The AliasFile (A) option must be declared for sendmail to do aliasing. If you omit this option, sendmail may silently assume that you do not want to do aliasing at all. There is no default compiled into sendmail for the location of the aliases file. [4] For V8 m4 configurations an appropriate default will be defined based on your operating system.

[4] Beginning with V8.7, a switched-services file (see Section 34.8.61) may cause aliases to be found in NIS or other services and may completely ignore alias files altogether.

If you specify a file that doesn't exist (such as /et/aliases if you really meant /etc/aliases) or one that is unreadable, sendmail complains, for example with

Can't open /et/aliases

This is a nonfatal error. The sendmail program prints it and continues to run but assumes that it shouldn't do aliasing.

The forms of the AliasFile (A) option are as follows:

OAlocation                         configuration file (old form)
-oAlocation                        command line (old form)
O AliasFile=location               configuration file (beginning with V8.7)
-OAliasFile=location               command line (beginning with V8.7)
define(`ALIAS_FILE',`location')    V8 m4 configuration

The location is an argument of type string and can be an absolute or a relative pathname. A relative path (such as ../aliases) can be used for testing but should never be used in the production version of your sendmail.cf file. To do so opens a security hole. Such a path is interpreted by sendmail as relative to the queue directory.

This option can be used to change the name of the aliases file (a possible consideration for security). If you change the location or name of the aliases file, be aware that other programs (such as emacs and Sun's nis services) may cease to work properly.

Note that with the m4 technique the only way to eliminate the default alias file declaration (and thus to eliminate all aliases support) is to undefine ALIAS_FILE like this:

undefine(`ALIAS_FILE')

The sendmail program also allows you to use several alias databases simultaneously. They are listed with the AliasFile (A) option as, for example, like this:

O AliasFile=/etc/aliases/users,/etc/aliases/maillists

In this case, sendmail will look up an alias first in the database /etc/aliases/users. If it is not found, sendmail will then look in /etc/aliases/maillists. The number of simultaneous alias files is limited to MAXALIASDB (see Section 18.8.19, MAX...) as defined in conf.h (by default 12). The -bi command-line switch will rebuild all alias databases in the order listed in this AliasFile (A) option. Multiple declarations lines may appear in the file, each adding an alias database to the list:

O AliasFile=/etc/aliases/users     # aliases local users first
O AliasFile=/etc/aliases/maillists # then mailing lists
O AliasFile=/etc/aliases/retired   # then retired accounts

Duplicates are not detected. Therefore the following causes /etc/aliases to be searched and rebuilt twice each time:

O AliasFile=/etc/aliases
O AliasFile=/etc/aliases

Multiple alias files may similarly be specified on the command line with the -o switch. But be aware that any alias files that are declared in the command line cause all the configuration file alias declarations to be ignored.

In addition to the name of alias databases, sendmail also allows you to specify the class of each. The class is the same as the classes that are available for the K configuration command (see Section 33.3, "The K Configuration Command"). The class prefixes the name, and the two are separated by a colon:

O AliasFile=nis:mail.aliases

This example tells sendmail to look up aliases in the nis class (the nis) database called mail.aliases. The class can include switches that mean the same thing as those allowed for the K configuration command.

For example:

O AliasFile=nis:-N mail.aliases

Here, the -N class switch causes lookups to include a trailing null byte with each key. [5]

[5] Also see Section 24.4.4, "Duplicate Entries and Automation", which illustrates the -A option switch for appending keys.

Under V8.6 sendmail the reasonable classes are hash, btree, dbm, nis, and udb. Under V8.7 sendmail this list can also include nisplus for Sun's nisplus and hesiod for Hesiod support. (See Section 33.3.2, "The class" and Section 33.3.4, "The switches".) But note that it is generally better to use the service-switch file to select services because it is less confusing.

If a class is not a known one and if the -d27 command-line switch (see Section 37.5.88, -d27.1) is specified, sendmail prints

Unknown alias class badclass

If the class is one that cannot support aliasing (as defined by MCF_ALIASOK in conf.c) and if the -d27 command-line switch is specified, sendmail prints:

setalias: map class badclass can't handle aliases

In both cases the badclass is the offending class. Both errors cause the AliasFile (A) option's alias file declaration to be ignored.

Beginning with V8.7 sendmail, the declaration and use of alias files is further complicated [6] by the introduction of switched-services files (see Section 34.8.61). If the file defined by the ServiceSwitchFile option exists, and if it defines the type and location of alias information, each alias definition is used just as if it was included in the configuration file (although the syntax differs). On Solaris, Ultrix, and OSF systems, switched-service files are supplied by the operating system. With these you should beware the silent introduction of unexpected alias services. On other operating systems you may set up a V8.7 switched-service file that can be used for aliases if you wish.

[6] Or simplified, depending on whom you talk to.

The AliasFile (A) option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

Whenever sendmail rebuilds the aliases database, it first clears the old database. It then rebuilds the database and, when done, adds the special entry @:@. Before sendmail attempts to use the database, it first looks in that database for the special entry @:@ that should be present. This curious entry is employed because it is one that is always illegal in an aliases file. If sendmail doesn't find that entry (whether because a user ran newaliases or because another invocation of sendmail is currently rebuilding it), it waits 2 seconds for that entry to appear, then checks again. If the entry is still unavailable, the wait is doubled (up to maximum wait of 60 seconds). The total time waited (after all the sleeps without success) is the interval specified by this AliasWait (a) option.

When the @:@ appears, sendmail checks to see whether the database still needs to be rebuilt and rebuilds it if it does. If the special entry @:@ does not appear after the specified time and if the AutoRebuildAliases (D) option (see Section 34.8.4) is set, sendmail assumes that some other process died while that other process was rebuilding the database. This assumption paves the way for sendmail to go ahead and rebuild the database. Note that if AutoRebuildAliases (D) option is not set, sendmail uses the old information.

The forms of the AliasWait (a) option are as follows:

Oadelay                           configuration file (old style)
-oadelay                          command line (old style)
O AliasWait=delay                 configuration file (beginning with V8.7)
-OAliasWait=delay                 command line (beginning with V8.7)
define(`confALIAS_WAIT',delay)    V8 m4 configuration

The delay argument is of type time and, if omitted, defaults to 5 minutes. If the entire AliasWait (a) option is omitted or if delay is zero or non-numeric, the database is not automatically rebuilt. If the unit of time desired is omitted, the delay defaults to minutes. If you use the V8 m4 configuration, the default for confALIAS_WAIT is 10 minutes.

