Linux Cubed Series 7: Sunsite

home *** CD-ROM | disk | FTP | other *** search

/ Linux Cubed Series 7: Sunsite / Linux Cubed Series 7 - Sunsite Vol 1.iso / system / mail / delivery / sendmail.002 / sendmail / sendmail-8.7.3-bin / sendmail-operation-manual.doc < prev next >

Wrap

Text File | 1995-10-21 | 265.4 KB | 7,261 lines

SSEENNDDMMAAIILL IINNSSTTAALLLLAATTIIOONN AANNDD OOPPEERRAATTIIOONN GGUUIIDDEE Eric Allman University of California, Berkeley Mammoth Project eric@CS.Berkeley.EDU Version 8.67 For Sendmail Version 8.7 _S_e_n_d_m_a_i_l implements a general purpose internetwork mail routing facility under the UNIX(R) operating system. It is not tied to any one transport protocol -- its function may be likened to a crossbar switch, relaying messages from one domain into another. In the process, it can do a limited amount of message header editing to put the message into a format that is appropriate for the receiving domain. All of this is done under the control of a configuration file. Due to the requirements of flexibility for _s_e_n_d_m_a_i_l, the configuration file can seem somewhat unapproachable. However, there are only a few basic configurations for most sites, for which standard configuration files have been sup- plied. Most other configurations can be built by adjusting an existing configuration files incrementally. _S_e_n_d_m_a_i_l is based on RFC821 (Simple Mail Transport Pro- tocol), RFC822 (Internet Mail Format Protocol), RFC1123 (Internet Host Requirements), RFC1521 (MIME), RFC1651 (SMTP Service Extensions), and a series of as-yet-draft standards describing Delivery Status Notifications (DSNs), available from the internet drafts sites as draft-ietf-notary-mime- delivery-_X_X.txt, draft-ietf-notary-mime-report-_X_X.txt, draft-ietf-notary-smtp-drpt-_X_X.txt, and draft-ietf-notary- status-_X_X.txt (replace _X_X by the latest draft number). How- ever, since _s_e_n_d_m_a_i_l is designed to work in a wider world, in many cases it can be configured to exceed these proto- cols. These cases are described herein. Although _s_e_n_d_m_a_i_l is intended to run without the need for monitoring, it has a number of features that may be used to monitor or adjust the operation under unusual circum- stances. These features are described. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--11 SSMMMM::0088--22 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee Section one describes how to do a basic _s_e_n_d_m_a_i_l installation. Section two explains the day-to-day informa- tion you should know to maintain your mail system. If you have a relatively normal site, these two sections should contain sufficient information for you to install _s_e_n_d_m_a_i_l and keep it happy. Section three describes some parameters that may be safely tweaked. Section four has information regarding the command line arguments. Section five contains the nitty-gritty information about the configuration file. This section is for masochists and people who must write their own configuration file. Section six describes config- uration that can be done at compile time. Section seven gives a brief description of differences in this version of _s_e_n_d_m_a_i_l. The appendixes give a brief but detailed explana- tion of a number of features not described in the rest of the paper. WWAARRNNIINNGG:: Several major changes were introduced in ver- sion 8.7. You should not attempt to use this document for prior versions of _s_e_n_d_m_a_i_l. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--77 11.. BBAASSIICC IINNSSTTAALLLLAATTIIOONN There are two basic steps to installing _s_e_n_d_m_a_i_l. The hard part is to build the configuration table. This is a file that _s_e_n_d_m_a_i_l reads when it starts up that describes the mailers it knows about, how to parse addresses, how to rewrite the message header, and the settings of various options. Although the configuration table is quite complex, a configuration can usually be built by adjusting an existing off-the-shelf configura- tion. The second part is actually doing the installa- tion, i.e., creating the necessary files, etc. The remainder of this section will describe the installation of _s_e_n_d_m_a_i_l assuming you can use one of the existing configurations and that the standard installa- tion parameters are acceptable. All pathnames and exam- ples are given from the root of the _s_e_n_d_m_a_i_l subtree, normally _/_u_s_r_/_s_r_c_/_u_s_r_._s_b_i_n_/_s_e_n_d_m_a_i_l on 4.4BSD. If you are loading this off the tape, continue with the next section. If you have a running binary already on your system, you should probably skip to section 1.2. 11..11.. CCoommppiilliinngg SSeennddmmaaiill All _s_e_n_d_m_a_i_l source is in the _s_r_c subdirectory. If you are running on a 4.4BSD system, compile by typ- ing "make". On other systems, you may have to make some other adjustments. On most systems, you can do the appropriate compilation by typing sh makesendmail This will leave the binary in an appropriately named subdirectory. It works for multiple object versions compiled out of the same directory. 11..11..11.. TTwweeaakkiinngg tthhee MMaakkeeffiillee _S_e_n_d_m_a_i_l supports two different formats for the local (on disk) version of databases, notably the _a_l_i_a_s_e_s database. At least one of these should be defined if at all possible. NDBM The ``new DBM'' format, available on nearly all systems around today. This was the preferred format prior to 4.4BSD. It allows such complex things as multiple databases and closing a currently open database. SSMMMM::0088--88 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee NEWDB The new database package from Berkeley. If you have this, use it. It allows long records, multiple open databases, real in-memory caching, and so forth. You can define this in conjunction with one of the other two; if you do, old databases are read, but when a new database is cre- ated it will be in NEWDB format. As a nasty hack, if you have NEWDB, NDBM, and NIS defined, and if the alias file name includes the substring "/yp/", _s_e_n_d_m_a_i_l will create both new and old versions of the alias file during a _n_e_w_a_l_i_a_s command. This is required because the Sun NIS/YP system reads the DBM version of the alias file. It's ugly as sin, but it works. If neither of these are defined, _s_e_n_d_m_a_i_l reads the alias file into memory on every invocation. This can be slow and should be avoided. There are also several methods for remote database access: NIS Sun's Network Information Services (for- merly YP). NISPLUS Sun's NIS+ services. NETINFO NeXT's NetInfo service. HESIOD Hesiod service (from Athena). Other compilation flags are set in conf.h and should be predefined for you unless you are porting to a new environment. 11..11..22.. CCoommppiillaattiioonn aanndd iinnssttaallllaattiioonn After making the local system configuration described above, You should be able to compile and install the system. The script "makesendmail" is the best approach on most systems: sh makesendmail This will use _u_n_a_m_e(1) to select the correct Make- file for your environment. You may be able to install using sh makesendmail install This should install the binary in /usr/sbin and create links from /usr/bin/newaliases and SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--99 /usr/bin/mailq to /usr/sbin/sendmail. On 4.4BSD systems it will also format and install man pages. 11..22.. CCoonnffiigguurraattiioonn FFiilleess _S_e_n_d_m_a_i_l cannot operate without a configuration file. The configuration defines the mail delivery mechanisms understood at this site, how to access them, how to forward email to remote mail systems, and a number of tuning parameters. This configuration file is detailed in the later portion of this docu- ment. The _s_e_n_d_m_a_i_l configuration can be daunting at first. The world is complex, and the mail configura- tion reflects that. The distribution includes an m4-based configuration package that hides a lot of the complexity. These configuration files are simpler than old versions largely because the world has become simpler; in particular, text-based host files are officially eliminated, obviating the need to "hide" hosts behind a registered internet gateway. These files also assume that most of your neigh- bors use domain-based UUCP addressing; that is, instead of naming hosts as "host!user" they will use "host.domain!user". The configuration files can be customized to work around this, but it is more com- plex. Our configuration files are processed by _m_4 to facilitate local customization; the directory _c_f of the _s_e_n_d_m_a_i_l distribution directory contains the source files. This directory contains several subdi- rectories: cf Both site-dependent and site-independent descriptions of hosts. These can be literal host names (e.g., "ucbvax.mc") when the hosts are gateways or more general descrip- tions (such as "tcpproto.mc" as a general description of an SMTP-connected host or "uucpproto.mc" as a general description of a UUCP-connected host). Files ending ..mmcc (``Master Configuration'') are the input descriptions; the output is in the corre- sponding ..ccff file. The general structure of these files is described below. domain Site-dependent subdomain descriptions. These are tied to the way your organization SSMMMM::0088--1100 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee wants to do addressing. For example, ddoommaaiinn//ccss..eexxppoosseedd..mm44 is our description for hosts in the CS.Berkeley.EDU subdomain that want their individual hostname to be exter- nally visible; ddoommaaiinn//ccss..hhiiddddeenn..mm44 is the same except that the hostname is hidden (everything looks like it comes from CS.Berkeley.EDU). These are referenced using the DOMAIN mm44 macro in the ..mmcc file. feature Definitions of specific features that some particular host in your site might want. These are referenced using the FEATURE mm44 macro. An example feature is use_cw_file (which tells _s_e_n_d_m_a_i_l to read an /etc/sendmail.cw file on startup to find the set of local names). hack Local hacks, referenced using the HACK mm44 macro. Try to avoid these. The point of having them here is to make it clear that they smell. m4 Site-independent _m_4(1) include files that have information common to all configuration files. This can be thought of as a "#include" directory. mailer Definitions of mailers, referenced using the MAILER mm44 macro. The mailer types that are known in this distribution are fax, local, smtp, uucp, and usenet. For example, to include support for the UUCP-based mailers, use "MAILER(uucp)". ostype Definitions describing various operating system environments (such as the location of support files). These are referenced using the OSTYPE mm44 macro. sh Shell files used by the mm44 build process. You shouldn't have to mess with these. siteconfig Local site configuration information, such as UUCP connectivity. They normally contain lists of site information, for example: SITE(contessa) SITE(hoptoad) SITE(nkainc) SITE(well) SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--1111 They are referenced using the SITECONFIG macro: SITECONFIG(site.config.file, name_of_site, X) where _X is the macro/class name to use. It can be U (indicating locally connected hosts) or one of W, X, or Y for up to three remote UUCP hubs. If you are in a new domain (e.g., a company), you will probably want to create a cf/domain file for your domain. This consists primarily of relay definitions: for example, Berkeley's domain definition defines relays for BitNET, CSNET, and UUCP. Of these, only the UUCP relay is particularly specific to Berkeley. All of these are internet-style domain names. Please check to make certain they are reasonable for your domain. Subdomains at Berkeley are also represented in the cf/domain directory. For example, the domain cs- exposed is the Computer Science subdomain with the local hostname shown to other users; cs-hidden makes users appear to be from the CS.Berkeley.EDU subdomain (with no local host information included). You will probably have to update this directory to be appropri- ate for your domain. You will have to use or create ..mmcc files in the _c_f_/_c_f subdirectory for your hosts. This is detailed in the cf/README file. 11..33.. DDeettaaiillss ooff IInnssttaallllaattiioonn FFiilleess This subsection describes the files that comprise the _s_e_n_d_m_a_i_l installation. 11..33..11.. //uussrr//ssbbiinn//sseennddmmaaiill The binary for _s_e_n_d_m_a_i_l is located in /usr/sbin1. It should be setuid root. For secu- rity reasons, /, /usr, and /usr/sbin should be owned by root, mode 7552. ____________________ 1This is usually /usr/sbin on 4.4BSD and newer systems; many systems install it in /usr/lib. I understand it is in /usr/ucblib on System V Release 4. 2Some vendors ship them owned by bin; this creates a se- curity hole that is not actually related to _s_e_n_d_m_a_i_l. Other important directories that should have restrictive owner- ships and permissions are /bin, /usr/bin, /etc, /usr/etc, /lib, and /usr/lib. SSMMMM::0088--1122 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 11..33..22.. //eettcc//sseennddmmaaiill..ccff This is the configuration file for _s_e_n_d_m_a_i_l3. This and /etc/sendmail.pid are the only non-library file names compiled into _s_e_n_d_m_a_i_l4. The configuration file is normally created using the distribution files described above. If you have a particularly unusual system configura- tion you may need to create a special version. The format of this file is detailed in later sections of this document. 11..33..33.. //uussrr//bbiinn//nneewwaalliiaasseess The _n_e_w_a_l_i_a_s_e_s command should just be a link to _s_e_n_d_m_a_i_l: rm -f /usr/bin/newaliases ln -s /usr/sbin/sendmail /usr/bin/newaliases This can be installed in whatever search path you prefer for your system. 11..33..44.. //vvaarr//ssppooooll//mmqquueeuuee The directory _/_v_a_r_/_s_p_o_o_l_/_m_q_u_e_u_e should be cre- ated to hold the mail queue. This directory should be mode 700 and owned by root. The actual path of this directory is defined in the QQ option of the _s_e_n_d_m_a_i_l_._c_f file. 11..33..55.. //eettcc//aalliiaasseess** The system aliases are held in "/etc/aliases". A sample is given in "lib/aliases" which includes some aliases which _m_u_s_t be defined: cp lib/aliases /etc/aliases _e_d_i_t _/_e_t_c_/_a_l_i_a_s_e_s ____________________ 3Actually, the pathname varies depending on the operating system; /etc is the preferred directory. Some older systems install it in //uussrr//lliibb//sseennddmmaaiill..ccff, and I've also seen it in //uussrr//uuccbblliibb and //eettcc//mmaaiill. If you want to move this file, change _s_r_c_/_c_o_n_f_._h. 4The system libraries can reference other files; in par- ticular, system library subroutines that _s_e_n_d_m_a_i_l calls probably reference _/_e_t_c_/_p_a_s_s_w_d and _/_e_t_c_/_r_e_s_o_l_v_._c_o_n_f. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--1133 You should extend this file with any aliases that are apropos to your system. Normally _s_e_n_d_m_a_i_l looks at a version of these files maintained by the _d_b_m(3) or _d_b(3) routines. These are stored either in "/etc/aliases.dir" and "/etc/aliases.pag" or "/etc/aliases.db" depending on which database package you are using. These can initially be created as empty files, but they will have to be initialized promptly. These should be mode 644: cp /dev/null /etc/aliases.dir cp /dev/null /etc/aliases.pag chmod 644 /etc/aliases.* newaliases The _d_b routines preset the mode reasonably, so this step can be skipped. The actual path of this file is defined in the AA option of the _s_e_n_d_m_a_i_l_._c_f file. 11..33..66.. //eettcc//rrcc It will be necessary to start up the _s_e_n_d_m_a_i_l daemon when your system reboots. This daemon per- forms two functions: it listens on the SMTP socket for connections (to receive mail from a remote sys- tem) and it processes the queue periodically to insure that mail gets delivered when hosts come up. Add the following lines to "/etc/rc" (or "/etc/rc.local" as appropriate) in the area where it is starting up the daemons: if [ -f /usr/sbin/sendmail -a -f /etc/sendmail.cf ]; then (cd /var/spool/mqueue; rm -f [lnx]f*) /usr/sbin/sendmail -bd -q30m & echo -n ' sendmail' >/dev/console fi The "cd" and "rm" commands insure that all lock files have been removed; extraneous lock files may be left around if the system goes down in the mid- dle of processing a message. The line that actu- ally invokes _s_e_n_d_m_a_i_l has two flags: "-bd" causes it to listen on the SMTP port, and "-q30m" causes it to run the queue every half hour. Some people use a more complex startup script, removing zero length qf files and df files for which there is no qf file. For example, see Figure 1 for an example of a complex startup script. SSMMMM::0088--1144 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee ____________________________________________________________ # remove zero length qf files for qffile in qf* do if [ -r $qffile ] then if [ ! -s $qffile ] then echo -n " <zero: $qffile>" > /dev/console rm -f $qffile fi fi done # rename tf files to be qf if the qf does not exist for tffile in tf* do qffile=`echo $tffile | sed 's/t/q/'` if [ -r $tffile -a ! -f $qffile ] then echo -n " <recovering: $tffile>" > /dev/console mv $tffile $qffile else echo -n " <extra: $tffile>" > /dev/console rm -f $tffile fi done # remove df files with no corresponding qf files for dffile in df* do qffile=`echo $dffile | sed 's/d/q/'` if [ -r $dffile -a ! -f $qffile ] then echo -n " <incomplete: $dffile>" > /dev/console mv $dffile `echo $dffile | sed 's/d/D/'` fi done # announce files that have been saved during disaster recovery for xffile in [A-Z]f* do echo -n " <panic: $xffile>" > /dev/console done Figure 1 -- A complex startup script ____________________________________________________________ If you are not running a version of UNIX that supports Berkeley TCP/IP, do not include the --bbdd flag. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--1155 11..33..77.. //uussrr//lliibb//sseennddmmaaiill..hhff This is the help file used by the SMTP HHEELLPP command. It should be copied from "lib/sendmail.hf": cp lib/sendmail.hf /usr/lib The actual path of this file is defined in the HH option of the _s_e_n_d_m_a_i_l_._c_f file. 11..33..88.. //eettcc//sseennddmmaaiill..sstt If you wish to collect statistics about your mail traffic, you should create the file "/etc/sendmail.st": cp /dev/null /etc/sendmail.st chmod 666 /etc/sendmail.st This file does not grow. It is printed with the program "mailstats/mailstats.c." The actual path of this file is defined in the SS option of the _s_e_n_d_m_a_i_l_._c_f file. 11..33..99.. //uussrr//bbiinn//mmaaiillqq If _s_e_n_d_m_a_i_l is invoked as "mailq," it will simulate the --bbpp flag (i.e., _s_e_n_d_m_a_i_l will print the contents of the mail queue; see below). This should be a link to /usr/sbin/sendmail. 22.. NNOORRMMAALL OOPPEERRAATTIIOONNSS 22..11.. TThhee SSyysstteemm LLoogg The system log is supported by the _s_y_s_l_o_g_d(8) program. All messages from _s_e_n_d_m_a_i_l are logged under the LOG_MAIL facility5. 22..11..11.. FFoorrmmaatt Each line in the system log consists of a timestamp, the name of the machine that generated it (for logging from several machines over the local area network), the word "sendmail:", and a ____________________ 5Except on Ultrix, which does not support facilities in the syslog. SSMMMM::0088--1166 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee message6. Most messages are a sequence of _n_a_m_e=_v_a_l_u_e pairs. The two most common lines are logged when a message is processed. The first logs the receipt of a message; there will be exactly one of these per message. Some fields may be omitted if they do not contain interesting information. Fields are: from The envelope sender address. size The size of the message in bytes. class The class (i.e., numeric precedence) of the message. pri The initial message priority (used for queue sorting). nrcpts The number of envelope recipients for this message (after aliasing and forward- ing). msgid The message id of the message (from the header). proto The protocol used to receive this message (e.g., ESMTP or UUCP) relay The machine from which it was received. There is also one line logged per delivery attempt (so there can be several per message if delivery is deferred or there are multiple recipients). Fields are: to A comma-separated list of the recipients to this mailer. ctladdr The ``controlling user'', that is, the name of the user whose credentials we use for delivery. delay The total delay between the time this message was received and the time it was delivered. xdelay The amount of time needed in this deliv- ery attempt (normally indicative of the ____________________ 6This format may vary slightly if your vendor has changed the syntax. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--1177 speed of the connection). mailer The name of the mailer used to deliver to this recipient. relay The name of the host that actually accepted (or rejected) this recipient. stat The delivery status. Not all fields are present in all messages; for example, the relay is not listed for local deliver- ies. 22..11..22.. LLeevveellss If you have _s_y_s_l_o_g_d(8) or an equivalent installed, you will be able to do logging. There is a large amount of information that can be logged. The log is arranged as a succession of levels. At the lowest level only extremely strange situations are logged. At the highest level, even the most mundane and uninteresting events are recorded for posterity. As a convention, log lev- els under ten are considered generally "useful;" log levels above 64 are reserved for debugging pur- poses. Levels from 11-64 are reserved for verbose information that some sites might want. A complete description of the log levels is given in section 4.6. 22..22.. DDuummppiinngg SSttaattee You can ask _s_e_n_d_m_a_i_l to log a dump of the open files and the connection cache by sending it a SIGUSR1 signal. The results are logged at LOG_DEBUG priority. 22..33.. TThhee MMaaiill QQuueeuuee Sometimes a host cannot handle a message immedi- ately. For example, it may be down or overloaded, causing it to refuse connections. The sending host is then expected to save this message in its mail queue and attempt to deliver it later. Under normal conditions the mail queue will be processed transparently. However, you may find that manual intervention is sometimes necessary. For exam- ple, if a major host is down for a period of time the queue may become clogged. Although _s_e_n_d_m_a_i_l ought to recover gracefully when the host comes up, you may find performance unacceptably bad in the meantime. SSMMMM::0088--1188 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 22..33..11.. PPrriinnttiinngg tthhee qquueeuuee The contents of the queue can be printed using the _m_a_i_l_q command (or by specifying the --bbpp flag to _s_e_n_d_m_a_i_l): mailq This will produce a listing of the queue id's, the size of the message, the date the message entered the queue, and the sender and recipients. 22..33..22.. FFoorrcciinngg tthhee qquueeuuee _S_e_n_d_m_a_i_l should run the queue automatically at intervals. The algorithm is to read and sort the queue, and then to attempt to process all jobs in order. When it attempts to run the job, _s_e_n_d_m_a_i_l first checks to see if the job is locked. If so, it ignores the job. There is no attempt to insure that only one queue processor exists at any time, since there is no guarantee that a job cannot take forever to pro- cess (however, _s_e_n_d_m_a_i_l does include heuristics to try to abort jobs that are taking absurd amounts of time; technically, this violates RFC 821, but is blessed by RFC 1123). Due to the locking algo- rithm, it is impossible for one job to freeze the entire queue. However, an uncooperative recipient host or a program recipient that never returns can accumulate many processes in your system. Unfortu- nately, there is no completely general way to solve this. In some cases, you may find that a major host going down for a couple of days may create a pro- hibitively large queue. This will result in _s_e_n_d_- _m_a_i_l spending an inordinate amount of time sorting the queue. This situation can be fixed by moving the queue to a temporary place and creating a new queue. The old queue can be run later when the offending host returns to service. To do this, it is acceptable to move the entire queue directory: cd /var/spool mv mqueue omqueue; mkdir mqueue; chmod 700 mqueue You should then kill the existing daemon (since it will still be processing in the old queue direc- tory) and create a new daemon. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--1199 To run the old mail queue, run the following command: /usr/sbin/sendmail -oQ/var/spool/omqueue -q The --ooQQ flag specifies an alternate queue directory and the --qq flag says to just run every job in the queue. If you have a tendency toward voyeurism, you can use the --vv flag to watch what is going on. When the queue is finally emptied, you can remove the directory: rmdir /var/spool/omqueue 22..44.. TThhee SSeerrvviiccee SSwwiittcchh The implementation of certain system services such as host and user name lookup is controlled by the service switch. If the host operating system supports such a switch _s_e_n_d_m_a_i_l will use the native version. Ultrix, Solaris, and DEC OSF/1 are examples of such systems. If the underlying operating system does not sup- port a service switch (e.g., SunOS, HP-UX, BSD) then _s_e_n_d_m_a_i_l will provide a stub implementation. The SSeerr-- vviicceeSSwwiittcchhFFiillee option points to the name of a file that has the service definitions Each line has the name of a service and the possible implementations of that service. For example, the file: hosts dns files nis aliases files nis will ask _s_e_n_d_m_a_i_l to look for hosts in the Domain Name System first. If the requested host name is not found, it tries local files, and if that fails it tries NIS. Similarly, when looking for aliases it will try the local files first followed by NIS. Service switches are not completely integrated. For example, despite the fact that the host entry listed in the above example specifies to look in NIS, on SunOS this won't happen because the system imple- mentation of _g_e_t_h_o_s_t_b_y_n_a_m_e(3) doesn't understand this. If there is enough demand _s_e_n_d_m_a_i_l may reimplement _g_e_t_h_o_s_t_b_y_n_a_m_e(3), _g_e_t_h_o_s_t_b_y_a_d_d_r(3), _g_e_t_p_w_e_n_t(3), and the other system routines that would be necessary to make this work seamlessly. SSMMMM::0088--2200 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 22..55.. TThhee AAlliiaass DDaattaabbaassee The alias database exists in two forms. One is a text form, maintained in the file _/_e_t_c_/_a_l_i_a_s_e_s_. The aliases are of the form name: name1, name2, ... Only local names may be aliased; e.g., eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU will not have the desired effect (except on prep.ai.MIT.EDU, and they probably don't want me)7. Aliases may be continued by starting any continuation lines with a space or a tab. Blank lines and lines beginning with a sharp sign ("#") are comments. The second form is processed by the _n_d_b_m(3)8 or _d_b(3) library. This form is in the files _/_e_t_c_/_a_l_i_a_s_e_s_._d_i_r and _/_e_t_c_/_a_l_i_a_s_e_s_._p_a_g_. This is the form that _s_e_n_d_m_a_i_l actually uses to resolve aliases. This technique is used to improve performance. The control of search order is actually set by the service switch. Essentially, the entry OAswitch:aliases is always added as the first alias entry; also, the first alias file name without a class (e.g., without "nis:" on the front) will be used as the name of the file for a ``files'' entry in the aliases switch. For example, if the configuration file contains OA/etc/aliases and the service switch contains aliases nis files nisplus then aliases will first be searched in the NIS database, then in /etc/aliases, then in the NIS+ database. ____________________ 7Actually, any mailer that has the `A' mailer flag set will permit aliasing; this is normally limited to the local mailer. 8The _g_d_b_m package probably works as well. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--2211 You can also use NIS-based alias files. For example, the specification: OA/etc/aliases OAnis:mail.aliases@my.nis.domain will first search the /etc/aliases file and then the map named "mail.aliases" in "my.nis.domain". Warning: if you build your own NIS-based alias files, be sure to provide the --ll flag to _m_a_k_e_d_b_m(8) to map upper case letters in the keys to lower case; otherwise, aliases with upper case letters in their names won't match incoming addresses. Additional flags can be added after the colon exactly like a KK line -- for example: OAnis:-N mail.aliases@my.nis.domain will search the appropriate NIS map and always include null bytes in the key. 22..55..11.. RReebbuuiillddiinngg tthhee aalliiaass ddaattaabbaassee The DB or DBM version of the database may be rebuilt explicitly by executing the command newaliases This is equivalent to giving _s_e_n_d_m_a_i_l the --bbii flag: /usr/sbin/sendmail -bi If the RReebbuuiillddAAlliiaasseess (old DD) option is speci- fied in the configuration, _s_e_n_d_m_a_i_l will rebuild the alias database automatically if possible when it is out of date. Auto-rebuild can be dangerous on heavily loaded machines with large alias files; if it might take more than the rebuild timeout (option AAlliiaassWWaaiitt, old aa, which is normally five minutes) to rebuild the database, there is a chance that several processes will start the rebuild pro- cess simultaneously. If you have multiple aliases databases speci- fied, the --bbii flag rebuilds all the database types it understands (for example, it can rebuild NDBM databases but not NIS databases). SSMMMM::0088--2222 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 22..55..22.. PPootteennttiiaall pprroobblleemmss There are a number of problems that can occur with the alias database. They all result from a _s_e_n_d_m_a_i_l process accessing the DBM version while it is only partially built. This can happen under two circumstances: One process accesses the database while another process is rebuilding it, or the pro- cess rebuilding the database dies (due to being killed or a system crash) before completing the rebuild. Sendmail has three techniques to try to relieve these problems. First, it ignores inter- rupts while rebuilding the database; this avoids the problem of someone aborting the process leaving a partially rebuilt database. Second, it locks the database source file during the rebuild -- but that may not work over NFS or if the file is unwritable. Third, at the end of the rebuild it adds an alias of the form @: @ (which is not normally legal). Before _s_e_n_d_m_a_i_l will access the database, it checks to insure that this entry exists9. 22..55..33.. LLiisstt oowwnneerrss If an error occurs on sending to a certain address, say "_x", _s_e_n_d_m_a_i_l will look for an alias of the form "owner-_x" to receive the errors. This is typically useful for a mailing list where the submitter of the list has no control over the main- tenance of the list itself; in this case the list maintainer would be the owner of the list. For example: unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser, sam@matisse owner-unix-wizards: unix-wizards-request unix-wizards-request: eric@ucbarpa would cause "eric@ucbarpa" to get the error that will occur when someone sends to unix-wizards due to the inclusion of "nosuchuser" on the list. ____________________ 9The AAlliiaassWWaaiitt option is required in the configuration for this action to occur. This should normally be speci- fied. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--2233 List owners also cause the envelope sender address to be modified. The contents of the owner alias are used if they point to a single user, oth- erwise the name of the alias itself is used. For this reason, and to obey Internet conventions, the "owner-" address normally points at the "-request" address; this causes messages to go out with the typical Internet convention of using ``_l_i_s_t- request'' as the return address. 22..66.. UUsseerr IInnffoorrmmaattiioonn DDaattaabbaassee If you have a version of _s_e_n_d_m_a_i_l with the user information database compiled in, and you have speci- fied one or more databases using the UU option, the databases will be searched for a _u_s_e_r:maildrop entry. If found, the mail will be sent to the specified address. 22..77.. PPeerr--UUsseerr FFoorrwwaarrddiinngg ((..ffoorrwwaarrdd FFiilleess)) As an alternative to the alias database, any user may put a file with the name ".forward" in his or her home directory. If this file exists, _s_e_n_d_m_a_i_l redi- rects mail for that user to the list of addresses listed in the .forward file. For example, if the home directory for user "mckusick" has a .forward file with contents: mckusick@ernie kirk@calder then any mail arriving for "mckusick" will be redi- rected to the specified accounts. Actually, the configuration file defines a sequence of filenames to check. By default, this is the user's .forward file, but can be defined to be more generally using the JJ option. If you change this, you will have to inform your user base of the change; .forward is pretty well incorporated into the collective subconscious. 22..88.. SSppeecciiaall HHeeaaddeerr LLiinneess Several header lines have special interpretations defined by the configuration file. Others have inter- pretations built into _s_e_n_d_m_a_i_l that cannot be changed without changing the code. These builtins are described here. SSMMMM::0088--2244 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 22..88..11.. EErrrroorrss--TToo:: If errors occur anywhere during processing, this header will cause error messages to go to the listed addresses. This is intended for mailing lists. The Errors-To: header was created in the bad old days when UUCP didn't understand the distinc- tion between an envelope and a header; this was a hack to provide what should now be passed as the envelope sender address. It should go away. It is only used if the UUsseeEErrrroorrssTToo option is set. The Errors-To: header is official deprecated and will go away in a future release. 22..88..22.. AAppppaarreennttllyy--TToo:: RFC 822 requires at least one recipient field (To:, Cc:, or Bcc: line) in every message. If a message comes in with no recipients listed in the message then _s_e_n_d_m_a_i_l will adjust the header based on the "NoRecipientAction" option. One of the pos- sible actions is to add an "Apparently-To:" header line for any recipients it is aware of. This is not put in as a standard recipient line to warn any recipients that the list is not complete. The Apparently-To: header is non-standard and is deprecated. 22..88..33.. PPrreecceeddeennccee The Precedence: header can be used as a crude control of message priority. It tweaks the sort order in the queue and can be configured to change the message timeout values. 22..99.. IIDDEENNTT PPrroottooccooll SSuuppppoorrtt _S_e_n_d_m_a_i_l supports the IDENT protocol as defined in RFC 1413. Although this enhances identification of the author of an email message by doing a ``call back'' to the originating system to include the owner of a particular TCP connection in the audit trail it is in no sense perfect; a determined forger can easily spoof the IDENT protocol. The following description is excerpted from RFC 1413: 6. Security Considerations SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--2255 The information returned by this protocol is at most as trustworthy as the host providing it OR the organization operating the host. For exam- ple, a PC in an open lab has few if any controls on it to prevent a user from having this protocol return any identifier the user wants. Likewise, if the host has been compromised the information returned may be completely erroneous and mislead- ing. The Identification Protocol is not intended as an authorization or access control protocol. At best, it provides some additional auditing infor- mation with respect to TCP connections. At worst, it can provide misleading, incorrect, or maliciously incorrect information. The use of the information returned by this pro- tocol for other than auditing is strongly dis- couraged. Specifically, using Identification Protocol information to make access control deci- sions - either as the primary method (i.e., no other checks) or as an adjunct to other methods may result in a weakening of normal host secu- rity. An Identification server may reveal information about users, entities, objects or processes which might normally be considered private. An Identi- fication server provides service which is a rough analog of the CallerID services provided by some phone companies and many of the same privacy con- siderations and arguments that apply to the Cal- lerID service apply to Identification. If you wouldn't run a "finger" server due to privacy considerations you may not want to run this pro- tocol. In some cases your system may not work properly with IDENT support due to a bug in the TCP/IP implementa- tion. The symptoms will be that for some hosts the SMTP connection will be closed almost immediately. If this is true or if you do not want to use IDENT, you should set the IDENT timeout to zero; this will dis- able the IDENT protocol. 33.. AARRGGUUMMEENNTTSS The complete list of arguments to _s_e_n_d_m_a_i_l is described in detail in Appendix A. Some important argu- ments are described here. SSMMMM::0088--2266 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 33..11.. QQuueeuuee IInntteerrvvaall The amount of time between forking a process to run through the queue is defined by the --qq flag. If you run with delivery mode set to ii or bb this can be relatively large, since it will only be relevant when a host that was down comes back up. If you run in qq mode it should be relatively short, since it defines the maximum amount of time that a message may sit in the queue. (See also the MinQueueAge option.) RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes (although that probably doesn't make sense if you use ``queue-only'' mode). 33..22.. DDaaeemmoonn MMooddee If you allow incoming mail over an IPC connec- tion, you should have a daemon running. This should be set by your _/_e_t_c_/_r_c file using the --bbdd flag. The --bbdd flag and the --qq flag may be combined in one call: /usr/sbin/sendmail -bd -q30m An alternative approach is to invoke sendmail from _i_n_e_t_d(8) (use the --bbss flag to ask sendmail to speak SMTP on its standard input and output). This works and allows you to wrap _s_e_n_d_m_a_i_l in a TCP wrapper program, but may be a bit slower since the configura- tion file has to be re-read on every message that comes in. If you do this, you still need to have a _s_e_n_d_m_a_i_l running to flush the queue: /usr/sbin/sendmail -q30m 33..33.. FFoorrcciinngg tthhee QQuueeuuee In some cases you may find that the queue has gotten clogged for some reason. You can force a queue run using the --qq flag (with no value). It is enter- taining to use the --vv flag (verbose) when this is done to watch what happens: /usr/sbin/sendmail -q -v You can also limit the jobs to those with a par- ticular queue identifier, sender, or recipient using one of the queue modifiers. For example, "-qRberke- ley" restricts the queue run to jobs that have the string "berkeley" somewhere in one of the recipient SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--2277 addresses. Similarly, "-qSstring" limits the run to particular senders and "-qIstring" limits it to par- ticular queue identifiers. 33..44.. DDeebbuuggggiinngg There are a fairly large number of debug flags built into _s_e_n_d_m_a_i_l. Each debug flag has a number and a level, where higher levels means to print out more information. The convention is that levels greater than nine are "absurd," i.e., they print out so much information that you wouldn't normally want to see them except for debugging that particular piece of code. Debug flags are set using the --dd option; the syntax is: debug-flag: --dd debug-list debug-list: debug-option [ , debug-option ]* debug-option: debug-range [ . debug-level ] debug-range: integer | integer - integer debug-level: integer where spaces are for reading ease only. For example, -d12 Set flag 12 to level 1 -d12.3 Set flag 12 to level 3 -d3-17 Set flags 3 through 17 to level 1 -d3-17.4 Set flags 3 through 17 to level 4 For a complete list of the available debug flags you will have to look at the code (they are too dynamic to keep this documentation up to date). 33..55.. CChhaannggiinngg tthhee VVaalluueess ooff OOppttiioonnss Options can be overridden using the --oo or --OO com- mand line flags. For example, /usr/sbin/sendmail -oT2m sets the TT (timeout) option to two minutes for this run only; the equivalent line using the long option name is /usr/sbin/sendmail -OQueueTimeout=2m Some options have security implications. Send- mail allows you to set these, but relinquishes its SSMMMM::0088--2288 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee setuid root permissions thereafter10. 33..66.. TTrryyiinngg aa DDiiffffeerreenntt CCoonnffiigguurraattiioonn FFiillee An alternative configuration file can be speci- fied using the --CC flag; for example, /usr/sbin/sendmail -Ctest.cf -oQ/tmp/mqueue uses the configuration file _t_e_s_t_._c_f instead of the default _/_e_t_c_/_s_e_n_d_m_a_i_l_._c_f_. If the --CC flag has no value it defaults to _s_e_n_d_m_a_i_l_._c_f in the current directory. _S_e_n_d_m_a_i_l gives up its setuid root permissions when you use this flag, so it is common to use a pub- licly writable directory (such as /tmp) as the spool directory (QueueDirectory or Q option) while testing. 33..77.. LLooggggiinngg TTrraaffffiicc Many SMTP implementations do not fully implement the protocol. For example, some personal computer based SMTPs do not understand continuation lines in reply codes. These can be very hard to trace. If you suspect such a problem, you can set traffic logging using the --XX flag. For example, /usr/sbin/sendmail -X /tmp/traffic -bd will log all traffic in the file _/_t_m_p_/_t_r_a_f_f_i_c. This logs a lot of data very quickly and should NNEEVVEERR be used during normal operations. After start- ing up such a daemon, force the errant implementation to send a message to your host. All message traffic in and out of _s_e_n_d_m_a_i_l, including the incoming SMTP traffic, will be logged in this file. 33..88.. TTeessttiinngg CCoonnffiigguurraattiioonn FFiilleess When you build a configuration table, you can do a certain amount of testing using the "test mode" of _s_e_n_d_m_a_i_l. For example, you could invoke _s_e_n_d_m_a_i_l as: sendmail -bt -Ctest.cf which would read the configuration file "test.cf" and ____________________ 10That is, it sets its effective uid to the real uid; thus, if you are executing as root, as from root's crontab file or during system startup the root permissions will still be honored. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--2299 enter test mode. In this mode, you enter lines of the form: rwset address where _r_w_s_e_t is the rewriting set you want to use and _a_d_d_r_e_s_s is an address to apply the set to. Test mode shows you the steps it takes as it proceeds, finally showing you the address it ends up with. You may use a comma separated list of rwsets for sequential appli- cation of rules to an input. For example: 3,1,21,4 monet:bollard first applies ruleset three to the input "monet:bollard." Ruleset one is then applied to the output of ruleset three, followed similarly by rule- sets twenty-one and four. If you need more detail, you can also use the "-d21" flag to turn on more debugging. For example, sendmail -bt -d21.99 turns on an incredible amount of information; a single word address is probably going to print out several pages worth of information. You should be warned that internally, _s_e_n_d_m_a_i_l applies ruleset 3 to all addresses. In test mode you will have to do that manually. For example, older versions allowed you to use 0 bruce@broadcast.sony.com This version requires that you use: 3,0 bruce@broadcast.sony.com As of version 8.7, some other syntaxes are avail- able in test mode: +o .Dxvalue defines macro _x to have the indicated _v_a_l_u_e. This is useful when debugging rules that use the $$&&_x syntax. +o .Ccvalue adds the indicated _v_a_l_u_e to class _c. +o .Sruleset dumps the contents of the indicated rule- set. +o -ddebug-spec is equivalent to the command-line flag. SSMMMM::0088--3300 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 44.. TTUUNNIINNGG There are a number of configuration parameters you may want to change, depending on the requirements of your site. Most of these are set using an option in the con- figuration file. For example, the line "O Time- out.queuereturn=5d" sets option "Timeout.queuereturn" to the value "5d" (five days). Most of these options have appropriate defaults for most sites. However, sites having very high mail loads may find they need to tune them as appropriate for their mail load. In particular, sites experiencing a large number of small messages, many of which are delivered to many recipients, may find that they need to adjust the parameters dealing with queue priorities. All versions of _s_e_n_d_m_a_i_l prior to 8.7 had single character option names. As of 8.7, options have long (multi-character names). Although old short names are still accepted, most new options do not have short equiv- alents. This section only describes the options you are most likely to want to tweak; read section 5 for more details. 44..11.. TTiimmeeoouuttss All time intervals are set using a scaled syntax. For example, "10m" represents ten minutes, whereas "2h30m" represents two and a half hours. The full set of scales is: s seconds m minutes h hours d days w weeks 44..11..11.. QQuueeuuee iinntteerrvvaall The argument to the --qq flag specifies how often a sub-daemon will run the queue. This is typically set to between fifteen minutes and one hour. RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes. 44..11..22.. RReeaadd ttiimmeeoouuttss Timeouts all have option names "Time- out._s_u_b_o_p_t_i_o_n". The recognized _s_u_b_o_p_t_i_o_ns, their default values, and the minimum values allowed by SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--3311 RFC 1123 section 5.3.2 are: connect The time to wait for an SMTP connection to open (the _c_o_n_n_e_c_t(2) system call) [0, unspecified]. If zero, uses the kernel default. In no case can this option extend the timeout longer than the kernel provides, but it can shorten it. This is to get around kernels that provide an absurdly long connection timeout (90 min- utes in one case). initial The wait for the initial 220 greeting message [5m, 5m]. helo The wait for a reply from a HELO or EHLO command [5m, unspecified]. This may require a host name lookup, so five min- utes is probably a reasonable minimum. mail The wait for a reply from a MAIL command [10m, 5m]. rcpt The wait for a reply from a RCPT command [1h, 5m]. This should be long because it could be pointing at a list that takes a long time to expand (see below). datainit The wait for a reply from a DATA command [5m, 2m]. datablock The wait for reading a data block (that is, the body of the message). [1h, 3m]. This should be long because it also applies to programs piping input to _s_e_n_d_- _m_a_i_l which have no guarantee of prompt- ness. datafinal The wait for a reply from the dot termi- nating a message. [1h, 10m]. If this is shorter than the time actually needed for the receiver to deliver the message, duplicates will be generated. This is discussed in RFC 1047. rset The wait for a reply from a RSET command [5m, unspecified]. quit The wait for a reply from a QUIT command [2m, unspecified]. misc The wait for a reply from miscellaneous (but short) commands such as NOOP (no- SSMMMM::0088--3322 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee operation) and VERB (go into verbose mode). [2m, unspecified]. command In server SMTP, the time to wait for another command. [1h, 5m]. ident The timeout waiting for a reply to an IDENT query [30s11, unspecified]. For compatibility with old configuration files, if no _s_u_b_o_p_t_i_o_n is specified, all the timeouts marked with are set to the indicated value. Many of the RFC 1123 minimum values may well be too short. _S_e_n_d_m_a_i_l was designed to the RFC 822 protocols, which did not specify read timeouts; hence, versions of _s_e_n_d_m_a_i_l prior to version 8.1 did not guarantee to reply to messages promptly. In particular, a "RCPT" command specifying a mail- ing list will expand and verify the entire list; a large list on a slow system may easily take more than five minutes12. I recommend a one hour time- out -- since a communications failure during the RCPT phase is rare, a long timeout is not onerous and may ultimately help reduce network load and duplicated messages. For example, the lines: O Timeout.command=25m O Timeout.datablock=3h sets the server SMTP command timeout to 25 minutes and the input data block timeout to three hours. 