Understanding the sendmail.cf File

The sendmail.cf file contains the definitions that drive the behavior of your sendmail mail server. The sendmail.mc file used to generate sendmail.cf doesn't explicitly define every setting that ends up in the sendmail.cf file. Therefore, understanding the contents of your sendmail.cf file can help you go back and make corrections to sendmail.mc.

sendmail component files

The first part of the sendmail.cf file contains a listing of component files used to create the sendmail.cf file. It also contains information about the configuration file’s format and version. The following is an example of the beginning of the sendmail.cf file:

######################################################################

#####      SENDMAIL CONFIGURATION FILE

##### built by root@ab.handsonhistory.com on Sun Jul 27 02:53:51 PDT 2003

##### in /etc/mail

##### using /usr/share/sendmail-cf/ as configuration include directory

#####

######################################################################

##### DO NOT EDIT THIS FILE!  Only edit the source .mc file.

######################################################################

 

#####  $Id: cfhead.m4,v 8.108.2.1 2002/08/27 18:53:24 ca Exp $  #####

#####  $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $  #####

 

#####  setup for Red Hat Linux  #####

#####  $Id: linux.m4,v 8.13 2000/09/17 17:30:00 gshapiro Exp $  #####

#####  $Id: local_procmail.m4,v 8.21.42.1 2002/11/17 05:06:23 ca Exp $  ##

                       .

                       .

                       .

Note the warning that you shouldn’t edit the sendmail.cf file directly. In the rest of this section, the comments show which component m4 macro files (from subdirectories of the /usr/share/sendmail-cf directory) were used to create this sendmail.cf file.

The following setting from the sendmail.cf file indicates the version and vendor associated with the configuration file.

V10/Berkeley

The preceding line identifies this configuration file as corresponding with the open-source Berkeley distribution of sendmail V10. The next line refers to a certain security feature:

#O DontBlameSendmail=safe

This version of sendmail is, by default, somewhat paranoid, judging from the preceding commented lines. By leaving DontBlameSendmail=safe commented out, sendmail won’t accept forward files, include files, incoming mailboxes, configuration files, class files, or hashed map files that are group- or world-writable, or located in a directory that is group- or world-writable. (Set confDONT_BLAME_SENDMAIL to safe in the sendmail.mc file to override file safety checks.) The next line relates to LDAP maps.

#O LDAPDefaultSpec=-h localhost

With the LDAPDefaultSpec option, you can add default LDAP maps that include LDAP-specific settings. By default, none are set. Add a conf LDAP_DEFAULT_SPEC line to sendmail.mc to identify maps by host (-h host), port (-p port) or domain name (-d bindDN).

sendmail local info entries

The next entries in the sendmail.cf file appear under the local info heading. They reflect configuration information that is specific to your local host computer. Here are the first settings in that section:

Cwlocalhost

Fw/etc/mail/local-host-names

The Cwlocalhost line defines the class macro w, which contains a list of all possible host names given to the machine. This includes any DNS aliases, all references in /etc/hosts, and perhaps even incorrect names used by individuals with accounts on that machine (to avoid having those messages bounced). Because this could become quite an extensive list on some hosts, the Fw/etc/mail/local-host-names line defines the file class macro w, which enables these host names to be stored in a separate file, /etc/mail/local-host-name in this case.

#Dj$w.Foo.COM

If you had set the confDOMAIN_NAME in your sendmail.mc file, the preceding line would be uncommented and your domain name would replace Foo.COM. With this line commented, however, sendmail will try to determine your computer’s domain name on its own. It is recommended that you let sendmail determine the canonical name. The next line configures smart relay and other options:

CP.

DS

CO @ % !

C..

C[[

The preceding DS line (set to nothing) indicates that no smart relay host is defined. Although it is more commonly used with UUCP as a transport mechanism, smart relay hosts can also be useful if the machine doesn’t have a reliable connection to the entire network (perhaps it’s only on a local network). The relay accepts mail from this machine and handles delivering the mail to the appropriate recipients.

The other lines define class macros that become important within the rewriting rules. The CP. and C.. lines define the classes P and ., each of which consists of only a period (.). The CO @ % ! line defines the class O, which lists three characters that are invalid within user names (@, %, and !). The C[[ line defines the class [, which consists of a left bracket.

Next, the FR-o line identifies a file that can be configured to allow mail relaying.

FR-o /etc/mail/relay-domains

The preceding line declares file class R, which is a list of hosts to which mail can relayed, stored in the file /etc/mail/relay-domains. The next line has to do with dequoting:

Kdequote dequote

The Kdequote line declares the dequote database of class dequote. This is used to remove quotation marks from addresses within the rewriting rules. The next line relates to the way user names and domain names are exposed to the outside world:

C{E}root

The preceding class E line (CE root) indicates that mail from the user root should always have the appropriate full host name and domain name, even if other directives indicate that the host name should be masquerading as some other name. Besides class E, class L could be used to list those user names that should receive mail on the local host, even if other directives indicate that all mail should be relayed elsewhere. The class M could be used to indicate which domains should have their host names masqueraded (as set in the following M macro). The class N could be used to indicate host names that should not be masqueraded.

The next lines shown identify sendmail databases:

Kmailertable hash -o /etc/mail/mailertable.db

Kvirtuser hash -o /etc/mail/virtusertable.db

Kaccess hash -T<TMPF> -o /etc/mail/access.db

The previous Kmailertable, Kvirtuser, and Kacess lines define key database files. You can route mail for particular addresses to particular servers by adding definitions to the Mailer table database (/etc/mail/mailertable which creates /etc/mail/mailertable.db file).

The Virtual user table database (/etc/mail/virtusertable.db) is created from the hashed output of the /etc/mail/virtusertable text file. The Access list (/etc/mail/access.db) database, created from the /etc/mail/access file, lets you discard and reject e-mail from certain users to prevent spamming. See the sidebar “Forwarding E-mail and Stopping Spam,” which describes how to set up the virtual user and access list databases.

CPREDIRECT

DZ8.12.8

The CPREDIRECT line adds the text REDIRECT to the class P. This is used in conjunction with the redirect feature (enabled in the m4 configuration files), which allows aliases to be created for accounts that are no longer active. For example, if this is in /etc/aliases:

jefft: jefft@newplace.com.REDIRECT

Forwarding E-mail and Stopping Spam

The files mailertable, virtusertable, and access (in /etc/mail) can be set up to forward or discard e-mail based on addresses. The mailertable file lets you forward e-mail for a particular domain to a selected server. For example, this mailertable entry forwards handsonhistory.com mail to mx1.linuxtoys.net: handsonhistory.com      smtp:[mx1.linuxtoys.net] The virtusertable file is often used to redirect mail for particular users in multiple domains. Here are examples of mappings that could be in the virtusertable file: videotech@myotherbox.org hadji sales@verysmallcompany.com   george@wehavenomoney.com The first line redirects mail intended for videotech@myotherbox.org to the local user account hadji. The second redirects mail for sales@verysmallcompany.com to the remote user george@wehavenomoney.com. Similarly, the Access list database is created from /etc/mail/access. It can be used to selectively accept, reject, relay, or discard any message based on the address, host name, domain name, or IP address contained within the header: ads@freestuff.net DISCARD junkmail.com          REJECT coupons.junkmail.com  OK spam.junkmail.com     550 Unsolicited bulk email will                       be stored and handled for a fee of $500/KB The first line in the preceding block discards (without no error messages) all mail from ads@freestuff.net. The second rejects all mail from the junkmail.com domain, returning a general delivery status message to the sender. The third line overrides the previous setting by allowing mail from coupons.junkmail.com, and the fourth line returns the specified error code to the annoying spam.junkmail.com domain. The contents of the mailertable, virtusertable, and access files are all incorporated into their respective .db files when the sendmail service starts. After changing any of those files, type /etc/init.d/sendmail restart to have changes take effect.

Any mail sent to jefft on the local machine would result in an informational message being returned to the original sender, indicating the changed address. The original mail message will not be forwarded to the address listed in the preceding jefft example. The DZ8.12.8 line sets the macro Z, which contains the full version information for the sendmail daemon.

sendmail options

The sendmail.cf file contains a long list of options that you can set for sendmail on your Red Hat Linux system. Option definitions start after the Options block. Here are examples:

O SevenBitInput=False

# O EightBitMode=pass8

The SevenBitInput option indicates that sendmail should not clear the most significant bit from each byte of all mail messages. The EightBitMode option dictates how sendmail should handle message data that is not explicitly labeled as 8-bit. The pass8 option allows any 8-bit data to be delivered unaltered; mimefy converts any unspecified data to a MIME-encoded type; strict rejects any unlabeled 8-bit data. Note that this option has no effect on data that is specified as 8-bit. The next lines relate to alias files:

O AliasWait=10

O AliasFile=/etc/aliases

Before rebuilding the aliases database, sendmail performs several checks to make sure that no other processes are attempting to do the same. The AliasWait option specifies the number of minutes that sendmail alternates between waiting and performing its checks. The AliasFile option specifies the location of the plain-text file containing mail aliases. The next lines relate to the way disk space is allocated for sendmail:

O MinFreeBlocks=100

#O MaxMessageSize=1000000

The MinFreeBlocks option specifies that a message will be rejected if the acceptance of that message would cause there to be fewer than 100 free blocks (100K) available on the file system where messages are stored. The MaxMessageSize, if uncommented, can impose a limit on the maximum size of an incoming e-mail message (1MB in the preceding line). By default, there is no restriction on the size of a message. The next line substitutes characters for blank space:

O BlankSub=.

