search groff's tmac directory first

[unix-history] / usr / src / usr.sbin / sendmail / doc / op / op.me

.\" Copyright (c) 1983 Eric P. Allman
.\" Copyright (c) 1983 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" %sccs.include.redist.roff%
.\"
.\"	@(#)op.me	6.51 (Berkeley) %G%
.\"
.\" eqn op.me | pic | troff -me
.eh 'SMM:07-%''Sendmail Installation and Operation Guide'
.oh 'Sendmail Installation and Operation Guide''SMM:07-%'
.\" SD is lib if sendmail is installed in /usr/lib, sbin if in /usr/sbin
.ds SD sbin
.nr si 3n
.de $0
.(x
.in \\$3u*3n
.ti -3n
\\$2.  \\$1
.)x
..
.de $C
.(x
.in 0
\\$1 \\$2.  \\$3
.)x
..
.+c
.(l C
.sz 16
.b SENDMAIL
.sz 12
.sp
.b "INSTALLATION AND OPERATION GUIDE"
.sz 10
.sp
.r
Eric Allman
University of California, Berkeley
Mammoth Project
eric@CS.Berkeley.EDU
.sp
Version 6.51
.sp
For Sendmail Version 6.64
.)l
.sp 2
.pp
.i Sendmail
implements a general purpose internetwork mail routing facility
under the UNIX*
.(f
*UNIX is a trademark of Bell Laboratories.
.)f
operating system.
It is not tied to any one transport protocol \*-
its function may be likened to a crossbar switch,
relaying messages from one domain into another.
In the process,
it can do a limited amount of message header editing
to put the message into a format that is appropriate
for the receiving domain.
All of this is done under the control of a configuration file.
.pp
Due to the requirements of flexibility
for
.i sendmail ,
the configuration file can seem somewhat unapproachable.
However, there are only a few basic configurations
for most sites,
for which standard configuration files have been supplied.
Most other configurations
can be built by adjusting an existing configuration files
incrementally.
.pp
.i Sendmail
is based on
RFC822 (Internet Mail Format Protocol),
RFC821 (Simple Mail Transport Protocol),
RFC1123 (Internet Host Requirements),
and
RFC1425 (SMTP Service Extensions).
However, since
.i sendmail
is designed to work in a wider world,
in many cases it can be configured to exceed these protocols.
These cases are described herein.
.pp
Although
.i sendmail
is intended to run
without the need for monitoring,
it has a number of features
that may be used to monitor or adjust the operation
under unusual circumstances.
These features are described.
.pp
Section one describes how to do a basic
.i sendmail
installation.
Section two
explains the day-to-day information you should know
to maintain your mail system.
If you have a relatively normal site,
these two sections should contain sufficient information
for you to install
.i sendmail
and keep it happy.
Section three
describes some parameters that may be safely tweaked.
Section four
has information regarding the command line arguments.
Section five
contains the nitty-gritty information about the configuration
file.
This section is for masochists
and people who must write their own configuration file.
Section six
gives a brief description of differences
in this version of
.i sendmail .
The appendixes give a brief
but detailed explanation of a number of features
not described in the rest of the paper.
.bp 5
.sh 1 "BASIC INSTALLATION"
.pp
.i
This section is a very rough rewrite;
please don't assume that it is already completely correct.
However,
please send me suggestions so that later versions of this document
can be more accurate.
.pp
There are two basic steps to installing sendmail.
The hard part is to build the configuration table.
This is a file that sendmail reads when it starts up
that describes the mailers it knows about,
how to parse addresses,
how to rewrite the message header,
and the settings of various options.
Although the configuration table is quite complex,
a configuration can usually be built
by adjusting an existing off-the-shelf configuration.
The second part is actually doing the installation,
i.e., creating the necessary files, etc.
.pp
The remainder of this section will describe the installation of sendmail
assuming you can use one of the existing configurations
and that the standard installation parameters are acceptable.
All pathnames and examples
are given from the root of the
.i sendmail
subtree,
normally
.i /usr/src/usr.\*(SD/sendmail
on 4.3BSD.
.pp
If you are loading this off the tape,
continue with the next session.
If you have a running binary already on your system,
you should probably skip to section 1.2.
.sh 2 "Compiling Sendmail"
.pp
All sendmail source is in the
.i src
subdirectory.
If you are running on a 4.4BSD system,
compile by typing
.q make .
On other systems, you may have to make some other adjustments.
.sh 3 "Old versions of make"
.pp
If you are not running the new version of
.b make
you will probably have to use
.(b
make \-f Makefile.dist
.)b
This file does not assume several new syntaxes,
including the
.q +=
syntax in macro definition
and the
.q ".include"
syntax.
.sh 3 "Compilation flags"
.pp
.i Sendmail
supports two different formats
for the
.i aliases
database.
These formats are:
.nr ii 1i
.ip NDBM
The ``new DBM'' format,
available on nearly all systems around today.
This was the preferred format prior to 4.4BSD.
It allows such complex things as multiple databases
and closing a currently open database.
.ip NEWDB
The new database package from Berkeley.
If you have this, use it.
It allows
long records,
multiple open databases,
real in-memory caching,
and so forth.
You can define this in conjunction with one of the other two;
if you do,
old databases are read,
but when a new database is created it will be in NEWDB format.
As a nasty hack,
if you have NEWDB, NDBM, and YPCOMPAT defined,
and if the file
.i /var/yp/Makefile
exists and is readable,
.i sendmail
will create both new and old versions of the alias file
during a
.i newalias
command.
This is required because the Sun NIS/YP system
reads the DBM version of the alias file.
It's ugly as sin,
but it works.
.lp
If neither of these are defined,
.i sendmail
reads the alias file into memory on every invocation.
This can be slow and should be avoided.
.pp
System V based systems can define
SYSTEM5
to make several small adjustments.
This changes the handling of timezones
and uses the much less efficient
.i lockf
call in preference to
.i flock .
These can be specified separately using the compilation flags
SYS5TZ
and
LOCKF
respectively.
.pp
If you don't have the
.i unsetenv
routine in your system library, define the UNSETENV compilation flag.
.pp
You may also have to define the compilation variable LA_TYPE
to describe how your load average is computed.
This and other flags are detailed in section 6.1.
.sh 3 "Compilation and installation"
.pp
After making the local system configuration described above,
You should be able to compile and install the system.
Compilation can be performed using
.q make\**
.(f
\**where you may have to replace
.q make
with
.q "make \-f Makefile.dist"
as appropriate.
.)f
in the
.b sendmail/src
directory.
You may be able to install using
.(b
make install
.)b
This should install the binary in
/usr/\*(SD
and create links from
/usr/bin/newaliases
and
/usr/bin/mailq
to
/usr/\*(SD/sendmail.
On BSD4.4 systems it will also format and install man pages.
.sh 2 "Configuration Files"
.pp
.i Sendmail
cannot operate without a configuration file.
The configuration defines the mail systems understood at this site,
how to access them,
how to forward email to remote mail systems,
and a number of tuning parameters.
This configuration file is detailed
in the later portion of this document.
.pp
The
.i sendmail
configuration can be daunting at first.
The world is complex,
and the mail configuration reflects that.
The distribution includes an m4-based configuration package
that hides a lot of the complexity.
.pp
These configuration files are simpler than old versions
largely because the world has become simpler;
in particular,
text-based host files are officially eliminated,
obviating the need to
.q hide
hosts behind a registered internet gateway.
.pp
These files also assume that most of your neighbors
use domain-based UUCP addressing;
that is,
instead of naming hosts as
.q host!user
they will use
.q host.domain!user .
The configuration files can be customized to work around this,
but it is more complex.
.pp
I haven't tested these yet on an isolated LAN environment
with a single UUCP connection to the outside world.
If you are in such an environment,
please send comments to
sendmail@okeeffe.CS.Berkeley.EDU.
.pp
Our configuration files are processed by
.i m4
to facilitate local customization;
the directory
.i cf
of the
sendmail
distribution directory
contains the source files.
This directory contains several subdirectories:
.nr ii 1i
.ip cf
Both site-dependent and site-independent descriptions of hosts.
These can be literal host names
(e.g.,
.q ucbvax.mc )
when the hosts are gateways
or more general descriptions
(such as
.q "tcpproto.mc"
as a general description of an SMTP-connected host
or
.q "uucpproto.mc"
as a general description of a UUCP-connected host).
Files ending
.b \&.mc
(``Master Configuration'')
are the input descriptions;
the output is in the corresponding
.b \&.cf
file.
The general structure of these files is described below.
.ip domain
Site-dependent subdomain descriptions.
These are tied to the way your organization wants to do addressing.
For example,
.b domain/cs.exposed.m4
is our description for hosts in the CS.Berkeley.EDU subdomain
that want their individual hostname to be externally visible;
.b domain/cs.hidden.m4
is the same except that the hostname is hidden
(everything looks like it comes from CS.Berkeley.EDU).
These are referenced using the
.sm DOMAIN
.b m4
macro in the
.b \&.mc
file.
.ip feature
Definitions of specific features that some particular host in your site
might want.
These are referenced using the
.sm FEATURE
.b m4
macro.
An example feature is
use_cw_file
(which tells sendmail to read an /etc/sendmail.cw file on startup
to find the set of local names).
.ip hack
Local hacks, referenced using the
.sm HACK
.b m4
macro.
Try to avoid these.
The point of having them here is to make it clear that they smell.
.ip m4
Site-independent
.i m4 (1)
include files that have information common to all configuration files.
This can be thought of as a
.q #include
directory.
.ip mailer
Definitions of mailers,
referenced using the
.sm MAILER
.b m4
macro.
Defined mailer types in this distribution are
fax,
local,
smtp,
uucp,
and usenet.
.ip ostype
Definitions describing various operating system environments
(such as the location of support files).
These are referenced using the
.sm OSTYPE
.b m4
macro.
.ip sh
Shell files used by the
.b m4
build process.
You shouldn't have to mess with these.
.ip siteconfig
Local site configuration information,
such as UUCP connectivity.
They normally contain lists of site information, for example:
.(b
SITE(contessa)
SITE(hoptoad)
SITE(nkainc)
SITE(well)
.)b
They are referenced using the SITECONFIG macro:
.(b
SITECONFIG(site.config.file, name_of_site, X)
.)b
where
.i X
is the macro/class name to use.
It can be U
(indicating locally connected hosts)
or one of W, X, or Y
for up to three remote UUCP hubs.
.pp
If you are in a new domain
(e.g., a company),
you will probably want to create a
cf/domain
file for your domain.
This consists primarily of relay definitions:
for example, Berkeley's domain definition
defines relays for
BitNET,
CSNET,
and UUCP.
Of these,
only the UUCP relay is particularly specific
to Berkeley.
All of these are internet-style domain names.
Please check to make certain they are reasonable for your domain.
.pp
Subdomains at Berkeley are also represented in the
cf/domain
directory.
For example,
the domain
cs-exposed
is the Computer Science subdomain with the local hostname shown
to other users;
cs-hidden
makes users appear to be from the CS.Berkeley.EDU subdomain
(with no local host information included).
You will probably have to update this directory
to be appropriate for your domain.
.pp
You will have to use or create
.b \&.mc
files in the
.i cf/cf
subdirectory for your hosts.
This is detailed in the
cf/README
file.
.sh 2 "Details of Installation Files"
.pp
This subsection describes the files that
comprise the
sendmail
installation.
.sh 3 "/usr/\*(SD/sendmail"
.pp
The binary for sendmail is located in /usr/\*(SD\**.
.(f
\**This is usually
/usr/sbin
on 4.4BSD and newer systems;
many systems install it in
/usr/lib.
I understand it is in /usr/ucblib
on System V Release 4.
.)f
It should be setuid root.
For security reasons,
/, /usr, and /usr/\*(SD
should be owned by root, mode 755\**.
.(f
\**Some vendors ship them owned by bin;
this creates a security hole that is not actually related to
.i sendmail .
Other important directories that should have restrictive ownerships
and permissions are
/bin, /usr/bin, /etc, /usr/etc, /lib, and /usr/lib.
.)f
.sh 3 "/etc/sendmail.cf"
.pp
This is the configuration file for sendmail.
This and the frozen configuration file
are the only two non-library file names compiled into sendmail\**.
.(f
\**The system libraries can reference other files;
in particular, system library subroutines that
sendmail
calls probably reference
.i /etc/passwd
and
.i /etc/resolv.conf .
.)f
Some older systems install it in
.b /usr/lib/sendmail.cf .
.pp
If you want to move this file,
change
.i src/pathnames.h .
.pp
The configuration file is normally created
using the distribution files described above.
If you have a particularly unusual system configuration
you may need to create a special version.
The format of this file is detailed in later sections
of this document.
.sh 3 "/usr/ucb/newaliases"
.pp
If you are running delivermail,
it is critical that the
.i newaliases
command be replaced.
This can just be a link to
.i sendmail :
.(b
rm \-f /usr/ucb/newaliases
ln /usr/\*(SD/sendmail /usr/ucb/newaliases
.)b
This can be installed in whatever search path you prefer
for your system.
.sh 3 "/var/spool/mqueue"
.pp
The directory
.i /var/spool/mqueue
should be created to hold the mail queue.
This directory should be mode 700
and owned by root.
.pp
The actual path of this directory
is defined in the
.b Q
option of the
.i sendmail.cf
file.
.sh 3 "/etc/aliases*"
.pp
The system aliases are held in
.q /etc/aliases .
A sample is given in
.q lib/aliases
which includes some aliases which
.i must
be defined:
.(b
cp lib/aliases /etc/aliases
.i "edit /etc/aliases"
.)b
You should extend this file with any aliases that are apropos to your system.
.pp
Normally
.i sendmail
looks at a version of these files maintained by the
.i dbm \|(3)
or
.i db \|(3)
routines.
These are stored either in
.q /etc/aliases.dir
and
.q /etc/aliases.pag
or
.q /etc/aliases.db
depending on which database package you are using.
These can initially be created as empty files,
but they will have to be initialized promptly.
These should be mode 644:
.(b
cp /dev/null /etc/aliases.dir
cp /dev/null /etc/aliases.pag
chmod 644 /etc/aliases.*
newaliases
.)b
The
.i db
routines preset the mode reasonably,
so this step can be skipped.
The actual path of this file
is defined in the
.b A
option of the
.i sendmail.cf
file.
.sh 3 "/etc/sendmail.fc"
.pp
If you intend to install the frozen version of the configuration file
(for quick startup)
you should create the file /etc/sendmail.fc
and initialize it.
This step may be safely skipped.
.(b
cp /dev/null /etc/sendmail.fc
chmod 644 /etc/sendmail.fc
/usr/\*(SD/sendmail \-bz
.)b
In general, freeze files are not worth doing
unless your disks are much faster than your CPU;
this is seldom true any more.
.pp
If your
.i sendmail
was not compiled with
.sm FROZENCONFIG
defined, the
.b \-bz
flag will be ignored.
.sh 3 "/etc/rc"
.pp
It will be necessary to start up the sendmail daemon when your system reboots.
This daemon performs two functions:
it listens on the SMTP socket for connections
(to receive mail from a remote system)
and it processes the queue periodically
to insure that mail gets delivered when hosts come up.
.pp
Add the following lines to
.q /etc/rc
(or
.q /etc/rc.local
as appropriate)
in the area where it is starting up the daemons:
.(b
if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/sendmail.cf ]; then
	(cd /var/spool/mqueue; rm \-f [lnx]f*)
	/usr/\*(SD/sendmail \-bd \-q30m &
	echo \-n ' sendmail' >/dev/console
fi
.)b
The
.q cd
and
.q rm
commands insure that all lock files have been removed;
extraneous lock files may be left around
if the system goes down in the middle of processing a message.
The line that actually invokes
.i sendmail
has two flags:
.q \-bd
causes it to listen on the SMTP port,
and
.q \-q30m
causes it to run the queue every half hour.
.pp
Some people use a more complex startup script,
removing zero length qf files and df files for which there is no qf file.
For example:
.(b
# remove zero length qf files
for qffile in qf*
do
	if [ \-r $qffile ]
	then
		if [ ! \-s $qffile ]
		then
			echo \-n " <zero: $qffile>" > /dev/console
			rm \-f $qffile
		fi
	fi
done
# rename tf files to be qf if the qf does not exist
for tffile in tf*
do
	qffile=`echo $tffile | sed 's/t/q/'`
	if [ \-r $tffile \-a ! \-f $qffile ]
	then
		echo \-n " <recovering: $tffile>" > /dev/console
		mv $tffile $qffile
	else
		echo \-n " <extra: $tffile>" > /dev/console
		rm \-f $tffile
	fi
done
# remove bogus qf files
for dffile in df*
do
	qffile=`echo $dffile | sed 's/d/q/'`
	if [ \-r $dffile \-a ! \-f $qffile ]
	then
		echo \-n " <incomplete: $dffile>" > /dev/console
		rm \-f $dffile
	fi
done
fi
.)b
.pp
If you are not running a version of UNIX
that supports Berkeley TCP/IP,
do not include the
.b \-bd
flag.
.sh 3 "/usr/lib/sendmail.hf"
.pp
This is the help file used by the SMTP
.b HELP
command.
It should be copied from
.q lib/sendmail.hf :
.(b
cp lib/sendmail.hf /usr/lib
.)b
The actual path of this file
is defined in the
.b H
option of the
.i sendmail.cf
file.
.sh 3 "/etc/sendmail.st"
.pp
If you wish to collect statistics
about your mail traffic,
you should create the file
.q /etc/sendmail.st :
.(b
cp /dev/null /etc/sendmail.st
chmod 666 /etc/sendmail.st
.)b
This file does not grow.
It is printed with the program
.q mailstats/mailstats.c.
The actual path of this file
is defined in the
.b S
option of the
.i sendmail.cf
file.
.sh 3 "/usr/ucb/newaliases"
.pp
If
.i sendmail
is invoked as
.q newaliases,
it will simulate the
.b \-bi
flag
(i.e., will rebuild the alias database;
see below).
This should be a link to /usr/\*(SD/sendmail.
.sh 3 "/usr/ucb/mailq"
.pp
If
.i sendmail
is invoked as
.q mailq,
it will simulate the
.b \-bp
flag
(i.e.,
.i sendmail
will print the contents of the mail queue;
see below).
This should be a link to /usr/\*(SD/sendmail.
.sh 1 "NORMAL OPERATIONS"
.sh 2 "``Quick'' Configuration Startup"
.pp
if the
.sm FROZENCONFIG
option is included during compilation,
a precompiled (``frozen'') version of the configuration file
can be created using the
.b \-bz
flag.
