README revision 38032
1109998Smarkm/*- 2160814Ssimon * @(#)README 8.48 (Berkeley) 5/19/98 3160814Ssimon */ 4160814Ssimon 5109998Smarkm SENDMAIL RELEASE 8 6160814Ssimon 7109998SmarkmThis directory has the latest sendmail(TM) software from Sendmail, Inc. 8109998SmarkmSee doc/changes/changes.me for a summary of changes since 5.67. 9109998Smarkm 10109998SmarkmReport any bugs to sendmail-bugs@sendmail.ORG 11109998Smarkm 12109998SmarkmThere is a web site at http://WWW.Sendmail.ORG -- see that site for 13296465Sdelphijthe latest updates. 14109998Smarkm 15109998Smarkm****************************************************************** 16109998Smarkm** DO NOT USE MAKE to compile sendmail. Instead, cd src and ** 17109998Smarkm** use the "Build" shell script. On many environments this ** 18109998Smarkm** will do everything for you, no fuss, no muss. See ** 19109998Smarkm** src/README for more details of compilation. See cf/README ** 20109998Smarkm** for details about building a runtime configuration file. ** 21109998Smarkm****************************************************************** 22109998Smarkm 23109998SmarkmSendmail is a trademark of Sendmail, Inc. 24109998Smarkm 25109998Smarkm+-----------------------+ 26109998Smarkm| DIRECTORY PERMISSIONS | 27109998Smarkm+-----------------------+ 28109998Smarkm 29109998SmarkmSendmail often gets blamed for many problems that are actually the 30109998Smarkmresult of other problems, such as overly permissive modes on directories. 31109998SmarkmFor this reason, sendmail checks the modes on system directories and 32109998Smarkmfiles to determine if can have been trusted. For sendmail to run 33109998Smarkmwithout complaining, you MUST execute the following command: 34109998Smarkm 35109998Smarkm chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 36109998Smarkm chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 37109998Smarkm 38109998SmarkmYou will probably have to tweak this for your environment (for example, 39109998Smarkmsome systems put the spool directory into /usr/spool instead of 40109998Smarkm/var/spool and use /etc/mail for aliases file instead of /etc). If you 41109998Smarkmset the RunAsUser option in your sendmail.cf, the /var/spool/mqueue 42109998Smarkmdirectory will have to be owned by the RunAsUser user. As a general rule, 43109998Smarkmafter you have compiled sendmail, run the command 44109998Smarkm 45109998Smarkm sendmail -v -bi 46109998Smarkm 47109998Smarkmto initialize the alias database. If it gives messages such as 48109998Smarkm 49109998Smarkm WARNING: writable directory /etc 50109998Smarkm WARNING: writable directory /usr/spool/mqueue 51109998Smarkm 52109998Smarkmthen the directories listed have inappropriate write permissions and 53109998Smarkmshould be secured to avoid various possible security attacks. 54109998Smarkm 55109998SmarkmBeginning with sendmail 8.9, these checks have become more strict to 56109998Smarkmprevent users from being able to access files they would normally not 57109998Smarkmbe able to read. In particular, .forward and :include: files in unsafe 58160814Ssimondirectory paths (directory paths which are group or world writable) will 59160814Ssimonno longer be allowed. This would mean that if user joe's home directory 60296465Sdelphijwas writable by group staff, sendmail would not use his .forward file. 61160814SsimonThis behavior can be altered, at the expense of system security, by 62160814Ssimonsetting the DontBlameSendmail option. For example, to allow .forward 63109998Smarkmfiles in group writable directories: 64109998Smarkm 65109998Smarkm O DontBlameSendmail=forwardfileingroupwritabledirpath 66109998Smarkm 67109998SmarkmOr to allow them in both group and world writable directories: 68109998Smarkm 69109998Smarkm O DontBlameSendmail=forwardfileinunsafedirpath 70109998Smarkm 71109998SmarkmItems from these unsafe .forward and :include: files will be marked 72109998Smarkmas unsafe addresses -- the items can not be deliveries to files or 73109998Smarkmprograms. This behavior can also be altered via DontBlameSendmail: 74109998Smarkm 75109998Smarkm O DontBlameSendmail=forwardfileinunsafedirpath, 76296465Sdelphij forwardfileinunsafedirpathsafe 77296465Sdelphij 78109998SmarkmThe first flag allows the .forward file to be read, the second allows 79296465Sdelphijthe items in the file to be marked as safe for file and program 80296465Sdelphijdelivery. 81296465Sdelphij 82296465SdelphijOther files affected by this strengthened security include class 83296465Sdelphijfiles (i.e. Fw /etc/sendmail.cw), persistent host status files, and 84296465Sdelphijthe files specified by the ErrorHeader and HelpFile options. Similar 85296465SdelphijDontBlameSendmail flags are available for the class, ErrorHeader, and 86296465SdelphijHelpFile files. 87109998Smarkm 88296465SdelphijIf you have an unsafe configuration of .forward and :include: 89296465Sdelphijfiles, you can make it safe by finding all such files, and doing 90296465Sdelphija "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for 91296465Sdelphijeach directory in the file's path. 92296465Sdelphij 93109998Smarkm 94296465Sdelphij+--------------+ 95109998Smarkm| MANUAL PAGES | 96296465Sdelphij+--------------+ 97160814Ssimon 98296465SdelphijThe sendmail manual pages use contemporary Berkeley troff macros. If 99296465Sdelphijyour system does not process these manual pages, you can pick up the 100296465Sdelphijnew macros in a BSD Net/2 FTP site (e.g. on FTP.UU.NET, the files 101160814Ssimon/systems/unix/bsd-sources/share/tmac/*). 102296465Sdelphij 103296465SdelphijThe strip.sed file is only used in installation. 104296465Sdelphij 105160814SsimonAfter installation, edit tmac.doc and tmac.andoc to reflect the 106296465Sdelphijinstallation path of the tmac files. Those files contain pointers to 107296465Sdelphij/usr/share/tmac/, and those pointers are not changed by the `make 108160814Ssimoninstall` process. There's also a bug in those files -- make the 109296465Sdelphijfollowing patch: 110296465Sdelphij 111296465Sdelphij*** tmac.an~ Tue Jul 12 14:29:09 1994 112296465Sdelphij--- tmac.an Fri Jul 15 13:17:54 1994 113109998Smarkm*************** 114296465Sdelphij*** 50,55 **** 115296465Sdelphij .de TH 116109998Smarkm .rn TH xX 117109998Smarkm .so /usr/share/lib/tmac/tmac.an.old 118296465Sdelphij! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 119296465Sdelphij .rm xX 120296465Sdelphij .. 121109998Smarkm--- 50,55 ---- 122296465Sdelphij .de TH 123296465Sdelphij .rn TH xX 124109998Smarkm .so /usr/share/lib/tmac/tmac.an.old 125296465Sdelphij! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8" 126109998Smarkm .rm xX 127296465Sdelphij .. 128296465Sdelphij 129296465SdelphijRename the existing tmac.an to be tmac.an.old, and rename tmac.andoc 130296465Sdelphijto be tmac.an. 131160814Ssimon 132296465Sdelphijtmac.an will choose between tmac.an.old, your old macros, or tmac.doc, 133296465Sdelphijwhich are the new macros, so that both the new man pages and the 134160814Ssimonexisting man pages will be translated properly. 135296465Sdelphij 136296465SdelphijI'm also told that the groff distribution from MIT has a tmac.doc 137109998Smarkmmacro set that is compatible with these macros. 138109998Smarkm 139296465Sdelphij 140296465Sdelphij+-----------------------+ 141296465Sdelphij| RELATED DOCUMENTATION | 142109998Smarkm+-----------------------+ 143296465Sdelphij 144296465SdelphijThere are other files you should read. Rooted in this directory are: 145296465Sdelphij 146296465Sdelphij doc/changes/changes.ps 147109998Smarkm Describes changes between Release 5 and Release 8 of sendmail. 148296465Sdelphij There are some things that may behave somewhat differently. 149109998Smarkm For example, the rules governing when :include: files will 150296465Sdelphij be read have been tightened up for security reasons. 151296465Sdelphij FAQ 152296465Sdelphij Answers to Frequently Asked Questions. 153296465Sdelphij KNOWNBUGS 154160814Ssimon Known bugs in the current release. I try to keep this up 155296465Sdelphij to date -- get the latest version from FTP.Sendmail.ORG 156296465Sdelphij in /ucb/sendmail/KNOWNBUGS. 