This section contains a table of new and revised configuration file options and information on the following related topics.
The sendmail options described in the following table are typically declared in the configuration file. However, you can also declare them from the command line. When you use the command line, sendmail relinquishes its root permissions to avoid a security risk.
When you declare these options, use one of the following syntaxes.
O OptionName=argument # for the configuration file -OOptionName=argument # for the command line define(`m4Name',argument) # for m4 configuration |
The following table describes new and revised options for sendmail.
Table 21–2 New and Revised Options for sendmail
Option |
Description |
---|---|
ClientPortOption |
For details, see New ClientPortOptions Option. |
ControlSocketName |
m4 name: confCONTROL_SOCKET_NAME Argument: filename. The recommended socket name is /var/spool/mqueue/.smcontrol. For security, this UNIX® domain socket must be in a directory that is accessible only by root. When set, this new option creates a control socket for daemon management. This option allows an external program to control and query the status of the running sendmail daemon by way of a named socket. The socket is similar to the ctlinnd interface to the INN news server. If not set, no control socket is available. |
DaemonPortOptions |
For details, see Changes to DaemonPortOptions Option. |
DataFileBufferSize |
m4 name: confDF_BUFFER_SIZE Argument: number The new option controls the maximum size (in bytes) of a memory-buffered data (df) file before a disk-based file is used. The default is 4096 bytes. No changes should be necessary for the Solaris operating environment. |
DeadLetterDrop |
m4 name: confDEAD_LETTER_DROP Argument: filename This new option, which you should not need to set, defines the location of the system-wide dead.letter file, formerly hard-coded to /usr/tmp/dead.letter. |
DontBlameSendmail |
A new argument called, NonRootSafeAddr, has been added. When sendmail does not have enough privileges to run a .forward program or deliver to a file as the owner of that file, addresses are marked unsafe. Furthermore, if RunAsUser is set, users cannot use programs or deliver to files in their .forward programs. To resolve these problems, use the new argument, NonRootSafeAddr. |
DontProbeInterfaces |
m4 name: confDONT_PROBE_INTERFACES Argument: true or false. The default is false. If it is set, sendmail does not insert the names and addresses of any local interfaces into class w ($=w). Therefore, you must also include some support for these addresses (for example, in a mailertable entry). Otherwise, mail to these interface addresses bounces with a configuration error. However, this option, when it is set, speeds up your startup. |
LDAPDefaultSpec |
m4 name: confLDAP_DEFAULT_SPEC Argument: Class switch with appropriate definition (for example, -hhost, -pport, -dbind DN). The new option allows a default map specification for LDAP maps. The assigned default settings are used for all LDAP maps unless other individual map specifications are made with the K command. Set this option before defining any LDAP maps. |
MaxAliasRecursion |
m4 name: confMAX_ALIAS_RECURSION Argument: number The option specifies the maximum depth of alias recursion. The defaults are as follows. 50 for a V1/Sun configuration file, which is not recommended for use 10 for any other version of the configuration file |
MaxHeadersLength |
m4 name: confMAX_HEADERS_LENGTH Argument: number The option specifies a maximum length for the sum of all headers and can be used to prevent a denial-of-service attack. The default is 32768. Note that a warning is issued if a value less than 16384 is used. You should not need to change the default value for the Solaris operating environment. |
MaxMimeHeaderLength |
m4 name: confMAX_MIME_HEADER_LENGTH Argument: number The option sets the maximum length of certain MIME header field values to x number of characters. Also, for parameters within headers, you can specify a maximum length of y. The combined values look like x/y. If /y is not specified, half of x is used. If no values are set, the default is 0, which means no checks are made. This option is intended to protect mail user agents from buffer-overflow attacks. The suggested values are in the range of 256/128 to 1024/256. A warning is issued if values less than 128/40 are used. |
MaxRecipientsPerMessage |
Argument: number If it is set, this option allows no more than the specified number of recipients in an SMTP envelope. The minimum argument is 100. This option can still be declared from both the command line and the configuration file. However, normal users can now set it from the command line to allow the override of messages submitted through sendmail -bs. In this instance, sendmail does not relinquish its root privileges. |
PidFile |
m4 name: confPID_file Argument: See Additional Arguments for the PidFile and ProcessTitlePrefix Options. The new option defines the location of the pid file. The file name is macro-expanded before it is opened. The default is /var/run/sendmail.pid. |
PrivacyOptions |
For details, see Changes to the PrivacyOptions Option. |
ProcessTitlePrefix |
m4 name: confPROCESS_TITLE_PREFIX Argument: See Additional Arguments for the PidFile and ProcessTitlePrefix Options. The new option specifies a prefix string for the process title that is shown in /usr/ucb/ps auxww listings. The string is macro-processed. No changes should be necessary for the Solaris operating environment. |
