op.me - OpenGrok cross reference for /freebsd/contrib/sendmail/doc/op/op.me

Lines Matching +full:allow +full:- +full:set +full:- +full:time
1 .\" Copyright (c) 1998-2013 Proofpoint, Inc. and its suppliers.
7 .\" By using this file, you agree to the terms and conditions set
12 .\"	$Id: op.me,v 8.759 2014-01-13 14:40:05 ca Exp $
14 .\" eqn op.me | pic | troff -me
51 .eh 'SMM:08-%''Sendmail Installation and Operation Guide'
52 .oh 'Sendmail Installation and Operation Guide''SMM:08-%'
74 .b SENDMAIL\u\s-6TM\s0\d
103 .i Sendmail \u\s-2TM\s0\d
107 It is not tied to any one transport protocol \*-
173 explains the day-to-day information you should know
185 contains the nitty-gritty information about the configuration
190 describes configuration that can be done at compile time.
204 Second, you must build a run-time configuration file.
214 using an M4-based configuration language.
231 on 4.4BSD-based systems.
255 obj.BSD-OS.2.1.i386.
267 .i -c .
270 .ip "\-L \fIlibdirs\fP"
272 .ip "\-I \fIincdirs\fP"
274 .ip "\-E \fIenvar\fP=\fIvalue\fP"
278 .ip "\-c"
282 .ip "\-f \fIsiteconfig\fP"
298 .ip "\-S"
299 Skip auto-configuration.
301 will avoid auto-detecting libraries if this is set.
312 See sendmail/README for various compilation flags that can be set,
313 and devtools/README for details how to set them.
339 real in-memory caching,
376 Other compilation flags are set in
412 will no longer be installed set-user-ID root by default.
415 \&./Build install-set-user-id
433 The distribution includes an m4-based configuration package
451 Both site-dependent and site-independent descriptions of hosts.
458 .q "generic-solaris2.mc"
459 as a general description of an SMTP-connected host
470 Site-dependent subdomain descriptions.
492 to read an /etc/mail/local-host-names file on startup
493 to find the set of local names).
502 Site-independent
520 For example, to include support for the UUCP-based mailers,
548 and features you want enabled site-wide:
554 and should be fully-qualified internet-style domain names.
600 It should be set-group-ID smmsp as described in
625 add -D_PATH_SENDMAILCF=\e"/file/name\e"
630 This is one of the two non-library file names compiled into
660 .b \-A
663 .b \-bm
665 .b \-bs ,
667 .b \-t
682 rm \-f /usr/\*(SB/newaliases
683 ln \-s /usr/\*(SD/sendmail /usr/\*(SB/newaliases
697 .b \-v
701 option is set.
752 (-DSM_CONF_SHM)
755 must be set.
846 on a BSD-base system,
847 or on a System-V-based system
851 if [ \-f /usr/\*(SD/sendmail \-a \-f /etc/mail/sendmail.cf ]; then
852 	(cd /var/spool/mqueue; rm \-f xf*)
853 	/usr/\*(SD/sendmail \-bd \-q30m &
854 	echo \-n ' sendmail' >/dev/console
867 .q \-bd
870 .q \-q30m
885 	if [ \-r $qffile ]
887 		if [ ! \-s $qffile ]
889 			echo \-n " <zero: $qffile>" > /dev/console
890 			rm \-f $qffile
898 	if [ \-r $tffile \-a ! \-f $qffile ]
900 		echo \-n " <recovering: $tffile>" > /dev/console
903 		if [ \-f $tffile ]
905 			echo \-n " <extra: $tffile>" > /dev/console
906 			rm \-f $tffile
916 	if [ \-r $dffile \-a ! \-f $qffile \-a ! \-f $hffile \-a ! \-f $Qffile ]
918 		echo \-n " <incomplete: $dffile>" > /dev/console
923 for xffile in [A-Z]f*
925 	if [ \-f $xffile ]
927 		echo \-n " <panic: $xffile>" > /dev/console
977 .b \-bp
1012 kill `head -1 $PIDFILE`
1013 `tail -1 $PIDFILE`
1022 pid=`head -1 $PIDFILE`
1023 cmd=`tail -1 $PIDFILE`
1116 A comma-separated list of the recipients to this mailer.
1121 The total delay between the time this message was received
1124 The amount of time needed in this delivery attempt
1156 Levels from 11\-64 are reserved for verbose information
1186 If the SuperSafe option is set to true,
1189 If the DeliveryMode option is set to queue-only or defer,
1275 a specified time after they finished a queue run.
1277 belonging to a workgroup (a workgroup is a set of queue groups)
1296 if a major host is down for a period of time
1311 .b \-bp
1323 .b \-bP
1350 exists at any time,
1356 that are taking absurd amounts of time;
1374 spending an inordinate amount of time
1392 /usr/\*(SD/sendmail \-C /etc/mail/queue.cf \-q
1395 .b \-C
1403 .b \-q
1407 /usr/\*(SD/sendmail \-oQ/var/spool/omqueue \-q
1420 .b \-v
1440 .b \-qQ
1447 .b \-Q
1451 sendmail -Qreason -q[!][I|R|S][matchstring]
1454 .b "-q[!][I|R|S][matchstring]"
1456 .b \-Q
1460 sendmail -qQ -Q[reason] -q[!][I|R|S|Q][matchstring]
1464 .b "-q[!][I|R|S|Q][matchstring]"
1466 .b \-Q
1471 .b \-qQ
1490 For top-level domains like
1499 has the added effect of single-threading mail delivery to a destination.
1502 or cannot accept more than a single connection at a time,
1509 If this option is set,
1510 you probably want to set the
1516 rather than being delayed for a long time.
1552 The connection information stored on disk may be expired at any time
1556 .b \-bH
1561 .b \-bh
1574 \**HP-UX 10 has service switch support,
1581 (e.g., SunOS 4.X, HP-UX, BSD)
1681 \**Actually, any mailer that has the `A' mailer flag set
1709 The control of search order is actually set by the service switch.
1734 .sm NIS -based
1747 .sm NIS -based
1750 .b \-l
1762 O AliasFile=nis:\-N mail.aliases@my.nis.domain
1767 O AliasFile=nis:\-f mail.aliases@my.nis.domain
1784 .b \-bi
1787 /usr/\*(SD/sendmail \-bi
1792 .b \-bi
1843 .q owner-\fIx\fP
1852 unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
1854 owner-unix-wizards: unix-wizards-request
1855 unix-wizards-request: eric@ucbarpa
1861 unix-wizards
1871 .q owner-
1873 .q -request
1876 .i list -request''
1894 .sh 2 "Per-User Forwarding (.forward Files)"
1931 These built-ins are described here.
1932 .sh 3 "Errors-To:"
1939 The Errors-To: header was created in the bad old days
1946 option is set.
