1
2 SENDMAIL RELEASE 8
3
4This directory has the latest sendmail(TM) software from Sendmail, Inc.
5
6Report any bugs to sendmail-bugs@sendmail.ORG
7
8There is a web site at http://WWW.Sendmail.ORG/ -- see that site for
9the latest updates.
10
11+--------------+
12| INTRODUCTION |
13+--------------+
14
150. The vast majority of queries to <sendmail-questions@sendmail.org>
16 are answered in the README files noted below.
17
181. Read this README file, especially this introduction, and the DIRECTORY
19 PERMISSIONS sections.
20
212. Read the INSTALL file in this directory.
22
233. Read sendmail/README, especially:
24 a. the introduction
25 b. the BUILDING SENDMAIL section
26 c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
27
28 You may also find these useful:
29
30 d. sendmail/SECURITY
31 e. devtools/README
32 f. devtools/Site/README
33 g. libmilter/README
34 h. mail.local/README
35 i. smrsh/README
36
374. Read cf/README.
38
39Sendmail is a trademark of Sendmail, Inc.
40
41+-----------------------+
42| DIRECTORY PERMISSIONS |
43+-----------------------+
44
45Sendmail often gets blamed for many problems that are actually the
46result of other problems, such as overly permissive modes on directories.
47For this reason, sendmail checks the modes on system directories and
48files to determine if they can be trusted. For sendmail to run without
49complaining, you MUST execute the following command:
50
51 chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
52 chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
53
54You will probably have to tweak this for your environment (for example,
55some systems put the spool directory into /usr/spool instead of
56/var/spool). If you set the RunAsUser option in your sendmail.cf, the
57/var/spool/mqueue directory will have to be owned by the RunAsUser user.
58As a general rule, after you have compiled sendmail, run the command
59
60 sendmail -v -bi
61
62to initialize the alias database. If it gives messages such as
63
64 WARNING: writable directory /etc
65 WARNING: writable directory /var/spool/mqueue
66
67then the directories listed have inappropriate write permissions and
68should be secured to avoid various possible security attacks.
69
70Beginning with sendmail 8.9, these checks have become more strict to
71prevent users from being able to access files they would normally not
72be able to read. In particular, .forward and :include: files in unsafe
73directory paths (directory paths which are group or world writable) will
74no longer be allowed. This would mean that if user joe's home directory
75was writable by group staff, sendmail would not use his .forward file.
76This behavior can be altered, at the expense of system security, by
77setting the DontBlameSendmail option. For example, to allow .forward
78files in group writable directories:
79
80 O DontBlameSendmail=forwardfileingroupwritabledirpath
81
82Or to allow them in both group and world writable directories:
83
84 O DontBlameSendmail=forwardfileinunsafedirpath
85
86Items from these unsafe .forward and :include: files will be marked
87as unsafe addresses -- the items can not be deliveries to files or
88programs. This behavior can also be altered via DontBlameSendmail:
89
90 O DontBlameSendmail=forwardfileinunsafedirpath,
91 forwardfileinunsafedirpathsafe
92
93The first flag allows the .forward file to be read, the second allows
94the items in the file to be marked as safe for file and program
95delivery.
96
97Other files affected by this strengthened security include class
98files (i.e., Fw /etc/mail/local-host-names), persistent host status files,
99and the files specified by the ErrorHeader and HelpFile options. Similar
100DontBlameSendmail flags are available for the class, ErrorHeader, and
101HelpFile files.
102
103If you have an unsafe configuration of .forward and :include:
104files, you can make it safe by finding all such files, and doing
105a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for
106each directory in the file's path.
107
108
109+--------------------------+
110| FILE AND MAP PERMISSIONS |
111+--------------------------+
112
113Any application which uses either flock() or fcntl() style locking or
114other APIs that use one of these locking methods (such as open() with
115O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users
116may be susceptible to local denial of service attacks.
