TLS is a protocol implemented with the OpenSSL library. When the remote site recognizes that the local sendmail supports the STARTTLS ESMTP extension, and if policy at the remote site allows it to, the remote sends the STARTTLS command. If that command is accepted by the local sendmail, the two sides negotiate a secure connection. Part of the information determined in this negotiation is the cipher to use. Once a cipher has been accepted, and the connection allowed, sendmail updates the value of several macros, among which is this ${alg_bits} macro.

The ${alg_bits} macro holds as its value the number of bits of the symmetric encryption in the cipher that was agreed upon. That value is a text representation of a positive integer, or, if there was no cipher, the number zero.

When sendmail logs the start of a TLS session, it does so with a line such as this:

STARTTLS=who, relay=host, version=vers, verify=verify, cipher=cipher, bits=algbits/cbits  

Here, the value assigned to this ${alg_bits} macro is printed following the bits= and before the slash.

The ${alg_bits} macro is transient. If it is defined in the configuration file or in the command line, that definition can be ignored by sendmail. Note that a $& prefix is necessary when you reference this macro in rules (that is, use $&{alg_bits}, not ${alg_bits}).