Chapter 21, Mail Services (Overview) provides an introduction to the components of mail services and a description of a typical mail configuration. Chapter 22, Mail Services (Tasks) explains how to set up and administer an electronic mail system with standard configuration files. Chapter 23, Mail Services (Reference) describes in greater detail the components of mail services. Chapter 23, Mail Services (Reference) also describes the mail service programs and files, the mail routing process, and the interactions of sendmail with name services. This chapter describes the new features that are included in version 8.12 of sendmail, the version that is in this Solaris 9 release. You can also read about changes to mail.local, mailstats, and makemap. This chapter also describes a new maintenance utility, editmap. The following list can help you in your search on a specific topic.
This section contains information on the following topics.
Version 8.12 of sendmail includes an additional configuration file, /etc/mail/submit.cf. This new file, submit.cf, is used to run sendmail in mail-submission program mode instead of daemon mode. Mail-submission program mode, unlike daemon mode, does not require root privilege, so this new paradigm provides better security.
See the following list of functions for submit.cf:
sendmail uses submit.cf to run in mail submission program (MSP) mode, which submits email messages and can be invoked by programs (such as mailx), as well as by users. Refer to the description of the -Ac option and the -Am option in New or Deprecated Command-Line Options.
submit.cf is used in the following operating modes:
-bm, which is the default operating mode
-bs, which uses standard input to run SMTP
-bt, which is the test mode that is used to resolve addresses
sendmail, when using submit.cf, does not run as an SMTP daemon.
sendmail, when using submit.cf, uses /var/spool/clientmqueue, the client-only mail queue, which holds messages that were not delivered to the sendmail daemon. Messages in the client-only queue are delivered by the client “daemon,” which is really acting as a client queue runner.
By default, sendmail uses submit.cf periodically to run the MSP queue (otherwise known as the client-only queue), /var/spool/clientmqueue.
/usr/lib/sendmail -Ac -q15m |
Note the following:
submit.cf is provided automatically when you install or upgrade to the Solaris 9 operating environment.
submit.cf requires no planning or preliminary procedures prior to the installation of the Solaris 9 operating environment.
Unless you specify a configuration file, sendmail automatically uses submit.cf as required. Basically, sendmail knows which tasks are appropriate for submit.cf and which tasks are appropriate for sendmail.cf.
submit.cf is not to be modified.
The sendmail.cf configuration file is for the daemon mode. When using this file, sendmail is acting as a mail transfer agent (MTA), which is started by root.
/usr/lib/sendmail -L sm-mta -bd -q1h |
See the following list of other distinguishing functions for sendmail.cf:
By default, sendmail.cf accepts SMTP connections on ports 25 and 587.
By default, sendmail.cf runs the main queue, /var/spool/mqueue.
With the addition of submit.cf, the following functional changes have occurred:
In version 8.12 of sendmail, only root can run the mail queue. For further details, refer to the changes that are described in the mailq(1) man page. For new task information, refer to Administering the Queue Directories (Task Map).
The mail-submission program mode runs without root privilege, which might prevent sendmail from having access to certain files (such as the .forward files). Therefore, the -bv option for sendmail could give the user misleading output. No workaround is available.
Prior to sendmail version 8.12, if you were not running the sendmail daemon (that is, running in daemon mode), you would only prevent the delivery of inbound mail. Now, in sendmail version 8.12, if you are not running the sendmail daemon with the default configuration, you also prevent the delivery of outbound mail. The client queue runner (also known as the mail submission program) must be able to submit mail to the daemon on the local SMTP port. If the client queue runner tries to open an SMTP session with the local host and the daemon is not listening on the SMTP port, the mail remains in the queue. The default configuration does run a daemon, so this problem does not occur if you are using the default configuration. However, if you have disabled your daemon, refer to Managing Mail Delivery by Using an Alternate Configuration (Task) for a way to resolve this problem.
The following table describes new command-line options for sendmail. Other command-line options are described in the sendmail(1M) man page.
Table 24–1 New Command-Line Options for sendmail
Option |
Description |
---|---|
Indicates that you want to use the configuration file, submit.cf, even if the operation mode does not indicate an initial mail submission. For more information about submit.cf, refer to New Configuration File, submit.cf. |
|
Indicates that you want to use the configuration file, sendmail.cf, even if the operation mode indicates an initial mail submission. For more information, refer to New Configuration File, submit.cf. |
|
Indicates that you are printing the number of entries in each queue. |
|
Indicates that the message that is being submitted from the command line is for relaying, not for initial submission. The message is rejected if the addresses are not fully qualified. No canonicalization is done. As is noted in the Release Notes that are part of the sendmail distribution on ftp://ftp.sendmail.org, improperly formed messages might be rejected in future releases. |
|
Sets the identifier that is used for syslog messages to the supplied tag. |
|
Processes only jobs that contain this substring of one of the recipients. When ! is added, the option processes only jobs that do not have this substring of one of the recipients. |
|
Processes only jobs that contain this substring of the queue ID. When ! is added, the option processes only jobs that do not have this substring of the queue ID. |
|
Processes only jobs that contain this substring of the sender. When ! is added, the option processes only jobs that do not have this substring of the sender. |
|
Processes saved messages in the queue once, without using the fork system call, and runs the process in the foreground. Refer to the fork(2) man page. |
|
Processes only the messages in the name queue group. |
|
Processes saved messages in the queue at a specific interval of time with a single child that is forked for each queue. The child sleeps between queue runs. This new option is similar to the -qtime, which periodically forks a child to process the queue. |
|
As is noted in the Release Notes that are part of the sendmail distribution on ftp://ftp.sendmail.org, this option is not available in version 8.12. Mail user agents should use the -G argument. |
This section contains a table of new and revised configuration file options and information on the following related topics.
Deprecated and Unsupported Configuration File Options for sendmail
Additional Arguments for the PidFile and ProcessTitlePrefix Options
When you declare these options, use one of the following syntaxes.