QueueLA |
m4 name: confQUEUE_LA Argument: number The default value has changed from eight to eight times the number of processors online when the system starts. For single-processor machines, this change has no effect. Changing this value overrides the default and prevents the number of processors from being considered. Therefore, the effect of any value changes should be well understood. |
QueueSortOrder |
m4 name: confQUEUE_SORT_ORDER The host argument now reverses the host name before sorting, which means domains are grouped to run through the queue together. This improvement provides better opportunities for use of the connection cache, if available. The new filename argument sorts the queue by file name, which avoids the opening and reading of each queue file when preparing to run the queue. |
RefuseLA |
m4 name: confREFUSE_LA Argument: number The default value has changed from 12 to 12 times the number of processors online when the system starts. For single-processor machines, this change has no effect. A change of this value overrides the default and prevents the number of processors from being considered. Therefore, the effect of any value changes should be well understood. |
RrtImpliesDsn |
m4 name: confRRT_IMPLIES_DSN Argument: true or false If the new option is set, a “Return-Receipt-To:” header causes the request of a delivery status notification (DSN), which is sent to the envelope sender, not to the address given in the header. |
SendMimeErrors |
m4 name: confMIME_FORMAT_ERRORS Argument: true or false The default is now true. |
Timeout |
For details, see Changes to the Timeout Option. |
TrustedUser |
m4 name: confTRUSTED_USER Argument: user name or user numeric ID The new option allows you to specify a user name (instead of root) to own important files. If this option is set, generated alias databases and the control socket—if it is configured—are automatically owned by this user. This option requires HASFCHOWN. For information about HASFCHOWN, see New Compile Flags for sendmail. Only TrustedUser, root, and class t ($=t) users can rebuild the alias map. |
XscriptFileBufferSize |
m4 name: confXF_BUFFER_SIZE Argument: number The new option controls the maximum size (in bytes) of a memory-buffered transcript (xf) file before a disk-based file is used. The default is 4096 bytes. No changes should be necessary for the Solaris operating environment. |
The following table describes deprecated configuration file options for sendmail.
Table 21–3 Deprecated Configuration File Options for sendmail
Option |
Description |
---|---|
AutoRebuildAliases |
Because a denial-of-service attack could occur if this option is set, it has been deprecated. Refer to the RELEASE NOTES that are part of the sendmail distribution available from ftp://ftp.sendmail.org. A user could kill the sendmail process while the aliases file is being rebuilt and leave the file in an inconsistent state. |
MeToo |
This option, which now defaults to True, has been deprecated. Refer to the RELEASE NOTES that are part of the sendmail distribution available from ftp://ftp.sendmail.org. |
The new ClientPortOptions option is for outgoing connections and is similar to the DaemonPortOptions option. This option sets the client SMTP options, which are a sequence of key=value pairs. To declare this option, use one of the following syntaxes. (For formatting purposes the example includes two pairs. However, you can apply one or more pairs.
O ClientPortOptions=pair,pair # for the configuration file -OClientPortOptions=pair,pair # for the command line define(`confCLIENT_OPTIONS',`pair,pair') # note the revised name # for m4 configuration |
The following table describes the new keys for this option.
Table 21–4 New Keys for ClientPortOptions
Key |
Description |
---|---|
Addr |
Specifies the address mask. The value can be a numeric address in dot notation or a network name. If the pair is omitted, the default is INADDR_ANY, which allows connections from any network. |
Family |
Specifies the address family. The key's default is inet for AF_INET. Other values are inet6 for AF_INET6, iso for AF_ISO, ns for AF_NS, and x.25 for AF_CCITT. |
Listen |
Specifies the size of the listen queue. The key defaults to 10. No changes should be necessary for the Solaris operating environment. |
Port |
Specifies the name and number of the listening port. The key defaults to smtp. |
RcvBufSize |
Specifies the size of the TCP/IP send buffer. The key has no default value, which means that no size specifications are automatically made. If the option is set to a value greater than zero, then that value is used. You should not need to limit the size of this buffer for the Solaris operating environment. |
Modifier |
Specifies flags for sendmail. The flag, h, uses the name that corresponds to the outgoing interface address for the HELO or EHLO commands, whether it was chosen by the connection parameter or by the default. |
The following tables describe two new keys for the option and some specific values for one of the new keys, Modifier. To declare this option, use one of the following syntaxes. In the example, pair refers to key=value. For formatting purposes, the example includes two pairs. However, you can apply one or more pairs.
O DaemonPortOptions=pair,pair # for the configuration file -ODaemonPortOptions=pair,pair # for the command line define(`confDAEMON_OPTIONS',`pair,pair') # note the revised name # for m4 configuration |
To avoid security risks, sendmail relinquishes its root permissions when you set this option from the command line.
