1 | /*- |
---|
2 | * @(#)README 8.51 (Berkeley) 1/25/1999 |
---|
3 | */ |
---|
4 | |
---|
5 | SENDMAIL RELEASE 8 |
---|
6 | |
---|
7 | This directory has the latest sendmail(TM) software from Sendmail, Inc. |
---|
8 | See doc/changes/changes.me for a summary of changes since 5.67. |
---|
9 | |
---|
10 | Report any bugs to sendmail-bugs@sendmail.ORG |
---|
11 | |
---|
12 | There is a web site at http://WWW.Sendmail.ORG -- see that site for |
---|
13 | the latest updates. |
---|
14 | |
---|
15 | ****************************************************************** |
---|
16 | ** A new Build architecture is in place that allows you to ** |
---|
17 | ** use the "Build" shell script in any of the program ** |
---|
18 | ** directories. On many environments this will do everything ** |
---|
19 | ** for you, no fuss, no muss. See src/README for more details ** |
---|
20 | ** of compilation. See cf/README for details about building ** |
---|
21 | ** a runtime configuration file. ** |
---|
22 | ****************************************************************** |
---|
23 | |
---|
24 | Sendmail is a trademark of Sendmail, Inc. |
---|
25 | |
---|
26 | +-----------------------+ |
---|
27 | | DIRECTORY PERMISSIONS | |
---|
28 | +-----------------------+ |
---|
29 | |
---|
30 | Sendmail often gets blamed for many problems that are actually the |
---|
31 | result of other problems, such as overly permissive modes on directories. |
---|
32 | For this reason, sendmail checks the modes on system directories and |
---|
33 | files to determine if can have been trusted. For sendmail to run |
---|
34 | without complaining, you MUST execute the following command: |
---|
35 | |
---|
36 | chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue |
---|
37 | chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue |
---|
38 | |
---|
39 | You will probably have to tweak this for your environment (for example, |
---|
40 | some systems put the spool directory into /usr/spool instead of |
---|
41 | /var/spool and use /etc/mail for aliases file instead of /etc). If you |
---|
42 | set the RunAsUser option in your sendmail.cf, the /var/spool/mqueue |
---|
43 | directory will have to be owned by the RunAsUser user. As a general rule, |
---|
44 | after you have compiled sendmail, run the command |
---|
45 | |
---|
46 | sendmail -v -bi |
---|
47 | |
---|
48 | to initialize the alias database. If it gives messages such as |
---|
49 | |
---|
50 | WARNING: writable directory /etc |
---|
51 | WARNING: writable directory /usr/spool/mqueue |
---|
52 | |
---|
53 | then the directories listed have inappropriate write permissions and |
---|
54 | should be secured to avoid various possible security attacks. |
---|
55 | |
---|
56 | Beginning with sendmail 8.9, these checks have become more strict to |
---|
57 | prevent users from being able to access files they would normally not |
---|
58 | be able to read. In particular, .forward and :include: files in unsafe |
---|
59 | directory paths (directory paths which are group or world writable) will |
---|
60 | no longer be allowed. This would mean that if user joe's home directory |
---|
61 | was writable by group staff, sendmail would not use his .forward file. |
---|
62 | This behavior can be altered, at the expense of system security, by |
---|
63 | setting the DontBlameSendmail option. For example, to allow .forward |
---|
64 | files in group writable directories: |
---|
65 | |
---|
66 | O DontBlameSendmail=forwardfileingroupwritabledirpath |
---|
67 | |
---|
68 | Or to allow them in both group and world writable directories: |
---|
69 | |
---|
70 | O DontBlameSendmail=forwardfileinunsafedirpath |
---|
71 | |
---|
72 | Items from these unsafe .forward and :include: files will be marked |
---|
73 | as unsafe addresses -- the items can not be deliveries to files or |
---|
74 | programs. This behavior can also be altered via DontBlameSendmail: |