This is really only worthwhile doing
if you are on a slow processor with a relatively fast I/O system
(a VAX 11/750 is a good example).
Since it creates other problems,
I recommend against using the frozen configuration
on most current architectures.
.pp
To create the freeze file, use
.(b
/usr/\*(SD/sendmail \-bz
.)b
This creates the frozen configuration file
.i /etc/sendmail.fc .
This file is an image of
.i sendmail 's
data space after reading in the configuration file.
If this file exists,
it is used instead of
.i /etc/sendmail.cf
.i sendmail.fc
must be rebuilt manually every time
.i sendmail.cf
is changed.
.pp
The frozen configuration file will be ignored
if a
.b \-C
flag is specified
or if sendmail detects that it is out of date.
However, the heuristics are not strong
so this should not be trusted.
.sh 2 "The System Log"
.pp
The system log is supported by the
.i syslogd \|(8)
program.
.sh 3 "Format"
.pp
Each line in the system log
consists of a timestamp,
the name of the machine that generated it
(for logging from several machines
over the local area network),
the word
.q sendmail: ,
and a message.
.sh 3 "Levels"
.pp
If you have
.i syslogd \|(8)
or an equivalent installed,
you will be able to do logging.
There is a large amount of information that can be logged.
The log is arranged as a succession of levels.
At the lowest level
only extremely strange situations are logged.
At the highest level,
even the most mundane and uninteresting events
are recorded for posterity.
As a convention,
log levels under ten
are considered generally
.q useful;
log levels above 64
are reserved for debugging purposes.
Levels from 11\-64 are reserved for verbose information
that some sites might want.
.pp
A complete description of the log levels
is given in section 4.6.
.sh 2 "The Mail Queue"
.pp
The mail queue should be processed transparently.
However, you may find that manual intervention is sometimes necessary.
For example,
if a major host is down for a period of time
the queue may become clogged.
Although sendmail ought to recover gracefully when the host comes up,
you may find performance unacceptably bad in the meantime.
.sh 3 "Printing the queue"
.pp
The contents of the queue can be printed
using the
.i mailq
command
(or by specifying the
.b \-bp
flag to sendmail):
.(b
mailq
.)b
This will produce a listing of the queue id's,
the size of the message,
the date the message entered the queue,
and the sender and recipients.
.sh 3 "Forcing the queue"
.pp
.i Sendmail
should run the queue automatically
at intervals.
The algorithm is to read and sort the queue,
and then to attempt to process all jobs in order.
When it attempts to run the job,
.i sendmail
first checks to see if the job is locked.
If so, it ignores the job.
.pp
There is no attempt to insure that only one queue processor
exists at any time,
since there is no guarantee that a job cannot take forever
to process
(however,
.i sendmail
does include heuristics to try to abort jobs
that are taking absurd amounts of time;
technically, this violates RFC 821, but is blessed by RFC 1123).
Due to the locking algorithm,
it is impossible for one job to freeze the entire queue.
However,
an uncooperative recipient host
or a program recipient
that never returns
can accumulate many processes in your system.
Unfortunately,
there is no completely general way to solve this.
.pp
In some cases,
you may find that a major host going down
for a couple of days
may create a prohibitively large queue.
This will result in
.i sendmail
spending an inordinate amount of time
sorting the queue.
This situation can be fixed by moving the queue to a temporary place
and creating a new queue.
The old queue can be run later when the offending host returns to service.
.pp
To do this,
it is acceptable to move the entire queue directory:
.(b
cd /var/spool
mv mqueue omqueue; mkdir mqueue; chmod 700 mqueue
.)b
You should then kill the existing daemon
(since it will still be processing in the old queue directory)
and create a new daemon.
.pp
To run the old mail queue,
run the following command:
.(b
/usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
.)b
The
.b \-oQ
flag specifies an alternate queue directory
and the
.b \-q
flag says to just run every job in the queue.
If you have a tendency toward voyeurism,
you can use the
.b \-v
flag to watch what is going on.
.pp
When the queue is finally emptied,
you can remove the directory:
.(b
rmdir /var/spool/omqueue
.)b
.sh 2 "The Alias Database"
.pp
The alias database exists in two forms.
One is a text form,
maintained in the file
.i /etc/aliases.
The aliases are of the form
.(b
name: name1, name2, ...
.)b
Only local names may be aliased;
e.g.,
.(b
eric@prep.ai.MIT.EDU: eric@CS.Berkeley.EDU
.)b
will not have the desired effect.
Aliases may be continued by starting any continuation lines
with a space or a tab.
Blank lines and lines beginning with a sharp sign
(\c
.q # )
are comments.
.pp
The second form is processed by the
.i dbm \|(3)
(or
.i db \|(3))
library.
This form is in the files
.i /etc/aliases.dir
and
.i /etc/aliases.pag.
This is the form that
.i sendmail
actually uses to resolve aliases.
This technique is used to improve performance.
.pp
You can also use
.sm NIS -based
alias files.
For example, the specification:
.(b
OA/etc/aliases
OAnis:mail.aliases@my.nis.domain
.)b
will first search the /etc/aliases file
and then the map named
.q mail.aliases
in
.q my.nis.domain .
.sh 3 "Rebuilding the alias database"
.pp
The DB or DBM version of the database
may be rebuilt explicitly by executing the command
.(b
newaliases
.)b
This is equivalent to giving
.i sendmail
the
.b \-bi
flag:
.(b
/usr/\*(SD/sendmail \-bi
.)b
.pp
If the
.q D
option is specified in the configuration,
.i sendmail
will rebuild the alias database automatically
if possible
when it is out of date.
Auto-rebuild can be dangerous
on heavily loaded machines
with large alias files;
if it might take more than five minutes
to rebuild the database,
there is a chance that several processes will start the rebuild process
simultaneously.
.pp
If you have multiple aliases databases specified,
the
.b \-bi
flag rebuilds all the database types it understands
(for example, it can rebuild dbm databases but not nis databases).
.sh 3 "Potential problems"
.pp
There are a number of problems that can occur
with the alias database.
They all result from a
.i sendmail
process accessing the DBM version
while it is only partially built.
This can happen under two circumstances:
One process accesses the database
while another process is rebuilding it,
or the process rebuilding the database dies
(due to being killed or a system crash)
before completing the rebuild.
.pp
Sendmail has two techniques to try to relieve these problems.
First, it ignores interrupts while rebuilding the database;
this avoids the problem of someone aborting the process
leaving a partially rebuilt database.
Second,
at the end of the rebuild
it adds an alias of the form
.(b
@: @
.)b
(which is not normally legal).
Before sendmail will access the database,
it checks to insure that this entry exists\**.
.(f
\**The
.q a
option is required in the configuration
for this action to occur.
This should normally be specified
unless you are running
.i delivermail
in parallel with
.i sendmail.
.)f
.sh 3 "List owners"
.pp
If an error occurs on sending to a certain address,
say
.q \fIx\fP ,
.i sendmail
will look for an alias
of the form
.q owner-\fIx\fP
to receive the errors.
This is typically useful
for a mailing list
where the submitter of the list
has no control over the maintenance of the list itself;
in this case the list maintainer would be the owner of the list.
For example:
.(b
unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
	sam@matisse
owner-unix-wizards: eric@ucbarpa
.)b
would cause
.q eric@ucbarpa
to get the error that will occur
when someone sends to
unix-wizards
due to the inclusion of
.q nosuchuser
on the list.
.pp
List owners also cause the envelope sender address to be modified.
The contents of the owner alias are used if they point to a single user,
otherwise the name of the alias itself is used.
For this reason, and to obey Internet conventions,
a typical scheme would be:
.(b
list:	some, set, of, addresses
list-request:	list, administrators
owner-list:	list-request
.)b
.sh 2 "User Information Database"
.pp
If you have a version of
.i sendmail
with the user information database
compiled in,
and you have specified one or more databases using the
.b U
option,
the databases will be searched for a
.i user :maildrop
entry.
If found, the mail will be sent to the specified address.
.pp
If the first token passed to user part of the
.q local
mailer is an at sign,
the at sign will be stripped off
and this step will be skipped.
.sh 2 "Per-User Forwarding (.forward Files)"
.pp
As an alternative to the alias database,
any user may put a file with the name
.q .forward
in his or her home directory.
If this file exists,
.i sendmail
redirects mail for that user
to the list of addresses listed in the .forward file.
For example, if the home directory for user
.q mckusick
has a .forward file with contents:
.(b
mckusick@ernie
kirk@calder
.)b
then any mail arriving for
.q mckusick
will be redirected to the specified accounts.
.pp
Actually, the configuration file defines a sequence of filenames to check.
By default, this is the user's .forward file,
but can be defined to be more generally using the
.b J
option.
If you change this,
you will have to inform your user base of the change;
\&.forward is pretty well incorporated into the collective subconscious.
.sh 2 "Special Header Lines"
.pp
Several header lines have special interpretations
defined by the configuration file.
Others have interpretations built into
.i sendmail
that cannot be changed without changing the code.
These builtins are described here.
.sh 3 "Return-Receipt-To:"
.pp
If this header is sent,
a message will be sent to any specified addresses
when the final delivery is complete,
that is,
when successfully delivered to a mailer with the
.b l
flag (local delivery) set in the mailer descriptor.
.sh 3 "Errors-To:"
.pp
If errors occur anywhere during processing,
this header will cause error messages to go to
the listed addresses.
This is intended for mailing lists.
.pp
The Errors-To: header was created in the bad old days
when UUCP didn't understand the distinction between an envelope and a header;
this was a hack to provide what should now be passed
as the envelope sender address.
It should go away.
It is only used if the
.b l
option is set.
.sh 3 "Apparently-To:"
.pp
If a message comes in with no recipients listed in the message
(in a To:, Cc:, or Bcc: line)
then
.i sendmail
will add an
.q "Apparently-To:"
header line for any recipients it is aware of.
This is not put in as a standard recipient line
to warn any recipients that the list is not complete.
.pp
At least one recipient line is required under RFC 822.
.sh 2 "IDENT Protocol Support"
.pp
.i Sendmail
supports the IDENT protocol as defined in RFC 1413.
Although this enhances identification
of the author of an email message
by doing a ``call back'' to the originating system to include
the owner of a particular TCP connection
in the audit trail
it is in no sense perfect;
a determined forger can easily spoof the IDENT protocol.
The following description is excerpted from RFC 1413:
.ba +5
6.  Security Considerations
.lp
The information returned by this protocol is at most as trustworthy
as the host providing it OR the organization operating the host.  For
example, a PC in an open lab has few if any controls on it to prevent
a user from having this protocol return any identifier the user
wants.  Likewise, if the host has been compromised the information
returned may be completely erroneous and misleading.
.lp
The Identification Protocol is not intended as an authorization or
access control protocol.  At best, it provides some additional
auditing information with respect to TCP connections.  At worst, it
can provide misleading, incorrect, or maliciously incorrect
information.
.lp
The use of the information returned by this protocol for other than
auditing is strongly discouraged.  Specifically, using Identification
Protocol information to make access control decisions - either as the
primary method (i.e., no other checks) or as an adjunct to other
methods may result in a weakening of normal host security.
.lp
An Identification server may reveal information about users,
entities, objects or processes which might normally be considered
private.  An Identification server provides service which is a rough
analog of the CallerID services provided by some phone companies and
many of the same privacy considerations and arguments that apply to
the CallerID service apply to Identification.  If you wouldn't run a
"finger" server due to privacy considerations you may not want to run
this protocol.
.ba
.sh 1 "ARGUMENTS"
.pp
The complete list of arguments to
.i sendmail
is described in detail in Appendix A.
Some important arguments are described here.
.sh 2 "Queue Interval"
.pp
The amount of time between forking a process
to run through the queue
is defined by the
.b \-q
flag.
If you run in mode
.b f
or
.b a
this can be relatively large,
since it will only be relevant
when a host that was down comes back up.
If you run in
.b q
mode
it should be relatively short,
since it defines the maximum amount of time that a message
may sit in the queue.
.pp
RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
(although that probably doesn't make sense if you use ``queue-only'' mode).
.sh 2 "Daemon Mode"
.pp
If you allow incoming mail over an IPC connection,
you should have a daemon running.
This should be set by your
.i /etc/rc
file using the
.b \-bd
flag.
The
.b \-bd
flag and the
.b \-q
flag may be combined in one call:
.(b
/usr/\*(SD/sendmail \-bd \-q30m
.)b
.sh 2 "Forcing the Queue"
.pp
In some cases you may find that the queue has gotten clogged for some reason.
You can force a queue run
using the
.b \-q
flag (with no value).
It is entertaining to use the
.b \-v
flag (verbose)
when this is done to watch what happens:
.(b
/usr/\*(SD/sendmail \-q \-v
.)b
.pp
You can also limit the jobs to those with a particular queue identifier,
sender, or recipient
using one of the queue modifiers.
For example,
.q \-qRberkeley
restricts the queue run to jobs that have the string
.q berkeley
somewhere in one of the recipient addresses.
Similarly,
.q \-qSstring
limits the run to particular senders and
.q \-qIstring
limits it to particular identifiers.
.sh 2 "Debugging"
.pp
There are a fairly large number of debug flags
built into
.i sendmail .
Each debug flag has a number and a level,
where higher levels means to print out more information.
The convention is that levels greater than nine are
.q absurd,
i.e.,
they print out so much information that you wouldn't normally
want to see them except for debugging that particular piece of code.
Debug flags are set using the
.b \-d
option;
the syntax is:
.(b
.ta \w'debug-option  'u
debug-flag:	\fB\-d\fP debug-list
debug-list:	debug-option [ , debug-option ]
debug-option:	debug-range [ . debug-level ]
debug-range:	integer | integer \- integer
debug-level:	integer
.)b
where spaces are for reading ease only.
For example,
.(b
\-d12	Set flag 12 to level 1
\-d12.3	Set flag 12 to level 3
\-d3-17	Set flags 3 through 17 to level 1
\-d3-17.4	Set flags 3 through 17 to level 4
.)b
For a complete list of the available debug flags
you will have to look at the code
(they are too dynamic to keep this documentation up to date).
.sh 2 "Trying a Different Configuration File"
.pp
An alternative configuration file
can be specified using the
.b \-C
flag; for example,
.(b
/usr/\*(SD/sendmail \-Ctest.cf
.)b
uses the configuration file
.i test.cf
instead of the default
.i /etc/sendmail.cf.
If the
.b \-C
flag has no value
it defaults to
.i sendmail.cf
in the current directory.
.sh 2 "Changing the Values of Options"
.pp
Options can be overridden using the
.b \-o
flag.
For example,
.(b
/usr/\*(SD/sendmail \-oT2m
.)b
sets the
.b T
(timeout) option to two minutes
for this run only.
.pp
Some options have security implications.
Sendmail allows you to set these,
but refuses to run as root thereafter.
.sh 1 "TUNING"
.pp
There are a number of configuration parameters
you may want to change,
depending on the requirements of your site.
Most of these are set
using an option in the configuration file.
For example,
the line
.q OT5d
sets option
.q T
to the value
.q 5d
(five days).
.pp
Most of these options have appropriate defaults for most sites.
However,
sites having very high mail loads may find they need to tune them
as appropriate for their mail load.
In particular,
sites experiencing a large number of small messages,
many of which are delivered to many recipients,
may find that they need to adjust the parameters
dealing with queue priorities.
.sh 2 "Timeouts"
.pp
All time intervals are set
using a scaled syntax.
For example,
.q 10m
represents ten minutes, whereas
.q 2h30m
represents two and a half hours.
The full set of scales is:
.(b
.ta 4n
s	seconds
m	minutes
h	hours
d	days
w	weeks
.)b
.sh 3 "Queue interval"
.pp
The argument to the
.b \-q
flag
specifies how often a sub-daemon will run the queue.
This is typically set to between fifteen minutes
and one hour.
RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
.sh 3 "Read timeouts"
.pp
It is possible to time out when reading the standard input
or when reading from a remote SMTP server.
These timeouts are set using the
.b r
option in the configuration file.
The argument is a list of
.i keyword=value
pairs.
The recognized keywords, their default values, and the minimum values
allowed by RFC 1123 section 5.3.2 are:
.nr ii 1i
.ip initial
The wait for the initial 220 greeting message
[5m, 5m].
.ip helo
The wait for a reply from a HELO or EHLO command
[5m, unspecified].
This may require a host name lookup, so
five minutes is probably a reasonable minimum.
.ip mail\(dg
The wait for a reply from a MAIL command
[10m, 5m].
.ip rcpt\(dg
The wait for a reply from a RCPT command
[1h, 5m].
This should be long
because it could be pointing at a list
that takes a long time to expand.
.ip datainit\(dg
The wait for a reply from a DATA command
[5m, 2m].
.ip datablock\(dg
The wait for reading a data block
(that is, the body of the message).
[1h, 3m].
This should be long because it also applies to programs
piping input to
.i sendmail
which have no guarantee of promptness.
.ip datafinal\(dg
The wait for a reply from the dot terminating a message.
[1h, 10m].
If this is shorter than the time actually needed
for the receiver to deliver the message,
duplicates will be generated.
This is discussed in RFC 1047.
.ip rset
The wait for a reply from a RSET command
[5m, unspecified].
.ip quit
The wait for a reply from a QUIT command
[2m, unspecified].
.ip misc
The wait for a reply from miscellaneous (but short) commands
such as NOOP (no-operation) and VERB (go into verbose mode).
[2m, unspecified].
.ip command\(dg
In server SMTP,
the time to wait for another command.
[1h, 5m].
.lp
For compatibility with old configuration files,
if no ``keyword='' is specified,
all the timeouts marked with \(dg are set to the indicated value.
.pp
Many of the RFC 1123 minimum values
may well be too short.
.i Sendmail
was designed to the RFC 822 protocols,
which did not specify read timeouts;
hence,
.i sendmail
does not guarantee to reply to messages promptly.
In particular, a
.q RCPT
command specifying a mailing list
will expand and verify the entire list;
a large list on a slow system
may take more than five minutes\**.
.(f
\**This verification includes looking up every address
with the name server;
this involves network delays,
and can in some cases can be considerable.
.)f
I recommend a one hour timeout \*-
since this failure is rare,
a long timeout is not onerous
and may ultimately help reduce network load.
.pp
For example, the line:
.(b
Orcommand=25m,datablock=3h
.)b
sets the server SMTP command timeout to 25 minutes
and the input data block timeout to three hours.
.sh 3 "Message timeouts"
.pp
After sitting in the queue for a few days,
a message will time out.
This is to insure that at least the sender is aware
of the inability to send a message.
The timeout is typically set to three days.
