Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > S


HP-UX 11i Version 3: February 2007

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index


sendmail — send mail over the Internet


/usr/sbin/sendmail [mode] [flags] [address ...]


sendmail sends a message to one or more recipients or addresses and routes the message over whatever networks are necessary. sendmail does internetwork forwarding as necessary to deliver the message to the correct place.

sendmail is not intended as a user interface routine. Other programs provide user-friendly front ends. sendmail is used only to deliver pre-formatted messages.

With no flags specified in the command line, sendmail reads its standard input up to an end-of-file or a line consisting only of a single dot (.) and sends a copy of the message found there to all of the addresses listed in the command line. It determines the network(s) to use based on the syntax and contents of the addresses, according to information in the sendmail configuration file. The default configuration file is /etc/mail/sendmail.cf.

Local addresses are looked up in a file and aliased appropriately, and sendmail also supports the use of NIS and LDAP for address lookup. Aliasing can be prevented by preceding the address with a backslash (\). Normally the sender is not included in any alias expansions. For example, if `john' sends to `group', and `group' includes `john' in the expansion, then the letter will not be delivered to `john'.

If newaliases is invoked, sendmail will rebuild the alias database. newaliases is identical to sendmail -bi. See newaliases(1M). Mail that is temporarily undeliverable is saved in a mail queue. If mailq is invoked, sendmail will print the contents of the mail queue. The mail queue files are in the directory /var/spool/mqueue. mailq is identical to sendmail -bp. See mailq(1).

For mail delivery failures, users get a Delivery Status Notification (DSN).

  • Note: DSNs resulting from attempts to relay a message to one or more recipients will contain a "Diagnostic-Code" message citing the reasons for failure. This message will not contain the user's address.

A non-root user does not have access to the files and databases associated with sendmail, for example, /etc/mail/aliases, /etc/mail/aliases.*, /etc/mail/sendmail.st, and /etc/mail/sendmail.pid.

  • Note: Only root users are privileged to kill any sendmail process. Non-root users cannot send signals to their sendmail process.


sendmail recognizes the following arguments:


A mode selected from those described in the "Modes" subsection below. Only one mode can be specified. The default is -bm.


The address of a recipient. Several addresses can be specified.


A flag selected from those described in the "Flags" subsection below. Several flags can be specified.


sendmail operates in one of the following modes. The default is -bm, deliver mail in the usual way.


Go into ARPANET mode. All input lines must end with a CR-LF, and all messages will be generated with a CR-LF at the end. Also, the ``From:'' and ``Sender:'' fields are examined for the name of the sender.


Run as a daemon. sendmail will fork and run in background listening on socket 25 for incoming SMTP connections.


Run as a daemon, but run in foreground.


Print the persistent host status database.


Purge the persistent host status database.


Initialize the alias database for the mail aliases file. newaliases is identical to sendmail -bi. See newaliases(1M).


Deliver mail in the usual way (default).


Print a listing of the mail queue. mailq is identical to sendmail -bp. See mailq(1).


Use the SMTP protocol as described in RFC821 on standard input and output. This flag implies all the operations of the ba flag that are compatible with SMTP.


Run in address test mode. This mode reads addresses and shows the steps in parsing; it is used for debugging configuration tables.


Verify names only; i.e, do not try to collect or deliver a message. Verify mode is normally used for validating users or mailing lists.


sendmail recognizes the following flags:


Use the submit.cf file even if the operation mode does not indicate an initial mail submission.


Use the sendmail.cf file even if the operation mode indicates an initial mail submission.


Set the body type. type can be either 7BIT or 8BITMIME.


Use alternate configuration file. sendmail refuses to run as root if an alternate configuration file is specified.


Set debugging value to X. X can also be of the form category.level (eg; -d56.12). A low level or category produces less output; but a high level or category produces more output. The default for category is 0 and that for level is 1.


Set the full name of the sender.


Set the name of the ``from'' person (i.e., the sender of the mail) to name. If the user of the -f option is not a ``trusted'' user (normally root, daemon, and network) and if the name set using the -f option and the login name of the person actually sending the mail are not the same, then it results in an X-Authentication-Warning in the mail header.


Relay the message without any processing.


Set the hop count to N. The hop count is incremented every time the mail is processed. When it reaches a limit, the mail is returned with an error message, the victim of an aliasing loop. If not specified, ``Received:'' lines in the message are counted.


Ignore dots alone in lines by themselves in incoming messages. This should be set if you are reading from a file.


Specify an identifier to be used in syslog messages. The identifier is set to tag.