44..11..33.. MMeessssaaggee ttiimmeeoouuttss After sitting in the queue for a few days, a message will time out. This is to insure that at least the sender is aware of the inability to send a message. The timeout is typically set to five days. It is sometimes considered convenient to also send a warning message if the message is in the queue longer than a few hours (assuming you normally have good connectivity; if your messages ____________________ 11On some systems the default is zero to turn the proto- col off entirely. 12This verification includes looking up every address with the name server; this involves network delays, and can in some cases can be considerable. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--3333 normally took several hours to send you wouldn't want to do this because it wouldn't be an unusual event). These timeouts are set using the TTiimmee-- oouutt..qquueeuueerreettuurrnn and TTiimmeeoouutt..qquueeuueewwaarrnn options in the configuration file (previously both were set using the TT option). Since these options are global, and since you can not know _a _p_r_i_o_r_i how long another host outside your domain will be down, a five day timeout is recommended. This allows a recipient to fix the problem even if it occurs at the beginning of a long weekend. RFC 1123 section 5.3.1.1 says that this parameter should be ``at least 4-5 days''. The TTiimmeeoouutt..qquueeuueewwaarrnn value can be piggybacked on the TT option by indicating a time after which a warning message should be sent; the two timeouts are separated by a slash. For example, the line OT5d/4h causes email to fail after five days, but a warning message will be sent after four hours. This should be large enough that the message will have been tried several times. 44..22.. FFoorrkkiinngg DDuurriinngg QQuueeuuee RRuunnss By setting the FFoorrkkEEaacchhJJoobb (YY) option, _s_e_n_d_m_a_i_l will fork before each individual message while running the queue. This will prevent _s_e_n_d_m_a_i_l from consuming large amounts of memory, so it may be useful in mem- ory-poor environments. However, if the FFoorrkkEEaacchhJJoobb option is not set, _s_e_n_d_m_a_i_l will keep track of hosts that are down during a queue run, which can improve performance dramatically. If the FFoorrkkEEaacchhJJoobb option is set, _s_e_n_d_m_a_i_l can not use connection caching. 44..33.. QQuueeuuee PPrriioorriittiieess Every message is assigned a priority when it is first instantiated, consisting of the message size (in bytes) offset by the message class (which is deter- mined from the Precedence: header) times the "work class factor" and the number of recipients times the "work recipient factor." The priority is used to order the queue. Higher numbers for the priority mean that the message will be processed later when running the queue. SSMMMM::0088--3344 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee The message size is included so that large mes- sages are penalized relative to small messages. The message class allows users to send "high priority" messages by including a "Precedence:" field in their message; the value of this field is looked up in the PP lines of the configuration file. Since the number of recipients affects the amount of load a message pre- sents to the system, this is also included into the priority. The recipient and class factors can be set in the configuration file using the RReecciippiieennttFFaaccttoorr (yy) and CCllaassssFFaaccttoorr (zz) options respectively. They default to 30000 (for the recipient factor) and 1800 (for the class factor). The initial priority is: _p_r_i=_m_s_g_s_i_z_e-(_c_l_a_s_sxCCllaassssFFaaccttoorr))+(_n_r_c_p_txRReecciippiieennttFFaaccttoorr)) (Remember, higher values for this parameter actually mean that the job will be treated with lower prior- ity.) The priority of a job can also be adjusted each time it is processed (that is, each time an attempt is made to deliver it) using the "work time factor," set by the RReettrryyFFaaccttoorr (ZZ) option. This is added to the priority, so it normally decreases the precedence of the job, on the grounds that jobs that have failed many times will tend to fail again in the future. The RReettrryyFFaaccttoorr option defaults to 90000. 44..44.. LLooaadd LLiimmiittiinngg _S_e_n_d_m_a_i_l can be asked to queue (but not deliver) mail if the system load average gets too high using the QQuueeuueeLLAA (xx) option. When the load average exceeds the value of the QQuueeuueeLLAA option, the delivery mode is set to qq (queue only) if the QQuueeuueeFFaaccttoorr (qq) option divided by the difference in the current load average and the QQuueeuueeLLAA option plus one exceeds the priority of the message -- that is, the message is queued iff: _p_r_i>_L__QQ_A__uu-__eeQQ__uuuu__eeee__FFuu__aaee__ccLL__ttAA__oo+__rr1____ The QQuueeuueeFFaaccttoorr option defaults to 600000, so each point of load average is worth 600000 priority points (as described above). For drastic cases, the RReeffuusseeLLAA (XX) option defines a load average at which _s_e_n_d_m_a_i_l will refuse to accept network connections. Locally generated mail (including incoming UUCP mail) is still accepted. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--3355 44..55.. DDeelliivveerryy MMooddee There are a number of delivery modes that _s_e_n_d_- _m_a_i_l can operate in, set by the DDeelliivveerryyMMooddee (dd) con- figuration option. These modes specify how quickly mail will be delivered. Legal modes are: i deliver interactively (synchronously) b deliver in background (asynchronously) q queue only (don't deliver) d defer delvery attempts (don't deliver) There are tradeoffs. Mode "i" gives the sender the quickest feedback, but may slow down some mailers and is hardly ever necessary. Mode "b" delivers promptly but can cause large numbers of processes if you have a mailer that takes a long time to deliver a message. Mode "q" minimizes the load on your machine, but means that delivery may be delayed for up to the queue interval. Mode "d" is identical to mode "q" except that it also prevents all the early map lookups from working; it is intended for ``dial on demand'' sites where DNS lookups might cost real money. Some simple error messages (e.g., host unknown during the SMTP protocol) will be delayed using this mode. Mode "b" is the usual default. If you run in mode "q" (queue only), "d" (defer), or "b" (deliver in background) _s_e_n_d_m_a_i_l will not expand aliases and follow .forward files upon initial receipt of the mail. This speeds up the response to RCPT commands. Mode "i" cannot be used by the SMTP server. 44..66.. LLoogg LLeevveell The level of logging can be set for _s_e_n_d_m_a_i_l. The default using a standard configuration table is level 9. The levels are as follows: 0 No logging. 1 Serious system failures and potential security problems. 2 Lost communications (network problems) and proto- col failures. 3 Other serious failures. 4 Minor failures. SSMMMM::0088--3366 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 5 Message collection statistics. 6 Creation of error messages, VRFY and EXPN com- mands. 7 Delivery failures (host or user unknown, etc.). 8 Successful deliveries and alias database rebuilds. 9 Messages being deferred (due to a host being down, etc.). 10 Database expansion (alias, forward, and userdb lookups). 20 Logs attempts to run locked queue files. These are not errors, but can be useful to note if your queue appears to be clogged. 30 Lost locks (only if using lockf instead of flock). Additionally, values above 64 are reserved for extremely verbose debugging output. No normal site would ever set these. 44..77.. FFiillee MMooddeess The modes used for files depend on what function- ality you want and the level of security you require. 44..77..11.. TToo ssuuiidd oorr nnoott ttoo ssuuiidd?? _S_e_n_d_m_a_i_l can safely be made setuid to root. At the point where it is about to _e_x_e_c(2) a mailer, it checks to see if the userid is zero; if so, it resets the userid and groupid to a default (set by the uu and gg options). (This can be overridden by setting the SS flag to the mailer for mailers that are trusted and must be called as root.) However, this will cause mail processing to be accounted (using _s_a(8)) to root rather than to the user send- ing the mail. If you don't make _s_e_n_d_m_a_i_l setuid to root, it will still run but you lose a lot of functionality and a lot of privacy, since you'll have to make the queue directory world readable. You could also make _s_e_n_d_m_a_i_l setuid to some pseudo-user (e.g., create a user called "sendmail" and make _s_e_n_d_m_a_i_l setuid to that) which will fix the privacy problems but not the functionality issues. Also, this isn't SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--3377 a guarantee of security: for example, root occa- sionally sends mail, and the daemon often runs as root. 44..77..22.. SShhoouulldd mmyy aalliiaass ddaattaabbaassee bbee wwrriittaabbllee?? At Berkeley we have the alias database (/etc/aliases*) mode 644. While this is not as flexible as if the database were more 666, it avoids potential security problems with a globally writable database. The database that _s_e_n_d_m_a_i_l actually used is represented by the two files _a_l_i_a_s_e_s_._d_i_r and _a_l_i_a_s_e_s_._p_a_g (both in /etc) (or _a_l_i_a_s_e_s_._d_b if you are running with the new Berkeley database primi- tives). The mode on these files should match the mode on /etc/aliases. If _a_l_i_a_s_e_s is writable and the DBM files (_a_l_i_a_s_e_s_._d_i_r and _a_l_i_a_s_e_s_._p_a_g) are not, users will be unable to reflect their desired changes through to the actual database. However, if _a_l_i_a_s_e_s is read-only and the DBM files are writable, a slightly sophisticated user can arrange to steal mail anyway. If your DBM files are not writable by the world or you do not have auto-rebuild enabled (with the AAuuttooRReebbuuiillddAAlliiaasseess option), then you must be careful to reconstruct the alias database each time you change the text version: newaliases If this step is ignored or forgotten any intended changes will also be ignored or forgotten. 44..88.. CCoonnnneeccttiioonn CCaacchhiinngg When processing the queue, _s_e_n_d_m_a_i_l will try to keep the last few open connections open to avoid startup and shutdown costs. This only applies to IPC connections. When trying to open a connection the cache is first searched. If an open connection is found, it is probed to see if it is still active by sending a NOOP command. It is not an error if this fails; instead, the connection is closed and reopened. Two parameters control the connection cache. The CCoonnnneeccttiioonnCCaacchheeSSiizzee (kk) option defines the number of simultaneous open connections that will be permitted. If it is set to zero, connections will be closed as SSMMMM::0088--3388 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee quickly as possible. The default is one. This should be set as appropriate for your system size; it will limit the amount of system resources that _s_e_n_d_m_a_i_l will use during queue runs. Never set this higher than 4. The CCoonnnneeccttiioonnCCaacchheeTTiimmeeoouutt (KK) option specifies the maximum time that any cached connection will be permitted to idle. When the idle time exceeds this value the connection is closed. This number should be small (under ten minutes) to prevent you from grabbing too many resources from other hosts. The default is five minutes. 44..99.. NNaammee SSeerrvveerr AAcccceessss Control of host address lookups is set by the hhoossttss service entry in your service switch file. If you are on a system that has built-in service switch support (e.g., Ultrix, Solaris, or DEC OSF/1) then your system is probably configured properly already. Otherwise, _s_e_n_d_m_a_i_l will consult the file //eettcc//sseerrvviiccee..sswwiittcchh, which should be created. _S_e_n_d_- _m_a_i_l only uses two entries: hhoossttss and aalliiaasseess. However, some systems (such as SunOS) will do DNS lookups regardless of the setting of the service switch entry. In particular, the system routine _g_e_t_h_- _o_s_t_b_y_n_a_m_e(3) is used to look up host names, and many vendor versions try some combination of DNS, NIS, and file lookup in /etc/hosts without consulting a service switch. _S_e_n_d_m_a_i_l makes no attempt to work around this problem, and the DNS lookup will be done anyway. If you do not have a nameserver configured at all, such as at a UUCP-only site, _s_e_n_d_m_a_i_l will get a "connec- tion refused" message when it tries to connect to the name server. If the hhoossttss switch entry has the ser- vice "dns" listed somewhere in the list, _s_e_n_d_m_a_i_l will interpret this to mean a temporary failure and will queue the mail for later processing; otherwise, it ignores the name server data. The same technique is used to decide whether to do MX lookups. If you want MX support, you _m_u_s_t have "dns" listed as a service in the hhoossttss switch entry. The RReessoollvveerrOOppttiioonnss (II) option allows you to tweak name server options. The command line takes a series of flags as documented in _r_e_s_o_l_v_e_r(3) (with the leading "RES_" deleted). Each can be preceded by an optional `+' or `-'. For example, the line O ResolverOptions=+AAONLY -DNSRCH SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--3399 turns on the AAONLY (accept authoritative answers only) and turns off the DNSRCH (search the domain path) options. Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE flags on and all others off. You can also include "HasWildcardMX" to specify that there is a wildcard MX record matching your domain; this turns off MX matching when canonifying names, which can lead to inappropriate canonifica- tions. Version level 1 configurations turn DNSRCH and DEFNAMES off when doing delivery lookups, but leave them on everywhere else. Version 8 of _s_e_n_d_m_a_i_l ignores them when doing canonification lookups (that is, when using $[ ... $]), and always does the search. If you don't want to do automatic name extension, don't call $[ ... $]. The search rules for $[ ... $] are somewhat dif- ferent than usual. If the name being looked up has at least one dot, it always tries the unmodified name first. If that fails, it tries the reduced search path, and lastly tries the unmodified name (but only for names without a dot, since names with a dot have already been tried). This allows names such as ``utc.CS'' to match the site in Czechoslovakia rather than the site in your local Computer Science depart- ment. It also prefers A and CNAME records over MX records -- that is, if it finds an MX record it makes note of it, but keeps looking. This way, if you have a wildcard MX record matching your domain, it will not assume that all names match. To completely turn off all name server access on systems without service switch support (such as SunOS) you will have to recompile with -DNAMED_BIND=0 and remove -lresolv from the list of libraries to be searched when linking. 44..1100.. MMoovviinngg tthhee PPeerr--UUsseerr FFoorrwwaarrdd FFiilleess Some sites mount each user's home directory from a local disk on their workstation, so that local access is fast. However, the result is that .forward file lookups are slow. In some cases, mail can even be delivered on machines inappropriately because of a file server being down. The performance can be espe- cially bad if you run the automounter. The FFoorrwwaarrddPPaatthh (JJ) option allows you to set a path of forward files. For example, the config file line SSMMMM::0088--4400 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee O ForwardPath=/var/forward/$u:$z/.forward.$w would first look for a file with the same name as the user's login in /var/forward; if that is not found (or is inaccessible) the file ``.forward._m_a_c_h_i_n_e_n_a_m_e'' in the user's home directory is searched. A truly per- verse site could also search by sender by using $r, $s, or $f. If you create a directory such as /var/forward, it should be mode 1777 (that is, the sticky bit should be set). Users should create the files mode 644. 44..1111.. FFrreeee SSppaaccee On systems that have one of the system calls in the _s_t_a_t_f_s(2) family (including _s_t_a_t_v_f_s and _u_s_t_a_t), you can specify a minimum number of free blocks on the queue filesystem using the MMiinnFFrreeeeBBlloocckkss (bb) option. If there are fewer than the indicated number of blocks free on the filesystem on which the queue is mounted the SMTP server will reject mail with the 452 error code. This invites the SMTP client to try again later. Beware of setting this option too high; it can cause rejection of email when that mail would be pro- cessed without difficulty. 44..1122.. MMaaxxiimmuumm MMeessssaaggee SSiizzee To avoid overflowing your system with a large message, the MMaaxxMMeessssaaggeeSSiizzee option can be set to set an absolute limit on the size of any one message. This will be advertised in the ESMTP dialogue and checked during message collection. 44..1133.. PPrriivvaaccyy FFllaaggss The PPrriivvaaccyyOOppttiioonnss (pp) option allows you to set certain ``privacy'' flags. Actually, many of them don't give you any extra privacy, rather just insist- ing that client SMTP servers use the HELO command before using certain commands or adding extra headers to indicate possible spoof attempts. The option takes a series of flag names; the final privacy is the inclusive or of those flags. For example: O PrivacyOptions=needmailhelo, noexpn insists that the HELO or EHLO command be used before a SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--4411 MAIL command is accepted and disables the EXPN com- mand. The flags are detailed in section 5.1.6. 44..1144.. SSeenndd ttoo MMee TToooo Normally, _s_e_n_d_m_a_i_l deletes the (envelope) sender from any list expansions. For example, if "matt" sends to a list that contains "matt" as one of the members he won't get a copy of the message. If the --mm (me too) command line flag, or if the MMeeTToooo (mm) option is set in the configuration file, this behaviour is suppressed. Some sites like to run the SMTP daemon with --mm. 55.. TTHHEE WWHHOOLLEE SSCCOOOOPP OONN TTHHEE CCOONNFFIIGGUURRAATTIIOONN FFIILLEE This section describes the configuration file in detail. There is one point that should be made clear immedi- ately: the syntax of the configuration file is designed to be reasonably easy to parse, since this is done every time _s_e_n_d_m_a_i_l starts up, rather than easy for a human to read or write. On the "future project" list is a config- uration-file compiler. The configuration file is organized as a series of lines, each of which begins with a single character defining the semantics for the rest of the line. Lines beginning with a space or a tab are continuation lines (although the semantics are not well defined in many places). Blank lines and lines beginning with a sharp symbol (`#') are comments. 55..11.. RR aanndd SS ---- RReewwrriittiinngg RRuulleess The core of address parsing are the rewriting rules. These are an ordered production system. _S_e_n_d_- _m_a_i_l scans through the set of rewriting rules looking for a match on the left hand side (LHS) of the rule. When a rule matches, the address is replaced by the right hand side (RHS) of the rule. There are several sets of rewriting rules. Some of the rewriting sets are used internally and must have specific semantics. Other rewriting sets do not have specifically assigned semantics, and may be ref- erenced by the mailer definitions or by other rewrit- ing sets. SSMMMM::0088--4422 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee The syntax of these two commands are: SS_n Sets the current ruleset being collected to _n. If you begin a ruleset more than once it deletes the old def- inition. RR_l_h_s _r_h_s _c_o_m_m_e_n_t_s The fields must be separated by at least one tab char- acter; there may be embedded spaces in the fields. The _l_h_s is a pattern that is applied to the input. If it matches, the input is rewritten to the _r_h_s. The _c_o_m_m_e_n_t_s are ignored. Macro expansions of the form $$_x are performed when the configuration file is read. Expansions of the form $$&&_x are performed at run time using a some- what less general algorithm. This for is intended only for referencing internally defined macros such as $$hh that are changed at runtime. 55..11..11.. TThhee lleefftt hhaanndd ssiiddee The left hand side of rewriting rules contains a pattern. Normal words are simply matched directly. Metasyntax is introduced using a dollar sign. The metasymbols are: $$** Match zero or more tokens $$++ Match one or more tokens $$-- Match exactly one token $$==_x Match any phrase in class _x $$~~_x Match any word not in class _x If any of these match, they are assigned to the symbol $$_n for replacement on the right hand side, where _n is the index in the LHS. For example, if the LHS: $-:$+ is applied to the input: UCBARPA:eric the rule will match, and the values passed to the RHS will be: $1 UCBARPA $2 eric SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--4433 Additionally, the LHS can include $$@@ to match zero tokens. This is _n_o_t bound to a $$_n on the RHS, and is normally only used when it stands alone in order to match the null input. 55..11..22.. TThhee rriigghhtt hhaanndd ssiiddee When the left hand side of a rewriting rule matches, the input is deleted and replaced by the right hand side. Tokens are copied directly from the RHS unless they begin with a dollar sign. Metasymbols are: $$_n Substitute indefinite token _n from LHS $$[[_n_a_m_e$$]] Canonicalize _n_a_m_e $$((_m_a_p _k_e_y $$@@_a_r_g_u_m_e_n_t_s $$::_d_e_f_a_u_l_t $$)) Generalized keyed mapping function $$>>_n "Call" ruleset _n $$##_m_a_i_l_e_r Resolve to _m_a_i_l_e_r $$@@_h_o_s_t Specify _h_o_s_t $$::_u_s_e_r Specify _u_s_e_r The $$_n syntax substitutes the corresponding value from a $$++, $$--, $$**, $$==, or $$~~ match on the LHS. It may be used anywhere. A host name enclosed between $$[[ and $$]] is looked up in the host database(s) and replaced by the canonical name13. For example, "$[ftp$]" might become "ftp.CS.Berkeley.EDU" and "$[[128.32.130.2]$]" would become "van- gogh.CS.Berkeley.EDU." _S_e_n_d_m_a_i_l recognizes it's numeric IP address without calling the name server and replaces it with it's canonical name. The $$(( ... $$)) syntax is a more general form of lookup; it uses a named map instead of an implicit map. If no lookup is found, the indicated _d_e_f_a_u_l_t is inserted; if no default is specified and no lookup matches, the value is left unchanged. The _a_r_g_u_m_e_n_t_s are passed to the map for possible use. The $$>>_n syntax causes the remainder of the line to be substituted as usual and then passed as the argument to ruleset _n. The final value of ruleset _n then becomes the substitution for this ____________________ 13This is actually completely equivalent to $(host _h_o_s_t_- _n_a_m_e$). In particular, a $$:: default can be used. SSMMMM::0088--4444 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee rule. The $$>> syntax can only be used at the begin- ning of the right hand side; it can be only be pre- ceded by $$@@ or $$::. The $$## syntax should _o_n_l_y be used in ruleset zero or a subroutine of ruleset zero. It causes evaluation of the ruleset to terminate immediately, and signals to _s_e_n_d_m_a_i_l that the address has com- pletely resolved. The complete syntax is: $$##_m_a_i_l_e_r $$@@_h_o_s_t $$::_u_s_e_r This specifies the {mailer, host, user} 3-tuple necessary to direct the mailer. If the mailer is local the host part may be omitted14. The _m_a_i_l_e_r must be a single word, but the _h_o_s_t and _u_s_e_r may be multi-part. If the _m_a_i_l_e_r is the builtin IPC mailer, the _h_o_s_t may be a colon-separated list of hosts that are searched in order for the first working address (exactly like MX records). The _u_s_e_r is later rewritten by the mailer-specific envelope rewriting set and assigned to the $$uu macro. As a special case, if the value to $$## is "local" and the first character of the $$:: value is "@", the "@" is stripped off, and a flag is set in the address descriptor that causes sendmail to not do ruleset 5 processing. Normally, a rule that matches is retried, that is, the rule loops until it fails. A RHS may also be preceded by a $$@@ or a $$:: to change this behav- ior. A $$@@ prefix causes the ruleset to return with the remainder of the RHS as the value. A $$:: prefix causes the rule to terminate immediately, but the ruleset to continue; this can be used to avoid con- tinued application of a rule. The prefix is stripped before continuing. The $$@@ and $$:: prefixes may precede a $$>> spec; for example: R$+ $: $>7 $1 matches anything, passes that to ruleset seven, and continues; the $$:: is necessary to avoid an infinite loop. ____________________ 14You may want to use it for special "per user" exten- sions. For example, in the address "jgm+foo@CMU.EDU"; the "+foo" part is not part of the user name, and is passed to the local mailer for local use. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--4455 Substitution occurs in the order described, that is, parameters from the LHS are substituted, hostnames are canonicalized, "subroutines" are called, and finally $$##, $$@@, and $$:: are processed. 55..11..33.. SSeemmaannttiiccss ooff rreewwrriittiinngg rruullee sseettss There are five rewriting sets that have spe- cific semantics. Four of these are related as depicted by figure 1. Ruleset three should turn the address into "canonical form." This form should have the basic syntax: local-part@host-domain-spec Ruleset three is applied by _s_e_n_d_m_a_i_l before doing anything with any address. If no "@" sign is specified, then the host- domain-spec _m_a_y be appended (box "D" in Figure 1) from the sender address (if the CC flag is set in the mailer definition corresponding to the _s_e_n_d_i_n_g mailer). Ruleset zero is applied after ruleset three to addresses that are going to actually specify recip- ients. It must resolve to a _{_m_a_i_l_e_r_, _h_o_s_t_, _u_s_e_r_} triple. The _m_a_i_l_e_r must be defined in the mailer ____________________________________________________________ +---+ -->| 0 |-->resolved address / +---+ / +---+ +---+ / ---->| 1 |-->| S |-- +---+ / +---+ / +---+ +---+ \ +---+ addr-->| 3 |-->| D |-- --->| 4 |-->msg +---+ +---+ \ +---+ +---+ / +---+ --->| 2 |-->| R |-- +---+ +---+ Figure 1 -- Rewriting set semantics D -- sender domain addition S -- mailer-specific sender rewriting R -- mailer-specific recipient rewriting ____________________________________________________________ SSMMMM::0088--4466 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee definitions from the configuration file. The _h_o_s_t is defined into the $$hh macro for use in the argv expansion of the specified mailer. Rulesets one and two are applied to all sender and recipient addresses respectively. They are applied before any specification in the mailer def- inition. They must never resolve. Ruleset four is applied to all addresses in the message. It is typically used to translate internal to external form. 55..11..44.. IIPPCC mmaaiilleerrss Some special processing occurs if the ruleset zero resolves to an IPC mailer (that is, a mailer that has "[IPC]" listed as the Path in the MM con- figuration line. The host name passed after "$@" has MX expansion performed; this looks the name up in DNS to find alternate delivery sites. The host name can also be provided as a dotted quad in square brackets; for example: [128.32.149.78] This causes direct conversion of the numeric value to a TCP/IP host address. The host name passed in after the "$@" may also be a colon-separated list of hosts. Each is separately MX expanded and the results are concate- nated to make (essentially) one long MX list. The intent here is to create "fake" MX records that are not published in DNS for private internal networks. As a final special case, the host name can be passed in as a text string in square brackets: [ucbvax.berkeley.edu] This form avoids the MX mapping. NN..BB..:: _T_h_i_s _i_s _i_n_t_e_n_d_e_d _o_n_l_y _f_o_r _s_i_t_u_a_t_i_o_n_s _w_h_e_r_e _y_o_u _h_a_v_e _a _n_e_t_- _w_o_r_k _f_i_r_e_w_a_l_l _o_r _o_t_h_e_r _h_o_s_t _t_h_a_t _w_i_l_l _d_o _s_p_e_c_i_a_l _p_r_o_c_e_s_s_i_n_g _f_o_r _a_l_l _y_o_u_r _m_a_i_l_, _s_o _t_h_a_t _y_o_u_r _M_X _r_e_c_o_r_d _p_o_i_n_t_s _t_o _a _g_a_t_e_w_a_y _m_a_c_h_i_n_e_; _t_h_i_s _m_a_c_h_i_n_e _c_o_u_l_d _t_h_e_n _d_o _d_i_r_e_c_t _d_e_l_i_v_e_r_y _t_o _m_a_c_h_i_n_e_s _w_i_t_h_i_n _y_o_u_r _l_o_c_a_l _d_o_m_a_i_n_. _U_s_e _o_f _t_h_i_s _f_e_a_t_u_r_e _d_i_r_e_c_t_l_y _v_i_o_l_a_t_e_s _R_F_C _1_1_2_3 _s_e_c_t_i_o_n _5_._3_._5_: _i_t _s_h_o_u_l_d _n_o_t _b_e _u_s_e_d _l_i_g_h_t_l_y_. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--4477 55..22.. DD ---- DDeeffiinnee MMaaccrroo Macros are named with a single character or with a word in {braces}. Single character names may be selected from the entire ASCII set, but user-defined macros should be selected from the set of upper case letters only. Lower case letters and special symbols are used internally. Long names beginning with a lower case letter or a punctuation character are reserved for use by sendmail, so user-defined long macro names should begin with an upper case letter. The syntax for macro definitions is: DD_x_v_a_l where _x is the name of the macro (which may be a sin- gle character or a word in braces) and _v_a_l is the value it should have. There should be no spaces given that do not actually belong in the macro value. Macros are interpolated using the construct $$_x, where _x is the name of the macro to be interpolated. This interpolation is done when the configuration file is read, except in MM lines. The special construct $$&&_x can be used in RR lines to get deferred interpolation. Conditionals can be specified using the syntax: $?x text1 $| text2 $. This interpolates _t_e_x_t_1 if the macro $$xx is set, and _t_e_x_t_2 otherwise. The "else" ($$||) clause may be omit- ted. Lower case macro names are reserved to have spe- cial semantics, used to pass information in or out of _s_e_n_d_m_a_i_l, and special characters are reserved to pro- vide conditionals, etc. Upper case names (that is, $$AA through $$ZZ) are specifically reserved for configura- tion file authors. The following macros are defined and/or used internally by _s_e_n_d_m_a_i_l for interpolation into argv's for mailers or for other contexts. The ones marked are information passed into sendmail15, the ones marked are information passed both in and out of sendmail, and the unmarked macros are passed out of ____________________ 15As of version 8.6, all of these macros have reasonable defaults. Previous versions required that they be defined. SSMMMM::0088--4488 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee sendmail but are not otherwise used internally. These macros are: $a The origination date in RFC 822 format. This is extracted from the Date: line. $b The current date in RFC 822 format. $c The hop count. This is a count of the number of Received: lines plus the value of the --hh command line flag. $d The current date in UNIX (ctime) format. $e (Obsolete; use SmtpGreetingMessage option instead.) The SMTP entry message. This is printed out when SMTP starts up. The first word must be the $$jj macro as specified by RFC821. Defaults to "$j Sendmail $v ready at $b". Com- monly redefined to include the configuration ver- sion number, e.g., "$j Sendmail $v/$Z ready at $b" $f The envelope sender (from) address. $g The sender address relative to the recipient. For example, if $$ff is "foo", $$gg will be "host!foo", "foo@host.domain", or whatever is appropriate for the receiving mailer. $h The recipient host. This is set in ruleset 0 from the $# field of a parsed address. $i The queue id, e.g., "HAA12345". $j The "official" domain name for this site. This is fully qualified if the full qualification can be found. It _m_u_s_t be redefined to be the fully qualified domain name if your system is not con- figured so that information can find it automati- cally. $k The UUCP node name (from the uname system call). $l (Obsolete; use UnixFromLine option instead.) The format of the UNIX from line. Unless you have changed the UNIX mailbox format, you should not change the default, which is "From $g $d". $m The domain part of the _g_e_t_h_o_s_t_n_a_m_e return value. Under normal circumstances, $$jj is equivalent to $$ww..$$mm. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--4499 $n The name of the daemon (for error messages). Defaults to "MAILER-DAEMON". $o (Obsolete: use OperatorChars option instead.) The set of "operators" in addresses. A list of characters which will be considered tokens and which will separate tokens when doing parsing. For example, if "@" were in the $$oo macro, then the input "a@b" would be scanned as three tokens: "a," "@," and "b." Defaults to ".:@[]", which is the minimum set necessary to do RFC 822 parsing; a richer set of operators is ".:%@!/[]", which adds support for UUCP, the %-hack, and X.400 addresses. $p Sendmail's process id. $q Default format of sender address. The $$qq macro specifies how an address should appear in a mes- sage when it is defaulted. Defaults to "<$g>". It is commonly redefined to be "$?x$x <$g>$|$g$." or "$g$?x ($x)$.", corresponding to the following two formats: Eric Allman <eric@CS.Berkeley.EDU> eric@CS.Berkeley.EDU (Eric Allman) _S_e_n_d_m_a_i_l properly quotes names that have special characters if the first form is used. $r Protocol used to receive the message. Set from the --pp command line flag or by the SMTP server code. $s Sender's host name. Set from the --pp command line flag or by the SMTP server code. $t A numeric representation of the current time. $u The recipient user. $v The version number of the _s_e_n_d_m_a_i_l binary. $w The hostname of this site. This is the root name of this host (but see below for caveats). $x The full name of the sender. $z The home directory of the recipient. $_ The validated sender address. SSMMMM::0088--5500 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee There are three types of dates that can be used. The $$aa and $$bb macros are in RFC 822 format; $$aa is the time as extracted from the "Date:" line of the message (if there was one), and $$bb is the current date and time (used for postmarks). If no "Date:" line is found in the incoming message, $$aa is set to the cur- rent time also. The $$dd macro is equivalent to the $$bb macro in UNIX (ctime) format. The macros $$ww, $$jj, and $$mm are set to the identity of this host. _S_e_n_d_m_a_i_l tries to find the fully quali- fied name of the host if at all possible; it does this by calling _g_e_t_h_o_s_t_n_a_m_e(2) to get the current hostname and then passing that to _g_e_t_h_o_s_t_b_y_n_a_m_e(3) which is supposed to return the canonical version of that host name.16 Assuming this is successful, $$jj is set to the fully qualified name and $$mm is set to the domain part of the name (everything after the first dot). The $$ww macro is set to the first word (everything before the first dot) if you have a level 5 or higher configura- tion file; otherwise, it is set to the same value as $$jj. If the canonification is not successful, it is imperative that the config file set $$jj to the fully qualified domain name17. The $$ff macro is the id of the sender as origi- nally determined; when mailing to a specific host the $$gg macro is set to the address of the sender _r_e_l_a_t_i_v_e _t_o _t_h_e _r_e_c_i_p_i_e_n_t_. For example, if I send to "bol- lard@matisse.CS.Berkeley.EDU" from the machine "van- gogh.CS.Berkeley.EDU" the $$ff macro will be "eric" and the $$gg macro will be "eric@vangogh.CS.Berkeley.EDU." The $$xx macro is set to the full name of the sender. This can be determined in several ways. It can be passed as flag to _s_e_n_d_m_a_i_l. It can be defined in the NAME environment variable. The third choice is the value of the "Full-Name:" line in the header if it exists, and the fourth choice is the comment field of a "From:" line. If all of these fail, and if the mes- sage is being originated locally, the full name is looked up in the _/_e_t_c_/_p_a_s_s_w_d file. When sending, the $$hh, $$uu, and $$zz macros get set to the host, user, and home directory (if local) of ____________________ 16For example, on some systems _g_e_t_h_o_s_t_n_a_m_e might return "foo" which would be mapped to "foo.bar.com" by _g_e_t_h_o_s_t_b_y_- _n_a_m_e. 17Older versions of sendmail didn't pre-define $$jj at all, so up until 8.6, config files _a_l_w_a_y_s had to define $$jj. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--5511 the recipient. The first two are set from the $$@@ and $$:: part of the rewriting rules, respectively. The $$pp and $$tt macros are used to create unique strings (e.g., for the "Message-Id:" field). The $$ii macro is set to the queue id on this host; if put into the timestamp line it can be extremely useful for tracking messages. The $$vv macro is set to be the ver- sion number of _s_e_n_d_m_a_i_l; this is normally put in timestamps and has been proven extremely useful for debugging. The $$cc field is set to the "hop count," i.e., the number of times this message has been processed. This can be determined by the --hh flag on the command line or by counting the timestamps in the message. The $$rr and $$ss fields are set to the protocol used to communicate with _s_e_n_d_m_a_i_l and the sending hostname. They can be set together using the --pp command line flag or separately using the --MM or --ooMM flags. The $$__ is set to a validated sender host name. If the sender is running an RFC 1413 compliant IDENT server and the receiver has the IDENT protocol turned on, it will include the user name on that host. 55..33.. CC aanndd FF ---- DDeeffiinnee CCllaasssseess Classes of phrases may be defined to match on the left hand side of rewriting rules, where a "phrase" is a sequence of characters that do not contain space characters. For example a class of all local names for this site might be created so that attempts to send to oneself can be eliminated. These can either be defined directly in the configuration file or read in from another file. Classes are named as a single letter or a word in {braces}. Class names beginning with lower case letters and special characters are reserved for system use. Classes defined in config files may be given names from the set of upper case letters for short names or beginning with an upper case letter for long names. The syntax is: CC_c_p_h_r_a_s_e_1 _p_h_r_a_s_e_2_._._. FF_c_f_i_l_e The first form defines the class _c to match any of the named words. It is permissible to split them among multiple lines; for example, the two forms: SSMMMM::0088--5522 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee CHmonet ucbmonet and CHmonet CHucbmonet are equivalent. The ``F'' form reads the elements of the class _c from the named _f_i_l_e. Elements of classes can be accessed in rules using $$== or $$~~. The $$~~ (match entries not in class) only matches a single word; multi-word entries in the class are ignored in this context. The class $$==ww is set to be the set of all names this host is known by. This can be used to match local hostnames. The class $$==kk is set to be the same as $$kk, that is, the UUCP node name. The class $$==mm is set to the set of domains by which this host is known, initially just $$mm. The class $$==tt is set to the set of trusted users by the TT configuration line. If you want to read trusted users from a file use FFtt_/_f_i_l_e_/_n_a_m_e. The class $$==nn can be set to the set of MIME body types that can never be eight to seven bit encoded. It defaults to "multipart/signed". Message types "message/*" and "multipart/*" are never encoded directly. Multipart messages are always handled recursively. The handling of message/* messages are controlled by class $$==ss. The class $$==ee contains the Content-Transfer-Encodings that can be 8->7 bit encoded. It is predefined to contain "7bit", "8bit", and "binary". The class $$==ss contains the set of sub- types of message that can be treated recursively. By default it contains only "rfc822". Other "message/*" types cannot be 8->7 bit encoded. If a message con- taining eight bit data is sent to a seven bit host, and that message cannot be encoded into seven bits, it will be stripped to 7 bits. _S_e_n_d_m_a_i_l can be compiled to allow a _s_c_a_n_f(3) string on the FF line. This lets you do simplistic parsing of text files. For example, to read all the user names in your system _/_e_t_c_/_p_a_s_s_w_d file into a class, use FL/etc/passwd %[^:] SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--5533 which reads every line up to the first colon. 55..44.. MM ---- DDeeffiinnee MMaaiilleerr Programs and interfaces to mailers are defined in this line. The format is: MM_n_a_m_e, {_f_i_e_l_d=_v_a_l_u_e}* where _n_a_m_e is the name of the mailer (used internally only) and the "field=name" pairs define attributes of the mailer. Fields are: Path The pathname of the mailer Flags Special flags for this mailer Sender Rewriting set(s) for sender addresses Recipient Rewriting set(s) for recipient addresses Argv An argument vector to pass to this mailer Eol The end-of-line string for this mailer Maxsize The maximum message length to this mailer Linelimit The maximum line length in the message body Directory The working directory for the mailer Userid The default user and group id to run as Nice The nice(2) increment for the mailer Charset The default character set for 8-bit characters Type The MTS type information (used for error messages) Only the first character of the field name is checked. The following flags may be set in the mailer description. Any other flags may be used freely to conditionally assign headers to messages destined for particular mailers. Flags marked with are not inter- preted by the _s_e_n_d_m_a_i_l binary; these are the conven- tionally used to correlate to the flags portion of the HH line. Flags marked with apply to the mailers for the sender address rather than the usual recipient mailers. a Run Extended SMTP (ESMTP) protocol (defined in RFCs 1651, 1652, and 1653). This flag defaults on if the SMTP greeting message includes the word "ESMTP". A Look up the user part of the address in the alias database. Normally this is only set for local mailers. b Force a blank line on the end of a message. This is intended to work around some stupid versions of /bin/mail that require a blank line, but do not provide it themselves. It would not normally be used on network mail. SSMMMM::0088--5544 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee c Do not include comments in addresses. This should only be used if you have to work around a remote mailer that gets confused by comments. This strips addresses of the form "Phrase <address>" or "address (Comment)" down to just "address". C If mail is _r_e_c_e_i_v_e_d from a mailer with this flag set, any addresses in the header that do not have an at sign ("@") after being rewritten by ruleset three will have the "@domain" clause from the sender envelope address tacked on. This allows mail with headers of the form: From: usera@hosta To: userb@hostb, userc to be rewritten as: From: usera@hosta To: userb@hostb, userc@hosta automatically. However, it doesn't really work reliably. D This mailer wants a "Date:" header line. e This mailer is expensive to connect to, so try to avoid connecting normally; any necessary connec- tion will occur during a queue run. E Escape lines beginning with "From" in the message with a `>' sign. f The mailer wants a --ff _f_r_o_m flag, but only if this is a network forward operation (i.e., the mailer will give an error if the executing user does not have special permissions). F This mailer wants a "From:" header line. g Normally, _s_e_n_d_m_a_i_l sends internally generated email (e.g., error messages) using the null return address as required by RFC 1123. However, some mailers don't accept a null return address. If necessary, you can set the gg flag to prevent _s_e_n_d_- _m_a_i_l from obeying the standards; error messages will be sent as from the MAILER-DAEMON (actually, the value of the $$nn macro). h Upper case should be preserved in host names for this mailer. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--5555 I This mailer will be speaking SMTP to another _s_e_n_d_- _m_a_i_l -- as such it can use special protocol fea- tures. This option is not required (i.e., if this option is omitted the transmission will still operate successfully, although perhaps not as efficiently as possible). k Normally when _s_e_n_d_m_a_i_l connects to a host via SMTP, it checks to make sure that this isn't acci- dently the same host name as might happen if _s_e_n_d_- _m_a_i_l is misconfigured or if a long-haul network interface is set in loopback mode. This flag dis- ables the loopback check. It should only be used under very unusual circumstances. K Currently unimplemented. Reserved for chunking. l This mailer is local (i.e., final delivery will be performed). L Limit the line lengths as specified in RFC821. This deprecated option should be replaced by the LL== mail declaration. For historic reasons, the LL flag also sets the 77 flag. m This mailer can send to multiple users on the same host in one transaction. When a $$uu macro occurs in the _a_r_g_v part of the mailer definition, that field will be repeated as necessary for all quali- fying users. M This mailer wants a "Message-Id:" header line. n Do not insert a UNIX-style "From" line on the front of the message. o Always run as the owner of the recipient mailbox. Normally _s_e_n_d_m_a_i_l runs as the sender for locally generated mail or as "daemon" (actually, the user specified in the uu option) when delivering network mail. The normal behaviour is required by most local mailers, which will not allow the envelope sender address to be set unless the mailer is run- ning as daemon. This flag is ignored if the SS flag is set. p Use the route-addr style reverse-path in the SMTP "MAIL FROM:" command rather than just the return address; although this is required in RFC821 sec- tion 3.1, many hosts do not process reverse-paths properly. Reverse-paths are officially discour- aged by RFC 1123. SSMMMM::0088--5566 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee P This mailer wants a "Return-Path:" line. r Same as ff, but sends a --rr flag. s Strip quote characters (" and \) off of the address before calling the mailer. S Don't reset the userid before calling the mailer. This would be used in a secure environment where _s_e_n_d_m_a_i_l ran as root. This could be used to avoid forged addresses. If the UU== field is also speci- fied, this flag causes the user id to always be set to that user and group (instead of leaving it as root). u Upper case should be preserved in user names for this mailer. U This mailer wants UUCP-style "From" lines with the ugly "remote from <host>" on the end. w The user must have a valid account on this machine, i.e., getpwnam must succeed. If not, the mail is bounced. This is required to get ".for- ward" capability. x This mailer wants a "Full-Name:" header line. X This mailer want to use the hidden dot algorithm as specified in RFC821; basically, any line begin- ning with a dot will have an extra dot prepended (to be stripped at the other end). This insures that lines in the message containing a dot will not terminate the message prematurely. 5 If no aliases are found for this address, pass the address through ruleset 5 for possible alternate resolution. This is intended to forward the mail to an alternate delivery spot. 7 Strip all output to seven bits. This is the default if the LL flag is set. Note that clearing this option is not sufficient to get full eight bit data passed through _s_e_n_d_m_a_i_l. If the 77 option is set, this is essentially always set, since the eighth bit was stripped on input. Note that this option will only impact messages that didn't have 8->7 bit MIME conversions performed. 8 If set, it is acceptable to send eight bit data to this mailer; the usual attempt to do 8->7 bit MIME conversions will be bypassed. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--5577 : Check addresses to see if they begin ":include:"; if they do, convert them to the "*include*" mailer. | Check addresses to see if they begin with a `|'; if they do, convert them to the "prog" mailer. / Check addresses to see if they begin with a `/'; if they do, convert them to the "*file*" mailer. @ Look up addresses in the user database. Configuration files prior to level 6 assume the `A', `w', `5', `:', `|', `/', and `@' options on the mailer named "local". The mailer with the special name "error" can be used to generate a user error. The (optional) host field is an exit status to be returned, and the user field is a message to be printed. The exit status may be numeric or one of the values USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG to return the corresponding EX_ exit code. For exam- ple, the entry: $#error $@ NOHOST $: Host unknown in this domain on the RHS of a rule will cause the specified error to be generated and the "Host unknown" exit status to be returned if the LHS matches. This mailer is only functional in rulesets zero or five. The mailer named "local" _m_u_s_t be defined in every configuration file. This is used to deliver local mail, and is treated specially in several ways. Addi- tionally, three other mailers named "prog", "*file*", and "*include*" may be defined to tune the delivery of messages to programs, files, and :include: lists respectively. They default to: Mprog, P=/bin/sh, F=lsD, A=sh -c $u M*file*, P=/dev/null, F=lsDFMPEu, A=FILE M*include*, P=/dev/null, F=su, A=INCLUDE The Sender and Recipient rewriting sets may either be a simple ruleset id or may be two ids sepa- rated by a slash; if so, the first rewriting set is applied to envelope addresses and the second is applied to headers. The Directory is actually a colon-separated path of directories to try. For example, the definition SSMMMM::0088--5588 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee "D=$z:/" first tries to execute in the recipient's home directory; if that is not available, it tries to execute in the root of the filesystem. This is intended to be used only on the "prog" mailer, since some shells (such as _c_s_h) refuse to execute if they cannot read the home directory. Since the queue directory is not normally readable by unprivileged users _c_s_h scripts as recipients can fail. The Userid specifies the default user and group id to run as, overriding the DDeeffaauullttUUsseerr option (q.v.). If the SS mailer flag is also specified, this is the user and group to run as in all circumstances. This may be given as _u_s_e_r_:_g_r_o_u_p to set both the user and group id; either may be an integer or a symbolic name to be looked up in the _p_a_s_s_w_d and _g_r_o_u_p files respectively. If only a symbolic user name is speci- fied, the group id in the _p_a_s_s_w_d file for that user is used as the group id. The Charset field is used when converting a mes- sage to MIME; this is the character set used in the Content-Type: header. If this is not set, the DDeeffaauullttCChhaarrsseett option is used, and if that is not set, the value "unknown-8bit" is used. WWAARRNNIINNGG:: this field applies to the sender's mailer, not the recipient's mailer. For example, if the envelope sender address lists an address on the local network and the recipi- ent is on an external network, the character set will be set from the Charset= field for the local network mailer, not that of the external network mailer. The Type= field sets the type information used in MIME error messages as defined by RFC XXX (not yet published). It is actually three values separated by slashes: the MTA-type (that is, the description of how hosts are named), the address type (the description of e-mail addresses), and the diagnostic type (the description of error diagnostic codes). Each of these must be a registered value or begin with "X-". The default is "dns/rfc822/smtp". 55..55.. HH ---- DDeeffiinnee HHeeaaddeerr The format of the header lines that _s_e_n_d_m_a_i_l inserts into the message are defined by the HH line. The syntax of this line is: HH[??_m_f_l_a_g_s??]_h_n_a_m_e:: _h_t_e_m_p_l_a_t_e Continuation lines in this spec are reflected directly into the outgoing message. The _h_t_e_m_p_l_a_t_e is macro expanded before insertion into the message. If the SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--5599 _m_f_l_a_g_s (surrounded by question marks) are specified, at least one of the specified flags must be stated in the mailer definition for this header to be automati- cally output. If one of these headers is in the input it is reflected to the output regardless of these flags. Some headers have special semantics that will be described later. 55..66.. OO ---- SSeett OOppttiioonn There are a number of global options that can be set from a configuration file. Options are repre- sented by full words; some are also representable as single characters for back compatibility. The syntax of this line is: OO _o_p_t_i_o_n==_v_a_l_u_e This sets option _o_p_t_i_o_n to be _v_a_l_u_e. Note that there _m_u_s_t be a space between the letter `O' and the name of the option. An older version is: OO_o_v_a_l_u_e where the option _o is a single character. Depending on the option, _v_a_l_u_e may be a string, an integer, a boolean (with legal values "t", "T", "f", or "F"; the default is TRUE), or a time interval. The options supported (with the old, one charac- ter names in brackets) are: AliasFile=_s_p_e_c_, _s_p_e_c_, _._._. [A] Specify possible alias file(s). Each _s_p_e_c should be in the format ``_c_l_a_s_s:: _f_i_l_e'' where _c_l_a_s_s:: is optional and defaults to ``implicit''. Depending on how _s_e_n_d_m_a_i_l is compiled, valid classes are "implicit" (search through a compiled-in list of alias file types, for back compatibility), "hash" (if NEWDB is specified), "dbm" (if NDBM is specified), "stab" (internal symbol table -- not normally used unless you have no other database lookup), or "nis" (if NIS is speci- fied). If a list of _s_p_e_cs are provided, _s_e_n_d_m_a_i_l searches them in order. AliasWait=_t_i_m_e_o_u_t [a] If set, wait up to _t_i_m_e_o_u_t (units default to minutes) for an "@:@" entry to exist in the alias database before starting SSMMMM::0088--6600 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee up. If it does not appear in the _t_i_m_e_o_u_t interval rebuild the database (if the AAuuttooRReebbuuiillddAAlliiaasseess option is also set) or issue a warning. AutoRebuildAliases [D] If set, rebuild the alias database if necessary and possible. If this option is not set, _s_e_n_d_m_a_i_l will never rebuild the alias database unless explicitly requested using --bbii. Not recommended -- can cause thrashing. BlankSub=_c [B] Set the blank substitution character to _c. Unquoted spaces in addresses are replaced by this character. Defaults to space (i.e., no change is made). CheckAliases [n] Validate the RHS of aliases when rebuilding the alias database. CheckpointInterval=_N [C] Checkpoints the queue every _N (default 10) addresses sent. If your system crashes during delivery to a large list, this pre- vents retransmission to any but the last recipients. ClassFactor=_f_a_c_t [z] The indicated _f_a_c_tor is multiplied by the message class (determined by the Prece- dence: field in the user header and the PP lines in the configuration file) and sub- tracted from the priority. Thus, messages with a higher Priority: will be favored. Defaults to 1800. ColonOkInAddr [no short name] If set, colons are accept- able in e-mail addresses (e.g., "host:user"). If not set, colons indicate the beginning of a RFC 822 group construct ("groupname: member1, member2, ... mem- berN;"). Doubled colons are always accept- able ("nodename::user") and proper route- addr nesting is understood ("<@relay:user@host>"). Furthermore, this option defaults on if the configuration ver- sion level is less than 6 (for back compati- bility). However, it must be off for full compatibility with RFC 822. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--6611 ConnectionCacheSize=_N [k] The maximum number of open connections that will be cached at a time. The default is one. This delays closing the current connection until either this invocation of _s_e_n_d_m_a_i_l needs to connect to another host or it terminates. Setting it to zero defaults to the old behavior, that is, connections are closed immediately. Since this consumes file descriptors, the connection cache should be kept small: 4 is probably a prac- tical maximum. ConnectionCacheTimeout=_t_i_m_e_o_u_t [K] The maximum amount of time a cached con- nection will be permitted to idle without activity. If this time is exceeded, the connection is immediately closed. This value should be small (on the order of ten minutes). Before _s_e_n_d_m_a_i_l uses a cached connection, it always sends a RSET command to check the connection; if this fails, it reopens the connection. This keeps your end from failing if the other end times out. The point of this option is to be a good network neighbor and avoid using up exces- sive resources on the other end. The default is five minutes. DaemonPortOptions=_o_p_t_i_o_n_s [O] Set server SMTP options. The options are _k_e_y_=_v_a_l_u_e pairs. Known keys are: Port Name/number of listening port (defaults to "smtp") Addr Address mask (defaults INADDR_ANY) Family Address family (defaults to INET) Listen Size of listen queue (defaults to 10) SndBufSizeSize of TCP send buffer RcvBufSizeSize of TCP receive buffer The _A_d_d_ress mask may be a numeric address in dot notation or a network name. DefaultCharSet=_c_h_a_r_s_e_t [no short name] When a message that has 8-bit characters but is not in MIME format is converted to MIME (see the EightBitMode option) a character set must be included in the Content-Type: header. This character set is normally set from the Charset= field of the mailer descriptor. If that is not set, the value of this option is used. If this option is not set, the value SSMMMM::0088--6622 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee "unknown-8bit" is used. DefaultUser=_u_s_e_r_:_g_r_o_u_p [u] Set the default userid for mailers to _u_s_e_r_:_g_r_o_u_p. If _g_r_o_u_p is omitted and _u_s_e_r is a user name (as opposed to a numeric user id) the default group listed in the /etc/passwd file for that user is used as the default group. Both _u_s_e_r and _g_r_o_u_p may be numeric. Mailers without the _S flag in the mailer definition will run as this user. Defaults to 1:1. The value can also be given as a symbolic user name.18 DeliveryMode=_x [d] Deliver in mode _x. Legal modes are: i Deliver interactively (synchronously) b Deliver in background (asynchronously) q Just queue the message (deliver during queue run) d Defer delivery and all map lookups (deliver during queue run) Defaults to ``b'' if no option is specified, ``i'' if it is specified but given no argu- ment (i.e., ``Od'' is equivalent to ``Odi''). The --vv command line flag sets this to ii. DialDelay=_s_l_e_e_p_t_i_m_e [no short name] Dial-on-demand network con- nections can see timeouts if a connection is opened before the call is set up. If this is set to an interval and a connection times out on the first connection being attempted _s_e_n_d_m_a_i_l will sleep for this amount of time and try again. This should give your system time to establish the connection to your service provider. Units default to seconds, so "DialDelay=5" uses a five second delay. Defaults to zero (no retry). DontExpandCnames [no short name] The standards say that all host addresses used in a mail message must be fully canonical. For example, if your host is named "Cruft.Foo.ORG" and also has an alias of "FTP.Foo.ORG", the former name must be used at all times. This is enforced ____________________ 18The old gg option has been combined into the DDeeffaauullttUUsseerr option. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--6633 during host name canonification ($[ ... $] lookups). If this option is set, the proto- cols are ignored and the "wrong" thing is done. However, the IETF is moving toward changing this standard, so the behaviour may become acceptable. Please note that hosts downstream may still rewrite the address to be the true canonical name however. DontInitGroups [no short name] If set, _s_e_n_d_m_a_i_l will avoid using the initgroups(3) call. If you are running NIS, this causes a sequential scan of the groups.byname map, which can cause your NIS server to be badly overloaded in a large domain. The cost of this is that the only group found for users will be their primary group (the one in the password file), which will make file access permis- sions somewhat more restrictive. Has no effect on systems that don't have group lists. DontPruneRoutes [R] Normally, _s_e_n_d_m_a_i_l tries to eliminate any unnecessary explicit routes when sending an error message (as discussed in RFC 1123 5.2.6). For example, when sending an error message to <@known1,@known2,@known3:user@unknown> _s_e_n_d_m_a_i_l will strip off the "@known1,@known2" in order to make the route as direct as possible. However, if the RR option is set, this will be disabled, and the mail will be sent to the first address in the route, even if later addresses are known. This may be useful if you are caught behind a firewall. EightBitMode=_a_c_t_i_o_n [8] Set handling of eight-bit data. There are two kinds of eight-bit data: that declared as such using the BBOODDYY==88BBIITTMMIIMMEE ESMTP declaration or the --BB88BBIITTMMIIMMEE command line flag, and undeclared 8-bit data, that is, input that just happens to be eight bits. There are three basic operations that can happen: undeclared 8-bit data can be automatically converted to 8BITMIME, unde- clared 8-bit data can be passed as-is with- out conversion to MIME (``just send 8''), SSMMMM::0088--6644 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee and declared 8-bit data can be converted to 7-bits for transmission to a non-8BITMIME mailer. The possible _a_c_t_i_o_ns are: s Reject undeclared 8-bit data (``strict'') m Convert undeclared 8-bit data to MIME (``mime'') p Pass undeclared 8-bit data (``pass'') In all cases properly declared 8BITMIME data will be converted to 7BIT as needed. ErrorHeader=_f_i_l_e_-_o_r_-_m_e_s_s_a_g_e [E] Prepend error messages with the indi- cated message. If it begins with a slash, it is assumed to be the pathname of a file containing a message (this is the recom- mended setting). Otherwise, it is a literal message. The error file might contain the name, email address, and/or phone number of a local postmaster who could provide assis- tance in to end users. If the option is missing or null, or if it names a file which does not exist or which is not readable, no message is printed. ErrorMode=_x [e] Dispose of errors using mode _x. The values for _x are: p Print error messages (default) q No messages, just give exit status m Mail back errors w Write back errors (mail if user not logged in) e Mail back errors and give zero exit stat always FallbackMXhost=_f_a_l_l_b_a_c_k_h_o_s_t [V] If specified, the _f_a_l_l_b_a_c_k_h_o_s_t acts like a very low priority MX on every host. This is intended to be used by sites with poor network connectivity. ForkEachJob [Y] If set, deliver each job that is run from the queue in a separate process. Use this option if you are short of memory, since the default tends to consume consider- able amounts of memory while the queue is being processed. ForwardPath=_p_a_t_h [J] Set the path for searching for users' .forward files. The default is SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--6655 "$z/.forward". Some sites that use the automounter may prefer to change this to "/var/forward/$u" to search a file with the same name as the user in a system directory. It can also be set to a sequence of paths separated by colons; _s_e_n_d_m_a_i_l stops at the first file it can successfully and safely open. For example, "/var/forward/$u:$z/.forward" will search first in /var/forward/_u_s_e_r_n_a_m_e and then in _~_u_s_e_r_n_a_m_e/.forward (but only if the first file does not exist). HelpFile=_f_i_l_e [H] Specify the help file for SMTP. HoldExpensive [c] If an outgoing mailer is marked as being expensive, don't connect immediately. This requires that queueing be compiled in, since it will depend on a queue run process to actually send the mail. IgnoreDots [i] Ignore dots in incoming messages. This is always disabled (that is, dots are always accepted) when reading SMTP mail. LogLevel=_n [L] Set the default log level to _n. Defaults to 9. M_x_v_a_l_u_e [no long version] Set the macro _x to _v_a_l_u_e. This is intended only for use from the com- mand line. The --MM flag is preferred. MatchGECOS [G] Allow fuzzy matching on the GECOS field. If this flag is set, and the usual user name lookups fail (that is, there is no alias with this name and a _g_e_t_p_w_n_a_m fails), sequentially search the password file for a matching entry in the GECOS field. This also requires that MATCHGECOS be turned on during compilation. This option is not rec- ommended. MaxHopCount=_N [h] The maximum hop count. Messages that have been processed more than _N times are assumed to be in a loop and are rejected. Defaults to 25. SSMMMM::0088--6666 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee MaxHostStatAge=_a_g_e [no short name] Not yet implemented. This option specifies how long host status infor- mation will be retained. For example, if a host is found to be down, connections to that host will not be retried for this interval. The units default to minutes. MaxQueueRunSize=_N [no short name] The maximum number of jobs that will be processed in a single queue run. If not set, there is no limit on the size. If you have very large queues or a very short queue run interval this could be unstable. However, since the first _N jobs in queue directory order are run (rather than the _N highest priority jobs) this should be set as high as possible to avoid "losing" jobs that happen to fall late in the queue directory. MeToo [m] Send to me too, even if I am in an alias expansion. MaxMessageSize=_N [no short name] Specify the maximum message size to be advertised in the ESMTP EHLO response. Messages larger than this will be rejected. MinFreeBlocks=_N [b] Insist on at least _N blocks free on the filesystem that holds the queue files before accepting email via SMTP. If there is insufficient space _s_e_n_d_m_a_i_l gives a 452 response to the MAIL command. This invites the sender to try again later. MinQueueAge=age [no short name] Don't process any queued jobs that have been in the queue less than the indicated time interval. This is intended to allow you to get responsiveness by processing the queue fairly frequently without thrashing your system by trying jobs too often. The default units are minutes. NoRecipientAction [no short name] The action to take when you receive a message that has no valid recipi- ent headers (To:, Cc:, Bcc:). It can be NNoonnee to pass the message on unmodified, which violates the protocol, AAdddd--TToo to add a SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--6677 To: header with any recipients it can find in the envelope (which might expose Bcc: recipients), AAdddd--AAppppaarreennttllyy--TToo to add an Apparently-To: header (this is only for back-compatibility and is officially depre- cated), AAdddd--TToo--UUnnddiisscclloosseedd to add a header "To: undisclosed-recipients:;" to make the header legal without disclosing anything, or AAdddd--BBcccc to add an empty Bcc: header. OldStyleHeaders [o] Assume that the headers may be in old format, i.e., spaces delimit names. This actually turns on an adaptive algorithm: if any recipient address contains a comma, parenthesis, or angle bracket, it will be assumed that commas already exist. If this flag is not on, only commas delimit names. Headers are always output with commas between the names. Defaults to off. OperatorChars=_c_h_a_r_l_i_s_t [$o macro] The list of characters that are considered to be "operators", that is, char- acters that delimit tokens. All operator characters are tokens by themselves; sequences of non-operator characters are also tokens. White space characters sepa- rate tokens but are not tokens themselves -- for example, "AAA.BBB" has three tokens, but "AAA BBB" has two. If not set, Operator- Chars defaults to ".:@[]"; additionally, the characters "()<>,;" are always operators. PostmasterCopy=_p_o_s_t_m_a_s_t_e_r [P] If set, copies of error messages will be sent to the named _p_o_s_t_m_a_s_t_e_r. Only the header of the failed message is sent. Since most errors are user problems, this is prob- ably not a good idea on large sites, and arguably contains all sorts of privacy vio- lations, but it seems to be popular with certain operating systems vendors. Defaults to no postmaster copies. PrivacyOptions=_o_p_t_,_o_p_t_,_._._. [p] Set the privacy _o_p_tions. ``Privacy'' is really a misnomer; many of these are just a way of insisting on stricter adherence to the SMTP protocol. The _o_p_tions can be selected from: SSMMMM::0088--6688 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee public Allow open access needmailhelo Insist on HELO or EHLO command before MAIL needexpnhelo Insist on HELO or EHLO command before EXPN noexpn Disallow EXPN entirely needvrfyhelo Insist on HELO or EHLO command before VRFY novrfy Disallow VRFY entirely restrictmailq Restrict mailq command restrictqrun Restrict -q command line flag noreceipts Don't return success DSNs goaway Disallow essentially all SMTP status queries authwarnings Put X-Authentication-Warning: headers in messages The "goaway" pseudo-flag sets all flags except "restrictmailq" and "restrictqrun". If mailq is restricted, only people in the same group as the queue directory can print the queue. If queue runs are restricted, only root and the owner of the queue direc- tory can run the queue. Authentication Warnings add warnings about various condi- tions that may indicate attempts to spoof the mail system, such as using an non- standard queue directory. QueueDirectory=_d_i_r [Q] Use the named _d_i_r as the queue direc- tory. QueueFactor=_f_a_c_t_o_r [q] Use _f_a_c_t_o_r as the multiplier in the map function to decide when to just queue up jobs rather than run them. This value is divided by the difference between the cur- rent load average and the load average limit (QQuueeuueeLLAA option) to determine the maximum message priority that will be sent. Defaults to 600000. QueueLA=_L_A [x] When the system load average exceeds _L_A, just queue messages (i.e., don't try to send them). Defaults to 8. QueueSortOrder=_a_l_g_o_r_i_t_h_m [no short name] Sets the _a_l_g_o_r_i_t_h_m used for sorting the queue. Only the first character of the value is used. Legal values are "host" (to order by the name of the first host name of the first recipient) and "pri- ority" (to order strictly by message prior- ity). Host ordering makes better use of the connection cache, but may tend to process low priority messages that go to a single SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--6699 host over high priority messages that go to several hosts; it probably shouldn't be used on slow network links. Priority ordering is the default. ResolverOptions=_o_p_t_i_o_n_s [I] Set resolver options. Values can be set using ++_f_l_a_g and cleared using --_f_l_a_g; the _f_l_a_gs can be "debug", "aaonly", "usevc", "primary", "igntc", "recurse", "defnames", "stayopen", or "dnsrch". The string "HasWildcardMX" (without a ++ or --) can be specified to turn off matching against MX records when doing name canonifications. NN..BB.. Prior to 8.7, this option indicated that the name server be responding in order to accept addresses. This has been replaced by checking to see if the "dns" method is listed in the service switch entry for the "hosts" service. SmtpGreetingMessage=_m_e_s_s_a_g_e [$e macro] The message printed when the SMTP server starts up. Defaults to "$j Sendmail $v ready at $b". Timeout._t_y_p_e=_t_i_m_e_o_u_t [r; subsumes old T option as well] Set time- out values. The actual timeout is indicated by the _t_y_p_e. The recognized timeouts and their default values, and their minimum val- ues specified in RFC 1123 section 5.3.2 are: initial wait for initial greeting message [5m, 5m] helo reply to HELO or EHLO command [5m, none] mail reply to MAIL command [10m, 5m] rcpt reply to RCPT command [1h, 5m] datainit reply to DATA command [5m, 2m] datablock data block read [1h, 3m] datafinal reply to final ``.'' in data [1h, 10m] rset reply to RSET command [5m, none] quit reply to QUIT command [2m, none] misc reply to NOOP and VERB commands [2m, none] ident IDENT protocol timeout [30s, none] fileopen timeout on opening .forward and :include: files [60s, none] command command read [1h, 5m] queuereturn how long until a message is returned [5d, 5d] queuewarn how long until a warning is sent [none, none] All but those marked with a dagger () apply to client SMTP. If the message is submitted using the NOTIFY SMTP extension, warning messages will only be sent if NOTIFY=DELAY SSMMMM::0088--7700 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee is specified. The queuereturn and queuewarn timeouts can be further qualified with a tag based on the Precedence: field in the mes- sage; they must be one of "urgent" (indicat- ing a positive non-zero precedence) "normal" (indicating a zero precedence), or "non- urgent" (indicating negative precedences). For example, setting "Time- out.queuewarn.urgent=1h" sets the warning timeout for urgent messages only to one hour. The default if no precedence is indi- cated is to set the timeout for all prece- dences. RecipientFactor=_f_a_c_t [y] The indicated _f_a_c_tor is added to the priority (thus _l_o_w_e_r_i_n_g the priority of the job) for each recipient, i.e., this value penalizes jobs with large numbers of recipi- ents. Defaults to 30000. RefuseLA=_L_A [X] When the system load average exceeds _L_A, refuse incoming SMTP connections. Defaults to 12. RetryFactor=_f_a_c_t [Z] The _f_a_c_tor is added to the priority every time a job is processed. Thus, each time a job is processed, its priority will be decreased by the