Many options and flags can be used in configuring the sendmail.cf file. All of the important configuration parameters are covered in Chapter 10. But if you are unlucky enough to have a configuration that requires you to tweak one of the more obscure parameters, you will find all of them in the following tables.
sendmail has many internal macros. As of sendmail V8, it also has some internal classes. Some of these classes (e, n, q, and s) have been added to support new MIME mail features. A few (k, m, and w) hold the multiple hostnames and domains associated with a well-connected host. The last one (t) holds the list of trusted users. The full list of internal classes is shown in Table 13.10
Name | Stores |
---|---|
e | Supported MIME Content-Transfer-Encodings. Initialized to 7bit, 8bit, and binary |
k | The system's UUCP node names |
m | All local domains for this host |
n | MIME body types that should never be 8- to 7-bit encoded. Initialized to multipart/signed |
q | MIME Content-Types that should not be Base64-encoded. Initialized to text/plain |
s | MIME message subtypes that can be processed recursively. Initialized to rfc822 |
t | The list of trusted users |
w | All hostnames this system will accept as its own |
A large number of sendmail options can be set inside of the sendmail configuration file. Chapter 10 provides the syntax of the option command in Table 10-1 and several examples of options. The complete list of options is:
class
:]file
, [class
:]file
...Identify the alias file(s). class
is optional and defaults
to "implicit". Valid classes are "implicit", "hash", "dbm", "stab"
(internal symbol table) or "nis". The selected database class must
be a database type that was compiled into sendmail on your
system. file
is the pathname of the alias file.
timeout
Wait timeout
minutes for an "@:@" entry to appear in the alias
database before starting up. When timeout
expires, automatically
rebuild the database if AutoRebuildAliases is set; otherwise,
issue a warning.
Accept illegal HELO SMTP commands that don't contain a hostname.
Automatically rebuild the alias database when necessary. The preferred method is to rebuild the alias database with an explicit newaliases command.
c
Use c
as the blank substitution character to replace unquoted
spaces in addresses. The default is to leave the spaces unchanged.
Check that the delivery address in each aliases is valid when rebuilding the alias database. Normally this check is not done. Adding this check slows the database build substantially. This is a Boolean.
n
Checkpoint the queue after every n items are processed to simplify recovery if your system crashes during queue processing. The default is 10.
fact
The multiplier used to favor messages with a higher value in the Priority: header. Defaults to 1800.
Accept colons in email addresses (e.g., host:user). Colons are always accepted in pairs in mail routing (nodename::user) or in an RFC 822 group constructs (groupname: member1, member2, ...;). By default, this option is "on" if the configuration version level is less than 6.
n
The number of connections that can be held open (cached) by this instantiation of sendmail. The default is 1. The maximum is 4. 0 causes connections to closed immediately after the data is sent, which is the traditional way sendmail operated.
timeout
The amount of time an inactive cached connection is held open. After timeout minutes of inactivity it is closed. The default is 5 minutes.
n
Limit the number of incoming connections accepted in any 1-second
period to n
. The default is 0, which means no limit.
options
Set SMTP server options. The options
are key=value pairs.
The options are:
Port=portnumber
, where portnumber
is any valid port
number. It can be specified with the number or the name found in
/etc/services. The default is port 25, smtp.
Addr=mask
, where mask
is an IP address mask specified
either in dotted decimal notation or as a network name. The default is
INADDR-ANY, which accepts all addresses.
Family=addressfamily
, where addressfamily
is a valid
address family (see the ifconfig command). The default is INET,
which allows IP addresses to be used.
Listen=n
, where n
is a the number of queued connections
allowed. The default is 10.
SndBufSize=n
, where n
is the send buffer size.
