xref: /freebsd/contrib/sendmail/src/README (revision 0bc2abddc8d4abb89a210f2bb113e9e7c2d4ce18)
1# Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
2#	All rights reserved.
3# Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
4# Copyright (c) 1988
5#	The Regents of the University of California.  All rights reserved.
6#
7# By using this file, you agree to the terms and conditions set
8# forth in the LICENSE file which can be found at the top level of
9# the sendmail distribution.
10#
11#
12#	$Id: README,v 8.393 2013-11-22 20:51:54 ca Exp $
13#
14
15This directory contains the source files for sendmail(TM).
16
17   *******************************************************************
18   !! Read sendmail/SECURITY for important installation information !!
19   *******************************************************************
20
21	**********************************************************
22	**  Read below for more details on building sendmail.	**
23	**********************************************************
24
25**************************************************************************
26**  IMPORTANT:  Read the appropriate paragraphs in the section on	**
27**  ``Operating System and Compile Quirks''.				**
28**************************************************************************
29
30For detailed instructions, please read the document ../doc/op/op.me:
31
32	cd ../doc/op ; make op.ps op.txt
33
34Sendmail is a trademark of Proofpoint, Inc.
35US Patent Numbers 6865671, 6986037.
36
37
38+-------------------+
39| BUILDING SENDMAIL |
40+-------------------+
41
42By far, the easiest way to compile sendmail is to use the "Build"
43script:
44
45	sh ./Build
46
47This uses the "uname" command to figure out what architecture you are
48on and creates a proper Makefile accordingly.  It also creates a
49subdirectory per object format, so that multiarchitecture support is
50easy.  In general this should be all you need.  IRIX 6.x users should
51read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section.
52
53If you need to look at other include or library directories, use the
54-I or -L flags on the command line, e.g.,
55
56	sh ./Build -I/usr/sww/include -L/usr/sww/lib
57
58It's also possible to create local site configuration in the file
59site.config.m4 (or another file settable with the -f flag).  This
60file contains M4 definitions for various compilation values; the
61most useful are:
62
63confMAPDEF	-D flags to specify database types to be included
64		(see below)
65confENVDEF	-D flags to specify other environment information
66confINCDIRS	-I flags for finding include files during compilation
67confLIBDIRS	-L flags for finding libraries during linking
68confLIBS	-l flags for selecting libraries during linking
69confLDOPTS	other ld(1) linker options
70
71Others can be found by examining Makefile.m4.  Please read
72../devtools/README for more information about the site.config.m4
73file.
74
75You can recompile from scratch using the -c flag with the Build
76command.  This removes the existing compilation directory for the
77current platform and builds a new one.  The -c flag must also
78be used if any site.*.m4 file in devtools/Site/ is changed.
79
80Porting to a new Unix-based system should be a matter of creating
81an appropriate configuration file in the devtools/OS/ directory.
82
83
84+----------------------+
85| DATABASE DEFINITIONS |
86+----------------------+
87
88There are several database formats that can be used for the alias files
89and for general maps.  When used for alias files they interact in an
90attempt to be backward compatible.
91
92The options are:
93
94NEWDB		The new Berkeley DB package.  Some systems (e.g., BSD/OS and
95		Digital UNIX 4.0) have some version of this package
96		pre-installed.  If your system does not have Berkeley DB
97		pre-installed, or the version installed is not version 2.0
98		or greater (e.g., is Berkeley DB 1.85 or 1.86), get the
99		current version from http://www.sleepycat.com/.  DO NOT
100		use a version from any of the University of California,
101		Berkeley "Net" or other distributions.  If you are still
102		running BSD/386 1.x, you will need to upgrade the included
103		Berkeley DB library to a current version.  NEWDB is included
104		automatically if the Build script can find a library named
105		libdb.a or libdb.so.
106		See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley
107		DB versions, e.g., DB 4.1.x.
108NDBM		The older NDBM implementation -- the very old V7 DBM
109		implementation is no longer supported.
110NIS		Network Information Services.  To use this you must have
111		NIS support on your system.
112NISPLUS		NIS+ (the revised NIS released with Solaris 2).  You must
113		have NIS+ support on your system to use this flag.
114HESIOD		Support for Hesiod (from the DEC/Athena distribution).  You
115		must already have Hesiod support on your system for this to
116		work.  You may be able to get this to work with the MIT/Athena
117		version of Hesiod, but that's likely to be a lot of work.
118		BIND 8.X also includes Hesiod support.
119LDAPMAP		Lightweight Directory Access Protocol support.  You will
120		have to install the UMich or OpenLDAP
121		(http://www.openldap.org/) ldap and lber libraries to use
122		this flag.
123MAP_REGEX	Regular Expression support.  You will need to use an
124		operating system which comes with the POSIX regex()
125		routines or install a regexp library such as libregex from
126		the Free Software Foundation.
127DNSMAP		DNS map support.  Requires NAMED_BIND.
128PH_MAP		PH map support.  You will need the libphclient library from
129		the nph package (http://www-dev.cites.uiuc.edu/ph/nph/).
130MAP_NSD		nsd map support (IRIX 6.5 and later).
131SOCKETMAP	Support for a trivial query protocol over UNIX domain or TCP
132		sockets.
133
134>>>  NOTE WELL for NEWDB support: If you want to get ndbm support, for
135>>>  Berkeley DB versions under 2.0, it is CRITICAL that you remove
136>>>  ndbm.o from libdb.a before you install it and DO NOT install ndbm.h;
137>>>  for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a
138>>>  before you install it.  If you don't delete these, there is absolutely
139>>>  no point to including -DNDBM, since it will just get you another
140>>>  (inferior) API to the same format database.  These files OVERRIDE
141>>>  calls to ndbm routines -- in particular, if you leave ndbm.h in,
142>>>  you can find yourself using the new db package even if you don't
143>>>  define NEWDB.  Berkeley DB versions later than 2.3.14 do not need
144>>>  to be modified.  Please also consult the README in the top level
145>>>  directory of the sendmail distribution for other important information.
146>>>
147>>>  Further note: DO NOT remove your existing /usr/include/ndbm.h --
148>>>  you need that one.  But do not install an updated ndbm.h in
149>>>  /usr/include, /usr/local/include, or anywhere else.
150
151If NEWDB and NDBM are defined (but not NIS), then sendmail will read
152NDBM format alias files, but the next time a newaliases is run the
153format will be converted to NEWDB; that format will be used forever
154more.  This is intended as a transition feature.
155
156If NEWDB, NDBM, and NIS are all defined and the name of the file includes
157the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format
158alias files.  However, it will only read the NEWDB file; the NDBM format
159file is used only by the NIS subsystem.  This is needed because the NIS
160maps on an NIS server are built directly from the NDBM files.
161
162If NDBM and NIS are defined (regardless of the definition of NEWDB),
163and the filename includes the string "/yp/", sendmail adds the special
164tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
165required if the NDBM file is to be used as an NIS map.
166
167All of these flags are normally defined in a confMAPDEF setting in your
168site.config.m4.
169
170If you define NEWDB or HESIOD you get the User Database (USERDB)
171automatically.  Generally you do want to have NEWDB for it to do
172anything interesting.  See above for getting the Berkeley DB
173package (i.e., NEWDB).  There is no separate "user database"
174package -- don't bother searching for it on the net.
175
176Hesiod and LDAP require libraries that may not be installed with your
177system.  These are outside of my ability to provide support.  See the
178"Quirks" section for more information.
179
180The regex map can be used to see if an address matches a certain regular
181expression.  For example, all-numerics local parts are common spam
182addresses, so "^[0-9]+$" would match this.  By using such a map in a
183check_* rule-set, you can block a certain range of addresses that would
184otherwise be considered valid.
185
186The socket map uses a simple request/reply protocol over TCP or
187UNIX domain sockets to query an external server. Both requests and
188replies are text based and encoded as netstrings.  The socket map
189uses the same syntax as milters the specify the remote endpoint,
190e.g.:
191
192KmySocketMap socket inet:12345@127.0.0.1
193
194See doc/op/op.me for details.
195
196
197+---------------+
198| COMPILE FLAGS |
199+---------------+
200
201Wherever possible, I try to make sendmail pull in the correct
202compilation options needed to compile on various environments based on
203automatically defined symbols.  Some machines don't seem to have useful
204symbols available, requiring that a compilation flag be defined in
205the Makefile; see the devtools/OS subdirectory for the supported
206architectures.
207
208If you are a system to which sendmail has already been ported you
209should not have to touch the following symbols.  But if you are porting,
210you may have to tweak the following compilation flags in conf.h in order
211to get it to compile and link properly:
212
213SYSTEM5		Adjust for System V (not necessarily Release 4).
214SYS5SIGNALS	Use System V signal semantics -- the signal handler
215		is automatically dropped when the signal is caught.
216		If this is not set, use POSIX/BSD semantics, where the
217		signal handler stays in force until an exec or an
218		explicit delete.  Implied by SYSTEM5.
219SYS5SETPGRP	Use System V setpgrp() semantics.  Implied by SYSTEM5.
220HASNICE		Define this to zero if you lack the nice(2) system call.
221HASRRESVPORT	Define this to zero if you lack the rresvport(3) system call.
222HASFCHMOD	Define this to one if you have the fchmod(2) system call.
223		This improves security.
224HASFCHOWN	Define this to one if you have the fchown(2) system call.
225		This is required for the TrustedUser option if sendmail
226		must rebuild an (alias) map.
227HASFLOCK	Set this if you prefer to use the flock(2) system call
228		rather than using fcntl-based locking.  Fcntl locking
229		has some semantic gotchas, but many vendor systems
230		also interface it to lockd(8) to do NFS-style locking.
231		Unfortunately, may vendors implementations of fcntl locking
232		is just plain broken (e.g., locks are never released,
233		causing your sendmail to deadlock; when the kernel runs
234		out of locks your system crashes).  For this reason, I
235		recommend always defining this unless you are absolutely
236		certain that your fcntl locking implementation really works.
237HASUNAME	Set if you have the "uname" system call.  Implied by
238		SYSTEM5.
239HASUNSETENV	Define this if your system library has the "unsetenv"
240		subroutine.
241HASSETSID	Define this if you have the setsid(2) system call.  This
242		is implied if your system appears to be POSIX compliant.
243HASINITGROUPS	Define this if you have the initgroups(3) routine.
244HASSETVBUF	Define this if you have the setvbuf(3) library call.
245		If you don't, setlinebuf will be used instead.  This
246		defaults on if your compiler defines __STDC__.
247HASSETREUID	Define this if you have setreuid(2) ***AND*** root can
248		use setreuid to change to an arbitrary user.  This second
249		condition is not satisfied on AIX 3.x.  You may find that
250		your system has setresuid(2), (for example, on HP-UX) in
251		which case you will also have to #define setreuid(r, e)
252		to be the appropriate call.  Some systems (such as Solaris)
253		have a compatibility routine that doesn't work properly,
254		but may have "saved user ids" properly implemented so you
255		can ``#define setreuid(r, e) seteuid(e)'' and have it work.
256		The important thing is that you have a call that will set
257		the effective uid independently of the real or saved uid
258		and be able to set the effective uid back again when done.
259		There's a test program in ../test/t_setreuid.c that will
260		try things on your system.  Setting this improves the
261		security, since sendmail doesn't have to read .forward
262		and :include: files as root.  There are certain attacks
263		that may be unpreventable without this call.
264USESETEUID	Define this to 1 if you have a seteuid(2) system call that
265		will allow root to set only the effective user id to an
266		arbitrary value ***AND*** you have saved user ids.  This is
267		preferable to HASSETREUID if these conditions are fulfilled.
268		These are the semantics of the to-be-released revision of
269		Posix.1.  The test program ../test/t_seteuid.c will try
270		this out on your system.  If you define both HASSETREUID
271		and USESETEUID, the former is ignored.
272HASSETEGID	Define this if you have setegid(2) and it can be
273		used to set the saved gid.  Please run t_dropgid in
274		test/ if you are not sure whether the call works.
275HASSETREGID	Define this if you have setregid(2) and it can be
276		used to set the saved gid.  Please run t_dropgid in
277		test/ if you are not sure whether the call works.
278HASSETRESGID	Define this if you have setresgid(2) and it can be
279		used to set the saved gid.  Please run t_dropgid in
280		test/ if you are not sure whether the call works.
281HASLSTAT	Define this if you have symbolic links (and thus the
282		lstat(2) system call).  This improves security.  Unlike
283		most other options, this one is on by default, so you
284		need to #undef it in conf.h if you don't have symbolic
285		links (these days everyone does).
286HASSETRLIMIT	Define this to 1 if you have the setrlimit(2) syscall.
287		You can define it to 0 to force it off.  It is assumed
288		if you are running a BSD-like system.
289HASULIMIT	Define this if you have the ulimit(2) syscall (System V
290		style systems).  HASSETRLIMIT overrides, as it is more
291		general.
292HASWAITPID	Define this if you have the waitpid(2) syscall.
293HASGETDTABLESIZE
294		Define this if you have the getdtablesize(2) syscall.
295HAS_ST_GEN	Define this to 1 if your system has the st_gen field in
296		the stat structure (see stat(2)).
297HASSRANDOMDEV	Define this if your system has the srandomdev(3) function
298		call.
299HASURANDOMDEV	Define this if your system has /dev/urandom(4).
300HASSTRERROR	Define this if you have the libc strerror(3) function (which
301		should be declared in <errno.h>), and it should be used
302		instead of sys_errlist.
303HASCLOSEFROM	Define this if your system has closefrom(3).
304HASFDWALK	Define this if your system has fdwalk(3).
305SM_CONF_GETOPT	Define this as 0 if you need a reimplementation of getopt(3).
306		On some systems, getopt does very odd things if called
307		to scan the arguments twice.  This flag will ask sendmail
308		to compile in a local version of getopt that works
309		properly.  You may also need this if you build with
310		another library that introduces a non-standard getopt(3).
311NEEDSTRTOL	Define this if your standard C library does not define
312		strtol(3).  This will compile in a local version.
313NEEDFSYNC	Define this if your standard C library does not define
314		fsync(2).  This will try to simulate the operation using
315		fcntl(2); if that is not available it does nothing, which
316		isn't great, but at least it compiles and runs.
317HASGETUSERSHELL	Define this to 1 if you have getusershell(3) in your
318		standard C library.  If this is not defined, or is defined
319		to be 0, sendmail will scan the /etc/shells file (no
320		NIS-style support, defaults to /bin/sh and /bin/csh if
321		that file does not exist) to get a list of unrestricted
322		user shells.  This is used to determine whether users
323		are allowed to forward their mail to a program or a file.
324NEEDPUTENV	Define this if your system needs am emulation of the
325		putenv(3) call.  Define to 1 to implement it in terms
326		of setenv(3) or to 2 to do it in terms of primitives.
327NOFTRUNCATE	Define this if you don't have the ftruncate(2) syscall.
328		If you don't have this system call, there is an unavoidable
329		race condition that occurs when creating alias databases.
330GIDSET_T	The type of entries in a gidset passed as the second
331		argument to getgroups(2).  Historically this has been an
332		int, so this is the default, but some systems (such as
333		IRIX) pass it as a gid_t, which is an unsigned short.
334		This will make a difference, so it is important to get
335		this right!  However, it is only an issue if you have
336		group sets.
337SLEEP_T		The type returned by the system sleep() function.
338		Defaults to "unsigned int".  Don't worry about this
339		if you don't have compilation problems.
340ARBPTR_T	The type of an arbitrary pointer -- defaults to "void *".
341		If you are an very old compiler you may need to define
342		this to be "char *".
343SOCKADDR_LEN_T	The type used for the third parameter to accept(2),
344		getsockname(2), and getpeername(2), representing the
345		length of a struct sockaddr.  Defaults to int.
346SOCKOPT_LEN_T	The type used for the fifth parameter to getsockopt(2)
347		and setsockopt(2), representing the length of the option
348		buffer.  Defaults to int.
349LA_TYPE		The type of load average your kernel supports.  These
350		can be one of:
351		 LA_ZERO (1) -- it always returns the load average as
352			"zero" (and does so on all architectures).
353		 LA_INT (2) to read /dev/kmem for the symbol avenrun and
354			interpret as a long integer.
355		 LA_FLOAT (3) same, but interpret the result as a floating
356			point number.
357		 LA_SHORT (6) to interpret as a short integer.
358		 LA_SUBR (4) if you have the getloadavg(3) routine in your
359			system library.
360		 LA_MACH (5) to use MACH-style load averages (calls
361			processor_set_info()),
362		 LA_PROCSTR (7) to read /proc/loadavg and interpret it
363			as a string representing a floating-point
364			number (Linux-style).
365		 LA_READKSYM (8) is an implementation suitable for some
366			versions of SVr4 that uses the MIOC_READKSYM ioctl
367			call to read /dev/kmem.
368		 LA_DGUX (9) is a special implementation for DG/UX that uses
369			the dg_sys_info system call.
370		 LA_HPUX (10) is an HP-UX specific version that uses the
371			pstat_getdynamic system call.
372		 LA_IRIX6 (11) is an IRIX 6.x specific version that adapts
373			to 32 or 64 bit kernels; it is otherwise very similar
374			to LA_INT.
375		 LA_KSTAT (12) uses the (Solaris-specific) kstat(3k)
376			implementation.
377		 LA_DEVSHORT (13) reads a short from a system file (default:
378			/dev/table/avenrun) and scales it in the same manner
379			as LA_SHORT.
380		 LA_LONGLONG (17) to read /dev/kmem for the symbol avenrun and
381			interpret as a long long integer (e.g., for 64 bit
382			systems).
383		LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several
384		other parameters that they try to divine: the name of your
385		kernel, the name of the variable in the kernel to examine,
386		the number of bits of precision in a fixed point load average,
387		and so forth.  LA_DEVSHORT uses _PATH_AVENRUN to find the
388		device to be read to find the load average.
389		In desperation, use LA_ZERO.  The actual code is in
390		conf.c -- it can be tweaked if you are brave.
391FSHIFT		For LA_INT, LA_SHORT, and LA_READKSYM, this is the number
392		of bits of load average after the binary point -- i.e.,
393		the number of bits to shift right in order to scale the
394		integer to get the true integer load average.  Defaults to 8.
395_PATH_UNIX	The path to your kernel.  Needed only for LA_INT, LA_SHORT,
396		and LA_FLOAT.  Defaults to "/unix" on System V, "/vmunix"
397		everywhere else.
398LA_AVENRUN	For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel
399		variable that holds the load average.  Defaults to "avenrun"
400		on System V, "_avenrun" everywhere else.
401SFS_TYPE	Encodes how your kernel can locate the amount of free
402		space on a disk partition.  This can be set to SFS_NONE
403		(0) if you have no way of getting this information,
404		SFS_USTAT (1) if you have the ustat(2) system call,
405		SFS_4ARGS (2) if you have a four-argument statfs(2)
406		system call (and the include file is <sys/statfs.h>),
407		SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have
408		the two-argument statfs(2) system call with includes in
409		<sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively,
410		or SFS_STATVFS (6) if you have the two-argument statvfs(2)
411		call.  The default if nothing is defined is SFS_NONE.
412SFS_BAVAIL	with SFS_4ARGS you can also set SFS_BAVAIL to the field name
413		in the statfs structure that holds the useful information;
414		this defaults to f_bavail.
415SPT_TYPE	Encodes how your system can display what a process is doing
416		on a ps(1) command (SPT stands for Set Process Title).  Can
417		be set to:
418		SPT_NONE (0) -- Don't try to set the process title at all.
419		SPT_REUSEARGV (1) -- Pad out your argv with the information;
420			this is the default if none specified.
421		SPT_BUILTIN (2) -- The system library has setproctitle.
422		SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2)
423			to set the process title; this is used by HP-UX.
424		SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD).
425		SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6.
426		SPT_SCO (6) -- Write kernel u. area.
427		SPT_CHANGEARGV (7) -- Write pointers to our own strings into
428			the existing argv vector.
429SPT_PADCHAR	Character used to pad the process title; if undefined,
430		the space character (0x20) is used.  This is ignored if
431		SPT_TYPE != SPT_REUSEARGV
432ERRLIST_PREDEFINED
433		If set, assumes that some header file defines sys_errlist.
434		This may be needed if you get type conflicts on this
435		variable -- otherwise don't worry about it.
436WAITUNION	The wait(2) routine takes a "union wait" argument instead
437		of an integer argument.  This is for compatibility with
438		old versions of BSD.
439SCANF		You can set this to extend the F command to accept a
440		scanf string -- this gives you a primitive parser for
441		class definitions -- BUT it can make you vulnerable to
442		core dumps if the target file is poorly formed.
443SYSLOG_BUFSIZE	You can define this to be the size of the buffer that
444		syslog accepts.  If it is not defined, it assumes a
445		1024-byte buffer.  If the buffer is very small (under
446		256 bytes) the log message format changes -- each
447		e-mail message will log many more messages, since it
448		will log each piece of information as a separate line
449		in syslog.
450BROKEN_RES_SEARCH
451		On Ultrix (and maybe other systems?) if you use the
452		res_search routine with an unknown host name, it returns
453		-1 but sets h_errno to 0 instead of HOST_NOT_FOUND.  If
454		you set this, sendmail considers 0 to be the same as
455		HOST_NOT_FOUND.
456NAMELISTMASK	If defined, values returned by nlist(3) are masked
457		against this value before use -- a common value is
458		0x7fffffff to strip off the top bit.
459BSD4_4_SOCKADDR	If defined, socket addresses have an sa_len field that
460		defines the length of this address.
461SAFENFSPATHCONF	Set this to 1 if and only if you have verified that a
462		pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an
463		NFS filesystem where the underlying system allows users to
464		give away files to other users returns <= 0.  Be sure you
465		try both on NFS V2 and V3.  Some systems assume that their
466		local policy apply to NFS servers -- this is a bad
467		assumption!  The test/t_pathconf.c program will try this
468		for you -- you have to run it in a directory that is
469		mounted from a server that allows file giveaway.
470SIOCGIFCONF_IS_BROKEN
471		Set this if your system has an SIOCGIFCONF ioctl defined,
472		but it doesn't behave the same way as "most" systems (BSD,
473		Solaris, SunOS, HP-UX, etc.)
474SIOCGIFNUM_IS_BROKEN
475		Set this if your system has an SIOCGIFNUM ioctl defined,
476		but it doesn't behave the same way as "most" systems
477		(Solaris, HP-UX).
478FAST_PID_RECYCLE
479		Set this if your system can reuse the same PID in the same
480		second.
481SO_REUSEADDR_IS_BROKEN
482		Set this if your system has a setsockopt() SO_REUSEADDR
483		flag but doesn't pay attention to it when trying to bind a
484		socket to a recently closed port.
485NEEDSGETIPNODE	Set this if your system supports IPv6 but doesn't include
486		the getipnodeby{name,addr}() functions.  Set automatically
487		for Linux's glibc.
488PIPELINING	Support SMTP PIPELINING	(set by default).
489USING_NETSCAPE_LDAP
490		Deprecated in favor of SM_CONF_LDAP_MEMFREE.  See
491		libsm/README.
492NEEDLINK	Set this if your system doesn't have a link() call.  It
493		will create a copy of the file instead of a hardlink.
494USE_ENVIRON	Set this to 1 to access process environment variables from
495		the external variable environ instead of the third
496		parameter of main().
497USE_DOUBLE_FORK By default this is on (1).  Set it to 0 to suppress the
498		extra fork() used to avoid intermediate zombies.
499ALLOW_255	Do not convert (char)0xff to (char)0x7f in headers etc.
500		This can also be done at runtime with the command line
501		option -d82.101.
502NEEDINTERRNO	Set this if <errno.h> does not declare errno, i.e., if an
503		application needs to use
504		extern int errno;
505USE_TTYPATH	Set this to 1 to enable ErrorMode=write.
506USESYSCTL	Use sysctl(3) to determine the number of CPUs in a system.
507HASSNPRINTF	Set this to 1 if your OS has a working snprintf(3), i.e.,
508		it properly obeys the size of the buffer and returns the
509		number of characters that would have been printed if the
510		size were unlimited.
511LDAP_REFERRALS	Set this if you want to use the -R flag (do not auto chase
512		referrals) for LDAP maps (requires -DLDAPMAP).
513MILTER_NO_NAGLE	Turn off Nagle algorithm for communication with libmilter
514		("cork" on Linux).  On some operating systems this may
515		improve the interprocess communication performance.
516
517
518+-----------------------+
519| COMPILE-TIME FEATURES |
520+-----------------------+
521
522There are a bunch of features that you can decide to compile in, such
523as selecting various database packages and special protocol support.
524Several are assumed based on other compilation flags -- if you want to
525"un-assume" something, you probably need to edit conf.h.  Compilation
526flags that add support for special features include:
527
528NDBM		Include support for "new" DBM library for aliases and maps.
529		Normally defined in the Makefile.
530NEWDB		Include support for Berkeley DB package (hash & btree)
531		for aliases and maps.  Normally defined in the Makefile.
532		If the version of NEWDB you have is the old one that does
533		not include the "fd" call (this call was added in version
534		1.5 of the Berkeley DB code), you must upgrade to the
535		current version of Berkeley DB.
536NIS		Define this to get NIS (YP) support for aliases and maps.
537		Normally defined in the Makefile.
538NISPLUS		Define this to get NIS+ support for aliases and maps.
539		Normally defined in the Makefile.
540HESIOD		Define this to get Hesiod support for aliases and maps.
541		Normally defined in the Makefile.
542NETINFO		Define this to get NeXT NetInfo support for aliases and maps.
543		Normally defined in the Makefile.
544LDAPMAP		Define this to get LDAP support for maps.
545PH_MAP		Define this to get PH support for maps.
546MAP_NSD		Define this to get nsd support for maps.
547USERDB		Define this to 1 to include support for the User Information
548		Database.  Implied by NEWDB or HESIOD.  You can use
549		-DUSERDB=0 to explicitly turn it off.
550IDENTPROTO	Define this as 1 to get IDENT (RFC 1413) protocol support.
551		This is assumed unless you are running on Ultrix or
552		HP-UX, both of which have a problem in the UDP
553		implementation.  You can define it to be 0 to explicitly
554		turn off IDENT protocol support.  If defined off, the code
555		is actually still compiled in, but it defaults off; you
556		can turn it on by setting the IDENT timeout in the
557		configuration file.
558IP_SRCROUTE	Define this to 1 to get IP source routing information
559		displayed in the Received: header.  This is assumed on
560		most systems, but some (e.g., Ultrix) apparently have a
561		broken version of getsockopt that doesn't properly
562		support the IP_OPTIONS call.  You probably want this if
563		your OS can cope with it.  Symptoms of failure will be that
564		it won't compile properly (that is, no support for fetching
565		IP_OPTIONs), or it compiles but source-routed TCP connections
566		either refuse to open or open and hang for no apparent reason.
567		Ultrix and AIX3 are known to fail this way.
568LOG		Set this to get syslog(3) support.  Defined by default
569		in conf.h.  You want this if at all possible.
570NETINET		Set this to get TCP/IP support.  Defined by default
571		in conf.h.  You probably want this.
572NETINET6	Set this to get IPv6 support.  Other configuration may
573		be needed in conf.h for your particular operating system.
574		Also, DaemonPortOptions must be set appropriately for
575		sendmail to accept IPv6 connections.
576NETISO		Define this to get ISO networking support.
577NETUNIX		Define this to get Unix domain networking support.  Defined
578		by default.  A few bizarre systems (SCO, ISC, Altos) don't
579		support this networking domain.
580NETNS		Define this to get NS networking support.
581NETX25		Define this to get X.25 networking support.
582NAMED_BIND	If non-zero, include DNS (name daemon) support, including
583		MX support.  The specs say you must use this if you run
584		SMTP.  You don't have to be running a name server daemon
585		on your machine to need this -- any use of the DNS resolver,
586		including remote access to another machine, requires this
587		option.  Defined by default in conf.h.  Define it to zero
588		ONLY on machines that do not use DNS in any way.
589MATCHGECOS	Permit fuzzy matching of user names against the full
590		name (GECOS) field in the /etc/passwd file.  This should
591		probably be on, since you can disable it from the config
592		file if you want to.  Defined by default in conf.h.
593MIME8TO7	If non-zero, include 8 to 7 bit MIME conversions.  This
594		also controls advertisement of 8BITMIME in the ESMTP
595		startup dialogue.
596MIME7TO8_OLD	If 0 then use an algorithm for MIME 7-bit quoted-printable
597		or base64 encoding to 8-bit text that has been introduced
598		in 8.12.3.  There are some examples where that code fails,
599		but the old code works.  If you have an example of improper
600		7 to 8 bit conversion please send it to sendmail-bugs.
601MIME7TO8	If non-zero, include 7 to 8 bit MIME conversions.
602HES_GETMAILHOST	Define this to 1 if you are using Hesiod with the
603		hes_getmailhost() routine.  This is included with the MIT
604		Hesiod distribution, but not with the DEC Hesiod distribution.
605XDEBUG		Do additional internal checking.  These don't cost too
606		much; you might as well leave this on.
607TCPWRAPPERS	Turns on support for the TCP wrappers library (-lwrap).
608		See below for further information.
609SECUREWARE	Enable calls to the SecureWare luid enabling/changing routines.
610		SecureWare is a C2 security package added to several UNIX's
611		(notably ConvexOS) to get a C2 Secure system.  This
612		option causes mail delivery to be done with the luid of the
613		recipient.
614SHARE_V1	Support for the fair share scheduler, version 1.  Setting to
615		1 causes final delivery to be done using the recipients
616		resource limitations.  So far as I know, this is only
617		supported on ConvexOS.
618SASL		Enables SMTP AUTH (RFC 2554).  This requires the Cyrus SASL
619		library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/).  Please
620		install at least version 1.5.13.  See below for further
621		information: SASL COMPILATION AND CONFIGURATION.  If your
622		SASL library is older than 1.5.10, you have to set this
623		to its version number using a simple conversion:  a.b.c
624		-> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
625		Note: Using an older version than 1.5.5 of Cyrus SASL is
626		not supported.  Starting with version 1.5.10, setting SASL=1
627		is sufficient.  Any value other than 1 (or 0) will be
628		compared with the actual version found and if there is a
629		mismatch, compilation will fail.
630EGD		Define this if your system has EGD installed, see
631		http://egd.sourceforge.net/ .  It should be used to
632		seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
633STARTTLS	Enables SMTP STARTTLS (RFC 2487).  This requires OpenSSL
634		(http://www.OpenSSL.org/); use OpenSSL 0.9.8zc or later.
635		See STARTTLS COMPILATION AND CONFIGURATION for further
636		information.
637TLS_NO_RSA	Turn off support for RSA algorithms in STARTTLS.
638MILTER		Turn on support for external filters using the Milter API;
639		this option is set by default, to turn it off use
640			APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER=0')
641		in devtools/Site/site.config.m4 (see devtools/README).
642		See libmilter/README for more information about milter.
643REQUIRES_DIR_FSYNC	Turn on support for file systems that require to
644		call fsync() for a directory if the meta-data in it has
645		been changed.  This should be turned on at least for older
646		versions of ReiserFS; it is enabled by default for Linux.
647		According to some information this flag is not needed
648		anymore for kernel 2.4.16 and newer.  We would appreciate
649		feedback about the semantics of the various file systems
650		available for Linux.
651		An alternative to this compile time flag is to mount the
652		queue directory without the -async option, or using
653		chattr +S on Linux.
654DBMMODE		The default file permissions to use when creating new
655		database files for maps and aliases.  Defaults to 0640.
656IPV6_FULL	Use uncompressed IPv6 addresses (set by default).  This
657		permits a zero subnet to have a more specific match,
658		such as different map entries for IPv6:0:0 vs IPv6:0.
659
660Generic notice: If you enable a compile time option that needs
661libraries or include files that don't come with sendmail or are
662installed in a location that your C compiler doesn't use by default
663you should set confINCDIRS and confLIBDIRS as explained in the
664first section:  BUILDING SENDMAIL.
665
666
667+---------------------+
668| DNS/RESOLVER ISSUES |
669+---------------------+
670
671Many systems have old versions of the resolver library.  At a minimum,
672you should be running BIND 4.8.3; older versions may compile, but they
673have known bugs that should give you pause.
674
675Common problems in old versions include "undefined" errors for
676dn_skipname.
677
678Some people have had a problem with BIND 4.9; it uses some routines
679that it expects to be externally defined such as strerror().  It may
680help to link with "-l44bsd" to solve this problem.  This has apparently
681been fixed in later versions of BIND, starting around 4.9.3.  In other
682words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or
683later versions, you do not.
684
685!PLEASE! be sure to link with the same version of the resolver as
686the header files you used -- some people have used the 4.9 headers
687and linked with BIND 4.8 or vice versa, and it doesn't work.
688Unfortunately, it doesn't fail in an obvious way -- things just
689subtly don't work.
690
691WILDCARD MX RECORDS ARE A BAD IDEA!  The only situation in which they
692work reliably is if you have two versions of DNS, one in the real world
693which has a wildcard pointing to your firewall, and a completely
694different version of the database internally that does not include
695wildcard MX records that match your domain.  ANYTHING ELSE WILL GIVE
696YOU HEADACHES!
697
698When attempting to canonify a hostname, some broken name servers will
699return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.  If you
700want to excuse this behavior, include WorkAroundBrokenAAAA in
701ResolverOptions.  However, instead, we recommend catching the problem and
702reporting it to the name server administrator so we can rid the world of
703broken name servers.
704
705
706+----------------------------------------+
707| STARTTLS COMPILATION AND CONFIGURATION |
708+----------------------------------------+
709
710Please read the documentation accompanying the OpenSSL library.  You
711have to compile and install the OpenSSL libraries before you can compile
712sendmail.  See devtools/README how to set the correct compile time
713parameters; you should at least set the following variables:
714
715APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
716APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
717
718If you have installed the OpenSSL libraries and include files in
719a location that your C compiler doesn't use by default you should
720set confINCDIRS and confLIBDIRS as explained in the first section:
721BUILDING SENDMAIL.
722
723Configuration information can be found in doc/op/op.me (required
724certificates) and cf/README (how to tell sendmail about certificates).
725
726To perform an initial test, connect to your sendmail daemon
727(telnet localhost 25) and issue a EHLO localhost and see whether
728250-STARTTLS
729is in the response.  If it isn't, run the daemon with
730-O LogLevel=14
731and try again.  Then take a look at the logfile and see whether
732there are any problems listed about permissions (unsafe files)
733or the validity of X.509 certificates.
734
735From: Garrett Wollman <wollman@lcs.mit.edu>
736
737    If your certificate authority is hierarchical, and you only include
738    the top-level CA certificate in the CACertFile file, some mail clients
739    may be unable to infer the proper certificate chain when selecting a
740    client certificate.  Including the bottom-level CA certificate(s) in
741    the CACertFile file will allow these clients to work properly.  This
742    is not necessary if you are not using client certificates for
743    authentication, or if all your clients are running Sendmail or other
744    programs using the OpenSSL library (which get it right automatically).
745    In addition, some mail clients are totally incapable of using
746    certificate authentication -- even some of those which already support
747    SSL/TLS for confidentiality.
748
749Further information can be found via:
750http://www.sendmail.org/tips/
751
752
753+------------------------------------+
754| SASL COMPILATION AND CONFIGURATION |
755+------------------------------------+
756
757Please read the documentation accompanying the Cyrus SASL library
758(INSTALL and README).  If you use Berkeley DB for Cyrus SASL then
759you must compile sendmail with the same version of Berkeley DB.
760See devtools/README for how to set the correct compile time parameters;
761you should at least set the following variables:
762
763APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL')
764APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
765
766If you have installed the Cyrus SASL library and include files in
767a location that your C compiler doesn't use by default you should
768set confINCDIRS and confLIBDIRS as explained in the first section:
769BUILDING SENDMAIL.
770
771You have to select and install authentication mechanisms and tell
772sendmail where to find the sasl library and the include files (see
773devtools/README for the parameters to set).  Set up the required
774users and passwords as explained in the SASL documentation.  See
775also cf/README for authentication related options (especially
776DefaultAuthInfo if you want authentication between MTAs).
777
778To perform an initial test, connect to your sendmail daemon
779(telnet localhost 25) and issue a EHLO localhost and see whether
780250-AUTH ....
781is in the response.  If it isn't, run the daemon with
782-O LogLevel=14
783and try again.  Then take a look at the logfile and see whether
784there are any security related problems listed (unsafe files).
785
786Further information can be found via:
787http://www.sendmail.org/tips/
788
789
790+-------------------------------------+
791| OPERATING SYSTEM AND COMPILE QUIRKS |
792+-------------------------------------+
793
794GCC problems
795	When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
796		too (see include/sm/cdefs.h for more info).
797
798	*****************************************************************
799	**  IMPORTANT:  DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE    **
800	**  RUNNING GCC 2.4.x or 2.5.x.  THERE IS A BUG IN THE GCC     **
801	**  OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. **
802	*****************************************************************
803
804	Jim Wilson of Cygnus believes he has found the problem -- it will
805	probably be fixed in GCC 2.5.6 -- but until this is verified, be
806	very suspicious of gcc -O.  This problem is reported to have been
807	fixed in gcc 2.6.
808
809	A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with
810	optimization on a Sparc.  If you are using gcc 2.5.5, youi should
811	upgrade to the latest version of gcc.
812
813	Apparently GCC 2.7.0 on the Pentium processor has optimization
814	problems.  I recommend against using -O on that architecture.  This
815	has been seen on FreeBSD 2.0.5 RELEASE.
816
817	Solaris 2.X users should use version 2.7.2.3 over 2.7.2.
818
819	We have been told there are problems with gcc 2.8.0.  If you are
820	using this version, you should upgrade to 2.8.1 or later.
821
822Berkeley DB
823	Berkeley DB 4.1.x with x <= 24 does not work with sendmail.
824	You need at least 4.1.25.
825
826GDBM	GDBM does not work with sendmail because the additional
827	security checks and file locking cause problems.  Unfortunately,
828	gdbm does not provide a compile flag in its version of ndbm.h so
829	the code can adapt.  Until the GDBM authors can fix these problems,
830	GDBM will not be supported.  Please use Berkeley DB instead.
831
832Configuration file location
833	Up to 8.6, sendmail tried to find the sendmail.cf file in the same
834	place as the vendors had put it, even when this was obviously
835	stupid.  As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
836	Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
837	You can get sendmail to use the stupid vendor .cf location by
838	adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
839	support programs and scripts that need to find sendmail.cf.  You
840	are STRONGLY urged to use symbolic links if you want to use the
841	vendor location rather than changing the location in the sendmail
842	binary.
843
844	NETINFO systems use NETINFO to determine the location of
845	sendmail.cf.  The full path to sendmail.cf is stored as the value of
846	the "sendmail.cf" property in the "/locations/sendmail"
847	subdirectory of NETINFO.  Set the value of this property to
848	"/etc/mail/sendmail.cf" (without the quotes) to use this new
849	default location for Sendmail 8.10.0 and higher.
850
851ControlSocket permissions
852	Paraphrased from BIND 8.2.1's README:
853
854	Solaris and other pre-4.4BSD kernels do not respect ownership or
855	protections on UNIX-domain sockets.  The short term fix for this is to
856	override the default path and put such control sockets into root-
857	owned directories which do not permit non-root to r/w/x through them.
858	The long term fix is for all kernels to upgrade to 4.4BSD semantics.
859
860HP MPE/iX
861	The MPE-specific code within sendmail emulates a set-user-id root
862	environment for the sendmail binary.  But there is no root uid 0 on
863	MPE, nor is there any support for set-user-id programs.  Even when
864	sendmail thinks it is running as uid 0, it will still have the file
865	access rights of the underlying non-zero uid, but because sendmail is
866	an MPE priv-mode program it will still be able to call setuid() to
867	successfully switch to a new uid.
868
869	MPE setgid() semantics don't quite work the way sendmail expects, so
870	special emulation is done here also.
871
872	This uid/gid emulation is enabled via the setuid/setgid file mode bits
873	which are not currently used by MPE.  Code in libsm/mpeix.c examines
874	these bits and enables emulation if they have been set, i.e.,
875	chmod u+s,g+s /SENDMAIL/CURRENT/SENDMAIL.
876
877SunOS 4.x (Solaris 1.x)
878	You may have to use -lresolv on SunOS.  However, beware that
879	this links in a new version of gethostbyname that does not
880	understand NIS, so you must have all of your hosts in DNS.
881
882	Some people have reported problems with the SunOS version of
883	-lresolv and/or in.named, and suggest that you get a newer
884	version.  The symptoms are delays when you connect to the
885	SMTP server on a SunOS machine or having your domain added to
886	addresses inappropriately.  There is a version of BIND
887	version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9.
888
889	There is substantial disagreement about whether you can make
890	this work with resolv+, which allows you to specify a search-path
891	of services.  Some people report that it works fine, others
892	claim it doesn't work at all (including causing sendmail to
893	drop core when it tries to do multiple resolv+ lookups for a
894	single job).  I haven't tried resolv+, as we use DNS exclusively.
