home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Book HomeTCP/IP Network AdministrationSearch this book

E.4. More sendmail.cf

Many options and flags can be used in configuring the sendmail.cf file. All of the important configuration parameters are covered in Chapter 10, "sendmail ". But if you are unlucky enough to have a configuration that requires you to tweak one of the more obscure parameters, you will find all of them in the following tables.

E.4.1. sendmail Macros

The sendmail.cf file contains a large number of macro variables. Macros are useful because they can store values specific to your configuration and yet be referenced by a macro name that is independent of your configuration. This makes it possible to use a configuration file that is essentially the same on many different systems simply by varying the value stored in the macro. This appendix lists all of the internal sendmail macros in two tables. Table E-7 lists all of the macros that use single-character names.

Table E-7. Macros with single-character names

Macro

Contents

a

The date and time the mail was sent.

b

The current date in RFC 822 format.

B

The name of the Bitnet relay.

c

The number of times the mail has been forwarded.

C

The name of the DECnet relay.

d

The current date and time in ctime format.

E

Reserved for an X.400 relay.

f

The sender address.

F

The name of the FAX relay.

g

The sender address written as a full return address.

h

The recipient host.

H

The name of the mail hub.

i

The queue identifier.

j

The fully qualified domain name of the local computer.

k

The local system's UUCP node name.

L

The name of the LUSER_RELAY.

m

The name of the local domain.

M

The name used to masquerade outbound mail.

n

The sender name used for error messages.

p

The PID of the sendmail process running as a mail delivery agent.

r

The protocol used when the message was first received.

R

The name of the LOCAL_RELAY.

s

The hostname of the sender's machine.

S

The name of the SMART_HOST relay.

t

A numeric representation of the current date and time.

u

The username of the recipient.

U

A local UUCP name that overrides the value of $k.

v

The version number of sendmail that is running.

V

The name of the UUCP relay for class V hosts.

w

The hostname of the local system.

W

The name of the UUCP relay for class W hosts.

x

The full name of the sender.

X

The name of the UUCP relay for class X hosts.

Y

The name of the UUCP relay for all other hosts.

z

The home directory of the recipient.

Z

The version number.

_

Sender address validated by identd.

The current version of sendmail allows macros to have multi-character names. Table E-8 lists the macros that use long names.

Table E-8. Reserved macros with long names

Macro

Contents

{auth_authen}

Identity of the authenticated user.

{auth_author}

Source of the authentication.

{auth_ssf}

The number of bits in the encryption key used by AUTH.

{auth_type}

The type of authentication mechanism used.

{bodytype}

The values from the ESMTP BODY parameter.

{cert_issuer}

The distinguished name of the certificate authority.

{cert_subject}

The distinguished name of the subject of the certificate.

{cipher_bits}

The length of the encryption key used for the connection.

{cipher}

The encryption technique used for the connection.

{client_addr}

The IP address of the remote client connected to TCP port 25.

{client_name}

The canonical name of the client connected to TCP port 25.

{client_port}

The source port number used by the remote client.

{client_resolve}

The keyword OK, FAIL, Forged or TEMP that indicates the result of a reverse DNS lookup using the client's IP address.

{currHeader}

The contents of the current header during header processing.

{daemon_addr}

The IP address of the network interface from which the daemon accepts mail. Normally 0.0.0.0 to indicate all interfaces.

{daemon_family}

The protocol family being used. Normally inet to indicate TCP/IP. Other values are inet6, iso, and ns.

{daemon_flags}

The flags set by the DaemonPortOption command, if any.

{daemon_info}

General information about the daemon.

{daemon_name}

The daemon name, which is usually Daemon1 unless a daemon name is defined by the DaemonPortOptions command.

{daemon_port}

The port that the daemon is listening on, usually 25.

{deliveryMode}

The current delivery mode.

{envid}

The DSN ENVID value from the Mail From: header.

{hdrlen}

The length of the string stored in {currHeader}.

{hdr_name}

The name of the current header during header processing.

{if_addr}

The IP address of the network interface used by the current incoming connection.

{if_name}

The hostname assigned to the network interface used by the current incoming connection.

{mail_addr}

The user's mail address from the mail delivery triple created from the MAIL From: envelope header.

{mail_host}

The hostname from the mail delivery triple created from the MAIL From: envelope header.

{mail_mailer}

The mailer name from the mail delivery triple created from the MAIL From: envelope header.

{MessageIdCheck}

The value from the incoming Message-Id: header.

{ntries}

The number of delivery attempts.

{opMode}

The operating mode from the sendmail command line.