The AliasWait (a) option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

Prior to V8.7, sendmail would accept without complaint an SMTP HELO command (or an EHLO) that omitted the hostname:

220-oldsite.uofa.edu  Sendmail 8.6.13/8.6.13 ready at Fri, 31 Dec 1996 08:11:44 -0700
220 ESMTP spoken here
HELO
250 oldsite.uofa.edu Hello here.ufa.edu [123.45.67.89], pleased to meet you

RFC1123, section 5.2.5, specifies that all HELO and EHLO commands must be followed by a fully qualified hostname.

HELO here.uofa.edu
EHLO here.uofa.edu

Beginning with V8.7, omitting the hostname results in one of the following errors:

501 helo requires domain address
501 ehlo requires domain address

Note that there is no check to see that the hostname is actually that of the connecting host unless PICKY_HELO_CHECK is declared when sendmail is compiled(see Section 18.8.35, PICKY...). Also note that the hostname that is specified must appear to be a correctly formed hostname. If it is not, the following is printed:

501 Invalid domain name

If you favor forcing other sites to obey the RFCs, don't enable this option. But note that you may need to enable it if your site accepts connections from other sites that don't obey the protocols.

The AllowBogusHELO option is used like this:

O AllowBogusHELO=bool             V8.8 and above

The bool is of type Boolean. If it is absent, the option defaults to true (do allow the hostname to be omitted). If the entire option declaration is missing, the default is false (require the hostname to be present). Note that there is no m4 shorthand for declaring this option.

The AllowBogusHELO option safe. Even if it is specified from the command line, sendmail retains its root privilege.

The need to rebuild the aliases database is determined by comparing the modification time of the aliases source file, as defined by the AliasFile (A) option (see Section 34.8.1), to the modification time of the corresponding aliases.pag and aliases.dir, or aliases.db, database files. If the source file is newer and if this AutoRebuild-Aliases (D) option is set, sendmail attempts to rebuild the aliases database. If this option is not set, sendmail prints the following warning and uses the information in the old database:

Warning: alias database fname out of date

Here, fname is the name of the source file. If you set this AutoRebuildAliases (D) option, be sure that the AliasWait (a) option (see Section 34.8.2) is also declared and given a nonzero time argument. (File locking, to prevent simultaneous rebuilds, is described under the AliasWait (a) option.)

The forms of this AutoRebuildAliases (D) option are as follows:

ODbool                             configuration file (old style)
-oDbool                            command line (old style)
O AutoRebuildAliases=bool          configuration file (beginning with V8.7)
-OAutoRebuildAliases=bool          command line (beginning with V8.7)
define(`confAUTO_REBUILD',bool)    V8 m4 configuration

With no argument, AutoRebuildAliases (D) is set to true (the aliases database is automatically rebuilt). If the entire AutoRebuildAliases (D) option is missing, it defaults to false (no automatic rebuilds).

IDA sendmail uses fcntl(3) to prevent simultaneous rebuilds. Old versions of sendmail used flock(3). V8 sendmail uses either fcntl(3) or flock(3), depending on how it was compiled.

The AutoRebuildAliases (D) option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

Some mailer programs have difficulty handling addresses that contain spaces. Such addresses are both illegal under RFC821 and RFC822 and subject to gross misinterpretation. For example, the address

John Q Public@wash.dc.gov

is viewed by some MUA programs as being composed of three separate addresses: John, Q, and Public@wash.dc.gov. To prevent this misinterpretation, such MUAs usually either quote the user portion or escape each space with a backslash:

"John Q Public"@wash.dc.gov  quoted
John\ Q\ Public@wash.dc.gov  escaped

The BlankSub (B) option is intended to handle an address that contains internal spaces, and is neither quoted nor escaped. For sendmail a space is any character defined by the C language library routine isspace(3).

Most sites use a . (dot or period) or an _ (underscore) character to replace unquoted space characters. That is, they declare the BlankSub (B) option as one of the following:

OB.
OB_

Feeding the address

John Q Public@wash.dc.gov

through sendmail with the option OB. set yields

John.Q.Public@wash.dc.gov

The forms of the BlankSub (B) option are as follows:

OBchar                          configuration file (old style)
-oBchar                         command line (old style)
O BlankSub=char                 configuration file (beginning with V8.7)
-OBlankSub=char                 command line (beginning with V8.7)
define(`confBLANK_SUB',char)    V8 m4 configuration

The argument char is of type character and is a single character. The default, if this option is omitted or if the char argument is omitted, is that an unquoted space character is replaced with a space character (which does nothing to correct the problem at all). The default for the m4 technique is the dot (.) character.

Note that old-style addresses are delimited from each other with spaces rather than commas. Such addresses may be wrongly joined into a single address if the char is other than a space. Acceptance of such old-style addresses is determined by the setting of the OldStyleHeaders (o) option (see Section 34.8.44).

Also note that this BlankSub (B) option may also be used when tokenized addresses are reassembled (see Section 28.2.3, "Pasting Addresses Back Together").

The BlankSub (B) option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

Ordinarily, when sendmail rebuilds an aliases database (as defined by the AliasFile (A) option, see Section 34.8.1), it checks only the addresses to the left of the colon to make sure they all resolve to a delivery agent that has the F=A flag set (see Section 30.8.12, F=A). It is possible to also have addresses to the right of the colon checked for validity by setting option CheckAliases (n) option to true.

The forms of the CheckAliases (n) option are as follows:

Onbool                              configuration file (old style)
-onbool                             command line (oldstyle)
-on                                 command line shorthand
O CheckAliases=bool                 configuration file (beginning with V8.7)
-OCheckAliases=bool                 command line (beginning with V8.7)
define(`confCHECK_ALIASES',True)    V8 m4 configuration

The bool is of type Boolean. If it is absent, the option defaults to true (do check the right-hand side of aliases). If the entire option declaration is missing, the default is false (don't check the right-hand side of aliases). The default for the m4 configuration technique is false.

Addresses to the right of the colon are checked only to be sure they are good addresses. Each is processed by rule set 3 and then rule set 0 to select a delivery agent. Processing merely needs to successfully select any non-#error delivery agent (see Section 30.5.2, "The error Delivery Agent"). The sendmail program prints and logs the following warning and skips any address that fails to select a valid delivery agent:

address... bad address

If the address selects an #error delivery agent, the error text for that error is printed instead:

address... user address required

The CheckAliases (n) option is further described in Section 24.5.2, "Check the Right Side of Aliases". This option is safe. Even if it is specified from the command line, sendmail retains its root privilege.

When a single email message is sent to many recipients (those on a mailing list, for example), a single sendmail process handles all the recipients. Should that sendmail process die or be killed halfway through processing, there is no record that the first half was delivered. As a result, when the queue is later reprocessed, the recipients in that first half will receive the message a second time.

The CheckpointInterval (C) option can limit the duplication. It tells sendmail to rewrite (checkpoint) its qf file (which contains the list of recipients; see Section 23.2.5, "The Queue Control File: qf") after each group of a specified number of recipients has been delivered. Recipients who have already received mail are deleted from the list, and that list is rewritten to the qf file. The forms of the CheckpointInterval (C) option are as follows:

OCnum                                    configuration file (old style)
-oCnum                                   command line (old style)
O CheckpointInterval=num                 configuration file (beginning with V8.7)
-OCheckpointInterval=num                 command line (beginning with V8.7)
define(`confCHECKPOINT_INTERVAL','num')  V8 m4 configuration

The num argument is of type numeric and specifies the number of recipients in each group. If num is entirely missing, is non-numeric, or is zero, this feature is disabled. If the entire CheckpointInterval (C) option is missing, the default is 10. There is a small performance penalty that increases as num approaches 1. A good starting value is 4, meaning that at most four people will get duplicate deliveries. Note that the F=M flag on local delivery will try as many recipients as possible before checkpointing, even if that number is greater than the value of this CheckpointInterval option. The CheckpointInterval (C) option is safe. Even if it is specified from the command line, sendmail retains its root privilege.

The ClassFactor (z) option specifies a multiplying weight (factor) for a message's precedence when determining a message's priority. This option interacts with the RecipientFactor (y) option (see Section 34.8.53), and both options are described under that latter option.

The forms of the ClassFactor (z) option are as follows:

Ozfactor                                  configuration file (old form)
-ozfactor                                 command line (old form)
O ClassFactor=factor                      configuration file (beginning with V8.7)
-OClassFactor=factor                      command line (beginning with V8.7)
define(`confWORK_CLASS_FACTOR',factor)    V8 m4 configuration

The argument factor is of type numeric. If that argument is missing, the default value is zero. If the entire option is missing, the default value is 1800. The default for the m4 technique is to omit this option.

The ClassFactor (z) option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

One possible form of an address is called "list syntax" and looks like this:

group: list;

Here, group is the name of a mailing list, and list is a list of zero or more addresses to which the message should be delivered (see Section 17.1.2.1, "A rule to handle List:;"). To understand this kind of address, sendmail needs to view the prefix and colon as a comment and the trailing semicolon as a comment. This is similar to treating everything outside an angle-bracketed address as a comment:

group:  list  ;
group: <list> ;

For such addresses to be recognizable, it is necessary to prohibit the use of other addresses that contain colons, unless those colons appear inside a part of the address that is surrounded by angle brackets. That is, to use list syntax, addresses like the following cannot be allowed:

host:george@wash.dc.gov

To handle this situation, V8.7 sendmail has introduced the ColonOkInAddr option. It is used like this:

O ColonOkInAddr=bool                   configuration file
-OColonOkInAddr=bool                   command line
define(`confCOLON_OK_IN_ADDR',bool)    m4 configuration

The argument bool is of type Boolean. If it is absent, this option is true (colons are okay, so list syntax is not recognized). If this option is entirely omitted or if bool is false, colons are not okay, so list syntax is recognized. Note that for version 5 or earlier configuration files (see Section 27.5, "The V Configuration Command" for a description of the V configuration command), this option is automatically set to true. Also note that for m4 configurations this option is absent (false) by default.

Note that DECnet style addresses (see Section 29.4.4, "Handling Specialty Addresses") legitimately contain double colons (e.g., host::user). DECnet addresses are correctly recognized no matter how this ColonOkInAddr option is set.

The ColonOkInAddr option is safe. If it is specified from the command line, sendmail will not relinquish its root privilege.

Usually, sendmail uses a single autonomous SMTP session to transmit one email message to another host. It connects to the other host, transmits the message, and closes the connection. Although this approach is sufficient for most mail, there are times when sending multiple messages during a single connection is preferable. This is called caching connections.

When sendmail caches a connection, it connects to the other host and transmits the mail message as usual. But instead of closing the connection, it keeps the connection open so that it can transmit additional mail messages without the additional overhead of opening and closing the connection each time. The ConnectionCacheSize (k) option of V8 sendmail specifies that open connections to other hosts should be maintained and the maximum number of those connections. The forms of the ConnectionCacheSize (k) option are as follows:

Oknum                                configuration file (V8.6)
-oknum                               command line (V8.6)
O ConnectionCacheSize=num            configuration file (beginning with V8.7)
-OConnectionCacheSize=num            command line (beginning with V8.7)
define(`confMCI_CACHE_SIZE',num)     V8 m4 configuration

There may be optional whitespace preceding the num. The num is an integer that specifies the maximum number of simultaneous connections to keep open. If num is zero, this caching feature is turned off. A value of 1 is good for workstations that forward all mail to a central mail server and is the default that is used if this option is entirely missing. When configuring with V8's m4 technique, the default is 2. A value of 4 is the maximum for most machines that forward mail directly over the Internet. Higher values require that you increase the number of open files allowed per process at the system level.

Caching is of greatest benefit in processing the queue. V8 sendmail automatically adapts to conditions to avoid caching connections for each invocation of sendmail. Maintenance of an open connection can delay return to the user's program, for example, and too many open connections to a common target host can create a high load on that host.

When caching is enabled with this ConnectionCacheSize (k) option, the ConnectionCacheTimeout (K) option should also be declared to set the connection timeout. The ConnectionCacheSize (k) option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

Maintaining a cached connection to another host (see Section 34.8.10) imposes a penalty on both the local host and the other host. Each connection means that the other host is running a forked sendmail process that is doing nothing but waiting for an SMTP QUIT message to close the connection or for more mail to arrive. The local host has open sockets that consume system resources.

To limit the impact on other hosts, V8 sendmail offers the ConnectionCacheTimeout (K) option. This option tells sendmail how long to wait for another mail message before closing the connection.

The forms of the ConnectionCacheTimeout (K) option are as follows:

OKwait                                  configuration file (V8.6)
-oKwait                                 command line (V8.6)
O ConnectionCacheTimeout=wait           configuration file (beginning with V8.7)
-OConnectionCacheTimeout=wait           command line (beginning with V8.7)
define(`confMCI_CACHE_TIMEOUT',wait)    V8 m4 configuration

There may be optional whitespace preceding the wait. The wait is of type time and specifies the period to wait before timing out a cached connection. If this option is entirely missing, the default (for both the configuration file and the m4 configuration technique) is 300 seconds (five minutes). When specifying the wait, be sure to include a trailing s character. If you don't, the number that you specify is interpreted by default as a number of minutes. The wait should never be longer than five minutes. A value of 0 essentially turns off caching.

This ConnectionCacheTimeout (K) option has an effect only if the ConnectionCacheSize (k) option (see Section 34.8.10) is also declared. The ConnectionCacheTimeout (K) option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

Whenever an outside site connects to sendmail's SMTP port, sendmail fork(2)s a copy of itself. That copy (the child) processes the incoming message. Beginning with V8.8, sendmail keeps track of how many child processes it has spawned to handle incoming connections. The MaxDaemonChildren (see Section 34.8.35) option can be used to reject connections when the number of children has exceeded a specified threshold.

A different approach is to slow down acceptance of, rather than to reject, new connections when the number of children becomes too high. This allows the QueueLA (x) option (see Section 34.8.50) and the RefuseLA (X) option (see Section 34.8.54) to operate properly even if many incoming connections arrive simultaneously. You slow incoming connections with the ConnectionRateThrottle option:

O ConnectionRateThrottle=num                       V8.8 and above
define(`confCONNECTION_RATE_THROTTLE', num)        V8 m4 technique

The num is of type numeric. If it is present and greater than zero, connections are slowed when more than that number of connections arrive within one second. If num is less than or equal to zero, or absent, no threshold is enforced. If the entire option is missing, the default becomes zero. The default for the m4 technique is to omit this option.

To illustrate how the slowdown operates, consider a situation in which num is set to 3, and 12 connections come in simultaneously. The first three connections are handled immediately. The next three are handled after one second. The three after that are handled after two seconds, and so on. The twelfth connection would be handled after a delay of three seconds.

Note that this option and the MaxDaemonChildren option (see Section 34.8.35) affect incoming connections differently.

The ConnectionRateThrottle option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

The DaemonPortOptions (O) option is used to customize the daemon's SMTP service. The form for this option is as follows:

OOpair,pair,pair                                 configuration file (old form)
-oOpair,pair,pair                                command line (old form)
O DaemonPortOptions=pair,pair,pair               configuration file (beginning with V8.7)

-ODaemonPortOptions=pair,pair,pair               command line (beginning with V8.7)
define(`confDAEMON_OPTIONS',`pair,pair,pair')    V8 m4 configuration

The DaemonPortOptions (O) is followed by a comma-separated list of pairs, in which each pair is of the form:

key=value

Only six keys are available, and prior to V8.7 they were case-sensitive. Prior to V8.7 an unknown key was silently ignored. Now an unknown key not only is ignored but also causes following error to be printed:

DaemonPortOptions unknown parameter "key"

The list of all currently defined keys is shown in Table 34.12.

Table 34.12: DaemonPortOptions Option Keywords

Key		Meaning
Addr	Section 34.8.13.1, "DaemonPortOptions=Addr"	The network to accept connection from
Family	Section 34.8.13.2, "DaemonPortOptions=Family"	The type network we are connected to
Listen	Section 34.8.13.3, "DaemonPortOptions=Listen"	The size of the listen(2) queue
Port	Section 34.8.13.4, "DaemonPortOptions=Port"	The port number on which sendmail should listen
ReceiveSize	Section 34.8.13.5, "DaemonPortOptions=ReceiveSize"	The size of the TCP/IP receive buffer
SendSize	Section 34.8.13.6, "DaemonPortOptions=SendSize"	The size of the TCP/IP send buffer

Only the first character in each key is recognized, so a succinct declaration such as the following can be used to change the port used by the daemon:

OOP=26,A=our-net    # Only listen for local mail                  old form
O DaemonPortOptions=P=26,A=our-net  # Only listen for local mail  beginning with V8.7

The O option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

34.8.13.1 DaemonPortOptions=Addr

The Addr key is used to specify the network to use. The value is the name [7] or IP address of one of your network interfaces:

[7] Names did not work prior to V8.8 sendmail.

O DaemonPortOptions=Addr=128.32.204.25     # listen to our internal network only

If the Addr pair is omitted, the default network becomes INADDR_ANY, which allows connections from any network.

34.8.13.2 DaemonPortOptions=Family

The Family key is used to specify the network family. The legal possible values are inet for AF_INET, iso for AF_ISO, ns for AF_NS, and x.25 for AF_CCITT.

O DaemonPortOptions=Family=iso

Note that only inet and iso are currently supported. The default is inet. Also note that inet requires NETINET to be defined, and iso requires NETISO to be defined when sendmail is being compiled (see Section 18.8.26, NET...).

34.8.13.3 DaemonPortOptions=Listen

When sendmail begins to run in daemon mode, it executes a listen(2) system call as part of monitoring its SMTP port for incoming mail. The second argument to listen(2) defines the maximum length to which the incoming queue of pending connections may grow. If a connection request arrives with the queue full, the client will receive an error that indicates ECONNREFUSED. This Listen key is used to change the size of the incoming queue from its default of 10. If Listen is less than or equal to zero, listen(2) will silently set its own default. But note that some kernels may have built-in defaults of their own, so setting Listen may have no effect at all.

34.8.13.4 DaemonPortOptions=Port

The Port key is used to specify the service port on which the daemon should listen. This is normally the port called smtp, as defined in the /etc/services file. The value may be either a services string (such as smtp) or a number (such as 25). This key is useful inside domains that are protected by a firewall. By specifying a non-standard port, the firewall can communicate in a more secure manner with the internal network while still accepting mail on the normal port from the outside world:

O DaemonPortOptions=Port=26

If this pair is missing, the port defaults to smtp.

34.8.13.5 DaemonPortOptions=ReceiveSize

The ReceiveSize key is used to specify the size of the TCP/IP receive buffer. The value is a size in bytes. This should not be set unless you are having performance problems. Slow links (such as 9.6K SL/IP lines) might profit from a setting of 256, for example:

O DaemonPortOptions=ReceiveSize=256

The default value is set by the system (see setsockopt(2)).

34.8.13.6 DaemonPortOptions=SendSize

The SendSize key is used to specify the size of the TCP/IP send buffer. The value is a size in bytes. This should not be set unless you are having performance problems. Slow links (such as 9.6K SL/IP lines) might profit from a setting of 256, for example:

O DaemonPortOptions=SendSize=256

The default value is set by the system (see setsockopt(2)).

When a mail message is converted from 8 to 7 bits (see the EightBitMode (8) option in Section 34.8.22), it is important that the result look like a MIME message. V8.7 sendmail first outputs the following header if one is not already present:

MIME-Version: 1.0

After that, V8.7 sendmail looks for a Content-Type: header (see Section 35.10.9, Content-Type:). If none is found, the following is inserted, where charset is the value declared for this option:

Content-Type: text/plain; charset=charset

The forms of the DefaultCharSet option are as follows:

O DefaultCharSet=charset                   configuration file
-ODefaultCharSet=charset                   command line
define(`confDEF_CHAR_SET',charset)         m4 configuration

If DefaultCharSet is undefined, charset defaults to the string "unknown-8bit." The default for the m4 technique is to omit this option.

Note that if the C= equate (Section 30.4.2, C=) is present for the sender's delivery agent, that character set supersedes the DefaultCharSet.

The DefaultCharSet option is safe. If specified from the command line, sendmail will not relinquish its root privilege.

The sendmail program can be run as an suid root process (that is, with the permissions of the root, no matter who runs it) or as an ordinary process, run by an ordinary (nonprivileged) user (that is, with root privilege only if it is run by root). When sendmail is run so that it has root privilege, it must give up that privilege under certain circumstances to remain secure. [8] When it can't set its identity to that of a real user, sendmail sets its gid to that specified by the g option and its uid to that specified by the u option. For version 8.7 and above, the DefaultUser option sets both the user and group identities. [9]

[8] V8 is more security conscious and presumes that it is still root even if it has given up that privilege.

[9] In essence, the g and u options have been deprecated in favor of a single DefaultUser option, which sets both.

When sendmail is running with root privilege and when the F=S delivery agent flag (see Section 30.8.40, F=S) is not specified, sendmail changes its owner and group identity to that of an ordinary user in the following circumstances:

1.

If the mail message is forwarded because of a user's ~/.forward file and if delivery is via a delivery agent that has the F=o flag set (see Section 30.8.33, F=o), then sendmail changes its owner and group identity to that of the user whose ~/.forward file was read.

2.

Otherwise, if the mail message is being delivered through an aliases(5) file's :include: mailing list expansion and if delivery is via a delivery agent that has the F=o flag set (see Section 30.8.33) or to a file, then sendmail changes its owner and group identity to that of the owner of the file that was specified by the :include: line.

3.

Otherwise, if the sender of the mail message is local and if delivery is via a delivery agent that does not have the F=o flag set (see Section 30.8.33) or to a file, then sendmail changes its owner and group identity to that of the sender. If the sender is root, sendmail changes its owner and group identity to that specified by the DefaultUser option.

4.

Otherwise, sendmail changes its owner and group identity to that specified by the DefaultUser option.

These user and group defaults are ignored if the delivery agent's F= equate includes the S flag (run as another specified user). These user and group defaults are also ignored for any delivery agent that specifies the U= equate (see Section 30.4.13, U=), which customizes user and group identities at the individual delivery agent level, but only if the F=o equate is not specified.

The forms of the DefaultUser (u) (g) option are as follows:

Ouuid                                user, configuration file (old form)
-ouuid                               user, command line (old form)
Oggid                                group, configuration file (old form)
-oggid                               group, command line (old form)
Ouuid:gid                            both, configuration file (beginning with V8.7)
-ouuid:gid                           both, command line (beginning with V8.7)
O DefaultUser=uid:gid                both, configuration file (beginning with V8.7)
-ODefaultUser=uid:gid                both, command line (beginning with V8.7)
define(`confDEF_USER_ID',uid)        user, V8 m4 configuration
define(`confDEF_GROUP_ID',gid)       group, V8 m4 configuration (obsolete as of V8.7)
define(`confDEF_USER_ID',uid:gid)    both, V8 m4 configuration

The arguments uid and gid are of type numeric. Beginning with V8 sendmail, user or group names can also be text (for example, nobody). Beginning with V8.7 sendmail, the user definition with DefaultUser or u can specify both user and group. For example,

O DefaultUser=daemon:nogroup

There may be arbitrary whitespace between the user (daemon), the colon, [10] and the group (nogroup). If the group is missing, the value that is assigned to it varies depending on the nature of the uid specification. If the uid is a name, the group becomes the default group of that user as defined in the passwd(5) file. If the uid is numeric, the value in the group is not changed. For example, consider this passwd(5) file entry, where the group 12 corresponds to the group name bumgroup:

[10] The character between the user and group notations can be a colon, a period, or a forward slash. The colon is recommended.

bogus:*:10:12::/:

Then all the following are equivalent:

O DefaultUser=bogus
O DefaultUser=bogus:12
O DefaultUser=bogus:bumgroup

Og12		taken together
Ou10

But the following combination causes the group to reset to 12:

Og77
Oubogus

Under pre-8.7 sendmail a missing argument causes the value 0 to be used for the respective user or group identities. If an entire u or g option is missing, the default value becomes 1 (usually daemon). Under V8.7 sendmail the default is -1. In NFS-mounted environments, safe values for these options are one less than those of the user nobody and the group nogroup.

For maximum security, you should create a special pseudo-user and assign that pseudo-user to this option. (See Section 22.8.3.1, "The DefaultUser option" for a more detailed description of this approach.)

The g, u, and DefaultUser options are not safe. If specified from the command line, they may cause sendmail to relinquish its root privilege.

There are four modes that sendmail can use for delivering mail. Three have always been a part of sendmail: background, interactive, and queue-only. One is new to V8.7 sendmail: deferred.

