New and Revised Configuration File Options and Related Topics (Solaris 8 System Administration Supplement)

Solaris 8 System Administration Supplement

New and Revised Configuration File Options and Related Topics

This section contains a table of new and revised configuration file options and information on the following related topics.

Note –

The sendmail options described in the following table are typically declared in the configuration file. However, you can also declare them from the command line. When you use the command line, sendmail relinquishes its root permissions to avoid a security risk.

When you declare these options, use one of the following syntaxes.

O OptionName=argument          # for the configuration file
-OOptionName=argument          # for the command line
define(`m4Name',argument)     # for m4 configuration

The following table describes new and revised options for sendmail.

Table 21–2 New and Revised Options for sendmail


Option	Description
`ClientPortOption`	For details, see New `ClientPortOptions` Option.
`ControlSocketName`	`m4` name: `confCONTROL_SOCKET_NAME` Argument: `filename`. The recommended socket name is `/var/spool/mqueue/.smcontrol`. For security, this UNIX® domain socket must be in a directory that is accessible only by `root`. When set, this new option creates a control socket for daemon management. This option allows an external program to control and query the status of the running `sendmail` daemon by way of a named socket. The socket is similar to the `ctlinnd` interface to the `INN` news server. If not set, no control socket is available.
`DaemonPortOptions`	For details, see Changes to `DaemonPortOptions` Option.
`DataFileBufferSize`	`m4` name: `confDF_BUFFER_SIZE` Argument: `number` The new option controls the maximum size (in bytes) of a memory-buffered data (`df`) file before a disk-based file is used. The default is `4096` bytes. No changes should be necessary for the Solaris operating environment.
`DeadLetterDrop`	`m4` name: `confDEAD_LETTER_DROP` Argument: `filename` This new option, which you should not need to set, defines the location of the system-wide `dead.letter` file, formerly hard-coded to `/usr/tmp/dead.letter`.
`DontBlameSendmail`	A new argument called, `NonRootSafeAddr`, has been added. When `sendmail` does not have enough privileges to run a `.forward` program or deliver to a file as the owner of that file, addresses are marked unsafe. Furthermore, if `RunAsUser` is set, users cannot use programs or deliver to files in their `.forward` programs. To resolve these problems, use the new argument, `NonRootSafeAddr`.
`DontProbeInterfaces`	`m4` name: `confDONT_PROBE_INTERFACES` Argument: `true` or `false`. The default is `false`. If it is set, `sendmail` does not insert the names and addresses of any local interfaces into class `w` (`$=w`). Therefore, you must also include some support for these addresses (for example, in a mailertable entry). Otherwise, mail to these interface addresses bounces with a configuration error. However, this option, when it is set, speeds up your startup.
`LDAPDefaultSpec`	`m4` name: `confLDAP_DEFAULT_SPEC` Argument: Class switch with appropriate definition (for example, `-hhost`, `-pport`, `-dbind DN`). The new option allows a default map specification for LDAP maps. The assigned default settings are used for all LDAP maps unless other individual map specifications are made with the `K` command. Set this option before defining any LDAP maps.
`MaxAliasRecursion`	`m4` name: `confMAX_ALIAS_RECURSION` Argument: `number` The option specifies the maximum depth of alias recursion. The defaults are as follows. `50` for a V1/Sun configuration file, which is not recommended for use `10` for any other version of the configuration file
`MaxHeadersLength`	`m4` name: `confMAX_HEADERS_LENGTH` Argument: `number` The option specifies a maximum length for the sum of all headers and can be used to prevent a denial-of-service attack. The default is 32768. Note that a warning is issued if a value less than 16384 is used. You should not need to change the default value for the Solaris operating environment.
`MaxMimeHeaderLength`	`m4` name: `confMAX_MIME_HEADER_LENGTH` Argument: `number` The option sets the maximum length of certain MIME header field values to `x` number of characters. Also, for parameters within headers, you can specify a maximum length of `y`. The combined values look like `x/y`. If `/y` is not specified, half of `x` is used. If no values are set, the default is `0`, which means no checks are made. This option is intended to protect mail user agents from buffer-overflow attacks. The suggested values are in the range of 256/128 to 1024/256. A warning is issued if values less than 128/40 are used.
`MaxRecipientsPerMessage`	Argument: `number` If it is set, this option allows no more than the specified number of recipients in an SMTP envelope. The minimum argument is `100`. This option can still be declared from both the command line and the configuration file. However, normal users can now set it from the command line to allow the override of messages submitted through `sendmail` `-bs`. In this instance, `sendmail` does not relinquish its `root` privileges.
`PidFile`	`m4` name: `confPID_file` Argument: See Additional Arguments for the `PidFile` and `ProcessTitlePrefix` Options. The new option defines the location of the `pid` file. The file name is macro-expanded before it is opened. The default is `/var/run/sendmail.pid`.
`PrivacyOptions`	For details, see Changes to the `PrivacyOptions` Option.
`ProcessTitlePrefix`	`m4` name: `confPROCESS_TITLE_PREFIX` Argument: See Additional Arguments for the `PidFile` and `ProcessTitlePrefix` Options. The new option specifies a prefix string for the process title that is shown in `/usr/ucb/ps auxww` listings. The string is macro-processed. No changes should be necessary for the Solaris operating environment.
`QueueLA`	`m4` name: `confQUEUE_LA` Argument: `number` The default value has changed from eight to eight times the number of processors online when the system starts. For single-processor machines, this change has no effect. Changing this value overrides the default and prevents the number of processors from being considered. Therefore, the effect of any value changes should be well understood.
`QueueSortOrder`	`m4` name: `confQUEUE_SORT_ORDER` The `host` argument now reverses the host name before sorting, which means domains are grouped to run through the queue together. This improvement provides better opportunities for use of the connection cache, if available. The new `filename` argument sorts the queue by file name, which avoids the opening and reading of each queue file when preparing to run the queue.
`RefuseLA`	`m4` name: `confREFUSE_LA` Argument: `number` The default value has changed from 12 to 12 times the number of processors online when the system starts. For single-processor machines, this change has no effect. A change of this value overrides the default and prevents the number of processors from being considered. Therefore, the effect of any value changes should be well understood.
`RrtImpliesDsn`	`m4` name: `confRRT_IMPLIES_DSN` Argument: `true` or `false` If the new option is set, a “Return-Receipt-To:” header causes the request of a delivery status notification (DSN), which is sent to the envelope sender, not to the address given in the header.
`SendMimeErrors`	`m4` name: `confMIME_FORMAT_ERRORS` Argument: `true` or `false` The default is now `true`.
`Timeout`	For details, see Changes to the `Timeout` Option.
`TrustedUser`	`m4` name: `confTRUSTED_USER` Argument: `user name` or `user numeric ID` The new option allows you to specify a user name (instead of `root`) to own important files. If this option is set, generated alias databases and the control socket—if it is configured—are automatically owned by this user. This option requires `HASFCHOWN`. For information about `HASFCHOWN`, see New Compile Flags for `sendmail`. Only `TrustedUser`, `root`, and class `t` (`$=t`) users can rebuild the alias map.
`XscriptFileBufferSize`	`m4` name: `confXF_BUFFER_SIZE` Argument: `number` The new option controls the maximum size (in bytes) of a memory-buffered transcript (`xf`) file before a disk-based file is used. The default is `4096` bytes. No changes should be necessary for the Solaris operating environment.

