Section E.4. More

Many options and flags can be used in configuring the file. All of the important configuration parameters are covered in Chapter 10. But if you are unlucky enough to have a configuration that requires you to tweak one of the more obscure parameters, you will find all of them in the following tables.

E.4.1 sendmail Macros

The file contains a large number of macro variables. Macros are useful because they can store values specific to your configuration and yet be referenced by a macro name that is independent of your configuration. This makes it possible to use a configuration file that is essentially the same on many different systems simply by varying the value stored in the macro. This appendix lists all of the internal sendmail macros in two tables. Table E-7 lists all of the macros that use single-character names.

Table E-7. Macros with single-character names




The date and time the mail was sent.


The current date in RFC 822 format.


The name of the Bitnet relay.


The number of times the mail has been forwarded.


The name of the DECnet relay.


The current date and time in ctime format.


Reserved for an X.400 relay.


The sender address.


The name of the FAX relay.


The sender address written as a full return address.


The recipient host.


The name of the mail hub.


The queue identifier.


The fully qualified domain name of the local computer.


The local system's UUCP node name.


The name of the LUSER_RELAY.


The name of the local domain.


The name used to masquerade outbound mail.


The sender name used for error messages.


The PID of the sendmail process running as a mail delivery agent.


The protocol used when the message was first received.


The name of the LOCAL_RELAY.


The hostname of the sender's machine.


The name of the SMART_HOST relay.


A numeric representation of the current date and time.


The username of the recipient.


A local UUCP name that overrides the value of $k.


The version number of sendmail that is running.


The name of the UUCP relay for class V hosts.


The hostname of the local system.


The name of the UUCP relay for class W hosts.


The full name of the sender.


The name of the UUCP relay for class X hosts.


The name of the UUCP relay for all other hosts.


The home directory of the recipient.


The version number.


Sender address validated by identd.

The current version of sendmail allows macros to have multi-character names. Table E-8 lists the macros that use long names.

Table E-8. Reserved macros with long names




Identity of the authenticated user.


Source of the authentication.


The number of bits in the encryption key used by AUTH.


The type of authentication mechanism used.


The values from the ESMTP BODY parameter.


The distinguished name of the certificate authority.


The distinguished name of the subject of the certificate.


The length of the encryption key used for the connection.


The encryption technique used for the connection.


The IP address of the remote client connected to TCP port 25.


The canonical name of the client connected to TCP port 25.


The source port number used by the remote client.


The keyword OK, FAIL, Forged or TEMP that indicates the result of a reverse DNS lookup using the client's IP address.


The contents of the current header during header processing.


The IP address of the network interface from which the daemon accepts mail. Normally to indicate all interfaces.


The protocol family being used. Normally inet to indicate TCP/IP. Other values are inet6, iso, and ns.


The flags set by the DaemonPortOption command, if any.


General information about the daemon.


The daemon name, which is usually Daemon1 unless a daemon name is defined by the DaemonPortOptions command.


The port that the daemon is listening on, usually 25.


The current delivery mode.


The DSN ENVID value from the Mail From: header.


The length of the string stored in {currHeader}.


The name of the current header during header processing.


The IP address of the network interface used by the current incoming connection.


The hostname assigned to the network interface used by the current incoming connection.


The user's mail address from the mail delivery triple created from the MAIL From: envelope header.


The hostname from the mail delivery triple created from the MAIL From: envelope header.


The mailer name from the mail delivery triple created from the MAIL From: envelope header.


The value from the incoming Message-Id: header.


The number of delivery attempts.


The operating mode from the sendmail command line.


The length of time between queue runs defined by the -q command-line option.


The user's mail address from the mail delivery triple created from the RCPT To: envelope header.


The hostname from the mail delivery triple created from the RCPT To: envelope header.


The mailer name from the mail delivery triple created from the RCPT To: envelope header.


The IP address of the remote server for the outgoing connection.


The name of the remote server for the outgoing connection.


The TLS/SSL version used for the connection.


The result of the verification process.

E.4.2 sendmail Classes

As the previous tables show, sendmail has many internal macros. It also has several internal classes. Most of these classes still use single-character names. A few use the newer long names. The full list of internal classes is shown in Table E-9.

Table E-9. Internal sendmail classes




Domain names included in the bestmx-is-local process.


Usernames that should not be masqueraded.


Domains that should be looked up in the genericstable.


Local users that are not forwarded to MAIL_HUB or LOCAL_RELAY.


Supported MIME Content-Transfer-Encodings. Initialized to 7bit, 8bit, and binary.


The system's UUCP node names.


Domains that should be masqueraded.


All local domains for this host.


MIME body types that should never be 8- to 7-bit encoded. Initialized to multipart/signed.


MIME Content-Types that should not be Base64-encoded. Initialized to text/plain.


