1# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. 2# All rights reserved. 3# Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. 4# Copyright (c) 1988 5# The Regents of the University of California. All rights reserved. 6# 7# By using this file, you agree to the terms and conditions set 8# forth in the LICENSE file which can be found at the top level of 9# the sendmail distribution. 10# 11# 12# $Id: README,v 8.389 2006/05/02 16:58:50 ca Exp $ 13# 14 15This directory contains the source files for sendmail(TM). 16 17 ******************************************************************* 18 !! Read sendmail/SECURITY for important installation information !! 19 ******************************************************************* 20 21 ********************************************************** 22 ** Read below for more details on building sendmail. ** 23 ********************************************************** 24 25************************************************************************** 26** IMPORTANT: Read the appropriate paragraphs in the section on ** 27** ``Operating System and Compile Quirks''. ** 28************************************************************************** 29 30For detailed instructions, please read the document ../doc/op/op.me: 31 32 cd ../doc/op ; make op.ps op.txt 33 34Sendmail is a trademark of Sendmail, Inc. 35 36 37+-------------------+ 38| BUILDING SENDMAIL | 39+-------------------+ 40 41By far, the easiest way to compile sendmail is to use the "Build" 42script: 43 44 sh Build 45 46This uses the "uname" command to figure out what architecture you are 47on and creates a proper Makefile accordingly. It also creates a 48subdirectory per object format, so that multiarchitecture support is 49easy. In general this should be all you need. IRIX 6.x users should 50read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section. 51 52If you need to look at other include or library directories, use the 53-I or -L flags on the command line, e.g., 54 55 sh Build -I/usr/sww/include -L/usr/sww/lib 56 57It's also possible to create local site configuration in the file 58site.config.m4 (or another file settable with the -f flag). This 59file contains M4 definitions for various compilation values; the 60most useful are: 61 62confMAPDEF -D flags to specify database types to be included 63 (see below) 64confENVDEF -D flags to specify other environment information 65confINCDIRS -I flags for finding include files during compilation 66confLIBDIRS -L flags for finding libraries during linking 67confLIBS -l flags for selecting libraries during linking 68confLDOPTS other ld(1) linker options 69 70Others can be found by examining Makefile.m4. Please read 71../devtools/README for more information about the site.config.m4 72file. 73 74You can recompile from scratch using the -c flag with the Build 75command. This removes the existing compilation directory for the 76current platform and builds a new one. The -c flag must also 77be used if any site.*.m4 file in devtools/Site/ is changed. 78 79Porting to a new Unix-based system should be a matter of creating 80an appropriate configuration file in the devtools/OS/ directory. 81 82 83+----------------------+ 84| DATABASE DEFINITIONS | 85+----------------------+ 86 87There are several database formats that can be used for the alias files 88and for general maps. When used for alias files they interact in an 89attempt to be backward compatible. 90 91The options are: 92 93NEWDB The new Berkeley DB package. Some systems (e.g., BSD/OS and 94 Digital UNIX 4.0) have some version of this package 95 pre-installed. If your system does not have Berkeley DB 96 pre-installed, or the version installed is not version 2.0 97 or greater (e.g., is Berkeley DB 1.85 or 1.86), get the 98 current version from http://www.sleepycat.com/. DO NOT 99 use a version from any of the University of California, 100 Berkeley "Net" or other distributions. If you are still 101 running BSD/386 1.x, you will need to upgrade the included 102 Berkeley DB library to a current version. NEWDB is included 103 automatically if the Build script can find a library named 104 libdb.a or libdb.so. 105 See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley 106 DB versions, e.g., DB 4.1.x. 107NDBM The older NDBM implementation -- the very old V7 DBM 108 implementation is no longer supported. 109NIS Network Information Services. To use this you must have 110 NIS support on your system. 111NISPLUS NIS+ (the revised NIS released with Solaris 2). You must 112 have NIS+ support on your system to use this flag. 113HESIOD Support for Hesiod (from the DEC/Athena distribution). You 114 must already have Hesiod support on your system for this to 115 work. You may be able to get this to work with the MIT/Athena 116 version of Hesiod, but that's likely to be a lot of work. 117 BIND 8.X also includes Hesiod support. 118LDAPMAP Lightweight Directory Access Protocol support. You will 119 have to install the UMich or OpenLDAP 120 (http://www.openldap.org/) ldap and lber libraries to use 121 this flag. 122MAP_REGEX Regular Expression support. You will need to use an 123 operating system which comes with the POSIX regex() 124 routines or install a regexp library such as libregex from 125 the Free Software Foundation. 126DNSMAP DNS map support. Requires NAMED_BIND. 127PH_MAP PH map support. You will need the libphclient library from 128 the nph package (http://www-dev.cites.uiuc.edu/ph/nph/). 129MAP_NSD nsd map support (IRIX 6.5 and later). 130SOCKETMAP Support for a trivial query protocol over UNIX domain or TCP 131 sockets. 132 133>>> NOTE WELL for NEWDB support: If you want to get ndbm support, for 134>>> Berkeley DB versions under 2.0, it is CRITICAL that you remove 135>>> ndbm.o from libdb.a before you install it and DO NOT install ndbm.h; 136>>> for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a 137>>> before you install it. If you don't delete these, there is absolutely 138>>> no point to including -DNDBM, since it will just get you another 139>>> (inferior) API to the same format database. These files OVERRIDE 140>>> calls to ndbm routines -- in particular, if you leave ndbm.h in, 141>>> you can find yourself using the new db package even if you don't 142>>> define NEWDB. Berkeley DB versions later than 2.3.14 do not need 143>>> to be modified. Please also consult the README in the top level 144>>> directory of the sendmail distribution for other important information. 145>>> 146>>> Further note: DO NOT remove your existing /usr/include/ndbm.h -- 147>>> you need that one. But do not install an updated ndbm.h in 148>>> /usr/include, /usr/local/include, or anywhere else. 149 150If NEWDB and NDBM are defined (but not NIS), then sendmail will read 151NDBM format alias files, but the next time a newaliases is run the 152format will be converted to NEWDB; that format will be used forever 153more. This is intended as a transition feature. 154 155If NEWDB, NDBM, and NIS are all defined and the name of the file includes 156the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format 157alias files. However, it will only read the NEWDB file; the NDBM format 158file is used only by the NIS subsystem. This is needed because the NIS 159maps on an NIS server are built directly from the NDBM files. 160 161If NDBM and NIS are defined (regardless of the definition of NEWDB), 162and the filename includes the string "/yp/", sendmail adds the special 163tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are 164required if the NDBM file is to be used as an NIS map. 165 166All of these flags are normally defined in a confMAPDEF setting in your 167site.config.m4. 168 169If you define NEWDB or HESIOD you get the User Database (USERDB) 170automatically. Generally you do want to have NEWDB for it to do 171anything interesting. See above for getting the Berkeley DB 172package (i.e., NEWDB). There is no separate "user database" 173package -- don't bother searching for it on the net. 174 175Hesiod and LDAP require libraries that may not be installed with your 176system. These are outside of my ability to provide support. See the 177"Quirks" section for more information. 178 179The regex map can be used to see if an address matches a certain regular 180expression. For example, all-numerics local parts are common spam 181addresses, so "^[0-9]+$" would match this. By using such a map in a 182check_* rule-set, you can block a certain range of addresses that would 183otherwise be considered valid. 184 185The socket map uses a simple request/reply protocol over TCP or 186UNIX domain sockets to query an external server. Both requests and 187replies are text based and encoded as netstrings. The socket map 188uses the same syntax as milters the specify the remote endpoint, 189e.g.: 190 191Ksocket mySocketMap inet:12345@127.0.0.1 192 193See doc/op/op.me for details. 194 195+---------------+ 196| COMPILE FLAGS | 197+---------------+ 198 199Wherever possible, I try to make sendmail pull in the correct 200compilation options needed to compile on various environments based on 201automatically defined symbols. Some machines don't seem to have useful 202symbols available, requiring that a compilation flag be defined in 203the Makefile; see the devtools/OS subdirectory for the supported 204architectures. 205 206If you are a system to which sendmail has already been ported you 207should not have to touch the following symbols. But if you are porting, 208you may have to tweak the following compilation flags in conf.h in order 209to get it to compile and link properly: 210 211SYSTEM5 Adjust for System V (not necessarily Release 4). 212SYS5SIGNALS Use System V signal semantics -- the signal handler 213 is automatically dropped when the signal is caught. 214 If this is not set, use POSIX/BSD semantics, where the 215 signal handler stays in force until an exec or an 216 explicit delete. Implied by SYSTEM5. 217SYS5SETPGRP Use System V setpgrp() semantics. Implied by SYSTEM5. 218HASNICE Define this to zero if you lack the nice(2) system call. 219HASRRESVPORT Define this to zero if you lack the rresvport(3) system call. 220HASFCHMOD Define this to one if you have the fchmod(2) system call. 221 This improves security. 222HASFCHOWN Define this to one if you have the fchown(2) system call. 223 This is required for the TrustedUser option if sendmail 224 must rebuild an (alias) map. 225HASFLOCK Set this if you prefer to use the flock(2) system call 226 rather than using fcntl-based locking. Fcntl locking 227 has some semantic gotchas, but many vendor systems 228 also interface it to lockd(8) to do NFS-style locking. 229 Unfortunately, may vendors implementations of fcntl locking 230 is just plain broken (e.g., locks are never released, 231 causing your sendmail to deadlock; when the kernel runs 232 out of locks your system crashes). For this reason, I 233 recommend always defining this unless you are absolutely 234 certain that your fcntl locking implementation really works. 