There are a number of global options that can be set from a
configuration file. Options are represented by full words;
some are also representable as single characters for backwards
compatibility. The syntax of this line is:
O option=value
This sets option option to be value. Note
that there must be a space between the letter O and the name of
the option. An older version is:
Oo value
where the option o is a single character. Depending on the option, value may be a string, an integer, a boolean (with legal values ``t'', ``T'', ``f'', or ``F''; the default is TRUE), or a time interval.
The options supported (with the old, one character names in brackets) are:
[A] Specify possible alias file(s). Each spec should be in the format class:file where class: is optional and defaults to ``implicit''. Depending on how sendmail is compiled, valid classes are as follows:
If a list of specs are provided, sendmail searches them in order.
[a] If set, wait up to timeout (units default to minutes) for an @:@ entry to exist in the alias database before starting up. If it does not appear in the timeout interval rebuild the database (if the AutoRebuildAliases option is also set) or issue a warning.
[no short name] If set, allow HELO SMTP commands that do not include a host name. Setting this violates RFC1123 section 5.2.5, but is necessary to interoperate with several SMTP clients. If there is a value, it is still checked for legitimacy.
[D] If set, rebuild the alias database if necessary and possible. If this option is not set, sendmail will never rebuild the alias database unless explicitly requested using -bi.
[B] Set the blank substitution character to c. Unquoted spaces in addresses are replaced by this character. Defaults to space (for example, no change is made).
[n] Validate the RHS of aliases when rebuilding the alias database.
[C] Checkpoints the queue every N (default 10) addresses sent. If your system crashes during delivery to a large list, this prevents retransmission to any but the last N recipients.
[z] The indicated factor is multiplied by the message class
(determined by the Precedence:
field in the user header
and the P lines in the configuration file) and subtracted
from the priority. Thus, messages with a higher Priority:
will be favored. Defaults to 1800.
[O] Set client SMTP options. The options are key=value pairs separated by commas. Known keys are:
Port | Name/number of source port for connection (defaults to any free port) |
Addr | Address mask (defaults to INADDR_ANY) |
Family | Address family (defaults to INET) |
SndBufSize | Size of TCP/IP send buffer |
RcvBufSize | Size of TCP/IP receive buffer |
Modifier | Options (flags) for the daemon |
h | use name of interface for HELO command |
Connection
parameter or
the default) is used for the HELO/EHLO command.
[no short name] If set, colons are acceptable in email addresses (for example, host:user). If not set, colons indicate the beginning of a RFC822 group construct (groupname: member1, member2, ... memberN;). Doubled colons are always acceptable (nodename::user) and proper route-addr nesting is understood (<@relay:user@host>). Furthermore, this option defaults on if the configuration version level is less than 6 (for backwards compatibility). However, it must be off for full compatibility with RFC822.
[k] The maximum number of open connections that will be cached at a time. The default is one. This delays closing the current connection until either this invocation of sendmail needs to connect to another host or it terminates. Setting it to zero defaults to the old behavior, that is, connections are closed immediately. Since this consumes file descriptors, the connection cache should be kept small: 4 is probably a practical maximum.
[K] The maximum amount of time a cached connection will be permitted to idle without activity. If this time is exceeded, the connection is immediately closed. This value should be small (on the order of ten minutes). Before sendmail uses a cached connection, it always sends a RSET command to check the connection; if this fails, it reopens the connection. This keeps your end from failing if the other end times out. The point of this option is to be a good network neighbor and avoid using up excessive resources on the other end. The default is five minutes.
[no short name] If set to a positive value, allow no more than N incoming daemon connections in a one second period. This is intended to flatten out peaks and allow the load average checking to cut in. Defaults to zero (no limits).
[no short name] This can be used to override the connection address (for testing purposes).
[O] Set server SMTP options. The options are key=value pairs. Known keys are:
The address mask may be a numeric address in dot notation or a network name.
