4 This directory has the latest sendmail(TM) software from Proofpoint, Inc.
6 Report any bugs to sendmail-bugs-YYYY@support.sendmail.org
7 where YYYY is the current year, e.g., 2023.
9 There is a web site at https://www.sendmail.org/ -- see that site for
17 0. The vast majority of queries about sendmail are answered in the
18 README files noted below.
20 1. Read this README file, especially this introduction, and the DIRECTORY
23 2. Read the INSTALL file in this directory.
25 3. Read sendmail/README, especially:
27 b. the BUILDING SENDMAIL section
28 c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
30 You may also find these useful:
34 f. devtools/Site/README
41 Sendmail is a trademark of Proofpoint, Inc.
42 US Patent Numbers 6865671, 6986037.
45 +-----------------------+
46 | DIRECTORY PERMISSIONS |
47 +-----------------------+
49 Sendmail often gets blamed for many problems that are actually the
50 result of other problems, such as overly permissive modes on directories.
51 For this reason, sendmail checks the modes on system directories and
52 files to determine if they can be trusted. For sendmail to run without
53 complaining, you MUST execute the following command:
55 chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
56 chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
58 You will probably have to tweak this for your environment (for example,
59 some systems put the spool directory into /usr/spool instead of
60 /var/spool). If you set the RunAsUser option in your sendmail.cf, the
61 /var/spool/mqueue directory will have to be owned by the RunAsUser user.
62 As a general rule, after you have compiled sendmail, run the command
66 to initialize the alias database. If it gives messages such as
68 WARNING: writable directory /etc
69 WARNING: writable directory /var/spool/mqueue
71 then the directories listed have inappropriate write permissions and
72 should be secured to avoid various possible security attacks.
74 Beginning with sendmail 8.9, these checks have become more strict to
75 prevent users from being able to access files they would normally not
76 be able to read. In particular, .forward and :include: files in unsafe
77 directory paths (directory paths which are group or world writable) will
78 no longer be allowed. This would mean that if user joe's home directory
79 was writable by group staff, sendmail would not use his .forward file.
80 This behavior can be altered, at the expense of system security, by
81 setting the DontBlameSendmail option. For example, to allow .forward
82 files in group writable directories:
84 O DontBlameSendmail=forwardfileingroupwritabledirpath
86 Or to allow them in both group and world writable directories:
88 O DontBlameSendmail=forwardfileinunsafedirpath
90 Items from these unsafe .forward and :include: files will be marked
91 as unsafe addresses -- the items can not be deliveries to files or
92 programs. This behavior can also be altered via DontBlameSendmail:
94 O DontBlameSendmail=forwardfileinunsafedirpath,
95 forwardfileinunsafedirpathsafe
97 The first flag allows the .forward file to be read, the second allows
98 the items in the file to be marked as safe for file and program
101 Other files affected by this strengthened security include class
102 files (i.e., Fw /etc/mail/local-host-names), persistent host status files,
103 and the files specified by the ErrorHeader and HelpFile options. Similar
104 DontBlameSendmail flags are available for the class, ErrorHeader, and
107 If you have an unsafe configuration of .forward and :include:
108 files, you can make it safe by finding all such files, and doing
109 a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for
110 each directory in the file's path.
113 +--------------------------+
114 | FILE AND MAP PERMISSIONS |
115 +--------------------------+
117 Any application which uses either flock() or fcntl() style locking or
118 other APIs that use one of these locking methods (such as open() with
119 O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users
120 may be susceptible to local denial of service attacks.
122 File locking is used throughout sendmail for a variety of files
123 including aliases, maps, statistics, and the pid file. Any user who
124 can open one of these files can prevent sendmail or it's associated
125 utilities, e.g., makemap or newaliases, from operating properly. This
126 can also affect sendmail's ability to update status files such as
127 statistics files. For system which use flock() for file locking, a
128 user's ability to obtain an exclusive lock prevents other sendmail
129 processes from reading certain files such as alias or map databases.
131 A workaround for this problem is to protect all sendmail files such
132 that they can't be opened by untrusted users. As long as users can
133 not open a file, they can not lock it. Since queue files should
134 already have restricted permissions, the only files that need
135 adjustment are alias, map, statistics, and pid files. These files
136 should be owned by root or the trusted user specified in the
137 TrustedUser option. Changing the permissions to be only readable and
138 writable by that user is sufficient to avoid the denial of service.
139 For example, depending on the paths you use, these commands would be
142 chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
143 chmod 0640 /etc/mail/*.{db,pag,dir}
144 chmod 0640 /etc/mail/statistics /var/log/sendmail.st
145 chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
147 If the permissions 0640 are used, be sure that only trusted users belong
148 to the group assigned to those files. Otherwise, files should not even
149 be group readable. As of sendmail 8.12.4, the permissions shown above
150 are the default permissions for newly created files.
