sendmail, 4th Edition by Bryan Costales, Claus Assmann, George Jansen, Gregory Neil Shapiro

AUTH encryption key length V8.11 and later

If a connection is authenticated with RFC2554 AUTH, and if an encryption layer is used, a key length will be associated with the encryption used. This ${auth_ssf} macro is assigned that length, which is an integer representation of the number of bits used. This is the actual key length.

This ${auth_ssf} macro is used in two places in the default sendmail.cf file. It is used by a common subroutine called from the tls_rcpt (The tls_rcpt rule set on page 215), tls_client (The access database with tls_server and tls_client on page 214), and tls_server (The access database with tls_server and tls_client on page 214) rule sets. It is also used as part of the default Received: header:

HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
        $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.)
        $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version}
        (version=${tls_version} cipher=${cipher} bits=${cipher_bits}
verify=${verify})$.$?u
        for $u; $|;
        $.$b

The ${auth_ssf} macro is useful for adding your own rules to policy rule sets. Note that a $& prefix is necessary when you reference this macro in rules (that is, use $&{auth_ssf}, not ${auth_ssf}).

${auth_ssf} is transient. If defined in the configuration file or in the command line, that definition can be ignored by sendmail.