Do not do aliasing.


Set delivery status notification conditions. Following are the valid conditions to which dsn can be set:


For no notifications.


If delivery failed.


If delivery is delayed.


When message is successfully delivered.


Set the configuration option option to a specified value. Options are described below in "Processing Options."


Set option x to a specified value. Options are described below in "Processing Options."


Set the name of the protocol used to receive the message. This can be a simple protocol name such as UUCP or a protocol and hostname, such as UUCP:ucbvax.


Process saved messages in the queue at given intervals. If time is omitted, process the queue once. time is given as a tagged number, with s being seconds, m being minutes, h being hours, d being days, and w being weeks. For example, -q1h30m or -q90m would both set the timeout to one hour thirty minutes. If time is specified, sendmail will run in background. This option can be used safely with bd.


Similar to -qtime except that instead of periodically forking a child to process the queue, sendmail forks a single persistent child for each queue that alternates between processing the queue and sleeping. The sleep time is given as an argument and default value for the sleep time is 1 second. The process sleeps for at least 5 seconds if the queue was empty in the previous queue run.


Process saved messages in the queue once and do not fork(), but run in the foreground.


Process jobs only in the queue called name.


Limit processed jobs to those containing substr as a substring of the queue ID. When ! is specified, limit processed jobs to those not containing substr as a substring of the queue ID.


Limit processed jobs to quarantined jobs containing substr as a substring of the quarantine reason, or limit jobs to those not containing the substring when ! is specified.


Quarantine a normal queue with the given reason or unquarantine a quarantined queue if a reason is not given. This option must be used with a matching item.


Limit processed jobs to those containing substr as a substring of one of the recipients, or limit jobs to those not containing the substring when ! is specified.


Limit processed jobs to those containing substr as a substring of the sender, or limit jobs to those not containing the substring when ! is specified.


An alternate and obsolete form of the f flag.


Set the amount of the message to be returned if the message bounces. The values that can be set for return are as follows:


To return the entire message


To return only the headers.


Read message for recipients. To:, Cc:, and Bcc: lines will be scanned for recipient addresses. The Bcc: line will be deleted before transmission.


Initial (user) submission. This flag should always be set when sendmail is called from a user agent such as mail or elm. This flag should never be set when called from a network delivery agent such as rmail.


Go into verbose mode. Alias expansions will be announced, etc.


Set the original envelope identification. This is propagated across SMTP to servers that support DSN's (delivery status notification) and is returned in DSN-compliant error messages.


Log all traffic in and out of mailers in the indicated logfile. This should only be used as a last resort for debugging mailer bugs. It will log a lot of data very quickly.


Stop processing command flags and use the rest of the arguments as addresses.

Processing Options

There are various processing options available. Normally these will only be used by a system administrator. Options may be set either on the command line using the -o flag or in the configuration file, /etc/mail/sendmail.cf. The options are:


Use alternate alias file.


If set, sendmail logs transient error messages as LOG_ALERT messages at Loglevel>=2, else it logs as LOG_INFO messages at Loglevel>8.


On mailers that are considered ``expensive'' to connect to, do not initiate immediate connection. This requires queuing.


Checkpoint the queue file after every N successful deliveries (default 10). This avoids excessive duplicate deliveries when sending to long mailing lists interrupted by system crashes.


Set the delivery mode to x. The delivery modes are:


background (asynchronous) delivery.


deferred; the same as q except that database lookups (DNS and NIS lookups) are avoided.


interactive (synchronous) delivery.


queue only; expect the messages to be delivered the next time when the queue is run.


Set error processing to mode x. The valid modes are:


do special processing for the BerkNet.


mail back the error message.


print the errors on the terminal (default).


throw away error messages (only exit status is returned).


``write'' back the error message (or mail it back if the sender is not logged in).

If the text of the message is not mailed back by modes m or w, and if the sender is local to this machine, then a copy of the message is appended to the file dead.letter in the sender's home directory.


Save UNIX -style ``From'' lines at the front of messages.


Use this option to set the maximum number of times a message is allowed to ``hop'' before it is considered in a loop.


Use this option to instruct sendmail to ignore dots in a line by themselves as a message terminator.


Send error messages in MIME format.


Set connection cache timeout.


Set connection cache size.


Set the log level.


Send to ``me'' (the sender) also if the sender is in an alias expansion.


Validate the right hand side of aliases during a newaliases command. See newaliases(1M).


Set this option to have old style headers in the message. If not set, this message is guaranteed to have new style headers (i.e., commas instead of spaces between addresses). If set, an adaptive algorithm is used that will correctly determine the header format in most cases.


Select the directory in which the messages are to be queued.


Use this option to save mail traffic statistics into the specified file.


Define the location of the system-wide dead.letter file.


Override the connection address (for testing).


Define trusted user for changing the file ownership and also for starting the daemon.


Set this option to create a daemon control socket. This socket allows an external program to control and query status from the running sendmail daemon via a named socket.


Limit the size of MIME headers and parameters within those headers. This option is intended to protect mail user agents (MUAs) from buffer overflow attacks.


Specify the maximum depth of alias recursion.


Define the location of the pid file. The /etc/mail/sendmail.pid file will be the default even if this option is not set.


Specify a prefix string for the process title shown in ps listings.


Control the maximum size of a memory-buffered data (df) file before a disk-based file is used.


Control the maximum size of a memory-buffered transcript (xf) file before a disk-based file is used.


Use this option to list all the authentication mechanisms used.


Set filename that contains authentication information for outgoing connections. This file must contain the user id, the authorization id, the password (plain text), and the realm to use, each on a separate line and must be readable by root (or the trusted user) only. If no realm is specified, $j will be used.


If this option is set to 'A' then the AUTH= parameter for the MAIL FROM command is issued only when the authentication succeeds.


Default map specification for LDAP maps. The value should contain only LDAP specific settings like ``-h host -p port -d bindDN'', etc. The settings will be used for all LDAP maps unless they are specified in the individual map specification (K command).


Path to directory with certs of CAs.


File containing one CA cert.


File containing the cert of the server; i.e., this cert is used when sendmail acts as a server.


File containing the private key belonging to the server cert.


File containing the cert of the client; i.e., this cert is used when sendmail acts as a client.


File containing the private key belonging to the client cert.


File containing the DH parameters.


File containing random data (use prefix file:) or the name of the UNIX socket if EGD is used (use prefix egd:).


Set this option to limit the total time spent in satisfying a control socket request.


Use this option to set the resolver's retransmission time interval in seconds. This also sets Timeout.resolver.retrans.first and Timeout.resolver.retrans.normal options.


Use this option to set the resolver's retransmission time interval in seconds for the first attempt to deliver a message.


Use this option to set the resolver's retransmission time interval in seconds for all resolver lookups except the first delivery attempt.


Use this option to set the number of times to retransmit a resolver query. This also sets Timeout.resolver.retry.first and Timeout.resolver.retry.normal options.


Use this option to set the number of times to retransmit a resolver query for the first attempt to deliver a message.


Use this option to set the number of times to retransmit a resolver query for all resolver lookups except the first delivery attempt.


Use this option to set the timeout on undelivered messages in the queue to the specified time. The failed messages will be returned to the sender after the delivery fails for this amount of time (e.g., because of a host being down). The default is three days.


Set this option to get forwarding information from the user database. You can consider this as an adjunct to the aliasing mechanism, except that the database is intended to be distributed; aliases are local to a particular host.


Use this option to fork each job during queue runs. This may be convenient on memory-poor machines.


Use this option to strip incoming messages to seven bits.


Set the handling of 8-bit input to 7-bit destinations. Mode can be set to the following values:


Convert to 7-bit MIME format.


Pass it as eight bits.


Bounce the mail.


Use this option to set the time interval between attempts to send a message from the queue.


Use this option to set the default character-set used to label 8-bit data that is not otherwise labeled.


If opening a connection fails, sleep for sleeptime seconds and try again. This is useful on dial-on-demand sites.


Use this option to set the behaviour when there are no recipient headers (To:, Cc: or Bcc:) in a message to action. The action can be set to the following values:


Leaves the message unchanged.


Adds a To: header with the envelope recipients.


Adds an Apparently-To: header with the envelope recipients.


Adds an empty Bcc:


Adds a header reading To:undisclosed-recipients:


Use this option to set the maximum number of children that an incoming SMTP daemon will allow to spawn at any time to N.


Use this option to set the maximum number of connections per second to the SMTP port to N.


Use this option to rebuild the alias database when needed. Setting this option may cause excessive overhead and is not recommended.


Use this option to turn off the inclusion of all the interface names in $=w on startup. In particular, if you have many virtual interfaces, this option speeds up the startup. However, unless you make other arrangements, mails sent to those addresses will bounce. This is useful for sending mail to hosts which have dynamically assigned names.


This options allows you to bypass some of sendmail file security checks at the expense of system security. This should be used only if you are aware of the consequences. The options available for DontBlameSendmail are:

































Set this option to true, to prevent program deliveries from picking up extra group privileges.