152 Note that the denial of service on the plain text aliases file
153 (/etc/mail/aliases) only prevents newaliases from rebuilding the
154 aliases file. The same is true for the database files on systems which
155 use fcntl() style locking. Since it does not interfere with normal
156 operations, sites may chose to leave these files readable. Also, it is
157 not necessary to protect the text files associated with map databases
158 as makemap does not lock those files.
161 +-----------------------+
162 | RELATED DOCUMENTATION |
163 +-----------------------+
165 There are other files you should read. Rooted in this directory are:
168 The FAQ (frequently answered questions) is no longer maintained
169 with the sendmail release. It is available at
170 http://www.sendmail.org/faq/ . The file FAQ is a reminder of
171 this and a pointer to the web page.
173 Installation instructions for building and installing sendmail.
175 Known bugs in the current release.
177 A detailed description of the changes in each version. This
178 is quite long, but informative.
180 Details on compiling and installing sendmail.
182 Details on configuring sendmail.
184 The sendmail Installation & Operations Guide. In addition
185 to the shipped PostScript version, plain text and PDF versions
186 can be generating using (assuming the required conversion software
187 is installed on your system, see doc/op/Makefile):
189 cd doc/op && make op.txt op.pdf
191 Be warned: on some systems calling make in doc/op/ will cause
192 errors due to nroff/groff problems. Known problems are:
193 - running this off on systems with an old version of -me, you
194 need to add the following macro to the macros:
200 This sets a word in a smaller pointsize.
207 There are several related RFCs that you may wish to read -- they are
208 available from several sites, see
210 http://www.rfc-editor.org/
213 Important RFCs for electronic mail are:
216 RFC822 Mail header format
218 RFC976 UUCP mail format
219 RFC1123 Host requirements (modifies 821, 822, and 974)
220 RFC1344 Implications of MIME for Internet Mail Gateways
221 RFC1413 Identification server
222 RFC1428 Transition of Internet Mail from Just-Send-8 to
224 RFC1652 SMTP Service Extension for 8bit-MIMEtransport
225 RFC1869 SMTP Service Extensions (ESMTP spec)
226 RFC1870 SMTP Service Extension for Message Size Declaration
227 RFC1891 SMTP Service Extension for Delivery Status Notifications
228 RFC1892 Multipart/Report Content Type for the Reporting of
229 Mail System Administrative Messages
230 RFC1893 Enhanced Mail System Status Codes
231 RFC1894 An Extensible Message Format for Delivery Status
233 RFC1985 SMTP Service Extension for Remote Message Queue Starting
234 RFC2033 Local Mail Transfer Protocol (LMTP)
235 RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
236 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One:
237 Format of Internet Message Bodies
238 RFC2476 Message Submission
239 RFC2487 SMTP Service Extension for Secure SMTP over TLS
240 RFC2554 SMTP Service Extension for Authentication
241 RFC2821 Simple Mail Transfer Protocol
242 RFC2822 Internet Message Format
243 RFC2852 Deliver By SMTP Service Extension
244 RFC2920 SMTP Service Extension for Command Pipelining
245 RFC5321 Simple Mail Transfer Protocol
246 RFC5322 Internet Message Format
247 RFC6530 Overview and Framework for Internationalized Email
248 RFC6531 SMTP Extension for Internationalized Email
249 RFC6532 Internationalized Email Headers
250 RFC6533 Internationalized Delivery Status and Disposition Notifications
251 RFC8461 SMTP MTA Strict Transport Security (MTA-STS)
253 Other standards that may be of interest (but which are less directly
254 relevant to sendmail) are:
256 RFC987 Mapping between RFC822 and X.400
257 RFC1049 Content-Type header field (extension to RFC822)
259 Warning to AIX users: this version of sendmail does not implement
260 MB, MR, or MG DNS resource records, as defined (as experiments) in
268 Since sendmail 8.11 and later includes hooks to cryptography, the
269 following information from OpenSSL applies to sendmail as well.
271 PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
272 SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
273 TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
274 PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
275 COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
276 SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
277 YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
278 AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
279 ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
281 If you use OpenSSL then make sure you read their README file which
282 contains information about patents etc.
285 +-------------------+
286 | DATABASE ROUTINES |
287 +-------------------+
289 IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT ****
290 use the version that was on the Net2 tape -- it has a number of
291 nefarious bugs that were bad enough when I got them; you shouldn't have
292 to go through the same thing. Instead, get a new version via the web at
293 http://www.sleepycat.com/. This software is highly recommended; it gets
294 rid of several stupid limits, it's much faster, and the interface is
295 nicer to animals and plants. If the Berkeley DB include files
296 are installed in a location other than those which your compiler searches,
297 you will need to provide that directory when building:
299 ./Build -I/path/to/include/directory
301 If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
302 urged to upgrade to DB version 2 or later, available from
303 http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to
304 be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
305 and can cause sendmail to dump core. In addition, the newest versions of
306 gcc and the Solaris compilers perform optimizations in those versions that
307 may cause fairly random core dumps.
