Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Wednesday, July 27, 2022

sendmail (8)


sendmail - send mail over the internet


/usr/lib/sendmail [-Ac] [-Am] [-ba] [-bD] [-bd] [-bi] [-bl]
[-bm] [-bp] [-bP] [-bs] [-bt] [-bv] [-B type] [-C file]
[-D logfile] [-d X] [-F fullname] [-f name] [-G]
[-h N] [-L tag] [-M xvalue] [-N notifications] [-n]
[-Ooption =value] [-o xvalue] [-p protocol]
[-Q [reason]] [-q [time]] [-q Xstring] [-R ret]
[-r name] [-t] [-V envid] [-v] [-X logfile]


System Administration Commands                                     sendmail(8)

       sendmail - send mail over the internet

       /usr/lib/sendmail [-Ac] [-Am] [-ba] [-bD] [-bd] [-bi] [-bl]
            [-bm] [-bp] [-bP] [-bs] [-bt] [-bv] [-B type] [-C file]
            [-D logfile] [-d X] [-F fullname] [-f name] [-G]
            [-h N] [-L tag] [-M xvalue] [-N notifications] [-n]
            [-Ooption =value] [-o xvalue] [-p protocol]
            [-Q [reason]] [-q [time]] [-q Xstring] [-R ret]
            [-r name] [-t] [-V envid] [-v] [-X logfile]

       The sendmail utility sends a message to one or more people, routing the
       message over whatever networks are necessary. sendmail  does  internet-
       work  forwarding  as  necessary  to  deliver the message to the correct

       sendmail is not intended as a user interface  routine.  Other  programs
       provide user-friendly front ends. sendmail is used only to deliver pre-
       formatted messages.

       With no flags, sendmail reads its standard input up to  an  EOF,  or  a
       line  with  a single dot, and sends a copy of the letter found there to
       all of the addresses listed. It determines the network to use based  on
       the syntax and contents of the addresses.

       Local  addresses  are  looked  up in the local aliases(5) file, or in a
       name service as defined  by  the  nsswitch.conf(5)  file,  and  aliased
       appropriately.  In  addition,  if there is a .forward file in a recipi-
       ent's home directory, sendmail forwards a copy of each message  to  the
       list  of  recipients that file contains. Refer to the NOTES section for
       more information about .forward files. Aliasing  can  be  prevented  by
       preceding the address with a backslash.

       There  are  several conditions under which the expected behavior is for
       the alias database to be either built or  rebuilt.  This  cannot  occur
       under  any  circumstances unless root owns and has exclusive write per-
       mission to the /etc/mail/aliases* files.

       If a message is found to be undeliverable, it is returned to the sender
       with  diagnostics that indicate the location and nature of the failure;
       or, the message is placed in a dead.letter file in  the  sender's  home

   Service Management
       The  sendmail  service  is  managed by the service management facility,
       smf(7), under the service identifiers:


       Administrative actions on these services, such as enabling,  disabling,
       or  requesting restart, can be performed using svcadm(8). The services'
       status can be queried using the svcs(1) command.

       These are separate services rather than instances of the  same  service
       so  that  other services can properly express any dependencies. In par-
       ticular, here are some guidelines about which  service/instance  should
       be depended on for which purposes:

           o      For  a  service that uses sendmail to send mail, an optional
                  dependency on the service svc:/network/sendmail-client might
                  be in order.

           o      For  a  service  that  needs to receive mail in general, but
                  does not  depend  on  sendmail  being  the  particular  SMTP
                  receiver,  a  dependency  on  the  service svc:/network/smtp
                  might be in order.

           o      For a service that needs to interact with sendmail  in  par-
                  ticular,  such  as  a  Milter,  a dependency on the instance
                  svc:/network/smtp:sendmail might be in order.

       For the last two, note the difference, as the latter  has  the  ":send-
       mail"  instance specification, whereas the former does not, thus repre-
       senting the more general service.

   Enabling Access to Remote Clients
       On an unmodified system,  access  to  sendmail  by  remote  clients  is
       enabled  and  disabled  through  the  service  management facility (see
       smf(7)). In particular, remote access is determined by the value of the
       local_only SMF property:

         svc:/network/smtp:sendmail/config/local_only = true

       A  setting  of  true,  as  above, disallows remote access; false allows
       remote access. The default value is true.

       The following example shows the sequence of SMF commands used to enable
       sendmail to allow access to remote systems:

         # svccfg -s svc:/network/smtp:sendmail setprop config/local_only = false
         # svcadm refresh svc:/network/smtp:sendmail
         # svcadm restart svc:/network/smtp:sendmail

       See svcadm(8) and svccfg(8).

       Note, however, on a system where any of the sendmail(5) files have been
       customized, setting this property might not have the  intended  effect.
       See sendmail(5) for details.

   Automated Rebuilding of Configuration Files
       See  sendmail(5)  for details on which service properties can be set to
       automate (re)building  of  configuration  files  when  the  service  is

   Restricting Host Access
       sendmail  uses  TCP  Wrappers  to restrict access to hosts. It uses the
       service name of sendmail for hosts_access(). For  more  information  on
       TCP Wrappers, see tcpd(8) and hosts_access(5) in the security/tcp-wrap-
       per package. tcpd(8) and hosts_access(5) are not part  of  the  Solaris
       man pages.

   Startup Options
       The  /etc/default/sendmail  file stores startup options for sendmail so
       that the options are not removed when a  host  is  upgraded.  See  also
       sendmail(5) for details on which service properties can be set to auto-
       mate (re)building of configuration files when the service is started.

       You can  use  the  following  variables  in  the  /etc/default/sendmail
       startup file:


           Selects additional options to be used with the client daemon, which
           looks in the client-only queue (/var/spool/clientmqueue)  and  acts
           as a client queue runner. No syntax checking is done, so be careful
           when making changes to this variable.


           Similar to the QUEUEINTERVAL option, CLIENTQUEUEINTERVAL  sets  the
           time interval for mail queue runs. However, the CLIENTQUEUEINTERVAL
           option controls the functions of the client daemon, instead of  the
           functions  of  the  master  daemon. Typically, the master daemon is
           able to deliver all messages to the SMTP port. However, if the mes-
           sage  load  is  too  high or the master daemon is not running, then
           messages go into the  client-only  queue,  /var/spool/clientmqueue.
           The client daemon, which checks in the client-only queue, then acts
           as a client queue processor.


           Enables an SMTP client and server to interact  immediately  without
           waiting for the queue run intervals, which are periodic. The server
           can immediately deliver the portion of its queue that goes  to  the
           specified  hosts.  For  more  information, refer to the etrn(8) man


           Selects the mode to start sendmail with.  Use  the  -bd  option  or
           leave it undefined.


           Selects  additional  options  to be used with the master daemon. No
           syntax checking is done, so be careful when making changes to  this


           Sets  the  interval for mail queue runs on the master daemon. # can
           be a positive integer that is followed by either s for  seconds,  m
           for minutes, h for hours, d for days, or w for weeks. The syntax is
           checked before sendmail is started. If the interval is negative  or
           if  the entry does not end with an appropriate letter, the interval
           is ignored and sendmail starts with a queue interval of 15 minutes.


           Enables one persistent queue runner that sleeps between  queue  run
           intervals,  instead of a new queue runner for each queue run inter-
           val. You can set this option to p, which is the only setting avail-
           able. Otherwise, this option is not set.

   Mail Filter API
       sendmail  supports a mail filter API called "milter". For more informa-
       tion, see /usr/include/libmilter/README and http://www.milter.org

       The following options are supported:


           Uses submit.cf even if the operation mode does not indicate an ini-
           tial mail submission.


           Uses  sendmail.cf  even  if the operation mode indicates an initial
           mail submission.


           Goes into ARPANET mode. All input lines must  end  with  a  RETURN-
           LINEFEED,  and all messages are generated with a RETURN-LINEFEED at
           the end. Also, the From: and Sender: fields are  examined  for  the
           name of the sender.


           Check the configuration file.


           Runs  as a daemon in the background, waiting for incoming SMTP con-


           Runs as a daemon in the foreground, waiting for incoming SMTP  con-


           Initializes  the aliases(5) database. Root must own and have exclu-
           sive write permission to the /etc/mail/aliases* files for  success-
           ful use of this option.


           Runs  as a daemon (like -bd) but accepts only loopback SMTP connec-


           Delivers mail in the usual way (default).


           Prints a summary of the mail queues.


           Prints the number of entries in the queues.  This  option  is  only
           available with shared memory support.


           Uses  the SMTP protocol as described in RFC 2821. This flag implies
           all the operations of the -ba flag that are compatible with SMTP.


           Runs in address test mode. This mode reads addresses and shows  the
           steps in parsing; it is used for debugging configuration tables.


           Verifies  names only. Does not try to collect or deliver a message.
           Verify mode is normally used for validating users or mailing lists.

       -B type

           Indicates body type (7BIT or 8BITMIME).

       -C file

           Uses alternate configuration file.

       -D logfile

           Send debugging output to the indicated log file instead of stdout.

       -d X

           Sets debugging value to X.

       -f name

           Sets the name of the "from" person (that  is,  the  sender  of  the

       -F fullname

           Sets the full name of the sender.


           When  accepting messages by way of the command line, indicates that
           they are for relay (gateway) submission. When  this  flag  is  set,
           sendmail  might  complain about syntactically invalid messages, for
           example, unqualified host names, rather than fixing them.  sendmail
           does not do any canonicalization in this mode.

       -h N

           Sets  the  hop  count to N. The hop count is incremented every time
           the mail is processed.  When  it  reaches  a  limit,  the  mail  is
           returned with an error message, the victim of an aliasing loop.

       -L tag

           Sets the identifier used in syslog messages to the supplied tag.


           Sets macro x to the specified value.


           Does not do aliasing.

       -N notifications

           Tags  all  addresses  being sent as wanting the indicated notifica-
           tions, which consists of the word "NEVER" or a comma-separated list
           of "SUCCESS", "FAILURE", and "DELAY" for successful delivery, fail-
           ure and a message that is stuck in a queue somewhere.  The  default
           is "FAILURE,DELAY".


           Sets  option  x  to  the  specified  value.  Processing Options are
           described below.


           Sets option to the specified value (for long from names).  Process-
           ing Options are described below.

       -p protocol

           Sets the sending protocol. The protocol field can be in form proto-
           col:host to set both the sending protocol and the sending host. For
           example:  -pUUCP:uunet  sets  the  sending protocol to UUCP and the
           sending host to uunet. Some existing programs use -oM to set the  r
           and s macros; this is equivalent to using -p.


           Processes  saved  messages in the queue at given intervals. If time
           is omitted, processes the queue once. time is  given  as  a  tagged
           number,  where  s  is seconds, m is minutes, h is hours, d is days,
           and w is weeks. For example, -q1h30m or -q90m would  both  set  the
           timeout to one hour thirty minutes.

           By  default,  sendmail  runs  in the background. This option can be
           used safely with -bd.


           Similar to -q[time], except that instead of periodically forking  a
           child  to  process  the  queue,  sendmail forks a single persistent
           child for each queue that alternates between processing  the  queue
           and  sleeping.  The sleep time (time) is specified as the argument;
           it defaults to 1 second. The process always sleeps at least 5  sec-
           onds if the queue was empty in the previous queue run.


           Processes  saved  messages  in the queue once and does not fork(2),
           but runs in the foreground.

       -qG name

           Processes jobs in queue group called name only.

       -q[!]I substr

           Limits processed jobs to those containing substr as a substring  of
           the queue ID or not when ! is specified.

       -q[!]Q substr

           Limits  processed  jobs to those quarantined jobs containing substr
           as a substring of the quarantine reason or not when ! is specified.

       -q[!]R substr

           Limits processed jobs to those containing substr as a substring  of
           one of the recipients or not when ! is specified.

       -q[!]S substr

           Limits  processed jobs to those containing substr as a substring of
           the sender or not when ! is specified.


           Quarantines a normal queue item with the given reason or  unquaran-
           tines  a  quarantined queue item if no reason is given. This should
           only be used with some sort of item matching as described above.

       -r name

           An alternate and obsolete form of the -f flag.

       -R ret

           Identifies  the  information  you  want  returned  if  the  message
           bounces.  ret can be HDRS for headers only or FULL for headers plus


           Reads message for recipients. To:,Cc:, and Bcc: lines  are  scanned
           for  people  to  send to. The Bcc: line is deleted before transmis-
           sion. Any addresses in the argument list is suppressed.  The  NoRe-
           cipientAction  Processing Option can be used to change the behavior
           when no legal recipients are included in the message.


           Goes into verbose mode. Alias  expansions  are  announced,  and  so

       -V envid

           The  indicated envid is passed with the envelope of the message and
           returned if the message bounces.

       -X logfile

           Logs all traffic in and out of sendmail in  the  indicated  logfile
           for  debugging  mailer  problems.  This produces a lot of data very
           quickly and should be used sparingly.

   Processing Options
       There are a number of "random" options that can be set from a  configu-
       ration file. Options are represented by a single character or by multi-
       ple character names. The syntax for the single character names of is:


       This sets option x to be value. Depending on the option, value may be a
       string,  an  integer,  a  boolean (with legal values t, T, f, or F; the
       default is TRUE), or a time interval.

       The multiple character or long names use this syntax:

         O Longname=argument

       This sets the option Longname to be argument. The long names are  bene-
       ficial  because  they are easier to interpret than the single character

       Not all processing options have single character names associated  with
       them. In the list below, the multiple character name is presented first
       followed by the single character syntax enclosed in parentheses.

       AliasFile (Afile)

           Specifies possible alias files.

       AliasWait (a N)

           If set, waits up to N minutes for an "@:@" entry to  exist  in  the
           aliases(5)  database before starting up. If it does not appear in N
           minutes, issues a warning. Defaults to 10 minutes.


           Allows a HELO SMTP command that does not include a  host  name.  By
           default this option is disabled.


           If set and more than the specified number of recipients in a single
           SMTP envelope are  rejected,  sleeps  for  one  second  after  each
           rejected RCPT command.

       BlankSub (Bc)

           Sets  the  blank  substitution  character  to c. Unquoted spaces in
           addresses are replaced by this character. Defaults to  SPACE  (that
           is, no change is made).


           File containing one CA cert.


           Path to directory with certs of CAs.


           Specify the fingerprint algorithm (digest) to use for the presented
           cert. If the  option  is  not  set,  md5  is  used  and  the  macro
           ${cert_md5} contains the cert fingerprint. If the option is explic-
           itly set, the specified algorithm (example: sha1) is used  and  the
           macro ${cert_fp} contains the cert fingerprint.

       CheckAliases (n)

           Validates  the  RHS of aliases when rebuilding the aliases(5) data-

       CheckpointInterval (CN)

           Checkpoints the queue every N (default 10) addresses sent. If  your
           system  crashes  during  delivery  to  a  large list, this prevents
           retransmission to any but the last N recipients.


           Specify  cipher  list  for  STARTTLS.   By   default   ECDHE-ECDSA-
           AES256-GCM-SHA384,     ECDHE-RSA-AES128-GCM-SHA256,    ECDHE-ECDSA-
           AES128-GCM-SHA256, TLSv1.2:!aNULL:!eNULL, DHE-RSA-AES256-SHA,  DHE-
           DSS-AES256-SHA,  DHE-RSA-AES128-SHA,  and  DHE-DSS-AES128-SHA.  The
           CipherList is passed to SSL_set_cipher_list(3openssl).

       ClassFactor (zfact)

           The indicated factor  fact  is  multiplied  by  the  message  class
           (determined  by  the Precedence: field in the user header and the P
           lines in the configuration file) and subtracted from the  priority.
           Thus,  messages  with  a  higher Priority: are favored. Defaults to


           File containing the cert of the client, that is, this cert is  used
           when sendmail acts as client.


           File containing the private key belonging to the client cert.


           Sets  client  SMTP  options. The options are key=value pairs. Known
           keys are:

           Addr Address Mask

               Address Mask defaults to INADDR_ANY. The address mask can be  a
               numeric address in dot notation or a network name.


               Address family (defaults to INET).


               Size of listen queue (defaults to 10).


               Name/number of listening port (defaults to smtp).


               The size of the TCP/IP receive buffer.


               The size of the TCP/IP send buffer.


               Options (flags) for the daemon. Can be:


                   Uses name of interface for HELO command.

               If  h  is set, the name corresponding to the outgoing interface
               address (whether chosen by means of the Connection parameter or
               the default) is used for the HELO/EHLO command.


           A  space separated list of SSL related options for client side. The
           values depend on the OpenSSL version against which sendmail is com-
           piled.  By default, SSL_OP_ALL, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1,
           SSL_OP_NO_SSLv2,     SSL_OP_NO_SSLv3,     SSL_OP_NO_TICKET,     and
           -SSL_OP_TLSEXT_PADDING  are used, provided these options are avail-
           able. Options can be cleared by preceding them  with  a  minus  (-)
           sign. It is also possible to specify numerical values, for example,


           If set, colons are treated as a regular character in addresses.  If
           not  set, they are treated as the introducer to the RFC 822 "group"
           syntax. This option is on for version  5  and  lower  configuration

       ConnectionCacheSize (kN)

           The  maximum  number of open connections that are to be cached at a
           time. The default is 1. This delays closing the current  connection
           until  either  this  invocation  of  sendmail  needs  to connect to
           another host or it terminates. Setting it to 0 defaults to the  old
           behavior, that is, connections are closed immediately.

       ConnectionCacheTimeout (Ktimeout)

           The maximum amount of time a cached connection is permitted to idle
           without activity. If this time is exceeded, the connection is imme-
           diately  closed.  This  value  should be small (on the order of ten
           minutes). Before sendmail uses a cached connection, it always sends
           a  NOOP (no operation) command to check the connection. If the NOOP
           command fails, it reopens the connection. This keeps your end  from
           failing  if the other end times out. The point of this option is to
           be a good network neighbor and avoid using up  excessive  resources
           on the other end. The default is five minutes.


           The  maximum number of connections permitted per second. After this
           many connections are accepted, further connections are delayed.  If
           not set or <= 0, there is no limit.


           Define  the length of the interval for which the number of incoming
           connections is maintained. The default is 60 seconds.


