diff options
Diffstat (limited to 'contrib/sendmail/doc/op/op.me')
| -rw-r--r-- | contrib/sendmail/doc/op/op.me | 10787 |
1 files changed, 0 insertions, 10787 deletions
diff --git a/contrib/sendmail/doc/op/op.me b/contrib/sendmail/doc/op/op.me deleted file mode 100644 index be3340de2f38a..0000000000000 --- a/contrib/sendmail/doc/op/op.me +++ /dev/null @@ -1,10787 +0,0 @@ -.\" Copyright (c) 1998-2002 Sendmail, Inc. and its suppliers. -.\" All rights reserved. -.\" Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. -.\" Copyright (c) 1983, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" By using this file, you agree to the terms and conditions set -.\" forth in the LICENSE file which can be found at the top level of -.\" the sendmail distribution. -.\" -.\" -.\" $Id: op.me,v 8.609.2.17 2002/12/18 22:50:15 ca Exp $ -.\" -.\" eqn op.me | pic | troff -me -.\" -.\" Define \(sc if not defined (for text output) -.\" -.if !c \(sc .char \(sc S -.\" -.\" Define \(dg as "*" for text output and create a new .DG macro -.\" which describes the symbol. -.\" -.if n .ds { [ -.if n .ds } ] -.ie !c \(dg \{\ -.char \(dg * -.de DG -an asterick -.. -.\} -.el \{\ -.de DG -a dagger -.. -.\} -.\" -.\" Define \(dd as "#" for text output and create a new .DD macro -.\" which describes the symbol. -.\" -.ie !c \(dd \{\ -.char \(dd # -.de DD -a pound sign -.. -.\} -.el \{\ -.de DD -a double dagger -.. -.\} -.eh 'SMM:08-%''Sendmail Installation and Operation Guide' -.oh 'Sendmail Installation and Operation Guide''SMM:08-%' -.\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin -.ds SD sbin -.\" SB is bin if newaliases/mailq are installed in /usr/bin, ucb if in /usr/ucb -.ds SB bin -.nr si 3n -.de $0 -.(x -.in \\$3u*3n -.ti -3n -\\$2. \\$1 -.)x -.. -.de $C -.(x -.in 0 -\\$1 \\$2. \\$3 -.)x -.. -.+c -.(l C -.sz 16 -.b SENDMAIL\u\s-6TM\s0\d -.sz 12 -.sp -.b "INSTALLATION AND OPERATION GUIDE" -.(f -.b DISCLAIMER: -This documentation is under modification. -.)f -.sz 10 -.sp -.r -Eric Allman -Gregory Neil Shapiro -Claus Assmann -Sendmail, Inc. -.sp -.de Ve -Version \\$2 -.. -.Ve $Revision: 8.609.2.17 $ -.rm Ve -.sp -For Sendmail Version 8.12 -.)l -.(f -Sendmail is a trademark of Sendmail, Inc. -.)f -.sp 2 -.pp -.i Sendmail \u\s-2TM\s0\d -implements a general purpose internetwork mail routing facility -under the UNIX\(rg -operating system. -It is not tied to any one transport protocol \*- -its function may be likened to a crossbar switch, -relaying messages from one domain into another. -In the process, -it can do a limited amount of message header editing -to put the message into a format that is appropriate -for the receiving domain. -All of this is done under the control of a configuration file. -.pp -Due to the requirements of flexibility -for -.i sendmail , -the configuration file can seem somewhat unapproachable. -However, there are only a few basic configurations -for most sites, -for which standard configuration files have been supplied. -Most other configurations -can be built by adjusting an existing configuration file -incrementally. -.pp -.i Sendmail -is based on -RFC 821 (Simple Mail Transport Protocol), -RFC 822 (Internet Mail Headers Format), -RFC 974 (MX routing), -RFC 1123 (Internet Host Requirements), -RFC 1413 (Identification server), -RFC 1652 (SMTP 8BITMIME Extension), -RFC 1869 (SMTP Service Extensions), -RFC 1870 (SMTP SIZE Extension), -RFC 1891 (SMTP Delivery Status Notifications), -RFC 1892 (Multipart/Report), -RFC 1893 (Enhanced Mail System Status Codes), -RFC 1894 (Delivery Status Notifications), -RFC 1985 (SMTP Service Extension for Remote Message Queue Starting), -RFC 2033 (Local Message Transmission Protocol), -RFC 2034 (SMTP Service Extension for Returning Enhanced Error Codes), -RFC 2045 (MIME), -RFC 2476 (Message Submission), -RFC 2487 (SMTP Service Extension for Secure SMTP over TLS), -RFC 2554 (SMTP Service Extension for Authentication), -RFC 2821 (Simple Mail Transfer Protocol), -RFC 2822 (Internet Message Format), -RFC 2852 (Deliver By SMTP Service Extension), -and -RFC 2920 (SMTP Service Extension for Command Pipelining). -However, since -.i sendmail -is designed to work in a wider world, -in many cases it can be configured to exceed these protocols. -These cases are described herein. -.pp -Although -.i sendmail -is intended to run -without the need for monitoring, -it has a number of features -that may be used to monitor or adjust the operation -under unusual circumstances. -These features are described. -.pp -Section one describes how to do a basic -.i sendmail -installation. -Section two -explains the day-to-day information you should know -to maintain your mail system. -If you have a relatively normal site, -these two sections should contain sufficient information -for you to install -.i sendmail -and keep it happy. -Section three -has information regarding the command line arguments. -Section four -describes some parameters that may be safely tweaked. -Section five -contains the nitty-gritty information about the configuration -file. -This section is for masochists -and people who must write their own configuration file. -Section six -describes configuration that can be done at compile time. -The appendixes give a brief -but detailed explanation of a number of features -not described in the rest of the paper. -.bp 7 -.sh 1 "BASIC INSTALLATION" -.pp -There are two basic steps to installing -.i sendmail . -First, you have to compile and install the binary. -If -.i sendmail -has already been ported to your operating system -that should be simple. -Second, you must build a run-time configuration file. -This is a file that -.i sendmail -reads when it starts up -that describes the mailers it knows about, -how to parse addresses, -how to rewrite the message header, -and the settings of various options. -Although the configuration file can be quite complex, -a configuration can usually be built -using an M4-based configuration language. -Assuming you have the standard -.i sendmail -distribution, see -.i cf/README -for further information. -.pp -The remainder of this section will describe the installation of -.i sendmail -assuming you can use one of the existing configurations -and that the standard installation parameters are acceptable. -All pathnames and examples -are given from the root of the -.i sendmail -subtree, -normally -.i /usr/src/usr.\*(SD/sendmail -on 4.4BSD-based systems. -.pp -Continue with the next section if you need/want to compile -.i sendmail -yourself. -If you have a running binary already on your system, -you should probably skip to section 1.2. -.sh 2 "Compiling Sendmail" -.pp -All -.i sendmail -source is in the -.i sendmail -subdirectory. -To compile sendmail, -.q cd -into the -.i sendmail -directory and type -.(b -\&./Build -.)b -This will leave the binary in an appropriately named subdirectory, -e.g., -obj.BSD-OS.2.1.i386. -It works for multiple object versions -compiled out of the same directory. -.sh 3 "Tweaking the Build Invocation" -.pp -You can give parameters on the -.i Build -command. -In most cases these are only used when the -.i obj.* -directory is first created. -To restart from scratch, use -.i -c . -These commands include: -.nr ii 0.5i -.ip "\-L \fIlibdirs\fP" -A list of directories to search for libraries. -.ip "\-I \fIincdirs\fP" -A list of directories to search for include files. -.ip "\-E \fIenvar\fP=\fIvalue\fP" -Set an environment variable to an indicated -.i value -before compiling. -.ip "\-c" -Create a new -.i obj.* -tree before running. -.ip "\-f \fIsiteconfig\fP" -Read the indicated site configuration file. -If this parameter is not specified, -.i Build -includes -.i all -of the files -.i $BUILDTOOLS/Site/site.$oscf.m4 -and -.i $BUILDTOOLS/Site/site.config.m4 , -where $BUILDTOOLS is normally -.i \&../devtools -and $oscf is the same name as used on the -.i obj.* -directory. -See below for a description of the site configuration file. -.ip "\-S" -Skip auto-configuration. -.i Build -will avoid auto-detecting libraries if this is set. -All libraries and map definitions must be specified -in the site configuration file. -.lp -Most other parameters are passed to the -.i make -program; for details see -.i $BUILDTOOLS/README . -.sh 3 "Creating a Site Configuration File" -.\"XXX -.pp -(This section is not yet complete. -For now, see the file devtools/README for details.) -See sendmail/README for various compilation flags that can be set. -.sh 3 "Tweaking the Makefile" -.pp -.\" .b "XXX This should all be in the Site Configuration File section." -.i Sendmail -supports two different formats -for the local (on disk) version of databases, -notably the -.i aliases -database. -At least one of these should be defined if at all possible. -.nr ii 1i -.ip NDBM -The ``new DBM'' format, -available on nearly all systems around today. -This was the preferred format prior to 4.4BSD. -It allows such complex things as multiple databases -and closing a currently open database. -.ip NEWDB -The Berkeley DB package. -If you have this, use it. -It allows -long records, -multiple open databases, -real in-memory caching, -and so forth. -You can define this in conjunction with -.sm NDBM ; -if you do, -old alias databases are read, -but when a new database is created it will be in NEWDB format. -As a nasty hack, -if you have NEWDB, NDBM, and NIS defined, -and if the alias file name includes the substring -.q /yp/ , -.i sendmail -will create both new and old versions of the alias file -during a -.i newalias -command. -This is required because the Sun NIS/YP system -reads the DBM version of the alias file. -It's ugly as sin, -but it works. -.lp -If neither of these are defined, -.i sendmail -reads the alias file into memory on every invocation. -This can be slow and should be avoided. -There are also several methods for remote database access: -.ip LDAP -Lightweight Directory Access Protocol. -.ip NIS -Sun's Network Information Services (formerly YP). -.ip NISPLUS -Sun's NIS+ services. -.ip NETINFO -NeXT's NetInfo service. -.ip HESIOD -Hesiod service (from Athena). -.lp -Other compilation flags are set in -.i conf.h -and should be predefined for you -unless you are porting to a new environment. -For more options see -.i sendmail/README . -.sh 3 "Compilation and installation" -.pp -After making the local system configuration described above, -You should be able to compile and install the system. -The script -.q Build -is the best approach on most systems: -.(b -\&./Build -.)b -This will use -.i uname (1) -to create a custom Makefile for your environment. -.pp -If you are installing in the standard places, -you should be able to install using -.(b -\&./Build install -.)b -This should install the binary in -/usr/\*(SD -and create links from -/usr/\*(SB/newaliases -and -/usr/\*(SB/mailq -to -/usr/\*(SD/sendmail. -On most systems it will also format and install man pages. -Notice: as of version 8.12 -.i sendmail -will no longer be installed set-user-ID root by default. -If you really want to use the old method, you can specify it as target: -.(b -\&./Build install-set-user-id -.)b -.sh 2 "Configuration Files" -.pp -.i Sendmail -cannot operate without a configuration file. -The configuration defines the mail delivery mechanisms understood at this site, -how to access them, -how to forward email to remote mail systems, -and a number of tuning parameters. -This configuration file is detailed -in the later portion of this document. -.pp -The -.i sendmail -configuration can be daunting at first. -The world is complex, -and the mail configuration reflects that. -The distribution includes an m4-based configuration package -that hides a lot of the complexity. -See -.i cf/README -for details. -.pp -Our configuration files are processed by -.i m4 -to facilitate local customization; -the directory -.i cf -of the -.i sendmail -distribution directory -contains the source files. -This directory contains several subdirectories: -.nr ii 1i -.ip cf -Both site-dependent and site-independent descriptions of hosts. -These can be literal host names -(e.g., -.q ucbvax.mc ) -when the hosts are gateways -or more general descriptions -(such as -.q "generic-solaris2.mc" -as a general description of an SMTP-connected host -running Solaris 2.x. -Files ending -.b \&.mc -(``M4 Configuration'') -are the input descriptions; -the output is in the corresponding -.b \&.cf -file. -The general structure of these files is described below. -.ip domain -Site-dependent subdomain descriptions. -These are tied to the way your organization wants to do addressing. -For example, -.b domain/CS.Berkeley.EDU.m4 -is our description for hosts in the CS.Berkeley.EDU subdomain. -These are referenced using the -.sm DOMAIN -.b m4 -macro in the -.b \&.mc -file. -.ip feature -Definitions of specific features that some particular host in your site -might want. -These are referenced using the -.sm FEATURE -.b m4 -macro. -An example feature is -use_cw_file -(which tells -.i sendmail -to read an /etc/mail/local-host-names file on startup -to find the set of local names). -.ip hack -Local hacks, referenced using the -.sm HACK -.b m4 -macro. -Try to avoid these. -The point of having them here is to make it clear that they smell. -.ip m4 -Site-independent -.i m4 (1) -include files that have information common to all configuration files. -This can be thought of as a -.q #include -directory. -.ip mailer -Definitions of mailers, -referenced using the -.sm MAILER -.b m4 -macro. -The mailer types that are known in this distribution are -fax, -local, -smtp, -uucp, -and usenet. -For example, to include support for the UUCP-based mailers, -use -.q MAILER(uucp) . -.ip ostype -Definitions describing various operating system environments -(such as the location of support files). -These are referenced using the -.sm OSTYPE -.b m4 -macro. -.ip sh -Shell files used by the -.b m4 -build process. -You shouldn't have to mess with these. -.ip siteconfig -Local UUCP connectivity information. -This directory has been supplanted by the mailertable feature; -any new configurations should use that feature to do UUCP -(and other) routing. -The use of this directory is deprecated. -.pp -If you are in a new domain -(e.g., a company), -you will probably want to create a -cf/domain -file for your domain. -This consists primarily of relay definitions -and features you want enabled site-wide: -for example, Berkeley's domain definition -defines relays for -BitNET -and UUCP. -These are specific to Berkeley, -and should be fully-qualified internet-style domain names. -Please check to make certain they are reasonable for your domain. -.pp -Subdomains at Berkeley are also represented in the -cf/domain -directory. -For example, -the domain -CS.Berkeley.EDU -is the Computer Science subdomain, -EECS.Berkeley.EDU -is the Electrical Engineering and Computer Sciences subdomain, -and -S2K.Berkeley.EDU -is the Sequoia 2000 subdomain. -You will probably have to add an entry to this directory -to be appropriate for your domain. -.pp -You will have to use or create -.b \&.mc -files in the -.i cf/cf -subdirectory for your hosts. -This is detailed in the -cf/README -file. -.sh 2 "Details of Installation Files" -.pp -This subsection describes the files that -comprise the -.i sendmail -installation. -.sh 3 "/usr/\*(SD/sendmail" -.pp -The binary for -.i sendmail -is located in /usr/\*(SD\**. -.(f -\**This is usually -/usr/sbin -on 4.4BSD and newer systems; -many systems install it in -/usr/lib. -I understand it is in /usr/ucblib -on System V Release 4. -.)f -It should be set-group-ID smmsp as described in -sendmail/SECURITY. -For security reasons, -/, /usr, and /usr/\*(SD -should be owned by root, mode 0755\**. -.(f -\**Some vendors ship them owned by bin; -this creates a security hole that is not actually related to -.i sendmail . -Other important directories that should have restrictive ownerships -and permissions are -/bin, /usr/bin, /etc, /etc/mail, /usr/etc, /lib, and /usr/lib. -.)f -.sh 3 "/etc/mail/sendmail.cf" -.pp -This is the main configuration file for -.i sendmail \**. -.(f -\**Actually, the pathname varies depending on the operating system; -/etc/mail is the preferred directory. -Some older systems install it in -.b /usr/lib/sendmail.cf , -and I've also seen it in -.b /usr/ucblib . -If you want to move this file, -add -D_PATH_SENDMAILCF=\e"/file/name\e" -to the flags passed to the C compiler. -Moving this file is not recommended: -other programs and scripts know of this location. -.)f -This is one of the two non-library file names compiled into -.i sendmail \**, -the other is /etc/mail/submit.cf. -.(f -\**The system libraries can reference other files; -in particular, system library subroutines that -.i sendmail -calls probably reference -.i /etc/passwd -and -.i /etc/resolv.conf . -.)f -.pp -The configuration file is normally created -using the distribution files described above. -If you have a particularly unusual system configuration -you may need to create a special version. -The format of this file is detailed in later sections -of this document. -.sh 3 "/etc/mail/submit.cf" -.pp -This is the configuration file for -.i sendmail -when it is used for initial mail submission, in which case -it is also called ``Mail Submission Program'' (MSP) -in contrast to ``Mail Transfer Agent'' (MTA). -Starting with version 8.12, -.i sendmail -uses one of two different configuration files based on its operation mode -(or the new -.b \-A -option). -For initial mail submission, i.e., if one of the options -.b \-bm -(default), -.b \-bs , -or -.b \-t -is specified, submit.cf is used (if available), -for other operations sendmail.cf is used. -Details can be found in -.i sendmail/SECURITY . -submit.cf is shipped with sendmail (in cf/cf/) and is installed by default. -If changes to the configuration need to be made, start with -cf/cf/submit.mc and follow the instruction in cf/README. -.sh 3 "/usr/\*(SB/newaliases" -.pp -The -.i newaliases -command should just be a link to -.i sendmail : -.(b -rm \-f /usr/\*(SB/newaliases -ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases -.)b -This can be installed in whatever search path you prefer -for your system. -.sh 3 "/usr/\*(SB/hoststat" -.pp -The -.i hoststat -command should just be a link to -.i sendmail , -in a fashion similar to -.i newaliases . -This command lists the status of the last mail transaction -with all remote hosts. The -.b \-v -flag will prevent the status display from being truncated. -It functions only when the -.b HostStatusDirectory -option is set. -.sh 3 "/usr/\*(SB/purgestat" -.pp -This command is also a link to -.i sendmail . -It flushes expired (Timeout.hoststatus) information that is stored in the -.b HostStatusDirectory -tree. -.sh 3 "/var/spool/mqueue" -.pp -The directory -.i /var/spool/mqueue -should be created to hold the mail queue. -This directory should be mode 0700 -and owned by root. -.pp -The actual path of this directory -is defined by the -.b QueueDirectory -option of the -.i sendmail.cf -file. -To use multiple queues, -supply a value ending with an asterisk. -For example, -.i /var/spool/mqueue/qd* -will use all of the directories or symbolic links to directories -beginning with `qd' in -.i /var/spool/mqueue -as queue directories. -Do not change the queue directory structure -while sendmail is running. -.pp -If these directories have subdirectories or symbolic links to directories -named `qf', `df', and `xf', then these will be used for the different -queue file types. -That is, the data files are stored in the `df' subdirectory, -the transcript files are stored in the `xf' subdirectory, and -all others are stored in the `qf' subdirectory. -.pp -If shared memory support is compiled in, -.i sendmail -stores the available diskspace in a shared memory segment -to make the values readily available to all children without -incurring system overhead. -In this case, only the daemon updates the data; -i.e., the sendmail daemon creates the shared memory segment -and deletes it if it is terminated. -To use this, -.i sendmail -must have been compiled with support for shared memory -(-DSM_CONF_SHM) -and the option -.b SharedMemoryKey -must be set. -Notice: do not use the same key for -.i sendmail -invocations with different queue directories -or different queue group declarations. -Access to shared memory is not controlled by locks, -i.e., there is a race condition when data in the shared memory is updated. -However, since operation of -.i sendmail -does not rely on the data in the shared memory, this does not negatively -influence the behavior. -.sh 3 "/var/spool/clientmqueue" -.pp -The directory -.i /var/spool/clientmqueue -should be created to hold the mail queue. -This directory should be mode 0770 -and owned by user smmsp, group smmsp. -.pp -The actual path of this directory -is defined by the -.b QueueDirectory -option of the -.i submit.cf -file. -.sh 3 "/var/spool/mqueue/.hoststat" -.pp -This is a typical value for the -.b HostStatusDirectory -option, -containing one file per host -that this sendmail has chatted with recently. -It is normally a subdirectory of -.i mqueue . -.sh 3 "/etc/mail/aliases*" -.pp -The system aliases are held in -.q /etc/mail/aliases . -A sample is given in -.q sendmail/aliases -which includes some aliases which -.i must -be defined: -.(b -cp sendmail/aliases /etc/mail/aliases -.i "edit /etc/mail/aliases" -.)b -You should extend this file with any aliases that are apropos to your system. -.pp -Normally -.i sendmail -looks at a database version of the files, -stored either in -.q /etc/mail/aliases.dir -and -.q /etc/mail/aliases.pag -or -.q /etc/mail/aliases.db -depending on which database package you are using. -The actual path of this file -is defined in the -.b AliasFile -option of the -.i sendmail.cf -file. -.pp -The permissions of the alias file and the database versions -should be 0640 to prevent local denial of service attacks -as explained in the top level -.b README -in the sendmail distribution. -If the permissions 0640 are used, be sure that only trusted users belong -to the group assigned to those files. Otherwise, files should not even -be group readable. -.sh 3 "/etc/rc or /etc/init.d/sendmail" -.pp -It will be necessary to start up the -.i sendmail -daemon when your system reboots. -This daemon performs two functions: -it listens on the SMTP socket for connections -(to receive mail from a remote system) -and it processes the queue periodically -to insure that mail gets delivered when hosts come up. -.pp -If necessary, add the following lines to -.q /etc/rc -(or -.q /etc/rc.local -as appropriate) -in the area where it is starting up the daemons -on a BSD-base system, -or on a System-V-based system -in one of the startup files, typically -.q /etc/init.d/sendmail : -.(b -if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then - (cd /var/spool/mqueue; rm \-f xf*) - /usr/\*(SD/sendmail \-bd \-q30m & - echo \-n ' sendmail' >/dev/console -fi -.)b -The -.q cd -and -.q rm -commands insure that all transcript files have been removed; -extraneous transcript files may be left around -if the system goes down in the middle of processing a message. -The line that actually invokes -.i sendmail -has two flags: -.q \-bd -causes it to listen on the SMTP port, -and -.q \-q30m -causes it to run the queue every half hour. -.pp -Some people use a more complex startup script, -removing zero length qf files and df files for which there is no qf file. -For example, see Figure 1 -for an example of a complex script which does this clean up. -.(z -.hl -#!/bin/sh -# remove zero length qf files -for qffile in qf* -do - if [ \-r $qffile ] - then - if [ ! \-s $qffile ] - then - echo \-n " <zero: $qffile>" > /dev/console - rm \-f $qffile - fi - fi -done -# rename tf files to be qf if the qf does not exist -for tffile in tf* -do - qffile=`echo $tffile | sed 's/t/q/'` - if [ \-r $tffile \-a ! \-f $qffile ] - then - echo \-n " <recovering: $tffile>" > /dev/console - mv $tffile $qffile - else - if [ \-f $tffile ] - then - echo \-n " <extra: $tffile>" > /dev/console - rm \-f $tffile - fi - fi -done -# remove df files with no corresponding qf files -for dffile in df* -do - qffile=`echo $dffile | sed 's/d/q/'` - if [ \-r $dffile \-a ! \-f $qffile ] - then - echo \-n " <incomplete: $dffile>" > /dev/console - mv $dffile `echo $dffile | sed 's/d/D/'` - fi -done -# announce files that have been saved during disaster recovery -for xffile in [A-Z]f* -do - if [ \-f $xffile ] - then - echo \-n " <panic: $xffile>" > /dev/console - fi -done -.sp -.ce -Figure 1 \(em A complex startup script -.hl -.)z -.sh 3 "/etc/mail/helpfile" -.pp -This is the help file used by the SMTP -.b HELP -command. -It should be copied from -.q sendmail/helpfile : -.(b -cp sendmail/helpfile /etc/mail/helpfile -.)b -The actual path of this file -is defined in the -.b HelpFile -option of the -.i sendmail.cf -file. -.sh 3 "/etc/mail/statistics" -.pp -If you wish to collect statistics -about your mail traffic, -you should create the file -.q /etc/mail/statistics : -.(b -cp /dev/null /etc/mail/statistics -chmod 0600 /etc/mail/statistics -.)b -This file does not grow. -It is printed with the program -.q mailstats/mailstats.c. -The actual path of this file -is defined in the -.b S -option of the -.i sendmail.cf -file. -.sh 3 "/usr/\*(SB/mailq" -.pp -If -.i sendmail -is invoked as -.q mailq, -it will simulate the -.b \-bp -flag -(i.e., -.i sendmail -will print the contents of the mail queue; -see below). -This should be a link to /usr/\*(SD/sendmail. -.sh 3 "sendmail.pid" -.pp -.i sendmail -stores its current pid in the file specifed by the -.b PidFile -option (default is _PATH_SENDMAILPID). -.i sendmail -uses -.b TempFileMode -(which defaults to 0600) as -the permissions of that file -to prevent local denial of service attacks -as explained in the top level -.b README -in the sendmail distribution. -If the file already exists, then it might be necessary to -change the permissions accordingly, e.g., -.(b -chmod 0600 /var/run/sendmail.pid -.)b -.sh 3 "Map Files" -.pp -To prevent local denial of service attacks -as explained in the top level -.b README -in the sendmail distribution, -the permissions of map files created by -.i makemap -should be 0640. -The use of 0640 implies that only trusted users belong to the group -assigned to those files. -If those files already exist, then it might be necessary to -change the permissions accordingly, e.g., -.(b -cd /etc/mail -chmod 0640 *.db *.pag *.dir -.)b -.sh 1 "NORMAL OPERATIONS" -.sh 2 "The System Log" -.pp -The system log is supported by the -.i syslogd \|(8) -program. -All messages from -.i sendmail -are logged under the -.sm LOG_MAIL -facility\**. -.(f -\**Except on Ultrix, -which does not support facilities in the syslog. -.)f -.sh 3 "Format" -.pp -Each line in the system log -consists of a timestamp, -the name of the machine that generated it -(for logging from several machines -over the local area network), -the word -.q sendmail: , -and a message\**. -.(f -\**This format may vary slightly if your vendor has changed -the syntax. -.)f -Most messages are a sequence of -.i name \c -=\c -.i value -pairs. -.pp -The two most common lines are logged when a message is processed. -The first logs the receipt of a message; -there will be exactly one of these per message. -Some fields may be omitted if they do not contain interesting information. -Fields are: -.ip from -The envelope sender address. -.ip size -The size of the message in bytes. -.ip class -The class (i.e., numeric precedence) of the message. -.ip pri -The initial message priority (used for queue sorting). -.ip nrcpts -The number of envelope recipients for this message -(after aliasing and forwarding). -.ip msgid -The message id of the message (from the header). -.ip proto -The protocol used to receive this message (e.g., ESMTP or UUCP) -.ip daemon -The daemon name from the -.b DaemonPortOptions -setting. -.ip relay -The machine from which it was received. -.lp -There is also one line logged per delivery attempt -(so there can be several per message if delivery is deferred -or there are multiple recipients). -Fields are: -.ip to -A comma-separated list of the recipients to this mailer. -.ip ctladdr -The ``controlling user'', that is, the name of the user -whose credentials we use for delivery. -.ip delay -The total delay between the time this message was received -and the current delivery attempt. -.ip xdelay -The amount of time needed in this delivery attempt -(normally indicative of the speed of the connection). -.ip mailer -The name of the mailer used to deliver to this recipient. -.ip relay -The name of the host that actually accepted (or rejected) this recipient. -.ip dsn -The enhanced error code (RFC 2034) if available. -.ip stat -The delivery status. -.lp -Not all fields are present in all messages; -for example, the relay is usually not listed for local deliveries. -.sh 3 "Levels" -.pp -If you have -.i syslogd \|(8) -or an equivalent installed, -you will be able to do logging. -There is a large amount of information that can be logged. -The log is arranged as a succession of levels. -At the lowest level -only extremely strange situations are logged. -At the highest level, -even the most mundane and uninteresting events -are recorded for posterity. -As a convention, -log levels under ten -are considered generally -.q useful; -log levels above 64 -are reserved for debugging purposes. -Levels from 11\-64 are reserved for verbose information -that some sites might want. -.pp -A complete description of the log levels -is given in section -.\" XREF -4.6. -.sh 2 "Dumping State" -.pp -You can ask -.i sendmail -to log a dump of the open files -and the connection cache -by sending it a -.sm SIGUSR1 -signal. -The results are logged at -.sm LOG_DEBUG -priority. -.sh 2 "The Mail Queues" -.pp -Mail messages may either be delivered immediately or be held for later -delivery. -Held messages are placed into a holding directory called a mail queue. -.pp -A mail message may be queued for these reasons: -.bu -If a mail message is temporarily undeliverable, it is queued -and delivery is attempted later. -If the message is addressed to multiple recipients, it is queued -only for those recipients to whom delivery is not immediately possible. -.bu -If the SuperSafe option is set to true, -all mail messages are queued while delivery is attempted. -.bu -If the DeliveryMode option is set to queue-only or defer, -all mail is queued, and no immediate delivery is attempted. -.bu -If the load average becomes higher than the value of the QueueLA option -and the -.b QueueFactor -(\c -.b q ) -option divided by the difference in the current load average and the -.b QueueLA -option plus one -is less than the priority of the message, -messages are queued rather than immediately delivered. -.bu -One or more addresses are marked as expensive and delivery is postponed -until the next queue run or one or more address are marked as held via -mailer which uses the hold mailer flag. -.sh 3 "Queue Groups and Queue Directories" -.pp -There are one or more mail queues. -Each mail queue belongs to a queue group. -There is always a default queue group that is called ``mqueue'' -(which is where messages go by default unless otherwise specified). -The directory or directories which comprise the default queue group -are specified by the QueueDirectory option. -There are zero or more -additional named queue groups declared using the -.b Q -command in the configuration file. -.pp -By default, a queued message is placed in the queue group -associated with the first recipient in the recipient list. -A recipient address is mapped to a queue group as follows. -First, if there is a ruleset called ``queuegroup'', -and if this ruleset maps the address to a queue group name, -then that queue group is chosen. -That is, the argument for the ruleset is the recipient address -and the result should be -.b $# -followed by the name of a queue group. -Otherwise, if the mailer associated with the address specifies -a queue group, then that queue group is chosen. -Otherwise, the default queue group is chosen. -.pp -A message with multiple recipients will be split -if different queue groups are chosen -by the mapping of recipients to queue groups. -.pp -When a message is placed in a queue group, and the queue group has -more than one queue, a queue is selected randomly. -.pp -If a message with multiple recipients is placed into a queue group -with the 'r' option (maximum number of recipients per message) -set to a positive value -.i N , -and if there are more than -.i N -recipients -in the message, then the message will be split into multiple messages, -each of which have at most -.i N -recipients. -.pp -Notice: if multiple queue groups are used, do -.b not -move queue files around, e.g., into a different queue directory. -This may have weird effects and can cause mail not to be delivered. -Queue files and directories should be treated as opaque -and should not be manipulated directly. -.sh 3 "Queue Runs" -.pp -.i sendmail -has two different ways to process the queue(s). -The first one is to start queue runners after certain intervals -(``normal'' queue runners), -the second one is to keep queue runner processes around -(``persistent'' queue runners). -How to select either of these types is discussed in the appendix -``COMMAND LINE FLAGS''. -Persistent queue runners have the advantage that no new processes -need to be spawned at certain intervals; they just sleep for -a specified time after they finished a queue run. -Another advantage of persistent queue runners is that only one process -belonging to a workgroup (a workgroup is a set of queue groups) -collects the data for a queue run -and then multiple queue runner may go ahead using that data. -This can significantly reduce the disk I/O necessary to read the -queue files compared to starting multiple queue runners directly. -Their disadvantage is that a new queue run is only started -after all queue runners belonging to a group finished their tasks. -In case one of the queue runners tries delivery to a slow recipient site -at the end of a queue run, the next queue run may be substantially delayed. -In general this should be smoothed out due to the distribution of -those slow jobs, however, for sites with small number of -queue entries this might introduce noticable delays. -In general, persistent queue runners are only useful for -sites with big queues. -.sh 3 "Manual Intervention" -.pp -Under normal conditions the mail queue will be processed transparently. -However, you may find that manual intervention is sometimes necessary. -For example, -if a major host is down for a period of time -the queue may become clogged. -Although -.i sendmail -ought to recover gracefully when the host comes up, -you may find performance unacceptably bad in the meantime. -In that case you want to check the content of the queue -and manipulate it as explained in the next two sections. -.sh 3 "Printing the queue" -.pp -The contents of the queue(s) can be printed -using the -.i mailq -command -(or by specifying the -.b \-bp -flag to -.i sendmail ): -.(b -mailq -.)b -This will produce a listing of the queue id's, -the size of the message, -the date the message entered the queue, -and the sender and recipients. -If shared memory support is compiled in, -the flag -.b \-bP -can be used to print the number of entries in the queue(s), -provided a process updates the data. -However, as explained earlier, the output might be slightly wrong, -since access to the shared memory is not locked. -For example, -``unknown number of entries'' -might be shown. -The internal counters are updated after each queue run -to the correct value again. -.sh 3 "Forcing the queue" -.pp -.i Sendmail -should run the queue automatically at intervals. -When using multiple queues, -a separate process will by default be created to -run each of the queues -unless the queue run is initiated by a user -with the verbose flag. -The algorithm is to read and sort the queue, -and then to attempt to process all jobs in order. -When it attempts to run the job, -.i sendmail -first checks to see if the job is locked. -If so, it ignores the job. -.pp -There is no attempt to insure that only one queue processor -exists at any time, -since there is no guarantee that a job cannot take forever -to process -(however, -.i sendmail -does include heuristics to try to abort jobs -that are taking absurd amounts of time; -technically, this violates RFC 821, but is blessed by RFC 1123). -Due to the locking algorithm, -it is impossible for one job to freeze the entire queue. -However, -an uncooperative recipient host -or a program recipient -that never returns -can accumulate many processes in your system. -Unfortunately, -there is no completely general way to solve this. -.pp -In some cases, -you may find that a major host going down -for a couple of days -may create a prohibitively large queue. -This will result in -.i sendmail -spending an inordinate amount of time -sorting the queue. -This situation can be fixed by moving the queue to a temporary place -and creating a new queue. -The old queue can be run later when the offending host returns to service. -.pp -To do this, -it is acceptable to move the entire queue directory: -.