![[logo]](../gif/batlogo.gif)
cf/README for sendmail 8.12.3
Eric Allman of the Sendmail ConsortiumUseful links
Table of ContentClaus Assmann
Tweaking Configuration Options
There are a large number of configuration options that don't normally need to be changed. However, if you feel you need to tweak them, you can define the following M4 variables. This list is shown in four columns: the name you define, the default value for that definition, the option or macro that is affected (either Ox for an option or Dx for a macro), and a brief description. Greater detail of the semantics can be found in the Installation and Operations Guide.
Some options are likely to be deprecated in future versions -- that is, the option is only included to provide back-compatibility. These are marked with "*".
Remember that these options are M4 variables, and hence may need to be quoted. In particular, arguments with commas will usually have to be ``double quoted, like this phrase'' to avoid having the comma confuse things. This is common for alias file definitions and for the read timeout.
| M4 Variable Name | Configuration | Description & [Default] |
|---|---|---|
| confMAILER_NAME | $n macro | [MAILER-DAEMON] The sender name used for internally generated outgoing messages. |
| confDOMAIN_NAME | $j macro | If defined, sets $j. This should only be done if your system cannot determine your local domain name, and then it should be set to $w.Foo.COM, where Foo.COM is your domain name. |
| confCF_VERSION | $Z macro | If defined, this is appended to the configuration version name. |
| confLDAP_CLUSTER | ${sendmailMTACluster} macro | If defined, this is the LDAP cluster to use for LDAP searches as described in Using LDAP For Aliases, Maps, And Classes. |
| confFROM_HEADER | From: | [$?x$x <$g>$|$g$.] The format of an internally generated From: address. |
| confRECEIVED_HEADER | Received: |
[$?sfrom $s $.$?_($?s$|from $.$_) $.$?{auth_type}(authenticated) $.by $j ($v/$Z)$?r with $r$. id $i$?u for $u; $|; $.$b] The format of the Received: header in messages passed through this host. It is unwise to try to change this. |
| confCW_FILE | Fw class | [/etc/mail/local-host-names] Name of file used to get the local additions to class {w} (local host names). |
| confCT_FILE | Ft class | [/etc/mail/trusted-users] Name of file used to get the local additions to class {t} (trusted users). |
| confCR_FILE | FR class | [/etc/mail/relay-domains] Name of file used to get the local additions to class {R} (hosts allowed to relay). |
| confTRUSTED_USERS | Ct class | [no default] Names of users to add to the list of trusted users. This list always includes root, uucp, and daemon. See also FEATURE(`use_ct_file'). |
| confTRUSTED_USER | TrustedUser | [no default] Trusted user for file ownership and starting the daemon. Not to be confused with confTRUSTED_USERS. |
| confSMTP_MAILER | - | [esmtp] The mailer name used when SMTP connectivity is required. One of "smtp", "smtp8", "esmtp", or "dsmtp". |
| confUUCP_MAILER | - | [uucp-old] The mailer to be used by default for bang-format recipient addresses. See also discussion of class {U}, class {Y}, and class {Z} in the MAILER(`uucp') section. |
| confLOCAL_MAILER | - | [local] The mailer name used when local connectivity is required. Almost always "local". |
| confRELAY_MAILER | - | [relay] The default mailer name used for relaying any mail (e.g., to a BITNET_RELAY, a SMART_HOST, or whatever). This can reasonably be "uucp-new" if you are on a UUCP-connected site. |
| confSEVEN_BIT_INPUT | SevenBitInput | [False] Force input to seven bits? |
| confEIGHT_BIT_HANDLING | EightBitMode | [pass8] 8-bit data handling |
| confALIAS_WAIT | AliasWait | [10m] Time to wait for alias file rebuild until you get bored and decide that the apparently pending rebuild failed. |
| confMIN_FREE_BLOCKS | MinFreeBlocks | [100] Minimum number of free blocks on queue filesystem to accept SMTP mail. (Prior to 8.7 this was minfree/maxsize, where minfree was the number of free blocks and maxsize was the maximum message size. Use confMAX_MESSAGE_SIZE for the second value now.) |
| confMAX_MESSAGE_SIZE | MaxMessageSize | [infinite] The maximum size of messages that will be accepted (in bytes). |
| confBLANK_SUB | BlankSub | [.] Blank (space) substitution character. |
