1 | |
---|
2 | |
---|
3 | K N O W N B U G S I N S E N D M A I L |
---|
4 | |
---|
5 | |
---|
6 | The following are bugs or deficiencies in sendmail that we are aware of |
---|
7 | but which have not been fixed in the current release. You probably |
---|
8 | want to get the most up to date version of this from ftp.sendmail.org |
---|
9 | in /pub/sendmail/KNOWNBUGS. For descriptions of bugs that have been |
---|
10 | fixed, see the file RELEASE_NOTES (in the root directory of the sendmail |
---|
11 | distribution). |
---|
12 | |
---|
13 | This list is not guaranteed to be complete. |
---|
14 | |
---|
15 | * Delivery to programs that generate too much output may cause problems |
---|
16 | |
---|
17 | If e-mail is delivered to a program which generates too much |
---|
18 | output, then sendmail may issue an error: |
---|
19 | |
---|
20 | timeout waiting for input from local during Draining Input |
---|
21 | |
---|
22 | Make sure that the program does not generate output beyond a |
---|
23 | status message (corresponding to the exit status). This may |
---|
24 | require a wrapper around the actual program to redirect output |
---|
25 | to /dev/null. |
---|
26 | |
---|
27 | Such a problem has been reported for bulk_mailer. |
---|
28 | |
---|
29 | * Null bytes are not handled properly in headers. |
---|
30 | |
---|
31 | Sendmail should handle full binary data. As it stands, it handles |
---|
32 | all values in the body, but only 0x01-0x80 and 0xA0-0xFF in |
---|
33 | the header. Notably missing is 0x00, which would require a major |
---|
34 | restructuring of the code -- for example, almost no C library support |
---|
35 | could be used to handle strings. |
---|
36 | |
---|
37 | * Header checks are not called if header value is too long or empty. |
---|
38 | |
---|
39 | If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6) |
---|
40 | characters or it contains a single word longer than 256 (MAXNAME) |
---|
41 | characters then no header check is done even if one is configured for |
---|
42 | the header. |
---|
43 | |
---|
44 | * Sender addresses whose domain part cause a temporary A record lookup |
---|
45 | failure but have a valid MX record will be temporarily rejected in |
---|
46 | the default configuration. Solution: fix the DNS at the sender side. |
---|
47 | If that's not easy to achieve, possible workarounds are: |
---|
48 | - add an entry to the access map: |
---|
49 | dom.ain OK |
---|
50 | - (only for advanced users) replace |
---|
51 | |
---|
52 | # Resolve map (to check if a host exists in check_mail) |
---|
53 | Kresolve host -a<OKR> -T<TEMP> |
---|
54 | |
---|
55 | with |
---|
56 | |
---|
57 | # Resolve map (to check if a host exists in check_mail) |
---|
58 | Kcanon host -a<OKR> -T<TEMP> |
---|
59 | Kdnsmx dns -R MX -a<OKR> -T<TEMP> |
---|
60 | Kresolve sequence dnsmx canon |
---|
61 | |
---|
62 | |
---|
63 | * Duplicate error messages. |
---|
64 | |
---|
65 | Sometimes identical, duplicate error messages can be generated. As |
---|
66 | near as I can tell, this is rare and relatively innocuous. |
---|
67 | |
---|
68 | * Misleading error messages. |
---|
69 | |
---|
70 | If an illegal address is specified on the command line together |
---|
71 | with at least one valid address and PostmasterCopy is set, the |
---|
72 | DSN does not contain the illegal address, but only the valid |
---|
73 | address(es). |
---|
74 | |
---|
75 | * \231 considered harmful. |
---|
76 | |
---|
77 | Header addresses that have the \231 character (and possibly others |
---|
78 | in the range \201 - \237) behave in odd and usually unexpected ways. |
---|
79 | |
---|
80 | * accept() problem on SVR4. |
---|
81 | |
---|
82 | Apparently, the sendmail daemon loop (doing accept()s on the network) |
---|
83 | can get into a weird state on SVR4; it starts logging ``SYSERR: |
---|
84 | getrequests: accept: Protocol Error''. The workaround is to kill |
---|
85 | and restart the sendmail daemon. We don't have an SVR4 system at |
---|
86 | Berkeley that carries more than token mail load, so I can't validate |
---|
87 | this. It is likely to be a glitch in the sockets emulation, since |
---|
88 | "Protocol Error" is not possible error code with Berkeley TCP/IP. |
---|
89 | |
---|
90 | I've also had someone report the message ``sendmail: accept: |
---|
91 | SIOCGPGRP failed errno 22'' on an SVR4 system. This message is |
---|
92 | not in the sendmail source code, so I assume it is also a bug |
---|
93 | in the sockets emulation. (Errno 22 is EINVAL "Invalid Argument" |
---|
94 | on all the systems I have available, including Solaris 2.x.) |
---|
95 | Apparently, this problem is due to linking -lc before -lsocket; |
---|
96 | if you are having this problem, check your Makefile. |
---|
97 | |
---|
98 | * accept() problem on Linux. |
---|
99 | |
---|
100 | The accept() in sendmail daemon loop can return ETIMEDOUT. An |
---|
101 | error is reported to syslog: |
---|
102 | |
---|
103 | Jun 9 17:14:12 hostname sendmail[207]: NOQUEUE: SYSERR(root): |
---|
104 | getrequests: accept: Connection timed out |
---|
105 | |
---|
106 | "Connection timed out" is not documented as a valid return from |
---|
107 | accept(2) and this was believed to be a bug in the Linux kernel. |
---|
108 | Later information from the Linux kernel group states that Linux |
---|
109 | 2.0 kernels follow RFC1122 while sendmail follows the original BSD |
---|
110 | (now POSIX 1003.1g draft) specification. The 2.1.X and later kernels |
---|
111 | will follow the POSIX draft. |
---|
112 | |
---|
113 | * Excessive mailing list nesting can run out of file descriptors. |
---|
114 | |
---|
115 | If you have a mailing list that includes lots of other mailing |
---|
116 | lists, each of which has a separate owner, you can run out of |
---|
117 | file descriptors. Each mailing list with a separate owner uses |
---|
118 | one open file descriptor (prior to 8.6.6 it was three open |
---|
119 | file descriptors per list). This is particularly egregious if |
---|
120 | you have your connection cache set to be large. |
---|
121 | |
---|
122 | * Connection caching breaks if you pass the port number as an argument. |
---|
123 | |
---|
124 | If you have a definition such as: |
---|
125 | |
---|
126 | Mport, P=[IPC], F=kmDFMuX, S=11/31, R=21, |
---|
127 | M=2100000, T=DNS/RFC822/SMTP, |
---|
128 | A=IPC [127.0.0.1] $h |
---|
129 | |
---|
130 | (i.e., where $h is the port number instead of the host name) the |
---|
131 | connection caching code will break because it won't notice that |
---|
132 | two messages addressed to different ports should use different |
---|
133 | connections. |
---|
134 | |
---|
135 | * ESMTP SIZE underestimates the size of a message |
---|
136 | |
---|
137 | Sendmail makes no allowance for headers that it adds, nor does it |
---|
138 | account for the SMTP on-the-wire \r\n expansion. It probably doesn't |
---|
139 | allow for 8->7 bit MIME conversions either. |
---|
140 | |
---|
141 | * Client ignores SIZE parameter. |
---|
142 | |
---|
143 | When sendmail acts as client and the server specifies a limit |
---|
144 | for the mail size, sendmail will ignore this and try to send the |
---|
145 | mail anyway. The server will usually reject the MAIL command |
---|
146 | which specifies the size of the message and hence this problem |
---|
147 | is not significant. |
---|
148 | |
---|
149 | * Paths to programs being executed and the mode of program files are |
---|
150 | not checked. Essentially, the RunProgramInUnsafeDirPath and |
---|
151 | RunWritableProgram bits in the DontBlameSendmail option are always |
---|
152 | set. This is not a problem if your system is well managed (that is, |
---|
153 | if binaries and system directories are mode 755 instead of something |
---|
154 | foolish like 777). |
---|
155 | |
---|
156 | * 8-bit data in GECOS field |
---|
157 | |
---|
158 | If the GECOS (personal name) information in the passwd file contains |
---|
159 | 8-bit characters, those characters can be included in the message |
---|
160 | header, which can cause problems when sending SMTP to hosts that |
---|
161 | only accept 7-bit characters. |
---|
162 | |
---|
163 | * 8->7 bit MIME conversion |
---|
164 | |
---|
165 | When sendmail is doing 8->7 bit MIME conversions, and the message |
---|
166 | contains certain MIME body types that cannot be converted to 7-bit, |
---|
167 | sendmail will strip the message to 7-bit. |
---|
168 | |
---|
169 | * 7->8 bit MIME conversion |
---|
170 | |
---|
171 | If a message that is encoded as 7-bit MIME is converted to 8-bit and |
---|
172 | that message when decoded is illegal (e.g., because of long lines or |
---|