{queue_interval}

The length of time between queue runs defined by the -q command-line option.

{rcpt_addr}

The user's mail address from the mail delivery triple created from the RCPT To: envelope header.

{rcpt_host}

The hostname from the mail delivery triple created from the RCPT To: envelope header.

{rcpt_mailer}

The mailer name from the mail delivery triple created from the RCPT To: envelope header.

{server_addr}

The IP address of the remote server for the outgoing connection.

{server_name}

The name of the remote server for the outgoing connection.

{tls_version}

The TLS/SSL version used for the connection.

{verify}

The result of the verification process.

E.4.2. sendmail Classes

As the previous tables show, sendmail has many internal macros. It also has several internal classes. Most of these classes still use single-character names. A few use the newer long names. The full list of internal classes is shown in Table E-9.

Table E-9. Internal sendmail classes

Name

Contents

B

Domain names included in the bestmx-is-local process.

E

Usernames that should not be masqueraded.

G

Domains that should be looked up in the genericstable.

L

Local users that are not forwarded to MAIL_HUB or LOCAL_RELAY.

e

Supported MIME Content-Transfer-Encodings. Initialized to 7bit, 8bit, and binary.

k

The system's UUCP node names.

M

Domains that should be masqueraded.

m

All local domains for this host.

n

MIME body types that should never be 8- to 7-bit encoded. Initialized to multipart/signed.

q

MIME Content-Types that should not be Base64-encoded. Initialized to text/plain.

N

Hosts and domains that should not be masqueraded.

O

Characters that cannot be used in local usernames.

P

Pseudo-domain names, such as REDIRECT.

R

Domains for which this system will relay mail.

s

MIME message subtypes that can be processed recursively. Initialized to rfc822.

t

The list of trusted users.

U

The UUCP hosts that are locally connected.

V

The UUCP hosts reached via the relay defined by $V.

W

The UUCP hosts reached via the relay defined by $W.

X

The UUCP hosts reached via the relay defined by $X.

Y

Directly connected "smart" UUCP hosts.

Z

Directly connected UUCP hosts that use domain names.

.

A literal dot (.).

[

A literal left bracket ([).

{LDAPRoute}

A list of domains that can be rerouted based on LDAP lookups.

{VirtHost}

A list of hosts and domains that are valid virtual hostnames.

w

All hostnames this system will accept as its own.

E.4.3. sendmail Options

A large number of sendmail options can be set inside the sendmail configuration file. Chapter 10, "sendmail " provides the syntax of the option command in Table 10-1 and several examples of options. The complete list of options is:

AliasFile=[class:]file, [class:]file...

Identifies the alias file(s). class is optional and defaults to implicit. Valid classes are implicit, hash, dbm, stab (internal symbol table) or nis. The selected database class must be a database type that was compiled into sendmail on your system. file is the pathname of the alias file.

AliasWait=timeout

Wait timeout minutes for an "@:@" entry to appear in the alias database before starting up. When timeout expires, automatically rebuild the database if AutoRebuildAliases is set; otherwise, issue a warning.

AuthMechanisms=list

Advertise the listed authentication mechanisms.

AuthOptions=list

Lists the options supported with the SMTP AUTH argument.

AllowBogusHELO

Accept illegal HELO SMTP commands that don't contain a hostname.

AutoRebuildAliases

Automatically rebuild the alias database when necessary. The preferred method is to rebuild the alias database with an explicit newaliases command.

BlankSub=c

Use c as the blank substitution character to replace unquoted spaces in addresses. The default is to leave the spaces unchanged.

CACERTFile=filename

Identifies the file that contains the certificate of a certificate authority.

CACERTPath=path

Defines the path to the directory that contains the certificates of various certificate authorities.

CheckAliases

Check that the delivery address in each alias is valid when rebuilding the alias database. Normally this check is not done. Adding this check slows the database build substantially. This is a Boolean.

CheckpointInterval=n

Checkpoint the queue after every n items are processed to simplify recovery if your system crashes during queue processing. The default is 10.

ClassFactor=fact

The multiplier used to favor messages with a higher value in the Priority: header. Defaults to 1800.

ClientCertFile=file

Identifies the file that contains the certificate used when this system acts as a client.

ClientKeyFile=file

Identifies the file that contains the private key used when this system acts as a client.

ClientPortOptions=options

Defines nonstandard settings used when this system acts as an SMTP client. options is a comma-separated list of keyword=value pairs. Valid keyword=value pairs are:

Port=port

Defines the source port number the client uses for outbound connections. port can be specified by number or name. If a name is used, the name must be defined in /etc/services. By default, the source port for an outbound connection is generated by the system for the connection.