235HASUNAME Set if you have the "uname" system call. Implied by 236 SYSTEM5. 237HASUNSETENV Define this if your system library has the "unsetenv" 238 subroutine. 239HASSETSID Define this if you have the setsid(2) system call. This 240 is implied if your system appears to be POSIX compliant. 241HASINITGROUPS Define this if you have the initgroups(3) routine. 242HASSETVBUF Define this if you have the setvbuf(3) library call. 243 If you don't, setlinebuf will be used instead. This 244 defaults on if your compiler defines __STDC__. 245HASSETREUID Define this if you have setreuid(2) ***AND*** root can 246 use setreuid to change to an arbitrary user. This second 247 condition is not satisfied on AIX 3.x. You may find that 248 your system has setresuid(2), (for example, on HP-UX) in 249 which case you will also have to #define setreuid(r, e) 250 to be the appropriate call. Some systems (such as Solaris) 251 have a compatibility routine that doesn't work properly, 252 but may have "saved user ids" properly implemented so you 253 can ``#define setreuid(r, e) seteuid(e)'' and have it work. 254 The important thing is that you have a call that will set 255 the effective uid independently of the real or saved uid 256 and be able to set the effective uid back again when done. 257 There's a test program in ../test/t_setreuid.c that will 258 try things on your system. Setting this improves the 259 security, since sendmail doesn't have to read .forward 260 and :include: files as root. There are certain attacks 261 that may be unpreventable without this call. 262USESETEUID Define this to 1 if you have a seteuid(2) system call that 263 will allow root to set only the effective user id to an 264 arbitrary value ***AND*** you have saved user ids. This is 265 preferable to HASSETREUID if these conditions are fulfilled. 266 These are the semantics of the to-be-released revision of 267 Posix.1. The test program ../test/t_seteuid.c will try 268 this out on your system. If you define both HASSETREUID 269 and USESETEUID, the former is ignored. 270HASSETEGID Define this if you have setegid(2) and it can be 271 used to set the saved gid. Please run t_dropgid in 272 test/ if you are not sure whether the call works. 273HASSETREGID Define this if you have setregid(2) and it can be 274 used to set the saved gid. Please run t_dropgid in 275 test/ if you are not sure whether the call works. 276HASSETRESGID Define this if you have setresgid(2) and it can be 277 used to set the saved gid. Please run t_dropgid in 278 test/ if you are not sure whether the call works. 279HASLSTAT Define this if you have symbolic links (and thus the 280 lstat(2) system call). This improves security. Unlike 281 most other options, this one is on by default, so you 282 need to #undef it in conf.h if you don't have symbolic 283 links (these days everyone does). 284HASSETRLIMIT Define this to 1 if you have the setrlimit(2) syscall. 285 You can define it to 0 to force it off. It is assumed 286 if you are running a BSD-like system. 287HASULIMIT Define this if you have the ulimit(2) syscall (System V 288 style systems). HASSETRLIMIT overrides, as it is more 289 general. 290HASWAITPID Define this if you have the waitpid(2) syscall. 291HASGETDTABLESIZE 292 Define this if you have the getdtablesize(2) syscall. 293HAS_ST_GEN Define this to 1 if your system has the st_gen field in 294 the stat structure (see stat(2)). 295HASSRANDOMDEV Define this if your system has the srandomdev(3) function 296 call. 297HASURANDOMDEV Define this if your system has /dev/urandom(4). 298HASSTRERROR Define this if you have the libc strerror(3) function (which 299 should be declared in <errno.h>), and it should be used 300 instead of sys_errlist. 301HASCLOSEFROM Define this if your system has closefrom(3). 302HASFDWALK Define this if your system has fdwalk(3). 303SM_CONF_GETOPT Define this as 0 if you need a reimplementation of getopt(3). 304 On some systems, getopt does very odd things if called 305 to scan the arguments twice. This flag will ask sendmail 306 to compile in a local version of getopt that works 307 properly. You may also need this if you build with 308 another library that introduces a non-standard getopt(3). 309NEEDSTRTOL Define this if your standard C library does not define 310 strtol(3). This will compile in a local version. 311NEEDFSYNC Define this if your standard C library does not define 312 fsync(2). This will try to simulate the operation using 313 fcntl(2); if that is not available it does nothing, which 314 isn't great, but at least it compiles and runs. 315HASGETUSERSHELL Define this to 1 if you have getusershell(3) in your 316 standard C library. If this is not defined, or is defined 317 to be 0, sendmail will scan the /etc/shells file (no 318 NIS-style support, defaults to /bin/sh and /bin/csh if 319 that file does not exist) to get a list of unrestricted 320 user shells. This is used to determine whether users 321 are allowed to forward their mail to a program or a file. 322NEEDPUTENV Define this if your system needs am emulation of the 323 putenv(3) call. Define to 1 to implement it in terms 324 of setenv(3) or to 2 to do it in terms of primitives. 325NOFTRUNCATE Define this if you don't have the ftruncate(2) syscall. 326 If you don't have this system call, there is an unavoidable 327 race condition that occurs when creating alias databases. 328GIDSET_T The type of entries in a gidset passed as the second 329 argument to getgroups(2). Historically this has been an 330 int, so this is the default, but some systems (such as 331 IRIX) pass it as a gid_t, which is an unsigned short. 332 This will make a difference, so it is important to get 333 this right! However, it is only an issue if you have 334 group sets. 335SLEEP_T The type returned by the system sleep() function. 336 Defaults to "unsigned int". Don't worry about this 337 if you don't have compilation problems. 338ARBPTR_T The type of an arbitrary pointer -- defaults to "void *". 339 If you are an very old compiler you may need to define 340 this to be "char *". 341SOCKADDR_LEN_T The type used for the third parameter to accept(2), 342 getsockname(2), and getpeername(2), representing the 343 length of a struct sockaddr. Defaults to int. 344SOCKOPT_LEN_T The type used for the fifth parameter to getsockopt(2) 345 and setsockopt(2), representing the length of the option 346 buffer. Defaults to int. 347LA_TYPE The type of load average your kernel supports. These 348 can be one of: 349 LA_ZERO (1) -- it always returns the load average as 350 "zero" (and does so on all architectures). 351 LA_INT (2) to read /dev/kmem for the symbol avenrun and 352 interpret as a long integer. 353 LA_FLOAT (3) same, but interpret the result as a floating 354 point number. 355 LA_SHORT (6) to interpret as a short integer. 356 LA_SUBR (4) if you have the getloadavg(3) routine in your 357 system library. 358 LA_MACH (5) to use MACH-style load averages (calls 359 processor_set_info()), 360 LA_PROCSTR (7) to read /proc/loadavg and interpret it 361 as a string representing a floating-point 362 number (Linux-style). 363 LA_READKSYM (8) is an implementation suitable for some 364 versions of SVr4 that uses the MIOC_READKSYM ioctl 365 call to read /dev/kmem. 366 LA_DGUX (9) is a special implementation for DG/UX that uses 367 the dg_sys_info system call. 368 LA_HPUX (10) is an HP-UX specific version that uses the 369 pstat_getdynamic system call. 370 LA_IRIX6 (11) is an IRIX 6.x specific version that adapts 371 to 32 or 64 bit kernels; it is otherwise very similar 372 to LA_INT. 373 LA_KSTAT (12) uses the (Solaris-specific) kstat(3k) 374 implementation. 375 LA_DEVSHORT (13) reads a short from a system file (default: 376 /dev/table/avenrun) and scales it in the same manner 377 as LA_SHORT. 378 LA_LONGLONG (17) to read /dev/kmem for the symbol avenrun and 379 interpret as a long long integer (e.g., for 64 bit 380 systems). 381 LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several 382 other parameters that they try to divine: the name of your 383 kernel, the name of the variable in the kernel to examine, 384 the number of bits of precision in a fixed point load average, 385 and so forth. LA_DEVSHORT uses _PATH_AVENRUN to find the 386 device to be read to find the load average. 387 In desperation, use LA_ZERO. The actual code is in 388 conf.c -- it can be tweaked if you are brave. 389FSHIFT For LA_INT, LA_SHORT, and LA_READKSYM, this is the number 390 of bits of load average after the binary point -- i.e., 391 the number of bits to shift right in order to scale the 392 integer to get the true integer load average. Defaults to 8. 393_PATH_UNIX The path to your kernel. Needed only for LA_INT, LA_SHORT, 394 and LA_FLOAT. Defaults to "/unix" on System V, "/vmunix" 395 everywhere else. 396LA_AVENRUN For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel 397 variable that holds the load average. Defaults to "avenrun" 398 on System V, "_avenrun" everywhere else. 399SFS_TYPE Encodes how your kernel can locate the amount of free 400 space on a disk partition. This can be set to SFS_NONE 401 (0) if you have no way of getting this information, 402 SFS_USTAT (1) if you have the ustat(2) system call, 403 SFS_4ARGS (2) if you have a four-argument statfs(2) 404 system call (and the include file is <sys/statfs.h>), 405 SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have 406 the two-argument statfs(2) system call with includes in 407 <sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively, 408 or SFS_STATVFS (6) if you have the two-argument statvfs(2) 409 call. The default if nothing is defined is SFS_NONE. 410SFS_BAVAIL with SFS_4ARGS you can also set SFS_BAVAIL to the field name 411 in the statfs structure that holds the useful information; 412 this defaults to f_bavail. 413SPT_TYPE Encodes how your system can display what a process is doing 414 on a ps(1) command (SPT stands for Set Process Title). Can 415 be set to: 416 SPT_NONE (0) -- Don't try to set the process title at all. 417 SPT_REUSEARGV (1) -- Pad out your argv with the information; 418 this is the default if none specified. 419 SPT_BUILTIN (2) -- The system library has setproctitle. 420 SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2) 421 to set the process title; this is used by HP-UX. 422 SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD). 423 SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6. 424 SPT_SCO (6) -- Write kernel u. area. 425 SPT_CHANGEARGV (7) -- Write pointers to our own strings into 426 the existing argv vector. 427SPT_PADCHAR Character used to pad the process title; if undefined, 428 the space character (0x20) is used. This is ignored if 429 SPT_TYPE != SPT_REUSEARGV 430ERRLIST_PREDEFINED 431 If set, assumes that some header file defines sys_errlist. 