1 # Copyright (c) 1998-2004 Proofpoint, Inc. and its suppliers.
3 # Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 # The Regents of the University of California. All rights reserved.
7 # By using this file, you agree to the terms and conditions set
8 # forth in the LICENSE file which can be found at the top level of
9 # the sendmail distribution.
12 This directory contains the source files for sendmail(TM).
14 *******************************************************************
15 !! Read sendmail/SECURITY for important installation information !!
16 *******************************************************************
18 **********************************************************
19 ** Read below for more details on building sendmail. **
20 **********************************************************
22 **************************************************************************
23 ** IMPORTANT: Read the appropriate paragraphs in the section on **
24 ** ``Operating System and Compile Quirks''. **
25 **************************************************************************
27 For detailed instructions, please read the document ../doc/op/op.me:
29 cd ../doc/op ; make op.ps op.txt
31 Sendmail is a trademark of Proofpoint, Inc.
32 US Patent Numbers 6865671, 6986037.
39 By far, the easiest way to compile sendmail is to use the "Build"
44 This uses the "uname" command to figure out what architecture you are
45 on and creates a proper Makefile accordingly. It also creates a
46 subdirectory per object format, so that multiarchitecture support is
47 easy. In general this should be all you need. IRIX 6.x users should
48 read the note below in the OPERATING SYSTEM AND COMPILE QUIRKS section.
50 If you need to look at other include or library directories, use the
51 -I or -L flags on the command line, e.g.,
53 sh ./Build -I/usr/sww/include -L/usr/sww/lib
55 It's also possible to create local site configuration in the file
56 site.config.m4 (or another file settable with the -f flag). This
57 file contains M4 definitions for various compilation values; the
60 confMAPDEF -D flags to specify database types to be included
62 confENVDEF -D flags to specify other environment information
63 confINCDIRS -I flags for finding include files during compilation
64 confLIBDIRS -L flags for finding libraries during linking
65 confLIBS -l flags for selecting libraries during linking
66 confLDOPTS other ld(1) linker options
68 Others can be found by examining Makefile.m4. Please read
69 ../devtools/README for more information about the site.config.m4
72 You can recompile from scratch using the -c flag with the Build
73 command. This removes the existing compilation directory for the
74 current platform and builds a new one. The -c flag must also
75 be used if any site.*.m4 file in devtools/Site/ is changed.
77 Porting to a new Unix-based system should be a matter of creating
78 an appropriate configuration file in the devtools/OS/ directory.
81 +----------------------+
82 | DATABASE DEFINITIONS |
83 +----------------------+
85 There are several database formats that can be used for the alias files
86 and for general maps. When used for alias files they interact in an
87 attempt to be backward compatible.
91 CDB Constant DataBase, requires tinycdb (0.75), see
92 http://www.corpit.ru/mjt/tinycdb.html
93 CDB is included automatically if the Build script can find
94 a library named libcdb.a or libcdb.so.
95 By default, .cdb is used as extension for cdb maps, however,
96 if CDB is set to 2, then .db is used to make transition from
97 hash maps easier. Note: this usually requires to exclude cdb
98 from confLIBSEARCH, see devtools/README.
99 NEWDB The new Berkeley DB package. Some systems (e.g., BSD/OS and
100 Digital UNIX 4.0) have some version of this package
101 pre-installed. If your system does not have Berkeley DB
102 pre-installed, or the version installed is not version 2.0
103 or greater (e.g., is Berkeley DB 1.85 or 1.86), get the
104 current version from http://www.sleepycat.com/. DO NOT
105 use a version from any of the University of California,
106 Berkeley "Net" or other distributions. If you are still
107 running BSD/386 1.x, you will need to upgrade the included
108 Berkeley DB library to a current version. NEWDB is included
109 automatically if the Build script can find a library named
111 See also OPERATING SYSTEM AND COMPILE QUIRKS about Berkeley
112 DB versions, e.g., DB 4.1.x.
113 NDBM The older NDBM implementation -- the very old V7 DBM
114 implementation is no longer supported.
115 NIS Network Information Services. To use this you must have
116 NIS support on your system.
117 NISPLUS NIS+ (the revised NIS released with Solaris 2). You must
118 have NIS+ support on your system to use this flag.
119 HESIOD Support for Hesiod (from the DEC/Athena distribution). You
120 must already have Hesiod support on your system for this to
121 work. You may be able to get this to work with the MIT/Athena
122 version of Hesiod, but that's likely to be a lot of work.
123 BIND 8.X also includes Hesiod support.
124 LDAPMAP Lightweight Directory Access Protocol support. You will
125 have to install the UMich or OpenLDAP
126 (http://www.openldap.org/) ldap and lber libraries to use
128 MAP_REGEX Regular Expression support. You will need to use an
129 operating system which comes with the POSIX regex()
130 routines or install a regexp library such as libregex from
131 the Free Software Foundation.
132 DNSMAP DNS map support. Requires NAMED_BIND.
133 PH_MAP PH map support.
134 MAP_NSD nsd map support (IRIX 6.5 and later).
135 SOCKETMAP Support for a trivial query protocol over UNIX domain or TCP
138 >>> NOTE WELL for NEWDB support: If you want to get ndbm support, for
139 >>> Berkeley DB versions under 2.0, it is CRITICAL that you remove
140 >>> ndbm.o from libdb.a before you install it and DO NOT install ndbm.h;
141 >>> for Berkeley DB versions 2.0 through 2.3.14, remove dbm.o from libdb.a
142 >>> before you install it. If you don't delete these, there is absolutely
143 >>> no point to including -DNDBM, since it will just get you another
144 >>> (inferior) API to the same format database. These files OVERRIDE
145 >>> calls to ndbm routines -- in particular, if you leave ndbm.h in,
146 >>> you can find yourself using the new db package even if you don't
147 >>> define NEWDB. Berkeley DB versions later than 2.3.14 do not need
148 >>> to be modified. Please also consult the README in the top level
149 >>> directory of the sendmail distribution for other important information.