O OptionName=argument # for the configuration file -OOptionName=argument # for the command line define(`m4Name',argument) # for m4 configuration |
If you need to build a new sendmail.cf file, refer to Building the sendmail.cf Configuration File (Task) in Chapter 22, Mail Services (Tasks).
The following table describes new and revised options for sendmail.
Table 24–2 New and Revised Options for sendmail
Option |
Description |
---|---|
m4 name: confBAD_RCPT_THROTTLE Argument: number The new option limits the rate at which recipients in the SMTP envelope are accepted after a threshold number of recipients has been rejected. |
|
For details, see New ClientPortOptions Option. |
|
m4 name: confCONNECTION_RATE_THROTTLE Argument: number The option ConnectionRateThrottle now limits the number of connections per second to each daemon, not the total number of connections. |
|
m4 name: confCONTROL_SOCKET_NAME Argument: filename. The recommended socket name is /var/spool/mqueue/.smcontrol. For security, this UNIX domain socket must be in a directory that is accessible only by root. When this new option is set, the option creates a control socket for daemon management. This option enables an external program to control and query the status of the running sendmail daemon by way of a named socket. The socket is similar to the ctlinnd interface to the INN news server. If this option is not set, no control socket is available. |
|
For details, see Changes to DaemonPortOptions Option. |
|
m4 name: confDF_BUFFER_SIZE Argument: number The new option controls the maximum size (in bytes) of a memory-buffered data (df) file before a disk-based file is used. The default is 4096 bytes. You should not have to change the default for the Solaris operating environment. |
|
m4 name: confDEAD_LETTER_DROP Argument: filename The new option, which you should not need to set, defines the location of the system-wide dead.letter file, which was formerly hard-coded to /usr/tmp/dead.letter. |
|
m4 name: confDELAY_LA Argument: number If this new option is set to a value that is greater than zero, the option does the following: Delays connections by one second when the load averages exceed a specified value Delays the execution of most SMTP commands by one second Otherwise, if the option is not set, the default value, which is zero, does not change the behavior of sendmail. |
|
m4 name: confDELIVER_BY_MIN Argument: time The new option enables a client to specify a minimum amount of time for an email message to be delivered, as specified in RFC 2852, Deliver By SMTP Service Extension. If the time is set to zero, no time is listed. If the time is set to less than zero, the extension is not offered. If the time is set to greater than zero, the extension is listed as the minimum time for the EHLO keyword, DELIVERBY. |
|
m4 name: confDIRECT_SUBMISSION_MODIFIERS Argument: modifiers The new option defines ${daemon_flags} for direct (command-line) submissions. If this option is not set, the value of ${daemon_flags} is either CC f, if the option -G is used, or c u. |
|
You can use the following new arguments. The argument, NonRootSafeAddr, has been added. When sendmail does not have enough privileges to run a .forward program or deliver to a file as the owner of that file, addresses are marked unsafe. Furthermore, if RunAsUser is set, users cannot use programs or deliver to files in their .forward programs. Use NonRootSafeAddr to resolve these problems. |
|
m4 name: confDOUBLE_BOUNCE_ADDRESS Argument: address. The default is postmaster. If an error occurs when sendmail is sending an error message, sendmail sends the “double-bounced” error message to the address that is specified by the argument to this option. |
|
m4 name: confFALLBACK_MX Argument: fully qualified domain name. This option now includes MX record lookups. To use the old behavior of no MX record lookups, you must put the name in square brackets. |
|
m4 name: confFAST_SPLIT Argument: number. The default value is one. This new option does the following: If the option is set to a value greater than zero, the initial MX lookups on addresses are suppressed when they are sorted, which might result in faster envelope splitting. If the mail is submitted from the command line, the value can limit the number of processes that are used to deliver the envelopes. If more envelopes are created, the envelopes are put in the queue and must be resolved with a queue run. |
|
m4 name: confLDAP_DEFAULT_SPEC Argument: Class switch with appropriate definition (for example, -hhost, -pport, -dbind DN). The new option allows a default map specification for LDAP maps. The assigned default settings are used for all LDAP maps unless other individual map specifications are made with the K command. Set this option before defining any LDAP maps. |
|
m4 name: confMAILBOX_DATABASE Argument: pw, which uses getpwnam(), is the default value. No other values are supported. The new option specifies the type of mailbox database that is used to check for local recipients. |
|
m4 name: confMAX_HEADERS_LENGTH Argument: number This option specifies a maximum length for the sum of all headers and can be used to prevent a denial-of-service attack. The default is 32768. A warning is issued if a value less than 16384 is used. You should not have to change the default value for the Solaris operating environment. |
|
m4 name: confMAX_MIME_HEADER_LENGTH Argument: number This option sets the maximum length of certain MIME header field values to x number of characters. Also, for parameters within headers, you can specify a maximum length of y. The combined values look like x/y. If y is not specified, half of x is used. If no values are set, the default is 0, which means no checks are made. This option is intended to protect mail user agents from buffer-overflow attacks. The suggested values are in the range of 256/128 to 1024/256. A warning is issued if values less than 128/40 are used. |
|
m4 name: confMAX_QUEUE_CHILDREN Argument: number This new option limits the number of concurrently active queue-runner processes to the number that is specified in the argument. The option helps to limit the system resources that are used when the queue is processed. When the total number of queue runners for multiple queue groups exceeds the defined argument, the remaining queue groups are run later. |
|
m4 name: confMAX_RCPTS_PER_MESSAGE Argument: number If this option is set, the option allows no more than the specified number of recipients in an SMTP envelope. The minimum argument is 100. You can still declare this option from both the command line and the configuration file. However, normal users can now set the option from the command line to enable the override of messages that are submitted through sendmail -bs. In this instance, sendmail does not relinquish its root privileges. |
|