| confCON_EXPENSIVE | HoldExpensive | [False] Avoid connecting immediately to mailers marked expensive. |
| confCHECKPOINT_INTERVAL | CheckpointInterval | [10] Checkpoint queue files every N recipients. |
| confDELIVERY_MODE | DeliveryMode | [background] Default delivery mode. |
| confERROR_MODE | ErrorMode | [print] Error message mode. |
| confERROR_MESSAGE | ErrorHeader | [undefined] Error message header/file. |
| confSAVE_FROM_LINES | SaveFromLine | Save extra leading From_ lines. |
| confTEMP_FILE_MODE | TempFileMode | [0600] Temporary file mode. |
| confMATCH_GECOS | MatchGECOS | [False] Match GECOS field. |
| confMAX_HOP | MaxHopCount | [25] Maximum hop count. |
| confIGNORE_DOTS* | IgnoreDots | [False; always False in -bs or -bd mode] Ignore dot as terminator for incoming messages? |
| confBIND_OPTS | ResolverOptions | [undefined] Default options for DNS resolver. |
| confMIME_FORMAT_ERRORS* | SendMimeErrors | [True] Send error messages as MIME-encapsulated messages per RFC 1344. |
| confFORWARD_PATH | ForwardPath | [$z/.forward.$w:$z/.forward]The colon-separated list of places to search for .forward files. N.B.: see the Security Notes section. |
| confMCI_CACHE_SIZE | ConnectionCacheSize | [2] Size of open connection cache. |
| confMCI_CACHE_TIMEOUT | ConnectionCacheTimeout | [5m] Open connection cache timeout. |
| confHOST_STATUS_DIRECTORY | HostStatusDirectory | [undefined] If set, host status is kept on disk between sendmail runs in the named directory tree. This need not be a full pathname, in which case it is interpreted relative to the queue directory. |
| confSINGLE_THREAD_DELIVERY | SingleThreadDelivery | [False] If this option and the HostStatusDirectory option are both set, single thread deliveries to other hosts. That is, don't allow any two sendmails on this host to connect simultaneously to any other single host. This can slow down delivery in some cases, in particular since a cached but otherwise idle connection to a host will prevent other sendmails from connecting to the other host. |
| confUSE_ERRORS_TO* | UseErrorsTo | [False] Use the Errors-To: header to deliver error messages. This should not be necessary because of general acceptance of the envelope/header distinction. |
| confLOG_LEVEL | LogLevel | [9] Log level. |
| confME_TOO | MeToo | [True] Include sender in group expansions. This option is deprecated and will be removed from a future version. |
| confCHECK_ALIASES | CheckAliases | [False] Check RHS of aliases when running newaliases. Since this does DNS lookups on every address, it can slow down the alias rebuild process considerably on large alias files. |
| confOLD_STYLE_HEADERS* | OldStyleHeaders | [True] Assume that headers without special chars are old style. |
| confPRIVACY_FLAGS | PrivacyOptions | [authwarnings] Privacy flags. |
| confCOPY_ERRORS_TO | PostmasterCopy | [undefined] Address for additional copies of all error messages. |
| confQUEUE_FACTOR | QueueFactor | [600000] Slope of queue-only function. |
| confQUEUE_FILE_MODE | QueueFileMode | [undefined] Default permissions for queue files (octal). If not set, sendmail uses 0600 unless its real and effective uid are different in which case it uses 0644. |
| confDONT_PRUNE_ROUTES | DontPruneRoutes | [False] Don't prune down route-addr syntax addresses to the minimum possible. |
| confSAFE_QUEUE* | SuperSafe | [True] Commit all messages to disk before forking. |
| confTO_INITIAL | Timeout.initial | [5m] The timeout waiting for a response on the initial connect. |
| confTO_CONNECT | Timeout.connect | [0] The timeout waiting for an initial connect() to complete. This can only shorten connection timeouts; the kernel silently enforces an absolute maximum (which varies depending on the system). |
| confTO_ICONNECT | Timeout.iconnect | [undefined] Like Timeout.connect, but applies only to the very first attempt to connect to a host in a message. This allows a single very fast pass followed by more careful delivery attempts in the future. |
| confTO_ACONNECT | Timeout.aconnect | [0] The overall timeout waiting for all connection for a single delivery attempt to succeed. If 0, no overall limit is applied. |
| confTO_HELO | Timeout.helo | [5m] The timeout waiting for a response to a HELO or EHLO command. |