---|
75 | |
---|
76 | O DontBlameSendmail=forwardfileinunsafedirpath, |
---|
77 | forwardfileinunsafedirpathsafe |
---|
78 | |
---|
79 | The first flag allows the .forward file to be read, the second allows |
---|
80 | the items in the file to be marked as safe for file and program |
---|
81 | delivery. |
---|
82 | |
---|
83 | Other files affected by this strengthened security include class |
---|
84 | files (i.e. Fw /etc/sendmail.cw), persistent host status files, and |
---|
85 | the files specified by the ErrorHeader and HelpFile options. Similar |
---|
86 | DontBlameSendmail flags are available for the class, ErrorHeader, and |
---|
87 | HelpFile files. |
---|
88 | |
---|
89 | If you have an unsafe configuration of .forward and :include: |
---|
90 | files, you can make it safe by finding all such files, and doing |
---|
91 | a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for |
---|
92 | each directory in the file's path. |
---|
93 | |
---|
94 | |
---|
95 | +--------------+ |
---|
96 | | MANUAL PAGES | |
---|
97 | +--------------+ |
---|
98 | |
---|
99 | The sendmail manual pages use contemporary Berkeley troff macros. If |
---|
100 | your system does not process these manual pages, you can pick up the |
---|
101 | new macros in a BSD Net/2 FTP site (e.g. on FTP.UU.NET, the files |
---|
102 | /systems/unix/bsd-sources/share/tmac/*). |
---|
103 | |
---|
104 | The strip.sed file is only used in installation. |
---|
105 | |
---|
106 | After installation, edit tmac.doc and tmac.andoc to reflect the |
---|
107 | installation path of the tmac files. Those files contain pointers to |
---|
108 | /usr/share/tmac/, and those pointers are not changed by the `make |
---|
109 | install` process. There's also a bug in those files -- make the |
---|
110 | following patch: |
---|
111 | |
---|
112 | *** tmac.an~ Tue Jul 12 14:29:09 1994 |
---|
113 | --- tmac.an Fri Jul 15 13:17:54 1994 |
---|
114 | *************** |
---|
115 | *** 50,55 **** |
---|
116 | .de TH |
---|
117 | .rn TH xX |
---|
118 | .so /usr/share/lib/tmac/tmac.an.old |
---|
119 | ! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 |
---|
120 | .rm xX |
---|
121 | .. |
---|
122 | --- 50,55 ---- |
---|
123 | .de TH |
---|
124 | .rn TH xX |
---|
125 | .so /usr/share/lib/tmac/tmac.an.old |
---|
126 | ! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8" |
---|
127 | .rm xX |
---|
128 | .. |
---|
129 | |
---|
130 | Rename the existing tmac.an to be tmac.an.old, and rename tmac.andoc |
---|
131 | to be tmac.an. |
---|
132 | |
---|
133 | tmac.an will choose between tmac.an.old, your old macros, or tmac.doc, |
---|
134 | which are the new macros, so that both the new man pages and the |
---|
135 | existing man pages will be translated properly. |
---|
136 | |
---|
137 | I'm also told that the groff distribution from MIT has a tmac.doc |
---|
138 | macro set that is compatible with these macros. |
---|
139 | |
---|
140 | |
---|
141 | +-----------------------+ |
---|
142 | | RELATED DOCUMENTATION | |
---|
143 | +-----------------------+ |
---|
144 | |
---|
145 | There are other files you should read. Rooted in this directory are: |
---|
146 | |
---|
147 | doc/changes/changes.ps |
---|
148 | Describes changes between Release 5 and Release 8 of sendmail. |
---|
149 | There are some things that may behave somewhat differently. |
---|
150 | For example, the rules governing when :include: files will |
---|
151 | be read have been tightened up for security reasons. |
---|
152 | FAQ |
---|
153 | Answers to Frequently Asked Questions. |
---|
154 | KNOWNBUGS |
---|
155 | Known bugs in the current release. I try to keep this up |
---|
156 | to date -- get the latest version from FTP.Sendmail.ORG |
---|
157 | in /ucb/sendmail/KNOWNBUGS. |
---|
158 | RELEASE_NOTES |
---|
159 | A detailed description of the changes in each version. This |
---|