m4 name: confMAX_RUNNERS_PER_QUEUE Argument: number. The default is one. Consider your resources carefully and do not set this value too high. This new option specifies the maximum number of queue runners per queue group. The queue runners work in parallel on a queue group's messages. This behavior is useful when the processing of a message might delay the processing of subsequent messages. |
|
m4 name: confNICE_QUEUE_RUN Argument: number This new option sets the priority of queue runners. Refer to the nice(1) man page. |
|
m4 name: confPID_file Argument: See Additional Arguments for the PidFile and ProcessTitlePrefix Options. This new option defines the location of the pid file. The file name is macro expanded before being opened. The default is /var/run/sendmail.pid. |
|
For details, see Changes to the PrivacyOptions Option. |
|
m4 name: confPROCESS_TITLE_PREFIX Argument: See Additional Arguments for the PidFile and ProcessTitlePrefix Options. The new option specifies a prefix string for the process title that is shown in /usr/ucb/ps auxww listings. The string is macro processed. You should not have to make any changes for the Solaris operating environment. |
|
m4 name: confQUEUE_FILE_MODE Argument: number This new option provides the default permissions in octal for queue files. If this option is not set, sendmail uses 0600. However, if the option's real and effective user ID is different, sendmail uses 0644. |
|
m4 name: confQUEUE_LA Argument: number The default value has changed from eight to eight times the number of processors online when the system starts. For single-processor machines, this change has no effect. Changing this value overrides the default and prevents the number of processors from being considered. Therefore, the effect of any value changes should be well understood. |
|
m4 name: confQUEUE_SORT_ORDER This option sets the algorithm that is used for sorting the queue. The default value is priority, which sorts the queue by message priority. Note the following changes. The host argument now reverses the host name before sorting, which means domains are grouped to run through the queue together. This improvement provides better opportunities for use of the connection cache, if available. The new filename argument sorts the queue by file name. This behavior avoids the opening and reading of each queue file when preparing to run the queue. The new modification argument sorts the queue by time of modification, starting with the oldest entries of the qf file. The new random argument sorts the queue randomly, which avoids contention, if several queue runners have manually been started. For more information, refer to QueueSortOrder in the sendmail(1M) man page. |
|
m4 name: confREFUSE_LA Argument: number The default value has changed from 12 to 12 times the number of processors online when the system starts. For single-processor machines, this change has no effect. A change of this value overrides the default and prevents the number of processors from being considered. Therefore, the effect of any value changes should be well understood. |
|
Two changes have been made. When attempting to canonify a host name, some name servers that are down return a temporary failure message, SERVFAIL, for IPv6 T_AAAA lookups. You can use this new argument, WorkAroundBrokenAAAA, to avoid this behavior. Also, the RES_USE_INET6 argument is controlled by a new flag, use_inet6. For more information, refer to the resolver(3RESOLV) man page. |
|
m4 name: confRRT_IMPLIES_DSN Argument: true or false If the new option is set, a “Return-Receipt-To:” header causes the request of a delivery status notification (DSN), which is sent to the envelope sender. The DSN is not sent to the address that is specified in the header. |
|
m4 name: confMIME_FORMAT_ERRORS Argument: true or false. The default is now true. |
|
m4 name: confSHARED_MEMORY_KEY Argument: number. This new option permits you to use shared memory, if shared memory is available, to store free space for queue file systems. This option minimizes the number of system calls to check for available space. |
|
m4 name: confSAFE_QUEUE Argument: true, false, or interactive. The default and recommended value is true. Avoid using false. If this option is set to true, the queue file is always instantiated, even if you are attempting immediate delivery. You can use the interactive value together with DeliveryMode=i to skip some synchronization calls that are doubled in the code execution path for this mode. |
|
For details, see Changes to the Timeout Option. |
|
m4 name: confTRUSTED_USER Argument: user name or user numeric ID. The new option enables you to specify a user name (instead of root) to own important files. If this option is set, generated alias databases and the control socket—if configured—are automatically owned by this user. This option requires HASFCHOWN. For information about HASFCHOWN, see Flags Used and Not Used to Compile sendmail. Only TrustedUser, root, and class t ($=t) users can rebuild the alias map. |
|
m4 name: confUSE_MSP Argument: true or false. The default is false. This new option permits group-writable queue files, if the group is the same as that of a set-group-id sendmail binary. In submit.cf, this option must be set to true. |
|
m4 name: confXF_BUFFER_SIZE Argument: number. The new option controls the maximum size (in bytes) of a memory-buffered transcript (xf) file before a disk-based file is used. The default is 4096 bytes. You should not have to change this default for the Solaris operating environment. |
Refer to the following table for a list of deprecated configuration file options. The table includes the AutoRebuildAliases option, which is not in version 8.12 of sendmail.
Table 24–3 Deprecated and Unsupported Configuration File Options for sendmail
Option |
Description |
---|---|
Because a denial-of-service attack could occur if this option is set, this option is not in version 8.12 of sendmail. Refer to the Release Notes that are part of the sendmail distribution at ftp://ftp.sendmail.org. A user could kill the sendmail process while the aliases file is being rebuilt and leave the file in an inconsistent state. Furthermore, because AutoRebuildAliases is not available, newaliases must be run manually now in order for changes to /etc/mail/aliases to become effective. Also, you must remember that because sendmail is no longer setuid root, only root can run newaliases. |
|
This option, which now defaults to True, has been deprecated. Refer to the Release Notes that are part of the sendmail distribution at ftp://ftp.sendmail.org. |
|
This option is deprecated. If required, you should now use the GroupWritableForwardFileSafe and GroupWritableIncludeFileSafe arguments for the DontBlameSendmail option. |
|
This option is deprecated. Furthermore, because this option violates RFC 1123, you should avoid using this option. |
The new ClientPortOptions option is for outgoing connections and is similar to the DaemonPortOptions option. This option sets the client SMTP options, which are a sequence of key=value pairs. To declare this option, use one of the following syntaxes. For formatting purposes, the example includes two pairs. However, you can apply one or more pairs.
