op.me - OpenGrok cross reference for /freebsd/contrib/sendmail/doc/op/op.me

Lines Matching +full:a +full:- +full:oq +full:- +full:z
1 .\" Copyright (c) 1998-2013 Proofpoint, Inc. and its suppliers.
12 .\"	$Id: op.me,v 8.759 2014-01-13 14:40:05 ca Exp $
14 .\" eqn op.me | pic | troff -me
20 .\" Define \(dg as "*" for text output and create a new .DG macro
33 a dagger
37 .\" Define \(dd as "#" for text output and create a new .DD macro
43 a pound sign
48 a double dagger
51 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
52 .oh 'Sendmail Installation and Operation Guide''SMM:08-%'
74 .b SENDMAIL\u\s-6TM\s0\d
98 Sendmail is a trademark of Proofpoint, Inc.
103 .i Sendmail \u\s-2TM\s0\d
104 implements a general purpose internetwork mail routing facility
107 It is not tied to any one transport protocol \*-
108 its function may be likened to a crossbar switch,
111 it can do a limited amount of message header editing
112 to put the message into a format that is appropriate
114 All of this is done under the control of a configuration file.
120 However, there are only a few basic configurations
153 RFC 7505 (A "Null MX" No Service Resource Record for Domains That Accept No Mail).
156 is designed to work in a wider world,
164 it has a number of features
169 Section one describes how to do a basic
173 explains the day-to-day information you should know
175 If you have a relatively normal site,
185 contains the nitty-gritty information about the configuration
191 The appendixes give a brief
192 but detailed explanation of a number of features
204 Second, you must build a run-time configuration file.
205 This is a file that
213 a configuration can usually be built
214 using an M4-based configuration language.
231 on 4.4BSD-based systems.
236 If you have a running binary already on your system,
255 obj.BSD-OS.2.1.i386.
267 .i -c .
270 .ip "\-L \fIlibdirs\fP"
271 A list of directories to search for libraries.
272 .ip "\-I \fIincdirs\fP"
273 A list of directories to search for include files.
274 .ip "\-E \fIenvar\fP=\fIvalue\fP"
278 .ip "\-c"
279 Create a new
282 .ip "\-f \fIsiteconfig\fP"
297 See below for a description of the site configuration file.
298 .ip "\-S"
299 Skip auto-configuration.
301 will avoid auto-detecting libraries if this is set.
309 .sh 3 "Creating a Site Configuration File"
332 and closing a currently open database.
339 real in-memory caching,
345 but when a new database is created it will be in NEWDB format.
346 As a nasty hack,
352 during a
379 unless you are porting to a new environment.
394 to create a custom Makefile for your environment.
412 will no longer be installed set-user-ID root by default.
415 \&./Build install-set-user-id
420 cannot operate without a configuration file.
424 and a number of tuning parameters.
433 The distribution includes an m4-based configuration package
434 that hides a lot of the complexity.
451 Both site-dependent and site-independent descriptions of hosts.
458 .q "generic-solaris2.mc"
459 as a general description of an SMTP-connected host
470 Site-dependent subdomain descriptions.
492 to read an /etc/mail/local-host-names file on startup
502 Site-independent
505 This can be thought of as a
520 For example, to include support for the UUCP-based mailers,
542 If you are in a new domain
543 (e.g., a company),
544 you will probably want to create a
548 and features you want enabled site-wide:
554 and should be fully-qualified internet-style domain names.
600 It should be set-group-ID smmsp as described in
607 this creates a security hole that is not actually related to
625 add -D_PATH_SENDMAILCF=\e"/file/name\e"
630 This is one of the two non-library file names compiled into
645 If you have a particularly unusual system configuration
646 you may need to create a special version.
660 .b \-A
663 .b \-bm
665 .b \-bs ,
667 .b \-t
679 command should just be a link to
682 rm \-f /usr/\*(SB/newaliases
683 ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
691 command should just be a link to
693 in a fashion similar to
697 .b \-v
704 This command is also a link to
724 supply a value ending with an asterisk.
743 stores the available diskspace in a shared memory segment
752 (-DSM_CONF_SHM)
761 i.e., there is a race condition when data in the shared memory is updated.
782 This is a typical value for the
787 It is normally a subdirectory of
793 A sample is given in
806 looks at a database version of the files,
836 (to receive mail from a remote system)
846 on a BSD-base system,
847 or on a System-V-based system
851 if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
852 	(cd /var/spool/mqueue; rm \-f xf*)
853 	/usr/\*(SD/sendmail \-bd \-q30m &
854 	echo \-n ' sendmail' >/dev/console
863 if the system goes down in the middle of processing a message.
867 .q \-bd
870 .q \-q30m
873 Some people use a more complex startup script,
878 for an example of a complex script which does this clean up.
879 .(z
885 	if [ \-r $qffile ]
887 		if [ ! \-s $qffile ]
889 			echo \-n " <zero: $qffile>" > /dev/console
890 			rm \-f $qffile
898 	if [ \-r $tffile \-a ! \-f $qffile ]
900 		echo \-n " <recovering: $tffile>" > /dev/console
903 		if [ \-f $tffile ]
905 			echo \-n " <extra: $tffile>" > /dev/console
906 			rm \-f $tffile
916 	if [ \-r $dffile \-a ! \-f $qffile \-a ! \-f $hffile \-a ! \-f $Qffile ]
918 		echo \-n " <incomplete: $dffile>" > /dev/console
923 for xffile in [A-Z]f*
925 	if [ \-f $xffile ]
927 		echo \-n " <panic: $xffile>" > /dev/console
932 Figure 1 \(em A complex startup script
934 .)z
977 .b \-bp
983 This should be a link to /usr/\*(SD/sendmail.
1007 As a result of this change, a script such as the following,
1012 kill `head -1 $PIDFILE`
1013 `tail -1 $PIDFILE`
1017 Below is a script which will work correctly
1022 pid=`head -1 $PIDFILE`
1023 cmd=`tail -1 $PIDFILE`
1064 consists of a timestamp,
1070 and a message\**.
1075 Most messages are a sequence of
1081 The two most common lines are logged when a message is processed.
1082 The first logs the receipt of a message;
1116 A comma-separated list of the recipients to this mailer.
1143 There is a large amount of information that can be logged.
1144 The log is arranged as a succession of levels.
1150 As a convention,
1156 Levels from 11\-64 are reserved for verbose information
1159 A complete description of the log levels
1165 to log a dump of the open files
1167 by sending it a
1177 Held messages are placed into a holding directory called a mail queue.
1179 A mail message may be queued for these reasons:
1181 If a mail message is temporarily undeliverable, it is queued
1189 If the DeliveryMode option is set to queue-only or defer,
1207 The mail message has been marked as quarantined via a mail filter or
1212 Each mail queue belongs to a queue group.
1213 There is always a default queue group that is called ``mqueue''
1222 By default, a queued message is placed in the queue group
1224 A recipient address is mapped to a queue group as follows.
1225 First, if there is a ruleset called ``queuegroup'',
1226 and if this ruleset maps the address to a queue group name,
1233 followed by the name of a queue group.
1235 a queue group, then that queue group is chosen.
1238 A message with multiple recipients will be split
1242 When a message is placed in a queue group, and the queue group has
1243 more than one queue, a queue is selected randomly.
1245 If a message with multiple recipients is placed into a queue group
1247 set to a positive value
1259 move queue files around, e.g., into a different queue directory.
1275 a specified time after they finished a queue run.
1277 belonging to a workgroup (a workgroup is a set of queue groups)
1278 collects the data for a queue run
1282 Their disadvantage is that a new queue run is only started
1283 after all queue runners belonging to a group finished their tasks.
1284 In case one of the queue runners tries delivery to a slow recipient site
1285 at the end of a queue run, the next queue run may be substantially delayed.
1296 if a major host is down for a period of time
1311 .b \-bp
1317 This will produce a listing of the queue id's,
1323 .b \-bP
1325 provided a process updates the data.
1338 a separate process will by default be created to
1340 unless the queue run is initiated by a user
1351 since there is no guarantee that a job cannot take forever
1362 or a program recipient
1369 you may find that a major host going down
1370 for a couple of days
1371 may create a prohibitively large queue.
1376 This situation can be fixed by moving the queue to a temporary place
1377 and creating a new queue.
1388 and create a new daemon.
1392 /usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q
1395 .b \-C
1403 .b \-q
1407 /usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
1413 you most likely need a different configuration file to correctly deal
1415 However, a proper configuration of queue groups should avoid
1418 If you have a tendency toward voyeurism,
1420 .b \-v
1435 Quarantined messages are tagged by using a different name for the queue
1440 .b \-qQ
1447 .b \-Q
1451 sendmail -Qreason -q[!][I|R|S][matchstring]
1454 .b "-q[!][I|R|S][matchstring]"
1456 .b \-Q
1460 sendmail -qQ -Q[reason] -q[!][I|R|S|Q][matchstring]
1464 .b "-q[!][I|R|S|Q][matchstring]"
1466 .b \-Q
1471 .b \-qQ
1476 stores a large amount of information about each remote system it
1482 This allows mail to be queued immediately or skipped during a queue run if
1483 there has been a recent failure in connecting to a remote machine.
1484 Note: information about a remote system is stored in a file
1490 For top-level domains like
1492 this can create a large number of subdirectories
1499 has the added effect of single-threading mail delivery to a destination.
1502 or cannot accept more than a single connection at a time,
1503 but can cause some messages to be punted to a future queue run.
