README revision 42575
18478Swollman/*- 28478Swollman * @(#)README 8.50 (Berkeley) 12/17/1998 38478Swollman */ 48478Swollman 58478Swollman SENDMAIL RELEASE 8 68478Swollman 78478SwollmanThis directory has the latest sendmail(TM) software from Sendmail, Inc. 88478SwollmanSee doc/changes/changes.me for a summary of changes since 5.67. 98478Swollman 108478SwollmanReport any bugs to sendmail-bugs@sendmail.ORG 118478Swollman 128478SwollmanThere is a web site at http://WWW.Sendmail.ORG -- see that site for 138478Swollmanthe latest updates. 148478Swollman 158478Swollman****************************************************************** 168478Swollman** A new Build architecture is in place that allows you to ** 178478Swollman** use the "Build" shell script in any of the program ** 188478Swollman** directories. On many environments this will do everything ** 198478Swollman** for you, no fuss, no muss. See src/README for more details ** 208478Swollman** of compilation. See cf/README for details about building ** 218478Swollman** a runtime configuration file. ** 228478Swollman****************************************************************** 238478Swollman 248478SwollmanSendmail is a trademark of Sendmail, Inc. 258478Swollman 268478Swollman+-----------------------+ 278478Swollman| DIRECTORY PERMISSIONS | 288478Swollman+-----------------------+ 2950476Speter 308478SwollmanSendmail often gets blamed for many problems that are actually the 31306983Ssevanresult of other problems, such as overly permissive modes on directories. 328478SwollmanFor this reason, sendmail checks the modes on system directories and 3379530Srufiles to determine if can have been trusted. For sendmail to run 348478Swollmanwithout complaining, you MUST execute the following command: 358478Swollman 368478Swollman chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 378478Swollman chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue 3868960Sru 398478SwollmanYou will probably have to tweak this for your environment (for example, 4036414Sjkoshysome systems put the spool directory into /usr/spool instead of 4168960Sru/var/spool and use /etc/mail for aliases file instead of /etc). If you 4236414Sjkoshyset the RunAsUser option in your sendmail.cf, the /var/spool/mqueue 43132348Smaximdirectory will have to be owned by the RunAsUser user. As a general rule, 44242451Salfredafter you have compiled sendmail, run the command 45242486Salfred 46242451Salfred sendmail -v -bi 478478Swollman 4899501Scharnierto initialize the alias database. If it gives messages such as 4999501Scharnier 50136103Sdes WARNING: writable directory /etc 51136103Sdes WARNING: writable directory /usr/spool/mqueue 5236365Sjkoshy 5379754Sddthen the directories listed have inappropriate write permissions and 5436414Sjkoshyshould be secured to avoid various possible security attacks. 5536414Sjkoshy 5636414SjkoshyBeginning with sendmail 8.9, these checks have become more strict to 5736414Sjkoshyprevent users from being able to access files they would normally not 5836414Sjkoshybe able to read. In particular, .forward and :include: files in unsafe 5979754Sdddirectory paths (directory paths which are group or world writable) will 6036414Sjkoshyno longer be allowed. This would mean that if user joe's home directory 6136365Sjkoshywas writable by group staff, sendmail would not use his .forward file. 62250095SjoelThis behavior can be altered, at the expense of system security, by 63250095Sjoelsetting the DontBlameSendmail option. For example, to allow .forward 64250095Sjoelfiles in group writable directories: 65250095Sjoel 66250095Sjoel O DontBlameSendmail=forwardfileingroupwritabledirpath 67250095Sjoel 68250095SjoelOr to allow them in both group and world writable directories: 69250095Sjoel 70250095Sjoel O DontBlameSendmail=forwardfileinunsafedirpath 71136103Sdes 72154099SpavItems from these unsafe .forward and :include: files will be marked 73136103Sdesas unsafe addresses -- the items can not be deliveries to files or 74101790Sruprograms. This behavior can also be altered via DontBlameSendmail: 75101790Sru 76250095Sjoel O DontBlameSendmail=forwardfileinunsafedirpath, 77136104Sdes forwardfileinunsafedirpathsafe 78136104Sdes 79136104SdesThe first flag allows the .forward file to be read, the second allows 80136104Sdesthe items in the file to be marked as safe for file and program 81136104Sdesdelivery. 82136104Sdes 83136104SdesOther files affected by this strengthened security include class 84136104Sdesfiles (i.e. Fw /etc/sendmail.cw), persistent host status files, and 85242451Salfredthe files specified by the ErrorHeader and HelpFile options. Similar 86242451SalfredDontBlameSendmail flags are available for the class, ErrorHeader, and 87242451SalfredHelpFile files. 88242451Salfred 89242451SalfredIf you have an unsafe configuration of .forward and :include: 90242451Salfredfiles, you can make it safe by finding all such files, and doing 91242451Salfreda "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for 928478Swollmaneach directory in the file's path. 9379754Sdd 948478Swollman 9536414Sjkoshy+--------------+ 96114811Shmp| MANUAL PAGES | 9763162Sben+--------------+ 9863162Sben 9963162SbenThe sendmail manual pages use contemporary Berkeley troff macros. If 10063162Sbenyour system does not process these manual pages, you can pick up the 101102231Strhodesnew macros in a BSD Net/2 FTP site (e.g. on FTP.UU.NET, the files 10263162Sben/systems/unix/bsd-sources/share/tmac/*). 10363162Sben 10463162SbenThe strip.sed file is only used in installation. 105102231Strhodes 10663162SbenAfter installation, edit tmac.doc and tmac.andoc to reflect the 1078478Swollmaninstallation path of the tmac files. Those files contain pointers to 10879754Sdd/usr/share/tmac/, and those pointers are not changed by the `make 1098478Swollmaninstall` process. There's also a bug in those files -- make the 110114811Shmpfollowing patch: 1118478Swollman 112114811Shmp*** tmac.an~ Tue Jul 12 14:29:09 1994 113114811Shmp--- tmac.an Fri Jul 15 13:17:54 1994 114114811Shmp*************** 115114811Shmp*** 50,55 **** 116114811Shmp .de TH 1178478Swollman .rn TH xX 11836414Sjkoshy .so /usr/share/lib/tmac/tmac.an.old 119114811Shmp! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 120114811Shmp .rm xX 121114811Shmp .. 122114811Shmp--- 50,55 ---- 123114811Shmp .de TH 124114811Shmp .rn TH xX 125114811Shmp .so /usr/share/lib/tmac/tmac.an.old 126114811Shmp! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8" 127273817Sae .rm xX 128273817Sae .. 129273817Sae 130273817SaeRename the existing tmac.an to be tmac.an.old, and rename tmac.andoc 131273817Saeto be tmac.an. 132273817Sae 133273817Saetmac.an will choose between tmac.an.old, your old macros, or tmac.doc, 134273817Saewhich are the new macros, so that both the new man pages and the 135273817Saeexisting man pages will be translated properly. 136140415Sru 137273817SaeI'm also told that the groff distribution from MIT has a tmac.doc 138273817Saemacro set that is compatible with these macros. 139140415Sru 140140415Sru 141140415Sru+-----------------------+ 142140415Sru| RELATED DOCUMENTATION | 1438478Swollman+-----------------------+ 14436365Sjkoshy 14536365SjkoshyThere are other files you should read. Rooted in this directory are: 14638702Swosch 1478478Swollman doc/changes/changes.ps 148273817Sae Describes changes between Release 5 and Release 8 of sendmail. 1498478Swollman There are some things that may behave somewhat differently. 15036365Sjkoshy For example, the rules governing when :include: files will 15136365Sjkoshy be read have been tightened up for security reasons. 15236365Sjkoshy FAQ 1538478Swollman Answers to Frequently Asked Questions. 1548478Swollman KNOWNBUGS 1558478Swollman Known bugs in the current release. I try to keep this up 15699501Scharnier to date -- get the latest version from FTP.Sendmail.ORG 157306983Ssevan in /ucb/sendmail/KNOWNBUGS. 158140415Sru RELEASE_NOTES 159140415Sru A detailed description of the changes in each version. This 160140415Sru is quite long, but informative. 161 src/README 162 Details on compiling and installing sendmail. 163 cf/README 164 Details on configuring sendmail. 165 doc/op/op.me 166 The sendmail Installation & Operations Guide. Be warned: if 167 you are running this off on SunOS or some other system with an 168 old version of -me, you need to add the following macro to the 169 macros: 170 171 .de sm 172 \s-1\\$1\\s0\\$2 173 .. 174 175 This sets a word in a smaller pointsize. 176 177 178+--------------+ 179| RELATED RFCS | 180+--------------+ 181 182There are several related RFCs that you may wish to read -- they are 183available via anonymous FTP to several sites, including: 184 185 ftp://nic.ddn.mil/rfc/ 186 ftp://nis.nsf.net/documents/rfc/ 187 ftp://nisc.jvnc.net/rfc/ 188 ftp://venera.isi.edu/in-notes/ 189 ftp://wuarchive.wustl.edu/doc/rfc/ 190 191For a list of the primary repositories see: 192 193 http://www.isi.edu/in-notes/rfc-retrieval.txt 194 195They are also online at: 196 197 http://www.ietf.org/ 198 199They can also be retrieved via electronic mail by sending 200email to one of: 201 202 mail-server@nisc.sri.com 203 Put "send rfcNNN" in message body 204 nis-info@nis.nsf.net 205 Put "send RFCnnn.TXT-1" in message body 206 sendrfc@jvnc.net 207 Put "RFCnnn" as Subject: line 208 209For further instructions see: 210 211 http://www.isi.edu/in-notes/rfc-editor/rfc-info 212 213Important RFCs for electronic mail are: 214 215 RFC821 SMTP protocol 216 RFC822 Mail header format 217 RFC974 MX routing 218 RFC976 UUCP mail format 219 RFC1123 Host requirements (modifies 821, 822, and 974) 220 RFC1413 Identification server 221 RFC1869 SMTP Service Extensions (ESMTP spec) 222 RFC1652 SMTP Service Extension for 8bit-MIMEtransport 223 RFC1870 SMTP Service Extension for Message Size Declaration 224 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: 225 Format of Internet Message Bodies 226 RFC1344 Implications of MIME for Internet Mail Gateways 227 RFC1428 Transition of Internet Mail from Just-Send-8 to 228 8-bit SMTP/MIME 229 RFC1891 SMTP Service Extension for Delivery Status Notifications 230 RFC1892 Multipart/Report Content Type for the Reporting of 231 Mail System Administrative Messages 232 RFC1893 Enhanced Mail System Status Codes 233 RFC1894 An Extensible Message Format for Delivery Status 234 Notifications 235 RFC1985 SMTP Service Extension for Remote Message Queue Starting 236 RFC2033 Local Mail Transfer Protocol 237 238Other standards that may be of interest (but which are less directly 239relevant to sendmail) are: 240 241 RFC987 Mapping between RFC822 and X.400 242 RFC1049 Content-Type header field (extension to RFC822) 243 244Warning to AIX users: this version of sendmail does not implement 245MB, MR, or MG DNS resource records, as defined (as experiments) in 246RFC1035. 247 248 249+-------------------+ 250| DATABASE ROUTINES | 251+-------------------+ 252 253IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** 254use the version that was on the Net2 tape -- it has a number of 255nefarious bugs that were bad enough when I got them; you shouldn't have 256to go through the same thing. Instead, get a new version via the web at 257http://www.sleepycat.com/. This software is highly recommended; it gets 258rid of several stupid limits, it's much faster, and the interface is 259nicer to animals and plants. If the Berkeley DB include files 260are installed in a location other than those which your compiler searches, 261you will need to provide that directory when building: 262 263 Build -I/path/to/include/directory 264 265If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* 266urged to upgrade to DB version 2, available from http://www.sleepycat.com/. 267Berkeley DB versions 1.85 and 1.86 are known to be broken in various nasty 268ways (see http://www.sleepycat.com/db.185.html), and can cause sendmail 269to dump core. In addition, the newest versions of gcc and the Solaris 270compilers perform optimizations in those versions that may cause fairly 271random core dumps. 272 273If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are 274using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h 275and ndbm.o from the DB library after building it. You should also apply 276all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site 277(see http://www.sleepycat.com/db.185.html), as they fix some of the known 278problems. 279 280If you are using a version of Berkeley DB 2 previous to 2.3.15, and you 281are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o 282from the DB library after building it. No other changes are necessary. 283 284If you are using Berkeley DB version 2.3.15 or greater, no changes are 285necessary. 286 287The underlying database file formats changed between Berkeley DB versions 2881.85 and 1.86, and again between DB 1.86 and version 2.0. If you are 289upgrading from one of those versions, you must recreate your database 290file(s). Do this by rebuilding all maps with makemap and rebuilding the 291alias file with newaliases. 292 293 294+--------------------+ 295| HOST NAME SERVICES | 296+--------------------+ 297 298If you are using NIS or /etc/hosts, it is critical that you 299list the long (fully qualified) name somewhere (preferably first) in 300the /etc/hosts file used to build the NIS database. For example, the 301line should read 302 303 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon 304 305**** NOT **** 306 307 128.32.149.68 mastodon 308 309If you do not include the long name, sendmail will complain loudly 310about ``unable to qualify my own domain name (mastodon) -- using 311short name'' and conclude that your canonical name is the short 312version and use that in messages. The name "mastodon" doesn't mean 313much outside of Berkeley, and so this creates incorrect and unreplyable 314messages. 315 316 317+-------------+ 318| USE WITH MH | 319+-------------+ 320 321This version of sendmail notices and reports certain kinds of SMTP 322protocol violations that were ignored by older versions. If you 323are running MH you may wish to install the patch in contrib/mh.patch 324that will prevent these warning reports. This patch also works 325with the old version of sendmail, so it's safe to go ahead and 326install it. 327 328 329+----------------+ 330| USE WITH IDENT | 331+----------------+ 332 333Sendmail 8 supports the IDENT protocol, as defined by RFC 1413. 334No ident server is included with this distribution. I have found 335copies available on: 336 337 ftp.lysator.liu.se /pub/ident/servers 338 romulus.ucs.uoknor.edu /networking/ident/servers 339 ftp.cyf-kr.edu.pl /agh/uciagh/network/ident 340 341If you want to run an IDENT server, I suggest getting a copy from 342one of those sites. Versions are available for several different 343systems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS. 344 345 346+---------------------+ 347| DIRECTORY STRUCTURE | 348+---------------------+ 349 350The structure of this directory tree is: 351 352cf Source for sendmail configuration files. These are 353 different than what you've seen before. They are a 354 fairly dramatic rewrite, requiring the new sendmail 355 (since they use new features). 356contrib Some contributed tools to help with sendmail. THESE 357 ARE NOT SUPPORTED by sendmail -- contact the original 358 authors if you have problems. (This directory is not 359 on the 4.4BSD tape.) 360doc Documentation. If you are getting source, read 361 op.me -- it's long, but worth it. 362mail.local The source for the local delivery agent used for 4.4BSD. 363 THIS IS NOT PART OF SENDMAIL! and may not compile 364 everywhere, since it depends on some 4.4-isms. Warning: 365 it does mailbox locking differently than other systems. 366mailstats Statistics printing program. It has the pathname of 367 sendmail.st compiled in, so if you've changed that, 368 beware. 369makemap A program that creates the keyed maps used by the $( ... $) 370 construct in sendmail. It is primitive but effective. 371 It takes a very simple input format, so you will probably 372 expect to preprocess must human-convenient formats 373 using sed scripts before this program will like them. 374 But it should be functionally complete. 375praliases A program to print the DBM or NEWDB version of the 376 aliases file. 377rmail Source for rmail(8). This is used as a delivery 378 agent for for UUCP, and could presumably be used by 379 other non-socket oriented mailers. Older versions of 380 rmail are probably deficient. RMAIL IS NOT PART OF 381 SENDMAIL!!! The 4.4BSD source is included for you to 382 look at or try to port to your system. I know it doesn't 383 compile on {SunOS, HP-UX, OSF/1, other} (pick one). 384smrsh The "sendmail restricted shell", which can be used as 385 a replacement for /bin/sh in the prog mailer to provide 386 increased security control. NOT PART OF SENDMAIL! 387src Source for the sendmail program itself. 388test Some test scripts (currently only for compilation aids). 389