Deprecated and Unsupported Configuration File Options for sendmail
Refer to the following table for a list of deprecated configuration file options. The table includes the AutoRebuildAliases option, which is not in version 8.12 of sendmail.
Table 27-3 Deprecated and Unsupported Configuration File Options for sendmail
Option | Description |
|---|---|
Because a denial-of-service attack could occur if this option is set, this option is not in version 8.12 of sendmail. Refer to the Release Notes that are part of the sendmail distribution at ftp://ftp.sendmail.org. A user could kill the sendmail process while the aliases file is being rebuilt and leave the file in an inconsistent state. Furthermore, because AutoRebuildAliases is not available, newaliases must be run manually now in order for changes to /etc/mail/aliases to become effective. Also, you must remember that because sendmail is no longer setuid root, only root can run newaliases. | |
This option, which now defaults to True, has been deprecated. Refer to the Release Notes that are part of the sendmail distribution at ftp://ftp.sendmail.org. | |
This option is deprecated. If required, you should now use the GroupWritableForwardFileSafe and GroupWritableIncludeFileSafe arguments for the DontBlameSendmail option. | |
This option is deprecated. Furthermore, because this option violates RFC 1123, you should avoid using it. |
New ClientPortOptions Option
The new ClientPortOptions option is for outgoing connections and is similar to the DaemonPortOptions option. This option sets the client SMTP options, which are a sequence of key=value pairs. To declare this option, use one of the following syntaxes. For formatting purposes, the example includes two pairs. However, you can apply one or more pairs.
O ClientPortOptions=pair,pair # for the configuration file -OClientPortOptions=pair,pair # for the command line define(`confCLIENT_OPTIONS',`pair,pair') # for m4 configuration |
If you need to build a new sendmail.cf file, refer to "Building the sendmail.cf Configuration File (Task)" in Chapter 25, Mail Services (Tasks).
The following table describes the new keys for this option.
Table 27-4 New Keys for ClientPortOptions
Key | Description |
|---|---|
Addr | Specifies the address mask. The value can be a numeric address in dot notation or a network name. If the pair is omitted, the default is INADDR_ANY, which accepts connections from any network. |
Family | Specifies the address family. The key's default is inet for AF_INET. Other values are inet6 for AF_INET6, iso for AF_ISO, ns for AF_NS, and x.25 for AF_CCITT. |
Listen | Specifies the size of the listen queue. The key defaults to 10. You should not have to change this default for the Solaris operating environment. |
Port | Specifies the name and number of the listening port. The key defaults to smtp. |
RcvBufSize | Specifies the size of the TCP/IP send buffer. The key has no default value, which means that no size specifications are automatically made. If the option is set to a value greater than zero, that value is used. You should not have to limit the size of this buffer for the Solaris operating environment. |
Modifier | Specifies flags for sendmail: The h flag uses the name that corresponds to the outgoing interface address for the HELO or EHLO commands, whether it was chosen by the connection parameter or by the default. The A flag disables AUTH. This flag can also be used with the Modifier key for DaemonPortOptions. Refer to "Changes to DaemonPortOptions Option". The S flag turns off the use of or the offer to use STARTTLS when email is being delivered or received. |
Changes to DaemonPortOptions Option
The following tables describe the new features.
To declare this option, use one of the following syntaxes. In the example, pair refers to key=value. For formatting purposes, the example includes two pairs. However, you can apply one or more pairs.
O DaemonPortOptions=pair,pair # for the configuration file -ODaemonPortOptions=pair,pair # for the command line define(`confDAEMON_OPTIONS',`pair,pair') # for m4 configuration |
Note - To avoid security risks, sendmail relinquishes its root permissions when you set this option from the command line.
If you need to build a new sendmail.cf file, refer to "Building the sendmail.cf Configuration File (Task)" in Chapter 25, Mail Services (Tasks).
The following table describes new and revised keys for the DaemonPortOptions option.
Table 27-5 New and Revised Keys for DaemonPortOptions
Key | Description |
|---|---|
Name | A new key that specifies a user-definable name for sendmail. This key is used for error messages and for logging. The default is MTA. |
Modifier | A new key that specifies values for sendmail that can be listed in a sequence without delimiters. For a list of values, see Table 27-6. |
Family | Unless a Family is specified in a DaemonPortOptions option, inet is now the only default. If IPv6 users also want to listen on IPv6 interfaces, they can configure additional sockets into sendmail.cf by adding a Family=inet6 setting to a DaemonPortOptions option. |
The following table describes the values for the new Modifier key.
Table 27-6 Values for the New Modifier Key
Value | Description |
|---|---|
A | Disables AUTH by overriding the Modifier value of a. Can be used with the Modifier key for ClientPortOptions. Refer to "New ClientPortOptions Option". |
C | Does not perform host-name canonification. |
E | Disallows the ETRN command. |
O | Ignores the socket if a failure should occur. |
S | Turns off the use or the offer to use STARTTLS when email is being delivered or received. Can be used with the Modifier key for ClientPortOptions. |
a | Requires authentication. |
b | Binds to the interface that receives the mail. |
c | Performs host-name canonification. Use this value only in configuration file declarations. |
f | Requires fully qualified host names. Use this value only in configuration file declarations. |
h | Uses the interface's name for the outgoing HELO command. |
u | Allows unqualified addresses. Use this value only in configuration file declarations. |
Additional Arguments for the PidFile and ProcessTitlePrefix Options
The following table describes additional macro-processed arguments for the PidFile and ProcessTitlePrefix options. For more information about these options, see Table 27-2.
