Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Wednesday, February 9, 2022

sendmail (8)


sendmail - send mail over the internet


/usr/lib/sendmail [-Ac] [-Am] [-ba] [-bD] [-bd] [-bi] [-bl]
[-bm] [-bp] [-bP] [-bs] [-bt] [-bv] [-B type] [-C file]
[-D logfile] [-d X] [-F fullname] [-f name] [-G]
[-h N] [-L tag] [-M xvalue] [-N notifications] [-n]
[-Ooption =value] [-o xvalue] [-p protocol]
[-Q [reason]] [-q [time]] [-q Xstring] [-R ret]
[-r name] [-t] [-V envid] [-v] [-X logfile]


System Administration Commands                                     sendmail(8)

       sendmail - send mail over the internet

       /usr/lib/sendmail [-Ac] [-Am] [-ba] [-bD] [-bd] [-bi] [-bl]
            [-bm] [-bp] [-bP] [-bs] [-bt] [-bv] [-B type] [-C file]
            [-D logfile] [-d X] [-F fullname] [-f name] [-G]
            [-h N] [-L tag] [-M xvalue] [-N notifications] [-n]
            [-Ooption =value] [-o xvalue] [-p protocol]
            [-Q [reason]] [-q [time]] [-q Xstring] [-R ret]
            [-r name] [-t] [-V envid] [-v] [-X logfile]

       The sendmail utility sends a message to one or more people, routing the
       message over whatever networks are necessary. sendmail  does  internet-
       work  forwarding  as  necessary  to  deliver the message to the correct

       sendmail is not intended as a user interface  routine.  Other  programs
       provide user-friendly front ends. sendmail is used only to deliver pre-
       formatted messages.

       With no flags, sendmail reads its standard input up to  an  EOF,  or  a
       line  with  a single dot, and sends a copy of the letter found there to
       all of the addresses listed. It determines the network to use based  on
       the syntax and contents of the addresses.

       Local  addresses  are  looked  up in the local aliases(5) file, or in a
       name service as defined  by  the  nsswitch.conf(5)  file,  and  aliased
       appropriately.  In  addition,  if there is a .forward file in a recipi-
       ent's home directory, sendmail forwards a copy of each message  to  the
       list  of  recipients that file contains. Refer to the NOTES section for
       more information about .forward files. Aliasing  can  be  prevented  by
       preceding the address with a backslash.

       There  are  several conditions under which the expected behavior is for
       the alias database to be either built or  rebuilt.  This  cannot  occur
       under  any  circumstances unless root owns and has exclusive write per-
       mission to the /etc/mail/aliases* files.

       If a message is found to be undeliverable, it is returned to the sender
       with  diagnostics that indicate the location and nature of the failure;
       or, the message is placed in a dead.letter file in  the  sender's  home

   Service Management
       The  sendmail  service  is  managed by the service management facility,
       smf(7), under the service identifiers:


       Administrative actions on these services, such as enabling,  disabling,
       or  requesting restart, can be performed using svcadm(8). The services'
       status can be queried using the svcs(1) command.

       These are separate services rather than instances of the  same  service
       so  that  other services can properly express any dependencies. In par-
       ticular, here are some guidelines about which  service/instance  should
       be depended on for which purposes:

           o      For  a  service that uses sendmail to send mail, an optional
                  dependency on the service svc:/network/sendmail-client might
                  be in order.

           o      For  a  service  that  needs to receive mail in general, but
                  does not  depend  on  sendmail  being  the  particular  SMTP
                  receiver,  a  dependency  on  the  service svc:/network/smtp
                  might be in order.

           o      For a service that needs to interact with sendmail  in  par-
                  ticular,  such  as  a  Milter,  a dependency on the instance
                  svc:/network/smtp:sendmail might be in order.

       For the last two, note the difference, as the latter  has  the  ":send-
       mail"  instance specification, whereas the former does not, thus repre-
       senting the more general service.

   Enabling Access to Remote Clients
       On an unmodified system,  access  to  sendmail  by  remote  clients  is
       enabled  and  disabled  through  the  service  management facility (see
       smf(7)). In particular, remote access is determined by the value of the
       local_only SMF property:

         svc:/network/smtp:sendmail/config/local_only = true

       A  setting  of  true,  as  above, disallows remote access; false allows
       remote access. The default value is true.

       The following example shows the sequence of SMF commands used to enable
       sendmail to allow access to remote systems:

         # svccfg -s svc:/network/smtp:sendmail setprop config/local_only = false
         # svcadm refresh svc:/network/smtp:sendmail
         # svcadm restart svc:/network/smtp:sendmail

       See svcadm(8) and svccfg(8).

       Note, however, on a system where any of the sendmail(5) files have been
       customized, setting this property might not have the  intended  effect.
       See sendmail(5) for details.

   Automated Rebuilding of Configuration Files
       See  sendmail(5)  for details on which service properties can be set to
       automate (re)building  of  configuration  files  when  the  service  is

   Restricting Host Access
       sendmail  uses  TCP  Wrappers  to restrict access to hosts. It uses the
       service name of sendmail for hosts_access(). For  more  information  on
       TCP Wrappers, see tcpd(8) and hosts_access(5) in the security/tcp-wrap-
       per package. tcpd(8) and hosts_access(5) are not part  of  the  Solaris
       man pages.

   Startup Options
       The  /etc/default/sendmail  file stores startup options for sendmail so
       that the options are not removed when a  host  is  upgraded.  See  also
       sendmail(5) for details on which service properties can be set to auto-
       mate (re)building of configuration files when the service is started.

       You can  use  the  following  variables  in  the  /etc/default/sendmail
       startup file:


           Selects additional options to be used with the client daemon, which
           looks in the client-only queue (/var/spool/clientmqueue)  and  acts
           as a client queue runner. No syntax checking is done, so be careful
           when making changes to this variable.