RcvBufSize=n
, where n
is the receive buffer size.
charset
The character set placed in the Content-Type: header when 8-bit data is converted to MIME format. The default is "unknown-8bit". This option is overridden by the Charset= field of the mailer descriptor.
user
[:group
]The default user ID and group ID for mailers without the S flag in their
definitions. If group
is omitted, the group associated with
user in the /etc/passwd file is used. The default is 1:1.
x
Deliver in mode x
, where x
is i (interactive delivery), b
(background delivery), q (queue the message), or d (defer until the queue
run). The default is b.
delaytime
Delay delaytime
seconds before redialing a failed connection on
dial-on-demand networks. The default is 0 (no redial).
Disable the $[name
$] syntax used to convert nicknames to
canonical names.
Don't use the initgroups(3) call. This setting reduces NIS server load, but limits a user to the group associated with that user in /etc/passwd.
Don't optimize explicit mail routes. Normally, sendmail makes a route as direct as possible. However, optimizing the route may not be appropriate for systems located behind a firewall.
error-address
Send the report of an error that occurs when sending an error message
to error-address
. The default is "postmaster".
action
Handle undeclared 8-bit data by following the specified action. The possible actions are: s (strict), reject undeclared 8-bit data; m (mime), convert it to MIME; and p (pass), pass it through unaltered.
file-or-message
Prepend file-or-message to outgoing error messages. If
file-or-message
is the path to a text file that is to be prepended,
it must begin with a slash. If this option is not defined, nothing is
prepended to error messages.
x
Handle errors messages according to x, where x is: p (print messages); q (give exit status but no messages); m (mail back messages); w (write messages to the user's terminal); e (mail back messages and always give zero exit status). If this option is not defined, error messages are printed.
fallbackhost
Run a separate process for every item delivered from the queue. This option reduces the amount of memory needed to process the queue.
path
The path
to search for .forward files. Multiple paths can be
defined by separating them with colons. The default is $z/.forward.
file
The path to the help
file.
Queue mail for outgoing mailers that have the e (expensive) mailer flag. Normally mail is delivered immediately.
path
The path to the hosts file. The default is /etc/hosts.
path
Directory in which host status information is stored so that it can be shared between sendmail processes. Normally, the status of a host or connection is only known by the process that discovers that status. To function, this option requires that ConnectionCacheSize be set to at least 1.
Ignore dots in incoming messages. Dots cannot be ignored by SMTP mail because they are used to mark the end of a mail message.
n
n
indicates the level of detail stored in the log file. n
defaults to 9, which is normally plenty of detail.
Check the username from the email address against the GECOS field of the passwd file if it was not found in the alias database or in the username field of the passwd file. This option is not recommended.
n
Refuse connections when n
children are processing incoming mail.
Normally sendmail sets no arbitrary limit on child processes.
n
Assume a message is looping when it has been processed more than n
times. The default is 25.
n
Retain host status information for n
minutes.
n
The maximum message size advertised in response to the ESMTP EHLO. Messages larger than this are rejected.
n
The maximum number of item that can be processed in a single queue run. The default is no limit.
Send a copy to the sender.
n
Don't accept incoming mail unless n
blocks are free in the queue filesystem.
n
Don't process any jobs that have been in the queue less than n
minutes.
s
The list of characters added to the set "@,;:\()[]" that must be
quoted when used in the username part of an address. If
MustQuoteChars is specified without an s
value, it adds
"." to the standard set of quoted characters.
action
The action
taken when a message has no valid recipient
headers. action
can be none to pass the message on
unmodified, add-to to add a To: header using the recipient
addresses from the envelope, add-apparently-to to add an
Apparently-To: header, add-to-undisclosed to add a "To:
undisclosed-recipients:;" header, or add-bcc to add an empty
Bcc: header.