151 >>> Further note: DO NOT remove your existing /usr/include/ndbm.h --
152 >>> you need that one. But do not install an updated ndbm.h in
153 >>> /usr/include, /usr/local/include, or anywhere else.
155 If NEWDB and NDBM are defined (but not NIS), then sendmail will read
156 NDBM format alias files, but the next time a newaliases is run the
157 format will be converted to NEWDB; that format will be used forever
158 more. This is intended as a transition feature.
160 If NEWDB, NDBM, and NIS are all defined and the name of the file includes
161 the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format
162 alias files. However, it will only read the NEWDB file; the NDBM format
163 file is used only by the NIS subsystem. This is needed because the NIS
164 maps on an NIS server are built directly from the NDBM files.
166 If NDBM and NIS are defined (regardless of the definition of NEWDB),
167 and the filename includes the string "/yp/", sendmail adds the special
168 tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
169 required if the NDBM file is to be used as an NIS map.
171 All of these flags are normally defined in a confMAPDEF setting in your
174 If you define NEWDB or HESIOD you get the User Database (USERDB)
175 automatically. Generally you do want to have NEWDB for it to do
176 anything interesting. See above for getting the Berkeley DB
177 package (i.e., NEWDB). There is no separate "user database"
178 package -- don't bother searching for it on the net.
180 Hesiod and LDAP require libraries that may not be installed with your
181 system. These are outside of my ability to provide support. See the
182 "Quirks" section for more information.
184 The regex map can be used to see if an address matches a certain regular
185 expression. For example, all-numerics local parts are common spam
186 addresses, so "^[0-9]+$" would match this. By using such a map in a
187 check_* rule-set, you can block a certain range of addresses that would
188 otherwise be considered valid.
190 The socket map uses a simple request/reply protocol over TCP or
191 UNIX domain sockets to query an external server. Both requests and
192 replies are text based and encoded as netstrings. The socket map
193 uses the same syntax as milters the specify the remote endpoint,
196 KmySocketMap socket inet:12345@127.0.0.1
198 See doc/op/op.me for details.
205 Wherever possible, I try to make sendmail pull in the correct
206 compilation options needed to compile on various environments based on
207 automatically defined symbols. Some machines don't seem to have useful
208 symbols available, requiring that a compilation flag be defined in
209 the Makefile; see the devtools/OS subdirectory for the supported
212 If you are a system to which sendmail has already been ported you
213 should not have to touch the following symbols. But if you are porting,
214 you may have to tweak the following compilation flags in conf.h in order
215 to get it to compile and link properly:
217 SYSTEM5 Adjust for System V (not necessarily Release 4).
218 SYS5SIGNALS Use System V signal semantics -- the signal handler
219 is automatically dropped when the signal is caught.
220 If this is not set, use POSIX/BSD semantics, where the
221 signal handler stays in force until an exec or an
222 explicit delete. Implied by SYSTEM5.
223 SYS5SETPGRP Use System V setpgrp() semantics. Implied by SYSTEM5.
224 HASNICE Define this to zero if you lack the nice(2) system call.
225 HASRRESVPORT Define this to zero if you lack the rresvport(3) system call.
226 HASFCHMOD Define this to one if you have the fchmod(2) system call.
227 This improves security.
228 HASFCHOWN Define this to one if you have the fchown(2) system call.
229 This is required for the TrustedUser option if sendmail
230 must rebuild an (alias) map.
231 HASFLOCK Set this if you prefer to use the flock(2) system call
232 rather than using fcntl-based locking. Fcntl locking
233 has some semantic gotchas, but many vendor systems
234 also interface it to lockd(8) to do NFS-style locking.
235 Unfortunately, many vendor implementations of fcntl locking
236 are just plain broken (e.g., locks are never released,
237 causing your sendmail to deadlock; when the kernel runs
238 out of locks your system crashes). For this reason, I
239 recommend always defining this unless you are absolutely
240 certain that your fcntl locking implementation really works.
241 HASUNAME Set if you have the "uname" system call. Implied by
243 HASUNSETENV Define this if your system library has the "unsetenv"
245 HASSETSID Define this if you have the setsid(2) system call. This
246 is implied if your system appears to be POSIX compliant.
247 HASINITGROUPS Define this if you have the initgroups(3) routine.
248 HASSETVBUF Define this if you have the setvbuf(3) library call.
249 If you don't, setlinebuf will be used instead. This
250 defaults on if your compiler defines __STDC__.
251 HASSETREUID Define this if you have setreuid(2) ***AND*** root can
252 use setreuid to change to an arbitrary user. This second
253 condition is not satisfied on AIX 3.x. You may find that
254 your system has setresuid(2), (for example, on HP-UX) in
255 which case you will also have to #define setreuid(r, e)
256 to be the appropriate call. Some systems (such as Solaris)
257 have a compatibility routine that doesn't work properly,
258 but may have "saved user ids" properly implemented so you
259 can ``#define setreuid(r, e) seteuid(e)'' and have it work.
260 The important thing is that you have a call that will set
261 the effective uid independently of the real or saved uid
262 and be able to set the effective uid back again when done.
263 There's a test program in ../test/t_setreuid.c that will
264 try things on your system. Setting this improves the
265 security, since sendmail doesn't have to read .forward
266 and :include: files as root. There are certain attacks
267 that may be unpreventable without this call.
268 USESETEUID Define this to 1 if you have a seteuid(2) system call that
269 will allow root to set only the effective user id to an
270 arbitrary value ***AND*** you have saved user ids. This is
271 preferable to HASSETREUID if these conditions are fulfilled.
272 These are the semantics of the to-be-released revision of
273 Posix.1. The test program ../test/t_seteuid.c will try
274 this out on your system. If you define both HASSETREUID
275 and USESETEUID, the former is ignored.
276 HASSETEGID Define this if you have setegid(2) and it can be
277 used to set the saved gid. Please run t_dropgid in
278 test/ if you are not sure whether the call works.
