source: trunk/third/sendmail/README @ 12554

Revision 12554, 14.4 KB checked in by danw, 26 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r12553, which included commits to RCS files with non-trunk default branches.
Line 
1/*-
2 *      @(#)README      8.51 (Berkeley) 1/25/1999
3 */
4
5                        SENDMAIL RELEASE 8
6
7This directory has the latest sendmail(TM) software from Sendmail, Inc.
8See doc/changes/changes.me for a summary of changes since 5.67.
9
10Report any bugs to sendmail-bugs@sendmail.ORG
11
12There is a web site at http://WWW.Sendmail.ORG -- see that site for
13the latest updates.
14
15******************************************************************
16**  A new Build architecture is in place that allows you to     **
17**  use the "Build" shell script in any of the program          **
18**  directories.  On many environments this will do everything  **
19**  for you, no fuss, no muss.  See src/README for more details **
20**  of compilation.  See cf/README for details about building   **
21**  a runtime configuration file.                               **
22******************************************************************
23
24Sendmail is a trademark of Sendmail, Inc.
25
26+-----------------------+
27| DIRECTORY PERMISSIONS |
28+-----------------------+
29
30Sendmail often gets blamed for many problems that are actually the
31result of other problems, such as overly permissive modes on directories.
32For this reason, sendmail checks the modes on system directories and
33files to determine if can have been trusted.  For sendmail to run
34without complaining, you MUST execute the following command:
35
36        chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
37        chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
38
39You will probably have to tweak this for your environment (for example,
40some systems put the spool directory into /usr/spool instead of
41/var/spool and use /etc/mail for aliases file instead of /etc).  If you
42set the RunAsUser option in your sendmail.cf, the /var/spool/mqueue
43directory will have to be owned by the RunAsUser user.  As a general rule,
44after you have compiled sendmail, run the command
45
46        sendmail -v -bi
47
48to initialize the alias database.  If it gives messages such as
49
50        WARNING: writable directory /etc
51        WARNING: writable directory /usr/spool/mqueue
52
53then the directories listed have inappropriate write permissions and
54should be secured to avoid various possible security attacks.
55
56Beginning with sendmail 8.9, these checks have become more strict to
57prevent users from being able to access files they would normally not
58be able to read.  In particular, .forward and :include: files in unsafe
59directory paths (directory paths which are group or world writable) will
60no longer be allowed.  This would mean that if user joe's home directory
61was writable by group staff, sendmail would not use his .forward file.
62This behavior can be altered, at the expense of system security, by
63setting the DontBlameSendmail option.  For example, to allow .forward
64files in group writable directories:
65
66        O DontBlameSendmail=forwardfileingroupwritabledirpath
67
68Or to allow them in both group and world writable directories:
69
70        O DontBlameSendmail=forwardfileinunsafedirpath
71
72Items from these unsafe .forward and :include: files will be marked
73as unsafe addresses -- the items can not be deliveries to files or
74programs.  This behavior can also be altered via DontBlameSendmail:
75
76        O DontBlameSendmail=forwardfileinunsafedirpath,
77                forwardfileinunsafedirpathsafe
78
79The first flag allows the .forward file to be read, the second allows
80the items in the file to be marked as safe for file and program
81delivery.
82
83Other files affected by this strengthened security include class
84files (i.e. Fw /etc/sendmail.cw), persistent host status files, and
85the files specified by the ErrorHeader and HelpFile options.  Similar
86DontBlameSendmail flags are available for the class, ErrorHeader, and
87HelpFile files.
88
89If you have an unsafe configuration of .forward and :include:
90files, you can make it safe by finding all such files, and doing
91a "chmod go-w $FILE" on each.  Also, do a "chmod go-w $DIR" for
92each directory in the file's path.
93
94
95+--------------+
96| MANUAL PAGES |
97+--------------+
98
99The sendmail manual pages use contemporary Berkeley troff macros.  If
100your system does not process these manual pages, you can pick up the
101new macros in a BSD Net/2 FTP site (e.g.  on FTP.UU.NET, the files
102/systems/unix/bsd-sources/share/tmac/*).
103
104The strip.sed file is only used in installation.
105
106After installation, edit tmac.doc and tmac.andoc to reflect the
107installation path of the tmac files.  Those files contain pointers to
108/usr/share/tmac/, and those pointers are not changed by the `make
109install` process.  There's also a bug in those files -- make the
110following patch:
111
112*** tmac.an~    Tue Jul 12 14:29:09 1994
113--- tmac.an     Fri Jul 15 13:17:54 1994
114***************
115*** 50,55 ****
116  .de TH
117  .rn TH xX
118  .so /usr/share/lib/tmac/tmac.an.old
119! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8
120  .rm xX
121  ..
122--- 50,55 ----
123  .de TH
124  .rn TH xX
125  .so /usr/share/lib/tmac/tmac.an.old
126! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8"
127  .rm xX
128  ..
129
130Rename the existing tmac.an to be tmac.an.old, and rename tmac.andoc
131to be tmac.an.