173 | illegal characters), sendmail can produce an illegal message. |
---|
174 | |
---|
175 | * MIME encoded full name phrases in the From: header |
---|
176 | |
---|
177 | If a full name phrase includes characters from MustQuoteChars, sendmail |
---|
178 | will quote the entire full name phrase. If MustQuoteChars includes |
---|
179 | characters which are not special characters according to STD 11 (RFC |
---|
180 | 822), this quotation can interfere with MIME encoded full name phrases. |
---|
181 | By default, sendmail includes the single quote character (') in |
---|
182 | MustQuoteChars even though it is not listed as a special character in |
---|
183 | STD 11. |
---|
184 | |
---|
185 | * bestmx map with -z flag truncates the list of MX hosts |
---|
186 | |
---|
187 | A bestmx map configured with the -z flag will truncate the list |
---|
188 | of MX hosts. This prevents creation of strings which are too |
---|
189 | long for ruleset parsing. This can have an adverse effect on the |
---|
190 | relay_based_on_MX feature. |
---|
191 | |
---|
192 | * Saving to ~sender/dead.letter fails if su'ed to root |
---|
193 | |
---|
194 | If ErrorMode is set to print and an error in sending mail occurs, |
---|
195 | the normal action is to print a message to the screen and append |
---|
196 | the message to a dead.letter file in the sender's home directory. |
---|
197 | In the case where the sender is using su to act as root, the file |
---|
198 | safety checks prevent sendmail from saving the dead.letter file |
---|
199 | because the sender's uid and the current real uid do not match. |
---|
200 | |
---|
201 | * Berkeley DB 2.X race condition with fcntl() locking |
---|
202 | |
---|
203 | There is a race condition for Berkeley DB 2.X databases on |
---|
204 | operating systems which use fcntl() style locking, such as |
---|
205 | Solaris. Sendmail locks the map before calling db_open() to |
---|
206 | prevent others from modifying the map while it is being opened. |
---|
207 | Unfortunately, Berkeley DB opens the map, closes it, and then |
---|
208 | reopens it. fcntl() locking drops the lock when any file |
---|
209 | descriptor pointing to the file is closed, even if it is a |
---|
210 | different file descriptor than the one used to initially lock |
---|
211 | the file. As a result there is a possibility that entries in a |
---|
212 | map might not be found during a map rebuild. As a workaround, |
---|
213 | you can use makemap to build a map with a new name and then |
---|
214 | "mv" the new db file to replace the old one. |
---|
215 | |
---|
216 | Sleepycat Software has added code to avoid this race condition to |
---|
217 | Berkeley DB versions after 2.7.5. |
---|
218 | |
---|
219 | * File open timeouts not available on hard mounted NFS file systems |
---|
220 | |
---|
221 | Since SIGALRM does not interrupt an RPC call for hard mounted |
---|
222 | NFS file systems, it is impossible to implement a timeout on a file |
---|
223 | open operation. Therefore, while the NFS server is not responding, |
---|
224 | attempts to open a file on that server will hang. Systems with |
---|
225 | local mail delivery and NFS hard mounted home directories should be |
---|
226 | avoided, as attempts to open the forward files could hang. |
---|
227 | |
---|
228 | * Race condition for delivery to set-user-ID files |
---|
229 | |
---|
230 | Sendmail will deliver to a fail if the file is owned by the DefaultUser |
---|
231 | or has the set-user-ID bit set. Unfortunately, some systems clear that bit |
---|
232 | when a file is modified. Sendmail compensates by resetting the file mode |
---|
233 | back to it's original settings. Unfortunately, there's still a |
---|
234 | permission failure race as sendmail checks the permissions before locking |
---|
235 | the file. This is unavoidable as sendmail must verify the file is safe |
---|
236 | to open before opening it. A file can not be locked until it is open. |
---|
237 | |
---|
238 | * MAIL_HUB always takes precedence over LOCAL_RELAY |
---|
239 | |
---|
240 | Despite the information in the documentation, MAIL_HUB ($H) will always |
---|
241 | be used if set instead of LOCAL_RELAY ($R). This will be fixed in a |
---|
242 | future version. |
---|
243 | |
---|
244 | $Revision: 1.1.1.2 $, Last updated $Date: 2003-04-08 15:08:39 $ |
---|