The mode is selected with the DeliveryMode (d) option:

Odmode                              configuration file (old form)
-odmode                             command line (old form)
O DeliveryMode=mode                 configuration file (beginning with V8.7)
-ODeliveryMode=mode                 command line (beginning with V8.7)
define(`confDELIVERY_MODE',mode)    V8 m4 configuration

The mode argument is of type character. It is case sensitive (must be lowercase) and is selected from one of the keywords shown in Table 34.13. Only the first letter of each is recognized, but we recommend full words for improved clarity.

Table 34.13: DeliveryMode Option Keywords

Keyword	Description
background	Section 34.8.16.1, "DeliveryMode=background"	Background (asynchronous) delivery
deferred	Section 34.8.16.2, "DeliveryMode=deferred"	Deferred (held as is) delivery (beginning with V8.7)
interactive	Section 34.8.16.3, "DeliveryMode=interactive"	Interactive (synchronous) delivery
queueonly	Section 34.8.16.4, "DeliveryMode=queueonly"	Queued (held but processed) delivery

If the mode argument is missing, this option defaults to the i or interactive mode. If the entire DeliveryMode (d) option is missing, V8 sendmail then defaults to background mode, but old sendmail behaves unpredictably; consequently, this option should be considered mandatory. The default for a V8 m4 configuration is also background.

If the mode character is other than one of the first lowercase letters shown in Table 34.13 sendmail will print and log the following error and will immediately exit with an exit value of EX_USAGE as defined in <sysexits.h>:

Unknown delivery mode char

Queue-only and deferred modes are only available if QUEUE was defined when sendmail was compiled (see Section 18.8.37, QUEUE). If QUEUE was not defined and one of these two modes is selected, sendmail will print and log the following:

need QUEUE to set -odqueue or -oddefer

The DeliveryMode (d) option is safe. Even if it is specified from the command line, sendmail retains its root privilege.

34.8.16.1 DeliveryMode=background

Background mode - intended primarily [11] for use in the configuration file - allows sendmail to run asynchronously. This means that once sendmail has gathered the entire message and verified that the recipient is deliverable, it will fork(3) a copy of itself and exit. The copy, running in the background (asynchronously), will then handle the delivery. From the user's point of view, this mode allows the mail interface program to act as though it sent the message nearly instantaneously.

[11] A sending program (MUA) might need to use background mode on the command line (db) if the message is urgent and if the default in sendmail's configuration file is to queue all messages (with q mode).

34.8.16.2 DeliveryMode=deferred

Deferred mode - for use in either the command line or the configuration file - is much like queue-only mode except that all database lookups, including DNS, are deferred until the actual queue run. Deferred mode (new with V8.7) is preferred for dial-on-demand sites (typically, modem-based SL/IP or PPP connections). As in queue-only mode, all mail is queued for later delivery, but with deferred mode, code inside sendmail that would ordinarily interact with DNS is suppressed. This prevents the modem from being dialed and connections from being established every time mail is queued.

34.8.16.3 DeliveryMode=interactive

Interactive mode - intended for use from the command line - causes sendmail to run synchronously. This mode is useful primarily for debugging mail problems. Instead of going into the background with fork(3), it runs in the foreground (synchronously). In this mode, error messages are printed back to the controlling terminal rather than being mailed to the user as bounced mail. The -v command-line switch (see Section 36.7.41) automatically sets the mode to interactive.

34.8.16.4 DeliveryMode=queueonly

Queue-only mode - for use in either the command line or the configuration file - causes sendmail to synchronously queue mail. Queue-only mode is useful at sites that have huge amounts of UUCP mail or Usenet news batch feeds or when delivering to low priority addresses such as mailing lists. Queuing has the beneficial effect of serializing delivery through queue runs, and it reduces the load on a machine that many parallel backgrounded sendmail processes can cause. Queue-only mode is typically supplied as a command-line option to sendmail by the uuxqt(8) program. When queue-only mode is selected, all mail is queued for delivery, and none is actually delivered. A separate run of sendmail with its -q command-line switch (see Section 23.6.1, "Periodically with -q") is needed to actually process the queue. Note that addresses can still be looked up with DNS as a part of the queueing process. Consequently, queue-only mode is probably not suitable for dial-on-demand sites.

Many Internet providers allow small sites (such as home machines) to dial up when there is a demand for network traffic to flow. Such connections are usually of short duration and use the PPP or SL/IP protocols. A problem can arise when this dial-up-on-demand is instigated by sendmail. [12] The process of negotiating a dial-up connection can take so long that sendmail will have its attempt to connect(2) fail. (See also the connect keyword for the Timeout option in Section 34.8.70.2). To remedy this situation, V8.7 sendmail offers the DialDelay option. It is declared like this:

[12] Or by any other network-oriented program, such as FTP or Mosaic.

O DialDelay=delay               configuration file
-ODialDelay=delay               command line
define(`confDIAL_DELAY',delay)  m4 configuration

The argument delay is of type time. If this option is entirely omitted or if delay is omitted, the default is then zero and no delay is enabled. The default for the m4 configuration technique is also zero. If the unit of time is omitted from the time declaration, the default is seconds.

If delay is nonzero and sendmail has its initial connect(2) fail, it will sleep(3) for delay seconds and then try to connect(2) again. Note that sendmail tries a second time only once, so the delay should be large enough to accommodate your anticipated worst-case delay. On the other hand, care should be taken to avoid excessively long delays that can make sendmail appear to hang. No check is made by sendmail for absurdly large values given to delay.

The DialDelay option is safe. If it is specified from the command line, sendmail will not relinquish its root privilege.

Ordinarily, the $[ and $] operators (see Section 28.6.6, "Canonicalize Hostname: $[ and $]") cause the enclosed hostname to be looked up with DNS and replaced with the canonical name for that host. The canonical name is the A DNS record. For example, consider these DNS records:

here.us.edu.    IN     A     123.45.67.89
ftp.us.edu.     IN     CNAME here.us.edu.

If the address ftp.us.edu is fed to the $[ and $] operators in the RHS of a rule:

R...      $[ $1 $]

then the rewritten result of passing ftp.us.edu as $1 will be the A record name here.us.edu. This behavior is correct under RFC822 and RFC1123, but the IETF is currently moving toward a change.