1948 The Errors-To: header is officially deprecated
1950 .sh 3 "Apparently-To:"
1962 .q "Apparently-To:"
1965 The Apparently-To: header is non-standard
2011 Protocol information to make access control decisions - either as the
2031 you should set the IDENT timeout to zero;
2041 The amount of time between forking a process
2043 .b \-q
2045 If you run with delivery mode set to
2054 since it defines the maximum amount of time that a message
2059 (although that probably doesn't make sense if you use ``queue-only'' mode).
2061 Notice: the meaning of the interval time depends on whether normal
2063 For the former, it is the time between subsequent starts of a queue run.
2064 For the latter, it is the time sendmail waits after a persistent queue
2070 If you allow incoming mail over an IPC connection,
2072 This should be set by your
2075 .b \-bd
2078 .b \-bd
2080 .b \-q
2083 /usr/\*(SD/sendmail \-bd \-q30m
2089 .b \-bs \ \-Am
2096 has to be re-read on every message that comes in.
2101 /usr/\*(SD/sendmail \-q30m
2108 .b \-q
2111 .b \-v
2115 /usr/\*(SD/sendmail \-q \-v
2122 .q \-qRberkeley
2127 .q \-qSstring
2129 .q \-qIstring
2131 .q \-qQstring
2134 .q \-qGstring
2136 The named queue group will be run even if it is set to have 0 runners.
2150 .q \-q!Rseattle
2175 .b \-D
2185 using the syntax 17-42.
2186 You can specify a set of named debug categories using
2195 Debug flags are set using the
2196 .b \-d
2201 debug-flag:	\fB\-d\fP debug-list
2202 debug-list:	debug-option [ , debug-option ]*
2203 debug-option:	debug-categories [ . debug-level ]
2204 debug-categories:	integer | integer \- integer | category-pattern
2205 category-pattern:	[a-zA-Z_*?][a-zA-Z0-9_*?]*
2206 debug-level:	integer
2211 \-d12	Set category 12 to level 1
2212 \-d12.3	Set category 12 to level 3
2213 \-d3\-17	Set categories 3 through 17 to level 1
2214 \-d3\-17.4	Set categories 3 through 17 to level 4
2215 \-dANSI	Set category ANSI to level 1
2216 \-dsm_trace_*.3	Set all named categories matching sm_trace_* to level 3
2231 .b \-o
2233 .b \-O
2237 /usr/\*(SD/sendmail \-oT2m
2245 /usr/\*(SD/sendmail -OTimeout.queuereturn=2m
2249 Sendmail allows you to set these,
2250 but relinquishes its set-user-ID or set-group-ID permissions thereafter\**.
2261 .b \-C
2264 /usr/\*(SD/sendmail \-Ctest.cf \-oQ/tmp/mqueue
2271 .b \-C
2278 gives up set-user-ID root permissions
2279 (if it has been installed set-user-ID root)
2289 If you suspect such a problem, you can set traffic logging using the
2290 .b \-X
2294 /usr/\*(SD/sendmail \-X /tmp/traffic \-bd
2322 sendmail \-bt \-Ctest.cf
2334 is the rewriting set you want to use
2337 is an address to apply the set to.
2350 followed similarly by rulesets twenty-one and four.
2354 .q \-d21
2358 sendmail \-bt \-d21.99
2397 .ip \-d\|debug-spec
2398 is equivalent to the command-line flag.
2442 sendmail \-bh
2446 sendmail \-bH
2458 Most of these are set
2484 options have long (multi-character names).
2496 All time intervals are set
2503 The full set of scales is:
2515 .b \-q
2516 flag specifies how often a sub-daemon will run the queue.
2517 This is typically set to between fifteen minutes and one hour.
2518 If not set, or set to zero,
2534 The time to wait for an SMTP connection to open
2559 This can be used to restrict the total amount of time trying to connect to
2560 a long list of host that could accept an e-mail for the recipient.
2563 i.e., if the time is exhausted, the
2582 that takes a long time to expand
2598 If this is shorter than the time actually needed
2610 such as NOOP (no-operation) and VERB (go into verbose mode).
2614 the time to wait for another command.
2642 retransmission time interval
2651 retransmission time interval
2658 retransmission time interval
2690 (\(dg) are set to the indicated value.
2705 an undeliverable message will time out.
2708 The timeout is typically set to five days.
2714 These timeouts are set using the
2719 (previously both were set using the
2735 (indicating a positive non-zero precedence),
2738 .q non-urgent
2745 is to set the timeout for all precedences.
2751 can be used to give an alternative warn and return time
2756 e.g., to bounce messages independent of their time in the queue.
2766 should be ``at least 4\-5 days''.
2772 option by indicating a time after which
2801 option is not set,
2808 option is set,
2840 can be set in the configuration file using the
2854 pri = msgsize - (class times bold ClassFactor) + (nrcpt times bold RecipientFactor)
2859 The priority of a job can also be adjusted each time it is processed
2860 (that is, each time an attempt is made to deliver it)
2862 .q "work time factor,"
2886 option, the delivery mode is set to
2898 pri > { bold QueueFactor } over { LA - { bold QueueLA } + 1 }
2937 In many situations it might be useful to set limits to prevent
2945 leave them idle for most of the time,
2947 If this option is set then the timeouts used in a SMTP session
2956 has some built-in measures against simple denial of service (DoS) attacks.
2971 starting with a sleep time of one second,
2976 is set to a value greater than zero,
2982 is set to a value greater than zero (the default is 25).
3013 if you have a mailer that takes a long time to deliver a message.
3023 .b -D
3051 The level of logging can be set for
3104 No normal site would ever set these.
3114 if you want to make it possible to have group-writable support files
3122 set-user-ID to root.
3126 without set-user-ID to root but set-group-ID
3141 if that is not set, the
3158 A middle ground is to set the
3198 (i.e., usually set-user-ID root)
3213 database file as a trusted user ahead of time and then rebuilding the
3242 You can set this flag if you know that file giveaway is restricted
3251 allow files that are in unsafe directories.