1516 rather than being delayed for a long time.
1518 The disk based host information is stored in a subdirectory of the
1540 An asterisk in the left most column indicates that a
1556 .b \-bH
1561 .b \-bh
1568 If the host operating system supports such a switch,
1574 \**HP-UX 10 has service switch support,
1580 If the underlying operating system does not support a service switch
1581 (e.g., SunOS 4.X, HP-UX, BSD)
1584 will provide a stub implementation.
1587 option points to the name of a file that has the service definitions.
1588 Each line has the name of a service
1613 will not avoid DNS lookups even if a host can be found
1620 For example, if DNS returns a TRY_AGAIN status for this setup
1625 then a permanent error is returned to
1628 e.g., an immediate bounce instead of a deferral.
1641 which must resolve to a
1650 .b A
1657 If there is a match, the address is deleted from the send queue
1660 This is a recursive operation,
1665 One is a text form,
1681 \**Actually, any mailer that has the `A' mailer flag set
1686 with a space or a tab or by putting a backslash directly before
1688 Blank lines and lines beginning with a sharp sign
1715 also, the first alias file name without a class
1719 will be used as the name of the file for a ``files'' entry
1734 .sm NIS -based
1747 .sm NIS -based
1750 .b \-l
1758 exactly like a
1762 O AliasFile=nis:\-N mail.aliases@my.nis.domain
1767 O AliasFile=nis:\-f mail.aliases@my.nis.domain
1784 .b \-bi
1787 /usr/\*(SD/sendmail \-bi
1792 .b \-bi
1797 There are a number of problems that can occur
1799 They all result from a
1807 (due to being killed or a system crash)
1813 leaving a partially rebuilt database.
1837 If an error occurs on sending to a certain address,
1843 .q owner-\fIx\fP
1846 for a mailing list
1852 unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
1854 owner-unix-wizards: unix-wizards-request
1855 unix-wizards-request: eric@ucbarpa
1861 unix-wizards
1867 The contents of the owner alias are used if they point to a single user,
1871 .q owner-
1873 .q -request
1876 .i list -request''
1883 If you have a version of
1890 the databases will be searched for a
1894 .sh 2 "Per-User Forwarding (.forward Files)"
1897 any user may put a file with the name
1907 has a .forward file with contents:
1916 Actually, the configuration file defines a sequence of filenames to check.
1931 These built-ins are described here.
1932 .sh 3 "Errors-To:"
1939 The Errors-To: header was created in the bad old days
1940 when UUCP didn't understand the distinction between an envelope and a header;
1941 this was a hack to provide what should now be passed
1948 The Errors-To: header is officially deprecated
1949 and will go away in a future release.
1950 .sh 3 "Apparently-To:"
1955 If a message comes in with no recipients listed in the message
1962 .q "Apparently-To:"
1965 The Apparently-To: header is non-standard
1969 The Precedence: header can be used as a crude control of message priority.
1972 The precedence of a message also controls how
1980 a client should wait at least 30 seconds for a response.
1986 by doing a ``call back'' to the originating system to include
1987 the owner of a particular TCP connection
1990 a determined forger can easily spoof the IDENT protocol.
1998 example, a PC in an open lab has few if any controls on it to prevent
1999 a user from having this protocol return any identifier the user
2011 Protocol information to make access control decisions - either as the
2013 methods may result in a weakening of normal host security.
2017 private.  An Identification server provides service which is a rough
2020 the CallerID service apply to Identification.  If you wouldn't run a
2026 due to a bug in the TCP/IP implementation.
2037 is described in detail in Appendix A.
2041 The amount of time between forking a process
2043 .b \-q
2050 when a host that was down comes back up.
2054 since it defines the maximum amount of time that a message
2059 (although that probably doesn't make sense if you use ``queue-only'' mode).
2063 For the former, it is the time between subsequent starts of a queue run.
2064 For the latter, it is the time sendmail waits after a persistent queue
2071 you should have a daemon running.
2075 .b \-bd
2078 .b \-bd
2080 .b \-q
2083 /usr/\*(SD/sendmail \-bd \-q30m
2089 .b \-bs \ \-Am
2094 in a TCP wrapper program,
2095 but may be a bit slower since the configuration file
2096 has to be re-read on every message that comes in.
2097 If you do this, you still need to have a
2101 /usr/\*(SD/sendmail \-q30m
2106 You can force a queue run
2108 .b \-q
2111 .b \-v
2115 /usr/\*(SD/sendmail \-q \-v
2118 You can also limit the jobs to those with a particular queue identifier,
2122 .q \-qRberkeley
2127 .q \-qSstring
2129 .q \-qIstring
2131 .q \-qQstring
2134 .q \-qGstring
2135 limits it to a particular queue group.
2147 to indicate that jobs are limited to not including a particular queue
2150 .q \-q!Rseattle
2154 Should you need to terminate the queue jobs currently active then a SIGTERM
2158 There are a fairly large number of debug flags
2161 Each debug flag has a category and a level.
2172 run a production sendmail server in debug mode.
2175 .b \-D
2182 A debug category is either an integer, like 42,
2183 or a name, like ANSI.
2184 You can specify a range of numeric debug categories
2185 using the syntax 17-42.
2186 You can specify a set of named debug categories using
2187 a glob pattern like
2196 .b \-d
2201 debug-flag:	\fB\-d\fP debug-list
2202 debug-list:	debug-option [ , debug-option ]*
2203 debug-option:	debug-categories [ . debug-level ]
2204 debug-categories:	integer | integer \- integer | category-pattern
2205 category-pattern:	[a-zA-Z_*?][a-zA-Z0-9_*?]*
2206 debug-level:	integer
2211 \-d12	Set category 12 to level 1
2212 \-d12.3	Set category 12 to level 3
2213 \-d3\-17	Set categories 3 through 17 to level 1
2214 \-d3\-17.4	Set categories 3 through 17 to level 4
2215 \-dANSI	Set category ANSI to level 1
2216 \-dsm_trace_*.3	Set all named categories matching sm_trace_* to level 3
2218 For a complete list of the available debug flags
2224 For a list of named debug categories in the sendmail binary, use
2231 .b \-o
2233 .b \-O
2237 /usr/\*(SD/sendmail \-oT2m
2245 /usr/\*(SD/sendmail -OTimeout.queuereturn=2m
2250 but relinquishes its set-user-ID or set-group-ID permissions thereafter\**.
2257 .sh 2 "Trying a Different Configuration File"
2261 .b \-C
2264 /usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
2271 .b \-C
2278 gives up set-user-ID root permissions
2279 (if it has been installed set-user-ID root)
2280 when you use this flag, so it is common to use a publicly writable directory
2289 If you suspect such a problem, you can set traffic logging using the
2290 .b \-X
2294 /usr/\*(SD/sendmail \-X /tmp/traffic \-bd
2299 This logs a lot of data very quickly and should
2303 After starting up such a daemon,
2304 force the errant implementation to send a message to your host.
2311 When you build a configuration table,
2312 you can do a certain amount of testing
2322 sendmail \-bt \-Ctest.cf
2341 You may use a comma separated list of rwsets
2350 followed similarly by rulesets twenty-one and four.
2354 .q \-d21
2358 sendmail \-bt \-d21.99
2361 a single word address
2397 .ip \-d\|debug-spec
2398 is equivalent to the command-line flag.
2403 shows a help message.
2442 sendmail \-bh
2446 sendmail \-bH
2455 There are a number of configuration parameters
2474 sites experiencing a large number of small messages,
2484 options have long (multi-character names).
2497 using a scaled syntax.
2502 represents two and a half hours.
2515 .b \-q
2516 flag specifies how often a sub-daemon will run the queue.
2521 Should you need to terminate the queue jobs currently active then a SIGTERM
2547 except it applies only to the initial attempt to connect to a host
2548 for a given message
2550 The concept is that this should be very short (a few seconds);
2556 The overall timeout waiting for all connection for a single delivery
2560 a long list of host that could accept an e-mail for the recipient.
2570 The wait for a reply from a HELO or EHLO command
2572 This may require a host name lookup, so
2573 five minutes is probably a reasonable minimum.
2575 The wait for a reply from a MAIL command
2578 The wait for a reply from a RCPT command
2581 because it could be pointing at a list
2582 that takes a long time to expand
2585 The wait for a reply from a DATA command
2588 The wait for reading a data block
2596 The wait for a reply from the dot terminating a message.
2603 The wait for a reply from a RSET command
2606 The wait for a reply from a QUIT command
2609 The wait for a reply from miscellaneous (but short) commands
2610 such as NOOP (no-operation) and VERB (go into verbose mode).
2617 The timeout waiting for a reply to an IDENT query
2623 The wait for a reply to an LMTP LHLO command
2626 The timeout for a reply in an SMTP AUTH dialogue
2629 The timeout for a reply to an SMTP STARTTLS command and the TLS handshake
2634 The timeout for a complete control socket transaction to complete [2m, none].
2636 How long status information about a host
2654 deliver a message
2665 to retransmit a resolver query.
2673 to retransmit a resolver query
2675 to deliver a message
2679 to retransmit a resolver query
2704 After sitting in the queue for a few days,
2707 of the inability to send a message.
2709 It is sometimes considered convenient to also send a warning message
2710 if the message is in the queue longer than a few hours
2731 can be further qualified with a tag based on the Precedence: field
2735 (indicating a positive non-zero precedence),
2737 (indicating a zero precedence), or
2738 .q non-urgent
2746 If the message has a normal (default) precedence
2747 and it is a delivery status notification (DSN),
2755 to return entries immediately during a queue run,
2760 .i "a priori"
2762 a five day timeout is recommended.
2763 This allows a recipient to fix the problem even if it occurs
2764 at the beginning of a long weekend.
2766 should be ``at least 4\-5 days''.
2772 option by indicating a time after which
2773 a warning message should be sent;
2774 the two timeouts are separated by a slash.
2780 but a warning message will be sent after four hours.
2803 will keep track of hosts that are down during a queue run,
2813 Every message is assigned a priority when it is first instantiated,
2829 messages by including a
2835 Since the number of recipients affects the amount of load a message presents
2847 .b z )
2854 pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
2859 The priority of a job can also be adjusted each time it is processed
2866 .b Z )
2898 pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
2910 option defines a load average at which
2917 mail will be queued in the client queue in such a case.
2940 processes, however, these limits can be abused to mount a
2947 If this option is set then the timeouts used in a SMTP session
2956 has some built-in measures against simple denial of service (DoS) attacks.
2958 issued or if some commands are repeated too often within a session.
2971 starting with a sleep time of one second,
2972 up to a maximum of four minutes (as defined by
2976 is set to a value greater than zero,
2977 then this could make a DoS attack even worse since it
2978 keeps a connection open longer than necessary.
2979 Therefore a connection is terminated with a 421 SMTP reply code
2980 if the number of commands exceeds the limit by a factor of two and
2982 is set to a value greater than zero (the default is 25).
2985 There are a number of delivery modes that
3013 if you have a mailer that takes a long time to deliver a message.
3023 .b -D
3053 The default using a standard configuration is level 9.
3080 (due to a host being down, etc.).
3114 if you want to make it possible to have group-writable support files
3122 set-user-ID to root.
3126 without set-user-ID to root but set-group-ID
3134 a mailer,
3137 it resets the userid and groupid to a default
3158 A middle ground is to set the
3196 If the option is used on a system which performs local delivery,
3198 (i.e., usually set-user-ID root)
3211 Also, sendmail will refuse to create a new aliases database in an
3213 database file as a trusted user ahead of time and then rebuilding the
3228 means a directory that is writable by anyone other than the owner.
3240 often cannot assume that a given file was created by the owner,
3241 particularly when it is in a writable directory.
3255 for non-existent forward files.
3273 Allow a
3278 Accept a group-readable key file for STARTTLS.
3280 Accept a group-readable Cyrus SASL password file.
3282 Accept a group-readable DefaultAuthInfo file for SASL.
3284 Allow group-writable alias files.
3288 to consider group-writable directories to be safe.
3289 World-writable directories are always unsafe.
3295 Accept group-writable
3303 Accept group-writable
3307 Accept a group-writable Cyrus SASL password file.
3321 Allow a
3329 Allow an alias file that is a link in a writable directory.
3344 Allow the service switch file to be a link
3359 Run programs that are in writable directories without logging a warning.
3361 Run programs that are group- or world-writable without logging a warning.
3368 Accept world-writable alias files.
3382 Allow the status file to be a hard link.
3384 Allow the status file to be a symbolic link.
3393 When trying to open a connection
3396 by sending a
3436 If you are on a system that has built-in service switch support
3463 without consulting a service switch.
3467 If you do not have a nameserver configured at all,
3468 such as at a UUCP-only site,
3470 will get a
3479 will interpret this to mean a temporary failure
3488 listed as a service in the
3497 The command line takes a series of flags as documented in
3514 to specify that there is a wildcard MX record matching your domain;
3519 when faced with a broken nameserver that returns SERVFAIL
3544 (but only for names without a dot,
3545 since names with a dot have already been tried).
3550 It also prefers A and CNAME records over MX records \*-
3553 This way, if you have a wildcard MX record matching your domain,
3560 \-DNAMED_BIND=0
3561 and remove \-lresolv from the list of libraries to be searched
3563 .sh 2 "Moving the Per-User Forward Files"
3566 from a local disk on their workstation,
3569 from a central mail server are slow.
3572 because of a file server being down.
3579 option allows you to set a path of forward files.
3582 O ForwardPath=/var/forward/$u:$z/.forward.$w
3584 would first look for a file with the same name as the user's login
3591 A truly perverse site could also search by sender
3594 If you create a directory such as /var/forward,
3603 option to allow forward files in a world writable directory.
3604 This might also be used as a denial of service attack
3606 a better approach might be to create
3623 you can specify a minimum number of free blocks on the queue filesystem
3641 To avoid overflowing your system with a large message,
3663 The option takes a series of flag names;
3669 insists that the HELO or EHLO command be used before a MAIL command is accepted
3682 sends to a list that contains
3684 as one of the members he will get a copy of the message.
3703 rather than easy for a human to read or write.
3710 The configuration file is organized as a series of lines,
3711 each of which begins with a single character
3713 Lines beginning with a space or a tab
3716 Blank lines and lines beginning with a sharp symbol
3719 .sh 2 "R and S \*- Rewriting Rules"
3726 looking for a match on the left hand side
3729 When a rule matches,
3749 If you begin a ruleset more than once
3764 is a pattern that is applied to the input.
3776 A literal
3783 are performed at run time using a somewhat less general algorithm.
3790 The left hand side of rewriting rules contains a pattern.
3792 Metasyntax is introduced using a dollar sign.
3798 \fB$\-\fP	Match exactly one token
3813 $\-:$+
3831 bound to a
3838 When the left hand side of a rewriting rule matches,
3841 unless they begin with a dollar sign.
3858 syntax substitutes the corresponding value from a
3860 .b $\- ,
3868 A host name enclosed between
3878 In particular, a
3899 syntax is a more general form of lookup;
3900 it uses a named map instead of an implicit map.
3939 a subroutine of ruleset zero,
3951 3-tuple (triple) necessary to direct the mailer.
3972 must be a single word,
3977 may be multi-part.
3980 is the built-in IPC mailer,
3983 may be a colon (or comma) separated list of hosts.
3986 Hosts separated by a comma have the same MX preference,
3990 is later rewritten by the mailer-specific envelope rewriting set
3994 As a special case, if the mailer specified has the
4003 is stripped off, and a flag is set in the address descriptor
4006 Normally, a rule that matches is retried,
4009 A RHS may also be preceded by a
4011 or a
4014 A
4018 A
4022 this can be used to avoid continued application of a rule.
4029 prefixes may precede a
4061 .(z
4065                     +---+
4066                  -->| 0 |-->resolved address
4067                 /   +---+
4068                /            +---+   +---+
4069               /        ---->| 1 |-->| S |--
4070        +---+ / +---+  /     +---+   +---+  \e    +---+
4071 addr-->| 3 |-->| D |--                      --->| 4 |-->msg
4072        +---+   +---+  \e     +---+   +---+  /    +---+
4073                         --->| 2 |-->| R |--
4074                             +---+   +---+
4112 Figure 1 \*- Rewriting set semantics
4114 D \*- sender domain addition
4115 S \*- mailer-specific sender rewriting
4116 R \*- mailer-specific recipient rewriting
4119 .)z
4126 local-part@host-domain-spec
4137 host-domain-spec
4154 It must resolve to a
4168 a delivery status notification must be send,
4169 i.e., it may specify a recipient,
4171 If ruleset zero returns a temporary error
4176 It should not be used to quarantine e-mails.
4191 (specifically, those that resolve to a mailer with the `F=5'
4194 This allows a last minute hook for local names.
4197 A few extra rulesets are defined as
4207 is a reject or quarantine.
4219 this mailer cannot be chosen as a mailer in ruleset 0.
4223 themselves, i.e., they should return a temporary error code
4224 or at least they should make a proper decision in those cases.
4229 ruleset is called after a connection is accepted by the daemon.
4231 .b \-bs
4239 is a metacharacter separating the two parts.
4282 entire-SMTP-command $| SMTP-reply-first-digit
4286 is a metacharacter separating the two parts.
4292 intent to return a "2XX" SMTP success reply.
4298 and the intent to return a "5XX" SMTP failure reply.
4304 Note: it is a bad idea to return the original command in the error text
4306 The ruleset cannot override a rejection triggered by the built-in rules.
4313 sender-address $| recipient-address
4317 is a metacharacter separating the addresses.
4335 number-of-headers $| size-of-headers
4339 is a metacharacter separating the numbers.
4349 One possible use is to check for a missing header.
4354 HMessage-Id: $>CheckMessageId
4367 # Has a Message-Id: header
4369 # Allow missing Message-Id: from local mail
4376 Keep in mind the Message-Id: header is not a required header and
4377 is not a guaranteed spam indicator.
4384 ruleset is called after the end of a message,
4420 followed by a list of options
4423 Generally upper case characters turn off a feature
4425 Options `D'/`M' cause the client to not use DANE/MTA-STS,
4428 DANE/MTA-STS setups by simply not using it.
4457 after a STARTTLS command has been issued and the TLS handshake
4472 ruleset is called when sendmail acts as client after a STARTTLS command
4479 (treated as non-deliverable with a permanent or temporary error).
4484 ruleset is called each time before a RCPT command is sent.
4489 (treated as non-deliverable with a permanent or temporary error).
4495 may get redirected to a host named
4508 when a client connects to sendmail.
4511 followed by a list of options
4514 Generally upper case characters turn off a feature
4519 `V' turns off the request for a client certificate during the TLS handshake.
4520 Options `A' and `P' suppress SMTP AUTH and PIPELINING, respectively.
4523 passive attack (e.g., PLAIN, LOGIN), unless a security layer is active.
