O -- Set Option

There are a number of global options that can be set from a configuration file. Options are represented by full words; some are also representable as single characters for back compatibility. The syntax of this line is:

O option = value
This sets option option to be value. Note that there must be a space between the letter `O' and the name of the option. An older version is:
O ovalue
where the option o is a single character. Depending on the option, value may be a string, an integer, a boolean (with legal values t, T, f, or F; the default is TRUE), or a time interval.

The options supported (with the old, one character names in brackets) are:

AliasFile=spec, spec, ...
[A] Specify possible alias file(s). Each spec should be in the format `` class : file'' where class : is optional and defaults to ``implicit''. Depending on how sendmail is compiled, valid classes are implicit (search through a compiled-in list of alias file types, for back compatibility), hash (if is specified), dbm (if is specified), stab (internal symbol table -- not normally used unless you have no other database lookup), or nis (if is specified). If a list of specs are provided, sendmail searches them in order.
[a] If set, wait up to timeout (units default to minutes) for an @:@ entry to exist in the alias database before starting up. If it does not appear in the timeout interval rebuild the database (if the AutoRebuildAliases option is also set) or issue a warning.
[D] If set, rebuild the alias database if necessary and possible. If this option is not set, sendmail will never rebuild the alias database unless explicitly requested using -bi. Not recommended -- can cause thrashing.
[B] Set the blank substitution character to c. Unquoted spaces in addresses are replaced by this character. Defaults to space (i.e., no change is made).
[n] Validate the RHS of aliases when rebuilding the alias database.
[C] Checkpoints the queue every N (default 10) addresses sent. If your system crashes during delivery to a large list, this prevents retransmission to any but the last N recipients.
[z] The indicated factor is multiplied by the message class (determined by the Precedence: field in the user header and the P lines in the configuration file) and subtracted from the priority. Thus, messages with a higher Priority: will be favored. Defaults to 1800.
[no short name] If set, colons are acceptable in e-mail addresses (e.g., host:user). If not set, colons indicate the beginning of a RFC 822 group construct ( groupname: member1, member2, ... memberN;). Doubled colons are always acceptable ( nodename::user) and proper route-addr nesting is understood ( <@relay:user@host>). Furthermore, this option defaults on if the configuration version level is less than 6 (for back compatibility). However, it must be off for full compatibility with RFC 822.
[k] The maximum number of open connections that will be cached at a time. The default is one. This delays closing the current connection until either this invocation of sendmail needs to connect to another host or it terminates. Setting it to zero defaults to the old behavior, that is, connections are closed immediately. Since this consumes file descriptors, the connection cache should be kept small: 4 is probably a practical maximum.
[K] The maximum amount of time a cached connection will be permitted to idle without activity. If this time is exceeded, the connection is immediately closed. This value should be small (on the order of ten minutes). Before sendmail uses a cached connection, it always sends a RSET command to check the connection; if this fails, it reopens the connection. This keeps your end from failing if the other end times out. The point of this option is to be a good network neighbor and avoid using up excessive resources on the other end. The default is five minutes.
[O] Set server SMTP options. The options are key=value pairs. Known keys are:

Port Name/number of listening port (defaults to "smtp")
Addr Address mask (defaults INADDR_ANY)
Family Address family (defaults to INET)
Listen Size of listen queue (defaults to 10)
SndBufSize Size of TCP send buffer
RcvBufSize Size of TCP receive buffer
The Address mask may be a numeric address in dot notation or a network name.
[no short name] When a message that has 8-bit characters but is not in MIME format is converted to MIME (see the EightBitMode option) a character set must be included in the Content-Type: header. This character set is normally set from the Charset= field of the mailer descriptor. If that is not set, the value of this option is used. If this option is not set, the value unknown-8bit is used.
[u] Set the default userid for mailers to user:group. If group is omitted and user is a user name (as opposed to a numeric user id) the default group listed in the /etc/passwd file for that user is used as the default group. Both user and group may be numeric. Mailers without the S flag in the mailer definition will run as this user. Defaults to 1:1. The value can also be given as a symbolic user name.[18]
[d] Deliver in mode x. Legal modes are:

i Deliver interactively (synchronously)
b Deliver in background (asynchronously)
q Just queue the message (deliver during queue run)
d Defer delivery and all map lookups (deliver during queue run)
Defaults to ``b'' if no option is specified, ``i'' if it is specified but given no argument (i.e., ``Od'' is equivalent to ``Odi''). The -v command line flag sets this to i.
[no short name] Dial-on-demand network connections can see timeouts if a connection is opened before the call is set up. If this is set to an interval and a connection times out on the first connection being attempted sendmail will sleep for this amount of time and try again. This should give your system time to establish the connection to your service provider. Units default to seconds, so DialDelay=5 uses a five second delay. Defaults to zero (no retry).
[no short name] The standards say that all host addresses used in a mail message must be fully canonical. For example, if your host is named Cruft.Foo.ORG and also has an alias of FTP.Foo.ORG, the former name must be used at all times. This is enforced during host name canonification ($[ ... $] lookups). If this option is set, the protocols are ignored and the wrong thing is done. However, the IETF is moving toward changing this standard, so the behaviour may become acceptable. Please note that hosts downstream may still rewrite the address to be the true canonical name however.
[no short name] If set, sendmail will avoid using the initgroups(3) call. If you are running NIS, this causes a sequential scan of the groups.byname map, which can cause your NIS server to be badly overloaded in a large domain. The cost of this is that the only group found for users will be their primary group (the one in the password file), which will make file access permissions somewhat more restrictive. Has no effect on systems that don't have group lists.
[R] Normally, sendmail tries to eliminate any unnecessary explicit routes when sending an error message (as discussed in RFC 1123 5.2.6). For example, when sending an error message to
sendmail will strip off the @known1,@known2 in order to make the route as direct as possible. However, if the R option is set, this will be disabled, and the mail will be sent to the first address in the route, even if later addresses are known. This may be useful if you are caught behind a firewall.
[8] Set handling of eight-bit data. There are two kinds of eight-bit data: that declared as such using the BODY=8BITMIME ESMTP declaration or the -B8BITMIME command line flag, and undeclared 8-bit data, that is, input that just happens to be eight bits. There are three basic operations that can happen: undeclared 8-bit data can be automatically converted to 8BITMIME, undeclared 8-bit data can be passed as-is without conversion to MIME (``just send 8''), and declared 8-bit data can be converted to 7-bits for transmission to a non-8BITMIME mailer. The possible actions are:

[E] Prepend error messages with the indicated message. If it begins with a slash, it is assumed to be the pathname of a file containing a message (this is the recommended setting). Otherwise, it is a literal message. The error file might contain the name, email address, and/or phone number of a local postmaster who could provide assistance in to end users. If the option is missing or null, or if it names a file which does not exist or which is not readable, no message is printed.
[e] Dispose of errors using mode x. The values for x are:
p Print error messages (default)
q No messages, just give exit status
m Mail back errors
w Write back errors (mail if user not logged in)
e Mail back errors and give zero exit stat always
[V] If specified, the fallbackhost acts like a very low priority MX on every host. This is intended to be used by sites with poor network connectivity.
[Y] If set, deliver each job that is run from the queue in a separate process. Use this option if you are short of memory, since the default tends to consume considerable amounts of memory while the queue is being processed.
[J] Set the path for searching for users' .forward files. The default is $z/.forward. Some sites that use the automounter may prefer to change this to /var/forward/$u to search a file with the same name as the user in a system directory. It can also be set to a sequence of paths separated by colons; sendmail stops at the first file it can successfully and safely open. For example, /var/forward/$u:$z/.forward will search first in /var/forward/ username and then in ~username/.forward (but only if the first file does not exist).
[H] Specify the help file for SMTP.
[c] If an outgoing mailer is marked as being expensive, don't connect immediately. This requires that queueing be compiled in, since it will depend on a queue run process to actually send the mail.
[i] Ignore dots in incoming messages. This is always disabled (that is, dots are always accepted) when reading SMTP mail.
[L] Set the default log level to n. Defaults to 9.
[no long version] Set the macro x to value. This is intended only for use from the command line. The -M flag is preferred.
[G] Allow fuzzy matching on the GECOS field. If this flag is set, and the usual user name lookups fail (that is, there is no alias with this name and a getpwnam fails), sequentially search the password file for a matching entry in the GECOS field. This also requires that MATCHGECOS be turned on during compilation. This option is not recommended.
[h] The maximum hop count. Messages that have been processed more than N times are assumed to be in a loop and are rejected. Defaults to 25.
[no short name] Not yet implemented. This option specifies how long host status information will be retained. For example, if a host is found to be down, connections to that host will not be retried for this interval. The units default to minutes.
[no short name] The maximum number of jobs that will be processed in a single queue run. If not set, there is no limit on the size. If you have very large queues or a very short queue run interval this could be unstable. However, since the first N jobs in queue directory order are run (rather than the N highest priority jobs) this should be set as high as possible to avoid losing jobs that happen to fall late in the queue directory.
[m] Send to me too, even if I am in an alias expansion.
[no short name] Specify the maximum message size to be advertised in the ESMTP EHLO response. Messages larger than this will be rejected.
[b] Insist on at least N blocks free on the filesystem that holds the queue files before accepting email via SMTP. If there is insufficient space sendmail gives a 452 response to the MAIL command. This invites the sender to try again later.
[no short name] Don't process any queued jobs that have been in the queue less than the indicated time interval. This is intended to allow you to get responsiveness by processing the queue fairly frequently without thrashing your system by trying jobs too often. The default units are minutes.
[no short name] The action to take when you receive a message that has no valid recipient headers (To:, Cc:, Bcc:). It can be None to pass the message on unmodified, which violates the protocol, Add-To to add a To: header with any recipients it can find in the envelope (which might expose Bcc: recipients), Add-Apparently-To to add an Apparently-To: header (this is only for back-compatibility and is officially deprecated), Add-To-Undisclosed to add a header To: undisclosed-recipients:; to make the header legal without disclosing anything, or Add-Bcc to add an empty Bcc: header.
[o] Assume that the headers may be in old format, i.e., spaces delimit names. This actually turns on an adaptive algorithm: if any recipient address contains a comma, parenthesis, or angle bracket, it will be assumed that commas already exist. If this flag is not on, only commas delimit names. Headers are always output with commas between the names. Defaults to off.
[$o macro] The list of characters that are considered to be operators, that is, characters that delimit tokens. All operator characters are tokens by themselves; sequences of non-operator characters are also tokens. White space characters separate tokens but are not tokens themselves -- for example, AAA.BBB has three tokens, but AAA BBB has two. If not set, OperatorChars defaults to .:@[]; additionally, the characters ()<>,; are always operators.
[P] If set, copies of error messages will be sent to the named postmaster. Only the header of the failed message is sent. Since most errors are user problems, this is probably not a good idea on large sites, and arguably contains all sorts of privacy violations, but it seems to be popular with certain operating systems vendors. Defaults to no postmaster copies.
[p] Set the privacy options. ``Privacy'' is really a misnomer; many of these are just a way of insisting on stricter adherence to the SMTP protocol. The options can be selected from:

public Allow open access
needmailhelo Insist on HELO or EHLO command before MAIL
needexpnhelo Insist on HELO or EHLO command before EXPN
noexpn Disallow EXPN entirely
needvrfyhelo Insist on HELO or EHLO command before VRFY
novrfy Disallow VRFY entirely
restrictmailq Restrict mailq command
restrictqrun Restrict -q command line flag
noreceipts Don't return success DSNs
goaway Disallow essentially all SMTP status queries
authwarnings Put X-Authentication-Warning: headers in messages
The goaway pseudo-flag sets all flags except restrictmailq and restrictqrun. If mailq is restricted, only people in the same group as the queue directory can print the queue. If queue runs are restricted, only root and the owner of the queue directory can run the queue. Authentication Warnings add warnings about various conditions that may indicate attempts to spoof the mail system, such as using an non-standard queue directory.
[Q] Use the named dir as the queue directory.
[q] Use factor as the multiplier in the map function to decide when to just queue up jobs rather than run them. This value is divided by the difference between the current load average and the load average limit ( QueueLA option) to determine the maximum message priority that will be sent. Defaults to 600000.
[x] When the system load average exceeds LA, just queue messages (i.e., don't try to send them). Defaults to 8.
[no short name] Sets the algorithm used for sorting the queue. Only the first character of the value is used. Legal values are host (to order by the name of the first host name of the first recipient) and priority (to order strictly by message priority). Host ordering makes better use of the connection cache, but may tend to process low priority messages that go to a single host over high priority messages that go to several hosts; it probably shouldn't be used on slow network links. Priority ordering is the default.
[I] Set resolver options. Values can be set using + flag and cleared using - flag; the flags can be debug, aaonly, usevc, primary, igntc, recurse, defnames, stayopen, or dnsrch. The string HasWildcardMX (without a + or -) can be specified to turn off matching against MX records when doing name canonifications. N.B. Prior to 8.7, this option indicated that the name server be responding in order to accept addresses. This has been replaced by checking to see if the dns method is listed in the service switch entry for the hosts service.
[$e macro] The message printed when the SMTP server starts up. Defaults to $j Sendmail $v ready at $b.
[r; subsumes old T option as well] Set timeout values. The actual timeout is indicated by the type. The recognized timeouts and their default values, and their minimum values specified in RFC 1123 section 5.3.2 are:

initial wait for initial greeting message [5m, 5m]
helo reply to HELO or EHLO command [5m, none]
mail reply to MAIL command [10m, 5m]
rcpt reply to RCPT command [1h, 5m]
datainit reply to DATA command [5m, 2m]
datablock data block read [1h, 3m]
datafinal reply to final ``.'' in data [1h, 10m]
rset reply to RSET command [5m, none]
quit reply to QUIT command [2m, none]
misc reply to NOOP and VERB commands [2m, none]
ident IDENT protocol timeout [30s, none]
fileopen* timeout on opening .forward and :include: files [60s, none]
command* command read [1h, 5m]
queuereturn* how long until a message is returned [5d, 5d]
queuewarn* how long until a warning is sent [none, none]
All but those marked with a dagger (*) apply to client SMTP. If the message is submitted using the extension, warning messages will only be sent if is specified. The queuereturn and queuewarn timeouts can be further qualified with a tag based on the Precedence: field in the message; they must be one of urgent (indicating a positive non-zero precedence) normal (indicating a zero precedence), or non-urgent (indicating negative precedences). For example, setting Timeout.queuewarn.urgent=1h sets the warning timeout for urgent messages only to one hour. The default if no precedence is indicated is to set the timeout for all precedences.
[y] The indicated factor is added to the priority (thus lowering the priority of the job) for each recipient, i.e., this value penalizes jobs with large numbers of recipients. Defaults to 30000.
[X] When the system load average exceeds LA, refuse incoming SMTP connections. Defaults to 12.
[Z] The factor is added to the priority every time a job is processed. Thus, each time a job is processed, its priority will be decreased by the indicated value. In most environments this should be positive, since hosts that are down are all too often down for a long time. Defaults to 90000.
[f] Save Unix-style From lines at the front of headers. Normally they are assumed redundant and discarded.
[j] If set, send error messages in MIME format (see RFC1521 and RFC1344 for details).
[no short name] If your host operating system has a service switch abstraction (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf on Ultrix and DEC OSF/1) that service will be consulted and this option is ignored. Otherwise, this is the name of a file that provides the list of methods used to implement particular services. The syntax is a series of lines, each of which is a sequence of words. The first word is the service name, and following words are service types. The services that sendmail consults directly are aliases and hosts. Service types can be dns, nis, nisplus, or files (with the caveat that the appropriate support must be compiled in before the service can be referenced). If ServiceSwitchFile is not specified, it defaults to /etc/service.switch. If that file does not exist, the default switch is:
aliases files
hosts dns nis files
The default file is /etc/service.switch.
[7] Strip input to seven bits for compatibility with old systems. This shouldn't be necessary.
[S] Log summary statistics in the named file. If not set, no summary statistics are saved. This file does not grow in size. It can be printed using the mailstats(8) program.
[s] Be super-safe when running things, i.e., always instantiate the queue file, even if you are going to attempt immediate delivery. Sendmail always instantiates the queue file before returning control the client under any circumstances. This should really always be set.
[F] The file mode for queue files. It is interpreted in octal by default. Defaults to 0600.
[t] Set the local time zone info to tzinfo -- for example, PST8PDT. Actually, if this is not set, the TZ environment variable is cleared (so the system default is used); if set but null, the user's TZ variable is used, and if set and non-null the TZ variable is set to this value.
[w] If this system is the best (that is, lowest preference) MX for a given host, its configuration rules should normally detect this situation and treat that condition specially by forwarding the mail to a UUCP feed, treating it as local, or whatever. However, in some cases (such as Internet firewalls) you may want to try to connect directly to that host as though it had no MX records at all. Setting this option causes sendmail to try this. The downside is that errors in your configuration are likely to be diagnosed as host unknown or message timed out instead of something more meaningful. This option is disrecommended.
[$l macro] Defines the format used when sendmail must add a UNIX-style From_ line (that is, a line beginning From<space>user). Defaults to From $g $d. Don't change this unless your system uses a different UNIX mailbox format (very unlikely).
[l] If there is an Errors-To: header, send error messages to the addresses listed there. They normally go to the envelope sender. Use of this option causes sendmail to violate RFC 1123. This option is disrecommended and deprecated.
[U] The user database specification.
[v] Run in verbose mode. If this is set, sendmail adjusts options HoldExpensive (old c) and DeliveryMode (old d) so that all mail is delivered completely in a single job so that you can see the entire delivery process. Option Verbose should never be set in the configuration file; it is intended for command line use only.

All options can be specified on the command line using the -O or -o flag, but most will cause sendmail to relinquish its setuid permissions. The options that will not cause this are MinFreeBlocks [b], DeliveryMode [d], ErrorMode [e], IgnoreDots [i], LogLevel [L], MeToo [m], OldStyleHeaders [o], PrivacyOptions [p], Timeouts [r], SuperSafe [s], Verbose [v], CheckpointInterval [C], and SevenBitInput [7]. Also, M (define macro) when defining the r or s macros is also considered safe.

[Contents] [Previous] [Next]

Questions or problems regarding this web site should be directed to Steve Gielda.
Copyright 1999 www.cotse.com.  All rights reserved.
Last modified: Friday April 02, 1999.