| confTO_MAIL | Timeout.mail | [10m] The timeout waiting for a response to the MAIL command. |
| confTO_RCPT | Timeout.rcpt | [1h] The timeout waiting for a response to the RCPT command. |
| confTO_DATAINIT | Timeout.datainit | [5m] The timeout waiting for a 354 response from the DATA command. |
| confTO_DATABLOCK | Timeout.datablock | [1h] The timeout waiting for a block during DATA phase. |
| confTO_DATAFINAL | Timeout.datafinal | [1h] The timeout waiting for a response to the final "." that terminates a message. |
| confTO_RSET | Timeout.rset | [5m] The timeout waiting for a response to the RSET command. |
| confTO_QUIT | Timeout.quit | [2m] The timeout waiting for a response to the QUIT command. |
| confTO_MISC | Timeout.misc | [2m] The timeout waiting for a response to other SMTP commands. |
| confTO_COMMAND | Timeout.command | [1h] In server SMTP, the timeout waiting for a command to be issued. |
| confTO_IDENT | Timeout.ident | [5s] The timeout waiting for a response to an IDENT query. |
| confTO_FILEOPEN | Timeout.fileopen | [60s] The timeout waiting for a file (e.g., :include: file) to be opened. |
| confTO_LHLO | Timeout.lhlo | [2m] The timeout waiting for a response to an LMTP LHLO command. |
| confTO_AUTH | Timeout.auth | [10m] The timeout waiting for a response in an AUTH dialogue. |
| confTO_STARTTLS | Timeout.starttls | [1h] The timeout waiting for a response to an SMTP STARTTLS command. |
| confTO_CONTROL | Timeout.control | [2m] The timeout for a complete control socket transaction to complete. |
| confTO_QUEUERETURN | Timeout.queuereturn | [5d] The timeout before a message is returned as undeliverable. |
| confTO_QUEUERETURN_NORMAL | Timeout.queuereturn.normal | [undefined] As above, for normal priority messages. |
| confTO_QUEUERETURN_URGENT | Timeout.queuereturn.urgent | [undefined] As above, for urgent priority messages. |
| confTO_QUEUERETURN_NONURGENT | Timeout.queuereturn.non-urgent | [undefined] As above, for non-urgent (low) priority messages. |
| confTO_QUEUEWARN | Timeout.queuewarn | [4h] The timeout before a warning message is sent to the sender telling them that the message has been deferred. |
| confTO_QUEUEWARN_NORMAL | Timeout.queuewarn.normal | [undefined] As above, for normal priority messages. |
| confTO_QUEUEWARN_URGENT | Timeout.queuewarn.urgent | [undefined] As above, for urgent priority messages. |
| confTO_QUEUEWARN_NONURGENT | Timeout.queuewarn.non-urgent | [undefined] As above, for non-urgent (low) priority messages. |
| confTO_HOSTSTATUS | Timeout.hoststatus | [30m] How long information about host statuses will be maintained before it is considered stale and the host should be retried. This applies both within a single queue run and to persistent information (see below). |
| confTO_RESOLVER_RETRANS | Timeout.resolver.retrans | [varies] Sets the resolver's retransmition time interval (in seconds). Sets both Timeout.resolver.retrans.first and Timeout.resolver.retrans.normal. |
| confTO_RESOLVER_RETRANS_FIRST | Timeout.resolver.retrans.first | [varies] Sets the resolver's retransmition time interval (in seconds) for the first attempt to deliver a message. |
| confTO_RESOLVER_RETRANS_NORMAL | Timeout.resolver.retrans.normal | [varies] Sets the resolver's retransmition time interval (in seconds) for all resolver lookups except the first delivery attempt. |
| confTO_RESOLVER_RETRY | Timeout.resolver.retry | [varies] Sets the number of times to retransmit a resolver query. Sets both Timeout.resolver.retry.first and Timeout.resolver.retry.normal. |
| confTO_RESOLVER_RETRY_FIRST | Timeout.resolver.retry.first | [varies] Sets the number of times to retransmit a resolver query for the first attempt to deliver a message. |
| confTO_RESOLVER_RETRY_NORMAL | Timeout.resolver.retry.normal | [varies] Sets the number of times to retransmit a resolver query for all resolver lookups except the first delivery attempt. |
| confTIME_ZONE | TimeZoneSpec | [USE_SYSTEM] Time zone info -- can be USE_SYSTEM to use the system's idea, USE_TZ to use the user's TZ envariable, or something else to force that value. |
| confDEF_USER_ID | DefaultUser | [1:1] Default user id. |
| confUSERDB_SPEC | UserDatabaseSpec | [undefined] User database specification. |
| confFALLBACK_MX | FallbackMXhost | [undefined] Fallback MX host. |
