13#
14
15This directory contains the source files for sendmail(TM).
16
17 *******************************************************************
18 !! Read sendmail/SECURITY for important installation information !!
19 *******************************************************************
20
21 **********************************************************
22 ** Read below for more details on building sendmail. **
23 **********************************************************
24
25**************************************************************************
26** IMPORTANT: Read the appropriate paragraphs in the section on **
27** ``Operating System and Compile Quirks''. **
28**************************************************************************
29
30For detailed instructions, please read the document ../doc/op/op.me:
31
32 cd ../doc/op ; make op.ps op.txt
33
34Sendmail is a trademark of Sendmail, Inc.
35
36
37+-------------------+
38| BUILDING SENDMAIL |
39+-------------------+
40
41By far, the easiest way to compile sendmail is to use the "Build"
42script:
43
44 sh Build
45
46This uses the "uname" command to figure out what architecture you are
47on and creates a proper Makefile accordingly. It also creates a
48subdirectory per object format, so that multiarchitecture support is
49easy. In general this should be all you need. IRIX 6.x users should
50read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section.
51
52If you need to look at other include or library directories, use the
53-I or -L flags on the command line, e.g.,
54
55 sh Build -I/usr/sww/include -L/usr/sww/lib
56
57It's also possible to create local site configuration in the file
58site.config.m4 (or another file settable with the -f flag). This
59file contains M4 definitions for various compilation values; the
60most useful are:
61
62confMAPDEF -D flags to specify database types to be included
63 (see below)
64confENVDEF -D flags to specify other environment information
65confINCDIRS -I flags for finding include files during compilation
66confLIBDIRS -L flags for finding libraries during linking
67confLIBS -l flags for selecting libraries during linking
68confLDOPTS other ld(1) linker options
69
70Others can be found by examining Makefile.m4. Please read
71../devtools/README for more information about the site.config.m4
72file.
73
74You can recompile from scratch using the -c flag with the Build
75command. This removes the existing compilation directory for the
76current platform and builds a new one. The -c flag must also
77be used if any site.*.m4 file in devtools/Site/ is changed.
78
79Porting to a new Unix-based system should be a matter of creating
80an appropriate configuration file in the devtools/OS/ directory.
81
82
83+----------------------+
84| DATABASE DEFINITIONS |
85+----------------------+
86
87There are several database formats that can be used for the alias files
88and for general maps. When used for alias files they interact in an
89attempt to be backward compatible.
90
91The options are:
92
93NEWDB The new Berkeley DB package. Some systems (e.g., BSD/OS and
94 Digital UNIX 4.0) have some version of this package
95 pre-installed. If your system does not have Berkeley DB
96 pre-installed, or the version installed is not version 2.0
97 or greater (e.g., is Berkeley DB 1.85 or 1.86), get the
98 current version from http://www.sleepycat.com/. DO NOT
99 use a version from any of the University of California,
100 Berkeley "Net" or other distributions. If you are still
101 running BSD/386 1.x, you will need to upgrade the included
102 Berkeley DB library to a current version. NEWDB is included
103 automatically if the Build script can find a library named
104 libdb.a or libdb.so.
105 See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley
106 DB versions, e.g., DB 4.1.x.
107NDBM The older NDBM implementation -- the very old V7 DBM
108 implementation is no longer supported.
109NIS Network Information Services. To use this you must have
110 NIS support on your system.
111NISPLUS NIS+ (the revised NIS released with Solaris 2). You must
112 have NIS+ support on your system to use this flag.
113HESIOD Support for Hesiod (from the DEC/Athena distribution). You
114 must already have Hesiod support on your system for this to
115 work. You may be able to get this to work with the MIT/Athena
116 version of Hesiod, but that's likely to be a lot of work.
117 BIND 8.X also includes Hesiod support.
118LDAPMAP Lightweight Directory Access Protocol support. You will
119 have to install the UMich or OpenLDAP
120 (http://www.openldap.org/) ldap and lber libraries to use
121 this flag.
122MAP_REGEX Regular Expression support. You will need to use an
123 operating system which comes with the POSIX regex()
124 routines or install a regexp library such as libregex from
125 the Free Software Foundation.
126DNSMAP DNS map support. Requires NAMED_BIND.
127PH_MAP PH map support. You will need the libphclient library from
128 the nph package (http://www-dev.cites.uiuc.edu/ph/nph/).
129MAP_NSD nsd map support (IRIX 6.5 and later).
130SOCKETMAP Support for a trivial query protocol over UNIX domain or TCP
131 sockets.
132
133>>> NOTE WELL for NEWDB support: If you want to get ndbm support, for
134>>> Berkeley DB versions under 2.0, it is CRITICAL that you remove
135>>> ndbm.o from libdb.a before you install it and DO NOT install ndbm.h;
136>>> for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a
137>>> before you install it. If you don't delete these, there is absolutely
138>>> no point to including -DNDBM, since it will just get you another
139>>> (inferior) API to the same format database. These files OVERRIDE
140>>> calls to ndbm routines -- in particular, if you leave ndbm.h in,
141>>> you can find yourself using the new db package even if you don't
142>>> define NEWDB. Berkeley DB versions later than 2.3.14 do not need
143>>> to be modified. Please also consult the README in the top level
144>>> directory of the sendmail distribution for other important information.
145>>>
146>>> Further note: DO NOT remove your existing /usr/include/ndbm.h --
147>>> you need that one. But do not install an updated ndbm.h in
148>>> /usr/include, /usr/local/include, or anywhere else.
149
150If NEWDB and NDBM are defined (but not NIS), then sendmail will read
151NDBM format alias files, but the next time a newaliases is run the
152format will be converted to NEWDB; that format will be used forever
153more. This is intended as a transition feature.
154
155If NEWDB, NDBM, and NIS are all defined and the name of the file includes
156the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format
157alias files. However, it will only read the NEWDB file; the NDBM format
158file is used only by the NIS subsystem. This is needed because the NIS
159maps on an NIS server are built directly from the NDBM files.
160
161If NDBM and NIS are defined (regardless of the definition of NEWDB),
162and the filename includes the string "/yp/", sendmail adds the special
163tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
164required if the NDBM file is to be used as an NIS map.
165
166All of these flags are normally defined in a confMAPDEF setting in your
167site.config.m4.
168
169If you define NEWDB or HESIOD you get the User Database (USERDB)
170automatically. Generally you do want to have NEWDB for it to do
171anything interesting. See above for getting the Berkeley DB
172package (i.e., NEWDB). There is no separate "user database"
173package -- don't bother searching for it on the net.
174
175Hesiod and LDAP require libraries that may not be installed with your
176system. These are outside of my ability to provide support. See the
177"Quirks" section for more information.
178
179The regex map can be used to see if an address matches a certain regular
180expression. For example, all-numerics local parts are common spam
181addresses, so "^[0-9]+$" would match this. By using such a map in a
182check_* rule-set, you can block a certain range of addresses that would
183otherwise be considered valid.
184
185The socket map uses a simple request/reply protocol over TCP or
186UNIX domain sockets to query an external server. Both requests and
187replies are text based and encoded as netstrings. The socket map
188uses the same syntax as milters the specify the remote endpoint,
189e.g.:
190
191Ksocket mySocketMap inet:12345@127.0.0.1
192
193See doc/op/op.me for details.
194
195+---------------+
196| COMPILE FLAGS |
197+---------------+
198
199Wherever possible, I try to make sendmail pull in the correct
200compilation options needed to compile on various environments based on
201automatically defined symbols. Some machines don't seem to have useful
202symbols available, requiring that a compilation flag be defined in
203the Makefile; see the devtools/OS subdirectory for the supported
204architectures.
205
206If you are a system to which sendmail has already been ported you
207should not have to touch the following symbols. But if you are porting,
208you may have to tweak the following compilation flags in conf.h in order
209to get it to compile and link properly:
210
211SYSTEM5 Adjust for System V (not necessarily Release 4).
212SYS5SIGNALS Use System V signal semantics -- the signal handler
213 is automatically dropped when the signal is caught.
214 If this is not set, use POSIX/BSD semantics, where the
215 signal handler stays in force until an exec or an
216 explicit delete. Implied by SYSTEM5.
217SYS5SETPGRP Use System V setpgrp() semantics. Implied by SYSTEM5.
218HASNICE Define this to zero if you lack the nice(2) system call.
219HASRRESVPORT Define this to zero if you lack the rresvport(3) system call.
220HASFCHMOD Define this to one if you have the fchmod(2) system call.
221 This improves security.
222HASFCHOWN Define this to one if you have the fchown(2) system call.
223 This is required for the TrustedUser option if sendmail
224 must rebuild an (alias) map.
225HASFLOCK Set this if you prefer to use the flock(2) system call
226 rather than using fcntl-based locking. Fcntl locking
227 has some semantic gotchas, but many vendor systems
228 also interface it to lockd(8) to do NFS-style locking.
229 Unfortunately, may vendors implementations of fcntl locking
230 is just plain broken (e.g., locks are never released,
231 causing your sendmail to deadlock; when the kernel runs
232 out of locks your system crashes). For this reason, I
233 recommend always defining this unless you are absolutely
234 certain that your fcntl locking implementation really works.
235HASUNAME Set if you have the "uname" system call. Implied by
236 SYSTEM5.
237HASUNSETENV Define this if your system library has the "unsetenv"
238 subroutine.
239HASSETSID Define this if you have the setsid(2) system call. This
240 is implied if your system appears to be POSIX compliant.
241HASINITGROUPS Define this if you have the initgroups(3) routine.
242HASSETVBUF Define this if you have the setvbuf(3) library call.
243 If you don't, setlinebuf will be used instead. This
244 defaults on if your compiler defines __STDC__.
245HASSETREUID Define this if you have setreuid(2) ***AND*** root can
246 use setreuid to change to an arbitrary user. This second
247 condition is not satisfied on AIX 3.x. You may find that
248 your system has setresuid(2), (for example, on HP-UX) in
249 which case you will also have to #define setreuid(r, e)
250 to be the appropriate call. Some systems (such as Solaris)
251 have a compatibility routine that doesn't work properly,
252 but may have "saved user ids" properly implemented so you
253 can ``#define setreuid(r, e) seteuid(e)'' and have it work.
254 The important thing is that you have a call that will set
255 the effective uid independently of the real or saved uid
256 and be able to set the effective uid back again when done.
257 There's a test program in ../test/t_setreuid.c that will
258 try things on your system. Setting this improves the
259 security, since sendmail doesn't have to read .forward
260 and :include: files as root. There are certain attacks
261 that may be unpreventable without this call.
262USESETEUID Define this to 1 if you have a seteuid(2) system call that
263 will allow root to set only the effective user id to an
264 arbitrary value ***AND*** you have saved user ids. This is
265 preferable to HASSETREUID if these conditions are fulfilled.
266 These are the semantics of the to-be-released revision of
267 Posix.1. The test program ../test/t_seteuid.c will try
268 this out on your system. If you define both HASSETREUID
269 and USESETEUID, the former is ignored.
270HASSETEGID Define this if you have setegid(2) and it can be
271 used to set the saved gid. Please run t_dropgid in
272 test/ if you are not sure whether the call works.
273HASSETREGID Define this if you have setregid(2) and it can be
274 used to set the saved gid. Please run t_dropgid in
275 test/ if you are not sure whether the call works.
276HASSETRESGID Define this if you have setresgid(2) and it can be
277 used to set the saved gid. Please run t_dropgid in
278 test/ if you are not sure whether the call works.
279HASLSTAT Define this if you have symbolic links (and thus the
280 lstat(2) system call). This improves security. Unlike
281 most other options, this one is on by default, so you
282 need to #undef it in conf.h if you don't have symbolic
283 links (these days everyone does).
284HASSETRLIMIT Define this to 1 if you have the setrlimit(2) syscall.
285 You can define it to 0 to force it off. It is assumed
286 if you are running a BSD-like system.
287HASULIMIT Define this if you have the ulimit(2) syscall (System V
288 style systems). HASSETRLIMIT overrides, as it is more
289 general.
290HASWAITPID Define this if you have the waitpid(2) syscall.
291HASGETDTABLESIZE
292 Define this if you have the getdtablesize(2) syscall.
293HAS_ST_GEN Define this to 1 if your system has the st_gen field in
294 the stat structure (see stat(2)).
295HASSRANDOMDEV Define this if your system has the srandomdev(3) function
296 call.
297HASURANDOMDEV Define this if your system has /dev/urandom(4).
298HASSTRERROR Define this if you have the libc strerror(3) function (which
299 should be declared in <errno.h>), and it should be used
300 instead of sys_errlist.
301HASCLOSEFROM Define this if your system has closefrom(3).
302HASFDWALK Define this if your system has fdwalk(3).
303SM_CONF_GETOPT Define this as 0 if you need a reimplementation of getopt(3).
304 On some systems, getopt does very odd things if called
305 to scan the arguments twice. This flag will ask sendmail
306 to compile in a local version of getopt that works
307 properly. You may also need this if you build with
308 another library that introduces a non-standard getopt(3).
309NEEDSTRTOL Define this if your standard C library does not define
310 strtol(3). This will compile in a local version.
311NEEDFSYNC Define this if your standard C library does not define
312 fsync(2). This will try to simulate the operation using
313 fcntl(2); if that is not available it does nothing, which
314 isn't great, but at least it compiles and runs.
315HASGETUSERSHELL Define this to 1 if you have getusershell(3) in your
316 standard C library. If this is not defined, or is defined
317 to be 0, sendmail will scan the /etc/shells file (no
318 NIS-style support, defaults to /bin/sh and /bin/csh if
319 that file does not exist) to get a list of unrestricted
320 user shells. This is used to determine whether users
321 are allowed to forward their mail to a program or a file.
322NEEDPUTENV Define this if your system needs am emulation of the
323 putenv(3) call. Define to 1 to implement it in terms
324 of setenv(3) or to 2 to do it in terms of primitives.
325NOFTRUNCATE Define this if you don't have the ftruncate(2) syscall.
326 If you don't have this system call, there is an unavoidable
327 race condition that occurs when creating alias databases.
328GIDSET_T The type of entries in a gidset passed as the second
329 argument to getgroups(2). Historically this has been an
330 int, so this is the default, but some systems (such as
331 IRIX) pass it as a gid_t, which is an unsigned short.
332 This will make a difference, so it is important to get
333 this right! However, it is only an issue if you have
334 group sets.
335SLEEP_T The type returned by the system sleep() function.
336 Defaults to "unsigned int". Don't worry about this
337 if you don't have compilation problems.
338ARBPTR_T The type of an arbitrary pointer -- defaults to "void *".
339 If you are an very old compiler you may need to define
340 this to be "char *".
341SOCKADDR_LEN_T The type used for the third parameter to accept(2),
342 getsockname(2), and getpeername(2), representing the
343 length of a struct sockaddr. Defaults to int.
344SOCKOPT_LEN_T The type used for the fifth parameter to getsockopt(2)
345 and setsockopt(2), representing the length of the option
346 buffer. Defaults to int.
347LA_TYPE The type of load average your kernel supports. These
348 can be one of:
349 LA_ZERO (1) -- it always returns the load average as
350 "zero" (and does so on all architectures).
351 LA_INT (2) to read /dev/kmem for the symbol avenrun and
352 interpret as a long integer.
353 LA_FLOAT (3) same, but interpret the result as a floating
354 point number.
355 LA_SHORT (6) to interpret as a short integer.
356 LA_SUBR (4) if you have the getloadavg(3) routine in your
357 system library.
358 LA_MACH (5) to use MACH-style load averages (calls
359 processor_set_info()),
360 LA_PROCSTR (7) to read /proc/loadavg and interpret it
361 as a string representing a floating-point
362 number (Linux-style).
363 LA_READKSYM (8) is an implementation suitable for some
364 versions of SVr4 that uses the MIOC_READKSYM ioctl
365 call to read /dev/kmem.
366 LA_DGUX (9) is a special implementation for DG/UX that uses
367 the dg_sys_info system call.
368 LA_HPUX (10) is an HP-UX specific version that uses the
369 pstat_getdynamic system call.
370 LA_IRIX6 (11) is an IRIX 6.x specific version that adapts
371 to 32 or 64 bit kernels; it is otherwise very similar
372 to LA_INT.
373 LA_KSTAT (12) uses the (Solaris-specific) kstat(3k)
374 implementation.
375 LA_DEVSHORT (13) reads a short from a system file (default:
376 /dev/table/avenrun) and scales it in the same manner
377 as LA_SHORT.
| 13#
14
15This directory contains the source files for sendmail(TM).
16
17 *******************************************************************
18 !! Read sendmail/SECURITY for important installation information !!
19 *******************************************************************
20
21 **********************************************************
22 ** Read below for more details on building sendmail. **
23 **********************************************************
24
25**************************************************************************
26** IMPORTANT: Read the appropriate paragraphs in the section on **
27** ``Operating System and Compile Quirks''. **
28**************************************************************************
29
30For detailed instructions, please read the document ../doc/op/op.me:
31
32 cd ../doc/op ; make op.ps op.txt
33
34Sendmail is a trademark of Sendmail, Inc.
35
36
37+-------------------+
38| BUILDING SENDMAIL |
39+-------------------+
40
41By far, the easiest way to compile sendmail is to use the "Build"
42script:
43
44 sh Build
45
46This uses the "uname" command to figure out what architecture you are
47on and creates a proper Makefile accordingly. It also creates a
48subdirectory per object format, so that multiarchitecture support is
49easy. In general this should be all you need. IRIX 6.x users should
50read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section.
51
52If you need to look at other include or library directories, use the
53-I or -L flags on the command line, e.g.,
54
55 sh Build -I/usr/sww/include -L/usr/sww/lib
56
57It's also possible to create local site configuration in the file
58site.config.m4 (or another file settable with the -f flag). This
59file contains M4 definitions for various compilation values; the
60most useful are:
61
62confMAPDEF -D flags to specify database types to be included
63 (see below)
64confENVDEF -D flags to specify other environment information
65confINCDIRS -I flags for finding include files during compilation
66confLIBDIRS -L flags for finding libraries during linking
67confLIBS -l flags for selecting libraries during linking
68confLDOPTS other ld(1) linker options
69
70Others can be found by examining Makefile.m4. Please read
71../devtools/README for more information about the site.config.m4
72file.
73
74You can recompile from scratch using the -c flag with the Build
75command. This removes the existing compilation directory for the
76current platform and builds a new one. The -c flag must also
77be used if any site.*.m4 file in devtools/Site/ is changed.
78
79Porting to a new Unix-based system should be a matter of creating
80an appropriate configuration file in the devtools/OS/ directory.
81
82
83+----------------------+
84| DATABASE DEFINITIONS |
85+----------------------+
86
87There are several database formats that can be used for the alias files
88and for general maps. When used for alias files they interact in an
89attempt to be backward compatible.
90
91The options are:
92
93NEWDB The new Berkeley DB package. Some systems (e.g., BSD/OS and
94 Digital UNIX 4.0) have some version of this package
95 pre-installed. If your system does not have Berkeley DB
96 pre-installed, or the version installed is not version 2.0
97 or greater (e.g., is Berkeley DB 1.85 or 1.86), get the
98 current version from http://www.sleepycat.com/. DO NOT
99 use a version from any of the University of California,
100 Berkeley "Net" or other distributions. If you are still
101 running BSD/386 1.x, you will need to upgrade the included
102 Berkeley DB library to a current version. NEWDB is included
103 automatically if the Build script can find a library named
104 libdb.a or libdb.so.
105 See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley
106 DB versions, e.g., DB 4.1.x.
107NDBM The older NDBM implementation -- the very old V7 DBM
108 implementation is no longer supported.
109NIS Network Information Services. To use this you must have
110 NIS support on your system.
111NISPLUS NIS+ (the revised NIS released with Solaris 2). You must
112 have NIS+ support on your system to use this flag.