           Similar to the QUEUEINTERVAL option, CLIENTQUEUEINTERVAL  sets  the
           time interval for mail queue runs. However, the CLIENTQUEUEINTERVAL
           option controls the functions of the client daemon, instead of  the
           functions  of  the  master  daemon. Typically, the master daemon is
           able to deliver all messages to the SMTP port. However, if the mes-
           sage  load  is  too  high or the master daemon is not running, then
           messages go into the  client-only  queue,  /var/spool/clientmqueue.
           The client daemon, which checks in the client-only queue, then acts
           as a client queue processor.


           Enables an SMTP client and server to interact  immediately  without
           waiting for the queue run intervals, which are periodic. The server
           can immediately deliver the portion of its queue that goes  to  the
           specified  hosts.  For  more  information, refer to the etrn(8) man


           Selects the mode to start sendmail with.  Use  the  -bd  option  or
           leave it undefined.


           Selects  additional  options  to be used with the master daemon. No
           syntax checking is done, so be careful when making changes to  this


           Sets  the  interval for mail queue runs on the master daemon. # can
           be a positive integer that is followed by either s for  seconds,  m
           for minutes, h for hours, d for days, or w for weeks. The syntax is
           checked before sendmail is started. If the interval is negative  or
           if  the entry does not end with an appropriate letter, the interval
           is ignored and sendmail starts with a queue interval of 15 minutes.


           Enables one persistent queue runner that sleeps between  queue  run
           intervals,  instead of a new queue runner for each queue run inter-
           val. You can set this option to p, which is the only setting avail-
           able. Otherwise, this option is not set.

   Mail Filter API
       sendmail  supports a mail filter API called "milter". For more informa-
       tion, see /usr/include/libmilter/README and http://www.milter.org

       The following options are supported:


           Uses submit.cf even if the operation mode does not indicate an ini-
           tial mail submission.


           Uses  sendmail.cf  even  if the operation mode indicates an initial
           mail submission.


           Goes into ARPANET mode. All input lines must  end  with  a  RETURN-
           LINEFEED,  and all messages are generated with a RETURN-LINEFEED at
           the end. Also, the From: and Sender: fields are  examined  for  the
           name of the sender.


           Check the configuration file.


           Runs  as a daemon in the background, waiting for incoming SMTP con-


           Runs as a daemon in the foreground, waiting for incoming SMTP  con-


           Initializes  the aliases(5) database. Root must own and have exclu-
           sive write permission to the /etc/mail/aliases* files for  success-
           ful use of this option.


           Runs  as a daemon (like -bd) but accepts only loopback SMTP connec-


           Delivers mail in the usual way (default).


           Prints a summary of the mail queues.


           Prints the number of entries in the queues.  This  option  is  only
           available with shared memory support.


           Uses  the SMTP protocol as described in RFC 2821. This flag implies
           all the operations of the -ba flag that are compatible with SMTP.


           Runs in address test mode. This mode reads addresses and shows  the
           steps in parsing; it is used for debugging configuration tables.


           Verifies  names only. Does not try to collect or deliver a message.
           Verify mode is normally used for validating users or mailing lists.

       -B type

           Indicates body type (7BIT or 8BITMIME).

       -C file

           Uses alternate configuration file.

       -D logfile

           Send debugging output to the indicated log file instead of stdout.

       -d X

           Sets debugging value to X.

       -f name

           Sets the name of the "from" person (that  is,  the  sender  of  the

       -F fullname

           Sets the full name of the sender.


           When  accepting messages by way of the command line, indicates that
           they are for relay (gateway) submission. When  this  flag  is  set,
           sendmail  might  complain about syntactically invalid messages, for
           example, unqualified host names, rather than fixing them.  sendmail
           does not do any canonicalization in this mode.

       -h N

           Sets  the  hop  count to N. The hop count is incremented every time
           the mail is processed.  When  it  reaches  a  limit,  the  mail  is
           returned with an error message, the victim of an aliasing loop.

       -L tag

           Sets the identifier used in syslog messages to the supplied tag.


           Sets macro x to the specified value.


           Does not do aliasing.

       -N notifications

           Tags  all  addresses  being sent as wanting the indicated notifica-
           tions, which consists of the word "NEVER" or a comma-separated list
           of "SUCCESS", "FAILURE", and "DELAY" for successful delivery, fail-
           ure and a message that is stuck in a queue somewhere.  The  default
           is "FAILURE,DELAY".


           Sets  option  x  to  the  specified  value.  Processing Options are
           described below.


           Sets option to the specified value (for long from names).  Process-
           ing Options are described below.

       -p protocol

           Sets the sending protocol. The protocol field can be in form proto-
           col:host to set both the sending protocol and the sending host. For
           example:  -pUUCP:uunet  sets  the  sending protocol to UUCP and the
           sending host to uunet. Some existing programs use -oM to set the  r
           and s macros; this is equivalent to using -p.


           Processes  saved  messages in the queue at given intervals. If time
           is omitted, processes the queue once. time is  given  as  a  tagged
           number,  where  s  is seconds, m is minutes, h is hours, d is days,
           and w is weeks. For example, -q1h30m or -q90m would  both  set  the
           timeout to one hour thirty minutes.

           By  default,  sendmail  runs  in the background. This option can be
           used safely with -bd.


           Similar to -q[time], except that instead of periodically forking  a
           child  to  process  the  queue,  sendmail forks a single persistent
           child for each queue that alternates between processing  the  queue
           and  sleeping.  The sleep time (time) is specified as the argument;
           it defaults to 1 second. The process always sleeps at least 5  sec-
           onds if the queue was empty in the previous queue run.


           Processes  saved  messages  in the queue once and does not fork(2),
           but runs in the foreground.

       -qG name

           Processes jobs in queue group called name only.

       -q[!]I substr

           Limits processed jobs to those containing substr as a substring  of
           the queue ID or not when ! is specified.

       -q[!]Q substr

           Limits  processed  jobs to those quarantined jobs containing substr
           as a substring of the quarantine reason or not when ! is specified.

       -q[!]R substr

           Limits processed jobs to those containing substr as a substring  of
           one of the recipients or not when ! is specified.

       -q[!]S substr

           Limits  processed jobs to those containing substr as a substring of
           the sender or not when ! is specified.


           Quarantines a normal queue item with the given reason or  unquaran-
           tines  a  quarantined queue item if no reason is given. This should
           only be used with some sort of item matching as described above.