Addr=address

Defines the address of the network interface the client uses for outbound connections. The value for address can be written in dotted decimal notation or as a name. By default, any available interface is used.

Family=protocol

Defines the protocol family used for the connection. inet, which is the default, is the protocol family for TCP/IP.

SndBufSize=bytes

Defines the size of the send buffer.

RcvBufSize=bytes

Defines the size of the receive buffer.

Modifier=flags

Defines the daemon flags for the client. Only one flag, h, is available. The h flag tells the client to use the name assigned to the interface on the SMTP HELO or EHLO command.

ColonOkInAddr

Accept colons in email addresses (e.g., host:user). Colons are always accepted in pairs in mail routing (nodename::user) or in RFC 822 group constructs (groupname: member1, member2, ...;). By default, this option is "on" if the configuration version level is less than 6.

ConnectionCacheSize=n

The number of connections that can be held open (cached) by this instantiation of sendmail. The default is 1. The maximum is 4. 0 causes connections to be closed immediately after the data is sent, which is the traditional way sendmail operated.

ConnectionCacheTimeout=timeout

The amount of time an inactive cached connection is held open. After timeout minutes of inactivity, it is closed. The default is 5 minutes.

ConnectionRateThrottle=n

Limits the number of incoming connections accepted in any 1-second period to n. The default is 0, which means no limit.

ConnectOnlyTo=address

Limits all SMTP connections to a single destination address. Used only for testing.

ControlSocketName=path

Defines the path of the Unix control socket used to manage daemon connections. By default, this is not defined.

DaemonPortOptions=options

Sets SMTP server options. The options are key=value pairs. The options are:

Port=portnumber

where portnumber is any valid port number. It can be specified with the number or the name found in /etc/services. The default is port 25, SMTP.

Addr=mask

where mask is an IP address mask specified either in dotted decimal notation or as a network name. The default is INADDR-ANY, which accepts all addresses.

Family=addressfamily

where addressfamily is a valid address family (see the ifconfig command). The default is INET, which allows IP addresses to be used.

Listen=n

where n is the number of queued connections allowed. The default is 10.

SndBufSize=n

where n is the send buffer size.

RcvBufSize=n

where n is the receive buffer size.

DataFileBufferSize=bytes

Defines the maximum amount of memory that can be used to buffer a data file.

DeadLetterDrop=file

Defines the file where messages that cannot be returned to the sender or sent to the postmaster account are stored.

DefaultAuthInfo=file

Defines the file that contains the authentication information needed for outbound connections.

DefaultCharSet=charset

The character set placed in the Content-Type: header when 8-bit data is converted to MIME format. The default is unknown-8bit. This option is overridden by the Charset= field of the mailer descriptor.

DefaultUser=user[:group]

The default user ID and group ID for mailers without the S flag in their definitions. If group is omitted, the group associated with user in the /etc/passwd file is used. The default is 1:1.

DeliveryMode=x

Deliver in mode x, where x is i (interactive delivery), b (background delivery), q (queue the message), or d (defer until the queue run). The default is b.

DHParameters=parameters

Defines the DH parameters used for DSA/DH encryption.

DialDelay=delaytime

Delay delaytime seconds before redialing a failed connection on dial-on-demand networks. The default is 0 (no redial).

DontBlameSendmail=options

Disables sendmail's file security checks. options is a comma-separated list of keywords that disable specific security checks. The values for this option are set by the confDONT_BLAME_SENDMAIL define command in the m4 source file. The valid keywords for the options list are:

AssumeSafeChown

Allow the chown command because it is only available to the root user.

ClassFileInUnsafeDirPath

Accept any directory path in an F command.

DontWarnForwardFileInUnsafeDirPath

Don't issue a warning about an unsafe path for the .forward file.

ErrorHeaderInUnsafeDirPath

Accept the error header file regardless of its directory path.

FileDeliveryToHardLink

Permit delivery to a file that is really a hard link.

FileDeliveryToSymLink

Permit delivery to a file that is really a symbolic link.

ForwardFileInUnsafeDirPath

Accept a .forward file even if it is in an unsafe directory.

ForwardFileInUnsafeDirPathSafe

Accept program and file references from a .forward file even if it is in an unsafe directory.

ForwardFileIngroupWritableDirPath

Accept a .forward file even if it is in a group-writable directory.

GroupWritableAliasFile

Accept the aliases file even if it is group-writable.

GroupWritableDirPathSafe

Accept all group-writable directories as "safe."

GroupWritableForwardFileSafe

Accept a .forward file even if it is group-writable.

GroupWritableIncludeFileSafe

Accept :include: files even if they are group-writable.

HelpFileinUnsafeDirPath

Accept the help file even if it is in an unsafe directory.

IncludeFileInUnsafeDirPath

Accept :include: files even if they are from unsafe directories.

IncludeFileInUnsafeDirPathSafe

Accept program and file references from :include: files even if they are in an unsafe directory.

IncludeFileIngroupWritableDirPath

Accept :include: files even if they are in a group-writable directory.

InsufficientEntropy

Use STARTTLS even if the random seed generator for SSL is inadequate.

LinkedAliasFileInWritableDir

Accept an aliases file that is a link in a writable directory.

LinkedClassFileInWritableDir

Load class values from files that are links in writable directories.

LinkedForwardFileInWritableDir

Accept .forward files that are links in writable directories.

LinkedIncludeFileInWritableDir

Accept :include: files that are links in writable directories.

LinkedMapInWritableDir

Accept database files that are links in writable directories.

LinkedServiceSwitchFileInWritableDir

Accept a service switch file that is a link in a writable directory.

MapInUnsafeDirPath

Accept database files that are in unsafe directories.

NonRootSafeAddr

Don't flag file and program deliveries as unsafe when sendmail is not running as root.

RunProgramInUnsafeDirPath

Run programs that are in writable directories.

RunWritableProgram

Run programs that are group- or world-writable.

Safe

Leave all of the safety checks on. This is the default.

TrustStickyBit

Trust group- and world-writable directories if the sticky bit is set.

WorldWritableAliasFile

Accept the aliases file even if it is world-writable.

WriteMapToHardLink

Write to database files even if they are really hard links.

WriteMapToSymLink

Write to database files even if they are really symbolic links.

WriteStatsToHardLink

Write to the status file even if it is really a hard link.

WriteStatsToSymLink

Write to the status file even if it is really a symbolic link.

DontExpandCnames

Disable the $[name$] syntax used to convert nicknames to canonical names.

DontInitGroups

Don't use the initgroups(3) call. This setting reduces NIS server load, but limits a user to the group associated with that user in /etc/passwd.

DontProbeInterfaces

If set to true, this stops sendmail from adding the names and addresses of the network interfaces to class w. The default is false, so interface names and addresses are stored in class w.

DontPruneRoutes

Don't optimize explicit mail routes. Normally, sendmail makes a route as direct as possible. However, optimizing the route may not be appropriate for systems located behind a firewall.

DoubleBounceAddress=error-address

Send the report of an error that occurs when sending an error message to error-address. The default is postmaster.

EightBitMode=action

Handle undeclared 8-bit data by following the specified action. The possible actions are: s (strict), reject undeclared 8-bit data; m (mime), convert it to MIME; and p (pass), pass it through unaltered.

ErrorHeader=file-or-message

Prepend file-or-message to outgoing error messages. If file-or-message is the path to a text file that is to be prepended, it must begin with a slash. If this option is not defined, nothing is prepended to error messages.

ErrorMode=x

Handle errors messages according to x, where x is: p (print messages); q (give exit status but no messages); m (mail back messages); w (write messages to the user's terminal); or e (mail back messages and always give zero exit status). If this option is not defined, error messages are printed.

FallbackMXhost=fallbackhost

Use fallbackhost as a backup MX server for every host.

ForkEachJob

Run a separate process for every item delivered from the queue. This option reduces the amount of memory needed to process the queue.

ForwardPath=path

The path to search for .forward files. Multiple paths can be defined by separating them with colons. The default is $z/.forward.

HelpFile=file

The path to the help file.

HoldExpensive

Queue mail for outgoing mailers that have the e (expensive) mailer flag. Normally mail is delivered immediately.

HostsFile=path

The path to the hosts file. The default is /etc/hosts.

HostStatusDirectory=path

Directory in which host status information is stored so that it can be shared between sendmail processes. Normally, the status of a host or connection is only known by the process that discovers that status. To function, this option requires that ConnectionCacheSize be set to at least 1.

IgnoreDots

Ignore dots in incoming messages. Dots cannot be ignored by SMTP mail because they are used to mark the end of a mail message.

LDAPDefaultSpec=specification

The default specification used for LDAP databases.

LogLevel=n

n indicates the level of detail stored in the log file. n defaults to 9, which is normally plenty of detail.

MatchGECOS

Check the username from the email address against the GECOS field of the passwd file if it was not found in the alias database or in the username field of the passwd file. This option is not recommended.

MaxAliasRecursion=n

Aliases can point to other aliases before finally resolving to the actual mail address. This option defines how deep aliases can be nested before resolving to a mail address. The default for n is 10.

MaxDaemonChildren=n

Refuse connections when n children are processing incoming mail. Normally sendmail sets no arbitrary limit on child processes.

MaxHeadersLength=bytes

The maximum length allowed for all of the headers taken together.

MaxHopCount=n

Assume a message is looping when it has been processed more than n times. The default is 25.

MaxHostStatAge=n

Retain host status information for n minutes.

MaxMessageSize=n

The maximum message size advertised in response to the ESMTP EHLO. essages larger than this are rejected.

MaxMimeHeaderLength=size

The maximum length of MIME header fields.

MaxQueueRunSize=n

The maximum number of items that can be processed in a single queue run. The default is no limit.

MaxRecipientsPerMessage=n

n limits the maximum number of recipients for a single message. If it is not specified, there is no limit.

MeToo

Send a copy to the sender.

MinFreeBlocks=n

Don't accept incoming mail unless n blocks are free in the queue filesystem.

MinQueueAge=n

Don't process any jobs that have been in the queue less than n minutes.

MustQuoteChars=s

The list of characters added to the set "@,;:\( )[]" that must be quoted when used in the username part of an address. If ustQuoteChars is specified without an s value, it adds "." to the standard set of quoted characters.

NoRecipientAction=action

The action taken when a message has no valid recipient headers. action can be none to pass the message on unmodified, add-to to add a To: header using the recipient addresses from the envelope, add-apparently-to to add an Apparently-To: header, add-to-undisclosed to add a "To: undisclosed-recipients:;" header, or add-bcc to add an empty Bcc: header.

OldStyleHeaders

Allow spaces to delimit names. Normally, commas delimit names.

OperatorChars=charlist

The list of operator characters that are normally defined in macro o. The default is the standard set of operators. See the discussion of rewrite tokens and the use of operators in determining tokens in Chapter 10, "sendmail ".

ProcessTitlePrefix=prefix

A string used on the heading of process status reports.

PostmasterCopy=username

Copy error messages to username. The default is not to send copies of error messages to the postmaster.

PrivacyOptions=options

Set SMTP protocol options, where options is a comma-separated list containing one or more of these keywords:

public

allow all commands

needmailhelo

require HELO or EHLO before MAIL

needexpnhelo

require HELO or EHLO before EXPN

noexpn

disable EXPN

needvrfyhelo

require HELO or EHLO before VRFY

novrfy

disable VRFY

restrictmailq

restrict mailq to users with group access to the queue directory

restrictqrun

only root and the owner of the queue directory are allowed to run the queue

noreceipts

don't return successful delivery messages

goaway

disable all SMTP status queries

authwarnings

put X-Authentication-Warning: headers in messages

QueueDirectory=directory

The pathname of the queue directory.

QueueFactor=factor

The factor used with the difference between the current load and the load average limit and with the message priority to determine if a message should be queued or sent immediately. The idea is to queue low-priority messages if the system is currently heavily loaded. It defaults to 600000.

QueueLA=n

Queue messages when the system load average exceeds n. The default is 8.

QueueSortOrder=sequence

Sort the queue in the sequence specified, where sequence is: h (hostname sequence); t (submission time sequence); or p (message priority order). Priority ordering is the default.

RandFile=file

Points to a file that provides pseudo-random data for certain encryption techniques. This is used only if the compile option HASURANDOM is not available.

ResolverOptions=options

Set resolver options. Available option values are: debug, aaonly, usevc, primary, igntc, recurse, defnames, stayopen, and dnsrch. The option can be preceded by a plus (+) to turn it on or a minus (-) to turn it off. One other option, HasWildcardMX, is specified without a + or -. Simply adding HasWildcardMX turns the option on.

RrtImpliesDsn

If set to true, treat a Return-Receipt-To: header as a request for delivery service notification (DSN). The default is false.

RunAsUser=userid[:groupid]

Run sendmail under this user ID and group ID instead of under root. This may enhance security when sendmail is running on a well-maintained firewall. On general-purpose systems, this may decrease security because it requires that many files be readable or writable by this user ID.

RecipientFactor=factor

The priority of a job is lowered by this factor for each recipient so that jobs with large numbers of recipients have lower priority. Defaults to 30000.

RefuseLA=n

Refuse incoming SMTP connections when the system load average exceeds n. The default is 12.

RetryFactor=factor

The factor used to decrease the priority of a job every time it is processed, so that mail that cannot be delivered does not keep popping to the top of the queue. The default is 90000.

SafeFileEnvironment=directory

chroot(2) to directory before writing a file and refuse to deliver to symbolic links.

SaveFromLine

Save Unix-style From: lines at the front of headers. Normally they are discarded.

SendMIMEErrors

Send error messages in MIME format.

ServerCertFile=file

Identifies the file that contains the certificate used when this system acts as a mail server.

ServerKeyFile=file

Identifies the file that contains the private key used when this system acts as a mail server.

ServiceSwitchFile=path

Identifies the path to a file that lists the methods used for various services. The ServiceSwitchFile contains entries that begin with the service name followed by the service method. sendmail checks for services named "aliases" and "hosts" and supports "dns", "nis", "nisplus", or "files" as possible service methods, assuming that support for all of these methods is compiled into this copy of sendmail. ServiceSwitchFile defaults to /etc/service.switch. If that file does not exist, sendmail uses the following service methods: aliases are looked up in the aliases files, and hosts are looked up first using dns, then nis, and finally the hosts file. If the operating system has a built-in service switch feature, it is used and this option is ignored. See the description of the nsswitch.conf file in Chapter 9, "Local Network Services". It is a service switch file.

SevenBitInput

Strip input to 7 bits for compatibility with old systems. This shouldn't be necessary.

SingleLineFromHeader

For compatibility with some versions of Lotus Notes, unwrap From: lines that have embedded newlines into one long line.

SingleThreadDelivery

Don't open more than one SMTP connection to a remote host at the same time. This option requires the HostStatusDirectory option.

SmtpGreetingMessage=message

The greeting sent to the remote host when it connects to the SMTP server port. This is the value defined in macro e.

StatusFile=file

Log summary statistics in file. By default, summary statistics are not logged.

SuperSafe

Create a queue file, even when attempting immediate delivery.

TempFileMode=mode

Use mode to set the access permissions for queue files. mode is an octal value. It defaults to 0600.

Timeout.type=timeout

Set timeout values, where type is the thing being timed and timeout is the time interval before the timer expires. Table E-10 lists the valid type values, the event being timed, and the default timeout value for each type.

Table E-10. Timeout types

Type

Waiting for

Default

connect

A connection to complete

1m

control

A control socket transmission to complete

2m

iconnect

The connection to the first host in a message

5m

initial

Initial greeting message

5m

helo

Reply to HELO or EHLO command

5m

mail

Reply to MAIL command

10m

rcpt

Reply to RCPT command

1h

datainit

Reply to DATA command

5m

datablock

Data block read

1h

datafinal

Reply to terminating "."

1h

rset

Reply to RSET command

5m

quit

Reply to QUIT command

2m

misc

Reply to NOOP and VERB commands

2m

ident

IDENT protocol response

30s

fileopen

Open on a .forward or :include: file

60s

command

Command read

1h

queuereturn

Returning a queued message as undeliverable

5d

queuereturn.normal

Returning a normal message from the queue as undeliverable

5d

queuereturn.non-urgent

Returning a non-urgent message from the queue as undeliverable

7d

queuereturn.urgent

Returning an urgent message from the queue as undeliverable

2d

queuewarn

Warning that a message is still queued

4h

queuewarn.normal

Warning that a normal message is still queued

4h

queuewarn.non-urgent

Warning that a non-urgent message is still queued

12h

queuewarn.urgent

Warning that an urgent message is still queued

1h

resolver.retrans

A response to a resolver query

5s

resolver.retrans.first

A response to the first resolver query

5s

resolver.retrans.normal

A response to a normal resolver query

5s

resolver.retry

Sets the number of times to retry a resolver query

4

resolver.retry.first

Sets the number of times to retry the first resolver query

4

resolver.retry.normal

Sets the number of times to retry a normal resolver query

4

hoststatus

Removing stale host status

30m

TimeZoneSpec=tzinfo

Set the local time zone information to tzinfo. If TimeZoneSpec is not set, the system default is used; if set to null, the user's TZ variable is used.

TrustedUser=users

The list of users trusted to send mail using another user's name.

TryNullMXList

Connect directly to any remote host that lists the local system as its most preferred MX server, as if the remote host had no MX records. You are discouraged from using this option.

UnixFromLine=fromline

Defines the format for Unix-style From: lines. This is the same as the value stored in macro l.

UnsafeGroupWrites

Group-writable :include: and .forward files cannot reference programs or write directly to files. World-writable files always have these restrictions.