117
118File locking is used throughout sendmail for a variety of files
119including aliases, maps, statistics, and the pid file. Any user who
120can open one of these files can prevent sendmail or it's associated
121utilities, e.g., makemap or newaliases, from operating properly. This
122can also affect sendmail's ability to update status files such as
123statistics files. For system which use flock() for file locking, a
124user's ability to obtain an exclusive lock prevents other sendmail
125processes from reading certain files such as alias or map databases.
126
127A workaround for this problem is to protect all sendmail files such
128that they can't be opened by untrusted users. As long as users can
129not open a file, they can not lock it. Since queue files should
130already have restricted permissions, the only files that need
131adjustment are alias, map, statistics, and pid files. These files
132should be owned by root or the trusted user specified in the
133TrustedUser option. Changing the permissions to be only readable and
134writable by that user is sufficient to avoid the denial of service.
135For example, depending on the paths you use, these commands would be
136used:
137
138 chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
139 chmod 0640 /etc/mail/*.{db,pag,dir}
140 chmod 0640 /etc/mail/statistics /var/log/sendmail.st
141 chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
142
143If the permissions 0640 are used, be sure that only trusted users belong
144to the group assigned to those files. Otherwise, files should not even
145be group readable. As of sendmail 8.12.4, the permissions shown above
146are the default permissions for newly created files.
147
148Note that the denial of service on the plain text aliases file
149(/etc/mail/aliases) only prevents newaliases from rebuilding the
150aliases file. The same is true for the database files on systems which
151use fcntl() style locking. Since it does not interfere with normal
152operations, sites may chose to leave these files readable. Also, it is
153not necessary to protect the text files associated with map databases
154as makemap does not lock those files.
155
156
157+-----------------------+
158| RELATED DOCUMENTATION |
159+-----------------------+
160
161There are other files you should read. Rooted in this directory are:
162
163 FAQ
164 The FAQ (frequently answered questions) is no longer maintained
165 with the sendmail release. It is available at
166 http://www.sendmail.org/faq/ . The file FAQ is a reminder of
167 this and a pointer to the web page.
168 INSTALL
169 Installation instructions for building and installing sendmail.
170 KNOWNBUGS
171 Known bugs in the current release.
172 RELEASE_NOTES
173 A detailed description of the changes in each version. This
174 is quite long, but informative.
175 sendmail/README
176 Details on compiling and installing sendmail.
177 cf/README
178 Details on configuring sendmail.
179 doc/op/op.me
| 1
2 SENDMAIL RELEASE 8
3
4This directory has the latest sendmail(TM) software from Sendmail, Inc.
5
6Report any bugs to sendmail-bugs@sendmail.ORG
7
8There is a web site at http://WWW.Sendmail.ORG/ -- see that site for
9the latest updates.
10
11+--------------+
12| INTRODUCTION |
13+--------------+
14
150. The vast majority of queries to <sendmail-questions@sendmail.org>
16 are answered in the README files noted below.
17
181. Read this README file, especially this introduction, and the DIRECTORY
19 PERMISSIONS sections.
20
212. Read the INSTALL file in this directory.
22
233. Read sendmail/README, especially:
24 a. the introduction
25 b. the BUILDING SENDMAIL section
26 c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
27
28 You may also find these useful:
29
30 d. sendmail/SECURITY
31 e. devtools/README
32 f. devtools/Site/README
33 g. libmilter/README
34 h. mail.local/README
35 i. smrsh/README
36
374. Read cf/README.
38
39Sendmail is a trademark of Sendmail, Inc.
40
41+-----------------------+
42| DIRECTORY PERMISSIONS |
43+-----------------------+
44
45Sendmail often gets blamed for many problems that are actually the
46result of other problems, such as overly permissive modes on directories.
47For this reason, sendmail checks the modes on system directories and
48files to determine if they can be trusted. For sendmail to run without
49complaining, you MUST execute the following command:
50
51 chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
52 chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
53
54You will probably have to tweak this for your environment (for example,
55some systems put the spool directory into /usr/spool instead of
56/var/spool). If you set the RunAsUser option in your sendmail.cf, the
57/var/spool/mqueue directory will have to be owned by the RunAsUser user.
