There are a number of global options that can be set from a configuration file. Options are represented by full words.
The syntax for an option line is:
O option=value
This sets the option named option equal to value. Note that there must be a space between the uppercase 'O' and the name of the option.
All filenames used in options should be absolute paths. Relative filenames will most likely cause surprises during operation.
AliasFile=spec, spec - Specify possible alias file(s). Each spec should be in the format 'class: info' where class: is optional and defaults to 'implicit'. Note that info is required for all classes except "ldap". For the "ldap" class, if info is not specified, a default info value is used as follows:
-k (&(objectClass=sendmailMTAAliasObject)
(sendmailMTAAliasName=aliases)
(|(sendmailMTACluster=${sendmailMTACluster})
(sendmailMTAHost=$j))
(sendmailMTAKey=%0))
-v sendmailMTAAliasValue
Depending on how Sendmail is compiled, valid classes are "implicit" (search through a compiled-in list of alias file types, for backward compatibility), "hash" (if NEWDB is specified), "btree" (if NEWDB is specified), "dbm" (if NDBM is specified), "stab" (internal symbol table - not normally used unless you have no other database lookup), "sequence" (use a sequence of maps previously declared), "ldap" (if LDAPMAP is specified), or "nis" (if NIS is specified). If a list of specs are provided, Sendmail searches them in order.
AliasWait=timeout - If set, wait up to timeout (units default to minutes) for an "@:@" entry to exist in the alias database before starting up. If it does not appear in the timeout interval issue a warning.
AllowBogusHELO=boolean - If set, allow HELO SMTP commands that do not include a host name. Setting this violates RFC 1123, but is necessary to interoperate with several SMTP clients. If there is a value, it is still checked for legitimacy.
AuthMaxBits=N - Limits the maximum encryption strength for the security layer in SMTP AUTH (SASL). Default is essentially unlimited. This allows you to turn off additional encryption in SASL if STARTTLS is already encrypting the communication, because the existing encryption strength is taken into account when choosing an algorithm for the security layer. For example, if STARTTLS is used and the symmetric cipher is 3DES, then the keylength (in bits) is 168. Hence setting AuthMaxBits to 168 will disable any encryption in SASL.
AuthMechanisms= - List of authentication mechanisms for AUTH (separated by spaces). The advertised list of authentication mechanisms will be the intersection of this list and the list of available mechanisms as determined by the Cyrus SASL library. If STARTTLS is active, EXTERNAL will be added to this list. In that case, the value of {cert_subject} is used as authentication id.
AuthOptions= - List of options for SMTP AUTH consisting of single characters with intervening white space or commas.
A - Use the AUTH= parameter for the MAIL FROM command only when authentication succeeded. This can be used as a workaround for broken MTAs that do not implement RFC 2554 correctly.
a - protection from active (non-dictionary) attacks during authentication exchange.
c - require mechanisms which pass client credentials, and allow mechanisms which can pass credentials to do so.
d - don't permit mechanisms susceptible to passive dictionary attack.
f - require forward secrecy between sessions (breaking one won't help break next).
m - require mechanisms which provide mutual authentication (only available if using Cyrus SASL v2 or later).
p - don't permit mechanisms susceptible to simple passive attack (e.g., PLAIN, LOGIN), unless a security layer is active.
y - don't permit mechanisms that allow anonymous login. The first option applies to sendmail as a client, the others to a server. Example:
O AuthOptions=p,y
would disallow ANONYMOUS as AUTH mechanism and would allow PLAIN and LOGIN only if a security layer (e.g., provided by STARTTLS) is already active. The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the selected SASL mechanisms. Explanations of these properties can be found in the Cyrus SASL documentation.
AuthRealm= - The authentication realm that is passed to the Cyrus SASL library. If no realm is specified, $j is used.
BadRcptThrottle=N - If set, and you have more than the specified number of recipients in a single SMTP envelope that are rejected, sleep for one second after each rejected RCPT command.
BlankSub=c - Set the blank substitution character to c. Unquoted spaces in addresses are replaced by this character. Defaults to a space character.
CACertFile= - File containing one or more CA certificates - used by STARTTLS
CACertPath= - Path to directory with certificates of CA's. This directory must contain the hashes of each CA certificate as filenames or as links to them.
CheckAliases=boolean - Validate the RHS (Right hand side) of aliases when rebuilding the alias database.
CheckpointInterval=N - Checkpoints the queue every N (default 10) addresses sent. If your system crashes during delivery to a large list, this prevents retransmission to any but the last N recipients.
ClassFactor=fact - The indicated factor is multiplied by the message class (determined by the Precedence: field in the user header and the P lines in the configuration file) and subtracted from the priority. Thus, messages with a higher Priority: will be favored. Defaults to 1800.
ClientCertFile= - File containing the certificate of the client, this certificate is used when Sendmail acts as client for STARTTLS.
ClientKeyFile= - File containing the private key belonging to the client certificate for STARTTLS if Sendmail runs as client.
ClientPortOptions=options - Set client SMTP options. The options are key=value pairs separated by commas. Known keys are:
Addr - Address mask (defaults to INADDR_ANY)
Family - Address family (defaults to INET)
Modifier - Options (flags) for the client
Port - Name/number of source port for connection (defaults to any free port)
RcvBufSize - Size of TCP receive buffer
SndBufSize - Size of TCP send buffer
The Address mask may be a numeric address in dot notation or a network name. Modifier can be the following character:
A - don't use AUTH when sending e-mail
h - use name of interface for HELO command
S - don't use STARTTLS when sending e-mail
If 'h' is set, the name corresponding to the outgoing interface address (whether chosen via the Connection parameter or the default) is used for the HELO/EHLO command. However, the name must not start with a square bracket and it must contain at least one dot. This is a simple test to see if the name is not an IP address (in square brackets) but a qualified hostname. Note: that multiple Client-PortOptions settings are allowed in order to give settings for each protocol family (one for Family=inet and one for Family=inet6). A restriction placed on one family only affects outgoing connections on that particular family.
ColonOkInAddr=boolean - If set, colons are acceptable in e-mail addresses, (e.g., "host:user"). If not set, colons indicate the beginning of a RFC 822 group construct ("groupname: member1, member2, ... memberN;"). Doubled colons are always acceptable ("nodename::user") and proper route-addr nesting is understood ("<@relay:user@host>"). Furthermore, this option defaults to on if the configuration files version level is less than 6 for backwards compatibility. However, it must be off for full compatibility with RFC 822.
ConnectionCacheSize=N - The maximum number of open connections that will be cached at a time. The default is one. This delays closing the current connection until either this invocation of sendmail needs to connect to another host or it terminates. Setting it to zero defaults to the old behavior, that is, connections are closed immediately. Since this consumes file descriptors, the connection cache should be kept small: 4 is probably a practical maximum.
ConnectionCacheTimeout=timeout - The maximum amount of time a cached connection will be permitted to idle without activity. If this time is exceeded, the connection is immediately closed.
This value should be small (on the order of ten minutes). Before sendmail uses a cached connection, it always sends a RSET command to check the connection; if this fails, it reopens the connection. This keeps your end from failing if the other end times out. The point of this option is to be a good network neighbor and avoid using up excessive resources on the other end. The default is five minutes.
ConnectionRateWindowSize=N - Define the length of the interval for which the number of incoming connections is maintained. The default is 60 seconds.
ConnectOnlyTo=address - This can be used to override the connection address for testing purposes.
ConnectionRateThrottle=N - If set to a positive value, allows no more than N incoming connections in a one second period per daemon. This is intended to flatten out peaks and allow the load average checking to cut in. Defaults to zero (no limits).
ControlSocketName=name - Name of the control socket for daemon management. A running Sendmail daemon can be controlled through this named socket. Available commands are: help, mstat, restart, shutdown, and status. The status command returns the current number of daemon children, the maximum number of daemon children, the free disk space (in blocks) of the queue directory, and the load average of the machine expressed as an integer. If this is not set, no control socket will be available. Solaris and pre-4.4BSD kernel users should see the note in sendmail/README.
CRLFile=name - Name of file that contains certificate revocation status, useful for X.509v3 authentication. CRL checking requires at least OpenSSL version 0.9.7. Note: if a CRLFile is specified but the file is unusable, STARTTLS is disabled.
DaemonPortOptions=options - Set server SMTP options. Each instance of DaemonPortOptions leads to an additional incoming socket. The options are key=value pairs. Known keys are:
Addr - Address mask (defaults INADDR_ANY)
children - Maximum nuber of children per daemon, see MaxDaemonChildren
delayLA - delayLA per daemon
Delivery Mode - Delivery Mode per daemon, see DeliveryMode
Family - Address family (defaults to INET)
InputMailFilters - List of input mail filters for the daemon
Listen - Size of listen queue (defaults to 10)
Modifier - Options (flags) for the daemon
Name - User-definable name for the daemon (defaults to "Daemon#")
Port - Name/number of listening port (defaults to "smtp")
queueLA - queueLA per daemon
RcvBufSize - Size of TCP receive buffer
refuseLA - refuseLA per daemon
SndBufSize - Size of TCP send buffer
The Name key is used for error messages and logging. The Address mask may be a numeric address in dot notation or a network name. The Family key defaults to INET (IPv4). IPv6 users who wish to also accept IPv6 connections should add additional Family=inet6 DaemonPortOptions lines. The InputMailFilters key overrides the default list of input mail filters listed in the InputMailFilters option.
If multiple input mail filters are required, they must be separated by semicolons (not commas). Modifier can be a sequence (without any delimiters) of the following characters:
a - always require authentication
b - bind to interface through which mail has been received
c - perform hostname canonification (.cf)
f - require fully qualified hostname (.cf)
s - Run smtps (SMTP over SSL) instead of smtp
u - allow unqualified addresses (.cf)
A - disable AUTH (overrides 'a' modifier)
C - don't perform hostname canonification
E - disallow ETRN (see RFC 2476)
O - optional; if opening the socket fails ignore it
S - don't offer STARTTLS
That is, one way to specify a message submission agent (MSA) that always requires authentication is:
O DaemonPortOptions=Name=MSA, Port=587, M=Ea
The modifiers that are marked with "(.cf)" have only effect in the standard configuration file, in which they are available via ${daemon_flags}. Notice: Do not use the ''a'' modifier on a public accessible MTA! It should only be used for a MSA that is accessed by authorized users for initial mail submission. Users must authenticate to use a MSA which has this option turned on. The flags ''c'' and ''C'' can change the default for hostname canonification in the sendmail.cf file.
See the relevant documentation for FEATURE(nocanonify). The modifier ''f'' disallows addresses of the form user@host unless they are submitted directly. The flag ''u'' allows unqualified sender addresses, i.e., those without @host. ''b'' forces sendmail to bind to the interface through which the e-mail has been received for the outgoing connection. WARNING: Use ''b'' only if outgoing mail can be routed through the incoming connection's interface to its destination.
No attempt is made to catch problems due to a misconfiguration of this parameter, use it only for virtual hosting where each virtual interface can connect to every possible location. This will also override possible settings via ClientPortOptions.
Note, sendmail will listen on a new socket for each occurrence of the DaemonPortOptions option in a configuration file. The modifier ''O'' causes sendmail to ignore a socket if it can't be opened. This applies to failures from the socket and bind calls.
DataFileBufferSize=threshold - Sets the threshold, in bytes, before a memory-based queue data file becomes disk-based. The default is 4096 bytes.
DeadLetterDrop=file - Defines the location of the system-wide dead.letter file, formerly hard coded to /usr/tmp/dead.letter. If this option is not set (the default), Sendmail will not attempt to save to a system-wide dead.letter file in the event it cannot bounce the mail to the user or postmaster. Instead, it will rename the qf file as it has in the past when the dead.letter file could not be opened.
DefaultCharSet=charset - When a message that has 8-bit characters but is not in MIME format is converted to MIME (see the EightBitMode option) a character set must be included in the Content-Type: header. This character set is normally set from the Charset= field of the mailer descriptor. If that is not set, the value of this option is used. If this option is not set, the value "unknown-8bit" is used.
DefaultUser=user:group - Set the default userid for mailers to user:group. If group is omitted and user is a user name (as opposed to a numeric user id) the default group listed in the /etc/passwd file for that user is used as the default group. Both the user and the group may be numeric. Mailers without the S flag in the mailer definition will run as this user. Defaults to 1:1.
DelayLA=LA - When the system load average exceeds LA (load average), Sendmail will sleep for one second on most SMTP commands and before accepting connections.
DeliverByMin=time - Set the minimum time for deliver by SMTP service extension (RFC 2852). If 0 (zero), no time is listed, if less than 0, the extension is not offered, if greater than 0, it is listed as the minimum time for the EHLO keyword, DELIVERBY.
DeliveryMode=x - Deliver in mode x. Legal modes are:
b - Deliver in background (asynchronously)
d - Defer delivery and all map lookups (deliver during queue run)
i - Deliver interactively (synchronously)
q - Just queue the message (deliver during queue run)
Defaults to 'b' if no option is specified, 'i' if it is specified but given no argument. The -v command line flag sets this to i.
DHParameters= File with DH parameters for STARTTLS. This is only required if a ciphersuite containing DSA/DH is used. This is only for people with a good knowledge of TLS, all others can ignore this option.
DialDelay=sleeptime - This is used for dial-up connections. If this is set to an interval and a connection times out on the first connection being attempted Sendmail will sleep for this amount of time and try again. This should give your system time to establish the connection to your service provider. Units default to seconds, so "DialDelay=5" uses a five second delay. This defaults to zero (no retry). This delay only applies to mailers which have the Z flag set.
DirectSubmissionModifiers=modifiers - Defines ${daemon_flags} for direct (command line) submissions. If not set, ${daemon_flags} is either "CC f" if the option -G is used or "c u" otherwise. Note that only the "CC", "c", "f", and "u" flags are checked.
DontBlameSendmail=option,option - In order to avoid possible cracking attempts caused by world and group-writable files and directories, Sendmail does paranoid checking when opening most of its support files. If for some reason you absolutely must run with, for example, a group-writable /etc directory, then you will have to turn off this checking (at the cost of making your system more vulnerable to attacks). Use of this option is not recommended. The complete list of items that you can set will be discussed on the Security web page.
DontExpandCnames=boolean - The standards say that all host addresses used in a mail message must be fully canonical. For example, if your host is named "silly.foo.org" and also has an alias of "ftp.foo.org", the former name must be used at all times. This is enforced during host name canonification ($[ ... $] lookups).. If this option is set, the protocols are ignored and the "wrong" thing is done. However, the IETF is moving toward changing this standard, so the behavior may become acceptable. Please note that hosts downstream may still rewrite the address to be the true canonical name however.
DontInitGroups=boolean - If set, Sendmail will avoid using the initgroups call. If you are running NIS, this causes a sequential scan of the groups.byname map, which can cause your NIS server to be badly overloaded in a large domain. The cost of this is that the only group found for users will be their primary group (the one in the password file), which will make file access permissions somewhat more restrictive. This has no effect on systems that don't have group lists.
DontProbeInterfaces=boolean - Sendmail normally finds the names of all interfaces active on your machine when it starts up and adds their name to the $=w class of known host aliases. If you have a large number of virtual interfaces or if your DNS inverse lookups are slow this can be time consuming. This option turns off that probing. However, you will need to be certain to include all variant names in the $=w class by some other mechanism. If set to loopback, loopback interfaces will not be probed.
DontPruneRoutes=boolean - Normally, Sendmail tries to eliminate any unnecessary explicit routes when sending an error message. For example, when sending an error message to <@known1, @known2, @known3:user@unknown> Sendmail will strip off the "@known1,@known2" in order to make the route as direct as possible. However, if this option is set to true, this will be disabled, and the mail will be sent to the first address in the route, even if later addresses are known. This may be useful if you are caught behind a firewall.
DoubleBounceAddress=error-address - If an error occurs when sending an error message, send the error report (termed a "double bounce" because it is an error "bounce" that occurs when trying to send another error "bounce") to the indicated address. The address is macro expanded at the time of delivery. If it is not set, it defaults to "postmaster". If set to an empty string, double bounces are dropped.
EightBitMode=action - Set handling of eight-bit data. There are two kinds of eight-bit data, that declared as such using the BODY=8BITMIME ESMTP declaration or the -B8BITMIME command line flag, and undeclared 8-bit data, that is, input that just happens to be eight bits. There are three things that can happen:
undeclared 8-bit data can be automatically converted to 8BITMIME,
undeclared 8-bit data can be passed as-is without conversion to MIME ('just send 8'),
declared 8-bit data can be converted to 7-bits for transmission to a non 8 bit mailer.
The possible actions are:
m - Convert undeclared 8-bit data to MIME ('mime')
p - Pass undeclared 8-bit data ('pass')
s - Reject undeclared 8-bit data ('strict')
In all cases properly declared 8BITMIME data will be converted to 7BIT as needed.
ErrorHeader=file-or-message - Prepend error messages with the indicated message. If it begins with a slash, it is assumed to be the pathname of a file containing a message (this is the recommended setting). Otherwise, it is a literal message. The error file might contain the name, email address, and/or phone number of a local postmaster who could provide assistance to end users. If the option is missing or null, or if it names a file which does not exist or which is not readable, no message is printed.
ErrorMode=x - Dispose of errors using mode x. The values for x are:
e = Mail back errors (when applicable) and give zero exit status always
m = Mail back errors
p = Print error messages (default)
q = No messages, just give exit status
w = Write back errors (mail if user not logged in)
Note that mode, "e", is for Berknet error processing and should not be used in normal circumstances. Note, too, that mode "q", only applies to errors recognized before sendmail forks for background delivery.
FallbackMXhost=fallbackhost - If specified, the fallbackhost acts like a very low priority MX on every host. MX records will be looked up for this host, unless the name is surrounded by square brackets. This is intended to be used by sites with poor network connectivity. Messages which are undeliverable due to temporary address failures (DNS failure) also go to the FallbackMXhost.
FallBackSmartHost=hostname - If specified, the FallBackSmartHost will be used in a last-ditch effort for each host. This is intended to be used by sites with "fake internal DNS", e.g., a company who's DNS accurately reflects the world inside that company's domain but not outside.
FastSplit=1 - If set to a value greater than zero (the default is one), it suppresses the MX lookups on addresses when they are initially sorted, e.g., for the first delivery attempt. This usually results in faster envelope splitting unless the MX records are readily available in a local DNS cache. To enforce initial sorting based on MX records set FastSplit to zero. If the mail is submitted directly from the command line, then the value also limits the number of processes used to deliver the envelopes; if more envelopes are created they are only queued up and must be taken care of by a queue run. Since the default submission method is via SMTP (either from a MUA or via the MSP), the value of FastSplit is seldom used to limit the number of processes to deliver the envelopes.
ForkEachJob=boolean - If set, deliver each job that is run from the queue in a separate process.
ForwardPath=path - Set the path used for searching for users' .forward files. The default is "$z/.forward". Some sites that use the automounter may prefer to change this to "/var/forward/$u" to search for a file with the same name as the user in a system directory. It can also be set to a sequence of paths separated by colons; Sendmail stops at the first file it can successfully and safely open. For example, "/var/forward/$u:$z/.forward" will search first in /var/forward/username and then in ~username/.forward (only if the first file does not exist).
HelpFile=file - Specify the name of the help file for SMTP. If no file name is specified, "helpfile" is used.
HeloName=name - Set the name to be used for HELO/EHLO (instead of $j).
HoldExpensive=boolean - If an outgoing mailer is marked as being expensive, don't connect immediately.
HostsFile=path - The path to the hosts database, normally "/etc/hosts". This option is only consulted when Sendmail is canonifying addresses, and then only when "files" is in the "hosts" service switch entry. In particular, this file is never used when looking up host addresses; that is under the control of the system gethostbyname routine.
HostStatusDirectory=path - The location of the long term host status information. When set, information about the status of hosts (host down or not accepting connections) will be shared between all Sendmail processes; normally, this information is only held within a single queue run. This option requires a connection cache of at least 1 to function. If the option begins with a leading '/', it is an absolute pathname; otherwise, it is relative to the mail queue directory. A suggested value for sites desiring persistent host status is ".hoststat"
IgnoreDots=boolean - Ignore dots in incoming messages. This is always disabled (that is, dots are always accepted) when reading SMTP mail.
InputMailFilters=name,name - A comma separated list of filters which determines which filters and the invocation sequence of those filters which are contacted for incoming SMTP messages. If none are set, no filters will be contacted.
LDAPDefaultSpec=spec - Sets a default map specification for LDAP maps. The value should contain only LDAP specific settings such as "-h host -p port -d bindDN". The settings will be used for all LDAP maps unless the individual map specification overrides a setting. This option should be set before any LDAP maps are defined.
LogLevel=n - Set the log level to n. Defaults to 9.
MailboxDatabase=pw - Type of lookup to find information about local mailboxes, defaults to 'pw' which uses getpwnam. Other types can be introduced by adding them to the source code, see libsm/mbdb.c for details.
MatchGECOS=boolean - Allow fuzzy matching on the GECOS field. If this flag is set, and the usual user name lookups fail (that is, there is no alias with this name and a getpwnam fails), sequentially search the password file for a matching entry in the GECOS field. This also requires that MATCHGECOS be turned on during compilation. This option is not recommended.
MaxAliasRecursion=N - The maximum depth of alias recursion (default: 10).
MaxDaemonChildren=N - If set, Sendmail will refuse connections when it has more than N children processing incoming mail or automatic queue runs. This does not limit the number of outgoing connections. If it is not set, there is no limit to the number of children.
MaxHeadersLength=N - The maximum length of the sum of all headers. This can be used to prevent a denial of service attack. The default is no limit.
MaxHopCount=N - The maximum hop count. Messages that have been processed more than N times are assumed to be in a loop and are rejected. Defaults to 25.
MaxMessageSize=N - Specify the maximum message size to be advertised in the ESMTP EHLO response. Messages larger than this will be rejected. If set to a value greater than zero, that value will be listed in the SIZE response, otherwise SIZE is advertised in the ESMTP EHLO response without a parameter.
MaxMimeHeaderLength=N[/M] - Sets the maximum length of certain MIME header field values to N characters. These MIME header fields are determined by being a member of class {checkMIMETextHeaders}, which currently contains only the header Content-Description. For some of these headers which take parameters, the maximum length of each parameter is set to M if specified. If /M is not specified, one half of N will be used. By default, these values are 2048 and 1024, respectively. To allow any length, a value of 0 can be specified.
MaxNOOPCommands=N - Override the default of MAXNOOPCOMMANDS for the number of useless commands.
MaxQueueChildren=N - When set, this limits the number of concurrent queue runner processes to N. This helps to control the amount of system resources used when processing the queue. When there are multiple queue groups defined and the total number of queue runners for these queue groups would exceed MaxQueueChildren then the queue groups will not all run concurrently. That is, some portion of the queue groups will run concurrently such that MaxQueueChildren will not be exceeded, while the remaining queue groups will be run later (in round robin order).
Sendmail does not count individual queue runners, but only sets of processes that act on a workgroup. Hence the actual number of queue runners may be lower than the limit imposed by MaxQueueChildren. This discrepancy can be large if some queue runners have to wait for a slow server and if short intervals are used.
MaxQueueRunSize=N - The maximum number of jobs that will be processed in a single queue run. If this is not set, there is no limit on the size. If you have very large queues or a very short queue run interval this could be unstable. However, since the first N jobs in queue directory order are run (rather than the N highest priority jobs) this should be set as high as possible to avoid "losing" jobs that happen to fall late in the queue directory.
MaxRecipientsPerMessage=N - The maximum number of recipients that will be accepted per message in an SMTP transaction. Setting this too low can interfere with sending mail from MUAs that use SMTP for initial submission. If this is not set, there is no limit to the number of recipients per envelope.
MaxRunnersPerQueue=N - This sets the maximum number of queue runners for queue groups. Up to N queue runners will work in parallel on a queue groups messages. This is useful where the processing of a message in the queue might delay the processing of subsequent messages. Such a delay may be the result of non-erroneous situations such as a low bandwidth connections. This setting may be overridden on a per queue group basis by setting the Runners option. The default is 1 when not set.
Milter= - This option has several sub(sub)options. The names of the suboptions are separated by dots. At the first level the following options are available:
LogLevel - Log level for input mail filter actions, defaults to LogLevel.
macros - Specifies list of macro to transmit to filters. See list below.
The ''macros'' option has the following suboptions which specify the list of macro to transmit to milters after a certain event occurred.
connect - After session connection start
data - After DATA command
envfrom - After MAIL FROM command
envrcpt - After RCPT TO command
eoh - After DATA command and header
eom - After DATA command and terminating "."
helo - After EHLO/HELO command
By default the lists of macros are empty. Example:
OMilter.LogLevel=12
OMilter.macros.connect=j, _, {daemon_name}
MinFreeBlocks=N - Insist on at least N blocks free on the filesystem that holds the queue files before accepting e-mail via SMTP. If there is insufficient space Sendmail gives a 452 response to the MAIL command. This invites the sender to try again later.
MinQueueAge=age - Don't process any queued jobs that have been in the queue less than the indicated time interval. This is intended to allow you to get responsiveness by processing the queue fairly frequently without thrashing your system by trying jobs too often. The default units are minutes.
MustQuoteChars=s - Sets the list of characters that must be quoted if used in a full name that is in the phrase part of a 'phrase <address>' syntax. The default is '. The characters @,;:\()[] are always added to this list.
Mx value - Set the macro x to value. This is intended only for use from the command line. The -M flag is preferred.
NiceQueueRun=N - The priority of queue runners (nice). This value must be greater than or equal to zero.
NoRecipientAction=Add-To - The action to take when you receive a message that has no valid recipient headers (To:, Cc:, Bcc:, or Apparently-To: header - Apparently-To: is included for backwards compatibility with old versions of Sendmail). The setting can be None to pass the message on unmodified, which violates the protocol, Add-To to add a To: header with any recipients it can find in the envelope (which might expose Bcc: recipients), Add-Apparently-To to add an Apparently-To: header (this is only for backwards-compatibility and is officially deprecated), Add-To-Undisclosed to add a header "To: undisclosed-recipients:;" to make the header legal without disclosing anything, or Add-Bcc to add an empty Bcc: header.
OldStyleHeaders=boolean - Assume that the headers may be in old format, e.g., spaces delimit names. This actually turns on an adaptive algorithm: if any recipient address contains a comma, parenthesis, or angle bracket, it will be assumed that commas already exist. If this flag is not on, only commas delimit names. Headers are always output with commas between the names. Defaults to off.
OperatorChars=charlist - The list of characters that are considered to be "operators", that is, characters that delimit tokens. All operator characters are tokens by themselves; sequences of non-operator characters are also tokens. White space characters separate tokens but are not tokens themselves. For example, "aa.bb" has three tokens, but "aa bb" has just two tokens. If this is not set, OperatorChars defaults to .:@[]; additionally, the characters ()<>,; are always operators. Note that OperatorChars must be set in the configuration file before any rulesets.
PidFile=filename - Filename of the pid file. (default is _PATH_SENDMAILPID). The filename is macro-expanded before it is opened, and unlinked when sendmail exits.
PostmasterCopy=postmaster - If set, copies of error messages will be sent to the named postmaster. Only the header of the failed message is sent. Errors resulting from messages with a negative precedence will not be sent. Since most errors are user problems, this is probably not a good idea on large sites, and arguably contains all sorts of privacy violations, but it seems to be popular with certain operating systems vendors. The address is macro expanded at the time of delivery. Defaults to no postmaster copies.
PrivacyOptions= opt,opt - Set the privacy options. 'Privacy' is really a misnomer, many of these are just a way of insisting on stricter adherence to the SMTP protocol. The options you can select from are:
authwarnings - Put X-Authentication-Warning headers in messages and log warnings
goaway - Disallow essentially all SMTP status queries
needexpnhelo - Insist on HELO or EHLO command before EXPN (expand)
needmailhelo - Insist on HELO or EHLO command before MAIL
needvrfyhelo - Insist on HELO or EHLO command before VRFY (verify)
noactualrecipient - Don't put X-Actual-Recipient lines in DSNs which reveal the actual account that addresses map to.
nobodyreturn - Don't return the body of a message with DSNs
noetrn - Disallow ETRN entirely - see SMTP commands
noexpn - Disallow EXPN entirely, implies noverbose. - Expn allows someone to expand the mailing lists on your server to see who are members of the list
noreceipts - Don't return success DSNs
noverb - Disallow VERB entirely - Verbose
novrfy - Disallow VRFY entirely - Disables verification of a local user name - Verify allows someone to verify that the e-mail address is a live account on your system
public - Allow open access
restrictexpand - Restrict -bv and -v command line flags
restrictmailq - Restrict mailq command
restrictqrun - Restrict -q command line flag
The "goaway" pseudo-flag sets all flags except "noreceipts", "restrictmailq", "restrictqrun", "restrictexpand", "noetrn", and "nobodyreturn". If mailq is restricted, only people in the same group as the queue directory can print the queue. If queue runs are restricted, only root and the owner of the queue directory can run the queue. The "restrictexpand" pseudo-flag instructs Sendmail to drop privileges when the -bv option is given by users who are neither root nor the TrustedUser so users cannot read private aliases, forwards, or :include: files. It will add the "NonRootSafeAddr" to the "DontBlameSendmail" option to prevent misleading unsafe address warnings. It also overrides the -v (verbose) command line option to prevent information leakage. Authentication Warnings add warnings about various conditions that may indicate attempts to spoof the mail system, such as using a non-standard queue directory.
ProcessTitlePrefix=string - Prefix the process title shown on 'ps' listings with string. The string can contain macros.
QueueDirectory=dir - The QueueDirectory option serves two purposes. First, it specifies the directory or set of directories that comprise the default queue group. Second, it specifies the directory D which is the ancestor of all queue directories, and which Sendmail uses as its current working directory. When Sendmail dumps core, it leaves its core files in D. There are two cases. If dir ends with an asterisk (e.g., /var/spool/mqueue/qd*), then all of the directories or symbolic links to directories beginning with 'qd' in /var/spool/mqueue will be used as queue directories of the default queue group, and /var/spool/mqueue will be used as the working directory D. Otherwise, dir must name a directory (usually /var/spool/mqueue): the default queue group consists of the single queue directory dir, and the working directory D is set to dir. To define additional groups of queue directories, use the configuration file 'Q' command. Do not change the queue directory structure while Sendmail is running.
QueueFactor=factor - Use factor as the multiplier in the map function to decide when to just queue up jobs rather than run them. This value is divided by the difference between the current load average and the load average limit (QueueLA option) to determine the maximum message priority that will be sent. Defaults to 600000.
QueueFileMode=mode - Default permissions for queue files (octal). If not set, Sendmail uses 0600 unless its real and effective uid are different in which case it uses 0644.
QueueLA=LA - When the system load average exceeds LA and the QueueFactor (q) option divided by the difference in the current load average and the QueueLA option plus one is less than the priority of the message, just queue messages (don't try to send them). Defaults to 8 times the number of processors online on the system (if that can be determined).
QueueSortOrder=algorithm - Sets the algorithm used for sorting the queue. Only the first character of the value is used. Legal values are "host" (to order by the name of the first host name of the first recipient), "filename" (to order by the name of the queue file name), "time" (to order by the submission/creation time), "random" (to order randomly), "modification" (to order by the modification time of the qf file (older entries first)), "none" (to not order), and "priority" (to order by message priority).
Host ordering makes better use of the connection cache, but may tend to process low priority messages that go to a single host over high priority messages that go to several hosts; it probably shouldn't be used on slow network links. Filename and modification time ordering saves the overhead of reading all of the queued items before starting the queue run. Creation (submission) time ordering is almost always a bad idea, since it allows large, bulk mail to go out before smaller, personal mail, but may have applicability on some hosts with very fast connections. Random is useful if several queue runners are started by hand which try to drain the same queue since odds are they will be working on different parts of the queue at the same time. Priority ordering is the default.
QueueTimeout=timeout - A synonym for "Timeout.queuereturn". Use that form instead of the "QueueTimeout" form.
RandFile=file:/dev/random - Name of file containing random data or the name of the UNIX socket if EGD is used. A (required) prefix "egd:" or "file:" specifies the type. STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set. (see sendmail/README).
RecipientFactor=fact - The indicated factor is added to the priority (thus lowering the priority of the job) for each recipient, e.g., this value penalizes jobs with large numbers of recipients. Defaults to 30000.
RefuseLA=LA - When the system load average exceeds LA, refuse incoming SMTP connections. Defaults to 12 times the number of processors online on the system (if that can be determined).
RejectLogInterval=timeout - Log interval when refusing connections for this long (default: 3h).
RequiresDirfsync= - This option can be used to override the compile time flag REQUIRES_DIR_FSYNC at runtime by setting it to false. If the compile time flag is not set, the option is ignored. The flag turns on support for file systems that require to call fsync() for a directory if the meta-data in it has been changed. This should be turned on at least for older versions of ReiserFS; it is enabled by default for Linux. According to some information this flag is not needed anymore for kernel 2.4.16 and newer.
ResolverOptions=options - Set resolver options. Values can be set using +flag and cleared using -flag; the flags can be "debug", "aaonly", "usevc", "primary", "igntc", "recurse", "defnames", "stayopen", "use_inet6", or "dnsrch". The string "HasWildcardMX" (without a + or -) can be specified to turn off matching against MX records when doing name canonifications. The string "WorkAroundBrokenAAAA" (without a + or -) can be specified to work around some broken nameservers which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. It might be necessary to apply the same (or similar) options to submit.cf also.
RetryFactor=fact - The factor is added to the priority every time a job is processed. Thus, each time a job is processed, its priority will be decreased by the indicated value. In most environments this should be positive, since hosts that are down are all too often down for a long time. Defaults to 90000.
RrtImpliesDsn=boolean - If this option is set, a "Return-Receipt-To:" header causes the request of a DSN, which is sent to the envelope sender as required by RFC 1891, not to the address given in the header.
RunAsUser=user - The user parameter may be a user name (looked up in /etc/passwd) or a numeric user id; either form can have ":group" attached (where group can be numeric or symbolic). If set to a non-zero (non-root) value, Sendmail will change to this user id shortly after startup. This avoids a certain class of security problems. However, this means that all ".forward" and ":include:" files must be readable by the indicated user and all files to be written must be writable by the user. Also, all file and program deliveries will be marked as unsafe unless the option DontBlameSendmail=NonRootSafeAddr is set, in which case the delivery will be done as the user specified. This option is also incompatible with the SafeFileEnvironment option. In other words, it may not actually add much to security on an average system, and may in fact detract from security (because other file permissions must be loosened). However, it should be useful on firewalls and other places where users don't have accounts and the aliases file is well constrained.
SafeFileEnvironment=dir - If this option is set, Sendmail will do a chroot call into the indicated directory before doing any file writes. If the file name specified by the user begins with dir, that partial path name will be stripped off before writing, so if the SafeFileEnvironment variable is set to "/safe" then aliases of "/safe/logs/file" and "/logs/file" actually indicate the same file. Additionally, if this option is set, Sendmail refuses to deliver to symbolic links.
SaveFromLine=boolean - Save UNIX-style "From" lines at the front of headers. Normally they are assumed redundant and discarded.
SendMimeErrors=boolean - If set, send error messages in MIME format. If disabled, Sendmail will not return the DSN keyword in response to an EHLO and will not do Delivery Status Notification processing as described in RFC 1891.
ServerCertFile= - File containing the certificate of the server. This certificate is used when Sendmail acts as server (used for STARTTLS).
ServerKeyFile= - File containing the private key belonging to the server certificate (used for STARTTLS).
SevenBitInput=boolean - Strip input to seven bits for compatibility with old systems. This shouldn't be necessary.
SharedMemoryKey=0 - Key to use for shared memory segment; if not set (or 0), shared memory will not be used. If set to -1 sendmail can select a key itself provided that SharedMemoryKeyFile is also set. Requires support for shared memory to be compiled into sendmail. If this option is set, sendmail can share some data between different instances. For example, the number of entries in a queue directory or the available space in a file system. This allows for more efficient program execution, since only one process needs to update the data instead of each individual process gathering the data each time it is required.
SharedMemoryKeyFile= - If SharedMemoryKey is set to -1 then the automatically selected shared memory key will be stored in the specified file.