UseErrorsTo

Send error messages to the addresses listed in the Errors-To: header. Normally, errors are sent to the sender address from the envelope.

UserDatabaseSpec=udbspec

The user database specification.

UserSubmission

Indicates that this is not relayed mail, but an initial submission directly from a Mail User Agent.

Verbose

Run in verbose mode.

See Chapter 10, "sendmail " for examples of setting options.

E.4.5. The sendmail K Command

The sendmail K command is used to define a database within the sendmail.cf file. The K command syntax is:

Kname type [arguments]

Chapter 10, "sendmail " provides examples of defining and using a sendmail database, and it describes the K command syntax. This appendix lists the valid type values and arguments that can be used with a K command.

The type field of the K command identifies what kind of database is being defined. There are several internal database types that are specific to sendmail, and several external types that rely on external database libraries. Support for the external database types must be compiled into sendmail by explicitly specifying the supported database types using the confMAPDEF command in a devtools/OS or devtools/Site file used by Build to compile sendmail. See the example of compiling sendmail earlier in this appendix.

The possible values for type are:

dbm

The "new dbm" database format. It is accessed using the ndbm(3) library. Only supported if sendmail is compiled with NDBM defined.

btree

The btree database format. It is accessed using the Berkeley db(3) library. Only supported if sendmail is compiled with NEWDB defined.

hash

The hash database format. It is accessed using the Berkeley db(3) library. Only supported if sendmail is compiled with NEWDB defined.

nis

NIS server lookups. sendmail must be compiled with NIS defined to support this.

nisplus

NIS+ server lookups. sendmail must be compiled with NISPLUS defined to support this.

hesiod

MIT hesiod server lookups. Support requires that sendmail is compiled with HESIOD defined.

ldap

Searches using LDAP. sendmail must be compiled with LDAPMAP defined to support this. sendmail supports most of the standard command-line arguments of the ldapsearch program.

netinfo

NeXT NetInfo lookups. Only supported if sendmail is compiled with NETINFO defined.

text

Text file lookups. Requires no external database libraries or compile options. The format of the text database is defined with the key field, value field, and field delimiter flags. See the next section for a description of the K command flags.

ph

CCSO Nameserver lookups.

program

Queries are passed to an external program for resolution.

stab

An internal symbols table database.

implicit

The default internal sendmail format used for an alias file, if no type is defined for the file.

user

A special sendmail type used to verify the existence of a user by using getpwnam(3).

host

A special sendmail type used to convert nicknames and IP addresses to canonical names via the domain name server. This is an alternative form of the $[name]$ syntax.

sequence

A special sendmail type used to define the order in which previously defined databases are searched. For example, assume that three databases (file1, file2, and file3) are defined by K commands. It is possible to add a fourth K command, Kallfiles sequence file3 file1 file2, that "combines" them together as allfiles and specifies that file3 is searched first, file1 second, and file2 third.

switch

A special sendmail type that uses the service switch file to set the order in which database files are searched. The argument on a K command with a type of "switch" must be the name of a service in the service switch file. The values associated with the service name in the service switch file are used to create the names of databases that are searched in the order in which they are defined. For example, the command Kali switch aliases looks up the service switch entry for aliases. If it contains the value nis files, sendmail searches databases named ali.nis and ali.files in that order.

dequote

A special sendmail type used to strip unwanted double quotes (") from email addresses.

arith

An internal routine used for doing specific arithmetic functions.

bestmx

An internal routine that retrieves the MX record for a host.

dns

An internal routine that retrieves the address for a hostname.

null

An internal routine that returns "Not found" for all lookups.

regex

An internal routine that handles regular expressions.

Many of the possible type values do not refer to real databases. Several types are special values used only inside sendmail. Some refer to internal sendmail routines that are accessed from rewrite rules using the same syntax that would be used to access a database.

The argument that follows most of the real database types is a filename. The filename identifies the external file that contains the database. Only the basic filename is provided. sendmail adds an extension appropriate for the database type. For example, Krealname dbm /usr/etc/names becomes /usr/etc/names.db because .db is the correct extension for dbm databases.

In addition to a filename, the arguments field can contain optional flags:

-o

This is an optional database. sendmail proceeds without error if the file is not found.

-N

Valid database keys are terminated with a NULL character.

-O

Valid database keys are never terminated with a NULL character. Never specify both -N and -O, which indicates that no keys are valid! It is safest to avoid both -N and -O and let sendmail determine the correct key structure unless you are positive about the correct flag.

-ax

Append the string x to the value returned by a successful match.