(b -cd /var/spool -mv mqueue omqueue; mkdir mqueue; chmod 0700 mqueue -.)b -You should then kill the existing daemon -(since it will still be processing in the old queue directory) -and create a new daemon. -.pp -To run the old mail queue, issue the following command: -.(b -/usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q -.)b -The -.b \-C -flag specifies an alternate configuration file -.b queue.cf -which should refer to the moved queue directory -.(b -O QueueDirectory=/var/spool/omqueue -.)b -and the -.b \-q -flag says to just run every job in the queue. -You can also specify the moved queue directory on the command line -.(b -/usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q -.)b -but this requires that you do not have -queue groups in the configuration file, -because those are not subdirectories of the moved directory. -See the section about "Queue Group Declaration" for details; -you most likely need a different configuration file to correctly deal -with this problem. -However, a proper configuration of queue groups should avoid -filling up queue directories, so you shouldn't run into -this problem. -If you have a tendency toward voyeurism, -you can use the -.b \-v -flag to watch what is going on. -.pp -When the queue is finally emptied, -you can remove the directory: -.(b -rmdir /var/spool/omqueue -.)b -.sh 2 "Disk Based Connection Information" -.pp -.i Sendmail -stores a large amount of information about each remote system it -has connected to in memory. It is possible to preserve some -of this information on disk as well, by using the -.b HostStatusDirectory -option, so that it may be shared between several invocations of -.i sendmail . -This allows mail to be queued immediately or skipped during a queue run if -there has been a recent failure in connecting to a remote machine. -.pp -Additionally enabling -.b SingleThreadDelivery -has the added effect of single-threading mail delivery to a destination. -This can be quite helpful -if the remote machine is running an SMTP server that is easily overloaded -or cannot accept more than a single connection at a time, -but can cause some messages to be punted to a future queue run. -It also applies to -.i all -hosts, so setting this because you have one machine on site -that runs some software that is easily overrun -can cause mail to other hosts to be slowed down. -If this option is set, -you probably want to set the -.b MinQueueAge -option as well and run the queue fairly frequently; -this way jobs that are skipped because another -.i sendmail -is talking to the same host will be tried again quickly -rather than being delayed for a long time. -.pp -The disk based host information is stored in a subdirectory of the -.b mqueue -directory called -.b \&.hoststat \**. -.(f -\**This is the usual value of the -.b HostStatusDirectory -option; -it can, of course, go anywhere you like in your filesystem. -.)f -Removing this directory and its subdirectories has an effect similar to -the -.i purgestat -command and is completely safe. -However, -.i purgestat -only removes expired (Timeout.hoststatus) data. -The information in these directories can -be perused with the -.i hoststat -command, which will indicate the host name, the last access, and the -status of that access. -An asterisk in the left most column indicates that a -.i sendmail -process currently has the host locked for mail delivery. -.pp -The disk based connection information is treated the same way as memory based -connection information for the purpose of timeouts. -By default, information about host failures is valid for 30 minutes. -This can be adjusted with -the -.b Timeout.hoststatus -option. -.pp -The connection information stored on disk may be expired at any time -with the -.i purgestat -command or by invoking sendmail with the -.b \-bH -switch. -The connection information may be viewed with the -.i hoststat -command or by invoking sendmail with the -.b \-bh -switch. -.sh 2 "The Service Switch" -.pp -The implementation of certain system services -such as host and user name lookup -is controlled by the service switch. -If the host operating system supports such a switch, -and sendmail knows about it, -.i sendmail -will use the native version. -Ultrix, Solaris, and DEC OSF/1 are examples of such systems\**. -.(f -\**HP-UX 10 has service switch support, -but since the APIs are apparently not available in the libraries -.i sendmail -does not use the native service switch in this release. -.)f -.pp -If the underlying operating system does not support a service switch -(e.g., SunOS 4.X, HP-UX, BSD) -then -.i sendmail -will provide a stub implementation. -The -.b ServiceSwitchFile -option points to the name of a file that has the service definitions. -Each line has the name of a service -and the possible implementations of that service. -For example, the file: -.(b -hosts dns files nis -aliases files nis -.)b -will ask -.i sendmail -to look for hosts in the Domain Name System first. -If the requested host name is not found, it tries local files, -and if that fails it tries NIS. -Similarly, when looking for aliases -it will try the local files first followed by NIS. -.pp -Notice: since -.i sendmail -must access MX records for correct operation, it will use -DNS if it is configured in the -.b ServiceSwitchFile -file. -Hence an entry like -.(b -hosts files dns -.)b -will not avoid DNS lookups even if a host can be found -in /etc/hosts. -.pp -Service switches are not completely integrated. -For example, despite the fact that the host entry listed in the above example -specifies to look in NIS, -on SunOS this won't happen because the system implementation of -.i gethostbyname \|(3) -doesn't understand this. -.sh 2 "The Alias Database" -.pp -After recipient addresses are read from the SMTP connection -or command line -they are parsed by ruleset 0, -which must resolve to a -{\c -.i mailer , -.i host , -.i address } -triple. -If the flags selected by the -.i mailer -include the -.b A -(aliasable) flag, -the -.i address -part of the triple is looked up as the key -(i.e., the left hand side) -into the alias database. -If there is a match, the address is deleted from the send queue -and all addresses on the right hand side of the alias -are added in place of the alias that was found. -This is a recursive operation, -so aliases found in the right hand side of the alias -are similarly expanded. -.pp -The alias database exists in two forms. -One is a text form, -maintained in the file -.i /etc/mail/aliases. -The aliases are of the form -.(b -name: name1, name2, ... -.)b -Only local names may be aliased; -e.g., -.(b -eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU -.)b -will not have the desired effect -(except on prep.ai.MIT.EDU, -and they probably don't want me)\**. -.(f -\**Actually, any mailer that has the `A' mailer flag set -will permit aliasing; -this is normally limited to the local mailer. -.)f -Aliases may be continued by starting any continuation lines -with a space or a tab or by putting a backslash directly before -the newline. -Blank lines and lines beginning with a sharp sign -(\c -.q # ) -are comments. -.pp -The second form is processed by the -.i ndbm \|(3)\** -.(f -\**The -.i gdbm -package does not work. -.)f -or the Berkeley DB library. -This form is in the file -.i /etc/mail/aliases.db -(if using NEWDB) -or -.i /etc/mail/aliases.dir -and -.i /etc/mail/aliases.pag -(if using NDBM). -This is the form that -.i sendmail -actually uses to resolve aliases. -This technique is used to improve performance. -.pp -The control of search order is actually set by the service switch. -Essentially, the entry -.(b -O AliasFile=switch:aliases -.)b -is always added as the first alias entry; -also, the first alias file name without a class -(e.g., without -.q nis: -on the front) -will be used as the name of the file for a ``files'' entry -in the aliases switch. -For example, if the configuration file contains -.(b -O AliasFile=/etc/mail/aliases -.)b -and the service switch contains -.(b -aliases nis files nisplus -.)b -then aliases will first be searched in the NIS database, -then in /etc/mail/aliases, -then in the NIS+ database. -.pp -You can also use -.sm NIS -based -alias files. -For example, the specification: -.(b -O AliasFile=/etc/mail/aliases -O AliasFile=nis:mail.aliases@my.nis.domain -.)b -will first search the /etc/mail/aliases file -and then the map named -.q mail.aliases -in -.q my.nis.domain . -Warning: if you build your own -.sm NIS -based -alias files, -be sure to provide the -.b \-l -flag to -.i makedbm (8) -to map upper case letters in the keys to lower case; -otherwise, aliases with upper case letters in their names -won't match incoming addresses. -.pp -Additional flags can be added after the colon -exactly like a -.b K -line \(em for example: -.(b -O AliasFile=nis:\-N mail.aliases@my.nis.domain -.)b -will search the appropriate NIS map and always include null bytes in the key. -Also: -.(b -O AliasFile=nis:\-f mail.aliases@my.nis.domain -.)b -will prevent sendmail from downcasing the key before the alias lookup. -.sh 3 "Rebuilding the alias database" -.pp -The -.i hash -or -.i dbm -version of the database -may be rebuilt explicitly by executing the command -.(b -newaliases -.)b -This is equivalent to giving -.i sendmail -the -.b \-bi -flag: -.(b -/usr/\*(SD/sendmail \-bi -.)b -.pp -If you have multiple aliases databases specified, -the -.b \-bi -flag rebuilds all the database types it understands -(for example, it can rebuild NDBM databases but not NIS databases). -.sh 3 "Potential problems" -.pp -There are a number of problems that can occur -with the alias database. -They all result from a -.i sendmail -process accessing the DBM version -while it is only partially built. -This can happen under two circumstances: -One process accesses the database -while another process is rebuilding it, -or the process rebuilding the database dies -(due to being killed or a system crash) -before completing the rebuild. -.pp -Sendmail has three techniques to try to relieve these problems. -First, it ignores interrupts while rebuilding the database; -this avoids the problem of someone aborting the process -leaving a partially rebuilt database. -Second, -it locks the database source file during the rebuild \(em -but that may not work over NFS or if the file is unwritable. -Third, -at the end of the rebuild -it adds an alias of the form -.(b -@: @ -.)b -(which is not normally legal). -Before -.i sendmail -will access the database, -it checks to insure that this entry exists\**. -.(f -\**The -.b AliasWait -option is required in the configuration -for this action to occur. -This should normally be specified. -.)f -.sh 3 "List owners" -.pp -If an error occurs on sending to a certain address, -say -.q \fIx\fP , -.i sendmail -will look for an alias -of the form -.q owner-\fIx\fP -to receive the errors. -This is typically useful -for a mailing list -where the submitter of the list -has no control over the maintenance of the list itself; -in this case the list maintainer would be the owner of the list. -For example: -.(b -unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser, - sam@matisse -owner-unix-wizards: unix-wizards-request -unix-wizards-request: eric@ucbarpa -.)b -would cause -.q eric@ucbarpa -to get the error that will occur -when someone sends to -unix-wizards -due to the inclusion of -.q nosuchuser -on the list. -.pp -List owners also cause the envelope sender address to be modified. -The contents of the owner alias are used if they point to a single user, -otherwise the name of the alias itself is used. -For this reason, and to obey Internet conventions, -the -.q owner- -address normally points at the -.q -request -address; this causes messages to go out with the typical Internet convention -of using ``\c -.i list -request'' -as the return address. -.sh 2 "User Information Database" -.pp -This option is deprecated, use virtusertable and genericstable instead -as explained in -.i cf/README . -If you have a version of -.i sendmail -with the user information database -compiled in, -and you have specified one or more databases using the -.b U -option, -the databases will be searched for a -.i user :maildrop -entry. -If found, the mail will be sent to the specified address. -.sh 2 "Per-User Forwarding (.forward Files)" -.pp -As an alternative to the alias database, -any user may put a file with the name -.q .forward -in his or her home directory. -If this file exists, -.i sendmail -redirects mail for that user -to the list of addresses listed in the .forward file. -Note that aliases are fully expanded before forward files are referenced. -For example, if the home directory for user -.q mckusick -has a .forward file with contents: -.(b -mckusick@ernie -kirk@calder -.)b -then any mail arriving for -.q mckusick -will be redirected to the specified accounts. -.pp -Actually, the configuration file defines a sequence of filenames to check. -By default, this is the user's .forward file, -but can be defined to be more generally using the -.b ForwardPath -option. -If you change this, -you will have to inform your user base of the change; -\&.forward is pretty well incorporated into the collective subconscious. -.sh 2 "Special Header Lines" -.pp -Several header lines have special interpretations -defined by the configuration file. -Others have interpretations built into -.i sendmail -that cannot be changed without changing the code. -These built-ins are described here. -.sh 3 "Errors-To:" -.pp -If errors occur anywhere during processing, -this header will cause error messages to go to -the listed addresses. -This is intended for mailing lists. -.pp -The Errors-To: header was created in the bad old days -when UUCP didn't understand the distinction between an envelope and a header; -this was a hack to provide what should now be passed -as the envelope sender address. -It should go away. -It is only used if the -.b UseErrorsTo -option is set. -.pp -The Errors-To: header is officially deprecated -and will go away in a future release. -.sh 3 "Apparently-To:" -.pp -RFC 822 requires at least one recipient field -(To:, Cc:, or Bcc: line) -in every message. -If a message comes in with no recipients listed in the message -then -.i sendmail -will adjust the header based on the -.q NoRecipientAction -option. -One of the possible actions is to add an -.q "Apparently-To:" -header line for any recipients it is aware of. -.pp -The Apparently-To: header is non-standard -and is both deprecated and strongly discouraged. -.sh 3 "Precedence" -.pp -The Precedence: header can be used as a crude control of message priority. -It tweaks the sort order in the queue -and can be configured to change the message timeout values. -The precedence of a message also controls how -delivery status notifications (DSNs) -are processed for that message. -.sh 2 "IDENT Protocol Support" -.pp -.i Sendmail -supports the IDENT protocol as defined in RFC 1413. -Note that the RFC states -a client should wait at least 30 seconds for a response. -The default Timeout.ident is 5 seconds -as many sites have adopted the practice of dropping IDENT queries. -This has lead to delays processing mail. -Although this enhances identification -of the author of an email message -by doing a ``call back'' to the originating system to include -the owner of a particular TCP connection -in the audit trail -it is in no sense perfect; -a determined forger can easily spoof the IDENT protocol. -The following description is excerpted from RFC 1413: -.ba +5 -.lp -6. Security Considerations -.lp -The information returned by this protocol is at most as trustworthy -as the host providing it OR the organization operating the host. For -example, a PC in an open lab has few if any controls on it to prevent -a user from having this protocol return any identifier the user -wants. Likewise, if the host has been compromised the information -returned may be completely erroneous and misleading. -.lp -The Identification Protocol is not intended as an authorization or -access control protocol. At best, it provides some additional -auditing information with respect to TCP connections. At worst, it -can provide misleading, incorrect, or maliciously incorrect -information. -.lp -The use of the information returned by this protocol for other than -auditing is strongly discouraged. Specifically, using Identification -Protocol information to make access control decisions - either as the -primary method (i.e., no other checks) or as an adjunct to other -methods may result in a weakening of normal host security. -.lp -An Identification server may reveal information about users, -entities, objects or processes which might normally be considered -private. An Identification server provides service which is a rough -analog of the CallerID services provided by some phone companies and -many of the same privacy considerations and arguments that apply to -the CallerID service apply to Identification. If you wouldn't run a -"finger" server due to privacy considerations you may not want to run -this protocol. -.ba -.lp -In some cases your system may not work properly with IDENT support -due to a bug in the TCP/IP implementation. -The symptoms will be that for some hosts -the SMTP connection will be closed -almost immediately. -If this is true or if you do not want to use IDENT, -you should set the IDENT timeout to zero; -this will disable the IDENT protocol. -.sh 1 "ARGUMENTS" -.pp -The complete list of arguments to -.i sendmail -is described in detail in Appendix A. -Some important arguments are described here. -.sh 2 "Queue Interval" -.pp -The amount of time between forking a process -to run through the queue is defined by the -.b \-q -flag. -If you run with delivery mode set to -.b i -or -.b b -this can be relatively large, since it will only be relevant -when a host that was down comes back up. -If you run in -.b q -mode it should be relatively short, -since it defines the maximum amount of time that a message -may sit in the queue. -(See also the MinQueueAge option.) -.pp -RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes -(although that probably doesn't make sense if you use ``queue-only'' mode). -.pp -Notice: the meaning of the interval time depends on whether normal -queue runners or persistent queue runners are used. -For the former, it is the time between subsequent starts of a queue run. -For the latter, it is the time sendmail waits after a persistent queue -runner has finished its work to start the next one. -Hence for persistent queue runners this interval should be very low, -typically no more than two minutes. -.sh 2 "Daemon Mode" -.pp -If you allow incoming mail over an IPC connection, -you should have a daemon running. -This should be set by your -.i /etc/rc -file using the -.b \-bd -flag. -The -.b \-bd -flag and the -.b \-q -flag may be combined in one call: -.(b -/usr/\*(SD/sendmail \-bd \-q30m -.)b -.pp -An alternative approach is to invoke sendmail from -.i inetd (8) -(use the -.b \-bs \ \-Am -flags to ask sendmail to speak SMTP on its standard input and output -and to run as MTA). -This works and allows you to wrap -.i sendmail -in a TCP wrapper program, -but may be a bit slower since the configuration file -has to be re-read on every message that comes in. -If you do this, you still need to have a -.i sendmail -running to flush the queue: -.(b -/usr/\*(SD/sendmail \-q30m -.)b -.sh 2 "Forcing the Queue" -.pp -In some cases you may find that the queue has gotten clogged for some reason. -You can force a queue run -using the -.b \-q -flag (with no value). -It is entertaining to use the -.b \-v -flag (verbose) -when this is done to watch what happens: -.(b -/usr/\*(SD/sendmail \-q \-v -.)b -.pp -You can also limit the jobs to those with a particular queue identifier, -recipient, sender, or queue group -using one of the queue modifiers. -For example, -.q \-qRberkeley -restricts the queue run to jobs that have the string -.q berkeley -somewhere in one of the recipient addresses. -Similarly, -.q \-qSstring -limits the run to particular senders, -.q \-qIstring -limits it to particular queue identifiers, and -.q \-qGstring -limits it to a particular queue group. -The named queue group will be run even if it is set to have 0 runners. -You may also place an -.b ! -before the -.b I -or -.b R -or -.b S -to indicate that jobs are limited to not including a particular queue -identifier, recipient or sender. -For example, -.q \-q!Rseattle -limits the queue run to jobs that do not have the string -.q seattle -somewhere in one of the recipient addresses. -Should you need to terminate the queue jobs currently active then a SIGTERM -to the parent of the process (or processes) will cleanly stop the jobs. -.sh 2 "Debugging" -.pp -There are a fairly large number of debug flags -built into -.i sendmail . -Each debug flag has a category and a level. -Higher levels increase the level of debugging activity; -in most cases, this means to print out more information. -The convention is that levels greater than nine are -.q absurd, -i.e., -they print out so much information that you wouldn't normally -want to see them except for debugging that particular piece of code. -.pp -You should -.b never -run a production sendmail server in debug mode. -Many of the debug flags will result in debug output being sent over the -SMTP channel. -This will confuse many mail programs. -However, for testing purposes, it can be useful -when sending mail manually via -telnet to the port you are using while debugging. -.pp -A debug category is either an integer, like 42, -or a name, like ANSI. -You can specify a range of numeric debug categories -using the syntax 17-42. -You can specify a set of named debug categories using -a glob pattern like -.q sm_trace_* . -At present, only -.q * -and -.q ? -are supported in these glob patterns. -.pp -Debug flags are set using the -.b \-d -option; -the syntax is: -.(b -.ta \w'debug-categories:M 'u -debug-flag: \fB\-d\fP debug-list -debug-list: debug-option [ , debug-option ]* -debug-option: debug-categories [ . debug-level ] -debug-categories: integer | integer \- integer | category-pattern -category-pattern: [a-zA-Z_*?][a-zA-Z0-9_*?]* -debug-level: integer -.)b -where spaces are for reading ease only. -For example, -.(b -\-d12 Set category 12 to level 1 -\-d12.3 Set category 12 to level 3 -\-d3\-17 Set categories 3 through 17 to level 1 -\-d3\-17.4 Set categories 3 through 17 to level 4 -\-dANSI Set category ANSI to level 1 -\-dsm_trace_*.3 Set all named categories matching sm_trace_* to level 3 -.)b -For a complete list of the available debug flags -you will have to look at the code -and the -.i TRACEFLAGS -file in the sendmail distribution -(they are too dynamic to keep this document up to date). -For a list of named debug categories in the sendmail binary, use -.(b -ident /usr/sbin/sendmail | grep Debug -.)b -.sh 2 "Changing the Values of Options" -.pp -Options can be overridden using the -.b \-o -or -.b \-O -command line flags. -For example, -.(b -/usr/\*(SD/sendmail \-oT2m -.)b -sets the -.b T -(timeout) option to two minutes -for this run only; -the equivalent line using the long option name is -.(b -/usr/\*(SD/sendmail -OTimeout.queuereturn=2m -.)b -.pp -Some options have security implications. -Sendmail allows you to set these, -but relinquishes its set-user-ID or set-group-ID permissions thereafter\**. -.(f -\**That is, it sets its effective uid to the real uid; -thus, if you are executing as root, -as from root's crontab file or during system startup -the root permissions will still be honored. -.)f -.sh 2 "Trying a Different Configuration File" -.pp -An alternative configuration file -can be specified using the -.b \-C -flag; for example, -.(b -/usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue -.)b -uses the configuration file -.i test.cf -instead of the default -.i /etc/mail/sendmail.cf. -If the -.b \-C -flag has no value -it defaults to -.i sendmail.cf -in the current directory. -.pp -.i Sendmail -gives up set-user-ID root permissions -(if it has been installed set-user-ID root) -when you use this flag, so it is common to use a publicly writable directory -(such as /tmp) -as the queue directory (QueueDirectory or Q option) while testing. -.sh 2 "Logging Traffic" -.pp -Many SMTP implementations do not fully implement the protocol. -For example, some personal computer based SMTPs -do not understand continuation lines in reply codes. -These can be very hard to trace. -If you suspect such a problem, you can set traffic logging using the -.b \-X -flag. -For example, -.(b -/usr/\*(SD/sendmail \-X /tmp/traffic \-bd -.)b -will log all traffic in the file -.i /tmp/traffic . -.pp -This logs a lot of data very quickly and should -.b NEVER -be used -during normal operations. -After starting up such a daemon, -force the errant implementation to send a message to your host. -All message traffic in and out of -.i sendmail , -including the incoming SMTP traffic, -will be logged in this file. -.sh 2 "Testing Configuration Files" -.pp -When you build a configuration table, -you can do a certain amount of testing -using the -.q "test mode" -of -.i sendmail . -For example, -you could invoke -.i sendmail -as: -.(b -sendmail \-bt \-Ctest.cf -.)b -which would read the configuration file -.q test.cf -and enter test mode. -In this mode, -you enter lines of the form: -.(b -rwset address -.)b -where -.i rwset -is the rewriting set you want to use -and -.i address -is an address to apply the set to. -Test mode shows you the steps it takes -as it proceeds, -finally showing you the address it ends up with. -You may use a comma separated list of rwsets -for sequential application of rules to an input. -For example: -.(b -3,1,21,4 monet:bollard -.)b -first applies ruleset three to the input -.q monet:bollard. -Ruleset one is then applied to the output of ruleset three, -followed similarly by rulesets twenty-one and four. -.pp -If you need more detail, -you can also use the -.q \-d21 -flag to turn on more debugging. -For example, -.(b -sendmail \-bt \-d21.99 -.)b -turns on an incredible amount of information; -a single word address -is probably going to print out several pages worth of information. -.pp -You should be warned that internally, -.i sendmail -applies ruleset 3 to all addresses. -In test mode -you will have to do that manually. -For example, older versions allowed you to use -.(b -0 bruce@broadcast.sony.com -.)b -This version requires that you use: -.(b -3,0 bruce@broadcast.sony.com -.)b -.pp -As of version 8.7, -some other syntaxes are available in test mode: -.nr ii 1i -.ip \&.D\|x\|value -defines macro -.i x -to have the indicated -.i value . -This is useful when debugging rules that use the -.b $& \c -.i x -syntax. -.ip \&.C\|c\|value -adds the indicated -.i value -to class -.i c . -.ip \&=S\|ruleset -dumps the contents of the indicated ruleset. -.ip \-d\|debug-spec -is equivalent to the command-line flag. -.lp -Version 8.9 introduced more features: -.nr ii 1i -.ip ? -shows a help message. -.ip =M -display the known mailers. -.ip $m -print the value of macro m. -.ip $=c -print the contents of class c. -.ip /mx\ host -returns the MX records for `host'. -.ip /parse\ address -parse address, returning the value of -.i crackaddr , -and the parsed address. -.ip /try\ mailer\ addr -rewrite address into the form it will have when -presented to the indicated mailer. -.ip /tryflags\ flags -set flags used by parsing. The flags can be `H' for -Header or `E' for Envelope, and `S' for Sender or `R' -for Recipient. These can be combined, `HR' sets -flags for header recipients. -.ip /canon\ hostname -try to canonify hostname. -.ip /map\ mapname\ key -look up `key' in the indicated `mapname'. -.ip /quit -quit address test mode. -.lp -.sh 2 "Persistent Host Status Information" -.pp -When -.b HostStatusDirectory -is enabled, -information about the status of hosts is maintained on disk -and can thus be shared between different instantiations of -.i sendmail . -The status of the last connection with each remote host -may be viewed with the command: -.(b -sendmail \-bh -.)b -This information may be flushed with the command: -.(b -sendmail \-bH -.)b -Flushing the information prevents new -.i sendmail -processes from loading it, -but does not prevent existing processes from using the status information -that they already have. -.sh 1 "TUNING" -.pp -There are a number of configuration parameters -you may want to change, -depending on the requirements of your site. -Most of these are set -using an option in the configuration file. -For example, -the line -.q "O Timeout.queuereturn=5d" -sets option -.q Timeout.queuereturn -to the value -.q 5d -(five days). -.pp -Most of these options have appropriate defaults for most sites. -However, -sites having very high mail loads may find they need to tune them -as appropriate for their mail load. -In particular, -sites experiencing a large number of small messages, -many of which are delivered to many recipients, -may find that they need to adjust the parameters -dealing with queue priorities. -.pp -All versions of -.i sendmail -prior to 8.7 -had single character option names. -As of 8.7, -options have long (multi-character names). -Although old short names are still accepted, -most new options do not have short equivalents. -.pp -This section only describes the options you are most likely -to want to tweak; -read section -.\"XREF -5 -for more details. -.sh 2 "Timeouts" -.pp -All time intervals are set -using a scaled syntax. -For example, -.q 10m -represents ten minutes, whereas -.q 2h30m -represents two and a half hours. -The full set of scales is: -.(b -.ta 4n -s seconds -m minutes -h hours -d days -w weeks -.)b -.sh 3 "Queue interval" -.pp -The argument to the -.b \-q -flag specifies how often a sub-daemon will run the queue. -This is typically set to between fifteen minutes and one hour. -If not set, or set to zero, -the queue will not be run automatically. -RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes. -Should you need to terminate the queue jobs currently active then a SIGTERM -to the parent of the process (or processes) will cleanly stop the jobs. -.sh 3 "Read timeouts" -.pp -Timeouts all have option names -.q Timeout.\fIsuboption\fP . -Most of these control SMTP operations. -The recognized -.i suboption s, -their default values, and the minimum values -allowed by RFC 2821 section 4.5.3.2 (or RFC 1123 section 5.3.2) are: -.nr ii 1i -.ip connect -The time to wait for an SMTP connection to open -(the -.i connect (2) -system call) -[0, unspecified]. -If zero, uses the kernel default. -In no case can this option extend the timeout -longer than the kernel provides, but it can shorten it. -This is to get around kernels that provide an absurdly long connection timeout -(90 minutes in one case). -.ip iconnect -The same as -.i connect, -except it applies only to the initial attempt to connect to a host -for a given message -[0, unspecified]. -The concept is that this should be very short (a few seconds); -hosts that are well connected and responsive will thus be serviced immediately. -Hosts that are slow will not hold up other deliveries in the initial -delivery attempt. -.ip aconnect -[0, unspecified] -The overall timeout waiting for all connection for a single delivery -attempt to succeed. -If 0, no overall limit is applied. -This can be used to restrict the total amount of time trying to connect to -a long list of host that could accept an e-mail for the recipient. -This timeout does not apply to -.b FallbackMXhost , -i.e., if the time is exhausted, the -.b FallbackMXhost -is tried next. -.ip initial -The wait for the initial 220 greeting message -[5m, 5m]. -.ip helo -The wait for a reply from a HELO or EHLO command -[5m, unspecified]. -This may require a host name lookup, so -five minutes is probably a reasonable minimum. -.ip mail\(dg -The wait for a reply from a MAIL command -[10m, 5m]. -.ip rcpt\(dg -The wait for a reply from a RCPT command -[1h, 5m]. -This should be long -because it could be pointing at a list -that takes a long time to expand -(see below). -.ip datainit\(dg -The wait for a reply from a DATA command -[5m, 2m]. -.ip datablock\(dg\(dd -The wait for reading a data block -(that is, the body of the message). -[1h, 3m]. -This should be long because it also applies to programs -piping input to -.i sendmail -which have no guarantee of promptness. -.ip datafinal\(dg -The wait for a reply from the dot terminating a message. -[1h, 10m]. -If this is shorter than the time actually needed -for the receiver to deliver the message, -duplicates will be generated. -This is discussed in RFC 1047. -.ip rset -The wait for a reply from a RSET command -[5m, unspecified]. -.ip quit -The wait for a reply from a QUIT command -[2m, unspecified]. -.ip misc -The wait for a reply from miscellaneous (but short) commands -such as NOOP (no-operation) and VERB (go into verbose mode). -[2m, unspecified]. -.ip command\(dg\(dd -In server SMTP, -the time to wait for another command. -[1h, 5m]. -.ip ident\(dd -The timeout waiting for a reply to an IDENT query -[5s\**, unspecified]. -.(f -\**On some systems the default is zero to turn the protocol off entirely. -.)f -.ip lhlo -The wait for a reply to an LMTP LHLO command -[2m, unspecified]. -.ip auth -The timeout for a reply in an SMTP AUTH dialogue -[10m, unspecified]. -.ip starttls -The timeout for a reply to an SMTP STARTTLS command and the TLS handshake -[1h, unspecified]. -.ip fileopen\(dd -The timeout for opening .forward and :include: files [60s, none]. -.ip control\(dd -The timeout for a complete control socket transaction to complete [2m, none]. -.ip hoststatus\(dd -How long status information about a host -(e.g., host down) -will be cached before it is considered stale -[30m, unspecified]. -.ip resolver.retrans\(dd -The resolver's -retransmission time interval -(in seconds) -[varies]. -Sets both -.i Timeout.resolver.retrans.first -and -.i Timeout.resolver.retrans.normal . -.ip resolver.retrans.first\(dd -The resolver's -retransmission time interval -(in seconds) -for the first attempt to -deliver a message -[varies]. -.ip resolver.retrans.normal\(dd -The resolver's -retransmission time interval -(in seconds) -for all resolver lookups -except the first delivery attempt -[varies]. -.ip resolver.retry\(dd -The number of times -to retransmit a resolver query. -Sets both -.i Timeout.resolver.retry.first -and -.i Timeout.resolver.retry.normal -[varies]. -.ip resolver.retry.first\(dd -The number of times -to retransmit a resolver query -for the first attempt -to deliver a message -[varies]. -.ip resolver.retry.normal\(dd -The number of times -to retransmit a resolver query -for all resolver lookups - except the first delivery attempt -[varies]. -.lp -For compatibility with old configuration files, -if no -.i suboption -is specified, -all the timeouts marked with -.DG -(\(dg) are set to the indicated value. -All but those marked with -.DD -(\(dd) apply to client SMTP. -.pp -For example, the lines: -.(b -O Timeout.command=25m -O Timeout.datablock=3h -.)b -sets the server SMTP command timeout to 25 minutes -and the input data block timeout to three hours. -.sh 3 "Message timeouts" -.pp -After sitting in the queue for a few days, -an undeliverable message will time out. -This is to insure that at least the sender is aware -of the inability to send a message. -The timeout is typically set to five days. -It is sometimes considered convenient to also send a warning message -if the message is in the queue longer than a few hours -(assuming you normally have good connectivity; -if your messages normally took several hours to send -you wouldn't want to do this because it wouldn't be an unusual event). -These timeouts are set using the -.b Timeout.queuereturn -and -.b Timeout.queuewarn -options in the configuration file -(previously both were set using the -.b T -option). -.pp -If the message is submitted using the -.sm NOTIFY -.sm SMTP -extension, -warning messages will only be sent if -.sm NOTIFY=DELAY -is specified. -The queuereturn and queuewarn timeouts -can be further qualified with a tag based on the Precedence: field -in the message; -they must be one of -.q urgent -(indicating a positive non-zero precedence) -.q normal -(indicating a zero precedence), or -.q non-urgent -(indicating negative precedences). -For example, setting -.q Timeout.queuewarn.urgent=1h -sets the warning timeout for urgent messages only -to one hour. -The default if no precedence is indicated -is to set the timeout for all precedences. -The value "now" can be used for --O Timeout.queuereturn -to return entries immediately during a queue run, -e.g., to bounce messages independent of their time in the queue. -.pp -Since these options are global, -and since you cannot know -.i "a priori" -how long another host outside your domain will be down, -a five day timeout is recommended. -This allows a recipient to fix the problem even if it occurs -at the beginning of a long weekend. -RFC 1123 section 5.3.1.1 says that this parameter -should be ``at least 4\-5 days''. -.pp -The -.b Timeout.queuewarn -value can be piggybacked on the -.b T -option by indicating a time after which -a warning message should be sent; -the two timeouts are separated by a slash. -For example, the line -.