xref: /freebsd/contrib/sendmail/src/README (revision d7d962ead0b6e5e8a39202d0590022082bf5bfb6)
1# Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
2#	All rights reserved.
3# Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
4# Copyright (c) 1988
5#	The Regents of the University of California.  All rights reserved.
6#
7# By using this file, you agree to the terms and conditions set
8# forth in the LICENSE file which can be found at the top level of
9# the sendmail distribution.
10#
11#
12#	$Id: README,v 8.393 2013-11-22 20:51:54 ca Exp $
13#
14
15This directory contains the source files for sendmail(TM).
16
17   *******************************************************************
18   !! Read sendmail/SECURITY for important installation information !!
19   *******************************************************************
20
21	**********************************************************
22	**  Read below for more details on building sendmail.	**
23	**********************************************************
24
25**************************************************************************
26**  IMPORTANT:  Read the appropriate paragraphs in the section on	**
27**  ``Operating System and Compile Quirks''.				**
28**************************************************************************
29
30For detailed instructions, please read the document ../doc/op/op.me:
31
32	cd ../doc/op ; make op.ps op.txt
33
34Sendmail is a trademark of Proofpoint, Inc.
35US Patent Numbers 6865671, 6986037.
36
37
38+-------------------+
39| BUILDING SENDMAIL |
40+-------------------+
41
42By far, the easiest way to compile sendmail is to use the "Build"
43script:
44
45	sh ./Build
46
47This uses the "uname" command to figure out what architecture you are
48on and creates a proper Makefile accordingly.  It also creates a
49subdirectory per object format, so that multiarchitecture support is
50easy.  In general this should be all you need.  IRIX 6.x users should
51read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section.
52
53If you need to look at other include or library directories, use the
54-I or -L flags on the command line, e.g.,
55
56	sh ./Build -I/usr/sww/include -L/usr/sww/lib
57
58It's also possible to create local site configuration in the file
59site.config.m4 (or another file settable with the -f flag).  This
60file contains M4 definitions for various compilation values; the
61most useful are:
62
63confMAPDEF	-D flags to specify database types to be included
64		(see below)
65confENVDEF	-D flags to specify other environment information
66confINCDIRS	-I flags for finding include files during compilation
67confLIBDIRS	-L flags for finding libraries during linking
68confLIBS	-l flags for selecting libraries during linking
69confLDOPTS	other ld(1) linker options
70
71Others can be found by examining Makefile.m4.  Please read
72../devtools/README for more information about the site.config.m4
73file.
74
75You can recompile from scratch using the -c flag with the Build
76command.  This removes the existing compilation directory for the
77current platform and builds a new one.  The -c flag must also
78be used if any site.*.m4 file in devtools/Site/ is changed.
79
80Porting to a new Unix-based system should be a matter of creating
81an appropriate configuration file in the devtools/OS/ directory.
82
83
84+----------------------+
85| DATABASE DEFINITIONS |
86+----------------------+
87
88There are several database formats that can be used for the alias files
89and for general maps.  When used for alias files they interact in an
90attempt to be backward compatible.
91
92The options are:
93
94CDB		Constant DataBase, requires tinycdb (0.75), see
95		http://www.corpit.ru/mjt/tinycdb.html
96		CDB is included automatically if the Build script can find
97		a library named libcdb.a or libcdb.so.
98		By default, .cdb is used as extension for cdb maps, however,
99		if CDB is set to 2, then .db is used to make transition from
100		hash maps easier.  Note: this usually requires to exclude cdb
101		from confLIBSEARCH, see devtools/README.
102NEWDB		The new Berkeley DB package.  Some systems (e.g., BSD/OS and
103		Digital UNIX 4.0) have some version of this package
104		pre-installed.  If your system does not have Berkeley DB
105		pre-installed, or the version installed is not version 2.0
106		or greater (e.g., is Berkeley DB 1.85 or 1.86), get the
107		current version from http://www.sleepycat.com/.  DO NOT
108		use a version from any of the University of California,
109		Berkeley "Net" or other distributions.  If you are still
110		running BSD/386 1.x, you will need to upgrade the included
111		Berkeley DB library to a current version.  NEWDB is included
112		automatically if the Build script can find a library named
113		libdb.a or libdb.so.
114		See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley
115		DB versions, e.g., DB 4.1.x.
116NDBM		The older NDBM implementation -- the very old V7 DBM
117		implementation is no longer supported.
118NIS		Network Information Services.  To use this you must have
119		NIS support on your system.
120NISPLUS		NIS+ (the revised NIS released with Solaris 2).  You must
121		have NIS+ support on your system to use this flag.
122HESIOD		Support for Hesiod (from the DEC/Athena distribution).  You
123		must already have Hesiod support on your system for this to
124		work.  You may be able to get this to work with the MIT/Athena
125		version of Hesiod, but that's likely to be a lot of work.
126		BIND 8.X also includes Hesiod support.
127LDAPMAP		Lightweight Directory Access Protocol support.  You will
128		have to install the UMich or OpenLDAP
129		(http://www.openldap.org/) ldap and lber libraries to use
130		this flag.
131MAP_REGEX	Regular Expression support.  You will need to use an
132		operating system which comes with the POSIX regex()
133		routines or install a regexp library such as libregex from
134		the Free Software Foundation.
135DNSMAP		DNS map support.  Requires NAMED_BIND.
136PH_MAP		PH map support.  You will need the libphclient library from
137		the nph package (http://www-dev.cites.uiuc.edu/ph/nph/).
138MAP_NSD		nsd map support (IRIX 6.5 and later).
139SOCKETMAP	Support for a trivial query protocol over UNIX domain or TCP
140		sockets.
141
142>>>  NOTE WELL for NEWDB support: If you want to get ndbm support, for
143>>>  Berkeley DB versions under 2.0, it is CRITICAL that you remove
144>>>  ndbm.o from libdb.a before you install it and DO NOT install ndbm.h;
145>>>  for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a
146>>>  before you install it.  If you don't delete these, there is absolutely
147>>>  no point to including -DNDBM, since it will just get you another
148>>>  (inferior) API to the same format database.  These files OVERRIDE
149>>>  calls to ndbm routines -- in particular, if you leave ndbm.h in,
150>>>  you can find yourself using the new db package even if you don't
151>>>  define NEWDB.  Berkeley DB versions later than 2.3.14 do not need
152>>>  to be modified.  Please also consult the README in the top level
153>>>  directory of the sendmail distribution for other important information.
154>>>
155>>>  Further note: DO NOT remove your existing /usr/include/ndbm.h --
156>>>  you need that one.  But do not install an updated ndbm.h in
157>>>  /usr/include, /usr/local/include, or anywhere else.
158
159If NEWDB and NDBM are defined (but not NIS), then sendmail will read
160NDBM format alias files, but the next time a newaliases is run the
161format will be converted to NEWDB; that format will be used forever
162more.  This is intended as a transition feature.
163
164If NEWDB, NDBM, and NIS are all defined and the name of the file includes
165the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format
166alias files.  However, it will only read the NEWDB file; the NDBM format
167file is used only by the NIS subsystem.  This is needed because the NIS
168maps on an NIS server are built directly from the NDBM files.
169
170If NDBM and NIS are defined (regardless of the definition of NEWDB),
171and the filename includes the string "/yp/", sendmail adds the special
172tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
173required if the NDBM file is to be used as an NIS map.
174
175All of these flags are normally defined in a confMAPDEF setting in your
176site.config.m4.
177
178If you define NEWDB or HESIOD you get the User Database (USERDB)
179automatically.  Generally you do want to have NEWDB for it to do
180anything interesting.  See above for getting the Berkeley DB
181package (i.e., NEWDB).  There is no separate "user database"
182package -- don't bother searching for it on the net.
183
184Hesiod and LDAP require libraries that may not be installed with your
185system.  These are outside of my ability to provide support.  See the
186"Quirks" section for more information.
187
188The regex map can be used to see if an address matches a certain regular
189expression.  For example, all-numerics local parts are common spam
190addresses, so "^[0-9]+$" would match this.  By using such a map in a
191check_* rule-set, you can block a certain range of addresses that would
192otherwise be considered valid.
193
194The socket map uses a simple request/reply protocol over TCP or
195UNIX domain sockets to query an external server. Both requests and
196replies are text based and encoded as netstrings.  The socket map
197uses the same syntax as milters the specify the remote endpoint,
198e.g.:
199
200KmySocketMap socket inet:12345@127.0.0.1
201
202See doc/op/op.me for details.
203
204
205+---------------+
206| COMPILE FLAGS |
207+---------------+
208
209Wherever possible, I try to make sendmail pull in the correct
210compilation options needed to compile on various environments based on
211automatically defined symbols.  Some machines don't seem to have useful
212symbols available, requiring that a compilation flag be defined in
213the Makefile; see the devtools/OS subdirectory for the supported
214architectures.
215
216If you are a system to which sendmail has already been ported you
217should not have to touch the following symbols.  But if you are porting,
218you may have to tweak the following compilation flags in conf.h in order
219to get it to compile and link properly:
220
221SYSTEM5		Adjust for System V (not necessarily Release 4).
222SYS5SIGNALS	Use System V signal semantics -- the signal handler
223		is automatically dropped when the signal is caught.
224		If this is not set, use POSIX/BSD semantics, where the
225		signal handler stays in force until an exec or an
226		explicit delete.  Implied by SYSTEM5.
227SYS5SETPGRP	Use System V setpgrp() semantics.  Implied by SYSTEM5.
228HASNICE		Define this to zero if you lack the nice(2) system call.
229HASRRESVPORT	Define this to zero if you lack the rresvport(3) system call.
230HASFCHMOD	Define this to one if you have the fchmod(2) system call.
231		This improves security.
232HASFCHOWN	Define this to one if you have the fchown(2) system call.
233		This is required for the TrustedUser option if sendmail
234		must rebuild an (alias) map.
235HASFLOCK	Set this if you prefer to use the flock(2) system call
236		rather than using fcntl-based locking.  Fcntl locking
237		has some semantic gotchas, but many vendor systems
238		also interface it to lockd(8) to do NFS-style locking.
239		Unfortunately, may vendors implementations of fcntl locking
240		is just plain broken (e.g., locks are never released,
241		causing your sendmail to deadlock; when the kernel runs
242		out of locks your system crashes).  For this reason, I
243		recommend always defining this unless you are absolutely
244		certain that your fcntl locking implementation really works.
245HASUNAME	Set if you have the "uname" system call.  Implied by
246		SYSTEM5.
247HASUNSETENV	Define this if your system library has the "unsetenv"
248		subroutine.
249HASSETSID	Define this if you have the setsid(2) system call.  This
250		is implied if your system appears to be POSIX compliant.
251HASINITGROUPS	Define this if you have the initgroups(3) routine.
252HASSETVBUF	Define this if you have the setvbuf(3) library call.
253		If you don't, setlinebuf will be used instead.  This
254		defaults on if your compiler defines __STDC__.
255HASSETREUID	Define this if you have setreuid(2) ***AND*** root can
256		use setreuid to change to an arbitrary user.  This second
257		condition is not satisfied on AIX 3.x.  You may find that
258		your system has setresuid(2), (for example, on HP-UX) in
259		which case you will also have to #define setreuid(r, e)
260		to be the appropriate call.  Some systems (such as Solaris)
261		have a compatibility routine that doesn't work properly,
262		but may have "saved user ids" properly implemented so you
263		can ``#define setreuid(r, e) seteuid(e)'' and have it work.
264		The important thing is that you have a call that will set
265		the effective uid independently of the real or saved uid
266		and be able to set the effective uid back again when done.
267		There's a test program in ../test/t_setreuid.c that will
268		try things on your system.  Setting this improves the
269		security, since sendmail doesn't have to read .forward
270		and :include: files as root.  There are certain attacks
271		that may be unpreventable without this call.
272USESETEUID	Define this to 1 if you have a seteuid(2) system call that
273		will allow root to set only the effective user id to an
274		arbitrary value ***AND*** you have saved user ids.  This is
275		preferable to HASSETREUID if these conditions are fulfilled.
276		These are the semantics of the to-be-released revision of
277		Posix.1.  The test program ../test/t_seteuid.c will try
278		this out on your system.  If you define both HASSETREUID
279		and USESETEUID, the former is ignored.
280HASSETEGID	Define this if you have setegid(2) and it can be
281		used to set the saved gid.  Please run t_dropgid in
282		test/ if you are not sure whether the call works.
283HASSETREGID	Define this if you have setregid(2) and it can be
284		used to set the saved gid.  Please run t_dropgid in
285		test/ if you are not sure whether the call works.
286HASSETRESGID	Define this if you have setresgid(2) and it can be
287		used to set the saved gid.  Please run t_dropgid in
288		test/ if you are not sure whether the call works.
289HASLSTAT	Define this if you have symbolic links (and thus the
290		lstat(2) system call).  This improves security.  Unlike
291		most other options, this one is on by default, so you
292		need to #undef it in conf.h if you don't have symbolic
293		links (these days everyone does).
294HASSETRLIMIT	Define this to 1 if you have the setrlimit(2) syscall.
295		You can define it to 0 to force it off.  It is assumed
296		if you are running a BSD-like system.
297HASULIMIT	Define this if you have the ulimit(2) syscall (System V
298		style systems).  HASSETRLIMIT overrides, as it is more
299		general.
300HASWAITPID	Define this if you have the waitpid(2) syscall.
301HASGETDTABLESIZE
302		Define this if you have the getdtablesize(2) syscall.
303HAS_GETHOSTBYNAME2	Define this to 1 if your system supports
304		gethostbyname2(2).
305HAS_ST_GEN	Define this to 1 if your system has the st_gen field in
306		the stat structure (see stat(2)).
307HASSRANDOMDEV	Define this if your system has the srandomdev(3) function
308		call.
309HASURANDOMDEV	Define this if your system has /dev/urandom(4).
310HASSTRERROR	Define this if you have the libc strerror(3) function (which
311		should be declared in <errno.h>), and it should be used
312		instead of sys_errlist.
313HASCLOSEFROM	Define this if your system has closefrom(3).
314HASFDWALK	Define this if your system has fdwalk(3).
315SM_CONF_GETOPT	Define this as 0 if you need a reimplementation of getopt(3).
316		On some systems, getopt does very odd things if called
317		to scan the arguments twice.  This flag will ask sendmail
318		to compile in a local version of getopt that works
319		properly.  You may also need this if you build with
320		another library that introduces a non-standard getopt(3).
321NEEDSTRTOL	Define this if your standard C library does not define
322		strtol(3).  This will compile in a local version.
323NEEDFSYNC	Define this if your standard C library does not define
324		fsync(2).  This will try to simulate the operation using
325		fcntl(2); if that is not available it does nothing, which
326		isn't great, but at least it compiles and runs.
327HASGETUSERSHELL	Define this to 1 if you have getusershell(3) in your
328		standard C library.  If this is not defined, or is defined
329		to be 0, sendmail will scan the /etc/shells file (no
330		NIS-style support, defaults to /bin/sh and /bin/csh if
331		that file does not exist) to get a list of unrestricted
332		user shells.  This is used to determine whether users
333		are allowed to forward their mail to a program or a file.
334NEEDPUTENV	Define this if your system needs am emulation of the
335		putenv(3) call.  Define to 1 to implement it in terms
336		of setenv(3) or to 2 to do it in terms of primitives.
337NOFTRUNCATE	Define this if you don't have the ftruncate(2) syscall.
338		If you don't have this system call, there is an unavoidable
339		race condition that occurs when creating alias databases.
340GIDSET_T	The type of entries in a gidset passed as the second
341		argument to getgroups(2).  Historically this has been an
342		int, so this is the default, but some systems (such as
343		IRIX) pass it as a gid_t, which is an unsigned short.
344		This will make a difference, so it is important to get
345		this right!  However, it is only an issue if you have
346		group sets.
347SLEEP_T		The type returned by the system sleep() function.
348		Defaults to "unsigned int".  Don't worry about this
349		if you don't have compilation problems.
350ARBPTR_T	The type of an arbitrary pointer -- defaults to "void *".
351		If you are an very old compiler you may need to define
352		this to be "char *".
353SOCKADDR_LEN_T	The type used for the third parameter to accept(2),
354		getsockname(2), and getpeername(2), representing the
355		length of a struct sockaddr.  Defaults to int.
356SOCKOPT_LEN_T	The type used for the fifth parameter to getsockopt(2)
357		and setsockopt(2), representing the length of the option
358		buffer.  Defaults to int.
359LA_TYPE		The type of load average your kernel supports.  These
360		can be one of:
361		 LA_ZERO (1) -- it always returns the load average as
362			"zero" (and does so on all architectures).
363		 LA_INT (2) to read /dev/kmem for the symbol avenrun and
364			interpret as a long integer.
365		 LA_FLOAT (3) same, but interpret the result as a floating
366			point number.
367		 LA_SHORT (6) to interpret as a short integer.
368		 LA_SUBR (4) if you have the getloadavg(3) routine in your
369			system library.
370		 LA_MACH (5) to use MACH-style load averages (calls
371			processor_set_info()),
372		 LA_PROCSTR (7) to read /proc/loadavg and interpret it
373			as a string representing a floating-point
374			number (Linux-style).
375		 LA_READKSYM (8) is an implementation suitable for some
376			versions of SVr4 that uses the MIOC_READKSYM ioctl
377			call to read /dev/kmem.
378		 LA_DGUX (9) is a special implementation for DG/UX that uses
379			the dg_sys_info system call.
380		 LA_HPUX (10) is an HP-UX specific version that uses the
381			pstat_getdynamic system call.
382		 LA_IRIX6 (11) is an IRIX 6.x specific version that adapts
383			to 32 or 64 bit kernels; it is otherwise very similar
384			to LA_INT.
385		 LA_KSTAT (12) uses the (Solaris-specific) kstat(3k)
386			implementation.
387		 LA_DEVSHORT (13) reads a short from a system file (default:
388			/dev/table/avenrun) and scales it in the same manner
389			as LA_SHORT.
390		 LA_LONGLONG (17) to read /dev/kmem for the symbol avenrun and
391			interpret as a long long integer (e.g., for 64 bit
392			systems).
393		LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several
394		other parameters that they try to divine: the name of your
395		kernel, the name of the variable in the kernel to examine,
396		the number of bits of precision in a fixed point load average,
397		and so forth.  LA_DEVSHORT uses _PATH_AVENRUN to find the
398		device to be read to find the load average.
399		In desperation, use LA_ZERO.  The actual code is in
400		conf.c -- it can be tweaked if you are brave.
401FSHIFT		For LA_INT, LA_SHORT, and LA_READKSYM, this is the number
402		of bits of load average after the binary point -- i.e.,
403		the number of bits to shift right in order to scale the
404		integer to get the true integer load average.  Defaults to 8.
405_PATH_UNIX	The path to your kernel.  Needed only for LA_INT, LA_SHORT,
406		and LA_FLOAT.  Defaults to "/unix" on System V, "/vmunix"
407		everywhere else.
408LA_AVENRUN	For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel
409		variable that holds the load average.  Defaults to "avenrun"
410		on System V, "_avenrun" everywhere else.
411SFS_TYPE	Encodes how your kernel can locate the amount of free
412		space on a disk partition.  This can be set to SFS_NONE
413		(0) if you have no way of getting this information,
414		SFS_USTAT (1) if you have the ustat(2) system call,
415		SFS_4ARGS (2) if you have a four-argument statfs(2)
416		system call (and the include file is <sys/statfs.h>),
417		SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have
418		the two-argument statfs(2) system call with includes in
419		<sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively,
420		or SFS_STATVFS (6) if you have the two-argument statvfs(2)
421		call.  The default if nothing is defined is SFS_NONE.
422SFS_BAVAIL	with SFS_4ARGS you can also set SFS_BAVAIL to the field name
423		in the statfs structure that holds the useful information;
424		this defaults to f_bavail.
425SPT_TYPE	Encodes how your system can display what a process is doing
426		on a ps(1) command (SPT stands for Set Process Title).  Can
427		be set to:
428		SPT_NONE (0) -- Don't try to set the process title at all.
429		SPT_REUSEARGV (1) -- Pad out your argv with the information;
430			this is the default if none specified.
431		SPT_BUILTIN (2) -- The system library has setproctitle.
432		SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2)
433			to set the process title; this is used by HP-UX.
434		SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD).
435		SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6.
436		SPT_SCO (6) -- Write kernel u. area.
437		SPT_CHANGEARGV (7) -- Write pointers to our own strings into
438			the existing argv vector.
439SPT_PADCHAR	Character used to pad the process title; if undefined,
440		the space character (0x20) is used.  This is ignored if
441		SPT_TYPE != SPT_REUSEARGV
442ERRLIST_PREDEFINED
443		If set, assumes that some header file defines sys_errlist.
444		This may be needed if you get type conflicts on this
445		variable -- otherwise don't worry about it.