432 This may be needed if you get type conflicts on this 433 variable -- otherwise don't worry about it. 434WAITUNION The wait(2) routine takes a "union wait" argument instead 435 of an integer argument. This is for compatibility with 436 old versions of BSD. 437SCANF You can set this to extend the F command to accept a 438 scanf string -- this gives you a primitive parser for 439 class definitions -- BUT it can make you vulnerable to 440 core dumps if the target file is poorly formed. 441SYSLOG_BUFSIZE You can define this to be the size of the buffer that 442 syslog accepts. If it is not defined, it assumes a 443 1024-byte buffer. If the buffer is very small (under 444 256 bytes) the log message format changes -- each 445 e-mail message will log many more messages, since it 446 will log each piece of information as a separate line 447 in syslog. 448BROKEN_RES_SEARCH 449 On Ultrix (and maybe other systems?) if you use the 450 res_search routine with an unknown host name, it returns 451 -1 but sets h_errno to 0 instead of HOST_NOT_FOUND. If 452 you set this, sendmail considers 0 to be the same as 453 HOST_NOT_FOUND. 454NAMELISTMASK If defined, values returned by nlist(3) are masked 455 against this value before use -- a common value is 456 0x7fffffff to strip off the top bit. 457BSD4_4_SOCKADDR If defined, socket addresses have an sa_len field that 458 defines the length of this address. 459SAFENFSPATHCONF Set this to 1 if and only if you have verified that a 460 pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an 461 NFS filesystem where the underlying system allows users to 462 give away files to other users returns <= 0. Be sure you 463 try both on NFS V2 and V3. Some systems assume that their 464 local policy apply to NFS servers -- this is a bad 465 assumption! The test/t_pathconf.c program will try this 466 for you -- you have to run it in a directory that is 467 mounted from a server that allows file giveaway. 468SIOCGIFCONF_IS_BROKEN 469 Set this if your system has an SIOCGIFCONF ioctl defined, 470 but it doesn't behave the same way as "most" systems (BSD, 471 Solaris, SunOS, HP-UX, etc.) 472SIOCGIFNUM_IS_BROKEN 473 Set this if your system has an SIOCGIFNUM ioctl defined, 474 but it doesn't behave the same way as "most" systems 475 (Solaris, HP-UX). 476FAST_PID_RECYCLE 477 Set this if your system can reuse the same PID in the same 478 second. 479SO_REUSEADDR_IS_BROKEN 480 Set this if your system has a setsockopt() SO_REUSEADDR 481 flag but doesn't pay attention to it when trying to bind a 482 socket to a recently closed port. 483NEEDSGETIPNODE Set this if your system supports IPv6 but doesn't include 484 the getipnodeby{name,addr}() functions. Set automatically 485 for Linux's glibc. 486PIPELINING Support SMTP PIPELINING (set by default). 487USING_NETSCAPE_LDAP 488 Deprecated in favor of SM_CONF_LDAP_MEMFREE. See 489 libsm/README. 490NEEDLINK Set this if your system doesn't have a link() call. It 491 will create a copy of the file instead of a hardlink. 492USE_ENVIRON Set this to 1 to access process environment variables from 493 the external variable environ instead of the third 494 parameter of main(). 495USE_DOUBLE_FORK By default this is on (1). Set it to 0 to suppress the 496 extra fork() used to avoid intermediate zombies. 497ALLOW_255 Do not convert (char)0xff to (char)0x7f in headers etc. 498 This can also be done at runtime with the command line 499 option -d82.101. 500NEEDINTERRNO Set this if <errno.h> does not declare errno, i.e., if an 501 application needs to use 502 extern int errno; 503USE_TTYPATH Set this to 1 to enable ErrorMode=write. 504USESYSCTL Use sysctl(3) to determine the number of CPUs in a system. 505HASSNPRINTF Set this to 1 if your OS has a working snprintf(3), i.e., 506 it properly obeys the size of the buffer and returns the 507 number of characters that would have been printed if the 508 size were unlimited. 509LDAP_REFERRALS Set this if you want to use the -R flag (do not auto chase 510 referrals) for LDAP maps (requires -DLDAPMAP). 511 512 513+-----------------------+ 514| COMPILE-TIME FEATURES | 515+-----------------------+ 516 517There are a bunch of features that you can decide to compile in, such 518as selecting various database packages and special protocol support. 519Several are assumed based on other compilation flags -- if you want to 520"un-assume" something, you probably need to edit conf.h. Compilation 521flags that add support for special features include: 522 523NDBM Include support for "new" DBM library for aliases and maps. 524 Normally defined in the Makefile. 525NEWDB Include support for Berkeley DB package (hash & btree) 526 for aliases and maps. Normally defined in the Makefile. 527 If the version of NEWDB you have is the old one that does 528 not include the "fd" call (this call was added in version 529 1.5 of the Berkeley DB code), you must upgrade to the 530 current version of Berkeley DB. 531NIS Define this to get NIS (YP) support for aliases and maps. 532 Normally defined in the Makefile. 533NISPLUS Define this to get NIS+ support for aliases and maps. 534 Normally defined in the Makefile. 535HESIOD Define this to get Hesiod support for aliases and maps. 536 Normally defined in the Makefile. 537NETINFO Define this to get NeXT NetInfo support for aliases and maps. 538 Normally defined in the Makefile. 539LDAPMAP Define this to get LDAP support for maps. 540PH_MAP Define this to get PH support for maps. 541MAP_NSD Define this to get nsd support for maps. 542USERDB Define this to 1 to include support for the User Information 543 Database. Implied by NEWDB or HESIOD. You can use 544 -DUSERDB=0 to explicitly turn it off. 545IDENTPROTO Define this as 1 to get IDENT (RFC 1413) protocol support. 546 This is assumed unless you are running on Ultrix or 547 HP-UX, both of which have a problem in the UDP 548 implementation. You can define it to be 0 to explicitly 549 turn off IDENT protocol support. If defined off, the code 550 is actually still compiled in, but it defaults off; you 551 can turn it on by setting the IDENT timeout in the 552 configuration file. 553IP_SRCROUTE Define this to 1 to get IP source routing information 554 displayed in the Received: header. This is assumed on 555 most systems, but some (e.g., Ultrix) apparently have a 556 broken version of getsockopt that doesn't properly 557 support the IP_OPTIONS call. You probably want this if 558 your OS can cope with it. Symptoms of failure will be that 559 it won't compile properly (that is, no support for fetching 560 IP_OPTIONs), or it compiles but source-routed TCP connections 561 either refuse to open or open and hang for no apparent reason. 562 Ultrix and AIX3 are known to fail this way. 563LOG Set this to get syslog(3) support. Defined by default 564 in conf.h. You want this if at all possible. 565NETINET Set this to get TCP/IP support. Defined by default 566 in conf.h. You probably want this. 567NETINET6 Set this to get IPv6 support. Other configuration may 568 be needed in conf.h for your particular operating system. 569 Also, DaemonPortOptions must be set appropriately for 570 sendmail to accept IPv6 connections. 571NETISO Define this to get ISO networking support. 572NETUNIX Define this to get Unix domain networking support. Defined 573 by default. A few bizarre systems (SCO, ISC, Altos) don't 574 support this networking domain. 575NETNS Define this to get NS networking support. 576NETX25 Define this to get X.25 networking support. 577NAMED_BIND If non-zero, include DNS (name daemon) support, including 578 MX support. The specs say you must use this if you run 579 SMTP. You don't have to be running a name server daemon 580 on your machine to need this -- any use of the DNS resolver, 581 including remote access to another machine, requires this 582 option. Defined by default in conf.h. Define it to zero 583 ONLY on machines that do not use DNS in any way. 584MATCHGECOS Permit fuzzy matching of user names against the full 585 name (GECOS) field in the /etc/passwd file. This should 586 probably be on, since you can disable it from the config 587 file if you want to. Defined by default in conf.h. 588MIME8TO7 If non-zero, include 8 to 7 bit MIME conversions. This 589 also controls advertisement of 8BITMIME in the ESMTP 590 startup dialogue. 591MIME7TO8_OLD If 0 then use an algorithm for MIME 7-bit quoted-printable 592 or base64 encoding to 8-bit text that has been introduced 593 in 8.12.3. There are some examples where that code fails, 594 but the old code works. If you have an example of improper 595 7 to 8 bit conversion please send it to sendmail-bugs. 596MIME7TO8 If non-zero, include 7 to 8 bit MIME conversions. 597HES_GETMAILHOST Define this to 1 if you are using Hesiod with the 598 hes_getmailhost() routine. This is included with the MIT 599 Hesiod distribution, but not with the DEC Hesiod distribution. 600XDEBUG Do additional internal checking. These don't cost too 601 much; you might as well leave this on. 602TCPWRAPPERS Turns on support for the TCP wrappers library (-lwrap). 603 See below for further information. 604SECUREWARE Enable calls to the SecureWare luid enabling/changing routines. 605 SecureWare is a C2 security package added to several UNIX's 606 (notably ConvexOS) to get a C2 Secure system. This 607 option causes mail delivery to be done with the luid of the 608 recipient. 609SHARE_V1 Support for the fair share scheduler, version 1. Setting to 610 1 causes final delivery to be done using the recipients 611 resource limitations. So far as I know, this is only 612 supported on ConvexOS. 613SASL Enables SMTP AUTH (RFC 2554). This requires the Cyrus SASL 614 library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/). Please 615 install at least version 1.5.13. See below for further 616 information: SASL COMPILATION AND CONFIGURATION. If your 617 SASL library is older than 1.5.10, you have to set this 618 to its version number using a simple conversion: a.b.c 619 -> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509. 620 Note: Using an older version than 1.5.5 of Cyrus SASL is 621 not supported. Starting with version 1.5.10, setting SASL=1 622 is sufficient. Any value other than 1 (or 0) will be 623 compared with the actual version found and if there is a 624 mismatch, compilation will fail. 625EGD Define this if your system has EGD installed, see 626 http://egd.sourceforge.net/ . It should be used to 627 seed the PRNG for STARTTLS if HASURANDOMDEV is not defined. 628STARTTLS Enables SMTP STARTTLS (RFC 2487). This requires OpenSSL 629 (http://www.OpenSSL.org/); use OpenSSL 0.9.5a or later 630 (if compatible with this version), do not use 0.9.3. 631 See STARTTLS COMPILATION AND CONFIGURATION for further 632 information. 633TLS_NO_RSA Turn off support for RSA algorithms in STARTTLS. 634MILTER Turn on support for external filters using the Milter API; 635 this option is set by default, to turn it off use 636 APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER=0') 637 in devtools/Site/site.config.m4 (see devtools/README). 