More sendmail.cf

Many options and flags can be used in configuring the sendmail.cf file. All of the important configuration parameters are covered in Chapter 10. But if you are unlucky enough to have a configuration that requires you to tweak one of the more obscure parameters, you will find all of them in the following tables.

sendmail Macros

The sendmail.cf file contains a large number of macro variables. Macros are useful because they can store values specific to your configuration and yet be referenced by a macro name that is independent of your configuration. This makes it possible to use a configuration file that is essentially the same on many different systems simply by varying the value stored in the macro. This appendix lists all of the internal sendmail macros in two tables. Table E-7 lists all of the macros that use single-character names.

Table E-7. Macros with single-character names

Macro	Contents
a	The date and time the mail was sent.
b	The current date in RFC 822 format.
B	The name of the Bitnet relay.
c	The number of times the mail has been forwarded.
C	The name of the DECnet relay.
d	The current date and time in ctime format.
E	Reserved for an X.400 relay.
f	The sender address.
F	The name of the FAX relay.
g	The sender address written as a full return address.
h	The recipient host.
H	The name of the mail hub.
i	The queue identifier.
j	The fully qualified domain name of the local computer.
k	The local system’s UUCP node name.
L	The name of the LUSER_RELAY.
m	The name of the local domain.
M	The name used to masquerade outbound mail.
n	The sender name used for error messages.
p	The PID of the sendmail process running as a mail delivery agent.
r	The protocol used when the message was first received.
R	The name of the LOCAL_RELAY.
s	The hostname of the sender’s machine.
S	The name of the SMART_HOST relay.
t	A numeric representation of the current date and time.
u	The username of the recipient.
U	A local UUCP name that overrides the value of `$k`.
v	The version number of sendmail that is running.
V	The name of the UUCP relay for class `V` hosts.
w	The hostname of the local system.
W	The name of the UUCP relay for class `W` hosts.
x	The full name of the sender.
X	The name of the UUCP relay for class `X` hosts.
Y	The name of the UUCP relay for all other hosts.
z	The home directory of the recipient.
Z	The version number.
_	Sender address validated by identd.

The current version of sendmail allows macros to have multi-character names. Table E-8 lists the macros that use long names.

Table E-8. Reserved macros with long names

Macro	Contents
{auth_authen}	Identity of the authenticated user.
{auth_author}	Source of the authentication.
{auth_ssf}	The number of bits in the encryption key used by AUTH.
{auth_type}	The type of authentication mechanism used.
{bodytype}	The values from the ESMTP BODY parameter.
{cert_issuer}	The distinguished name of the certificate authority.
{cert_subject}	The distinguished name of the subject of the certificate.
{cipher_bits}	The length of the encryption key used for the connection.
{cipher}	The encryption technique used for the connection.
{client_addr}	The IP address of the remote client connected to TCP port 25.
{client_name}	The canonical name of the client connected to TCP port 25.
{client_port}	The source port number used by the remote client.
{client_resolve}	The keyword OK, FAIL, Forged or TEMP that indicates the result of a reverse DNS lookup using the client’s IP address.
{currHeader}	The contents of the current header during header processing.
{daemon_addr}	The IP address of the network interface from which the daemon accepts mail. Normally 0.0.0.0 to indicate all interfaces.
{daemon_family}	The protocol family being used. Normally inet to indicate TCP/IP. Other values are inet6, iso, and ns.
{daemon_flags}	The flags set by the DaemonPortOption command, if any.
{daemon_info}	General information about the daemon.
{daemon_name}	The daemon name, which is usually Daemon1 unless a daemon name is defined by the DaemonPortOptions command.
{daemon_port}	The port that the daemon is listening on, usually 25.
{deliveryMode}	The current delivery mode.
{envid}	The DSN ENVID value from the Mail From: header.
{hdrlen}	The length of the string stored in {currHeader}.
{hdr_name}	The name of the current header during header processing.
{if_addr}	The IP address of the network interface used by the current incoming connection.
{if_name}	The hostname assigned to the network interface used by the current incoming connection.
{mail_addr}	The user’s mail address from the mail delivery triple created from the MAIL From: envelope header.
{mail_host}	The hostname from the mail delivery triple created from the MAIL From: envelope header.
{mail_mailer}	The mailer name from the mail delivery triple created from the MAIL From: envelope header.
{MessageIdCheck}	The value from the incoming Message-Id: header.
{ntries}	The number of delivery attempts.
{opMode}	The operating mode from the sendmail command line.
{queue_interval}	The length of time between queue runs defined by the -q command-line option.
{rcpt_addr}	The user’s mail address from the mail delivery triple created from the RCPT To: envelope header.
{rcpt_host}	The hostname from the mail delivery triple created from the RCPT To: envelope header.
{rcpt_mailer}	The mailer name from the mail delivery triple created from the RCPT To: envelope header.
{server_addr}	The IP address of the remote server for the outgoing connection.
{server_name}	The name of the remote server for the outgoing connection.
{tls_version}	The TLS/SSL version used for the connection.
{verify}	The result of the verification process.

sendmail Classes

As the previous tables show, sendmail has many internal macros. It also has several internal classes. Most of these classes still use single-character names. A few use the newer long names. The full list of internal classes is shown in Table E-9.

