xref: /freebsd/contrib/sendmail/README (revision 8311bc5f17dec348749f763b82dfe2737bc53cd7)
1
2			SENDMAIL RELEASE 8
3
4This directory has the latest sendmail(TM) software from Proofpoint, Inc.
5
6Report any bugs to sendmail-bugs-YYYY@support.sendmail.org
7where YYYY is the current year, e.g., 2023.
8
9There is a web site at https://www.sendmail.org/ -- see that site for
10the latest updates.
11
12
13+--------------+
14| INTRODUCTION |
15+--------------+
16
170. The vast majority of queries about sendmail are answered in the
18   README files noted below.
19
201. Read this README file, especially this introduction, and the DIRECTORY
21   PERMISSIONS sections.
22
232. Read the INSTALL file in this directory.
24
253. Read sendmail/README, especially:
26   a. the introduction
27   b. the BUILDING SENDMAIL section
28   c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
29
30   You may also find these useful:
31
32   d. sendmail/SECURITY
33   e. devtools/README
34   f. devtools/Site/README
35   g. libmilter/README
36   h. mail.local/README
37   i. smrsh/README
38
394. Read cf/README.
40
41Sendmail is a trademark of Proofpoint, Inc.
42US Patent Numbers 6865671, 6986037.
43
44
45+-----------------------+
46| DIRECTORY PERMISSIONS |
47+-----------------------+
48
49Sendmail often gets blamed for many problems that are actually the
50result of other problems, such as overly permissive modes on directories.
51For this reason, sendmail checks the modes on system directories and
52files to determine if they can be trusted.  For sendmail to run without
53complaining, you MUST execute the following command:
54
55	chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
56	chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
57
58You will probably have to tweak this for your environment (for example,
59some systems put the spool directory into /usr/spool instead of
60/var/spool).  If you set the RunAsUser option in your sendmail.cf, the
61/var/spool/mqueue directory will have to be owned by the RunAsUser user.
62As a general rule, after you have compiled sendmail, run the command
63
64	sendmail -v -bi
65
66to initialize the alias database.  If it gives messages such as
67
68	WARNING: writable directory /etc
69	WARNING: writable directory /var/spool/mqueue
70
71then the directories listed have inappropriate write permissions and
72should be secured to avoid various possible security attacks.
73
74Beginning with sendmail 8.9, these checks have become more strict to
75prevent users from being able to access files they would normally not
76be able to read.  In particular, .forward and :include: files in unsafe
77directory paths (directory paths which are group or world writable) will
78no longer be allowed.  This would mean that if user joe's home directory
79was writable by group staff, sendmail would not use his .forward file.
80This behavior can be altered, at the expense of system security, by
81setting the DontBlameSendmail option.  For example, to allow .forward
82files in group writable directories:
83
84	O DontBlameSendmail=forwardfileingroupwritabledirpath
85
86Or to allow them in both group and world writable directories:
87
88	O DontBlameSendmail=forwardfileinunsafedirpath
89
90Items from these unsafe .forward and :include: files will be marked
91as unsafe addresses -- the items can not be deliveries to files or
92programs.  This behavior can also be altered via DontBlameSendmail:
93
94	O DontBlameSendmail=forwardfileinunsafedirpath,
95		forwardfileinunsafedirpathsafe
96
97The first flag allows the .forward file to be read, the second allows
98the items in the file to be marked as safe for file and program
99delivery.
100
101Other files affected by this strengthened security include class
102files (i.e., Fw /etc/mail/local-host-names), persistent host status files,
103and the files specified by the ErrorHeader and HelpFile options.  Similar
104DontBlameSendmail flags are available for the class, ErrorHeader, and
105HelpFile files.
106
107If you have an unsafe configuration of .forward and :include:
108files, you can make it safe by finding all such files, and doing
109a "chmod go-w $FILE" on each.  Also, do a "chmod go-w $DIR" for
110each directory in the file's path.
111
112
113+--------------------------+
114| FILE AND MAP PERMISSIONS |
115+--------------------------+
116
117Any application which uses either flock() or fcntl() style locking or
118other APIs that use one of these locking methods (such as open() with
119O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users
120may be susceptible to local denial of service attacks.
121
122File locking is used throughout sendmail for a variety of files
123including aliases, maps, statistics, and the pid file.  Any user who
124can open one of these files can prevent sendmail or it's associated
125utilities, e.g., makemap or newaliases, from operating properly.  This
126can also affect sendmail's ability to update status files such as
127statistics files.  For system which use flock() for file locking, a
128user's ability to obtain an exclusive lock prevents other sendmail
129processes from reading certain files such as alias or map databases.
130
131A workaround for this problem is to protect all sendmail files such
132that they can't be opened by untrusted users.  As long as users can
133not open a file, they can not lock it.  Since queue files should
134already have restricted permissions, the only files that need
135adjustment are alias, map, statistics, and pid files.  These files
136should be owned by root or the trusted user specified in the
137TrustedUser option.  Changing the permissions to be only readable and
138writable by that user is sufficient to avoid the denial of service.
139For example, depending on the paths you use, these commands would be
140used:
141
142	chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
143	chmod 0640 /etc/mail/*.{db,pag,dir}
144	chmod 0640 /etc/mail/statistics /var/log/sendmail.st
145	chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
146
147If the permissions 0640 are used, be sure that only trusted users belong
148to the group assigned to those files.  Otherwise, files should not even
149be group readable.  As of sendmail 8.12.4, the permissions shown above
150are the default permissions for newly created files.
151
152Note that the denial of service on the plain text aliases file
153(/etc/mail/aliases) only prevents newaliases from rebuilding the
154aliases file.  The same is true for the database files on systems which
155use fcntl() style locking.  Since it does not interfere with normal
156operations, sites may chose to leave these files readable.  Also, it is
157not necessary to protect the text files associated with map databases
158as makemap does not lock those files.
159
160
161+-----------------------+
162| RELATED DOCUMENTATION |
163+-----------------------+
164
165There are other files you should read.  Rooted in this directory are:
166
167  FAQ
168	The FAQ (frequently answered questions) is no longer maintained
169	with the sendmail release.  It is available at
170	http://www.sendmail.org/faq/ .  The file FAQ is a reminder of
171	this and a pointer to the web page.
172  INSTALL
173	Installation instructions for building and installing sendmail.
174  KNOWNBUGS
175	Known bugs in the current release.
176  RELEASE_NOTES
177	A detailed description of the changes in each version.  This
178	is quite long, but informative.
179  sendmail/README
180	Details on compiling and installing sendmail.
181  cf/README
182	Details on configuring sendmail.
183  doc/op/op.me
184	The sendmail Installation & Operations Guide.  In addition
185	to the shipped PostScript version, plain text and PDF versions
186	can be generating using (assuming the required conversion software
187	is installed on your system, see doc/op/Makefile):
188
189	cd doc/op && make op.txt op.pdf
190
191	Be warned: on some systems calling make in doc/op/ will cause
192	errors due to nroff/groff problems.  Known problems are:
193	- running this off on systems with an old version of -me, you
194	need to add the following macro to the macros:
195
196		.de sm
197		\s-1\\$1\\s0\\$2
198		..
199
200	This sets a word in a smaller pointsize.
201
202
203+--------------+
204| RELATED RFCS |
205+--------------+
206
207There are several related RFCs that you may wish to read -- they are
208available from several sites, see
209
210	http://www.rfc-editor.org/
211	http://www.ietf.org/
212
213Important RFCs for electronic mail are:
214
215	RFC821	SMTP protocol
216	RFC822	Mail header format
217	RFC974	MX routing
218	RFC976	UUCP mail format
219	RFC1123	Host requirements (modifies 821, 822, and 974)
220	RFC1344	Implications of MIME for Internet Mail Gateways
221	RFC1413	Identification server
222	RFC1428	Transition of Internet Mail from Just-Send-8 to
223		8-bit SMTP/MIME
224	RFC1652	SMTP Service Extension for 8bit-MIMEtransport
225	RFC1869	SMTP Service Extensions (ESMTP spec)
226	RFC1870	SMTP Service Extension for Message Size Declaration
227	RFC1891	SMTP Service Extension for Delivery Status Notifications
228	RFC1892	Multipart/Report Content Type for the Reporting of
229		Mail System Administrative Messages
230	RFC1893	Enhanced Mail System Status Codes
231	RFC1894	An Extensible Message Format for Delivery Status
232		Notifications
233	RFC1985	SMTP Service Extension for Remote Message Queue Starting
234	RFC2033 Local Mail Transfer Protocol (LMTP)
235	RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
236	RFC2045	Multipurpose Internet Mail Extensions (MIME) Part One:
237		Format of Internet Message Bodies
238	RFC2476 Message Submission
239	RFC2487 SMTP Service Extension for Secure SMTP over TLS
240	RFC2554 SMTP Service Extension for Authentication
241	RFC2821 Simple Mail Transfer Protocol
242	RFC2822 Internet Message Format
243	RFC2852 Deliver By SMTP Service Extension
244	RFC2920 SMTP Service Extension for Command Pipelining
245	RFC5321 Simple Mail Transfer Protocol
246	RFC5322 Internet Message Format
247	RFC6530 Overview and Framework for Internationalized Email
248	RFC6531 SMTP Extension for Internationalized Email
249	RFC6532 Internationalized Email Headers
250	RFC6533 Internationalized Delivery Status and Disposition Notifications
251	RFC8461 SMTP MTA Strict Transport Security (MTA-STS)
252
253Other standards that may be of interest (but which are less directly
254relevant to sendmail) are:
255
256	RFC987	Mapping between RFC822 and X.400
257	RFC1049	Content-Type header field (extension to RFC822)
258
259Warning to AIX users: this version of sendmail does not implement
260MB, MR, or MG DNS resource records, as defined (as experiments) in
261RFC1035.
262
263
264+---------+
265| WARNING |
266+---------+
267
268Since sendmail 8.11 and later includes hooks to cryptography, the
269following information from OpenSSL applies to sendmail as well.
270
271PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
272SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
273TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
274PARTS OF THE WORLD.  SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
275COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
276SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
277YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
278AND/OR USE LAWS WHICH APPLY TO YOU.  THE AUTHORS ARE NOT LIABLE FOR
279ANY VIOLATIONS YOU MAKE HERE.  SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
280
281If you use OpenSSL then make sure you read their README file which
282contains information about patents etc.
283
284
285+-------------------+
286| DATABASE ROUTINES |
287+-------------------+
288
289IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE:  ****  DO NOT  ****
290use the version that was on the Net2 tape -- it has a number of
291nefarious bugs that were bad enough when I got them; you shouldn't have
292to go through the same thing.  Instead, get a new version via the web at
293http://www.sleepycat.com/.  This software is highly recommended; it gets
294rid of several stupid limits, it's much faster, and the interface is
295nicer to animals and plants.  If the Berkeley DB include files
296are installed in a location other than those which your compiler searches,
297you will need to provide that directory when building:
298
299	./Build -I/path/to/include/directory
300
301If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
302urged to upgrade to DB version 2 or later, available from
303http://www.sleepycat.com/.  Berkeley DB versions 1.85 and 1.86 are known to
304be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
305and can cause sendmail to dump core.  In addition, the newest versions of
306gcc and the Solaris compilers perform optimizations in those versions that
307may cause fairly random core dumps.
308
309If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
310using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
311and ndbm.o from the DB library after building it.  You should also apply
312all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
313(see http://www.sleepycat.com/db.185.html), as they fix some of the known
314problems.
315
316If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
317are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
318from the DB library after building it.  No other changes are necessary.
319
320If you are using Berkeley DB version 2.3.15 or greater, no changes are
321necessary.
322
323The underlying database file formats changed between Berkeley DB versions
3241.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
325DB 2.X and 3.X.  If you are upgrading from one of those versions, you must
326recreate your database file(s).  Do this by rebuilding all maps with
327makemap and rebuilding the alias file with newaliases.
328
329File locking using fcntl() does not interoperate with Berkeley DB
3305.x (and probably later).  Use CDB, flock() (-DHASFLOCK), or an
331earlier Berkeley DB version.
