Section E.4. More sendmail.cf

Many options and flags can be used in configuring the sendmail.cf file. All of the important configuration parameters are covered in Chapter 10. But if you are unlucky enough to have a configuration that requires you to tweak one of the more obscure parameters, you will find all of them in the following tables.

E.4.1 sendmail Macros

The sendmail.cf file contains a large number of macro variables. Macros are useful because they can store values specific to your configuration and yet be referenced by a macro name that is independent of your configuration. This makes it possible to use a configuration file that is essentially the same on many different systems simply by varying the value stored in the macro. This appendix lists all of the internal sendmail macros in two tables. Table E-7 lists all of the macros that use single-character names.

The current version of sendmail allows macros to have multi-character names. Table E-8 lists the macros that use long names.

E.4.2 sendmail Classes

As the previous tables show, sendmail has many internal macros. It also has several internal classes. Most of these classes still use single-character names. A few use the newer long names. The full list of internal classes is shown in Table E-9.

E.4.3 sendmail Options

A large number of sendmail options can be set inside the sendmail configuration file. Chapter 10 provides the syntax of the option command in Table 10-1 and several examples of options. The complete list of options is:

AliasFile=[ class:] file, [ class:] file...

Identifies the alias file(s). class is optional and defaults to implicit. Valid classes are implicit, hash, dbm, stab (internal symbol table) or nis. The selected database class must be a database type that was compiled into sendmail on your system. file is the pathname of the alias file.

AliasWait= timeout

Wait timeout minutes for an "@:@" entry to appear in the alias database before starting up. When timeout expires, automatically rebuild the database if AutoRebuildAliases is set; otherwise, issue a warning.

AuthMechanisms= list

Advertise the listed authentication mechanisms.

AuthOptions= list

Lists the options supported with the SMTP AUTH argument.

AllowBogusHELO

Accept illegal HELO SMTP commands that don't contain a hostname.

AutoRebuildAliases

Automatically rebuild the alias database when necessary. The preferred method is to rebuild the alias database with an explicit newaliases command.

BlankSub= c

Use c as the blank substitution character to replace unquoted spaces in addresses. The default is to leave the spaces unchanged.

CACERTFile= filename

Identifies the file that contains the certificate of a certificate authority.

CACERTPath= path

Defines the path to the directory that contains the certificates of various certificate authorities.

CheckAliases

Check that the delivery address in each alias is valid when rebuilding the alias database. Normally this check is not done. Adding this check slows the database build substantially. This is a Boolean.

CheckpointInterval= n

Checkpoint the queue after every n items are processed to simplify recovery if your system crashes during queue processing. The default is 10.

ClassFactor= fact

The multiplier used to favor messages with a higher value in the Priority: header. Defaults to 1800.

ClientCertFile= file

Identifies the file that contains the certificate used when this system acts as a client.

ClientKeyFile= file

Identifies the file that contains the private key used when this system acts as a client.

ClientPortOptions= options

Defines nonstandard settings used when this system acts as an SMTP client. options is a comma-separated list of keyword=value pairs. Valid keyword=value pairs are:

Port= port

Defines the source port number the client uses for outbound connections. port can be specified by number or name. If a name is used, the name must be defined in /etc/services. By default, the source port for an outbound connection is generated by the system for the connection.

Addr= address

Defines the address of the network interface the client uses for outbound connections. The value for address can be written in dotted decimal notation or as a name. By default, any available interface is used.

Family= protocol

Defines the protocol family used for the connection. inet, which is the default, is the protocol family for TCP/IP.

SndBufSize= bytes

Defines the size of the send buffer.

RcvBufSize= bytes

Defines the size of the receive buffer.

Modifier= flags

Defines the daemon flags for the client. Only one flag, h, is available. The h flag tells the client to use the name assigned to the interface on the SMTP HELO or EHLO command.

ColonOkInAddr

Accept colons in email addresses (e.g., host:user). Colons are always accepted in pairs in mail routing (nodename::user) or in RFC 822 group constructs (groupname: member1, member2, ...;). By default, this option is "on" if the configuration version level is less than 6.

ConnectionCacheSize= n

The number of connections that can be held open (cached) by this instantiation of sendmail. The default is 1. The maximum is 4. 0 causes connections to be closed immediately after the data is sent, which is the traditional way sendmail operated.