This timeout is set using the
.b T
option in the configuration file.
.pp
The time of submission is set in the queue,
rather than the amount of time left until timeout.
As a result, you can flush messages that have been hanging
for a short period
by running the queue
with a short message timeout.
For example,
.(b
/usr/\*(SD/sendmail \-oT1d \-q
.)b
will run the queue
and flush anything that is one day old.
.pp
Since this option is global,
and since you can not
.i "a priori"
know how long another host outside your domain will be down,
a five day timeout is recommended.
This allows a recipient to fix the problem even if it occurs
at the beginning of a long weekend.
RFC 1123 section 5.3.1.1 says that this parameter
should be ``at least 4\-5 days''.
.pp
The
.b T
option can also take a second timeout indicating a time after which
a warning message should be sent;
the two timeouts are separated by a slash.
For example, the value
.(b
5d/4h
.)b
causes email to fail after five days,
but a warning message will be sent after four hours.
This should be large enough that the message will have been tried
several times.
.sh 2 "Forking During Queue Runs"
.pp
By setting the
.b Y
option,
.i sendmail
will fork before each individual message
while running the queue.
This will prevent
.i sendmail
from consuming large amounts of memory,
so it may be useful in memory-poor environments.
However, if the
.b Y
option is not set,
.i sendmail
will keep track of hosts that are down during a queue run,
which can improve performance dramatically.
.pp
If the
.b Y
option is set,
.i sendmail
can not use connection caching.
.sh 2 "Queue Priorities"
.pp
Every message is assigned a priority when it is first instantiated,
consisting of the message size (in bytes)
offset by the message class times the
.q "work class factor"
and the number of recipients times the
.q "work recipient factor."
The priority is used to order the queue.
Higher numbers for the priority mean that the message will be processed later
when running the queue.
.pp
The message size is included so that large messages are penalized
relative to small messages.
The message class allows users to send
.q "high priority"
messages by including a
.q Precedence:
field in their message;
the value of this field is looked up in the
.b P
lines of the configuration file.
Since the number of recipients affects the amount of load a message presents
to the system,
this is also included into the priority.
.pp
The recipient and class factors
can be set in the configuration file using the
.b y
and
.b z
options respectively.
They default to 30000 (for the recipient factor)
and 1800
(for the class factor).
The initial priority is:
.EQ
pri = size - (class times bold z) + (nrcpt times bold y)
.EN
(Remember, higher values for this parameter actually mean
that the job will be treated with lower priority.)
.pp
The priority of a job can also be adjusted each time it is processed
(that is, each time an attempt is made to deliver it)
using the
.q "work time factor,"
set by the
.b Z
option.
This is added to the priority,
so it normally decreases the precedence of the job,
on the grounds that jobs that have failed many times
will tend to fail again in the future.
The
.b Z
option defaults to 90000.
.sh 2 "Load Limiting"
.pp
.i Sendmail
can be asked to queue (but not deliver)
mail if the system load average gets too high
using the
.b x
option.
When the load average exceeds the value of the
.b x
option,
the delivery mode is set to
.b q
(queue only)
if the
.i "Queue Factor"
(\c
.b q
option)
divided by the difference in the current load average and the
.b x
option
plus one
exceeds the priority of the message \(em
that is, the message is queued iff:
.EQ
pri > { bold q } over { LA - { bold x } + 1 }
.EN
The
.b q
option defaults to 200000,
so each point of load average is worth 200000
priority points
(as described above).
.pp
For drastic cases,
the
.b X
option defines a load average at which sendmail will refuse
to accept network connections.
Locally generated mail
(including incoming UUCP mail)
is still accepted.
.sh 2 "Delivery Mode"
.pp
There are a number of delivery modes that
.i sendmail
can operate in,
set by the
.q d
configuration option.
These modes
specify how quickly mail will be delivered.
Legal modes are:
.(b
.ta 4n
i	deliver interactively (synchronously)
b	deliver in background (asynchronously)
q	queue only (don't deliver)
.)b
There are tradeoffs.
Mode
.q i
passes the maximum amount of information to the sender,
but is hardly ever necessary.
Mode
.q q
puts the minimum load on your machine,
but means that delivery may be delayed for up to the queue interval.
Mode
.q b
is probably a good compromise.
However, this mode can cause large numbers of processes
if you have a mailer that takes a long time to deliver a message.
.pp
If you run in mode
.q q
(queue only)
.i sendmail
will not expand aliases and follow .forward files
upon initial receipt of the mail.
This speeds up the response to RCPT commands.
.sh 2 "Log Level"
.pp
The level of logging can be set for sendmail.
The default using a standard configuration table is level 9.
The levels are as follows:
.nr ii 0.5i
.ip 0
No logging.
.ip 1
Serious system failures and potential security problems.
.ip 2
Lost communications (network problems) and protocol failures.
.ip 3
Other serious failures.
.ip 4
Minor failures.
.ip 5
Message collection statistics.
.ip 6
Creation of error messages,
VRFY and EXPN commands.
.ip 7
Delivery failures (host or user unknown, etc.).
.ip 8
Successful deliveries.
.ip 9
Messages being deferred
(due to a host being down, etc.).
.ip 10
Database expansion (alias, forward, and userdb lookups).
.ip 15
Automatic alias database rebuilds.
.ip 20
Logs attempts to run locked queue files.
These are not errors,
but can be useful to note if your queue appears to be clogged.
.ip 30
Lost locks (only if using lockf instead of flock).
.lp
Additionally,
values above 64 are reserved for extremely verbose debuggging output.
No normal site would ever set these.
.sh 2 "File Modes"
.pp
There are a number of files
that may have a number of modes.
The modes depend on what functionality you want
and the level of security you require.
.sh 3 "To suid or not to suid?"
.pp
.i Sendmail
can safely be made
setuid to root.
At the point where it is about to
.i exec \|(2)
a mailer,
it checks to see if the userid is zero;
if so,
it resets the userid and groupid to a default
(set by the
.b u
and
.b g
options).
(This can be overridden
by setting the
.b S
flag to the mailer
for mailers that are trusted
and must be called as root.)
However,
this will cause mail processing
to be accounted
(using
.i sa \|(8))
to root
rather than to the user sending the mail.
.sh 3 "Should my alias database be writable?"
.pp
At Berkeley
we have the alias database
(/etc/aliases*)
mode 644.
While this is not as flexible as if the database
were more 666, it avoids potential security problems
with a globally writable database.
.pp
The database that
.i sendmail
actually used
is represented by the two files
.i aliases.dir
and
.i aliases.pag
(both in /etc)
(or
.i aliases.db
if you are running with the new Berkeley database primitives).
The mode on these files should match the mode
on /etc/aliases.
If
.i aliases
is writable
and the
DBM
files
(\c
.i aliases.dir
and
.i aliases.pag )
are not,
users will be unable to reflect their desired changes
through to the actual database.
However,
if
.i aliases
is read-only
and the DBM files are writable,
a slightly sophisticated user
can arrange to steal mail anyway.
.pp
If your DBM files are not writable by the world
or you do not have auto-rebuild enabled
(with the
.q D
option),
then you must be careful to reconstruct the alias database
each time you change the text version:
.(b
newaliases
.)b
If this step is ignored or forgotten
any intended changes will also be ignored or forgotten.
.sh 2 "Connection Caching"
.pp
When processing the queue,
.b sendmail
will try to keep the last few open connections open
to avoid startup and shutdown costs.
This only applies to IPC connections.
.pp
When trying to open a connection
the cache is first searched.
If an open connection is found, it is probed to see if it is still active
by sending a
.sm NOOP
command.
It is not an error if this fails;
instead, the connection is closed and reopened.
.pp
Two parameters control the connection cache.
The
.b k
option defines the number of simultaneous open connections
that will be permitted.
If it is set to zero,
connections will be closed as quickly as possible.
The default is one.
This should be set as appropriate for your system size;
it will limit the amount of system resources that
.b sendmail
will use during queue runs.
.pp
The
.b K
option specifies the maximum time that any cached connection
will be permitted to idle.
When the idle time exceeds this value
the connection is closed.
This number should be small
(under ten minutes)
to prevent you from grabbing too many resources
from other hosts.
The default is five minutes.
.sh 2 "Name Server Access"
.pp
If your system supports the name server,
then the probability is that
.i sendmail
will be using it regardless of how you configure sendmail.
However, if you have nameserver support
which you are not using,
sendmail will get a
.q "connection refused"
message when it tries to connect to the name server
(either by calling
.i gethostbyname
or by trying to look up the MX records).
If the
.b I
option is set,
.i sendmail
will interpret this to mean a temporary failure;
otherwise, it ignores the name server data.
If your name server is running properly,
the setting of this option is not relevant;
however, it is important that it be set properly
to make error handling work properly.
.pp
This option also allows you to tweak name server options.
The command line takes a series of flags as documented in
.i resolver (3)
(with the leading
.q RES_
deleted).
Each can be preceded by an optional `+' or `\(mi'.
For example, the line
.(b
OITrue +AAONLY \(miDNSRCH
.)b
turns on the AAONLY (accept authoritative answers only)
and turns off the DNSRCH (search the domain path) options.
Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE
flags on and all others off.
Note the use of the initial ``True'' \*-
this is for compatibility with previous versions of sendmail,
but is not otherwise necessary.
.pp
Version level 1 configurations
turn DNSRCH and DEFNAMES off when doing delivery lookups,
but leave them on everywhere else.
Version 6 of
.i sendmail
ignores them when doing canonification lookups
(that is, when using $[ ... $]),
and always does the search.
If you don't want to do automatic name extension,
don't call $[ ... $].
.pp
The search rules for $[ ... $] are somewhat different than usual.
If the name (that is, the ``...'')
has at least one dot, it always tries the unmodified name first.
If that fails, it tries the reduced search path,
and lastly tries the unmodified name
(but only for names without a dot,
since names with a dot have already been tried).
This allows names such as
``utc.CS''
to match the site in Czechoslovakia
rather than the site in your local Computer Science department.
It also prefers A and CNAME records over MX records \*-
that is, if it finds an MX record it makes note of it,
but keeps looking.
This way, if you have a wildcard MX record matching your domain,
it will not assume that all names match.
.sh 2 "Moving the Per-User Forward Files"
.pp
Some sites mount each user's home directory
from a local disk on their workstation,
so that local access is fast.
However, the result is that .forward file lookups are slow.
In some cases,
mail can even be delivered on machines inappropriately
because of a file server being down.
The performance can be especially bad if you run the automounter.
.pp
The
.b J
option allows you to set a path of forward files.
For example, the config file line
.(b
OJ/var/forward/$u:$z/.forward
.)b
would first look for a file with the same name as the user's login
in /var/forward;
if that is not found (or is inaccessible)
the file
.q \&.forward
in the user's home directory is searched.
A truly perverse site could also search by sender
by using $r, $s, or $f.
.pp
If you create a directory such as /var/forward,
it should be mode 1777
(that is, the sticky bit should be set).
Users should create the files mode 644.
.sh 2 "Free Space"
.pp
On systems that have the
.i statfs (2)
system call,
you can specify a minimum number of free blocks on the queue filesystem
using the
.b b
option.
If there are fewer than the indicated number of blocks free
on the filesystem on which the queue is mounted
the SMTP server will reject mail
with the
452 error code.
This invites the SMTP client to try again later.
.pp
Beware of setting this option too high;
it can cause rejection of email
when that mail would be processed without difficulty.
.pp
This option can also specify an advertised
.q "maximum message size"
for hosts that speak ESMTP.
.sh 2 "Privacy Flags"
.pp
The
.b p
option allows you to set certain
``privacy''
flags.
Actually, many of them don't give you any extra privacy,
rather just insisting that client SMTP servers
use the HELO command
before using certain commands.
.pp
The option takes a series of flag names;
the final privacy is the inclusive or of those flags.
For example:
.(b
Op needmailhelo, noexpn
.)b
insists that the HELO or EHLO command be used before a MAIL command is accepted
and disables the EXPN command.
.pp
The
.q restrictmailq
option restricts printing the queue to the group that owns the queue directory.
It is absurd to set this if you don't also protect the logs.
.sh 2 "Send to Me Too"
.pp
Normally,
.i sendmail
deletes the (envelope) sender from any list expansions.
For example, if
.q matt
sends to a list that contains
.q matt
as one of the members he won't get a copy of the message.
If the
.b \-m
(me too)
command line flag, or if the
.b m
option is set in the configuration file,
this behaviour is supressed.
Some sites like to run the
.sm SMTP
daemon with
.b \-m .
.sh 1 "THE WHOLE SCOOP ON THE CONFIGURATION FILE"
.pp
This section describes the configuration file
in detail,
including hints on how to write one of your own
if you have to.
.pp
There is one point that should be made clear immediately:
the syntax of the configuration file
is designed to be reasonably easy to parse,
since this is done every time
.i sendmail
starts up,
rather than easy for a human to read or write.
On the
.q "future project"
list is a
configuration-file compiler.
.pp
An overview of the configuration file
is given first,
followed by details of the semantics.
.sh 2 "Configuration File Lines"
.pp
The configuration file is organized as a series of lines,
each of which begins with a single character
defining the semantics for the rest of the line.
Lines beginning with a space or a tab
are continuation lines
(although the semantics are not well defined in many places).
Blank lines and lines beginning with a sharp symbol
(`#')
are comments.
.sh 3 "R and S \*- rewriting rules"
.pp
The core of address parsing
are the rewriting rules.
These are an ordered production system.
.i Sendmail
scans through the set of rewriting rules
looking for a match on the left hand side
(LHS)
of the rule.
When a rule matches,
the address is replaced by the right hand side
(RHS)
of the rule.
.pp
There are several sets of rewriting rules.
Some of the rewriting sets are used internally
and must have specific semantics.
Other rewriting sets
do not have specifically assigned semantics,
and may be referenced by the mailer definitions
or by other rewriting sets.
.pp
The syntax of these two commands are:
.(b F
.b S \c
.i n
.)b
Sets the current ruleset being collected to
.i n .
If you begin a ruleset more than once
it deletes the old definition.
.(b F
.b R \c
.i lhs
.i rhs
.i comments
.)b
The
fields must be separated
by at least one tab character;
there may be embedded spaces
in the fields.
The
.i lhs
is a pattern that is applied to the input.
If it matches,
the input is rewritten to the
.i rhs .
The
.i comments
are ignored.
.pp
Macro expansions of the form
.b $ \c
.i x
are performed when the configuration file is read.
Expansions of the form
.b $& \c
.i x
are performed at run time using a somewhat less general algorithm.
This for is intended only for referencing internally defined macros
such as
.b $h
that are changed at runtime.
.sh 4 "The left hand side"
.pp
The left hand side of rewriting rules contains a pattern.
Normal words are simply matched directly.
Metasyntax is introduced using a dollar sign.
The metasymbols are:
.(b
.ta \w'\fB$=\fP\fIx\fP  'u
\fB$*\fP	Match zero or more tokens
\fB$+\fP	Match one or more tokens
\fB$\-\fP	Match exactly one token
\fB$=\fP\fIx\fP	Match any phrase in class \fIx\fP
\fB$~\fP\fIx\fP	Match any word not in class \fIx\fP
.)b
If any of these match,
they are assigned to the symbol
.b $ \c
.i n
for replacement on the right hand side,
where
.i n
is the index in the LHS.
For example,
if the LHS:
.(b
$\-:$+
.)b
is applied to the input:
.(b
UCBARPA:eric
.)b
the rule will match, and the values passed to the RHS will be:
.(b
.ta 4n
$1	UCBARPA
$2	eric
.)b
.pp
Additionally, the LHS can include
.b $@
to match zero tokens.
This is
.i not
bound to a
.b $ \c
.i N
on the RHS, and is normally only used when it stands alone
in order to match the null input.
.sh 4 "The right hand side"
.pp
When the left hand side of a rewriting rule matches,
the input is deleted and replaced by the right hand side.
Tokens are copied directly from the RHS
unless they begin with a dollar sign.
Metasymbols are:
.(b
.ta \w'$#mailer\0\0\0'u
\fB$\fP\fIn\fP	Substitute indefinite token \fIn\fP from LHS
\fB$[\fP\fIname\fP\fB$]\fP	Canonicalize \fIname\fP
\fB$(\fP\fImap key\fP \fB$@\fP\fIarguments\fP \fB$:\fP\fIdefault\fP \fB$)\fP
	Generalized keyed mapping function
\fB$>\fP\fIn\fP	\*(lqCall\*(rq ruleset \fIn\fP
\fB$#\fP\fImailer\fP	Resolve to \fImailer\fP
\fB$@\fP\fIhost\fP	Specify \fIhost\fP
\fB$:\fP\fIuser\fP	Specify \fIuser\fP
.)b
.pp
The
.b $ \c
.i n
syntax substitutes the corresponding value from a
.b $+ ,
.b $\- ,
.b $* ,
.b $= ,
or
.b $~
match on the LHS.
It may be used anywhere.
.pp
A host name enclosed between
.b $[
and
.b $]
is looked up using the
.i gethostent \|(3)
routines and replaced by the canonical name\**.
.(f
\**This is actually
completely equivalent
to $(host \fIhostname\fP$).
In particular, a
.b $:
default can be used.
.)f
For example,
.q $[csam$]
might become
.q lbl-csam.arpa
and
.q $[[128.32.130.2]$]
would become
.q vangogh.CS.Berkeley.EDU.
.i Sendmail
recognizes it's numeric IP address
without calling the name server
and replaces it with it's canonical name.
.pp
The
.b $(
\&...
.b $)
syntax is a more general form of lookup;
it uses a named map instead of an implicit map.
If no lookup is found, the indicted
.i default
is inserted;
if no default is specified and no lookup matches,
the value is left unchanged.
.pp
The
.b $> \c
.i n
syntax
causes the remainder of the line to be substituted as usual
and then passed as the argument to ruleset
.i n .
The final value of ruleset
.i n
then becomes
the substitution for this rule.
.pp
The
.b $#
syntax should
.i only
be used in ruleset zero.
It causes evaluation of the ruleset to terminate immediately,
and signals to sendmail that the address has completely resolved.
The complete syntax is:
.(b
\fB$#\fP\fImailer\fP \fB$@\fP\fIhost\fP \fB$:\fP\fIuser\fP
.)b
This specifies the
{mailer, host, user}
3-tuple necessary to direct the mailer.
If the mailer is local
the host part may be omitted\**.
.(f
\**You may want to use it for special
.q "per user"
extensions.
For example, at CMU you can send email to
.q jgm+foo ;
the part after the plus sign
is not part of the user name,
and is passed to the local mailer for local use.