           Name of the control socket for daemon management. A  running  send-
           mail  daemon  can  be  controlled  through this Unix domain socket.
           Available commands are: help, restart, shutdown,  and  status.  The
           status  command  returns the current number of daemon children, the
           free disk space (in blocks) of the queue directory,  and  the  load
           average of the machine expressed as an integer. If not set, no con-
           trol socket is available. For  the  sake  of  security,  this  Unix
           domain  socket  must  be in a directory which is accessible only by
           root; /var/spool/mqueue/.smcontrol is recommended  for  the  socket


           File  containing  certificate revocation status, useful for X.509v3

       DaemonPortOptions (Ooptions)

           Sets server SMTP options. The options are  key=value  pairs.  Known
           keys are:


               User-definable  name  for  the  daemon (defaults to "Daemon#").
               Used for error messages and logging.


               Address mask (defaults INADDR_ANY).

               The address mask may be a numeric address in dot notation or  a
               network name.


               Address family (defaults to INET).


               List of input mail filters for the daemon.


               Size of listen queue (defaults to 10).


               Options  (flags) for the daemon; can be a sequence (without any
               delimiters) of:


                   Requires authentication.


                   Binds to interface through which mail has been received.


                   Performs hostname canonification (.cf).


                   Requires fully qualified hostname (.cf).


                   Uses name of interface for HELO command.


                   Allows unqualified addresses (.cf).


                   Does not perform hostname canonification.


                   Disallows ETRN (see RFC 2476).


               User-definable name for the daemon (defaults to Daemon#).  Used
               for error messages and logging.


               Name/number of listening port (defaults to smtp).


               The size of the TCP/IP receive buffer.


               The size of the TCP/IP send buffer.


               Maximum number of children per daemon. See MaxDaemonChildren.


               Delivery mode per daemon. See DeliveryMode.


               RefuseLA per daemon.


               DelayLA per daemon.


               QueueLA per daemon.

           sendmail listens on a new socket for each occurrence of the Daemon-
           PortOptions option in a configuration file.


           Sets the threshold, in bytes, before a memory-bases queue data file
           becomes disk-based. The default is 4096 bytes.


           Defines  the location of the system-wide dead.letter file, formerly
           hard-coded to /var/tmp/dead.letter. If this option is not set  (the
           default),  sendmail  does  not  attempt  to  save  to a system-wide
           dead.letter file in the event it cannot bounce the mail to the user
           or  postmaster.  Instead,  it  renames the qf file as it has in the
           past when the dead.letter file could not be opened.


           Sets the default character set to use when converting  unlabeled  8
           bit input to MIME.

       DefaultUser (ggid) or (uuid)

           Sets  the  default group ID for mailers to run in to gid or set the
           default userid for mailers to uid. Defaults to  1.  The  value  can
           also be given as a symbolic group or user name.


           When  the  system  load average exceeds LA, sendmail sleeps for one
           second on most SMTP commands and before accepting connections.


           Sets minimum time for Deliver By SMTP Service Extension (RFC 2852).
           If  0,  no  time  is  listed,  if less than 0, the extension is not
           offered, if greater than 0, it is listed as minimum  time  for  the
           EHLO keyword DELIVERBY.

       DeliveryMode (dx)

           Delivers in mode x. Legal modes are:


               Delivers interactively (synchronously).


               Delivers in background (asynchronously).


               Deferred  mode.  Database lookups are deferred until the actual
               queue run.


               Just queues the message (delivers during queue run).

           Defaults to b if no option is specified, i if it is  specified  but
           given no argument (that is, Od is equivalent to Odi).


           File containing the DH parameters.


           If  a  connection  fails,  waits this many seconds and tries again.
           Zero means "do not retry".


           If set, overrides the file safety checks. This  compromises  system
           security   and   should   not   be   used.   See   http://www.send-
           mail.org/tips/dontBlameSendmail for more information.


           If set, $[ ... $] lookups that do DNS-based lookups do  not  expand
           CNAME records.


           If  set,  the  initgroups(3C)  routine is never invoked. If you set
           this, agents run  on  behalf  of  users  only  have  their  primary
           (/etc/passwd) group permissions.


           If  set,  sendmail  does  not insert the names and addresses of any
           local interfaces into the $=w class. If set, you must also  include
           support  for  these  addresses, otherwise mail to addresses in this
           list bounces with a configuration error.

       DontPruneRoutes (R)

           If set, does not prune route-addr syntax addresses to  the  minimum


           If  an error occurs when sending an error message, sends that "dou-
           ble bounce" error message to this address.

       EightBitMode (8)

           Uses 8-bit data handling. This option requires one of the following
           keys.  The  key can selected by using just the first character, but
           using the full word is better for clarity.


               Does any necessary conversion of 8BITMIME to 7-bit.


               Passes unlabeled 8-bit input through as is.


               Rejects unlabeled 8-bit input.

       ErrorHeader (Efile/message)

           Appends error messages with the indicated  message.  If  it  begins
           with a slash, it is assumed to be the pathname of a file containing
           a message (this is the recommended setting).  Otherwise,  it  is  a
           literal  message.  The  error  file  might  contain the name, email
           address, and/or phone number of a local postmaster who  could  pro-
           vide  assistance to end users. If the option is missing or NULL, or
           if it names a file which does not exist or which is  not  readable,
           no message is printed.

       ErrorMode (ex)

           Disposes of errors using mode x. The values for x are:


               Mails back errors and gives 0 exit status always.


               Mails back errors.


               Prints error messages (default).


               No messages, just gives exit status.


               Writes back errors (mail if user not logged in).

       FallbackMXhost (Vfallbackhost)

           If  specified, the fallbackhost acts like a very low priority MX on
           every host. This is intended to be used by sites with poor  network


           If  specified, the fallBackSmartHost is used in a last-ditch effort
           for each host. This is intended to be  used  by  sites  with  "fake
           internal DNS". That is, a company whose DNS accurately reflects the
           world inside that company's domain but not outside.


