The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,482 other followers

Archive for the ‘sendmail’ Category

On my list of things to try: Amazon SES for outbound/inbound email handling

Posted by jpluimers on 2021/08/10

SES mail servers at the time of writing


# nslookup -type=TXT | grep "v=spf1"   text = "v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: -all"I


C:\>nslookup -type=TXT | find "v=spf1"
Non-authoritative answer:
        "v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: -all"

These addresses use a compact CIDR notation to denote ranges of networks containing ranges of network IPv4 addresses.

CIRD processing to sendmail access file

(this is linux sendmail only)

Converting the nslookup outout to a CIDR based sendmail /etc/mail/access excerpt goes via a pipe sequence of multiple sed commands:

# nslookup -type=TXT | grep "v=spf1" | sed 's/\(^.*"v=spf1 ip4:\| -all"$\)//g' | sed 's/\ ip4:/\n/g' | xargs -I {} sh -c "prips {} | sed 's/$/\tRELAY/g'"   RELAY   RELAY

What happens here is this:

  1. Filter out only spf1 records using grep.
  2. Remove the head (.*v=spf1 ip4:) and tail ( -all") of the output, see [WayBack] use of alternation “|” in sed’s regex – Super User.
  3. Replaces all ip4: with newlines (so the output get split over multiple lines), see [WayBack] linux – splitting single line into multiple line in numbering format using awk – Stack Overflow.
  4. Convert the CIDR notation to individual IP addresses (as sendmail cannot handle CIDR),
    1. This uses a combination of xargs with the  sh trick to split the CIDR list into separate arguments, and prips (which prints the IP addresses for a CIDR); see:
    2. Alternatively, use
  5. Replaces all end-of-line anchor ($) with a tab followed by RELAY, see

You can append the output of this command to /etc/mail/access, then re-generate /etc/mail/access.db and restart sendmail; see for instance [WayBack] sendmail access.db by example |

Without the xargs, the output would look like this:

# nslookup -type=TXT | grep "v=spf1" | sed 's/\(^.*"v=spf1 ip4:\| -all"$\)//g' | sed 's/\ ip4:/\n/g'



Posted in *nix, *nix-tools, Amazon SES,, Cloud, Communications Development, Development, Infrastructure, Internet protocol suite, Power User, sendmail, SMTP, Software Development | Leave a Comment »

The Architecture of Open Source Applications: Sendmail

Posted by jpluimers on 2021/04/12

Cool historic article: [WayBack] The Architecture of Open Source Applications: Sendmail by Eric Allman.

It is Chapter 17 of this book [WayBack]:

The Architecture of
Open Source Applications

Amy Brown and Greg Wilson (eds.)
ISBN 978-1-257-63801-7

I totally missed that book being published in 2014.

Great historic read!


Posted in *nix, *nix-tools, History, Power User, sendmail | Leave a Comment »

email file decoding: Encode/Decode Quoted Printable – Webatic

Posted by jpluimers on 2021/03/26

For my link archive: [WayBack] Encode/Decode Quoted Printable – Webatic.

It did a splendid job at decoding email files in MIME format Quoted-printable.


Posted in *nix, *nix-tools, Communications Development, Development, eMail, Encoding, Internet, Internet protocol suite, Power User, sendmail, SMTP, SocialMedia, Software Development | Leave a Comment »

flush deferred messages in mail queue – SysAdmin Tips

Posted by jpluimers on 2021/03/19

[WayBack] flush deferred messages in mail queue – SysAdmin Tips

In Exim:

# exim -qff

In Postfix:

# postfix flush

In Sendmail:

# sendmail -OTimeout.hoststatus=0m -q -v


Posted in *nix, *nix-tools, exim mail, postfix, Power User, sendmail | Leave a Comment »

Forcing the queue on individual email message

Posted by jpluimers on 2020/11/23

I tried the trick from [WayBack] Forcing the queue on individual email message. Despite what the linked post says, on my system, the email is not sent, but bounces, and the queue files get lost, so there is no way to get to the original content without a proper back-up mechanism (which – for transient data like queued email messages – often is not implemented).

The reason is the -oTnow parameter. It is kind of documented, but none of that is returned via the “sendmail” “-oTnow” – Google Search.

Before explaining the cause and workaround deeper, these are the relevant documentation parts:

I could not find the 8.15 operations guide as PDF, but the version 8.12 HTML edition is mostly the same as the PDF (Despite the time span between those releases spanning 14 years, parameters and configuration options didn’t change a whole lot), so as the HTML is easier to quote, here we go:

The arguments; -q, -o versus -O options

[WayBack] “ACKNOWLEDGEMENTS” explains the basic arguments as well:

Arguments must be presented with flags before addresses. The flags are:

Set option x to the specified value. These options are described in Section 5.6.
Set option to the specified value (for long form option names). These options are described in Section 5.6.

Run the queue once, limiting the jobs to those matching Xstring. The key letter X can be I to limit based on queue identifier, R to limit based on recipient, or S to limit based on sender. A particular queued job is accepted if one of the corresponding addresses contains the indicated string. The optional ! character negates the condition tested. Multiple -qX flags are permitted, with items with the same key letter or'ed together, and items with different key letters and'ed together.


O — Set Option

There are a number of global options that can be set from a configuration file. Options are represented by full words; some are also representable as single characters for back compatibility. The syntax of this line is:

O option = value

This sets option option to be value. Note that there must be a space between the letter `O’ and the name of the option. An older version is:

O ovalue

where the option o is a single character. Depending on the option, value may be a string, an integer, a boolean (with legal values tTf, or F; the default is TRUE), or a time interval.

then lists the relevant options for us:

[T] A synonym for Timeout.queuereturn. Use that form instead of the QueueTimeout form.

