xref: /freebsd/contrib/sendmail/README (revision 6990ffd8a95caaba6858ad44ff1b3157d1efba8f)
1
2			SENDMAIL RELEASE 8
3
4This directory has the latest sendmail(TM) software from Sendmail, Inc.
5
6Report any bugs to sendmail-bugs@sendmail.ORG
7
8There is a web site at http://WWW.Sendmail.ORG/ -- see that site for
9the latest updates.
10
11+--------------+
12| INTRODUCTION |
13+--------------+
14
150. The vast majority of queries to <sendmail-questions@sendmail.org>
16   are answered in the README files noted below.
17
181. Read this README file, especially this introduction, and the DIRECTORY
19   PERMISSIONS sections.
20
212. Read the INSTALL file in this directory.
22
233. Read sendmail/README, especially:
24   a. the introduction
25   b. the BUILDING SENDMAIL section
26   c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
27
28   You may also find these useful:
29
30   d. devtools/README
31   e. devtools/Site/README
32   f. mail.local/README
33   g. smrsh/README
34
354. Read cf/README.
36
37Sendmail is a trademark of Sendmail, Inc.
38
39+-----------------------+
40| DIRECTORY PERMISSIONS |
41+-----------------------+
42
43Sendmail often gets blamed for many problems that are actually the
44result of other problems, such as overly permissive modes on directories.
45For this reason, sendmail checks the modes on system directories and
46files to determine if they can be trusted.  For sendmail to run without
47complaining, you MUST execute the following command:
48
49	chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
50	chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
51
52You will probably have to tweak this for your environment (for example,
53some systems put the spool directory into /usr/spool instead of
54/var/spool).  If you set the RunAsUser option in your sendmail.cf, the
55/var/spool/mqueue directory will have to be owned by the RunAsUser user.
56As a general rule, after you have compiled sendmail, run the command
57
58	sendmail -v -bi
59
60to initialize the alias database.  If it gives messages such as
61
62	WARNING: writable directory /etc
63	WARNING: writable directory /var/spool/mqueue
64
65then the directories listed have inappropriate write permissions and
66should be secured to avoid various possible security attacks.
67
68Beginning with sendmail 8.9, these checks have become more strict to
69prevent users from being able to access files they would normally not
70be able to read.  In particular, .forward and :include: files in unsafe
71directory paths (directory paths which are group or world writable) will
72no longer be allowed.  This would mean that if user joe's home directory
73was writable by group staff, sendmail would not use his .forward file.
74This behavior can be altered, at the expense of system security, by
75setting the DontBlameSendmail option.  For example, to allow .forward
76files in group writable directories:
77
78	O DontBlameSendmail=forwardfileingroupwritabledirpath
79
80Or to allow them in both group and world writable directories:
81
82	O DontBlameSendmail=forwardfileinunsafedirpath
83
84Items from these unsafe .forward and :include: files will be marked
85as unsafe addresses -- the items can not be deliveries to files or
86programs.  This behavior can also be altered via DontBlameSendmail:
87
88	O DontBlameSendmail=forwardfileinunsafedirpath,
89		forwardfileinunsafedirpathsafe
90
91The first flag allows the .forward file to be read, the second allows
92the items in the file to be marked as safe for file and program
93delivery.
94
95Other files affected by this strengthened security include class
96files (i.e. Fw /etc/mail/local-host-names), persistent host status files,
97and the files specified by the ErrorHeader and HelpFile options.  Similar
98DontBlameSendmail flags are available for the class, ErrorHeader, and
99HelpFile files.
100
101If you have an unsafe configuration of .forward and :include:
102files, you can make it safe by finding all such files, and doing
103a "chmod go-w $FILE" on each.  Also, do a "chmod go-w $DIR" for
104each directory in the file's path.
105
106
107+-----------------------+
108| RELATED DOCUMENTATION |
109+-----------------------+
110
111There are other files you should read.  Rooted in this directory are:
112
113  FAQ
114	The FAQ (frequently answered questions) is no longer maintained
115	with the sendmail release.  It is available at
116	http://www.sendmail.org/faq/ .  The file FAQ is a reminder of
117	this and a pointer to the web page.
118  INSTALL
119	Installation instructions for building and installing sendmail.
120  KNOWNBUGS
121	Known bugs in the current release.
122  RELEASE_NOTES
123	A detailed description of the changes in each version.  This
124	is quite long, but informative.
125  sendmail/README
126	Details on compiling and installing sendmail.
127  cf/README
128	Details on configuring sendmail.
129  doc/op/op.me
130	The sendmail Installation & Operations Guide.  Be warned: if
131	you are running this off on SunOS or some other system with an
132	old version of -me, you need to add the following macro to the
133	macros:
134
135		.de sm
136		\s-1\\$1\\s0\\$2
137		..
138
139	This sets a word in a smaller pointsize.
140
141
142+--------------+
143| RELATED RFCS |
144+--------------+
145
146There are several related RFCs that you may wish to read -- they are
147available via anonymous FTP to several sites.  For a list of the
148primary repositories see:
149
150	http://www.isi.edu/in-notes/rfc-retrieval.txt
151
152They are also online at:
153
154	http://www.ietf.org/
155
156They can also be retrieved via electronic mail by sending
157email to one of:
158
159	mail-server@nisc.sri.com
160		Put "send rfcNNN" in message body
161	nis-info@nis.nsf.net
162		Put "send RFCnnn.TXT-1" in message body
163	sendrfc@jvnc.net
164		Put "RFCnnn" as Subject: line
165
166For further instructions see:
167
168	http://www.isi.edu/in-notes/rfc-editor/rfc-info
169
170Important RFCs for electronic mail are:
171
172	RFC821	SMTP protocol
173	RFC822	Mail header format
174	RFC974	MX routing
175	RFC976	UUCP mail format
176	RFC1123	Host requirements (modifies 821, 822, and 974)
177	RFC1413	Identification server
178	RFC1869	SMTP Service Extensions (ESMTP spec)
179	RFC1652	SMTP Service Extension for 8bit-MIMEtransport
180	RFC1870	SMTP Service Extension for Message Size Declaration
181	RFC2045	Multipurpose Internet Mail Extensions (MIME) Part One:
182		Format of Internet Message Bodies
183	RFC1344	Implications of MIME for Internet Mail Gateways
184	RFC1428	Transition of Internet Mail from Just-Send-8 to
185		8-bit SMTP/MIME
186	RFC1891	SMTP Service Extension for Delivery Status Notifications
187	RFC1892	Multipart/Report Content Type for the Reporting of
188		Mail System Administrative Messages
189	RFC1893	Enhanced Mail System Status Codes
190	RFC1894	An Extensible Message Format for Delivery Status
191		Notifications
192	RFC1985	SMTP Service Extension for Remote Message Queue Starting
193	RFC2033 Local Mail Transfer Protocol (LMTP)
194	RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
195	RFC2476 Message Submission
196	RFC2487 SMTP Service Extension for Secure SMTP over TLS
197	RFC2554 SMTP Service Extension for Authentication
198
199Other standards that may be of interest (but which are less directly
200relevant to sendmail) are:
201
202	RFC987	Mapping between RFC822 and X.400
203	RFC1049	Content-Type header field (extension to RFC822)
204
205Warning to AIX users: this version of sendmail does not implement
206MB, MR, or MG DNS resource records, as defined (as experiments) in
207RFC1035.
208
209
210+---------+
211| WARNING |
212+---------+
213
214Since sendmail 8.11 and later includes hooks to cryptography, the
215following information from OpenSSL applies to sendmail as well.
216
217PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
218SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
219TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
220PARTS OF THE WORLD.  SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
221COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
222SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
223YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
224AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
225ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
226
227If you use OpenSSL then make sure you read their README file which
228contains information about patents etc.
229
230
231+-------------------+
232| DATABASE ROUTINES |
233+-------------------+
234
235IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE:  ****  DO NOT  ****
236use the version that was on the Net2 tape -- it has a number of
237nefarious bugs that were bad enough when I got them; you shouldn't have
238to go through the same thing.  Instead, get a new version via the web at
239http://www.sleepycat.com/.  This software is highly recommended; it gets
240rid of several stupid limits, it's much faster, and the interface is
241nicer to animals and plants.  If the Berkeley DB include files
242are installed in a location other than those which your compiler searches,
243you will need to provide that directory when building:
244
245	Build -I/path/to/include/directory
246
247If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
248urged to upgrade to DB version 2 or later, available from
249http://www.sleepycat.com/.  Berkeley DB versions 1.85 and 1.86 are known to
250be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
251and can cause sendmail to dump core.  In addition, the newest versions of
252gcc and the Solaris compilers perform optimizations in those versions that
253may cause fairly random core dumps.
254
255If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
256using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
257and ndbm.o from the DB library after building it.  You should also apply
258all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
259(see http://www.sleepycat.com/db.185.html), as they fix some of the known
260problems.
261
262If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
263are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
264from the DB library after building it.  No other changes are necessary.
265
266If you are using Berkeley DB version 2.3.15 or greater, no changes are
267necessary.
268
269The underlying database file formats changed between Berkeley DB versions
2701.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
271DB 2.X and 3.X.  If you are upgrading from one of those versions, you must
272recreate your database file(s).  Do this by rebuilding all maps with
273makemap and rebuilding the alias file with newaliases.
274
275
276+--------------------+
277| HOST NAME SERVICES |
278+--------------------+
279
280If you are using NIS or /etc/hosts, it is critical that you
281list the long (fully qualified) name somewhere (preferably first) in
282the /etc/hosts file used to build the NIS database.  For example, the
283line should read
284
285	128.32.149.68   mastodon.CS.Berkeley.EDU mastodon
286
287**** NOT ****
288
289	128.32.149.68   mastodon
290
291If you do not include the long name, sendmail will complain loudly
292about ``unable to qualify my own domain name (mastodon) -- using
293short name'' and conclude that your canonical name is the short
294version and use that in messages.  The name "mastodon" doesn't mean
295much outside of Berkeley, and so this creates incorrect and unreplyable
296messages.
297
298
299+-------------+
300| USE WITH MH |
301+-------------+
302
303This version of sendmail notices and reports certain kinds of SMTP
304protocol violations that were ignored by older versions.  If you
305are running MH you may wish to install the patch in contrib/mh.patch
306that will prevent these warning reports.  This patch also works
307with the old version of sendmail, so it's safe to go ahead and
308install it.
309
310
311+----------------+
312| USE WITH IDENT |
313+----------------+
314
315Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
316Note that the RFC states a client should wait at least 30 seconds
317for a response.  As of 8.10.0, the default Timeout.ident is 5 seconds
318as many sites have adopted the practice of dropping IDENT queries.
319This has lead to delays processing mail.
320
321No ident server is included with this distribution.  It is available
322from:
323
324  ftp://ftp.lysator.liu.se/pub/ident/servers/
325  http://sf.www.lysator.liu.se/~pen/pidentd/
326
327+-------------------------+
328| INTEROPERATION PROBLEMS |
329+-------------------------+
330
331Microsoft Exchange Server 5.0
332	We have had a report that ``about 7% of messages from Sendmail
333	to Exchange were not being delivered with status messages of
334	"connection reset" and "I/O error".''  Upgrading Exchange from
335	Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
336
337CommuniGate Pro
338	CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
339	the MAIL FROM command if the client is not authenticated.  Use
340
341		define(`confAUTH_OPTIONS', `A')
342
343	in .mc file if you have compiled sendmail with Cyrus SASL
344	and you communicate with CommuniGate Pro servers.
345
346+---------------------+
347| DIRECTORY STRUCTURE |
348+---------------------+
349
350The structure of this directory tree is:
351
352cf		Source for sendmail configuration files.  These are
353		different than what you've seen before.  They are a
354		fairly dramatic rewrite, requiring the new sendmail
355		(since they use new features).
356contrib		Some contributed tools to help with sendmail.  THESE
357		ARE NOT SUPPORTED by sendmail -- contact the original
358		authors if you have problems.  (This directory is not
359		on the 4.4BSD tape.)
360devtools	Build environment.  See devtools/README.
361doc		Documentation.  If you are getting source, read
362		op.me -- it's long, but worth it.
363include		Include files used by multiple programs in the distribution.
364libsmdb		sendmail database library with support for Berkeley DB 1.X,
365		Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
366libsmutil	sendmail utility library with functions used by different
367		programs.
368mail.local	The source for the local delivery agent used for 4.4BSD.
369		THIS IS NOT PART OF SENDMAIL! and may not compile
370		everywhere, since it depends on some 4.4-isms.  Warning:
371		it does mailbox locking differently than other systems.
372mailstats	Statistics printing program.
373makemap		A program that creates the keyed maps used by the $( ... $)
374		construct in sendmail.  It is primitive but effective.
375		It takes a very simple input format, so you will probably
376		expect to preprocess must human-convenient formats
377		using sed scripts before this program will like them.
378		But it should be functionally complete.
379praliases	A program to print the DBM or NEWDB version of the
380		aliases file.
381rmail		Source for rmail(8).  This is used as a delivery
382		agent for for UUCP, and could presumably be used by
383		other non-socket oriented mailers.  Older versions of
384		rmail are probably deficient.  RMAIL IS NOT PART OF
385		SENDMAIL!!!  The 4.4BSD source is included for you to
386		look at or try to port to your system.  There is no
387		guarantee it will even compile on your operating system.
388smrsh		The "sendmail restricted shell", which can be used as
389		a replacement for /bin/sh in the prog mailer to provide
390		increased security control.  NOT PART OF SENDMAIL!
391sendmail	Source for the sendmail program itself.
392test		Some test scripts (currently only for compilation aids).
393vacation	Source for the vacation program.  NOT PART OF SENDMAIL!
394
395$Revision: 8.71.4.8 $, Last updated $Date: 2001/07/31 22:42:46 $
396