3 K N O W N B U G S I N S E N D M A I L
6 The following are bugs or deficiencies in sendmail that we are aware of
7 but which have not been fixed in the current release. You probably
8 want to get the most up to date version of this from ftp.sendmail.org
9 in /pub/sendmail/KNOWNBUGS. For descriptions of bugs that have been
10 fixed, see the file RELEASE_NOTES (in the root directory of the sendmail
13 This list is not guaranteed to be complete.
15 * Header values which are too long may be truncated.
17 If a value of a structured header is longer than 256 (MAXNAME)
18 characters then it may be truncated during output. For example,
19 if a single address in the To: header is longer than 256 characters
20 then it will be truncated which may result in a syntactically
23 * Berkeley DB map locking problem with fcntl().
25 For Linux the default is to use fcntl() for file locking. However,
26 this does not work with Berkeley DB 5.x and probably later.
27 Switching to flock(), i.e., compile with -DHASFLOCK fixes this
28 (however, the have been problems with flock() on some Linux
29 versions). Alternatively, use CDB or an earlier BDB version.
31 * Delivery to programs that generate too much output may cause problems
33 If e-mail is delivered to a program which generates too much
34 output, then sendmail may issue an error:
36 timeout waiting for input from local during Draining Input
38 Make sure that the program does not generate output beyond a
39 status message (corresponding to the exit status). This may
40 require a wrapper around the actual program to redirect output
43 Such a problem has been reported for bulk_mailer.
45 * Null bytes are not handled properly in headers.
47 Sendmail should handle full binary data. As it stands, it handles
48 all values in the body, but not 0x00 in the header. Changing
49 this would require a major restructuring of the code -- for
50 example, almost no C library support could be used to handle
53 * Header checks are not called if header value is too long or empty.
55 If the value of a header is longer than 1250 (MAXNAME + MAXATOM - 6)
56 characters or it contains a single word longer than 256 (MAXNAME)
57 characters then no header check is done even if one is configured for
60 * Header lines which are too long will be split incorrectly.
62 Header lines which are longer than 2045 characters will be split
63 but some characters might be lost. Fix: obey RFC (2)822 and do not
64 send lines that are longer than 1000 characters.
66 * milter communication fails if a single header is larger than 64K.
68 If a single header is larger than 64KB (which is not possible in the
69 default configuration) then it cannot be transferred in one block to
70 libmilter and hence the communication fails. This can be avoided by
71 increasing the constant MILTER_CHUNK_SIZE in
72 include/libmilter/mfdef.h and recompiling sendmail, libmilter, and
73 all (statically linked) milters (or by using undocumented compile
74 time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to
75 read the source code in order to use these properly).
77 * Sender addresses whose domain part cause a temporary A record lookup
78 failure but have a valid MX record will be temporarily rejected in
79 the default configuration. Solution: fix the DNS at the sender side.
80 If that's not easy to achieve, possible workarounds are:
81 - add an entry to the access map:
83 - (only for advanced users) replace
85 # Resolve map (to check if a host exists in check_mail)
86 Kresolve host -a<OKR> -T<TEMP>
90 # Resolve map (to check if a host exists in check_mail)
91 Kcanon host -a<OKR> -T<TEMP>
92 Kdnsmx dns -R MX -a<OKR> -T<TEMP>
93 Kresolve sequence dnsmx canon
96 * Duplicate error messages.
98 Sometimes identical, duplicate error messages can be generated. As
99 near as I can tell, this is rare and relatively innocuous.
101 * Misleading error messages.
103 If an illegal address is specified on the command line together
104 with at least one valid address and PostmasterCopy is set, the
105 DSN does not contain the illegal address, but only the valid
108 * \231 considered harmful.
110 Header addresses that have the \231 character (and possibly others
111 in the range \201 - \237) behave in odd and usually unexpected ways.
113 * AuthRealm for Cyrus SASL may not work as expected. The man page
114 and the actual usage for sasl_server_new() seem to differ.
115 Feedback for the "correct" usage is welcome, a patch to match
116 the description of the man page is in contrib/AuthRealm.p0.
118 * accept() problem on SVR4.
120 Apparently, the sendmail daemon loop (doing accept()s on the network)
121 can get into a weird state on SVR4; it starts logging ``SYSERR:
122 getrequests: accept: Protocol Error''. The workaround is to kill
123 and restart the sendmail daemon. We don't have an SVR4 system at
124 Berkeley that carries more than token mail load, so I can't validate
125 this. It is likely to be a glitch in the sockets emulation, since
126 "Protocol Error" is not possible error code with Berkeley TCP/IP.
128 I've also had someone report the message ``sendmail: accept:
129 SIOCGPGRP failed errno 22'' on an SVR4 system. This message is
130 not in the sendmail source code, so I assume it is also a bug
131 in the sockets emulation. (Errno 22 is EINVAL "Invalid Argument"
132 on all the systems I have available, including Solaris 2.x.)
133 Apparently, this problem is due to linking -lc before -lsocket;
134 if you are having this problem, check your Makefile.
136 * accept() problem on Linux.
138 The accept() in sendmail daemon loop can return ETIMEDOUT. An
139 error is reported to syslog:
141 Jun 9 17:14:12 hostname sendmail[207]: NOQUEUE: SYSERR(root):
142 getrequests: accept: Connection timed out
144 "Connection timed out" is not documented as a valid return from
145 accept(2) and this was believed to be a bug in the Linux kernel.