           If set to a value greater than zero (the default is one),  it  sup-
           presses the MX lookups on addresses when they are initially sorted,
           that is, for the first delivery attempt. This  usually  results  in
           faster  envelope splitting unless the MX records are readily avail-
           able in a local DNS cache. To enforce initial sorting based  on  MX
           records  set  FastSplit  to zero. If the mail is submitted directly
           from the command line, then the value also  limits  the  number  of
           processes  to  deliver the envelopes; if more envelopes are created
           they are only queued up and must be taken care of by a  queue  run.
           Since  the default submission method is by way of SMTP (either from
           a MUA or by way of the Message Submission Program [MSP]), the value
           of  FastSplit  is  seldom  used to limit the number of processes to
           deliver the envelopes.

       ForkEachJob (Y)

           If set, delivers each job that is run from the queue in a  separate
           process.  Use  this  option  if  you are short of memory, since the
           default tends to consume considerable amounts of memory  while  the
           queue is being processed.

       ForwardPath (Jpath)

           Sets  the path for searching for users' .forward files. The default
           is $z/.forward. Some sites that use the automounter may  prefer  to
           change  this to /var/forward/$u to search a file with the same name
           as the user in a system directory. It can also be set to a sequence
           of  paths  separated by colons; sendmail stops at the first file it
           can  successfully  and  safely   open.   For   example,   /var/for-
           ward/$u:$z/.forward  searches  first  in /var/forward/ username and
           then in ~username/.forward (but only if the  first  file  does  not
           exist). Refer to the NOTES section for more information.


           Sets the name to be used for HELO/EHLO (instead of $j).

       HelpFile (Hfile)

           Specifies the help file for SMTP.

       HoldExpensive (c)

           If  an  outgoing mailer is marked as being expensive, does not con-
           nect immediately.


           Sets the file to use when doing "file" type access of host names.


           If set, host status is kept on disk between sendmail  runs  in  the
           named  directory tree. If a full path is not used, then the path is
           interpreted relative to the queue directory.

       IgnoreDots (i)

           Ignores dots in incoming messages. This is  always  disabled  (that
           is, dots are always accepted) when reading SMTP mail.

       LogLevel (Ln)

           Sets the default log level to n. Defaults to 9.


           Sets  the  macro x to value. This is intended only for use from the
           command line.


           Type of lookup to find information about local mail boxes, defaults
           to  pw  which  uses  getpwnam(3C). Other types can be introduced by
           adding them to the source code, see libsm/mbdb.c for details.

       MatchGECOS (G)

           Tries to match recipient names using the GECOS field.  This  allows
           for  mail to be delivered using names defined in the GECOS field in
           /etc/passwd as well as the login name.


           The maximum number of children the daemon permits. After this  num-
           ber,  connections  are  rejected.  If  not  set or <=0, there is no

       MaxHopCount (hN)

           The maximum hop count. Messages that have been processed more  than
           N  times  are assumed to be in a loop and are rejected. Defaults to


           The maximum size of messages that are accepted (in bytes).


           Sets the maximum length of certain MIME header field  values  to  M
           characters.  For  some  of these headers which take parameters, the
           maximum length of each parameter is set to N if specified. If /N is
           not  specified, one half of M is used. By default, these values are
           0, meaning no checks are done.


           Overrides the default of 20 for the number of useless commands.


           Don't process any queued jobs that have been in the queue less than
           the  indicated  time interval. This is intended to allow you to get
           responsiveness by processing the queue fairly and frequently  with-
           out  thrashing  your  system  by trying jobs too often. The default
           units are minutes.

           Note -

             This option is ignored for queue runs that select a subset of the
             queue, that is, -q[!][I|R|S|Q][string].


           When  set,  this  limits the number of concurrent queue runner pro-
           cesses to N. This helps to control the amount of  system  resources
           used  when  processing  the  queue.  When  there are multiple queue
           groups defined and the total number  of  queue  runners  for  these
           queue  groups  would  exceed MaxQueueChildren then the queue groups
           are not all run concurrently. That is, some portion  of  the  queue
           groups  run  concurrently  such  that  MaxQueueChildren  is  not be
           exceeded, while the remaining queue groups are run later (in  round
           robin order). See MaxRunnersPerQueue.


           If set, limits the maximum size of any given queue run to this num-
           ber of entries. This stops reading the queue directory  after  this
           number of entries is reached; job priority is not used. If not set,
           there is no limit.


           This sets the default maximum number of  queue  runners  for  queue
           groups.  Up  to N queue runners work in parallel on a queue group's
           messages. This is useful where the processing of a message  in  the
           queue  might  delay  the  processing of subsequent messages. Such a
           delay can be the result of non-erroneous situations such as  a  low
           bandwidth  connection.  The  can be overridden on a per queue group
           basis by setting the Runners option. The default is 1 when not set.

       MeToo (m)

           Sends to me too, even if I am in an alias expansion.


           If set, allows no more than the specified number of  recipients  in
           an  SMTP  envelope. Further recipients receive a 452 error code and
           are deferred for the next delivery attempt.

       MinFreeBlocks (bN/M)

           Insists on at least N blocks free on the file system that holds the
           queue  files  before  accepting  email  by way of SMTP. If there is
           insufficient space, sendmail gives a 452 response to the MAIL  com-
           mand. This invites the sender to try again later. The optional M is
           a maximum message size advertised in the ESMTP EHLO response. It is
           currently otherwise unused.


           Specifies  the  amount  of time a job must sit in the queue between
           queue runs. This allows you to set the queue run interval  low  for
           better  responsiveness  without  trying  all  jobs in each run. The
           default value is 0.


           Specifies the characters to  be  quoted  in  a  full  name  phrase.
           &,;:\()[] are quoted automatically.


           Specifies the priority of queue runners. See nice(1).


           Sets  action  if there are no legal recipient files in the message.
           The legal values are:


               Adds an Apparently-to: header with  all  the  known  recipients
               (which may expose blind recipients).


               Adds an empty Bcc: header.


               Adds  a  To:  header  with  all the known recipients (which may
               expose blind recipients).


               Adds a To: undisclosed-recipients: header.


               Does nothing, that is, leaves the message as it is.

       OldStyleHeaders (o)

           Assumes that the headers may be in  old  format,  that  is,  spaces
           delimit names. This actually turns on an adaptive algorithm: if any
           recipient address contains a comma, parenthesis, or angle  bracket,
           it  is  assumed  that commas already exist. If this flag is not on,
           only commas delimit names. Headers are always  output  with  commas
           between the names.