The BlankSub option substitutes the specified character (a . here) in place of a blank space (which is an illegal character) in an e-mail address. The next line avoids expensive mailers:

O HoldExpensive=False

If an MDA definition (explained later in this section) includes the option F=e, the mailer is classified as expensive, which simply indicates that delivering that mail may involve a slow connection or other processing delay. The HoldExpensive option allows messages handled by an expensive MDA to be queued rather than processed immediately. The preceding line disables this option. The next line relates to checkpoint queues:

#O CheckpointInterval=10

When delivering messages to many addresses (as with mailing lists), sendmail at times needs to record which recipients have already received the message. The CheckpointInterval option sets the number of recipient addresses processed between updates of the qf file. The preceding line is commented out, but the default value is still 10. The next line relates to delivery mode:

O DeliveryMode=background

The four possible DeliveryMode values are as follows:

·     background — Sendmail forks (splits off) a copy of itself and asynchronously processes the message. The default mode is background.

·     deferred — The message is queued and all processing, including DNS lookups and database accesses, is deferred until the queue is run.

·     interactive — The queue is processed synchronously, in the foreground.

·     queueonly — Much like deferred, but host names are resolved and databases are queried immediately.

The next lines relate to error message headers and error modes:

#O ErrorHeader=/etc/mail/error-header

#O ErrorMode=print

The ErrorHeader option allows the text of a specified file to be included in all delivery status messages returned to the sender, along with any error messages from the xf file. The ErrorMode option provides five possible methods of displaying error messages to users on the local machine who encounter problems while attempting to send mail:

·     e — Mail an error message to the sender, but terminate successfully.

·     m — Mail an error message, and exit with an error code.

·     p — Print error to user’s terminal and save the message in ~/dead.letter. ( default)

·     q — Quietly ignore all delivery errors.

·     w — Write the error message to the user’s terminal.

The next line relates to the From lines in e-mail messages:

#O SaveFromLine=False

By default, the SaveFromLine option is disabled (False). The result is that lines within mail messages that begin with the text “From” (a special token that differentiates the end of one message from the headers of the next) will be prefaced by a > in the delivered message. The next line relates to permissions of temporary files:

O TempFileMode=0600

The TempFileMode option sets file permissions of temporary files to be readable only by the file’s owner. Other modes are highly discouraged. The next line relates to the GECOS field:

#O MatchGECOS=False

The MatchGECOS option lets sendmail deliver mail to a converted form of a user’s full name, as specified in the GECOS field of the /etc/passwd file. For example, if the full name of user wharris (according to the GECOS field) is Wayne Harris, that user could receive mail as wharris@mybox.com, Wayne_Harris@mybox.com, or Wayne.Harris@mybox.com. This option is not recommended, because it could lead to ambiguities, and users could change their GECOS fields in a way that could subvert sendmail’s usual delivery mechanisms.

The next line relates to hop counts:

#O MaxHopCount=25

The MaxHopCount option specifies the largest number of hops (a transmission of the message from one machine to another) before a message is returned to the sender as undeliverable. The default value is 25. The next line relates to the sendmail help file:

O HelpFile=/etc/mail/helpfile

The HelpFile option lists the name of the file containing the online help text. To view this data, execute the command telnet localhost 25 and type help. Help is also available for most SMTP commands using the help command via help command name. The next line relates to dots as terminators:

#O IgnoreDots=False

The IgnoreDots option determines the behavior of sendmail when presented with a message that contains a single period on a line. With the option nonexistent, commented, or False, the single dot is treated as the end of the message (the behavior specified in RFC 821). If the option is True, the dot assumes no special significance. The next line relates to resolver options:

#O ResolverOptions=+AAONLY

The ResolverOptions option can tune the behavior of DNS lookups. Descriptions of valid flags are in the resolver man page (type man resolver). The next line relates to MIME errors:

O SendMimeErrors=True

The SendMimeErrors option defines whether delivery status notification messages should be MIME-encoded or left as plain text. The next line relates to search paths used for forwarding e-mail messages:

O ForwardPath=$z/.forward.$w:$z/.forward

The ForwardPath option specifies the search path for an individual user’s .forward file. In the preceding line, $z represents the user’s home directory, and $w indicates the local machine’s host name. For example, if /home/kzabon were the home directory for the user kzabon on the local machine al, sendmail would first look for the file /home/kzabon/.forward.al, followed by /home/kzabon/.forward. If neither file existed, the mail would be delivered to the incoming mailbox file