113HESIOD Support for Hesiod (from the DEC/Athena distribution). You
114 must already have Hesiod support on your system for this to
115 work. You may be able to get this to work with the MIT/Athena
116 version of Hesiod, but that's likely to be a lot of work.
117 BIND 8.X also includes Hesiod support.
118LDAPMAP Lightweight Directory Access Protocol support. You will
119 have to install the UMich or OpenLDAP
120 (http://www.openldap.org/) ldap and lber libraries to use
121 this flag.
122MAP_REGEX Regular Expression support. You will need to use an
123 operating system which comes with the POSIX regex()
124 routines or install a regexp library such as libregex from
125 the Free Software Foundation.
126DNSMAP DNS map support. Requires NAMED_BIND.
127PH_MAP PH map support. You will need the libphclient library from
128 the nph package (http://www-dev.cites.uiuc.edu/ph/nph/).
129MAP_NSD nsd map support (IRIX 6.5 and later).
130SOCKETMAP Support for a trivial query protocol over UNIX domain or TCP
131 sockets.
132
133>>> NOTE WELL for NEWDB support: If you want to get ndbm support, for
134>>> Berkeley DB versions under 2.0, it is CRITICAL that you remove
135>>> ndbm.o from libdb.a before you install it and DO NOT install ndbm.h;
136>>> for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a
137>>> before you install it. If you don't delete these, there is absolutely
138>>> no point to including -DNDBM, since it will just get you another
139>>> (inferior) API to the same format database. These files OVERRIDE
140>>> calls to ndbm routines -- in particular, if you leave ndbm.h in,
141>>> you can find yourself using the new db package even if you don't
142>>> define NEWDB. Berkeley DB versions later than 2.3.14 do not need
143>>> to be modified. Please also consult the README in the top level
144>>> directory of the sendmail distribution for other important information.
145>>>
146>>> Further note: DO NOT remove your existing /usr/include/ndbm.h --
147>>> you need that one. But do not install an updated ndbm.h in
148>>> /usr/include, /usr/local/include, or anywhere else.
149
150If NEWDB and NDBM are defined (but not NIS), then sendmail will read
151NDBM format alias files, but the next time a newaliases is run the
152format will be converted to NEWDB; that format will be used forever
153more. This is intended as a transition feature.
154
155If NEWDB, NDBM, and NIS are all defined and the name of the file includes
156the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format
157alias files. However, it will only read the NEWDB file; the NDBM format
158file is used only by the NIS subsystem. This is needed because the NIS
159maps on an NIS server are built directly from the NDBM files.
160
161If NDBM and NIS are defined (regardless of the definition of NEWDB),
162and the filename includes the string "/yp/", sendmail adds the special
163tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
164required if the NDBM file is to be used as an NIS map.
165
166All of these flags are normally defined in a confMAPDEF setting in your
167site.config.m4.
168
169If you define NEWDB or HESIOD you get the User Database (USERDB)
170automatically. Generally you do want to have NEWDB for it to do
171anything interesting. See above for getting the Berkeley DB
172package (i.e., NEWDB). There is no separate "user database"
173package -- don't bother searching for it on the net.
174
175Hesiod and LDAP require libraries that may not be installed with your
176system. These are outside of my ability to provide support. See the
177"Quirks" section for more information.
178
179The regex map can be used to see if an address matches a certain regular
180expression. For example, all-numerics local parts are common spam
181addresses, so "^[0-9]+$" would match this. By using such a map in a
182check_* rule-set, you can block a certain range of addresses that would
183otherwise be considered valid.
184
185The socket map uses a simple request/reply protocol over TCP or
186UNIX domain sockets to query an external server. Both requests and
187replies are text based and encoded as netstrings. The socket map
188uses the same syntax as milters the specify the remote endpoint,
189e.g.:
190
191Ksocket mySocketMap inet:12345@127.0.0.1
192
193See doc/op/op.me for details.
194
195+---------------+
196| COMPILE FLAGS |
197+---------------+
198
199Wherever possible, I try to make sendmail pull in the correct
200compilation options needed to compile on various environments based on
201automatically defined symbols. Some machines don't seem to have useful
202symbols available, requiring that a compilation flag be defined in
203the Makefile; see the devtools/OS subdirectory for the supported
204architectures.
205
206If you are a system to which sendmail has already been ported you
207should not have to touch the following symbols. But if you are porting,
208you may have to tweak the following compilation flags in conf.h in order
209to get it to compile and link properly:
210
211SYSTEM5 Adjust for System V (not necessarily Release 4).
212SYS5SIGNALS Use System V signal semantics -- the signal handler
213 is automatically dropped when the signal is caught.
214 If this is not set, use POSIX/BSD semantics, where the
215 signal handler stays in force until an exec or an
216 explicit delete. Implied by SYSTEM5.
217SYS5SETPGRP Use System V setpgrp() semantics. Implied by SYSTEM5.
218HASNICE Define this to zero if you lack the nice(2) system call.
219HASRRESVPORT Define this to zero if you lack the rresvport(3) system call.
220HASFCHMOD Define this to one if you have the fchmod(2) system call.
221 This improves security.
222HASFCHOWN Define this to one if you have the fchown(2) system call.
223 This is required for the TrustedUser option if sendmail
224 must rebuild an (alias) map.
225HASFLOCK Set this if you prefer to use the flock(2) system call
226 rather than using fcntl-based locking. Fcntl locking
227 has some semantic gotchas, but many vendor systems
228 also interface it to lockd(8) to do NFS-style locking.
229 Unfortunately, may vendors implementations of fcntl locking
230 is just plain broken (e.g., locks are never released,
231 causing your sendmail to deadlock; when the kernel runs
232 out of locks your system crashes). For this reason, I
233 recommend always defining this unless you are absolutely
234 certain that your fcntl locking implementation really works.
235HASUNAME Set if you have the "uname" system call. Implied by
236 SYSTEM5.
237HASUNSETENV Define this if your system library has the "unsetenv"
238 subroutine.
239HASSETSID Define this if you have the setsid(2) system call. This
240 is implied if your system appears to be POSIX compliant.
241HASINITGROUPS Define this if you have the initgroups(3) routine.
242HASSETVBUF Define this if you have the setvbuf(3) library call.
243 If you don't, setlinebuf will be used instead. This
244 defaults on if your compiler defines __STDC__.
245HASSETREUID Define this if you have setreuid(2) ***AND*** root can
246 use setreuid to change to an arbitrary user. This second
247 condition is not satisfied on AIX 3.x. You may find that
248 your system has setresuid(2), (for example, on HP-UX) in
249 which case you will also have to #define setreuid(r, e)
250 to be the appropriate call. Some systems (such as Solaris)
251 have a compatibility routine that doesn't work properly,
252 but may have "saved user ids" properly implemented so you
253 can ``#define setreuid(r, e) seteuid(e)'' and have it work.
254 The important thing is that you have a call that will set
255 the effective uid independently of the real or saved uid
256 and be able to set the effective uid back again when done.
257 There's a test program in ../test/t_setreuid.c that will
258 try things on your system. Setting this improves the
259 security, since sendmail doesn't have to read .forward
260 and :include: files as root. There are certain attacks
261 that may be unpreventable without this call.
262USESETEUID Define this to 1 if you have a seteuid(2) system call that
263 will allow root to set only the effective user id to an
264 arbitrary value ***AND*** you have saved user ids. This is
265 preferable to HASSETREUID if these conditions are fulfilled.
266 These are the semantics of the to-be-released revision of
267 Posix.1. The test program ../test/t_seteuid.c will try
268 this out on your system. If you define both HASSETREUID
269 and USESETEUID, the former is ignored.
270HASSETEGID Define this if you have setegid(2) and it can be
271 used to set the saved gid. Please run t_dropgid in
272 test/ if you are not sure whether the call works.
273HASSETREGID Define this if you have setregid(2) and it can be
274 used to set the saved gid. Please run t_dropgid in
275 test/ if you are not sure whether the call works.
276HASSETRESGID Define this if you have setresgid(2) and it can be
277 used to set the saved gid. Please run t_dropgid in
278 test/ if you are not sure whether the call works.
279HASLSTAT Define this if you have symbolic links (and thus the
280 lstat(2) system call). This improves security. Unlike
281 most other options, this one is on by default, so you
282 need to #undef it in conf.h if you don't have symbolic
283 links (these days everyone does).
284HASSETRLIMIT Define this to 1 if you have the setrlimit(2) syscall.
285 You can define it to 0 to force it off. It is assumed
286 if you are running a BSD-like system.
287HASULIMIT Define this if you have the ulimit(2) syscall (System V
288 style systems). HASSETRLIMIT overrides, as it is more
289 general.
290HASWAITPID Define this if you have the waitpid(2) syscall.
291HASGETDTABLESIZE
292 Define this if you have the getdtablesize(2) syscall.
293HAS_ST_GEN Define this to 1 if your system has the st_gen field in
294 the stat structure (see stat(2)).
295HASSRANDOMDEV Define this if your system has the srandomdev(3) function
296 call.
297HASURANDOMDEV Define this if your system has /dev/urandom(4).
298HASSTRERROR Define this if you have the libc strerror(3) function (which
299 should be declared in <errno.h>), and it should be used
300 instead of sys_errlist.
301HASCLOSEFROM Define this if your system has closefrom(3).
302HASFDWALK Define this if your system has fdwalk(3).
303SM_CONF_GETOPT Define this as 0 if you need a reimplementation of getopt(3).
304 On some systems, getopt does very odd things if called
305 to scan the arguments twice. This flag will ask sendmail
306 to compile in a local version of getopt that works
307 properly. You may also need this if you build with
308 another library that introduces a non-standard getopt(3).
309NEEDSTRTOL Define this if your standard C library does not define
310 strtol(3). This will compile in a local version.
311NEEDFSYNC Define this if your standard C library does not define
312 fsync(2). This will try to simulate the operation using
313 fcntl(2); if that is not available it does nothing, which
314 isn't great, but at least it compiles and runs.
315HASGETUSERSHELL Define this to 1 if you have getusershell(3) in your
316 standard C library. If this is not defined, or is defined
317 to be 0, sendmail will scan the /etc/shells file (no
318 NIS-style support, defaults to /bin/sh and /bin/csh if
319 that file does not exist) to get a list of unrestricted
320 user shells. This is used to determine whether users
321 are allowed to forward their mail to a program or a file.
322NEEDPUTENV Define this if your system needs am emulation of the
323 putenv(3) call. Define to 1 to implement it in terms
324 of setenv(3) or to 2 to do it in terms of primitives.
325NOFTRUNCATE Define this if you don't have the ftruncate(2) syscall.
326 If you don't have this system call, there is an unavoidable
327 race condition that occurs when creating alias databases.
328GIDSET_T The type of entries in a gidset passed as the second
329 argument to getgroups(2). Historically this has been an
330 int, so this is the default, but some systems (such as
331 IRIX) pass it as a gid_t, which is an unsigned short.
332 This will make a difference, so it is important to get
333 this right! However, it is only an issue if you have
334 group sets.
335SLEEP_T The type returned by the system sleep() function.
336 Defaults to "unsigned int". Don't worry about this
337 if you don't have compilation problems.
338ARBPTR_T The type of an arbitrary pointer -- defaults to "void *".
339 If you are an very old compiler you may need to define
340 this to be "char *".
341SOCKADDR_LEN_T The type used for the third parameter to accept(2),
342 getsockname(2), and getpeername(2), representing the
343 length of a struct sockaddr. Defaults to int.
344SOCKOPT_LEN_T The type used for the fifth parameter to getsockopt(2)
345 and setsockopt(2), representing the length of the option
346 buffer. Defaults to int.
347LA_TYPE The type of load average your kernel supports. These
348 can be one of:
349 LA_ZERO (1) -- it always returns the load average as
350 "zero" (and does so on all architectures).
351 LA_INT (2) to read /dev/kmem for the symbol avenrun and
352 interpret as a long integer.
353 LA_FLOAT (3) same, but interpret the result as a floating
354 point number.
355 LA_SHORT (6) to interpret as a short integer.
356 LA_SUBR (4) if you have the getloadavg(3) routine in your
357 system library.
358 LA_MACH (5) to use MACH-style load averages (calls
359 processor_set_info()),
360 LA_PROCSTR (7) to read /proc/loadavg and interpret it
361 as a string representing a floating-point
362 number (Linux-style).
363 LA_READKSYM (8) is an implementation suitable for some
364 versions of SVr4 that uses the MIOC_READKSYM ioctl
365 call to read /dev/kmem.
366 LA_DGUX (9) is a special implementation for DG/UX that uses
367 the dg_sys_info system call.
368 LA_HPUX (10) is an HP-UX specific version that uses the
369 pstat_getdynamic system call.
370 LA_IRIX6 (11) is an IRIX 6.x specific version that adapts
371 to 32 or 64 bit kernels; it is otherwise very similar
372 to LA_INT.
373 LA_KSTAT (12) uses the (Solaris-specific) kstat(3k)
374 implementation.
375 LA_DEVSHORT (13) reads a short from a system file (default:
376 /dev/table/avenrun) and scales it in the same manner
377 as LA_SHORT.
|
378 LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several
379 other parameters that they try to divine: the name of your
380 kernel, the name of the variable in the kernel to examine,
381 the number of bits of precision in a fixed point load average,
382 and so forth. LA_DEVSHORT uses _PATH_AVENRUN to find the
383 device to be read to find the load average.
384 In desperation, use LA_ZERO. The actual code is in
385 conf.c -- it can be tweaked if you are brave.
386FSHIFT For LA_INT, LA_SHORT, and LA_READKSYM, this is the number
387 of bits of load average after the binary point -- i.e.,
388 the number of bits to shift right in order to scale the
389 integer to get the true integer load average. Defaults to 8.
390_PATH_UNIX The path to your kernel. Needed only for LA_INT, LA_SHORT,
391 and LA_FLOAT. Defaults to "/unix" on System V, "/vmunix"
392 everywhere else.
393LA_AVENRUN For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel
394 variable that holds the load average. Defaults to "avenrun"
395 on System V, "_avenrun" everywhere else.
396SFS_TYPE Encodes how your kernel can locate the amount of free
397 space on a disk partition. This can be set to SFS_NONE
398 (0) if you have no way of getting this information,
399 SFS_USTAT (1) if you have the ustat(2) system call,
400 SFS_4ARGS (2) if you have a four-argument statfs(2)
401 system call (and the include file is <sys/statfs.h>),
402 SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have
403 the two-argument statfs(2) system call with includes in
404 <sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively,
405 or SFS_STATVFS (6) if you have the two-argument statvfs(2)
406 call. The default if nothing is defined is SFS_NONE.
407SFS_BAVAIL with SFS_4ARGS you can also set SFS_BAVAIL to the field name
408 in the statfs structure that holds the useful information;
409 this defaults to f_bavail.
410SPT_TYPE Encodes how your system can display what a process is doing
411 on a ps(1) command (SPT stands for Set Process Title). Can
412 be set to:
413 SPT_NONE (0) -- Don't try to set the process title at all.
414 SPT_REUSEARGV (1) -- Pad out your argv with the information;
415 this is the default if none specified.
416 SPT_BUILTIN (2) -- The system library has setproctitle.
417 SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2)
418 to set the process title; this is used by HP-UX.
419 SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD).
420 SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6.
421 SPT_SCO (6) -- Write kernel u. area.
422 SPT_CHANGEARGV (7) -- Write pointers to our own strings into
423 the existing argv vector.
424SPT_PADCHAR Character used to pad the process title; if undefined,
425 the space character (0x20) is used. This is ignored if
426 SPT_TYPE != SPT_REUSEARGV
427ERRLIST_PREDEFINED
428 If set, assumes that some header file defines sys_errlist.
429 This may be needed if you get type conflicts on this
430 variable -- otherwise don't worry about it.
431WAITUNION The wait(2) routine takes a "union wait" argument instead
432 of an integer argument. This is for compatibility with
433 old versions of BSD.
434SCANF You can set this to extend the F command to accept a
435 scanf string -- this gives you a primitive parser for
436 class definitions -- BUT it can make you vulnerable to
437 core dumps if the target file is poorly formed.
438SYSLOG_BUFSIZE You can define this to be the size of the buffer that
439 syslog accepts. If it is not defined, it assumes a
440 1024-byte buffer. If the buffer is very small (under
441 256 bytes) the log message format changes -- each
442 e-mail message will log many more messages, since it
443 will log each piece of information as a separate line
444 in syslog.
445BROKEN_RES_SEARCH
446 On Ultrix (and maybe other systems?) if you use the
447 res_search routine with an unknown host name, it returns
448 -1 but sets h_errno to 0 instead of HOST_NOT_FOUND. If
449 you set this, sendmail considers 0 to be the same as
450 HOST_NOT_FOUND.
451NAMELISTMASK If defined, values returned by nlist(3) are masked
452 against this value before use -- a common value is
453 0x7fffffff to strip off the top bit.
454BSD4_4_SOCKADDR If defined, socket addresses have an sa_len field that
455 defines the length of this address.
456SAFENFSPATHCONF Set this to 1 if and only if you have verified that a
457 pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an
458 NFS filesystem where the underlying system allows users to
459 give away files to other users returns <= 0. Be sure you
460 try both on NFS V2 and V3. Some systems assume that their
461 local policy apply to NFS servers -- this is a bad
462 assumption! The test/t_pathconf.c program will try this
463 for you -- you have to run it in a directory that is
464 mounted from a server that allows file giveaway.
465SIOCGIFCONF_IS_BROKEN
466 Set this if your system has an SIOCGIFCONF ioctl defined,
467 but it doesn't behave the same way as "most" systems (BSD,
468 Solaris, SunOS, HP-UX, etc.)
469SIOCGIFNUM_IS_BROKEN
470 Set this if your system has an SIOCGIFNUM ioctl defined,
471 but it doesn't behave the same way as "most" systems
472 (Solaris, HP-UX).
473FAST_PID_RECYCLE
474 Set this if your system can reuse the same PID in the same
475 second.
476SO_REUSEADDR_IS_BROKEN
477 Set this if your system has a setsockopt() SO_REUSEADDR
478 flag but doesn't pay attention to it when trying to bind a
479 socket to a recently closed port.
480NEEDSGETIPNODE Set this if your system supports IPv6 but doesn't include
481 the getipnodeby{name,addr}() functions. Set automatically
482 for Linux's glibc.
483PIPELINING Support SMTP PIPELINING (set by default).
484USING_NETSCAPE_LDAP
485 Deprecated in favor of SM_CONF_LDAP_MEMFREE. See
486 libsm/README.
487NEEDLINK Set this if your system doesn't have a link() call. It
488 will create a copy of the file instead of a hardlink.
489USE_ENVIRON Set this to 1 to access process environment variables from
490 the external variable environ instead of the third
491 parameter of main().
492USE_DOUBLE_FORK By default this is on (1). Set it to 0 to suppress the
493 extra fork() used to avoid intermediate zombies.
494ALLOW_255 Do not convert (char)0xff to (char)0x7f in headers etc.
495 This can also be done at runtime with the command line
496 option -d82.101.
497NEEDINTERRNO Set this if <errno.h> does not declare errno, i.e., if an
498 application needs to use
499 extern int errno;
500USE_TTYPATH Set this to 1 to enable ErrorMode=write.
501USESYSCTL Use sysctl(3) to determine the number of CPUs in a system.
502
503
504+-----------------------+
505| COMPILE-TIME FEATURES |
506+-----------------------+
507
508There are a bunch of features that you can decide to compile in, such
509as selecting various database packages and special protocol support.
510Several are assumed based on other compilation flags -- if you want to
511"un-assume" something, you probably need to edit conf.h. Compilation
512flags that add support for special features include:
513
514NDBM Include support for "new" DBM library for aliases and maps.