O ClientPortOptions=pair,pair # for the configuration file -OClientPortOptions=pair,pair # for the command line define(`confCLIENT_OPTIONS',`pair,pair') # for m4 configuration |
If you need to build a new sendmail.cf file, refer to Building the sendmail.cf Configuration File (Task) in Chapter 22, Mail Services (Tasks).
The following table describes the new keys for this option.
Table 24–4 New Keys for ClientPortOptions
Key |
Description |
---|---|
Addr |
Specifies the address mask. The value can be a numeric address in dot notation or a network name. If the pair is omitted, the default is INADDR_ANY, which accepts connections from any network. |
Family |
Specifies the address family. The key's default is inet for AF_INET. Other values are inet6 for AF_INET6, iso for AF_ISO, ns for AF_NS, and x.25 for AF_CCITT. |
Listen |
Specifies the size of the listen queue. The key defaults to 10. You should not have to change this default for the Solaris operating environment. |
Port |
Specifies the name and number of the listening port. The key defaults to smtp. |
RcvBufSize |
Specifies the size of the TCP/IP send buffer. The key has no default value, which means that no size specifications are automatically made. If the option is set to a value that is greater than zero, that value is used. You should not have to limit the size of this buffer for the Solaris operating environment. |
Modifier |
Specifies flags for sendmail: The h flag uses the name that corresponds to the outgoing interface address for the HELO or EHLO commands, whether it was chosen by the connection parameter or by the default. The A flag disables AUTH. This flag can also be used with the Modifier key for DaemonPortOptions. Refer to Changes to DaemonPortOptions Option. The S flag turns off the use of or the offer to use STARTTLS when email is being delivered or is being received. |
The following tables describe the new features.
Table 24–5, New and Revised Keys for DaemonPortOptions
Table 24–6, Values for the New Modifier Key
To declare this option, use one of the following syntaxes. In the example, pair refers to key=value. For formatting purposes, the example includes two pairs. However, you can apply one or more pairs.
O DaemonPortOptions=pair,pair # for the configuration file -ODaemonPortOptions=pair,pair # for the command line define(`confDAEMON_OPTIONS',`pair,pair') # for m4 configuration |
To avoid security risks, sendmail relinquishes its root permissions when you set this option from the command line.
If you need to build a new sendmail.cf file, refer to Building the sendmail.cf Configuration File (Task) in Chapter 22, Mail Services (Tasks).
The following table describes new and revised keys for the DaemonPortOptions option.
Table 24–5 New and Revised Keys for DaemonPortOptions
Key |
Description |
---|---|
Name |
A new key that specifies a user-definable name for sendmail. This key is used for error messages and for logging. The default is MTA. |
Modifier |
A new key that specifies values for sendmail that can be listed in a sequence without delimiters. For a list of values, see Table 24–6. |
Family |
Unless a Family is specified in a DaemonPortOptions option, inet is now the only default. If IPv6 users also want to listen on IPv6 interfaces, they can configure additional sockets into sendmail.cf by adding a Family=inet6 setting to a DaemonPortOptions option. |
The following table describes the values for the new Modifier key.
Table 24–6 Values for the New Modifier Key
Value |
Description |
---|---|
A |
Disables AUTH by overriding the Modifier value of a. Can be used with the Modifier key for ClientPortOptions. Refer to New ClientPortOptions Option. |
C |
Does not perform host-name canonification. |
E |
Disallows the ETRN command. |
O |
Ignores the socket if a failure should occur. |
S |
Turns off the use or the offer to use STARTTLS when email is being delivered or is being received. Can be used with the Modifier key for ClientPortOptions. |
a |
Requires authentication. |
b |
Binds to the interface that receives the mail. |
c |
Performs host-name canonification. Use this value only in configuration file declarations. |
f |
Requires fully qualified host names. Use this value only in configuration file declarations. |
h |
Uses the interface's name for the outgoing HELO command. |
u |
Allows unqualified addresses. Use this value only in configuration file declarations. |
The following table describes additional macro-processed arguments for the PidFile and ProcessTitlePrefix options. For more information about these options, see Table 24–2.
Table 24–7 Arguments for the PidFile and ProcessTitlePrefix Options
Macro |
Description |
---|---|
${daemon_addr} |
Provides daemon address (for example, 0.0.0.0) |
${daemon_family} |
Provides daemon family (for example, inet, and inet6) |
${daemon_info} |
Provides daemon information (for example, SMTP+queueing@00:30:00) |
${daemon_name} |
Provides daemon name (for example, MSA) |
${daemon_port} |
Provides daemon port (for example, 25) |
${queue_interval} |
Provides queue run interval (for example, 00:30:00) |
New and revised arguments for PrivacyOptions (popt) are described in the following table. You can declare this option from the command line without sendmail relinquishing its root privilege. To declare this sendmail option, use one of the following syntaxes.
O PrivacyOptions=argument # for the configuration file -OPrivacyOptions=argument # for the command line define(`confPRIVACY_FLAGS',`argument') # for m4 configuration |
If you need to build a new sendmail.cf file, refer to Building the sendmail.cf Configuration File (Task) in Chapter 22, Mail Services (Tasks).
The following table provides descriptions of new and revised arguments for the PrivacyOptions option.
Table 24–8 New and Revised Arguments for PrivacyOptions
Argument |
Description |
---|---|
goaway |
This argument no longer accepts the following flags: noetrn, restrictmailq, restrictqrun, restrictexpand, nobodyreturn, and noreceipts. |
nobodyreturn |
This argument instructs sendmail not to include the body of the original message in delivery status notifications. |
noreceipts |
When this argument is set, delivery status notification (DSN) is not announced. |
restrictexpand |
This argument instructs sendmail to drop privileges when the -bv option is given by users who are neither root nor TrustedUser. The users cannot read private aliases, .forward files, or :include: files. This argument also overrides the -v command-line option. |
The following table provides information about the changes to the Timeout option. Specifically, this sendmail option has some new keywords and a new value for ident. In the Solaris operating environment, you should not need to change the default values for the keywords that are listed in the table. However, if you choose to make a change, use the keyword=value syntax. The value is a time interval. Refer to the following examples.