3255 for non-existent forward files.
3257 Allow the file named in the
3261 Allow delivery to files that are hard links.
3263 Allow delivery to files that are symbolic links.
3265 Allow
3269 Allow
3273 Allow a
3278 Accept a group-readable key file for STARTTLS.
3280 Accept a group-readable Cyrus SASL password file.
3282 Accept a group-readable DefaultAuthInfo file for SASL.
3284 Allow group-writable alias files.
3288 to consider group-writable directories to be safe.
3289 World-writable directories are always unsafe.
3291 Allow group writable
3295 Accept group-writable
3299 Allow group writable
3303 Accept group-writable
3307 Accept a group-writable Cyrus SASL password file.
3309 Allow the file named in the
3313 Allow
3317 Allow
3321 Allow a
3329 Allow an alias file that is a link in a writable directory.
3331 Allow class files that are links in writable directories.
3333 Allow
3337 Allow
3341 Allow map files that are links in writable directories.
3344 Allow the service switch file to be a link
3347 Allow maps (e.g.,
3361 Run programs that are group- or world-writable without logging a warning.
3363 Allow group or world writable directories
3364 if the sticky bit is set on the directory.
3365 Do not set this on systems which do not honor
3368 Accept world-writable alias files.
3370 Allow world writable
3374 Allow world writable
3378 Allow writes to maps that are hard links.
3380 Allow writes to maps that are symbolic links.
3382 Allow the status file to be a hard link.
3384 Allow the status file to be a symbolic link.
3409 If it is set to zero,
3412 This should be set as appropriate for your system size;
3416 Never set this higher than 4.
3422 option specifies the maximum time that any cached connection
3424 When the idle time exceeds this value
3433 Control of host address lookups is set by the
3436 If you are on a system that has built-in service switch support
3468 such as at a UUCP-only site,
3550 It also prefers A and CNAME records over MX records \*-
3560 \-DNAMED_BIND=0
3561 and remove \-lresolv from the list of libraries to be searched
3563 .sh 2 "Moving the Per-User Forward Files"
3579 option allows you to set a path of forward files.
3596 (that is, the sticky bit should be set).
3603 option to allow forward files in a world writable directory.
3612 If you do this, you don't have to set the DontBlameSendmail options
3644 option can be set to set an absolute limit
3654 option allows you to set certain
3687 option is set to
3700 since this is done every time
3719 .sh 2 "R and S \*- Rewriting Rules"
3725 scans through the set of rewriting rules
3783 are performed at run time using a somewhat less general algorithm.
3798 \fB$\-\fP	Match exactly one token
3813 $\-:$+
3860 .b $\- ,
3951 3-tuple (triple) necessary to direct the mailer.
3977 may be multi-part.
3980 is the built-in IPC mailer,
3990 is later rewritten by the mailer-specific envelope rewriting set
4003 is stripped off, and a flag is set in the address descriptor
4065                     +---+
4066                  -->| 0 |-->resolved address
4067                 /   +---+
4068                /            +---+   +---+
4069               /        ---->| 1 |-->| S |--
4070        +---+ / +---+  /     +---+   +---+  \e    +---+
4071 addr-->| 3 |-->| D |--                      --->| 4 |-->msg
4072        +---+   +---+  \e     +---+   +---+  /    +---+
4073                         --->| 2 |-->| R |--
4074                             +---+   +---+
4112 Figure 1 \*- Rewriting set semantics
4114 D \*- sender domain addition
4115 S \*- mailer-specific sender rewriting
4116 R \*- mailer-specific recipient rewriting
4126 local-part@host-domain-spec
4137 host-domain-spec
4146 flag is set in the mailer definition
4175 e.g., based on the time of the day or other varying parameters.
4176 It should not be used to quarantine e-mails.
4192 flag set)
4231 .b \-bs
4282 entire-SMTP-command $| SMTP-reply-first-digit
4306 The ruleset cannot override a rejection triggered by the built-in rules.
4313 sender-address $| recipient-address
4335 number-of-headers $| size-of-headers
4354 HMessage-Id: $>CheckMessageId
4367 # Has a Message-Id: header
4369 # Allow missing Message-Id: from local mail
4376 Keep in mind the Message-Id: header is not a required header and
4425 Options `D'/`M' cause the client to not use DANE/MTA-STS,
4428 DANE/MTA-STS setups by simply not using it.
4479 (treated as non-deliverable with a permanent or temporary error).
4484 ruleset is called each time before a RCPT command is sent.
4489 (treated as non-deliverable with a permanent or temporary error).
4530 or if the 'h' option is set.
4538 which is also a defense against SMTP smuggling (CVE-2023-51765).
4654 Options already set before are not cleared!
4705 The keys are case-insensitive.
4766 ruleset is used to specify the amount of time to pause before sending the
4786 modifier is set for the daemon via
4846 .sh 2 "D \*- Define Macro"
4852 Single character names may be selected from the entire ASCII set,
4853 but user-defined macros
4854 should be selected from the set of upper case letters only.
4860 so user-defined long macro names should begin with an upper case letter.
4904 is set and non-null,
4938 .b \-h
4968 This is set in ruleset 0 from the $@ field of a parsed address.
4999 .q MAILER-DAEMON .
5002 The set of \*(lqoperators\*(rq in addresses.
5020 which is the minimum set necessary to do RFC 822 parsing;
5021 a richer set of operators is
5023 which adds support for UUCP, the %-hack, and X.400 addresses.
5029 .b \-p
5034 .b \-p
5036 (in which case it is set to the EHLO/HELO parameter).
5038 A numeric representation of the current time in the format YYYYMMDDHHmm
5039 (4 digit year 1900-9999, 2 digit month 01-12, 2 digit day 01-31,
5040 2 digit hours 00-23, 2 digit minutes 00-59).
5073 (only set if successful).
5082 (only set if successful).
5094 is set,
5100 openssl dgst -h
5111 is not set.
5116 The cipher suite used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,
5117 EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA
5165 over the time interval specified by ConnectionRateWindowSize.