(b -OT5d/4h -.)b -causes email to fail after five days, -but a warning message will be sent after four hours. -This should be large enough that the message will have been tried -several times. -.sh 2 "Forking During Queue Runs" -.pp -By setting the -.b ForkEachJob -(\c -.b Y ) -option, -.i sendmail -will fork before each individual message -while running the queue. -This option was used with earlier releases to prevent -.i sendmail -from consuming large amounts of memory. -It should no longer be necessary with -.i sendmail -8.12. -If the -.b ForkEachJob -option is not set, -.i sendmail -will keep track of hosts that are down during a queue run, -which can improve performance dramatically. -.pp -If the -.b ForkEachJob -option is set, -.i sendmail -cannot use connection caching. -.sh 2 "Queue Priorities" -.pp -Every message is assigned a priority when it is first instantiated, -consisting of the message size (in bytes) -offset by the message class -(which is determined from the Precedence: header) -times the -.q "work class factor" -and the number of recipients times the -.q "work recipient factor." -The priority is used to order the queue. -Higher numbers for the priority mean that the message will be processed later -when running the queue. -.pp -The message size is included so that large messages are penalized -relative to small messages. -The message class allows users to send -.q "high priority" -messages by including a -.q Precedence: -field in their message; -the value of this field is looked up in the -.b P -lines of the configuration file. -Since the number of recipients affects the amount of load a message presents -to the system, -this is also included into the priority. -.pp -The recipient and class factors -can be set in the configuration file using the -.b RecipientFactor -(\c -.b y ) -and -.b ClassFactor -(\c -.b z ) -options respectively. -They default to 30000 (for the recipient factor) -and 1800 -(for the class factor). -The initial priority is: -.EQ -pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor) -.EN -(Remember, higher values for this parameter actually mean -that the job will be treated with lower priority.) -.pp -The priority of a job can also be adjusted each time it is processed -(that is, each time an attempt is made to deliver it) -using the -.q "work time factor," -set by the -.b RetryFactor -(\c -.b Z ) -option. -This is added to the priority, -so it normally decreases the precedence of the job, -on the grounds that jobs that have failed many times -will tend to fail again in the future. -The -.b RetryFactor -option defaults to 90000. -.sh 2 "Load Limiting" -.pp -.i Sendmail -can be asked to queue (but not deliver) mail -if the system load average gets too high using the -.b QueueLA -(\c -.b x ) -option. -When the load average exceeds the value of the -.b QueueLA -option, the delivery mode is set to -.b q -(queue only) if the -.b QueueFactor -(\c -.b q ) -option divided by the difference in the current load average and the -.b QueueLA -option plus one -is less than the priority of the message \(em -that is, the message is queued iff: -.EQ -pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 } -.EN -The -.b QueueFactor -option defaults to 600000, -so each point of load average is worth 600000 priority points -(as described above). -.pp -For drastic cases, the -.b RefuseLA -(\c -.b X ) -option defines a load average at which -.i sendmail -will refuse to accept network connections. -Locally generated mail, i.e., mail which is not submitted via SMTP -(including incoming UUCP mail), -is still accepted. -Notice that the MSP submits mail to the MTA via SMTP, and hence -mail will be queued in the client queue in such a case. -Therefore it is necessary to run the client mail queue periodically. -.sh 2 "Resource Limits" -.pp -.i Sendmail -has several parameters to control resource usage. -Besides those mentionted in the previous section, there are at least -.b MaxDaemonChildren , -.b ConnectionRateThrottle , -.b MaxQueueChildren , -and -.b MaxRunnersPerQueue . -The latter two limit the number of -.i sendmail -processes that operate on the queue. -These are discussed in the section -``Queue Group Declaration''. -The former two can be used to limit the number of incoming connections. -Their appropriate values depend on the host operating system and -the hardware, e.g., amount of memory. -In many situations it might be useful to set limits to prevent -to have too many -.i sendmail -processes, however, these limits can be abused to mount a -denial of service attack. -For example, if -.b MaxDaemonChildren=10 -then an attacker needs to open only 10 SMTP sessions to the server, -leave them idle for most of the time, -and no more connections will be accepted. -.sh 2 "Delivery Mode" -.pp -There are a number of delivery modes that -.i sendmail -can operate in, -set by the -.b DeliveryMode -(\c -.b d ) -configuration option. -These modes -specify how quickly mail will be delivered. -Legal modes are: -.(b -.ta 4n -i deliver interactively (synchronously) -b deliver in background (asynchronously) -q queue only (don't deliver) -d defer delivery attempts (don't deliver) -.)b -There are tradeoffs. -Mode -.q i -gives the sender the quickest feedback, -but may slow down some mailers and -is hardly ever necessary. -Mode -.q b -delivers promptly but -can cause large numbers of processes -if you have a mailer that takes a long time to deliver a message. -Mode -.q q -minimizes the load on your machine, -but means that delivery may be delayed for up to the queue interval. -Mode -.q d -is identical to mode -.q q -except that it also prevents lookups in maps including the -.b -D -flag from working during the initial queue phase; -it is intended for ``dial on demand'' sites where DNS lookups -might cost real money. -Some simple error messages -(e.g., host unknown during the SMTP protocol) -will be delayed using this mode. -Mode -.q b -is the usual default. -.pp -If you run in mode -.q q -(queue only), -.q d -(defer), -or -.q b -(deliver in background) -.i sendmail -will not expand aliases and follow .forward files -upon initial receipt of the mail. -This speeds up the response to RCPT commands. -Mode -.q i -should not be used by the SMTP server. -.sh 2 "Log Level" -.pp -The level of logging can be set for -.i sendmail . -The default using a standard configuration table is level 9. -The levels are as follows: -.nr ii 0.5i -.ip 0 -Minimal logging. -.ip 1 -Serious system failures and potential security problems. -.ip 2 -Lost communications (network problems) and protocol failures. -.ip 3 -Other serious failures, malformed addresses, transient forward/include -errors, connection timeouts. -.ip 4 -Minor failures, out of date alias databases, connection rejections -via check_ rulesets. -.ip 5 -Message collection statistics. -.ip 6 -Creation of error messages, -VRFY and EXPN commands. -.ip 7 -Delivery failures (host or user unknown, etc.). -.ip 8 -Successful deliveries and alias database rebuilds. -.ip 9 -Messages being deferred -(due to a host being down, etc.). -.ip 10 -Database expansion (alias, forward, and userdb lookups) -and authentication information. -.ip 11 -NIS errors and end of job processing. -.ip 12 -Logs all SMTP connections. -.ip 13 -Log bad user shells, files with improper permissions, and other -questionable situations. -.ip 14 -Logs refused connections. -.ip 15 -Log all incoming and outgoing SMTP commands. -.ip 20 -Logs attempts to run locked queue files. -These are not errors, -but can be useful to note if your queue appears to be clogged. -.ip 30 -Lost locks (only if using lockf instead of flock). -.lp -Additionally, -values above 64 are reserved for extremely verbose debugging output. -No normal site would ever set these. -.sh 2 "File Modes" -.pp -The modes used for files depend on what functionality you want -and the level of security you require. -In many cases -.i sendmail -does careful checking of the modes -of files and directories -to avoid accidental compromise; -if you want to make it possible to have group-writable support files -you may need to use the -.b DontBlameSendmail -option to turn off some of these checks. -.sh 3 "To suid or not to suid?" -.pp -.i Sendmail -is no longer installed -set-user-ID to root. -sendmail/SECURITY -explains how to configure and install -.i sendmail -without set-user-ID to root but set-group-ID -which is the default configuration starting with 8.12. -.pp -The daemon usually runs as root, unless other measures are taken. -At the point where -.i sendmail -is about to -.i exec \|(2) -a mailer, -it checks to see if the userid is zero (root); -if so, -it resets the userid and groupid to a default -(set by the -.b U= -equate in the mailer line; -if that is not set, the -.b DefaultUser -option is used). -This can be overridden -by setting the -.b S -flag to the mailer -for mailers that are trusted -and must be called as root. -However, -this will cause mail processing -to be accounted -(using -.i sa \|(8)) -to root -rather than to the user sending the mail. -.pp -A middle ground is to set the -.b RunAsUser -option. -This causes -.i sendmail -to become the indicated user as soon as it has done the startup -that requires root privileges -(primarily, opening the -.sm SMTP -socket). -If you use -.b RunAsUser , -the queue directory -(normally -.i /var/spool/mqueue ) -should be owned by that user, -and all files and databases -(including user -.i \&.forward -files, -alias files, -:include: files, -and external databases) -must be readable by that user. -Also, since sendmail will not be able to change it's uid, -delivery to programs or files will be marked as unsafe, -e.g., undeliverable, -in -.i \&.forward , -aliases, -and :include: files. -Administrators can override this by setting the -.b DontBlameSendmail -option to the setting -.b NonRootSafeAddr . -.b RunAsUser -is probably best suited for firewall configurations -that don't have regular user logins. -If the option is used on a system which performs local delivery, -then the local delivery agent must have the proper permissions -(i.e., usually set-user-ID root) -since it will be invoked by the -.b RunAsUser , -not by root. -.sh 3 "Turning off security checks" -.pp -.i Sendmail -is very particular about the modes of files that it reads or writes. -For example, by default it will refuse to read most files -that are group writable -on the grounds that they might have been tampered with -by someone other than the owner; -it will even refuse to read files in group writable directories. -Also, sendmail will refuse to create a new aliases database in an -unsafe directory. You can get around this by manually creating the -database file as a trusted user ahead of time and then rebuilding the -aliases database with -.b newaliases . -.pp -If you are -.i quite -sure that your configuration is safe and you want -.i sendmail -to avoid these security checks, -you can turn off certain checks using the -.b DontBlameSendmail -option. -This option takes one or more names that disable checks. -In the descriptions that follow, -.q "unsafe directory" -means a directory that is writable by anyone other than the owner. -The values are: -.nr ii 0.5i -.ip Safe -No special handling. -.ip AssumeSafeChown -Assume that the -.i chown -system call is restricted to root. -Since some versions of UNIX permit regular users -to give away their files to other users on some filesystems, -.i sendmail -often cannot assume that a given file was created by the owner, -particularly when it is in a writable directory. -You can set this flag if you know that file giveaway is restricted -on your system. -.ip ClassFileInUnsafeDirPath -When reading class files (using the -.b F -line in the configuration file), -allow files that are in unsafe directories. -.ip DontWarnForwardFileInUnsafeDirPath -Prevent logging of -unsafe directory path warnings -for non-existent forward files. -.ip ErrorHeaderInUnsafeDirPath -Allow the file named in the -.b ErrorHeader -option to be in an unsafe directory. -.ip FileDeliveryToHardLink -Allow delivery to files that are hard links. -.ip FileDeliveryToSymLink -Allow delivery to files that are symbolic links. -.ip ForwardFileInGroupWritableDirPath -Allow -.i \&.forward -files in group writable directories. -.ip ForwardFileInUnsafeDirPath -Allow -.i \&.forward -files in unsafe directories. -.ip ForwardFileInUnsafeDirPathSafe -Allow a -.i \&.forward -file that is in an unsafe directory to include references -to program and files. -.ip GroupReadableKeyFile -Accept a group-readable key file for STARTTLS. -.ip GroupReadableSASLDBFile -Accept a group-readable Cyrus SASL password file. -.ip GroupWritableAliasFile -Allow group-writable alias files. -.ip GroupWritableDirPathSafe -Change the definition of -.q "unsafe directory" -to consider group-writable directories to be safe. -World-writable directories are always unsafe. -.ip GroupWritableForwardFile -Allow group writable -.i \&.forward -files. -.ip GroupWritableForwardFileSafe -Accept group-writable -.i \&.forward -files as safe for program and file delivery. -.ip GroupWritableIncludeFile -Allow group wriable -.i :include: -files. -.ip GroupWritableIncludeFileSafe -Accept group-writable -.i :include: -files as safe for program and file delivery. -.ip GroupWritableSASLDBFile -Accept a group-writable Cyrus SASL password file. -.ip HelpFileInUnsafeDirPath -Allow the file named in the -.b HelpFile -option to be in an unsafe directory. -.ip IncludeFileInGroupWritableDirPath -Allow -.i :include: -files in group writable directories. -.ip IncludeFileInUnsafeDirPath -Allow -.i :include: -files in unsafe directories. -.ip IncludeFileInUnsafeDirPathSafe -Allow a -.i :include: -file that is in an unsafe directory to include references -to program and files. -.ip InsufficientEntropy -Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded -despite the security problems. -.ip LinkedAliasFileInWritableDir -Allow an alias file that is a link in a writable directory. -.ip LinkedClassFileInWritableDir -Allow class files that are links in writable directories. -.ip LinkedForwardFileInWritableDir -Allow -.i \&.forward -files that are links in writable directories. -.ip LinkedIncludeFileInWritableDir -Allow -.i :include: -files that are links in writable directories. -.ip LinkedMapInWritableDir -Allow map files that are links in writable directories. -This includes alias database files. -.ip LinkedServiceSwitchFileInWritableDir -Allow the service switch file to be a link -even if the directory is writable. -.ip MapInUnsafeDirPath -Allow maps (e.g., -.i hash , -.i btree , -and -.i dbm -files) -in unsafe directories. -This includes alias database files. -.ip NonRootSafeAddr -Do not mark file and program deliveries as unsafe -if sendmail is not running with root privileges. -.ip RunProgramInUnsafeDirPath -Run programs that are in writable directories without logging a warning. -.ip RunWritableProgram -Run programs that are group- or world-writable without logging a warning. -.ip TrustStickyBit -Allow group or world writable directories -if the sticky bit is set on the directory. -Do not set this on systems which do not honor -the sticky bit on directories. -.ip WorldWritableAliasFile -Accept world-writable alias files. -.ip WorldWritableForwardfile -Allow world writable -.i \&.forward -files. -.ip WorldWritableIncludefile -Allow world wriable -.i :include: -files. -.ip WriteMapToHardLink -Allow writes to maps that are hard links. -.ip WriteMapToSymLink -Allow writes to maps that are symbolic links. -.ip WriteStatsToHardLink -Allow the status file to be a hard link. -.ip WriteStatsToSymLink -Allow the status file to be a symbolic link. -.sh 2 "Connection Caching" -.pp -When processing the queue, -.i sendmail -will try to keep the last few open connections open -to avoid startup and shutdown costs. -This only applies to IPC connections. -.pp -When trying to open a connection -the cache is first searched. -If an open connection is found, it is probed to see if it is still active -by sending a -.sm RSET -command. -It is not an error if this fails; -instead, the connection is closed and reopened. -.pp -Two parameters control the connection cache. -The -.b ConnectionCacheSize -(\c -.b k ) -option defines the number of simultaneous open connections -that will be permitted. -If it is set to zero, -connections will be closed as quickly as possible. -The default is one. -This should be set as appropriate for your system size; -it will limit the amount of system resources that -.i sendmail -will use during queue runs. -Never set this higher than 4. -.pp -The -.b ConnectionCacheTimeout -(\c -.b K ) -option specifies the maximum time that any cached connection -will be permitted to idle. -When the idle time exceeds this value -the connection is closed. -This number should be small -(under ten minutes) -to prevent you from grabbing too many resources -from other hosts. -The default is five minutes. -.sh 2 "Name Server Access" -.pp -Control of host address lookups is set by the -.b hosts -service entry in your service switch file. -If you are on a system that has built-in service switch support -(e.g., Ultrix, Solaris, or DEC OSF/1) -then your system is probably configured properly already. -Otherwise, -.i sendmail -will consult the file -.b /etc/mail/service.switch , -which should be created. -.i Sendmail -only uses two entries: -.b hosts -and -.b aliases , -although system routines may use other services -(notably the -.b passwd -service for user name lookups by -.i getpwname ). -.pp -However, some systems (such as SunOS 4.X) -will do DNS lookups -regardless of the setting of the service switch entry. -In particular, the system routine -.i gethostbyname (3) -is used to look up host names, -and many vendor versions try some combination of DNS, NIS, -and file lookup in /etc/hosts -without consulting a service switch. -.i Sendmail -makes no attempt to work around this problem, -and the DNS lookup will be done anyway. -If you do not have a nameserver configured at all, -such as at a UUCP-only site, -.i sendmail -will get a -.q "connection refused" -message when it tries to connect to the name server. -If the -.b hosts -switch entry has the service -.q dns -listed somewhere in the list, -.i sendmail -will interpret this to mean a temporary failure -and will queue the mail for later processing; -otherwise, it ignores the name server data. -.pp -The same technique is used to decide whether to do MX lookups. -If you want MX support, you -.i must -have -.q dns -listed as a service in the -.b hosts -switch entry. -.pp -The -.b ResolverOptions -(\c -.b I ) -option allows you to tweak name server options. -The command line takes a series of flags as documented in -.i resolver (3) -(with the leading -.q RES_ -deleted). -Each can be preceded by an optional `+' or `\(mi'. -For example, the line -.(b -O ResolverOptions=+AAONLY \(miDNSRCH -.)b -turns on the AAONLY (accept authoritative answers only) -and turns off the DNSRCH (search the domain path) options. -Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE -flags on and all others off. -If NETINET6 is enabled, most libraries default to USE_INET6 as well. -You can also include -.q HasWildcardMX -to specify that there is a wildcard MX record matching your domain; -this turns off MX matching when canonifying names, -which can lead to inappropriate canonifications. -Use -.q WorkAroundBrokenAAAA -when faced with a broken nameserver that returns SERVFAIL -(a temporary failure) -on T_AAAA (IPv6) lookups -during hostname canonification. -Notice: it might be necessary to apply the same (or similar) options to -.i submit.cf -too. -.pp -Version level 1 configurations (see the section about -Configuration Version Level) -turn DNSRCH and DEFNAMES off when doing delivery lookups, -but leave them on everywhere else. -Version 8 of -.i sendmail -ignores them when doing canonification lookups -(that is, when using $[ ... $]), -and always does the search. -If you don't want to do automatic name extension, -don't call $[ ... $]. -.pp -The search rules for $[ ... $] are somewhat different than usual. -If the name being looked up -has at least one dot, it always tries the unmodified name first. -If that fails, it tries the reduced search path, -and lastly tries the unmodified name -(but only for names without a dot, -since names with a dot have already been tried). -This allows names such as -``utc.CS'' -to match the site in Czechoslovakia -rather than the site in your local Computer Science department. -It also prefers A and CNAME records over MX records \*- -that is, if it finds an MX record it makes note of it, -but keeps looking. -This way, if you have a wildcard MX record matching your domain, -it will not assume that all names match. -.pp -To completely turn off all name server access -on systems without service switch support -(such as SunOS 4.X) -you will have to recompile with -\-DNAMED_BIND=0 -and remove \-lresolv from the list of libraries to be searched -when linking. -.sh 2 "Moving the Per-User Forward Files" -.pp -Some sites mount each user's home directory -from a local disk on their workstation, -so that local access is fast. -However, the result is that .forward file lookups -from a central mail server are slow. -In some cases, -mail can even be delivered on machines inappropriately -because of a file server being down. -The performance can be especially bad if you run the automounter. -.pp -The -.b ForwardPath -(\c -.b J ) -option allows you to set a path of forward files. -For example, the config file line -.(b -O ForwardPath=/var/forward/$u:$z/.forward.$w -.)b -would first look for a file with the same name as the user's login -in /var/forward; -if that is not found (or is inaccessible) -the file -``.forward.\c -.i machinename '' -in the user's home directory is searched. -A truly perverse site could also search by sender -by using $r, $s, or $f. -.pp -If you create a directory such as /var/forward, -it should be mode 1777 -(that is, the sticky bit should be set). -Users should create the files mode 0644. -Note that you must use the -ForwardFileInUnsafeDirPath and -ForwardFileInUnsafeDirPathSafe -flags with the -.b DontBlameSendmail -option to allow forward files in a world writable directory. -This might also be used as a denial of service attack -(users could create forward files for other users); -a better approach might be to create -/var/forward -mode 0755 -and create empty files for each user, -owned by that user, -mode 0644. -If you do this, you don't have to set the DontBlameSendmail options -indicated above. -.sh 2 "Free Space" -.pp -On systems that have one of the system calls in the -.i statfs (2) -family -(including -.i statvfs -and -.i ustat ), -you can specify a minimum number of free blocks on the queue filesystem -using the -.b MinFreeBlocks -(\c -.b b ) -option. -If there are fewer than the indicated number of blocks free -on the filesystem on which the queue is mounted -the SMTP server will reject mail -with the -452 error code. -This invites the SMTP client to try again later. -.pp -Beware of setting this option too high; -it can cause rejection of email -when that mail would be processed without difficulty. -.sh 2 "Maximum Message Size" -.pp -To avoid overflowing your system with a large message, -the -.b MaxMessageSize -option can be set to set an absolute limit -on the size of any one message. -This will be advertised in the ESMTP dialogue -and checked during message collection. -.sh 2 "Privacy Flags" -.pp -The -.b PrivacyOptions -(\c -.b p ) -option allows you to set certain -``privacy'' -flags. -Actually, many of them don't give you any extra privacy, -rather just insisting that client SMTP servers -use the HELO command -before using certain commands -or adding extra headers to indicate possible spoof attempts. -.pp -The option takes a series of flag names; -the final privacy is the inclusive or of those flags. -For example: -.(b -O PrivacyOptions=needmailhelo, noexpn -.)b -insists that the HELO or EHLO command be used before a MAIL command is accepted -and disables the EXPN command. -.pp -The flags are detailed in section -.\"XREF -5.6. -.sh 2 "Send to Me Too" -.pp -Beginning with version 8.10, -.i sendmail -includes by default the (envelope) sender in any list expansions. -For example, if -.q matt -sends to a list that contains -.q matt -as one of the members he will get a copy of the message. -If the -.b MeToo -option is set to -.sm FALSE -(in the configuration file or via the command line), -this behavior is changed, i.e., -the (envelope) sender is excluded in list expansions. -.sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE" -.pp -This section describes the configuration file -in detail. -.pp -There is one point that should be made clear immediately: -the syntax of the configuration file -is designed to be reasonably easy to parse, -since this is done every time -.i sendmail -starts up, -rather than easy for a human to read or write. -The configuration file should be generated via the method described in -.b cf/README , -it should not be edited directly unless someone is familiar -with the internals of the syntax described here and it is -not possible to achieve the desired result via the default method. -.pp -The configuration file is organized as a series of lines, -each of which begins with a single character -defining the semantics for the rest of the line. -Lines beginning with a space or a tab -are continuation lines -(although the semantics are not well defined in many places). -Blank lines and lines beginning with a sharp symbol -(`#') -are comments. -.sh 2 "R and S \*- Rewriting Rules" -.pp -The core of address parsing -are the rewriting rules. -These are an ordered production system. -.i Sendmail -scans through the set of rewriting rules -looking for a match on the left hand side -(LHS) -of the rule. -When a rule matches, -the address is replaced by the right hand side -(RHS) -of the rule. -.pp -There are several sets of rewriting rules. -Some of the rewriting sets are used internally -and must have specific semantics. -Other rewriting sets -do not have specifically assigned semantics, -and may be referenced by the mailer definitions -or by other rewriting sets. -.pp -The syntax of these two commands are: -.(b F -.b S \c -.i n -.)b -Sets the current ruleset being collected to -.i n . -If you begin a ruleset more than once -it appends to the old definition. -.(b F -.b R \c -.i lhs -.i rhs -.i comments -.)b -The -fields must be separated -by at least one tab character; -there may be embedded spaces -in the fields. -The -.i lhs -is a pattern that is applied to the input. -If it matches, -the input is rewritten to the -.i rhs . -The -.i comments -are ignored. -.pp -Macro expansions of the form -.b $ \c -.i x -are performed when the configuration file is read. -A literal -.b $ -can be included using -.b $$ . -Expansions of the form -.b $& \c -.i x -are performed at run time using a somewhat less general algorithm. -This is intended only for referencing internally defined macros -such as -.b $h -that are changed at runtime. -.sh 3 "The left hand side" -.pp -The left hand side of rewriting rules contains a pattern. -Normal words are simply matched directly. -Metasyntax is introduced using a dollar sign. -The metasymbols are: -.(b -.ta \w'\fB$=\fP\fIx\fP 'u -\fB$*\fP Match zero or more tokens -\fB$+\fP Match one or more tokens -\fB$\-\fP Match exactly one token -\fB$=\fP\fIx\fP Match any phrase in class \fIx\fP -\fB$~\fP\fIx\fP Match any word not in class \fIx\fP -.)b -If any of these match, -they are assigned to the symbol -.b $ \c -.i n -for replacement on the right hand side, -where -.i n -is the index in the LHS. -For example, -if the LHS: -.(b -$\-:$+ -.)b -is applied to the input: -.(b -UCBARPA:eric -.)b -the rule will match, and the values passed to the RHS will be: -.(b -.ta 4n -$1 UCBARPA -$2 eric -.)b -.pp -Additionally, the LHS can include -.b $@ -to match zero tokens. -This is -.i not -bound to a -.b $ \c -.i n -on the RHS, and is normally only used when it stands alone -in order to match the null input. -.sh 3 "The right hand side" -.pp -When the left hand side of a rewriting rule matches, -the input is deleted and replaced by the right hand side. -Tokens are copied directly from the RHS -unless they begin with a dollar sign. -Metasymbols are: -.(b -.ta \w'$#mailer\0\0\0'u -\fB$\fP\fIn\fP Substitute indefinite token \fIn\fP from LHS -\fB$[\fP\fIname\fP\fB$]\fP Canonicalize \fIname\fP -\fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP - Generalized keyed mapping function -\fB$>\fP\fIn\fP \*(lqCall\*(rq ruleset \fIn\fP -\fB$#\fP\fImailer\fP Resolve to \fImailer\fP -\fB$@\fP\fIhost\fP Specify \fIhost\fP -\fB$:\fP\fIuser\fP Specify \fIuser\fP -.)b -.pp -The -.b $ \c -.i n -syntax substitutes the corresponding value from a -.b $+ , -.b $\- , -.b $* , -.b $= , -or -.b $~ -match on the LHS. -It may be used anywhere. -.pp -A host name enclosed between -.b $[ -and -.b $] -is looked up in the host database(s) -and replaced by the canonical name\**. -.(f -\**This is actually -completely equivalent -to $(host \fIhostname\fP$). -In particular, a -.b $: -default can be used. -.)f -For example, -.q $[ftp$] -might become -.q ftp.CS.Berkeley.EDU -and -.q $[[128.32.130.2]$] -would become -.q vangogh.CS.Berkeley.EDU. -.i Sendmail -recognizes its numeric IP address -without calling the name server -and replaces it with its canonical name. -.pp -The -.b $( -\&... -.b $) -syntax is a more general form of lookup; -it uses a named map instead of an implicit map. -If no lookup is found, the indicated -.i default -is inserted; -if no default is specified and no lookup matches, -the value is left unchanged. -The -.i arguments -are passed to the map for possible use. -.pp -The -.b $> \c -.i n -syntax -causes the remainder of the line to be substituted as usual -and then passed as the argument to ruleset -.i n . -The final value of ruleset -.i n -then becomes -the substitution for this rule. -The -.b $> -syntax expands everything after the ruleset name -to the end of the replacement string -and then passes that as the initial input to the ruleset. -Recursive calls are allowed. -For example, -.(b -$>0 $>3 $1 -.)b -expands $1, passes that to ruleset 3, and then passes the result -of ruleset 3 to ruleset 0. -.pp -The -.b $# -syntax should -.i only -be used in ruleset zero, -a subroutine of ruleset zero, -or rulesets that return decisions (e.g., check_rcpt). -It causes evaluation of the ruleset to terminate immediately, -and signals to -.i sendmail -that the address has completely resolved. -The complete syntax for ruleset 0 is: -.(b -\fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP -.)b -This specifies the -{mailer, host, user} -3-tuple necessary to direct the mailer. -If the mailer is local -the host part may be omitted\**. -.(f -\**You may want to use it for special -.q "per user" -extensions. -For example, in the address -.q jgm+foo@CMU.EDU ; -the -.q +foo -part is not part of the user name, -and is passed to the local mailer for local use. -.)f -The -.i mailer -must be a single word, -but the -.i host -and -.i user -may be multi-part. -If the -.i mailer -is the built-in IPC mailer, -the -.i host -may be a colon-separated list of hosts -that are searched in order for the first working address -(exactly like MX records). -The -.i user -is later rewritten by the mailer-specific envelope rewriting set -and assigned to the -.b $u -macro. -As a special case, if the mailer specified has the -.b F=@ -flag specified -and the first character of the -.b $: -value is -.q @ , -the -.q @ -is stripped off, and a flag is set in the address descriptor -that causes sendmail to not do ruleset 5 processing. -.pp -Normally, a rule that matches is retried, -that is, -the rule loops until it fails. -A RHS may also be preceded by a -.b $@ -or a -.b $: -to change this behavior. -A -.b $@ -prefix causes the ruleset to return with the remainder of the RHS -as the value. -A -.b $: -prefix causes the rule to terminate immediately, -but the ruleset to continue; -this can be used to avoid continued application of a rule. -The prefix is stripped before continuing. -.pp -The -.b $@ -and -.b $: -prefixes may precede a -.b $> -spec; -for example: -.(b -.ta 8n -R$+ $: $>7 $1 -.)b -matches anything, -passes that to ruleset seven, -and continues; -the -.b $: -is necessary to avoid an infinite loop. -.pp -Substitution occurs in the order described, -that is, -parameters from the LHS are substituted, -hostnames are canonicalized, -.q subroutines -are called, -and finally -.b $# , -.b $@ , -and -.b $: -are processed. -.sh 3 "Semantics of rewriting rule sets" -.pp -There are six rewriting sets -that have specific semantics. -Five of these are related as depicted by figure 1. -.(z -.hl -.ie n \{\ -.(c - +---+ - -->| 0 |-->resolved address - / +---+ - / +---+ +---+ - / ---->| 1 |-->| S |-- - +---+ / +---+ / +---+ +---+ \e +---+ -addr-->| 3 |-->| D |-- --->| 4 |-->msg - +---+ +---+ \e +---+ +---+ / +---+ - --->| 2 |-->| R |-- - +---+ +---+ -.)c - -.\} -.el \{\ -.ie !"\*(.T"" \{\ -.PS -boxwid = 0.3i -boxht = 0.3i -movewid = 0.3i -moveht = 0.3i -linewid = 0.3i -lineht = 0.3i - - box invis "addr"; arrow -Box3: box "3" -A1: arrow -BoxD: box "D"; line; L1: Here -C: [ - C1: arrow; box "1"; arrow; box "S"; line; E1: Here - move to C1 down 0.5; right - C2: arrow; box "2"; arrow; box "R"; line; E2: Here - ] with .w at L1 + (0.5, 0) - move to C.e right 0.5 -L4: arrow; box "4"; arrow; box invis "msg" - line from L1 to C.C1 - line from L1 to C.C2 - line from C.E1 to L4 - line from C.E2 to L4 - move to BoxD.n up 0.6; right -Box0: arrow; box "0" - arrow; box invis "resolved address" width 1.3 - line from 1/3 of the way between A1 and BoxD.w to Box0 -.PE -.\} -.el .sp 2i -.\} -.ce -Figure 1 \*- Rewriting set semantics -.(c -D \*- sender domain addition -S \*- mailer-specific sender rewriting -R \*- mailer-specific recipient rewriting -.)c -.hl -.)z -.pp -Ruleset three -should turn the address into -.q "canonical form." -This form should have the basic syntax: -.(b -local-part@host-domain-spec -.)b -Ruleset three -is applied by -.i sendmail -before doing anything with any address. -.pp -If no -.q @ -sign is specified, -then the -host-domain-spec -.i may -be appended (box -.q D -in Figure 1) -from the -sender address -(if the -.b C -flag is set in the mailer definition -corresponding to the -.i sending -mailer). -.pp -Ruleset zero -is applied after ruleset three -to addresses that are going to actually specify recipients. -It must resolve to a -.i "{mailer, host, address}" -triple. -The -.i mailer -must be defined in the mailer definitions -from the configuration file. -The -.i host -is defined into the -.b $h -macro -for use in the argv expansion of the specified mailer. -.pp -Rulesets one and two -are applied to all sender and recipient addresses respectively. -They are applied before any specification -in the mailer definition. -They must never resolve. -.pp -Ruleset four is applied to all addresses -in the message. -It is typically used -to translate internal to external form. -.pp -In addition, -ruleset 5 is applied to all local addresses -(specifically, those that resolve to a mailer with the `F=5' -flag set) -that do not have aliases. -This allows a last minute hook for local names. -.sh 3 "Ruleset hooks" -.pp -A few extra rulesets are defined as -.q hooks -that can be defined to get special features. -They are all named rulesets. -The -.q check_* -forms all give accept/reject status; -falling off the end or returning normally is an accept, -and resolving to -.b $#error -is a reject. -Many of these can also resolve to the special mailer name -.b $#discard ; -this accepts the message as though it were successful -but then discards it without delivery. -Note, -this mailer cannot be chosen as a mailer in ruleset 0. -Note also that all -.q check_* -rulesets have to deal with temporary failures, especially for map lookups, -themselves, i.e., they should return a temporary error code -or at least they should make a proper decision in those cases. -.sh 4 "check_relay" -.pp -The -.i check_relay -ruleset is called after a connection is accepted by the daemon. -It is not called when sendmail is started using the -.b \-bs -option. -It is passed -.