Appendix E. A sendmail Reference

This appendix provides details of the syntax of the sendmail command, of the sendmail.cf file, and of the m4 macros that can be used to build that file. It describes where to obtain the latest source code for sendmail and how to compile it. This appendix is a reference, not a tutorial. Refer to Chapter 10 for a tutorial on sendmail configuration.

We start the appendix with information on locating, downloading, and compiling the latest version of sendmail.

Compiling sendmail

The source code for sendmail is available via anonymous FTP from ftp.sendmail.org, where it is stored in the pub/sendmail directory. sendmail is updated constantly. The following examples are based on sendmail 8.11.3. Remember that things will change for future releases. Always read the README files and installation documents that come with new software before beginning an installation.

To compile the sendmail program, download the compressed tar file as a binary file, and then uncompress and extract it with the tar command, shown below:

$ ftp ftp.sendmail.org
Connected to ftp.sendmail.org.
220 pub2.pa.vix.com FTP server ready.
Name (ftp.sendmail.org:craig): anonymous
331 Guest login ok, send your e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.   
ftp> cd pub/sendmail
ftp> get sendmail.8.11.3.tar.gz
local: sendmail.8.11.3.tar.gz remote: sendmail.8.11.3.tar.gz
200 PORT command successful.
150 Opening BINARY mode data connection for sendmail.8.11.3.tar.gz
   (1347756 bytes).
226 Transfer complete.
1347756 bytes received in 18.68 Seconds (72.42 Kbytes/sec)
ftp> quit
221-You have transferred 1347756 bytes in 1 files.
221-Thank you for using the FTP service on pub2.pa.vix.com.
221 Goodbye.
$ cd /usr/local/src  
$ tar -zxvf /home/craig/sendmail.8.11.3.tar.gz

Next, change to the sendmail-8.11.3 directory created by the tar file, and use the Build script to compile the new sendmail program, as shown below:

$ cd sendmail-8.11.3
$ ./Build
Making all in:
/usr/local/src/sendmail-8.11.3/libsmutil
Configuration: pfx=, os=Linux, rel=2.2.10, rbase=2, rroot=2.2, arch=i586, sfx=, variant=optimized
Using M4=/usr/bin/m4
Creating ../obj.Linux.2.2.10.i586/libsmutil using ../devtools/OS/Linux
Making dependencies in ../obj.Linux.2.2.10.i586/libsmutil
make[1]: Entering directory
     `/usr/local/src/sendmail-8.11.3/obj.Linux.2.2.10.i586/libsmutil'
cc -M -I. -I../../sendmail -I../../include -DNEWDB
      -DNOT_SENDMAIL debug.c
errstring.c lockfile.c safefile.c snprintf.c strl.c    >> Makefile
make[1]: Leaving directory
      `/usr/local/src/sendmail-8.11.3/obj.Linux.2.2.10.i586/libsmutil'
Making in ../obj.Linux.2.2.10.i586/libsmutil
make[1]: Entering directory
      `/usr/local/src/sendmail-8.11.3/obj.Linux.2.2.10.i586/libsmutil'
cc -O -I. -I../../sendmail -I../../include -DNEWDB
      -DNOT_SENDMAIL -c debug.c -o debug.o
cc -O -I. -I../../sendmail -I../../include -DNEWDB
      -DNOT_SENDMAIL -c errstring.c -o errstring.o

... Many, many, many lines deleted...

cc -O -I. -I../../sendmail -I../../include -DNEWDB
      -DNOT_SENDMAIL -c vacation.c -o vacation.o
cc -o vacation   vacation.o ../libsmdb/libsmdb.a 
      ../libsmutil/libsmutil.a -ldb -lresolv -lcrypt -lnsl -ldl
groff -Tascii -man vacation.1 > vacation.0 ||
      cp vacation.0.dist vacation.0
make[1]: Leaving directory
      `/usr/local/src/sendmail-8.11.3/obj.Linux.2.2.10.i586/vacation'

Build detects the architecture of the system and builds the correct Makefile for your system. It then compiles sendmail using the newly created Makefile.

According to the documentation, running Build is all you need to do on most systems to compile sendmail. It works on Red Hat Linux and Solaris 8 systems. However, there are no guarantees. Your system may use nonstandard directories or lack certain libraries. You may need to provide compiler flags that are customized for your system.

If you have experience with compiling sendmail, you may be tempted to look for the compiler options in the Makefile in the sendmail distribution’s source code directory. You may even remember setting compiler options in the Makefile at some time in the past, but that has changed. Now, compiler options are set in the files located in the devtools directory of the sendmail source code distribution.

The default compiler options are normally set in an operating system-specific file in the devtools/OS directory and changed in files you create specially for your server in the devtools/Site directory. The files in the devtools/OS directory are identified by operating system name; for example, the configuration file for Solaris 8 is named SunOS5.8. If your Solaris 8 system varies from the norm, create your own file in devtools/Site named site.SunOS5.8.m4 that contains the corrected setting. Additionally, you can create a file named site.config.m4 in the devtools/Site directory if the compiler options you wish to set relate more to the peculiarities of your site than they do to corrections of operating system settings. Build looks for and uses files with either of these names.

As the .m4 file extension in these filenames implies, the commands that are used to define compiler options are m4 macros, not simple compiler options. Table E-1 lists the m4 commands that are used with sendmail 8.11.3 to control the compile process.

Table E-1. m4 compiler options

Command	Purpose
confBEFORE	Identifies files that must be created before the compile.
confBLDVARIANT	Requests OPTIMIZED, DEBUG, or PURIFY build variants.
confBUILDBIN	The path of the build support binaries.
confCC	The name of the C compiler.
confCCOPTS	Options to pass to the compiler.
confCOPY	The name of a program that copies files.
confDEPEND_TYPE	Name of a file in devtools/M4/depend that defines how to build dependencies.
confDEPLIBS	Dependent libraries for shared objects.
confEBINDIR	The path of the program executed by other programs.
confENVDEF	The -D flags passed to the compiler.
confFORCE_RMAIL	Forces installation of rmail.
confHFDIR	Path of the sendmail helpfile.
confHFFILE	Name of the helpfile.
confINCDIRS	The -I flags passed to the compiler.
confINCGRP	The group ID used for include files.
confINCMODE	The file permissions used for include files.
confINCOWN	The user ID used for include files.
confINCLUDEDIR	The path where include files are installed.
confINSTALL	The install program.
confINSTALL_RAWMAN	Install the unformatted manual pages.
confLDOPTS	Options for the linker.
confLIBDIR	Path to the install library files.
confLIBDIRS	The -L flags for the linker.
confLIBGRP	The group ID used for libraries.
confLIBMODE	The file permissions used for libraries.
confLIBOWN	The user ID used for libraries.
confLIBS	The -l flags passed to linker.
confLIBSEARCH	Names of the libraries searched during linking.
confLIBSEARCHPATH	Path of the libraries searched during linking.
confLINKS	Names of logical links to sendmail, e.g., newaliases.
confLN	The command used to create logical links.
confMAN1	The path of man1 files.
confMAN1EXT	The filename extension used for man1 files.
confMAN1SRC	The source for man1 pages.
confMAN3	The path of man3 files.
confMAN3EXT	The filename extension used for man3 files.
confMAN3SRC	The source for man3 pages.
confMAN4	The path of man4 files.
confMAN4EXT	The filename extension for man4 files.
confMAN4SRC	The source for man4 pages.
confMAN5	The path of man5 files.
confMAN5EXT	The filename extension used for man5 files.
confMAN5SRC	The source for man5 pages.
confMAN8	The path of man8 files.
confMAN8EXT	The filename extension used for man8 files.
confMAN8SRC	The source for man8 pages.
confMANDOC	The macros used to format manpages.
confMANGRP	The group ID used for manpage files.
confMANMODE	The file permission for manpages.
confMANOWN	The user ID used for manpage files.
confMANROOT	The root path of the various directories that contain formatted manpages.
confMANROOTMAN	The root path of the various directories that contain unformatted manpages.
confMAPDEF	Identifies the types of database support that should be compiled into sendmail.
confMBINDIR	The path in which the sendmail program is installed.
confNO_HELPFILE_INSTALL	If defined, no helpfile is installed.
confNO_MAN_BUILD	If defined, manpages are not created.
confNO_MAN_INSTALL	If defined, manpages are not installed.
confNO_STATISTICS_INSTALL	If defined, no statistics file is installed.
confNROFF	Identifies the command used to format manpages.
confOBJADD	Identifies objects that should be linked in to sendmail.
confOPTIMIZE	Flags passed to the compiler as ${O}.
confRANLIB	The path to the ranlib program.
confRANLIBOPTS	Options passed to ranlib.
confSBINDIR	The path of the directory in which commands such as makemap are stored.
confSBINGRP	The group ID used for setuid binaries.
confSBINMODE	The file permissions for setuid binaries.
confSBINOWN	The user ID used for setuid binaries.
confSHAREDLIB_EXT	The filename extension for shared libraries.
confSHAREDLIB_SUFFIX	The suffix used for shared objects.
confSHAREDLIBDIR	The path of the directory in which shared libraries are installed.
confSHELL	The pathname of the shell used inside make.
confSMOBJADD	Objects that should be linked in to sendmail.
confSMSRCADD	The C source files for the objects identified by confSMOBJADD.
confSMSRCDIR	The directory that contains the sendmail source code.
confSRCADD	The C source files for the objects identified by confOBJADD.
confSRCDIR	The root path of the source directories.
confSONAME	Linker flag for recording the shared object name.
confSTDIO_TYPE	Identifies the buffered file implementation used, i.e., portable or torek.
confSTDIR	The path where the statistics file is stored.
confSTFILE	The name of the statistics file.
confSTRIP	Identifies the program used to strip executables.
confSTRIPOPTS	Options passed to the strip program.
confUBINDIR	The path for user-executable programs.
confUBINGRP	The group ID used for user-executable binaries.
confUBINMODE	The file permissions used for user-executable binaries.
confUBINOWN	The user ID used for user-executable binaries.

Once sendmail compiles, it is installed by using the Build command with the install option, as shown here:

# ./Build install
Making all in:
/usr/local/src/sendmail-8.11.3/libsmutil
Configuration: pfx=, os=Linux, rel=2.2.10, rbase=2, rroot=2.2,
      arch=i586, sfx=, variant=optimized
Making in ../obj.Linux.2.2.10.i586/libsmutil
make[1]: Entering directory
      `/usr/local/src/sendmail-8.11.3/obj.Linux.2.2.10.i586/libsmutil'

... Many, many, many lines deleted...

Making in ../obj.Linux.2.2.10.i586/vacation
make[1]: Entering directory
      `/usr/local/src/sendmail-8.11.3/obj.Linux.2.2.10.i586/vacation'
install -c -o bin -g bin -m 555 vacation /usr/bin
install -c -o bin -g bin -m 444 vacation.0 /usr/man/man1/vacation.1
make[1]: Leaving directory
      `/usr/local/src/sendmail-8.11.3/obj.Linux.2.2.10.i586/vacation'

The Build command installs the manpages, the executables, the help file, and the status file in the correct directories for your system.

sendmail is now ready to run. The next section describes the syntax of the sendmail command.

The sendmail Command

The syntax of the sendmail command is deceptively simple:

sendmail [arguments] [address ...]

The syntax is deceptive because it hides the fact that there are a very large number of command-line arguments. Table E-2 lists all of them.

Table E-2. sendmail command-line arguments

Argument	Function
-U	Indicate initial user submission.
-Venvid	Set the envelope ID to envid.
-Ndsn	Set delivery status notification to dsn.
-Mxvalue	Set macro x to value.
-Rreturn	Set the part of the message returned with an error.
-Btype	Set the MIME body type.
-pprotocol	Set the receiving protocol and hostname.
-Xlogfile	Log all traffic in the indicated log file.
-faddr	Sender’s machine address is addr.
-r addr	Obsolete form of -f.
-h cnt	Drop mail if forwarded cnt times.
-Fname	Set the full name of this user to name.
-n	Don’t do aliasing or forwarding.
-Tvalue	Set the QueueTimeout option to value.
-t	Send to everyone listed in To:, Cc:, and Bcc:.
-bm	Deliver mail (default).
-bD	Run as a daemon in the foreground.
-ba	Run in arpanet mode.
-bs	Speak SMTP on input side.
-bd	Run as a daemon.
-bH	Clear the host status directory; equivalent to purgestat.
-bh	Display the host status report; equivalent to hoststat.
-bt	Run in test mode.
-bv	Verify addresses; don’t collect or deliver mail.
-bi	Initialize the alias database.
-bp	Print the mail queue.
-bz	Create a parsed copy of the sendmail.cf file.
-q[time]	Process queued mail. Repeat at interval time.
-Cfile	Use file as the configuration file.
-c	Set the HoldExpensive option to true.
-dlevel	Set debugging level.
-e	Set the ErrorMode option.
-Ooption=value	Set option option to value.
-oxvalue	Set an option using its old single-character name.
-I	Alternate way to specify -bi.
-i	Ignore dots in incoming messages.
-m	Send to me, too.
-v	Run in verbose mode.
-saddr	Alternate form of -f.

Table E-2 lists over 30 command-line arguments. The table is a quick reference to all possible arguments, some of which are outdated in the latest version of sendmail. Perhaps the best-known argument that is now outdated is -bz. At one time it was used to preprocess the sendmail.cf file. The idea was that storing the processed configuration would enhance speed. This outdated switch does not work in the newest versions of sendmail. If you used this argument with an older version of sendmail you might mistakenly believe it is still needed. Attempting to run it with the current sendmail release will just return an error.

Several arguments are redundant forms of other switches. For example, -c, -e, -I, -m, -r, -T, and -s are all deprecated switches that have been replaced by newer arguments. All of the arguments that set sendmail.cf options, even those that are not deprecated, such as -i and -o, can be replaced with the -O switch. For example, the command line:

sendmail -m -s < mail.file

could be replaced by:

sendmail -OMeToo=true -OSaveFromLine=true < mail.file

The -O argument provides the distinct advantage of being able to set any sendmail.cf option. Arguments such as -m and -s set only one option each. The -O format is also easier to read and comprehend, particularly when the sendmail command is included inside a script.

