1 2 SENDMAIL RELEASE 8 3 4This directory has the latest sendmail(TM) software from Proofpoint, Inc. 5 6Report any bugs to sendmail-bugs-YYYY@support.sendmail.org 7where YYYY is the current year, e.g., 2005. 8 9There is a web site at http://www.sendmail.org/ -- see that site for 10the latest updates. 11 12+--------------+ 13| INTRODUCTION | 14+--------------+ 15 160. The vast majority of queries about sendmail are answered in the 17 README files noted below. 18 191. Read this README file, especially this introduction, and the DIRECTORY 20 PERMISSIONS sections. 21 222. Read the INSTALL file in this directory. 23 243. Read sendmail/README, especially: 25 a. the introduction 26 b. the BUILDING SENDMAIL section 27 c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section 28 29 You may also find these useful: 30 31 d. sendmail/SECURITY 32 e. devtools/README 33 f. devtools/Site/README 34 g. libmilter/README 35 h. mail.local/README 36 i. smrsh/README 37 384. Read cf/README. 39 40Sendmail is a trademark of Proofpoint, Inc. 41US Patent Numbers 6865671, 6986037. 42 43+-----------------------+ 44| DIRECTORY PERMISSIONS | 45+-----------------------+ 46 47Sendmail often gets blamed for many problems that are actually the 48result of other problems, such as overly permissive modes on directories. 49For this reason, sendmail checks the modes on system directories and 50files to determine if they can be trusted. For sendmail to run without 51complaining, you MUST execute the following command: 52 53 chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 54 chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 55 56You will probably have to tweak this for your environment (for example, 57some systems put the spool directory into /usr/spool instead of 58/var/spool). If you set the RunAsUser option in your sendmail.cf, the 59/var/spool/mqueue directory will have to be owned by the RunAsUser user. 60As a general rule, after you have compiled sendmail, run the command 61 62 sendmail -v -bi 63 64to initialize the alias database. If it gives messages such as 65 66 WARNING: writable directory /etc 67 WARNING: writable directory /var/spool/mqueue 68 69then the directories listed have inappropriate write permissions and 70should be secured to avoid various possible security attacks. 71 72Beginning with sendmail 8.9, these checks have become more strict to 73prevent users from being able to access files they would normally not 74be able to read. In particular, .forward and :include: files in unsafe 75directory paths (directory paths which are group or world writable) will 76no longer be allowed. This would mean that if user joe's home directory 77was writable by group staff, sendmail would not use his .forward file. 78This behavior can be altered, at the expense of system security, by 79setting the DontBlameSendmail option. For example, to allow .forward 80files in group writable directories: 81 82 O DontBlameSendmail=forwardfileingroupwritabledirpath 83 84Or to allow them in both group and world writable directories: 85 86 O DontBlameSendmail=forwardfileinunsafedirpath 87 88Items from these unsafe .forward and :include: files will be marked 89as unsafe addresses -- the items can not be deliveries to files or 90programs. This behavior can also be altered via DontBlameSendmail: 91 92 O DontBlameSendmail=forwardfileinunsafedirpath, 93 forwardfileinunsafedirpathsafe 94 95The first flag allows the .forward file to be read, the second allows 96the items in the file to be marked as safe for file and program 97delivery. 98 99Other files affected by this strengthened security include class 100files (i.e., Fw /etc/mail/local-host-names), persistent host status files, 101and the files specified by the ErrorHeader and HelpFile options. Similar 102DontBlameSendmail flags are available for the class, ErrorHeader, and 103HelpFile files. 104 105If you have an unsafe configuration of .forward and :include: 106files, you can make it safe by finding all such files, and doing 107a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for 108each directory in the file's path. 109 110 111+--------------------------+ 112| FILE AND MAP PERMISSIONS | 113+--------------------------+ 114 115Any application which uses either flock() or fcntl() style locking or 116other APIs that use one of these locking methods (such as open() with 117O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users 118may be susceptible to local denial of service attacks. 119 120File locking is used throughout sendmail for a variety of files 121including aliases, maps, statistics, and the pid file. Any user who 122can open one of these files can prevent sendmail or it's associated 123utilities, e.g., makemap or newaliases, from operating properly. This 124can also affect sendmail's ability to update status files such as 125statistics files. For system which use flock() for file locking, a 126user's ability to obtain an exclusive lock prevents other sendmail 127processes from reading certain files such as alias or map databases. 128 129A workaround for this problem is to protect all sendmail files such 130that they can't be opened by untrusted users. As long as users can 131not open a file, they can not lock it. Since queue files should 132already have restricted permissions, the only files that need 133adjustment are alias, map, statistics, and pid files. These files 134should be owned by root or the trusted user specified in the 135TrustedUser option. Changing the permissions to be only readable and 136writable by that user is sufficient to avoid the denial of service. 137For example, depending on the paths you use, these commands would be 138used: 139 140 chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir} 141 chmod 0640 /etc/mail/*.{db,pag,dir} 142 chmod 0640 /etc/mail/statistics /var/log/sendmail.st 143 chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid 144 145If the permissions 0640 are used, be sure that only trusted users belong 146to the group assigned to those files. Otherwise, files should not even 147be group readable. As of sendmail 8.12.4, the permissions shown above 148are the default permissions for newly created files. 149 150Note that the denial of service on the plain text aliases file 151(/etc/mail/aliases) only prevents newaliases from rebuilding the 152aliases file. The same is true for the database files on systems which 153use fcntl() style locking. Since it does not interfere with normal 154operations, sites may chose to leave these files readable. Also, it is 155not necessary to protect the text files associated with map databases 156as makemap does not lock those files. 157 158 159+-----------------------+ 160| RELATED DOCUMENTATION | 161+-----------------------+ 162 163There are other files you should read. Rooted in this directory are: 164 165 FAQ 166 The FAQ (frequently answered questions) is no longer maintained 167 with the sendmail release. It is available at 168 http://www.sendmail.org/faq/ . The file FAQ is a reminder of 169 this and a pointer to the web page. 170 INSTALL 171 Installation instructions for building and installing sendmail. 172 KNOWNBUGS 173 Known bugs in the current release. 174 RELEASE_NOTES 175 A detailed description of the changes in each version. This 176 is quite long, but informative. 177 sendmail/README 178 Details on compiling and installing sendmail. 179 cf/README 180 Details on configuring sendmail. 181 doc/op/op.me 182 The sendmail Installation & Operations Guide. In addition 183 to the shipped PostScript version, plain text and PDF versions 184 can be generating using (assuming the required conversion software 185 is installed on your system, see doc/op/Makefile): 186 187 cd doc/op && make op.txt op.pdf 188 189 Be warned: on some systems calling make in doc/op/ will cause 190 errors due to nroff/groff problems. Known problems are: 191 - running this off on systems with an old version of -me, you 192 need to add the following macro to the macros: 193 194 .de sm 195 \s-1\\$1\\s0\\$2 196 .. 197 198 This sets a word in a smaller pointsize. 199 200 - with new groff versions (1.18 seems affected) 201 202 GROFF_NO_SGR=1 203 204 needs to be set, e.g., in doc/op/Makefile: 205 206 ROFF_CMD= GROFF_NO_SGR=1 groff 207 208 209+--------------+ 210| RELATED RFCS | 211+--------------+ 212 213There are several related RFCs that you may wish to read -- they are 214available via anonymous FTP to several sites. For a list of the 215primary repositories see: 216 217 http://www.isi.edu/in-notes/rfc-retrieval.txt 218 219They are also online at: 220 221 http://www.ietf.org/ 222 223They can also be retrieved via electronic mail by sending 224email to one of: 225 226 mail-server@nisc.sri.com 227 Put "send rfcNNN" in message body 228 nis-info@nis.nsf.net 229 Put "send RFCnnn.TXT-1" in message body 230 sendrfc@jvnc.net 231 Put "RFCnnn" as Subject: line 232 233For further instructions see: 234 235 http://www.isi.edu/in-notes/rfc-editor/rfc-info 236 237Important RFCs for electronic mail are: 238 239 RFC821 SMTP protocol 240 RFC822 Mail header format 241 RFC974 MX routing 242 RFC976 UUCP mail format 243 RFC1123 Host requirements (modifies 821, 822, and 974) 244 RFC1344 Implications of MIME for Internet Mail Gateways 245 RFC1413 Identification server 246 RFC1428 Transition of Internet Mail from Just-Send-8 to 247 8-bit SMTP/MIME 248 RFC1652 SMTP Service Extension for 8bit-MIMEtransport 249 RFC1869 SMTP Service Extensions (ESMTP spec) 250 RFC1870 SMTP Service Extension for Message Size Declaration 251 RFC1891 SMTP Service Extension for Delivery Status Notifications 252 RFC1892 Multipart/Report Content Type for the Reporting of 253 Mail System Administrative Messages 254 RFC1893 Enhanced Mail System Status Codes 255 RFC1894 An Extensible Message Format for Delivery Status 256 Notifications 257 RFC1985 SMTP Service Extension for Remote Message Queue Starting 258 RFC2033 Local Mail Transfer Protocol (LMTP) 259 RFC2034 SMTP Service Extension for Returning Enhanced Error Codes 260 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: 261 Format of Internet Message Bodies 262 RFC2476 Message Submission 263 RFC2487 SMTP Service Extension for Secure SMTP over TLS 264 RFC2554 SMTP Service Extension for Authentication 265 RFC2821 Simple Mail Transfer Protocol 266 RFC2822 Internet Message Format 267 RFC2852 Deliver By SMTP Service Extension 268 RFC2920 SMTP Service Extension for Command Pipelining 269 270Other standards that may be of interest (but which are less directly 271relevant to sendmail) are: 272 273 RFC987 Mapping between RFC822 and X.400 274 RFC1049 Content-Type header field (extension to RFC822) 275 276Warning to AIX users: this version of sendmail does not implement 277MB, MR, or MG DNS resource records, as defined (as experiments) in 278RFC1035. 279 280 281+---------+ 282| WARNING | 283+---------+ 284 285Since sendmail 8.11 and later includes hooks to cryptography, the 286following information from OpenSSL applies to sendmail as well. 287 288PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY 289SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING 290TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME 291PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR 292COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL 293SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE 294YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT 295AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR 296ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY. 297 298If you use OpenSSL then make sure you read their README file which 299contains information about patents etc. 300 301 302+-------------------+ 303| DATABASE ROUTINES | 304+-------------------+ 305 306IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** 307use the version that was on the Net2 tape -- it has a number of 308nefarious bugs that were bad enough when I got them; you shouldn't have 309to go through the same thing. Instead, get a new version via the web at 310http://www.sleepycat.com/. This software is highly recommended; it gets 311rid of several stupid limits, it's much faster, and the interface is 312nicer to animals and plants. If the Berkeley DB include files 313are installed in a location other than those which your compiler searches, 314you will need to provide that directory when building: 315 316 ./Build -I/path/to/include/directory 317 318If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* 319urged to upgrade to DB version 2 or later, available from 320http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to 321be broken in various nasty ways (see http://www.sleepycat.com/db.185.html), 322and can cause sendmail to dump core. In addition, the newest versions of 323gcc and the Solaris compilers perform optimizations in those versions that 324may cause fairly random core dumps. 325 326If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are 327using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h 328and ndbm.o from the DB library after building it. You should also apply 329all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site 330(see http://www.sleepycat.com/db.185.html), as they fix some of the known 331problems. 332 333If you are using a version of Berkeley DB 2 previous to 2.3.15, and you 334are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o 335from the DB library after building it. No other changes are necessary. 336 337If you are using Berkeley DB version 2.3.15 or greater, no changes are 338necessary. 339 340The underlying database file formats changed between Berkeley DB versions 3411.85 and 1.86, again between DB 1.86 and version 2.0, and finally between 342DB 2.X and 3.X. If you are upgrading from one of those versions, you must 343recreate your database file(s). Do this by rebuilding all maps with 344makemap and rebuilding the alias file with newaliases. 345 346 347+--------------------+ 348| HOST NAME SERVICES | 349+--------------------+ 350 351If you are using NIS or /etc/hosts, it is critical that you 352list the long (fully qualified) name somewhere (preferably first) in 353the /etc/hosts file used to build the NIS database. For example, the 354line should read 355 356 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon 357 358**** NOT **** 359 360 128.32.149.68 mastodon 361 362If you do not include the long name, sendmail will complain loudly 363about ``unable to qualify my own domain name (mastodon) -- using 364short name'' and conclude that your canonical name is the short 365version and use that in messages. The name "mastodon" doesn't mean 366much outside of Berkeley, and so this creates incorrect and unreplyable 367messages. 368 369 370+-------------+ 371| USE WITH MH | 372+-------------+ 373 374This version of sendmail notices and reports certain kinds of SMTP 375protocol violations that were ignored by older versions. If you 376are running MH you may wish to install the patch in contrib/mh.patch 377that will prevent these warning reports. This patch also works 378with the old version of sendmail, so it's safe to go ahead and 379install it. 380 381 382+----------------+ 383| USE WITH IDENT | 384+----------------+ 385 386Sendmail 8 supports the IDENT protocol, as defined by RFC 1413. 387Note that the RFC states a client should wait at least 30 seconds 388for a response. As of 8.10.0, the default Timeout.ident is 5 seconds 389as many sites have adopted the practice of dropping IDENT queries. 390This has lead to delays processing mail. 391 392No ident server is included with this distribution. It is available 393from: 394 395 ftp://ftp.lysator.liu.se/pub/ident/servers/ 396 http://sf.www.lysator.liu.se/~pen/pidentd/ 397 398+-------------------------+ 399| INTEROPERATION PROBLEMS | 400+-------------------------+ 401 402Microsoft Exchange Server 5.0 403 We have had a report that ``about 7% of messages from Sendmail 404 to Exchange were not being delivered with status messages of 405 "connection reset" and "I/O error".'' Upgrading Exchange from 406 Version 5.0 to Version 5.5 Service Pack 2 solved this problem. 407 408CommuniGate Pro 409 CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on 410 the MAIL FROM command if the client is not authenticated. Use 411 412 define(`confAUTH_OPTIONS', `A') 413 414 in .mc file if you have compiled sendmail with Cyrus SASL 415 and you communicate with CommuniGate Pro servers. 416 417+---------------------+ 418| DIRECTORY STRUCTURE | 419+---------------------+ 420 421The structure of this directory tree is: 422 423cf Source for sendmail configuration files. These are 424 different than what you've seen before. They are a 425 fairly dramatic rewrite, requiring the new sendmail 426 (since they use new features). 427contrib Some contributed tools to help with sendmail. THESE 428 ARE NOT SUPPORTED by sendmail -- contact the original 429 authors if you have problems. (This directory is not 430 on the 4.4BSD tape.) 431devtools Build environment. See devtools/README. 432doc Documentation. If you are getting source, read 433 op.me -- it's long, but worth it. 434editmap A program to edit and query maps that have been created 435 with makemap, e.g., adding and deleting entries. 436include Include files used by multiple programs in the distribution. 437libsmdb sendmail database library with support for Berkeley DB 1.X, 438 Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. 439libsmutil sendmail utility library with functions used by different 440 programs. 441mail.local The source for the local delivery agent used for 4.4BSD. 442 THIS IS NOT PART OF SENDMAIL! and may not compile 443 everywhere, since it depends on some 4.4-isms. Warning: 444 it does mailbox locking differently than other systems. 445mailstats Statistics printing program. 446makemap A program that creates the keyed maps used by the $( ... $) 447 construct in sendmail. It is primitive but effective. 448 It takes a very simple input format, so you will probably 449 expect to preprocess must human-convenient formats 450 using sed scripts before this program will like them. 451 But it should be functionally complete. 452praliases A program to print the DBM or NEWDB version of the 453 aliases file. 454rmail Source for rmail(8). This is used as a delivery 455 agent for for UUCP, and could presumably be used by 456 other non-socket oriented mailers. Older versions of 457 rmail are probably deficient. RMAIL IS NOT PART OF 458 SENDMAIL!!! The 4.4BSD source is included for you to 459 look at or try to port to your system. There is no 460 guarantee it will even compile on your operating system. 461smrsh The "sendmail restricted shell", which can be used as 462 a replacement for /bin/sh in the prog mailer to provide 463 increased security control. NOT PART OF SENDMAIL! 464sendmail Source for the sendmail program itself. 465test Some test scripts (currently only for compilation aids). 466vacation Source for the vacation program. NOT PART OF SENDMAIL! 467 468$Revision: 8.96 $, Last updated $Date: 2013/11/22 20:51:01 $ 469