(b -client.host.name $| client.host.address -.)b -where -.b $| -is a metacharacter separating the two parts. -This ruleset can reject connections from various locations. -Note that it only checks the connecting SMTP client IP address and hostname. -It does not check for third party message relaying. -The -.i check_rcpt -ruleset discussed below usually does third party message relay checking. -.sh 4 "check_mail" -.pp -The -.i check_mail -ruleset is passed the user name parameter of the -.sm "SMTP MAIL" -command. -It can accept or reject the address. -.sh 4 "check_rcpt" -.pp -The -.i check_rcpt -ruleset is passed the user name parameter of the -.sm "SMTP RCPT" -command. -It can accept or reject the address. -.sh 4 "check_data" -.pp -The -.i check_data -ruleset is called after the -.sm "SMTP DATA" -command, its parameter is the number of recipients. -It can accept or reject the command. -.sh 4 "check_compat" -.pp -The -.i check_compat -ruleset is passed -.(b -sender-address $| recipient-address -.)b -where -.b $| -is a metacharacter separating the addresses. -It can accept or reject mail transfer between these two addresses -much like the -.i checkcompat() -function. -.sh 4 "check_eoh" -.pp -The -.i check_eoh -ruleset is passed -.(b -number-of-headers $| size-of-headers -.)b -where -.b $| -is a metacharacter separating the numbers. -These numbers can be used for size comparisons with the -.b arith -map. -The ruleset is triggered after -all of the headers have been read. -It can be used to correlate information gathered -from those headers using the -.b macro -storage map. -One possible use is to check for a missing header. -For example: -.(b -.ta 1.5i -Kstorage macro -HMessage-Id: $>CheckMessageId - -SCheckMessageId -# Record the presence of the header -R$* $: $(storage {MessageIdCheck} $@ OK $) $1 -R< $+ @ $+ > $@ OK -R$* $#error $: 553 Header Error - -Scheck_eoh -# Check the macro -R$* $: < $&{MessageIdCheck} > -# Clear the macro for the next message -R$* $: $(storage {MessageIdCheck} $) $1 -# Has a Message-Id: header -R< $+ > $@ OK -# Allow missing Message-Id: from local mail -R$* $: < $&{client_name} > -R< > $@ OK -R< $=w > $@ OK -# Otherwise, reject the mail -R$* $#error $: 553 Header Error -.)b -Keep in mind the Message-Id: header is not a required header and -is not a guaranteed spam indicator. -This ruleset is an example and -should probably not be used in production. -.sh 4 "check_etrn" -.pp -The -.i check_etrn -ruleset is passed the parameter of the -.sm "SMTP ETRN" -command. -It can accept or reject the command. -.sh 4 "check_expn" -.pp -The -.i check_expn -ruleset is passed the user name parameter of the -.sm "SMTP EXPN" -command. -It can accept or reject the address. -.sh 4 "check_vrfy" -.pp -The -.i check_vrfy -ruleset is passed the user name parameter of the -.sm "SMTP VRFY" -command. -It can accept or reject the command. -.sh 4 "trust_auth" -.pp -The -.i trust_auth -ruleset is passed the AUTH= parameter of the -.sm "SMTP MAIL" -command. -It is used to determine whether this value should be -trusted. In order to make this decision, the ruleset -may make use of the various -.b ${auth_*} -macros. -If the ruleset does resolve to the -.q error -mailer the AUTH= parameter is not trusted and hence -not passed on to the next relay. -.sh 4 "tls_client" -.pp -The -.i tls_client -ruleset is called when sendmail acts as server, after a STARTTLS command -has been issued, and from -.i check_mail. -The parameter is the value of -.b ${verify} -and STARTTLS or MAIL, respectively. -If the ruleset does resolve to the -.q error -mailer, the appropriate error code is returned to the client. -.sh 4 "tls_server" -.pp -The -.i tls_server -ruleset is called when sendmail acts as client after a STARTTLS command -(should) have been issued. -The parameter is the value of -.b ${verify} . -If the ruleset does resolve to the -.q error -mailer, the connection is aborted -(treated as non-deliverable with a permanent or temporary error). -.sh 4 "tls_rcpt" -.pp -The -.i tls_rcpt -ruleset is called each time before a RCPT TO command is sent. -The parameter is the current recipient. -If the ruleset does resolve to the -.q error -mailer, the RCPT TO command is suppressed -(treated as non-deliverable with a permanent or temporary error). -This ruleset allows to require encryption or verification of -the recipient's MTA even if the mail is somehow redirected -to another host. -For example, sending mail to -.i luke@endmail.org -may get redirected to a host named -.i death.star -and hence the tls_server ruleset won't apply. -By introducing per recipient restrictions such attacks -(e.g., via DNS spoofing) can be made impossible. -See -.i cf/README -how this ruleset can be used. -.sh 4 "srv_features" -.pp -The -.i srv_features -ruleset is called with the connecting client's host name -when a client connects to sendmail. -This ruleset should return -.b $# -followed by a list of options (single characters -delimited by white space). -If the return value starts with anything else it is silently ignored. -Generally upper case characters turn off a feature -while lower case characters turn it on. -The option `S' causes the server not to offer STARTTLS. -This is useful to interact with MTAs/MUAs that have broken -STARTTLS implementations by simply not offering it. -`V' turns off the request for a client certificate -during the TLS handshake. -Option `A' and `P' suppress SMTP AUTH and PIPELINING, respectively. -The ruleset may return `$#temp' to indicate that there is a temporary -problem determining the correct features, e.g., if a map is unavailable. -In that case, the SMTP server issues a temporary failure and does not -accept email. -.sh 4 "try_tls" -.pp -The -.i try_tls -ruleset is called when sendmail connects to another MTA. -If the ruleset does resolve to the -.q error -mailer, sendmail does not try STARTTLS even if it is offered. -This is useful to interact with MTAs that have broken -STARTTLS implementations by simply not using it. -.sh 4 "authinfo" -.pp -The -.i authinfo -ruleset is called when sendmail tries to authenticate to another MTA. -It should return -.b $# -followed by a list of tokens that are used for SMTP AUTH. -If the return value starts with anything else it is silently ignored. -Each token is a tagged string of the form: -"TDstring" -(including the quotes), where -.(b -.ta 9n -T Tag which describes the item -D Delimiter: ':' simple text follows - '=' string is base64 encoded -string Value of the item -.)b -Valid values for the tag are: -.(b -.ta 9n -U user (authorization) id -I authentication id -P password -R realm -M list of mechanisms delimited by spaces -.)b -If this ruleset is defined, the option -.b DefaultAuthInfo -is ignored (even if the ruleset does not return a ``useful'' result). -.sh 4 "queuegroup" -.pp -The -.i queuegroup -ruleset is used to map an address to a queue group name. -It should return -.b $# -followed by the name of a queue group. -If the return value starts with anything else it is silently ignored. -See the section about Queue Groups and Queue Directories -for further information. -.sh 3 "IPC mailers" -.pp -Some special processing occurs -if the ruleset zero resolves to an IPC mailer -(that is, a mailer that has -.q [IPC] -listed as the Path in the -.b M -configuration line. -The host name passed after -.q $@ -has MX expansion performed if not delivering via a named socket; -this looks the name up in DNS to find alternate delivery sites. -.pp -The host name can also be provided as a dotted quad -or an IPv6 address in square brackets; -for example: -.(b -[128.32.149.78] -.)b -or -.(b -[IPv6:2002:c0a8:51d2::23f4] -.)b -This causes direct conversion of the numeric value -to an IP host address. -.pp -The host name passed in after the -.q $@ -may also be a colon-separated list of hosts. -Each is separately MX expanded and the results are concatenated -to make (essentially) one long MX list. -The intent here is to create -.q fake -MX records that are not published in DNS -for private internal networks. -.pp -As a final special case, the host name can be passed in -as a text string -in square brackets: -.(b -[ucbvax.berkeley.edu] -.)b -This form avoids the MX mapping. -.b N.B.: -.i -This is intended only for situations where you have a network firewall -or other host that will do special processing for all your mail, -so that your MX record points to a gateway machine; -this machine could then do direct delivery to machines -within your local domain. -Use of this feature directly violates RFC 1123 section 5.3.5: -it should not be used lightly. -.r -.sh 2 "D \*- Define Macro" -.pp -Macros are named with a single character -or with a word in {braces}. -The names ``x'' and ``{x}'' denote the same macro -for every single character ``x''. -Single character names may be selected from the entire ASCII set, -but user-defined macros -should be selected from the set of upper case letters only. -Lower case letters -and special symbols -are used internally. -Long names beginning with a lower case letter or a punctuation character -are reserved for use by sendmail, -so user-defined long macro names should begin with an upper case letter. -.pp -The syntax for macro definitions is: -.(b F -.b D \c -.i x\|val -.)b -where -.i x -is the name of the macro -(which may be a single character -or a word in braces) -and -.i val -is the value it should have. -There should be no spaces given -that do not actually belong in the macro value. -.pp -Macros are interpolated -using the construct -.b $ \c -.i x , -where -.i x -is the name of the macro to be interpolated. -This interpolation is done when the configuration file is read, -except in -.b M -lines. -The special construct -.b $& \c -.i x -can be used in -.b R -lines to get deferred interpolation. -.pp -Conditionals can be specified using the syntax: -.(b -$?x text1 $| text2 $. -.)b -This interpolates -.i text1 -if the macro -.b $x -is set and non-null, -and -.i text2 -otherwise. -The -.q else -(\c -.b $| ) -clause may be omitted. -.pp -The following macros are defined and/or used internally by -.i sendmail -for interpolation into argv's for mailers -or for other contexts. -The ones marked \(dg are information passed into sendmail\**, -.(f -\**As of version 8.6, -all of these macros have reasonable defaults. -Previous versions required that they be defined. -.)f -the ones marked \(dd are information passed both in and out of sendmail, -and the unmarked macros are passed out of sendmail -but are not otherwise used internally. -These macros are: -.nr ii 5n -.ip $a -The origination date in RFC 822 format. -This is extracted from the Date: line. -.ip $b -The current date in RFC 822 format. -.ip $c -The hop count. -This is a count of the number of Received: lines -plus the value of the -.b \-h -command line flag. -.ip $d -The current date in UNIX (ctime) format. -.ip $e\(dg -(Obsolete; use SmtpGreetingMessage option instead.) -The SMTP entry message. -This is printed out when SMTP starts up. -The first word must be the -.b $j -macro as specified by RFC 821. -Defaults to -.q "$j Sendmail $v ready at $b" . -Commonly redefined to include the configuration version number, e.g., -.q "$j Sendmail $v/$Z ready at $b" -.ip $f -The envelope sender (from) address. -.ip $g -The sender address relative to the recipient. -For example, if -.b $f -is -.q foo , -.b $g -will be -.q host!foo , -.q foo@host.domain , -or whatever is appropriate for the receiving mailer. -.ip $h -The recipient host. -This is set in ruleset 0 from the $@ field of a parsed address. -.ip $i -The queue id, -e.g., -.q f344MXxp018717 . -.ip $j\(dd -The \*(lqofficial\*(rq domain name for this site. -This is fully qualified if the full qualification can be found. -It -.i must -be redefined to be the fully qualified domain name -if your system is not configured so that information can find -it automatically. -.ip $k -The UUCP node name (from the uname system call). -.ip $l\(dg -(Obsolete; use UnixFromLine option instead.) -The format of the UNIX from line. -Unless you have changed the UNIX mailbox format, -you should not change the default, -which is -.q "From $g $d" . -.ip $m -The domain part of the \fIgethostname\fP return value. -Under normal circumstances, -.b $j -is equivalent to -.b $w.$m . -.ip $n\(dg -The name of the daemon (for error messages). -Defaults to -.q MAILER-DAEMON . -.ip $o\(dg -(Obsolete: use OperatorChars option instead.) -The set of \*(lqoperators\*(rq in addresses. -A list of characters -which will be considered tokens -and which will separate tokens -when doing parsing. -For example, if -.q @ -were in the -.b $o -macro, then the input -.q a@b -would be scanned as three tokens: -.q a, -.q @, -and -.q b. -Defaults to -.q ".:@[]" , -which is the minimum set necessary to do RFC 822 parsing; -a richer set of operators is -.q ".:%@!/[]" , -which adds support for UUCP, the %-hack, and X.400 addresses. -.ip $p -Sendmail's process id. -.ip $q\(dg -Default format of sender address. -The -.b $q -macro specifies how an address should appear in a message -when it is defaulted. -Defaults to -.q "<$g>" . -It is commonly redefined to be -.q "$?x$x <$g>$|$g$." -or -.q "$g$?x ($x)$." , -corresponding to the following two formats: -.(b -Eric Allman <eric@CS.Berkeley.EDU> -eric@CS.Berkeley.EDU (Eric Allman) -.)b -.i Sendmail -properly quotes names that have special characters -if the first form is used. -.ip $r -Protocol used to receive the message. -Set from the -.b \-p -command line flag or by the SMTP server code. -.ip $s -Sender's host name. -Set from the -.b \-p -command line flag or by the SMTP server code. -.ip $t -A numeric representation of the current time. -.ip $u -The recipient user. -.ip $v -The version number of the -.i sendmail -binary. -.ip $w\(dd -The hostname of this site. -This is the root name of this host (but see below for caveats). -.ip $x -The full name of the sender. -.ip $z -The home directory of the recipient. -.ip $_ -The validated sender address. -See also -.b ${client_resolve} . -.ip ${addr_type} -The type of the address which is currently being rewritten. -This macro contains up to three characters, the first -is either `e' or `h' for envelope/header address, -the second is a space, -and the third is either `s' or `r' for sender/recipient address. -Notice: for header addresses no distinction is currently made -between sender and recipient addresses, i.e., the macro contains -only `h'. -.ip ${alg_bits} -The maximum keylength (in bits) of the symmetric encryption algorithm -used for a TLS connection. -This may be less than the effective keylength, -which is stored in -.b ${cipher_bits} , -for ``export controlled'' algorithms. -.ip ${auth_authen} -The client's authentication credentials as determined by authentication -(only set if successful). -The format depends on the mechanism used, it might be just `user', -or `user@realm', or something similar (SMTP AUTH only). -.ip ${auth_author} -The authorization identity, i.e. the AUTH= parameter of the -.sm "SMTP MAIL" -command if supplied. -.ip ${auth_type} -The mechanism used for SMTP authentication -(only set if successful). -.ip ${auth_ssf} -The keylength (in bits) of the symmetric encryption algorithm -used for the security layer of a SASL mechanism. -.ip ${bodytype} -The message body type -(7BIT or 8BITMIME), -as determined from the envelope. -.ip ${cert_issuer} -The DN (distinguished name) of the CA (certificate authority) -that signed the presented certificate (the cert issuer) -(STARTTLS only). -.ip ${cert_md5} -The MD5 hash of the presented certificate (STARTTLS only). -.ip ${cert_subject} -The DN of the presented certificate (called the cert subject) -(STARTTLS only). -.ip ${cipher} -The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA, -EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA -(STARTTLS only). -.ip ${cipher_bits} -The effective keylength (in bits) of the symmetric encryption algorithm -used for a TLS connection. -.ip ${client_addr} -The IP address of the SMTP client. -IPv6 addresses are tagged with "IPv6:" before the address. -Defined in the SMTP server only. -.ip ${client_name} -The host name of the SMTP client. -This may be the client's bracketed IP address -in the form [ nnn.nnn.nnn.nnn ] for IPv4 -and [ IPv6:nnnn:...:nnnn ] for IPv6 -if the client's -IP address is not resolvable, or if it is resolvable -but the IP address of the resolved hostname -doesn't match the original IP address. -Defined in the SMTP server only. -See also -.b ${client_resolve} . -.ip ${client_port} -The port number of the SMTP client. -Defined in the SMTP server only. -.ip ${client_resolve} -Holds the result of the resolve call for -.b ${client_name} . -Possible values are: -.(b -.ta 10n -OK resolved successfully -FAIL permanent lookup failure -FORGED forward lookup doesn't match reverse lookup -TEMP temporary lookup failure -.)b -Defined in the SMTP server only. -.i sendmail -performs a hostname lookup on the IP address of the connecting client. -Next the IP addresses of that hostname are looked up. -If the client IP address does not appear in that list, -then the hostname is maybe forged. -This is reflected as the value FORGED for -.b ${client_resolve} -and it also shows up in -.b $_ -as "(may be forged)". -.ip ${cn_issuer} -The CN (common name) of the CA that signed the presented certificate -(STARTTLS only). -.ip ${cn_subject} -The CN (common name) of the presented certificate -(STARTTLS only). -.ip ${currHeader} -Header value as quoted string -(possibly truncated to -.b MAXNAME ). -This macro is only available in header check rulesets. -.ip ${daemon_addr} -The IP address the daemon is listening on for connections. -.ip ${daemon_family} -The network family -if the daemon is accepting network connections. -Possible values include -.q inet , -.q inet6 , -.q iso , -.q ns , -.q x.25 -.ip ${daemon_flags} -The flags for the daemon as specified by the -Modifier= part of -.b DaemonPortOptions -whereby the flags are separated from each other by spaces, -and upper case flags are doubled. -That is, -Modifier=Ea -will be represented as -"EE a" in -.b ${daemon_flags} , -which is required for testing the flags in rulesets. -.ip ${daemon_info} -Some information about a daemon as a text string. -For example, -.q SMTP+queueing@00:30:00 . -.ip ${daemon_name} -The name of the daemon from -.b DaemonPortOptions -Name= suboption. -If this suboption is not set, -"Daemon#", -where # is the daemon number, -is used. -.ip ${daemon_port} -The port the daemon is accepting connection on. -Unless -.b DaemonPortOptions -is set, this will most likely be -.q 25 . -.ip ${deliveryMode} -The current delivery mode sendmail is using. -It is initially set to the value of the -.b DeliveryMode -option. -.ip ${envid} -The envelope id parameter (ENVID=) passed to sendmail as part of the envelope. -.ip ${hdrlen} -The length of the header value which is stored in -${currHeader} (before possible truncation). -If this value is greater than or equal to -.b MAXNAME -the header has been truncated. -.ip ${hdr_name} -The name of the header field for which the current header -check ruleset has been called. -This is useful for a default header check ruleset to get -the name of the header; -the macro is only available in header check rulesets. -.ip ${if_addr} -The IP address of the interface of an incoming connection -unless it is in the loopback net. -IPv6 addresses are tagged with "IPv6:" before the address. -.ip ${if_addr_out} -The IP address of the interface of an outgoing connection -unless it is in the loopback net. -IPv6 addresses are tagged with "IPv6:" before the address. -.ip ${if_family} -The IP family of the interface of an incoming connection -unless it is in the loopback net. -.ip ${if_family_out} -The IP family of the interface of an outgoing connection -unless it is in the loopback net. -.ip ${if_name} -The hostname associated with the interface of an incoming connection. -This macro can be used for -SmtpGreetingMessage and HReceived for virtual hosting. -For example: -.(b -O SmtpGreetingMessage=$?{if_name}${if_name}$|$j$. MTA -.)b -.ip ${if_name_out} -The name of the interface of an outgoing connection. -.ip ${load_avg} -The current load average. -.ip ${mail_addr} -The address part of the resolved triple of the address given for the -.sm "SMTP MAIL" -command. -Defined in the SMTP server only. -.ip ${mail_host} -The host from the resolved triple of the address given for the -.sm "SMTP MAIL" -command. -Defined in the SMTP server only. -.ip ${mail_mailer} -The mailer from the resolved triple of the address given for the -.sm "SMTP MAIL" -command. -Defined in the SMTP server only. -.ip ${msg_size} -The value of the SIZE= parameter, -i.e., usually the size of the message (in an ESMTP dialogue), -before the message has been collected, thereafter -the message size as computed by -.i sendmail -(and can be used in check_compat). -.ip ${nrcpts} -The number of validated recipients for a single message. -Note: since recipient validation happens after -.i check_rcpt -has been called, the value in this ruleset -is one less than what might be expected. -.ip ${ntries} -The number of delivery attempts. -.ip ${opMode} -The current operation mode (from the -.b \-b -flag). -.ip ${queue_interval} -The queue run interval given by the -.b \-q -flag. -For example, -.b \-q30m -would set -.b ${queue_interval} -to -.q 00:30:00 . -.ip ${rcpt_addr} -The address part of the resolved triple of the address given for the -.sm "SMTP RCPT" -command. -Defined in the SMTP server only after a RCPT command. -.ip ${rcpt_host} -The host from the resolved triple of the address given for the -.sm "SMTP RCPT" -command. -Defined in the SMTP server only after a RCPT command. -.ip ${rcpt_mailer} -The mailer from the resolved triple of the address given for the -.sm "SMTP RCPT" -command. -Defined in the SMTP server only after a RCPT command. -.ip ${server_addr} -The address of the server of the current outgoing SMTP connection. -For LMTP delivery the macro is set to the name of the mailer. -.ip ${server_name} -The name of the server of the current outgoing SMTP or LMTP connection. -.ip ${tls_version} -The TLS/SSL version used for the connection, e.g., TLSv1, SSLv3, SSLv2; -defined after STARTTLS has been used. -.ip ${verify} -The result of the verification of the presented cert; -only defined after STARTTLS has been used. -Possible values are: -.(b -.ta 13n -OK verification succeeded. -NO no cert presented. -NOT no cert requested. -FAIL cert presented but could not be verified, - e.g., the signing CA is missing. -NONE STARTTLS has not been performed. -TEMP temporary error occurred. -PROTOCOL some protocol error occurred. -SOFTWARE STARTTLS handshake failed, - which is a fatal error for this session, - the e-mail will be queued. -.)b -.pp -There are three types of dates that can be used. -The -.b $a -and -.b $b -macros are in RFC 822 format; -.b $a -is the time as extracted from the -.q Date: -line of the message -(if there was one), -and -.b $b -is the current date and time -(used for postmarks). -If no -.q Date: -line is found in the incoming message, -.b $a -is set to the current time also. -The -.b $d -macro is equivalent to the -.b $b -macro in UNIX -(ctime) -format. -.pp -The macros -.b $w , -.b $j , -and -.b $m -are set to the identity of this host. -.i Sendmail -tries to find the fully qualified name of the host -if at all possible; -it does this by calling -.i gethostname (2) -to get the current hostname -and then passing that to -.i gethostbyname (3) -which is supposed to return the canonical version of that host name.\** -.(f -\**For example, on some systems -.i gethostname -might return -.q foo -which would be mapped to -.q foo.bar.com -by -.i gethostbyname . -.)f -Assuming this is successful, -.b $j -is set to the fully qualified name -and -.b $m -is set to the domain part of the name -(everything after the first dot). -The -.b $w -macro is set to the first word -(everything before the first dot) -if you have a level 5 or higher configuration file; -otherwise, it is set to the same value as -.b $j . -If the canonification is not successful, -it is imperative that the config file set -.b $j -to the fully qualified domain name\**. -.(f -\**Older versions of sendmail didn't pre-define -.b $j -at all, so up until 8.6, -config files -.i always -had to define -.b $j . -.)f -.pp -The -.b $f -macro is the id of the sender -as originally determined; -when mailing to a specific host -the -.b $g -macro is set to the address of the sender -.ul -relative to the recipient. -For example, -if I send to -.q bollard@matisse.CS.Berkeley.EDU -from the machine -.q vangogh.CS.Berkeley.EDU -the -.b $f -macro will be -.q eric -and the -.b $g -macro will be -.q eric@vangogh.CS.Berkeley.EDU. -.pp -The -.b $x -macro is set to the full name of the sender. -This can be determined in several ways. -It can be passed as flag to -.i sendmail . -It can be defined in the -.sm NAME -environment variable. -The third choice is the value of the -.q Full-Name: -line in the header if it exists, -and the fourth choice is the comment field -of a -.q From: -line. -If all of these fail, -and if the message is being originated locally, -the full name is looked up in the -.i /etc/passwd -file. -.pp -When sending, -the -.b $h , -.b $u , -and -.b $z -macros get set to the host, user, and home directory -(if local) -of the recipient. -The first two are set from the -.b $@ -and -.b $: -part of the rewriting rules, respectively. -.pp -The -.b $p -and -.b $t -macros are used to create unique strings -(e.g., for the -.q Message-Id: -field). -The -.b $i -macro is set to the queue id on this host; -if put into the timestamp line -it can be extremely useful for tracking messages. -The -.b $v -macro is set to be the version number of -.i sendmail ; -this is normally put in timestamps -and has been proven extremely useful for debugging. -.pp -The -.b $c -field is set to the -.q "hop count," -i.e., the number of times this message has been processed. -This can be determined -by the -.b \-h -flag on the command line -or by counting the timestamps in the message. -.pp -The -.b $r -and -.b $s -fields are set to the protocol used to communicate with -.i sendmail -and the sending hostname. -They can be set together using the -.b \-p -command line flag or separately using the -.b \-M -or -.b \-oM -flags. -.pp -The -.b $_ -is set to a validated sender host name. -If the sender is running an RFC 1413 compliant IDENT server -and the receiver has the IDENT protocol turned on, -it will include the user name on that host. -.pp -The -.b ${client_name} , -.b ${client_addr} , -and -.b ${client_port} -macros -are set to the name, address, and port number of the SMTP client -who is invoking -.i sendmail -as a server. -These can be used in the -.i check_* -rulesets (using the -.b $& -deferred evaluation form, of course!). -.sh 2 "C and F \*- Define Classes" -.pp -Classes of phrases may be defined -to match on the left hand side of rewriting rules, -where a -.q phrase -is a sequence of characters that does not contain space characters. -For example -a class of all local names for this site -might be created -so that attempts to send to oneself -can be eliminated. -These can either be defined directly in the configuration file -or read in from another file. -Classes are named as a single letter or a word in {braces}. -Class names beginning with lower case letters -and special characters are reserved for system use. -Classes defined in config files may be given names -from the set of upper case letters for short names -or beginning with an upper case letter for long names. -.pp -The syntax is: -.(b F -.b C \c -.i c\|phrase1 -.i phrase2... -.br -.b F \c -.i c\|file -.br -.b F \c -.i c\||program -.br -.b F \c -.i c\|[mapkey]@mapclass:mapspec -.)b -The first form defines the class -.i c -to match any of the named words. -If -.i phrase1 -or -.i phrase2 -is another class, -e.g., -.i $=S , -the contents of class -.i S -are added to class -.i c . -It is permissible to split them among multiple lines; -for example, the two forms: -.(b -CHmonet ucbmonet -.)b -and -.(b -CHmonet -CHucbmonet -.)b -are equivalent. -The ``F'' forms -read the elements of the class -.i c -from the named -.i file , -.i program , -or -.i "map specification" . -Each element should be listed on a separate line. -To specify an optional file, use ``\-o'' between the class -name and the file name, e.g., -.(b -Fc \-o /path/to/file -.)b -If the file can't be used, -.i sendmail -will not complain but silently ignore it. -The map form should be an optional map key, an at sign, -and a map class followed by the specification for that map. -Examples include: -.(b -F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host -F{MyClass}foo@hash:/etc/mail/classes -.)b -will fill the class -.b $={VirtHosts} -from an LDAP map lookup and -.b $={MyClass} -from a hash database map lookup of the -.b foo . -There is also a built-in schema that can be accessed by only specifying: -.(b -F{\c -.i ClassName }@LDAP -.)b -This will tell sendmail to use the default schema: -.(b -\-k (&(objectClass=sendmailMTAClass) - (sendmailMTAClassName=\c -.i ClassName ) - (|(sendmailMTACluster=${sendmailMTACluster}) - (sendmailMTAHost=$j))) -\-v sendmailMTAClassValue -.)b -Note that the lookup is only done when sendmail is initially started. -.pp -Elements of classes can be accessed in rules using -.b $= -or -.b $~ . -The -.b $~ -(match entries not in class) -only matches a single word; -multi-word entries in the class are ignored in this context. -.pp -Some classes have internal meaning to -.i sendmail : -.nr ii 0.5i -.\".ip $=b -.\"A set of Content-Types that will not have the newline character -.\"translated to CR-LF before encoding into base64 MIME. -.\"The class can have major times -.\"(e.g., -.\".q image ) -.\"or full types -.\"(such as -.\".q application/octet-stream ). -.\"The class is initialized with -.\".q application/octet-stream , -.\".q image , -.\".q audio , -.\"and -.\".q video . -.ip $=e -contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded. -It is predefined to contain -.q 7bit , -.q 8bit , -and -.q binary . -.ip $=k -set to be the same as -.b $k , -that is, the UUCP node name. -.ip $=m -set to the set of domains by which this host is known, -initially just -.b $m . -.ip $=n -can be set to the set of MIME body types -that can never be eight to seven bit encoded. -It defaults to -.q multipart/signed . -Message types -.q message/* -and -.q multipart/* -are never encoded directly. -Multipart messages are always handled recursively. -The handling of message/* messages -are controlled by class -.b $=s . -.ip $=q -A set of Content-Types that will never be encoded as base64 -(if they have to be encoded, they will be encoded as quoted-printable). -It can have primary types -(e.g., -.q text ) -or full types -(such as -.q text/plain ). -The class is initialized to have -.q text/plain -only. -.ip $=s -contains the set of subtypes of message that can be treated recursively. -By default it contains only -.q rfc822 . -Other -.q message/* -types cannot be 8\(->7 bit encoded. -If a message containing eight bit data is sent to a seven bit host, -and that message cannot be encoded into seven bits, -it will be stripped to 7 bits. -.ip $=t -set to the set of trusted users by the -.b T -configuration line. -If you want to read trusted users from a file, use -.b Ft \c -.i /file/name . -.ip $=w -set to be the set of all names -this host is known by. -This can be used to match local hostnames. -.ip $={persistentMacros} -set to the macros would should be saved across queue runs. -Care should be taken when adding macro names to this class. -.pp -.i Sendmail -can be compiled to allow a -.i scanf (3) -string on the -.b F -line. -This lets you do simplistic parsing of text files. -For example, to read all the user names in your system -.i /etc/passwd -file into a class, use -.(b -FL/etc/passwd %[^:] -.)b -which reads every line up to the first colon. -.sh 2 "M \*- Define Mailer" -.pp -Programs and interfaces to mailers -are defined in this line. -The format is: -.(b F -.b M \c -.i name , -{\c -.i field =\c -.i value \|}* -.)b -where -.i name -is the name of the mailer -(used internally only) -and the -.q field=name -pairs define attributes of the mailer. -Fields are: -.(b -.ta 1i -Path The pathname of the mailer -Flags Special flags for this mailer -Sender Rewriting set(s) for sender addresses -Recipient Rewriting set(s) for recipient addresses -recipients Maximum number of recipients per connection -Argv An argument vector to pass to this mailer -Eol The end-of-line string for this mailer -Maxsize The maximum message length to this mailer -maxmessages The maximum message deliveries per connection -Linelimit The maximum line length in the message body -Directory The working directory for the mailer -Userid The default user and group id to run as -Nice The nice(2) increment for the mailer -Charset The default character set for 8-bit characters -Type Type information for DSN diagnostics -Wait The maximum time to wait for the mailer -Queuegroup The default queue group for the mailer -/ The root directory for the mailer -.)b -Only the first character of the field name is checked -(it's case-sensitive). -.pp -The following flags may be set in the mailer description. -Any other flags may be used freely -to conditionally assign headers to messages -destined for particular mailers. -Flags marked with \(dg -are not interpreted by the -.i sendmail -binary; -these are the conventionally used to correlate to the flags portion -of the -.b H -line. -Flags marked with \(dd -apply to the mailers for the sender address -rather than the usual recipient mailers. -.nr ii 4n -.ip a -Run Extended SMTP (ESMTP) protocol (defined in RFCs 1869, 1652, and 1870). -This flag defaults on if the SMTP greeting message includes the word -.q ESMTP . -.ip A -Look up the user part of the address in the alias database. -Normally this is only set for local mailers. -.ip b -Force a blank line on the end of a message. -This is intended to work around some stupid versions of -/bin/mail -that require a blank line, but do not provide it themselves. -It would not normally be used on network mail. -.ip c -Do not include comments in addresses. -This should only be used if you have to work around -a remote mailer that gets confused by comments. -This strips addresses of the form -.q "Phrase <address>" -or -.q "address (Comment)" -down to just -.q address . -.ip C\(dd -If mail is -.i received -from a mailer with this flag set, -any addresses in the header that do not have an at sign -(\c -.q @ ) -after being rewritten by ruleset three -will have the -.q @domain -clause from the sender envelope address -tacked on. -This allows mail with headers of the form: -.(b -From: usera@hosta -To: userb@hostb, userc -.)b -to be rewritten as: -.