5242 If this suboption is not set,
5250 is set, this will most likely be
5254 It is initially set to the value of the
5320 The value of the Message-Id: header.
5340 .b \-b
5347 .b \-q
5350 .b \-q30m
5351 would set
5372 For LMTP delivery the macro is set to the name of the mailer.
5377 .ip ${time}
5379 .i time (3)
5381 0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
5386 The total number of incoming connections over the time interval specified
5412 	the e-mail will be queued.
5422 is the time as extracted from the
5428 is the current date and time
5434 is set to the current time also.
5448 are set to the identity of this host.
5470 is set to the fully qualified name
5473 is set to the domain part of the name
5477 macro is set to the first word
5480 otherwise, it is set to the same value as
5483 it is imperative that the config file set
5487 \**Older versions of sendmail didn't pre-define
5503 macro is set to the address of the sender
5522 macro is set to the full name of the sender.
5530 .q Full-Name:
5548 macros get set to the host, user, and home directory
5551 The first two are set from the
5563 .q Message-Id:
5567 macro is set to the queue id on this host;
5572 macro is set to be the version number of
5579 field is set to the
5584 .b \-h
5592 fields are set to the protocol used to communicate with
5595 They can be set together using the
5596 .b \-p
5598 .b \-M
5600 .b \-oM
5605 is set to a validated sender host name.
5616 are set to the name, address, and port number of the SMTP client
5625 .sh 2 "C and F \*- Define Classes"
5643 from the set of upper case letters for short names
5695 To specify an optional file, use ``\-o'' between the class
5698 Fc \-o /path/to/file
5707 F{VirtHosts}@ldap:\-k (&(objectClass=virtHosts)(host=*)) \-v host
5716 There is also a built-in schema that can be accessed by only specifying:
5723 \-k (&(objectClass=sendmailMTAClass)
5728 \-v sendmailMTAClassValue
5740 multi-word entries in the class are ignored in this context.
5746 .\"A set of Content-Types that will not have the newline character
5753 .\".q application/octet-stream ).
5755 .\".q application/octet-stream ,
5761 contains the Content-Transfer-Encodings that can be 8\(->7 bit encoded.
5772 set to the set of domains by which this host is known,
5776 can be set to the set of MIME body types
5790 A set of Content-Types that will never be encoded as base64
5791 (if they have to be encoded, they will be encoded as quoted-printable).
5799 contains the set of subtypes of message that can be treated recursively.
5804 types cannot be 8\(->7 bit encoded.
5809 set to the set of trusted users by the
5816 set to be the set of all names
5824 can be compiled to allow a
5837 .sh 2 "E \*- Set or Propagate Environment Variables"
5840 configuration lines set or propagate environment variables into children.
5855 .sh 2 "M \*- Define Mailer"
5879 Sender	Rewriting set(s) for sender addresses
5880 Recipient	Rewriting set(s) for recipient addresses
5883 Eol	The end-of-line string for this mailer
5890 Charset	The default character set for 8-bit characters
5892 Wait	The maximum time to wait for the mailer
5897 (it's case-sensitive).
5899 The following flags may be set in the mailer description.
5922 Normally this is only set for local mailers.
5947 from a mailer with this flag set,
5969 Do not include angle brackets around route-address syntax addresses.
5990 .b \-f
6010 you can set the
6015 error messages will be sent as from the MAILER-DAEMON
6031 \*-
6046 is misconfigured or if a long-haul network interface is set in loopback mode.
6081 .q Message-Id:
6084 Do not insert a UNIX-style
6099 which will not allow the envelope sender address
6100 to be set unless the mailer is running as daemon.
6103 flag is set.
6105 Use the route-addr style reverse-path in the SMTP
6110 many hosts do not process reverse-paths properly.
6111 Reverse-paths are officially discouraged by RFC 1123.
6114 .q Return-Path:
6125 .b \-r
6151 this flag causes the effective user id to be set to that user.
6162 This mailer wants UUCP-style
6184 .q Full-Name:
6201 Apply DialDelay (if set) to this mailer.
6215 when converting to Quoted-Printable
6228 flag is set.
6234 option is set, this is essentially always set,
6237 that didn't have 8\(->7 bit MIME conversions performed.
6239 If set,
6241 the usual attempt to do 8\(->7 bit MIME conversions will be bypassed.
6243 If set,
6246 7\(->8 bit MIME conversions.
6270 using one of the -qI/-qR/-qS queue run modifiers
6332 Mprog, P=/bin/sh, F=lsoDq9, T=DNS/RFC822/X-Unix, A=sh \-c $u
6333 M*file*, P=[FILE], F=lsDFMPEouq9, T=DNS/RFC822/X-Unix, A=FILE $u
6358 if so, the first rewriting set is applied to envelope
6361 Setting any value to zero disables corresponding mailer-specific rewriting.
6364 is actually a colon-separated path of directories to try.
6388 this user and group will be set as the
6392 to set both the user and group id;
6406 this is the character set used in the
6407 Content-Type: header.
6408 If this is not set, the
6411 and if that is not set, the value
6412 .q unknown-8bit
6420 the character set will be set from the Charset= field
6430 the MTA-type (that is, the description of how hosts are named),
6431 the address type (the description of e-mail addresses),
6435 .q X\- .
6453 The Wait= field specifies the maximum time to wait for the
6462 .sh 2 "H \*- Define Header"
6501 is macro-expanded before insertion into the message.
6514 if the macro is set.
6515 The macro may be set using any of the normal methods,
6525 is used to set a header, then it is useful to add that macro to class
6556 The ruleset receives the header field-body as argument,
6557 i.e., not the header field-name; see also
6571 HMessage-Id: $>CheckMessageId
6575 R$*		$#error $: Illegal Message-Id header
6577 would refuse any message that had a Message-Id: header of any of the
6580 Message-Id: <>
6581 Message-Id: some text
6582 Message-Id: <legal text@domain> extra crud
6599 .sh 2 "O \*- Set Option"
6602 can be set from a configuration file.
6639 a time interval.
6678 \-k (&(objectClass=sendmailMTAAliasObject)
6683 \-v sendmailMTAAliasValue
6689 (search through a compiled-in list of alias file types,
6708 (internal symbol table \*- not normally used
6729 If set,
6741 If set, allow HELO SMTP commands that don't include a host name.
6773 a	protection from active (non-dictionary) attacks
6776 	and allow mechanisms which can pass credentials
6787 y	don't permit mechanisms that allow anonymous login.