Modifier can be a sequence (without any delimiters) of the following characters:
a | require authentication |
b | bind to interface through which mail has been received |
c | perform hostname canonification (.cf) |
f | require fully qualified hostname (.cf) |
u | allow unqualified addresses (.cf) |
C | do not perform hostname canonification |
E | disallow ETRN (see RFC 2476) |
O DaemonPortOptions=Name=MSA, Port=587, M=EaThe modifiers that are marked with "(.cf)" have only effect in the standard configuration file, in which they are available via ${daemon_flags}. The flags ``c'' and ``C'' can change the default for hostname canonification in the sendmail.cf file. See the relevant documentation for FEATURE(nocanonify). The modifier ``f'' disallows addresses of the form user@host unless they are submitted directly. The flag ``u'' allows unqualified sender addresses. ``b'' forces sendmail to bind to the interface through which the e-mail has been received for the outgoing connection.
sendmail will listen on a new socket for each occurence of the DaemonPortOptions option in a configuration file.
[no short name] Filename that contains default authentication information for outgoing connections. This file must contain the user id, the authorization id, the password (plain text), and the realm to use on separate lines and must be readable by root (or the trusted user) only. If no realm is specified, $j is used.
[no short name] When a message that has 8-bit characters but is
not in MIME format is converted to MIME
(see the EightBitMode option in this list) a character
set must be included in the Content-Type:
header.
This character set is normally set from the Charset field of
the mailer descriptor. If that is not set, the value of this
option is used. If this option is not set, the value
``unknown-8bit'' is used.
[u] Set the default userid for mailers to user:group. If group is omitted and user is a user name (as opposed to a numeric user ID) the default group listed in the /etc/passwd file for that user is used as the default group. Both user and group may be numeric. Mailers without the S flag in the mailer definition will run as this user. Defaults to 1:1. The value can also be given as a symbolic user name.
[d] Deliver in mode x. Legal modes are:
Defaults to asynchronous background delivery if no option is specified, and synchronous interactive delivery if it is specified but given no argument (for example, Od is equivalent to Odi). The -v command line flag sets this to i.
[no short name] Dial-on-demand network connections can see timeouts if a connection is opened before the call is set up. If this is set to an interval and a connection times out on the first connection being attempted, sendmail will sleep for this amount of time and try again. This should give your system time to establish the connection to your service provider. Units default to seconds, so DialDelay=5 uses a five second delay. Defaults to zero (no retry).
[no short name] The standards say that all host addresses used in a mail message must be fully canonical. For example, if your host is named Cruft.Foo.ORG and also has an alias of FTP.Foo.ORG, the former name must be used at all times. This is enforced during host name canonification ($[ ... $] lookups). If this option is set, the protocols are ignored and the wrong thing is done. However, the IETF is moving toward changing this standard, so the behavior may become acceptable. Please note that hosts downstream may still rewrite the address to be the true canonical name however.
[no short name] If set, sendmail will avoid using the initgroups(3C) function. If you are running NIS, this causes a sequential scan of the groups.byname map, which can cause your NIS server to be badly overloaded in a large domain. The cost of this is that the only group found for users will be their primary group (the one in the password file), which will make file access permissions somewhat more restrictive. Has no effect on systems that don't have group lists.
[R] Normally, sendmail tries to eliminate
any unnecessary explicit routes when sending an error message
(as discussed in RFC1123 section 5.2.6). For example,
when sending an error message to
<@known1,@known2,@known3:user@unknown>
sendmail will strip off the @known1,@known2 in order to make the route as direct as possible. However, if the R option is set, this will be disabled, and the mail will be sent to the first address in the route, even if later addresses are known. This may be useful if you are caught behind a firewall.
[no short name] If an error occurs when sending an error message, send the error report (termed a double bounce because it is an error bounce that occurs when trying to send another error bounce) to the indicated address. The address is macro expanded at the time of delivery. If not set, defaults to postmaster.