638 See libmilter/README for more information about milter. 639REQUIRES_DIR_FSYNC Turn on support for file systems that require to 640 call fsync() for a directory if the meta-data in it has 641 been changed. This should be turned on at least for older 642 versions of ReiserFS; it is enabled by default for Linux. 643 According to some information this flag is not needed 644 anymore for kernel 2.4.16 and newer. We would appreciate 645 feedback about the semantics of the various file systems 646 available for Linux. 647 An alternative to this compile time flag is to mount the 648 queue directory without the -async option, or using 649 chattr +S on Linux. 650DBMMODE The default file permissions to use when creating new 651 database files for maps and aliases. Defaults to 0640. 652 653Generic notice: If you enable a compile time option that needs 654libraries or include files that don't come with sendmail or are 655installed in a location that your C compiler doesn't use by default 656you should set confINCDIRS and confLIBDIRS as explained in the 657first section: BUILDING SENDMAIL. 658 659 660+---------------------+ 661| DNS/RESOLVER ISSUES | 662+---------------------+ 663 664Many systems have old versions of the resolver library. At a minimum, 665you should be running BIND 4.8.3; older versions may compile, but they 666have known bugs that should give you pause. 667 668Common problems in old versions include "undefined" errors for 669dn_skipname. 670 671Some people have had a problem with BIND 4.9; it uses some routines 672that it expects to be externally defined such as strerror(). It may 673help to link with "-l44bsd" to solve this problem. This has apparently 674been fixed in later versions of BIND, starting around 4.9.3. In other 675words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or 676later versions, you do not. 677 678!PLEASE! be sure to link with the same version of the resolver as 679the header files you used -- some people have used the 4.9 headers 680and linked with BIND 4.8 or vice versa, and it doesn't work. 681Unfortunately, it doesn't fail in an obvious way -- things just 682subtly don't work. 683 684WILDCARD MX RECORDS ARE A BAD IDEA! The only situation in which they 685work reliably is if you have two versions of DNS, one in the real world 686which has a wildcard pointing to your firewall, and a completely 687different version of the database internally that does not include 688wildcard MX records that match your domain. ANYTHING ELSE WILL GIVE 689YOU HEADACHES! 690 691When attempting to canonify a hostname, some broken name servers will 692return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. If you 693want to excuse this behavior, include WorkAroundBrokenAAAA in 694ResolverOptions. However, instead, we recommend catching the problem and 695reporting it to the name server administrator so we can rid the world of 696broken name servers. 697 698 699+----------------------------------------+ 700| STARTTLS COMPILATION AND CONFIGURATION | 701+----------------------------------------+ 702 703Please read the documentation accompanying the OpenSSL library. You 704have to compile and install the OpenSSL libraries before you can compile 705sendmail. See devtools/README how to set the correct compile time 706parameters; you should at least set the following variables: 707 708APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS') 709APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto') 710 711If you have installed the OpenSSL libraries and include files in 712a location that your C compiler doesn't use by default you should 713set confINCDIRS and confLIBDIRS as explained in the first section: 714BUILDING SENDMAIL. 715 716Configuration information can be found in doc/op/op.me (required 717certificates) and cf/README (how to tell sendmail about certificates). 718 719To perform an initial test, connect to your sendmail daemon 720(telnet localhost 25) and issue a EHLO localhost and see whether 721250-STARTTLS 722is in the response. If it isn't, run the daemon with 723-O LogLevel=14 724and try again. Then take a look at the logfile and see whether 725there are any problems listed about permissions (unsafe files) 726or the validity of X.509 certificates. 727 728From: Garrett Wollman <wollman@lcs.mit.edu> 729 730 If your certificate authority is hierarchical, and you only include 731 the top-level CA certificate in the CACertFile file, some mail clients 732 may be unable to infer the proper certificate chain when selecting a 733 client certificate. Including the bottom-level CA certificate(s) in 734 the CACertFile file will allow these clients to work properly. This 735 is not necessary if you are not using client certificates for 736 authentication, or if all your clients are running Sendmail or other 737 programs using the OpenSSL library (which get it right automatically). 738 In addition, some mail clients are totally incapable of using 739 certificate authentication -- even some of those which already support 740 SSL/TLS for confidentiality. 741 742Further information can be found via: 743http://www.sendmail.org/tips/ 744 745 746+------------------------------------+ 747| SASL COMPILATION AND CONFIGURATION | 748+------------------------------------+ 749 750Please read the documentation accompanying the Cyrus SASL library 751(INSTALL and README). If you use Berkeley DB for Cyrus SASL then 752you must compile sendmail with the same version of Berkeley DB. 753See devtools/README for how to set the correct compile time parameters; 754you should at least set the following variables: 755 756APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL') 757APPENDDEF(`conf_sendmail_LIBS', `-lsasl') 758 759If you have installed the Cyrus SASL library and include files in 760a location that your C compiler doesn't use by default you should 761set confINCDIRS and confLIBDIRS as explained in the first section: 762BUILDING SENDMAIL. 763 764You have to select and install authentication mechanisms and tell 765sendmail where to find the sasl library and the include files (see 766devtools/README for the parameters to set). Set up the required 767users and passwords as explained in the SASL documentation. See 768also cf/README for authentication related options (especially 769DefaultAuthInfo if you want authentication between MTAs). 770 771To perform an initial test, connect to your sendmail daemon 772(telnet localhost 25) and issue a EHLO localhost and see whether 773250-AUTH .... 774is in the response. If it isn't, run the daemon with 775-O LogLevel=14 776and try again. Then take a look at the logfile and see whether 777there are any security related problems listed (unsafe files). 778 779Further information can be found via: 780http://www.sendmail.org/tips/ 781 782 783+-------------------------------------+ 784| OPERATING SYSTEM AND COMPILE QUIRKS | 785+-------------------------------------+ 786 787GCC problems 788 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS" 789 too (see include/sm/cdefs.h for more info). 790 791 ***************************************************************** 792 ** IMPORTANT: DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE ** 793 ** RUNNING GCC 2.4.x or 2.5.x. THERE IS A BUG IN THE GCC ** 794 ** OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. ** 795 ***************************************************************** 796 797 Jim Wilson of Cygnus believes he has found the problem -- it will 798 probably be fixed in GCC 2.5.6 -- but until this is verified, be 799 very suspicious of gcc -O. This problem is reported to have been 800 fixed in gcc 2.6. 801 802 A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with 803 optimization on a Sparc. If you are using gcc 2.5.5, youi should 804 upgrade to the latest version of gcc. 805 806 Apparently GCC 2.7.0 on the Pentium processor has optimization 807 problems. I recommend against using -O on that architecture. This 808 has been seen on FreeBSD 2.0.5 RELEASE. 809 810 Solaris 2.X users should use version 2.7.2.3 over 2.7.2. 811 812 We have been told there are problems with gcc 2.8.0. If you are 813 using this version, you should upgrade to 2.8.1 or later. 814 815Berkeley DB 816 Berkeley DB 4.1.x with x <= 24 does not work with sendmail. 817 You need at least 4.1.25. 818 819GDBM GDBM does not work with sendmail because the additional 820 security checks and file locking cause problems. Unfortunately, 821 gdbm does not provide a compile flag in its version of ndbm.h so 822 the code can adapt. Until the GDBM authors can fix these problems, 823 GDBM will not be supported. Please use Berkeley DB instead. 824 825Configuration file location 826 Up to 8.6, sendmail tried to find the sendmail.cf file in the same 827 place as the vendors had put it, even when this was obviously 828 stupid. As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf. 829 Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf. 830 You can get sendmail to use the stupid vendor .cf location by 831 adding -DUSE_VENDOR_CF_PATH during compilation, but this may break 832 support programs and scripts that need to find sendmail.cf. You 833 are STRONGLY urged to use symbolic links if you want to use the 834 vendor location rather than changing the location in the sendmail 835 binary. 836 837 NETINFO systems use NETINFO to determine the location of 838 sendmail.cf. The full path to sendmail.cf is stored as the value of 839 the "sendmail.cf" property in the "/locations/sendmail" 840 subdirectory of NETINFO. Set the value of this property to 841 "/etc/mail/sendmail.cf" (without the quotes) to use this new 842 default location for Sendmail 8.10.0 and higher. 843 844ControlSocket permissions 845 Paraphrased from BIND 8.2.1's README: 846 847 Solaris and other pre-4.4BSD kernels do not respect ownership or 848 protections on UNIX-domain sockets. The short term fix for this is to 849 override the default path and put such control sockets into root- 850 owned directories which do not permit non-root to r/w/x through them. 851 The long term fix is for all kernels to upgrade to 4.4BSD semantics. 852 853HP MPE/iX 854 The MPE-specific code within sendmail emulates a set-user-id root 855 environment for the sendmail binary. But there is no root uid 0 on 856 MPE, nor is there any support for set-user-id programs. Even when 857 sendmail thinks it is running as uid 0, it will still have the file 858 access rights of the underlying non-zero uid, but because sendmail is 859 an MPE priv-mode program it will still be able to call setuid() to 860 successfully switch to a new uid. 861 862 MPE setgid() semantics don't quite work the way sendmail expects, so 863 special emulation is done here also. 864 865 This uid/gid emulation is enabled via the setuid/setgid file mode bits 866 which are not currently used by MPE. Code in libsm/mpeix.c examines 867 these bits and enables emulation if they have been set, i.e., 868 chmod u+s,g+s /SENDMAIL/CURRENT/SENDMAIL. 869 870SunOS 4.x (Solaris 1.x) 871 You may have to use -lresolv on SunOS. However, beware that 872 this links in a new version of gethostbyname that does not 873 understand NIS, so you must have all of your hosts in DNS. 874 875 Some people have reported problems with the SunOS version of 876 -lresolv and/or in.named, and suggest that you get a newer 877 version. The symptoms are delays when you connect to the 878 SMTP server on a SunOS machine or having your domain added to 879 addresses inappropriately. There is a version of BIND 880 version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9. 881 882 There is substantial disagreement about whether you can make 883 this work with resolv+, which allows you to specify a search-path 884 of services. Some people report that it works fine, others 885 claim it doesn't work at all (including causing sendmail to 886 drop core when it tries to do multiple resolv+ lookups for a 887 single job). I haven't tried resolv+, as we use DNS exclusively. 888 889 Should you want to try resolv+, it is on ftp.uu.net in 890 /networking/ip/dns. 891 892 Apparently getservbyname() can fail under moderate to high 893 load under some circumstances. This will exhibit itself as 894 the message ``554 makeconnection: service "smtp" unknown''. 895 The problem has been traced to one or more blank lines in 896 /etc/services on the NIS server machine. Delete these 897 and it should work. This info is thanks to Brian Bartholomew 898 <bb@math.ufl.edu> of I-Kinetics, Inc. 899 900 NOTE: The SunOS 4.X linker uses library paths specified during 901 compilation using -L for run-time shared library searches. 902 Therefore, it is vital that relative and unsafe directory paths not 903 be used when compiling sendmail. 904 905SunOS 4.0.2 (Sun 386i) 906 Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST) 907 From: teus@oce.nl 908 909 Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the 910 following changes: 911 * Don't use /usr/5bin in your PATH, but make /usr/5bin/uname 912 available as "uname" command. 913 * Use the defines "-DBSD4_3 -DNAMED_BIND=0" in 914 devtools/OS/SunOS.4.0, which is selected via the "uname" command. 915 I recommend to make available the db-library on the system first 916 (and change the Makefile to use this library). 917 Note that the sendmail.cf and aliases files are found in /etc. 918 919SunOS 4.1.3, 4.1.3_U1 920 Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1. According 921 to Sun bug number 1077939: 922 923 If an application does a getsockopt() on a SOCK_STREAM (TCP) socket 924 after the other side of the connection has sent a TCP RESET for 925 the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or 926 ip_ctloutput() routine. 927 928 For 4.1.3, this is fixed in patch 100584-08, available on the 929 Sunsolve 2.7.1 or later CDs. For 4.1.3_U1, this was fixed in patch 930 101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later 931 obsoleted by patch 102010-05. 932 933 Sun patch 100584-08 is not currently publicly available on their 934 ftp site but a user has reported it can be found at other sites 935 using a web search engine. 936 937Solaris 2.x (SunOS 5.x) 938 To compile for Solaris, the Makefile built by Build must 939 include a SOLARIS definition which reflects the Solaris version 940 (i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1). 941 If you are using gcc, make sure -I/usr/include is not used (or 942 it might complain about TopFrame). If you are using Sun's cc, 943 make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc 944 (or it might complain about tm_zone). 945 946 The Solaris 2.x (x <= 3) "syslog" function is apparently limited 947 to something about 90 characters because of a kernel limitation. 948 If you have source code, you can probably up this number. You 949 can get patches that fix this problem: the patch ids are: 950 951 Solaris 2.1 100834 952 Solaris 2.2 100999 953 Solaris 2.3 101318 954 955 Be sure you have the appropriate patch installed or you won't 956 see system logging. 957 958Solaris 2.4 (SunOS 5.4) 959 If you include /usr/lib at the end of your LD_LIBRARY_PATH you run 960 the risk of getting the wrong libraries under some circumstances. 961 This is because of a new feature in Solaris 2.4, described by 962 Rod.Evans@Eng.Sun.COM: 963 964 >> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the 965 >> runtime linker if the application was setxid (secure), thus your 966 >> applications search path would be: 967 >> 968 >> /usr/local/lib LD_LIBRARY_PATH component - IGNORED 969 >> /usr/lib LD_LIBRARY_PATH component - IGNORED 970 >> /usr/local/lib RPATH - honored 971 >> /usr/lib RPATH - honored 972 >> 973 >> the effect is that path 3 would be the first used, and this would 974 >> satisfy your resolv.so lookup. 975 >> 976 >> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible. 977 >> People who developed setxid applications wanted to be able to alter 978 >> the library search path to some degree to allow for their own 979 >> testing and debugging mechanisms. It was decided that the only 980 >> secure way to do this was to allow a `trusted' path to be used in 981 >> LD_LIBRARY_PATH. The only trusted directory we presently define 982 >> is /usr/lib. Thus a set-user-ID root developer could play with some 983 >> alternative shared object implementations and place them in 984 >> /usr/lib (being root we assume they'ed have access to write in this 985 >> directory). This change was made as part of 1155380 - after a 986 >> *huge* amount of discussion regarding the security aspect of things. 987 >> 988 >> So, in SunOS 5.4 your applications search path would be: 989 >> 990 >> /usr/local/lib from LD_LIBRARY_PATH - IGNORED (untrustworthy) 991 >> /usr/lib from LD_LIBRARY_PATH - honored (trustworthy) 992 >> /usr/local/lib from RPATH - honored 993 >> /usr/lib from RPATH - honored 994 >> 995 >> here, path 2 would be the first used. 996 997Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6) 998 Apparently Solaris 2.5.1 patch 103663-01 installs a new 999 /usr/include/resolv.h file that defines the __P macro without 1000 checking to see if it is already defined. This new resolv.h is also 1001 included in the Solaris 2.6 distribution. This causes compile 1002 warnings such as: 1003 1004 In file included from daemon.c:51: 1005 /usr/include/resolv.h:208: warning: `__P' redefined 1006 cdefs.h:58: warning: this is the location of the previous definition 1007 1008 These warnings can be safely ignored or you can create a resolv.h 1009 file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads: 1010 1011 #undef __P 1012 #include "/usr/include/resolv.h" 1013 1014 This problem was fixed in Solaris 7 (Sun bug ID 4081053). 1015 1016Solaris 7 (SunOS 5.7) 1017 Solaris 7 includes LDAP libraries but the implementation was 1018 lacking a few things. The following settings can be placed in 1019 devtools/Site/site.SunOS.5.7.m4 if you plan on using those 1020 libraries. 1021 1022 APPENDDEF(`confMAPDEF', `-DLDAPMAP') 1023 APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3') 1024 APPENDDEF(`confLIBS', `-lldap') 1025 1026 Also, Sun's patch 107555 is needed to prevent a crash in the call 1027 to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if 1028 LDAP support is compiled in sendmail. 1029 1030Solaris 8 and later (SunOS 5.8 and later) 1031 Solaris 8 and later can optionally install LDAP support. If you 1032 have installed the Entire Distribution meta-cluster, you can use 1033 the following in devtools/Site/site.SunOS.5.8.m4 (or other 1034 appropriately versioned file) to enable LDAP: 1035 1036 APPENDDEF(`confMAPDEF', `-DLDAPMAP') 1037 APPENDDEF(`confLIBS', `-lldap') 1038 1039Solaris 9 and later (SunOS 5.9 and later) 1040 Solaris 9 and later have a revised LDAP library, libldap.so.5, 1041 which is derived from a Netscape implementation, thus requiring 1042 that SM_CONF_LDAP_MEMFREE be defined in conjunction with LDAPMAP: 1043 1044 APPENDDEF(`confMAPDEF', `-DLDAPMAP') 1045 APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE') 1046 APPENDDEF(`confLIBS', `-lldap') 1047 1048Solaris 1049 If you are using dns for hostname resolution on Solaris, make sure 1050 that the 'dns' entry is last on the hosts line in 1051 '/etc/nsswitch.conf'. For example, use: 1052 1053 hosts: nisplus files dns 1054 1055 Do not use: 1056 1057 hosts: nisplus dns [NOTFOUND=return] files 1058 1059 Note that 'nisplus' above is an illustration. The same comment 1060 applies no matter what naming services you are using. If you have 1061 anything other than dns last, even after "[NOTFOUND=return]", 1062 sendmail may not be able to determine whether an error was 1063 temporary or permanent. The error returned by the solaris 1064 gethostbyname() is the error for the last lookup used, and other 1065 naming services do not have the same concept of temporary failure. 1066 1067Ultrix 1068 By default, the IDENT protocol is turned off on Ultrix. If you 1069 are running Ultrix 4.4 or later, or if you have included patch 1070 CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn 1071 IDENT on in the configuration file by setting the "ident" timeout. 1072 1073 The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver 1074 included in libc.a. Unfortunately, the __RES symbol hasn't changed 1075 and therefore, sendmail can no longer automatically detect the 1076 newer version. If you get a compiler error: 1077 1078 /lib/libc.a(gethostent.o): local_hostname_length: multiply defined 1079 1080 Then rebuild with this in devtools/Site/site.ULTRIX.m4: 1081 1082 APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0') 1083 1084Digital UNIX (formerly DEC OSF/1) 1085 If you are compiling on OSF/1 (DEC Alpha), you must use 1086 -L/usr/shlib (otherwise it core dumps on startup). You may also 1087 need -mld to get the nlist() function, although some versions 1088 apparently don't need this. 1089 1090 Also, the enclosed makefile removed /usr/sbin/smtpd; if you need 1091 it, just create the link to the sendmail binary. 1092 1093 On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work 1094 properly due to a bug in the getpw* routines. If you want to use 1095 this, use -DDEC_OSF_BROKEN_GETPWENT=1. The problem is fixed in 3.2C. 1096 1097 Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will 1098 only preserve the envelope sender in the "From " header if 1099 DefaultUserID is set to daemon. Setting this to mailnull will 1100 cause all mail to have the header "From mailnull ...". To use 1101 a different DefaultUserID, you will need to use a different mail 1102 delivery agent (such as mail.local found in the sendmail 1103 distribution). 