Deprecated Configuration File Options for `sendmail`

The following table describes deprecated configuration file options for sendmail.

Table 21–3 Deprecated Configuration File Options for sendmail


Option	Description
`AutoRebuildAliases`	Because a denial-of-service attack could occur if this option is set, it has been deprecated. Refer to the RELEASE NOTES that are part of the `sendmail` distribution available from ftp://ftp.sendmail.org. A user could `kill` the `sendmail` process while the aliases file is being rebuilt and leave the file in an inconsistent state.
`MeToo`	This option, which now defaults to `True`, has been deprecated. Refer to the RELEASE NOTES that are part of the `sendmail` distribution available from ftp://ftp.sendmail.org.

New `ClientPortOptions` Option

The new ClientPortOptions option is for outgoing connections and is similar to the DaemonPortOptions option. This option sets the client SMTP options, which are a sequence of key=value pairs. To declare this option, use one of the following syntaxes. (For formatting purposes the example includes two pairs. However, you can apply one or more pairs.

O ClientPortOptions=pair,pair              # for the configuration file
-OClientPortOptions=pair,pair              # for the command line
define(`confCLIENT_OPTIONS',`pair,pair')   # note the revised name 
                                         # for m4 configuration

The following table describes the new keys for this option.

Table 21–4 New Keys for ClientPortOptions


Key	Description
`Addr`	Specifies the address mask. The value can be a numeric address in dot notation or a network name. If the pair is omitted, the default is `INADDR_ANY`, which allows connections from any network.
`Family`	Specifies the address family. The key's default is `inet` for AF_INET. Other values are `inet6` for AF_INET6, `iso` for AF_ISO, `ns` for AF_NS, and `x.25` for AF_CCITT.
`Listen`	Specifies the size of the listen queue. The key defaults to 10. No changes should be necessary for the Solaris operating environment.
`Port`	Specifies the name and number of the listening port. The key defaults to `smtp`.
`RcvBufSize`	Specifies the size of the TCP/IP send buffer. The key has no default value, which means that no size specifications are automatically made. If the option is set to a value greater than zero, then that value is used. You should not need to limit the size of this buffer for the Solaris operating environment.
`Modifier`	Specifies flags for `sendmail`. The flag, `h`, uses the name that corresponds to the outgoing interface address for the `HELO` or `EHLO` commands, whether it was chosen by the connection parameter or by the default.

Changes to `DaemonPortOptions` Option

The following tables describe two new keys for the option and some specific values for one of the new keys, Modifier. To declare this option, use one of the following syntaxes. In the example, pair refers to key=value. For formatting purposes, the example includes two pairs. However, you can apply one or more pairs.

O DaemonPortOptions=pair,pair              # for the configuration file
-ODaemonPortOptions=pair,pair              # for the command line
define(`confDAEMON_OPTIONS',`pair,pair')   # note the revised name 
                                         # for m4 configuration

Note –

To avoid security risks, sendmail relinquishes its root permissions when you set this option from the command line.