515 Normally defined in the Makefile.
516NEWDB Include support for Berkeley DB package (hash & btree)
517 for aliases and maps. Normally defined in the Makefile.
518 If the version of NEWDB you have is the old one that does
519 not include the "fd" call (this call was added in version
520 1.5 of the Berkeley DB code), you must upgrade to the
521 current version of Berkeley DB.
522NIS Define this to get NIS (YP) support for aliases and maps.
523 Normally defined in the Makefile.
524NISPLUS Define this to get NIS+ support for aliases and maps.
525 Normally defined in the Makefile.
526HESIOD Define this to get Hesiod support for aliases and maps.
527 Normally defined in the Makefile.
528NETINFO Define this to get NeXT NetInfo support for aliases and maps.
529 Normally defined in the Makefile.
530LDAPMAP Define this to get LDAP support for maps.
531PH_MAP Define this to get PH support for maps.
532MAP_NSD Define this to get nsd support for maps.
533USERDB Define this to 1 to include support for the User Information
534 Database. Implied by NEWDB or HESIOD. You can use
535 -DUSERDB=0 to explicitly turn it off.
536IDENTPROTO Define this as 1 to get IDENT (RFC 1413) protocol support.
537 This is assumed unless you are running on Ultrix or
538 HP-UX, both of which have a problem in the UDP
539 implementation. You can define it to be 0 to explicitly
540 turn off IDENT protocol support. If defined off, the code
541 is actually still compiled in, but it defaults off; you
542 can turn it on by setting the IDENT timeout in the
543 configuration file.
544IP_SRCROUTE Define this to 1 to get IP source routing information
545 displayed in the Received: header. This is assumed on
546 most systems, but some (e.g., Ultrix) apparently have a
547 broken version of getsockopt that doesn't properly
548 support the IP_OPTIONS call. You probably want this if
549 your OS can cope with it. Symptoms of failure will be that
550 it won't compile properly (that is, no support for fetching
551 IP_OPTIONs), or it compiles but source-routed TCP connections
552 either refuse to open or open and hang for no apparent reason.
553 Ultrix and AIX3 are known to fail this way.
554LOG Set this to get syslog(3) support. Defined by default
555 in conf.h. You want this if at all possible.
556NETINET Set this to get TCP/IP support. Defined by default
557 in conf.h. You probably want this.
558NETINET6 Set this to get IPv6 support. Other configuration may
559 be needed in conf.h for your particular operating system.
560 Also, DaemonPortOptions must be set appropriately for
561 sendmail to accept IPv6 connections.
562NETISO Define this to get ISO networking support.
563NETUNIX Define this to get Unix domain networking support. Defined
564 by default. A few bizarre systems (SCO, ISC, Altos) don't
565 support this networking domain.
566NETNS Define this to get NS networking support.
567NETX25 Define this to get X.25 networking support.
568NAMED_BIND If non-zero, include DNS (name daemon) support, including
569 MX support. The specs say you must use this if you run
570 SMTP. You don't have to be running a name server daemon
571 on your machine to need this -- any use of the DNS resolver,
572 including remote access to another machine, requires this
573 option. Defined by default in conf.h. Define it to zero
574 ONLY on machines that do not use DNS in any way.
575MATCHGECOS Permit fuzzy matching of user names against the full
576 name (GECOS) field in the /etc/passwd file. This should
577 probably be on, since you can disable it from the config
578 file if you want to. Defined by default in conf.h.
579MIME8TO7 If non-zero, include 8 to 7 bit MIME conversions. This
580 also controls advertisement of 8BITMIME in the ESMTP
581 startup dialogue.
582MIME7TO8_OLD If 0 then use an algorithm for MIME 7-bit quoted-printable
583 or base64 encoding to 8-bit text that has been introduced
584 in 8.12.3. There are some examples where that code fails,
585 but the old code works. If you have an example of improper
586 7 to 8 bit conversion please send it to sendmail-bugs.
587MIME7TO8 If non-zero, include 7 to 8 bit MIME conversions.
588HES_GETMAILHOST Define this to 1 if you are using Hesiod with the
589 hes_getmailhost() routine. This is included with the MIT
590 Hesiod distribution, but not with the DEC Hesiod distribution.
591XDEBUG Do additional internal checking. These don't cost too
592 much; you might as well leave this on.
593TCPWRAPPERS Turns on support for the TCP wrappers library (-lwrap).
594 See below for further information.
595SECUREWARE Enable calls to the SecureWare luid enabling/changing routines.
596 SecureWare is a C2 security package added to several UNIX's
597 (notably ConvexOS) to get a C2 Secure system. This
598 option causes mail delivery to be done with the luid of the
599 recipient.
600SHARE_V1 Support for the fair share scheduler, version 1. Setting to
601 1 causes final delivery to be done using the recipients
602 resource limitations. So far as I know, this is only
603 supported on ConvexOS.
604SASL Enables SMTP AUTH (RFC 2554). This requires the Cyrus SASL
605 library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/). Please
606 install at least version 1.5.13. See below for further
607 information: SASL COMPILATION AND CONFIGURATION. If your
608 SASL library is older than 1.5.10, you have to set this
609 to its version number using a simple conversion: a.b.c
610 -> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
611 Note: Using an older version than 1.5.5 of Cyrus SASL is
612 not supported. Starting with version 1.5.10, setting SASL=1
613 is sufficient. Any value other than 1 (or 0) will be
614 compared with the actual version found and if there is a
615 mismatch, compilation will fail.
616EGD Define this if your system has EGD installed, see
617 http://egd.sourceforge.net/ . It should be used to
618 seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
619STARTTLS Enables SMTP STARTTLS (RFC 2487). This requires OpenSSL
620 (http://www.OpenSSL.org/); use OpenSSL 0.9.5a or later
621 (if compatible with this version), do not use 0.9.3.
622 See STARTTLS COMPILATION AND CONFIGURATION for further
623 information.
624TLS_NO_RSA Turn off support for RSA algorithms in STARTTLS.
625MILTER Turn on support for external filters using the Milter API;
626 this option is set by default, to turn it off use
627 APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER=0')
628 in devtools/Site/site.config.m4 (see devtools/README).
629 See libmilter/README for more information about milter.
630REQUIRES_DIR_FSYNC Turn on support for file systems that require to
631 call fsync() for a directory if the meta-data in it has
632 been changed. This should be turned on at least for older
633 versions of ReiserFS; it is enabled by default for Linux.
634 According to some information this flag is not needed
635 anymore for kernel 2.4.16 and newer. We would appreciate
636 feedback about the semantics of the various file systems
637 available for Linux.
638 An alternative to this compile time flag is to mount the
639 queue directory without the -async option, or using
640 chattr +S on Linux.
641DBMMODE The default file permissions to use when creating new
642 database files for maps and aliases. Defaults to 0640.
643
644Generic notice: If you enable a compile time option that needs
645libraries or include files that don't come with sendmail or are
646installed in a location that your C compiler doesn't use by default
647you should set confINCDIRS and confLIBDIRS as explained in the
648first section: BUILDING SENDMAIL.
649
650
651+---------------------+
652| DNS/RESOLVER ISSUES |
653+---------------------+
654
655Many systems have old versions of the resolver library. At a minimum,
656you should be running BIND 4.8.3; older versions may compile, but they
657have known bugs that should give you pause.
658
659Common problems in old versions include "undefined" errors for
660dn_skipname.
661
662Some people have had a problem with BIND 4.9; it uses some routines
663that it expects to be externally defined such as strerror(). It may
664help to link with "-l44bsd" to solve this problem. This has apparently
665been fixed in later versions of BIND, starting around 4.9.3. In other
666words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or
667later versions, you do not.
668
669!PLEASE! be sure to link with the same version of the resolver as
670the header files you used -- some people have used the 4.9 headers
671and linked with BIND 4.8 or vice versa, and it doesn't work.
672Unfortunately, it doesn't fail in an obvious way -- things just
673subtly don't work.
674
675WILDCARD MX RECORDS ARE A BAD IDEA! The only situation in which they
676work reliably is if you have two versions of DNS, one in the real world
677which has a wildcard pointing to your firewall, and a completely
678different version of the database internally that does not include
679wildcard MX records that match your domain. ANYTHING ELSE WILL GIVE
680YOU HEADACHES!
681
682When attempting to canonify a hostname, some broken name servers will
683return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. If you
684want to excuse this behavior, include WorkAroundBrokenAAAA in
685ResolverOptions. However, instead, we recommend catching the problem and
686reporting it to the name server administrator so we can rid the world of
687broken name servers.
688
689
690+----------------------------------------+
691| STARTTLS COMPILATION AND CONFIGURATION |
692+----------------------------------------+
693
694Please read the documentation accompanying the OpenSSL library. You
695have to compile and install the OpenSSL libraries before you can compile
696sendmail. See devtools/README how to set the correct compile time
697parameters; you should at least set the following variables:
698
699APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
700APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
701
702If you have installed the OpenSSL libraries and include files in
703a location that your C compiler doesn't use by default you should
704set confINCDIRS and confLIBDIRS as explained in the first section:
705BUILDING SENDMAIL.
706
707Configuration information can be found in doc/op/op.me (required
708certificates) and cf/README (how to tell sendmail about certificates).
709
710To perform an initial test, connect to your sendmail daemon
711(telnet localhost 25) and issue a EHLO localhost and see whether
712250-STARTTLS
713is in the response. If it isn't, run the daemon with
714-O LogLevel=14
715and try again. Then take a look at the logfile and see whether
716there are any problems listed about permissions (unsafe files)
717or the validity of X.509 certificates.
718
719From: Garrett Wollman <wollman@lcs.mit.edu>
720
721 If your certificate authority is hierarchical, and you only include
722 the top-level CA certificate in the CACertFile file, some mail clients
723 may be unable to infer the proper certificate chain when selecting a
724 client certificate. Including the bottom-level CA certificate(s) in
725 the CACertFile file will allow these clients to work properly. This
726 is not necessary if you are not using client certificates for
727 authentication, or if all your clients are running Sendmail or other
728 programs using the OpenSSL library (which get it right automatically).
729 In addition, some mail clients are totally incapable of using
730 certificate authentication -- even some of those which already support
731 SSL/TLS for confidentiality.
732
733Further information can be found via:
734http://www.sendmail.org/tips/
735
736
737+------------------------------------+
738| SASL COMPILATION AND CONFIGURATION |
739+------------------------------------+
740
741Please read the documentation accompanying the Cyrus SASL library
742(INSTALL and README). If you use Berkeley DB for Cyrus SASL then
743you must compile sendmail with the same version of Berkeley DB.
744See devtools/README for how to set the correct compile time parameters;
745you should at least set the following variables:
746
747APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL')
748APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
749
750If you have installed the Cyrus SASL library and include files in
751a location that your C compiler doesn't use by default you should
752set confINCDIRS and confLIBDIRS as explained in the first section:
753BUILDING SENDMAIL.
754
755You have to select and install authentication mechanisms and tell
756sendmail where to find the sasl library and the include files (see
757devtools/README for the parameters to set). Set up the required
758users and passwords as explained in the SASL documentation. See
759also cf/README for authentication related options (especially
760DefaultAuthInfo if you want authentication between MTAs).
761
762To perform an initial test, connect to your sendmail daemon
763(telnet localhost 25) and issue a EHLO localhost and see whether
764250-AUTH ....
765is in the response. If it isn't, run the daemon with
766-O LogLevel=14
767and try again. Then take a look at the logfile and see whether
768there are any security related problems listed (unsafe files).
769
770Further information can be found via:
771http://www.sendmail.org/tips/
772
773
774+-------------------------------------+
775| OPERATING SYSTEM AND COMPILE QUIRKS |
776+-------------------------------------+
777
778GCC problems
779 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
780 too (see include/sm/cdefs.h for more info).
781
782 *****************************************************************
783 ** IMPORTANT: DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE **
784 ** RUNNING GCC 2.4.x or 2.5.x. THERE IS A BUG IN THE GCC **
785 ** OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. **
786 *****************************************************************
787
788 Jim Wilson of Cygnus believes he has found the problem -- it will
789 probably be fixed in GCC 2.5.6 -- but until this is verified, be
790 very suspicious of gcc -O. This problem is reported to have been
791 fixed in gcc 2.6.
792
793 A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with
794 optimization on a Sparc. If you are using gcc 2.5.5, youi should
795 upgrade to the latest version of gcc.
796
797 Apparently GCC 2.7.0 on the Pentium processor has optimization
798 problems. I recommend against using -O on that architecture. This
799 has been seen on FreeBSD 2.0.5 RELEASE.
800
801 Solaris 2.X users should use version 2.7.2.3 over 2.7.2.
802
803 We have been told there are problems with gcc 2.8.0. If you are
804 using this version, you should upgrade to 2.8.1 or later.
805
806Berkeley DB
807 Berkeley DB 4.1.x with x <= 24 does not work with sendmail.
808 You need at least 4.1.25.
809
810GDBM GDBM does not work with sendmail because the additional
811 security checks and file locking cause problems. Unfortunately,
812 gdbm does not provide a compile flag in its version of ndbm.h so
813 the code can adapt. Until the GDBM authors can fix these problems,
814 GDBM will not be supported. Please use Berkeley DB instead.
815
816Configuration file location
817 Up to 8.6, sendmail tried to find the sendmail.cf file in the same
818 place as the vendors had put it, even when this was obviously
819 stupid. As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
820 Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
821 You can get sendmail to use the stupid vendor .cf location by
822 adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
823 support programs and scripts that need to find sendmail.cf. You
824 are STRONGLY urged to use symbolic links if you want to use the
825 vendor location rather than changing the location in the sendmail
826 binary.
827
828 NETINFO systems use NETINFO to determine the location of
829 sendmail.cf. The full path to sendmail.cf is stored as the value of
830 the "sendmail.cf" property in the "/locations/sendmail"
831 subdirectory of NETINFO. Set the value of this property to
832 "/etc/mail/sendmail.cf" (without the quotes) to use this new
833 default location for Sendmail 8.10.0 and higher.
834
835ControlSocket permissions
836 Paraphrased from BIND 8.2.1's README:
837
838 Solaris and other pre-4.4BSD kernels do not respect ownership or
839 protections on UNIX-domain sockets. The short term fix for this is to
840 override the default path and put such control sockets into root-
841 owned directories which do not permit non-root to r/w/x through them.
842 The long term fix is for all kernels to upgrade to 4.4BSD semantics.
843
844HP MPE/iX
845 The MPE-specific code within sendmail emulates a set-user-id root
846 environment for the sendmail binary. But there is no root uid 0 on
847 MPE, nor is there any support for set-user-id programs. Even when
848 sendmail thinks it is running as uid 0, it will still have the file
849 access rights of the underlying non-zero uid, but because sendmail is
850 an MPE priv-mode program it will still be able to call setuid() to
851 successfully switch to a new uid.
852
853 MPE setgid() semantics don't quite work the way sendmail expects, so
854 special emulation is done here also.
855
856 This uid/gid emulation is enabled via the setuid/setgid file mode bits
857 which are not currently used by MPE. Code in libsm/mpeix.c examines
858 these bits and enables emulation if they have been set, i.e.,
859 chmod u+s,g+s /SENDMAIL/CURRENT/SENDMAIL.
860
861SunOS 4.x (Solaris 1.x)
862 You may have to use -lresolv on SunOS. However, beware that
863 this links in a new version of gethostbyname that does not
864 understand NIS, so you must have all of your hosts in DNS.
865
866 Some people have reported problems with the SunOS version of
867 -lresolv and/or in.named, and suggest that you get a newer
868 version. The symptoms are delays when you connect to the
869 SMTP server on a SunOS machine or having your domain added to
870 addresses inappropriately. There is a version of BIND
871 version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9.
872
873 There is substantial disagreement about whether you can make
874 this work with resolv+, which allows you to specify a search-path
875 of services. Some people report that it works fine, others
876 claim it doesn't work at all (including causing sendmail to
877 drop core when it tries to do multiple resolv+ lookups for a
878 single job). I haven't tried resolv+, as we use DNS exclusively.
879
880 Should you want to try resolv+, it is on ftp.uu.net in
881 /networking/ip/dns.
882
883 Apparently getservbyname() can fail under moderate to high
884 load under some circumstances. This will exhibit itself as
885 the message ``554 makeconnection: service "smtp" unknown''.
886 The problem has been traced to one or more blank lines in
887 /etc/services on the NIS server machine. Delete these
888 and it should work. This info is thanks to Brian Bartholomew
889 <bb@math.ufl.edu> of I-Kinetics, Inc.
890
891 NOTE: The SunOS 4.X linker uses library paths specified during
892 compilation using -L for run-time shared library searches.
893 Therefore, it is vital that relative and unsafe directory paths not
894 be used when compiling sendmail.
895
896SunOS 4.0.2 (Sun 386i)
897 Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
898 From: teus@oce.nl
899
900 Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the
901 following changes:
902 * Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
903 available as "uname" command.
904 * Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
905 devtools/OS/SunOS.4.0, which is selected via the "uname" command.
906 I recommend to make available the db-library on the system first
907 (and change the Makefile to use this library).
908 Note that the sendmail.cf and aliases files are found in /etc.
909
910SunOS 4.1.3, 4.1.3_U1
911 Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1. According
912 to Sun bug number 1077939:
913
914 If an application does a getsockopt() on a SOCK_STREAM (TCP) socket
915 after the other side of the connection has sent a TCP RESET for
916 the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or
917 ip_ctloutput() routine.
918
919 For 4.1.3, this is fixed in patch 100584-08, available on the
920 Sunsolve 2.7.1 or later CDs. For 4.1.3_U1, this was fixed in patch
921 101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later
922 obsoleted by patch 102010-05.
923
924 Sun patch 100584-08 is not currently publicly available on their
925 ftp site but a user has reported it can be found at other sites
926 using a web search engine.
927
928Solaris 2.x (SunOS 5.x)
929 To compile for Solaris, the Makefile built by Build must
930 include a SOLARIS definition which reflects the Solaris version
931 (i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1).
932 If you are using gcc, make sure -I/usr/include is not used (or
933 it might complain about TopFrame). If you are using Sun's cc,
934 make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
935 (or it might complain about tm_zone).
936
937 The Solaris 2.x (x <= 3) "syslog" function is apparently limited
938 to something about 90 characters because of a kernel limitation.
939 If you have source code, you can probably up this number. You
940 can get patches that fix this problem: the patch ids are:
941
942 Solaris 2.1 100834
943 Solaris 2.2 100999
944 Solaris 2.3 101318
945
946 Be sure you have the appropriate patch installed or you won't
947 see system logging.
948
949Solaris 2.4 (SunOS 5.4)
950 If you include /usr/lib at the end of your LD_LIBRARY_PATH you run
951 the risk of getting the wrong libraries under some circumstances.
952 This is because of a new feature in Solaris 2.4, described by
953 Rod.Evans@Eng.Sun.COM:
954
955 >> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the
956 >> runtime linker if the application was setxid (secure), thus your
957 >> applications search path would be:
958 >>
959 >> /usr/local/lib LD_LIBRARY_PATH component - IGNORED
960 >> /usr/lib LD_LIBRARY_PATH component - IGNORED
961 >> /usr/local/lib RPATH - honored
962 >> /usr/lib RPATH - honored
963 >>
964 >> the effect is that path 3 would be the first used, and this would
965 >> satisfy your resolv.so lookup.
966 >>
967 >> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible.
968 >> People who developed setxid applications wanted to be able to alter
969 >> the library search path to some degree to allow for their own
970 >> testing and debugging mechanisms. It was decided that the only
971 >> secure way to do this was to allow a `trusted' path to be used in
972 >> LD_LIBRARY_PATH. The only trusted directory we presently define
973 >> is /usr/lib. Thus a set-user-ID root developer could play with some
974 >> alternative shared object implementations and place them in
975 >> /usr/lib (being root we assume they'ed have access to write in this
976 >> directory). This change was made as part of 1155380 - after a
977 >> *huge* amount of discussion regarding the security aspect of things.
978 >>
979 >> So, in SunOS 5.4 your applications search path would be:
980 >>
981 >> /usr/local/lib from LD_LIBRARY_PATH - IGNORED (untrustworthy)
982 >> /usr/lib from LD_LIBRARY_PATH - honored (trustworthy)
983 >> /usr/local/lib from RPATH - honored
984 >> /usr/lib from RPATH - honored
985 >>
986 >> here, path 2 would be the first used.
987
988Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
989 Apparently Solaris 2.5.1 patch 103663-01 installs a new
990 /usr/include/resolv.h file that defines the __P macro without
991 checking to see if it is already defined. This new resolv.h is also
992 included in the Solaris 2.6 distribution. This causes compile
993 warnings such as:
994
995 In file included from daemon.c:51:
996 /usr/include/resolv.h:208: warning: `__P' redefined
997 cdefs.h:58: warning: this is the location of the previous definition
998
999 These warnings can be safely ignored or you can create a resolv.h
1000 file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads:
1001
1002 #undef __P
1003 #include "/usr/include/resolv.h"
1004
1005 This problem was fixed in Solaris 7 (Sun bug ID 4081053).
1006
1007Solaris 7 (SunOS 5.7)
1008 Solaris 7 includes LDAP libraries but the implementation was
1009 lacking a few things. The following settings can be placed in
1010 devtools/Site/site.SunOS.5.7.m4 if you plan on using those
1011 libraries.
1012
1013 APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1014 APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
1015 APPENDDEF(`confLIBS', `-lldap')
1016
1017 Also, Sun's patch 107555 is needed to prevent a crash in the call
1018 to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
1019 LDAP support is compiled in sendmail.
1020
1021Solaris 8 and later (SunOS 5.8 and later)
1022 Solaris 8 and later can optionally install LDAP support. If you
1023 have installed the Entire Distribution meta-cluster, you can use
1024 the following in devtools/Site/site.SunOS.5.8.m4 (or other
1025 appropriately versioned file) to enable LDAP:
1026
1027 APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1028 APPENDDEF(`confLIBS', `-lldap')
1029
1030Solaris 9 and later (SunOS 5.9 and later)
1031 Solaris 9 and later have a revised LDAP library, libldap.so.5,
1032 which is derived from a Netscape implementation, thus requiring
1033 that SM_CONF_LDAP_MEMFREE be defined in conjunction with LDAPMAP:
1034
1035 APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1036 APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE')
1037 APPENDDEF(`confLIBS', `-lldap')
1038
1039Solaris
1040 If you are using dns for hostname resolution on Solaris, make sure
1041 that the 'dns' entry is last on the hosts line in
1042 '/etc/nsswitch.conf'. For example, use:
1043
1044 hosts: nisplus files dns
1045
1046 Do not use:
1047
1048 hosts: nisplus dns [NOTFOUND=return] files
1049
1050 Note that 'nisplus' above is an illustration. The same comment
1051 applies no matter what naming services you are using. If you have
1052 anything other than dns last, even after "[NOTFOUND=return]",
1053 sendmail may not be able to determine whether an error was
1054 temporary or permanent. The error returned by the solaris
1055 gethostbyname() is the error for the last lookup used, and other
1056 naming services do not have the same concept of temporary failure.
1057
1058Ultrix
1059 By default, the IDENT protocol is turned off on Ultrix. If you
1060 are running Ultrix 4.4 or later, or if you have included patch
1061 CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
1062 IDENT on in the configuration file by setting the "ident" timeout.
1063
1064 The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
1065 included in libc.a. Unfortunately, the __RES symbol hasn't changed
1066 and therefore, sendmail can no longer automatically detect the
1067 newer version. If you get a compiler error:
1068
1069 /lib/libc.a(gethostent.o): local_hostname_length: multiply defined
1070
1071 Then rebuild with this in devtools/Site/site.ULTRIX.m4:
1072
1073 APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
1074
1075Digital UNIX (formerly DEC OSF/1)
1076 If you are compiling on OSF/1 (DEC Alpha), you must use
1077 -L/usr/shlib (otherwise it core dumps on startup). You may also
1078 need -mld to get the nlist() function, although some versions
1079 apparently don't need this.
1080
1081 Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
1082 it, just create the link to the sendmail binary.
1083
1084 On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work
1085 properly due to a bug in the getpw* routines. If you want to use
1086 this, use -DDEC_OSF_BROKEN_GETPWENT=1. The problem is fixed in 3.2C.
1087
1088 Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will
1089 only preserve the envelope sender in the "From " header if
1090 DefaultUserID is set to daemon. Setting this to mailnull will
1091 cause all mail to have the header "From mailnull ...". To use
1092 a different DefaultUserID, you will need to use a different mail
1093 delivery agent (such as mail.local found in the sendmail
1094 distribution).
1095
1096 On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the
1097 operating system and already has the ndbm.o module removed. However,
1098 Digital has modified the original Berkeley DB db.h include file.
1099 This results in the following warning while compiling map.c and udb.c:
1100
1101 cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro
1102 "__signed" conflicts with a current definition because the replacement
1103 lists differ. The redefinition is now in effect.
1104 #define __signed signed
1105 ------------------------^
1106
1107 This warning can be ignored.
1108
1109 Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/.
1110 If you have installed a new version of BIND in /usr/include
1111 and /usr/lib, you will experience difficulties as Digital ships
1112 libresolv.a in /usr/ccs/lib/ as well. Be sure to replace both
1113 copies of libresolv.a.
1114
1115IRIX
1116 The header files on SGI IRIX are completely prototyped, and as
1117 a result you can sometimes get some warning messages during
1118 compilation. These can be ignored. There are two errors in
1119 deliver only if you are using gcc, both of the form ``warning:
1120 passing arg N of `execve' from incompatible pointer type''.
1121 Also, if you compile with -DNIS, you will get a complaint
1122 about a declaration of struct dom_binding in a prototype
1123 when compiling map.c; this is not important because the
1124 function being prototyped is not used in that file.
1125
1126 In order to compile sendmail you will have had to install
1127 the developers' option in order to get the necessary include
1128 files.
1129
1130 If you compile with -lmalloc (the fast memory allocator), you may
1131 get warning messages such as the following:
1132
1133 ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so
1134 preempts that definition in /usr/lib32/mips3/libc.so.
1135 ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so
1136 preempts that definition in /usr/lib32/mips3/libc.so.
1137 ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so
1138 preempts that definition in /usr/lib32/mips3/libc.so.
1139 ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so
1140 preempts that definition in /usr/lib32/mips3/libc.so.
1141 ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so
1142 preempts that definition in /usr/lib32/mips3/libc.so.
1143
1144 These are unavoidable and innocuous -- just ignore them.
1145
1146 According to Dave Sill <de5@ornl.gov>, there is a version of the
1147 Berkeley DB library patched to run on Irix 6.2 available from
1148 http://reality.sgi.com/ariel/freeware/#db .
1149
1150IRIX 6.x
1151 If you are using XFS filesystem, avoid using the -32 ABI switch to
1152 the cc compiler if possible.
1153
1154 Broken inet_aton and inet_ntoa on IRIX using gcc: There's
1155 a problem with gcc on IRIX, i.e., gcc can't pass structs
1156 less than 16 bits long unless they are 8 bits; IRIX 6.2 has
1157 some other sized structs. See
1158 http://www.bitmechanic.com/mail-archives/mysql/current/0418.html
1159 This problem seems to be fixed by gcc v2.95.2, gcc v2.8.1
1160 is reported as broken. Check your gcc version for this bug
1161 before installing sendmail.
1162
1163IRIX 6.4
1164 The IRIX 6.5.4 version of /bin/m4 does not work properly with
1165 sendmail. Either install fw_m4.sw.m4 off the Freeware_May99 CD and
1166 use /usr/freeware/bin/m4 or install and use GNU m4.
1167
1168NeXT or NEXTSTEP
1169 NEXTSTEP 3.3 and earlier ship with the old DBM library. Also,
1170 Berkeley DB does not currently run on NEXTSTEP.
1171
1172 If you are compiling on NEXTSTEP, you will have to create an
1173 empty file "unistd.h" and create a file "dirent.h" containing:
1174
1175 #include <sys/dir.h>
1176 #define dirent direct
1177
1178 (devtools/OS/NeXT should try to do both of these for you.)
1179
1180 Apparently, there is a bug in getservbyname on Nextstep 3.0
1181 that causes it to fail under some circumstances with the
1182 message "SYSERR: service "smtp" unknown" logged. You should
1183 be able to work around this by including the line:
1184
1185 OOPort=25
1186
1187 in your .cf file.
1188
1189BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
1190 The "m4" from BSDI won't handle the config files properly.
1191 I haven't had a chance to test this myself.
1192
1193 The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config
1194 files properly. One must use either GNU m4 1.1 or the PD-M4
1195 recently posted in comp.os.386bsd.bugs (and maybe others).
1196 NetBSD-current includes the PD-M4 (as stated in the NetBSD file
1197 CHANGES).
1198
1199 FreeBSD 1.0 RELEASE has uname(2) now. Use -DUSEUNAME in order to
1200 use it (look into devtools/OS/FreeBSD). NetBSD-current may have
1201 it too but it has not been verified.
1202
1203 The latest version of Berkeley DB uses a different naming
1204 scheme than the version that is supplied with your release. This
1205 means you will be able to use the current version of Berkeley DB
1206 with sendmail as long you use the new db.h when compiling
1207 sendmail and link it against the new libdb.a or libdb.so. You
1208 should probably keep the original db.h in /usr/include and the
1209 new db.h in /usr/local/include.
1210
12114.3BSD
1212 If you are running a "virgin" version of 4.3BSD, you'll have
1213 a very old resolver and be missing some header files. The
1214 header files are simple -- create empty versions and everything
1215 will work fine. For the resolver you should really port a new
1216 version (4.8.3 or later) of the resolver; 4.9 is available on
1217 gatekeeper.DEC.COM in pub/BSD/bind/4.9. If you are really
1218 determined to continue to use your old, buggy version (or as
1219 a shortcut to get sendmail working -- I'm sure you have the
1220 best intentions to port a modern version of BIND), you can
1221 copy ../contrib/oldbind.compat.c into sendmail and add the
1222 following to devtools/Site/site.config.m4:
1223
1224 APPENDDEF(`confOBJADD', `oldbind.compat.o')
1225
1226OpenBSD (up to 2.9 Release), NetBSD, FreeBSD (up to 4.3-RELEASE)
1227 m4 from *BSD won't handle libsm/Makefile.m4 properly, since the
1228 maximum length for strings is too short. You need to use GNU m4
1229 or patch m4, see for example:
1230 http://FreeBSD.org/cgi/cvsweb.cgi/src/usr.bin/m4/eval.c.diff?r1=1.11&r2=1.12
1231
1232A/UX
1233 Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT)
1234 From: "Eric C. Hagberg" <hagberg@med.cornell.edu>
1235 Subject: Fix for A/UX ndbm
1236
1237 I guess this isn't really a sendmail bug, however, it is something
1238 that A/UX users should be aware of when compiling sendmail 8.6.
1239
1240 Apparently, the calls that sendmail is using to the ndbm routines
1241 in A/UX 3.0.x contain calls to "broken" routines, in that the
1242 aliases database will break when it gets "just a little big"
1243 (sorry I don't have exact numbers here, but it broke somewhere
1244 around 20-25 aliases for me.), making all aliases non-functional
1245 after exceeding this point.
1246
1247 What I did was to get the gnu-dbm-1.6 package, compile it, and
1248 then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
1249 ndbm.h header file that comes with the gnu-package. This makes
1250 things behave properly.
1251 [NOTE: see comment above about GDBM]
1252
1253 I suppose porting the New Berkeley DB package is another route,
1254 however, I made a quick attempt at it, and found it difficult
1255 (not easy at least); the gnu-dbm package "configured" and
1256 compiled easily.
1257
1258 [NOTE: Berkeley DB version 2.X runs on A/UX and can be used for
1259 database maps.]
1260
1261SCO Unix
1262 From: Thomas Essebier <tom@stallion.oz.au>
1263 Organisation: Stallion Technologies Pty Ltd.
1264
1265 It will probably help those who are trying to configure sendmail 8.6.9
1266 to know that if they are on SCO, they had better set
1267 OI-dnsrch
1268 or they will core dump as soon as they try to use the resolver.
1269 i.e., although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3,
1270 it does not inititialise it, nor does it understand 'search' in
1271 /etc/named.boot.
1272 - sigh -
1273
1274 According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
1275 We recommend installing GNU m4 before attempting to build sendmail.
1276
1277 On some versions a bogus error value is listed if connections
1278 time out (large negative number). To avoid this explicitly set
1279 Timeout.connect to a reasonable value (several minutes).
1280
1281DG/UX
1282 Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run
1283 V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage.
1284 Originally, the DG /bin/mail program wasn't compatible with
1285 the V8 sendmail, since the DG /bin/mail requires the environment
1286 variable "_FORCE_MAIL_LOCAL_=yes" be set. Version 8.7 now includes
1287 this in the environment before invoking the local mailer. Some
1288 have used procmail to avoid this problem in the past. It works
1289 but some have experienced file locking problems with their DG/UX
1290 ports of procmail.
1291
1292Apollo DomainOS
1293 If you are compiling on Apollo, you will have to create an empty
1294 file "unistd.h" (for DomainOS 10.3 and earlier) and create a file
1295 "dirent.h" containing:
1296
1297 #include <sys/dir.h>
1298 #define dirent direct
1299
1300 (devtools/OS/DomainOS will attempt to do both of these for you.)
1301
1302HP-UX 8.00
1303 Date: Mon, 24 Jan 1994 13:25:45 +0200
1304 From: Kimmo Suominen <Kimmo.Suominen@lut.fi>
1305 Subject: 8.6.5 w/ HP-UX 8.00 on s300
1306
1307 Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (i.e.,
1308 a series 300 machine) running HP-UX 8.00.
1309
1310 I was getting segmentation fault when delivering to a local user.
1311 With debugging I saw it was faulting when doing _free@libc... *sigh*
1312 It seems the new implementation of malloc on s300 is buggy as of 8.0,
1313 so I tried out the one in -lmalloc (malloc(3X)). With that it seems
1314 to work just dandy.
1315
1316 When linking, you will get the following error:
1317
1318 ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a
1319
1320 but you can just ignore it. You might want to add this info to the
1321 README file for the future...
1322
1323Linux
1324 Something broke between versions 0.99.13 and 0.99.14 of Linux: the
1325 flock() system call gives errors. If you are running .14, you must
1326 not use flock. You can do this with -DHASFLOCK=0. We have also
1327 been getting complaints since version 2.4.X was released.
1328 sendmail 8.13 has changed the default locking method to fcntl()
1329 for Linux kernel version 2.4 and later. Be sure to update other
1330 sendmail related programs to match locking techniques (some
1331 examples, besides makemap and mail.local, include procmail, mailx,
1332 mutt, elm, etc).
1333
1334 Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the
1335 initialization of the _res structure changed. If /etc/hosts.conf
1336 was configured as "hosts, bind" the resolver code could return
1337 "Name server failure" errors. This is supposedly fixed in
1338 later versions of libc (>= 4.6.29?), and later versions of
1339 sendmail (> 8.6.10) try to work around the problem.
1340
1341 Some older versions (< 4.6.20?) of the libc/include files conflict
1342 with sendmail's version of cdefs.h. Deleting sendmail's version
1343 on those systems should be non-harmful, and new versions don't care.
1344
1345 NOTE ON LINUX & BIND: By default, the Makefile generated for Linux
1346 includes header files in /usr/local/include and libraries in
1347 /usr/local/lib. If you've installed BIND on your system, the header
1348 files typically end up in the search path and you need to add
1349 "-lresolv" to the LIBS line in your Makefile. Really old versions
1350 may need to include "-l44bsd" as well (particularly if the link phase
1351 complains about missing strcasecmp, strncasecmp or strpbrk).
1352 Complaints about an undefined reference to `__dn_skipname' in
1353 domain.o are a sure sign that you need to add -lresolv to LIBS.
1354 Newer versions of Linux are basically threaded BIND, so you may or
1355 may not see complaints if you accidentally mix BIND
1356 headers/libraries with virginal libc. If you have BIND headers in
1357 /usr/local/include (resolv.h, etc) you *should* be adding -lresolv
1358 to LIBS. Data structures may change and you'd be asking for a
1359 core dump.
1360
1361 A number of problems have been reported regarding the Linux 2.2.0
1362 kernel. So far, these problems have been tracked down to syslog()
1363 and DNS resolution. We believe the problem is with the poll()
1364 implementation in the Linux 2.2.0 kernel and poll()-aware versions
1365 of glib (at least up to 2.0.111).
1366
1367glibc
1368 glibc 2.2.1 (and possibly other versions) changed the value of
1369 __RES in resolv.h but failed to actually provide the IPv6 API
1370 changes that the change implied. Therefore, compiling with
1371 -DNETINET6 fails.
1372
1373 Workarounds:
1374 1) Compile without -DNETINET6
1375 2) Build against a real BIND 8.2.2 include/lib tree
1376 3) Wait for glibc to fix it
1377
1378AIX 4.X
1379 The AIX 4.X linker uses library paths specified during compilation
1380 using -L for run-time shared library searches. Therefore, it is
1381 vital that relative and unsafe directory paths not be using when
1382 compiling sendmail. Because of this danger, by default, compiles
1383 on AIX use the -blibpath option to limit shared libraries to
1384 /usr/lib and /lib. If you need to allow more directories, such as
1385 /usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
1386 site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
1387 appropriately. For example:
1388
1389 define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
1390
1391 Be sure to only add (safe) system directories.
1392
1393 The AIX version of GNU ld also exhibits this problem. If you are
1394 using that version, instead of -blibpath, use its -rpath option.
1395 For example:
1396
1397 gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
1398
1399AIX 4.X If the test program t-event (and most others) in libsm fails,
1400 check your compiler settings. It seems that the flags -qnoro or
1401 -qnoroconst on some AIX versions trigger a compiler bug. Check
1402 your compiler settings or use cc instead of xlc.
1403
1404AIX 4.0-4.2, maybe some AIX 4.3 versions
1405 The AIX m4 implements a different mechanism for ifdef which is
1406 inconsistent with other versions of m4. Therefore, it will not
1407 work properly with the sendmail Build architecture or m4
1408 configuration method. To work around this problem, please use
1409 GNU m4 from ftp://ftp.gnu.org/pub/gnu/.
1410 The problem seems to be solved in AIX 4.3.3 at least.
1411
1412AIX 4.3.3
1413 From: Valdis.Kletnieks@vt.edu
1414 Date: Sun, 02 Jul 2000 03:58:02 -0400
1415
1416 Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
1417 BIND 8.2.2 security holes, you can no longer build with -DNETINET6
1418 because they changed the value of __RES in resolv.h but failed to
1419 actually provide the API changes that the change implied.
1420
1421 Workarounds:
1422 1) Compile without -DNETINET6
1423 2) Build against a real BIND 8.2.2 include/lib tree
1424 3) Wait for IBM to fix it
1425
1426AIX 3.x
1427 This version of sendmail does not support MB, MG, and MR resource
1428 records, which are supported by AIX sendmail.
1429
1430 Several people have reported that the IBM-supplied named returns
1431 fairly random results -- the named should be replaced. It is not
1432 necessary to replace the resolver, which will simplify installation.
1433 A new BIND resolver can be found at http://www.isc.org/isc/.
1434
1435AIX 3.1.x
1436 The supplied load average code only works correctly for AIX 3.2.x.
1437 For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor''
1438 package by Jussi Maki <jmaki@hut.fi> from ftp.funet.fi in the
1439 directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd
1440 daemon, and the getloadavg subroutine supplied with that package.
1441 If you don't care about load average throttling, just turn off
1442 load average checking using -DLA_TYPE=LA_ZERO.
1443
1444RISC/os
1445 RISC/os from MIPS is a merged AT&T/Berkeley system. When you
1446 compile on that platform you will get duplicate definitions
1447 on many files. You can ignore these.
1448
1449System V Release 4 Based Systems
1450 There is a single devtools OS that is intended for all SVR4-based
1451 systems (built from devtools/OS/SVR4). It defines __svr4__,
1452 which is predefined by some compilers. If your compiler already
1453 defines this compile variable, you can delete the definition from
1454 the generated Makefile or create a devtools/Site/site.config.m4
1455 file.
1456
1457 It's been tested on Dell Issue 2.2.
1458
1459DELL SVR4
1460 Date: Mon, 06 Dec 1993 10:42:29 EST
1461 From: "Kimmo Suominen" <kim@grendel.lut.fi>
1462 Message-ID: <2d0352f9.lento29@lento29.UUCP>
1463 To: eric@cs.berkeley.edu
1464 Cc: sendmail@cs.berkeley.edu
1465 Subject: Notes for DELL SVR4
1466
1467 Eric,
1468
1469 Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4. I ran
1470 across these things when helping out some people who contacted me by
1471 e-mail.
1472
1473 1) Use gcc 2.4.5 (or later?). Dell distributes gcc 2.1 with their
1474 Issue 2.2 Unix. It is too old, and gives you problems with
1475 clock.c, because sigset_t won't get defined in <sys/signal.h>.
1476 This is due to a problematic protection rule in there, and is
1477 fixed with gcc 2.4.5.
1478
1479 2) If you don't use the new Berkeley DB (-DNEWDB), then you need
1480 to add "-lc -lucb" to the libraries to link with. This is because
1481 the -ldbm distributed by Dell needs the bcopy, bcmp and bzero
1482 functions. It is important that you specify both libraries in
1483 the given order to be sure you only get the BSTRING functions
1484 from the UCB library (and not the signal routines etc.).
1485
1486 3) Don't leave out "-lelf" even if compiling with "-lc -lucb".
1487 The UCB library also has another copy of the nlist routines,
1488 but we do want the ones from "-lelf".
1489
1490 If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they
1491 can use anonymous ftp to fetch them from lut.fi in the /kim directory.
1492 They are copies of what I use on grendel.lut.fi, and offering them
1493 does not imply that I would also support them. I have sent the DB
1494 port for SVR4 back to Keith Bostic for inclusion in the official
1495 distribution, but I haven't heard anything from him as of today.
1496
1497 - gcc-2.4.5-svr4.tar.gz (gcc 2.4.5 and the corresponding libg++)
1498 - db-1.72.tar.gz (with source, objects and a installed copy)
1499
1500 Cheers
1501 + Kim
1502 --
1503 * Kimmo.Suominen@lut.fi * SysVr4 enthusiast at GRENDEL.LUT.FI *
1504 * KIM@FINFILES.BITNET * Postmaster and Hostmaster at LUT.FI *
1505 * + 358 200 865 718 * Unix area moderator at NIC.FUNET.FI *
1506
1507ConvexOS 10.1 and below
1508 In order to use the name server, you must create the file
1509 /etc/use_nameserver. If this file does not exist, the call
1510 to res_init() will fail and you will have absolutely no
1511 access to DNS, including MX records.
1512
1513Amdahl UTS 2.1.5
1514 In order to get UTS to work, you will have to port BIND 4.9.
1515 The vendor's BIND is reported to be ``totally inadequate.''
1516 See sendmail/contrib/AmdahlUTS.patch for the patches necessary
1517 to get BIND 4.9 compiled for UTS.
1518
1519UnixWare
1520 According to Alexander Kolbasov <sasha@unitech.gamma.ru>,
1521 the m4 on UnixWare 2.0 (still in Beta) will core dump on the
1522 config files. GNU m4 and the m4 from UnixWare 1.x both work.
1523
1524 According to Larry Rosenman <ler@lerami.lerctr.org>:
1525
1526 UnixWare 2.1.[23]'s m4 chokes (not obviously) when
1527 processing the 8.9.0 cf files.
1528
1529 I had a LOCAL_RULE_0 that wound up AFTER the
1530 SBasic_check_rcpt rules using the SCO supplied M4.
1531 GNU M4 works fine.
1532
1533UNICOS 8.0.3.4
1534 Some people have reported that the -O flag on UNICOS can cause
1535 problems. You may want to turn this off if you have problems
1536 running sendmail. Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>.
1537
1538Darwin/Mac OS X (10.X.X)
1539 The linker errors produced regarding getopt() and its associated
1540 variables can safely be ignored.
1541
1542 From Mike Zimmerman <zimmy@torrentnet.com>:
1543
1544 From scratch here is what Darwin users need to do to the standard
1545 10.0.0, 10.0.1 install to get sendmail working.
1546 From http://www.macosx.com/forums/showthread.php?s=6dac0e9e1f3fd118a4870a8a9b559491&threadid=2242:
1547 1. chmod g-w / /private /private/etc
1548 2. Properly set HOSTNAME in /etc/hostconfig to your FQDN:
1549 HOSTNAME=-my.domain.com-
1550 3. Edit /etc/rc.boot:
1551 hostname my.domain.com
1552 domainname domain.com
1553 4. Edit /System/Library/StartupItems/Sendmail/Sendmail:
1554 Remove the "&" after the sendmail command:
1555 /usr/sbin/sendmail -bd -q1h
1556
1557 From Carsten Klapp <carsten.klapp@home.com>:
1558
1559 The easiest workaround is to remove the group-writable permission
1560 for the root directory and the symbolic /etc inherits this
1561 change. While this does fix sendmail, the unfortunate side-effect
1562 is the OS X admin will no longer be able to manipulate icons in the
1563 top level of the Startup disk unless logged into the GUI as the
1564 superuser.
1565
1566 In applying the alternate workaround, care must be taken while
1567 swapping the symlink /etc with the directory /private/etc. In all
1568 likelihood any admin who is concerned with this sendmail error has
1569 enough experience to not accidentally harm anything in the process.
1570
1571 a. Swap the /etc symlink with /private/etc (as superuser):
1572 rm /etc
1573 mv /private/etc /etc
1574 ln -s /etc /private/etc
1575
1576 b. Set / to group unwritable (as superuser):
1577 chmod g-w /
1578
1579Darwin/Mac OS X (10.1.5)
1580 Apple's upgrade to sendmail 8.12 is incorrectly configured. You
1581 will need to manually fix it up by doing the following:
1582
1583 1. chown smmsp:smmsp /var/spool/clientmqueue
1584 2. chmod 2770 /var/spool/clientmqueue
1585 3. chgrp smmsp /usr/sbin/sendmail
1586 4. chmod g+s /usr/sbin/sendmail
1587
1588 From Daniel J. Luke <dluke@geeklair.net>:
1589
1590 It appears that setting the sendmail.cf property in
1591 /locations/sendmail in NetInfo on Mac OS X 10.1.5 with sendmail
1592 8.12.4 causes 'bad things' to happen.
1593
1594 Specifically sendmail instances that should be getting their config
1595 from /etc/mail/submit.cf don't (so mail/mutt/perl scripts which
1596 open pipes to sendmail stop working as sendmail tries to write to
1597 /var/spool/mqueue and cannot as sendmail is no longer suid root).
1598
1599 Removing the entry from NetInfo fixes this problem.
1600
1601GNU getopt
1602 I'm told that GNU getopt has a problem in that it gets confused
1603 by the double call. Use the version in conf.c instead.
1604
1605BIND 4.9.2 and Ultrix
1606 If you are running on Ultrix, be sure you read conf/Info.Ultrix
1607 in the BIND distribution very carefully -- there is information
1608 in there that you need to know in order to avoid errors of the
1609 form:
1610
1611 /lib/libc.a(gethostent.o): sethostent: multiply defined
1612 /lib/libc.a(gethostent.o): endhostent: multiply defined
1613 /lib/libc.a(gethostent.o): gethostbyname: multiply defined
1614 /lib/libc.a(gethostent.o): gethostbyaddr: multiply defined
1615
1616 during the link stage.
1617
1618BIND 8.X
1619 BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
1620 DNS failures when trying to find the hostname associated with an IP
1621 address (gethostbyaddr()). This can cause problems as
1622 $&{client_name} based lookups in class R ($=R) and the access
1623 database won't succeed.
1624
1625 This will be fixed in BIND 8.2.1. For earlier versions, this can
1626 be fixed by making "dns" the last name service queried for host
1627 resolution in /etc/irs.conf:
1628
1629 hosts local continue
1630 hosts dns
1631
1632strtoul
1633 Some compilers (notably gcc) claim to be ANSI C but do not
1634 include the ANSI-required routine "strtoul". If your compiler
1635 has this problem, you will get an error in srvrsmtp.c on the
1636 code:
1637
1638 # ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
1639 e->e_msgsize = strtoul(vp, (char **) NULL, 10);
1640 # else
1641 e->e_msgsize = strtol(vp, (char **) NULL, 10);
1642 # endif
1643
1644 You can use -DBROKEN_ANSI_LIBRARY to get around this problem.
1645
1646Listproc 6.0c
1647 Date: 23 Sep 1995 23:56:07 GMT
1648 Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk>
1649 From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz)
1650 Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint]
1651
1652 Just upgraded to sendmail 8.7, and discovered that listproc 6.0c
1653 breaks, because it, by default, sends a blank "HELO" rather than
1654 a "HELO hostname" when using the 'system' or 'telnet' mail method.
1655
1656 The fix is to include -DZMAILER in the compilation, which will
1657 cause it to use "HELO hostname" (which Z-mail apparently requires
1658 as well. :)
1659
1660OpenSSL
1661 OpenSSL versions prior to 0.9.6 use a macro named Free which
1662 conflicts with existing macro names on some platforms, such as
1663 AIX.
1664 Do not use 0.9.3, but OpenSSL 0.9.5a or later if compatible with
1665 0.9.5a.
1666
1667PH
1668 PH support is provided by Mark Roth <roth@uiuc.edu>. The map is
1669 described at http://www-dev.cites.uiuc.edu/sendmail/ .
1670
1671 NOTE: The "spacedname" pseudo-field which was used by earlier
1672 versions of the PH map code is no longer supported! See the URL
1673 listed above for more information.
1674
1675 Please contact Mark Roth for support and questions regarding the
1676 map.
1677
1678TCP Wrappers
1679 If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
1680 also need to install libwrap.a and modify your site.config.m4 file
1681 or the generated Makefile to include -lwrap in the LIBS line
1682 (make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
1683 libwrap.a can be found).
1684
1685 TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
1686
1687 If you have alternate MX sites for your site, be sure that all of
1688 your MX sites reject the same set of hosts. If not, a bad guy whom
1689 you reject will connect to your site, fail, and move on to the next
1690 MX site, which will accept the mail for you and forward it on to you.
1691
1692Regular Expressions (MAP_REGEX)
1693 If sendmail linking fails with:
1694
1695 undefined reference to 'regcomp'
1696
1697 or sendmail gives an error about a regular expression with:
1698
1699 pattern-compile-error: : Operation not applicable
1700
1701 Your libc does not include a running version of POSIX-regex. Use
1702 librx or regex.o from the GNU Free Software Foundation,
1703 ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
1704 ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
1705 You can also use the regex-lib by Henry Spencer,
1706 ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
1707 Make sure, your compiler reads regex.h from the distribution,
1708 not from /usr/include, otherwise sendmail will dump a core.
1709
1710
1711+--------------+
1712| MANUAL PAGES |
1713+--------------+
1714
1715The manual pages have been written against the -man macros, and
1716should format correctly with any reasonable *roff.
1717
1718
1719+-----------------+
1720| DEBUGGING HOOKS |
1721+-----------------+
1722
1723As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log
1724some debugging output (logged at LOG_DEBUG severity). The
1725information dumped is:
1726
1727 * The value of the $j macro.
1728 * A warning if $j is not in the set $=w.
1729 * A list of the open file descriptors.
1730 * The contents of the connection cache.
1731 * If ruleset 89 is defined, it is evaluated and the results printed.
1732
1733This allows you to get information regarding the runtime state of the
1734daemon on the fly. This should not be done too frequently, since
1735the process of rewriting may lose memory which will not be recovered.
1736Also, ruleset 89 may call non-reentrant routines, so there is a small
1737non-zero probability that this will cause other problems. It is
1738really only for debugging serious problems.
1739
1740A typical formulation of ruleset 89 would be:
1741
1742 R$* $@ $>0 some test address
1743
1744
1745+-----------------------------+
1746| DESCRIPTION OF SOURCE FILES |
1747+-----------------------------+
1748
1749The following list describes the files in this directory:
1750
1751Build Shell script for building sendmail.
1752Makefile A convenience for calling ./Build.
1753Makefile.m4 A template for constructing a makefile based on the
1754 information in the devtools directory.
1755README This file.
1756TRACEFLAGS My own personal list of the trace flags -- not guaranteed
1757 to be particularly up to date.
1758alias.c Does name aliasing in all forms.
1759aliases.5 Man page describing the format of the aliases file.
1760arpadate.c A subroutine which creates ARPANET standard dates.
1761bf.c Routines to implement memory-buffered file system using
1762 hooks provided by libsm now (formerly Torek stdio library).
1763bf.h Buffered file I/O function declarations and
1764 data structure and function declarations for bf.c.
1765collect.c The routine that actually reads the mail into a temp
1766 file. It also does a certain amount of parsing of
1767 the header, etc.
1768conf.c The configuration file. This contains information
1769 that is presumed to be quite static and non-
1770 controversial, or code compiled in for efficiency
1771 reasons. Most of the configuration is in sendmail.cf.
1772conf.h Configuration that must be known everywhere.
1773control.c Routines to implement control socket.
1774convtime.c A routine to sanely process times.
1775daemon.c Routines to implement daemon mode.
1776deliver.c Routines to deliver mail.
1777domain.c Routines that interface with DNS (the Domain Name
1778 System).
1779envelope.c Routines to manipulate the envelope structure.
1780err.c Routines to print error messages.
1781headers.c Routines to process message headers.
1782helpfile An example helpfile for the SMTP HELP command and -bt mode.
1783macro.c The macro expander. This is used internally to
1784 insert information from the configuration file.
1785mailq.1 Man page for the mailq command.
1786main.c The main routine to sendmail. This file also
1787 contains some miscellaneous routines.
1788makesendmail A convenience for calling ./Build.
1789map.c Support for database maps.
1790mci.c Routines that handle mail connection information caching.
1791milter.c MTA portions of the mail filter API.
1792mime.c MIME conversion routines.
1793newaliases.1 Man page for the newaliases command.
1794parseaddr.c The routines which do address parsing.
1795queue.c Routines to implement message queueing.
1796readcf.c The routine that reads the configuration file and
1797 translates it to internal form.
1798recipient.c Routines that manipulate the recipient list.
1799sasl.c Routines to interact with Cyrys-SASL.
1800savemail.c Routines which save the letter on processing errors.
1801sendmail.8 Man page for the sendmail command.
1802sendmail.h Main header file for sendmail.
1803sfsasl.c I/O interface between SASL/TLS and the MTA.
1804sfsasl.h Header file for sfsasl.c.
1805shmticklib.c Routines for shared memory counters.
1806sm_resolve.c Routines for DNS lookups (for DNS map type).
1807sm_resolve.h Header file for sm_resolve.c.
1808srvrsmtp.c Routines to implement server SMTP.
1809stab.c Routines to manage the symbol table.
1810stats.c Routines to collect and post the statistics.
1811statusd_shm.h Data structure and function declarations for shmticklib.c.
1812sysexits.c List of error messages associated with error codes
1813 in sysexits.h.
1814sysexits.h List of error codes for systems that lack their own.
1815timers.c Routines to provide microtimers.
1816timers.h Data structure and function declarations for timers.h.
1817tls.c Routines for TLS.
1818trace.c The trace package. These routines allow setting and
1819 testing of trace flags with a high granularity.
1820udb.c The user database interface module.
1821usersmtp.c Routines to implement user SMTP.
1822util.c Some general purpose routines used by sendmail.
1823version.c The version number and information about this
1824 version of sendmail.
1825
| 381 LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several
382 other parameters that they try to divine: the name of your
383 kernel, the name of the variable in the kernel to examine,
384 the number of bits of precision in a fixed point load average,
385 and so forth. LA_DEVSHORT uses _PATH_AVENRUN to find the
386 device to be read to find the load average.
387 In desperation, use LA_ZERO. The actual code is in
388 conf.c -- it can be tweaked if you are brave.
389FSHIFT For LA_INT, LA_SHORT, and LA_READKSYM, this is the number
390 of bits of load average after the binary point -- i.e.,
391 the number of bits to shift right in order to scale the
392 integer to get the true integer load average. Defaults to 8.
393_PATH_UNIX The path to your kernel. Needed only for LA_INT, LA_SHORT,
394 and LA_FLOAT. Defaults to "/unix" on System V, "/vmunix"
395 everywhere else.
396LA_AVENRUN For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel
397 variable that holds the load average. Defaults to "avenrun"
398 on System V, "_avenrun" everywhere else.
399SFS_TYPE Encodes how your kernel can locate the amount of free
400 space on a disk partition. This can be set to SFS_NONE
401 (0) if you have no way of getting this information,
402 SFS_USTAT (1) if you have the ustat(2) system call,
403 SFS_4ARGS (2) if you have a four-argument statfs(2)
404 system call (and the include file is <sys/statfs.h>),
405 SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have
406 the two-argument statfs(2) system call with includes in
407 <sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively,
408 or SFS_STATVFS (6) if you have the two-argument statvfs(2)
409 call. The default if nothing is defined is SFS_NONE.
410SFS_BAVAIL with SFS_4ARGS you can also set SFS_BAVAIL to the field name
411 in the statfs structure that holds the useful information;
412 this defaults to f_bavail.
413SPT_TYPE Encodes how your system can display what a process is doing
414 on a ps(1) command (SPT stands for Set Process Title). Can
415 be set to:
416 SPT_NONE (0) -- Don't try to set the process title at all.
417 SPT_REUSEARGV (1) -- Pad out your argv with the information;
418 this is the default if none specified.
419 SPT_BUILTIN (2) -- The system library has setproctitle.
420 SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2)
421 to set the process title; this is used by HP-UX.
422 SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD).
423 SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6.
424 SPT_SCO (6) -- Write kernel u. area.
425 SPT_CHANGEARGV (7) -- Write pointers to our own strings into
426 the existing argv vector.
427SPT_PADCHAR Character used to pad the process title; if undefined,
428 the space character (0x20) is used. This is ignored if
429 SPT_TYPE != SPT_REUSEARGV
430ERRLIST_PREDEFINED
431 If set, assumes that some header file defines sys_errlist.
432 This may be needed if you get type conflicts on this
433 variable -- otherwise don't worry about it.
434WAITUNION The wait(2) routine takes a "union wait" argument instead
435 of an integer argument. This is for compatibility with
436 old versions of BSD.
437SCANF You can set this to extend the F command to accept a
438 scanf string -- this gives you a primitive parser for
439 class definitions -- BUT it can make you vulnerable to
440 core dumps if the target file is poorly formed.
441SYSLOG_BUFSIZE You can define this to be the size of the buffer that
442 syslog accepts. If it is not defined, it assumes a
443 1024-byte buffer. If the buffer is very small (under
444 256 bytes) the log message format changes -- each
445 e-mail message will log many more messages, since it
446 will log each piece of information as a separate line
447 in syslog.
448BROKEN_RES_SEARCH
449 On Ultrix (and maybe other systems?) if you use the
450 res_search routine with an unknown host name, it returns
451 -1 but sets h_errno to 0 instead of HOST_NOT_FOUND. If
452 you set this, sendmail considers 0 to be the same as
453 HOST_NOT_FOUND.
454NAMELISTMASK If defined, values returned by nlist(3) are masked
455 against this value before use -- a common value is
456 0x7fffffff to strip off the top bit.
457BSD4_4_SOCKADDR If defined, socket addresses have an sa_len field that
458 defines the length of this address.
459SAFENFSPATHCONF Set this to 1 if and only if you have verified that a
460 pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an
461 NFS filesystem where the underlying system allows users to
462 give away files to other users returns <= 0. Be sure you
463 try both on NFS V2 and V3. Some systems assume that their
464 local policy apply to NFS servers -- this is a bad
465 assumption! The test/t_pathconf.c program will try this
466 for you -- you have to run it in a directory that is
467 mounted from a server that allows file giveaway.
468SIOCGIFCONF_IS_BROKEN
469 Set this if your system has an SIOCGIFCONF ioctl defined,
470 but it doesn't behave the same way as "most" systems (BSD,
471 Solaris, SunOS, HP-UX, etc.)
472SIOCGIFNUM_IS_BROKEN
473 Set this if your system has an SIOCGIFNUM ioctl defined,
474 but it doesn't behave the same way as "most" systems
475 (Solaris, HP-UX).
476FAST_PID_RECYCLE
477 Set this if your system can reuse the same PID in the same
478 second.
479SO_REUSEADDR_IS_BROKEN
480 Set this if your system has a setsockopt() SO_REUSEADDR
481 flag but doesn't pay attention to it when trying to bind a
482 socket to a recently closed port.
483NEEDSGETIPNODE Set this if your system supports IPv6 but doesn't include
484 the getipnodeby{name,addr}() functions. Set automatically
485 for Linux's glibc.
486PIPELINING Support SMTP PIPELINING (set by default).
487USING_NETSCAPE_LDAP
488 Deprecated in favor of SM_CONF_LDAP_MEMFREE. See
489 libsm/README.
490NEEDLINK Set this if your system doesn't have a link() call. It
491 will create a copy of the file instead of a hardlink.
492USE_ENVIRON Set this to 1 to access process environment variables from
493 the external variable environ instead of the third
494 parameter of main().
495USE_DOUBLE_FORK By default this is on (1). Set it to 0 to suppress the
496 extra fork() used to avoid intermediate zombies.
497ALLOW_255 Do not convert (char)0xff to (char)0x7f in headers etc.
498 This can also be done at runtime with the command line
499 option -d82.101.
500NEEDINTERRNO Set this if <errno.h> does not declare errno, i.e., if an
501 application needs to use
502 extern int errno;
503USE_TTYPATH Set this to 1 to enable ErrorMode=write.
504USESYSCTL Use sysctl(3) to determine the number of CPUs in a system.
505
506
507+-----------------------+
508| COMPILE-TIME FEATURES |
509+-----------------------+
510
511There are a bunch of features that you can decide to compile in, such
512as selecting various database packages and special protocol support.
513Several are assumed based on other compilation flags -- if you want to
514"un-assume" something, you probably need to edit conf.h. Compilation
515flags that add support for special features include:
516
517NDBM Include support for "new" DBM library for aliases and maps.
518 Normally defined in the Makefile.
519NEWDB Include support for Berkeley DB package (hash & btree)
520 for aliases and maps. Normally defined in the Makefile.
521 If the version of NEWDB you have is the old one that does
522 not include the "fd" call (this call was added in version
523 1.5 of the Berkeley DB code), you must upgrade to the
524 current version of Berkeley DB.
525NIS Define this to get NIS (YP) support for aliases and maps.
526 Normally defined in the Makefile.
527NISPLUS Define this to get NIS+ support for aliases and maps.
528 Normally defined in the Makefile.
529HESIOD Define this to get Hesiod support for aliases and maps.
530 Normally defined in the Makefile.
531NETINFO Define this to get NeXT NetInfo support for aliases and maps.
532 Normally defined in the Makefile.
533LDAPMAP Define this to get LDAP support for maps.
534PH_MAP Define this to get PH support for maps.
535MAP_NSD Define this to get nsd support for maps.
536USERDB Define this to 1 to include support for the User Information
537 Database. Implied by NEWDB or HESIOD. You can use
538 -DUSERDB=0 to explicitly turn it off.
539IDENTPROTO Define this as 1 to get IDENT (RFC 1413) protocol support.
540 This is assumed unless you are running on Ultrix or
541 HP-UX, both of which have a problem in the UDP
542 implementation. You can define it to be 0 to explicitly
543 turn off IDENT protocol support. If defined off, the code
544 is actually still compiled in, but it defaults off; you
545 can turn it on by setting the IDENT timeout in the
546 configuration file.
547IP_SRCROUTE Define this to 1 to get IP source routing information
548 displayed in the Received: header. This is assumed on
549 most systems, but some (e.g., Ultrix) apparently have a
550 broken version of getsockopt that doesn't properly
551 support the IP_OPTIONS call. You probably want this if
552 your OS can cope with it. Symptoms of failure will be that
553 it won't compile properly (that is, no support for fetching
554 IP_OPTIONs), or it compiles but source-routed TCP connections
555 either refuse to open or open and hang for no apparent reason.
556 Ultrix and AIX3 are known to fail this way.
557LOG Set this to get syslog(3) support. Defined by default
558 in conf.h. You want this if at all possible.
559NETINET Set this to get TCP/IP support. Defined by default
560 in conf.h. You probably want this.
561NETINET6 Set this to get IPv6 support. Other configuration may
562 be needed in conf.h for your particular operating system.
563 Also, DaemonPortOptions must be set appropriately for
564 sendmail to accept IPv6 connections.
565NETISO Define this to get ISO networking support.
566NETUNIX Define this to get Unix domain networking support. Defined
567 by default. A few bizarre systems (SCO, ISC, Altos) don't
568 support this networking domain.
569NETNS Define this to get NS networking support.
570NETX25 Define this to get X.25 networking support.
571NAMED_BIND If non-zero, include DNS (name daemon) support, including
572 MX support. The specs say you must use this if you run
573 SMTP. You don't have to be running a name server daemon
574 on your machine to need this -- any use of the DNS resolver,
575 including remote access to another machine, requires this
576 option. Defined by default in conf.h. Define it to zero
577 ONLY on machines that do not use DNS in any way.
578MATCHGECOS Permit fuzzy matching of user names against the full
579 name (GECOS) field in the /etc/passwd file. This should
580 probably be on, since you can disable it from the config
581 file if you want to. Defined by default in conf.h.
582MIME8TO7 If non-zero, include 8 to 7 bit MIME conversions. This
583 also controls advertisement of 8BITMIME in the ESMTP
584 startup dialogue.
585MIME7TO8_OLD If 0 then use an algorithm for MIME 7-bit quoted-printable
586 or base64 encoding to 8-bit text that has been introduced
587 in 8.12.3. There are some examples where that code fails,
588 but the old code works. If you have an example of improper
589 7 to 8 bit conversion please send it to sendmail-bugs.
590MIME7TO8 If non-zero, include 7 to 8 bit MIME conversions.
591HES_GETMAILHOST Define this to 1 if you are using Hesiod with the
592 hes_getmailhost() routine. This is included with the MIT
593 Hesiod distribution, but not with the DEC Hesiod distribution.
594XDEBUG Do additional internal checking. These don't cost too
595 much; you might as well leave this on.
596TCPWRAPPERS Turns on support for the TCP wrappers library (-lwrap).
597 See below for further information.
598SECUREWARE Enable calls to the SecureWare luid enabling/changing routines.
599 SecureWare is a C2 security package added to several UNIX's
600 (notably ConvexOS) to get a C2 Secure system. This
601 option causes mail delivery to be done with the luid of the
602 recipient.
603SHARE_V1 Support for the fair share scheduler, version 1. Setting to
604 1 causes final delivery to be done using the recipients
605 resource limitations. So far as I know, this is only
606 supported on ConvexOS.
607SASL Enables SMTP AUTH (RFC 2554). This requires the Cyrus SASL
608 library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/). Please
609 install at least version 1.5.13. See below for further
610 information: SASL COMPILATION AND CONFIGURATION. If your
611 SASL library is older than 1.5.10, you have to set this
612 to its version number using a simple conversion: a.b.c
613 -> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
614 Note: Using an older version than 1.5.5 of Cyrus SASL is
615 not supported. Starting with version 1.5.10, setting SASL=1
616 is sufficient. Any value other than 1 (or 0) will be
617 compared with the actual version found and if there is a
618 mismatch, compilation will fail.
619EGD Define this if your system has EGD installed, see
620 http://egd.sourceforge.net/ . It should be used to
621 seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
622STARTTLS Enables SMTP STARTTLS (RFC 2487). This requires OpenSSL
623 (http://www.OpenSSL.org/); use OpenSSL 0.9.5a or later
624 (if compatible with this version), do not use 0.9.3.
625 See STARTTLS COMPILATION AND CONFIGURATION for further
626 information.
627TLS_NO_RSA Turn off support for RSA algorithms in STARTTLS.
628MILTER Turn on support for external filters using the Milter API;
629 this option is set by default, to turn it off use
630 APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER=0')
631 in devtools/Site/site.config.m4 (see devtools/README).
632 See libmilter/README for more information about milter.
633REQUIRES_DIR_FSYNC Turn on support for file systems that require to
634 call fsync() for a directory if the meta-data in it has
635 been changed. This should be turned on at least for older
636 versions of ReiserFS; it is enabled by default for Linux.
637 According to some information this flag is not needed
638 anymore for kernel 2.4.16 and newer. We would appreciate
639 feedback about the semantics of the various file systems
640 available for Linux.
641 An alternative to this compile time flag is to mount the
642 queue directory without the -async option, or using
643 chattr +S on Linux.
644DBMMODE The default file permissions to use when creating new
645 database files for maps and aliases. Defaults to 0640.
646
647Generic notice: If you enable a compile time option that needs
648libraries or include files that don't come with sendmail or are
649installed in a location that your C compiler doesn't use by default
650you should set confINCDIRS and confLIBDIRS as explained in the
651first section: BUILDING SENDMAIL.
652
653
654+---------------------+
655| DNS/RESOLVER ISSUES |
656+---------------------+
657
658Many systems have old versions of the resolver library. At a minimum,
659you should be running BIND 4.8.3; older versions may compile, but they
660have known bugs that should give you pause.
661
662Common problems in old versions include "undefined" errors for
663dn_skipname.
664
665Some people have had a problem with BIND 4.9; it uses some routines
666that it expects to be externally defined such as strerror(). It may
667help to link with "-l44bsd" to solve this problem. This has apparently
668been fixed in later versions of BIND, starting around 4.9.3. In other
669words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or
670later versions, you do not.
671
672!PLEASE! be sure to link with the same version of the resolver as
673the header files you used -- some people have used the 4.9 headers
674and linked with BIND 4.8 or vice versa, and it doesn't work.
675Unfortunately, it doesn't fail in an obvious way -- things just
676subtly don't work.
677
678WILDCARD MX RECORDS ARE A BAD IDEA! The only situation in which they
679work reliably is if you have two versions of DNS, one in the real world
680which has a wildcard pointing to your firewall, and a completely
681different version of the database internally that does not include
682wildcard MX records that match your domain. ANYTHING ELSE WILL GIVE
683YOU HEADACHES!
684
685When attempting to canonify a hostname, some broken name servers will
686return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. If you
687want to excuse this behavior, include WorkAroundBrokenAAAA in
688ResolverOptions. However, instead, we recommend catching the problem and
689reporting it to the name server administrator so we can rid the world of
690broken name servers.
691
692
693+----------------------------------------+
694| STARTTLS COMPILATION AND CONFIGURATION |
695+----------------------------------------+
696
697Please read the documentation accompanying the OpenSSL library. You
698have to compile and install the OpenSSL libraries before you can compile
699sendmail. See devtools/README how to set the correct compile time
700parameters; you should at least set the following variables:
701
702APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
703APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
704
705If you have installed the OpenSSL libraries and include files in
706a location that your C compiler doesn't use by default you should
707set confINCDIRS and confLIBDIRS as explained in the first section:
708BUILDING SENDMAIL.
709
710Configuration information can be found in doc/op/op.me (required
711certificates) and cf/README (how to tell sendmail about certificates).
712
713To perform an initial test, connect to your sendmail daemon
714(telnet localhost 25) and issue a EHLO localhost and see whether
715250-STARTTLS
716is in the response. If it isn't, run the daemon with
717-O LogLevel=14
718and try again. Then take a look at the logfile and see whether
719there are any problems listed about permissions (unsafe files)
720or the validity of X.509 certificates.
721
722From: Garrett Wollman <wollman@lcs.mit.edu>
723
724 If your certificate authority is hierarchical, and you only include
725 the top-level CA certificate in the CACertFile file, some mail clients
726 may be unable to infer the proper certificate chain when selecting a
727 client certificate. Including the bottom-level CA certificate(s) in
728 the CACertFile file will allow these clients to work properly. This
729 is not necessary if you are not using client certificates for
730 authentication, or if all your clients are running Sendmail or other
731 programs using the OpenSSL library (which get it right automatically).
732 In addition, some mail clients are totally incapable of using
733 certificate authentication -- even some of those which already support
734 SSL/TLS for confidentiality.
735
736Further information can be found via:
737http://www.sendmail.org/tips/
738
739
740+------------------------------------+
741| SASL COMPILATION AND CONFIGURATION |
742+------------------------------------+
743
744Please read the documentation accompanying the Cyrus SASL library
745(INSTALL and README). If you use Berkeley DB for Cyrus SASL then
746you must compile sendmail with the same version of Berkeley DB.
747See devtools/README for how to set the correct compile time parameters;
748you should at least set the following variables:
749
750APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL')
751APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
752
753If you have installed the Cyrus SASL library and include files in
754a location that your C compiler doesn't use by default you should
755set confINCDIRS and confLIBDIRS as explained in the first section:
756BUILDING SENDMAIL.
757
758You have to select and install authentication mechanisms and tell
759sendmail where to find the sasl library and the include files (see
760devtools/README for the parameters to set). Set up the required
761users and passwords as explained in the SASL documentation. See
762also cf/README for authentication related options (especially
763DefaultAuthInfo if you want authentication between MTAs).
764
765To perform an initial test, connect to your sendmail daemon
766(telnet localhost 25) and issue a EHLO localhost and see whether
767250-AUTH ....
768is in the response. If it isn't, run the daemon with
769-O LogLevel=14
770and try again. Then take a look at the logfile and see whether
771there are any security related problems listed (unsafe files).
772
773Further information can be found via:
774http://www.sendmail.org/tips/
775
776
777+-------------------------------------+
778| OPERATING SYSTEM AND COMPILE QUIRKS |
779+-------------------------------------+
780
781GCC problems
782 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
783 too (see include/sm/cdefs.h for more info).
784
785 *****************************************************************
786 ** IMPORTANT: DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE **
787 ** RUNNING GCC 2.4.x or 2.5.x. THERE IS A BUG IN THE GCC **
788 ** OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. **
789 *****************************************************************
790
791 Jim Wilson of Cygnus believes he has found the problem -- it will
792 probably be fixed in GCC 2.5.6 -- but until this is verified, be
793 very suspicious of gcc -O. This problem is reported to have been
794 fixed in gcc 2.6.
795
796 A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with
797 optimization on a Sparc. If you are using gcc 2.5.5, youi should
798 upgrade to the latest version of gcc.
799
800 Apparently GCC 2.7.0 on the Pentium processor has optimization
801 problems. I recommend against using -O on that architecture. This
802 has been seen on FreeBSD 2.0.5 RELEASE.
803
804 Solaris 2.X users should use version 2.7.2.3 over 2.7.2.
805
806 We have been told there are problems with gcc 2.8.0. If you are
807 using this version, you should upgrade to 2.8.1 or later.
808
809Berkeley DB
810 Berkeley DB 4.1.x with x <= 24 does not work with sendmail.
811 You need at least 4.1.25.
812
813GDBM GDBM does not work with sendmail because the additional
814 security checks and file locking cause problems. Unfortunately,
815 gdbm does not provide a compile flag in its version of ndbm.h so
816 the code can adapt. Until the GDBM authors can fix these problems,
817 GDBM will not be supported. Please use Berkeley DB instead.
818
819Configuration file location
820 Up to 8.6, sendmail tried to find the sendmail.cf file in the same
821 place as the vendors had put it, even when this was obviously
822 stupid. As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
823 Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
824 You can get sendmail to use the stupid vendor .cf location by
825 adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
826 support programs and scripts that need to find sendmail.cf. You
827 are STRONGLY urged to use symbolic links if you want to use the
828 vendor location rather than changing the location in the sendmail
829 binary.
830
831 NETINFO systems use NETINFO to determine the location of
832 sendmail.cf. The full path to sendmail.cf is stored as the value of
833 the "sendmail.cf" property in the "/locations/sendmail"
834 subdirectory of NETINFO. Set the value of this property to
835 "/etc/mail/sendmail.cf" (without the quotes) to use this new
836 default location for Sendmail 8.10.0 and higher.
837
838ControlSocket permissions
839 Paraphrased from BIND 8.2.1's README:
840
841 Solaris and other pre-4.4BSD kernels do not respect ownership or
842 protections on UNIX-domain sockets. The short term fix for this is to
843 override the default path and put such control sockets into root-
844 owned directories which do not permit non-root to r/w/x through them.
845 The long term fix is for all kernels to upgrade to 4.4BSD semantics.
846
847HP MPE/iX
848 The MPE-specific code within sendmail emulates a set-user-id root
849 environment for the sendmail binary. But there is no root uid 0 on
850 MPE, nor is there any support for set-user-id programs. Even when
851 sendmail thinks it is running as uid 0, it will still have the file
852 access rights of the underlying non-zero uid, but because sendmail is
853 an MPE priv-mode program it will still be able to call setuid() to
854 successfully switch to a new uid.
855
856 MPE setgid() semantics don't quite work the way sendmail expects, so
857 special emulation is done here also.
858
859 This uid/gid emulation is enabled via the setuid/setgid file mode bits
860 which are not currently used by MPE. Code in libsm/mpeix.c examines
861 these bits and enables emulation if they have been set, i.e.,
862 chmod u+s,g+s /SENDMAIL/CURRENT/SENDMAIL.
863
864SunOS 4.x (Solaris 1.x)
865 You may have to use -lresolv on SunOS. However, beware that
866 this links in a new version of gethostbyname that does not
867 understand NIS, so you must have all of your hosts in DNS.
868
869 Some people have reported problems with the SunOS version of
870 -lresolv and/or in.named, and suggest that you get a newer
871 version. The symptoms are delays when you connect to the
872 SMTP server on a SunOS machine or having your domain added to
873 addresses inappropriately. There is a version of BIND
874 version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9.
875
876 There is substantial disagreement about whether you can make
877 this work with resolv+, which allows you to specify a search-path
878 of services. Some people report that it works fine, others
879 claim it doesn't work at all (including causing sendmail to
880 drop core when it tries to do multiple resolv+ lookups for a
881 single job). I haven't tried resolv+, as we use DNS exclusively.
882
883 Should you want to try resolv+, it is on ftp.uu.net in
884 /networking/ip/dns.
885
886 Apparently getservbyname() can fail under moderate to high
887 load under some circumstances. This will exhibit itself as
888 the message ``554 makeconnection: service "smtp" unknown''.
