There are a number of global options that can be set from a
configuration file. Options are represented by full words;
some are also representable as single characters for backwards
compatibility. The syntax of this line is:
O option=value
This sets option option to be value. Note
that there must be a space between the letter O and the name of
the option. An older version is:
Oo value
where the option o is a single character. Depending on the option, value may be a string, an integer, a boolean (with legal values ``t'', ``T'', ``f'', or ``F''; the default is TRUE), or a time interval.
The options supported (with the old, one character names in brackets) are:
[A] Specify possible alias file(s). Each spec should be in the format class:file where class: is optional and defaults to ``implicit''. Depending on how sendmail is compiled, valid classes are as follows:
If a list of specs are provided, sendmail searches them in order.
[a] If set, wait up to timeout (units default to minutes) for an @:@ entry to exist in the alias database before starting up. If it does not appear in the timeout interval rebuild the database (if the AutoRebuildAliases option is also set) or issue a warning.
[no short name] If set, allow HELO SMTP commands that do not include a host name. Setting this violates RFC1123 section 5.2.5, but is necessary to interoperate with several SMTP clients. If there is a value, it is still checked for legitimacy.
[D] If set, rebuild the alias database if necessary and possible. If this option is not set, sendmail will never rebuild the alias database unless explicitly requested using -bi. Not recommended, as it can cause thrashing.
[B] Set the blank substitution character to c. Unquoted spaces in addresses are replaced by this character. Defaults to space (for example, no change is made).
[n] Validate the RHS of aliases when rebuilding the alias database.
[C] Checkpoints the queue every N (default 10) addresses sent. If your system crashes during delivery to a large list, this prevents retransmission to any but the last N recipients.
[z] The indicated factor is multiplied by the message class
(determined by the Precedence: field in the user header
and the P lines in the configuration file) and subtracted
from the priority. Thus, messages with a higher Priority:
will be favored. Defaults to 1800.
[no short name] If set, colons are acceptable in email addresses (for example, host:user). If not set, colons indicate the beginning of a RFC822 group construct (groupname: member1, member2, ... memberN;). Doubled colons are always acceptable (nodename::user) and proper route-addr nesting is understood (<@relay:user@host>). Furthermore, this option defaults on if the configuration version level is less than 6 (for backwards compatibility). However, it must be off for full compatibility with RFC822.
[k] The maximum number of open connections that will be cached at a time. The default is one. This delays closing the current connection until either this invocation of sendmail needs to connect to another host or it terminates. Setting it to zero defaults to the old behavior, that is, connections are closed immediately. Since this consumes file descriptors, the connection cache should be kept small: 4 is probably a practical maximum.
[K] The maximum amount of time a cached connection will be permitted to idle without activity. If this time is exceeded, the connection is immediately closed. This value should be small (on the order of ten minutes). Before sendmail uses a cached connection, it always sends a RSET command to check the connection; if this fails, it reopens the connection. This keeps your end from failing if the other end times out. The point of this option is to be a good network neighbor and avoid using up excessive resources on the other end. The default is five minutes.
[no short name] If set to a positive value, allow no more than N incoming daemon connections in a one second period. This is intended to flatten out peaks and allow the load average checking to cut in. Defaults to zero (no limits).
[O] Set server SMTP options. The options are key=value pairs. Known keys are:
The address mask may be a numeric address in dot notation or a network name.
[no short name] When a message that has 8-bit characters but is
not in MIME format is converted to MIME
(see the EightBitMode option in this list) a character
set must be included in the Content-Type: header.
This character set is normally set from the Charset field of
the mailer descriptor. If that is not set, the value of this
option is used. If this option is not set, the value
``unknown-8bit'' is used.
[u] Set the default userid for mailers to user:group. If group is omitted and user is a user name (as opposed to a numeric user ID) the default group listed in the /etc/passwd file for that user is used as the default group. Both user and group may be numeric. Mailers without the S flag in the mailer definition will run as this user. Defaults to 1:1. The value can also be given as a symbolic user name.
[d] Deliver in mode x. Legal modes are:
Defaults to asynchronous background delivery if no option is specified, and synchronous interactive delivery if it is specified but given no argument (for example, Od is equivalent to Odi). The -v command line flag sets this to i.
[no short name] Dial-on-demand network connections can see timeouts if a connection is opened before the call is set up. If this is set to an interval and a connection times out on the first connection being attempted, sendmail will sleep for this amount of time and try again. This should give your system time to establish the connection to your service provider. Units default to seconds, so DialDelay=5 uses a five second delay. Defaults to zero (no retry).
[no short name] The standards say that all host addresses used in a mail message must be fully canonical. For example, if your host is named Cruft.Foo.ORG and also has an alias of FTP.Foo.ORG, the former name must be used at all times. This is enforced during host name canonification ($[ ... $] lookups). If this option is set, the protocols are ignored and the wrong thing is done. However, the IETF is moving toward changing this standard, so the behavior may become acceptable. Please note that hosts downstream may still rewrite the address to be the true canonical name however.
[no short name] If set, sendmail will avoid using the initgroups(3C) function. If you are running NIS, this causes a sequential scan of the groups.byname map, which can cause your NIS server to be badly overloaded in a large domain. The cost of this is that the only group found for users will be their primary group (the one in the password file), which will make file access permissions somewhat more restrictive. Has no effect on systems that don't have group lists.
[R] Normally, sendmail tries to eliminate
any unnecessary explicit routes when sending an error message
(as discussed in RFC1123 section 5.2.6). For example,
when sending an error message to
<@known1,@known2,@known3:user@unknown>
sendmail will strip off the @known1,@known2 in order to make the route as direct as possible. However, if the R option is set, this will be disabled, and the mail will be sent to the first address in the route, even if later addresses are known. This may be useful if you are caught behind a firewall.
[no short name] If an error occurs when sending an error message, send the error report (termed a double bounce because it is an error bounce that occurs when trying to send another error bounce) to the indicated address. If not set, defaults to postmaster.
[8] Set handling of eight-bit data. There are two kinds of eight-bit data: that declared as such using the BODY=8BITMIME ESMTP declaration or the -B8BITMIME command line flag, and undeclared 8-bit data, that is, input that just happens to be eight bits. There are three basic operations that can happen: undeclared 8-bit data can be automatically converted to 8BITMIME, undeclared 8-bit data can be passed as-is without conversion to MIME (just send 8) and declared 8-bit data can be converted to 7-bits for transmission to a non-8BITMIME mailer. The possible actions are:
In all cases properly declared 8BITMIME data will be converted to 7BIT as needed.
[E] Prepend error messages with the indicated message. If it begins with a slash, it is assumed to be the pathname of a file containing a message (this is the recommended setting). Otherwise, it is a literal message. The error file might contain the name, email address, and/or phone number of a local postmaster who could provide assistance in to end users. If the option is missing or null, or if it names a file which does not exist or which is not readable, no message is printed.
[e] Dispose of errors using mode x. The values for x are:
[V] If specified, the fallbackhost acts like a very low priority MX on every host. This is intended to be used by sites with poor network connectivity.
[Y] If set, deliver each job that is run from the queue in a separate process. Use this option if you are short of memory, since the default tends to consume considerable amounts of memory while the queue is being processed.
[J] Set the path for searching for users' .forward files. The default is $z/.forward. Some sites that use the automounter may prefer to change this to /var/forward/$u to search a file with the same name as the user in a system directory. It can also be set to a sequence of paths separated by colons; sendmail stops at the first file it can successfully and safely open. For example, /var/forward/$u:$z/.forward will search first in /var/forward/username and then in ~username/.forward (but only if the first file does not exist).
[H] Specify the help file for SMTP.
[c] If an outgoing mailer is marked as being expensive, don't connect immediately. This requires that queueing be compiled in, since it will depend on a queue run process to actually send the mail.
[no short name] The path to the hosts database, normally /etc/hosts. This option is only consulted when sendmail is canonifying addresses, and then only when ``files'' is in the hosts service switch entry. In particular, this file is never used when looking up host addresses; that is under the control of the system gethostbyname(3N) function.
[no short name] The location of the long term host status information. When set, information about the status of hosts (for example, host down or not accepting connections) will be shared between all sendmail processes; normally, this information is only held within a single queue run. This option requires a connection cache of at least 1 to function. If the option begins with a leading slash (/), it is an absolute pathname; otherwise, it is relative to the mail queue directory. A suggested value for sites desiring persistent host status is .hoststat (for example, a subdirectory of the queue directory).
[i] Ignore dots in incoming messages. This is always disabled (that is, dots are always accepted) when reading SMTP mail.
[L] Set the log level to n. Defaults to 9.
[no long version] Set the macro x to value. This is intended only for use from the command line. The -M flag is preferred.
[G] Allow fuzzy matching on the ``GECOS'' field. If this flag is set, and the usual user name lookups fail (that is, there is no alias with this name and a getpwnam(3C) fails), sequentially search the password file for a matching entry in the GECOS field. This also requires that MATCHGECOS be turned on during compilation. This option is not recommended.
[no short name] If set, sendmail will refuse connections when it has more than N children processing incoming mail. This does not limit the number of outgoing connections. If not set, there is no limit to the number of children, that is, the system load averaging controls this.
[no short name] N is the maximum number of message header lines that sendmail will accept. M is the maximum length of each line. If not set, the default is 1000/990.
[h] The maximum hop count. Messages that have been processed more than N times are assumed to be in a loop and are rejected. Defaults to 25.
[no short name] Specify the maximum message size to be advertised in the ESMTP EHLO response. Messages larger than this will be rejected.
[no short name] The maximum number of jobs that will be processed in a single queue run. If not set, there is no limit on the size. If you have very large queues or a very short queue run interval this could be unstable. However, since the first N jobs in queue directory order are run (rather than the N highest priority jobs) this should be set as high as possible to avoid losing jobs that happen to fall late in the queue directory.
[m] ``Send to me too, even if I am in an alias expansion''.
[b] Insist on at least N blocks free on the filesystem that holds the queue files before accepting email via SMTP. If there is insufficient space, sendmail gives a 452 response to the MAIL command. This invites the sender to try again later.
[no short name] Do not process any queued jobs that have been in the queue less than the indicated time interval. This is intended to allow you to get responsiveness by processing the queue fairly frequently without thrashing your system by trying jobs too often. The default units are minutes.
[no short name] Sets the list of characters that must be quoted if used in a full name that is in the phrase part of a phrase address syntax. The following characters are always added to this list:
@ , ; : \ () []
[no short name] The action to take when you receive a message
that has no valid recipient headers (To:, Cc:,
Bcc:, or Apparently-To:, the last included for
backwards compatibility with old sendmail versions).
It can be set to
pass the message on unmodified (which violates the protocol)
add a To: header with any recipients it can find in
the envelope (which might expose Bcc: recipients)
add an Apparently-To: header (this is only for
backwards compatibility and is officially deprecated)
add a header To: undisclosed-recipients:, to make
the header legal without disclosing anything
add an empty Bcc: header
[o] Assume that the headers may be in old format, for example, spaces delimit names. This actually turns on an adaptive algorithm: if any recipient address contains a comma, parenthesis, or angle bracket, it will be assumed that commas already exist. If this flag is not on, only commas delimit names. Headers are always output with commas between the names. Defaults to off.
[$o macro] The list of characters that are considered to be operators, that is, characters that delimit tokens. All operator characters are tokens by themselves; sequences of non-operator characters are also tokens. White space characters separate tokens but are not tokens themselves, for example, ``AAA.BBB'' has three tokens, but ``AAA BBB'' has two. If not set, OperatorChars defaults to .:@[]; additionally, the characters ()<>,; are always operators.
[P] If set, copies of error messages will be sent to the named postmaster. Only the header of the failed message is sent. Since most errors are user problems, this is probably not a good idea on large sites, and arguably contains all sorts of privacy violations, but it seems to be popular with certain operating systems vendors. Defaults to no postmaster copies.
[p] Set the privacy options. ``Privacy'' in this context is a misnomer; many of these are just a way of insisting on stricter adherence to the SMTP protocol. The options can be selected from the following:
X-Authentication-Warning: headers in messages
The goaway pseudo-flag sets all flags except restrictmailq and restrictqrun. If mailq is restricted, only people in the same group as the queue directory can print the queue. If queue runs are restricted, only root and the owner of the queue directory can run the queue. Authentication Warnings add warnings about various conditions that may indicate attempts to spoof the mail system, such as using an non-standard queue directory.
[Q] Use the named dir as the queue directory.
[q] Use factor as the multiplier in the map function to decide when to just queue up jobs rather than run them. This value is divided by the difference between the current load average and the load average limit (QueueLA option) to determine the maximum message priority that will be sent. Defaults to 600000.
[x] When the system load average exceeds LA, just queue messages (for example, don't try to send them). Defaults to 8.
[no short name] Sets the algorithm used for sorting the queue. Only the first character of the value is used. Legal values are host (to order by the name of the first host name of the first recipient), time (to order by the submission time), and priority (to order by message priority). Host ordering makes better use of the connection cache, but may tend to process low priority messages that go to a single host over high priority messages that go to several hosts; it probably should not be used on slow network links. Time ordering is almost always a bad idea, since it allows large, bulk mail to go out before smaller, personal mail, but may have applicability on some hosts with very fast connections. Priority ordering is the default.
[T] A synonym for Timeout.queuereturn. Use that form instead of the QueueTimeout form.
[I] Set resolver options. Values can be set using +flag and cleared using -flag; the flags can be debug, aaonly, usevc, primary, igntc, recurse, defnames, stayopen, or dnsrch. The string HasWildcardMX (without a + or -) can be specified to turn off matching against MX records when doing name canonifications.
[no short name] The user parameter may be a user name (looked up in /etc/passwd) or a numeric user ID; either form can have :group attached (where group can be numeric or symbolic). If set to a non-zero (non-root) value, sendmail will change to this user id shortly after startup.
This avoids a certain class of security problems. However, this means that all .forward and :include: files must be readable by the indicated user, and on systems that do not support the saved UID bit properly, all files to be written must be writable by user and all programs will be executed by user. It is also incompatible with the SafeFileEnvironment option. In other words, it may not actually add much to security on an average system, and may in fact detract from security (because other file permissions must be loosened). However, it should be useful on firewalls and other places where users do not have accounts and the aliases file is well constrained.
[y] The indicated factor is added to the priority (thus lowering the priority of the job) for each recipient, for example, this value penalizes jobs with large numbers of recipients. Defaults to 30000.
[X] When the system load average exceeds LA, refuse incoming SMTP connections. Defaults to 12.
[Z] The factor is added to the priority every time a job is processed. Thus, each time a job is processed, its priority will be decreased by the indicated value. In most environments this should be positive, since hosts that are down are all too often down for a long time. Defaults to 90000.
[no short name] If this option is set, sendmail will do a chroot(2) call into the indicated directory before doing any file writes. If the file name specified by the user begins with dir, that partial path name will be stripped off before writing, so (for example) if the SafeFileEnvironment option is set to /safe then aliases of /safe/logs/file and /logs/file actually indicate the same file. Additionally, if this option is set, sendmail refuses to deliver to symbolic links.
[f] Save UNIX-style From: lines at the
front of headers. Normally they are assumed redundant and
discarded.
[j] If set, send error messages in MIME format (see RFC2045 and RFC1344 for details). If disabled, sendmail will not return the DSN keyword in response to an EHLO and will not do Delivery Status Notification processing as described in RFC1891.
[no short name] If your host operating system has a service switch abstraction (for example, /etc/nsswitch.conf on Solaris or /etc/svc.conf on Ultrix and DEC OSF/1) that service will be consulted and this option is ignored. Otherwise, this is the name of a file that provides the list of methods used to implement particular services. The syntax is a series of lines, each of which is a sequence of words. The first word is the service name, and following words are service types. The services that sendmail consults directly are aliases and hosts. Service types can be dns, nis, nisplus, or files (with the caveat that the appropriate support must be compiled in before the service can be referenced). If ServiceSwitchFile is not specified, it defaults to /etc/service.switch. If that file does not exist, the default switch is:
[7] Strip input to seven bits for compatibility with old systems. This should not be necessary.
[no short name] If set, From: lines that have embedded
newlines are unwrapped onto one line. This is to get around a
botch in Lotus Notes that apparently cannot understand legally
wrapped RFC822 headers.
[no short name] If set, a client machine will never try to open two SMTP connections to a single server machine at the same time, even in different processes. That is, if another sendmail is already talking to some host a new sendmail will not open another connection. This property is of mixed value; although this reduces the load on the other machine, it can cause mail to be delayed (for example, if one sendmail is delivering a huge message, other sendmails will not be able to send even small messages). Also, it requires another file descriptor (for the lock file) per connection, so you may have to reduce the ConnectionCacheSize option to avoid running out of per-process file descriptors. Requires the HostStatusDirectory option.
[$e macro] The message printed when the SMTP
server starts up. Defaults to $j Sendmail $v ready at $b.
[S] Log summary statistics in the named file. If not set, no summary statistics are saved. This file does not grow in size. It can be printed using the mailstats(1M) program.
[s] Be super-safe when running things, for example, always instantiate the queue file, even if you are going to attempt immediate delivery. sendmail always instantiates the queue file before returning control to the client under any circumstances. This should always be set.
[F] The file mode for queue files. It is interpreted in octal by default. Defaults to 0600.
[r; subsumes old T option as well] Set timeout values. The actual timeout is indicated by the type. The recognized timeouts and their default values, and their minimum values specified in RFC1123 section 5.3.2 are:
All of these apply to client SMTP. Also supported are:
If the message is submitted using the NOTIFY
SMTP extension, warning messages will only be sent if
NOTIFY=DELAY is specified. The queuereturn and
queuewarn timeouts can be further qualified with a tag based
on the Precedence: field in the message; they must
be one of the following:
For example, setting Timeout.queuewarn.urgent=1h sets the warning timeout for urgent messages only to one hour. The default if no precedence is indicated is to set the timeout for all precedences.
[t] Set the local time zone information to tzinfo. For example, PST8PDT. Actually, if this is not set, the TZ environment variable is cleared (so the system default is used); if set but null, the user's TZ variable is used, and if set and non-null the TZ variable is set to this value.
[w] If this system is the best (that is, lowest preference)
MX for a given host, its configuration rules should
normally detect this situation and treat that condition specially
by forwarding the mail to a UUCP feed, treating it as local,
or whatever. However, in some cases (such as Internet firewalls)
you may want to try to connect directly to that host as though it
had no MX records at all. Setting this option causes
sendmail to try this. The downside is that errors in your
configuration are likely to be diagnosed as host unknown
or message timed out instead of something more meaningful.
This option is not recommended.
[$l macro] Defines the format used when sendmail
must add a UNIX-style From_ line (that is, a line beginning
From user). Defaults to From $g $d.
Do not change this unless your system uses a different UNIX
mailbox format (very unlikely).
[no short name] If set, :include: and .forward files that are group writable are considered unsafe, that is, they cannot reference programs or write directly to files. World writable :include: and .forward files are always unsafe.
[l] If there is an Errors-To: header, send
error messages to the addresses listed there. They normally go
to the envelope sender. Use of this option causes sendmail
to violate RFC1123. This option is not recommended and
is deprecated.
[U] The user database specification.
[no short name] This is an initial submission directly from a Mail User Agent. This can be set in the configuration file if you have MUAs that don't pass the -U flag or use the XUSR ESMTP extension, but some relayed mail may get inappropriately rewritten if you do.
[v] Run in verbose mode. If this is set, sendmail adjusts options HoldExpensive (old c) and DeliveryMode (old d) so that all mail is delivered completely in a single job so that you can see the entire delivery process. Option Verbose should never be set in the configuration file; it is intended for command line use only.