1104 1105 On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the 1106 operating system and already has the ndbm.o module removed. However, 1107 Digital has modified the original Berkeley DB db.h include file. 1108 This results in the following warning while compiling map.c and udb.c: 1109 1110 cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro 1111 "__signed" conflicts with a current definition because the replacement 1112 lists differ. The redefinition is now in effect. 1113 #define __signed signed 1114 ------------------------^ 1115 1116 This warning can be ignored. 1117 1118 Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/. 1119 If you have installed a new version of BIND in /usr/include 1120 and /usr/lib, you will experience difficulties as Digital ships 1121 libresolv.a in /usr/ccs/lib/ as well. Be sure to replace both 1122 copies of libresolv.a. 1123 1124IRIX 1125 The header files on SGI IRIX are completely prototyped, and as 1126 a result you can sometimes get some warning messages during 1127 compilation. These can be ignored. There are two errors in 1128 deliver only if you are using gcc, both of the form ``warning: 1129 passing arg N of `execve' from incompatible pointer type''. 1130 Also, if you compile with -DNIS, you will get a complaint 1131 about a declaration of struct dom_binding in a prototype 1132 when compiling map.c; this is not important because the 1133 function being prototyped is not used in that file. 1134 1135 In order to compile sendmail you will have had to install 1136 the developers' option in order to get the necessary include 1137 files. 1138 1139 If you compile with -lmalloc (the fast memory allocator), you may 1140 get warning messages such as the following: 1141 1142 ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so 1143 preempts that definition in /usr/lib32/mips3/libc.so. 1144 ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so 1145 preempts that definition in /usr/lib32/mips3/libc.so. 1146 ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so 1147 preempts that definition in /usr/lib32/mips3/libc.so. 1148 ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so 1149 preempts that definition in /usr/lib32/mips3/libc.so. 1150 ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so 1151 preempts that definition in /usr/lib32/mips3/libc.so. 1152 1153 These are unavoidable and innocuous -- just ignore them. 1154 1155 According to Dave Sill <de5@ornl.gov>, there is a version of the 1156 Berkeley DB library patched to run on Irix 6.2 available from 1157 http://reality.sgi.com/ariel/freeware/#db . 1158 1159IRIX 6.x 1160 If you are using XFS filesystem, avoid using the -32 ABI switch to 1161 the cc compiler if possible. 1162 1163 Broken inet_aton and inet_ntoa on IRIX using gcc: There's 1164 a problem with gcc on IRIX, i.e., gcc can't pass structs 1165 less than 16 bits long unless they are 8 bits; IRIX 6.2 has 1166 some other sized structs. See 1167 http://www.bitmechanic.com/mail-archives/mysql/current/0418.html 1168 This problem seems to be fixed by gcc v2.95.2, gcc v2.8.1 1169 is reported as broken. Check your gcc version for this bug 1170 before installing sendmail. 1171 1172IRIX 6.4 1173 The IRIX 6.5.4 version of /bin/m4 does not work properly with 1174 sendmail. Either install fw_m4.sw.m4 off the Freeware_May99 CD and 1175 use /usr/freeware/bin/m4 or install and use GNU m4. 1176 1177NeXT or NEXTSTEP 1178 NEXTSTEP 3.3 and earlier ship with the old DBM library. Also, 1179 Berkeley DB does not currently run on NEXTSTEP. 1180 1181 If you are compiling on NEXTSTEP, you will have to create an 1182 empty file "unistd.h" and create a file "dirent.h" containing: 1183 1184 #include <sys/dir.h> 1185 #define dirent direct 1186 1187 (devtools/OS/NeXT should try to do both of these for you.) 1188 1189 Apparently, there is a bug in getservbyname on Nextstep 3.0 1190 that causes it to fail under some circumstances with the 1191 message "SYSERR: service "smtp" unknown" logged. You should 1192 be able to work around this by including the line: 1193 1194 OOPort=25 1195 1196 in your .cf file. 1197 1198BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0 1199 The "m4" from BSDI won't handle the config files properly. 1200 I haven't had a chance to test this myself. 1201 1202 The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config 1203 files properly. One must use either GNU m4 1.1 or the PD-M4 1204 recently posted in comp.os.386bsd.bugs (and maybe others). 1205 NetBSD-current includes the PD-M4 (as stated in the NetBSD file 1206 CHANGES). 1207 1208 FreeBSD 1.0 RELEASE has uname(2) now. Use -DUSEUNAME in order to 1209 use it (look into devtools/OS/FreeBSD). NetBSD-current may have 1210 it too but it has not been verified. 1211 1212 The latest version of Berkeley DB uses a different naming 1213 scheme than the version that is supplied with your release. This 1214 means you will be able to use the current version of Berkeley DB 1215 with sendmail as long you use the new db.h when compiling 1216 sendmail and link it against the new libdb.a or libdb.so. You 1217 should probably keep the original db.h in /usr/include and the 1218 new db.h in /usr/local/include. 1219 12204.3BSD 1221 If you are running a "virgin" version of 4.3BSD, you'll have 1222 a very old resolver and be missing some header files. The 1223 header files are simple -- create empty versions and everything 1224 will work fine. For the resolver you should really port a new 1225 version (4.8.3 or later) of the resolver; 4.9 is available on 1226 gatekeeper.DEC.COM in pub/BSD/bind/4.9. If you are really 1227 determined to continue to use your old, buggy version (or as 1228 a shortcut to get sendmail working -- I'm sure you have the 1229 best intentions to port a modern version of BIND), you can 1230 copy ../contrib/oldbind.compat.c into sendmail and add the 1231 following to devtools/Site/site.config.m4: 1232 1233 APPENDDEF(`confOBJADD', `oldbind.compat.o') 1234 1235OpenBSD (up to 2.9 Release), NetBSD, FreeBSD (up to 4.3-RELEASE) 1236 m4 from *BSD won't handle libsm/Makefile.m4 properly, since the 1237 maximum length for strings is too short. You need to use GNU m4 1238 or patch m4, see for example: 1239 http://FreeBSD.org/cgi/cvsweb.cgi/src/usr.bin/m4/eval.c.diff?r1=1.11&r2=1.12 1240 1241A/UX 1242 Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT) 1243 From: "Eric C. Hagberg" <hagberg@med.cornell.edu> 1244 Subject: Fix for A/UX ndbm 1245 1246 I guess this isn't really a sendmail bug, however, it is something 1247 that A/UX users should be aware of when compiling sendmail 8.6. 1248 1249 Apparently, the calls that sendmail is using to the ndbm routines 1250 in A/UX 3.0.x contain calls to "broken" routines, in that the 1251 aliases database will break when it gets "just a little big" 1252 (sorry I don't have exact numbers here, but it broke somewhere 1253 around 20-25 aliases for me.), making all aliases non-functional 1254 after exceeding this point. 1255 1256 What I did was to get the gnu-dbm-1.6 package, compile it, and 1257 then re-compile sendmail with "-lgdbm", "-DNDBM", and using the 1258 ndbm.h header file that comes with the gnu-package. This makes 1259 things behave properly. 1260 [NOTE: see comment above about GDBM] 1261 1262 I suppose porting the New Berkeley DB package is another route, 1263 however, I made a quick attempt at it, and found it difficult 1264 (not easy at least); the gnu-dbm package "configured" and 1265 compiled easily. 1266 1267 [NOTE: Berkeley DB version 2.X runs on A/UX and can be used for 1268 database maps.] 1269 1270SCO Unix 1271 From: Thomas Essebier <tom@stallion.oz.au> 1272 Organisation: Stallion Technologies Pty Ltd. 1273 1274 It will probably help those who are trying to configure sendmail 8.6.9 1275 to know that if they are on SCO, they had better set 1276 OI-dnsrch 1277 or they will core dump as soon as they try to use the resolver. 1278 i.e., although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3, 1279 it does not inititialise it, nor does it understand 'search' in 1280 /etc/named.boot. 1281 - sigh - 1282 1283 According to SCO, the m4 which ships with UnixWare 2.1.2 is broken. 1284 We recommend installing GNU m4 before attempting to build sendmail. 1285 1286 On some versions a bogus error value is listed if connections 1287 time out (large negative number). To avoid this explicitly set 1288 Timeout.connect to a reasonable value (several minutes). 1289 1290DG/UX 1291 Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run 1292 V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage. 1293 Originally, the DG /bin/mail program wasn't compatible with 1294 the V8 sendmail, since the DG /bin/mail requires the environment 1295 variable "_FORCE_MAIL_LOCAL_=yes" be set. Version 8.7 now includes 1296 this in the environment before invoking the local mailer. Some 1297 have used procmail to avoid this problem in the past. It works 1298 but some have experienced file locking problems with their DG/UX 1299 ports of procmail. 1300 1301Apollo DomainOS 1302 If you are compiling on Apollo, you will have to create an empty 1303 file "unistd.h" (for DomainOS 10.3 and earlier) and create a file 1304 "dirent.h" containing: 1305 1306 #include <sys/dir.h> 1307 #define dirent direct 1308 1309 (devtools/OS/DomainOS will attempt to do both of these for you.) 1310 1311HP-UX 8.00 1312 Date: Mon, 24 Jan 1994 13:25:45 +0200 1313 From: Kimmo Suominen <Kimmo.Suominen@lut.fi> 1314 Subject: 8.6.5 w/ HP-UX 8.00 on s300 1315 1316 Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (i.e., 1317 a series 300 machine) running HP-UX 8.00. 1318 1319 I was getting segmentation fault when delivering to a local user. 1320 With debugging I saw it was faulting when doing _free@libc... *sigh* 1321 It seems the new implementation of malloc on s300 is buggy as of 8.0, 1322 so I tried out the one in -lmalloc (malloc(3X)). With that it seems 1323 to work just dandy. 1324 1325 When linking, you will get the following error: 1326 1327 ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a 1328 1329 but you can just ignore it. You might want to add this info to the 1330 README file for the future... 1331 1332Linux 1333 Something broke between versions 0.99.13 and 0.99.14 of Linux: the 1334 flock() system call gives errors. If you are running .14, you must 1335 not use flock. You can do this with -DHASFLOCK=0. We have also 1336 been getting complaints since version 2.4.X was released. 1337 sendmail 8.13 has changed the default locking method to fcntl() 1338 for Linux kernel version 2.4 and later. Be sure to update other 1339 sendmail related programs to match locking techniques (some 1340 examples, besides makemap and mail.local, include procmail, mailx, 1341 mutt, elm, etc). 1342 1343 Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the 1344 initialization of the _res structure changed. If /etc/hosts.conf 1345 was configured as "hosts, bind" the resolver code could return 1346 "Name server failure" errors. This is supposedly fixed in 1347 later versions of libc (>= 4.6.29?), and later versions of 1348 sendmail (> 8.6.10) try to work around the problem. 