xref: /freebsd/contrib/sendmail/src/README (revision f0a75d274af375d15b97b830966b99a02b7db911)
1# Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
2#	All rights reserved.
3# Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
4# Copyright (c) 1988
5#	The Regents of the University of California.  All rights reserved.
6#
7# By using this file, you agree to the terms and conditions set
8# forth in the LICENSE file which can be found at the top level of
9# the sendmail distribution.
10#
11#
12#	$Id: README,v 8.389 2006/05/02 16:58:50 ca Exp $
13#
14
15This directory contains the source files for sendmail(TM).
16
17   *******************************************************************
18   !! Read sendmail/SECURITY for important installation information !!
19   *******************************************************************
20
21	**********************************************************
22	**  Read below for more details on building sendmail.	**
23	**********************************************************
24
25**************************************************************************
26**  IMPORTANT:  Read the appropriate paragraphs in the section on	**
27**  ``Operating System and Compile Quirks''.				**
28**************************************************************************
29
30For detailed instructions, please read the document ../doc/op/op.me:
31
32	cd ../doc/op ; make op.ps op.txt
33
34Sendmail is a trademark of Sendmail, Inc.
35
36
37+-------------------+
38| BUILDING SENDMAIL |
39+-------------------+
40
41By far, the easiest way to compile sendmail is to use the "Build"
42script:
43
44	sh Build
45
46This uses the "uname" command to figure out what architecture you are
47on and creates a proper Makefile accordingly.  It also creates a
48subdirectory per object format, so that multiarchitecture support is
49easy.  In general this should be all you need.  IRIX 6.x users should
50read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section.
51
52If you need to look at other include or library directories, use the
53-I or -L flags on the command line, e.g.,
54
55	sh Build -I/usr/sww/include -L/usr/sww/lib
56
57It's also possible to create local site configuration in the file
58site.config.m4 (or another file settable with the -f flag).  This
59file contains M4 definitions for various compilation values; the
60most useful are:
61
62confMAPDEF	-D flags to specify database types to be included
63		(see below)
64confENVDEF	-D flags to specify other environment information
65confINCDIRS	-I flags for finding include files during compilation
66confLIBDIRS	-L flags for finding libraries during linking
67confLIBS	-l flags for selecting libraries during linking
68confLDOPTS	other ld(1) linker options
69
70Others can be found by examining Makefile.m4.  Please read
71../devtools/README for more information about the site.config.m4
72file.
73
74You can recompile from scratch using the -c flag with the Build
75command.  This removes the existing compilation directory for the
76current platform and builds a new one.  The -c flag must also
77be used if any site.*.m4 file in devtools/Site/ is changed.
78
79Porting to a new Unix-based system should be a matter of creating
80an appropriate configuration file in the devtools/OS/ directory.
81
82
83+----------------------+
84| DATABASE DEFINITIONS |
85+----------------------+
86
87There are several database formats that can be used for the alias files
88and for general maps.  When used for alias files they interact in an
89attempt to be backward compatible.
90
91The options are:
92
93NEWDB		The new Berkeley DB package.  Some systems (e.g., BSD/OS and
94		Digital UNIX 4.0) have some version of this package
95		pre-installed.  If your system does not have Berkeley DB
96		pre-installed, or the version installed is not version 2.0
97		or greater (e.g., is Berkeley DB 1.85 or 1.86), get the
98		current version from http://www.sleepycat.com/.  DO NOT
99		use a version from any of the University of California,
100		Berkeley "Net" or other distributions.  If you are still
101		running BSD/386 1.x, you will need to upgrade the included
102		Berkeley DB library to a current version.  NEWDB is included
103		automatically if the Build script can find a library named
104		libdb.a or libdb.so.
105		See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley
106		DB versions, e.g., DB 4.1.x.
107NDBM		The older NDBM implementation -- the very old V7 DBM
108		implementation is no longer supported.
109NIS		Network Information Services.  To use this you must have
110		NIS support on your system.
111NISPLUS		NIS+ (the revised NIS released with Solaris 2).  You must
112		have NIS+ support on your system to use this flag.
113HESIOD		Support for Hesiod (from the DEC/Athena distribution).  You
114		must already have Hesiod support on your system for this to
115		work.  You may be able to get this to work with the MIT/Athena
116		version of Hesiod, but that's likely to be a lot of work.
117		BIND 8.X also includes Hesiod support.
118LDAPMAP		Lightweight Directory Access Protocol support.  You will
119		have to install the UMich or OpenLDAP
120		(http://www.openldap.org/) ldap and lber libraries to use
121		this flag.
122MAP_REGEX	Regular Expression support.  You will need to use an
123		operating system which comes with the POSIX regex()
124		routines or install a regexp library such as libregex from
125		the Free Software Foundation.
126DNSMAP		DNS map support.  Requires NAMED_BIND.
127PH_MAP		PH map support.  You will need the libphclient library from
128		the nph package (http://www-dev.cites.uiuc.edu/ph/nph/).
129MAP_NSD		nsd map support (IRIX 6.5 and later).
130SOCKETMAP	Support for a trivial query protocol over UNIX domain or TCP
131		sockets.
132
133>>>  NOTE WELL for NEWDB support: If you want to get ndbm support, for
134>>>  Berkeley DB versions under 2.0, it is CRITICAL that you remove
135>>>  ndbm.o from libdb.a before you install it and DO NOT install ndbm.h;
136>>>  for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a
137>>>  before you install it.  If you don't delete these, there is absolutely
138>>>  no point to including -DNDBM, since it will just get you another
139>>>  (inferior) API to the same format database.  These files OVERRIDE
140>>>  calls to ndbm routines -- in particular, if you leave ndbm.h in,
141>>>  you can find yourself using the new db package even if you don't
142>>>  define NEWDB.  Berkeley DB versions later than 2.3.14 do not need
143>>>  to be modified.  Please also consult the README in the top level
144>>>  directory of the sendmail distribution for other important information.
145>>>
146>>>  Further note: DO NOT remove your existing /usr/include/ndbm.h --
147>>>  you need that one.  But do not install an updated ndbm.h in
148>>>  /usr/include, /usr/local/include, or anywhere else.
149
150If NEWDB and NDBM are defined (but not NIS), then sendmail will read
151NDBM format alias files, but the next time a newaliases is run the
152format will be converted to NEWDB; that format will be used forever
153more.  This is intended as a transition feature.
154
155If NEWDB, NDBM, and NIS are all defined and the name of the file includes
156the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format
157alias files.  However, it will only read the NEWDB file; the NDBM format
158file is used only by the NIS subsystem.  This is needed because the NIS
159maps on an NIS server are built directly from the NDBM files.
160
161If NDBM and NIS are defined (regardless of the definition of NEWDB),
162and the filename includes the string "/yp/", sendmail adds the special
163tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
164required if the NDBM file is to be used as an NIS map.
165
166All of these flags are normally defined in a confMAPDEF setting in your
167site.config.m4.
168
169If you define NEWDB or HESIOD you get the User Database (USERDB)
170automatically.  Generally you do want to have NEWDB for it to do
171anything interesting.  See above for getting the Berkeley DB
172package (i.e., NEWDB).  There is no separate "user database"
173package -- don't bother searching for it on the net.
174
175Hesiod and LDAP require libraries that may not be installed with your
176system.  These are outside of my ability to provide support.  See the
177"Quirks" section for more information.
178
179The regex map can be used to see if an address matches a certain regular
180expression.  For example, all-numerics local parts are common spam
181addresses, so "^[0-9]+$" would match this.  By using such a map in a
182check_* rule-set, you can block a certain range of addresses that would
183otherwise be considered valid.
184
185The socket map uses a simple request/reply protocol over TCP or
186UNIX domain sockets to query an external server. Both requests and
187replies are text based and encoded as netstrings.  The socket map
188uses the same syntax as milters the specify the remote endpoint,
189e.g.:
190
191Ksocket mySocketMap inet:12345@127.0.0.1
192
193See doc/op/op.me for details.
194
195+---------------+
196| COMPILE FLAGS |
197+---------------+
198
199Wherever possible, I try to make sendmail pull in the correct
200compilation options needed to compile on various environments based on
201automatically defined symbols.  Some machines don't seem to have useful
202symbols available, requiring that a compilation flag be defined in
203the Makefile; see the devtools/OS subdirectory for the supported
204architectures.
205
206If you are a system to which sendmail has already been ported you
207should not have to touch the following symbols.  But if you are porting,
208you may have to tweak the following compilation flags in conf.h in order
209to get it to compile and link properly:
210
211SYSTEM5		Adjust for System V (not necessarily Release 4).
212SYS5SIGNALS	Use System V signal semantics -- the signal handler
213		is automatically dropped when the signal is caught.
214		If this is not set, use POSIX/BSD semantics, where the
215		signal handler stays in force until an exec or an
216		explicit delete.  Implied by SYSTEM5.
217SYS5SETPGRP	Use System V setpgrp() semantics.  Implied by SYSTEM5.
218HASNICE		Define this to zero if you lack the nice(2) system call.
219HASRRESVPORT	Define this to zero if you lack the rresvport(3) system call.
220HASFCHMOD	Define this to one if you have the fchmod(2) system call.
221		This improves security.
222HASFCHOWN	Define this to one if you have the fchown(2) system call.
223		This is required for the TrustedUser option if sendmail
224		must rebuild an (alias) map.
225HASFLOCK	Set this if you prefer to use the flock(2) system call
226		rather than using fcntl-based locking.  Fcntl locking
227		has some semantic gotchas, but many vendor systems
228		also interface it to lockd(8) to do NFS-style locking.
229		Unfortunately, may vendors implementations of fcntl locking
230		is just plain broken (e.g., locks are never released,
231		causing your sendmail to deadlock; when the kernel runs
232		out of locks your system crashes).  For this reason, I
233		recommend always defining this unless you are absolutely
234		certain that your fcntl locking implementation really works.
235HASUNAME	Set if you have the "uname" system call.  Implied by
236		SYSTEM5.
237HASUNSETENV	Define this if your system library has the "unsetenv"
238		subroutine.
239HASSETSID	Define this if you have the setsid(2) system call.  This
240		is implied if your system appears to be POSIX compliant.
241HASINITGROUPS	Define this if you have the initgroups(3) routine.
242HASSETVBUF	Define this if you have the setvbuf(3) library call.
243		If you don't, setlinebuf will be used instead.  This
244		defaults on if your compiler defines __STDC__.
245HASSETREUID	Define this if you have setreuid(2) ***AND*** root can
246		use setreuid to change to an arbitrary user.  This second
247		condition is not satisfied on AIX 3.x.  You may find that
248		your system has setresuid(2), (for example, on HP-UX) in
249		which case you will also have to #define setreuid(r, e)
250		to be the appropriate call.  Some systems (such as Solaris)
251		have a compatibility routine that doesn't work properly,
252		but may have "saved user ids" properly implemented so you
253		can ``#define setreuid(r, e) seteuid(e)'' and have it work.
254		The important thing is that you have a call that will set
255		the effective uid independently of the real or saved uid
256		and be able to set the effective uid back again when done.
257		There's a test program in ../test/t_setreuid.c that will
258		try things on your system.  Setting this improves the
259		security, since sendmail doesn't have to read .forward
260		and :include: files as root.  There are certain attacks
261		that may be unpreventable without this call.
262USESETEUID	Define this to 1 if you have a seteuid(2) system call that
263		will allow root to set only the effective user id to an
264		arbitrary value ***AND*** you have saved user ids.  This is
265		preferable to HASSETREUID if these conditions are fulfilled.
266		These are the semantics of the to-be-released revision of
267		Posix.1.  The test program ../test/t_seteuid.c will try
268		this out on your system.  If you define both HASSETREUID
269		and USESETEUID, the former is ignored.
270HASSETEGID	Define this if you have setegid(2) and it can be
271		used to set the saved gid.  Please run t_dropgid in
272		test/ if you are not sure whether the call works.
273HASSETREGID	Define this if you have setregid(2) and it can be
274		used to set the saved gid.  Please run t_dropgid in
275		test/ if you are not sure whether the call works.
276HASSETRESGID	Define this if you have setresgid(2) and it can be
277		used to set the saved gid.  Please run t_dropgid in
278		test/ if you are not sure whether the call works.
279HASLSTAT	Define this if you have symbolic links (and thus the
280		lstat(2) system call).  This improves security.  Unlike
281		most other options, this one is on by default, so you
282		need to #undef it in conf.h if you don't have symbolic
283		links (these days everyone does).
284HASSETRLIMIT	Define this to 1 if you have the setrlimit(2) syscall.
285		You can define it to 0 to force it off.  It is assumed
286		if you are running a BSD-like system.
287HASULIMIT	Define this if you have the ulimit(2) syscall (System V
288		style systems).  HASSETRLIMIT overrides, as it is more
289		general.
290HASWAITPID	Define this if you have the waitpid(2) syscall.
291HASGETDTABLESIZE
292		Define this if you have the getdtablesize(2) syscall.
293HAS_ST_GEN	Define this to 1 if your system has the st_gen field in
294		the stat structure (see stat(2)).
295HASSRANDOMDEV	Define this if your system has the srandomdev(3) function
296		call.
297HASURANDOMDEV	Define this if your system has /dev/urandom(4).
298HASSTRERROR	Define this if you have the libc strerror(3) function (which
299		should be declared in <errno.h>), and it should be used
300		instead of sys_errlist.
301HASCLOSEFROM	Define this if your system has closefrom(3).
302HASFDWALK	Define this if your system has fdwalk(3).
303SM_CONF_GETOPT	Define this as 0 if you need a reimplementation of getopt(3).
304		On some systems, getopt does very odd things if called
305		to scan the arguments twice.  This flag will ask sendmail
306		to compile in a local version of getopt that works
307		properly.  You may also need this if you build with
308		another library that introduces a non-standard getopt(3).
309NEEDSTRTOL	Define this if your standard C library does not define
310		strtol(3).  This will compile in a local version.
311NEEDFSYNC	Define this if your standard C library does not define
312		fsync(2).  This will try to simulate the operation using
313		fcntl(2); if that is not available it does nothing, which
314		isn't great, but at least it compiles and runs.
315HASGETUSERSHELL	Define this to 1 if you have getusershell(3) in your
316		standard C library.  If this is not defined, or is defined
317		to be 0, sendmail will scan the /etc/shells file (no
318		NIS-style support, defaults to /bin/sh and /bin/csh if
319		that file does not exist) to get a list of unrestricted
320		user shells.  This is used to determine whether users
321		are allowed to forward their mail to a program or a file.
322NEEDPUTENV	Define this if your system needs am emulation of the
323		putenv(3) call.  Define to 1 to implement it in terms
324		of setenv(3) or to 2 to do it in terms of primitives.
325NOFTRUNCATE	Define this if you don't have the ftruncate(2) syscall.
326		If you don't have this system call, there is an unavoidable
327		race condition that occurs when creating alias databases.
328GIDSET_T	The type of entries in a gidset passed as the second
329		argument to getgroups(2).  Historically this has been an
330		int, so this is the default, but some systems (such as
331		IRIX) pass it as a gid_t, which is an unsigned short.
332		This will make a difference, so it is important to get
333		this right!  However, it is only an issue if you have
334		group sets.
335SLEEP_T		The type returned by the system sleep() function.
336		Defaults to "unsigned int".  Don't worry about this
337		if you don't have compilation problems.
338ARBPTR_T	The type of an arbitrary pointer -- defaults to "void *".
339		If you are an very old compiler you may need to define
340		this to be "char *".
341SOCKADDR_LEN_T	The type used for the third parameter to accept(2),
342		getsockname(2), and getpeername(2), representing the
343		length of a struct sockaddr.  Defaults to int.
344SOCKOPT_LEN_T	The type used for the fifth parameter to getsockopt(2)
345		and setsockopt(2), representing the length of the option
346		buffer.  Defaults to int.
347LA_TYPE		The type of load average your kernel supports.  These
348		can be one of:
349		 LA_ZERO (1) -- it always returns the load average as
350			"zero" (and does so on all architectures).
351		 LA_INT (2) to read /dev/kmem for the symbol avenrun and
352			interpret as a long integer.
353		 LA_FLOAT (3) same, but interpret the result as a floating
354			point number.
355		 LA_SHORT (6) to interpret as a short integer.
356		 LA_SUBR (4) if you have the getloadavg(3) routine in your
357			system library.
358		 LA_MACH (5) to use MACH-style load averages (calls
359			processor_set_info()),
360		 LA_PROCSTR (7) to read /proc/loadavg and interpret it
361			as a string representing a floating-point
362			number (Linux-style).
363		 LA_READKSYM (8) is an implementation suitable for some
364			versions of SVr4 that uses the MIOC_READKSYM ioctl
365			call to read /dev/kmem.
366		 LA_DGUX (9) is a special implementation for DG/UX that uses
367			the dg_sys_info system call.
368		 LA_HPUX (10) is an HP-UX specific version that uses the
369			pstat_getdynamic system call.
370		 LA_IRIX6 (11) is an IRIX 6.x specific version that adapts
371			to 32 or 64 bit kernels; it is otherwise very similar
372			to LA_INT.
373		 LA_KSTAT (12) uses the (Solaris-specific) kstat(3k)
374			implementation.
375		 LA_DEVSHORT (13) reads a short from a system file (default:
376			/dev/table/avenrun) and scales it in the same manner
377			as LA_SHORT.
378		 LA_LONGLONG (17) to read /dev/kmem for the symbol avenrun and
379			interpret as a long long integer (e.g., for 64 bit
380			systems).
381		LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several
382		other parameters that they try to divine: the name of your
383		kernel, the name of the variable in the kernel to examine,
384		the number of bits of precision in a fixed point load average,
385		and so forth.  LA_DEVSHORT uses _PATH_AVENRUN to find the
386		device to be read to find the load average.
387		In desperation, use LA_ZERO.  The actual code is in
388		conf.c -- it can be tweaked if you are brave.
389FSHIFT		For LA_INT, LA_SHORT, and LA_READKSYM, this is the number
390		of bits of load average after the binary point -- i.e.,
391		the number of bits to shift right in order to scale the
392		integer to get the true integer load average.  Defaults to 8.
393_PATH_UNIX	The path to your kernel.  Needed only for LA_INT, LA_SHORT,
394		and LA_FLOAT.  Defaults to "/unix" on System V, "/vmunix"
395		everywhere else.
396LA_AVENRUN	For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel
397		variable that holds the load average.  Defaults to "avenrun"
398		on System V, "_avenrun" everywhere else.
399SFS_TYPE	Encodes how your kernel can locate the amount of free
400		space on a disk partition.  This can be set to SFS_NONE
401		(0) if you have no way of getting this information,
402		SFS_USTAT (1) if you have the ustat(2) system call,
403		SFS_4ARGS (2) if you have a four-argument statfs(2)
404		system call (and the include file is <sys/statfs.h>),
405		SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have
406		the two-argument statfs(2) system call with includes in
407		<sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively,
408		or SFS_STATVFS (6) if you have the two-argument statvfs(2)
409		call.  The default if nothing is defined is SFS_NONE.
410SFS_BAVAIL	with SFS_4ARGS you can also set SFS_BAVAIL to the field name
411		in the statfs structure that holds the useful information;
412		this defaults to f_bavail.
413SPT_TYPE	Encodes how your system can display what a process is doing
414		on a ps(1) command (SPT stands for Set Process Title).  Can
415		be set to:
416		SPT_NONE (0) -- Don't try to set the process title at all.
417		SPT_REUSEARGV (1) -- Pad out your argv with the information;
418			this is the default if none specified.
419		SPT_BUILTIN (2) -- The system library has setproctitle.
420		SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2)
421			to set the process title; this is used by HP-UX.
422		SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD).
423		SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6.
424		SPT_SCO (6) -- Write kernel u. area.
425		SPT_CHANGEARGV (7) -- Write pointers to our own strings into
426			the existing argv vector.
427SPT_PADCHAR	Character used to pad the process title; if undefined,
428		the space character (0x20) is used.  This is ignored if
429		SPT_TYPE != SPT_REUSEARGV
430ERRLIST_PREDEFINED
431		If set, assumes that some header file defines sys_errlist.
432		This may be needed if you get type conflicts on this
433		variable -- otherwise don't worry about it.
434WAITUNION	The wait(2) routine takes a "union wait" argument instead
435		of an integer argument.  This is for compatibility with
436		old versions of BSD.
437SCANF		You can set this to extend the F command to accept a
438		scanf string -- this gives you a primitive parser for
439		class definitions -- BUT it can make you vulnerable to
440		core dumps if the target file is poorly formed.
441SYSLOG_BUFSIZE	You can define this to be the size of the buffer that
442		syslog accepts.  If it is not defined, it assumes a
443		1024-byte buffer.  If the buffer is very small (under
444		256 bytes) the log message format changes -- each
445		e-mail message will log many more messages, since it
446		will log each piece of information as a separate line
447		in syslog.
448BROKEN_RES_SEARCH
449		On Ultrix (and maybe other systems?) if you use the
450		res_search routine with an unknown host name, it returns
451		-1 but sets h_errno to 0 instead of HOST_NOT_FOUND.  If
452		you set this, sendmail considers 0 to be the same as
453		HOST_NOT_FOUND.
454NAMELISTMASK	If defined, values returned by nlist(3) are masked
455		against this value before use -- a common value is
456		0x7fffffff to strip off the top bit.
457BSD4_4_SOCKADDR	If defined, socket addresses have an sa_len field that
458		defines the length of this address.
459SAFENFSPATHCONF	Set this to 1 if and only if you have verified that a
460		pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an
461		NFS filesystem where the underlying system allows users to
462		give away files to other users returns <= 0.  Be sure you
463		try both on NFS V2 and V3.  Some systems assume that their
464		local policy apply to NFS servers -- this is a bad
465		assumption!  The test/t_pathconf.c program will try this
466		for you -- you have to run it in a directory that is
467		mounted from a server that allows file giveaway.
468SIOCGIFCONF_IS_BROKEN
469		Set this if your system has an SIOCGIFCONF ioctl defined,
470		but it doesn't behave the same way as "most" systems (BSD,
471		Solaris, SunOS, HP-UX, etc.)
472SIOCGIFNUM_IS_BROKEN
473		Set this if your system has an SIOCGIFNUM ioctl defined,
474		but it doesn't behave the same way as "most" systems
475		(Solaris, HP-UX).
476FAST_PID_RECYCLE
477		Set this if your system can reuse the same PID in the same
478		second.
479SO_REUSEADDR_IS_BROKEN
480		Set this if your system has a setsockopt() SO_REUSEADDR
481		flag but doesn't pay attention to it when trying to bind a
482		socket to a recently closed port.
483NEEDSGETIPNODE	Set this if your system supports IPv6 but doesn't include
484		the getipnodeby{name,addr}() functions.  Set automatically
485		for Linux's glibc.
486PIPELINING	Support SMTP PIPELINING	(set by default).
487USING_NETSCAPE_LDAP
488		Deprecated in favor of SM_CONF_LDAP_MEMFREE.  See
489		libsm/README.
490NEEDLINK	Set this if your system doesn't have a link() call.  It
491		will create a copy of the file instead of a hardlink.
492USE_ENVIRON	Set this to 1 to access process environment variables from
493		the external variable environ instead of the third
494		parameter of main().
495USE_DOUBLE_FORK By default this is on (1).  Set it to 0 to suppress the
496		extra fork() used to avoid intermediate zombies.
497ALLOW_255	Do not convert (char)0xff to (char)0x7f in headers etc.
498		This can also be done at runtime with the command line
499		option -d82.101.
500NEEDINTERRNO	Set this if <errno.h> does not declare errno, i.e., if an
501		application needs to use
502		extern int errno;
503USE_TTYPATH	Set this to 1 to enable ErrorMode=write.
504USESYSCTL	Use sysctl(3) to determine the number of CPUs in a system.
505HASSNPRINTF	Set this to 1 if your OS has a working snprintf(3), i.e.,
506		it properly obeys the size of the buffer and returns the
507		number of characters that would have been printed if the
508		size were unlimited.
509LDAP_REFERRALS	Set this if you want to use the -R flag (do not auto chase
510		referrals) for LDAP maps (requires -DLDAPMAP).
511
512
513+-----------------------+
514| COMPILE-TIME FEATURES |
515+-----------------------+
516
517There are a bunch of features that you can decide to compile in, such
518as selecting various database packages and special protocol support.
519Several are assumed based on other compilation flags -- if you want to
520"un-assume" something, you probably need to edit conf.h.  Compilation
521flags that add support for special features include:
522
523NDBM		Include support for "new" DBM library for aliases and maps.
524		Normally defined in the Makefile.
525NEWDB		Include support for Berkeley DB package (hash & btree)
526		for aliases and maps.  Normally defined in the Makefile.
527		If the version of NEWDB you have is the old one that does
528		not include the "fd" call (this call was added in version
529		1.5 of the Berkeley DB code), you must upgrade to the
530		current version of Berkeley DB.
531NIS		Define this to get NIS (YP) support for aliases and maps.
532		Normally defined in the Makefile.
533NISPLUS		Define this to get NIS+ support for aliases and maps.
534		Normally defined in the Makefile.
535HESIOD		Define this to get Hesiod support for aliases and maps.
536		Normally defined in the Makefile.
537NETINFO		Define this to get NeXT NetInfo support for aliases and maps.
538		Normally defined in the Makefile.
539LDAPMAP		Define this to get LDAP support for maps.
540PH_MAP		Define this to get PH support for maps.
541MAP_NSD		Define this to get nsd support for maps.
542USERDB		Define this to 1 to include support for the User Information
543		Database.  Implied by NEWDB or HESIOD.  You can use
544		-DUSERDB=0 to explicitly turn it off.
545IDENTPROTO	Define this as 1 to get IDENT (RFC 1413) protocol support.
546		This is assumed unless you are running on Ultrix or
547		HP-UX, both of which have a problem in the UDP
548		implementation.  You can define it to be 0 to explicitly
549		turn off IDENT protocol support.  If defined off, the code
550		is actually still compiled in, but it defaults off; you
551		can turn it on by setting the IDENT timeout in the
552		configuration file.
553IP_SRCROUTE	Define this to 1 to get IP source routing information
554		displayed in the Received: header.  This is assumed on
555		most systems, but some (e.g., Ultrix) apparently have a
556		broken version of getsockopt that doesn't properly
557		support the IP_OPTIONS call.  You probably want this if
558		your OS can cope with it.  Symptoms of failure will be that
559		it won't compile properly (that is, no support for fetching
560		IP_OPTIONs), or it compiles but source-routed TCP connections
561		either refuse to open or open and hang for no apparent reason.
562		Ultrix and AIX3 are known to fail this way.
563LOG		Set this to get syslog(3) support.  Defined by default
564		in conf.h.  You want this if at all possible.
565NETINET		Set this to get TCP/IP support.  Defined by default
566		in conf.h.  You probably want this.
567NETINET6	Set this to get IPv6 support.  Other configuration may
568		be needed in conf.h for your particular operating system.
569		Also, DaemonPortOptions must be set appropriately for
570		sendmail to accept IPv6 connections.
571NETISO		Define this to get ISO networking support.
572NETUNIX		Define this to get Unix domain networking support.  Defined
573		by default.  A few bizarre systems (SCO, ISC, Altos) don't
574		support this networking domain.
575NETNS		Define this to get NS networking support.
576NETX25		Define this to get X.25 networking support.
577NAMED_BIND	If non-zero, include DNS (name daemon) support, including
578		MX support.  The specs say you must use this if you run
579		SMTP.  You don't have to be running a name server daemon
580		on your machine to need this -- any use of the DNS resolver,
581		including remote access to another machine, requires this
582		option.  Defined by default in conf.h.  Define it to zero
583		ONLY on machines that do not use DNS in any way.
584MATCHGECOS	Permit fuzzy matching of user names against the full
585		name (GECOS) field in the /etc/passwd file.  This should
586		probably be on, since you can disable it from the config
587		file if you want to.  Defined by default in conf.h.
588MIME8TO7	If non-zero, include 8 to 7 bit MIME conversions.  This
589		also controls advertisement of 8BITMIME in the ESMTP
590		startup dialogue.
591MIME7TO8_OLD	If 0 then use an algorithm for MIME 7-bit quoted-printable
592		or base64 encoding to 8-bit text that has been introduced
593		in 8.12.3.  There are some examples where that code fails,
594		but the old code works.  If you have an example of improper
595		7 to 8 bit conversion please send it to sendmail-bugs.
596MIME7TO8	If non-zero, include 7 to 8 bit MIME conversions.
597HES_GETMAILHOST	Define this to 1 if you are using Hesiod with the
598		hes_getmailhost() routine.  This is included with the MIT
599		Hesiod distribution, but not with the DEC Hesiod distribution.
600XDEBUG		Do additional internal checking.  These don't cost too
601		much; you might as well leave this on.
602TCPWRAPPERS	Turns on support for the TCP wrappers library (-lwrap).
603		See below for further information.
604SECUREWARE	Enable calls to the SecureWare luid enabling/changing routines.
605		SecureWare is a C2 security package added to several UNIX's
606		(notably ConvexOS) to get a C2 Secure system.  This
607		option causes mail delivery to be done with the luid of the
608		recipient.
609SHARE_V1	Support for the fair share scheduler, version 1.  Setting to
610		1 causes final delivery to be done using the recipients
611		resource limitations.  So far as I know, this is only
612		supported on ConvexOS.
613SASL		Enables SMTP AUTH (RFC 2554).  This requires the Cyrus SASL
614		library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/).  Please
615		install at least version 1.5.13.  See below for further
616		information: SASL COMPILATION AND CONFIGURATION.  If your
617		SASL library is older than 1.5.10, you have to set this
618		to its version number using a simple conversion:  a.b.c
619		-> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
620		Note: Using an older version than 1.5.5 of Cyrus SASL is
621		not supported.  Starting with version 1.5.10, setting SASL=1
622		is sufficient.  Any value other than 1 (or 0) will be
623		compared with the actual version found and if there is a
624		mismatch, compilation will fail.
625EGD		Define this if your system has EGD installed, see
626		http://egd.sourceforge.net/ .  It should be used to
627		seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
628STARTTLS	Enables SMTP STARTTLS (RFC 2487).  This requires OpenSSL
629		(http://www.OpenSSL.org/); use OpenSSL 0.9.5a or later
630		(if compatible with this version), do not use 0.9.3.
631		See STARTTLS COMPILATION AND CONFIGURATION for further
632		information.
633TLS_NO_RSA	Turn off support for RSA algorithms in STARTTLS.
634MILTER		Turn on support for external filters using the Milter API;
635		this option is set by default, to turn it off use
636			APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER=0')
637		in devtools/Site/site.config.m4 (see devtools/README).