6795 allow PLAIN and LOGIN only if a security layer (e.g.,
6807 If set and the specified number of recipients in a single SMTP
6825 If the option is not set,
6829 If the option is explicitly set,
6903 A	don't use AUTH when sending e-mail
6904 S	don't use STARTTLS when sending e-mail
6906 If ``h'' is set, the name corresponding to the outgoing interface
6930 .i -SSL_OP_TLSEXT_PADDING
6935 .b -0x0010 .
6937 If set, colons are acceptable in e-mail addresses
6940 If not set, colons indicate the beginning of a RFC 822 group construct
6946 and proper route-addr nesting is understood
6954 The maximum number of open connections that will be cached at a time.
6968 The maximum amount of time a cached connection will be permitted to idle
6970 If this time is exceeded,
6988 If set to a positive value,
6989 allow no more than
6993 and allow the load average checking to cut in.
7017 If not set, no control socket will be available.
7018 Solaris and pre-4.4BSD kernel users should see the note in sendmail/README .
7031 ln -s $C `openssl crl -noout -hash < $C`.r0
7042 none	do not use Diffie-Hellman.
7051 Note: this operation can take a significant amount of time on a
7059 	openssl dhparam -out /etc/mail/dhparams.pem 2048
7075 Name	User-definable name for the daemon (defaults to "Daemon#")
7132 u	allow unqualified addresses (.cf)
7166 through which the e-mail has been
7199 (the file must not be group/world-readable otherwise
7205 When a message that has 8-bit characters but is not in MIME format
7208 a character set must be included in the Content-Type: header.
7209 This character set is normally set from the Charset= field
7211 If that is not set, the value of this option is used.
7212 If this option is not set, the value
7213 .q unknown-8bit
7219 before a memory-based
7221 becomes disk-based.
7224 Defines the location of the system-wide dead.letter file,
7226 If this option is not set (the default),
7227 sendmail will not attempt to save to a system-wide dead.letter file
7269 .ip DeliverByMin=\fItime\fP
7270 Set minimum time for Deliver By SMTP Service Extension (RFC 2852).
7271 If 0, no time is listed, if less than 0, the extension is not offered,
7272 if greater than 0, it is listed as minimum time
7290 .b \-v
7298 Dial-on-demand network connections can see timeouts
7299 if a connection is opened before the call is set up.
7300 If this is set to an interval and a connection times out
7303 will sleep for this amount of time and try again.
7304 This should give your system time to establish the connection
7312 Z flag set.
7317 If not set,
7320 .b \-G
7325 caused by world- and group-writable files and directories,
7330 a group-writable
7349 If this option is set, the protocols are ignored and the
7357 If set,
7376 this can be time consuming.
7382 If set to
7403 option is set, this will be disabled,
7407 .ip DoubleBounceAddress=\fIerror-address\fP
7418 at the time of delivery.
7419 If not set, defaults to
7421 If set to an empty string, double bounces are dropped.
7424 Set handling of eight-bit data.
7425 There are two kinds of eight-bit data:
7429 .b \-B8BITMIME
7431 and undeclared 8-bit data, that is,
7434 undeclared 8-bit data can be automatically converted to 8BITMIME,
7435 undeclared 8-bit data can be passed as-is without conversion to MIME
7437 and declared 8-bit data can be converted to 7-bits
7438 for transmission to a non-8BITMIME mailer.
7443 .\"  r	Reject undeclared 8-bit data;
7444 .\"	don't convert 8BITMIME\(->7BIT (``reject'')
7445   s	Reject undeclared 8-bit data (``strict'')
7446 .\"	do convert 8BITMIME\(->7BIT (``strict'')
7447 .\"  c	Convert undeclared 8-bit data to MIME;
7448 .\"	don't convert 8BITMIME\(->7BIT (``convert'')
7449   m	Convert undeclared 8-bit data to MIME (``mime'')
7450 .\"	do convert 8BITMIME\(->7BIT (``mime'')
7451 .\"  j	Pass undeclared 8-bit data;
7452 .\"	don't convert 8BITMIME\(->7BIT (``just send 8'')
7453   p	Pass undeclared 8-bit data (``pass'')
7454 .\"	do convert 8BITMIME\(->7BIT (``pass'')
7457 .\"The adaptive algorithm is to accept 8-bit data,
7459 .\"otherwise just passing it as undeclared 8-bit data;
7460 .\"8BITMIME\(->7BIT conversions are done.
7467 X-MIME-Autoconverted: from OLD to NEW by $j id $i
7475 .ip ErrorHeader=\fIfile-or-message\fP
7525 will be used in a last-ditch effort for a host.
7530 If set to a value greater than zero (the default is one),
7535 To enforce initial sorting based on MX records set
7548 If set,
7558 It can also be set to a sequence of paths separated by colons;
7603 When set,
7625 (see the "X \*- Mail Filter (Milter) Definitions" section)
7627 If none are set, no filters will be contacted.
7632 .q "-h host -p port -d bindDN" .
7635 This option should be set before any LDAP maps are defined.
7649 .b \-M
7659 allow group writable queue files
7660 if the group is the same as that of a set-group-ID sendmail binary.
7666 Allow fuzzy matching on the GECOS field.
7667 If this flag is set,
7680 If set,
7696 If not set, there is no limit to the number of children --
7699 If set to a value greater than zero it specifies
7714 If set to a value greater than zero,
7724 the header Content-Description.
7726 the maximum length of each parameter is set to
7735 To allow any length, a value of 0 can be specified.
7744 When set, this limits the number of concurrent queue runner processes to
7769 If not set, there is no limit on the size.
7777 this should be set as high as possible to avoid
7784 is set to a value
7795 If not set, there is no limit on the number of recipients per envelope.
7803 of non-erroneous situations such as a low bandwidth connection.
7807 The default is 1 when not set.
7855 If this is set to a value greater than zero,
7857 only if the individual retry time has been reached
7859 The maximum retry time is limited by the specified value.
7862 that have been in the queue less than the indicated time interval.
7863 This is intended to allow you to get responsiveness
7870 .q \-q[!][I|R|S|Q][string]
7877 DKIM signatures it is useful to set
7887 recipient headers (To:, Cc:, Bcc:, or Apparently-To: \(em
7894 .b Add-To
7897 .b Add-Apparently-To
7898 to add an Apparently-To: header
7899 (this is only for back-compatibility
7901 .b Add-To-Undisclosed
7903 .q "To: undisclosed-recipients:;"
7906 .b Add-Bcc
7928 sequences of non-operator characters are also tokens.