Hosts and domains that should not be masqueraded.


Characters that cannot be used in local usernames.


Pseudo-domain names, such as REDIRECT.


Domains for which this system will relay mail.


MIME message subtypes that can be processed recursively. Initialized to rfc822.


The list of trusted users.


The UUCP hosts that are locally connected.


The UUCP hosts reached via the relay defined by $V.


The UUCP hosts reached via the relay defined by $W.


The UUCP hosts reached via the relay defined by $X.


Directly connected "smart" UUCP hosts.


Directly connected UUCP hosts that use domain names.


A literal dot (.).


A literal left bracket ([).


A list of domains that can be rerouted based on LDAP lookups.


A list of hosts and domains that are valid virtual hostnames.


All hostnames this system will accept as its own.

E.4.3 sendmail Options

A large number of sendmail options can be set inside the sendmail configuration file. Chapter 10 provides the syntax of the option command in Table 10-1 and several examples of options. The complete list of options is:

AliasFile=[ class:] file, [ class:] file...

Identifies the alias file(s). class is optional and defaults to implicit. Valid classes are implicit, hash, dbm, stab (internal symbol table) or nis. The selected database class must be a database type that was compiled into sendmail on your system. file is the pathname of the alias file.

AliasWait= timeout

Wait timeout minutes for an "@:@" entry to appear in the alias database before starting up. When timeout expires, automatically rebuild the database if AutoRebuildAliases is set; otherwise, issue a warning.

AuthMechanisms= list

Advertise the listed authentication mechanisms.

AuthOptions= list

Lists the options supported with the SMTP AUTH argument.


Accept illegal HELO SMTP commands that don't contain a hostname.


Automatically rebuild the alias database when necessary. The preferred method is to rebuild the alias database with an explicit newaliases command.

BlankSub= c

Use c as the blank substitution character to replace unquoted spaces in addresses. The default is to leave the spaces unchanged.

CACERTFile= filename

Identifies the file that contains the certificate of a certificate authority.

CACERTPath= path

Defines the path to the directory that contains the certificates of various certificate authorities.


Check that the delivery address in each alias is valid when rebuilding the alias database. Normally this check is not done. Adding this check slows the database build substantially. This is a Boolean.

CheckpointInterval= n

Checkpoint the queue after every n items are processed to simplify recovery if your system crashes during queue processing. The default is 10.

ClassFactor= fact

The multiplier used to favor messages with a higher value in the Priority: header. Defaults to 1800.

ClientCertFile= file

Identifies the file that contains the certificate used when this system acts as a client.

ClientKeyFile= file

Identifies the file that contains the private key used when this system acts as a client.

ClientPortOptions= options

Defines nonstandard settings used when this system acts as an SMTP client. options is a comma-separated list of keyword=value pairs. Valid keyword=value pairs are:

Port= port

Defines the source port number the client uses for outbound connections. port can be specified by number or name. If a name is used, the name must be defined in /etc/services. By default, the source port for an outbound connection is generated by the system for the connection.

Addr= address

Defines the address of the network interface the client uses for outbound connections. The value for address can be written in dotted decimal notation or as a name. By default, any available interface is used.

Family= protocol

Defines the protocol family used for the connection. inet, which is the default, is the protocol family for TCP/IP.

SndBufSize= bytes

Defines the size of the send buffer.

RcvBufSize= bytes

Defines the size of the receive buffer.

Modifier= flags

Defines the daemon flags for the client. Only one flag, h, is available. The h flag tells the client to use the name assigned to the interface on the SMTP HELO or EHLO command.


Accept colons in email addresses (e.g., host:user). Colons are always accepted in pairs in mail routing (nodename::user) or in RFC 822 group constructs (groupname: member1, member2, ...;). By default, this option is "on" if the configuration version level is less than 6.

ConnectionCacheSize= n

The number of connections that can be held open (cached) by this instantiation of sendmail. The default is 1. The maximum is 4. 0 causes connections to be closed immediately after the data is sent, which is the traditional way sendmail operated.

ConnectionCacheTimeout= timeout

The amount of time an inactive cached connection is held open. After timeout minutes of inactivity, it is closed. The default is 5 minutes.

ConnectionRateThrottle= n

Limits the number of incoming connections accepted in any 1-second period to n. The default is 0, which means no limit.

ConnectOnlyTo= address

Limits all SMTP connections to a single destination address. Used only for testing.

ControlSocketName= path

Defines the path of the Unix control socket used to manage daemon connections. By default, this is not defined.

DaemonPortOptions= options

Sets SMTP server options. The options are key=value pairs. The options are:

Port= portnumber

where portnumber is any valid port number. It can be specified with the number or the name found in /etc/services. The default is port 25, SMTP.