Allow spaces to delimit names. Normally, commas delimit names.
charlist
The list of operator characters that are normally defined in macro o. The default is the standard set of operators. See the discussion of rewrite tokens, and the use of operators in determining tokens, in Chapter 10.
username
Copy error messages to username
. The default is not to send copies
of error messages to the postmaster.
options
Set SMTP protocol options
, where options
is a comma-separated list containing one or more of these keywords:
public: allow all commands
needmailhelo: require HELO or EHLO before MAIL
needexpnhelo: require HELO or EHLO before EXPN
noexpn: disable EXPN
needvrfyhelo: require HELO or EHLO before VRFY
novrfy: disable VRFY
restrictmailq: restrict mailq to users with group access to the queue directory
restrictqrun: only root and the owner of the queue directory are allowed to run the queue
noreceipts: don't return successful delivery messages
goaway: disable all SMTP status queries
authwarnings: put X-Authentication-Warning: headers in messages
directory
directory
is the pathname of the queue directory.
factor
The factor used with the difference between the current load and the load average limit and with the message priority to determine if a message should be queued or sent immediately. The idea is to queue low-priority messages if the system is currently heavily loaded. It defaults to 600000.
n
Queue messages when the system load average exceeds n
. The default
is 8.
sequence
Sort the queue in the sequence
specified, where
sequence
is: h (hostname sequence); t (submission
time sequence); or p (message priority order). Priority ordering
is the default.
options
Set resolver options
.
Available option values are:
debug, aaonly, usevc, primary, igntc,
recurse, defnames, stayopen, and dnsrch. The
option can be preceded by a plus (+) to turn it on or a minus (-) to
turn it off. One other option, HasWildcardMX, is specified
without a + or -. Simply adding HasWildcardMX turns the option
on.
userid
[:groupid]Run sendmail under this user ID and group ID instead of under root. This may enhance security when the sendmail is running on a well maintained firewall. On general purpose systems, this may decrease security because it requires that many files be readable or writable by this user ID.
factor
The priority of a job is lowered by this factor for each recipient, so that jobs with large numbers of recipients have lower priority. Defaults to 30000.
n
Refuse incoming SMTP connections when the system load average exceeds
n
. The default is 12.
factor
The factor used to decrease the priority of a job every time it is processed, so that mail that cannot be delivered does not keep popping to the top of the queue. The default is 90000.
directory
chroot(2) to directory
before writing a file and refuse to deliver
to symbolic links.
Save UNIX-style From: lines at the front of headers. Normally they are discarded.
Send error messages in MIME format.
path
The path
to a file that lists the of methods used for
various services. The ServiceSwitchFile contains entries that
begin with the service name followed by the service method.
sendmail checks for services named "aliases" and "hosts" and
supports "dns", "nis", "nisplus", or "files" as possible service
methods, assuming that support for all of these methods is compiled
into this copy of sendmail. ServiceSwitchFile defaults to
/etc/service.switch. If that file does not exist, sendmail uses
the following service methods: aliases are looked up in the aliases
files, and hosts are looked up first using dns, then nis, and finally
the hosts file. If the operating system has a built-in service switch
feature, it is used and this option is ignored. See the description of
the nsswitch.conf file in Chapter 9, Configuring Network Servers . It is a service switch file.
Strip input to 7 bits for compatibility with old systems. This shouldn't be necessary.
For compatibility with some versions of Lotus Notes, unwrapped From: lines that have embedded newlines into one long line.
Don't open more than one SMTP connections to a remote host at the same time. This option requires the HostStatusDirectory option.
message
The greeting sent to the remote host when it connects to the SMTP server port. This is the value defined in macro e.
file
Log summary statistics in file
. By default, summary statistics
are not logged.
Create a queue file, even when attempting immediate delivery.
mode
Use mode
to set the access permissions for queue files.
mode
is an octal value. It defaults to 0600.
type
=timeout
Set timeout values, where type
is the thing being timed and
timeout
is the time interval before the timer expires.
Table 13.11
lists the valid type
values, the event being timed and the default
timeout
value for each type.