7935 If not set, OperatorChars defaults to
7940 Note that OperatorChars must be set in the
7947 is macro-expanded before it is opened, and unlinked when
7952 If set,
7962 at the time of delivery.
7976 public	Allow open access
7985 restrictqrun	Restrict \-q command line flag
7986 restrictexpand	Restrict \-bv and \-v command line flags
7990 authwarnings	Put X-Authentication-Warning: headers in messages
7992 noactualrecipient	Don't put X-Actual-Recipient lines in DSNs
8004 pseudo-flag sets all flags except
8020 pseudo-flag instructs
8023 .b \-bv
8032 .b \-v
8036 such as using a non-standard queue directory.
8046 First, it specifies the directory or set of directories that comprise
8063 and the working directory D is set to \fIdir\fR.
8101 If not set, sendmail uses 0600 unless its real
8113 .q time
8114 (to order by the submission/creation time),
8118 (to order by the modification time of the qf file (older entries first)),
8129 Filename and modification time ordering saves the overhead of
8132 Creation (submission) time ordering is almost always a bad idea,
8138 on different parts of the queue at the same time.
8151 STARTTLS requires this filename if the compile flag HASURANDOMDEV is not set
8156 Values can be set using
8160 .b \- \c
8181 .b \- )
8189 .b \- )
8196 This option can be used to override the compile time flag
8200 If the compile time flag is not set, the option is ignored.
8203 for a directory if the meta-data in it has been changed.
8209 If this option is set, a
8210 .q Return-Receipt-To:
8225 If set to a non-zero (non-root) value,
8247 is set,
8285 every time a job is processed.
8287 each time a job is processed,
8290 since hosts that are down are all too often down for a long time.
8293 If this option is set,
8304 if the SafeFileEnvironment variable is set to
8311 Additionally, if this option is set,
8317 UNIX-style
8324 If set, send error messages in MIME format
8348 .i -SSL_OP_TLSEXT_PADDING
8353 .b -0x0010 .
8395 if not set (or 0), shared memory will not be used.
8396 If set to
8397 -1
8401 is set.
8404 If this option is set,
8411 process gathering the data each time it is required.
8415 is set to
8416 -1
8420 If set, From: lines that have embedded newlines are unwrapped
8425 If set, a client machine will never try to open two SMTP connections
8426 to a single server machine at the same time,
8445 option to avoid running out of per-process file descriptors.
8457 If set, issue temporary errors (4xy) instead of permanent errors (5xy).
8467 openssl engine -v
8474 is set.
8475 If both are set, the engine will be loaded dynamically at runtime
8484 is set then the static version of the engine is used.
8490 If not set,
8498 This option can be set to True, False, Interactive, or PostMilter.
8499 If set to True,
8501 will be super-safe when running things,
8510 be set to True.
8516 If set to PostMilter,
8525 If set,
8530 this applies to all connections even if TLS specific requirements are set
8569 Set the local time zone info to
8571 \*- for example,
8573 Actually, if this is not set,
8575 if set but null, the user's TZ variable is used,
8576 and if set and non-null the TZ variable is set to this value.
8584 Trusted user for file ownership and starting the daemon.  If set, generated
8615 must add a UNIX-style From_ line
8623 If set (default),
8634 If set, the compressed format of IPv6 addresses,
8641 .q Errors-To:
8654 If this is set,
8671 be set in the configuration file;
8680 To avoid this, do not install sendmail set-user-ID root,
8690 before a memory-based
8692 becomes disk-based.
8696 \-O or \-o flag,
8699 to relinquish its set-user-ID permissions.
8732 .sh 2 "P \*- Precedence Definitions"
8748 the message class is set to
8762 Pfirst-class=0
8763 Pspecial-delivery=100
8764 Plist=\-30
8765 Pbulk=\-60
8766 Pjunk=\-100
8778 .sh 2 "V \*- Configuration Version Level"
8812 .q \-a.
8813 flag \*- you can reset it to anything you prefer
8845 allow # initiated comments on all lines.
8863 this allows fine-grained control over the special local processing.
8867 option (to allow colons in the local-part of addresses)
8895 Version level eight configuration files allow
8899 Version level nine configuration files allow
8903 Version level ten configuration files allow
8919 Please send e-mail to sendmail@Sendmail.ORG
8927 .sh 2 "K \*- Key File Declaration"
8989 R$\- ! $+	$: $(uucp $1 $@ $2 $: $2 @ $1 . UUCP $)
9004 The built-in map with both name and class
9058 .b \-k
9060 .b \-v
9061 flags may be used to set the key and value columns respectively.
9083 .b \-z
9085 map option is set.
9087 .b \-1
9099 .b \-k
9101 .b \-v
9104 .b \-z
9132 .b \-v
9142 The current machine is always preferred \*-
9144 lowest-preference MX record, then it will be guaranteed to be returned.
9148 .b \-z
9155 This map requires the option -R to specify the DNS resource record
9161 .b \-z
9163 option is set.
9173 .b in-addr.arpa .
9182 sendmail -bt
9252 R$\-	$: $(dequote $1 $)
9253 R$\- $+	$: $>3 $1 $2
9272 .b \-m
9274 .b \-s
9278 .b \-d
9287 -d	set the delimiter string used for -s
9293 .b \-s
9301 .b \-d
9332 To set a macro,
9343 # set macro ${MyMacro} to the ruleset match
9345 # set macro ${MyMacro} to an empty string
9348 R$\-	$: $(storage {MyMacro} $) $1
9353 +, -, *, /, %,
9364 The r operator returns a pseudo-random number whose value
9439 (see Section "X \*- Mail Filter (Milter) Definitions")
9457 .ip "\-o"
9458 Indicates that this map is optional \*- that is,
9464 .ip "\-N, \-O"
9466 .b \-N
9468 .b \-O
9477 .b \-N
9480 .b \-O
9485 .b \-N
9487 .b \-O
9492 .ip "\-a\fIx\fP"
9499 .ip "\-T\fIx\fP"
9509 .b \-t
9511 .ip "\-f"
9513 .ip "\-m"
9521 The \-a argument is still appended on a match,
9523 .ip "\-k\fIkeycol\fP"
9531 .b \-K
9534 .ip "\-v\fIvalcol\fP"
9544 .ip "\-z\fIdelim\fP"
9556 If not set,
9560 .ip "\-t"
9571 .b \-t
9582 .ip "\-D"
9584 This flag is set by default for the
9587 .ip "\-S\fIspacesub\fP
9591 .ip "\-s\fIspacesub\fP
9595 .ip "\-q"
9597 .ip "\-L\fIlevel\fP
9600 .ip "\-A"
9603 .b \-A
9616 .b \-A
9620 .ip "\-d"
9621 delay: specify the resolver's retransmission time interval (in seconds).