(b -From: usera@hosta -To: userb@hostb, userc@hosta -.)b -automatically. -However, it doesn't really work reliably. -.ip d -Do not include angle brackets around route-address syntax addresses. -This is useful on mailers that are going to pass addresses to a shell -that might interpret angle brackets as I/O redirection. -However, it does not protect against other shell metacharacters. -Therefore, passing addresses to a shell should not be considered secure. -.ip D\(dg -This mailer wants a -.q Date: -header line. -.ip e -This mailer is expensive to connect to, -so try to avoid connecting normally; -any necessary connection will occur during a queue run. -See also option -.b HoldExpensive . -.ip E -Escape lines beginning with -.q From\0 -in the message with a `>' sign. -.ip f -The mailer wants a -.b \-f -.i from -flag, -but only if this is a network forward operation -(i.e., -the mailer will give an error -if the executing user -does not have special permissions). -.ip F\(dg -This mailer wants a -.q From: -header line. -.ip g -Normally, -.i sendmail -sends internally generated email (e.g., error messages) -using the null return address -as required by RFC 1123. -However, some mailers don't accept a null return address. -If necessary, -you can set the -.b g -flag to prevent -.i sendmail -from obeying the standards; -error messages will be sent as from the MAILER-DAEMON -(actually, the value of the -.b $n -macro). -.ip h -Upper case should be preserved in host names -(the $@ portion of the mailer triplet resolved from ruleset 0) -for this mailer. -.ip i -Do User Database rewriting on envelope sender address. -.ip I -This mailer will be speaking SMTP -to another -.i sendmail -\*- -as such it can use special protocol features. -This flag should not be used except for debugging purposes -because it uses -.b VERB -as SMTP command. -.ip j -Do User Database rewriting on recipients as well as senders. -.ip k -Normally when -.i sendmail -connects to a host via SMTP, -it checks to make sure that this isn't accidently the same host name -as might happen if -.i sendmail -is misconfigured or if a long-haul network interface is set in loopback mode. -This flag disables the loopback check. -It should only be used under very unusual circumstances. -.ip K -Currently unimplemented. -Reserved for chunking. -.ip l -This mailer is local -(i.e., -final delivery will be performed). -.ip L -Limit the line lengths as specified in RFC 821. -This deprecated option should be replaced by the -.b L= -mail declaration. -For historic reasons, the -.b L -flag also sets the -.b 7 -flag. -.ip m -This mailer can send to multiple users -on the same host -in one transaction. -When a -.b $u -macro occurs in the -.i argv -part of the mailer definition, -that field will be repeated as necessary -for all qualifying users. -Removing this flag can defeat duplicate supression on a remote site -as each recipient is sent in a separate transaction. -.ip M\(dg -This mailer wants a -.q Message-Id: -header line. -.ip n -Do not insert a UNIX-style -.q From -line on the front of the message. -.ip o -Always run as the owner of the recipient mailbox. -Normally -.i sendmail -runs as the sender for locally generated mail -or as -.q daemon -(actually, the user specified in the -.b u -option) -when delivering network mail. -The normal behavior is required by most local mailers, -which will not allow the envelope sender address -to be set unless the mailer is running as daemon. -This flag is ignored if the -.b S -flag is set. -.ip p -Use the route-addr style reverse-path in the SMTP -.q "MAIL FROM:" -command -rather than just the return address; -although this is required in RFC 821 section 3.1, -many hosts do not process reverse-paths properly. -Reverse-paths are officially discouraged by RFC 1123. -.ip P\(dg -This mailer wants a -.q Return-Path: -line. -.ip q -When an address that resolves to this mailer is verified -(SMTP VRFY command), -generate 250 responses instead of 252 responses. -This will imply that the address is local. -.ip r -Same as -.b f , -but sends a -.b \-r -flag. -.ip R -Open SMTP connections from a -.q secure -port. -Secure ports aren't -(secure, that is) -except on UNIX machines, -so it is unclear that this adds anything. -.i sendmail -must be running as root to be able to use this flag. -.ip s -Strip quote characters (" and \e) off of the address -before calling the mailer. -.ip S -Don't reset the userid -before calling the mailer. -This would be used in a secure environment -where -.i sendmail -ran as root. -This could be used to avoid forged addresses. -If the -.b U= -field is also specified, -this flag causes the effective user id to be set to that user. -.ip u -Upper case should be preserved in user names for this mailer. Standards -require preservation of case in the local part of addresses, except for -those address for which your system accepts responsibility. -RFC 2142 provides a long list of addresses which should be case -insensitive. -If you use this flag, you may be violating RFC 2142. -Note that postmaster is always treated as a case insensitive address -regardless of this flag. -.ip U -This mailer wants UUCP-style -.q From -lines with the ugly -.q "remote from <host>" -on the end. -.ip w -The user must have a valid account on this machine, -i.e., -.i getpwnam -must succeed. -If not, the mail is bounced. -See also the -.b MailBoxDatabase -option. -This is required to get -.q \&.forward -capability. -.ip x\(dg -This mailer wants a -.q Full-Name: -header line. -.ip X -This mailer wants to use the hidden dot algorithm as specified in RFC 821; -basically, any line beginning with a dot will have an extra dot prepended -(to be stripped at the other end). -This insures that lines in the message containing a dot -will not terminate the message prematurely. -.ip z -Run Local Mail Transfer Protocol (LMTP) -between -.i sendmail -and the local mailer. -This is a variant on SMTP -defined in RFC 2033 -that is specifically designed for delivery to a local mailbox. -.ip Z -Apply DialDelay (if set) to this mailer. -.ip 0 -Don't look up MX records for hosts sent via SMTP/LMTP. -Do not apply -.b FallbackMXhost -either. -.ip 1 -Don't send null characters ('\\0') to this mailer. -.ip 2 -Don't use ESMTP even if offered; this is useful for broken -systems that offer ESMTP but fail on EHLO (without recovering -when HELO is tried next). -.ip 3 -Extend the list of characters converted to =XX notation -when converting to Quoted-Printable -to include those that don't map cleanly between ASCII and EBCDIC. -Useful if you have IBM mainframes on site. -.ip 5 -If no aliases are found for this address, -pass the address through ruleset 5 for possible alternate resolution. -This is intended to forward the mail to an alternate delivery spot. -.ip 6 -Strip headers to seven bits. -.ip 7 -Strip all output to seven bits. -This is the default if the -.b L -flag is set. -Note that clearing this option is not -sufficient to get full eight bit data passed through -.i sendmail . -If the -.b 7 -option is set, this is essentially always set, -since the eighth bit was stripped on input. -Note that this option will only impact messages -that didn't have 8\(->7 bit MIME conversions performed. -.ip 8 -If set, -it is acceptable to send eight bit data to this mailer; -the usual attempt to do 8\(->7 bit MIME conversions will be bypassed. -.ip 9 -If set, -do -.i limited -7\(->8 bit MIME conversions. -These conversions are limited to text/plain data. -.ip : -Check addresses to see if they begin -.q :include: ; -if they do, convert them to the -.q *include* -mailer. -.ip | -Check addresses to see if they begin with a `|'; -if they do, convert them to the -.q prog -mailer. -.ip / -Check addresses to see if they begin with a `/'; -if they do, convert them to the -.q *file* -mailer. -.ip @ -Look up addresses in the user database. -.ip % -Do not attempt delivery on initial recipient of a message -or on queue runs -unless the queued message is selected -using one of the -qI/-qR/-qS queue run modifiers -or an ETRN request. -.pp -Configuration files prior to level 6 -assume the `A', `w', `5', `:', `|', `/', and `@' options -on the mailer named -.q local . -.pp -The mailer with the special name -.q error -can be used to generate a user error. -The (optional) host field is an exit status to be returned, -and the user field is a message to be printed. -The exit status may be numeric or one of the values -USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG -to return the corresponding EX_ exit code, -or an enhanced error code as described in RFC 1893, -.ul -Enhanced Mail System Status Codes. -For example, the entry: -.(b -$#error $@ NOHOST $: Host unknown in this domain -.)b -on the RHS of a rule -will cause the specified error to be generated -and the -.q "Host unknown" -exit status to be returned -if the LHS matches. -This mailer is only functional in rulesets 0, 5, -or one of the check_* rulesets. -.pp -The mailer with the special name -.q discard -causes any mail sent to it to be discarded -but otherwise treated as though it were successfully delivered. -This mailer cannot be used in ruleset 0, -only in the various address checking rulesets. -.pp -The mailer named -.q local -.i must -be defined in every configuration file. -This is used to deliver local mail, -and is treated specially in several ways. -Additionally, three other mailers named -.q prog , -.q *file* , -and -.q *include* -may be defined to tune the delivery of messages to programs, -files, -and :include: lists respectively. -They default to: -.(b -Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u -M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u -M*include*, P=/dev/null, F=su, A=INCLUDE $u -.)b -.pp -Builtin pathnames are [FILE] and [IPC], the former is used for -delivery to files, the latter for delivery via interprocess communication. -For mailers that use [IPC] as pathname the argument vector (A=) -must start with TCP or FILE for delivery via a TCP or a Unix domain socket. -If TCP is used, the second argument must be the name of the host -to contact. -Optionally a third argument can be used to specify a port, -the default is smtp (port 25). -If FILE is used, the second argument must be the name of -the Unix domain socket. -.pp -If the argument vector does not contain $u then -.i sendmail -will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer. -.pp -If no Eol field is defined, then the default is "\\r\\n" for -SMTP mailers and "\\n" of others. -.pp -The Sender and Recipient rewriting sets -may either be a simple ruleset id -or may be two ids separated by a slash; -if so, the first rewriting set is applied to envelope -addresses -and the second is applied to headers. -Setting any value to zero disables corresponding mailer-specific rewriting. -.pp -The Directory -is actually a colon-separated path of directories to try. -For example, the definition -.q D=$z:/ -first tries to execute in the recipient's home directory; -if that is not available, -it tries to execute in the root of the filesystem. -This is intended to be used only on the -.q prog -mailer, -since some shells (such as -.i csh ) -refuse to execute if they cannot read the current directory. -Since the queue directory is not normally readable by unprivileged users -.i csh -scripts as recipients can fail. -.pp -The Userid -specifies the default user and group id to run as, -overriding the -.b DefaultUser -option (q.v.). -If the -.b S -mailer flag is also specified, -this user and group will be set as the -effective uid and gid for the process. -This may be given as -.i user:group -to set both the user and group id; -either may be an integer or a symbolic name to be looked up -in the -.i passwd -and -.i group -files respectively. -If only a symbolic user name is specified, -the group id in the -.i passwd -file for that user is used as the group id. -.pp -The Charset field -is used when converting a message to MIME; -this is the character set used in the -Content-Type: header. -If this is not set, the -.b DefaultCharset -option is used, -and if that is not set, the value -.q unknown-8bit -is used. -.b WARNING: -this field applies to the sender's mailer, -not the recipient's mailer. -For example, if the envelope sender address -lists an address on the local network -and the recipient is on an external network, -the character set will be set from the Charset= field -for the local network mailer, -not that of the external network mailer. -.pp -The Type= field -sets the type information -used in MIME error messages -as defined by -RFC 1894. -It is actually three values separated by slashes: -the MTA-type (that is, the description of how hosts are named), -the address type (the description of e-mail addresses), -and the diagnostic type (the description of error diagnostic codes). -Each of these must be a registered value -or begin with -.q X\- . -The default is -.q dns/rfc822/smtp . -.pp -The m= field specifies the maximum number of messages -to attempt to deliver on a single SMTP or LMTP connection. -The default is infinite. -.pp -The r= field specifies the maximum number of recipients -to attempt to deliver in a single envelope. -It defaults to 100. -.pp -The /= field specifies a new root directory for the mailer. The path is -macro expanded and then passed to the -.q chroot -system call. The root directory is changed before the Directory field is -consulted or the uid is changed. -.pp -The Wait= field specifies the maximum time to wait for the -mailer to return after sending all data to it. -This applies to mailers that have been forked by -.i sendmail . -.pp -The Queuegroup= field specifies the default queue group in which -received mail should be queued. -This can be overridden by other means as explained in section -``Queue Groups and Queue Directories''. -.sh 2 "H \*- Define Header" -.pp -The format of the header lines that -.i sendmail -inserts into the message -are defined by the -.b H -line. -The syntax of this line is one of the following: -.(b F -.b H \c -.i hname \c -.b : -.i htemplate -.)b -.(b F -.b H [\c -.b ? \c -.i mflags \c -.b ? \c -.b ]\c -.i hname \c -.b : -.i htemplate -.)b -.(b F -.b H [\c -.b ?$ \c -.i {macro} \c -.b ? \c -.b ]\c -.i hname \c -.b : -.i htemplate -.)b -Continuation lines in this spec -are reflected directly into the outgoing message. -The -.i htemplate -is macro-expanded before insertion into the message. -If the -.i mflags -(surrounded by question marks) -are specified, -at least one of the specified flags -must be stated in the mailer definition -for this header to be automatically output. -If a -.i ${macro} -(surrounded by question marks) -is specified, -the header will be automatically output -if the macro is set. -The macro may be set using any of the normal methods, -including using the -.b macro -storage map in a ruleset. -If one of these headers is in the input -it is reflected to the output -regardless of these flags or macros. -Notice: -If a -.i ${macro} -is used to set a header, then it is useful to add that macro to class -.i $={persistentMacros} -which consists of the macros that should be saved across queue runs. -.pp -Some headers have special semantics -that will be described later. -.pp -A secondary syntax allows validation of headers as they are being read. -To enable validation, use: -.(b -.b H \c -.i Header \c -.b ": $>" \c -.i Ruleset -.b H \c -.i Header \c -.b ": $>+" \c -.i Ruleset -.)b -The indicated -.i Ruleset -is called for the specified -.i Header , -and can return -.b $#error -to reject the message or -.b $#discard -to discard the message -(as with the other -.b check_ * -rulesets). -The ruleset receives the header field-body as argument, -i.e., not the header field-name; see also -${hdr_name} and ${currHeader}. -The header is treated as a structured field, -that is, -text in parentheses is deleted before processing, -unless the second form -.b $>+ -is used. -Note: only one ruleset can be associated with a header; -.i sendmail -will silently ignore multiple entries. -.pp -For example, the configuration lines: -.(b -HMessage-Id: $>CheckMessageId - -SCheckMessageId -R< $+ @ $+ > $@ OK -R$* $#error $: Illegal Message-Id header -.)b -would refuse any message that had a Message-Id: header of any of the -following forms: -.(b -Message-Id: <> -Message-Id: some text -Message-Id: <legal text@domain> extra crud -.)b -A default ruleset that is called for headers which don't have a -specific ruleset defined for them can be specified by: -.(b -.b H \c -.i * \c -.b ": $>" \c -.i Ruleset -.)b -or -.(b -.b H \c -.i * \c -.b ": $>+" \c -.i Ruleset -.)b -.sh 2 "O \*- Set Option" -.pp -There are a number of global options that -can be set from a configuration file. -Options are represented by full words; -some are also representable as single characters for back compatibility. -The syntax of this line is: -.(b F -.b O \0 -.i option \c -.b = \c -.i value -.)b -This sets option -.i option -to be -.i value . -Note that there -.i must -be a space between the letter `O' and the name of the option. -An older version is: -.(b F -.b O \c -.i o\|value -.)b -where the option -.i o -is a single character. -Depending on the option, -.i value -may be a string, an integer, -a boolean -(with legal values -.q t , -.q T , -.q f , -or -.q F ; -the default is TRUE), -or -a time interval. -.pp -All filenames used in options should be absolute paths, -i.e., starting with '/'. -Relative filenames most likely cause surprises during operation -(unless otherwise noted). -.pp -The options supported (with the old, one character names in brackets) are: -.nr ii 1i -.ip "AliasFile=\fIspec, spec, ...\fP" -[A] -Specify possible alias file(s). -Each -.i spec -should be in the format -``\c -.i class \c -.b : -.i info '' -where -.i class \c -.b : -is optional and defaults to ``implicit''. -Note that -.i info -is required for all -.i class es -except -.q ldap . -For the -.q ldap -class, -if -.i info -is not specified, -a default -.i info -value is used as follows: -.(b -\-k (&(objectClass=sendmailMTAAliasObject) - (sendmailMTAAliasName=aliases) - (|(sendmailMTACluster=${sendmailMTACluster}) - (sendmailMTAHost=$j)) - (sendmailMTAKey=%0)) -\-v sendmailMTAAliasValue -.)b -Depending on how -.i sendmail -is compiled, valid classes are -.q implicit -(search through a compiled-in list of alias file types, -for back compatibility), -.q hash -(if -.sm NEWDB -is specified), -.q btree -(if -.sm NEWDB -is specified), -.q dbm -(if -.sm NDBM -is specified), -.q stab -(internal symbol table \*- not normally used -unless you have no other database lookup), -.q sequence -(use a sequence of maps -previously declared), -.q ldap -(if -.sm LDAPMAP -is specified), -or -.q nis -(if -.sm NIS -is specified). -If a list of -.i spec s -are provided, -.i sendmail -searches them in order. -.ip AliasWait=\fItimeout\fP -[a] -If set, -wait up to -.i timeout -(units default to minutes) -for an -.q @:@ -entry to exist in the alias database -before starting up. -If it does not appear in the -.i timeout -interval issue a warning. -.ip AllowBogusHELO -[no short name] -If set, allow HELO SMTP commands that don't include a host name. -Setting this violates RFC 1123 section 5.2.5, -but is necessary to interoperate with several SMTP clients. -If there is a value, it is still checked for legitimacy. -.ip AuthMaxBits=\fIN\fP -[no short name] -Limit the maximum encryption strength for the security layer in -SMTP AUTH (SASL). Default is essentially unlimited. -This allows to turn off additional encryption in SASL if -STARTTLS is already encrypting the communication, because the -existing encryption strength is taken into account when choosing -an algorithm for the security layer. -For example, if STARTTLS is used and the symmetric cipher is 3DES, -then the the keylength (in bits) is 168. -Hence setting -.b AuthMaxBits -to 168 will disable any encryption in SASL. -.ip AuthMechanisms -[no short name] -List of authentication mechanisms for AUTH (separated by spaces). -The advertised list of authentication mechanisms will be the -intersection of this list and the list of available mechanisms as -determined by the Cyrus SASL library. -If STARTTLS is active, EXTERNAL will be added to this list. -In that case, the value of {cert_subject} is used as authentication id. -.ip AuthOptions -[no short name] -List of options for SMTP AUTH consisting of single characters -with intervening white space or commas. -.(b -.ta 4n -A Use the AUTH= parameter for the MAIL FROM - command only when authentication succeeded. - This can be used as a workaround for broken - MTAs that do not implement RFC 2554 correctly. -a protection from active (non-dictionary) attacks - during authentication exchange. -c require mechanisms which pass client credentials, - and allow mechanisms which can pass credentials - to do so. -d don't permit mechanisms susceptible to passive - dictionary attack. -f require forward secrecy between sessions - (breaking one won't help break next). -p don't permit mechanisms susceptible to simple - passive attack (e.g., PLAIN, LOGIN), unless a - security layer is active. -y don't permit mechanisms that allow anonymous login. -.)b -The first option applies to sendmail as a client, the others to a server. -Example: -.(b -O AuthOptions=p,y -.)b -would disallow ANONYMOUS as AUTH mechanism and would -allow PLAIN and LOGIN only if a security layer (e.g., -provided by STARTTLS) is already active. -The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the -selected SASL mechanisms. -Explanations of these properties can be found in the Cyrus SASL documentation. -.ip BadRcptThrottle=\fIN\fP -[no short name] -If set and more than the specified number of recipients in a single SMTP -envelope are rejected, sleep for one second after each rejected RCPT command. -.ip BlankSub=\fIc\fP -[B] -Set the blank substitution character to -.i c . -Unquoted spaces in addresses are replaced by this character. -Defaults to space (i.e., no change is made). -.ip CACertPath -[no short name] -Path to directory with certificates of CAs. -This directory directory must contain the hashes of each CA certificate -as filenames (or as links to them). -.ip CACertFile -[no short name] -File containing one or more CA certificates; -see section about STARTTLS for more information. -.ip CheckAliases -[n] -Validate the RHS of aliases when rebuilding the alias database. -.ip CheckpointInterval=\fIN\fP -[C] -Checkpoints the queue every -.i N -(default 10) -addresses sent. -If your system crashes during delivery to a large list, -this prevents retransmission to any but the last -.i N -recipients. -.ip ClassFactor=\fIfact\fP -[z] -The indicated -.i fact or -is multiplied by the message class -(determined by the Precedence: field in the user header -and the -.b P -lines in the configuration file) -and subtracted from the priority. -Thus, messages with a higher Priority: will be favored. -Defaults to 1800. -.ip ClientCertFile -[no short name] -File containing the certificate of the client, i.e., this certificate -is used when -.i sendmail -acts as client (for STARTTLS). -.ip ClientKeyFile -[no short name] -File containing the private key belonging to the client certificate -(for STARTTLS if -.i sendmail -runs as client). -.ip ClientPortOptions=\fIoptions\fP -[O] -Set client SMTP options. -The options are -.i key=value -pairs separated by commas. -Known keys are: -.(b -.ta 1i -Port Name/number of source port for connection (defaults to any free port) -Addr Address mask (defaults INADDR_ANY) -Family Address family (defaults to INET) -SndBufSize Size of TCP send buffer -RcvBufSize Size of TCP receive buffer -Modifier Options (flags) for the daemon -.)b -The -.i Addr ess -mask may be a numeric address in dot notation -or a network name. -.i Modifier -can be the following character: -.(b -.ta 1i -h use name of interface for HELO command -A don't use AUTH when sending e-mail -S don't use STARTTLS when sending e-mail -.)b -If ``h'' is set, the name corresponding to the outgoing interface -address (whether chosen via the Connection parameter or -the default) is used for the HELO/EHLO command. -However, the name must not start with a square bracket -and it must contain at least one dot. -This is a simple test whether the name is not -an IP address (in square brackets) but a qualified hostname. -Note that multiple ClientPortOptions settings are allowed -in order to give settings for each protocol family -(e.g., one for Family=inet and one for Family=inet6). -A restriction placed on one family only affects -outgoing connections on that particular family. -.ip ColonOkInAddr -[no short name] -If set, colons are acceptable in e-mail addresses -(e.g., -.q host:user ). -If not set, colons indicate the beginning of a RFC 822 group construct -(\c -.q "groupname: member1, member2, ... memberN;" ). -Doubled colons are always acceptable -(\c -.q nodename::user ) -and proper route-addr nesting is understood -(\c -.q <@relay:user@host> ). -Furthermore, this option defaults on if the configuration version level -is less than 6 (for back compatibility). -However, it must be off for full compatibility with RFC 822. -.ip ConnectionCacheSize=\fIN\fP -[k] -The maximum number of open connections that will be cached at a time. -The default is one. -This delays closing the current connection until -either this invocation of -.i sendmail -needs to connect to another host -or it terminates. -Setting it to zero defaults to the old behavior, -that is, connections are closed immediately. -Since this consumes file descriptors, -the connection cache should be kept small: -4 is probably a practical maximum. -.ip ConnectionCacheTimeout=\fItimeout\fP -[K] -The maximum amount of time a cached connection will be permitted to idle -without activity. -If this time is exceeded, -the connection is immediately closed. -This value should be small (on the order of ten minutes). -Before -.i sendmail -uses a cached connection, -it always sends a RSET command -to check the connection; -if this fails, it reopens the connection. -This keeps your end from failing if the other end times out. -The point of this option is to be a good network neighbor -and avoid using up excessive resources -on the other end. -The default is five minutes. -.ip ConnectOnlyTo=\fIaddress\fP -[no short name] -This can be used to -override the connection address (for testing purposes). -.ip ConnectionRateThrottle=\fIN\fP -[no short name] -If set to a positive value, -allow no more than -.i N -incoming connections in a one second period per daemon. -This is intended to flatten out peaks -and allow the load average checking to cut in. -Defaults to zero (no limits). -.ip ControlSocketName=\fIname\fP -[no short name] -Name of the control socket for daemon management. -A running -.i sendmail -daemon can be controlled through this named socket. -Available commands are: -.i help, -.i restart, -.i shutdown, -and -.i status. -The -.i status -command returns the current number of daemon children, -the maximum number of daemon children, -the free disk space (in blocks) of the queue directory, -and the load average of the machine expressed as an integer. -If not set, no control socket will be available. -Solaris and pre-4.4BSD kernel users should see the note in sendmail/README . -.ip DHParameters -File with DH parameters for STARTTLS. -This is only required if a ciphersuite containing DSA/DH is used. -This is only for people with a good knowledge of TLS, all others -can ignore this option. -.ip DaemonPortOptions=\fIoptions\fP -[O] -Set server SMTP options. -Each instance of -.b DaemonPortOptions -leads to an additional incoming socket. -The options are -.i key=value -pairs. -Known keys are: -.(b -.ta 1i -Name User-definable name for the daemon (defaults to "Daemon#") -Port Name/number of listening port (defaults to "smtp") -Addr Address mask (defaults INADDR_ANY) -Family Address family (defaults to INET) -Listen Size of listen queue (defaults to 10) -Modifier Options (flags) for the daemon -SndBufSize Size of TCP send buffer -RcvBufSize Size of TCP receive buffer -.)b -The -.i Name -key is used for error messages and logging. -The -.i Addr ess -mask may be a numeric address in dot notation -or a network name. -The -.i Family -key defaults to INET (IPv4). -IPv6 users who wish to also accept IPv6 connections -should add additional Family=inet6 -.b DaemonPortOptions -lines. -.i Modifier -can be a sequence (without any delimiters) -of the following characters: -.(b -.ta 1i -a always require authentication -b bind to interface through which mail has been received -c perform hostname canonification (.cf) -f require fully qualified hostname (.cf) -u allow unqualified addresses (.cf) -A disable AUTH (overrides 'a' modifier) -C don't perform hostname canonification -E disallow ETRN (see RFC 2476) -O optional; if opening the socket fails ignore it -S don't offer STARTTLS -.)b -That is, one way to specify a message submission agent (MSA) that -always requires authentication is: -.(b -O DaemonPortOptions=Name=MSA, Port=587, M=Ea -.)b -The modifiers that are marked with "(.cf)" have only -effect in the standard configuration file, in which -they are available via -.b ${daemon_flags} . -Notice: Do -.b not -use the ``a'' modifier on a public accessible MTA! -It should only be used for a MSA that is accessed by authorized -users for initial mail submission. -Users must authenticate to use a MSA which has this option turned on. -The flags ``c'' and ``C'' can change the default for -hostname canonification in the -.i sendmail.cf -file. -See the relevant documentation for -.sm FEATURE(nocanonify) . -The modifier ``f'' disallows addresses of the form -.b user@host -unless they are submitted directly. -The flag ``u'' allows unqualified sender addresses, -i.e., those without @host. -``b'' forces sendmail to bind to the interface -through which the e-mail has been -received for the outgoing connection. -.b WARNING: -Use ``b'' -only if outgoing mail can be routed through the incoming connection's -interface to its destination. No attempt is made to catch problems due to a -misconfiguration of this parameter, use it only for virtual hosting -where each virtual interface can connect to every possible location. -This will also override possible settings via -.b ClientPortOptions. -Note, -.i sendmail -will listen on a new socket -for each occurence of the -.b DaemonPortOptions -option in a configuration file. -The modifier ``O'' causes sendmail to ignore a socket -if it can't be opened. -This applies to failures from the socket(2) and bind(2) calls. -.ip DefaultAuthInfo -[no short name] -Filename that contains default authentication information for outgoing -connections. This file must contain the user id, the authorization id, -the password (plain text), the realm and the list of mechanisms to use -on separate lines and must be readable by -root (or the trusted user) only. -If no realm is specified, -.b $j -is used. -If no mechanisms are specified, the list given by -.b AuthMechanisms -is used. -Notice: this option is deprecated and will be removed in future versions. -Moreover, it doesn't work for the MSP since it can't read the file -(the file must not be group/world-readable otherwise -.i sendmail -will complain). -Use the authinfo ruleset instead which provides more control over -the usage of the data anyway. -.ip DefaultCharSet=\fIcharset\fP -[no short name] -When a message that has 8-bit characters but is not in MIME format -is converted to MIME -(see the EightBitMode option) -a character set must be included in the Content-Type: header. -This character set is normally set from the Charset= field -of the mailer descriptor. -If that is not set, the value of this option is used. -If this option is not set, the value -.q unknown-8bit -is used. -.ip DataFileBufferSize=\fIthreshold\fP -[no short name] -Set the -.i threshold , -in bytes, -before a memory-based -queue data file -becomes disk-based. -The default is 4096 bytes. -.ip DeadLetterDrop=\fIfile\fP -[no short name] -Defines the location of the system-wide dead.letter file, -formerly hardcoded to /usr/tmp/dead.letter. -If this option is not set (the default), -sendmail will not attempt to save to a system-wide dead.letter file -in the event -it cannot bounce the mail to the user or postmaster. -Instead, it will rename the qf file -as it has in the past -when the dead.letter file could not be opened. -.ip DefaultUser=\fIuser:group\fP -[u] -Set the default userid for mailers to -.i user:group . -If -.i group -is omitted and -.i user -is a user name -(as opposed to a numeric user id) -the default group listed in the /etc/passwd file for that user is used -as the default group. -Both -.i user -and -.i group -may be numeric. -Mailers without the -.i S -flag in the mailer definition -will run as this user. -Defaults to 1:1. -The value can also be given as a symbolic user name.\** -.(f -\**The old -.b g -option has been combined into the -.b DefaultUser -option. -.)f -.ip DelayLA=\fILA\fP -[no short name] -When the system load average exceeds -.i LA , -.i sendmail -will sleep for one second on most SMTP commands and -before accepting connections. -.ip DeliverByMin=\fItime\fP -[0] -Set minimum time for Deliver By SMTP Service Extension (RFC 2852). -If 0, no time is listed, if less than 0, the extension is not offered, -if greater than 0, it is listed as minimum time -for the EHLO keyword DELIVERBY. -.ip DeliveryMode=\fIx\fP -[d] -Deliver in mode -.i x . -Legal modes are: -.(b -.ta 4n -i Deliver interactively (synchronously) -b Deliver in background (asynchronously) -q Just queue the message (deliver during queue run) -d Defer delivery and all map lookups (deliver during queue run) -.)b -Defaults to ``b'' if no option is specified, -``i'' if it is specified but given no argument -(i.e., ``Od'' is equivalent to ``Odi''). -The -.b \-v -command line flag sets this to -.b i . -.ip DialDelay=\fIsleeptime\fP -[no short name] -Dial-on-demand network connections can see timeouts -if a connection is opened before the call is set up. -If this is set to an interval and a connection times out -on the first connection being attempted -.i sendmail -will sleep for this amount of time and try again. -This should give your system time to establish the connection -to your service provider. -Units default to seconds, so -.q DialDelay=5 -uses a five second delay. -Defaults to zero -(no retry). -This delay only applies to mailers which have the -Z flag set. -.ip DirectSubmissionModifiers=\fImodifiers\fP -Defines -.b ${daemon_flags} -for direct (command line) submissions. -If not set, -.b ${daemon_flags} -is either "CC f" if the option -.b \-G -is used or "c u" otherwise. -Note that only the the "CC", "c", "f", and "u" flags are checked. -.ip DontBlameSendmail=\fIoption,option,...\fP -[no short name] -In order to avoid possible cracking attempts -caused by world- and group-writable files and directories, -.i sendmail -does paranoid checking when opening most of its support files. -If for some reason you absolutely must run with, -for example, -a group-writable -.i /etc -directory, -then you will have to turn off this checking -(at the cost of making your system more vulnerable to attack). -The possible arguments have been described earlier. -The details of these flags are described above. -.\"XXX should have more here!!! XXX -.b "Use of this option is not recommended." -.ip DontExpandCnames -[no short name] -The standards say that all host addresses used in a mail message -must be fully canonical. -For example, if your host is named -.q Cruft.Foo.ORG -and also has an alias of -.q FTP.Foo.ORG , -the former name must be used at all times. -This is enforced during host name canonification -($[ ... $] lookups). -If this option is set, the protocols are ignored and the -.q wrong -thing is done. -However, the IETF is moving toward changing this standard, -so the behavior may become acceptable. -Please note that hosts downstream may still rewrite the address -to be the true canonical name however. -.ip DontInitGroups -[no short name] -If set, -.i sendmail -will avoid using the initgroups(3) call. -If you are running NIS, -this causes a sequential scan of the groups.byname map, -which can cause your NIS server to be badly overloaded in a large domain. -The cost of this is that the only group found for users -will be their primary group (the one in the password file), -which will make file access permissions somewhat more restrictive. -Has no effect on systems that don't have group lists. -.ip DontProbeInterfaces -[no short name] -.i Sendmail -normally finds the names of all interfaces active on your machine -when it starts up -and adds their name to the -.b $=w -class of known host aliases. -If you have a large number of virtual interfaces -or if your DNS inverse lookups are slow -this can be time consuming. -This option turns off that probing. -However, you will need to be certain to include all variant names -in the -.b $=w -class by some other mechanism. -If set to -.b loopback , -loopback interfaces (e.g., lo0) will not be probed. -.ip DontPruneRoutes -[R] -Normally, -.i sendmail -tries to eliminate any unnecessary explicit routes -when sending an error message -(as discussed in RFC 1123 \(sc 5.2.6). -For example, -when sending an error message to -.(b -<@known1,@known2,@known3:user@unknown> -.)b -.i sendmail -will strip off the -.q @known1,@known2 -in order to make the route as direct as possible. -However, if the -.b R -option is set, this will be disabled, -and the mail will be sent to the first address in the route, -even if later addresses are known. -This may be useful if you are caught behind a firewall. -.ip DoubleBounceAddress=\fIerror-address\fP -[no short name] -If an error occurs when sending an error message, -send the error report -(termed a -.q "double bounce" -because it is an error -.q bounce -that occurs when trying to send another error -.q bounce ) -to the indicated address. -The address is macro expanded -at the time of delivery. -If not set, defaults to -.q postmaster . -If set to an empty string, double bounces are dropped. -.ip EightBitMode=\fIaction\fP -[8] -Set handling of eight-bit data. -There are two kinds of eight-bit data: -that declared as such using the -.b BODY=8BITMIME -ESMTP declaration or the -.b \-B8BITMIME -command line flag, -and undeclared 8-bit data, that is, -input that just happens to be eight bits. -There are three basic operations that can happen: -undeclared 8-bit data can be automatically converted to 8BITMIME, -undeclared 8-bit data can be passed as-is without conversion to MIME -(``just send 8''), -and declared 8-bit data can be converted to 7-bits -for transmission to a non-8BITMIME mailer. -The possible -.i action s -are: -.(b -.\" r Reject undeclared 8-bit data; -.\" don't convert 8BITMIME\(->7BIT (``reject'') - s Reject undeclared 8-bit data (``strict'') -.\" do convert 8BITMIME\(->7BIT (``strict'') -.\" c Convert undeclared 8-bit data to MIME; -.\" don't convert 8BITMIME\(->7BIT (``convert'') - m Convert undeclared 8-bit data to MIME (``mime'') -.\" do convert 8BITMIME\(->7BIT (``mime'') -.\" j Pass undeclared 8-bit data; -.\" don't convert 8BITMIME\(->7BIT (``just send 8'') - p Pass undeclared 8-bit data (``pass'') -.\" do convert 8BITMIME\(->7BIT (``pass'') -.\" a Adaptive algorithm: see below -.)b -.\"The adaptive algorithm is to accept 8-bit data, -.\"converting it to 8BITMIME only if the receiver understands that, -.\"otherwise just passing it as undeclared 8-bit data; -.