KNOWNBUGS revision 66494
138032Speter 238032Speter 338032Speter K N O W N B U G S I N S E N D M A I L 438032Speter 538032Speter 638032SpeterThe following are bugs or deficiencies in sendmail that I am aware of 738032Speterbut which have not been fixed in the current release. You probably 864562Sgshapirowant to get the most up to date version of this from ftp.sendmail.org 938032Speterin /pub/sendmail/KNOWNBUGS. For descriptions of bugs that have been 1038032Speterfixed, see the file RELEASE_NOTES (in the root directory of the sendmail 1138032Speterdistribution). 1238032Speter 1338032SpeterThis list is not guaranteed to be complete. 1438032Speter 1566494Sgshapiro* Delivery to programs that generate too much output may cause problems 1666494Sgshapiro (8.10, 8.11) 1738032Speter 1866494Sgshapiro If e-mail is delivered to a program which generates too much 1966494Sgshapiro output, then sendmail may issue an error: 2066494Sgshapiro 2166494Sgshapiro timeout waiting for input from local during Draining Input 2266494Sgshapiro 2366494Sgshapiro Make sure that the program does not generate output beyond a 2466494Sgshapiro status message (corresponding to the exit status). This may 2566494Sgshapiro require a wrapper around the actual program to redirect output 2666494Sgshapiro to /dev/null. 2766494Sgshapiro 2866494Sgshapiro Such a problem has been reported for bulk_mailer. 2966494Sgshapiro 3038032Speter* Null bytes are not handled properly in headers. 3138032Speter 3238032Speter Sendmail should handle full binary data. As it stands, it handles 3338032Speter all values in the body, but only 0x01-0x80 and 0xA0-0xFF in 3438032Speter the header. Notably missing is 0x00, which would require a major 3538032Speter restructuring of the code -- for example, almost no C library support 3638032Speter could be used to handle strings. 3738032Speter 3838032Speter* Duplicate error messages. 3938032Speter 4038032Speter Sometimes identical, duplicate error messages can be generated. As 4138032Speter near as I can tell, this is rare and relatively innocuous. 4238032Speter 4338032Speter* $c (hop count) macro improperly set. 4438032Speter 4538032Speter The $c macro is supposed to contain the current hop count, for use 4638032Speter when calling a mailer. This macro is initialized too early, and 4738032Speter is always zero (or the value of the -c command line flag, if any). 4838032Speter This macro will probably be removed entirely in a future release; 4938032Speter I don't believe there are any mailers left that require it. 5038032Speter 5138032Speter* \231 considered harmful. 5238032Speter 5338032Speter Header addresses that have the \231 character (and possibly others 5438032Speter in the range \201 - \237) behave in odd and usually unexpected ways. 5538032Speter 5638032Speter* accept() problem on SVR4. 5738032Speter 5838032Speter Apparently, the sendmail daemon loop (doing accept()s on the network) 5938032Speter can get into a weird state on SVR4; it starts logging ``SYSERR: 6038032Speter getrequests: accept: Protocol Error''. The workaround is to kill 6138032Speter and restart the sendmail daemon. We don't have an SVR4 system at 6238032Speter Berkeley that carries more than token mail load, so I can't validate 6338032Speter this. It is likely to be a glitch in the sockets emulation, since 6438032Speter "Protocol Error" is not possible error code with Berkeley TCP/IP. 6538032Speter 6638032Speter I've also had someone report the message ``sendmail: accept: 6738032Speter SIOCGPGRP failed errno 22'' on an SVR4 system. This message is 6838032Speter not in the sendmail source code, so I assume it is also a bug 6938032Speter in the sockets emulation. (Errno 22 is EINVAL "Invalid Argument" 7038032Speter on all the systems I have available, including Solaris 2.x.) 7138032Speter Apparently, this problem is due to linking -lc before -lsocket; 7238032Speter if you are having this problem, check your Makefile. 7338032Speter 7438032Speter* accept() problem on Linux. 7538032Speter 7642575Speter The accept() in sendmail daemon loop can return ETIMEDOUT. An 7742575Speter error is reported to syslog: 7838032Speter 7938032Speter Jun 9 17:14:12 hostname sendmail[207]: NOQUEUE: SYSERR(root): 8038032Speter getrequests: accept: Connection timed out 8138032Speter 8238032Speter "Connection timed out" is not documented as a valid return from 8338032Speter accept(2) and this was believed to be a bug in the Linux kernel. 8438032Speter Later information from the Linux kernel group states that Linux 8538032Speter 2.0 kernels follow RFC1122 while sendmail follows the original BSD 8638032Speter (now POSIX 1003.1g draft) specification. The 2.1.X and later kernels 8738032Speter will follow the POSIX draft. 8838032Speter 8938032Speter* Excessive mailing list nesting can run out of file descriptors. 9038032Speter 9138032Speter If you have a mailing list that includes lots of other mailing 9238032Speter lists, each of which has a separate owner, you can run out of 9338032Speter file descriptors. Each mailing list with a separate owner uses 9438032Speter one open file descriptor (prior to 8.6.6 it was three open 9538032Speter file descriptors per list). This is particularly egregious if 9638032Speter you have your connection cache set to be large. 9738032Speter 9838032Speter* Connection caching breaks if you pass the port number as an argument. 9938032Speter 10038032Speter If you have a definition such as: 10138032Speter 10238032Speter Mport, P=[IPC], F=kmDFMuX, S=11/31, R=21, 10338032Speter M=2100000, T=DNS/RFC822/SMTP, 10438032Speter A=IPC [127.0.0.1] $h 10538032Speter 10638032Speter (i.e., where $h is the port number instead of the host name) the 10738032Speter connection caching code will break because it won't notice that 10838032Speter two messages addressed to different ports should use different 10938032Speter connections. 11038032Speter 11138032Speter* ESMTP SIZE underestimates the size of a message 11238032Speter 11338032Speter Sendmail makes no allowance for headers that it adds, nor does it 11438032Speter account for the SMTP on-the-wire \r\n expansion. It probably doesn't 11538032Speter allow for 8->7 bit MIME conversions either. 11638032Speter 11738032Speter* Paths to programs being executed and the mode of program files are 11838032Speter not checked. Essentially, the RunProgramInUnsafeDirPath and 11938032Speter RunWritableProgram bits in the DontBlameSendmail option are always 12038032Speter set. This is not a problem if your system is well managed (that is, 12138032Speter if binaries and system directories are mode 755 instead of something 12238032Speter foolish like 777). 12338032Speter 12438032Speter* 8-bit data in GECOS field 12538032Speter 12638032Speter If the GECOS (personal name) information in the passwd file contains 12738032Speter 8-bit characters, those characters can be included in the message 12838032Speter header, which can cause problems when sending SMTP to hosts that 12938032Speter only accept 7-bit characters. 13038032Speter 13138032Speter* 8->7 bit MIME conversion 13238032Speter 13338032Speter When sendmail is doing 8->7 bit MIME conversions, and the message 13438032Speter contains certain MIME body types that cannot be converted to 7-bit, 13538032Speter sendmail will strip the message to 7-bit. 13638032Speter 13738032Speter* 7->8 bit MIME conversion 13838032Speter 13938032Speter If a message that is encoded as 7-bit MIME is converted to 8-bit and 14038032Speter that message when decoded is illegal (e.g., because of long lines or 14138032Speter illegal characters), sendmail can produce an illegal message. 14238032Speter 14338032Speter* MIME encoded full name phrases in the From: header 14438032Speter 14564562Sgshapiro If a full name phrase includes characters from MustQuoteChars, sendmail 14664562Sgshapiro will quote the entire full name phrase. If MustQuoteChars includes 14764562Sgshapiro characters which are not special characters according to STD 11 (RFC 14864562Sgshapiro 822), this quotation can interfere with MIME encoded full name phrases. 14938032Speter By default, sendmail includes the single quote character (') in 15038032Speter MustQuoteChars even though it is not listed as a special character in 15138032Speter STD 11. 15238032Speter 15342575Speter* bestmx map with -z flag truncates the list of MX hosts 15438032Speter 15542575Speter A bestmx map configured with the -z flag will truncate the list 15642575Speter of MX hosts. This prevents creation of strings which are too 15742575Speter long for ruleset parsing. This can have an adverse effect on the 15842575Speter relay_based_on_MX feature. 15942575Speter 16043730Speter* Saving to ~sender/dead.letter fails if su'ed to root 16142575Speter 16243730Speter If ErrorMode is set to print and an error in sending mail occurs, 16343730Speter the normal action is to print a message to the screen and append 16443730Speter the message to a dead.letter file in the sender's home directory. 16543730Speter In the case where the sender is using su to act as root, the file 16643730Speter safety checks prevent sendmail from saving the dead.letter file 16743730Speter because the sender's uid and the current real uid do not match. 16864562Sgshapiro 16943730Speter* Berkeley DB 2.X race condition with fcntl() locking 17043730Speter 17143730Speter There is a race condition for Berkeley DB 2.X databases on 17243730Speter operating systems which use fcntl() style locking, such as 17343730Speter Solaris. Sendmail locks the map before calling db_open() to 17443730Speter prevent others from modifying the map while it is being opened. 17543730Speter Unfortunately, Berkeley DB opens the map, closes it, and then 17643730Speter reopens it. fcntl() locking drops the lock when any file 17743730Speter descriptor pointing to the file is closed, even if it is a 17843730Speter different file descriptor than the one used to initially lock 17943730Speter the file. As a result there is a possibility that entries in a 18043730Speter map might not be found during a map rebuild. As a workaround, 18143730Speter you can use makemap to build a map with a new name and then 18243730Speter "mv" the new db file to replace the old one. 18343730Speter 18464562Sgshapiro Sleepycat Software has added code to avoid this race condition to 18564562Sgshapiro Berkeley DB versions after 2.7.5. 18664562Sgshapiro 18743730Speter* File open timeouts not available on hard mounted NFS file systems 18843730Speter 18943730Speter Since SIGALRM does not interrupt an RPC call for hard mounted 19043730Speter NFS file systems, it is impossible to implement a timeout on a file 19143730Speter open operation. Therefore, while the NFS server is not responding, 19243730Speter attempts to open a file on that server will hang. Systems with 19343730Speter local mail delivery and NFS hard mounted home directories should be 19443730Speter avoided, as attempts to open the forward files could hang. 19543730Speter 19664562Sgshapiro* Race condition for delivery to setuid files 19764562Sgshapiro 19864562Sgshapiro Sendmail will deliver to a fail if the file is owned by the DefaultUser 19964562Sgshapiro or has the setuid bit set. Unfortunately, some systems clear that bit 20064562Sgshapiro when a file is modified. Sendmail compensates by resetting the file mode 20164562Sgshapiro back to it's original settings. Unfortunately, there's still a 20264562Sgshapiro permission failure race as sendmail checks the permissions before locking 20364562Sgshapiro the file. This is unavoidable as sendmail must verify the file is safe 20464562Sgshapiro to open before opening it. A file can not be locked until it is open. 20564562Sgshapiro 20664562Sgshapiro* Potential denial of service attack with AutoRebuildAliases 20764562Sgshapiro 20864562Sgshapiro There is a potential for a denial of service attack if the 20964562Sgshapiro AutoRebuildAliases option is set as a user can kill the sendmail process 21064562Sgshapiro while it is rebuilding the aliases file leaving it in an inconsistent 21164562Sgshapiro state. This option and it's use is deprecated and will be removed from a 21264562Sgshapiro future version of sendmail. 21364562Sgshapiro 21466494Sgshapiro$Revision: 8.43.16.1 $, Last updated $Date: 2000/09/28 00:45:37 $ 215