4524 Option `l' requires SMTP AUTH for a connection.
4527 If a client sends one of the (HTTP) commands GET, POST, CONNECT, or USER
4538 which is also a defense against SMTP smuggling (CVE-2023-51765).
4539 Option 'O' allows the server to accept a single dot on a line by itself
4542 which have a LF without a CR directly before it ("bare LF")
4543 by dropping the session with a 421 error.
4544 Option 'G' accepts SMTP messages which have a "bare LF".
4546 which have a CR without a LF directly after it ("bare CR")
4547 by dropping the session with a 421 error.
4548 Option 'U' accepts SMTP messages which have a "bare CR".
4549 There is a variant for the options 'u' and 'g':
4550 a '2' can be appended to the single character,
4552 or bare LF with a space.
4556 can be allowed some violations, e.g., a combination of
4560 A command like
4567 A	Do not offer AUTH
4568 a	Offer AUTH (default)
4580 G	Accept "bare LF"s in a message
4581 g	Do not accept "bare LF"s in a message (default)
4582 g2	Replace "bare LF" in a message with space
4586 O	Accept a single dot on a line by itself
4593 U	Accept "bare CR"s in a message
4594 u	Do not accept "bare CR"s in a message (default)
4595 u2	Replace "bare CR" in a message with space
4596 V	Do not request a client certificate
4597 v	Request a client certificate (default)
4604 Moreover, many options can be changed on a global basis via other
4607 The ruleset may return `$#temp' to indicate that there is a temporary
4608 problem determining the correct features, e.g., if a map is unavailable.
4609 In that case, the SMTP server issues a temporary failure and does not
4631 ruleset is called when a client sends the
4638 (which is a metacharacter).
4639 They should return a list of
4646 A comma separated list of SSL related options.
4664 File containing a certificate.
4671 to require a CRL for each encountered certificate during verification
4672 (by default a missing CRL is ignored),
4685 This might be needed in case of a misconfiguration,
4705 The keys are case-insensitive.
4721 (which is a metacharacter).
4724 followed by a list of tokens that are used for SMTP AUTH.
4726 Each token is a tagged string of the form:
4747 is ignored (even if the ruleset does not return a ``useful'' result).
4752 ruleset is used to map a recipient address to a queue group name.
4758 followed by the name of a queue group.
4771 (which is a metacharacter).
4778 followed by the number of milliseconds (thousandths of a second) to
4780 If the return value starts with anything else or is not a number,
4794 (that is, a mailer that has
4801 has MX expansion performed if not delivering via a named socket;
4804 The host name can also be provided as a dotted quad
4819 may also be a colon or comma separated list of hosts.
4822 Hosts separated by a comma have the same MX preference,
4829 As a final special case, the host name can be passed in
4830 as a text string
4838 This is intended only for situations where you have a network firewall
4840 so that your MX record points to a gateway machine;
4846 .sh 2 "D \*- Define Macro"
4848 Macros are named with a single character
4849 or with a word in {braces}.
4853 but user-defined macros
4858 Long names beginning with a lower case letter or a punctuation character
4860 so user-defined long macro names should begin with an upper case letter.
4870 (which may be a single character
4871 or a word in braces)
4904 is set and non-null,
4929 .ip $a
4936 This is a count of the number of Received: lines
4938 .b \-h
4952 .q "$j Sendmail $v/$Z ready at $b"
4968 This is set in ruleset 0 from the $@ field of a parsed address.
4999 .q MAILER-DAEMON .
5003 A list of characters
5012 .q a@b
5014 .q a,
5021 a richer set of operators is
5023 which adds support for UUCP, the %-hack, and X.400 addresses.
5029 .b \-p
5034 .b \-p
5038 A numeric representation of the current time in the format YYYYMMDDHHmm
5039 (4 digit year 1900-9999, 2 digit month 01-12, 2 digit day 01-31,
5040 2 digit hours 00-23, 2 digit minutes 00-59).
5052 .ip $z
5062 the second is a space,
5066 used for a TLS connection.
5085 used for the security layer of a SASL mechanism.
5100 openssl dgst -h
5102 for a list.
5116 The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
5117 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA
5121 used for a TLS connection.
5179 performs a hostname lookup on the IP address of the connecting client.
5195 BadCertificateContainsNUL	CN contains a NUL character
5231 "EE a" in
5235 Some information about a daemon as a text string.
5275 This is useful for a default header check ruleset to get
5320 The value of the Message-Id: header.
5329 The number of bad recipients for a single message.
5331 The number of validated recipients for a single message.
5340 .b \-b
5347 .b \-q
5350 .b \-q30m
5359 Defined in the SMTP server only after a RCPT command.
5364 Defined in the SMTP server only after a RCPT command.
5369 Defined in the SMTP server only after a RCPT command.
5405 	for a clear text delivery attempt.
5409 CONFIG	tls_*_features failed due to a syntax error.
5411 	which is a fatal error for this session,
5412 	the e-mail will be queued.
5417 .b $a
5421 .b $a
5433 .b $a
5479 if you have a level 5 or higher configuration file;
5487 \**Older versions of sendmail didn't pre-define
5500 when mailing to a specific host
5530 .q Full-Name:
5533 of a
5547 .b $z
5563 .q Message-Id:
5584 .b \-h
5596 .b \-p
5598 .b \-M
5600 .b \-oM
5605 is set to a validated sender host name.
5619 as a server.
5625 .sh 2 "C and F \*- Define Classes"
5629 where a
5631 is a sequence of characters that does not contain space characters.
5633 a class of all local names for this site
5639 Classes are named as a single letter or a word in {braces}.
5694 Each element should be listed on a separate line.
5695 To specify an optional file, use ``\-o'' between the class
5698 Fc \-o /path/to/file
5704 and a map class followed by the specification for that map.
5707 F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host
5714 from a hash database map lookup of the key
5716 There is also a built-in schema that can be accessed by only specifying:
5723 \-k (&(objectClass=sendmailMTAClass)
5728 \-v sendmailMTAClassValue
5739 only matches a single word;
5740 multi-word entries in the class are ignored in this context.
5746 .\"A set of Content-Types that will not have the newline character
5753 .\".q application/octet-stream ).
5755 .\".q application/octet-stream ,
5761 contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
5790 A set of Content-Types that will never be encoded as base64
5791 (if they have to be encoded, they will be encoded as quoted-printable).
5804 types cannot be 8\(->7 bit encoded.
5805 If a message containing eight bit data is sent to a seven bit host,
5812 If you want to read trusted users from a file, use
5824 can be compiled to allow a
5832 file into a class, use
5837 .sh 2 "E \*- Set or Propagate Environment Variables"
5855 .sh 2 "M \*- Define Mailer"
5883 Eol	The end-of-line string for this mailer
5890 Charset	The default character set for 8-bit characters
5897 (it's case-sensitive).
5915 .ip a
5919 .ip A
5924 Force a blank line on the end of a message.
5927 that require a blank line, but do not provide it themselves.
5931 this is a subset of the functionality of the
5937 a remote mailer that gets confused by comments.
5947 from a mailer with this flag set,
5969 Do not include angle brackets around route-address syntax addresses.
5970 This is useful on mailers that are going to pass addresses to a shell
5973 Therefore, passing addresses to a shell should not be considered secure.
5975 This mailer wants a
5981 any necessary connection will occur during a queue run.
5987 in the message with a `>' sign.
5989 The mailer wants a
5990 .b \-f
5993 but only if this is a network forward operation
5999 This mailer wants a
6008 However, some mailers don't accept a null return address.
6015 error messages will be sent as from the MAILER-DAEMON
6027 and will be removed from a future version.
6031 \*-
6042 connects to a host via SMTP,
6046 is misconfigured or if a long-haul network interface is set in loopback mode.
6070 When a
6077 Removing this flag can defeat duplicate suppression on a remote site
6078 as each recipient is sent in a separate transaction.
6080 This mailer wants a
6081 .q Message-Id:
6084 Do not insert a UNIX-style
6105 Use the route-addr style reverse-path in the SMTP
6110 many hosts do not process reverse-paths properly.
6111 Reverse-paths are officially discouraged by RFC 1123.
6113 This mailer wants a
6114 .q Return-Path:
6124 but sends a
6125 .b \-r
6128 Open SMTP connections from a
6143 This would be used in a secure environment
6156 RFC 2142 provides a long list of addresses which should be case
6159 Note that postmaster is always treated as a case insensitive address
6162 This mailer wants UUCP-style
6168 The user must have a valid account on this machine,
6183 This mailer wants a
6184 .q Full-Name:
6188 basically, any line beginning with a dot will have an extra dot prepended
6190 This insures that lines in the message containing a dot
6192 .ip z
6197 This is a variant on SMTP
6199 that is specifically designed for delivery to a local mailbox.
6200 .ip Z
6215 when converting to Quoted-Printable
6237 that didn't have 8\(->7 bit MIME conversions performed.
6241 the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
6246 7\(->8 bit MIME conversions.
6255 Check addresses to see if they begin with a `|';
6260 Check addresses to see if they begin with a `/';
6267 Do not attempt delivery on initial receipt of a message
6270 using one of the -qI/-qR/-qS queue run modifiers
6278 assume the `A', `w', `5', `:', `|', `/', and `@' options
6284 can be used to generate a user error.
6286 and the user field is a message to be printed.