Use this option to limit the number of recipients, no_of_recipients that will be accepted in a single SMTP transaction. After this number is reached, sendmail starts returning "452 Too many recipients" to all RCPT commands. This can be used to limit the number of recipients per envelope (in particular, to discourage use of the server for spamming). Note: A better approach is to restrict relaying entirely.


Use this option to specify the maximum length of the sum of all headers, max_header_length. This can be used to prevent a Denial-of-Service(DoS) attack.


Use this option to enable sendmail do a setuid to that user early in processing to avoid potential security problems. However, this means that /var/spool/mqueue directory owned by the user and all .forward and :include: files must be readable by that user, and all files to be written must be writable by that user, and all programs will be executed by that user. It is also incompatible with the SafeFileEnvironment option. In other words, it may not actually add much to security. However, it should be useful on firewalls and other places where users do not have accounts and the aliases file is well constrained.


Files named as delivery targets must be regular files in addition to the regular checks in order to use this option. Also, if the option is non-null, then it is used as the name of a directory that is used as a chroot() environment for the delivery; the file names listed in an alias or forward should include the name of this root.


Use this option to sort the queue based on the following values:


This makes better use of the connection cache, but may delay more ``interactive'' messages behind large backlogs under some circumstances. It is recommended to use this option if you have high speed links or do not process too many ``batch'' messages; it might not perform better, if you are using something like PPP on a 14.4 modem.


This option causes the queue to be sorted strictly on the time of submission. This might adversely affect the performance over slow lines and on nodes with heavy traffic. Also, this does not guarantee that jobs will be delivered in submission order unless you set DeliveryMode=queue option. In general, it should be used only on the command line, and in conjunction with -qRhost.domain.


This option sorts the queue by filename. This avoids opening and reading each queue file while preparing to run the queue. This will speed up the queue processing.


The flag can be set to the following values:


Allow open access.


Insist on HELO (or EHLO) before the MAIL command.


Insist on HELO (or EHLO) before the EXPN command.


Disallow EXPN command totally.


Insist on HELO (or EHLO) before the VRFY command.


Disallow VRFY command totally.


Restrict mailq command.


Restrict -q command-line flag.


Do not return success DSN's.


Disallow essentially all SMTP status queries.


Put X-Authentication-Warning headers in messages if HELO was not used inside SMTP transaction.


Flag to disable the SMTP VERB command.


Flag to disable the SMTP ETRN command.

By default, authwarnings and restrictqrun are enabled.


The fields currently supported by sendmail are:


The values can be either inet or inet6. The default value is inet.


IP address or hostname


Name of the agent (MTA or MSA)


Port number (for Name=MSA, the port number should be 587)


Send buffer size


Receive buffer size


Listen queue size


Modifier flags.

Following are the values to which the modifier flag can be set:


Require authentication.


Bind to interface through which mail has been received.


Pass the address for canonification.


Enable fully qualified address for From address.


Use name of interface for outgoing HELO command.


Disable fully qualified address for From address.


Do not pass the address for canonification.


Turn off ETRN connections.

Note: In order to use the IPv6 feature, you need to set the DaemonPortOptions with Family=inet6. If this option is set with Name=MSA, a separate daemon starts at port 587 that acts as a Message Submission Agent (MSA).


This option is similar to DaemonPortOptions but meant for outgoing connections. See DaemonPortOptions above for the option values available.


You can set up system aliases and user forwarding. The alias and .forward files are described in the aliases(5) manpage.


sendmail returns an exit status describing what it did. The codes are defined in <sysexits.h>:


Successful completion on all addresses.


User name not recognized.


Catchall meaning necessary resources were not available.


Syntax error in address.


Internal software error, including bad arguments.


Temporary operating system error, such as ``cannot fork'' .


Host name not recognized.


Message could not be sent immediately, but was queued.


Terminating and restarting the sendmail daemon may not be instantaneous.


The sendmail command was developed by the University of California, Berkeley, and originally appeared in BSD 4.2.



User's mail forwarding file


User's failed message file

Except for the /etc/mail/sendmail.cf file and the daemon process ID file, the below mentioned default pathnames are all specified in the configuration file, /etc/mail/sendmail.cf. These default file names can be overridden in the configuration file.


raw data for alias names


data base of alias names


configuration file


help file


collected statistics


mail queue files


The process id of the daemon


The list of all hostnames that are recognized as local, which causes sendmail to accept mail for these hosts and attempt local delivery


configuration file for the name-service switch

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.