ConnectionCacheTimeout= timeout

The amount of time an inactive cached connection is held open. After timeout minutes of inactivity, it is closed. The default is 5 minutes.

ConnectionRateThrottle= n

Limits the number of incoming connections accepted in any 1-second period to n. The default is 0, which means no limit.

ConnectOnlyTo= address

Limits all SMTP connections to a single destination address. Used only for testing.

ControlSocketName= path

Defines the path of the Unix control socket used to manage daemon connections. By default, this is not defined.

DaemonPortOptions= options

Sets SMTP server options. The options are key=value pairs. The options are:

Port= portnumber

where portnumber is any valid port number. It can be specified with the number or the name found in /etc/services. The default is port 25, SMTP.

Addr= mask

where mask is an IP address mask specified either in dotted decimal notation or as a network name. The default is INADDR-ANY, which accepts all addresses.

Family= addressfamily

where addressfamily is a valid address family (see the ifconfig command). The default is INET, which allows IP addresses to be used.

Listen= n

where n is the number of queued connections allowed. The default is 10.

SndBufSize= n

where n is the send buffer size.

RcvBufSize= n

where n is the receive buffer size.

DataFileBufferSize= bytes

Defines the maximum amount of memory that can be used to buffer a data file.

DeadLetterDrop= file

Defines the file where messages that cannot be returned to the sender or sent to the postmaster account are stored.

DefaultAuthInfo= file

Defines the file that contains the authentication information needed for outbound connections.

DefaultCharSet= charset

The character set placed in the Content-Type: header when 8-bit data is converted to MIME format. The default is unknown-8bit. This option is overridden by the Charset= field of the mailer descriptor.

DefaultUser= user[: group]

The default user ID and group ID for mailers without the S flag in their definitions. If group is omitted, the group associated with user in the /etc/passwd file is used. The default is 1:1.

DeliveryMode= x

Deliver in mode x, where x is i (interactive delivery), b (background delivery), q (queue the message), or d (defer until the queue run). The default is b.

DHParameters= parameters

Defines the DH parameters used for DSA/DH encryption.

DialDelay= delaytime

Delay delaytime seconds before redialing a failed connection on dial-on-demand networks. The default is 0 (no redial).

DontBlameSendmail= options

Disables sendmail's file security checks. options is a comma-separated list of keywords that disable specific security checks. The values for this option are set by the confDONT_BLAME_SENDMAIL define command in the m4 source file. The valid keywords for the options list are:

AssumeSafeChown

Allow the chown command because it is only available to the root user.

ClassFileInUnsafeDirPath

Accept any directory path in an F command.

DontWarnForwardFileInUnsafeDirPath

Don't issue a warning about an unsafe path for the .forward file.

ErrorHeaderInUnsafeDirPath

Accept the error header file regardless of its directory path.

FileDeliveryToHardLink

Permit delivery to a file that is really a hard link.

FileDeliveryToSymLink

Permit delivery to a file that is really a symbolic link.

ForwardFileInUnsafeDirPath

Accept a .forward file even if it is in an unsafe directory.

ForwardFileInUnsafeDirPathSafe

Accept program and file references from a .forward file even if it is in an unsafe directory.

ForwardFileIngroupWritableDirPath

Accept a .forward file even if it is in a group-writable directory.

GroupWritableAliasFile

Accept the aliases file even if it is group-writable.

GroupWritableDirPathSafe

Accept all group-writable directories as "safe."

GroupWritableForwardFileSafe

Accept a .forward file even if it is group-writable.

GroupWritableIncludeFileSafe

Accept :include: files even if they are group-writable.

HelpFileinUnsafeDirPath

Accept the help file even if it is in an unsafe directory.

IncludeFileInUnsafeDirPath

Accept :include: files even if they are from unsafe directories.

IncludeFileInUnsafeDirPathSafe

Accept program and file references from :include: files even if they are in an unsafe directory.

IncludeFileIngroupWritableDirPath

Accept :include: files even if they are in a group-writable directory.

InsufficientEntropy

Use STARTTLS even if the random seed generator for SSL is inadequate.

LinkedAliasFileInWritableDir

Accept an aliases file that is a link in a writable directory.

