1 2 3 K N O W N B U G S I N S E N D M A I L 4 5 6The following are bugs or deficiencies in sendmail that I am aware of 7but which have not been fixed in the current release. You probably 8want to get the most up to date version of this from ftp.sendmail.org 9in /pub/sendmail/KNOWNBUGS. For descriptions of bugs that have been 10fixed, see the file RELEASE_NOTES (in the root directory of the sendmail 11distribution). 12 13This list is not guaranteed to be complete. 14 15* Delivery to programs that generate too much output may cause problems 16 (8.10, 8.11) 17 18 If e-mail is delivered to a program which generates too much 19 output, then sendmail may issue an error: 20 21 timeout waiting for input from local during Draining Input 22 23 Make sure that the program does not generate output beyond a 24 status message (corresponding to the exit status). This may 25 require a wrapper around the actual program to redirect output 26 to /dev/null. 27 28 Such a problem has been reported for bulk_mailer. 29 30* Null bytes are not handled properly in headers. 31 32 Sendmail should handle full binary data. As it stands, it handles 33 all values in the body, but only 0x01-0x80 and 0xA0-0xFF in 34 the header. Notably missing is 0x00, which would require a major 35 restructuring of the code -- for example, almost no C library support 36 could be used to handle strings. 37 38* Header checks are not called if header value is too long. 39 40 If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6) 41 characters or it contains a single word longer than 256 (MAXNAME) 42 characters then no header check is done even if one is configured for 43 the header. 44 45* Duplicate error messages. 46 47 Sometimes identical, duplicate error messages can be generated. As 48 near as I can tell, this is rare and relatively innocuous. 49 50* $c (hop count) macro improperly set. 51 52 The $c macro is supposed to contain the current hop count, for use 53 when calling a mailer. This macro is initialized too early, and 54 is always zero (or the value of the -c command line flag, if any). 55 This macro will probably be removed entirely in a future release; 56 I don't believe there are any mailers left that require it. 57 58* \231 considered harmful. 59 60 Header addresses that have the \231 character (and possibly others 61 in the range \201 - \237) behave in odd and usually unexpected ways. 62 63* accept() problem on SVR4. 64 65 Apparently, the sendmail daemon loop (doing accept()s on the network) 66 can get into a weird state on SVR4; it starts logging ``SYSERR: 67 getrequests: accept: Protocol Error''. The workaround is to kill 68 and restart the sendmail daemon. We don't have an SVR4 system at 69 Berkeley that carries more than token mail load, so I can't validate 70 this. It is likely to be a glitch in the sockets emulation, since 71 "Protocol Error" is not possible error code with Berkeley TCP/IP. 72 73 I've also had someone report the message ``sendmail: accept: 74 SIOCGPGRP failed errno 22'' on an SVR4 system. This message is 75 not in the sendmail source code, so I assume it is also a bug 76 in the sockets emulation. (Errno 22 is EINVAL "Invalid Argument" 77 on all the systems I have available, including Solaris 2.x.) 78 Apparently, this problem is due to linking -lc before -lsocket; 79 if you are having this problem, check your Makefile. 80 81* accept() problem on Linux. 82 83 The accept() in sendmail daemon loop can return ETIMEDOUT. An 84 error is reported to syslog: 85 86 Jun 9 17:14:12 hostname sendmail[207]: NOQUEUE: SYSERR(root): 87 getrequests: accept: Connection timed out 88 89 "Connection timed out" is not documented as a valid return from 90 accept(2) and this was believed to be a bug in the Linux kernel. 91 Later information from the Linux kernel group states that Linux 92 2.0 kernels follow RFC1122 while sendmail follows the original BSD 93 (now POSIX 1003.1g draft) specification. The 2.1.X and later kernels 94 will follow the POSIX draft. 95 96* Excessive mailing list nesting can run out of file descriptors. 97 98 If you have a mailing list that includes lots of other mailing 99 lists, each of which has a separate owner, you can run out of 100 file descriptors. Each mailing list with a separate owner uses 101 one open file descriptor (prior to 8.6.6 it was three open 102 file descriptors per list). This is particularly egregious if 103 you have your connection cache set to be large. 104 105* Connection caching breaks if you pass the port number as an argument. 106 107 If you have a definition such as: 108 109 Mport, P=[IPC], F=kmDFMuX, S=11/31, R=21, 110 M=2100000, T=DNS/RFC822/SMTP, 111 A=IPC [127.0.0.1] $h 112 113 (i.e., where $h is the port number instead of the host name) the 114 connection caching code will break because it won't notice that 115 two messages addressed to different ports should use different 116 connections. 117 118* ESMTP SIZE underestimates the size of a message 119 120 Sendmail makes no allowance for headers that it adds, nor does it 121 account for the SMTP on-the-wire \r\n expansion. It probably doesn't 122 allow for 8->7 bit MIME conversions either. 123 124* Paths to programs being executed and the mode of program files are 125 not checked. Essentially, the RunProgramInUnsafeDirPath and 126 RunWritableProgram bits in the DontBlameSendmail option are always 127 set. This is not a problem if your system is well managed (that is, 128 if binaries and system directories are mode 755 instead of something 129 foolish like 777). 130 131* 8-bit data in GECOS field 132 133 If the GECOS (personal name) information in the passwd file contains 134 8-bit characters, those characters can be included in the message 135 header, which can cause problems when sending SMTP to hosts that 136 only accept 7-bit characters. 137 138* 8->7 bit MIME conversion 139 140 When sendmail is doing 8->7 bit MIME conversions, and the message 141 contains certain MIME body types that cannot be converted to 7-bit, 142 sendmail will strip the message to 7-bit. 143 144* 7->8 bit MIME conversion 145 146 If a message that is encoded as 7-bit MIME is converted to 8-bit and 147 that message when decoded is illegal (e.g., because of long lines or 148 illegal characters), sendmail can produce an illegal message. 149 150* MIME encoded full name phrases in the From: header 151 152 If a full name phrase includes characters from MustQuoteChars, sendmail 153 will quote the entire full name phrase. If MustQuoteChars includes 154 characters which are not special characters according to STD 11 (RFC 155 822), this quotation can interfere with MIME encoded full name phrases. 156 By default, sendmail includes the single quote character (') in 157 MustQuoteChars even though it is not listed as a special character in 158 STD 11. 159 160* bestmx map with -z flag truncates the list of MX hosts 161 162 A bestmx map configured with the -z flag will truncate the list 163 of MX hosts. This prevents creation of strings which are too 164 long for ruleset parsing. This can have an adverse effect on the 165 relay_based_on_MX feature. 166 167* Saving to ~sender/dead.letter fails if su'ed to root 168 169 If ErrorMode is set to print and an error in sending mail occurs, 170 the normal action is to print a message to the screen and append 171 the message to a dead.letter file in the sender's home directory. 172 In the case where the sender is using su to act as root, the file 173 safety checks prevent sendmail from saving the dead.letter file 174 because the sender's uid and the current real uid do not match. 175 176* Berkeley DB 2.X race condition with fcntl() locking 177 178 There is a race condition for Berkeley DB 2.X databases on 179 operating systems which use fcntl() style locking, such as 180 Solaris. Sendmail locks the map before calling db_open() to 181 prevent others from modifying the map while it is being opened. 182 Unfortunately, Berkeley DB opens the map, closes it, and then 183 reopens it. fcntl() locking drops the lock when any file 184 descriptor pointing to the file is closed, even if it is a 185 different file descriptor than the one used to initially lock 186 the file. As a result there is a possibility that entries in a 187 map might not be found during a map rebuild. As a workaround, 188 you can use makemap to build a map with a new name and then 189 "mv" the new db file to replace the old one. 190 191 Sleepycat Software has added code to avoid this race condition to 192 Berkeley DB versions after 2.7.5. 193 194* File open timeouts not available on hard mounted NFS file systems 195 196 Since SIGALRM does not interrupt an RPC call for hard mounted 197 NFS file systems, it is impossible to implement a timeout on a file 198 open operation. Therefore, while the NFS server is not responding, 199 attempts to open a file on that server will hang. Systems with 200 local mail delivery and NFS hard mounted home directories should be 201 avoided, as attempts to open the forward files could hang. 202 203* Race condition for delivery to set-user-id files 204 205 Sendmail will deliver to a fail if the file is owned by the DefaultUser 206 or has the set-user-id bit set. Unfortunately, some systems clear that bit 207 when a file is modified. Sendmail compensates by resetting the file mode 208 back to it's original settings. Unfortunately, there's still a 209 permission failure race as sendmail checks the permissions before locking 210 the file. This is unavoidable as sendmail must verify the file is safe 211 to open before opening it. A file can not be locked until it is open. 212 213* Potential denial of service attack with AutoRebuildAliases 214 215 There is a potential for a denial of service attack if the 216 AutoRebuildAliases option is set as a user can kill the sendmail process 217 while it is rebuilding the aliases file leaving it in an inconsistent 218 state. This option and it's use is deprecated and will be removed from a 219 future version of sendmail. 220 221$Revision: 8.43.16.2 $, Last updated $Date: 2001/07/31 22:42:46 $ 222