Several of the command-line arguments from Table E-2 are covered in Chapter 10. These are:

-f: Allows trusted users to override the sender address on outgoing messages. For security reasons, it is disabled on some systems. Obsolete alternative forms of this argument are -r and -s.
-t: Reads the To:, Cc:, and Bcc: headers from standard input. Used to send a file that contains these headers or when typing in a test message, as in Chapter 10.
-bd: Runs sendmail in background mode, causing it to collect incoming mail. Use this argument on the sendmail command in the boot script.
-bt: Used to test sendmail address rewrite rules.
-bi: Initializes the aliases database. This is the same as the newaliases command covered in Chapter 10.
-q: Sets the time interval at which the mail queue is processed. Use on the sendmail command in the boot script.
-C: Loads an alternative sendmail configuration file. Use this to test the configuration before moving the new file to sendmail.cf.
-v: Permits you to view the exchange of SMTP commands in real time.
-bv: Verifies address processing without actually sending mail.

Other than the two arguments (-bd and -q) used on the sendmail command line in the boot script to process incoming mail, the most common use for sendmail arguments is debugging. From the list above, -bt, -C, -bv, -v, and -t are all used in Chapter 10 in debugging examples. Other debugging arguments are:

-bp

Prints a list of mail that is queued for delivery. It is the same as the mailq command. Mail is queued when it cannot be delivered immediately because the remote host is temporarily unable to accept the mail. sendmail periodically processes the queue, based on the time interval you set with the -q argument, and attempts to deliver the mail in the queue. The queue can grow large enough to impede sendmail’s performance if an important remote host is down. mailq shows how many items are queued as well as the source and destination of each piece of mail.

When the queue requires immediate processing, invoke sendmail using -q with no time interval. This processes the entire queue. Some variations of the -q argument allow you to selectively process the queue. Use -qI queue-id to process only those queue entries with the specified queue identifier; -qR recipient to process only items being sent to the specified recipient; or -qS sender to process only mail sent from the specified sender. The mailq command displays the queue identifier, sender address, and recipient address for every item in the queue.

-o

Sets a sendmail option for this one instantiation of sendmail, e.g., -oA/tmp/test-aliases. Use this argument to test alternative option settings without editing the sendmail.cf file. -o uses the old sendmail option syntax. An alternate form of the argument is -O, which uses the new option syntax, e.g., -OAilasFile=/tmp/test-aliases. See Section E.4.3 later in this appendix.

-d

Sets the level of detail displayed when debugging sendmail code. Can be used to debug rewrite rules or to check configuration settings, e.g., sendmail -bt -d0.4. Most debug settings are useful only for sendmail source code debugging.

-h

Sets the counter used to determine if mail is looping. By default, it is set to 30, which is a good operational value. When you are debugging a mail loop problem, set the hop count lower, e.g., -h10, to reduce the number of times a piece of mail is handled by the system. Otherwise, leave this value alone.

-bh

Displays the persistent host status, if sendmail is configured to maintain this status. The host status displays the name of each remote host that mail was sent to, the time the status of that host was last updated, and the result of the last attempt to deliver mail to that host. The directory of host status files can grow very large. Use -bH to clean out the host status directory.

The remaining arguments are rarely used on the command line:

-B: Indicates the MIME message body type. Acceptable values are either 7BIT or 8BITMIME.
-N: Requests that the sender be notified of the delivery status of the mail. The default value is FAILURE, DELAY, which notifies the sender when mail delivery fails or is delayed in the queue. Other acceptable values are NEVER, to request that no status notifications be returned to the sender, and SUCCESS, to request notification of successful mail delivery.
-M: Sets a macro value for this instantiation of sendmail. For example, entering the command -MMwrotethebook.com sets macro M to wrotethebook.com.
-p: Sets the sending protocol and the sending host. This is equivalent to setting the internal s and r macros. If a system has more than one external mail protocol, for example, UUCP and SMTP, this forces the system to use a specific protocol for this piece of mail.
-R: Sets the amount of information returned to the sender when a message cannot be delivered. This can be either HDRS for headers-only, or FULL for the headers and the full message body.
-U: Indicates that this mail comes directly from a user interface and was not forwarded from a remote mail handler.
-V: Inserts an “envelope ID” into the outbound message that is returned if message delivery fails.
-X: Logs all mail messages to the specified log file. This rapidly produces an enormous log file.
-n: Disables the processing of aliases and mail forwarding.
-bm: Tells sendmail to deliver mail, which it will do anyway.
-ba: Reads the header From: line to find the sender. It uses three-digit reply codes, and ends error lines with <CRLF>. This is an obsolete argument.
-bs: Tells sendmail to use SMTP for incoming mail. When appropriate, sendmail will do this even without the -bs argument.
-i: Normally, an SMTP message terminates when a line containing only a dot is encountered. This argument tells sendmail to ignore the dots in incoming messages.
-m: Sends a copy of the mail to the person sending the mail. Normally this is done with a CC: or BCC: header in the message, not with the -m argument.
-bD: Runs sendmail as a foreground daemon so that it remains attached to the controlling terminal.
-F: Sets the sender’s full name.

This is a complete list of sendmail command-line arguments at this writing. Some of these arguments were recently introduced. Others are obsolete in the latest version of sendmail. Check the manpage for your system to find out exactly what arguments are available on your system.

When the sendmail command is executed, it reads its configuration from the sendmail.cf file. A basic sendmail.cf file can be built from m4 macros that come with the sendmail source code. Chapter 10 provides examples of how this is done. The next section provides a complete list of the m4 macros that come with the sendmail distribution.

m4 sendmail Macros

The sendmail distribution comes with several sample configuration files. Chapter 10 provides an example of how the tcpproto.mc file is modified to produce a configuration file suitable for a Linux system. The prototype files are m4 macro configuration files that produce usable sendmail.cf files as output. The prototype files are located in the sendmail/cf/cf directory of the sendmail distribution. Use those prototypes as examples of reasonable sendmail configurations.

All of the sendmail configuration files are composed of the following m4 macros: ^[162]

divert: Directs the output of the m4 process.
dnl: Deletes all characters up to the next newline.
VERSIONID: Defines the version number of the .mc source file. RCS or SCCS version numbers are commonly used. This command is optional.
OSTYPE: Points to the m4 source file that contains the operating system-specific information for this configuration. This is required.
DOMAIN: Points to the m4 source file that contains configuration information specific to this domain. This is optional.
LOCAL_DOMAIN: Defines the hostname aliases for the server.
CANONIFY_DOMAIN: Defines domains that should be converted to canonical format even if the nocanonify feature is set.
CANONIFY_DOMAIN_FILE: Identifies a file that contains the list of domains that should be converted to canonical format even if the nocanonify feature is set.
GENERICS_DOMAIN: Defines domain names that should be processed through the genericstable database.
GENERICS_DOMAIN_FILE: Identifies a file that contains the list of domains that should be processed through the genericstable database.
LDAPROUTE_DOMAIN: Defines domains that should be routed according to directions found in the LDAP directory.
LDAPROUTE_DOMAIN_FILE: Identifies a file that lists the domains that should be routed according to directions found in the LDAP directory.
RELAY_DOMAIN: Defines the domains for which this server should relay mail.
RELAY_DOMAIN_FILE: Identifies a file that lists the domains for which this server should relay mail.
VIRTUSER_DOMAIN: Defines the virtual domains that should be processed through the virtusertable.
VIRTUSER_DOMAIN_FILE: Identifies a file that lists the virtual domains that should be processed through the virtusertable.
FEATURE: Points to an m4 source file that defines an optional sendmail feature. This is not required for m4 to process the .mc source file, but many configurations have multiple FEATURE entries.
MASQUERADE_AS: Defines the domain name used to masquerade outgoing mail.
MASQUERADE_DOMAIN: Defines domains that should be masqueraded.
MASQUERADE_DOMAIN_FILE: Identifies a file that lists the domains that should be masqueraded.
MASQUERADE_EXCEPTION: Defines a host that should not be masqueraded even if the domain is being masqueraded.
EXPOSED_USER: Defines usernames that prevent masquerading. If the user portion of the address contains one of these names, the host portion of the address is not masqueraded.
HACK: Points to an m4 source file that contains site-specific configuration information. This is a temporary configuration used to fix a temporary problem. The use of HACK is discouraged.
SITE: Identifies a locally connected UUCP host.
SITECONFIG: Points to a source file that contains m4 SITE commands that define the UUCP sites connected to this host. The format of the command is: SITECONFIG( file, local-hostname, class), which reads the UUCP hostnames from file into class.
UUCPSMTP: Maps a UUCP hostname to an Internet hostname.
define: Defines a local value. Most “defines” are done in the m4 source files that are called by the .mc file, not in the .mc file itself. It can define a value for a sendmail.cf macro, option, or other command.
undefine: Clears the value set for a configuration parameter.
MAILER: Points to an m4 source file that contains the configuration commands that define a sendmail mailer. At least one MAILER command must appear in the configuration file. Generally more than one MAILER command is used.
MAILER_DEFINITIONS: Heads a section of sendmail.cf commands that define a custom mailer.
MODIFY_MAILER_FLAGS: Overrides the flags defined for a mailer.
MAIL_FILTER: Defines a mail filter.
INPUT_MAIL_FILTER: Defines a mail filter and the variables necessary to call the filter.
DAEMON_OPTIONS: Defines runtime options for the sendmail daemon.
TRUST_AUTH_MECH: Defines a list of trusted authorization mechanisms.
LOCAL_RULE_ n: Heads a section of code to be added to ruleset n, where n is 0, 1, 2, or 3. The code that follows the LOCAL_RULE_n command is composed of standard sendmail.cf rewrite rules.^[163] The LOCAL_RULE_n command is rarely used.
LOCAL_RULESETS: Heads a section of code that defines a custom ruleset.
LOCAL_USER: Defines usernames that should be exempted from relaying even when local mail is being relayed.
LOCAL_NET_CONFIG: Heads a section of sendmail.cf code that defines how mail destined for the local host is processed.
LOCAL_CONFIG: Heads a section of code to be added to the sendmail.cf file after the local information section and before the rewrite rules. The section of code contains standard sendmail.cf configuration commands. This macro is rarely used.

The built-in m4 commands shown above—those listed in lowercase characters—are divided between those that control the flow of output and those that set macro values. The two commands that control the flow of output are dnl and divert. Text following the dnl command is not sent to the output file. Thus it is used at the beginning of a line on a comment. The divert(-1) command sends output to the “bit-bucket” and marks the start of a block of comments. The divert(0) command directs output to standard m4 processing. In addition to -1 and 0, the divert command accepts nine other numeric arguments: the values 1 to 9. These other values are used in the m4 macro source code to direct data to various parts of the sendmail.cf file. You will not use these values in your own configuration. Instead you will use other commands to direct data to specific parts of the sendmail.cf file.

The commands LOCAL_CONFIG, LOCAL_USER, LOCAL_RULESETS, MAILER_DEFINITION, LOCAL_NET_CONFIG, and LOCAL_RULE allow you to send data to various parts of the sendmail.cf file without using the various divert values directly. Commands such as LOCAL_CONFIG and MAILER_DEFINITION mark the start of raw sendmail.cf code that should be included in some part of the output file. These commands make it possible for you to customize the sendmail.cf file in any possible way.

The built-in m4 commands define and undefine set macro values. define sets a variable to a value and undefine resets it to its default value. More configuration parameters can be controlled through the define command than through any other, and, correspondingly, more of this appendix is dedicated to define parameters than to anything else.

Almost half of the m4 macros act like the define command and simply set a parameter to a value. MASQUERADE_AS, MASQUERADE_DOMAIN, RELAY_DOMAIN, and VIRTUSER_DOMAIN_FILE are all examples of commands used to set variables.

The TRUST_AUTH_MECH macro is a good example of a macro that complements a define. As you’ll see in Section E.3.1 of this appendix, the parameter confAUTH_MECHANISMS can be used to define the trusted authentication mechanisms your server advertises to other servers. The TRUST_AUTH_MECH macro is the inverse of this. It identifies the mechanism that your server accepts from other servers. The same list of keywords used to configure the confAUTH_MECHANISMS parameter in Section E.3.1 can be used to configure TRUST_AUTH_MECHANISMS.

The macro names OSTYPE, DOMAIN, FEATURE, MAILER, HACK, and SITECONFIG are all names of subdirectories within the cf directory. The value passed to each of these macros is the name of a file within the specified directory. For example, the command FEATURE(nouucp) tells m4 to load the file nouucp.m4 from the ostype directory and process the m4 source code found there. The .m4 source files pointed to by the OSTYPE, DOMAIN, FEATURE, and MAILER commands are built primarily from define and FEATURE commands.

Two of the macros that are also directory names, SITECONFIG and HACK, are rarely used. SITECONFIG points to a source file that contains SITE macros that define the UUCP sites connected to the local host. You create the file containing the SITE macros yourself and then invoke it with the SITECONFIG command. These commands, along with UUCPSMTP, are obsolete and maintained only for backward compatibility.

The HACK macro points to an m4 source file that contains a temporary site-specific fix to a sendmail problem. You create the file in the hack directory and then use the HACK command to add that file to the configuration. The use of hacks is discouraged and is generally unnecessary.

The following section provides additional information about the OSTYPE, DOMAIN, FEATURE, and MAILER macros and details of the various commands used to build the m4 source files they call. Chapter 10 provides an example of building a custom DOMAIN macro source file. The source files can contain any of the macros we have already mentioned as well as the additional ones documented below. The macro configuration (.mc) file also can contain any of the commands documented below. In fact, pretty much any macro can appear in any file.

To bring some order out of this chaos, the commands are organized according to the files they are most likely to appear in, which is similar to the organization found in the documentation that comes with the sendmail distribution. Just remember, actual implementation files may have a different organization. We start by examining the define macros and the FEATURE macros that are the primary building blocks of all the other files.

define

The syntax of the define macro is:

               define(`parameter', `value')

where parameter is the keyword name of a sendmail configuration parameter and value is the value assigned to that configuration parameter. The parameter and the value are normally enclosed in single quotes to prevent inappropriate macro expansion. These are not balanced quotes. The opening quote is a grave sign (`), and the closing quote is an apostrophe (').

Many of the configuration parameters that can be set using the define command are shown below. Most of the parameters correspond to sendmail options, macros, or classes. The name of the option, macro, or class set by the parameter is listed in the parameter description enclosed in square brackets ([]). Macro names begin with a dollar sign ($j), class names begin with a dollar sign and an equals sign ($=w), and options are shown with long option names (SingleThreadDelivery). To find out more about these parameters, see the descriptions of the macros, options, and classes they represent that are provided later in this appendix.

Because many define parameters are equivalent to options, macros, and classes, the command:

define(`confDOMAIN_NAME', `rodent.wrotethebook.com')

placed in an m4 source file has the same effect as:

Djrodent.wrotethebook.com

placed directly in the sendmail.cf file. If you compile and install a new version of sendmail, build your configuration with m4 and set values for macros, classes, and options with the m4 define macro.

The list of define parameters is quite long. However, because most of the parameters default to a reasonable value, they do not have to be explicitly set in the m4 source file. The default value of each parameter is shown in the listing—unless there is no default.

confMAILER_NAME: Default is MAILER-DAEMON. The sender name used on error messages. [$n]
confDOMAIN_NAME: The full hostname. [$j]
confCF_VERSION: The configuration file’s version number. [$Z]
confFROM_HEADER: Default is $?x$x <$g>$|$g$. . The From: header format.
confRECEIVED_HEADER: Default is $?sfrom $s $.$?_($?s$|from $.$_) $.by $j ($v/$Z)$?r with $r$. id $i$?u for $u$.; $b . The Received: header format.
confCW_FILE: Default is /etc/sendmail.cw. The file of local host aliases. [$=w]
confCT_FILE: Default is /etc/sendmail.ct. The file of trusted usernames. [$=t]
confTRUSTED_USERS: Trusted usernames to add to root, uucp, and daemon.
confSMTP_MAILER: Default is esmtp. The mailer used for SMTP connections; must be smtp, smtp8, or esmtp.
confUUCP_MAILER: Default is uucp-old. The default UUCP mailer.
confLOCAL_MAILER: Default is local. The mailer used for local connections.
confRELAY_MAILER: Default is relay. The default mailer name for relaying.
confSEVEN_BIT_INPUT: Default is False. Forces input to seven bits. [SevenBitInput]
confEIGHT_BIT_HANDLING: Default is pass8. Defines how 8-bit data is handled. [EightBitMode]
confALIAS_WAIT: Default is 10m. The amount of time to wait for alias file rebuild. [AliasWait]
confMIN_FREE_BLOCKS: Default is 100. The minimum number of free blocks on the queue filesystem that must be available to accept SMTP mail. [MinFreeBlocks]
confMAX_MESSAGE_SIZE: Default is infinite. The maximum message size. [MaxMessageSize]
confBLANK_SUB: The character used to replace unquoted blank characters in email addresses. [BlankSub]
confCON_EXPENSIVE: Default is False. Tells system to hold mail bound for mailers that have the e flag set until the next queue run. [HoldExpensive]
confCHECKPOINT_INTERVAL: Default is 10. Tells system to checkpoint the queue files after this number of queued items are processed. [CheckpointInterval]
confDELIVERY_MODE: Default is background. Sets the default delivery mode. [DeliveryMode]
confAUTO_REBUILD: Default is False. Automatically rebuilds alias file. [AutoRebuildAliases]
confERROR_MODE: Default is print. Defines how errors are handled. [ErrorMode]
confERROR_MESSAGE: Points to a file containing a message that is prepended to error messages. [ErrorHeader]
confSAVE_FROM_LINES: Tells system not to discard Unix From: lines. They are discarded if this is not set. [SaveFromLine]
confTEMP_FILE_MODE: Default is 0600. File mode for temporary files. [TempFileMode]
confMATCH_GECOS: Tells system to match the email username to the GECOS field. This match is not done if this is not set. [MatchGECOS]
confMAX_HOP: Default is 25. The counter used to determine mail loops. [MaxHopCount]
confIGNORE_DOTS: Default is False. Tells system to ignore dots in incoming messages. [IgnoreDots]
confBIND_OPTS: Default is undefined. Sets options for DNS resolver. [ResolverOptions]
confMIME_FORMAT_ERRORS: Default is True. Tells system to send MIME-encapsulated error messages. [SendMimeErrors]
confFORWARD_PATH: Default is $z/.forward.$w:$z/.forward. Places to search for .forward files. [ForwardPath]
confMCI_CACHE_SIZE: Default is 2. The number of open connections that can be cached. [ConnectionCacheSize]
confMCI_CACHE_TIMEOUT: Default is 5m. The amount of time inactive open connections are held in the cache. [ConnectionCacheTimeout]
confHOST_STATUS_DIRECTORY: Directory in which host status is saved. [HostStatusDirectory]
confUSE_ERRORS_TO: Default is False. Delivers errors using the Errors-To: header. [UseErrorsTo]
confLOG_LEVEL: Default is 9. Level of detail for the log file. [LogLevel]
confME_TOO: Default is False. Sends a copy to the sender. [MeToo]
confCHECK_ALIASES: Default is False. Looks up every alias during alias file build. [CheckAliases]
confOLD_STYLE_HEADERS: Default is True. Treats headers without special characters as old style. [OldStyleHeaders]
confDAEMON_OPTIONS: SMTP daemon options. [DaemonPortOptions]
confPRIVACY_FLAGS: Default is authwarnings. These flags restrict the use of some mail commands. [PrivacyOptions]
confCOPY_ERRORS_TO: Address to receive copies of error messages. [PostmasterCopy]
confQUEUE_FACTOR: Default is 600000. Used to calculate when a loaded system should queue mail instead of attempting delivery. [QueueFactor]
confDONT_PRUNE_ROUTES: Default is False. Don’t prune route-addresses to the minimum possible. [DontPruneRoutes]
confSAFE_QUEUE: Create a queue file, then attempt delivery. This is not done unless this parameter is specified. [SuperSafe]
confTO_INITIAL: Default is 5m. Maximum time to wait for the initial connect response. [Timeout.initial]
confTO_CONNECT: Default is 0. Maximum time to wait for a connect to complete. [Timeout.connect]
confTO_ICONNECT: Maximum time to wait for the very first connect attempt to a host. [Timeout.iconnect]
confTO_HELO: Default is 5m. Maximum time to wait for a HELO or EHLO response. [Timeout.helo]
confTO_MAIL: Default is 10m. Maximum time to wait for a MAIL command response. [Timeout.mail]
confTO_RCPT: Default is 1h. Maximum time to wait for a RCPT command response. [Timeout.rcpt]
confTO_DATAINIT: Default is 5m. Maximum time to wait for a DATA command response. [Timeout.datainit]
confTO_DATABLOCK: Default is 1h. Maximum time to wait for a block during DATA phase. [Timeout.datablock]
confTO_DATAFINAL: Default is 1h. Maximum time to wait for a response to the terminating “.”. [Timeout.datafinal]
confTO_RSET: Default is 5m. Maximum time to wait for a RSET command response. [Timeout.rset]
confTO_QUIT: Default is 2m. Maximum time to wait for a QUIT command response. [Timeout.quit]
confTO_MISC: Default is 2m. Maximum time to wait for other SMTP command responses. [Timeout.misc]
confTO_COMMAND: Default is 1h. Maximum time to wait for a command to be issued. [Timeout.command]
confTO_IDENT: Default is 30s. Maximum time to wait for an IDENT query response. [Timeout.ident]
confTO_FILEOPEN: Default is 60s. Maximum time to wait for a file open. [Timeout.fileopen]
confTO_QUEUERETURN: Default is 5d. Time until a message is returned from the queue as undeliverable. [Timeout.queuereturn]
confTO_QUEUERETURN_NORMAL: “Undeliverable” timeout for normal priority messages. [Timeout.queuereturn.normal]
confTO_QUEUERETURN_URGENT: “Undeliverable” timeout for urgent priority messages. [Timeout.queuereturn.urgent]
confTO_QUEUERETURN_NONURGENT: “Undeliverable” timeout for low priority messages. [Timeout.queuereturn.non-urgent]
confTO_QUEUEWARN: Default is 4h. Time until a “still queued” warning is sent about a message. [Timeout.queuewarn]
confTO_QUEUEWARN_NORMAL: Time until a “still queued” warning is sent for normal priority messages. [Timeout.queuewarn.normal]
confTO_QUEUEWARN_URGENT: Time until a “still queued” warning is sent for urgent priority messages. [Timeout.queuewarn.urgent]
confTO_QUEUEWARN_NONURGENT: Time until a “still queued” warning is sent for low priority messages. [Timeout.queuewarn.non-urgent]
confTO_HOSTSTATUS: Default is 30m. Time for stale host status information. [Timeout.hoststatus]
confTIME_ZONE: Default is USE_SYSTEM. Sets time zone from the system (USE_SYSTEM) or the TZ variable (USE_TZ). [TimeZoneSpec]
confDEF_USER_ID: Default is 1:1. Default user ID and group ID. [DefaultUser]
confUSERDB_SPEC: Path of the user database file. [UserDatabaseSpec]
confFALLBACK_MX: Backup MX host. [FallbackMXhost]
confTRY_NULL_MX_LIST: Default is False. Instructs system to connect to the remote host directly if the MX points to the local host. [TryNullMXList]
confQUEUE_LA: Default is 8. Sends mail directly to the queue when this load average is reached. [QueueLA]
confREFUSE_LA: Default is 12. Refuses incoming SMTP connections at this load average. [RefuseLA]
confMAX_DAEMON_CHILDREN: If set, refuses connection when this number of children is reached. [MaxDaemonChildren]
confCONNECTION_RATE_THROTTLE: Maximum number of connections permitted per second, if set. [ConnectionRateThrottle]
confWORK_RECIPIENT_FACTOR: Default is 30000. Factor used to lower the priority of a job for each additional recipient. [RecipientFactor]
confSEPARATE_PROC: Default is False. Delivers messages with separate processes. [ForkEachJob]
confWORK_CLASS_FACTOR: Default is 1800. The factor used to favor a high-priority job. [ClassFactor]
confWORK_TIME_FACTOR: Default is 90000. Factor used to lower the priority of a job for each delivery attempt. [RetryFactor]
confQUEUE_SORT_ORDER: Default is Priority. Sorts queue by Priority or Host order. [QueueSortOrder]
confMIN_QUEUE_AGE: Default is 0. Minimum time a job must be queued. [MinQueueAge]
confDEF_CHAR_SET: Default is unknown-8bit. Default character set for unlabeled 8-bit MIME data. [DefaultCharSet]
confSERVICE_SWITCH_FILE: Default is /etc/service.switch. The path to the service switch file. [ServiceSwitchFile]
confHOSTS_FILE: Default is /etc/hosts. The path to the hostnames file. [HostsFile]
confDIAL_DELAY: Default is 0s. Amount of time to delay before retrying a “dial on demand” connection. 0s means “don’t retry.” [DialDelay]
confNO_RCPT_ACTION: Default is none. Handling for mail with no recipient headers: do nothing (none); add To: header (add-to); add Apparently-To: header (add-apparently-to); add a Bcc: header (add-bcc); add “To: undisclosed-recipients” header (add-to-undisclosed). [NoRecipientAction]
confSAFE_FILE_ENV: Default is undefined. chroot( ) to this directory before writing files. [SafeFileEnvironment]
confCOLON_OK_IN_ADDR: Default is True. Treats colons as regular characters in addresses. [ColonOkInAddr]
confMAX_QUEUE_RUN_SIZE: Default is 0. Limits the number of entries processed in a queue run. means no limit. [MaxQueueRunSize]
confDONT_EXPAND_CNAMES: Default is False. If true, don’t convert nicknames to canonical names. False means to convert. [DontExpandCnames]
confFROM_LINE: Default is From $g $d. The format of the Unix From: line. [UnixFromLine]
confOPERATORS: Default is .:%@!^/[]+. Address operator characters. [OperatorChars]
confSMTP_LOGIN_MSG: Default is $j sendmail $v/$Z; $b. The SMTP greeting message. [SmtpGreetingMessage]
confDONT_INIT_GROUPS: Default is False. If true, disable the initgroups(3) routine. False means to use the initgroups(3) routine. [DontInitGroups]
confUNSAFE_GROUP_WRITES: Default is False. If true, don’t reference programs or files from group-writable : include : and .forward files. [UnsafeGroupWrites]
confDOUBLE_BOUNCE_ADDRESS: Default is postmaster. When errors occur sending an error message, send the second error message to this address. [DoubleBounceAddress]
confRUN_AS_USER: Default is undefined. Run as this user to read and deliver mail. [RunAsUser]
confSINGLE_THREAD_DELIVERY: Default is False. Force single-threaded mail delivery when set with HostStatusDirectory. [SingleThreadDelivery]
confALLOW_BOGUS_HELO: Defines normally illegal special characters that will be allowed in the DNS hostname on a HELO or EHLO command line. [AllowBogusHELO]
confAUTH_MECHANISMS: Defines a space-separated list of authentication mechanisms that will be advertised by this server. Possible values are GSSAPI, KERBEROS_V4, DIGEST-MD5, and CRAM-MD5. [AuthMechanisms]
confAUTH_OPTIONS: The AUTH= argument is added to the MAIL FROM header only when authentication succeeds if this is set to A. [AuthOptions]
confCACERT: Identifies a file containing a cryptographic certificate from a certificate authority. [CACERTFile]
confCACERT_PATH: Defines the path to the directory that contains the cryptographic certificates. [CACERTPath]
confCLIENT_CERT: Identifies the file containing the cryptographic certificate sendmail uses when it acts as client. [ClientCertFile]
confCLIENT_KEY: Identifies the file containing the private key associated with the certificate used when sendmail acts as a client. [ClientKeyFile]
confCLIENT_OPTIONS: Defines the port options used for outbound SMTP client connections. [ClientPortOptions]
confCONNECT_ONLY_TO: Limits connectivity. Used for testing by the sendmail developers. This is not used in production environments. [ConnectOnlyTo]
confCONTROL_SOCKET_NAME: Defines a socket used for managing the sendmail daemon. [ControlSocketName]
confCR_FILE: Points to the file that lists the hosts for which this server will relay mail. Defaults to /etc/mail/relay-domains. [$=R]
confDEAD_LETTER_DROP: Defines the file where failed messages that could not be returned to the sender or sent to the postmaster are saved. [DeadLetterDrop]
confDEF_AUTH_INFO: Identifies the file that contains the authentication information used for outbound connections. [DefaultAuthInfo]
confDF_BUFFER_SIZE: Defines the maximum amount of buffer memory that will be used before a disk file is used. [DataFileBufferSize]
confDH_PARAMETERS: Identifies the file that contains the DH parameters for the DSA/DH digital signature algorithm. [DHParameters]
confDONT_BLAME_SENDMAIL: Tells sendmail to perform certain file security checks. By default, all checks are performed. This option weakens the security of your server. See the DontBlameSendmail option later in this appendix for a full list of the values that can be used with this parameter. [DontBlameSendmail]
confDONT_PROBE_INTERFACES: Tells sendmail not to automatically accept the addresses of the server’s network interfaces as valid addresses if set to true. Defaults to false. [DontProbeInterface]
confEBINDIR: Defines the directory where executables for FEATURE(`local_lmtp') and FEATURE(`smrsh') are stored. The default directory is /usr/libexec.
confLDAP_DEFAULT_SPEC: Defines the defaults used for LDAP databases unless specifically overridden by a K command for an individual map. [LDAPDefaultSpec]
confMAX_ALIAS_RECURSION: Aliases can refer to other aliases. This sets the maximum depth that alias references can be nested. The default is 10. [MaxAliasRecursion]
confMAX_HEADERS_LENGTH: Defines the maximum length of the sum of all headers in bytes. [MaxHeadersLength]
confMAX_MIME_HEADER_LENGTH: Defines the maximum length of MIME headers. [MaxMimeHeaderLength]
confMAX_RCPTS_PER_MESSAGE: Defines the maximum number of recipients allowed for a piece of mail. [MaxRecipientsPerMessage]
confMUST_QUOTE_CHARS: Adds characters to the list of characters that must be quoted when they are included in the user’s full name ($x). The characters @,;:\( )[] are always quoted. By default . and ` are added to the list. [MustQuoteChars]
confPID_FILE: Specifies the path of the PID file. [PidFile]
confPROCESS_TITLE_PREFIX: Identifies the string used on this system as the prefix for the process title in ps listings. [ProcessTitlePrefix]
confRAND_FILE: Identifies the file that contains random data needed by STARTTLS if sendmail was not compiled with the HASURANDOM flag. [RandFile]
confREJECT_MSG: Defines the message displayed when mail is rejected because of the access control database. Defaults to “550 Access denied”.
confRRT_IMPLIES_DSN: True tells sendmail to interpret a Return-Receipt-To: header as a request for delivery status notification (DSN). The default is false. [RrtImpliesDsn]
confSERVER_CERT: Identifies the file that contains the cryptographic certificate used when this system acts as server. [ServerCertFile]
confSERVER_KEY: Identifies the file that contains the private key associated with the cryptographic certificate used when this system acts as server. [ServerKeyFile]
confSINGLE_LINE_FROM_HEADER: True forces a multiline From: line to a single line. The default is false. [SingleLineFromHeader]
confTO_RESOLVER_RETRANS: Defines, in seconds, the retransmission timer for all resolver lookups. [Timeout.resolver.retrans]
confTO_RESOLVER_RETRANS_FIRST: Defines, in seconds, the retransmission timer for the resolver lookup for the first attempt to deliver a message. [Timeout.resolver.retrans.first]
confTO_RESOLVER_RETRANS_NORMAL: Defines, in seconds, the retransmission timer for all resolver lookups after the first attempt to deliver a message. [Timeout.resolver.retrans.normal]
confTO_RESOLVER_RETRY: Defines the total number of times to retry a resolver query. [Timeout.resolver.retry]
confTO_RESOLVER_RETRY_FIRST: Defines the number of times the resolver query for the first delivery attempt is retried. [Timeout.resolver.retry.first]
confTO_RESOLVER_RETRY_NORMAL: Defines the number of times to retry resolver queries after the first delivery attempt. [Timeout.resolver.retry.normal]
confTRUSTED_USER: Defines the user who controls the sendmail daemon and owns the files created by sendmail. Do not confuse this option with confTRUSTED_USERS. [TrustedUser]
confXF_BUFFER_SIZE: Defines the maximum amount of buffer memory that can be used for a transcript file before the file must be written to disk. The default is 4096 bytes. [XScriptFileBufferSize]