638		See libmilter/README for more information about milter.
639REQUIRES_DIR_FSYNC	Turn on support for file systems that require to
640		call fsync() for a directory if the meta-data in it has
641		been changed.  This should be turned on at least for older
642		versions of ReiserFS; it is enabled by default for Linux.
643		According to some information this flag is not needed
644		anymore for kernel 2.4.16 and newer.  We would appreciate
645		feedback about the semantics of the various file systems
646		available for Linux.
647		An alternative to this compile time flag is to mount the
648		queue directory without the -async option, or using
649		chattr +S on Linux.
650DBMMODE		The default file permissions to use when creating new
651		database files for maps and aliases.  Defaults to 0640.
652
653Generic notice: If you enable a compile time option that needs
654libraries or include files that don't come with sendmail or are
655installed in a location that your C compiler doesn't use by default
656you should set confINCDIRS and confLIBDIRS as explained in the
657first section:  BUILDING SENDMAIL.
658
659
660+---------------------+
661| DNS/RESOLVER ISSUES |
662+---------------------+
663
664Many systems have old versions of the resolver library.  At a minimum,
665you should be running BIND 4.8.3; older versions may compile, but they
666have known bugs that should give you pause.
667
668Common problems in old versions include "undefined" errors for
669dn_skipname.
670
671Some people have had a problem with BIND 4.9; it uses some routines
672that it expects to be externally defined such as strerror().  It may
673help to link with "-l44bsd" to solve this problem.  This has apparently
674been fixed in later versions of BIND, starting around 4.9.3.  In other
675words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or
676later versions, you do not.
677
678!PLEASE! be sure to link with the same version of the resolver as
679the header files you used -- some people have used the 4.9 headers
680and linked with BIND 4.8 or vice versa, and it doesn't work.
681Unfortunately, it doesn't fail in an obvious way -- things just
682subtly don't work.
683
684WILDCARD MX RECORDS ARE A BAD IDEA!  The only situation in which they
685work reliably is if you have two versions of DNS, one in the real world
686which has a wildcard pointing to your firewall, and a completely
687different version of the database internally that does not include
688wildcard MX records that match your domain.  ANYTHING ELSE WILL GIVE
689YOU HEADACHES!
690
691When attempting to canonify a hostname, some broken name servers will
692return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.  If you
693want to excuse this behavior, include WorkAroundBrokenAAAA in
694ResolverOptions.  However, instead, we recommend catching the problem and
695reporting it to the name server administrator so we can rid the world of
696broken name servers.
697
698
699+----------------------------------------+
700| STARTTLS COMPILATION AND CONFIGURATION |
701+----------------------------------------+
702
703Please read the documentation accompanying the OpenSSL library.  You
704have to compile and install the OpenSSL libraries before you can compile
705sendmail.  See devtools/README how to set the correct compile time
706parameters; you should at least set the following variables:
707
708APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
709APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
710
711If you have installed the OpenSSL libraries and include files in
712a location that your C compiler doesn't use by default you should
713set confINCDIRS and confLIBDIRS as explained in the first section:
714BUILDING SENDMAIL.
715
716Configuration information can be found in doc/op/op.me (required
717certificates) and cf/README (how to tell sendmail about certificates).
718
719To perform an initial test, connect to your sendmail daemon
720(telnet localhost 25) and issue a EHLO localhost and see whether
721250-STARTTLS
722is in the response.  If it isn't, run the daemon with
723-O LogLevel=14
724and try again.  Then take a look at the logfile and see whether
725there are any problems listed about permissions (unsafe files)
726or the validity of X.509 certificates.
727
728From: Garrett Wollman <wollman@lcs.mit.edu>
729
730    If your certificate authority is hierarchical, and you only include
731    the top-level CA certificate in the CACertFile file, some mail clients
732    may be unable to infer the proper certificate chain when selecting a
733    client certificate.  Including the bottom-level CA certificate(s) in
734    the CACertFile file will allow these clients to work properly.  This
735    is not necessary if you are not using client certificates for
736    authentication, or if all your clients are running Sendmail or other
737    programs using the OpenSSL library (which get it right automatically).
738    In addition, some mail clients are totally incapable of using
739    certificate authentication -- even some of those which already support
740    SSL/TLS for confidentiality.
741
742Further information can be found via:
743http://www.sendmail.org/tips/
744
745
746+------------------------------------+
747| SASL COMPILATION AND CONFIGURATION |
748+------------------------------------+
749
750Please read the documentation accompanying the Cyrus SASL library
751(INSTALL and README).  If you use Berkeley DB for Cyrus SASL then
752you must compile sendmail with the same version of Berkeley DB.
753See devtools/README for how to set the correct compile time parameters;
754you should at least set the following variables:
755
756APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL')
757APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
758
759If you have installed the Cyrus SASL library and include files in
760a location that your C compiler doesn't use by default you should
761set confINCDIRS and confLIBDIRS as explained in the first section:
762BUILDING SENDMAIL.
763
764You have to select and install authentication mechanisms and tell
765sendmail where to find the sasl library and the include files (see
766devtools/README for the parameters to set).  Set up the required
767users and passwords as explained in the SASL documentation.  See
768also cf/README for authentication related options (especially
769DefaultAuthInfo if you want authentication between MTAs).
770
771To perform an initial test, connect to your sendmail daemon
772(telnet localhost 25) and issue a EHLO localhost and see whether
773250-AUTH ....
774is in the response.  If it isn't, run the daemon with
775-O LogLevel=14
776and try again.  Then take a look at the logfile and see whether
777there are any security related problems listed (unsafe files).
778
779Further information can be found via:
780http://www.sendmail.org/tips/
781
782
783+-------------------------------------+
784| OPERATING SYSTEM AND COMPILE QUIRKS |
785+-------------------------------------+
786
787GCC problems
788	When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
789		too (see include/sm/cdefs.h for more info).
790
791	*****************************************************************
792	**  IMPORTANT:  DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE    **
793	**  RUNNING GCC 2.4.x or 2.5.x.  THERE IS A BUG IN THE GCC     **
794	**  OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. **
795	*****************************************************************
796
797	Jim Wilson of Cygnus believes he has found the problem -- it will
798	probably be fixed in GCC 2.5.6 -- but until this is verified, be
799	very suspicious of gcc -O.  This problem is reported to have been
800	fixed in gcc 2.6.
801
802	A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with
803	optimization on a Sparc.  If you are using gcc 2.5.5, youi should
804	upgrade to the latest version of gcc.
805
806	Apparently GCC 2.7.0 on the Pentium processor has optimization
807	problems.  I recommend against using -O on that architecture.  This
808	has been seen on FreeBSD 2.0.5 RELEASE.
809
810	Solaris 2.X users should use version 2.7.2.3 over 2.7.2.
811
812	We have been told there are problems with gcc 2.8.0.  If you are
813	using this version, you should upgrade to 2.8.1 or later.
814
815Berkeley DB
816	Berkeley DB 4.1.x with x <= 24 does not work with sendmail.
817	You need at least 4.1.25.
818
819GDBM	GDBM does not work with sendmail because the additional
820	security checks and file locking cause problems.  Unfortunately,
821	gdbm does not provide a compile flag in its version of ndbm.h so
822	the code can adapt.  Until the GDBM authors can fix these problems,
823	GDBM will not be supported.  Please use Berkeley DB instead.
824
825Configuration file location
826	Up to 8.6, sendmail tried to find the sendmail.cf file in the same
827	place as the vendors had put it, even when this was obviously
828	stupid.  As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
829	Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
830	You can get sendmail to use the stupid vendor .cf location by
831	adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
832	support programs and scripts that need to find sendmail.cf.  You
833	are STRONGLY urged to use symbolic links if you want to use the
834	vendor location rather than changing the location in the sendmail
835	binary.
836
837	NETINFO systems use NETINFO to determine the location of
838	sendmail.cf.  The full path to sendmail.cf is stored as the value of
839	the "sendmail.cf" property in the "/locations/sendmail"
840	subdirectory of NETINFO.  Set the value of this property to
841	"/etc/mail/sendmail.cf" (without the quotes) to use this new
842	default location for Sendmail 8.10.0 and higher.
843
844ControlSocket permissions
845	Paraphrased from BIND 8.2.1's README:
846
847	Solaris and other pre-4.4BSD kernels do not respect ownership or
848	protections on UNIX-domain sockets.  The short term fix for this is to
849	override the default path and put such control sockets into root-
850	owned directories which do not permit non-root to r/w/x through them.
851	The long term fix is for all kernels to upgrade to 4.4BSD semantics.
852
853HP MPE/iX
854	The MPE-specific code within sendmail emulates a set-user-id root
855	environment for the sendmail binary.  But there is no root uid 0 on
856	MPE, nor is there any support for set-user-id programs.  Even when
857	sendmail thinks it is running as uid 0, it will still have the file
858	access rights of the underlying non-zero uid, but because sendmail is
859	an MPE priv-mode program it will still be able to call setuid() to
860	successfully switch to a new uid.
861
862	MPE setgid() semantics don't quite work the way sendmail expects, so
863	special emulation is done here also.
864
865	This uid/gid emulation is enabled via the setuid/setgid file mode bits
866	which are not currently used by MPE.  Code in libsm/mpeix.c examines
867	these bits and enables emulation if they have been set, i.e.,
868	chmod u+s,g+s /SENDMAIL/CURRENT/SENDMAIL.
869
870SunOS 4.x (Solaris 1.x)
871	You may have to use -lresolv on SunOS.  However, beware that
872	this links in a new version of gethostbyname that does not
873	understand NIS, so you must have all of your hosts in DNS.
874
875	Some people have reported problems with the SunOS version of
876	-lresolv and/or in.named, and suggest that you get a newer
877	version.  The symptoms are delays when you connect to the
878	SMTP server on a SunOS machine or having your domain added to
879	addresses inappropriately.  There is a version of BIND
880	version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9.
881
882	There is substantial disagreement about whether you can make
883	this work with resolv+, which allows you to specify a search-path
884	of services.  Some people report that it works fine, others
885	claim it doesn't work at all (including causing sendmail to
886	drop core when it tries to do multiple resolv+ lookups for a
887	single job).  I haven't tried resolv+, as we use DNS exclusively.
888
889	Should you want to try resolv+, it is on ftp.uu.net in
890	/networking/ip/dns.
891
892	Apparently getservbyname() can fail under moderate to high
893	load under some circumstances.  This will exhibit itself as
894	the message ``554 makeconnection: service "smtp" unknown''.
895	The problem has been traced to one or more blank lines in
896	/etc/services on the NIS server machine.  Delete these
897	and it should work.  This info is thanks to Brian Bartholomew
898	<bb@math.ufl.edu> of I-Kinetics, Inc.
899
900	NOTE: The SunOS 4.X linker uses library paths specified during
901	compilation using -L for run-time shared library searches.
902	Therefore, it is vital that relative and unsafe directory paths not
903	be used when compiling sendmail.
904
905SunOS 4.0.2 (Sun 386i)
906	Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
907	From: teus@oce.nl
908
909	Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the
910	following changes:
911	* Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
912	  available as "uname" command.
913	* Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
914	  devtools/OS/SunOS.4.0, which is selected via the "uname" command.
915	I recommend to make available the db-library on the system first
916	(and change the Makefile to use this library).
917	Note that the sendmail.cf and aliases files are found in /etc.
918
919SunOS 4.1.3, 4.1.3_U1
920	Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1.  According
921	to Sun bug number 1077939:
922
923	If an application does a getsockopt() on a SOCK_STREAM (TCP) socket
924	after the other side of the connection has sent a TCP RESET for
925	the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or
926	ip_ctloutput() routine.
927
928	For 4.1.3, this is fixed in patch 100584-08, available on the
929	Sunsolve 2.7.1 or later CDs.  For 4.1.3_U1, this was fixed in patch
930	101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later
931	obsoleted by patch 102010-05.
932
933	Sun patch 100584-08 is not currently publicly available on their
934	ftp site but a user has reported it can be found at other sites
935	using a web search engine.
936
937Solaris 2.x (SunOS 5.x)
938	To compile for Solaris, the Makefile built by Build must
939	include a SOLARIS definition which reflects the Solaris version
940	(i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1).
941	If you are using gcc, make sure -I/usr/include is not used (or
942	it might complain about TopFrame).  If you are using Sun's cc,
943	make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
944	(or it might complain about tm_zone).
945
946	The Solaris 2.x (x <= 3) "syslog" function is apparently limited
947	to something about 90 characters because of a kernel limitation.
948	If you have source code, you can probably up this number.  You
949	can get patches that fix this problem:  the patch ids are:
950
951		Solaris 2.1	100834
952		Solaris 2.2	100999
953		Solaris 2.3	101318
954
955	Be sure you have the appropriate patch installed or you won't
956	see system logging.
957
958Solaris 2.4 (SunOS 5.4)
959	If you include /usr/lib at the end of your LD_LIBRARY_PATH you run
960	the risk of getting the wrong libraries under some circumstances.
961	This is because of a new feature in Solaris 2.4, described by
962	Rod.Evans@Eng.Sun.COM:
963
964	>> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the
965	>> runtime linker if the application was setxid (secure), thus your
966	>> applications search path would be:
967	>>
968	>>	/usr/local/lib	LD_LIBRARY_PATH component - IGNORED
969	>>	/usr/lib	LD_LIBRARY_PATH component - IGNORED
970	>>	/usr/local/lib	RPATH - honored
971	>>	/usr/lib	RPATH - honored
972	>>
973	>> the effect is that path 3 would be the first used, and this would
974	>> satisfy your resolv.so lookup.
975	>>
976	>> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible.
977	>> People who developed setxid applications wanted to be able to alter
978	>> the library search path to some degree to allow for their own
979	>> testing and debugging mechanisms.  It was decided that the only
980	>> secure way to do this was to allow a `trusted' path to be used in
981	>> LD_LIBRARY_PATH.  The only trusted directory we presently define
982	>> is /usr/lib.  Thus a set-user-ID root developer could play with some
983	>> alternative shared object implementations and place them in
984	>> /usr/lib (being root we assume they'ed have access to write in this
985	>> directory).  This change was made as part of 1155380 - after a
986	>> *huge* amount of discussion regarding the security aspect of things.
987	>>
988	>> So, in SunOS 5.4 your applications search path would be:
989	>>
990	>>	/usr/local/lib	from LD_LIBRARY_PATH - IGNORED (untrustworthy)
991	>>	/usr/lib	from LD_LIBRARY_PATH - honored (trustworthy)
992	>>	/usr/local/lib	from RPATH - honored
993	>>	/usr/lib	from RPATH - honored
994	>>
995	>> here, path 2 would be the first used.
996
997Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
998	Apparently Solaris 2.5.1 patch 103663-01 installs a new
999	/usr/include/resolv.h file that defines the __P macro without
1000	checking to see if it is already defined.  This new resolv.h is also
1001	included in the Solaris 2.6 distribution.  This causes compile
1002	warnings such as:
1003
1004	   In file included from daemon.c:51:
1005	   /usr/include/resolv.h:208: warning: `__P' redefined
1006	   cdefs.h:58: warning: this is the location of the previous definition
1007
1008	These warnings can be safely ignored or you can create a resolv.h
1009	file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads:
1010
1011	   #undef __P
1012	   #include "/usr/include/resolv.h"
1013
1014	This problem was fixed in Solaris 7 (Sun bug ID 4081053).
1015
1016Solaris 7 (SunOS 5.7)
1017	Solaris 7 includes LDAP libraries but the implementation was
1018	lacking a few things.  The following settings can be placed in
1019	devtools/Site/site.SunOS.5.7.m4 if you plan on using those
1020	libraries.
1021
1022	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1023	APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
1024	APPENDDEF(`confLIBS', `-lldap')
1025
1026	Also, Sun's patch 107555 is needed to prevent a crash in the call
1027	to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
1028	LDAP support is compiled in sendmail.
1029
1030Solaris 8 and later (SunOS 5.8 and later)
1031	Solaris 8 and later can optionally install LDAP support.  If you
1032	have installed the Entire Distribution meta-cluster, you can use
1033	the following in devtools/Site/site.SunOS.5.8.m4 (or other
1034	appropriately versioned file) to enable LDAP:
1035
1036	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1037	APPENDDEF(`confLIBS', `-lldap')
1038
1039Solaris 9 and later (SunOS 5.9 and later)
1040	Solaris 9 and later have a revised LDAP library, libldap.so.5,
1041	which is derived from a Netscape implementation, thus requiring
1042	that SM_CONF_LDAP_MEMFREE be defined in conjunction with LDAPMAP:
1043
1044	APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1045	APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE')
1046	APPENDDEF(`confLIBS', `-lldap')
1047
1048Solaris
1049	If you are using dns for hostname resolution on Solaris, make sure
1050	that the 'dns' entry is last on the hosts line in
1051	'/etc/nsswitch.conf'.  For example, use:
1052
1053		hosts:	nisplus files dns
1054
1055	Do not use:
1056
1057		hosts:  nisplus dns [NOTFOUND=return] files
1058
1059	Note that 'nisplus' above is an illustration.  The same comment
1060	applies no matter what naming services you are using.  If you have
1061	anything other than dns last, even after "[NOTFOUND=return]",
1062	sendmail may not be able to determine whether an error was
1063	temporary or permanent.  The error returned by the solaris
1064	gethostbyname() is the error for the last lookup used, and other
1065	naming services do not have the same concept of temporary failure.
1066
1067Ultrix
1068	By default, the IDENT protocol is turned off on Ultrix.  If you
1069	are running Ultrix 4.4 or later, or if you have included patch
1070	CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
1071	IDENT on in the configuration file by setting the "ident" timeout.
1072
1073	The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
1074	included in libc.a.  Unfortunately, the __RES symbol hasn't changed
1075	and therefore, sendmail can no longer automatically detect the
1076	newer version.  If you get a compiler error:
1077
1078	/lib/libc.a(gethostent.o): local_hostname_length: multiply defined
1079
1080	Then rebuild with this in devtools/Site/site.ULTRIX.m4:
1081
1082	APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
1083
1084Digital UNIX (formerly DEC OSF/1)
1085	If you are compiling on OSF/1 (DEC Alpha), you must use
1086	-L/usr/shlib (otherwise it core dumps on startup).  You may also
1087	need -mld to get the nlist() function, although some versions
1088	apparently don't need this.
1089
1090	Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
1091	it, just create the link to the sendmail binary.
1092
1093	On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work
1094	properly due to a bug in the getpw* routines.  If you want to use
1095	this, use -DDEC_OSF_BROKEN_GETPWENT=1.  The problem is fixed in 3.2C.
1096
1097	Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will
1098	only preserve the envelope sender in the "From " header if
1099	DefaultUserID is set to daemon.  Setting this to mailnull will
1100	cause all mail to have the header "From mailnull ...".  To use
1101	a different DefaultUserID, you will need to use a different mail
1102	delivery agent (such as mail.local found in the sendmail
1103	distribution).
1104
1105	On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the
1106	operating system and already has the ndbm.o module removed.  However,
1107	Digital has modified the original Berkeley DB db.h include file.
1108	This results in the following warning while compiling map.c and udb.c:
1109
1110	cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro
1111	 "__signed" conflicts with a current definition because the replacement
1112	 lists differ.  The redefinition is now in effect.
1113	#define __signed        signed
1114	------------------------^
1115
1116	This warning can be ignored.
1117
1118	Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/.
1119	If you have installed a new version of BIND in /usr/include
1120	and /usr/lib, you will experience difficulties as Digital ships
1121	libresolv.a in /usr/ccs/lib/ as well.  Be sure to replace both
1122	copies of libresolv.a.
1123
1124IRIX
1125	The header files on SGI IRIX are completely prototyped, and as
1126	a result you can sometimes get some warning messages during
1127	compilation.  These can be ignored.  There are two errors in
1128	deliver only if you are using gcc, both of the form ``warning:
1129	passing arg N of `execve' from incompatible pointer type''.
1130	Also, if you compile with -DNIS, you will get a complaint
1131	about a declaration of struct dom_binding in a prototype
1132	when compiling map.c; this is not important because the
1133	function being prototyped is not used in that file.
1134
1135	In order to compile sendmail you will have had to install
1136	the developers' option in order to get the necessary include
1137	files.
1138
1139	If you compile with -lmalloc (the fast memory allocator), you may
1140	get warning messages such as the following:
1141
1142	   ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so
1143		preempts that definition in /usr/lib32/mips3/libc.so.
1144	   ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so
1145		preempts that definition in /usr/lib32/mips3/libc.so.
1146	   ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so
1147		preempts that definition in /usr/lib32/mips3/libc.so.
1148	   ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so
1149		preempts that definition in /usr/lib32/mips3/libc.so.
1150	   ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so
1151		preempts that definition in /usr/lib32/mips3/libc.so.
1152
1153	These are unavoidable and innocuous -- just ignore them.
1154
1155	According to Dave Sill <de5@ornl.gov>, there is a version of the
1156	Berkeley DB library patched to run on Irix 6.2 available from
1157	http://reality.sgi.com/ariel/freeware/#db .
1158
1159IRIX 6.x
1160	If you are using XFS filesystem, avoid using the -32 ABI switch to
1161	the cc compiler if possible.
1162
1163	Broken inet_aton and inet_ntoa on IRIX using gcc: There's
1164	a problem with gcc on IRIX, i.e., gcc can't pass structs
1165	less than 16 bits long unless they are 8 bits; IRIX 6.2 has
1166	some other sized structs.  See
1167	http://www.bitmechanic.com/mail-archives/mysql/current/0418.html
1168	This problem seems to be fixed by gcc v2.95.2, gcc v2.8.1
1169	is reported as broken.  Check your gcc version for this bug
1170	before installing sendmail.
1171
1172IRIX 6.4
1173	The IRIX 6.5.4 version of /bin/m4 does not work properly with
1174	sendmail.  Either install fw_m4.sw.m4 off the Freeware_May99 CD and
1175	use /usr/freeware/bin/m4 or install and use GNU m4.
1176
1177NeXT or NEXTSTEP
1178	NEXTSTEP 3.3 and earlier ship with the old DBM library.  Also,
1179	Berkeley DB does not currently run on NEXTSTEP.
1180
1181	If you are compiling on NEXTSTEP, you will have to create an
1182	empty file "unistd.h" and create a file "dirent.h" containing:
1183
1184		#include <sys/dir.h>
1185		#define dirent	direct
1186
1187	(devtools/OS/NeXT should try to do both of these for you.)
1188
1189	Apparently, there is a bug in getservbyname on Nextstep 3.0
1190	that causes it to fail under some circumstances with the
1191	message "SYSERR: service "smtp" unknown" logged.  You should
1192	be able to work around this by including the line:
1193
1194		OOPort=25
1195
1196	in your .cf file.
1197
1198BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
1199	The "m4" from BSDI won't handle the config files properly.
1200	I haven't had a chance to test this myself.
1201
1202	The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config
1203	files properly.  One must use either GNU m4 1.1 or the PD-M4
1204	recently posted in comp.os.386bsd.bugs (and maybe others).
1205	NetBSD-current includes the PD-M4 (as stated in the NetBSD file
1206	CHANGES).
1207
1208	FreeBSD 1.0 RELEASE has uname(2) now.  Use -DUSEUNAME in order to
1209	use it (look into devtools/OS/FreeBSD).  NetBSD-current may have
1210	it too but it has not been verified.
1211
1212	The latest version of Berkeley DB uses a different naming
1213	scheme than the version that is supplied with your release.  This
1214	means you will be able to use the current version of Berkeley DB
1215	with sendmail as long you use the new db.h when compiling
1216	sendmail and link it against the new libdb.a or libdb.so.  You
1217	should probably keep the original db.h in /usr/include and the
1218	new db.h in /usr/local/include.
1219
12204.3BSD
1221	If you are running a "virgin" version of 4.3BSD, you'll have
1222	a very old resolver and be missing some header files.  The
1223	header files are simple -- create empty versions and everything
1224	will work fine.  For the resolver you should really port a new
1225	version (4.8.3 or later) of the resolver; 4.9 is available on
1226	gatekeeper.DEC.COM in pub/BSD/bind/4.9.  If you are really
1227	determined to continue to use your old, buggy version (or as
1228	a shortcut to get sendmail working -- I'm sure you have the
1229	best intentions to port a modern version of BIND), you can
1230	copy ../contrib/oldbind.compat.c into sendmail and add the
1231	following to devtools/Site/site.config.m4:
1232
1233	APPENDDEF(`confOBJADD', `oldbind.compat.o')
1234
1235OpenBSD (up to 2.9 Release), NetBSD, FreeBSD (up to 4.3-RELEASE)
1236	m4 from *BSD won't handle libsm/Makefile.m4 properly, since the
1237	maximum length for strings is too short.  You need to use GNU m4
1238	or patch m4, see for example:
1239  http://FreeBSD.org/cgi/cvsweb.cgi/src/usr.bin/m4/eval.c.diff?r1=1.11&r2=1.12
1240
1241A/UX
1242	Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT)
1243	From: "Eric C. Hagberg" <hagberg@med.cornell.edu>
1244	Subject: Fix for A/UX ndbm
1245
1246	I guess this isn't really a sendmail bug, however, it is something
1247	that A/UX users should be aware of when compiling sendmail 8.6.
1248
1249	Apparently, the calls that sendmail is using to the ndbm routines
1250	in A/UX 3.0.x contain calls to "broken" routines, in that the
1251	aliases database will break when it gets "just a little big"
1252	(sorry I don't have exact numbers here, but it broke somewhere
1253	around 20-25 aliases for me.), making all aliases non-functional
1254	after exceeding this point.
1255
1256	What I did was to get the gnu-dbm-1.6 package, compile it, and
1257	then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
1258	ndbm.h header file that comes with the gnu-package.  This makes
1259	things behave properly.
1260	  [NOTE: see comment above about GDBM]
1261
1262	I suppose porting the New Berkeley DB package is another route,
1263	however, I made a quick attempt at it, and found it difficult
1264	(not easy at least); the gnu-dbm package "configured" and
1265	compiled easily.
1266
1267	  [NOTE: Berkeley DB version 2.X runs on A/UX and can be used for
1268	  database maps.]
1269
1270SCO Unix
1271	From: Thomas Essebier <tom@stallion.oz.au>
1272	Organisation:  Stallion Technologies Pty Ltd.
1273
1274	It will probably help those who are trying to configure sendmail 8.6.9
1275	to know that if they are on SCO, they had better set
1276		OI-dnsrch
1277	or they will core dump as soon as they try to use the resolver.
1278	i.e., although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3,
1279	it does not inititialise it, nor does it understand 'search' in
1280	/etc/named.boot.
1281		- sigh -
1282
1283	According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
1284	We recommend installing GNU m4 before attempting to build sendmail.
1285
1286	On some versions a bogus error value is listed if connections
1287	time out (large negative number).  To avoid this explicitly set
1288	Timeout.connect to a reasonable value (several minutes).
1289
1290DG/UX
1291	Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run
1292	V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage.
1293	Originally, the DG /bin/mail program wasn't compatible with
1294	the V8 sendmail, since the DG /bin/mail requires the environment
1295	variable "_FORCE_MAIL_LOCAL_=yes" be set.  Version 8.7 now includes
1296	this in the environment before invoking the local mailer.  Some
1297	have used procmail to avoid this problem in the past.  It works
1298	but some have experienced file locking problems with their DG/UX
1299	ports of procmail.
1300
1301Apollo DomainOS
1302	If you are compiling on Apollo, you will have to create an empty
1303	file "unistd.h" (for DomainOS 10.3 and earlier) and create a file
1304	"dirent.h" containing:
1305
1306		#include <sys/dir.h>
1307		#define dirent	direct
1308
1309	(devtools/OS/DomainOS will attempt to do both of these for you.)
1310
1311HP-UX 8.00
1312	Date: Mon, 24 Jan 1994 13:25:45 +0200
1313	From: Kimmo Suominen <Kimmo.Suominen@lut.fi>
1314	Subject: 8.6.5 w/ HP-UX 8.00 on s300
1315
1316	Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (i.e.,
1317	a series 300 machine) running HP-UX 8.00.
1318
1319	I was getting segmentation fault when delivering to a local user.
1320	With debugging I saw it was faulting when doing _free@libc... *sigh*
1321	It seems the new implementation of malloc on s300 is buggy as of 8.0,
1322	so I tried out the one in -lmalloc (malloc(3X)).  With that it seems
1323	to work just dandy.
1324
1325	When linking, you will get the following error:
1326
1327	ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a
1328
1329	but you can just ignore it.  You might want to add this info to the
1330	README file for the future...
1331
1332Linux
1333	Something broke between versions 0.99.13 and 0.99.14 of Linux: the
1334	flock() system call gives errors.  If you are running .14, you must
1335	not use flock.  You can do this with -DHASFLOCK=0.  We have also
1336	been getting complaints since version 2.4.X was released.
1337	sendmail 8.13 has changed the default locking method to fcntl()
1338	for Linux kernel version 2.4 and later.  Be sure to update other
1339	sendmail related programs to match locking techniques (some
1340	examples, besides makemap and mail.local, include procmail, mailx,
1341	mutt, elm, etc).
1342
1343	Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the
1344	initialization of the _res structure changed.  If /etc/hosts.conf
1345	was configured as "hosts, bind" the resolver code could return
1346	"Name server failure" errors.  This is supposedly fixed in
1347	later versions of libc (>= 4.6.29?), and later versions of
1348	sendmail (> 8.6.10) try to work around the problem.
1349
1350	Some older versions (< 4.6.20?) of the libc/include files conflict
1351	with sendmail's version of cdefs.h.  Deleting sendmail's version
1352	on those systems should be non-harmful, and new versions don't care.
1353
1354	NOTE ON LINUX & BIND:  By default, the Makefile generated for Linux
1355	includes header files in /usr/local/include and libraries in
1356	/usr/local/lib.  If you've installed BIND on your system, the header
1357	files typically end up in the search path and you need to add
1358	"-lresolv" to the LIBS line in your Makefile.  Really old versions
1359	may need to include "-l44bsd" as well (particularly if the link phase
1360	complains about missing strcasecmp, strncasecmp or strpbrk).
1361	Complaints about an undefined reference to `__dn_skipname' in
1362	domain.o are a sure sign that you need to add -lresolv to LIBS.
1363	Newer versions of Linux are basically threaded BIND, so you may or
1364	may not see complaints if you accidentally mix BIND
1365	headers/libraries with virginal libc.  If you have BIND headers in
1366	/usr/local/include (resolv.h, etc) you *should* be adding -lresolv
1367	to LIBS.  Data structures may change and you'd be asking for a
1368	core dump.
1369
1370	A number of problems have been reported regarding the Linux 2.2.0
1371	kernel.  So far, these problems have been tracked down to syslog()
1372	and DNS resolution.  We believe the problem is with the poll()
1373	implementation in the Linux 2.2.0 kernel and poll()-aware versions
1374	of glib (at least up to 2.0.111).
1375
1376glibc
1377	glibc 2.2.1 (and possibly other versions) changed the value of
1378	__RES in resolv.h but failed to actually provide the IPv6 API
1379	changes that the change implied.  Therefore, compiling with
1380	-DNETINET6 fails.
1381
1382	Workarounds:
1383	1) Compile without -DNETINET6
1384	2) Build against a real BIND 8.2.2 include/lib tree
1385	3) Wait for glibc to fix it
1386
1387AIX 4.X
1388	The AIX 4.X linker uses library paths specified during compilation
1389	using -L for run-time shared library searches.  Therefore, it is
1390	vital that relative and unsafe directory paths not be using when
1391	compiling sendmail.  Because of this danger, by default, compiles
1392	on AIX use the -blibpath option to limit shared libraries to
1393	/usr/lib and /lib.  If you need to allow more directories, such as
1394	/usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
1395	site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
1396	appropriately.  For example:
1397
1398	define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
1399
1400	Be sure to only add (safe) system directories.
1401
1402	The AIX version of GNU ld also exhibits this problem.  If you are
1403	using that version, instead of -blibpath, use its -rpath option.
1404	For example:
1405
1406	gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
1407
1408AIX 4.X	If the test program t-event (and most others) in libsm fails,
1409	check your compiler settings.  It seems that the flags -qnoro or
1410	-qnoroconst on some AIX versions trigger a compiler bug.  Check
1411	your compiler settings or use cc instead of xlc.
1412
1413AIX 4.0-4.2, maybe some AIX 4.3 versions
1414	The AIX m4 implements a different mechanism for ifdef which is
1415	inconsistent with other versions of m4.  Therefore, it will not
1416	work properly with the sendmail Build architecture or m4
1417	configuration method.  To work around this problem, please use
1418	GNU m4 from ftp://ftp.gnu.org/pub/gnu/.
1419	The problem seems to be solved in AIX 4.3.3 at least.
1420
1421AIX 4.3.3
1422	From: Valdis.Kletnieks@vt.edu
1423	Date: Sun, 02 Jul 2000 03:58:02 -0400
1424
1425	Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
1426	BIND 8.2.2 security holes, you can no longer build with  -DNETINET6
1427	because they changed the value of __RES in resolv.h but failed to
1428	actually provide the API changes that the change implied.
1429
1430	Workarounds:
1431	1) Compile without -DNETINET6
1432	2) Build against a real BIND 8.2.2 include/lib tree
1433	3) Wait for IBM to fix it
1434
1435AIX 3.x
1436	This version of sendmail does not support MB, MG, and MR resource
1437	records, which are supported by AIX sendmail.
1438
1439	Several people have reported that the IBM-supplied named returns
1440	fairly random results -- the named should be replaced.  It is not
1441	necessary to replace the resolver, which will simplify installation.
1442	A new BIND resolver can be found at http://www.isc.org/isc/.
1443
1444AIX 3.1.x
1445	The supplied load average code only works correctly for AIX 3.2.x.
1446	For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor''
1447	package by Jussi Maki <jmaki@hut.fi> from ftp.funet.fi in the
1448	directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd
1449	daemon, and the getloadavg subroutine supplied with that package.
1450	If you don't care about load average throttling, just turn off
1451	load average checking using -DLA_TYPE=LA_ZERO.
1452
1453RISC/os
1454	RISC/os from MIPS is a merged AT&T/Berkeley system.  When you
1455	compile on that platform you will get duplicate definitions
1456	on many files.  You can ignore these.
1457
1458System V Release 4 Based Systems
1459	There is a single devtools OS that is intended for all SVR4-based
1460	systems (built from devtools/OS/SVR4).  It defines __svr4__,
1461	which is predefined by some compilers.  If your compiler already
1462	defines this compile variable, you can delete the definition from
1463	the generated Makefile or create a devtools/Site/site.config.m4
1464	file.
1465
1466	It's been tested on Dell Issue 2.2.
1467
1468DELL SVR4
1469	Date:      Mon, 06 Dec 1993 10:42:29 EST
1470	From: "Kimmo Suominen" <kim@grendel.lut.fi>
1471	Message-ID: <2d0352f9.lento29@lento29.UUCP>
1472	To: eric@cs.berkeley.edu
1473	Cc: sendmail@cs.berkeley.edu
1474	Subject:   Notes for DELL SVR4
1475
1476	Eric,
1477
1478	Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4.  I ran
1479	across these things when helping out some people who contacted me by
1480	e-mail.
1481
1482	1) Use gcc 2.4.5 (or later?).  Dell distributes gcc 2.1 with their
1483	   Issue 2.2 Unix.  It is too old, and gives you problems with
1484	   clock.c, because sigset_t won't get defined in <sys/signal.h>.
1485	   This is due to a problematic protection rule in there, and is
1486	   fixed with gcc 2.4.5.
1487
1488	2) If you don't use the new Berkeley DB (-DNEWDB), then you need
1489	   to add "-lc -lucb" to the libraries to link with.  This is because
1490	   the -ldbm distributed by Dell needs the bcopy, bcmp and bzero
1491	   functions.  It is important that you specify both libraries in
1492	   the given order to be sure you only get the BSTRING functions
1493	   from the UCB library (and not the signal routines etc.).
1494
1495	3) Don't leave out "-lelf" even if compiling with "-lc -lucb".
1496	   The UCB library also has another copy of the nlist routines,
1497	   but we do want the ones from "-lelf".
1498
1499	If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they
1500	can use anonymous ftp to fetch them from lut.fi in the /kim directory.
1501	They are copies of what I use on grendel.lut.fi, and offering them
1502	does not imply that I would also support them.  I have sent the DB
1503	port for SVR4 back to Keith Bostic for inclusion in the official
1504	distribution, but I haven't heard anything from him as of today.
1505
1506	- gcc-2.4.5-svr4.tar.gz	(gcc 2.4.5 and the corresponding libg++)
1507	- db-1.72.tar.gz	(with source, objects and a installed copy)
1508
1509	Cheers
1510	+ Kim
1511	--
1512	 *  Kimmo.Suominen@lut.fi  *  SysVr4 enthusiast at GRENDEL.LUT.FI  *
1513	*    KIM@FINFILES.BITNET   *  Postmaster and Hostmaster at LUT.FI   *
1514	 *    + 358 200 865 718    *  Unix area moderator at NIC.FUNET.FI  *
1515
1516ConvexOS 10.1 and below
1517	In order to use the name server, you must create the file
1518	/etc/use_nameserver.  If this file does not exist, the call
1519	to res_init() will fail and you will have absolutely no
1520	access to DNS, including MX records.
1521
1522Amdahl UTS 2.1.5
1523	In order to get UTS to work, you will have to port BIND 4.9.
1524	The vendor's BIND is reported to be ``totally inadequate.''
1525	See sendmail/contrib/AmdahlUTS.patch for the patches necessary
1526	to get BIND 4.9 compiled for UTS.
1527
1528UnixWare
1529	According to Alexander Kolbasov <sasha@unitech.gamma.ru>,
1530	the m4 on UnixWare 2.0 (still in Beta) will core dump on the
1531	config files.  GNU m4 and the m4 from UnixWare 1.x both work.
1532
1533	According to Larry Rosenman <ler@lerami.lerctr.org>:
1534
1535		UnixWare 2.1.[23]'s m4 chokes (not obviously) when
1536		processing the 8.9.0 cf files.
1537
1538		I had a LOCAL_RULE_0 that wound up AFTER the
1539		SBasic_check_rcpt rules using the SCO supplied M4.
1540		GNU M4 works fine.
1541
1542UNICOS 8.0.3.4
1543	Some people have reported that the -O flag on UNICOS can cause
1544	problems.  You may want to turn this off if you have problems
1545	running sendmail.  Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>.
1546
1547Darwin/Mac OS X (10.X.X)
1548	The linker errors produced regarding getopt() and its associated
1549	variables can safely be ignored.
1550
1551	From Mike Zimmerman <zimmy@torrentnet.com>:
1552
1553	From scratch here is what Darwin users need to do to the standard
1554	10.0.0, 10.0.1 install to get sendmail working.
1555	From http://www.macosx.com/forums/showthread.php?s=6dac0e9e1f3fd118a4870a8a9b559491&threadid=2242:
1556	1. chmod g-w / /private /private/etc
1557	2. Properly set HOSTNAME in /etc/hostconfig to your FQDN:
1558	   HOSTNAME=-my.domain.com-
1559	3. Edit /etc/rc.boot:
1560	   hostname my.domain.com
1561	   domainname domain.com
1562	4. Edit /System/Library/StartupItems/Sendmail/Sendmail:
1563	   Remove the "&" after the sendmail command:
1564	   /usr/sbin/sendmail -bd -q1h
1565
1566	From Carsten Klapp <carsten.klapp@home.com>:
1567
1568	The easiest workaround is to remove the group-writable permission
1569	for the root directory and the symbolic /etc inherits this
1570	change. While this does fix sendmail, the unfortunate side-effect
1571	is the OS X admin will no longer be able to manipulate icons in the
1572	top level of the Startup disk unless logged into the GUI as the
1573	superuser.
1574
1575	In applying the alternate workaround, care must be taken while
1576	swapping the symlink /etc with the directory /private/etc. In all
1577	likelihood any admin who is concerned with this sendmail error has
1578	enough experience to not accidentally harm anything in the process.
1579
1580	a. Swap the /etc symlink with /private/etc (as superuser):
1581	   rm /etc
1582	   mv /private/etc /etc
1583	   ln -s /etc /private/etc
1584
1585	b. Set / to group unwritable (as superuser):
1586	   chmod g-w /
1587
1588Darwin/Mac OS X (10.1.5)
1589	Apple's upgrade to sendmail 8.12 is incorrectly configured.  You
1590	will need to manually fix it up by doing the following:
1591
1592	1. chown smmsp:smmsp /var/spool/clientmqueue
1593	2. chmod 2770 /var/spool/clientmqueue
1594	3. chgrp smmsp /usr/sbin/sendmail
1595	4. chmod g+s /usr/sbin/sendmail
1596
1597	From Daniel J. Luke <dluke@geeklair.net>:
1598
1599	It appears that setting the sendmail.cf property in
1600	/locations/sendmail in NetInfo on Mac OS X 10.1.5 with sendmail
1601	8.12.4 causes 'bad things' to happen.
1602
1603	Specifically sendmail instances that should be getting their config
1604	from /etc/mail/submit.cf don't (so mail/mutt/perl scripts which
1605	open pipes to sendmail stop working as sendmail tries to write to
1606	/var/spool/mqueue and cannot as sendmail is no longer suid root).
1607
1608	Removing the entry from NetInfo fixes this problem.
1609
1610GNU getopt
1611	I'm told that GNU getopt has a problem in that it gets confused
1612	by the double call.  Use the version in conf.c instead.
1613
1614BIND 4.9.2 and Ultrix
1615	If you are running on Ultrix, be sure you read conf/Info.Ultrix
1616	in the BIND distribution very carefully -- there is information
1617	in there that you need to know in order to avoid errors of the
1618	form:
1619
1620		/lib/libc.a(gethostent.o): sethostent: multiply defined
1621		/lib/libc.a(gethostent.o): endhostent: multiply defined
1622		/lib/libc.a(gethostent.o): gethostbyname: multiply defined
1623		/lib/libc.a(gethostent.o): gethostbyaddr: multiply defined
1624
1625	during the link stage.
1626
1627BIND 8.X
1628	BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
1629	DNS failures when trying to find the hostname associated with an IP
1630	address (gethostbyaddr()).  This can cause problems as
1631	$&{client_name} based lookups in class R ($=R) and the access
1632	database won't succeed.
1633
1634	This will be fixed in BIND 8.2.1.  For earlier versions, this can
1635	be fixed by making "dns" the last name service queried for host
1636	resolution in /etc/irs.conf:
1637
1638		hosts local continue
1639		hosts dns
1640
1641strtoul
1642	Some compilers (notably gcc) claim to be ANSI C but do not
1643	include the ANSI-required routine "strtoul".  If your compiler
1644	has this problem, you will get an error in srvrsmtp.c on the
1645	code:
1646
1647	  # ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
1648			e->e_msgsize = strtoul(vp, (char **) NULL, 10);
1649	  # else
1650			e->e_msgsize = strtol(vp, (char **) NULL, 10);
1651	  # endif
1652
1653	You can use -DBROKEN_ANSI_LIBRARY to get around this problem.
1654
1655Listproc 6.0c
1656	Date: 23 Sep 1995 23:56:07 GMT
1657	Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk>
1658	From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz)
1659	Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint]
1660
1661	Just upgraded to sendmail 8.7, and discovered that listproc 6.0c
1662	breaks, because it, by default, sends a blank "HELO" rather than
1663	a "HELO hostname" when using the 'system' or 'telnet' mail method.
1664
1665	The fix is to include -DZMAILER in the compilation, which will
1666	cause it to use "HELO hostname" (which Z-mail apparently requires
1667	as well. :)
1668
1669OpenSSL
1670	OpenSSL versions prior to 0.9.6 use a macro named Free which
1671	conflicts with existing macro names on some platforms, such as
1672	AIX.
1673	Do not use 0.9.3, but OpenSSL 0.9.5a or later if compatible with
1674	0.9.5a.
1675
1676PH
1677	PH support is provided by Mark Roth <roth@uiuc.edu>.  The map is
1678	described at http://www-dev.cites.uiuc.edu/sendmail/ .
1679
1680	NOTE: The "spacedname" pseudo-field which was used by earlier
1681	versions of the PH map code is no longer supported!  See the URL
1682	listed above for more information.
1683
1684	Please contact Mark Roth for support and questions regarding the
1685	map.
1686
1687TCP Wrappers
1688	If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
1689	also need to install libwrap.a and modify your site.config.m4 file
1690	or the generated Makefile to include -lwrap in the LIBS line
1691	(make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
1692	libwrap.a can be found).
1693
1694	TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
1695
1696	If you have alternate MX sites for your site, be sure that all of
1697	your MX sites reject the same set of hosts.  If not, a bad guy whom
1698	you reject will connect to your site, fail, and move on to the next
1699	MX site, which will accept the mail for you and forward it on to you.
1700
1701Regular Expressions (MAP_REGEX)
1702	If sendmail linking fails with:
1703
1704		undefined reference to 'regcomp'
1705
1706	or sendmail gives an error about a regular expression with:
1707
1708		pattern-compile-error: : Operation not applicable
1709
1710	Your libc does not include a running version of POSIX-regex.  Use
1711	librx or regex.o from the GNU Free Software Foundation,
1712	ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
1713	ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
1714	You can also use the regex-lib by Henry Spencer,
1715	ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
1716	Make sure, your compiler reads regex.h from the distribution,
1717	not from /usr/include, otherwise sendmail will dump a core.
1718
1719Fedora Core 5, 64 bit version
1720	If the ld stage fails with undefined functions like
1721	__res_querydomain, __dn_expand
1722	then add these lines to devtools/Site/site.config.m4
1723
1724	APPENDDEF(`confLIBDIRS', `-L/usr/lib64')
1725	APPENDDEF(`confINCDIRS', `-I/usr/include/bind9')
1726
1727	and rebuild (sh ./Build -c).
1728
1729	Problem noted by Daniel Krones, solution suggested by
1730	Anthony Howe.
1731
1732+--------------+
1733| MANUAL PAGES |
1734+--------------+
1735
1736The manual pages have been written against the -man macros, and
1737should format correctly with any reasonable *roff.
1738
1739
1740+-----------------+
1741| DEBUGGING HOOKS |
1742+-----------------+
1743
1744As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log
1745some debugging output (logged at LOG_DEBUG severity).  The
1746information dumped is:
1747
1748 * The value of the $j macro.
1749 * A warning if $j is not in the set $=w.
1750 * A list of the open file descriptors.
1751 * The contents of the connection cache.
1752 * If ruleset 89 is defined, it is evaluated and the results printed.
1753
1754This allows you to get information regarding the runtime state of the
1755daemon on the fly.  This should not be done too frequently, since
1756the process of rewriting may lose memory which will not be recovered.
1757Also, ruleset 89 may call non-reentrant routines, so there is a small
1758non-zero probability that this will cause other problems.  It is
1759really only for debugging serious problems.
1760
1761A typical formulation of ruleset 89 would be:
1762
1763	R$*		$@ $>0 some test address
1764
1765
1766+-----------------------------+
1767| DESCRIPTION OF SOURCE FILES |
1768+-----------------------------+
1769
1770The following list describes the files in this directory:
1771
1772Build		Shell script for building sendmail.
1773Makefile	A convenience for calling ./Build.
1774Makefile.m4	A template for constructing a makefile based on the
1775		information in the devtools directory.
1776README		This file.
1777TRACEFLAGS	My own personal list of the trace flags -- not guaranteed
1778		to be particularly up to date.
1779alias.c		Does name aliasing in all forms.
1780aliases.5	Man page describing the format of the aliases file.
1781arpadate.c	A subroutine which creates ARPANET standard dates.
1782bf.c		Routines to implement memory-buffered file system using
1783		hooks provided by libsm now (formerly Torek stdio library).
1784bf.h		Buffered file I/O function declarations and
1785		data structure and function declarations for bf.c.
1786collect.c	The routine that actually reads the mail into a temp
1787		file.  It also does a certain amount of parsing of
1788		the header, etc.
1789conf.c		The configuration file.  This contains information
1790		that is presumed to be quite static and non-
1791		controversial, or code compiled in for efficiency
1792		reasons.  Most of the configuration is in sendmail.cf.
1793conf.h		Configuration that must be known everywhere.
1794control.c	Routines to implement control socket.
1795convtime.c	A routine to sanely process times.
1796daemon.c	Routines to implement daemon mode.
1797deliver.c	Routines to deliver mail.
1798domain.c	Routines that interface with DNS (the Domain Name
1799		System).
1800envelope.c	Routines to manipulate the envelope structure.
1801err.c		Routines to print error messages.
1802headers.c	Routines to process message headers.
1803helpfile	An example helpfile for the SMTP HELP command and -bt mode.
1804macro.c		The macro expander.  This is used internally to
1805		insert information from the configuration file.
1806mailq.1		Man page for the mailq command.
1807main.c		The main routine to sendmail.  This file also
1808		contains some miscellaneous routines.
1809makesendmail	A convenience for calling ./Build.
1810map.c		Support for database maps.
1811mci.c		Routines that handle mail connection information caching.
1812milter.c	MTA portions of the mail filter API.
1813mime.c		MIME conversion routines.
1814newaliases.1	Man page for the newaliases command.
1815parseaddr.c	The routines which do address parsing.
1816queue.c		Routines to implement message queueing.
1817readcf.c	The routine that reads the configuration file and
1818		translates it to internal form.
1819recipient.c	Routines that manipulate the recipient list.
1820sasl.c		Routines to interact with Cyrys-SASL.
1821savemail.c	Routines which save the letter on processing errors.
1822sendmail.8	Man page for the sendmail command.
1823sendmail.h	Main header file for sendmail.
1824sfsasl.c	I/O interface between SASL/TLS and the MTA.
1825sfsasl.h	Header file for sfsasl.c.
1826shmticklib.c	Routines for shared memory counters.
1827sm_resolve.c	Routines for DNS lookups (for DNS map type).
1828sm_resolve.h	Header file for sm_resolve.c.
1829srvrsmtp.c	Routines to implement server SMTP.
1830stab.c		Routines to manage the symbol table.
1831stats.c		Routines to collect and post the statistics.
1832statusd_shm.h	Data structure and function declarations for shmticklib.c.
1833sysexits.c	List of error messages associated with error codes
1834		in sysexits.h.
1835sysexits.h	List of error codes for systems that lack their own.
1836timers.c	Routines to provide microtimers.
1837timers.h	Data structure and function declarations for timers.h.
1838tls.c		Routines for TLS.
1839trace.c		The trace package.  These routines allow setting and
1840		testing of trace flags with a high granularity.
1841udb.c		The user database interface module.
1842usersmtp.c	Routines to implement user SMTP.
1843util.c		Some general purpose routines used by sendmail.
1844version.c	The version number and information about this
1845		version of sendmail.
1846
1847(Version $Revision: 8.389 $, last update $Date: 2006/05/02 16:58:50 $ )
1848