[8] Set handling of eight-bit data. There are two kinds of eight-bit data: that declared as such using the BODY=8BITMIME ESMTP declaration or the -B8BITMIME command line flag, and undeclared 8-bit data, that is, input that just happens to be eight bits. There are three basic operations that can happen: undeclared 8-bit data can be automatically converted to 8BITMIME, undeclared 8-bit data can be passed as-is without conversion to MIME (just send 8) and declared 8-bit data can be converted to 7-bits for transmission to a non-8BITMIME mailer. The possible actions are:
In all cases properly declared 8BITMIME data will be converted to 7BIT as needed.
[E] Prepend error messages with the indicated message. If it begins with a slash, it is assumed to be the pathname of a file containing a message (this is the recommended setting). Otherwise, it is a literal message. The error file might contain the name, email address, and/or phone number of a local postmaster who could provide assistance to end users. If the option is missing or null, or if it names a file which does not exist or which is not readable, no message is printed.
[e] Dispose of errors using mode x. The values for x are:
[V] If specified, the fallbackhost acts like a very low priority MX on every host. This is intended to be used by sites with poor network connectivity. Messages which are undeliverable due to temporary address failures (for example, DNS failure) also go to the FallBackMX host.
[Y] If set, deliver each job that is run from the queue in a separate process. Use this option if you are short of memory, since the default tends to consume considerable amounts of memory while the queue is being processed.
[J] Set the path for searching for users' .forward files. The default is $z/.forward. Some sites that use the automounter may prefer to change this to /var/forward/$u to search a file with the same name as the user in a system directory. It can also be set to a sequence of paths separated by colons; sendmail stops at the first file it can successfully and safely open. For example, /var/forward/$u:$z/.forward will search first in /var/forward/username and then in ~username/.forward (but only if the first file does not exist).
[H] Specify the help file for SMTP. If no file name is specified, "helpfile" is used.
[c] If an outgoing mailer is marked as being expensive, don't connect immediately. This requires that queueing be compiled in, since it will depend on a queue run process to actually send the mail.
[no short name] The path to the hosts database, normally /etc/hosts. This option is only consulted when sendmail is canonifying addresses, and then only when ``files'' is in the hosts service switch entry. In particular, this file is never used when looking up host addresses; that is under the control of the system gethostbyname(3N) function.
[no short name] The location of the long term host status information. When set, information about the status of hosts (for example, host down or not accepting connections) will be shared between all sendmail processes; normally, this information is only held within a single queue run. This option requires a connection cache of at least 1 to function. If the option begins with a leading slash (/), it is an absolute pathname; otherwise, it is relative to the mail queue directory. A suggested value for sites desiring persistent host status is .hoststat (for example, a subdirectory of the queue directory).
[i] Ignore dots in incoming messages. This is always disabled (that is, dots are always accepted) when reading SMTP mail.
[no short name] Sets a default map specification for LDAP maps. The value should only contain LDAP specific settings such as ``-h host -p port -d bindDN'' The settings will be used for all LDAP maps unless the individual map specification overrides a setting. This option should be set before any LDAP maps are defined.
[L] Set the log level to n. Defaults to 9.
[no long version] Set the macro x to value. This is intended only for use from the command line. The -M flag is preferred.
[G] Allow fuzzy matching on the ``GECOS'' field. If this flag is set, and the usual user name lookups fail (that is, there is no alias with this name and a getpwnam(3C) fails), sequentially search the password file for a matching entry in the GECOS field. This also requires that MATCHGECOS be turned on during compilation. This option is not recommended.
[no short name] The maximum depth of alias recursion (default: 10).
[no short name] If set, sendmail will refuse connections when it has more than N children processing incoming mail. This does not limit the number of outgoing connections. If not set, there is no limit to the number of children, that is, the system load averaging controls this.
[no short name] The maximum length of the sum of all headers. This can be used to prevent a denial of service attack. The default is no limit.