-f

Do not convert uppercase to lowercase before attempting to match the key.

-m

Check that the key exists in the database, but do not replace the key with the value returned by the database.

-kkeycol

The location of the key within a database entry. For most databases, the key is the first field and this flag is not needed. For text file lookups, this flag is required and keycol is the column number in which the key begins.

-vvalcol

The location of the value within a database entry. For most databases, the value follows the key and the -v flag is not used. For text file lookups, this flag is required and specifies the column in which the value field begins.

-zdelim

The character that delimits fields within the database. By default, it is whitespace.

-t

Allow database lookups that depend on remote servers to fail instead of queuing the mail for later processing. This is primarily used when you have DNS server problems. Normally, when a remote server fails to respond, the mail is put in the queue for later delivery. Setting this flag causes the mail to be immediately returned to the sender as undeliverable.

-sspacesub

Use spacesub to replace space characters after processing an address against the dequote database.

-A

Accept values from duplicate keys. Most databases do not allow duplicate keys.

-q

Preserve any quotes contained in the key. Normally quotes are removed.

The full lists of database types and flags provided in this appendix will help you understand the K commands inserted into the sendmail.cf file by the m4 processor. Your own K commands will be much simpler. You will stick with a database type that is supported by your sendmail and makemap commands, and you will build simple databases designed to fulfill specific purposes. Chapter 10, "sendmail " provides examples of such databases, and the next section contains some simple scripts used to build those example databases.

E.4.5.1. Sample script

In Chapter 10, "sendmail ", the realnames database is used to rewrite login usernames to the "firstname dot lastname" format for outbound email. The script shown below builds the realnames database from the /etc/passwd file.

#! /bin/sh 
# 
# Eliminate "non-login" accounts 
grep -v ':*:' /etc/passwd | \ 
# Eliminate "exposed" usernames, i.e. usernames defined 
#  in class E as names that should not be re-written 
grep -v ' root:' | \ 
# Replace delimiting colons with whitespace 
sed 's/:/ /g' | \ 
# Output the username followed by firstname.lastname 
awk '{ print $1, $5"."$6 }' > realnames 
# Build the realnames database
makemap dbm realnames < realnames

Building realnames from the passwd file is completely dependent on the format of that file. The passwd file must have a consistent format for the GECOS field and a consistent way to identify a "non-user" account. A "non-user" account is not accessed by a user to log in or to collect email. It is normally a system account used by system or application software. A classic example is the uucp account. Every system has some way to mark that these accounts are not used for user logins. Some systems use an asterisk in the password field, while others use an exclamation mark, the letters NP, an x, or something else. The sample script assumes that an asterisk is used, which is the case on my Linux system. (My Solaris system uses an x.) Print out your passwd file to find out what it uses and modify the script accordingly.

The sample script also assumes that the first two values in the GECOS field are the user's first and last names separated by a blank. If the beginning of the GECOS field is in any other format, the script produces garbage. The procedure you use to add new users to your system should produce a consistent GECOS field. Inconsistency is the enemy of automation. The sample below shows a file that has inconsistencies, and the bad data it produces:

% cat /etc/passwd 
root:oRd1L/vMzzxno:0:1:System Administrator:/:/bin/csh 
nobody:*:65534:65534::/: 
daemon:*:1:1::/: 
sys:*:2:2::/:/bin/csh 
bin:*:3:3::/bin: 
uucp:*:4:8::/var/spool/uucppublic: 
news:*:6:6::/var/spool/news:/bin/csh 
ingres:*:7:7::/usr/ingres:/bin/csh 
audit:*:9:9::/etc/security/audit:/bin/csh 
craig:1LrpKlz8sYjw:198:102:Craig Hunt:/home/craig:/bin/csh 
dan:RSU.NYlKuFqzh2:214:885:Dan Scribner:/home/dan:/bin/csh 
becca:monfTHdnjj:101:102:"Becky_Hunt":/home/becca:/bin/csh 
dave:lniuhugfds:121:885:David H. Craig:/home/dave:/bin/csh 
kathy:TUVigddehh:101:802:Kathleen S McCafferty:/home/kathy:/bin/csh 
% build.realnames 
% cat realnames 
craig Craig.Hunt 
dan Dan.Scribner 
becca "Becky_Hunt"./home/becca  
dave David.H.  kathy Kathleen.S

Your passwd file may have grown over time under the control of several different system administrators. It may be full of inconsistencies. If it is, clean it up before you run the script to build email aliases, and then maintain it consistently.



Library Navigation Links

Copyright © 2002 O'Reilly & Associates. All rights reserved.