160 | is quite long, but informative. |
---|
161 | src/README |
---|
162 | Details on compiling and installing sendmail. |
---|
163 | cf/README |
---|
164 | Details on configuring sendmail. |
---|
165 | doc/op/op.me |
---|
166 | The sendmail Installation & Operations Guide. Be warned: if |
---|
167 | you are running this off on SunOS or some other system with an |
---|
168 | old version of -me, you need to add the following macro to the |
---|
169 | macros: |
---|
170 | |
---|
171 | .de sm |
---|
172 | \s-1\\$1\\s0\\$2 |
---|
173 | .. |
---|
174 | |
---|
175 | This sets a word in a smaller pointsize. |
---|
176 | |
---|
177 | |
---|
178 | +--------------+ |
---|
179 | | RELATED RFCS | |
---|
180 | +--------------+ |
---|
181 | |
---|
182 | There are several related RFCs that you may wish to read -- they are |
---|
183 | available via anonymous FTP to several sites, including: |
---|
184 | |
---|
185 | ftp://nic.ddn.mil/rfc/ |
---|
186 | ftp://nis.nsf.net/documents/rfc/ |
---|
187 | ftp://nisc.jvnc.net/rfc/ |
---|
188 | ftp://venera.isi.edu/in-notes/ |
---|
189 | ftp://wuarchive.wustl.edu/doc/rfc/ |
---|
190 | |
---|
191 | For a list of the primary repositories see: |
---|
192 | |
---|
193 | http://www.isi.edu/in-notes/rfc-retrieval.txt |
---|
194 | |
---|
195 | They are also online at: |
---|
196 | |
---|
197 | http://www.ietf.org/ |
---|
198 | |
---|
199 | They can also be retrieved via electronic mail by sending |
---|
200 | email to one of: |
---|
201 | |
---|
202 | mail-server@nisc.sri.com |
---|
203 | Put "send rfcNNN" in message body |
---|
204 | nis-info@nis.nsf.net |
---|
205 | Put "send RFCnnn.TXT-1" in message body |
---|
206 | sendrfc@jvnc.net |
---|
207 | Put "RFCnnn" as Subject: line |
---|
208 | |
---|
209 | For further instructions see: |
---|
210 | |
---|
211 | http://www.isi.edu/in-notes/rfc-editor/rfc-info |
---|
212 | |
---|
213 | Important RFCs for electronic mail are: |
---|
214 | |
---|
215 | RFC821 SMTP protocol |
---|
216 | RFC822 Mail header format |
---|
217 | RFC974 MX routing |
---|
218 | RFC976 UUCP mail format |
---|
219 | RFC1123 Host requirements (modifies 821, 822, and 974) |
---|
220 | RFC1413 Identification server |
---|
221 | RFC1869 SMTP Service Extensions (ESMTP spec) |
---|
222 | RFC1652 SMTP Service Extension for 8bit-MIMEtransport |
---|
223 | RFC1870 SMTP Service Extension for Message Size Declaration |
---|
224 | RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: |
---|
225 | Format of Internet Message Bodies |
---|
226 | RFC1344 Implications of MIME for Internet Mail Gateways |
---|
227 | RFC1428 Transition of Internet Mail from Just-Send-8 to |
---|
228 | 8-bit SMTP/MIME |
---|
229 | RFC1891 SMTP Service Extension for Delivery Status Notifications |
---|
230 | RFC1892 Multipart/Report Content Type for the Reporting of |
---|
231 | Mail System Administrative Messages |
---|
232 | RFC1893 Enhanced Mail System Status Codes |
---|
233 | RFC1894 An Extensible Message Format for Delivery Status |
---|
234 | Notifications |
---|
235 | RFC1985 SMTP Service Extension for Remote Message Queue Starting |
---|
236 | RFC2033 Local Mail Transfer Protocol |
---|
237 | |
---|
238 | Other standards that may be of interest (but which are less directly |
---|
239 | relevant to sendmail) are: |
---|
240 | |
---|
241 | RFC987 Mapping between RFC822 and X.400 |
---|
242 | RFC1049 Content-Type header field (extension to RFC822) |
---|
243 | |
---|
244 | Warning to AIX users: this version of sendmail does not implement |
---|
245 | MB, MR, or MG DNS resource records, as defined (as experiments) in |
---|
246 | RFC1035. |
---|
247 | |
---|
248 | |
---|
249 | +-------------------+ |
---|
250 | | DATABASE ROUTINES | |
---|
251 | +-------------------+ |
---|
252 | |
---|
253 | IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** |
---|
254 | use the version that was on the Net2 tape -- it has a number of |
