sendmail - Postfix to Sendmail compatibility interface
sendmail [option ...] [recipient ...]
mailq
sendmail -bp
newaliases
sendmail -I
The Postfix sendmail(1) command implements the Postfix to Sendmail
  compatibility interface. For the sake of compatibility with existing
  applications, some Sendmail command-line options are recognized but silently
  ignored.
By default, Postfix sendmail(1) reads a message from
    standard input until EOF or until it reads a line with only a .
    character, and arranges for delivery. Postfix sendmail(1) relies on
    the postdrop(1) command to create a queue file in the maildrop
    directory.
Specific command aliases are provided for other common modes of
    operation:
  - mailq
- List the mail queue. Each entry shows the queue file ID, message size,
      arrival time, sender, and the recipients that still need to be delivered.
      If mail could not be delivered upon the last attempt, the reason for
      failure is shown. The queue ID string is followed by an optional status
      character:
  - *
- The message is in the active queue, i.e. the message is selected
      for delivery.
- !
- The message is in the hold queue, i.e. no further delivery attempt
      will be made until the mail is taken off hold.
- #
- The message is forced to expire. See the postsuper(1) options
      -e or -f.
 
  
  - This mode of operation is implemented by executing the postqueue(1)
      command.
- newaliases
- Initialize the alias database. If no input file is specified (with the
      -oA option, see below), the program processes the file(s) specified
      with the alias_database configuration parameter. If no alias
      database type is specified, the program uses the type specified with the
      default_database_type configuration parameter. This mode of
      operation is implemented by running the postalias(1) command.
    Note: it may take a minute or so before an alias database
        update becomes visible. Use the "postfix reload"
        command to eliminate this delay. 
These and other features can be selected by specifying the
    appropriate combination of command-line options. Some features are
    controlled by parameters in the main.cf configuration file.
The following options are recognized:
  - -Am (ignored)
- -Ac (ignored)
- Postfix sendmail uses the same configuration file regardless of whether or
      not a message is an initial submission.
- -B body_type
- The message body MIME type: 7BIT or 8BITMIME.
- -bd
- Go into daemon mode. This mode of operation is implemented by executing
      the "postfix start" command.
- -bh (ignored)
- -bH (ignored)
- Postfix has no persistent host status database.
- -bi
- Initialize alias database. See the newaliases command above.
- -bl
- Go into daemon mode. To accept only local connections as with Sendmail's
      -bl option, specify "inet_interfaces =
      loopback" in the Postfix main.cf configuration file.
- -bm
- Read mail from standard input and arrange for delivery. This is the
      default mode of operation.
- -bp
- List the mail queue. See the mailq command above.
- -bs
- Stand-alone SMTP server mode. Read SMTP commands from standard input, and
      write responses to standard output. In stand-alone SMTP server mode, mail
      relaying and other access controls are disabled by default. To enable
      them, run the process as the mail_owner user.
    This mode of operation is implemented by running the
        smtpd(8) daemon. 
- -bv
- Do not collect or deliver a message. Instead, send an email report after
      verifying each recipient address. This is useful for testing address
      rewriting and routing configurations.
    This feature is available in Postfix version 2.1 and
      later. 
- -C config_file
- -C config_dir
- The path name of the Postfix main.cf file, or of its parent
      directory. This information is ignored with Postfix versions before 2.3.
    With Postfix version 3.2 and later, a non-default directory
        must be authorized in the default main.cf file, through the
        alternate_config_directories or multi_instance_directories
      parameters. With all Postfix versions, you can specify a directory
        pathname with the MAIL_CONFIG environment variable to override the
        location of configuration files. 
- -F full_name
- Set the sender full name. This overrides the NAME environment variable,
      and is used only with messages that have no From: message
    header.
- -f sender
- Set the envelope sender address. This is the address where delivery
      problems are sent to. With Postfix versions before 2.1, the
      Errors-To: message header overrides the error return address.
- -G
- Gateway (relay) submission, as opposed to initial user submission. Either
      do not rewrite addresses at all, or update incomplete addresses with the
      domain information specified with remote_header_rewrite_domain.
    This option is ignored before Postfix version 2.3. 
- -h hop_count (ignored)
- Hop count limit. Use the hopcount_limit configuration parameter
      instead.
- -I
- Initialize alias database. See the newaliases command above.
- -i
- When reading a message from standard input, don't treat a line with only a
      . character as the end of input.
- -L label (ignored)
- The logging label. Use the syslog_name configuration parameter
      instead.
- -m (ignored)
- Backwards compatibility.
- -N dsn (default: 'delay, failure')
- Delivery status notification control. Specify either a comma-separated
      list with one or more of failure (send notification when delivery
      fails), delay (send notification when delivery is delayed), or
      success (send notification when the message is delivered); or
      specify never (don't send any notifications at all).
    This feature is available in Postfix 2.3 and later. 
- -n (ignored)
- Backwards compatibility.
- -oAalias_database
- Non-default alias database. Specify pathname or
      type:pathname. See postalias(1) for details.
- -O option=value (ignored)
- Set the named option to value. Use the equivalent
      configuration parameter in main.cf instead.
- -o7 (ignored)
- -o8 (ignored)
- To send 8-bit or binary content, use an appropriate MIME encapsulation and
      specify the appropriate -B command-line option.
- -oi
- When reading a message from standard input, don't treat a line with only a
      . character as the end of input.
- -om (ignored)
- The sender is never eliminated from alias etc. expansions.
- -o x value (ignored)
- Set option x to value. Use the equivalent configuration
      parameter in main.cf instead.
- -r sender
- Set the envelope sender address. This is the address where delivery
      problems are sent to. With Postfix versions before 2.1, the
      Errors-To: message header overrides the error return address.
- -R return
- Delivery status notification control. Specify "hdrs" to return
      only the header when a message bounces, "full" to return a full
      copy (the default behavior).
    The -R option specifies an upper bound; Postfix will
        return only the header, when a full copy would exceed the
        bounce_size_limit setting. This option is ignored before Postfix version 2.10. 
- -q
- Attempt to deliver all queued mail. This is implemented by executing the
      postqueue(1) command.
    Warning: flushing undeliverable mail frequently will result in
        poor delivery performance of all other mail. 
- -qinterval (ignored)
- The interval between queue runs. Use the queue_run_delay
      configuration parameter instead.
- -qIqueueid
- Schedule immediate delivery of mail with the specified queue ID. This
      option is implemented by executing the postqueue(1) command, and is
      available with Postfix version 2.4 and later.
- -qRsite
- Schedule immediate delivery of all mail that is queued for the named
      site. This option accepts only site names that are eligible
      for the "fast flush" service, and is implemented by executing
      the postqueue(1) command. See flush(8) for more information
      about the "fast flush" service.
- -qSsite
- This command is not implemented. Use the slower "sendmail
      -q" command instead.
- -t
- Extract recipients from message headers. These are added to any recipients
      specified on the command line.
    With Postfix versions prior to 2.1, this option requires that
        no recipient addresses are specified on the command line. 
- -U (ignored)
- Initial user submission.
- -V envid
- Specify the envelope ID for notification by servers that support DSN.
    This feature is available in Postfix 2.3 and later. 
- -XV (Postfix 2.2 and earlier: -V)
- Variable Envelope Return Path. Given an envelope sender address of the
      form owner-listname@origin, each recipient
      user@domain receives mail with a personalized envelope
      sender address.
    By default, the personalized envelope sender address is
        owner-listname+user=domain@origin.
        The default + and = characters are configurable with the
        default_verp_delimiters configuration parameter. 
- -XVxy (Postfix 2.2 and earlier: -Vxy)
- As -XV, but uses x and y as the VERP delimiter
      characters, instead of the characters specified with the
      default_verp_delimiters configuration parameter.
- -v
- Send an email report of the first delivery attempt (Postfix versions 2.1
      and later). Mail delivery always happens in the background. When multiple
      -v options are given, enable verbose logging for debugging
      purposes.
- -X log_file (ignored)
- Log mailer traffic. Use the debug_peer_list and
      debug_peer_level configuration parameters instead.
By design, this program is not set-user (or group) id. It is prepared to handle
  message content from untrusted, possibly remote, users.
However, like most Postfix programs, this program does not enforce
    a security policy on its command-line arguments. Instead, it relies on the
    UNIX system to enforce access policies based on the effective user and group
    IDs of the process. Concretely, this means that running Postfix commands as
    root (from sudo or equivalent) on behalf of a non-root user is likely to
    create privilege escalation opportunities.
If an application runs any Postfix programs on behalf of users
    that do not have normal shell access to Postfix commands, then that
    application MUST restrict user-specified command-line arguments to avoid
    privilege escalation.
  - Filter all command-line arguments, for example arguments that contain a
      pathname or that specify a database access method. These pathname checks
      must reject user-controlled symlinks or hardlinks to sensitive files, and
      must not be vulnerable to TOCTOU race attacks.
- Disable command options processing for all command arguments that contain
      user-specified data. For example, the Postfix sendmail(1) command
      line MUST be structured as follows:
    
    
    /path/to/sendmail system-arguments -- user-arguments
    Here, the "--" disables command option
        processing for all user-arguments that follow. 
  
  - Without the "--", a malicious user could enable Postfix
      sendmail(1) command options, by specifying an email address that
      starts with "-".
Problems are logged to syslogd(8) or postlogd(8), and to the
  standard error stream.
  - MAIL_CONFIG
- Directory with Postfix configuration files.
- MAIL_VERBOSE (value does not matter)
- Enable verbose logging for debugging purposes.
- MAIL_DEBUG (value does not matter)
- Enable debugging with an external command, as specified with the
      debugger_command configuration parameter.
- NAME
- The sender full name. This is used only with messages that have no
      From: message header. See also the -F option above.
The following main.cf parameters are especially relevant to this program.