[r; subsumes old T option as well] Set timeout values. For more information, see section

The -oT parameter, or T option sets timeouts

[WayBack] “TUNING” has a whole section on


All time intervals are set using a scaled syntax. For example, 10m represents ten minutes, whereas 2h30m represents two and a half hours. The full set of scales is:

s seconds
m minutes
h hours
d days
w weeks

There is also a special timeout value now, and timeouts can be defined in various levels, including message timeouts:

Message timeouts

After sitting in the queue for a few days, an undeliverable message will time out. This is to insure that at least the sender is aware of the inability to send a message. The timeout is typically set to five days. It is sometimes considered convenient to also send a warning message if the message is in the queue longer than a few hours (assuming you normally have good connectivity; if your messages normally took several hours to send you wouldn’t want to do this because it wouldn’t be an unusual event). These timeouts are set using the Timeout.queuereturn and Timeout.queuewarn options in the configuration file (previously both were set using the T option).

If the message is submitted using the NOTIFY SMTP extension, warning messages will only be sent if NOTIFY=DELAY is specified. The queuereturn and queuewarn timeouts can be further qualified with a tag based on the Precedence: field in the message; they must be one of urgent (indicating a positive non-zero precedence) normal (indicating a zero precedence), or non-urgent (indicating negative precedences). For example, setting Timeout.queuewarn.urgent=1h sets the warning timeout for urgent messages only to one hour. The default if no precedence is indicated is to set the timeout for all precedences. The value “now” can be used for -O Timeout.queuereturn to return entries immediately during a queue run, e.g., to bounce messages independent of their time in the queue.

Since these options are global, and since you cannot know a priori how long another host outside your domain will be down, a five day timeout is recommended. This allows a recipient to fix the problem even if it occurs at the beginning of a long weekend. RFC 1123 section says that this parameter should be “at least 4-5 days”.

The Timeout.queuewarn value can be piggybacked on the T option by indicating a time after which a warning message should be sent; the two timeouts are separated by a slash. For example, the line


causes email to fail after five days, but a warning message will be sent after four hours. This should be large enough that the message will have been tried several times.

So the -oT is the T option, which is shorthand for -oTimeout.queuereturn. (well, actually you can combine Timeout.queuewarn using a slash).

Specifying now gives you this behaviour: The value “now” can be used for -O Timeout.queuereturn to return entries immediately during a queue run, e.g., to bounce messages independent of their time in the queue.

Of course that bounces, invalidating the below -oTnow trick.

The -qI parameter, or I queue flag for message identifier

You can also limit the jobs to those with a particular queue identifier, recipient, sender, or queue group using one of the queue modifiers. For example, -qRberkeley restricts the queue run to jobs that have the string berkeley somewhere in one of the recipient addresses. Similarly, -qSstring limits the run to particular senders, -qIstring limits it to particular queue identifiers, and -qGstring limits it to a particular queue group. You may also place an ! before the I or R or S to indicate that jobs are limited to not including a particular queue identifier, recipient or sender. For example, -q!Rseattle limits the queue run to jobs that do not have the stringseattle somewhere in one of the recipient addresses. Should you need to terminate the queue jobs currently active then a SIGTERM to the parent of the process (or processes) will cleanly stop the jobs.

So the -qI flag followed by an identifier only processes that message.

Sending to a host that got marked as timeout: the Timeout.hoststatus option

When sending just one message, you definitely want to disregard any cached host timeout status: you want to retry the message now, not skip it just because the host had a timeout a while ago.

This is where the -OTimeout.hoststatus=0m comes in: it sets the cache to zero minutes.

Below are the relevant bits of documentation.

[WayBack] cf/m4/README.txt:

confTO_HOSTSTATUS  Timeout.hoststatus
                    [30m] How long information about host
                    statuses will be maintained before it
                    is considered stale and the host should
                    be retried.  This applies both within
                    a single queue run and to persistent
                    information (see below).
confHOST_STATUS_DIRECTORY HostStatusDirectory
                    [undefined] If set, host status is kept
                    on disk between sendmail runs in the
                    named directory tree.  This need not be
                    a full pathname, in which case it is
                    interpreted relative to the queue

[WayBack] chapter 4 “TUNING”

Read timeouts

Timeouts all have option names Timeout.suboption. Most of these control SMTP operations. The recognized suboptions, their default values, and the minimum values allowed by RFC 2821 section (or RFC 1123 section 5.3.2) are:

How long status information about a host (e.g., host down) will be cached before it is considered stale [30m, unspecified].

A trick that really works

With the above information,

sendmail -v -OTimeout.hoststatus=0m -qImessage_identifier

So it is now a bash function for me: sendmail-retry-one-messae-by-queue-ID:

function sendmail-retry-one-messae-by-queue-ID() {
  sendmail -v -OTimeout.hoststatus=0m -qI$1                     

Back to the original “trick” (that makes you loose the message)

I made it into a function:

function sendmail-bounce-one-message-by-queue-ID() {
  sendmail -oTnow -qI$1

From [WayBack] Forcing the queue on individual email message:


Paul Aviles wrote:

> I know about sendmail -q, but is is possible to individually kill a 
> pending queued email or force it with or without an NDA?

This is simple. Use the mailq command to find the local queue ID of the message. It will look something like:


You can then flush the message with:

      sendmail -qIyourqueueID -oTnow

The “I” flag to the -q flag specifies which queue ID to use. The -oTnow flag sets the queue timeout to “now”. Note sendmail will still try to deliver the message once when you do this. If this is not OK, then blow the message away with:

      rm /var/spool/mqueue/*yourqueueID

But the timeout is much recommended over blowing the message away.

Just another “Harker’s Helpful Hints”



Posted in *nix, *nix-tools, Power User, sendmail | Leave a Comment »

%d bloggers like this: