README revision 110560
1205821Sedwin 213877Swosch SENDMAIL RELEASE 8 313877Swosch 413877SwoschThis directory has the latest sendmail(TM) software from Sendmail, Inc. 513877Swosch 613877SwoschReport any bugs to sendmail-bugs@sendmail.ORG 713877Swosch 813877SwoschThere is a web site at http://WWW.Sendmail.ORG/ -- see that site for 913877Swoschthe latest updates. 1013877Swosch 1113877Swosch+--------------+ 1213877Swosch| INTRODUCTION | 1313877Swosch+--------------+ 1413877Swosch 1513877Swosch0. The vast majority of queries to <sendmail-questions@sendmail.org> 1613877Swosch are answered in the README files noted below. 1713877Swosch 1813877Swosch1. Read this README file, especially this introduction, and the DIRECTORY 1913877Swosch PERMISSIONS sections. 2013877Swosch 2113877Swosch2. Read the INSTALL file in this directory. 2213877Swosch 2313877Swosch3. Read sendmail/README, especially: 2413877Swosch a. the introduction 2513877Swosch b. the BUILDING SENDMAIL section 2613877Swosch c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section 2713877Swosch 2859945Sphantom You may also find these useful: 2959945Sphantom 3013877Swosch d. sendmail/SECURITY 3113877Swosch e. devtools/README 32129814Sstefanf f. devtools/Site/README 33129814Sstefanf g. libmilter/README 3413877Swosch h. mail.local/README 35205821Sedwin i. smrsh/README 36205821Sedwin 37205821Sedwin4. Read cf/README. 38205821Sedwin 39205821SedwinSendmail is a trademark of Sendmail, Inc. 40205821Sedwin 41205821Sedwin+-----------------------+ 42205821Sedwin| DIRECTORY PERMISSIONS | 43205821Sedwin+-----------------------+ 44205821Sedwin 45205821SedwinSendmail often gets blamed for many problems that are actually the 46205821Sedwinresult of other problems, such as overly permissive modes on directories. 47205821SedwinFor this reason, sendmail checks the modes on system directories and 48205821Sedwinfiles to determine if they can be trusted. For sendmail to run without 49205821Sedwincomplaining, you MUST execute the following command: 50205821Sedwin 5113877Swosch chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 5213877Swosch chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 53205821Sedwin 5487235SmarkmYou will probably have to tweak this for your environment (for example, 55170447Sgrogsome systems put the spool directory into /usr/spool instead of 56205821Sedwin/var/spool). If you set the RunAsUser option in your sendmail.cf, the 57205821Sedwin/var/spool/mqueue directory will have to be owned by the RunAsUser user. 58205821SedwinAs a general rule, after you have compiled sendmail, run the command 59205821Sedwin 6013877Swosch sendmail -v -bi 61205821Sedwin 62205821Sedwinto initialize the alias database. If it gives messages such as 63205821Sedwin 64205821Sedwin WARNING: writable directory /etc 65205821Sedwin WARNING: writable directory /var/spool/mqueue 66205821Sedwin 67205821Sedwinthen the directories listed have inappropriate write permissions and 68205821Sedwinshould be secured to avoid various possible security attacks. 69205821Sedwin 70205821SedwinBeginning with sendmail 8.9, these checks have become more strict to 71205821Sedwinprevent users from being able to access files they would normally not 72205821Sedwinbe able to read. In particular, .forward and :include: files in unsafe 73205821Sedwindirectory paths (directory paths which are group or world writable) will 74205821Sedwinno longer be allowed. This would mean that if user joe's home directory 75205821Sedwinwas writable by group staff, sendmail would not use his .forward file. 76205821SedwinThis behavior can be altered, at the expense of system security, by 77205821Sedwinsetting the DontBlameSendmail option. For example, to allow .forward 78205821Sedwinfiles in group writable directories: 79205821Sedwin 80205821Sedwin O DontBlameSendmail=forwardfileingroupwritabledirpath 81205821Sedwin 82205821SedwinOr to allow them in both group and world writable directories: 83212035Sedwin 84205821Sedwin O DontBlameSendmail=forwardfileinunsafedirpath 85205821Sedwin 86205821SedwinItems from these unsafe .forward and :include: files will be marked 87205821Sedwinas unsafe addresses -- the items can not be deliveries to files or 88205821Sedwinprograms. This behavior can also be altered via DontBlameSendmail: 89205821Sedwin 90205821Sedwin O DontBlameSendmail=forwardfileinunsafedirpath, 91205821Sedwin forwardfileinunsafedirpathsafe 92205821Sedwin 93205821SedwinThe first flag allows the .forward file to be read, the second allows 94205821Sedwinthe items in the file to be marked as safe for file and program 95205821Sedwindelivery. 96205821Sedwin 97205821SedwinOther files affected by this strengthened security include class 98205821Sedwinfiles (i.e., Fw /etc/mail/local-host-names), persistent host status files, 99205821Sedwinand the files specified by the ErrorHeader and HelpFile options. Similar 100205821SedwinDontBlameSendmail flags are available for the class, ErrorHeader, and 101205821SedwinHelpFile files. 102205821Sedwin 103205821SedwinIf you have an unsafe configuration of .forward and :include: 104251647Sgrogfiles, you can make it safe by finding all such files, and doing 105205821Sedwina "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for 106205821Sedwineach directory in the file's path. 107205821Sedwin 108251647Sgrog 109205821Sedwin+--------------------------+ 110205821Sedwin| FILE AND MAP PERMISSIONS | 111205821Sedwin+--------------------------+ 112205821Sedwin 113205821SedwinAny application which uses either flock() or fcntl() style locking or 114205821Sedwinother APIs that use one of these locking methods (such as open() with 115205821SedwinO_EXLOCK and O_SHLOCK) on files readable by other local untrusted users 116205821Sedwinmay be susceptible to local denial of service attacks. 117205821Sedwin 118205821SedwinFile locking is used throughout sendmail for a variety of files 119205821Sedwinincluding aliases, maps, statistics, and the pid file. Any user who 120205821Sedwincan open one of these files can prevent sendmail or it's associated 121205821Sedwinutilities, e.g., makemap or newaliases, from operating properly. This 122205821Sedwincan also affect sendmail's ability to update status files such as 123205821Sedwinstatistics files. For system which use flock() for file locking, a 124205821Sedwinuser's ability to obtain an exclusive lock prevents other sendmail 125205821Sedwinprocesses from reading certain files such as alias or map databases. 126205821Sedwin 127205821SedwinA workaround for this problem is to protect all sendmail files such 128205821Sedwinthat they can't be opened by untrusted users. As long as users can 129205821Sedwinnot open a file, they can not lock it. Since queue files should 130205821Sedwinalready have restricted permissions, the only files that need 131205821Sedwinadjustment are alias, map, statistics, and pid files. These files 132205821Sedwinshould be owned by root or the trusted user specified in the 133205821SedwinTrustedUser option. Changing the permissions to be only readable and 134205821Sedwinwritable by that user is sufficient to avoid the denial of service. 135205821SedwinFor example, depending on the paths you use, these commands would be 136205821Sedwinused: 137205821Sedwin 138205821Sedwin chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir} 139205821Sedwin chmod 0640 /etc/mail/*.{db,pag,dir} 140205821Sedwin chmod 0640 /etc/mail/statistics /var/log/sendmail.st 141205821Sedwin chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid 142205821Sedwin 143205821SedwinIf the permissions 0640 are used, be sure that only trusted users belong 144205821Sedwinto the group assigned to those files. Otherwise, files should not even 145205821Sedwinbe group readable. As of sendmail 8.12.4, the permissions shown above 146205821Sedwinare the default permissions for newly created files. 147205821Sedwin 148205821SedwinNote that the denial of service on the plain text aliases file 149205821Sedwin(/etc/mail/aliases) only prevents newaliases from rebuilding the 150205821Sedwinaliases file. The same is true for the database files on systems which 151205821Sedwinuse fcntl() style locking. Since it does not interfere with normal 152205821Sedwinoperations, sites may chose to leave these files readable. Also, it is 153205821Sedwinnot necessary to protect the text files associated with map databases 154205821Sedwinas makemap does not lock those files. 155205821Sedwin 156205821Sedwin 157205821Sedwin+-----------------------+ 158205821Sedwin| RELATED DOCUMENTATION | 159205821Sedwin+-----------------------+ 160205821Sedwin 161205821SedwinThere are other files you should read. Rooted in this directory are: 162205821Sedwin 163205821Sedwin FAQ 164205821Sedwin The FAQ (frequently answered questions) is no longer maintained 165205821Sedwin with the sendmail release. It is available at 166181322Sedwin http://www.sendmail.org/faq/ . The file FAQ is a reminder of 167181322Sedwin this and a pointer to the web page. 168255715Sdb INSTALL 169255715Sdb Installation instructions for building and installing sendmail. 17013877Swosch KNOWNBUGS 171216697Sosa Known bugs in the current release. 172205821Sedwin RELEASE_NOTES 173205821Sedwin A detailed description of the changes in each version. This 174218797Sosa is quite long, but informative. 17513877Swosch sendmail/README 176205821Sedwin Details on compiling and installing sendmail. 177205821Sedwin cf/README 178251647Sgrog Details on configuring sendmail. 179205821Sedwin doc/op/op.me 180205821Sedwin The sendmail Installation & Operations Guide. In addition 181205821Sedwin to the shipped PostScript version, plain text and PDF versions 182205821Sedwin can be generating using (assuming the required conversion software 183205821Sedwin is installed on your system, see doc/op/Makefile): 184205821Sedwin 185205821Sedwin cd doc/op && make op.txt op.pdf 186205821Sedwin 187205821Sedwin Be warned: on some systems calling make in doc/op/ will cause 18813877Swosch errors due to nroff/groff problems. Known problems are: 189205821Sedwin - running this off on systems with an old version of -me, you 190205821Sedwin need to add the following macro to the macros: 191205821Sedwin 192205821Sedwin .de sm 19315720Sache \s-1\\$1\\s0\\$2 194205821Sedwin .. 195205821Sedwin 196205821Sedwin This sets a word in a smaller pointsize. 197205821Sedwin 198 - with new groff versions (1.18 seems affected) 199 200 GROFF_NO_SGR=1 201 202 needs to be set, e.g., in doc/op/Makefile: 203 204 ROFF_CMD= GROFF_NO_SGR=1 groff 205 206 207+--------------+ 208| RELATED RFCS | 209+--------------+ 210 211There are several related RFCs that you may wish to read -- they are 212available via anonymous FTP to several sites. For a list of the 213primary repositories see: 214 215 http://www.isi.edu/in-notes/rfc-retrieval.txt 216 217They are also online at: 218 219 http://www.ietf.org/ 220 221They can also be retrieved via electronic mail by sending 222email to one of: 223 224 mail-server@nisc.sri.com 225 Put "send rfcNNN" in message body 226 nis-info@nis.nsf.net 227 Put "send RFCnnn.TXT-1" in message body 228 sendrfc@jvnc.net 229 Put "RFCnnn" as Subject: line 230 231For further instructions see: 232 233 http://www.isi.edu/in-notes/rfc-editor/rfc-info 234 235Important RFCs for electronic mail are: 236 237 RFC821 SMTP protocol 238 RFC822 Mail header format 239 RFC974 MX routing 240 RFC976 UUCP mail format 241 RFC1123 Host requirements (modifies 821, 822, and 974) 242 RFC1344 Implications of MIME for Internet Mail Gateways 243 RFC1413 Identification server 244 RFC1428 Transition of Internet Mail from Just-Send-8 to 245 8-bit SMTP/MIME 246 RFC1652 SMTP Service Extension for 8bit-MIMEtransport 247 RFC1869 SMTP Service Extensions (ESMTP spec) 248 RFC1870 SMTP Service Extension for Message Size Declaration 249 RFC1891 SMTP Service Extension for Delivery Status Notifications 250 RFC1892 Multipart/Report Content Type for the Reporting of 251 Mail System Administrative Messages 252 RFC1893 Enhanced Mail System Status Codes 253 RFC1894 An Extensible Message Format for Delivery Status 254 Notifications 255 RFC1985 SMTP Service Extension for Remote Message Queue Starting 256 RFC2033 Local Mail Transfer Protocol (LMTP) 257 RFC2034 SMTP Service Extension for Returning Enhanced Error Codes 258 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: 259 Format of Internet Message Bodies 260 RFC2476 Message Submission 261 RFC2487 SMTP Service Extension for Secure SMTP over TLS 262 RFC2554 SMTP Service Extension for Authentication 263 RFC2821 Simple Mail Transfer Protocol 264 RFC2822 Internet Message Format 265 RFC2852 Deliver By SMTP Service Extension 266 RFC2920 SMTP Service Extension for Command Pipelining 267 268Other standards that may be of interest (but which are less directly 269relevant to sendmail) are: 270 271 RFC987 Mapping between RFC822 and X.400 272 RFC1049 Content-Type header field (extension to RFC822) 273 274Warning to AIX users: this version of sendmail does not implement 275MB, MR, or MG DNS resource records, as defined (as experiments) in 276RFC1035. 277 278 279+---------+ 280| WARNING | 281+---------+ 282 283Since sendmail 8.11 and later includes hooks to cryptography, the 284following information from OpenSSL applies to sendmail as well. 285 286PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY 287SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING 288TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME 289PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR 290COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL 291SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE 292YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT 293AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR 294ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY. 295 296If you use OpenSSL then make sure you read their README file which 297contains information about patents etc. 298 299 300+-------------------+ 301| DATABASE ROUTINES | 302+-------------------+ 303 304IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** 305use the version that was on the Net2 tape -- it has a number of 306nefarious bugs that were bad enough when I got them; you shouldn't have 307to go through the same thing. Instead, get a new version via the web at 308http://www.sleepycat.com/. This software is highly recommended; it gets 309rid of several stupid limits, it's much faster, and the interface is 310nicer to animals and plants. If the Berkeley DB include files 311are installed in a location other than those which your compiler searches, 312you will need to provide that directory when building: 313 314 Build -I/path/to/include/directory 315 316If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* 317urged to upgrade to DB version 2 or later, available from 318http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to 319be broken in various nasty ways (see http://www.sleepycat.com/db.185.html), 320and can cause sendmail to dump core. In addition, the newest versions of 321gcc and the Solaris compilers perform optimizations in those versions that 322may cause fairly random core dumps. 323 324If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are 325using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h 326and ndbm.o from the DB library after building it. You should also apply 327all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site 328(see http://www.sleepycat.com/db.185.html), as they fix some of the known 329problems. 330 331If you are using a version of Berkeley DB 2 previous to 2.3.15, and you 332are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o 333from the DB library after building it. No other changes are necessary. 334 335If you are using Berkeley DB version 2.3.15 or greater, no changes are 336necessary. 337 338The underlying database file formats changed between Berkeley DB versions 3391.85 and 1.86, again between DB 1.86 and version 2.0, and finally between 340DB 2.X and 3.X. If you are upgrading from one of those versions, you must 341recreate your database file(s). Do this by rebuilding all maps with 342makemap and rebuilding the alias file with newaliases. 343 344 345+--------------------+ 346| HOST NAME SERVICES | 347+--------------------+ 348 349If you are using NIS or /etc/hosts, it is critical that you 350list the long (fully qualified) name somewhere (preferably first) in 351the /etc/hosts file used to build the NIS database. For example, the 352line should read 353 354 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon 355 356**** NOT **** 357 358 128.32.149.68 mastodon 359 360If you do not include the long name, sendmail will complain loudly 361about ``unable to qualify my own domain name (mastodon) -- using 362short name'' and conclude that your canonical name is the short 363version and use that in messages. The name "mastodon" doesn't mean 364much outside of Berkeley, and so this creates incorrect and unreplyable 365messages. 366 367 368+-------------+ 369| USE WITH MH | 370+-------------+ 371 372This version of sendmail notices and reports certain kinds of SMTP 373protocol violations that were ignored by older versions. If you 374are running MH you may wish to install the patch in contrib/mh.patch 375that will prevent these warning reports. This patch also works 376with the old version of sendmail, so it's safe to go ahead and 377install it. 378 379 380+----------------+ 381| USE WITH IDENT | 382+----------------+ 383 384Sendmail 8 supports the IDENT protocol, as defined by RFC 1413. 385Note that the RFC states a client should wait at least 30 seconds 386for a response. As of 8.10.0, the default Timeout.ident is 5 seconds 387as many sites have adopted the practice of dropping IDENT queries. 388This has lead to delays processing mail. 389 390No ident server is included with this distribution. It is available 391from: 392 393 ftp://ftp.lysator.liu.se/pub/ident/servers/ 394 http://sf.www.lysator.liu.se/~pen/pidentd/ 395 396+-------------------------+ 397| INTEROPERATION PROBLEMS | 398+-------------------------+ 399 400Microsoft Exchange Server 5.0 401 We have had a report that ``about 7% of messages from Sendmail 402 to Exchange were not being delivered with status messages of 403 "connection reset" and "I/O error".'' Upgrading Exchange from 404 Version 5.0 to Version 5.5 Service Pack 2 solved this problem. 405 406CommuniGate Pro 407 CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on 408 the MAIL FROM command if the client is not authenticated. Use 409 410 define(`confAUTH_OPTIONS', `A') 411 412 in .mc file if you have compiled sendmail with Cyrus SASL 413 and you communicate with CommuniGate Pro servers. 414 415+---------------------+ 416| DIRECTORY STRUCTURE | 417+---------------------+ 418 419The structure of this directory tree is: 420 421cf Source for sendmail configuration files. These are 422 different than what you've seen before. They are a 423 fairly dramatic rewrite, requiring the new sendmail 424 (since they use new features). 425contrib Some contributed tools to help with sendmail. THESE 426 ARE NOT SUPPORTED by sendmail -- contact the original 427 authors if you have problems. (This directory is not 428 on the 4.4BSD tape.) 429devtools Build environment. See devtools/README. 430doc Documentation. If you are getting source, read 431 op.me -- it's long, but worth it. 432editmap A program to edit and query maps that have been created 433 with makemap, e.g., adding and deleting entries. 434include Include files used by multiple programs in the distribution. 435libsmdb sendmail database library with support for Berkeley DB 1.X, 436 Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. 437libsmutil sendmail utility library with functions used by different 438 programs. 439mail.local The source for the local delivery agent used for 4.4BSD. 440 THIS IS NOT PART OF SENDMAIL! and may not compile 441 everywhere, since it depends on some 4.4-isms. Warning: 442 it does mailbox locking differently than other systems. 443mailstats Statistics printing program. 444makemap A program that creates the keyed maps used by the $( ... $) 445 construct in sendmail. It is primitive but effective. 446 It takes a very simple input format, so you will probably 447 expect to preprocess must human-convenient formats 448 using sed scripts before this program will like them. 449 But it should be functionally complete. 450praliases A program to print the DBM or NEWDB version of the 451 aliases file. 452rmail Source for rmail(8). This is used as a delivery 453 agent for for UUCP, and could presumably be used by 454 other non-socket oriented mailers. Older versions of 455 rmail are probably deficient. RMAIL IS NOT PART OF 456 SENDMAIL!!! The 4.4BSD source is included for you to 457 look at or try to port to your system. There is no 458 guarantee it will even compile on your operating system. 459smrsh The "sendmail restricted shell", which can be used as 460 a replacement for /bin/sh in the prog mailer to provide 461 increased security control. NOT PART OF SENDMAIL! 462sendmail Source for the sendmail program itself. 463test Some test scripts (currently only for compilation aids). 464vacation Source for the vacation program. NOT PART OF SENDMAIL! 465 466$Revision: 8.90.2.1 $, Last updated $Date: 2002/11/09 23:32:28 $ 467