1349 1350 Some older versions (< 4.6.20?) of the libc/include files conflict 1351 with sendmail's version of cdefs.h. Deleting sendmail's version 1352 on those systems should be non-harmful, and new versions don't care. 1353 1354 NOTE ON LINUX & BIND: By default, the Makefile generated for Linux 1355 includes header files in /usr/local/include and libraries in 1356 /usr/local/lib. If you've installed BIND on your system, the header 1357 files typically end up in the search path and you need to add 1358 "-lresolv" to the LIBS line in your Makefile. Really old versions 1359 may need to include "-l44bsd" as well (particularly if the link phase 1360 complains about missing strcasecmp, strncasecmp or strpbrk). 1361 Complaints about an undefined reference to `__dn_skipname' in 1362 domain.o are a sure sign that you need to add -lresolv to LIBS. 1363 Newer versions of Linux are basically threaded BIND, so you may or 1364 may not see complaints if you accidentally mix BIND 1365 headers/libraries with virginal libc. If you have BIND headers in 1366 /usr/local/include (resolv.h, etc) you *should* be adding -lresolv 1367 to LIBS. Data structures may change and you'd be asking for a 1368 core dump. 1369 1370 A number of problems have been reported regarding the Linux 2.2.0 1371 kernel. So far, these problems have been tracked down to syslog() 1372 and DNS resolution. We believe the problem is with the poll() 1373 implementation in the Linux 2.2.0 kernel and poll()-aware versions 1374 of glib (at least up to 2.0.111). 1375 1376glibc 1377 glibc 2.2.1 (and possibly other versions) changed the value of 1378 __RES in resolv.h but failed to actually provide the IPv6 API 1379 changes that the change implied. Therefore, compiling with 1380 -DNETINET6 fails. 1381 1382 Workarounds: 1383 1) Compile without -DNETINET6 1384 2) Build against a real BIND 8.2.2 include/lib tree 1385 3) Wait for glibc to fix it 1386 1387AIX 4.X 1388 The AIX 4.X linker uses library paths specified during compilation 1389 using -L for run-time shared library searches. Therefore, it is 1390 vital that relative and unsafe directory paths not be using when 1391 compiling sendmail. Because of this danger, by default, compiles 1392 on AIX use the -blibpath option to limit shared libraries to 1393 /usr/lib and /lib. If you need to allow more directories, such as 1394 /usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4, 1395 site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS 1396 appropriately. For example: 1397 1398 define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib') 1399 1400 Be sure to only add (safe) system directories. 1401 1402 The AIX version of GNU ld also exhibits this problem. If you are 1403 using that version, instead of -blibpath, use its -rpath option. 1404 For example: 1405 1406 gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib 1407 1408AIX 4.X If the test program t-event (and most others) in libsm fails, 1409 check your compiler settings. It seems that the flags -qnoro or 1410 -qnoroconst on some AIX versions trigger a compiler bug. Check 1411 your compiler settings or use cc instead of xlc. 1412 1413AIX 4.0-4.2, maybe some AIX 4.3 versions 1414 The AIX m4 implements a different mechanism for ifdef which is 1415 inconsistent with other versions of m4. Therefore, it will not 1416 work properly with the sendmail Build architecture or m4 1417 configuration method. To work around this problem, please use 1418 GNU m4 from ftp://ftp.gnu.org/pub/gnu/. 1419 The problem seems to be solved in AIX 4.3.3 at least. 1420 1421AIX 4.3.3 1422 From: Valdis.Kletnieks@vt.edu 1423 Date: Sun, 02 Jul 2000 03:58:02 -0400 1424 1425 Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the 1426 BIND 8.2.2 security holes, you can no longer build with -DNETINET6 1427 because they changed the value of __RES in resolv.h but failed to 1428 actually provide the API changes that the change implied. 1429 1430 Workarounds: 1431 1) Compile without -DNETINET6 1432 2) Build against a real BIND 8.2.2 include/lib tree 1433 3) Wait for IBM to fix it 1434 1435AIX 3.x 1436 This version of sendmail does not support MB, MG, and MR resource 1437 records, which are supported by AIX sendmail. 1438 1439 Several people have reported that the IBM-supplied named returns 1440 fairly random results -- the named should be replaced. It is not 1441 necessary to replace the resolver, which will simplify installation. 1442 A new BIND resolver can be found at http://www.isc.org/isc/. 1443 1444AIX 3.1.x 1445 The supplied load average code only works correctly for AIX 3.2.x. 1446 For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor'' 1447 package by Jussi Maki <jmaki@hut.fi> from ftp.funet.fi in the 1448 directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd 1449 daemon, and the getloadavg subroutine supplied with that package. 1450 If you don't care about load average throttling, just turn off 1451 load average checking using -DLA_TYPE=LA_ZERO. 1452 1453RISC/os 1454 RISC/os from MIPS is a merged AT&T/Berkeley system. When you 1455 compile on that platform you will get duplicate definitions 1456 on many files. You can ignore these. 1457 1458System V Release 4 Based Systems 1459 There is a single devtools OS that is intended for all SVR4-based 1460 systems (built from devtools/OS/SVR4). It defines __svr4__, 1461 which is predefined by some compilers. If your compiler already 1462 defines this compile variable, you can delete the definition from 1463 the generated Makefile or create a devtools/Site/site.config.m4 1464 file. 1465 1466 It's been tested on Dell Issue 2.2. 1467 1468DELL SVR4 1469 Date: Mon, 06 Dec 1993 10:42:29 EST 1470 From: "Kimmo Suominen" <kim@grendel.lut.fi> 1471 Message-ID: <2d0352f9.lento29@lento29.UUCP> 1472 To: eric@cs.berkeley.edu 1473 Cc: sendmail@cs.berkeley.edu 1474 Subject: Notes for DELL SVR4 1475 1476 Eric, 1477 1478 Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4. I ran 1479 across these things when helping out some people who contacted me by 1480 e-mail. 1481 1482 1) Use gcc 2.4.5 (or later?). Dell distributes gcc 2.1 with their 1483 Issue 2.2 Unix. It is too old, and gives you problems with 1484 clock.c, because sigset_t won't get defined in <sys/signal.h>. 1485 This is due to a problematic protection rule in there, and is 1486 fixed with gcc 2.4.5. 1487 1488 2) If you don't use the new Berkeley DB (-DNEWDB), then you need 1489 to add "-lc -lucb" to the libraries to link with. This is because 1490 the -ldbm distributed by Dell needs the bcopy, bcmp and bzero 1491 functions. It is important that you specify both libraries in 1492 the given order to be sure you only get the BSTRING functions 1493 from the UCB library (and not the signal routines etc.). 1494 1495 3) Don't leave out "-lelf" even if compiling with "-lc -lucb". 1496 The UCB library also has another copy of the nlist routines, 1497 but we do want the ones from "-lelf". 1498 1499 If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they 1500 can use anonymous ftp to fetch them from lut.fi in the /kim directory. 1501 They are copies of what I use on grendel.lut.fi, and offering them 1502 does not imply that I would also support them. I have sent the DB 1503 port for SVR4 back to Keith Bostic for inclusion in the official 1504 distribution, but I haven't heard anything from him as of today. 1505 1506 - gcc-2.4.5-svr4.tar.gz (gcc 2.4.5 and the corresponding libg++) 1507 - db-1.72.tar.gz (with source, objects and a installed copy) 1508 1509 Cheers 1510 + Kim 1511 -- 1512 * Kimmo.Suominen@lut.fi * SysVr4 enthusiast at GRENDEL.LUT.FI * 1513 * KIM@FINFILES.BITNET * Postmaster and Hostmaster at LUT.FI * 1514 * + 358 200 865 718 * Unix area moderator at NIC.FUNET.FI * 1515 1516ConvexOS 10.1 and below 1517 In order to use the name server, you must create the file 1518 /etc/use_nameserver. If this file does not exist, the call 1519 to res_init() will fail and you will have absolutely no 1520 access to DNS, including MX records. 1521 1522Amdahl UTS 2.1.5 1523 In order to get UTS to work, you will have to port BIND 4.9. 1524 The vendor's BIND is reported to be ``totally inadequate.'' 1525 See sendmail/contrib/AmdahlUTS.patch for the patches necessary 1526 to get BIND 4.9 compiled for UTS. 1527 1528UnixWare 1529 According to Alexander Kolbasov <sasha@unitech.gamma.ru>, 1530 the m4 on UnixWare 2.0 (still in Beta) will core dump on the 1531 config files. GNU m4 and the m4 from UnixWare 1.x both work. 1532 1533 According to Larry Rosenman <ler@lerami.lerctr.org>: 1534 1535 UnixWare 2.1.[23]'s m4 chokes (not obviously) when 1536 processing the 8.9.0 cf files. 1537 1538 I had a LOCAL_RULE_0 that wound up AFTER the 1539 SBasic_check_rcpt rules using the SCO supplied M4. 1540 GNU M4 works fine. 1541 1542UNICOS 8.0.3.4 1543 Some people have reported that the -O flag on UNICOS can cause 1544 problems. You may want to turn this off if you have problems 1545 running sendmail. Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>. 1546 1547Darwin/Mac OS X (10.X.X) 1548 The linker errors produced regarding getopt() and its associated 1549 variables can safely be ignored. 1550 1551 From Mike Zimmerman <zimmy@torrentnet.com>: 1552 1553 From scratch here is what Darwin users need to do to the standard 1554 10.0.0, 10.0.1 install to get sendmail working. 1555 From http://www.macosx.com/forums/showthread.php?s=6dac0e9e1f3fd118a4870a8a9b559491&threadid=2242: 1556 1. chmod g-w / /private /private/etc 1557 2. Properly set HOSTNAME in /etc/hostconfig to your FQDN: 1558 HOSTNAME=-my.domain.com- 1559 3. Edit /etc/rc.boot: 1560 hostname my.domain.com 1561 domainname domain.com 1562 4. Edit /System/Library/StartupItems/Sendmail/Sendmail: 1563 Remove the "&" after the sendmail command: 1564 /usr/sbin/sendmail -bd -q1h 1565 1566 From Carsten Klapp <carsten.klapp@home.com>: 1567 1568 The easiest workaround is to remove the group-writable permission 1569 for the root directory and the symbolic /etc inherits this 1570 change. While this does fix sendmail, the unfortunate side-effect 1571 is the OS X admin will no longer be able to manipulate icons in the 1572 top level of the Startup disk unless logged into the GUI as the 1573 superuser. 1574 1575 In applying the alternate workaround, care must be taken while 1576 swapping the symlink /etc with the directory /private/etc. In all 1577 likelihood any admin who is concerned with this sendmail error has 1578 enough experience to not accidentally harm anything in the process. 