I am self-sponsoring this fast-track, which expires on 2008-Jan-25.
The requested binding is Patch, the three new service properties will
be Committed and the exposure is Open.
* Problem
The class-action-script used for sendmail's various .cf files is
renameold which as one might imagine renames the old file and puts
the new file in place. This is because sendmail, strange beast
that it is, has (especially in the more distant past when this
decision was made) had security fixes part of whose implementation
was in the configuration files instead of or in addition to the
code compiled into the binary.
This has caused much confusion over the years, with customized
configuration files being moved out of the way and system administrators
having to investigate why mail is bouncing, only to discover that it
was a Sun-supplied patch that caused their problem.
* Solution
Have sendmail build configuration files automatically on service start
if the appropriate service properties are set. These properties are
not set by default. Diff'd versions of sendmail(1m) and sendmail(4)
are both attached, but as the meat of the change is explained in one
new section of sendmail(4), that section is repeated in-line below.
* Details
Following is the new section from sendmail(4):
Automated Rebuilding of Configuration Files
Setting values for the following properties for the service
instance svc:/network/smtp:sendmail will result in automated
(re)building of configuration files:
path_to_local_mc
path_to_sendmail_mc
path_to_submit_mc
The values for these properties should be strings that
represent the path name of the .mc files referred to in
steps 2 and 3 of both procedures above. Recommended values
are:
/etc/mail/cf/cf/local-${HOSTNAME}.mc
/etc/mail/cf/cf/${HOSTNAME}.mc
/etc/mail/cf/cf/submit-${HOSTNAME}.mc
where ${HOSTNAME} is per hostname(1) (or any other helpful
identifying string).
Each property, if set, will result in the corresponding .mc
file being used to (re)build the matching .cf file when the
service is started. Note that one should generally set the
first and third or the second and third depending on the
value of local_only as explained above in the "Enabling
Access to Remote Clients" section.
These properties will persist across upgrades and patches.
So to prevent a patch or upgrade from clobbering your .cf
file, or renaming it to .cf.old, you can set the desired
properties instead.
-- John
-------------- next part --------------
--- sendmail.1m.old Thu Jan 17 10:10:10 2008
+++ sendmail.1m.new Thu Jan 17 11:22:33 2008
@@ -1,1852 +1,1860 @@
System Administration Commands sendmail(1M)
NAME
sendmail - send mail over the internet
SYNOPSIS
/usr/lib/sendmail [-Ac] [-Am] [-ba] [-bD] [-bd] [-bi] [-bm]
[-bp] [-bP] [-bs] [-bt] [-bv] [-B type] [-C file]
[-D logfile] [-d X] [-F fullname] [-f name] [-G]
[-h N] [-L tag] [-M xvalue] [-N notifications] [-n]
[-Ooption =value] [-o xvalue] [-p protocol]
[-Q [reason]] [-q [time]] [-q Xstring] [-R ret]
[-r name] [-t] [-V envid] [-v] [-X logfile]
[address]...
DESCRIPTION
The sendmail utility sends a message to one or more people,
routing the message over whatever networks are necessary.
sendmail does internetwork forwarding as necessary to
deliver the message to the correct place.
sendmail is not intended as a user interface routine. Other
programs provide user-friendly front ends. sendmail is used
only to deliver pre-formatted messages.
With no flags, sendmail reads its standard input up to an
EOF, or a line with a single dot, and sends a copy of the
letter found there to all of the addresses listed. It deter-
mines the network to use based on the syntax and contents of
the addresses.
Local addresses are looked up in the local aliases(4) file,
or in a name service as defined by the nsswitch.conf(4)
file, and aliased appropriately. In addition, if there is a
.forward file in a recipient's home directory, sendmail for-
wards a copy of each message to the list of recipients that
file contains. Refer to the NOTES section for more informa-
tion about .forward files. Aliasing can be prevented by
preceding the address with a backslash.
There are several conditions under which the expected
behavior is for the alias database to be either built or
rebuilt. This cannot occur under any circumstances unless
root owns and has exclusive write permission to the
/etc/mail/aliases* files.
If a message is found to be undeliverable, it is returned to
the sender with diagnostics that indicate the location and
nature of the failure; or, the message is placed in a
dead.letter file in the sender's home directory.
The sendmail service is managed by the service management
facility, smf(5), under the service identifier:
svc:/network/smtp:sendmail
Administrative actions on this service, such as enabling,
disabling, or requesting restart, can be performed using
svcadm(1M). The service's status can be queried using the
svcs(1) command.
Enabling Access to Remote Clients
On an unmodified system, access to sendmail by remote
clients is enabled and disabled through the service manage-
ment facility (see smf(5)). In particular, remote access is
determined by the value of the local_only SMF property:
svc:/network/smtp:sendmail/config/local_only = true
A setting of true, as above, disallows remote access; false
allows remote access. The default value is true.
The following example shows the sequence of SMF commands
used to enable sendmail to allow access to remote systems:
# svccfg -s svc:/network/smtp:sendmail setprop config/local_only = false
# svcadm restart svc:/network/smtp:sendmail
See svcadm(1M) and svccfg(1M).
Note, however, on a system where any of the sendmail(4)
files have been customized, setting this property might not
have the intended effect. See sendmail(4) for details.
+ Automated Rebuilding of Configuration Files
+
+ See sendmail(4) for details on which service properties can
+ be set to automate (re)building of configuration files when
+ the service is started.
+
Restricting Host Access
sendmail uses TCP Wrappers to restrict access to hosts. It
uses the service name of sendmail for hosts_access(). For
more information on TCP Wrappers, see tcpd(1M) and
hosts_access(4) in the SUNWtcpd package. tcpd(1M) and
hosts_access(4) are not part of the Solaris man pages.
Startup Options
The /etc/default/sendmail file stores startup options for
sendmail so that the options are not removed when a host is
- upgraded.
+ upgraded. See also sendmail(4) for details on which service
+ properties can be set to automate (re)building of configura-
+ tion files when the service is started.
You can use the following variables in the
/etc/default/sendmail startup file:
CLIENTOPTIONS=string
Selects additional options to be used with the client
daemon, which looks in the client-only queue
(/var/spool/clientmqueue) and acts as a client queue
runner. No syntax checking is done, so be careful when
making changes to this variable.
CLIENTQUEUEINTERVAL=#
Similar to the QUEUEINTERVAL option, CLIENTQUEUEINTERVAL
sets the time interval for mail queue runs. However, the
CLIENTQUEUEINTERVAL option controls the functions of the
client daemon, instead of the functions of the master
daemon. Typically, the master daemon is able to deliver
all messages to the SMTP port. However, if the message
load is too high or the master daemon is not running,
then messages go into the client-only queue,
/var/spool/clientmqueue. The client daemon, which
checks in the client-only queue, then acts as a client
queue processor.