309 If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
310 using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
311 and ndbm.o from the DB library after building it. You should also apply
312 all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
313 (see http://www.sleepycat.com/db.185.html), as they fix some of the known
316 If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
317 are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
318 from the DB library after building it. No other changes are necessary.
320 If you are using Berkeley DB version 2.3.15 or greater, no changes are
323 The underlying database file formats changed between Berkeley DB versions
324 1.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
325 DB 2.X and 3.X. If you are upgrading from one of those versions, you must
326 recreate your database file(s). Do this by rebuilding all maps with
327 makemap and rebuilding the alias file with newaliases.
329 File locking using fcntl() does not interoperate with Berkeley DB
330 5.x (and probably later). Use CDB, flock() (-DHASFLOCK), or an
331 earlier Berkeley DB version.
334 +--------------------+
335 | HOST NAME SERVICES |
336 +--------------------+
338 If you are using NIS or /etc/hosts, it is critical that you
339 list the long (fully qualified) name somewhere (preferably first) in
340 the /etc/hosts file used to build the NIS database. For example, the
343 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon
347 128.32.149.68 mastodon
349 If you do not include the long name, sendmail will complain loudly
350 about ``unable to qualify my own domain name (mastodon) -- using
351 short name'' and conclude that your canonical name is the short
352 version and use that in messages. The name "mastodon" doesn't mean
353 much outside of Berkeley, and so this creates incorrect and unreplyable
361 This version of sendmail notices and reports certain kinds of SMTP
362 protocol violations that were ignored by older versions. If you
363 are running MH you may wish to install the patch in contrib/mh.patch
364 that will prevent these warning reports. This patch also works
365 with the old version of sendmail, so it's safe to go ahead and
373 Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
374 Note that the RFC states a client should wait at least 30 seconds
375 for a response. As of 8.10.0, the default Timeout.ident is 5 seconds
376 as many sites have adopted the practice of dropping IDENT queries.
377 This has lead to delays processing mail.
380 +-------------------------+
381 | INTEROPERATION PROBLEMS |
382 +-------------------------+
384 Microsoft Exchange Server 5.0
385 We have had a report that ``about 7% of messages from Sendmail
386 to Exchange were not being delivered with status messages of
387 "connection reset" and "I/O error".'' Upgrading Exchange from
388 Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
391 CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
392 the MAIL FROM command if the client is not authenticated. Use
394 define(`confAUTH_OPTIONS', `A')
396 in .mc file if you have compiled sendmail with Cyrus SASL
397 and you communicate with CommuniGate Pro servers.
400 +---------------------+
401 | DIRECTORY STRUCTURE |
402 +---------------------+
404 The structure of this directory tree is:
406 cf Source for sendmail configuration files. These are
407 different than what you've seen before. They are a
408 fairly dramatic rewrite, requiring the new sendmail
409 (since they use new features).
410 contrib Some contributed tools to help with sendmail. THESE
411 ARE NOT SUPPORTED by sendmail -- contact the original
412 authors if you have problems. (This directory is not
414 devtools Build environment. See devtools/README.
415 doc Documentation. If you are getting source, read
416 op.me -- it's long, but worth it.
417 editmap A program to edit and query maps that have been created
418 with makemap, e.g., adding and deleting entries.
419 include Include files used by multiple programs in the distribution.
420 libsmdb sendmail database library with support for Berkeley DB 1.X,
421 Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
422 libsmutil sendmail utility library with functions used by different
424 mail.local The source for the local delivery agent used for 4.4BSD.
425 THIS IS NOT PART OF SENDMAIL! and may not compile
426 everywhere, since it depends on some 4.4-isms. Warning:
427 it does mailbox locking differently than other systems.
428 mailstats Statistics printing program.
429 makemap A program that creates the keyed maps used by the $( ... $)
430 construct in sendmail. It is primitive but effective.
431 It takes a very simple input format, so you will probably
432 expect to preprocess must human-convenient formats
433 using sed scripts before this program will like them.
434 But it should be functionally complete.
435 praliases A program to print the map version of the aliases file.
436 rmail Source for rmail(8). This is used as a delivery
437 agent for for UUCP, and could presumably be used by
438 other non-socket oriented mailers. Older versions of
439 rmail are probably deficient. RMAIL IS NOT PART OF
440 SENDMAIL!!! The 4.4BSD source is included for you to
441 look at or try to port to your system. There is no
442 guarantee it will even compile on your operating system.
443 smrsh The "sendmail restricted shell", which can be used as
444 a replacement for /bin/sh in the prog mailer to provide
445 increased security control. NOT PART OF SENDMAIL!
446 sendmail Source for the sendmail program itself.
447 test Some test scripts (currently only for compilation aids).
448 vacation Source for the vacation program. NOT PART OF SENDMAIL!