Previous Table of Contents Next

Load Limiting

The goal of load limiting is to prevent wasted time during loaded periods. This is done by attempting to deliver large messages, messages to many recipients, or messages to sites that have been down for a long time.

Central mail machines often can be overloaded. Of course, the best solution is to dedicate a more powerful machine to handling mail, but the load almost always expands to consume whatever resources are allocated.

Use the Ox and OX options to limit the load caused by sendmail. The default sets no load limits if no options are used. Both of these configuration options take an argument that is an integer-load average. For example, if you specify Ox4 and OX8, the x load limiting will be used when the load is above four, and the X load limiting will be used when the load is above eight. When the load is above the value specified in the X option, the SMTP server does not accept connections from the network. (Locally originated mail and other mail such as uucp are not affected.) The x option has a more subtle effect, controlling whether messages are queued for later delivery or are delivered immediately. The general idea is to deliver small messages immediately and to defer large messages for delivery during off-peak periods.

The Oq option specifies the maximum size of messages to be delivered immediately. The size of the message includes not only the number of bytes in the message, but also includes assigned penalties for a large number of recipients and for unsuccessful delivery attempts. The penalty per recipient is option value y, by default set to 1000. The penalty per delivery attempt is the option value z, by default set to 9000. The size limit also depends on current load, so that more and more messages are queued as the load goes higher. If the load is one above the x threshold, the limit is halved; if the load is two above the threshold, the limit is divided by three, and so forth. Note that this limit also applies to messages that are delivered when running the queue, in contrast to earlier versions of sendmail.

Log Level

You can adjust the level of logging for sendmail. The default log level is 9. The levels are shown in IN Table 4-3.

Table 4-3 Log Level Codes

Level Description
0 No logging
1 Major problems only
2 Message collections and failed deliveries
3 Successful deliveries
4 Messages being deferred (due to a host being down and so forth)
5 Normal message queue-ups
6 Unusual but benign incidents (for example, trying to process a locked queue file)
9 Log internal queue ID to external message ID mappings, which can be useful for tracing a message as it travels between several hosts
12 Several messages that are basically of interest only when debugging
16 Verbose information regarding the queue
22 All of the above

File Modes

Certain files can have a number of modes. The following sections describe the modes that you can control from the file. The modes you use depend on what functionality you want and the level of security you require.


By default, sendmail is executed with the user ID set to 0 (setuid to root) so that it can deliver to programs that might write in a user's home directory. When sendmail is ready to execute a mailer program, sendmail checks to see whether the user ID is 0; if so, it resets the user ID and group ID to the values set by the u and g options in the configuration file. By default, these values are Ou1 and Og1, which set both the user ID and the group ID to 1, which is daemon. You can override these values by setting the S flag to the mailer for mailers that are trusted and must be called as root. In this case, mail processing is accounted to root rather than to the user sending the mail.

Temporary File Modes

The OF option sets the mode of all temporary files that sendmail uses. The default is OF0600. The numbers stand for the usual octal values for file permissions. Thus, 0600 is for secure mail (-rw-------) and 0644 for permissive (-rw-r--r--). If you use the more permissive mode, you do not need to run sendmail as root (even when running the queue). Users can read mail in the queue.

Aliases Database Permissions

You can control access to the Aliases database. Many sites permit only accredited users to make modifications to the Aliases database or to create new ones.

If you use the local /etc/mail/aliases file to control mail aliases, you can use UNIX file permissions to restrict or permit write access. Default permissions on the /etc/mail/aliases are set to 644 with root as the owner. If you want to permit other users to be able to control mail aliases, you can use ACLs to enable specific individuals to write to the file or set up a group that contains members who can change mail aliases.

The Configuration File

The following sections describe the configuration file in detail, including hints for writing your own file.

The syntax of the configuration file is parsed every time sendmail starts up. This syntax is optimized for speed of processing, but can be mastered with the information that follows. The sendmail file uses single letters for several different functions:

  Command-line flags
  Configuration options
  Queue file line types
  Configuration file line types
  Mailer field names
  Mailer flags
  Macro names
  Class names

The following sections provide an overview of the configuration file and details of its semantics.

Previous Table of Contents Next