ETRN_HOSTS=string
Enables an SMTP client and server to interact immedi-
ately without waiting for the queue run intervals, which
are periodic. The server can immediately deliver the
portion of its queue that goes to the specified hosts.
For more information, refer to the etrn(1M) man page.
MODE=-bd
Selects the mode to start sendmail with. Use the -bd
option or leave it undefined.
OPTIONS=string
Selects additional options to be used with the master
daemon. No syntax checking is done, so be careful when
making changes to this variable.
QUEUEINTERVAL=#
Sets the interval for mail queue runs on the master dae-
mon. # can be a positive integer that is followed by
either s for seconds, m for minutes, h for hours, d for
days, or w for weeks. The syntax is checked before send-
mail is started. If the interval is negative or if the
entry does not end with an appropriate letter, the
interval is ignored and sendmail starts with a queue
interval of 15 minutes.
QUEUEOPTIONS=p
Enables one persistent queue runner that sleeps between
queue run intervals, instead of a new queue runner for
each queue run interval. You can set this option to p,
which is the only setting available. Otherwise, this
option is not set.
Mail Filter API
sendmail supports a mail filter API called "milter". For
more information, see /usr/include/libmilter/README and
http://www.milter.org
OPTIONS
The following options are supported:
-Ac
Uses submit.cf even if the operation mode does not indi-
cate an initial mail submission.
-Am
Uses sendmail.cf even if the operation mode indicates an
initial mail submission.
-ba
Goes into ARPANET mode. All input lines must end with a
RETURN-LINEFEED, and all messages are generated with a
RETURN-LINEFEED at the end. Also, the From: and Sender:
fields are examined for the name of the sender.
-bd
Runs as a daemon in the background, waiting for incoming
SMTP connections.
-bD
Runs as a daemon in the foreground, waiting for incoming
SMTP connections.
-bi
Initializes the aliases(4) database. Root must own and
have exclusive write permission to the
/etc/mail/aliases* files for successful use of this
option.
-bm
Delivers mail in the usual way (default).
-bp
Prints a summary of the mail queues.
-bP
Prints the number of entries in the queues. This option
is only available with shared memory support.
-bs
Uses the SMTP protocol as described in RFC 2821. This
flag implies all the operations of the -ba flag that are
compatible with SMTP.
-bt
Runs in address test mode. This mode reads addresses and
shows the steps in parsing; it is used for debugging
configuration tables.
-bv
Verifies names only. Does not try to collect or deliver
a message. Verify mode is normally used for validating
users or mailing lists.
-B type
Indicates body type (7BIT or 8BITMIME).
-C file
Uses alternate configuration file.
-D logfile
Send debugging output to the indicated log file instead
of stdout.
-d X
Sets debugging value to X.
-f name
Sets the name of the "from" person (that is, the sender
of the mail).
-F fullname
Sets the full name of the sender.
-G
When accepting messages by way of the command line,
indicates that they are for relay (gateway) submission.
When this flag is set, sendmail might complain about
syntactically invalid messages, for example, unqualified
host names, rather than fixing them. sendmail does not
do any canonicalization in this mode.
-h N
Sets the hop count to N. The hop count is incremented
every time the mail is processed. When it reaches a
limit, the mail is returned with an error message, the
victim of an aliasing loop.
-L tag
Sets the identifier used in syslog messages to the sup-
plied tag.
-Mxvalue
Sets macro x to the specified value.
-n
Does not do aliasing.
-N notifications
Tags all addresses being sent as wanting the indicated
notifications, which consists of the word "NEVER" or a
comma-separated list of "SUCCESS", "FAILURE", and
"DELAY" for successful delivery, failure and a message
that is stuck in a queue somwhere. The default is
"FAILURE,DELAY".
-oxvalue
Sets option x to the specified value. Processing Options
are described below.
-Ooption=value
Sets option to the specified value (for long from
names). Processing Options are described below.
-p protocol
Sets the sending protocol. The protocol field can be in
form protocol:host to set both the sending protocol and
the sending host. For example: -pUUCP:uunet sets the
sending protocol to UUCP and the sending host to uunet.
Some existing programs use -oM to set the r and s mac-
ros; this is equivalent to using -p.
-q[time]
Processes saved messages in the queue at given inter-
vals. If time is omitted, processes the queue once. time
is given as a tagged number, where s is seconds, m is
minutes, h is hours, d is days, and w is weeks. For
example, -q1h30m or -q90m would both set the timeout to
one hour thirty minutes.
By default, sendmail runs in the background. This option
can be used safely with -bd.
-qp[time-]
Similar to -q[time], except that instead of periodically
forking a child to process the queue, sendmail forks a
single persistent child for each queue that alternates
between processing the queue and sleeping. The sleep
time (time) is specified as the argument; it defaults to
1 second. The process always sleeps at least 5 seconds
if the queue was empty in the previous queue run.
-qf
Processes saved messages in the queue once and does not
fork(2), but runs in the foreground.
-qG name
Processes jobs in queue group called name only.
-q[!]I substr
Limits processed jobs to those containing substr as a
substring of the queue ID or not when ! is specified.
-q[!]Q substr
Limits processed jobs to those quarantined jobs contain-
ing substr as a substring of the quarantine reason or
not when ! is specified.
-q[!]R substr
Limits processed jobs to those containing substr as a
substring of one of the recipients or not when ! is
specified.
-q[!]S substr
Limits processed jobs to those containing substr as a
substring of the sender or not when ! is specified.
-Q[reason]
Quarantines a normal queue item with the given reason or
unquarantines a quarantined queue item if no reason is
given. This should only be used with some sort of item
matching as described above.
-r name
An alternate and obsolete form of the -f flag.
-R ret
Identifies the information you want returned if the mes-
sage bounces. ret can be HDRS for headers only or FULL
for headers plus body.
-t
Reads message for recipients. To:,Cc:, and Bcc: lines
are scanned for people to send to. The Bcc: line is
deleted before transmission. Any addresses in the argu-
ment list is suppressed. The NoRecipientAction Process-
ing Option can be used to change the behavior when no
legal recipients are included in the message.
-v
Goes into verbose mode. Alias expansions are announced,
and so forth.
-V envid
The indicated envid is passed with the envelope of the
message and returned if the message bounces.
-X logfile
Logs all traffic in and out of sendmail in the indicated
logfile for debugging mailer problems. This produces a
lot of data very quickly and should be used sparingly.
