Sendmail Installation and Operation Guide
SMM:08-61
A
Use the AUTH= parameter for the MAIL FROM
command only when authentication succeeded.
This can be used as a workaround for broken
MTAs that do not implement RFC 2554 correctly.
a
protection from active (non-dictionary) attacks
during authentication exchange.
c
require mechanisms which pass client credentials,
and allow mechanisms which can pass credentials
to do so.
d
don't permit mechanisms susceptible to passive
dictionary attack.
f
require forward secrecy between sessions
(breaking one won't help break next).
m
require mechanisms which provide mutual authentication
(only available if using Cyrus SASL v2 or later).
p
don't permit mechanisms susceptible to simple
passive attack (e.g., PLAIN, LOGIN), unless a
security layer is active.
y
don't permit mechanisms that allow anonymous login.
The first option applies to sendmail as a client, the others to a server. Example:
O AuthOptions=p,y
would disallow ANONYMOUS as AUTH mechanism and would allow PLAIN
and LOGIN only if a security layer (e.g., provided by STARTTLS) is already
active. The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the selected
SASL mechanisms. Explanations of these properties can be found in the Cyrus
SASL documentation.
AuthRealm
[no short name] The authentication realm that is passed to the Cyrus SASL
library. If no realm is specified, $j is used.
BadRcptThrottle=N
[no short name] If set and the specified number of recipients in a single SMTP
transaction have been rejected, sleep for one second after each subsequent RCPT
command in that transaction.
BlankSub=c
[B] Set the blank substitution character to c. Unquoted spaces in addresses are
replaced by this character. Defaults to space (i.e., no change is made).
CACertPath
[no short name] Path to directory with certificates of CAs. This directory direc-
tory must contain the hashes of each CA certificate as filenames (or as links to
them).
CACertFile
[no short name] File containing one or more CA certificates; see section about
STARTTLS for more information.
CheckAliases
[n] Validate the RHS of aliases when rebuilding the alias database.
CheckpointInterval=N
[C] Checkpoints the queue every N (default 10) addresses sent. If your system
crashes during delivery to a large list, this prevents retransmission to any but the
last N recipients.
ClassFactor=fact [z] The indicated factor is multiplied by the message class (determined by the
Precedence: field in the user header and the P lines in the configuration file) and
subtracted from the priority. Thus, messages with a higher Priority: will be
favored. Defaults to 1800.