       OperatorChars or $o

           Defines  the  list  of  characters that can be used to separate the
           components of an address into tokens.


           Specifies  the  filename  of  the  pid   file.   The   default   is
           /var/run/sendmail.pid.  The filename is macro-expanded before it is
           opened, and unlinked when sendmail exits.

       PostmasterCopy (Ppostmaster)

           If set, copies of error messages are sent to the named  postmaster.
           Only  the  header  of the failed message is sent. Since most errors
           are user problems, this is probably not a good idea on large sites,
           and arguably contains all sorts of privacy violations, but it seems
           to be popular with certain operating systems vendors.

       PrivacyOptions (popt,opt,...)

           Sets privacy options. Privacy is really a misnomer; many  of  these
           options  are  just  a way of insisting on stricter adherence to the
           SMTP protocol.

           The goaway pseudo-flag sets all flags except noreceipts,  restrict-
           mailq,  restrictqrun,  restrictexpand, noetrn, and nobodyreturn. If
           mailq is restricted, only people in the same  group  as  the  queue
           directory  can  print the queue. If queue runs are restricted, only
           root and the owner of the queue directory can run  the  queue.  The
           restrict-expand  pseudo-flag  instructs sendmail to drop privileges
           when the -bv option is given by users who are neither root nor  the
           TrustedUser  so  users  cannot  read  private aliases, forwards, or
           :include: files. It adds the  NonRootSafeAddr  to  the  "DontBlame-
           Sendmail"  option to prevent misleading unsafe address warnings. It
           also overrides the -v (verbose)  command  line  option  to  prevent
           information  leakage.  Authentication  Warnings  add warnings about
           various conditions that may indicate attempts to fool the mail sys-
           tem, such as using an non-standard queue directory.

           The options can be selected from:


               Puts X-Authentication-Warning: headers in messages.


               Disallows essentially all SMTP status queries.


               Insists on HELO or EHLO command before EXPN.


               Insists on HELO or EHLO command before MAIL.


               Insists on HELO or EHLO command before VRFY.


               Do not put an X-Actual-Recipient line in a DNS that reveals the
               actual account to which an address is mapped.


               Disallows ETRN entirely.


               Disallows EXPN entirely.


               Prevents return receipts.


               Does not return the body of a message with DSNs.


               Disallows VRFY entirely.


               Allows open access.


               Restricts -bv and -v command line flags.


               Restricts mailq command.


               Restricts -q command line flag.

       ProcessTitlePrefix string

           Prefixes the process title shown on  "/usr/bin/ps  auxww"  listings
           with string. The string is macro processed.

       QueueDirectory (Qdir)

           Uses the named dir as the queue directory.

       QueueFactor (qfactor)

           Uses factor as the multiplier in the map function to decide when to
           just queue up jobs rather than run them. This value is  divided  by
           the  difference between the current load average and the load aver-
           age limit (x flag) to determine the maximum message priority to  be
           sent. Defaults to 600000.


           Defaults  permissions for queue files (octal). If not set, sendmail
           uses 0600 unless its real and effective uid are different in  which
           case it uses 0644.

       QueueLA (xLA)

           When the system load average exceeds LA, just queues messages (that
           is, does not try to send them). Defaults to eight times the  number
           of processors online when sendmail starts.


           Sets the algorithm used for sorting the queue. Only the first char-
           acter of the value is used. Legal values are host (to order by  the
           name  of  the first host name of the first recipient), filename (to
           order by the name of the queue file name), time (to  order  by  the
           submission/creation time), random (to order randomly), modification
           (to order by the modification time of the qf  file  (older  entries
           first)),  none  (to  not  order), and priority (to order by message
           priority). Host ordering makes better use of the connection  cache,
           but  may  tend to process low priority messages that go to a single
           host over high priority messages that go to several hosts; it prob-
           ably  shouldn't be used on slow network links. Filename and modifi-
           cation time ordering saves the  overhead  of  reading  all  of  the
           queued  items  before starting the queue run. Creation (submission)
           time ordering is almost always a bad idea, since it  allows  large,
           bulk  mail  to  go  out before smaller, personal mail, but may have
           applicability on some hosts with very fast connections.  Random  is
           useful  if  several  queue runners are started by hand which try to
           drain the same queue since odds are they are working  on  different
           parts  of  the  queue  at  the  same time. Priority ordering is the

       QueueTimeout (Trtime/wtime)

           Sets the queue timeout to rtime. After this interval, messages that
           have  not  been  successfully  sent  are  returned  to  the sender.
           Defaults to five days (5d). The optional wtime is  the  time  after
           which  a  warning  message  is sent. If it is missing or 0, then no
           warning messages are sent.


           File containing random data (use prefix file:) or the name  of  the
           UNIX  socket  if  EGD  is used (use prefix egd:). Note that Solaris
           supports random(4D), so this does not need to be specified.

       RecipientFactor (yfact)

           The indicated factor fact is added to the priority  (thus  lowering
           the  priority  of  the job) for each recipient, that is, this value
           penalizes jobs with large numbers of recipients. Defaults to 30000.

       RefuseLA (XLA)

           When the system load average exceeds LA, refuses incoming SMTP con-
           nections. Defaults to 12 times the number of processors online when
           sendmail starts.


           Log interval when refusing connections for this long (default: 3h).

       ResolverOptions (I)

           Tunes DNS lookups.

       RetryFactor (Zfact)

           The indicated factor fact is added to the priority every time a job
           is  processed.  Thus, each time a job is processed, its priority is
           decreased by the indicated value. In most environments this  should
           be positive, since hosts that are down are all too often down for a
           long time. Defaults to 90000.


           If this option is  set,  a  Return-Receipt-To:  header  causes  the
           request  of a DSN, which is sent to the envelope sender as required
           by RFC 1891, not to the address given in the header.


           If set,  becomes  this  user  when  reading  and  delivering  mail.
           Intended for use of firewalls where users do not have accounts.


           If  set,  sendmail does a chroot into this directory before writing

       SaveFromLine (f)

           Saves Unix-style From lines at the front of headers. Normally  they
           are assumed redundant and discarded.