58As a general rule, after you have compiled sendmail, run the command
59
60 sendmail -v -bi
61
62to initialize the alias database. If it gives messages such as
63
64 WARNING: writable directory /etc
65 WARNING: writable directory /var/spool/mqueue
66
67then the directories listed have inappropriate write permissions and
68should be secured to avoid various possible security attacks.
69
70Beginning with sendmail 8.9, these checks have become more strict to
71prevent users from being able to access files they would normally not
72be able to read. In particular, .forward and :include: files in unsafe
73directory paths (directory paths which are group or world writable) will
74no longer be allowed. This would mean that if user joe's home directory
75was writable by group staff, sendmail would not use his .forward file.
76This behavior can be altered, at the expense of system security, by
77setting the DontBlameSendmail option. For example, to allow .forward
78files in group writable directories:
79
80 O DontBlameSendmail=forwardfileingroupwritabledirpath
81
82Or to allow them in both group and world writable directories:
83
84 O DontBlameSendmail=forwardfileinunsafedirpath
85
86Items from these unsafe .forward and :include: files will be marked
87as unsafe addresses -- the items can not be deliveries to files or
88programs. This behavior can also be altered via DontBlameSendmail:
89
90 O DontBlameSendmail=forwardfileinunsafedirpath,
91 forwardfileinunsafedirpathsafe
92
93The first flag allows the .forward file to be read, the second allows
94the items in the file to be marked as safe for file and program
95delivery.
96
97Other files affected by this strengthened security include class
98files (i.e., Fw /etc/mail/local-host-names), persistent host status files,
99and the files specified by the ErrorHeader and HelpFile options. Similar
100DontBlameSendmail flags are available for the class, ErrorHeader, and
101HelpFile files.
102
103If you have an unsafe configuration of .forward and :include:
104files, you can make it safe by finding all such files, and doing
105a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for
106each directory in the file's path.
107
108
109+--------------------------+
110| FILE AND MAP PERMISSIONS |
111+--------------------------+
112
113Any application which uses either flock() or fcntl() style locking or
114other APIs that use one of these locking methods (such as open() with
115O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users
116may be susceptible to local denial of service attacks.
117
118File locking is used throughout sendmail for a variety of files
119including aliases, maps, statistics, and the pid file. Any user who
120can open one of these files can prevent sendmail or it's associated
121utilities, e.g., makemap or newaliases, from operating properly. This
122can also affect sendmail's ability to update status files such as
123statistics files. For system which use flock() for file locking, a
124user's ability to obtain an exclusive lock prevents other sendmail
125processes from reading certain files such as alias or map databases.
126
127A workaround for this problem is to protect all sendmail files such
128that they can't be opened by untrusted users. As long as users can
129not open a file, they can not lock it. Since queue files should
130already have restricted permissions, the only files that need
131adjustment are alias, map, statistics, and pid files. These files
132should be owned by root or the trusted user specified in the
133TrustedUser option. Changing the permissions to be only readable and
134writable by that user is sufficient to avoid the denial of service.
135For example, depending on the paths you use, these commands would be
136used:
137
138 chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
139 chmod 0640 /etc/mail/*.{db,pag,dir}
140 chmod 0640 /etc/mail/statistics /var/log/sendmail.st
141 chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
142
143If the permissions 0640 are used, be sure that only trusted users belong
144to the group assigned to those files. Otherwise, files should not even
145be group readable. As of sendmail 8.12.4, the permissions shown above
146are the default permissions for newly created files.
147
148Note that the denial of service on the plain text aliases file
149(/etc/mail/aliases) only prevents newaliases from rebuilding the
150aliases file. The same is true for the database files on systems which
151use fcntl() style locking. Since it does not interfere with normal
152operations, sites may chose to leave these files readable. Also, it is
153not necessary to protect the text files associated with map databases
154as makemap does not lock those files.
155
156
157+-----------------------+
158| RELATED DOCUMENTATION |
159+-----------------------+
160
161There are other files you should read. Rooted in this directory are:
162
163 FAQ
164 The FAQ (frequently answered questions) is no longer maintained
165 with the sendmail release. It is available at
166 http://www.sendmail.org/faq/ . The file FAQ is a reminder of
167 this and a pointer to the web page.
168 INSTALL
169 Installation instructions for building and installing sendmail.
170 KNOWNBUGS
171 Known bugs in the current release.
172 RELEASE_NOTES
173 A detailed description of the changes in each version. This
174 is quite long, but informative.
175 sendmail/README
176 Details on compiling and installing sendmail.
177 cf/README
178 Details on configuring sendmail.
179 doc/op/op.me
|
180 The sendmail Installation & Operations Guide. Be warned: if
181 you are running this off on SunOS or some other system with an
182 old version of -me, you need to add the following macro to the
183 macros:
| 180 The sendmail Installation & Operations Guide. In addition
181 to the shipped PostScript version, plain text and PDF versions
182 can be generating using (assuming the required conversion software
183 is installed on your system, see doc/op/Makefile):
|
184
| 184
|
| 185 cd doc/op && make op.txt op.pdf
186
187 Be warned: on some systems calling make in doc/op/ will cause
188 errors due to nroff/groff problems. Known problems are:
189 - running this off on systems with an old version of -me, you
190 need to add the following macro to the macros:
191
|
185 .de sm
186 \s-1\\$1\\s0\\$2
187 ..
188
189 This sets a word in a smaller pointsize.
190
| 192 .de sm
193 \s-1\\$1\\s0\\$2
194 ..
195
196 This sets a word in a smaller pointsize.
197
|
| 198 - with new groff versions (1.18 seems affected)
|
191
| 199
|
| 200 GROFF_NO_SGR=1
201
202 needs to be set, e.g., in doc/op/Makefile:
203
204 ROFF_CMD= GROFF_NO_SGR=1 groff
205
206
|
192+--------------+
193| RELATED RFCS |
194+--------------+
195
196There are several related RFCs that you may wish to read -- they are
197available via anonymous FTP to several sites. For a list of the
198primary repositories see:
199
200 http://www.isi.edu/in-notes/rfc-retrieval.txt
201
202They are also online at:
203
204 http://www.ietf.org/
205
206They can also be retrieved via electronic mail by sending
207email to one of:
208
209 mail-server@nisc.sri.com
210 Put "send rfcNNN" in message body
211 nis-info@nis.nsf.net
212 Put "send RFCnnn.TXT-1" in message body
213 sendrfc@jvnc.net
214 Put "RFCnnn" as Subject: line
215
216For further instructions see:
217
218 http://www.isi.edu/in-notes/rfc-editor/rfc-info
219
220Important RFCs for electronic mail are:
221
222 RFC821 SMTP protocol
223 RFC822 Mail header format
224 RFC974 MX routing
225 RFC976 UUCP mail format
226 RFC1123 Host requirements (modifies 821, 822, and 974)
227 RFC1344 Implications of MIME for Internet Mail Gateways
228 RFC1413 Identification server
229 RFC1428 Transition of Internet Mail from Just-Send-8 to
230 8-bit SMTP/MIME
231 RFC1652 SMTP Service Extension for 8bit-MIMEtransport
232 RFC1869 SMTP Service Extensions (ESMTP spec)
233 RFC1870 SMTP Service Extension for Message Size Declaration
234 RFC1891 SMTP Service Extension for Delivery Status Notifications
235 RFC1892 Multipart/Report Content Type for the Reporting of
236 Mail System Administrative Messages
237 RFC1893 Enhanced Mail System Status Codes
238 RFC1894 An Extensible Message Format for Delivery Status
239 Notifications
240 RFC1985 SMTP Service Extension for Remote Message Queue Starting
241 RFC2033 Local Mail Transfer Protocol (LMTP)
242 RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
243 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One:
244 Format of Internet Message Bodies
245 RFC2476 Message Submission
246 RFC2487 SMTP Service Extension for Secure SMTP over TLS
247 RFC2554 SMTP Service Extension for Authentication
248 RFC2821 Simple Mail Transfer Protocol
249 RFC2822 Internet Message Format
250 RFC2852 Deliver By SMTP Service Extension
251 RFC2920 SMTP Service Extension for Command Pipelining
252
253Other standards that may be of interest (but which are less directly
254relevant to sendmail) are:
255
256 RFC987 Mapping between RFC822 and X.400
257 RFC1049 Content-Type header field (extension to RFC822)
258
259Warning to AIX users: this version of sendmail does not implement
260MB, MR, or MG DNS resource records, as defined (as experiments) in
261RFC1035.
262
263
264+---------+
265| WARNING |
266+---------+
267
268Since sendmail 8.11 and later includes hooks to cryptography, the
269following information from OpenSSL applies to sendmail as well.
270
271PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
272SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
273TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
274PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
275COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
276SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
277YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
278AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
279ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
280
281If you use OpenSSL then make sure you read their README file which
282contains information about patents etc.
283
284
285+-------------------+
286| DATABASE ROUTINES |
287+-------------------+
288
289IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT ****
290use the version that was on the Net2 tape -- it has a number of
291nefarious bugs that were bad enough when I got them; you shouldn't have
292to go through the same thing. Instead, get a new version via the web at
293http://www.sleepycat.com/. This software is highly recommended; it gets
294rid of several stupid limits, it's much faster, and the interface is
295nicer to animals and plants. If the Berkeley DB include files
296are installed in a location other than those which your compiler searches,
297you will need to provide that directory when building:
298
299 Build -I/path/to/include/directory
300
301If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
302urged to upgrade to DB version 2 or later, available from
303http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to
304be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
305and can cause sendmail to dump core. In addition, the newest versions of
306gcc and the Solaris compilers perform optimizations in those versions that
307may cause fairly random core dumps.
308
309If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
310using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
311and ndbm.o from the DB library after building it. You should also apply
312all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
313(see http://www.sleepycat.com/db.185.html), as they fix some of the known
314problems.
315
316If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
317are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
318from the DB library after building it. No other changes are necessary.
319
320If you are using Berkeley DB version 2.3.15 or greater, no changes are
321necessary.
322
323The underlying database file formats changed between Berkeley DB versions
3241.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
325DB 2.X and 3.X. If you are upgrading from one of those versions, you must
326recreate your database file(s). Do this by rebuilding all maps with
327makemap and rebuilding the alias file with newaliases.
328
329
330+--------------------+
331| HOST NAME SERVICES |
332+--------------------+
333
334If you are using NIS or /etc/hosts, it is critical that you
335list the long (fully qualified) name somewhere (preferably first) in
336the /etc/hosts file used to build the NIS database. For example, the
337line should read
338
339 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon
340
341**** NOT ****
342
343 128.32.149.68 mastodon
344
345If you do not include the long name, sendmail will complain loudly
346about ``unable to qualify my own domain name (mastodon) -- using
347short name'' and conclude that your canonical name is the short
348version and use that in messages. The name "mastodon" doesn't mean
349much outside of Berkeley, and so this creates incorrect and unreplyable
350messages.
351
352
353+-------------+
354| USE WITH MH |
355+-------------+
356
357This version of sendmail notices and reports certain kinds of SMTP
358protocol violations that were ignored by older versions. If you
359are running MH you may wish to install the patch in contrib/mh.patch
360that will prevent these warning reports. This patch also works
361with the old version of sendmail, so it's safe to go ahead and
362install it.
363
364
365+----------------+
366| USE WITH IDENT |
367+----------------+
368
369Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
370Note that the RFC states a client should wait at least 30 seconds
371for a response. As of 8.10.0, the default Timeout.ident is 5 seconds
372as many sites have adopted the practice of dropping IDENT queries.
373This has lead to delays processing mail.
374
375No ident server is included with this distribution. It is available
376from:
377
378 ftp://ftp.lysator.liu.se/pub/ident/servers/
379 http://sf.www.lysator.liu.se/~pen/pidentd/
380
381+-------------------------+
382| INTEROPERATION PROBLEMS |
383+-------------------------+
384
385Microsoft Exchange Server 5.0
386 We have had a report that ``about 7% of messages from Sendmail
387 to Exchange were not being delivered with status messages of
388 "connection reset" and "I/O error".'' Upgrading Exchange from
389 Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
390
391CommuniGate Pro
392 CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
393 the MAIL FROM command if the client is not authenticated. Use
394
395 define(`confAUTH_OPTIONS', `A')
396
397 in .mc file if you have compiled sendmail with Cyrus SASL
398 and you communicate with CommuniGate Pro servers.
399
400+---------------------+
401| DIRECTORY STRUCTURE |
402+---------------------+
403
404The structure of this directory tree is:
405
406cf Source for sendmail configuration files. These are
407 different than what you've seen before. They are a
408 fairly dramatic rewrite, requiring the new sendmail
409 (since they use new features).
410contrib Some contributed tools to help with sendmail. THESE
411 ARE NOT SUPPORTED by sendmail -- contact the original
412 authors if you have problems. (This directory is not
413 on the 4.4BSD tape.)
414devtools Build environment. See devtools/README.
415doc Documentation. If you are getting source, read
416 op.me -- it's long, but worth it.
417editmap A program to edit and query maps that have been created
418 with makemap, e.g., adding and deleting entries.
419include Include files used by multiple programs in the distribution.
420libsmdb sendmail database library with support for Berkeley DB 1.X,
421 Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
422libsmutil sendmail utility library with functions used by different
423 programs.
424mail.local The source for the local delivery agent used for 4.4BSD.
425 THIS IS NOT PART OF SENDMAIL! and may not compile
426 everywhere, since it depends on some 4.4-isms. Warning:
427 it does mailbox locking differently than other systems.
428mailstats Statistics printing program.
429makemap A program that creates the keyed maps used by the $( ... $)
430 construct in sendmail. It is primitive but effective.
431 It takes a very simple input format, so you will probably
432 expect to preprocess must human-convenient formats
433 using sed scripts before this program will like them.
434 But it should be functionally complete.
435praliases A program to print the DBM or NEWDB version of the
436 aliases file.
437rmail Source for rmail(8). This is used as a delivery
438 agent for for UUCP, and could presumably be used by
439 other non-socket oriented mailers. Older versions of
440 rmail are probably deficient. RMAIL IS NOT PART OF
441 SENDMAIL!!! The 4.4BSD source is included for you to
442 look at or try to port to your system. There is no
443 guarantee it will even compile on your operating system.
444smrsh The "sendmail restricted shell", which can be used as
445 a replacement for /bin/sh in the prog mailer to provide
446 increased security control. NOT PART OF SENDMAIL!
447sendmail Source for the sendmail program itself.
448test Some test scripts (currently only for compilation aids).
449vacation Source for the vacation program. NOT PART OF SENDMAIL!
450
| 207+--------------+
208| RELATED RFCS |
209+--------------+
210
211There are several related RFCs that you may wish to read -- they are
212available via anonymous FTP to several sites. For a list of the
213primary repositories see:
214
215 http://www.isi.edu/in-notes/rfc-retrieval.txt
216
217They are also online at:
218
219 http://www.ietf.org/
220
221They can also be retrieved via electronic mail by sending
222email to one of:
223
224 mail-server@nisc.sri.com
225 Put "send rfcNNN" in message body
226 nis-info@nis.nsf.net
227 Put "send RFCnnn.TXT-1" in message body
228 sendrfc@jvnc.net
229 Put "RFCnnn" as Subject: line
230
231For further instructions see:
232
233 http://www.isi.edu/in-notes/rfc-editor/rfc-info
234
235Important RFCs for electronic mail are:
236
237 RFC821 SMTP protocol
238 RFC822 Mail header format
239 RFC974 MX routing
240 RFC976 UUCP mail format
241 RFC1123 Host requirements (modifies 821, 822, and 974)
242 RFC1344 Implications of MIME for Internet Mail Gateways
243 RFC1413 Identification server
244 RFC1428 Transition of Internet Mail from Just-Send-8 to
245 8-bit SMTP/MIME
246 RFC1652 SMTP Service Extension for 8bit-MIMEtransport
247 RFC1869 SMTP Service Extensions (ESMTP spec)
248 RFC1870 SMTP Service Extension for Message Size Declaration
249 RFC1891 SMTP Service Extension for Delivery Status Notifications
250 RFC1892 Multipart/Report Content Type for the Reporting of
251 Mail System Administrative Messages
252 RFC1893 Enhanced Mail System Status Codes
253 RFC1894 An Extensible Message Format for Delivery Status
254 Notifications
255 RFC1985 SMTP Service Extension for Remote Message Queue Starting
256 RFC2033 Local Mail Transfer Protocol (LMTP)
257 RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
258 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One:
259 Format of Internet Message Bodies
260 RFC2476 Message Submission
261 RFC2487 SMTP Service Extension for Secure SMTP over TLS
262 RFC2554 SMTP Service Extension for Authentication
263 RFC2821 Simple Mail Transfer Protocol
264 RFC2822 Internet Message Format
265 RFC2852 Deliver By SMTP Service Extension
266 RFC2920 SMTP Service Extension for Command Pipelining
267
268Other standards that may be of interest (but which are less directly
269relevant to sendmail) are:
270
271 RFC987 Mapping between RFC822 and X.400
272 RFC1049 Content-Type header field (extension to RFC822)
273
274Warning to AIX users: this version of sendmail does not implement
275MB, MR, or MG DNS resource records, as defined (as experiments) in
276RFC1035.
277
278
279+---------+
280| WARNING |
281+---------+
282
283Since sendmail 8.11 and later includes hooks to cryptography, the
284following information from OpenSSL applies to sendmail as well.
285
286PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
287SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
288TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
289PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
290COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
291SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
292YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
293AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
294ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
295
296If you use OpenSSL then make sure you read their README file which
297contains information about patents etc.
298
299
300+-------------------+
301| DATABASE ROUTINES |
302+-------------------+
303
304IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT ****
305use the version that was on the Net2 tape -- it has a number of
306nefarious bugs that were bad enough when I got them; you shouldn't have
307to go through the same thing. Instead, get a new version via the web at
308http://www.sleepycat.com/. This software is highly recommended; it gets
309rid of several stupid limits, it's much faster, and the interface is
310nicer to animals and plants. If the Berkeley DB include files
311are installed in a location other than those which your compiler searches,
312you will need to provide that directory when building:
313
314 Build -I/path/to/include/directory
315
316If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
317urged to upgrade to DB version 2 or later, available from
318http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to
319be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
320and can cause sendmail to dump core. In addition, the newest versions of
321gcc and the Solaris compilers perform optimizations in those versions that
322may cause fairly random core dumps.
323
324If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
325using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
326and ndbm.o from the DB library after building it. You should also apply
327all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
328(see http://www.sleepycat.com/db.185.html), as they fix some of the known
329problems.
330
331If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
332are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
333from the DB library after building it. No other changes are necessary.
334
335If you are using Berkeley DB version 2.3.15 or greater, no changes are
336necessary.
337
338The underlying database file formats changed between Berkeley DB versions
3391.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
340DB 2.X and 3.X. If you are upgrading from one of those versions, you must
341recreate your database file(s). Do this by rebuilding all maps with
342makemap and rebuilding the alias file with newaliases.
343
344
345+--------------------+
346| HOST NAME SERVICES |
347+--------------------+
348
349If you are using NIS or /etc/hosts, it is critical that you
350list the long (fully qualified) name somewhere (preferably first) in
351the /etc/hosts file used to build the NIS database. For example, the
352line should read
353
354 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon
355
356**** NOT ****
357
358 128.32.149.68 mastodon
359
360If you do not include the long name, sendmail will complain loudly
361about ``unable to qualify my own domain name (mastodon) -- using
362short name'' and conclude that your canonical name is the short
363version and use that in messages. The name "mastodon" doesn't mean
364much outside of Berkeley, and so this creates incorrect and unreplyable
365messages.
