xref: /freebsd/contrib/sendmail/README (revision acd3428b7d3e94cef0e1881c868cb4b131d4ff41)
1
2			SENDMAIL RELEASE 8
3
4This directory has the latest sendmail(TM) software from Sendmail, Inc.
5
6Report any bugs to sendmail-bugs-YYYY@support.sendmail.org
7where YYYY is the current year, e.g., 2005.
8
9There is a web site at http://www.sendmail.org/ -- see that site for
10the latest updates.
11
12+--------------+
13| INTRODUCTION |
14+--------------+
15
160. The vast majority of queries about sendmail are answered in the
17   README files noted below.
18
191. Read this README file, especially this introduction, and the DIRECTORY
20   PERMISSIONS sections.
21
222. Read the INSTALL file in this directory.
23
243. Read sendmail/README, especially:
25   a. the introduction
26   b. the BUILDING SENDMAIL section
27   c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
28
29   You may also find these useful:
30
31   d. sendmail/SECURITY
32   e. devtools/README
33   f. devtools/Site/README
34   g. libmilter/README
35   h. mail.local/README
36   i. smrsh/README
37
384. Read cf/README.
39
40Sendmail is a trademark of Sendmail, Inc.
41
42+-----------------------+
43| DIRECTORY PERMISSIONS |
44+-----------------------+
45
46Sendmail often gets blamed for many problems that are actually the
47result of other problems, such as overly permissive modes on directories.
48For this reason, sendmail checks the modes on system directories and
49files to determine if they can be trusted.  For sendmail to run without
50complaining, you MUST execute the following command:
51
52	chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
53	chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
54
55You will probably have to tweak this for your environment (for example,
56some systems put the spool directory into /usr/spool instead of
57/var/spool).  If you set the RunAsUser option in your sendmail.cf, the
58/var/spool/mqueue directory will have to be owned by the RunAsUser user.
59As a general rule, after you have compiled sendmail, run the command
60
61	sendmail -v -bi
62
63to initialize the alias database.  If it gives messages such as
64
65	WARNING: writable directory /etc
66	WARNING: writable directory /var/spool/mqueue
67
68then the directories listed have inappropriate write permissions and
69should be secured to avoid various possible security attacks.
70
71Beginning with sendmail 8.9, these checks have become more strict to
72prevent users from being able to access files they would normally not
73be able to read.  In particular, .forward and :include: files in unsafe
74directory paths (directory paths which are group or world writable) will
75no longer be allowed.  This would mean that if user joe's home directory
76was writable by group staff, sendmail would not use his .forward file.
77This behavior can be altered, at the expense of system security, by
78setting the DontBlameSendmail option.  For example, to allow .forward
79files in group writable directories:
80
81	O DontBlameSendmail=forwardfileingroupwritabledirpath
82
83Or to allow them in both group and world writable directories:
84
85	O DontBlameSendmail=forwardfileinunsafedirpath
86
87Items from these unsafe .forward and :include: files will be marked
88as unsafe addresses -- the items can not be deliveries to files or
89programs.  This behavior can also be altered via DontBlameSendmail:
90
91	O DontBlameSendmail=forwardfileinunsafedirpath,
92		forwardfileinunsafedirpathsafe
93
94The first flag allows the .forward file to be read, the second allows
95the items in the file to be marked as safe for file and program
96delivery.
97
98Other files affected by this strengthened security include class
99files (i.e., Fw /etc/mail/local-host-names), persistent host status files,
100and the files specified by the ErrorHeader and HelpFile options.  Similar
101DontBlameSendmail flags are available for the class, ErrorHeader, and
102HelpFile files.
103
104If you have an unsafe configuration of .forward and :include:
105files, you can make it safe by finding all such files, and doing
106a "chmod go-w $FILE" on each.  Also, do a "chmod go-w $DIR" for
107each directory in the file's path.
108
109
110+--------------------------+
111| FILE AND MAP PERMISSIONS |
112+--------------------------+
113
114Any application which uses either flock() or fcntl() style locking or
115other APIs that use one of these locking methods (such as open() with
116O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users
117may be susceptible to local denial of service attacks.