132
133tmac.an will choose between tmac.an.old, your old macros, or tmac.doc,
134which are the new macros, so that both the new man pages and the
135existing man pages will be translated properly.
136
137I'm also told that the groff distribution from MIT has a tmac.doc
138macro set that is compatible with these macros.
139
140
141+-----------------------+
142| RELATED DOCUMENTATION |
143+-----------------------+
144
145There are other files you should read.  Rooted in this directory are:
146
147  doc/changes/changes.ps
148        Describes changes between Release 5 and Release 8 of sendmail.
149        There are some things that may behave somewhat differently.
150        For example, the rules governing when :include: files will
151        be read have been tightened up for security reasons.
152  FAQ
153        Answers to Frequently Asked Questions.
154  KNOWNBUGS
155        Known bugs in the current release.  I try to keep this up
156        to date -- get the latest version from FTP.Sendmail.ORG
157        in /ucb/sendmail/KNOWNBUGS.
158  RELEASE_NOTES
159        A detailed description of the changes in each version.  This
160        is quite long, but informative.
161  src/README
162        Details on compiling and installing sendmail.
163  cf/README
164        Details on configuring sendmail.
165  doc/op/op.me
166        The sendmail Installation & Operations Guide.  Be warned: if
167        you are running this off on SunOS or some other system with an
168        old version of -me, you need to add the following macro to the
169        macros:
170
171                .de sm
172                \s-1\\$1\\s0\\$2
173                ..
174
175        This sets a word in a smaller pointsize.
176
177
178+--------------+
179| RELATED RFCS |
180+--------------+
181
182There are several related RFCs that you may wish to read -- they are
183available via anonymous FTP to several sites, including:
184
185        ftp://nic.ddn.mil/rfc/
186        ftp://nis.nsf.net/documents/rfc/
187        ftp://nisc.jvnc.net/rfc/
188        ftp://venera.isi.edu/in-notes/
189        ftp://wuarchive.wustl.edu/doc/rfc/
190
191For a list of the primary repositories see:
192
193        http://www.isi.edu/in-notes/rfc-retrieval.txt
194
195They are also online at:
196
197        http://www.ietf.org/
198
199They can also be retrieved via electronic mail by sending
200email to one of:
201
202        mail-server@nisc.sri.com
203                Put "send rfcNNN" in message body
204        nis-info@nis.nsf.net
205                Put "send RFCnnn.TXT-1" in message body
206        sendrfc@jvnc.net
207                Put "RFCnnn" as Subject: line
208
209For further instructions see:
210
211        http://www.isi.edu/in-notes/rfc-editor/rfc-info
212
213Important RFCs for electronic mail are:
214
215        RFC821  SMTP protocol
216        RFC822  Mail header format
217        RFC974  MX routing
218        RFC976  UUCP mail format
219        RFC1123 Host requirements (modifies 821, 822, and 974)
220        RFC1413 Identification server
221        RFC1869 SMTP Service Extensions (ESMTP spec)
222        RFC1652 SMTP Service Extension for 8bit-MIMEtransport
223        RFC1870 SMTP Service Extension for Message Size Declaration
224        RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One:
225                Format of Internet Message Bodies
226        RFC1344 Implications of MIME for Internet Mail Gateways
227        RFC1428 Transition of Internet Mail from Just-Send-8 to
228                8-bit SMTP/MIME
229        RFC1891 SMTP Service Extension for Delivery Status Notifications
230        RFC1892 Multipart/Report Content Type for the Reporting of
231                Mail System Administrative Messages
232        RFC1893 Enhanced Mail System Status Codes
233        RFC1894 An Extensible Message Format for Delivery Status
234                Notifications
235        RFC1985 SMTP Service Extension for Remote Message Queue Starting
236        RFC2033 Local Mail Transfer Protocol
237
238Other standards that may be of interest (but which are less directly
239relevant to sendmail) are:
240
241        RFC987  Mapping between RFC822 and X.400
242        RFC1049 Content-Type header field (extension to RFC822)
243
244Warning to AIX users: this version of sendmail does not implement
245MB, MR, or MG DNS resource records, as defined (as experiments) in
246RFC1035.
247
248
249+-------------------+
250| DATABASE ROUTINES |
251+-------------------+
252
253IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE:  ****  DO NOT  ****
254use the version that was on the Net2 tape -- it has a number of
255nefarious bugs that were bad enough when I got them; you shouldn't have
256to go through the same thing.  Instead, get a new version via the web at
257http://www.sleepycat.com/.  This software is highly recommended; it gets
258rid of several stupid limits, it's much faster, and the interface is
259nicer to animals and plants.  If the Berkeley DB include files
260are installed in a location other than those which your compiler searches,
261you will need to provide that directory when building:
262
263        Build -I/path/to/include/directory
264
265If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
266urged to upgrade to DB version 2, available from http://www.sleepycat.com/.
