to be spawned at certain intervals; they just sleep for
|
|
a specified time after they finished a queue run.
|
|
Another advantage of persistent queue runners is that only one process
|
|
belonging to a workgroup (a workgroup is a set of queue groups)
|
|
collects the data for a queue run
|
|
and then multiple queue runner may go ahead using that data.
|
|
This can significantly reduce the disk I/O necessary to read the
|
|
queue files compared to starting multiple queue runners directly.
|
|
Their disadvantage is that a new queue run is only started
|
|
after all queue runners belonging to a group finished their tasks.
|
|
In case one of the queue runners tries delivery to a slow recipient site
|
|
at the end of a queue run, the next queue run may be substantially delayed.
|
|
In general this should be smoothed out due to the distribution of
|
|
those slow jobs, however, for sites with small number of
|
|
queue entries this might introduce noticable delays.
|
|
In general, persistent queue runners are only useful for
|
|
sites with big queues.
|
|
.sh 3 "Manual Intervention"
|
|
.pp
|
|
Under normal conditions the mail queue will be processed transparently.
|
|
However, you may find that manual intervention is sometimes necessary.
|
|
For example,
|
|
if a major host is down for a period of time
|
|
the queue may become clogged.
|
|
Although
|
|
.i sendmail
|
|
ought to recover gracefully when the host comes up,
|
|
you may find performance unacceptably bad in the meantime.
|
|
In that case you want to check the content of the queue
|
|
and manipulate it as explained in the next two sections.
|
|
.sh 3 "Printing the queue"
|
|
.pp
|
|
The contents of the queue(s) can be printed
|
|
using the
|
|
.i mailq
|
|
command
|
|
(or by specifying the
|
|
.b \-bp
|
|
flag to
|
|
.i sendmail ):
|
|
.(b
|
|
mailq
|
|
.)b
|
|
This will produce a listing of the queue id's,
|
|
the size of the message,
|
|
the date the message entered the queue,
|
|
and the sender and recipients.
|
|
If shared memory support is compiled in,
|
|
the flag
|
|
.b \-bP
|
|
can be used to print the number of entries in the queue(s),
|
|
provided a process updates the data.
|
|
However, as explained earlier, the output might be slightly wrong,
|
|
since access to the shared memory is not locked.
|
|
For example,
|
|
``unknown number of entries''
|
|
might be shown.
|
|
The internal counters are updated after each queue run
|
|
to the correct value again.
|
|
.sh 3 "Forcing the queue"
|
|
.pp
|
|
.i Sendmail
|
|
should run the queue automatically at intervals.
|
|
When using multiple queues,
|
|
a separate process will by default be created to
|
|
run each of the queues
|
|
unless the queue run is initiated by a user
|
|
with the verbose flag.
|
|
The algorithm is to read and sort the queue,
|
|
and then to attempt to process all jobs in order.
|
|
When it attempts to run the job,
|
|
.i sendmail
|
|
first checks to see if the job is locked.
|
|
If so, it ignores the job.
|
|
.pp
|
|
There is no attempt to insure that only one queue processor
|
|
exists at any time,
|
|
since there is no guarantee that a job cannot take forever
|
|
to process
|
|
(however,
|
|
.i sendmail
|
|
does include heuristics to try to abort jobs
|
|
that are taking absurd amounts of time;
|
|
technically, this violates RFC 821, but is blessed by RFC 1123).
|
|
Due to the locking algorithm,
|
|
it is impossible for one job to freeze the entire queue.
|
|
However,
|
|
an uncooperative recipient host
|
|
or a program recipient
|
|
that never returns
|
|
can accumulate many processes in your system.
|
|
Unfortunately,
|
|
there is no completely general way to solve this.
|
|
.pp
|
|
In some cases,
|
|
you may find that a major host going down
|
|
for a couple of days
|
|
may create a prohibitively large queue.
|
|
This will result in
|
|
.i sendmail
|
|
spending an inordinate amount of time
|
|
sorting the queue.
|
|
This situation can be fixed by moving the queue to a temporary place
|
|
and creating a new queue.
|
|
The old queue can be run later when the offending host returns to service.
|
|
.pp
|
|
To do this,
|
|
it is acceptable to move the entire queue directory:
|
|
.(b
|
|
cd /var/spool
|
|
mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue
|
|
.)b
|
|
You should then kill the existing daemon
|
|
(since it will still be processing in the old queue directory)
|
|
and create a new daemon.
|
|
.pp
|
|
To run the old mail queue, issue the following command:
|
|
.(b
|
|
/usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q
|
|
.)b
|
|
The
|
|
.b \-C
|
|
flag specifies an alternate configuration file
|
|
.b queue.cf
|
|
which should refer to the moved queue directory
|
|
.(b
|
|
O QueueDirectory=/var/spool/omqueue
|
|
.)b
|
|
and the
|
|
.b \-q
|
|
flag says to just run every job in the queue.
|
|
You can also specify the moved queue directory on the command line
|
|
.(b
|
|
/usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
|
|
.)b
|
|
but this requires that you do not have
|
|
queue groups in the configuration file,
|
|
because those are not subdirectories of the moved directory.
|
|
See the section about ``Queue Group Declaration'' for details;
|
|
you most likely need a different configuration file to correctly deal
|
|
with this problem.
|
|
However, a proper configuration of queue groups should avoid
|
|
filling up queue directories, so you shouldn't run into
|
|
this problem.
|
|
If you have a tendency toward voyeurism,
|
|
you can use the
|
|
.b \-v
|
|
flag to watch what is going on.
|
|
.pp
|
|
When the queue is finally emptied,
|
|
you can remove the directory:
|
|
.(b
|
|
rmdir /var/spool/omqueue
|
|
.)b
|
|
.sh 3 "Quarantined Queue Items"
|
|
.pp
|
|
It is possible to "quarantine" mail messages,
|
|
otherwise known as envelopes.
|
|
Envelopes (queue files) are stored but not considered for delivery or
|
|
display unless the "quarantine" state of the envelope is undone or
|
|
delivery or display of quarantined items is requested.
|
|
Quarantined messages are tagged by using a different name for the queue
|
|
file, 'hf' instead of 'qf', and by adding the quarantine reason to the
|
|
queue file.
|
|
.pp
|
|
Delivery or display of quarantined items can be requested using the
|
|
.b \-qQ
|
|
flag to
|
|
.i sendmail
|
|
or
|
|
.i mailq .
|
|
Additionally, messages already in the queue can be quarantined or
|
|
unquarantined using the new
|
|
.b \-Q
|
|
flag to sendmail.
|
|
For example,
|
|
.(b
|
|
sendmail -Qreason -q[!][I|R|S][matchstring]
|
|
.)b
|
|
Quarantines the normal queue items matching the criteria specified by the
|
|
.b "-q[!][I|R|S][matchstring]"
|
|
using the reason given on the
|
|
.b \-Q
|
|
flag.
|
|
Likewise,
|
|
.(b
|
|
sendmail -qQ -Q[reason] -q[!][I|R|S|Q][matchstring]
|
|
.)b
|
|
Change the quarantine reason for the quarantined items matching the
|
|
criteria specified by the
|
|
.b "-q[!][I|R|S|Q][matchstring]"
|
|
using the reason given on the
|
|
.b \-Q
|
|
flag.
|
|
If there is no reason,
|
|
unquarantine the matching items and make them normal queue items.
|
|
Note that the
|
|
.b \-qQ
|
|
flag tells sendmail to operate on quarantined items instead of normal items.
|
|
.sh 2 "Disk Based Connection Information"
|
|
.pp
|
|
.i Sendmail
|
|
stores a large amount of information about each remote system it
|
|
has connected to in memory. It is possible to preserve some
|
|
of this information on disk as well, by using the
|
|
.b HostStatusDirectory
|
|
option, so that it may be shared between several invocations of
|
|
.i sendmail .
|
|
This allows mail to be queued immediately or skipped during a queue run if
|
|
there has been a recent failure in connecting to a remote machine.
|
|
Note: information about a remote system is stored in a file
|
|
whose pathname consists of the components of the hostname in reverse order.
|
|
For example, the information for
|
|
.b host.example.com
|
|
is stored in
|
|
.b com./example./host .
|
|
For top-level domains like
|
|
.b com
|
|
this can create a large number of subdirectories
|
|
which on some filesystems can exhaust some limits.
|
|
Moreover, the performance of lookups in directory with thousands of entries
|
|
can be fairly slow depending on the filesystem implementation.
|
|
.pp
|
|
Additionally enabling
|
|
.b SingleThreadDelivery
|
|
has the added effect of single-threading mail delivery to a destination.
|
|
This can be quite helpful
|
|
if the remote machine is running an SMTP server that is easily overloaded
|
|
or cannot accept more than a single connection at a time,
|
|
but can cause some messages to be punted to a future queue run.
|
|
It also applies to
|
|
.i all
|
|
hosts, so setting this because you have one machine on site
|
|
that runs some software that is easily overrun
|
|
can cause mail to other hosts to be slowed down.
|
|
If this option is set,
|
|
you probably want to set the
|
|
.b MinQueueAge
|
|
option as well and run the queue fairly frequently;
|
|
this way jobs that are skipped because another
|
|
.i sendmail
|
|
is talking to the same host will be tried again quickly
|
|
rather than being delayed for a long time.
|
|
.pp
|
|
The disk based host information is stored in a subdirectory of the
|
|
.b mqueue
|
|
directory called
|
|
.b \&.hoststat \**.
|
|
.(f
|
|
\**This is the usual value of the
|
|
.b HostStatusDirectory
|
|
option;
|
|
it can, of course, go anywhere you like in your filesystem.
|
|
.)f
|
|
Removing this directory and its subdirectories has an effect similar to
|
|
the
|
|
.i purgestat
|
|
command and is completely safe.
|
|
However,
|
|
.i purgestat
|
|
only removes expired (Timeout.hoststatus) data.
|
|
The information in these directories can
|
|
be perused with the
|
|
.i hoststat
|
|
command, which will indicate the host name, the last access, and the
|
|
status of that access.
|
|
An asterisk in the left most column indicates that a
|
|
.i sendmail
|
|
process currently has the host locked for mail delivery.
|
|
.pp
|
|
The disk based connection information is treated the same way as memory based
|
|
connection information for the purpose of timeouts.
|
|
By default, information about host failures is valid for 30 minutes.
|
|
This can be adjusted with
|
|
the
|
|
.b Timeout.hoststatus
|
|
option.
|
|
.pp
|
|
The connection information stored on disk may be expired at any time
|
|
with the
|
|
.i purgestat
|
|
command or by invoking sendmail with the
|
|
.b \-bH
|
|
switch.
|
|
The connection information may be viewed with the
|
|
.i hoststat
|
|
command or by invoking sendmail with the
|
|
.b \-bh
|
|
switch.
|
|
.sh 2 "The Service Switch"
|
|
.pp
|
|
The implementation of certain system services
|
|
such as host and user name lookup
|
|
is controlled by the service switch.
|
|
If the host operating system supports such a switch,
|
|
and sendmail knows about it,
|
|
.i sendmail
|
|
will use the native version.
|
|
Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**.
|
|
.(f
|
|
\**HP-UX 10 has service switch support,
|
|
but since the APIs are apparently not available in the libraries
|
|
.i sendmail
|
|
does not use the native service switch in this release.
|
|
.)f
|
|
.pp
|
|
If the underlying operating system does not support a service switch
|
|
(e.g., SunOS 4.X, HP-UX, BSD)
|
|
then
|
|
.i sendmail
|
|
will provide a stub implementation.
|
|
The
|
|
.b ServiceSwitchFile
|
|
option points to the name of a file that has the service definitions.
|
|
Each line has the name of a service
|
|
and the possible implementations of that service.
|
|
For example, the file:
|
|
.(b
|
|
hosts dns files nis
|
|
aliases files nis
|
|
.)b
|
|
will ask
|
|
.i sendmail
|
|
to look for hosts in the Domain Name System first.
|
|
If the requested host name is not found, it tries local files,
|
|
and if that fails it tries NIS.
|
|
Similarly, when looking for aliases
|
|
it will try the local files first followed by NIS.
|
|
.pp
|
|
Notice: since
|
|
.i sendmail
|
|
must access MX records for correct operation, it will use
|
|
DNS if it is configured in the
|
|
.b ServiceSwitchFile
|
|
file.
|
|
Hence an entry like
|
|
.(b
|
|
hosts files dns
|
|
.)b
|
|
will not avoid DNS lookups even if a host can be found
|
|
in /etc/hosts.
|
|
.pp
|
|
Service switches are not completely integrated.
|
|
For example, despite the fact that the host entry listed in the above example
|
|
specifies to look in NIS,
|
|
on SunOS this won't happen because the system implementation of
|
|
.i gethostbyname \|(3)
|
|
doesn't understand this.
|
|
.sh 2 "The Alias Database"
|
|
.pp
|
|
After recipient addresses are read from the SMTP connection
|
|
or command line
|
|
they are parsed by ruleset 0,
|
|
which must resolve to a
|
|
{\c
|
|
.i mailer ,
|
|
.i host ,
|
|
.i address }
|
|
triple.
|
|
If the flags selected by the
|
|
.i mailer
|
|
include the
|
|
.b A
|
|
(aliasable) flag,
|
|
the
|
|
.i address
|
|
part of the triple is looked up as the key
|
|
(i.e., the left hand side)
|
|
in the alias database.
|
|
If there is a match, the address is deleted from the send queue
|
|
and all addresses on the right hand side of the alias
|
|
are added in place of the alias that was found.
|
|
This is a recursive operation,
|
|
so aliases found in the right hand side of the alias
|
|
are similarly expanded.
|
|
.pp
|
|
The alias database exists in two forms.
|
|
One is a text form,
|
|
maintained in the file
|
|
.i /etc/mail/aliases.
|
|
The aliases are of the form
|
|
.(b
|
|
name: name1, name2, ...
|
|
.)b
|
|
Only local names may be aliased;
|
|
e.g.,
|
|
.(b
|
|
eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
|
|
.)b
|
|
will not have the desired effect
|
|
(except on prep.ai.MIT.EDU,
|
|
and they probably don't want me)\**.
|
|
.(f
|
|
\**Actually, any mailer that has the `A' mailer flag set
|
|
will permit aliasing;
|
|
this is normally limited to the local mailer.
|
|
.)f
|
|
Aliases may be continued by starting any continuation lines
|
|
with a space or a tab or by putting a backslash directly before
|
|
the newline.
|
|
Blank lines and lines beginning with a sharp sign
|
|
(\c
|
|
.q # )
|
|
are comments.
|
|
.pp
|
|
The second form is processed by the
|
|
.i ndbm \|(3)\**
|
|
.(f
|
|
\**The
|
|
.i gdbm
|
|
package does not work.
|
|
.)f
|
|
or the Berkeley DB library.
|
|
This form is in the file
|
|
.i /etc/mail/aliases.db
|
|
(if using NEWDB)
|
|
or
|
|
.i /etc/mail/aliases.dir
|
|
and
|
|
.i /etc/mail/aliases.pag
|
|
(if using NDBM).
|
|
This is the form that
|
|
.i sendmail
|
|
actually uses to resolve aliases.
|
|
This technique is used to improve performance.
|
|
.pp
|
|
The control of search order is actually set by the service switch.
|
|
Essentially, the entry
|
|
.(b
|
|
O AliasFile=switch:aliases
|
|
.)b
|
|
is always added as the first alias entry;
|
|
also, the first alias file name without a class
|
|
(e.g., without
|
|
.q nis:
|
|
on the front)
|
|
will be used as the name of the file for a ``files'' entry
|
|
in the aliases switch.
|
|
For example, if the configuration file contains
|
|
.(b
|
|
O AliasFile=/etc/mail/aliases
|
|
.)b
|
|
and the service switch contains
|
|
.(b
|
|
aliases nis files nisplus
|
|
.)b
|
|
then aliases will first be searched in the NIS database,
|
|
then in /etc/mail/aliases,
|
|
then in the NIS+ database.
|
|
.pp
|
|
You can also use
|
|
.sm NIS -based
|
|
alias files.
|
|
For example, the specification:
|
|
.(b
|
|
O AliasFile=/etc/mail/aliases
|
|
O AliasFile=nis:mail.aliases@my.nis.domain
|
|
.)b
|
|
will first search the /etc/mail/aliases file
|
|
and then the map named
|
|
.q mail.aliases
|
|
in
|
|
.q my.nis.domain .
|
|
Warning: if you build your own
|
|
.sm NIS -based
|
|
alias files,
|
|
be sure to provide the
|
|
.b \-l
|
|
flag to
|
|
.i makedbm (8)
|
|
to map upper case letters in the keys to lower case;
|
|
otherwise, aliases with upper case letters in their names
|
|
won't match incoming addresses.
|
|
.pp
|
|
Additional flags can be added after the colon
|
|
exactly like a
|
|
.b K
|
|
line \(em for example:
|
|
.(b
|
|
O AliasFile=nis:\-N mail.aliases@my.nis.domain
|
|
.)b
|
|
will search the appropriate NIS map and always include null bytes in the key.
|
|
Also:
|
|
.(b
|
|
O AliasFile=nis:\-f mail.aliases@my.nis.domain
|
|
.)b
|
|
will prevent sendmail from downcasing the key before the alias lookup.
|
|
.sh 3 "Rebuilding the alias database"
|
|
.pp
|
|
The
|
|
.i hash
|
|
or
|
|
.i dbm
|
|
version of the database
|
|
may be rebuilt explicitly by executing the command
|
|
.(b
|
|
newaliases
|
|
.)b
|
|
This is equivalent to giving
|
|
.i sendmail
|
|
the
|
|
.b \-bi
|
|
flag:
|
|
.(b
|
|
/usr/\*(SD/sendmail \-bi
|
|
.)b
|
|
.pp
|
|
If you have multiple aliases databases specified,
|
|
the
|
|
.b \-bi
|
|
flag rebuilds all the database types it understands
|
|
(for example, it can rebuild NDBM databases but not NIS databases).
|
|
.sh 3 "Potential problems"
|
|
.pp
|
|
There are a number of problems that can occur
|
|
with the alias database.
|
|
They all result from a
|
|
.i sendmail
|
|
process accessing the DBM version
|
|
while it is only partially built.
|
|
This can happen under two circumstances:
|
|
One process accesses the database
|
|
while another process is rebuilding it,
|
|
or the process rebuilding the database dies
|
|
(due to being killed or a system crash)
|
|
before completing the rebuild.
|
|
.pp
|
|
Sendmail has three techniques to try to relieve these problems.
|
|
First, it ignores interrupts while rebuilding the database;
|
|
this avoids the problem of someone aborting the process
|
|
leaving a partially rebuilt database.
|
|
Second,
|
|
it locks the database source file during the rebuild \(em
|
|
but that may not work over NFS or if the file is unwritable.
|
|
Third,
|
|
at the end of the rebuild
|
|
it adds an alias of the form
|
|
.(b
|
|
@: @
|
|
.)b
|
|
(which is not normally legal).
|
|
Before
|
|
.i sendmail
|
|
will access the database,
|
|
it checks to insure that this entry exists\**.
|
|
.(f
|
|
\**The
|
|
.b AliasWait
|
|
option is required in the configuration
|
|
for this action to occur.
|
|
This should normally be specified.
|
|
.)f
|
|
.sh 3 "List owners"
|
|
.pp
|
|
If an error occurs on sending to a certain address,
|
|
say
|
|
.q \fIx\fP ,
|
|
.i sendmail
|
|
will look for an alias
|
|
of the form
|
|
.q owner-\fIx\fP
|
|
to receive the errors.
|
|
This is typically useful
|
|
for a mailing list
|
|
where the submitter of the list
|
|
has no control over the maintenance of the list itself;
|
|
in this case the list maintainer would be the owner of the list.
|
|
For example:
|
|
.(b
|
|
unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
|
|
sam@matisse
|
|
owner-unix-wizards: unix-wizards-request
|
|
unix-wizards-request: eric@ucbarpa
|
|
.)b
|
|
would cause
|
|
.q eric@ucbarpa
|
|
to get the error that will occur
|
|
when someone sends to
|
|
unix-wizards
|
|
due to the inclusion of
|
|
.q nosuchuser
|
|
on the list.
|
|
.pp
|
|
List owners also cause the envelope sender address to be modified.
|
|
The contents of the owner alias are used if they point to a single user,
|
|
otherwise the name of the alias itself is used.
|
|
For this reason, and to obey Internet conventions,
|
|
the
|
|
.q owner-
|
|
address normally points at the
|
|
.q -request
|
|
address; this causes messages to go out with the typical Internet convention
|
|
of using ``\c
|
|
.i list -request''
|
|
as the return address.
|
|
.sh 2 "User Information Database"
|
|
.pp
|
|
This option is deprecated, use virtusertable and genericstable instead
|
|
as explained in
|
|
.i cf/README .
|
|
If you have a version of
|
|
.i sendmail
|
|
with the user information database
|
|
compiled in,
|
|
and you have specified one or more databases using the
|
|
.b U
|
|
option,
|
|
the databases will be searched for a
|
|
.i user :maildrop
|
|
entry.
|
|
If found, the mail will be sent to the specified address.
|
|
.sh 2 "Per-User Forwarding (.forward Files)"
|
|
.pp
|
|
As an alternative to the alias database,
|
|
any user may put a file with the name
|
|
.q .forward
|
|
in his or her home directory.
|
|
If this file exists,
|
|
.i sendmail
|
|
redirects mail for that user
|
|
to the list of addresses listed in the .forward file.
|
|
Note that aliases are fully expanded before forward files are referenced.
|
|
For example, if the home directory for user
|
|
.q mckusick
|
|
has a .forward file with contents:
|
|
.(b
|
|
mckusick@ernie
|
|
kirk@calder
|
|
.)b
|
|
then any mail arriving for
|
|
.q mckusick
|
|
will be redirected to the specified accounts.
|
|
.pp
|
|
Actually, the configuration file defines a sequence of filenames to check.
|
|
By default, this is the user's .forward file,
|
|
but can be defined to be more generally using the
|
|
.b ForwardPath
|
|
option.
|
|
If you change this,
|
|
you will have to inform your user base of the change;
|
|
\&.forward is pretty well incorporated into the collective subconscious.
|
|
.sh 2 "Special Header Lines"
|
|
.pp
|
|
Several header lines have special interpretations
|
|
defined by the configuration file.
|
|
Others have interpretations built into
|
|
.i sendmail
|
|
that cannot be changed without changing the code.
|
|
These built-ins are described here.
|
|
.sh 3 "Errors-To:"
|
|
.pp
|
|
If errors occur anywhere during processing,
|
|
this header will cause error messages to go to
|
|
the listed addresses.
|
|
This is intended for mailing lists.
|
|
.pp
|
|
The Errors-To: header was created in the bad old days
|
|
when UUCP didn't understand the distinction between an envelope and a header;
|
|
this was a hack to provide what should now be passed
|
|
as the envelope sender address.
|
|
It should go away.
|
|
It is only used if the
|
|
.b UseErrorsTo
|
|
option is set.
|
|
.pp
|
|
The Errors-To: header is officially deprecated
|
|
and will go away in a future release.
|
|
.sh 3 "Apparently-To:"
|
|
.pp
|
|
RFC 822 requires at least one recipient field
|
|
(To:, Cc:, or Bcc: line)
|
|
in every message.
|
|
If a message comes in with no recipients listed in the message
|
|
then
|
|
.i sendmail
|
|
will adjust the header based on the
|
|
.q NoRecipientAction
|
|
option.
|
|
One of the possible actions is to add an
|
|
.q "Apparently-To:"
|
|
header line for any recipients it is aware of.
|
|
.pp
|
|
The Apparently-To: header is non-standard
|
|
and is both deprecated and strongly discouraged.
|
|
.sh 3 "Precedence"
|
|
.pp
|
|
The Precedence: header can be used as a crude control of message priority.
|
|
It tweaks the sort order in the queue
|
|
and can be configured to change the message timeout values.
|
|
The precedence of a message also controls how
|
|
delivery status notifications (DSNs)
|
|
are processed for that message.
|
|
.sh 2 "IDENT Protocol Support"
|
|
.pp
|
|
.i Sendmail
|
|
supports the IDENT protocol as defined in RFC 1413.
|
|
Note that the RFC states
|
|
a client should wait at least 30 seconds for a response.
|
|
The default Timeout.ident is 5 seconds
|
|
as many sites have adopted the practice of dropping IDENT queries.
|
|
This has lead to delays processing mail.
|
|
Although this enhances identification
|
|
of the author of an email message
|
|
by doing a ``call back'' to the originating system to include
|
|
the owner of a particular TCP connection
|
|
in the audit trail
|
|
it is in no sense perfect;
|
|
a determined forger can easily spoof the IDENT protocol.
|
|
The following description is excerpted from RFC 1413:
|
|
.ba +5
|
|
.lp
|
|
6. Security Considerations
|
|
.lp
|
|
The information returned by this protocol is at most as trustworthy
|
|
as the host providing it OR the organization operating the host. For
|
|
example, a PC in an open lab has few if any controls on it to prevent
|
|
a user from having this protocol return any identifier the user
|
|
wants. Likewise, if the host has been compromised the information
|
|
returned may be completely erroneous and misleading.
|
|
.lp
|
|
The Identification Protocol is not intended as an authorization or
|
|
access control protocol. At best, it provides some additional
|
|
auditing information with respect to TCP connections. At worst, it
|
|
can provide misleading, incorrect, or maliciously incorrect
|
|
information.
|
|
.lp
|
|
The use of the information returned by this protocol for other than
|
|
auditing is strongly discouraged. Specifically, using Identification
|
|
Protocol information to make access control decisions - either as the
|
|
primary method (i.e., no other checks) or as an adjunct to other
|
|
methods may result in a weakening of normal host security.
|
|
.lp
|
|
An Identification server may reveal information about users,
|
|
entities, objects or processes which might normally be considered
|
|
private. An Identification server provides service which is a rough
|
|
analog of the CallerID services provided by some phone companies and
|
|
many of the same privacy considerations and arguments that apply to
|
|
the CallerID service apply to Identification. If you wouldn't run a
|
|
"finger" server due to privacy considerations you may not want to run
|
|
this protocol.
|
|
.ba
|
|
.lp
|
|
In some cases your system may not work properly with IDENT support
|
|
due to a bug in the TCP/IP implementation.
|
|
The symptoms will be that for some hosts
|
|
the SMTP connection will be closed
|
|
almost immediately.
|
|
If this is true or if you do not want to use IDENT,
|
|
you should set the IDENT timeout to zero;
|
|
this will disable the IDENT protocol.
|
|
.sh 1 "ARGUMENTS"
|
|
.pp
|
|
The complete list of arguments to
|
|
.i sendmail
|
|
is described in detail in Appendix A.
|
|
Some important arguments are described here.
|
|
.sh 2 "Queue Interval"
|
|
.pp
|
|
The amount of time between forking a process
|
|
to run through the queue is defined by the
|
|
.b \-q
|
|
flag.
|
|
If you run with delivery mode set to
|
|
.b i
|
|
or
|
|
.b b
|
|
this can be relatively large, since it will only be relevant
|
|
when a host that was down comes back up.
|
|
If you run in
|
|
.b q
|
|
mode it should be relatively short,
|
|
since it defines the maximum amount of time that a message
|
|
may sit in the queue.
|
|
(See also the MinQueueAge option.)
|
|
.pp
|
|
RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
|
|
(although that probably doesn't make sense if you use ``queue-only'' mode).
|
|
.pp
|
|
Notice: the meaning of the interval time depends on whether normal
|
|
queue runners or persistent queue runners are used.
|
|
For the former, it is the time between subsequent starts of a queue run.
|
|
For the latter, it is the time sendmail waits after a persistent queue
|
|
runner has finished its work to start the next one.
|
|
Hence for persistent queue runners this interval should be very low,
|
|
typically no more than two minutes.
|
|
.sh 2 "Daemon Mode"
|
|
.pp
|
|
If you allow incoming mail over an IPC connection,
|
|
you should have a daemon running.
|
|
This should be set by your
|
|
.i /etc/rc
|
|
file using the
|
|
.b \-bd
|
|
flag.
|
|
The
|
|
.b \-bd
|
|
flag and the
|
|
.b \-q
|
|
flag may be combined in one call:
|
|
.(b
|
|
/usr/\*(SD/sendmail \-bd \-q30m
|
|
.)b
|
|
.pp
|
|
An alternative approach is to invoke sendmail from
|
|
.i inetd (8)
|
|
(use the
|
|
.b \-bs \ \-Am
|
|
flags to ask sendmail to speak SMTP on its standard input and output
|
|
and to run as MTA).
|
|
This works and allows you to wrap
|
|
.i sendmail
|
|
in a TCP wrapper program,
|
|
but may be a bit slower since the configuration file
|
|
has to be re-read on every message that comes in.
|
|
If you do this, you still need to have a
|
|
.i sendmail
|
|
running to flush the queue:
|
|
.(b
|
|
/usr/\*(SD/sendmail \-q30m
|
|
.)b
|
|
.sh 2 "Forcing the Queue"
|
|
.pp
|
|
In some cases you may find that the queue has gotten clogged for some reason.
|
|
You can force a queue run
|
|
using the
|
|
.b \-q
|
|
flag (with no value).
|
|
It is entertaining to use the
|
|
.b \-v
|
|
flag (verbose)
|
|
when this is done to watch what happens:
|
|
.(b
|
|
/usr/\*(SD/sendmail \-q \-v
|
|
.)b
|
|
.pp
|
|
You can also limit the jobs to those with a particular queue identifier,
|
|
recipient, sender, quarantine reason, or queue group
|
|
using one of the queue modifiers.
|
|
For example,
|
|
.q \-qRberkeley
|
|
restricts the queue run to jobs that have the string
|
|
.q berkeley
|
|
somewhere in one of the recipient addresses.
|
|
Similarly,
|
|
.q \-qSstring
|
|
limits the run to particular senders,
|
|
.q \-qIstring
|
|
limits it to particular queue identifiers, and
|
|
.q \-qQstring
|
|
limits it to particular quarantined reasons and only operated on
|
|
quarantined queue items, and
|
|
.q \-qGstring
|
|
limits it to a particular queue group.
|
|
The named queue group will be run even if it is set to have 0 runners.
|
|
You may also place an
|
|
.b !
|
|
before the
|
|
.b I
|
|
or
|
|
.b R
|
|
or
|
|
.b S
|
|
or
|
|
.b Q
|
|
to indicate that jobs are limited to not including a particular queue
|
|
identifier, recipient or sender.
|
|
For example,
|
|
.q \-q!Rseattle
|
|
limits the queue run to jobs that do not have the string
|
|
.q seattle
|
|
somewhere in one of the recipient addresses.
|
|
Should you need to terminate the queue jobs currently active then a SIGTERM
|
|
to the parent of the process (or processes) will cleanly stop the jobs.
|
|
.sh 2 "Debugging"
|
|
.pp
|
|
There are a fairly large number of debug flags
|
|
built into
|
|
.i sendmail .
|
|
Each debug flag has a category and a level.
|
|
Higher levels increase the level of debugging activity;
|
|
in most cases, this means to print out more information.
|
|
The convention is that levels greater than nine are
|
|
.q absurd,
|
|
i.e.,
|
|
they print out so much information that you wouldn't normally
|
|
want to see them except for debugging that particular piece of code.
|
|
.pp
|
|
You should
|
|
.b never
|
|
run a production sendmail server in debug mode.
|
|
Many of the debug flags will result in debug output being sent over the
|
|
SMTP channel unless the option
|
|
.b \-D
|
|
is used.
|
|
This will confuse many mail programs.
|
|
However, for testing purposes, it can be useful
|
|
when sending mail manually via
|
|
telnet to the port you are using while debugging.
|
|
.pp
|
|
A debug category is either an integer, like 42,
|
|
or a name, like ANSI.
|
|
You can specify a range of numeric debug categories
|
|
using the syntax 17-42.
|
|
You can specify a set of named debug categories using
|
|
a glob pattern like
|
|
.q sm_trace_* .
|
|
At present, only
|
|
.q *
|
|
and
|
|
.q ?
|
|
are supported in these glob patterns.
|
|
.pp
|
|
Debug flags are set using the
|
|
.b \-d
|
|
option;
|
|
the syntax is:
|
|
.(b
|
|
.ta \w'debug-categories:M 'u
|
|
debug-flag: \fB\-d\fP debug-list
|
|
debug-list: debug-option [ , debug-option ]*
|
|
debug-option: debug-categories [ . debug-level ]
|
|
debug-categories: integer | integer \- integer | category-pattern
|
|
category-pattern: [a-zA-Z_*?][a-zA-Z0-9_*?]*
|
|
debug-level: integer
|
|
.)b
|
|
where spaces are for reading ease only.
|
|
For example,
|
|
.(b
|
|
\-d12 Set category 12 to level 1
|
|
\-d12.3 Set category 12 to level 3
|
|
\-d3\-17 Set categories 3 through 17 to level 1
|
|
\-d3\-17.4 Set categories 3 through 17 to level 4
|
|
\-dANSI Set category ANSI to level 1
|
|
\-dsm_trace_*.3 Set all named categories matching sm_trace_* to level 3
|
|
.)b
|
|
For a complete list of the available debug flags
|
|
you will have to look at the code
|
|
and the
|
|
.i TRACEFLAGS
|
|
file in the sendmail distribution
|
|
(they are too dynamic to keep this document up to date).
|
|
For a list of named debug categories in the sendmail binary, use
|
|
.(b
|
|
ident /usr/sbin/sendmail | grep Debug
|
|
.)b
|
|
.sh 2 "Changing the Values of Options"
|
|
.pp
|
|
Options can be overridden using the
|
|
.b \-o
|
|
or
|
|
.b \-O
|
|
command line flags.
|
|
For example,
|
|
.(b
|
|
/usr/\*(SD/sendmail \-oT2m
|
|
.)b
|
|
sets the
|
|
.b T
|
|
(timeout) option to two minutes
|
|
for this run only;
|
|
the equivalent line using the long option name is
|
|
.(b
|
|
/usr/\*(SD/sendmail -OTimeout.queuereturn=2m
|
|
.)b
|
|
.pp
|
|
Some options have security implications.
|
|
Sendmail allows you to set these,
|
|
but relinquishes its set-user-ID or set-group-ID permissions thereafter\**.
|
|
.(f
|
|
\**That is, it sets its effective uid to the real uid;
|
|
thus, if you are executing as root,
|
|
as from root's crontab file or during system startup
|
|
the root permissions will still be honored.
|
|
.)f
|
|
.sh 2 "Trying a Different Configuration File"
|
|
.pp
|
|
An alternative configuration file
|
|
can be specified using the
|
|
.b \-C
|
|
flag; for example,
|
|
.(b
|
|
/usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
|
|
.)b
|
|
uses the configuration file
|
|
.i test.cf
|
|
instead of the default
|
|
.i /etc/mail/sendmail.cf.
|
|
If the
|
|
.b \-C
|
|
flag has no value
|
|
it defaults to
|
|
.i sendmail.cf
|
|
in the current directory.
|
|
.pp
|
|
.i Sendmail
|
|
gives up set-user-ID root permissions
|
|
(if it has been installed set-user-ID root)
|
|
when you use this flag, so it is common to use a publicly writable directory
|
|
(such as /tmp)
|
|
as the queue directory (QueueDirectory or Q option) while testing.
|
|
.sh 2 "Logging Traffic"
|
|
.pp
|
|
Many SMTP implementations do not fully implement the protocol.
|
|
For example, some personal computer based SMTPs
|
|
do not understand continuation lines in reply codes.
|
|
These can be very hard to trace.
|
|
If you suspect such a problem, you can set traffic logging using the
|
|
.b \-X
|
|
flag.
|
|
For example,
|
|
.(b
|
|
/usr/\*(SD/sendmail \-X /tmp/traffic \-bd
|
|
.)b
|
|
will log all traffic in the file
|
|
.i /tmp/traffic .
|
|
.pp
|
|
This logs a lot of data very quickly and should
|
|
.b NEVER
|
|
be used
|
|
during normal operations.
|
|
After starting up such a daemon,
|
|
force the errant implementation to send a message to your host.
|
|
All message traffic in and out of
|
|
.i sendmail ,
|
|
including the incoming SMTP traffic,
|
|
will be logged in this file.
|
|
.sh 2 "Testing Configuration Files"
|
|
.pp
|
|
When you build a configuration table,
|
|
you can do a certain amount of testing
|
|
using the
|
|
.q "test mode"
|
|
of
|
|
.i sendmail .
|
|
For example,
|
|
you could invoke
|
|
.i sendmail
|
|
as:
|
|
.(b
|
|
sendmail \-bt \-Ctest.cf
|
|
.)b
|
|
which would read the configuration file
|
|
.q test.cf
|
|
and enter test mode.
|
|
In this mode,
|
|
you enter lines of the form:
|
|
.(b
|
|
rwset address
|
|
.)b
|
|
where
|
|
.i rwset
|
|
is the rewriting set you want to use
|
|
and
|
|
.i address
|
|
is an address to apply the set to.
|
|
Test mode shows you the steps it takes
|
|
as it proceeds,
|
|
finally showing you the address it ends up with.
|
|
You may use a comma separated list of rwsets
|
|
for sequential application of rules to an input.
|
|
For example:
|
|
.(b
|
|
3,1,21,4 monet:bollard
|
|
.)b
|
|
first applies ruleset three to the input
|
|
.q monet:bollard.
|
|
Ruleset one is then applied to the output of ruleset three,
|
|
followed similarly by rulesets twenty-one and four.
|
|
.pp
|
|
If you need more detail,
|
|
you can also use the
|
|
.q \-d21
|
|
flag to turn on more debugging.
|
|
For example,
|
|
.(b
|
|
sendmail \-bt \-d21.99
|
|
.)b
|
|
turns on an incredible amount of information;
|
|
a single word address
|
|
is probably going to print out several pages worth of information.
|
|
.pp
|
|
You should be warned that internally,
|
|
.i sendmail
|
|
applies ruleset 3 to all addresses.
|
|
In test mode
|
|
you will have to do that manually.
|
|
For example, older versions allowed you to use
|
|
.(b
|
|
0 bruce@broadcast.sony.com
|
|
.)b
|
|
This version requires that you use:
|
|
.(b
|
|
3,0 bruce@broadcast.sony.com
|
|
.)b
|
|
.pp
|
|
As of version 8.7,
|
|
some other syntaxes are available in test mode:
|
|
.nr ii 1i
|
|
.ip \&.D\|x\|value
|
|
defines macro
|
|
.i x
|
|
to have the indicated
|
|
.i value .
|
|
This is useful when debugging rules that use the
|
|
.b $& \c
|
|
.i x
|
|
syntax.
|
|
.ip \&.C\|c\|value
|
|
adds the indicated
|
|
.i value
|
|
to class
|
|
.i c .
|
|
.ip \&=S\|ruleset
|
|
dumps the contents of the indicated ruleset.
|
|
.ip \-d\|debug-spec
|
|
is equivalent to the command-line flag.
|
|
.lp
|
|
Version 8.9 introduced more features:
|
|
.nr ii 1i
|
|
.ip ?
|
|
shows a help message.
|
|
.ip =M
|
|
display the known mailers.
|
|
.ip $m
|
|
print the value of macro m.
|
|
.ip $=c
|
|
print the contents of class c.
|
|
.ip /mx\ host
|
|
returns the MX records for `host'.
|
|
.ip /parse\ address
|
|
parse address, returning the value of
|
|
.i crackaddr ,
|
|
and the parsed address.
|
|
.ip /try\ mailer\ addr
|
|
rewrite address into the form it will have when
|
|
presented to the indicated mailer.
|
|
.ip /tryflags\ flags
|
|
set flags used by parsing. The flags can be `H' for
|
|
Header or `E' for Envelope, and `S' for Sender or `R'
|
|
for Recipient. These can be combined, `HR' sets
|
|
flags for header recipients.
|
|
.ip /canon\ hostname
|
|
try to canonify hostname.
|
|
.ip /map\ mapname\ key
|
|
look up `key' in the indicated `mapname'.
|
|
.ip /quit
|
|
quit address test mode.
|
|
.lp
|
|
.sh 2 "Persistent Host Status Information"
|
|
.pp
|
|
When
|
|
.b HostStatusDirectory
|
|
is enabled,
|
|
information about the status of hosts is maintained on disk
|
|
and can thus be shared between different instantiations of
|
|
.i sendmail .
|
|
The status of the last connection with each remote host
|
|
may be viewed with the command:
|
|
.(b
|
|
sendmail \-bh
|
|
.)b
|
|
This information may be flushed with the command:
|
|
.(b
|
|
sendmail \-bH
|
|
.)b
|
|
Flushing the information prevents new
|
|
.i sendmail
|
|
processes from loading it,
|
|
but does not prevent existing processes from using the status information
|
|
that they already have.
|
|
.sh 1 "TUNING"
|
|
.pp
|
|
There are a number of configuration parameters
|
|
you may want to change,
|
|
depending on the requirements of your site.
|
|
Most of these are set
|
|
using an option in the configuration file.
|
|
For example,
|
|
the line
|
|
.q "O Timeout.queuereturn=5d"
|
|
sets option
|
|
.q Timeout.queuereturn
|
|
to the value
|
|
.q 5d
|
|
(five days).
|
|
.pp
|
|
Most of these options have appropriate defaults for most sites.
|
|
However,
|
|
sites having very high mail loads may find they need to tune them
|
|
as appropriate for their mail load.
|
|
In particular,
|
|
sites experiencing a large number of small messages,
|
|
many of which are delivered to many recipients,
|
|
may find that they need to adjust the parameters
|
|
dealing with queue priorities.
|
|
.pp
|
|
All versions of
|
|
.i sendmail
|
|
prior to 8.7
|
|
had single character option names.
|
|
As of 8.7,
|
|
options have long (multi-character names).
|
|
Although old short names are still accepted,
|
|
most new options do not have short equivalents.
|
|
.pp
|
|
This section only describes the options you are most likely
|
|
to want to tweak;
|
|
read section
|
|
.\"XREF
|
|
5
|
|
for more details.
|
|
.sh 2 "Timeouts"
|
|
.pp
|
|
All time intervals are set
|
|
using a scaled syntax.
|
|
For example,
|
|
.q 10m
|
|
represents ten minutes, whereas
|
|
.q 2h30m
|
|
represents two and a half hours.
|
|
The full set of scales is:
|
|
.(b
|
|
.ta 4n
|
|
s seconds
|
|
m minutes
|
|
h hours
|
|
d days
|
|
w weeks
|
|
.)b
|
|
.sh 3 "Queue interval"
|
|
.pp
|
|
The argument to the
|
|
.b \-q
|
|
flag specifies how often a sub-daemon will run the queue.
|
|
This is typically set to between fifteen minutes and one hour.
|
|
If not set, or set to zero,
|
|
the queue will not be run automatically.
|
|
RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
|
|
Should you need to terminate the queue jobs currently active then a SIGTERM
|
|
to the parent of the process (or processes) will cleanly stop the jobs.
|
|
.sh 3 "Read timeouts"
|
|
.pp
|
|
Timeouts all have option names
|
|
.q Timeout.\fIsuboption\fP .
|
|
Most of these control SMTP operations.
|
|
The recognized
|
|
.i suboption s,
|
|
their default values, and the minimum values
|
|
allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are:
|
|
.nr ii 1i
|
|
.ip connect
|
|
The time to wait for an SMTP connection to open
|
|
(the
|
|
.i connect (2)
|
|
system call)
|
|
[0, unspecified].
|
|
If zero, uses the kernel default.
|
|
In no case can this option extend the timeout
|
|
longer than the kernel provides, but it can shorten it.
|
|
This is to get around kernels that provide an absurdly long connection timeout
|
|
(90 minutes in one case).
|
|
.ip iconnect
|
|
The same as
|
|
.i connect,
|
|
except it applies only to the initial attempt to connect to a host
|
|
for a given message
|
|
[0, unspecified].
|
|
The concept is that this should be very short (a few seconds);
|
|
hosts that are well connected and responsive will thus be serviced immediately.
|
|
Hosts that are slow will not hold up other deliveries in the initial
|
|
delivery attempt.
|
|
.ip aconnect
|
|
[0, unspecified]
|
|
The overall timeout waiting for all connection for a single delivery
|
|
attempt to succeed.
|
|
If 0, no overall limit is applied.
|
|
This can be used to restrict the total amount of time trying to connect to
|
|
a long list of host that could accept an e-mail for the recipient.
|
|
This timeout does not apply to
|
|
.b FallbackMXhost ,
|
|
i.e., if the time is exhausted, the
|
|
.b FallbackMXhost
|
|
is tried next.
|
|
.ip initial
|
|
The wait for the initial 220 greeting message
|
|
[5m, 5m].
|
|
.ip helo
|
|
The wait for a reply from a HELO or EHLO command
|
|
[5m, unspecified].
|
|
This may require a host name lookup, so
|
|
five minutes is probably a reasonable minimum.
|
|
.ip mail\(dg
|
|
The wait for a reply from a MAIL command
|
|
[10m, 5m].
|
|
.ip rcpt\(dg
|
|
The wait for a reply from a RCPT command
|
|
[1h, 5m].
|
|
This should be long
|
|
because it could be pointing at a list
|
|
that takes a long time to expand
|
|
(see below).
|
|
.ip datainit\(dg
|
|
The wait for a reply from a DATA command
|
|
[5m, 2m].
|
|
.ip datablock\(dg\(dd
|
|
The wait for reading a data block
|
|
(that is, the body of the message).
|
|
[1h, 3m].
|
|
This should be long because it also applies to programs
|
|
piping input to
|
|
.i sendmail
|
|
which have no guarantee of promptness.
|
|
.ip datafinal\(dg
|
|
The wait for a reply from the dot terminating a message.