       -r name

           An alternate and obsolete form of the -f flag.

       -R ret

           Identifies  the  information  you  want  returned  if  the  message
           bounces.  ret can be HDRS for headers only or FULL for headers plus


           Reads message for recipients. To:,Cc:, and Bcc: lines  are  scanned
           for  people  to  send to. The Bcc: line is deleted before transmis-
           sion. Any addresses in the argument list is suppressed.  The  NoRe-
           cipientAction  Processing Option can be used to change the behavior
           when no legal recipients are included in the message.


           Goes into verbose mode. Alias  expansions  are  announced,  and  so

       -V envid

           The  indicated envid is passed with the envelope of the message and
           returned if the message bounces.

       -X logfile

           Logs all traffic in and out of sendmail in  the  indicated  logfile
           for  debugging  mailer  problems.  This produces a lot of data very
           quickly and should be used sparingly.

   Processing Options
       There are a number of "random" options that can be set from a  configu-
       ration file. Options are represented by a single character or by multi-
       ple character names. The syntax for the single character names of is:


       This sets option x to be value. Depending on the option, value may be a
       string,  an  integer,  a  boolean (with legal values t, T, f, or F; the
       default is TRUE), or a time interval.

       The multiple character or long names use this syntax:

         O Longname=argument

       This sets the option Longname to be argument. The long names are  bene-
       ficial  because  they are easier to interpret than the single character

       Not all processing options have single character names associated  with
       them. In the list below, the multiple character name is presented first
       followed by the single character syntax enclosed in parentheses.

       AliasFile (Afile)

           Specifies possible alias files.

       AliasWait (a N)

           If set, waits up to N minutes for an "@:@" entry to  exist  in  the
           aliases(5)  database before starting up. If it does not appear in N
           minutes, issues a warning. Defaults to 10 minutes.


           Allows a HELO SMTP command that does not include a  host  name.  By
           default this option is disabled.


           If set and more than the specified number of recipients in a single
           SMTP envelope are  rejected,  sleeps  for  one  second  after  each
           rejected RCPT command.

       BlankSub (Bc)

           Sets  the  blank  substitution  character  to c. Unquoted spaces in
           addresses are replaced by this character. Defaults to  SPACE  (that
           is, no change is made).


           File containing one CA cert.


           Path to directory with certs of CAs.


           Specify the fingerprint algorithm (digest) to use for the presented
           cert. If the  option  is  not  set,  md5  is  used  and  the  macro
           ${cert_md5} contains the cert fingerprint. If the option is explic-
           itly set, the specified algorithm (example: sha1) is used  and  the
           macro ${cert_fp} contains the cert fingerprint.

       CheckAliases (n)

           Validates  the  RHS of aliases when rebuilding the aliases(5) data-

       CheckpointInterval (CN)

           Checkpoints the queue every N (default 10) addresses sent. If  your
           system  crashes  during  delivery  to  a  large list, this prevents
           retransmission to any but the last N recipients.


           Specify cipher list for STARTTLS.

       ClassFactor (zfact)

           The indicated factor  fact  is  multiplied  by  the  message  class
           (determined  by  the Precedence: field in the user header and the P
           lines in the configuration file) and subtracted from the  priority.
           Thus,  messages  with  a  higher Priority: are favored. Defaults to


           File containing the cert of the client, that is, this cert is  used
           when sendmail acts as client.


           File containing the private key belonging to the client cert.


           Sets  client  SMTP  options. The options are key=value pairs. Known
           keys are:

           Addr Address Mask

               Address Mask defaults to INADDR_ANY. The address mask can be  a
               numeric address in dot notation or a network name.


               Address family (defaults to INET).


               Size of listen queue (defaults to 10).


               Name/number of listening port (defaults to smtp).


               The size of the TCP/IP receive buffer.


               The size of the TCP/IP send buffer.


               Options (flags) for the daemon. Can be:


                   Uses name of interface for HELO command.

               If  h  is set, the name corresponding to the outgoing interface
               address (whether chosen by means of the Connection parameter or
               the default) is used for the HELO/EHLO command.


           A  space separated list of SSL related options for client side. The
           values depend on the OpenSSL version against which sendmail is com-
           piled.  By  default, SSL_OP_ALL, SSL_OP_NO_SSLv2, SSL_OP_NO_TICKET,
           and -SSL_OP_TLSEXT_PADDING are used,  provided  these  options  are
           available.  Options  can  be cleared by preceding them with a minus
           (-) sign. It is also possible  to  specify  numerical  values,  for
           example, -0x0010.


           If  set, colons are treated as a regular character in addresses. If
           not set, they are treated as the introducer to the RFC 822  "group"
           syntax.  This  option  is  on for version 5 and lower configuration

       ConnectionCacheSize (kN)

           The maximum number of open connections that are to be cached  at  a
           time.  The default is 1. This delays closing the current connection
           until either this  invocation  of  sendmail  needs  to  connect  to
           another  host or it terminates. Setting it to 0 defaults to the old
           behavior, that is, connections are closed immediately.

       ConnectionCacheTimeout (Ktimeout)

           The maximum amount of time a cached connection is permitted to idle
           without activity. If this time is exceeded, the connection is imme-
           diately closed. This value should be small (on  the  order  of  ten
           minutes). Before sendmail uses a cached connection, it always sends
           a NOOP (no operation) command to check the connection. If the  NOOP
           command  fails, it reopens the connection. This keeps your end from
           failing if the other end times out. The point of this option is  to
           be  a  good network neighbor and avoid using up excessive resources
           on the other end. The default is five minutes.


           The maximum number of connections permitted per second. After  this
           many  connections are accepted, further connections are delayed. If
           not set or <= 0, there is no limit.


           Define the length of the interval for which the number of  incoming
           connections is maintained. The default is 60 seconds.