Processing Options
There are a number of "random" options that can be set from
a configuration file. Options are represented by a single
character or by multiple character names. The syntax for the
single character names of is:
Oxvalue
This sets option x to be value. Depending on the option,
value may be a string, an integer, a boolean (with legal
values t, T, f, or F; the default is TRUE), or a time inter-
val.
The multiple character or long names use this syntax:
O Longname=argument
This sets the option Longname to be argument. The long names
are beneficial because they are easier to interpret than the
single character names.
Not all processing options have single character names asso-
ciated with them. In the list below, the multiple character
name is presented first followed by the single character
syntax enclosed in parentheses.
AliasFile (Afile)
Specifies possible alias files.
AliasWait (a N)
If set, waits up to N minutes for an "@:@" entry to
exist in the aliases(4) database before starting up. If
it does not appear in N minutes, issues a warning.
Defaults to 10 minutes.
AllowBogusHELO
Allows a HELO SMTP command that does not include a host
name. By default this option is disabled.
BadRcptThrottle=N
If set and more than the specified number of recipients
in a single SMTP envelope are rejected, sleeps for one
second after each rejected RCPT command.
BlankSub (Bc)
Sets the blank substitution character to c. Unquoted
spaces in addresses are replaced by this character.
Defaults to SPACE (that is, no change is made).
CACertFile
File containing one CA cert.
CACertPath
Path to directory with certs of CAs.
CheckAliases (n)
Validates the RHS of aliases when rebuilding the
aliases(4) database.
CheckpointInterval (CN)
Checkpoints the queue every N (default 10) addresses
sent. If your system crashes during delivery to a large
list, this prevents retransmission to any but the last N
recipients.
ClassFactor (zfact)
The indicated factor fact is multiplied by the message
class (determined by the Precedence: field in the user
header and the P lines in the configuration file) and
subtracted from the priority. Thus, messages with a
higher Priority: are favored. Defaults to 1800.
ClientCertFile
File containing the cert of the client, that is, this
cert is used when sendmail acts as client.
ClientKeyFile
File containing the private key belonging to the client
cert.
ClientPortOptions
Sets client SMTP options. The options are key=value
pairs. Known keys are:
Addr Address Mask
Address Mask defaults to INADDR_ANY. The address
mask can be a numeric address in dot notation or a
network name.
Family
Address family (defaults to INET).
Listen
Size of listen queue (defaults to 10).
Port
Name/number of listening port (defaults to smtp).
RcvBufSize
The size of the TCP/IP receive buffer.
SndBufSize
The size of the TCP/IP send buffer.
Modifier
Options (flags) for the daemon. Can be:
h
Uses name of interface for HELO command.
If h is set, the name corresponding to the outgoing
interface address (whether chosen by means of the
Connection parameter or the default) is used for the
HELO/EHLO command.
ColonOkInAddr
If set, colons are treated as a regular character in
addresses. If not set, they are treated as the intro-
ducer to the RFC 822 "group" syntax. This option is on
for version 5 and lower configuration files.
ConnectionCacheSize (kN)
The maximum number of open connections that are to be
cached at a time. The default is 1. This delays closing
the current connection until either this invocation of
sendmail needs to connect to another host or it ter-
minates. Setting it to 0 defaults to the old behavior,
that is, connections are closed immediately.
ConnectionCacheTimeout (Ktimeout)
The maximum amount of time a cached connection is per-
mitted to idle without activity. If this time is
exceeded, the connection is immediately closed. This
value should be small (on the order of ten minutes).
Before sendmail uses a cached connection, it always
sends a NOOP (no operation) command to check the connec-
tion. If the NOOP command fails, it reopens the connec-
tion. This keeps your end from failing if the other end
times out. The point of this option is to be a good net-
work neighbor and avoid using up excessive resources on
the other end. The default is five minutes.
ConnectionRateThrottle
The maximum number of connections permitted per second.
After this many connections are accepted, further con-
nections are delayed. If not set or <= 0, there is no
limit.
ConnectionRateWindowSize
Define the length of the interval for which the number
of incoming connections is maintained. The default is 60
seconds.
ControlSocketName
Name of the control socket for daemon management. A run-
ning sendmail daemon can be controlled through this Unix
domain socket. Available commands are: help, restart,
shutdown, and status. The status command returns the
current number of daemon children, the free disk space
(in blocks) of the queue directory, and the load average
of the machine expressed as an integer. If not set, no
control socket is available. For the sake of security,
this Unix domain socket must be in a directory which is
accessible only by root; /var/spool/mqueue/.smcontrol is
recommended for the socket name.
CRLFile
File containing certificate revocation status, useful
for X.509v3 authentication.
DaemonPortOptions (Ooptions)
Sets server SMTP options. The options are key=value
pairs. Known keys are:
Name
User-definable name for the daemon (defaults to
"Daemon#"). Used for error messages and logging.
Addr
Address mask (defaults INADDR_ANY).
The address mask may be a numeric address in dot
notation or a network name.
Family
Address family (defaults to INET).
InputMailFilters
List of input mail filters for the daemon.
Listen
Size of listen queue (defaults to 10).
Modifier
Options (flags) for the daemon; can be a sequence
(without any delimiters) of:
a Requires authentication.
b Binds to interface through which mail has been
received.
c Performs hostname canonification (.cf).
f Requires fully qualified hostname (.cf).
h Uses name of interface for HELO command.
u Allows unqualified addresses (.cf).
C Does not perform hostname canonification.
E Disallows ETRN (see RFC 2476).
Name
User-definable name for the daemon (defaults to Dae-
mon#). Used for error messages and logging.
Port
Name/number of listening port (defaults to smtp).
ReceiveSize
The size of the TCP/IP receive buffer.
SendSize
The size of the TCP/IP send buffer.
children
Maximum number of children per daemon. See MaxDae-
monChildren.
DeliveryMode
Delivery mode per daemon. See DeliveryMode.
refuseLA
RefuseLA per daemon.
delayLA
DelayLA per daemon.
queueLA
QueueLA per daemon.
sendmail listens on a new socket for each occurrence of
the DaemonPortOptions option in a configuration file.
DataFileBufferSize
Sets the threshold, in bytes, before a memory-bases
queue data file becomes disk-based. The default is 4096
bytes.
DeadLetterDrop
Defines the location of the system-wide dead.letter
file, formerly hard-coded to /var/tmp/dead.letter. If
this option is not set (the default), sendmail does not
attempt to save to a system-wide dead.letter file in the
event it cannot bounce the mail to the user or postmas-
ter. Instead, it renames the qf file as it has in the
past when the dead.letter file could not be opened.
DefaultCharSet
Sets the default character set to use when converting
unlabeled 8 bit input to MIME.