.)f
The
.i mailer
must be a single word,
but the
.i host
and
.i user
may be multi-part.
If the
.i mailer
is the builtin IPC mailer,
the
.i host
may be a colon-separated list of hosts
that are searched in order for the first working address
(exactly like MX records).
.pp
A RHS may also be preceded by a
.b $@
or a
.b $:
to control evaluation.
A
.b $@
prefix causes the ruleset to return with the remainder of the RHS
as the value.
A
.b $:
prefix causes the rule to terminate immediately,
but the ruleset to continue;
this can be used to avoid continued application of a rule.
The prefix is stripped before continuing.
.pp
The
.b $@
and
.b $:
prefixes may precede a
.b $>
spec;
for example:
.(b
.ta 8n
R$+	$: $>7 $1
.)b
matches anything,
passes that to ruleset seven,
and continues;
the
.b $:
is necessary to avoid an infinite loop.
.pp
Substitution occurs in the order described,
that is,
parameters from the LHS are substituted,
hostnames are canonicalized,
.q subroutines
are called,
and finally
.b $# ,
.b $@ ,
and
.b $:
are processed.
.sh 4 "Semantics of rewriting rule sets"
.pp
There are five rewriting sets
that have specific semantics.
These are related as depicted by figure 2.
.(z
.hl
.ie n \{\
.(c
                    +---+
                 -->| 0 |-->resolved address
                /   +---+
               /            +---+   +---+
              /        ---->| 1 |-->| S |--
       +---+ / +---+  /     +---+   +---+  \e    +---+
addr-->| 3 |-->| D |--                      --->| 4 |-->msg
       +---+   +---+  \e     +---+   +---+  /    +---+
                        --->| 2 |-->| R |--
                            +---+   +---+
.)c

.\}
.el .ie !"\*(.T"" \
\{\
.PS
boxwid = 0.3i
boxht = 0.3i
movewid = 0.3i
moveht = 0.3i
linewid = 0.3i
lineht = 0.3i

	box invis "addr"; arrow
Box3:	box "3"
A1:	arrow
BoxD:	box "D"; line; L1: Here
C:	[
	C1:	arrow; box "1"; arrow; box "S"; line; E1: Here
		move to C1 down 0.5; right
	C2:	arrow; box "2"; arrow; box "R"; line; E2: Here
	] with .w at L1 + (0.5, 0)
	move to C.e right 0.5
L4:	arrow; box "4"; arrow; box invis "msg"
	line from L1 to C.C1
	line from L1 to C.C2
	line from C.E1 to L4
	line from C.E2 to L4
	move to BoxD.n up 0.6; right
Box0:	arrow; box "0"
	arrow; box invis "resolved address" width 1.3
	line from 1/3 of the way between A1 and BoxD.w to Box0
.PE
.\}
.el .sp 2i
.ce
Figure 2 \*- Rewriting set semantics
.(c
D \*- sender domain addition
S \*- mailer-specific sender rewriting
R \*- mailer-specific recipient rewriting
.)c
.hl
.)z
.pp
Ruleset three
should turn the address into
.q "canonical form."
This form should have the basic syntax:
.(b
local-part@host-domain-spec
.)b
If no
.q @
sign is specified,
then the
host-domain-spec
.i may
be appended from the
sender address
(if the
.b C
flag is set in the mailer definition
corresponding to the
.i sending
mailer).
Ruleset three
is applied by sendmail
before doing anything with any address.
.pp
Ruleset zero
is applied after ruleset three
to addresses that are going to actually specify recipients.
It must resolve to a
.i "{mailer, host, user}"
triple.
The
.i mailer
must be defined in the mailer definitions
from the configuration file.
The
.i host
is defined into the
.b $h
macro
for use in the argv expansion of the specified mailer.
.pp
Rulesets one and two
are applied to all sender and recipient addresses respectively.
They are applied before any specification
in the mailer definition.
They must never resolve.
.pp
Ruleset four is applied to all addresses
in the message.
It is typically used
to translate internal to external form.
.sh 4 "IPC mailers"
.pp
Some special processing occurs
if the ruleset zero resolves to an IPC mailer
(that is, a mailer that has
.q [IPC]
listed as the Path in the
.b M
configuration line.
The host name passed after
.q $@
has MX expansion performed;
this looks the name up in DNS to find alternate delivery sites.
.pp
The host name can also be provided as a dotted quad in square brackets;
for example:
.(b
[128.32.149.78]
.)b
This causes direct conversion of the numeric value
to a TCP/IP host address.
.pp
The host name passed in after the
.q $@
may also be a colon-separated list of hosts.
Each is separately MX expanded and the results are concatenated
to make (essentially) one long MX list.
The intent here is to create
.q fake
MX records that are not published in DNS
for private internal networks.
.pp
As a final special case, the host name can be passed in
as a text string
in square brackets:
.(b
[ucbvax.berkeley.edu]
.)b
This form avoids the MX mapping.
.b N.B.:
This is intended only for situations where you have a network firewall,
so that your MX record points to a gateway machine;
this machine could then do direct delivery to machines
within your local domain.
Use of this feature directly violates RFC 1123 section 5.3.5:
it should not be used lightly.
.sh 3 "D \*- define macro"
.pp
Macros are named with a single character.
These may be selected from the entire ASCII set,
but user-defined macros
should be selected from the set of upper case letters only.
Lower case letters
and special symbols
are used internally.
.pp
The syntax for macro definitions is:
.(b F
.b D \c
.i x\|val
.)b
where
.i x
is the name of the macro
and
.i val
is the value it should have.
.pp
Macros are interpolated
using the construct
.b $ \c
.i x ,
where
.i x
is the name of the macro to be interpolated.
This interpolation is done when the configuration file is read,
except in
.b M
lines.
The special construct
.b $& \c
.i x
can be used in
.b R
lines to get deferred interpolation.
.pp
Conditionals can be specified using the syntax:
.(b
$?x text1 $| text2 $.
.)b
This interpolates
.i text1
if the macro
.b $x
is set,
and
.i text2
otherwise.
The
.q else
(\c
.b $| )
clause may be omitted.
.pp
Lower case macro names are reserved to have
special semantics,
used to pass information in or out of sendmail,
and special characters are reserved to
provide conditionals, etc.
Upper case names
(that is,
.b $A
through
.b $Z )
are specifically reserved for configuration file authors.
.pp
The following macros
.i must
be defined to transmit information into
.i sendmail:
.(b
.ta 4n
e	The SMTP entry message
j	The \*(lqofficial\*(rq domain name for this site
l	The format of the UNIX from line
n	The name of the daemon (for error messages)
o	The set of "operators" in addresses
q	default format of sender address
.)b
The
.b $e
macro is printed out when SMTP starts up.
The first word must be the
.b $j
macro.
The
.b $j
macro
should be in RFC821 format.
The
.b $l
and
.b $n
macros can be considered constants
except under terribly unusual circumstances.
The
.b $o
macro consists of a list of characters
which will be considered tokens
and which will separate tokens
when doing parsing.
For example, if
.q @
were in the
.b $o
macro, then the input
.q a@b
would be scanned as three tokens:
.q a,
.q @,
and
.q b.
Finally, the
.b $q
macro specifies how an address should appear in a message
when it is defaulted.
For example, on our system these definitions are:
.(b
De$j Sendmail $v/$Z ready at $b
DnMAILER-DAEMON
DlFrom $g  $d
Do.:%@!^/[]
Dq$?x$x <$g>$|$g$.
Dj$w
.)b
An acceptable alternative for the
.b $q
macro is
.q "$g$?x ($x)$." .
These correspond to the following two formats:
.(b
Eric Allman <eric@CS.Berkeley.EDU>
eric@CS.Berkeley.EDU (Eric Allman)
.)b
.i Sendmail
properly quotes names that have special characters
if the first form is used.
.pp
Some macros are defined by
.i sendmail
for interpolation into argv's for mailers
or for other contexts.
These macros are:
.(b
a	The origination date in RFC 822 format
b	The current date in RFC 822 format
c	The hop count
d	The date in UNIX (ctime) format
f	The sender (from) address
g	The sender address relative to the recipient
h	The recipient host
i	The queue id
k	The UUCP node name (from the uname system call)
m	The domain part of the \fIgethostname\fP return value
p	Sendmail's pid
r	Protocol used to receive the message
s	Sender's host name
t	A numeric representation of the current time
u	The recipient user
v	The version number of sendmail
w	The hostname of this site
x	The full name of the sender
z	The home directory of the recipient
_	The validated sender address
.)b
.pp
There are three types of dates that can be used.
The
.b $a
and
.b $b
macros are in RFC 822 format;
.b $a
is the time as extracted from the
.q Date:
line of the message
(if there was one),
and
.b $b
is the current date and time
(used for postmarks).
If no
.q Date:
line is found in the incoming message,
.b $a
is set to the current time also.
The
.b $d
macro is equivalent to the
.b $b
macro in UNIX
(ctime)
format.
.pp
The
.b $f
macro is the id of the sender
as originally determined;
when mailing to a specific host
the
.b $g
macro is set to the address of the sender
.ul
relative to the recipient.
For example,
if I send to
.q bollard@matisse.CS.Berkeley.EDU
from the machine
.q vangogh.CS.Berkeley.EDU
the
.b $f
macro will be
.q eric
and the
.b $g
macro will be
.q eric@vangogh.CS.Berkeley.EDU.
.pp
The
.b $x
macro is set to the full name of the sender.
This can be determined in several ways.
It can be passed as flag to
.i sendmail.
The second choice is the value of the
.q Full-name:
line in the header if it exists,
and the third choice is the comment field
of a
.q From:
line.
If all of these fail,
and if the message is being originated locally,
the full name is looked up in the
.i /etc/passwd
file.
.pp
When sending,
the
.b $h ,
.b $u ,
and
.b $z
macros get set to the host, user, and home directory
(if local)
of the recipient.
The first two are set from the
.b $@
and
.b $:
part of the rewriting rules, respectively.
.pp
The
.b $p
and
.b $t
macros are used to create unique strings
(e.g., for the
.q Message-Id:
field).
The
.b $i
macro is set to the queue id on this host;
if put into the timestamp line
it can be extremely useful for tracking messages.
The
.b $v
macro is set to be the version number of
.i sendmail ;
this is normally put in timestamps
and has been proven extremely useful for debugging.
The
.b $w
macro is set to the name of this host
if it can be determined.
The
.b $c
field is set to the
.q "hop count,"
i.e., the number of times this message has been processed.
This can be determined
by the
.b \-h
flag on the command line
or by counting the timestamps in the message.
.pp
The
.b $r
and
.b $s
fields are set to the protocol used to communicate with sendmail
and the sending hostname.
The
.b $_
is set to a validated sender host name.
If the sender is running an RFC 1413 compliant IDENT server,
it will include the user name on that host.
.sh 3 "C and F \*- define classes"
.pp
Classes of phrases may be defined
to match on the left hand side of rewriting rules,
where a
.q phrase
is a sequence of characters that do not contain space characters.
For example
a class of all local names for this site
might be created
so that attempts to send to oneself
can be eliminated.
These can either be defined directly in the configuration file
or read in from another file.
Classes may be given names
from the set of upper case letters.
Lower case letters and special characters
are reserved for system use.
.pp
The syntax is:
.(b F
.b C \c
.i c\|phrase1
.i phrase2...
.br
.b F \c
.i c\|file
.)b
The first form defines the class
.i c
to match any of the named words.
It is permissible to split them among multiple lines;
for example, the two forms:
.(b
CHmonet ucbmonet
.)b
and
.(b
CHmonet
CHucbmonet
.)b
are equivalent.
The second form
reads the elements of the class
.i c
from the named
.i file .
.pp
The
.b $~
(match entries not in class)
only matches a single word;
multi-word entries in the class are ignored in this context.
.pp
The class
.b $=w
is set to be the set of all names
this host is known by.
This can be used to match local hostnames.
.pp
The class
.b $=k
is set to be the same as
.b $k ,
that is, the UUCP node name.
.sh 3 "M \*- define mailer"
.pp
Programs and interfaces to mailers
are defined in this line.
The format is:
.(b F
.b M \c
.i name ,
{\c
.i field =\c
.i value \|}*
.)b
where
.i name
is the name of the mailer
(used internally only)
and the
.q field=name
pairs define attributes of the mailer.
Fields are:
.(b
.ta 1i
Path	The pathname of the mailer
Flags	Special flags for this mailer
Sender	A rewriting set for sender addresses
Recipient	A rewriting set for recipient addresses
Argv	An argument vector to pass to this mailer
Eol	The end-of-line string for this mailer
Maxsize	The maximum message length to this mailer
Linelimit	The maximum line length in the message body
Directory	The working directory for the mailer
.)b
Only the first character of the field name is checked.
.pp
The following flags may be set in the mailer description.
Any other flags may be used freely
to conditionally assign headers to messages
destined for particular mailers.
.nr ii 4n
.ip a
Run Extended SMTP (ESMTP) protocol (defined in RFCs 1425, 1426, and 1427).
.ip b
Force a blank line on the end of a message.
This is intended to work around some stupid versions of
/bin/mail
that require a blank line, but do not provide it themselves.
It would not normally be used on network mail.
.ip c
Do not include comments in addresses.
This should only be used if you have to work around
a remote mailer that gets confused by comments.
.ip C
If mail is
.i received
from a mailer with this flag set,
any addresses in the header that do not have an at sign
(\c
.q @ )
after being rewritten by ruleset three
will have the
.q @domain
clause from the sender
tacked on.
This allows mail with headers of the form:
.(b
From: usera@hosta
To: userb@hostb, userc
.)b
to be rewritten as:
.(b
From: usera@hosta
To: userb@hostb, userc@hosta
.)b
automatically.
.ip D
This mailer wants a
.q Date:
header line.
.ip e
This mailer is expensive to connect to,
so try to avoid connecting normally;
any necessary connection will occur during a queue run.
.ip E
Escape lines beginning with
.q From
in the message with a `>' sign.
.ip f
The mailer wants a
.b \-f
.i from
flag,
but only if this is a network forward operation
(i.e.,
the mailer will give an error
if the executing user
does not have special permissions).
.ip F
This mailer wants a
.q From:
header line.
.ip g
Normally,
.i sendmail
sends internally generated email (e.g., error messages)
using the null return address\**
.(f
\**Actually, this only applies to SMTP,
which uses the ``MAIL FROM:<>'' command.
.)f
as required by RFC 1123.
However, some mailers don't accept a null return address.
If necessary,
you can set the
.b g
flag to prevent
.i sendmail
from obeying the standards;
error messages will be sent as from the MAILER-DAEMON
(actually, the value of the
.b $n
macro).
.ip h
Upper case should be preserved in host names
for this mailer.
.ip I
This mailer will be speaking SMTP
to another
.i sendmail
\*-
as such it can use special protocol features.
This option is not required
(i.e.,
if this option is omitted the transmission will still operate successfully,
although perhaps not as efficiently as possible).
.ip l
This mailer is local
(i.e.,
final delivery will be performed).
.ip L
Limit the line lengths as specified in RFC821.
This deprecated option should be replaced by the
.b L=
mail declaration.
For historic reasons, the
.b L
flag also sets the
.b 7
flag.
.ip m
This mailer can send to multiple users
on the same host
in one transaction.
When a
.b $u
macro occurs in the
.i argv
part of the mailer definition,
that field will be repeated as necessary
for all qualifying users.
.ip M
This mailer wants a
.q Message-Id:
header line.
.ip n
Do not insert a UNIX-style
.q From
line on the front of the message.
.ip p
Use the route-addr style reverse-path in the SMTP
.q "MAIL FROM:"
command
rather than just the return address;
although this is required in RFC821 section 3.1,
many hosts do not process reverse-paths properly.
Reverse-paths are officially discouraged by RFC 1123.
.ip P
This mailer wants a
.q Return-Path:
line.
.ip r
Same as
.b f ,
but sends a
.b \-r
flag.
.ip s
Strip quote characters off of the address
before calling the mailer.
.ip S
Don't reset the userid
before calling the mailer.
This would be used in a secure environment
where
.i sendmail
ran as root.
This could be used to avoid forged addresses.
This flag is suppressed if given from an
.q unsafe
environment
(e.g, a user's mail.cf file).
.ip u
Upper case should be preserved in user names
for this mailer.
.ip U
This mailer wants Unix-style
.q From
lines with the ugly UUCP-style
.q "remote from <host>"
on the end.
.ip x
This mailer wants a
.q Full-Name:
header line.
.ip X
This mailer want to use the hidden dot algorithm
as specified in RFC821;
basically,
any line beginning with a dot
will have an extra dot prepended
(to be stripped at the other end).
This insures that lines in the message containing a dot
will not terminate the message prematurely.
.ip 7
Strip all output to seven bits.
This is the default if the
.b L
flag is set.
Note that setting this is not
sufficient to get full eight bit data passed through
.i sendmail .
If the
.b 7
option is set, this is essentially always set,
since the eighth bit was stripped on input.
.pp
The mailer with the special name
.q error
can be used to generate a user error.
The (optional) host field is an exit status to be returned,
and the user field is a message to be printed.
The exit status may be numeric or one of the values
USAGE, NOUSER, NOHOST, UNAVAILABLE, SOFTWARE, TEMPFAIL, PROTOCOL, or CONFIG
to return the corresponding EX_ exit code.
For example, the entry:
.(b
$#error $@ NOHOST $: Host unknown in this domain
.)b
on the RHS of a rule
will cause the specified error to be generated
and the
.q "Host unknown"
exit status to be returned
if the LHS matches.
This mailer is only functional in ruleset zero.
.pp
The mailer named
.q local
.i must
be defined in every configuration file.
This is used to deliver local mail,
and is treated specially in several ways.
Additionally, three other mailers named
.q prog ,
.q *file* ,
and
.q *include*
may be defined to tune the delivery of messages to programs,
files,
and :include: lists respectively.
They default to:
.(b
Mprog, P=/bin/sh, F=lsD, A=sh \-c $u
M*file*, P=/dev/null, F=lsDFMPEu, A=FILE
M*include*, P=/dev/null, F=su, A=INCLUDE
.)b
.pp
The Sender and Recipient rewriting sets
may either be a simple integer
or may be two integers separated by a slash;
if so, the first rewriting set is applied to envelope
addresses
and the second is applied to headers.
.pp
The Directory
is actually a colon-separated path of directories to try.
For example, the definition
.q D=$z:/
first tries to execute in the recipient's home directory;
if that is not available,
it tries to execute in the root of the filesystem.
This is intended to be used only on the
.q prog
mailer,
since some shells (such as
.i csh )
refuse to execute if they cannot read the home directory.
Since the queue directory is not normally readable by normal users
.i csh
scripts as recipients can fail.
.sh 3 "H \*- define header"
.pp
The format of the header lines that sendmail inserts into the message
are defined by the
.b H
line.
The syntax of this line is:
.(b F
.b H [\c
.b ? \c
.i mflags \c
.b ? ]\c
.i hname \c
.b :
.i htemplate
.)b
Continuation lines in this spec
are reflected directly into the outgoing message.
The
.i htemplate
is macro expanded before insertion into the message.
If the
.i mflags
(surrounded by question marks)
are specified,
at least one of the specified flags
must be stated in the mailer definition
for this header to be automatically output.
If one of these headers is in the input
it is reflected to the output
regardless of these flags.
.pp
Some headers have special semantics
that will be described below.
.sh 3 "O \*- set option"
.pp
There are a number of
.q random
options that
can be set from a configuration file.
Options are represented by single characters.
The syntax of this line is:
.(b F
.b O \c
.i o\|value
.)b
This sets option
.i o
to be
.i value .
Depending on the option,
.i value
may be a string, an integer,
a boolean
(with legal values
.q t ,
.q T ,
.q f ,
or
.q F ;
the default is TRUE),
or
a time interval.
.pp
The options supported are:
.nr ii 1i
.ip a\fIN\fP
If set,
wait up to
.i N
minutes for an
.q @:@
entry to exist in the alias database
before starting up.
If it does not appear in
.i N
minutes,
rebuild the database
(if the
.b D
option is also set)
or issue a warning.
.ip "A\fIspec, spec, ...\fP"
Specify possible alias file(s).
Each
.i spec
should be in the format
``\c
.i class \c
.b :
.i file ''
where
.i class \c
.b :
is optional and defaults to ``implicit''.
Depending on how
.b sendmail
is compiled, valid classes are
.q implicit
(search through a compiled-in list of alias file types,
for back compatibility),
.q hash
(if
.sm NEWDB
is specified),
.q dbm
(if
.sm NDBM
is specified),
.q stab
(internal symbol table \*- not normally used
unless you have no other database lookup),
or
.q nis
(if
.sm NIS
is specified).
If a list of
.i spec s
are provided,
.i sendmail
searches them in order.
.ip b\fIN\fP/\fIM\fP
Insist on at least
.i N
blocks free on the filesystem that holds the queue files
before accepting email via SMTP.
If there is insufficient space
.i sendmail
gives a 452 response
to the MAIL command.
This invites the sender to try again later.
The optional
.i M
is a maximum message size advertised in the ESMTP EHLO response.
It is currently otherwise unused.
.ip B\fIc\fP
Set the blank substitution character to
.i c .
Unquoted spaces in addresses are replaced by this character.
Defaults to space (i.e., no change is made).
.ip c
If an outgoing mailer is marked as being expensive,
don't connect immediately.
This requires that queueing be compiled in,
since it will depend on a queue run process to
actually send the mail.
.ip C\fIN\fP
Checkpoints the queue every
.i N
(default 10)
addresses sent.
If your system crashes during delivery to a large list,
this prevents retransmission to any but the last
.I N
recipients.
.ip d\fIx\fP
Deliver in mode
.i x .
Legal modes are:
.(b
.ta 4n
i	Deliver interactively (synchronously)
b	Deliver in background (asynchronously)
q	Just queue the message (deliver during queue run)
.)b
Defaults to ``b'' if no option is specified,
``i'' if it is specified but given no argument
(i.e., ``Od'' is equivalent to ``Odi'').
.ip D
If set,
rebuild the alias database if necessary and possible.
If this option is not set,
.i sendmail
will never rebuild the alias database
unless explicitly requested
using
.b \-bi .
.ip e\fIx\fP
Dispose of errors using mode
.i x .
The values for
.i x
are:
.(b
p	Print error messages (default)
q	No messages, just give exit status
m	Mail back errors
w	Write back errors (mail if user not logged in)
e	Mail back errors and give zero exit stat always
.)b
.ip E\fIfile/message\fP
Prepend error messages with the indicated message.
If it begins with a slash,
it is assumed to be the pathname of a file
containing a message (this is the recommended setting).
Otherwise, it is a literal message.
The error file might contain the name, email address, and/or phone number
of a local postmaster who could provide assistance
in to end users.
If the option is missing or null,
or if it names a file which does not exist or which is not readable,
no message is printed.
.ip f
Save
Unix-style
.q From
lines at the front of headers.
Normally they are assumed redundant
and discarded.
.ip F\fImode\fP
The file mode for queue files.
.ip g\fIn\fP
Set the default group id
for mailers to run in
to
.i n .
Defaults to 1.
.ip G
Allow fuzzy matching on the GECOS field.
If this flag is set,
and the usual user name lookups fail
(that is, there is no alias with this name and a
.i getpwnam
fails),
sequentially search the password file
for a matching entry in the GECOS field.
This also requires that MATCHGECOS
be turned on during compilation.
This option is not recommended.
.ip h\fIN\fP
The maximum hop count.
Messages that have been processed more than
.i N
times are assumed to be in a loop and are rejected.
Defaults to 25.
.ip H\fIfile\fP
Specify the help file
for SMTP.
.ip i
Ignore dots in incoming messages.
This is always disabled (that is, dots are always accepted)
when reading SMTP mail.
.ip I
Insist that the BIND name server be running
to resolve host names.
If this is not set and the name server is not running,
the
.i /etc/hosts
file will be considered complete.
In general, you do want to set this option
if your
.i /etc/hosts
file does not include all hosts known to you
or if you are using the MX (mail forwarding) feature of the BIND name server.
The name server will still be consulted
even if this option is not set, but
.i sendmail
will feel free to resort to reading
.i /etc/hosts
if the name server is not available.
Thus, you should
.i never
set this option if you do not run the name server.
.ip j
If set, send error messages in MIME format
(see RFC1341 and RFC1344 for details).
.ip J\fIpath\fP
Set the path for searching for users' .forward files.
The default is
.q $z/.forward .
Some sites that use the automounter may prefer to change this to
.q /var/forward/$u
to search a file with the same name as the user in a system directory.
It can also be set to a sequence of paths separated by colons;
.i sendmail
stops at the first file it can successfully and safely open.
For example,
.q /var/forward/$u:$z/.forward
will search first in /var/forward/\c
.i username
and then in
.i ~username /.forward
(but only if the first file does not exist).
.ip k\fIN\fP
The maximum number of open connections that will be cached at a time.
The default is one.
This delays closing the the current connection until
either this invocation of sendmail needs to connect to another host
or it terminates.
Setting it to zero defaults to the old behavior,
that is, connections are closed immediately.
.ip K\fItimeout\fP
The maximum amount of time a cached connection will be permitted to idle
without activity.
If this time is exceeded,
the connection is immediately closed.
This value should be small (on the order of ten minutes).
Before
.b sendmail
uses a cached connection,
it always sends a NOOP (no operation) command
to check the connection;
if this fails, it reopens the connection.
This keeps your end from failing if the other end times out.
The point of this option is to be a good network neighbor
and avoid using up excessive resources
on the other end.
The default is five minutes.
.ip l
If there is an
.q Errors-To:
header, send error messages to the addresses listed there.
They normally go to the envelope sender.
Use of this option causes sendmail to violate RFC 1123.
.ip L\fIn\fP
Set the default log level to
.i n .
Defaults to 9.
.ip m
Send to me too,
even if I am in an alias expansion.
.ip M\fIx\|value\fP
Set the macro
.i x
to
.i value .
This is intended only for use from the command line.
.ip n
Validate the RHS of aliases when rebuilding the alias database.
.ip o
Assume that the headers may be in old format,
i.e.,
spaces delimit names.
This actually turns on
an adaptive algorithm:
if any recipient address contains a comma, parenthesis,
or angle bracket,
it will be assumed that commas already exist.
If this flag is not on,
only commas delimit names.
Headers are always output with commas between the names.
.ip O\fIoptions\fP
Set server SMTP options.
The options are
.i key=value
pairs.
Known keys are:
.(b
.ta 1i
Port	Name/number of listening port (defaults to "smtp")
Addr	Address mask (defaults INADDR_ANY)
Family	Address family (defaults to INET)
Listen	Size of listen queue (defaults to 10)
.)b
The
.i Addr ess
mask may be a numeric address in dot notation
or a network name.
.ip p\fI\|opt,opt,...\fP
Set the privacy
.i opt ions.
``Privacy'' is really a misnomer;
many of these are just a way of insisting on stricter adherence
to the SMTP protocol.
The
.i opt ions
can be selected from:
.(b
.ta \w'needvrfyhelo'u+3n
public	Allow open access
needmailhelo	Insist on HELO or EHLO command before MAIL
needexpnhelo	Insist on HELO or EHLO command before EXPN
noexpn	Disallow EXPN entirely
needvrfyhelo	Insist on HELO or EHLO command before VRFY
novrfy	Disallow VRFY entirely
restrictmailq	Restrict mailq command
goaway	Disallow essentially all SMTP status queries
.)b
The
.q goaway
pseudo-flag sets all flags except
.q restrictmailq .
If mailq is restricted,
only people in the same group as the queue directory
can print the queue.
.ip P\fIpostmaster\fP
If set,
copies of error messages will be sent to the named
.i postmaster .
Only the header of the failed message is sent.
Since most errors are user problems,
this is probably not a good idea on large sites,
and arguably contains all sorts of privacy violations,
but it seems to be popular with certain operating systems vendors.
.ip q\fIfactor\fP
Use
.i factor
as the multiplier in the map function
to decide when to just queue up jobs rather than run them.
This value is divided by the difference between the current load average
and the load average limit
(\c
.b x
flag)
to determine the maximum message priority
that will be sent.
Defaults to 600000.
.ip Q\fIdir\fP
Use the named
.i dir
as the queue directory.
.ip r\|\fItimeouts\fP
Timeout reads after
.i time
interval.
The
.i timeouts
argument is a list of
.i keyword=value
pairs.
The recognized timeouts and their default values, and their
minimum values specified in RFC 1123 section 5.3.2 are:
.(b
.ta \w'datafinal'u+3n
initial	wait for initial greeting message [5m, 5m]
helo	reply to HELO or EHLO command [5m, none]
mail	reply to MAIL command [10m, 5m]
rcpt	reply to RCPT command [1h, 5m]
datainit	reply to DATA command [5m, 2m]
datablock	data block read [1h, 3m]
datafinal	reply to final ``.'' in data [1h, 10m]
rset	reply to RSET command [5m, none]
quit	reply to QUIT command [2m, none]
misc	reply to NOOP and VERB commands [2m, none]
command	command read [1h, 5m]
.)b
All but
.q command
apply to client SMTP.
For back compatibility,
a timeout with no ``keyword='' part
will set all of the longer values.
.ip s
Be super-safe when running things,
i.e.,
always instantiate the queue file,
even if you are going to attempt immediate delivery.
.i Sendmail
always instantiates the queue file
before returning control the the client
under any circumstances.
.ip S\fIfile\fP
Log statistics in the named
.i file .
.ip t\fIS,D\fP
Set the local time zone name to
.i S
for standard time and
.i D
for daylight time;
this is only used under version six.
.ip T\fIrtime/wtime\fP
Set the queue timeout to
.i rtime .
After this interval,
messages that have not been successfully sent
will be returned to the sender.
Defaults to five days.
The optional
.i wtime
is the time after which a warning message is sent.
If it is missing or zero
then no warning messages are sent.
.ip u\fIn\fP
Set the default userid for mailers to
.i n .
Mailers without the
.i S
flag in the mailer definition
will run as this user.
Defaults to 1.
.ip U\fIudbspec\fP
The user database specification.
.ip v
Run in verbose mode.
If this is set,
.i sendmail
adjusts options
.b c
(don't connect to expensive mailers)
and
.b d
(delivery mode)
so that all mail is delivered completely
in a single job
so that you can see the entire delivery process.
Option
.b v
should
.i never
be set in the configuration file;
it is intended for command line use only.
.ip V\fIfallbackhost\fP
If specified, the
.i fallbackhost
acts like a very low priority MX
on every host.
This is intended to be used by sites with poor network connectivity.
.ip x\fILA\fP
When the system load average exceeds
.i LA ,
just queue messages
(i.e., don't try to send them).
Defaults to 8.
.ip X\fILA\fP
When the system load average exceeds
.i LA ,
refuse incoming SMTP connections.
Defaults to 12.
.ip y\fIfact\fP
The indicated
.i fact or
is added to the priority (thus
.i lowering
the priority of the job)
for each recipient,
i.e., this value penalizes jobs with large numbers of recipients.
Defaults to 30000.
.ip Y
If set,
deliver each job that is run from the queue in a separate process.
Use this option if you are short of memory,
since the default tends to consume considerable amounts of memory
while the queue is being processed.
.ip z\fIfact\fP
The indicated
.i fact or
is multiplied by the message class
(determined by the Precedence: field in the user header
and the
.b P
lines in the configuration file)
and subtracted from the priority.
Thus, messages with a higher Priority: will be favored.
Defaults to 1800.
.ip Z\fIfact\fP
The
.i fact or
is added to the priority
every time a job is processed.
Thus,
each time a job is processed,
its priority will be decreased by the indicated value.
In most environments this should be positive,
since hosts that are down are all too often down for a long time.
Defaults to 90000.
.ip 7
Strip input to seven bits for compatibility with old systems.
This shouldn't be necessary.
.lp
All options can be specified on the command line using the
\-o flag,
but most will cause
.i sendmail
to relinquish its setuid permissions.
The options that will not cause this are
b, d, e, E, i, L, m, o, p, r, s, v, C, and 7.
Also, M (define macro) when defining the r or s macros
is also considered
.q safe .
.sh 3 "P \*- precedence definitions"
.pp
Values for the
.q "Precedence:"
field may be defined using the
.b P
control line.
The syntax of this field is:
.(b
\fBP\fP\fIname\fP\fB=\fP\fInum\fP
.)b
When the
.i name
is found in a
.q Precedence:
field,
the message class is set to
.i num .
Higher numbers mean higher precedence.
Numbers less than zero
have the special property
that if an error occurs during processing
the body of the message will not be returned;
this is expected to be used for
.q "bulk"
mail such as through mailing lists.
The default precedence is zero.
For example,
our list of precedences is:
.(b
Pfirst-class=0
Pspecial-delivery=100
Plist=\-30
Pbulk=\-60
Pjunk=\-100
.)b
People writing mailing list exploders
are encouraged to use
.q "Precedence: list" .
Older versions of
.i sendmail
(which discarded all error returns for negative precedences)
didn't recognize this name, giving it a default precedence of zero.
This allows list maintainers to see error returns
on both old and new versions of
.i sendmail .
.sh 3 "V \*- configuration version level"
.pp
To provide compatibility with old configuration files,
the
.b V
line has been added to define some very basic semantics
of the configuration file.
These are not intended to be long term supports;
rather, they describe compatibility features
which will probably be removed in future releases.
.pp
.q Old
configuration files are defined as version level one.
Version level two files make the following changes:
.np
Host name canonification ($[ ... $])
appends a dot if the name is recognized;
this gives the config file a way of finding out if anything matched.
(Actually, this just initializes the
.q host
map with the
.q \-a.
flag \*- you can reset it to anything you prefer
by declaring the map explicitly.)
.np
Default host name extension is consistent throughout processing;
version level one configurations turned off domain extension
(that is, adding the local domain name)
during certain points in processing.
Version level two configurations are expected to include a trailing dot
to indicate that the name is already canonical.
.np
Local names that are not aliases
are passed through a new distinguished ruleset five;
this can be used to append a local relay.
This behaviour can be prevented by resolving the local name
with an initial `@'.
That is, something that resolves to a local mailer and a user name of
.q vikki
will be passed through ruleset five,
but a user name of
.q @vikki
will have the `@' stripped,
will not be passed through ruleset five,
but will otherwise be treated the same as the prior example.
The expectation is that this might be used to implement a policy
where mail sent to
.q vikki
was handled by a central hub,
but mail sent to
.q vikki@localhost
was delivered directly.
.pp
Version level three files
allow # initiated comments on all lines.
Exceptions are backslash escaped # marks
and the $# syntax.
.sh 3 "K \*- key file declaration"
.pp
Special maps can be defined using the line:
.(b
Kmapname mapclass arguments
.)b
The
.i mapname
is the handle by which this map is referenced in the rewriting rules.
The
.i mapclass
is the name of a type of map;
these are compiled in to sendmail.
The
.i arguments
are interpreted depending on the class;
typically,
there would be a single argument naming the file containing the map.
.pp
Maps are referenced using the syntax:
.(b
$( \fImap\fP \fIkey\fP $@ \fIarguments\fP $: \fIdefault\fP $)
.)b
where either or both of the
.i arguments
or
.i default
portion may be omitted.
The
.i arguments
may appear more than once.
The indicated
.i key
and
.i arguments
are passed to the appropriate mapping function.
If it returns a value, it replaces the input.
If it does not return a value and the
.i default
is specified, the
.i default
replaces the input.
Otherwise, the input is unchanged.
.pp
During replacement of either a map value or default
the string
.q %\fIn\fP
(where
.i n
is a digit)
is replaced by the corresponding
.i argument .
Argument zero
is always the database key.
For example, the rule
.(b
.ta 1.5i
R$- ! $+	$: $(uucp $1 $@ $2 $: %1 @ %0 . UUCP $)
.)b
Looks up the UUCP name in a (user defined) UUCP map;
if not found it turns it into
.q \&.UUCP
form.
The database might contain records like:
.(b
decvax	%1@%0.DEC.COM
research	%1@%0.ATT.COM
.)b
.pp
The built in map with both name and class
.q host
is the host name canonicalization lookup.
Thus,
the syntax:
.(b
$(host \fIhostname\fP$)
.)b
is equivalent to:
.(b
$[\fIhostname\fP$]
.)b
.pp
There are four predefined database lookup classes:
.q dbm ,
.q btree ,
.q hash ,
and
.q nis .
The first requires that sendmail be compiled with the
.b ndbm
library;
the second two require the
.b db
library,
and the third requires that sendmail be compiled with NIS support.
All four accept as arguments the some optional flags
and a filename (or a mapname for NIS).
Known flags are:
.ip "\-o"
Indicates that this map is optional \*- that is,
if it cannot be opened,
no error is produced,
and sendmail will behave as if the map existed but was empty.
.ip "\-N"
Normally sendmail does not include the trailing null byte
on a string as part of the key.
If this flag is indicated,
it will be included.
This is for compatibility with some methods of building the maps.
.ip "\-a\fIx\fP"
Append the character
.i x
on successful matches.
For example, the default
.i host
map appends a dot on successful matches.
.ip "\-f"
Fold upper to lower case before looking up the key.
.ip "\-m"
Match only (without replacing the value).
If you only care about the existence of a key and not the value
(as you might when searching the NIS map
.q hosts.byname
for example),
this flag prevents the map from substituting the value.
However,
The \-a argument is still appended on a match,
and the default is still taken if the match fails.
.pp
The
.i dbm
map appends the strings
.q \&.pag
and
.q \&.dir
to the given filename;
the two
.i db -based
maps append
.q \&.db .
.pp
The program
.i makemap (8)
can be used to build any of the three database-oriented maps.
It takes the following flags:
.ip \-f
Do not fold upper to lower case in the map.
.ip \-N
Include null bytes in keys.
.ip \-o
Append to an existing (old) file.
.ip \-r
Allow replacement of existing keys;
normally, re-inserting an existing key is an error.
.ip \-v
Print what is happening.
.pp
There are also two builtin maps that are,
strictly speaking,
not database lookups.
.pp
The
.q host
map does host domain canonification;
given a host name it calls the name server
to find the canonical name for that host.
.pp
The
.q dequote
map strips double quotes (") from a name.
It does not strip backslashes.
It will not strip quotes if the resulting string
would contain unscannable syntax
(that is, basic errors like unbalanced angle brackets;
more sophisticated errors such as unknown hosts are not checked).
The intent is for use when trying to accept mail from systems such as
DECnet
that routinely quote odd syntax such as
.(b
"49ers::ubell"
.)b
A typical usage is probably something like:
.(b
Kdequote dequote

\&...

R$\-	$: $(dequote $1 $)
R$\- $+	$: $>3 $1 $2
.)b
Care must be taken to prevent unexpected results;
for example,
.(b
"|someprogram < input > output"
.)b
will have quotes stripped,
but the result is probably not what you had in mind.
Fortunately these cases are rare.
.pp
New classes can be added in the routine
.b setupmaps
in file
.b conf.c .
.sh 2 "Building a Configuration File From Scratch"
.pp
Building a configuration table from scratch is an extremely difficult job.
Fortunately,
it is almost never necessary to do so;
nearly every situation that may come up
may be resolved by changing an existing table.
In any case,
it is critical that you understand what it is that you are trying to do
and come up with a philosophy for the configuration table.
This section is intended to explain what the real purpose
of a configuration table is
and to give you some ideas
for what your philosophy might be.
.pp
.b "Do not even consider"
writing your own configuration file
without carefully studying
RFC 821, 822, and 1123.
You should also read RFC 976
if you are doing UUCP exchange.
.sh 3 "What you are trying to do"
.pp
The configuration table has three major purposes.
The first and simplest
is to set up the environment for
.i sendmail .
This involves setting the options,
defining a few critical macros,
etc.
Since these are described in other places,
we will not go into more detail here.
.pp
The second purpose is to rewrite addresses in the message.
This should typically be done in two phases.
The first phase maps addresses in any format
into a canonical form.
This should be done in ruleset three.
The second phase maps this canonical form
into the syntax appropriate for the receiving mailer.
.i Sendmail
does this in three subphases.
Rulesets one and two
are applied to all sender and recipient addresses respectively.
After this,
you may specify per-mailer rulesets
for both sender and recipient addresses;
this allows mailer-specific customization.
Finally,
ruleset four is applied to do any default conversion
to external form.
.pp
The third purpose
is to map addresses into the actual set of instructions
necessary to get the message delivered.
Ruleset zero must resolve to the internal form,
which is in turn used as a pointer to a mailer descriptor.
The mailer descriptor describes the interface requirements
of the mailer.
.sh 3 "Philosophy"
.pp
The particular philosophy you choose will depend heavily
on the size and structure of your organization.
I will present a few possible philosophies here.
There are as many philosophies as there are config designers;
feel free to develop your own.
.pp
One general point applies to all of these philosophies:
it is almost always a mistake
to try to do full host route resolution.
For example,
if you are on a UUCP-only site
and you are trying to get names of the form
.q user@host
to the Internet,
it does not pay to route them to
.q xyzvax!decvax!ucbvax!c70!user@host
since you then depend on several links not under your control,
some of which are likely to misparse it anyway.
The best approach to this problem
is to simply forward the message for
.q user@host
to
.q xyzvax
and let xyzvax
worry about it from there.
In summary,
just get the message closer to the destination,
rather than determining the full path.
.sh 4 "Large site, many hosts \*- minimum information"
.pp
Berkeley is an example of a large site,
i.e., more than two or three hosts
and multiple mail connections.
We have decided that the only reasonable philosophy
in our environment
is to designate one host as the guru for our site.
It must be able to resolve any piece of mail it receives.
The other sites should have the minimum amount of information
they can get away with.
In addition,
any information they do have
should be hints rather than solid information.
.pp
For example,
a typical site on our local ether network is
.q monet
(actually
.q monet.CS.Berkeley.EDU ).
When monet receives mail for delivery,
it checks whether it knows
that the destination host is directly reachable;
if so, mail is sent to that host.
If it receives mail for any unknown host,
it just passes it directly to
.q ucbvax.CS.Berkeley.EDU ,
our master host.
Ucbvax may determine that the host name is illegal
and reject the message,
or may be able to do delivery.
However, it is important to note that when a new mail connection is added,
the only host that
.i must
have its tables updated
is ucbvax;
the others
.i may
be updated if convenient,
but this is not critical.
.pp
This picture is slightly muddied
due to network connections that are not actually located
on ucbvax.
For example,
some UUCP connections are currently on
.q ucbarpa.
However,
monet
.i "does not"
know about this;
the information is hidden totally between ucbvax and ucbarpa.
Mail going from monet to a UUCP host
is transferred via the ethernet
from monet to ucbvax,
then via the ethernet from ucbvax to ucbarpa,
and then is submitted to UUCP.
Although this involves some extra hops,
we feel this is an acceptable tradeoff.
.pp
An interesting point is that it would be possible
to update monet
to send appropriate UUCP mail directly to ucbarpa
if the load got too high;
if monet failed to note a host as connected to ucbarpa
it would go via ucbvax as before,
and if monet incorrectly sent a message to ucbarpa
it would still be sent by ucbarpa
to ucbvax as before.
The only problem that can occur is loops,
for example,
if ucbarpa thought that ucbvax had the UUCP connection
and vice versa.
For this reason,
updates should
.i always
happen to the master host first.
.pp
This philosophy results as much from the need
to have a single source for the configuration files
(typically built using
.i m4 \|(1)
or some similar tool)
as any logical need.
Maintaining more than three separate tables by hand
is essentially an impossible job.
.sh 4 "Small site \*- complete information"
.pp
A small site
(two or three hosts and few external connections)
may find it more reasonable to have complete information
at each host.
This would require that each host
know exactly where each network connection is,
possibly including the names of each host on that network.
As long as the site remains small
and the the configuration remains relatively static,
the update problem will probably not be too great.
.sh 4 "Single host"
.pp
This is in some sense the trivial case.
The only major issue is trying to insure that you don't
have to know too much about your environment.
For example,
if you have a UUCP connection
you might find it useful to know about the names of hosts
connected directly to you,
but this is really not necessary
since this may be determined from the syntax.
.sh 4 "A completely different philosophy"
.pp
This is adapted from Bruce Lilly.
Any errors in interpretation are mine.
.pp
Do minimal changes in ruleset 3:
fix some common but unambiguous errors (e.g. trailing dot on domains) and
hide bang paths foo!bar into bar@foo.UUCP.
The resulting "canonical" form is any valid RFC822/RFC1123/RFC976 address.
.pp
Ruleset 0 does the bulk of the work.
It removes the trailing "@.UUCP" that hides bang paths,
strips anything not needed to resolve,
e.g. the phrase from phrase <route-addr> and from named groups,
rejects unparseable addresses using $#error,
and finally
resolves to a mailer/host/user triple.
Ruleset 0 is rather lengthy
as it has to handle 3 basic address forms:
RFC976 bang paths,
RFC1123 %-hacks
(including vanilla RFC822 local-part@domain),
and RFC822 source routes.
It's also complicated by having to handle named lists.
.pp
The header rewriting rulesets 1 and 2
remove the trailing "@.UUCP" that hides bang paths.
Ruleset 2 also strips the $# mailer $@ host (for test mode).
.pp
Ruleset 4 does absolutely nothing.
.pp
The per-mailer rewriting rulesets conform the envelope and
header addresses to the requirements of the specific
mailer.
.pp
Lots of rulesets-as-subroutines are used.
.pp
As a result, header addresses are subject to minimal munging
(per RFC1123), and the general plan is per RFC822 sect. 3.4.10.
.sh 3 "Relevant issues"
.pp
The canonical form you use
should almost certainly be as specified in
the Internet protocols
RFC819 and RFC822.
Copies of these RFC's are included on the
.i sendmail
tape
as
.i doc/rfc819.lpr
and
.i doc/rfc822.lpr .
.pp
RFC822
describes the format of the mail message itself.
.i Sendmail
follows this RFC closely,
to the extent that many of the standards described in this document
can not be changed without changing the code.
In particular,
the following characters have special interpretations:
.(b
< > ( ) " \e
.)b
Any attempt to use these characters for other than their RFC822
purpose in addresses is probably doomed to disaster.
.pp
RFC819
describes the specifics of the domain-based addressing.
This is touched on in RFC822 as well.
Essentially each host is given a name
which is a right-to-left dot qualified pseudo-path
from a distinguished root.
The elements of the path need not be physical hosts;
the domain is logical rather than physical.
For example,
at Berkeley
one legal host might be
.q a.CC.Berkeley.EDU ;
reading from right to left,
.q EDU
is a top level domain
comprising educational institutions,
.q Berkeley
is a logical domain name,
.q CC
represents the Computer Center,
(in this case a strictly logical entity),
and
.q a
is a host in the Computer Center.
.pp
Beware when reading RFC819
that there are a number of errors in it.
.sh 3 "How to proceed"
.pp
Once you have decided on a philosophy,
it is worth examining the available configuration tables
to decide if any of them are close enough
to steal major parts of.
Even under the worst of conditions,
there is a fair amount of boiler plate that can be collected safely.
.pp
The next step is to build ruleset three.
This will be the hardest part of the job.
Beware of doing too much to the address in this ruleset,
since anything you do will reflect through
to the message.
In particular,
stripping of local domains is best deferred,
since this can leave you with addresses with no domain spec at all.
Since
.i sendmail
likes to append the sending domain to addresses with no domain,
this can change the semantics of addresses.
Also try to avoid
fully qualifying domains in this ruleset.
Although technically legal,
this can lead to unpleasantly and unnecessarily long addresses
reflected into messages.
The Berkeley configuration files
define ruleset nine
to qualify domain names and strip local domains.
This is called from ruleset zero
to get all addresses into a cleaner form.
.pp
Once you have ruleset three finished,
the other rulesets should be relatively trivial.
If you need hints,
examine the supplied configuration tables.
.sh 3 "Testing the rewriting rules \*- the \-bt flag"
.pp
When you build a configuration table,
you can do a certain amount of testing
using the
.q "test mode"
of
.i sendmail .
For example,
you could invoke
.i sendmail
as:
.(b
sendmail \-bt \-Ctest.cf
.)b
which would read the configuration file
.q test.cf
and enter test mode.
In this mode,
you enter lines of the form:
.(b
rwset address
.)b
where
.i rwset
is the rewriting set you want to use
and
.i address
is an address to apply the set to.
Test mode shows you the steps it takes
as it proceeds,
finally showing you the address it ends up with.
You may use a comma separated list of rwsets
for sequential application of rules to an input.
For example:
.(b
3,1,21,4 monet:bollard
.)b
first applies ruleset three to the input
.q monet:bollard.
Ruleset one is then applied to the output of ruleset three,
followed similarly by rulesets twenty-one and four.
.pp
If you need more detail,
you can also use the
.q \-d21
flag to turn on more debugging.
For example,
.(b
sendmail \-bt \-d21.99
.)b
turns on an incredible amount of information;
a single word address
is probably going to print out several pages worth of information.
.pp
You should be warned that internally,
.b sendmail
applies ruleset 3 to all addresses.
In this version of sendmail, you will have to do that manually.
For example, older versions allowed you to use
.(b
0 bruce@broadcast.sony.com
.)b
This version requires that you use:
.(b
3,0 bruce@broadcast.sony.com
.)b
.sh 3 "Building mailer descriptions"
.pp
To add an outgoing mailer to your mail system,
you will have to define the characteristics of the mailer.
.pp
Each mailer must have an internal name.
This can be arbitrary,
except that the names
.q local
and
.q prog
must be defined.
.pp
The pathname of the mailer must be given in the P field.
If this mailer should be accessed via an IPC connection,
use the string
.q [IPC]
instead.
.pp
The F field defines the mailer flags.
You should specify an
.q f
or
.q r
flag to pass the name of the sender as a
.b \-f
or
.b \-r
flag respectively.
These flags are only passed if they were passed to
.i sendmail,
so that mailers that give errors under some circumstances
can be placated.
If the mailer is not picky
you can just specify
.q "\-f $g"
in the argv template.
If the mailer must be called as
.b root
the
.q S
flag should be given;
this will not reset the userid
before calling the mailer\**.
.(f
\**\c
.i Sendmail
must be running setuid to root
for this to work.
.)f
If this mailer is local
(i.e., will perform final delivery
rather than another network hop)
the
.q l
flag should be given.
Quote characters
(backslashes and " marks)
can be stripped from addresses if the
.q s
flag is specified;
if this is not given
they are passed through.
If the mailer is capable of sending to more than one user
on the same host
in a single transaction
the
.q m
flag should be stated.
If this flag is on,
then the argv template containing
.b $u
will be repeated for each unique user
on a given host.
The
.q e
flag will mark the mailer as being
.q expensive,
which will cause
.i sendmail
to defer connection
until a queue run\**.
.(f
\**The
.q c
configuration option must be given
for this to be effective.
.)f
.pp
An unusual case is the
.q C
flag.
This flag applies to the mailer that the message is received from,
rather than the mailer being sent to;
if set,
the domain spec of the sender
(i.e., the
.q @host.domain
part)
is saved
and is appended to any addresses in the message
that do not already contain a domain spec.
For example,
a message of the form:
.(b
From: eric@vangogh.CS.Berkeley.EDU
To: wnj@monet.CS.Berkeley.EDU, mckusick
.)b
will be modified to:
.(b
From: eric@vangogh.CS.Berkeley.EDU
To: wnj@monet.CS.Berkeley.EDU, mckusick@vangogh.CS.Berkeley.EDU
.)b
.i "if and only if"
the
.q C
flag is defined in the mailer corresponding to
.q eric@vangogh.CS.Berkeley.EDU.
.pp
Other flags are described
in Appendix C.
.pp
The S and R fields in the mailer description
are per-mailer rewriting sets
to be applied to sender and recipient addresses
respectively.
These are applied after the sending domain is appended
and the general rewriting sets
(numbers one and two)
are applied,
but before the output rewrite
(ruleset four)
is applied.
A typical use is to append the current domain
to addresses that do not already have a domain.
For example,
a header of the form:
.(b
From: eric
.)b
might be changed to be:
.(b
From: eric@vangogh.CS.Berkeley.EDU
.)b
or
.(b
From: ucbvax!eric
.)b
depending on the domain it is being shipped into.
These sets can also be used
to do special purpose output rewriting
in cooperation with ruleset four.
.pp
The E field defines the string to use
as an end-of-line indication.
A string containing only newline is the default.
The usual backslash escapes
(\er, \en, \ef, \eb)
may be used.
.pp
Finally,
an argv template is given as the E field.
It may have embedded spaces.
If there is no argv with a
.b $u
macro in it,
.i sendmail
will speak SMTP
to the mailer.
If the pathname for this mailer is
.q [IPC],
the argv should be
.(b
IPC $h [ \fIport\fP ]
.)b
where
.i port
is the optional port number
to connect to.
.pp
For example,
the specifications:
.(b
.ta \w'Mlocal, 'u +\w'P=/bin/mail, 'u +\w'F=rlsm, 'u +\w'S=10, 'u +\w'R=20, 'u
Mlocal,	P=/bin/mail,	F=rlsm	S=10,	R=20,	A=mail \-d $u
Mether,	P=[IPC],	F=meC,	S=11,	R=21,	A=IPC $h, M=100000
.)b
specifies a mailer to do local delivery
and a mailer for ethernet delivery.
The first is called
.q local,
is located in the file
.q /bin/mail,
takes a picky
.b \-r
flag,
does local delivery,
quotes should be stripped from addresses,
and multiple users can be delivered at once;
ruleset ten
should be applied to sender addresses in the message
and ruleset twenty
should be applied to recipient addresses;
the argv to send to a message will be the word
.q mail,
the word
.q \-d,
and words containing the name of the receiving user.
If a
.b \-r
flag is inserted
it will be between the words
.q mail
and
.q \-d.
The second mailer is called
.q ether,
it should be connected to via an IPC connection,
it can handle multiple users at once,
connections should be deferred,
and any domain from the sender address
should be appended to any receiver name
without a domain;
sender addresses should be processed by ruleset eleven
and recipient addresses by ruleset twenty-one.
There is a 100,000 byte limit on messages passed through this mailer.
.sh 2 "The User Database"
.pp
If you have a version of sendmail with the user database package
compiled in,
the handling of sender and recipient addresses
is modified.
.pp
The location of this database is controlled with the
.b U
option.
.sh 3 "Structure of the user database"
.pp
The database is a sorted (BTree-based) structure.
User records are stored with the key:
.(b
\fIuser-name\fP\fB:\fP\fIfield-name\fP
.)b
The sorted database format ensures that user records are clustered together.
Meta-information is always stored with a leading colon.
.pp
Field names define both the syntax and semantics of the value.
Defined fields include:
.nr ii 1i
.ip maildrop
The delivery address for this user.
There may be multiple values of this record.
In particular,
mailing lists will have one
.i maildrop
record for each user on the list.
.ip "mailname"
The outgoing mailname for this user.
For each outgoing name,
there should be an appropriate
.i maildrop
record for that name to allow return mail.
See also
.i :default:mailname .
.ip mailsender
Changes any mail sent to this address to have the indicated envelope sender.
This is intended for mailing lists,
and will normally be the name of an appropriate -request address.
It is very similar to the owner-\c
.i list
syntax in the alias file.
.ip fullname
The full name of the user.
.ip office-address
The office address for this user.
.ip office-phone
The office phone number for this user.
.ip office-fax
The office FAX number for this user.
.ip home-address
The home address for this user.
.ip home-phone
The home phone number for this user.
.ip home-fax
The home FAX number for this user.
.ip project
A (short) description of the project this person is affiliated with.
In the University this is often just the name of their graduate advisor.
.ip plan
A pointer to a file from which plan information can be gathered.
.pp
As of this writing,
only a few of these fields are actually being used by sendmail:
.i maildrop
and
.i mailname .
A
.i finger
program that uses the other fields is planned.
.sh 3 "User database semantics"
.pp
When the rewriting rules submit an address to the local mailer,
the user name is passed through the alias file.
If no alias is found (or if the alias points back to the same address),
the name (with
.q :maildrop
appended)
is then used as a key in the user database.
If no match occurs (or if the maildrop points at the same address),
forwarding is tried.
.pp
If the first token of the user name returned by ruleset 0
is an
.q @
sign, the user database lookup is skipped.
The intent is that the user database will act as a set of defaults
for a cluster (in our case, the Computer Science Division);
mail sent to a specific machine should ignore these defaults.
.pp
When mail is sent,
the name of the sending user is looked up in the database.
If that user has a
.q mailname
record,
the value of that record is used as their outgoing name.
For example, I might have a record:
.(b
eric:mailname	Eric.Allman@CS.Berkeley.EDU
.)b
This would cause my outgoing mail to be sent as Eric.Allman.
.pp
If a
.q maildrop
is found for the user,
but no corresponding
.q maildrop
record exists,
the record
.q :default:mailname
is consulted.
If present, this is the name of a host to override the local host.
For example, in our case we would set it to
.q CS.Berkeley.EDU .
The effect is that anyone known in the database
gets their outgoing mail stamped as
.q user@CS.Berkeley.EDU ,
but people not listed in the database use the local hostname.
.sh 1 "OTHER CONFIGURATION"
.pp
There are some configuration changes that can be made by
recompiling
.i sendmail .
This section describes what changes can be made
and what has to be modified to make them.
.sh 2 "Parameters in src/Makefile"
.pp
These parameters are intended to describe the compilation environment,
not site policy,
and should normally be defined in src/Makefile.
.ip NDBM
If set,
the new version of the DBM library
that allows multiple databases will be used.
If neither NDBM nor NEWDB are set,
a much less efficient method of alias lookup is used.
.ip NEWDB
If set, use the new database package from Berkeley (from 4.4BSD).
This package is substantially faster than DBM or NDBM.
If NEWDB and NDBM are both set,
sendmail will read DBM files,
but will create and use NEWDB files.
.ip YPCOMPAT
If set together with
.i both
NEWDB and NDBM,
.i sendmail
will create both DBM and NEWDB files if and only if
the file /var/yp/Makefile
exists and is readable.
This is intended for compatibility with Sun Microsystems'
.i mkalias
program used on YP masters.
.ip _AIX3
Compile for IBM AIX 3.x.
This has only been tested on 3.2.3.
.ip SYSTEM5
Set all of the compilation parameters appropriate for System V.
.ip LOCKF
Use System V
.b lockf
instead of Berkeley
.b flock .
Due to the highly unusual semantics of locks
across forks in
.b lockf ,
this should never be used unless absolutely necessary.
Set by default if
SYSTEM5 is set.
.ip SYS5TZ
Use System V
time zone semantics.
.ip HASINITGROUPS
Set this if your system has the
.i initgroups()
call
(if you have multiple group support).
This is the default if SYSTEM5 is
.i not
defined or if you are on HPUX.
.ip HASUNAME
Set this if you have the
.i uname (2)
system call (or corresponding library routine).
Set by default if
SYSTEM5
is set.
.ip HASSTATFS
Set this if you have the
.i statfs (2)
system call.
This will allow you to give a temporary failure
message to incoming SMTP email
when you are low on disk space.
It is set by default on 4.4 BSD and OSF/1 systems.
.ip HASUSTAT
Set if you have the
.i ustat (2)
system call.
This is an alternative implementation of disk space control.
You should only set one of HASSTATFS or HASUSTAT;
the first is preferred.
.ip _PATH_SENDMAILCF
The pathname of the sendmail.cf file.
.ip _PATH_SENDMAILFC
The pathname of the sendmail.fc file.
.ip _PATH_SENDMAILPID
The pathname of the sendmail.pid file.
.ip LA_TYPE
The load average type.
Details are described below.
.lp
The are four built-in ways of computing the load average.
.i Sendmail
tries to auto-configure them based on imperfect guesses;
you can select one using the
.i cc
option
.b \-DLA_TYPE= \c
.i type ,
where
.i type
is:
.ip LA_INT
The kernel stores the load average in the kernel as an array of long integers.
The actual values are scaled by a factor FSCALE
(default 256).
.ip LA_FLOAT
The kernel stores the load average in the kernel as an array of
double precision floats.
.ip LA_SUBR
Call the
.i getloadavg
routine to get the load average as an array of doubles.
.ip LA_ZERO
Always return zero as the load average.
This is the fallback case.
.lp
If type
.sm LA_INT
or
.sm LA_FLOAT
is specified,
you may also need to specify
.sm _PATH_UNIX
(the path to your system binary)
and
.sm LA_AVENRUN
(the name of the variable containing the load average in the kernel;
usually
.q _avenrun
or
.q avenrun ).
.sh 2 "Parameters in src/conf.h"
.pp
Parameters and compilation options
are defined in conf.h.
Most of these need not normally be tweaked;
common parameters are all in sendmail.cf.
However, the sizes of certain primitive vectors, etc.,
are included in this file.
The numbers following the parameters
are their default value.
.nr ii 1.2i
.ip "MAXLINE [1024]"
The maximum line length of any input line.
If message lines exceed this length
they will still be processed correctly;
however, header lines,
configuration file lines,
alias lines,
etc.,
must fit within this limit.
.ip "MAXNAME [256]"
The maximum length of any name,
such as a host or a user name.
.ip "MAXPV [40]"
The maximum number of parameters to any mailer.
This limits the number of recipients that may be passed in one transaction.
It can be set to any arbitrary number above about 10,
since
.i sendmail
will break up a delivery into smaller batches as needed.
A higher number may reduce load on your system, however.
.ip "MAXATOM [100]"
The maximum number of atoms
(tokens)
in a single address.
For example,
the address
.q "eric@CS.Berkeley.EDU"
is seven atoms.
.ip "MAXMAILERS [25]"
The maximum number of mailers that may be defined
in the configuration file.
.ip "MAXRWSETS [100]"
The maximum number of rewriting sets
that may be defined.
.ip "MAXPRIORITIES [25]"
The maximum number of values for the
.q Precedence:
field that may be defined
(using the
.b P
line in sendmail.cf).
.ip "MAXUSERENVIRON [40]"
The maximum number of items in the user environment
that will be passed to subordinate mailers.
.ip "QUEUESIZE [1000]"
The maximum number of entries that will be processed
in a single queue run.
.ip "MAXMXHOSTS [20]"
The maximum number of MX records we will accept for any single host.
.ip "MAXIPADDR [16]"
The maximum number of numeric IP addresses we will accept
for this host.
This does not limit the number the number of addresses for other hosts.
.lp
A number of other compilation options exist.
These specify whether or not specific code should be compiled in.
.nr ii 1.2i
.ip DEBUG
If set, debugging information is compiled in.
To actually get the debugging output,
the
.b \-d
flag must be used.
.b "WE STRONGLY RECOMMEND THAT THIS BE LEFT ON."
Some people, believing that it was a security hole
(it was, once)
have turned it off and thus crippled debuggers.
.ip NETINET
If set,
support for Internet protocol networking is compiled in.
Previous versions of
.b sendmail
referred to this as
.sm DAEMON ;
this old usage is now incorrect.
.ip NETISO
If set,
support for ISO protocol networking is compiled in
(it may be appropriate to #define this in the Makefile instead of conf.h).
.ip LOG
If set,
the
.i syslog
routine in use at some sites is used.
This makes an informational log record
for each message processed,
and makes a higher priority log record
for internal system errors.
.ip MATCHGECOS
Compile in the code to do ``fuzzy matching'' on the GECOS field
in /etc/passwd.
This also requires that option G be turned on.
.ip NAMED_BIND
Compile in code to use the
Berkeley Internet Name Domain (BIND) server
to resolve TCP/IP host names.
.ip NOTUNIX
If you are using a non-UNIX mail format,
you can set this flag to turn off special processing
of UNIX-style
.q "From "
lines.
.ip QUEUE
This flag should be set to compile in the queueing code.
If this is not set,
mailers must accept the mail immediately
or it will be returned to the sender.
.ip SETPROCTITLE
If defined,
.i sendmail
will change its
.i argv
array to indicate its current status.
This can be used in conjunction with the
.i ps
command to find out just what it's up to.
.ip SMTP
If set,
the code to handle user and server SMTP will be compiled in.
This is only necessary if your machine has some mailer
that speaks SMTP
(this means most machines everywhere).
.ip UGLYUUCP
If you have a UUCP host adjacent to you which is not running
a reasonable version of
.i rmail ,
you will have to set this flag to include the
.q "remote from sysname"
info on the from line.
Otherwise, UUCP gets confused about where the mail came from.
.ip USERDB
Include the
.b experimental
Berkeley user information database package.
This adds a new level of local name expansion
between aliasing and forwarding.
It also uses the NEWDB package.
This may change in future releases.
.ip IDENTPROTO
Compile in the IDENT protocol as defined in RFC 1413.
This defaults on for all systems except Ultrix,
which apparently has the interesting
.q feature
that when it receives a
.q "host unreachable"
message it closes all open connections to that host.
Since some firewall gateways send this error code
when you access an unauthorized port (such as 113, used by IDENT),
Ultrix cannot receive email from such hosts.
.sh 2 "Configuration in src/conf.c"
.pp
The following changes can be made in conf.c.
.sh 3 "Built-in Header Semantics"
.pp
Not all header semantics are defined in the configuration file.
Header lines that should only be included by certain mailers
(as well as other more obscure semantics)
must be specified in the
.i HdrInfo
table in
.i conf.c .
This table contains the header name
(which should be in all lower case)
and a set of header control flags (described below),
The flags are:
.ip H_ACHECK
Normally when the check is made to see if a header line is compatible
with a mailer,
.i sendmail
will not delete an existing line.
If this flag is set,
.i sendmail
will delete
even existing header lines.
That is,
if this bit is set and the mailer does not have flag bits set
that intersect with the required mailer flags
in the header definition in
sendmail.cf,
the header line is
.i always
deleted.
.ip H_EOH
If this header field is set,
treat it like a blank line,
i.e.,
it will signal the end of the header
and the beginning of the message text.
.ip H_FORCE
Add this header entry
even if one existed in the message before.
If a header entry does not have this bit set,
.i sendmail
will not add another header line if a header line
of this name already existed.
This would normally be used to stamp the message
by everyone who handled it.
.ip H_TRACE
If set,
this is a timestamp
(trace)
field.
If the number of trace fields in a message
exceeds a preset amount
the message is returned
on the assumption that it has an aliasing loop.
.ip H_RCPT
If set,
this field contains recipient addresses.
This is used by the
.b \-t
flag to determine who to send to
when it is collecting recipients from the message.
.ip H_FROM
This flag indicates that this field
specifies a sender.
The order of these fields in the
.i HdrInfo
table specifies
.i sendmail's
preference
for which field to return error messages to.
.nr ii 5n
.lp
Let's look at a sample
.i HdrInfo
specification:
.(b
.ta 4n +\w'"return-receipt-to",  'u
struct hdrinfo	HdrInfo[] =
\&{
	     /* originator fields, most to least significant  */
	"resent-sender",	H_FROM,
	"resent-from",	H_FROM,
	"sender",	H_FROM,
	"from",	H_FROM,
	"full-name",	H_ACHECK,
	     /* destination fields */
	"to",	H_RCPT,
	"resent-to",	H_RCPT,
	"cc",	H_RCPT,
	     /* message identification and control */
	"message",	H_EOH,
	"text",	H_EOH,
	     /* trace fields */
	"received",	H_TRACE|H_FORCE,

	NULL,	0,
};
.)b
This structure indicates that the
.q To: ,
.q Resent-To: ,
and
.q Cc:
fields
all specify recipient addresses.
Any
.q Full-Name:
field will be deleted unless the required mailer flag
(indicated in the configuration file)
is specified.
The
.q Message:
and
.q Text:
fields will terminate the header;
these are used by random dissenters around the network world.
The
.q Received:
field will always be added,
and can be used to trace messages.
.pp
There are a number of important points here.
First,
header fields are not added automatically just because they are in the
.i HdrInfo
structure;
they must be specified in the configuration file
in order to be added to the message.
Any header fields mentioned in the configuration file but not
mentioned in the
.i HdrInfo
structure have default processing performed;
that is,
they are added unless they were in the message already.
Second,
the
.i HdrInfo
structure only specifies cliched processing;
certain headers are processed specially by ad hoc code
regardless of the status specified in
.i HdrInfo .
For example,
the
.q Sender:
and
.q From:
fields are always scanned on ARPANET mail
to determine the sender\**;
.(f
\**Actually, this is no longer true in SMTP;
this information is contained in the envelope.
The older ARPANET protocols did not completely distinguish
envelope from header.
.)f
this is used to perform the
.q "return to sender"
function.
The
.q "From:"
and
.q "Full-Name:"
fields are used to determine the full name of the sender
if possible;
this is stored in the macro
.b $x
and used in a number of ways.
.sh 3 "Restricting Use of Email"
.pp
If it is necessary to restrict mail through a relay,
the
.i checkcompat
routine can be modified.
This routine is called for every recipient address.
It returns an exit status
indicating the status of the message.
The status
.sm EX_OK
accepts the address,
.sm EX_TEMPFAIL
queues the message for a later try,
and other values
(commonly
.sm EX_UNAVAILABLE )
reject the message.
It is up to
.i checkcompat
to print an error message
(using
.i usrerr )
if the message is rejected.
For example,
.i checkcompat
could read:
.(b
.re
.sz -1
.ta 4n +4n +4n +4n +4n +4n +4n
int
checkcompat(to, e)
	register ADDRESS *to;
	register ENVELOPE *e;
\&{
	register STAB *s;

	s = stab("private", ST_MAILER, ST_FIND);
	if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
	    to->q_mailer == s->s_mailer)
	{
		usrerr("No private net mail allowed through this machine");
		return (EX_UNAVAILABLE);
	}
	if (MsgSize > 50000 && to\->q_mailer != LocalMailer)
	{
		usrerr("Message too large for non-local delivery");
		NoReturn = TRUE;
		return (EX_UNAVAILABLE);
	}
	return (EX_OK);
}
.sz
.)b
This would reject messages greater than 50000 bytes
unless they were local.
The
.i NoReturn
flag can be sent to suppress the return of the actual body
of the message in the error return.
The actual use of this routine is highly dependent on the
implementation,
and use should be limited.
.sh 3 "Load Average Computation"
.pp
The routine
.i getla
should return an approximation of the current system load average
as an integer.
There are four versions included on compilation flags
as described above.
.sh 3 "New Database Map Classes"
.pp
New key maps can be added by creating a class initialization function
and a lookup function.
These are then added to the routine
.i setupmaps.
.pp
The initialization function is called as
.(b
\fIxxx\fP_map_init(MAP *map, char *mapname, char *args)
.)b
The
.i map
is an internal data structure.
The
.i mapname
is the name of the map (used for error messages).
The
.i args
is a pointer to the rest of the configuration file line;
flags and filenames can be extracted from this line.
The initialization function must return
.sm TRUE
if it successfully opened the map,
.sm FALSE
otherwise.
.pp
The lookup function is called as
.(b
\fIxxx\fP_map_lookup(MAP *map, char buf[], int bufsize, char **av, int *statp)
.)b
The
.i map
defines the map internally.
The parameters
.i buf
and
.i bufsize
have the input key.
This may be (and often is) used destructively.
The
.i av
is a list of arguments passed in from the rewrite line.
The lookup function should return a pointer to the new value.
IF the map lookup fails,
.i *statp
should be set to an exit status code;
in particular, it should be set to
.sm EX_TEMPFAIL
if recovery is to be attempted by the higher level code.
.sh 3 "Queueing Function"
.pp
The routine
.i shouldqueue
is called to decide if a message should be queued
or processed immediately.
Typically this compares the message priority to the current load average.
The default definition is:
.(b
bool
shouldqueue(pri, ctime)
	long pri;
	time_t ctime;
{
	if (CurrentLA < QueueLA)
		return (FALSE);
	if (CurrentLA >= RefuseLA)
		return (TRUE);
	return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
}
.)b
If the current load average
(global variable
.i CurrentLA ,
which is set before this function is called)
is less than the low threshold load average
(option
.b x ,
variable
.i QueueLA ),
.i shouldqueue
returns
.sm FALSE
immediately
(that is, it should
.i not
queue).
If the current load average exceeds the high threshold load average
(option
.b X ,
variable
.i RefuseLA ),
.i shouldqueue
returns
.sm TRUE
immediately.
Otherwise, it computes the function based on the message priority,
the queue factor
(option
.b q ,
global variable
.i QueueFactor ),
and the current and threshold load averages.
.pp
An implementation wishing to take the actual age of the message into account
can also use the
.i ctime
parameter,
which is the time that the message was first submitted to
.i sendmail .
Note that the
.i pri
parameter is already weighted
by the number of times the message has been tried
(although this tends to lower the priority of the message with time);
the expectation is that the
.i ctime
would be used as an
.q "escape clause"
to ensure that messages are eventually processed.
.sh 3 "Refusing Incoming SMTP Connections"
.pp
The function
.i refuseconnections
returns
.sm TRUE
if incoming SMTP connections should be refused.
The current implementation is based exclusively on the current load average
and the refuse load average option
(option
.b X ,
global variable
.i RefuseLA ):
.(b
bool
refuseconnections()
{
	return (CurrentLA >= RefuseLA);
}
.)b
A more clever implementation
could look at more system resources.
.sh 3 "Load Average Computation"
.pp
The routine
.i getla
returns the current load average (as a rounded integer).
The distribution includes several possible implementations.
.sh 2 "Configuration in src/daemon.c"
.pp
The file
.i src/daemon.c
contains a number of routines that are dependent
on the local networking environment.
The version supplied is specific to 4.3 BSD.
.pp
In previous releases,
we recommended that you modify the routine
.i maphostname
if you wanted to generalize
.b $[
\&...\&
.b $]
lookups.
We now recommend that you create a new keyed map instead.
.sh 1 "CHANGES IN VERSION 6"
.pp
The following summarizes changes
since the last commonly available version of
.b sendmail
(5.67):
.sh 2 "Connection Caching"
.pp
Instead of closing SMTP connections immediately,
those connections are cached for possible future use.
The advent of MX records made this effective for mailing lists;
in addition,
substantial performance improvements can be expected for queue processing.
.sh 2 "MX Piggybacking"
.pp
If two hosts with different names in a single message
happen to have the same set of MX hosts,
they can be sent in the same transaction.
Version 6 notices this and tries to batch the messages.
.sh 2 "Eight-Bit Clean"
.pp
Previous versions of
.b sendmail
used the 0200 bit for quoting.
This version avoids that use.
However, for compatibility with RFC 822,
you can set option `7' to get seven bit stripping.
.pp
Individual mailers can still produce seven bit out put using the
`7' mailer flag.
.sh 2 "User Database"
.pp
The user database is an as-yet experimental attempt
to provide unified large-site name support.
We are installing it at Berkeley;
future versions may show significant modifications.
.sh 2 "Improved BIND Support"
.pp
The BIND support,
particularly for MX records,
had a number of annoying
.q features
which have been removed in this release.
In particular,
these more tightly bind (pun intended) the name server to sendmail,
so that the name server resolution rules are incorporated directly into
.b sendmail .
.sh 2 "Keyed Files"
.pp
Generalized keyed files is an idea taken directly from
.sm IDA
.b sendmail
(albeit with a completely different implementation).
They can be useful on large sites.
.pp
R6 also understands YP.
.sh 2 "Multi-Word Classes"
.pp
Classes can now be multiple words.
For example,
.(b
CShofmann.CS.Berkeley.EDU
.)b
allows you to match the entire string
.q hofmann.CS.Berkeley.EDU
using the single construct
.q $=S .
.sh 2 "Deferred Macro Expansion"
.pp
The
.b $& \c
.i x
construct has been adopted from
.sm IDA .
.sh 2 "IDENT Protocol Support"
.pp
The IDENT protocol as defined in RFC 1413 is supported.
.sh 2 "Parsing Bug Fixes"
.pp
A number of small bugs having to do with things like
backslash-escaped quotes inside of comments
have been fixed.
.sh 2 "Separate Envelope/Header Processing"
.pp
Since the From: line is passed in separately from the envelope sender,
these have both been made visible;
the
.b $g
macro is set to the envelope sender during processing
of mailer argument vectors
and the header sender during processing of headers.
.pp
It is also possible to specify separate per-mailer
envelope and header processing.
The
.b S enderRWSet
and
.b R ecipientRWset
arguments for mailers
can be specified as
.i envelope/header
to give different rewritings for envelope versus header addresses.
.sh 2 "Owner-List Propagates to Envelope"
.pp
When an alias has an associated owner\-list name,
that alias is used to change the envelope sender address.
This will cause downstream errors to be returned to that owner.
.sh 2 "Dynamic Header Allocation"
.pp
The fixed size limit on header lines has been eliminated.
.sh 2 "New Command Line Flag"
.pp
The \-p flag has been added
to pass in protocol information.
.sh 2 "New and Old Configuration Line Types"
.pp
The
.b T
(Trusted users) configuration line has been deleted.
It will still be accepted but will be ignored.
.pp
The
.b K
line has been added to declare database maps.
.pp
The
.b V
line has been added to declare the configuration version level.
.sh 2 "New Options"
.pp
Several new options have been added,
many to support new features,
others to allow tuning that was previously available
only by recompiling.
They are described in detail in Section 5.1.5.
Briefly,
.ip b
Insist on a minimum number of disk blocks.
.ip C
Set checkpoint interval.
.ip E
Default error message.
.ip G
Enable GECOS matching.
.ip h
Maximum hop count.
.ip j
Send errors in MIME-encapsulated format.
.ip J
Forward file path.
.ip k
Connection cache size
.ip K
Connection cache lifetime.
.ip l
Enable Errors-To: header.
These headers violate RFC 1123;
this option is included to provide back compatibility
with old versions of sendmail.
.ip p
Privacy options.
.ip U
User database spec.
.ip 7
Do not run eight bit clean.
.sh 2 "Extended Options"
.pp
The
.b r
(read timeout),
.b I
(use BIND),
and
.b T
(queue timeout)
options have been extended to pass in more information.
.sh 2 "New Mailer Flag"
.pp
The
.b c
mailer flag will strip all comments
from addresses;
this should only be used as a last resort
when dealing with cranky mailers.
.sh 2 "New LHS Token"
.pp
Version 6 allows
.b $@
on the Left Hand Side of an
.q R
line to match zero tokens.
This is intended to be used to match the null input.
.sh 2 "Bigger Defaults"
.pp
Version 6 allows up to 100 rulesets instead of 30.
It is recommended that rulesets 0\-9 be reserved for
.i sendmail 's
dedicated use in future releases.
.pp
The total number of MX records that can be used has been raised to 20.
.pp
The number of queued messages that can be handled at one time
has been raised from 600 to 1000.
.sh 2 "Different Default Tuning Parameters"
.pp
Version 6 has changed the default parameters
for tuning queue costs
to make the number of recipients more important
than the size of the message (for small messages).
This is reasonable if you are connected with reasonably fast links.
.sh 2 "Auto-Quoting in Addresses"
.pp
Previously, the
.q "Full Name <email address>"
syntax would generate incorrect protocol output
if
.q "Full Name"
had special characters such as dot.
This version puts quotes around such names.
.sh 2 "Symbolic Names On Error Mailer"
.pp
Several names have been built in to the $@ portion of the $#error
mailer.
.sh 2 "SMTP VRFY Doesn't Expand"
.pp
Previous versions of
.i sendmail
treated VRFY and EXPN the same.
In this version,
VRFY doesn't expand aliases or follow .forward files.
.pp
As an optimization, if you run with your default delivery mode being
queue-only,
the RCPT command will also not chase aliases and .forward files.
It will chase them when it processes the queue.
.sh 2 "[IPC] Mailers Allow Multiple Hosts"
.pp
When an address resolves to a mailer that has
.q [IPC]
as its
.q Path ,
the $@ part (host name)
can be a colon-separated list of hosts instead of a single hostname.
This asks sendmail to search the list for the first entry that is available
exactly as though it were an MX record.
The intent is to route internal traffic through internal networks
without publishing an MX record to the net.
MX expansion is still done on the individual items.
.sh 2 "Aliases Extended"
.pp
The implementation has been merged with maps.
Among other things,
this supports NIS-based aliases.
.sh 2 "Portability and Security Enhancements"
.pp
A number of internal changes have been made to enhance portability.
.pp
Several fixes have been made to increase the paranoia factor.
.sh 1 "ACKNOWLEDGEMENTS"
.pp
I've worked on
.i sendmail
for many years,
and many employers have been remarkably patient
about letting me work on a large project
that was not part of my official job.
This includes time on the INGRES Project at Berkeley,
at Britton Lee,
and again on the Mammoth Project at Berkeley.
.pp
Much of the second wave of improvements
should be credited to Bryan Costales of ICSI.
As he passed me drafts of his book on
.i sendmail
I was inspired to start working on things again.
Bryan was also available to bounce ideas off of.
.pp
Many, many people contributed chunks of code and ideas to
.i sendmail .
It has proven to be a group network effort.
Version 6 in particular was a group project.
The following people made notable contributions:
.(l
Keith Bostic, CSRG, University of California, Berkeley
Michael J. Corrigan, University of California, San Diego
Bryan Costales, International Computer Science Institute
P{r (Pell) Emanuelsson
Craig Everhart, Transarc Corporation
Tom Ivar Helbekkmo, Norwegian School of Economics
Allan E. Johannesen, WPI
Takahiro Kanbe, FujiXerox
Brian Kantor, University of California, San Diego
Bruce Lilly, Sony U.S.
Nakamura Motonori, Kyoto University
John Gardiner Myers, Carnegie Mellon University
Neil Rickert, Northern Illinois University
Eric Wassenaar, National Institute for Nuclear and High Energy Physics, Amsterdam
Christophe Wolfhugel, Herve Schauer Consultants (Paris)
.)l
I apologize for anyone I have omitted, misspelled, misattributed, or
otherwise missed.
Many other people have contributed ideas, comments, and encouragement.
I appreciate their contribution as well.
.++ A
.+c "COMMAND LINE FLAGS"
.ba 0
.nr ii 1i
.pp
Arguments must be presented with flags before addresses.
The flags are:
.ip \-b\fIx\fP
Set operation mode to
.i x .
Operation modes are:
.(b
.ta 4n
m	Deliver mail (default)
s	Speak SMTP on input side
d	Run as a daemon
t	Run in test mode
v	Just verify addresses, don't collect or deliver
i	Initialize the alias database
p	Print the mail queue
z	Freeze the configuration file
.)b
.ip \-C\fIfile\fP
Use a different configuration file.
.i Sendmail
runs as the invoking user (rather than root)
when this flag is specified.
.ip \-d\fIlevel\fP
Set debugging level.
.ip "\-f\ \fIaddr\fP"
The sender's machine address is
.i addr .
.ip \-F\fIname\fP
Sets the full name of this user to
.i name .
.ip "\-h\ \fIcnt\fP"
Sets the
.q "hop count"
to
.i cnt .
This represents the number of times this message has been processed
by
.i sendmail
(to the extent that it is supported by the underlying networks).
.i Cnt
is incremented during processing,
and if it reaches
MAXHOP
(currently 30)
.i sendmail
throws away the message with an error.
.ip \-n
Don't do aliasing or forwarding.
.ip "\-r\ \fIaddr\fP"
An obsolete form of
.b \-f .
.ip \-o\fIx\|value\fP
Set option
.i x
to the specified
.i value .
These options are described in Appendix B.
.ip \-p\fIprotocol\fP
Set the sending protocol.
Programs are encouraged to set this.
The protocol field can be in the form
.i protocol \c
.b : \c
.i host
to set both the sending protocol and sending host.
For example,
.q \-pUUCP:uunet
sets the sending protocol to UUCP
and the sending host to uunet.
(Some existing programs use \-oM to set the r and s macros;
this is equivalent to using \-p.)
.ip \-q\fItime\fP
Try to process the queued up mail.
If the time is given,
a sendmail will run through the queue at the specified interval
to deliver queued mail;
otherwise, it only runs once.
.ip \-q\fIXstring\fP
Run the queue once,
limiting the jobs to those matching
.i Xstring .
The key letter
.i X
can be
.b I
to limit based on queue identifier,
.b R
to limit based on recipient,
or
.b S
to limit based on sender.
A particular queued job is accepted if one of the corresponding addresses
contains the indicated
.i string .
.ip \-t
Read the header for
.q To: ,
.q Cc: ,
and
.q Bcc:
lines, and send to everyone listed in those lists.
The
.q Bcc:
line will be deleted before sending.
Any addresses in the argument vector will be deleted
from the send list.
.pp
There are a number of options that may be specified as
primitive flags
(provided for compatibility with
.i delivermail ).
These are the e, i, m, and v options.
Also,
the f option
may be specified as the
.b \-s
flag.
.+c "QUEUE FILE FORMATS"
.pp
This appendix describes the format of the queue files.
These files live in the directory defined by the
.b Q
option in the
.i sendmail.cf
file, usually
.i /var/spool/mqueue
or
.i /usr/spool/mqueue .
.pp
All queue files have the name
\fIx\fP\|\fBf\fP\fIAAA99999\fP
where
.i AAA99999
is the
.i id
for this message
and the
.i x
is a type.
The first letter of the id encodes the hour of the day
that the message was received by the system
(with A being the hour between midnight and 1:00AM).
All files with the same id collectively define one message.
.pp
The types are:
.nr ii 0.5i
.ip d
The data file.
The message body (excluding the header) is kept in this file.
.ip l
The lock file.
If this file exists,
the job is currently being processed,
and a queue run will not process the file.
For that reason,
an extraneous
.b lf
file can cause a job to apparently disappear
(it will not even time out!).
[Actually, this file is obsolete on most systems that support the
.b flock
or
.b lockf
system calls.]
.ip n
This file is created when an id is being created.
It is a separate file to insure that no mail can ever be destroyed
due to a race condition.
It should exist for no more than a few milliseconds
at any given time.
[This is only used on old versions of
sendmail;
it is not used 
on newer versions.]
.ip q
The queue control file.
This file contains the information necessary to process the job.
.ip t
A temporary file.
These are an image of the
.b qf
file when it is being rebuilt.
It should be renamed to a
.b qf
file very quickly.
.ip x
A transcript file,
existing during the life of a session
showing everything that happens
during that session.
.pp
The
.b qf
file is structured as a series of lines
each beginning with a code letter.
The lines are as follows:
.ip D
The name of the data file.
There may only be one of these lines.
.ip H
A header definition.
There may be any number of these lines.
The order is important:
they represent the order in the final message.
These use the same syntax
as header definitions in the configuration file.
.ip C
The controlling address.
The syntax is
.q localuser:aliasname .
Recipient addresses following this line
will be flagged so that deliveries will be run as the
.i localuser
(a user name from the /etc/passwd file);
.i aliasname
is the name of the alias that expanded to this address
(used for printing messages).
.ip R
A recipient address.
This will normally be completely aliased,
but is actually realiased when the job is processed.
There will be one line
for each recipient.
.ip S
The sender address.
There may only be one of these lines.
.ip E
An error address.
If any such lines exist,
they represent the addresses that should receive error messages.
.ip T
The job creation time.
This is used to compute when to time out the job.
.ip P
The current message priority.
This is used to order the queue.
Higher numbers mean lower priorities.
The priority changes
as the message sits in the queue.
The initial priority depends on the message class
and the size of the message.
.ip M
A message.
This line is printed by the
.i mailq
command,
and is generally used to store status information.
It can contain any text.
.ip F
Flag bits, represented as one letter per flag.
Defined flag bits are
.b r
indicating that this is a response message
and
.b w
indicating that a warning message has been sent
announcing that the mail has been delayed.
.ip $
A macro definition.
The values of certain macros
(as of this writing, only
.b $r
and
.b $s )
are passed through to the queue run phase.
.ip B
The body type.
The remainder of the line is a text string defining the body type.
If this field is missing,
the body type is assumed to be
.q "undefined"
and no special processing is attempted.
Legal values are
.q 7BIT
and
.q 8BITMIME .
.pp
As an example,
the following is a queue file sent to
.q eric@mammoth.Berkeley.EDU
and
.q bostic@okeeffe.CS.Berkeley.EDU \**:
.(f
\**This example is contrived and probably inaccurate for your environment.
Glance over it to get an idea;
nothing can replace looking at what your own system generates.
.)f
.(b
P835771
T404261372
DdfAAA13557
Seric
Eowner-sendmail@vangogh.CS.Berkeley.EDU
Ceric:sendmail@vangogh.CS.Berkeley.EDU
Reric@mammoth.Berkeley.EDU
Rbostic@okeeffe.CS.Berkeley.EDU
H?P?return-path: <owner-sendmail@vangogh.CS.Berkeley.EDU>
Hreceived: by vangogh.CS.Berkeley.EDU (5.108/2.7) id AAA06703;
	Fri, 17 Jul 92 00:28:55 -0700
Hreceived: from mail.CS.Berkeley.EDU by vangogh.CS.Berkeley.EDU (5.108/2.7)
	id AAA06698; Fri, 17 Jul 92 00:28:54 -0700
Hreceived: from [128.32.31.21] by mail.CS.Berkeley.EDU (5.96/2.5)
	id AA22777; Fri, 17 Jul 92 03:29:14 -0400
Hreceived: by foo.bar.baz.de (5.57/Ultrix3.0-C)
	id AA22757; Fri, 17 Jul 92 09:31:25 GMT
H?F?from: eric@foo.bar.baz.de (Eric Allman)
H?x?full-name: Eric Allman
Hmessage-id: <9207170931.AA22757@foo.bar.baz.de>
HTo: sendmail@vangogh.CS.Berkeley.EDU
Hsubject: this is an example message
.)b
This shows the name of the data file,
the person who sent the message,
the submission time
(in seconds since January 1, 1970),
the message priority,
the message class,
the recipients,
and the headers for the message.
.+c "SUMMARY OF SUPPORT FILES"
.pp
This is a summary of the support files
that
.i sendmail
creates or generates.
Many of these can be changed by editing the sendmail.cf file;
check there to find the actual pathnames.
.nr ii 1i
.ip "/usr/\*(SD/sendmail"
The binary of
.i sendmail .
.ip /usr/bin/newaliases
A link to /usr/\*(SD/sendmail;
causes the alias database to be rebuilt.
Running this program is completely equivalent to giving
.i sendmail
the
.b \-bi
flag.
.ip /usr/bin/mailq
Prints a listing of the mail queue.
This program is equivalent to using the
.b \-bp
flag to
.i sendmail .
.ip /etc/sendmail.cf
The configuration file,
in textual form.
.ip /etc/sendmail.fc
The configuration file
represented as a memory image.
.ip /usr/lib/sendmail.hf
The SMTP help file.
.ip /etc/sendmail.st
A statistics file; need not be present.
.ip /etc/sendmail.pid
Created in daemon mode;
it contains the process id of the current SMTP daemon.
If you use this in scripts;
use ``head \-1'' to get just the first line;
later versions of
.i sendmail
may add information to subsequent lines.
.ip /etc/aliases
The textual version of the alias file.
.ip /etc/aliases.{pag,dir}
The alias file in
.i dbm \|(3)
format.
.ip /var/spool/mqueue
The directory in which the mail queue
and temporary files reside.
.ip /var/spool/mqueue/qf*
Control (queue) files for messages.
.ip /var/spool/mqueue/df*
Data files.
.ip /var/spool/mqueue/tf*
Temporary versions of the qf files,
used during queue file rebuild.
.ip /var/spool/mqueue/xf*
A transcript of the current session.
.\".ro
.\".ls 1
.\".tp
.\".sp 2i
.\".in 0
.\".ce 100
.\".sz 24
.\".b SENDMAIL
.\".sz 14
.\".sp
.\"INSTALLATION AND OPERATION GUIDE
.\".sp
.\".sz 10
.\"Eric Allman
.\"Britton-Lee, Inc.
.\".sp
.\"Version 6.51
.\".ce 0
.pn 2
.bp
.ce
.sz 12
TABLE OF CONTENTS
.sz 10
.sp
.\" remove some things to avoid "out of temp file space" problem
.rm sh
.rm (x
.rm )x
.rm ip
.rm pp
.rm lp
.rm he
.rm fo
.rm eh
.rm oh
.rm ef
.rm of
.xp