           Name  of  the control socket for daemon management. A running send-
           mail daemon can be controlled  through  this  Unix  domain  socket.
           Available  commands  are:  help, restart, shutdown, and status. The
           status command returns the current number of daemon  children,  the
           free  disk  space  (in blocks) of the queue directory, and the load
           average of the machine expressed as an integer. If not set, no con-
           trol  socket  is  available.  For  the  sake of security, this Unix
           domain socket must be in a directory which is  accessible  only  by
           root;  /var/spool/mqueue/.smcontrol  is  recommended for the socket


           File containing certificate revocation status, useful  for  X.509v3

       DaemonPortOptions (Ooptions)

           Sets  server  SMTP  options. The options are key=value pairs. Known
           keys are:


               User-definable name for the  daemon  (defaults  to  "Daemon#").
               Used for error messages and logging.


               Address mask (defaults INADDR_ANY).

               The  address mask may be a numeric address in dot notation or a
               network name.


               Address family (defaults to INET).


               List of input mail filters for the daemon.


               Size of listen queue (defaults to 10).


               Options (flags) for the daemon; can be a sequence (without  any
               delimiters) of:


                   Requires authentication.


                   Binds to interface through which mail has been received.


                   Performs hostname canonification (.cf).


                   Requires fully qualified hostname (.cf).


                   Uses name of interface for HELO command.


                   Allows unqualified addresses (.cf).


                   Does not perform hostname canonification.


                   Disallows ETRN (see RFC 2476).


               User-definable  name for the daemon (defaults to Daemon#). Used
               for error messages and logging.


               Name/number of listening port (defaults to smtp).


               The size of the TCP/IP receive buffer.


               The size of the TCP/IP send buffer.


               Maximum number of children per daemon. See MaxDaemonChildren.


               Delivery mode per daemon. See DeliveryMode.


               RefuseLA per daemon.


               DelayLA per daemon.


               QueueLA per daemon.

           sendmail listens on a new socket for each occurrence of the Daemon-
           PortOptions option in a configuration file.


           Sets the threshold, in bytes, before a memory-bases queue data file
           becomes disk-based. The default is 4096 bytes.


           Defines the location of the system-wide dead.letter file,  formerly
           hard-coded  to /var/tmp/dead.letter. If this option is not set (the
           default), sendmail does  not  attempt  to  save  to  a  system-wide
           dead.letter file in the event it cannot bounce the mail to the user
           or postmaster. Instead, it renames the qf file as  it  has  in  the
           past when the dead.letter file could not be opened.


           Sets  the  default character set to use when converting unlabeled 8
           bit input to MIME.

       DefaultUser (ggid) or (uuid)

           Sets the default group ID for mailers to run in to gid or  set  the
           default  userid  for  mailers  to uid. Defaults to 1. The value can
           also be given as a symbolic group or user name.


           When the system load average exceeds LA, sendmail  sleeps  for  one
           second on most SMTP commands and before accepting connections.


           Sets minimum time for Deliver By SMTP Service Extension (RFC 2852).
           If 0, no time is listed, if less  than  0,  the  extension  is  not
           offered,  if  greater  than 0, it is listed as minimum time for the
           EHLO keyword DELIVERBY.

       DeliveryMode (dx)

           Delivers in mode x. Legal modes are:


               Delivers interactively (synchronously).


               Delivers in background (asynchronously).


               Deferred mode. Database lookups are deferred until  the  actual
               queue run.


               Just queues the message (delivers during queue run).

           Defaults  to  b if no option is specified, i if it is specified but
           given no argument (that is, Od is equivalent to Odi).


           File containing the DH parameters.


           If a connection fails, waits this many  seconds  and  tries  again.
           Zero means "do not retry".


           If  set,  overrides the file safety checks. This compromises system
           security   and   should   not   be   used.   See   http://www.send-
           mail.org/tips/dontBlameSendmail for more information.


           If  set,  $[ ... $] lookups that do DNS-based lookups do not expand
           CNAME records.


           If set, the initgroups(3C) routine is never  invoked.  If  you  set
           this,  agents  run  on  behalf  of  users  only  have their primary
           (/etc/passwd) group permissions.


           If set, sendmail does not insert the names  and  addresses  of  any
           local  interfaces into the $=w class. If set, you must also include
           support for these addresses, otherwise mail to  addresses  in  this
           list bounces with a configuration error.

       DontPruneRoutes (R)

           If  set,  does not prune route-addr syntax addresses to the minimum


           If an error occurs when sending an error message, sends that  "dou-
           ble bounce" error message to this address.

       EightBitMode (8)

           Uses 8-bit data handling. This option requires one of the following
           keys. The key can selected by using just the first  character,  but
           using the full word is better for clarity.


               Does any necessary conversion of 8BITMIME to 7-bit.


               Passes unlabeled 8-bit input through as is.


               Rejects unlabeled 8-bit input.

       ErrorHeader (Efile/message)

           Appends  error  messages  with  the indicated message. If it begins
           with a slash, it is assumed to be the pathname of a file containing
           a  message  (this  is  the recommended setting). Otherwise, it is a
           literal message. The error  file  might  contain  the  name,  email
           address,  and/or  phone number of a local postmaster who could pro-
           vide assistance to end users. If the option is missing or NULL,  or
           if  it  names a file which does not exist or which is not readable,
           no message is printed.

       ErrorMode (ex)

           Disposes of errors using mode x. The values for x are:


               Mails back errors and gives 0 exit status always.


               Mails back errors.


               Prints error messages (default).


               No messages, just gives exit status.


               Writes back errors (mail if user not logged in).

       FallbackMXhost (Vfallbackhost)

           If specified, the fallbackhost acts like a very low priority MX  on
           every  host. This is intended to be used by sites with poor network


           If specified, the fallBackSmartHost is used in a last-ditch  effort
           for  each  host.  This  is  intended to be used by sites with "fake
           internal DNS". That is, a company whose DNS accurately reflects the
           world inside that company's domain but not outside.


           If  set  to a value greater than zero (the default is one), it sup-
           presses the MX lookups on addresses when they are initially sorted,
           that  is,  for  the first delivery attempt. This usually results in
           faster envelope splitting unless the MX records are readily  avail-
           able  in  a local DNS cache. To enforce initial sorting based on MX
           records set FastSplit to zero. If the mail  is  submitted  directly
           from  the  command  line,  then the value also limits the number of
           processes to deliver the envelopes; if more envelopes  are  created
           they  are  only queued up and must be taken care of by a queue run.
           Since the default submission method is by way of SMTP (either  from
           a MUA or by way of the Message Submission Program [MSP]), the value
           of FastSplit is seldom used to limit the  number  of  processes  to
           deliver the envelopes.