279 HASSETREGID Define this if you have setregid(2) and it can be
280 used to set the saved gid. Please run t_dropgid in
281 test/ if you are not sure whether the call works.
282 HASSETRESGID Define this if you have setresgid(2) and it can be
283 used to set the saved gid. Please run t_dropgid in
284 test/ if you are not sure whether the call works.
285 HASLSTAT Define this if you have symbolic links (and thus the
286 lstat(2) system call). This improves security. Unlike
287 most other options, this one is on by default, so you
288 need to #undef it in conf.h if you don't have symbolic
289 links (these days everyone does).
290 HASSETRLIMIT Define this to 1 if you have the setrlimit(2) syscall.
291 You can define it to 0 to force it off. It is assumed
292 if you are running a BSD-like system.
293 HASULIMIT Define this if you have the ulimit(2) syscall (System V
294 style systems). HASSETRLIMIT overrides, as it is more
296 HASWAITPID Define this if you have the waitpid(2) syscall.
298 Define this if you have the getdtablesize(2) syscall.
299 HAS_GETHOSTBYNAME2 Define this to 1 if your system supports
301 HAS_ST_GEN Define this to 1 if your system has the st_gen field in
302 the stat structure (see stat(2)).
303 HASSRANDOMDEV Define this if your system has the srandomdev(3) function
305 HASURANDOMDEV Define this if your system has /dev/urandom(4).
306 HASSTRERROR Define this if you have the libc strerror(3) function (which
307 should be declared in <errno.h>), and it should be used
308 instead of sys_errlist.
309 HASCLOSEFROM Define this if your system has closefrom(3).
310 HASFDWALK Define this if your system has fdwalk(3).
311 SM_CONF_GETOPT Define this as 0 if you need a reimplementation of getopt(3).
312 On some systems, getopt() does very odd things if called
313 to scan the arguments twice. This flag will ask sendmail
314 to compile in a local version of getopt() that works
315 properly. You may also need this if you build with
316 another library that introduces a non-standard getopt(3).
317 NEEDSTRTOL Define this if your standard C library does not define
318 strtol(3). This will compile in a local version.
319 NEEDFSYNC Define this if your standard C library does not define
320 fsync(2). This will try to simulate the operation using
321 fcntl(2); if that is not available it does nothing, which
322 isn't great, but at least it compiles and runs.
323 HASGETUSERSHELL Define this to 1 if you have getusershell(3) in your
324 standard C library. If this is not defined, or is defined
325 to be 0, sendmail will scan the /etc/shells file (no
326 NIS-style support, defaults to /bin/sh and /bin/csh if
327 that file does not exist) to get a list of unrestricted
328 user shells. This is used to determine whether users
329 are allowed to forward their mail to a program or a file.
330 NEEDPUTENV Define this if your system needs am emulation of the
331 putenv(3) call. Define to 1 to implement it in terms
332 of setenv(3) or to 2 to do it in terms of primitives.
333 NOFTRUNCATE Define this if you don't have the ftruncate(2) syscall.
334 If you don't have this system call, there is an unavoidable
335 race condition that occurs when creating alias databases.
336 NO_EOH_FIELDS Define this to disable the special handling of the headers
337 Message: and Text: to denote the end of the message header.
338 GIDSET_T The type of entries in a gidset passed as the second
339 argument to getgroups(2). Historically this has been an
340 int, so this is the default, but some systems (such as
341 IRIX) pass it as a gid_t, which is an unsigned short.
342 This will make a difference, so it is important to get
343 this right! However, it is only an issue if you have
345 SLEEP_T The type returned by the system sleep() function.
346 Defaults to "unsigned int". Don't worry about this
347 if you don't have compilation problems.
348 ARBPTR_T The type of an arbitrary pointer -- defaults to "void *".
349 If you are an very old compiler you may need to define
351 SOCKADDR_LEN_T The type used for the third parameter to accept(2),
352 getsockname(2), and getpeername(2), representing the
353 length of a struct sockaddr. Defaults to int.
354 SOCKOPT_LEN_T The type used for the fifth parameter to getsockopt(2)
355 and setsockopt(2), representing the length of the option
356 buffer. Defaults to int.
357 LA_TYPE The type of load average your kernel supports. These
359 LA_ZERO (1) -- it always returns the load average as
360 "zero" (and does so on all architectures).
361 LA_INT (2) to read /dev/kmem for the symbol avenrun and
362 interpret as a long integer.
363 LA_FLOAT (3) same, but interpret the result as a floating
365 LA_SHORT (6) to interpret as a short integer.
366 LA_SUBR (4) if you have the getloadavg(3) routine in your
368 LA_MACH (5) to use MACH-style load averages (calls
369 processor_set_info()),
370 LA_PROCSTR (7) to read /proc/loadavg and interpret it
371 as a string representing a floating-point
372 number (Linux-style).
373 LA_READKSYM (8) is an implementation suitable for some
374 versions of SVr4 that uses the MIOC_READKSYM ioctl
375 call to read /dev/kmem.
376 LA_DGUX (9) is a special implementation for DG/UX that uses
377 the dg_sys_info system call.
378 LA_HPUX (10) is an HP-UX specific version that uses the
379 pstat_getdynamic system call.
380 LA_IRIX6 (11) is an IRIX 6.x specific version that adapts
381 to 32 or 64 bit kernels; it is otherwise very similar
383 LA_KSTAT (12) uses the (Solaris-specific) kstat(3k)
385 LA_DEVSHORT (13) reads a short from a system file (default:
386 /dev/table/avenrun) and scales it in the same manner
388 LA_LONGLONG (17) to read /dev/kmem for the symbol avenrun and
389 interpret as a long long integer (e.g., for 64 bit
391 LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several
392 other parameters that they try to divine: the name of your
393 kernel, the name of the variable in the kernel to examine,
394 the number of bits of precision in a fixed point load average,
395 and so forth. LA_DEVSHORT uses _PATH_AVENRUN to find the
396 device to be read to find the load average.
397 In desperation, use LA_ZERO. The actual code is in
398 conf.c -- it can be tweaked if you are brave.
399 FSHIFT For LA_INT, LA_SHORT, and LA_READKSYM, this is the number
400 of bits of load average after the binary point -- i.e.,
401 the number of bits to shift right in order to scale the
402 integer to get the true integer load average. Defaults to 8.
403 _PATH_UNIX The path to your kernel. Needed only for LA_INT, LA_SHORT,
404 and LA_FLOAT. Defaults to "/unix" on System V, "/vmunix"
406 LA_AVENRUN For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel
407 variable that holds the load average. Defaults to "avenrun"
408 on System V, "_avenrun" everywhere else.
409 SFS_TYPE Encodes how your kernel can locate the amount of free
410 space on a disk partition. This can be set to SFS_NONE
411 (0) if you have no way of getting this information,
412 SFS_USTAT (1) if you have the ustat(2) system call,
413 SFS_4ARGS (2) if you have a four-argument statfs(2)
414 system call (and the include file is <sys/statfs.h>),
415 SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have
416 the two-argument statfs(2) system call with includes in
417 <sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively,
418 or SFS_STATVFS (6) if you have the two-argument statvfs(2)
419 call. The default if nothing is defined is SFS_NONE.
420 SFS_BAVAIL with SFS_4ARGS you can also set SFS_BAVAIL to the field name
421 in the statfs structure that holds the useful information;
422 this defaults to f_bavail.
423 SPT_TYPE Encodes how your system can display what a process is doing
424 on a ps(1) command (SPT stands for Set Process Title). Can
426 SPT_NONE (0) -- Don't try to set the process title at all.
427 SPT_REUSEARGV (1) -- Pad out your argv with the information;
428 this is the default if none specified.
429 SPT_BUILTIN (2) -- The system library has setproctitle.
430 SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2)
431 to set the process title; this is used by HP-UX.
432 SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD).
433 SPT_SYSMIPS (5) -- Use sysmips() supported by NEWS-OS 6.
434 SPT_SCO (6) -- Write kernel u. area.
435 SPT_CHANGEARGV (7) -- Write pointers to our own strings into
436 the existing argv vector.
437 SPT_PADCHAR Character used to pad the process title; if undefined,
438 the space character (0x20) is used. This is ignored if
439 SPT_TYPE != SPT_REUSEARGV
441 If set, assumes that some header file defines sys_errlist.
442 This may be needed if you get type conflicts on this
443 variable -- otherwise don't worry about it.
444 WAITUNION The wait(2) routine takes a "union wait" argument instead
445 of an integer argument. This is for compatibility with
447 SCANF You can set this to extend the F command to accept a
448 scanf string -- this gives you a primitive parser for
449 class definitions -- BUT it can make you vulnerable to
450 core dumps if the target file is poorly formed.
451 SYSLOG_BUFSIZE You can define this to be the size of the buffer that
452 syslog accepts. If it is not defined, it assumes a
453 1024-byte buffer. If the buffer is very small (under
454 256 bytes) the log message format changes -- each
455 e-mail message will log many more messages, since it
456 will log each piece of information as a separate line
459 On Ultrix (and maybe other systems?) if you use the
460 res_search routine with an unknown host name, it returns
461 -1 but sets h_errno to 0 instead of HOST_NOT_FOUND. If
462 you set this, sendmail considers 0 to be the same as
464 NAMELISTMASK If defined, values returned by nlist(3) are masked
465 against this value before use -- a common value is
466 0x7fffffff to strip off the top bit.
467 BSD4_4_SOCKADDR If defined, socket addresses have an sa_len field that
468 defines the length of this address.
469 SAFENFSPATHCONF Set this to 1 if and only if you have verified that a
470 pathconf(2) call with _PC_CHOWN_RESTRICTED argument on an
471 NFS filesystem where the underlying system allows users to
472 give away files to other users returns <= 0. Be sure you
473 try both on NFS V2 and V3. Some systems assume that their
474 local policy apply to NFS servers -- this is a bad
475 assumption! The test/t_pathconf.c program will try this
476 for you -- you have to run it in a directory that is
477 mounted from a server that allows file giveaway.
478 SIOCGIFCONF_IS_BROKEN
479 Set this if your system has an SIOCGIFCONF ioctl defined,
480 but it doesn't behave the same way as "most" systems (BSD,
481 Solaris, SunOS, HP-UX, etc.)
483 Set this if your system has an SIOCGIFNUM ioctl defined,
484 but it doesn't behave the same way as "most" systems
487 Set this if your system can reuse the same PID in the same
489 SO_REUSEADDR_IS_BROKEN
490 Set this if your system has a setsockopt() SO_REUSEADDR
491 flag but doesn't pay attention to it when trying to bind a
492 socket to a recently closed port.
493 NEEDSGETIPNODE Set this if your system supports IPv6 but doesn't include
494 the getipnodeby{name,addr}() functions. Set automatically
496 PIPELINING Support SMTP PIPELINING (set by default).
498 Deprecated in favor of SM_CONF_LDAP_MEMFREE. See
500 NEEDLINK Set this if your system doesn't have a link() call. It
501 will create a copy of the file instead of a hardlink.
502 USE_ENVIRON Set this to 1 to access process environment variables from
503 the external variable environ instead of the third
505 USE_DOUBLE_FORK By default this is on (1). Set it to 0 to suppress the
506 extra fork() used to avoid intermediate zombies.
507 ALLOW_255 Do not convert (char)0xff to (char)0x7f in headers etc.
508 This can also be done at runtime with the command line
510 NEEDINTERRNO Set this if <errno.h> does not declare errno, i.e., if an
511 application needs to use
513 USE_TTYPATH Set this to 1 to enable ErrorMode=write.
514 USESYSCTL Use sysctl(3) to determine the number of CPUs in a system.
515 HASSNPRINTF Set this to 1 if your OS has a working snprintf(3), i.e.,
516 it properly obeys the size of the buffer and returns the
517 number of characters that would have been printed if the
519 LDAP_REFERRALS Set this if you want to use the -R flag (do not auto chase
520 referrals) for LDAP maps (requires -DLDAPMAP).