---|
255 | nefarious bugs that were bad enough when I got them; you shouldn't have |
---|
256 | to go through the same thing. Instead, get a new version via the web at |
---|
257 | http://www.sleepycat.com/. This software is highly recommended; it gets |
---|
258 | rid of several stupid limits, it's much faster, and the interface is |
---|
259 | nicer to animals and plants. If the Berkeley DB include files |
---|
260 | are installed in a location other than those which your compiler searches, |
---|
261 | you will need to provide that directory when building: |
---|
262 | |
---|
263 | Build -I/path/to/include/directory |
---|
264 | |
---|
265 | If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* |
---|
266 | urged to upgrade to DB version 2, available from http://www.sleepycat.com/. |
---|
267 | Berkeley DB versions 1.85 and 1.86 are known to be broken in various nasty |
---|
268 | ways (see http://www.sleepycat.com/db.185.html), and can cause sendmail |
---|
269 | to dump core. In addition, the newest versions of gcc and the Solaris |
---|
270 | compilers perform optimizations in those versions that may cause fairly |
---|
271 | random core dumps. |
---|
272 | |
---|
273 | If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are |
---|
274 | using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h |
---|
275 | and ndbm.o from the DB library after building it. You should also apply |
---|
276 | all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site |
---|
277 | (see http://www.sleepycat.com/db.185.html), as they fix some of the known |
---|
278 | problems. |
---|
279 | |
---|
280 | If you are using a version of Berkeley DB 2 previous to 2.3.15, and you |
---|
281 | are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o |
---|
282 | from the DB library after building it. No other changes are necessary. |
---|
283 | |
---|
284 | If you are using Berkeley DB version 2.3.15 or greater, no changes are |
---|
285 | necessary. |
---|
286 | |
---|
287 | The underlying database file formats changed between Berkeley DB versions |
---|
288 | 1.85 and 1.86, and again between DB 1.86 and version 2.0. If you are |
---|
289 | upgrading from one of those versions, you must recreate your database |
---|
290 | file(s). Do this by rebuilding all maps with makemap and rebuilding the |
---|
291 | alias file with newaliases. |
---|
292 | |
---|
293 | |
---|
294 | +--------------------+ |
---|
295 | | HOST NAME SERVICES | |
---|
296 | +--------------------+ |
---|
297 | |
---|
298 | If you are using NIS or /etc/hosts, it is critical that you |
---|
299 | list the long (fully qualified) name somewhere (preferably first) in |
---|
300 | the /etc/hosts file used to build the NIS database. For example, the |
---|
301 | line should read |
---|
302 | |
---|
303 | 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon |
---|
304 | |
---|
305 | **** NOT **** |
---|
306 | |
---|
307 | 128.32.149.68 mastodon |
---|
308 | |
---|
309 | If you do not include the long name, sendmail will complain loudly |
---|
310 | about ``unable to qualify my own domain name (mastodon) -- using |
---|
311 | short name'' and conclude that your canonical name is the short |
---|
312 | version and use that in messages. The name "mastodon" doesn't mean |
---|
313 | much outside of Berkeley, and so this creates incorrect and unreplyable |
---|
314 | messages. |
---|
315 | |
---|
316 | |
---|
317 | +-------------+ |
---|
318 | | USE WITH MH | |
---|
319 | +-------------+ |
---|
320 | |
---|
321 | This version of sendmail notices and reports certain kinds of SMTP |
---|
322 | protocol violations that were ignored by older versions. If you |
---|
323 | are running MH you may wish to install the patch in contrib/mh.patch |
---|
324 | that will prevent these warning reports. This patch also works |
---|