       SendMimeErrors (j)

           If  set,  sends error messages in MIME format (see RFC 2045 and RFC
           1344 for details). If disabled, sendmail does not  return  the  DSN
           keyword  in  response  to  an  EHLO and does not do Delivery Status
           Notification processing as described in RFC 1891.


           File containing the cert of the server, that is, this cert is  used
           when sendmail acts as server.


           File containing the private key belonging to the server cert.


           A  space separated list of SSL related options for server side. The
           available values depend on the OpenSSL version against which  send-
           mail   is   compiled.   By  default,  SSL_OP_ALL,  SSL_OP_NO_TLSv1,
           SSL_OP_NO_TLSv1_1,    SSL_OP_NO_SSLv2,    SSL_OP_NO_SSLv3,      and
           -SSL_OP_TLSEXT_PADDING  are used, provided these options are avail-
           able. Options can be cleared by preceding them  with  a  minus  (-)
           sign.  It is also possible to specify numerical values, for example


           Defines the path to the service-switch  file.  Since  the  service-
           switch  file  is  defined in the Solaris operating environment this
           option is ignored.

       SevenBitInput (7)

           Strips input to seven bits for compatibility with old systems. This
           should not be necessary.


           Specifies  key to use for shared memory segment. If not set (or 0),
           shared memory is not be used. If this option is set,  sendmail  can
           share  some data between different instances. For example, the num-
           ber of entries in a queue directory or the  available  space  in  a
           file  system.  This  allows  for  more efficient program execution,
           since only one process needs to update the  data  instead  of  each
           individual process gathering the data each time it is required.


           If  SharedMemoryKeyFile  is  set  to -1, the automatically selected
           shared memory key will be stored in the specified file.


           If set, From: lines that have embedded newlines are unwrapped  onto
           one line.


           If  this  option  and  the HostStatusDirectory option are both set,
           uses single thread deliveries to other hosts.

       SmtpGreetingMessage or $e

           Specifies the initial SMTP greeting message.


           If set, issue temporary errors (4xy) instead  of  permanent  errors
           (5xy).  This can be useful during testing of a new configuration to
           avoid erroneous bouncing of mail.

       StatusFile (Sfile)

           Logs  statistics  in  the  named  file.   By   default,   this   is
           /etc/mail/sendmail.st.  As  root,  you  must  touch(1) this file to
           enable mailstats(1).

       SuperSafe (s)

           This option can be set to True, False, Interactive, or  PostMilter.
           If  set to True, sendmail is set to super-safe when running things,
           that is, always instantiate the queue file, even if you  are  going
           to  attempt  immediate  delivery.  sendmail always instantiates the
           queue file before returning control to the client under any circum-
           stances.  This should really always be set to True. The Interactive
           value has been introduced in 8.12 and can  be  used  together  with
           DeliveryMode=i.  It  skips  some  synchronization  calls  which are
           effectively doubled in the code execution path for  this  mode.  If
           set  to  PostMilter,  sendmail  defers synchronizing the queue file
           until any milters have signaled acceptance of the message. PostMil-
           ter  is  useful only when sendmail is running as an SMTP server; in
           all other situations it acts the same as True.

       TempFileMode (Fmode)

           Specifies the file mode for queue files.

       Timeout (rtimeouts)

           Timeout reads after time interval. The timeouts argument is a  list
           of  keyword=value  pairs. All but command apply to client SMTP. For
           backward compatibility, a timeout with no keyword= part is set  all
           of  the  longer  values.  The recognized timeouts and their default
           values, and their minimum values  specified  in  RFC  1123  section
           5.3.2 are:


               all connections for a single delivery attempt [0, unspecified]


               command read [1h, 5m]


               initial connect [0, unspecified]


               complete control socket transaction [2m, none]


               data block read [1h, 3m]


               reply to final . in data [1h, 10m]


               reply to DATA command [5m, 2m]


               file open [60sec, none]


               reply to HELO or EHLO command [5m, none]


               host retry [30m, unspecified]


               first attempt to connect to a host [0, unspecified]


               IDENT protocol timeout [5s, none]


               wait for initial greeting message [5m, 5m]


               wait for reply to an LMTP LHLO command [2m, unspecified]


               reply to MAIL command [10m, 5m]


               reply to NOOP and VERB commands [2m, none]


               undeliverable message returned [5d]


               deferred warning [4h]


               reply to QUIT command [2m, none]


               reply to RCPT command [1h, 5m]


               Resolver's  retransmission time interval (in seconds) [varies].
               Sets    both    Timeout.resolver.retrans.first    and     Time-


               Resolver's  retransmission  time  interval (in seconds) for the
               first attempt to deliver a message [varies].


               Resolver's retransmission time interval (in  seconds)  for  all
               look-ups except the first delivery attempt [varies].


               Number  of  times to retransmit a resolver query [varies]. Sets
               both       Timeout.resolver.retry.first        and        Time-


               Number  of  times  to retransmit a resolver query for the first
               attempt to deliver a message [varies].


               Number of times to retransmit a resolver query for all look-ups
               except the first delivery attempt [varies].


               reply to RSET command [5m, none]


               response to an SMTP STARTTLS command [1h]

       TimeZoneSpec (ttzinfo)

           Sets  the  local  time zone info to tzinfo, for example, "PST8PDT".
           Actually, if this is  not  set,  the  TZ  environment  variable  is
           cleared  (so  the  system  default  is  used); if set but null, the
           user's TZ variable is used, and if set and non-null, the  TZ  vari-
           able is set to this value.


           If  this  option  is  'V',  then  no  client  verification  is per-
           formed,that is, the server does not ask for a certificate.


           The user parameter can be a user name (looked up in the passwd map)
           or  a numeric user id. Trusted user for file ownership and starting
           the daemon. If set,  generated  alias  databases  and  the  control
           socket (if configured) are automatically owned by this user.

       TryNullMXList (w)

           If  you  are the "best" (that is, lowest preference) MX for a given
           host, you should normally detect this situation and treat that con-
           dition  specially,  by forwarding the mail to a UUCP feed, treating
           it as local, or whatever. However, in some cases (such as  Internet
           firewalls)  you may want to try to connect directly to that host as
           though it had no MX records at  all.  Setting  this  option  causes
           sendmail  to try this. The downside is that errors in your configu-
           ration are likely to be diagnosed as  "host  unknown"  or  "message
           timed  out"  instead  of  something more meaningful. This option is

       UnixFromLine or $l

           The "From " line used when sending to files or programs.


