source: trunk/third/sendmail/sendmail/README @ 19204

Revision 19204, 78.6 KB checked in by zacheiss, 21 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r19203, which included commits to RCS files with non-trunk default branches.
Line 
1# Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
2#       All rights reserved.
3# Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
4# Copyright (c) 1988
5#       The Regents of the University of California.  All rights reserved.
6#
7# By using this file, you agree to the terms and conditions set
8# forth in the LICENSE file which can be found at the top level of
9# the sendmail distribution.
10#
11#
12#       $Id: README,v 1.1.1.1 2003-04-08 15:09:19 zacheiss Exp $
13#
14
15This directory contains the source files for sendmail(TM).
16
17   *******************************************************************
18   !! Read sendmail/SECURITY for important installation information !!
19   *******************************************************************
20
21        **********************************************************
22        **  Read below for more details on building sendmail.   **
23        **********************************************************
24
25**************************************************************************
26**  IMPORTANT:  Read the appropriate paragraphs in the section on       **
27**  ``Operating System and Compile Quirks''.                            **
28**************************************************************************
29
30For detailed instructions, please read the document ../doc/op/op.me:
31
32        cd ../doc/op ; make op.ps op.txt
33
34Sendmail is a trademark of Sendmail, Inc.
35
36
37+-------------------+
38| BUILDING SENDMAIL |
39+-------------------+
40
41By far, the easiest way to compile sendmail is to use the "Build"
42script:
43
44        sh Build
45
46This uses the "uname" command to figure out what architecture you are
47on and creates a proper Makefile accordingly.  It also creates a
48subdirectory per object format, so that multiarchitecture support is
49easy.  In general this should be all you need.  IRIX 6.x users should
50read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section.
51
52If you need to look at other include or library directories, use the
53-I or -L flags on the command line, e.g.,
54
55        sh Build -I/usr/sww/include -L/usr/sww/lib
56
57It's also possible to create local site configuration in the file
58site.config.m4 (or another file settable with the -f flag).  This
59file contains M4 definitions for various compilation values; the
60most useful are:
61
62confMAPDEF      -D flags to specify database types to be included
63                (see below)
64confENVDEF      -D flags to specify other environment information
65confINCDIRS     -I flags for finding include files during compilation
66confLIBDIRS     -L flags for finding libraries during linking
67confLIBS        -l flags for selecting libraries during linking
68confLDOPTS      other ld(1) linker options
69
70Others can be found by examining Makefile.m4.  Please read
71../devtools/README for more information about the site.config.m4
72file.
73
74You can recompile from scratch using the -c flag with the Build
75command.  This removes the existing compilation directory for the
76current platform and builds a new one.  The -c flag must also
77be used if any site.*.m4 file in devtools/Site/ is changed.
78
79Porting to a new Unix-based system should be a matter of creating
80an appropriate configuration file in the devtools/OS/ directory.
81
82
83+----------------------+
84| DATABASE DEFINITIONS |
85+----------------------+
86
87There are several database formats that can be used for the alias files
88and for general maps.  When used for alias files they interact in an
89attempt to be backward compatible.
90
91The options are:
92
93NEWDB           The new Berkeley DB package.  Some systems (e.g., BSD/OS and
94                Digital UNIX 4.0) have some version of this package
95                pre-installed.  If your system does not have Berkeley DB
96                pre-installed, or the version installed is not version 2.0
97                or greater (e.g., is Berkeley DB 1.85 or 1.86), get the
98                current version from http://www.sleepycat.com/.  DO NOT
99                use a version from any of the University of California,
100                Berkeley "Net" or other distributions.  If you are still
101                running BSD/386 1.x, you will need to upgrade the included
102                Berkeley DB library to a current version.  NEWDB is included
103                automatically if the Build script can find a library named
104                libdb.a or libdb.so.
105                See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley
106                DB versions, e.g., DB 4.1.x.
107NDBM            The older NDBM implementation -- the very old V7 DBM
108                implementation is no longer supported.
109NIS             Network Information Services.  To use this you must have
110                NIS support on your system.
111NISPLUS         NIS+ (the revised NIS released with Solaris 2).  You must
112                have NIS+ support on your system to use this flag.
113HESIOD          Support for Hesiod (from the DEC/Athena distribution).  You
114                must already have Hesiod support on your system for this to
115                work.  You may be able to get this to work with the MIT/Athena
116                version of Hesiod, but that's likely to be a lot of work.
117                BIND 8.X also includes Hesiod support.
118LDAPMAP         Lightweight Directory Access Protocol support.  You will
119                have to install the UMich or OpenLDAP
120                (http://www.openldap.org/) ldap and lber libraries to use
121                this flag.
122MAP_REGEX       Regular Expression support.  You will need to use an
123                operating system which comes with the POSIX regex()
124                routines or install a regexp library such as libregex from
125                the Free Software Foundation.
126DNSMAP          DNS map support.  Requires NAMED_BIND.
127PH_MAP          PH map support.  You will need the libphclient library from
128                the nph package (http://www-dev.cso.uiuc.edu/ph/nph/).
129MAP_NSD         nsd map support (IRIX 6.5 and later).
130
131>>>  NOTE WELL for NEWDB support: If you want to get ndbm support, for
132>>>  Berkeley DB versions under 2.0, it is CRITICAL that you remove
133>>>  ndbm.o from libdb.a before you install it and DO NOT install ndbm.h;
134>>>  for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a
135>>>  before you install it.  If you don't delete these, there is absolutely
136>>>  no point to including -DNDBM, since it will just get you another
137>>>  (inferior) API to the same format database.  These files OVERRIDE
138>>>  calls to ndbm routines -- in particular, if you leave ndbm.h in,
139>>>  you can find yourself using the new db package even if you don't
140>>>  define NEWDB.  Berkeley DB versions later than 2.3.14 do not need
141>>>  to be modified.  Please also consult the README in the top level
142>>>  directory of the sendmail distribution for other important information.
143>>>
144>>>  Further note: DO NOT remove your existing /usr/include/ndbm.h --
145>>>  you need that one.  But do not install an updated ndbm.h in
146>>>  /usr/include, /usr/local/include, or anywhere else.
147
148If NEWDB and NDBM are defined (but not NIS), then sendmail will read
149NDBM format alias files, but the next time a newaliases is run the
150format will be converted to NEWDB; that format will be used forever
151more.  This is intended as a transition feature.
152
153If NEWDB, NDBM, and NIS are all defined and the name of the file includes
154the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format
155alias files.  However, it will only read the NEWDB file; the NDBM format
156file is used only by the NIS subsystem.  This is needed because the NIS
157maps on an NIS server are built directly from the NDBM files.
158
159If NDBM and NIS are defined (regardless of the definition of NEWDB),
160and the filename includes the string "/yp/", sendmail adds the special
161tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
162required if the NDBM file is to be used as an NIS map.
163
164All of these flags are normally defined in a confMAPDEF setting in your
165site.config.m4.
166
167If you define NEWDB or HESIOD you get the User Database (USERDB)
168automatically.  Generally you do want to have NEWDB for it to do
169anything interesting.  See above for getting the Berkeley DB
170package (i.e., NEWDB).  There is no separate "user database"
171package -- don't bother searching for it on the net.
172
173Hesiod and LDAP require libraries that may not be installed with your
174system.  These are outside of my ability to provide support.  See the
175"Quirks" section for more information.
176
177The regex map can be used to see if an address matches a certain regular
178expression.  For example, all-numerics local parts are common spam
179addresses, so "^[0-9]+$" would match this.  By using such a map in a
180check_* rule-set, you can block a certain range of addresses that would
181otherwise be considered valid.
182
183
184+---------------+
185| COMPILE FLAGS |
186+---------------+
187
188Wherever possible, I try to make sendmail pull in the correct
189compilation options needed to compile on various environments based on
190automatically defined symbols.  Some machines don't seem to have useful
191symbols available, requiring that a compilation flag be defined in
192the Makefile; see the devtools/OS subdirectory for the supported
193architectures.
194
195If you are a system to which sendmail has already been ported you
196should not have to touch the following symbols.  But if you are porting,
197you may have to tweak the following compilation flags in conf.h in order
198to get it to compile and link properly:
199
200SYSTEM5         Adjust for System V (not necessarily Release 4).
201SYS5SIGNALS     Use System V signal semantics -- the signal handler
202                is automatically dropped when the signal is caught.
203                If this is not set, use POSIX/BSD semantics, where the
204                signal handler stays in force until an exec or an
205                explicit delete.  Implied by SYSTEM5.
206SYS5SETPGRP     Use System V setpgrp() semantics.  Implied by SYSTEM5.
207HASNICE         Define this to zero if you lack the nice(2) system call.
208HASRRESVPORT    Define this to zero if you lack the rresvport(3) system call.
209HASFCHMOD       Define this to one if you have the fchmod(2) system call.
210                This improves security.
211HASFCHOWN       Define this to one if you have the fchown(2) system call.
212                This is required for the TrustedUser option if sendmail
213                must rebuild an (alias) map.
214HASFLOCK        Set this if you prefer to use the flock(2) system call
215                rather than using fcntl-based locking.  Fcntl locking
216                has some semantic gotchas, but many vendor systems
217                also interface it to lockd(8) to do NFS-style locking.
218                Unfortunately, may vendors implementations of fcntl locking
219                is just plain broken (e.g., locks are never released,
220                causing your sendmail to deadlock; when the kernel runs
221                out of locks your system crashes).  For this reason, I
222                recommend always defining this unless you are absolutely
223                certain that your fcntl locking implementation really works.
224HASUNAME        Set if you have the "uname" system call.  Implied by
225                SYSTEM5.
226HASUNSETENV     Define this if your system library has the "unsetenv"
227                subroutine.
228HASSETSID       Define this if you have the setsid(2) system call.  This
229                is implied if your system appears to be POSIX compliant.
230HASINITGROUPS   Define this if you have the initgroups(3) routine.
231HASSETVBUF      Define this if you have the setvbuf(3) library call.
232                If you don't, setlinebuf will be used instead.  This
233                defaults on if your compiler defines __STDC__.