indicated value. In most environments this should be positive, since hosts that are down are all too often down for a long time. Defaults to 90000. SaveFromLine [f] Save Unix-style "From" lines at the front of headers. Normally they are assumed redundant and discarded. SendMIMEErrors [j] If set, send error messages in MIME for- mat (see RFC1521 and RFC1344 for details). ServiceSwitchFile=_f_i_l_e_n_a_m_e [no short name] If your host operating sys- tem has a service switch abstraction (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf on Ultrix and DEC OSF/1) that service will be consulted and this option is ignored. Otherwise, this is the name of a file that provides the list of methods used to implement particular services. The SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--7711 syntax is a series of lines, each of which is a sequence of words. The first word is the service name, and following words are service types. The services that _s_e_n_d_m_a_i_l consults directly are "aliases" and "hosts." Service types can be "dns", "nis", "nis- plus", or "files" (with the caveat that the appropriate support must be compiled in before the service can be referenced). If ServiceSwitchFile is not specified, it defaults to /etc/service.switch. If that file does not exist, the default switch is: aliases files hosts dns nis files The default file is "/etc/service.switch". SevenBitInput [7] Strip input to seven bits for compati- bility with old systems. This shouldn't be necessary. StatusFile=_f_i_l_e [S] Log summary statistics in the named _f_i_l_e. If not set, no summary statistics are saved. This file does not grow in size. It can be printed using the _m_a_i_l_s_t_a_t_s(8) pro- gram. SuperSafe [s] Be super-safe when running things, i.e., always instantiate the queue file, even if you are going to attempt immediate delivery. _S_e_n_d_m_a_i_l always instantiates the queue file before returning control the client under any circumstances. This should really _a_l_w_a_y_s be set. TempFileMode=_m_o_d_e [F] The file mode for queue files. It is interpreted in octal by default. Defaults to 0600. TimeZoneSpec=_t_z_i_n_f_o [t] Set the local time zone info to _t_z_i_n_f_o -- for example, "PST8PDT". Actually, if this is not set, the TZ environment variable is cleared (so the system default is used); if set but null, the user's TZ variable is used, and if set and non-null the TZ vari- able is set to this value. SSMMMM::0088--7722 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee TryNullMXList [w] If this system is the "best" (that is, lowest preference) MX for a given host, its configuration rules should normally detect this situation and treat that condition spe- cially by forwarding the mail to a UUCP feed, treating it as local, or whatever. However, in some cases (such as Internet firewalls) you may want to try to connect directly to that host as though it had no MX records at all. Setting this option causes _s_e_n_d_m_a_i_l to try this. The downside is that errors in your configuration are likely to be diagnosed as "host unknown" or "message timed out" instead of something more mean- ingful. This option is disrecommended. UnixFromLine=_f_r_o_m_l_i_n_e [$l macro] Defines the format used when _s_e_n_d_m_a_i_l must add a UNIX-style From_ line (that is, a line beginning "From<space>user"). Defaults to "From $g $d". Don't change this unless your system uses a different UNIX mailbox format (very unlikely). UseErrorsTo [l] If there is an "Errors-To:" header, send error messages to the addresses listed there. They normally go to the envelope sender. Use of this option causes _s_e_n_d_m_a_i_l to violate RFC 1123. This option is disrec- ommended and deprecated. UserDatabaseSpec=_u_d_b_s_p_e_c [U] The user database specification. Verbose [v] Run in verbose mode. If this is set, _s_e_n_d_m_a_i_l adjusts options HHoollddEExxppeennssiivvee (old cc) and DDeelliivveerryyMMooddee (old dd) so that all mail is delivered completely in a single job so that you can see the entire delivery pro- cess. Option VVeerrbboossee should _n_e_v_e_r be set in the configuration file; it is intended for command line use only. All options can be specified on the command line using the -O or -o flag, but most will cause _s_e_n_d_m_a_i_l to relinquish its setuid permissions. The options that will not cause this are MinFreeBlocks [b], Delivery- Mode [d], ErrorMode [e], IgnoreDots [i], LogLevel [L], MeToo [m], OldStyleHeaders [o], PrivacyOptions [p], Timeouts [r], SuperSafe [s], Verbose [v], SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--7733 CheckpointInterval [C], and SevenBitInput [7]. Also, M (define macro) when defining the r or s macros is also considered "safe". 55..77.. PP ---- PPrreecceeddeennccee DDeeffiinniittiioonnss Values for the "Precedence:" field may be defined using the PP control line. The syntax of this field is: PP_n_a_m_e==_n_u_m When the _n_a_m_e is found in a "Precedence:" field, the message class is set to _n_u_m. Higher numbers mean higher precedence. Numbers less than zero have the special property that if an error occurs during pro- cessing the body of the message will not be returned; this is expected to be used for "bulk" mail such as through mailing lists. The default precedence is zero. For example, our list of precedences is: Pfirst-class=0 Pspecial-delivery=100 Plist=-30 Pbulk=-60 Pjunk=-100 People writing mailing list exploders are encouraged to use "Precedence: list". Older versions of _s_e_n_d_m_a_i_l (which discarded all error returns for negative prece- dences) didn't recognize this name, giving it a default precedence of zero. This allows list main- tainers to see error returns on both old and new ver- sions of _s_e_n_d_m_a_i_l. 55..88.. VV ---- CCoonnffiigguurraattiioonn VVeerrssiioonn LLeevveell To provide compatibility with old configuration files, the VV line has been added to define some very basic semantics of the configuration file. These are not intended to be long term supports; rather, they describe compatibility features which will probably be removed in future releases. NN..BB..:: these version _l_e_v_e_l_s have nothing to do with the version _n_u_m_b_e_r on the files. For example, as of this writing version 8 config files (specifically, 8.7) used version level 6 configurations. "Old" configuration files are defined as version level one. Version level two files make the following changes: SSMMMM::0088--7744 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee (1) Host name canonification ($[ ... $]) appends a dot if the name is recognized; this gives the config file a way of finding out if anything matched. (Actually, this just initializes the "host" map with the "-a." flag -- you can reset it to anything you prefer by declaring the map explicitly.) (2) Default host name extension is consistent throughout processing; version level one con- figurations turned off domain extension (that is, adding the local domain name) during cer- tain points in processing. Version level two configurations are expected to include a trail- ing dot to indicate that the name is already canonical. (3) Local names that are not aliases are passed through a new distinguished ruleset five; this can be used to append a local relay. This behaviour can be prevented by resolving the local name with an initial `@'. That is, some- thing that resolves to a local mailer and a user name of "vikki" will be passed through ruleset five, but a user name of "@vikki" will have the `@' stripped, will not be passed through ruleset five, but will otherwise be treated the same as the prior example. The expectation is that this might be used to implement a policy where mail sent to "vikki" was handled by a central hub, but mail sent to "vikki@localhost" was delivered directly. Version level three files allow # initiated com- ments on all lines. Exceptions are backslash escaped # marks and the $# syntax. Version level four configurations are completely equivalent to level three for historical reasons. Version level five configuration files change the default definition of $$ww to be just the first compo- nent of the hostname. Version level six configuration files change many of the local processing options (such as aliasing and matching the beginning of the address for `|' charac- ters) to be mailer flags; this allows fine-grained control over the special local processing. Level six configuration files may also use long option names. The CCoolloonnOOkkIInnAAddddrr option (to allow colons in the local-part of addresses) defaults oonn for lower num- bered configuration files; the configuration file SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--7755 requires some additional intelligence to properly han- dle the RFC 822 group construct. The VV line may have an optional //_v_e_n_d_o_r to indi- cate that this configuration file uses modifications specific to a particular vendor19. You may use "/Berkeley" to emphasize that this configuration file uses the Berkeley dialect of _s_e_n_d_m_a_i_l. 55..99.. KK ---- KKeeyy FFiillee DDeeccllaarraattiioonn Special maps can be defined using the line: Kmapname mapclass arguments The _m_a_p_n_a_m_e is the handle by which this map is refer- enced in the rewriting rules. The _m_a_p_c_l_a_s_s is the name of a type of map; these are compiled in to _s_e_n_d_- _m_a_i_l. The _a_r_g_u_m_e_n_t_s are interpreted depending on the class; typically, there would be a single argument naming the file containing the map. Maps are referenced using the syntax: $( _m_a_p _k_e_y $@ _a_r_g_u_m_e_n_t_s $: _d_e_f_a_u_l_t $) where either or both of the _a_r_g_u_m_e_n_t_s or _d_e_f_a_u_l_t por- tion may be omitted. The _$_@ _a_r_g_u_m_e_n_t_s may appear more than once. The indicated _k_e_y and _a_r_g_u_m_e_n_t_s are passed to the appropriate mapping function. If it returns a value, it replaces the input. If it does not return a value and the _d_e_f_a_u_l_t is specified, the _d_e_f_a_u_l_t replaces the input. Otherwise, the input is unchanged. During replacement of either a map value or default the string "%_n" (where _n is a digit) is replaced by the corresponding _a_r_g_u_m_e_n_t. Argument zero is always the database key. For example, the rule R$- ! $+ $: $(uucp $1 $@ $2 $: %1 @ %0 . UUCP $) Looks up the UUCP name in a (user defined) UUCP map; if not found it turns it into ".UUCP" form. The database might contain records like: ____________________ 19And of course, vendors are encouraged to add themselves to the list of recognized vendors by editing the routine _s_e_t_v_e_n_d_o_r in _c_o_n_f_._c. Please send e-mail to send- mail@CS.Berkeley.EDU to register your vendor dialect. SSMMMM::0088--7766 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee decvax %1@%0.DEC.COM research %1@%0.ATT.COM The built in map with both name and class "host" is the host name canonicalization lookup. Thus, the syntax: $(host _h_o_s_t_n_a_m_e$) is equivalent to: $[_h_o_s_t_n_a_m_e$] There are many defined classes. dbm Database lookups using the ndbm(3) library. _S_e_n_d_m_a_i_l must be compiled with DDBBMM defined. btree Database lookups using the btree interface to the Berkeley db(3) library. _S_e_n_d_m_a_i_l must be compiled with NNEEWWDDBB defined. hash Database lookups using the hash interface to the Berkeley db(3) library. _S_e_n_d_m_a_i_l must be compiled with NNEEWWDDBB defined. nis NIS lookups. _S_e_n_d_m_a_i_l must be compiled with NNIISS defined. nisplus NIS+ lookups. _S_e_n_d_m_a_i_l must be compiled with NNIISSPPLLUUSS defined. The argument is the name of the table to use for lookups, and the --kk and --vv flags may be used to set the key and value columns respectively. hesiod Hesiod lookups. _S_e_n_d_m_a_i_l must be compiled with HHEESSIIOODD defined. netinfo NeXT NetInfo lookups. _S_e_n_d_m_a_i_l must be com- piled with NNEETTIINNFFOO defined. text Text file lookups. The format of the text file is defined by the --kk (key field num- ber), --vv (value field number), and --zz (field delimiter) flags. stab Internal symbol table lookups. Used inter- nally for aliasing. implicit Really should be called "alias" -- this is used to get the default lookups for alias SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--7777 files, and is the default if no class is specified for alias files. user Looks up users using _g_e_t_p_w_n_a_m(3). The --vv flag can be used to specify the name of the field to return (although this is normally used only to check the existence of a user). host Canonifies host domain names. Given a host name it calls the name server to find the canonical name for that host. sequence The arguments on the `K' line are a list of maps; the resulting map searches the argu- ment maps in order until it finds a match for the indicated key. For example, if the key definition is: Kmap1 ... Kmap2 ... Kseqmap sequence map1 map2 then a lookup against "seqmap" first does a lookup in map1. If that is found, it returns immediately. Otherwise, the same key is used for map2. switch Much like the "sequence" map except that the order of maps is determined by the service switch. The argument is the name of the service to be looked up; the values from the service switch are appended to the service name to create new map names. For example, consider the key definition: Kali switch aliases together with the service switch entry: aliases nis files This causes a query against the map "ali" to search maps named "aliases.nis" and "aliases.files" in that order. dequote Strip double quotes (") from a name. It does not strip backslashes, and will not strip quotes if the resulting string would contain unscannable syntax (that is, basic errors like unbalanced angle brackets; more sophisticated errors such as unknown hosts are not checked). The intent is for use when trying to accept mail from systems such SSMMMM::0088--7788 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee as DECnet that routinely quote odd syntax such as "49ers::ubell" A typical usage is probably something like: Kdequote dequote ... R$- $: $(dequote $1 $) R$- $+ $: $>3 $1 $2 Care must be taken to prevent unexpected results; for example, "|someprogram < input > output" will have quotes stripped, but the result is probably not what you had in mind. Fortu- nately these cases are rare. Most of these accept as arguments the same optional flags and a filename (or a mapname for NIS; the filename is the root of the database path, so that ".db" or some other extension appropriate for the database type will be added to get the actual database name). Known flags are: -o Indicates that this map is optional -- that is, if it cannot be opened, no error is pro- duced, and _s_e_n_d_m_a_i_l will behave as if the map existed but was empty. -N, -O If neither --NN or --OO are specified, _s_e_n_d_m_a_i_l uses an adaptive algorithm to decide whether or not to look for null bytes on the end of keys. It starts by trying both; if it finds any key with a null byte it never tries again without a null byte and vice versa. If --NN is specified it never tries without a null byte and if --OO is specified it never tries with a null byte. Setting one of these can speed matches but are never neces- sary. If both --NN and --OO are specified, _s_e_n_d_m_a_i_l will never try any matches at all -- that is, everything will appear to fail. -a_x Append the string _x on successful matches. For example, the default _h_o_s_t map appends a dot on successful matches. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--7799 -f Do not fold upper to lower case before look- ing up the key. -m Match only (without replacing the value). If you only care about the existence of a key and not the value (as you might when searching the NIS map "hosts.byname" for example), this flag prevents the map from substituting the value. However, The -a argument is still appended on a match, and the default is still taken if the match fails. -k_k_e_y_c_o_l The key column name (for NIS+) or number (for text lookups). -v_v_a_l_c_o_l The value column name (for NIS+) or number (for text lookups). -z_d_e_l_i_m The column delimiter (for text lookups). It can be a single character or one of the spe- cial strings "\n" or "\t" to indicate new- line or tab respectively. If omitted entirely, the column separator is any sequence of whitespace. -s_s_p_a_c_e_s_u_b For the dequote map only, the character to use to replace space characters after a suc- cessful dequote. The _d_b_m map appends the strings ".pag" and ".dir" to the given filename; the two _d_b-based maps append ".db". For example, the map specification Kuucp dbm -o -N /usr/lib/uucpmap specifies an optional map named "uucp" of class "dbm"; it always has null bytes at the end of every string, and the data is located in /usr/lib/uucpmap.{dir,pag}. The program _m_a_k_e_m_a_p(8) can be used to build any of the three database-oriented maps. It takes the following flags: -f Do not fold upper to lower case in the map. -N Include null bytes in keys. -o Append to an existing (old) file. -r Allow replacement of existing keys; nor- mally, re-inserting an existing key is an SSMMMM::0088--8800 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee error. -v Print what is happening. The _s_e_n_d_m_a_i_l daemon does not have to be restarted to read the new maps as long as you change them in place; file locking is used so that the maps won't be read while they are being updated.20 New classes can be added in the routine sseettuuppmmaappss in file ccoonnff..cc. 55..1100.. TThhee UUsseerr DDaattaabbaassee If you have a version of _s_e_n_d_m_a_i_l with the user database package compiled in, the handling of sender and recipient addresses is modified. The location of this database is controlled with the UUsseerrDDaattaabbaasseeSSppeecc option. 55..1100..11.. SSttrruuccttuurree ooff tthhee uusseerr ddaattaabbaassee The database is a sorted (BTree-based) struc- ture. User records are stored with the key: _u_s_e_r_-_n_a_m_e::_f_i_e_l_d_-_n_a_m_e The sorted database format ensures that user records are clustered together. Meta-information is always stored with a leading colon. Field names define both the syntax and seman- tics of the value. Defined fields include: maildrop The delivery address for this user. There may be multiple values of this record. In particular, mailing lists will have one _m_a_i_l_d_r_o_p record for each user on the list. mailname The outgoing mailname for this user. For each outgoing name, there should be an appropriate _m_a_i_l_d_r_o_p record for that name to allow return mail. See also _:_d_e_f_a_u_l_t_:_m_a_i_l_n_a_m_e. ____________________ 20That is, don't create new maps and then use _m_v(1) to move them into place. Since the maps are already open the new maps will never be seen. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--8811 mailsender Changes any mail sent to this address to have the indicated envelope sender. This is intended for mailing lists, and will normally be the name of an appropriate -request address. It is very similar to the owner-_l_i_s_t syntax in the alias file. fullname The full name of the user. office-address The office address for this user. office-phone The office phone number for this user. office-fax The office FAX number for this user. home-address The home address for this user. home-phone The home phone number for this user. home-fax The home FAX number for this user. project A (short) description of the project this person is affiliated with. In the Uni- versity this is often just the name of their graduate advisor. plan A pointer to a file from which plan information can be gathered. As of this writing, only a few of these fields are actually being used by _s_e_n_d_m_a_i_l: _m_a_i_l_d_r_o_p and _m_a_i_l_n_a_m_e. A _f_i_n_g_e_r program that uses the other fields is planned. 55..1100..22.. UUsseerr ddaattaabbaassee sseemmaannttiiccss When the rewriting rules submit an address to the local mailer, the user name is passed through the alias file. If no alias is found (or if the alias points back to the same address), the name (with ":maildrop" appended) is then used as a key in the user database. If no match occurs (or if the maildrop points at the same address), forward- ing is tried. If the first token of the user name returned by ruleset 0 is an "@" sign, the user database SSMMMM::0088--8822 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee lookup is skipped. The intent is that the user database will act as a set of defaults for a clus- ter (in our case, the Computer Science Division); mail sent to a specific machine should ignore these defaults. When mail is sent, the name of the sending user is looked up in the database. If that user has a "mailname" record, the value of that record is used as their outgoing name. For example, I might have a record: eric:mailname Eric.Allman@CS.Berkeley.EDU This would cause my outgoing mail to be sent as Eric.Allman. If a "maildrop" is found for the user, but no corresponding "mailname" record exists, the record ":default:mailname" is consulted. If present, this is the name of a host to override the local host. For example, in our case we would set it to "CS.Berkeley.EDU". The effect is that anyone known in the database gets their outgoing mail stamped as "user@CS.Berkeley.EDU", but people not listed in the database use the local hostname. 55..1100..33.. CCrreeaattiinngg tthhee ddaattaabbaassee2211 The user database is built from a text file using the _m_a_k_e_m_a_p utility (in the distribution in the makemap subdirectory). The text file is a series of lines corresponding to userdb records; each line has a key and a value separated by white space. The key is always in the format described above -- for example: eric:maildrop This file is normally installed in a system direc- tory; for example, it might be called _/_e_t_c_/_u_s_e_r_d_b. To make the database version of the map, run the program: makemap btree /etc/userdb.db < /etc/userdb Then create a config file that uses this. For ____________________ 21These instructions are known to be incomplete. A fu- ture version of the user database is planned including things such as finger service -- and good documentation. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--8833 example, using the V8 M4 configuration, include the following line in your .mc file: define(`confUSERDB_SPEC', /etc/userdb.db) 66.. OOTTHHEERR CCOONNFFIIGGUURRAATTIIOONN There are some configuration changes that can be made by recompiling _s_e_n_d_m_a_i_l. This section describes what changes can be made and what has to be modified to make them. In most cases this should be unnecessary unless you are porting _s_e_n_d_m_a_i_l to a new environment. 66..11.. PPaarraammeetteerrss iinn ssrrcc//MMaakkeeffiillee These parameters are intended to describe the compilation environment, not site policy, and should normally be defined in src/Makefile. NDBM If set, the new version of the DBM library that allows multiple databases will be used. If neither NDBM nor NEWDB are set, a much less efficient method of alias lookup is used. NEWDB If set, use the new database package from Berkeley (from 4.4BSD). This package is substantially faster than DBM or NDBM. If NEWDB and NDBM are both set, _s_e_n_d_m_a_i_l will read DBM files, but will create and use NEWDB files. NIS Include support for NIS. If set together with _b_o_t_h NEWDB and NDBM, _s_e_n_d_m_a_i_l will cre- ate both DBM and NEWDB files if and only if an alias file includes the substring "/yp/" in the name. This is intended for compati- bility with Sun Microsystems' _m_k_a_l_i_a_s pro- gram used on YP masters. NISPLUS Compile in support for NIS+. NETINFO Compile in support for NetInfo (NeXT sta- tions). HESIOD Compile in support for Hesiod. _PATH_SENDMAILCF The pathname of the sendmail.cf file. _PATH_SENDMAILPID The pathname of the sendmail.pid file. SSMMMM::0088--8844 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee There are also several compilation flags to indi- cate the environment such as "_AIX3" and "_SCO_unix_". See the READ_ME file for the latest scoop on these flags. 66..22.. PPaarraammeetteerrss iinn ssrrcc//ccoonnff..hh Parameters and compilation options are defined in conf.h. Most of these need not normally be tweaked; common parameters are all in sendmail.cf. However, the sizes of certain primitive vectors, etc., are included in this file. The numbers following the parameters are their default value. This document is not the best source of informa- tion for compilation flags in conf.h -- see src/READ_ME or src/conf.h itself. MAXLINE [2048] The maximum line length of any input line. If message lines exceed this length they will still be processed correctly; how- ever, header lines, configuration file lines, alias lines, etc., must fit within this limit. MAXNAME [256] The maximum length of any name, such as a host or a user name. MAXPV [40] The maximum number of parameters to any mailer. This limits the number of recipi- ents that may be passed in one transac- tion. It can be set to any arbitrary num- ber above about 10, since _s_e_n_d_m_a_i_l will break up a delivery into smaller batches as needed. A higher number may reduce load on your system, however. MAXATOM [100] The maximum number of atoms (tokens) in a single address. For example, the address "eric@CS.Berkeley.EDU" is seven atoms. MAXMAILERS [25] The maximum number of mailers that may be defined in the configuration file. MAXRWSETS [200] The maximum number of rewriting sets that may be defined. The first half of these are reserved for numeric specification (e.g., ``S92''), while the upper half are SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--8855 reserved for auto-numbering (e.g., ``Sfoo''). Thus, with a value of 200 an attempt to use ``S99'' will succeed, but ``S100'' will fail. MAXPRIORITIES [25] The maximum number of values for the "Precedence:" field that may be defined (using the PP line in sendmail.cf). MAXUSERENVIRON [100] The maximum number of items in the user environment that will be passed to subor- dinate mailers. MAXMXHOSTS [20] The maximum number of MX records we will accept for any single host. MAXALIASDB [12] The maximum number of alias databases that can be open at any time. Note that there may also be an open file limit. MAXMAPSTACK [12] The maximum number of maps that may be "stacked" in a sseeqquueennccee class map. MAXMIMEARGS [20] The maximum number of arguments in a MIME Content-Type: header; additional arguments will be ignored. MAXMIMENESTING [20] The maximum depth to which MIME messages may be nested (that is, nested Message or Multipart documents; this does not limit the number of components in a single Mul- tipart document). A number of other compilation options exist. These specify whether or not specific code should be com- piled in. Ones marked with are 0/1 valued. NETINET If set, support for Internet protocol net- working is compiled in. Previous versions of _s_e_n_d_m_a_i_l referred to this as DAEMON; this old usage is now incorrect. Defaults on; turn it off in the Makefile if your system doesn't support the Internet proto- cols. SSMMMM::0088--8866 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee NETISO If set, support for ISO protocol network- ing is compiled in (it may be appropriate to #define this in the Makefile instead of conf.h). LOG If set, the _s_y_s_l_o_g routine in use at some sites is used. This makes an informa- tional log record for each message pro- cessed, and makes a higher priority log record for internal system errors. SSTTRROONNGGLLYY RREECCOOMMMMEENNDDEEDD -- if you want no logging, turn it off in the configuration file. MATCHGECOS Compile in the code to do ``fuzzy match- ing'' on the GECOS field in /etc/passwd. This also requires that the MMaattcchhGGEECCOOSS option be turned on. NAMED_BIND Compile in code to use the Berkeley Inter- net Name Domain (BIND) server to resolve TCP/IP host names. NOTUNIX If you are using a non-UNIX mail format, you can set this flag to turn off special processing of UNIX-style "From " lines. QUEUE This flag should be set to compile in the queueing code. If this is not set, mail- ers must accept the mail immediately or it will be returned to the sender. SMTP If set, the code to handle user and server SMTP will be compiled in. This is only necessary if your machine has some mailer that speaks SMTP (this means most machines everywhere). USERDB Include the eexxppeerriimmeennttaall Berkeley user information database package. This adds a new level of local name expansion between aliasing and forwarding. It also uses the NEWDB package. This may change in future releases. The following options are normally turned on in per- operating-system clauses in conf.h. IDENTPROTO Compile in the IDENT protocol as defined in RFC 1413. This defaults on for all systems except Ultrix, which apparently has the interesting "feature" that when it receives a "host unreachable" message it SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--8877 closes all open connections to that host. Since some firewall gateways send this error code when you access an unauthorized port (such as 113, used by IDENT), Ultrix cannot receive email from such hosts. SYSTEM5 Set all of the compilation parameters appropriate for System V. HASFLOCK Use Berkeley-style fflloocckk instead of System V lloocckkff to do file locking. Due to the highly unusual semantics of locks across forks in lloocckkff, this should always be used if at all possible. HASINITGROUPS Set this if your system has the _i_n_i_t_- _g_r_o_u_p_s_(_) call (if you have multiple group support). This is the default if SYSTEM5 is _n_o_t defined or if you are on HPUX. HASUNAME Set this if you have the _u_n_a_m_e(2) system call (or corresponding library routine). Set by default if SYSTEM5 is set. HASGETDTABLESIZE Set this if you have the _g_e_t_d_t_a_b_l_e_s_i_z_e(2) system call. HASWAITPID Set this if you have the _h_a_s_w_a_i_t_p_i_d(2) system call. SFS_TYPE The mechanism that can be used to get file system capacity information. The values can be one of SFS_USTAT (use the ustat(2) syscall), SFS_4ARGS (use the four argument statfs(2) syscall), SFS_VFS (use the two argument statfs(2) syscall including <sys/vfs.h>), SFS_MOUNT (use the two argu- ment statfs(2) syscall including <sys/mount.h>), SFS_STATFS (use the two argument statfs(2) syscall including <sys/statfs.h>), SFS_STATVFS (use the two argument statfs(2) syscall including <sys/statvfs.h>), or SFS_NONE (no way to get this information). LA_TYPE The load average type. Details are described below. The are several built-in ways of computing the load average. _S_e_n_d_m_a_i_l tries to auto-configure them based on imperfect guesses; you can select one using the _c_c SSMMMM::0088--8888 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee option --DDLLAA__TTYYPPEE==_t_y_p_e, where _t_y_p_e is: LA_INT The kernel stores the load average in the kernel as an array of long integers. The actual values are scaled by a factor FSCALE (default 256). LA_SHORT The kernel stores the load average in the kernel as an array of short integers. The actual values are scaled by a factor FSCALE (default 256). LA_FLOAT The kernel stores the load average in the kernel as an array of double precision floats. LA_MACH Use MACH-style load averages. LA_SUBR Call the _g_e_t_l_o_a_d_a_v_g routine to get the load average as an array of doubles. LA_ZERO Always return zero as the load average. This is the fallback case. If type LA_INT, LA_SHORT, or LA_FLOAT is specified, you may also need to specify _PATH_UNIX (the path to your system binary) and LA_AVENRUN (the name of the variable containing the load average in the kernel; usually "_avenrun" or "avenrun"). 66..33.. CCoonnffiigguurraattiioonn iinn ssrrcc//ccoonnff..cc The following changes can be made in conf.c. 66..33..11.. BBuuiilltt--iinn HHeeaaddeerr SSeemmaannttiiccss Not all header semantics are defined in the configuration file. Header lines that should only be included by certain mailers (as well as other more obscure semantics) must be specified in the _H_d_r_I_n_f_o table in _c_o_n_f_._c. This table contains the header name (which should be in all lower case) and a set of header control flags (described below), The flags are: H_ACHECK Normally when the check is made to see if a header line is compatible with a mailer, _s_e_n_d_m_a_i_l will not delete an existing line. If this flag is set, _s_e_n_d_m_a_i_l will delete even existing header lines. That is, if this bit is set and the mailer does not have flag bits set that intersect with the SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--8899 required mailer flags in the header definition in sendmail.cf, the header line is _a_l_w_a_y_s deleted. H_EOH If this header field is set, treat it like a blank line, i.e., it will signal the end of the header and the beginning of the message text. H_FORCE Add this header entry even if one existed in the message before. If a header entry does not have this bit set, _s_e_n_d_m_a_i_l will not add another header line if a header line of this name already existed. This would nor- mally be used to stamp the message by everyone who handled it. H_TRACE If set, this is a timestamp (trace) field. If the number of trace fields in a message exceeds a preset amount the message is returned on the assump- tion that it has an aliasing loop. H_RCPT If set, this field contains recipient addresses. This is used by the --tt flag to determine who to send to when it is collecting recipients from the message. H_FROM This flag indicates that this field specifies a sender. The order of these fields in the _H_d_r_I_n_f_o table specifies _s_e_n_d_m_a_i_l's preference for which field to return error messages to. H_ERRORSTO Addresses in this header should receive error messages. H_CTE This header is a Content-Transfer- Encoding header. H_CTYPE This header is a Content-Type header. H_STRIPVAL Strip the value from the header (for Bcc:). Let's look at a sample _H_d_r_I_n_f_o specification: SSMMMM::0088--9900 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee struct hdrinfo HdrInfo[] = { /* originator fields, most to least significant */ "resent-sender", H_FROM, "resent-from", H_FROM, "sender", H_FROM, "from", H_FROM, "full-name", H_ACHECK, "errors-to", H_FROM|H_ERRORSTO, /* destination fields */ "to", H_RCPT, "resent-to", H_RCPT, "cc", H_RCPT, "bcc", H_RCPT|H_STRIPVAL, /* message identification and control */ "message", H_EOH, "text", H_EOH, /* trace fields */ "received", H_TRACE|H_FORCE, /* miscellaneous fields */ "content-transfer-encoding", H_CTE, "content-type", H_CTYPE, NULL, 0, }; This structure indicates that the "To:", "Resent- To:", and "Cc:" fields all specify recipient addresses. Any "Full-Name:" field will be deleted unless the required mailer flag (indicated in the configuration file) is specified. The "Message:" and "Text:" fields will terminate the header; these are used by random dissenters around the network world. The "Received:" field will always be added, and can be used to trace messages. There are a number of important points here. First, header fields are not added automatically just because they are in the _H_d_r_I_n_f_o structure; they must be specified in the configuration file in order to be added to the message. Any header fields mentioned in the configuration file but not mentioned in the _H_d_r_I_n_f_o structure have default processing performed; that is, they are added unless they were in the message already. Second, the _H_d_r_I_n_f_o structure only specifies cliched pro- cessing; certain headers are processed specially by ad hoc code regardless of the status specified in _H_d_r_I_n_f_o. For example, the "Sender:" and "From:" fields are always scanned on ARPANET mail to deter- SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--9911 mine the sender22; this is used to perform the "return to sender" function. The "From:" and "Full-Name:" fields are used to determine the full name of the sender if possible; this is stored in the macro $$xx and used in a number of ways. 66..33..22.. RReessttrriiccttiinngg UUssee ooff EEmmaaiill If it is necessary to restrict mail through a relay, the _c_h_e_c_k_c_o_m_p_a_t routine can be modified. This routine is called for every recipient address. It returns an exit status indicating the status of the message. The status EX_OK accepts the address, EX_TEMPFAIL queues the message for a later try, and other values (commonly EX_UNAVAILABLE) reject the message. It is up to _c_h_e_c_k_c_o_m_p_a_t to print an error message (using _u_s_r_e_r_r) if the message is rejected. For example, _c_h_e_c_k_c_o_m_p_a_t could read: int checkcompat(to, e) register ADDRESS *to; register ENVELOPE *e; { register STAB *s; s = stab("private", ST_MAILER, ST_FIND); if (s != NULL && e->e_from.q_mailer != LocalMailer && to->q_mailer == s->s_mailer) { usrerr("No private net mail allowed through this machine"); return (EX_UNAVAILABLE); } if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to->q_mailer)) { usrerr("Message too large for non-local delivery"); e->e_flags |= EF_NORETURN; return (EX_UNAVAILABLE); } return (EX_OK); } This would reject messages greater than 50000 bytes unless they were local. The _E_F___N_O_R_E_T_U_R_N flag can be set in _e_-_>_e___f_l_a_g_s to suppress the return of the actual body of the message in the error return. The actual use of this routine is highly dependent on the implementation, and use should be limited. ____________________ 22Actually, this is no longer true in SMTP; this informa- tion is contained in the envelope. The older ARPANET proto- cols did not completely distinguish envelope from header. SSMMMM::0088--9922 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 66..33..33.. LLooaadd AAvveerraaggee CCoommppuuttaattiioonn The routine _g_e_t_l_a should return an approxima- tion of the current system load average as an inte- ger. There are several versions included on compi- lation flags as described above. 66..33..44.. NNeeww DDaattaabbaassee MMaapp CCllaasssseess New key maps can be added by creating a class initialization function and a lookup function. These are then added to the routine _s_e_t_u_p_m_a_p_s_. The initialization function is called as _x_x_x_map_init(MAP *map, char *mapname, char *args) The _m_a_p is an internal data structure. The _m_a_p_n_a_m_e is the name of the map (used for error messages). The _a_r_g_s is a pointer to the rest of the configura- tion file line; flags and filenames can be extracted from this line. The initialization func- tion must return TRUE if it successfully opened the map, FALSE otherwise. The lookup function is called as _x_x_x_map_lookup(MAP *map, char buf[], int bufsize, char **av, int *statp) The _m_a_p defines the map internally. The parameters _b_u_f and _b_u_f_s_i_z_e have the input key. This may be (and often is) used destructively. The _a_v is a list of arguments passed in from the rewrite line. The lookup function should return a pointer to the new value. IF the map lookup fails, _*_s_t_a_t_p should be set to an exit status code; in particular, it should be set to EX_TEMPFAIL if recovery is to be attempted by the higher level code. 66..33..55.. QQuueeuueeiinngg FFuunnccttiioonn The routine _s_h_o_u_l_d_q_u_e_u_e is called to decide if a message should be queued or processed immedi- ately. Typically this compares the message prior- ity to the current load average. The default defi- nition is: SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--9933 bool shouldqueue(pri, ctime) long pri; time_t ctime; { if (CurrentLA < QueueLA) return (FALSE); return (pri > (QueueFactor / (CurrentLA - QueueLA + 1))); } If the current load average (global variable _C_u_r_- _r_e_n_t_L_A, which is set before this function is called) is less than the low threshold load average (option xx, variable _Q_u_e_u_e_L_A), _s_h_o_u_l_d_q_u_e_u_e returns FALSE immediately (that is, it should _n_o_t queue). If the current load average exceeds the high threshold load average (option XX, variable _R_e_f_u_s_e_L_A), _s_h_o_u_l_d_q_u_e_u_e returns TRUE immediately. Otherwise, it computes the function based on the message priority, the queue factor (option qq, global variable _Q_u_e_u_e_F_a_c_t_o_r), and the current and threshold load averages. An implementation wishing to take the actual age of the message into account can also use the _c_t_i_m_e parameter, which is the time that the message was first submitted to _s_e_n_d_m_a_i_l. Note that the _p_r_i parameter is already weighted by the number of times the message has been tried (although this tends to lower the priority of the message with time); the expectation is that the _c_t_i_m_e would be used as an "escape clause" to ensure that messages are eventually processed. 66..33..66.. RReeffuussiinngg IInnccoommiinngg SSMMTTPP CCoonnnneeccttiioonnss The function _r_e_f_u_s_e_c_o_n_n_e_c_t_i_o_n_s returns TRUE if incoming SMTP connections should be refused. The current implementation is based exclusively on the current load average and the refuse load average option (option XX, global variable _R_e_f_u_s_e_L_A): bool refuseconnections() { return (CurrentLA >= RefuseLA); } A more clever implementation could look at more system resources. SSMMMM::0088--9944 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 66..33..77.. LLooaadd AAvveerraaggee CCoommppuuttaattiioonn The routine _g_e_t_l_a returns the current load average (as a rounded integer). The distribution includes several possible implementations. If you are porting to a new environment you may need to add some new tweaks.23 66..44.. CCoonnffiigguurraattiioonn iinn ssrrcc//ddaaeemmoonn..cc The file _s_r_c_/_d_a_e_m_o_n_._c contains a number of rou- tines that are dependent on the local networking envi- ronment. The version supplied assumes you have BSD style sockets. In previous releases, we recommended that you modify the routine _m_a_p_h_o_s_t_n_a_m_e if you wanted to gener- alize $$[[ ... $$]] lookups. We now recommend that you create a new keyed map instead. 77.. CCHHAANNGGEESS IINN VVEERRSSIIOONN 88 The following summarizes changes since the last com- monly available version of _s_e_n_d_m_a_i_l (5.67). For a detailed list, consult the file RELEASE_NOTES in the root directory of the _s_e_n_d_m_a_i_l distribution. 77..11.. CCoonnnneeccttiioonn CCaacchhiinngg Instead of closing SMTP connections immediately, those connections are cached for possible future use. The advent of MX records made this effective for mail- ing lists; in addition, substantial performance improvements can be expected for queue processing. 77..22.. MMXX PPiiggggyybbaacckkiinngg If two hosts with different names in a single message happen to have the same set of MX hosts, they can be sent in the same transaction. Version 8 notices this and tries to batch the messages. 77..33.. RRFFCC 11112233 CCoommpplliiaannccee A number of changes have been made to make _s_e_n_d_- _m_a_i_l "conditionally compliant" (that is, _s_e_n_d_m_a_i_l sat- isfies all of the "MUST" clauses and most but not all of the "SHOULD" clauses in RFC 1123). ____________________ 23If you do, please send updates to send- mail@CS.Berkeley.EDU. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--9955 The major areas of change are (numbers are RFC 1123 section numbers): 5.2.7 Response to RCPT command is fast. 5.2.8 Numeric IP addresses are logged in Received: lines. 5.2.17 Self domain literal is properly handled. 5.3.2 Better control over individual timeouts. 5.3.3 Error messages are sent as "From:<>". 5.3.3 Error messages are never sent to "<>". 5.3.3 Route-addrs are pruned. The areas in which _s_e_n_d_m_a_i_l is not "unconditionally compliant" are: 5.2.6 _S_e_n_d_m_a_i_l does do header munging. 5.2.10 _S_e_n_d_m_a_i_l doesn't always use the exact SMTP message text as listed in RFC 821. 5.3.1.1 _S_e_n_d_m_a_i_l doesn't guarantee only one connect for each host in queue runs. 5.3.1.1 _S_e_n_d_m_a_i_l doesn't always provide adequate con- currency limits. 77..44.. EExxtteennddeedd SSMMTTPP SSuuppppoorrtt Version 8 includes both sending and receiving support for Extended SMTP support as defined by RFC 1651 (basic) and RFC 1653 (SIZE); and limited support for RFC 1652 (BODY). 77..55.. EEiigghhtt--BBiitt CClleeaann Previous versions of _s_e_n_d_m_a_i_l used the 0200 bit for quoting. This version avoids that use. However, for compatibility with RFC 822, you can set option `7' to get seven bit stripping. Individual mailers can still produce seven bit output using the `7' mailer flag. 77..66.. UUsseerr DDaattaabbaassee The user database is an as-yet experimental attempt to provide unified large-site name support. SSMMMM::0088--9966 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee We are installing it at Berkeley; future versions may show significant modifications. 77..77.. IImmpprroovveedd BBIINNDD SSuuppppoorrtt The BIND support, particularly for MX records, had a number of annoying "features" which have been removed in this release. In particular, these more tightly bind (pun intended) the name server to _s_e_n_d_- _m_a_i_l, so that the name server resolution rules are incorporated directly into sseennddmmaaiill. 77..88.. KKeeyyeedd FFiilleess Generalized keyed files is an idea taken directly from IDA _s_e_n_d_m_a_i_l (albeit with a completely different implementation). They can be useful on large sites. Version 8 also understands YP. 77..99.. MMuullttii--WWoorrdd CCllaasssseess Classes can now be multiple words. For example, CShofmann.CS.Berkeley.EDU allows you to match the entire string "hof- mann.CS.Berkeley.EDU" using the single construct "$=S". 77..1100.. DDeeffeerrrreedd MMaaccrroo EExxppaannssiioonn The $$&&_x construct has been adopted from IDA. 77..1111.. IIDDEENNTT PPrroottooccooll SSuuppppoorrtt The IDENT protocol as defined in RFC 1413 is sup- ported. 77..1122.. PPaarrssiinngg BBuugg FFiixxeess A number of small bugs having to do with things like backslash-escaped quotes inside of comments have been fixed. 77..1133.. SSeeppaarraattee EEnnvveellooppee//HHeeaaddeerr PPrroocceessssiinngg Since the From: line is passed in separately from the envelope sender, these have both been made visi- ble; the $$gg macro is set to the envelope sender during processing of mailer argument vectors and the header sender during processing of headers. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--9977 It is also possible to specify separate per- mailer envelope and header processing. The SSender- RWSet and RRecipientRWset arguments for mailers can be specified as _e_n_v_e_l_o_p_e_/_h_e_a_d_e_r to give different rewrit- ings for envelope versus header addresses. 77..1144.. OOwwnneerr--LLiisstt PPrrooppaaggaatteess ttoo EEnnvveellooppee When an alias has an associated owner-list name, that alias is used to change the envelope sender address. This will cause downstream errors to be returned to that owner. 77..1155.. DDyynnaammiicc HHeeaaddeerr AAllllooccaattiioonn The fixed size limit on header lines has been eliminated. 77..1166.. NNeeww CCoommmmaanndd LLiinnee FFllaaggss The --BB flag has been added to pass in body type information. The --pp flag has been added to pass in protocol information. The --XX flag has been added to allow logging of all protocol in and out of _s_e_n_d_m_a_i_l for debugging. The --OO flag simplies setting long-form options. 77..1177.. EEnnhhaanncceedd CCoommmmaanndd LLiinnee FFllaaggss The --qq flag can limit limit a queue run to spe- cific recipients, senders, or queue ids using --qqRR_s_u_b_- _s_t_r_i_n_g,, --qqSS_s_u_b_s_t_r_i_n_g,, oorr --qqII_s_u_b_s_t_r_i_n_g rreessppeeccttiivveellyy.. 77..1188.. NNeeww aanndd OOlldd CCoonnffiigguurraattiioonn LLiinnee TTyyppeess The KK line has been added to declare database maps. The VV line has been added to declare the configu- ration version level. The MM line has a "D=" field that lets you change into a temporary directory while that mailer is run- ning. It also has a "U=" field to allow you to set the user and group id to be used when running the mailer. SSMMMM::0088--9988 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 77..1199.. NNeeww OOppttiioonnss Several new options have been added, many to sup- port new features, others to allow tuning that was previously available only by recompiling. They are described in detail in Section 5.1.5. Briefly, b Insist on a minimum number of disk blocks. C Set checkpoint interval. E Default error message. G Enable GECOS matching. h Maximum hop count. j Send errors in MIME-encapsulated format. J Forward file path. k Connection cache size K Connection cache lifetime. l Enable Errors-To: header. These headers violate RFC 1123; this option is included to provide back compatibility with old versions of _s_e_n_d_m_a_i_l. O Set incoming SMTP daemon options, such as an alternate SMTP port. p Privacy options. R Don't prune route-addrs. U User database spec. V Fallback "MX" host. w "Best MX" handling technique. 7 Do not run eight bit clean. 8 Eight bit data handling mode. 77..2200.. EExxtteennddeedd OOppttiioonnss The rr (read timeout), II (use BIND), and TT (queue timeout) options have been extended to pass in more information. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--9999 77..2211.. NNeeww MMaaiilleerr FFllaaggss Several new mailer flags have been added. a Try to use ESMTP when creating a connection. If this is not set, _s_e_n_d_m_a_i_l will still try if the other end hints that it knows about ESMTP in its greeting message; this flag says to try even if it doesn't hint. If the EHLO (extended hello) command fails, _s_e_n_d_m_a_i_l falls back to old SMTP. A Try the user part of addresses for this mailer as aliases. b Ensure that there is a blank line at the end of all messages. c Strip all comments from addresses; this should only be used as a last resort when dealing with cranky mailers. g Never use the null sender as the envelope sender, even when running SMTP. Although this violates RFC 1123, it may be necessary when you must deal with some obnoxious old hosts. k Turn off the loopback check in the HELO protocol; doing this may cause mailer loops. o Always run the mailer as the recipient of the message. w This user should have a passwd file entry. 5 Try ruleset 5 if no local aliases. 7 Strip all output to 7 bits. : Check for :include: files. | Check for |program addresses. / Check for /file addresses. @ Check this user against the user database. 77..2222.. LLoonngg OOppttiioonn NNaammeess All options can be specified using long names, and some new options can only be specified with long names. SSMMMM::0088--110000 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 77..2233.. NNeeww PPrree--DDeeffiinneedd MMaaccrrooss The following macros are pre-defined: $k The UUCP node name, nominally from _u_n_a_m_e(2) call. $m The domain part of our full hostname. $_ The RFC 1413-provided sender address. 77..2244.. NNeeww LLHHSS TTookkeenn Version 8 allows $$@@ on the Left Hand Side of an "R" line to match zero tokens. This is intended to be used to match the null input. 77..2255.. BBiiggggeerr DDeeffaauullttss Version 8 allows up to 100 rulesets instead of 30. It is recommended that rulesets 0-9 be reserved for _s_e_n_d_m_a_i_l's dedicated use in future releases. The total number of MX records that can be used has been raised to 20. The number of queued messages that can be handled at one time has been raised from 600 to 1000. 77..2266.. DDiiffffeerreenntt DDeeffaauulltt TTuunniinngg PPaarraammeetteerrss Version 8 has changed the default parameters for tuning queue costs to make the number of recipients more important than the size of the message (for small messages). This is reasonable if you are connected with reasonably fast links. 77..2277.. AAuuttoo--QQuuoottiinngg iinn AAddddrreesssseess Previously, the "Full Name <email address>" syn- tax would generate incorrect protocol output if "Full Name" had special characters such as dot. This ver- sion puts quotes around such names. 77..2288.. SSyymmbboolliicc NNaammeess OOnn EErrrroorr MMaaiilleerr Several names have been built in to the $@ por- tion of the $#error mailer. 77..2299.. SSMMTTPP VVRRFFYY DDooeessnn''tt EExxppaanndd Previous versions of _s_e_n_d_m_a_i_l treated VRFY and EXPN the same. In this version, VRFY doesn't expand aliases or follow .forward files. EXPN still does. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--110011 As an optimization, if you run with your default delivery mode being queue-only or deliver-in- background, the RCPT command will also not chase aliases and .forward files. It will chase them when it processes the queue. 77..3300.. [[IIPPCC]] MMaaiilleerrss AAllllooww MMuullttiippllee HHoossttss When an address resolves to a mailer that has "[IPC]" as its "Path", the $@ part (host name) can be a colon-separated list of hosts instead of a single hostname. This asks _s_e_n_d_m_a_i_l to search the list for the first entry that is available exactly as though it were an MX record. The intent is to route internal traffic through internal networks without publishing an MX record to the net. MX expansion is still done on the individual items. 77..3311.. AAlliiaasseess EExxtteennddeedd The implementation has been merged with maps. Among other things, this supports NIS-based aliases. 77..3322.. PPoorrttaabbiilliittyy aanndd SSeeccuurriittyy EEnnhhaanncceemmeennttss A number of internal changes have been made to enhance portability. Several fixes have been made to increase the paranoia factor. 77..3333.. MMiisscceellllaanneeoouuss CChhaannggeess _S_e_n_d_m_a_i_l writes a _/_e_t_c_/_s_e_n_d_m_a_i_l_._p_i_d file with the current process id of the SMTP daemon. Two people using the same program in their .for- ward file are considered different so that duplicate elimination doesn't delete one of them. The _m_a_i_l_s_t_a_t_s program prints mailer names and gets the location of the _s_e_n_d_m_a_i_l_._s_t file from _/_e_t_c_/_s_e_n_d_m_a_i_l_._c_f. Many minor bugs have been fixed, such as handling of backslashes inside of quotes. A hook (ruleset 5) has been added to allow rewriting of local addresses after aliasing. SSMMMM::0088--110022 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 88.. AACCKKNNOOWWLLEEDDGGEEMMEENNTTSS I've worked on _s_e_n_d_m_a_i_l for many years, and many employers have been remarkably patient about letting me work on a large project that was not part of my official job. This includes time on the INGRES Project at Berke- ley, at Britton Lee, and again on the Mammoth Project at Berkeley. Much of the second wave of improvements should be credited to Bryan Costales of ICSI. As he passed me drafts of his book on _s_e_n_d_m_a_i_l I was inspired to start working on things again. Bryan was also available to bounce ideas off of. Many, many people contributed chunks of code and ideas to _s_e_n_d_m_a_i_l. It has proven to be a group network effort. Version 8 in particular was a group project. The following people made notable contributions: John Beck, Hewlett-Packard Keith Bostic, CSRG, University of California, Berkeley Andrew Cheng, Sun Microsystems Michael J. Corrigan, University of California, San Diego Bryan Costales, International Computer Science Institute Pa..r (Pell) Emanuelsson Craig Everhart, Transarc Corporation Tom Ivar Helbekkmo, Norwegian School of Economics Allan E. Johannesen, WPI Jonathan Kamens, OpenVision Technologies, Inc. Takahiro Kanbe, Fuji Xerox Information Systems Co., Ltd. Brian Kantor, University of California, San Diego Murray S. Kucherawy, HookUp Communication Corp. Bruce Lilly, Sony U.S. Karl London Motonori Nakamura, Ritsumeikan University & Kyoto University John Gardiner Myers, Carnegie Mellon University Neil Rickert, Northern Illinois University Eric Schnoebelen, Convex Computer Corp. Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam Christophe Wolfhugel, Pasteur Institute & Herve Schauer Consultants (Paris) I apologize for anyone I have omitted, misspelled, misat- tributed, or otherwise missed. At this point, I suspect that at least a hundred people have contributed code, and many more have contributed ideas, comments, and encour- agement. I've tried to list them in the RELEASE_NOTES in the distribution directory. I appreciate their contribu- tion as well. Special thanks are reserved for Michael Corrigan and Christophe Wolfhugel, who besides being wonderful guinea pigs and contributors have also consented to be added to SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--110033 the ``sendmail@CS.Berkeley.EDU'' list and, by answering the bulk of the questions sent to that list, have freed me up to do other work. AAPPPPEENNDDIIXX AA CCOOMMMMAANNDD LLIINNEE FFLLAAGGSS Arguments must be presented with flags before addresses. The flags are: -b_x Set operation mode to _x. Operation modes are: m Deliver mail (default) s Speak SMTP on input side a ``Arpanet'' mode (get envelope sender information from header) d Run as a daemon t Run in test mode v Just verify addresses, don't collect or deliver i Initialize the alias database p Print the mail queue -B_t_y_p_e Indicate body type. -C_f_i_l_e Use a different configuration file. _S_e_n_d_m_a_i_l runs as the invoking user (rather than root) when this flag is specified. -d_l_e_v_e_l Set debugging level. -f _a_d_d_r The sender's machine address is _a_d_d_r. -F_n_a_m_e Sets the full name of this user to _n_a_m_e. -h _c_n_t Sets the "hop count" to _c_n_t. This represents the number of times this message has been processed by _s_e_n_d_m_a_i_l (to the extent that it is supported by the underlying networks). _C_n_t is incremented dur- ing processing, and if it reaches MAXHOP (cur- rently 30) _s_e_n_d_m_a_i_l throws away the message with an error. -n Don't do aliasing or forwarding. -r _a_d_d_r An obsolete form of --ff. -o_x_v_a_l_u_e Set option _x to the specified _v_a_l_u_e. These options are described in Appendix B. ____________________ Deprecated. SSMMMM::0088--110044 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--110055 -O_o_p_t_i_o_n==_v_a_l_u_e Set _o_p_t_i_o_n to the specified _v_a_l_u_e (for long form option names). -M_x_v_a_l_u_e _S_e_t _m_a_c_r_o _x _t_o _t_h_e _s_p_e_c_i_f_i_e_d _v_a_l_u_e_. -p_p_r_o_t_o_c_o_l Set the sending protocol. Programs are encouraged to set this. The protocol field can be in the form _p_r_o_t_o_c_o_l::_h_o_s_t to set both the sending proto- col and sending host. For example, "-pUUCP:uunet" sets the sending protocol to UUCP and the sending host to uunet. (Some existing programs use -oM to set the r and s macros; this is equivalent to using -p.) -q_t_i_m_e Try to process the queued up mail. If the time is given, a _s_e_n_d_m_a_i_l will run through the queue at the specified interval to deliver queued mail; otherwise, it only runs once. -q_X_s_t_r_i_n_g Run the queue once, limiting the jobs to those matching _X_s_t_r_i_n_g. The key letter _X can be II to limit based on queue identifier, RR to limit based on recipient, or SS to limit based on sender. A particular queued job is accepted if one of the corresponding addresses contains the indicated _s_t_r_i_n_g. -t Read the header for "To:", "Cc:", and "Bcc:" lines, and send to everyone listed in those lists. The "Bcc:" line will be deleted before sending. Any addresses in the argument vector will be deleted from the send list. -X _l_o_g_f_i_l_e Log all traffic in and out of _s_e_n_d_m_a_i_l in the indicated _l_o_g_f_i_l_e for debugging mailer problems. This produces a lot of data very quickly and should be used sparingly. There are a number of options that may be specified as primitive flags. These are the e, i, m, and v options. Also, the f option may be specified as the --ss flag. AAPPPPEENNDDIIXX BB QQUUEEUUEE FFIILLEE FFOORRMMAATTSS This appendix describes the format of the queue files. These files live in the directory defined by the QQ option in the _s_e_n_d_m_a_i_l_._c_f file, usually _/_v_a_r_/_s_p_o_o_l_/_m_q_u_e_u_e or _/_u_s_r_/_s_p_o_o_l_/_m_q_u_e_u_e. All queue files have the name _xff_A_A_A_9_9_9_9_9 where _A_A_A_9_9_9_9_9 is the _i_d for this message and the _x is a type. The first letter of the id encodes the hour of the day that the mes- sage was received by the system (with A being the hour between midnight and 1:00AM). All files with the same id collectively define one message. The types are: d The data file. The message body (excluding the header) is kept in this file. q The queue control file. This file contains the infor- mation necessary to process the job. t A temporary file. These are an image of the qqff file when it is being rebuilt. It should be renamed to a qqff file very quickly. x A transcript file, existing during the life of a ses- sion showing everything that happens during that ses- sion. The qqff file is structured as a series of lines each beginning with a code letter. The lines are as follows: V The version number of the queue file format, used to allow new _s_e_n_d_m_a_i_l binaries to read queue files created by older versions. Defaults to version zero. Must be the first line of the file if present. H A header definition. There may be any number of these lines. The order is important: they represent the order in the final message. These use the same syntax as header definitions in the configuration file. C The controlling address. The syntax is "localuser:aliasname". Recipient addresses following this line will be flagged so that deliveries will be run as the _l_o_c_a_l_u_s_e_r (a user name from the /etc/passwd SSMMMM::0088--110066 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--110077 file); _a_l_i_a_s_n_a_m_e is the name of the alias that expanded to this address (used for printing messages). Q The ``original recipient'', specified by the ORCPT= field in an ESMTP transaction. Used exclusively for Delivery Status Notifications. It applies only to the immediately following `R' line. R A recipient address. This will normally be completely aliased, but is actually realiased when the job is pro- cessed. There will be one line for each recipient. Version 1 qf files also include a leading colon- terminated list of flags, which can be `S' to return a message on successful final delivery, `F' to return a message on failure, `D' to return a message if the mes- sage is delayed, `B' to indicate that the body should be returned, `N' to suppress returning the body, and `P' to declare this as a ``primary'' (command line or SMTP-session) address. S The sender address. There may only be one of these lines. T The job creation time. This is used to compute when to time out the job. P The current message priority. This is used to order the queue. Higher numbers mean lower priorities. The priority changes as the message sits in the queue. The initial priority depends on the message class and the size of the message. M A message. This line is printed by the _m_a_i_l_q command, and is generally used to store status information. It can contain any text. F Flag bits, represented as one letter per flag. Defined flag bits are rr indicating that this is a response mes- sage and ww indicating that a warning message has been sent announcing that the mail has been delayed. N The total number of delivery attempts. K The time (as seconds since January 1, 1970) of the last delivery attempt. I The i-number of the data file; this can be used to recover your mail queue after a disastrous disk crash. $ A macro definition. The values of certain macros (as of this writing, only $$rr and $$ss) are passed through to the queue run phase. SSMMMM::0088--110088 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee B The body type. The remainder of the line is a text string defining the body type. If this field is miss- ing, the body type is assumed to be "undefined" and no special processing is attempted. Legal values are "7BIT" and "8BITMIME". O The original MTS value (from the ESMTP transaction). For Deliver Status Notifications only. Z The original envelope id (from the ESMTP transaction). For Deliver Status Notifications only. As an example, the following is a queue file sent to "eric@mammoth.Berkeley.EDU" and "bostic@okeeffe.CS.Berkeley.EDU"1: P835771 T404261372 Seric Ceric:sendmail@vangogh.CS.Berkeley.EDU Reric@mammoth.Berkeley.EDU Rbostic@okeeffe.CS.Berkeley.EDU H?P?return-path: <owner-sendmail@vangogh.CS.Berkeley.EDU> Hreceived: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703; Fri, 17 Jul 92 00:28:55 -0700 Hreceived: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06698; Fri, 17 Jul 92 00:28:54 -0700 Hreceived: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5) id AA22777; Fri, 17 Jul 92 03:29:14 -0400 Hreceived: by foo.bar.baz.de (5.57/Ultrix3.0-C) id AA22757; Fri, 17 Jul 92 09:31:25 GMT H?F?from: eric@foo.bar.baz.de (Eric Allman) H?x?full-name: Eric Allman Hmessage-id: <9207170931.AA22757@foo.bar.baz.de> HTo: sendmail@vangogh.CS.Berkeley.EDU Hsubject: this is an example message This shows the person who sent the message, the submission time (in seconds since January 1, 1970), the message prior- ity, the message class, the recipients, and the headers for the message. ____________________ 1This example is contrived and probably inaccurate for your environment. Glance over it to get an idea; nothing can replace looking at what your own system generates. AAPPPPEENNDDIIXX CC SSUUMMMMAARRYY OOFF SSUUPPPPOORRTT FFIILLEESS This is a summary of the support files that _s_e_n_d_m_a_i_l creates or generates. Many of these can be changed by edit- ing the sendmail.cf file; check there to find the actual pathnames. /usr/sbin/sendmail The binary of _s_e_n_d_m_a_i_l. /usr/bin/newaliases A link to /usr/sbin/sendmail; causes the alias database to be rebuilt. Running this program is completely equivalent to giving _s_e_n_d_m_a_i_l the --bbii flag. /usr/bin/mailq Prints a listing of the mail queue. This program is equivalent to using the --bbpp flag to _s_e_n_d_m_a_i_l. /etc/sendmail.cf The configuration file, in textual form. /usr/lib/sendmail.hf The SMTP help file. /etc/sendmail.st A statistics file; need not be present. /etc/sendmail.pid Created in daemon mode; it contains the process id of the current SMTP daemon. If you use this in scripts; use ``head -1'' to get just the first line; later versions of _s_e_n_d_m_a_i_l may add informa- tion to subsequent lines. /etc/aliases The textual version of the alias file. /etc/aliases.{pag,dir} The alias file in _d_b_m(3) format. /var/spool/mqueue The directory in which the mail queue and tempo- rary files reside. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--110099 SSMMMM::0088--111100 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee /var/spool/mqueue/qf* Control (queue) files for messages. /var/spool/mqueue/df* Data files. /var/spool/mqueue/tf* Temporary versions of the qf files, used during queue file rebuild. /var/spool/mqueue/xf* A transcript of the current session. SSMMMM::0088--22 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee This page intentionally left blank; replace it with a blank sheet for double-sided output. SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--33 TABLE OF CONTENTS 1. BASIC INSTALLATION ................................ 7 1.1. Compiling Sendmail ........................... 7 1.1.1. Tweaking the Makefile ................... 7 1.1.2. Compilation and installation ............ 8 1.2. Configuration Files .......................... 9 1.3. Details of Installation Files ................ 11 1.3.1. /usr/sbin/sendmail ...................... 11 1.3.2. /etc/sendmail.cf ........................ 12 1.3.3. /usr/bin/newaliases ..................... 12 1.3.4. /var/spool/mqueue ....................... 12 1.3.5. /etc/aliases* ........................... 12 1.3.6. /etc/rc ................................. 13 1.3.7. /usr/lib/sendmail.hf .................... 15 1.3.8. /etc/sendmail.st ........................ 15 1.3.9. /usr/bin/mailq .......................... 15 2. NORMAL OPERATIONS ................................. 15 2.1. The System Log ............................... 15 2.1.1. Format .................................. 15 2.1.2. Levels .................................. 17 2.2. Dumping State ................................ 17 2.3. The Mail Queue ............................... 17 2.3.1. Printing the queue ...................... 18 2.3.2. Forcing the queue ....................... 18 2.4. The Service Switch ........................... 19 2.5. The Alias Database ........................... 20 2.5.1. Rebuilding the alias database ........... 21 2.5.2. Potential problems ...................... 22 2.5.3. List owners ............................. 22 2.6. User Information Database .................... 23 2.7. Per-User Forwarding (.forward Files) ......... 23 2.8. Special Header Lines ......................... 23 2.8.1. Errors-To: .............................. 24 2.8.2. Apparently-To: .......................... 24 2.8.3. Precedence .............................. 24 2.9. IDENT Protocol Support ....................... 24 3. ARGUMENTS ......................................... 25 3.1. Queue Interval ............................... 26 3.2. Daemon Mode .................................. 26 3.3. Forcing the Queue ............................ 26 3.4. Debugging .................................... 27 3.5. Changing the Values of Options ............... 27 3.6. Trying a Different Configuration File ........ 28 3.7. Logging Traffic .............................. 28 3.8. Testing Configuration Files .................. 28 4. TUNING ............................................ 30 4.1. Timeouts ..................................... 30 4.1.1. Queue interval .......................... 30 4.1.2. Read timeouts ........................... 30 4.1.3. Message timeouts ........................ 32 4.2. Forking During Queue Runs .................... 33 4.3. Queue Priorities ............................. 33 SSMMMM::0088--44 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee 4.4. Load Limiting ................................ 34 4.5. Delivery Mode ................................ 35 4.6. Log Level .................................... 35 4.7. File Modes ................................... 36 4.7.1. To suid or not to suid? ................ 36 4.7.2. Should my alias database be writable? .............................................. 37 4.8. Connection Caching ........................... 37 4.9. Name Server Access ........................... 38 4.10. Moving the Per-User Forward Files ........... 39 4.11. Free Space .................................. 40 4.12. Maximum Message Size ........................ 40 4.13. Privacy Flags ............................... 40 4.14. Send to Me Too .............................. 41 5. THE WHOLE SCOOP ON THE CONFIGURATION FILE ......... 41 5.1. R and S -- Rewriting Rules ................... 41 5.1.1. The left hand side ...................... 42 5.1.2. The right hand side ..................... 43 5.1.3. Semantics of rewriting rule sets ........ 45 5.1.4. IPC mailers ............................. 46 5.2. D -- Define Macro ............................ 47 5.3. C and F -- Define Classes .................... 51 5.4. M -- Define Mailer ........................... 53 5.5. H -- Define Header ........................... 58 5.6. O -- Set Option .............................. 59 5.7. P -- Precedence Definitions .................. 73 5.8. V -- Configuration Version Level ............. 73 5.9. K -- Key File Declaration .................... 75 5.10. The User Database ........................... 80 5.10.1. Structure of the user database ......... 80 5.10.2. User database semantics ................ 81 5.10.3. Creating the database21 ................ 82 6. OTHER CONFIGURATION ............................... 83 6.1. Parameters in src/Makefile ................... 83 6.2. Parameters in src/conf.h ..................... 84 6.3. Configuration in src/conf.c .................. 88 6.3.1. Built-in Header Semantics ............... 88 6.3.2. Restricting Use of Email ................ 91 6.3.3. Load Average Computation ................ 92 6.3.4. New Database Map Classes ................ 92 6.3.5. Queueing Function ....................... 92 6.3.6. Refusing Incoming SMTP Connections ...... 93 6.3.7. Load Average Computation ................ 94 6.4. Configuration in src/daemon.c ................ 94 7. CHANGES IN VERSION 8 .............................. 94 7.1. Connection Caching ........................... 94 7.2. MX Piggybacking .............................. 94 7.3. RFC 1123 Compliance .......................... 94 7.4. Extended SMTP Support ........................ 95 7.5. Eight-Bit Clean .............................. 95 7.6. User Database ................................ 95 7.7. Improved BIND Support ........................ 96 7.8. Keyed Files .................................. 96 SSeennddmmaaiill IInnssttaallllaattiioonn aanndd OOppeerraattiioonn GGuuiiddee SSMMMM::0088--55 7.9. Multi-Word Classes ........................... 96 7.10. Deferred Macro Expansion .................... 96 7.11. IDENT Protocol Support ...................... 96 7.12. Parsing Bug Fixes ........................... 96 7.13. Separate Envelope/Header Processing ......... 96 7.14. Owner-List Propagates to Envelope ........... 97 7.15. Dynamic Header Allocation ................... 97 7.16. New Command Line Flags ...................... 97 7.17. Enhanced Command Line Flags ................. 97 7.18. New and Old Configuration Line Types ........ 97 7.19. New Options ................................. 98 7.20. Extended Options ............................ 98 7.21. New Mailer Flags ............................ 99 7.22. Long Option Names ........................... 99 7.23. New Pre-Defined Macros ...................... 100 7.24. New LHS Token ............................... 100 7.25. Bigger Defaults ............................. 100 7.26. Different Default Tuning Parameters ......... 100 7.27. Auto-Quoting in Addresses ................... 100 7.28. Symbolic Names On Error Mailer .............. 100 7.29. SMTP VRFY Doesn't Expand .................... 100 7.30. [IPC] Mailers Allow Multiple Hosts .......... 101 7.31. Aliases Extended ............................ 101 7.32. Portability and Security Enhancements ....... 101 7.33. Miscellaneous Changes ....................... 101 8. ACKNOWLEDGEMENTS .................................. 102 Appendix A. COMMAND LINE FLAGS ....................... 104 Appendix B. QUEUE FILE FORMATS ....................... 106 Appendix C. SUMMARY OF SUPPORT FILES ................. 109