|
|
[1h, 10m].
|
|
If this is shorter than the time actually needed
|
|
for the receiver to deliver the message,
|
|
duplicates will be generated.
|
|
This is discussed in RFC 1047.
|
|
.ip rset
|
|
The wait for a reply from a RSET command
|
|
[5m, unspecified].
|
|
.ip quit
|
|
The wait for a reply from a QUIT command
|
|
[2m, unspecified].
|
|
.ip misc
|
|
The wait for a reply from miscellaneous (but short) commands
|
|
such as NOOP (no-operation) and VERB (go into verbose mode).
|
|
[2m, unspecified].
|
|
.ip command\(dg\(dd
|
|
In server SMTP,
|
|
the time to wait for another command.
|
|
[1h, 5m].
|
|
.ip ident\(dd
|
|
The timeout waiting for a reply to an IDENT query
|
|
[5s\**, unspecified].
|
|
.(f
|
|
\**On some systems the default is zero to turn the protocol off entirely.
|
|
.)f
|
|
.ip lhlo
|
|
The wait for a reply to an LMTP LHLO command
|
|
[2m, unspecified].
|
|
.ip auth
|
|
The timeout for a reply in an SMTP AUTH dialogue
|
|
[10m, unspecified].
|
|
.ip starttls
|
|
The timeout for a reply to an SMTP STARTTLS command and the TLS handshake
|
|
[1h, unspecified].
|
|
.ip fileopen\(dd
|
|
The timeout for opening .forward and :include: files [60s, none].
|
|
.ip control\(dd
|
|
The timeout for a complete control socket transaction to complete [2m, none].
|
|
.ip hoststatus\(dd
|
|
How long status information about a host
|
|
(e.g., host down)
|
|
will be cached before it is considered stale
|
|
[30m, unspecified].
|
|
.ip resolver.retrans\(dd
|
|
The resolver's
|
|
retransmission time interval
|
|
(in seconds)
|
|
[varies].
|
|
Sets both
|
|
.i Timeout.resolver.retrans.first
|
|
and
|
|
.i Timeout.resolver.retrans.normal .
|
|
.ip resolver.retrans.first\(dd
|
|
The resolver's
|
|
retransmission time interval
|
|
(in seconds)
|
|
for the first attempt to
|
|
deliver a message
|
|
[varies].
|
|
.ip resolver.retrans.normal\(dd
|
|
The resolver's
|
|
retransmission time interval
|
|
(in seconds)
|
|
for all resolver lookups
|
|
except the first delivery attempt
|
|
[varies].
|
|
.ip resolver.retry\(dd
|
|
The number of times
|
|
to retransmit a resolver query.
|
|
Sets both
|
|
.i Timeout.resolver.retry.first
|
|
and
|
|
.i Timeout.resolver.retry.normal
|
|
[varies].
|
|
.ip resolver.retry.first\(dd
|
|
The number of times
|
|
to retransmit a resolver query
|
|
for the first attempt
|
|
to deliver a message
|
|
[varies].
|
|
.ip resolver.retry.normal\(dd
|
|
The number of times
|
|
to retransmit a resolver query
|
|
for all resolver lookups
|
|
except the first delivery attempt
|
|
[varies].
|
|
.lp
|
|
For compatibility with old configuration files,
|
|
if no
|
|
.i suboption
|
|
is specified,
|
|
all the timeouts marked with
|
|
.DG
|
|
(\(dg) are set to the indicated value.
|
|
All but those marked with
|
|
.DD
|
|
(\(dd) apply to client SMTP.
|
|
.pp
|
|
For example, the lines:
|
|
.(b
|
|
O Timeout.command=25m
|
|
O Timeout.datablock=3h
|
|
.)b
|
|
sets the server SMTP command timeout to 25 minutes
|
|
and the input data block timeout to three hours.
|
|
.sh 3 "Message timeouts"
|
|
.pp
|
|
After sitting in the queue for a few days,
|
|
an undeliverable message will time out.
|
|
This is to insure that at least the sender is aware
|
|
of the inability to send a message.
|
|
The timeout is typically set to five days.
|
|
It is sometimes considered convenient to also send a warning message
|
|
if the message is in the queue longer than a few hours
|
|
(assuming you normally have good connectivity;
|
|
if your messages normally took several hours to send
|
|
you wouldn't want to do this because it wouldn't be an unusual event).
|
|
These timeouts are set using the
|
|
.b Timeout.queuereturn
|
|
and
|
|
.b Timeout.queuewarn
|
|
options in the configuration file
|
|
(previously both were set using the
|
|
.b T
|
|
option).
|
|
.pp
|
|
If the message is submitted using the
|
|
.sm NOTIFY
|
|
.sm SMTP
|
|
extension,
|
|
warning messages will only be sent if
|
|
.sm NOTIFY=DELAY
|
|
is specified.
|
|
The queuereturn and queuewarn timeouts
|
|
can be further qualified with a tag based on the Precedence: field
|
|
in the message;
|
|
they must be one of
|
|
.q urgent
|
|
(indicating a positive non-zero precedence),
|
|
.q normal
|
|
(indicating a zero precedence), or
|
|
.q non-urgent
|
|
(indicating negative precedences).
|
|
For example, setting
|
|
.q Timeout.queuewarn.urgent=1h
|
|
sets the warning timeout for urgent messages only
|
|
to one hour.
|
|
The default if no precedence is indicated
|
|
is to set the timeout for all precedences.
|
|
If the message has a normal (default) precedence
|
|
and it is a delivery status notification (DSN),
|
|
.b Timeout.queuereturn.dsn
|
|
and
|
|
.b Timeout.queuewarn.dsn
|
|
can be used to give an alternative warn and return time
|
|
for DSNs.
|
|
The value "now" can be used for
|
|
-O Timeout.queuereturn
|
|
to return entries immediately during a queue run,
|
|
e.g., to bounce messages independent of their time in the queue.
|
|
.pp
|
|
Since these options are global,
|
|
and since you cannot know
|
|
.i "a priori"
|
|
how long another host outside your domain will be down,
|
|
a five day timeout is recommended.
|
|
This allows a recipient to fix the problem even if it occurs
|
|
at the beginning of a long weekend.
|
|
RFC 1123 section 5.3.1.1 says that this parameter
|
|
should be ``at least 4\-5 days''.
|
|
.pp
|
|
The
|
|
.b Timeout.queuewarn
|
|
value can be piggybacked on the
|
|
.b T
|
|
option by indicating a time after which
|
|
a warning message should be sent;
|
|
the two timeouts are separated by a slash.
|
|
For example, the line
|
|
.(b
|
|
OT5d/4h
|
|
.)b
|
|
causes email to fail after five days,
|
|
but a warning message will be sent after four hours.
|
|
This should be large enough that the message will have been tried
|
|
several times.
|
|
.sh 2 "Forking During Queue Runs"
|
|
.pp
|
|
By setting the
|
|
.b ForkEachJob
|
|
(\c
|
|
.b Y )
|
|
option,
|
|
.i sendmail
|
|
will fork before each individual message
|
|
while running the queue.
|
|
This option was used with earlier releases to prevent
|
|
.i sendmail
|
|
from consuming large amounts of memory.
|
|
It should no longer be necessary with
|
|
.i sendmail
|
|
8.12.
|
|
If the
|
|
.b ForkEachJob
|
|
option is not set,
|
|
.i sendmail
|
|
will keep track of hosts that are down during a queue run,
|
|
which can improve performance dramatically.
|
|
.pp
|
|
If the
|
|
.b ForkEachJob
|
|
option is set,
|
|
.i sendmail
|
|
cannot use connection caching.
|
|
.sh 2 "Queue Priorities"
|
|
.pp
|
|
Every message is assigned a priority when it is first instantiated,
|
|
consisting of the message size (in bytes)
|
|
offset by the message class
|
|
(which is determined from the Precedence: header)
|
|
times the
|
|
.q "work class factor"
|
|
and the number of recipients times the
|
|
.q "work recipient factor."
|
|
The priority is used to order the queue.
|
|
Higher numbers for the priority mean that the message will be processed later
|
|
when running the queue.
|
|
.pp
|
|
The message size is included so that large messages are penalized
|
|
relative to small messages.
|
|
The message class allows users to send
|
|
.q "high priority"
|
|
messages by including a
|
|
.q Precedence:
|
|
field in their message;
|
|
the value of this field is looked up in the
|
|
.b P
|
|
lines of the configuration file.
|
|
Since the number of recipients affects the amount of load a message presents
|
|
to the system,
|
|
this is also included into the priority.
|
|
.pp
|
|
The recipient and class factors
|
|
can be set in the configuration file using the
|
|
.b RecipientFactor
|
|
(\c
|
|
.b y )
|
|
and
|
|
.b ClassFactor
|
|
(\c
|
|
.b z )
|
|
options respectively.
|
|
They default to 30000 (for the recipient factor)
|
|
and 1800
|
|
(for the class factor).
|
|
The initial priority is:
|
|
.EQ
|
|
pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
|
|
.EN
|
|
(Remember, higher values for this parameter actually mean
|
|
that the job will be treated with lower priority.)
|
|
.pp
|
|
The priority of a job can also be adjusted each time it is processed
|
|
(that is, each time an attempt is made to deliver it)
|
|
using the
|
|
.q "work time factor,"
|
|
set by the
|
|
.b RetryFactor
|
|
(\c
|
|
.b Z )
|
|
option.
|
|
This is added to the priority,
|
|
so it normally decreases the precedence of the job,
|
|
on the grounds that jobs that have failed many times
|
|
will tend to fail again in the future.
|
|
The
|
|
.b RetryFactor
|
|
option defaults to 90000.
|
|
.sh 2 "Load Limiting"
|
|
.pp
|
|
.i Sendmail
|
|
can be asked to queue (but not deliver) mail
|
|
if the system load average gets too high using the
|
|
.b QueueLA
|
|
(\c
|
|
.b x )
|
|
option.
|
|
When the load average exceeds the value of the
|
|
.b QueueLA
|
|
option, the delivery mode is set to
|
|
.b q
|
|
(queue only) if the
|
|
.b QueueFactor
|
|
(\c
|
|
.b q )
|
|
option divided by the difference in the current load average and the
|
|
.b QueueLA
|
|
option plus one
|
|
is less than the priority of the message \(em
|
|
that is, the message is queued iff:
|
|
.EQ
|
|
pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
|
|
.EN
|
|
The
|
|
.b QueueFactor
|
|
option defaults to 600000,
|
|
so each point of load average is worth 600000 priority points
|
|
(as described above).
|
|
.pp
|
|
For drastic cases, the
|
|
.b RefuseLA
|
|
(\c
|
|
.b X )
|
|
option defines a load average at which
|
|
.i sendmail
|
|
will refuse to accept network connections.
|
|
Locally generated mail, i.e., mail which is not submitted via SMTP
|
|
(including incoming UUCP mail),
|
|
is still accepted.
|
|
Notice that the MSP submits mail to the MTA via SMTP, and hence
|
|
mail will be queued in the client queue in such a case.
|
|
Therefore it is necessary to run the client mail queue periodically.
|
|
.sh 2 "Resource Limits"
|
|
.pp
|
|
.i Sendmail
|
|
has several parameters to control resource usage.
|
|
Besides those mentionted in the previous section, there are at least
|
|
.b MaxDaemonChildren ,
|
|
.b ConnectionRateThrottle ,
|
|
.b MaxQueueChildren ,
|
|
and
|
|
.b MaxRunnersPerQueue .
|
|
The latter two limit the number of
|
|
.i sendmail
|
|
processes that operate on the queue.
|
|
These are discussed in the section
|
|
``Queue Group Declaration''.
|
|
The former two can be used to limit the number of incoming connections.
|
|
Their appropriate values depend on the host operating system and
|
|
the hardware, e.g., amount of memory.
|
|
In many situations it might be useful to set limits to prevent
|
|
to have too many
|
|
.i sendmail
|
|
processes, however, these limits can be abused to mount a
|
|
denial of service attack.
|
|
For example, if
|
|
.b MaxDaemonChildren=10
|
|
then an attacker needs to open only 10 SMTP sessions to the server,
|
|
leave them idle for most of the time,
|
|
and no more connections will be accepted.
|
|
If this option is set then the timeouts used in a SMTP session
|
|
should be lowered from their default values to
|
|
their minimum values as specified in RFC 2821 and listed in
|
|
section
|
|
.\"XREF
|
|
4.1.2.
|
|
.sh 2 "Measures against Denial of Service Attacks"
|
|
.pp
|
|
.i Sendmail
|
|
has some built-in measures against simple denial of service (DoS) attacks.
|
|
The SMTP server by default slows down if too many bad commands are
|
|
issued or if some commands are repeated too often within a session.
|
|
Details can be found in the source file
|
|
.b sendmail/srvrsmtp.c
|
|
by looking for the macro definitions of
|
|
.b MAXBADCOMMANDS ,
|
|
.b MAXNOOPCOMMANDS ,
|
|
.b MAXHELOCOMMANDS ,
|
|
.b MAXVRFYCOMMANDS ,
|
|
and
|
|
.b MAXETRNCOMMANDS .
|
|
If an SMTP command is issued more often than the corresponding
|
|
.b MAXcmdCOMMANDS
|
|
value, then the response is delayed exponentially,
|
|
starting with a sleep time of one second,
|
|
up to a maximum of four minutes (as defined by
|
|
.b MAXTIMEOUT ).
|
|
If the option
|
|
.b MaxDaemonChildren
|
|
is set to a value greater than zero,
|
|
then this could make a DoS attack even worse since it
|
|
keeps a connection open longer than necessary.
|
|
Therefore a connection is terminated with a 421 SMTP reply code
|
|
if the number of commands exceeds the limit by a factor of two and
|
|
.b MAXBADCOMMANDS
|
|
is set to a value greater than zero (the default is 25).
|
|
.sh 2 "Delivery Mode"
|
|
.pp
|
|
There are a number of delivery modes that
|
|
.i sendmail
|
|
can operate in,
|
|
set by the
|
|
.b DeliveryMode
|
|
(\c
|
|
.b d )
|
|
configuration option.
|
|
These modes
|
|
specify how quickly mail will be delivered.
|
|
Legal modes are:
|
|
.(b
|
|
.ta 4n
|
|
i deliver interactively (synchronously)
|
|
b deliver in background (asynchronously)
|
|
q queue only (don't deliver)
|
|
d defer delivery attempts (don't deliver)
|
|
.)b
|
|
There are tradeoffs.
|
|
Mode
|
|
.q i
|
|
gives the sender the quickest feedback,
|
|
but may slow down some mailers and
|
|
is hardly ever necessary.
|
|
Mode
|
|
.q b
|
|
delivers promptly but
|
|
can cause large numbers of processes
|
|
if you have a mailer that takes a long time to deliver a message.
|
|
Mode
|
|
.q q
|
|
minimizes the load on your machine,
|
|
but means that delivery may be delayed for up to the queue interval.
|
|
Mode
|
|
.q d
|
|
is identical to mode
|
|
.q q
|
|
except that it also prevents lookups in maps including the
|
|
.b -D
|
|
flag from working during the initial queue phase;
|
|
it is intended for ``dial on demand'' sites where DNS lookups
|
|
might cost real money.
|
|
Some simple error messages
|
|
(e.g., host unknown during the SMTP protocol)
|
|
will be delayed using this mode.
|
|
Mode
|
|
.q b
|
|
is the usual default.
|
|
.pp
|
|
If you run in mode
|
|
.q q
|
|
(queue only),
|
|
.q d
|
|
(defer),
|
|
or
|
|
.q b
|
|
(deliver in background)
|
|
.i sendmail
|
|
will not expand aliases and follow .forward files
|
|
upon initial receipt of the mail.
|
|
This speeds up the response to RCPT commands.
|
|
Mode
|
|
.q i
|
|
should not be used by the SMTP server.
|
|
.sh 2 "Log Level"
|
|
.pp
|
|
The level of logging can be set for
|
|
.i sendmail .
|
|
The default using a standard configuration table is level 9.
|
|
The levels are as follows:
|
|
.nr ii 0.5i
|
|
.ip 0
|
|
Minimal logging.
|
|
.ip 1
|
|
Serious system failures and potential security problems.
|
|
.ip 2
|
|
Lost communications (network problems) and protocol failures.
|
|
.ip 3
|
|
Other serious failures, malformed addresses, transient forward/include
|
|
errors, connection timeouts.
|
|
.ip 4
|
|
Minor failures, out of date alias databases, connection rejections
|
|
via check_ rulesets.
|
|
.ip 5
|
|
Message collection statistics.
|
|
.ip 6
|
|
Creation of error messages,
|
|
VRFY and EXPN commands.
|
|
.ip 7
|
|
Delivery failures (host or user unknown, etc.).
|
|
.ip 8
|
|
Successful deliveries and alias database rebuilds.
|
|
.ip 9
|
|
Messages being deferred
|
|
(due to a host being down, etc.).
|
|
.ip 10
|
|
Database expansion (alias, forward, and userdb lookups)
|
|
and authentication information.
|
|
.ip 11
|
|
NIS errors and end of job processing.
|
|
.ip 12
|
|
Logs all SMTP connections.
|
|
.ip 13
|
|
Log bad user shells, files with improper permissions, and other
|
|
questionable situations.
|
|
.ip 14
|
|
Logs refused connections.
|
|
.ip 15
|
|
Log all incoming and outgoing SMTP commands.
|
|
.ip 20
|
|
Logs attempts to run locked queue files.
|
|
These are not errors,
|
|
but can be useful to note if your queue appears to be clogged.
|
|
.ip 30
|
|
Lost locks (only if using lockf instead of flock).
|
|
.lp
|
|
Additionally,
|
|
values above 64 are reserved for extremely verbose debugging output.
|
|
No normal site would ever set these.
|
|
.sh 2 "File Modes"
|
|
.pp
|
|
The modes used for files depend on what functionality you want
|
|
and the level of security you require.
|
|
In many cases
|
|
.i sendmail
|
|
does careful checking of the modes
|
|
of files and directories
|
|
to avoid accidental compromise;
|
|
if you want to make it possible to have group-writable support files
|
|
you may need to use the
|
|
.b DontBlameSendmail
|
|
option to turn off some of these checks.
|
|
.sh 3 "To suid or not to suid?"
|
|
.pp
|
|
.i Sendmail
|
|
is no longer installed
|
|
set-user-ID to root.
|
|
sendmail/SECURITY
|
|
explains how to configure and install
|
|
.i sendmail
|
|
without set-user-ID to root but set-group-ID
|
|
which is the default configuration starting with 8.12.
|
|
.pp
|
|
The daemon usually runs as root, unless other measures are taken.
|
|
At the point where
|
|
.i sendmail
|
|
is about to
|
|
.i exec \|(2)
|
|
a mailer,
|
|
it checks to see if the userid is zero (root);
|
|
if so,
|
|
it resets the userid and groupid to a default
|
|
(set by the
|
|
.b U=
|
|
equate in the mailer line;
|
|
if that is not set, the
|
|
.b DefaultUser
|
|
option is used).
|
|
This can be overridden
|
|
by setting the
|
|
.b S
|
|
flag to the mailer
|
|
for mailers that are trusted
|
|
and must be called as root.
|
|
However,
|
|
this will cause mail processing
|
|
to be accounted
|
|
(using
|
|
.i sa \|(8))
|
|
to root
|
|
rather than to the user sending the mail.
|
|
.pp
|
|
A middle ground is to set the
|
|
.b RunAsUser
|
|
option.
|
|
This causes
|
|
.i sendmail
|
|
to become the indicated user as soon as it has done the startup
|
|
that requires root privileges
|
|
(primarily, opening the
|
|
.sm SMTP
|
|
socket).
|
|
If you use
|
|
.b RunAsUser ,
|
|
the queue directory
|
|
(normally
|
|
.i /var/spool/mqueue )
|
|
should be owned by that user,
|
|
and all files and databases
|
|
(including user
|
|
.i \&.forward
|
|
files,
|
|
alias files,
|
|
:include: files,
|
|
and external databases)
|
|
must be readable by that user.
|
|
Also, since sendmail will not be able to change its uid,
|
|
delivery to programs or files will be marked as unsafe,
|
|
e.g., undeliverable,
|
|
in
|
|
.i \&.forward ,
|
|
aliases,
|
|
and :include: files.
|
|
Administrators can override this by setting the
|
|
.b DontBlameSendmail
|
|
option to the setting
|
|
.b NonRootSafeAddr .
|
|
.b RunAsUser
|
|
is probably best suited for firewall configurations
|
|
that don't have regular user logins.
|
|
If the option is used on a system which performs local delivery,
|
|
then the local delivery agent must have the proper permissions
|
|
(i.e., usually set-user-ID root)
|
|
since it will be invoked by the
|
|
.b RunAsUser ,
|
|
not by root.
|
|
.sh 3 "Turning off security checks"
|
|
.pp
|
|
.i Sendmail
|
|
is very particular about the modes of files that it reads or writes.
|
|
For example, by default it will refuse to read most files
|
|
that are group writable
|
|
on the grounds that they might have been tampered with
|
|
by someone other than the owner;
|
|
it will even refuse to read files in group writable directories.
|
|
Also, sendmail will refuse to create a new aliases database in an
|
|
unsafe directory. You can get around this by manually creating the
|
|
database file as a trusted user ahead of time and then rebuilding the
|
|
aliases database with
|
|
.b newaliases .
|
|
.pp
|
|
If you are
|
|
.i quite
|
|
sure that your configuration is safe and you want
|
|
.i sendmail
|
|
to avoid these security checks,
|
|
you can turn off certain checks using the
|
|
.b DontBlameSendmail
|
|
option.
|
|
This option takes one or more names that disable checks.
|
|
In the descriptions that follow,
|
|
.q "unsafe directory"
|
|
means a directory that is writable by anyone other than the owner.
|
|
The values are:
|
|
.nr ii 0.5i
|
|
.ip Safe
|
|
No special handling.
|
|
.ip AssumeSafeChown
|
|
Assume that the
|
|
.i chown
|
|
system call is restricted to root.
|
|
Since some versions of UNIX permit regular users
|
|
to give away their files to other users on some filesystems,
|
|
.i sendmail
|
|
often cannot assume that a given file was created by the owner,
|
|
particularly when it is in a writable directory.
|
|
You can set this flag if you know that file giveaway is restricted
|
|
on your system.
|
|
.ip ClassFileInUnsafeDirPath
|
|
When reading class files (using the
|
|
.b F
|
|
line in the configuration file),
|
|
allow files that are in unsafe directories.
|
|
.ip DontWarnForwardFileInUnsafeDirPath
|
|
Prevent logging of
|
|
unsafe directory path warnings
|
|
for non-existent forward files.
|
|
.ip ErrorHeaderInUnsafeDirPath
|
|
Allow the file named in the
|
|
.b ErrorHeader
|
|
option to be in an unsafe directory.
|
|
.ip FileDeliveryToHardLink
|
|
Allow delivery to files that are hard links.
|
|
.ip FileDeliveryToSymLink
|
|
Allow delivery to files that are symbolic links.
|
|
.ip ForwardFileInGroupWritableDirPath
|
|
Allow
|
|
.i \&.forward
|
|
files in group writable directories.
|
|
.ip ForwardFileInUnsafeDirPath
|
|
Allow
|
|
.i \&.forward
|
|
files in unsafe directories.
|
|
.ip ForwardFileInUnsafeDirPathSafe
|
|
Allow a
|
|
.i \&.forward
|
|
file that is in an unsafe directory to include references
|
|
to program and files.
|
|
.ip GroupReadableKeyFile
|
|
Accept a group-readable key file for STARTTLS.
|
|
.ip GroupReadableSASLDBFile
|
|
Accept a group-readable Cyrus SASL password file.
|
|
.ip GroupReadableDefaultAuthInfoFile
|
|
Accept a group-readable DefaultAuthInfo file for SASL.
|
|
.ip GroupWritableAliasFile
|
|
Allow group-writable alias files.
|
|
.ip GroupWritableDirPathSafe
|
|
Change the definition of
|
|
.q "unsafe directory"
|
|
to consider group-writable directories to be safe.
|
|
World-writable directories are always unsafe.
|
|
.ip GroupWritableForwardFile
|
|
Allow group writable
|
|
.i \&.forward
|
|
files.
|
|
.ip GroupWritableForwardFileSafe
|
|
Accept group-writable
|
|
.i \&.forward
|
|
files as safe for program and file delivery.
|
|
.ip GroupWritableIncludeFile
|
|
Allow group wriable
|
|
.i :include:
|
|
files.
|
|
.ip GroupWritableIncludeFileSafe
|
|
Accept group-writable
|
|
.i :include:
|
|
files as safe for program and file delivery.
|
|
.ip GroupWritableSASLDBFile
|
|
Accept a group-writable Cyrus SASL password file.
|
|
.ip HelpFileInUnsafeDirPath
|
|
Allow the file named in the
|
|
.b HelpFile
|
|
option to be in an unsafe directory.
|
|
.ip IncludeFileInGroupWritableDirPath
|
|
Allow
|
|
.i :include:
|
|
files in group writable directories.
|
|
.ip IncludeFileInUnsafeDirPath
|
|
Allow
|
|
.i :include:
|
|
files in unsafe directories.
|
|
.ip IncludeFileInUnsafeDirPathSafe
|
|
Allow a
|
|
.i :include:
|
|
file that is in an unsafe directory to include references
|
|
to program and files.
|
|
.ip InsufficientEntropy
|
|
Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
|
|
despite the security problems.
|
|
.ip LinkedAliasFileInWritableDir
|
|
Allow an alias file that is a link in a writable directory.
|
|
.ip LinkedClassFileInWritableDir
|
|
Allow class files that are links in writable directories.
|
|
.ip LinkedForwardFileInWritableDir
|
|
Allow
|
|
.i \&.forward
|
|
files that are links in writable directories.
|
|
.ip LinkedIncludeFileInWritableDir
|
|
Allow
|
|
.i :include:
|
|
files that are links in writable directories.
|
|
.ip LinkedMapInWritableDir
|
|
Allow map files that are links in writable directories.
|
|
This includes alias database files.
|
|
.ip LinkedServiceSwitchFileInWritableDir
|
|
Allow the service switch file to be a link
|
|
even if the directory is writable.
|
|
.ip MapInUnsafeDirPath
|
|
Allow maps (e.g.,
|
|
.i hash ,
|
|
.i btree ,
|
|
and
|
|
.i dbm
|
|
files)
|
|
in unsafe directories.
|
|
This includes alias database files.
|
|
.ip NonRootSafeAddr
|
|
Do not mark file and program deliveries as unsafe
|
|
if sendmail is not running with root privileges.
|
|
.ip RunProgramInUnsafeDirPath
|
|
Run programs that are in writable directories without logging a warning.
|
|
.ip RunWritableProgram
|
|
Run programs that are group- or world-writable without logging a warning.
|
|
.ip TrustStickyBit
|
|
Allow group or world writable directories
|
|
if the sticky bit is set on the directory.
|
|
Do not set this on systems which do not honor
|
|
the sticky bit on directories.
|
|
.ip WorldWritableAliasFile
|
|
Accept world-writable alias files.
|
|
.ip WorldWritableForwardfile
|
|
Allow world writable
|
|
.i \&.forward
|
|
files.
|
|
.ip WorldWritableIncludefile
|
|
Allow world wriable
|
|
.i :include:
|
|
files.
|
|
.ip WriteMapToHardLink
|
|
Allow writes to maps that are hard links.
|
|
.ip WriteMapToSymLink
|
|
Allow writes to maps that are symbolic links.
|
|
.ip WriteStatsToHardLink
|
|
Allow the status file to be a hard link.
|
|
.ip WriteStatsToSymLink
|
|
Allow the status file to be a symbolic link.
|
|
.sh 2 "Connection Caching"
|
|
.pp
|
|
When processing the queue,
|
|
.i sendmail
|
|
will try to keep the last few open connections open
|
|
to avoid startup and shutdown costs.
|
|
This only applies to IPC and LPC connections.
|
|
.pp
|
|
When trying to open a connection
|
|
the cache is first searched.
|
|
If an open connection is found, it is probed to see if it is still active
|
|
by sending a
|
|
.sm RSET
|
|
command.
|
|
It is not an error if this fails;
|
|
instead, the connection is closed and reopened.
|
|
.pp
|
|
Two parameters control the connection cache.
|
|
The
|
|
.b ConnectionCacheSize
|
|
(\c
|
|
.b k )
|
|
option defines the number of simultaneous open connections
|
|
that will be permitted.
|
|
If it is set to zero,
|
|
connections will be closed as quickly as possible.
|
|
The default is one.
|
|
This should be set as appropriate for your system size;
|
|
it will limit the amount of system resources that
|
|
.i sendmail
|
|
will use during queue runs.
|
|
Never set this higher than 4.
|
|
.pp
|
|
The
|
|
.b ConnectionCacheTimeout
|
|
(\c
|
|
.b K )
|
|
option specifies the maximum time that any cached connection
|
|
will be permitted to idle.
|
|
When the idle time exceeds this value
|
|
the connection is closed.
|
|
This number should be small
|
|
(under ten minutes)
|
|
to prevent you from grabbing too many resources
|
|
from other hosts.
|
|
The default is five minutes.
|
|
.sh 2 "Name Server Access"
|
|
.pp
|
|
Control of host address lookups is set by the
|
|
.b hosts
|
|
service entry in your service switch file.
|
|
If you are on a system that has built-in service switch support
|
|
(e.g., Ultrix, Solaris, or DEC OSF/1)
|
|
then your system is probably configured properly already.
|
|
Otherwise,
|
|
.i sendmail
|
|
will consult the file
|
|
.b /etc/mail/service.switch ,
|
|
which should be created.
|
|
.i Sendmail
|
|
only uses two entries:
|
|
.b hosts
|
|
and
|
|
.b aliases ,
|
|
although system routines may use other services
|
|
(notably the
|
|
.b passwd
|
|
service for user name lookups by
|
|
.i getpwname ).
|
|
.pp
|
|
However, some systems (such as SunOS 4.X)
|
|
will do DNS lookups
|
|
regardless of the setting of the service switch entry.
|
|
In particular, the system routine
|
|
.i gethostbyname (3)
|
|
is used to look up host names,
|
|
and many vendor versions try some combination of DNS, NIS,
|
|
and file lookup in /etc/hosts
|
|
without consulting a service switch.
|
|
.i Sendmail
|
|
makes no attempt to work around this problem,
|
|
and the DNS lookup will be done anyway.
|
|
If you do not have a nameserver configured at all,
|
|
such as at a UUCP-only site,
|
|
.i sendmail
|
|
will get a
|
|
.q "connection refused"
|
|
message when it tries to connect to the name server.
|
|
If the
|
|
.b hosts
|
|
switch entry has the service
|
|
.q dns
|
|
listed somewhere in the list,
|
|
.i sendmail
|
|
will interpret this to mean a temporary failure
|
|
and will queue the mail for later processing;
|
|
otherwise, it ignores the name server data.
|
|
.pp
|
|
The same technique is used to decide whether to do MX lookups.
|
|
If you want MX support, you
|
|
.i must
|
|
have
|
|
.q dns
|
|
listed as a service in the
|
|
.b hosts
|
|
switch entry.
|
|
.pp
|
|
The
|
|
.b ResolverOptions
|
|
(\c
|
|
.b I )
|
|
option allows you to tweak name server options.
|
|
The command line takes a series of flags as documented in
|
|
.i resolver (3)
|
|
(with the leading
|
|
.q RES_
|
|
deleted).
|
|
Each can be preceded by an optional `+' or `\(mi'.
|
|
For example, the line
|
|
.(b
|
|
O ResolverOptions=+AAONLY \(miDNSRCH
|
|
.)b
|
|
turns on the AAONLY (accept authoritative answers only)
|
|
and turns off the DNSRCH (search the domain path) options.
|
|
Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
|
|
flags on and all others off.
|
|
If NETINET6 is enabled, most libraries default to USE_INET6 as well.
|
|
You can also include
|
|
.q HasWildcardMX
|
|
to specify that there is a wildcard MX record matching your domain;
|
|
this turns off MX matching when canonifying names,
|
|
which can lead to inappropriate canonifications.
|
|
Use
|
|
.q WorkAroundBrokenAAAA
|
|
when faced with a broken nameserver that returns SERVFAIL
|
|
(a temporary failure)
|
|
on T_AAAA (IPv6) lookups
|
|
during hostname canonification.
|
|
Notice: it might be necessary to apply the same (or similar) options to
|
|
.i submit.cf
|
|
too.
|
|
.pp
|
|
Version level 1 configurations (see the section about
|
|
``Configuration Version Level'')
|
|
turn DNSRCH and DEFNAMES off when doing delivery lookups,
|
|
but leave them on everywhere else.
|
|
Version 8 of
|
|
.i sendmail
|
|
ignores them when doing canonification lookups
|
|
(that is, when using $[ ... $]),
|
|
and always does the search.
|
|
If you don't want to do automatic name extension,
|
|
don't call $[ ... $].
|
|
.pp
|
|
The search rules for $[ ... $] are somewhat different than usual.
|
|
If the name being looked up
|
|
has at least one dot, it always tries the unmodified name first.
|
|
If that fails, it tries the reduced search path,
|
|
and lastly tries the unmodified name
|
|
(but only for names without a dot,
|
|
since names with a dot have already been tried).
|
|
This allows names such as
|
|
``utc.CS''
|
|
to match the site in Czechoslovakia
|
|
rather than the site in your local Computer Science department.
|
|
It also prefers A and CNAME records over MX records \*-
|
|
that is, if it finds an MX record it makes note of it,
|
|
but keeps looking.
|
|
This way, if you have a wildcard MX record matching your domain,
|
|
it will not assume that all names match.
|
|
.pp
|
|
To completely turn off all name server access
|
|
on systems without service switch support
|
|
(such as SunOS 4.X)
|
|
you will have to recompile with
|
|
\-DNAMED_BIND=0
|
|
and remove \-lresolv from the list of libraries to be searched
|
|
when linking.
|
|
.sh 2 "Moving the Per-User Forward Files"
|
|
.pp
|
|
Some sites mount each user's home directory
|
|
from a local disk on their workstation,
|
|
so that local access is fast.
|
|
However, the result is that .forward file lookups
|
|
from a central mail server are slow.
|
|
In some cases,
|
|
mail can even be delivered on machines inappropriately
|
|
because of a file server being down.
|
|
The performance can be especially bad if you run the automounter.
|
|
.pp
|
|
The
|
|
.b ForwardPath
|
|
(\c
|
|
.b J )
|
|
option allows you to set a path of forward files.
|
|
For example, the config file line
|
|
.(b
|
|
O ForwardPath=/var/forward/$u:$z/.forward.$w
|
|
.)b
|
|
would first look for a file with the same name as the user's login
|
|
in /var/forward;
|
|
if that is not found (or is inaccessible)
|
|
the file
|
|
``.forward.\c
|
|
.i machinename ''
|
|
in the user's home directory is searched.
|
|
A truly perverse site could also search by sender
|
|
by using $r, $s, or $f.
|
|
.pp
|
|
If you create a directory such as /var/forward,
|
|
it should be mode 1777
|
|
(that is, the sticky bit should be set).
|
|
Users should create the files mode 0644.
|
|
Note that you must use the
|
|
ForwardFileInUnsafeDirPath and
|
|
ForwardFileInUnsafeDirPathSafe
|
|
flags with the
|
|
.b DontBlameSendmail
|
|
option to allow forward files in a world writable directory.
|
|
This might also be used as a denial of service attack
|
|
(users could create forward files for other users);
|
|
a better approach might be to create
|
|
/var/forward
|
|
mode 0755
|
|
and create empty files for each user,
|
|
owned by that user,
|
|
mode 0644.
|
|
If you do this, you don't have to set the DontBlameSendmail options
|
|
indicated above.
|
|
.sh 2 "Free Space"
|
|
.pp
|
|
On systems that have one of the system calls in the
|
|
.i statfs (2)
|
|
family
|
|
(including
|
|
.i statvfs
|
|
and
|
|
.i ustat ),
|
|
you can specify a minimum number of free blocks on the queue filesystem
|
|
using the
|
|
.b MinFreeBlocks
|
|
(\c
|
|
.b b )
|
|
option.
|
|
If there are fewer than the indicated number of blocks free
|
|
on the filesystem on which the queue is mounted
|
|
the SMTP server will reject mail
|
|
with the
|
|
452 error code.
|
|
This invites the SMTP client to try again later.
|
|
.pp
|
|
Beware of setting this option too high;
|
|
it can cause rejection of email
|
|
when that mail would be processed without difficulty.
|
|
.sh 2 "Maximum Message Size"
|
|
.pp
|
|
To avoid overflowing your system with a large message,
|
|
the
|
|
.b MaxMessageSize
|
|
option can be set to set an absolute limit
|
|
on the size of any one message.
|
|
This will be advertised in the ESMTP dialogue
|
|
and checked during message collection.
|
|
.sh 2 "Privacy Flags"
|
|
.pp
|
|
The
|
|
.b PrivacyOptions
|
|
(\c
|
|
.b p )
|
|
option allows you to set certain
|
|
``privacy''
|
|
flags.
|
|
Actually, many of them don't give you any extra privacy,
|
|
rather just insisting that client SMTP servers
|
|
use the HELO command
|
|
before using certain commands
|
|
or adding extra headers to indicate possible spoof attempts.
|
|
.pp
|
|
The option takes a series of flag names;
|
|
the final privacy is the inclusive or of those flags.
|
|
For example:
|
|
.(b
|
|
O PrivacyOptions=needmailhelo, noexpn
|
|
.)b
|
|
insists that the HELO or EHLO command be used before a MAIL command is accepted
|
|
and disables the EXPN command.
|
|
.pp
|
|
The flags are detailed in section
|
|
.\"XREF
|
|
5.6.
|
|
.sh 2 "Send to Me Too"
|
|
.pp
|
|
Beginning with version 8.10,
|
|
.i sendmail
|
|
includes by default the (envelope) sender in any list expansions.
|
|
For example, if
|
|
.q matt
|
|
sends to a list that contains
|
|
.q matt
|
|
as one of the members he will get a copy of the message.
|
|
If the
|
|
.b MeToo
|
|
option is set to
|
|
.sm FALSE
|
|
(in the configuration file or via the command line),
|
|
this behavior is changed, i.e.,
|
|
the (envelope) sender is excluded in list expansions.
|
|
.sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
|
|
.pp
|
|
This section describes the configuration file
|
|
in detail.
|
|
.pp
|
|
There is one point that should be made clear immediately:
|
|
the syntax of the configuration file
|
|
is designed to be reasonably easy to parse,
|
|
since this is done every time
|
|
.i sendmail
|
|
starts up,
|
|
rather than easy for a human to read or write.
|
|
The configuration file should be generated via the method described in
|
|
.b cf/README ,
|
|
it should not be edited directly unless someone is familiar
|
|
with the internals of the syntax described here and it is
|
|
not possible to achieve the desired result via the default method.
|
|
.pp
|
|
The configuration file is organized as a series of lines,
|
|
each of which begins with a single character
|
|
defining the semantics for the rest of the line.
|
|
Lines beginning with a space or a tab
|
|
are continuation lines
|
|
(although the semantics are not well defined in many places).
|
|
Blank lines and lines beginning with a sharp symbol
|
|
(`#')
|
|
are comments.
|
|
.sh 2 "R and S \*- Rewriting Rules"
|
|
.pp
|
|
The core of address parsing
|
|
are the rewriting rules.
|
|
These are an ordered production system.
|
|
.i Sendmail
|
|
scans through the set of rewriting rules
|
|
looking for a match on the left hand side
|
|
(LHS)
|
|
of the rule.
|
|
When a rule matches,
|
|
the address is replaced by the right hand side
|
|
(RHS)
|
|
of the rule.
|
|
.pp
|
|
There are several sets of rewriting rules.
|
|
Some of the rewriting sets are used internally
|
|
and must have specific semantics.
|
|
Other rewriting sets
|
|
do not have specifically assigned semantics,
|
|
and may be referenced by the mailer definitions
|
|
or by other rewriting sets.
|
|
.pp
|
|
The syntax of these two commands are:
|
|
.(b F
|
|
.b S \c
|
|
.i n
|
|
.)b
|
|
Sets the current ruleset being collected to
|
|
.i n .
|
|
If you begin a ruleset more than once
|
|
it appends to the old definition.
|
|
.(b F
|
|
.b R \c
|
|
.i lhs
|
|
.i rhs
|
|
.i comments
|
|
.)b
|
|
The
|
|
fields must be separated
|
|
by at least one tab character;
|
|
there may be embedded spaces
|
|
in the fields.
|
|
The
|
|
.i lhs
|
|
is a pattern that is applied to the input.
|
|
If it matches,
|
|
the input is rewritten to the
|
|
.i rhs .
|
|
The
|
|
.i comments
|
|
are ignored.
|
|
.pp
|
|
Macro expansions of the form
|
|
.b $ \c
|
|
.i x
|
|
are performed when the configuration file is read.
|
|
A literal
|
|
.b $
|
|
can be included using
|
|
.b $$ .
|
|
Expansions of the form
|
|
.b $& \c
|
|
.i x
|
|
are performed at run time using a somewhat less general algorithm.
|
|
This is intended only for referencing internally defined macros
|
|
such as
|
|
.b $h
|
|
that are changed at runtime.
|
|
.sh 3 "The left hand side"
|
|
.pp
|
|
The left hand side of rewriting rules contains a pattern.
|
|
Normal words are simply matched directly.
|
|
Metasyntax is introduced using a dollar sign.
|
|
The metasymbols are:
|
|
.(b
|
|
.ta \w'\fB$=\fP\fIx\fP 'u
|
|
\fB$*\fP Match zero or more tokens
|
|
\fB$+\fP Match one or more tokens
|
|
\fB$\-\fP Match exactly one token
|
|
\fB$=\fP\fIx\fP Match any phrase in class \fIx\fP
|
|
\fB$~\fP\fIx\fP Match any word not in class \fIx\fP
|
|
.)b
|
|
If any of these match,
|
|
they are assigned to the symbol
|
|
.b $ \c
|
|
.i n
|
|
for replacement on the right hand side,
|
|
where
|
|
.i n
|
|
is the index in the LHS.
|
|
For example,
|
|
if the LHS:
|
|
.(b
|
|
$\-:$+
|
|
.)b
|
|
is applied to the input:
|
|
.(b
|
|
UCBARPA:eric
|
|
.)b
|
|
the rule will match, and the values passed to the RHS will be:
|
|
.(b
|
|
.ta 4n
|
|
$1 UCBARPA
|
|
$2 eric
|
|
.)b
|
|
.pp
|
|
Additionally, the LHS can include
|
|
.b $@
|
|
to match zero tokens.
|
|
This is
|
|
.i not
|
|
bound to a
|
|
.b $ \c
|
|
.i n
|
|
on the RHS, and is normally only used when it stands alone
|
|
in order to match the null input.
|
|
.sh 3 "The right hand side"
|
|
.pp
|
|
When the left hand side of a rewriting rule matches,
|
|
the input is deleted and replaced by the right hand side.
|
|
Tokens are copied directly from the RHS
|
|
unless they begin with a dollar sign.
|
|
Metasymbols are:
|
|
.(b
|
|
.ta \w'$#mailer\0\0\0'u
|
|
\fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS
|
|
\fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP
|
|
\fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
|
|
Generalized keyed mapping function
|
|
\fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP
|
|
\fB$#\fP\fImailer\fP Resolve to \fImailer\fP
|
|
\fB$@\fP\fIhost\fP Specify \fIhost\fP
|
|
\fB$:\fP\fIuser\fP Specify \fIuser\fP
|
|
.)b
|
|
.pp
|
|
The
|
|
.b $ \c
|
|
.i n
|
|
syntax substitutes the corresponding value from a
|
|
.b $+ ,
|
|
.b $\- ,
|
|
.b $* ,
|
|
.b $= ,
|
|
or
|
|
.b $~
|
|
match on the LHS.
|
|
It may be used anywhere.
|
|
.pp
|
|
A host name enclosed between
|
|
.b $[
|
|
and
|
|
.b $]
|
|
is looked up in the host database(s)
|
|
and replaced by the canonical name\**.
|
|
.(f
|
|
\**This is actually
|
|
completely equivalent
|
|
to $(host \fIhostname\fP$).
|
|
In particular, a
|
|
.b $:
|
|
default can be used.
|
|
.)f
|
|
For example,
|
|
.q $[ftp$]
|
|
might become
|
|
.q ftp.CS.Berkeley.EDU
|
|
and
|
|
.q $[[128.32.130.2]$]
|
|
would become
|
|
.q vangogh.CS.Berkeley.EDU.
|
|
.i Sendmail
|
|
recognizes its numeric IP address
|
|
without calling the name server
|
|
and replaces it with its canonical name.
|
|
.pp
|
|
The
|
|
.b $(
|
|
\&...
|
|
.b $)
|
|
syntax is a more general form of lookup;
|
|
it uses a named map instead of an implicit map.
|
|
If no lookup is found, the indicated
|
|
.i default
|
|
is inserted;
|
|
if no default is specified and no lookup matches,
|
|
the value is left unchanged.
|
|
The
|
|
.i arguments
|
|
are passed to the map for possible use.
|
|
.pp
|
|
The
|
|
.b $> \c
|
|
.i n
|
|
syntax
|
|
causes the remainder of the line to be substituted as usual
|
|
and then passed as the argument to ruleset
|
|
.i n .
|
|
The final value of ruleset
|
|
.i n
|
|
then becomes
|
|
the substitution for this rule.
|
|
The
|
|
.b $>
|
|
syntax expands everything after the ruleset name
|
|
to the end of the replacement string
|
|
and then passes that as the initial input to the ruleset.
|
|
Recursive calls are allowed.
