1/*- 2 * @(#)README 8.51 (Berkeley) 1/25/1999 3 */ 4 5 SENDMAIL RELEASE 8 6 7This directory has the latest sendmail(TM) software from Sendmail, Inc. 8See doc/changes/changes.me for a summary of changes since 5.67. 9 10Report any bugs to sendmail-bugs@sendmail.ORG 11 12There is a web site at http://WWW.Sendmail.ORG -- see that site for 13the latest updates. 14 15****************************************************************** 16** A new Build architecture is in place that allows you to ** 17** use the "Build" shell script in any of the program ** 18** directories. On many environments this will do everything ** 19** for you, no fuss, no muss. See src/README for more details ** 20** of compilation. See cf/README for details about building ** 21** a runtime configuration file. ** 22****************************************************************** 23 24Sendmail is a trademark of Sendmail, Inc. 25 26+-----------------------+ 27| DIRECTORY PERMISSIONS | 28+-----------------------+ 29 30Sendmail often gets blamed for many problems that are actually the 31result of other problems, such as overly permissive modes on directories. 32For this reason, sendmail checks the modes on system directories and 33files to determine if can have been trusted. For sendmail to run 34without complaining, you MUST execute the following command: 35 36 chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 37 chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 38 39You will probably have to tweak this for your environment (for example, 40some systems put the spool directory into /usr/spool instead of 41/var/spool and use /etc/mail for aliases file instead of /etc). If you 42set the RunAsUser option in your sendmail.cf, the /var/spool/mqueue 43directory will have to be owned by the RunAsUser user. As a general rule, 44after you have compiled sendmail, run the command 45 46 sendmail -v -bi 47 48to initialize the alias database. If it gives messages such as 49 50 WARNING: writable directory /etc 51 WARNING: writable directory /usr/spool/mqueue 52 53then the directories listed have inappropriate write permissions and 54should be secured to avoid various possible security attacks. 55 56Beginning with sendmail 8.9, these checks have become more strict to 57prevent users from being able to access files they would normally not 58be able to read. In particular, .forward and :include: files in unsafe 59directory paths (directory paths which are group or world writable) will 60no longer be allowed. This would mean that if user joe's home directory 61was writable by group staff, sendmail would not use his .forward file. 62This behavior can be altered, at the expense of system security, by 63setting the DontBlameSendmail option. For example, to allow .forward 64files in group writable directories: 65 66 O DontBlameSendmail=forwardfileingroupwritabledirpath 67 68Or to allow them in both group and world writable directories: 69 70 O DontBlameSendmail=forwardfileinunsafedirpath 71 72Items from these unsafe .forward and :include: files will be marked 73as unsafe addresses -- the items can not be deliveries to files or 74programs. This behavior can also be altered via DontBlameSendmail: 75 76 O DontBlameSendmail=forwardfileinunsafedirpath, 77 forwardfileinunsafedirpathsafe 78 79The first flag allows the .forward file to be read, the second allows 80the items in the file to be marked as safe for file and program 81delivery. 82 83Other files affected by this strengthened security include class 84files (i.e. Fw /etc/sendmail.cw), persistent host status files, and 85the files specified by the ErrorHeader and HelpFile options. Similar 86DontBlameSendmail flags are available for the class, ErrorHeader, and 87HelpFile files. 88 89If you have an unsafe configuration of .forward and :include: 90files, you can make it safe by finding all such files, and doing 91a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for 92each directory in the file's path. 93 94 95+--------------+ 96| MANUAL PAGES | 97+--------------+ 98 99The sendmail manual pages use contemporary Berkeley troff macros. If 100your system does not process these manual pages, you can pick up the 101new macros in a BSD Net/2 FTP site (e.g. on FTP.UU.NET, the files 102/systems/unix/bsd-sources/share/tmac/*). 103 104The strip.sed file is only used in installation. 105 106After installation, edit tmac.doc and tmac.andoc to reflect the 107installation path of the tmac files. Those files contain pointers to 108/usr/share/tmac/, and those pointers are not changed by the `make 109install` process. There's also a bug in those files -- make the 110following patch: 111 112*** tmac.an~ Tue Jul 12 14:29:09 1994 113--- tmac.an Fri Jul 15 13:17:54 1994 114*************** 115*** 50,55 **** 116 .de TH 117 .rn TH xX 118 .so /usr/share/lib/tmac/tmac.an.old 119! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 120 .rm xX 121 .. 122--- 50,55 ---- 123 .de TH 124 .rn TH xX 125 .so /usr/share/lib/tmac/tmac.an.old 126! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8" 127 .rm xX 128 .. 129 130Rename the existing tmac.an to be tmac.an.old, and rename tmac.andoc 131to be tmac.an. 132 133tmac.an will choose between tmac.an.old, your old macros, or tmac.doc, 134which are the new macros, so that both the new man pages and the 135existing man pages will be translated properly. 136 137I'm also told that the groff distribution from MIT has a tmac.doc 138macro set that is compatible with these macros. 139 140 141+-----------------------+ 142| RELATED DOCUMENTATION | 143+-----------------------+ 144 145There are other files you should read. Rooted in this directory are: 146 147 doc/changes/changes.ps 148 Describes changes between Release 5 and Release 8 of sendmail. 149 There are some things that may behave somewhat differently. 150 For example, the rules governing when :include: files will 151 be read have been tightened up for security reasons. 152 FAQ 153 Answers to Frequently Asked Questions. 154 KNOWNBUGS 155 Known bugs in the current release. I try to keep this up 156 to date -- get the latest version from FTP.Sendmail.ORG 157 in /ucb/sendmail/KNOWNBUGS. 158 RELEASE_NOTES 159 A detailed description of the changes in each version. This 160 is quite long, but informative. 161 src/README 162 Details on compiling and installing sendmail. 163 cf/README 164 Details on configuring sendmail. 165 doc/op/op.me 166 The sendmail Installation & Operations Guide. Be warned: if 167 you are running this off on SunOS or some other system with an 168 old version of -me, you need to add the following macro to the 169 macros: 170 171 .de sm 172 \s-1\\$1\\s0\\$2 173 .. 174 175 This sets a word in a smaller pointsize. 176 177 178+--------------+ 179| RELATED RFCS | 180+--------------+ 181 182There are several related RFCs that you may wish to read -- they are 183available via anonymous FTP to several sites, including: 184 185 ftp://nic.ddn.mil/rfc/ 186 ftp://nis.nsf.net/documents/rfc/ 187 ftp://nisc.jvnc.net/rfc/ 188 ftp://venera.isi.edu/in-notes/ 189 ftp://wuarchive.wustl.edu/doc/rfc/ 190 191For a list of the primary repositories see: 192 193 http://www.isi.edu/in-notes/rfc-retrieval.txt 194 195They are also online at: 196 197 http://www.ietf.org/ 198 199They can also be retrieved via electronic mail by sending 200email to one of: 201 202 mail-server@nisc.sri.com 203 Put "send rfcNNN" in message body 204 nis-info@nis.nsf.net 205 Put "send RFCnnn.TXT-1" in message body 206 sendrfc@jvnc.net 207 Put "RFCnnn" as Subject: line 208 209For further instructions see: 210 211 http://www.isi.edu/in-notes/rfc-editor/rfc-info 212 213Important RFCs for electronic mail are: 214 215 RFC821 SMTP protocol 216 RFC822 Mail header format 217 RFC974 MX routing 218 RFC976 UUCP mail format 219 RFC1123 Host requirements (modifies 821, 822, and 974) 220 RFC1413 Identification server 221 RFC1869 SMTP Service Extensions (ESMTP spec) 222 RFC1652 SMTP Service Extension for 8bit-MIMEtransport 223 RFC1870 SMTP Service Extension for Message Size Declaration 224 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: 225 Format of Internet Message Bodies 226 RFC1344 Implications of MIME for Internet Mail Gateways 227 RFC1428 Transition of Internet Mail from Just-Send-8 to 228 8-bit SMTP/MIME 229 RFC1891 SMTP Service Extension for Delivery Status Notifications 230 RFC1892 Multipart/Report Content Type for the Reporting of 231 Mail System Administrative Messages 232 RFC1893 Enhanced Mail System Status Codes 233 RFC1894 An Extensible Message Format for Delivery Status 234 Notifications 235 RFC1985 SMTP Service Extension for Remote Message Queue Starting 236 RFC2033 Local Mail Transfer Protocol 237 238Other standards that may be of interest (but which are less directly 239relevant to sendmail) are: 240 241 RFC987 Mapping between RFC822 and X.400 242 RFC1049 Content-Type header field (extension to RFC822) 243 244Warning to AIX users: this version of sendmail does not implement 245MB, MR, or MG DNS resource records, as defined (as experiments) in 246RFC1035. 247 248 249+-------------------+ 250| DATABASE ROUTINES | 251+-------------------+ 252 253IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** 254use the version that was on the Net2 tape -- it has a number of 255nefarious bugs that were bad enough when I got them; you shouldn't have 256to go through the same thing. Instead, get a new version via the web at 257http://www.sleepycat.com/. This software is highly recommended; it gets 258rid of several stupid limits, it's much faster, and the interface is 259nicer to animals and plants. If the Berkeley DB include files 260are installed in a location other than those which your compiler searches, 261you will need to provide that directory when building: 262 263 Build -I/path/to/include/directory 264 265If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* 266urged to upgrade to DB version 2, available from http://www.sleepycat.com/. 267Berkeley DB versions 1.85 and 1.86 are known to be broken in various nasty 268ways (see http://www.sleepycat.com/db.185.html), and can cause sendmail 269to dump core. In addition, the newest versions of gcc and the Solaris 270compilers perform optimizations in those versions that may cause fairly 271random core dumps. 272 273If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are 274using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h 275and ndbm.o from the DB library after building it. You should also apply 276all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site 277(see http://www.sleepycat.com/db.185.html), as they fix some of the known 278problems. 279 280If you are using a version of Berkeley DB 2 previous to 2.3.15, and you 281are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o 282from the DB library after building it. No other changes are necessary. 283 284If you are using Berkeley DB version 2.3.15 or greater, no changes are 285necessary. 286 287The underlying database file formats changed between Berkeley DB versions 2881.85 and 1.86, and again between DB 1.86 and version 2.0. If you are 289upgrading from one of those versions, you must recreate your database 290file(s). Do this by rebuilding all maps with makemap and rebuilding the 291alias file with newaliases. 292 293 294+--------------------+ 295| HOST NAME SERVICES | 296+--------------------+ 297 298If you are using NIS or /etc/hosts, it is critical that you 299list the long (fully qualified) name somewhere (preferably first) in 300the /etc/hosts file used to build the NIS database. For example, the 301line should read 302 303 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon 304 305**** NOT **** 306 307 128.32.149.68 mastodon 308 309If you do not include the long name, sendmail will complain loudly 310about ``unable to qualify my own domain name (mastodon) -- using 311short name'' and conclude that your canonical name is the short 312version and use that in messages. The name "mastodon" doesn't mean 313much outside of Berkeley, and so this creates incorrect and unreplyable 314messages. 315 316 317+-------------+ 318| USE WITH MH | 319+-------------+ 320 321This version of sendmail notices and reports certain kinds of SMTP 322protocol violations that were ignored by older versions. If you 323are running MH you may wish to install the patch in contrib/mh.patch 324that will prevent these warning reports. This patch also works 325with the old version of sendmail, so it's safe to go ahead and 326install it. 327 328 329+----------------+ 330| USE WITH IDENT | 331+----------------+ 332 333Sendmail 8 supports the IDENT protocol, as defined by RFC 1413. 334No ident server is included with this distribution. I have found 335copies available on: 336 337 ftp.lysator.liu.se /pub/ident/servers 338 romulus.ucs.uoknor.edu /networking/ident/servers 339 ftp.cyf-kr.edu.pl /agh/uciagh/network/ident 340 341If you want to run an IDENT server, I suggest getting a copy from 342one of those sites. Versions are available for several different 343systems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS. 344 345 346+-------------------------+ 347| INTEROPERATION PROBLEMS | 348+-------------------------+ 349 350Microsoft Exchange Server 5.0 351 We have had a report that ``about 7% of messages from Sendmail 352 to Exchange were not being delivered with status messages of 353 "connection reset" and "I/O error".'' Upgrading Exchange from 354 Version 5.0 to Version 5.5 Service Pack 2 solved this problem. 355 356 357+---------------------+ 358| DIRECTORY STRUCTURE | 359+---------------------+ 360 361The structure of this directory tree is: 362 363cf Source for sendmail configuration files. These are 364 different than what you've seen before. They are a 365 fairly dramatic rewrite, requiring the new sendmail 366 (since they use new features). 367contrib Some contributed tools to help with sendmail. THESE 368 ARE NOT SUPPORTED by sendmail -- contact the original 369 authors if you have problems. (This directory is not 370 on the 4.4BSD tape.) 371doc Documentation. If you are getting source, read 372 op.me -- it's long, but worth it. 373mail.local The source for the local delivery agent used for 4.4BSD. 374 THIS IS NOT PART OF SENDMAIL! and may not compile 375 everywhere, since it depends on some 4.4-isms. Warning: 376 it does mailbox locking differently than other systems. 377mailstats Statistics printing program. It has the pathname of 378 sendmail.st compiled in, so if you've changed that, 379 beware. 380makemap A program that creates the keyed maps used by the $( ... $) 381 construct in sendmail. It is primitive but effective. 382 It takes a very simple input format, so you will probably 383 expect to preprocess must human-convenient formats 384 using sed scripts before this program will like them. 385 But it should be functionally complete. 386praliases A program to print the DBM or NEWDB version of the 387 aliases file. 388rmail Source for rmail(8). This is used as a delivery 389 agent for for UUCP, and could presumably be used by 390 other non-socket oriented mailers. Older versions of 391 rmail are probably deficient. RMAIL IS NOT PART OF 392 SENDMAIL!!! The 4.4BSD source is included for you to 393 look at or try to port to your system. I know it doesn't 394 compile on {SunOS, HP-UX, OSF/1, other} (pick one). 395smrsh The "sendmail restricted shell", which can be used as 396 a replacement for /bin/sh in the prog mailer to provide 397 increased security control. NOT PART OF SENDMAIL! 398src Source for the sendmail program itself. 399test Some test scripts (currently only for compilation aids). 400