Sometimes it is important for the CNAME to appear in email headers as the canonical name. One example might be that of an FTP service moving from one machine to another during a transition phase. In that case, outgoing mail should appear to be from ftp.us.edu, because the records will change after the move, and we want to maintain the ability to reply to such mail.

here.us.edu.    IN     A     123.45.67.89      retired and gone
ftp.us.edu.     IN     CNAME there.us.edu.
there.us.edu.   IN     A     123.45.67.90

Another possibility might be that of a mobile host (a workstation that plugs into different networks and thus has different A records over time):

mobile.us.edu.    IN     CNAME monday.dc.gov.
monday.dc.gov.    IN     A     12.34.56.78
tuesday.foo.com.  IN     A     23.45.67.89

Whenever this workstation is plugged in, its CNAME record is changed to point to the A record of the day: monday.dc.gov on Monday and tuesday.foo.com on Tuesday. But no matter what its A record happens to be, outgoing mail should look as though it came from mobile.us.edu.

The DontExpandCnames option causes sendmail to accept CNAME records as canonical. It is intended for use on sending hosts with special CNAME needs and should not be enabled without good reason. It is declared like this:

O DontExpandCnames=bool			   configuration file (V8.7)
-ODontExpandCnames=bool			   command line (V8.7)
define(`confDONT_EXPAND_CNAMES',bool)	   V8 m4 configuration

The argument bool is of type Boolean. If bool is missing, the default is true (use the CNAME). If the entire DontExpandCnames option is missing, the default is false (convert CNAMEs to A records).

The DontExpandCnames option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

Just before executing any delivery agent (including the *include* delivery agent) and just before opening a ~/.forward file, sendmail sets its group and user identities as appropriate. To illustrate, consider the U= equate (see Section 30.4.13). If the fax delivery agent has the U= equate set like this:

U=fax:fax

its A= program will be executed by the user fax who is in the group fax. In addition, sendmail calls the initgroups(3) system call to expand the list of groups to which the user belongs. In the case of fax, it may also belong to the groups faxadm and faxusers. The total result is that fax can execute, read, and write any files that have the appropriate group permissions set for any of the groups fax, faxadm, and faxusers.

This versatility, however, has a price. As group files get huge or as nis, nisplus, or hesiod services become slow (probably because they are also large), the initgroups(3) call can start to adversely affect sendmail's performance.

When performance is a concern, the DontInitGroups option can be used to disable initgroups(3):

O DontInitGroups=bool     configuration file
-ODontInitGroups=bool     command line
define(`confDONT_INIT_GROUPS',bool)    V8 m4 configuration

The argument bool is of type Boolean. If it is missing, the default value is true  - don't call initgroups(3). If the entire option is missing, the default value is false  - do call initgroups(3). See Section 18.8.31, NO-GROUP-SET for a discussion of how NO_GROUP_SET determines whether or not this option also affects the getgrgid(3) system call.

The DontInitGroups option is not safe as of V8.8.4. Even if it is specified from the command line, may cause sendmail to relinquish its root privilege.

One form of address is called a route address, because it specifies a route (sequence of hosts) through which the message should be delivered. For example:

@hostA,@hostB:user@hostC

This address specifies that the message should first go to hostA, then from hostA to hostB, and finally from hostB to hostC for delivery to user. [13]

[13] Also see how route addresses are handled in rules in Section 29.4.3, "Handling Routing Addresses" and the F=d delivery agent flag in Section 30.8.16, F=d).

RFC1123, in Section 5.3.3, specifies that delivery agents should always try to eliminate source routing when they are able. V8 sendmail takes an address like the above and checks to see whether it can connect to hostC directly. If it can, it rewrites the address like this:

user@hostC

This is called "pruning route addresses." There may be times when such pruning is inappropriate. Internal networks, for example, may be set up to encourage manual specification of a route through a high-speed network. If left to its own, sendmail always tosses the route and tries to connect directly.

The DontPruneRoutes (R) option causes sendmail to never prune route addresses. The forms of this option are as follows:

ORbool                                           configuration file (old form)
-oRbool                                          command line (old form)
O DontPruneRoutes=bool                           configuration file (beginning with V8.7)
-ODontPruneRoutes=bool                           command line (beginning with V8.7)
define(`confDONT_PRUNE_ROUTES',`bool')           V8 m4 configuration

The argument bool is of type Boolean. If it is missing, the default value is true (nothing special is done with route addresses). If the entire R option is missing, the default becomes false (route addresses are pruned). With the V8 m4 configuration technique the default is false.

The DontPruneRoutes (R) option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

Ordinarily, when sendmail sends error notification mail, it expects that error notification to be successfully delivered. Upon occasion, error mail itself will bounce or fail too. This is called a "double-bounce" situation. Prior to V8.8, sendmail would notify postmaster if error notification failed. But this might not be the best solution in all cases. Consider, for example, a site that has a sitewide postmaster and several departmental postmasters. In such situations, double-bounce mail should probably go to the sitewide postmaster.

Beginning with V8.8 sendmail, the DoubleBounceAddress option can be used to define who gets double-bounce mail:

O DoubleBounceAddress=addr                       configuration file (beginning with V8.8)
-ODoubleBounceAddress=addr                       command line (beginning with V8.8)
define(`confDOUBLE_BOUNCE_ADDRESS',`addr')       V8 m4 configuration

Here, addr is of type string and is a comma-separated list of one or more email addresses. If addr is missing, the following error is printed and the option is ignored:

readcf: option DoubleBounceAddress: value required

If the entire option is missing, the default becomes postmaster. If sendmail is unable to send double-bounce mail to addr, it logs the following error:

cannot parse addr

The DoubleBounceAddress option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

The data portion of an email message is transmitted during the DATA phase of an SMTP transaction. Prior to V8.6 the data were presumed to be 7-bit. That is, the high (8th) bit of every byte of the message could be cleared (reset or made zero) with no change in the meaning of that data. With the advent of ESMTP and MIME, it became possible for sendmail to receive data for which the preservation of the 8th bit is important.

There are two kinds of 8-bit data. Data that arrive with the high bit set and for which no notification was given are called "unlabeled" 8-bit data. Data for which notification was given (using 8BITMIME in the ESMTP session or with the -B8BITMIME command-line switch, see Section 36.7.1, -B, or with a MIME-Version: header in the message, see Section 35.10.21, MIME-Version:) are called "labeled."