O Timeout.keyword=value # for the configuration file -OTimeout.keyword=value # for the command line define(`m4_name', value) # for m4 configuration |
If you need to build a new sendmail.cf file, refer to Building the sendmail.cf Configuration File (Task) in Chapter 22, Mail Services (Tasks).
To avoid security risks, sendmail relinquishes its root permissions when you set this option from the command line.
Keyword |
Default Value |
Description |
---|---|---|
aconnect |
0 |
m4 name: confTO_ACONNECT Limits the total time to wait for all connections to succeed for a single delivery attempt. The maximum value is unspecified. |
control |
2m |
m4 name: confTO_CONTROL Limits the total time that is dedicated to completing a control socket request. |
ident |
5s |
m4 name: confTO_IDENT Defaults to 5 seconds—instead of 30 seconds—to prevent the common delays that are associated with mailing to a site that drops IDENT packets. No maximum value is specified. |
lhlo |
2m |
m4 name: confTO_LHLO Limits the time to wait for a reply from an LMTP LHLO command. No maximum value is specified. |
queuereturn |
5d |
m4 name: confTO_QUEUERETURN Includes the value now, which immediately bounces entries from the queue without a delivery attempt. |
resolver.retrans |
varies |
m4 name: confTO_RESOLVER_RETRANS Sets the resolver's retransmission time interval in seconds, which applies to resolver.retrans.first and resolver.retrans.normal. |
resolver.retrans.first |
varies |
m4 name: confTO_RESOLVER_RETRANS_FIRST Sets the resolver's retransmission time interval in seconds for the first attempt to deliver a message. |
resolver.retrans.normal |
varies |
m4 name: confTO_RESOLVER_RETRANS_NORMAL Sets the resolver's retransmission time interval in seconds for all resolver lookups, except the first delivery attempt. |
resolver.retry |
varies |
m4 name: confTO_RESOLVER_RETRY Sets the number of times to retransmit a resolver query, which applies to Timeout.resolver.retry.first and Timeout.resolver.retry.normal. |
resolver.retry.first |
varies |
m4 name: confTO_RESOLVER_RETRY_FIRST Sets the number of times to retransmit a resolver query for the first attempt to deliver a message. |
resolver.retry.normal |
varies |
m4 name: confTO_RESOLVER_RETRY_NORMAL Sets the number of times to retransmit a resolver query for all resolver lookups, except the first delivery attempt. |
The following table describes new macros that are reserved for use by the sendmail program. The macros' values are assigned internally. For more information, refer to the sendmail(1M) man page.
Table 24–10 Defined Macros for sendmail
Macro |
Description |
---|---|
${addr_type} |
Identifies the current address as an envelope sender or a recipient address. |
${client_resolve} |
Holds the result of the resolve call for ${client_name}: OK, FAIL, FORGED, or TEMP. |
${deliveryMode} |
Specifies the current delivery mode sendmail is using instead of the value of the DeliveryMode option. |
${dsn_notify}, ${dsn_envid}, ${dsn_ret} |
Holds the corresponding DSN parameter values. |
${if_addr} |
Provides the interface's address for the incoming connection if the interface does not belong to the loopback net. This macro is especially useful for virtual hosting. |
${if_addr_out}, ${if_name_out}, ${if_family_out} |
Avoids the reuse of ${if_addr}. Holds the following values respectively. The address of the interface for the outgoing connection The host name of the interface for the outgoing connection The family of the interface for the outgoing connection |
${if_name} |
Provides the interface's host name for the incoming connection and is especially useful for virtual hosting. |
${load_avg} |
Checks and reports the current average number of jobs in the run queue. |
${msg_size} |
Holds the value of the message size (SIZE=parameter) in an ESMTP dialogue before the message has been collected. Thereafter, the macro holds the message size as computed by sendmail and is used in check_compat. For information about check_compat, refer to Table 24–14. |
${nrcpts} |
Holds the number of validated recipients. |
${ntries} |
Holds the number of delivery attempts. |
${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr}, ${mail_mailer}, ${mail_host}, ${mail_addr} |
Holds the results of parsing the RCPT and MAIL arguments, which is the resolved right-hand side (RHS) triplet from the mail delivery agent ($#mailer), the host ($@host), and the user ($:addr). |
In this section, you can find the following.
Table 24–11, New Macros Used to Build the sendmail Configuration File
Macro |
Description |
---|---|
LOCAL_MAILER_EOL |
Overrides the default end-of-line string for the local mailer. |
LOCAL_MAILER_FLAGS |
Adds Return-Path: header by default. |
MAIL_SETTINGS_DIR |
Contains the path (including the trailing slash) for the mail settings directory. |
MODIFY_MAILER_FLAGS |
Improves the *_MAILER_FLAGS. This macro sets, adds, or deletes flags. |
RELAY_MAILER_FLAGS |
Defines additional flags for the relay mailer. |
Use the following new macros to configure the maximum number of commands that can be received before sendmail slows its delivery. You can set these MAX macros at compile time. The maximum values in the following table also represent the current default values.
Table 24–12 New MAX Macros
Macro |
Maximum Value |
Commands Checked by Each Macro |
---|---|---|
25 |
Unknown commands |
|
20 |
NOOP, VERB, ONEX, XUSR |
|
3 |
HELO, EHLO |
|
6 |
VRFY, EXPN |
|
8 |
ETRN |
You can disable a macro's check by setting the macro's value to zero.
This section contains a table of new and revised m4 configuration macros for sendmail. Use the following syntax to declare these macros.
symbolic_name(`value') |
If you need to build a new sendmail.cf file, refer to Building the sendmail.cf Configuration File (Task) in Chapter 22, Mail Services (Tasks).
Table 24–13 New and Revised m4 Configuration Macros for sendmail
m4 Macro |
Description |
---|---|
FEATURE() |
For details, refer to Changes to the FEATURE() Declaration. |
This macro adds entries to class w ($=w). |
|
A new macro that defines hosts or subdomains that cannot be masqueraded. |
|
This macro can now be used for bracketed addresses, such as user@[host]. |
|
When these macros are used, include $={VirtHost} in $=R. As a reminder, $=R is the set of host names that are allowed to relay. |
Refer to the following tables for information about the specific changes to the FEATURE() declarations.
Table 24–14, New and Revised FEATURE() Declarations
Table 24–15, Unsupported FEATURE() Declarations
To use the new and revised FEATURE names, use the following syntax.
FEATURE(`name', `argument') |
If you need to build a new sendmail.cf file, refer to Building the sendmail.cf Configuration File (Task) in Chapter 22, Mail Services (Tasks).
Table 24–14 New and Revised FEATURE() Declarations
Name of FEATURE() |
Description |
---|---|
Argument: Refer to the example in the following paragraph. This new FEATURE() enables you to look for a key in the access map that consists of the sender address and the recipient address. This FEATURE() is delimited by the following string, <@>. sender@sdomain<@>recipient@rdomain is an example. |
|
Argument: friend, which enables a spam-friend test, or hater, which enables a spam-hater test. A new FEATURE() that delays all checks. By using FEATURE(`delay_checks'), the rule sets check_mail and check_relay are not called when a client connects or issues a MAIL command, respectively. Instead, these rule sets are called by the check_rcpt rule set. For details, refer to the /usr/lib/mail/README file. |
|
Argument: This FEATURE()accepts a maximum of two arguments:
A new FEATURE() that you can include multiple times to check the return values for DNS lookups. Note that this FEATURE() enables you to specify the behavior of temporary lookup failures. |
|
Argument: domain name. A new FEATURE() that is an enhanced version of dnsbl, which enables you to check the return values for DNS lookups. For more information, refer to /usr/lib/mail/README. |
|
Argument: None. A new FEATURE() that you can also use to apply genericstable to subdomains of $=G. |
|
Argument: For details, refer to the “Release Notes” in http://www.sendmail.org. A new FEATURE() that implements LDAP address routing. |
|
Argument: Path name of an LMTP-capable mailer. The default is mail.local, which is LMTP capable in this Solaris release. A FEATURE() that now sets the delivery status notification (DSN) diagnostic-code type for the local mailer to the proper value of SMTP. |
|
Argument: None. A new FEATURE() that you can use to avoid masquerading for the local mailer. |
|
Argument: None. A new FEATURE() that you can also use to look up the .domain in the access map. |
|
Argument: canonify_hosts or nothing. A FEATURE() that now includes the following features. Enables a list of domains, as specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, to be passed to the $[ and $] operators for canonification. Enables addresses that have only a host name, such as <user@host>, to be canonified, if canonify_hosts is specified as its parameter. Adds a trailing dot to addresses with more than one component. |
|
Argument: None. A new FEATURE() that turns off sendmail's default setting from m4–generated configuration files to “listen” on several different ports, an implementation of RFC 2476. |
|
Argument: reject, which does not allow the ! token, or nospecial, which does allow the ! token. A FEATURE() that determines whether to allow the ! token in the local part of an address. |
|
Argument: None. A FEATURE() that now provides the full rule sets of a normal configuration, allowing anti-spam checks to be performed. |
|
Argument: None. A new FEATURE() that enables you to preserve the +detail portion of the address when sendmail passes the address to the local delivery agent. |
|
Argument: None. A new FEATURE() that enables you to preserve the name of the recipient host, if LUSER_RELAY is used. |
|
Argument: None. A new FEATURE() that enables you to select a queue group that is based on the full email address or on the domain of the recipient. |
|
Argument: The domain is an optional argument. A new FEATURE() that allows relaying if the mail sender is listed as a RELAY in the access map and is tagged with the From: header line. If the optional domain argument is given, the domain portion of the mail sender is also checked. |
|
Argument: None. A FEATURE() that you can now use to apply $={VirtHost}, a new class for matching virtusertable entries that can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE. FEATURE(`virtuser_entire_domain') can also apply the class $={VirtHost} to entire subdomains. |
The following FEATURE() declarations are no longer supported.
Table 24–15 Unsupported FEATURE() Declarations
The MAILER() declaration specifies support for delivery agents. To declare a delivery agent, use the following syntax.
MAILER(`symbolic_name') |
Note the following changes.
In this new version of sendmail, the MAILER(`smtp') declaration now includes an additional mailer, dsmtp, which provides on-demand delivery by using the F=% mailer flag. The dsmtp mailer definition uses the new DSMTP_MAILER_ARGS, which defaults to IPC $h.
Numbers for rule sets that are used by MAILERs have been removed. You now have no required order for listing your MAILERs except for MAILER(`uucp'), which must follow MAILER(`smtp') if uucp-dom and uucp-uudom are used.
For more information about mailers, refer to Mailers. If you need to build a new sendmail.cf file, refer to Building the sendmail.cf Configuration File (Task) in Chapter 22, Mail Services (Tasks).
The following table describes new delivery agent flags, which by default are not set. These single-character flags are Boolean. You can set or unset a flag by including or excluding it in the F= statement of your configuration file, as shown in the following example.
Mlocal, P=/usr/lib/mail.local, F=lsDFMAw5:/|@qSXfmnz9, S=10/30, R=20/40, Mprog, P=/bin/sh, F=lsDFMoqeu9, S=10/30, R=20/40, D=$z:/, Msmtp, P=[IPC], F=mDFMuX, S=11/31, R=21, E=\r\n, L=990, Mesmtp, P=[IPC], F=mDFMuXa, S=11/31, R=21, E=\r\n, L=990, Msmtp8, P=[IPC], F=mDFMuX8, S=11/31, R=21, E=\r\n, L=990, Mrelay, P=[IPC], F=mDFMuXa8, S=11/31, R=61, E=\r\n, L=2040, |
Flag |
Description |
---|---|
% |
Mailers that use this flag do not attempt delivery to the initial recipient of a message or to queue runs unless the queued message is selected by using an ETRN request or one of the following queue options: -qI, -qR, or -qS. |
1 |
This flag disables the ability of the mailer to send null characters (for example, \0). |
2 |
This flag disables the use of ESMTP and requires that SMTP be used instead. |
6 |
This flag enables mailers to strip headers to 7 bit. |
The following table describes new equates that you can use with the M delivery agent definition command. The following syntax shows you how to append new equates or new arguments to the equates that already exist in the configuration file.
Magent_name, equate, equate, ... |
The following example includes the new W= equate. This equate specifies the maximum time to wait for the mailer to return after all data has been sent.
Msmtp, P=[IPC], F=mDFMuX, S=11/31, R=21, E=\r\n, L=990, W=2m |
When you modify the definition of a value for m4 configuration, use the syntax that is provided in the following example.
define(`SMTP_MAILER_MAXMSGS', `1000') |
The preceding example places a limit of 1000 on the number of messages that are delivered per connection on an smtp mailer.
If you need to build a new sendmail.cf file, refer to Building the sendmail.cf Configuration File (Task) in Chapter 22, Mail Services (Tasks).
Typically, you modify the equate definitions in the mailer directory only when you fine-tune.
The following list provides details about new queue features.
This release supports multiple queue directories. To use multiple queues, supply a QueueDirectory option value in the configuration file that ends with an asterisk (*), as is shown in the following example.
O QueueDirectory=/var/spool/mqueue/q* |
The option value, /var/spool/mqueue/q*, uses all of the directories (or symbolic links to directories) that begin with “q” as queue directories. Do not change the queue directory structure while sendmail is running. Queue runs create a separate process for running each queue unless the verbose flag (-v) is used on a non-daemon queue run. The new items are randomly assigned to a queue.
The new queue file-naming system uses file names that are guaranteed to be unique for 60 years. This system allows queue IDs to be assigned without complex file-system locking and simplifies the movement of queued items between queues.
In version 8.12 of sendmail, only root can run the mail queue. For further details, refer to the changes that are described in the mailq(1) man page. For new task information, refer to Administering the Queue Directories (Task Map).
To accommodate envelope splitting, queue file names are now 15–characters long, rather than 14–characters long. File systems with a 14–character name limit are no longer supported.
For task information, refer to Administering the Queue Directories (Task Map).
The following list describes changes in the use of the Lightweight Directory Access Protocol (LDAP) with sendmail.
LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE() permit you to specify equivalent host names, which are replaced by the masquerade domain name for LDAP routing lookups. For more information, refer to /usr/lib/mail/README.
As noted in the Release Notes that are part of the sendmail distribution at ftp://ftp.sendmail.org, the LDAPX map has been renamed to LDAP. Use the following syntax for LDAP.
Kldap ldap options |
This release supports the return of multiple values for a single LDAP lookup. Place the values to be returned in a comma-separated string with the -v option, as is shown.
Kldap ldap -v"mail,more_mail" |
If no LDAP attributes are specified in an LDAP map declaration, all attributes that are found in the match are returned.
This version of sendmail prevents commas in quoted key and value strings in the specifications of the LDAP alias file from dividing a single entry into multiple entries.
This version of sendmail has a new option for LDAP maps. The option, –Vseparator enables you to specify a separator, so that a lookup can return both an attribute and a value that are separated by the relevant separator.
Instead of using the %s token to parse an LDAP filter specification, you can also use the new token, %0, to encode the key buffer. The %0 token applies a literal meaning to LDAP special characters.
The following example shows how these tokens differ for a “*” lookup.
Table 24–18 Comparison of Tokens
LDAP Map Specification |
Specification Equivalent |
Result |
---|---|---|
-k"uid=%s" |
-k"uid=*" |
Matches any record with a user attribute |
-k"uid=%0" |
-k"uid=\2A" |
Matches a user with the name “*” |
The following table describes new LDAP map flags.
Table 24–19 New LDAP Map Flags
Flag |
Description |
---|---|
-1 |
Requires a single match to be returned. If more than one match is returned, the results are the equivalent of no records being found. |
-r never|always|search|find |
Sets the LDAP alias dereference option. |
-Z size |
Limits the number of matches to return. |
The old [TCP] built-in mailer is not available. Use the P=[IPC] built-in mailer instead. The interprocess communications ([IPC]) built-in mailer now enables delivery to a UNIX domain socket on systems that support it. You can use this mailer with LMTP delivery agents that listen on a named socket. An example mailer might resemble the following.
Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n, S=10, R=20/40, T=DNS/RFC822/X-Unix, A=FILE /var/run/lmtpd |
The first mailer argument in the [IPC] mailer is now checked for a legitimate value. The following table provides possible values for the first mailer argument.
Table 24–20 Possible Values for the First Mailer Argument
Value |
Description |
---|---|
A=FILE |
Use for UNIX domain socket delivery |
A=TCP |
Use for TCP/IP connections |
A=IPC |
Is no longer available as a first mailer argument |
The following table lists the new rule sets and describes what the rule sets do.
Table 24–21 New Rule Sets
Set |
Description |
---|---|
Correlates information that is gathered between headers and checks for missing headers. This rule set is used with the macro storage map and is called after all of the headers have been collected. |
|
Uses the ETRN command (as check_rcpt uses RCPT). |
|
Uses the EXPN command (as check_rcpt uses RCPT). |
|
Uses the VRFY command (as check_rcpt uses RCPT). |
The following list describes new rule set features.
Numbered rule sets are also named, but the rule sets can still be accessed by their numbers.
The H header configuration file command allows for a default rule set to be specified for header checks. This rule set is called only if the individual header has not been assigned its own rule set.