/var/spool/mail/kzabon. The next lines relate to caching on open connections:

O ConnectionCacheSize=2

O ConnectionCacheTimeout=5m

Rather than open a connection to a host, send a message, close the connection, and then open another connection to the same host, connection caching allows sendmail to send multiple mail messages to the same machine over one connection. This ConnectionCacheSize option can reduce the overhead of creating and destroying connections. The default value of 2 says up to two simultaneous connections are allowed. The ConnectionCacheTimeout value limits the time that a connection can be open. The default value is 5m (five minutes). The next lines relate to the host status directory and thread deliveries:

#O HostStatusDirectory=.hoststat

#O SingleThreadDelivery=False

The HostStatusDirectory option can establish a directory (relative to the queue directory /var/spool/mqueue if a full path name isn’t specified) that stores status information for all machines with which sendmail has established a connection. This option is not set by default, because its implementation consumes resources but may not provide a substantial gain.

The SingleThreadDelivery option ensures that there is always a maximum of one connection to any given machine. This, too, may not be desirable. Not only does it require the HostStatusDirectory option, it may also prevent any outgoing messages to a host if the local machine is currently processing a high volume of mail from that same machine. The next line relates to the Errors-To header:

O UseErrorsTo=False

The UseErrorsTo option allows sendmail to utilize or ignore the “Errors-To:” header line. If it is set to True, any delivery errors are reported to the address specified in the header line. Otherwise, this line is ignored. The option is set to False by default because this behavior violates RFC 1123. The next line relates to the log level:

O LogLevel=9

The LogLevel option sets the priority and severity of logging messages sent to the syslog facility. Values range from 0 (only severe errors are reported) to 98 (maximum debugging information is logged, along with all important messages). Unless you need to view tons of debugging information while tracking down a mail delivery problem, the default value of 9 is probably okay. The next line defines how messages are sent to the message sender:

#O MeToo=True

The MeToo option selects sendmail’s behavior when the sender of a message is also on the mailing list’s distribution list. Unless a value of True is specified, the sender does not receive the message (based on the assumption that if the sender wrote the message, the sender doesn’t need to see it again). The next line has to do with evaluating addresses:

O CheckAliases=False

If the value is set to True, the CheckAliases option evaluates addresses on the left side of the colon and guarantees a valid delivery agent for addresses on the right side. The default value is False. The next line relates to old-style headers:

O OldStyleHeaders=True

Lists of recipients were originally delimited by spaces. More recently, commas have been used because recipient names frequently contain spaces. When set to True, the OldStyleHeaders option allows comma-delimited lists, but unquoted spaces are converted to commas. If the option is set to False (the default), uncommented spaces are converted to the character specified by the BlankSub option. The next lines relate to SMTP daemon options:

O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA

#0 ClientPortOptions=Family=inet, Address=0.0.0.0

The DaemonPortOptions option can be used to restrict the port number and network on which sendmail will listen for incoming connections, the number of simultaneous incoming connections, and the size of the TCP/IP send and receive buffers.

The ClientPortOptions option is the same as DaemonPortOptions, except that it works for outgoing connections rather than incoming connections. By default, outgoing is not restricted to the local host since the line is commented out. The next line relates to privacy:

O PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun

The PrivacyOptions option can  require that incoming connections strictly adhere to correct SMTP behavior, disable the EXPN (noxepn) or VRFY (novrfy) functions, disable return receipts, and restrict the users who may run the mailq and sendmail -q commands (restrictqrun). The mailq command shows all entries in the queue, while the sendmail -q command synchronously processes the queue. The PrivacyOptions option also utilizes the “X-Authentication-Warning:” header line. The next line relates to copies of error messages:

#O PostMasterCopy=Postmaster

The PostMasterCopy option can specify an address (or several) that should receive copies of any delivery status notifications that are sent to message senders. The default is to send no copies. The next lines relate to the mail queue:

#O QueueFactor=600000

#O QueueSortOrder=priority

#O MinQueueAge=30m

#O MaxQueueRunSize=10000

O QueueDirectory=/var/spool/mqueue

A variety of queue options are available to tune queues and the runners that handle them. The latest sendmail (version 8.12.9-7) also includes a concept of queue groups. For servers that deliver a high volume of mail, setting up queue groups allows you to set up separate directories of outgoing e-mail. Separate queue runners can then be used to handle each queue.

The QueueFactor option uses the current system load average to implement a cutoff value where outbound messages are queued rather than immediately sent. The QueueSortOrder option, which can select the method used to determine the queue priority, can be set to host (the messages in the queue are sorted based on the receiving host and the priority), priority (the traditional precedence scale), and time (based on order of submission). MinQueueAge sets the least amount of time a failed message transfer waits in the buffer before transmission is retried.

The MaxQueueRunSize option indicates the maximum number of queued messages that can be processed during one run of the queue. The preceding line sets the limit at 10,000 messages. The QueueDirectory option specifies the location of queued outbound messages (/var/
spool/mqueue, by default). The filename prefixes present in this directory are described in Table 19-1 in Chapter 19 of the Red Hat Fedora Linux 2 Bible. The next lines relate to timeout values used by sendmail:

O Timeout.connect=1m

O Timeout.ident=0

O Timeout.queuereturn=5d

O Timeout.queuewarn=4h

Several options relating to timeouts while waiting for events can be specified, as shown in
the preceding lines. (Many more that are commented out are not shown.) These values limit the amount of time sendmail spends waiting for an event to occur or complete. The actual
time values can be specified in seconds, minutes, hours, or days (with each specified as an integer followed by s, m, h, or d, respectively). An explanation for each is given
in the following table. Each timeout option is in the form Timeout.event, where event is replaced by the timeout events listed in the table.

Timeout Events

Timeout Events	Waiting for . . .
aconnect	the successful delivery of e-mail to a recipient
auth	the reply to an SMTP AUTH request
command	the next command
connect	the acceptance of a connection
control	the whole socket transaction to finish
datablock	the read of the DATA block to complete
datafinal	acknowledgment of the final dot or End-Of-File marker
datainit	acknowledgment of the DATA command
fileopen	an NFS file open command to complete
helo	a HELO or EHLO
hoststatus	the results of a host status check
iconnect	the initial connect(2) system call to complete
ident	the results of an identification protocol response
initial	the initial greeting message
lhlo	a reply to an LMTP lHLO command
mail	acknowledgment of the MAIL command
misc	acknowledgment of other SMTP commands
queuereturn (any priority)	the message delivery to complete (a bounce message will be delivered)
queuewarn (any priority)	the message delivery to complete (a warning message will be delivered)
quit	acknowledgment of the QUIT command
rcpt	acknowledgment of the RCPT command
resolver.retrans (default first, and normal)	the time after resolver query failure before retransmitting
resolver.retry (default, first, and normal)	the number of times to retry a resolver query before failing
rset	acknowledgment of the RSET command
starttls	a reply to an SMTP START-TLS command and TLS handshake

 

The next line relates to pruning routes:

#O DontPruneRoutes=False

With the DontPruneRoutes option, an address can be specified as a “route address” where an explicit path through a sequence of hosts is indicated. If the option is set to True, this route is followed. Otherwise, the route is pruned. The next line relates to where messages are stored as they are being delivered:

O SuperSafe=True

If the SuperSafe option is False, sendmail reads a message into memory before delivering it. If the machine were to crash at this point, the message would be lost. When the SuperSafe option is set to True, the message always exists on the file system until delivery is completed. No good reason exists for this option to be set to False. The next line relates to the status file:

O StatusFile=/etc/mail/statistics

The StatusFile option specifies a file where mail delivery statistics are stored. The file is parsed by the mailstats program to display: the number of messages sent and the size of those messages (in kilobytes); the number of messages received and the size of those messages (also in kilobytes); the number of messages rejected; and the number of messages discarded. The first column and the last column indicate the MDA. The last row displays totals for each column. The following is a sample of output from the mailstats command:

Statistics from Sun Aug 17 13:05:24 2003

    M  msgsfr  bytes_from msgsto    bytes_to  msgsrej msgsdis Mailer

    4      414 3845K       23        894K        0       0  smtp

    8       10 19K        8         13K        0       0  local

   =============================================================

    T      424       3864K       31        907K        0       0

The next line relates to how time zones are handled:

#O TimeZoneSpec=

The TimeZoneSpec option lets you explicitly choose the local time zone, overriding the value in the TZ environment if it exists. The next line relates to the UID and GID used by sendmail:

O DefaultUser=8:12

The DefaultUser option specifies the UID and GID of the default user to which sendmail switches when delivering mail. In this case, it is set to mail:mail (UID 8 and GID 12). The next line relates to the location of the user database file:

O UserDatabaseSpec=/etc/mail/userdb.db

The UserDatabaseSpec option lets you choose another database to redirect incoming messages and rewrite header fields of outgoing messages. The next lines can create fallback connections:

#O FallbackMXhost=fall.back.host.net

O TryNullMXList=true

The FallbackMXhost option can be used by sites that don’t have a reliable connection to the Internet, where it would be preferable to relay the messages to another host with a better connection rather than queue the mail on the local machine.

If the host sending a message is also an MX (mail exchanger) host for the receiving host, all hosts with a higher MX preference are deemed invalid. If this results in no available mail exchangers, the message is returned to the sender if the TryNullMXList option is set to False. If the option is set to True, sendmail tries to send mail directly to the receiving host before returning the message as undelivered. The next lines relate to responses to high load averages:

#O QueueLA=8

#O RefuseLA=12

The QueueLA option specifies system load average after which mail is not delivered at once but queued to process later. The RefuseLA option sets the point at which incoming mail is no longer accepted. The next lines can set child processes and new connections:

#O MaxDaemonChildren=0

#O ConnectionRateThrottle=0

Sendmail forks a copy of itself to handle each incoming message and to process the queue. The MaxDaemonChildren option restricts the number of children of the original sendmail process that can exist simultaneously. Though this sounds like a good idea, it also makes it easier for someone to implement a Denial-of-Service attack on your machine by keeping all available child processes occupied.

A better idea (if you must limit incoming connections) is to use the ConnectionRateThrottle option. Rather than deny connections beyond a certain threshold, the ConnectionRateThrottle option slows down acceptance of messages. Using a value of three as an example, if eight connections arrive at once, three are handled immediately; three more are processed after a one-second delay; and the remaining two are handled after a two-second delay. The next line relates to processes for queued jobs:

#O ForkEachJob=False

The ForkEachJob option instructs sendmail to fork a copy of itself to handle each individual message in the queue. This may be useful for machines with limited amounts of memory but should generally not be used (or set to False). The next lines are related to message priority:

#O RecipientFactor=30000

#O ClassFactor=1800

#O RetryFactor=90000

The ClassFactor and RecipientFactor options change the order in which queued messages are sent, based on precedence class or number of recipients. The RetryFactor option can be used to alter the priority of a message in the queue that has already been processed but couldn’t be delivered. The next line relates to the character set:

#O DefaultCharSet=iso-8859-1

The DefaultCharSet option defines the MIME type used when converting 8-bit messages into 7-bit messages. The next line defines the location of the service.switch file:

#O ServiceSwitchFile=/etc/mail/service.switch

Because the /etc/nsswitch.conf file already dictates the order for resolving various database requests, the ServiceSwitchFile option is ignored, even if defined. It is best to leave it commented out. The next line lets you redefine the location of the /etc/hosts file:

#O HostsFile=/etc/hosts

The HostsFile option specifies the path to the file containing locally customized IP address-to-host name translations. The default value is /etc/hosts. The next line relates to dial-up delays when the connection fails:

#O DialDelay=10s

When a dial-up connection to the Internet needs to be established, the time required to secure the connection can vary greatly. The DialDelay option allows a number of seconds or minutes to be specified, which represents the amount of time sendmail sleeps if its initial connection attempt fails. The next line lets you define what to do if there is no recipient in the message:

#O NoRecipientAction=add-to-undisclosed

The NoRecipientAction option instructs sendmail what to do if a message has no recipients specified in the header lines. The valid parameters include add-apparently-to (adds an “Apparently-To:” header), add-bcc (adds an empty “Bcc:” header line to comply with RFC 821), add-to (adds a “To:” header with recipients from the message “envelope”), add-to-undisclosed (adds an empty “To: undisclosed-recipients:” header), and none (delivers the message without change). The next line can change the root directory used by sendmail:

#O SafeFileEnvironment=/arch

The SafeFileEnvironment option provides a more secure location for delivering mail to files by using a chroot system call. The next line defines whether colons are okay in an address:

#O ColonOkInAddr=True

The ColonOkInAddr option determines whether colons are valid within addresses. The default value is False, indicating that a colon within an e-mail address represents an error. The next line relates to expanding CNAMES:

#O DontExpandCnames=False

The DontExpandCnames option controls whether sendmail accepts a CNAME record as the canonical host name. If the DontExpandCnames option is set to True, the CNAME record is considered valid within the rewriting rules. If it is set to False (the default value), the CNAME record must be translated into a valid address record for use within the rewriting rules. The next line relates to the SMTP login message:

O SmtpGreetingMessage=$j Sendmail $v/$Z; $b

The SmtpGreetingMessage option defines the banner text presented when a client connects to the sendmail daemon on the local machine. In the preceding line, $j evaluates to the FQDN of the local machine; $v and $Z represent the configuration file and executable program versions, respectively; $b is the current local date and time. This prints a line similar to the following:

220 al.mybox.com ESMTP Sendmail 8.12.8-4/8.12.8-4;

         Mon, 9 Sep 2002 18:47:23 -0400

The next line defines the UnixFromLine option:

O UnixFromLine=From $g  $d

The UnixFromLine option defines the format of the “From” header line that is used as a message separator within mailbox files. The default value of $g $d prints the sender’s e-mail address, followed by two blank spaces and the local date and time at which the message was received. The next line defines how to handle embedded newlines:

#O SingleLineFromHeader=False

If the SingleLineFromHeader option is set to True, any newlines within the “From:” header are converted into spaces. Otherwise, the split header lines are retained. The next line relates to how SMTP responds to a HELO request not associated with a host name:

#O AllowBogusHELO=False

If the AllowBogusHELO option is set to True, the restriction that a host name must follow a HELO command is not enforced. If it is set to False (the default), the behavior specified by RFC 1123 is required. The next line relates to quoting special characters:

#O MustQuoteChars=.

By default (and according to RFC 821), the nine characters enumerated in the comment in the first line must be quoted if they appear in a nonaddress portion of an address (for example, the user’s name or nickname). The . and ' characters can be specified in the MustQuoteChars option to require quoting as well. The next line relates to delimiter characters:

O OperatorChars=.:%@!^/[]+

The OperatorChars option lists the characters (in addition to the set of ()<>,;\”\r\n already defined by sendmail) that can be used as separators within an address. This option should not be altered. The next line relates to initgroups:

#O DontInitGroups=False

The DontInitGroups option (if set to True) forces sendmail to not process the initgroups system call. This is useful if groups have many members or a slow name service is used. The default value is False. The next line relates to an obsolete function:

#O UnsafeGroupWrites=True

The UnsafeGroupWrites option has been replaced by arguments to DontBlameSendmail, which was discussed early in this section. The next lines relate to sending errors:

#O DoubleBounceAddress=postmaster

#O DeadLetterDrop=/var/tmp/dead.letter

The DoubleBounceAddress option specifies the recipient of error messages that result from a failure to deliver an earlier error message. The default value is the postmaster alias. The DeadLetterDrop option sets the backup location for saving bounced e-mail if the bounced e-mail can't be written to other locations (by default, it is /var/tmp/dead.letter). The next line relates to the user ID used for sendmail processing:

#O RunAsUser=sendmail

By using the RunAsUser option, sendmail can be configured to perform most of its processing (other than reading the configuration file and listening for incoming connections on a privileged port) as an unprivileged user. The RunAsUser option specifies the user name or UID of the user. This may sound like a good idea, but it has the side effect of requiring the unprivileged user to have access to all .forward files, :include: files, and the queue directory. This will likely require liberal use of the DontBlameSendmail options and could cause more problems than it solves. The next line relates to the recipients in an SMTP envelope:

#O MaxRecipientsPerMessage=100

The MaxRecipientsPerMessage option specifies the upper boundary on the number of individual recipients per message in an effort to block mail spam (unsolicited commercial / bulk e-mail), which is commonly sent to large distribution lists. By default, there is no restriction. The next line limits the rate of recipient rejections in an SMTP envelope:

#O BadRcptThrottle=20

If the number of recipients rejected from a single SMTP envelope exceeds the value of BadRcptThrottle, sendmail will sleep one second after each rejected receipt. This is meant to slow down some denial-of-service attacks. The next line relates to getting local names:

O DontProbeInterfaces=true

The DontProbeInterfaces option (if True) keeps sendmail from automatically modifying the class macro Cw with hostnames and addresses of all network interfaces. By default, equivalent hosts and addresses are added to Cw. The next line relates to delivery status notification:

#O RrtImpliesDsn=False

The RtrImpliesDsn option sends a delivery status notification to the envelope sender instead of to the address in the header. The next option lets you override a connection address:

#O ConnectOnlyTo=0.0.0.0

To force all mail delivery to a particular address, add an IP address to the ConnectOnlyTo option. This is useful for testing. The next option relates to defining a trusted user:

#O TrustedUser=smmsp

The TrustedUser option can be used to set which user on your system is trusted to own sendmail-related files and to run sendmail daemons. The user name can be either the name or user ID contained in the /etc/passwd file. To be more secure, the TrustedUser recently changed from root to smmsp.

A variety of authentication options are included in the next section. The only active option is the following AuthOptions option:

O AuthOptions=A

The AuthOptions option with an A value causes the AUTH= parameter for the MAIL FROM command to be issued when authentication succeeds. The final set of options in this section that may interest you are used to indicate the locations of certificate authority (CA) certificates and private keys on your system:

#O CACertPath

#O CACertFile

#O ServerCertFile

#O ServerKeyFile

#O ClientCertFile

#O ClientKeyFile

The CACertPath option lets you indicate a directory that contains CA certificates. CACertFile lets you indicate an individual CA certificate. ServerCertFile and ServerKeyFile let you identify the CA certificate and associated private key, respectively, that sendmail should use when it is acting as a server. ClientCertFile and ClientKeyFile let you identify the CA certificate and associated private key that sendmail should use when it is acting as a client.