118
119File locking is used throughout sendmail for a variety of files
120including aliases, maps, statistics, and the pid file.  Any user who
121can open one of these files can prevent sendmail or it's associated
122utilities, e.g., makemap or newaliases, from operating properly.  This
123can also affect sendmail's ability to update status files such as
124statistics files.  For system which use flock() for file locking, a
125user's ability to obtain an exclusive lock prevents other sendmail
126processes from reading certain files such as alias or map databases.
127
128A workaround for this problem is to protect all sendmail files such
129that they can't be opened by untrusted users.  As long as users can
130not open a file, they can not lock it.  Since queue files should
131already have restricted permissions, the only files that need
132adjustment are alias, map, statistics, and pid files.  These files
133should be owned by root or the trusted user specified in the
134TrustedUser option.  Changing the permissions to be only readable and
135writable by that user is sufficient to avoid the denial of service.
136For example, depending on the paths you use, these commands would be
137used:
138
139	chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
140	chmod 0640 /etc/mail/*.{db,pag,dir}
141	chmod 0640 /etc/mail/statistics /var/log/sendmail.st
142	chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
143
144If the permissions 0640 are used, be sure that only trusted users belong
145to the group assigned to those files.  Otherwise, files should not even
146be group readable.  As of sendmail 8.12.4, the permissions shown above
147are the default permissions for newly created files.
148
149Note that the denial of service on the plain text aliases file
150(/etc/mail/aliases) only prevents newaliases from rebuilding the
151aliases file.  The same is true for the database files on systems which
152use fcntl() style locking.  Since it does not interfere with normal
153operations, sites may chose to leave these files readable.  Also, it is
154not necessary to protect the text files associated with map databases
155as makemap does not lock those files.
156
157
158+-----------------------+
159| RELATED DOCUMENTATION |
160+-----------------------+
161
162There are other files you should read.  Rooted in this directory are:
163
164  FAQ
165	The FAQ (frequently answered questions) is no longer maintained
166	with the sendmail release.  It is available at
167	http://www.sendmail.org/faq/ .  The file FAQ is a reminder of
168	this and a pointer to the web page.
169  INSTALL
170	Installation instructions for building and installing sendmail.
171  KNOWNBUGS
172	Known bugs in the current release.
173  RELEASE_NOTES
174	A detailed description of the changes in each version.  This
175	is quite long, but informative.
176  sendmail/README
177	Details on compiling and installing sendmail.
178  cf/README
179	Details on configuring sendmail.
180  doc/op/op.me
181	The sendmail Installation & Operations Guide.  In addition
182	to the shipped PostScript version, plain text and PDF versions
183	can be generating using (assuming the required conversion software
184	is installed on your system, see doc/op/Makefile):
185
186	cd doc/op && make op.txt op.pdf
187
188	Be warned: on some systems calling make in doc/op/ will cause
189	errors due to nroff/groff problems.  Known problems are:
190	- running this off on systems with an old version of -me, you
191	need to add the following macro to the macros:
192
193		.de sm
194		\s-1\\$1\\s0\\$2
195		..
196
197	This sets a word in a smaller pointsize.
198
199	- with new groff versions (1.18 seems affected)
200
201	GROFF_NO_SGR=1
202
203	needs to be set, e.g., in doc/op/Makefile:
204
205	ROFF_CMD=	GROFF_NO_SGR=1 groff
206
207
208+--------------+
209| RELATED RFCS |
210+--------------+
211
212There are several related RFCs that you may wish to read -- they are
213available via anonymous FTP to several sites.  For a list of the
214primary repositories see:
215
216	http://www.isi.edu/in-notes/rfc-retrieval.txt
217
218They are also online at:
219
220	http://www.ietf.org/
221
222They can also be retrieved via electronic mail by sending
223email to one of:
224
225	mail-server@nisc.sri.com
226		Put "send rfcNNN" in message body
227	nis-info@nis.nsf.net
228		Put "send RFCnnn.TXT-1" in message body
229	sendrfc@jvnc.net
230		Put "RFCnnn" as Subject: line
231
232For further instructions see:
233
234	http://www.isi.edu/in-notes/rfc-editor/rfc-info
235
236Important RFCs for electronic mail are:
237
238	RFC821	SMTP protocol
239	RFC822	Mail header format
240	RFC974	MX routing
241	RFC976	UUCP mail format
242	RFC1123	Host requirements (modifies 821, 822, and 974)
243	RFC1344	Implications of MIME for Internet Mail Gateways
244	RFC1413	Identification server
245	RFC1428	Transition of Internet Mail from Just-Send-8 to
246		8-bit SMTP/MIME
247	RFC1652	SMTP Service Extension for 8bit-MIMEtransport
248	RFC1869	SMTP Service Extensions (ESMTP spec)
249	RFC1870	SMTP Service Extension for Message Size Declaration
250	RFC1891	SMTP Service Extension for Delivery Status Notifications