267Berkeley DB versions 1.85 and 1.86 are known to be broken in various nasty
268ways (see http://www.sleepycat.com/db.185.html), and can cause sendmail
269to dump core.  In addition, the newest versions of gcc and the Solaris
270compilers perform optimizations in those versions that may cause fairly
271random core dumps.
272
273If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
274using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
275and ndbm.o from the DB library after building it.  You should also apply
276all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
277(see http://www.sleepycat.com/db.185.html), as they fix some of the known
278problems.
279
280If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
281are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
282from the DB library after building it.  No other changes are necessary.
283
284If you are using Berkeley DB version 2.3.15 or greater, no changes are
285necessary.
286
287The underlying database file formats changed between Berkeley DB versions
2881.85 and 1.86, and again between DB 1.86 and version 2.0.  If you are
289upgrading from one of those versions, you must recreate your database
290file(s).  Do this by rebuilding all maps with makemap and rebuilding the
291alias file with newaliases.
292
293
294+--------------------+
295| HOST NAME SERVICES |
296+--------------------+
297
298If you are using NIS or /etc/hosts, it is critical that you
299list the long (fully qualified) name somewhere (preferably first) in
300the /etc/hosts file used to build the NIS database.  For example, the
301line should read
302
303        128.32.149.68   mastodon.CS.Berkeley.EDU mastodon
304
305**** NOT ****
306
307        128.32.149.68   mastodon
308
309If you do not include the long name, sendmail will complain loudly
310about ``unable to qualify my own domain name (mastodon) -- using
311short name'' and conclude that your canonical name is the short
312version and use that in messages.  The name "mastodon" doesn't mean
313much outside of Berkeley, and so this creates incorrect and unreplyable
314messages.
315
316
317+-------------+
318| USE WITH MH |
319+-------------+
320
321This version of sendmail notices and reports certain kinds of SMTP
322protocol violations that were ignored by older versions.  If you
323are running MH you may wish to install the patch in contrib/mh.patch
324that will prevent these warning reports.  This patch also works
325with the old version of sendmail, so it's safe to go ahead and
326install it.
327
328
329+----------------+
330| USE WITH IDENT |
331+----------------+
332
333Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
334No ident server is included with this distribution.  I have found
335copies available on:
336
337  ftp.lysator.liu.se            /pub/ident/servers
338  romulus.ucs.uoknor.edu        /networking/ident/servers
339  ftp.cyf-kr.edu.pl             /agh/uciagh/network/ident
340
341If you want to run an IDENT server, I suggest getting a copy from
342one of those sites.  Versions are available for several different
343systems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS.
344
345
346+-------------------------+
347| INTEROPERATION PROBLEMS |
348+-------------------------+
349
350Microsoft Exchange Server 5.0
351        We have had a report that ``about 7% of messages from Sendmail
352        to Exchange were not being delivered with status messages of
353        "connection reset" and "I/O error".''  Upgrading Exchange from
354        Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
355
356
357+---------------------+
358| DIRECTORY STRUCTURE |
359+---------------------+
360
361The structure of this directory tree is:
362
363cf              Source for sendmail configuration files.  These are
364                different than what you've seen before.  They are a
365                fairly dramatic rewrite, requiring the new sendmail
366                (since they use new features).
367contrib         Some contributed tools to help with sendmail.  THESE
368                ARE NOT SUPPORTED by sendmail -- contact the original
369                authors if you have problems.  (This directory is not
370                on the 4.4BSD tape.)
371doc             Documentation.  If you are getting source, read
372                op.me -- it's long, but worth it.
373mail.local      The source for the local delivery agent used for 4.4BSD.
374                THIS IS NOT PART OF SENDMAIL! and may not compile
375                everywhere, since it depends on some 4.4-isms.  Warning:
376                it does mailbox locking differently than other systems.
377mailstats       Statistics printing program.  It has the pathname of
378                sendmail.st compiled in, so if you've changed that,
379                beware.
380makemap         A program that creates the keyed maps used by the $( ... $)
381                construct in sendmail.  It is primitive but effective.
382                It takes a very simple input format, so you will probably
383                expect to preprocess must human-convenient formats
384                using sed scripts before this program will like them.
385                But it should be functionally complete.
386praliases       A program to print the DBM or NEWDB version of the
387                aliases file.
388rmail           Source for rmail(8).  This is used as a delivery
389                agent for for UUCP, and could presumably be used by
390                other non-socket oriented mailers.  Older versions of
391                rmail are probably deficient.  RMAIL IS NOT PART OF
392                SENDMAIL!!!  The 4.4BSD source is included for you to
393                look at or try to port to your system.  I know it doesn't
394                compile on {SunOS, HP-UX, OSF/1, other} (pick one).
395smrsh           The "sendmail restricted shell", which can be used as
396                a replacement for /bin/sh in the prog mailer to provide
397                increased security control.  NOT PART OF SENDMAIL!
398src             Source for the sendmail program itself.
399test            Some test scripts (currently only for compilation aids).
Note: See TracBrowser for help on using the repository browser.