521 MILTER_NO_NAGLE Turn off Nagle algorithm for communication with libmilter
522 ("cork" on Linux). On some operating systems this may
523 improve the interprocess communication performance.
526 +-----------------------+
527 | COMPILE-TIME FEATURES |
528 +-----------------------+
530 There are a bunch of features that you can decide to compile in, such
531 as selecting various database packages and special protocol support.
532 Several are assumed based on other compilation flags -- if you want to
533 "un-assume" something, you probably need to edit conf.h. Compilation
534 flags that add support for special features include:
536 CDB Include support for tinycdb.
537 NDBM Include support for "new" DBM library for aliases and maps.
538 Normally defined in the Makefile.
539 NEWDB Include support for Berkeley DB package (hash & btree)
540 for aliases and maps. Normally defined in the Makefile.
541 If the version of NEWDB you have is the old one that does
542 not include the "fd" call (this call was added in version
543 1.5 of the Berkeley DB code), you must upgrade to the
544 current version of Berkeley DB.
545 NIS Define this to get NIS (YP) support for aliases and maps.
546 Normally defined in the Makefile.
547 NISPLUS Define this to get NIS+ support for aliases and maps.
548 Normally defined in the Makefile.
549 HESIOD Define this to get Hesiod support for aliases and maps.
550 Normally defined in the Makefile.
551 NETINFO Define this to get NeXT NetInfo support for aliases and maps.
552 Normally defined in the Makefile.
553 LDAPMAP Define this to get LDAP support for maps.
554 PH_MAP Define this to get PH support for maps.
555 MAP_NSD Define this to get nsd support for maps.
556 USERDB Define this to 1 to include support for the User Information
557 Database. Implied by NEWDB or HESIOD. You can use
558 -DUSERDB=0 to explicitly turn it off.
559 IDENTPROTO Define this as 1 to get IDENT (RFC 1413) protocol support.
560 This is assumed unless you are running on Ultrix or
561 HP-UX, both of which have a problem in the UDP
562 implementation. You can define it to be 0 to explicitly
563 turn off IDENT protocol support. If defined off, the code
564 is actually still compiled in, but it defaults off; you
565 can turn it on by setting the IDENT timeout in the
567 IP_SRCROUTE Define this to 1 to get IP source routing information
568 displayed in the Received: header. This is assumed on
569 most systems, but some (e.g., Ultrix) apparently have a
570 broken version of getsockopt that doesn't properly
571 support the IP_OPTIONS call. You probably want this if
572 your OS can cope with it. Symptoms of failure will be that
573 it won't compile properly (that is, no support for fetching
574 IP_OPTIONs), or it compiles but source-routed TCP connections
575 either refuse to open or open and hang for no apparent reason.
576 Ultrix and AIX3 are known to fail this way.
577 LOG Set this to get syslog(3) support. Defined by default
578 in conf.h. You want this if at all possible.
579 NETINET Set this to get TCP/IP support. Defined by default
580 in conf.h. You probably want this.
581 NETINET6 Set this to get IPv6 support. Other configuration may
582 be needed in conf.h for your particular operating system.
583 Also, DaemonPortOptions must be set appropriately for
584 sendmail to accept IPv6 connections.
585 NETISO Define this to get ISO networking support.
586 NETUNIX Define this to get Unix domain networking support. Defined
587 by default. A few bizarre systems (SCO, ISC, Altos) don't
588 support this networking domain.
589 NETNS Define this to get NS networking support.
590 NETX25 Define this to get X.25 networking support.
591 NAMED_BIND If non-zero, include DNS (name daemon) support, including
592 MX support. The specs say you must use this if you run
593 SMTP. You don't have to be running a name server daemon
594 on your machine to need this -- any use of the DNS resolver,
595 including remote access to another machine, requires this
596 option. Defined by default in conf.h. Define it to zero
597 ONLY on machines that do not use DNS in any way.
598 MATCHGECOS Permit fuzzy matching of user names against the full
599 name (GECOS) field in the /etc/passwd file. This should
600 probably be on, since you can disable it from the config
601 file if you want to. Defined by default in conf.h.
602 MIME8TO7 If non-zero, include 8 to 7 bit MIME conversions. This
603 also controls advertisement of 8BITMIME in the ESMTP
605 MIME7TO8_OLD If 0 then use an algorithm for MIME 7-bit quoted-printable
606 or base64 encoding to 8-bit text that has been introduced
607 in 8.12.3. There are some examples where that code fails,
608 but the old code works. If you have an example of improper
609 7 to 8 bit conversion please send it to sendmail-bugs.
610 MIME7TO8 If non-zero, include 7 to 8 bit MIME conversions.
611 HES_GETMAILHOST Define this to 1 if you are using Hesiod with the
612 hes_getmailhost() routine. This is included with the MIT
613 Hesiod distribution, but not with the DEC Hesiod distribution.
614 XDEBUG Do additional internal checking. These don't cost too
615 much; you might as well leave this on.
616 TCPWRAPPERS Turns on support for the TCP wrappers library (-lwrap).
617 See below for further information.
618 SECUREWARE Enable calls to the SecureWare luid enabling/changing routines.
619 SecureWare is a C2 security package added to several UNIX's
620 (notably ConvexOS) to get a C2 Secure system. This
621 option causes mail delivery to be done with the luid of the
623 SHARE_V1 Support for the fair share scheduler, version 1. Setting to
624 1 causes final delivery to be done using the recipients
625 resource limitations. So far as I know, this is only
626 supported on ConvexOS.
627 SASL Enables SMTP AUTH (RFC 2554). This requires the Cyrus SASL
628 library (https://github.com/cyrusimap/cyrus-sasl). Please
629 install at least version 1.5.13. See below for further
630 information: SASL COMPILATION AND CONFIGURATION. If your
631 SASL library is older than 1.5.10, you have to set this
632 to its version number using a simple conversion: a.b.c
633 -> c + b*100 + a*10000, e.g. for 1.5.9 define SASL=10509.
