diff options
Diffstat (limited to 'gnu/usr.sbin/sendmail/README')
-rw-r--r-- | gnu/usr.sbin/sendmail/README | 369 |
1 files changed, 369 insertions, 0 deletions
diff --git a/gnu/usr.sbin/sendmail/README b/gnu/usr.sbin/sendmail/README new file mode 100644 index 00000000000..ee1eea60bcd --- /dev/null +++ b/gnu/usr.sbin/sendmail/README @@ -0,0 +1,369 @@ + + SENDMAIL RELEASE 8 + +This directory has the latest sendmail(TM) software from Sendmail, Inc. + +Report any bugs to sendmail-bugs@sendmail.ORG + +There is a web site at http://WWW.Sendmail.ORG/ -- see that site for +the latest updates. + ++--------------+ +| INTRODUCTION | ++--------------+ + +0. The vast majority of queries to <sendmail-questions@sendmail.org> + are answered in the README files noted below. + +1. Read this README file, especially this introduction, and the DIRECTORY + PERMISSIONS sections. + +2. Read sendmail/README, especially: + a. the introduction + b. the BUILDING SENDMAIL section + c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section + + You may also find these useful: + + d. devtools/README + e. devtools/Site/README + +3. Read cf/README. + +Sendmail is a trademark of Sendmail, Inc. + ++-----------------------+ +| DIRECTORY PERMISSIONS | ++-----------------------+ + +Sendmail often gets blamed for many problems that are actually the +result of other problems, such as overly permissive modes on directories. +For this reason, sendmail checks the modes on system directories and +files to determine if they can be trusted. For sendmail to run without +complaining, you MUST execute the following command: + + chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue + chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue + +You will probably have to tweak this for your environment (for example, +some systems put the spool directory into /usr/spool instead of +/var/spool and use /etc/mail for aliases file instead of /etc). If you +set the RunAsUser option in your sendmail.cf, the /var/spool/mqueue +directory will have to be owned by the RunAsUser user. As a general rule, +after you have compiled sendmail, run the command + + sendmail -v -bi + +to initialize the alias database. If it gives messages such as + + WARNING: writable directory /etc + WARNING: writable directory /var/spool/mqueue + +then the directories listed have inappropriate write permissions and +should be secured to avoid various possible security attacks. + +Beginning with sendmail 8.9, these checks have become more strict to +prevent users from being able to access files they would normally not +be able to read. In particular, .forward and :include: files in unsafe +directory paths (directory paths which are group or world writable) will +no longer be allowed. This would mean that if user joe's home directory +was writable by group staff, sendmail would not use his .forward file. +This behavior can be altered, at the expense of system security, by +setting the DontBlameSendmail option. For example, to allow .forward +files in group writable directories: + + O DontBlameSendmail=forwardfileingroupwritabledirpath + +Or to allow them in both group and world writable directories: + + O DontBlameSendmail=forwardfileinunsafedirpath + +Items from these unsafe .forward and :include: files will be marked +as unsafe addresses -- the items can not be deliveries to files or +programs. This behavior can also be altered via DontBlameSendmail: + + O DontBlameSendmail=forwardfileinunsafedirpath, + forwardfileinunsafedirpathsafe + +The first flag allows the .forward file to be read, the second allows +the items in the file to be marked as safe for file and program +delivery. + +Other files affected by this strengthened security include class +files (i.e. Fw /etc/sendmail.cw), persistent host status files, and +the files specified by the ErrorHeader and HelpFile options. Similar +DontBlameSendmail flags are available for the class, ErrorHeader, and +HelpFile files. + +If you have an unsafe configuration of .forward and :include: +files, you can make it safe by finding all such files, and doing +a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for +each directory in the file's path. + + ++-----------------------+ +| RELATED DOCUMENTATION | ++-----------------------+ + +There are other files you should read. Rooted in this directory are: + + FAQ + Answers to Frequently Asked Questions. + INSTALL + Installation instructions for building and installing sendmail. + KNOWNBUGS + Known bugs in the current release. + RELEASE_NOTES + A detailed description of the changes in each version. This + is quite long, but informative. + sendmail/README + Details on compiling and installing sendmail. + cf/README + Details on configuring sendmail. + doc/op/op.me + The sendmail Installation & Operations Guide. Be warned: if + you are running this off on SunOS or some other system with an + old version of -me, you need to add the following macro to the + macros: + + .de sm + \s-1\\$1\\s0\\$2 + .. + + This sets a word in a smaller pointsize. + + ++--------------+ +| RELATED RFCS | ++--------------+ + +There are several related RFCs that you may wish to read -- they are +available via anonymous FTP to several sites. For a list of the +primary repositories see: + + http://www.isi.edu/in-notes/rfc-retrieval.txt + +They are also online at: + + http://www.ietf.org/ + +They can also be retrieved via electronic mail by sending +email to one of: + + mail-server@nisc.sri.com + Put "send rfcNNN" in message body + nis-info@nis.nsf.net + Put "send RFCnnn.TXT-1" in message body + sendrfc@jvnc.net + Put "RFCnnn" as Subject: line + +For further instructions see: + + http://www.isi.edu/in-notes/rfc-editor/rfc-info + +Important RFCs for electronic mail are: + + RFC821 SMTP protocol + RFC822 Mail header format + RFC974 MX routing + RFC976 UUCP mail format + RFC1123 Host requirements (modifies 821, 822, and 974) + RFC1413 Identification server + RFC1869 SMTP Service Extensions (ESMTP spec) + RFC1652 SMTP Service Extension for 8bit-MIMEtransport + RFC1870 SMTP Service Extension for Message Size Declaration + RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One: + Format of Internet Message Bodies + RFC1344 Implications of MIME for Internet Mail Gateways + RFC1428 Transition of Internet Mail from Just-Send-8 to + 8-bit SMTP/MIME + RFC1891 SMTP Service Extension for Delivery Status Notifications + RFC1892 Multipart/Report Content Type for the Reporting of + Mail System Administrative Messages + RFC1893 Enhanced Mail System Status Codes + RFC1894 An Extensible Message Format for Delivery Status + Notifications + RFC1985 SMTP Service Extension for Remote Message Queue Starting + RFC2033 Local Mail Transfer Protocol (LMTP) + RFC2034 SMTP Service Extension for Returning Enhanced Error Codes + RFC2476 Message Submission + RFC2554 SMTP Service Extension for Authentication + +Other standards that may be of interest (but which are less directly +relevant to sendmail) are: + + RFC987 Mapping between RFC822 and X.400 + RFC1049 Content-Type header field (extension to RFC822) + +Warning to AIX users: this version of sendmail does not implement +MB, MR, or MG DNS resource records, as defined (as experiments) in +RFC1035. + + ++-------------------+ +| DATABASE ROUTINES | ++-------------------+ + +IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT **** +use the version that was on the Net2 tape -- it has a number of +nefarious bugs that were bad enough when I got them; you shouldn't have +to go through the same thing. Instead, get a new version via the web at +http://www.sleepycat.com/. This software is highly recommended; it gets +rid of several stupid limits, it's much faster, and the interface is +nicer to animals and plants. If the Berkeley DB include files +are installed in a location other than those which your compiler searches, +you will need to provide that directory when building: + + Build -I/path/to/include/directory + +If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly* +urged to upgrade to DB version 2 or later, available from +http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to +be broken in various nasty ways (see http://www.sleepycat.com/db.185.html), +and can cause sendmail to dump core. In addition, the newest versions of +gcc and the Solaris compilers perform optimizations in those versions that +may cause fairly random core dumps. + +If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are +using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h +and ndbm.o from the DB library after building it. You should also apply +all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site +(see http://www.sleepycat.com/db.185.html), as they fix some of the known +problems. + +If you are using a version of Berkeley DB 2 previous to 2.3.15, and you +are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o +from the DB library after building it. No other changes are necessary. + +If you are using Berkeley DB version 2.3.15 or greater, no changes are +necessary. + +The underlying database file formats changed between Berkeley DB versions +1.85 and 1.86, again between DB 1.86 and version 2.0, and finally between +DB 2.X and 3.X. If you are upgrading from one of those versions, you must +recreate your database file(s). Do this by rebuilding all maps with +makemap and rebuilding the alias file with newaliases. + + ++--------------------+ +| HOST NAME SERVICES | ++--------------------+ + +If you are using NIS or /etc/hosts, it is critical that you +list the long (fully qualified) name somewhere (preferably first) in +the /etc/hosts file used to build the NIS database. For example, the +line should read + + 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon + +**** NOT **** + + 128.32.149.68 mastodon + +If you do not include the long name, sendmail will complain loudly +about ``unable to qualify my own domain name (mastodon) -- using +short name'' and conclude that your canonical name is the short +version and use that in messages. The name "mastodon" doesn't mean +much outside of Berkeley, and so this creates incorrect and unreplyable +messages. + + ++-------------+ +| USE WITH MH | ++-------------+ + +This version of sendmail notices and reports certain kinds of SMTP +protocol violations that were ignored by older versions. If you +are running MH you may wish to install the patch in contrib/mh.patch +that will prevent these warning reports. This patch also works +with the old version of sendmail, so it's safe to go ahead and +install it. + + ++----------------+ +| USE WITH IDENT | ++----------------+ + +Sendmail 8 supports the IDENT protocol, as defined by RFC 1413. +Note that the RFC states a client should wait at least 30 seconds +for a response. As of 8.10.0, the default Timeout.ident is 5 seconds +as many sites have adopted the practice of dropping IDENT queries. +This has lead to delays processing mail. + +No ident server is included with this distribution. It is available +from: + + ftp://ftp.lysator.liu.se/pub/ident/servers/ + ftp://romulus.ucs.uoknor.edu/networking/ident/servers/ + ftp://ftp.cyf-kr.edu.pl/agh/uciagh/network/ident/ + + ++-------------------------+ +| INTEROPERATION PROBLEMS | ++-------------------------+ + +Microsoft Exchange Server 5.0 + We have had a report that ``about 7% of messages from Sendmail + to Exchange were not being delivered with status messages of + "connection reset" and "I/O error".'' Upgrading Exchange from + Version 5.0 to Version 5.5 Service Pack 2 solved this problem. + +CommuniGate Pro + CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on + the MAIL FROM command if the client is not authenticated. Use + + define(`confAUTH_OPTIONS', `A') + + in .mc file if you have compiled sendmail with Cyrus SASL + and you communicate with CommuniGate Pro servers. + ++---------------------+ +| DIRECTORY STRUCTURE | ++---------------------+ + +The structure of this directory tree is: + +cf Source for sendmail configuration files. These are + different than what you've seen before. They are a + fairly dramatic rewrite, requiring the new sendmail + (since they use new features). +contrib Some contributed tools to help with sendmail. THESE + ARE NOT SUPPORTED by sendmail -- contact the original + authors if you have problems. (This directory is not + on the 4.4BSD tape.) +devtools Build environment. See devtools/README. +doc Documentation. If you are getting source, read + op.me -- it's long, but worth it. +include Include files used by multiple programs in the distribution. +libsmdb sendmail database library with support for Berkeley DB 1.X, + Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. +libsmutil sendmail utility library with functions used by different + programs. +mail.local The source for the local delivery agent used for 4.4BSD. + THIS IS NOT PART OF SENDMAIL! and may not compile + everywhere, since it depends on some 4.4-isms. Warning: + it does mailbox locking differently than other systems. +mailstats Statistics printing program. +makemap A program that creates the keyed maps used by the $( ... $) + construct in sendmail. It is primitive but effective. + It takes a very simple input format, so you will probably + expect to preprocess must human-convenient formats + using sed scripts before this program will like them. + But it should be functionally complete. +praliases A program to print the DBM or NEWDB version of the + aliases file. +rmail Source for rmail(8). This is used as a delivery + agent for for UUCP, and could presumably be used by + other non-socket oriented mailers. Older versions of + rmail are probably deficient. RMAIL IS NOT PART OF + SENDMAIL!!! The 4.4BSD source is included for you to + look at or try to port to your system. There is no + guarantee it will even compile on your operating system. +smrsh The "sendmail restricted shell", which can be used as + a replacement for /bin/sh in the prog mailer to provide + increased security control. NOT PART OF SENDMAIL! +sendmail Source for the sendmail program itself. +test Some test scripts (currently only for compilation aids). +vacation Source for the vacation program. NOT PART OF SENDMAIL! + +$Revision: 1.1 $, Last updated $Date: 2000/04/02 19:05:36 $ |