251	RFC1892	Multipart/Report Content Type for the Reporting of
252		Mail System Administrative Messages
253	RFC1893	Enhanced Mail System Status Codes
254	RFC1894	An Extensible Message Format for Delivery Status
255		Notifications
256	RFC1985	SMTP Service Extension for Remote Message Queue Starting
257	RFC2033 Local Mail Transfer Protocol (LMTP)
258	RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
259	RFC2045	Multipurpose Internet Mail Extensions (MIME) Part One:
260		Format of Internet Message Bodies
261	RFC2476 Message Submission
262	RFC2487 SMTP Service Extension for Secure SMTP over TLS
263	RFC2554 SMTP Service Extension for Authentication
264	RFC2821 Simple Mail Transfer Protocol
265	RFC2822 Internet Message Format
266	RFC2852 Deliver By SMTP Service Extension
267	RFC2920 SMTP Service Extension for Command Pipelining
268
269Other standards that may be of interest (but which are less directly
270relevant to sendmail) are:
271
272	RFC987	Mapping between RFC822 and X.400
273	RFC1049	Content-Type header field (extension to RFC822)
274
275Warning to AIX users: this version of sendmail does not implement
276MB, MR, or MG DNS resource records, as defined (as experiments) in
277RFC1035.
278
279
280+---------+
281| WARNING |
282+---------+
283
284Since sendmail 8.11 and later includes hooks to cryptography, the
285following information from OpenSSL applies to sendmail as well.
286
287PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
288SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
289TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
290PARTS OF THE WORLD.  SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
291COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
292SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
293YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
294AND/OR USE LAWS WHICH APPLY TO YOU.  THE AUTHORS ARE NOT LIABLE FOR
295ANY VIOLATIONS YOU MAKE HERE.  SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
296
297If you use OpenSSL then make sure you read their README file which
298contains information about patents etc.
299
300
301+-------------------+
302| DATABASE ROUTINES |
303+-------------------+
304
305IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE:  ****  DO NOT  ****
306use the version that was on the Net2 tape -- it has a number of
307nefarious bugs that were bad enough when I got them; you shouldn't have
308to go through the same thing.  Instead, get a new version via the web at
309http://www.sleepycat.com/.  This software is highly recommended; it gets
310rid of several stupid limits, it's much faster, and the interface is
311nicer to animals and plants.  If the Berkeley DB include files
312are installed in a location other than those which your compiler searches,
313you will need to provide that directory when building:
314
315	Build -I/path/to/include/directory
316
317If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
318urged to upgrade to DB version 2 or later, available from
319http://www.sleepycat.com/.  Berkeley DB versions 1.85 and 1.86 are known to
320be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
321and can cause sendmail to dump core.  In addition, the newest versions of
322gcc and the Solaris compilers perform optimizations in those versions that
323may cause fairly random core dumps.
324
325If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
326using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
327and ndbm.o from the DB library after building it.  You should also apply
328all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
329(see http://www.sleepycat.com/db.185.html), as they fix some of the known
330problems.
331
332If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
333are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
334from the DB library after building it.  No other changes are necessary.
335
336If you are using Berkeley DB version 2.3.15 or greater, no changes are
337necessary.
338
339The underlying database file formats changed between Berkeley DB versions
3401.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
341DB 2.X and 3.X.  If you are upgrading from one of those versions, you must
342recreate your database file(s).  Do this by rebuilding all maps with
343makemap and rebuilding the alias file with newaliases.
344
345
346+--------------------+
347| HOST NAME SERVICES |
348+--------------------+
349
350If you are using NIS or /etc/hosts, it is critical that you
351list the long (fully qualified) name somewhere (preferably first) in
352the /etc/hosts file used to build the NIS database.  For example, the
353line should read
354
355	128.32.149.68   mastodon.CS.Berkeley.EDU mastodon
356
357**** NOT ****
358
359	128.32.149.68   mastodon
360
361If you do not include the long name, sendmail will complain loudly
362about ``unable to qualify my own domain name (mastodon) -- using
363short name'' and conclude that your canonical name is the short
364version and use that in messages.  The name "mastodon" doesn't mean
365much outside of Berkeley, and so this creates incorrect and unreplyable
366messages.
367
368
369+-------------+
370| USE WITH MH |
371+-------------+
372
373This version of sendmail notices and reports certain kinds of SMTP
374protocol violations that were ignored by older versions.  If you
375are running MH you may wish to install the patch in contrib/mh.patch
376that will prevent these warning reports.  This patch also works
377with the old version of sendmail, so it's safe to go ahead and
378install it.
379
380
381+----------------+
382| USE WITH IDENT |
383+----------------+
384
385Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
386Note that the RFC states a client should wait at least 30 seconds
387for a response.  As of 8.10.0, the default Timeout.ident is 5 seconds
388as many sites have adopted the practice of dropping IDENT queries.
389This has lead to delays processing mail.
390
391No ident server is included with this distribution.  It is available
392from:
393
394  ftp://ftp.lysator.liu.se/pub/ident/servers/
395  http://sf.www.lysator.liu.se/~pen/pidentd/
396
397+-------------------------+
398| INTEROPERATION PROBLEMS |
399+-------------------------+
400
401Microsoft Exchange Server 5.0
402	We have had a report that ``about 7% of messages from Sendmail
403	to Exchange were not being delivered with status messages of
404	"connection reset" and "I/O error".''  Upgrading Exchange from
405	Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
406
407CommuniGate Pro
408	CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
409	the MAIL FROM command if the client is not authenticated.  Use
410
411		define(`confAUTH_OPTIONS', `A')
412
413	in .mc file if you have compiled sendmail with Cyrus SASL
414	and you communicate with CommuniGate Pro servers.
415
416+---------------------+
417| DIRECTORY STRUCTURE |
418+---------------------+
419
420The structure of this directory tree is:
421
422cf		Source for sendmail configuration files.  These are
423		different than what you've seen before.  They are a
424		fairly dramatic rewrite, requiring the new sendmail
425		(since they use new features).
426contrib		Some contributed tools to help with sendmail.  THESE
427		ARE NOT SUPPORTED by sendmail -- contact the original
428		authors if you have problems.  (This directory is not
429		on the 4.4BSD tape.)
430devtools	Build environment.  See devtools/README.
431doc		Documentation.  If you are getting source, read
432		op.me -- it's long, but worth it.
433editmap		A program to edit and query maps that have been created
434		with makemap, e.g., adding and deleting entries.
435include		Include files used by multiple programs in the distribution.
436libsmdb		sendmail database library with support for Berkeley DB 1.X,
437		Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
438libsmutil	sendmail utility library with functions used by different
439		programs.
440mail.local	The source for the local delivery agent used for 4.4BSD.
441		THIS IS NOT PART OF SENDMAIL! and may not compile
442		everywhere, since it depends on some 4.4-isms.  Warning:
443		it does mailbox locking differently than other systems.
444mailstats	Statistics printing program.
445makemap		A program that creates the keyed maps used by the $( ... $)
446		construct in sendmail.  It is primitive but effective.
447		It takes a very simple input format, so you will probably
448		expect to preprocess must human-convenient formats
449		using sed scripts before this program will like them.
450		But it should be functionally complete.
451praliases	A program to print the DBM or NEWDB version of the
452		aliases file.
453rmail		Source for rmail(8).  This is used as a delivery
454		agent for for UUCP, and could presumably be used by
455		other non-socket oriented mailers.  Older versions of
456		rmail are probably deficient.  RMAIL IS NOT PART OF
457		SENDMAIL!!!  The 4.4BSD source is included for you to
458		look at or try to port to your system.  There is no
459		guarantee it will even compile on your operating system.
460smrsh		The "sendmail restricted shell", which can be used as
461		a replacement for /bin/sh in the prog mailer to provide
462		increased security control.  NOT PART OF SENDMAIL!
463sendmail	Source for the sendmail program itself.
464test		Some test scripts (currently only for compilation aids).
465vacation	Source for the vacation program.  NOT PART OF SENDMAIL!
466
467$Revision: 8.93 $, Last updated $Date: 2005/09/16 20:08:50 $
468