332
333
334+--------------------+
335| HOST NAME SERVICES |
336+--------------------+
337
338If you are using NIS or /etc/hosts, it is critical that you
339list the long (fully qualified) name somewhere (preferably first) in
340the /etc/hosts file used to build the NIS database.  For example, the
341line should read
342
343	128.32.149.68   mastodon.CS.Berkeley.EDU mastodon
344
345**** NOT ****
346
347	128.32.149.68   mastodon
348
349If you do not include the long name, sendmail will complain loudly
350about ``unable to qualify my own domain name (mastodon) -- using
351short name'' and conclude that your canonical name is the short
352version and use that in messages.  The name "mastodon" doesn't mean
353much outside of Berkeley, and so this creates incorrect and unreplyable
354messages.
355
356
357+-------------+
358| USE WITH MH |
359+-------------+
360
361This version of sendmail notices and reports certain kinds of SMTP
362protocol violations that were ignored by older versions.  If you
363are running MH you may wish to install the patch in contrib/mh.patch
364that will prevent these warning reports.  This patch also works
365with the old version of sendmail, so it's safe to go ahead and
366install it.
367
368
369+----------------+
370| USE WITH IDENT |
371+----------------+
372
373Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
374Note that the RFC states a client should wait at least 30 seconds
375for a response.  As of 8.10.0, the default Timeout.ident is 5 seconds
376as many sites have adopted the practice of dropping IDENT queries.
377This has lead to delays processing mail.
378
379
380+-------------------------+
381| INTEROPERATION PROBLEMS |
382+-------------------------+
383
384Microsoft Exchange Server 5.0
385	We have had a report that ``about 7% of messages from Sendmail
386	to Exchange were not being delivered with status messages of
387	"connection reset" and "I/O error".''  Upgrading Exchange from
388	Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
389
390CommuniGate Pro
391	CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
392	the MAIL FROM command if the client is not authenticated.  Use
393
394		define(`confAUTH_OPTIONS', `A')
395
396	in .mc file if you have compiled sendmail with Cyrus SASL
397	and you communicate with CommuniGate Pro servers.
398
399
400+---------------------+
401| DIRECTORY STRUCTURE |
402+---------------------+
403
404The structure of this directory tree is:
405
406cf		Source for sendmail configuration files.  These are
407		different than what you've seen before.  They are a
408		fairly dramatic rewrite, requiring the new sendmail
409		(since they use new features).
410contrib		Some contributed tools to help with sendmail.  THESE
411		ARE NOT SUPPORTED by sendmail -- contact the original
412		authors if you have problems.  (This directory is not
413		on the 4.4BSD tape.)
414devtools	Build environment.  See devtools/README.
415doc		Documentation.  If you are getting source, read
416		op.me -- it's long, but worth it.
417editmap		A program to edit and query maps that have been created
418		with makemap, e.g., adding and deleting entries.
419include		Include files used by multiple programs in the distribution.
420libsmdb		sendmail database library with support for Berkeley DB 1.X,
421		Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
422libsmutil	sendmail utility library with functions used by different
423		programs.
424mail.local	The source for the local delivery agent used for 4.4BSD.
425		THIS IS NOT PART OF SENDMAIL! and may not compile
426		everywhere, since it depends on some 4.4-isms.  Warning:
427		it does mailbox locking differently than other systems.
428mailstats	Statistics printing program.
429makemap		A program that creates the keyed maps used by the $( ... $)
430		construct in sendmail.  It is primitive but effective.
431		It takes a very simple input format, so you will probably
432		expect to preprocess must human-convenient formats
433		using sed scripts before this program will like them.
434		But it should be functionally complete.
435praliases	A program to print the map version of the aliases file.
436rmail		Source for rmail(8).  This is used as a delivery
437		agent for for UUCP, and could presumably be used by
438		other non-socket oriented mailers.  Older versions of
439		rmail are probably deficient.  RMAIL IS NOT PART OF
440		SENDMAIL!!!  The 4.4BSD source is included for you to
441		look at or try to port to your system.  There is no
442		guarantee it will even compile on your operating system.
443smrsh		The "sendmail restricted shell", which can be used as
444		a replacement for /bin/sh in the prog mailer to provide
445		increased security control.  NOT PART OF SENDMAIL!
446sendmail	Source for the sendmail program itself.
447test		Some test scripts (currently only for compilation aids).
448vacation	Source for the vacation program.  NOT PART OF SENDMAIL!
449
450