1.8 The sendmail.cf File

The sendmail.cf file is read and parsed by sendmail every time sendmail starts. It contains information that is necessary for sendmail to run. It lists the locations of important files and specifies the default permissions for those files. It contains options that modify sendmail's behavior. Most important, it contains rules and rule sets for rewriting addresses.

1.8.1 Configuration Commands

The sendmail.cf configuration file is line-oriented. A configuration command, composed of a single letter, begins each line:

V9/Berkeley                   good
 V9/Berkeley                  bad, does not begin a line
V9/Berkeley Fw/etc/mail/mxhosts   bad, two commands on one line
Fw/etc/mail/mxhosts           good

Each configuration command is followed by parameters that are specific to it. For example, the V command is followed by a number, a slash, and a vendor name. Whereas the F command is followed by a letter (a w in the example), then the full pathname of a file. The complete list of configuration commands[18] is shown in Table 1-4.

[18] Note that other versions of sendmail, such as Sun or IDA, can have more, fewer, or different commands. We don't document those other versions in this book.

Table 1-4. The sendmail.cf file's configuration commands




Define a class macro


Define a macro


Define an environment variable (beginning with V8.7)


Define a class macro from a file, pipe, or database map


Define a header


Declare a keyed database (beginning with V8.1)


Include extended load average support (contributed software, not covered)


Define a mail delivery agent


Define an option


Define delivery priorities


Define a queue (beginning with V8.12)


Define a rewriting rule


Declare a rule-set start


Declare trusted users (ignored in V8.1, restored in V8.7)


Define configuration file version (beginning with V8.1)


Define a mail filter (beginning with V8.12)

Some commands, such as V, should appear only once in your sendmail.cf file. Others, such as R, can appear often.

Blank lines and lines that begin with the # character are considered comments and are ignored. A line that begins with either a tab or a space character is a continuation of the preceding line:

# a comment
     /Berkeley  continuation of V line above

Note that anything other than a command, a blank line, a space, a tab, or a # character causes an error. If the sendmail program finds such a character, it prints the following warning, ignores that line, and continues to read the configuration file:

/etc/mail/sendmail.cf: line 15: unknown configuration line "v9"

Here, sendmail found a line in its sendmail.cf file that began with the letter v. Because a lowercase v is not a legal command, sendmail printed a warning. The line number in the warning is that of the line in the sendmail.cf file that began with the illegal character.

An example of each kind of command is illustrated in the following sections.

1.8.2 The version Command

To prevent older versions of sendmail from breaking when reading new style sendmail.cf files, a V (for version) command was introduced beginning with V.1. The form for the version command looks like this:


The V must begin the line. The version number that follows must be 10 to enable all the new features of V.12 sendmail.cf. The number 10 indicates that the syntax of the sendmail.cf file has undergone 10 major changes over the years, the tenth being the current and most recent. The meaning of each version is detailed in Section 17.5.

The Berkeley tells sendmail that this is the pure open source version. Other vendor names can appear here too. Sun, for example, would be listed on Sun Solaris platforms and would cause the Sun Microsystems version of sendmail to recognize the Sun configuration file extensions.


Comments help other people understand your configuration file. They can also remind you about something you might have done months ago and forgotten. They slow down sendmail by only the tiniest amount, so don't be afraid to use them. As was mentioned earlier, when the # character begins a line in the sendmail.cf file, that entire line is treated as a comment and ignored. For example, the entire following line is ignored by the sendmail program:

# This is a comment

Besides beginning a line, comments can also follow commands.[19] That is,

[19] Before V8 sendmail, comments could follow only three commands: S (rule set), P (priority), and R (rewriting rule).

