1SENDMAIL(1)                 General Commands Manual                SENDMAIL(1)
2
3
4

NAME

6       sendmail - Postfix to Sendmail compatibility interface
7

SYNOPSIS

9       sendmail [option ...] [recipient ...]
10
11       mailq
12       sendmail -bp
13
14       newaliases
15       sendmail -I
16

DESCRIPTION

18       The Postfix sendmail(1) command implements the Postfix to Sendmail com‐
19       patibility interface.  For the sake of compatibility with existing  ap‐
20       plications,  some  Sendmail  command-line  options  are  recognized but
21       silently ignored.
22
23       By default, Postfix sendmail(1) reads a message from standard input un‐
24       til  EOF or until it reads a line with only a . character, and arranges
25       for delivery.  Postfix sendmail(1) relies on the postdrop(1) command to
26       create a queue file in the maildrop directory.
27
28       Specific  command aliases are provided for other common modes of opera‐
29       tion:
30
31       mailq  List the mail queue. Each entry shows the queue file ID, message
32              size,  arrival  time, sender, and the recipients that still need
33              to be delivered.  If mail could not be delivered upon  the  last
34              attempt, the reason for failure is shown. The queue ID string is
35              followed by an optional status character:
36
37              *      The message is in the active queue, i.e. the  message  is
38                     selected for delivery.
39
40              !      The  message is in the hold queue, i.e. no further deliv‐
41                     ery attempt will be made until  the  mail  is  taken  off
42                     hold.
43
44              #      The message is forced to expire. See the postsuper(1) op‐
45                     tions -e or -f.
46
47              This  mode  of  operation  is  implemented  by   executing   the
48              postqueue(1) command.
49
50       newaliases
51              Initialize  the  alias  database.  If no input file is specified
52              (with the -oA option, see  below),  the  program  processes  the
53              file(s)  specified with the alias_database configuration parame‐
54              ter.  If no alias database type is specified, the  program  uses
55              the  type specified with the default_database_type configuration
56              parameter.  This mode of operation is implemented by running the
57              postalias(1) command.
58
59              Note: it may take a minute or so before an alias database update
60              becomes visible. Use the "postfix reload" command  to  eliminate
61              this delay.
62
63       These  and other features can be selected by specifying the appropriate
64       combination of command-line options. Some features  are  controlled  by
65       parameters in the main.cf configuration file.
66
67       The following options are recognized:
68
69       -Am (ignored)
70
71       -Ac (ignored)
72              Postfix  sendmail uses the same configuration file regardless of
73              whether or not a message is an initial submission.
74
75       -B body_type
76              The message body MIME type: 7BIT or 8BITMIME.
77
78       -bd    Go into daemon mode. This mode of operation  is  implemented  by
79              executing the "postfix start" command.
80
81       -bh (ignored)
82
83       -bH (ignored)
84              Postfix has no persistent host status database.
85
86       -bi    Initialize alias database. See the newaliases command above.
87
88       -bl    Go  into  daemon  mode. To accept only local connections as with
89              Sendmail's -bl option, specify "inet_interfaces =  loopback"  in
90              the Postfix main.cf configuration file.
91
92       -bm    Read mail from standard input and arrange for delivery.  This is
93              the default mode of operation.
94
95       -bp    List the mail queue. See the mailq command above.
96
97       -bs    Stand-alone SMTP server mode. Read SMTP commands  from  standard
98              input,  and  write responses to standard output.  In stand-alone
99              SMTP server mode, mail relaying and other  access  controls  are
100              disabled  by  default.  To  enable  them, run the process as the
101              mail_owner user.
102
103              This mode of operation is implemented by  running  the  smtpd(8)
104              daemon.
105
106       -bv    Do  not collect or deliver a message. Instead, send an email re‐
107              port after verifying each recipient address.  This is useful for
108              testing address rewriting and routing configurations.
109
110              This feature is available in Postfix version 2.1 and later.
111
112       -C config_file
113
114       -C config_dir
115              The  path name of the Postfix main.cf file, or of its parent di‐
116              rectory. This information is ignored with Postfix  versions  be‐
117              fore 2.3.
118
119              With Postfix version 3.2 and later, a non-default directory must
120              be authorized in the default main.cf file,  through  the  alter‐
121              nate_config_directories  or  multi_instance_directories  parame‐
122              ters.
123
124              With all Postfix versions, you can specify a directory  pathname
125              with  the MAIL_CONFIG environment variable to override the loca‐
126              tion of configuration files.
127
128       -F full_name
129              Set the sender full name. This overrides  the  NAME  environment
130              variable, and is used only with messages that have no From: mes‐
131              sage header.
132
133       -f sender
134              Set the envelope sender address. This is the address  where  de‐
135              livery  problems  are sent to. With Postfix versions before 2.1,
136              the Errors-To: message header overrides  the  error  return  ad‐
137              dress.
138
139       -G     Gateway  (relay)  submission, as opposed to initial user submis‐
140              sion.  Either do not rewrite addresses at all, or update  incom‐