366
367
368+-------------+
369| USE WITH MH |
370+-------------+
371
372This version of sendmail notices and reports certain kinds of SMTP
373protocol violations that were ignored by older versions. If you
374are running MH you may wish to install the patch in contrib/mh.patch
375that will prevent these warning reports. This patch also works
376with the old version of sendmail, so it's safe to go ahead and
377install it.
378
379
380+----------------+
381| USE WITH IDENT |
382+----------------+
383
384Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
385Note that the RFC states a client should wait at least 30 seconds
386for a response. As of 8.10.0, the default Timeout.ident is 5 seconds
387as many sites have adopted the practice of dropping IDENT queries.
388This has lead to delays processing mail.
389
390No ident server is included with this distribution. It is available
391from:
392
393 ftp://ftp.lysator.liu.se/pub/ident/servers/
394 http://sf.www.lysator.liu.se/~pen/pidentd/
395
396+-------------------------+
397| INTEROPERATION PROBLEMS |
398+-------------------------+
399
400Microsoft Exchange Server 5.0
401 We have had a report that ``about 7% of messages from Sendmail
402 to Exchange were not being delivered with status messages of
403 "connection reset" and "I/O error".'' Upgrading Exchange from
404 Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
405
406CommuniGate Pro
407 CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
408 the MAIL FROM command if the client is not authenticated. Use
409
410 define(`confAUTH_OPTIONS', `A')
411
412 in .mc file if you have compiled sendmail with Cyrus SASL
413 and you communicate with CommuniGate Pro servers.
414
415+---------------------+
416| DIRECTORY STRUCTURE |
417+---------------------+
418
419The structure of this directory tree is:
420
421cf Source for sendmail configuration files. These are
422 different than what you've seen before. They are a
423 fairly dramatic rewrite, requiring the new sendmail
424 (since they use new features).
425contrib Some contributed tools to help with sendmail. THESE
426 ARE NOT SUPPORTED by sendmail -- contact the original
427 authors if you have problems. (This directory is not
428 on the 4.4BSD tape.)
429devtools Build environment. See devtools/README.
430doc Documentation. If you are getting source, read
431 op.me -- it's long, but worth it.
432editmap A program to edit and query maps that have been created
433 with makemap, e.g., adding and deleting entries.
434include Include files used by multiple programs in the distribution.
435libsmdb sendmail database library with support for Berkeley DB 1.X,
436 Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
437libsmutil sendmail utility library with functions used by different
438 programs.
439mail.local The source for the local delivery agent used for 4.4BSD.
440 THIS IS NOT PART OF SENDMAIL! and may not compile
441 everywhere, since it depends on some 4.4-isms. Warning:
442 it does mailbox locking differently than other systems.
443mailstats Statistics printing program.
444makemap A program that creates the keyed maps used by the $( ... $)
445 construct in sendmail. It is primitive but effective.
446 It takes a very simple input format, so you will probably
447 expect to preprocess must human-convenient formats
448 using sed scripts before this program will like them.
449 But it should be functionally complete.
450praliases A program to print the DBM or NEWDB version of the
451 aliases file.
452rmail Source for rmail(8). This is used as a delivery
453 agent for for UUCP, and could presumably be used by
454 other non-socket oriented mailers. Older versions of
455 rmail are probably deficient. RMAIL IS NOT PART OF
456 SENDMAIL!!! The 4.4BSD source is included for you to
457 look at or try to port to your system. There is no
458 guarantee it will even compile on your operating system.
459smrsh The "sendmail restricted shell", which can be used as
460 a replacement for /bin/sh in the prog mailer to provide
461 increased security control. NOT PART OF SENDMAIL!
462sendmail Source for the sendmail program itself.
463test Some test scripts (currently only for compilation aids).
464vacation Source for the vacation program. NOT PART OF SENDMAIL!
465
|
451$Revision: 8.90 $, Last updated $Date: 2002/05/25 02:55:59 $
| 466$Revision: 8.90.2.1 $, Last updated $Date: 2002/11/09 23:32:28 $
|
| |