       ForkEachJob (Y)

           If  set, delivers each job that is run from the queue in a separate
           process. Use this option if you are  short  of  memory,  since  the
           default  tends  to consume considerable amounts of memory while the
           queue is being processed.

       ForwardPath (Jpath)

           Sets the path for searching for users' .forward files. The  default
           is  $z/.forward.  Some sites that use the automounter may prefer to
           change this to /var/forward/$u to search a file with the same  name
           as the user in a system directory. It can also be set to a sequence
           of paths separated by colons; sendmail stops at the first  file  it
           can   successfully   and   safely   open.  For  example,  /var/for-
           ward/$u:$z/.forward searches first in  /var/forward/  username  and
           then  in  ~username/.forward  (but  only if the first file does not
           exist). Refer to the NOTES section for more information.


           Sets the name to be used for HELO/EHLO (instead of $j).

       HelpFile (Hfile)

           Specifies the help file for SMTP.

       HoldExpensive (c)

           If an outgoing mailer is marked as being expensive, does  not  con-
           nect immediately.


           Sets the file to use when doing "file" type access of host names.


           If  set,  host  status is kept on disk between sendmail runs in the
           named directory tree. If a full path is not used, then the path  is
           interpreted relative to the queue directory.

       IgnoreDots (i)

           Ignores  dots  in  incoming messages. This is always disabled (that
           is, dots are always accepted) when reading SMTP mail.

       LogLevel (Ln)

           Sets the default log level to n. Defaults to 9.


           Sets the macro x to value. This is intended only for use  from  the
           command line.


           Type of lookup to find information about local mail boxes, defaults
           to pw which uses getpwnam(3C). Other types  can  be  introduced  by
           adding them to the source code, see libsm/mbdb.c for details.

       MatchGECOS (G)

           Tries  to  match recipient names using the GECOS field. This allows
           for mail to be delivered using names defined in the GECOS field  in
           /etc/passwd as well as the login name.


           The  maximum number of children the daemon permits. After this num-
           ber, connections are rejected. If not  set  or  <=0,  there  is  no

       MaxHopCount (hN)

           The  maximum hop count. Messages that have been processed more than
           N times are assumed to be in a loop and are rejected.  Defaults  to


           The maximum size of messages that are accepted (in bytes).


           Sets  the  maximum  length of certain MIME header field values to M
           characters. For some of these headers which  take  parameters,  the
           maximum length of each parameter is set to N if specified. If /N is
           not specified, one half of M is used. By default, these values  are
           0, meaning no checks are done.


           Overrides the default of 20 for the number of useless commands.


           Don't process any queued jobs that have been in the queue less than
           the indicated time interval. This is intended to allow you  to  get
           responsiveness  by processing the queue fairly and frequently with-
           out thrashing your system by trying jobs  too  often.  The  default
           units are minutes.

           Note -

             This option is ignored for queue runs that select a subset of the
             queue, that is, -q[!][I|R|S|Q][string].


           When set, this limits the number of concurrent  queue  runner  pro-
           cesses  to  N. This helps to control the amount of system resources
           used when processing the  queue.  When  there  are  multiple  queue
           groups  defined  and  the  total  number of queue runners for these
           queue groups would exceed MaxQueueChildren then  the  queue  groups
           are  not  all  run concurrently. That is, some portion of the queue
           groups run  concurrently  such  that  MaxQueueChildren  is  not  be
           exceeded,  while the remaining queue groups are run later (in round
           robin order). See MaxRunnersPerQueue.


           If set, limits the maximum size of any given queue run to this num-
           ber  of  entries. This stops reading the queue directory after this
           number of entries is reached; job priority is not used. If not set,
           there is no limit.


           This  sets  the  default  maximum number of queue runners for queue
           groups. Up to N queue runners work in parallel on a  queue  group's
           messages.  This  is useful where the processing of a message in the
           queue might delay the processing of  subsequent  messages.  Such  a
           delay  can  be the result of non-erroneous situations such as a low
           bandwidth connection. The can be overridden on a  per  queue  group
           basis by setting the Runners option. The default is 1 when not set.

       MeToo (m)

           Sends to me too, even if I am in an alias expansion.


           If  set,  allows no more than the specified number of recipients in
           an SMTP envelope. Further recipients receive a 452 error  code  and
           are deferred for the next delivery attempt.

       MinFreeBlocks (bN/M)

           Insists on at least N blocks free on the file system that holds the
           queue files before accepting email by way  of  SMTP.  If  there  is
           insufficient  space, sendmail gives a 452 response to the MAIL com-
           mand. This invites the sender to try again later. The optional M is
           a maximum message size advertised in the ESMTP EHLO response. It is
           currently otherwise unused.


           Specifies the amount of time a job must sit in  the  queue  between
           queue  runs.  This allows you to set the queue run interval low for
           better responsiveness without trying all  jobs  in  each  run.  The
           default value is 0.


           Specifies  the  characters  to  be  quoted  in  a full name phrase.
           &,;:\()[] are quoted automatically.


           Specifies the priority of queue runners. See nice(1).


           Sets action if there are no legal recipient files in  the  message.
           The legal values are:


               Adds  an  Apparently-to:  header  with all the known recipients
               (which may expose blind recipients).


               Adds an empty Bcc: header.


               Adds a To: header with all  the  known  recipients  (which  may
               expose blind recipients).


               Adds a To: undisclosed-recipients: header.


               Does nothing, that is, leaves the message as it is.

       OldStyleHeaders (o)

           Assumes  that  the  headers  may  be in old format, that is, spaces
           delimit names. This actually turns on an adaptive algorithm: if any
           recipient  address contains a comma, parenthesis, or angle bracket,
           it is assumed that commas already exist. If this flag  is  not  on,
           only  commas  delimit  names. Headers are always output with commas
           between the names.