V9/Berkeley                   # this is another comment

1.8.4 A Quick Tour

The other commands in a configuration file tend to be more complex than the version command you just saw (so complex, in fact, that whole chapters in this book are dedicated to most of them). Here, we present a quick tour of each commandjust enough to give you the flavor of a configuration file but in small enough bites to be easily digested. Mail delivery agents

Recall that the sendmail program does not generally deliver mail itself. Instead, it calls other programs to perform that delivery. The M command defines a mail delivery agent (a program that delivers the mail). For example, as was previously shown:

Mlocal,         P=/usr/lib/mail.local, F=lsDFMAw5:/|@qPSXfmnz9,
                S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
                A=mail.local -l

This tells sendmail that local mail is to be delivered by using the /usr/lib/mail.local program. The other parameters in these lines are covered in Chapter 20. Macros

The ability to define a value once and then use it in many places makes maintaining your sendmail.cf file easier. The D sendmail.cf command defines a macro. A macro's name is either a single letter or curly-brace-enclosed multiple characters. It has text as a value. Once defined, that text can be referenced symbolically elsewhere:

DRmail.us.edu         a single letter
D{REMOTE}mail.us.edu  multiple characters (beginning with V8.7)

Here, R and {REMOTE} are macro names that have the string mail.us.edu as their values. Those values are accessed elsewhere in the sendmail.cf file with expressions such as $R and ${REMOTE}. Macros are covered in Chapter 21. Rules

At the heart of the sendmail.cf file are sequences of rules that rewrite (transform) mail addresses from one form to another. This is necessary chiefly because addresses must conform to many differing standards. The R command is used to define a rewriting rule:

R$-      $@ $1 @ $R     user ->  user @ remote

Mail addresses are compared to the rule on the left ($-). If they match that rule, they are rewritten on the basis of the rule on the right ($@ $1 @ $R). The text at the far right is a comment (that doesn't require a leading #).

Use of multicharacter macros and # comments (V8 configuration files and above) can make rules appear a bit less cryptic:

R$-                        # If a plain username
      $@ $1 @ ${REMOTE}    #    append "@" remote host

The details of rules such as this are more fully explained in Chapter 18. Rule sets

Because rewriting can require several steps, rules are organized into sets, which can be thought of as subroutines. The S command begins a rule set:


This particular S command begins rule set 3. Beginning with V8.7 sendmail, rule sets can be given symbolic names as well as numbers:


This particular S command begins a rule set named Hubset. Named rule sets are automatically assigned numbers by sendmail.

All the R commands (rules) that follow an S command belong to that rule set. A rule set ends when another S command appears to define another rule set. Rule sets are covered in Chapter 19. Class macros

There are times when the single text value of a D command (macro definition) is not sufficient. Often, you will want to define a macro to have multiple values and view those values as elements in an array. The C command defines a class macro. A class macro is like an array in that it can hold many items. The name of a class is either a single letter or, beginning with V8.7, a curly-brace-enclosed multicharacter name:

CW localhost fontserver         a single letter
C{MY_NAMES} localhost fontserver multiple characters (beginning with V8.7)

Here, each class contains two items: localhost and fontserver. The value of a class macro is accessed with an expression such as $=W or $={MY_NAMES}. Class macros are covered in Chapter 22. File class macros

To make administration easier, it is often convenient to store long or volatile lists of values in a file. The F sendmail.cf command defines a file class macro. It is just like the C command shown earlier, except that the array values are taken from a file:

F{MY_NAMES}/etc/mail/mynames      multiple characters (beginning with V8.7)

Here, the file class macros W and {MY_NAMES} obtain their values from the file /etc/mail/mynames.

The file class macro can also take its list of values from the output of a program. That form looks like this:

F{MY_NAMES}|/bin/shownames   multiple characters (beginning with V8.7)

Here, sendmail runs the program /bin/shownames. The output of that program is appended to the class macro.

Beginning with V8.12, sendmail can also take its list of values from a database map. That form looks like this:

FM@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host
F{MY_NAMES}@ldap:-k (&(objectClass=virtHosts)(host=*)) -v host

Here, sendmail gets the list of virtual domains it will manage from a Lightweight Directory Access Protocol (LDAP) database.

File class macros are covered in Chapter 22. Options

Options tell the sendmail program many useful and necessary things. They specify the location of key files, set timeouts, and define how sendmail will act and how it will dispose of errors. They can be used to tune sendmail to meet your particular needs.

The O command is used to set sendmail options. An example of the option command looks like this:

O QueueDirectory=/var/spool/mqueue  beginning with V8.7

Here, the Q option (beginning with V8.7 called QueueDirectory) defines the name of the directory in which mail will be queued as /var/spool/mqueue. Multicharacter option names, such as QueueDirectory, require a space following the initial O to be recognized. Options are covered in Chapter 24. Headers

Mail messages are composed of two parts: a header followed (after a blank line) by the body. The body can contain virtually anything.[20] The header, on the other hand, contains lines of information that must strictly conform to certain standards.

[20] With the advent of Multipurpose Internet Mail Extensions (MIME), the message body can now be composed of many mini-messages, each with its own MIME header and sub-body.

The H command is used to specify which mail headers to include in a mail message and how each will look:

HReceived: $?sfrom $s $.by $j ($v/$Z)$?r with $r$. id $i$?u for $u$.; $b

This particular H command tells sendmail that a Received: header line must be added to the header of every mail message. Headers are covered in Chapter 25. Priority

Not all mail has the same priority. Mass mailings (to a mailing list, for example) should be transmitted after mail to individual users. The P command sets the beginning priority for a mail message. That priority is used to determine a message's order when the mail queue is processed:

Pjunk= -100

This particular P command tells sendmail that mail with a Precedence: header line of junk should be processed last. Priority commands are covered in Chapter 25. Trusted users

For some software (such as UUCP) to function correctly, it must be able to tell sendmail whom a mail message is from. This is necessary when that software runs as a different user identity (uid) than that specified in the From: line in the message header. The T sendmail.cf command[21] lists those users that are trusted to override the From: address in a mail message. All other users can have a warning included in the mail message header.[22]

[21] The T command was ignored from V8.1 through V8.6 and restored under V8.7. With V8.7 it is actually implemented as the class $=t.

[22] If the PrivacyOptions option (PrivacyOptions) has the authwarnings flag set.

Troot daemon uucp

This particular T sendmail.cf command says that there are three users who are to be considered trusted. They are root (who is a god under Unix), daemon (sendmail usually runs as the pseudo-user daemon), and uucp (necessary for UUCP software to work properly).

Beginning with V8.10 sendmail, trusted users are also the only ones, other than root, permitted to rebuild the aliases database.

Trusted users are covered in Chapter 10. Keyed databases

Certain information, such as a list of UUCP hosts, is better maintained outside of the sendmail.cf file. External databases (called keyed databases) provide faster access to such information. Keyed databases were introduced with V8.1 and come in several forms, the nature and location of which are declared with the K configuration command:

Kuucp hash /etc/mail/uucphosts

This particular K command declares a database with the symbolic name uucp, with the type hash, located in /etc/mail/uucphosts. The K command is detailed and the types of databases are explained in Chapter 23. Environment variables

The sendmail program is very paranoid about security. One way to circumvent security with root run programs such as sendmail is by running them with bogus environmental variables. To prevent such an end run, V8 sendmail erases all its environment variables when it starts. It then presets the values for a small set of variables (such as TZ and SYSTYPE). This small, safe environment is then passed to its delivery agents. Beginning with V8.7 sendmail, sites that wish to augment this list can do so with the E configuration command:


Here, the environment variable POSTGRESHOME is assigned the value /home/postgres.

This allows programs to use the postgres(1) database to access information. The E command is detailed in Chapter 10. Queues defined

Beginning with V8.12, it is possible to both define a queue group and set its individual properties. Rule sets then select to which queue group a recipient's message should belong.

To illustrate, consider that a great deal of your site's mail goes to a host that is very busy during the day. You prefer such mail, when it is deferred, to be retried only once every other hour. You could define such a site's queue like this:

Qslowsite, P=/var/spool/mqueue/slowdir, I=2h

This configuration file line tells sendmail to place all mail bound for that site into the queue directory /var/spool/mqueue/slowdir and to process messages from that directory only once every 2 hours.

A rule elsewhere in the configuration file tells sendmail to associate any mail to anyone at slowsite.com with that queue group. Queue groups are described in detail in Section 11.4. External filter programs

Beginning unofficially with V8.10, and officially with V8.12 sendmail, it is possible to filter all inbound messages through an external filter program. The default filter program is called milter(8), and is described in Section 7.6.

The X configuration command (Section 7.6.2) allows you to tune the way external filters are used. In the following example, the first filter tried will use the Unix socket /var/run/f1.sock, and will reject the message (the F=R) if the filter cannot be accessed:

Xfilter1, S=local:/var/run/f1.sock, F=R

    Part I: Build and Install
    Part II: Administration
    Part III: The Configuration File