889 The problem has been traced to one or more blank lines in
890 /etc/services on the NIS server machine. Delete these
891 and it should work. This info is thanks to Brian Bartholomew
892 <bb@math.ufl.edu> of I-Kinetics, Inc.
893
894 NOTE: The SunOS 4.X linker uses library paths specified during
895 compilation using -L for run-time shared library searches.
896 Therefore, it is vital that relative and unsafe directory paths not
897 be used when compiling sendmail.
898
899SunOS 4.0.2 (Sun 386i)
900 Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
901 From: teus@oce.nl
902
903 Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the
904 following changes:
905 * Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
906 available as "uname" command.
907 * Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
908 devtools/OS/SunOS.4.0, which is selected via the "uname" command.
909 I recommend to make available the db-library on the system first
910 (and change the Makefile to use this library).
911 Note that the sendmail.cf and aliases files are found in /etc.
912
913SunOS 4.1.3, 4.1.3_U1
914 Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1. According
915 to Sun bug number 1077939:
916
917 If an application does a getsockopt() on a SOCK_STREAM (TCP) socket
918 after the other side of the connection has sent a TCP RESET for
919 the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or
920 ip_ctloutput() routine.
921
922 For 4.1.3, this is fixed in patch 100584-08, available on the
923 Sunsolve 2.7.1 or later CDs. For 4.1.3_U1, this was fixed in patch
924 101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later
925 obsoleted by patch 102010-05.
926
927 Sun patch 100584-08 is not currently publicly available on their
928 ftp site but a user has reported it can be found at other sites
929 using a web search engine.
930
931Solaris 2.x (SunOS 5.x)
932 To compile for Solaris, the Makefile built by Build must
933 include a SOLARIS definition which reflects the Solaris version
934 (i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1).
935 If you are using gcc, make sure -I/usr/include is not used (or
936 it might complain about TopFrame). If you are using Sun's cc,
937 make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
938 (or it might complain about tm_zone).
939
940 The Solaris 2.x (x <= 3) "syslog" function is apparently limited
941 to something about 90 characters because of a kernel limitation.
942 If you have source code, you can probably up this number. You
943 can get patches that fix this problem: the patch ids are:
944
945 Solaris 2.1 100834
946 Solaris 2.2 100999
947 Solaris 2.3 101318
948
949 Be sure you have the appropriate patch installed or you won't
950 see system logging.
951
952Solaris 2.4 (SunOS 5.4)
953 If you include /usr/lib at the end of your LD_LIBRARY_PATH you run
954 the risk of getting the wrong libraries under some circumstances.
955 This is because of a new feature in Solaris 2.4, described by
956 Rod.Evans@Eng.Sun.COM:
957
958 >> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the
959 >> runtime linker if the application was setxid (secure), thus your
960 >> applications search path would be:
961 >>
962 >> /usr/local/lib LD_LIBRARY_PATH component - IGNORED
963 >> /usr/lib LD_LIBRARY_PATH component - IGNORED
964 >> /usr/local/lib RPATH - honored
965 >> /usr/lib RPATH - honored
966 >>
967 >> the effect is that path 3 would be the first used, and this would
968 >> satisfy your resolv.so lookup.
969 >>
970 >> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible.
971 >> People who developed setxid applications wanted to be able to alter
972 >> the library search path to some degree to allow for their own
973 >> testing and debugging mechanisms. It was decided that the only
974 >> secure way to do this was to allow a `trusted' path to be used in
975 >> LD_LIBRARY_PATH. The only trusted directory we presently define
976 >> is /usr/lib. Thus a set-user-ID root developer could play with some
977 >> alternative shared object implementations and place them in
978 >> /usr/lib (being root we assume they'ed have access to write in this
979 >> directory). This change was made as part of 1155380 - after a
980 >> *huge* amount of discussion regarding the security aspect of things.
981 >>
982 >> So, in SunOS 5.4 your applications search path would be:
983 >>
984 >> /usr/local/lib from LD_LIBRARY_PATH - IGNORED (untrustworthy)
985 >> /usr/lib from LD_LIBRARY_PATH - honored (trustworthy)
986 >> /usr/local/lib from RPATH - honored
987 >> /usr/lib from RPATH - honored
988 >>
989 >> here, path 2 would be the first used.
990
991Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
992 Apparently Solaris 2.5.1 patch 103663-01 installs a new
993 /usr/include/resolv.h file that defines the __P macro without
994 checking to see if it is already defined. This new resolv.h is also
995 included in the Solaris 2.6 distribution. This causes compile
996 warnings such as:
997
998 In file included from daemon.c:51:
999 /usr/include/resolv.h:208: warning: `__P' redefined
1000 cdefs.h:58: warning: this is the location of the previous definition
1001
1002 These warnings can be safely ignored or you can create a resolv.h
1003 file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads:
1004
1005 #undef __P
1006 #include "/usr/include/resolv.h"
1007
1008 This problem was fixed in Solaris 7 (Sun bug ID 4081053).
1009
1010Solaris 7 (SunOS 5.7)
1011 Solaris 7 includes LDAP libraries but the implementation was
1012 lacking a few things. The following settings can be placed in
1013 devtools/Site/site.SunOS.5.7.m4 if you plan on using those
1014 libraries.
1015
1016 APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1017 APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
1018 APPENDDEF(`confLIBS', `-lldap')
1019
1020 Also, Sun's patch 107555 is needed to prevent a crash in the call
1021 to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
1022 LDAP support is compiled in sendmail.
1023
1024Solaris 8 and later (SunOS 5.8 and later)
1025 Solaris 8 and later can optionally install LDAP support. If you
1026 have installed the Entire Distribution meta-cluster, you can use
1027 the following in devtools/Site/site.SunOS.5.8.m4 (or other
1028 appropriately versioned file) to enable LDAP:
1029
1030 APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1031 APPENDDEF(`confLIBS', `-lldap')
1032
1033Solaris 9 and later (SunOS 5.9 and later)
1034 Solaris 9 and later have a revised LDAP library, libldap.so.5,
1035 which is derived from a Netscape implementation, thus requiring
1036 that SM_CONF_LDAP_MEMFREE be defined in conjunction with LDAPMAP:
1037
1038 APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1039 APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE')
1040 APPENDDEF(`confLIBS', `-lldap')
1041
1042Solaris
1043 If you are using dns for hostname resolution on Solaris, make sure
1044 that the 'dns' entry is last on the hosts line in
1045 '/etc/nsswitch.conf'. For example, use:
1046
1047 hosts: nisplus files dns
1048
1049 Do not use:
1050
1051 hosts: nisplus dns [NOTFOUND=return] files
1052
1053 Note that 'nisplus' above is an illustration. The same comment
1054 applies no matter what naming services you are using. If you have
1055 anything other than dns last, even after "[NOTFOUND=return]",
1056 sendmail may not be able to determine whether an error was
1057 temporary or permanent. The error returned by the solaris
1058 gethostbyname() is the error for the last lookup used, and other
1059 naming services do not have the same concept of temporary failure.
1060
1061Ultrix
1062 By default, the IDENT protocol is turned off on Ultrix. If you
1063 are running Ultrix 4.4 or later, or if you have included patch
1064 CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
1065 IDENT on in the configuration file by setting the "ident" timeout.
1066
1067 The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
1068 included in libc.a. Unfortunately, the __RES symbol hasn't changed
1069 and therefore, sendmail can no longer automatically detect the
1070 newer version. If you get a compiler error:
1071
1072 /lib/libc.a(gethostent.o): local_hostname_length: multiply defined
1073
1074 Then rebuild with this in devtools/Site/site.ULTRIX.m4:
1075
1076 APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
1077
1078Digital UNIX (formerly DEC OSF/1)
1079 If you are compiling on OSF/1 (DEC Alpha), you must use
1080 -L/usr/shlib (otherwise it core dumps on startup). You may also
1081 need -mld to get the nlist() function, although some versions
1082 apparently don't need this.
1083
1084 Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
1085 it, just create the link to the sendmail binary.
1086
1087 On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work
1088 properly due to a bug in the getpw* routines. If you want to use
1089 this, use -DDEC_OSF_BROKEN_GETPWENT=1. The problem is fixed in 3.2C.
1090
1091 Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will
1092 only preserve the envelope sender in the "From " header if
1093 DefaultUserID is set to daemon. Setting this to mailnull will
1094 cause all mail to have the header "From mailnull ...". To use
1095 a different DefaultUserID, you will need to use a different mail
1096 delivery agent (such as mail.local found in the sendmail
1097 distribution).
1098
1099 On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the
1100 operating system and already has the ndbm.o module removed. However,
1101 Digital has modified the original Berkeley DB db.h include file.
1102 This results in the following warning while compiling map.c and udb.c:
1103
1104 cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro
1105 "__signed" conflicts with a current definition because the replacement
1106 lists differ. The redefinition is now in effect.
1107 #define __signed signed
1108 ------------------------^
1109
1110 This warning can be ignored.
1111
1112 Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/.
1113 If you have installed a new version of BIND in /usr/include
1114 and /usr/lib, you will experience difficulties as Digital ships
1115 libresolv.a in /usr/ccs/lib/ as well. Be sure to replace both
1116 copies of libresolv.a.
1117
1118IRIX
1119 The header files on SGI IRIX are completely prototyped, and as
1120 a result you can sometimes get some warning messages during
1121 compilation. These can be ignored. There are two errors in
1122 deliver only if you are using gcc, both of the form ``warning:
1123 passing arg N of `execve' from incompatible pointer type''.
1124 Also, if you compile with -DNIS, you will get a complaint
1125 about a declaration of struct dom_binding in a prototype
1126 when compiling map.c; this is not important because the
1127 function being prototyped is not used in that file.
1128
1129 In order to compile sendmail you will have had to install
1130 the developers' option in order to get the necessary include
1131 files.
1132
1133 If you compile with -lmalloc (the fast memory allocator), you may
1134 get warning messages such as the following:
1135
1136 ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so
1137 preempts that definition in /usr/lib32/mips3/libc.so.
1138 ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so
1139 preempts that definition in /usr/lib32/mips3/libc.so.
1140 ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so
1141 preempts that definition in /usr/lib32/mips3/libc.so.
1142 ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so
1143 preempts that definition in /usr/lib32/mips3/libc.so.
1144 ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so
1145 preempts that definition in /usr/lib32/mips3/libc.so.
1146
1147 These are unavoidable and innocuous -- just ignore them.
1148
1149 According to Dave Sill <de5@ornl.gov>, there is a version of the
1150 Berkeley DB library patched to run on Irix 6.2 available from
1151 http://reality.sgi.com/ariel/freeware/#db .
1152
1153IRIX 6.x
1154 If you are using XFS filesystem, avoid using the -32 ABI switch to
1155 the cc compiler if possible.
1156
1157 Broken inet_aton and inet_ntoa on IRIX using gcc: There's
1158 a problem with gcc on IRIX, i.e., gcc can't pass structs
1159 less than 16 bits long unless they are 8 bits; IRIX 6.2 has
1160 some other sized structs. See
1161 http://www.bitmechanic.com/mail-archives/mysql/current/0418.html
1162 This problem seems to be fixed by gcc v2.95.2, gcc v2.8.1
1163 is reported as broken. Check your gcc version for this bug
1164 before installing sendmail.
1165
1166IRIX 6.4
1167 The IRIX 6.5.4 version of /bin/m4 does not work properly with
1168 sendmail. Either install fw_m4.sw.m4 off the Freeware_May99 CD and
1169 use /usr/freeware/bin/m4 or install and use GNU m4.
1170
1171NeXT or NEXTSTEP
1172 NEXTSTEP 3.3 and earlier ship with the old DBM library. Also,
1173 Berkeley DB does not currently run on NEXTSTEP.
1174
1175 If you are compiling on NEXTSTEP, you will have to create an
1176 empty file "unistd.h" and create a file "dirent.h" containing:
1177
1178 #include <sys/dir.h>
1179 #define dirent direct
1180
1181 (devtools/OS/NeXT should try to do both of these for you.)
1182
1183 Apparently, there is a bug in getservbyname on Nextstep 3.0
1184 that causes it to fail under some circumstances with the
1185 message "SYSERR: service "smtp" unknown" logged. You should
1186 be able to work around this by including the line:
1187
1188 OOPort=25
1189
1190 in your .cf file.
1191
1192BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
1193 The "m4" from BSDI won't handle the config files properly.
1194 I haven't had a chance to test this myself.
1195
1196 The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config
1197 files properly. One must use either GNU m4 1.1 or the PD-M4
1198 recently posted in comp.os.386bsd.bugs (and maybe others).
1199 NetBSD-current includes the PD-M4 (as stated in the NetBSD file
1200 CHANGES).
1201
1202 FreeBSD 1.0 RELEASE has uname(2) now. Use -DUSEUNAME in order to
1203 use it (look into devtools/OS/FreeBSD). NetBSD-current may have
1204 it too but it has not been verified.
1205
1206 The latest version of Berkeley DB uses a different naming
1207 scheme than the version that is supplied with your release. This
1208 means you will be able to use the current version of Berkeley DB
1209 with sendmail as long you use the new db.h when compiling
1210 sendmail and link it against the new libdb.a or libdb.so. You
1211 should probably keep the original db.h in /usr/include and the
1212 new db.h in /usr/local/include.
1213
12144.3BSD
1215 If you are running a "virgin" version of 4.3BSD, you'll have
1216 a very old resolver and be missing some header files. The
1217 header files are simple -- create empty versions and everything
1218 will work fine. For the resolver you should really port a new
1219 version (4.8.3 or later) of the resolver; 4.9 is available on
1220 gatekeeper.DEC.COM in pub/BSD/bind/4.9. If you are really
1221 determined to continue to use your old, buggy version (or as
1222 a shortcut to get sendmail working -- I'm sure you have the
1223 best intentions to port a modern version of BIND), you can
1224 copy ../contrib/oldbind.compat.c into sendmail and add the
1225 following to devtools/Site/site.config.m4:
1226
1227 APPENDDEF(`confOBJADD', `oldbind.compat.o')
1228
1229OpenBSD (up to 2.9 Release), NetBSD, FreeBSD (up to 4.3-RELEASE)
1230 m4 from *BSD won't handle libsm/Makefile.m4 properly, since the
1231 maximum length for strings is too short. You need to use GNU m4
1232 or patch m4, see for example:
1233 http://FreeBSD.org/cgi/cvsweb.cgi/src/usr.bin/m4/eval.c.diff?r1=1.11&r2=1.12
1234
1235A/UX
1236 Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT)
1237 From: "Eric C. Hagberg" <hagberg@med.cornell.edu>
1238 Subject: Fix for A/UX ndbm
1239
1240 I guess this isn't really a sendmail bug, however, it is something
1241 that A/UX users should be aware of when compiling sendmail 8.6.
1242
1243 Apparently, the calls that sendmail is using to the ndbm routines
1244 in A/UX 3.0.x contain calls to "broken" routines, in that the
1245 aliases database will break when it gets "just a little big"
1246 (sorry I don't have exact numbers here, but it broke somewhere
1247 around 20-25 aliases for me.), making all aliases non-functional
1248 after exceeding this point.
1249
1250 What I did was to get the gnu-dbm-1.6 package, compile it, and
1251 then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
1252 ndbm.h header file that comes with the gnu-package. This makes
1253 things behave properly.
1254 [NOTE: see comment above about GDBM]
1255
1256 I suppose porting the New Berkeley DB package is another route,
1257 however, I made a quick attempt at it, and found it difficult
1258 (not easy at least); the gnu-dbm package "configured" and
1259 compiled easily.
1260
1261 [NOTE: Berkeley DB version 2.X runs on A/UX and can be used for
1262 database maps.]
1263
1264SCO Unix
1265 From: Thomas Essebier <tom@stallion.oz.au>
1266 Organisation: Stallion Technologies Pty Ltd.
1267
1268 It will probably help those who are trying to configure sendmail 8.6.9
1269 to know that if they are on SCO, they had better set
1270 OI-dnsrch
1271 or they will core dump as soon as they try to use the resolver.
1272 i.e., although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3,
1273 it does not inititialise it, nor does it understand 'search' in
1274 /etc/named.boot.
1275 - sigh -
1276
1277 According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
1278 We recommend installing GNU m4 before attempting to build sendmail.
1279
1280 On some versions a bogus error value is listed if connections
1281 time out (large negative number). To avoid this explicitly set
1282 Timeout.connect to a reasonable value (several minutes).
1283
1284DG/UX
1285 Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run
1286 V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage.
1287 Originally, the DG /bin/mail program wasn't compatible with
1288 the V8 sendmail, since the DG /bin/mail requires the environment
1289 variable "_FORCE_MAIL_LOCAL_=yes" be set. Version 8.7 now includes
1290 this in the environment before invoking the local mailer. Some
1291 have used procmail to avoid this problem in the past. It works
1292 but some have experienced file locking problems with their DG/UX
1293 ports of procmail.
1294
1295Apollo DomainOS
1296 If you are compiling on Apollo, you will have to create an empty
1297 file "unistd.h" (for DomainOS 10.3 and earlier) and create a file
1298 "dirent.h" containing:
1299
1300 #include <sys/dir.h>
1301 #define dirent direct
1302
1303 (devtools/OS/DomainOS will attempt to do both of these for you.)
1304
1305HP-UX 8.00
1306 Date: Mon, 24 Jan 1994 13:25:45 +0200
1307 From: Kimmo Suominen <Kimmo.Suominen@lut.fi>
1308 Subject: 8.6.5 w/ HP-UX 8.00 on s300
1309
1310 Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (i.e.,
1311 a series 300 machine) running HP-UX 8.00.
1312
1313 I was getting segmentation fault when delivering to a local user.
1314 With debugging I saw it was faulting when doing _free@libc... *sigh*
1315 It seems the new implementation of malloc on s300 is buggy as of 8.0,
1316 so I tried out the one in -lmalloc (malloc(3X)). With that it seems
1317 to work just dandy.
1318
1319 When linking, you will get the following error:
1320
1321 ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a
1322
1323 but you can just ignore it. You might want to add this info to the
1324 README file for the future...
1325
1326Linux
1327 Something broke between versions 0.99.13 and 0.99.14 of Linux: the
1328 flock() system call gives errors. If you are running .14, you must
1329 not use flock. You can do this with -DHASFLOCK=0. We have also
1330 been getting complaints since version 2.4.X was released.
1331 sendmail 8.13 has changed the default locking method to fcntl()
1332 for Linux kernel version 2.4 and later. Be sure to update other
1333 sendmail related programs to match locking techniques (some
1334 examples, besides makemap and mail.local, include procmail, mailx,
1335 mutt, elm, etc).
1336
1337 Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the
1338 initialization of the _res structure changed. If /etc/hosts.conf
1339 was configured as "hosts, bind" the resolver code could return
1340 "Name server failure" errors. This is supposedly fixed in
1341 later versions of libc (>= 4.6.29?), and later versions of
1342 sendmail (> 8.6.10) try to work around the problem.
1343
1344 Some older versions (< 4.6.20?) of the libc/include files conflict
1345 with sendmail's version of cdefs.h. Deleting sendmail's version
1346 on those systems should be non-harmful, and new versions don't care.
1347
1348 NOTE ON LINUX & BIND: By default, the Makefile generated for Linux
1349 includes header files in /usr/local/include and libraries in
1350 /usr/local/lib. If you've installed BIND on your system, the header
1351 files typically end up in the search path and you need to add
1352 "-lresolv" to the LIBS line in your Makefile. Really old versions
1353 may need to include "-l44bsd" as well (particularly if the link phase
1354 complains about missing strcasecmp, strncasecmp or strpbrk).
1355 Complaints about an undefined reference to `__dn_skipname' in
1356 domain.o are a sure sign that you need to add -lresolv to LIBS.
