DaemonPortOptions

Options for the daemon

V8.1 and later

The sendmail program can run in two connection modes: as a daemon, accepting connections; or as a client, making connections. Each mode can connect to a port to do its work. The options for the client port are set by the ClientPortOptions option (ClientPortOptions). The options for the daemon are set by this DaemonPortOptions option.

This DaemonPortOptions option is used to customize the daemon's SMTP service. The form for this option is as follows:

O DaemonPortOptions=pair,pair,pair               configuration file (V8.7 and later) 
-ODaemonPortOptions=pair,pair,pair               command line (V8.7 and later) 
define(`confDAEMON_OPTIONS',``pair,pair,pair'')  mc configuration (V8.7 and later) 
DAEMON_OPTIONS(``pair,pair,pair'')               mc configuration (V8.11 and later) 
OOpair,pair,pair                                 configuration file (deprecated) 
-oOpair,pair,pair                                command line (deprecated)

The DaemonPortOptions option is set to a comma-separated list of pairs,^[14] where each pair is of the form:

^[14] When the argument to an m4 define command contains one or more commas, that argument should be enclosed in double half-quotes.

key=value

Nine keys are available. Prior to V8.7 they were case-sensitive and an unknown key was silently ignored. With V8.8 and later, an unknown key is still ignored but now causes the following error to be printed:

DaemonPortOptions unknown parameter "key"

Beginning with V8.10, you can declare multiple DaemonPortOptions options, where each causes the single listening daemon to accept connections over multiple sockets.

The list of all currently defined keys is shown in Table 24-14.

Table 24-14. DaemonPortOptions option keywords
Key	§	Meaning
Addr	See this section	The network to accept connection from
Family	See this section	The type of network we are connected to
Listen	See this section	The size of the listen(2) queue
Modify	See this section	User-setable flags that modify daemon behavior (V8.10 and later)
Name	See this section	User-definable name for the daemon (V8.10 and later)
Port	See this section	The port number on which sendmail should listen
ReceiveBufSize	See this section	The size of the TCP/IP receive buffer
SendBufSize	See this section	The size of the TCP/IP send buffer

Only the first character in each key is recognized, so a succinct declaration such as the following can be used to change the port used by the daemon:

O DaemonPortOptions=P=26,A=our-addr  # Only listen for local mail on nonstandard port 26

The DaemonPortOptions option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.

DaemonPortOptions=Addr=

The Addr key specifies the address to use. The value is the name^[15] or IP address of one of your network interfaces:

^[15] Names did not work prior to V8.8 sendmail.

O DaemonPortOptions=Addr=128.32.204.25     # listen to our IP address only

If the Addr= and its value are omitted, the default address becomes INADDR_ANY, which allows connections to any address on the local machine. Note that this Addr is most useful on multihomed (or multialiased interface) machines, although it can also be useful on single interface machines (such as listening for connections on the localhost, 127.0.0.1).

Whenever sendmail calls rule sets to process a message, it puts the value of this DaemonPortOptions=Addr option into the ${daemon_addr} macro (${daemon_addr}). That macro is available for designing rule sets which make decisions based on the network address. (See also the ${client_addr) macro, ${client_addr}.)

DaemonPortOptions=Family=

The Family key is used to specify the network family. The legal possible values are inet for AF_INET, inet6 for AF_INET6, iso for AF_ISO, ns for AF_NS, and x.25 for AF_CCITT:

O DaemonPortOptions=Family=iso

Note that only inet, inet6, and iso are currently supported. The default is inet. Also note that inet requires NETINET to be defined, inet6 requires NETINET6 to be defined, and iso requires NETISO to be defined when sendmail is compiled (see NET...).

Whenever sendmail calls rule sets to process a message, it puts the value of this DaemonPortOptions=Family option into the ${daemon_family} macro (${daemon_family}). That macro is available for designing rule sets which make decisions based on the address family.

DaemonPortOptions=Listen=

When sendmail begins to run in daemon mode, it executes a listen(2) system call as part of monitoring its SMTP port for incoming mail. The second argument to listen(2) defines the maximum length to which the incoming queue of pending connections can grow. If a connection request arrives with the queue full, the client will receive an error that indicates ECONNREFUSED. This Listen key is used to change the size of the incoming queue from its default of 10. If Listen is less than or equal to zero, listen(2) will silently set its own default. But note that some kernels might have built-in defaults of their own, so setting Listen might have no effect.

DaemonPortOptions=Modify=

Beginning with V8.10 sendmail, you can modify selected characteristics of the port. Modification is done by listing selected letters from Table 24-15 following the Modify=. Note that the letters are case-sensitive. Also note that of these letters, only h, S, and A are valid for the ClientPortOptions option.