234HASSETREUID     Define this if you have setreuid(2) ***AND*** root can
235                use setreuid to change to an arbitrary user.  This second
236                condition is not satisfied on AIX 3.x.  You may find that
237                your system has setresuid(2), (for example, on HP-UX) in
238                which case you will also have to #define setreuid(r, e)
239                to be the appropriate call.  Some systems (such as Solaris)
240                have a compatibility routine that doesn't work properly,
241                but may have "saved user ids" properly implemented so you
242                can ``#define setreuid(r, e) seteuid(e)'' and have it work.
243                The important thing is that you have a call that will set
244                the effective uid independently of the real or saved uid
245                and be able to set the effective uid back again when done.
246                There's a test program in ../test/t_setreuid.c that will
247                try things on your system.  Setting this improves the
248                security, since sendmail doesn't have to read .forward
249                and :include: files as root.  There are certain attacks
250                that may be unpreventable without this call.
251USESETEUID      Define this to 1 if you have a seteuid(2) system call that
252                will allow root to set only the effective user id to an
253                arbitrary value ***AND*** you have saved user ids.  This is
254                preferable to HASSETREUID if these conditions are fulfilled.
255                These are the semantics of the to-be-released revision of
256                Posix.1.  The test program ../test/t_seteuid.c will try
257                this out on your system.  If you define both HASSETREUID
258                and USESETEUID, the former is ignored.
259HASSETEGID      Define this if you have setegid(2) and it can be
260                used to set the saved gid.  Please run t_dropgid in
261                test/ if you are not sure whether the call works.
262HASSETREGID     Define this if you have setregid(2) and it can be
263                used to set the saved gid.  Please run t_dropgid in
264                test/ if you are not sure whether the call works.
265HASSETRESGID    Define this if you have setresgid(2) and it can be
266                used to set the saved gid.  Please run t_dropgid in
267                test/ if you are not sure whether the call works.
268HASLSTAT        Define this if you have symbolic links (and thus the
269                lstat(2) system call).  This improves security.  Unlike
270                most other options, this one is on by default, so you
271                need to #undef it in conf.h if you don't have symbolic
272                links (these days everyone does).
273HASSETRLIMIT    Define this to 1 if you have the setrlimit(2) syscall.
274                You can define it to 0 to force it off.  It is assumed
275                if you are running a BSD-like system.
276HASULIMIT       Define this if you have the ulimit(2) syscall (System V
277                style systems).  HASSETRLIMIT overrides, as it is more
278                general.
279HASWAITPID      Define this if you have the waitpid(2) syscall.
280HASGETDTABLESIZE
281                Define this if you have the getdtablesize(2) syscall.
282HAS_ST_GEN      Define this to 1 if your system has the st_gen field in
283                the stat structure (see stat(2)).
284HASSRANDOMDEV   Define this if your system has the srandomdev(3) function
285                call.
286HASURANDOMDEV   Define this if your system has /dev/urandom(4).
287HASSTRERROR     Define this if you have the libc strerror(3) function (which
288                should be declared in <errno.h>), and it should be used
289                instead of sys_errlist.
290SM_CONF_GETOPT  Define this as 0 if you need a reimplementation of getopt(3).
291                On some systems, getopt does very odd things if called
292                to scan the arguments twice.  This flag will ask sendmail
293                to compile in a local version of getopt that works
294                properly.  You may also need this if you build with
295                another library that introduces a non-standard getopt(3).
296NEEDSTRTOL      Define this if your standard C library does not define
297                strtol(3).  This will compile in a local version.
298NEEDFSYNC       Define this if your standard C library does not define
299                fsync(2).  This will try to simulate the operation using
300                fcntl(2); if that is not available it does nothing, which
301                isn't great, but at least it compiles and runs.
302HASGETUSERSHELL Define this to 1 if you have getusershell(3) in your
303                standard C library.  If this is not defined, or is defined
304                to be 0, sendmail will scan the /etc/shells file (no
305                NIS-style support, defaults to /bin/sh and /bin/csh if
306                that file does not exist) to get a list of unrestricted
307                user shells.  This is used to determine whether users
308                are allowed to forward their mail to a program or a file.
309NEEDPUTENV      Define this if your system needs am emulation of the
310                putenv(3) call.  Define to 1 to implement it in terms
311                of setenv(3) or to 2 to do it in terms of primitives.
312NOFTRUNCATE     Define this if you don't have the ftruncate(2) syscall.
313                If you don't have this system call, there is an unavoidable
314                race condition that occurs when creating alias databases.
315GIDSET_T        The type of entries in a gidset passed as the second
316                argument to getgroups(2).  Historically this has been an
317                int, so this is the default, but some systems (such as
318                IRIX) pass it as a gid_t, which is an unsigned short.
319                This will make a difference, so it is important to get
320                this right!  However, it is only an issue if you have
321                group sets.
322SLEEP_T         The type returned by the system sleep() function.
323                Defaults to "unsigned int".  Don't worry about this
324                if you don't have compilation problems.
325ARBPTR_T        The type of an arbitrary pointer -- defaults to "void *".
326                If you are an very old compiler you may need to define
327                this to be "char *".
328SOCKADDR_LEN_T  The type used for the third parameter to accept(2),
329                getsockname(2), and getpeername(2), representing the
330                length of a struct sockaddr.  Defaults to int.
331SOCKOPT_LEN_T   The type used for the fifth parameter to getsockopt(2)
332                and setsockopt(2), representing the length of the option
333                buffer.  Defaults to int.
334LA_TYPE         The type of load average your kernel supports.  These
335                can be one of:
336                 LA_ZERO (1) -- it always returns the load average as
337                        "zero" (and does so on all architectures).
338                 LA_INT (2) to read /dev/kmem for the symbol avenrun and
339                        interpret as a long integer.
340                 LA_FLOAT (3) same, but interpret the result as a floating
341                        point number.
342                 LA_SHORT (6) to interpret as a short integer.
343                 LA_SUBR (4) if you have the getloadavg(3) routine in your
344                        system library.
345                 LA_MACH (5) to use MACH-style load averages (calls
346                        processor_set_info()),
347                 LA_PROCSTR (7) to read /proc/loadavg and interpret it
348                        as a string representing a floating-point
349                        number (Linux-style).
350                 LA_READKSYM (8) is an implementation suitable for some
351                        versions of SVr4 that uses the MIOC_READKSYM ioctl
352                        call to read /dev/kmem.
353                 LA_DGUX (9) is a special implementation for DG/UX that uses
354                        the dg_sys_info system call.
355                 LA_HPUX (10) is an HP-UX specific version that uses the
356                        pstat_getdynamic system call.
357                 LA_IRIX6 (11) is an IRIX 6.x specific version that adapts
358                        to 32 or 64 bit kernels; it is otherwise very similar
359                        to LA_INT.
360                 LA_KSTAT (12) uses the (Solaris-specific) kstat(3k)
361                        implementation.
362                 LA_DEVSHORT (13) reads a short from a system file (default:
363                        /dev/table/avenrun) and scales it in the same manner
364                        as LA_SHORT.
365                LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several
366                other parameters that they try to divine: the name of your
367                kernel, the name of the variable in the kernel to examine,
368                the number of bits of precision in a fixed point load average,
369                and so forth.  LA_DEVSHORT uses _PATH_AVENRUN to find the
370                device to be read to find the load average.
371                In desperation, use LA_ZERO.  The actual code is in
372                conf.c -- it can be tweaked if you are brave.
373FSHIFT          For LA_INT, LA_SHORT, and LA_READKSYM, this is the number
374                of bits of load average after the binary point -- i.e.,
375                the number of bits to shift right in order to scale the
376                integer to get the true integer load average.  Defaults to 8.
377_PATH_UNIX      The path to your kernel.  Needed only for LA_INT, LA_SHORT,
378                and LA_FLOAT.  Defaults to "/unix" on System V, "/vmunix"
379                everywhere else.
380LA_AVENRUN      For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel
381                variable that holds the load average.  Defaults to "avenrun"
382                on System V, "_avenrun" everywhere else.
383SFS_TYPE        Encodes how your kernel can locate the amount of free
384                space on a disk partition.  This can be set to SFS_NONE
385                (0) if you have no way of getting this information,
386                SFS_USTAT (1) if you have the ustat(2) system call,
387                SFS_4ARGS (2) if you have a four-argument statfs(2)
388                system call (and the include file is <sys/statfs.h>),
389                SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have
390                the two-argument statfs(2) system call with includes in
391                <sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively,
392                or SFS_STATVFS (6) if you have the two-argument statvfs(2)
393                call.  The default if nothing is defined is SFS_NONE.
394SFS_BAVAIL      with SFS_4ARGS you can also set SFS_BAVAIL to the field name
395                in the statfs structure that holds the useful information;
396                this defaults to f_bavail.
397SPT_TYPE        Encodes how your system can display what a process is doing
398                on a ps(1) command (SPT stands for Set Process Title).  Can
399                be set to:
400                SPT_NONE (0) -- Don't try to set the process title at all.
401                SPT_REUSEARGV (1) -- Pad out your argv with the information;
402                        this is the default if none specified.
403                SPT_BUILTIN (2) -- The system library has setproctitle.
404                SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2)
405                        to set the process title; this is used by HP-UX.
406                SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD).
407                SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6.
408                SPT_SCO (6) -- Write kernel u. area.
409                SPT_CHANGEARGV (7) -- Write pointers to our own strings into
410                        the existing argv vector.
411SPT_PADCHAR     Character used to pad the process title; if undefined,
412                the space character (0x20) is used.  This is ignored if
413                SPT_TYPE != SPT_REUSEARGV
414ERRLIST_PREDEFINED
415                If set, assumes that some header file defines sys_errlist.
416                This may be needed if you get type conflicts on this
417                variable -- otherwise don't worry about it.
418WAITUNION       The wait(2) routine takes a "union wait" argument instead
419                of an integer argument.  This is for compatibility with
420                old versions of BSD.
421SCANF           You can set this to extend the F command to accept a
422                scanf string -- this gives you a primitive parser for
423                class definitions -- BUT it can make you vulnerable to
424                core dumps if the target file is poorly formed.