446WAITUNION	The wait(2) routine takes a "union wait" argument instead
447		of an integer argument.  This is for compatibility with
448		old versions of BSD.
449SCANF		You can set this to extend the F command to accept a
450		scanf string -- this gives you a primitive parser for
451		class definitions -- BUT it can make you vulnerable to
452		core dumps if the target file is poorly formed.
453SYSLOG_BUFSIZE	You can define this to be the size of the buffer that
454		syslog accepts.  If it is not defined, it assumes a
455		1024-byte buffer.  If the buffer is very small (under
456		256 bytes) the log message format changes -- each
457		e-mail message will log many more messages, since it
458		will log each piece of information as a separate line
459		in syslog.
460BROKEN_RES_SEARCH
461		On Ultrix (and maybe other systems?) if you use the
462		res_search routine with an unknown host name, it returns
463		-1 but sets h_errno to 0 instead of HOST_NOT_FOUND.  If
464		you set this, sendmail considers 0 to be the same as
465		HOST_NOT_FOUND.
466NAMELISTMASK	If defined, values returned by nlist(3) are masked
467		against this value before use -- a common value is
468		0x7fffffff to strip off the top bit.
469BSD4_4_SOCKADDR	If defined, socket addresses have an sa_len field that
470		defines the length of this address.
471SAFENFSPATHCONF	Set this to 1 if and only if you have verified that a
472		pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an
473		NFS filesystem where the underlying system allows users to
474		give away files to other users returns <= 0.  Be sure you
475		try both on NFS V2 and V3.  Some systems assume that their
476		local policy apply to NFS servers -- this is a bad
477		assumption!  The test/t_pathconf.c program will try this
478		for you -- you have to run it in a directory that is
479		mounted from a server that allows file giveaway.
480SIOCGIFCONF_IS_BROKEN
481		Set this if your system has an SIOCGIFCONF ioctl defined,
482		but it doesn't behave the same way as "most" systems (BSD,
483		Solaris, SunOS, HP-UX, etc.)
484SIOCGIFNUM_IS_BROKEN
485		Set this if your system has an SIOCGIFNUM ioctl defined,
486		but it doesn't behave the same way as "most" systems
487		(Solaris, HP-UX).
488FAST_PID_RECYCLE
489		Set this if your system can reuse the same PID in the same
490		second.
491SO_REUSEADDR_IS_BROKEN
492		Set this if your system has a setsockopt() SO_REUSEADDR
493		flag but doesn't pay attention to it when trying to bind a
494		socket to a recently closed port.
495NEEDSGETIPNODE	Set this if your system supports IPv6 but doesn't include
496		the getipnodeby{name,addr}() functions.  Set automatically
497		for Linux's glibc.
498PIPELINING	Support SMTP PIPELINING	(set by default).
499USING_NETSCAPE_LDAP
500		Deprecated in favor of SM_CONF_LDAP_MEMFREE.  See
501		libsm/README.
502NEEDLINK	Set this if your system doesn't have a link() call.  It
503		will create a copy of the file instead of a hardlink.
504USE_ENVIRON	Set this to 1 to access process environment variables from
505		the external variable environ instead of the third
506		parameter of main().
507USE_DOUBLE_FORK By default this is on (1).  Set it to 0 to suppress the
508		extra fork() used to avoid intermediate zombies.
509ALLOW_255	Do not convert (char)0xff to (char)0x7f in headers etc.
510		This can also be done at runtime with the command line
511		option -d82.101.
512NEEDINTERRNO	Set this if <errno.h> does not declare errno, i.e., if an
513		application needs to use
514		extern int errno;
515USE_TTYPATH	Set this to 1 to enable ErrorMode=write.
516USESYSCTL	Use sysctl(3) to determine the number of CPUs in a system.
517HASSNPRINTF	Set this to 1 if your OS has a working snprintf(3), i.e.,
518		it properly obeys the size of the buffer and returns the
519		number of characters that would have been printed if the
520		size were unlimited.
521LDAP_REFERRALS	Set this if you want to use the -R flag (do not auto chase
522		referrals) for LDAP maps (requires -DLDAPMAP).
523MILTER_NO_NAGLE	Turn off Nagle algorithm for communication with libmilter
524		("cork" on Linux).  On some operating systems this may
525		improve the interprocess communication performance.
526
527
528+-----------------------+
529| COMPILE-TIME FEATURES |
530+-----------------------+
531
532There are a bunch of features that you can decide to compile in, such
533as selecting various database packages and special protocol support.
534Several are assumed based on other compilation flags -- if you want to
535"un-assume" something, you probably need to edit conf.h.  Compilation
536flags that add support for special features include:
537
538CDB		Include support for tinycdb.
539NDBM		Include support for "new" DBM library for aliases and maps.
540		Normally defined in the Makefile.
541NEWDB		Include support for Berkeley DB package (hash & btree)
542		for aliases and maps.  Normally defined in the Makefile.
543		If the version of NEWDB you have is the old one that does
544		not include the "fd" call (this call was added in version
545		1.5 of the Berkeley DB code), you must upgrade to the
546		current version of Berkeley DB.
547NIS		Define this to get NIS (YP) support for aliases and maps.
548		Normally defined in the Makefile.
549NISPLUS		Define this to get NIS+ support for aliases and maps.
550		Normally defined in the Makefile.
551HESIOD		Define this to get Hesiod support for aliases and maps.
552		Normally defined in the Makefile.
553NETINFO		Define this to get NeXT NetInfo support for aliases and maps.
554		Normally defined in the Makefile.
555LDAPMAP		Define this to get LDAP support for maps.
556PH_MAP		Define this to get PH support for maps.
557MAP_NSD		Define this to get nsd support for maps.
558USERDB		Define this to 1 to include support for the User Information
559		Database.  Implied by NEWDB or HESIOD.  You can use
560		-DUSERDB=0 to explicitly turn it off.
561IDENTPROTO	Define this as 1 to get IDENT (RFC 1413) protocol support.
562		This is assumed unless you are running on Ultrix or
563		HP-UX, both of which have a problem in the UDP
564		implementation.  You can define it to be 0 to explicitly
565		turn off IDENT protocol support.  If defined off, the code
566		is actually still compiled in, but it defaults off; you
567		can turn it on by setting the IDENT timeout in the
568		configuration file.
569IP_SRCROUTE	Define this to 1 to get IP source routing information
570		displayed in the Received: header.  This is assumed on
571		most systems, but some (e.g., Ultrix) apparently have a
572		broken version of getsockopt that doesn't properly
573		support the IP_OPTIONS call.  You probably want this if
574		your OS can cope with it.  Symptoms of failure will be that
575		it won't compile properly (that is, no support for fetching
576		IP_OPTIONs), or it compiles but source-routed TCP connections
577		either refuse to open or open and hang for no apparent reason.
578		Ultrix and AIX3 are known to fail this way.
579LOG		Set this to get syslog(3) support.  Defined by default
580		in conf.h.  You want this if at all possible.
581NETINET		Set this to get TCP/IP support.  Defined by default
582		in conf.h.  You probably want this.
583NETINET6	Set this to get IPv6 support.  Other configuration may
584		be needed in conf.h for your particular operating system.
585		Also, DaemonPortOptions must be set appropriately for
586		sendmail to accept IPv6 connections.
587NETISO		Define this to get ISO networking support.
588NETUNIX		Define this to get Unix domain networking support.  Defined
589		by default.  A few bizarre systems (SCO, ISC, Altos) don't
590		support this networking domain.
591NETNS		Define this to get NS networking support.
592NETX25		Define this to get X.25 networking support.
593NAMED_BIND	If non-zero, include DNS (name daemon) support, including
594		MX support.  The specs say you must use this if you run
595		SMTP.  You don't have to be running a name server daemon
596		on your machine to need this -- any use of the DNS resolver,
597		including remote access to another machine, requires this
598		option.  Defined by default in conf.h.  Define it to zero
599		ONLY on machines that do not use DNS in any way.
600MATCHGECOS	Permit fuzzy matching of user names against the full
601		name (GECOS) field in the /etc/passwd file.  This should
602		probably be on, since you can disable it from the config
603		file if you want to.  Defined by default in conf.h.
604MIME8TO7	If non-zero, include 8 to 7 bit MIME conversions.  This
605		also controls advertisement of 8BITMIME in the ESMTP
606		startup dialogue.
607MIME7TO8_OLD	If 0 then use an algorithm for MIME 7-bit quoted-printable
608		or base64 encoding to 8-bit text that has been introduced
609		in 8.12.3.  There are some examples where that code fails,
610		but the old code works.  If you have an example of improper
611		7 to 8 bit conversion please send it to sendmail-bugs.
612MIME7TO8	If non-zero, include 7 to 8 bit MIME conversions.
613HES_GETMAILHOST	Define this to 1 if you are using Hesiod with the
614		hes_getmailhost() routine.  This is included with the MIT
615		Hesiod distribution, but not with the DEC Hesiod distribution.
616XDEBUG		Do additional internal checking.  These don't cost too
617		much; you might as well leave this on.
618TCPWRAPPERS	Turns on support for the TCP wrappers library (-lwrap).
619		See below for further information.
620SECUREWARE	Enable calls to the SecureWare luid enabling/changing routines.
621		SecureWare is a C2 security package added to several UNIX's
622		(notably ConvexOS) to get a C2 Secure system.  This
623		option causes mail delivery to be done with the luid of the
624		recipient.
625SHARE_V1	Support for the fair share scheduler, version 1.  Setting to
626		1 causes final delivery to be done using the recipients
627		resource limitations.  So far as I know, this is only
628		supported on ConvexOS.
629SASL		Enables SMTP AUTH (RFC 2554).  This requires the Cyrus SASL
630		library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/).  Please
631		install at least version 1.5.13.  See below for further
632		information: SASL COMPILATION AND CONFIGURATION.  If your
633		SASL library is older than 1.5.10, you have to set this
634		to its version number using a simple conversion:  a.b.c
635		-> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
636		Note: Using an older version than 1.5.5 of Cyrus SASL is
637		not supported.  Starting with version 1.5.10, setting SASL=1
638		is sufficient.  Any value other than 1 (or 0) will be
639		compared with the actual version found and if there is a
640		mismatch, compilation will fail.
641EGD		Define this if your system has EGD installed, see
642		http://egd.sourceforge.net/ .  It should be used to
643		seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
644STARTTLS	Enables SMTP STARTTLS (RFC 2487).  This requires OpenSSL
645		(http://www.OpenSSL.org/); use OpenSSL 0.9.8zc or later.