Addr= mask

where mask is an IP address mask specified either in dotted decimal notation or as a network name. The default is INADDR-ANY, which accepts all addresses.

Family= addressfamily

where addressfamily is a valid address family (see the ifconfig command). The default is INET, which allows IP addresses to be used.

Listen= n

where n is the number of queued connections allowed. The default is 10.

SndBufSize= n

where n is the send buffer size.

RcvBufSize= n

where n is the receive buffer size.

DataFileBufferSize= bytes

Defines the maximum amount of memory that can be used to buffer a data file.

DeadLetterDrop= file

Defines the file where messages that cannot be returned to the sender or sent to the postmaster account are stored.

DefaultAuthInfo= file

Defines the file that contains the authentication information needed for outbound connections.

DefaultCharSet= charset

The character set placed in the Content-Type: header when 8-bit data is converted to MIME format. The default is unknown-8bit. This option is overridden by the Charset= field of the mailer descriptor.

DefaultUser= user[: group]

The default user ID and group ID for mailers without the S flag in their definitions. If group is omitted, the group associated with user in the /etc/passwd file is used. The default is 1:1.

DeliveryMode= x

Deliver in mode x, where x is i (interactive delivery), b (background delivery), q (queue the message), or d (defer until the queue run). The default is b.

DHParameters= parameters

Defines the DH parameters used for DSA/DH encryption.

DialDelay= delaytime

Delay delaytime seconds before redialing a failed connection on dial-on-demand networks. The default is 0 (no redial).

DontBlameSendmail= options

Disables sendmail's file security checks. options is a comma-separated list of keywords that disable specific security checks. The values for this option are set by the confDONT_BLAME_SENDMAIL define command in the m4 source file. The valid keywords for the options list are:


Allow the chown command because it is only available to the root user.


Accept any directory path in an F command.


Don't issue a warning about an unsafe path for the .forward file.


Accept the error header file regardless of its directory path.


Permit delivery to a file that is really a hard link.


Permit delivery to a file that is really a symbolic link.


Accept a .forward file even if it is in an unsafe directory.


Accept program and file references from a .forward file even if it is in an unsafe directory.


Accept a .forward file even if it is in a group-writable directory.


Accept the aliases file even if it is group-writable.


Accept all group-writable directories as "safe."


Accept a .forward file even if it is group-writable.


Accept :include: files even if they are group-writable.


Accept the help file even if it is in an unsafe directory.


Accept :include: files even if they are from unsafe directories.


Accept program and file references from :include: files even if they are in an unsafe directory.


Accept :include: files even if they are in a group-writable directory.


Use STARTTLS even if the random seed generator for SSL is inadequate.


Accept an aliases file that is a link in a writable directory.


Load class values from files that are links in writable directories.


Accept .forward files that are links in writable directories.


Accept :include: files that are links in writable directories.


Accept database files that are links in writable directories.


Accept a service switch file that is a link in a writable directory.


Accept database files that are in unsafe directories.


Don't flag file and program deliveries as unsafe when sendmail is not running as root.


Run programs that are in writable directories.


Run programs that are group- or world-writable.


Leave all of the safety checks on. This is the default.


Trust group- and world-writable directories if the sticky bit is set.


Accept the aliases file even if it is world-writable.


Write to database files even if they are really hard links.


Write to database files even if they are really symbolic links.


Write to the status file even if it is really a hard link.


Write to the status file even if it is really a symbolic link.


Disable the $[name$] syntax used to convert nicknames to canonical names.


Don't use the initgroups(3) call. This setting reduces NIS server load, but limits a user to the group associated with that user in /etc/passwd.


If set to true, this stops sendmail from adding the names and addresses of the network interfaces to class w. The default is false, so interface names and addresses are stored in class w.


Don't optimize explicit mail routes. Normally, sendmail makes a route as direct as possible. However, optimizing the route may not be appropriate for systems located behind a firewall.

DoubleBounceAddress= error-address

Send the report of an error that occurs when sending an error message to error-address. The default is postmaster.

EightBitMode= action

Handle undeclared 8-bit data by following the specified action. The possible actions are: s (strict), reject undeclared 8-bit data; m (mime), convert it to MIME; and p (pass), pass it through unaltered.

ErrorHeader= file-or-message

Prepend file-or-message to outgoing error messages. If file-or-message is the path to a text file that is to be prepended, it must begin with a slash. If this option is not defined, nothing is prepended to error messages.

ErrorMode= x

Handle errors messages according to x, where x is: p (print messages); q (give exit status but no messages); m (mail back messages); w (write messages to the user's terminal); or e (mail back messages and always give zero exit status). If this option is not defined, error messages are printed.

FallbackMXhost= fallbackhost

Use fallbackhost as a backup MX server for every host.