Message precedences

Precedences can be associated with e-mail messages in an attempt to give some messages higher authority for transferring than others. The Message precedences section of the sendmail.cf file sets how different message precedences are handled. The following lines appear at the beginning of the section:

Pfirst-class=0

Pspecial-delivery=100

Plist=-30

Pbulk=-60

Pjunk=-100

The previous lines equate precedence values with the possible precedence names in message headers. The meaning of each precedence name is indicated in the following table. The numbers by themselves aren’t significant, except in relation to other precedence names. Also note that incoming mail is processed immediately by default, so these priority values apply only to messages in the queue.

Precedence Names

Name	Meaning
special-delivery	A high-priority message that should be delivered from the queue before any others.
first-class	Unless overridden in the message header, this is the default priority.
list	This precedence name should be used for most messages emanating from mailing lists.
bulk	A relatively noncrucial broadcast message. This also indicates that if there are delivery troubles, the body of the message will not be included in bounce notices.
junk	Worthless e-mail that is possibly the output of a program or a test message. The body is also discarded from bounce notices.

Trusted users

You can allow users you trust to send messages that have sender names other than their real user names. These lines appear in the Trusted users section for setting trusted user values:

Ft/etc/mail/trusted-users

Troot

Tdaemon

Tuucp

These names specify users who are allowed to use sendmail’s -f flag to set a sender other than the user running the command. You probably won’t want to specify any normal user accounts here. However, if you use a mailing list manager (see the next section) that lets you specify the sender of outgoing messages, you may want to include the line Tmajordomo. Otherwise, all outgoing mail to list recipients will contain the error X-Authentication-Warning: localhost: majordomo set sender to owner-bigmailinglist using -f in the message header. If you have lots of trusted users, use file class t to specify a file that contains the list of names.

Format of headers

The format of the mail headers used with sendmail is set in your /etc/sendmail.cf file. The following lines appear at the beginning of that section:

H?P?Return-Path: <$g>

HReceived: $?sfrom $s $.$?_($?s$|from $.$_)

$.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)

$.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}

(version=${tls_version} cipher=${cipher} bits=${cipher_bits}

                verify=${verify})$.$?u

for $u; $|;

$.$b

H?D?Resent-Date: $a

H?D?Date: $a

H?F?Resent-From: $?x$x <$g>$|$g$.

H?F?From: $?x$x <$g>$|$g$.

H?x?Full-Name: $x

# HPosted-Date: $a

# H?l?Received-Date: $b

H?M?Resent-Message-Id: <$t.$i@$j>

H?M?Message-Id: <$t.$i@$j>

These lines dictate the format of message headers. After the appropriate values are substituted into the preceding variables, this block of text becomes a qf file in /var/spool/mqueue.

Rewriting rules

The Rewriting rules section of the sendmail.cf file contains a complex set of rules needed to handle your sendmail service. The rules cover such things as converting addresses and dealing with local host names. You should not change entries in this section arbitrarily.

Mailer definitions

Mail Delivery Agents (MDAs) are described in the mailer definitions. Specifically, the section defines the Mlocal and Mprog MDAs used (procmail and smrsh), respectively:

Mlocal,   P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9,

                S=EnvFromL/HdrFromL,

                R=EnvToL/HdrToL,

          T=DNS/RFC822/X-Unix,

          A=procmail -Y -a $h -d $u

Mprog,    P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL,

                R=EnvToL/HdrToL, D=$z:/,

          T=X-Unix/X-Unix/X-Unix,

          A=smrsh -c $u

In general, you shouldn’t need to modify the options specified in the mailer definitions. However, the Mlocal and Mprog mailer definitions, shown previously, are worthy of note. The Mlocal definition is for delivering messages to a local account. The procmail MDA is used (rather than the old UNIX standard of /bin/mail) to place the mail in the local user’s mailbox.

The Mprog mailer definition is used when the recipient of a message is actually a program (as in the case of majordomo, described in the next section). To direct a message to a program, sendmail uses a program called smrsh (SendMail Restricted Shell). Allowing mail to be piped directly into a program is not a great idea from a security standpoint, but smrsh makes the process a bit safer. For the program to successfully execute, a link to the program must exist within the /etc/smrsh directory. This restriction ensures that only programs installed by the administrator can directly receive mail, and other random executable programs are denied.