325 | with the old version of sendmail, so it's safe to go ahead and |
---|
326 | install it. |
---|
327 | |
---|
328 | |
---|
329 | +----------------+ |
---|
330 | | USE WITH IDENT | |
---|
331 | +----------------+ |
---|
332 | |
---|
333 | Sendmail 8 supports the IDENT protocol, as defined by RFC 1413. |
---|
334 | No ident server is included with this distribution. I have found |
---|
335 | copies available on: |
---|
336 | |
---|
337 | ftp.lysator.liu.se /pub/ident/servers |
---|
338 | romulus.ucs.uoknor.edu /networking/ident/servers |
---|
339 | ftp.cyf-kr.edu.pl /agh/uciagh/network/ident |
---|
340 | |
---|
341 | If you want to run an IDENT server, I suggest getting a copy from |
---|
342 | one of those sites. Versions are available for several different |
---|
343 | systems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS. |
---|
344 | |
---|
345 | |
---|
346 | +-------------------------+ |
---|
347 | | INTEROPERATION PROBLEMS | |
---|
348 | +-------------------------+ |
---|
349 | |
---|
350 | Microsoft Exchange Server 5.0 |
---|
351 | We have had a report that ``about 7% of messages from Sendmail |
---|
352 | to Exchange were not being delivered with status messages of |
---|
353 | "connection reset" and "I/O error".'' Upgrading Exchange from |
---|
354 | Version 5.0 to Version 5.5 Service Pack 2 solved this problem. |
---|
355 | |
---|
356 | |
---|
357 | +---------------------+ |
---|
358 | | DIRECTORY STRUCTURE | |
---|
359 | +---------------------+ |
---|
360 | |
---|
361 | The structure of this directory tree is: |
---|
362 | |
---|
363 | cf Source for sendmail configuration files. These are |
---|
364 | different than what you've seen before. They are a |
---|
365 | fairly dramatic rewrite, requiring the new sendmail |
---|
366 | (since they use new features). |
---|
367 | contrib Some contributed tools to help with sendmail. THESE |
---|
368 | ARE NOT SUPPORTED by sendmail -- contact the original |
---|
369 | authors if you have problems. (This directory is not |
---|
370 | on the 4.4BSD tape.) |
---|
371 | doc Documentation. If you are getting source, read |
---|
372 | op.me -- it's long, but worth it. |
---|
373 | mail.local The source for the local delivery agent used for 4.4BSD. |
---|
374 | THIS IS NOT PART OF SENDMAIL! and may not compile |
---|
375 | everywhere, since it depends on some 4.4-isms. Warning: |
---|
376 | it does mailbox locking differently than other systems. |
---|
377 | mailstats Statistics printing program. It has the pathname of |
---|
378 | sendmail.st compiled in, so if you've changed that, |
---|
379 | beware. |
---|
380 | makemap A program that creates the keyed maps used by the $( ... $) |
---|
381 | construct in sendmail. It is primitive but effective. |
---|
382 | It takes a very simple input format, so you will probably |
---|
383 | expect to preprocess must human-convenient formats |
---|
384 | using sed scripts before this program will like them. |
---|
385 | But it should be functionally complete. |
---|
386 | praliases A program to print the DBM or NEWDB version of the |
---|
387 | aliases file. |
---|
388 | rmail Source for rmail(8). This is used as a delivery |
---|
389 | agent for for UUCP, and could presumably be used by |
---|
390 | other non-socket oriented mailers. Older versions of |
---|
391 | rmail are probably deficient. RMAIL IS NOT PART OF |
---|
392 | SENDMAIL!!! The 4.4BSD source is included for you to |
---|
393 | look at or try to port to your system. I know it doesn't |
---|
394 | compile on {SunOS, HP-UX, OSF/1, other} (pick one). |
---|
395 | smrsh The "sendmail restricted shell", which can be used as |
---|
396 | a replacement for /bin/sh in the prog mailer to provide |
---|
397 | increased security control. NOT PART OF SENDMAIL! |
---|
398 | src Source for the sendmail program itself. |
---|
399 | test Some test scripts (currently only for compilation aids). |
---|