634 Note: Using an older version than 1.5.5 of Cyrus SASL is
635 not supported. Starting with version 1.5.10, setting SASL=1
636 is sufficient. Any value other than 1 (or 0) will be
637 compared with the actual version found and if there is a
638 mismatch, compilation will fail.
639 EGD Define this if your system has EGD installed, see
640 http://egd.sourceforge.net/ . It should be used to
641 seed the PRNG for STARTTLS if HASURANDOMDEV is not defined.
642 STARTTLS Enables SMTP STARTTLS (RFC 2487). This requires OpenSSL
643 (http://www.OpenSSL.org/); use an OpenSSL version
644 which is supported by sendmail and preferably your
645 OS distribution or OpenSSL.
646 See STARTTLS COMPILATION AND CONFIGURATION for further
648 TLS_EC Enable use of elliptic curve cryptography in STARTTLS.
649 If set to 2 sendmail uses SSL_CTX_set_ecdh_auto(),
650 if set to 1 it selects the NID_X9_62_prime256v1 curve
651 (created via EC_KEY_new_by_curve_name()) and uses
652 SSL_CTX_set_tmp_ecdh().
653 Support offered by different TLS libraries varies
654 greatly: some old versions do not support elliptic curve
655 cryptography at all, some new versions have it enabled
656 by default (i.e., no need to set TLS_EC at all), while
657 others may require one of the above settings.
658 TLS_NO_RSA Turn off support for RSA algorithms in STARTTLS.
659 MILTER Turn on support for external filters using the Milter API;
660 this option is set by default, to turn it off use
661 APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER=0')
662 in devtools/Site/site.config.m4 (see devtools/README).
663 See libmilter/README for more information about milter.
664 REQUIRES_DIR_FSYNC Turn on support for file systems that require to
665 call fsync() for a directory if the meta-data in it has
666 been changed. This should be turned on at least for older
667 versions of ReiserFS; it is enabled by default for Linux.
668 According to some information this flag is not needed
669 anymore for kernel 2.4.16 and newer. We would appreciate
670 feedback about the semantics of the various file systems
672 An alternative to this compile time flag is to mount the
673 queue directory without the -async option, or using
675 DBMMODE The default file permissions to use when creating new
676 database files for maps and aliases. Defaults to 0640.
677 IPV6_FULL Use uncompressed IPv6 addresses (set by default). This
678 permits a zero subnet to have a more specific match,
679 such as different map entries for IPv6:0:0 vs IPv6:0.
681 Generic notice: If you enable a compile time option that needs
682 libraries or include files that don't come with sendmail or are
683 installed in a location that your C compiler doesn't use by default
684 you should set confINCDIRS and confLIBDIRS as explained in the
685 first section: BUILDING SENDMAIL.
688 +---------------------+
689 | DNS/RESOLVER ISSUES |
690 +---------------------+
692 Many systems have old versions of the resolver library. At a minimum,
693 you should be running BIND 4.8.3; older versions may compile, but they
694 have known bugs that should give you pause.
696 Common problems in old versions include "undefined" errors for
699 Some people have had a problem with BIND 4.9; it uses some routines
700 that it expects to be externally defined such as strerror(). It may
701 help to link with "-l44bsd" to solve this problem. This has apparently
702 been fixed in later versions of BIND, starting around 4.9.3. In other
703 words, if you use 4.9.0 through 4.9.2, you need -l44bsd; for earlier or
704 later versions, you do not.
706 !PLEASE! be sure to link with the same version of the resolver as
707 the header files you used -- some people have used the 4.9 headers
708 and linked with BIND 4.8 or vice versa, and it doesn't work.
709 Unfortunately, it doesn't fail in an obvious way -- things just
712 WILDCARD MX RECORDS ARE A BAD IDEA! The only situation in which they
713 work reliably is if you have two versions of DNS, one in the real world
714 which has a wildcard pointing to your firewall, and a completely
715 different version of the database internally that does not include
716 wildcard MX records that match your domain. ANYTHING ELSE WILL GIVE
719 When attempting to canonify a hostname, some broken name servers will
720 return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. If you
721 want to excuse this behavior, include WorkAroundBrokenAAAA in
722 ResolverOptions. However, instead, we recommend catching the problem and
723 reporting it to the name server administrator so we can rid the world of
727 +----------------------------------------+
728 | STARTTLS COMPILATION AND CONFIGURATION |
729 +----------------------------------------+
731 Please read the documentation accompanying the OpenSSL library. You
732 have to compile and install the OpenSSL libraries before you can compile
733 sendmail. See devtools/README how to set the correct compile time
734 parameters; you should at least set the following variables:
736 APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
737 APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
739 If you have installed the OpenSSL libraries and include files in
740 a location that your C compiler doesn't use by default you should
741 set confINCDIRS and confLIBDIRS as explained in the first section:
744 Configuration information can be found in doc/op/op.me (required
745 certificates) and cf/README (how to tell sendmail about certificates).
747 To perform an initial test, connect to your sendmail daemon
748 (telnet localhost 25) and issue a EHLO localhost and see whether
750 is in the response. If it isn't, run the daemon with
752 and try again. Then take a look at the logfile and see whether
753 there are any problems listed about permissions (unsafe files)
754 or the validity of X.509 certificates.
756 From: Garrett Wollman <wollman@lcs.mit.edu>
758 If your certificate authority is hierarchical, and you only include
759 the top-level CA certificate in the CACertFile file, some mail clients
760 may be unable to infer the proper certificate chain when selecting a
761 client certificate. Including the bottom-level CA certificate(s) in
762 the CACertFile file will allow these clients to work properly. This
763 is not necessary if you are not using client certificates for
764 authentication, or if all your clients are running Sendmail or other
765 programs using the OpenSSL library (which get it right automatically).
766 In addition, some mail clients are totally incapable of using
767 certificate authentication -- even some of those which already support
768 SSL/TLS for confidentiality.
770 OpenSSL 3 deprecated a lot of functionality which sendmail uses by
771 default. However, the code can be disabled via compile time options
773 -DNO_DH: related to DH and DSA.
