README revision 38032
1/*- 2 * @(#)README 8.48 (Berkeley) 5/19/98 3 */ 4 5 SENDMAIL RELEASE 8 6 7This directory has the latest sendmail(TM) software from Sendmail, Inc. 8See doc/changes/changes.me for a summary of changes since 5.67. 9 10Report any bugs to sendmail-bugs@sendmail.ORG 11 12There is a web site at http://WWW.Sendmail.ORG -- see that site for 13the latest updates. 14 15****************************************************************** 16** DO NOT USE MAKE to compile sendmail. Instead, cd src and ** 17** use the "Build" shell script. On many environments this ** 18** will do everything for you, no fuss, no muss. See ** 19** src/README for more details of compilation. See cf/README ** 20** for details about building a runtime configuration file. ** 21****************************************************************** 22 23Sendmail is a trademark of Sendmail, Inc. 24 25+-----------------------+ 26| DIRECTORY PERMISSIONS | 27+-----------------------+ 28 29Sendmail often gets blamed for many problems that are actually the 30result of other problems, such as overly permissive modes on directories. 31For this reason, sendmail checks the modes on system directories and 32files to determine if can have been trusted. For sendmail to run 33without complaining, you MUST execute the following command: 34 35 chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 36 chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 37 38You will probably have to tweak this for your environment (for example, 39some systems put the spool directory into /usr/spool instead of 40/var/spool and use /etc/mail for aliases file instead of /etc). If you 41set the RunAsUser option in your sendmail.cf, the /var/spool/mqueue 42directory will have to be owned by the RunAsUser user. As a general rule, 43after you have compiled sendmail, run the command 44 45 sendmail -v -bi 46 47to initialize the alias database. If it gives messages such as 48 49 WARNING: writable directory /etc 50 WARNING: writable directory /usr/spool/mqueue 51 52then the directories listed have inappropriate write permissions and 53should be secured to avoid various possible security attacks. 54 55Beginning with sendmail 8.9, these checks have become more strict to 56prevent users from being able to access files they would normally not 57be able to read. In particular, .forward and :include: files in unsafe 58directory paths (directory paths which are group or world writable) will 59no longer be allowed. This would mean that if user joe's home directory 60was writable by group staff, sendmail would not use his .forward file. 61This behavior can be altered, at the expense of system security, by 62setting the DontBlameSendmail option. For example, to allow .forward 63files in group writable directories: 64 65 O DontBlameSendmail=forwardfileingroupwritabledirpath 66 67Or to allow them in both group and world writable directories: 68 69 O DontBlameSendmail=forwardfileinunsafedirpath 70 71Items from these unsafe .forward and :include: files will be marked 72as unsafe addresses -- the items can not be deliveries to files or 73programs. This behavior can also be altered via DontBlameSendmail: 74 75 O DontBlameSendmail=forwardfileinunsafedirpath, 76 forwardfileinunsafedirpathsafe 77 78The first flag allows the .forward file to be read, the second allows 79the items in the file to be marked as safe for file and program 80delivery. 81 82Other files affected by this strengthened security include class 83files (i.e. Fw /etc/sendmail.cw), persistent host status files, and 84the files specified by the ErrorHeader and HelpFile options. Similar 85DontBlameSendmail flags are available for the class, ErrorHeader, and 86HelpFile files. 87 88If you have an unsafe configuration of .forward and :include: 89files, you can make it safe by finding all such files, and doing 90a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for 91each directory in the file's path. 92 93 94+--------------+ 95| MANUAL PAGES | 96+--------------+ 97 98The sendmail manual pages use contemporary Berkeley troff macros. If 99your system does not process these manual pages, you can pick up the 100new macros in a BSD Net/2 FTP site (e.g. on FTP.UU.NET, the files 101/systems/unix/bsd-sources/share/tmac/*). 102 103The strip.sed file is only used in installation. 104 105After installation, edit tmac.doc and tmac.andoc to reflect the 106installation path of the tmac files. Those files contain pointers to 107/usr/share/tmac/, and those pointers are not changed by the `make 108install` process. There's also a bug in those files -- make the 109following patch: 110 111*** tmac.an~ Tue Jul 12 14:29:09 1994 112--- tmac.an Fri Jul 15 13:17:54 1994 113*************** 114*** 50,55 **** 115 .de TH 116 .rn TH xX 117 .so /usr/share/lib/tmac/tmac.an.old 118! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 119 .rm xX 120 .. 121--- 50,55 ---- 122 .de TH 123 .rn TH xX 124 .so /usr/share/lib/tmac/tmac.an.old 125! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8" 126 .rm xX 127 .. 128 129Rename the existing tmac.an to be tmac.an.old, and rename tmac.andoc 130to be tmac.an. 131 132tmac.an will choose between tmac.an.old, your old macros, or tmac.doc, 133which are the new macros, so that both the new man pages and the 134existing man pages will be translated properly. 135 136I'm also told that the groff distribution from MIT has a tmac.doc 137macro set that is compatible with these macros. 138 139 140+-----------------------+ 141| RELATED DOCUMENTATION | 142+-----------------------+ 143 144There are other files you should read. Rooted in this directory are: 145 146 doc/changes/changes.ps 147 Describes changes between Release 5 and Release 8 of sendmail. 148 There are some things that may behave somewhat differently. 149 For example, the rules governing when :include: files will 150 be read have been tightened up for security reasons. 151 FAQ 152 Answers to Frequently Asked Questions. 153 KNOWNBUGS 154 Known bugs in the current release. I try to keep this up 155 to date -- get the latest version from FTP.Sendmail.ORG 156 in /ucb/sendmail/KNOWNBUGS. 157 RELEASE_NOTES 158 A detailed description of the changes in each version. This 159 is quite long, but informative. 160 src/README 161 Details on compiling and installing sendmail. 162 cf/README 163 Details on configuring sendmail. 164 doc/op/op.me 165 The sendmail Installation & Operations Guide. Be warned: if 166 you are running this off on SunOS or some other system with an 167 old version of -me, you need to add the following macro to the 168 macros: 169 170 .de sm 171 \s-1\\$1\\s0\\$2 172 .. 173 174 This sets a word in a smaller pointsize. 175 176 177+--------------+ 178| RELATED RFCS | 179+--------------+ 180 181There are several related RFCs that you may wish to read -- they are 182available via anonymous FTP to several sites, including: 183 184 ftp://nic.ddn.mil/rfc/ 185 ftp://nis.nsf.net/documents/rfc/ 186 ftp://nisc.jvnc.net/rfc/ 187 ftp://venera.isi.edu/in-notes/ 188 ftp://wuarchive.wustl.edu/doc/rfc/ 189 190For a list of the primary repositories see: 191 192 http://www.isi.edu/in-notes/rfc-retrieval.txt 193 194They are also online at: 195 196 http://www.ietf.org/ 197 198They can also be retrieved via electronic mail by sending 199email to one of: 200 201 mail-server@nisc.sri.com 202 Put "send rfcNNN" in message body 203 nis-info@nis.nsf.net 204 Put "send RFCnnn.TXT-1" in message body 205 sendrfc@jvnc.net 206 Put "RFCnnn" as Subject: line 207 208For further instructions see: 209 210 http://www.isi.edu/in-notes/rfc-editor/rfc-info 211 212Important RFCs for electronic mail are: 213 214 RFC821 SMTP protocol 215 RFC822 Mail header format 216 RFC974 MX routing 217 RFC976 UUCP mail format 218 RFC1123 Host requirements (modifies 821, 822, and 974) 219 RFC1413 Identification server 220 RFC1869 SMTP Service Extensions (ESMTP spec) 221 RFC1652 SMTP Service Extension for 8bit-MIMEtransport 222 RFC1870 SMTP Service Extension for Message Size Declaration 223 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: 224 Format of Internet Message Bodies 225 RFC1344 Implications of MIME for Internet Mail Gateways 226 RFC1428 Transition of Internet Mail from Just-Send-8 to 227 8-bit SMTP/MIME 228 RFC1891 SMTP Service Extension for Delivery Status Notifications 229 RFC1892 Multipart/Report Content Type for the Reporting of 230 Mail System Administrative Messages 231 RFC1893 Enhanced Mail System Status Codes 232 RFC1894 An Extensible Message Format for Delivery Status 233 Notifications 234 RFC1985 SMTP Service Extension for Remote Message Queue Starting 235 236Other standards that may be of interest (but which are less directly 237relevant to sendmail) are: 238 239 RFC987 Mapping between RFC822 and X.400 240 RFC1049 Content-Type header field (extension to RFC822) 241 242Warning to AIX users: this version of sendmail does not implement 243MB, MR, or MG DNS resource records, as defined (as experiments) in 244RFC1035. 245 246 247+-------------------+ 248| DATABASE ROUTINES | 249+-------------------+ 250 251IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** 252use the version that was on the Net2 tape -- it has a number of 253nefarious bugs that were bad enough when I got them; you shouldn't have 254to go through the same thing. Instead, get a new version via the web at 255http://www.sleepycat.com/. This software is highly recommended; it gets 256rid of several stupid limits, it's much faster, and the interface is 257nicer to animals and plants. If the Berkeley DB include files 258are installed in a location other than those which your compiler searches, 259you will need to provide that directory when building: 260 261 Build -I/path/to/include/directory 262 263If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* 264urged to upgrade to DB version 2, available from http://www.sleepycat.com/. 265Berkeley DB versions 1.85 and 1.86 are known to be broken in various nasty 266ways (see http://www.sleepycat.com/db.185.html), and can cause sendmail 267to dump core. In addition, the newest versions of gcc and the Solaris 268compilers perform optimizations in those versions that may cause fairly 269random core dumps. 270 271If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are 272using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h 273and ndbm.o from the DB library after building it. You should also apply 274all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site 275(see http://www.sleepycat.com/db.185.html), as they fix some of the known 276problems. 277 278If you are using a version of Berkeley DB 2 previous to 2.3.15, and you 279are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o 280from the DB library after building it. No other changes are necessary. 281 282If you are using Berkeley DB version 2.3.15 or greater, no changes are 283necessary. 284 285The underlying database file formats changed between Berkeley DB versions 2861.85 and 1.86, and again between DB 1.86 and version 2.0. If you are 287upgrading from one of those versions, you must recreate your database 288file(s). Do this by rebuilding all maps with makemap and rebuilding the 289alias file with newaliases. 290 291 292+--------------------+ 293| HOST NAME SERVICES | 294+--------------------+ 295 296If you are using NIS or /etc/hosts, it is critical that you 297list the long (fully qualified) name somewhere (preferably first) in 298the /etc/hosts file used to build the NIS database. For example, the 299line should read 300 301 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon 302 303**** NOT **** 304 305 128.32.149.68 mastodon 306 307If you do not include the long name, sendmail will complain loudly 308about ``unable to qualify my own domain name (mastodon) -- using 309short name'' and conclude that your canonical name is the short 310version and use that in messages. The name "mastodon" doesn't mean 311much outside of Berkeley, and so this creates incorrect and unreplyable 312messages. 313 314 315+-------------+ 316| USE WITH MH | 317+-------------+ 318 319This version of sendmail notices and reports certain kinds of SMTP 320protocol violations that were ignored by older versions. If you 321are running MH you may wish to install the patch in contrib/mh.patch 322that will prevent these warning reports. This patch also works 323with the old version of sendmail, so it's safe to go ahead and 324install it. 325 326 327+----------------+ 328| USE WITH IDENT | 329+----------------+ 330 331Sendmail 8 supports the IDENT protocol, as defined by RFC 1413. 332No ident server is included with this distribution. I have found 333copies available on: 334 335 ftp.lysator.liu.se /pub/ident/servers 336 romulus.ucs.uoknor.edu /networking/ident/servers 337 ftp.cyf-kr.edu.pl /agh/uciagh/network/ident 338 339If you want to run an IDENT server, I suggest getting a copy from 340one of those sites. Versions are available for several different 341systems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS. 342 343 344+---------------------+ 345| DIRECTORY STRUCTURE | 346+---------------------+ 347 348The structure of this directory tree is: 349 350cf Source for sendmail configuration files. These are 351 different than what you've seen before. They are a 352 fairly dramatic rewrite, requiring the new sendmail 353 (since they use new features). 354contrib Some contributed tools to help with sendmail. THESE 355 ARE NOT SUPPORTED by sendmail -- contact the original 356 authors if you have problems. (This directory is not 357 on the 4.4BSD tape.) 358doc Documentation. If you are getting source, read 359 op.me -- it's long, but worth it. 360mail.local The source for the local delivery agent used for 4.4BSD. 361 THIS IS NOT PART OF SENDMAIL! and may not compile 362 everywhere, since it depends on some 4.4-isms. Warning: 363 it does mailbox locking differently than other systems. 364mailstats Statistics printing program. It has the pathname of 365 sendmail.st compiled in, so if you've changed that, 366 beware. 367makemap A program that creates the keyed maps used by the $( ... $) 368 construct in sendmail. It is primitive but effective. 369 It takes a very simple input format, so you will probably 370 expect to preprocess must human-convenient formats 371 using sed scripts before this program will like them. 372 But it should be functionally complete. 373praliases A program to print the DBM or NEWDB version of the 374 aliases file. 375rmail Source for rmail(8). This is used as a delivery 376 agent for for UUCP, and could presumably be used by 377 other non-socket oriented mailers. Older versions of 378 rmail are probably deficient. RMAIL IS NOT PART OF 379 SENDMAIL!!! The 4.4BSD source is included for you to 380 look at or try to port to your system. I know it doesn't 381 compile on {SunOS, HP-UX, OSF/1, other} (pick one). 382smrsh The "sendmail restricted shell", which can be used as 383 a replacement for /bin/sh in the prog mailer to provide 384 increased security control. NOT PART OF SENDMAIL! 385src Source for the sendmail program itself. 386test Some test scripts (currently only for compilation aids). 387