Table 27-7 Arguments for the PidFile and ProcessTitlePrefix Options
Macro | Description |
|---|---|
${daemon_addr} | Provides daemon address (for example, 0.0.0.0) |
${daemon_family} | Provides daemon family (for example, inet, and inet6) |
${daemon_info} | Provides daemon information (for example, SMTP+queueing@00:30:00) |
${daemon_name} | Provides daemon name (for example, MSA) |
${daemon_port} | Provides daemon port (for example, 25) |
${queue_interval} | Provides queue run interval (for example, 00:30:00) |
Changes to the PrivacyOptions Option
New and revised arguments for PrivacyOptions (popt) are described in the following table. You can declare this option from the command line without sendmail relinquishing its root privilege. To declare this sendmail option, use one of the following syntaxes.
O PrivacyOptions=argument # for the configuration file -OPrivacyOptions=argument # for the command line define(`confPRIVACY_FLAGS',`argument') # for m4 configuration |
If you need to build a new sendmail.cf file, refer to "Building the sendmail.cf Configuration File (Task)", in Chapter 25, Mail Services (Tasks).
The following table provides descriptions of new and revised arguments for the PrivacyOptions option.
Table 27-8 New and Revised Arguments for PrivacyOptions
Argument | Description |
|---|---|
goaway | This argument no longer accepts the following flags: noetrn, restrictmailq, restrictqrun, restrictexpand, nobodyreturn, and noreceipts. |
nobodyreturn | This argument instructs sendmail not to include the body of the original message in delivery status notifications. |
noreceipts | When this argument is set, delivery status notification (DSN) is not announced. |
restrictexpand | This argument instructs sendmail to drop privileges when the -bv option is given by users who are neither root nor TrustedUser. The users cannot read private aliases, .forward files, or :include: files. This argument also overrides the -v command-line option. |
Changes to the Timeout Option
The following table provides information about the changes to the Timeout option. Specifically, this sendmail option has some new keywords and a new value for ident. In the Solaris operating environment, you should not need to change the default values for the keywords that are listed in the table. However, if you choose to make a change, use the keyword=value syntax. The value is a time interval. Refer to the following examples.
O Timeout.keyword=value # for the configuration file -OTimeout.keyword=value # for the command line define(`m4_name', value) # for m4 configuration |
If you need to build a new sendmail.cf file, refer to "Building the sendmail.cf Configuration File (Task)" in Chapter 25, Mail Services (Tasks).
Note - To avoid security risks, sendmail relinquishes its root permissions when you set this option from the command line.
Table 27-9 New and Revised Settings for Timeout
Keyword | Default Value | Description |
|---|---|---|
aconnect | 0 | m4 name: confTO_ACONNECT Limits the total time to wait for all connections to succeed for a single delivery attempt. The maximum value is unspecified. |
control | 2m | m4 name: confTO_CONTROL Limits the total time that is dedicated to completing a control socket request. |
ident | 5s | m4 name: confTO_IDENT Defaults to 5 seconds--instead of 30 seconds--to prevent the common delays that are associated with mailing to a site that drops IDENT packets. No maximum value is specified. |
lhlo | 2m | m4 name: confTO_LHLO Limits the time to wait for a reply from an LMTP LHLO command. No maximum value is specified. |
queuereturn | 5d | m4 name: confTO_QUEUERETURN Includes the value now, which immediately bounces entries from the queue without a delivery attempt. |
resolver.retrans | varies | m4 name: confTO_RESOLVER_RETRANS Sets the resolver's retransmission time interval (in seconds), which applies to resolver.retrans.first and resolver.retrans.normal. |
resolver.retrans.first | varies | m4 name: confTO_RESOLVER_RETRANS_FIRST Sets the resolver's retransmission time interval (in seconds) for the first attempt to deliver a message. |
resolver.retrans.normal | varies | m4 name: confTO_RESOLVER_RETRANS_NORMAL Sets the resolver's retransmission time interval (in seconds) for all resolver lookups, except the first delivery attempt. |
resolver.retry | varies | m4 name: confTO_RESOLVER_RETRY Sets the number of times to retransmit a resolver query, which applies to Timeout.resolver.retry.first and Timeout.resolver.retry.normal. |
resolver.retry.first | varies | m4 name: confTO_RESOLVER_RETRY_FIRST Sets the number of times to retransmit a resolver query for the first attempt to deliver a message. |
resolver.retry.normal | varies | m4 name: confTO_RESOLVER_RETRY_NORMAL Sets the number of times to retransmit a resolver query for all resolver lookups, except the first delivery attempt. |