           If set, group-writable :include: and .forward files are  considered
           "unsafe", that is, programs and files cannot be directly referenced
           from such files.


           If set, the compressed format of IPv6 addresses, such as  IPV6:::1,
           will   be  used,  instead  of  the  uncompressed  format,  such  as

       UseErrorsTo (l)

           If there is an Errors-To:  header,  sends  error  messages  to  the
           addresses  listed  there.  They normally go to the envelope sender.
           Use of this option causes sendmail to violate RFC 1123. This option
           is not recommended and deprecated.


           Uses  as  mail  submission  program, that is, allows group writable
           queue files if the group is the same  as  that  of  a  set-group-id
           sendmail binary.

       UserDatabaseSpec (U)

           Defines  the name and location of the file containing User Database

       Verbose (v)

           Runs in verbose mode. If this is set, sendmail adjusts the  HoldEx-
           pensive and DeliveryMode options so that all mail is delivered com-
           pletely in a single job so that you can  see  the  entire  delivery
           process.  The  Verbose option should never be set in the configura-
           tion file; it is intended for command line use only.


           Sets the threshold, in bytes, before  a  memory-bases  queue  tran-
           script file becomes disk-based. The default is 4096 bytes.

       If  the first character of the user name is a vertical bar, the rest of
       the user name is used as the name of a program to pipe the mail to.  It
       may  be  necessary  to quote the name of the user to keep sendmail from
       suppressing the blanks from between arguments.

       If invoked as newaliases, sendmail rebuilds the alias database, so long
       as  the  /etc/mail/aliases* files are owned by root and root has exclu-
       sive write permission. If invoked as mailq, sendmail  prints  the  con-
       tents of the mail queue.


           address of an intended recipient of the message being sent.

       sendmail  returns  an exit status describing what it did. The codes are
       defined in /usr/include/sysexits.h.


           Successful completion on all addresses.


           User name not recognized.


           Catchall. Necessary resources were not available.


           Syntax error in address.


           Internal software error, including bad arguments.


           Temporary operating system error, such as "cannot fork".


           Host name not recognized.


           Message could not be sent immediately, but was queued.

       No environment variables are used. However, sendmail's start-up script,
       invoked by svcadm(8), reads /etc/default/sendmail. In this file, if the
       variable ETRN_HOSTS is set, the start-up script  parses  this  variable
       and invokes etrn(8) appropriately. ETRN_HOSTS should be of the form:

         "s1:c1.1,c1.2        s2:c2.1 s3:c3.1,c3.2,c3.3"

       That is, white-space separated groups of server:client where client can
       be one or more comma-separated names. The  :client  part  is  optional.
       server is the name of the server to prod; a mail queue run is requested
       for each client name. This is comparable to running:

         /usr/lib/sendmail -qR client

       on the host server.


           Unmailable text


           Contains default settings. You can override some of the settings by
           command line options.


           Mail aliases file (ASCII)


           Database of mail aliases (binary)


           Database of mail aliases (binary)


           Database of mail aliases (binary)


           Defines environment for sendmail


           Defines environment for MSP


           Lists users that are "trusted", that is, able to set their envelope
           from address using -f without generating a  warning  message.  Note
           that  this file is consulted by the default sendmail.cf, but not by
           the  default  submit.cf,   in   which   the   line   referring   to
           /etc/mail/trusted-users  is  commented  out.  See  sendmail(5)  for
           instructions on making changes to submit.cf and sendmail.cf.


           Temporary files and queued mail


           Temporary files and queued mail


           List of recipients for forwarding messages


           Describes the steps needed to compile and run a filter

       See attributes(7) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE         |       ATTRIBUTE VALUE        |
       |Availability                 |service/network/smtp/sendmail |

       mail(1), mailq(1), mailx(1), nice(1), svcs(1),  fork(2),  getpwnam(3C),
       getusershell(3C),                        SSL_set_cipher_list(3openssl),
       SSL_set_options(3openssl), resolver(3RESOLV),  random(4D),  aliases(5),
       hosts(5),  sendmail(5),  shells(5),  attributes(7), smf(7), check-host-
       name(8), check-permissions(8), etrn(8), newaliases(8), svcadm(8),  svc-

       hosts_access(5), tcpd(8) in the security/tcp-wrapper package.

       RFC 2821 Simple Mail Transfer Protocol, John Klensin, April 2001.

       RFC 2822 Internet Message Format, Pete Resnick, April 2001.

       sendmail,  Third  Edition,  Bryan Costales with Eric Allman, O'Reilly &
       Associates, Inc., 2003.



       The sendmail program requires a fully qualified host name  when  start-
       ing.  A  script  has  been  included to help verify if the host name is
       defined properly (see check-hostname(8)).

       The permissions and the ownership  of  several  directories  have  been
       changed  in  order  to  increase  security.  In  particular,  access to
       /etc/mail and /var/spool/mqueue has been restricted.

       Security restrictions have been placed users using  .forward  files  to
       pipe  mail  to  a program or redirect mail to a file. The default shell
       (as  listed  in  /etc/passwd)  of  these  users  must  be   listed   in
       /etc/shells.  This restriction does not affect mail that is being redi-
       rected to another alias.

       Additional  restrictions  have  been  put  in  place  on  .forward  and
       :include:  files. These files and the directory structure that they are
       placed in cannot be group- or world-writable. See check-permissions(8).

       If you have interfaces that map to domains that have  MX  records  that
       point  to  non-local  destinations,  you might need to enable the Dont-
       ProbeInterfaces option to enable delivery to those destinations. In its
       default  startup  behavior,  sendmail probes each interface and adds an
       interface's IP addresses, as well as any domains that  those  addresses
       map  to,  to its list of domains that are considered local. For domains
       thus added, being on the list of local domains is equivalent to  having
       a  0-preference  MX  record, with localhost as the MX value. If this is
       not the result you want, enable DontProbeInterfaces.

Solaris 11.4                      17 Jan 2022                      sendmail(8)