Run a separate process for every item delivered from the queue. This option reduces the amount of memory needed to process the queue.

ForwardPath= path

The path to search for .forward files. Multiple paths can be defined by separating them with colons. The default is $z/.forward.

HelpFile= file

The path to the help file.


Queue mail for outgoing mailers that have the e (expensive) mailer flag. Normally mail is delivered immediately.

HostsFile= path

The path to the hosts file. The default is /etc/hosts.

HostStatusDirectory= path

Directory in which host status information is stored so that it can be shared between sendmail processes. Normally, the status of a host or connection is only known by the process that discovers that status. To function, this option requires that ConnectionCacheSize be set to at least 1.


Ignore dots in incoming messages. Dots cannot be ignored by SMTP mail because they are used to mark the end of a mail message.

LDAPDefaultSpec= specification

The default specification used for LDAP databases.

LogLevel= n

n indicates the level of detail stored in the log file. n defaults to 9, which is normally plenty of detail.


Check the username from the email address against the GECOS field of the passwd file if it was not found in the alias database or in the username field of the passwd file. This option is not recommended.

MaxAliasRecursion= n

Aliases can point to other aliases before finally resolving to the actual mail address. This option defines how deep aliases can be nested before resolving to a mail address. The default for n is 10.

MaxDaemonChildren= n

Refuse connections when n children are processing incoming mail. Normally sendmail sets no arbitrary limit on child processes.

MaxHeadersLength= bytes

The maximum length allowed for all of the headers taken together.

MaxHopCount= n

Assume a message is looping when it has been processed more than n times. The default is 25.

MaxHostStatAge= n

Retain host status information for n minutes.

MaxMessageSize= n

The maximum message size advertised in response to the ESMTP EHLO. Messages larger than this are rejected.

MaxMimeHeaderLength= size

The maximum length of MIME header fields.

MaxQueueRunSize= n

The maximum number of items that can be processed in a single queue run. The default is no limit.

MaxRecipientsPerMessage= n

n limits the maximum number of recipients for a single message. If it is not specified, there is no limit.


Send a copy to the sender.

MinFreeBlocks= n

Don't accept incoming mail unless n blocks are free in the queue filesystem.

MinQueueAge= n

Don't process any jobs that have been in the queue less than n minutes.

MustQuoteChars= s

The list of characters added to the set "@,;:\( )[]" that must be quoted when used in the username part of an address. If MustQuoteChars is specified without an s value, it adds "." to the standard set of quoted characters.

NoRecipientAction= action

The action taken when a message has no valid recipient headers. action can be none to pass the message on unmodified, add-to to add a To: header using the recipient addresses from the envelope, add-apparently-to to add an Apparently-To: header, add-to-undisclosed to add a "To: undisclosed-recipients:;" header, or add-bcc to add an empty Bcc: header.


Allow spaces to delimit names. Normally, commas delimit names.

OperatorChars= charlist

The list of operator characters that are normally defined in macro o. The default is the standard set of operators. See the discussion of rewrite tokens and the use of operators in determining tokens in Chapter 10.

ProcessTitlePrefix= prefix

A string used on the heading of process status reports.

PostmasterCopy= username

Copy error messages to username. The default is not to send copies of error messages to the postmaster.

PrivacyOptions= options

Set SMTP protocol options, where options is a comma-separated list containing one or more of these keywords:


allow all commands


require HELO or EHLO before MAIL


require HELO or EHLO before EXPN


disable EXPN


require HELO or EHLO before VRFY


disable VRFY


restrict mailq to users with group access to the queue directory


only root and the owner of the queue directory are allowed to run the queue


don't return successful delivery messages


disable all SMTP status queries


put X-Authentication-Warning: headers in messages

QueueDirectory= directory

The pathname of the queue directory.

QueueFactor= factor

The factor used with the difference between the current load and the load average limit and with the message priority to determine if a message should be queued or sent immediately. The idea is to queue low-priority messages if the system is currently heavily loaded. It defaults to 600000.

QueueLA= n

Queue messages when the system load average exceeds n. The default is 8.

QueueSortOrder= sequence

Sort the queue in the sequence specified, where sequence is: h (hostname sequence); t (submission time sequence); or p (message priority order). Priority ordering is the default.

RandFile= file

Points to a file that provides pseudo-random data for certain encryption techniques. This is used only if the compile option HASURANDOM is not available.

ResolverOptions= options

Set resolver options. Available option values are: debug, aaonly, usevc, primary, igntc, recurse, defnames, stayopen, and dnsrch. The option can be preceded by a plus (+) to turn it on or a minus (-) to turn it off. One other option, HasWildcardMX, is specified without a + or -. Simply adding HasWildcardMX turns the option on.


If set to true, treat a Return-Receipt-To: header as a request for delivery service notification (DSN). The default is false.