DefaultUser (ggid) or (uuid)
Sets the default group ID for mailers to run in to gid
or set the default userid for mailers to uid. Defaults
to 1. The value can also be given as a symbolic group or
user name.
DelayLA=LA
When the system load average exceeds LA, sendmail sleeps
for one second on most SMTP commands and before accept-
ing connections.
DeliverByMin=time
Sets minimum time for Deliver By SMTP Service Extension
(RFC 2852). If 0, no time is listed, if less than 0, the
extension is not offered, if greater than 0, it is
listed as minimum time for the EHLO keyword DELIVERBY.
DeliveryMode (dx)
Delivers in mode x. Legal modes are:
i Delivers interactively (synchronously).
b Delivers in background (asynchronously).
d Deferred mode. Database lookups are deferred until
the actual queue run.
q Just queues the message (delivers during queue run).
Defaults to b if no option is specified, i if it is
specified but given no argument (that is, Od is
equivalent to Odi).
DHParameters
File containing the DH parameters.
DialDelay
If a connection fails, waits this many seconds and tries
again. Zero means "do not retry".
DontBlameSendmail
If set, overrides the file safety checks. This comprom-
ises system security and should not be used. See
http://www.sendmail.org/tips/DontBlameSendmail.html for
more information.
DontExpandCnames
If set, $[ ... $] lookups that do DNS-based lookups do
not expand CNAME records.
DontInitGroups
If set, the initgroups(3C) routine is never invoked. If
you set this, agents run on behalf of users only have
their primary (/etc/passwd) group permissions.
DontProbeInterfaces
If set, sendmail does not insert the names and addresses
of any local interfaces into the $=w class. If set, you
must also include support for these addresses, otherwise
mail to addresses in this list bounces with a configura-
tion error.
DontPruneRoutes (R)
If set, does not prune route-addr syntax addresses to
the minimum possible.
DoubleBounceAddress
If an error occurs when sending an error message, sends
that "double bounce" error message to this address.
EightBitMode (8)
Uses 8-bit data handling. This option requires one of
the following keys. The key can selected by using just
the first character, but using the full word is better
for clarity.
mimify
Does any necessary conversion of 8BITMIME to 7-bit.
pass
Passes unlabeled 8-bit input through as is.
strict
Rejects unlabeled 8-bit input.
ErrorHeader (Efile/message)
Appends error messages with the indicated message. If it
begins with a slash, it is assumed to be the pathname of
a file containing a message (this is the recommended
setting). Otherwise, it is a literal message. The error
file might contain the name, email address, and/or phone
number of a local postmaster who could provide assis-
tance to end users. If the option is missing or NULL, or
if it names a file which does not exist or which is not
readable, no message is printed.
ErrorMode (ex)
Disposes of errors using mode x. The values for x are:
e Mails back errors and gives 0 exit status always.
m Mails back errors.
p Prints error messages (default).
q No messages, just gives exit status.
w Writes back errors (mail if user not logged in).
FallbackMXhost (Vfallbackhost)
If specified, the fallbackhost acts like a very low
priority MX on every host. This is intended to be used
by sites with poor network connectivity.
FallBackSmartHost
If specified, the fallBackSmartHost is used in a last-
ditch effort for each host. This is intended to be used
by sites with "fake internal DNS". That is, a company
whose DNS accurately reflects the world inside that
company's domain but not outside.
FastSplit
If set to a value greater than zero (the default is
one), it suppresses the MX lookups on addresses when
they are initially sorted, that is, for the first
delivery attempt. This usually results in faster
envelope splitting unless the MX records are readily
available in a local DNS cache. To enforce initial sort-
ing based on MX records set FastSplit to zero. If the
mail is submitted directly from the command line, then
the value also limits the number of processes to deliver
the envelopes; if more envelopes are created they are
only queued up and must be taken care of by a queue run.
Since the default submission method is by way of SMTP
(either from a MUA or by way of the Message Submission
Program [MSP]), the value of FastSplit is seldom used to
limit the number of processes to deliver the envelopes.
ForkEachJob (Y)
If set, delivers each job that is run from the queue in
a separate process. Use this option if you are short of
memory, since the default tends to consume considerable
amounts of memory while the queue is being processed.
ForwardPath (Jpath)
Sets the path for searching for users' .forward files.
The default is $z/.forward. Some sites that use the
automounter may prefer to change this to /var/forward/$u
to search a file with the same name as the user in a
system directory. It can also be set to a sequence of
paths separated by colons; sendmail stops at the first
file it can successfully and safely open. For example,
/var/forward/$u:$z/.forward searches first in
/var/forward/ username and then in ~username/.forward
(but only if the first file does not exist). Refer to
the NOTES section for more information.
HeloName=name
Sets the name to be used for HELO/EHLO (instead of $j).
HelpFile (Hfile)
Specifies the help file for SMTP.
HoldExpensive (c)
If an outgoing mailer is marked as being expensive, does
not connect immediately.
HostsFile
Sets the file to use when doing "file" type access of
host names.
HostStatusDirectory
If set, host status is kept on disk between sendmail
runs in the named directory tree. If a full path is not
used, then the path is interpreted relative to the queue
directory.
IgnoreDots (i)
Ignores dots in incoming messages. This is always dis-
abled (that is, dots are always accepted) when reading
SMTP mail.
LogLevel (Ln)
Sets the default log level to n. Defaults to 9.
(Mxvalue)
Sets the macro x to value. This is intended only for use
from the command line.
MailboxDatabase
Type of lookup to find information about local mail
boxes, defaults to pw which uses getpwnam(3C). Other
types can be introduced by adding them to the source
code, see libsm/mbdb.c for details.
MatchGECOS (G)
Tries to match recipient names using the GECOS field.
This allows for mail to be delivered using names defined
in the GECOS field in /etc/passwd as well as the login
name.
MaxDaemonChildren
The maximum number of children the daemon permits. After
this number, connections are rejected. If not set or
<=0, there is no limit.
MaxHopCount (hN)
The maximum hop count. Messages that have been processed
more than N times are assumed to be in a loop and are
rejected. Defaults to 25.
MaxMessageSize
The maximum size of messages that are accepted (in
bytes).
MaxMimeHeaderLength=M[/N]
Sets the maximum length of certain MIME header field
values to M characters. For some of these headers which
take parameters, the maximum length of each parameter is
set to N if specified. If /N is not specified, one half
of M is used. By default, these values are 0, meaning no
checks are done.
MaxNOOPCommands=N
Overrides the default of 20 for the number of useless
commands.