\"8BITMIME\(->7BIT conversions are done. -In all cases properly declared 8BITMIME data will be converted to 7BIT -as needed. -.ip ErrorHeader=\fIfile-or-message\fP -[E] -Prepend error messages with the indicated message. -If it begins with a slash, -it is assumed to be the pathname of a file -containing a message (this is the recommended setting). -Otherwise, it is a literal message. -The error file might contain the name, email address, and/or phone number -of a local postmaster who could provide assistance -to end users. -If the option is missing or null, -or if it names a file which does not exist or which is not readable, -no message is printed. -.ip ErrorMode=\fIx\fP -[e] -Dispose of errors using mode -.i x . -The values for -.i x -are: -.(b -p Print error messages (default) -q No messages, just give exit status -m Mail back errors -w Write back errors (mail if user not logged in) -e Mail back errors (when applicable) and give zero exit stat always -.)b -Note that the last mode, -.q e , -is for Berknet error processing and -should not be used in normal circumstances. -.ip FallbackMXhost=\fIfallbackhost\fP -[V] -If specified, the -.i fallbackhost -acts like a very low priority MX -on every host. -MX records will be looked up for this host, -unless the name is surrounded by square brackets. -This is intended to be used by sites with poor network connectivity. -Messages which are undeliverable due to temporary address failures -(e.g., DNS failure) -also go to the FallbackMXhost. -.ip FastSplit -[no short name] -If set to a value greater than zero (the default is one), -it suppresses the MX lookups on addresses -when they are initially sorted, i.e., for the first delivery attempt. -This usually results in faster envelope splitting unless the MX records -are readily available in a local DNS cache. -To enforce initial sorting based on MX records set -.b FastSplit -to zero. -If the mail is submitted directly from the command line, then -the value also limits the number of processes to deliver the envelopes; -if more envelopes are created they are only queued up -and must be taken care of by a queue run. -Since the default submission method is via SMTP (either from a MUA -or via the MSP), the value of -.b FastSplit -is seldom used to limit the number of processes to deliver the envelopes. -.ip ForkEachJob -[Y] -If set, -deliver each job that is run from the queue in a separate process. -.ip ForwardPath=\fIpath\fP -[J] -Set the path for searching for users' .forward files. -The default is -.q $z/.forward . -Some sites that use the automounter may prefer to change this to -.q /var/forward/$u -to search a file with the same name as the user in a system directory. -It can also be set to a sequence of paths separated by colons; -.i sendmail -stops at the first file it can successfully and safely open. -For example, -.q /var/forward/$u:$z/.forward -will search first in /var/forward/\c -.i username -and then in -.i ~username /.forward -(but only if the first file does not exist). -.ip HelpFile=\fIfile\fP -[H] -Specify the help file -for SMTP. -If no file name is specified, "helpfile" is used. -.ip HoldExpensive -[c] -If an outgoing mailer is marked as being expensive, -don't connect immediately. -This requires that queueing be compiled in, -since it will depend on a queue run process to -actually send the mail. -.ip HostsFile=\fIpath\fP -[no short name] -The path to the hosts database, -normally -.q /etc/hosts . -This option is only consulted when sendmail -is canonifying addresses, -and then only when -.q files -is in the -.q hosts -service switch entry. -In particular, this file is -.i never -used when looking up host addresses; -that is under the control of the system -.i gethostbyname (3) -routine. -.ip HostStatusDirectory=\fIpath\fP -[no short name] -The location of the long term host status information. -When set, -information about the status of hosts -(e.g., host down or not accepting connections) -will be shared between all -.i sendmail -processes; -normally, this information is only held within a single queue run. -This option requires a connection cache of at least 1 to function. -If the option begins with a leading `/', -it is an absolute pathname; -otherwise, -it is relative to the mail queue directory. -A suggested value for sites desiring persistent host status is -.q \&.hoststat -(i.e., a subdirectory of the queue directory). -.ip IgnoreDots -[i] -Ignore dots in incoming messages. -This is always disabled (that is, dots are always accepted) -when reading SMTP mail. -.ip InputMailFilters=\fIname,name,...\fP -A comma separated list of filters which determines which filters -(see the "X \*- Mail Filter (Milter) Definitions" section) -and the invocation sequence are contacted for incoming SMTP messages. -If none are set, no filters will be contacted. -.ip LDAPDefaultSpec=\fIspec\fP -[no short name] -Sets a default map specification for LDAP maps. -The value should only contain LDAP specific settings -such as -.q "-h host -p port -d bindDN" . -The settings will be used for all LDAP maps -unless the individual map specification overrides a setting. -This option should be set before any LDAP maps are defined. -.ip LogLevel=\fIn\fP -[L] -Set the log level to -.i n . -Defaults to 9. -.ip M\fIx\|value\fP -[no long version] -Set the macro -.i x -to -.i value . -This is intended only for use from the command line. -The -.b \-M -flag is preferred. -.ip MailboxDatabase -[no short name] -Type of lookup to find information about local mailboxes, -defaults to ``pw'' which uses -.i getpwnam . -Other types can be introduced by adding them to the source code, -see libsm/mbdb.c for details. -.ip UseMSP -[no short name] -Use as mail submission program, i.e., -allow group writable queue files -if the group is the same as that of a set-group-ID sendmail binary. -See the file -.b sendmail/SECURITY -in the distribution tarball. -.ip MatchGECOS -[G] -Allow fuzzy matching on the GECOS field. -If this flag is set, -and the usual user name lookups fail -(that is, there is no alias with this name and a -.i getpwnam -fails), -sequentially search the password file -for a matching entry in the GECOS field. -This also requires that MATCHGECOS -be turned on during compilation. -This option is not recommended. -.ip MaxAliasRecursion=\fIN\fP -[no short name] -The maximum depth of alias recursion (default: 10). -.ip MaxDaemonChildren=\fIN\fP -[no short name] -If set, -.i sendmail -will refuse connections when it has more than -.i N -children processing incoming mail or automatic queue runs. -This does not limit the number of outgoing connections. -If not set, there is no limit to the number of children -- -that is, the system load averaging controls this. -.ip MaxHeadersLength=\fIN\fP -[no short name] -The maximum length of the sum of all headers. -This can be used to prevent a denial of service attack. -The default is no limit. -.ip MaxHopCount=\fIN\fP -[h] -The maximum hop count. -Messages that have been processed more than -.i N -times are assumed to be in a loop and are rejected. -Defaults to 25. -.ip MaxMessageSize=\fIN\fP -[no short name] -Specify the maximum message size -to be advertised in the ESMTP EHLO response. -Messages larger than this will be rejected. -.ip MaxMimeHeaderLength=\fIN[/M]\fP -[no short name] -Sets the maximum length of certain MIME header field values to -.i N -characters. -These MIME header fields are determined by being a member of -class {checkMIMETextHeaders}, which currently contains only -the header Content-Description. -For some of these headers which take parameters, -the maximum length of each parameter is set to -.i M -if specified. If -.i /M -is not specified, one half of -.i N -will be used. -By default, -these values are 0, meaning no checks are done. -.ip MaxQueueChildren=\fIN\fP -[no short name] -When set, this limits the number of concurrent queue runner processes to -.i N. -This helps to control the amount of system resources used when processing -the queue. When there are multiple queue groups defined and the total number -of queue runners for these queue groups would exceed -.i MaxQueueChildren -then the queue groups will not all run concurrently. That is, some portion -of the queue groups will run concurrently such that -.i MaxQueueChildren -will not be exceeded, while the remaining queue groups will be run later (in -round robin order). See also -.i MaxRunnersPerQueue -and the section \fBQueue Group Declaration\fP. -Notice: -.i sendmail -does not count individual queue runners, but only sets of processes -that act on a workgroup. -Hence the actual number of queue runners may be lower than the limit -imposed by -.i MaxQueueChildren . -This discrepancy can be large if some queue runners have to wait -for a slow server and if short intervals are used. -.ip MaxQueueRunSize=\fIN\fP -[no short name] -The maximum number of jobs that will be processed -in a single queue run. -If not set, there is no limit on the size. -If you have very large queues or a very short queue run interval -this could be unstable. -However, since the first -.i N -jobs in queue directory order are run (rather than the -.i N -highest priority jobs) -this should be set as high as possible to avoid -.q losing -jobs that happen to fall late in the queue directory. -.ip MaxRecipientsPerMessage=\fIN\fP -[no short name] -The maximum number of recipients that will be accepted per message -in an SMTP transaction. -Note: setting this too low can interfere with sending mail from -MUAs that use SMTP for initial submission. -If not set, there is no limit on the number of recipients per envelope. -.ip MaxRunnersPerQueue=\fIN\fP -[no short name] -This sets the default maximum number of queue runners for queue groups. -Up to -.i N -queue runners will work in parallel on a queue group's messages. -This is useful where the processing of a message in the queue might -delay the processing of subsequent messages. Such a delay may be the result -of non-erroneous situations such as a low bandwidth connection. -May be overridden on a per queue group basis by setting the -.i Runners -option; see the section \fBQueue Group Declaration\fP. -The default is 1 when not set. -.ip MeToo -[m] -Send to me too, -even if I am in an alias expansion. -This option is deprecated -and will be removed from a future version. -.ip Milter -[no short name] -This option has several sub(sub)options. -The names of the suboptions are separated by dots. -At the first level the following options are available: -.(b -.ta \w'LogLevel'u+3n -LogLevel Log level for input mail filter actions, defaults to LogLevel. -macros Specifies list of macro to transmit to filters. - See list below. -.)b -The ``macros'' option has the following suboptions -which specify the list of macro to transmit to milters -after a certain event occurred. -.(b -.ta \w'envfrom'u+3n -connect After session connection start -helo After HELO command -envfrom After MAIL FROM command -envrcpt After RCPT TO command -.)b -By default the lists of macros are empty. -Example: -.(b -O Milter.LogLevel=12 -O Milter.macros.connect=j, _, {daemon_name} -.)b -.ip MinFreeBlocks=\fIN\fP -[b] -Insist on at least -.i N -blocks free on the filesystem that holds the queue files -before accepting email via SMTP. -If there is insufficient space -.i sendmail -gives a 452 response -to the MAIL command. -This invites the sender to try again later. -.ip MinQueueAge=\fIage\fP -[no short name] -Don't process any queued jobs -that have been in the queue less than the indicated time interval. -This is intended to allow you to get responsiveness -by processing the queue fairly frequently -without thrashing your system by trying jobs too often. -The default units are minutes. -.ip MustQuoteChars=\fIs\fP -[no short name] -Sets the list of characters that must be quoted if used in a full name -that is in the phrase part of a ``phrase <address>'' syntax. -The default is ``\'.''. -The characters ``@,;:\e()[]'' are always added to this list. -.ip NiceQueueRun -[no short name] -The priority of queue runners (nice(3)). -This value must be greater or equal zero. -.ip NoRecipientAction -[no short name] -The action to take when you receive a message that has no valid -recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em -the last included for back compatibility with old -.i sendmail s). -It can be -.b None -to pass the message on unmodified, -which violates the protocol, -.b Add-To -to add a To: header with any recipients it can find in the envelope -(which might expose Bcc: recipients), -.b Add-Apparently-To -to add an Apparently-To: header -(this is only for back-compatibility -and is officially deprecated), -.b Add-To-Undisclosed -to add a header -.q "To: undisclosed-recipients:;" -to make the header legal without disclosing anything, -or -.b Add-Bcc -to add an empty Bcc: header. -.ip OldStyleHeaders -[o] -Assume that the headers may be in old format, -i.e., -spaces delimit names. -This actually turns on -an adaptive algorithm: -if any recipient address contains a comma, parenthesis, -or angle bracket, -it will be assumed that commas already exist. -If this flag is not on, -only commas delimit names. -Headers are always output with commas between the names. -Defaults to off. -.ip OperatorChars=\fIcharlist\fP -[$o macro] -The list of characters that are considered to be -.q operators , -that is, characters that delimit tokens. -All operator characters are tokens by themselves; -sequences of non-operator characters are also tokens. -White space characters separate tokens -but are not tokens themselves \(em for example, -.q AAA.BBB -has three tokens, but -.q "AAA BBB" -has two. -If not set, OperatorChars defaults to -.q \&.\|:\|@\|[\|] ; -additionally, the characters -.q (\|)\|<\|>\|,\|; -are always operators. -Note that OperatorChars must be set in the -configuration file before any rulesets. -.ip PidFile=\fIfilename\fP -[no short name] -Filename of the pid file. -(default is _PATH_SENDMAILPID). -The -.i filename -is macro-expanded before it is opened. -.ip PostmasterCopy=\fIpostmaster\fP -[P] -If set, -copies of error messages will be sent to the named -.i postmaster . -Only the header of the failed message is sent. -Errors resulting from messages with a negative precedence will not be sent. -Since most errors are user problems, -this is probably not a good idea on large sites, -and arguably contains all sorts of privacy violations, -but it seems to be popular with certain operating systems vendors. -The address is macro expanded -at the time of delivery. -Defaults to no postmaster copies. -.ip PrivacyOptions=\fI\|opt,opt,...\fP -[p] -Set the privacy -.i opt ions. -``Privacy'' is really a misnomer; -many of these are just a way of insisting on stricter adherence -to the SMTP protocol. -The -.i opt ions -can be selected from: -.(b -.ta \w'needvrfyhelo'u+3n -public Allow open access -needmailhelo Insist on HELO or EHLO command before MAIL -needexpnhelo Insist on HELO or EHLO command before EXPN -noexpn Disallow EXPN entirely, implies noverb. -needvrfyhelo Insist on HELO or EHLO command before VRFY -novrfy Disallow VRFY entirely -noetrn Disallow ETRN entirely -noverb Disallow VERB entirely -restrictmailq Restrict mailq command -restrictqrun Restrict \-q command line flag -restrictexpand Restrict \-bv and \-v command line flags -noreceipts Don't return success DSNs\** -nobodyreturn Don't return the body of a message with DSNs -goaway Disallow essentially all SMTP status queries -authwarnings Put X-Authentication-Warning: headers in messages - and log warnings -.)b -.(f -\**N.B.: -the -.b noreceipts -flag turns off support for RFC 1891 -(Delivery Status Notification). -.)f -The -.q goaway -pseudo-flag sets all flags except -.q noreceipts , -.q restrictmailq , -.q restrictqrun , -.q restrictexpand , -.q noetrn , -and -.q nobodyreturn . -If mailq is restricted, -only people in the same group as the queue directory -can print the queue. -If queue runs are restricted, -only root and the owner of the queue directory -can run the queue. -The -.q restrictexpand -pseudo-flag instructs -.i sendmail -to drop privileges when the -.b \-bv -option is given by users who are neither root nor the TrustedUser -so users cannot read private aliases, forwards, or :include: files. -It will add the -.q NonRootSafeAddr -to the -.q DontBlameSendmail -option to prevent misleading unsafe address warnings. -It also overrides the -.b \-v -(verbose) command line option to prevent information leakage. -Authentication Warnings add warnings about various conditions -that may indicate attempts to spoof the mail system, -such as using a non-standard queue directory. -.ip ProcessTitlePrefix=\fIstring\fP -[no short name] -Prefix the process title shown on 'ps' listings with -.i string . -The -.i string -will be macro processed. -.ip QueueDirectory=\fIdir\fP -[Q] -The QueueDirectory option serves two purposes. -First, it specifies the directory or set of directories that comprise -the default queue group. -Second, it specifies the directory D which is the ancestor of all queue -directories, and which sendmail uses as its current working directory. -When sendmail dumps core, it leaves its core files in D. -There are two cases. -If \fIdir\fR ends with an asterisk (eg, \fI/var/spool/mqueue/qd*\fR), -then all of the directories or symbolic links to directories -beginning with `qd' in -.i /var/spool/mqueue -will be used as queue directories of the default queue group, -and -.i /var/spool/mqueue -will be used as the working directory D. -Otherwise, -\fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR): -the default queue group consists of the single queue directory \fIdir\fR, -and the working directory D is set to \fIdir\fR. -To define additional groups of queue directories, -use the configuration file `Q' command. -Do not change the queue directory structure -while sendmail is running. -.ip QueueFactor=\fIfactor\fP -[q] -Use -.i factor -as the multiplier in the map function -to decide when to just queue up jobs rather than run them. -This value is divided by the difference between the current load average -and the load average limit -(\c -.b QueueLA -option) -to determine the maximum message priority -that will be sent. -Defaults to 600000. -.ip QueueLA=\fILA\fP -[x] -When the system load average exceeds -.i LA -and the -.b QueueFactor -(\c -.b q ) -option divided by the difference in the current load average and the -.b QueueLA -option plus one -is less than the priority of the message, -just queue messages -(i.e., don't try to send them). -Defaults to 8 multiplied by -the number of processors online on the system -(if that can be determined). -.ip QueueFileMode=\fImode\fP -[no short name] -Default permissions for queue files (octal). -If not set, sendmail uses 0600 unless its real -and effective uid are different in which case it uses 0644. -.ip QueueSortOrder=\fIalgorithm\fP -[no short name] -Sets the -.i algorithm -used for sorting the queue. -Only the first character of the value is used. -Legal values are -.q host -(to order by the name of the first host name of the first recipient), -.q filename -(to order by the name of the queue file name), -.q time -(to order by the submission/creation time), -.q random -(to order randomly), -.q modification -(to order by the modification time of the qf file (older entries first)), -and -.q priority -(to order by message priority). -Host ordering makes better use of the connection cache, -but may tend to process low priority messages -that go to a single host -over high priority messages that go to several hosts; -it probably shouldn't be used on slow network links. -Filename and modification time ordering saves the overhead of -reading all of the queued items -before starting the queue run. -Creation (submission) time ordering is almost always a bad idea, -since it allows large, bulk mail to go out -before smaller, personal mail, -but may have applicability on some hosts with very fast connections. -Random is useful if several queue runners are started by hand -which try to drain the same queue since odds are they will be working -on different parts of the queue at the same time. -Priority ordering is the default. -.ip QueueTimeout=\fItimeout\fP -[T] -A synonym for -.q Timeout.queuereturn . -Use that form instead of the -.q QueueTimeout -form. -.ip RandFile -[no short name] -Name of file containing random data or the name of the UNIX socket -if EGD is used. -A (required) prefix "egd:" or "file:" specifies the type. -STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set -(see sendmail/README). -.ip ResolverOptions=\fIoptions\fP -[I] -Set resolver options. -Values can be set using -.b + \c -.i flag -and cleared using -.b \- \c -.i flag ; -the -.i flag s -can be -.q debug , -.q aaonly , -.q usevc , -.q primary , -.q igntc , -.q recurse , -.q defnames , -.q stayopen , -.q use_inet6 , -or -.q dnsrch . -The string -.q HasWildcardMX -(without a -.b + -or -.b \- ) -can be specified to turn off matching against MX records -when doing name canonifications. -The string -.q WorkAroundBrokenAAAA -(without a -.b + -or -.b \- ) -can be specified to work around some broken nameservers -which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. -Notice: it might be necessary to apply the same (or similar) options to -.i submit.cf -too. -.ip RrtImpliesDsn -[R] -If this option is set, a -.q Return-Receipt-To: -header causes the request of a DSN, which is sent to -the envelope sender as required by RFC 1891, -not to the address given in the header. -.ip RunAsUser=\fIuser\fP -[no short name] -The -.i user -parameter may be a user name -(looked up in -.i /etc/passwd ) -or a numeric user id; -either form can have -.q ":group" -attached -(where group can be numeric or symbolic). -If set to a non-zero (non-root) value, -.i sendmail -will change to this user id shortly after startup\**. -.(f -\**When running as a daemon, -it changes to this user after accepting a connection -but before reading any -.sm SMTP -commands. -.)f -This avoids a certain class of security problems. -However, this means that all -.q \&.forward -and -.q :include: -files must be readable by the indicated -.i user -and all files to be written must be writable by -.i user -Also, all file and program deliveries will be marked unsafe -unless the option -.b DontBlameSendmail=NonRootSafeAddr -is set, -in which case the delivery will be done as -.i user . -It is also incompatible with the -.b SafeFileEnvironment -option. -In other words, it may not actually add much to security on an average system, -and may in fact detract from security -(because other file permissions must be loosened). -However, it should be useful on firewalls and other -places where users don't have accounts and the aliases file is -well constrained. -.ip RecipientFactor=\fIfact\fP -[y] -The indicated -.i fact or -is added to the priority (thus -.i lowering -the priority of the job) -for each recipient, -i.e., this value penalizes jobs with large numbers of recipients. -Defaults to 30000. -.ip RefuseLA=\fILA\fP -[X] -When the system load average exceeds -.i LA , -refuse incoming SMTP connections. -Defaults to 12 multiplied by -the number of processors online on the system -(if that can be determined). -.ip RetryFactor=\fIfact\fP -[Z] -The -.i fact or -is added to the priority -every time a job is processed. -Thus, -each time a job is processed, -its priority will be decreased by the indicated value. -In most environments this should be positive, -since hosts that are down are all too often down for a long time. -Defaults to 90000. -.ip SafeFileEnvironment=\fIdir\fP -[no short name] -If this option is set, -.i sendmail -will do a -.i chroot (2) -call into the indicated -.i dir ectory -before doing any file writes. -If the file name specified by the user begins with -.i dir , -that partial path name will be stripped off before writing, -so (for example) -if the SafeFileEnvironment variable is set to -.q /safe -then aliases of -.q /safe/logs/file -and -.q /logs/file -actually indicate the same file. -Additionally, if this option is set, -.i sendmail -refuses to deliver to symbolic links. -.ip SaveFromLine -[f] -Save -UNIX-style -.q From -lines at the front of headers. -Normally they are assumed redundant -and discarded. -.ip SharedMemoryKey -[no short name] -Key to use for shared memory segment; -if not set (or 0), shared memory will not be used. -Requires support for shared memory to be compiled into -.i sendmail . -If this option is set, -.i sendmail -can share some data between different instances. -For example, the number of entries in a queue directory -or the available space in a file system. -This allows for more efficient program execution, since only -one process needs to update the data instead of each individual -process gathering the data each time it is required. -.ip SendMimeErrors -[j] -If set, send error messages in MIME format -(see RFC 2045 and RFC 1344 for details). -If disabled, -.i sendmail -will not return the DSN keyword in response to an EHLO -and will not do Delivery Status Notification processing as described in -RFC 1891. -.ip ServerCertFile -[no short name] -File containing the certificate of the server, i.e., this certificate -is used when sendmail acts as server -(used for STARTTLS). -.ip ServerKeyFile -[no short name] -File containing the private key belonging to the server certificate -(used for STARTTLS). -.ip ServiceSwitchFile=\fIfilename\fP -[no short name] -If your host operating system has a service switch abstraction -(e.g., /etc/nsswitch.conf on Solaris -or /etc/svc.conf on Ultrix and DEC OSF/1) -that service will be consulted and this option is ignored. -Otherwise, this is the name of a file -that provides the list of methods used to implement particular services. -The syntax is a series of lines, -each of which is a sequence of words. -The first word is the service name, -and following words are service types. -The services that -.i sendmail -consults directly are -.q aliases -and -.q hosts. -Service types can be -.q dns , -.q nis , -.q nisplus , -or -.q files -(with the caveat that the appropriate support -must be compiled in -before the service can be referenced). -If ServiceSwitchFile is not specified, it defaults to -/etc/mail/service.switch. -If that file does not exist, the default switch is: -.(b -aliases files -hosts dns nis files -.)b -The default file is -.q /etc/mail/service.switch . -.ip SevenBitInput -[7] -Strip input to seven bits for compatibility with old systems. -This shouldn't be necessary. -.ip SingleLineFromHeader -[no short name] -If set, From: lines that have embedded newlines are unwrapped -onto one line. -This is to get around a botch in Lotus Notes -that apparently cannot understand legally wrapped RFC 822 headers. -.ip SingleThreadDelivery -[no short name] -If set, a client machine will never try to open two SMTP connections -to a single server machine at the same time, -even in different processes. -That is, if another -.i sendmail -is already talking to some host a new -.i sendmail -will not open another connection. -This property is of mixed value; -although this reduces the load on the other machine, -it can cause mail to be delayed -(for example, if one -.i sendmail -is delivering a huge message, other -.i sendmail s -won't be able to send even small messages). -Also, it requires another file descriptor -(for the lock file) -per connection, so you may have to reduce the -.b ConnectionCacheSize -option to avoid running out of per-process file descriptors. -Requires the -.b HostStatusDirectory -option. -.ip SmtpGreetingMessage=\fImessage\fP -[$e macro] -The message printed when the SMTP server starts up. -Defaults to -.q "$j Sendmail $v ready at $b". -.ip StatusFile=\fIfile\fP -[S] -Log summary statistics in the named -.i file . -If no file name is specified, "statistics" is used. -If not set, -no summary statistics are saved. -This file does not grow in size. -It can be printed using the -.i mailstats (8) -program. -.ip SuperSafe -[s] -This option can be set to True, False, or Interactive. -If set to True, -.i sendmail -will be super-safe when running things, -i.e., always instantiate the queue file, -even if you are going to attempt immediate delivery. -.i Sendmail -always instantiates the queue file -before returning control to the client -under any circumstances. -This should really -.i always -be set to True. -The Interactive value has been introduced in 8.12 and can -be used together with -.b DeliveryMode=i . -It skips some synchronization calls which are effectively -doubled in the code execution path for this mode. -.ip TLSSrvOptions -[no short name] -List of options for SMTP STARTTLS for the server -consisting of single characters -with intervening white space or commas. -The flag ``V'' disables client verification, and hence -it is not possible to use a client certificate for relaying. -Currently there are no other flags available. -.ip TempFileMode=\fImode\fP -[F] -The file mode for transcript files, files to which -.i sendmail -delivers directly, files in the -.b HostStatusDirectory , -and -.b StatusFile . -It is interpreted in octal by default. -Defaults to 0600. -.ip Timeout.\fItype\fP=\|\fItimeout\fP -[r; subsumes old T option as well] -Set timeout values. -For more information, -see section -.\" XREF -4.1. -.ip TimeZoneSpec=\fItzinfo\fP -[t] -Set the local time zone info to -.i tzinfo -\*- for example, -.q PST8PDT . -Actually, if this is not set, -the TZ environment variable is cleared (so the system default is used); -if set but null, the user's TZ variable is used, -and if set and non-null the TZ variable is set to this value. -.ip TrustedUser=\fIuser\fP -[no short name] -The -.i user -parameter may be a user name -(looked up in -.i /etc/passwd ) -or a numeric user id. -Trusted user for file ownership and starting the daemon. If set, generated -alias databases and the control socket (if configured) will automatically -be owned by this user. -.ip TryNullMXList -[w] -If this system is the -.q best -(that is, lowest preference) -MX for a given host, -its configuration rules should normally detect this situation -and treat that condition specially -by forwarding the mail to a UUCP feed, -treating it as local, -or whatever. -However, in some cases (such as Internet firewalls) -you may want to try to connect directly to that host -as though it had no MX records at all. -Setting this option causes -.i sendmail -to try this. -The downside is that errors in your configuration -are likely to be diagnosed as -.q "host unknown" -or -.q "message timed out" -instead of something more meaningful. -This option is disrecommended. -.ip UnixFromLine=\fIfromline\fP -[$l macro] -Defines the format used when -.i sendmail -must add a UNIX-style From_ line -(that is, a line beginning -.q From<space>user ). -Defaults to -.q "From $g $d" . -Don't change this unless your system uses a different UNIX mailbox format -(very unlikely). -.ip UnsafeGroupWrites -[no short name] -If set (default), -:include: and .forward files that are group writable are considered -.q unsafe , -that is, -they cannot reference programs or write directly to files. -World writable :include: and .forward files -are always unsafe. -Note: use -.b DontBlameSendmail -instead; this option is deprecated. -.ip UseErrorsTo -[l] -If there is an -.q Errors-To: -header, send error messages to the addresses listed there. -They normally go to the envelope sender. -Use of this option causes -.i sendmail -to violate RFC 1123. -This option is disrecommended and deprecated. -.ip UserDatabaseSpec=\fIudbspec\fP -[U] -The user database specification. -.ip Verbose -[v] -Run in verbose mode. -If this is set, -.i sendmail -adjusts options -.b HoldExpensive -(old -.b c ) -and -.b DeliveryMode -(old -.b d ) -so that all mail is delivered completely -in a single job -so that you can see the entire delivery process. -Option -.b Verbose -should -.i never -be set in the configuration file; -it is intended for command line use only. -.ip XscriptFileBufferSize=\fIthreshold\fP -[no short name] -Set the -.i threshold , -in bytes, -before a memory-based -queue transcript file -becomes disk-based. -The default is 4096 bytes. -.lp -All options can be specified on the command line using the -\-O or \-o flag, -but most will cause -.i sendmail -to relinquish its set-user-ID permissions. -The options that will not cause this are -SevenBitInput [7], -EightBitMode [8], -MinFreeBlocks [b], -CheckpointInterval [C], -DeliveryMode [d], -ErrorMode [e], -IgnoreDots [i], -SendMimeErrors [j], -LogLevel [L], -MeToo [m], -OldStyleHeaders [o], -PrivacyOptions [p], -SuperSafe [s], -Verbose [v], -QueueSortOrder, -MinQueueAge, -DefaultCharSet, -Dial Delay, -NoRecipientAction, -ColonOkInAddr, -MaxQueueRunSize, -SingleLineFromHeader, -and -AllowBogusHELO. -Actually, PrivacyOptions [p] given on the command line -are added to those already specified in the -.i sendmail.cf -file, i.e., they can't be reset. -Also, M (define macro) when defining the r or s macros -is also considered -.q safe . -.sh 2 "P \*- Precedence Definitions" -.pp -Values for the -.q "Precedence:" -field may be defined using the -.b P -control line. -The syntax of this field is: -.(b -\fBP\fP\fIname\fP\fB=\fP\fInum\fP -.)b -When the -.i name -is found in a -.q Precedence: -field, -the message class is set to -.i num . -Higher numbers mean higher precedence. -Numbers less than zero -have the special property -that if an error occurs during processing -the body of the message will not be returned; -this is expected to be used for -.q "bulk" -mail such as through mailing lists. -The default precedence is zero. -For example, -our list of precedences is: -.(b -Pfirst-class=0 -Pspecial-delivery=100 -Plist=\-30 -Pbulk=\-60 -Pjunk=\-100 -.)b -People writing mailing list exploders -are encouraged to use -.q "Precedence: list" . -Older versions of -.i sendmail -(which discarded all error returns for negative precedences) -didn't recognize this name, giving it a default precedence of zero. -This allows list maintainers to see error returns -on both old and new versions of -.i sendmail . -.sh 2 "V \*- Configuration Version Level" -.pp -To provide compatibility with old configuration files, -the -.b V -line has been added to define some very basic semantics -of the configuration file. -These are not intended to be long term supports; -rather, they describe compatibility features -which will probably be removed in future releases. -.pp -.b N.B.: -these version -.i levels -have nothing -to do with the version -.i number -on the files. -For example, -as of this writing -version 10 config files -(specifically, 8.10) -used version level 9 configurations. -.pp -.q Old -configuration files are defined as version level one. -Version level two files make the following changes: -.np -Host name canonification ($[ ... $]) -appends a dot if the name is recognized; -this gives the config file a way of finding out if anything matched. -(Actually, this just initializes the -.q host -map with the -.q \-a. -flag \*- you can reset it to anything you prefer -by declaring the map explicitly.) -.np -Default host name extension is consistent throughout processing; -version level one configurations turned off domain extension -(that is, adding the local domain name) -during certain points in processing. -Version level two configurations are expected to include a trailing dot -to indicate that the name is already canonical. -.np -Local names that are not aliases -are passed through a new distinguished ruleset five; -this can be used to append a local relay. -This behavior can be prevented by resolving the local name -with an initial `@'. -That is, something that resolves to a local mailer and a user name of -.q vikki -will be passed through ruleset five, -but a user name of -.q @vikki -will have the `@' stripped, -will not be passed through ruleset five, -but will otherwise be treated the same as the prior example. -The expectation is that this might be used to implement a policy -where mail sent to -.q vikki -was handled by a central hub, -but mail sent to -.q vikki@localhost -was delivered directly. -.pp -Version level three files -allow # initiated comments on all lines. -Exceptions are backslash escaped # marks -and the $# syntax. -.pp -Version level four configurations -are completely equivalent to level three -for historical reasons. -.pp -Version level five configuration files -change the default definition of -.b $w -to be just the first component of the hostname. -.pp -Version level six configuration files -change many of the local processing options -(such as aliasing and matching the beginning of the address for -`|' characters) -to be mailer flags; -this allows fine-grained control over the special local processing. -Level six configuration files may also use long option names. -The -.b ColonOkInAddr -option (to allow colons in the local-part of addresses) -defaults -.b on -for lower numbered configuration files; -the configuration file requires some additional intelligence -to properly handle the RFC 822 group construct. -.pp -Version level seven configuration files -used new option names to replace old macros -(\c -.b $e -became -.b SmtpGreetingMessage , -.b $l -became -.b UnixFromLine , -and -.b $o -became -.b OperatorChars . -Also, prior to version seven, -the -.b F=q -flag (use 250 instead of 252 return value for -.sm "SMTP VRFY" -commands) -was assumed. -.pp -Version level eight configuration files allow -.b $# -on the left hand side of ruleset lines. -.pp -Version level nine configuration files allow -parentheses in rulesets, i.e. they are not treated -as comments and hence removed. -.pp -Version level ten configuration files allow -queue group definitions. -.pp -The -.b V -line may have an optional -.b / \c -.i vendor -to indicate that this configuration file uses modifications -specific to a particular vendor\**. -.