The EightBitMode (8) option tells sendmail how to treat incoming unlabeled 8-bit data. The forms of this option are as follows:

O8key                                   configuration file (V8,6)
-o8key                                  command line (V8,6)
O EightBitMode=key                      configuration file (beginning with V8.7)
-OEightBitMode=key                      command line (beginning with V8.7)
define(`confEIGHT_BIT_HANDLING',key)    m4 configuration

The key is mandatory and must be selected from one of those shown in Table 34.14. If the key is missing or if key is not one of those listed, sendmail will print the following error and ignore the option:

Unknown 8-bit mode char

Only the first character of the key is recognized, but we still recommend that the full word be used for clarity.

Table 34.14: EightBitMode Option Characters

Key		Meaning
mimify	Section 34.8.22.1, "EightBitMode=mimefy"	Do any necessary conversion of 8BITMIME to 7-bit
pass	Section 34.8.22.2, "EightBitMode=pass"	Pass unlabeled 8-bit input through as is
strict	Section 34.8.22.3, "EightBitMode=strict"	Reject unlabeled 8-bit input

If the entire EightBitMode (8) option is missing, the default becomes p (pass 8-bit and convert MIME). If you configure with V8's m4 technique, the default is also p.

Depending on the key selected and the nature of incoming mail, any of several error messages may be generated:

Eight bit data not allowed
Cannot send 8-bit data to 7-bit destination
host does not support 8BITMIME

Conversion from 8 to 7 bit is complex. First, sendmail looks for a MIME Content-Type: header. If the header is found, sendmail looks for and, if found, uses a MIME boundary definition to delimit conversion. [14] If more than 1/4 of a section has the high bit set after reading at least 4 kilobytes of data, sendmail presumes base64 encoding [15] and inserts the following MIME header into the data stream:

[14] A boundary is used only for multipart messages.

[15] Also see the $=q class (Section 32.5.5, $=q) for a way to require quoted-printable encoding.

Content-Transfer-Encoding: base64

Base64 encoding converts 8-bit data into a stream of 6-bit bytes that contain universally readable text. Base64 is described in RFC1521.

If less than 1/4 of the data that were scanned have the high bit set or if the type in the Content-Type: header is listed in $=q (Section 32.5.5), the data are converted from 8 to 7 bit by using Quoted-Printable encoding, and the following MIME header is inserted into the stream:

Content-Transfer-Encoding: quoted-printable

Under Quoted-Printable encoding, ASCII control characters (in the range 0x00 through 0x20), the tab character, the "=" character, and all characters with the high bit set are converted. First an "=" character is output, then the character is converted to an ASCII representation of its hexadecimal value, and that value is output. For example,

0xb9       becomes   =B9

Under this scheme, the = character is considered binary and is encoded as =3D. If the F=3 flag (see Section 30.8.2, F=3) is set for a selected delivery agent, the characters

! " # $ @ \ [ ] ^ ` { | } ~

are also converted. If F=3 is not set, those characters are output as is.

Lines longer than 72 characters (bytes) are broken with the insertion of an "=" character and the E= end-of-line characters defined for the current delivery agent. Any lines that end in a whitespace character have that character converted to quoted-printable even if the line is under 72 characters. Quoted-printable is described in RFC1521. Where m (mimefy) may not be appropriate for a given delivery agent, the F=8 flag (see Section 30.8.5, F=8) can be specified to force p (pass8bit) behavior.

The EightBitMode (8) option is safe. Even if it is specified from the command line, sendmail retains its root privilege.

34.8.22.1 EightBitMode=mimefy

Convert unlabeled 8-bit input to 8BITMIME, and do any necessary conversion of 8BITMIME to 7-bit. When running as a daemon receiving mail via SMTP, advertise the 8BITMIME ESMTP keyword as valid. This key specifies that your site will be a full-time MIME installation. Note that compiling with MIME8TO1=1 (see Section 18.8.22, MIME8TO7) causes ESMTP to always advertise 8BITMIME.

34.8.22.2 EightBitMode=pass

Pass unlabeled 8-bit input through as is. Convert labeled 8BITMIME input to 7-bit as required by any delivery agent with the F=7 flag set (see Section 30.8.4, F=7) or any SMTP server that does not advertise 8BITMIME.

34.8.22.3 EightBitMode=strict

Reject unlabeled 8-bit input. Convert 8BITMIME to 7-bit as required by any delivery agent with the F=7 flag set (see Section 30.8.4) or any SMTP server that does not advertise 8BITMIME.

When a notification of a mail error is sent to the sender, the details of the error are taken from the text saved in the xf file (see Section 23.2.7, "The Transcript File: xf"). The ErrorHeader (E) option, available only with V8 sendmail, allows you to prepend custom text ahead of that error text.

Custom error text is useful for sites that wish to offer help as part of the error message. For example, one common kind of error message is notification of an unknown user:

--- Transcript of session follows ---
550 smith@wash.dc.gov... User unknown
   --- Unsent message follows ---

Here, the user smith is one that is unknown. A useful error help message for your site to produce might be

Common problems:
        User unknown: the user or login name is wrong.
        Host unknown: you mistyped the host part of the address.
   --- Transcript of session follows ---
550 smith@wash.dc.gov... User unknown
   --- Unsent message follows ---

The forms for the ErrorHeader (E) option are as follows:

OEtext                                configuration file (V8.6)
-oEtext                               command line (V8.6)
O ErrorHeader=text                    configuration file (beginning with V8.7)
-OErrorHeader=text                    command line (beginning with V8.7)
define(`confERROR_MESSAGE',`text')    V8 m4 configuration

The argument text is mandatory. If it is missing, this option is ignored. The text is either the actual error text that is printed or the name of a file containing that text. If text begins with the / character, it is taken as the absolute pathname of the file (a relative name is not possible). If the specified file cannot be opened for reading, this option is silently ignored.

Macros may be used in the error text, and they are expanded as they are printed. For example, the text might contain

For help with $u, try "finger $u"

which might produce this error message:

For help with smith@wash.dc.gov, try "finger smith@wash.dc.gov"
   --- Transcript of session follows ---
550 smith@wash.dc.gov... User unknown
   --- Unsent message follows ---

The ErrorHeader (E) option is not safe. If specified from the command line, it may cause sendmail to relinquish its root privilege.

The sendmail program is flexible in its handling of delivery errors. By selecting from five possible modes with the ErrorMode (e) option, you can tailor notification of delivery errors to suit many needs.

This option is intended primarily for use from the command line. If included in the configuration file, it should be given only the p argument, for print mode (the default).

The forms of the