425SYSLOG_BUFSIZE  You can define this to be the size of the buffer that
426                syslog accepts.  If it is not defined, it assumes a
427                1024-byte buffer.  If the buffer is very small (under
428                256 bytes) the log message format changes -- each
429                e-mail message will log many more messages, since it
430                will log each piece of information as a separate line
431                in syslog.
432BROKEN_RES_SEARCH
433                On Ultrix (and maybe other systems?) if you use the
434                res_search routine with an unknown host name, it returns
435                -1 but sets h_errno to 0 instead of HOST_NOT_FOUND.  If
436                you set this, sendmail considers 0 to be the same as
437                HOST_NOT_FOUND.
438NAMELISTMASK    If defined, values returned by nlist(3) are masked
439                against this value before use -- a common value is
440                0x7fffffff to strip off the top bit.
441BSD4_4_SOCKADDR If defined, socket addresses have an sa_len field that
442                defines the length of this address.
443SAFENFSPATHCONF Set this to 1 if and only if you have verified that a
444                pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an
445                NFS filesystem where the underlying system allows users to
446                give away files to other users returns <= 0.  Be sure you
447                try both on NFS V2 and V3.  Some systems assume that their
448                local policy apply to NFS servers -- this is a bad
449                assumption!  The test/t_pathconf.c program will try this
450                for you -- you have to run it in a directory that is
451                mounted from a server that allows file giveaway.
452SIOCGIFCONF_IS_BROKEN
453                Set this if your system has an SIOCGIFCONF ioctl defined,
454                but it doesn't behave the same way as "most" systems (BSD,
455                Solaris, SunOS, HP-UX, etc.)
456SIOCGIFNUM_IS_BROKEN
457                Set this if your system has an SIOCGIFNUM ioctl defined,
458                but it doesn't behave the same way as "most" systems
459                (Solaris, HP-UX).
460FAST_PID_RECYCLE
461                Set this if your system can reuse the same PID in the same
462                second.
463SO_REUSEADDR_IS_BROKEN
464                Set this if your system has a setsockopt() SO_REUSEADDR
465                flag but doesn't pay attention to it when trying to bind a
466                socket to a recently closed port.
467NEEDSGETIPNODE  Set this if your system supports IPv6 but doesn't include
468                the getipnodeby{name,addr}() functions.  Set automatically
469                for Linux's glibc.
470PIPELINING      Support SMTP PIPELINING (set by default).
471USING_NETSCAPE_LDAP
472                Deprecated in favor of SM_CONF_LDAP_MEMFREE.  See
473                libsm/README.
474NEEDLINK        Set this if your system doesn't have a link() call.  It
475                will create a copy of the file instead of a hardlink.
476USE_ENVIRON     Set this to 1 to access process environment variables from
477                the external variable environ instead of the third
478                parameter of main().
479USE_DOUBLE_FORK By default this is on (1).  Set it to 0 to suppress the
480                extra fork() used to avoid intermediate zombies.
481ALLOW_255       Do not convert (char)0xff to (char)0x7f in headers etc.
482                This can also be done at runtime with the command line
483                option -d82.101.
484
485
486+-----------------------+
487| COMPILE-TIME FEATURES |
488+-----------------------+
489
490There are a bunch of features that you can decide to compile in, such
491as selecting various database packages and special protocol support.
492Several are assumed based on other compilation flags -- if you want to
493"un-assume" something, you probably need to edit conf.h.  Compilation
494flags that add support for special features include:
495
496NDBM            Include support for "new" DBM library for aliases and maps.
497                Normally defined in the Makefile.
498NEWDB           Include support for Berkeley DB package (hash & btree)
499                for aliases and maps.  Normally defined in the Makefile.
500                If the version of NEWDB you have is the old one that does
501                not include the "fd" call (this call was added in version
502                1.5 of the Berkeley DB code), you must upgrade to the
503                current version of Berkeley DB.
504NIS             Define this to get NIS (YP) support for aliases and maps.
505                Normally defined in the Makefile.
506NISPLUS         Define this to get NIS+ support for aliases and maps.
507                Normally defined in the Makefile.
508HESIOD          Define this to get Hesiod support for aliases and maps.
509                Normally defined in the Makefile.
510NETINFO         Define this to get NeXT NetInfo support for aliases and maps.
511                Normally defined in the Makefile.
512LDAPMAP         Define this to get LDAP support for maps.
513PH_MAP          Define this to get PH support for maps.
514MAP_NSD         Define this to get nsd support for maps.
515USERDB          Define this to 1 to include support for the User Information
516                Database.  Implied by NEWDB or HESIOD.  You can use
517                -DUSERDB=0 to explicitly turn it off.
518IDENTPROTO      Define this as 1 to get IDENT (RFC 1413) protocol support.
519                This is assumed unless you are running on Ultrix or
520                HP-UX, both of which have a problem in the UDP
521                implementation.  You can define it to be 0 to explicitly
522                turn off IDENT protocol support.  If defined off, the code
523                is actually still compiled in, but it defaults off; you
524                can turn it on by setting the IDENT timeout in the
525                configuration file.
526IP_SRCROUTE     Define this to 1 to get IP source routing information
527                displayed in the Received: header.  This is assumed on
528                most systems, but some (e.g., Ultrix) apparently have a
529                broken version of getsockopt that doesn't properly
530                support the IP_OPTIONS call.  You probably want this if
531                your OS can cope with it.  Symptoms of failure will be that
532                it won't compile properly (that is, no support for fetching
533                IP_OPTIONs), or it compiles but source-routed TCP connections
534                either refuse to open or open and hang for no apparent reason.
535                Ultrix and AIX3 are known to fail this way.
536LOG             Set this to get syslog(3) support.  Defined by default
537                in conf.h.  You want this if at all possible.
538NETINET         Set this to get TCP/IP support.  Defined by default
539                in conf.h.  You probably want this.
540NETINET6        Set this to get IPv6 support.  Other configuration may
541                be needed in conf.h for your particular operating system.
542                Also, DaemonPortOptions must be set appropriately for
543                sendmail to accept IPv6 connections.
544NETISO          Define this to get ISO networking support.
545NETUNIX         Define this to get Unix domain networking support.  Defined
546                by default.  A few bizarre systems (SCO, ISC, Altos) don't
547                support this networking domain.
548NETNS           Define this to get NS networking support.
549NETX25          Define this to get X.25 networking support.
550NAMED_BIND      If non-zero, include DNS (name daemon) support, including
551                MX support.  The specs say you must use this if you run
552                SMTP.  You don't have to be running a name server daemon
553                on your machine to need this -- any use of the DNS resolver,
554                including remote access to another machine, requires this
555                option.  Defined by default in conf.h.  Define it to zero
556                ONLY on machines that do not use DNS in any way.
557MATCHGECOS      Permit fuzzy matching of user names against the full
558                name (GECOS) field in the /etc/passwd file.  This should
559                probably be on, since you can disable it from the config
560                file if you want to.  Defined by default in conf.h.
561MIME8TO7        If non-zero, include 8 to 7 bit MIME conversions.  This
562                also controls advertisement of 8BITMIME in the ESMTP
563                startup dialogue.
564MIME7TO8        If non-zero, include 7 to 8 bit MIME conversions.
565HES_GETMAILHOST Define this to 1 if you are using Hesiod with the
566                hes_getmailhost() routine.  This is included with the MIT
567                Hesiod distribution, but not with the DEC Hesiod distribution.
568XDEBUG          Do additional internal checking.  These don't cost too
569                much; you might as well leave this on.
570TCPWRAPPERS     Turns on support for the TCP wrappers library (-lwrap).
571                See below for further information.
572SECUREWARE      Enable calls to the SecureWare luid enabling/changing routines.
573                SecureWare is a C2 security package added to several UNIX's
574                (notably ConvexOS) to get a C2 Secure system.  This
575                option causes mail delivery to be done with the luid of the
576                recipient.
577SHARE_V1        Support for the fair share scheduler, version 1.  Setting to
578                1 causes final delivery to be done using the recipients
579                resource limitations.  So far as I know, this is only
580                supported on ConvexOS.
581SASL            Enables SMTP AUTH (RFC 2554).  This requires the Cyrus SASL
582                library (ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/).  Please
583                install at least version 1.5.13.  See below for further
584                information: SASL COMPILATION AND CONFIGURATION.  If your
585                SASL library is older than 1.5.10, you have to set this
586                to its version number using a simple conversion:  a.b.c
587                -> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
588                Note: Using an older version than 1.5.5 of Cyrus SASL is
589                not supported.  Starting with version 1.5.10, setting SASL=1
590                is sufficient.  Any value other than 1 (or 0) will be
591                compared with the actual version found and if there is a
592                mismatch, compilation will fail.
593EGD             Define this if your system has EGD installed, see
594                http://egd.sourceforge.net/ .  It should be used to
595                seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
596STARTTLS        Enables SMTP STARTTLS (RFC 2487).  This requires OpenSSL
597                (http://www.OpenSSL.org/); use OpenSSL 0.9.5a or later
598                (if compatible with this version), do not use 0.9.3.
599                See STARTTLS COMPILATION AND CONFIGURATION for further
600                information.
601TLS_NO_RSA      Turn off support for RSA algorithms in STARTTLS.
602MILTER          Turn on support for external filters using the Milter API.
603                See libmilter/README for more information.
604REQUIRES_DIR_FSYNC      Turn on support for file systems that require to
605                call fsync() for a directory if the meta-data in it has
606                been changed.  This should be turned on at least for older
607                versions of ReiserFS; it is enabled by default for Linux.
608                According to some information this flag is not needed
609                anymore for kernel 2.4.16 and newer.  We would appreciate
610                feedback about the semantics of the various file systems
611                available for Linux.
612                An alternative to this compile time flag is to mount the
613                queue directory without the -async option, or using
614                chattr +S on Linux.
615DBMMODE         The default file permissions to use when creating new
616                database files for maps and aliases.  Defaults to 0640.
617
618Generic notice: If you enable a compile time option that needs
619libraries or include files that don't come with sendmail or are
620installed in a location that your C compiler doesn't use by default
621you should set confINCDIRS and confLIBDIRS as explained in the
622first section:  BUILDING SENDMAIL.