|
|
For example,
|
|
.(b
|
|
$>0 $>3 $1
|
|
.)b
|
|
expands $1, passes that to ruleset 3, and then passes the result
|
|
of ruleset 3 to ruleset 0.
|
|
.pp
|
|
The
|
|
.b $#
|
|
syntax should
|
|
.i only
|
|
be used in ruleset zero,
|
|
a subroutine of ruleset zero,
|
|
or rulesets that return decisions (e.g., check_rcpt).
|
|
It causes evaluation of the ruleset to terminate immediately,
|
|
and signals to
|
|
.i sendmail
|
|
that the address has completely resolved.
|
|
The complete syntax for ruleset 0 is:
|
|
.(b
|
|
\fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
|
|
.)b
|
|
This specifies the
|
|
{mailer, host, user}
|
|
3-tuple necessary to direct the mailer.
|
|
Note: the third element (
|
|
.i user
|
|
) is often also called
|
|
.i address
|
|
part.
|
|
If the mailer is local
|
|
the host part may be omitted\**.
|
|
.(f
|
|
\**You may want to use it for special
|
|
.q "per user"
|
|
extensions.
|
|
For example, in the address
|
|
.q jgm+foo@CMU.EDU ;
|
|
the
|
|
.q +foo
|
|
part is not part of the user name,
|
|
and is passed to the local mailer for local use.
|
|
.)f
|
|
The
|
|
.i mailer
|
|
must be a single word,
|
|
but the
|
|
.i host
|
|
and
|
|
.i user
|
|
may be multi-part.
|
|
If the
|
|
.i mailer
|
|
is the built-in IPC mailer,
|
|
the
|
|
.i host
|
|
may be a colon-separated list of hosts
|
|
that are searched in order for the first working address
|
|
(exactly like MX records).
|
|
The
|
|
.i user
|
|
is later rewritten by the mailer-specific envelope rewriting set
|
|
and assigned to the
|
|
.b $u
|
|
macro.
|
|
As a special case, if the mailer specified has the
|
|
.b F=@
|
|
flag specified
|
|
and the first character of the
|
|
.b $:
|
|
value is
|
|
.q @ ,
|
|
the
|
|
.q @
|
|
is stripped off, and a flag is set in the address descriptor
|
|
that causes sendmail to not do ruleset 5 processing.
|
|
.pp
|
|
Normally, a rule that matches is retried,
|
|
that is,
|
|
the rule loops until it fails.
|
|
A RHS may also be preceded by a
|
|
.b $@
|
|
or a
|
|
.b $:
|
|
to change this behavior.
|
|
A
|
|
.b $@
|
|
prefix causes the ruleset to return with the remainder of the RHS
|
|
as the value.
|
|
A
|
|
.b $:
|
|
prefix causes the rule to terminate immediately,
|
|
but the ruleset to continue;
|
|
this can be used to avoid continued application of a rule.
|
|
The prefix is stripped before continuing.
|
|
.pp
|
|
The
|
|
.b $@
|
|
and
|
|
.b $:
|
|
prefixes may precede a
|
|
.b $>
|
|
spec;
|
|
for example:
|
|
.(b
|
|
.ta 8n
|
|
R$+ $: $>7 $1
|
|
.)b
|
|
matches anything,
|
|
passes that to ruleset seven,
|
|
and continues;
|
|
the
|
|
.b $:
|
|
is necessary to avoid an infinite loop.
|
|
.pp
|
|
Substitution occurs in the order described,
|
|
that is,
|
|
parameters from the LHS are substituted,
|
|
hostnames are canonicalized,
|
|
.q subroutines
|
|
are called,
|
|
and finally
|
|
.b $# ,
|
|
.b $@ ,
|
|
and
|
|
.b $:
|
|
are processed.
|
|
.sh 3 "Semantics of rewriting rule sets"
|
|
.pp
|
|
There are six rewriting sets
|
|
that have specific semantics.
|
|
Five of these are related as depicted by figure 1.
|
|
.(z
|
|
.hl
|
|
.ie n \{\
|
|
.(c
|
|
+---+
|
|
-->| 0 |-->resolved address
|
|
/ +---+
|
|
/ +---+ +---+
|
|
/ ---->| 1 |-->| S |--
|
|
+---+ / +---+ / +---+ +---+ \e +---+
|
|
addr-->| 3 |-->| D |-- --->| 4 |-->msg
|
|
+---+ +---+ \e +---+ +---+ / +---+
|
|
--->| 2 |-->| R |--
|
|
+---+ +---+
|
|
.)c
|
|
|
|
.\}
|
|
.el \{\
|
|
.ie !"\*(.T"" \{\
|
|
.PS
|
|
boxwid = 0.3i
|
|
boxht = 0.3i
|
|
movewid = 0.3i
|
|
moveht = 0.3i
|
|
linewid = 0.3i
|
|
lineht = 0.3i
|
|
|
|
box invis "addr"; arrow
|
|
Box3: box "3"
|
|
A1: arrow
|
|
BoxD: box "D"; line; L1: Here
|
|
C: [
|
|
C1: arrow; box "1"; arrow; box "S"; line; E1: Here
|
|
move to C1 down 0.5; right
|
|
C2: arrow; box "2"; arrow; box "R"; line; E2: Here
|
|
] with .w at L1 + (0.5, 0)
|
|
move to C.e right 0.5
|
|
L4: arrow; box "4"; arrow; box invis "msg"
|
|
line from L1 to C.C1
|
|
line from L1 to C.C2
|
|
line from C.E1 to L4
|
|
line from C.E2 to L4
|
|
move to BoxD.n up 0.6; right
|
|
Box0: arrow; box "0"
|
|
arrow; box invis "resolved address" width 1.3
|
|
line from 1/3 of the way between A1 and BoxD.w to Box0
|
|
.PE
|
|
.\}
|
|
.el .sp 2i
|
|
.\}
|
|
.ce
|
|
Figure 1 \*- Rewriting set semantics
|
|
.(c
|
|
D \*- sender domain addition
|
|
S \*- mailer-specific sender rewriting
|
|
R \*- mailer-specific recipient rewriting
|
|
.)c
|
|
.hl
|
|
.)z
|
|
.pp
|
|
Ruleset three
|
|
should turn the address into
|
|
.q "canonical form."
|
|
This form should have the basic syntax:
|
|
.(b
|
|
local-part@host-domain-spec
|
|
.)b
|
|
Ruleset three
|
|
is applied by
|
|
.i sendmail
|
|
before doing anything with any address.
|
|
.pp
|
|
If no
|
|
.q @
|
|
sign is specified,
|
|
then the
|
|
host-domain-spec
|
|
.i may
|
|
be appended (box
|
|
.q D
|
|
in Figure 1)
|
|
from the
|
|
sender address
|
|
(if the
|
|
.b C
|
|
flag is set in the mailer definition
|
|
corresponding to the
|
|
.i sending
|
|
mailer).
|
|
.pp
|
|
Ruleset zero
|
|
is applied after ruleset three
|
|
to addresses that are going to actually specify recipients.
|
|
It must resolve to a
|
|
.i "{mailer, host, address}"
|
|
triple.
|
|
The
|
|
.i mailer
|
|
must be defined in the mailer definitions
|
|
from the configuration file.
|
|
The
|
|
.i host
|
|
is defined into the
|
|
.b $h
|
|
macro
|
|
for use in the argv expansion of the specified mailer.
|
|
Notice: since the envelope sender address will be used if
|
|
a delivery status notification must be send,
|
|
i.e., is may specify a recipient,
|
|
it is also run through ruleset zero.
|
|
If ruleset zero returns a temporary error
|
|
.b 4xy
|
|
then delivery is deferred.
|
|
This can be used to temporarily disable delivery,
|
|
e.g., based on the time of the day or other varying parameters.
|
|
It should not be used to quarantine e-mails.
|
|
.pp
|
|
Rulesets one and two
|
|
are applied to all sender and recipient addresses respectively.
|
|
They are applied before any specification
|
|
in the mailer definition.
|
|
They must never resolve.
|
|
.pp
|
|
Ruleset four is applied to all addresses
|
|
in the message.
|
|
It is typically used
|
|
to translate internal to external form.
|
|
.pp
|
|
In addition,
|
|
ruleset 5 is applied to all local addresses
|
|
(specifically, those that resolve to a mailer with the `F=5'
|
|
flag set)
|
|
that do not have aliases.
|
|
This allows a last minute hook for local names.
|
|
.sh 3 "Ruleset hooks"
|
|
.pp
|
|
A few extra rulesets are defined as
|
|
.q hooks
|
|
that can be defined to get special features.
|
|
They are all named rulesets.
|
|
The
|
|
.q check_*
|
|
forms all give accept/reject status;
|
|
falling off the end or returning normally is an accept,
|
|
and resolving to
|
|
.b $#error
|
|
is a reject or quarantine.
|
|
Quarantining is chosen by specifying
|
|
.b quarantine
|
|
in the second part of the mailer triplet:
|
|
.(b
|
|
$#error $@ quarantine $: Reason for quarantine
|
|
.)b
|
|
Many of these can also resolve to the special mailer name
|
|
.b $#discard ;
|
|
this accepts the message as though it were successful
|
|
but then discards it without delivery.
|
|
Note,
|
|
this mailer cannot be chosen as a mailer in ruleset 0.
|
|
Note also that all
|
|
.q check_*
|
|
rulesets have to deal with temporary failures, especially for map lookups,
|
|
themselves, i.e., they should return a temporary error code
|
|
or at least they should make a proper decision in those cases.
|
|
.sh 4 "check_relay"
|
|
.pp
|
|
The
|
|
.i check_relay
|
|
ruleset is called after a connection is accepted by the daemon.
|
|
It is not called when sendmail is started using the
|
|
.b \-bs
|
|
option.
|
|
It is passed
|
|
.(b
|
|
client.host.name $| client.host.address
|
|
.)b
|
|
where
|
|
.b $|
|
|
is a metacharacter separating the two parts.
|
|
This ruleset can reject connections from various locations.
|
|
Note that it only checks the connecting SMTP client IP address and hostname.
|
|
It does not check for third party message relaying.
|
|
The
|
|
.i check_rcpt
|
|
ruleset discussed below usually does third party message relay checking.
|
|
.sh 4 "check_mail"
|
|
.pp
|
|
The
|
|
.i check_mail
|
|
ruleset is passed the user name parameter of the
|
|
.sm "SMTP MAIL"
|
|
command.
|
|
It can accept or reject the address.
|
|
.sh 4 "check_rcpt"
|
|
.pp
|
|
The
|
|
.i check_rcpt
|
|
ruleset is passed the user name parameter of the
|
|
.sm "SMTP RCPT"
|
|
command.
|
|
It can accept or reject the address.
|
|
.sh 4 "check_data"
|
|
.pp
|
|
The
|
|
.i check_data
|
|
ruleset is called after the
|
|
.sm "SMTP DATA"
|
|
command, its parameter is the number of recipients.
|
|
It can accept or reject the command.
|
|
.sh 4 "check_compat"
|
|
.pp
|
|
The
|
|
.i check_compat
|
|
ruleset is passed
|
|
.(b
|
|
sender-address $| recipient-address
|
|
.)b
|
|
where
|
|
.b $|
|
|
is a metacharacter separating the addresses.
|
|
It can accept or reject mail transfer between these two addresses
|
|
much like the
|
|
.i checkcompat()
|
|
function.
|
|
Note:
|
|
while other
|
|
.i check_*
|
|
rulesets are invoked during the SMTP mail receiption stage
|
|
(i.e., in the SMTP server),
|
|
.i check_compat
|
|
is invoked during the mail delivery stage.
|
|
.sh 4 "check_eoh"
|
|
.pp
|
|
The
|
|
.i check_eoh
|
|
ruleset is passed
|
|
.(b
|
|
number-of-headers $| size-of-headers
|
|
.)b
|
|
where
|
|
.b $|
|
|
is a metacharacter separating the numbers.
|
|
These numbers can be used for size comparisons with the
|
|
.b arith
|
|
map.
|
|
The ruleset is triggered after
|
|
all of the headers have been read.
|
|
It can be used to correlate information gathered
|
|
from those headers using the
|
|
.b macro
|
|
storage map.
|
|
One possible use is to check for a missing header.
|
|
For example:
|
|
.(b
|
|
.ta 1.5i
|
|
Kstorage macro
|
|
HMessage-Id: $>CheckMessageId
|
|
|
|
SCheckMessageId
|
|
# Record the presence of the header
|
|
R$* $: $(storage {MessageIdCheck} $@ OK $) $1
|
|
R< $+ @ $+ > $@ OK
|
|
R$* $#error $: 553 Header Error
|
|
|
|
Scheck_eoh
|
|
# Check the macro
|
|
R$* $: < $&{MessageIdCheck} >
|
|
# Clear the macro for the next message
|
|
R$* $: $(storage {MessageIdCheck} $) $1
|
|
# Has a Message-Id: header
|
|
R< $+ > $@ OK
|
|
# Allow missing Message-Id: from local mail
|
|
R$* $: < $&{client_name} >
|
|
R< > $@ OK
|
|
R< $=w > $@ OK
|
|
# Otherwise, reject the mail
|
|
R$* $#error $: 553 Header Error
|
|
.)b
|
|
Keep in mind the Message-Id: header is not a required header and
|
|
is not a guaranteed spam indicator.
|
|
This ruleset is an example and
|
|
should probably not be used in production.
|
|
.sh 4 "check_eom"
|
|
.pp
|
|
The
|
|
.i check_eom
|
|
ruleset is called after the end of a message,
|
|
its parameter is the message size.
|
|
It can accept or reject the message.
|
|
.sh 4 "check_etrn"
|
|
.pp
|
|
The
|
|
.i check_etrn
|
|
ruleset is passed the parameter of the
|
|
.sm "SMTP ETRN"
|
|
command.
|
|
It can accept or reject the command.
|
|
.sh 4 "check_expn"
|
|
.pp
|
|
The
|
|
.i check_expn
|
|
ruleset is passed the user name parameter of the
|
|
.sm "SMTP EXPN"
|
|
command.
|
|
It can accept or reject the address.
|
|
.sh 4 "check_vrfy"
|
|
.pp
|
|
The
|
|
.i check_vrfy
|
|
ruleset is passed the user name parameter of the
|
|
.sm "SMTP VRFY"
|
|
command.
|
|
It can accept or reject the command.
|
|
.sh 4 "trust_auth"
|
|
.pp
|
|
The
|
|
.i trust_auth
|
|
ruleset is passed the AUTH= parameter of the
|
|
.sm "SMTP MAIL"
|
|
command.
|
|
It is used to determine whether this value should be
|
|
trusted. In order to make this decision, the ruleset
|
|
may make use of the various
|
|
.b ${auth_*}
|
|
macros.
|
|
If the ruleset does resolve to the
|
|
.q error
|
|
mailer the AUTH= parameter is not trusted and hence
|
|
not passed on to the next relay.
|
|
.sh 4 "tls_client"
|
|
.pp
|
|
The
|
|
.i tls_client
|
|
ruleset is called when sendmail acts as server, after a STARTTLS command
|
|
has been issued, and from
|
|
.i check_mail.
|
|
The parameter is the value of
|
|
.b ${verify}
|
|
and STARTTLS or MAIL, respectively.
|
|
If the ruleset does resolve to the
|
|
.q error
|
|
mailer, the appropriate error code is returned to the client.
|
|
.sh 4 "tls_server"
|
|
.pp
|
|
The
|
|
.i tls_server
|
|
ruleset is called when sendmail acts as client after a STARTTLS command
|
|
(should) have been issued.
|
|
The parameter is the value of
|
|
.b ${verify} .
|
|
If the ruleset does resolve to the
|
|
.q error
|
|
mailer, the connection is aborted
|
|
(treated as non-deliverable with a permanent or temporary error).
|
|
.sh 4 "tls_rcpt"
|
|
.pp
|
|
The
|
|
.i tls_rcpt
|
|
ruleset is called each time before a RCPT TO command is sent.
|
|
The parameter is the current recipient.
|
|
If the ruleset does resolve to the
|
|
.q error
|
|
mailer, the RCPT TO command is suppressed
|
|
(treated as non-deliverable with a permanent or temporary error).
|
|
This ruleset allows to require encryption or verification of
|
|
the recipient's MTA even if the mail is somehow redirected
|
|
to another host.
|
|
For example, sending mail to
|
|
.i luke@endmail.org
|
|
may get redirected to a host named
|
|
.i death.star
|
|
and hence the tls_server ruleset won't apply.
|
|
By introducing per recipient restrictions such attacks
|
|
(e.g., via DNS spoofing) can be made impossible.
|
|
See
|
|
.i cf/README
|
|
how this ruleset can be used.
|
|
.sh 4 "srv_features"
|
|
.pp
|
|
The
|
|
.i srv_features
|
|
ruleset is called with the connecting client's host name
|
|
when a client connects to sendmail.
|
|
This ruleset should return
|
|
.b $#
|
|
followed by a list of options (single characters
|
|
delimited by white space).
|
|
If the return value starts with anything else it is silently ignored.
|
|
Generally upper case characters turn off a feature
|
|
while lower case characters turn it on.
|
|
Option `S' causes the server not to offer STARTTLS,
|
|
which is useful to interact with MTAs/MUAs that have broken
|
|
STARTTLS implementations by simply not offering it.
|
|
`V' turns off the request for a client certificate during the TLS handshake.
|
|
Options `A' and `P' suppress SMTP AUTH and PIPELINING, respectively.
|
|
`c' is the equivalent to AuthOptions=p, i.e.,
|
|
it doesn't permit mechanisms susceptible to simple
|
|
passive attack (e.g., PLAIN, LOGIN), unless a security layer is active.
|
|
Option `l' requires SMTP AUTH for a connection.
|
|
Options 'B', 'D', 'E', and 'X' suppress SMTP VERB, DSN, ETRN, and EXPN,
|
|
respectively.
|
|
.(b
|
|
.ta 9n
|
|
A Do not offer AUTH
|
|
a Offer AUTH (default)
|
|
B Do not offer VERB
|
|
b Offer VERB (default)
|
|
C Do not require security layer for
|
|
plaintext AUTH (default)
|
|
c Require security layer for plaintext AUTH
|
|
D Do not offer DSN
|
|
d Offer DSN (default)
|
|
E Do not offer ETRN
|
|
e Offer ETRN (default)
|
|
L Do not require AUTH (default)
|
|
l Require AUTH
|
|
P Do not offer PIPELINING
|
|
p Offer PIPELINING (default)
|
|
S Do not offer STARTTLS
|
|
s Offer STARTTLS (default)
|
|
V Do not request a client certificate
|
|
v Request a client certificate (default)
|
|
X Do not offer EXPN
|
|
x Offer EXPN (default)
|
|
.)b
|
|
Note: the entries marked as ``(default)'' may require that some
|
|
configuration has been made, e.g., SMTP AUTH is only available if
|
|
properly configured.
|
|
Moreover, many options can be changed on a global basis via other
|
|
settings as explained in this document, e.g., via DaemonPortOptions.
|
|
.pp
|
|
The ruleset may return `$#temp' to indicate that there is a temporary
|
|
problem determining the correct features, e.g., if a map is unavailable.
|
|
In that case, the SMTP server issues a temporary failure and does not
|
|
accept email.
|
|
.sh 4 "try_tls"
|
|
.pp
|
|
The
|
|
.i try_tls
|
|
ruleset is called when sendmail connects to another MTA.
|
|
If the ruleset does resolve to the
|
|
.q error
|
|
mailer, sendmail does not try STARTTLS even if it is offered.
|
|
This is useful to deal with STARTTLS interoperability issues
|
|
by simply not using it.
|
|
.sh 4 "tls_srv_features and tls_clt_features"
|
|
.pp
|
|
The
|
|
.i tls_clt_features
|
|
ruleset is called when sendmail connects to another MTA
|
|
and the
|
|
.i tls_srv_features
|
|
ruleset is called when a client connects to
|
|
.i sendmail .
|
|
The arguments for the rulesets are the host name and IP address
|
|
of the other side separated by
|
|
.b $|
|
|
(which is a metacharacter).
|
|
They should return a list of
|
|
.i key=value
|
|
pairs separated by semicolons;
|
|
the list can be empty if no options should be applied to the connection.
|
|
Available keys are and their allowed values are:
|
|
.nr ii 0.2i
|
|
.ip Options
|
|
A comma separated list of SSL related options.
|
|
See
|
|
.i ServerSSLOptions
|
|
and
|
|
.i ClientSSLOptions
|
|
for details, as well as
|
|
.i SSL_set_options (3)
|
|
and note this warning:
|
|
Options already set before are not cleared!
|
|
.ip CipherList
|
|
Specify cipher list for STARTTLS,
|
|
see
|
|
.i ciphers (1)
|
|
for possible values.
|
|
This overrides the global
|
|
.i CipherList
|
|
for the session.
|
|
.ip CertFile
|
|
File containing a certificate.
|
|
.ip KeyFile
|
|
File containing the private key for the certificate.
|
|
.lp
|
|
.lp
|
|
Example:
|
|
.(b
|
|
.ta 1.5i
|
|
Stls_srv_features
|
|
R$* $| 10.$+ $: cipherlist=HIGH
|
|
.)b
|
|
.lp
|
|
Notes:
|
|
.pp
|
|
Errors in these features (e.g., unknown keys or invalid values)
|
|
are logged
|
|
and the current session is aborted to avoid using STARTTLS
|
|
with features that should have been changed.
|
|
.pp
|
|
The keys are case-insensitive.
|
|
.pp
|
|
Both
|
|
.i CertFile
|
|
and
|
|
.i KeyFile
|
|
must be specified together;
|
|
specifying only one is an error.
|
|
.pp
|
|
These rulesets require the sendmail binary to be built with _FFR_TLS_SE_OPTS
|
|
enabled (see the "For Future Release" section).
|
|
.sh 4 "authinfo"
|
|
.pp
|
|
The
|
|
.i authinfo
|
|
ruleset is called when sendmail tries to authenticate to another MTA.
|
|
It should return
|
|
.b $#
|
|
followed by a list of tokens that are used for SMTP AUTH.
|
|
If the return value starts with anything else it is silently ignored.
|
|
Each token is a tagged string of the form:
|
|
"TDstring"
|
|
(including the quotes), where
|
|
.(b
|
|
.ta 9n
|
|
T Tag which describes the item
|
|
D Delimiter: ':' simple text follows
|
|
'=' string is base64 encoded
|
|
string Value of the item
|
|
.)b
|
|
Valid values for the tag are:
|
|
.(b
|
|
.ta 9n
|
|
U user (authorization) id
|
|
I authentication id
|
|
P password
|
|
R realm
|
|
M list of mechanisms delimited by spaces
|
|
.)b
|
|
If this ruleset is defined, the option
|
|
.b DefaultAuthInfo
|
|
is ignored (even if the ruleset does not return a ``useful'' result).
|
|
.sh 4 "queuegroup"
|
|
.pp
|
|
The
|
|
.i queuegroup
|
|
ruleset is used to map a recipient address to a queue group name.
|
|
The input for the ruleset is a recipient address as specified by the
|
|
.sm "SMTP RCPT"
|
|
command.
|
|
The ruleset should return
|
|
.b $#
|
|
followed by the name of a queue group.
|
|
If the return value starts with anything else it is silently ignored.
|
|
See the section about ``Queue Groups and Queue Directories''
|
|
for further information.
|
|
.sh 4 "greet_pause"
|
|
.pp
|
|
The
|
|
.i greet_pause
|
|
ruleset is used to specify the amount of time to pause before sending the
|
|
initial SMTP 220 greeting.
|
|
If any traffic is received during that pause, an SMTP 554 rejection
|
|
response is given instead of the 220 greeting and all SMTP commands are
|
|
rejected during that connection.
|
|
This helps protect sites from open proxies and SMTP slammers.
|
|
The ruleset should return
|
|
.b $#
|
|
followed by the number of milliseconds (thousandths of a second) to
|
|
pause.
|
|
If the return value starts with anything else or is not a number,
|
|
it is silently ignored.
|
|
Note: this ruleset is not invoked (and hence the feature is disabled)
|
|
when the smtps (SMTP over SSL) is used, i.e.,
|
|
the
|
|
.i s
|
|
modifier is set for the daemon via
|
|
.b DaemonPortOptions ,
|
|
because in this case the SSL handshake is performed before
|
|
the greeting is sent.
|
|
.sh 3 "IPC mailers"
|
|
.pp
|
|
Some special processing occurs
|
|
if the ruleset zero resolves to an IPC mailer
|
|
(that is, a mailer that has
|
|
.q [IPC]
|
|
listed as the Path in the
|
|
.b M
|
|
configuration line.
|
|
The host name passed after
|
|
.q $@
|
|
has MX expansion performed if not delivering via a named socket;
|
|
this looks the name up in DNS to find alternate delivery sites.
|
|
.pp
|
|
The host name can also be provided as a dotted quad
|
|
or an IPv6 address in square brackets;
|
|
for example:
|
|
.(b
|
|
[128.32.149.78]
|
|
.)b
|
|
or
|
|
.(b
|
|
[IPv6:2002:c0a8:51d2::23f4]
|
|
.)b
|
|
This causes direct conversion of the numeric value
|
|
to an IP host address.
|
|
.pp
|
|
The host name passed in after the
|
|
.q $@
|
|
may also be a colon-separated list of hosts.
|
|
Each is separately MX expanded and the results are concatenated
|
|
to make (essentially) one long MX list.
|
|
The intent here is to create
|
|
.q fake
|
|
MX records that are not published in DNS
|
|
for private internal networks.
|
|
.pp
|
|
As a final special case, the host name can be passed in
|
|
as a text string
|
|
in square brackets:
|
|
.(b
|
|
[ucbvax.berkeley.edu]
|
|
.)b
|
|
This form avoids the MX mapping.
|
|
.b N.B.:
|
|
.i
|
|
This is intended only for situations where you have a network firewall
|
|
or other host that will do special processing for all your mail,
|
|
so that your MX record points to a gateway machine;
|
|
this machine could then do direct delivery to machines
|
|
within your local domain.
|
|
Use of this feature directly violates RFC 1123 section 5.3.5:
|
|
it should not be used lightly.
|
|
.r
|
|
.sh 2 "D \*- Define Macro"
|
|
.pp
|
|
Macros are named with a single character
|
|
or with a word in {braces}.
|
|
The names ``x'' and ``{x}'' denote the same macro
|
|
for every single character ``x''.
|
|
Single character names may be selected from the entire ASCII set,
|
|
but user-defined macros
|
|
should be selected from the set of upper case letters only.
|
|
Lower case letters
|
|
and special symbols
|
|
are used internally.
|
|
Long names beginning with a lower case letter or a punctuation character
|
|
are reserved for use by sendmail,
|
|
so user-defined long macro names should begin with an upper case letter.
|
|
.pp
|
|
The syntax for macro definitions is:
|
|
.(b F
|
|
.b D \c
|
|
.i x\|val
|
|
.)b
|
|
where
|
|
.i x
|
|
is the name of the macro
|
|
(which may be a single character
|
|
or a word in braces)
|
|
and
|
|
.i val
|
|
is the value it should have.
|
|
There should be no spaces given
|
|
that do not actually belong in the macro value.
|
|
.pp
|
|
Macros are interpolated
|
|
using the construct
|
|
.b $ \c
|
|
.i x ,
|
|
where
|
|
.i x
|
|
is the name of the macro to be interpolated.
|
|
This interpolation is done when the configuration file is read,
|
|
except in
|
|
.b M
|
|
lines.
|
|
The special construct
|
|
.b $& \c
|
|
.i x
|
|
can be used in
|
|
.b R
|
|
lines to get deferred interpolation.
|
|
.pp
|
|
Conditionals can be specified using the syntax:
|
|
.(b
|
|
$?x text1 $| text2 $.
|
|
.)b
|
|
This interpolates
|
|
.i text1
|
|
if the macro
|
|
.b $x
|
|
is set and non-null,
|
|
and
|
|
.i text2
|
|
otherwise.
|
|
The
|
|
.q else
|
|
(\c
|
|
.b $| )
|
|
clause may be omitted.
|
|
.pp
|
|
The following macros are defined and/or used internally by
|
|
.i sendmail
|
|
for interpolation into argv's for mailers
|
|
or for other contexts.
|
|
The ones marked \(dg are information passed into sendmail\**,
|
|
.(f
|
|
\**As of version 8.6,
|
|
all of these macros have reasonable defaults.
|
|
Previous versions required that they be defined.
|
|
.)f
|
|
the ones marked \(dd are information passed both in and out of sendmail,
|
|
and the unmarked macros are passed out of sendmail
|
|
but are not otherwise used internally.
|
|
These macros are:
|
|
.nr ii 5n
|
|
.ip $a
|
|
The origination date in RFC 822 format.
|
|
This is extracted from the Date: line.
|
|
.ip $b
|
|
The current date in RFC 822 format.
|
|
.ip $c
|
|
The hop count.
|
|
This is a count of the number of Received: lines
|
|
plus the value of the
|
|
.b \-h
|
|
command line flag.
|
|
.ip $d
|
|
The current date in UNIX (ctime) format.
|
|
.ip $e\(dg
|
|
(Obsolete; use SmtpGreetingMessage option instead.)
|
|
The SMTP entry message.
|
|
This is printed out when SMTP starts up.
|
|
The first word must be the
|
|
.b $j
|
|
macro as specified by RFC 821.
|
|
Defaults to
|
|
.q "$j Sendmail $v ready at $b" .
|
|
Commonly redefined to include the configuration version number, e.g.,
|
|
.q "$j Sendmail $v/$Z ready at $b"
|
|
.ip $f
|
|
The envelope sender (from) address.
|
|
.ip $g
|
|
The sender address relative to the recipient.
|
|
For example, if
|
|
.b $f
|
|
is
|
|
.q foo ,
|
|
.b $g
|
|
will be
|
|
.q host!foo ,
|
|
.q foo@host.domain ,
|
|
or whatever is appropriate for the receiving mailer.
|
|
.ip $h
|
|
The recipient host.
|
|
This is set in ruleset 0 from the $@ field of a parsed address.
|
|
.ip $i
|
|
The queue id,
|
|
e.g.,
|
|
.q f344MXxp018717 .
|
|
.ip $j\(dd
|
|
The \*(lqofficial\*(rq domain name for this site.
|
|
This is fully qualified if the full qualification can be found.
|
|
It
|
|
.i must
|
|
be redefined to be the fully qualified domain name
|
|
if your system is not configured so that information can find
|
|
it automatically.
|
|
.ip $k
|
|
The UUCP node name (from the uname system call).
|
|
.ip $l\(dg
|
|
(Obsolete; use UnixFromLine option instead.)
|
|
The format of the UNIX from line.
|
|
Unless you have changed the UNIX mailbox format,
|
|
you should not change the default,
|
|
which is
|
|
.q "From $g $d" .
|
|
.ip $m
|
|
The domain part of the \fIgethostname\fP return value.
|
|
Under normal circumstances,
|
|
.b $j
|
|
is equivalent to
|
|
.b $w.$m .
|
|
.ip $n\(dg
|
|
The name of the daemon (for error messages).
|
|
Defaults to
|
|
.q MAILER-DAEMON .
|
|
.ip $o\(dg
|
|
(Obsolete: use OperatorChars option instead.)
|
|
The set of \*(lqoperators\*(rq in addresses.
|
|
A list of characters
|
|
which will be considered tokens
|
|
and which will separate tokens
|
|
when doing parsing.
|
|
For example, if
|
|
.q @
|
|
were in the
|
|
.b $o
|
|
macro, then the input
|
|
.q a@b
|
|
would be scanned as three tokens:
|
|
.q a,
|
|
.q @,
|
|
and
|
|
.q b.
|
|
Defaults to
|
|
.q ".:@[]" ,
|
|
which is the minimum set necessary to do RFC 822 parsing;
|
|
a richer set of operators is
|
|
.q ".:%@!/[]" ,
|
|
which adds support for UUCP, the %-hack, and X.400 addresses.
|
|
.ip $p
|
|
Sendmail's process id.
|
|
.ip $q\(dg
|
|
Default format of sender address.
|
|
The
|
|
.b $q
|
|
macro specifies how an address should appear in a message
|
|
when it is defaulted.
|
|
Defaults to
|
|
.q "<$g>" .
|
|
It is commonly redefined to be
|
|
.q "$?x$x <$g>$|$g$."
|
|
or
|
|
.q "$g$?x ($x)$." ,
|
|
corresponding to the following two formats:
|
|
.(b
|
|
Eric Allman <eric@CS.Berkeley.EDU>
|
|
eric@CS.Berkeley.EDU (Eric Allman)
|
|
.)b
|
|
.i Sendmail
|
|
properly quotes names that have special characters
|
|
if the first form is used.
|
|
.ip $r
|
|
Protocol used to receive the message.
|
|
Set from the
|
|
.b \-p
|
|
command line flag or by the SMTP server code.
|
|
.ip $s
|
|
Sender's host name.
|
|
Set from the
|
|
.b \-p
|
|
command line flag or by the SMTP server code
|
|
(in which case it is set to the EHLO/HELO parameter).
|
|
.ip $t
|
|
A numeric representation of the current time in the format YYYYMMDDHHmm
|
|
(4 digit year 1900-9999, 2 digit month 01-12, 2 digit day 01-31,
|
|
2 digit hours 00-23, 2 digit minutes 00-59).
|
|
.ip $u
|
|
The recipient user.
|
|
.ip $v
|
|
The version number of the
|
|
.i sendmail
|
|
binary.
|
|
.ip $w\(dd
|
|
The hostname of this site.
|
|
This is the root name of this host (but see below for caveats).
|
|
.ip $x
|
|
The full name of the sender.
|
|
.ip $z
|
|
The home directory of the recipient.
|
|
.ip $_
|
|
The validated sender address.
|
|
See also
|
|
.b ${client_resolve} .
|
|
.ip ${addr_type}
|
|
The type of the address which is currently being rewritten.
|
|
This macro contains up to three characters, the first
|
|
is either `e' or `h' for envelope/header address,
|
|
the second is a space,
|
|
and the third is either `s' or `r' for sender/recipient address.
|
|
.ip ${alg_bits}
|
|
The maximum keylength (in bits) of the symmetric encryption algorithm
|
|
used for a TLS connection.
|
|
This may be less than the effective keylength,
|
|
which is stored in
|
|
.b ${cipher_bits} ,
|
|
for ``export controlled'' algorithms.
|
|
.ip ${auth_authen}
|
|
The client's authentication credentials as determined by authentication
|
|
(only set if successful).
|
|
The format depends on the mechanism used, it might be just `user',
|
|
or `user@realm', or something similar (SMTP AUTH only).
|
|
.ip ${auth_author}
|
|
The authorization identity, i.e. the AUTH= parameter of the
|
|
.sm "SMTP MAIL"
|
|
command if supplied.
|
|
.ip ${auth_type}
|
|
The mechanism used for SMTP authentication
|
|
(only set if successful).
|
|
.ip ${auth_ssf}
|
|
The keylength (in bits) of the symmetric encryption algorithm
|
|
used for the security layer of a SASL mechanism.
|
|
.ip ${bodytype}
|
|
The message body type
|
|
(7BIT or 8BITMIME),
|
|
as determined from the envelope.
|
|
.ip ${cert_fp}
|
|
The fingerprint of the presented certificate (STARTTLS only).
|
|
Note: this macro is only defined if the option
|
|
.b CertFingerprintAlgorithm
|
|
is set,
|
|
in which case the specified fingerprint algorithm is used.
|
|
The valid algorithms depend on the OpenSSL version,
|
|
but usually md5, sha1, and sha256 are available.
|
|
See
|
|
.(b
|
|
openssl dgst -h
|
|
.)b
|
|
for a list.
|
|
.ip ${cert_issuer}
|
|
The DN (distinguished name) of the CA (certificate authority)
|
|
that signed the presented certificate (the cert issuer)
|
|
(STARTTLS only).
|
|
.ip ${cert_md5}
|
|
The MD5 hash of the presented certificate (STARTTLS only).
|
|
Note: this macro is only defined if the option
|
|
.b CertFingerprintAlgorithm
|
|
is not set.
|
|
.ip ${cert_subject}
|
|
The DN of the presented certificate (called the cert subject)
|
|
(STARTTLS only).
|
|
.ip ${cipher}
|
|
The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
|
|
EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA
|
|
(STARTTLS only).
|
|
.ip ${cipher_bits}
|
|
The effective keylength (in bits) of the symmetric encryption algorithm
|
|
used for a TLS connection.
|
|
.ip ${client_addr}
|
|
The IP address of the SMTP client.
|
|
IPv6 addresses are tagged with "IPv6:" before the address.
|
|
Defined in the SMTP server only.
|
|
.ip ${client_connections}
|
|
The number of open connections in the SMTP server for the client IP address.
|
|
.ip ${client_flags}
|
|
The flags specified by the
|
|
Modifier= part of
|
|
.b ClientPortOptions
|
|
where flags are separated from each other by spaces
|
|
and upper case flags are doubled.
|
|
That is,
|
|
Modifier=hA
|
|
will be represented as
|
|
"h AA" in
|
|
.b ${client_flags} ,
|
|
which is required for testing the flags in rulesets.
|
|
.ip ${client_name}
|
|
The host name of the SMTP client.
|
|
This may be the client's bracketed IP address
|
|
in the form [ nnn.nnn.nnn.nnn ] for IPv4
|
|
and [ IPv6:nnnn:...:nnnn ] for IPv6
|
|
if the client's
|
|
IP address is not resolvable, or if it is resolvable
|
|
but the IP address of the resolved hostname
|
|
doesn't match the original IP address.
|
|
Defined in the SMTP server only.
|
|
See also
|
|
.b ${client_resolve} .
|
|
.ip ${client_port}
|
|
The port number of the SMTP client.
|
|
Defined in the SMTP server only.
|
|
.ip ${client_ptr}
|
|
The result of the PTR lookup for the client IP address.
|
|
Note: this is the same as
|
|
.b ${client_name}
|
|
if and only if
|
|
.b ${client_resolve}
|
|
is OK.
|
|
Defined in the SMTP server only.
|
|
.ip ${client_rate}
|
|
The number of incoming connections for the client IP address
|
|
over the time interval specified by ConnectionRateWindowSize.
|
|
.ip ${client_resolve}
|
|
Holds the result of the resolve call for
|
|
.b ${client_name} .
|
|
Possible values are:
|
|
.(b
|
|
.ta 10n
|
|
OK resolved successfully
|
|
FAIL permanent lookup failure
|
|
FORGED forward lookup doesn't match reverse lookup
|
|
TEMP temporary lookup failure
|
|
.)b
|
|
Defined in the SMTP server only.
|
|
.i sendmail
|
|
performs a hostname lookup on the IP address of the connecting client.
|
|
Next the IP addresses of that hostname are looked up.
|
|
If the client IP address does not appear in that list,
|
|
then the hostname is maybe forged.
|
|
This is reflected as the value FORGED for
|
|
.b ${client_resolve}
|
|
and it also shows up in
|
|
.b $_
|
|
as "(may be forged)".
|
|
.ip ${cn_issuer}
|
|
The CN (common name) of the CA that signed the presented certificate
|
|
(STARTTLS only).
|
|
Note: if the CN cannot be extracted properly it will be replaced by
|
|
one of these strings based on the encountered error:
|
|
.(b
|
|
.ta 25n
|
|
BadCertificateContainsNUL CN contains a NUL character
|
|
BadCertificateTooLong CN is too long
|
|
BadCertificateUnknown CN could not be extracted
|
|
.)b
|
|
In the last case, some other (unspecific) error occurred.
|
|
.ip ${cn_subject}
|
|
The CN (common name) of the presented certificate
|
|
(STARTTLS only).
|
|
See
|
|
.b ${cn_issuer}
|
|
for possible replacements.
|
|
.ip ${currHeader}
|
|
Header value as quoted string
|
|
(possibly truncated to
|
|
.b MAXNAME ).
|
|
This macro is only available in header check rulesets.
|
|
.ip ${daemon_addr}
|
|
The IP address the daemon is listening on for connections.
|
|
.ip ${daemon_family}
|
|
The network family
|
|
if the daemon is accepting network connections.
|
|
Possible values include
|
|
.q inet ,
|
|
.q inet6 ,
|
|
.q iso ,
|
|
.q ns ,
|
|
.q x.25
|
|
.ip ${daemon_flags}
|
|
The flags for the daemon as specified by the
|
|
Modifier= part of
|
|
.b DaemonPortOptions
|
|
whereby the flags are separated from each other by spaces,
|
|
and upper case flags are doubled.
|
|
That is,
|
|
Modifier=Ea
|
|
will be represented as
|
|
"EE a" in
|
|
.b ${daemon_flags} ,
|
|
which is required for testing the flags in rulesets.
|
|
.ip ${daemon_info}
|
|
Some information about a daemon as a text string.
|
|
For example,
|
|
.q SMTP+queueing@00:30:00 .
|
|
.ip ${daemon_name}
|
|
The name of the daemon from
|
|
.b DaemonPortOptions
|
|
Name= suboption.
|
|
If this suboption is not set,
|
|
"Daemon#",
|
|
where # is the daemon number,
|
|
is used.
|
|
.ip ${daemon_port}
|
|
The port the daemon is accepting connection on.
|
|
Unless
|
|
.b DaemonPortOptions
|
|
is set, this will most likely be
|
|
.q 25 .
|
|
.ip ${deliveryMode}
|
|
The current delivery mode sendmail is using.
|
|
It is initially set to the value of the
|
|
.b DeliveryMode
|
|
option.
|
|
.ip ${envid}
|
|
The envelope id parameter (ENVID=) passed to sendmail as part of the envelope.
|
|
.ip ${hdrlen}
|
|
The length of the header value which is stored in
|
|
${currHeader} (before possible truncation).
|
|
If this value is greater than or equal to
|
|
.b MAXNAME
|
|
the header has been truncated.
|
|
.ip ${hdr_name}
|
|
The name of the header field for which the current header
|
|
check ruleset has been called.
|
|
This is useful for a default header check ruleset to get
|
|
the name of the header;
|
|
the macro is only available in header check rulesets.
|
|
.ip ${if_addr}
|
|
The IP address of the interface of an incoming connection
|
|
unless it is in the loopback net.
|
|
IPv6 addresses are tagged with "IPv6:" before the address.
|
|
.ip ${if_addr_out}
|
|
The IP address of the interface of an outgoing connection
|
|
unless it is in the loopback net.
|
|
IPv6 addresses are tagged with "IPv6:" before the address.
|
|
.ip ${if_family}
|
|
The IP family of the interface of an incoming connection
|
|
unless it is in the loopback net.
|
|
.ip ${if_family_out}
|
|
The IP family of the interface of an outgoing connection
|
|
unless it is in the loopback net.
|
|
.ip ${if_name}
|
|
The hostname associated with the interface of an incoming connection.
|
|
This macro can be used for
|
|
SmtpGreetingMessage and HReceived for virtual hosting.
|
|
For example:
|
|
.(b
|
|
O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA
|
|
.)b
|
|
.ip ${if_name_out}
|
|
The name of the interface of an outgoing connection.
|
|
.ip ${load_avg}
|
|
The current load average.
|
|
.ip ${mail_addr}
|
|
The address part of the resolved triple of the address given for the
|
|
.sm "SMTP MAIL"
|
|
command.
|
|
Defined in the SMTP server only.
|
|
.ip ${mail_host}
|
|
The host from the resolved triple of the address given for the
|
|
.sm "SMTP MAIL"
|
|
command.
|
|
Defined in the SMTP server only.
|
|
.ip ${mail_mailer}
|
|
The mailer from the resolved triple of the address given for the
|
|
.sm "SMTP MAIL"
|
|
command.
|
|
Defined in the SMTP server only.
|
|
.ip ${msg_id}
|
|
The value of the Message-Id: header.
|
|
.ip ${msg_size}
|
|
The value of the SIZE= parameter,
|
|
i.e., usually the size of the message (in an ESMTP dialogue),
|
|
before the message has been collected, thereafter
|
|
the message size as computed by
|
|
.i sendmail
|
|
(and can be used in check_compat).
|
|
.ip ${nbadrcpts}
|
|
The number of bad recipients for a single message.
|
|
.ip ${nrcpts}
|
|
The number of validated recipients for a single message.
|
|
Note: since recipient validation happens after
|
|
.i check_rcpt
|
|
has been called, the value in this ruleset
|
|
is one less than what might be expected.
|
|
.ip ${ntries}
|
|
The number of delivery attempts.
|
|
.ip ${opMode}
|
|
The current operation mode (from the
|
|
.b \-b
|
|
flag).
|
|
.ip ${quarantine}
|
|
The quarantine reason for the envelope,
|
|
if it is quarantined.
|
|
.ip ${queue_interval}
|
|
The queue run interval given by the
|
|
.b \-q
|
|
flag.
|
|
For example,
|
|
.b \-q30m
|
|
would set
|
|
.b ${queue_interval}
|
|
to
|
|
.q 00:30:00 .
|
|
.ip ${rcpt_addr}
|
|
The address part of the resolved triple of the address given for the
|
|
.sm "SMTP RCPT"
|
|
command.
|
|
Defined in the SMTP server only after a RCPT command.
|
|
.ip ${rcpt_host}
|
|
The host from the resolved triple of the address given for the
|
|
.sm "SMTP RCPT"
|
|
command.
|
|
Defined in the SMTP server only after a RCPT command.
|
|
.ip ${rcpt_mailer}
|
|
The mailer from the resolved triple of the address given for the
|
|
.sm "SMTP RCPT"
|
|
command.
|
|
Defined in the SMTP server only after a RCPT command.
|
|
.ip ${server_addr}
|
|
The address of the server of the current outgoing SMTP connection.
|
|
For LMTP delivery the macro is set to the name of the mailer.