775 +------------------------------------+
776 | SASL COMPILATION AND CONFIGURATION |
777 +------------------------------------+
779 Please read the documentation accompanying the Cyrus SASL library
780 (INSTALL and README, especially about Sendmail.conf). If you use
781 Berkeley DB for Cyrus SASL then you must compile sendmail with the
782 same version of Berkeley DB. See devtools/README for how to set
783 the correct compile time parameters; you should at least set the
786 APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL=2')
787 APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
789 If you have installed the Cyrus SASL library and include files in
790 a location which your C compiler doesn't use by default you should
791 set confINCDIRS and confLIBDIRS as explained in the first section:
794 You have to select and install authentication mechanisms and tell
795 sendmail where to find the sasl library and the include files (see
796 devtools/README for the parameters to set). Set up the required
797 users and passwords as explained in the SASL documentation. See
798 also cf/README for authentication related options (especially
799 "Providing SMTP AUTH Data when sendmail acts as Client"
800 if you want authentication between MTAs).
802 To perform an initial test, connect to your sendmail daemon
803 (telnet localhost 25) and issue a EHLO localhost and see whether
805 is in the response. If it isn't, run the daemon with
807 and try again. Then take a look at the logfile and see whether
808 there are any security related problems listed (unsafe files).
811 +-------------------------------------+
812 | OPERATING SYSTEM AND COMPILE QUIRKS |
813 +-------------------------------------+
816 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
817 too (see include/sm/cdefs.h for more info).
819 *****************************************************************
820 ** IMPORTANT: DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE **
821 ** RUNNING GCC 2.4.x or 2.5.x. THERE IS A BUG IN THE GCC **
822 ** OPTIMIZER THAT CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. **
823 *****************************************************************
825 Jim Wilson of Cygnus believes he has found the problem -- it will
826 probably be fixed in GCC 2.5.6 -- but until this is verified, be
827 very suspicious of gcc -O. This problem is reported to have been
830 A bug in gcc 2.5.5 caused problems compiling sendmail 8.6.5 with
831 optimization on a Sparc. If you are using gcc 2.5.5, youi should
832 upgrade to the latest version of gcc.
834 Apparently GCC 2.7.0 on the Pentium processor has optimization
835 problems. I recommend against using -O on that architecture. This
836 has been seen on FreeBSD 2.0.5 RELEASE.
838 Solaris 2.X users should use version 2.7.2.3 over 2.7.2.
840 We have been told there are problems with gcc 2.8.0. If you are
841 using this version, you should upgrade to 2.8.1 or later.
844 Berkeley DB 4.1.x with x <= 24 does not work with sendmail.
845 You need at least 4.1.25.
847 GDBM GDBM does not work with sendmail because the additional
848 security checks and file locking cause problems. Unfortunately,
849 gdbm does not provide a compile flag in its version of ndbm.h so
850 the code can adapt. Until the GDBM authors can fix these problems,
851 GDBM will not be supported. Please use Berkeley DB instead.
853 Configuration file location
854 Up to 8.6, sendmail tried to find the sendmail.cf file in the same
855 place as the vendors had put it, even when this was obviously
856 stupid. As of 8.7, sendmail ALWAYS looks for /etc/sendmail.cf.
857 Beginning with 8.10, sendmail uses /etc/mail/sendmail.cf.
858 You can get sendmail to use the stupid vendor .cf location by
859 adding -DUSE_VENDOR_CF_PATH during compilation, but this may break
860 support programs and scripts that need to find sendmail.cf. You
861 are STRONGLY urged to use symbolic links if you want to use the
862 vendor location rather than changing the location in the sendmail
865 NETINFO systems use NETINFO to determine the location of
866 sendmail.cf. The full path to sendmail.cf is stored as the value of
867 the "sendmail.cf" property in the "/locations/sendmail"
868 subdirectory of NETINFO. Set the value of this property to
869 "/etc/mail/sendmail.cf" (without the quotes) to use this new
870 default location for Sendmail 8.10.0 and higher.
872 ControlSocket permissions
873 Paraphrased from BIND 8.2.1's README:
875 Solaris and other pre-4.4BSD kernels do not respect ownership or
876 protections on UNIX-domain sockets. The short term fix for this is to
877 override the default path and put such control sockets into root-
878 owned directories which do not permit non-root to r/w/x through them.
879 The long term fix is for all kernels to upgrade to 4.4BSD semantics.
882 The MPE-specific code within sendmail emulates a set-user-id root
883 environment for the sendmail binary. But there is no root uid 0 on
884 MPE, nor is there any support for set-user-id programs. Even when
885 sendmail thinks it is running as uid 0, it will still have the file
886 access rights of the underlying non-zero uid, but because sendmail is
887 an MPE priv-mode program it will still be able to call setuid() to
888 successfully switch to a new uid.
890 MPE setgid() semantics don't quite work the way sendmail expects, so
891 special emulation is done here also.
893 This uid/gid emulation is enabled via the setuid/setgid file mode bits
894 which are not currently used by MPE. Code in libsm/mpeix.c examines
895 these bits and enables emulation if they have been set, i.e.,
896 chmod u+s,g+s /SENDMAIL/CURRENT/SENDMAIL.
898 SunOS 4.x (Solaris 1.x)
899 You may have to use -lresolv on SunOS. However, beware that
900 this links in a new version of gethostbyname that does not
901 understand NIS, so you must have all of your hosts in DNS.
903 Some people have reported problems with the SunOS version of
904 -lresolv and/or in.named, and suggest that you get a newer
905 version. The symptoms are delays when you connect to the
906 SMTP server on a SunOS machine or having your domain added to
907 addresses inappropriately. There is a version of BIND
908 version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9.
910 There is substantial disagreement about whether you can make
911 this work with resolv+, which allows you to specify a search-path
912 of services. Some people report that it works fine, others
913 claim it doesn't work at all (including causing sendmail to
914 drop core when it tries to do multiple resolv+ lookups for a
915 single job). I haven't tried resolv+, as we use DNS exclusively.