623
624
625+---------------------+
626| DNS/RESOLVER ISSUES |
627+---------------------+
628
629Many systems have old versions of the resolver library.  At a minimum,
630you should be running BIND 4.8.3; older versions may compile, but they
631have known bugs that should give you pause.
632
633Common problems in old versions include "undefined" errors for
634dn_skipname.
635
636Some people have had a problem with BIND 4.9; it uses some routines
637that it expects to be externally defined such as strerror().  It may
638help to link with "-l44bsd" to solve this problem.  This has apparently
639been fixed in later versions of BIND, starting around 4.9.3.  In other
640words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or
641later versions, you do not.
642
643!PLEASE! be sure to link with the same version of the resolver as
644the header files you used -- some people have used the 4.9 headers
645and linked with BIND 4.8 or vice versa, and it doesn't work.
646Unfortunately, it doesn't fail in an obvious way -- things just
647subtly don't work.
648
649WILDCARD MX RECORDS ARE A BAD IDEA!  The only situation in which they
650work reliably is if you have two versions of DNS, one in the real world
651which has a wildcard pointing to your firewall, and a completely
652different version of the database internally that does not include
653wildcard MX records that match your domain.  ANYTHING ELSE WILL GIVE
654YOU HEADACHES!
655
656When attempting to canonify a hostname, some broken name servers will
657return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups.  If you
658want to excuse this behavior, include WorkAroundBrokenAAAA in
659ResolverOptions.  However, instead, we recommend catching the problem and
660reporting it to the name server administrator so we can rid the world of
661broken name servers.
662
663
664+----------------------------------------+
665| STARTTLS COMPILATION AND CONFIGURATION |
666+----------------------------------------+
667
668Please read the documentation accompanying the OpenSSL library.  You
669have to compile and install the OpenSSL libraries before you can compile
670sendmail.  See devtools/README how to set the correct compile time
671parameters; you should at least set the following variables:
672
673APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
674APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
675
676If you have installed the OpenSSL libraries and include files in
677a location that your C compiler doesn't use by default you should
678set confINCDIRS and confLIBDIRS as explained in the first section:
679BUILDING SENDMAIL.
680
681Configuration information can be found in doc/op/op.me (required
682certificates) and cf/README (how to tell sendmail about certificates).
683
684To perform an initial test, connect to your sendmail daemon
685(telnet localhost 25) and issue a EHLO localhost and see whether
686250-STARTTLS
687is in the response.  If it isn't, run the daemon with
688-O LogLevel=14
689and try again.  Then take a look at the logfile and see whether
690there are any problems listed about permissions (unsafe files)
691or the validity of X.509 certificates.
692
693From: Garrett Wollman <wollman@lcs.mit.edu>
694
695    If your certificate authority is hierarchical, and you only include
696    the top-level CA certificate in the CACertFile file, some mail clients
697    may be unable to infer the proper certificate chain when selecting a
698    client certificate.  Including the bottom-level CA certificate(s) in
699    the CACertFile file will allow these clients to work properly.  This
700    is not necessary if you are not using client certificates for
701    authentication, or if all your clients are running Sendmail or other
702    programs using the OpenSSL library (which get it right automatically).
703    In addition, some mail clients are totally incapable of using
704    certificate authentication -- even some of those which already support
705    SSL/TLS for confidentiality.
706
707Further information can be found via:
708http://www.sendmail.org/tips/
709
710
711+------------------------------------+
712| SASL COMPILATION AND CONFIGURATION |
713+------------------------------------+
714
715Please read the documentation accompanying the Cyrus SASL library
716(INSTALL and README).  If you use Berkeley DB for Cyrus SASL then
717you must compile sendmail with the same version of Berkeley DB.
718See devtools/README for how to set the correct compile time parameters;
719you should at least set the following variables:
720
721APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL')
722APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
723
724If you have installed the Cyrus SASL library and include files in
725a location that your C compiler doesn't use by default you should
726set confINCDIRS and confLIBDIRS as explained in the first section:
727BUILDING SENDMAIL.
728
729You have to select and install authentication mechanisms and tell
730sendmail where to find the sasl library and the include files (see
731devtools/README for the parameters to set).  Set up the required
732users and passwords as explained in the SASL documentation.  See
733also cf/README for authentication related options (especially
734DefaultAuthInfo if you want authentication between MTAs).
735
736To perform an initial test, connect to your sendmail daemon
737(telnet localhost 25) and issue a EHLO localhost and see whether
738250-AUTH ....
739is in the response.  If it isn't, run the daemon with
740-O LogLevel=14
741and try again.  Then take a look at the logfile and see whether
742there are any security related problems listed (unsafe files).
743
744Further information can be found via:
745http://www.sendmail.org/tips/
746
747
748+-------------------------------------+
749| OPERATING SYSTEM AND COMPILE QUIRKS |
750+-------------------------------------+
751
752GCC problems
753        When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
754                too (see include/sm/cdefs.h for more info).
755
756        *****************************************************************
757        **  IMPORTANT:  DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE    **
758        **  RUNNING GCC 2.4.x or 2.5.x.  THERE IS A BUG IN THE GCC     **
759        **  OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. **
760        *****************************************************************
761
762        Jim Wilson of Cygnus believes he has found the problem -- it will
763        probably be fixed in GCC 2.5.6 -- but until this is verified, be
764        very suspicious of gcc -O.  This problem is reported to have been
765        fixed in gcc 2.6.
766
767        A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with
768        optimization on a Sparc.  If you are using gcc 2.5.5, youi should
769        upgrade to the latest version of gcc.
770
771        Apparently GCC 2.7.0 on the Pentium processor has optimization
772        problems.  I recommend against using -O on that architecture.  This
773        has been seen on FreeBSD 2.0.5 RELEASE.
774
775        Solaris 2.X users should use version 2.7.2.3 over 2.7.2.
776
777        We have been told there are problems with gcc 2.8.0.  If you are
778        using this version, you should upgrade to 2.8.1 or later.
779
780Berkeley DB
781        Berkeley DB 4.1.x with x <= 24 does not work with sendmail.
782        You need at least 4.1.25.
783
784GDBM    GDBM does not work with sendmail because the additional
785        security checks and file locking cause problems.  Unfortunately,
786        gdbm does not provide a compile flag in its version of ndbm.h so
787        the code can adapt.  Until the GDBM authors can fix these problems,
788        GDBM will not be supported.  Please use Berkeley DB instead.
789
790Configuration file location
791        Up to 8.6, sendmail tried to find the sendmail.cf file in the same
792        place as the vendors had put it, even when this was obviously
793        stupid.  As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
794        Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
795        You can get sendmail to use the stupid vendor .cf location by
796        adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
797        support programs and scripts that need to find sendmail.cf.  You
798        are STRONGLY urged to use symbolic links if you want to use the
799        vendor location rather than changing the location in the sendmail
800        binary.
801
802        NETINFO systems use NETINFO to determine the location of
803        sendmail.cf.  The full path to sendmail.cf is stored as the value of
804        the "sendmail.cf" property in the "/locations/sendmail"
805        subdirectory of NETINFO.  Set the value of this property to
806        "/etc/mail/sendmail.cf" (without the quotes) to use this new
807        default location for Sendmail 8.10.0 and higher.
808
809ControlSocket permissions
810        Paraphrased from BIND 8.2.1's README:
811
812        Solaris and other pre-4.4BSD kernels do not respect ownership or
813        protections on UNIX-domain sockets.  The short term fix for this is to
814        override the default path and put such control sockets into root-
815        owned directories which do not permit non-root to r/w/x through them.
816        The long term fix is for all kernels to upgrade to 4.4BSD semantics.
817
818HP MPE/iX
819        The MPE-specific code within sendmail emulates a set-user-id root
820        environment for the sendmail binary.  But there is no root uid 0 on
821        MPE, nor is there any support for set-user-id programs.  Even when
822        sendmail thinks it is running as uid 0, it will still have the file
823        access rights of the underlying non-zero uid, but because sendmail is
824        an MPE priv-mode program it will still be able to call setuid() to
825        successfully switch to a new uid.
826
827        MPE setgid() semantics don't quite work the way sendmail expects, so
828        special emulation is done here also.
829
830        This uid/gid emulation is enabled via the setuid/setgid file mode bits
831        which are not currently used by MPE.  Code in libsm/mpeix.c examines
832        these bits and enables emulation if they have been set, i.e.,
833        chmod u+s,g+s /SENDMAIL/CURRENT/SENDMAIL.
834
835SunOS 4.x (Solaris 1.x)
836        You may have to use -lresolv on SunOS.  However, beware that
837        this links in a new version of gethostbyname that does not
838        understand NIS, so you must have all of your hosts in DNS.
839
840        Some people have reported problems with the SunOS version of
841        -lresolv and/or in.named, and suggest that you get a newer
842        version.  The symptoms are delays when you connect to the
843        SMTP server on a SunOS machine or having your domain added to
844        addresses inappropriately.  There is a version of BIND
845        version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9.
846
847        There is substantial disagreement about whether you can make
848        this work with resolv+, which allows you to specify a search-path
849        of services.  Some people report that it works fine, others
850        claim it doesn't work at all (including causing sendmail to
851        drop core when it tries to do multiple resolv+ lookups for a
852        single job).  I haven't tried resolv+, as we use DNS exclusively.
853
854        Should you want to try resolv+, it is on ftp.uu.net in
855        /networking/ip/dns.
856
857        Apparently getservbyname() can fail under moderate to high
858        load under some circumstances.  This will exhibit itself as
859        the message ``554 makeconnection: service "smtp" unknown''.
860        The problem has been traced to one or more blank lines in
861        /etc/services on the NIS server machine.  Delete these
862        and it should work.  This info is thanks to Brian Bartholomew
863        <bb@math.ufl.edu> of I-Kinetics, Inc.
864
865        NOTE: The SunOS 4.X linker uses library paths specified during
866        compilation using -L for run-time shared library searches.
867        Therefore, it is vital that relative and unsafe directory paths not
868        be used when compiling sendmail.
869
870SunOS 4.0.2 (Sun 386i)
871        Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
872        From: teus@oce.nl
873
874        Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the
875        following changes:
876        * Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
877          available as "uname" command.
878        * Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
879          devtools/OS/SunOS.4.0, which is selected via the "uname" command.
880        I recommend to make available the db-library on the system first
881        (and change the Makefile to use this library).
882        Note that the sendmail.cf and aliases files are found in /etc.
883
884SunOS 4.1.3, 4.1.3_U1
885        Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1.  According
886        to Sun bug number 1077939:
887
888        If an application does a getsockopt() on a SOCK_STREAM (TCP) socket
889        after the other side of the connection has sent a TCP RESET for
890        the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or
891        ip_ctloutput() routine.
892
893        For 4.1.3, this is fixed in patch 100584-08, available on the
894        Sunsolve 2.7.1 or later CDs.  For 4.1.3_U1, this was fixed in patch
895        101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later
896        obsoleted by patch 102010-05.
897
898        Sun patch 100584-08 is not currently publicly available on their
899        ftp site but a user has reported it can be found at other sites
900        using a web search engine.
901
902Solaris 2.x (SunOS 5.x)
903        To compile for Solaris, the Makefile built by Build must
904        include a SOLARIS definition which reflects the Solaris version
905        (i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1).
906        If you are using gcc, make sure -I/usr/include is not used (or
907        it might complain about TopFrame).  If you are using Sun's cc,
908        make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
909        (or it might complain about tm_zone).
910
911        The Solaris 2.x (x <= 3) "syslog" function is apparently limited
912        to something about 90 characters because of a kernel limitation.
913        If you have source code, you can probably up this number.  You
914        can get patches that fix this problem:  the patch ids are:
915
916                Solaris 2.1     100834
917                Solaris 2.2     100999
918                Solaris 2.3     101318
919
920        Be sure you have the appropriate patch installed or you won't
921        see system logging.
922
923Solaris 2.4 (SunOS 5.4)
924        If you include /usr/lib at the end of your LD_LIBRARY_PATH you run
925        the risk of getting the wrong libraries under some circumstances.
926        This is because of a new feature in Solaris 2.4, described by
927        Rod.Evans@Eng.Sun.COM:
928
929        >> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the
930        >> runtime linker if the application was setxid (secure), thus your
931        >> applications search path would be:
932        >>
933        >>      /usr/local/lib  LD_LIBRARY_PATH component - IGNORED
934        >>      /usr/lib        LD_LIBRARY_PATH component - IGNORED
935        >>      /usr/local/lib  RPATH - honored
936        >>      /usr/lib        RPATH - honored
937        >>
938        >> the effect is that path 3 would be the first used, and this would
939        >> satisfy your resolv.so lookup.
940        >>
941        >> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible.
942        >> People who developed setxid applications wanted to be able to alter
943        >> the library search path to some degree to allow for their own
944        >> testing and debugging mechanisms.  It was decided that the only
945        >> secure way to do this was to allow a `trusted' path to be used in
946        >> LD_LIBRARY_PATH.  The only trusted directory we presently define
947        >> is /usr/lib.  Thus a set-user-ID root developer could play with some
948        >> alternative shared object implementations and place them in
949        >> /usr/lib (being root we assume they'ed have access to write in this
950        >> directory).  This change was made as part of 1155380 - after a
951        >> *huge* amount of discussion regarding the security aspect of things.
952        >>
953        >> So, in SunOS 5.4 your applications search path would be:
954        >>
955        >>      /usr/local/lib  from LD_LIBRARY_PATH - IGNORED (untrustworthy)
956        >>      /usr/lib        from LD_LIBRARY_PATH - honored (trustworthy)
957        >>      /usr/local/lib  from RPATH - honored
958        >>      /usr/lib        from RPATH - honored
959        >>
960        >> here, path 2 would be the first used.
961
962Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
963        Apparently Solaris 2.5.1 patch 103663-01 installs a new
964        /usr/include/resolv.h file that defines the __P macro without
965        checking to see if it is already defined.  This new resolv.h is also
966        included in the Solaris 2.6 distribution.  This causes compile
967        warnings such as:
968
969           In file included from daemon.c:51:
970           /usr/include/resolv.h:208: warning: `__P' redefined
971           cdefs.h:58: warning: this is the location of the previous definition
972
973        These warnings can be safely ignored or you can create a resolv.h
974        file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads:
975
976           #undef __P
977           #include "/usr/include/resolv.h"
978
979        This problem was fixed in Solaris 7 (Sun bug ID 4081053).
980
981Solaris 7 (SunOS 5.7)
982        Solaris 7 includes LDAP libraries but the implementation was
983        lacking a few things.  The following settings can be placed in
984        devtools/Site/site.SunOS.5.7.m4 if you plan on using those
985        libraries.
986
987        APPENDDEF(`confMAPDEF', `-DLDAPMAP')
988        APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
989        APPENDDEF(`confLIBS', `-lldap')
990
991        Also, Sun's patch 107555 is needed to prevent a crash in the call
992        to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
993        LDAP support is compiled in sendmail.
994
995Solaris 8 and later (SunOS 5.8 and later)
996        Solaris 8 and later can optionally install LDAP support.  If you
997        have installed the Entire Distribution meta-cluster, you can use
998        the following in devtools/Site/site.SunOS.5.8.m4 (or other
999        appropriately versioned file) to enable LDAP:
1000
1001        APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1002        APPENDDEF(`confLIBS', `-lldap')
1003
1004Solaris 9 and later (SunOS 5.9 and later)
1005        Solaris 9 and later have a revised LDAP library, libldap.so.5,
1006        which is derived from a Netscape implementation, thus requiring
1007        that SM_CONF_LDAP_MEMFREE be defined in conjunction with LDAPMAP:
1008
1009        APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1010        APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE')
1011        APPENDDEF(`confLIBS', `-lldap')
1012
1013Solaris
1014        If you are using dns for hostname resolution on Solaris, make sure
1015        that the 'dns' entry is last on the hosts line in
1016        '/etc/nsswitch.conf'.  For example, use:
1017
1018                hosts:  nisplus files dns
1019
1020        Do not use:
1021
1022                hosts:  nisplus dns [NOTFOUND=return] files
1023
1024        Note that 'nisplus' above is an illustration.  The same comment
1025        applies no matter what naming services you are using.  If you have
1026        anything other than dns last, even after "[NOTFOUND=return]",
1027        sendmail may not be able to determine whether an error was
1028        temporary or permanent.  The error returned by the solaris
1029        gethostbyname() is the error for the last lookup used, and other
1030        naming services do not have the same concept of temporary failure.
1031
1032Ultrix
1033        By default, the IDENT protocol is turned off on Ultrix.  If you
1034        are running Ultrix 4.4 or later, or if you have included patch
1035        CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
1036        IDENT on in the configuration file by setting the "ident" timeout.
1037
1038        The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
1039        included in libc.a.  Unfortunately, the __RES symbol hasn't changed
1040        and therefore, sendmail can no longer automatically detect the
1041        newer version.  If you get a compiler error:
1042
1043        /lib/libc.a(gethostent.o): local_hostname_length: multiply defined
1044
1045        Then rebuild with this in devtools/Site/site.ULTRIX.m4:
1046
1047        APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
1048
1049Digital UNIX (formerly DEC OSF/1)
1050        If you are compiling on OSF/1 (DEC Alpha), you must use
1051        -L/usr/shlib (otherwise it core dumps on startup).  You may also
1052        need -mld to get the nlist() function, although some versions
1053        apparently don't need this.
1054
1055        Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
1056        it, just create the link to the sendmail binary.
1057
1058        On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work
1059        properly due to a bug in the getpw* routines.  If you want to use
1060        this, use -DDEC_OSF_BROKEN_GETPWENT=1.  The problem is fixed in 3.2C.
1061
1062        Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will
1063        only preserve the envelope sender in the "From " header if
1064        DefaultUserID is set to daemon.  Setting this to mailnull will
1065        cause all mail to have the header "From mailnull ...".  To use
1066        a different DefaultUserID, you will need to use a different mail
1067        delivery agent (such as mail.local found in the sendmail
1068        distribution).
1069
1070        On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the
1071        operating system and already has the ndbm.o module removed.  However,
1072        Digital has modified the original Berkeley DB db.h include file.
1073        This results in the following warning while compiling map.c and udb.c:
1074
1075        cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro
1076         "__signed" conflicts with a current definition because the replacement
1077         lists differ.  The redefinition is now in effect.
1078        #define __signed        signed
1079        ------------------------^
1080
1081        This warning can be ignored.
1082
1083        Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/.
1084        If you have installed a new version of BIND in /usr/include
1085        and /usr/lib, you will experience difficulties as Digital ships
1086        libresolv.a in /usr/ccs/lib/ as well.  Be sure to replace both
1087        copies of libresolv.a.
1088
1089IRIX
1090        The header files on SGI IRIX are completely prototyped, and as
1091        a result you can sometimes get some warning messages during
1092        compilation.  These can be ignored.  There are two errors in
1093        deliver only if you are using gcc, both of the form ``warning:
1094        passing arg N of `execve' from incompatible pointer type''.
1095        Also, if you compile with -DNIS, you will get a complaint
1096        about a declaration of struct dom_binding in a prototype
1097        when compiling map.c; this is not important because the
1098        function being prototyped is not used in that file.
1099
1100        In order to compile sendmail you will have had to install
1101        the developers' option in order to get the necessary include
1102        files.
1103
1104        If you compile with -lmalloc (the fast memory allocator), you may
1105        get warning messages such as the following:
1106
1107           ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so
1108                preempts that definition in /usr/lib32/mips3/libc.so.
1109           ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so
1110                preempts that definition in /usr/lib32/mips3/libc.so.
1111           ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so
1112                preempts that definition in /usr/lib32/mips3/libc.so.
1113           ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so
1114                preempts that definition in /usr/lib32/mips3/libc.so.
1115           ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so
1116                preempts that definition in /usr/lib32/mips3/libc.so.