| confTRY_NULL_MX_LIST | TryNullMXList | [False] If this host is the best MX for a host and other arrangements haven't been made, try connecting to the host directly; normally this would be a config error. |
| confQUEUE_LA | QueueLA | [varies] Load average at which queue-only function kicks in. Default values is (8 * numproc) where numproc is the number of processors online (if that can be determined). |
| confREFUSE_LA | RefuseLA | [varies] Load average at which incoming SMTP connections are refused. Default values is (12 * numproc) where numproc is the number of processors online (if that can be determined). |
| confDELAY_LA | DelayLA | [0] Load average at which sendmail will sleep for one second on most SMTP commands and before accepting connections. 0 means no limit. |
| confMAX_ALIAS_RECURSION | MaxAliasRecursion | [10] Maximum depth of alias recursion. |
| confMAX_DAEMON_CHILDREN | MaxDaemonChildren | [undefined] The maximum number of children the daemon will permit. After this number, connections will be rejected. If not set or <= 0, there is no limit. |
| confMAX_HEADERS_LENGTH | MaxHeadersLength | [32768] Maximum length of the sum of all headers. |
| confMAX_MIME_HEADER_LENGTH | MaxMimeHeaderLength | [undefined] Maximum length of certain MIME header field values. |
| confCONNECTION_RATE_THROTTLE | ConnectionRateThrottle | [undefined] The maximum number of connections permitted per second per daemon. After this many connections are accepted, further connections will be delayed. If not set or <= 0, there is no limit. |
| confWORK_RECIPIENT_FACTOR | RecipientFactor | [30000] Cost of each recipient. |
| confSEPARATE_PROC | ForkEachJob | [False] Run all deliveries in a separate process. |
| confWORK_CLASS_FACTOR | ClassFactor | [1800] Priority multiplier for class. |
| confWORK_TIME_FACTOR | RetryFactor | [90000] Cost of each delivery attempt. |
| confQUEUE_SORT_ORDER | QueueSortOrder | [Priority] Queue sort algorithm: Priority, Host, Filename, Random, Modification, or Time. |
| confMIN_QUEUE_AGE | MinQueueAge | [0] The minimum amount of time a job must sit in the queue between queue runs. This allows you to set the queue run interval low for better responsiveness without trying all jobs in each run. |
| confDEF_CHAR_SET | DefaultCharSet | [unknown-8bit] When converting unlabeled 8 bit input to MIME, the character set to use by default. |
| confSERVICE_SWITCH_FILE | ServiceSwitchFil | [/etc/mail/service.switch] The file to use for the service switch on systems that do not have a system-defined switch. |
| confHOSTS_FILE | HostsFile | [/etc/hosts] The file to use when doing "file" type access of hosts names. |
| confDIAL_DELAY | DialDelay | [0s] If a connection fails, wait this long and try again. Zero means "don't retry". This is to allow "dial on demand" connections to have enough time to complete a connection. |
| confNO_RCPT_ACTION | NoRecipientAction | [none] What to do if there are no legal recipient fields (To:, Cc: or Bcc:) in the message. Legal values can be "none" to just leave the nonconforming message as is, "add-to" to add a To: header with all the known recipients (which may expose blind recipients), "add-apparently-to" to do the same but use Apparently-To: instead of To: (strongly discouraged in accordance with IETF standards), "add-bcc" to add an empty Bcc: header, or "add-to-undisclosed" to add the header ``To: undisclosed-recipients:;''. |
| confSAFE_FILE_ENV | SafeFileEnvironment | [undefined] If set, sendmail will do a chroot() into this directory before writing files. |
| confCOLON_OK_IN_ADDR | ColonOkInAddr | [True unless Configuration Level > 6] If set, colons are treated as a regular character in addresses. If not set, they are treated as the introducer to the RFC 822 "group" syntax. Colons are handled properly in route-addrs. This option defaults on for V5 and lower configuration files. |
| confMAX_QUEUE_RUN_SIZE | MaxQueueRunSize | [0] If set, limit the maximum size of any given queue run to this number of entries. Essentially, this will stop reading each queue directory after this number of entries are reached; it does _not_ pick the highest priority jobs, so this should be as large as your system can tolerate. If not set, there is no limit. |
| confMAX_QUEUE_CHILDREN | MaxQueueChildren | [undefined] Limits the maximum number of concurrent queue runners active. This is to keep system resources used within a reasonable limit. Relates to Queue Groups and ForkAllJobs. |
| confMAX_RUNNERS_PER_QUEUE | MaxRunnersPerQueue | [1] Only active when MaxQueueChildren defined. Controls the maximum number of queue runners (aka queue children) active at the same time in a work group. See also MaxQueueChildren. |
| confDONT_EXPAND_CNAMES | DontExpandCnames | [False] If set, $[ ... $] lookups that do DNS based lookups do not expand CNAME records. This currently violates the published standards, but the IETF seems to be moving toward legalizing this. For example, if "FTP.Foo.ORG" is a CNAME for "Cruft.Foo.ORG", then with this option set a lookup of "FTP" will return "FTP.Foo.ORG"; if clear it returns "Cruft.FOO.ORG". N.B. you may not see any effect until your downstream neighbors stop doing CNAME lookups as well. |
| confFROM_LINE | UnixFromLine | [From $g $d] The From_ line used when sending to files or programs. |
| confSINGLE_LINE_FROM_HEADER | SingleLineFromHeader | [False] From: lines that have embedded newlines are unwrapped onto one line. |
| confALLOW_BOGUS_HELO | AllowBogusHELO | [False] Allow HELO SMTP command that does not include a host name. |
| confMUST_QUOTE_CHARS | MustQuoteChars | [.'] Characters to be quoted in a full name phrase (@,;:\()[] are automatic). |
| confOPERATORS | OperatorChars | [.:%@!^/[]+] Address operator characters. |
| confSMTP_LOGIN_MSG | SmtpGreetingMessage | [$j Sendmail $v/$Z; $b] The initial (spontaneous) SMTP greeting message. The word "ESMTP" will be inserted between the first and second words to convince other sendmails to try to speak ESMTP. |
| confDONT_INIT_GROUPS | DontInitGroups | [False] If set, the initgroups(3) routine will never be invoked. You might want to do this if you are running NIS and you have a large group map, since this call does a sequential scan of the map; in a large site this can cause your ypserv to run essentially full time. If you set this, agents run on behalf of users will only have their primary (/etc/passwd) group permissions. |
| confUNSAFE_GROUP_WRITES | UnsafeGroupWrites | [False] If set, group-writable :include: and .forward files are considered "unsafe", that is, programs and files cannot be directly referenced from such files. World-writable files are always considered unsafe. |
| confCONNECT_ONLY_TO | ConnectOnlyTo | [undefined] override connection address (for testing). |
| confCONTROL_SOCKET_NAME | ControlSocketName | [undefined] Control socket for daemon management. |
| confDOUBLE_BOUNCE_ADDRESS | DoubleBounceAddress | [postmaster] If an error occurs when sending an error message, send that "double bounce" error message to this address. If it expands to an empty string, double bounces are dropped. |
| confDEAD_LETTER_DROP | DeadLetterDrop | [undefined] Filename to save bounce messages which could not be returned to the user or sent to postmaster. If not set, the queue file will be renamed. |
| confRRT_IMPLIES_DSN | RrtImpliesDsn | [False] Return-Receipt-To: header implies DSN request. |
| confRUN_AS_USER | RunAsUser | [undefined] If set, become this user when reading and delivering mail. Causes all file reads (e.g., .forward and :include: files) to be done as this user. Also, all programs will be run as this user, and all output files will be written as this user. Intended for use only on firewalls where users do not have accounts. |
| confMAX_RCPTS_PER_MESSAGE | MaxRecipientsPerMessage | [infinite] If set, allow no more than the specified number of recipients in an SMTP envelope. Further recipients receive a 452 error code (i.e., they are deferred for the next delivery attempt). |
| confBAD_RCPT_THROTTLE | BadRcptThrottle | [infinite] If set and more than the specified number of recipients in an envelope are rejected, sleep for one second after each rejected RCPT command. |
| confDONT_PROBE_INTERFACES | DontProbeInterfaces | [False] If set, sendmail will _not_ insert the names and addresses of any local interfaces into class {w} (list of known "equivalent" addresses). If you set this, you must also include some support for these addresses (e.g., in a mailertable entry) -- otherwise, mail to addresses in this list will bounce with a configuration error. If set to "loopback" (without quotes), sendmail will skip loopback interfaces (e.g., "lo0"). |
| confPID_FILE | PidFile | [system dependent] Location of pid file. |
| confPROCESS_TITLE_PREFIX | ProcessTitlePrefix | [undefined] Prefix string for the process title shown on 'ps' listings. |
| confDONT_BLAME_SENDMAIL | DontBlameSendmail | [safe]
Override sendmail's file safety checks. This will definitely compromise system security and should not be used unless absolutely necessary. |
| confREJECT_MSG | - | [550 Access denied] The message given if the access database contains REJECT in the value portion. |
| confRELAY_MSG | - | [550 Relaying denied] The message given if an unauthorized relaying attempt is rejected. |
| confDF_BUFFER_SIZE | DataFileBufferSize | [4096] The maximum size of a memory-buffered data (df) file before a disk-based file is used. |
| confXF_BUFFER_SIZE | XScriptFileBufferSize | [4096] The maximum size of a memory-buffered transcript (xf) file before a disk-based file is used. |
| confAUTH_MECHANISMS | AuthMechanisms | [GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5] List of authentication mechanisms for AUTH (separated by spaces). The advertised list of authentication mechanisms will be the intersection of this list and the list of available mechanisms as determined by the CYRUS SASL library. |
| confDEF_AUTH_INFO | DefaultAuthInfo | [undefined]
Name of file that contains authentication information for outgoing connections. This file must
contain the user id, the authorization id, the password (plain text), the realm to use, and the list of
mechanisms to try, each on a separate line and must be readable by root (or the trusted user) only. If no realm
is specified, $j is used. If no mechanisms are given in the file, AuthMechanisms is used.
Notice: this option is deprecated and will be removed in future versions; it doesn't work for the MSP since it can't read the file. Use the authinfo ruleset instead. See also the section SMTP AUTHentication. |
| confAUTH_OPTIONS | AuthOptions | [undefined]
If this option is 'A' then the AUTH= parameter for the MAIL FROM command is only issued
when authentication succeeded. Other values (which should be listed one after the other without any
intervening characters except for space or comma) are a, c, d, f, p, and y. See doc/op/op.me for details. |
| confAUTH_MAX_BITS | AuthMaxBits | [INT_MAX] Limit the maximum encryption strength for the security layer in SMTP AUTH (SASL). Default is essentially unlimited. |
| confTLS_SRV_OPTIONS | TLSSrvOptions | If this option is 'V' no client verification is performed, i.e., the server doesn't ask for a certificate. |
| confLDAP_DEFAULT_SPEC | LDAPDefaultSpec | [undefined] Default map specification for LDAP maps. The value should only contain LDAP specific settings such as "-h host -p port -d bindDN", etc. The settings will be used for all LDAP maps unless they are specified in the individual map specification ('K' command). |
| confCACERT_PATH | CACERTPath | [undefined] Path to directory with certs of CAs. |
| confCACERT | CACERTFile | [undefined] File containing one CA cert. |
| confSERVER_CERT | ServerCertFile | [undefined] File containing the cert of the server, i.e., this cert is used when sendmail acts as server. |
| confSERVER_KEY | ServerKeyFile | [undefined] File containing the private key belonging to the server cert. |
| confCLIENT_CERT | ClientCertFile | [undefined] File containing the cert of the client, i.e., this cert is used when sendmail acts as client. |
| confCLIENT_KEY | ClientKeyFile | [undefined] File containing the private key belonging to the client cert. |
| confDH_PARAMETERS | DHParameters | [undefined] File containing the DH parameters. |
| confRAND_FILE | RandFile | [undefined] File containing random data (use prefix file:) or the name of the UNIX socket if EGD is used (use prefix egd:). STARTTLS requires this option if the compile flag HASURANDOM is not set (see sendmail/README). |
| confNICE_QUEUE_RUN | NiceQueueRun | [undefined] If set, the priority of queue runners is set the given value (nice(3)). |
| confDIRECT_SUBMISSION_MODIFIERS | DirectSubmissionModifiers | [undefined] Defines {daemon_flags} for direct submissions. |
| confUSE_MSP | UseMSP | [false] Use as Mail Submission Program, see sendmail/SECURITY. |
| confDELIVER_BY_MIN | DeliverByMin | [0] Minimum time for Deliver By SMTP Service Extension (RFC 2852). |
| confSHARED_MEMORY_KEY | SharedMemoryKey | [0] Key for shared memory. |
| confFAST_SPLIT | FastSplit | [1] If set to a value greater than zero, the initial MX lookups on addresses is suppressed when they are sorted which may result in faster envelope splitting. If the mail is submitted directly from the command line, then the value also limits the number of processes to deliver the envelopes. |
| confMAILBOX_DATABASE | MailboxDatabase | [pw] Type of lookup to find information about local mailboxes. |
| confDEQUOTE_OPTS | - | [empty] Additional options for the dequote map. |
| confINPUT_MAIL_FILTERS | InputMailFilters | A comma separated list of filters which determines which filters and the invocation sequence are contacted for incoming SMTP messages. If none are set, no filters will be contacted. |
| confMILTER_LOG_LEVEL | Milter.LogLevel | [9] Log level for input mail filter actions, defaults to LogLevel. |
| confMILTER_MACROS_CONNECT | Milter.macros.connect | [empty] Macros to transmit to milters when a session connection starts. |
| confMILTER_MACROS_HELO | Milter.macros.helo | [empty] Macros to transmit to milters after HELO command. |
| confMILTER_MACROS_ENVFROM | Milter.macros.envfrom | [empty] Macros to transmit to milters after MAIL FROM command. |
| confMILTER_MACROS_ENVRCPT | Milter.macros.envrcpt | [empty] Macros to transmit to milters after RCPT TO command. |
See also the description of OSTYPE for some parameters that can be tweaked (generally pathnames to mailers).
ClientPortOptions and DaemonPortOptions are special cases since multiple clients/daemons can be defined. This can be done via
CLIENT_OPTIONS(`field1=value1,field2=value2,...') DAEMON_OPTIONS(`field1=value1,field2=value2,...')Note that multiple CLIENT_OPTIONS() commands (and therefore multiple ClientPortOptions settings) are allowed in order to give settings for each protocol family (e.g., one for Family=inet and one for Family=inet6). A restriction placed on one family only affects outgoing connections on that particular family.
If DAEMON_OPTIONS is not used, then the default is
DAEMON_OPTIONS(`Port=smtp, Name=MTA') DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')If you use one DAEMON_OPTIONS macro, it will alter the parameters of the first of these. The second will still be defaulted; it represents a "Message Submission Agent" (MSA) as defined by RFC 2476 (see below). To turn off the default definition for the MSA, use FEATURE(` no_default_msa') (see also FEATURES). If you use additional DAEMON_OPTIONS macros, they will add additional daemons.
Example 1:
To change the port for the SMTP listener, while
still using the MSA default, use
Example 2:
To change the port for the MSA daemon, while still
using the default SMTP port, use
Note that if the first of those DAEMON_OPTIONS lines were omitted, then there would be no listener on the standard SMTP port.
Example 3:
To listen on both IPv4 and IPv6 interfaces, use
A "Message Submission Agent" still uses all of the same rulesets for processing the message (and therefore still allows message rejection via the check_* rulesets). In accordance with the RFC, the MSA will ensure that all domains in the envelope are fully qualified if the message is relayed to another MTA. It will also enforce the normal address syntax rules and log error messages. Additionally, by using the M=a modifier you can require authentication before messages are accepted by the MSA.
Notice: Do NOT use the 'a' modifier on a public accessible MTA!
Finally, the M=E modifier shown above disables ETRN as required by RFC 2476.
Mail filters can be defined using the INPUT_MAIL_FILTER() and MAIL_FILTER() commands:
INPUT_MAIL_FILTER(`sample', `S=local:/var/run/f1.sock') MAIL_FILTER(`myfilter', `S=inet:3333@localhost')The INPUT_MAIL_FILTER() command causes the filter(s) to be called in the same order they were specified by also setting confINPUT_MAIL_FILTERS. A filter can be defined without adding it to the input filter list by using MAIL_FILTER() instead of INPUT_MAIL_FILTER() in your .mc file. Alternatively, you can reset the list of filters and their order by setting confINPUT_MAIL_FILTERS option after all INPUT_MAIL_FILTER() commands in your .mc file.