define macros are the most common macros in the m4 source files. The next most commonly used macro is the FEATURE macro.

FEATURE

The FEATURE macro processes m4 source code from the cf/feature directory. Source files in that directory define optional sendmail features that you may wish to include in your configuration. The syntax of the FEATURE macro is:

FEATURE(name, [argument])

The FEATURE source file can be called with or without an optional argument. If an argument is passed to the source file, the argument is used by the source file to generate code for the sendmail.cf file. For example:

FEATURE(`mailertable', `hash /etc/mail/mailertable')

generates the code for accessing the mailertable and defines that table as being a hash database located in the file /etc/mail/mailertable.

There are several features available in sendmail V8. They are all listed in Table E-3. The table provides the name of each feature and its purpose.

Table E-3. sendmail features

Name	Purpose
use_cw_file	Load $=w from /etc/mail/local-host-names.
use_ct_file	Load $=t from /etc/mail/trusted-users.
relay_based_on_MX	Relay mail for any site whose MX points to this server.
relay_entire_domain	Relay mail for any host in your domain.
relay_hosts_only	Only relay mail for hosts listed in the access database.
relay_local_from	Relay mail if the source is a local host.
relay_mail_from	Relay mail if the sender is listed as RELAY in the access database.
promiscuous_relay	Relay mail from any site to any site.
rbl	The obsolete Realtime Blackhole List feature has been replaced by dnsbl.
dnsbl	Reject mail from hosts listed in a DNS-based rejection list. Replaces rbl.
blacklist_recipients	Filter incoming mail based on values set in the access database.
delay_checks	Delay the check_mail and check_relay rulesets until check_rcpt is called.
loose_relay_check	Disable validity checks for addresses that use the % hack.
redirect	Support the .REDIRECT pseudo-domain.
no_default_msa	Allow the default configuration of the Message Submission Agent to be overridden by the DAEMON_OPTIONS macro.
nouucp	Don’t include UUCP address processing.
nocanonify	Don’t convert names with $[`name`$] syntax.
stickyhost	Treat “user” differently than “user@local.host”.^[a]
mailertable	Mail routing using a mailer table.
domaintable	Domain name mapping using a domain table.
access_db	Relay control using the access database.
bitdomain	Use a table to map bitnet hosts to Internet addresses.
uucpdomain	Use a table to map UUCP hosts to Internet addresses.
accept_unqualified_senders	Allow network mail from addresses that do not include a valid hostname.
accept_unresolvable_domains	Accept mail from hosts that are unknown to DNS.
always_add_domain	Add the local hostname to all locally delivered mail.
allmasquerade	Also masquerade recipient addresses.
limited_masquerade	Only masquerade hosts listed in $=M.
masquerade_entire_domain	Masquerade all hosts within the masquerading domains.
masquerade_envelope	Also masquerade envelope addresses. The default is to masquerade only header addresses.
genericstable	Use a table to rewrite local addresses.
generics_entire_domain	Map domain names identified in class `G` through the genericstable.
virtusertable	Map virtual domain names to real mail addresses.
virtuser_entire_domain	Map domain names through the virtusertable.
ldap_routing	Enable LDAP-based email routing.
nodns	Don’t include DNS support.
nullclient	Forward all mail to a central server.
local_lmtp	Use mail.local with LMTP support.
local_procmail	Use procmail as the local mailer.
bestmx_is_local	Accept mail as local when it is addressed to a host that lists us as its MX server.
smrsh	Use smrsh as the prog mailer.
^[a]See the discussion of “stickyhost” in the “DOMAIN” section later in this appendix.

The use_cw_file and the use_ct_file features are equivalent to Fw/etc/sendmail.cw and Fw/etc/sendmail.ct commands in the sendmail.cf file. See Chapter 10 for descriptions of host aliases ($=w) and trusted users ($=t).

The .REDIRECT pseudo-domain code returns an error message to the sender telling the sender to try a new address for the recipient. This is used to handle mail for people who no longer read mail at your site but who are still getting mail sent to a very old address. Enable this feature with the FEATURE(redirect) command and then add aliases for each obsolete mailing address in the form:

               old-address new-address.REDIRECT

For example, assume that Edward Winslow is no longer a valid user of crab.wrotethebook.com. Therefore, his old username, ed, should no longer accept mail. His new mailing address is WinslowE@industry.com. We enter the following alias in the /etc/aliases file:

 ed    WinslowE@industry.com.REDIRECT

Now when mail is sent to the ed account on crab, the following error is returned to the sender:

 551 User not local; please try <WinslowE@industry.com>

Several of the FEATURE macros actually remove features from the sendmail.cf file instead of adding them. nouucp removes the code to handle UUCP addresses for systems that do not have access to UUCP networks, and nodns removes the code for DNS lookups for systems that do not have access to DNS. nocanonify disables the $[ name]$ syntax that converts nicknames and IP addresses to canonical names. Finally, the nullclient feature strips everything out of the configuration except for the ability to forward mail to a single mail server via a local SMTP link. The name of the mail server is provided as the argument on the nullclient command line. For example, FEATURE(nullclient, ms.big.com) forwards all mail to ms.big.com without any local mail processing.

Several features relate to mail relaying and masquerading. Examples include stickyhost, relay_based_on_MX, allmasquerade, limited_masquerade, and masquerade_entire_domain. All of these features are covered in the “DOMAIN” section later in this appendix.

Several of the features define databases that are used to perform special address processing. All of these features accept an optional argument that defines the database. (See the sample mailertable command at the beginning of this section for an example of defining the database with the optional argument.) If the optional argument is not provided, the database description always defaults to hash -o /etc/mail/ filename, where filename matches the name of the feature. For example, mailertable defaults to the definition hash -o /etc/mail/mailertable. The database features are:

mailertable

Maps host and domain names to specific mailer:host pairs. If the host or domain name in the recipient addresses matches a key field in the mailertable database, it returns the mailer and host for that address. The format of mailertable entries is:

                        domain-name mailer
                        :
                        host

where domain-name is either a full hostname (host plus domain) or a domain name. If a domain name is used it must start with a dot (.), and it will match every host in the specified domain.

domaintable

Converts an old domain name to a new domain name. The old name is the key and the new name is the value returned for the key.

bitdomain

Converts a Bitnet hostname to an Internet hostname. The Bitnet name is the key and the Internet hostname is the value returned. The bitdomain program that comes with sendmail can be used to build this database.

uucpdomain

Converts a UUCP name to an Internet hostname. The key is the UUCP hostname and the value returned is the Internet hostname.

genericstable

Converts a sender email address. The key to the database is either a username or a full email address (username and hostname). The value returned by the database is the new email address. genericstable is often used to convert the same address as those processed for masquerading and thus the features that affect masquerading and those that affect the genericstable conversion are set to exactly the same values. If you use the genericstable and you use masquerading, set GENERICS_DOMAIN and GENERICS_DOMAIN_FILE to the same values as MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE.

virtusertable

Aliases incoming email addresses. Essentially, this is an extended alias database for aliasing addresses that are not local to this host. The key to the database is a full email address or a domain name. The value returned by the database is the recipient address to which the mail is delivered. If a domain name is used as a key, it must begin with an at-sign (@). Mail addressed to any user in the specified domain is sent to the recipient defined by the virtusertable database. Any hostname used as a key in the virtusertable database must also be defined in class w or class {VirtHost}. A hostname can be added to class w with the LOCAL_DOMAIN macro. Hostnames can be added to the {VirtHost} class using the VIRTUSER_DOMAIN macro. The {VirtHost} class can be loaded from a file using the VIRTUSER_DOMAIN_FILE macro.

Some features are important in the fight against spam because they help you control what mail your server will deliver or forward on for delivery. These are accept_unqualified_senders, accept_unresolvable_domains, access_db, blacklist_recipients, and dnsbl. The access database lists email sources and how mail from these sources should be treated. The dnsbl uses a special DNS database to reject mail from specific sources. The blacklist_recipients feature extends the access_db and dnsbl controls to email destinations as well as email sources. Two of the features, accept_unqualified_senders and accept_unresolvable_domains, weaken relay controls by allowing relaying for hosts or domains that cannot be found via DNS. Use care when adjusting these controls.

Two of the remaining FEATURE commands relate to domains. The always_add_domain macro makes sendmail add the local hostname to all locally delivered mail, even to those pieces of mail that would normally have just a username as an address. The bestmx_is_local feature accepts mail addressed to a host that lists the local host as its preferred MX server as if the mail was local mail. If this feature is not used, mail bound for a remote host is sent directly to the remote host even if its MX record lists the local host as its preferred MX server. The bestmx_is_local feature should not be used if you use a wildcard MX record for your domain.

The last two features are used to select optional programs for the local and the prog mailers. local_procmail selects procmail as the local mailer. Provide the path to procmail as the argument in the FEATURE command. The smrsh feature selects the sendmail Restricted SHell (smrsh) as the prog mailer. smrsh provides improved security over /bin/sh, which is normally used as the prog mailer. Provide the path to smrsh as the argument in the FEATURE command.