1117
1118        These are unavoidable and innocuous -- just ignore them.
1119
1120        According to Dave Sill <de5@ornl.gov>, there is a version of the
1121        Berkeley DB library patched to run on Irix 6.2 available from
1122        http://reality.sgi.com/ariel/freeware/#db .
1123
1124IRIX 6.x
1125        If you are using XFS filesystem, avoid using the -32 ABI switch to
1126        the cc compiler if possible.
1127
1128        Broken inet_aton and inet_ntoa on IRIX using gcc: There's
1129        a problem with gcc on IRIX, i.e., gcc can't pass structs
1130        less than 16 bits long unless they are 8 bits; IRIX 6.2 has
1131        some other sized structs.  See
1132        http://www.bitmechanic.com/mail-archives/mysql/current/0418.html
1133        This problem seems to be fixed by gcc v2.95.2, gcc v2.8.1
1134        is reported as broken.  Check your gcc version for this bug
1135        before installing sendmail.
1136
1137IRIX 6.4
1138        The IRIX 6.5.4 version of /bin/m4 does not work properly with
1139        sendmail.  Either install fw_m4.sw.m4 off the Freeware_May99 CD and
1140        use /usr/freeware/bin/m4 or install and use GNU m4.
1141
1142NeXT or NEXTSTEP
1143        NEXTSTEP 3.3 and earlier ship with the old DBM library.  Also,
1144        Berkeley DB does not currently run on NEXTSTEP.
1145
1146        If you are compiling on NEXTSTEP, you will have to create an
1147        empty file "unistd.h" and create a file "dirent.h" containing:
1148
1149                #include <sys/dir.h>
1150                #define dirent  direct
1151
1152        (devtools/OS/NeXT should try to do both of these for you.)
1153
1154        Apparently, there is a bug in getservbyname on Nextstep 3.0
1155        that causes it to fail under some circumstances with the
1156        message "SYSERR: service "smtp" unknown" logged.  You should
1157        be able to work around this by including the line:
1158
1159                OOPort=25
1160
1161        in your .cf file.
1162
1163BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
1164        The "m4" from BSDI won't handle the config files properly.
1165        I haven't had a chance to test this myself.
1166
1167        The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config
1168        files properly.  One must use either GNU m4 1.1 or the PD-M4
1169        recently posted in comp.os.386bsd.bugs (and maybe others).
1170        NetBSD-current includes the PD-M4 (as stated in the NetBSD file
1171        CHANGES).
1172
1173        FreeBSD 1.0 RELEASE has uname(2) now.  Use -DUSEUNAME in order to
1174        use it (look into devtools/OS/FreeBSD).  NetBSD-current may have
1175        it too but it has not been verified.
1176
1177        The latest version of Berkeley DB uses a different naming
1178        scheme than the version that is supplied with your release.  This
1179        means you will be able to use the current version of Berkeley DB
1180        with sendmail as long you use the new db.h when compiling
1181        sendmail and link it against the new libdb.a or libdb.so.  You
1182        should probably keep the original db.h in /usr/include and the
1183        new db.h in /usr/local/include.
1184
11854.3BSD
1186        If you are running a "virgin" version of 4.3BSD, you'll have
1187        a very old resolver and be missing some header files.  The
1188        header files are simple -- create empty versions and everything
1189        will work fine.  For the resolver you should really port a new
1190        version (4.8.3 or later) of the resolver; 4.9 is available on
1191        gatekeeper.DEC.COM in pub/BSD/bind/4.9.  If you are really
1192        determined to continue to use your old, buggy version (or as
1193        a shortcut to get sendmail working -- I'm sure you have the
1194        best intentions to port a modern version of BIND), you can
1195        copy ../contrib/oldbind.compat.c into sendmail and add the
1196        following to devtools/Site/site.config.m4:
1197
1198        APPENDDEF(`confOBJADD', `oldbind.compat.o')
1199
1200OpenBSD (up to 2.9 Release), NetBSD, FreeBSD (up to 4.3-RELEASE)
1201        m4 from *BSD won't handle libsm/Makefile.m4 properly, since the
1202        maximum length for strings is too short.  You need to use GNU m4
1203        or patch m4, see for example:
1204  http://FreeBSD.org/cgi/cvsweb.cgi/src/usr.bin/m4/eval.c.diff?r1=1.11&r2=1.12
1205
1206A/UX
1207        Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT)
1208        From: "Eric C. Hagberg" <hagberg@med.cornell.edu>
1209        Subject: Fix for A/UX ndbm
1210
1211        I guess this isn't really a sendmail bug, however, it is something
1212        that A/UX users should be aware of when compiling sendmail 8.6.
1213
1214        Apparently, the calls that sendmail is using to the ndbm routines
1215        in A/UX 3.0.x contain calls to "broken" routines, in that the
1216        aliases database will break when it gets "just a little big"
1217        (sorry I don't have exact numbers here, but it broke somewhere
1218        around 20-25 aliases for me.), making all aliases non-functional
1219        after exceeding this point.
1220
1221        What I did was to get the gnu-dbm-1.6 package, compile it, and
1222        then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
1223        ndbm.h header file that comes with the gnu-package.  This makes
1224        things behave properly.
1225          [NOTE: see comment above about GDBM]
1226
1227        I suppose porting the New Berkeley DB package is another route,
1228        however, I made a quick attempt at it, and found it difficult
1229        (not easy at least); the gnu-dbm package "configured" and
1230        compiled easily.
1231
1232          [NOTE: Berkeley DB version 2.X runs on A/UX and can be used for
1233          database maps.]
1234
1235SCO Unix
1236        From: Thomas Essebier <tom@stallion.oz.au>
1237        Organisation:  Stallion Technologies Pty Ltd.
1238
1239        It will probably help those who are trying to configure sendmail 8.6.9
1240        to know that if they are on SCO, they had better set
1241                OI-dnsrch
1242        or they will core dump as soon as they try to use the resolver.
1243        i.e., although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3,
1244        it does not inititialise it, nor does it understand 'search' in
1245        /etc/named.boot.
1246                - sigh -
1247
1248        According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
1249        We recommend installing GNU m4 before attempting to build sendmail.
1250
1251        On some versions a bogus error value is listed if connections
1252        time out (large negative number).  To avoid this explicitly set
1253        Timeout.connect to a reasonable value (several minutes).
1254
1255DG/UX
1256        Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run
1257        V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage.
1258        Originally, the DG /bin/mail program wasn't compatible with
1259        the V8 sendmail, since the DG /bin/mail requires the environment
1260        variable "_FORCE_MAIL_LOCAL_=yes" be set.  Version 8.7 now includes
1261        this in the environment before invoking the local mailer.  Some
1262        have used procmail to avoid this problem in the past.  It works
1263        but some have experienced file locking problems with their DG/UX
1264        ports of procmail.
1265
1266Apollo DomainOS
1267        If you are compiling on Apollo, you will have to create an empty
1268        file "unistd.h" (for DomainOS 10.3 and earlier) and create a file
1269        "dirent.h" containing:
1270
1271                #include <sys/dir.h>
1272                #define dirent  direct
1273
1274        (devtools/OS/DomainOS will attempt to do both of these for you.)
1275
1276HP-UX 8.00
1277        Date: Mon, 24 Jan 1994 13:25:45 +0200
1278        From: Kimmo Suominen <Kimmo.Suominen@lut.fi>
1279        Subject: 8.6.5 w/ HP-UX 8.00 on s300
1280
1281        Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (i.e.,
1282        a series 300 machine) running HP-UX 8.00.
1283
1284        I was getting segmentation fault when delivering to a local user.
1285        With debugging I saw it was faulting when doing _free@libc... *sigh*
1286        It seems the new implementation of malloc on s300 is buggy as of 8.0,
1287        so I tried out the one in -lmalloc (malloc(3X)).  With that it seems
1288        to work just dandy.
1289
1290        When linking, you will get the following error:
1291
1292        ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a
1293
1294        but you can just ignore it.  You might want to add this info to the
1295        README file for the future...
1296
1297Linux
1298        Something broke between versions 0.99.13 and 0.99.14 of Linux: the
1299        flock() system call gives errors.  If you are running .14, you must
1300        not use flock.  You can do this with -DHASFLOCK=0.  We have also
1301        been getting complaints since version 2.4.X was released.  Unless
1302        the bug is fixed before sendmail 8.13 is shipped, 8.13 will change
1303        the default locking method to fcntl() for Linux kernel version 2.4
1304        and later.  Be sure to update other sendmail related programs to
1305        match locking techniques (some examples, besides makemap and
1306        mail.local, include procmail, mailx, mutt, elm, etc).
1307
1308        Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the
1309        initialization of the _res structure changed.  If /etc/hosts.conf
1310        was configured as "hosts, bind" the resolver code could return
1311        "Name server failure" errors.  This is supposedly fixed in
1312        later versions of libc (>= 4.6.29?), and later versions of
1313        sendmail (> 8.6.10) try to work around the problem.
1314
1315        Some older versions (< 4.6.20?) of the libc/include files conflict
1316        with sendmail's version of cdefs.h.  Deleting sendmail's version
1317        on those systems should be non-harmful, and new versions don't care.
1318
1319        NOTE ON LINUX & BIND:  By default, the Makefile generated for Linux
1320        includes header files in /usr/local/include and libraries in
1321        /usr/local/lib.  If you've installed BIND on your system, the header
1322        files typically end up in the search path and you need to add
1323        "-lresolv" to the LIBS line in your Makefile.  Really old versions
1324        may need to include "-l44bsd" as well (particularly if the link phase
1325        complains about missing strcasecmp, strncasecmp or strpbrk).
1326        Complaints about an undefined reference to `__dn_skipname' in
1327        domain.o are a sure sign that you need to add -lresolv to LIBS.
1328        Newer versions of Linux are basically threaded BIND, so you may or
1329        may not see complaints if you accidentally mix BIND
1330        headers/libraries with virginal libc.  If you have BIND headers in
1331        /usr/local/include (resolv.h, etc) you *should* be adding -lresolv
1332        to LIBS.  Data structures may change and you'd be asking for a
1333        core dump.
1334
1335        A number of problems have been reported regarding the Linux 2.2.0
1336        kernel.  So far, these problems have been tracked down to syslog()
1337        and DNS resolution.  We believe the problem is with the poll()
1338        implementation in the Linux 2.2.0 kernel and poll()-aware versions
1339        of glib (at least up to 2.0.111).
1340
1341glibc
1342        glibc 2.2.1 (and possibly other versions) changed the value of
1343        __RES in resolv.h but failed to actually provide the IPv6 API
1344        changes that the change implied.  Therefore, compiling with
1345        -DNETINET6 fails.
1346
1347        Workarounds:
1348        1) Compile without -DNETINET6
1349        2) Build against a real BIND 8.2.2 include/lib tree
1350        3) Wait for glibc to fix it
1351
1352AIX 4.X
1353        The AIX 4.X linker uses library paths specified during compilation
1354        using -L for run-time shared library searches.  Therefore, it is
1355        vital that relative and unsafe directory paths not be using when
1356        compiling sendmail.  Because of this danger, by default, compiles
1357        on AIX use the -blibpath option to limit shared libraries to
1358        /usr/lib and /lib.  If you need to allow more directories, such as
1359        /usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
1360        site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
1361        appropriately.  For example:
1362
1363        define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
1364
1365        Be sure to only add (safe) system directories.
1366
1367        The AIX version of GNU ld also exhibits this problem.  If you are
1368        using that version, instead of -blibpath, use its -rpath option.
1369        For example:
1370
1371        gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
1372
1373AIX 4.X If the test program t-event (and most others) in libsm fails,
1374        check your compiler settings.  It seems that the flags -qnoro or
1375        -qnoroconst on some AIX versions trigger a compiler bug.  Check
1376        your compiler settings or use cc instead of xlc.
1377
1378AIX 4.0-4.2, maybe some AIX 4.3 versions
1379        The AIX m4 implements a different mechanism for ifdef which is
1380        inconsistent with other versions of m4.  Therefore, it will not
1381        work properly with the sendmail Build architecture or m4
1382        configuration method.  To work around this problem, please use
1383        GNU m4 from ftp://ftp.gnu.org/pub/gnu/.
1384        The problem seems to be solved in AIX 4.3.3 at least.
1385
1386AIX 4.3.3
1387        From: Valdis.Kletnieks@vt.edu
1388        Date: Sun, 02 Jul 2000 03:58:02 -0400
1389
1390        Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
1391        BIND 8.2.2 security holes, you can no longer build with  -DNETINET6
1392        because they changed the value of __RES in resolv.h but failed to
1393        actually provide the API changes that the change implied.
1394
1395        Workarounds:
1396        1) Compile without -DNETINET6
1397        2) Build against a real BIND 8.2.2 include/lib tree
1398        3) Wait for IBM to fix it
1399
1400AIX 3.x
1401        This version of sendmail does not support MB, MG, and MR resource
1402        records, which are supported by AIX sendmail.
1403
1404        Several people have reported that the IBM-supplied named returns
1405        fairly random results -- the named should be replaced.  It is not
1406        necessary to replace the resolver, which will simplify installation.
1407        A new BIND resolver can be found at http://www.isc.org/isc/.
1408
1409AIX 3.1.x
1410        The supplied load average code only works correctly for AIX 3.2.x.
1411        For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor''
1412        package by Jussi Maki <jmaki@hut.fi> from ftp.funet.fi in the
1413        directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd
1414        daemon, and the getloadavg subroutine supplied with that package.
1415        If you don't care about load average throttling, just turn off
1416        load average checking using -DLA_TYPE=LA_ZERO.
1417
1418RISC/os
1419        RISC/os from MIPS is a merged AT&T/Berkeley system.  When you
1420        compile on that platform you will get duplicate definitions
1421        on many files.  You can ignore these.
1422
1423System V Release 4 Based Systems
1424        There is a single devtools OS that is intended for all SVR4-based
1425        systems (built from devtools/OS/SVR4).  It defines __svr4__,
1426        which is predefined by some compilers.  If your compiler already
1427        defines this compile variable, you can delete the definition from
1428        the generated Makefile or create a devtools/Site/site.config.m4
1429        file.
1430
1431        It's been tested on Dell Issue 2.2.
1432
1433DELL SVR4
1434        Date:      Mon, 06 Dec 1993 10:42:29 EST
1435        From: "Kimmo Suominen" <kim@grendel.lut.fi>
1436        Message-ID: <2d0352f9.lento29@lento29.UUCP>
1437        To: eric@cs.berkeley.edu
1438        Cc: sendmail@cs.berkeley.edu
1439        Subject:   Notes for DELL SVR4
1440
1441        Eric,
1442
1443        Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4.  I ran
1444        across these things when helping out some people who contacted me by
1445        e-mail.
1446
1447        1) Use gcc 2.4.5 (or later?).  Dell distributes gcc 2.1 with their
1448           Issue 2.2 Unix.  It is too old, and gives you problems with
1449           clock.c, because sigset_t won't get defined in <sys/signal.h>.
1450           This is due to a problematic protection rule in there, and is
1451           fixed with gcc 2.4.5.
1452
1453        2) If you don't use the new Berkeley DB (-DNEWDB), then you need
1454           to add "-lc -lucb" to the libraries to link with.  This is because
1455           the -ldbm distributed by Dell needs the bcopy, bcmp and bzero
1456           functions.  It is important that you specify both libraries in
1457           the given order to be sure you only get the BSTRING functions
1458           from the UCB library (and not the signal routines etc.).
1459
1460        3) Don't leave out "-lelf" even if compiling with "-lc -lucb".
1461           The UCB library also has another copy of the nlist routines,
1462           but we do want the ones from "-lelf".
1463
1464        If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they
1465        can use anonymous ftp to fetch them from lut.fi in the /kim directory.
1466        They are copies of what I use on grendel.lut.fi, and offering them
1467        does not imply that I would also support them.  I have sent the DB
1468        port for SVR4 back to Keith Bostic for inclusion in the official
1469        distribution, but I haven't heard anything from him as of today.
1470
1471        - gcc-2.4.5-svr4.tar.gz (gcc 2.4.5 and the corresponding libg++)
1472        - db-1.72.tar.gz        (with source, objects and a installed copy)
1473
1474        Cheers
1475        + Kim
1476        --
1477         *  Kimmo.Suominen@lut.fi  *  SysVr4 enthusiast at GRENDEL.LUT.FI  *
1478        *    KIM@FINFILES.BITNET   *  Postmaster and Hostmaster at LUT.FI   *
1479         *    + 358 200 865 718    *  Unix area moderator at NIC.FUNET.FI  *
1480
1481ConvexOS 10.1 and below
1482        In order to use the name server, you must create the file
1483        /etc/use_nameserver.  If this file does not exist, the call
1484        to res_init() will fail and you will have absolutely no
1485        access to DNS, including MX records.
1486
1487Amdahl UTS 2.1.5
1488        In order to get UTS to work, you will have to port BIND 4.9.
1489        The vendor's BIND is reported to be ``totally inadequate.''
1490        See sendmail/contrib/AmdahlUTS.patch for the patches necessary
1491        to get BIND 4.9 compiled for UTS.
1492
1493UnixWare
1494        According to Alexander Kolbasov <sasha@unitech.gamma.ru>,
1495        the m4 on UnixWare 2.0 (still in Beta) will core dump on the
1496        config files.  GNU m4 and the m4 from UnixWare 1.x both work.
1497
1498        According to Larry Rosenman <ler@lerami.lerctr.org>:
1499
1500                UnixWare 2.1.[23]'s m4 chokes (not obviously) when
1501                processing the 8.9.0 cf files.
1502
1503                I had a LOCAL_RULE_0 that wound up AFTER the
1504                SBasic_check_rcpt rules using the SCO supplied M4.
1505                GNU M4 works fine.
1506
1507UNICOS 8.0.3.4
1508        Some people have reported that the -O flag on UNICOS can cause
1509        problems.  You may want to turn this off if you have problems
1510        running sendmail.  Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>.
1511
1512Darwin/Mac OS X (10.X.X)
1513        The linker errors produced regarding getopt() and its associated
1514        variables can safely be ignored.
1515
1516        From Mike Zimmerman <zimmy@torrentnet.com>:
1517
1518        From scratch here is what Darwin users need to do to the standard
1519        10.0.0, 10.0.1 install to get sendmail working.
1520        From http://www.macosx.com/forums/showthread.php?s=6dac0e9e1f3fd118a4870a8a9b559491&threadid=2242:
1521        1. chmod g-w / /private /private/etc
1522        2. Properly set HOSTNAME in /etc/hostconfig to your FQDN:
1523           HOSTNAME=-my.domain.com-
1524        3. Edit /etc/rc.boot:
1525           hostname my.domain.com
1526           domainname domain.com
1527        4. Edit /System/Library/StartupItems/Sendmail/Sendmail:
1528           Remove the "&" after the sendmail command:
1529           /usr/sbin/sendmail -bd -q1h
1530
1531        From Carsten Klapp <carsten.klapp@home.com>:
1532
1533        The easiest workaround is to remove the group-writable permission
1534        for the root directory and the symbolic /etc inherits this
1535        change. While this does fix sendmail, the unfortunate side-effect
1536        is the OS X admin will no longer be able to manipulate icons in the
1537        top level of the Startup disk unless logged into the GUI as the
1538        superuser.
1539
1540        In applying the alternate workaround, care must be taken while
1541        swapping the symlink /etc with the directory /private/etc. In all
1542        likelihood any admin who is concerned with this sendmail error has
1543        enough experience to not accidentally harm anything in the process.
1544
1545        a. Swap the /etc symlink with /private/etc (as superuser):
1546           rm /etc
1547           mv /private/etc /etc
1548           ln -s /etc /private/etc
1549
1550        b. Set / to group unwritable (as superuser):
1551           chmod g-w /
1552
1553Darwin/Mac OS X (10.1.5)
1554        Apple's upgrade to sendmail 8.12 is incorrectly configured.  You
1555        will need to manually fix it up by doing the following:
1556
1557        1. chown smmsp:smmsp /var/spool/clientmqueue
1558        2. chmod 2770 /var/spool/clientmqueue
1559        3. chgrp smmsp /usr/sbin/sendmail
1560        4. chmod g+s /usr/sbin/sendmail
1561
1562        From Daniel J. Luke <dluke@geeklair.net>:
1563
1564        It appears that setting the sendmail.cf property in
1565        /locations/sendmail in NetInfo on Mac OS X 10.1.5 with sendmail
1566        8.12.4 causes 'bad things' to happen.