MaxQueueChildren=N
When set, this limits the number of concurrent queue
runner processes to N. This helps to control the amount
of system resources used when processing the queue. When
there are multiple queue groups defined and the total
number of queue runners for these queue groups would
exceed MaxQueueChildren then the queue groups are not
all run concurrently. That is, some portion of the queue
groups run concurrently such that MaxQueueChildren is
not be exceeded, while the remaining queue groups are
run later (in round robin order). See MaxRunnersPer-
Queue.
MaxQueueRunSize
If set, limits the maximum size of any given queue run
to this number of entries. This stops reading the queue
directory after this number of entries is reached; job
priority is not used. If not set, there is no limit.
MaxRunnersPerQueue=N
This sets the default maximum number of queue runners
for queue groups. Up to N queue runners work in parallel
on a queue group's messages. This is useful where the
processing of a message in the queue might delay the
processing of subsequent messages. Such a delay can be
the result of non-erroneous situations such as a low
bandwidth connection. The can be overridden on a per
queue group basis by setting the Runners option. The
default is 1 when not set.
MeToo (M)
Sends to me too, even if I am in an alias expansion.
MaxRecipientsPerMessage
If set, allows no more than the specified number of
recipients in an SMTP envelope. Further recipients
receive a 452 error code and are deferred for the next
delivery attempt.
MinFreeBlocks (bN/M)
Insists on at least N blocks free on the file system
that holds the queue files before accepting email by way
of SMTP. If there is insufficient space, sendmail gives
a 452 response to the MAIL command. This invites the
sender to try again later. The optional M is a maximum
message size advertised in the ESMTP EHLO response. It
is currently otherwise unused.
MinQueueAge
Specifies the amount of time a job must sit in the queue
between queue runs. This allows you to set the queue run
interval low for better responsiveness without trying
all jobs in each run. The default value is 0.
MustQuoteChars
Specifies the characters to be quoted in a full name
phrase. &,;:\()[] are quoted automatically.
NiceQueueRun
Specifies the priority of queue runners. See nice(1).
NoRecipientAction
Sets action if there are no legal recipient files in the
message. The legal values are:
add-apparently-to
Adds an Apparently-to: header with all the known
recipients (which may expose blind recipients).
add-bcc
Adds an empty Bcc: header.
add-to
Adds a To: header with all the known recipients
(which may expose blind recipients).
add-to-undisclosed
Adds a To: undisclosed-recipients: header.
none
Does nothing, that is, leaves the message as it is.
OldStyleHeaders (o)
Assumes that the headers may be in old format, that is,
spaces delimit names. This actually turns on an adaptive
algorithm: if any recipient address contains a comma,
parenthesis, or angle bracket, it is assumed that commas
already exist. If this flag is not on, only commas del-
imit names. Headers are always output with commas
between the names.
OperatorChars or $o
Defines the list of characters that can be used to
separate the components of an address into tokens.
PidFile
Specifies the filename of the pid file. The default is
/var/run/sendmail.pid. The filename is macro-expanded
before it is opened, and unlinked when sendmail exits.
PostmasterCopy (Ppostmaster)
If set, copies of error messages are sent to the named
postmaster. Only the header of the failed message is
sent. Since most errors are user problems, this is prob-
ably not a good idea on large sites, and arguably con-
tains all sorts of privacy violations, but it seems to
be popular with certain operating systems vendors.
PrivacyOptions (popt,opt,...)
Sets privacy options. Privacy is really a misnomer; many
of these options are just a way of insisting on stricter
adherence to the SMTP protocol.
The goaway pseudo-flag sets all flags except noreceipts,
restrictmailq, restrictqrun, restrictexpand, noetrn, and
nobodyreturn. If mailq is restricted, only people in the
same group as the queue directory can print the queue.
If queue runs are restricted, only root and the owner of
the queue directory can run the queue. The restrict-
expand pseudo-flag instructs sendmail to drop privileges
when the -bv option is given by users who are neither
root nor the TrustedUser so users cannot read private
aliases, forwards, or :include: files. It adds the Non-
RootSafeAddr to the "DontBlame-Sendmail" option to
prevent misleading unsafe address warnings. It also
overrides the -v (verbose) command line option to
prevent information leakage. Authentication Warnings add
warnings about various conditions that may indicate
attempts to fool the mail system, such as using an non-
standard queue directory.
The options can be selected from:
authwarnings
Puts X-Authentication-Warning: headers in messages.
goaway
Disallows essentially all SMTP status queries.
needexpnhelo
Insists on HELO or EHLO command before EXPN.
needmailhelo
Insists on HELO or EHLO command before MAIL.
needvrfyhelo
Insists on HELO or EHLO command before VRFY.
noactualrecipient
Do not put an X-Actual-Recipient line in a DNS that
reveals the actual account to which an address is
mapped.
noetrn
Disallows ETRN entirely.
noexpn
Disallows EXPN entirely.
noreceipts
Prevents return receipts.
nobodyreturn
Does not return the body of a message with DSNs.
novrfy
Disallows VRFY entirely.
public
Allows open access.
restrictexpand
Restricts -bv and -v command line flags.
restrictmailq
Restricts mailq command.
restrictqrun
Restricts -q command line flag.
ProcessTitlePrefix string
Prefixes the process title shown on "/usr/ucb/ps auxww"
listings with string. The string is macro processed.
QueueDirectory (Qdir)
Uses the named dir as the queue directory.
QueueFactor (qfactor)
Uses factor as the multiplier in the map function to
decide when to just queue up jobs rather than run them.
This value is divided by the difference between the
current load average and the load average limit (x flag)
to determine the maximum message priority to be sent.
Defaults to 600000.
QueueFileMode=mode
Defaults permissions for queue files (octal). If not
set, sendmail uses 0600 unless its real and effective
uid are different in which case it uses 0644.
QueueLA (xLA)
When the system load average exceeds LA, just queues
messages (that is, does not try to send them). Defaults
to eight times the number of processors online when
sendmail starts.
QueueSortOrder=algorithm
Sets the algorithm used for sorting the queue. Only the
first character of the value is used. Legal values are
host (to order by the name of the first host name of the
first recipient), filename (to order by the name of the
queue file name), time (to order by the
submission/creation time), random (to order randomly),
modification (to order by the modification time of the
qf file (older entries first)), none (to not order), and
priority (to order by message priority). Host ordering
makes better use of the connection cache, but may tend
to process low priority messages that go to a single
host over high priority messages that go to several
hosts; it probably shouldn't be used on slow network
links. Filename and modification time ordering saves the
overhead of reading all of the queued items before
starting the queue run. Creation (submission) time ord-
ering is almost always a bad idea, since it allows
large, bulk mail to go out before smaller, personal
mail, but may have applicability on some hosts with very
fast connections. Random is useful if several queue
runners are started by hand which try to drain the same
queue since odds are they are working on different parts
of the queue at the same time. Priority ordering is the
default.
QueueTimeout (Trtime/wtime)
Sets the queue timeout to rtime. After this interval,
messages that have not been successfully sent are
returned to the sender. Defaults to five days (5d). The
optional wtime is the time after which a warning message
is sent. If it is missing or 0, then no warning messages
are sent.
RandFile
File containing random data (use prefix file:) or the
name of the UNIX socket if EGD is used (use prefix
egd:). Note that Solaris supports random(7D), so this
does not need to be specified.
RecipientFactor (yfact)
The indicated factor fact is added to the priority (thus
lowering the priority of the job) for each recipient,
that is, this value penalizes jobs with large numbers of
recipients. Defaults to 30000.
RefuseLA (XLA)
When the system load average exceeds LA, refuses
incoming SMTP connections. Defaults to 12 times the
number of processors online when sendmail starts.
RejectLogInterval
Log interval when refusing connections for this long
(default: 3h).
ResolverOptions (I)
Tunes DNS lookups.
RetryFactor (Zfact)
The indicated factor fact is added to the priority every
time a job is processed. Thus, each time a job is pro-
cessed, its priority is decreased by the indicated
value. In most environments this should be positive,
since hosts that are down are all too often down for a
long time. Defaults to 90000.
RrtImpliesDsn
If this option is set, a Return-Receipt-To: header
causes the request of a DSN, which is sent to the
envelope sender as required by RFC 1891, not to the
address given in the header.
RunAsUser
If set, becomes this user when reading and delivering
mail. Intended for use of firewalls where users do not
have accounts.
SafeFileEnvironment
If set, sendmail does a chroot into this directory
before writing files.
SaveFromLine (f)
Saves Unix-style From lines at the front of headers.
Normally they are assumed redundant and discarded.
SendMimeErrors (j)
If set, sends error messages in MIME format (see RFC
2045 and RFC 1344 for details). If disabled, sendmail
does not return the DSN keyword in response to an EHLO
and does not do Delivery Status Notification processing
as described in RFC 1891.
ServerCertFile
File containing the cert of the server, that is, this
cert is used when sendmail acts as server.
ServerKeyFile
File containing the private key belonging to the server
cert.
ServiceSwitchFile
Defines the path to the service-switch file. Since the
service-switch file is defined in the Solaris operating
environment this option is ignored.
SevenBitInput (7)
Strips input to seven bits for compatibility with old
systems. This should not be necessary.
SharedMemoryKey
Specifies key to use for shared memory segment. If not
set (or 0), shared memory is not be used. If this option
is set, sendmail can share some data between different
instances. For example, the number of entries in a queue
directory or the available space in a file system. This
allows for more efficient program execution, since only
one process needs to update the data instead of each
individual process gathering the data each time it is
required.
SharedMemoryKeyFile=file
If SharedMemoryKeyFile is set to -1, the automatically
selected shared memory key will be stored in the speci-
fied file.
SingleLineFromHeader
If set, From: lines that have embedded newlines are
unwrapped onto one line.
SingleThreadDelivery
If this option and the HostStatusDirectory option are
both set, uses single thread deliveries to other hosts.
SmtpGreetingMessage or $e
Specifies the initial SMTP greeting message.
SoftBounce
If set, issue temporary errors (4xy) instead of per-
manent errors (5xy). This can be useful during testing
of a new configuration to avoid erroneous bouncing of
mail.
StatusFile (Sfile)
Logs statistics in the named file. By default, this is
/etc/mail/sendmail.st. As root, you must touch(1) this
file to enable mailstats(1).
SuperSafe (s)
This option can be set to True, False, Interactive, or
PostMilter. If set to True, sendmail is set to super-
safe when running things, that is, always instantiate
the queue file, even if you are going to attempt immedi-
ate delivery. sendmail always instantiates the queue
file before returning control to the client under any
circumstances. This should really always be set to True.
The Interactive value has been introduced in 8.12 and
can be used together with DeliveryMode=i. It skips some
synchronization calls which are effectively doubled in
the code execution path for this mode. If set to Post-
Milter, sendmail defers synchronizing the queue file
until any milters have signaled acceptance of the mes-
sage. PostMilter is useful only when sendmail is running
as an SMTP server; in all other situations it acts the
same as True.
TempFileMode (Fmode)
Specifies the file mode for queue files.
Timeout (rtimeouts)
Timeout reads after time interval. The timeouts argument
is a list of keyword=value pairs. All but command apply
to client SMTP. For backward compatibility, a timeout
with no keyword= part is set all of the longer values.
The recognized timeouts and their default values, and
their minimum values specified in RFC 1123 section 5.3.2
are:
aconnect
all connections for a single delivery attempt [0,
unspecified]
command
command read [1h, 5m]
connect
initial connect [0, unspecified]
control
complete control socket transaction [2m, none]
datablock
data block read [1h, 3m]
datafinal
reply to final . in data [1h, 10m]
datainit
reply to DATA command [5m, 2m]
fileopen
file open [60sec, none]
helo
reply to HELO or EHLO command [5m, none]
hoststatus
host retry [30m, unspecified]
iconnect
first attempt to connect to a host [0, unspecified]
ident
IDENT protocol timeout [5s, none]
initial
wait for initial greeting message [5m, 5m]
lhlo
wait for reply to an LMTP LHLO command [2m, unspeci-
fied]
mail
reply to MAIL command [10m, 5m]
misc
reply to NOOP and VERB commands [2m, none]
queuereturn
undeliverable message returned [5d]
queuewarn
deferred warning [4h]
quit
reply to QUIT command [2m, none]
rcpt
reply to RCPT command [1h, 5m]
resolver.retrans
Resolver's retransmission time interval (in seconds)
[varies]. Sets both Timeout.resolver.retrans.first
and Timeout.resolver.retrans.normal.
resolver.retrans.first
Resolver's retransmission time interval (in seconds)
for the first attempt to deliver a message [varies].
resolver.retrans.normal
Resolver's retransmission time interval (in seconds)
for all look-ups except the first delivery attempt
[varies].
resolver.retry
Number of times to retransmit a resolver query
[varies]. Sets both Timeout.resolver.retry.first and
Timeout.resolver.retry.normal.
resolver.retry.first
Number of times to retransmit a resolver query for
the first attempt to deliver a message [varies].
resolver.retry.normal
Number of times to retransmit a resolver query for
all look-ups except the first delivery attempt
[varies].
rset
reply to RSET command [5m, none]
starttls
response to an SMTP STARTTLS command [1h]
TimeZoneSpec (ttzinfo)
Sets the local time zone info to tzinfo, for example,
"PST8PDT". Actually, if this is not set, the TZ environ-
ment variable is cleared (so the system default is
used); if set but null, the user's TZ variable is used,
and if set and non-null, the TZ variable is set to this
value.
