4 This directory has the latest sendmail(TM) software from Sendmail, Inc.
6 Report any bugs to sendmail-bugs@sendmail.ORG
8 There is a web site at http://WWW.Sendmail.ORG/ -- see that site for
15 0. The vast majority of queries to <sendmail-questions@sendmail.org>
16 are answered in the README files noted below.
18 1. Read this README file, especially this introduction, and the DIRECTORY
21 2. Read the INSTALL file in this directory.
23 3. Read sendmail/README, especially:
25 b. the BUILDING SENDMAIL section
26 c. the relevant part(s) of the OPERATING SYSTEM AND COMPILE QUIRKS section
28 You may also find these useful:
32 f. devtools/Site/README
39 Sendmail is a trademark of Sendmail, Inc.
41 +-----------------------+
42 | DIRECTORY PERMISSIONS |
43 +-----------------------+
45 Sendmail often gets blamed for many problems that are actually the
46 result of other problems, such as overly permissive modes on directories.
47 For this reason, sendmail checks the modes on system directories and
48 files to determine if they can be trusted. For sendmail to run without
49 complaining, you MUST execute the following command:
51 chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
52 chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
54 You will probably have to tweak this for your environment (for example,
55 some systems put the spool directory into /usr/spool instead of
56 /var/spool). If you set the RunAsUser option in your sendmail.cf, the
57 /var/spool/mqueue directory will have to be owned by the RunAsUser user.
58 As a general rule, after you have compiled sendmail, run the command
62 to initialize the alias database. If it gives messages such as
64 WARNING: writable directory /etc
65 WARNING: writable directory /var/spool/mqueue
67 then the directories listed have inappropriate write permissions and
68 should be secured to avoid various possible security attacks.
70 Beginning with sendmail 8.9, these checks have become more strict to
71 prevent users from being able to access files they would normally not
72 be able to read. In particular, .forward and :include: files in unsafe
73 directory paths (directory paths which are group or world writable) will
74 no longer be allowed. This would mean that if user joe's home directory
75 was writable by group staff, sendmail would not use his .forward file.
76 This behavior can be altered, at the expense of system security, by
77 setting the DontBlameSendmail option. For example, to allow .forward
78 files in group writable directories:
80 O DontBlameSendmail=forwardfileingroupwritabledirpath
82 Or to allow them in both group and world writable directories:
84 O DontBlameSendmail=forwardfileinunsafedirpath
86 Items from these unsafe .forward and :include: files will be marked
87 as unsafe addresses -- the items can not be deliveries to files or
88 programs. This behavior can also be altered via DontBlameSendmail:
90 O DontBlameSendmail=forwardfileinunsafedirpath,
91 forwardfileinunsafedirpathsafe
93 The first flag allows the .forward file to be read, the second allows
94 the items in the file to be marked as safe for file and program
97 Other files affected by this strengthened security include class
98 files (i.e., Fw /etc/mail/local-host-names), persistent host status files,
99 and the files specified by the ErrorHeader and HelpFile options. Similar
100 DontBlameSendmail flags are available for the class, ErrorHeader, and
103 If you have an unsafe configuration of .forward and :include:
104 files, you can make it safe by finding all such files, and doing
105 a "chmod go-w $FILE" on each. Also, do a "chmod go-w $DIR" for
106 each directory in the file's path.
109 +-----------------------+
110 | RELATED DOCUMENTATION |
111 +-----------------------+
113 There are other files you should read. Rooted in this directory are:
116 The FAQ (frequently answered questions) is no longer maintained
117 with the sendmail release. It is available at
118 http://www.sendmail.org/faq/ . The file FAQ is a reminder of
119 this and a pointer to the web page.
121 Installation instructions for building and installing sendmail.
123 Known bugs in the current release.
125 A detailed description of the changes in each version. This
126 is quite long, but informative.
128 Details on compiling and installing sendmail.
130 Details on configuring sendmail.
132 The sendmail Installation & Operations Guide. Be warned: if
133 you are running this off on SunOS or some other system with an
134 old version of -me, you need to add the following macro to the
141 This sets a word in a smaller pointsize.
148 There are several related RFCs that you may wish to read -- they are
149 available via anonymous FTP to several sites. For a list of the
150 primary repositories see:
152 http://www.isi.edu/in-notes/rfc-retrieval.txt
154 They are also online at:
158 They can also be retrieved via electronic mail by sending
161 mail-server@nisc.sri.com
162 Put "send rfcNNN" in message body
164 Put "send RFCnnn.TXT-1" in message body
166 Put "RFCnnn" as Subject: line
168 For further instructions see:
170 http://www.isi.edu/in-notes/rfc-editor/rfc-info
172 Important RFCs for electronic mail are:
175 RFC822 Mail header format
177 RFC976 UUCP mail format
178 RFC1123 Host requirements (modifies 821, 822, and 974)
179 RFC1344 Implications of MIME for Internet Mail Gateways
180 RFC1413 Identification server
181 RFC1428 Transition of Internet Mail from Just-Send-8 to
183 RFC1652 SMTP Service Extension for 8bit-MIMEtransport
184 RFC1869 SMTP Service Extensions (ESMTP spec)
185 RFC1870 SMTP Service Extension for Message Size Declaration
186 RFC1891 SMTP Service Extension for Delivery Status Notifications
187 RFC1892 Multipart/Report Content Type for the Reporting of
188 Mail System Administrative Messages
189 RFC1893 Enhanced Mail System Status Codes
190 RFC1894 An Extensible Message Format for Delivery Status
192 RFC1985 SMTP Service Extension for Remote Message Queue Starting
193 RFC2033 Local Mail Transfer Protocol (LMTP)
194 RFC2034 SMTP Service Extension for Returning Enhanced Error Codes
195 RFC2045 Multipurpose Internet Mail Extensions (MIME) Part One:
196 Format of Internet Message Bodies
197 RFC2476 Message Submission
198 RFC2487 SMTP Service Extension for Secure SMTP over TLS
199 RFC2554 SMTP Service Extension for Authentication
200 RFC2821 Simple Mail Transfer Protocol
201 RFC2822 Internet Message Format
202 RFC2852 Deliver By SMTP Service Extension
203 RFC2920 SMTP Service Extension for Command Pipelining
205 Other standards that may be of interest (but which are less directly
206 relevant to sendmail) are:
208 RFC987 Mapping between RFC822 and X.400
209 RFC1049 Content-Type header field (extension to RFC822)
211 Warning to AIX users: this version of sendmail does not implement
212 MB, MR, or MG DNS resource records, as defined (as experiments) in
220 Since sendmail 8.11 and later includes hooks to cryptography, the
221 following information from OpenSSL applies to sendmail as well.
223 PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
224 SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
225 TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
226 PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
227 COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
228 SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
229 YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
230 AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
231 ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
233 If you use OpenSSL then make sure you read their README file which
234 contains information about patents etc.
237 +-------------------+
238 | DATABASE ROUTINES |
239 +-------------------+
241 IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE: **** DO NOT ****
242 use the version that was on the Net2 tape -- it has a number of
243 nefarious bugs that were bad enough when I got them; you shouldn't have
244 to go through the same thing. Instead, get a new version via the web at
245 http://www.sleepycat.com/. This software is highly recommended; it gets
246 rid of several stupid limits, it's much faster, and the interface is
247 nicer to animals and plants. If the Berkeley DB include files
248 are installed in a location other than those which your compiler searches,
249 you will need to provide that directory when building:
251 Build -I/path/to/include/directory
253 If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
254 urged to upgrade to DB version 2 or later, available from
255 http://www.sleepycat.com/. Berkeley DB versions 1.85 and 1.86 are known to
256 be broken in various nasty ways (see http://www.sleepycat.com/db.185.html),
257 and can cause sendmail to dump core. In addition, the newest versions of
258 gcc and the Solaris compilers perform optimizations in those versions that
259 may cause fairly random core dumps.
261 If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
262 using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
263 and ndbm.o from the DB library after building it. You should also apply
264 all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
265 (see http://www.sleepycat.com/db.185.html), as they fix some of the known
268 If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
269 are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
270 from the DB library after building it. No other changes are necessary.
272 If you are using Berkeley DB version 2.3.15 or greater, no changes are
275 The underlying database file formats changed between Berkeley DB versions
276 1.85 and 1.86, again between DB 1.86 and version 2.0, and finally between
277 DB 2.X and 3.X. If you are upgrading from one of those versions, you must
278 recreate your database file(s). Do this by rebuilding all maps with
279 makemap and rebuilding the alias file with newaliases.
282 +--------------------+
283 | HOST NAME SERVICES |
284 +--------------------+
286 If you are using NIS or /etc/hosts, it is critical that you
287 list the long (fully qualified) name somewhere (preferably first) in
288 the /etc/hosts file used to build the NIS database. For example, the
291 128.32.149.68 mastodon.CS.Berkeley.EDU mastodon
295 128.32.149.68 mastodon
297 If you do not include the long name, sendmail will complain loudly
298 about ``unable to qualify my own domain name (mastodon) -- using
299 short name'' and conclude that your canonical name is the short
300 version and use that in messages. The name "mastodon" doesn't mean
301 much outside of Berkeley, and so this creates incorrect and unreplyable
309 This version of sendmail notices and reports certain kinds of SMTP
310 protocol violations that were ignored by older versions. If you
311 are running MH you may wish to install the patch in contrib/mh.patch
312 that will prevent these warning reports. This patch also works
313 with the old version of sendmail, so it's safe to go ahead and
321 Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
322 Note that the RFC states a client should wait at least 30 seconds
323 for a response. As of 8.10.0, the default Timeout.ident is 5 seconds
324 as many sites have adopted the practice of dropping IDENT queries.
325 This has lead to delays processing mail.
327 No ident server is included with this distribution. It is available
330 ftp://ftp.lysator.liu.se/pub/ident/servers/
331 http://sf.www.lysator.liu.se/~pen/pidentd/
333 +-------------------------+
334 | INTEROPERATION PROBLEMS |
335 +-------------------------+
337 Microsoft Exchange Server 5.0
338 We have had a report that ``about 7% of messages from Sendmail
339 to Exchange were not being delivered with status messages of
340 "connection reset" and "I/O error".'' Upgrading Exchange from
341 Version 5.0 to Version 5.5 Service Pack 2 solved this problem.
344 CommuniGate Pro 3.2.4 does not accept the AUTH= -parameter on
345 the MAIL FROM command if the client is not authenticated. Use
347 define(`confAUTH_OPTIONS', `A')
349 in .mc file if you have compiled sendmail with Cyrus SASL
350 and you communicate with CommuniGate Pro servers.
352 +---------------------+
353 | DIRECTORY STRUCTURE |
354 +---------------------+
356 The structure of this directory tree is:
358 cf Source for sendmail configuration files. These are
359 different than what you've seen before. They are a
360 fairly dramatic rewrite, requiring the new sendmail
361 (since they use new features).
362 contrib Some contributed tools to help with sendmail. THESE
363 ARE NOT SUPPORTED by sendmail -- contact the original
364 authors if you have problems. (This directory is not
366 devtools Build environment. See devtools/README.
367 doc Documentation. If you are getting source, read
368 op.me -- it's long, but worth it.
369 editmap A program to edit and query maps that have been created
370 with makemap, e.g., adding and deleting entries.
371 include Include files used by multiple programs in the distribution.
372 libsmdb sendmail database library with support for Berkeley DB 1.X,
373 Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
374 libsmutil sendmail utility library with functions used by different
376 mail.local The source for the local delivery agent used for 4.4BSD.
377 THIS IS NOT PART OF SENDMAIL! and may not compile
378 everywhere, since it depends on some 4.4-isms. Warning:
379 it does mailbox locking differently than other systems.
380 mailstats Statistics printing program.
381 makemap A program that creates the keyed maps used by the $( ... $)
382 construct in sendmail. It is primitive but effective.
383 It takes a very simple input format, so you will probably
384 expect to preprocess must human-convenient formats
385 using sed scripts before this program will like them.
386 But it should be functionally complete.
387 praliases A program to print the DBM or NEWDB version of the
389 rmail Source for rmail(8). This is used as a delivery
390 agent for for UUCP, and could presumably be used by
391 other non-socket oriented mailers. Older versions of
392 rmail are probably deficient. RMAIL IS NOT PART OF
393 SENDMAIL!!! The 4.4BSD source is included for you to
394 look at or try to port to your system. There is no
395 guarantee it will even compile on your operating system.
396 smrsh The "sendmail restricted shell", which can be used as
397 a replacement for /bin/sh in the prog mailer to provide
398 increased security control. NOT PART OF SENDMAIL!
399 sendmail Source for the sendmail program itself.
400 test Some test scripts (currently only for compilation aids).
401 vacation Source for the vacation program. NOT PART OF SENDMAIL!
403 $Revision: 8.81 $, Last updated $Date: 2001/09/26 16:22:19 $