This topic contains other required or useful information for configuring
sendmail. For further information on these topics, see the
bat
book.
- SuperUser status is needed to start the sendmail daemon.
- The QueueDirectory option defined in the config file tells sendmail
where to queue messages that are temporarily undeliverable. This directory
must exist before sendmail is started.
- Sendmail is highly dependent on the Domain Name Server (DNS);
it is important to set up the resolver correctly to avoid unnecessary
searching for a user. For more information about DNS, see DNS overview.
- A program controlled environment is necessary for sendmail to
run in daemon mode when BPX.DAEMON is enabled, because many functions
of sendmail (especially daemon functions) require it to change the
user ID (UID) without prompting for a password. For more information
regarding security and sendmail, see z/OS UNIX System Services Planning as well as the bat book.
- The daemon must be started by root, as usual. Table 1 shows the recommended security file
permissions of files that sendmail might use.
Table 1. Sendmail permission table| Path |
Type |
Owner |
Mode |
Required or configurable |
|---|
| / |
Directory |
root |
555 dr-xr-xr-x |
Required |
| /usr |
Directory |
root |
555 dr-xr-xr-x |
Required |
| /usr/sbin |
Directory |
root |
555 dr-xr-xr-x |
Required |
| /usr/sbin/sendmail |
File |
root |
755 -rwsr-xr-x |
Required |
| /bin/sendmail |
File |
smmsp |
755 -rwsr-sr-x |
Configurable1 |
| /etc/mail |
Directory |
root |
555 dr-xr-xr-x |
Configurable |
| /etc/mail/sendmail.cf |
File |
root |
444 -r--r--r-- |
Configurable |
| /etc/mail/submit.cf |
File |
root |
444 -r--r--r-- |
Configurable |
| /var/spool/mqueue |
Directory |
sendmail |
700 drwx------ |
Configurable |
| /var/spool/clientmqueue |
Directory |
smmsp |
770 drwxrwx--- |
Configurable |
- Used only with RACF® program
control systems.
|
Rule: When sendmail is attempting
to canonify a host name, some broken name servers will return SERVFAIL
(a temporary failure) on T_AAAA (IPv6) lookups. To allow sendmail
to accept this behavior, ResolverOptions in the configuration file
is set to WorkAroundBrokenAAAA by default.
If a system has
thousands of users defined in the Users list, the administrator might
consider enabling the UNIXMAP class. This increases the speed of the
security checks performed by sendmail. APAR OW30858 provides details
about what is needed to enable the UNIXMAP class. For additional information
on enabling the UNIXMAP class, see z/OS Security Server RACF Security Administrator's
Guide.