The TempFileMode option tells sendmail what mode (file permissions) to give its temporary files and its freeze file.^[64] This TempFileMode option also sets the file permissions for delivery to files that do not already exist (and must therefore be created). Prior to V8.12, this option also set permission for queued files (see the QueueFileMode option, QueueFileMode).

^[64] V8 sendmail no longer supports freeze files.

The forms of the TempFileMode option are as follows:

O TempFileMode=mode                configuration file (V8.7 and later) 
-OTempFileMode=mode                command line (V8.7 and later) 
define(`confTEMP_FILE_MODE',`mode')    mc configuration (V8.7 and later) 
OFmode                             configuration file (old mode) 
-oFmode                            command line (old mode) 

The mode is of type octal. The default is 0600 (if the real-user-id is the same as the effective-user-id), and 0644 otherwise. If the mode has the group-writable bit set (as in 0664), the umask(2) is set to 0002 (disallow world-writable permissions) just prior to the open(2) or creat(2), and restored to its prior value just after. Be careful to not omit just the mode argument—if you do, the permissions become 0000, and sendmail might not be able to read or write its own files.

The TempFileMode option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.