141              plete  addresses  with the domain information specified with re‐
142              mote_header_rewrite_domain.
143
144              This option is ignored before Postfix version 2.3.
145
146       -h hop_count (ignored)
147              Hop count limit. Use the hopcount_limit configuration  parameter
148              instead.
149
150       -I     Initialize alias database. See the newaliases command above.
151
152       -i     When  reading  a message from standard input, don't treat a line
153              with only a . character as the end of input.
154
155       -L label (ignored)
156              The logging label. Use the syslog_name  configuration  parameter
157              instead.
158
159       -m (ignored)
160              Backwards compatibility.
161
162       -N dsn (default: 'delay, failure')
163              Delivery   status   notification   control.   Specify  either  a
164              comma-separated list with one or more of failure (send notifica‐
165              tion  when delivery fails), delay (send notification when deliv‐
166              ery is delayed), or success (send notification when the  message
167              is delivered); or specify never (don't send any notifications at
168              all).
169
170              This feature is available in Postfix 2.3 and later.
171
172       -n (ignored)
173              Backwards compatibility.
174
175       -oAalias_database
176              Non-default alias database. Specify pathname  or  type:pathname.
177              See postalias(1) for details.
178
179       -O option=value (ignored)
180              Set  the named option to value. Use the equivalent configuration
181              parameter in main.cf instead.
182
183       -o7 (ignored)
184
185       -o8 (ignored)
186              To send 8-bit or binary content, use an appropriate MIME  encap‐
187              sulation and specify the appropriate -B command-line option.
188
189       -oi    When  reading  a message from standard input, don't treat a line
190              with only a . character as the end of input.
191
192       -om (ignored)
193              The sender is never eliminated from alias etc. expansions.
194
195       -o x value (ignored)
196              Set option x to value. Use the equivalent configuration  parame‐
197              ter in main.cf instead.
198
199       -r sender
200              Set  the  envelope sender address. This is the address where de‐
201              livery problems are sent to. With Postfix versions  before  2.1,
202              the  Errors-To:  message  header  overrides the error return ad‐
203              dress.
204
205       -R return
206              Delivery status notification control.  Specify "hdrs" to  return
207              only  the header when a message bounces, "full" to return a full
208              copy (the default behavior).
209
210              The -R option specifies an upper bound; Postfix will return only
211              the  header, when a full copy would exceed the bounce_size_limit
212              setting.
213
214              This option is ignored before Postfix version 2.10.
215
216       -q     Attempt to deliver all queued mail. This is implemented by  exe‐
217              cuting the postqueue(1) command.
218
219              Warning:  flushing  undeliverable mail frequently will result in
220              poor delivery performance of all other mail.
221
222       -qinterval (ignored)
223              The interval between queue runs. Use the queue_run_delay config‐
224              uration parameter instead.
225
226       -qIqueueid
227              Schedule immediate delivery of mail with the specified queue ID.
228              This option is implemented by executing  the  postqueue(1)  com‐
229              mand, and is available with Postfix version 2.4 and later.
230
231       -qRsite
232              Schedule  immediate  delivery of all mail that is queued for the
233              named site. This option accepts only site names that are  eligi‐
234              ble  for the "fast flush" service, and is implemented by execut‐
235              ing the postqueue(1) command.  See flush(8) for more information
236              about the "fast flush" service.
237
238       -qSsite
239              This  command  is  not implemented. Use the slower "sendmail -q"
240              command instead.
241
242       -t     Extract recipients from message headers. These are added to  any
243              recipients specified on the command line.
244
245              With Postfix versions prior to 2.1, this option requires that no
246              recipient addresses are specified on the command line.
247
248       -U (ignored)
249              Initial user submission.
250
251       -V envid
252              Specify the envelope ID for notification by servers that support
253              DSN.
254
255              This feature is available in Postfix 2.3 and later.
256
257       -XV (Postfix 2.2 and earlier: -V)
258              Variable  Envelope Return Path. Given an envelope sender address
259              of the form owner-listname@origin,  each  recipient  user@domain
260              receives mail with a personalized envelope sender address.
261
262              By   default,   the  personalized  envelope  sender  address  is
263              owner-listname+user=domain@origin. The default + and  =  charac‐
264              ters  are configurable with the default_verp_delimiters configu‐
265              ration parameter.
266
267       -XVxy (Postfix 2.2 and earlier: -Vxy)
268              As -XV, but uses x and y as the VERP delimiter  characters,  in‐
269              stead  of  the characters specified with the default_verp_delim‐
270              iters configuration parameter.
271
272       -v     Send an email report of the first delivery attempt (Postfix ver‐
273              sions  2.1 and later). Mail delivery always happens in the back‐
274              ground. When multiple -v options are given, enable verbose  log‐
275              ging for debugging purposes.
276
277       -X log_file (ignored)
278              Log mailer traffic. Use the debug_peer_list and debug_peer_level
279              configuration parameters instead.
280