Type | Waiting For | Default |
---|---|---|
initial | Initial greeting message | 5m |
helo | Reply to HELO or EHLO command | 5m |
Reply to MAIL command | 10m | |
rcpt | Reply to RCPT command | 1h |
datainit | Reply to DATA command | 5m |
datablock | Data block read | 1h |
datafinal | Reply to terminating "." | 1h |
rset | Reply to RSET command | 5m |
quit | Reply to QUIT command | 2m |
misc | Reply to NOOP and VERB commands | 2m |
ident | IDENT protocol response | 30s |
fileopen | Open on a .forward or :include: file | 60s |
command | Command read | 1h |
queuereturn | Returning a queued message as undeliverable | 5d |
queuewarn | Warning that a message is still queued | none |
hoststatus | Removing stale host status | 30m |
tzinfo
Set the local time zone information to tzinfo
. If
TimeZoneSpec is not set, the system default is used; if set to
null, the user's TZ variable is used.
Connect directly to any remote host that lists the local system as its most preferred MX server, as if the remote host had no MX records. You are discouraged from using this option.
fromline
Defines the format for UNIX-style From: lines. This is the same as the value stored in macro l.
Group writable :include: and .forward files cannot reference programs or write directly to files. World-writable files always have these restrictions.
Send error messages to the addresses listed in the Errors-To: header. Normally, errors are sent to the sender address form the envelope.
udbspec
The user database specification.
Indicates that this is not relayed mail, but an initial submission directly from a Mail User Agent.
Run in verbose mode.
Older versions of sendmail use a different option syntax:
oxvalue
In this syntax o is the command, x
is a single character
option name, and value
is the value passed to sendmail to
set the option. Some options are Booleans that require no input value.
Table 13.12
lists all of the old-style options.
Name | Function |
---|---|
Afile | Define the name of the alias file. |
aN | Wait N minutes for @:@; then rebuild the alias file. |
Bc | Define the blank substitution character. |
c | Queue mail for expensive mailers. |
D | Rebuild the alias database. |
db | Deliver in background mode. |
di | Deliver interactively. |
dq | Deliver during the next queue run. |
ee | Mail error messages and always return 0 exit status. |
em | Mail back error messages. |
ep | Print error messages. |
eq | Just return exit status, not error messages. |
ew | Write back error messages. |
Fn | Set permissions for temporary files to n . |
f | Retain UNIX-style From: lines. |
gn | Set the default group ID for mailers to n . |
Hfile | Define the name of the SMTP help file. |
I | Use the BIND name server to resolve all hostnames. |
i | Ignore dots in incoming messages. |
Ln | Set the level of logging to n . |
Mxval | Set macro x to val . |
m | Send to me, too. |
Nnet | Define the name of the home network. |
o | Accept old format headers. |
Qdir | Define the name of the queue directory. |
qn | Define a factor n used to decide when to queue jobs. |
rt | Set interval t for read timeout. |
Sfile | Define the name of the statistics log file. |
s | Always create the queue file before attempting delivery. |
Tt | Set the queue timeout to t . |
un | Set the default user ID for mailers to n . |
v | Run in verbose mode. |
Wpass | Define password used for remote debugging. |
Xl | Refuse SMTP connections if load average exceeds l . |
xl | Queue messages if load average exceeds l . |
Y | Deliver each queued job in a separate process. |
yn | Lower priority of jobs by n for each recipient. |
Zn | Decrease a job's priority by n each time it is run. |
zn | Factor used with precedence to determine message priority. |
See Chapter 10 for examples of setting options with both styles of syntax.
Mailer flags are declared in the F field of the mailer definition. Each mailer flag is set by a single character that represents that flag. For example: F=lsDFMe sets six different flags. Table 13.13 lists the single character name and function of each flag.
Name | Function |
---|---|
C | Add @domain to addresses that do not have an @. |
D | The mailer wants a Date: header line. |
E | Add > to message lines that begin with From:. |
e | This an expensive mailer. See sendmail option c. |
F | The mailer wants a From: header line. |
f | The mailer accepts a -f flag from trusted users. |
h | Preserve uppercase in hostnames. |
I | The mailer will be speaking SMTP to another sendmail. |
L | Limit the line lengths as specified in RFC821. |
l | This is a local mailer. |
M | The mailer wants a Message-Id: header line. |
m | The mailer can send to multiple users in one transaction. |
n | Don't insert a UNIX-style From: line in the message. |
P | The mailer wants a Return-Path: line. |
R | Use the MAIL FROM: return-path rather than the return address. |
r | The mailer accepts a -r flag from trusted users. |
S | Don't reset the userid before calling the mailer. |
s | Strip quotes off of the address before calling the mailer. |
U | The mailer wants UNIX-style From: lines. |
u | Preserve uppercase in usernames. |
X | Prepend a dot to lines beginning with a dot. |
x | The mailer wants a Full-Name: header line. |
See Chapter 10 for examples of mailer flag declaration within mailer definitions.
The sendmail K command is used to define a database within the sendmail.cf file. The K command syntax is:
K
name type
[arguments
]
Chapter 10 provides examples of defining and using a sendmail database,
and it describes the K command syntax. This appendix lists the valid
type
values and arguments
that can be used with a K command.
The type field of the K command identifies what kind of database is being defined. There are several internal database types that are specific to sendmail and several external types that rely on external database libraries. Support for the external database types must be compiled into sendmail by explicitly specifying the supported database types in the DBMDEF variable in the Makefile used to build sendmail. See the example of compiling sendmail earlier in this appendix.
The possible values for type are:
The "new dbm" database format. It is accessed using the ndbm(3) library. Only supported if sendmail is compiled with NDBM defined.
The btree database format. It is accessed using the Berkeley db(3) library. Only supported if sendmail is compiled with NEWDB defined.
The hash database format. It is accessed using the Berkeley db(3) library. Only supported if sendmail is compiled with NEWDB defined.
NIS server lookups. sendmail must be compiled with NIS defined to support this.
NIS+ server lookups. sendmail must be compiled with NISPLUS defined to support this.
MIT hesiod server lookups. Support requires that sendmail is compiled with HESIOD defined.
X500 directory searches using LDAP. sendmail must be compiled with LDAPMAP defined to support this. sendmail supports most of the standard command line arguments of the ldapsearch program.
NeXT NetInfo lookups. Only supported if sendmail is compiled with NETINFO defined.
Text file lookups. Requires no external database libraries or compile options. The format of the text database is defined with the key field, value field, and field delimiter flags. See the next section for a description of the K command flags.
An internal symbol table database.
The default internal sendmail format used for an alias file, if no type is defined for the file.
A special sendmail type used to verify the existence of a user by using getpwnam(3).
A special sendmail type used to convert nicknames and IP addresses to
canonical names via the domain name server. This is an alternative form
of the $[name
]$ syntax.
A special sendmail type used to define the order in which previously defined databases are searched. For example, assume that three databases (file1, file2, and file3) are defined by K commands. It is possible to add a fourth K command, Kallfiles sequence file3 file1 file2, that "combines" them together as allfiles and specifies that file3 is searched first, file1 second, and file2 third.
A special sendmail type that uses the service switch file to set the
order in which database files are searched. The argument
on a K
command with a type
of "switch" must be the name of a service in
the service switch file. The values associated with the service name in
the service switch file are used to create the names of databases that
are searched in the order in which they are defined. For example: the
command Kali switch aliases looks up the service switch entry
for aliases
. If it contains the values nis files
,
sendmail searches databases named ali.nis and
ali.files in that order.
A special sendmail type used to strip unwanted double quotes ("
) from
email addresses.
The argument that follows most database types is a filename. The
filename identifies the external file that contains the database. Only
the basic filename is provided. sendmail adds an extension appropriate
for the database type. For example: Krealname dbm /usr/etc/names
becomes /usr/etc/names.db because .db is the correct
extension for dbm databases.
In addition to a filename, the arguments field can contain optional flags:
This is an optional database. sendmail proceeds without error if the file is not found.
Valid database keys are terminated with a NULL character.
Valid database keys are never terminated with a NULL character. Never specify both -N and -O, which indicates that no keys are valid! It is safest to avoid both -N and -O and let sendmail determine the correct key structure unless you are positive about the correct flag.
x
Append the string x
to the value return by a successful match.
Do not convert uppercase to lowercase before attempting to match the key.
Check that the key exists in the database, but do not replace the key with the value returned by the database.
keycol
The location of the key within a database entry. For most databases
the key is the first field and this flag is not needed. For text file
lookups this flag is required and keycol
is the column number in
which the key begins.
valcol
The location of the value within a database entry. For most databases, the value follows the key and the -v flag is not used. For text file lookups, this flag is required and specifies the column in which the value field begins.
delim
The character that delimits fields within the database. By default, it is whitespace.
Allow database lookups that depend on remote servers to fail instead of queuing the mail for later processing. This is primarily used when you have DNS server problems. Normally when a remote server fails to respond the mail is put in the queue for later delivery. Setting this flag causes the mail to be immediately returned to the sender as undeliverable.
spacesub
Use spacesub
to replace space characters after processing an
address against the dequote database.
The full lists of database types and flag provided in this appendix will help you understand the K commands inserted into the sendmail.cf file by the m4 processor. Your own K commands will be much simpler. You will stick with a database type that is supported by your sendmail and makemap commands, and you will build simple databases designed to fulfill specific purposes. Chapter 10 provides examples of such databases, and the next section contains some simple scripts used to build those example databases.
In Chapter 10, the realnames database is used to rewrite login usernames to the "firstname dot lastname" format for outbound email. The script shown below builds the realnames database from the /etc/passwd file.
#! /bin/sh # # Eliminate "non-login" accounts grep -v ':*:' /etc/passwd | \ # Eliminate "exposed" usernames, i.e. usernames defined # in class E as names that should not be re-written grep -v 'root:' | \ # Replace delimiting colons with whitespace sed 's/:/ /g' | \ # Output the username followed by firstname.lastname awk '{ print $1, $5"."$6 }' > realnames # Build the realnames database makemap dbm realnames < realnames
Building realnames from the passwd file is completely dependent on the format of that file. The passwd file must have a consistent format for the GECOS field and a consistent way to identify a "non-user" account. A "non-user" account is not accessed by a user to log in or to collect email. It is normally a system account used by system or application software. A classic example is the uucp account. Every system has some way to mark that these accounts are not used for user logins. Some systems use an asterisk in the password field, while others use an exclamation mark, the letters NP, an x, or something else. The sample script assumes that an asterisk is used, which is the case on my Linux system. (My Solaris systems uses an x.) Print out your passwd file to find out what it uses and modify the script accordingly.
The sample script also assumes that the first two values in the GECOS field are the user's first and last name separated by a blank. If the beginning of the GECOS field is in any other format, the script produces garabage. The procedure you use to add new users to your system should produce a consistent GECOS field. Inconsistency is the enemy of automation. The sample below shows a file that has inconsistencies and the bad data it produces:
% cat /etc/passwd root:oRd1L/vMzzxno:0:1:System Administrator:/:/bin/csh nobody:*:65534:65534::/: daemon:*:1:1::/: sys:*:2:2::/:/bin/csh bin:*:3:3::/bin: uucp:*:4:8::/var/spool/uucppublic: news:*:6:6::/var/spool/news:/bin/csh ingres:*:7:7::/usr/ingres:/bin/csh audit:*:9:9::/etc/security/audit:/bin/csh craig:1LrpKlz8sYjw:198:102:Craig Hunt:/home/craig:/bin/csh dan:RSU.NYlKuFqzh2:214:885:Dan Scribner:/home/dan:/bin/csh becca:monfTHdnjj:101:102:"Becky_Hunt":/home/becca:/bin/csh dave:lniuhugfds:121:885:David H. Craig:/home/dave:/bin/csh kathy:TUVigddehh:101:802:Kathleen S McCafferty:/home/kathy:/bin/csh % build.realnames %cat realnames
craig Craig.Hunt dan Dan.Scribner becca "Becky_Hunt"./home/becca dave David.H. kathy Kathleen.S
Your passwd file may have grown over time under the control of several different system administrators. It may be full of inconsistencies. If it is, clean it up before you run the script to build email aliases, and then maintain it consistently.