Forge Home


Install and manage the Sendmail MTA.


227 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 4.1.0 (latest)
  • 4.0.0
  • 3.3.0
  • 3.2.0
  • 3.1.0
  • 3.0.2
  • 3.0.1
  • 3.0.0
  • 2.0.0
  • 1.5.0
  • 1.4.1
  • 1.4.0 (deleted)
  • 1.3.2
  • 1.3.1 (deleted)
  • 1.3.0
  • 1.2.0
  • 1.1.1
  • 1.1.0
  • 1.0.0
  • 0.7.0
  • 0.6.1
  • 0.6.0
  • 0.5.0
  • 0.4.0
  • 0.3.0
  • 0.2.0
  • 0.1.0
released Nov 27th 2023
This version is compatible with:
  • Puppet Enterprise 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'stm-sendmail', '4.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add stm-sendmail
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install stm-sendmail --version 4.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



stm/sendmail — version 4.1.0 Nov 27th 2023


Build Status Puppet Forge License

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with sendmail
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module


Install and manage the Sendmail MTA.

Module Description

Sendmail is a powerful mail transfer agent, and this modules provides an easier way to generate and manage the main Sendmail configuration files /etc/mail/ and /etc/mail/ It also manages entries in various Sendmail database files (e.g. /etc/mail/access and /etc/mail/mailertable).


What sendmail affects

  • The module installs the operating system package to run the Sendmail MTA and possibly some other packages (make, m4, ...) to support it.
  • In a default installation almost all the managed files are in the /etc/mail directory. A notably exception is the /etc/aliases file.
  • The module may generate a new /etc/mail/ which is the source for /etc/mail/ This file is the main Sendmail configuration file and it affects how Sendmail operates.

WARNING: Make sure to understand and test everything in these files before putting it in production. You alone are accountable for deploying a safe mailer configuration. If you do not know how to configure Sendmail without this module, then you should not assume you can do it with it.

Setup Requirements

The sendmail module uses a custom Augeas lense so the Puppet configuration setting pluginsync must be enabled. It also requires the Puppetlabs modules stdlib, concat, augeas_core and mailalias_core.

Beginning with Sendmail

Declare the Sendmail class to install and run Sendmail with the default parameters.

class { 'sendmail': }

This installs the necessary packages and starts the Sendmail service. With this setup Sendmail will send messages to other hosts and also accept mail for the local host.

Sendmail has a lot of configuration knobs and a complete setup may need more than just a few parameters. So it is probably a good idea to encapsulate your Sendmail settings by using the roles and profiles pattern.


The Sendmail module provides classes and defined types to individually manage many of the configuration parameters used in the file. This offers the possibility to manage even complex and unusual configurations with Puppet. The main Sendmail class also has parameters to directly enable certain configuration items without the need to provide a complete user defined configuration.

I need a couple of macros and features in my Sendmail setting

Normally the configuration of Sendmail is done by adding define statements to the main configuration file. The m4 macro processor is used to convert the settings into a file that Sendmail understands.

The same mechanism is used to add features like greylisting, virtual user setups or DNS blacklists. Sendmail uses the feature statement in the configuration to enable the features.

With the Sendmail module these settings are defined by adding resources using the sendmail::mc::define or sendmail::mc::feature defined types.

# Manage Sendmail and set a smart host and the maximum message size
class { 'sendmail':
  smart_host       => '',
  max_message_size => '32MB',

# Set maximum number of daemon processes
sendmail::mc::define { 'confMAX_DAEMON_CHILDREN':
  expansion => '8',

# Include ratecontrol feature with parameters
sendmail::mc::feature { 'ratecontrol':
  args => [ 'nodelay', 'terminate', ],

# Enable access_db feature
sendmail::mc::feature { 'access_db': }

# Manage access_db entries in hiera
class { 'sendmail::access': }

# Manage aliases file using a template
class { 'sendmail::aliases':
  content => template('site/aliases.erb'),

See for the complete list of available types that can be used.

Most hosts do not need to receive mail

Use the sendmail::nullclient class to create a setup where no mail can be received from the outside and all local mail is forwarded to a central mail hub. This configuration is appropriate for the majority of satellite hosts.

class { 'sendmail::nullclient':
  mail_hub => '[]',

I already have a working config and like to keep it

Disable the internal management of the sendmail configuration files by setting the parameters manage_sendmail_mc or manage_submit_mc to false:

class { 'sendmail':
  manage_sendmail_mc => false,
  manage_submit_mc   => false,

Note: These settings also disable the automatic generation of the and files. You will have to do that yourself if you change one of the files.

I am behind a firewall and need to forward outgoing mail to a relay host

Use the smart_host parameter to set the host where all outgoing mail should be forwarded to.

class { 'sendmail':
  smart_host => '',

I have a host that should not receive any mail from the outside

You can use the enable_ipv4_daemon and enable_ipv6_daemon parameters to prevent Sendmail from listening on all available network interfaces. Use the sendmail::mc::daemon_options defined type to explicitly define the addresses to use.

class { 'sendmail':
  enable_ipv4_daemon => false,
  enable_ipv6_daemon => false,

sendmail::mc::daemon_options { 'MTA-v4':
  addr   => '',
  family => 'inet',
  port   => 'smtp',

Transport layer encryption (TLS) is a must in my setup

The Sendmail class has a comprehensive set of TLS related parameters. The following configuration creates a simple TLS enabled setup. Remember to adjust the pathnames to your setup.

class { 'sendmail':
  ca_cert_file     => '/etc/mail/tls/my-ca-cert.pem',
  server_cert_file => '/etc/mail/tls/server.pem',
  server_key_file  => '/etc/mail/tls/server.key',
  client_cert_file => '/etc/mail/tls/server.pem',
  client_key_file  => '/etc/mail/tls/server.key',
  cipher_list      => 'HIGH:!MD5:!eNULL',

Note: The Sendmail module does not manage any X.509 certificates or keys.

All my users are managed using LDAP

A complex configuration like this is supported by using the provided defined types as building blocks. The following example configuration reflects a setup that is actually in use.

sendmail::mc::define { 'confLDAP_CLUSTER':
  expansion => '',

sendmail::mc::define { 'confLDAP_DEFAULT_SPEC':
  expansion => '-H ldapi:/// -w 3 -b dc=example,dc=net',

sendmail::mc::ldaproute_domain { '': }

$ldap_filter = '(&(objectClass=inetLocalMailRecipient)(mailLocalAddress=%0))'

sendmail::mc::feature { 'ldap_routing':
  args => [
    "ldap -1 -T<TMPF> -v mailHost -k ${ldap_filter}",
    "ldap -1 -T<TMPF> -v mailRoutingAddress -k ${ldap_filter}",

sendmail::mc::feature { 'virtusertable':
  args => "ldap -1 -T<TMPF> -v uid -k ${ldap_filter}",


See the included


The Sendmail module is currently developed and tested on:

  • Debian 11 (Bullseye)


Sendmail is a powerful tool with many configuration options. The module includes configuration options I considered useful or needed for my own environment.

You may open Github issues for this module if you need additional configuration file options currently not available.

Feel free to send pull requests for new features.