Table E-9. Internal sendmail classes

Name	Contents
B	Domain names included in the bestmx-is-local process.
E	Usernames that should not be masqueraded.
G	Domains that should be looked up in the genericstable.
L	Local users that are not forwarded to MAIL_HUB or LOCAL_RELAY.
e	Supported MIME Content-Transfer-Encodings. Initialized to 7bit, 8bit, and binary.
k	The system’s UUCP node names.
M	Domains that should be masqueraded.
m	All local domains for this host.
n	MIME body types that should never be 8- to 7-bit encoded. Initialized to multipart/signed.
q	MIME Content-Types that should not be Base64-encoded. Initialized to text/plain.
N	Hosts and domains that should not be masqueraded.
O	Characters that cannot be used in local usernames.
P	Pseudo-domain names, such as REDIRECT.
R	Domains for which this system will relay mail.
s	MIME message subtypes that can be processed recursively. Initialized to rfc822.
t	The list of trusted users.
U	The UUCP hosts that are locally connected.
V	The UUCP hosts reached via the relay defined by `$V`.
W	The UUCP hosts reached via the relay defined by `$W`.
X	The UUCP hosts reached via the relay defined by `$X`.
Y	Directly connected “smart” UUCP hosts.
Z	Directly connected UUCP hosts that use domain names.
.	A literal dot (.).
[	A literal left bracket ([).
{LDAPRoute}	A list of domains that can be rerouted based on LDAP lookups.
{VirtHost}	A list of hosts and domains that are valid virtual hostnames.
w	All hostnames this system will accept as its own.

sendmail Options

A large number of sendmail options can be set inside the sendmail configuration file. Chapter 10 provides the syntax of the option command in Table 10-1 and several examples of options. The complete list of options is:

AliasFile=[ class :] file , [ class :] file ...

Identifies the alias file(s). class is optional and defaults to implicit. Valid classes are implicit, hash, dbm, stab (internal symbol table) or nis. The selected database class must be a database type that was compiled into sendmail on your system. file is the pathname of the alias file.

AliasWait= timeout

Wait timeout minutes for an “@:@” entry to appear in the alias database before starting up. When timeout expires, automatically rebuild the database if AutoRebuildAliases is set; otherwise, issue a warning.

AuthMechanisms= list

Advertise the listed authentication mechanisms.

AuthOptions= list

Lists the options supported with the SMTP AUTH argument.

AllowBogusHELO

Accept illegal HELO SMTP commands that don’t contain a hostname.

AutoRebuildAliases

Automatically rebuild the alias database when necessary. The preferred method is to rebuild the alias database with an explicit newaliases command.

BlankSub= c

Use c as the blank substitution character to replace unquoted spaces in addresses. The default is to leave the spaces unchanged.

CACERTFile= filename

Identifies the file that contains the certificate of a certificate authority.

CACERTPath= path

Defines the path to the directory that contains the certificates of various certificate authorities.

CheckAliases

Check that the delivery address in each alias is valid when rebuilding the alias database. Normally this check is not done. Adding this check slows the database build substantially. This is a Boolean.

CheckpointInterval= n

Checkpoint the queue after every n items are processed to simplify recovery if your system crashes during queue processing. The default is 10.

ClassFactor= fact

The multiplier used to favor messages with a higher value in the Priority: header. Defaults to 1800.

ClientCertFile= file

Identifies the file that contains the certificate used when this system acts as a client.

ClientKeyFile= file

Identifies the file that contains the private key used when this system acts as a client.

ClientPortOptions= options

Defines nonstandard settings used when this system acts as an SMTP client. options is a comma-separated list of keyword=value pairs. Valid keyword=value pairs are:

Port= port: Defines the source port number the client uses for outbound connections. port can be specified by number or name. If a name is used, the name must be defined in /etc/services. By default, the source port for an outbound connection is generated by the system for the connection.
Addr= address: Defines the address of the network interface the client uses for outbound connections. The value for address can be written in dotted decimal notation or as a name. By default, any available interface is used.
Family= protocol: Defines the protocol family used for the connection. inet, which is the default, is the protocol family for TCP/IP.
SndBufSize= bytes: Defines the size of the send buffer.
RcvBufSize= bytes: Defines the size of the receive buffer.
Modifier= flags: Defines the daemon flags for the client. Only one flag, h, is available. The h flag tells the client to use the name assigned to the interface on the SMTP HELO or EHLO command.

ColonOkInAddr

Accept colons in email addresses (e.g., host:user). Colons are always accepted in pairs in mail routing (nodename::user) or in RFC 822 group constructs (groupname: member1, member2, ...;). By default, this option is “on” if the configuration version level is less than 6.

ConnectionCacheSize= n

The number of connections that can be held open (cached) by this instantiation of sendmail. The default is 1. The maximum is 4. 0 causes connections to be closed immediately after the data is sent, which is the traditional way sendmail operated.

ConnectionCacheTimeout= timeout

The amount of time an inactive cached connection is held open. After timeout minutes of inactivity, it is closed. The default is 5 minutes.

ConnectionRateThrottle= n

Limits the number of incoming connections accepted in any 1-second period to n. The default is 0, which means no limit.

ConnectOnlyTo= address

Limits all SMTP connections to a single destination address. Used only for testing.

ControlSocketName= path

Defines the path of the Unix control socket used to manage daemon connections. By default, this is not defined.

DaemonPortOptions= options

Sets SMTP server options. The options are key=value pairs. The options are:

Port= portnumber

where portnumber is any valid port number. It can be specified with the number or the name found in /etc/services. The default is port 25, SMTP.

Addr= mask

where mask is an IP address mask specified either in dotted decimal notation or as a network name. The default is INADDR-ANY, which accepts all addresses.

Family= addressfamily

where addressfamily is a valid address family (see the ifconfig command). The default is INET, which allows IP addresses to be used.

Listen= n

where n is the number of queued connections allowed. The default is 10.

SndBufSize= n

where n is the send buffer size.

RcvBufSize= n

where n is the receive buffer size.

DataFileBufferSize= bytes

Defines the maximum amount of memory that can be used to buffer a data file.

DeadLetterDrop= file

Defines the file where messages that cannot be returned to the sender or sent to the postmaster account are stored.

DefaultAuthInfo= file

Defines the file that contains the authentication information needed for outbound connections.

DefaultCharSet= charset

The character set placed in the Content-Type: header when 8-bit data is converted to MIME format. The default is unknown-8bit. This option is overridden by the Charset= field of the mailer descriptor.

DefaultUser= user [: group ]

The default user ID and group ID for mailers without the S flag in their definitions. If group is omitted, the group associated with user in the /etc/passwd file is used. The default is 1:1.

DeliveryMode= x

Deliver in mode x, where x is i (interactive delivery), b (background delivery), q (queue the message), or d (defer until the queue run). The default is b.

DHParameters= parameters

Defines the DH parameters used for DSA/DH encryption.

DialDelay= delaytime

Delay delaytime seconds before redialing a failed connection on dial-on-demand networks. The default is 0 (no redial).

DontBlameSendmail= options

Disables sendmail’s file security checks. options is a comma-separated list of keywords that disable specific security checks. The values for this option are set by the confDONT_BLAME_SENDMAIL define command in the m4 source file. The valid keywords for the options list are:

AssumeSafeChown: Allow the chown command because it is only available to the root user.
ClassFileInUnsafeDirPath: Accept any directory path in an F command.
DontWarnForwardFileInUnsafeDirPath: Don’t issue a warning about an unsafe path for the .forward file.
ErrorHeaderInUnsafeDirPath: Accept the error header file regardless of its directory path.
FileDeliveryToHardLink: Permit delivery to a file that is really a hard link.
FileDeliveryToSymLink: Permit delivery to a file that is really a symbolic link.
ForwardFileInUnsafeDirPath: Accept a .forward file even if it is in an unsafe directory.
ForwardFileInUnsafeDirPathSafe: Accept program and file references from a .forward file even if it is in an unsafe directory.
ForwardFileIngroupWritableDirPath: Accept a .forward file even if it is in a group-writable directory.
GroupWritableAliasFile: Accept the aliases file even if it is group-writable.
GroupWritableDirPathSafe: Accept all group-writable directories as “safe.”
GroupWritableForwardFileSafe: Accept a .forward file even if it is group-writable.
GroupWritableIncludeFileSafe: Accept :include: files even if they are group-writable.
HelpFileinUnsafeDirPath: Accept the help file even if it is in an unsafe directory.
IncludeFileInUnsafeDirPath: Accept :include: files even if they are from unsafe directories.
IncludeFileInUnsafeDirPathSafe: Accept program and file references from :include: files even if they are in an unsafe directory.
IncludeFileIngroupWritableDirPath: Accept :include: files even if they are in a group-writable directory.
InsufficientEntropy: Use STARTTLS even if the random seed generator for SSL is inadequate.
LinkedAliasFileInWritableDir: Accept an aliases file that is a link in a writable directory.
LinkedClassFileInWritableDir: Load class values from files that are links in writable directories.
LinkedForwardFileInWritableDir: Accept .forward files that are links in writable directories.
LinkedIncludeFileInWritableDir: Accept :include: files that are links in writable directories.
LinkedMapInWritableDir: Accept database files that are links in writable directories.
LinkedServiceSwitchFileInWritableDir: Accept a service switch file that is a link in a writable directory.
MapInUnsafeDirPath: Accept database files that are in unsafe directories.
NonRootSafeAddr: Don’t flag file and program deliveries as unsafe when sendmail is not running as root.
RunProgramInUnsafeDirPath: Run programs that are in writable directories.
RunWritableProgram: Run programs that are group- or world-writable.
Safe: Leave all of the safety checks on. This is the default.
TrustStickyBit: Trust group- and world-writable directories if the sticky bit is set.
WorldWritableAliasFile: Accept the aliases file even if it is world-writable.
WriteMapToHardLink: Write to database files even if they are really hard links.
WriteMapToSymLink: Write to database files even if they are really symbolic links.
WriteStatsToHardLink: Write to the status file even if it is really a hard link.
WriteStatsToSymLink: Write to the status file even if it is really a symbolic link.

DontExpandCnames

Disable the $[ name $] syntax used to convert nicknames to canonical names.

DontInitGroups

Don’t use the initgroups(3) call. This setting reduces NIS server load, but limits a user to the group associated with that user in /etc/passwd.

DontProbeInterfaces

If set to true, this stops sendmail from adding the names and addresses of the network interfaces to class w. The default is false, so interface names and addresses are stored in class w.

DontPruneRoutes

Don’t optimize explicit mail routes. Normally, sendmail makes a route as direct as possible. However, optimizing the route may not be appropriate for systems located behind a firewall.

DoubleBounceAddress= error-address

Send the report of an error that occurs when sending an error message to error-address. The default is postmaster.

EightBitMode= action

Handle undeclared 8-bit data by following the specified action. The possible actions are: s (strict), reject undeclared 8-bit data; m (mime), convert it to MIME; and p (pass), pass it through unaltered.

ErrorHeader= file-or-message

Prepend file-or-message to outgoing error messages. If file-or-message is the path to a text file that is to be prepended, it must begin with a slash. If this option is not defined, nothing is prepended to error messages.

ErrorMode= x

Handle errors messages according to x, where x is: p (print messages); q (give exit status but no messages); m (mail back messages); w (write messages to the user’s terminal); or e (mail back messages and always give zero exit status). If this option is not defined, error messages are printed.

FallbackMXhost= fallbackhost

Use fallbackhost as a backup MX server for every host.

ForkEachJob

Run a separate process for every item delivered from the queue. This option reduces the amount of memory needed to process the queue.

ForwardPath= path

The path to search for .forward files. Multiple paths can be defined by separating them with colons. The default is $z/.forward.

HelpFile= file

The path to the help file.

HoldExpensive

Queue mail for outgoing mailers that have the e (expensive) mailer flag. Normally mail is delivered immediately.

HostsFile= path

The path to the hosts file. The default is /etc/hosts.

HostStatusDirectory= path

Directory in which host status information is stored so that it can be shared between sendmail processes. Normally, the status of a host or connection is only known by the process that discovers that status. To function, this option requires that ConnectionCacheSize be set to at least 1.

IgnoreDots

Ignore dots in incoming messages. Dots cannot be ignored by SMTP mail because they are used to mark the end of a mail message.

LDAPDefaultSpec= specification

The default specification used for LDAP databases.

LogLevel= n

n indicates the level of detail stored in the log file. n defaults to 9, which is normally plenty of detail.

MatchGECOS

Check the username from the email address against the GECOS field of the passwd file if it was not found in the alias database or in the username field of the passwd file. This option is not recommended.

MaxAliasRecursion= n

Aliases can point to other aliases before finally resolving to the actual mail address. This option defines how deep aliases can be nested before resolving to a mail address. The default for n is 10.

MaxDaemonChildren= n

Refuse connections when n children are processing incoming mail. Normally sendmail sets no arbitrary limit on child processes.

MaxHeadersLength= bytes

The maximum length allowed for all of the headers taken together.

MaxHopCount= n

Assume a message is looping when it has been processed more than n times. The default is 25.

MaxHostStatAge= n

Retain host status information for n minutes.

MaxMessageSize= n

The maximum message size advertised in response to the ESMTP EHLO. Messages larger than this are rejected.

MaxMimeHeaderLength= size

The maximum length of MIME header fields.

MaxQueueRunSize= n

The maximum number of items that can be processed in a single queue run. The default is no limit.

MaxRecipientsPerMessage= n

n limits the maximum number of recipients for a single message. If it is not specified, there is no limit.

MeToo

Send a copy to the sender.

MinFreeBlocks= n

Don’t accept incoming mail unless n blocks are free in the queue filesystem.

MinQueueAge= n

Don’t process any jobs that have been in the queue less than n minutes.

MustQuoteChars= s

The list of characters added to the set “@,;:\( )[]” that must be quoted when used in the username part of an address. If MustQuoteChars is specified without an s value, it adds “.” to the standard set of quoted characters.

NoRecipientAction= action

The action taken when a message has no valid recipient headers. action can be none to pass the message on unmodified, add-to to add a To: header using the recipient addresses from the envelope, add-apparently-to to add an Apparently-To: header, add-to-undisclosed to add a “To: undisclosed-recipients:;” header, or add-bcc to add an empty Bcc: header.

OldStyleHeaders

Allow spaces to delimit names. Normally, commas delimit names.

OperatorChars= charlist

The list of operator characters that are normally defined in macro o. The default is the standard set of operators. See the discussion of rewrite tokens and the use of operators in determining tokens in Chapter 10.

ProcessTitlePrefix= prefix

A string used on the heading of process status reports.

PostmasterCopy= username

Copy error messages to username. The default is not to send copies of error messages to the postmaster.

PrivacyOptions= options

Set SMTP protocol options, where options is a comma-separated list containing one or more of these keywords:

public: allow all commands
needmailhelo: require HELO or EHLO before MAIL
needexpnhelo: require HELO or EHLO before EXPN
noexpn: disable EXPN
needvrfyhelo: require HELO or EHLO before VRFY
novrfy: disable VRFY
restrictmailq: restrict mailq to users with group access to the queue directory
restrictqrun: only root and the owner of the queue directory are allowed to run the queue
noreceipts: don’t return successful delivery messages
goaway: disable all SMTP status queries
authwarnings: put X-Authentication-Warning: headers in messages

QueueDirectory= directory

The pathname of the queue directory.

QueueFactor= factor

The factor used with the difference between the current load and the load average limit and with the message priority to determine if a message should be queued or sent immediately. The idea is to queue low-priority messages if the system is currently heavily loaded. It defaults to 600000.

QueueLA= n

Queue messages when the system load average exceeds n. The default is 8.

QueueSortOrder= sequence

Sort the queue in the sequence specified, where sequence is: h (hostname sequence); t (submission time sequence); or p (message priority order). Priority ordering is the default.

RandFile= file

Points to a file that provides pseudo-random data for certain encryption techniques. This is used only if the compile option HASURANDOM is not available.

ResolverOptions= options

Set resolver options. Available option values are: debug, aaonly, usevc, primary, igntc, recurse, defnames, stayopen, and dnsrch. The option can be preceded by a plus (+) to turn it on or a minus (-) to turn it off. One other option, HasWildcardMX, is specified without a + or -. Simply adding HasWildcardMX turns the option on.

RrtImpliesDsn

If set to true, treat a Return-Receipt-To: header as a request for delivery service notification (DSN). The default is false.

RunAsUser= userid [:groupid]

Run sendmail under this user ID and group ID instead of under root. This may enhance security when sendmail is running on a well-maintained firewall. On general-purpose systems, this may decrease security because it requires that many files be readable or writable by this user ID.

RecipientFactor= factor

The priority of a job is lowered by this factor for each recipient so that jobs with large numbers of recipients have lower priority. Defaults to 30000.

RefuseLA= n

Refuse incoming SMTP connections when the system load average exceeds n. The default is 12.

RetryFactor= factor

The factor used to decrease the priority of a job every time it is processed, so that mail that cannot be delivered does not keep popping to the top of the queue. The default is 90000.

SafeFileEnvironment= directory

chroot(2) to directory before writing a file and refuse to deliver to symbolic links.

SaveFromLine

Save Unix-style From: lines at the front of headers. Normally they are discarded.

SendMIMEErrors

Send error messages in MIME format.

ServerCertFile= file

Identifies the file that contains the certificate used when this system acts as a mail server.

ServerKeyFile= file

Identifies the file that contains the private key used when this system acts as a mail server.

ServiceSwitchFile= path

Identifies the path to a file that lists the methods used for various services. The ServiceSwitchFile contains entries that begin with the service name followed by the service method. sendmail checks for services named “aliases” and “hosts” and supports “dns”, “nis”, “nisplus”, or “files” as possible service methods, assuming that support for all of these methods is compiled into this copy of sendmail. ServiceSwitchFile defaults to /etc/service.switch. If that file does not exist, sendmail uses the following service methods: aliases are looked up in the aliases files, and hosts are looked up first using dns, then nis, and finally the hosts file. If the operating system has a built-in service switch feature, it is used and this option is ignored. See the description of the nsswitch.conf file in Chapter 9. It is a service switch file.

SevenBitInput

Strip input to 7 bits for compatibility with old systems. This shouldn’t be necessary.

SingleLineFromHeader

For compatibility with some versions of Lotus Notes, unwrap From: lines that have embedded newlines into one long line.

SingleThreadDelivery

Don’t open more than one SMTP connection to a remote host at the same time. This option requires the HostStatusDirectory option.

SmtpGreetingMessage= message

The greeting sent to the remote host when it connects to the SMTP server port. This is the value defined in macro e.

StatusFile= file

Log summary statistics in file. By default, summary statistics are not logged.

SuperSafe

Create a queue file, even when attempting immediate delivery.

TempFileMode= mode

Use mode to set the access permissions for queue files. mode is an octal value. It defaults to 0600.

Timeout. type = timeout

Set timeout values, where type is the thing being timed and timeout is the time interval before the timer expires. Table E-10 lists the valid type values, the event being timed, and the default timeout value for each type.

Table E-10. Timeout types

Type	Waiting for	Default
connect	A connection to complete	1m
control	A control socket transmission to complete	2m
iconnect	The connection to the first host in a message	5m
initial	Initial greeting message	5m
helo	Reply to HELO or EHLO command	5m
mail	Reply to MAIL command	10m
rcpt	Reply to RCPT command	1h
datainit	Reply to DATA command	5m
datablock	Data block read	1h
datafinal	Reply to terminating “.”	1h
rset	Reply to RSET command	5m
quit	Reply to QUIT command	2m
misc	Reply to NOOP and VERB commands	2m
ident	IDENT protocol response	30s
fileopen	Open on a .forward or :include: file	60s
command	Command read	1h
queuereturn	Returning a queued message as undeliverable	5d
queuereturn.normal	Returning a normal message from the queue as undeliverable	5d
queuereturn.non-urgent	Returning a non-urgent message from the queue as undeliverable	7d
queuereturn.urgent	Returning an urgent message from the queue as undeliverable	2d
queuewarn	Warning that a message is still queued	4h
queuewarn.normal	Warning that a normal message is still queued	4h
queuewarn.non-urgent	Warning that a non-urgent message is still queued	12h
queuewarn.urgent	Warning that an urgent message is still queued	1h
resolver.retrans	A response to a resolver query	5s
resolver.retrans.first	A response to the first resolver query	5s
resolver.retrans.normal	A response to a normal resolver query	5s
resolver.retry	Sets the number of times to retry a resolver query	4
resolver.retry.first	Sets the number of times to retry the first resolver query	4
resolver.retry.normal	Sets the number of times to retry a normal resolver query	4
hoststatus	Removing stale host status	30m

TimeZoneSpec= tzinfo: Set the local time zone information to tzinfo. If TimeZoneSpec is not set, the system default is used; if set to null, the user’s TZ variable is used.
TrustedUser= users: The list of users trusted to send mail using another user’s name.
TryNullMXList: Connect directly to any remote host that lists the local system as its most preferred MX server, as if the remote host had no MX records. You are discouraged from using this option.
UnixFromLine= fromline: Defines the format for Unix-style From: lines. This is the same as the value stored in macro l.
UnsafeGroupWrites: Group-writable :include: and .forward files cannot reference programs or write directly to files. World-writable files always have these restrictions.
UseErrorsTo: Send error messages to the addresses listed in the Errors-To: header. Normally, errors are sent to the sender address from the envelope.
UserDatabaseSpec= udbspec: The user database specification.
UserSubmission: Indicates that this is not relayed mail, but an initial submission directly from a Mail User Agent.
Verbose: Run in verbose mode.

See Chapter 10 for examples of setting options.

sendmail Mailer Flags

Mailer flags are declared in the F field of the mailer definition. Each mailer flag is set by a single character that represents that flag. For example, F=lsDFMe sets six different flags. Table E-11 lists the single-character name and function of each flag.

Table E-11. sendmail mailer flags

Name	Function
C	Add `@domain` to addresses that do not have an @.
D	The mailer wants a Date: header line.
E	Add > to message lines that begin with From:.
e	This is an expensive mailer. See sendmail option c.
F	The mailer wants a From: header line.
f	The mailer accepts an -f flag from trusted users.
h	Preserve uppercase in hostnames.
`I`	The mailer will be speaking SMTP to another sendmail.
L	Limit the line lengths as specified in RFC 821.
l	This is a local mailer.
M	The mailer wants a Message-Id: header line.
m	The mailer can send to multiple users in one transaction.
n	Don’t insert a Unix-style From: line in the message.
P	The mailer wants a Return-Path: line.
R	Use the MAIL FROM: return path rather than the return address.
r	The mailer accepts an -r flag from trusted users.
S	Don’t reset the userid before calling the mailer.
s	Strip quotes off of the address before calling the mailer.
U	The mailer wants Unix-style From: lines.
u	Preserve uppercase in usernames.
X	Prepend a dot to lines beginning with a dot.
x	The mailer wants a Full-Name: header line.

See Chapter 10 for examples of mailer flag declaration within mailer definitions.

The sendmail K Command

The sendmail K command is used to define a database within the sendmail.cf file. The K command syntax is:

Kname type [arguments]

Chapter 10 provides examples of defining and using a sendmail database, and it describes the K command syntax. This appendix lists the valid type values and arguments that can be used with a K command.

The type field of the K command identifies what kind of database is being defined. There are several internal database types that are specific to sendmail, and several external types that rely on external database libraries. Support for the external database types must be compiled into sendmail by explicitly specifying the supported database types using the confMAPDEF command in a devtools/OS or devtools/Site file used by Build to compile sendmail. See the example of compiling sendmail earlier in this appendix.

The possible values for type are:

dbm: The “new dbm” database format. It is accessed using the ndbm(3) library. Only supported if sendmail is compiled with NDBM defined.
btree: The btree database format. It is accessed using the Berkeley db(3) library. Only supported if sendmail is compiled with NEWDB defined.
hash: The hash database format. It is accessed using the Berkeley db(3) library. Only supported if sendmail is compiled with NEWDB defined.
nis: NIS server lookups. sendmail must be compiled with NIS defined to support this.
nisplus: NIS+ server lookups. sendmail must be compiled with NISPLUS defined to support this.
hesiod: MIT hesiod server lookups. Support requires that sendmail is compiled with HESIOD defined.
ldap: Searches using LDAP. sendmail must be compiled with LDAPMAP defined to support this. sendmail supports most of the standard command-line arguments of the ldapsearch program.
netinfo: NeXT NetInfo lookups. Only supported if sendmail is compiled with NETINFO defined.
text: Text file lookups. Requires no external database libraries or compile options. The format of the text database is defined with the key field, value field, and field delimiter flags. See the next section for a description of the K command flags.
ph: CCSO Nameserver lookups.
program: Queries are passed to an external program for resolution.
stab: An internal symbols table database.
implicit: The default internal sendmail format used for an alias file, if no type is defined for the file.
user: A special sendmail type used to verify the existence of a user by using getpwnam(3).
host: A special sendmail type used to convert nicknames and IP addresses to canonical names via the domain name server. This is an alternative form of the $[ name ]$ syntax.
sequence: A special sendmail type used to define the order in which previously defined databases are searched. For example, assume that three databases (file1, file2, and file3) are defined by K commands. It is possible to add a fourth K command, Kallfiles sequence file3 file1 file2, that “combines” them together as allfiles and specifies that file3 is searched first, file1 second, and file2 third.
switch: A special sendmail type that uses the service switch file to set the order in which database files are searched. The argument on a K command with a type of “switch” must be the name of a service in the service switch file. The values associated with the service name in the service switch file are used to create the names of databases that are searched in the order in which they are defined. For example, the command Kali switch aliases looks up the service switch entry for aliases. If it contains the value nis files, sendmail searches databases named ali.nis and ali.files in that order.
dequote: A special sendmail type used to strip unwanted double quotes (") from email addresses.
arith: An internal routine used for doing specific arithmetic functions.
bestmx: An internal routine that retrieves the MX record for a host.
dns: An internal routine that retrieves the address for a hostname.
null: An internal routine that returns “Not found” for all lookups.
regex: An internal routine that handles regular expressions.

Many of the possible type values do not refer to real databases. Several types are special values used only inside sendmail. Some refer to internal sendmail routines that are accessed from rewrite rules using the same syntax that would be used to access a database.

The argument that follows most of the real database types is a filename. The filename identifies the external file that contains the database. Only the basic filename is provided. sendmail adds an extension appropriate for the database type. For example, Krealname dbm /usr/etc/names becomes /usr/etc/names.db because .db is the correct extension for dbm databases.

In addition to a filename, the arguments field can contain optional flags:

-o: This is an optional database. sendmail proceeds without error if the file is not found.
-N: Valid database keys are terminated with a NULL character.
-O: Valid database keys are never terminated with a NULL character. Never specify both -N and -O, which indicates that no keys are valid! It is safest to avoid both -N and -O and let sendmail determine the correct key structure unless you are positive about the correct flag.
-a x: Append the string x to the value returned by a successful match.
-f: Do not convert uppercase to lowercase before attempting to match the key.
-m: Check that the key exists in the database, but do not replace the key with the value returned by the database.
-k keycol: The location of the key within a database entry. For most databases, the key is the first field and this flag is not needed. For text file lookups, this flag is required and keycol is the column number in which the key begins.
-v valcol: The location of the value within a database entry. For most databases, the value follows the key and the -v flag is not used. For text file lookups, this flag is required and specifies the column in which the value field begins.
-z delim: The character that delimits fields within the database. By default, it is whitespace.
-t: Allow database lookups that depend on remote servers to fail instead of queuing the mail for later processing. This is primarily used when you have DNS server problems. Normally, when a remote server fails to respond, the mail is put in the queue for later delivery. Setting this flag causes the mail to be immediately returned to the sender as undeliverable.
-s spacesub: Use spacesub to replace space characters after processing an address against the dequote database.
-A: Accept values from duplicate keys. Most databases do not allow duplicate keys.
-q: Preserve any quotes contained in the key. Normally quotes are removed.

The full lists of database types and flags provided in this appendix will help you understand the K commands inserted into the sendmail.cf file by the m4 processor. Your own K commands will be much simpler. You will stick with a database type that is supported by your sendmail and makemap commands, and you will build simple databases designed to fulfill specific purposes. Chapter 10 provides examples of such databases, and the next section contains some simple scripts used to build those example databases.

Sample script

In Chapter 10, the realnames database is used to rewrite login usernames to the “firstname dot lastname” format for outbound email. The script shown below builds the realnames database from the /etc/passwd file.

#! /bin/sh 
# 
# Eliminate "non-login" accounts 
grep -v ':*:' /etc/passwd | \ 
# Eliminate "exposed" usernames, i.e. usernames defined 
#  in class E as names that should not be re-written 
grep -v ' root:' | \ 
# Replace delimiting colons with whitespace 
sed 's/:/ /g' | \ 
# Output the username followed by firstname.lastname 
awk '{ print $1, $5"."$6 }' > realnames 
# Build the realnames database
makemap dbm realnames < realnames

Building realnames from the passwd file is completely dependent on the format of that file. The passwd file must have a consistent format for the GECOS field and a consistent way to identify a “non-user” account. A “non-user” account is not accessed by a user to log in or to collect email. It is normally a system account used by system or application software. A classic example is the uucp account. Every system has some way to mark that these accounts are not used for user logins. Some systems use an asterisk in the password field, while others use an exclamation mark, the letters NP, an x, or something else. The sample script assumes that an asterisk is used, which is the case on my Linux system. (My Solaris system uses an x.) Print out your passwd file to find out what it uses and modify the script accordingly.

The sample script also assumes that the first two values in the GECOS field are the user’s first and last names separated by a blank. If the beginning of the GECOS field is in any other format, the script produces garbage. The procedure you use to add new users to your system should produce a consistent GECOS field. Inconsistency is the enemy of automation. The sample below shows a file that has inconsistencies, and the bad data it produces:

% cat /etc/passwd 
root:oRd1L/vMzzxno:0:1:System Administrator:/:/bin/csh 
nobody:*:65534:65534::/: 
daemon:*:1:1::/: 
sys:*:2:2::/:/bin/csh 
bin:*:3:3::/bin: 
uucp:*:4:8::/var/spool/uucppublic: 
news:*:6:6::/var/spool/news:/bin/csh 
ingres:*:7:7::/usr/ingres:/bin/csh 
audit:*:9:9::/etc/security/audit:/bin/csh 
craig:1LrpKlz8sYjw:198:102:Craig Hunt:/home/craig:/bin/csh 
dan:RSU.NYlKuFqzh2:214:885:Dan Scribner:/home/dan:/bin/csh 
becca:monfTHdnjj:101:102:"Becky_Hunt":/home/becca:/bin/csh 
dave:lniuhugfds:121:885:David H. Craig:/home/dave:/bin/csh 
kathy:TUVigddehh:101:802:Kathleen S McCafferty:/home/kathy:/bin/csh 
% build.realnames 
% cat realnames 
craig Craig.Hunt 
dan Dan.Scribner 
becca "Becky_Hunt"./home/becca  
dave David.H.  kathy Kathleen.S

Your passwd file may have grown over time under the control of several different system administrators. It may be full of inconsistencies. If it is, clean it up before you run the script to build email aliases, and then maintain it consistently.