(f -\**And of course, vendors are encouraged to add themselves -to the list of recognized vendors by editing the routine -.i setvendor -in -.i conf.c . -Please send e-mail to sendmail@Sendmail.ORG -to register your vendor dialect. -.)f -You may use -.q /Berkeley -to emphasize that this configuration file -uses the Berkeley dialect of -.i sendmail . -.sh 2 "K \*- Key File Declaration" -.pp -Special maps can be defined using the line: -.(b -Kmapname mapclass arguments -.)b -The -.i mapname -is the handle by which this map is referenced in the rewriting rules. -The -.i mapclass -is the name of a type of map; -these are compiled in to -.i sendmail . -The -.i arguments -are interpreted depending on the class; -typically, -there would be a single argument naming the file containing the map. -.pp -Maps are referenced using the syntax: -.(b -$( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $) -.)b -where either or both of the -.i arguments -or -.i default -portion may be omitted. -The -.i "$@ arguments" -may appear more than once. -The indicated -.i key -and -.i arguments -are passed to the appropriate mapping function. -If it returns a value, it replaces the input. -If it does not return a value and the -.i default -is specified, the -.i default -replaces the input. -Otherwise, the input is unchanged. -.pp -The -.i arguments -are passed to the map for arbitrary use. -Most map classes can interpolate these arguments -into their values using the syntax -.q %\fIn\fP -(where -.i n -is a digit) -to indicate the corresponding -.i argument . -Argument -.q %0 -indicates the database key. -For example, the rule -.(b -.ta 1.5i -R$\- ! $+ $: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $) -.)b -Looks up the UUCP name in a (user defined) UUCP map; -if not found it turns it into -.q \&.UUCP -form. -The database might contain records like: -.(b -decvax %1@%0.DEC.COM -research %1@%0.ATT.COM -.)b -Note that -.i default -clauses never do this mapping. -.pp -The built-in map with both name and class -.q host -is the host name canonicalization lookup. -Thus, -the syntax: -.(b -$(host \fIhostname\fP$) -.)b -is equivalent to: -.(b -$[\fIhostname\fP$] -.)b -.pp -There are many defined classes. -.ip dbm -Database lookups using the ndbm(3) library. -.i Sendmail -must be compiled with -.b NDBM -defined. -.ip btree -Database lookups using the btree interface to the Berkeley DB -library. -.i Sendmail -must be compiled with -.b NEWDB -defined. -.ip hash -Database lookups using the hash interface to the Berkeley DB -library. -.i Sendmail -must be compiled with -.b NEWDB -defined. -.ip nis -NIS lookups. -.i Sendmail -must be compiled with -.b NIS -defined. -.ip nisplus -NIS+ lookups. -.i Sendmail -must be compiled with -.b NISPLUS -defined. -The argument is the name of the table to use for lookups, -and the -.b \-k -and -.b \-v -flags may be used to set the key and value columns respectively. -.ip hesiod -Hesiod lookups. -.i Sendmail -must be compiled with -.b HESIOD -defined. -.ip ldap -LDAP X500 directory lookups. -.i Sendmail -must be compiled with -.b LDAPMAP -defined. -The map supports most of the standard arguments -and most of the command line arguments of the -.i ldapsearch -program. -Note that, -by default, -if a single query matches multiple values, -only the first value will be returned -unless the -.b \-z -(value separator) -map flag is set. -Also, the -.b \-1 -map flag will treat a multiple value return -as if there were no matches. -.ip netinfo -NeXT NetInfo lookups. -.i Sendmail -must be compiled with -.b NETINFO -defined. -.ip text -Text file lookups. -The format of the text file is defined by the -.b \-k -(key field number), -.b \-v -(value field number), -and -.b \-z -(field delimiter) -flags. -.ip ph -PH query map. -Contributed and supported by -Mark Roth, roth@uiuc.edu. -For more information, -consult the web site -.q http://www-dev.cso.uiuc.edu/sendmail/ . -.ip nsd -nsd map for IRIX 6.5 and later. -Contributed and supported by Bob Mende of SGI, -mende@sgi.com. -.ip stab -Internal symbol table lookups. -Used internally for aliasing. -.ip implicit -Really should be called -.q alias -\(em this is used to get the default lookups -for alias files, -and is the default if no class is specified for alias files. -.ip user -Looks up users using -.i getpwnam (3). -The -.b \-v -flag can be used to specify the name of the field to return -(although this is normally used only to check the existence -of a user). -.ip host -Canonifies host domain names. -Given a host name it calls the name server -to find the canonical name for that host. -.ip bestmx -Returns the best MX record for a host name given as the key. -The current machine is always preferred \*- -that is, if the current machine is one of the hosts listed as a -lowest-preference MX record, then it will be guaranteed to be returned. -This can be used to find out if this machine is the target for an MX record, -and mail can be accepted on that basis. -If the -.b \-z -flag is given, then all MX names are returned, -separated by the given delimiter. -.ip dns -This map requires the option -R to specify the DNS resource record -type to lookup. The following types are supported: -A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT. -A map lookup will return only one record. -Hence for some types, e.g., MX records, the return value might be a random -element of the list due to randomizing in the DNS resolver. -.ip sequence -The arguments on the `K' line are a list of maps; -the resulting map searches the argument maps in order -until it finds a match for the indicated key. -For example, if the key definition is: -.(b -Kmap1 ... -Kmap2 ... -Kseqmap sequence map1 map2 -.)b -then a lookup against -.q seqmap -first does a lookup in map1. -If that is found, it returns immediately. -Otherwise, the same key is used for map2. -.ip syslog -the key is logged via -.i syslogd \|(8). -The lookup returns the empty string. -.ip switch -Much like the -.q sequence -map except that the order of maps is determined by the service switch. -The argument is the name of the service to be looked up; -the values from the service switch are appended to the map name -to create new map names. -For example, consider the key definition: -.(b -Kali switch aliases -.)b -together with the service switch entry: -.(b -aliases nis files -.)b -This causes a query against the map -.q ali -to search maps named -.q ali.nis -and -.q ali.files -in that order. -.ip dequote -Strip double quotes (") from a name. -It does not strip backslashes, -and will not strip quotes if the resulting string -would contain unscannable syntax -(that is, basic errors like unbalanced angle brackets; -more sophisticated errors such as unknown hosts are not checked). -The intent is for use when trying to accept mail from systems such as -DECnet -that routinely quote odd syntax such as -.(b -"49ers::ubell" -.)b -A typical usage is probably something like: -.(b -Kdequote dequote - -\&... - -R$\- $: $(dequote $1 $) -R$\- $+ $: $>3 $1 $2 -.)b -Care must be taken to prevent unexpected results; -for example, -.(b -"|someprogram < input > output" -.)b -will have quotes stripped, -but the result is probably not what you had in mind. -Fortunately these cases are rare. -.ip regex -The map definition on the -.b K -line contains a regular expression. -Any key input is compared to that expression using the -POSIX regular expressions routines regcomp(), regerr(), and regexec(). -Refer to the documentation for those routines for more information -about the regular expression matching. -No rewriting of the key is done if the -.b \-m -flag is used. Without it, the key is discarded or if -.b \-s -if used, it is substituted by the substring matches, delimited by -.b $| -or the string specified with the the -.b \-d -flag. The flags available for the map are -.(b -.ta 4n --n not --f case sensitive --b basic regular expressions (default is extended) --s substring match --d set the delimiter used for -s --a append string to key --m match only, do not replace/discard value --D perform no lookup in deferred delivery mode. -.)b -The -.b \-s -flag can include an optional parameter which can be used -to select the substrings in the result of the lookup. For example, -.(b --s1,3,4 -.)b -Notes: to match a -.b $ -in a string, -\\$$ -must be used. -If the pattern contains spaces, they must be replaced -with the blank substitution character, unless it is -space itself. -.ip program -The arguments on the -.b K -line are the pathname to a program and any initial parameters to be passed. -When the map is called, -the key is added to the initial parameters -and the program is invoked -as the default user/group id. -The first line of standard output is returned as the value of the lookup. -This has many potential security problems, -and has terrible performance; -it should be used only when absolutely necessary. -.ip macro -Set or clear a macro value. -To set a macro, -pass the value as the first argument in the map lookup. -To clear a macro, -do not pass an argument in the map lookup. -The map always returns the empty string. -Example of typical usage include: -.(b -Kstorage macro - -\&... - -# set macro ${MyMacro} to the ruleset match -R$+ $: $(storage {MyMacro} $@ $1 $) $1 -# set macro ${MyMacro} to an empty string -R$* $: $(storage {MyMacro} $@ $) $1 -# clear macro ${MyMacro} -R$\- $: $(storage {MyMacro} $) $1 -.)b -.ip arith -Perform simple arithmetic operations. -The operation is given as key, currently +, -, *, /, %, -|, & (bitwise OR, AND), -l (for less than), and = are supported. -The two operands are given as arguments. -The lookup returns the result of the computation, -i.e. -.sm TRUE -or -.sm FALSE -for comparisons, integer values otherwise. -All options which are possible for maps are ignored. -A simple example is: -.(b -Kcomp arith - -\&... - -Scheck_etrn -R$* $: $(comp l $@ $&{load_avg} $@ 7 $) $1 -RFALSE $# error \&... -.)b -.pp -Most of these accept as arguments the same optional flags -and a filename -(or a mapname for NIS; -the filename is the root of the database path, -so that -.q .db -or some other extension appropriate for the database type -will be added to get the actual database name). -Known flags are: -.ip "\-o" -Indicates that this map is optional \*- that is, -if it cannot be opened, -no error is produced, -and -.i sendmail -will behave as if the map existed but was empty. -.ip "\-N, \-O" -If neither -.b \-N -or -.b \-O -are specified, -.i sendmail -uses an adaptive algorithm to decide whether or not to look for null bytes -on the end of keys. -It starts by trying both; -if it finds any key with a null byte it never tries again without a null byte -and vice versa. -If -.b \-N -is specified it never tries without a null byte and -if -.b \-O -is specified it never tries with a null byte. -Setting one of -these can speed matches but are never necessary. -If both -.b \-N -and -.b \-O -are specified, -.i sendmail -will never try any matches at all \(em -that is, everything will appear to fail. -.ip "\-a\fIx\fP" -Append the string -.i x -on successful matches. -For example, the default -.i host -map appends a dot on successful matches. -.ip "\-T\fIx\fP" -Append the string -.i x -on temporary failures. -For example, -.i x -would be appended if a DNS lookup returned -.q "server failed" -or an NIS lookup could not locate a server. -See also the -.b \-t -flag. -.ip "\-f" -Do not fold upper to lower case before looking up the key. -.ip "\-m" -Match only (without replacing the value). -If you only care about the existence of a key and not the value -(as you might when searching the NIS map -.q hosts.byname -for example), -this flag prevents the map from substituting the value. -However, -The \-a argument is still appended on a match, -and the default is still taken if the match fails. -.ip "\-k\fIkeycol\fP" -The key column name (for NIS+) or number -(for text lookups). -For LDAP maps this is an LDAP filter string -in which %s is replaced with the literal contents of the lookup key -and %0 is replaced with the LDAP escaped contents of the lookup key -according to RFC 2254. -.ip "\-v\fIvalcol\fP" -The value column name (for NIS+) or number -(for text lookups). -For LDAP maps this is the name of one or more -attributes to be returned; -multiple attributes can be separated by commas. -If not specified, all attributes found in the match -will be returned. -.ip "\-z\fIdelim\fP" -The column delimiter (for text lookups). -It can be a single character or one of the special strings -.q \|\en -or -.q \|\et -to indicate newline or tab respectively. -If omitted entirely, -the column separator is any sequence of white space. -For LDAP maps this is the separator character -to combine multiple values -into a single return string. -If not set, -the LDAP lookup will only return the first match found. -.ip "\-t" -Normally, when a map attempts to do a lookup -and the server fails -(e.g., -.i sendmail -couldn't contact any name server; -this is -.i not -the same as an entry not being found in the map), -the message being processed is queued for future processing. -The -.b \-t -flag turns off this behavior, -letting the temporary failure (server down) -act as though it were a permanent failure (entry not found). -It is particularly useful for DNS lookups, -where someone else's misconfigured name server can cause problems -on your machine. -However, care must be taken to ensure that you don't bounce mail -that would be resolved correctly if you tried again. -A common strategy is to forward such mail -to another, possibly better connected, mail server. -.ip "\-D" -Perform no lookup in deferred delivery mode. -This flag is set by default for the -.i host -map. -.ip "\-S\fIspacesub\fP -The character to use to replace space characters -after a successful map lookup (esp. useful for regex -and syslog maps). -.ip "\-s\fIspacesub\fP -For the dequote map only, -the character to use to replace space characters -after a successful dequote. -.ip "\-q" -Don't dequote the key before lookup. -.ip "\-L\fIlevel\fP -For the syslog map only, it specifies the level -to use for the syslog call. -.ip "\-A" -When rebuilding an alias file, -the -.b \-A -flag causes duplicate entries in the text version -to be merged. -For example, two entries: -.(b -list: user1, user2 -list: user3 -.)b -would be treated as though it were the single entry -.(b -list: user1, user2, user3 -.)b -in the presence of the -.b \-A -flag. -.pp -Some additional flags are available for the host and dns maps: -.ip "\-d" -delay: specify the resolver's retransmission time interval (in seconds). -.ip "\-r" -retry: specify the number of times to retransmit a resolver query. -.pp -The following additional flags are present in the ldap map only: -.ip "\-R" -Do not auto chase referrals. sendmail must be compiled with -.b \-DLDAP_REFERRALS -to use this flag. -.ip "\-n" -Retrieve attribute names only. -.ip "\-V\fIsep\fP" -Retrieve both attributes name and value(s), -separated by -.i sep . -.ip "\-r\fIderef\fP" -Set the alias dereference option to one of never, always, search, or find. -.ip "\-s\fIscope\fP" -Set search scope to one of base, one (one level), or sub (subtree). -.ip "\-h\fIhost\fP" -LDAP server hostname. -Some LDAP libraries allow you to specify multiple, space-separated hosts for -redundancy. -In addition, each of the hosts listed can be followed by a colon and a port -number to override the default LDAP port. -.ip "\-b\fIbase\fP" -LDAP search base. -.ip "\-p\fIport\fP" -LDAP service port. -.ip "\-l\fItimelimit\fP" -Time limit for LDAP queries. -.ip "\-Z\fIsizelimit\fP" -Size (number of matches) limit for LDAP queries. -.ip "\-d\fIdistinguished_name\fP" -The distinguished name to use to login to the LDAP server. -.ip "\-M\fImethod\fP" -The method to authenticate to the LDAP server. -Should be one of -.b LDAP_AUTH_NONE , -.b LDAP_AUTH_SIMPLE , -or -.b LDAP_AUTH_KRBV4 . -.ip "\-P\fIpasswordfile\fP" -The file containing the secret key for the -.b LDAP_AUTH_SIMPLE -authentication method -or the name of the Kerberos ticket file for -.b LDAP_AUTH_KRBV4 . -.ip "\-1" -Force LDAP searches to only succeed if a single match is found. -If multiple values are found, -the search is treated as if no match was found. -.pp -The -.i dbm -map appends the strings -.q \&.pag -and -.q \&.dir -to the given filename; -the -.i hash -and -.i btree -maps append -.q \&.db . -For example, the map specification -.(b -Kuucp dbm \-o \-N /etc/mail/uucpmap -.)b -specifies an optional map named -.q uucp -of class -.q dbm ; -it always has null bytes at the end of every string, -and the data is located in -/etc/mail/uucpmap.{dir,pag}. -.pp -The program -.i makemap (8) -can be used to build any of the three database-oriented maps. -It takes the following flags: -.ip \-f -Do not fold upper to lower case in the map. -.ip \-N -Include null bytes in keys. -.ip \-o -Append to an existing (old) file. -.ip \-r -Allow replacement of existing keys; -normally, re-inserting an existing key is an error. -.ip \-v -Print what is happening. -.lp -The -.i sendmail -daemon does not have to be restarted to read the new maps -as long as you change them in place; -file locking is used so that the maps won't be read -while they are being updated. -.pp -New classes can be added in the routine -.b setupmaps -in file -.b conf.c . -.sh 2 "Q \*- Queue Group Declaration" -.pp -In addition to the option -.i QueueDirectory, -queue groups can be declared that define a (group of) queue directories -under a common name. -The syntax is as follows: -.(b F -.b Q \c -.i name -{, \c -.i field =\c -.i value \|}+ -.)b -where -.i name -is the symbolic name of the queue group under which -it can be referenced in various places -and the -.q field=name -pairs define attributes of the queue group. -Fields are: -.ip Flags -Flags for this queue group. -.ip Nice -The nice(2) increment for the queue group. -This value must be greater or equal zero. -.ip Interval -The time between two queue runs. -.ip Path -The queue directory of the group (required). -.ip Runners -The number of parallel runners processing the queue. -Note that -.b F=f -must be set if this value is greater than one. -.ip Jobs -The maximum number of jobs (messages delivered) per queue run. -.ip recipients -The maximum number of recipients per envelope. -Envelopes with more than this number of recipients will be split -into multiple envelopes in the same queue directory. -The default value 0 means no limit. -.lp -Only the first character of the field name is checked. -.pp -By default, a queue group named -.i mqueue -is defined that uses the value of the -.i QueueDirectory -option as path. -Notice: all paths that are used for queue groups must -be subdirectories of -.i QueueDirectory . -Since they can be symbolic links, this isn't a real restriction, -If -.i QueueDirectory -uses a wildcard, then the directory one level up is considered -the ``base'' directory which all other queue directories must share. -Please make sure that the queue directories do not overlap, -e.g., do not specify -.(b -O QueueDirectory=/var/spool/mqueue/* -Qone, P=/var/spool/mqueue/dir1 -Qtwo, P=/var/spool/mqueue/dir2 -.)b -because this also includes -.q dir1 -and -.q dir2 -in the default queue group. -However, -.(b -O QueueDirectory=/var/spool/mqueue/main* -Qone, P=/var/spool/mqueue/dir -Qtwo, P=/var/spool/mqueue/other* -.)b -is a valid queue group specification. -.pp -Options listed in the ``Flags'' field can be used to modify -the behavior of a queue group. -The ``f'' flag must be set if multiple queue runners are -supposed to work on the entries in a queue group. -Otherwise -.i sendmail -will work on the entries strictly sequentially. -.pp -The ``Interval'' field sets the time between queue runs. -If no queue group specific interval is set, then the parameter of the -.b -q -option from the command line is used. -.pp -To control the overall number of concurrently active queue runners -the option -.b MaxQueueChildren -can be set. -This limits the number of processes used for running the queues to -.b MaxQueueChildren , -though at any one time fewer processes may be active -as a result of queue options, completed queue runs, system load, etc. -.pp -The maximum number of queue runners for an individual queue group can be -controlled via the -.b Runners -option. -If set to 0, entries in the queue will not be processed, which -is useful to ``quarantine'' queue files. -The number of runners per queue group may also be set with the option -.b MaxRunnersPerQueue , -which applies to queue groups that have no individual limit. -That is, the default value for -.b Runners -is -.b MaxRunnersPerQueue -if set, otherwise 1. -.pp -The field Jobs describes the maximum number of jobs -(messages delivered) per queue run, which is the queue group specific -value of -.b MaxQueueRunSize . -.pp -Notice: queue groups should be declared after all queue related options -have been set because queue groups take their defaults from those options. -If an option is set after a queue group declaration, the values of -options in the queue group are set to the defaults of -.i sendmail -unless explicitly set in the declaration. -.pp -Each envelope is assigned to a queue group based on the algorithm -described in section -``Queue Groups and Queue Directories''. -.sh 2 "X \*- Mail Filter (Milter) Definitions" -.pp -The -.i sendmail -Mail Filter API (Milter) is designed to allow third-party programs access -to mail messages as they are being processed in order to filter -meta-information and content. -They are declared in the configuration file as: -.(b F -.b X \c -.i name -{, \c -.i field =\c -.i value \|}* -.)b -where -.i name -is the name of the filter -(used internally only) -and the -.q field=name -pairs define attributes of the filter. -Also see the documentation for the -.b InputMailFilters -option for more information. -.pp -Fields are: -.(b -.ta 1i -Socket The socket specification -Flags Special flags for this filter -Timeouts Timeouts for this filter -.)b -Only the first character of the field name is checked -(it's case-sensitive). -.pp -The socket specification is one of the following forms: -.(b F -.b S= \c -.b inet \c -.b : -.i port -.b @ -.i host -.)b -.(b F -.b S= \c -.b inet6 \c -.b : -.i port -.b @ -.i host -.)b -.(b F -.b S= \c -.b local \c -.b : -.i path -.)b -The first two describe an IPv4 or IPv6 socket listening on a certain -.i port -at a given -.i host -or IP address. -The final form describes a named socket on the filesystem at the given -.i path . -.pp -The following flags may be set in the filter description. -.nr ii 4n -.ip R -Reject connection if filter unavailable. -.ip T -Temporary fail connection if filter unavailable. -.pp -The timeouts can be set using the four fields inside of the -.b T= -equate: -.nr ii 4n -.ip C -Timeout for connecting to a filter. -If set to 0, the system's -.i connect() -timeout will be used. -.ip S -Timeout for sending information from the MTA to a filter. -.ip R -Timeout for reading reply from the filter. -.ip E -Overall timeout between sending end-of-message to filter and waiting for -the final acknowledgment. -.pp -Note the separator between each timeout field is a -.b ';' . -The default values (if not set) are: -.b T=C:5m;S:10s;R:10s;E:5m -where -.b s -is seconds and -.b m -is minutes. -.pp -Examples: -.(b -Xfilter1, S=local:/var/run/f1.sock, F=R -Xfilter2, S=inet6:999@localhost, F=T, T=S:1s;R:1s;E:5m -Xfilter3, S=inet:3333@localhost, T=C:2m -.)b -.sh 2 "The User Database" -.pp -The user database is deprecated in favor of ``virtusertable'' -and ``genericstable'' as explained in the file -.b cf/README . -If you have a version of -.i sendmail -with the user database package -compiled in, -the handling of sender and recipient addresses -is modified. -.pp -The location of this database is controlled with the -.b UserDatabaseSpec -option. -.sh 3 "Structure of the user database" -.pp -The database is a sorted (BTree-based) structure. -User records are stored with the key: -.(b -\fIuser-name\fP\fB:\fP\fIfield-name\fP -.)b -The sorted database format ensures that user records are clustered together. -Meta-information is always stored with a leading colon. -.pp -Field names define both the syntax and semantics of the value. -Defined fields include: -.nr ii 1i -.ip maildrop -The delivery address for this user. -There may be multiple values of this record. -In particular, -mailing lists will have one -.i maildrop -record for each user on the list. -.ip "mailname" -The outgoing mailname for this user. -For each outgoing name, -there should be an appropriate -.i maildrop -record for that name to allow return mail. -See also -.i :default:mailname . -.ip mailsender -Changes any mail sent to this address to have the indicated envelope sender. -This is intended for mailing lists, -and will normally be the name of an appropriate -request address. -It is very similar to the owner-\c -.i list -syntax in the alias file. -.ip fullname -The full name of the user. -.ip office-address -The office address for this user. -.ip office-phone -The office phone number for this user. -.ip office-fax -The office FAX number for this user. -.ip home-address -The home address for this user. -.ip home-phone -The home phone number for this user. -.ip home-fax -The home FAX number for this user. -.ip project -A (short) description of the project this person is affiliated with. -In the University this is often just the name of their graduate advisor. -.ip plan -A pointer to a file from which plan information can be gathered. -.pp -As of this writing, -only a few of these fields are actually being used by -.i sendmail : -.i maildrop -and -.i mailname . -A -.i finger -program that uses the other fields is planned. -.sh 3 "User database semantics" -.pp -When the rewriting rules submit an address to the local mailer, -the user name is passed through the alias file. -If no alias is found (or if the alias points back to the same address), -the name (with -.q :maildrop -appended) -is then used as a key in the user database. -If no match occurs (or if the maildrop points at the same address), -forwarding is tried. -.pp -If the first token of the user name returned by ruleset 0 -is an -.q @ -sign, the user database lookup is skipped. -The intent is that the user database will act as a set of defaults -for a cluster (in our case, the Computer Science Division); -mail sent to a specific machine should ignore these defaults. -.pp -When mail is sent, -the name of the sending user is looked up in the database. -If that user has a -.q mailname -record, -the value of that record is used as their outgoing name. -For example, I might have a record: -.(b -eric:mailname Eric.Allman@CS.Berkeley.EDU -.)b -This would cause my outgoing mail to be sent as Eric.Allman. -.pp -If a -.q maildrop -is found for the user, -but no corresponding -.q mailname -record exists, -the record -.q :default:mailname -is consulted. -If present, this is the name of a host to override the local host. -For example, in our case we would set it to -.q CS.Berkeley.EDU . -The effect is that anyone known in the database -gets their outgoing mail stamped as -.q user@CS.Berkeley.EDU , -but people not listed in the database use the local hostname. -.sh 3 "Creating the database\**" -.(f -\**These instructions are known to be incomplete. -Other features are available which provide similar functionality, -e.g., virtual hosting and mapping local addresses into a -generic form as explained in cf/README. -.)f -.pp -The user database is built from a text file -using the -.i makemap -utility -(in the distribution in the makemap subdirectory). -The text file is a series of lines corresponding to userdb records; -each line has a key and a value separated by white space. -The key is always in the format described above \*- -for example: -.(b -eric:maildrop -.)b -This file is normally installed in a system directory; -for example, it might be called -.i /etc/mail/userdb . -To make the database version of the map, run the program: -.(b -makemap btree /etc/mail/userdb < /etc/mail/userdb -.)b -Then create a config file that uses this. -For example, using the V8 M4 configuration, include the -following line in your .mc file: -.(b -define(\`confUSERDB_SPEC\', /etc/mail/userdb.db) -.)b -.sh 1 "OTHER CONFIGURATION" -.pp -There are some configuration changes that can be made by -recompiling -.i sendmail . -This section describes what changes can be made -and what has to be modified to make them. -In most cases this should be unnecessary -unless you are porting -.i sendmail -to a new environment. -.sh 2 "Parameters in devtools/OS/$oscf" -.pp -These parameters are intended to describe the compilation environment, -not site policy, -and should normally be defined in the operating system -configuration file. -.b "This section needs a complete rewrite." -.ip NDBM -If set, -the new version of the DBM library -that allows multiple databases will be used. -If neither NDBM nor NEWDB are set, -a much less efficient method of alias lookup is used. -.ip NEWDB -If set, use the new database package from Berkeley (from 4.4BSD). -This package is substantially faster than DBM or NDBM. -If NEWDB and NDBM are both set, -.i sendmail -will read DBM files, -but will create and use NEWDB files. -.ip NIS -Include support for NIS. -If set together with -.i both -NEWDB and NDBM, -.i sendmail -will create both DBM and NEWDB files if and only if -an alias file includes the substring -.q /yp/ -in the name. -This is intended for compatibility with Sun Microsystems' -.i mkalias -program used on YP masters. -.ip NISPLUS -Compile in support for NIS+. -.ip NETINFO -Compile in support for NetInfo (NeXT stations). -.ip LDAPMAP -Compile in support for LDAP X500 queries. -Requires libldap and liblber -from the Umich LDAP 3.2 or 3.3 release -or equivalent libraries for other LDAP libraries -such as OpenLDAP. -.ip HESIOD -Compile in support for Hesiod. -.ip MAP_NSD -Compile in support for IRIX NSD lookups. -.ip MAP_REGEX -Compile in support for regular expression matching. -.ip DNSMAP -Compile in support for DNS map lookups in the -.i sendmail.cf -file. -.ip PH_MAP -Compile in support for ph lookups. -.ip SASL -Compile in support for SASL, -a required component for SMTP Authentication support. -.ip STARTTLS -Compile in support for STARTTLS. -.ip EGD -Compile in support for the "Entropy Gathering Daemon" -to provide better random data for TLS. -.ip TCPWRAPPERS -Compile in support for TCP Wrappers. -.ip _PATH_SENDMAILCF -The pathname of the sendmail.cf file. -.ip _PATH_SENDMAILPID -The pathname of the sendmail.pid file. -.ip SM_CONF_SHM -Compile in support for shared memory, see section about -"/var/spool/mqueue". -.ip MILTER -Compile in support for contacting external mail filters built with the -Milter API. -.pp -There are also several compilation flags to indicate the environment -such as -.q _AIX3 -and -.q _SCO_unix_ . -See the sendmail/README -file for the latest scoop on these flags. -.sh 2 "Parameters in sendmail/conf.h" -.pp -Parameters and compilation options -are defined in conf.h. -Most of these need not normally be tweaked; -common parameters are all in sendmail.cf. -However, the sizes of certain primitive vectors, etc., -are included in this file. -The numbers following the parameters -are their default value. -.pp -This document is not the best source of information -for compilation flags in conf.h \(em -see sendmail/README or sendmail/conf.h itself. -.nr ii 1.2i -.ip "MAXLINE [2048]" -The maximum line length of any input line. -If message lines exceed this length -they will still be processed correctly; -however, header lines, -configuration file lines, -alias lines, -etc., -must fit within this limit. -.ip "MAXNAME [256]" -The maximum length of any name, -such as a host or a user name. -.ip "MAXPV [256]" -The maximum number of parameters to any mailer. -This limits the number of recipients that may be passed in one transaction. -It can be set to any arbitrary number above about 10, -since -.i sendmail -will break up a delivery into smaller batches as needed. -A higher number may reduce load on your system, however. -.ip "MAXQUEUEGROUPS [50]" -The maximum number of queue groups. -.ip "MAXATOM [1000]" -The maximum number of atoms -(tokens) -in a single address. -For example, -the address -.q "eric@CS.Berkeley.EDU" -is seven atoms. -.ip "MAXMAILERS [25]" -The maximum number of mailers that may be defined -in the configuration file. -This value is defined in include/sendmail/sendmail.h. -.ip "MAXRWSETS [200]" -The maximum number of rewriting sets -that may be defined. -The first half of these are reserved for numeric specification -(e.g., ``S92''), -while the upper half are reserved for auto-numbering -(e.g., ``Sfoo''). -Thus, with a value of 200 an attempt to use ``S99'' will succeed, -but ``S100'' will fail. -.ip "MAXPRIORITIES [25]" -The maximum number of values for the -.q Precedence: -field that may be defined -(using the -.b P -line in sendmail.cf). -.ip "MAXUSERENVIRON [100]" -The maximum number of items in the user environment -that will be passed to subordinate mailers. -.ip "MAXMXHOSTS [100]" -The maximum number of MX records we will accept for any single host. -.ip "MAXMAPSTACK [12]" -The maximum number of maps that may be "stacked" in a -.b sequence -class map. -.ip "MAXMIMEARGS [20]" -The maximum number of arguments in a MIME Content-Type: header; -additional arguments will be ignored. -.ip "MAXMIMENESTING [20]" -The maximum depth to which MIME messages may be nested -(that is, nested Message or Multipart documents; -this does not limit the number of components in a single Multipart document). -.ip "MAXDAEMONS [10]" -The maximum number of sockets sendmail will open for accepting connections -on different ports. -.ip "MAXMACNAMELEN [25]" -The maximum length of a macro name. -.lp -A number of other compilation options exist. -These specify whether or not specific code should be compiled in. -Ones marked with \(dg -are 0/1 valued. -.nr ii 1.2i -.ip NETINET\(dg -If set, -support for Internet protocol networking is compiled in. -Previous versions of -.i sendmail -referred to this as -.sm DAEMON ; -this old usage is now incorrect. -Defaults on; -turn it off in the Makefile -if your system doesn't support the Internet protocols. -.ip NETINET6\(dg -If set, -support for IPv6 networking is compiled in. -It must be separately enabled by adding -.b DaemonPortOptions -settings. -.ip NETISO\(dg -If set, -support for ISO protocol networking is compiled in -(it may be appropriate to #define this in the Makefile instead of conf.h). -.ip NETUNIX\(dg -If set, -support for UNIX domain sockets is compiled in. -This is used for control socket support. -.ip LOG -If set, -the -.i syslog -routine in use at some sites is used. -This makes an informational log record -for each message processed, -and makes a higher priority log record -for internal system errors. -.b "STRONGLY RECOMMENDED" -\(em if you want no logging, turn it off in the configuration file. -.ip MATCHGECOS\(dg -Compile in the code to do ``fuzzy matching'' on the GECOS field -in /etc/passwd. -This also requires that the -.b MatchGECOS -option be turned on. -.ip NAMED_BIND\(dg -Compile in code to use the -Berkeley Internet Name Domain (BIND) server -to resolve TCP/IP host names. -.ip NOTUNIX -If you are using a non-UNIX mail format, -you can set this flag to turn off special processing -of UNIX-style -.q "From " -lines. -.ip USERDB\(dg -Include the -.b experimental -Berkeley user information database package. -This adds a new level of local name expansion -between aliasing and forwarding. -It also uses the NEWDB package. -This may change in future releases. -.lp -The following options are normally turned on -in per-operating-system clauses in conf.h. -.ip IDENTPROTO\(dg -Compile in the IDENT protocol as defined in RFC 1413. -This defaults on for all systems except Ultrix, -which apparently has the interesting -.q feature -that when it receives a -.q "host unreachable" -message it closes all open connections to that host. -Since some firewall gateways send this error code -when you access an unauthorized port (such as 113, used by IDENT), -Ultrix cannot receive email from such hosts. -.ip SYSTEM5 -Set all of the compilation parameters appropriate for System V. -.ip HASFLOCK\(dg -Use Berkeley-style -.b flock -instead of System V -.b lockf -to do file locking. -Due to the highly unusual semantics of locks -across forks in -.b lockf , -this should always be used if at all possible. -.ip HASINITGROUPS -Set this if your system has the -.i initgroups() -call -(if you have multiple group support). -This is the default if SYSTEM5 is -.i not -defined or if you are on HPUX. -.ip HASUNAME -Set this if you have the -.i uname (2) -system call (or corresponding library routine). -Set by default if -SYSTEM5 -is set. -.ip HASGETDTABLESIZE -Set this if you have the -.i getdtablesize (2) -system call. -.ip HASWAITPID -Set this if you have the -.i haswaitpid (2) -system call. -.ip FAST_PID_RECYCLE -Set this if your system can possibly -reuse the same pid in the same second of time. -.ip SFS_TYPE -The mechanism that can be used to get file system capacity information. -The values can be one of -SFS_USTAT (use the ustat(2) syscall), -SFS_4ARGS (use the four argument statfs(2) syscall), -SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>), -SFS_MOUNT (use the two argument statfs(2) syscall including <sys/mount.h>), -SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>), -SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>), -or -SFS_NONE (no way to get this information). -.ip LA_TYPE -The load average type. -Details are described below. -.lp -The are several built-in ways of computing the load average. -.i Sendmail -tries to auto-configure them based on imperfect guesses; -you can select one using the -.i cc -option -.b \-DLA_TYPE= \c -.i type , -where -.i type -is: -.ip LA_INT -The kernel stores the load average in the kernel as an array of long integers. -The actual values are scaled by a factor FSCALE -(default 256). -.ip LA_SHORT -The kernel stores the load average in the kernel as an array of short integers. -The actual values are scaled by a factor FSCALE -(default 256). -.ip LA_FLOAT -The kernel stores the load average in the kernel as an array of -double precision floats. -.ip LA_MACH -Use MACH-style load averages. -.ip LA_SUBR -Call the -.i getloadavg -routine to get the load average as an array of doubles. -.ip LA_ZERO -Always return zero as the load average. -This is the fallback case. -.lp -If type -.sm LA_INT , -.sm LA_SHORT , -or -.sm LA_FLOAT -is specified, -you may also need to specify -.sm _PATH_UNIX -(the path to your system binary) -and -.sm LA_AVENRUN -(the name of the variable containing the load average in the kernel; -usually -.q _avenrun -or -.q avenrun ). -.sh 2 "Configuration in sendmail/conf.c" -.pp -The following changes can be made in conf.c. -.sh 3 "Built-in Header Semantics" -.pp -Not all header semantics are defined in the configuration file. -Header lines that should only be included by certain mailers -(as well as other more obscure semantics) -must be specified in the -.i HdrInfo -table in -.i conf.c . -This table contains the header name -(which should be in all lower case) -and a set of header control flags (described below), -The flags are: -.ip H_ACHECK -Normally when the check is made to see if a header line is compatible -with a mailer, -.i sendmail -will not delete an existing line. -If this flag is set, -.i sendmail -will delete -even existing header lines. -That is, -if this bit is set and the mailer does not have flag bits set -that intersect with the required mailer flags -in the header definition in -sendmail.cf, -the header line is -.i always -deleted. -.ip H_EOH -If this header field is set, -treat it like a blank line, -i.e., -it will signal the end of the header -and the beginning of the message text. -.ip H_FORCE -Add this header entry -even if one existed in the message before. -If a header entry does not have this bit set, -.i sendmail -will not add another header line if a header line -of this name already existed. -This would normally be used to stamp the message -by everyone who handled it. -.ip H_TRACE -If set, -this is a timestamp -(trace) -field. -If the number of trace fields in a message -exceeds a preset amount -the message is returned -on the assumption that it has an aliasing loop. -.ip H_RCPT -If set, -this field contains recipient addresses. -This is used by the -.b \-t -flag to determine who to send to -when it is collecting recipients from the message. -.ip H_FROM -This flag indicates that this field -specifies a sender. -The order of these fields in the -.i HdrInfo -table specifies -.i sendmail 's -preference -for which field to return error messages to. -.ip H_ERRORSTO -Addresses in this header should receive error messages. -.ip H_CTE -This header is a Content-Transfer-Encoding header. -.ip H_CTYPE -This header is a Content-Type header. -.ip H_STRIPVAL -Strip the value from the header (for Bcc:). -.nr ii 5n -.lp -Let's look at a sample -.i HdrInfo -specification: -.