       OperatorChars or $o

           Defines the list of characters that can be  used  to  separate  the
           components of an address into tokens.


           Specifies   the   filename   of   the  pid  file.  The  default  is
           /var/run/sendmail.pid. The filename is macro-expanded before it  is
           opened, and unlinked when sendmail exits.

       PostmasterCopy (Ppostmaster)

           If  set, copies of error messages are sent to the named postmaster.
           Only the header of the failed message is sent.  Since  most  errors
           are user problems, this is probably not a good idea on large sites,
           and arguably contains all sorts of privacy violations, but it seems
           to be popular with certain operating systems vendors.

       PrivacyOptions (popt,opt,...)

           Sets  privacy  options. Privacy is really a misnomer; many of these
           options are just a way of insisting on stricter  adherence  to  the
           SMTP protocol.

           The  goaway pseudo-flag sets all flags except noreceipts, restrict-
           mailq, restrictqrun, restrictexpand, noetrn, and  nobodyreturn.  If
           mailq  is  restricted,  only  people in the same group as the queue
           directory can print the queue. If queue runs are  restricted,  only
           root  and  the  owner of the queue directory can run the queue. The
           restrict-expand pseudo-flag instructs sendmail to  drop  privileges
           when  the -bv option is given by users who are neither root nor the
           TrustedUser so users cannot  read  private  aliases,  forwards,  or
           :include:  files.  It  adds  the NonRootSafeAddr to the "DontBlame-
           Sendmail" option to prevent misleading unsafe address warnings.  It
           also  overrides  the  -v  (verbose)  command line option to prevent
           information leakage. Authentication  Warnings  add  warnings  about
           various conditions that may indicate attempts to fool the mail sys-
           tem, such as using an non-standard queue directory.

           The options can be selected from:


               Puts X-Authentication-Warning: headers in messages.


               Disallows essentially all SMTP status queries.


               Insists on HELO or EHLO command before EXPN.


               Insists on HELO or EHLO command before MAIL.


               Insists on HELO or EHLO command before VRFY.


               Do not put an X-Actual-Recipient line in a DNS that reveals the
               actual account to which an address is mapped.


               Disallows ETRN entirely.


               Disallows EXPN entirely.


               Prevents return receipts.


               Does not return the body of a message with DSNs.


               Disallows VRFY entirely.


               Allows open access.


               Restricts -bv and -v command line flags.


               Restricts mailq command.


               Restricts -q command line flag.

       ProcessTitlePrefix string

           Prefixes  the  process  title shown on "/usr/bin/ps auxww" listings
           with string. The string is macro processed.

       QueueDirectory (Qdir)

           Uses the named dir as the queue directory.

       QueueFactor (qfactor)

           Uses factor as the multiplier in the map function to decide when to
           just  queue  up jobs rather than run them. This value is divided by
           the difference between the current load average and the load  aver-
           age  limit (x flag) to determine the maximum message priority to be
           sent. Defaults to 600000.


           Defaults permissions for queue files (octal). If not set,  sendmail
           uses  0600 unless its real and effective uid are different in which
           case it uses 0644.

       QueueLA (xLA)

           When the system load average exceeds LA, just queues messages (that
           is,  does not try to send them). Defaults to eight times the number
           of processors online when sendmail starts.


           Sets the algorithm used for sorting the queue. Only the first char-
           acter  of the value is used. Legal values are host (to order by the
           name of the first host name of the first recipient),  filename  (to
           order  by  the  name of the queue file name), time (to order by the
           submission/creation time), random (to order randomly), modification
           (to  order  by  the modification time of the qf file (older entries
           first)), none (to not order), and priority  (to  order  by  message
           priority).  Host ordering makes better use of the connection cache,
           but may tend to process low priority messages that go to  a  single
           host over high priority messages that go to several hosts; it prob-
           ably shouldn't be used on slow network links. Filename and  modifi-
           cation  time  ordering  saves  the  overhead  of reading all of the
           queued items before starting the queue run.  Creation  (submission)
           time  ordering  is almost always a bad idea, since it allows large,
           bulk mail to go out before smaller, personal  mail,  but  may  have
           applicability  on  some hosts with very fast connections. Random is
           useful if several queue runners are started by hand  which  try  to
           drain  the  same queue since odds are they are working on different
           parts of the queue at the  same  time.  Priority  ordering  is  the

       QueueTimeout (Trtime/wtime)

           Sets the queue timeout to rtime. After this interval, messages that
           have not  been  successfully  sent  are  returned  to  the  sender.
           Defaults  to  five  days (5d). The optional wtime is the time after
           which a warning message is sent. If it is missing  or  0,  then  no
           warning messages are sent.


           File  containing  random data (use prefix file:) or the name of the
           UNIX socket if EGD is used (use prefix  egd:).  Note  that  Solaris
           supports random(4D), so this does not need to be specified.

       RecipientFactor (yfact)

           The  indicated  factor fact is added to the priority (thus lowering
           the priority of the job) for each recipient, that  is,  this  value
           penalizes jobs with large numbers of recipients. Defaults to 30000.

       RefuseLA (XLA)

           When the system load average exceeds LA, refuses incoming SMTP con-
           nections. Defaults to 12 times the number of processors online when
           sendmail starts.


           Log interval when refusing connections for this long (default: 3h).

       ResolverOptions (I)

           Tunes DNS lookups.

       RetryFactor (Zfact)

           The indicated factor fact is added to the priority every time a job
           is processed. Thus, each time a job is processed, its  priority  is
           decreased  by the indicated value. In most environments this should
           be positive, since hosts that are down are all too often down for a
           long time. Defaults to 90000.


           If  this  option  is  set,  a  Return-Receipt-To: header causes the
           request of a DSN, which is sent to the envelope sender as  required
           by RFC 1891, not to the address given in the header.


           If  set,  becomes  this  user  when  reading  and  delivering mail.
           Intended for use of firewalls where users do not have accounts.


           If set, sendmail does a chroot into this directory  before  writing

       SaveFromLine (f)

           Saves  Unix-style From lines at the front of headers. Normally they
           are assumed redundant and discarded.