157296465Sdelphij RELEASE_NOTES 158296465Sdelphij A detailed description of the changes in each version. This 159160814Ssimon is quite long, but informative. 160296465Sdelphij src/README 161296465Sdelphij Details on compiling and installing sendmail. 162296465Sdelphij cf/README 163109998Smarkm Details on configuring sendmail. 164109998Smarkm doc/op/op.me 165296465Sdelphij The sendmail Installation & Operations Guide. Be warned: if 166296465Sdelphij you are running this off on SunOS or some other system with an 167160814Ssimon old version of -me, you need to add the following macro to the 168296465Sdelphij macros: 169296465Sdelphij 170296465Sdelphij .de sm 171296465Sdelphij \s-1\\$1\\s0\\$2 172296465Sdelphij .. 173296465Sdelphij 174296465Sdelphij This sets a word in a smaller pointsize. 175296465Sdelphij 176296465Sdelphij 177296465Sdelphij+--------------+ 178160814Ssimon| RELATED RFCS | 179296465Sdelphij+--------------+ 180160814Ssimon 181296465SdelphijThere are several related RFCs that you may wish to read -- they are 182296465Sdelphijavailable via anonymous FTP to several sites, including: 183109998Smarkm 184296465Sdelphij ftp://nic.ddn.mil/rfc/ 185296465Sdelphij ftp://nis.nsf.net/documents/rfc/ 186296465Sdelphij ftp://nisc.jvnc.net/rfc/ 187296465Sdelphij ftp://venera.isi.edu/in-notes/ 188296465Sdelphij ftp://wuarchive.wustl.edu/doc/rfc/ 189296465Sdelphij 190296465SdelphijFor a list of the primary repositories see: 191160814Ssimon 192296465Sdelphij http://www.isi.edu/in-notes/rfc-retrieval.txt 193296465Sdelphij 194296465SdelphijThey are also online at: 195296465Sdelphij 196296465Sdelphij http://www.ietf.org/ 197296465Sdelphij 198296465SdelphijThey can also be retrieved via electronic mail by sending 199296465Sdelphijemail to one of: 200296465Sdelphij 201296465Sdelphij mail-server@nisc.sri.com 202296465Sdelphij Put "send rfcNNN" in message body 203296465Sdelphij nis-info@nis.nsf.net 204296465Sdelphij Put "send RFCnnn.TXT-1" in message body 205296465Sdelphij sendrfc@jvnc.net 206296465Sdelphij Put "RFCnnn" as Subject: line 207160814Ssimon 208296465SdelphijFor further instructions see: 209296465Sdelphij 210296465Sdelphij http://www.isi.edu/in-notes/rfc-editor/rfc-info 211296465Sdelphij 212109998SmarkmImportant RFCs for electronic mail are: 213296465Sdelphij 214296465Sdelphij RFC821 SMTP protocol 215296465Sdelphij RFC822 Mail header format 216109998Smarkm RFC974 MX routing 217296465Sdelphij RFC976 UUCP mail format 218296465Sdelphij RFC1123 Host requirements (modifies 821, 822, and 974) 219296465Sdelphij RFC1413 Identification server 220296465Sdelphij RFC1869 SMTP Service Extensions (ESMTP spec) 221296465Sdelphij RFC1652 SMTP Service Extension for 8bit-MIMEtransport 222296465Sdelphij RFC1870 SMTP Service Extension for Message Size Declaration 223296465Sdelphij RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: 224296465Sdelphij Format of Internet Message Bodies 225296465Sdelphij RFC1344 Implications of MIME for Internet Mail Gateways 226296465Sdelphij RFC1428 Transition of Internet Mail from Just-Send-8 to 227296465Sdelphij 8-bit SMTP/MIME 228296465Sdelphij RFC1891 SMTP Service Extension for Delivery Status Notifications 229296465Sdelphij RFC1892 Multipart/Report Content Type for the Reporting of 230296465Sdelphij Mail System Administrative Messages 231296465Sdelphij RFC1893 Enhanced Mail System Status Codes 232109998Smarkm RFC1894 An Extensible Message Format for Delivery Status 233296465Sdelphij Notifications 234296465Sdelphij RFC1985 SMTP Service Extension for Remote Message Queue Starting 235296465Sdelphij 236160814SsimonOther standards that may be of interest (but which are less directly 237296465Sdelphijrelevant to sendmail) are: 238296465Sdelphij 239296465Sdelphij RFC987 Mapping between RFC822 and X.400 240160814Ssimon RFC1049 Content-Type header field (extension to RFC822) 241296465Sdelphij 242296465SdelphijWarning to AIX users: this version of sendmail does not implement 243160814SsimonMB, MR, or MG DNS resource records, as defined (as experiments) in 244296465SdelphijRFC1035. 