1 2 SENDMAIL RELEASE 8 3 4This directory has the latest sendmail(TM) software from Sendmail, Inc. 5 6Report any bugs to sendmail-bugs@sendmail.ORG 7 8There is a web site at http://WWW.Sendmail.ORG/ -- see that site for 9the latest updates. 10 11+--------------+ 12| INTRODUCTION | 13+--------------+ 14 150. The vast majority of queries to <sendmail-questions@sendmail.org> 16 are answered in the README files noted below. 17 181. Read this README file, especially this introduction, and the DIRECTORY 19 PERMISSIONS sections. 20 212. Read the INSTALL file in this directory. 22 233. Read sendmail/README, especially: 24 a. the introduction 25 b. the BUILDING SENDMAIL section 26 c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section 27 28 You may also find these useful: 29 30 d. sendmail/SECURITY 31 e. devtools/README 32 f. devtools/Site/README 33 g. libmilter/README 34 h. mail.local/README 35 i. smrsh/README 36 374. Read cf/README. 38 39Sendmail is a trademark of Sendmail, Inc. 40 41+-----------------------+ 42| DIRECTORY PERMISSIONS | 43+-----------------------+ 44 45Sendmail often gets blamed for many problems that are actually the 46result of other problems, such as overly permissive modes on directories. 47For this reason, sendmail checks the modes on system directories and 48files to determine if they can be trusted. For sendmail to run without 49complaining, you MUST execute the following command: 50 51 chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 52 chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 53 54You will probably have to tweak this for your environment (for example, 55some systems put the spool directory into /usr/spool instead of 56/var/spool). If you set the RunAsUser option in your sendmail.cf, the 57/var/spool/mqueue directory will have to be owned by the RunAsUser user. 58As a general rule, after you have compiled sendmail, run the command 59 60 sendmail -v -bi 61 62to initialize the alias database. If it gives messages such as 63 64 WARNING: writable directory /etc 65 WARNING: writable directory /var/spool/mqueue 66 67then the directories listed have inappropriate write permissions and 68should be secured to avoid various possible security attacks. 69 70Beginning with sendmail 8.9, these checks have become more strict to 71prevent users from being able to access files they would normally not 72be able to read. In particular, .forward and :include: files in unsafe 73directory paths (directory paths which are group or world writable) will 74no longer be allowed. This would mean that if user joe's home directory 75was writable by group staff, sendmail would not use his .forward file. 76This behavior can be altered, at the expense of system security, by 77setting the DontBlameSendmail option. For example, to allow .forward 78files in group writable directories: 79 80 O DontBlameSendmail=forwardfileingroupwritabledirpath 81 82Or to allow them in both group and world writable directories: 83 84 O DontBlameSendmail=forwardfileinunsafedirpath 85 86Items from these unsafe .forward and :include: files will be marked 87as unsafe addresses -- the items can not be deliveries to files or 88programs. This behavior can also be altered via DontBlameSendmail: 89 90 O DontBlameSendmail=forwardfileinunsafedirpath, 91 forwardfileinunsafedirpathsafe 92 93The first flag allows the .forward file to be read, the second allows 94the items in the file to be marked as safe for file and program 95delivery. 96 97Other files affected by this strengthened security include class 98files (i.e., Fw /etc/mail/local-host-names), persistent host status files, 99and the files specified by the ErrorHeader and HelpFile options. Similar 100DontBlameSendmail flags are available for the class, ErrorHeader, and 101HelpFile files. 102 103If you have an unsafe configuration of .forward and :include: 104files, you can make it safe by finding all such files, and doing 105a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for 106each directory in the file's path. 107 108 109+-----------------------+ 110| RELATED DOCUMENTATION | 111+-----------------------+ 112 113There are other files you should read. Rooted in this directory are: 114 115 FAQ 116 The FAQ (frequently answered questions) is no longer maintained 117 with the sendmail release. It is available at 118 http://www.sendmail.org/faq/ . The file FAQ is a reminder of 119 this and a pointer to the web page. 120 INSTALL 121 Installation instructions for building and installing sendmail. 122 KNOWNBUGS 123 Known bugs in the current release. 124 RELEASE_NOTES 125 A detailed description of the changes in each version. This 126 is quite long, but informative. 127 sendmail/README 128 Details on compiling and installing sendmail. 129 cf/README 130 Details on configuring sendmail. 131 doc/op/op.me 132 The sendmail Installation & Operations Guide. Be warned: if 133 you are running this off on SunOS or some other system with an 134 old version of -me, you need to add the following macro to the 135 macros: 136 137 .de sm 138 \s-1\\$1\\s0\\$2 139 .. 140 141 This sets a word in a smaller pointsize. 142 143 144+--------------+ 145| RELATED RFCS | 146+--------------+ 147 148There are several related RFCs that you may wish to read -- they are 149available via anonymous FTP to several sites. For a list of the 150primary repositories see: 151 152 http://www.isi.edu/in-notes/rfc-retrieval.txt 153 154They are also online at: 155 156 http://www.ietf.org/ 157 158They can also be retrieved via electronic mail by sending 159email to one of: 160 161 mail-server@nisc.sri.com 162 Put "send rfcNNN" in message body 163 nis-info@nis.nsf.net 164 Put "send RFCnnn.TXT-1" in message body 165 sendrfc@jvnc.net 166 Put "RFCnnn" as Subject: line 167 168For further instructions see: 169 170 http://www.isi.edu/in-notes/rfc-editor/rfc-info 171 172Important RFCs for electronic mail are: 173 174 RFC821 SMTP protocol 175 RFC822 Mail header format 176 RFC974 MX routing 177 RFC976 UUCP mail format 178 RFC1123 Host requirements (modifies 821, 822, and 974) 179 RFC1344 Implications of MIME for Internet Mail Gateways 180 RFC1413 Identification server 181 RFC1428 Transition of Internet Mail from Just-Send-8 to 182 8-bit SMTP/MIME 183 RFC1652 SMTP Service Extension for 8bit-MIMEtransport 184 RFC1869 SMTP Service Extensions (ESMTP spec) 185 RFC1870 SMTP Service Extension for Message Size Declaration 186 RFC1891 SMTP Service Extension for Delivery Status Notifications 187 RFC1892 Multipart/Report Content Type for the Reporting of 188 Mail System Administrative Messages 189 RFC1893 Enhanced Mail System Status Codes 190 RFC1894 An Extensible Message Format for Delivery Status 191 Notifications 192 RFC1985 SMTP Service Extension for Remote Message Queue Starting 193 RFC2033 Local Mail Transfer Protocol (LMTP) 194 RFC2034 SMTP Service Extension for Returning Enhanced Error Codes 195 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: 196 Format of Internet Message Bodies 197 RFC2476 Message Submission 198 RFC2487 SMTP Service Extension for Secure SMTP over TLS 199 RFC2554 SMTP Service Extension for Authentication 200 RFC2821 Simple Mail Transfer Protocol 201 RFC2822 Internet Message Format 202 RFC2852 Deliver By SMTP Service Extension 203 RFC2920 SMTP Service Extension for Command Pipelining 204 205Other standards that may be of interest (but which are less directly 206relevant to sendmail) are: 207 208 RFC987 Mapping between RFC822 and X.400 209 RFC1049 Content-Type header field (extension to RFC822) 210 211Warning to AIX users: this version of sendmail does not implement 212MB, MR, or MG DNS resource records, as defined (as experiments) in 213RFC1035. 214 215 216+---------+ 217| WARNING | 218+---------+ 219 220Since sendmail 8.11 and later includes hooks to cryptography, the 221following information from OpenSSL applies to sendmail as well. 222 223PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY 224SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING 225TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME 226PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR 227COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL 228SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE 229YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT 230AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR 231ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY. 232 233If you use OpenSSL then make sure you read their README file which 234contains information about patents etc. 235 236 237+-------------------+ 238| DATABASE ROUTINES | 239+-------------------+ 240 241IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** 242use the version that was on the Net2 tape -- it has a number of 243nefarious bugs that were bad enough when I got them; you shouldn't have 244to go through the same thing. Instead, get a new version via the web at 245http://www.sleepycat.com/. This software is highly recommended; it gets 246rid of several stupid limits, it's much faster, and the interface is 247nicer to animals and plants. If the Berkeley DB include files 248are installed in a location other than those which your compiler searches, 249you will need to provide that directory when building: 250 251 Build -I/path/to/include/directory 252 253If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* 254urged to upgrade to DB version 2 or later, available from 255http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to 256be broken in various nasty ways (see http://www.sleepycat.com/db.185.html), 257and can cause sendmail to dump core. In addition, the newest versions of 258gcc and the Solaris compilers perform optimizations in those versions that 259may cause fairly random core dumps. 260 261If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are 262using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h 263and ndbm.o from the DB library after building it. You should also apply 264all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site 265(see http://www.sleepycat.com/db.185.html), as they fix some of the known 266problems. 267 268If you are using a version of Berkeley DB 2 previous to 2.3.15, and you 269are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o 270from the DB library after building it. No other changes are necessary. 271 272If you are using Berkeley DB version 2.3.15 or greater, no changes are 273necessary. 274 275The underlying database file formats changed between Berkeley DB versions 2761.85 and 1.86, again between DB 1.86 and version 2.0, and finally between 277DB 2.X and 3.X. If you are upgrading from one of those versions, you must 278recreate your database file(s). Do this by rebuilding all maps with 279makemap and rebuilding the alias file with newaliases. 280 281 282+--------------------+ 283| HOST NAME SERVICES | 284+--------------------+ 285 286If you are using NIS or /etc/hosts, it is critical that you 287list the long (fully qualified) name somewhere (preferably first) in 288the /etc/hosts file used to build the NIS database. For example, the 289line should read 290 291 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon 292 293**** NOT **** 294 295 128.32.149.68 mastodon 296 297If you do not include the long name, sendmail will complain loudly 298about ``unable to qualify my own domain name (mastodon) -- using 299short name'' and conclude that your canonical name is the short 300version and use that in messages. The name "mastodon" doesn't mean 301much outside of Berkeley, and so this creates incorrect and unreplyable 302messages. 303 304 305+-------------+ 306| USE WITH MH | 307+-------------+ 308 309This version of sendmail notices and reports certain kinds of SMTP 310protocol violations that were ignored by older versions. If you 311are running MH you may wish to install the patch in contrib/mh.patch 312that will prevent these warning reports. This patch also works 313with the old version of sendmail, so it's safe to go ahead and 314install it. 315 316 317+----------------+ 318| USE WITH IDENT | 319+----------------+ 320 321Sendmail 8 supports the IDENT protocol, as defined by RFC 1413. 322Note that the RFC states a client should wait at least 30 seconds 323for a response. As of 8.10.0, the default Timeout.ident is 5 seconds 324as many sites have adopted the practice of dropping IDENT queries. 325This has lead to delays processing mail. 326 327No ident server is included with this distribution. It is available 328from: 329 330 ftp://ftp.lysator.liu.se/pub/ident/servers/ 331 http://sf.www.lysator.liu.se/~pen/pidentd/ 332 333+-------------------------+ 334| INTEROPERATION PROBLEMS | 335+-------------------------+ 336 337Microsoft Exchange Server 5.0 338 We have had a report that ``about 7% of messages from Sendmail 339 to Exchange were not being delivered with status messages of 340 "connection reset" and "I/O error".'' Upgrading Exchange from 341 Version 5.0 to Version 5.5 Service Pack 2 solved this problem. 342 343CommuniGate Pro 344 CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on 345 the MAIL FROM command if the client is not authenticated. Use 346 347 define(`confAUTH_OPTIONS', `A') 348 349 in .mc file if you have compiled sendmail with Cyrus SASL 350 and you communicate with CommuniGate Pro servers. 351 352+---------------------+ 353| DIRECTORY STRUCTURE | 354+---------------------+ 355 356The structure of this directory tree is: 357 358cf Source for sendmail configuration files. These are 359 different than what you've seen before. They are a 360 fairly dramatic rewrite, requiring the new sendmail 361 (since they use new features). 362contrib Some contributed tools to help with sendmail. THESE 363 ARE NOT SUPPORTED by sendmail -- contact the original 364 authors if you have problems. (This directory is not 365 on the 4.4BSD tape.) 366devtools Build environment. See devtools/README. 367doc Documentation. If you are getting source, read 368 op.me -- it's long, but worth it. 369editmap A program to edit and query maps that have been created 370 with makemap, e.g., adding and deleting entries. 371include Include files used by multiple programs in the distribution. 372libsmdb sendmail database library with support for Berkeley DB 1.X, 373 Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. 374libsmutil sendmail utility library with functions used by different 375 programs. 376mail.local The source for the local delivery agent used for 4.4BSD. 377 THIS IS NOT PART OF SENDMAIL! and may not compile 378 everywhere, since it depends on some 4.4-isms. Warning: 379 it does mailbox locking differently than other systems. 380mailstats Statistics printing program. 381makemap A program that creates the keyed maps used by the $( ... $) 382 construct in sendmail. It is primitive but effective. 383 It takes a very simple input format, so you will probably 384 expect to preprocess must human-convenient formats 385 using sed scripts before this program will like them. 386 But it should be functionally complete. 387praliases A program to print the DBM or NEWDB version of the 388 aliases file. 389rmail Source for rmail(8). This is used as a delivery 390 agent for for UUCP, and could presumably be used by 391 other non-socket oriented mailers. Older versions of 392 rmail are probably deficient. RMAIL IS NOT PART OF 393 SENDMAIL!!! The 4.4BSD source is included for you to 394 look at or try to port to your system. There is no 395 guarantee it will even compile on your operating system. 396smrsh The "sendmail restricted shell", which can be used as 397 a replacement for /bin/sh in the prog mailer to provide 398 increased security control. NOT PART OF SENDMAIL! 399sendmail Source for the sendmail program itself. 400test Some test scripts (currently only for compilation aids). 401vacation Source for the vacation program. NOT PART OF SENDMAIL! 402 403$Revision: 1.1.1.6 $, Last updated $Date: 2002/02/17 21:56:38 $ 404