       SendMimeErrors (j)

           If set, sends error messages in MIME format (see RFC 2045  and  RFC
           1344  for  details).  If disabled, sendmail does not return the DSN
           keyword in response to an EHLO and  does  not  do  Delivery  Status
           Notification processing as described in RFC 1891.


           File  containing the cert of the server, that is, this cert is used
           when sendmail acts as server.


           File containing the private key belonging to the server cert.


           A space separated list of SSL related options for server side.  The
           available  values depend on the OpenSSL version against which send-
           mail is compiled. By default, SSL_OP_ALL and -SSL_OP_TLSEXT_PADDING
           are  used,  provided  these  options  are available. Options can be
           cleared by preceding them with a minus (-) sign. It is also  possi-
           ble to specify numerical values, for example -0x0010.


           Defines  the  path  to  the service-switch file. Since the service-
           switch file is defined in the Solaris  operating  environment  this
           option is ignored.

       SevenBitInput (7)

           Strips input to seven bits for compatibility with old systems. This
           should not be necessary.


           Specifies key to use for shared memory segment. If not set (or  0),
           shared  memory  is not be used. If this option is set, sendmail can
           share some data between different instances. For example, the  num-
           ber  of  entries  in  a queue directory or the available space in a
           file system. This allows  for  more  efficient  program  execution,
           since  only  one  process  needs to update the data instead of each
           individual process gathering the data each time it is required.


           If SharedMemoryKeyFile is set to  -1,  the  automatically  selected
           shared memory key will be stored in the specified file.


           If  set, From: lines that have embedded newlines are unwrapped onto
           one line.


           If this option and the HostStatusDirectory  option  are  both  set,
           uses single thread deliveries to other hosts.

       SmtpGreetingMessage or $e

           Specifies the initial SMTP greeting message.


           If  set,  issue  temporary errors (4xy) instead of permanent errors
           (5xy). This can be useful during testing of a new configuration  to
           avoid erroneous bouncing of mail.

       StatusFile (Sfile)

           Logs   statistics   in   the   named  file.  By  default,  this  is
           /etc/mail/sendmail.st. As root, you  must  touch(1)  this  file  to
           enable mailstats(1).

       SuperSafe (s)

           This  option can be set to True, False, Interactive, or PostMilter.
           If set to True, sendmail is set to super-safe when running  things,
           that  is,  always instantiate the queue file, even if you are going
           to attempt immediate delivery.  sendmail  always  instantiates  the
           queue file before returning control to the client under any circum-
           stances. This should really always be set to True. The  Interactive
           value  has  been  introduced  in 8.12 and can be used together with
           DeliveryMode=i. It  skips  some  synchronization  calls  which  are
           effectively  doubled  in  the code execution path for this mode. If
           set to PostMilter, sendmail defers  synchronizing  the  queue  file
           until any milters have signaled acceptance of the message. PostMil-
           ter is useful only when sendmail is running as an SMTP  server;  in
           all other situations it acts the same as True.

       TempFileMode (Fmode)

           Specifies the file mode for queue files.

       Timeout (rtimeouts)

           Timeout  reads after time interval. The timeouts argument is a list
           of keyword=value pairs. All but command apply to client  SMTP.  For
           backward  compatibility, a timeout with no keyword= part is set all
           of the longer values. The recognized  timeouts  and  their  default
           values,  and  their  minimum  values  specified in RFC 1123 section
           5.3.2 are:


               all connections for a single delivery attempt [0, unspecified]


               command read [1h, 5m]


               initial connect [0, unspecified]


               complete control socket transaction [2m, none]


               data block read [1h, 3m]


               reply to final . in data [1h, 10m]


               reply to DATA command [5m, 2m]


               file open [60sec, none]


               reply to HELO or EHLO command [5m, none]


               host retry [30m, unspecified]


               first attempt to connect to a host [0, unspecified]


               IDENT protocol timeout [5s, none]


               wait for initial greeting message [5m, 5m]


               wait for reply to an LMTP LHLO command [2m, unspecified]


               reply to MAIL command [10m, 5m]


               reply to NOOP and VERB commands [2m, none]


               undeliverable message returned [5d]


               deferred warning [4h]


               reply to QUIT command [2m, none]


               reply to RCPT command [1h, 5m]


               Resolver's retransmission time interval (in seconds)  [varies].
               Sets     both    Timeout.resolver.retrans.first    and    Time-


               Resolver's retransmission time interval (in  seconds)  for  the
               first attempt to deliver a message [varies].


               Resolver's  retransmission  time  interval (in seconds) for all
               look-ups except the first delivery attempt [varies].


               Number of times to retransmit a resolver query  [varies].  Sets
               both        Timeout.resolver.retry.first        and       Time-


               Number of times to retransmit a resolver query  for  the  first
               attempt to deliver a message [varies].


               Number of times to retransmit a resolver query for all look-ups
               except the first delivery attempt [varies].


               reply to RSET command [5m, none]


               response to an SMTP STARTTLS command [1h]

       TimeZoneSpec (ttzinfo)

           Sets the local time zone info to tzinfo,  for  example,  "PST8PDT".
           Actually,  if  this  is  not  set,  the  TZ environment variable is
           cleared (so the system default is  used);  if  set  but  null,  the
           user's  TZ  variable is used, and if set and non-null, the TZ vari-
           able is set to this value.


           If this  option  is  'V',  then  no  client  verification  is  per-
           formed,that is, the server does not ask for a certificate.


           The user parameter can be a user name (looked up in the passwd map)
           or a numeric user id. Trusted user for file ownership and  starting
           the  daemon.  If  set,  generated  alias  databases and the control
           socket (if configured) are automatically owned by this user.

       TryNullMXList (w)

           If you are the "best" (that is, lowest preference) MX for  a  given
           host, you should normally detect this situation and treat that con-
           dition specially, by forwarding the mail to a UUCP  feed,  treating
           it  as local, or whatever. However, in some cases (such as Internet
           firewalls) you may want to try to connect directly to that host  as
           though  it  had  no  MX  records at all. Setting this option causes
           sendmail to try this. The downside is that errors in your  configu-
           ration  are  likely  to  be diagnosed as "host unknown" or "message
           timed out" instead of something more  meaningful.  This  option  is

       UnixFromLine or $l

           The "From " line used when sending to files or programs.