|
|
.ip ${server_name}
|
|
The name of the server of the current outgoing SMTP or LMTP connection.
|
|
.ip ${time}
|
|
The output of the
|
|
.i time (3)
|
|
function, i.e., the number of seconds since 0 hours, 0 minutes,
|
|
0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
|
|
.ip ${tls_version}
|
|
The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2;
|
|
defined after STARTTLS has been used.
|
|
.ip ${total_rate}
|
|
The total number of incoming connections over the time interval specified
|
|
by ConnectionRateWindowSize.
|
|
.ip ${verify}
|
|
The result of the verification of the presented cert;
|
|
only defined after STARTTLS has been used (or attempted).
|
|
Possible values are:
|
|
.(b
|
|
.ta 13n
|
|
OK verification succeeded.
|
|
NO no cert presented.
|
|
NOT no cert requested.
|
|
FAIL cert presented but could not be verified,
|
|
e.g., the signing CA is missing.
|
|
NONE STARTTLS has not been performed.
|
|
TEMP temporary error occurred.
|
|
PROTOCOL some protocol error occurred
|
|
at the ESMTP level (not TLS).
|
|
SOFTWARE STARTTLS handshake failed,
|
|
which is a fatal error for this session,
|
|
the e-mail will be queued.
|
|
.)b
|
|
.pp
|
|
There are three types of dates that can be used.
|
|
The
|
|
.b $a
|
|
and
|
|
.b $b
|
|
macros are in RFC 822 format;
|
|
.b $a
|
|
is the time as extracted from the
|
|
.q Date:
|
|
line of the message
|
|
(if there was one),
|
|
and
|
|
.b $b
|
|
is the current date and time
|
|
(used for postmarks).
|
|
If no
|
|
.q Date:
|
|
line is found in the incoming message,
|
|
.b $a
|
|
is set to the current time also.
|
|
The
|
|
.b $d
|
|
macro is equivalent to the
|
|
.b $b
|
|
macro in UNIX
|
|
(ctime)
|
|
format.
|
|
.pp
|
|
The macros
|
|
.b $w ,
|
|
.b $j ,
|
|
and
|
|
.b $m
|
|
are set to the identity of this host.
|
|
.i Sendmail
|
|
tries to find the fully qualified name of the host
|
|
if at all possible;
|
|
it does this by calling
|
|
.i gethostname (2)
|
|
to get the current hostname
|
|
and then passing that to
|
|
.i gethostbyname (3)
|
|
which is supposed to return the canonical version of that host name.\**
|
|
.(f
|
|
\**For example, on some systems
|
|
.i gethostname
|
|
might return
|
|
.q foo
|
|
which would be mapped to
|
|
.q foo.bar.com
|
|
by
|
|
.i gethostbyname .
|
|
.)f
|
|
Assuming this is successful,
|
|
.b $j
|
|
is set to the fully qualified name
|
|
and
|
|
.b $m
|
|
is set to the domain part of the name
|
|
(everything after the first dot).
|
|
The
|
|
.b $w
|
|
macro is set to the first word
|
|
(everything before the first dot)
|
|
if you have a level 5 or higher configuration file;
|
|
otherwise, it is set to the same value as
|
|
.b $j .
|
|
If the canonification is not successful,
|
|
it is imperative that the config file set
|
|
.b $j
|
|
to the fully qualified domain name\**.
|
|
.(f
|
|
\**Older versions of sendmail didn't pre-define
|
|
.b $j
|
|
at all, so up until 8.6,
|
|
config files
|
|
.i always
|
|
had to define
|
|
.b $j .
|
|
.)f
|
|
.pp
|
|
The
|
|
.b $f
|
|
macro is the id of the sender
|
|
as originally determined;
|
|
when mailing to a specific host
|
|
the
|
|
.b $g
|
|
macro is set to the address of the sender
|
|
.ul
|
|
relative to the recipient.
|
|
For example,
|
|
if I send to
|
|
.q bollard@matisse.CS.Berkeley.EDU
|
|
from the machine
|
|
.q vangogh.CS.Berkeley.EDU
|
|
the
|
|
.b $f
|
|
macro will be
|
|
.q eric
|
|
and the
|
|
.b $g
|
|
macro will be
|
|
.q eric@vangogh.CS.Berkeley.EDU.
|
|
.pp
|
|
The
|
|
.b $x
|
|
macro is set to the full name of the sender.
|
|
This can be determined in several ways.
|
|
It can be passed as flag to
|
|
.i sendmail .
|
|
It can be defined in the
|
|
.sm NAME
|
|
environment variable.
|
|
The third choice is the value of the
|
|
.q Full-Name:
|
|
line in the header if it exists,
|
|
and the fourth choice is the comment field
|
|
of a
|
|
.q From:
|
|
line.
|
|
If all of these fail,
|
|
and if the message is being originated locally,
|
|
the full name is looked up in the
|
|
.i /etc/passwd
|
|
file.
|
|
.pp
|
|
When sending,
|
|
the
|
|
.b $h ,
|
|
.b $u ,
|
|
and
|
|
.b $z
|
|
macros get set to the host, user, and home directory
|
|
(if local)
|
|
of the recipient.
|
|
The first two are set from the
|
|
.b $@
|
|
and
|
|
.b $:
|
|
part of the rewriting rules, respectively.
|
|
.pp
|
|
The
|
|
.b $p
|
|
and
|
|
.b $t
|
|
macros are used to create unique strings
|
|
(e.g., for the
|
|
.q Message-Id:
|
|
field).
|
|
The
|
|
.b $i
|
|
macro is set to the queue id on this host;
|
|
if put into the timestamp line
|
|
it can be extremely useful for tracking messages.
|
|
The
|
|
.b $v
|
|
macro is set to be the version number of
|
|
.i sendmail ;
|
|
this is normally put in timestamps
|
|
and has been proven extremely useful for debugging.
|
|
.pp
|
|
The
|
|
.b $c
|
|
field is set to the
|
|
.q "hop count,"
|
|
i.e., the number of times this message has been processed.
|
|
This can be determined
|
|
by the
|
|
.b \-h
|
|
flag on the command line
|
|
or by counting the timestamps in the message.
|
|
.pp
|
|
The
|
|
.b $r
|
|
and
|
|
.b $s
|
|
fields are set to the protocol used to communicate with
|
|
.i sendmail
|
|
and the sending hostname.
|
|
They can be set together using the
|
|
.b \-p
|
|
command line flag or separately using the
|
|
.b \-M
|
|
or
|
|
.b \-oM
|
|
flags.
|
|
.pp
|
|
The
|
|
.b $_
|
|
is set to a validated sender host name.
|
|
If the sender is running an RFC 1413 compliant IDENT server
|
|
and the receiver has the IDENT protocol turned on,
|
|
it will include the user name on that host.
|
|
.pp
|
|
The
|
|
.b ${client_name} ,
|
|
.b ${client_addr} ,
|
|
and
|
|
.b ${client_port}
|
|
macros
|
|
are set to the name, address, and port number of the SMTP client
|
|
who is invoking
|
|
.i sendmail
|
|
as a server.
|
|
These can be used in the
|
|
.i check_*
|
|
rulesets (using the
|
|
.b $&
|
|
deferred evaluation form, of course!).
|
|
.sh 2 "C and F \*- Define Classes"
|
|
.pp
|
|
Classes of phrases may be defined
|
|
to match on the left hand side of rewriting rules,
|
|
where a
|
|
.q phrase
|
|
is a sequence of characters that does not contain space characters.
|
|
For example
|
|
a class of all local names for this site
|
|
might be created
|
|
so that attempts to send to oneself
|
|
can be eliminated.
|
|
These can either be defined directly in the configuration file
|
|
or read in from another file.
|
|
Classes are named as a single letter or a word in {braces}.
|
|
Class names beginning with lower case letters
|
|
and special characters are reserved for system use.
|
|
Classes defined in config files may be given names
|
|
from the set of upper case letters for short names
|
|
or beginning with an upper case letter for long names.
|
|
.pp
|
|
The syntax is:
|
|
.(b F
|
|
.b C \c
|
|
.i c\|phrase1
|
|
.i phrase2...
|
|
.br
|
|
.b F \c
|
|
.i c\|file
|
|
.br
|
|
.b F \c
|
|
.i c\||program
|
|
.br
|
|
.b F \c
|
|
.i c\|[mapkey]@mapclass:mapspec
|
|
.)b
|
|
The first form defines the class
|
|
.i c
|
|
to match any of the named words.
|
|
If
|
|
.i phrase1
|
|
or
|
|
.i phrase2
|
|
is another class,
|
|
e.g.,
|
|
.i $=S ,
|
|
the contents of class
|
|
.i S
|
|
are added to class
|
|
.i c .
|
|
It is permissible to split them among multiple lines;
|
|
for example, the two forms:
|
|
.(b
|
|
CHmonet ucbmonet
|
|
.)b
|
|
and
|
|
.(b
|
|
CHmonet
|
|
CHucbmonet
|
|
.)b
|
|
are equivalent.
|
|
The ``F'' forms
|
|
read the elements of the class
|
|
.i c
|
|
from the named
|
|
.i file ,
|
|
.i program ,
|
|
or
|
|
.i "map specification" .
|
|
Each element should be listed on a separate line.
|
|
To specify an optional file, use ``\-o'' between the class
|
|
name and the file name, e.g.,
|
|
.(b
|
|
Fc \-o /path/to/file
|
|
.)b
|
|
If the file can't be used,
|
|
.i sendmail
|
|
will not complain but silently ignore it.
|
|
The map form should be an optional map key, an at sign,
|
|
and a map class followed by the specification for that map.
|
|
Examples include:
|
|
.(b
|
|
F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host
|
|
F{MyClass}foo@hash:/etc/mail/classes
|
|
.)b
|
|
will fill the class
|
|
.b $={VirtHosts}
|
|
from an LDAP map lookup and
|
|
.b $={MyClass}
|
|
from a hash database map lookup of the
|
|
.b foo .
|
|
There is also a built-in schema that can be accessed by only specifying:
|
|
.(b
|
|
F{\c
|
|
.i ClassName }@LDAP
|
|
.)b
|
|
This will tell sendmail to use the default schema:
|
|
.(b
|
|
\-k (&(objectClass=sendmailMTAClass)
|
|
(sendmailMTAClassName=\c
|
|
.i ClassName )
|
|
(|(sendmailMTACluster=${sendmailMTACluster})
|
|
(sendmailMTAHost=$j)))
|
|
\-v sendmailMTAClassValue
|
|
.)b
|
|
Note that the lookup is only done when sendmail is initially started.
|
|
.pp
|
|
Elements of classes can be accessed in rules using
|
|
.b $=
|
|
or
|
|
.b $~ .
|
|
The
|
|
.b $~
|
|
(match entries not in class)
|
|
only matches a single word;
|
|
multi-word entries in the class are ignored in this context.
|
|
.pp
|
|
Some classes have internal meaning to
|
|
.i sendmail :
|
|
.nr ii 0.5i
|
|
.\".ip $=b
|
|
.\"A set of Content-Types that will not have the newline character
|
|
.\"translated to CR-LF before encoding into base64 MIME.
|
|
.\"The class can have major times
|
|
.\"(e.g.,
|
|
.\".q image )
|
|
.\"or full types
|
|
.\"(such as
|
|
.\".q application/octet-stream ).
|
|
.\"The class is initialized with
|
|
.\".q application/octet-stream ,
|
|
.\".q image ,
|
|
.\".q audio ,
|
|
.\"and
|
|
.\".q video .
|
|
.ip $=e
|
|
contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
|
|
It is predefined to contain
|
|
.q 7bit ,
|
|
.q 8bit ,
|
|
and
|
|
.q binary .
|
|
.ip $=k
|
|
set to be the same as
|
|
.b $k ,
|
|
that is, the UUCP node name.
|
|
.ip $=m
|
|
set to the set of domains by which this host is known,
|
|
initially just
|
|
.b $m .
|
|
.ip $=n
|
|
can be set to the set of MIME body types
|
|
that can never be eight to seven bit encoded.
|
|
It defaults to
|
|
.q multipart/signed .
|
|
Message types
|
|
.q message/*
|
|
and
|
|
.q multipart/*
|
|
are never encoded directly.
|
|
Multipart messages are always handled recursively.
|
|
The handling of message/* messages
|
|
are controlled by class
|
|
.b $=s .
|
|
.ip $=q
|
|
A set of Content-Types that will never be encoded as base64
|
|
(if they have to be encoded, they will be encoded as quoted-printable).
|
|
It can have primary types
|
|
(e.g.,
|
|
.q text )
|
|
or full types
|
|
(such as
|
|
.q text/plain ).
|
|
.ip $=s
|
|
contains the set of subtypes of message that can be treated recursively.
|
|
By default it contains only
|
|
.q rfc822 .
|
|
Other
|
|
.q message/*
|
|
types cannot be 8\(->7 bit encoded.
|
|
If a message containing eight bit data is sent to a seven bit host,
|
|
and that message cannot be encoded into seven bits,
|
|
it will be stripped to 7 bits.
|
|
.ip $=t
|
|
set to the set of trusted users by the
|
|
.b T
|
|
configuration line.
|
|
If you want to read trusted users from a file, use
|
|
.b Ft \c
|
|
.i /file/name .
|
|
.ip $=w
|
|
set to be the set of all names
|
|
this host is known by.
|
|
This can be used to match local hostnames.
|
|
.ip $={persistentMacros}
|
|
set to the macros that should be saved across queue runs.
|
|
Care should be taken when adding macro names to this class.
|
|
.pp
|
|
.i Sendmail
|
|
can be compiled to allow a
|
|
.i scanf (3)
|
|
string on the
|
|
.b F
|
|
line.
|
|
This lets you do simplistic parsing of text files.
|
|
For example, to read all the user names in your system
|
|
.i /etc/passwd
|
|
file into a class, use
|
|
.(b
|
|
FL/etc/passwd %[^:]
|
|
.)b
|
|
which reads every line up to the first colon.
|
|
.sh 2 "M \*- Define Mailer"
|
|
.pp
|
|
Programs and interfaces to mailers
|
|
are defined in this line.
|
|
The format is:
|
|
.(b F
|
|
.b M \c
|
|
.i name ,
|
|
{\c
|
|
.i field =\c
|
|
.i value \|}*
|
|
.)b
|
|
where
|
|
.i name
|
|
is the name of the mailer
|
|
(used internally only)
|
|
and the
|
|
.q field=name
|
|
pairs define attributes of the mailer.
|
|
Fields are:
|
|
.(b
|
|
.ta 1i
|
|
Path The pathname of the mailer
|
|
Flags Special flags for this mailer
|
|
Sender Rewriting set(s) for sender addresses
|
|
Recipient Rewriting set(s) for recipient addresses
|
|
recipients Maximum number of recipients per connection
|
|
Argv An argument vector to pass to this mailer
|
|
Eol The end-of-line string for this mailer
|
|
Maxsize The maximum message length to this mailer
|
|
maxmessages The maximum message deliveries per connection
|
|
Linelimit The maximum line length in the message body
|
|
Directory The working directory for the mailer
|
|
Userid The default user and group id to run as
|
|
Nice The nice(2) increment for the mailer
|
|
Charset The default character set for 8-bit characters
|
|
Type Type information for DSN diagnostics
|
|
Wait The maximum time to wait for the mailer
|
|
Queuegroup The default queue group for the mailer
|
|
/ The root directory for the mailer
|
|
.)b
|
|
Only the first character of the field name is checked
|
|
(it's case-sensitive).
|
|
.pp
|
|
The following flags may be set in the mailer description.
|
|
Any other flags may be used freely
|
|
to conditionally assign headers to messages
|
|
destined for particular mailers.
|
|
Flags marked with \(dg
|
|
are not interpreted by the
|
|
.i sendmail
|
|
binary;
|
|
these are the conventionally used to correlate to the flags portion
|
|
of the
|
|
.b H
|
|
line.
|
|
Flags marked with \(dd
|
|
apply to the mailers for the sender address
|
|
rather than the usual recipient mailers.
|
|
.nr ii 4n
|
|
.ip a
|
|
Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870).
|
|
This flag defaults on if the SMTP greeting message includes the word
|
|
.q ESMTP .
|
|
.ip A
|
|
Look up the user (address) part of the resolved mailer triple,
|
|
in the alias database.
|
|
Normally this is only set for local mailers.
|
|
.ip b
|
|
Force a blank line on the end of a message.
|
|
This is intended to work around some stupid versions of
|
|
/bin/mail
|
|
that require a blank line, but do not provide it themselves.
|
|
It would not normally be used on network mail.
|
|
.ip B
|
|
Strip leading backslashes (\e) off of the address;
|
|
this is a subset of the functionality of the
|
|
.b s
|
|
flag.
|
|
.ip c
|
|
Do not include comments in addresses.
|
|
This should only be used if you have to work around
|
|
a remote mailer that gets confused by comments.
|
|
This strips addresses of the form
|
|
.q "Phrase <address>"
|
|
or
|
|
.q "address (Comment)"
|
|
down to just
|
|
.q address .
|
|
.ip C\(dd
|
|
If mail is
|
|
.i received
|
|
from a mailer with this flag set,
|
|
any addresses in the header that do not have an at sign
|
|
(\c
|
|
.q @ )
|
|
after being rewritten by ruleset three
|
|
will have the
|
|
.q @domain
|
|
clause from the sender envelope address
|
|
tacked on.
|
|
This allows mail with headers of the form:
|
|
.(b
|
|
From: usera@hosta
|
|
To: userb@hostb, userc
|
|
.)b
|
|
to be rewritten as:
|
|
.(b
|
|
From: usera@hosta
|
|
To: userb@hostb, userc@hosta
|
|
.)b
|
|
automatically.
|
|
However, it doesn't really work reliably.
|
|
.ip d
|
|
Do not include angle brackets around route-address syntax addresses.
|
|
This is useful on mailers that are going to pass addresses to a shell
|
|
that might interpret angle brackets as I/O redirection.
|
|
However, it does not protect against other shell metacharacters.
|
|
Therefore, passing addresses to a shell should not be considered secure.
|
|
.ip D\(dg
|
|
This mailer wants a
|
|
.q Date:
|
|
header line.
|
|
.ip e
|
|
This mailer is expensive to connect to,
|
|
so try to avoid connecting normally;
|
|
any necessary connection will occur during a queue run.
|
|
See also option
|
|
.b HoldExpensive .
|
|
.ip E
|
|
Escape lines beginning with
|
|
.q From\0
|
|
in the message with a `>' sign.
|
|
.ip f
|
|
The mailer wants a
|
|
.b \-f
|
|
.i from
|
|
flag,
|
|
but only if this is a network forward operation
|
|
(i.e.,
|
|
the mailer will give an error
|
|
if the executing user
|
|
does not have special permissions).
|
|
.ip F\(dg
|
|
This mailer wants a
|
|
.q From:
|
|
header line.
|
|
.ip g
|
|
Normally,
|
|
.i sendmail
|
|
sends internally generated email (e.g., error messages)
|
|
using the null return address
|
|
as required by RFC 1123.
|
|
However, some mailers don't accept a null return address.
|
|
If necessary,
|
|
you can set the
|
|
.b g
|
|
flag to prevent
|
|
.i sendmail
|
|
from obeying the standards;
|
|
error messages will be sent as from the MAILER-DAEMON
|
|
(actually, the value of the
|
|
.b $n
|
|
macro).
|
|
.ip h
|
|
Upper case should be preserved in host names
|
|
(the $@ portion of the mailer triplet resolved from ruleset 0)
|
|
for this mailer.
|
|
.ip i
|
|
Do User Database rewriting on envelope sender address.
|
|
.ip I
|
|
This flag is deprecated
|
|
and will be removed from a future version.
|
|
This mailer will be speaking SMTP
|
|
to another
|
|
.i sendmail
|
|
\*-
|
|
as such it can use special protocol features.
|
|
This flag should not be used except for debugging purposes
|
|
because it uses
|
|
.b VERB
|
|
as SMTP command.
|
|
.ip j
|
|
Do User Database rewriting on recipients as well as senders.
|
|
.ip k
|
|
Normally when
|
|
.i sendmail
|
|
connects to a host via SMTP,
|
|
it checks to make sure that this isn't accidently the same host name
|
|
as might happen if
|
|
.i sendmail
|
|
is misconfigured or if a long-haul network interface is set in loopback mode.
|
|
This flag disables the loopback check.
|
|
It should only be used under very unusual circumstances.
|
|
.ip K
|
|
Currently unimplemented.
|
|
Reserved for chunking.
|
|
.ip l
|
|
This mailer is local
|
|
(i.e.,
|
|
final delivery will be performed).
|
|
.ip L
|
|
Limit the line lengths as specified in RFC 821.
|
|
This deprecated option should be replaced by the
|
|
.b L=
|
|
mail declaration.
|
|
For historic reasons, the
|
|
.b L
|
|
flag also sets the
|
|
.b 7
|
|
flag.
|
|
.ip m
|
|
This mailer can send to multiple users
|
|
on the same host
|
|
in one transaction.
|
|
When a
|
|
.b $u
|
|
macro occurs in the
|
|
.i argv
|
|
part of the mailer definition,
|
|
that field will be repeated as necessary
|
|
for all qualifying users.
|
|
Removing this flag can defeat duplicate supression on a remote site
|
|
as each recipient is sent in a separate transaction.
|
|
.ip M\(dg
|
|
This mailer wants a
|
|
.q Message-Id:
|
|
header line.
|
|
.ip n
|
|
Do not insert a UNIX-style
|
|
.q From
|
|
line on the front of the message.
|
|
.ip o
|
|
Always run as the owner of the recipient mailbox.
|
|
Normally
|
|
.i sendmail
|
|
runs as the sender for locally generated mail
|
|
or as
|
|
.q daemon
|
|
(actually, the user specified in the
|
|
.b u
|
|
option)
|
|
when delivering network mail.
|
|
The normal behavior is required by most local mailers,
|
|
which will not allow the envelope sender address
|
|
to be set unless the mailer is running as daemon.
|
|
This flag is ignored if the
|
|
.b S
|
|
flag is set.
|
|
.ip p
|
|
Use the route-addr style reverse-path in the SMTP
|
|
.q "MAIL FROM:"
|
|
command
|
|
rather than just the return address;
|
|
although this is required in RFC 821 section 3.1,
|
|
many hosts do not process reverse-paths properly.
|
|
Reverse-paths are officially discouraged by RFC 1123.
|
|
.ip P\(dg
|
|
This mailer wants a
|
|
.q Return-Path:
|
|
line.
|
|
.ip q
|
|
When an address that resolves to this mailer is verified
|
|
(SMTP VRFY command),
|
|
generate 250 responses instead of 252 responses.
|
|
This will imply that the address is local.
|
|
.ip r
|
|
Same as
|
|
.b f ,
|
|
but sends a
|
|
.b \-r
|
|
flag.
|
|
.ip R
|
|
Open SMTP connections from a
|
|
.q secure
|
|
port.
|
|
Secure ports aren't
|
|
(secure, that is)
|
|
except on UNIX machines,
|
|
so it is unclear that this adds anything.
|
|
.i sendmail
|
|
must be running as root to be able to use this flag.
|
|
.ip s
|
|
Strip quote characters (" and \e) off of the address
|
|
before calling the mailer.
|
|
.ip S
|
|
Don't reset the userid
|
|
before calling the mailer.
|
|
This would be used in a secure environment
|
|
where
|
|
.i sendmail
|
|
ran as root.
|
|
This could be used to avoid forged addresses.
|
|
If the
|
|
.b U=
|
|
field is also specified,
|
|
this flag causes the effective user id to be set to that user.
|
|
.ip u
|
|
Upper case should be preserved in user names for this mailer. Standards
|
|
require preservation of case in the local part of addresses, except for
|
|
those address for which your system accepts responsibility.
|
|
RFC 2142 provides a long list of addresses which should be case
|
|
insensitive.
|
|
If you use this flag, you may be violating RFC 2142.
|
|
Note that postmaster is always treated as a case insensitive address
|
|
regardless of this flag.
|
|
.ip U
|
|
This mailer wants UUCP-style
|
|
.q From
|
|
lines with the ugly
|
|
.q "remote from <host>"
|
|
on the end.
|
|
.ip w
|
|
The user must have a valid account on this machine,
|
|
i.e.,
|
|
.i getpwnam
|
|
must succeed.
|
|
If not, the mail is bounced.
|
|
See also the
|
|
.b MailBoxDatabase
|
|
option.
|
|
This is required to get
|
|
.q \&.forward
|
|
capability.
|
|
.ip W
|
|
Ignore long term host status information (see Section
|
|
"Persistent Host Status Information").
|
|
.ip x\(dg
|
|
This mailer wants a
|
|
.q Full-Name:
|
|
header line.
|
|
.ip X
|
|
This mailer wants to use the hidden dot algorithm as specified in RFC 821;
|
|
basically, any line beginning with a dot will have an extra dot prepended
|
|
(to be stripped at the other end).
|
|
This insures that lines in the message containing a dot
|
|
will not terminate the message prematurely.
|
|
.ip z
|
|
Run Local Mail Transfer Protocol (LMTP)
|
|
between
|
|
.i sendmail
|
|
and the local mailer.
|
|
This is a variant on SMTP
|
|
defined in RFC 2033
|
|
that is specifically designed for delivery to a local mailbox.
|
|
.ip Z
|
|
Apply DialDelay (if set) to this mailer.
|
|
.ip 0
|
|
Don't look up MX records for hosts sent via SMTP/LMTP.
|
|
Do not apply
|
|
.b FallbackMXhost
|
|
either.
|
|
.ip 1
|
|
Don't send null characters ('\\0') to this mailer.
|
|
.ip 2
|
|
Don't use ESMTP even if offered; this is useful for broken
|
|
systems that offer ESMTP but fail on EHLO (without recovering
|
|
when HELO is tried next).
|
|
.ip 3
|
|
Extend the list of characters converted to =XX notation
|
|
when converting to Quoted-Printable
|
|
to include those that don't map cleanly between ASCII and EBCDIC.
|
|
Useful if you have IBM mainframes on site.
|
|
.ip 5
|
|
If no aliases are found for this address,
|
|
pass the address through ruleset 5 for possible alternate resolution.
|
|
This is intended to forward the mail to an alternate delivery spot.
|
|
.ip 6
|
|
Strip headers to seven bits.
|
|
.ip 7
|
|
Strip all output to seven bits.
|
|
This is the default if the
|
|
.b L
|
|
flag is set.
|
|
Note that clearing this option is not
|
|
sufficient to get full eight bit data passed through
|
|
.i sendmail .
|
|
If the
|
|
.b 7
|
|
option is set, this is essentially always set,
|
|
since the eighth bit was stripped on input.
|
|
Note that this option will only impact messages
|
|
that didn't have 8\(->7 bit MIME conversions performed.
|
|
.ip 8
|
|
If set,
|
|
it is acceptable to send eight bit data to this mailer;
|
|
the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
|
|
.ip 9
|
|
If set,
|
|
do
|
|
.i limited
|
|
7\(->8 bit MIME conversions.
|
|
These conversions are limited to text/plain data.
|
|
.ip :
|
|
Check addresses to see if they begin
|
|
.q :include: ;
|
|
if they do, convert them to the
|
|
.q *include*
|
|
mailer.
|
|
.ip |
|
|
Check addresses to see if they begin with a `|';
|
|
if they do, convert them to the
|
|
.q prog
|
|
mailer.
|
|
.ip /
|
|
Check addresses to see if they begin with a `/';
|
|
if they do, convert them to the
|
|
.q *file*
|
|
mailer.
|
|
.ip @
|
|
Look up addresses in the user database.
|
|
.ip %
|
|
Do not attempt delivery on initial receipt of a message
|
|
or on queue runs
|
|
unless the queued message is selected
|
|
using one of the -qI/-qR/-qS queue run modifiers
|
|
or an ETRN request.
|
|
.ip !
|
|
Disable an MH hack that drops an explicit
|
|
From: header
|
|
if it is the same as what sendmail would generate.
|
|
.pp
|
|
Configuration files prior to level 6
|
|
assume the `A', `w', `5', `:', `|', `/', and `@' options
|
|
on the mailer named
|
|
.q local .
|
|
.pp
|
|
The mailer with the special name
|
|
.q error
|
|
can be used to generate a user error.
|
|
The (optional) host field is an exit status to be returned,
|
|
and the user field is a message to be printed.
|
|
The exit status may be numeric or one of the values
|
|
USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
|
|
to return the corresponding EX_ exit code,
|
|
or an enhanced error code as described in RFC 1893,
|
|
.ul
|
|
Enhanced Mail System Status Codes.
|
|
For example, the entry:
|
|
.(b
|
|
$#error $@ NOHOST $: Host unknown in this domain
|
|
.)b
|
|
on the RHS of a rule
|
|
will cause the specified error to be generated
|
|
and the
|
|
.q "Host unknown"
|
|
exit status to be returned
|
|
if the LHS matches.
|
|
This mailer is only functional in rulesets 0, 5,
|
|
or one of the check_* rulesets.
|
|
The host field can also contain the special token
|
|
.b quarantine
|
|
which instructs sendmail to quarantine the current message.
|
|
.pp
|
|
The mailer with the special name
|
|
.q discard
|
|
causes any mail sent to it to be discarded
|
|
but otherwise treated as though it were successfully delivered.
|
|
This mailer cannot be used in ruleset 0,
|
|
only in the various address checking rulesets.
|
|
.pp
|
|
The mailer named
|
|
.q local
|
|
.i must
|
|
be defined in every configuration file.
|
|
This is used to deliver local mail,
|
|
and is treated specially in several ways.
|
|
Additionally, three other mailers named
|
|
.q prog ,
|
|
.q *file* ,
|
|
and
|
|
.q *include*
|
|
may be defined to tune the delivery of messages to programs,
|
|
files,
|
|
and :include: lists respectively.
|
|
They default to:
|
|
.(b
|
|
Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
|
|
M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
|
|
M*include*, P=/dev/null, F=su, A=INCLUDE $u
|
|
.)b
|
|
.pp
|
|
Builtin pathnames are [FILE] and [IPC], the former is used for
|
|
delivery to files, the latter for delivery via interprocess communication.
|
|
For mailers that use [IPC] as pathname the argument vector (A=)
|
|
must start with TCP or FILE for delivery via a TCP or a Unix domain socket.
|
|
If TCP is used, the second argument must be the name of the host
|
|
to contact.
|
|
Optionally a third argument can be used to specify a port,
|
|
the default is smtp (port 25).
|
|
If FILE is used, the second argument must be the name of
|
|
the Unix domain socket.
|
|
.pp
|
|
If the argument vector does not contain $u then
|
|
.i sendmail
|
|
will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer.
|
|
.pp
|
|
If no Eol field is defined, then the default is "\\r\\n" for
|
|
SMTP mailers and "\\n" of others.
|
|
.pp
|
|
The Sender and Recipient rewriting sets
|
|
may either be a simple ruleset id
|
|
or may be two ids separated by a slash;
|
|
if so, the first rewriting set is applied to envelope
|
|
addresses
|
|
and the second is applied to headers.
|
|
Setting any value to zero disables corresponding mailer-specific rewriting.
|
|
.pp
|
|
The Directory
|
|
is actually a colon-separated path of directories to try.
|
|
For example, the definition
|
|
.q D=$z:/
|
|
first tries to execute in the recipient's home directory;
|
|
if that is not available,
|
|
it tries to execute in the root of the filesystem.
|
|
This is intended to be used only on the
|
|
.q prog
|
|
mailer,
|
|
since some shells (such as
|
|
.i csh )
|
|
refuse to execute if they cannot read the current directory.
|
|
Since the queue directory is not normally readable by unprivileged users
|
|
.i csh
|
|
scripts as recipients can fail.
|
|
.pp
|
|
The Userid
|
|
specifies the default user and group id to run as,
|
|
overriding the
|
|
.b DefaultUser
|
|
option (q.v.).
|
|
If the
|
|
.b S
|
|
mailer flag is also specified,
|
|
this user and group will be set as the
|
|
effective uid and gid for the process.
|
|
This may be given as
|
|
.i user:group
|
|
to set both the user and group id;
|
|
either may be an integer or a symbolic name to be looked up
|
|
in the
|
|
.i passwd
|
|
and
|
|
.i group
|
|
files respectively.
|
|
If only a symbolic user name is specified,
|
|
the group id in the
|
|
.i passwd
|
|
file for that user is used as the group id.
|
|
.pp
|
|
The Charset field
|
|
is used when converting a message to MIME;
|
|
this is the character set used in the
|
|
Content-Type: header.
|
|
If this is not set, the
|
|
.b DefaultCharset
|
|
option is used,
|
|
and if that is not set, the value
|
|
.q unknown-8bit
|
|
is used.
|
|
.b WARNING:
|
|
this field applies to the sender's mailer,
|
|
not the recipient's mailer.
|
|
For example, if the envelope sender address
|
|
lists an address on the local network
|
|
and the recipient is on an external network,
|
|
the character set will be set from the Charset= field
|
|
for the local network mailer,
|
|
not that of the external network mailer.
|
|
.pp
|
|
The Type= field
|
|
sets the type information
|
|
used in MIME error messages
|
|
as defined by
|
|
RFC 1894.
|
|
It is actually three values separated by slashes:
|
|
the MTA-type (that is, the description of how hosts are named),
|
|
the address type (the description of e-mail addresses),
|
|
and the diagnostic type (the description of error diagnostic codes).
|
|
Each of these must be a registered value
|
|
or begin with
|
|
.q X\- .
|
|
The default is
|
|
.q dns/rfc822/smtp .
|
|
.pp
|
|
The m= field specifies the maximum number of messages
|
|
to attempt to deliver on a single SMTP or LMTP connection.
|
|
The default is infinite.
|
|
.pp
|
|
The r= field specifies the maximum number of recipients
|
|
to attempt to deliver in a single envelope.
|
|
It defaults to 100.
|
|
.pp
|
|
The /= field specifies a new root directory for the mailer. The path is
|
|
macro expanded and then passed to the
|
|
.q chroot
|
|
system call. The root directory is changed before the Directory field is
|
|
consulted or the uid is changed.
|
|
.pp
|
|
The Wait= field specifies the maximum time to wait for the
|
|
mailer to return after sending all data to it.
|
|
This applies to mailers that have been forked by
|
|
.i sendmail .
|
|
.pp
|
|
The Queuegroup= field specifies the default queue group in which
|
|
received mail should be queued.
|
|
This can be overridden by other means as explained in section
|
|
``Queue Groups and Queue Directories''.
|
|
.sh 2 "H \*- Define Header"
|
|
.pp
|
|
The format of the header lines that
|
|
.i sendmail
|
|
inserts into the message
|
|
are defined by the
|
|
.b H
|
|
line.
|
|
The syntax of this line is one of the following:
|
|
.(b F
|
|
.b H \c
|
|
.i hname \c
|
|
.b :
|
|
.i htemplate
|
|
.)b
|
|
.(b F
|
|
.b H [\c
|
|
.b ? \c
|
|
.i mflags \c
|
|
.b ? \c
|
|
.b ]\c
|
|
.i hname \c
|
|
.b :
|
|
.i htemplate
|
|
.)b
|
|
.(b F
|
|
.b H [\c
|
|
.b ?$ \c
|
|
.i {macro} \c
|
|
.b ? \c
|
|
.b ]\c
|
|
.i hname \c
|
|
.b :
|
|
.i htemplate
|
|
.)b
|
|
Continuation lines in this spec
|
|
are reflected directly into the outgoing message.
|
|
The
|
|
.i htemplate
|
|
is macro-expanded before insertion into the message.
|
|
If the
|
|
.i mflags
|
|
(surrounded by question marks)
|
|
are specified,
|
|
at least one of the specified flags
|
|
must be stated in the mailer definition
|
|
for this header to be automatically output.
|
|
If a
|
|
.i ${macro}
|
|
(surrounded by question marks)
|
|
is specified,
|
|
the header will be automatically output
|
|
if the macro is set.
|
|
The macro may be set using any of the normal methods,
|
|
including using the
|
|
.b macro
|
|
storage map in a ruleset.
|
|
If one of these headers is in the input
|
|
it is reflected to the output
|
|
regardless of these flags or macros.
|
|
Notice:
|
|
If a
|
|
.i ${macro}
|
|
is used to set a header, then it is useful to add that macro to class
|
|
.i $={persistentMacros}
|
|
which consists of the macros that should be saved across queue runs.
|
|
.pp
|
|
Some headers have special semantics
|
|
that will be described later.
|
|
.pp
|
|
A secondary syntax allows validation of headers as they are being read.
|
|
To enable validation, use:
|
|
.(b
|
|
.b H \c
|
|
.i Header \c
|
|
.b ": $>" \c
|
|
.i Ruleset
|
|
.b H \c
|
|
.i Header \c
|
|
.b ": $>+" \c
|
|
.i Ruleset
|
|
.)b
|
|
The indicated
|
|
.i Ruleset
|
|
is called for the specified
|
|
.i Header ,
|
|
and can return
|
|
.b $#error
|
|
to reject or quarantine the message or
|
|
.b $#discard
|
|
to discard the message
|
|
(as with the other
|
|
.b check_ *
|
|
rulesets).
|
|
The ruleset receives the header field-body as argument,
|
|
i.e., not the header field-name; see also
|
|
${hdr_name} and ${currHeader}.
|
|
The header is treated as a structured field,
|
|
that is,
|
|
text in parentheses is deleted before processing,
|
|
unless the second form
|
|
.b $>+
|
|
is used.
|
|
Note: only one ruleset can be associated with a header;
|
|
.i sendmail
|
|
will silently ignore multiple entries.
|
|
.pp
|
|
For example, the configuration lines:
|
|
.(b
|
|
HMessage-Id: $>CheckMessageId
|
|
|
|
SCheckMessageId
|
|
R< $+ @ $+ > $@ OK
|
|
R$* $#error $: Illegal Message-Id header
|
|
.)b
|
|
would refuse any message that had a Message-Id: header of any of the
|
|
following forms:
|
|
.(b
|
|
Message-Id: <>
|
|
Message-Id: some text
|
|
Message-Id: <legal text@domain> extra crud
|
|
.)b
|
|
A default ruleset that is called for headers which don't have a
|
|
specific ruleset defined for them can be specified by:
|
|
.(b
|
|
.b H \c
|
|
.i * \c
|
|
.b ": $>" \c
|
|
.i Ruleset
|
|
.)b
|
|
or
|
|
.(b
|
|
.b H \c
|
|
.i * \c
|
|
.b ": $>+" \c
|
|
.i Ruleset
|
|
.)b
|
|
.sh 2 "O \*- Set Option"
|
|
.pp
|
|
There are a number of global options that
|
|
can be set from a configuration file.
|
|
Options are represented by full words;
|
|
some are also representable as single characters for back compatibility.
|
|
The syntax of this line is:
|
|
.(b F
|
|
.b O \0
|
|
.i option \c
|
|
.b = \c
|
|
.i value
|
|
.)b
|
|
This sets option
|
|
.i option
|
|
to be
|
|
.i value .
|
|
Note that there
|
|
.i must
|
|
be a space between the letter `O' and the name of the option.
|
|
An older version is:
|
|
.(b F
|
|
.b O \c
|
|
.i o\|value
|
|
.)b
|
|
where the option
|
|
.i o
|
|
is a single character.
|
|
Depending on the option,
|
|
.i value
|
|
may be a string, an integer,
|
|
a boolean
|
|
(with legal values
|
|
.q t ,
|
|
.q T ,
|
|
.q f ,
|
|
or
|
|
.q F ;
|
|
the default is TRUE),
|
|
or
|
|
a time interval.
|
|
.pp
|
|
All filenames used in options should be absolute paths,
|
|
i.e., starting with '/'.
|
|
Relative filenames most likely cause surprises during operation
|
|
(unless otherwise noted).
|
|
.pp
|
|
The options supported (with the old, one character names in brackets) are:
|
|
.nr ii 1i
|
|
.ip "AliasFile=\fIspec, spec, ...\fP"
|
|
[A]
|
|
Specify possible alias file(s).
|
|
Each
|
|
.i spec
|
|
should be in the format
|
|
``\c
|
|
.i class \c
|
|
.b :
|
|
.i info ''
|
|
where
|
|
.i class \c
|
|
.b :
|
|
is optional and defaults to ``implicit''.
|
|
Note that
|
|
.i info
|
|
is required for all
|
|
.i class es
|
|
except
|
|
.q ldap .
|
|
For the
|
|
.q ldap
|
|
class,
|
|
if
|
|
.i info
|
|
is not specified,
|
|
a default
|
|
.i info
|
|
value is used as follows:
|
|
.(b
|
|
\-k (&(objectClass=sendmailMTAAliasObject)
|
|
(sendmailMTAAliasName=aliases)
|
|
(|(sendmailMTACluster=${sendmailMTACluster})
|
|
(sendmailMTAHost=$j))
|
|
(sendmailMTAKey=%0))
|
|
\-v sendmailMTAAliasValue
|
|
.)b
|
|
Depending on how
|
|
.i sendmail
|
|
is compiled, valid classes are
|
|
.q implicit
|
|
(search through a compiled-in list of alias file types,
|
|
for back compatibility),
|
|
.q hash
|
|
(if
|
|
.sm NEWDB
|
|
is specified),
|
|
.q btree
|
|
(if
|
|
.sm NEWDB
|
|
is specified),
|
|
.q dbm
|
|
(if
|
|
.sm NDBM
|
|
is specified),
|
|
.q stab
|
|
(internal symbol table \*- not normally used
|
|
unless you have no other database lookup),
|
|
.q sequence
|
|
(use a sequence of maps
|
|
previously declared),
|
|
.q ldap
|
|
(if
|
|
.sm LDAPMAP
|
|
is specified),
|
|
or
|
|
.q nis
|
|
(if
|
|
.sm NIS
|
|
is specified).
|
|
If a list of
|
|
.i spec s
|
|
are provided,
|
|
.i sendmail
|
|
searches them in order.
|
|
.ip AliasWait=\fItimeout\fP
|
|
[a]
|
|
If set,
|
|
wait up to
|
|
.i timeout
|
|
(units default to minutes)
|
|
for an
|
|
.q @:@
|
|
entry to exist in the alias database
|
|
before starting up.
|
|
If it does not appear in the
|
|
.i timeout
|
|
interval issue a warning.
|
|
.ip AllowBogusHELO
|
|
[no short name]
|
|
If set, allow HELO SMTP commands that don't include a host name.
|
|
Setting this violates RFC 1123 section 5.2.5,
|
|
but is necessary to interoperate with several SMTP clients.
|
|
If there is a value, it is still checked for legitimacy.
|
|
.ip AuthMaxBits=\fIN\fP
|
|
[no short name]
|
|
Limit the maximum encryption strength for the security layer in
|
|
SMTP AUTH (SASL). Default is essentially unlimited.
|
|
This allows to turn off additional encryption in SASL if
|
|
STARTTLS is already encrypting the communication, because the
|
|
existing encryption strength is taken into account when choosing
|
|
an algorithm for the security layer.
|
|
For example, if STARTTLS is used and the symmetric cipher is 3DES,
|
|
then the the keylength (in bits) is 168.
|
|
Hence setting
|
|
.b AuthMaxBits
|
|
to 168 will disable any encryption in SASL.
|
|
.ip AuthMechanisms
|
|
[no short name]
|
|
List of authentication mechanisms for AUTH (separated by spaces).
|
|
The advertised list of authentication mechanisms will be the
|
|
intersection of this list and the list of available mechanisms as
|
|
determined by the Cyrus SASL library.
|
|
If STARTTLS is active, EXTERNAL will be added to this list.
|
|
In that case, the value of {cert_subject} is used as authentication id.
|
|
.ip AuthOptions
|
|
[no short name]
|
|
List of options for SMTP AUTH consisting of single characters
|
|
with intervening white space or commas.
|
|
.(b
|
|
.ta 4n
|
|
A Use the AUTH= parameter for the MAIL FROM
|
|
command only when authentication succeeded.
|
|
This can be used as a workaround for broken
|
|
MTAs that do not implement RFC 2554 correctly.
|
|
a protection from active (non-dictionary) attacks
|
|
during authentication exchange.
|
|
c require mechanisms which pass client credentials,
|
|
and allow mechanisms which can pass credentials
|
|
to do so.
|
|
d don't permit mechanisms susceptible to passive
|
|
dictionary attack.
|
|
f require forward secrecy between sessions
|
|
(breaking one won't help break next).
|
|
m require mechanisms which provide mutual authentication
|
|
(only available if using Cyrus SASL v2 or later).
|
|
p don't permit mechanisms susceptible to simple
|
|
passive attack (e.g., PLAIN, LOGIN), unless a
|
|
security layer is active.
|
|
y don't permit mechanisms that allow anonymous login.
|
|
.)b
|
|
The first option applies to sendmail as a client, the others to a server.
|
|
Example:
|
|
.(b
|
|
O AuthOptions=p,y
|
|
.)b
|
|
would disallow ANONYMOUS as AUTH mechanism and would
|
|
allow PLAIN and LOGIN only if a security layer (e.g.,
|
|
provided by STARTTLS) is already active.
|
|
The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the
|
|
selected SASL mechanisms.
|
|
Explanations of these properties can be found in the Cyrus SASL documentation.
|
|
.ip AuthRealm
|
|
[no short name]
|
|
The authentication realm that is passed to the Cyrus SASL library.
|
|
If no realm is specified,
|
|
.b $j
|
|
is used.
|
|
See also KNOWNBUGS.
|
|
.ip BadRcptThrottle=\fIN\fP
|
|
[no short name]
|
|
If set and the specified number of recipients in a single SMTP
|
|
transaction have been rejected, sleep for one second after each subsequent
|
|
RCPT command in that transaction.
|
|
.ip BlankSub=\fIc\fP
|
|
[B]
|
|
Set the blank substitution character to
|
|
.i c .
|
|
Unquoted spaces in addresses are replaced by this character.
|
|
Defaults to space (i.e., no change is made).
|
|
.ip CACertPath
|
|
[no short name]
|
|
Path to directory with certificates of CAs.
|
|
This directory directory must contain the hashes of each CA certificate
|
|
as filenames (or as links to them).
|
|
.ip CACertFile
|
|
[no short name]
|
|
File containing one or more CA certificates;
|
|
see section about STARTTLS for more information.
|
|
.ip CertFingerprintAlgorithm
|
|
Specify the fingerprint algorithm (digest) to use for the presented cert.
|
|
If the option is not set,
|
|
md5 is used and the macro
|
|
.p ${cert_md5}
|
|
contains the cert fingerprint.
|
|
If the option is explicitly set,
|
|
the specified algorithm (e.g., sha1) is used
|
|
and the macro
|
|
.b ${cert_fp}
|
|
contains the cert fingerprint.
|
|
.ip CipherList
|
|
Specify cipher list for STARTTLS.
|
|
See
|
|
.i ciphers (1)
|
|
for possible values.
|
|
.ip CheckAliases
|
|
[n]
|
|
Validate the RHS of aliases when rebuilding the alias database.
|
|
.ip CheckpointInterval=\fIN\fP
|
|
[C]
|
|
Checkpoints the queue every
|
|
.i N
|
|
(default 10)
|
|
addresses sent.
|
|
If your system crashes during delivery to a large list,
|
|
this prevents retransmission to any but the last
|
|
.i N
|
|
recipients.
|
|
.ip ClassFactor=\fIfact\fP
|
|
[z]
|
|
The indicated
|
|
.i fact or
|
|
is multiplied by the message class
|
|
(determined by the Precedence: field in the user header
|
|
and the
|
|
.b P
|
|
lines in the configuration file)
|
|
and subtracted from the priority.
|
|
Thus, messages with a higher Priority: will be favored.
|
|
Defaults to 1800.
|
|
.ip ClientCertFile
|
|
[no short name]
|
|
File containing the certificate of the client, i.e., this certificate
|
|
is used when
|
|
.i sendmail
|
|
acts as client (for STARTTLS).
|
|
.ip ClientKeyFile
|
|
[no short name]
|
|
File containing the private key belonging to the client certificate
|
|
(for STARTTLS if
|
|
.i sendmail
|
|
runs as client).
|
|
.ip ClientPortOptions=\fIoptions\fP
|
|
[O]
|
|
Set client SMTP options.
|
|
The options are
|
|
.i key=value
|
|
pairs separated by commas.
|
|
Known keys are:
|
|
.(b
|
|
.ta 1i
|
|
Port Name/number of source port for connection (defaults to any free port)
|
|
Addr Address mask (defaults INADDR_ANY)
|
|
Family Address family (defaults to INET)
|
|
SndBufSize Size of TCP send buffer
|
|
RcvBufSize Size of TCP receive buffer
|
|
Modifier Options (flags) for the client
|
|
.)b
|
|
The
|
|
.i Addr ess
|
|
mask may be a numeric address in IPv4 dot notation or IPv6 colon notation
|
|
or a network name.
|
|
Note that if a network name is specified,
|
|
only the first IP address returned for it will be used.
|
|
This may cause indeterminate behavior for network names
|
|
that resolve to multiple addresses.
|
|
Therefore, use of an address is recommended.
|
|
.i Modifier
|
|
can be the following character:
|
|
.(b
|
|
.ta 1i
|
|
h use name of interface for HELO command
|
|
A don't use AUTH when sending e-mail
|
|
S don't use STARTTLS when sending e-mail
|
|
.)b
|
|
If ``h'' is set, the name corresponding to the outgoing interface
|
|
address (whether chosen via the Connection parameter or
|
|
the default) is used for the HELO/EHLO command.
|
|
However, the name must not start with a square bracket
|
|
and it must contain at least one dot.
|
|
This is a simple test whether the name is not
|
|
an IP address (in square brackets) but a qualified hostname.
|
|
Note that multiple ClientPortOptions settings are allowed
|
|
in order to give settings for each protocol family
|
|
(e.g., one for Family=inet and one for Family=inet6).
|
|
A restriction placed on one family only affects
|
|
outgoing connections on that particular family.
|
|
.ip ClientSSLOptions
|
|
A space or comma separated list of SSL related options for the client side.
|
|
See
|
|
.i SSL_CTX_set_options (3)
|
|
for a list;
|
|
the available values depend on the OpenSSL version against which
|
|
.i sendmail
|
|
is compiled.
|
|
By default,
|
|
.i SSL_OP_ALL
|
|
.i SSL_OP_NO_SSLv2
|
|
.i SSL_OP_NO_TICKET
|
|
.i -SSL_OP_TLSEXT_PADDING
|
|
are used
|
|
(if those options are available).
|
|
Options can be cleared by preceeding them with a minus sign.
|
|
It is also possible to specify numerical values, e.g.,
|
|
.b -0x0010 .
|
|
.ip ColonOkInAddr
|
|
[no short name]
|
|
If set, colons are acceptable in e-mail addresses
|
|
(e.g.,
|
|
.q host:user ).
|
|
If not set, colons indicate the beginning of a RFC 822 group construct
|
|
(\c
|
|
.q "groupname: member1, member2, ... memberN;" ).
|
|
Doubled colons are always acceptable
|
|
(\c
|
|
.q nodename::user )
|
|
and proper route-addr nesting is understood
|
|
(\c
|
|
.q <@relay:user@host> ).
|
|
Furthermore, this option defaults on if the configuration version level
|
|
is less than 6 (for back compatibility).
|
|
However, it must be off for full compatibility with RFC 822.
|
|
.ip ConnectionCacheSize=\fIN\fP
|
|
[k]
|
|
The maximum number of open connections that will be cached at a time.
|
|
The default is one.
|
|
This delays closing the current connection until
|
|
either this invocation of
|
|
.i sendmail
|
|
needs to connect to another host
|
|
or it terminates.
|
|
Setting it to zero defaults to the old behavior,
|
|
that is, connections are closed immediately.
|
|
Since this consumes file descriptors,
|
|
the connection cache should be kept small:
|
|
4 is probably a practical maximum.
|
|
.ip ConnectionCacheTimeout=\fItimeout\fP
|
|
[K]
|
|
The maximum amount of time a cached connection will be permitted to idle
|
|
without activity.
|
|
If this time is exceeded,
|
|
the connection is immediately closed.
|
|
This value should be small (on the order of ten minutes).
|
|
Before
|
|
.i sendmail
|
|
uses a cached connection,
|
|
it always sends a RSET command
|
|
to check the connection;
|
|
if this fails, it reopens the connection.
|
|
This keeps your end from failing if the other end times out.
|
|
The point of this option is to be a good network neighbor
|
|
and avoid using up excessive resources
|
|
on the other end.
|
|
The default is five minutes.
|
|
.ip ConnectOnlyTo=\fIaddress\fP
|
|
[no short name]
|
|
This can be used to
|
|
override the connection address (for testing purposes).
|
|
.ip ConnectionRateThrottle=\fIN\fP
|
|
[no short name]
|
|
If set to a positive value,
|
|
allow no more than
|
|
.i N
|
|
incoming connections in a one second period per daemon.
|
|
This is intended to flatten out peaks
|
|
and allow the load average checking to cut in.
|
|
Defaults to zero (no limits).
|
|
.ip ConnectionRateWindowSize=\fIN\fP
|
|
[no short name]
|
|
Define the length of the interval for which
|
|
the number of incoming connections is maintained.
|
|
The default is 60 seconds.
|
|
.ip ControlSocketName=\fIname\fP
|
|
[no short name]
|
|
Name of the control socket for daemon management.
|
|
A running
|
|
.i sendmail
|
|
daemon can be controlled through this named socket.
|
|
Available commands are:
|
|
.i help,
|
|
.i mstat,
|
|
.i restart,
|
|
.i shutdown,
|
|
and
|
|
.i status.
|
|
The
|
|
.i status
|
|
command returns the current number of daemon children,
|
|
the maximum number of daemon children,
|
|
the free disk space (in blocks) of the queue directory,
|
|
and the load average of the machine expressed as an integer.
|
|
If not set, no control socket will be available.
|
|
Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
|
|
.ip CRLFile=\fIname\fP
|
|
[no short name]
|
|
Name of file that contains certificate
|
|
revocation status, useful for X.509v3 authentication.
|
|
CRL checking requires at least OpenSSL version 0.9.7.
|
|
Note: if a CRLFile is specified but the file is unusable,
|
|
STARTTLS is disabled.
|
|
.ip DHParameters
|
|
This option applies to the server side only.
|
|
Possible values are:
|
|
.(b
|
|
.ta 2i
|
|
5 use precomputed 512 bit prime.
|
|
1 generate 1024 bit prime
|
|
2 generate 2048 bit prime.
|
|
i use included precomputed 2048 bit prime (default).
|
|
none do not use Diffie-Hellman.
|
|
/path/to/file load prime from file.
|
|
.)b
|
|
This is only required if a ciphersuite containing DSA/DH is used.
|
|
The default is ``i'' which selects a precomputed, fixed 2048 bit prime.
|
|
If ``5'' is selected, then precomputed, fixed primes are used.
|
|
Note: this option should not be used
|
|
(unless necessary for compatibility with old implementations).
|
|
If ``1'' or ``2'' is selected, then prime values are computed during startup.
|
|
Note: this operation can take a significant amount of time on a
|
|
slow machine (several seconds), but it is only done once at startup.
|
|
If ``none'' is selected, then TLS ciphersuites containing DSA/DH
|
|
cannot be used.
|
|
If a file name is specified (which must be an absolute path),
|
|
then the primes are read from it.
|
|
It is recommended to generate such a file using a command like this:
|
|
.(b
|
|
openssl dhparam -out /etc/mail/dhparams.pem 2048
|
|
.)b
|
|
If the file is not readable or contains unusable data,
|
|
the default ``i'' is used instead.
|
|
.ip DaemonPortOptions=\fIoptions\fP
|
|
[O]
|
|
Set server SMTP options.
|
|
Each instance of
|
|
.b DaemonPortOptions
|
|
leads to an additional incoming socket.
|
|
The options are
|
|
.i key=value
|
|
pairs.
|
|
Known keys are:
|
|
.(b
|
|
.ta 1i
|
|
Name User-definable name for the daemon (defaults to "Daemon#")
|
|
Port Name/number of listening port (defaults to "smtp")
|
|
Addr Address mask (defaults INADDR_ANY)
|
|
Family Address family (defaults to INET)
|
|
InputMailFilters List of input mail filters for the daemon
|
|
Listen Size of listen queue (defaults to 10)
|
|
Modifier Options (flags) for the daemon
|
|
SndBufSize Size of TCP send buffer
|
|
RcvBufSize Size of TCP receive buffer
|
|
children maximum number of children per daemon, see \fBMaxDaemonChildren\fP.
|
|
DeliveryMode Delivery mode per daemon, see \fBDeliveryMode\fP.
|
|
refuseLA RefuseLA per daemon
|
|
delayLA DelayLA per daemon
|
|
queueLA QueueLA per daemon
|
|
.)b
|
|
The
|
|
.i Name
|
|
key is used for error messages and logging.
|
|
The
|
|
.i Addr ess
|
|
mask may be
|
|
a numeric address in IPv4 dot notation or IPv6 colon notation,
|
|
or a network name,
|
|
or a path to a local socket.
|
|
Note that if a network name is specified,
|
|
only the first IP address returned for it will be used.
|
|
This may cause indeterminate behavior for network names
|
|
that resolve to multiple addresses.
|
|
Therefore, use of an address is recommended.
|
|
The
|
|
.i Family
|
|
key defaults to INET (IPv4).
|
|
IPv6 users who wish to also accept IPv6 connections
|
|
should add additional Family=inet6
|
|
.b DaemonPortOptions
|
|
lines.
|
|
For a local socket, use
|
|
Family=local
|
|
or
|
|
Family=unix.
|
|
The
|
|
.i InputMailFilters
|
|
key overrides the default list of input mail filters listed in the
|
|
.b InputMailFilters
|
|
option.
|
|
If multiple input mail filters are required, they must be separated
|
|
by semicolons (not commas).
|
|
.i Modifier
|
|
can be a sequence (without any delimiters)
|
|
of the following characters:
|
|
.(b
|
|
.ta 1i
|
|
a always require authentication
|
|
b bind to interface through which mail has been received
|
|
c perform hostname canonification (.cf)
|
|
f require fully qualified hostname (.cf)
|
|
s Run smtps (SMTP over SSL) instead of smtp
|
|
u allow unqualified addresses (.cf)
|
|
A disable AUTH (overrides 'a' modifier)
|
|
C don't perform hostname canonification
|
|
E disallow ETRN (see RFC 2476)
|
|
O optional; if opening the socket fails ignore it
|
|
S don't offer STARTTLS
|
|
.)b
|
|
That is, one way to specify a message submission agent (MSA) that
|
|
always requires authentication is:
|
|
.(b
|
|
O DaemonPortOptions=Name=MSA, Port=587, M=Ea
|
|
.)b
|
|
The modifiers that are marked with "(.cf)" have only
|
|
effect in the standard configuration file, in which
|
|
they are available via
|
|
.b ${daemon_flags} .
|
|
Notice: Do
|
|
.b not
|
|
use the ``a'' modifier on a public accessible MTA!
|
|
It should only be used for a MSA that is accessed by authorized
|
|
users for initial mail submission.
|
|
Users must authenticate to use a MSA which has this option turned on.
|
|
The flags ``c'' and ``C'' can change the default for
|
|
hostname canonification in the
|
|
.i sendmail.cf
|
|
file.
|
|
See the relevant documentation for
|
|
.sm FEATURE(nocanonify) .
|
|
The modifier ``f'' disallows addresses of the form
|
|
.b user@host
|
|
unless they are submitted directly.
|
|
The flag ``u'' allows unqualified sender addresses,
|
|
i.e., those without @host.
|
|
``b'' forces sendmail to bind to the interface
|
|
through which the e-mail has been
|
|
received for the outgoing connection.
|
|
.b WARNING:
|
|
Use ``b''
|
|
only if outgoing mail can be routed through the incoming connection's
|
|
interface to its destination. No attempt is made to catch problems due to a
|
|
misconfiguration of this parameter, use it only for virtual hosting
|
|
where each virtual interface can connect to every possible location.
|
|
This will also override possible settings via
|
|
.b ClientPortOptions.
|
|
Note,
|
|
.i sendmail
|
|
will listen on a new socket
|
|
for each occurence of the
|
|
.b DaemonPortOptions
|
|
option in a configuration file.
|
|
The modifier ``O'' causes sendmail to ignore a socket
|
|
if it can't be opened.
|
|
This applies to failures from the socket(2) and bind(2) calls.
|
|
.ip DefaultAuthInfo
|
|
[no short name]
|
|
Filename that contains default authentication information for outgoing
|
|
connections. This file must contain the user id, the authorization id,
|
|
the password (plain text), the realm and the list of mechanisms to use
|
|
on separate lines and must be readable by
|
|
root (or the trusted user) only.
|
|
If no realm is specified,
|
|
.b $j
|
|
is used.
|
|
If no mechanisms are specified, the list given by
|
|
.b AuthMechanisms
|
|
is used.
|
|
Notice: this option is deprecated and will be removed in future versions.
|
|
Moreover, it doesn't work for the MSP since it can't read the file
|
|
(the file must not be group/world-readable otherwise
|
|
.i sendmail
|
|
will complain).
|
|
Use the authinfo ruleset instead which provides more control over
|
|
the usage of the data anyway.
|
|
.ip DefaultCharSet=\fIcharset\fP
|
|
[no short name]
|
|
When a message that has 8-bit characters but is not in MIME format
|
|
is converted to MIME
|
|
(see the EightBitMode option)
|
|
a character set must be included in the Content-Type: header.
|
|
This character set is normally set from the Charset= field
|
|
of the mailer descriptor.
|
|
If that is not set, the value of this option is used.
|
|
If this option is not set, the value
|
|
.q unknown-8bit
|
|
is used.
|
|
.ip DataFileBufferSize=\fIthreshold\fP
|
|
[no short name]
|
|
Set the
|
|
.i threshold ,
|
|
in bytes,
|
|
before a memory-based
|
|
queue data file
|
|
becomes disk-based.
|
|
The default is 4096 bytes.
|
|
.ip DeadLetterDrop=\fIfile\fP
|
|
[no short name]
|
|
Defines the location of the system-wide dead.letter file,
|
|
formerly hardcoded to /usr/tmp/dead.letter.
|
|
If this option is not set (the default),
|
|
sendmail will not attempt to save to a system-wide dead.letter file
|
|
in the event
|
|
it cannot bounce the mail to the user or postmaster.
|
|
Instead, it will rename the qf file
|
|
as it has in the past
|
|
when the dead.letter file could not be opened.
|
|
.ip DefaultUser=\fIuser:group\fP
|
|
[u]
|
|
Set the default userid for mailers to
|
|
.i user:group .
|
|
If
|
|
.i group
|
|
is omitted and
|
|
.i user
|
|
is a user name
|
|
(as opposed to a numeric user id)
|
|
the default group listed in the /etc/passwd file for that user is used
|
|
as the default group.
|
|
Both
|
|
.i user
|
|
and
|
|
.i group
|
|
may be numeric.
|
|
Mailers without the
|
|
.i S
|
|
flag in the mailer definition
|
|
will run as this user.
|
|
Defaults to 1:1.
|
|
The value can also be given as a symbolic user name.\**
|
|
.(f
|
|
\**The old
|
|
.b g
|
|
option has been combined into the
|
|
.b DefaultUser
|
|
option.
|
|
.)f
|
|
.ip DelayLA=\fILA\fP
|
|
[no short name]
|
|
When the system load average exceeds
|
|
.i LA ,
|
|
.i sendmail
|
|
will sleep for one second on most SMTP commands and
|
|
before accepting connections.
|
|
.ip DeliverByMin=\fItime\fP
|
|
[0]
|
|
Set minimum time for Deliver By SMTP Service Extension (RFC 2852).
|
|
If 0, no time is listed, if less than 0, the extension is not offered,
|
|
if greater than 0, it is listed as minimum time
|
|
for the EHLO keyword DELIVERBY.
|
|
.ip DeliveryMode=\fIx\fP
|
|
[d]
|
|
Deliver in mode
|
|
.i x .
|
|
Legal modes are:
|
|
.(b
|
|
.ta 4n
|
|
i Deliver interactively (synchronously)
|
|
b Deliver in background (asynchronously)
|
|
q Just queue the message (deliver during queue run)
|
|
d Defer delivery and all map lookups (deliver during queue run)
|
|
.)b
|
|
Defaults to ``b'' if no option is specified,
|
|
``i'' if it is specified but given no argument
|
|
(i.e., ``Od'' is equivalent to ``Odi'').
|
|
The
|
|
.b \-v
|
|
command line flag sets this to
|
|
.b i .
|
|
Note: for internal reasons,
|
|
``i'' does not work
|
|
if a milter is enabled which can reject or delete recipients.
|
|
In that case the mode will be changed to ``b''.
|
|
.ip DialDelay=\fIsleeptime\fP
|
|
[no short name]
|
|
Dial-on-demand network connections can see timeouts
|
|
if a connection is opened before the call is set up.
|
|
If this is set to an interval and a connection times out
|
|
on the first connection being attempted
|
|
.i sendmail
|
|
will sleep for this amount of time and try again.
|
|
This should give your system time to establish the connection
|
|
to your service provider.
|
|
Units default to seconds, so
|
|
.q DialDelay=5
|
|
uses a five second delay.
|
|
Defaults to zero
|
|
(no retry).
|
|
This delay only applies to mailers which have the
|
|
Z flag set.
|
|
.ip DirectSubmissionModifiers=\fImodifiers\fP
|
|
Defines
|
|
.b ${daemon_flags}
|
|
for direct (command line) submissions.
|
|
If not set,
|
|
.b ${daemon_flags}
|
|
is either "CC f" if the option
|
|
.b \-G
|
|
is used or "c u" otherwise.
|
|
Note that only the the "CC", "c", "f", and "u" flags are checked.
|
|
.ip DontBlameSendmail=\fIoption,option,...\fP
|
|
[no short name]
|
|
In order to avoid possible cracking attempts
|
|
caused by world- and group-writable files and directories,
|
|
.i sendmail
|
|
does paranoid checking when opening most of its support files.
|
|
If for some reason you absolutely must run with,
|
|
for example,
|
|
a group-writable
|
|
.i /etc
|
|
directory,
|
|
then you will have to turn off this checking
|
|
(at the cost of making your system more vulnerable to attack).
|
|
The possible arguments have been described earlier.
|
|
The details of these flags are described above.
|
|
.\"XXX should have more here!!! XXX
|
|
.b "Use of this option is not recommended."
|
|
.ip DontExpandCnames
|
|
[no short name]
|
|
The standards say that all host addresses used in a mail message
|
|
must be fully canonical.
|
|
For example, if your host is named
|
|
.q Cruft.Foo.ORG
|
|
and also has an alias of
|
|
.q FTP.Foo.ORG ,
|
|
the former name must be used at all times.
|
|
This is enforced during host name canonification
|
|
($[ ... $] lookups).
|
|
If this option is set, the protocols are ignored and the
|
|
.q wrong
|
|
thing is done.
|
|
However, the IETF is moving toward changing this standard,
|
|
so the behavior may become acceptable.
|
|
Please note that hosts downstream may still rewrite the address
|
|
to be the true canonical name however.
|
|
.ip DontInitGroups
|
|
[no short name]
|
|
If set,
|
|
.i sendmail
|
|
will avoid using the initgroups(3) call.
|
|
If you are running NIS,
|
|
this causes a sequential scan of the groups.byname map,
|
|
which can cause your NIS server to be badly overloaded in a large domain.
|
|
The cost of this is that the only group found for users
|
|
will be their primary group (the one in the password file),
|
|
which will make file access permissions somewhat more restrictive.
|
|
Has no effect on systems that don't have group lists.
|
|
.ip DontProbeInterfaces
|
|
[no short name]
|
|
.i Sendmail
|
|
normally finds the names of all interfaces active on your machine
|
|
when it starts up
|
|
and adds their name to the
|
|
.b $=w
|
|
class of known host aliases.
|
|
If you have a large number of virtual interfaces
|
|
or if your DNS inverse lookups are slow
|
|
this can be time consuming.
|
|
This option turns off that probing.
|
|
However, you will need to be certain to include all variant names
|
|
in the
|
|
.b $=w
|
|
class by some other mechanism.
|
|
If set to
|
|
.b loopback ,
|
|
loopback interfaces (e.g., lo0) will not be probed.
|
|
.ip DontPruneRoutes
|
|
[R]
|
|
Normally,
|
|
.i sendmail
|
|
tries to eliminate any unnecessary explicit routes
|
|
when sending an error message
|
|
(as discussed in RFC 1123 \(sc 5.2.6).
|
|
For example,
|
|
when sending an error message to
|
|
.(b
|
|
<@known1,@known2,@known3:user@unknown>
|
|
.)b
|
|
.i sendmail
|
|
will strip off the
|
|
.q @known1,@known2
|
|
in order to make the route as direct as possible.
|
|
However, if the
|
|
.b R
|
|
option is set, this will be disabled,
|
|
and the mail will be sent to the first address in the route,
|
|
even if later addresses are known.
|
|
This may be useful if you are caught behind a firewall.
|
|
.ip DoubleBounceAddress=\fIerror-address\fP
|
|
[no short name]
|
|
If an error occurs when sending an error message,
|
|
send the error report
|
|
(termed a
|
|
.q "double bounce"
|
|
because it is an error
|
|
.q bounce
|
|
that occurs when trying to send another error
|
|
.q bounce )
|
|
to the indicated address.
|
|
The address is macro expanded
|
|
at the time of delivery.
|
|
If not set, defaults to
|
|
.q postmaster .
|
|
If set to an empty string, double bounces are dropped.
|
|
.ip EightBitMode=\fIaction\fP
|
|
[8]
|
|
Set handling of eight-bit data.
|
|
There are two kinds of eight-bit data:
|
|
that declared as such using the
|
|
.b BODY=8BITMIME
|
|
ESMTP declaration or the
|
|
.b \-B8BITMIME
|
|
command line flag,
|
|
and undeclared 8-bit data, that is,
|
|
input that just happens to be eight bits.
|
|
There are three basic operations that can happen:
|
|
undeclared 8-bit data can be automatically converted to 8BITMIME,
|
|
undeclared 8-bit data can be passed as-is without conversion to MIME
|
|
(``just send 8''),
|
|
and declared 8-bit data can be converted to 7-bits
|
|
for transmission to a non-8BITMIME mailer.
|
|
The possible
|
|
.i action s
|
|
are:
|
|
.(b
|
|
.\" r Reject undeclared 8-bit data;
|
|
.\" don't convert 8BITMIME\(->7BIT (``reject'')
|
|
s Reject undeclared 8-bit data (``strict'')
|
|
.\" do convert 8BITMIME\(->7BIT (``strict'')
|
|
.\" c Convert undeclared 8-bit data to MIME;
|
|
.\" don't convert 8BITMIME\(->7BIT (``convert'')
|
|
m Convert undeclared 8-bit data to MIME (``mime'')
|
|
.\" do convert 8BITMIME\(->7BIT (``mime'')
|
|
.\" j Pass undeclared 8-bit data;
|
|
.\" don't convert 8BITMIME\(->7BIT (``just send 8'')
|
|
p Pass undeclared 8-bit data (``pass'')
|
|
.\" do convert 8BITMIME\(->7BIT (``pass'')
|
|
.\" a Adaptive algorithm: see below
|
|
.)b
|
|
.\"The adaptive algorithm is to accept 8-bit data,
|
|
.\"converting it to 8BITMIME only if the receiver understands that,
|
|
.\"otherwise just passing it as undeclared 8-bit data;
|
|
.\"8BITMIME\(->7BIT conversions are done.
|
|
In all cases properly declared 8BITMIME data will be converted to 7BIT
|
|
as needed.
|
|
.ip ErrorHeader=\fIfile-or-message\fP
|
|
[E]
|
|
Prepend error messages with the indicated message.
|
|
If it begins with a slash,
|
|
it is assumed to be the pathname of a file
|
|
containing a message (this is the recommended setting).
|
|
Otherwise, it is a literal message.
|
|
The error file might contain the name, email address, and/or phone number
|
|
of a local postmaster who could provide assistance
|
|
to end users.
|
|
If the option is missing or null,
|
|
or if it names a file which does not exist or which is not readable,
|
|
no message is printed.
|
|
.ip ErrorMode=\fIx\fP
|
|
[e]
|
|
Dispose of errors using mode
|
|
.i x .
|
|
The values for
|
|
.i x
|
|
are:
|
|
.(b
|
|
p Print error messages (default)
|
|
q No messages, just give exit status
|
|
m Mail back errors
|
|
w Write back errors (mail if user not logged in)
|
|
e Mail back errors (when applicable) and give zero exit stat always
|
|
.)b
|
|
Note that the last mode,
|
|
.q e ,
|
|
is for Berknet error processing and
|
|
should not be used in normal circumstances.
|
|
Note, too, that mode
|
|
.q q ,
|
|
only applies to errors recognized before sendmail forks for
|
|
background delivery.
|
|
.ip FallbackMXhost=\fIfallbackhost\fP
|
|
[V]
|
|
If specified, the
|
|
.i fallbackhost
|
|
acts like a very low priority MX
|
|
on every host.
|
|
MX records will be looked up for this host,
|
|
unless the name is surrounded by square brackets.
|
|
This is intended to be used by sites with poor network connectivity.
|
|
Messages which are undeliverable due to temporary address failures
|
|
(e.g., DNS failure)
|
|
also go to the FallbackMXhost.
|
|
.ip FallBackSmartHost=\fIhostname\fP
|
|
If specified, the
|
|
.i FallBackSmartHost
|
|
will be used in a last-ditch effort for each host.
|
|
This is intended to be used by sites with "fake internal DNS",
|
|
e.g., a company whose DNS accurately reflects the world
|
|
inside that company's domain but not outside.
|
|
.ip FastSplit
|
|
[no short name]
|
|
If set to a value greater than zero (the default is one),
|
|
it suppresses the MX lookups on addresses
|
|
when they are initially sorted, i.e., for the first delivery attempt.
|
|
This usually results in faster envelope splitting unless the MX records
|
|
are readily available in a local DNS cache.
|
|
To enforce initial sorting based on MX records set
|
|
.b FastSplit
|
|
to zero.
|
|
If the mail is submitted directly from the command line, then
|
|
the value also limits the number of processes to deliver the envelopes;
|
|
if more envelopes are created they are only queued up
|
|
and must be taken care of by a queue run.
|
|
Since the default submission method is via SMTP (either from a MUA
|
|
or via the MSP), the value of
|
|
.b FastSplit
|
|
is seldom used to limit the number of processes to deliver the envelopes.
|
|
.ip ForkEachJob
|
|
[Y]
|
|
If set,
|
|
deliver each job that is run from the queue in a separate process.
|
|
.ip ForwardPath=\fIpath\fP
|
|
[J]
|
|
Set the path for searching for users' .forward files.
|
|
The default is
|
|
.q $z/.forward .
|
|
Some sites that use the automounter may prefer to change this to
|
|
.q /var/forward/$u
|
|
to search a file with the same name as the user in a system directory.
|
|
It can also be set to a sequence of paths separated by colons;
|
|
.i sendmail
|
|
stops at the first file it can successfully and safely open.
|
|
For example,
|
|
.q /var/forward/$u:$z/.forward
|
|
will search first in /var/forward/\c
|
|
.i username
|
|
and then in
|
|
.i ~username /.forward
|
|
(but only if the first file does not exist).
|
|
.ip HeloName=\fIname\fP
|
|
[no short name]
|
|
Set the name to be used for HELO/EHLO (instead of $j).
|
|
.ip HoldExpensive
|
|
[c]
|
|
If an outgoing mailer is marked as being expensive,
|
|
don't connect immediately.
|
|
.ip HostsFile=\fIpath\fP
|
|
[no short name]
|
|
The path to the hosts database,
|
|
normally
|
|
.q /etc/hosts .
|
|
This option is only consulted when sendmail
|
|
is canonifying addresses,
|
|
and then only when
|
|
.q files
|
|
is in the
|
|
.q hosts
|
|
service switch entry.
|
|
In particular, this file is
|
|
.i never
|
|
used when looking up host addresses;
|
|
that is under the control of the system
|
|
.i gethostbyname (3)
|
|
routine.
|
|
.ip HostStatusDirectory=\fIpath\fP
|
|
[no short name]
|
|
The location of the long term host status information.
|
|
When set,
|
|
information about the status of hosts
|
|
(e.g., host down or not accepting connections)
|
|
will be shared between all
|
|
.i sendmail
|
|
processes;
|
|
normally, this information is only held within a single queue run.
|
|
This option requires a connection cache of at least 1 to function.
|
|
If the option begins with a leading `/',
|
|
it is an absolute pathname;
|
|
otherwise,
|
|
it is relative to the mail queue directory.
|
|
A suggested value for sites desiring persistent host status is
|
|
.q \&.hoststat
|
|
(i.e., a subdirectory of the queue directory).
|
|
.ip IgnoreDots
|
|
[i]
|
|
Ignore dots in incoming messages.
|
|
This is always disabled (that is, dots are always accepted)
|
|
when reading SMTP mail.
|
|
.ip InputMailFilters=\fIname,name,...\fP
|
|
A comma separated list of filters which determines which filters
|
|
(see the "X \*- Mail Filter (Milter) Definitions" section)
|
|
and the invocation sequence are contacted for incoming SMTP messages.
|
|
If none are set, no filters will be contacted.
|
|
.ip LDAPDefaultSpec=\fIspec\fP
|
|
[no short name]
|
|
Sets a default map specification for LDAP maps.
|
|
The value should only contain LDAP specific settings
|
|
such as
|
|
.q "-h host -p port -d bindDN" .
|
|
The settings will be used for all LDAP maps
|
|
unless the individual map specification overrides a setting.
|
|
This option should be set before any LDAP maps are defined.
|
|
.ip LogLevel=\fIn\fP
|
|
[L]
|
|
Set the log level to
|
|
.i n .
|
|
Defaults to 9.
|
|
.ip M\fIx\|value\fP
|
|
[no long version]
|
|
Set the macro
|
|
.i x
|
|
to
|
|
.i value .
|
|
This is intended only for use from the command line.
|
|
The
|
|
.b \-M
|
|
flag is preferred.
|
|
.ip MailboxDatabase
|
|
[no short name]
|
|
Type of lookup to find information about local mailboxes,
|
|
defaults to ``pw'' which uses
|
|
.i getpwnam .
|
|
Other types can be introduced by adding them to the source code,
|
|
see libsm/mbdb.c for details.
|
|
.ip UseMSP
|
|
[no short name]
|
|
Use as mail submission program, i.e.,
|
|
allow group writable queue files
|
|
if the group is the same as that of a set-group-ID sendmail binary.
|
|
See the file
|
|
.b sendmail/SECURITY
|
|
in the distribution tarball.
|
|
.ip MatchGECOS
|
|
[G]
|
|
Allow fuzzy matching on the GECOS field.
|
|
If this flag is set,
|
|
and the usual user name lookups fail
|
|
(that is, there is no alias with this name and a
|
|
.i getpwnam
|
|
fails),
|
|
sequentially search the password file
|
|
for a matching entry in the GECOS field.
|
|
This also requires that MATCHGECOS
|
|
be turned on during compilation.
|
|
This option is not recommended.
|
|
.ip MaxAliasRecursion=\fIN\fP
|
|
[no short name]
|
|
The maximum depth of alias recursion (default: 10).
|
|
.ip MaxDaemonChildren=\fIN\fP
|
|
[no short name]
|
|
If set,
|
|
.i sendmail
|
|
will refuse connections when it has more than
|
|
.i N
|
|
children processing incoming mail or automatic queue runs.
|
|
This does not limit the number of outgoing connections.
|
|
If the default
|
|
.b DeliveryMode
|
|
(background) is used, then
|
|
.i sendmail
|
|
may create an almost unlimited number of children
|
|
(depending on the number of transactions and the
|
|
relative execution times of mail receiption and mail delivery).
|
|
If the limit should be enforced, then a
|
|
.b DeliveryMode
|
|
other than background must be used.
|
|
If not set, there is no limit to the number of children --
|
|
that is, the system load average controls this.
|
|
.ip MaxHeadersLength=\fIN\fP
|
|
[no short name]
|
|
The maximum length of the sum of all headers.
|
|
This can be used to prevent a denial of service attack.
|
|
The default is no limit.
|
|
.ip MaxHopCount=\fIN\fP
|
|
[h]
|
|
The maximum hop count.
|
|
Messages that have been processed more than
|
|
.i N
|
|
times are assumed to be in a loop and are rejected.
|
|
Defaults to 25.
|
|
.ip MaxMessageSize=\fIN\fP
|
|
[no short name]
|
|
Specify the maximum message size
|
|
to be advertised in the ESMTP EHLO response.
|
|
Messages larger than this will be rejected.
|
|
If set to a value greater than zero,
|
|
that value will be listed in the SIZE response,
|
|
otherwise SIZE is advertised in the ESMTP EHLO response
|
|
without a parameter.
|
|
.ip MaxMimeHeaderLength=\fIN[/M]\fP
|
|
[no short name]
|
|
Sets the maximum length of certain MIME header field values to
|
|
.i N
|
|
characters.
|
|
These MIME header fields are determined by being a member of
|
|
class {checkMIMETextHeaders}, which currently contains only
|
|
the header Content-Description.
|
|
For some of these headers which take parameters,
|
|
the maximum length of each parameter is set to
|
|
.i M
|
|
if specified. If
|
|
.i /M
|
|
is not specified, one half of
|
|
.i N
|
|
will be used.
|
|
By default,
|
|
these values are 2048 and 1024, respectively.
|
|
To allow any length, a value of 0 can be specified.
|
|
.ip MaxNOOPCommands=\fIN\fP
|
|
Override the default of
|
|
.b MAXNOOPCOMMANDS
|
|
for the number of
|
|
.i useless
|
|
commands, see Section
|
|
"Measures against Denial of Service Attacks".
|
|
.ip MaxQueueChildren=\fIN\fP
|
|
[no short name]
|
|
When set, this limits the number of concurrent queue runner processes to
|
|
.i N.
|
|
This helps to control the amount of system resources used when processing
|
|
the queue. When there are multiple queue groups defined and the total number
|
|
of queue runners for these queue groups would exceed
|
|
.i MaxQueueChildren
|
|
then the queue groups will not all run concurrently. That is, some portion
|
|
of the queue groups will run concurrently such that
|
|
.i MaxQueueChildren
|
|
will not be exceeded, while the remaining queue groups will be run later (in
|
|
round robin order). See also
|
|
.i MaxRunnersPerQueue
|
|
and the section \fBQueue Group Declaration\fP.
|
|
Notice:
|
|
.i sendmail
|
|
does not count individual queue runners, but only sets of processes
|
|
that act on a workgroup.
|
|
Hence the actual number of queue runners may be lower than the limit
|
|
imposed by
|
|
.i MaxQueueChildren .
|
|
This discrepancy can be large if some queue runners have to wait
|
|
for a slow server and if short intervals are used.
|
|
.ip MaxQueueRunSize=\fIN\fP
|
|
[no short name]
|
|
The maximum number of jobs that will be processed
|
|
in a single queue run.
|
|
If not set, there is no limit on the size.
|
|
If you have very large queues or a very short queue run interval
|
|
this could be unstable.
|
|
However, since the first
|
|
.i N
|
|
jobs in queue directory order are run (rather than the
|
|
.i N
|
|
highest priority jobs)
|
|
this should be set as high as possible to avoid
|
|
.q losing
|
|
jobs that happen to fall late in the queue directory.
|
|
Note: this option also restricts the number of entries printed by
|
|
.i mailq .
|
|
That is, if
|
|
.i MaxQueueRunSize
|
|
is set to a value
|
|
.b N
|
|
larger than zero,
|
|
then only
|
|
.b N
|
|
entries are printed per queue group.
|
|
.ip MaxRecipientsPerMessage=\fIN\fP
|
|
[no short name]
|
|
The maximum number of recipients that will be accepted per message
|
|
in an SMTP transaction.
|
|
Note: setting this too low can interfere with sending mail from
|
|
MUAs that use SMTP for initial submission.
|
|
If not set, there is no limit on the number of recipients per envelope.
|
|
.ip MaxRunnersPerQueue=\fIN\fP
|
|
[no short name]
|
|
This sets the default maximum number of queue runners for queue groups.
|
|
Up to
|
|
.i N
|
|
queue runners will work in parallel on a queue group's messages.
|
|
This is useful where the processing of a message in the queue might
|
|
delay the processing of subsequent messages. Such a delay may be the result
|
|
of non-erroneous situations such as a low bandwidth connection.
|
|
May be overridden on a per queue group basis by setting the
|
|
.i Runners
|
|
option; see the section \fBQueue Group Declaration\fP.
|
|
The default is 1 when not set.
|
|
.ip MeToo
|
|
[m]
|
|
Send to me too,
|
|
even if I am in an alias expansion.
|
|
This option is deprecated
|
|
and will be removed from a future version.
|
|
.ip Milter
|
|
[no short name]
|
|
This option has several sub(sub)options.
|
|
The names of the suboptions are separated by dots.
|
|
At the first level the following options are available:
|
|
.(b
|
|
.ta \w'LogLevel'u+3n
|
|
LogLevel Log level for input mail filter actions, defaults to LogLevel.
|
|
macros Specifies list of macro to transmit to filters.
|
|
See list below.
|
|
.)b
|
|
The ``macros'' option has the following suboptions
|
|
which specify the list of macro to transmit to milters
|
|
after a certain event occurred.
|
|
.(b
|
|
.ta \w'envfrom'u+3n
|
|
connect After session connection start
|
|
helo After EHLO/HELO command
|
|
envfrom After MAIL From command
|
|
envrcpt After RCPT To command
|
|
data After DATA command.
|
|
eoh After DATA command and header
|
|
eom After DATA command and terminating ``.''
|
|
.)b
|
|
By default the lists of macros are empty.
|
|
Example:
|
|
.(b
|
|
O Milter.LogLevel=12
|
|
O Milter.macros.connect=j, _, {daemon_name}
|
|
.)b
|
|
.ip MinFreeBlocks=\fIN\fP
|
|
[b]
|
|
Insist on at least
|
|
.i N
|
|
blocks free on the filesystem that holds the queue files
|
|
before accepting email via SMTP.
|
|
If there is insufficient space
|
|
.i sendmail
|
|
gives a 452 response
|
|
to the MAIL command.
|
|
This invites the sender to try again later.
|
|
.ip MaxQueueAge=\fIage\fP
|
|
[no short name]
|
|
If this is set to a value greater than zero,
|
|
entries in the queue will be retried during a queue run
|
|
only if the individual retry time has been reached
|
|
which is doubled for each attempt.
|
|
The maximum retry time is limited by the specified value.
|
|
.ip MinQueueAge=\fIage\fP
|
|
[no short name]
|
|
Don't process any queued jobs
|
|
that have been in the queue less than the indicated time interval.
|
|
This is intended to allow you to get responsiveness
|
|
by processing the queue fairly frequently
|
|
without thrashing your system by trying jobs too often.
|
|
The default units are minutes.
|
|
Note:
|
|
This option is ignored for queue runs that select a subset
|
|
of the queue, i.e.,
|
|
.q \-q[!][I|R|S|Q][string]
|
|
.ip MustQuoteChars=\fIs\fP
|
|
[no short name]
|
|
Sets the list of characters that must be quoted if used in a full name
|
|
that is in the phrase part of a ``phrase <address>'' syntax.
|
|
The default is ``\'.''.
|
|
The characters ``@,;:\e()[]'' are always added to this list.
|
|
.ip NiceQueueRun
|
|
[no short name]
|
|
The priority of queue runners (nice(3)).
|
|
This value must be greater or equal zero.
|
|
.ip NoRecipientAction
|
|
[no short name]
|
|
The action to take when you receive a message that has no valid
|
|
recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
|
|
the last included for back compatibility with old
|
|
.i sendmail s).
|
|
It can be
|
|
.b None
|
|
to pass the message on unmodified,
|
|
which violates the protocol,
|
|
.b Add-To
|
|
to add a To: header with any recipients it can find in the envelope
|
|
(which might expose Bcc: recipients),
|
|
.b Add-Apparently-To
|
|
to add an Apparently-To: header
|
|
(this is only for back-compatibility
|
|
and is officially deprecated),
|
|
.b Add-To-Undisclosed
|
|
to add a header
|
|
.q "To: undisclosed-recipients:;"
|
|
to make the header legal without disclosing anything,
|
|
or
|
|
.b Add-Bcc
|
|
to add an empty Bcc: header.
|
|
.ip OldStyleHeaders
|
|
[o]
|
|
Assume that the headers may be in old format,
|
|
i.e.,
|
|
spaces delimit names.
|
|
This actually turns on
|
|
an adaptive algorithm:
|
|
if any recipient address contains a comma, parenthesis,
|
|
or angle bracket,
|
|
it will be assumed that commas already exist.
|
|
If this flag is not on,
|
|
only commas delimit names.
|
|
Headers are always output with commas between the names.
|
|
Defaults to off.
|
|
.ip OperatorChars=\fIcharlist\fP
|
|
[$o macro]
|
|
The list of characters that are considered to be
|
|
.q operators ,
|
|
that is, characters that delimit tokens.
|
|
All operator characters are tokens by themselves;
|
|
sequences of non-operator characters are also tokens.
|
|
White space characters separate tokens
|
|
but are not tokens themselves \(em for example,
|
|
.q AAA.BBB
|
|
has three tokens, but
|
|
.q "AAA BBB"
|
|
has two.
|
|
If not set, OperatorChars defaults to
|
|
.q \&.\|:\|@\|[\|] ;
|
|
additionally, the characters
|
|
.q (\|)\|<\|>\|,\|;
|
|
are always operators.
|
|
Note that OperatorChars must be set in the
|
|
configuration file before any rulesets.
|
|
.ip PidFile=\fIfilename\fP
|
|
[no short name]
|
|
Filename of the pid file.
|
|
(default is _PATH_SENDMAILPID).
|
|
The
|
|
.i filename
|
|
is macro-expanded before it is opened, and unlinked when
|
|
.i sendmail
|
|
exits.
|
|
.ip PostmasterCopy=\fIpostmaster\fP
|
|
[P]
|
|
If set,
|
|
copies of error messages will be sent to the named
|
|
.i postmaster .
|
|
Only the header of the failed message is sent.
|
|
Errors resulting from messages with a negative precedence will not be sent.
|
|
Since most errors are user problems,
|
|
this is probably not a good idea on large sites,
|
|
and arguably contains all sorts of privacy violations,
|
|
but it seems to be popular with certain operating systems vendors.
|
|
The address is macro expanded
|
|
at the time of delivery.
|
|
Defaults to no postmaster copies.
|
|
.ip PrivacyOptions=\fI\|opt,opt,...\fP
|
|
[p]
|
|
Set the privacy
|
|
.i opt ions.
|
|
``Privacy'' is really a misnomer;
|
|
many of these are just a way of insisting on stricter adherence
|
|
to the SMTP protocol.
|
|
The
|
|
.i opt ions
|
|
can be selected from:
|
|
.(b
|
|
.ta \w'noactualrecipient'u+3n
|
|
public Allow open access
|
|
needmailhelo Insist on HELO or EHLO command before MAIL
|
|
needexpnhelo Insist on HELO or EHLO command before EXPN
|
|
noexpn Disallow EXPN entirely, implies noverb.
|
|
needvrfyhelo Insist on HELO or EHLO command before VRFY
|
|
novrfy Disallow VRFY entirely
|
|
noetrn Disallow ETRN entirely
|
|
noverb Disallow VERB entirely
|
|
restrictmailq Restrict mailq command
|
|
restrictqrun Restrict \-q command line flag
|
|
restrictexpand Restrict \-bv and \-v command line flags
|
|
noreceipts Don't return success DSNs\**
|
|
nobodyreturn Don't return the body of a message with DSNs
|
|
goaway Disallow essentially all SMTP status queries
|
|
authwarnings Put X-Authentication-Warning: headers in messages
|
|
and log warnings
|
|
noactualrecipient Don't put X-Actual-Recipient lines in DSNs
|
|
which reveal the actual account that addresses map to.
|
|
.)b
|
|
.(f
|
|
\**N.B.:
|
|
the
|
|
.b noreceipts
|
|
flag turns off support for RFC 1891
|
|
(Delivery Status Notification).
|
|
.)f
|
|
The
|
|
.q goaway
|
|
pseudo-flag sets all flags except
|
|
.q noreceipts ,
|
|
.q restrictmailq ,
|
|
.q restrictqrun ,
|
|
.q restrictexpand ,
|
|
.q noetrn ,
|
|
and
|
|
.q nobodyreturn .
|
|
If mailq is restricted,
|
|
only people in the same group as the queue directory
|
|
can print the queue.
|
|
If queue runs are restricted,
|
|
only root and the owner of the queue directory
|
|
can run the queue.
|
|
The
|
|
.q restrictexpand
|
|
pseudo-flag instructs
|
|
.i sendmail
|
|
to drop privileges when the
|
|
.b \-bv
|
|
option is given by users who are neither root nor the TrustedUser
|
|
so users cannot read private aliases, forwards, or :include: files.
|
|
It will add the
|
|
.q NonRootSafeAddr
|
|
to the
|
|
.q DontBlameSendmail
|
|
option to prevent misleading unsafe address warnings.
|
|
It also overrides the
|
|
.b \-v
|
|
(verbose) command line option to prevent information leakage.
|
|
Authentication Warnings add warnings about various conditions
|
|
that may indicate attempts to spoof the mail system,
|
|
such as using a non-standard queue directory.
|
|
.ip ProcessTitlePrefix=\fIstring\fP
|
|
[no short name]
|
|
Prefix the process title shown on 'ps' listings with
|
|
.i string .
|
|
The
|
|
.i string
|
|
will be macro processed.
|
|
.ip QueueDirectory=\fIdir\fP
|
|
[Q]
|
|
The QueueDirectory option serves two purposes.
|
|
First, it specifies the directory or set of directories that comprise
|
|
the default queue group.
|
|
Second, it specifies the directory D which is the ancestor of all queue
|
|
directories, and which sendmail uses as its current working directory.
|
|
When sendmail dumps core, it leaves its core files in D.
|
|
There are two cases.
|
|
If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd*\fR),
|
|
then all of the directories or symbolic links to directories
|
|
beginning with `qd' in
|
|
.i /var/spool/mqueue
|
|
will be used as queue directories of the default queue group,
|
|
and
|
|
.i /var/spool/mqueue
|
|
will be used as the working directory D.
|
|
Otherwise,
|
|
\fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR):
|
|
the default queue group consists of the single queue directory \fIdir\fR,
|
|
and the working directory D is set to \fIdir\fR.
|
|
To define additional groups of queue directories,
|
|
use the configuration file `Q' command.
|
|
Do not change the queue directory structure
|
|
while sendmail is running.
|
|
.ip QueueFactor=\fIfactor\fP
|
|
[q]
|
|
Use
|
|
.i factor
|
|
as the multiplier in the map function
|
|
to decide when to just queue up jobs rather than run them.
|
|
This value is divided by the difference between the current load average
|
|
and the load average limit
|
|
(\c
|
|
.b QueueLA
|
|
option)
|
|
to determine the maximum message priority
|
|
that will be sent.
|
|
Defaults to 600000.
|
|
.ip QueueLA=\fILA\fP
|
|
[x]
|
|
When the system load average exceeds
|
|
.i LA
|
|
and the
|
|
.b QueueFactor
|
|
(\c
|
|
.b q )
|
|
option divided by the difference in the current load average and the
|
|
.b QueueLA
|
|
option plus one
|
|
is less than the priority of the message,
|
|
just queue messages
|
|
(i.e., don't try to send them).
|
|
Defaults to 8 multiplied by
|
|
the number of processors online on the system
|
|
(if that can be determined).
|
|
.ip QueueFileMode=\fImode\fP
|
|
[no short name]
|
|
Default permissions for queue files (octal).
|
|
If not set, sendmail uses 0600 unless its real
|
|
and effective uid are different in which case it uses 0644.
|
|
.ip QueueSortOrder=\fIalgorithm\fP
|
|
[no short name]
|
|
Sets the
|
|
.i algorithm
|
|
used for sorting the queue.
|
|
Only the first character of the value is used.
|
|
Legal values are
|
|
.q host
|
|
(to order by the name of the first host name of the first recipient),
|
|
.q filename
|
|
(to order by the name of the queue file name),
|
|
.q time
|
|
(to order by the submission/creation time),
|
|
.q random
|
|
(to order randomly),
|
|
.q modification
|
|
(to order by the modification time of the qf file (older entries first)),
|
|
.q none
|
|
(to not order),
|
|
and
|
|
.q priority
|
|
(to order by message priority).
|
|
Host ordering makes better use of the connection cache,
|
|
but may tend to process low priority messages
|
|
that go to a single host
|
|
over high priority messages that go to several hosts;
|
|
it probably shouldn't be used on slow network links.
|
|
Filename and modification time ordering saves the overhead of
|
|
reading all of the queued items
|
|
before starting the queue run.
|
|
Creation (submission) time ordering is almost always a bad idea,
|
|
since it allows large, bulk mail to go out
|
|
before smaller, personal mail,
|
|
but may have applicability on some hosts with very fast connections.
|
|
Random is useful if several queue runners are started by hand
|
|
which try to drain the same queue since odds are they will be working
|
|
on different parts of the queue at the same time.
|
|
Priority ordering is the default.
|
|
.ip QueueTimeout=\fItimeout\fP
|
|
[T]
|
|
A synonym for
|
|
.q Timeout.queuereturn .
|
|
Use that form instead of the
|
|
.q QueueTimeout
|
|
form.
|
|
.ip RandFile
|
|
[no short name]
|
|
Name of file containing random data or the name of the UNIX socket
|
|
if EGD is used.
|
|
A (required) prefix "egd:" or "file:" specifies the type.
|
|
STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set
|
|
(see sendmail/README).
|
|
.ip ResolverOptions=\fIoptions\fP
|
|
[I]
|
|
Set resolver options.
|
|
Values can be set using
|
|
.b + \c
|
|
.i flag
|
|
and cleared using
|
|
.b \- \c
|
|
.i flag ;
|
|
the
|
|
.i flag s
|
|
can be
|
|
.q debug ,
|
|
.q aaonly ,
|
|
.q usevc ,
|
|
.q primary ,
|
|
.q igntc ,
|
|
.q recurse ,
|
|
.q defnames ,
|
|
.q stayopen ,
|
|
.q use_inet6 ,
|
|
or
|
|
.q dnsrch .
|
|
The string
|
|
.q HasWildcardMX
|
|
(without a
|
|
.b +
|
|
or
|
|
.b \- )
|
|
can be specified to turn off matching against MX records
|
|
when doing name canonifications.
|
|
The string
|
|
.q WorkAroundBrokenAAAA
|
|
(without a
|
|
.b +
|
|
or
|
|
.b \- )
|
|
can be specified to work around some broken nameservers
|
|
which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.
|
|
Notice: it might be necessary to apply the same (or similar) options to
|
|
.i submit.cf
|
|
too.
|
|
.ip RequiresDirfsync
|
|
[no short name]
|
|
This option can be used to override the compile time flag
|
|
.b REQUIRES_DIR_FSYNC
|
|
at runtime by setting it to
|
|
.sm false .
|
|
If the compile time flag is not set, the option is ignored.
|
|
The flag turns on support for file systems that require to call
|
|
.i fsync()
|
|
for a directory if the meta-data in it has been changed.
|
|
This should be turned on at least for older versions of ReiserFS;
|
|
it is enabled by default for Linux.
|
|
According to some information this flag is not needed
|
|
anymore for kernel 2.4.16 and newer.
|
|
.ip RrtImpliesDsn
|
|
[R]
|
|
If this option is set, a
|
|
.q Return-Receipt-To:
|
|
header causes the request of a DSN, which is sent to
|
|
the envelope sender as required by RFC 1891,
|
|
not to the address given in the header.
|
|
.ip RunAsUser=\fIuser\fP
|
|
[no short name]
|
|
The
|
|
.i user
|
|
parameter may be a user name
|
|
(looked up in
|
|
.i /etc/passwd )
|
|
or a numeric user id;
|
|
either form can have
|
|
.q ":group"
|
|
attached
|
|
(where group can be numeric or symbolic).
|
|
If set to a non-zero (non-root) value,
|
|
.i sendmail
|
|
will change to this user id shortly after startup\**.
|
|
.(f
|
|
\**When running as a daemon,
|
|
it changes to this user after accepting a connection
|
|
but before reading any
|
|
.sm SMTP
|
|
commands.
|
|
.)f
|
|
This avoids a certain class of security problems.
|
|
However, this means that all
|
|
.q \&.forward
|
|
and
|
|
.q :include:
|
|
files must be readable by the indicated
|
|
.i user
|
|
and all files to be written must be writable by
|
|
.i user
|
|
Also, all file and program deliveries will be marked unsafe
|
|
unless the option
|
|
.b DontBlameSendmail=NonRootSafeAddr
|
|
is set,
|
|
in which case the delivery will be done as
|
|
.i user .
|
|
It is also incompatible with the
|
|
.b SafeFileEnvironment
|
|
option.
|
|
In other words, it may not actually add much to security on an average system,
|
|
and may in fact detract from security
|
|
(because other file permissions must be loosened).
|
|
However, it should be useful on firewalls and other
|
|
places where users don't have accounts and the aliases file is
|
|
well constrained.
|
|
.ip RecipientFactor=\fIfact\fP
|
|
[y]
|
|
The indicated
|
|
.i fact or
|
|
is added to the priority (thus
|
|
.i lowering
|
|
the priority of the job)
|
|
for each recipient,
|
|
i.e., this value penalizes jobs with large numbers of recipients.
|
|
Defaults to 30000.
|
|
.ip RefuseLA=\fILA\fP
|
|
[X]
|
|
When the system load average exceeds
|
|
.i LA ,
|
|
refuse incoming SMTP connections.
|
|
Defaults to 12 multiplied by
|
|
the number of processors online on the system
|
|
(if that can be determined).
|
|
.ip RejectLogInterval=\fItimeout\fP
|
|
[no short name]
|
|
Log interval when refusing connections for this long
|
|
(default: 3h).
|
|
.ip RetryFactor=\fIfact\fP
|
|
[Z]
|
|
The
|
|
.i fact or
|
|
is added to the priority
|
|
every time a job is processed.
|
|
Thus,
|
|
each time a job is processed,
|
|
its priority will be decreased by the indicated value.
|
|
In most environments this should be positive,
|
|
since hosts that are down are all too often down for a long time.
|
|
Defaults to 90000.
|
|
.ip SafeFileEnvironment=\fIdir\fP
|
|
[no short name]
|
|
If this option is set,
|
|
.i sendmail
|
|
will do a
|
|
.i chroot (2)
|
|
call into the indicated
|
|
.i dir ectory
|
|
before doing any file writes.
|
|
If the file name specified by the user begins with
|
|
.i dir ,
|
|
that partial path name will be stripped off before writing,
|
|
so (for example)
|
|
if the SafeFileEnvironment variable is set to
|
|
.q /safe
|
|
then aliases of
|
|
.q /safe/logs/file
|
|
and
|
|
.q /logs/file
|
|
actually indicate the same file.
|
|
Additionally, if this option is set,
|
|
.i sendmail
|
|
refuses to deliver to symbolic links.
|
|
.ip SaveFromLine
|
|
[f]
|
|
Save
|
|
UNIX-style
|
|
.q From
|
|
lines at the front of headers.
|
|
Normally they are assumed redundant
|
|
and discarded.
|
|
.ip SendMimeErrors
|
|
[j]
|
|
If set, send error messages in MIME format
|
|
(see RFC 2045 and RFC 1344 for details).
|
|
If disabled,
|
|
.i sendmail
|
|
will not return the DSN keyword in response to an EHLO
|
|
and will not do Delivery Status Notification processing as described in
|
|
RFC 1891.
|
|
.ip ServerCertFile
|
|
[no short name]
|
|
File containing the certificate of the server, i.e., this certificate
|
|
is used when sendmail acts as server
|
|
(used for STARTTLS).
|
|
.ip ServerKeyFile
|
|
[no short name]
|
|
File containing the private key belonging to the server certificate
|
|
(used for STARTTLS).
|
|
.ip ServerSSLOptions
|
|
A space or comma separated list of SSL related options for the server side.
|
|
See
|
|
.i SSL_CTX_set_options (3)
|
|
for a list;
|
|
the available values depend on the OpenSSL version against which
|
|
.i sendmail
|
|
is compiled.
|
|
By default,
|
|
.i SSL_OP_ALL
|
|
.i -SSL_OP_TLSEXT_PADDING
|
|
are used
|
|
(if those options are available).
|
|
Options can be cleared by preceeding them with a minus sign.
|
|
It is also possible to specify numerical values, e.g.,
|
|
.b -0x0010 .
|
|
.ip ServiceSwitchFile=\fIfilename\fP
|
|
[no short name]
|
|
If your host operating system has a service switch abstraction
|
|
(e.g., /etc/nsswitch.conf on Solaris
|
|
or /etc/svc.conf on Ultrix and DEC OSF/1)
|
|
that service will be consulted and this option is ignored.
|
|
Otherwise, this is the name of a file
|
|
that provides the list of methods used to implement particular services.
|
|
The syntax is a series of lines,
|
|
each of which is a sequence of words.
|
|
The first word is the service name,
|
|
and following words are service types.
|
|
The services that
|
|
.i sendmail
|
|
consults directly are
|
|
.q aliases
|
|
and
|
|
.q hosts.
|
|
Service types can be
|
|
.q dns ,
|
|
.q nis ,
|
|
.q nisplus ,
|
|
or
|
|
.q files
|
|
(with the caveat that the appropriate support
|
|
must be compiled in
|
|
before the service can be referenced).
|
|
If ServiceSwitchFile is not specified, it defaults to
|
|
/etc/mail/service.switch.
|
|
If that file does not exist, the default switch is:
|
|
.(b
|
|
aliases files
|
|
hosts dns nis files
|
|
.)b
|
|
The default file is
|
|
.q /etc/mail/service.switch .
|
|
.ip SevenBitInput
|
|
[7]
|
|
Strip input to seven bits for compatibility with old systems.
|
|
This shouldn't be necessary.
|
|
.ip SharedMemoryKey
|
|
[no short name]
|
|
Key to use for shared memory segment;
|
|
if not set (or 0), shared memory will not be used.
|
|
If set to
|
|
-1
|
|
.i sendmail
|
|
can select a key itself provided that also
|
|
.b SharedMemoryKeyFile
|
|
is set.
|
|
Requires support for shared memory to be compiled into
|
|
.i sendmail .
|
|
If this option is set,
|
|
.i sendmail
|
|
can share some data between different instances.
|
|
For example, the number of entries in a queue directory
|
|
or the available space in a file system.
|
|
This allows for more efficient program execution, since only
|
|
one process needs to update the data instead of each individual
|
|
process gathering the data each time it is required.
|
|
.ip SharedMemoryKeyFile
|
|
[no short name]
|
|
If
|
|
.b SharedMemoryKey
|
|
is set to
|
|
-1
|
|
then the automatically selected shared memory key will be stored
|
|
in the specified file.
|
|
.ip SingleLineFromHeader
|
|
[no short name]
|
|
If set, From: lines that have embedded newlines are unwrapped
|
|
onto one line.
|
|
This is to get around a botch in Lotus Notes
|
|
that apparently cannot understand legally wrapped RFC 822 headers.
|
|
.ip SingleThreadDelivery
|
|
[no short name]
|
|
If set, a client machine will never try to open two SMTP connections
|
|
to a single server machine at the same time,
|
|
even in different processes.
|
|
That is, if another
|
|
.i sendmail
|
|
is already talking to some host a new
|
|
.i sendmail
|
|
will not open another connection.
|
|
This property is of mixed value;
|
|
although this reduces the load on the other machine,
|
|
it can cause mail to be delayed
|
|
(for example, if one
|
|
.i sendmail
|
|
is delivering a huge message, other
|
|
.i sendmail s
|
|
won't be able to send even small messages).
|
|
Also, it requires another file descriptor
|
|
(for the lock file)
|
|
per connection, so you may have to reduce the
|
|
.b ConnectionCacheSize
|
|
option to avoid running out of per-process file descriptors.
|
|
Requires the
|
|
.b HostStatusDirectory
|
|
option.
|
|
.ip SmtpGreetingMessage=\fImessage\fP
|
|
[$e macro]
|
|
The message printed when the SMTP server starts up.
|
|
Defaults to
|
|
.q "$j Sendmail $v ready at $b".
|
|
.ip SoftBounce
|
|
If set, issue temporary errors (4xy) instead of permanent errors (5xy).
|
|
This can be useful during testing of a new configuration to avoid
|
|
erroneous bouncing of mails.
|
|
.ip StatusFile=\fIfile\fP
|
|
[S]
|
|
Log summary statistics in the named
|
|
.i file .
|
|
If no file name is specified, "statistics" is used.
|
|
If not set,
|
|
no summary statistics are saved.
|
|
This file does not grow in size.
|
|
It can be printed using the
|
|
.i mailstats (8)
|
|
program.
|
|
.ip SuperSafe
|
|
[s]
|
|
This option can be set to True, False, Interactive, or PostMilter.
|
|
If set to True,
|
|
.i sendmail
|
|
will be super-safe when running things,
|
|
i.e., always instantiate the queue file,
|
|
even if you are going to attempt immediate delivery.
|
|
.i Sendmail
|
|
always instantiates the queue file
|
|
before returning control to the client
|
|
under any circumstances.
|
|
This should really
|
|
.i always
|
|
be set to True.
|
|
The Interactive value has been introduced in 8.12 and can
|
|
be used together with
|
|
.b DeliveryMode=i .
|
|
It skips some synchronization calls which are effectively
|
|
doubled in the code execution path for this mode.
|
|
If set to PostMilter,
|
|
.i sendmail
|
|
defers synchronizing the queue file until any milters have
|
|
signaled acceptance of the message.
|
|
PostMilter is useful only when
|
|
.i sendmail
|
|
is running as an SMTP server; in all other situations it
|
|
acts the same as True.
|
|
.ip TLSSrvOptions
|
|
[no short name]
|
|
List of options for SMTP STARTTLS for the server
|
|
consisting of single characters
|
|
with intervening white space or commas.
|
|
The flag ``V'' disables client verification, and hence
|
|
it is not possible to use a client certificate for relaying.
|
|
The flag ``C'' removes the requirement for the TLS server
|
|
to have a cert.
|
|
This only works under very specific circumstances
|
|
and should only be used if the consequences are understood,
|
|
e.g., clients may not work with a server using this.
|
|
.ip TempFileMode=\fImode\fP
|
|
[F]
|
|
The file mode for transcript files, files to which
|
|
.i sendmail
|
|
delivers directly, files in the
|
|
.b HostStatusDirectory ,
|
|
and
|
|
.b StatusFile .
|
|
It is interpreted in octal by default.
|
|
Defaults to 0600.
|
|
.ip Timeout.\fItype\fP=\|\fItimeout\fP
|
|
[r; subsumes old T option as well]
|
|
Set timeout values.
|
|
For more information,
|
|
see section
|
|
.\" XREF
|
|
4.1.
|
|
.ip TimeZoneSpec=\fItzinfo\fP
|
|
[t]
|
|
Set the local time zone info to
|
|
.i tzinfo
|
|
\*- for example,
|
|
.q PST8PDT .
|
|
Actually, if this is not set,
|
|
the TZ environment variable is cleared (so the system default is used);
|
|
if set but null, the user's TZ variable is used,
|
|
and if set and non-null the TZ variable is set to this value.
|
|
.ip TrustedUser=\fIuser\fP
|
|
[no short name]
|
|
The
|
|
.i user
|
|
parameter may be a user name
|
|
(looked up in
|
|
.i /etc/passwd )
|
|
or a numeric user id.
|
|
Trusted user for file ownership and starting the daemon. If set, generated
|
|
alias databases and the control socket (if configured) will automatically
|
|
be owned by this user.
|
|
.ip TryNullMXList
|
|
[w]
|
|
If this system is the
|
|
.q best
|
|
(that is, lowest preference)
|
|
MX for a given host,
|
|
its configuration rules should normally detect this situation
|
|
and treat that condition specially
|
|
by forwarding the mail to a UUCP feed,
|
|
treating it as local,
|
|
or whatever.
|
|
However, in some cases (such as Internet firewalls)
|
|
you may want to try to connect directly to that host
|
|
as though it had no MX records at all.
|
|
Setting this option causes
|
|
.i sendmail
|
|
to try this.
|
|
The downside is that errors in your configuration
|
|
are likely to be diagnosed as
|
|
.q "host unknown"
|
|
or
|
|
.q "message timed out"
|
|
instead of something more meaningful.
|
|
This option is disrecommended.
|
|
.ip UnixFromLine=\fIfromline\fP
|
|
[$l macro]
|
|
Defines the format used when
|
|
.i sendmail
|
|
must add a UNIX-style From_ line
|
|
(that is, a line beginning
|
|
.q From<space>user ).
|
|
Defaults to
|
|
.q "From $g $d" .
|
|
Don't change this unless your system uses a different UNIX mailbox format
|
|
(very unlikely).
|
|
.ip UnsafeGroupWrites
|
|
[no short name]
|
|
If set (default),
|
|
:include: and .forward files that are group writable are considered
|
|
.q unsafe ,
|
|
that is,
|
|
they cannot reference programs or write directly to files.
|
|
World writable :include: and .forward files
|
|
are always unsafe.
|
|
Note: use
|
|
.b DontBlameSendmail
|
|
instead; this option is deprecated.
|
|
.ip UseCompressedIPv6Addresses
|
|
[no short name]
|
|
If set, the compressed format of IPv6 addresses,
|
|
such as IPV6:::1, will be used,
|
|
instead of the uncompressed format,
|
|
such as IPv6:0:0:0:0:0:0:0:1.
|
|
.ip UseErrorsTo
|
|
[l]
|
|
If there is an
|
|
.q Errors-To:
|
|
header, send error messages to the addresses listed there.
|
|
They normally go to the envelope sender.
|
|
Use of this option causes
|
|
.i sendmail
|
|
to violate RFC 1123.
|
|
This option is disrecommended and deprecated.
|
|
.ip UserDatabaseSpec=\fIudbspec\fP
|
|
[U]
|
|
The user database specification.
|
|
.ip Verbose
|
|
[v]
|
|
Run in verbose mode.
|
|
If this is set,
|
|
.i sendmail
|
|
adjusts options
|
|
.b HoldExpensive
|
|
(old
|
|
.b c )
|
|
and
|
|
.b DeliveryMode
|
|
(old
|
|
.b d )
|
|
so that all mail is delivered completely
|
|
in a single job
|
|
so that you can see the entire delivery process.
|
|
Option
|
|
.b Verbose
|
|
should
|
|
.i never
|
|
be set in the configuration file;
|
|
it is intended for command line use only.
|
|
Note that the use of option
|
|
.b Verbose
|
|
can cause authentication information to leak, if you use a
|
|
sendmail client to authenticate to a server.
|
|
If the authentication mechanism uses plain text passwords
|
|
(as with LOGIN or PLAIN),
|
|
then the password could be compromised.
|
|
To avoid this, do not install sendmail set-user-ID root,
|
|
and disable the
|
|
.b VERB
|
|
SMTP command with a suitable
|
|
.b PrivacyOptions
|
|
setting.
|
|
.ip XscriptFileBufferSize=\fIthreshold\fP
|
|
[no short name]
|
|
Set the
|
|
.i threshold ,
|
|
in bytes,
|
|
before a memory-based
|
|
queue transcript file
|
|
becomes disk-based.
|
|
The default is 4096 bytes.
|
|
.lp
|
|
All options can be specified on the command line using the
|
|
\-O or \-o flag,
|
|
but most will cause
|
|
.i sendmail
|
|
to relinquish its set-user-ID permissions.
|
|
The options that will not cause this are
|
|
SevenBitInput [7],
|
|
EightBitMode [8],
|
|
MinFreeBlocks [b],
|
|
CheckpointInterval [C],
|
|
DeliveryMode [d],
|
|
ErrorMode [e],
|
|
IgnoreDots [i],
|
|
SendMimeErrors [j],
|
|
LogLevel [L],
|
|
MeToo [m],
|
|
OldStyleHeaders [o],
|
|
PrivacyOptions [p],
|
|
SuperSafe [s],
|
|
Verbose [v],
|
|
QueueSortOrder,
|
|
MinQueueAge,
|
|
DefaultCharSet,
|
|
Dial Delay,
|
|
NoRecipientAction,
|
|
ColonOkInAddr,
|
|
MaxQueueRunSize,
|
|
SingleLineFromHeader,
|
|
and
|
|
AllowBogusHELO.
|
|
Actually, PrivacyOptions [p] given on the command line
|
|
are added to those already specified in the
|
|
.i sendmail.cf
|
|
file, i.e., they can't be reset.
|
|
Also, M (define macro) when defining the r or s macros
|
|
is also considered
|
|
.q safe .
|
|
.sh 2 "P \*- Precedence Definitions"
|
|
.pp
|
|
Values for the
|
|
.q "Precedence:"
|
|
field may be defined using the
|
|
.b P
|
|
control line.
|
|
The syntax of this field is:
|
|
.(b
|
|
\fBP\fP\fIname\fP\fB=\fP\fInum\fP
|
|
.)b
|
|
When the
|
|
.i name
|
|
is found in a
|
|
.q Precedence:
|
|
field,
|
|
the message class is set to
|
|
.i num .
|
|
Higher numbers mean higher precedence.
|
|
Numbers less than zero
|
|
have the special property
|
|
that if an error occurs during processing
|
|
the body of the message will not be returned;
|
|
this is expected to be used for
|
|
.q "bulk"
|
|
mail such as through mailing lists.
|
|
The default precedence is zero.
|
|
For example,
|
|
our list of precedences is:
|
|
.(b
|
|
Pfirst-class=0
|
|
Pspecial-delivery=100
|
|
Plist=\-30
|
|
Pbulk=\-60
|
|
Pjunk=\-100
|
|
.)b
|
|
People writing mailing list exploders
|
|
are encouraged to use
|
|
.q "Precedence: list" .
|
|
Older versions of
|
|
.i sendmail
|
|
(which discarded all error returns for negative precedences)
|
|
didn't recognize this name, giving it a default precedence of zero.
|
|
This allows list maintainers to see error returns
|
|
on both old and new versions of
|
|
.i sendmail .
|
|
.sh 2 "V \*- Configuration Version Level"
|
|
.pp
|
|
To provide compatibility with old configuration files,
|
|
the
|
|
.b V
|
|
line has been added to define some very basic semantics
|
|
of the configuration file.
|
|
These are not intended to be long term supports;
|
|
rather, they describe compatibility features
|
|
which will probably be removed in future releases.
|
|
.pp
|
|
.b N.B.:
|
|
these version
|
|
.i levels
|
|
have nothing
|
|
to do with the version
|
|
.i number
|
|
on the files.
|
|
For example,
|
|
as of this writing
|
|
version 10 config files
|
|
(specifically, 8.10)
|
|
used version level 9 configurations.
|
|
.pp
|
|
.q Old
|
|
configuration files are defined as version level one.
|
|
Version level two files make the following changes:
|
|
.np
|
|
Host name canonification ($[ ... $])
|
|
appends a dot if the name is recognized;
|
|
this gives the config file a way of finding out if anything matched.
|
|
(Actually, this just initializes the
|
|
.q host
|
|
map with the
|
|
.q \-a.
|
|
flag \*- you can reset it to anything you prefer
|
|
by declaring the map explicitly.)
|
|
.np
|
|
Default host name extension is consistent throughout processing;
|
|
version level one configurations turned off domain extension
|
|
(that is, adding the local domain name)
|
|
during certain points in processing.
|
|
Version level two configurations are expected to include a trailing dot
|
|
to indicate that the name is already canonical.
|
|
.np
|
|
Local names that are not aliases
|
|
are passed through a new distinguished ruleset five;
|
|
this can be used to append a local relay.
|
|
This behavior can be prevented by resolving the local name
|
|
with an initial `@'.
|
|
That is, something that resolves to a local mailer and a user name of
|
|
.q vikki
|
|
will be passed through ruleset five,
|
|
but a user name of
|
|
.q @vikki
|
|
will have the `@' stripped,
|
|
will not be passed through ruleset five,
|
|
but will otherwise be treated the same as the prior example.
|
|
The expectation is that this might be used to implement a policy
|
|
where mail sent to
|
|
.q vikki
|
|
was handled by a central hub,
|
|
but mail sent to
|
|
.q vikki@localhost
|
|
was delivered directly.
|
|
.pp
|
|
Version level three files
|
|
allow # initiated comments on all lines.
|
|
Exceptions are backslash escaped # marks
|
|
and the $# syntax.
|
|
.pp
|
|
Version level four configurations
|
|
are completely equivalent to level three
|
|
for historical reasons.
|
|
.pp
|
|
Version level five configuration files
|
|
change the default definition of
|
|
.b $w
|
|
to be just the first component of the hostname.
|
|
.pp
|
|
Version level six configuration files
|
|
change many of the local processing options
|
|
(such as aliasing and matching the beginning of the address for
|
|
`|' characters)
|
|
to be mailer flags;
|
|
this allows fine-grained control over the special local processing.
|
|
Level six configuration files may also use long option names.
|
|
The
|
|
.b ColonOkInAddr
|
|
option (to allow colons in the local-part of addresses)
|
|
defaults
|
|
.b on
|
|
for lower numbered configuration files;
|
|
the configuration file requires some additional intelligence
|
|
to properly handle the RFC 822 group construct.
|
|
.pp
|
|
Version level seven configuration files
|
|
used new option names to replace old macros
|
|
(\c
|
|
.b $e
|
|
became
|
|
.b SmtpGreetingMessage ,
|
|
.b $l
|
|
became
|
|
.b UnixFromLine ,
|
|
and
|
|
.b $o
|
|
became
|
|
.b OperatorChars .
|
|
Also, prior to version seven,
|
|
the
|
|
.b F=q
|
|
flag (use 250 instead of 252 return value for
|
|
.sm "SMTP VRFY"
|
|
commands)
|
|
was assumed.
|
|
.pp
|
|
Version level eight configuration files allow
|
|
.b $#
|
|
on the left hand side of ruleset lines.
|
|
.pp
|
|
Version level nine configuration files allow
|
|
parentheses in rulesets, i.e. they are not treated
|
|
as comments and hence removed.
|
|
.pp
|
|
Version level ten configuration files allow
|
|
queue group definitions.
|
|
.pp
|
|
The
|
|
.b V
|
|
line may have an optional
|
|
.b / \c
|
|
.i vendor
|
|
to indicate that this configuration file uses modifications
|
|
specific to a particular vendor\**.
|
|
.(f
|
|
\**And of course, vendors are encouraged to add themselves
|
|
to the list of recognized vendors by editing the routine
|
|
.i setvendor
|
|
in
|
|
.i conf.c .
|
|
Please send e-mail to sendmail@Sendmail.ORG
|
|
to register your vendor dialect.
|
|
.)f
|
|
You may use
|
|
.q /Berkeley
|
|
to emphasize that this configuration file
|
|
uses the Berkeley dialect of
|
|
.i sendmail .
|
|
.sh 2 "K \*- Key File Declaration"
|
|
.pp
|
|
Special maps can be defined using the line:
|
|
.(b
|
|
Kmapname mapclass arguments
|
|
.)b
|
|
The
|
|
.i mapname
|
|
is the handle by which this map is referenced in the rewriting rules.
|
|
The
|
|
.i mapclass
|
|
is the name of a type of map;
|
|
these are compiled in to
|
|
.i sendmail .
|
|
The
|
|
.i arguments
|
|
are interpreted depending on the class;
|
|
typically,
|
|
there would be a single argument naming the file containing the map.
|
|
.pp
|
|
Maps are referenced using the syntax:
|
|
.(b
|
|
$( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
|
|
.)b
|
|
where either or both of the
|
|
.i arguments
|
|
or
|
|
.i default
|
|
portion may be omitted.
|
|
The
|
|
.i "$@ arguments"
|
|
may appear more than once.
|
|
The indicated
|
|
.i key
|
|
and
|
|
.i arguments
|
|
are passed to the appropriate mapping function.
|
|
If it returns a value, it replaces the input.
|
|
If it does not return a value and the
|
|
.i default
|
|
is specified, the
|
|
.i default
|
|
replaces the input.
|
|
Otherwise, the input is unchanged.
|
|
.pp
|
|
The
|
|
.i arguments
|
|
are passed to the map for arbitrary use.
|
|
Most map classes can interpolate these arguments
|
|
into their values using the syntax
|
|
.q %\fIn\fP
|
|
(where
|
|
.i n
|
|
is a digit)
|
|
to indicate the corresponding
|
|
.i argument .
|
|
Argument
|
|
.q %0
|
|
indicates the database key.
|
|
For example, the rule
|
|
.(b
|
|
.ta 1.5i
|
|
R$\- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $)
|
|
.)b
|
|
Looks up the UUCP name in a (user defined) UUCP map;
|
|
if not found it turns it into
|
|
.q \&.UUCP
|
|
form.
|
|
The database might contain records like:
|
|
.(b
|
|
decvax %1@%0.DEC.COM
|
|
research %1@%0.ATT.COM
|
|
.)b
|
|
Note that
|
|
.i default
|
|
clauses never do this mapping.
|
|
.pp
|
|
The built-in map with both name and class
|
|
.q host
|
|
is the host name canonicalization lookup.
|
|
Thus,
|
|
the syntax:
|
|
.(b
|
|
$(host \fIhostname\fP$)
|
|
.)b
|
|
is equivalent to:
|
|
.(b
|
|
$[\fIhostname\fP$]
|
|
.)b
|
|
.pp
|
|
There are many defined classes.
|
|
.ip dbm
|
|
Database lookups using the ndbm(3) library.
|
|
.i Sendmail
|
|
must be compiled with
|
|
.b NDBM
|
|
defined.
|
|
.ip btree
|
|
Database lookups using the btree interface to the Berkeley DB
|
|
library.
|
|
.i Sendmail
|
|
must be compiled with
|
|
.b NEWDB
|
|
defined.
|
|
.ip hash
|
|
Database lookups using the hash interface to the Berkeley DB
|
|
library.
|
|
.i Sendmail
|
|
must be compiled with
|
|
.b NEWDB
|
|
defined.
|
|
.ip nis
|
|
NIS lookups.
|
|
.i Sendmail
|
|
must be compiled with
|
|
.b NIS
|
|
defined.
|
|
.ip nisplus
|
|
NIS+ lookups.
|
|
.i Sendmail
|
|
must be compiled with
|
|
.b NISPLUS
|
|
defined.
|
|
The argument is the name of the table to use for lookups,
|
|
and the
|
|
.b \-k
|
|
and
|
|
.b \-v
|
|
flags may be used to set the key and value columns respectively.
|
|
.ip hesiod
|
|
Hesiod lookups.
|
|
.i Sendmail
|
|
must be compiled with
|
|
.b HESIOD
|
|
defined.
|
|
.ip ldap
|
|
LDAP X500 directory lookups.
|
|
.i Sendmail
|
|
must be compiled with
|
|
.b LDAPMAP
|
|
defined.
|
|
The map supports most of the standard arguments
|
|
and most of the command line arguments of the
|
|
.i ldapsearch
|
|
program.
|
|
Note that,
|
|
by default,
|
|
if a single query matches multiple values,
|
|
only the first value will be returned
|
|
unless the
|
|
.b \-z
|
|
(value separator)
|
|
map flag is set.
|
|
Also, the
|
|
.b \-1
|
|
map flag will treat a multiple value return
|
|
as if there were no matches.
|
|
.ip netinfo
|
|
NeXT NetInfo lookups.
|
|
.i Sendmail
|
|
must be compiled with
|
|
.b NETINFO
|
|
defined.
|
|
.ip text
|
|
Text file lookups.
|
|
The format of the text file is defined by the
|
|
.b \-k
|
|
(key field number),
|
|
.b \-v
|
|
(value field number),
|
|
and
|
|
.b \-z
|
|
(field delimiter)
|
|
flags.
|
|
.ip ph
|
|
PH query map.
|
|
Contributed and supported by
|
|
Mark Roth, roth@uiuc.edu.
|
|
For more information,
|
|
consult the web site
|
|
.q http://www-dev.cites.uiuc.edu/sendmail/ .
|
|
.ip nsd
|
|
nsd map for IRIX 6.5 and later.
|
|
Contributed and supported by Bob Mende of SGI,
|
|
mende@sgi.com.
|
|
.ip stab
|
|
Internal symbol table lookups.
|
|
Used internally for aliasing.
|
|
.ip implicit
|
|
Really should be called
|
|
.q alias
|
|
\(em this is used to get the default lookups
|
|
for alias files,
|
|
and is the default if no class is specified for alias files.
|
|
.ip user
|
|
Looks up users using
|
|
.i getpwnam (3).
|
|
The
|
|
.b \-v
|
|
flag can be used to specify the name of the field to return
|
|
(although this is normally used only to check the existence
|
|
of a user).
|
|
.ip host
|
|
Canonifies host domain names.
|
|
Given a host name it calls the name server
|
|
to find the canonical name for that host.
|
|
.ip bestmx
|
|
Returns the best MX record for a host name given as the key.
|
|
The current machine is always preferred \*-
|
|
that is, if the current machine is one of the hosts listed as a
|
|
lowest-preference MX record, then it will be guaranteed to be returned.
|
|
This can be used to find out if this machine is the target for an MX record,
|
|
and mail can be accepted on that basis.
|
|
If the
|
|
.b \-z
|
|
flag is given, then all MX names are returned,
|
|
separated by the given delimiter.
|
|
.ip dns
|
|
This map requires the option -R to specify the DNS resource record
|
|
type to lookup. The following types are supported:
|
|
A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
|
|
A map lookup will return only one record.
|
|
Hence for some types, e.g., MX records, the return value might be a random
|
|
element of the list due to randomizing in the DNS resolver.
|
|
.ip arpa
|
|
Returns the ``reverse'' for the given IP (IPv4 or IPv6) address,
|
|
i.e., the string for the PTR lookup,
|
|
but without trailing
|
|
.b ip6.arpa
|
|
or
|
|
.b in-addr.arpa .
|
|
For example, the following configuration lines:
|
|
.(b
|
|
Karpa arpa
|
|
SArpa
|
|
R$+ $: $(arpa $1 $)
|
|
.)b
|
|
work like this in test mode:
|
|
.(b
|
|
sendmail -bt
|
|
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
|
|
Enter <ruleset> <address>
|
|
> Arpa IPv6:1:2:dead:beef:9876:0:0:1
|
|
Arpa input: IPv6 : 1 : 2 : dead : beef : 9876 : 0 : 0 : 1
|
|
Arpa returns: 1 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 6 . 7 . 8 . 9 . f . e . e . b . d . a . e . d . 2 . 0 . 0 . 0 . 1 . 0 . 0 . 0
|
|
> Arpa 1.2.3.4
|
|
Arpa input: 1 . 2 . 3 . 4
|
|
Arpa returns: 4 . 3 . 2 . 1
|
|
.)b
|
|
.ip sequence
|
|
The arguments on the `K' line are a list of maps;
|
|
the resulting map searches the argument maps in order
|
|
until it finds a match for the indicated key.
|
|
For example, if the key definition is:
|
|
.(b
|
|
Kmap1 ...
|
|
Kmap2 ...
|
|
Kseqmap sequence map1 map2
|
|
.)b
|
|
then a lookup against
|
|
.q seqmap
|
|
first does a lookup in map1.
|
|
If that is found, it returns immediately.
|
|
Otherwise, the same key is used for map2.
|
|
.ip syslog
|
|
the key is logged via
|
|
.i syslogd \|(8).
|
|
The lookup returns the empty string.
|
|
.ip switch
|
|
Much like the
|
|
.q sequence
|
|
map except that the order of maps is determined by the service switch.
|
|
The argument is the name of the service to be looked up;
|
|
the values from the service switch are appended to the map name
|
|
to create new map names.
|
|
For example, consider the key definition:
|
|
.(b
|
|
Kali switch aliases
|
|
.)b
|
|
together with the service switch entry:
|
|
.(b
|
|
aliases nis files
|
|
.)b
|
|
This causes a query against the map
|
|
.q ali
|
|
to search maps named
|
|
.q ali.nis
|
|
and
|
|
.q ali.files
|
|
in that order.
|
|
.ip dequote
|
|
Strip double quotes (") from a name.
|
|
It does not strip backslashes,
|
|
and will not strip quotes if the resulting string
|
|
would contain unscannable syntax
|
|
(that is, basic errors like unbalanced angle brackets;
|
|
more sophisticated errors such as unknown hosts are not checked).
|
|
The intent is for use when trying to accept mail from systems such as
|
|
DECnet
|
|
that routinely quote odd syntax such as
|
|
.(b
|
|
"49ers::ubell"
|
|
.)b
|
|
A typical usage is probably something like:
|
|
.(b
|
|
Kdequote dequote
|
|
|
|
\&...
|
|
|
|
R$\- $: $(dequote $1 $)
|
|
R$\- $+ $: $>3 $1 $2
|
|
.)b
|
|
Care must be taken to prevent unexpected results;
|
|
for example,
|
|
.(b
|
|
"|someprogram < input > output"
|
|
.)b
|
|
will have quotes stripped,
|
|
but the result is probably not what you had in mind.
|
|
Fortunately these cases are rare.
|
|
.ip regex
|
|
The map definition on the
|
|
.b K
|
|
line contains a regular expression.
|
|
Any key input is compared to that expression using the
|
|
POSIX regular expressions routines regcomp(), regerr(), and regexec().
|
|
Refer to the documentation for those routines for more information
|
|
about the regular expression matching.
|
|
No rewriting of the key is done if the
|
|
.b \-m
|
|
flag is used. Without it, the key is discarded or if
|
|
.b \-s
|
|
if used, it is substituted by the substring matches, delimited by
|
|
.b $|
|
|
or the string specified with the the
|
|
.b \-d
|
|
flag. The flags available for the map are
|
|
.(b
|
|
.ta 4n
|
|
-n not
|
|
-f case sensitive
|
|
-b basic regular expressions (default is extended)
|
|
-s substring match
|
|
-d set the delimiter used for -s
|
|
-a append string to key
|
|
-m match only, do not replace/discard value
|
|
-D perform no lookup in deferred delivery mode.
|
|
.)b
|
|
The
|
|
.b \-s
|
|
flag can include an optional parameter which can be used
|
|
to select the substrings in the result of the lookup. For example,
|
|
.(b
|
|
-s1,3,4
|
|
.)b
|
|
Notes: to match a
|
|
.b $
|
|
in a string,
|
|
\\$$
|
|
must be used.
|
|
If the pattern contains spaces, they must be replaced
|
|
with the blank substitution character, unless it is
|
|
space itself.
|
|
.ip program
|
|
The arguments on the
|
|
.b K
|
|
line are the pathname to a program and any initial parameters to be passed.
|
|
When the map is called,
|
|
the key is added to the initial parameters
|
|
and the program is invoked
|
|
as the default user/group id.
|
|
The first line of standard output is returned as the value of the lookup.
|
|
This has many potential security problems,
|
|
and has terrible performance;
|
|
it should be used only when absolutely necessary.
|
|
.ip macro
|
|
Set or clear a macro value.
|
|
To set a macro,
|
|
pass the value as the first argument in the map lookup.
|
|
To clear a macro,
|
|
do not pass an argument in the map lookup.
|
|
The map always returns the empty string.
|
|
Example of typical usage include:
|
|
.(b
|
|
Kstorage macro
|
|
|
|
\&...
|
|
|
|
# set macro ${MyMacro} to the ruleset match
|
|
R$+ $: $(storage {MyMacro} $@ $1 $) $1
|
|
# set macro ${MyMacro} to an empty string
|
|
R$* $: $(storage {MyMacro} $@ $) $1
|
|
# clear macro ${MyMacro}
|
|
R$\- $: $(storage {MyMacro} $) $1
|
|
.)b
|
|
.ip arith
|
|
Perform simple arithmetic operations.
|
|
The operation is given as key, currently
|
|
+, -, *, /, %,
|
|
|, & (bitwise OR, AND),
|
|
l (for less than), =,
|
|
and r (for random) are supported.
|
|
The two operands are given as arguments.
|
|
The lookup returns the result of the computation,
|
|
i.e.,
|
|
.sm TRUE
|
|
or
|
|
.sm FALSE
|
|
for comparisons, integer values otherwise.
|
|
The r operator returns a pseudo-random number whose value
|
|
lies between the first and second operand
|
|
(which requires that the first operand is smaller than the second).
|
|
All options which are possible for maps are ignored.
|
|
A simple example is:
|
|
.(b
|
|
Kcomp arith
|
|
|
|
\&...
|
|
|
|
Scheck_etrn
|
|
R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1
|
|
RFALSE $# error \&...