Comments in rule sets (that is, text within parentheses) are not removed if the configuration file version is nine or greater. For example, the following rule matches the input token (1), but does not match the input token.
R$+ (1) $@ 1 |
sendmail accepts the SMTP RSET command even when it rejects commands because of TCP wrappers or the check_relay rule set.
You receive a warning if you set the OperatorChars option multiple times. Also, do not set OperatorChars after the rule sets are defined.
The name of the rule set, as well as its lines, are ignored if an invalid rule set is declared. The rule set lines are not added to S0.
The helpfile is now located in /etc/mail/helpfile. The old name (/etc/mail/sendmail.hf) has a symbolic link that points to the new name.
The trusted-users file is now located in /etc/mail/trusted-users. During an upgrade, if the old name (/etc/mail/sendmail.ct) is detected, but not the new name, a hard link from the old name to the new name is created. Otherwise, no change is made. The default content is root.
The local-host-names file is now located in /etc/mail/local-host-names. During an upgrade, if the old name (/etc/mail/sendmail.cw) is detected, but not the new name, a hard link from the old name to the new name is created. Otherwise, no change is made. The default content is zero length.
The new name for /usr/lib/mail/cf/main-v7sun.mc is /usr/lib/mail/cf/main.mc.
The new name for /usr/lib/mail/cf/subsidiary-v7sun.mc is /usr/lib/mail/cf/subsidiary.mc.
In version 8.12 of sendmail, IPv6 addresses that are used in configuration should be prefixed with the IPv6: tag to identify the address properly. If you are not identifying an IPv6 address, a prefix tag is not used.
The following table describes the new command-line options for the mail.local program, which is used by sendmail as a delivery agent for local mail.
Table 24–22 New Command-Line Options for mail.local
Option |
Description |
---|---|
-7 |
Prevents the Local Mail Transfer Protocol (LMTP) mode from advertising 8BITMIME support in the LHLO response |
-b |
Causes a permanent error instead of a temporary error if a mailbox exceeds its quota |
mail.local is the default for LMTP mode. However, for this release, if you choose to use mail.local as the local delivery agent without being in LMTP mode, you need to do one of the following to set the S flag.
Use the following syntax for the configuration file.
MODIFY_MAILER_FLAGS(`LOCAL', `+S') # for the configuration file |
Alternately, perform the following two steps for m4 configuration.
define(`MODIFY_MAILER_FLAGS', `S')dnl # first step MAILER(local)dnl # second step |
MODIFY_MAILER_FLAGS is a new macro that is used to build the configuration file. For details, refer to New Macros Used to Build the sendmail Configuration File.
For a complete review, refer to the mail.local(1M) man page.
The mailstats program, which provides statistics on mailer usage, is packaged with the sendmail program. The following table describes new options in mailstats.
Table 24–23 New mailstats Options
Option |
Description |
---|---|
-C filename |
Specifies a sendmail configuration file |
-p |
Provides clear statistics in a program-readable mode |
-P |
Also provides clear statistics in a program-readable mode, but this option does not truncate the statistics file |
For more information, refer to the mailstats(1) man page.
The makemap command creates keyed database files for sendmail. The following table describes new makemap options. When you declare options, use the following syntax.
makemap options class filename |
When you use the preceding syntax, remember the following.
options are preceded by a dash (for example, -dN).
class refers to the type of database (for example, btree, dbm, or hash).
filename refers to the full path (or relative name) for the database file.
Option |
Description |
---|---|
-C |
Uses the specified sendmail configuration file for finding the TrustedUser option |
-c |
Uses the specified hash and btree cache size |
-e |
Allows an empty value from the right-hand side (RHS) |
-l |
Lists map types that are supported |
-t |
Specifies a different delimiter, instead of white space |
-u |
Dumps (unmaps) the contents of the database to standard output |
If makemap is running as root, the ownership of the generated maps is automatically changed to the TrustedUser, as specified in the sendmail configuration file. For more information about the TrustedUser option, refer to Table 24–2.
For more information, refer to the makemap(1M) man page.
Use the new maintenance command, editmap, to query and edit single records in keyed database maps for sendmail. From the command line, use the following syntax.
editmap options maptype mapname key "value" |
options are preceded by a dash (for example, -Nf). The man page provides a list of options and explains how each option functions.
maptype refers to the type of database. editmap can use btree, dbm, and hash.
mapname refers to the full path or relative name for the database file.
key refers to a single string or multitoken string that you can use for searches.
“value” refers to the string that appears to the right of the key in a keyed database file. In the following example, man is the key and man@example.com is the assigned value for that key.
man man@host.com |
For a detailed description and a list of options, refer to the editmap(1M) man page.
The following list describes other changes and features of interest.
As noted in RFC 2476, sendmail now listens for submissions on port 587.
As was noted in the Release Notes that are part of the sendmail distribution at ftp://ftp.sendmail.org, the XUSR SMTP command is deprecated. Mail user agents should begin using RFC 2476 Message Submission for initial user message submission.
The Content-Length: header is no longer provided in messages that are piped to programs with any version of the Sun configuration files. However, this header is still provided for ordinary mailbox deliveries that use any version of the Sun configuration files.
sendmail now accepts connections when disk space is low, but in such situations it allows only ETRN commands.
Entries in the alias file can be continued by putting a backslash directly before the new line.
The timeout for sending a message by way of SMTP has been changed to check for delivery progress every five minutes. This change detects an inability to send information more quickly and reduces the number of processes that are waiting to time out.
You can now copy the contents of a class to another class by using the syntax of the following example.
C{Dest} $={Source} |
In the preceding example, all items in class $={Source} are copied into class $={Dest}.
The maps are no longer optional by default. Also, if a problem occurs with a map, you receive an error message.
Canonification is no longer attempted for any host or domain in class P ($=P).
The = equate is not included in an option expansion if no value is associated with the option.
Route addresses are stripped. For example, <@a,@b,@c:user@d> is converted to <user@d>.