LinkedClassFileInWritableDir

Load class values from files that are links in writable directories.

LinkedForwardFileInWritableDir

Accept .forward files that are links in writable directories.

LinkedIncludeFileInWritableDir

Accept :include: files that are links in writable directories.

LinkedMapInWritableDir

Accept database files that are links in writable directories.

LinkedServiceSwitchFileInWritableDir

Accept a service switch file that is a link in a writable directory.

MapInUnsafeDirPath

Accept database files that are in unsafe directories.

NonRootSafeAddr

Don't flag file and program deliveries as unsafe when sendmail is not running as root.

RunProgramInUnsafeDirPath

Run programs that are in writable directories.

RunWritableProgram

Run programs that are group- or world-writable.

Safe

Leave all of the safety checks on. This is the default.

TrustStickyBit

Trust group- and world-writable directories if the sticky bit is set.

WorldWritableAliasFile

Accept the aliases file even if it is world-writable.

WriteMapToHardLink

Write to database files even if they are really hard links.

WriteMapToSymLink

Write to database files even if they are really symbolic links.

WriteStatsToHardLink

Write to the status file even if it is really a hard link.

WriteStatsToSymLink

Write to the status file even if it is really a symbolic link.

DontExpandCnames

Disable the $[name$] syntax used to convert nicknames to canonical names.

DontInitGroups

Don't use the initgroups(3) call. This setting reduces NIS server load, but limits a user to the group associated with that user in /etc/passwd.

DontProbeInterfaces

If set to true, this stops sendmail from adding the names and addresses of the network interfaces to class w. The default is false, so interface names and addresses are stored in class w.

DontPruneRoutes

Don't optimize explicit mail routes. Normally, sendmail makes a route as direct as possible. However, optimizing the route may not be appropriate for systems located behind a firewall.

DoubleBounceAddress= error-address

Send the report of an error that occurs when sending an error message to error-address. The default is postmaster.

EightBitMode= action

Handle undeclared 8-bit data by following the specified action. The possible actions are: s (strict), reject undeclared 8-bit data; m (mime), convert it to MIME; and p (pass), pass it through unaltered.

ErrorHeader= file-or-message

Prepend file-or-message to outgoing error messages. If file-or-message is the path to a text file that is to be prepended, it must begin with a slash. If this option is not defined, nothing is prepended to error messages.

ErrorMode= x

Handle errors messages according to x, where x is: p (print messages); q (give exit status but no messages); m (mail back messages); w (write messages to the user's terminal); or e (mail back messages and always give zero exit status). If this option is not defined, error messages are printed.

FallbackMXhost= fallbackhost

Use fallbackhost as a backup MX server for every host.

ForkEachJob

Run a separate process for every item delivered from the queue. This option reduces the amount of memory needed to process the queue.

ForwardPath= path

The path to search for .forward files. Multiple paths can be defined by separating them with colons. The default is $z/.forward.

HelpFile= file

The path to the help file.

HoldExpensive

Queue mail for outgoing mailers that have the e (expensive) mailer flag. Normally mail is delivered immediately.

HostsFile= path

The path to the hosts file. The default is /etc/hosts.

HostStatusDirectory= path

Directory in which host status information is stored so that it can be shared between sendmail processes. Normally, the status of a host or connection is only known by the process that discovers that status. To function, this option requires that ConnectionCacheSize be set to at least 1.

IgnoreDots

Ignore dots in incoming messages. Dots cannot be ignored by SMTP mail because they are used to mark the end of a mail message.

LDAPDefaultSpec= specification

The default specification used for LDAP databases.

LogLevel= n

n indicates the level of detail stored in the log file. n defaults to 9, which is normally plenty of detail.

MatchGECOS

Check the username from the email address against the GECOS field of the passwd file if it was not found in the alias database or in the username field of the passwd file. This option is not recommended.

MaxAliasRecursion= n

Aliases can point to other aliases before finally resolving to the actual mail address. This option defines how deep aliases can be nested before resolving to a mail address. The default for n is 10.

MaxDaemonChildren= n

Refuse connections when n children are processing incoming mail. Normally sendmail sets no arbitrary limit on child processes.

MaxHeadersLength= bytes

The maximum length allowed for all of the headers taken together.