245296465Sdelphij 246296465Sdelphij 247296465Sdelphij+-------------------+ 248160814Ssimon| DATABASE ROUTINES | 249296465Sdelphij+-------------------+ 250160814Ssimon 251296465SdelphijIF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** 252296465Sdelphijuse the version that was on the Net2 tape -- it has a number of 253296465Sdelphijnefarious bugs that were bad enough when I got them; you shouldn't have 254296465Sdelphijto go through the same thing. Instead, get a new version via the web at 255296465Sdelphijhttp://www.sleepycat.com/. This software is highly recommended; it gets 256296465Sdelphijrid of several stupid limits, it's much faster, and the interface is 257296465Sdelphijnicer to animals and plants. If the Berkeley DB include files 258296465Sdelphijare installed in a location other than those which your compiler searches, 259160814Ssimonyou will need to provide that directory when building: 260109998Smarkm 261296465Sdelphij Build -I/path/to/include/directory 262296465Sdelphij 263296465SdelphijIf you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* 264109998Smarkmurged to upgrade to DB version 2, available from http://www.sleepycat.com/. 265160814SsimonBerkeley DB versions 1.85 and 1.86 are known to be broken in various nasty 266296465Sdelphijways (see http://www.sleepycat.com/db.185.html), and can cause sendmail 267296465Sdelphijto dump core. In addition, the newest versions of gcc and the Solaris 268296465Sdelphijcompilers perform optimizations in those versions that may cause fairly 269160814Ssimonrandom core dumps. 270296465Sdelphij 271296465SdelphijIf you have no choice but to use Berkeley DB 1.85 or 1.86, and you are 272296465Sdelphijusing both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h 273296465Sdelphijand ndbm.o from the DB library after building it. You should also apply 274296465Sdelphijall of the patches for DB 1.85 and 1.86 found at the Sleepycat web site 275296465Sdelphij(see http://www.sleepycat.com/db.185.html), as they fix some of the known 276296465Sdelphijproblems. 277160814Ssimon 278296465SdelphijIf you are using a version of Berkeley DB 2 previous to 2.3.15, and you 279296465Sdelphijare using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o 280296465Sdelphijfrom the DB library after building it. No other changes are necessary. 281296465Sdelphij 282296465SdelphijIf you are using Berkeley DB version 2.3.15 or greater, no changes are 283296465Sdelphijnecessary. 284296465Sdelphij 285160814SsimonThe underlying database file formats changed between Berkeley DB versions 286296465Sdelphij1.85 and 1.86, and again between DB 1.86 and version 2.0. If you are 287296465Sdelphijupgrading from one of those versions, you must recreate your database 288296465Sdelphijfile(s). Do this by rebuilding all maps with makemap and rebuilding the 289296465Sdelphijalias file with newaliases. 290296465Sdelphij 291160814Ssimon 292296465Sdelphij+--------------------+ 293296465Sdelphij| HOST NAME SERVICES | 294296465Sdelphij+--------------------+ 295296465Sdelphij 296296465SdelphijIf you are using NIS or /etc/hosts, it is critical that you 297160814Ssimonlist the long (fully qualified) name somewhere (preferably first) in 298296465Sdelphijthe /etc/hosts file used to build the NIS database. For example, the 299296465Sdelphijline should read 300160814Ssimon 301160814Ssimon 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon 302296465Sdelphij 303296465Sdelphij**** NOT **** 304296465Sdelphij 305160814Ssimon 128.32.149.68 mastodon 306160814Ssimon 307296465SdelphijIf you do not include the long name, sendmail will complain loudly 308296465Sdelphijabout ``unable to qualify my own domain name (mastodon) -- using 309296465Sdelphijshort name'' and conclude that your canonical name is the short 310160814Ssimonversion and use that in messages. The name "mastodon" doesn't mean 311296465Sdelphijmuch outside of Berkeley, and so this creates incorrect and unreplyable 312296465Sdelphijmessages. 