[h] The maximum hop count. Messages that have been processed more than N times are assumed to be in a loop and are rejected. Defaults to 25.
[no short name] Specify the maximum message size to be advertised in the ESMTP EHLO response. Messages larger than this will be rejected.
[no short name] Sets the maximum length of certain MIME header field values to N characters. For some of these headers which take parameters, the maximum length of each parameter is set to M if specified. If /M is not specified, one half of N will be used. By default, these values are 0, meaning no checks are done.
[no short name] The maximum number of jobs that will be processed in a single queue run. If not set, there is no limit on the size. If you have very large queues or a very short queue run interval this could be unstable. However, since the first N jobs in queue directory order are run (rather than the N highest priority jobs) this should be set as high as possible to avoid losing jobs that happen to fall late in the queue directory.
[m] Send to me too, even if I am in an alias expansion. This option is discouraged and will be removed in a future release.
[b] Insist on at least N blocks free on the filesystem that holds the queue files before accepting email via SMTP. If there is insufficient space, sendmail gives a 452 response to the MAIL command. This invites the sender to try again later.
[no short name] Do not process any queued jobs that have been in the queue less than the indicated time interval. This is intended to allow you to get responsiveness by processing the queue fairly frequently without thrashing your system by trying jobs too often. The default units are minutes.
[no short name] Sets the list of characters that must be quoted if used in a full name that is in the phrase part of a phrase address syntax. The following characters are always added to this list:
@ , ; : \ () []
[no short name] The action to take when you receive a message
that has no valid recipient headers (To:
, Cc:
,
Bcc:
, or Apparently-To:
, the last included for
backwards compatibility with old sendmail versions).
It can be set to
pass the message on unmodified (which violates the protocol)
add a To:
header with any recipients it can find in
the envelope (which might expose Bcc:
recipients)
add an Apparently-To:
header (this is only for
backwards compatibility and is officially deprecated)
add a header To: undisclosed-recipients:
, to make
the header legal without disclosing anything
add an empty Bcc:
header
[o] Assume that the headers may be in old format, for example, spaces delimit names. This actually turns on an adaptive algorithm: if any recipient address contains a comma, parenthesis, or angle bracket, it will be assumed that commas already exist. If this flag is not on, only commas delimit names. Headers are always output with commas between the names. Defaults to off.
[$o macro] The list of characters that are considered to be operators, that is, characters that delimit tokens. All operator characters are tokens by themselves; sequences of non-operator characters are also tokens. White space characters separate tokens but are not tokens themselves, for example, ``AAA.BBB'' has three tokens, but ``AAA BBB'' has two. If not set, OperatorChars defaults to .:@[]; additionally, the characters ()<>,; are always operators. Note that OperatorChars must be set in the configuration file before any rulesets.
[no short name] Filename of the pid file. (default is _PATH_SENDMAILPID). The filename is macro-expanded before it is opened.
[P] If set, copies of error messages will be sent to the named postmaster. Only the header of the failed message is sent. Since most errors are user problems, this is probably not a good idea on large sites, and arguably contains all sorts of privacy violations, but it seems to be popular with certain operating systems vendors. The address is macro expanded at the time of delivery. Defaults to no postmaster copies.
[p] Set the privacy options. ``Privacy'' in this context is a misnomer; many of these are just a way of insisting on stricter adherence to the SMTP protocol. The options can be selected from the following:
X-Authentication-Warning:
headers in messages
The goaway pseudo-flag sets all flags except noreceipts, restrictmailq, restrictqrun, noetrn, and nobodyreturn. If mailq is restricted, only people in the same group as the queue directory can print the queue. If queue runs are restricted, only root and the owner of the queue directory can run the queue. Authentication Warnings add warnings about various conditions that may indicate attempts to spoof the mail system, such as using an non-standard queue directory.
[no short name] Prefix the process title shown on ps(1) listings with string. The string will be macro processed.
[Q] Use the named dir as the queue directory. To use multiple queues, supply a value ending with an asterisk. For example, /var/spool/mqueue/q* will use all of the directories or symbolic links to directories beginning with q in /var/spool/mqueue as queue directories. Do not change the queue directory structure while sendmail is running.
[q] Use factor as the multiplier in the map function to decide when to just queue up jobs rather than run them. This value is divided by the difference between the current load average and the load average limit (QueueLA option) to determine the maximum message priority that will be sent. Defaults to 600000.
[x] When the system load average exceeds LA, just queue messages (for example, don't try to send them). Defaults to 8 multiplied by the number of processors online on the system (if that can be determined).
[no short name] Sets the algorithm used for sorting the queue. Only the first character of the value is used. Legal values are host (to order by the name of the first host name of the first recipient), filename (to order by the name of the queue file name), time (to order by the submission time), and priority (to order by message priority). Host ordering makes better use of the connection cache, but may tend to process low priority messages that go to a single host over high priority messages that go to several hosts; it probably should not be used on slow network links. Filename ordering saves the overhead of reading all of the queued items before starting the queue run. Time ordering is almost always a bad idea, since it allows large, bulk mail to go out before smaller, personal mail, but may have applicability on some hosts with very fast connections. Priority ordering is the default.
[T] A synonym for Timeout.queuereturn. Use that form instead of the QueueTimeout form.
[I] Set resolver options. Values can be set using +flag and cleared using -flag; the flags can be debug, aaonly, usevc, primary, igntc, recurse, defnames, stayopen, or dnsrch. The string HasWildcardMX (without a + or -) can be specified to turn off matching against MX records when doing name canonifications.
[R] If this option is set, a ``Return-Receipt-To:'' header causes the request of a DSN, which is sent to the envelope sender as required by RFC1891, not to the address given in the header.
[no short name] The user parameter may be a user name (looked up in /etc/passwd) or a numeric user ID; either form can have :group attached (where group can be numeric or symbolic). If set to a non-zero (non-root) value, sendmail will change to this user id shortly after startup.
This avoids a certain class of security problems. However, this means that all .forward and :include: files must be readable by the indicated user, and all files to be written must be writable by user. Also, all file and program deliveries will be marked unsafe unless the option DontBlameSendmail=NonRootAddrSafe is set, in which case the delivery will be done as user. It is also incompatible with the SafeFileEnvironment option. In other words, it may not actually add much to security on an average system, and may in fact detract from security (because other file permissions must be loosened). However, it should be useful on firewalls and other places where users do not have accounts and the aliases file is well constrained.
[y] The indicated factor is added to the priority (thus lowering the priority of the job) for each recipient, for example, this value penalizes jobs with large numbers of recipients. Defaults to 30000.
[X] When the system load average exceeds LA, refuse incoming SMTP connections. Defaults to 12 multiplied by the number of processors online on the system (if that can be determined).
[Z] The factor is added to the priority every time a job is processed. Thus, each time a job is processed, its priority will be decreased by the indicated value. In most environments this should be positive, since hosts that are down are all too often down for a long time. Defaults to 90000.
[no short name] If this option is set, sendmail will do a chroot(2) call into the indicated directory before doing any file writes. If the file name specified by the user begins with dir, that partial path name will be stripped off before writing, so (for example) if the SafeFileEnvironment option is set to /safe then aliases of /safe/logs/file and /logs/file actually indicate the same file. Additionally, if this option is set, sendmail refuses to deliver to symbolic links.
[f] Save UNIX-style From:
lines at the
front of headers. Normally they are assumed redundant and
discarded.
[j] If set, send error messages in MIME format (see RFC2045 and RFC1344 for details). If disabled, sendmail will not return the DSN keyword in response to an EHLO and will not do Delivery Status Notification processing as described in RFC1891.
[no short name] If your host operating system has a service switch abstraction (for example, /etc/nsswitch.conf on Solaris or /etc/svc.conf on Ultrix and DEC OSF/1) that service will be consulted and this option is ignored. Otherwise, this is the name of a file that provides the list of methods used to implement particular services. The syntax is a series of lines, each of which is a sequence of words. The first word is the service name, and following words are service types. The services that sendmail consults directly are aliases and hosts. Service types can be dns, nis, nisplus, or files (with the caveat that the appropriate support must be compiled in before the service can be referenced). If ServiceSwitchFile is not specified, it defaults to /etc/mail/service.switch. If that file does not exist, the default switch is:
[7] Strip input to seven bits for compatibility with old systems. This should not be necessary.
[no short name] If set, From:
lines that have embedded
newlines are unwrapped onto one line. This is to get around a
botch in Lotus Notes that apparently cannot understand legally
wrapped RFC822 headers.
[no short name] If set, a client machine will never try to open two SMTP connections to a single server machine at the same time, even in different processes. That is, if another sendmail is already talking to some host a new sendmail will not open another connection. This property is of mixed value; although this reduces the load on the other machine, it can cause mail to be delayed (for example, if one sendmail is delivering a huge message, other sendmails will not be able to send even small messages). Also, it requires another file descriptor (for the lock file) per connection, so you may have to reduce the ConnectionCacheSize option to avoid running out of per-process file descriptors. Requires the HostStatusDirectory option.
[$e macro] The message printed when the SMTP
server starts up. Defaults to $j Sendmail $v ready at $b
.
[S] Log summary statistics in the named file. If no file name is specified, "statistics" is used. If not set, no summary statistics are saved. This file does not grow in size. It can be printed using the mailstats(1M) program.
[s] Be super-safe when running things, for example, always instantiate the queue file, even if you are going to attempt immediate delivery. sendmail always instantiates the queue file before returning control to the client under any circumstances. This should always be set.
[F] The file mode for queue files. It is interpreted in octal by default. Defaults to 0600.
[r; subsumes old T option as well] Set timeout values. For more information, see ``Read timeouts''.
[t] Set the local time zone information to tzinfo. For example, PST8PDT. Actually, if this is not set, the TZ environment variable is cleared (so the system default is used); if set but null, the user's TZ variable is used, and if set and non-null the TZ variable is set to this value.
[no short name] The user parameter can be a user name (looked up in /etc/passwd) or a numeric user id. Trusted user for file ownership and starting the daemon. If set, generated alias databases and the control socket (if configured) will automatically be owned by this user.
[w] If this system is the best (that is, lowest preference)
MX for a given host, its configuration rules should
normally detect this situation and treat that condition specially
by forwarding the mail to a UUCP feed, treating it as local,
or whatever. However, in some cases (such as Internet firewalls)
you may want to try to connect directly to that host as though it
had no MX records at all. Setting this option causes
sendmail to try this. The downside is that errors in your
configuration are likely to be diagnosed as host unknown
or message timed out
instead of something more meaningful.
This option is not recommended.
[$l macro] Defines the format used when sendmail
must add a UNIX-style From_
line (that is, a line beginning
From
user). Defaults to From $g $d
.
Do not change this unless your system uses a different UNIX
mailbox format (very unlikely).
[no short name] If set, :include: and .forward files that are group writable are considered unsafe, that is, they cannot reference programs or write directly to files. World writable :include: and .forward files are always unsafe.
[l] If there is an Errors-To:
header, send
error messages to the addresses listed there. They normally go
to the envelope sender. Use of this option causes sendmail
to violate RFC1123. This option is not recommended and
is deprecated.
[U] The user database specification.
[v] Run in verbose mode. If this is set, sendmail adjusts options HoldExpensive (old c) and DeliveryMode (old d) so that all mail is delivered completely in a single job so that you can see the entire delivery process. Option Verbose should never be set in the configuration file; it is intended for command line use only.
[no short name] Set the threshold, in bytes, before a memory-based queue transcript file becomes disk-based. The default is 4096 bytes.