(b -.ta 4n +\w'"content-transfer-encoding", 'u -struct hdrinfo HdrInfo[] = -\&{ - /* originator fields, most to least significant */ - "resent-sender", H_FROM, - "resent-from", H_FROM, - "sender", H_FROM, - "from", H_FROM, - "full-name", H_ACHECK, - "errors-to", H_FROM\^|\^H_ERRORSTO, - /* destination fields */ - "to", H_RCPT, - "resent-to", H_RCPT, - "cc", H_RCPT, - "bcc", H_RCPT\^|\^H_STRIPVAL, - /* message identification and control */ - "message", H_EOH, - "text", H_EOH, - /* trace fields */ - "received", H_TRACE\^|\^H_FORCE, - /* miscellaneous fields */ - "content-transfer-encoding", H_CTE, - "content-type", H_CTYPE, - - NULL, 0, -}; -.)b -This structure indicates that the -.q To: , -.q Resent-To: , -and -.q Cc: -fields -all specify recipient addresses. -Any -.q Full-Name: -field will be deleted unless the required mailer flag -(indicated in the configuration file) -is specified. -The -.q Message: -and -.q Text: -fields will terminate the header; -these are used by random dissenters around the network world. -The -.q Received: -field will always be added, -and can be used to trace messages. -.pp -There are a number of important points here. -First, -header fields are not added automatically just because they are in the -.i HdrInfo -structure; -they must be specified in the configuration file -in order to be added to the message. -Any header fields mentioned in the configuration file but not -mentioned in the -.i HdrInfo -structure have default processing performed; -that is, -they are added unless they were in the message already. -Second, -the -.i HdrInfo -structure only specifies cliched processing; -certain headers are processed specially by ad hoc code -regardless of the status specified in -.i HdrInfo . -For example, -the -.q Sender: -and -.q From: -fields are always scanned on ARPANET mail -to determine the sender\**; -.(f -\**Actually, this is no longer true in SMTP; -this information is contained in the envelope. -The older ARPANET protocols did not completely distinguish -envelope from header. -.)f -this is used to perform the -.q "return to sender" -function. -The -.q "From:" -and -.q "Full-Name:" -fields are used to determine the full name of the sender -if possible; -this is stored in the macro -.b $x -and used in a number of ways. -.sh 3 "Restricting Use of Email" -.pp -If it is necessary to restrict mail through a relay, -the -.i checkcompat -routine can be modified. -This routine is called for every recipient address. -It returns an exit status -indicating the status of the message. -The status -.sm EX_OK -accepts the address, -.sm EX_TEMPFAIL -queues the message for a later try, -and other values -(commonly -.sm EX_UNAVAILABLE ) -reject the message. -It is up to -.i checkcompat -to print an error message -(using -.i usrerr ) -if the message is rejected. -For example, -.i checkcompat -could read: -.(b -.re -.sz -1 -.ta 4n +4n +4n +4n +4n +4n +4n -int -checkcompat(to, e) - register ADDRESS *to; - register ENVELOPE *e; -\&{ - register STAB *s; - - s = stab("private", ST_MAILER, ST_FIND); - if (s != NULL && e\->e_from.q_mailer != LocalMailer && - to->q_mailer == s->s_mailer) - { - usrerr("No private net mail allowed through this machine"); - return (EX_UNAVAILABLE); - } - if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer)) - { - usrerr("Message too large for non-local delivery"); - e\->e_flags |= EF_NORETURN; - return (EX_UNAVAILABLE); - } - return (EX_OK); -} -.sz -.)b -This would reject messages greater than 50000 bytes -unless they were local. -The -.i EF_NORETURN -flag can be set in -.i e\(->e_flags -to suppress the return of the actual body -of the message in the error return. -The actual use of this routine is highly dependent on the -implementation, -and use should be limited. -.sh 3 "New Database Map Classes" -.pp -New key maps can be added by creating a class initialization function -and a lookup function. -These are then added to the routine -.i setupmaps. -.pp -The initialization function is called as -.(b -\fIxxx\fP_map_init(MAP *map, char *args) -.)b -The -.i map -is an internal data structure. -The -.i args -is a pointer to the portion of the configuration file line -following the map class name; -flags and filenames can be extracted from this line. -The initialization function must return -.sm true -if it successfully opened the map, -.sm false -otherwise. -.pp -The lookup function is called as -.(b -\fIxxx\fP_map_lookup(MAP *map, char buf[], char **av, int *statp) -.)b -The -.i map -defines the map internally. -The -.i buf -has the input key. -This may be (and often is) used destructively. -The -.i av -is a list of arguments passed in from the rewrite line. -The lookup function should return a pointer to the new value. -If the map lookup fails, -.i *statp -should be set to an exit status code; -in particular, it should be set to -.sm EX_TEMPFAIL -if recovery is to be attempted by the higher level code. -.sh 3 "Queueing Function" -.pp -The routine -.i shouldqueue -is called to decide if a message should be queued -or processed immediately. -Typically this compares the message priority to the current load average. -The default definition is: -.(b -bool -shouldqueue(pri, ctime) - long pri; - time_t ctime; -{ - if (CurrentLA < QueueLA) - return false; - return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1))); -} -.)b -If the current load average -(global variable -.i CurrentLA , -which is set before this function is called) -is less than the low threshold load average -(option -.b x , -variable -.i QueueLA ), -.i shouldqueue -returns -.sm false -immediately -(that is, it should -.i not -queue). -If the current load average exceeds the high threshold load average -(option -.b X , -variable -.i RefuseLA ), -.i shouldqueue -returns -.sm true -immediately. -Otherwise, it computes the function based on the message priority, -the queue factor -(option -.b q , -global variable -.i QueueFactor ), -and the current and threshold load averages. -.pp -An implementation wishing to take the actual age of the message into account -can also use the -.i ctime -parameter, -which is the time that the message was first submitted to -.i sendmail . -Note that the -.i pri -parameter is already weighted -by the number of times the message has been tried -(although this tends to lower the priority of the message with time); -the expectation is that the -.i ctime -would be used as an -.q "escape clause" -to ensure that messages are eventually processed. -.sh 3 "Refusing Incoming SMTP Connections" -.pp -The function -.i refuseconnections -returns -.sm true -if incoming SMTP connections should be refused. -The current implementation is based exclusively on the current load average -and the refuse load average option -(option -.b X , -global variable -.i RefuseLA ): -.(b -bool -refuseconnections() -{ - return (RefuseLA > 0 && CurrentLA >= RefuseLA); -} -.)b -A more clever implementation -could look at more system resources. -.sh 3 "Load Average Computation" -.pp -The routine -.i getla -returns the current load average (as a rounded integer). -The distribution includes several possible implementations. -If you are porting to a new environment -you may need to add some new tweaks.\** -.(f -\**If you do, please send updates to -sendmail@Sendmail.ORG. -.)f -.sh 2 "Configuration in sendmail/daemon.c" -.pp -The file -.i sendmail/daemon.c -contains a number of routines that are dependent -on the local networking environment. -The version supplied assumes you have BSD style sockets. -.pp -In previous releases, -we recommended that you modify the routine -.i maphostname -if you wanted to generalize -.b $[ -\&...\& -.b $] -lookups. -We now recommend that you create a new keyed map instead. -.sh 2 "STARTTLS" -.pp -In this section we assume that -.i sendmail -has been compiled with support for STARTTLS. -To properly understand the use of STARTTLS in -.i sendmail , -it is necessary to understand at least some basics about X.509 certificates -and public key cryptography. -This information can be found in books about SSL/TLS -or on WWW sites, e.g., -.q http://www.OpenSSL.org/ . -.sh 3 "Certificates for STARTTLS" -.pp -When acting as a server, -.i sendmail -requires X.509 certificates to support STARTTLS: -one as certificate for the server (ServerCertFile and corresponding -private ServerKeyFile) -at least one root CA (CACertFile), -i.e., a certificate that is used to sign other certificates, -and a path to a directory which contains other CAs (CACertPath). -The file specified via -CACertFile -can contain several certificates of CAs. -The DNs of these certificates are sent -to the client during the TLS handshake (as part of the -CertificateRequest) as the list of acceptable CAs. -However, do not list too many root CAs in that file, otherwise -the TLS handshake may fail; e.g., -.(b -error:14094417:SSL routines:SSL3_READ_BYTES: -sslv3 alert illegal parameter:s3_pkt.c:964:SSL alert number 47 -.)b -You should probably put only the CA cert into that file -that signed your own cert(s), or at least only those you trust. -The CACertPath directory must contain the hashes of each CA certificate -as filenames (or as links to them). -Symbolic links can be generated with the following -two (Bourne) shell commands: -.(b -C=FileName_of_CA_Certificate -ln -s $C `openssl x509 -noout -hash < $C`.0 -.)b -An X.509 certificate is also required for authentication in client mode -(ClientCertFile and corresponding private ClientKeyFile), however, -.i sendmail -will always use STARTTLS when offered by a server. -The client and server certificates can be identical. -Certificates can be obtained from a certificate authority -or created with the help of OpenSSL. -The required format for certificates and private keys is PEM. -To allow for automatic startup of sendmail, private keys -(ServerKeyFile, ClientKeyFile) -must be stored unencrypted. -The keys are only protected by the permissions of the file system. -Never make a private key available to a third party. -.sh 3 "Encoding of STARTTLS related Macros" -.pp -Macros that contain STARTTLS related data which comes from outside -sources, e.g., all macros containing information from certificates, -are encoded to avoid problems with non-printable or special characters. -The latter are '<', '>', '(', ')', '"', '+', and ' '. -All of these characters are replaced by their value in hexadecimal -with a leading '+'. -For example: -.(b -/C=US/ST=California/O=endmail.org/OU=private/CN=Darth Mail (Cert)/ -Email=darth+cert@endmail.org -.)b -is encoded as: -.(b -/C=US/ST=California/O=endmail.org/OU=private/ -CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org -.)b -(line breaks have been inserted for readability). -The macros which are subject to this encoding are -{cert_subject}, {cert_issuer}, {cn_subject}, and {cn_issuer}. -.sh 3 "PRNG for STARTTLS" -.pp -STARTTLS requires a strong pseudo random number generator (PRNG) -to operate properly. -Depending on the TLS library you use, it may be required to explicitly -initialize the PRNG with random data. -OpenSSL makes use of -.b /dev/urandom(4) -if available (this corresponds to the compile flag HASURANDOMDEV). -On systems which lack this support, a random file must be specified in the -.i sendmail.cf -file using the option RandFile. -It is -.b strongly -advised to use the "Entropy Gathering Daemon" EGD -from Brian Warner on those systems to provide useful random data. -In this case, -.i sendmail -must be compiled with the flag EGD, and the -RandFile option must point to the EGD socket. -If neither -.b /dev/urandom(4) -nor EGD are available, you have to make sure -that useful random data is available all the time in RandFile. -If the file hasn't been modified in the last 10 minutes before -it is supposed to be used by -.i sendmail -the content is considered obsolete. -One method for generating this file is: -.(b -openssl rand -out /etc/mail/randfile -rand \c -.i /path/to/file:... \c -256 -.)b -See the OpenSSL documentation for more information. -In this case, the PRNG for TLS is only -seeded with other random data if the -.b DontBlameSendmail -option -.b InsufficientEntropy -is set. -This is most likely not sufficient for certain actions, e.g., -generation of (temporary) keys. -.pp -Please see the OpenSSL documentation or other sources -for further information about certificates, their creation and their usage, -the importance of a good PRNG, and other aspects of TLS. -.sh 1 "ACKNOWLEDGEMENTS" -.pp -I've worked on -.i sendmail -for many years, -and many employers have been remarkably patient -about letting me work on a large project -that was not part of my official job. -This includes time on the INGRES Project at -the University of California at Berkeley, -at Britton Lee, -and again on the Mammoth and Titan Projects at Berkeley. -.pp -Much of the second wave of improvements -resulting in version 8.1 -should be credited to Bryan Costales of the -International Computer Science Institute. -As he passed me drafts of his book on -.i sendmail -I was inspired to start working on things again. -Bryan was also available to bounce ideas off of. -.pp -Gregory Neil Shapiro -of Worcester Polytechnic Institute -has become instrumental in all phases of -.i sendmail -support and development, -and was largely responsible for getting versions 8.8 and 8.9 -out the door. -.pp -Many, many people contributed chunks of code and ideas to -.i sendmail . -It has proven to be a group network effort. -Version 8 in particular was a group project. -The following people and organizations made notable contributions: -.(l -Claus Assmann -John Beck, Hewlett-Packard & Sun Microsystems -Keith Bostic, CSRG, University of California, Berkeley -Andrew Cheng, Sun Microsystems -Michael J. Corrigan, University of California, San Diego -Bryan Costales, International Computer Science Institute & InfoBeat -Pa\*:r (Pell) Emanuelsson -Craig Everhart, Transarc Corporation -Per Hedeland, Ericsson -Tom Ivar Helbekkmo, Norwegian School of Economics -Kari Hurtta, Finnish Meteorological Institute -Allan E. Johannesen, WPI -Jonathan Kamens, OpenVision Technologies, Inc. -Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd. -Brian Kantor, University of California, San Diego -John Kennedy, Cal State University, Chico -Murray S. Kucherawy, HookUp Communication Corp. -Bruce Lilly, Sony U.S. -Karl London -Motonori Nakamura, Ritsumeikan University & Kyoto University -John Gardiner Myers, Carnegie Mellon University -Neil Rickert, Northern Illinois University -Gregory Neil Shapiro, WPI -Eric Schnoebelen, Convex Computer Corp. -Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam -Randall Winchester, University of Maryland -Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris) -Exactis.com, Inc. -.)l -I apologize for anyone I have omitted, misspelled, misattributed, or -otherwise missed. -At this point, I suspect that at least a hundred people -have contributed code, -and many more have contributed ideas, comments, and encouragement. -I've tried to list them in the RELEASE_NOTES in the distribution directory. -I appreciate their contribution as well. -.pp -Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel, -who besides being wonderful guinea pigs and contributors -have also consented to be added to the ``sendmail@Sendmail.ORG'' list -and, by answering the bulk of the questions sent to that list, -have freed me up to do other work. -.++ A -.+c "COMMAND LINE FLAGS" -.ba 0 -.nr ii 1i -.pp -Arguments must be presented with flags before addresses. -The flags are: -.ip \-A\fIx\fP -Select an alternative .cf file which is either -.i sendmail.cf -for -.b \-Am -or -.i submit.cf -for -.b \-Ac . -By default the .cf file is chosen based on the operation mode. -For -.b -bm -(default), -.b -bs , -and -.b -t -it is -.i submit.cf -if it exists, for all others it is -.i sendmail.cf . -.ip \-b\fIx\fP -Set operation mode to -.i x . -Operation modes are: -.(b -.ta 4n -m Deliver mail (default) -s Speak SMTP on input side -a\(dg ``Arpanet'' mode (get envelope sender information from header) -d Run as a daemon in background -D Run as a daemon in foreground -t Run in test mode -v Just verify addresses, don't collect or deliver -i Initialize the alias database -p Print the mail queue -P Print overview over the mail queue (requires shared memory) -h Print the persistent host status database -H Purge expired entries from the persistent host status database -.)b -.(f -\(dgDeprecated. -.)f -.ip \-B\fItype\fP -Indicate body type. -.ip \-C\fIfile\fP -Use a different configuration file. -.i Sendmail -runs as the invoking user (rather than root) -when this flag is specified. -.ip \-d\fIlevel\fP -Set debugging level. -.ip "\-f\ \fIaddr\fP" -The envelope sender address is set to -.i addr . -This address may also be used in the From: header -if that header is missing during initial submission. -The envelope sender address is used as the recipient -for delivery status notifications -and may also appear in a Return-Path: header. -.ip \-F\ \fIname\fP -Sets the full name of this user to -.i name . -.ip \-G -When accepting messages via the command line, -indicate that they are for relay (gateway) submission. -sendmail may complain about syntactically invalid messages, -e.g., unqualified host names, -rather than fixing them when this flag is set. -sendmail will not do any canonicalization in this mode. -.ip "\-h\ \fIcnt\fP" -Sets the -.q "hop count" -to -.i cnt . -This represents the number of times this message has been processed -by -.i sendmail -(to the extent that it is supported by the underlying networks). -.i Cnt -is incremented during processing, -and if it reaches -MAXHOP -(currently 25) -.i sendmail -throws away the message with an error. -.ip "\-L \fItag\fP" -Sets the identifier used for syslog. -Note that this identifier is set -as early as possible. -However, -.i sendmail -may be used -if problems arise -before the command line arguments -are processed. -.ip \-n -Don't do aliasing or forwarding. -.ip "\-N \fInotifications\fP" -Tag all addresses being sent as wanting the indicated -.i notifications , -which consists of the word -.q NEVER -or a comma-separated list of -.q SUCCESS , -.q FAILURE , -and -.q DELAY -for successful delivery, -failure, -and a message that is stuck in a queue somewhere. -The default is -.q FAILURE,DELAY . -.ip "\-r\ \fIaddr\fP" -An obsolete form of -.b \-f . -.ip \-o\fIx\|value\fP -Set option -.i x -to the specified -.i value . -These options are described in Section 5.6. -.ip \-O\fIoption\fP\fB=\fP\fIvalue\fP -Set -.i option -to the specified -.i value -(for long form option names). -These options are described in Section 5.6. -.ip \-M\fIx\|value\fP -Set macro -.i x -to the specified -.i value . -.ip \-p\fIprotocol\fP -Set the sending protocol. -Programs are encouraged to set this. -The protocol field can be in the form -.i protocol \c -.b : \c -.i host -to set both the sending protocol and sending host. -For example, -.q \-pUUCP:uunet -sets the sending protocol to UUCP -and the sending host to uunet. -(Some existing programs use \-oM to set the r and s macros; -this is equivalent to using \-p.) -.ip \-q\fItime\fP -Try to process the queued up mail. -If the time is given, -a -.i sendmail -will start one or more processes to run through the queue(s) at the specified -time interval to deliver queued mail; otherwise, it only runs once. -Each of these processes acts on a workgroup. -These processes are also known as workgroup processes or WGP's for short. -Each workgroup is responsible for controlling the processing of one or -more queues; workgroups help manage the use of system resources by sendmail. -Each workgroup may have one or more children concurrently processing -queues depending on the setting of \fIMaxQueueChildren\fP. -.ip \-qp\fItime\fP -Similar to \-q with a time argument, -except that instead of periodically starting WGP's -sendmail starts persistent WGP's -that alternate between processing queues and sleeping. -The sleep time is specified by the time argument; it defaults to 1 second, -except that a WGP always sleeps at least 5 seconds if their queues were -empty in the previous run. -Persistent processes are managed by a queue control process (QCP). -The QCP is the parent process of the WGP's. -Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD) -or a special process (named Queue control) (when started without \-bd or \-bD). -If a persistent WGP ceases to be active for some reason -another WGP will be started by the QCP for the same workgroup -in most cases. When a persistent WGP has core dumped, the debug flag -\fIno_persistent_restart\fP is set or the specific persistent WGP has been -restarted too many times already then the WGP will not be started again -and a message will be logged to this effect. -To stop (SIGTERM) or restart (SIGHUP) persistent WGP's the appropriate -signal should be sent to the QCP. The QCP will propagate the signal to all of -the WGP's and if appropriate restart the persistent WGP's. -.ip \-q\fIGname\fP -Run the jobs in the queue group -.i name -once. -.ip \-q[!]\fIXstring\fP -Run the queue once, -limiting the jobs to those matching -.i Xstring . -The key letter -.i X -can be -.b I -to limit based on queue identifier, -.b R -to limit based on recipient, -or -.b S -to limit based on sender. -A particular queued job is accepted if one of the corresponding addresses -contains the indicated -.i string . -The optional ! character negates the condition tested. -Multiple -.i \-q\fIX\fP -flags are permitted, -with items with the same key letter -.q or'ed -together, and items with different key letters -.q and'ed -together. -.ip "\-R ret" -What information you want returned if the message bounces; -.i ret -can be -.q HDRS -for headers only or -.q FULL -for headers plus body. -This is a request only; -the other end is not required to honor the parameter. -If -.q HDRS -is specified local bounces also return only the headers. -.ip \-t -Read the header for -.q To: , -.q Cc: , -and -.q Bcc: -lines, and send to everyone listed in those lists. -The -.q Bcc: -line will be deleted before sending. -Any addresses in the argument vector will be deleted -from the send list. -.ip "\-V envid" -The indicated -.i envid -is passed with the envelope of the message -and returned if the message bounces. -.ip "\-X \fIlogfile\fP" -Log all traffic in and out of -.i sendmail -in the indicated -.i logfile -for debugging mailer problems. -This produces a lot of data very quickly and should be used sparingly. -.pp -There are a number of options that may be specified as -primitive flags. -These are the e, i, m, and v options. -Also, -the f option -may be specified as the -.b \-s -flag. -The DSN related options -.q "\-N" , -.q "\-R" , -and -.q "\-V" -have no effects on -.i sendmail -running as daemon. -.+c "QUEUE FILE FORMATS" -.pp -This appendix describes the format of the queue files. -These files live in a queue directory. -The individual qf, df, and xf files -may be stored in separate -.i qf/ , -.i df/ , -and -.i xf/ -subdirectories -if they are present in the queue directory. -.pp -All queue files have the name -.i ttYMDhmsNNppppp -where -.i YMDhmsNNppppp -is the -.i id -for this message -and the -.i tt -is a type. -The individual letters in the -.i id -are: -.nr ii 0.5i -.ip Y -Encoded year -.ip M -Encoded month -.ip D -Encoded day -.ip h -Encoded hour -.ip m -Encoded minute -.ip s -Encoded second -.ip NN -Encoded envelope number -.ip ppppp -At least five decimal digits of the process ID -.pp -All files with the same id collectively define one message. -Due to the use of memory-buffered files, -some of these files may never appear on disk. -.pp -The types are: -.nr ii 0.5i -.ip qf -The queue control file. -This file contains the information necessary to process the job. -.ip df -The data file. -The message body (excluding the header) is kept in this file. -Sometimes the df file is not stored in the same directory as the qf file; -in this case, -the qf file contains a `d' record which names the queue directory -that contains the df file. -.ip tf -A temporary file. -This is an image of the -.b qf -file when it is being rebuilt. -It should be renamed to a -.b qf -file very quickly. -.ip xf -A transcript file, -existing during the life of a session -showing everything that happens -during that session. -Sometimes the xf file must be generated before a queue group has been selected; -in this case, -the xf file will be stored in a directory of the default queue group. -.ip Qf -A ``lost'' queue control file. -.i sendmail -renames a -.b qf -file to -.b Qf -if there is a severe (configuration) problem that cannot be solved without -human intervention. -Search the logfile for the queue file id to figure out what happened. -After you resolved the problem, you can rename the -.b Qf -file to -.b qf -and send it again. -.pp -The -.b qf -file is structured as a series of lines -each beginning with a code letter. -The lines are as follows: -.ip V -The version number of the queue file format, -used to allow new -.i sendmail -binaries to read queue files created by older versions. -Defaults to version zero. -Must be the first line of the file if present. -For 8.12 the version number is 6. -.ip A -The information given by the AUTH= parameter of the -.q "MAIL FROM:" -command or $f@$j -if sendmail has been called directly. -.ip H -A header definition. -There may be any number of these lines. -The order is important: -they represent the order in the final message. -These use the same syntax -as header definitions in the configuration file. -.ip C -The controlling address. -The syntax is -.q localuser:aliasname . -Recipient addresses following this line -will be flagged so that deliveries will be run as the -.i localuser -(a user name from the /etc/passwd file); -.i aliasname -is the name of the alias that expanded to this address -(used for printing messages). -.ip Q -The ``original recipient'', -specified by the ORCPT= field in an ESMTP transaction. -Used exclusively for Delivery Status Notifications. -It applies only to the following `R' line. -.ip r -The ``final recipient'' -used for Delivery Status Notifications. -It applies only to the following `R' line. -.ip R -A recipient address. -This will normally be completely aliased, -but is actually realiased when the job is processed. -There will be one line for each recipient. -Version 1 qf files -also include a leading colon-terminated list of flags, -which can be -`S' to return a message on successful final delivery, -`F' to return a message on failure, -`D' to return a message if the message is delayed, -`B' to indicate that the body should be returned, -`N' to suppress returning the body, -and -`P' to declare this as a ``primary'' (command line or SMTP-session) address. -.ip S -The sender address. -There may only be one of these lines. -.ip T -The job creation time. -This is used to compute when to time out the job. -.ip P -The current message priority. -This is used to order the queue. -Higher numbers mean lower priorities. -The priority changes -as the message sits in the queue. -The initial priority depends on the message class -and the size of the message. -.ip M -A message. -This line is printed by the -.i mailq -command, -and is generally used to store status information. -It can contain any text. -.ip F -Flag bits, represented as one letter per flag. -Defined flag bits are -.b r -indicating that this is a response message -and -.b w -indicating that a warning message has been sent -announcing that the mail has been delayed. -Other flag bits are: -.b 8 : -the body contains 8bit data, -.b b : -a Bcc: header should be removed, -.b d : -the mail has RET parameters (see RFC 1894), -.b n : -the body of the message should not be returned -in case of an error, -.b s : -the envelope has been split. -.ip N -The total number of delivery attempts. -.ip K -The time (as seconds since January 1, 1970) -of the last delivery attempt. -.ip d -If the df file is in a different directory than the qf file, -then a `d' record is present, -specifying the directory in which the df file resides. -.ip I -The i-number of the data file; -this can be used to recover your mail queue -after a disastrous disk crash. -.ip $ -A macro definition. -The values of certain macros -are passed through to the queue run phase. -.ip B -The body type. -The remainder of the line is a text string defining the body type. -If this field is missing, -the body type is assumed to be -.q "undefined" -and no special processing is attempted. -Legal values are -.q 7BIT -and -.q 8BITMIME . -.ip Z -The original envelope id (from the ESMTP transaction). -For Deliver Status Notifications only. -.pp -As an example, -the following is a queue file sent to -.q eric@mammoth.Berkeley.EDU -and -.q bostic@okeeffe.CS.Berkeley.EDU \**: -.(f -\**This example is contrived and probably inaccurate for your environment. -Glance over it to get an idea; -nothing can replace looking at what your own system generates. -.)f -.(b -V4 -T711358135 -K904446490 -N0 -P2100941 -$_eric@localhost -${daemon_flags} -Seric -Ceric:100:1000:sendmail@vangogh.CS.Berkeley.EDU -RPFD:eric@mammoth.Berkeley.EDU -RPFD:bostic@okeeffe.CS.Berkeley.EDU -H?P?Return-path: <^g> -H??Received: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703; - Fri, 17 Jul 1992 00:28:55 -0700 -H??Received: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7) - id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700 -H??Received: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5) - id AA22777; Fri, 17 Jul 1992 03:29:14 -0400 -H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C) - id AA22757; Fri, 17 Jul 1992 09:31:25 GMT -H?F?From: eric@foo.bar.baz.de (Eric Allman) -H?x?Full-name: Eric Allman -H??Message-id: <9207170931.AA22757@foo.bar.baz.de> -H??To: sendmail@vangogh.CS.Berkeley.EDU -H??Subject: this is an example message -.)b -This shows -the person who sent the message, -the submission time -(in seconds since January 1, 1970), -the message priority, -the message class, -the recipients, -and the headers for the message. -.+c "SUMMARY OF SUPPORT FILES" -.pp -This is a summary of the support files -that -.i sendmail -creates or generates. -Many of these can be changed by editing the sendmail.cf file; -check there to find the actual pathnames. -.nr ii 1i -.ip "/usr/\*(SD/sendmail" -The binary of -.i sendmail . -.ip /usr/\*(SB/newaliases -A link to /usr/\*(SD/sendmail; -causes the alias database to be rebuilt. -Running this program is completely equivalent to giving -.i sendmail -the -.b \-bi -flag. -.ip /usr/\*(SB/mailq -Prints a listing of the mail queue. -This program is equivalent to using the -.b \-bp -flag to -.i sendmail . -.ip /etc/mail/sendmail.cf -The configuration file, -in textual form. -.ip /etc/mail/helpfile -The SMTP help file. -.ip /etc/mail/statistics -A statistics file; need not be present. -.ip /etc/mail/sendmail.pid -Created in daemon mode; -it contains the process id of the current SMTP daemon. -If you use this in scripts; -use ``head \-1'' to get just the first line; -the second line contains the command line used to invoke the daemon, -and later versions of -.i sendmail -may add more information to subsequent lines. -.ip /etc/mail/aliases -The textual version of the alias file. -.ip /etc/mail/aliases.db -The alias file in -.i hash \|(3) -format. -.ip /etc/mail/aliases.{pag,dir} -The alias file in -.i ndbm \|(3) -format. -.ip /var/spool/mqueue -The directory in which the mail queue(s) -and temporary files reside. -.ip /var/spool/mqueue/qf* -Control (queue) files for messages. -.ip /var/spool/mqueue/df* -Data files. -.ip /var/spool/mqueue/tf* -Temporary versions of the qf files, -used during queue file rebuild. -.ip /var/spool/mqueue/xf* -A transcript of the current session. -.if o \ -\{\ -. bp -. rs -. sp |4i -. ce 2 -This page intentionally left blank; -replace it with a blank sheet for double-sided output. -.\} -.\".ro -.\".ls 1 -.\".tp -.\".sp 2i -.\".in 0 -.\".ce 100 -.\".sz 24 -.\".b SENDMAIL -.\".sz 14 -.\".sp -.\"INSTALLATION AND OPERATION GUIDE -.\".sp -.\".sz 10 -.\"Eric Allman -.\".sp -.\"Version $Revision: 8.609.2.17 $ -.\".ce 0 -.bp 3 -.ce -.sz 12 -TABLE OF CONTENTS -.sz 10 -.sp -.\" remove some things to avoid "out of temp file space" problem -.rm sh -.rm (x -.rm )x -.rm ip -.rm pp -.rm lp -.rm he -.rm fo -.rm eh -.rm oh -.rm ef -.rm of -.xp -.if o \ -\{\ -. bp -. rs -. sp |4i -. ce 2 -This page intentionally left blank; -replace it with a blank sheet for double-sided output. -.\} |