SingleLineFromHeader=boolean - If set, From: lines that have embedded newlines are unwrapped onto one line. This is to get around a botch in Lotus Notes that apparently cannot understand legally wrapped RFC 822 headers.
SingleThreadDelivery=boolean - If set, a client machine will never try to open two SMTP connections to a single server machine at the same time, even in different processes. That is, if another Sendmail is already talking to some host a new Sendmail will not open another connection. This property is of mixed value; although this reduces the load on the other machine, it can cause mail to be delayed (for example, if one Sendmail is delivering a huge message, other Sendmails won't be able to send even small messages). Also, it requires another file descriptor (for the lock file) per connection, so you may have to reduce the ConnectionCacheSize option to avoid running out of per-process file descriptors. Requires the HostStatusDirectory option.
SmtpGreetingMessage=message - The message printed when the SMTP server starts up. This defaults to "$j Sendmail $v ready at $b". You might want to change this to at least remove the version information so crackers have to guess which version you're running before they start looking for security holes to exploit.
SoftBounce - If set, issue temporary errors (4xy) instead of permanent errors (5xy). This can be useful during testing of a new configuration to avoid erroneous bouncing of mails.
StatusFile=file - Log summary statistics in the named file. If no file name is specified, "statistics" is used. If this is not set, no summary statistics are saved. This file does not grow in size. It can be printed by using the mailstats program.
SuperSafe= - This option can be set to True, False, Interactive, or PostMilter. If set to True, sendmail will be super-safe when running things, i.e., always instantiate the queue file, even if you are going to attempt immediate delivery. Sendmail always instantiates the queue file before returning control to the client under any circumstances.
This should really always be set to True. The Interactive value has been introduced in 8.12 and can be used together with DeliveryMode=i. It skips some synchronization calls which are effectively doubled in the code execution path for this mode. If set to PostMilter, sendmail defers synchronizing the queue file until any milters have signaled acceptance of the message. PostMilter is useful only when sendmail is running as an SMTP server; in all other situations it acts the same as True.
TempFileMode=mode - The file mode for transcript files, files to which Sendmail delivers directly, files in the HostStatusDirectory, and StatusFile. It is interpreted in octal by default. Defaults to 0600.
TimeZoneSpec=tzinfo - Set the local time zone info to tzinfo - for example, "PST8PDT". Actually, if this is not set, the TZ environment variable is cleared (so the system default is used); if this is set but has a null value, the user's TZ variable is used, and if this is set and non-null the TZ variable is set to this value.
TLSSrvOptions=V - List of options for SMTP STARTTLS for the server consisting of single characters with intervening white spaces or commas. The flag 'V' disables client verification, and hence it is not possible to use a client certificate for relaying. Currently there are no other flags available.
TrustedUser=user - The user parameter may be a user name (looked up in /etc/passwd) or a numeric user id. Trusted user is used for file ownership and starting the daemon. If set, generated alias databases and the control socket (if configured) will automatically be owned by this user.
TryNullMXList=boolean - If this system is the "best" (that is, the lowest preference) MX for a given host, its configuration rules should normally detect this situation and treat that condition specially by forwarding the mail to a UUCP feed, treating it as local, or whatever. However, in some cases (such as Internet firewalls) you may want to try to connect directly to that host as though it had no MX records at all. Setting this option causes Sendmail to try this. The downside is that errors in your configuration are likely to be diagnosed as "host unknown" or "message timed out" instead of something more meaningful. This option is not recommended.
UnixFromLine=fromline - Defines the format used when Sendmail must add a UNIX-style From_line (that is, a line beginning "From<space>user"). Defaults to "From $g $d". Don't change this unless your system uses a different UNIX mailbox format (very unlikely).
UseMSP=boolean - Use as mail submission program, e.g., allow group writable queue files if the group is the same as that of a set-group-ID Sendmail binary.
Verbose= - Run in verbose mode. If this is set, sendmail adjusts options HoldExpensive (old c) and DeliveryMode (old d) so that all mail is delivered completely in a single job so that you can see the entire delivery process. Option Verbose should never be set in the configuration file; it is intended for command line use only.
Note that the use of option Verbose can cause authentication information to leak, if you use a sendmail client to authenticate to a server. If the authentication mechanism uses plain text passwords (as with LOGIN or PLAIN), then the password could be compromised. To avoid this, do not install sendmail set-user-ID root, and disable the VERB SMTP command with a suitable PrivacyOptions setting.
XscriptFileBufferSize=threshold - Set the threshold, in bytes, before a memory-based queue transcript file becomes disk-based. The default is 4096 bytes.
All options can be specified on the command line using the -O 'oh' or -o flag, but most will cause Sendmail to relinquish its set-user-ID permissions. The options that will not cause this are SevenBitInput, EightBitMode, MinFreeBlocks, CheckpointInterval, DeliveryMode, ErrorMode, IgnoreDots, SendMimeErrors, LogLevel, OldStyleHeaders, PrivacyOptions, SuperSafe, Verbose, QueueSortOrder, MinQueueAge, DefaultCharSet, Dial Delay, NoRecipientAction, ColonOkInAddr, MaxQueueRunSize, SingleLineFromHeader, and AllowBogusHELO.
PrivacyOptions given on the command line are added to those already specified in the sendmail.cf file, e.g., they can't be reset. Also, M (define macro) when defining the r or s macros is also considered "safe".
Next Section: Timeouts - 12 of 32