Table 24-15. Modify= port option letters
Letter	Meaning
a	Require authentication with the AUTH ESMTP keyword before continuing with the connection. Do not use this setting on a public MTA that listens on port 25!
b	Only send mail out on the interface address through which mail has been received. This is most useful on a host that is known by many hostnames, such as an ISP supporting multiple company domains on a single server, although it is also useful on smaller machines that restrict inbound connections to particular addresses.
c	Always perform hostname canonification. Determined via the `${daemon_flags}` macro (${daemon_flags}) and the `${client_flags}` macro (${client_flags}).
f	Require fully qualified hostnames. Whether a hostname is fully qualified is determined via configuration file rules that employ the `${daemon_flags}` macro (${daemon_flags}) and the `${client_flags}` macro (${client_flags}). See also the `accept_unqualified_senders` FEATURE (FEATURE(accept_unqualified_senders)).
h	Use name associated with the connecting interface for HELO command or for the initial greeting.
r	Request fully qualified recipient address. Uses `${daemon_flags}` (${daemon_flags}) and `${client_flags}` (${client_flags}).
u	Allow unqualified addresses. Determined via the `${daemon_flags}` macro (${daemon_flags}), the `${client_flags}` macro (${client_flags}), and configuration file rules. See also the `accept_unqualified_senders` FEATURE (FEATURE(accept_unqualified_senders)).
A	Disable authentication�overrides the `a` modifier above. (V8.12 and later)
C	Don't perform hostname canonification.
E	Disallow use of the ETRN command (Section 11.8.2.6), as per RFC2476. Used for the MSA port 587.
O	If opening a socket fails, ignore the failure. (V8.12 and later)
S	Don't offer STARTTLS at session beginning. (V8.12 and later)

In general, uppercase letters turn items on, while lowercase letters turn items off. Note that use of letters other than those shown will not yield an error. In fact, you can add your own letters and then use a ${daemon_flags} (${daemon_flags}) or ${client_flags} (${client_flags}) macro in your own custom rule sets to produce other interesting port-based decisions. One possibility might be to insist that any sender addresses arriving in the internal interface be fully qualified, and part of the local domain.

DaemonPortOptions=Name=

Because sendmail can listen on different ports simultaneously, and can bind to specific interfaces, it is desirable that each such instance be given a distinctive name. When listening on port 25 for inbound mail, sendmail is functioning as an MTA. When listening on port 587 for locally submitted mail, sendmail is functioning as an MSA.

This DaemonPortOptions=Name= is used to set the name that will be reported with the daemon= syslog equate (daemon=), and that is placed into a ${daemon_name} (${daemon_name}) or ${client_name} ${client_name}) macro. Many errors in connections now produce error messages that include the expression:

daemon name

to help clarify which port and role ran into a problem.

DaemonPortOptions=Port=

The Port key is used to specify the service port on which the daemon should listen. This is normally the port called smtp, as defined in the /etc/services file. The value can be either a services string (such as smtp) or a number (such as 25). This key is useful inside domains that are protected by a firewall. By specifying a nonstandard port, the firewall can communicate in a more secure manner with the internal network while still accepting mail on the normal port from the outside world:

O DaemonPortOptions=Port=26

If this pair is missing, the port defaults to smtp.

As of V8.10, sendmail now also obeys RFC2476 and (by default) listens on port 587 for the local submission of mail (see FEATURE(no_default_msa)).

The value of Port (port number) is placed into the ${daemon_port} macro (${daemon_port}) whenever rule sets are processed by that invocation of the daemon. For the ClientPortOptions option, the value of Port (port number) is placed into the ${client_port} macro whenever the client connects to another host.

Note that for the ClientPortOptions option, this Port probably should be set because it limits outbound connections to one per IP address (because ports cannot be shared).

DaemonPortOptions=ReceiveBufSize=

The ReceiveSize key is used to specify the size of the TCP/IP receive buffer. The value is a size in bytes. This should not be set unless you are having performance problems. Slow links (such as 9.6K SL/IP lines) might profit from a setting of 256, for example:

O DaemonPortOptions=ReceiveSize=256

The default value is set by the system (see setsockopt(2)).

DaemonPortOptions=SendBufSize=

The SendSize key is used to specify the size of the TCP/IP send buffer. The value is a size in bytes. This should not be set unless you are having performance problems. Slow links (such as 9.6K SL/IP lines) might profit from a setting of 256, for example:

O DaemonPortOptions=SendSize=256