646		See STARTTLS COMPILATION AND CONFIGURATION for further
647		information.
648TLS_EC		Enable use of elliptic curve cryptography in STARTTLS.
649		If set to 2 sendmail uses SSL_CTX_set_ecdh_auto(),
650		if set to 1 it selects the NID_X9_62_prime256v1 curve
651		(created via EC_KEY_new_by_curve_name()) and uses
652		SSL_CTX_set_tmp_ecdh().
653		Support offered by different TLS libraries varies
654		greatly: some old versions do not support elliptic curve
655		cryptography at all, some new versions have it enabled
656		by default (i.e., no need to set TLS_EC at all), while
657		others may require one of the above settings.
658TLS_NO_RSA	Turn off support for RSA algorithms in STARTTLS.
659MILTER		Turn on support for external filters using the Milter API;
660		this option is set by default, to turn it off use
661			APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER=0')
662		in devtools/Site/site.config.m4 (see devtools/README).
663		See libmilter/README for more information about milter.
664REQUIRES_DIR_FSYNC	Turn on support for file systems that require to
665		call fsync() for a directory if the meta-data in it has
666		been changed.  This should be turned on at least for older
667		versions of ReiserFS; it is enabled by default for Linux.
668		According to some information this flag is not needed
669		anymore for kernel 2.4.16 and newer.  We would appreciate
670		feedback about the semantics of the various file systems
671		available for Linux.
672		An alternative to this compile time flag is to mount the
673		queue directory without the -async option, or using
674		chattr +S on Linux.
675DBMMODE		The default file permissions to use when creating new
676		database files for maps and aliases.  Defaults to 0640.
677IPV6_FULL	Use uncompressed IPv6 addresses (set by default).  This
678		permits a zero subnet to have a more specific match,
679		such as different map entries for IPv6:0:0 vs IPv6:0.
680
681Generic notice: If you enable a compile time option that needs
682libraries or include files that don't come with sendmail or are
683installed in a location that your C compiler doesn't use by default
684you should set confINCDIRS and confLIBDIRS as explained in the
685first section:  BUILDING SENDMAIL.
686
687
688+---------------------+
689| DNS/RESOLVER ISSUES |
690+---------------------+
691
692Many systems have old versions of the resolver library.  At a minimum,
693you should be running BIND 4.8.3; older versions may compile, but they
694have known bugs that should give you pause.
695
696Common problems in old versions include "undefined" errors for
697dn_skipname.
698
699Some people have had a problem with BIND 4.9; it uses some routines
700that it expects to be externally defined such as strerror().  It may
701help to link with "-l44bsd" to solve this problem.  This has apparently
702been fixed in later versions of BIND, starting around 4.9.3.  In other
703words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or
704later versions, you do not.
705
706!PLEASE! be sure to link with the same version of the resolver as
707the header files you used -- some people have used the 4.9 headers
708and linked with BIND 4.8 or vice versa, and it doesn't work.
709Unfortunately, it doesn't fail in an obvious way -- things just
710subtly don't work.
711
712WILDCARD MX RECORDS ARE A BAD IDEA!  The only situation in which they
713work reliably is if you have two versions of DNS, one in the real world
714which has a wildcard pointing to your firewall, and a completely
715different version of the database internally that does not include
716wildcard MX records that match your domain.  ANYTHING ELSE WILL GIVE
717YOU HEADACHES!
718
719When attempting to canonify a hostname, some broken name servers will
720return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.  If you
721want to excuse this behavior, include WorkAroundBrokenAAAA in
722ResolverOptions.  However, instead, we recommend catching the problem and
723reporting it to the name server administrator so we can rid the world of
724broken name servers.
725
726
727+----------------------------------------+
728| STARTTLS COMPILATION AND CONFIGURATION |
729+----------------------------------------+
730
731Please read the documentation accompanying the OpenSSL library.  You
732have to compile and install the OpenSSL libraries before you can compile
733sendmail.  See devtools/README how to set the correct compile time
734parameters; you should at least set the following variables:
735
736APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
737APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
738
739If you have installed the OpenSSL libraries and include files in
740a location that your C compiler doesn't use by default you should
741set confINCDIRS and confLIBDIRS as explained in the first section:
742BUILDING SENDMAIL.
743
744Configuration information can be found in doc/op/op.me (required
745certificates) and cf/README (how to tell sendmail about certificates).
746
747To perform an initial test, connect to your sendmail daemon
748(telnet localhost 25) and issue a EHLO localhost and see whether
749250-STARTTLS
750is in the response.  If it isn't, run the daemon with
751-O LogLevel=14
752and try again.  Then take a look at the logfile and see whether
753there are any problems listed about permissions (unsafe files)
754or the validity of X.509 certificates.
755
756From: Garrett Wollman <wollman@lcs.mit.edu>
757
758    If your certificate authority is hierarchical, and you only include
759    the top-level CA certificate in the CACertFile file, some mail clients
760    may be unable to infer the proper certificate chain when selecting a
761    client certificate.  Including the bottom-level CA certificate(s) in
762    the CACertFile file will allow these clients to work properly.  This
763    is not necessary if you are not using client certificates for
764    authentication, or if all your clients are running Sendmail or other
765    programs using the OpenSSL library (which get it right automatically).
766    In addition, some mail clients are totally incapable of using
767    certificate authentication -- even some of those which already support
768    SSL/TLS for confidentiality.
769
770Further information can be found via:
771http://www.sendmail.org/tips/
772
773
774+------------------------------------+
775| SASL COMPILATION AND CONFIGURATION |
776+------------------------------------+
777
778Please read the documentation accompanying the Cyrus SASL library
779(INSTALL and README).  If you use Berkeley DB for Cyrus SASL then
780you must compile sendmail with the same version of Berkeley DB.
781See devtools/README for how to set the correct compile time parameters;
782you should at least set the following variables:
783
784APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL')
785APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
786
787If you have installed the Cyrus SASL library and include files in
788a location that your C compiler doesn't use by default you should
789set confINCDIRS and confLIBDIRS as explained in the first section:
790BUILDING SENDMAIL.
791
792You have to select and install authentication mechanisms and tell
793sendmail where to find the sasl library and the include files (see
794devtools/README for the parameters to set).  Set up the required
795users and passwords as explained in the SASL documentation.  See
796also cf/README for authentication related options (especially
797DefaultAuthInfo if you want authentication between MTAs).
798
799To perform an initial test, connect to your sendmail daemon
800(telnet localhost 25) and issue a EHLO localhost and see whether
801250-AUTH ....
802is in the response.  If it isn't, run the daemon with
803-O LogLevel=14
804and try again.  Then take a look at the logfile and see whether
805there are any security related problems listed (unsafe files).
806
807Further information can be found via:
808http://www.sendmail.org/tips/
809
810
811+-------------------------------------+
812| OPERATING SYSTEM AND COMPILE QUIRKS |
813+-------------------------------------+
814
815GCC problems
816	When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
817		too (see include/sm/cdefs.h for more info).
818
819	*****************************************************************
820	**  IMPORTANT:  DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE    **
821	**  RUNNING GCC 2.4.x or 2.5.x.  THERE IS A BUG IN THE GCC     **
822	**  OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. **
823	*****************************************************************
824
825	Jim Wilson of Cygnus believes he has found the problem -- it will
826	probably be fixed in GCC 2.5.6 -- but until this is verified, be
827	very suspicious of gcc -O.  This problem is reported to have been
828	fixed in gcc 2.6.
829
830	A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with
831	optimization on a Sparc.  If you are using gcc 2.5.5, youi should
832	upgrade to the latest version of gcc.
833
834	Apparently GCC 2.7.0 on the Pentium processor has optimization
835	problems.  I recommend against using -O on that architecture.  This
836	has been seen on FreeBSD 2.0.5 RELEASE.
837
838	Solaris 2.X users should use version 2.7.2.3 over 2.7.2.
839
840	We have been told there are problems with gcc 2.8.0.  If you are
841	using this version, you should upgrade to 2.8.1 or later.
842
843Berkeley DB
844	Berkeley DB 4.1.x with x <= 24 does not work with sendmail.
845	You need at least 4.1.25.
846
847GDBM	GDBM does not work with sendmail because the additional
848	security checks and file locking cause problems.  Unfortunately,
849	gdbm does not provide a compile flag in its version of ndbm.h so
850	the code can adapt.  Until the GDBM authors can fix these problems,
851	GDBM will not be supported.  Please use Berkeley DB instead.
852
853Configuration file location
854	Up to 8.6, sendmail tried to find the sendmail.cf file in the same
855	place as the vendors had put it, even when this was obviously
856	stupid.  As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
857	Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
858	You can get sendmail to use the stupid vendor .cf location by
859	adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
860	support programs and scripts that need to find sendmail.cf.  You
861	are STRONGLY urged to use symbolic links if you want to use the
862	vendor location rather than changing the location in the sendmail
863	binary.
864
865	NETINFO systems use NETINFO to determine the location of
866	sendmail.cf.  The full path to sendmail.cf is stored as the value of
867	the "sendmail.cf" property in the "/locations/sendmail"
868	subdirectory of NETINFO.  Set the value of this property to
869	"/etc/mail/sendmail.cf" (without the quotes) to use this new
870	default location for Sendmail 8.10.0 and higher.
871
872ControlSocket permissions
873	Paraphrased from BIND 8.2.1's README:
874
875	Solaris and other pre-4.4BSD kernels do not respect ownership or
876	protections on UNIX-domain sockets.  The short term fix for this is to
877	override the default path and put such control sockets into root-
878	owned directories which do not permit non-root to r/w/x through them.
879	The long term fix is for all kernels to upgrade to 4.4BSD semantics.
880
881HP MPE/iX
882	The MPE-specific code within sendmail emulates a set-user-id root
883	environment for the sendmail binary.  But there is no root uid 0 on
884	MPE, nor is there any support for set-user-id programs.  Even when
885	sendmail thinks it is running as uid 0, it will still have the file
886	access rights of the underlying non-zero uid, but because sendmail is
887	an MPE priv-mode program it will still be able to call setuid() to
888	successfully switch to a new uid.
889
890	MPE setgid() semantics don't quite work the way sendmail expects, so
891	special emulation is done here also.
892
893	This uid/gid emulation is enabled via the setuid/setgid file mode bits
894	which are not currently used by MPE.  Code in libsm/mpeix.c examines
895	these bits and enables emulation if they have been set, i.e.,
896	chmod u+s,g+s /SENDMAIL/CURRENT/SENDMAIL.