1579 1580 a. Swap the /etc symlink with /private/etc (as superuser): 1581 rm /etc 1582 mv /private/etc /etc 1583 ln -s /etc /private/etc 1584 1585 b. Set / to group unwritable (as superuser): 1586 chmod g-w / 1587 1588Darwin/Mac OS X (10.1.5) 1589 Apple's upgrade to sendmail 8.12 is incorrectly configured. You 1590 will need to manually fix it up by doing the following: 1591 1592 1. chown smmsp:smmsp /var/spool/clientmqueue 1593 2. chmod 2770 /var/spool/clientmqueue 1594 3. chgrp smmsp /usr/sbin/sendmail 1595 4. chmod g+s /usr/sbin/sendmail 1596 1597 From Daniel J. Luke <dluke@geeklair.net>: 1598 1599 It appears that setting the sendmail.cf property in 1600 /locations/sendmail in NetInfo on Mac OS X 10.1.5 with sendmail 1601 8.12.4 causes 'bad things' to happen. 1602 1603 Specifically sendmail instances that should be getting their config 1604 from /etc/mail/submit.cf don't (so mail/mutt/perl scripts which 1605 open pipes to sendmail stop working as sendmail tries to write to 1606 /var/spool/mqueue and cannot as sendmail is no longer suid root). 1607 1608 Removing the entry from NetInfo fixes this problem. 1609 1610GNU getopt 1611 I'm told that GNU getopt has a problem in that it gets confused 1612 by the double call. Use the version in conf.c instead. 1613 1614BIND 4.9.2 and Ultrix 1615 If you are running on Ultrix, be sure you read conf/Info.Ultrix 1616 in the BIND distribution very carefully -- there is information 1617 in there that you need to know in order to avoid errors of the 1618 form: 1619 1620 /lib/libc.a(gethostent.o): sethostent: multiply defined 1621 /lib/libc.a(gethostent.o): endhostent: multiply defined 1622 /lib/libc.a(gethostent.o): gethostbyname: multiply defined 1623 /lib/libc.a(gethostent.o): gethostbyaddr: multiply defined 1624 1625 during the link stage. 1626 1627BIND 8.X 1628 BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary 1629 DNS failures when trying to find the hostname associated with an IP 1630 address (gethostbyaddr()). This can cause problems as 1631 $&{client_name} based lookups in class R ($=R) and the access 1632 database won't succeed. 1633 1634 This will be fixed in BIND 8.2.1. For earlier versions, this can 1635 be fixed by making "dns" the last name service queried for host 1636 resolution in /etc/irs.conf: 1637 1638 hosts local continue 1639 hosts dns 1640 1641strtoul 1642 Some compilers (notably gcc) claim to be ANSI C but do not 1643 include the ANSI-required routine "strtoul". If your compiler 1644 has this problem, you will get an error in srvrsmtp.c on the 1645 code: 1646 1647 # ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY) 1648 e->e_msgsize = strtoul(vp, (char **) NULL, 10); 1649 # else 1650 e->e_msgsize = strtol(vp, (char **) NULL, 10); 1651 # endif 1652 1653 You can use -DBROKEN_ANSI_LIBRARY to get around this problem. 1654 1655Listproc 6.0c 1656 Date: 23 Sep 1995 23:56:07 GMT 1657 Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk> 1658 From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz) 1659 Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint] 1660 1661 Just upgraded to sendmail 8.7, and discovered that listproc 6.0c 1662 breaks, because it, by default, sends a blank "HELO" rather than 1663 a "HELO hostname" when using the 'system' or 'telnet' mail method. 1664 1665 The fix is to include -DZMAILER in the compilation, which will 1666 cause it to use "HELO hostname" (which Z-mail apparently requires 1667 as well. :) 1668 1669OpenSSL 1670 OpenSSL versions prior to 0.9.6 use a macro named Free which 1671 conflicts with existing macro names on some platforms, such as 1672 AIX. 1673 Do not use 0.9.3, but OpenSSL 0.9.5a or later if compatible with 1674 0.9.5a. 1675 1676PH 1677 PH support is provided by Mark Roth <roth@uiuc.edu>. The map is 1678 described at http://www-dev.cites.uiuc.edu/sendmail/ . 1679 1680 NOTE: The "spacedname" pseudo-field which was used by earlier 1681 versions of the PH map code is no longer supported! See the URL 1682 listed above for more information. 1683 1684 Please contact Mark Roth for support and questions regarding the 1685 map. 1686 1687TCP Wrappers 1688 If you are using -DTCPWRAPPERS to get TCP Wrappers support you will 1689 also need to install libwrap.a and modify your site.config.m4 file 1690 or the generated Makefile to include -lwrap in the LIBS line 1691 (make sure that INCDIRS and LIBDIRS point to where the tcpd.h and 1692 libwrap.a can be found). 1693 1694 TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/. 1695 1696 If you have alternate MX sites for your site, be sure that all of 1697 your MX sites reject the same set of hosts. If not, a bad guy whom 1698 you reject will connect to your site, fail, and move on to the next 1699 MX site, which will accept the mail for you and forward it on to you. 1700 1701Regular Expressions (MAP_REGEX) 1702 If sendmail linking fails with: 1703 1704 undefined reference to 'regcomp' 1705 1706 or sendmail gives an error about a regular expression with: 1707 1708 pattern-compile-error: : Operation not applicable 1709 1710 Your libc does not include a running version of POSIX-regex. Use 1711 librx or regex.o from the GNU Free Software Foundation, 1712 ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or 1713 ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz. 1714 You can also use the regex-lib by Henry Spencer, 1715 ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz 1716 Make sure, your compiler reads regex.h from the distribution, 1717 not from /usr/include, otherwise sendmail will dump a core. 1718 1719Fedora Core 5, 64 bit version 1720 If the ld stage fails with undefined functions like 1721 __res_querydomain, __dn_expand 1722 then add these lines to devtools/Site/site.config.m4 1723 1724 APPENDDEF(`confLIBDIRS', `-L/usr/lib64') 1725 APPENDDEF(`confINCDIRS', `-I/usr/include/bind9') 1726 1727 and rebuild (sh ./Build -c). 1728 1729 Problem noted by Daniel Krones, solution suggested by 1730 Anthony Howe. 1731 1732+--------------+ 1733| MANUAL PAGES | 1734+--------------+ 1735 1736The manual pages have been written against the -man macros, and 1737should format correctly with any reasonable *roff. 1738 1739 1740+-----------------+ 1741| DEBUGGING HOOKS | 1742+-----------------+ 1743 1744As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log 1745some debugging output (logged at LOG_DEBUG severity). The 1746information dumped is: 1747 1748 * The value of the $j macro. 1749 * A warning if $j is not in the set $=w. 1750 * A list of the open file descriptors. 1751 * The contents of the connection cache. 1752 * If ruleset 89 is defined, it is evaluated and the results printed. 1753 1754This allows you to get information regarding the runtime state of the 1755daemon on the fly. This should not be done too frequently, since 1756the process of rewriting may lose memory which will not be recovered. 1757Also, ruleset 89 may call non-reentrant routines, so there is a small 1758non-zero probability that this will cause other problems. It is 1759really only for debugging serious problems. 1760 1761A typical formulation of ruleset 89 would be: 1762 1763 R$* $@ $>0 some test address 1764 1765 1766+-----------------------------+ 1767| DESCRIPTION OF SOURCE FILES | 1768+-----------------------------+ 1769 1770The following list describes the files in this directory: 1771 1772Build Shell script for building sendmail. 1773Makefile A convenience for calling ./Build. 1774Makefile.m4 A template for constructing a makefile based on the 1775 information in the devtools directory. 1776README This file. 1777TRACEFLAGS My own personal list of the trace flags -- not guaranteed 1778 to be particularly up to date. 1779alias.c Does name aliasing in all forms. 1780aliases.5 Man page describing the format of the aliases file. 1781arpadate.c A subroutine which creates ARPANET standard dates. 1782bf.c Routines to implement memory-buffered file system using 1783 hooks provided by libsm now (formerly Torek stdio library). 1784bf.h Buffered file I/O function declarations and 1785 data structure and function declarations for bf.c. 1786collect.c The routine that actually reads the mail into a temp 1787 file. It also does a certain amount of parsing of 1788 the header, etc. 1789conf.c The configuration file. This contains information 1790 that is presumed to be quite static and non- 1791 controversial, or code compiled in for efficiency 1792 reasons. Most of the configuration is in sendmail.cf. 1793conf.h Configuration that must be known everywhere. 1794control.c Routines to implement control socket. 1795convtime.c A routine to sanely process times. 1796daemon.c Routines to implement daemon mode. 1797deliver.c Routines to deliver mail. 1798domain.c Routines that interface with DNS (the Domain Name 1799 System). 1800envelope.c Routines to manipulate the envelope structure. 1801err.c Routines to print error messages. 1802headers.c Routines to process message headers. 1803helpfile An example helpfile for the SMTP HELP command and -bt mode. 1804macro.c The macro expander. This is used internally to 1805 insert information from the configuration file. 1806mailq.1 Man page for the mailq command. 1807main.c The main routine to sendmail. This file also 1808 contains some miscellaneous routines. 1809makesendmail A convenience for calling ./Build. 1810map.c Support for database maps. 1811mci.c Routines that handle mail connection information caching. 1812milter.c MTA portions of the mail filter API. 1813mime.c MIME conversion routines. 1814newaliases.1 Man page for the newaliases command. 1815parseaddr.c The routines which do address parsing. 1816queue.c Routines to implement message queueing. 1817readcf.c The routine that reads the configuration file and 1818 translates it to internal form. 1819recipient.c Routines that manipulate the recipient list. 1820sasl.c Routines to interact with Cyrys-SASL. 1821savemail.c Routines which save the letter on processing errors. 1822sendmail.8 Man page for the sendmail command. 1823sendmail.h Main header file for sendmail. 1824sfsasl.c I/O interface between SASL/TLS and the MTA. 1825sfsasl.h Header file for sfsasl.c. 1826shmticklib.c Routines for shared memory counters. 1827sm_resolve.c Routines for DNS lookups (for DNS map type). 1828sm_resolve.h Header file for sm_resolve.c. 1829srvrsmtp.c Routines to implement server SMTP. 1830stab.c Routines to manage the symbol table. 1831stats.c Routines to collect and post the statistics. 1832statusd_shm.h Data structure and function declarations for shmticklib.c. 1833sysexits.c List of error messages associated with error codes 1834 in sysexits.h. 1835sysexits.h List of error codes for systems that lack their own. 1836timers.c Routines to provide microtimers. 1837timers.h Data structure and function declarations for timers.h. 1838tls.c Routines for TLS. 1839trace.c The trace package. These routines allow setting and 1840 testing of trace flags with a high granularity. 1841udb.c The user database interface module. 1842usersmtp.c Routines to implement user SMTP. 1843util.c Some general purpose routines used by sendmail. 1844version.c The version number and information about this 1845 version of sendmail. 1846 1847(Version $Revision: 8.389 $, last update $Date: 2006/05/02 16:58:50 $ ) 1848