The following table describes two new keys for the DaemonPortOptions option.

Table 21–5 New Keys for DaemonPortOptions


Key	Description
`Name`	Specifies a user-definable name for `sendmail` and is used for error messages and for logging. The default is `MTA`.
`Modifier`	Specifies values for `sendmail` that can be listed in a sequence without delimiters. For a list of values, see Table 21–6.

The following table describes the values for the new Modifier key.

Table 21–6 Modifier Key Values for DaemonPortOptions


Value	Description
`C`	Does not perform host name canonification.
`E`	Disallows the `ETRN` command.
`a`	Requires authentication.
`b`	Binds to the interface that receives the mail.
`c`	Performs host name canonification. Use this value only in configuration file declarations.
`f`	Requires fully qualified host names. Use this value only in configuration file declarations.
`h`	Uses the interface's name for the outgoing `HELO` command.
`u`	Allows unqualified addresses. Use this value only in configuration file declarations.

Additional Arguments for the `PidFile` and `ProcessTitlePrefix` Options

The following table describes additional macro-processed arguments for the PidFile and ProcessTitlePrefix options. For more information about these options, see Table 21–2.

Table 21–7 Arguments for the PidFile and ProcessTitlePrefix Options


Macro	Description
`${daemon_addr}`	Provides daemon address (for example, 0.0.0.0)
`${daemon_family}`	Provides daemon family (for example, inet, inet6, and so forth)
`${daemon_info}`	Provides daemon information (for example, SMTP+queueing@00:30:00)
`${daemon_name}`	Provides daemon name (for example, MSA)
`${daemon_port}`	Provides daemon port (for example, 25)
`${queue_interval}`	Provides queue run interval (for example, 00:30:00)

Changes to the `PrivacyOptions` Option

New and revised arguments for PrivacyOptions (popt) are described in the following table. You can declare this option from the command line without sendmail relinquishing its root privilege. To declare this sendmail option, use one of the following syntaxes.

O PrivacyOptions=argument                # for the configuration file
-OPrivacyOptions=argument                # for the command line
define(`confPRIVACY_FLAGS',`argument')   # note the revised name 
                                           # for m4 configuration

The following table provides descriptions of new and revised arguments for the PrivacyOptions option.

Table 21–8 New and Revised Arguments for PrivacyOptions


Argument	Description
`goaway`	The `noetrn` and `noreceipts` flags are no longer accepted.
`nobodyreturn`	The argument instructs `sendmail` not to include the body of the original message in delivery status notifications.
`noreceipts`	When the argument is set, delivery status notification (DSN) is not announced.

Changes to the `Timeout` Option

The following table provides information about the changes to the Timeout option. Specifically, this sendmail option has some new keywords and a new value for ident. In the Solaris operating environment, you should not need to change the default values for the keywords that are listed in the table. However, if you choose to make a change, use the keyword=value syntax. The value is a time interval. Refer to the following examples.

O Timeout.keyword=value   # for the configuration file
-OTimeout.keyword=value   # for the command line
define(`m4_name', value) # for m4 configuration

Note –

To avoid security risks, sendmail relinquishes its root permissions when you set this option from the command line.

Table 21–9 New and Revised Settings for Timeout


Keyword	Default Value	Description
`control`	`2m`	`m4` name: `confTO_CONTROL` Limits the total time that is dedicated to satisfying a control socket request.
`ident`	`5s`	`m4` name: `confTO_IDENT` Defaults to 5 seconds—instead of 30 seconds—to prevent the common delays that are associated with mailing to a site that drops IDENT packets.
`queuereturn`	`5d`	`m4` name: `confTO_QUEUERETURN` Includes the value `now`, which immediately bounces entries from the queue without a delivery attempt.
`resolver.retrans`	`varies`	`m4` name: `confTO_RESOLVER_RETRANS` Sets the resolver's retransmission time interval (in seconds), which applies to `resolver.retrans.first` and `resolver.retrans.normal`.
`resolver.retrans.first`	`varies`	`m4` name: `confTO_RESOLVER_RETRANS_FIRST` Sets the resolver's retransmission time interval (in seconds) for the first attempt to deliver a message.
`resolver.retrans.normal`	`varies`	`m4` name: `confTO_RESOLVER_RETRANS_NORMAL` Sets the resolver's retransmission time interval (in seconds) for all resolver lookups, except the first delivery attempt.
`resolver.retry`	`varies`	`m4` name: `confTO_RESOLVER_RETRY` Sets the number of times to retransmit a resolver query, which applies to `Timeout.resolver.retry.first` and `Timeout.resolver.retry.normal`.
`resolver.retry.first`	`varies`	`m4` name: `confTO_RESOLVER_RETRY_FIRST` Sets the number of times to retransmit a resolver query for the first attempt to deliver a message.
`resolver.retry.normal`	`varies`	`m4` name: `confTO_RESOLVER_RETRY_NORMAL` Sets the number of times to retransmit a resolver query for all resolver lookups, except the first delivery attempt.