op.me

早期freebsd实现

while another process is rebuilding it,
or the process rebuilding the database dies
(due to being killed or a system crash)
before completing the rebuild.
.pp
Sendmail has two techniques to try to relieve these problems.
First, it ignores interrupts while rebuilding the database;
this avoids the problem of someone aborting the process
leaving a partially rebuilt database.
Second,
at the end of the rebuild
it adds an alias of the form
.(b
@: @
.)b
(which is not normally legal).
Before
.i sendmail
will access the database,
it checks to insure that this entry exists\**.
.(f
\**The
.q a
option is required in the configuration
for this action to occur.
This should normally be specified.
.)f
.sh 3 "List owners"
.pp
If an error occurs on sending to a certain address,
say
.q \fIx\fP ,
.i sendmail
will look for an alias
of the form
.q owner-\fIx\fP
to receive the errors.
This is typically useful
for a mailing list
where the submitter of the list
has no control over the maintenance of the list itself;
in this case the list maintainer would be the owner of the list.
For example:
.(b
unix-wizards: eric@ucbarpa, wnj@monet, nosuchuser,
	sam@matisse
owner-unix-wizards: eric@ucbarpa
.)b
would cause
.q eric@ucbarpa
to get the error that will occur
when someone sends to
unix-wizards
due to the inclusion of
.q nosuchuser
on the list.
.pp
List owners also cause the envelope sender address to be modified.
The contents of the owner alias are used if they point to a single user,
otherwise the name of the alias itself is used.
For this reason, and to obey Internet conventions,
a typical scheme would be:
.(b
list:	some, set, of, addresses
list-request:	list-admin-1, list-admin-2, ...
owner-list:	list-request
.)b
.sh 2 "User Information Database"
.pp
If you have a version of
.i sendmail
with the user information database
compiled in,
and you have specified one or more databases using the
.b U
option,
the databases will be searched for a
.i user :maildrop
entry.
If found, the mail will be sent to the specified address.
.pp
If the first token passed to user part of the
.q local
mailer is an at sign,
the at sign will be stripped off
and this step will be skipped.
.sh 2 "Per-User Forwarding (.forward Files)"
.pp
As an alternative to the alias database,
any user may put a file with the name
.q .forward
in his or her home directory.
If this file exists,
.i sendmail
redirects mail for that user
to the list of addresses listed in the .forward file.
For example, if the home directory for user
.q mckusick
has a .forward file with contents:
.(b
mckusick@ernie
kirk@calder
.)b
then any mail arriving for
.q mckusick
will be redirected to the specified accounts.
.pp
Actually, the configuration file defines a sequence of filenames to check.
By default, this is the user's .forward file,
but can be defined to be more generally using the
.b J
option.
If you change this,
you will have to inform your user base of the change;
\&.forward is pretty well incorporated into the collective subconscious.
.sh 2 "Special Header Lines"
.pp
Several header lines have special interpretations
defined by the configuration file.
Others have interpretations built into
.i sendmail
that cannot be changed without changing the code.
These builtins are described here.
.sh 3 "Return-Receipt-To:"
.pp
If this header is sent,
a message will be sent to any specified addresses
when the final delivery is complete,
that is,
when successfully delivered to a mailer with the
.b l
flag (local delivery) set in the mailer descriptor\**.
.(f
\**Some sites disable this header,
and other (non-\c
.i sendmail )
systems do not implement it.
Do not assume that a failure to get a return receipt
means that the mail did not arrive.
Also, do not assume that getting a return receipt
means that the mail has been read;
it just means that the message has been delivered
to the recipient's mailbox.
.)f
This header can be disabled with the
.q noreceipts
privacy flag.
.sh 3 "Errors-To:"
.pp
If errors occur anywhere during processing,
this header will cause error messages to go to
the listed addresses.
This is intended for mailing lists.
.pp
The Errors-To: header was created in the bad old days
when UUCP didn't understand the distinction between an envelope and a header;
this was a hack to provide what should now be passed
as the envelope sender address.
It should go away.
It is only used if the
.b l
option is set.
.sh 3 "Apparently-To:"
.pp
If a message comes in with no recipients listed in the message
(in a To:, Cc:, or Bcc: line)
then
.i sendmail
will add an
.q "Apparently-To:"
header line for any recipients it is aware of.
This is not put in as a standard recipient line
to warn any recipients that the list is not complete.
.pp
At least one recipient line is required under RFC 822.
.sh 2 "IDENT Protocol Support"
.pp
.i Sendmail
supports the IDENT protocol as defined in RFC 1413.
Although this enhances identification
of the author of an email message
by doing a ``call back'' to the originating system to include
the owner of a particular TCP connection
in the audit trail
it is in no sense perfect;
a determined forger can easily spoof the IDENT protocol.
The following description is excerpted from RFC 1413:
.ba +5
.lp
6.  Security Considerations
.lp
The information returned by this protocol is at most as trustworthy
as the host providing it OR the organization operating the host.  For
example, a PC in an open lab has few if any controls on it to prevent
a user from having this protocol return any identifier the user
wants.  Likewise, if the host has been compromised the information
returned may be completely erroneous and misleading.
.lp
The Identification Protocol is not intended as an authorization or
access control protocol.  At best, it provides some additional
auditing information with respect to TCP connections.  At worst, it
can provide misleading, incorrect, or maliciously incorrect
information.
.lp
The use of the information returned by this protocol for other than
auditing is strongly discouraged.  Specifically, using Identification
Protocol information to make access control decisions - either as the
primary method (i.e., no other checks) or as an adjunct to other
methods may result in a weakening of normal host security.
.lp
An Identification server may reveal information about users,
entities, objects or processes which might normally be considered
private.  An Identification server provides service which is a rough
analog of the CallerID services provided by some phone companies and
many of the same privacy considerations and arguments that apply to
the CallerID service apply to Identification.  If you wouldn't run a
"finger" server due to privacy considerations you may not want to run
this protocol.
.ba
.sh 1 "ARGUMENTS"
.pp
The complete list of arguments to
.i sendmail
is described in detail in Appendix A.
Some important arguments are described here.
.sh 2 "Queue Interval"
.pp
The amount of time between forking a process
to run through the queue
is defined by the
.b \-q
flag.
If you run in mode
.b f
or
.b a
this can be relatively large,
since it will only be relevant
when a host that was down comes back up.
If you run in
.b q
mode
it should be relatively short,
since it defines the maximum amount of time that a message
may sit in the queue.
.pp
RFC 1123 section 5.3.1.1 says that this value should be at least 30 minutes
(although that probably doesn't make sense if you use ``queue-only'' mode).
.sh 2 "Daemon Mode"
.pp
If you allow incoming mail over an IPC connection,
you should have a daemon running.
This should be set by your
.i /etc/rc
file using the
.b \-bd
flag.
The
.b \-bd
flag and the
.b \-q
flag may be combined in one call:
.(b
/usr/\*(SD/sendmail \-bd \-q30m
.)b
.sh 2 "Forcing the Queue"
.pp
In some cases you may find that the queue has gotten clogged for some reason.
You can force a queue run
using the
.b \-q
flag (with no value).
It is entertaining to use the
.b \-v
flag (verbose)
when this is done to watch what happens:
.(b
/usr/\*(SD/sendmail \-q \-v
.)b
.pp
You can also limit the jobs to those with a particular queue identifier,
sender, or recipient
using one of the queue modifiers.
For example,
.q \-qRberkeley
restricts the queue run to jobs that have the string
.q berkeley
somewhere in one of the recipient addresses.
Similarly,
.q \-qSstring
limits the run to particular senders and
.q \-qIstring
limits it to particular identifiers.
.sh 2 "Debugging"
.pp
There are a fairly large number of debug flags
built into
.i sendmail .
Each debug flag has a number and a level,
where higher levels means to print out more information.
The convention is that levels greater than nine are
.q absurd,
i.e.,
they print out so much information that you wouldn't normally
want to see them except for debugging that particular piece of code.
Debug flags are set using the
.b \-d
option;
the syntax is:
.(b
.ta \w'debug-option  'u
debug-flag:	\fB\-d\fP debug-list
debug-list:	debug-option [ , debug-option ]
debug-option:	debug-range [ . debug-level ]
debug-range:	integer | integer \- integer
debug-level:	integer
.)b
where spaces are for reading ease only.
For example,
.(b
\-d12	Set flag 12 to level 1
\-d12.3	Set flag 12 to level 3
\-d3-17	Set flags 3 through 17 to level 1
\-d3-17.4	Set flags 3 through 17 to level 4
.)b
For a complete list of the available debug flags
you will have to look at the code
(they are too dynamic to keep this documentation up to date).
.sh 2 "Trying a Different Configuration File"
.pp
An alternative configuration file
can be specified using the
.b \-C
flag; for example,
.(b
/usr/\*(SD/sendmail \-Ctest.cf
.)b
uses the configuration file
.i test.cf
instead of the default
.i /etc/sendmail.cf.
If the
.b \-C
flag has no value
it defaults to
.i sendmail.cf
in the current directory.