TLSSrvOptions
If this option is 'V', then no client verification is
performed,that is, the server does not ask for a certi-
ficate.
TrustedUser
The user parameter can be a user name (looked up in the
passwd map) or a numeric user id. Trusted user for file
ownership and starting the daemon. If set, generated
alias databases and the control socket (if configured)
are automatically owned by this user.
TryNullMXList (w)
If you are the "best" (that is, lowest preference) MX
for a given host, you should normally detect this situa-
tion and treat that condition specially, by forwarding
the mail to a UUCP feed, treating it as local, or what-
ever. However, in some cases (such as Internet
firewalls) you may want to try to connect directly to
that host as though it had no MX records at all. Setting
this option causes sendmail to try this. The downside is
that errors in your configuration are likely to be diag-
nosed as "host unknown" or "message timed out" instead
of something more meaningful. This option is deprecated.
UnixFromLine or $l
The "From " line used when sending to files or programs.
UnsafeGroupWrites
If set, group-writable :include: and .forward files are
considered "unsafe", that is, programs and files cannot
be directly referenced from such files.
UseErrorsTo (l)
If there is an Errors-To: header, sends error messages
to the addresses listed there. They normally go to the
envelope sender. Use of this option causes sendmail to
violate RFC 1123. This option is not recommended and
deprecated.
UseMSP
Uses as mail submission program, that is, allows group
writable queue files if the group is the same as that of
a set-group-id sendmail binary.
UserDatabaseSpec (U)
Defines the name and location of the file containing
User Database information.
Verbose (v)
Runs in verbose mode. If this is set, sendmail adjusts
the HoldExpensive and DeliveryMode options so that all
mail is delivered completely in a single job so that you
can see the entire delivery process. The Verbose option
should never be set in the configuration file; it is
intended for command line use only.
XscriptFileBufferSize
Sets the threshold, in bytes, before a memory-bases
queue transcript file becomes disk-based. The default is
4096 bytes.
If the first character of the user name is a vertical bar,
the rest of the user name is used as the name of a program
to pipe the mail to. It may be necessary to quote the name
of the user to keep sendmail from suppressing the blanks
from between arguments.
If invoked as newaliases, sendmail rebuilds the alias data-
base, so long as the /etc/mail/aliases* files are owned by
root and root has exclusive write permission. If invoked as
mailq, sendmail prints the contents of the mail queue.
OPERANDS
address
address of an intended recipient of the message being
sent.
USAGE
See largefile(5) for the description of the behavior of
sendmail when encountering files greater than or equal to 2
Gbyte ( 2^31 bytes).
EXIT STATUS
sendmail returns an exit status describing what it did. The
codes are defined in /usr/include/sysexits.h.
EX_OK
Successful completion on all addresses.
EX_NOUSER
User name not recognized.
EX_UNAVAILABLE
Catchall. Necessary resources were not available.
EX_SYNTAX
Syntax error in address.
EX_SOFTWARE
Internal software error, including bad arguments.
EX_OSERR
Temporary operating system error, such as "cannot fork".
EX_NOHOST
Host name not recognized.
EX_TEMPFAIL
Message could not be sent immediately, but was queued.
ENVIRONMENT VARIABLES
No environment variables are used. However, sendmail's
start-up script, invoked by svcadm(1M), reads
/etc/default/sendmail. In this file, if the variable
ETRN_HOSTS is set, the start-up script parses this variable
and invokes etrn(1M) appropriately. ETRN_HOSTS should be of
the form:
"s1:c1.1,c1.2 s2:c2.1 s3:c3.1,c3.2,c3.3"
That is, white-space separated groups of server:client where
client can be one or more comma-separated names. The :client
part is optional. server is the name of the server to prod;
a mail queue run is requested for each client name. This is
comparable to running:
/usr/lib/sendmail -qR client
on the host server.
FILES
dead.letter
Unmailable text
/etc/default/sendmail
Contains default settings. You can override some of the
settings by command line options.
/etc/mail/aliases
Mail aliases file (ASCII)
/etc/mail/aliases.db
Database of mail aliases (binary)
/etc/mail/aliases.dir
Database of mail aliases (binary)
/etc/mail/aliases.pag
Database of mail aliases (binary)
/etc/mail/sendmail.cf
Defines environment for sendmail
/etc/mail/submit.cf
Defines environment for MSP
/etc/mail/trusted-users
Lists users that are "trusted", that is, able to set
their envelope from address using -f without generating
a warning message. Note that this file is consulted by
the default sendmail.cf, but not by the default
submit.cf, in which the line referring to
/etc/mail/trusted-users is commented out. See send-
mail(4) for instructions on making changes to submit.cf
and sendmail.cf.
/var/spool/clientmqueue/*
Temporary files and queued mail
/var/spool/mqueue/*
Temporary files and queued mail
~/.forward
List of recipients for forwarding messages
/usr/include/libmilter/README
Describes the steps needed to compile and run a filter
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
| Availability | SUNWsndmu |
+-----------------------------+-----------------------------+
SEE ALSO
svcs(1), biff(1B), mail(1), mailq(1), mailx(1), nice(1),
check-hostname(1M), check-permissions(1M), etrn(1M),
newaliases(1M), svcadm(1M), svccfg(1M), fork(2),
getpwnam(3C), getusershell(3C), resolver(3RESOLV),
aliases(4), hosts(4), sendmail(4), shells(4), attributes(5),
largefile(5), smf(5), random(7D)
tcpd(1M), hosts_access(4) in the SUNWtcpd package.
RFC 2821 Simple Mail Transfer Protocol, John Klensin, April
2001.
RFC 2822 Internet Message Format, Pete Resnick, April 2001.
sendmail, Third Edition, Bryan Costales with Eric Allman,
O'Reilly & Associates, Inc., 2003.
http://www.sendmail.org
http://www.milter.org
NOTES
The sendmail program requires a fully qualified host name
when starting. A script has been included to help verify if
the host name is defined properly (see check-hostname(1M)).
The permissions and the ownership of several directories
have been changed in order to increase security. In
particular, access to /etc/mail and /var/spool/mqueue has
been restricted.
Security restrictions have been placed users using .forward
files to pipe mail to a program or redirect mail to a file.
The default shell (as listed in /etc/passwd) of these users
must be listed in /etc/shells. This restriction does not
affect mail that is being redirected to another alias.
Additional restrictions have been put in place on .forward
and :include: files. These files and the directory structure
that they are placed in cannot be group- or world-writable.
See check-permissions(1M).