897
898SunOS 4.x (Solaris 1.x)
899	You may have to use -lresolv on SunOS.  However, beware that
900	this links in a new version of gethostbyname that does not
901	understand NIS, so you must have all of your hosts in DNS.
902
903	Some people have reported problems with the SunOS version of
904	-lresolv and/or in.named, and suggest that you get a newer
905	version.  The symptoms are delays when you connect to the
906	SMTP server on a SunOS machine or having your domain added to
907	addresses inappropriately.  There is a version of BIND
908	version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9.
909
910	There is substantial disagreement about whether you can make
911	this work with resolv+, which allows you to specify a search-path
912	of services.  Some people report that it works fine, others
913	claim it doesn't work at all (including causing sendmail to
914	drop core when it tries to do multiple resolv+ lookups for a
915	single job).  I haven't tried resolv+, as we use DNS exclusively.
916
917	Should you want to try resolv+, it is on ftp.uu.net in
918	/networking/ip/dns.
919
920	Apparently getservbyname() can fail under moderate to high
921	load under some circumstances.  This will exhibit itself as
922	the message ``554 makeconnection: service "smtp" unknown''.
923	The problem has been traced to one or more blank lines in
924	/etc/services on the NIS server machine.  Delete these
925	and it should work.  This info is thanks to Brian Bartholomew
926	<bb@math.ufl.edu> of I-Kinetics, Inc.
927
928	NOTE: The SunOS 4.X linker uses library paths specified during
929	compilation using -L for run-time shared library searches.
930	Therefore, it is vital that relative and unsafe directory paths not
931	be used when compiling sendmail.
932
933SunOS 4.0.2 (Sun 386i)
934	Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
935	From: teus@oce.nl
936
937	Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the
938	following changes:
939	* Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
940	  available as "uname" command.
941	* Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
942	  devtools/OS/SunOS.4.0, which is selected via the "uname" command.
943	I recommend to make available the db-library on the system first
944	(and change the Makefile to use this library).
945	Note that the sendmail.cf and aliases files are found in /etc.
946
947SunOS 4.1.3, 4.1.3_U1
948	Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1.  According
949	to Sun bug number 1077939:
950
951	If an application does a getsockopt() on a SOCK_STREAM (TCP) socket
952	after the other side of the connection has sent a TCP RESET for
953	the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or
954	ip_ctloutput() routine.
955
956	For 4.1.3, this is fixed in patch 100584-08, available on the
957	Sunsolve 2.7.1 or later CDs.  For 4.1.3_U1, this was fixed in patch
958	101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later
959	obsoleted by patch 102010-05.
960
961	Sun patch 100584-08 is not currently publicly available on their
962	ftp site but a user has reported it can be found at other sites
963	using a web search engine.
964
965Solaris 2.x (SunOS 5.x)
966	To compile for Solaris, the Makefile built by Build must
967	include a SOLARIS definition which reflects the Solaris version
968	(i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1).
969	If you are using gcc, make sure -I/usr/include is not used (or
970	it might complain about TopFrame).  If you are using Sun's cc,
971	make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
972	(or it might complain about tm_zone).
973
974	The Solaris 2.x (x <= 3) "syslog" function is apparently limited
975	to something about 90 characters because of a kernel limitation.
976	If you have source code, you can probably up this number.  You
977	can get patches that fix this problem:  the patch ids are:
978
979		Solaris 2.1	100834
980		Solaris 2.2	100999
981		Solaris 2.3	101318
982
983	Be sure you have the appropriate patch installed or you won't
984	see system logging.
985
986Solaris 2.4 (SunOS 5.4)
987	If you include /usr/lib at the end of your LD_LIBRARY_PATH you run
988	the risk of getting the wrong libraries under some circumstances.
989	This is because of a new feature in Solaris 2.4, described by
990	Rod.Evans@Eng.Sun.COM:
991
992	>> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the
993	>> runtime linker if the application was setxid (secure), thus your
994	>> applications search path would be:
995	>>
996	>>	/usr/local/lib	LD_LIBRARY_PATH component - IGNORED
997	>>	/usr/lib	LD_LIBRARY_PATH component - IGNORED
998	>>	/usr/local/lib	RPATH - honored
999	>>	/usr/lib	RPATH - honored
1000	>>
1001	>> the effect is that path 3 would be the first used, and this would
1002	>> satisfy your resolv.so lookup.
1003	>>
1004	>> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible.
1005	>> People who developed setxid applications wanted to be able to alter
1006	>> the library search path to some degree to allow for their own
1007	>> testing and debugging mechanisms.  It was decided that the only
1008	>> secure way to do this was to allow a `trusted' path to be used in
1009	>> LD_LIBRARY_PATH.  The only trusted directory we presently define
1010	>> is /usr/lib.  Thus a set-user-ID root developer could play with some
1011	>> alternative shared object implementations and place them in
1012	>> /usr/lib (being root we assume they'ed have access to write in this
1013	>> directory).  This change was made as part of 1155380 - after a
1014	>> *huge* amount of discussion regarding the security aspect of things.
1015	>>
1016	>> So, in SunOS 5.4 your applications search path would be:
1017	>>
1018	>>	/usr/local/lib	from LD_LIBRARY_PATH - IGNORED (untrustworthy)
1019	>>	/usr/lib	from LD_LIBRARY_PATH - honored (trustworthy)
1020	>>	/usr/local/lib	from RPATH - honored
1021	>>	/usr/lib	from RPATH - honored
1022	>>
1023	>> here, path 2 would be the first used.
1024
1025Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
1026	Apparently Solaris 2.5.1 patch 103663-01 installs a new
1027	/usr/include/resolv.h file that defines the __P macro without
1028	checking to see if it is already defined.  This new resolv.h is also
1029	included in the Solaris 2.6 distribution.  This causes compile
1030	warnings such as:
1031
1032	   In file included from daemon.c:51:
1033	   /usr/include/resolv.h:208: warning: `__P' redefined
1034	   cdefs.h:58: warning: this is the location of the previous definition
1035
1036	These warnings can be safely ignored or you can create a resolv.h
1037	file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads:
1038
1039	   #undef __P
1040	   #include "/usr/include/resolv.h"
1041
1042	This problem was fixed in Solaris 7 (Sun bug ID 4081053).
1043
1044Solaris 7 (SunOS 5.7)
1045	Solaris 7 includes LDAP libraries but the implementation was
1046	lacking a few things.  The following settings can be placed in
1047	devtools/Site/site.SunOS.5.7.m4 if you plan on using those
1048	libraries.
1049
1050	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1051	APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
1052	APPENDDEF(`confLIBS', `-lldap')
1053
1054	Also, Sun's patch 107555 is needed to prevent a crash in the call
1055	to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
1056	LDAP support is compiled in sendmail.
1057
1058Solaris 8 and later (SunOS 5.8 and later)
1059	Solaris 8 and later can optionally install LDAP support.  If you
1060	have installed the Entire Distribution meta-cluster, you can use
1061	the following in devtools/Site/site.SunOS.5.8.m4 (or other
1062	appropriately versioned file) to enable LDAP:
1063
1064	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1065	APPENDDEF(`confLIBS', `-lldap')
1066
1067Solaris 9 and later (SunOS 5.9 and later)
1068	Solaris 9 and later have a revised LDAP library, libldap.so.5,
1069	which is derived from a Netscape implementation, thus requiring
1070	that SM_CONF_LDAP_MEMFREE be defined in conjunction with LDAPMAP:
1071
1072	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1073	APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE')
1074	APPENDDEF(`confLIBS', `-lldap')
1075
1076Solaris
1077	If you are using dns for hostname resolution on Solaris, make sure
1078	that the 'dns' entry is last on the hosts line in
1079	'/etc/nsswitch.conf'.  For example, use:
1080
1081		hosts:	nisplus files dns
1082
1083	Do not use:
1084
1085		hosts:  nisplus dns [NOTFOUND=return] files
1086
1087	Note that 'nisplus' above is an illustration.  The same comment
1088	applies no matter what naming services you are using.  If you have
1089	anything other than dns last, even after "[NOTFOUND=return]",
1090	sendmail may not be able to determine whether an error was
1091	temporary or permanent.  The error returned by the solaris
1092	gethostbyname() is the error for the last lookup used, and other
1093	naming services do not have the same concept of temporary failure.
1094
1095Ultrix
1096	By default, the IDENT protocol is turned off on Ultrix.  If you
1097	are running Ultrix 4.4 or later, or if you have included patch
1098	CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
1099	IDENT on in the configuration file by setting the "ident" timeout.
1100
1101	The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
1102	included in libc.a.  Unfortunately, the __RES symbol hasn't changed
1103	and therefore, sendmail can no longer automatically detect the
1104	newer version.  If you get a compiler error:
1105
1106	/lib/libc.a(gethostent.o): local_hostname_length: multiply defined
1107
1108	Then rebuild with this in devtools/Site/site.ULTRIX.m4:
1109
1110	APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
1111
1112Digital UNIX (formerly DEC OSF/1)
1113	If you are compiling on OSF/1 (DEC Alpha), you must use
1114	-L/usr/shlib (otherwise it core dumps on startup).  You may also
1115	need -mld to get the nlist() function, although some versions
1116	apparently don't need this.
1117
1118	Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
1119	it, just create the link to the sendmail binary.
1120
1121	On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work
1122	properly due to a bug in the getpw* routines.  If you want to use
1123	this, use -DDEC_OSF_BROKEN_GETPWENT=1.  The problem is fixed in 3.2C.
1124
1125	Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will
1126	only preserve the envelope sender in the "From " header if
1127	DefaultUserID is set to daemon.  Setting this to mailnull will
1128	cause all mail to have the header "From mailnull ...".  To use
1129	a different DefaultUserID, you will need to use a different mail
1130	delivery agent (such as mail.local found in the sendmail
1131	distribution).
1132
1133	On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the
1134	operating system and already has the ndbm.o module removed.  However,
1135	Digital has modified the original Berkeley DB db.h include file.
1136	This results in the following warning while compiling map.c and udb.c:
1137
1138	cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro
1139	 "__signed" conflicts with a current definition because the replacement
1140	 lists differ.  The redefinition is now in effect.
1141	#define __signed        signed
1142	------------------------^
1143
1144	This warning can be ignored.
1145
1146	Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/.
1147	If you have installed a new version of BIND in /usr/include
1148	and /usr/lib, you will experience difficulties as Digital ships
1149	libresolv.a in /usr/ccs/lib/ as well.  Be sure to replace both
1150	copies of libresolv.a.
