xref: /freebsd/contrib/sendmail/README (revision 7f3dea244c40159a41ab22da77a434d7c5b5e85a)
1/*-
2 *	@(#)README	8.51 (Berkeley) 1/25/1999
3 */
4
5			SENDMAIL RELEASE 8
6
7This directory has the latest sendmail(TM) software from Sendmail, Inc.
8See doc/changes/changes.me for a summary of changes since 5.67.
9
10Report any bugs to sendmail-bugs@sendmail.ORG
11
12There is a web site at http://WWW.Sendmail.ORG -- see that site for
13the latest updates.
14
15******************************************************************
16**  A new Build architecture is in place that allows you to	**
17**  use the "Build" shell script in any of the program		**
18**  directories.  On many environments this will do everything	**
19**  for you, no fuss, no muss.  See src/README for more details	**
20**  of compilation.  See cf/README for details about building	**
21**  a runtime configuration file.				**
22******************************************************************
23
24Sendmail is a trademark of Sendmail, Inc.
25
26+-----------------------+
27| DIRECTORY PERMISSIONS |
28+-----------------------+
29
30Sendmail often gets blamed for many problems that are actually the
31result of other problems, such as overly permissive modes on directories.
32For this reason, sendmail checks the modes on system directories and
33files to determine if can have been trusted.  For sendmail to run
34without complaining, you MUST execute the following command:
35
36	chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
37	chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
38
39You will probably have to tweak this for your environment (for example,
40some systems put the spool directory into /usr/spool instead of
41/var/spool and use /etc/mail for aliases file instead of /etc).  If you
42set the RunAsUser option in your sendmail.cf, the /var/spool/mqueue
43directory will have to be owned by the RunAsUser user.  As a general rule,
44after you have compiled sendmail, run the command
45
46	sendmail -v -bi
47
48to initialize the alias database.  If it gives messages such as
49
50	WARNING: writable directory /etc
51	WARNING: writable directory /usr/spool/mqueue
52
53then the directories listed have inappropriate write permissions and
54should be secured to avoid various possible security attacks.
55
56Beginning with sendmail 8.9, these checks have become more strict to
57prevent users from being able to access files they would normally not
58be able to read.  In particular, .forward and :include: files in unsafe
59directory paths (directory paths which are group or world writable) will
60no longer be allowed.  This would mean that if user joe's home directory
61was writable by group staff, sendmail would not use his .forward file.
62This behavior can be altered, at the expense of system security, by
63setting the DontBlameSendmail option.  For example, to allow .forward
64files in group writable directories:
65
66	O DontBlameSendmail=forwardfileingroupwritabledirpath
67
68Or to allow them in both group and world writable directories:
69
70	O DontBlameSendmail=forwardfileinunsafedirpath
71
72Items from these unsafe .forward and :include: files will be marked
73as unsafe addresses -- the items can not be deliveries to files or
74programs.  This behavior can also be altered via DontBlameSendmail:
75
76	O DontBlameSendmail=forwardfileinunsafedirpath,
77		forwardfileinunsafedirpathsafe
78
79The first flag allows the .forward file to be read, the second allows
80the items in the file to be marked as safe for file and program
81delivery.
82
83Other files affected by this strengthened security include class
84files (i.e. Fw /etc/sendmail.cw), persistent host status files, and
85the files specified by the ErrorHeader and HelpFile options.  Similar
86DontBlameSendmail flags are available for the class, ErrorHeader, and
87HelpFile files.
88
89If you have an unsafe configuration of .forward and :include:
90files, you can make it safe by finding all such files, and doing
91a "chmod go-w $FILE" on each.  Also, do a "chmod go-w $DIR" for
92each directory in the file's path.
93
94
95+--------------+
96| MANUAL PAGES |
97+--------------+
98
99The sendmail manual pages use contemporary Berkeley troff macros.  If
100your system does not process these manual pages, you can pick up the
101new macros in a BSD Net/2 FTP site (e.g.  on FTP.UU.NET, the files
102/systems/unix/bsd-sources/share/tmac/*).
103
104The strip.sed file is only used in installation.
105
106After installation, edit tmac.doc and tmac.andoc to reflect the
107installation path of the tmac files.  Those files contain pointers to
108/usr/share/tmac/, and those pointers are not changed by the `make
109install` process.  There's also a bug in those files -- make the
110following patch:
111
112*** tmac.an~    Tue Jul 12 14:29:09 1994
113--- tmac.an     Fri Jul 15 13:17:54 1994
114***************
115*** 50,55 ****
116  .de TH
117  .rn TH xX
118  .so /usr/share/lib/tmac/tmac.an.old
119! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8
120  .rm xX
121  ..
122--- 50,55 ----
123  .de TH
124  .rn TH xX
125  .so /usr/share/lib/tmac/tmac.an.old
126! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8"
127  .rm xX
128  ..
129
130Rename the existing tmac.an to be tmac.an.old, and rename tmac.andoc
131to be tmac.an.
132
133tmac.an will choose between tmac.an.old, your old macros, or tmac.doc,
134which are the new macros, so that both the new man pages and the
135existing man pages will be translated properly.
136
137I'm also told that the groff distribution from MIT has a tmac.doc
138macro set that is compatible with these macros.
139
140
141+-----------------------+
142| RELATED DOCUMENTATION |
143+-----------------------+
144
145There are other files you should read.  Rooted in this directory are:
146
147  doc/changes/changes.ps
148	Describes changes between Release 5 and Release 8 of sendmail.
149	There are some things that may behave somewhat differently.
150	For example, the rules governing when :include: files will
151	be read have been tightened up for security reasons.
152  FAQ
153	Answers to Frequently Asked Questions.
154  KNOWNBUGS
155	Known bugs in the current release.  I try to keep this up
156	to date -- get the latest version from FTP.Sendmail.ORG
157	in /ucb/sendmail/KNOWNBUGS.
158  RELEASE_NOTES
159	A detailed description of the changes in each version.  This
160	is quite long, but informative.
161  src/README
162	Details on compiling and installing sendmail.
163  cf/README
164	Details on configuring sendmail.
165  doc/op/op.me
166	The sendmail Installation & Operations Guide.  Be warned: if
167	you are running this off on SunOS or some other system with an
168	old version of -me, you need to add the following macro to the
169	macros:
170
171		.de sm
172		\s-1\\$1\\s0\\$2
173		..
174
175	This sets a word in a smaller pointsize.
176
177
178+--------------+
179| RELATED RFCS |
180+--------------+
181
182There are several related RFCs that you may wish to read -- they are
183available via anonymous FTP to several sites, including:
184
185	ftp://nic.ddn.mil/rfc/
186	ftp://nis.nsf.net/documents/rfc/
187	ftp://nisc.jvnc.net/rfc/
188	ftp://venera.isi.edu/in-notes/
189	ftp://wuarchive.wustl.edu/doc/rfc/
190
191For a list of the primary repositories see:
192
193	http://www.isi.edu/in-notes/rfc-retrieval.txt
194
195They are also online at:
196
197	http://www.ietf.org/
198
199They can also be retrieved via electronic mail by sending
200email to one of:
201
202	mail-server@nisc.sri.com
203		Put "send rfcNNN" in message body
204	nis-info@nis.nsf.net
205		Put "send RFCnnn.TXT-1" in message body
206	sendrfc@jvnc.net
207		Put "RFCnnn" as Subject: line
208
209For further instructions see:
210
211	http://www.isi.edu/in-notes/rfc-editor/rfc-info
212
213Important RFCs for electronic mail are:
214
215	RFC821	SMTP protocol
216	RFC822	Mail header format
217	RFC974	MX routing
218	RFC976	UUCP mail format
219	RFC1123	Host requirements (modifies 821, 822, and 974)
220	RFC1413	Identification server
221	RFC1869	SMTP Service Extensions (ESMTP spec)
222	RFC1652	SMTP Service Extension for 8bit-MIMEtransport
223	RFC1870	SMTP Service Extension for Message Size Declaration
224	RFC2045	Multipurpose Internet Mail Extensions (MIME) Part One:
225		Format of Internet Message Bodies
226	RFC1344	Implications of MIME for Internet Mail Gateways
227	RFC1428	Transition of Internet Mail from Just-Send-8 to
228		8-bit SMTP/MIME
229	RFC1891	SMTP Service Extension for Delivery Status Notifications
230	RFC1892	Multipart/Report Content Type for the Reporting of
231		Mail System Administrative Messages
232	RFC1893	Enhanced Mail System Status Codes
233	RFC1894	An Extensible Message Format for Delivery Status
234		Notifications
235	RFC1985	SMTP Service Extension for Remote Message Queue Starting
236	RFC2033 Local Mail Transfer Protocol
237
238Other standards that may be of interest (but which are less directly
239relevant to sendmail) are:
240
241	RFC987	Mapping between RFC822 and X.400
242	RFC1049	Content-Type header field (extension to RFC822)
243
244Warning to AIX users: this version of sendmail does not implement
245MB, MR, or MG DNS resource records, as defined (as experiments) in
246RFC1035.
247
248
249+-------------------+
250| DATABASE ROUTINES |
251+-------------------+
252
253IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE:  ****  DO NOT  ****
254use the version that was on the Net2 tape -- it has a number of
255nefarious bugs that were bad enough when I got them; you shouldn't have
256to go through the same thing.  Instead, get a new version via the web at
257http://www.sleepycat.com/.  This software is highly recommended; it gets
258rid of several stupid limits, it's much faster, and the interface is
259nicer to animals and plants.  If the Berkeley DB include files
260are installed in a location other than those which your compiler searches,
261you will need to provide that directory when building:
262
263	Build -I/path/to/include/directory
264
265If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
266urged to upgrade to DB version 2, available from http://www.sleepycat.com/.
267Berkeley DB versions 1.85 and 1.86 are known to be broken in various nasty
268ways (see http://www.sleepycat.com/db.185.html), and can cause sendmail
269to dump core.  In addition, the newest versions of gcc and the Solaris
270compilers perform optimizations in those versions that may cause fairly
271random core dumps.
272
273If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
274using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
275and ndbm.o from the DB library after building it.  You should also apply
276all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
277(see http://www.sleepycat.com/db.185.html), as they fix some of the known
278problems.
279
280If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
281are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
282from the DB library after building it.  No other changes are necessary.
283
284If you are using Berkeley DB version 2.3.15 or greater, no changes are
285necessary.
286
287The underlying database file formats changed between Berkeley DB versions
2881.85 and 1.86, and again between DB 1.86 and version 2.0.  If you are
289upgrading from one of those versions, you must recreate your database
290file(s).  Do this by rebuilding all maps with makemap and rebuilding the
291alias file with newaliases.
292
293
294+--------------------+
295| HOST NAME SERVICES |
296+--------------------+
297
298If you are using NIS or /etc/hosts, it is critical that you
299list the long (fully qualified) name somewhere (preferably first) in
300the /etc/hosts file used to build the NIS database.  For example, the
301line should read
302
303	128.32.149.68   mastodon.CS.Berkeley.EDU mastodon
304
305**** NOT ****
306
307	128.32.149.68   mastodon
308
309If you do not include the long name, sendmail will complain loudly
310about ``unable to qualify my own domain name (mastodon) -- using
311short name'' and conclude that your canonical name is the short
312version and use that in messages.  The name "mastodon" doesn't mean
313much outside of Berkeley, and so this creates incorrect and unreplyable
314messages.
315
316
317+-------------+
318| USE WITH MH |
319+-------------+
320
321This version of sendmail notices and reports certain kinds of SMTP
322protocol violations that were ignored by older versions.  If you
323are running MH you may wish to install the patch in contrib/mh.patch
324that will prevent these warning reports.  This patch also works
325with the old version of sendmail, so it's safe to go ahead and
326install it.
327
328
329+----------------+
330| USE WITH IDENT |
331+----------------+
332
333Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
334No ident server is included with this distribution.  I have found
335copies available on:
336
337  ftp.lysator.liu.se		/pub/ident/servers
338  romulus.ucs.uoknor.edu	/networking/ident/servers
339  ftp.cyf-kr.edu.pl		/agh/uciagh/network/ident
340
341If you want to run an IDENT server, I suggest getting a copy from
342one of those sites.  Versions are available for several different
343systems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS.
344
345
346+-------------------------+
347| INTEROPERATION PROBLEMS |
348+-------------------------+
349
350Microsoft Exchange Server 5.0
351	We have had a report that ``about 7% of messages from Sendmail
352	to Exchange were not being delivered with status messages of
353	"connection reset" and "I/O error".''  Upgrading Exchange from
354	Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
355
356
357+---------------------+
358| DIRECTORY STRUCTURE |
359+---------------------+
360
361The structure of this directory tree is:
362
363cf		Source for sendmail configuration files.  These are
364		different than what you've seen before.  They are a
365		fairly dramatic rewrite, requiring the new sendmail
366		(since they use new features).
367contrib		Some contributed tools to help with sendmail.  THESE
368		ARE NOT SUPPORTED by sendmail -- contact the original
369		authors if you have problems.  (This directory is not
370		on the 4.4BSD tape.)
371doc		Documentation.  If you are getting source, read
372		op.me -- it's long, but worth it.
373mail.local	The source for the local delivery agent used for 4.4BSD.
374		THIS IS NOT PART OF SENDMAIL! and may not compile
375		everywhere, since it depends on some 4.4-isms.  Warning:
376		it does mailbox locking differently than other systems.
377mailstats	Statistics printing program.  It has the pathname of
378		sendmail.st compiled in, so if you've changed that,
379		beware.
380makemap		A program that creates the keyed maps used by the $( ... $)
381		construct in sendmail.  It is primitive but effective.
382		It takes a very simple input format, so you will probably
383		expect to preprocess must human-convenient formats
384		using sed scripts before this program will like them.
385		But it should be functionally complete.
386praliases	A program to print the DBM or NEWDB version of the
387		aliases file.
388rmail		Source for rmail(8).  This is used as a delivery
389		agent for for UUCP, and could presumably be used by
390		other non-socket oriented mailers.  Older versions of
391		rmail are probably deficient.  RMAIL IS NOT PART OF
392		SENDMAIL!!!  The 4.4BSD source is included for you to
393		look at or try to port to your system.  I know it doesn't
394		compile on {SunOS, HP-UX, OSF/1, other} (pick one).
395smrsh		The "sendmail restricted shell", which can be used as
396		a replacement for /bin/sh in the prog mailer to provide
397		increased security control.  NOT PART OF SENDMAIL!
398src		Source for the sendmail program itself.
399test		Some test scripts (currently only for compilation aids).
400