If you have interfaces that map to domains that have MX
records that point to non-local destinations, you might need
to enable the DontProbeInterfaces option to enable delivery
to those destinations. In its default startup behavior,
sendmail probes each interface and adds an interface's IP
addresses, as well as any domains that those addresses map
to, to its list of domains that are considered local. For
domains thus added, being on the list of local domains is
equivalent to having a 0-preference MX record, with
localhost as the MX value. If this is not the result you
want, enable DontProbeInterfaces.
Because of cryptographic import restrictions in some coun-
tries, symmetric key cryptographic algorithms are limited to
128-bit if the SUNWcry package is not installed. The SUNWcry
package is not included with the Solaris software. This
package is available instead as a separate controlled down-
load.
-------------- next part --------------
--- sendmail.4.old Thu Jan 17 09:57:29 2008
+++ sendmail.4.new Thu Jan 17 11:31:47 2008
@@ -1,159 +1,193 @@
File Formats sendmail(4)
NAME
sendmail, local.cf, sendmail.cf, submit.cf - sendmail confi-
guration files
SYNOPSIS
/etc/mail/local.cf
/etc/mail/sendmail.cf
/etc/mail/submit.cf
DESCRIPTION
The local.cf, sendmail.cf, and submit.cf files are the con-
figuration files for sendmail(1M). Starting with version
8.12 of sendmail, which was shipped with version 9 of the
Solaris operating system, two configuration files are used
for submission and transmission of mail, instead of only
sendmail.cf, as before. These are:
sendmail.cf Remains the principal sendmail configuration
file. Used for the Mail Transmission Agent
(MTA).
submit.cf Used for the Mail Submission Program (MSP).
The MSP is used to submit mail messages.
Unlike the MTA, it does not run as an SMTP
daemon.
A third configuration file has since been introduced:
local.cf Used like sendmail.cf, but for systems that do
not wish to allow access to remote clients. For
details about how this works, see below.
The MSP does not require root privileges, thus the two-file
model provides better security than the pre-sendmail 8.12
model, in which the MSP ran as a daemon and required root
privileges.
In the default sendmail configuration, sendmail uses
submit.cf, as indicated in ps(1) output. In ps output, you
will observe two sendmail invocations, such as the ones
below:
/usr/lib/sendmail -Ac -q15m
/usr/lib/sendmail -bd -q15m
The first indicates the use of submit.cf, with the client
queue (/var/spool/clientmqueue) being checked-and, if
needed, flushed-every 15 minutes. The second invocation runs
sendmail as a daemon, waiting for incoming SMTP connections.
As shipped, sendmail.cf and, in particular, submit.cf, are
appropriate for most environments. Where a knowledgeable
system administrator needs to make a change, he should use
the following procedures.
For sendmail.cf:
1. Change directories to the directory that contains
the source files for the configuration files.
# cd /etc/mail/cf/cf
2. Create a copy of the sendmail file for your system.
# cp sendmail.mc `hostname`.mc
3. Edit `hostname`.mc. Make changes suitable for your
system and environment.
4. Run make to generate the configuration file.
# /usr/bin/make `hostname`.cf
5. Copy the newly generated file to its correct loca-
tion.
# cp `hostname`.cf /etc/mail/sendmail.cf
6. Restart the sendmail service.
# svcadm restart sendmail
Note that you must restart sendmail for sendmail.cf file
- changes to take effect.
+ changes to take effect, as indicated in step 6. Note also
+ that steps 4 - 6 can be automated; see "Automated Rebuilding
+ of Configuration Files" below.
For submit.cf:
1. Change directories to the directory that contains
the source files for the configuration files.
# cd /etc/mail/cf/cf
2. Create a copy of the submit file for your system.
# cp submit.mc submit-`hostname`.mc
3. Edit submit-`hostname`.mc. Make changes suitable
for your system and environment.
4. Run make to generate the configuration file.
# /usr/bin/make submit-`hostname`.cf
5. Copy the newly generated file to its correct loca-
tion.
# cp submit-`hostname`.cf /etc/mail/submit.cf
You do not need to restart sendmail for changes to submit.cf
- to take effect.
+ to take effect. Note that steps 4 and 5 can be automated;
+ see "Automated Rebuilding of Configuration Files" below.
Enabling Access to Remote Clients
The sendmail(1M) man page describes how the
config/local_only property can be set to true or false to
disallow or allow, respectively, access to remote clients
for unmodified systems. However, on a system where either of
these files has been modified, setting that property might
not have the intended effect. The value of that property
determines which configuration file sendmail will use by
default when started as a daemon: if the property is true,
then local.cf will be used; otherwise, sendmail.cf will be
used. There are just three lines that differ between the .mc
files used to generate these .cf files:
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`NAME=NoMTA4, Family=inet, Addr=127.0.0.1')dnl
DAEMON_OPTIONS(`Name=MSA4, Family=inet,
Addr=127.0.0.1,Port=587,M=E')dnl
The preceding three lines are in local.mc but not in
sendmail.mc. So, for anyone customizing these files, these
three lines should be included, or not, as desired, then the
resulting .cf file should be copied to either
/etc/mail/sendmail.cf (if the property is false) or
/etc/mail/local.cf (if the property is true), in step 5 of
the first procedure above.
+ Automated Rebuilding of Configuration Files
+
+ Setting values for the following properties for the service
+ instance svc:/network/smtp:sendmail will result in automated
+ (re)building of configuration files:
+
+ path_to_local_mc
+ path_to_sendmail_mc
+ path_to_submit_mc
+
+ The values for these properties should be strings which
+ represent the path name of the .mc files referred to in
+ steps 2 and 3 of both procedures above. Recommended values
+ are:
+
+ /etc/mail/cf/cf/local-`hostname`.mc
+ /etc/mail/cf/cf/`hostname`.mc
+ /etc/mail/cf/cf/submit-`hostname`.mc
+
+ Each property, if set, will result in the corresponding .mc
+ file being used to (re)build the matching .cf file when the
+ service is started. Note that one should generally set the
+ first and third or the second and third depending on the
+ value of local_only as explained above in the "Enabling
+ Access to Remote Clients" section.
+
+ These properties will persist across upgrades and patches.
+ So to prevent a patch or upgrade from clobbering your .cf
+ file, or renaming it to .cf.old, you can set the desired
+ properties instead.
+
FILES
/etc/mail/cf/README Describes sendmail configuration
files.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
| Availability | SUNWsndmr |
+-----------------------------+-----------------------------+
| Interface Stability | Stable |
+-----------------------------+-----------------------------+
SEE ALSO
make(1S), ps(1), sendmail(1M), svcadm(1M), attributes(5)