The FEATURE commands discussed in this section and the define macros discussed previously are used to build the m4 source files. The following sections describe the purpose and structure of the OSTYPE, DOMAIN, and MAILER source files.

OSTYPE

The source file for the OSTYPE macro defines operating system-specific parameters. Many operating systems are predefined. Look in the sendmail/cf/ostype directory for a full listing of the systems that are already defined.

OSTYPE source files are mostly composed of define macros. Table E-4 lists the define parameters most frequently associated with the OSTYPE source file and the function of each parameter. If a default value is assigned to a parameter, it is shown enclosed in square brackets after the functional description.

Table E-4. OSTYPE defines

Parameter	Function
ALIAS_FILE	Name of the alias file. [/etc/mail/aliases]
HELP_FILE	Name of the help file. [/etc/mail/helpfile]
QUEUE_DIR	Directory containing queue files. [/var/spool/mqueue]
STATUS_FILE	Name of the status file. [/etc/mail/statistics]
LOCAL_MAILER_PATH	The local mail delivery program. [/bin/mail]
LOCAL_MAILER_FLAGS	Local mailer flags added to “lsDFMAW5:/\|@q”. [Prmn9]
LOCAL_MAILER_ARGS	Arguments for local mail delivery. [mail -d $u]
LOCAL_MAILER_MAX	Maximum size of local mail.
LOCAL_MAILER_CHARSET	Character set for local 8-bit MIME mail.
LOCAL_MAILER_DSN_DIAGNOSTIC_CODE	The delivery status notification code used for local mail. [X-Unix]
LOCAL_MAILER_EOL	The end-of-line character for local mail.
LOCAL_MAILER_MAXMSG	The maximum number of messages delivered with a single connection.
LOCAL_SHELL_PATH	Shell used to deliver piped email. [/bin/sh]
LOCAL_SHELL_FLAGS	Flags added to lsDFM for the shell mailer. [eu9]
LOCAL_SHELL_ARGS	Arguments for the “prog” mail. [sh -c $u]
LOCAL_SHELL_DIR	Directory in which the shell should run. [$z:/]
USENET_MAILER_PATH	Program used for news. [/usr/lib/news/inews]
USENET_MAILER_FLAGS	Usenet mailer flags. [rDFMmn]
USENET_MAILER_ARGS	Arguments for the usenet mailer. [-m -h -n]
USENET_MAILER_MAX	Maximum size of usenet mail messages. [100000]
SMTP_MAILER_FLAGS	Flags added to “mDFMuX” for all SMTP mailers.
SMTP_MAILER_MAX	Maximum size of messages for all SMTP mailers.
SMTP_MAILER_ARGS	smtp mailer arguments. [IPC $h]
ESMTP_MAILER_ARGS	esmtp mailer arguments. [IPC $h]
DSMTP_MAILER_ARGS	dsmtp mailer arguments. [IPC $h]
SMTP8_MAILER_ARGS	smtp8 mailer arguments. [IPC $h]
RELAY_MAILER_ARGS	relay mailer arguments. [IPC $h]
RELAY_MAILER_FLAGS	Flags added to “mDFMuX” for the relay mailer.
RELAY_MAIL_MAXMSG	The maximum number of messages for the relay mailer delivered by a single connection.
SMTP_MAILER_CHARSET	Character set for SMTP 8-bit MIME mail.
SMTP_MAIL_MAXMSG	The maximum number of SMTP messages delivered by a single connection.
UUCP_MAILER_PATH	Path to the UUCP mail program. [/usr/bin/uux]
UUCP_MAILER_FLAGS	Flags added to “DFMhuU” for the UUCP mailer.
UUCP_MAILER_ARGS	UUCP mailer arguments. [uux - -r -z -a$g -gC $h!rmail ($u)]
UUCP_MAILER_MAX	Maximum size for UUCP messages. [100000]
UUCP_MAILER_CHARSET	Character set for UUCP 8-bit MIME mail.
FAX_MAILER_PATH	Path to the FAX program. [/usr/local/lib/fax/mailfax]
FAX_MAILER_ARGS	FAX mailer arguments. [mailfax $u $h $f]
FAX_MAILER_MAX	Maximum size of a FAX. [100000]
POP_MAILER_PATH	Path of the POP mailer. [/usr/lib/mh/spop]
POP_MAILER_FLAGS	Flags added to “lsDFMq” for the POP mailer. [Penu]
POP_MAILER_ARGS	POP mailer arguments. [pop $u]
PROCMAIL_MAILER_PATH	Path to the procmail program. [/usr/local/bin/procmail]
PROCMAIL_MAILER_FLAGS	Flags added to “DFM” for the Procmail mailer. [SPhnu9]
PROCMAIL_MAILER_ARGS	Procmail mailer arguments. [procmail -Y -m $h $f $u]
PROCMAIL_MAILER_MAX	Maximum size message for the Procmail mailer.
MAIL11_MAILER_PATH	Path to the mail11 mailer. [/usr/etc/mail11]
MAIL11_MAILER_FLAGS	Flags for the mail11 mailer. [nsFx]
MAIL11_MAILER_ARGS	mail11 mailer arguments. [mail11 $g $x $h $u]
PH_MAILER_PATH	Path to the phquery program. [/usr/local/etc/phquery]
PH_MAILER_FLAGS	Flags for the phquery mailer. [ehmu]
PH_MAILER_ARGS	phquery mailer arguments. [phquery -- $u]
QPAGE_MAILER_ARGS	qpage mailer arguments. [qpage -10 -m -P$u`]`
QPAGE_MAILER_FLAGS	Flags for the qpage mailer. [mDFMs]
QPAGE_MAILER_MAX	Maximum qpage mailer message size. [4096]
QPAGE_MAILER_PATH	Path to the qpage mailer. [/usr/local/bin/qpage]
CYRUS_MAILER_FLAGS	Flags added to “lsDFMnPq” for the cyrus mailer. [A5@/:\|]
CYRUS_MAILER_PATH	Path to the cyrus mailer. [/usr/cyrus/bin/deliver]
CYRUS_MAILER_ARGS	cyrus mailer arguments. [deliver -e -m $h -- $u]
CYRUS_MAILER_MAX	Maximum size message for the cyrus mailer.
CYRUS_MAILER_USER	User and group used for the cyrus mailer. [cyrus:mail]
CYRUS_BB_MAILER_FLAGS	Flags added to “lsDFMnP” for the cyrusbb mailer.
CYRUS_BB_MAILER_ARGS	cyrusbb mailer arguments. [deliver -e -m $u]

Despite the long list of parameters in Table E-4, most OSTYPE macros are very short. There are a few reasons for this. First, many of the parameters in the table are redundant. They define the same things for different mailers, and no operating system uses all of the mailers. Second, the default values are often correct. A define only needs to be made if the operating system requires a value different from the default.

DOMAIN

The DOMAIN source file defines configuration parameters that are related to the local domain. Chapter 10 provides an example of a DOMAIN file built for the imaginary wrotethebook.com domain.

Table E-5 shows some define macros that commonly appear in DOMAIN files. (See the syntax of the define macro earlier.) This table lists the parameters and the function of each parameter. All of these parameters are used to define mail relay hosts. The value provided for each parameter is either a hostname, i.e., the name of a mail relay server, or a mailer:hostname pair where the mailer is the internal name of a local sendmail mailer and the hostname is the name of the remote mail relay server. If only a hostname is used, the mailer defaults to relay, which is the name of the SMTP relay mailer. If no values are provided for these parameters, the BITNET, DECNET, and FAX pseudo-domains are not used, and the local host must be able to handle its own UUCP and “local” mail.

Table E-5. Mail relay define macros

Parameter	Function
UUCP_RELAY	Server for UUCP-addressed email
BITNET_RELAY	Server for BITNET-addressed email
DECNET_RELAY	Server for DECNET-addressed email
FAX_RELAY	Server for mail to the .FAX pseudo-domain^[a]
LOCAL_RELAY	Server for unqualified names
LUSER_RELAY	Server for apparently local names that really aren’t local
MAIL_HUB	Server for all incoming mail
SMART_HOST	Server for all outgoing mail
^[a]The “fax” mailer overrides this value.

The precedence of the relays defined by these parameters is from the most specific to the least specific. If both the UUCP_RELAY and the SMART_HOST relay are defined, the UUCP_RELAY is used for outgoing UUCP mail even though the SMART_HOST relay is defined as handling “all” outgoing mail. If you define both LOCAL_RELAY and MAIL_HUB, you must also use the FEATURE(stickyhost) command to get the expected behavior.

When the stickyhost feature is specified, LOCAL_RELAY handles all local addresses that do not have a host part, and MAIL_HUB handles all local addresses that do have a host part. If stickyhost is not specified and both relays are defined, the LOCAL_RELAY is ignored and MAIL_HUB handles all local addresses.

In addition to the defines shown in Table E-5, there is a group of macros that relate to masquerading and relaying that also appear in the DOMAIN source file. Some of these are used in the examples in Chapter 10. The macros are:

LOCAL_USER( usernames ): Defines local usernames that should not be relayed even if LOCAL_RELAY or MAIL_HUB is defined. This command is the same as adding usernames to class L in the sendmail.cf file.
MASQUERADE_AS( host.domain ): Converts the host portion of the sender address on outgoing mail to the domain name defined by host.domain. Sender addresses that have no hostname or that have a hostname found in the w class are converted. This has the same effect as defining host.domain for the M macro in the sendmail.cf file. See examples of MASQUERADE_AS and macro M in Chapter 10.
MASQUERADE_DOMAIN( otherhost.domain ): Converts the host portion of the sender address on outgoing mail to the domain name defined by the MASQUERADE_AS command, if the host portion of the sender address matches otherhost.domain. This command must be used in conjunction with MASQUERADE_AS. Its effect is the same as adding hostnames to class M in the sendmail.cf file. See Chapter 10.
MASQUERADE_DOMAIN_FILE( filename ): Loads otherhost.domain hostnames from the file identified by filename. This can be used in place of multiple MASQUERADE_DOMAIN commands. Its effect is the same as loading class M from a file by using the FM filename command in the sendmail.cf file.
MASQUERADE_EXCEPTION( host . domain ): This macro defines a host that is not masqueraded, even if it belongs to a domain that is being masqueraded. This allows you to masquerade an entire domain with the MASQUERADE_DOMAIN macro and then exempt a few hosts that should be exposed to the outside world.
EXPOSED_USER( username ): Disables masquerading when the user portion of the sender address matches username. Some usernames, such as root, occur on many systems and are therefore not unique across a domain. For those usernames, converting the host portion of the address makes it impossible to sort out where the message really came from and makes replies impossible. This command prevents the MASQUERADE_AS command from having an effect on the sender addresses for specific users. This is the same as setting the values in class E in the sendmail.cf file.
RELAY_DOMAIN( otherhost . domain ): This macro identifies a host for which mail should be relayed. The host identified in this manner is added to class R.
RELAY_DOMAIN_FILE( filename ): This macro identifies a file that contains a list of hosts for which mail should be relayed. This macro loads class R from the specified file.

There are several features that affect relaying and masquerading. We have already discussed FEATURE(stickyhost). Others are:

FEATURE(masquerade_envelope): Causes envelope addresses to be masqueraded in the same way that sender addresses are masqueraded. See Chapter 10 for an example of this command.
FEATURE(allmasquerade): Causes recipient addresses to be masqueraded in the same way that sender addresses are masqueraded. Thus, if the host portion of the recipient address matches the requirements of the MASQUERADE_AS command, it is converted. Don’t use this feature unless you are positive that every alias known to the local system is also known to the mail server that handles mail for the masquerade domain.
FEATURE(limited_masquerade): Limits masquerading to those hosts defined in class M. The hosts defined in class w are not masqueraded.
FEATURE(masquerade_entire_domain): Causes MASQUERADE_DOMAIN to be interpreted as referring to all hosts within an entire domain. If this feature is not used, only an address that exactly matches the value defined by MASQUERADE_DOMAIN is converted. If this feature is used, all addresses that end with the value defined by MASQUERADE_DOMAIN are converted. For example, assume that the options MASQUERADE_AS(wrotethebook.com) and MASQUERADE_DOMAIN(sales.wrotethebook.com) are defined. If FEATURE(masquerade_entire_domain) is set, every hostname in the sales.wrotethebook.com domain is converted to wrotethebook.com on outgoing email. Otherwise, only the hostname sales.wrotethebook.com is converted.

Some features define how the server handles mail if it is the mail relay server. These features, which are mentioned in the “FEATURE” section earlier in this appendix, are:

FEATURE(access_db): Adds the code necessary to use the access database. The access database maps a user, a domain name, or an IP address to a keyword that tells sendmail how to handle relaying for the host, domain, or network.
FEATURE(blacklist_recipient): Uses the access database to control delivery of mail based on the recipient address. The basic access_db feature controls relaying and delivery based on the source of the message. This feature adds to that the ability to control mail relaying and delivery based on the destination.
FEATURE(dnsbl): Controls mail delivery based on a DNS blacklist. Source addresses and destination addresses listed in the DNS blacklist database may be denied mail delivery or relay services.
FEATURE(promiscuous_relay): Relays mail from any site to any site. Normally, sendmail does not relay mail. Mail relays can be abused by spammers and spoofers. Enable them with caution.
FEATURE(relay_entire_domain): Relays mail from any domain defined in class M to any site.
FEATURE(relay_hosts_only): Relays mail from any host defined in the access database or in class R.
FEATURE(relay_based_on_MX): Relays mail from any site for which your system is the MX server.
FEATURE(relay_local_from): Relays mail with a sender address that contains your local domain name.

Inbound mail can also be filtered to reduce the impact of spammers. Two macros are available for this purpose:

MAIL_FILTER(` name ', ` equates' ): This macro defines a mail filter using the Sendmail Mail Filter API syntax.
INPUT_MAIL_FILTER(` name' , ` equates' ): This macro defines a mail filter and sets up the call for that mail filter.