6297 on the RHS of a rule
6332 Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
6333 M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
6334 M*include*, P=/dev/null, F=su, A=INCLUDE $u
6339 For mailers that use [IPC] as pathname the argument vector (A=)
6340 must start with TCP or FILE for delivery via a TCP or a Unix domain socket.
6343 Optionally a third argument can be used to specify a port,
6350 will speak SMTP (or LMTP if the mailer flag z is specified) to the mailer.
6356 may either be a simple ruleset id
6357 or may be two ids separated by a slash;
6361 Setting any value to zero disables corresponding mailer-specific rewriting.
6364 is actually a colon-separated path of directories to try.
6366 .q D=$z:/
6393 either may be an integer or a symbolic name to be looked up
6399 If only a symbolic user name is specified,
6405 is used when converting a message to MIME;
6407 Content-Type: header.
6412 .q unknown-8bit
6430 the MTA-type (that is, the description of how hosts are named),
6431 the address type (the description of e-mail addresses),
6433 Each of these must be a registered value
6435 .q X\- .
6440 to attempt to deliver on a single SMTP or LMTP connection.
6444 to attempt to deliver in a single envelope.
6447 The /= field specifies a new root directory for the mailer.  The path is
6462 .sh 2 "H \*- Define Header"
6501 is macro-expanded before insertion into the message.
6509 If a
6518 storage map in a ruleset.
6523 If a
6525 is used to set a header, then it is useful to add that macro to class
6532 A secondary syntax allows validation of headers as they are being read.
6556 The ruleset receives the header field-body as argument,
6557 i.e., not the header field-name; see also
6559 The header is treated as a structured field,
6565 Note: only one ruleset can be associated with a header;
6571 HMessage-Id: $>CheckMessageId
6575 R$*		$#error $: Illegal Message-Id header
6577 would refuse any message that had a Message-Id: header of any of the
6580 Message-Id: <>
6581 Message-Id: some text
6582 Message-Id: <legal text@domain> extra crud
6584 A default ruleset that is called for headers which don't have a
6599 .sh 2 "O \*- Set Option"
6601 There are a number of global options that
6602 can be set from a configuration file.
6618 be a space between the letter `O' and the name of the option.
6626 is a single character.
6629 may be a string, an integer,
6630 a boolean
6639 a time interval.
6674 a default
6678 \-k (&(objectClass=sendmailMTAAliasObject)
6683 \-v sendmailMTAAliasValue
6689 (search through a compiled-in list of alias file types,
6708 (internal symbol table \*- not normally used
6711 (use a sequence of maps
6722 If a list of
6739 interval issue a warning.
6741 If set, allow HELO SMTP commands that don't include a host name.
6744 If there is a value, it is still checked for legitimacy.
6769 A	Use the AUTH= parameter for the MAIL
6771 	This can be used as a workaround for broken
6773 a	protection from active (non-dictionary) attacks
6785 	passive attack (e.g., PLAIN, LOGIN), unless a
6789 The first option applies to sendmail as a client, the others to a server.
6795 allow PLAIN and LOGIN only if a security layer (e.g.,
6797 The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the
6807 If set and the specified number of recipients in a single SMTP
6848 If your system crashes during delivery to a large list,
6862 Thus, messages with a higher Priority: will be favored.
6891 mask may be a numeric address in IPv4 dot notation or IPv6 colon notation
6892 or a network name.
6893 Note that if a network name is specified,
6903 A	don't use AUTH when sending e-mail
6904 S	don't use STARTTLS when sending e-mail
6909 However, the name must not start with a square bracket
6911 This is a simple test whether the name is not
6912 an IP address (in square brackets) but a qualified hostname.
6916 A restriction placed on one family only affects
6919 A space or comma separated list of SSL related options for the client side.
6922 for a list;
6930 .i -SSL_OP_TLSEXT_PADDING
6933 Options can be cleared by preceding them with a minus sign.
6935 .b -0x0010 .
6937 If set, colons are acceptable in e-mail addresses
6940 If not set, colons indicate the beginning of a RFC 822 group construct
6946 and proper route-addr nesting is understood
6954 The maximum number of open connections that will be cached at a time.
6965 4 is probably a practical maximum.
6968 The maximum amount of time a cached connection will be permitted to idle
6975 uses a cached connection,
6976 it always sends a RSET command
6980 The point of this option is to be a good network neighbor
6988 If set to a positive value,
6991 incoming connections in a one second period per daemon.
7001 A running
7018 Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
7022 Note: if a CRLFile is specified but the file is unusable,
7031 ln -s $C `openssl crl -noout -hash < $C`.r0
7042 none	do not use Diffie-Hellman.
7045 This is only required if a ciphersuite containing DSA/DH is used.
7046 The default is ``i'' which selects a precomputed, fixed 2048 bit prime.
7051 Note: this operation can take a significant amount of time on a
7055 If a file name is specified (which must be an absolute path),
7057 It is recommended to generate such a file using a command like this:
7059 	openssl dhparam -out /etc/mail/dhparams.pem 2048
7075 Name	User-definable name for the daemon (defaults to "Daemon#")
7096 a numeric address in IPv4 dot notation or IPv6 colon notation,
7097 or a network name,
7098 or a path to a local socket.
7099 Note that if a network name is specified,
7111 For a local socket, use
7123 can be a sequence (without any delimiters)
7127 a	always require AUTH
7133 A	disable AUTH (overrides 'a' modifier)
7139 That is, one way to specify a message submission agent (MSA) that
7150 use the ``a'' modifier on a public accessible MTA!
7151 It should only be used for a MSA that is accessed by authorized
7153 Users must authenticate to use a MSA which has this option turned on.
7166 through which the e-mail has been
7171 interface to its destination. No attempt is made to catch problems due to a
7178 will listen on a new socket
7181 option in a configuration file.
7182 The modifier ``O'' causes sendmail to ignore a socket
7199 (the file must not be group/world-readable otherwise
7205 When a message that has 8-bit characters but is not in MIME format
7208 a character set must be included in the Content-Type: header.
7213 .q unknown-8bit
7219 before a memory-based
7221 becomes disk-based.
7224 Defines the location of the system-wide dead.letter file,
7227 sendmail will not attempt to save to a system-wide dead.letter file
7241 is a user name
7242 (as opposed to a numeric user id)
7255 The value can also be given as a symbolic user name.\**
7290 .b \-v
7295 if a milter is enabled which can reject or delete recipients.
7298 Dial-on-demand network connections can see timeouts
7299 if a connection is opened before the call is set up.
7300 If this is set to an interval and a connection times out
7308 uses a five second delay.
7312 Z flag set.
7320 .b \-G
7325 caused by world- and group-writable files and directories,
7330 a group-writable
7340 The standards say that all host addresses used in a mail message
7361 this causes a sequential scan of the groups.byname map,
7362 which can cause your NIS server to be badly overloaded in a large domain.
7374 If you have a large number of virtual interfaces
7406 This may be useful if you are caught behind a firewall.
7407 .ip DoubleBounceAddress=\fIerror-address\fP
7410 (termed a
7424 Set handling of eight-bit data.
7425 There are two kinds of eight-bit data:
7429 .b \-B8BITMIME
7431 and undeclared 8-bit data, that is,
7434 undeclared 8-bit data can be automatically converted to 8BITMIME,
7435 undeclared 8-bit data can be passed as-is without conversion to MIME
7437 and declared 8-bit data can be converted to 7-bits
7438 for transmission to a non-8BITMIME mailer.
7443 .\"  r	Reject undeclared 8-bit data;
7444 .\"	don't convert 8BITMIME\(->7BIT (``reject'')
7445   s	Reject undeclared 8-bit data (``strict'')
7446 .\"	do convert 8BITMIME\(->7BIT (``strict'')
7447 .\"  c	Convert undeclared 8-bit data to MIME;
7448 .\"	don't convert 8BITMIME\(->7BIT (``convert'')
7449   m	Convert undeclared 8-bit data to MIME (``mime'')
7450 .\"	do convert 8BITMIME\(->7BIT (``mime'')
7451 .\"  j	Pass undeclared 8-bit data;
7452 .\"	don't convert 8BITMIME\(->7BIT (``just send 8'')
7453   p	Pass undeclared 8-bit data (``pass'')
7454 .\"	do convert 8BITMIME\(->7BIT (``pass'')
7455 .\"  a	Adaptive algorithm: see below
7457 .\"The adaptive algorithm is to accept 8-bit data,
7459 .\"otherwise just passing it as undeclared 8-bit data;
7460 .\"8BITMIME\(->7BIT conversions are done.
7464 Note: if an automatic conversion is performed, a header with
7467 X-MIME-Autoconverted: from OLD to NEW by $j id $i
7475 .ip ErrorHeader=\fIfile-or-message\fP
7478 If it begins with a slash,
7479 it is assumed to be the pathname of a file
7480 containing a message (this is the recommended setting).
7481 Otherwise, it is a literal message.
7483 of a local postmaster who could provide assistance
7486 or if it names a file which does not exist or which is not readable,
7514 acts like a very low priority MX
7515 on a host.
7525 will be used in a last-ditch effort for a host.
7527 e.g., a company whose DNS accurately reflects the world
7530 If set to a value greater than zero (the default is one),
7534 are readily available in a local DNS cache.
7541 and must be taken care of by a queue run.
7542 Since the default submission method is via SMTP (either from a MUA
7549 deliver each job that is run from the queue in a separate process.
7554 .q $z/.forward .
7557 to search a file with the same name as the user in a system directory.
7558 It can also be set to a sequence of paths separated by colons;
7562 .q /var/forward/$u:$z/.forward
7576 will print a note including its version in response to a
7579 To avoid providing this information to a client specify an empty file.
7609 normally, this information is only held within a single queue run.
7610 This option requires a connection cache of at least 1 to function.
7611 If the option begins with a leading `/',
7615 A suggested value for sites desiring persistent host status is
7617 (i.e., a subdirectory of the queue directory).
7620 Do not treat leading dots in incoming messages in a special way,
7621 e.g., as end of a message if it is the only character in a line.
7624 A comma separated list of filters which determines which filters
7625 (see the "X \*- Mail Filter (Milter) Definitions" section)
7629 Sets a default map specification for LDAP maps.
7632 .q "-h host -p port -d bindDN" .
7634 unless the individual map specification overrides a setting.
7649 .b \-M
7660 if the group is the same as that of a set-group-ID sendmail binary.
7669 (that is, there is no alias with this name and a
7673 for a matching entry in the GECOS field.
7693 If the limit should be enforced, then a
7696 If not set, there is no limit to the number of children --
7699 If set to a value greater than zero it specifies
7701 This can be used to prevent a denial of service attack.
7708 times are assumed to be in a loop and are rejected.
7714 If set to a value greater than zero,
7717 without a parameter.
7722 These MIME header fields are determined by being a member of
7724 the header Content-Description.
7735 To allow any length, a value of 0 can be specified.
7760 that act on a workgroup.
7765 for a slow server and if short intervals are used.
7768 in a single queue run.
7770 If you have very large queues or a very short queue run interval
7784 is set to a value
7800 queue runners will work in parallel on a queue group's messages.
7801 This is useful where the processing of a message in the queue might
7802 delay the processing of subsequent messages. Such a delay may be the result
7803 of non-erroneous situations such as a low bandwidth connection.
7804 May be overridden on a per queue group basis by setting the
7813 and will be removed from a future version.
7826 after a certain event occurred.
7851 gives a 452 response
7855 If this is set to a value greater than zero,
7856 entries in the queue will be retried during a queue run
7868 This option is ignored for queue runs that select a subset
7870 .q \-q[!][I|R|S|Q][string]
7872 Sets the list of characters that must be quoted if used in a full name
7873 that is in the phrase part of a ``phrase <address>'' syntax.
7886 The action to take when you receive a message that has no valid
7887 recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
7894 .b Add-To
7895 to add a To: header with any recipients it can find in the envelope
7897 .b Add-Apparently-To
7898 to add an Apparently-To: header
7899 (this is only for back-compatibility
7901 .b Add-To-Undisclosed
7902 to add a header
7903 .q "To: undisclosed-recipients:;"
7906 .b Add-Bcc
7915 if any recipient address contains a comma, parenthesis,
7928 sequences of non-operator characters are also tokens.
7947 is macro-expanded before it is opened, and unlinked when
7956 Errors resulting from messages with a negative precedence will not be sent.
7958 this is probably not a good idea on large sites,
7968 ``Privacy'' is really a misnomer;
7969 many of these are just a way of insisting on stricter adherence
7985 restrictqrun	Restrict \-q command line flag
7986 restrictexpand	Restrict \-bv and \-v command line flags
7988 nobodyreturn	Don't return the body of a message with DSNs
7990 authwarnings	Put X-Authentication-Warning: headers in messages
7992 noactualrecipient	Don't put X-Actual-Recipient lines in DSNs
8004 pseudo-flag sets all flags except
8020 pseudo-flag instructs
8023 .b \-bv
8032 .b \-v
8036 such as using a non-standard queue directory.
8061 \fIdir\fR must name a directory (usually \fI/var/spool/mqueue\fR):
8126 that go to a single host
8132 Creation (submission) time ordering is almost always a bad idea,
8142 A synonym for
8150 A (required) prefix "egd:" or "file:" specifies the type.
8160 .b \- \c
8178 (without a
8181 .b \- )
8186 (without a
8189 .b \- )
8191 which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.
8203 for a directory if the meta-data in it has been changed.
8209 If this option is set, a
8210 .q Return-Receipt-To:
8211 header causes the request of a DSN, which is sent to
8217 parameter may be a user name
8220 or a numeric user id;
8225 If set to a non-zero (non-root) value,
8229 \**When running as a daemon,
8230 it changes to this user after accepting a connection
8235 This avoids a certain class of security problems.
8285 every time a job is processed.
8287 each time a job is processed,
8290 since hosts that are down are all too often down for a long time.
8295 will do a
8317 UNIX-style
8339 A space or comma separated list of SSL related options for the server side.
8342 for a list;
8348 .i -SSL_OP_TLSEXT_PADDING
8351 Options can be cleared by preceding them with a minus sign.
8353 .b -0x0010 .
8355 If your host operating system has a service switch abstraction
8359 Otherwise, this is the name of a file
8361 The syntax is a series of lines,
8362 each of which is a sequence of words.
8397 -1
8399 can select a key itself provided that also
8407 For example, the number of entries in a queue directory
8408 or the available space in a file system.
8416 -1
8422 This is to get around a botch in Lotus Notes
8425 If set, a client machine will never try to open two SMTP connections
8426 to a single server machine at the same time,
8430 is already talking to some host a new
8438 is delivering a huge message, other
8445 option to avoid running out of per-process file descriptors.
8458 This can be useful during testing of a new configuration to avoid
8467 openssl engine -v
8477 a slash "/",
8501 will be super-safe when running things,
8528 after a TLS handshake failure.
8536 Hence such requirements will cause an error on a retry without STARTTLS.
8537 Therefore they should only trigger a temporary failure so the connection
8544 it is not possible to use a client certificate for relaying.
8546 to have a cert.
8549 e.g., clients may not work with a server using this.
8571 \*- for example,
8576 and if set and non-null the TZ variable is set to this value.
8580 parameter may be a user name
8583 or a numeric user id.
8592 MX for a given host,
8595 by forwarding the mail to a UUCP feed,
8615 must add a UNIX-style From_ line
8616 (that is, a line beginning
8620 Don't change this unless your system uses a different UNIX mailbox format
8641 .q Errors-To:
8665 in a single job
8675 can cause authentication information to leak, if you use a
8676 sendmail client to authenticate to a server.
8680 To avoid this, do not install sendmail set-user-ID root,
8683 SMTP command with a suitable
8690 before a memory-based
8692 becomes disk-based.
8696 \-O or \-o flag,
8699 to relinquish its set-user-ID permissions.
8732 .sh 2 "P \*- Precedence Definitions"
8745 is found in a
8762 Pfirst-class=0
8763 Pspecial-delivery=100
8764 Plist=\-30
8765 Pbulk=\-60
8766 Pjunk=\-100
8774 didn't recognize this name, giving it a default precedence of zero.
8778 .sh 2 "V \*- Configuration Version Level"
8807 appends a dot if the name is recognized;
8808 this gives the config file a way of finding out if anything matched.
8812 .q \-a.
8813 flag \*- you can reset it to anything you prefer
8820 Version level two configurations are expected to include a trailing dot
8824 are passed through a new distinguished ruleset five;
8825 this can be used to append a local relay.
8828 That is, something that resolves to a local mailer and a user name of
8831 but a user name of
8836 The expectation is that this might be used to implement a policy
8839 was handled by a central hub,
8863 this allows fine-grained control over the special local processing.
8867 option (to allow colons in the local-part of addresses)
8912 specific to a particular vendor\**.
8919 Please send e-mail to sendmail@Sendmail.ORG
8927 .sh 2 "K \*- Key File Declaration"
8938 is the name of a type of map;
8945 there would be a single argument naming the file containing the map.
8964 If it returns a value, it replaces the input.
8965 If it does not return a value and the
8980 is a digit)
8989 R$\- ! $+	$: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $)
8991 looks up the UUCP name in a (user defined) UUCP map;
9004 The built-in map with both name and class
9058 .b \-k
9060 .b \-v
9080 if a single query matches multiple values,
9083 .b \-z
9087 .b \-1
9088 map flag will treat a multiple value return
9099 .b \-k
9101 .b \-v
9104 .b \-z
9119 Sequentially try a list of available map types:
9132 .b \-v
9135 of a user).
9138 Given a host name it calls the name server
9141 Returns the best MX record for a host name given as the key.
9142 The current machine is always preferred \*-
9143 that is, if the current machine is one of the hosts listed as a
9144 lowest-preference MX record, then it will be guaranteed to be returned.
9148 .b \-z
9155 This map requires the option -R to specify the DNS resource record
9158 A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT.
9159 A map lookup will return only one record
9161 .b \-z
9164 Hence for some types, e.g., MX records, the return value might be a random
9173 .b in-addr.arpa .
9182 sendmail -bt
9187 …0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 6 . 7 . 8 . 9 . f . e . e . b . d . a . e . d . 2 . 0 . 0 …
9193 The arguments on the `K' line are a list of maps;
9195 until it finds a match for the indicated key.
9202 then a lookup against
9204 first does a lookup in map1.
9226 This causes a query against the map
9234 Strip double quotes (") from a name.
9246 A typical usage is probably something like:
9252 R$\-	$: $(dequote $1 $)
9253 R$\- $+	$: $>3 $1 $2
9266 line contains a regular expression.
9272 .b \-m
9274 .b \-s
9278 .b \-d
9287 -d	set the delimiter string used for -s
9293 .b \-s
9301 .b \-d
9305 Hence it isn't possible to specify a space as delimiter,
9306 so if the option is immediately followed by a space
9310 Notes: to match a
9312 in a string,
9321 line are the pathname to a program and any initial parameters to be passed.
