xref: /freebsd/contrib/sendmail/KNOWNBUGS (revision 39beb93c3f8bdbf72a61fda42300b5ebed7390c8)
1
2
3	     K N O W N   B U G S   I N   S E N D M A I L
4
5
6The following are bugs or deficiencies in sendmail that we are aware of
7but which have not been fixed in the current release.  You probably
8want to get the most up to date version of this from ftp.sendmail.org
9in /pub/sendmail/KNOWNBUGS.  For descriptions of bugs that have been
10fixed, see the file RELEASE_NOTES (in the root directory of the sendmail
11distribution).
12
13This list is not guaranteed to be complete.
14
15* Delivery to programs that generate too much output may cause problems
16
17  If e-mail is delivered to a program which generates too much
18  output, then sendmail may issue an error:
19
20  timeout waiting for input from local during Draining Input
21
22  Make sure that the program does not generate output beyond a
23  status message (corresponding to the exit status).  This may
24  require a wrapper around the actual program to redirect output
25  to /dev/null.
26
27  Such a problem has been reported for bulk_mailer.
28
29* Null bytes are not handled properly in headers.
30
31  Sendmail should handle full binary data.  As it stands, it handles
32  all values in the body, but not 0x00 in the header.  Changing
33  this would require a major restructuring of the code -- for
34  example, almost no C library support could be used to handle
35  strings.
36
37* Header checks are not called if header value is too long or empty.
38
39  If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6)
40  characters or it contains a single word longer than 256 (MAXNAME)
41  characters then no header check is done even if one is configured for
42  the header.
43
44* Header lines which are too long will be split incorrectly.
45
46  Header lines which are longer than 2045 characters will be split
47  but some characters might be lost.  Fix: obey RFC (2)822 and do not
48  send lines that are longer than 1000 characters.
49
50* milter communication fails if a single header is larger than 64K.
51
52  If a single header is larger than 64KB (which is not possible in the
53  default configuration) then it cannot be transferred in one block to
54  libmilter and hence the communication fails.  This can be avoided by
55  increasing the constant MILTER_CHUNK_SIZE in
56  include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
57  all (statically linked) milters (or by using an undocumented compile
58  time option:  _FFR_MAXDATASIZE; you have to read the source code in
59  order to use this properly).
60
61* Sender addresses whose domain part cause a temporary A record lookup
62  failure but have a valid MX record will be temporarily rejected in
63  the default configuration.  Solution: fix the DNS at the sender side.
64  If that's not easy to achieve, possible workarounds are:
65  - add an entry to the access map:
66	dom.ain	OK
67  - (only for advanced users) replace
68
69# Resolve map (to check if a host exists in check_mail)
70Kresolve host -a<OKR> -T<TEMP>
71
72   with
73
74# Resolve map (to check if a host exists in check_mail)
75Kcanon host -a<OKR> -T<TEMP>
76Kdnsmx dns -R MX -a<OKR> -T<TEMP>
77Kresolve sequence dnsmx canon
78
79
80* Duplicate error messages.
81
82  Sometimes identical, duplicate error messages can be generated.  As
83  near as I can tell, this is rare and relatively innocuous.
84
85* Misleading error messages.
86
87  If an illegal address is specified on the command line together
88  with at least one valid address and PostmasterCopy is set, the
89  DSN does not contain the illegal address, but only the valid
90  address(es).
91
92* \231 considered harmful.
93
94  Header addresses that have the \231 character (and possibly others
95  in the range \201 - \237) behave in odd and usually unexpected ways.
96
97* accept() problem on SVR4.
98
99  Apparently, the sendmail daemon loop (doing accept()s on the network)
100  can get into a weird state on SVR4; it starts logging ``SYSERR:
101  getrequests: accept: Protocol Error''.  The workaround is to kill
102  and restart the sendmail daemon.  We don't have an SVR4 system at
103  Berkeley that carries more than token mail load, so I can't validate
104  this.  It is likely to be a glitch in the sockets emulation, since
105  "Protocol Error" is not possible error code with Berkeley TCP/IP.
106
107  I've also had someone report the message ``sendmail: accept:
108  SIOCGPGRP failed errno 22'' on an SVR4 system.  This message is
109  not in the sendmail source code, so I assume it is also a bug
110  in the sockets emulation.  (Errno 22 is EINVAL "Invalid Argument"
111  on all the systems I have available, including Solaris 2.x.)
112  Apparently, this problem is due to linking -lc before -lsocket;
113  if you are having this problem, check your Makefile.
114
115* accept() problem on Linux.
116
117  The accept() in sendmail daemon loop can return ETIMEDOUT.  An
118  error is reported to syslog:
119
120  Jun  9 17:14:12 hostname sendmail[207]: NOQUEUE: SYSERR(root):
121			getrequests: accept: Connection timed out
122
123  "Connection timed out" is not documented as a valid return from
124  accept(2) and this was believed to be a bug in the Linux kernel.
125  Later information from the Linux kernel group states that Linux
126  2.0 kernels follow RFC1122 while sendmail follows the original BSD
127  (now POSIX 1003.1g draft) specification.  The 2.1.X and later kernels
128  will follow the POSIX draft.
129
130* Excessive mailing list nesting can run out of file descriptors.
131
132  If you have a mailing list that includes lots of other mailing
133  lists, each of which has a separate owner, you can run out of
134  file descriptors.  Each mailing list with a separate owner uses
135  one open file descriptor (prior to 8.6.6 it was three open
136  file descriptors per list).  This is particularly egregious if
137  you have your connection cache set to be large.
138
139* Connection caching breaks if you pass the port number as an argument.
140
141  If you have a definition such as:
142
143	  Mport,          P=[IPC], F=kmDFMuX, S=11/31, R=21,
144			  M=2100000, T=DNS/RFC822/SMTP,
145			  A=IPC [127.0.0.1] $h
146
147  (i.e., where $h is the port number instead of the host name) the
148  connection caching code will break because it won't notice that
149  two messages addressed to different ports should use different
150  connections.
151
152* ESMTP SIZE underestimates the size of a message
153
154  Sendmail makes no allowance for headers that it adds, nor does it
155  account for the SMTP on-the-wire \r\n expansion.  It probably doesn't
156  allow for 8->7 bit MIME conversions either.
157
158* Client ignores SIZE parameter.
159
160  When sendmail acts as client and the server specifies a limit
161  for the mail size, sendmail will ignore this and try to send the
162  mail anyway.  The server will usually reject the MAIL command
163  which specifies the size of the message and hence this problem
164  is not significant.
165
166* Paths to programs being executed and the mode of program files are
167  not checked.  Essentially, the RunProgramInUnsafeDirPath and
168  RunWritableProgram bits in the DontBlameSendmail option are always
169  set.  This is not a problem if your system is well managed (that is,
170  if binaries and system directories are mode 755 instead of something
171  foolish like 777).
172
173* 8-bit data in GECOS field
174
175  If the GECOS (personal name) information in the passwd file contains
176  8-bit characters, those characters can be included in the message
177  header, which can cause problems when sending SMTP to hosts that
178  only accept 7-bit characters.
179
180* 8->7 bit MIME conversion
181
182  When sendmail is doing 8->7 bit MIME conversions, and the message
183  contains certain MIME body types that cannot be converted to 7-bit,
184  sendmail will pass the message as 8-bit.
185
186* 7->8 bit MIME conversion
187
188  If a message that is encoded as 7-bit MIME is converted to 8-bit and
189  that message when decoded is illegal (e.g., because of long lines or
190  illegal characters), sendmail can produce an illegal message.
191
192* MIME encoded full name phrases in the From: header
193
194  If a full name phrase includes characters from MustQuoteChars, sendmail
195  will quote the entire full name phrase.  If MustQuoteChars includes
196  characters which are not special characters according to STD 11 (RFC
197  822), this quotation can interfere with MIME encoded full name phrases.
198  By default, sendmail includes the single quote character (') in
199  MustQuoteChars even though it is not listed as a special character in
200  STD 11.
201
202* bestmx map with -z flag truncates the list of MX hosts
203
204  A bestmx map configured with the -z flag will truncate the list
205  of MX hosts.  This prevents creation of strings which are too
206  long for ruleset parsing.  This can have an adverse effect on the
207  relay_based_on_MX feature.
208
209* Saving to ~sender/dead.letter fails if su'ed to root
210
211  If ErrorMode is set to print and an error in sending mail occurs,
212  the normal action is to print a message to the screen and append
213  the message to a dead.letter file in the sender's home directory.
214  In the case where the sender is using su to act as root, the file
215  safety checks prevent sendmail from saving the dead.letter file
216  because the sender's uid and the current real uid do not match.
217
218* Berkeley DB 2.X race condition with fcntl() locking
219
220  There is a race condition for Berkeley DB 2.X databases on
221  operating systems which use fcntl() style locking, such as
222  Solaris.  Sendmail locks the map before calling db_open() to
223  prevent others from modifying the map while it is being opened.
224  Unfortunately, Berkeley DB opens the map, closes it, and then
225  reopens it.  fcntl() locking drops the lock when any file
226  descriptor pointing to the file is closed, even if it is a
227  different file descriptor than the one used to initially lock
228  the file.  As a result there is a possibility that entries in a
229  map might not be found during a map rebuild.  As a workaround,
230  you can use makemap to build a map with a new name and then
231  "mv" the new db file to replace the old one.
232
233  Sleepycat Software has added code to avoid this race condition to
234  Berkeley DB versions after 2.7.5.
235
236* File open timeouts not available on hard mounted NFS file systems
237
238  Since SIGALRM does not interrupt an RPC call for hard mounted
239  NFS file systems, it is impossible to implement a timeout on a file
240  open operation.  Therefore, while the NFS server is not responding,
241  attempts to open a file on that server will hang.  Systems with
242  local mail delivery and NFS hard mounted home directories should be
243  avoided, as attempts to open the forward files could hang.
244
245* Race condition for delivery to set-user-ID files
246
247  Sendmail will deliver to a fail if the file is owned by the DefaultUser
248  or has the set-user-ID bit set.  Unfortunately, some systems clear that bit
249  when a file is modified.  Sendmail compensates by resetting the file mode
250  back to it's original settings.  Unfortunately, there's still a
251  permission failure race as sendmail checks the permissions before locking
252  the file.  This is unavoidable as sendmail must verify the file is safe
253  to open before opening it.  A file can not be locked until it is open.
254
255* MAIL_HUB always takes precedence over LOCAL_RELAY
256
257  Despite the information in the documentation, MAIL_HUB ($H) will always
258  be used if set instead of LOCAL_RELAY ($R).  This will be fixed in a
259  future version.
260
261$Revision: 8.60 $, Last updated $Date: 2007/12/04 01:16:50 $
262