MaxHopCount= n

Assume a message is looping when it has been processed more than n times. The default is 25.

MaxHostStatAge= n

Retain host status information for n minutes.

MaxMessageSize= n

The maximum message size advertised in response to the ESMTP EHLO. Messages larger than this are rejected.

MaxMimeHeaderLength= size

The maximum length of MIME header fields.

MaxQueueRunSize= n

The maximum number of items that can be processed in a single queue run. The default is no limit.

MaxRecipientsPerMessage= n

n limits the maximum number of recipients for a single message. If it is not specified, there is no limit.

MeToo

Send a copy to the sender.

MinFreeBlocks= n

Don't accept incoming mail unless n blocks are free in the queue filesystem.

MinQueueAge= n

Don't process any jobs that have been in the queue less than n minutes.

MustQuoteChars= s

The list of characters added to the set "@,;:\( )[]" that must be quoted when used in the username part of an address. If MustQuoteChars is specified without an s value, it adds "." to the standard set of quoted characters.

NoRecipientAction= action

The action taken when a message has no valid recipient headers. action can be none to pass the message on unmodified, add-to to add a To: header using the recipient addresses from the envelope, add-apparently-to to add an Apparently-To: header, add-to-undisclosed to add a "To: undisclosed-recipients:;" header, or add-bcc to add an empty Bcc: header.

OldStyleHeaders

Allow spaces to delimit names. Normally, commas delimit names.

OperatorChars= charlist

The list of operator characters that are normally defined in macro o. The default is the standard set of operators. See the discussion of rewrite tokens and the use of operators in determining tokens in Chapter 10.

ProcessTitlePrefix= prefix

A string used on the heading of process status reports.

PostmasterCopy= username

Copy error messages to username. The default is not to send copies of error messages to the postmaster.

PrivacyOptions= options

Set SMTP protocol options, where options is a comma-separated list containing one or more of these keywords:

public

allow all commands

needmailhelo

require HELO or EHLO before MAIL

needexpnhelo

require HELO or EHLO before EXPN

noexpn

disable EXPN

needvrfyhelo

require HELO or EHLO before VRFY

novrfy

disable VRFY

restrictmailq

restrict mailq to users with group access to the queue directory

restrictqrun

only root and the owner of the queue directory are allowed to run the queue

noreceipts

don't return successful delivery messages

goaway

disable all SMTP status queries

authwarnings

put X-Authentication-Warning: headers in messages

QueueDirectory= directory

The pathname of the queue directory.

QueueFactor= factor

The factor used with the difference between the current load and the load average limit and with the message priority to determine if a message should be queued or sent immediately. The idea is to queue low-priority messages if the system is currently heavily loaded. It defaults to 600000.

QueueLA= n

Queue messages when the system load average exceeds n. The default is 8.

QueueSortOrder= sequence

Sort the queue in the sequence specified, where sequence is: h (hostname sequence); t (submission time sequence); or p (message priority order). Priority ordering is the default.

RandFile= file

Points to a file that provides pseudo-random data for certain encryption techniques. This is used only if the compile option HASURANDOM is not available.

ResolverOptions= options

Set resolver options. Available option values are: debug, aaonly, usevc, primary, igntc, recurse, defnames, stayopen, and dnsrch. The option can be preceded by a plus (+) to turn it on or a minus (-) to turn it off. One other option, HasWildcardMX, is specified without a + or -. Simply adding HasWildcardMX turns the option on.

RrtImpliesDsn

If set to true, treat a Return-Receipt-To: header as a request for delivery service notification (DSN). The default is false.