1567
1568        Specifically sendmail instances that should be getting their config
1569        from /etc/mail/submit.cf don't (so mail/mutt/perl scripts which
1570        open pipes to sendmail stop working as sendmail tries to write to
1571        /var/spool/mqueue and cannot as sendmail is no longer suid root).
1572
1573        Removing the entry from NetInfo fixes this problem.
1574
1575GNU getopt
1576        I'm told that GNU getopt has a problem in that it gets confused
1577        by the double call.  Use the version in conf.c instead.
1578
1579BIND 4.9.2 and Ultrix
1580        If you are running on Ultrix, be sure you read conf/Info.Ultrix
1581        in the BIND distribution very carefully -- there is information
1582        in there that you need to know in order to avoid errors of the
1583        form:
1584
1585                /lib/libc.a(gethostent.o): sethostent: multiply defined
1586                /lib/libc.a(gethostent.o): endhostent: multiply defined
1587                /lib/libc.a(gethostent.o): gethostbyname: multiply defined
1588                /lib/libc.a(gethostent.o): gethostbyaddr: multiply defined
1589
1590        during the link stage.
1591
1592BIND 8.X
1593        BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
1594        DNS failures when trying to find the hostname associated with an IP
1595        address (gethostbyaddr()).  This can cause problems as
1596        $&{client_name} based lookups in class R ($=R) and the access
1597        database won't succeed.
1598
1599        This will be fixed in BIND 8.2.1.  For earlier versions, this can
1600        be fixed by making "dns" the last name service queried for host
1601        resolution in /etc/irs.conf:
1602
1603                hosts local continue
1604                hosts dns
1605
1606strtoul
1607        Some compilers (notably gcc) claim to be ANSI C but do not
1608        include the ANSI-required routine "strtoul".  If your compiler
1609        has this problem, you will get an error in srvrsmtp.c on the
1610        code:
1611
1612          # ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
1613                        e->e_msgsize = strtoul(vp, (char **) NULL, 10);
1614          # else
1615                        e->e_msgsize = strtol(vp, (char **) NULL, 10);
1616          # endif
1617
1618        You can use -DBROKEN_ANSI_LIBRARY to get around this problem.
1619
1620Listproc 6.0c
1621        Date: 23 Sep 1995 23:56:07 GMT
1622        Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk>
1623        From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz)
1624        Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint]
1625
1626        Just upgraded to sendmail 8.7, and discovered that listproc 6.0c
1627        breaks, because it, by default, sends a blank "HELO" rather than
1628        a "HELO hostname" when using the 'system' or 'telnet' mail method.
1629
1630        The fix is to include -DZMAILER in the compilation, which will
1631        cause it to use "HELO hostname" (which Z-mail apparently requires
1632        as well. :)
1633
1634OpenSSL
1635        OpenSSL versions prior to 0.9.6 use a macro named Free which
1636        conflicts with existing macro names on some platforms, such as
1637        AIX.
1638        Do not use 0.9.3, but OpenSSL 0.9.5a or later if compatible with
1639        0.9.5a.
1640
1641PH
1642        PH support is provided by Mark Roth <roth@uiuc.edu>.  The map is
1643        described at http://www-dev.cso.uiuc.edu/sendmail/ .
1644
1645        NOTE: The "spacedname" pseudo-field which was used by earlier
1646        versions of the PH map code is no longer supported!  See the URL
1647        listed above for more information.
1648
1649        Please contact Mark Roth for support and questions regarding the
1650        map.
1651
1652TCP Wrappers
1653        If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
1654        also need to install libwrap.a and modify your site.config.m4 file
1655        or the generated Makefile to include -lwrap in the LIBS line
1656        (make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
1657        libwrap.a can be found).
1658
1659        TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
1660
1661        If you have alternate MX sites for your site, be sure that all of
1662        your MX sites reject the same set of hosts.  If not, a bad guy whom
1663        you reject will connect to your site, fail, and move on to the next
1664        MX site, which will accept the mail for you and forward it on to you.
1665
1666Regular Expressions (MAP_REGEX)
1667        If sendmail linking fails with:
1668
1669                undefined reference to 'regcomp'
1670
1671        or sendmail gives an error about a regular expression with:
1672
1673                pattern-compile-error: : Operation not applicable
1674
1675        Your libc does not include a running version of POSIX-regex.  Use
1676        librx or regex.o from the GNU Free Software Foundation,
1677        ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
1678        ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
1679        You can also use the regex-lib by Henry Spencer,
1680        ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
1681        Make sure, your compiler reads regex.h from the distribution,
1682        not from /usr/include, otherwise sendmail will dump a core.
1683
1684
1685+--------------+
1686| MANUAL PAGES |
1687+--------------+
1688
1689The manual pages have been written against the -man macros, and
1690should format correctly with any reasonable *roff.
1691
1692
1693+-----------------+
1694| DEBUGGING HOOKS |
1695+-----------------+
1696
1697As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log
1698some debugging output (logged at LOG_DEBUG severity).  The
1699information dumped is:
1700
1701 * The value of the $j macro.
1702 * A warning if $j is not in the set $=w.
1703 * A list of the open file descriptors.
1704 * The contents of the connection cache.
1705 * If ruleset 89 is defined, it is evaluated and the results printed.
1706
1707This allows you to get information regarding the runtime state of the
1708daemon on the fly.  This should not be done too frequently, since
1709the process of rewriting may lose memory which will not be recovered.
1710Also, ruleset 89 may call non-reentrant routines, so there is a small
1711non-zero probability that this will cause other problems.  It is
1712really only for debugging serious problems.
1713
1714A typical formulation of ruleset 89 would be:
1715
1716        R$*             $@ $>0 some test address
1717
1718
1719+-----------------------------+
1720| DESCRIPTION OF SOURCE FILES |
1721+-----------------------------+
1722
1723The following list describes the files in this directory:
1724
1725Build           Shell script for building sendmail.
1726Makefile        A convenience for calling ./Build.
1727Makefile.m4     A template for constructing a makefile based on the
1728                information in the devtools directory.
1729README          This file.
1730TRACEFLAGS      My own personal list of the trace flags -- not guaranteed
1731                to be particularly up to date.
1732alias.c         Does name aliasing in all forms.
1733aliases.5       Man page describing the format of the aliases file.
1734arpadate.c      A subroutine which creates ARPANET standard dates.
1735bf.c            Routines to implement memory-buffered file system using
1736                hooks provided by libsm now (formerly Torek stdio library).
1737bf.h            Buffered file I/O function declarations and
1738                data structure and function declarations for bf.c.
1739collect.c       The routine that actually reads the mail into a temp
1740                file.  It also does a certain amount of parsing of
1741                the header, etc.
1742conf.c          The configuration file.  This contains information
1743                that is presumed to be quite static and non-
1744                controversial, or code compiled in for efficiency
1745                reasons.  Most of the configuration is in sendmail.cf.
1746conf.h          Configuration that must be known everywhere.
1747control.c       Routines to implement control socket.
1748convtime.c      A routine to sanely process times.
1749daemon.c        Routines to implement daemon mode.
1750deliver.c       Routines to deliver mail.
1751domain.c        Routines that interface with DNS (the Domain Name
1752                System).
1753envelope.c      Routines to manipulate the envelope structure.
1754err.c           Routines to print error messages.
1755headers.c       Routines to process message headers.
1756helpfile        An example helpfile for the SMTP HELP command and -bt mode.
1757macro.c         The macro expander.  This is used internally to
1758                insert information from the configuration file.
1759mailq.1         Man page for the mailq command.
1760main.c          The main routine to sendmail.  This file also
1761                contains some miscellaneous routines.
1762makesendmail    A convenience for calling ./Build.
1763map.c           Support for database maps.
1764mci.c           Routines that handle mail connection information caching.
1765milter.c        MTA portions of the mail filter API.
1766mime.c          MIME conversion routines.
1767newaliases.1    Man page for the newaliases command.
1768parseaddr.c     The routines which do address parsing.
1769queue.c         Routines to implement message queueing.
1770readcf.c        The routine that reads the configuration file and
1771                translates it to internal form.
1772recipient.c     Routines that manipulate the recipient list.
1773sasl.c          Routines to interact with Cyrys-SASL.
1774savemail.c      Routines which save the letter on processing errors.
1775sendmail.8      Man page for the sendmail command.
1776sendmail.h      Main header file for sendmail.
1777sfsasl.c        I/O interface between SASL/TLS and the MTA.
1778sfsasl.h        Header file for sfsasl.c.
1779shmticklib.c    Routines for shared memory counters.
1780sm_resolve.c    Routines for DNS lookups (for DNS map type).
1781sm_resolve.h    Header file for sm_resolve.c.
1782srvrsmtp.c      Routines to implement server SMTP.
1783stab.c          Routines to manage the symbol table.
1784stats.c         Routines to collect and post the statistics.
1785statusd_shm.h   Data structure and function declarations for shmticklib.c.
1786sysexits.c      List of error messages associated with error codes
1787                in sysexits.h.
1788sysexits.h      List of error codes for systems that lack their own.
1789timers.c        Routines to provide microtimers.
1790timers.h        Data structure and function declarations for timers.h.
1791tls.c           Routines for TLS.
1792trace.c         The trace package.  These routines allow setting and
1793                testing of trace flags with a high granularity.
1794udb.c           The user database interface module.
1795usersmtp.c      Routines to implement user SMTP.
1796util.c          Some general purpose routines used by sendmail.
1797version.c       The version number and information about this
1798                version of sendmail.
1799
1800(Version $Revision: 1.1.1.1 $, last update $Date: 2003-04-08 15:09:19 $ )
Note: See TracBrowser for help on using the repository browser.