9622 .ip "\-r"
9626 .ip "\-B"
9630 .ip "\-d"
9635 .ip "\-c\fItimeout\fP"
9638 .b \-DLDAP_OPT_NETWORK_TIMEOUT
9640 .ip "\-R"
9642 .b \-DLDAP_REFERRALS
9644 .ip "\-n"
9646 .ip "\-V\fIsep\fP"
9650 .ip "\-r\fIderef\fP"
9652 .ip "\-s\fIscope\fP"
9654 .ip "\-h\fIhost\fP"
9656 Some LDAP libraries allow you to specify multiple, space-separated hosts for
9660 .ip "\-p\fIport\fP"
9662 .ip "\-H \fILDAPURI\fP"
9665 .b \-h
9667 .b \-p
9671 -h server.example.com -p 389 -b dc=example,dc=com
9675 -H ldap://server.example.com:389 -b dc=example,dc=com
9684 O LDAPDefaultSpec=-H ldaps://ldap.example.com -b dc=example,dc=com
9690 O LDAPDefaultSpec=-H ldapi://socketfile -b dc=example,dc=com
9692 .ip "\-b\fIbase\fP"
9694 .ip "\-l\fItimelimit\fP"
9695 Time limit for LDAP queries.
9696 .ip "\-Z\fIsizelimit\fP"
9698 .ip "\-d\fIdistinguished_name\fP"
9700 .ip "\-M\fImethod\fP"
9709 can be omitted and the value is case-insensitive.
9710 .ip "\-P\fIpasswordfile\fP"
9716 .ip "\-1"
9720 .ip "\-w\fIversion\fP"
9724 .b "\-w 3"
9728 .ip "\-K"
9729 Treat the LDAP search key as multi-argument and
9748 Kuucp dbm \-o \-N /etc/mail/uucpmap
9760 can be used to build database-oriented maps.
9763 .ip \-f
9765 .ip \-N
9767 .ip \-o
9769 .ip \-r
9770 Allow replacement of existing keys;
9771 normally, re-inserting an existing key is an error.
9772 .ip \-v
9786 .sh 2 "Q \*- Queue Group Declaration"
9815 The time between two queue runs.
9822 must be set if this value is greater than one.
9868 The ``f'' flag must be set if multiple queue runners are
9874 The ``Interval'' field sets the time between queue runs.
9875 If no queue group specific interval is set, then the parameter of the
9876 .b -q
9882 can be set.
9885 though at any one time fewer processes may be active
9892 If set to 0, entries in the queue will not be processed, which
9894 The number of runners per queue group may also be set with the option
9901 if set, otherwise 1.
9909 have been set because queue groups take their defaults from those options.
9910 If an option is set after a queue group declaration, the values of
9911 options in the queue group are set to the defaults of
9913 unless explicitly set in the declaration.
9918 .sh 2 "X \*- Mail Filter (Milter) Definitions"
9922 Mail Filter API (Milter) is designed to allow third-party programs access
9924 meta-information and content.
9952 (it's case-sensitive).
9985 The following flags may be set in the filter description.
9996 The timeouts can be set using the four fields inside of the
10002 If set to 0, the system's
10010 Overall timeout between sending end-of-message to filter and waiting for
10015 The default values (if not set) are:
10046 The database is a sorted (BTree-based) structure.
10049 \fIuser-name\fP\fB:\fP\fIfield-name\fP
10052 Meta-information is always stored with a leading colon.
10069 record for that name to allow return mail.
10075 and will normally be the name of an appropriate -request address.
10076 It is very similar to the owner-\c
10081 .ip office-address
10083 .ip office-phone
10085 .ip office-fax
10087 .ip home-address
10089 .ip home-phone
10091 .ip home-fax
10124 The intent is that the user database will act as a set of defaults
10150 For example, in our case we would set it to
10171 The key is always in the format described above \*-
10208 If set,
10211 If neither CDB, NDBM, nor NEWDB are set,
10214 If set, use the cdb (tinycdb) package.
10216 If set, use the new database package from Berkeley (from 4.4BSD).
10218 If NEWDB and NDBM are both set,
10224 If set together with
10288 often contains compile time options
10295 time options are listed here for rulesets and macros,
10303 sendmail -d0.13 < /dev/null | grep FFR
10335 It can be set to any arbitrary number above about 10,
10359 while the upper half are reserved for auto-numbering
10380 The maximum number of arguments in a MIME Content-Type: header;
10398 If set,
10409 If set,
10415 If set,
10419 If set,
10423 If set,
10444 If you are using a non-UNIX mail format,
10445 you can set this flag to turn off special processing
10446 of UNIX-style
10459 in per-operating-system clauses in conf.h.
10474 Use Berkeley-style
10497 is set.
10508 reuse the same pid in the same second of time.
10524 The are several built-in ways of computing the load average.
10526 tries to auto-configure them based on imperfect guesses;
10530 .b \-DLA_TYPE= \c
10547 Use MACH-style load averages.
10575 .sh 3 "Built-in Header Semantics"