The DOMAIN source file is also used for features and macros that directly relate to DNS. These features are:

FEATURE(accept_unqualified_senders): This feature accepts mail even if the sender address does not include a hostname. Normally, only mail from a user directly logged on to the system is accepted without a hostname. This is a dangerous feature that should be used only on an isolated network.
FEATURE(accept_unresolvable_domains): This feature accepts mail from hostnames that cannot be resolved by DNS. This is a dangerous feature that is used only on systems that lack full-time DNS service.
FEATURE(always_add_domain): This feature adds the hostname of the system to all local mail. With this feature enabled on a server named crab@wrotethebook.com, mail from the local user craig to the local user kathy would be delivered as mail from craig@crab@wrotethebook.com to kathy@crab@wrotethebook.com.
FEATURE(bestmx_is_local): With this feature, mail addressed to any host that lists the local server as its MX server is accepted by the server as local mail.

The DNS macros are:

CANONIFY_DOMAIN( domain ): This macro defines a domain name that will be passed to DNS for conversion to its canonical form even if the nocanonify feature is in use. Computers can be known by aliases. The official domain name of a host stored in DNS is called its canonical name. This macro is generally used to enable canonification of the local domain when nocanonify is in use.
CANONIFY_DOMAIN_FILE( filename ): This macro identifies a file containing a list of domain names that should be converted to canonical form even if nocanonify has been selected.
LOCAL_DOMAIN( alias-hostname ): This macro defines an alias for the local host. Mail addressed to the alias will be accepted as if it were addressed directly to the local host.

The macros and features described in this section are not limited to the DOMAIN source file. They can appear in any m4 source file, and, in fact, are often found in the macro control file. However, they are most naturally associated with the DOMAIN file as indicated by the documentation in the cf/cf/README file.

MAILER

It is possible that you will need to customize a file location in an OSTYPE file or that define domain-specific information in a DOMAIN file, but unless you develop your own mail delivery program you will not need to create a MAILER source file. Instead, you will need to invoke one or more existing files in your macro configuration file.

The available MAILER files are listed in Table E-6. This table lists each MAILER value and its function. These are invoked using the MAILER( value ) command in the macro configuration (.mc) file, where value is one of the mailer names from the table.

Table E-6. MAILER values

Name	Function
local	The local and prog mailers
smtp	All SMTP mailers: smtp, esmtp, smtp8, and relay
uucp	All UUCP mailers: uucp-old (uucp) and uucp-new (suucp)
usenet	Usenet news support
fax	Fax support using FlexFAX software
pop	Post Office Protocol (POP) support
procmail	An interface for procmail
mail11	The DECnet mail11 mailer
phquery	The phquery program for CSO phone book
qpage	The QuickPage mailer used to send email to a pager
cyrus	The cyrus and cyrusbb mailers

Your macro configuration file should have a MAILER(local) and a MAILER(smtp) entry. This gives you the local and prog mailers required by sendmail, the smtp mailer for standard SMTP mail, the esmtp mailer for Extended SMTP, the smtp8 mailer for 8-bit MIME mail, and the relay mailer for the various mail relay servers mentioned in the “DOMAIN” section of this appendix. Selecting local and smtp provides everything you need for a standard TCP/IP installation.

Of all the remaining mailers, only uucp is widely used. uucp provides UUCP mail support for systems directly connected to UUCP networks. The uucp-old mailer supports standard UUCP mail, and the uucp-new mailer is used for remote sites that can handle multiple recipients in one transfer. The system needs the mailer that is correct for the capabilities of the remote site. Use class U to define the hostnames of systems that need the old mailer, and class Y for the names of remote systems that can work with the new mailer. Specify MAILER(uucp) after the MAILER(smtp) entry if your system has both TCP/IP and UUCP connections. Ordering the MAILER statements in this way adds two more mailers to the two standard UUCP mailers: the uucp-dom mailer to support standard domain names, and the uucp-uudom mailer to support standard domain names with a standard UUCP envelope.

The other mailers are rarely used:

usenet: Modifies the sendmail rewrite rules to send local mail that contains “.usenet” in the username to the program inews. Instead of this mailer, choose a user mail agent that supports Usenet news. Don’t hack sendmail to handle it.
fax: This is an experimental mailer that supports HylaFax software.
pop: On most systems, POP support is provided separately by the popd daemon, and the MAILER(pop) command is not used.
procmail: Only provides an interface to procmail for use in the mailertable. The sendmail V8 distribution does not provide procmail. Even when procmail is used as the local mailer, as it is in Slackware Linux, the MAILER(procmail) command is not required.
mail11: Only used on DECNET mail networks that use the mail11 mailer.
phquery: Provides a name lookup program for the CSO phone book (ph) directory service. User directory services are usually configured in the user mail agent, not in sendmail.
qpage: Provides an interface from email to pagers using the QuickPage program.
cyrus: This is a local mail delivery program with a mailbox architecture. cyrus and cyrusbb mailers are not widely used.

This concludes our discussion of m4 macros. The output of all of the files and commands that go into the m4 processor is a sendmail.cf file. The remainder of this appendix provides additional details about the sendmail.cf configuration. The bulk of information about sendmail.cf is found in Chapter 10.

More sendmail.cf

Many options and flags can be used in configuring the sendmail.cf file. All of the important configuration parameters are covered in Chapter 10. But if you are unlucky enough to have a configuration that requires you to tweak one of the more obscure parameters, you will find all of them in the following tables.

sendmail Macros

The sendmail.cf file contains a large number of macro variables. Macros are useful because they can store values specific to your configuration and yet be referenced by a macro name that is independent of your configuration. This makes it possible to use a configuration file that is essentially the same on many different systems simply by varying the value stored in the macro. This appendix lists all of the internal sendmail macros in two tables. Table E-7 lists all of the macros that use single-character names.

Table E-7. Macros with single-character names

Macro	Contents
a	The date and time the mail was sent.
b	The current date in RFC 822 format.
B	The name of the Bitnet relay.
c	The number of times the mail has been forwarded.
C	The name of the DECnet relay.
d	The current date and time in ctime format.
E	Reserved for an X.400 relay.
f	The sender address.
F	The name of the FAX relay.
g	The sender address written as a full return address.
h	The recipient host.
H	The name of the mail hub.
i	The queue identifier.
j	The fully qualified domain name of the local computer.
k	The local system’s UUCP node name.
L	The name of the LUSER_RELAY.
m	The name of the local domain.
M	The name used to masquerade outbound mail.
n	The sender name used for error messages.
p	The PID of the sendmail process running as a mail delivery agent.
r	The protocol used when the message was first received.
R	The name of the LOCAL_RELAY.
s	The hostname of the sender’s machine.
S	The name of the SMART_HOST relay.
t	A numeric representation of the current date and time.
u	The username of the recipient.
U	A local UUCP name that overrides the value of `$k`.
v	The version number of sendmail that is running.
V	The name of the UUCP relay for class `V` hosts.
w	The hostname of the local system.
W	The name of the UUCP relay for class `W` hosts.
x	The full name of the sender.
X	The name of the UUCP relay for class `X` hosts.
Y	The name of the UUCP relay for all other hosts.
z	The home directory of the recipient.
Z	The version number.
_	Sender address validated by identd.

The current version of sendmail allows macros to have multi-character names. Table E-8 lists the macros that use long names.

Table E-8. Reserved macros with long names

Macro	Contents
{auth_authen}	Identity of the authenticated user.
{auth_author}	Source of the authentication.
{auth_ssf}	The number of bits in the encryption key used by AUTH.
{auth_type}	The type of authentication mechanism used.
{bodytype}	The values from the ESMTP BODY parameter.
{cert_issuer}	The distinguished name of the certificate authority.
{cert_subject}	The distinguished name of the subject of the certificate.
{cipher_bits}	The length of the encryption key used for the connection.
{cipher}	The encryption technique used for the connection.
{client_addr}	The IP address of the remote client connected to TCP port 25.
{client_name}	The canonical name of the client connected to TCP port 25.
{client_port}	The source port number used by the remote client.
{client_resolve}	The keyword OK, FAIL, Forged or TEMP that indicates the result of a reverse DNS lookup using the client’s IP address.
{currHeader}	The contents of the current header during header processing.
{daemon_addr}	The IP address of the network interface from which the daemon accepts mail. Normally 0.0.0.0 to indicate all interfaces.
{daemon_family}	The protocol family being used. Normally inet to indicate TCP/IP. Other values are inet6, iso, and ns.
{daemon_flags}	The flags set by the DaemonPortOption command, if any.
{daemon_info}	General information about the daemon.
{daemon_name}	The daemon name, which is usually Daemon1 unless a daemon name is defined by the DaemonPortOptions command.
{daemon_port}	The port that the daemon is listening on, usually 25.
{deliveryMode}	The current delivery mode.
{envid}	The DSN ENVID value from the Mail From: header.
{hdrlen}	The length of the string stored in {currHeader}.
{hdr_name}	The name of the current header during header processing.
{if_addr}	The IP address of the network interface used by the current incoming connection.
{if_name}	The hostname assigned to the network interface used by the current incoming connection.
{mail_addr}	The user’s mail address from the mail delivery triple created from the MAIL From: envelope header.
{mail_host}	The hostname from the mail delivery triple created from the MAIL From: envelope header.
{mail_mailer}	The mailer name from the mail delivery triple created from the MAIL From: envelope header.
{MessageIdCheck}	The value from the incoming Message-Id: header.
{ntries}	The number of delivery attempts.
{opMode}	The operating mode from the sendmail command line.
{queue_interval}	The length of time between queue runs defined by the -q command-line option.
{rcpt_addr}	The user’s mail address from the mail delivery triple created from the RCPT To: envelope header.
{rcpt_host}	The hostname from the mail delivery triple created from the RCPT To: envelope header.
{rcpt_mailer}	The mailer name from the mail delivery triple created from the RCPT To: envelope header.
{server_addr}	The IP address of the remote server for the outgoing connection.
{server_name}	The name of the remote server for the outgoing connection.
{tls_version}	The TLS/SSL version used for the connection.
{verify}	The result of the verification process.

sendmail Classes

As the previous tables show, sendmail has many internal macros. It also has several internal classes. Most of these classes still use single-character names. A few use the newer long names. The full list of internal classes is shown in Table E-9.

Table E-9. Internal sendmail classes

Name	Contents
B	Domain names included in the bestmx-is-local process.
E	Usernames that should not be masqueraded.
G	Domains that should be looked up in the genericstable.
L	Local users that are not forwarded to MAIL_HUB or LOCAL_RELAY.
e	Supported MIME Content-Transfer-Encodings. Initialized to 7bit, 8bit, and binary.
k	The system’s UUCP node names.
M	Domains that should be masqueraded.
m	All local domains for this host.
n	MIME body types that should never be 8- to 7-bit encoded. Initialized to multipart/signed.
q	MIME Content-Types that should not be Base64-encoded. Initialized to text/plain.
N	Hosts and domains that should not be masqueraded.
O	Characters that cannot be used in local usernames.
P	Pseudo-domain names, such as REDIRECT.
R	Domains for which this system will relay mail.
s	MIME message subtypes that can be processed recursively. Initialized to rfc822.
t	The list of trusted users.
U	The UUCP hosts that are locally connected.
V	The UUCP hosts reached via the relay defined by `$V`.
W	The UUCP hosts reached via the relay defined by `$W`.
X	The UUCP hosts reached via the relay defined by `$X`.
Y	Directly connected “smart” UUCP hosts.
Z	Directly connected UUCP hosts that use domain names.
.	A literal dot (.).
[	A literal left bracket ([).
{LDAPRoute}	A list of domains that can be rerouted based on LDAP lookups.
{VirtHost}	A list of hosts and domains that are valid virtual hostnames.
w	All hostnames this system will accept as its own.

sendmail Options

A large number of sendmail options can be set inside the sendmail configuration file. Chapter 10 provides the syntax of the option command in Table 10-1 and several examples of options. The complete list of options is:

AliasFile=[ class :] file , [ class :] file ...

Identifies the alias file(s). class is optional and defaults to implicit. Valid classes are implicit, hash, dbm, stab (internal symbol table) or nis. The selected database class must be a database type that was compiled into sendmail on your system. file is the pathname of the alias file.

AliasWait= timeout

Wait timeout minutes for an “@:@” entry to appear in the alias database before starting up. When timeout expires, automatically rebuild the database if AutoRebuildAliases is set; otherwise, issue a warning.

AuthMechanisms= list

Advertise the listed authentication mechanisms.

AuthOptions= list

Lists the options supported with the SMTP AUTH argument.

AllowBogusHELO

Accept illegal HELO SMTP commands that don’t contain a hostname.

AutoRebuildAliases

Automatically rebuild the alias database when necessary. The preferred method is to rebuild the alias database with an explicit newaliases command.

BlankSub= c

Use c as the blank substitution character to replace unquoted spaces in addresses. The default is to leave the spaces unchanged.

CACERTFile= filename

Identifies the file that contains the certificate of a certificate authority.

CACERTPath= path

Defines the path to the directory that contains the certificates of various certificate authorities.

CheckAliases

Check that the delivery address in each alias is valid when rebuilding the alias database. Normally this check is not done. Adding this check slows the database build substantially. This is a Boolean.

CheckpointInterval= n

Checkpoint the queue after every n items are processed to simplify recovery if your system crashes during queue processing. The default is 10.

ClassFactor= fact

The multiplier used to favor messages with a higher value in the Priority: header. Defaults to 1800.

ClientCertFile= file

Identifies the file that contains the certificate used when this system acts as a client.

ClientKeyFile= file

Identifies the file that contains the private key used when this system acts as a client.