The following table describes two new keys for the DaemonPortOptions option.
Table 21–5 New Keys for DaemonPortOptions
Key |
Description |
---|---|
Name |
Specifies a user-definable name for sendmail and is used for error messages and for logging. The default is MTA. |
Modifier |
Specifies values for sendmail that can be listed in a sequence without delimiters. For a list of values, see Table 21–6. |
The following table describes the values for the new Modifier key.
Table 21–6 Modifier Key Values for DaemonPortOptions
Value |
Description |
---|---|
C |
Does not perform host name canonification. |
E |
Disallows the ETRN command. |
a |
Requires authentication. |
b |
Binds to the interface that receives the mail. |
c |
Performs host name canonification. Use this value only in configuration file declarations. |
f |
Requires fully qualified host names. Use this value only in configuration file declarations. |
h |
Uses the interface's name for the outgoing HELO command. |
u |
Allows unqualified addresses. Use this value only in configuration file declarations. |
The following table describes additional macro-processed arguments for the PidFile and ProcessTitlePrefix options. For more information about these options, see Table 21–2.
Table 21–7 Arguments for the PidFile and ProcessTitlePrefix Options
Macro |
Description |
---|---|
${daemon_addr} |
Provides daemon address (for example, 0.0.0.0) |
${daemon_family} |
Provides daemon family (for example, inet, inet6, and so forth) |
${daemon_info} |
Provides daemon information (for example, SMTP+queueing@00:30:00) |
${daemon_name} |
Provides daemon name (for example, MSA) |
${daemon_port} |
Provides daemon port (for example, 25) |
${queue_interval} |
Provides queue run interval (for example, 00:30:00) |
New and revised arguments for PrivacyOptions (popt) are described in the following table. You can declare this option from the command line without sendmail relinquishing its root privilege. To declare this sendmail option, use one of the following syntaxes.
O PrivacyOptions=argument # for the configuration file -OPrivacyOptions=argument # for the command line define(`confPRIVACY_FLAGS',`argument') # note the revised name # for m4 configuration |
The following table provides descriptions of new and revised arguments for the PrivacyOptions option.
Table 21–8 New and Revised Arguments for PrivacyOptions
Argument |
Description |
---|---|
goaway |
The noetrn and noreceipts flags are no longer accepted. |
nobodyreturn |
The argument instructs sendmail not to include the body of the original message in delivery status notifications. |
noreceipts |
When the argument is set, delivery status notification (DSN) is not announced. |
The following table provides information about the changes to the Timeout option. Specifically, this sendmail option has some new keywords and a new value for ident. In the Solaris operating environment, you should not need to change the default values for the keywords that are listed in the table. However, if you choose to make a change, use the keyword=value syntax. The value is a time interval. Refer to the following examples.
O Timeout.keyword=value # for the configuration file -OTimeout.keyword=value # for the command line define(`m4_name', value) # for m4 configuration |
To avoid security risks, sendmail relinquishes its root permissions when you set this option from the command line.
Keyword |
Default Value |
Description |
---|---|---|
control |
2m |
m4 name: confTO_CONTROL Limits the total time that is dedicated to satisfying a control socket request. |
ident |
5s |
m4 name: confTO_IDENT Defaults to 5 seconds—instead of 30 seconds—to prevent the common delays that are associated with mailing to a site that drops IDENT packets. |
queuereturn |
5d |
m4 name: confTO_QUEUERETURN Includes the value now, which immediately bounces entries from the queue without a delivery attempt. |
resolver.retrans |
varies |
m4 name: confTO_RESOLVER_RETRANS Sets the resolver's retransmission time interval (in seconds), which applies to resolver.retrans.first and resolver.retrans.normal. |
resolver.retrans.first |
varies |
m4 name: confTO_RESOLVER_RETRANS_FIRST Sets the resolver's retransmission time interval (in seconds) for the first attempt to deliver a message. |
resolver.retrans.normal |
varies |
m4 name: confTO_RESOLVER_RETRANS_NORMAL Sets the resolver's retransmission time interval (in seconds) for all resolver lookups, except the first delivery attempt. |
resolver.retry |
varies |
m4 name: confTO_RESOLVER_RETRY Sets the number of times to retransmit a resolver query, which applies to Timeout.resolver.retry.first and Timeout.resolver.retry.normal. |
resolver.retry.first |
varies |
m4 name: confTO_RESOLVER_RETRY_FIRST Sets the number of times to retransmit a resolver query for the first attempt to deliver a message. |
resolver.retry.normal |
varies |
m4 name: confTO_RESOLVER_RETRY_NORMAL Sets the number of times to retransmit a resolver query for all resolver lookups, except the first delivery attempt. |