summaryrefslogtreecommitdiff
path: root/usr.sbin/sendmail/README
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>1998-07-12 17:11:08 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>1998-07-12 17:11:08 +0000
commitf8069cb39a663cdd00f477339a91d5d3ada544f2 (patch)
tree8c094e54bf8589901efe4db75482b88be2709169 /usr.sbin/sendmail/README
parent43ae4ae94dbd926fb5bb814dc5379e0832559972 (diff)
sendmail 8.9.1
Diffstat (limited to 'usr.sbin/sendmail/README')
-rw-r--r--usr.sbin/sendmail/README386
1 files changed, 386 insertions, 0 deletions
diff --git a/usr.sbin/sendmail/README b/usr.sbin/sendmail/README
new file mode 100644
index 00000000000..5de10764212
--- /dev/null
+++ b/usr.sbin/sendmail/README
@@ -0,0 +1,386 @@
+/*-
+ * @(#)README 8.48 (Berkeley) 5/19/98
+ */
+
+ SENDMAIL RELEASE 8
+
+This directory has the latest sendmail(TM) software from Sendmail, Inc.
+See doc/changes/changes.me for a summary of changes since 5.67.
+
+Report any bugs to sendmail-bugs@sendmail.ORG
+
+There is a web site at http://WWW.Sendmail.ORG -- see that site for
+the latest updates.
+
+******************************************************************
+** DO NOT USE MAKE to compile sendmail. Instead, cd src and **
+** use the "Build" shell script. On many environments this **
+** will do everything for you, no fuss, no muss. See **
+** src/README for more details of compilation. See cf/README **
+** for details about building a runtime configuration file. **
+******************************************************************
+
+Sendmail is a trademark of Sendmail, Inc.
+
++-----------------------+
+| DIRECTORY PERMISSIONS |
++-----------------------+
+
+Sendmail often gets blamed for many problems that are actually the
+result of other problems, such as overly permissive modes on directories.
+For this reason, sendmail checks the modes on system directories and
+files to determine if can have been trusted. For sendmail to run
+without complaining, you MUST execute the following command:
+
+ chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
+ chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
+
+You will probably have to tweak this for your environment (for example,
+some systems put the spool directory into /usr/spool instead of
+/var/spool and use /etc/mail for aliases file instead of /etc). If you
+set the RunAsUser option in your sendmail.cf, the /var/spool/mqueue
+directory will have to be owned by the RunAsUser user. As a general rule,
+after you have compiled sendmail, run the command
+
+ sendmail -v -bi
+
+to initialize the alias database. If it gives messages such as
+
+ WARNING: writable directory /etc
+ WARNING: writable directory /usr/spool/mqueue
+
+then the directories listed have inappropriate write permissions and
+should be secured to avoid various possible security attacks.
+
+Beginning with sendmail 8.9, these checks have become more strict to
+prevent users from being able to access files they would normally not
+be able to read. In particular, .forward and :include: files in unsafe
+directory paths (directory paths which are group or world writable) will
+no longer be allowed. This would mean that if user joe's home directory
+was writable by group staff, sendmail would not use his .forward file.
+This behavior can be altered, at the expense of system security, by
+setting the DontBlameSendmail option. For example, to allow .forward
+files in group writable directories:
+
+ O DontBlameSendmail=forwardfileingroupwritabledirpath
+
+Or to allow them in both group and world writable directories:
+
+ O DontBlameSendmail=forwardfileinunsafedirpath
+
+Items from these unsafe .forward and :include: files will be marked
+as unsafe addresses -- the items can not be deliveries to files or
+programs. This behavior can also be altered via DontBlameSendmail:
+
+ O DontBlameSendmail=forwardfileinunsafedirpath,
+ forwardfileinunsafedirpathsafe
+
+The first flag allows the .forward file to be read, the second allows
+the items in the file to be marked as safe for file and program
+delivery.
+
+Other files affected by this strengthened security include class
+files (i.e. Fw /etc/sendmail.cw), persistent host status files, and
+the files specified by the ErrorHeader and HelpFile options. Similar
+DontBlameSendmail flags are available for the class, ErrorHeader, and
+HelpFile files.
+
+If you have an unsafe configuration of .forward and :include:
+files, you can make it safe by finding all such files, and doing
+a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for
+each directory in the file's path.
+
+
++--------------+
+| MANUAL PAGES |
++--------------+
+
+The sendmail manual pages use contemporary Berkeley troff macros. If
+your system does not process these manual pages, you can pick up the
+new macros in a BSD Net/2 FTP site (e.g. on FTP.UU.NET, the files
+/systems/unix/bsd-sources/share/tmac/*).
+
+The strip.sed file is only used in installation.
+
+After installation, edit tmac.doc and tmac.andoc to reflect the
+installation path of the tmac files. Those files contain pointers to
+/usr/share/tmac/, and those pointers are not changed by the `make
+install` process. There's also a bug in those files -- make the
+following patch:
+
+*** tmac.an~ Tue Jul 12 14:29:09 1994
+--- tmac.an Fri Jul 15 13:17:54 1994
+***************
+*** 50,55 ****
+ .de TH
+ .rn TH xX
+ .so /usr/share/lib/tmac/tmac.an.old
+! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8
+ .rm xX
+ ..
+--- 50,55 ----
+ .de TH
+ .rn TH xX
+ .so /usr/share/lib/tmac/tmac.an.old
+! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8"
+ .rm xX
+ ..
+
+Rename the existing tmac.an to be tmac.an.old, and rename tmac.andoc
+to be tmac.an.
+
+tmac.an will choose between tmac.an.old, your old macros, or tmac.doc,
+which are the new macros, so that both the new man pages and the
+existing man pages will be translated properly.
+
+I'm also told that the groff distribution from MIT has a tmac.doc
+macro set that is compatible with these macros.
+
+
++-----------------------+
+| RELATED DOCUMENTATION |
++-----------------------+
+
+There are other files you should read. Rooted in this directory are:
+
+ doc/changes/changes.ps
+ Describes changes between Release 5 and Release 8 of sendmail.
+ There are some things that may behave somewhat differently.
+ For example, the rules governing when :include: files will
+ be read have been tightened up for security reasons.
+ FAQ
+ Answers to Frequently Asked Questions.
+ KNOWNBUGS
+ Known bugs in the current release. I try to keep this up
+ to date -- get the latest version from FTP.Sendmail.ORG
+ in /ucb/sendmail/KNOWNBUGS.
+ RELEASE_NOTES
+ A detailed description of the changes in each version. This
+ is quite long, but informative.
+ src/README
+ Details on compiling and installing sendmail.
+ cf/README
+ Details on configuring sendmail.
+ doc/op/op.me
+ The sendmail Installation & Operations Guide. Be warned: if
+ you are running this off on SunOS or some other system with an
+ old version of -me, you need to add the following macro to the
+ macros:
+
+ .de sm
+ \s-1\\$1\\s0\\$2
+ ..
+
+ This sets a word in a smaller pointsize.
+
+
++--------------+
+| RELATED RFCS |
++--------------+
+
+There are several related RFCs that you may wish to read -- they are
+available via anonymous FTP to several sites, including:
+
+ ftp://nic.ddn.mil/rfc/
+ ftp://nis.nsf.net/documents/rfc/
+ ftp://nisc.jvnc.net/rfc/
+ ftp://venera.isi.edu/in-notes/
+ ftp://wuarchive.wustl.edu/doc/rfc/
+
+For a list of the primary repositories see:
+
+ http://www.isi.edu/in-notes/rfc-retrieval.txt
+
+They are also online at:
+
+ http://www.ietf.org/
+
+They can also be retrieved via electronic mail by sending
+email to one of:
+
+ mail-server@nisc.sri.com
+ Put "send rfcNNN" in message body
+ nis-info@nis.nsf.net
+ Put "send RFCnnn.TXT-1" in message body
+ sendrfc@jvnc.net
+ Put "RFCnnn" as Subject: line
+
+For further instructions see:
+
+ http://www.isi.edu/in-notes/rfc-editor/rfc-info
+
+Important RFCs for electronic mail are:
+
+ RFC821 SMTP protocol
+ RFC822 Mail header format
+ RFC974 MX routing
+ RFC976 UUCP mail format
+ RFC1123 Host requirements (modifies 821, 822, and 974)
+ RFC1413 Identification server
+ RFC1869 SMTP Service Extensions (ESMTP spec)
+ RFC1652 SMTP Service Extension for 8bit-MIMEtransport
+ RFC1870 SMTP Service Extension for Message Size Declaration
+ RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One:
+ Format of Internet Message Bodies
+ RFC1344 Implications of MIME for Internet Mail Gateways
+ RFC1428 Transition of Internet Mail from Just-Send-8 to
+ 8-bit SMTP/MIME
+ RFC1891 SMTP Service Extension for Delivery Status Notifications
+ RFC1892 Multipart/Report Content Type for the Reporting of
+ Mail System Administrative Messages
+ RFC1893 Enhanced Mail System Status Codes
+ RFC1894 An Extensible Message Format for Delivery Status
+ Notifications
+ RFC1985 SMTP Service Extension for Remote Message Queue Starting
+
+Other standards that may be of interest (but which are less directly
+relevant to sendmail) are:
+
+ RFC987 Mapping between RFC822 and X.400
+ RFC1049 Content-Type header field (extension to RFC822)
+
+Warning to AIX users: this version of sendmail does not implement
+MB, MR, or MG DNS resource records, as defined (as experiments) in
+RFC1035.
+
+
++-------------------+
+| DATABASE ROUTINES |
++-------------------+
+
+IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT ****
+use the version that was on the Net2 tape -- it has a number of
+nefarious bugs that were bad enough when I got them; you shouldn't have
+to go through the same thing. Instead, get a new version via the web at
+http://www.sleepycat.com/. This software is highly recommended; it gets
+rid of several stupid limits, it's much faster, and the interface is
+nicer to animals and plants. If the Berkeley DB include files
+are installed in a location other than those which your compiler searches,
+you will need to provide that directory when building:
+
+ Build -I/path/to/include/directory
+
+If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
+urged to upgrade to DB version 2, available from http://www.sleepycat.com/.
+Berkeley DB versions 1.85 and 1.86 are known to be broken in various nasty
+ways (see http://www.sleepycat.com/db.185.html), and can cause sendmail
+to dump core. In addition, the newest versions of gcc and the Solaris
+compilers perform optimizations in those versions that may cause fairly
+random core dumps.
+
+If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
+using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
+and ndbm.o from the DB library after building it. You should also apply
+all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
+(see http://www.sleepycat.com/db.185.html), as they fix some of the known
+problems.
+
+If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
+are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
+from the DB library after building it. No other changes are necessary.
+
+If you are using Berkeley DB version 2.3.15 or greater, no changes are
+necessary.
+
+The underlying database file formats changed between Berkeley DB versions
+1.85 and 1.86, and again between DB 1.86 and version 2.0. If you are
+upgrading from one of those versions, you must recreate your database
+file(s). Do this by rebuilding all maps with makemap and rebuilding the
+alias file with newaliases.
+
+
++--------------------+
+| HOST NAME SERVICES |
++--------------------+
+
+If you are using NIS or /etc/hosts, it is critical that you
+list the long (fully qualified) name somewhere (preferably first) in
+the /etc/hosts file used to build the NIS database. For example, the
+line should read
+
+ 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon
+
+**** NOT ****
+
+ 128.32.149.68 mastodon
+
+If you do not include the long name, sendmail will complain loudly
+about ``unable to qualify my own domain name (mastodon) -- using
+short name'' and conclude that your canonical name is the short
+version and use that in messages. The name "mastodon" doesn't mean
+much outside of Berkeley, and so this creates incorrect and unreplyable
+messages.
+
+
++-------------+
+| USE WITH MH |
++-------------+
+
+This version of sendmail notices and reports certain kinds of SMTP
+protocol violations that were ignored by older versions. If you
+are running MH you may wish to install the patch in contrib/mh.patch
+that will prevent these warning reports. This patch also works
+with the old version of sendmail, so it's safe to go ahead and
+install it.
+
+
++----------------+
+| USE WITH IDENT |
++----------------+
+
+Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
+No ident server is included with this distribution. I have found
+copies available on:
+
+ ftp.lysator.liu.se /pub/ident/servers
+ romulus.ucs.uoknor.edu /networking/ident/servers
+ ftp.cyf-kr.edu.pl /agh/uciagh/network/ident
+
+If you want to run an IDENT server, I suggest getting a copy from
+one of those sites. Versions are available for several different
+systems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS.
+
+
++---------------------+
+| DIRECTORY STRUCTURE |
++---------------------+
+
+The structure of this directory tree is:
+
+cf Source for sendmail configuration files. These are
+ different than what you've seen before. They are a
+ fairly dramatic rewrite, requiring the new sendmail
+ (since they use new features).
+contrib Some contributed tools to help with sendmail. THESE
+ ARE NOT SUPPORTED by sendmail -- contact the original
+ authors if you have problems. (This directory is not
+ on the 4.4BSD tape.)
+doc Documentation. If you are getting source, read
+ op.me -- it's long, but worth it.
+mail.local The source for the local delivery agent used for 4.4BSD.
+ THIS IS NOT PART OF SENDMAIL! and may not compile
+ everywhere, since it depends on some 4.4-isms. Warning:
+ it does mailbox locking differently than other systems.
+mailstats Statistics printing program. It has the pathname of
+ sendmail.st compiled in, so if you've changed that,
+ beware.
+makemap A program that creates the keyed maps used by the $( ... $)
+ construct in sendmail. It is primitive but effective.
+ It takes a very simple input format, so you will probably
+ expect to preprocess must human-convenient formats
+ using sed scripts before this program will like them.
+ But it should be functionally complete.
+praliases A program to print the DBM or NEWDB version of the
+ aliases file.
+rmail Source for rmail(8). This is used as a delivery
+ agent for for UUCP, and could presumably be used by
+ other non-socket oriented mailers. Older versions of
+ rmail are probably deficient. RMAIL IS NOT PART OF
+ SENDMAIL!!! The 4.4BSD source is included for you to
+ look at or try to port to your system. I know it doesn't
+ compile on {SunOS, HP-UX, OSF/1, other} (pick one).
+smrsh The "sendmail restricted shell", which can be used as
+ a replacement for /bin/sh in the prog mailer to provide
+ increased security control. NOT PART OF SENDMAIL!
+src Source for the sendmail program itself.
+test Some test scripts (currently only for compilation aids).