ClientPortOptions= options

Defines nonstandard settings used when this system acts as an SMTP client. options is a comma-separated list of keyword=value pairs. Valid keyword=value pairs are:

Port= port: Defines the source port number the client uses for outbound connections. port can be specified by number or name. If a name is used, the name must be defined in /etc/services. By default, the source port for an outbound connection is generated by the system for the connection.
Addr= address: Defines the address of the network interface the client uses for outbound connections. The value for address can be written in dotted decimal notation or as a name. By default, any available interface is used.
Family= protocol: Defines the protocol family used for the connection. inet, which is the default, is the protocol family for TCP/IP.
SndBufSize= bytes: Defines the size of the send buffer.
RcvBufSize= bytes: Defines the size of the receive buffer.
Modifier= flags: Defines the daemon flags for the client. Only one flag, h, is available. The h flag tells the client to use the name assigned to the interface on the SMTP HELO or EHLO command.

ColonOkInAddr

Accept colons in email addresses (e.g., host:user). Colons are always accepted in pairs in mail routing (nodename::user) or in RFC 822 group constructs (groupname: member1, member2, ...;). By default, this option is “on” if the configuration version level is less than 6.

ConnectionCacheSize= n

The number of connections that can be held open (cached) by this instantiation of sendmail. The default is 1. The maximum is 4. 0 causes connections to be closed immediately after the data is sent, which is the traditional way sendmail operated.

ConnectionCacheTimeout= timeout

The amount of time an inactive cached connection is held open. After timeout minutes of inactivity, it is closed. The default is 5 minutes.

ConnectionRateThrottle= n

Limits the number of incoming connections accepted in any 1-second period to n. The default is 0, which means no limit.

ConnectOnlyTo= address

Limits all SMTP connections to a single destination address. Used only for testing.

ControlSocketName= path

Defines the path of the Unix control socket used to manage daemon connections. By default, this is not defined.

DaemonPortOptions= options

Sets SMTP server options. The options are key=value pairs. The options are:

Port= portnumber

where portnumber is any valid port number. It can be specified with the number or the name found in /etc/services. The default is port 25, SMTP.

Addr= mask

where mask is an IP address mask specified either in dotted decimal notation or as a network name. The default is INADDR-ANY, which accepts all addresses.

Family= addressfamily

where addressfamily is a valid address family (see the ifconfig command). The default is INET, which allows IP addresses to be used.

Listen= n

where n is the number of queued connections allowed. The default is 10.

SndBufSize= n

where n is the send buffer size.

RcvBufSize= n

where n is the receive buffer size.

DataFileBufferSize= bytes

Defines the maximum amount of memory that can be used to buffer a data file.

DeadLetterDrop= file

Defines the file where messages that cannot be returned to the sender or sent to the postmaster account are stored.

DefaultAuthInfo= file

Defines the file that contains the authentication information needed for outbound connections.

DefaultCharSet= charset

The character set placed in the Content-Type: header when 8-bit data is converted to MIME format. The default is unknown-8bit. This option is overridden by the Charset= field of the mailer descriptor.

DefaultUser= user [: group ]

The default user ID and group ID for mailers without the S flag in their definitions. If group is omitted, the group associated with user in the /etc/passwd file is used. The default is 1:1.

DeliveryMode= x

Deliver in mode x, where x is i (interactive delivery), b (background delivery), q (queue the message), or d (defer until the queue run). The default is b.

DHParameters= parameters

Defines the DH parameters used for DSA/DH encryption.

DialDelay= delaytime

Delay delaytime seconds before redialing a failed connection on dial-on-demand networks. The default is 0 (no redial).

DontBlameSendmail= options

Disables sendmail’s file security checks. options is a comma-separated list of keywords that disable specific security checks. The values for this option are set by the confDONT_BLAME_SENDMAIL define command in the m4 source file. The valid keywords for the options list are:

AssumeSafeChown: Allow the chown command because it is only available to the root user.
ClassFileInUnsafeDirPath: Accept any directory path in an F command.
DontWarnForwardFileInUnsafeDirPath: Don’t issue a warning about an unsafe path for the .forward file.
ErrorHeaderInUnsafeDirPath: Accept the error header file regardless of its directory path.
FileDeliveryToHardLink: Permit delivery to a file that is really a hard link.
FileDeliveryToSymLink: Permit delivery to a file that is really a symbolic link.
ForwardFileInUnsafeDirPath: Accept a .forward file even if it is in an unsafe directory.
ForwardFileInUnsafeDirPathSafe: Accept program and file references from a .forward file even if it is in an unsafe directory.
ForwardFileIngroupWritableDirPath: Accept a .forward file even if it is in a group-writable directory.
GroupWritableAliasFile: Accept the aliases file even if it is group-writable.
GroupWritableDirPathSafe: Accept all group-writable directories as “safe.”
GroupWritableForwardFileSafe: Accept a .forward file even if it is group-writable.
GroupWritableIncludeFileSafe: Accept :include: files even if they are group-writable.
HelpFileinUnsafeDirPath: Accept the help file even if it is in an unsafe directory.
IncludeFileInUnsafeDirPath: Accept :include: files even if they are from unsafe directories.
IncludeFileInUnsafeDirPathSafe: Accept program and file references from :include: files even if they are in an unsafe directory.
IncludeFileIngroupWritableDirPath: Accept :include: files even if they are in a group-writable directory.
InsufficientEntropy: Use STARTTLS even if the random seed generator for SSL is inadequate.
LinkedAliasFileInWritableDir: Accept an aliases file that is a link in a writable directory.
LinkedClassFileInWritableDir: Load class values from files that are links in writable directories.
LinkedForwardFileInWritableDir: Accept .forward files that are links in writable directories.
LinkedIncludeFileInWritableDir: Accept :include: files that are links in writable directories.
LinkedMapInWritableDir: Accept database files that are links in writable directories.
LinkedServiceSwitchFileInWritableDir: Accept a service switch file that is a link in a writable directory.
MapInUnsafeDirPath: Accept database files that are in unsafe directories.
NonRootSafeAddr: Don’t flag file and program deliveries as unsafe when sendmail is not running as root.
RunProgramInUnsafeDirPath: Run programs that are in writable directories.
RunWritableProgram: Run programs that are group- or world-writable.
Safe: Leave all of the safety checks on. This is the default.
TrustStickyBit: Trust group- and world-writable directories if the sticky bit is set.
WorldWritableAliasFile: Accept the aliases file even if it is world-writable.
WriteMapToHardLink: Write to database files even if they are really hard links.
WriteMapToSymLink: Write to database files even if they are really symbolic links.
WriteStatsToHardLink: Write to the status file even if it is really a hard link.
WriteStatsToSymLink: Write to the status file even if it is really a symbolic link.

DontExpandCnames

Disable the $[ name $] syntax used to convert nicknames to canonical names.

DontInitGroups

Don’t use the initgroups(3) call. This setting reduces NIS server load, but limits a user to the group associated with that user in /etc/passwd.

DontProbeInterfaces

If set to true, this stops sendmail from adding the names and addresses of the network interfaces to class w. The default is false, so interface names and addresses are stored in class w.

DontPruneRoutes

Don’t optimize explicit mail routes. Normally, sendmail makes a route as direct as possible. However, optimizing the route may not be appropriate for systems located behind a firewall.

DoubleBounceAddress= error-address

Send the report of an error that occurs when sending an error message to error-address. The default is postmaster.

EightBitMode= action

Handle undeclared 8-bit data by following the specified action. The possible actions are: s (strict), reject undeclared 8-bit data; m (mime), convert it to MIME; and p (pass), pass it through unaltered.

ErrorHeader= file-or-message

Prepend file-or-message to outgoing error messages. If file-or-message is the path to a text file that is to be prepended, it must begin with a slash. If this option is not defined, nothing is prepended to error messages.

ErrorMode= x

Handle errors messages according to x, where x is: p (print messages); q (give exit status but no messages); m (mail back messages); w (write messages to the user’s terminal); or e (mail back messages and always give zero exit status). If this option is not defined, error messages are printed.

FallbackMXhost= fallbackhost

Use fallbackhost as a backup MX server for every host.

ForkEachJob

Run a separate process for every item delivered from the queue. This option reduces the amount of memory needed to process the queue.

ForwardPath= path

The path to search for .forward files. Multiple paths can be defined by separating them with colons. The default is $z/.forward.

HelpFile= file

The path to the help file.

HoldExpensive

Queue mail for outgoing mailers that have the e (expensive) mailer flag. Normally mail is delivered immediately.

HostsFile= path

The path to the hosts file. The default is /etc/hosts.

HostStatusDirectory= path

Directory in which host status information is stored so that it can be shared between sendmail processes. Normally, the status of a host or connection is only known by the process that discovers that status. To function, this option requires that ConnectionCacheSize be set to at least 1.

IgnoreDots

Ignore dots in incoming messages. Dots cannot be ignored by SMTP mail because they are used to mark the end of a mail message.

LDAPDefaultSpec= specification

The default specification used for LDAP databases.

LogLevel= n

n indicates the level of detail stored in the log file. n defaults to 9, which is normally plenty of detail.

MatchGECOS

Check the username from the email address against the GECOS field of the passwd file if it was not found in the alias database or in the username field of the passwd file. This option is not recommended.

MaxAliasRecursion= n

Aliases can point to other aliases before finally resolving to the actual mail address. This option defines how deep aliases can be nested before resolving to a mail address. The default for n is 10.

MaxDaemonChildren= n

Refuse connections when n children are processing incoming mail. Normally sendmail sets no arbitrary limit on child processes.

MaxHeadersLength= bytes

The maximum length allowed for all of the headers taken together.

MaxHopCount= n

Assume a message is looping when it has been processed more than n times. The default is 25.

MaxHostStatAge= n

Retain host status information for n minutes.

MaxMessageSize= n

The maximum message size advertised in response to the ESMTP EHLO. Messages larger than this are rejected.

MaxMimeHeaderLength= size

The maximum length of MIME header fields.

MaxQueueRunSize= n

The maximum number of items that can be processed in a single queue run. The default is no limit.

MaxRecipientsPerMessage= n

n limits the maximum number of recipients for a single message. If it is not specified, there is no limit.

MeToo

Send a copy to the sender.

MinFreeBlocks= n

Don’t accept incoming mail unless n blocks are free in the queue filesystem.

MinQueueAge= n

Don’t process any jobs that have been in the queue less than n minutes.

MustQuoteChars= s

The list of characters added to the set “@,;:\( )[]” that must be quoted when used in the username part of an address. If MustQuoteChars is specified without an s value, it adds “.” to the standard set of quoted characters.

NoRecipientAction= action

The action taken when a message has no valid recipient headers. action can be none to pass the message on unmodified, add-to to add a To: header using the recipient addresses from the envelope, add-apparently-to to add an Apparently-To: header, add-to-undisclosed to add a “To: undisclosed-recipients:;” header, or add-bcc to add an empty Bcc: header.

OldStyleHeaders

Allow spaces to delimit names. Normally, commas delimit names.

OperatorChars= charlist

The list of operator characters that are normally defined in macro o. The default is the standard set of operators. See the discussion of rewrite tokens and the use of operators in determining tokens in Chapter 10.

ProcessTitlePrefix= prefix

A string used on the heading of process status reports.

PostmasterCopy= username

Copy error messages to username. The default is not to send copies of error messages to the postmaster.

PrivacyOptions= options

Set SMTP protocol options, where options is a comma-separated list containing one or more of these keywords:

public: allow all commands
needmailhelo: require HELO or EHLO before MAIL
needexpnhelo: require HELO or EHLO before EXPN
noexpn: disable EXPN
needvrfyhelo: require HELO or EHLO before VRFY
novrfy: disable VRFY
restrictmailq: restrict mailq to users with group access to the queue directory
restrictqrun: only root and the owner of the queue directory are allowed to run the queue
noreceipts: don’t return successful delivery messages
goaway: disable all SMTP status queries
authwarnings: put X-Authentication-Warning: headers in messages

QueueDirectory= directory

The pathname of the queue directory.

QueueFactor= factor

The factor used with the difference between the current load and the load average limit and with the message priority to determine if a message should be queued or sent immediately. The idea is to queue low-priority messages if the system is currently heavily loaded. It defaults to 600000.

QueueLA= n

Queue messages when the system load average exceeds n. The default is 8.

QueueSortOrder= sequence

Sort the queue in the sequence specified, where sequence is: h (hostname sequence); t (submission time sequence); or p (message priority order). Priority ordering is the default.

RandFile= file

Points to a file that provides pseudo-random data for certain encryption techniques. This is used only if the compile option HASURANDOM is not available.

ResolverOptions= options

Set resolver options. Available option values are: debug, aaonly, usevc, primary, igntc, recurse, defnames, stayopen, and dnsrch. The option can be preceded by a plus (+) to turn it on or a minus (-) to turn it off. One other option, HasWildcardMX, is specified without a + or -. Simply adding HasWildcardMX turns the option on.

RrtImpliesDsn

If set to true, treat a Return-Receipt-To: header as a request for delivery service notification (DSN). The default is false.

RunAsUser= userid [:groupid]

Run sendmail under this user ID and group ID instead of under root. This may enhance security when sendmail is running on a well-maintained firewall. On general-purpose systems, this may decrease security because it requires that many files be readable or writable by this user ID.

RecipientFactor= factor

The priority of a job is lowered by this factor for each recipient so that jobs with large numbers of recipients have lower priority. Defaults to 30000.

RefuseLA= n

Refuse incoming SMTP connections when the system load average exceeds n. The default is 12.

RetryFactor= factor

The factor used to decrease the priority of a job every time it is processed, so that mail that cannot be delivered does not keep popping to the top of the queue. The default is 90000.

SafeFileEnvironment= directory

chroot(2) to directory before writing a file and refuse to deliver to symbolic links.

SaveFromLine

Save Unix-style From: lines at the front of headers. Normally they are discarded.

SendMIMEErrors

Send error messages in MIME format.

ServerCertFile= file

Identifies the file that contains the certificate used when this system acts as a mail server.

ServerKeyFile= file

Identifies the file that contains the private key used when this system acts as a mail server.

ServiceSwitchFile= path

Identifies the path to a file that lists the methods used for various services. The ServiceSwitchFile contains entries that begin with the service name followed by the service method. sendmail checks for services named “aliases” and “hosts” and supports “dns”, “nis”, “nisplus”, or “files” as possible service methods, assuming that support for all of these methods is compiled into this copy of sendmail. ServiceSwitchFile defaults to /etc/service.switch. If that file does not exist, sendmail uses the following service methods: aliases are looked up in the aliases files, and hosts are looked up first using dns, then nis, and finally the hosts file. If the operating system has a built-in service switch feature, it is used and this option is ignored. See the description of the nsswitch.conf file in Chapter 9. It is a service switch file.

SevenBitInput

Strip input to 7 bits for compatibility with old systems. This shouldn’t be necessary.

SingleLineFromHeader

For compatibility with some versions of Lotus Notes, unwrap From: lines that have embedded newlines into one long line.

SingleThreadDelivery

Don’t open more than one SMTP connection to a remote host at the same time. This option requires the HostStatusDirectory option.

SmtpGreetingMessage= message

The greeting sent to the remote host when it connects to the SMTP server port. This is the value defined in macro e.

StatusFile= file

Log summary statistics in file. By default, summary statistics are not logged.

SuperSafe

Create a queue file, even when attempting immediate delivery.

TempFileMode= mode

Use mode to set the access permissions for queue files. mode is an octal value. It defaults to 0600.

Timeout. type = timeout

Set timeout values, where type is the thing being timed and timeout is the time interval before the timer expires. Table E-10 lists the valid type values, the event being timed, and the default timeout value for each type.

Table E-10. Timeout types

Type	Waiting for	Default
connect	A connection to complete	1m
control	A control socket transmission to complete	2m
iconnect	The connection to the first host in a message	5m
initial	Initial greeting message	5m
helo	Reply to HELO or EHLO command	5m
mail	Reply to MAIL command	10m
rcpt	Reply to RCPT command	1h
datainit	Reply to DATA command	5m
datablock	Data block read	1h
datafinal	Reply to terminating “.”	1h
rset	Reply to RSET command	5m
quit	Reply to QUIT command	2m
misc	Reply to NOOP and VERB commands	2m
ident	IDENT protocol response	30s
fileopen	Open on a .forward or :include: file	60s
command	Command read	1h
queuereturn	Returning a queued message as undeliverable	5d
queuereturn.normal	Returning a normal message from the queue as undeliverable	5d
queuereturn.non-urgent	Returning a non-urgent message from the queue as undeliverable	7d
queuereturn.urgent	Returning an urgent message from the queue as undeliverable	2d
queuewarn	Warning that a message is still queued	4h
queuewarn.normal	Warning that a normal message is still queued	4h
queuewarn.non-urgent	Warning that a non-urgent message is still queued	12h
queuewarn.urgent	Warning that an urgent message is still queued	1h
resolver.retrans	A response to a resolver query	5s
resolver.retrans.first	A response to the first resolver query	5s
resolver.retrans.normal	A response to a normal resolver query	5s
resolver.retry	Sets the number of times to retry a resolver query	4
resolver.retry.first	Sets the number of times to retry the first resolver query	4
resolver.retry.normal	Sets the number of times to retry a normal resolver query	4
hoststatus	Removing stale host status	30m

TimeZoneSpec= tzinfo: Set the local time zone information to tzinfo. If TimeZoneSpec is not set, the system default is used; if set to null, the user’s TZ variable is used.
TrustedUser= users: The list of users trusted to send mail using another user’s name.
TryNullMXList: Connect directly to any remote host that lists the local system as its most preferred MX server, as if the remote host had no MX records. You are discouraged from using this option.
UnixFromLine= fromline: Defines the format for Unix-style From: lines. This is the same as the value stored in macro l.
UnsafeGroupWrites: Group-writable :include: and .forward files cannot reference programs or write directly to files. World-writable files always have these restrictions.
UseErrorsTo: Send error messages to the addresses listed in the Errors-To: header. Normally, errors are sent to the sender address from the envelope.
UserDatabaseSpec= udbspec: The user database specification.
UserSubmission: Indicates that this is not relayed mail, but an initial submission directly from a Mail User Agent.
Verbose: Run in verbose mode.

See Chapter 10 for examples of setting options.

sendmail Mailer Flags

Mailer flags are declared in the F field of the mailer definition. Each mailer flag is set by a single character that represents that flag. For example, F=lsDFMe sets six different flags. Table E-11 lists the single-character name and function of each flag.

Table E-11. sendmail mailer flags

Name	Function
C	Add `@domain` to addresses that do not have an @.
D	The mailer wants a Date: header line.
E	Add > to message lines that begin with From:.
e	This is an expensive mailer. See sendmail option c.
F	The mailer wants a From: header line.
f	The mailer accepts an -f flag from trusted users.
h	Preserve uppercase in hostnames.
`I`	The mailer will be speaking SMTP to another sendmail.
L	Limit the line lengths as specified in RFC 821.
l	This is a local mailer.
M	The mailer wants a Message-Id: header line.
m	The mailer can send to multiple users in one transaction.
n	Don’t insert a Unix-style From: line in the message.
P	The mailer wants a Return-Path: line.
R	Use the MAIL FROM: return path rather than the return address.
r	The mailer accepts an -r flag from trusted users.
S	Don’t reset the userid before calling the mailer.
s	Strip quotes off of the address before calling the mailer.
U	The mailer wants Unix-style From: lines.
u	Preserve uppercase in usernames.
X	Prepend a dot to lines beginning with a dot.
x	The mailer wants a Full-Name: header line.

See Chapter 10 for examples of mailer flag declaration within mailer definitions.

The sendmail K Command

The sendmail K command is used to define a database within the sendmail.cf file. The K command syntax is:

Kname type [arguments]

Chapter 10 provides examples of defining and using a sendmail database, and it describes the K command syntax. This appendix lists the valid type values and arguments that can be used with a K command.

The type field of the K command identifies what kind of database is being defined. There are several internal database types that are specific to sendmail, and several external types that rely on external database libraries. Support for the external database types must be compiled into sendmail by explicitly specifying the supported database types using the confMAPDEF command in a devtools/OS or devtools/Site file used by Build to compile sendmail. See the example of compiling sendmail earlier in this appendix.

The possible values for type are:

dbm: The “new dbm” database format. It is accessed using the ndbm(3) library. Only supported if sendmail is compiled with NDBM defined.
btree: The btree database format. It is accessed using the Berkeley db(3) library. Only supported if sendmail is compiled with NEWDB defined.
hash: The hash database format. It is accessed using the Berkeley db(3) library. Only supported if sendmail is compiled with NEWDB defined.
nis: NIS server lookups. sendmail must be compiled with NIS defined to support this.
nisplus: NIS+ server lookups. sendmail must be compiled with NISPLUS defined to support this.
hesiod: MIT hesiod server lookups. Support requires that sendmail is compiled with HESIOD defined.
ldap: Searches using LDAP. sendmail must be compiled with LDAPMAP defined to support this. sendmail supports most of the standard command-line arguments of the ldapsearch program.
netinfo: NeXT NetInfo lookups. Only supported if sendmail is compiled with NETINFO defined.
text: Text file lookups. Requires no external database libraries or compile options. The format of the text database is defined with the key field, value field, and field delimiter flags. See the next section for a description of the K command flags.
ph: CCSO Nameserver lookups.
program: Queries are passed to an external program for resolution.
stab: An internal symbols table database.
implicit: The default internal sendmail format used for an alias file, if no type is defined for the file.
user: A special sendmail type used to verify the existence of a user by using getpwnam(3).
host: A special sendmail type used to convert nicknames and IP addresses to canonical names via the domain name server. This is an alternative form of the $[ name ]$ syntax.
sequence: A special sendmail type used to define the order in which previously defined databases are searched. For example, assume that three databases (file1, file2, and file3) are defined by K commands. It is possible to add a fourth K command, Kallfiles sequence file3 file1 file2, that “combines” them together as allfiles and specifies that file3 is searched first, file1 second, and file2 third.
switch: A special sendmail type that uses the service switch file to set the order in which database files are searched. The argument on a K command with a type of “switch” must be the name of a service in the service switch file. The values associated with the service name in the service switch file are used to create the names of databases that are searched in the order in which they are defined. For example, the command Kali switch aliases looks up the service switch entry for aliases. If it contains the value nis files, sendmail searches databases named ali.nis and ali.files in that order.
dequote: A special sendmail type used to strip unwanted double quotes (") from email addresses.
arith: An internal routine used for doing specific arithmetic functions.
bestmx: An internal routine that retrieves the MX record for a host.
dns: An internal routine that retrieves the address for a hostname.
null: An internal routine that returns “Not found” for all lookups.
regex: An internal routine that handles regular expressions.

Many of the possible type values do not refer to real databases. Several types are special values used only inside sendmail. Some refer to internal sendmail routines that are accessed from rewrite rules using the same syntax that would be used to access a database.

The argument that follows most of the real database types is a filename. The filename identifies the external file that contains the database. Only the basic filename is provided. sendmail adds an extension appropriate for the database type. For example, Krealname dbm /usr/etc/names becomes /usr/etc/names.db because .db is the correct extension for dbm databases.

In addition to a filename, the arguments field can contain optional flags:

-o: This is an optional database. sendmail proceeds without error if the file is not found.
-N: Valid database keys are terminated with a NULL character.
-O: Valid database keys are never terminated with a NULL character. Never specify both -N and -O, which indicates that no keys are valid! It is safest to avoid both -N and -O and let sendmail determine the correct key structure unless you are positive about the correct flag.
-a x: Append the string x to the value returned by a successful match.
-f: Do not convert uppercase to lowercase before attempting to match the key.
-m: Check that the key exists in the database, but do not replace the key with the value returned by the database.
-k keycol: The location of the key within a database entry. For most databases, the key is the first field and this flag is not needed. For text file lookups, this flag is required and keycol is the column number in which the key begins.
-v valcol: The location of the value within a database entry. For most databases, the value follows the key and the -v flag is not used. For text file lookups, this flag is required and specifies the column in which the value field begins.
-z delim: The character that delimits fields within the database. By default, it is whitespace.
-t: Allow database lookups that depend on remote servers to fail instead of queuing the mail for later processing. This is primarily used when you have DNS server problems. Normally, when a remote server fails to respond, the mail is put in the queue for later delivery. Setting this flag causes the mail to be immediately returned to the sender as undeliverable.
-s spacesub: Use spacesub to replace space characters after processing an address against the dequote database.
-A: Accept values from duplicate keys. Most databases do not allow duplicate keys.
-q: Preserve any quotes contained in the key. Normally quotes are removed.

The full lists of database types and flags provided in this appendix will help you understand the K commands inserted into the sendmail.cf file by the m4 processor. Your own K commands will be much simpler. You will stick with a database type that is supported by your sendmail and makemap commands, and you will build simple databases designed to fulfill specific purposes. Chapter 10 provides examples of such databases, and the next section contains some simple scripts used to build those example databases.

Sample script

In Chapter 10, the realnames database is used to rewrite login usernames to the “firstname dot lastname” format for outbound email. The script shown below builds the realnames database from the /etc/passwd file.

#! /bin/sh 
# 
# Eliminate "non-login" accounts 
grep -v ':*:' /etc/passwd | \ 
# Eliminate "exposed" usernames, i.e. usernames defined 
#  in class E as names that should not be re-written 
grep -v ' root:' | \ 
# Replace delimiting colons with whitespace 
sed 's/:/ /g' | \ 
# Output the username followed by firstname.lastname 
awk '{ print $1, $5"."$6 }' > realnames 
# Build the realnames database
makemap dbm realnames < realnames

Building realnames from the passwd file is completely dependent on the format of that file. The passwd file must have a consistent format for the GECOS field and a consistent way to identify a “non-user” account. A “non-user” account is not accessed by a user to log in or to collect email. It is normally a system account used by system or application software. A classic example is the uucp account. Every system has some way to mark that these accounts are not used for user logins. Some systems use an asterisk in the password field, while others use an exclamation mark, the letters NP, an x, or something else. The sample script assumes that an asterisk is used, which is the case on my Linux system. (My Solaris system uses an x.) Print out your passwd file to find out what it uses and modify the script accordingly.

The sample script also assumes that the first two values in the GECOS field are the user’s first and last names separated by a blank. If the beginning of the GECOS field is in any other format, the script produces garbage. The procedure you use to add new users to your system should produce a consistent GECOS field. Inconsistency is the enemy of automation. The sample below shows a file that has inconsistencies, and the bad data it produces:

% cat /etc/passwd 
root:oRd1L/vMzzxno:0:1:System Administrator:/:/bin/csh 
nobody:*:65534:65534::/: 
daemon:*:1:1::/: 
sys:*:2:2::/:/bin/csh 
bin:*:3:3::/bin: 
uucp:*:4:8::/var/spool/uucppublic: 
news:*:6:6::/var/spool/news:/bin/csh 
ingres:*:7:7::/usr/ingres:/bin/csh 
audit:*:9:9::/etc/security/audit:/bin/csh 
craig:1LrpKlz8sYjw:198:102:Craig Hunt:/home/craig:/bin/csh 
dan:RSU.NYlKuFqzh2:214:885:Dan Scribner:/home/dan:/bin/csh 
becca:monfTHdnjj:101:102:"Becky_Hunt":/home/becca:/bin/csh 
dave:lniuhugfds:121:885:David H. Craig:/home/dave:/bin/csh 
kathy:TUVigddehh:101:802:Kathleen S McCafferty:/home/kathy:/bin/csh 
% build.realnames 
% cat realnames 
craig Craig.Hunt 
dan Dan.Scribner 
becca "Becky_Hunt"./home/becca  
dave David.H.  kathy Kathleen.S

Your passwd file may have grown over time under the control of several different system administrators. It may be full of inconsistencies. If it is, clean it up before you run the script to build email aliases, and then maintain it consistently.

^[162]By convention, m4 macros are shown in uppercase, and built-in m4 commands are shown in lowercase.

^[163]The one exception to this is the UUCPSMTP macro that can be used in the local rule.

Previous Chapter

D. A dhcpd Reference

Next Chapter

F. Solaris httpd.conf File