SECURITY

282       By design, this program is not set-user (or group) id.  It is  prepared
283       to handle message content from untrusted, possibly remote, users.
284
285       However,  like  most  Postfix programs, this program does not enforce a
286       security policy on its command-line arguments.  Instead, it  relies  on
287       the  UNIX system to enforce access policies based on the effective user
288       and group IDs of the process. Concretely, this means that running Post‐
289       fix  commands as root (from sudo or equivalent) on behalf of a non-root
290       user is likely to create privilege escalation opportunities.
291
292       If an application runs any Postfix programs on behalf of users that  do
293       not have normal shell access to Postfix commands, then that application
294       MUST restrict user-specified command-line arguments to avoid  privilege
295       escalation.
296
297       •      Filter  all  command-line  arguments, for example arguments that
298              contain a pathname or that specify  a  database  access  method.
299              These  pathname  checks  must reject user-controlled symlinks or
300              hardlinks to sensitive files, and must not be vulnerable to TOC‐
301              TOU race attacks.
302
303       •      Disable  command  options  processing  for all command arguments
304              that contain user-specified data. For example, the Postfix send‐
305              mail(1) command line MUST be structured as follows:
306
307                  /path/to/sendmail system-arguments -- user-arguments
308
309              Here,  the  "--"  disables  command  option  processing  for all
310              user-arguments that follow.
311
312              Without the "--", a malicious user could  enable  Postfix  send‐
313              mail(1)  command  options,  by  specifying an email address that
314              starts with "-".
315

DIAGNOSTICS

317       Problems are logged to syslogd(8) or postlogd(8), and to  the  standard
318       error stream.
319

ENVIRONMENT

321       MAIL_CONFIG
322              Directory with Postfix configuration files.
323
324       MAIL_VERBOSE (value does not matter)
325              Enable verbose logging for debugging purposes.
326
327       MAIL_DEBUG (value does not matter)
328              Enable debugging with an external command, as specified with the
329              debugger_command configuration parameter.
330
331       NAME   The sender full name. This is used only with messages that  have
332              no From: message header. See also the -F option above.
333

CONFIGURATION PARAMETERS

335       The  following  main.cf parameters are especially relevant to this pro‐
336       gram.  The text below provides only  a  parameter  summary.  See  post‐
337       conf(5) for more details including examples.
338

COMPATIBILITY CONTROLS

340       Available with Postfix 2.9 and later:
341
342       sendmail_fix_line_endings (always)
343              Controls how the Postfix sendmail command converts email message
344              line endings from <CR><LF> into UNIX format (<LF>).
345

TROUBLE SHOOTING CONTROLS

347       The DEBUG_README file gives examples of how to troubleshoot  a  Postfix
348       system.
349
350       debugger_command (empty)
351              The external command to execute when a Postfix daemon program is
352              invoked with the -D option.
353
354       debug_peer_level (2)
355              The increment in verbose logging level when a  nexthop  destina‐
356              tion,  remote client or server name or network address matches a
357              pattern given with the debug_peer_list parameter.
358
359       debug_peer_list (empty)
360              Optional list of nexthop destination, remote  client  or  server
361              name  or  network  address  patterns that, if matched, cause the
362              verbose logging level to increase by  the  amount  specified  in
363              $debug_peer_level.
364

ACCESS CONTROLS

366       Available in Postfix version 2.2 and later:
367
368       authorized_flush_users (static:anyone)
369              List of users who are authorized to flush the queue.
370
371       authorized_mailq_users (static:anyone)
372              List of users who are authorized to view the queue.
373
374       authorized_submit_users (static:anyone)
375              List  of  users who are authorized to submit mail with the send‐
376              mail(1) command (and with the privileged postdrop(1) helper com‐
377              mand).
378