|
|
.)b
|
|
.ip socket
|
|
The socket map uses a simple request/reply protocol over TCP or UNIX domain
|
|
sockets to query an external server.
|
|
Both requests and replies are text based and encoded as netstrings,
|
|
i.e., a string "hello there" becomes:
|
|
.(b
|
|
11:hello there,
|
|
.)b
|
|
Note: neither requests nor replies end with CRLF.
|
|
|
|
The request consists of the database map name and the lookup key separated
|
|
by a space character:
|
|
|
|
.(b
|
|
<mapname> ' ' <key>
|
|
.)b
|
|
|
|
The server responds with a status indicator and the result (if any):
|
|
|
|
.(b
|
|
<status> ' ' <result>
|
|
.)b
|
|
|
|
The status indicator specifies the result of the lookup operation itself
|
|
and is one of the following upper case words:
|
|
.(b
|
|
.ta 9n
|
|
OK the key was found, result contains the looked up value
|
|
NOTFOUND the key was not found, the result is empty
|
|
TEMP a temporary failure occured
|
|
TIMEOUT a timeout occured on the server side
|
|
PERM a permanent failure occured
|
|
.)b
|
|
|
|
In case of errors (status TEMP, TIMEOUT or PERM) the result field may
|
|
contain an explanatory message.
|
|
However, the explanatory message is not used any further by
|
|
.i sendmail .
|
|
|
|
Example replies:
|
|
.(b
|
|
31:OK resolved.address@example.com,
|
|
.)b
|
|
|
|
.(b
|
|
56:OK error:550 5.7.1 User does not accept mail from sender,
|
|
.)b
|
|
|
|
in case of successful lookups, or:
|
|
.(b
|
|
8:NOTFOUND,
|
|
.)b
|
|
|
|
in case the key was not found, or:
|
|
.(b
|
|
55:TEMP this text explains that we had a temporary failure,
|
|
.)b
|
|
|
|
in case of a temporary map lookup failure.
|
|
|
|
The socket map uses the same syntax as milters
|
|
(see Section "X \*- Mail Filter (Milter) Definitions")
|
|
to specify the remote endpoint, e.g.,
|
|
.(b
|
|
Ksocket mySocketMap inet:12345@127.0.0.1
|
|
.)b
|
|
|
|
If multiple socket maps define the same remote endpoint, they will share
|
|
a single connection to this endpoint.
|
|
.pp
|
|
Most of these accept as arguments the same optional flags
|
|
and a filename
|
|
(or a mapname for NIS;
|
|
the filename is the root of the database path,
|
|
so that
|
|
.q .db
|
|
or some other extension appropriate for the database type
|
|
will be added to get the actual database name).
|
|
Known flags are:
|
|
.ip "\-o"
|
|
Indicates that this map is optional \*- that is,
|
|
if it cannot be opened,
|
|
no error is produced,
|
|
and
|
|
.i sendmail
|
|
will behave as if the map existed but was empty.
|
|
.ip "\-N, \-O"
|
|
If neither
|
|
.b \-N
|
|
or
|
|
.b \-O
|
|
are specified,
|
|
.i sendmail
|
|
uses an adaptive algorithm to decide whether or not to look for null bytes
|
|
on the end of keys.
|
|
It starts by trying both;
|
|
if it finds any key with a null byte it never tries again without a null byte
|
|
and vice versa.
|
|
If
|
|
.b \-N
|
|
is specified it never tries without a null byte and
|
|
if
|
|
.b \-O
|
|
is specified it never tries with a null byte.
|
|
Setting one of
|
|
these can speed matches but are never necessary.
|
|
If both
|
|
.b \-N
|
|
and
|
|
.b \-O
|
|
are specified,
|
|
.i sendmail
|
|
will never try any matches at all \(em
|
|
that is, everything will appear to fail.
|
|
.ip "\-a\fIx\fP"
|
|
Append the string
|
|
.i x
|
|
on successful matches.
|
|
For example, the default
|
|
.i host
|
|
map appends a dot on successful matches.
|
|
.ip "\-T\fIx\fP"
|
|
Append the string
|
|
.i x
|
|
on temporary failures.
|
|
For example,
|
|
.i x
|
|
would be appended if a DNS lookup returned
|
|
.q "server failed"
|
|
or an NIS lookup could not locate a server.
|
|
See also the
|
|
.b \-t
|
|
flag.
|
|
.ip "\-f"
|
|
Do not fold upper to lower case before looking up the key.
|
|
.ip "\-m"
|
|
Match only (without replacing the value).
|
|
If you only care about the existence of a key and not the value
|
|
(as you might when searching the NIS map
|
|
.q hosts.byname
|
|
for example),
|
|
this flag prevents the map from substituting the value.
|
|
However,
|
|
The \-a argument is still appended on a match,
|
|
and the default is still taken if the match fails.
|
|
.ip "\-k\fIkeycol\fP"
|
|
The key column name (for NIS+) or number
|
|
(for text lookups).
|
|
For LDAP maps this is an LDAP filter string
|
|
in which %s is replaced with the literal contents of the lookup key
|
|
and %0 is replaced with the LDAP escaped contents of the lookup key
|
|
according to RFC 2254.
|
|
If the flag
|
|
.b \-K
|
|
is used, then %1 through %9 are replaced with the LDAP escaped contents
|
|
of the arguments specified in the map lookup.
|
|
.ip "\-v\fIvalcol\fP"
|
|
The value column name (for NIS+) or number
|
|
(for text lookups).
|
|
For LDAP maps this is the name of one or more
|
|
attributes to be returned;
|
|
multiple attributes can be separated by commas.
|
|
If not specified, all attributes found in the match
|
|
will be returned.
|
|
The attributes listed can also include a type and one or more
|
|
objectClass values for matching as described in the LDAP section.
|
|
.ip "\-z\fIdelim\fP"
|
|
The column delimiter (for text lookups).
|
|
It can be a single character or one of the special strings
|
|
.q \|\en
|
|
or
|
|
.q \|\et
|
|
to indicate newline or tab respectively.
|
|
If omitted entirely,
|
|
the column separator is any sequence of white space.
|
|
For LDAP maps this is the separator character
|
|
to combine multiple values
|
|
into a single return string.
|
|
If not set,
|
|
the LDAP lookup will only return the first match found.
|
|
For DNS maps this is the separator character at which
|
|
the result of a query is cut off if is too long.
|
|
.ip "\-t"
|
|
Normally, when a map attempts to do a lookup
|
|
and the server fails
|
|
(e.g.,
|
|
.i sendmail
|
|
couldn't contact any name server;
|
|
this is
|
|
.i not
|
|
the same as an entry not being found in the map),
|
|
the message being processed is queued for future processing.
|
|
The
|
|
.b \-t
|
|
flag turns off this behavior,
|
|
letting the temporary failure (server down)
|
|
act as though it were a permanent failure (entry not found).
|
|
It is particularly useful for DNS lookups,
|
|
where someone else's misconfigured name server can cause problems
|
|
on your machine.
|
|
However, care must be taken to ensure that you don't bounce mail
|
|
that would be resolved correctly if you tried again.
|
|
A common strategy is to forward such mail
|
|
to another, possibly better connected, mail server.
|
|
.ip "\-D"
|
|
Perform no lookup in deferred delivery mode.
|
|
This flag is set by default for the
|
|
.i host
|
|
map.
|
|
.ip "\-S\fIspacesub\fP
|
|
The character to use to replace space characters
|
|
after a successful map lookup (esp. useful for regex
|
|
and syslog maps).
|
|
.ip "\-s\fIspacesub\fP
|
|
For the dequote map only,
|
|
the character to use to replace space characters
|
|
after a successful dequote.
|
|
.ip "\-q"
|
|
Don't dequote the key before lookup.
|
|
.ip "\-L\fIlevel\fP
|
|
For the syslog map only, it specifies the level
|
|
to use for the syslog call.
|
|
.ip "\-A"
|
|
When rebuilding an alias file,
|
|
the
|
|
.b \-A
|
|
flag causes duplicate entries in the text version
|
|
to be merged.
|
|
For example, two entries:
|
|
.(b
|
|
list: user1, user2
|
|
list: user3
|
|
.)b
|
|
would be treated as though it were the single entry
|
|
.(b
|
|
list: user1, user2, user3
|
|
.)b
|
|
in the presence of the
|
|
.b \-A
|
|
flag.
|
|
.pp
|
|
Some additional flags are available for the host and dns maps:
|
|
.ip "\-d"
|
|
delay: specify the resolver's retransmission time interval (in seconds).
|
|
.ip "\-r"
|
|
retry: specify the number of times to retransmit a resolver query.
|
|
.pp
|
|
The dns map has another flag:
|
|
.ip "\-B"
|
|
basedomain: specify a domain that is always appended to queries.
|
|
.pp
|
|
Socket maps have an optional flag:
|
|
.ip "\-d"
|
|
timeout: specify the timeout (in seconds) for communication
|
|
with the socket map server.
|
|
.pp
|
|
The following additional flags are present in the ldap map only:
|
|
.ip "\-R"
|
|
Do not auto chase referrals. sendmail must be compiled with
|
|
.b \-DLDAP_REFERRALS
|
|
to use this flag.
|
|
.ip "\-n"
|
|
Retrieve attribute names only.
|
|
.ip "\-V\fIsep\fP"
|
|
Retrieve both attributes name and value(s),
|
|
separated by
|
|
.i sep .
|
|
.ip "\-r\fIderef\fP"
|
|
Set the alias dereference option to one of never, always, search, or find.
|
|
.ip "\-s\fIscope\fP"
|
|
Set search scope to one of base, one (one level), or sub (subtree).
|
|
.ip "\-h\fIhost\fP"
|
|
LDAP server hostname.
|
|
Some LDAP libraries allow you to specify multiple, space-separated hosts for
|
|
redundancy.
|
|
In addition, each of the hosts listed can be followed by a colon and a port
|
|
number to override the default LDAP port.
|
|
.ip "\-p\fIport\fP"
|
|
LDAP service port.
|
|
.ip "\-H \fILDAPURI\fP"
|
|
Use the specified LDAP URI instead of specifying the hostname and port
|
|
separately with the the
|
|
.b \-h
|
|
and
|
|
.b \-p
|
|
options shown above.
|
|
For example,
|
|
.(b
|
|
-h server.example.com -p 389 -b dc=example,dc=com
|
|
.)b
|
|
is equivalent to
|
|
.(b
|
|
-H ldap://server.example.com:389 -b dc=example,dc=com
|
|
.)b
|
|
If the LDAP library supports it,
|
|
the LDAP URI format however can also request LDAP over SSL by using
|
|
.b ldaps://
|
|
instead of
|
|
.b ldap:// .
|
|
For example:
|
|
.(b
|
|
O LDAPDefaultSpec=-H ldaps://ldap.example.com -b dc=example,dc=com
|
|
.)b
|
|
Similarly, if the LDAP library supports it,
|
|
It can also be used to specify a UNIX domain socket using
|
|
.b ldapi:// :
|
|
.(b
|
|
O LDAPDefaultSpec=-H ldapi://socketfile -b dc=example,dc=com
|
|
.)b
|
|
.ip "\-b\fIbase\fP"
|
|
LDAP search base.
|
|
.ip "\-l\fItimelimit\fP"
|
|
Time limit for LDAP queries.
|
|
.ip "\-Z\fIsizelimit\fP"
|
|
Size (number of matches) limit for LDAP or DNS queries.
|
|
.ip "\-d\fIdistinguished_name\fP"
|
|
The distinguished name to use to login to the LDAP server.
|
|
.ip "\-M\fImethod\fP"
|
|
The method to authenticate to the LDAP server.
|
|
Should be one of
|
|
.b LDAP_AUTH_NONE ,
|
|
.b LDAP_AUTH_SIMPLE ,
|
|
or
|
|
.b LDAP_AUTH_KRBV4 .
|
|
.ip "\-P\fIpasswordfile\fP"
|
|
The file containing the secret key for the
|
|
.b LDAP_AUTH_SIMPLE
|
|
authentication method
|
|
or the name of the Kerberos ticket file for
|
|
.b LDAP_AUTH_KRBV4 .
|
|
.ip "\-1"
|
|
Force LDAP searches to only succeed if a single match is found.
|
|
If multiple values are found,
|
|
the search is treated as if no match was found.
|
|
.ip "\-w\fIversion\fP"
|
|
Set the LDAP API/protocol version to use.
|
|
The default depends on the LDAP client libraries in use.
|
|
For example,
|
|
.b "\-w 3"
|
|
will cause
|
|
.i sendmail
|
|
to use LDAPv3 when communicating with the LDAP server.
|
|
.ip "\-K"
|
|
Treat the LDAP search key as multi-argument and
|
|
replace %1 through %9 in the key with
|
|
the LDAP escaped contents of the lookup arguments specified in the map lookup.
|
|
.pp
|
|
The
|
|
.i dbm
|
|
map appends the strings
|
|
.q \&.pag
|
|
and
|
|
.q \&.dir
|
|
to the given filename;
|
|
the
|
|
.i hash
|
|
and
|
|
.i btree
|
|
maps append
|
|
.q \&.db .
|
|
For example, the map specification
|
|
.(b
|
|
Kuucp dbm \-o \-N /etc/mail/uucpmap
|
|
.)b
|
|
specifies an optional map named
|
|
.q uucp
|
|
of class
|
|
.q dbm ;
|
|
it always has null bytes at the end of every string,
|
|
and the data is located in
|
|
/etc/mail/uucpmap.{dir,pag}.
|
|
.pp
|
|
The program
|
|
.i makemap (8)
|
|
can be used to build any of the three database-oriented maps.
|
|
It takes the following flags:
|
|
.ip \-f
|
|
Do not fold upper to lower case in the map.
|
|
.ip \-N
|
|
Include null bytes in keys.
|
|
.ip \-o
|
|
Append to an existing (old) file.
|
|
.ip \-r
|
|
Allow replacement of existing keys;
|
|
normally, re-inserting an existing key is an error.
|
|
.ip \-v
|
|
Print what is happening.
|
|
.lp
|
|
The
|
|
.i sendmail
|
|
daemon does not have to be restarted to read the new maps
|
|
as long as you change them in place;
|
|
file locking is used so that the maps won't be read
|
|
while they are being updated.
|
|
.pp
|
|
New classes can be added in the routine
|
|
.b setupmaps
|
|
in file
|
|
.b conf.c .
|
|
.sh 2 "Q \*- Queue Group Declaration"
|
|
.pp
|
|
In addition to the option
|
|
.i QueueDirectory,
|
|
queue groups can be declared that define a (group of) queue directories
|
|
under a common name.
|
|
The syntax is as follows:
|
|
.(b F
|
|
.b Q \c
|
|
.i name
|
|
{, \c
|
|
.i field =\c
|
|
.i value \|}+
|
|
.)b
|
|
where
|
|
.i name
|
|
is the symbolic name of the queue group under which
|
|
it can be referenced in various places
|
|
and the
|
|
.q field=value
|
|
pairs define attributes of the queue group.
|
|
The name must only consist of alphanumeric characters.
|
|
Fields are:
|
|
.ip Flags
|
|
Flags for this queue group.
|
|
.ip Nice
|
|
The nice(2) increment for the queue group.
|
|
This value must be greater or equal zero.
|
|
.ip Interval
|
|
The time between two queue runs.
|
|
.ip Path
|
|
The queue directory of the group (required).
|
|
.ip Runners
|
|
The number of parallel runners processing the queue.
|
|
Note that
|
|
.b F=f
|
|
must be set if this value is greater than one.
|
|
.ip Jobs
|
|
The maximum number of jobs (messages delivered) per queue run.
|
|
.ip recipients
|
|
The maximum number of recipients per envelope.
|
|
Envelopes with more than this number of recipients will be split
|
|
into multiple envelopes in the same queue directory.
|
|
The default value 0 means no limit.
|
|
.lp
|
|
Only the first character of the field name is checked.
|
|
.pp
|
|
By default, a queue group named
|
|
.i mqueue
|
|
is defined that uses the value of the
|
|
.i QueueDirectory
|
|
option as path.
|
|
Notice: all paths that are used for queue groups must
|
|
be subdirectories of
|
|
.i QueueDirectory .
|
|
Since they can be symbolic links, this isn't a real restriction,
|
|
If
|
|
.i QueueDirectory
|
|
uses a wildcard, then the directory one level up is considered
|
|
the ``base'' directory which all other queue directories must share.
|
|
Please make sure that the queue directories do not overlap,
|
|
e.g., do not specify
|
|
.(b
|
|
O QueueDirectory=/var/spool/mqueue/*
|
|
Qone, P=/var/spool/mqueue/dir1
|
|
Qtwo, P=/var/spool/mqueue/dir2
|
|
.)b
|
|
because this also includes
|
|
.q dir1
|
|
and
|
|
.q dir2
|
|
in the default queue group.
|
|
However,
|
|
.(b
|
|
O QueueDirectory=/var/spool/mqueue/main*
|
|
Qone, P=/var/spool/mqueue/dir
|
|
Qtwo, P=/var/spool/mqueue/other*
|
|
.)b
|
|
is a valid queue group specification.
|
|
.pp
|
|
Options listed in the ``Flags'' field can be used to modify
|
|
the behavior of a queue group.
|
|
The ``f'' flag must be set if multiple queue runners are
|
|
supposed to work on the entries in a queue group.
|
|
Otherwise
|
|
.i sendmail
|
|
will work on the entries strictly sequentially.
|
|
.pp
|
|
The ``Interval'' field sets the time between queue runs.
|
|
If no queue group specific interval is set, then the parameter of the
|
|
.b -q
|
|
option from the command line is used.
|
|
.pp
|
|
To control the overall number of concurrently active queue runners
|
|
the option
|
|
.b MaxQueueChildren
|
|
can be set.
|
|
This limits the number of processes used for running the queues to
|
|
.b MaxQueueChildren ,
|
|
though at any one time fewer processes may be active
|
|
as a result of queue options, completed queue runs, system load, etc.
|
|
.pp
|
|
The maximum number of queue runners for an individual queue group can be
|
|
controlled via the
|
|
.b Runners
|
|
option.
|
|
If set to 0, entries in the queue will not be processed, which
|
|
is useful to ``quarantine'' queue files.
|
|
The number of runners per queue group may also be set with the option
|
|
.b MaxRunnersPerQueue ,
|
|
which applies to queue groups that have no individual limit.
|
|
That is, the default value for
|
|
.b Runners
|
|
is
|
|
.b MaxRunnersPerQueue
|
|
if set, otherwise 1.
|
|
.pp
|
|
The field Jobs describes the maximum number of jobs
|
|
(messages delivered) per queue run, which is the queue group specific
|
|
value of
|
|
.b MaxQueueRunSize .
|
|
.pp
|
|
Notice: queue groups should be declared after all queue related options
|
|
have been set because queue groups take their defaults from those options.
|
|
If an option is set after a queue group declaration, the values of
|
|
options in the queue group are set to the defaults of
|
|
.i sendmail
|
|
unless explicitly set in the declaration.
|
|
.pp
|
|
Each envelope is assigned to a queue group based on the algorithm
|
|
described in section
|
|
``Queue Groups and Queue Directories''.
|
|
.sh 2 "X \*- Mail Filter (Milter) Definitions"
|
|
.pp
|
|
The
|
|
.i sendmail
|
|
Mail Filter API (Milter) is designed to allow third-party programs access
|
|
to mail messages as they are being processed in order to filter
|
|
meta-information and content.
|
|
They are declared in the configuration file as:
|
|
.(b F
|
|
.b X \c
|
|
.i name
|
|
{, \c
|
|
.i field =\c
|
|
.i value \|}*
|
|
.)b
|
|
where
|
|
.i name
|
|
is the name of the filter
|
|
(used internally only)
|
|
and the
|
|
.q field=name
|
|
pairs define attributes of the filter.
|
|
Also see the documentation for the
|
|
.b InputMailFilters
|
|
option for more information.
|
|
.pp
|
|
Fields are:
|
|
.(b
|
|
.ta 1i
|
|
Socket The socket specification
|
|
Flags Special flags for this filter
|
|
Timeouts Timeouts for this filter
|
|
.)b
|
|
Only the first character of the field name is checked
|
|
(it's case-sensitive).
|
|
.pp
|
|
The socket specification is one of the following forms:
|
|
.(b F
|
|
.b S= \c
|
|
.b inet \c
|
|
.b :
|
|
.i port
|
|
.b @
|
|
.i host
|
|
.)b
|
|
.(b F
|
|
.b S= \c
|
|
.b inet6 \c
|
|
.b :
|
|
.i port
|
|
.b @
|
|
.i host
|
|
.)b
|
|
.(b F
|
|
.b S= \c
|
|
.b local \c
|
|
.b :
|
|
.i path
|
|
.)b
|
|
The first two describe an IPv4 or IPv6 socket listening on a certain
|
|
.i port
|
|
at a given
|
|
.i host
|
|
or IP address.
|
|
The final form describes a named socket on the filesystem at the given
|
|
.i path .
|
|
.pp
|
|
The following flags may be set in the filter description.
|
|
.nr ii 4n
|
|
.ip R
|
|
Reject connection if filter unavailable.
|
|
.ip T
|
|
Temporary fail connection if filter unavailable.
|
|
.pp
|
|
If neither F=R nor F=T is specified, the message is passed through
|
|
.i sendmail
|
|
in case of filter errors as if the failing filters were not present.
|
|
.pp
|
|
The timeouts can be set using the four fields inside of the
|
|
.b T=
|
|
equate:
|
|
.nr ii 4n
|
|
.ip C
|
|
Timeout for connecting to a filter.
|
|
If set to 0, the system's
|
|
.i connect()
|
|
timeout will be used.
|
|
.ip S
|
|
Timeout for sending information from the MTA to a filter.
|
|
.ip R
|
|
Timeout for reading reply from the filter.
|
|
.ip E
|
|
Overall timeout between sending end-of-message to filter and waiting for
|
|
the final acknowledgment.
|
|
.pp
|
|
Note the separator between each timeout field is a
|
|
.b ';' .
|
|
The default values (if not set) are:
|
|
.b T=C:5m;S:10s;R:10s;E:5m
|
|
where
|
|
.b s
|
|
is seconds and
|
|
.b m
|
|
is minutes.
|
|
.pp
|
|
Examples:
|
|
.(b
|
|
Xfilter1, S=local:/var/run/f1.sock, F=R
|
|
Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m
|
|
Xfilter3, S=inet:3333@localhost, T=C:2m
|
|
.)b
|
|
.sh 2 "The User Database"
|
|
.pp
|
|
The user database is deprecated in favor of ``virtusertable''
|
|
and ``genericstable'' as explained in the file
|
|
.b cf/README .
|
|
If you have a version of
|
|
.i sendmail
|
|
with the user database package
|
|
compiled in,
|
|
the handling of sender and recipient addresses
|
|
is modified.
|
|
.pp
|
|
The location of this database is controlled with the
|
|
.b UserDatabaseSpec
|
|
option.
|
|
.sh 3 "Structure of the user database"
|
|
.pp
|
|
The database is a sorted (BTree-based) structure.
|
|
User records are stored with the key:
|
|
.(b
|
|
\fIuser-name\fP\fB:\fP\fIfield-name\fP
|
|
.)b
|
|
The sorted database format ensures that user records are clustered together.
|
|
Meta-information is always stored with a leading colon.
|
|
.pp
|
|
Field names define both the syntax and semantics of the value.
|
|
Defined fields include:
|
|
.nr ii 1i
|
|
.ip maildrop
|
|
The delivery address for this user.
|
|
There may be multiple values of this record.
|
|
In particular,
|
|
mailing lists will have one
|
|
.i maildrop
|
|
record for each user on the list.
|
|
.ip "mailname"
|
|
The outgoing mailname for this user.
|
|
For each outgoing name,
|
|
there should be an appropriate
|
|
.i maildrop
|
|
record for that name to allow return mail.
|
|
See also
|
|
.i :default:mailname .
|
|
.ip mailsender
|
|
Changes any mail sent to this address to have the indicated envelope sender.
|
|
This is intended for mailing lists,
|
|
and will normally be the name of an appropriate -request address.
|
|
It is very similar to the owner-\c
|
|
.i list
|
|
syntax in the alias file.
|
|
.ip fullname
|
|
The full name of the user.
|
|
.ip office-address
|
|
The office address for this user.
|
|
.ip office-phone
|
|
The office phone number for this user.
|
|
.ip office-fax
|
|
The office FAX number for this user.
|
|
.ip home-address
|
|
The home address for this user.
|
|
.ip home-phone
|
|
The home phone number for this user.
|
|
.ip home-fax
|
|
The home FAX number for this user.
|
|
.ip project
|
|
A (short) description of the project this person is affiliated with.
|
|
In the University this is often just the name of their graduate advisor.
|
|
.ip plan
|
|
A pointer to a file from which plan information can be gathered.
|
|
.pp
|
|
As of this writing,
|
|
only a few of these fields are actually being used by
|
|
.i sendmail :
|
|
.i maildrop
|
|
and
|
|
.i mailname .
|
|
A
|
|
.i finger
|
|
program that uses the other fields is planned.
|
|
.sh 3 "User database semantics"
|
|
.pp
|
|
When the rewriting rules submit an address to the local mailer,
|
|
the user name is passed through the alias file.
|
|
If no alias is found (or if the alias points back to the same address),
|
|
the name (with
|
|
.q :maildrop
|
|
appended)
|
|
is then used as a key in the user database.
|
|
If no match occurs (or if the maildrop points at the same address),
|
|
forwarding is tried.
|
|
.pp
|
|
If the first token of the user name returned by ruleset 0
|
|
is an
|
|
.q @
|
|
sign, the user database lookup is skipped.
|
|
The intent is that the user database will act as a set of defaults
|
|
for a cluster (in our case, the Computer Science Division);
|
|
mail sent to a specific machine should ignore these defaults.
|
|
.pp
|
|
When mail is sent,
|
|
the name of the sending user is looked up in the database.
|
|
If that user has a
|
|
.q mailname
|
|
record,
|
|
the value of that record is used as their outgoing name.
|
|
For example, I might have a record:
|
|
.(b
|
|
eric:mailname Eric.Allman@CS.Berkeley.EDU
|
|
.)b
|
|
This would cause my outgoing mail to be sent as Eric.Allman.
|
|
.pp
|
|
If a
|
|
.q maildrop
|
|
is found for the user,
|
|
but no corresponding
|
|
.q mailname
|
|
record exists,
|
|
the record
|
|
.q :default:mailname
|
|
is consulted.
|
|
If present, this is the name of a host to override the local host.
|
|
For example, in our case we would set it to
|
|
.q CS.Berkeley.EDU .
|
|
The effect is that anyone known in the database
|
|
gets their outgoing mail stamped as
|
|
.q user@CS.Berkeley.EDU ,
|
|
but people not listed in the database use the local hostname.
|
|
.sh 3 "Creating the database\**"
|
|
.(f
|
|
\**These instructions are known to be incomplete.
|
|
Other features are available which provide similar functionality,
|
|
e.g., virtual hosting and mapping local addresses into a
|
|
generic form as explained in cf/README.
|
|
.)f
|
|
.pp
|
|
The user database is built from a text file
|
|
using the
|
|
.i makemap
|
|
utility
|
|
(in the distribution in the makemap subdirectory).
|
|
The text file is a series of lines corresponding to userdb records;
|
|
each line has a key and a value separated by white space.
|
|
The key is always in the format described above \*-
|
|
for example:
|
|
.(b
|
|
eric:maildrop
|
|
.)b
|
|
This file is normally installed in a system directory;
|
|
for example, it might be called
|
|
.i /etc/mail/userdb .
|
|
To make the database version of the map, run the program:
|
|
.(b
|
|
makemap btree /etc/mail/userdb < /etc/mail/userdb
|
|
.)b
|
|
Then create a config file that uses this.
|
|
For example, using the V8 M4 configuration, include the
|
|
following line in your .mc file:
|
|
.(b
|
|
define(\`confUSERDB_SPEC\', /etc/mail/userdb)
|
|
.)b
|
|
.sh 1 "OTHER CONFIGURATION"
|
|
.pp
|
|
There are some configuration changes that can be made by
|
|
recompiling
|
|
.i sendmail .
|
|
This section describes what changes can be made
|
|
and what has to be modified to make them.
|
|
In most cases this should be unnecessary
|
|
unless you are porting
|
|
.i sendmail
|
|
to a new environment.
|
|
.sh 2 "Parameters in devtools/OS/$oscf"
|
|
.pp
|
|
These parameters are intended to describe the compilation environment,
|
|
not site policy,
|
|
and should normally be defined in the operating system
|
|
configuration file.
|
|
.b "This section needs a complete rewrite."
|
|
.ip NDBM
|
|
If set,
|
|
the new version of the DBM library
|
|
that allows multiple databases will be used.
|
|
If neither NDBM nor NEWDB are set,
|
|
a much less efficient method of alias lookup is used.
|
|
.ip NEWDB
|
|
If set, use the new database package from Berkeley (from 4.4BSD).
|
|
This package is substantially faster than DBM or NDBM.
|
|
If NEWDB and NDBM are both set,
|
|
.i sendmail
|
|
will read DBM files,
|
|
but will create and use NEWDB files.
|
|
.ip NIS
|
|
Include support for NIS.
|
|
If set together with
|
|
.i both
|
|
NEWDB and NDBM,
|
|
.i sendmail
|
|
will create both DBM and NEWDB files if and only if
|
|
an alias file includes the substring
|
|
.q /yp/
|
|
in the name.
|
|
This is intended for compatibility with Sun Microsystems'
|
|
.i mkalias
|
|
program used on YP masters.
|
|
.ip NISPLUS
|
|
Compile in support for NIS+.
|
|
.ip NETINFO
|
|
Compile in support for NetInfo (NeXT stations).
|
|
.ip LDAPMAP
|
|
Compile in support for LDAP X500 queries.
|
|
Requires libldap and liblber
|
|
from the Umich LDAP 3.2 or 3.3 release
|
|
or equivalent libraries for other LDAP libraries
|
|
such as OpenLDAP.
|
|
.ip HESIOD
|
|
Compile in support for Hesiod.
|
|
.ip MAP_NSD
|
|
Compile in support for IRIX NSD lookups.
|
|
.ip MAP_REGEX
|
|
Compile in support for regular expression matching.
|
|
.ip DNSMAP
|
|
Compile in support for DNS map lookups in the
|
|
.i sendmail.cf
|
|
file.
|
|
.ip PH_MAP
|
|
Compile in support for ph lookups.
|
|
.ip SASL
|
|
Compile in support for SASL,
|
|
a required component for SMTP Authentication support.
|
|
.ip STARTTLS
|
|
Compile in support for STARTTLS.
|
|
.ip EGD
|
|
Compile in support for the "Entropy Gathering Daemon"
|
|
to provide better random data for TLS.
|
|
.ip TCPWRAPPERS
|
|
Compile in support for TCP Wrappers.
|
|
.ip _PATH_SENDMAILCF
|
|
The pathname of the sendmail.cf file.
|
|
.ip _PATH_SENDMAILPID
|
|
The pathname of the sendmail.pid file.
|
|
.ip SM_CONF_SHM
|
|
Compile in support for shared memory, see section about
|
|
"/var/spool/mqueue".
|
|
.ip MILTER
|
|
Compile in support for contacting external mail filters built with the
|
|
Milter API.
|
|
.pp
|
|
There are also several compilation flags to indicate the environment
|
|
such as
|
|
.q _AIX3
|
|
and
|
|
.q _SCO_unix_ .
|
|
See the sendmail/README
|
|
file for the latest scoop on these flags.
|
|
.sh 3 "For Future Releases"
|
|
.pp
|
|
.i sendmail
|
|
often contains compile time options
|
|
.i "For Future Releases"
|
|
(prefix _FFR_)
|
|
which might be enabled in a subsequent version
|
|
or might simply be removed as they turned out not to be really useful.
|
|
These features are usually not documented but if they are,
|
|
then the required (FFR) compile
|
|
time options are listed here for rulesets and macros,
|
|
and in
|
|
.i cf/README
|
|
for mc/cf options.
|
|
FFR compile times options must be enabled when the sendmail binary
|
|
is built from source.
|
|
Enabled FFRs in a binary can be listed with
|
|
.(b
|
|
sendmail -d0.13 < /dev/null | grep FFR
|
|
.)b
|
|
.sh 2 "Parameters in sendmail/conf.h"
|
|
.pp
|
|
Parameters and compilation options
|
|
are defined in conf.h.
|
|
Most of these need not normally be tweaked;
|
|
common parameters are all in sendmail.cf.
|
|
However, the sizes of certain primitive vectors, etc.,
|
|
are included in this file.
|
|
The numbers following the parameters
|
|
are their default value.
|
|
.pp
|
|
This document is not the best source of information
|
|
for compilation flags in conf.h \(em
|
|
see sendmail/README or sendmail/conf.h itself.
|
|
.nr ii 1.2i
|
|
.ip "MAXLINE [2048]"
|
|
The maximum line length of any input line.
|
|
If message lines exceed this length
|
|
they will still be processed correctly;
|
|
however, header lines,
|
|
configuration file lines,
|
|
alias lines,
|
|
etc.,
|
|
must fit within this limit.
|
|
.ip "MAXNAME [256]"
|
|
The maximum length of any name,
|
|
such as a host or a user name.
|
|
.ip "MAXPV [256]"
|
|
The maximum number of parameters to any mailer.
|
|
This limits the number of recipients that may be passed in one transaction.
|
|
It can be set to any arbitrary number above about 10,
|
|
since
|
|
.i sendmail
|
|
will break up a delivery into smaller batches as needed.
|
|
A higher number may reduce load on your system, however.
|
|
.ip "MAXQUEUEGROUPS [50]"
|
|
The maximum number of queue groups.
|
|
.ip "MAXATOM [1000]"
|
|
The maximum number of atoms
|
|
(tokens)
|
|
in a single address.
|
|
For example,
|
|
the address
|
|
.q "eric@CS.Berkeley.EDU"
|
|
is seven atoms.
|
|
.ip "MAXMAILERS [25]"
|
|
The maximum number of mailers that may be defined
|
|
in the configuration file.
|
|
This value is defined in include/sendmail/sendmail.h.
|
|
.ip "MAXRWSETS [200]"
|
|
The maximum number of rewriting sets
|
|
that may be defined.
|
|
The first half of these are reserved for numeric specification
|
|
(e.g., ``S92''),
|
|
while the upper half are reserved for auto-numbering
|
|
(e.g., ``Sfoo'').
|
|
Thus, with a value of 200 an attempt to use ``S99'' will succeed,
|
|
but ``S100'' will fail.
|
|
.ip "MAXPRIORITIES [25]"
|
|
The maximum number of values for the
|
|
.q Precedence:
|
|
field that may be defined
|
|
(using the
|
|
.b P
|
|
line in sendmail.cf).
|
|
.ip "MAXUSERENVIRON [100]"
|
|
The maximum number of items in the user environment
|
|
that will be passed to subordinate mailers.
|
|
.ip "MAXMXHOSTS [100]"
|
|
The maximum number of MX records we will accept for any single host.
|
|
.ip "MAXMAPSTACK [12]"
|
|
The maximum number of maps that may be "stacked" in a
|
|
.b sequence
|
|
class map.
|
|
.ip "MAXMIMEARGS [20]"
|
|
The maximum number of arguments in a MIME Content-Type: header;
|
|
additional arguments will be ignored.
|
|
.ip "MAXMIMENESTING [20]"
|
|
The maximum depth to which MIME messages may be nested
|
|
(that is, nested Message or Multipart documents;
|
|
this does not limit the number of components in a single Multipart document).
|
|
.ip "MAXDAEMONS [10]"
|
|
The maximum number of sockets sendmail will open for accepting connections
|
|
on different ports.
|
|
.ip "MAXMACNAMELEN [25]"
|
|
The maximum length of a macro name.
|
|
.lp
|
|
A number of other compilation options exist.
|
|
These specify whether or not specific code should be compiled in.
|
|
Ones marked with \(dg
|
|
are 0/1 valued.
|
|
.nr ii 1.2i
|
|
.ip NETINET\(dg
|
|
If set,
|
|
support for Internet protocol networking is compiled in.
|
|
Previous versions of
|
|
.i sendmail
|
|
referred to this as
|
|
.sm DAEMON ;
|
|
this old usage is now incorrect.
|
|
Defaults on;
|
|
turn it off in the Makefile
|
|
if your system doesn't support the Internet protocols.
|
|
.ip NETINET6\(dg
|
|
If set,
|
|
support for IPv6 networking is compiled in.
|
|
It must be separately enabled by adding
|
|
.b DaemonPortOptions
|
|
settings.
|
|
.ip NETISO\(dg
|
|
If set,
|
|
support for ISO protocol networking is compiled in
|
|
(it may be appropriate to #define this in the Makefile instead of conf.h).
|
|
.ip NETUNIX\(dg
|
|
If set,
|
|
support for UNIX domain sockets is compiled in.
|
|
This is used for control socket support.
|
|
.ip LOG
|
|
If set,
|
|
the
|
|
.i syslog
|
|
routine in use at some sites is used.
|
|
This makes an informational log record
|
|
for each message processed,
|
|
and makes a higher priority log record
|
|
for internal system errors.
|
|
.b "STRONGLY RECOMMENDED"
|
|
\(em if you want no logging, turn it off in the configuration file.
|
|
.ip MATCHGECOS\(dg
|
|
Compile in the code to do ``fuzzy matching'' on the GECOS field
|
|
in /etc/passwd.
|
|
This also requires that the
|
|
.b MatchGECOS
|
|
option be turned on.
|
|
.ip NAMED_BIND\(dg
|
|
Compile in code to use the
|
|
Berkeley Internet Name Domain (BIND) server
|
|
to resolve TCP/IP host names.
|
|
.ip NOTUNIX
|
|
If you are using a non-UNIX mail format,
|
|
you can set this flag to turn off special processing
|
|
of UNIX-style
|
|
.q "From "
|
|
lines.
|
|
.ip USERDB\(dg
|
|
Include the
|
|
.b experimental
|
|
Berkeley user information database package.
|
|
This adds a new level of local name expansion
|
|
between aliasing and forwarding.
|
|
It also uses the NEWDB package.
|
|
This may change in future releases.
|
|
.lp
|
|
The following options are normally turned on
|
|
in per-operating-system clauses in conf.h.
|
|
.ip IDENTPROTO\(dg
|
|
Compile in the IDENT protocol as defined in RFC 1413.
|
|
This defaults on for all systems except Ultrix,
|
|
which apparently has the interesting
|
|
.q feature
|
|
that when it receives a
|
|
.q "host unreachable"
|
|
message it closes all open connections to that host.
|
|
Since some firewall gateways send this error code
|
|
when you access an unauthorized port (such as 113, used by IDENT),
|
|
Ultrix cannot receive email from such hosts.
|
|
.ip SYSTEM5
|
|
Set all of the compilation parameters appropriate for System V.
|
|
.ip HASFLOCK\(dg
|
|
Use Berkeley-style
|
|
.b flock
|
|
instead of System V
|
|
.b lockf
|
|
to do file locking.
|
|
Due to the highly unusual semantics of locks
|
|
across forks in
|
|
.b lockf ,
|
|
this should always be used if at all possible.
|
|
.ip HASINITGROUPS
|
|
Set this if your system has the
|
|
.i initgroups()
|
|
call
|
|
(if you have multiple group support).
|
|
This is the default if SYSTEM5 is
|
|
.i not
|
|
defined or if you are on HPUX.
|
|
.ip HASUNAME
|
|
Set this if you have the
|
|
.i uname (2)
|
|
system call (or corresponding library routine).
|
|
Set by default if
|
|
SYSTEM5
|
|
is set.
|
|
.ip HASGETDTABLESIZE
|
|
Set this if you have the
|
|
.i getdtablesize (2)
|
|
system call.
|
|
.ip HASWAITPID
|
|
Set this if you have the
|
|
.i haswaitpid (2)
|
|
system call.
|
|
.ip FAST_PID_RECYCLE
|
|
Set this if your system can possibly
|
|
reuse the same pid in the same second of time.
|
|
.ip SFS_TYPE
|
|
The mechanism that can be used to get file system capacity information.
|
|
The values can be one of
|
|
SFS_USTAT (use the ustat(2) syscall),
|
|
SFS_4ARGS (use the four argument statfs(2) syscall),
|
|
SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>),
|
|
SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>),
|
|
SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>),
|
|
SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>),
|
|
or
|
|
SFS_NONE (no way to get this information).
|
|
.ip LA_TYPE
|
|
The load average type.
|
|
Details are described below.
|
|
.lp
|
|
The are several built-in ways of computing the load average.
|
|
.i Sendmail
|
|
tries to auto-configure them based on imperfect guesses;
|
|
you can select one using the
|
|
.i cc
|
|
option
|
|
.b \-DLA_TYPE= \c
|
|
.i type ,
|
|
where
|
|
.i type
|
|
is:
|
|
.ip LA_INT
|
|
The kernel stores the load average in the kernel as an array of long integers.
|
|
The actual values are scaled by a factor FSCALE
|
|
(default 256).
|
|
.ip LA_SHORT
|
|
The kernel stores the load average in the kernel as an array of short integers.
|
|
The actual values are scaled by a factor FSCALE
|
|
(default 256).
|
|
.ip LA_FLOAT
|
|
The kernel stores the load average in the kernel as an array of
|
|
double precision floats.
|
|
.ip LA_MACH
|
|
Use MACH-style load averages.
|
|
.ip LA_SUBR
|
|
Call the
|
|
.i getloadavg
|
|
routine to get the load average as an array of doubles.
|
|
.ip LA_ZERO
|
|
Always return zero as the load average.
|
|
This is the fallback case.
|
|
.lp
|
|
If type
|
|
.sm LA_INT ,
|
|
.sm LA_SHORT ,
|
|
or
|
|
.sm LA_FLOAT
|
|
is specified,
|
|
you may also need to specify
|
|
.sm _PATH_UNIX
|
|
(the path to your system binary)
|
|
and
|
|
.sm LA_AVENRUN
|
|
(the name of the variable containing the load average in the kernel;
|
|
usually
|
|
.q _avenrun
|
|
or
|
|
.q avenrun ).
|
|
.sh 2 "Configuration in sendmail/conf.c"
|
|
.pp
|
|
The following changes can be made in conf.c.
|
|
.sh 3 "Built-in Header Semantics"
|
|
.pp
|
|
Not all header semantics are defined in the configuration file.
|
|
Header lines that should only be included by certain mailers
|
|
(as well as other more obscure semantics)
|
|
must be specified in the
|
|
.i HdrInfo
|
|
table in
|
|
.i conf.c .
|
|
This table contains the header name
|
|
(which should be in all lower case)
|
|
and a set of header control flags (described below),
|
|
The flags are:
|
|
.ip H_ACHECK
|
|
Normally when the check is made to see if a header line is compatible
|
|
with a mailer,
|
|
.i sendmail
|
|
will not delete an existing line.
|
|
If this flag is set,
|
|
.i sendmail
|
|
will delete
|
|
even existing header lines.
|
|
That is,
|
|
if this bit is set and the mailer does not have flag bits set
|
|
that intersect with the required mailer flags
|
|
in the header definition in
|
|
sendmail.cf,
|
|
the header line is
|
|
.i always
|
|
deleted.
|
|
.ip H_EOH
|
|
If this header field is set,
|
|
treat it like a blank line,
|
|
i.e.,
|
|
it will signal the end of the header
|
|
and the beginning of the message text.
|
|
.ip H_FORCE
|
|
Add this header entry
|
|
even if one existed in the message before.
|
|
If a header entry does not have this bit set,
|
|
.i sendmail
|
|
will not add another header line if a header line
|
|
of this name already existed.
|
|
This would normally be used to stamp the message
|
|
by everyone who handled it.
|
|
.ip H_TRACE
|
|
If set,
|
|
this is a timestamp
|
|
(trace)
|
|
field.
|
|
If the number of trace fields in a message
|
|
exceeds a preset amount
|
|
the message is returned
|
|
on the assumption that it has an aliasing loop.
|
|
.ip H_RCPT
|
|
If set,
|
|
this field contains recipient addresses.
|
|
This is used by the
|
|
.b \-t
|
|
flag to determine who to send to
|
|
when it is collecting recipients from the message.
|
|
.ip H_FROM
|
|
This flag indicates that this field
|
|
specifies a sender.
|
|
The order of these fields in the
|
|
.i HdrInfo
|
|
table specifies
|
|
.i sendmail 's
|
|
preference
|
|
for which field to return error messages to.
|
|
.ip H_ERRORSTO
|
|
Addresses in this header should receive error messages.
|
|
.ip H_CTE
|
|
This header is a Content-Transfer-Encoding header.
|
|
.ip H_CTYPE
|
|
This header is a Content-Type header.
|
|
.ip H_STRIPVAL
|
|
Strip the value from the header (for Bcc:).
|
|
.nr ii 5n
|
|
.lp
|
|
Let's look at a sample
|
|
.i HdrInfo
|
|
specification:
|
|
.(b
|
|
.ta 4n +\w'"content-transfer-encoding", 'u
|
|
struct hdrinfo HdrInfo[] =
|
|
\&{
|
|
/* originator fields, most to least significant */
|
|
"resent-sender", H_FROM,
|
|
"resent-from", H_FROM,
|
|
"sender", H_FROM,
|
|
"from", H_FROM,
|
|
"full-name", H_ACHECK,
|
|
"errors-to", H_FROM\^|\^H_ERRORSTO,
|
|
/* destination fields */
|
|
"to", H_RCPT,
|
|
"resent-to", H_RCPT,
|
|
"cc", H_RCPT,
|
|
"bcc", H_RCPT\^|\^H_STRIPVAL,
|
|
/* message identification and control */
|
|
"message", H_EOH,
|
|
"text", H_EOH,
|
|
/* trace fields */
|
|
"received", H_TRACE\^|\^H_FORCE,
|
|
/* miscellaneous fields */
|
|
"content-transfer-encoding", H_CTE,
|
|
"content-type", H_CTYPE,
|
|
|
|
NULL, 0,
|
|
};
|
|
.)b
|
|
This structure indicates that the
|
|
.q To: ,
|
|
.q Resent-To: ,
|
|
and
|
|
.q Cc:
|
|
fields
|
|
all specify recipient addresses.