Chapter 1. Overview of TCP/IP Section 1.1. TCP/IP and the Internet Section 1.2. A Data Communications Model Section 1.3. TCP/IP Protocol Architecture Section 1.4. Network Access Layer Section 1.5. Internet Layer Section 1.6. Transport Layer Section 1.7. Application Layer Section 1.8. Summary Chapter 2. Delivering the Data Section 2.1. Addressing, Routing, and Multiplexing Section 2.2. The IP Address Section 2.3. Internet Routing Architecture Section 2.4. The Routing Table Section 2.5. Address Resolution Section 2.6. Protocols, Ports, and Sockets Section 2.7. Summary Chapter 3. Network Services Section 3.1. Names and Addresses Section 3.2. The Host Table Section 3.3. DNS Section 3.4. Mail Services Section 3.5. File and Print Servers Section 3.6. Configuration Servers Section 3.7. Summary Chapter 4. Getting Started Section 4.1. Connected and Non-Connected Networks Section 4.2. Basic Information Section 4.3. Planning Routing Section 4.4. Planning Naming Service Section 4.5. Other Services Section 4.6. Informing the Users Section 4.7. Summary Chapter 5. Basic Configuration Section 5.1. Kernel Configuration Section 5.2. Startup Files Section 5.3. The Internet Daemon Section 5.4. The Extended Internet Daemon Section 5.5. Summary Chapter 6. Configuring the Interface Section 6.1. The ifconfig Command Section 6.2. TCP/IP Over a Serial Line Section 6.3. Installing PPP Section 6.4. Summary Chapter 7. Configuring Routing Section 7.1. Common Routing Configurations Section 7.2. The Minimal Routing Table Section 7.3. Building a Static Routing Table Section 7.4. Interior Routing Protocols Section 7.5. Exterior Routing Protocols Section 7.6. Gateway Routing Daemon Section 7.7. Configuring gated Section 7.8. Summary Chapter 8. Configuring DNS Section 8.1. BIND: Unix Name Service Section 8.2. Configuring the Resolver Section 8.3. Configuring named Section 8.4. Using nslookup Section 8.5. Summary Chapter 9. Local Network Services Section 9.1. The Network File System Section 9.2. Sharing Unix Printers Section 9.3. Using Samba to Share Resources with Windows Section 9.4. Network Information Service Section 9.5. DHCP Section 9.6. Managing Distributed Servers Section 9.7. Post Office Servers Section 9.8. Summary Chapter 10. sendmail Section 10.1. sendmail's Function Section 10.2. Running sendmail as a Daemon Section 10.3. sendmail Aliases Section 10.4. The sendmail.cf File Section 10.5. sendmail.cf Configuration Language Section 10.6. Rewriting the Mail Address Section 10.7. Modifying a sendmail.cf File Section 10.8. Testing sendmail.cf Section 10.9. Summary Chapter 11. Configuring Apache Section 11.1. Installing Apache Software Section 11.2. Configuring the Apache Server Section 11.3. Understanding an httpd.conf File Section 11.4. Web Server Security Section 11.5. Managing Your Web Server Section 11.6. Summary Chapter 12. Network Security Section 12.1. Security Planning Section 12.2. User Authentication Section 12.3. Application Security Section 12.4. Security Monitoring Section 12.5. Access Control Section 12.6. Encryption Section 12.7. Firewalls Section 12.8. Words to the Wise Section 12.9. Summary Chapter 13. Troubleshooting TCP/IP Section 13.1. Approaching a Problem Section 13.2. Diagnostic Tools Section 13.3. Testing Basic Connectivity Section 13.4. Troubleshooting Network Access Section 13.5. Checking Routing Section 13.6. Checking Name Service Section 13.7. Analyzing Protocol Problems Section 13.8. Protocol Case Study Section 13.9. Summary Appendix A. PPP Tools Section A.1. Dial-Up IP Section A.2. The PPP Daemon Section A.3. chat Appendix B. A gated Reference Section B.1. The gated Command Section B.2. The gated Configuration Language Section B.3. Directive Statements Section B.4. Trace Statements Section B.5. Options Statements Section B.6. Interface Statements Section B.7. Definition Statements Section B.8. Protocol Statements Section B.9. static Statements Section B.10. Control Statements Section B.11. Aggregate Statements Appendix C. A named Reference Section C.1. The named Command Section C.2. named.conf Configuration Commands Section C.3. Zone File Records Appendix D. A dhcpd Reference Section D.1. Compiling dhcpd Section D.2. The dhcpd Command Section D.3. The dhcpd.conf Configuration File Appendix E. A sendmail Reference Section E.1. Compiling sendmail Section E.2. The sendmail Command Section E.3. m4 sendmail Macros Section E.4. More sendmail.cf Appendix F. Solaris httpd.conf File Appendix G. RFC Excerpts Section G.1. IP Datagram Header Section G.2. TCP Segment Header Section G.3. ICMP Parameter Problem Message Header Section G.4. Retrieving RFCs