           If  set, group-writable :include: and .forward files are considered
           "unsafe", that is, programs and files cannot be directly referenced
           from such files.


           If  set, the compressed format of IPv6 addresses, such as IPV6:::1,
           will  be  used,  instead  of  the  uncompressed  format,  such   as

       UseErrorsTo (l)

           If  there  is  an  Errors-To:  header,  sends error messages to the
           addresses listed there. They normally go to  the  envelope  sender.
           Use of this option causes sendmail to violate RFC 1123. This option
           is not recommended and deprecated.


           Uses as mail submission program, that  is,  allows  group  writable
           queue  files  if  the  group  is the same as that of a set-group-id
           sendmail binary.

       UserDatabaseSpec (U)

           Defines the name and location of the file containing User  Database

       Verbose (v)

           Runs  in verbose mode. If this is set, sendmail adjusts the HoldEx-
           pensive and DeliveryMode options so that all mail is delivered com-
           pletely  in  a  single  job so that you can see the entire delivery
           process. The Verbose option should never be set in  the  configura-
           tion file; it is intended for command line use only.


           Sets  the  threshold,  in  bytes, before a memory-bases queue tran-
           script file becomes disk-based. The default is 4096 bytes.

       If the first character of the user name is a vertical bar, the rest  of
       the  user name is used as the name of a program to pipe the mail to. It
       may be necessary to quote the name of the user to  keep  sendmail  from
       suppressing the blanks from between arguments.

       If invoked as newaliases, sendmail rebuilds the alias database, so long
       as the /etc/mail/aliases* files are owned by root and root  has  exclu-
       sive  write  permission.  If invoked as mailq, sendmail prints the con-
       tents of the mail queue.


           address of an intended recipient of the message being sent.

       sendmail returns an exit status describing what it did. The  codes  are
       defined in /usr/include/sysexits.h.


           Successful completion on all addresses.


           User name not recognized.


           Catchall. Necessary resources were not available.


           Syntax error in address.


           Internal software error, including bad arguments.


           Temporary operating system error, such as "cannot fork".


           Host name not recognized.


           Message could not be sent immediately, but was queued.

       No environment variables are used. However, sendmail's start-up script,
       invoked by svcadm(8), reads /etc/default/sendmail. In this file, if the
       variable  ETRN_HOSTS  is  set, the start-up script parses this variable
       and invokes etrn(8) appropriately. ETRN_HOSTS should be of the form:

         "s1:c1.1,c1.2        s2:c2.1 s3:c3.1,c3.2,c3.3"

       That is, white-space separated groups of server:client where client can
       be  one  or  more  comma-separated names. The :client part is optional.
       server is the name of the server to prod; a mail queue run is requested
       for each client name. This is comparable to running:

         /usr/lib/sendmail -qR client

       on the host server.


           Unmailable text


           Contains default settings. You can override some of the settings by
           command line options.


           Mail aliases file (ASCII)


           Database of mail aliases (binary)


           Database of mail aliases (binary)


           Database of mail aliases (binary)


           Defines environment for sendmail


           Defines environment for MSP


           Lists users that are "trusted", that is, able to set their envelope
           from  address  using  -f without generating a warning message. Note
           that this file is consulted by the default sendmail.cf, but not  by
           the   default   submit.cf,   in   which   the   line  referring  to
           /etc/mail/trusted-users  is  commented  out.  See  sendmail(5)  for
           instructions on making changes to submit.cf and sendmail.cf.


           Temporary files and queued mail


           Temporary files and queued mail


           List of recipients for forwarding messages


           Describes the steps needed to compile and run a filter

       See attributes(7) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE         |       ATTRIBUTE VALUE        |
       |Availability                 |service/network/smtp/sendmail |

       mail(1),  mailq(1),  mailx(1), nice(1), svcs(1), fork(2), getpwnam(3C),
       getusershell(3C), resolver(3RESOLV), random(4D), aliases(5),  hosts(5),
       sendmail(5),   shells(5),   attributes(7),  smf(7),  check-hostname(8),
       check-permissions(8), etrn(8), newaliases(8), svcadm(8), svccfg(8)

       hosts_access(5), tcpd(8) in the security/tcp-wrapper package.

       RFC 2821 Simple Mail Transfer Protocol, John Klensin, April 2001.

       RFC 2822 Internet Message Format, Pete Resnick, April 2001.

       sendmail, Third Edition, Bryan Costales with Eric  Allman,  O'Reilly  &
       Associates, Inc., 2003.



       The  sendmail  program requires a fully qualified host name when start-
       ing. A script has been included to help verify  if  the  host  name  is
       defined properly (see check-hostname(8)).

       The  permissions  and  the  ownership  of several directories have been
       changed in  order  to  increase  security.  In  particular,  access  to
       /etc/mail and /var/spool/mqueue has been restricted.

       Security  restrictions  have  been placed users using .forward files to
       pipe mail to a program or redirect mail to a file.  The  default  shell
       (as   listed   in  /etc/passwd)  of  these  users  must  be  listed  in
       /etc/shells. This restriction does not affect mail that is being  redi-
       rected to another alias.

       Additional  restrictions  have  been  put  in  place  on  .forward  and
       :include: files. These files and the directory structure that they  are
       placed in cannot be group- or world-writable. See check-permissions(8).

       If  you  have  interfaces that map to domains that have MX records that
       point to non-local destinations, you might need  to  enable  the  Dont-
       ProbeInterfaces option to enable delivery to those destinations. In its
       default startup behavior, sendmail probes each interface  and  adds  an
       interface's  IP  addresses, as well as any domains that those addresses
       map to, to its list of domains that are considered local.  For  domains
       thus  added, being on the list of local domains is equivalent to having
       a 0-preference MX record, with localhost as the MX value.  If  this  is
       not the result you want, enable DontProbeInterfaces.

Solaris 11.4                      22 Dec 2020                      sendmail(8)