146 Later information from the Linux kernel group states that Linux
147 2.0 kernels follow RFC1122 while sendmail follows the original BSD
148 (now POSIX 1003.1g draft) specification. The 2.1.X and later kernels
149 will follow the POSIX draft.
151 * Excessive mailing list nesting can run out of file descriptors.
153 If you have a mailing list that includes lots of other mailing
154 lists, each of which has a separate owner, you can run out of
155 file descriptors. Each mailing list with a separate owner uses
156 one open file descriptor (prior to 8.6.6 it was three open
157 file descriptors per list). This is particularly egregious if
158 you have your connection cache set to be large.
160 * Connection caching breaks if you pass the port number as an argument.
162 If you have a definition such as:
164 Mport, P=[IPC], F=kmDFMuX, S=11/31, R=21,
165 M=2100000, T=DNS/RFC822/SMTP,
168 (i.e., where $h is the port number instead of the host name) the
169 connection caching code will break because it won't notice that
170 two messages addressed to different ports should use different
173 * ESMTP SIZE underestimates the size of a message
175 Sendmail makes no allowance for headers that it adds, nor does it
176 account for the SMTP on-the-wire \r\n expansion. It probably doesn't
177 allow for 8->7 bit MIME conversions either.
179 * Client ignores SIZE parameter.
181 When sendmail acts as client and the server specifies a limit
182 for the mail size, sendmail will ignore this and try to send the
183 mail anyway. The server will usually reject the MAIL command
184 which specifies the size of the message and hence this problem
187 * Paths to programs being executed and the mode of program files are
188 not checked. Essentially, the RunProgramInUnsafeDirPath and
189 RunWritableProgram bits in the DontBlameSendmail option are always
190 set. This is not a problem if your system is well managed (that is,
191 if binaries and system directories are mode 755 instead of something
194 * 8-bit data in GECOS field
196 If the GECOS (personal name) information in the passwd file contains
197 8-bit characters, those characters can be included in the message
198 header, which can cause problems when sending SMTP to hosts that
199 only accept 7-bit characters.
201 * 8->7 bit MIME conversion
203 When sendmail is doing 8->7 bit MIME conversions, and the message
204 contains certain MIME body types that cannot be converted to 7-bit,
205 sendmail will pass the message as 8-bit.
207 * 7->8 bit MIME conversion
209 If a message that is encoded as 7-bit MIME is converted to 8-bit and
210 that message when decoded is illegal (e.g., because of long lines or
211 illegal characters), sendmail can produce an illegal message.
213 * MIME encoded full name phrases in the From: header
215 If a full name phrase includes characters from MustQuoteChars, sendmail
216 will quote the entire full name phrase. If MustQuoteChars includes
217 characters which are not special characters according to STD 11 (RFC
218 822), this quotation can interfere with MIME encoded full name phrases.
219 By default, sendmail includes the single quote character (') in
220 MustQuoteChars even though it is not listed as a special character in
223 * bestmx map with -z flag truncates the list of MX hosts
225 A bestmx map configured with the -z flag will truncate the list
226 of MX hosts. This prevents creation of strings which are too
227 long for ruleset parsing. This can have an adverse effect on the
228 relay_based_on_MX feature.
230 * Saving to ~sender/dead.letter fails if su'ed to root
232 If ErrorMode is set to print and an error in sending mail occurs,
233 the normal action is to print a message to the screen and append
234 the message to a dead.letter file in the sender's home directory.
235 In the case where the sender is using su to act as root, the file
236 safety checks prevent sendmail from saving the dead.letter file
237 because the sender's uid and the current real uid do not match.
239 * Berkeley DB 2.X race condition with fcntl() locking
241 There is a race condition for Berkeley DB 2.X databases on
242 operating systems which use fcntl() style locking, such as
243 Solaris. Sendmail locks the map before calling db_open() to
244 prevent others from modifying the map while it is being opened.
245 Unfortunately, Berkeley DB opens the map, closes it, and then
246 reopens it. fcntl() locking drops the lock when any file
247 descriptor pointing to the file is closed, even if it is a
248 different file descriptor than the one used to initially lock
249 the file. As a result there is a possibility that entries in a
250 map might not be found during a map rebuild. As a workaround,
251 you can use makemap to build a map with a new name and then
252 "mv" the new db file to replace the old one.
254 Sleepycat Software has added code to avoid this race condition to
255 Berkeley DB versions after 2.7.5.
257 * File open timeouts not available on hard mounted NFS file systems
259 Since SIGALRM does not interrupt an RPC call for hard mounted
260 NFS file systems, it is impossible to implement a timeout on a file
261 open operation. Therefore, while the NFS server is not responding,
262 attempts to open a file on that server will hang. Systems with
263 local mail delivery and NFS hard mounted home directories should be
264 avoided, as attempts to open the forward files could hang.
266 * Race condition for delivery to set-user-ID files
268 Sendmail will deliver to a file if the file is owned by the DefaultUser
269 or has the set-user-ID bit set. Unfortunately, some systems clear that bit
270 when a file is modified. Sendmail compensates by resetting the file mode
271 back to it's original settings. Unfortunately, there's still a
272 permission failure race as sendmail checks the permissions before locking
273 the file. This is unavoidable as sendmail must verify the file is safe
274 to open before opening it. A file can not be locked until it is open.
276 * MAIL_HUB always takes precedence over LOCAL_RELAY
278 Despite the information in the documentation, MAIL_HUB ($H) will always
279 be used if set instead of LOCAL_RELAY ($R). This will be fixed in a