|
|
Any
|
|
.q Full-Name:
|
|
field will be deleted unless the required mailer flag
|
|
(indicated in the configuration file)
|
|
is specified.
|
|
The
|
|
.q Message:
|
|
and
|
|
.q Text:
|
|
fields will terminate the header;
|
|
these are used by random dissenters around the network world.
|
|
The
|
|
.q Received:
|
|
field will always be added,
|
|
and can be used to trace messages.
|
|
.pp
|
|
There are a number of important points here.
|
|
First,
|
|
header fields are not added automatically just because they are in the
|
|
.i HdrInfo
|
|
structure;
|
|
they must be specified in the configuration file
|
|
in order to be added to the message.
|
|
Any header fields mentioned in the configuration file but not
|
|
mentioned in the
|
|
.i HdrInfo
|
|
structure have default processing performed;
|
|
that is,
|
|
they are added unless they were in the message already.
|
|
Second,
|
|
the
|
|
.i HdrInfo
|
|
structure only specifies cliched processing;
|
|
certain headers are processed specially by ad hoc code
|
|
regardless of the status specified in
|
|
.i HdrInfo .
|
|
For example,
|
|
the
|
|
.q Sender:
|
|
and
|
|
.q From:
|
|
fields are always scanned on ARPANET mail
|
|
to determine the sender\**;
|
|
.(f
|
|
\**Actually, this is no longer true in SMTP;
|
|
this information is contained in the envelope.
|
|
The older ARPANET protocols did not completely distinguish
|
|
envelope from header.
|
|
.)f
|
|
this is used to perform the
|
|
.q "return to sender"
|
|
function.
|
|
The
|
|
.q "From:"
|
|
and
|
|
.q "Full-Name:"
|
|
fields are used to determine the full name of the sender
|
|
if possible;
|
|
this is stored in the macro
|
|
.b $x
|
|
and used in a number of ways.
|
|
.sh 3 "Restricting Use of Email"
|
|
.pp
|
|
If it is necessary to restrict mail through a relay,
|
|
the
|
|
.i checkcompat
|
|
routine can be modified.
|
|
This routine is called for every recipient address.
|
|
It returns an exit status
|
|
indicating the status of the message.
|
|
The status
|
|
.sm EX_OK
|
|
accepts the address,
|
|
.sm EX_TEMPFAIL
|
|
queues the message for a later try,
|
|
and other values
|
|
(commonly
|
|
.sm EX_UNAVAILABLE )
|
|
reject the message.
|
|
It is up to
|
|
.i checkcompat
|
|
to print an error message
|
|
(using
|
|
.i usrerr )
|
|
if the message is rejected.
|
|
For example,
|
|
.i checkcompat
|
|
could read:
|
|
.(b
|
|
.re
|
|
.sz -1
|
|
.ta 4n +4n +4n +4n +4n +4n +4n
|
|
int
|
|
checkcompat(to, e)
|
|
register ADDRESS *to;
|
|
register ENVELOPE *e;
|
|
\&{
|
|
register STAB *s;
|
|
|
|
s = stab("private", ST_MAILER, ST_FIND);
|
|
if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
|
|
to->q_mailer == s->s_mailer)
|
|
{
|
|
usrerr("No private net mail allowed through this machine");
|
|
return (EX_UNAVAILABLE);
|
|
}
|
|
if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
|
|
{
|
|
usrerr("Message too large for non-local delivery");
|
|
e\->e_flags |= EF_NORETURN;
|
|
return (EX_UNAVAILABLE);
|
|
}
|
|
return (EX_OK);
|
|
}
|
|
.sz
|
|
.)b
|
|
This would reject messages greater than 50000 bytes
|
|
unless they were local.
|
|
The
|
|
.i EF_NORETURN
|
|
flag can be set in
|
|
.i e\(->e_flags
|
|
to suppress the return of the actual body
|
|
of the message in the error return.
|
|
The actual use of this routine is highly dependent on the
|
|
implementation,
|
|
and use should be limited.
|
|
.sh 3 "New Database Map Classes"
|
|
.pp
|
|
New key maps can be added by creating a class initialization function
|
|
and a lookup function.
|
|
These are then added to the routine
|
|
.i setupmaps.
|
|
.pp
|
|
The initialization function is called as
|
|
.(b
|
|
\fIxxx\fP_map_init(MAP *map, char *args)
|
|
.)b
|
|
The
|
|
.i map
|
|
is an internal data structure.
|
|
The
|
|
.i args
|
|
is a pointer to the portion of the configuration file line
|
|
following the map class name;
|
|
flags and filenames can be extracted from this line.
|
|
The initialization function must return
|
|
.sm true
|
|
if it successfully opened the map,
|
|
.sm false
|
|
otherwise.
|
|
.pp
|
|
The lookup function is called as
|
|
.(b
|
|
\fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp)
|
|
.)b
|
|
The
|
|
.i map
|
|
defines the map internally.
|
|
The
|
|
.i buf
|
|
has the input key.
|
|
This may be (and often is) used destructively.
|
|
The
|
|
.i av
|
|
is a list of arguments passed in from the rewrite line.
|
|
The lookup function should return a pointer to the new value.
|
|
If the map lookup fails,
|
|
.i *statp
|
|
should be set to an exit status code;
|
|
in particular, it should be set to
|
|
.sm EX_TEMPFAIL
|
|
if recovery is to be attempted by the higher level code.
|
|
.sh 3 "Queueing Function"
|
|
.pp
|
|
The routine
|
|
.i shouldqueue
|
|
is called to decide if a message should be queued
|
|
or processed immediately.
|
|
Typically this compares the message priority to the current load average.
|
|
The default definition is:
|
|
.(b
|
|
bool
|
|
shouldqueue(pri, ctime)
|
|
long pri;
|
|
time_t ctime;
|
|
{
|
|
if (CurrentLA < QueueLA)
|
|
return false;
|
|
return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
|
|
}
|
|
.)b
|
|
If the current load average
|
|
(global variable
|
|
.i CurrentLA ,
|
|
which is set before this function is called)
|
|
is less than the low threshold load average
|
|
(option
|
|
.b x ,
|
|
variable
|
|
.i QueueLA ),
|
|
.i shouldqueue
|
|
returns
|
|
.sm false
|
|
immediately
|
|
(that is, it should
|
|
.i not
|
|
queue).
|
|
If the current load average exceeds the high threshold load average
|
|
(option
|
|
.b X ,
|
|
variable
|
|
.i RefuseLA ),
|
|
.i shouldqueue
|
|
returns
|
|
.sm true
|
|
immediately.
|
|
Otherwise, it computes the function based on the message priority,
|
|
the queue factor
|
|
(option
|
|
.b q ,
|
|
global variable
|
|
.i QueueFactor ),
|
|
and the current and threshold load averages.
|
|
.pp
|
|
An implementation wishing to take the actual age of the message into account
|
|
can also use the
|
|
.i ctime
|
|
parameter,
|
|
which is the time that the message was first submitted to
|
|
.i sendmail .
|
|
Note that the
|
|
.i pri
|
|
parameter is already weighted
|
|
by the number of times the message has been tried
|
|
(although this tends to lower the priority of the message with time);
|
|
the expectation is that the
|
|
.i ctime
|
|
would be used as an
|
|
.q "escape clause"
|
|
to ensure that messages are eventually processed.
|
|
.sh 3 "Refusing Incoming SMTP Connections"
|
|
.pp
|
|
The function
|
|
.i refuseconnections
|
|
returns
|
|
.sm true
|
|
if incoming SMTP connections should be refused.
|
|
The current implementation is based exclusively on the current load average
|
|
and the refuse load average option
|
|
(option
|
|
.b X ,
|
|
global variable
|
|
.i RefuseLA ):
|
|
.(b
|
|
bool
|
|
refuseconnections()
|
|
{
|
|
return (RefuseLA > 0 && CurrentLA >= RefuseLA);
|
|
}
|
|
.)b
|
|
A more clever implementation
|
|
could look at more system resources.
|
|
.sh 3 "Load Average Computation"
|
|
.pp
|
|
The routine
|
|
.i getla
|
|
returns the current load average (as a rounded integer).
|
|
The distribution includes several possible implementations.
|
|
If you are porting to a new environment
|
|
you may need to add some new tweaks.\**
|
|
.(f
|
|
\**If you do, please send updates to
|
|
sendmail@Sendmail.ORG.
|
|
.)f
|
|
.sh 2 "Configuration in sendmail/daemon.c"
|
|
.pp
|
|
The file
|
|
.i sendmail/daemon.c
|
|
contains a number of routines that are dependent
|
|
on the local networking environment.
|
|
The version supplied assumes you have BSD style sockets.
|
|
.pp
|
|
In previous releases,
|
|
we recommended that you modify the routine
|
|
.i maphostname
|
|
if you wanted to generalize
|
|
.b $[
|
|
\&...\&
|
|
.b $]
|
|
lookups.
|
|
We now recommend that you create a new keyed map instead.
|
|
.sh 2 "LDAP"
|
|
.pp
|
|
In this section we assume that
|
|
.i sendmail
|
|
has been compiled with support for LDAP.
|
|
.sh 3 "LDAP Recursion"
|
|
.pp
|
|
LDAP Recursion allows you to add types to the search attributes on an
|
|
LDAP map specification.
|
|
The syntax is:
|
|
.ip "\-v \fIATTRIBUTE\fP[:\fITYPE\fP[:\fIOBJECTCLASS\fP[|\fIOBJECTCLASS\fP|...]]]
|
|
.pp
|
|
The new \fITYPE\fPs are:
|
|
.nr ii 1i
|
|
.ip NORMAL
|
|
This attribute type specifies the attribute to add to the results string.
|
|
This is the default.
|
|
.ip DN
|
|
Any matches for this attribute are expected to have a value of a
|
|
fully qualified distinguished name.
|
|
.i sendmail
|
|
will lookup that DN and apply the attributes requested to the
|
|
returned DN record.
|
|
.ip FILTER
|
|
Any matches for this attribute are expected to have a value of an
|
|
LDAP search filter.
|
|
.i sendmail
|
|
will perform a lookup with the same parameters as the original
|
|
search but replaces the search filter with the one specified here.
|
|
.ip URL
|
|
Any matches for this attribute are expected to have a value of an LDAP URL.
|
|
.i sendmail
|
|
will perform a lookup of that URL and use the results from the attributes
|
|
named in that URL.
|
|
Note however that the search is done using the current LDAP connection,
|
|
regardless of what is specified as the scheme, LDAP host, and LDAP
|
|
port in the LDAP URL.
|
|
.lp
|
|
Any untyped attributes are considered
|
|
.sm NORMAL
|
|
attributes as described above.
|
|
.pp
|
|
The optional \fIOBJECTCLASS\fP (| separated) list contains the
|
|
objectClass values for which that attribute applies.
|
|
If the list is given,
|
|
the attribute named will only be used if the LDAP record being returned is a
|
|
member of that object class.
|
|
Note that if these new value attribute \fITYPE\fPs are used in an
|
|
AliasFile
|
|
option setting, it will need to be double quoted to prevent
|
|
.i sendmail
|
|
from misparsing the colons.
|
|
.pp
|
|
Note that LDAP recursion attributes which do not ultimately point to an
|
|
LDAP record are not considered an error.
|
|
.sh 4 "Example"
|
|
.pp
|
|
Since examples usually help clarify, here is an example which uses all
|
|
four of the new types:
|
|
.(b
|
|
O LDAPDefaultSpec=-h ldap.example.com -b dc=example,dc=com
|
|
|
|
Kexample ldap
|
|
-z,
|
|
-k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0))
|
|
-v sendmailMTAAliasValue,mail:NORMAL:inetOrgPerson,
|
|
uniqueMember:DN:groupOfUniqueNames,
|
|
sendmailMTAAliasSearch:FILTER:sendmailMTAAliasObject,
|
|
sendmailMTAAliasURL:URL:sendmailMTAAliasObject
|
|
.)b
|
|
.pp
|
|
That definition specifies that:
|
|
.bu
|
|
Any value in a
|
|
.sm sendmailMTAAliasValue
|
|
attribute will be added to the result string regardless of object class.
|
|
.bu
|
|
The
|
|
.sm mail
|
|
attribute will be added to the result string if
|
|
the LDAP record is a member of the
|
|
.sm inetOrgPerson
|
|
object class.
|
|
.bu
|
|
The
|
|
.sm uniqueMember
|
|
attribute is a recursive attribute, used only in
|
|
.sm groupOfUniqueNames
|
|
records, and should contain an LDAP DN pointing to another LDAP record.
|
|
The desire here is to return the
|
|
.sm mail
|
|
attribute from those DNs.
|
|
.bu
|
|
The
|
|
.sm sendmailMTAAliasSearch
|
|
attribute and
|
|
.sm sendmailMTAAliasURL
|
|
are both used only if referenced in a
|
|
.sm sendmailMTAAliasObject .
|
|
They are both recursive, the first for a new LDAP search string and the
|
|
latter for an LDAP URL.
|
|
.sh 2 "STARTTLS"
|
|
.pp
|
|
In this section we assume that
|
|
.i sendmail
|
|
has been compiled with support for STARTTLS.
|
|
To properly understand the use of STARTTLS in
|
|
.i sendmail ,
|
|
it is necessary to understand at least some basics about X.509 certificates
|
|
and public key cryptography.
|
|
This information can be found in books about SSL/TLS
|
|
or on WWW sites, e.g.,
|
|
.q http://www.OpenSSL.org/ .
|
|
.sh 3 "Certificates for STARTTLS"
|
|
.pp
|
|
When acting as a server,
|
|
.i sendmail
|
|
requires X.509 certificates to support STARTTLS:
|
|
one as certificate for the server (ServerCertFile and corresponding
|
|
private ServerKeyFile)
|
|
at least one root CA (CACertFile),
|
|
i.e., a certificate that is used to sign other certificates,
|
|
and a path to a directory which contains (zero or more) other CAs (CACertPath).
|
|
The file specified via
|
|
CACertFile
|
|
can contain several certificates of CAs.
|
|
The DNs of these certificates are sent
|
|
to the client during the TLS handshake (as part of the
|
|
CertificateRequest) as the list of acceptable CAs.
|
|
However, do not list too many root CAs in that file, otherwise
|
|
the TLS handshake may fail; e.g.,
|
|
.(b
|
|
error:14094417:SSL routines:SSL3_READ_BYTES:
|
|
sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47
|
|
.)b
|
|
You should probably put only the CA cert into that file
|
|
that signed your own cert(s), or at least only those you trust.
|
|
The CACertPath directory must contain the hashes of each CA certificate
|
|
as filenames (or as links to them).
|
|
Symbolic links can be generated with the following
|
|
two (Bourne) shell commands:
|
|
.(b
|
|
C=FileName_of_CA_Certificate
|
|
ln -s $C `openssl x509 -noout -hash < $C`.0
|
|
.)b
|
|
A better way to do this is to use the
|
|
.b c_rehash
|
|
command that is part of the OpenSSL distribution
|
|
because it handles subject hash collisions
|
|
by incrementing the number in the suffix of the filename of the symbolic link,
|
|
e.g.,
|
|
.b \&.0
|
|
to
|
|
.b \&.1 ,
|
|
and so on.
|
|
An X.509 certificate is also required for authentication in client mode
|
|
(ClientCertFile and corresponding private ClientKeyFile), however,
|
|
.i sendmail
|
|
will always use STARTTLS when offered by a server.
|
|
The client and server certificates can be identical.
|
|
Certificates can be obtained from a certificate authority
|
|
or created with the help of OpenSSL.
|
|
The required format for certificates and private keys is PEM.
|
|
To allow for automatic startup of sendmail, private keys
|
|
(ServerKeyFile, ClientKeyFile)
|
|
must be stored unencrypted.
|
|
The keys are only protected by the permissions of the file system.
|
|
Never make a private key available to a third party.
|
|
.pp
|
|
The options
|
|
.i ClientCertFile ,
|
|
.i ClientKeyFile ,
|
|
.i ServerCertFile ,
|
|
and
|
|
.i ServerKeyFile
|
|
can take a second file name,
|
|
which must be separated from the first with a comma
|
|
(note: do not use any spaces)
|
|
to set up a second cert/key pair.
|
|
This can be used to have certs of different types,
|
|
e.g., RSA and DSA.
|
|
.sh 3 "PRNG for STARTTLS"
|
|
.pp
|
|
STARTTLS requires a strong pseudo random number generator (PRNG)
|
|
to operate properly.
|
|
Depending on the TLS library you use, it may be required to explicitly
|
|
initialize the PRNG with random data.
|
|
OpenSSL makes use of
|
|
.b /dev/urandom(4)
|
|
if available (this corresponds to the compile flag HASURANDOMDEV).
|
|
On systems which lack this support, a random file must be specified in the
|
|
.i sendmail.cf
|
|
file using the option RandFile.
|
|
It is
|
|
.b strongly
|
|
advised to use the "Entropy Gathering Daemon" EGD
|
|
from Brian Warner on those systems to provide useful random data.
|
|
In this case,
|
|
.i sendmail
|
|
must be compiled with the flag EGD, and the
|
|
RandFile option must point to the EGD socket.
|
|
If neither
|
|
.b /dev/urandom(4)
|
|
nor EGD are available, you have to make sure
|
|
that useful random data is available all the time in RandFile.
|
|
If the file hasn't been modified in the last 10 minutes before
|
|
it is supposed to be used by
|
|
.i sendmail
|
|
the content is considered obsolete.
|
|
One method for generating this file is:
|
|
.(b
|
|
openssl rand -out /etc/mail/randfile -rand \c
|
|
.i /path/to/file:... \c
|
|
256
|
|
.)b
|
|
See the OpenSSL documentation for more information.
|
|
In this case, the PRNG for TLS is only
|
|
seeded with other random data if the
|
|
.b DontBlameSendmail
|
|
option
|
|
.b InsufficientEntropy
|
|
is set.
|
|
This is most likely not sufficient for certain actions, e.g.,
|
|
generation of (temporary) keys.
|
|
.pp
|
|
Please see the OpenSSL documentation or other sources
|
|
for further information about certificates, their creation and their usage,
|
|
the importance of a good PRNG, and other aspects of TLS.
|
|
.sh 2 "Encoding of STARTTLS and AUTH related Macros"
|
|
.pp
|
|
Macros that contain STARTTLS and AUTH related data which comes from outside
|
|
sources, e.g., all macros containing information from certificates,
|
|
are encoded to avoid problems with non-printable or special characters.
|
|
The latter are '\\', '<', '>', '(', ')', '"', '+', and ' '.
|
|
All of these characters are replaced by their value in hexadecimal
|
|
with a leading '+'.
|
|
For example:
|
|
.(b
|
|
/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/
|
|
Email=darth+cert@endmail.org
|
|
.)b
|
|
is encoded as:
|
|
.(b
|
|
/C=US/ST=California/O=endmail.org/OU=private/
|
|
CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org
|
|
.)b
|
|
(line breaks have been inserted for readability).
|
|
The macros which are subject to this encoding are
|
|
{cert_subject}, {cert_issuer}, {cn_subject}, {cn_issuer},
|
|
as well as
|
|
{auth_authen} and {auth_author}.
|
|
.sh 1 "ACKNOWLEDGEMENTS"
|
|
.pp
|
|
I've worked on
|
|
.i sendmail
|
|
for many years,
|
|
and many employers have been remarkably patient
|
|
about letting me work on a large project
|
|
that was not part of my official job.
|
|
This includes time on the INGRES Project at
|
|
the University of California at Berkeley,
|
|
at Britton Lee,
|
|
and again on the Mammoth and Titan Projects at Berkeley.
|
|
.pp
|
|
Much of the second wave of improvements
|
|
resulting in version 8.1
|
|
should be credited to Bryan Costales of the
|
|
International Computer Science Institute.
|
|
As he passed me drafts of his book on
|
|
.i sendmail
|
|
I was inspired to start working on things again.
|
|
Bryan was also available to bounce ideas off of.
|
|
.pp
|
|
Gregory Neil Shapiro
|
|
of Worcester Polytechnic Institute
|
|
has become instrumental in all phases of
|
|
.i sendmail
|
|
support and development,
|
|
and was largely responsible for getting versions 8.8 and 8.9
|
|
out the door.
|
|
.pp
|
|
Many, many people contributed chunks of code and ideas to
|
|
.i sendmail .
|
|
It has proven to be a group network effort.
|
|
Version 8 in particular was a group project.
|
|
The following people and organizations made notable contributions:
|
|
.(l
|
|
Claus Assmann
|
|
John Beck, Hewlett-Packard & Sun Microsystems
|
|
Keith Bostic, CSRG, University of California, Berkeley
|
|
Andrew Cheng, Sun Microsystems
|
|
Michael J. Corrigan, University of California, San Diego
|
|
Bryan Costales, International Computer Science Institute & InfoBeat
|
|
Pa\*:r (Pell) Emanuelsson
|
|
Craig Everhart, Transarc Corporation
|
|
Per Hedeland, Ericsson
|
|
Tom Ivar Helbekkmo, Norwegian School of Economics
|
|
Kari Hurtta, Finnish Meteorological Institute
|
|
Allan E. Johannesen, WPI
|
|
Jonathan Kamens, OpenVision Technologies, Inc.
|
|
Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd.
|
|
Brian Kantor, University of California, San Diego
|
|
John Kennedy, Cal State University, Chico
|
|
Murray S. Kucherawy, HookUp Communication Corp.
|
|
Bruce Lilly, Sony U.S.
|
|
Karl London
|
|
Motonori Nakamura, Ritsumeikan University & Kyoto University
|
|
John Gardiner Myers, Carnegie Mellon University
|
|
Neil Rickert, Northern Illinois University
|
|
Gregory Neil Shapiro, WPI
|
|
Eric Schnoebelen, Convex Computer Corp.
|
|
Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
|
|
Randall Winchester, University of Maryland
|
|
Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris)
|
|
Exactis.com, Inc.
|
|
.)l
|
|
I apologize for anyone I have omitted, misspelled, misattributed, or
|
|
otherwise missed.
|
|
At this point, I suspect that at least a hundred people
|
|
have contributed code,
|
|
and many more have contributed ideas, comments, and encouragement.
|
|
I've tried to list them in the RELEASE_NOTES in the distribution directory.
|
|
I appreciate their contribution as well.
|
|
.pp
|
|
Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel,
|
|
who besides being wonderful guinea pigs and contributors
|
|
have also consented to be added to the ``sendmail@Sendmail.ORG'' list
|
|
and, by answering the bulk of the questions sent to that list,
|
|
have freed me up to do other work.
|
|
.++ A
|
|
.+c "COMMAND LINE FLAGS"
|
|
.ba 0
|
|
.nr ii 1i
|
|
.pp
|
|
Arguments must be presented with flags before addresses.
|
|
The flags are:
|
|
.ip \-A\fIx\fP
|
|
Select an alternative .cf file which is either
|
|
.i sendmail.cf
|
|
for
|
|
.b \-Am
|
|
or
|
|
.i submit.cf
|
|
for
|
|
.b \-Ac .
|
|
By default the .cf file is chosen based on the operation mode.
|
|
For
|
|
.b -bm
|
|
(default),
|
|
.b -bs ,
|
|
and
|
|
.b -t
|
|
it is
|
|
.i submit.cf
|
|
if it exists, for all others it is
|
|
.i sendmail.cf .
|
|
.ip \-b\fIx\fP
|
|
Set operation mode to
|
|
.i x .
|
|
Operation modes are:
|
|
.(b
|
|
.ta 4n
|
|
m Deliver mail (default)
|
|
s Speak SMTP on input side
|
|
a\(dg ``Arpanet'' mode (get envelope sender information from header)
|
|
C Check the configuration file
|
|
d Run as a daemon in background
|
|
D Run as a daemon in foreground
|
|
t Run in test mode
|
|
v Just verify addresses, don't collect or deliver
|
|
i Initialize the alias database
|
|
p Print the mail queue
|
|
P Print overview over the mail queue (requires shared memory)
|
|
h Print the persistent host status database
|
|
H Purge expired entries from the persistent host status database
|
|
.)b
|
|
.(f
|
|
\(dgDeprecated.
|
|
.)f
|
|
.ip \-B\fItype\fP
|
|
Indicate body type.
|
|
.ip \-C\fIfile\fP
|
|
Use a different configuration file.
|
|
.i Sendmail
|
|
runs as the invoking user (rather than root)
|
|
when this flag is specified.
|
|
.ip "\-D \fIlogfile\fP"
|
|
Send debugging output to the indicated
|
|
.i logfile
|
|
instead of stdout.
|
|
.ip \-d\fIlevel\fP
|
|
Set debugging level.
|
|
.ip "\-f\ \fIaddr\fP"
|
|
The envelope sender address is set to
|
|
.i addr .
|
|
This address may also be used in the From: header
|
|
if that header is missing during initial submission.
|
|
The envelope sender address is used as the recipient
|
|
for delivery status notifications
|
|
and may also appear in a Return-Path: header.
|
|
.ip \-F\ \fIname\fP
|
|
Sets the full name of this user to
|
|
.i name .
|
|
.ip \-G
|
|
When accepting messages via the command line,
|
|
indicate that they are for relay (gateway) submission.
|
|
sendmail may complain about syntactically invalid messages,
|
|
e.g., unqualified host names,
|
|
rather than fixing them when this flag is set.
|
|
sendmail will not do any canonicalization in this mode.
|
|
.ip "\-h\ \fIcnt\fP"
|
|
Sets the
|
|
.q "hop count"
|
|
to
|
|
.i cnt .
|
|
This represents the number of times this message has been processed
|
|
by
|
|
.i sendmail
|
|
(to the extent that it is supported by the underlying networks).
|
|
.i Cnt
|
|
is incremented during processing,
|
|
and if it reaches
|
|
MAXHOP
|
|
(currently 25)
|
|
.i sendmail
|
|
throws away the message with an error.
|
|
.ip "\-L \fItag\fP"
|
|
Sets the identifier used for syslog.
|
|
Note that this identifier is set
|
|
as early as possible.
|
|
However,
|
|
.i sendmail
|
|
may be used
|
|
if problems arise
|
|
before the command line arguments
|
|
are processed.
|
|
.ip \-n
|
|
Don't do aliasing or forwarding.
|
|
.ip "\-N \fInotifications\fP"
|
|
Tag all addresses being sent as wanting the indicated
|
|
.i notifications ,
|
|
which consists of the word
|
|
.q NEVER
|
|
or a comma-separated list of
|
|
.q SUCCESS ,
|
|
.q FAILURE ,
|
|
and
|
|
.q DELAY
|
|
for successful delivery,
|
|
failure,
|
|
and a message that is stuck in a queue somewhere.
|
|
The default is
|
|
.q FAILURE,DELAY .
|
|
.ip "\-r\ \fIaddr\fP"
|
|
An obsolete form of
|
|
.b \-f .
|
|
.ip \-o\fIx\|value\fP
|
|
Set option
|
|
.i x
|
|
to the specified
|
|
.i value .
|
|
These options are described in Section 5.6.
|
|
.ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
|
|
Set
|
|
.i option
|
|
to the specified
|
|
.i value
|
|
(for long form option names).
|
|
These options are described in Section 5.6.
|
|
.ip \-M\fIx\|value\fP
|
|
Set macro
|
|
.i x
|
|
to the specified
|
|
.i value .
|
|
.ip \-p\fIprotocol\fP
|
|
Set the sending protocol.
|
|
Programs are encouraged to set this.
|
|
The protocol field can be in the form
|
|
.i protocol \c
|
|
.b : \c
|
|
.i host
|
|
to set both the sending protocol and sending host.
|
|
For example,
|
|
.q \-pUUCP:uunet
|
|
sets the sending protocol to UUCP
|
|
and the sending host to uunet.
|
|
(Some existing programs use \-oM to set the r and s macros;
|
|
this is equivalent to using \-p.)
|
|
.ip \-q\fItime\fP
|
|
Try to process the queued up mail.
|
|
If the time is given,
|
|
a
|
|
.i sendmail
|
|
will start one or more processes to run through the queue(s) at the specified
|
|
time interval to deliver queued mail; otherwise, it only runs once.
|
|
Each of these processes acts on a workgroup.
|
|
These processes are also known as workgroup processes or WGP's for short.
|
|
Each workgroup is responsible for controlling the processing of one or
|
|
more queues; workgroups help manage the use of system resources by sendmail.
|
|
Each workgroup may have one or more children concurrently processing
|
|
queues depending on the setting of \fIMaxQueueChildren\fP.
|
|
.ip \-qp\fItime\fP
|
|
Similar to \-q with a time argument,
|
|
except that instead of periodically starting WGP's
|
|
sendmail starts persistent WGP's
|
|
that alternate between processing queues and sleeping.
|
|
The sleep time is specified by the time argument; it defaults to 1 second,
|
|
except that a WGP always sleeps at least 5 seconds if their queues were
|
|
empty in the previous run.
|
|
Persistent processes are managed by a queue control process (QCP).
|
|
The QCP is the parent process of the WGP's.
|
|
Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD)
|
|
or a special process (named Queue control) (when started without \-bd or \-bD).
|
|
If a persistent WGP ceases to be active for some reason
|
|
another WGP will be started by the QCP for the same workgroup
|
|
in most cases. When a persistent WGP has core dumped, the debug flag
|
|
\fIno_persistent_restart\fP is set or the specific persistent WGP has been
|
|
restarted too many times already then the WGP will not be started again
|
|
and a message will be logged to this effect.
|
|
To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate
|
|
signal should be sent to the QCP. The QCP will propagate the signal to all of
|
|
the WGP's and if appropriate restart the persistent WGP's.
|
|
.ip \-q\fIGname\fP
|
|
Run the jobs in the queue group
|
|
.i name
|
|
once.
|
|
.ip \-q[!]\fIXstring\fP
|
|
Run the queue once,
|
|
limiting the jobs to those matching
|
|
.i Xstring .
|
|
The key letter
|
|
.i X
|
|
can be
|
|
.b I
|
|
to limit based on queue identifier,
|
|
.b R
|
|
to limit based on recipient,
|
|
.b S
|
|
to limit based on sender,
|
|
or
|
|
.b Q
|
|
to limit based on quarantine reason for quarantined jobs.
|
|
A particular queued job is accepted if one of the corresponding attributes
|
|
contains the indicated
|
|
.i string .
|
|
The optional ! character negates the condition tested.
|
|
Multiple
|
|
.i \-q\fIX\fP
|
|
flags are permitted,
|
|
with items with the same key letter
|
|
.q or'ed
|
|
together, and items with different key letters
|
|
.q and'ed
|
|
together.
|
|
.ip "\-Q[reason]"
|
|
Quarantine a normal queue items with the given reason or
|
|
unquarantine quarantined queue items if no reason is given.
|
|
This should only be used with some sort of item matching using
|
|
.b \-q[!]\fIXstring\fP
|
|
as described above.
|
|
.ip "\-R ret"
|
|
What information you want returned if the message bounces;
|
|
.i ret
|
|
can be
|
|
.q HDRS
|
|
for headers only or
|
|
.q FULL
|
|
for headers plus body.
|
|
This is a request only;
|
|
the other end is not required to honor the parameter.
|
|
If
|
|
.q HDRS
|
|
is specified local bounces also return only the headers.
|
|
.ip \-t
|
|
Read the header for
|
|
.q To: ,
|
|
.q Cc: ,
|
|
and
|
|
.q Bcc:
|
|
lines, and send to everyone listed in those lists.
|
|
The
|
|
.q Bcc:
|
|
line will be deleted before sending.
|
|
Any addresses in the argument vector will be deleted
|
|
from the send list.
|
|
.ip "\-V envid"
|
|
The indicated
|
|
.i envid
|
|
is passed with the envelope of the message
|
|
and returned if the message bounces.
|
|
.ip "\-X \fIlogfile\fP"
|
|
Log all traffic in and out of
|
|
.i sendmail
|
|
in the indicated
|
|
.i logfile
|
|
for debugging mailer problems.
|
|
This produces a lot of data very quickly and should be used sparingly.
|
|
.pp
|
|
There are a number of options that may be specified as
|
|
primitive flags.
|
|
These are the e, i, m, and v options.
|
|
Also,
|
|
the f option
|
|
may be specified as the
|
|
.b \-s
|
|
flag.
|
|
The DSN related options
|
|
.q "\-N" ,
|
|
.q "\-R" ,
|
|
and
|
|
.q "\-V"
|
|
have no effects on
|
|
.i sendmail
|
|
running as daemon.
|
|
.+c "QUEUE FILE FORMATS"
|
|
.pp
|
|
This appendix describes the format of the queue files.
|
|
These files live in a queue directory.
|
|
The individual qf, hf, Qf, df, and xf files
|
|
may be stored in separate
|
|
.i qf/ ,
|
|
.i df/ ,
|
|
and
|
|
.i xf/
|
|
subdirectories
|
|
if they are present in the queue directory.
|
|
.pp
|
|
All queue files have the name
|
|
.i ttYMDhmsNNppppp
|
|
where
|
|
.i YMDhmsNNppppp
|
|
is the
|
|
.i id
|
|
for this message
|
|
and the
|
|
.i tt
|
|
is a type.
|
|
The individual letters in the
|
|
.i id
|
|
are:
|
|
.nr ii 0.5i
|
|
.ip Y
|
|
Encoded year
|
|
.ip M
|
|
Encoded month
|
|
.ip D
|
|
Encoded day
|
|
.ip h
|
|
Encoded hour
|
|
.ip m
|
|
Encoded minute
|
|
.ip s
|
|
Encoded second
|
|
.ip NN
|
|
Encoded envelope number
|
|
.ip ppppp
|
|
At least five decimal digits of the process ID
|
|
.pp
|
|
All files with the same id collectively define one message.
|
|
Due to the use of memory-buffered files,
|
|
some of these files may never appear on disk.
|
|
.pp
|
|
The types are:
|
|
.nr ii 0.5i
|
|
.ip qf
|
|
The queue control file.
|
|
This file contains the information necessary to process the job.
|
|
.ip hf
|
|
The same as a queue control file, but for a quarantined queue job.
|
|
.ip df
|
|
The data file.
|
|
The message body (excluding the header) is kept in this file.
|
|
Sometimes the df file is not stored in the same directory as the qf file;
|
|
in this case,
|
|
the qf file contains a `d' record which names the queue directory
|
|
that contains the df file.
|
|
.ip tf
|
|
A temporary file.
|
|
This is an image of the
|
|
.b qf
|
|
file when it is being rebuilt.
|
|
It should be renamed to a
|
|
.b qf
|
|
file very quickly.
|
|
.ip xf
|
|
A transcript file,
|
|
existing during the life of a session
|
|
showing everything that happens
|
|
during that session.
|
|
Sometimes the xf file must be generated before a queue group has been selected;
|
|
in this case,
|
|
the xf file will be stored in a directory of the default queue group.
|
|
.ip Qf
|
|
A ``lost'' queue control file.
|
|
.i sendmail
|
|
renames a
|
|
.b qf
|
|
file to
|
|
.b Qf
|
|
if there is a severe (configuration) problem that cannot be solved without
|
|
human intervention.
|
|
Search the logfile for the queue file id to figure out what happened.
|
|
After you resolved the problem, you can rename the
|
|
.b Qf
|
|
file to
|
|
.b qf
|
|
and send it again.
|
|
.pp
|
|
The queue control file is structured as a series of lines
|
|
each beginning with a code letter.
|
|
The lines are as follows:
|
|
.ip V
|
|
The version number of the queue file format,
|
|
used to allow new
|
|
.i sendmail
|
|
binaries to read queue files created by older versions.
|
|
Defaults to version zero.
|
|
Must be the first line of the file if present.
|
|
For 8.12 the version number is 6.
|
|
.ip A
|
|
The information given by the AUTH= parameter of the
|
|
.q "MAIL FROM:"
|
|
command or $f@$j
|
|
if sendmail has been called directly.
|
|
.ip H
|
|
A header definition.
|
|
There may be any number of these lines.
|
|
The order is important:
|
|
they represent the order in the final message.
|
|
These use the same syntax
|
|
as header definitions in the configuration file.
|
|
.ip C
|
|
The controlling address.
|
|
The syntax is
|
|
.q localuser:aliasname .
|
|
Recipient addresses following this line
|
|
will be flagged so that deliveries will be run as the
|
|
.i localuser
|
|
(a user name from the /etc/passwd file);
|
|
.i aliasname
|
|
is the name of the alias that expanded to this address
|
|
(used for printing messages).
|
|
.ip q
|
|
The quarantine reason for quarantined queue items.
|
|
.ip Q
|
|
The ``original recipient'',
|
|
specified by the ORCPT= field in an ESMTP transaction.
|
|
Used exclusively for Delivery Status Notifications.
|
|
It applies only to the following `R' line.
|
|
.ip r
|
|
The ``final recipient''
|
|
used for Delivery Status Notifications.
|
|
It applies only to the following `R' line.
|
|
.ip R
|
|
A recipient address.
|
|
This will normally be completely aliased,
|
|
but is actually realiased when the job is processed.
|
|
There will be one line for each recipient.
|
|
Version 1 qf files
|
|
also include a leading colon-terminated list of flags,
|
|
which can be
|
|
`S' to return a message on successful final delivery,
|
|
`F' to return a message on failure,
|
|
`D' to return a message if the message is delayed,
|
|
`B' to indicate that the body should be returned,
|
|
`N' to suppress returning the body,
|
|
and
|
|
`P' to declare this as a ``primary'' (command line or SMTP-session) address.
|
|
.ip S
|
|
The sender address.
|
|
There may only be one of these lines.
|
|
.ip T
|
|
The job creation time.
|
|
This is used to compute when to time out the job.
|
|
.ip P
|
|
The current message priority.
|
|
This is used to order the queue.
|
|
Higher numbers mean lower priorities.
|
|
The priority changes
|
|
as the message sits in the queue.
|
|
The initial priority depends on the message class
|
|
and the size of the message.
|
|
.ip M
|
|
A message.
|
|
This line is printed by the
|
|
.i mailq
|
|
command,
|
|
and is generally used to store status information.
|
|
It can contain any text.
|
|
.ip F
|
|
Flag bits, represented as one letter per flag.
|
|
Defined flag bits are
|
|
.b r
|
|
indicating that this is a response message
|
|
and
|
|
.b w
|
|
indicating that a warning message has been sent
|
|
announcing that the mail has been delayed.
|
|
Other flag bits are:
|
|
.b 8 :
|
|
the body contains 8bit data,
|
|
.b b :
|
|
a Bcc: header should be removed,
|
|
.b d :
|
|
the mail has RET parameters (see RFC 1894),
|
|
.b n :
|
|
the body of the message should not be returned
|
|
in case of an error,
|
|
.b s :
|
|
the envelope has been split.
|
|
.ip N
|
|
The total number of delivery attempts.
|
|
.ip K
|
|
The time (as seconds since January 1, 1970)
|
|
of the last delivery attempt.
|
|
.ip d
|
|
If the df file is in a different directory than the qf file,
|
|
then a `d' record is present,
|
|
specifying the directory in which the df file resides.
|
|
.ip I
|
|
The i-number of the data file;
|
|
this can be used to recover your mail queue
|
|
after a disastrous disk crash.
|
|
.ip $
|
|
A macro definition.
|
|
The values of certain macros
|
|
are passed through to the queue run phase.
|
|
.ip B
|
|
The body type.
|
|
The remainder of the line is a text string defining the body type.
|
|
If this field is missing,
|
|
the body type is assumed to be
|
|
.q "undefined"
|
|
and no special processing is attempted.
|
|
Legal values are
|
|
.q 7BIT
|
|
and
|
|
.q 8BITMIME .
|
|
.ip Z
|
|
The original envelope id (from the ESMTP transaction).
|
|
For Deliver Status Notifications only.
|
|
.pp
|
|
As an example,
|
|
the following is a queue file sent to
|
|
.q eric@mammoth.Berkeley.EDU
|
|
and
|
|
.q bostic@okeeffe.CS.Berkeley.EDU \**:
|
|
.(f
|
|
\**This example is contrived and probably inaccurate for your environment.
|
|
Glance over it to get an idea;
|
|
nothing can replace looking at what your own system generates.
|
|
.)f
|
|
.(b
|
|
V4
|
|
T711358135
|
|
K904446490
|
|
N0
|
|
P2100941
|
|
$_eric@localhost
|
|
${daemon_flags}
|
|
Seric
|
|
Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU
|
|
RPFD:eric@mammoth.Berkeley.EDU
|
|
RPFD:bostic@okeeffe.CS.Berkeley.EDU
|
|
H?P?Return-path: <^g>
|
|
H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
|
|
Fri, 17 Jul 1992 00:28:55 -0700
|
|
H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
|
|
id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
|
|
H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
|
|
id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
|
|
H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
|
|
id AA22757; Fri, 17 Jul 1992 09:31:25 GMT
|
|
H?F?From: eric@foo.bar.baz.de (Eric Allman)
|
|
H?x?Full-name: Eric Allman
|
|
H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
|
|
H??To: sendmail@vangogh.CS.Berkeley.EDU
|
|
H??Subject: this is an example message
|
|
.)b
|
|
This shows
|
|
the person who sent the message,
|
|
the submission time
|
|
(in seconds since January 1, 1970),
|
|
the message priority,
|
|
the message class,
|
|
the recipients,
|
|
and the headers for the message.
|
|
.+c "SUMMARY OF SUPPORT FILES"
|
|
.pp
|
|
This is a summary of the support files
|
|
that
|
|
.i sendmail
|
|
creates or generates.
|
|
Many of these can be changed by editing the sendmail.cf file;
|
|
check there to find the actual pathnames.
|
|
.nr ii 1i
|
|
.ip "/usr/\*(SD/sendmail"
|
|
The binary of
|
|
.i sendmail .
|
|
.ip /usr/\*(SB/newaliases
|
|
A link to /usr/\*(SD/sendmail;
|
|
causes the alias database to be rebuilt.
|
|
Running this program is completely equivalent to giving
|
|
.i sendmail
|
|
the
|
|
.b \-bi
|
|
flag.
|
|
.ip /usr/\*(SB/mailq
|
|
Prints a listing of the mail queue.
|
|
This program is equivalent to using the
|
|
.b \-bp
|
|
flag to
|
|
.i sendmail .
|
|
.ip /etc/mail/sendmail.cf
|
|
The configuration file,
|
|
in textual form.
|
|
.ip /etc/mail/helpfile
|
|
The SMTP help file.
|
|
.ip /etc/mail/statistics
|
|
A statistics file; need not be present.
|
|
.ip /etc/mail/sendmail.pid
|
|
Created in daemon mode;
|
|
it contains the process id of the current SMTP daemon.
|
|
If you use this in scripts;
|
|
use ``head \-1'' to get just the first line;
|
|
the second line contains the command line used to invoke the daemon,
|
|
and later versions of
|
|
.i sendmail
|
|
may add more information to subsequent lines.
|
|
.ip /etc/mail/aliases
|
|
The textual version of the alias file.
|
|
.ip /etc/mail/aliases.db
|
|
The alias file in
|
|
.i hash \|(3)
|
|
format.
|
|
.ip /etc/mail/aliases.{pag,dir}
|
|
The alias file in
|
|
.i ndbm \|(3)
|
|
format.
|
|
.ip /var/spool/mqueue
|
|
The directory in which the mail queue(s)
|
|
and temporary files reside.
|
|
.ip /var/spool/mqueue/qf*
|
|
Control (queue) files for messages.
|
|
.ip /var/spool/mqueue/df*
|
|
Data files.
|
|
.ip /var/spool/mqueue/tf*
|
|
Temporary versions of the qf files,
|
|
used during queue file rebuild.
|
|
.ip /var/spool/mqueue/xf*
|
|
A transcript of the current session.
|
|
.if o \
|
|
\{\
|
|
. bp
|
|
. rs
|
|
. sp |4i
|
|
. ce 2
|
|
This page intentionally left blank;
|
|
replace it with a blank sheet for double-sided output.
|
|
.\}
|
|
.\".ro
|
|
.\".ls 1
|
|
.\".tp
|
|
.\".sp 2i
|
|
.\".in 0
|
|
.\".ce 100
|
|
.\".sz 24
|
|
.\".b SENDMAIL
|
|
.\".sz 14
|
|
.\".sp
|
|
.\"INSTALLATION AND OPERATION GUIDE
|
|
.\".sp
|
|
.\".sz 10
|
|
.\"Eric Allman
|
|
.\".sp
|
|
.\"Version $Revision: 8.759 $
|
|
.\".ce 0
|
|
.bp 3
|
|
.ce
|
|
.sz 12
|
|
TABLE OF CONTENTS
|
|
.sz 10
|
|
.sp
|
|
.\" remove some things to avoid "out of temp file space" problem
|
|
.rm sh
|
|
.rm (x
|
|
.rm )x
|
|
.rm ip
|
|
.rm pp
|
|
.rm lp
|
|
.rm he
|
|
.rm fo
|
|
.rm eh
|
|
.rm oh
|
|
.rm ef
|
|
.rm of
|
|
.xp
|
|
.if o \
|
|
\{\
|
|
. bp
|
|
. rs
|
|
. sp |4i
|
|
. ce 2
|
|
This page intentionally left blank;
|
|
replace it with a blank sheet for double-sided output.
|
|
.\}
|