1357 Newer versions of Linux are basically threaded BIND, so you may or
1358 may not see complaints if you accidentally mix BIND
1359 headers/libraries with virginal libc. If you have BIND headers in
1360 /usr/local/include (resolv.h, etc) you *should* be adding -lresolv
1361 to LIBS. Data structures may change and you'd be asking for a
1362 core dump.
1363
1364 A number of problems have been reported regarding the Linux 2.2.0
1365 kernel. So far, these problems have been tracked down to syslog()
1366 and DNS resolution. We believe the problem is with the poll()
1367 implementation in the Linux 2.2.0 kernel and poll()-aware versions
1368 of glib (at least up to 2.0.111).
1369
1370glibc
1371 glibc 2.2.1 (and possibly other versions) changed the value of
1372 __RES in resolv.h but failed to actually provide the IPv6 API
1373 changes that the change implied. Therefore, compiling with
1374 -DNETINET6 fails.
1375
1376 Workarounds:
1377 1) Compile without -DNETINET6
1378 2) Build against a real BIND 8.2.2 include/lib tree
1379 3) Wait for glibc to fix it
1380
1381AIX 4.X
1382 The AIX 4.X linker uses library paths specified during compilation
1383 using -L for run-time shared library searches. Therefore, it is
1384 vital that relative and unsafe directory paths not be using when
1385 compiling sendmail. Because of this danger, by default, compiles
1386 on AIX use the -blibpath option to limit shared libraries to
1387 /usr/lib and /lib. If you need to allow more directories, such as
1388 /usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
1389 site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
1390 appropriately. For example:
1391
1392 define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
1393
1394 Be sure to only add (safe) system directories.
1395
1396 The AIX version of GNU ld also exhibits this problem. If you are
1397 using that version, instead of -blibpath, use its -rpath option.
1398 For example:
1399
1400 gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
1401
1402AIX 4.X If the test program t-event (and most others) in libsm fails,
1403 check your compiler settings. It seems that the flags -qnoro or
1404 -qnoroconst on some AIX versions trigger a compiler bug. Check
1405 your compiler settings or use cc instead of xlc.
1406
1407AIX 4.0-4.2, maybe some AIX 4.3 versions
1408 The AIX m4 implements a different mechanism for ifdef which is
1409 inconsistent with other versions of m4. Therefore, it will not
1410 work properly with the sendmail Build architecture or m4
1411 configuration method. To work around this problem, please use
1412 GNU m4 from ftp://ftp.gnu.org/pub/gnu/.
1413 The problem seems to be solved in AIX 4.3.3 at least.
1414
1415AIX 4.3.3
1416 From: Valdis.Kletnieks@vt.edu
1417 Date: Sun, 02 Jul 2000 03:58:02 -0400
1418
1419 Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
1420 BIND 8.2.2 security holes, you can no longer build with -DNETINET6
1421 because they changed the value of __RES in resolv.h but failed to
1422 actually provide the API changes that the change implied.
1423
1424 Workarounds:
1425 1) Compile without -DNETINET6
1426 2) Build against a real BIND 8.2.2 include/lib tree
1427 3) Wait for IBM to fix it
1428
1429AIX 3.x
1430 This version of sendmail does not support MB, MG, and MR resource
1431 records, which are supported by AIX sendmail.
1432
1433 Several people have reported that the IBM-supplied named returns
1434 fairly random results -- the named should be replaced. It is not
1435 necessary to replace the resolver, which will simplify installation.
1436 A new BIND resolver can be found at http://www.isc.org/isc/.
1437
1438AIX 3.1.x
1439 The supplied load average code only works correctly for AIX 3.2.x.
1440 For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor''
1441 package by Jussi Maki <jmaki@hut.fi> from ftp.funet.fi in the
1442 directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd
1443 daemon, and the getloadavg subroutine supplied with that package.
1444 If you don't care about load average throttling, just turn off
1445 load average checking using -DLA_TYPE=LA_ZERO.
1446
1447RISC/os
1448 RISC/os from MIPS is a merged AT&T/Berkeley system. When you
1449 compile on that platform you will get duplicate definitions
1450 on many files. You can ignore these.
1451
1452System V Release 4 Based Systems
1453 There is a single devtools OS that is intended for all SVR4-based
1454 systems (built from devtools/OS/SVR4). It defines __svr4__,
1455 which is predefined by some compilers. If your compiler already
1456 defines this compile variable, you can delete the definition from
1457 the generated Makefile or create a devtools/Site/site.config.m4
1458 file.
1459
1460 It's been tested on Dell Issue 2.2.
1461
1462DELL SVR4
1463 Date: Mon, 06 Dec 1993 10:42:29 EST
1464 From: "Kimmo Suominen" <kim@grendel.lut.fi>
1465 Message-ID: <2d0352f9.lento29@lento29.UUCP>
1466 To: eric@cs.berkeley.edu
1467 Cc: sendmail@cs.berkeley.edu
1468 Subject: Notes for DELL SVR4
1469
1470 Eric,
1471
1472 Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4. I ran
1473 across these things when helping out some people who contacted me by
1474 e-mail.
1475
1476 1) Use gcc 2.4.5 (or later?). Dell distributes gcc 2.1 with their
1477 Issue 2.2 Unix. It is too old, and gives you problems with
1478 clock.c, because sigset_t won't get defined in <sys/signal.h>.
1479 This is due to a problematic protection rule in there, and is
1480 fixed with gcc 2.4.5.
1481
1482 2) If you don't use the new Berkeley DB (-DNEWDB), then you need
1483 to add "-lc -lucb" to the libraries to link with. This is because
1484 the -ldbm distributed by Dell needs the bcopy, bcmp and bzero
1485 functions. It is important that you specify both libraries in
1486 the given order to be sure you only get the BSTRING functions
1487 from the UCB library (and not the signal routines etc.).
1488
1489 3) Don't leave out "-lelf" even if compiling with "-lc -lucb".
1490 The UCB library also has another copy of the nlist routines,
1491 but we do want the ones from "-lelf".
1492
1493 If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they
1494 can use anonymous ftp to fetch them from lut.fi in the /kim directory.
1495 They are copies of what I use on grendel.lut.fi, and offering them
1496 does not imply that I would also support them. I have sent the DB
1497 port for SVR4 back to Keith Bostic for inclusion in the official
1498 distribution, but I haven't heard anything from him as of today.
1499
1500 - gcc-2.4.5-svr4.tar.gz (gcc 2.4.5 and the corresponding libg++)
1501 - db-1.72.tar.gz (with source, objects and a installed copy)
1502
1503 Cheers
1504 + Kim
1505 --
1506 * Kimmo.Suominen@lut.fi * SysVr4 enthusiast at GRENDEL.LUT.FI *
1507 * KIM@FINFILES.BITNET * Postmaster and Hostmaster at LUT.FI *
1508 * + 358 200 865 718 * Unix area moderator at NIC.FUNET.FI *
1509
1510ConvexOS 10.1 and below
1511 In order to use the name server, you must create the file
1512 /etc/use_nameserver. If this file does not exist, the call
1513 to res_init() will fail and you will have absolutely no
1514 access to DNS, including MX records.
1515
1516Amdahl UTS 2.1.5
1517 In order to get UTS to work, you will have to port BIND 4.9.
1518 The vendor's BIND is reported to be ``totally inadequate.''
1519 See sendmail/contrib/AmdahlUTS.patch for the patches necessary
1520 to get BIND 4.9 compiled for UTS.
1521
1522UnixWare
1523 According to Alexander Kolbasov <sasha@unitech.gamma.ru>,
1524 the m4 on UnixWare 2.0 (still in Beta) will core dump on the
1525 config files. GNU m4 and the m4 from UnixWare 1.x both work.
1526
1527 According to Larry Rosenman <ler@lerami.lerctr.org>:
1528
1529 UnixWare 2.1.[23]'s m4 chokes (not obviously) when
1530 processing the 8.9.0 cf files.
1531
1532 I had a LOCAL_RULE_0 that wound up AFTER the
1533 SBasic_check_rcpt rules using the SCO supplied M4.
1534 GNU M4 works fine.
1535
1536UNICOS 8.0.3.4
1537 Some people have reported that the -O flag on UNICOS can cause
1538 problems. You may want to turn this off if you have problems
1539 running sendmail. Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>.
1540
1541Darwin/Mac OS X (10.X.X)
1542 The linker errors produced regarding getopt() and its associated
1543 variables can safely be ignored.
1544
1545 From Mike Zimmerman <zimmy@torrentnet.com>:
1546
1547 From scratch here is what Darwin users need to do to the standard
1548 10.0.0, 10.0.1 install to get sendmail working.
1549 From http://www.macosx.com/forums/showthread.php?s=6dac0e9e1f3fd118a4870a8a9b559491&threadid=2242:
1550 1. chmod g-w / /private /private/etc
1551 2. Properly set HOSTNAME in /etc/hostconfig to your FQDN:
1552 HOSTNAME=-my.domain.com-
1553 3. Edit /etc/rc.boot:
1554 hostname my.domain.com
1555 domainname domain.com
1556 4. Edit /System/Library/StartupItems/Sendmail/Sendmail:
1557 Remove the "&" after the sendmail command:
1558 /usr/sbin/sendmail -bd -q1h
1559
1560 From Carsten Klapp <carsten.klapp@home.com>:
1561
1562 The easiest workaround is to remove the group-writable permission
1563 for the root directory and the symbolic /etc inherits this
1564 change. While this does fix sendmail, the unfortunate side-effect
1565 is the OS X admin will no longer be able to manipulate icons in the
1566 top level of the Startup disk unless logged into the GUI as the
1567 superuser.
1568
1569 In applying the alternate workaround, care must be taken while
1570 swapping the symlink /etc with the directory /private/etc. In all
1571 likelihood any admin who is concerned with this sendmail error has
1572 enough experience to not accidentally harm anything in the process.
1573
1574 a. Swap the /etc symlink with /private/etc (as superuser):
1575 rm /etc
1576 mv /private/etc /etc
1577 ln -s /etc /private/etc
1578
1579 b. Set / to group unwritable (as superuser):
1580 chmod g-w /
1581
1582Darwin/Mac OS X (10.1.5)
1583 Apple's upgrade to sendmail 8.12 is incorrectly configured. You
1584 will need to manually fix it up by doing the following:
1585
1586 1. chown smmsp:smmsp /var/spool/clientmqueue
1587 2. chmod 2770 /var/spool/clientmqueue
1588 3. chgrp smmsp /usr/sbin/sendmail
1589 4. chmod g+s /usr/sbin/sendmail
1590
1591 From Daniel J. Luke <dluke@geeklair.net>:
1592
1593 It appears that setting the sendmail.cf property in
1594 /locations/sendmail in NetInfo on Mac OS X 10.1.5 with sendmail
1595 8.12.4 causes 'bad things' to happen.
1596
1597 Specifically sendmail instances that should be getting their config
1598 from /etc/mail/submit.cf don't (so mail/mutt/perl scripts which
1599 open pipes to sendmail stop working as sendmail tries to write to
1600 /var/spool/mqueue and cannot as sendmail is no longer suid root).
1601
1602 Removing the entry from NetInfo fixes this problem.
1603
1604GNU getopt
1605 I'm told that GNU getopt has a problem in that it gets confused
1606 by the double call. Use the version in conf.c instead.
1607
1608BIND 4.9.2 and Ultrix
1609 If you are running on Ultrix, be sure you read conf/Info.Ultrix
1610 in the BIND distribution very carefully -- there is information
1611 in there that you need to know in order to avoid errors of the
1612 form:
1613
1614 /lib/libc.a(gethostent.o): sethostent: multiply defined
1615 /lib/libc.a(gethostent.o): endhostent: multiply defined
1616 /lib/libc.a(gethostent.o): gethostbyname: multiply defined
1617 /lib/libc.a(gethostent.o): gethostbyaddr: multiply defined
1618
1619 during the link stage.
1620
1621BIND 8.X
1622 BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
1623 DNS failures when trying to find the hostname associated with an IP
1624 address (gethostbyaddr()). This can cause problems as
1625 $&{client_name} based lookups in class R ($=R) and the access
1626 database won't succeed.
1627
1628 This will be fixed in BIND 8.2.1. For earlier versions, this can
1629 be fixed by making "dns" the last name service queried for host
1630 resolution in /etc/irs.conf:
1631
1632 hosts local continue
1633 hosts dns
1634
1635strtoul
1636 Some compilers (notably gcc) claim to be ANSI C but do not
1637 include the ANSI-required routine "strtoul". If your compiler
1638 has this problem, you will get an error in srvrsmtp.c on the
1639 code:
1640
1641 # ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
1642 e->e_msgsize = strtoul(vp, (char **) NULL, 10);
1643 # else
1644 e->e_msgsize = strtol(vp, (char **) NULL, 10);
1645 # endif
1646
1647 You can use -DBROKEN_ANSI_LIBRARY to get around this problem.
1648
1649Listproc 6.0c
1650 Date: 23 Sep 1995 23:56:07 GMT
1651 Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk>
1652 From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz)
1653 Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint]
1654
1655 Just upgraded to sendmail 8.7, and discovered that listproc 6.0c
1656 breaks, because it, by default, sends a blank "HELO" rather than
1657 a "HELO hostname" when using the 'system' or 'telnet' mail method.
1658
1659 The fix is to include -DZMAILER in the compilation, which will
1660 cause it to use "HELO hostname" (which Z-mail apparently requires
1661 as well. :)
1662
1663OpenSSL
1664 OpenSSL versions prior to 0.9.6 use a macro named Free which
1665 conflicts with existing macro names on some platforms, such as
1666 AIX.
1667 Do not use 0.9.3, but OpenSSL 0.9.5a or later if compatible with
1668 0.9.5a.
1669
1670PH
1671 PH support is provided by Mark Roth <roth@uiuc.edu>. The map is
1672 described at http://www-dev.cites.uiuc.edu/sendmail/ .
1673
1674 NOTE: The "spacedname" pseudo-field which was used by earlier
1675 versions of the PH map code is no longer supported! See the URL
1676 listed above for more information.
1677
1678 Please contact Mark Roth for support and questions regarding the
1679 map.
1680
1681TCP Wrappers
1682 If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
1683 also need to install libwrap.a and modify your site.config.m4 file
1684 or the generated Makefile to include -lwrap in the LIBS line
1685 (make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
1686 libwrap.a can be found).
1687
1688 TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
1689
1690 If you have alternate MX sites for your site, be sure that all of
1691 your MX sites reject the same set of hosts. If not, a bad guy whom
1692 you reject will connect to your site, fail, and move on to the next
1693 MX site, which will accept the mail for you and forward it on to you.
1694
1695Regular Expressions (MAP_REGEX)
1696 If sendmail linking fails with:
1697
1698 undefined reference to 'regcomp'
1699
1700 or sendmail gives an error about a regular expression with:
1701
1702 pattern-compile-error: : Operation not applicable
1703
1704 Your libc does not include a running version of POSIX-regex. Use
1705 librx or regex.o from the GNU Free Software Foundation,
1706 ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
1707 ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
1708 You can also use the regex-lib by Henry Spencer,
1709 ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
1710 Make sure, your compiler reads regex.h from the distribution,
1711 not from /usr/include, otherwise sendmail will dump a core.
1712
1713
1714+--------------+
1715| MANUAL PAGES |
1716+--------------+
1717
1718The manual pages have been written against the -man macros, and
1719should format correctly with any reasonable *roff.
1720
1721
1722+-----------------+
1723| DEBUGGING HOOKS |
1724+-----------------+
1725
1726As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log
1727some debugging output (logged at LOG_DEBUG severity). The
1728information dumped is:
1729
1730 * The value of the $j macro.
1731 * A warning if $j is not in the set $=w.
1732 * A list of the open file descriptors.
1733 * The contents of the connection cache.
1734 * If ruleset 89 is defined, it is evaluated and the results printed.
1735
1736This allows you to get information regarding the runtime state of the
1737daemon on the fly. This should not be done too frequently, since
1738the process of rewriting may lose memory which will not be recovered.
1739Also, ruleset 89 may call non-reentrant routines, so there is a small
1740non-zero probability that this will cause other problems. It is
1741really only for debugging serious problems.
1742
1743A typical formulation of ruleset 89 would be:
1744
1745 R$* $@ $>0 some test address
1746
1747
1748+-----------------------------+
1749| DESCRIPTION OF SOURCE FILES |
1750+-----------------------------+
1751
1752The following list describes the files in this directory:
1753
1754Build Shell script for building sendmail.
1755Makefile A convenience for calling ./Build.
1756Makefile.m4 A template for constructing a makefile based on the
1757 information in the devtools directory.
1758README This file.
1759TRACEFLAGS My own personal list of the trace flags -- not guaranteed
1760 to be particularly up to date.
1761alias.c Does name aliasing in all forms.
1762aliases.5 Man page describing the format of the aliases file.
1763arpadate.c A subroutine which creates ARPANET standard dates.
1764bf.c Routines to implement memory-buffered file system using
1765 hooks provided by libsm now (formerly Torek stdio library).
1766bf.h Buffered file I/O function declarations and
1767 data structure and function declarations for bf.c.
1768collect.c The routine that actually reads the mail into a temp
1769 file. It also does a certain amount of parsing of
1770 the header, etc.
1771conf.c The configuration file. This contains information
1772 that is presumed to be quite static and non-
1773 controversial, or code compiled in for efficiency
1774 reasons. Most of the configuration is in sendmail.cf.
1775conf.h Configuration that must be known everywhere.
1776control.c Routines to implement control socket.
1777convtime.c A routine to sanely process times.
1778daemon.c Routines to implement daemon mode.
1779deliver.c Routines to deliver mail.
1780domain.c Routines that interface with DNS (the Domain Name
1781 System).
1782envelope.c Routines to manipulate the envelope structure.
1783err.c Routines to print error messages.
1784headers.c Routines to process message headers.
1785helpfile An example helpfile for the SMTP HELP command and -bt mode.
1786macro.c The macro expander. This is used internally to
1787 insert information from the configuration file.
1788mailq.1 Man page for the mailq command.
1789main.c The main routine to sendmail. This file also
1790 contains some miscellaneous routines.
1791makesendmail A convenience for calling ./Build.
1792map.c Support for database maps.
1793mci.c Routines that handle mail connection information caching.
1794milter.c MTA portions of the mail filter API.
1795mime.c MIME conversion routines.
1796newaliases.1 Man page for the newaliases command.
1797parseaddr.c The routines which do address parsing.
1798queue.c Routines to implement message queueing.
1799readcf.c The routine that reads the configuration file and
1800 translates it to internal form.
1801recipient.c Routines that manipulate the recipient list.
1802sasl.c Routines to interact with Cyrys-SASL.
1803savemail.c Routines which save the letter on processing errors.
1804sendmail.8 Man page for the sendmail command.
1805sendmail.h Main header file for sendmail.
1806sfsasl.c I/O interface between SASL/TLS and the MTA.
1807sfsasl.h Header file for sfsasl.c.
1808shmticklib.c Routines for shared memory counters.
1809sm_resolve.c Routines for DNS lookups (for DNS map type).
1810sm_resolve.h Header file for sm_resolve.c.
1811srvrsmtp.c Routines to implement server SMTP.
1812stab.c Routines to manage the symbol table.
1813stats.c Routines to collect and post the statistics.
1814statusd_shm.h Data structure and function declarations for shmticklib.c.
1815sysexits.c List of error messages associated with error codes
1816 in sysexits.h.
1817sysexits.h List of error codes for systems that lack their own.
1818timers.c Routines to provide microtimers.
1819timers.h Data structure and function declarations for timers.h.
1820tls.c Routines for TLS.
1821trace.c The trace package. These routines allow setting and
1822 testing of trace flags with a high granularity.
1823udb.c The user database interface module.
1824usersmtp.c Routines to implement user SMTP.
1825util.c Some general purpose routines used by sendmail.
1826version.c The version number and information about this
1827 version of sendmail.
1828
|