1151
1152IRIX
1153	The header files on SGI IRIX are completely prototyped, and as
1154	a result you can sometimes get some warning messages during
1155	compilation.  These can be ignored.  There are two errors in
1156	deliver only if you are using gcc, both of the form ``warning:
1157	passing arg N of `execve' from incompatible pointer type''.
1158	Also, if you compile with -DNIS, you will get a complaint
1159	about a declaration of struct dom_binding in a prototype
1160	when compiling map.c; this is not important because the
1161	function being prototyped is not used in that file.
1162
1163	In order to compile sendmail you will have had to install
1164	the developers' option in order to get the necessary include
1165	files.
1166
1167	If you compile with -lmalloc (the fast memory allocator), you may
1168	get warning messages such as the following:
1169
1170	   ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so
1171		preempts that definition in /usr/lib32/mips3/libc.so.
1172	   ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so
1173		preempts that definition in /usr/lib32/mips3/libc.so.
1174	   ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so
1175		preempts that definition in /usr/lib32/mips3/libc.so.
1176	   ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so
1177		preempts that definition in /usr/lib32/mips3/libc.so.
1178	   ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so
1179		preempts that definition in /usr/lib32/mips3/libc.so.
1180
1181	These are unavoidable and innocuous -- just ignore them.
1182
1183	According to Dave Sill <de5@ornl.gov>, there is a version of the
1184	Berkeley DB library patched to run on Irix 6.2 available from
1185	http://reality.sgi.com/ariel/freeware/#db .
1186
1187IRIX 6.x
1188	If you are using XFS filesystem, avoid using the -32 ABI switch to
1189	the cc compiler if possible.
1190
1191	Broken inet_aton and inet_ntoa on IRIX using gcc: There's
1192	a problem with gcc on IRIX, i.e., gcc can't pass structs
1193	less than 16 bits long unless they are 8 bits; IRIX 6.2 has
1194	some other sized structs.  See
1195	http://www.bitmechanic.com/mail-archives/mysql/current/0418.html
1196	This problem seems to be fixed by gcc v2.95.2, gcc v2.8.1
1197	is reported as broken.  Check your gcc version for this bug
1198	before installing sendmail.
1199
1200IRIX 6.4
1201	The IRIX 6.5.4 version of /bin/m4 does not work properly with
1202	sendmail.  Either install fw_m4.sw.m4 off the Freeware_May99 CD and
1203	use /usr/freeware/bin/m4 or install and use GNU m4.
1204
1205NeXT or NEXTSTEP
1206	NEXTSTEP 3.3 and earlier ship with the old DBM library.  Also,
1207	Berkeley DB does not currently run on NEXTSTEP.
1208
1209	If you are compiling on NEXTSTEP, you will have to create an
1210	empty file "unistd.h" and create a file "dirent.h" containing:
1211
1212		#include <sys/dir.h>
1213		#define dirent	direct
1214
1215	(devtools/OS/NeXT should try to do both of these for you.)
1216
1217	Apparently, there is a bug in getservbyname on Nextstep 3.0
1218	that causes it to fail under some circumstances with the
1219	message "SYSERR: service "smtp" unknown" logged.  You should
1220	be able to work around this by including the line:
1221
1222		OOPort=25
1223
1224	in your .cf file.
1225
1226BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
1227	The "m4" from BSDI won't handle the config files properly.
1228	I haven't had a chance to test this myself.
1229
1230	The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config
1231	files properly.  One must use either GNU m4 1.1 or the PD-M4
1232	recently posted in comp.os.386bsd.bugs (and maybe others).
1233	NetBSD-current includes the PD-M4 (as stated in the NetBSD file
1234	CHANGES).
1235
1236	FreeBSD 1.0 RELEASE has uname(2) now.  Use -DUSEUNAME in order to
1237	use it (look into devtools/OS/FreeBSD).  NetBSD-current may have
1238	it too but it has not been verified.
1239
1240	The latest version of Berkeley DB uses a different naming
1241	scheme than the version that is supplied with your release.  This
1242	means you will be able to use the current version of Berkeley DB
1243	with sendmail as long you use the new db.h when compiling
1244	sendmail and link it against the new libdb.a or libdb.so.  You
1245	should probably keep the original db.h in /usr/include and the
1246	new db.h in /usr/local/include.
1247
12484.3BSD
1249	If you are running a "virgin" version of 4.3BSD, you'll have
1250	a very old resolver and be missing some header files.  The
1251	header files are simple -- create empty versions and everything
1252	will work fine.  For the resolver you should really port a new
1253	version (4.8.3 or later) of the resolver; 4.9 is available on
1254	gatekeeper.DEC.COM in pub/BSD/bind/4.9.  If you are really
1255	determined to continue to use your old, buggy version (or as
1256	a shortcut to get sendmail working -- I'm sure you have the
1257	best intentions to port a modern version of BIND), you can
1258	copy ../contrib/oldbind.compat.c into sendmail and add the
1259	following to devtools/Site/site.config.m4:
1260
1261	APPENDDEF(`confOBJADD', `oldbind.compat.o')
1262
1263OpenBSD (up to 2.9 Release), NetBSD, FreeBSD (up to 4.3-RELEASE)
1264	m4 from *BSD won't handle libsm/Makefile.m4 properly, since the
1265	maximum length for strings is too short.  You need to use GNU m4
1266	or patch m4, see for example:
1267  http://FreeBSD.org/cgi/cvsweb.cgi/src/usr.bin/m4/eval.c.diff?r1=1.11&r2=1.12
1268
1269A/UX
1270	Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT)
1271	From: "Eric C. Hagberg" <hagberg@med.cornell.edu>
1272	Subject: Fix for A/UX ndbm
1273
1274	I guess this isn't really a sendmail bug, however, it is something
1275	that A/UX users should be aware of when compiling sendmail 8.6.
1276
1277	Apparently, the calls that sendmail is using to the ndbm routines
1278	in A/UX 3.0.x contain calls to "broken" routines, in that the
1279	aliases database will break when it gets "just a little big"
1280	(sorry I don't have exact numbers here, but it broke somewhere
1281	around 20-25 aliases for me.), making all aliases non-functional
1282	after exceeding this point.
1283
1284	What I did was to get the gnu-dbm-1.6 package, compile it, and
1285	then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
1286	ndbm.h header file that comes with the gnu-package.  This makes
1287	things behave properly.
1288	  [NOTE: see comment above about GDBM]
1289
1290	I suppose porting the New Berkeley DB package is another route,
1291	however, I made a quick attempt at it, and found it difficult
1292	(not easy at least); the gnu-dbm package "configured" and
1293	compiled easily.
1294
1295	  [NOTE: Berkeley DB version 2.X runs on A/UX and can be used for
1296	  database maps.]
1297
1298SCO Unix
1299	From: Thomas Essebier <tom@stallion.oz.au>
1300	Organisation:  Stallion Technologies Pty Ltd.
1301
1302	It will probably help those who are trying to configure sendmail 8.6.9
1303	to know that if they are on SCO, they had better set
1304		OI-dnsrch
1305	or they will core dump as soon as they try to use the resolver.
1306	i.e., although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3,
1307	it does not inititialise it, nor does it understand 'search' in
1308	/etc/named.boot.
1309		- sigh -
1310
1311	According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
1312	We recommend installing GNU m4 before attempting to build sendmail.
1313
1314	On some versions a bogus error value is listed if connections
1315	time out (large negative number).  To avoid this explicitly set
1316	Timeout.connect to a reasonable value (several minutes).
1317
1318DG/UX
1319	Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run
1320	V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage.
1321	Originally, the DG /bin/mail program wasn't compatible with
1322	the V8 sendmail, since the DG /bin/mail requires the environment
1323	variable "_FORCE_MAIL_LOCAL_=yes" be set.  Version 8.7 now includes
1324	this in the environment before invoking the local mailer.  Some
1325	have used procmail to avoid this problem in the past.  It works
1326	but some have experienced file locking problems with their DG/UX
1327	ports of procmail.
1328
1329Apollo DomainOS
1330	If you are compiling on Apollo, you will have to create an empty
1331	file "unistd.h" (for DomainOS 10.3 and earlier) and create a file
1332	"dirent.h" containing:
1333
1334		#include <sys/dir.h>
1335		#define dirent	direct
1336
1337	(devtools/OS/DomainOS will attempt to do both of these for you.)
1338
1339HP-UX 8.00
1340	Date: Mon, 24 Jan 1994 13:25:45 +0200
1341	From: Kimmo Suominen <Kimmo.Suominen@lut.fi>
1342	Subject: 8.6.5 w/ HP-UX 8.00 on s300
1343
1344	Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (i.e.,
1345	a series 300 machine) running HP-UX 8.00.
1346
1347	I was getting segmentation fault when delivering to a local user.
1348	With debugging I saw it was faulting when doing _free@libc... *sigh*
1349	It seems the new implementation of malloc on s300 is buggy as of 8.0,
1350	so I tried out the one in -lmalloc (malloc(3X)).  With that it seems
1351	to work just dandy.
1352
1353	When linking, you will get the following error:
1354
1355	ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a
1356
1357	but you can just ignore it.  You might want to add this info to the
1358	README file for the future...
1359
1360Linux
1361	Something broke between versions 0.99.13 and 0.99.14 of Linux: the
1362	flock() system call gives errors.  If you are running .14, you must
1363	not use flock.  You can do this with -DHASFLOCK=0.  We have also
1364	been getting complaints since version 2.4.X was released.
1365	sendmail 8.13 has changed the default locking method to fcntl()
1366	for Linux kernel version 2.4 and later.  Be sure to update other
1367	sendmail related programs to match locking techniques (some
1368	examples, besides makemap and mail.local, include procmail, mailx,
1369	mutt, elm, etc).
1370
1371	Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the
1372	initialization of the _res structure changed.  If /etc/hosts.conf
1373	was configured as "hosts, bind" the resolver code could return
1374	"Name server failure" errors.  This is supposedly fixed in
1375	later versions of libc (>= 4.6.29?), and later versions of
1376	sendmail (> 8.6.10) try to work around the problem.
1377
1378	Some older versions (< 4.6.20?) of the libc/include files conflict
1379	with sendmail's version of cdefs.h.  Deleting sendmail's version
1380	on those systems should be non-harmful, and new versions don't care.
1381
1382	NOTE ON LINUX & BIND:  By default, the Makefile generated for Linux
1383	includes header files in /usr/local/include and libraries in
1384	/usr/local/lib.  If you've installed BIND on your system, the header
1385	files typically end up in the search path and you need to add
1386	"-lresolv" to the LIBS line in your Makefile.  Really old versions
1387	may need to include "-l44bsd" as well (particularly if the link phase
1388	complains about missing strcasecmp, strncasecmp or strpbrk).
1389	Complaints about an undefined reference to `__dn_skipname' in
1390	domain.o are a sure sign that you need to add -lresolv to LIBS.
1391	Newer versions of Linux are basically threaded BIND, so you may or
1392	may not see complaints if you accidentally mix BIND
1393	headers/libraries with virginal libc.  If you have BIND headers in
1394	/usr/local/include (resolv.h, etc) you *should* be adding -lresolv
1395	to LIBS.  Data structures may change and you'd be asking for a
1396	core dump.
1397
1398	A number of problems have been reported regarding the Linux 2.2.0
1399	kernel.  So far, these problems have been tracked down to syslog()
1400	and DNS resolution.  We believe the problem is with the poll()
1401	implementation in the Linux 2.2.0 kernel and poll()-aware versions
1402	of glib (at least up to 2.0.111).
1403
1404glibc
1405	glibc 2.2.1 (and possibly other versions) changed the value of
1406	__RES in resolv.h but failed to actually provide the IPv6 API
1407	changes that the change implied.  Therefore, compiling with
1408	-DNETINET6 fails.
1409
1410	Workarounds:
1411	1) Compile without -DNETINET6
1412	2) Build against a real BIND 8.2.2 include/lib tree
1413	3) Wait for glibc to fix it
1414
1415AIX 4.X
1416	The AIX 4.X linker uses library paths specified during compilation
1417	using -L for run-time shared library searches.  Therefore, it is
1418	vital that relative and unsafe directory paths not be using when
1419	compiling sendmail.  Because of this danger, by default, compiles
1420	on AIX use the -blibpath option to limit shared libraries to
1421	/usr/lib and /lib.  If you need to allow more directories, such as
1422	/usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
1423	site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
1424	appropriately.  For example:
1425
1426	define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
1427
1428	Be sure to only add (safe) system directories.
1429
1430	The AIX version of GNU ld also exhibits this problem.  If you are
1431	using that version, instead of -blibpath, use its -rpath option.
1432	For example:
1433
1434	gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
1435
1436AIX 4.X	If the test program t-event (and most others) in libsm fails,
1437	check your compiler settings.  It seems that the flags -qnoro or
1438	-qnoroconst on some AIX versions trigger a compiler bug.  Check
1439	your compiler settings or use cc instead of xlc.
1440
1441AIX 4.0-4.2, maybe some AIX 4.3 versions
1442	The AIX m4 implements a different mechanism for ifdef which is
1443	inconsistent with other versions of m4.  Therefore, it will not
1444	work properly with the sendmail Build architecture or m4
1445	configuration method.  To work around this problem, please use
1446	GNU m4 from ftp://ftp.gnu.org/pub/gnu/.
1447	The problem seems to be solved in AIX 4.3.3 at least.
1448
1449AIX 4.3.3
1450	From: Valdis.Kletnieks@vt.edu
1451	Date: Sun, 02 Jul 2000 03:58:02 -0400
1452
1453	Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
1454	BIND 8.2.2 security holes, you can no longer build with  -DNETINET6
1455	because they changed the value of __RES in resolv.h but failed to
1456	actually provide the API changes that the change implied.
1457
1458	Workarounds:
1459	1) Compile without -DNETINET6
1460	2) Build against a real BIND 8.2.2 include/lib tree
1461	3) Wait for IBM to fix it
1462
1463AIX 3.x
1464	This version of sendmail does not support MB, MG, and MR resource
1465	records, which are supported by AIX sendmail.
1466
1467	Several people have reported that the IBM-supplied named returns
1468	fairly random results -- the named should be replaced.  It is not
1469	necessary to replace the resolver, which will simplify installation.
1470	A new BIND resolver can be found at http://www.isc.org/isc/.
1471
1472AIX 3.1.x
1473	The supplied load average code only works correctly for AIX 3.2.x.
1474	For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor''
1475	package by Jussi Maki <jmaki@hut.fi> from ftp.funet.fi in the
1476	directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd
1477	daemon, and the getloadavg subroutine supplied with that package.
1478	If you don't care about load average throttling, just turn off
1479	load average checking using -DLA_TYPE=LA_ZERO.
1480
1481RISC/os
1482	RISC/os from MIPS is a merged AT&T/Berkeley system.  When you
1483	compile on that platform you will get duplicate definitions
1484	on many files.  You can ignore these.
1485
1486System V Release 4 Based Systems
1487	There is a single devtools OS that is intended for all SVR4-based
1488	systems (built from devtools/OS/SVR4).  It defines __svr4__,
1489	which is predefined by some compilers.  If your compiler already
1490	defines this compile variable, you can delete the definition from
1491	the generated Makefile or create a devtools/Site/site.config.m4
1492	file.
1493
1494	It's been tested on Dell Issue 2.2.
1495
1496DELL SVR4
1497	Date:      Mon, 06 Dec 1993 10:42:29 EST
1498	From: "Kimmo Suominen" <kim@grendel.lut.fi>
1499	Message-ID: <2d0352f9.lento29@lento29.UUCP>
1500	To: eric@cs.berkeley.edu
1501	Cc: sendmail@cs.berkeley.edu
1502	Subject:   Notes for DELL SVR4
1503
1504	Eric,
1505
1506	Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4.  I ran
1507	across these things when helping out some people who contacted me by
1508	e-mail.
1509
1510	1) Use gcc 2.4.5 (or later?).  Dell distributes gcc 2.1 with their
1511	   Issue 2.2 Unix.  It is too old, and gives you problems with
1512	   clock.c, because sigset_t won't get defined in <sys/signal.h>.
1513	   This is due to a problematic protection rule in there, and is
1514	   fixed with gcc 2.4.5.
1515
1516	2) If you don't use the new Berkeley DB (-DNEWDB), then you need
1517	   to add "-lc -lucb" to the libraries to link with.  This is because
1518	   the -ldbm distributed by Dell needs the bcopy, bcmp and bzero
1519	   functions.  It is important that you specify both libraries in
1520	   the given order to be sure you only get the BSTRING functions
1521	   from the UCB library (and not the signal routines etc.).
1522
1523	3) Don't leave out "-lelf" even if compiling with "-lc -lucb".
1524	   The UCB library also has another copy of the nlist routines,
1525	   but we do want the ones from "-lelf".
1526
1527	If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they
1528	can use anonymous ftp to fetch them from lut.fi in the /kim directory.
1529	They are copies of what I use on grendel.lut.fi, and offering them
1530	does not imply that I would also support them.  I have sent the DB
1531	port for SVR4 back to Keith Bostic for inclusion in the official
1532	distribution, but I haven't heard anything from him as of today.
1533
1534	- gcc-2.4.5-svr4.tar.gz	(gcc 2.4.5 and the corresponding libg++)
1535	- db-1.72.tar.gz	(with source, objects and a installed copy)
1536
1537	Cheers
1538	+ Kim
1539	--
1540	 *  Kimmo.Suominen@lut.fi  *  SysVr4 enthusiast at GRENDEL.LUT.FI  *
1541	*    KIM@FINFILES.BITNET   *  Postmaster and Hostmaster at LUT.FI   *
1542	 *    + 358 200 865 718    *  Unix area moderator at NIC.FUNET.FI  *
1543
1544ConvexOS 10.1 and below
1545	In order to use the name server, you must create the file
1546	/etc/use_nameserver.  If this file does not exist, the call
1547	to res_init() will fail and you will have absolutely no
1548	access to DNS, including MX records.
1549
1550Amdahl UTS 2.1.5
1551	In order to get UTS to work, you will have to port BIND 4.9.
1552	The vendor's BIND is reported to be ``totally inadequate.''
1553	See sendmail/contrib/AmdahlUTS.patch for the patches necessary
1554	to get BIND 4.9 compiled for UTS.
1555
1556UnixWare
1557	According to Alexander Kolbasov <sasha@unitech.gamma.ru>,
1558	the m4 on UnixWare 2.0 (still in Beta) will core dump on the
1559	config files.  GNU m4 and the m4 from UnixWare 1.x both work.
1560
1561	According to Larry Rosenman <ler@lerami.lerctr.org>:
1562
1563		UnixWare 2.1.[23]'s m4 chokes (not obviously) when
1564		processing the 8.9.0 cf files.
1565
1566		I had a LOCAL_RULE_0 that wound up AFTER the
1567		SBasic_check_rcpt rules using the SCO supplied M4.
1568		GNU M4 works fine.
1569
1570UNICOS 8.0.3.4
1571	Some people have reported that the -O flag on UNICOS can cause
1572	problems.  You may want to turn this off if you have problems
1573	running sendmail.  Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>.
1574
1575Darwin/Mac OS X (10.X.X)
1576	The linker errors produced regarding getopt() and its associated
1577	variables can safely be ignored.
1578
1579	From Mike Zimmerman <zimmy@torrentnet.com>:
1580
1581	From scratch here is what Darwin users need to do to the standard
1582	10.0.0, 10.0.1 install to get sendmail working.
1583	From http://www.macosx.com/forums/showthread.php?s=6dac0e9e1f3fd118a4870a8a9b559491&threadid=2242:
1584	1. chmod g-w / /private /private/etc
1585	2. Properly set HOSTNAME in /etc/hostconfig to your FQDN:
1586	   HOSTNAME=-my.domain.com-
1587	3. Edit /etc/rc.boot:
1588	   hostname my.domain.com
1589	   domainname domain.com
1590	4. Edit /System/Library/StartupItems/Sendmail/Sendmail:
1591	   Remove the "&" after the sendmail command:
1592	   /usr/sbin/sendmail -bd -q1h
1593
1594	From Carsten Klapp <carsten.klapp@home.com>:
1595
1596	The easiest workaround is to remove the group-writable permission
1597	for the root directory and the symbolic /etc inherits this
1598	change. While this does fix sendmail, the unfortunate side-effect
1599	is the OS X admin will no longer be able to manipulate icons in the
1600	top level of the Startup disk unless logged into the GUI as the
1601	superuser.
1602
1603	In applying the alternate workaround, care must be taken while
1604	swapping the symlink /etc with the directory /private/etc. In all
1605	likelihood any admin who is concerned with this sendmail error has
1606	enough experience to not accidentally harm anything in the process.