.sh 2 "Changing the Values of Options"
.pp
Options can be overridden using the
.b \-o
flag.
For example,
.(b
/usr/\*(SD/sendmail \-oT2m
.)b
sets the
.b T
(timeout) option to two minutes
for this run only.
.pp
Some options have security implications.
Sendmail allows you to set these,
but refuses to run as root thereafter.
.sh 2 "Logging Traffic"
.pp
Many SMTP implementations do not fully implement the protocol.
For example, some personal computer based SMTPs
do not understand continuation lines in reply codes.
These can be very hard to trace.
If you suspect such a problem, you can set traffic logging using the
.b \-X
flag.
For example,
.(b
/usr/\*(SD/sendmail \-X /tmp/traffic -bd
.)b
will log all traffic in the file
.i /tmp/traffic .
.pp
This logs a lot of data very quickly and should never be used
during normal operations.
After starting up such a daemon,
force the errant implementation to send a message to your host.
All message traffic in and out of
.i sendmail ,
including the incoming SMTP traffic,
will be logged in this file.
.sh 2 "Dumping State"
.pp
You can ask
.i sendmail
to log a dump of the open files
and the connection cache
by sending it a
.sm SIGUSR1
signal.
The results are logged at
.sm LOG_DEBUG
priority.
.sh 1 "TUNING"
.pp
There are a number of configuration parameters
you may want to change,
depending on the requirements of your site.
Most of these are set
using an option in the configuration file.
For example,
the line
.q OT5d
sets option
.q T
to the value
.q 5d
(five days).
.pp
Most of these options have appropriate defaults for most sites.
However,
sites having very high mail loads may find they need to tune them
as appropriate for their mail load.
In particular,
sites experiencing a large number of small messages,
many of which are delivered to many recipients,
may find that they need to adjust the parameters
dealing with queue priorities.
.sh 2 "Timeouts"
.pp
All time intervals are set
using a scaled syntax.
For example,
.q 10m
represents ten minutes, whereas
.q 2h30m
represents two and a half hours.
The full set of scales is:
.(b
.ta 4n
s	seconds
m	minutes
h	hours
d	days
w	weeks
.)b
.sh 3 "Queue interval"
.pp
The argument to the
.b \-q
flag
specifies how often a sub-daemon will run the queue.
This is typically set to between fifteen minutes
and one hour.
RFC 1123 section 5.3.1.1 recommends that this be at least 30 minutes.
.sh 3 "Read timeouts"
.pp
It is possible to time out when reading the standard input
or when reading from a remote SMTP server.
These timeouts are set using the
.b r
option in the configuration file.
The argument is a list of
.i keyword=value
pairs.
The recognized keywords, their default values, and the minimum values
allowed by RFC 1123 section 5.3.2 are:
.nr ii 1i
.ip initial
The wait for the initial 220 greeting message
[5m, 5m].
.ip helo
The wait for a reply from a HELO or EHLO command
[5m, unspecified].
This may require a host name lookup, so
five minutes is probably a reasonable minimum.
.ip mail\(dg
The wait for a reply from a MAIL command
[10m, 5m].
.ip rcpt\(dg
The wait for a reply from a RCPT command
[1h, 5m].
This should be long
because it could be pointing at a list
that takes a long time to expand.
.ip datainit\(dg
The wait for a reply from a DATA command
[5m, 2m].
.ip datablock\(dg
The wait for reading a data block
(that is, the body of the message).
[1h, 3m].
This should be long because it also applies to programs
piping input to
.i sendmail
which have no guarantee of promptness.
.ip datafinal\(dg
The wait for a reply from the dot terminating a message.
[1h, 10m].
If this is shorter than the time actually needed
for the receiver to deliver the message,
duplicates will be generated.
This is discussed in RFC 1047.
.ip rset
The wait for a reply from a RSET command
[5m, unspecified].
.ip quit
The wait for a reply from a QUIT command
[2m, unspecified].
.ip misc
The wait for a reply from miscellaneous (but short) commands
such as NOOP (no-operation) and VERB (go into verbose mode).
[2m, unspecified].
.ip command\(dg
In server SMTP,
the time to wait for another command.
[1h, 5m].
.ip ident
The timeout waiting for a reply to an IDENT query
[30s, unspecified].
.lp
For compatibility with old configuration files,
if no ``keyword='' is specified,
all the timeouts marked with \(dg are set to the indicated value.
.pp
Many of the RFC 1123 minimum values
may well be too short.
.i Sendmail
was designed to the RFC 822 protocols,
which did not specify read timeouts;
hence,
.i sendmail
does not guarantee to reply to messages promptly.
In particular, a
.q RCPT