9331 Set or clear a macro value.
9332 To set a macro,
9334 To clear a macro,
9348 R$\-	$: $(storage {MyMacro} $) $1
9353 +, -, *, /, %,
9364 The r operator returns a pseudo-random number whose value
9368 A simple example is:
9379 The socket map uses a simple request/reply protocol over TCP or UNIX domain
9382 i.e., a string "hello there" becomes:
9389 by a space character:
9395 The server responds with a status indicator and the result (if any):
9407 TEMP	a temporary failure occurred
9408 TIMEOUT	a timeout occurred on the server side
9409 PERM	a permanent failure occurred
9433 55:TEMP this text explains that we had a temporary failure,
9436 in case of a temporary map lookup failure.
9439 (see Section "X \*- Mail Filter (Milter) Definitions")
9446 a single connection to this endpoint.
9449 and a filename
9450 (or a mapname for NIS;
9457 .ip "\-o"
9458 Indicates that this map is optional \*- that is,
9464 .ip "\-N, \-O"
9466 .b \-N
9468 .b \-O
9474 if it finds any key with a null byte it never tries again without a null byte
9477 .b \-N
9478 is specified it never tries without a null byte and
9480 .b \-O
9481 is specified it never tries with a null byte.
9485 .b \-N
9487 .b \-O
9492 .ip "\-a\fIx\fP"
9498 map appends a dot on successful matches.
9499 .ip "\-T\fIx\fP"
9505 would be appended if a DNS lookup returned
9507 or an NIS lookup could not locate a server.
9509 .b \-t
9511 .ip "\-f"
9513 .ip "\-m"
9515 If you only care about the existence of a key and not the value
9521 The \-a argument is still appended on a match,
9523 .ip "\-k\fIkeycol\fP"
9531 .b \-K
9534 .ip "\-v\fIvalcol\fP"
9542 The attributes listed can also include a type and one or more
9544 .ip "\-z\fIdelim\fP"
9546 It can be a single character or one of the special strings
9555 into a single return string.
9559 the result of a query is cut off if is too long.
9560 .ip "\-t"
9561 Normally, when a map attempts to do a lookup
9571 .b \-t
9574 act as though it were a permanent failure (entry not found).
9580 A common strategy is to forward such mail
9582 .ip "\-D"
9587 .ip "\-S\fIspacesub\fP
9589 after a successful map lookup (esp. useful for regex
9591 .ip "\-s\fIspacesub\fP
9594 after a successful dequote.
9595 .ip "\-q"
9597 .ip "\-L\fIlevel\fP
9600 .ip "\-A"
9603 .b \-A
9616 .b \-A
9620 .ip "\-d"
9622 .ip "\-r"
9623 retry: specify the number of times to retransmit a resolver query.
9626 .ip "\-B"
9627 basedomain: specify a domain that is always appended to queries.
9630 .ip "\-d"
9635 .ip "\-c\fItimeout\fP"
9638 .b \-DLDAP_OPT_NETWORK_TIMEOUT
9640 .ip "\-R"
9642 .b \-DLDAP_REFERRALS
9644 .ip "\-n"
9646 .ip "\-V\fIsep\fP"
9650 .ip "\-r\fIderef\fP"
9652 .ip "\-s\fIscope\fP"
9654 .ip "\-h\fIhost\fP"
9656 Some LDAP libraries allow you to specify multiple, space-separated hosts for
9658 In addition, each of the hosts listed can be followed by a colon and a port
9660 .ip "\-p\fIport\fP"
9662 .ip "\-H \fILDAPURI\fP"
9665 .b \-h
9667 .b \-p
9671 -h server.example.com -p 389 -b dc=example,dc=com
9675 -H ldap://server.example.com:389 -b dc=example,dc=com
9684 O LDAPDefaultSpec=-H ldaps://ldap.example.com -b dc=example,dc=com
9687 It can also be used to specify a UNIX domain socket using
9690 O LDAPDefaultSpec=-H ldapi://socketfile -b dc=example,dc=com
9692 .ip "\-b\fIbase\fP"
9694 .ip "\-l\fItimelimit\fP"
9696 .ip "\-Z\fIsizelimit\fP"
9698 .ip "\-d\fIdistinguished_name\fP"
9700 .ip "\-M\fImethod\fP"
9709 can be omitted and the value is case-insensitive.
9710 .ip "\-P\fIpasswordfile\fP"
9716 .ip "\-1"
9717 Force LDAP searches to only succeed if a single match is found.
9720 .ip "\-w\fIversion\fP"
9724 .b "\-w 3"
9728 .ip "\-K"
9729 Treat the LDAP search key as multi-argument and
9748 Kuucp dbm \-o \-N /etc/mail/uucpmap
9760 can be used to build database-oriented maps.
9762 (for a complete list see its man page):
9763 .ip \-f
9765 .ip \-N
9767 .ip \-o
9769 .ip \-r
9771 normally, re-inserting an existing key is an error.
9772 .ip \-v
9786 .sh 2 "Q \*- Queue Group Declaration"
9790 queue groups can be declared that define a (group of) queue directories
9791 under a common name.
9833 By default, a queue group named
9841 Since they can be symbolic links, this isn't a real restriction,
9844 uses a wildcard, then the directory one level up is considered
9864 is a valid queue group specification.
9867 the behavior of a queue group.
9869 supposed to work on the entries in a queue group.
9876 .b -q
9886 as a result of queue options, completed queue runs, system load, etc.
9910 If an option is set after a queue group declaration, the values of
9915 Each envelope is assigned to a queue group based on the algorithm
9918 .sh 2 "X \*- Mail Filter (Milter) Definitions"
9922 Mail Filter API (Milter) is designed to allow third-party programs access
9924 meta-information and content.
9952 (it's case-sensitive).
9977 The first two describe an IPv4 or IPv6 socket listening on a certain
9979 at a given
9982 The final form describes a named socket on the filesystem at the given
10001 Timeout for connecting to a filter.
10006 Timeout for sending information from the MTA to a filter.
10010 Overall timeout between sending end-of-message to filter and waiting for
10013 Note the separator between each timeout field is a
10034 If you have a version of
10046 The database is a sorted (BTree-based) structure.
10049 \fIuser-name\fP\fB:\fP\fIfield-name\fP
10052 Meta-information is always stored with a leading colon.
10075 and will normally be the name of an appropriate -request address.
10076 It is very similar to the owner-\c
10081 .ip office-address
10083 .ip office-phone
10085 .ip office-fax
10087 .ip home-address
10089 .ip home-phone
10091 .ip home-fax
10094 A (short) description of the project this person is affiliated with.
10097 A pointer to a file from which plan information can be gathered.
10100 only a few of these fields are actually being used by
10105 A
10116 is then used as a key in the user database.
10124 The intent is that the user database will act as a set of defaults
10125 for a cluster (in our case, the Computer Science Division);
10126 mail sent to a specific machine should ignore these defaults.
10130 If that user has a
10134 For example, I might have a record:
10140 If a
10149 If present, this is the name of a host to override the local host.
10160 e.g., virtual hosting and mapping local addresses into a
10164 The user database is built from a text file
10169 The text file is a series of lines corresponding to userdb records;
10170 each line has a key and a value separated by white space.
10171 The key is always in the format described above \*-
10176 This file is normally installed in a system directory;
10183 Then create a config file that uses this.
10199 to a new environment.
10206 .b "This section needs a complete rewrite."
10212 a much less efficient method of alias lookup is used.
10259 a required component for SMTP Authentication support.
10291 which might be enabled in a subsequent version
10301 Enabled FFRs in a binary can be listed with
10303 sendmail -d0.13 < /dev/null | grep FFR
10331 such as a host or a user name.
10338 will break up a delivery into smaller batches as needed.
10339 A higher number may reduce load on your system, however.
10345 in a single address.
10359 while the upper half are reserved for auto-numbering
10361 Thus, with a value of 200 an attempt to use ``S99'' will succeed,
10376 The maximum number of maps that may be "stacked" in a
10380 The maximum number of arguments in a MIME Content-Type: header;
10385 this does not limit the number of components in a single Multipart document).
10390 The maximum length of a macro name.
10392 A number of other compilation options exist.
10429 and makes a higher priority log record
10444 If you are using a non-UNIX mail format,
10446 of UNIX-style
10453 This adds a new level of local name expansion
10459 in per-operating-system clauses in conf.h.
10465 that when it receives a
10474 Use Berkeley-style
10524 The are several built-in ways of computing the load average.
10526 tries to auto-configure them based on imperfect guesses;
10530 .b \-DLA_TYPE= \c
10537 The actual values are scaled by a factor FSCALE
10541 The actual values are scaled by a factor FSCALE
10547 Use MACH-style load averages.
10575 .sh 3 "Built-in Header Semantics"
10586 and a set of header control flags (described below),
10589 Normally when the check is made to see if a header line is compatible
10590 with a mailer,
10607 treat it like a blank line,
10614 If a header entry does not have this bit set,
10616 will not add another header line if a header line
10622 this is a timestamp
10625 If the number of trace fields in a message
10626 exceeds a preset amount
10633 .b \-t
10638 specifies a sender.
