README revision 64562
1 2 SENDMAIL RELEASE 8 3 4This directory has the latest sendmail(TM) software from Sendmail, Inc. 5 6Report any bugs to sendmail-bugs@sendmail.ORG 7 8There is a web site at http://WWW.Sendmail.ORG/ -- see that site for 9the latest updates. 10 11+--------------+ 12| INTRODUCTION | 13+--------------+ 14 150. The vast majority of queries to <sendmail-questions@sendmail.org> 16 are answered in the README files noted below. 17 181. Read this README file, especially this introduction, and the DIRECTORY 19 PERMISSIONS sections. 20 212. Read sendmail/README, especially: 22 a. the introduction 23 b. the BUILDING SENDMAIL section 24 c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section 25 26 You may also find these useful: 27 28 d. devtools/README 29 e. devtools/Site/README 30 313. Read cf/README. 32 33Sendmail is a trademark of Sendmail, Inc. 34 35+-----------------------+ 36| DIRECTORY PERMISSIONS | 37+-----------------------+ 38 39Sendmail often gets blamed for many problems that are actually the 40result of other problems, such as overly permissive modes on directories. 41For this reason, sendmail checks the modes on system directories and 42files to determine if they can be trusted. For sendmail to run without 43complaining, you MUST execute the following command: 44 45 chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 46 chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 47 48You will probably have to tweak this for your environment (for example, 49some systems put the spool directory into /usr/spool instead of 50/var/spool). If you set the RunAsUser option in your sendmail.cf, the 51/var/spool/mqueue directory will have to be owned by the RunAsUser user. 52As a general rule, after you have compiled sendmail, run the command 53 54 sendmail -v -bi 55 56to initialize the alias database. If it gives messages such as 57 58 WARNING: writable directory /etc 59 WARNING: writable directory /var/spool/mqueue 60 61then the directories listed have inappropriate write permissions and 62should be secured to avoid various possible security attacks. 63 64Beginning with sendmail 8.9, these checks have become more strict to 65prevent users from being able to access files they would normally not 66be able to read. In particular, .forward and :include: files in unsafe 67directory paths (directory paths which are group or world writable) will 68no longer be allowed. This would mean that if user joe's home directory 69was writable by group staff, sendmail would not use his .forward file. 70This behavior can be altered, at the expense of system security, by 71setting the DontBlameSendmail option. For example, to allow .forward 72files in group writable directories: 73 74 O DontBlameSendmail=forwardfileingroupwritabledirpath 75 76Or to allow them in both group and world writable directories: 77 78 O DontBlameSendmail=forwardfileinunsafedirpath 79 80Items from these unsafe .forward and :include: files will be marked 81as unsafe addresses -- the items can not be deliveries to files or 82programs. This behavior can also be altered via DontBlameSendmail: 83 84 O DontBlameSendmail=forwardfileinunsafedirpath, 85 forwardfileinunsafedirpathsafe 86 87The first flag allows the .forward file to be read, the second allows 88the items in the file to be marked as safe for file and program 89delivery. 90 91Other files affected by this strengthened security include class 92files (i.e. Fw /etc/mail/local-host-names), persistent host status files, 93and the files specified by the ErrorHeader and HelpFile options. Similar 94DontBlameSendmail flags are available for the class, ErrorHeader, and 95HelpFile files. 96 97If you have an unsafe configuration of .forward and :include: 98files, you can make it safe by finding all such files, and doing 99a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for 100each directory in the file's path. 101 102 103+-----------------------+ 104| RELATED DOCUMENTATION | 105+-----------------------+ 106 107There are other files you should read. Rooted in this directory are: 108 109 FAQ 110 Answers to Frequently Asked Questions. 111 INSTALL 112 Installation instructions for building and installing sendmail. 113 KNOWNBUGS 114 Known bugs in the current release. 115 RELEASE_NOTES 116 A detailed description of the changes in each version. This 117 is quite long, but informative. 118 sendmail/README 119 Details on compiling and installing sendmail. 120 cf/README 121 Details on configuring sendmail. 122 doc/op/op.me 123 The sendmail Installation & Operations Guide. Be warned: if 124 you are running this off on SunOS or some other system with an 125 old version of -me, you need to add the following macro to the 126 macros: 127 128 .de sm 129 \s-1\\$1\\s0\\$2 130 .. 131 132 This sets a word in a smaller pointsize. 133 134 135+--------------+ 136| RELATED RFCS | 137+--------------+ 138 139There are several related RFCs that you may wish to read -- they are 140available via anonymous FTP to several sites. For a list of the 141primary repositories see: 142 143 http://www.isi.edu/in-notes/rfc-retrieval.txt 144 145They are also online at: 146 147 http://www.ietf.org/ 148 149They can also be retrieved via electronic mail by sending 150email to one of: 151 152 mail-server@nisc.sri.com 153 Put "send rfcNNN" in message body 154 nis-info@nis.nsf.net 155 Put "send RFCnnn.TXT-1" in message body 156 sendrfc@jvnc.net 157 Put "RFCnnn" as Subject: line 158 159For further instructions see: 160 161 http://www.isi.edu/in-notes/rfc-editor/rfc-info 162 163Important RFCs for electronic mail are: 164 165 RFC821 SMTP protocol 166 RFC822 Mail header format 167 RFC974 MX routing 168 RFC976 UUCP mail format 169 RFC1123 Host requirements (modifies 821, 822, and 974) 170 RFC1413 Identification server 171 RFC1869 SMTP Service Extensions (ESMTP spec) 172 RFC1652 SMTP Service Extension for 8bit-MIMEtransport 173 RFC1870 SMTP Service Extension for Message Size Declaration 174 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: 175 Format of Internet Message Bodies 176 RFC1344 Implications of MIME for Internet Mail Gateways 177 RFC1428 Transition of Internet Mail from Just-Send-8 to 178 8-bit SMTP/MIME 179 RFC1891 SMTP Service Extension for Delivery Status Notifications 180 RFC1892 Multipart/Report Content Type for the Reporting of 181 Mail System Administrative Messages 182 RFC1893 Enhanced Mail System Status Codes 183 RFC1894 An Extensible Message Format for Delivery Status 184 Notifications 185 RFC1985 SMTP Service Extension for Remote Message Queue Starting 186 RFC2033 Local Mail Transfer Protocol (LMTP) 187 RFC2034 SMTP Service Extension for Returning Enhanced Error Codes 188 RFC2476 Message Submission 189 RFC2487 SMTP Service Extension for Secure SMTP over TLS 190 RFC2554 SMTP Service Extension for Authentication 191 192Other standards that may be of interest (but which are less directly 193relevant to sendmail) are: 194 195 RFC987 Mapping between RFC822 and X.400 196 RFC1049 Content-Type header field (extension to RFC822) 197 198Warning to AIX users: this version of sendmail does not implement 199MB, MR, or MG DNS resource records, as defined (as experiments) in 200RFC1035. 201 202 203+---------+ 204| WARNING | 205+---------+ 206 207Since sendmail 8.11 and later includes hooks to cryptography, the 208following information from OpenSSL applies to sendmail as well. 209 210PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY 211SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING 212TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME 213PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR 214COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL 215SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE 216YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT 217AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR 218ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY. 219 220If you use OpenSSL then make sure you read their README file which 221contains information about patents etc. 222 223 224+-------------------+ 225| DATABASE ROUTINES | 226+-------------------+ 227 228IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** 229use the version that was on the Net2 tape -- it has a number of 230nefarious bugs that were bad enough when I got them; you shouldn't have 231to go through the same thing. Instead, get a new version via the web at 232http://www.sleepycat.com/. This software is highly recommended; it gets 233rid of several stupid limits, it's much faster, and the interface is 234nicer to animals and plants. If the Berkeley DB include files 235are installed in a location other than those which your compiler searches, 236you will need to provide that directory when building: 237 238 Build -I/path/to/include/directory 239 240If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* 241urged to upgrade to DB version 2 or later, available from 242http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to 243be broken in various nasty ways (see http://www.sleepycat.com/db.185.html), 244and can cause sendmail to dump core. In addition, the newest versions of 245gcc and the Solaris compilers perform optimizations in those versions that 246may cause fairly random core dumps. 247 248If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are 249using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h 250and ndbm.o from the DB library after building it. You should also apply 251all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site 252(see http://www.sleepycat.com/db.185.html), as they fix some of the known 253problems. 254 255If you are using a version of Berkeley DB 2 previous to 2.3.15, and you 256are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o 257from the DB library after building it. No other changes are necessary. 258 259If you are using Berkeley DB version 2.3.15 or greater, no changes are 260necessary. 261 262The underlying database file formats changed between Berkeley DB versions 2631.85 and 1.86, again between DB 1.86 and version 2.0, and finally between 264DB 2.X and 3.X. If you are upgrading from one of those versions, you must 265recreate your database file(s). Do this by rebuilding all maps with 266makemap and rebuilding the alias file with newaliases. 267 268 269+--------------------+ 270| HOST NAME SERVICES | 271+--------------------+ 272 273If you are using NIS or /etc/hosts, it is critical that you 274list the long (fully qualified) name somewhere (preferably first) in 275the /etc/hosts file used to build the NIS database. For example, the 276line should read 277 278 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon 279 280**** NOT **** 281 282 128.32.149.68 mastodon 283 284If you do not include the long name, sendmail will complain loudly 285about ``unable to qualify my own domain name (mastodon) -- using 286short name'' and conclude that your canonical name is the short 287version and use that in messages. The name "mastodon" doesn't mean 288much outside of Berkeley, and so this creates incorrect and unreplyable 289messages. 290 291 292+-------------+ 293| USE WITH MH | 294+-------------+ 295 296This version of sendmail notices and reports certain kinds of SMTP 297protocol violations that were ignored by older versions. If you 298are running MH you may wish to install the patch in contrib/mh.patch 299that will prevent these warning reports. This patch also works 300with the old version of sendmail, so it's safe to go ahead and 301install it. 302 303 304+----------------+ 305| USE WITH IDENT | 306+----------------+ 307 308Sendmail 8 supports the IDENT protocol, as defined by RFC 1413. 309Note that the RFC states a client should wait at least 30 seconds 310for a response. As of 8.10.0, the default Timeout.ident is 5 seconds 311as many sites have adopted the practice of dropping IDENT queries. 312This has lead to delays processing mail. 313 314No ident server is included with this distribution. It is available 315from: 316 317 ftp://ftp.lysator.liu.se/pub/ident/servers/ 318 http://sf.www.lysator.liu.se/~pen/pidentd/ 319 320+-------------------------+ 321| INTEROPERATION PROBLEMS | 322+-------------------------+ 323 324Microsoft Exchange Server 5.0 325 We have had a report that ``about 7% of messages from Sendmail 326 to Exchange were not being delivered with status messages of 327 "connection reset" and "I/O error".'' Upgrading Exchange from 328 Version 5.0 to Version 5.5 Service Pack 2 solved this problem. 329 330CommuniGate Pro 331 CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on 332 the MAIL FROM command if the client is not authenticated. Use 333 334 define(`confAUTH_OPTIONS', `A') 335 336 in .mc file if you have compiled sendmail with Cyrus SASL 337 and you communicate with CommuniGate Pro servers. 338 339+---------------------+ 340| DIRECTORY STRUCTURE | 341+---------------------+ 342 343The structure of this directory tree is: 344 345cf Source for sendmail configuration files. These are 346 different than what you've seen before. They are a 347 fairly dramatic rewrite, requiring the new sendmail 348 (since they use new features). 349contrib Some contributed tools to help with sendmail. THESE 350 ARE NOT SUPPORTED by sendmail -- contact the original 351 authors if you have problems. (This directory is not 352 on the 4.4BSD tape.) 353devtools Build environment. See devtools/README. 354doc Documentation. If you are getting source, read 355 op.me -- it's long, but worth it. 356include Include files used by multiple programs in the distribution. 357libsmdb sendmail database library with support for Berkeley DB 1.X, 358 Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. 359libsmutil sendmail utility library with functions used by different 360 programs. 361mail.local The source for the local delivery agent used for 4.4BSD. 362 THIS IS NOT PART OF SENDMAIL! and may not compile 363 everywhere, since it depends on some 4.4-isms. Warning: 364 it does mailbox locking differently than other systems. 365mailstats Statistics printing program. 366makemap A program that creates the keyed maps used by the $( ... $) 367 construct in sendmail. It is primitive but effective. 368 It takes a very simple input format, so you will probably 369 expect to preprocess must human-convenient formats 370 using sed scripts before this program will like them. 371 But it should be functionally complete. 372praliases A program to print the DBM or NEWDB version of the 373 aliases file. 374rmail Source for rmail(8). This is used as a delivery 375 agent for for UUCP, and could presumably be used by 376 other non-socket oriented mailers. Older versions of 377 rmail are probably deficient. RMAIL IS NOT PART OF 378 SENDMAIL!!! The 4.4BSD source is included for you to 379 look at or try to port to your system. There is no 380 guarantee it will even compile on your operating system. 381smrsh The "sendmail restricted shell", which can be used as 382 a replacement for /bin/sh in the prog mailer to provide 383 increased security control. NOT PART OF SENDMAIL! 384sendmail Source for the sendmail program itself. 385test Some test scripts (currently only for compilation aids). 386vacation Source for the vacation program. NOT PART OF SENDMAIL! 387 388$Revision: 8.71.4.6 $, Last updated $Date: 2000/06/29 04:18:43 $ 389