895
896	Should you want to try resolv+, it is on ftp.uu.net in
897	/networking/ip/dns.
898
899	Apparently getservbyname() can fail under moderate to high
900	load under some circumstances.  This will exhibit itself as
901	the message ``554 makeconnection: service "smtp" unknown''.
902	The problem has been traced to one or more blank lines in
903	/etc/services on the NIS server machine.  Delete these
904	and it should work.  This info is thanks to Brian Bartholomew
905	<bb@math.ufl.edu> of I-Kinetics, Inc.
906
907	NOTE: The SunOS 4.X linker uses library paths specified during
908	compilation using -L for run-time shared library searches.
909	Therefore, it is vital that relative and unsafe directory paths not
910	be used when compiling sendmail.
911
912SunOS 4.0.2 (Sun 386i)
913	Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
914	From: teus@oce.nl
915
916	Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the
917	following changes:
918	* Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
919	  available as "uname" command.
920	* Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
921	  devtools/OS/SunOS.4.0, which is selected via the "uname" command.
922	I recommend to make available the db-library on the system first
923	(and change the Makefile to use this library).
924	Note that the sendmail.cf and aliases files are found in /etc.
925
926SunOS 4.1.3, 4.1.3_U1
927	Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1.  According
928	to Sun bug number 1077939:
929
930	If an application does a getsockopt() on a SOCK_STREAM (TCP) socket
931	after the other side of the connection has sent a TCP RESET for
932	the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or
933	ip_ctloutput() routine.
934
935	For 4.1.3, this is fixed in patch 100584-08, available on the
936	Sunsolve 2.7.1 or later CDs.  For 4.1.3_U1, this was fixed in patch
937	101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later
938	obsoleted by patch 102010-05.
939
940	Sun patch 100584-08 is not currently publicly available on their
941	ftp site but a user has reported it can be found at other sites
942	using a web search engine.
943
944Solaris 2.x (SunOS 5.x)
945	To compile for Solaris, the Makefile built by Build must
946	include a SOLARIS definition which reflects the Solaris version
947	(i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1).
948	If you are using gcc, make sure -I/usr/include is not used (or
949	it might complain about TopFrame).  If you are using Sun's cc,
950	make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
951	(or it might complain about tm_zone).
952
953	The Solaris 2.x (x <= 3) "syslog" function is apparently limited
954	to something about 90 characters because of a kernel limitation.
955	If you have source code, you can probably up this number.  You
956	can get patches that fix this problem:  the patch ids are:
957
958		Solaris 2.1	100834
959		Solaris 2.2	100999
960		Solaris 2.3	101318
961
962	Be sure you have the appropriate patch installed or you won't
963	see system logging.
964
965Solaris 2.4 (SunOS 5.4)
966	If you include /usr/lib at the end of your LD_LIBRARY_PATH you run
967	the risk of getting the wrong libraries under some circumstances.
968	This is because of a new feature in Solaris 2.4, described by
969	Rod.Evans@Eng.Sun.COM:
970
971	>> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the
972	>> runtime linker if the application was setxid (secure), thus your
973	>> applications search path would be:
974	>>
975	>>	/usr/local/lib	LD_LIBRARY_PATH component - IGNORED
976	>>	/usr/lib	LD_LIBRARY_PATH component - IGNORED
977	>>	/usr/local/lib	RPATH - honored
978	>>	/usr/lib	RPATH - honored
979	>>
980	>> the effect is that path 3 would be the first used, and this would
981	>> satisfy your resolv.so lookup.
982	>>
983	>> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible.
984	>> People who developed setxid applications wanted to be able to alter
985	>> the library search path to some degree to allow for their own
986	>> testing and debugging mechanisms.  It was decided that the only
987	>> secure way to do this was to allow a `trusted' path to be used in
988	>> LD_LIBRARY_PATH.  The only trusted directory we presently define
989	>> is /usr/lib.  Thus a set-user-ID root developer could play with some
990	>> alternative shared object implementations and place them in
991	>> /usr/lib (being root we assume they'ed have access to write in this
992	>> directory).  This change was made as part of 1155380 - after a
993	>> *huge* amount of discussion regarding the security aspect of things.
994	>>
995	>> So, in SunOS 5.4 your applications search path would be:
996	>>
997	>>	/usr/local/lib	from LD_LIBRARY_PATH - IGNORED (untrustworthy)
998	>>	/usr/lib	from LD_LIBRARY_PATH - honored (trustworthy)
999	>>	/usr/local/lib	from RPATH - honored
1000	>>	/usr/lib	from RPATH - honored
1001	>>
1002	>> here, path 2 would be the first used.
1003
1004Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
1005	Apparently Solaris 2.5.1 patch 103663-01 installs a new
1006	/usr/include/resolv.h file that defines the __P macro without
1007	checking to see if it is already defined.  This new resolv.h is also
1008	included in the Solaris 2.6 distribution.  This causes compile
1009	warnings such as:
1010
1011	   In file included from daemon.c:51:
1012	   /usr/include/resolv.h:208: warning: `__P' redefined
1013	   cdefs.h:58: warning: this is the location of the previous definition
1014
1015	These warnings can be safely ignored or you can create a resolv.h
1016	file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads:
1017
1018	   #undef __P
1019	   #include "/usr/include/resolv.h"
1020
1021	This problem was fixed in Solaris 7 (Sun bug ID 4081053).
1022
1023Solaris 7 (SunOS 5.7)
1024	Solaris 7 includes LDAP libraries but the implementation was
1025	lacking a few things.  The following settings can be placed in
1026	devtools/Site/site.SunOS.5.7.m4 if you plan on using those
1027	libraries.
1028
1029	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1030	APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
1031	APPENDDEF(`confLIBS', `-lldap')
1032
1033	Also, Sun's patch 107555 is needed to prevent a crash in the call
1034	to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
1035	LDAP support is compiled in sendmail.
1036
1037Solaris 8 and later (SunOS 5.8 and later)
1038	Solaris 8 and later can optionally install LDAP support.  If you
1039	have installed the Entire Distribution meta-cluster, you can use
1040	the following in devtools/Site/site.SunOS.5.8.m4 (or other
1041	appropriately versioned file) to enable LDAP:
1042
1043	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1044	APPENDDEF(`confLIBS', `-lldap')
1045
1046Solaris 9 and later (SunOS 5.9 and later)
1047	Solaris 9 and later have a revised LDAP library, libldap.so.5,
1048	which is derived from a Netscape implementation, thus requiring
1049	that SM_CONF_LDAP_MEMFREE be defined in conjunction with LDAPMAP:
1050
1051	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1052	APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE')
1053	APPENDDEF(`confLIBS', `-lldap')
1054
1055Solaris
1056	If you are using dns for hostname resolution on Solaris, make sure
1057	that the 'dns' entry is last on the hosts line in
1058	'/etc/nsswitch.conf'.  For example, use:
1059
1060		hosts:	nisplus files dns
1061
1062	Do not use:
1063
1064		hosts:  nisplus dns [NOTFOUND=return] files
1065
1066	Note that 'nisplus' above is an illustration.  The same comment
1067	applies no matter what naming services you are using.  If you have
1068	anything other than dns last, even after "[NOTFOUND=return]",
1069	sendmail may not be able to determine whether an error was
1070	temporary or permanent.  The error returned by the solaris
1071	gethostbyname() is the error for the last lookup used, and other
1072	naming services do not have the same concept of temporary failure.
1073
1074Ultrix
1075	By default, the IDENT protocol is turned off on Ultrix.  If you
1076	are running Ultrix 4.4 or later, or if you have included patch
1077	CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
1078	IDENT on in the configuration file by setting the "ident" timeout.
1079
1080	The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
1081	included in libc.a.  Unfortunately, the __RES symbol hasn't changed
1082	and therefore, sendmail can no longer automatically detect the
1083	newer version.  If you get a compiler error:
1084
1085	/lib/libc.a(gethostent.o): local_hostname_length: multiply defined
1086
1087	Then rebuild with this in devtools/Site/site.ULTRIX.m4:
1088
1089	APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
1090
1091Digital UNIX (formerly DEC OSF/1)
1092	If you are compiling on OSF/1 (DEC Alpha), you must use
1093	-L/usr/shlib (otherwise it core dumps on startup).  You may also
1094	need -mld to get the nlist() function, although some versions
1095	apparently don't need this.
1096
1097	Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
1098	it, just create the link to the sendmail binary.
1099
1100	On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work
1101	properly due to a bug in the getpw* routines.  If you want to use
1102	this, use -DDEC_OSF_BROKEN_GETPWENT=1.  The problem is fixed in 3.2C.
1103
1104	Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will
1105	only preserve the envelope sender in the "From " header if
1106	DefaultUserID is set to daemon.  Setting this to mailnull will
1107	cause all mail to have the header "From mailnull ...".  To use
1108	a different DefaultUserID, you will need to use a different mail
1109	delivery agent (such as mail.local found in the sendmail
1110	distribution).
1111
1112	On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the
1113	operating system and already has the ndbm.o module removed.  However,
1114	Digital has modified the original Berkeley DB db.h include file.
1115	This results in the following warning while compiling map.c and udb.c:
1116
1117	cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro
1118	 "__signed" conflicts with a current definition because the replacement
1119	 lists differ.  The redefinition is now in effect.
1120	#define __signed        signed
1121	------------------------^
1122
1123	This warning can be ignored.
1124
1125	Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/.
1126	If you have installed a new version of BIND in /usr/include
1127	and /usr/lib, you will experience difficulties as Digital ships
1128	libresolv.a in /usr/ccs/lib/ as well.  Be sure to replace both
1129	copies of libresolv.a.
1130
1131IRIX
1132	The header files on SGI IRIX are completely prototyped, and as
1133	a result you can sometimes get some warning messages during
1134	compilation.  These can be ignored.  There are two errors in
1135	deliver only if you are using gcc, both of the form ``warning:
1136	passing arg N of `execve' from incompatible pointer type''.
1137	Also, if you compile with -DNIS, you will get a complaint
1138	about a declaration of struct dom_binding in a prototype
1139	when compiling map.c; this is not important because the
1140	function being prototyped is not used in that file.
1141
1142	In order to compile sendmail you will have had to install
1143	the developers' option in order to get the necessary include
1144	files.
1145
1146	If you compile with -lmalloc (the fast memory allocator), you may
1147	get warning messages such as the following:
1148
1149	   ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so
1150		preempts that definition in /usr/lib32/mips3/libc.so.
1151	   ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so
1152		preempts that definition in /usr/lib32/mips3/libc.so.
1153	   ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so
1154		preempts that definition in /usr/lib32/mips3/libc.so.
1155	   ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so
1156		preempts that definition in /usr/lib32/mips3/libc.so.
1157	   ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so
1158		preempts that definition in /usr/lib32/mips3/libc.so.
1159
1160	These are unavoidable and innocuous -- just ignore them.
1161
1162	According to Dave Sill <de5@ornl.gov>, there is a version of the
1163	Berkeley DB library patched to run on Irix 6.2 available from
1164	http://reality.sgi.com/ariel/freeware/#db .
1165
1166IRIX 6.x
1167	If you are using XFS filesystem, avoid using the -32 ABI switch to
1168	the cc compiler if possible.
1169
1170	Broken inet_aton and inet_ntoa on IRIX using gcc: There's
1171	a problem with gcc on IRIX, i.e., gcc can't pass structs
1172	less than 16 bits long unless they are 8 bits; IRIX 6.2 has
1173	some other sized structs.  See
1174	http://www.bitmechanic.com/mail-archives/mysql/current/0418.html
1175	This problem seems to be fixed by gcc v2.95.2, gcc v2.8.1
1176	is reported as broken.  Check your gcc version for this bug
1177	before installing sendmail.
1178
1179IRIX 6.4
1180	The IRIX 6.5.4 version of /bin/m4 does not work properly with
1181	sendmail.  Either install fw_m4.sw.m4 off the Freeware_May99 CD and
1182	use /usr/freeware/bin/m4 or install and use GNU m4.
1183
1184NeXT or NEXTSTEP
1185	NEXTSTEP 3.3 and earlier ship with the old DBM library.  Also,
1186	Berkeley DB does not currently run on NEXTSTEP.
1187
1188	If you are compiling on NEXTSTEP, you will have to create an
1189	empty file "unistd.h" and create a file "dirent.h" containing:
1190
1191		#include <sys/dir.h>
1192		#define dirent	direct
1193
1194	(devtools/OS/NeXT should try to do both of these for you.)
1195
1196	Apparently, there is a bug in getservbyname on Nextstep 3.0
1197	that causes it to fail under some circumstances with the
1198	message "SYSERR: service "smtp" unknown" logged.  You should
1199	be able to work around this by including the line:
1200
1201		OOPort=25
1202
1203	in your .cf file.
1204
1205BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
1206	The "m4" from BSDI won't handle the config files properly.
1207	I haven't had a chance to test this myself.
1208
1209	The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config
1210	files properly.  One must use either GNU m4 1.1 or the PD-M4
1211	recently posted in comp.os.386bsd.bugs (and maybe others).
1212	NetBSD-current includes the PD-M4 (as stated in the NetBSD file
1213	CHANGES).
1214
1215	FreeBSD 1.0 RELEASE has uname(2) now.  Use -DUSEUNAME in order to
1216	use it (look into devtools/OS/FreeBSD).  NetBSD-current may have
1217	it too but it has not been verified.
1218
1219	The latest version of Berkeley DB uses a different naming
1220	scheme than the version that is supplied with your release.  This
1221	means you will be able to use the current version of Berkeley DB
1222	with sendmail as long you use the new db.h when compiling
1223	sendmail and link it against the new libdb.a or libdb.so.  You
1224	should probably keep the original db.h in /usr/include and the
1225	new db.h in /usr/local/include.
1226
12274.3BSD
1228	If you are running a "virgin" version of 4.3BSD, you'll have
1229	a very old resolver and be missing some header files.  The
1230	header files are simple -- create empty versions and everything
1231	will work fine.  For the resolver you should really port a new
1232	version (4.8.3 or later) of the resolver; 4.9 is available on
1233	gatekeeper.DEC.COM in pub/BSD/bind/4.9.  If you are really
1234	determined to continue to use your old, buggy version (or as
1235	a shortcut to get sendmail working -- I'm sure you have the
1236	best intentions to port a modern version of BIND), you can
1237	copy ../contrib/oldbind.compat.c into sendmail and add the
1238	following to devtools/Site/site.config.m4:
1239
1240	APPENDDEF(`confOBJADD', `oldbind.compat.o')
1241
1242OpenBSD (up to 2.9 Release), NetBSD, FreeBSD (up to 4.3-RELEASE)
1243	m4 from *BSD won't handle libsm/Makefile.m4 properly, since the
1244	maximum length for strings is too short.  You need to use GNU m4
1245	or patch m4, see for example:
1246  http://FreeBSD.org/cgi/cvsweb.cgi/src/usr.bin/m4/eval.c.diff?r1=1.11&r2=1.12
1247
1248A/UX
1249	Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT)
1250	From: "Eric C. Hagberg" <hagberg@med.cornell.edu>
1251	Subject: Fix for A/UX ndbm
1252
1253	I guess this isn't really a sendmail bug, however, it is something
1254	that A/UX users should be aware of when compiling sendmail 8.6.
1255
1256	Apparently, the calls that sendmail is using to the ndbm routines
1257	in A/UX 3.0.x contain calls to "broken" routines, in that the
1258	aliases database will break when it gets "just a little big"
1259	(sorry I don't have exact numbers here, but it broke somewhere
1260	around 20-25 aliases for me.), making all aliases non-functional
1261	after exceeding this point.
1262
1263	What I did was to get the gnu-dbm-1.6 package, compile it, and
1264	then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
1265	ndbm.h header file that comes with the gnu-package.  This makes
1266	things behave properly.
1267	  [NOTE: see comment above about GDBM]
1268
1269	I suppose porting the New Berkeley DB package is another route,
1270	however, I made a quick attempt at it, and found it difficult
1271	(not easy at least); the gnu-dbm package "configured" and
1272	compiled easily.
1273
1274	  [NOTE: Berkeley DB version 2.X runs on A/UX and can be used for
1275	  database maps.]
1276
1277SCO Unix
1278	From: Thomas Essebier <tom@stallion.oz.au>
1279	Organisation:  Stallion Technologies Pty Ltd.
1280
1281	It will probably help those who are trying to configure sendmail 8.6.9
1282	to know that if they are on SCO, they had better set
1283		OI-dnsrch
1284	or they will core dump as soon as they try to use the resolver.
1285	i.e., although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3,
1286	it does not inititialise it, nor does it understand 'search' in
1287	/etc/named.boot.
1288		- sigh -
1289
1290	According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
1291	We recommend installing GNU m4 before attempting to build sendmail.
1292
1293	On some versions a bogus error value is listed if connections
1294	time out (large negative number).  To avoid this explicitly set
1295	Timeout.connect to a reasonable value (several minutes).
1296
1297DG/UX
1298	Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run
1299	V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage.
1300	Originally, the DG /bin/mail program wasn't compatible with
1301	the V8 sendmail, since the DG /bin/mail requires the environment
1302	variable "_FORCE_MAIL_LOCAL_=yes" be set.  Version 8.7 now includes
1303	this in the environment before invoking the local mailer.  Some
1304	have used procmail to avoid this problem in the past.  It works
1305	but some have experienced file locking problems with their DG/UX
1306	ports of procmail.
1307
1308Apollo DomainOS
1309	If you are compiling on Apollo, you will have to create an empty
1310	file "unistd.h" (for DomainOS 10.3 and earlier) and create a file
1311	"dirent.h" containing:
1312
1313		#include <sys/dir.h>
1314		#define dirent	direct
1315
1316	(devtools/OS/DomainOS will attempt to do both of these for you.)
1317
1318HP-UX 8.00
1319	Date: Mon, 24 Jan 1994 13:25:45 +0200
1320	From: Kimmo Suominen <Kimmo.Suominen@lut.fi>
1321	Subject: 8.6.5 w/ HP-UX 8.00 on s300
1322
1323	Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (i.e.,
1324	a series 300 machine) running HP-UX 8.00.
1325
1326	I was getting segmentation fault when delivering to a local user.
1327	With debugging I saw it was faulting when doing _free@libc... *sigh*
1328	It seems the new implementation of malloc on s300 is buggy as of 8.0,
1329	so I tried out the one in -lmalloc (malloc(3X)).  With that it seems
1330	to work just dandy.
1331
1332	When linking, you will get the following error:
1333
1334	ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a
1335
1336	but you can just ignore it.  You might want to add this info to the
1337	README file for the future...
1338
1339Linux
1340	Something broke between versions 0.99.13 and 0.99.14 of Linux: the
1341	flock() system call gives errors.  If you are running .14, you must
1342	not use flock.  You can do this with -DHASFLOCK=0.  We have also
1343	been getting complaints since version 2.4.X was released.
1344	sendmail 8.13 has changed the default locking method to fcntl()
1345	for Linux kernel version 2.4 and later.  Be sure to update other
1346	sendmail related programs to match locking techniques (some
1347	examples, besides makemap and mail.local, include procmail, mailx,
1348	mutt, elm, etc).
1349
1350	Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the
1351	initialization of the _res structure changed.  If /etc/hosts.conf
1352	was configured as "hosts, bind" the resolver code could return
1353	"Name server failure" errors.  This is supposedly fixed in
1354	later versions of libc (>= 4.6.29?), and later versions of
1355	sendmail (> 8.6.10) try to work around the problem.
1356
1357	Some older versions (< 4.6.20?) of the libc/include files conflict
1358	with sendmail's version of cdefs.h.  Deleting sendmail's version
1359	on those systems should be non-harmful, and new versions don't care.
1360
1361	NOTE ON LINUX & BIND:  By default, the Makefile generated for Linux
1362	includes header files in /usr/local/include and libraries in
1363	/usr/local/lib.  If you've installed BIND on your system, the header
1364	files typically end up in the search path and you need to add
1365	"-lresolv" to the LIBS line in your Makefile.  Really old versions
1366	may need to include "-l44bsd" as well (particularly if the link phase
1367	complains about missing strcasecmp, strncasecmp or strpbrk).
1368	Complaints about an undefined reference to `__dn_skipname' in
1369	domain.o are a sure sign that you need to add -lresolv to LIBS.
1370	Newer versions of Linux are basically threaded BIND, so you may or
1371	may not see complaints if you accidentally mix BIND
1372	headers/libraries with virginal libc.  If you have BIND headers in
1373	/usr/local/include (resolv.h, etc) you *should* be adding -lresolv
1374	to LIBS.  Data structures may change and you'd be asking for a
1375	core dump.
1376
1377	A number of problems have been reported regarding the Linux 2.2.0
1378	kernel.  So far, these problems have been tracked down to syslog()
1379	and DNS resolution.  We believe the problem is with the poll()
1380	implementation in the Linux 2.2.0 kernel and poll()-aware versions
1381	of glib (at least up to 2.0.111).
1382
1383glibc
1384	glibc 2.2.1 (and possibly other versions) changed the value of
1385	__RES in resolv.h but failed to actually provide the IPv6 API
1386	changes that the change implied.  Therefore, compiling with
1387	-DNETINET6 fails.
1388
1389	Workarounds:
1390	1) Compile without -DNETINET6
1391	2) Build against a real BIND 8.2.2 include/lib tree
1392	3) Wait for glibc to fix it
1393
1394AIX 4.X
1395	The AIX 4.X linker uses library paths specified during compilation
1396	using -L for run-time shared library searches.  Therefore, it is
1397	vital that relative and unsafe directory paths not be using when
1398	compiling sendmail.  Because of this danger, by default, compiles
1399	on AIX use the -blibpath option to limit shared libraries to
1400	/usr/lib and /lib.  If you need to allow more directories, such as
1401	/usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
1402	site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
1403	appropriately.  For example:
1404
1405	define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
1406
1407	Be sure to only add (safe) system directories.
1408
1409	The AIX version of GNU ld also exhibits this problem.  If you are
1410	using that version, instead of -blibpath, use its -rpath option.
1411	For example:
1412
1413	gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
1414
1415AIX 4.X	If the test program t-event (and most others) in libsm fails,
1416	check your compiler settings.  It seems that the flags -qnoro or
1417	-qnoroconst on some AIX versions trigger a compiler bug.  Check
1418	your compiler settings or use cc instead of xlc.
1419
1420AIX 4.0-4.2, maybe some AIX 4.3 versions
1421	The AIX m4 implements a different mechanism for ifdef which is
1422	inconsistent with other versions of m4.  Therefore, it will not
1423	work properly with the sendmail Build architecture or m4
1424	configuration method.  To work around this problem, please use
1425	GNU m4 from ftp://ftp.gnu.org/pub/gnu/.
1426	The problem seems to be solved in AIX 4.3.3 at least.
1427
1428AIX 4.3.3
1429	From: Valdis.Kletnieks@vt.edu
1430	Date: Sun, 02 Jul 2000 03:58:02 -0400
1431
1432	Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
1433	BIND 8.2.2 security holes, you can no longer build with  -DNETINET6
1434	because they changed the value of __RES in resolv.h but failed to
1435	actually provide the API changes that the change implied.
1436
1437	Workarounds:
1438	1) Compile without -DNETINET6
1439	2) Build against a real BIND 8.2.2 include/lib tree
1440	3) Wait for IBM to fix it
1441
1442AIX 3.x
1443	This version of sendmail does not support MB, MG, and MR resource
1444	records, which are supported by AIX sendmail.
1445
1446	Several people have reported that the IBM-supplied named returns
1447	fairly random results -- the named should be replaced.  It is not
1448	necessary to replace the resolver, which will simplify installation.
1449	A new BIND resolver can be found at http://www.isc.org/isc/.
1450
1451AIX 3.1.x
1452	The supplied load average code only works correctly for AIX 3.2.x.
1453	For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor''
1454	package by Jussi Maki <jmaki@hut.fi> from ftp.funet.fi in the
1455	directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd
1456	daemon, and the getloadavg subroutine supplied with that package.
1457	If you don't care about load average throttling, just turn off
1458	load average checking using -DLA_TYPE=LA_ZERO.
1459
1460RISC/os
1461	RISC/os from MIPS is a merged AT&T/Berkeley system.  When you
1462	compile on that platform you will get duplicate definitions
1463	on many files.  You can ignore these.
1464
1465System V Release 4 Based Systems
1466	There is a single devtools OS that is intended for all SVR4-based
1467	systems (built from devtools/OS/SVR4).  It defines __svr4__,
1468	which is predefined by some compilers.  If your compiler already
1469	defines this compile variable, you can delete the definition from
1470	the generated Makefile or create a devtools/Site/site.config.m4
1471	file.
1472
1473	It's been tested on Dell Issue 2.2.
1474
1475DELL SVR4
1476	Date:      Mon, 06 Dec 1993 10:42:29 EST
1477	From: "Kimmo Suominen" <kim@grendel.lut.fi>
1478	Message-ID: <2d0352f9.lento29@lento29.UUCP>
1479	To: eric@cs.berkeley.edu
1480	Cc: sendmail@cs.berkeley.edu
1481	Subject:   Notes for DELL SVR4
1482
1483	Eric,
1484
1485	Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4.  I ran
1486	across these things when helping out some people who contacted me by
1487	e-mail.
1488
1489	1) Use gcc 2.4.5 (or later?).  Dell distributes gcc 2.1 with their
1490	   Issue 2.2 Unix.  It is too old, and gives you problems with
1491	   clock.c, because sigset_t won't get defined in <sys/signal.h>.
1492	   This is due to a problematic protection rule in there, and is
1493	   fixed with gcc 2.4.5.
1494
1495	2) If you don't use the new Berkeley DB (-DNEWDB), then you need
1496	   to add "-lc -lucb" to the libraries to link with.  This is because
1497	   the -ldbm distributed by Dell needs the bcopy, bcmp and bzero
1498	   functions.  It is important that you specify both libraries in
1499	   the given order to be sure you only get the BSTRING functions
1500	   from the UCB library (and not the signal routines etc.).
1501
1502	3) Don't leave out "-lelf" even if compiling with "-lc -lucb".
1503	   The UCB library also has another copy of the nlist routines,
1504	   but we do want the ones from "-lelf".
1505
1506	If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they
1507	can use anonymous ftp to fetch them from lut.fi in the /kim directory.
1508	They are copies of what I use on grendel.lut.fi, and offering them
1509	does not imply that I would also support them.  I have sent the DB
1510	port for SVR4 back to Keith Bostic for inclusion in the official
1511	distribution, but I haven't heard anything from him as of today.
1512
1513	- gcc-2.4.5-svr4.tar.gz	(gcc 2.4.5 and the corresponding libg++)
1514	- db-1.72.tar.gz	(with source, objects and a installed copy)
1515
1516	Cheers
1517	+ Kim
1518	--
1519	 *  Kimmo.Suominen@lut.fi  *  SysVr4 enthusiast at GRENDEL.LUT.FI  *
1520	*    KIM@FINFILES.BITNET   *  Postmaster and Hostmaster at LUT.FI   *
1521	 *    + 358 200 865 718    *  Unix area moderator at NIC.FUNET.FI  *
1522
1523ConvexOS 10.1 and below
1524	In order to use the name server, you must create the file
1525	/etc/use_nameserver.  If this file does not exist, the call
1526	to res_init() will fail and you will have absolutely no
1527	access to DNS, including MX records.
1528
1529Amdahl UTS 2.1.5
1530	In order to get UTS to work, you will have to port BIND 4.9.
1531	The vendor's BIND is reported to be ``totally inadequate.''
1532	See sendmail/contrib/AmdahlUTS.patch for the patches necessary
1533	to get BIND 4.9 compiled for UTS.
1534
1535UnixWare
1536	According to Alexander Kolbasov <sasha@unitech.gamma.ru>,
1537	the m4 on UnixWare 2.0 (still in Beta) will core dump on the
1538	config files.  GNU m4 and the m4 from UnixWare 1.x both work.
1539
1540	According to Larry Rosenman <ler@lerami.lerctr.org>:
1541
1542		UnixWare 2.1.[23]'s m4 chokes (not obviously) when
1543		processing the 8.9.0 cf files.
1544
1545		I had a LOCAL_RULE_0 that wound up AFTER the
1546		SBasic_check_rcpt rules using the SCO supplied M4.
1547		GNU M4 works fine.
1548
1549UNICOS 8.0.3.4
1550	Some people have reported that the -O flag on UNICOS can cause
1551	problems.  You may want to turn this off if you have problems
1552	running sendmail.  Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>.
1553
1554Darwin/Mac OS X (10.X.X)
1555	The linker errors produced regarding getopt() and its associated
1556	variables can safely be ignored.
1557
1558	From Mike Zimmerman <zimmy@torrentnet.com>:
1559
1560	From scratch here is what Darwin users need to do to the standard
1561	10.0.0, 10.0.1 install to get sendmail working.
1562	From http://www.macosx.com/forums/showthread.php?s=6dac0e9e1f3fd118a4870a8a9b559491&threadid=2242:
1563	1. chmod g-w / /private /private/etc
1564	2. Properly set HOSTNAME in /etc/hostconfig to your FQDN:
1565	   HOSTNAME=-my.domain.com-
1566	3. Edit /etc/rc.boot:
1567	   hostname my.domain.com
1568	   domainname domain.com
1569	4. Edit /System/Library/StartupItems/Sendmail/Sendmail:
1570	   Remove the "&" after the sendmail command:
1571	   /usr/sbin/sendmail -bd -q1h
1572
1573	From Carsten Klapp <carsten.klapp@home.com>:
1574
1575	The easiest workaround is to remove the group-writable permission
1576	for the root directory and the symbolic /etc inherits this
1577	change. While this does fix sendmail, the unfortunate side-effect
1578	is the OS X admin will no longer be able to manipulate icons in the
1579	top level of the Startup disk unless logged into the GUI as the
1580	superuser.
1581
1582	In applying the alternate workaround, care must be taken while
1583	swapping the symlink /etc with the directory /private/etc. In all
1584	likelihood any admin who is concerned with this sendmail error has
1585	enough experience to not accidentally harm anything in the process.
1586
1587	a. Swap the /etc symlink with /private/etc (as superuser):
1588	   rm /etc
1589	   mv /private/etc /etc
1590	   ln -s /etc /private/etc
1591
1592	b. Set / to group unwritable (as superuser):
1593	   chmod g-w /
1594
1595Darwin/Mac OS X (10.1.5)
1596	Apple's upgrade to sendmail 8.12 is incorrectly configured.  You
1597	will need to manually fix it up by doing the following:
1598
1599	1. chown smmsp:smmsp /var/spool/clientmqueue
1600	2. chmod 2770 /var/spool/clientmqueue
1601	3. chgrp smmsp /usr/sbin/sendmail
1602	4. chmod g+s /usr/sbin/sendmail
1603
1604	From Daniel J. Luke <dluke@geeklair.net>:
1605
1606	It appears that setting the sendmail.cf property in
1607	/locations/sendmail in NetInfo on Mac OS X 10.1.5 with sendmail
1608	8.12.4 causes 'bad things' to happen.
1609
1610	Specifically sendmail instances that should be getting their config
1611	from /etc/mail/submit.cf don't (so mail/mutt/perl scripts which
1612	open pipes to sendmail stop working as sendmail tries to write to
1613	/var/spool/mqueue and cannot as sendmail is no longer suid root).
1614
1615	Removing the entry from NetInfo fixes this problem.
1616
1617GNU getopt
1618	I'm told that GNU getopt has a problem in that it gets confused
1619	by the double call.  Use the version in conf.c instead.
1620
1621BIND 4.9.2 and Ultrix
1622	If you are running on Ultrix, be sure you read conf/Info.Ultrix
1623	in the BIND distribution very carefully -- there is information
1624	in there that you need to know in order to avoid errors of the
1625	form:
1626
1627		/lib/libc.a(gethostent.o): sethostent: multiply defined
1628		/lib/libc.a(gethostent.o): endhostent: multiply defined
1629		/lib/libc.a(gethostent.o): gethostbyname: multiply defined
1630		/lib/libc.a(gethostent.o): gethostbyaddr: multiply defined
1631
1632	during the link stage.
1633
1634BIND 8.X
1635	BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
1636	DNS failures when trying to find the hostname associated with an IP
1637	address (gethostbyaddr()).  This can cause problems as
1638	$&{client_name} based lookups in class R ($=R) and the access
1639	database won't succeed.
1640
1641	This will be fixed in BIND 8.2.1.  For earlier versions, this can
1642	be fixed by making "dns" the last name service queried for host
1643	resolution in /etc/irs.conf:
1644
1645		hosts local continue
1646		hosts dns
1647
1648strtoul
1649	Some compilers (notably gcc) claim to be ANSI C but do not
1650	include the ANSI-required routine "strtoul".  If your compiler
1651	has this problem, you will get an error in srvrsmtp.c on the
1652	code:
1653
1654	  # ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
1655			e->e_msgsize = strtoul(vp, (char **) NULL, 10);
1656	  # else
1657			e->e_msgsize = strtol(vp, (char **) NULL, 10);
1658	  # endif
1659
1660	You can use -DBROKEN_ANSI_LIBRARY to get around this problem.
1661
1662Listproc 6.0c
1663	Date: 23 Sep 1995 23:56:07 GMT
1664	Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk>
1665	From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz)
1666	Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint]
1667
1668	Just upgraded to sendmail 8.7, and discovered that listproc 6.0c
1669	breaks, because it, by default, sends a blank "HELO" rather than
1670	a "HELO hostname" when using the 'system' or 'telnet' mail method.
1671
1672	The fix is to include -DZMAILER in the compilation, which will
1673	cause it to use "HELO hostname" (which Z-mail apparently requires
1674	as well. :)
1675
1676OpenSSL
1677	OpenSSL versions prior to 0.9.6 use a macro named Free which
1678	conflicts with existing macro names on some platforms, such as
1679	AIX.
1680	Do not use 0.9.3, but OpenSSL 0.9.5a or later if compatible with
1681	0.9.5a.
1682
1683PH
1684	PH support is provided by Mark Roth <roth@uiuc.edu>.  The map is
1685	described at http://www-dev.cites.uiuc.edu/sendmail/ .
1686
1687	NOTE: The "spacedname" pseudo-field which was used by earlier
1688	versions of the PH map code is no longer supported!  See the URL
1689	listed above for more information.
1690
1691	Please contact Mark Roth for support and questions regarding the
1692	map.
1693
1694TCP Wrappers
1695	If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
1696	also need to install libwrap.a and modify your site.config.m4 file
1697	or the generated Makefile to include -lwrap in the LIBS line
1698	(make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
1699	libwrap.a can be found).
1700
1701	TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
1702
1703	If you have alternate MX sites for your site, be sure that all of
1704	your MX sites reject the same set of hosts.  If not, a bad guy whom
1705	you reject will connect to your site, fail, and move on to the next
1706	MX site, which will accept the mail for you and forward it on to you.
1707
1708Regular Expressions (MAP_REGEX)
1709	If sendmail linking fails with:
1710
1711		undefined reference to 'regcomp'
1712
1713	or sendmail gives an error about a regular expression with:
1714
1715		pattern-compile-error: : Operation not applicable
1716
1717	Your libc does not include a running version of POSIX-regex.  Use
1718	librx or regex.o from the GNU Free Software Foundation,
1719	ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
1720	ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
1721	You can also use the regex-lib by Henry Spencer,
1722	ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
1723	Make sure, your compiler reads regex.h from the distribution,
1724	not from /usr/include, otherwise sendmail will dump a core.
1725
1726Fedora Core 5, 64 bit version
1727	If the ld stage fails with undefined functions like
1728	__res_querydomain, __dn_expand
1729	then add these lines to devtools/Site/site.config.m4
1730
1731	APPENDDEF(`confLIBDIRS', `-L/usr/lib64')
1732	APPENDDEF(`confINCDIRS', `-I/usr/include/bind9')
1733
1734	and rebuild (sh ./Build -c).
1735
1736	Problem noted by Daniel Krones, solution suggested by
1737	Anthony Howe.
1738
1739
1740+--------------+
1741| MANUAL PAGES |
1742+--------------+
1743
1744The manual pages have been written against the -man macros, and
1745should format correctly with any reasonable *roff.
1746
1747
1748+-----------------+
1749| DEBUGGING HOOKS |
1750+-----------------+
1751
1752As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log
1753some debugging output (logged at LOG_DEBUG severity).  The
1754information dumped is:
1755
1756 * The value of the $j macro.
1757 * A warning if $j is not in the set $=w.
1758 * A list of the open file descriptors.
1759 * The contents of the connection cache.
1760 * If ruleset 89 is defined, it is evaluated and the results printed.
1761
1762This allows you to get information regarding the runtime state of the
1763daemon on the fly.  This should not be done too frequently, since
1764the process of rewriting may lose memory which will not be recovered.
1765Also, ruleset 89 may call non-reentrant routines, so there is a small
1766non-zero probability that this will cause other problems.  It is
1767really only for debugging serious problems.
1768
1769A typical formulation of ruleset 89 would be:
1770
1771	R$*		$@ $>0 some test address
1772
1773
1774+-----------------------------+
1775| DESCRIPTION OF SOURCE FILES |
1776+-----------------------------+
1777
1778The following list describes the files in this directory:
1779
1780Build		Shell script for building sendmail.
1781Makefile	A convenience for calling ./Build.
1782Makefile.m4	A template for constructing a makefile based on the
1783		information in the devtools directory.
1784README		This file.
1785TRACEFLAGS	My own personal list of the trace flags -- not guaranteed
1786		to be particularly up to date.
1787alias.c		Does name aliasing in all forms.
1788aliases.5	Man page describing the format of the aliases file.
1789arpadate.c	A subroutine which creates ARPANET standard dates.
1790bf.c		Routines to implement memory-buffered file system using
1791		hooks provided by libsm now (formerly Torek stdio library).
1792bf.h		Buffered file I/O function declarations and
1793		data structure and function declarations for bf.c.
1794collect.c	The routine that actually reads the mail into a temp
1795		file.  It also does a certain amount of parsing of
1796		the header, etc.
1797conf.c		The configuration file.  This contains information
1798		that is presumed to be quite static and non-
1799		controversial, or code compiled in for efficiency
1800		reasons.  Most of the configuration is in sendmail.cf.
1801conf.h		Configuration that must be known everywhere.
1802control.c	Routines to implement control socket.
1803convtime.c	A routine to sanely process times.
1804daemon.c	Routines to implement daemon mode.
1805deliver.c	Routines to deliver mail.
1806domain.c	Routines that interface with DNS (the Domain Name
1807		System).
1808envelope.c	Routines to manipulate the envelope structure.
1809err.c		Routines to print error messages.
1810headers.c	Routines to process message headers.
1811helpfile	An example helpfile for the SMTP HELP command and -bt mode.
1812macro.c		The macro expander.  This is used internally to
1813		insert information from the configuration file.
1814mailq.1		Man page for the mailq command.
1815main.c		The main routine to sendmail.  This file also
1816		contains some miscellaneous routines.
1817makesendmail	A convenience for calling ./Build.
1818map.c		Support for database maps.
1819mci.c		Routines that handle mail connection information caching.
1820milter.c	MTA portions of the mail filter API.
1821mime.c		MIME conversion routines.
1822newaliases.1	Man page for the newaliases command.
1823parseaddr.c	The routines which do address parsing.
1824queue.c		Routines to implement message queueing.
1825readcf.c	The routine that reads the configuration file and
1826		translates it to internal form.
1827recipient.c	Routines that manipulate the recipient list.
1828sasl.c		Routines to interact with Cyrys-SASL.
1829savemail.c	Routines which save the letter on processing errors.
1830sendmail.8	Man page for the sendmail command.
1831sendmail.h	Main header file for sendmail.
1832sfsasl.c	I/O interface between SASL/TLS and the MTA.
1833sfsasl.h	Header file for sfsasl.c.
1834shmticklib.c	Routines for shared memory counters.
1835sm_resolve.c	Routines for DNS lookups (for DNS map type).
1836sm_resolve.h	Header file for sm_resolve.c.
1837srvrsmtp.c	Routines to implement server SMTP.
1838stab.c		Routines to manage the symbol table.
1839stats.c		Routines to collect and post the statistics.
1840statusd_shm.h	Data structure and function declarations for shmticklib.c.
1841sysexits.c	List of error messages associated with error codes
1842		in sysexits.h.
1843sysexits.h	List of error codes for systems that lack their own.
1844timers.c	Routines to provide microtimers.
1845timers.h	Data structure and function declarations for timers.h.
1846tls.c		Routines for TLS.
1847trace.c		The trace package.  These routines allow setting and
1848		testing of trace flags with a high granularity.
1849udb.c		The user database interface module.
1850usersmtp.c	Routines to implement user SMTP.
1851util.c		Some general purpose routines used by sendmail.
1852version.c	The version number and information about this
1853		version of sendmail.
1854
1855(Version $Revision: 8.393 $, last update $Date: 2013-11-22 20:51:54 $ )
1856