10586 and a set of header control flags (described below),
10593 If this flag is set,
10598 if this bit is set and the mailer does not have flag bits set
10606 If this header field is set,
10614 If a header entry does not have this bit set,
10621 If set,
10630 If set,
10633 .b \-t
10648 This header is a Content-Transfer-Encoding header.
10650 This header is a Content-Type header.
10663 	"resent-sender",	H_FROM,
10664 	"resent-from",	H_FROM,
10667 	"full-name",	H_ACHECK,
10668 	"errors-to",	H_FROM\^|\^H_ERRORSTO,
10671 	"resent-to",	H_RCPT,
10680 	"content-transfer-encoding",	H_CTE,
10681 	"content-type",	H_CTYPE,
10688 .q Resent-To: ,
10694 .q Full-Name:
10748 .q "Full-Name:"
10783 .sz -1
10793 	if (s != NULL && e\->e_from.q_mailer != LocalMailer &&
10794 	    to->q_mailer == s->s_mailer)
10799 	if (MsgSize > 50000 && bitnset(M_LOCALMAILER, to\->q_mailer))
10801 		usrerr("Message too large for non-local delivery");
10802 		e\->e_flags |= EF_NORETURN;
10813 flag can be set in
10814 .i e\(->e_flags
10862 should be set to an exit status code;
10863 in particular, it should be set to
10882 	return (pri > (QueueFactor / (CurrentLA \- QueueLA + 1)));
10888 which is set before this function is called)
10922 which is the time that the message was first submitted to
10928 (although this tends to lower the priority of the message with time);
10995 .ip "\-v \fIATTRIBUTE\fP[:\fITYPE\fP[:\fIOBJECTCLASS\fP[|\fIOBJECTCLASS\fP|...]]]
11045 O LDAPDefaultSpec=-h ldap.example.com -b dc=example,dc=com
11048          -z,
11049          -k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0))
11050          -v sendmailMTAAliasValue,mail:NORMAL:inetOrgPerson,
11128 ln -s $C `openssl x509 -noout -hash < $C`.0
11148 To allow for automatic startup of sendmail, private keys
11163 to set up a second cert/key pair.
11189 that useful random data is available all the time in RandFile.
11196 openssl rand -out /etc/mail/randfile -rand \c
11206 is set.
11217 are encoded to avoid problems with non-printable or special characters.
11244 then full DANE support for DANE-EE and DANE-TA
11250 sendmail -bt -d0.3 < /dev/null
11253 otherwise support for TLSA RR 3-1-x
11259 is set to
11266 enables this feature at run time
11275 This requires a DNSSEC-validating recursive resolver
11283 is set to
11285 All non-DNS maps are considered
11294 Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
11296 the compile time option
11304 This allows the use of UTF-8 for envelope addresses
11306 DNS lookups are done using the A-label format (Punycode)
11310 i.e., no conversions between UTF-8 and ASCII encodings are made.
11325 .sh 2 "MTA-STS"
11328 (MTA-STS, see RFC 8461)
11330 the compile time option _FFR_MTA_STS
11337 postfix-mta-sts-resolver
11338 (see https://github.com/Snawoot/postfix-mta-sts-resolver.git).
11341 postfix-mta-sts-resolver
11343 which might not fully implement MTA-STS.
11345 If both DANE and MTA-STS are enabled and available for the receiving domain,
11355 This includes time on the INGRES Project at
11384 John Beck, Hewlett-Packard & Sun Microsystems
11432 .ip \-A\fIx\fP
11436 .b \-Am
11440 .b \-Ac .
11443 .b -bm
11445 .b -bs ,
11447 .b -t
11452 .ip \-b\fIx\fP
11475 .ip \-B\fItype\fP
11477 .ip \-C\fIfile\fP
11482 .ip "\-D \fIlogfile\fP"
11486 .ip \-d\fIlevel\fP
11488 .ip "\-f\ \fIaddr\fP"
11489 The envelope sender address is set to
11495 and may also appear in a Return-Path: header.
11496 .ip \-F\ \fIname\fP
11499 .ip \-G
11504 rather than fixing them when this flag is set.
11506 .ip "\-h\ \fIcnt\fP"
11522 .ip "\-L \fItag\fP"
11524 Note that this identifier is set
11532 .ip \-n
11534 .ip "\-N \fInotifications\fP"
11539 or a comma-separated list of
11549 .ip "\-r\ \fIaddr\fP"
11551 .b \-f .
11552 .ip \-o\fIx\|value\fP
11558 .ip \-O\fIoption\fP\fB=\fP\fIvalue\fP
11565 .ip \-M\fIx\|value\fP
11570 .ip \-p\fIprotocol\fP
11572 Programs are encouraged to set this.
11577 to set both the sending protocol and sending host.
11579 .q \-pUUCP:uunet
11582 (Some existing programs use \-oM to set the r and s macros;
11583 this is equivalent to using \-p.)
11584 .ip \-q\fItime\fP
11586 If the time is given,
11589 time interval to deliver queued mail; otherwise, it only runs once.
11596 .ip \-qp\fItime\fP
11597 Similar to \-q with a time argument,
11601 The sleep time is specified by the time argument; it defaults to 1 second,
11606 Typically the QCP will be the sendmail daemon (when started with \-bd or \-bD)
11607 or a special process (named Queue control) (when started without \-bd or \-bD).
11611 \fIno_persistent_restart\fP is set or the specific persistent WGP has been
11617 .ip \-q\fIGname\fP
11621 .ip \-q[!]\fIXstring\fP
11642 .i \-q\fIX\fP
11649 .ip "\-Q[reason]"
11653 .b \-q[!]\fIXstring\fP
11655 .ip "\-R ret"
11668 .ip \-t
11680 .ip \-U
11681 This option is required when sending mail using UTF-8;
11692 option is set.
11693 .ip "\-V envid"
11698 .ip "\-X \fIlogfile\fP"
11712 .b \-s
11715 .q "\-N" ,
11716 .q "\-R" ,
11718 .q "\-V"
11767 Due to the use of memory-buffered files,
11822 used to allow new
11868 also include a leading colon-terminated list of flags,
11875 `P' to declare this as a ``primary'' (command line or SMTP-session) address.
11880 The job creation time.
11881 This is used to compute when to time out the job.
11921 The time (as seconds since January 1, 1970)
11928 The i-number of the data file;
11950 Information for Deliver-By SMTP extension.
11974 H?P?Return-path: <^g>
11976 	Fri, 17 Jul 1992 00:28:55 -0700
11978 	id AAA06698; Fri, 17 Jul 1992 00:28:54 -0700
11980 	id AA22777; Fri, 17 Jul 1992 03:29:14 -0400
11981 H??Received: by foo.bar.baz.de (5.57/Ultrix3.0-C)
11984 H?x?Full-name: Eric Allman
11985 H??Message-id: <9207170931.AA22757@foo.bar.baz.de>
11994 the submission time
12018 .b \-bi
12023 .b \-bp
12037 use ``head \-1'' to get just the first line;
12071 replace it with a blank sheet for double-sided output.
12116 replace it with a blank sheet for double-sided output.