313160814Ssimon 314296465Sdelphij 315296465Sdelphij+-------------+ 316296465Sdelphij| USE WITH MH | 317296465Sdelphij+-------------+ 318296465Sdelphij 319160814SsimonThis version of sendmail notices and reports certain kinds of SMTP 320296465Sdelphijprotocol violations that were ignored by older versions. If you 321296465Sdelphijare running MH you may wish to install the patch in contrib/mh.patch 322160814Ssimonthat will prevent these warning reports. This patch also works 323160814Ssimonwith the old version of sendmail, so it's safe to go ahead and 324296465Sdelphijinstall it. 325296465Sdelphij 326296465Sdelphij 327160814Ssimon+----------------+ 328160814Ssimon| USE WITH IDENT | 329296465Sdelphij+----------------+ 330296465Sdelphij 331296465SdelphijSendmail 8 supports the IDENT protocol, as defined by RFC 1413. 332160814SsimonNo ident server is included with this distribution. I have found 333160814Ssimoncopies available on: 334296465Sdelphij 335296465Sdelphij ftp.lysator.liu.se /pub/ident/servers 336296465Sdelphij romulus.ucs.uoknor.edu /networking/ident/servers 337160814Ssimon ftp.cyf-kr.edu.pl /agh/uciagh/network/ident 338160814Ssimon 339296465SdelphijIf you want to run an IDENT server, I suggest getting a copy from 340296465Sdelphijone of those sites. Versions are available for several different 341296465Sdelphijsystems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS. 342160814Ssimon 343296465Sdelphij 344160814Ssimon+---------------------+ 345296465Sdelphij| DIRECTORY STRUCTURE | 346296465Sdelphij+---------------------+ 347296465Sdelphij 348160814SsimonThe structure of this directory tree is: 349296465Sdelphij 350296465Sdelphijcf Source for sendmail configuration files. These are 351296465Sdelphij different than what you've seen before. They are a 352296465Sdelphij fairly dramatic rewrite, requiring the new sendmail 353296465Sdelphij (since they use new features). 354160814Ssimoncontrib Some contributed tools to help with sendmail. THESE 355160814Ssimon ARE NOT SUPPORTED by sendmail -- contact the original 356296465Sdelphij authors if you have problems. (This directory is not 357296465Sdelphij on the 4.4BSD tape.) 358296465Sdelphijdoc Documentation. If you are getting source, read 359296465Sdelphij op.me -- it's long, but worth it. 360296465Sdelphijmail.local The source for the local delivery agent used for 4.4BSD. 361296465Sdelphij THIS IS NOT PART OF SENDMAIL! and may not compile 362160814Ssimon everywhere, since it depends on some 4.4-isms. Warning: 363296465Sdelphij it does mailbox locking differently than other systems. 364296465Sdelphijmailstats Statistics printing program. It has the pathname of 365160814Ssimon sendmail.st compiled in, so if you've changed that, 366296465Sdelphij beware. 367296465Sdelphijmakemap A program that creates the keyed maps used by the $( ... $) 368296465Sdelphij construct in sendmail. It is primitive but effective. 369296465Sdelphij It takes a very simple input format, so you will probably 370160814Ssimon expect to preprocess must human-convenient formats 371296465Sdelphij using sed scripts before this program will like them. 372296465Sdelphij But it should be functionally complete. 373160814Ssimonpraliases A program to print the DBM or NEWDB version of the 374160814Ssimon aliases file. 375296465Sdelphijrmail Source for rmail(8). This is used as a delivery 376296465Sdelphij agent for for UUCP, and could presumably be used by 377296465Sdelphij other non-socket oriented mailers. Older versions of 378160814Ssimon rmail are probably deficient. RMAIL IS NOT PART OF 379160814Ssimon SENDMAIL!!! The 4.4BSD source is included for you to 380296465Sdelphij look at or try to port to your system. I know it doesn't 381296465Sdelphij compile on {SunOS, HP-UX, OSF/1, other} (pick one). 382296465Sdelphijsmrsh The "sendmail restricted shell", which can be used as 383160814Ssimon a replacement for /bin/sh in the prog mailer to provide 384296465Sdelphij increased security control. NOT PART OF SENDMAIL! 385296465Sdelphijsrc Source for the sendmail program itself. 386296465Sdelphijtest Some test scripts (currently only for compilation aids). 387296465Sdelphij