10648 This header is a Content-Transfer-Encoding header.
10650 This header is a Content-Type header.
10655 Let's look at a sample
10663 	"resent-sender",	H_FROM,
10664 	"resent-from",	H_FROM,
10667 	"full-name",	H_ACHECK,
10668 	"errors-to",	H_FROM\^|\^H_ERRORSTO,
10671 	"resent-to",	H_RCPT,
10680 	"content-transfer-encoding",	H_CTE,
10681 	"content-type",	H_CTYPE,
10688 .q Resent-To: ,
10694 .q Full-Name:
10709 There are a number of important points here.
10748 .q "Full-Name:"
10753 and used in a number of ways.
10756 If it is necessary to restrict mail through a relay,
10767 queues the message for a later try,
10783 .sz -1
10793 	if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
10794 	    to->q_mailer == s->s_mailer)
10799 	if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
10801 		usrerr("Message too large for non-local delivery");
10802 		e\->e_flags |= EF_NORETURN;
10814 .i e\(->e_flags
10822 New key maps can be added by creating a class initialization function
10823 and a lookup function.
10836 is a pointer to the portion of the configuration file line
10858 is a list of arguments passed in from the rewrite line.
10859 The lookup function should return a pointer to the new value.
10870 is called to decide if a message should be queued
10882 	return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
10954 A more clever implementation
10960 returns the current load average (as a rounded integer).
10962 If you are porting to a new environment
10972 contains a number of routines that are dependent
10984 We now recommend that you create a new keyed map instead.
10995 .ip "\-v \fIATTRIBUTE\fP[:\fITYPE\fP[:\fIOBJECTCLASS\fP[|\fIOBJECTCLASS\fP|...]]]
11003 Any matches for this attribute are expected to have a value of a
11009 Any matches for this attribute are expected to have a value of an
11012 will perform a lookup with the same parameters as the original
11015 Any matches for this attribute are expected to have a value of an LDAP URL.
11017 will perform a lookup of that URL and use the results from the attributes
11030 the attribute named will only be used if the LDAP record being returned is a
11045 O LDAPDefaultSpec=-h ldap.example.com -b dc=example,dc=com
11048          -z,
11049          -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0))
11050          -v sendmailMTAAliasValue,mail:NORMAL:inetOrgPerson,
11058 Any value in a
11065 the LDAP record is a member of the
11071 attribute is a recursive attribute, used only in
11082 are both used only if referenced in a
11084 They are both recursive, the first for a new LDAP search string and the
11100 When acting as a server,
11106 i.e., a certificate that is used to sign other certificates,
11107 and a path to a directory which contains (zero or more) other CAs (CACertPath).
11128 ln -s $C `openssl x509 -noout -hash < $C`.0
11130 A better way to do this is to use the
11143 will always use STARTTLS when offered by a server.
11145 Certificates can be obtained from a certificate authority
11152 Never make a private key available to a third party.
11160 can take a second file name,
11161 which must be separated from the first with a comma
11163 to set up a second cert/key pair.
11168 STARTTLS requires a strong pseudo random number generator (PRNG)
11175 On systems which lack this support, a random file must be specified in the
11196 openssl rand -out /etc/mail/randfile -rand \c
11212 the importance of a good PRNG, and other aspects of TLS.
11217 are encoded to avoid problems with non-printable or special characters.
11220 with a leading '+'.
11244 then full DANE support for DANE-EE and DANE-TA
11250 sendmail -bt -d0.3 < /dev/null
11253 otherwise support for TLSA RR 3-1-x
11256 Note: if OpenSSL functions related to DANE cause a failure,
11275 This requires a DNSSEC-validating recursive resolver
11277 The resolver must be reachable via a trusted connection,
11280 If the client finds a usable TLSA RR and the check
11285 All non-DNS maps are considered
11294 Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
11304 This allows the use of UTF-8 for envelope addresses
11306 DNS lookups are done using the A-label format (Punycode)
11310 i.e., no conversions between UTF-8 and ASCII encodings are made.
11312 .\" how to make a list?
11314 the keys in map lookups, which might require to specify both versions in a map;
11315 the data exchanged with a milter, i.e., each milter must be "8 bit clean";
11325 .sh 2 "MTA-STS"
11328 (MTA-STS, see RFC 8461)
11332 .\"(which requires in a default setting
11337 postfix-mta-sts-resolver
11338 (see https://github.com/Snawoot/postfix-mta-sts-resolver.git).
11340 Note: this implementation uses a socket map to communicate with
11341 postfix-mta-sts-resolver
11343 which might not fully implement MTA-STS.
11345 If both DANE and MTA-STS are enabled and available for the receiving domain,
11346 DANE is used because it offers a much higher level of security.
11353 about letting me work on a large project
11379 It has proven to be a group network effort.
11380 Version 8 in particular was a group project.
11384 John Beck, Hewlett-Packard & Sun Microsystems
11414 At this point, I suspect that at least a hundred people
11425 .++ A
11432 .ip \-A\fIx\fP
11436 .b \-Am
11440 .b \-Ac .
11443 .b -bm
11445 .b -bs ,
11447 .b -t
11452 .ip \-b\fIx\fP
11460 a\(dg	``Arpanet'' mode (get envelope sender information from header)
11462 d	Run as a daemon in background
11463 D	Run as a daemon in foreground
11475 .ip \-B\fItype\fP
11477 .ip \-C\fIfile\fP
11478 Use a different configuration file.
11482 .ip "\-D \fIlogfile\fP"
11486 .ip \-d\fIlevel\fP
11488 .ip "\-f\ \fIaddr\fP"
11495 and may also appear in a Return-Path: header.
11496 .ip \-F\ \fIname\fP
11499 .ip \-G
11506 .ip "\-h\ \fIcnt\fP"
11522 .ip "\-L \fItag\fP"
11532 .ip \-n
11534 .ip "\-N \fInotifications\fP"
11539 or a comma-separated list of
11546 and a message that is stuck in a queue somewhere.
11549 .ip "\-r\ \fIaddr\fP"
11551 .b \-f .
11552 .ip \-o\fIx\|value\fP
11558 .ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
11565 .ip \-M\fIx\|value\fP
11570 .ip \-p\fIprotocol\fP
11579 .q \-pUUCP:uunet
11582 (Some existing programs use \-oM to set the r and s macros;
11583 this is equivalent to using \-p.)
11584 .ip \-q\fItime\fP
11590 Each of these processes acts on a workgroup.
11596 .ip \-qp\fItime\fP
11597 Similar to \-q with a time argument,
11602 except that a WGP always sleeps at least 5 seconds if their queues were
11604 Persistent processes are managed by a queue control process (QCP).
11606 Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD)
11607 or a special process (named Queue control) (when started without \-bd or \-bD).
11608 If a persistent WGP ceases to be active for some reason
11610 in most cases. When a persistent WGP has core dumped, the debug flag
11613 and a message will be logged to this effect.
11617 .ip \-q\fIGname\fP
11621 .ip \-q[!]\fIXstring\fP
11637 A particular queued job is accepted if one of the corresponding attributes
11642 .i \-q\fIX\fP
11649 .ip "\-Q[reason]"
11653 .b \-q[!]\fIXstring\fP
11655 .ip "\-R ret"
11663 This is a request only;
11668 .ip \-t
11680 .ip \-U
11681 This option is required when sending mail using UTF-8;
11693 .ip "\-V envid"
11698 .ip "\-X \fIlogfile\fP"
11704 This produces a lot of data very quickly and should be used sparingly.
11706 There are a number of options that may be specified as
11712 .b \-s
11715 .q "\-N" ,
11716 .q "\-R" ,
11718 .q "\-V"
11725 These files live in a queue directory.
11744 is a type.
11767 Due to the use of memory-buffered files,
11776 The same as a queue control file, but for a quarantined queue job.
11782 the qf file contains a `d' record which names the queue directory
11785 A temporary file.
11789 It should be renamed to a
11793 A transcript file,
11794 existing during the life of a session
11797 Sometimes the xf file must be generated before a queue group has been selected;
11799 the xf file will be stored in a directory of the default queue group.
11801 A ``lost'' queue control file.
11803 renames a
11807 if there is a severe (configuration) problem that cannot be solved without
11816 The queue control file is structured as a series of lines
11817 each beginning with a code letter;
11818 the file must end with a line containing only a single dot.
11828 .ip A
11834 A header definition.
11863 A recipient address.
11868 also include a leading colon-terminated list of flags,
11870 `S' to return a message on successful final delivery,
11871 `F' to return a message on failure,
11872 `D' to return a message if the message is delayed,
11875 `P' to declare this as a ``primary'' (command line or SMTP-session) address.
11891 A message.
11901 indicating that this is a response message
11904 indicating that a warning message has been sent
11910 a Bcc: header should be removed,
11924 If the df file is in a different directory than the qf file,
11925 then a `d' record is present,
11928 The i-number of the data file;
11930 after a disastrous disk crash.
11932 A macro definition.
11937 The remainder of the line is a text string defining the body type.
11946 .ip Z
11950 Information for Deliver-By SMTP extension.
11953 the following is a queue file sent to
11974 H?P?Return-path: <^g>
11976 	Fri, 17 Jul 1992 00:28:55 -0700
11978 	id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
11980 	id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
11981 H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
11984 H?x?Full-name: Eric Allman
11985 H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
12002 This is a summary of the support files
12013 A link to /usr/\*(SD/sendmail;
12018 .b \-bi
12021 Prints a listing of the mail queue.
12023 .b \-bp
12032 A statistics file; need not be present.
12037 use ``head \-1'' to get just the first line;
12063 A transcript of the current session.
12071 replace it with a blank sheet for double-sided output.
12116 replace it with a blank sheet for double-sided output.