RESOURCE AND RATE CONTROLS

380       bounce_size_limit (50000)
381              The  maximal  amount  of original message text that is sent in a
382              non-delivery notification.
383
384       fork_attempts (5)
385              The maximal number of attempts to fork() a child process.
386
387       fork_delay (1s)
388              The delay between attempts to fork() a child process.
389
390       hopcount_limit (50)
391              The maximal number of Received:  message headers that is allowed
392              in the primary message headers.
393
394       queue_run_delay (300s)
395              The  time  between  deferred  queue  scans by the queue manager;
396              prior to Postfix 2.4 the default value was 1000s.
397

FAST FLUSH CONTROLS

399       The ETRN_README file describes configuration and operation details  for
400       the Postfix "fast flush" service.
401
402       fast_flush_domains ($relay_domains)
403              Optional list of destinations that are eligible for per-destina‐
404              tion logfiles with mail that is queued to those destinations.
405

VERP CONTROLS

407       The VERP_README file describes configuration and operation  details  of
408       Postfix support for variable envelope return path addresses.
409
410       default_verp_delimiters (+=)
411              The two default VERP delimiter characters.
412
413       verp_delimiter_filter (-=+)
414              The  characters  Postfix accepts as VERP delimiter characters on
415              the Postfix sendmail(1) command line and in SMTP commands.
416

MISCELLANEOUS CONTROLS

418       alias_database (see 'postconf -d' output)
419              The alias databases for local(8) delivery that are updated  with
420              "newaliases" or with "sendmail -bi".
421
422       command_directory (see 'postconf -d' output)
423              The location of all postfix administrative commands.
424
425       config_directory (see 'postconf -d' output)
426              The  default  location of the Postfix main.cf and master.cf con‐
427              figuration files.
428
429       daemon_directory (see 'postconf -d' output)
430              The directory with Postfix support programs and daemon programs.
431
432       default_database_type (see 'postconf -d' output)
433              The default database type for use in newaliases(1), postalias(1)
434              and postmap(1) commands.
435
436       delay_warning_time (0h)
437              The  time  after which the sender receives a copy of the message
438              headers of mail that is still queued.
439
440       import_environment (see 'postconf -d' output)
441              The list of environment  variables  that  a  privileged  Postfix
442              process  will  import  from  a  non-Postfix  parent  process, or
443              name=value environment overrides.
444
445       mail_owner (postfix)
446              The UNIX system account that owns the  Postfix  queue  and  most
447              Postfix daemon processes.
448
449       queue_directory (see 'postconf -d' output)
450              The location of the Postfix top-level queue directory.
451
452       remote_header_rewrite_domain (empty)
453              Don't  rewrite  message  headers from remote clients at all when
454              this parameter is empty; otherwise, rewrite message headers  and
455              append the specified domain name to incomplete addresses.
456
457       syslog_facility (mail)
458              The syslog facility of Postfix logging.
459
460       syslog_name (see 'postconf -d' output)
461              A  prefix  that  is  prepended  to  the  process  name in syslog
462              records, so that, for example, "smtpd" becomes "prefix/smtpd".
463
464       Postfix 3.2 and later:
465
466       alternate_config_directories (empty)
467              A list of non-default Postfix configuration directories that may
468              be  specified with "-c config_directory" on the command line (in
469              the case of sendmail(1), with  the  "-C"  option),  or  via  the
470              MAIL_CONFIG environment parameter.
471
472       multi_instance_directories (empty)
473              An  optional  list of non-default Postfix configuration directo‐
474              ries; these directories belong to additional  Postfix  instances
475              that  share  the Postfix executable files and documentation with
476              the default Postfix instance, and  that  are  started,  stopped,
477              etc., together with the default Postfix instance.
478

FILES

480       /var/spool/postfix, mail queue
481       /etc/postfix, configuration files
482

SEE ALSO

484       pickup(8), mail pickup daemon
485       qmgr(8), queue manager
486       smtpd(8), SMTP server
487       flush(8), fast flush service
488       postsuper(1), queue maintenance
489       postalias(1), create/update/query alias database
490       postdrop(1), mail posting utility
491       postfix(1), mail system control
492       postqueue(1), mail queue control
493       postlogd(8), Postfix logging
494       syslogd(8), system logging
495

README_FILES

497       Use  "postconf readme_directory" or "postconf html_directory" to locate
498       this information.
499       DEBUG_README, Postfix debugging howto
500       ETRN_README, Postfix ETRN howto
501       VERP_README, Postfix VERP howto
502

LICENSE

504       The Secure Mailer license must be distributed with this software.
505

AUTHOR(S)

507       Wietse Venema
508       IBM T.J. Watson Research
509       P.O. Box 704
510       Yorktown Heights, NY 10598, USA
511
512       Wietse Venema
513       Google, Inc.
514       111 8th Avenue
515       New York, NY 10011, USA
516
517
518
519                                                                   SENDMAIL(1)
Impressum