  The text below provides only a parameter summary. See postconf(5) for
  more details including examples.
Available with Postfix 2.9 and later:
  - sendmail_fix_line_endings (always)
- Controls how the Postfix sendmail command converts email message line
      endings from <CR><LF> into UNIX format (<LF>).
The DEBUG_README file gives examples of how to troubleshoot a Postfix system.
  - debugger_command (empty)
- The external command to execute when a Postfix daemon program is invoked
      with the -D option.
- debug_peer_level (2)
- The increment in verbose logging level when a nexthop destination, remote
      client or server name or network address matches a pattern given with the
      debug_peer_list parameter.
- debug_peer_list (empty)
- Optional list of nexthop destination, remote client or server name or
      network address patterns that, if matched, cause the verbose logging level
      to increase by the amount specified in $debug_peer_level.
Available in Postfix version 2.2 and later:
  - authorized_flush_users (static:anyone)
- List of users who are authorized to flush the queue.
- authorized_mailq_users (static:anyone)
- List of users who are authorized to view the queue.
- authorized_submit_users (static:anyone)
- List of users who are authorized to submit mail with the
      sendmail(1) command (and with the privileged postdrop(1)
      helper command).
  - bounce_size_limit (50000)
- The maximal amount of original message text that is sent in a non-delivery
      notification.
- fork_attempts (5)
- The maximal number of attempts to fork() a child process.
- fork_delay (1s)
- The delay between attempts to fork() a child process.
- hopcount_limit (50)
- The maximal number of Received: message headers that is allowed in the
      primary message headers.
- queue_run_delay (300s)
- The time between deferred queue scans by the queue manager; prior to
      Postfix 2.4 the default value was 1000s.
The ETRN_README file describes configuration and operation details for the
  Postfix "fast flush" service.
  - fast_flush_domains ($relay_domains)
- Optional list of destinations that are eligible for per-destination
      logfiles with mail that is queued to those destinations.
The VERP_README file describes configuration and operation details of Postfix
  support for variable envelope return path addresses.
  - default_verp_delimiters (+=)
- The two default VERP delimiter characters.
- verp_delimiter_filter (-=+)
- The characters Postfix accepts as VERP delimiter characters on the Postfix
      sendmail(1) command line and in SMTP commands.
  - alias_database (see 'postconf -d' output)
- The alias databases for local(8) delivery that are updated with
      "newaliases" or with "sendmail
    -bi".
- command_directory (see 'postconf -d' output)
- The location of all postfix administrative commands.
- config_directory (see 'postconf -d' output)
- The default location of the Postfix main.cf and master.cf configuration
      files.
- daemon_directory (see 'postconf -d' output)
- The directory with Postfix support programs and daemon programs.
- default_database_type (see 'postconf -d' output)
- The default database type for use in newaliases(1),
      postalias(1) and postmap(1) commands.
- delay_warning_time (0h)
- The time after which the sender receives a copy of the message headers of
      mail that is still queued.
- import_environment (see 'postconf -d' output)
- The list of environment variables that a privileged Postfix process will
      import from a non-Postfix parent process, or name=value environment
      overrides.
- mail_owner (postfix)
- The UNIX system account that owns the Postfix queue and most Postfix
      daemon processes.
- queue_directory (see 'postconf -d' output)
- The location of the Postfix top-level queue directory.
- remote_header_rewrite_domain (empty)
- Don't rewrite message headers from remote clients at all when this
      parameter is empty; otherwise, rewrite message headers and append the
      specified domain name to incomplete addresses.
- syslog_facility (mail)
- The syslog facility of Postfix logging.
- syslog_name (see 'postconf -d' output)
- A prefix that is prepended to the process name in syslog records, so that,
      for example, "smtpd" becomes "prefix/smtpd".
Postfix 3.2 and later:
  - alternate_config_directories (empty)
- A list of non-default Postfix configuration directories that may be
      specified with "-c config_directory" on the command line (in the
      case of sendmail(1), with the "-C" option), or via the
      MAIL_CONFIG environment parameter.
- multi_instance_directories (empty)
- An optional list of non-default Postfix configuration directories; these
      directories belong to additional Postfix instances that share the Postfix
      executable files and documentation with the default Postfix instance, and
      that are started, stopped, etc., together with the default Postfix
      instance.
/var/spool/postfix, mail queue
/etc/postfix, configuration files
pickup(8), mail pickup daemon
qmgr(8), queue manager
smtpd(8), SMTP server
flush(8), fast flush service
postsuper(1), queue maintenance
postalias(1), create/update/query alias database
postdrop(1), mail posting utility
postfix(1), mail system control
postqueue(1), mail queue control
postlogd(8), Postfix logging
syslogd(8), system logging
Use "postconf readme_directory" or "postconf
  html_directory" to locate this information.
DEBUG_README, Postfix debugging howto
ETRN_README, Postfix ETRN howto
VERP_README, Postfix VERP howto
The Secure Mailer license must be distributed with this software.
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA