diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 1998-07-12 17:11:08 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 1998-07-12 17:11:08 +0000 |
commit | f8069cb39a663cdd00f477339a91d5d3ada544f2 (patch) | |
tree | 8c094e54bf8589901efe4db75482b88be2709169 /usr.sbin/sendmail/README | |
parent | 43ae4ae94dbd926fb5bb814dc5379e0832559972 (diff) |
sendmail 8.9.1
Diffstat (limited to 'usr.sbin/sendmail/README')
-rw-r--r-- | usr.sbin/sendmail/README | 386 |
1 files changed, 386 insertions, 0 deletions
diff --git a/usr.sbin/sendmail/README b/usr.sbin/sendmail/README new file mode 100644 index 00000000000..5de10764212 --- /dev/null +++ b/usr.sbin/sendmail/README @@ -0,0 +1,386 @@ +/*- + * @(#)README 8.48 (Berkeley) 5/19/98 + */ + + SENDMAIL RELEASE 8 + +This directory has the latest sendmail(TM) software from Sendmail, Inc. +See doc/changes/changes.me for a summary of changes since 5.67. + +Report any bugs to sendmail-bugs@sendmail.ORG + +There is a web site at http://WWW.Sendmail.ORG -- see that site for +the latest updates. + +****************************************************************** +** DO NOT USE MAKE to compile sendmail. Instead, cd src and ** +** use the "Build" shell script. On many environments this ** +** will do everything for you, no fuss, no muss. See ** +** src/README for more details of compilation. See cf/README ** +** for details about building a runtime configuration file. ** +****************************************************************** + +Sendmail is a trademark of Sendmail, Inc. + ++-----------------------+ +| DIRECTORY PERMISSIONS | ++-----------------------+ + +Sendmail often gets blamed for many problems that are actually the +result of other problems, such as overly permissive modes on directories. +For this reason, sendmail checks the modes on system directories and +files to determine if can have been trusted. For sendmail to run +without complaining, you MUST execute the following command: + + chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue + chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue + +You will probably have to tweak this for your environment (for example, +some systems put the spool directory into /usr/spool instead of +/var/spool and use /etc/mail for aliases file instead of /etc). If you +set the RunAsUser option in your sendmail.cf, the /var/spool/mqueue +directory will have to be owned by the RunAsUser user. As a general rule, +after you have compiled sendmail, run the command + + sendmail -v -bi + +to initialize the alias database. If it gives messages such as + + WARNING: writable directory /etc + WARNING: writable directory /usr/spool/mqueue + +then the directories listed have inappropriate write permissions and +should be secured to avoid various possible security attacks. + +Beginning with sendmail 8.9, these checks have become more strict to +prevent users from being able to access files they would normally not +be able to read. In particular, .forward and :include: files in unsafe +directory paths (directory paths which are group or world writable) will +no longer be allowed. This would mean that if user joe's home directory +was writable by group staff, sendmail would not use his .forward file. +This behavior can be altered, at the expense of system security, by +setting the DontBlameSendmail option. For example, to allow .forward +files in group writable directories: + + O DontBlameSendmail=forwardfileingroupwritabledirpath + +Or to allow them in both group and world writable directories: + + O DontBlameSendmail=forwardfileinunsafedirpath + +Items from these unsafe .forward and :include: files will be marked +as unsafe addresses -- the items can not be deliveries to files or +programs. This behavior can also be altered via DontBlameSendmail: + + O DontBlameSendmail=forwardfileinunsafedirpath, + forwardfileinunsafedirpathsafe + +The first flag allows the .forward file to be read, the second allows +the items in the file to be marked as safe for file and program +delivery. + +Other files affected by this strengthened security include class +files (i.e. Fw /etc/sendmail.cw), persistent host status files, and +the files specified by the ErrorHeader and HelpFile options. Similar +DontBlameSendmail flags are available for the class, ErrorHeader, and +HelpFile files. + +If you have an unsafe configuration of .forward and :include: +files, you can make it safe by finding all such files, and doing +a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for +each directory in the file's path. + + ++--------------+ +| MANUAL PAGES | ++--------------+ + +The sendmail manual pages use contemporary Berkeley troff macros. If +your system does not process these manual pages, you can pick up the +new macros in a BSD Net/2 FTP site (e.g. on FTP.UU.NET, the files +/systems/unix/bsd-sources/share/tmac/*). + +The strip.sed file is only used in installation. + +After installation, edit tmac.doc and tmac.andoc to reflect the +installation path of the tmac files. Those files contain pointers to +/usr/share/tmac/, and those pointers are not changed by the `make +install` process. There's also a bug in those files -- make the +following patch: + +*** tmac.an~ Tue Jul 12 14:29:09 1994 +--- tmac.an Fri Jul 15 13:17:54 1994 +*************** +*** 50,55 **** + .de TH + .rn TH xX + .so /usr/share/lib/tmac/tmac.an.old +! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 + .rm xX + .. +--- 50,55 ---- + .de TH + .rn TH xX + .so /usr/share/lib/tmac/tmac.an.old +! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8" + .rm xX + .. + +Rename the existing tmac.an to be tmac.an.old, and rename tmac.andoc +to be tmac.an. + +tmac.an will choose between tmac.an.old, your old macros, or tmac.doc, +which are the new macros, so that both the new man pages and the +existing man pages will be translated properly. + +I'm also told that the groff distribution from MIT has a tmac.doc +macro set that is compatible with these macros. + + ++-----------------------+ +| RELATED DOCUMENTATION | ++-----------------------+ + +There are other files you should read. Rooted in this directory are: + + doc/changes/changes.ps + Describes changes between Release 5 and Release 8 of sendmail. + There are some things that may behave somewhat differently. + For example, the rules governing when :include: files will + be read have been tightened up for security reasons. + FAQ + Answers to Frequently Asked Questions. + KNOWNBUGS + Known bugs in the current release. I try to keep this up + to date -- get the latest version from FTP.Sendmail.ORG + in /ucb/sendmail/KNOWNBUGS. + RELEASE_NOTES + A detailed description of the changes in each version. This + is quite long, but informative. + src/README + Details on compiling and installing sendmail. + cf/README + Details on configuring sendmail. + doc/op/op.me + The sendmail Installation & Operations Guide. Be warned: if + you are running this off on SunOS or some other system with an + old version of -me, you need to add the following macro to the + macros: + + .de sm + \s-1\\$1\\s0\\$2 + .. + + This sets a word in a smaller pointsize. + + ++--------------+ +| RELATED RFCS | ++--------------+ + +There are several related RFCs that you may wish to read -- they are +available via anonymous FTP to several sites, including: + + ftp://nic.ddn.mil/rfc/ + ftp://nis.nsf.net/documents/rfc/ + ftp://nisc.jvnc.net/rfc/ + ftp://venera.isi.edu/in-notes/ + ftp://wuarchive.wustl.edu/doc/rfc/ + +For a list of the primary repositories see: + + http://www.isi.edu/in-notes/rfc-retrieval.txt + +They are also online at: + + http://www.ietf.org/ + +They can also be retrieved via electronic mail by sending +email to one of: + + mail-server@nisc.sri.com + Put "send rfcNNN" in message body + nis-info@nis.nsf.net + Put "send RFCnnn.TXT-1" in message body + sendrfc@jvnc.net + Put "RFCnnn" as Subject: line + +For further instructions see: + + http://www.isi.edu/in-notes/rfc-editor/rfc-info + +Important RFCs for electronic mail are: + + RFC821 SMTP protocol + RFC822 Mail header format + RFC974 MX routing + RFC976 UUCP mail format + RFC1123 Host requirements (modifies 821, 822, and 974) + RFC1413 Identification server + RFC1869 SMTP Service Extensions (ESMTP spec) + RFC1652 SMTP Service Extension for 8bit-MIMEtransport + RFC1870 SMTP Service Extension for Message Size Declaration + RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: + Format of Internet Message Bodies + RFC1344 Implications of MIME for Internet Mail Gateways + RFC1428 Transition of Internet Mail from Just-Send-8 to + 8-bit SMTP/MIME + RFC1891 SMTP Service Extension for Delivery Status Notifications + RFC1892 Multipart/Report Content Type for the Reporting of + Mail System Administrative Messages + RFC1893 Enhanced Mail System Status Codes + RFC1894 An Extensible Message Format for Delivery Status + Notifications + RFC1985 SMTP Service Extension for Remote Message Queue Starting + +Other standards that may be of interest (but which are less directly +relevant to sendmail) are: + + RFC987 Mapping between RFC822 and X.400 + RFC1049 Content-Type header field (extension to RFC822) + +Warning to AIX users: this version of sendmail does not implement +MB, MR, or MG DNS resource records, as defined (as experiments) in +RFC1035. + + ++-------------------+ +| DATABASE ROUTINES | ++-------------------+ + +IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** +use the version that was on the Net2 tape -- it has a number of +nefarious bugs that were bad enough when I got them; you shouldn't have +to go through the same thing. Instead, get a new version via the web at +http://www.sleepycat.com/. This software is highly recommended; it gets +rid of several stupid limits, it's much faster, and the interface is +nicer to animals and plants. If the Berkeley DB include files +are installed in a location other than those which your compiler searches, +you will need to provide that directory when building: + + Build -I/path/to/include/directory + +If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* +urged to upgrade to DB version 2, available from http://www.sleepycat.com/. +Berkeley DB versions 1.85 and 1.86 are known to be broken in various nasty +ways (see http://www.sleepycat.com/db.185.html), and can cause sendmail +to dump core. In addition, the newest versions of gcc and the Solaris +compilers perform optimizations in those versions that may cause fairly +random core dumps. + +If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are +using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h +and ndbm.o from the DB library after building it. You should also apply +all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site +(see http://www.sleepycat.com/db.185.html), as they fix some of the known +problems. + +If you are using a version of Berkeley DB 2 previous to 2.3.15, and you +are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o +from the DB library after building it. No other changes are necessary. + +If you are using Berkeley DB version 2.3.15 or greater, no changes are +necessary. + +The underlying database file formats changed between Berkeley DB versions +1.85 and 1.86, and again between DB 1.86 and version 2.0. If you are +upgrading from one of those versions, you must recreate your database +file(s). Do this by rebuilding all maps with makemap and rebuilding the +alias file with newaliases. + + ++--------------------+ +| HOST NAME SERVICES | ++--------------------+ + +If you are using NIS or /etc/hosts, it is critical that you +list the long (fully qualified) name somewhere (preferably first) in +the /etc/hosts file used to build the NIS database. For example, the +line should read + + 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon + +**** NOT **** + + 128.32.149.68 mastodon + +If you do not include the long name, sendmail will complain loudly +about ``unable to qualify my own domain name (mastodon) -- using +short name'' and conclude that your canonical name is the short +version and use that in messages. The name "mastodon" doesn't mean +much outside of Berkeley, and so this creates incorrect and unreplyable +messages. + + ++-------------+ +| USE WITH MH | ++-------------+ + +This version of sendmail notices and reports certain kinds of SMTP +protocol violations that were ignored by older versions. If you +are running MH you may wish to install the patch in contrib/mh.patch +that will prevent these warning reports. This patch also works +with the old version of sendmail, so it's safe to go ahead and +install it. + + ++----------------+ +| USE WITH IDENT | ++----------------+ + +Sendmail 8 supports the IDENT protocol, as defined by RFC 1413. +No ident server is included with this distribution. I have found +copies available on: + + ftp.lysator.liu.se /pub/ident/servers + romulus.ucs.uoknor.edu /networking/ident/servers + ftp.cyf-kr.edu.pl /agh/uciagh/network/ident + +If you want to run an IDENT server, I suggest getting a copy from +one of those sites. Versions are available for several different +systems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS. + + ++---------------------+ +| DIRECTORY STRUCTURE | ++---------------------+ + +The structure of this directory tree is: + +cf Source for sendmail configuration files. These are + different than what you've seen before. They are a + fairly dramatic rewrite, requiring the new sendmail + (since they use new features). +contrib Some contributed tools to help with sendmail. THESE + ARE NOT SUPPORTED by sendmail -- contact the original + authors if you have problems. (This directory is not + on the 4.4BSD tape.) +doc Documentation. If you are getting source, read + op.me -- it's long, but worth it. +mail.local The source for the local delivery agent used for 4.4BSD. + THIS IS NOT PART OF SENDMAIL! and may not compile + everywhere, since it depends on some 4.4-isms. Warning: + it does mailbox locking differently than other systems. +mailstats Statistics printing program. It has the pathname of + sendmail.st compiled in, so if you've changed that, + beware. +makemap A program that creates the keyed maps used by the $( ... $) + construct in sendmail. It is primitive but effective. + It takes a very simple input format, so you will probably + expect to preprocess must human-convenient formats + using sed scripts before this program will like them. + But it should be functionally complete. +praliases A program to print the DBM or NEWDB version of the + aliases file. +rmail Source for rmail(8). This is used as a delivery + agent for for UUCP, and could presumably be used by + other non-socket oriented mailers. Older versions of + rmail are probably deficient. RMAIL IS NOT PART OF + SENDMAIL!!! The 4.4BSD source is included for you to + look at or try to port to your system. I know it doesn't + compile on {SunOS, HP-UX, OSF/1, other} (pick one). +smrsh The "sendmail restricted shell", which can be used as + a replacement for /bin/sh in the prog mailer to provide + increased security control. NOT PART OF SENDMAIL! +src Source for the sendmail program itself. +test Some test scripts (currently only for compilation aids). |