1607
1608	a. Swap the /etc symlink with /private/etc (as superuser):
1609	   rm /etc
1610	   mv /private/etc /etc
1611	   ln -s /etc /private/etc
1612
1613	b. Set / to group unwritable (as superuser):
1614	   chmod g-w /
1615
1616Darwin/Mac OS X (10.1.5)
1617	Apple's upgrade to sendmail 8.12 is incorrectly configured.  You
1618	will need to manually fix it up by doing the following:
1619
1620	1. chown smmsp:smmsp /var/spool/clientmqueue
1621	2. chmod 2770 /var/spool/clientmqueue
1622	3. chgrp smmsp /usr/sbin/sendmail
1623	4. chmod g+s /usr/sbin/sendmail
1624
1625	From Daniel J. Luke <dluke@geeklair.net>:
1626
1627	It appears that setting the sendmail.cf property in
1628	/locations/sendmail in NetInfo on Mac OS X 10.1.5 with sendmail
1629	8.12.4 causes 'bad things' to happen.
1630
1631	Specifically sendmail instances that should be getting their config
1632	from /etc/mail/submit.cf don't (so mail/mutt/perl scripts which
1633	open pipes to sendmail stop working as sendmail tries to write to
1634	/var/spool/mqueue and cannot as sendmail is no longer suid root).
1635
1636	Removing the entry from NetInfo fixes this problem.
1637
1638GNU getopt
1639	I'm told that GNU getopt has a problem in that it gets confused
1640	by the double call.  Use the version in conf.c instead.
1641
1642BIND 4.9.2 and Ultrix
1643	If you are running on Ultrix, be sure you read conf/Info.Ultrix
1644	in the BIND distribution very carefully -- there is information
1645	in there that you need to know in order to avoid errors of the
1646	form:
1647
1648		/lib/libc.a(gethostent.o): sethostent: multiply defined
1649		/lib/libc.a(gethostent.o): endhostent: multiply defined
1650		/lib/libc.a(gethostent.o): gethostbyname: multiply defined
1651		/lib/libc.a(gethostent.o): gethostbyaddr: multiply defined
1652
1653	during the link stage.
1654
1655BIND 8.X
1656	BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
1657	DNS failures when trying to find the hostname associated with an IP
1658	address (gethostbyaddr()).  This can cause problems as
1659	$&{client_name} based lookups in class R ($=R) and the access
1660	database won't succeed.
1661
1662	This will be fixed in BIND 8.2.1.  For earlier versions, this can
1663	be fixed by making "dns" the last name service queried for host
1664	resolution in /etc/irs.conf:
1665
1666		hosts local continue
1667		hosts dns
1668
1669strtoul
1670	Some compilers (notably gcc) claim to be ANSI C but do not
1671	include the ANSI-required routine "strtoul".  If your compiler
1672	has this problem, you will get an error in srvrsmtp.c on the
1673	code:
1674
1675	  # ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
1676			e->e_msgsize = strtoul(vp, (char **) NULL, 10);
1677	  # else
1678			e->e_msgsize = strtol(vp, (char **) NULL, 10);
1679	  # endif
1680
1681	You can use -DBROKEN_ANSI_LIBRARY to get around this problem.
1682
1683Listproc 6.0c
1684	Date: 23 Sep 1995 23:56:07 GMT
1685	Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk>
1686	From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz)
1687	Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint]
1688
1689	Just upgraded to sendmail 8.7, and discovered that listproc 6.0c
1690	breaks, because it, by default, sends a blank "HELO" rather than
1691	a "HELO hostname" when using the 'system' or 'telnet' mail method.
1692
1693	The fix is to include -DZMAILER in the compilation, which will
1694	cause it to use "HELO hostname" (which Z-mail apparently requires
1695	as well. :)
1696
1697PH
1698	PH support is provided by Mark Roth <roth@uiuc.edu>.  The map is
1699	described at http://www-dev.cites.uiuc.edu/sendmail/ .
1700
1701	NOTE: The "spacedname" pseudo-field which was used by earlier
1702	versions of the PH map code is no longer supported!  See the URL
1703	listed above for more information.
1704
1705	Please contact Mark Roth for support and questions regarding the
1706	map.
1707
1708TCP Wrappers
1709	If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
1710	also need to install libwrap.a and modify your site.config.m4 file
1711	or the generated Makefile to include -lwrap in the LIBS line
1712	(make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
1713	libwrap.a can be found).
1714
1715	TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
1716
1717	If you have alternate MX sites for your site, be sure that all of
1718	your MX sites reject the same set of hosts.  If not, a bad guy whom
1719	you reject will connect to your site, fail, and move on to the next
1720	MX site, which will accept the mail for you and forward it on to you.
1721
1722Regular Expressions (MAP_REGEX)
1723	If sendmail linking fails with:
1724
1725		undefined reference to 'regcomp'
1726
1727	or sendmail gives an error about a regular expression with:
1728
1729		pattern-compile-error: : Operation not applicable
1730
1731	Your libc does not include a running version of POSIX-regex.  Use
1732	librx or regex.o from the GNU Free Software Foundation,
1733	ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
1734	ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
1735	You can also use the regex-lib by Henry Spencer,
1736	ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
1737	Make sure, your compiler reads regex.h from the distribution,
1738	not from /usr/include, otherwise sendmail will dump a core.
1739
1740Fedora Core 5, 64 bit version
1741	If the ld stage fails with undefined functions like
1742	__res_querydomain, __dn_expand
1743	then add these lines to devtools/Site/site.config.m4
1744
1745	APPENDDEF(`confLIBDIRS', `-L/usr/lib64')
1746	APPENDDEF(`confINCDIRS', `-I/usr/include/bind9')
1747
1748	and rebuild (sh ./Build -c).
1749
1750	Problem noted by Daniel Krones, solution suggested by
1751	Anthony Howe.
1752
1753
1754+--------------+
1755| MANUAL PAGES |
1756+--------------+
1757
1758The manual pages have been written against the -man macros, and
1759should format correctly with any reasonable *roff.
1760
1761
1762+-----------------+
1763| DEBUGGING HOOKS |
1764+-----------------+
1765
1766As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log
1767some debugging output (logged at LOG_DEBUG severity).  The
1768information dumped is:
1769
1770 * The value of the $j macro.
1771 * A warning if $j is not in the set $=w.
1772 * A list of the open file descriptors.
1773 * The contents of the connection cache.
1774 * If ruleset 89 is defined, it is evaluated and the results printed.
1775
1776This allows you to get information regarding the runtime state of the
1777daemon on the fly.  This should not be done too frequently, since
1778the process of rewriting may lose memory which will not be recovered.
1779Also, ruleset 89 may call non-reentrant routines, so there is a small
1780non-zero probability that this will cause other problems.  It is
1781really only for debugging serious problems.
1782
1783A typical formulation of ruleset 89 would be:
1784
1785	R$*		$@ $>0 some test address
1786
1787
1788+-----------------------------+
1789| DESCRIPTION OF SOURCE FILES |
1790+-----------------------------+
1791
1792The following list describes the files in this directory:
1793
1794Build		Shell script for building sendmail.
1795Makefile	A convenience for calling ./Build.
1796Makefile.m4	A template for constructing a makefile based on the
1797		information in the devtools directory.
1798README		This file.
1799TRACEFLAGS	My own personal list of the trace flags -- not guaranteed
1800		to be particularly up to date.
1801alias.c		Does name aliasing in all forms.
1802aliases.5	Man page describing the format of the aliases file.
1803arpadate.c	A subroutine which creates ARPANET standard dates.
1804bf.c		Routines to implement memory-buffered file system using
1805		hooks provided by libsm now (formerly Torek stdio library).
1806bf.h		Buffered file I/O function declarations and
1807		data structure and function declarations for bf.c.
1808collect.c	The routine that actually reads the mail into a temp
1809		file.  It also does a certain amount of parsing of
1810		the header, etc.
1811conf.c		The configuration file.  This contains information
1812		that is presumed to be quite static and non-
1813		controversial, or code compiled in for efficiency
1814		reasons.  Most of the configuration is in sendmail.cf.
1815conf.h		Configuration that must be known everywhere.
1816control.c	Routines to implement control socket.
1817convtime.c	A routine to sanely process times.
1818daemon.c	Routines to implement daemon mode.
1819deliver.c	Routines to deliver mail.
1820domain.c	Routines that interface with DNS (the Domain Name
1821		System).
1822envelope.c	Routines to manipulate the envelope structure.
1823err.c		Routines to print error messages.
1824headers.c	Routines to process message headers.
1825helpfile	An example helpfile for the SMTP HELP command and -bt mode.
1826macro.c		The macro expander.  This is used internally to
1827		insert information from the configuration file.
1828mailq.1		Man page for the mailq command.
1829main.c		The main routine to sendmail.  This file also
1830		contains some miscellaneous routines.
1831makesendmail	A convenience for calling ./Build.
1832map.c		Support for database maps.
1833mci.c		Routines that handle mail connection information caching.
1834milter.c	MTA portions of the mail filter API.
1835mime.c		MIME conversion routines.
1836newaliases.1	Man page for the newaliases command.
1837parseaddr.c	The routines which do address parsing.
1838queue.c		Routines to implement message queueing.
1839readcf.c	The routine that reads the configuration file and
1840		translates it to internal form.
1841recipient.c	Routines that manipulate the recipient list.
1842sasl.c		Routines to interact with Cyrys-SASL.
1843savemail.c	Routines which save the letter on processing errors.
1844sendmail.8	Man page for the sendmail command.
1845sendmail.h	Main header file for sendmail.
1846sfsasl.c	I/O interface between SASL/TLS and the MTA.
1847sfsasl.h	Header file for sfsasl.c.
1848shmticklib.c	Routines for shared memory counters.
1849sm_resolve.c	Routines for DNS lookups (for DNS map type).
1850sm_resolve.h	Header file for sm_resolve.c.
1851srvrsmtp.c	Routines to implement server SMTP.
1852stab.c		Routines to manage the symbol table.
1853stats.c		Routines to collect and post the statistics.
1854statusd_shm.h	Data structure and function declarations for shmticklib.c.
1855sysexits.c	List of error messages associated with error codes
1856		in sysexits.h.
1857sysexits.h	List of error codes for systems that lack their own.
1858timers.c	Routines to provide microtimers.
1859timers.h	Data structure and function declarations for timers.h.
1860tls.c		Routines for TLS.
1861trace.c		The trace package.  These routines allow setting and
1862		testing of trace flags with a high granularity.
1863udb.c		The user database interface module.
1864usersmtp.c	Routines to implement user SMTP.
1865util.c		Some general purpose routines used by sendmail.
1866version.c	The version number and information about this
1867		version of sendmail.
1868
1869(Version $Revision: 8.393 $, last update $Date: 2013-11-22 20:51:54 $ )
1870