xref: /freebsd/contrib/sendmail/KNOWNBUGS (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1
2
3	     K N O W N   B U G S   I N   S E N D M A I L
4
5
6The following are bugs or deficiencies in sendmail that we are aware of
7but which have not been fixed in the current release.  You probably
8want to get the most up to date version of this from ftp.sendmail.org
9in /pub/sendmail/KNOWNBUGS.  For descriptions of bugs that have been
10fixed, see the file RELEASE_NOTES (in the root directory of the sendmail
11distribution).
12
13This list is not guaranteed to be complete.
14
15* Header values which are too long may be truncated.
16
17  If a value of a structured header is longer than 256 (MAXNAME)
18  characters then it may be truncated during output. For example,
19  if a single address in the To: header is longer than 256 characters
20  then it will be truncated which may result in a syntactically
21  invalid address.
22
23* Berkeley DB map locking problem with fcntl().
24
25  For Linux the default is to use fcntl() for file locking.  However,
26  this does not work with Berkeley DB 5.x and probably later.
27  Switching to flock(), i.e., compile with -DHASFLOCK fixes this
28  (however, there have been problems with flock() on some Linux
29  versions). Alternatively, use CDB or an earlier BDB version.
30
31* Delivery to programs that generate too much output may cause problems
32
33  If e-mail is delivered to a program which generates too much
34  output, then sendmail may issue an error:
35
36  timeout waiting for input from local during Draining Input
37
38  Make sure that the program does not generate output beyond a
39  status message (corresponding to the exit status).  This may
40  require a wrapper around the actual program to redirect output
41  to /dev/null.
42
43  Such a problem has been reported for bulk_mailer.
44
45* Null bytes are not handled properly in headers.
46
47  Sendmail should handle full binary data.  As it stands, it handles
48  all values in the body, but not 0x00 in the header.  Changing
49  this would require a major restructuring of the code -- for
50  example, almost no C library support could be used to handle
51  strings.
52
53* Header checks are not called if header value is too long or empty.
54
55  If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6)
56  characters or it contains a single word longer than 256 (MAXNAME)
57  characters then no header check is done even if one is configured for
58  the header.
59
60* Header lines which are too long will be split incorrectly.
61
62  Header lines which are longer than 2045 characters will be split
63  but some characters might be lost.  Fix: obey RFC (2)822 and do not
64  send lines that are longer than 1000 characters.
65
66* milter communication fails if a single header is larger than 64K.
67
68  If a single header is larger than 64KB (which is not possible in the
69  default configuration) then it cannot be transferred in one block to
70  libmilter and hence the communication fails.  This can be avoided by
71  increasing the constant MILTER_CHUNK_SIZE in
72  include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
73  all (statically linked) milters (or by using undocumented compile
74  time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to
75  read the source code in order to use these properly).
76
77* Sender addresses whose domain part cause a temporary A record lookup
78  failure but have a valid MX record will be temporarily rejected in
79  the default configuration.  Solution: fix the DNS at the sender side.
80  If that's not easy to achieve, possible workarounds are:
81  - add an entry to the access map:
82	dom.ain	OK
83  - (only for advanced users) replace
84
85# Resolve map (to check if a host exists in check_mail)
86Kresolve host -a<OKR> -T<TEMP>
87
88   with
89
90# Resolve map (to check if a host exists in check_mail)
91Kcanon host -a<OKR> -T<TEMP>
92Kdnsmx dns -R MX -a<OKR> -T<TEMP>
93Kresolve sequence dnsmx canon
94
95
96* Duplicate error messages.
97
98  Sometimes identical, duplicate error messages can be generated.  As
99  near as I can tell, this is rare and relatively innocuous.
100
101* Misleading error messages.
102
103  If an illegal address is specified on the command line together
104  with at least one valid address and PostmasterCopy is set, the
105  DSN does not contain the illegal address, but only the valid
106  address(es).
107
108* AuthRealm for Cyrus SASL may not work as expected. The man page
109  and the actual usage for sasl_server_new() seem to differ.
110  Feedback for the "correct" usage is welcome, a patch to match
111  the description of the man page is in contrib/AuthRealm.p0.
112
113* accept() problem on SVR4.
114
115  Apparently, the sendmail daemon loop (doing accept()s on the network)
116  can get into a weird state on SVR4; it starts logging ``SYSERR:
117  getrequests: accept: Protocol Error''.  The workaround is to kill
118  and restart the sendmail daemon.  We don't have an SVR4 system at
119  Berkeley that carries more than token mail load, so I can't validate
120  this.  It is likely to be a glitch in the sockets emulation, since
121  "Protocol Error" is not possible error code with Berkeley TCP/IP.
122
123  I've also had someone report the message ``sendmail: accept:
124  SIOCGPGRP failed errno 22'' on an SVR4 system.  This message is
125  not in the sendmail source code, so I assume it is also a bug
126  in the sockets emulation.  (Errno 22 is EINVAL "Invalid Argument"
127  on all the systems I have available, including Solaris 2.x.)
128  Apparently, this problem is due to linking -lc before -lsocket;
129  if you are having this problem, check your Makefile.
130
131* accept() problem on Linux.
132
133  The accept() in sendmail daemon loop can return ETIMEDOUT.  An
134  error is reported to syslog:
135
136  Jun  9 17:14:12 hostname sendmail[207]: NOQUEUE: SYSERR(root):
137			getrequests: accept: Connection timed out
138
139  "Connection timed out" is not documented as a valid return from
140  accept(2) and this was believed to be a bug in the Linux kernel.
141  Later information from the Linux kernel group states that Linux
142  2.0 kernels follow RFC1122 while sendmail follows the original BSD
143  (now POSIX 1003.1g draft) specification.  The 2.1.X and later kernels
144  will follow the POSIX draft.
145
146* Excessive mailing list nesting can run out of file descriptors.
147
148  If you have a mailing list that includes lots of other mailing
149  lists, each of which has a separate owner, you can run out of
150  file descriptors.  Each mailing list with a separate owner uses
151  one open file descriptor (prior to 8.6.6 it was three open
152  file descriptors per list).  This is particularly egregious if
153  you have your connection cache set to be large.
154
155* Connection caching breaks if you pass the port number as an argument.
156
157  If you have a definition such as:
158
159	  Mport,          P=[IPC], F=kmDFMuX, S=11/31, R=21,
160			  M=2100000, T=DNS/RFC822/SMTP,
161			  A=IPC [127.0.0.1] $h
162
163  (i.e., where $h is the port number instead of the host name) the
164  connection caching code will break because it won't notice that
165  two messages addressed to different ports should use different
166  connections.
167
168* ESMTP SIZE underestimates the size of a message
169
170  Sendmail makes no allowance for headers that it adds, nor does it
171  account for the SMTP on-the-wire \r\n expansion.  It probably doesn't
172  allow for 8->7 bit MIME conversions either.
173
174* Client ignores SIZE parameter.
175
176  When sendmail acts as client and the server specifies a limit for
177  the mail size, sendmail will ignore this and try to send the mail
178  anyway (unless _FFR_CLIENT_SIZE is used).  The server will usually
179  reject the MAIL command which specifies the size of the message
180  and hence this problem is not significant.
181
182* Paths to programs being executed and the mode of program files are
183  not checked.  Essentially, the RunProgramInUnsafeDirPath and
184  RunWritableProgram bits in the DontBlameSendmail option are always
185  set.  This is not a problem if your system is well managed (that is,
186  if binaries and system directories are mode 755 instead of something
187  foolish like 777).
188
189* 8-bit data in GECOS field
190
191  If the GECOS (personal name) information in the passwd file contains
192  8-bit characters, those characters can be included in the message
193  header, which can cause problems when sending SMTP to hosts that
194  only accept 7-bit characters.
195
196* 8->7 bit MIME conversion
197
198  When sendmail is doing 8->7 bit MIME conversions, and the message
199  contains certain MIME body types that cannot be converted to 7-bit,
200  sendmail will pass the message as 8-bit.
201
202* 7->8 bit MIME conversion
203
204  If a message that is encoded as 7-bit MIME is converted to 8-bit and
205  that message when decoded is illegal (e.g., because of long lines or
206  illegal characters), sendmail can produce an illegal message.
207
208* MIME encoded full name phrases in the From: header
209
210  If a full name phrase includes characters from MustQuoteChars, sendmail
211  will quote the entire full name phrase.  If MustQuoteChars includes
212  characters which are not special characters according to STD 11 (RFC
213  822), this quotation can interfere with MIME encoded full name phrases.
214  By default, sendmail includes the single quote character (') in
215  MustQuoteChars even though it is not listed as a special character in
216  STD 11.
217
218* bestmx map with -z flag truncates the list of MX hosts
219
220  A bestmx map configured with the -z flag will truncate the list
221  of MX hosts.  This prevents creation of strings which are too
222  long for ruleset parsing.  This can have an adverse effect on the
223  relay_based_on_MX feature.
224
225* Saving to ~sender/dead.letter fails if su'ed to root
226
227  If ErrorMode is set to print and an error in sending mail occurs,
228  the normal action is to print a message to the screen and append
229  the message to a dead.letter file in the sender's home directory.
230  In the case where the sender is using su to act as root, the file
231  safety checks prevent sendmail from saving the dead.letter file
232  because the sender's uid and the current real uid do not match.
233
234* Berkeley DB 2.X race condition with fcntl() locking
235
236  There is a race condition for Berkeley DB 2.X databases on
237  operating systems which use fcntl() style locking, such as
238  Solaris.  Sendmail locks the map before calling db_open() to
239  prevent others from modifying the map while it is being opened.
240  Unfortunately, Berkeley DB opens the map, closes it, and then
241  reopens it.  fcntl() locking drops the lock when any file
242  descriptor pointing to the file is closed, even if it is a
243  different file descriptor than the one used to initially lock
244  the file.  As a result there is a possibility that entries in a
245  map might not be found during a map rebuild.  As a workaround,
246  you can use makemap to build a map with a new name and then
247  "mv" the new db file to replace the old one.
248
249  Sleepycat Software has added code to avoid this race condition to
250  Berkeley DB versions after 2.7.5.
251
252* File open timeouts not available on hard mounted NFS file systems
253
254  Since SIGALRM does not interrupt an RPC call for hard mounted
255  NFS file systems, it is impossible to implement a timeout on a file
256  open operation.  Therefore, while the NFS server is not responding,
257  attempts to open a file on that server will hang.  Systems with
258  local mail delivery and NFS hard mounted home directories should be
259  avoided, as attempts to open the forward files could hang.
260
261* Race condition for delivery to set-user-ID files
262
263  Sendmail will deliver to a file if the file is owned by the DefaultUser
264  or has the set-user-ID bit set.  Unfortunately, some systems clear that bit
265  when a file is modified.  Sendmail compensates by resetting the file mode
266  back to it's original settings.  Unfortunately, there's still a
267  permission failure race as sendmail checks the permissions before locking
268  the file.  This is unavoidable as sendmail must verify the file is safe
269  to open before opening it.  A file can not be locked until it is open.
270
271* MAIL_HUB always takes precedence over LOCAL_RELAY
272
273  Despite the information in the documentation, MAIL_HUB ($H) will always
274  be used if set instead of LOCAL_RELAY ($R).  This will be fixed in a
275  future version.
276
277