917 Should you want to try resolv+, it is on ftp.uu.net in
920 Apparently getservbyname() can fail under moderate to high
921 load under some circumstances. This will exhibit itself as
922 the message ``554 makeconnection: service "smtp" unknown''.
923 The problem has been traced to one or more blank lines in
924 /etc/services on the NIS server machine. Delete these
925 and it should work. This info is thanks to Brian Bartholomew
926 <bb@math.ufl.edu> of I-Kinetics, Inc.
928 NOTE: The SunOS 4.X linker uses library paths specified during
929 compilation using -L for run-time shared library searches.
930 Therefore, it is vital that relative and unsafe directory paths not
931 be used when compiling sendmail.
933 SunOS 4.0.2 (Sun 386i)
934 Date: Fri, 25 Aug 1995 11:13:58 +0200 (MET DST)
937 Sendmail 8.7.Beta.12 compiles and runs nearly out of the box with the
939 * Don't use /usr/5bin in your PATH, but make /usr/5bin/uname
940 available as "uname" command.
941 * Use the defines "-DBSD4_3 -DNAMED_BIND=0" in
942 devtools/OS/SunOS.4.0, which is selected via the "uname" command.
943 I recommend to make available the db-library on the system first
944 (and change the Makefile to use this library).
945 Note that the sendmail.cf and aliases files are found in /etc.
947 SunOS 4.1.3, 4.1.3_U1
948 Sendmail causes crashes on SunOS 4.1.3 and 4.1.3_U1. According
949 to Sun bug number 1077939:
951 If an application does a getsockopt() on a SOCK_STREAM (TCP) socket
952 after the other side of the connection has sent a TCP RESET for
953 the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or
954 ip_ctloutput() routine.
956 For 4.1.3, this is fixed in patch 100584-08, available on the
957 Sunsolve 2.7.1 or later CDs. For 4.1.3_U1, this was fixed in patch
958 101790-01 (SunOS 4.1.3_U1: TCP socket and reset problems), later
959 obsoleted by patch 102010-05.
961 Sun patch 100584-08 is not currently publicly available on their
962 ftp site but a user has reported it can be found at other sites
963 using a web search engine.
965 Solaris 2.x (SunOS 5.x)
966 To compile for Solaris, the Makefile built by Build must
967 include a SOLARIS definition which reflects the Solaris version
968 (i.e. -DSOLARIS=20400 for 2.4 or -DSOLARIS=20501 for 2.5.1).
969 If you are using gcc, make sure -I/usr/include is not used (or
970 it might complain about TopFrame). If you are using Sun's cc,
971 make sure /opt/SUNWspro/bin/cc is used instead of /usr/ucb/cc
972 (or it might complain about tm_zone).
974 The Solaris 2.x (x <= 3) "syslog" function is apparently limited
975 to something about 90 characters because of a kernel limitation.
976 If you have source code, you can probably up this number. You
977 can get patches that fix this problem: the patch ids are:
983 Be sure you have the appropriate patch installed or you won't
986 Solaris 2.4 (SunOS 5.4)
987 If you include /usr/lib at the end of your LD_LIBRARY_PATH you run
988 the risk of getting the wrong libraries under some circumstances.
989 This is because of a new feature in Solaris 2.4, described by
990 Rod.Evans@Eng.Sun.COM:
992 >> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the
993 >> runtime linker if the application was setxid (secure), thus your
994 >> applications search path would be:
996 >> /usr/local/lib LD_LIBRARY_PATH component - IGNORED
997 >> /usr/lib LD_LIBRARY_PATH component - IGNORED
998 >> /usr/local/lib RPATH - honored
999 >> /usr/lib RPATH - honored
1001 >> the effect is that path 3 would be the first used, and this would
1002 >> satisfy your resolv.so lookup.
1004 >> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible.
1005 >> People who developed setxid applications wanted to be able to alter
1006 >> the library search path to some degree to allow for their own
1007 >> testing and debugging mechanisms. It was decided that the only
1008 >> secure way to do this was to allow a `trusted' path to be used in
1009 >> LD_LIBRARY_PATH. The only trusted directory we presently define
1010 >> is /usr/lib. Thus a set-user-ID root developer could play with some
1011 >> alternative shared object implementations and place them in
1012 >> /usr/lib (being root we assume they'ed have access to write in this
1013 >> directory). This change was made as part of 1155380 - after a
1014 >> *huge* amount of discussion regarding the security aspect of things.
1016 >> So, in SunOS 5.4 your applications search path would be:
1018 >> /usr/local/lib from LD_LIBRARY_PATH - IGNORED (untrustworthy)
1019 >> /usr/lib from LD_LIBRARY_PATH - honored (trustworthy)
1020 >> /usr/local/lib from RPATH - honored
1021 >> /usr/lib from RPATH - honored
1023 >> here, path 2 would be the first used.
1025 Solaris 2.5.1 (SunOS 5.5.1) and 2.6 (SunOS 5.6)
1026 Apparently Solaris 2.5.1 patch 103663-01 installs a new
1027 /usr/include/resolv.h file that defines the __P macro without
1028 checking to see if it is already defined. This new resolv.h is also
1029 included in the Solaris 2.6 distribution. This causes compile
1032 In file included from daemon.c:51:
1033 /usr/include/resolv.h:208: warning: `__P' redefined
1034 cdefs.h:58: warning: this is the location of the previous definition
1036 These warnings can be safely ignored or you can create a resolv.h
1037 file in the obj.SunOS.5.5.1.* or obj.SunOS.5.6.* directory that reads:
1040 #include "/usr/include/resolv.h"
1042 This problem was fixed in Solaris 7 (Sun bug ID 4081053).
1044 Solaris 7 (SunOS 5.7)
1045 Solaris 7 includes LDAP libraries but the implementation was
1046 lacking a few things. The following settings can be placed in
1047 devtools/Site/site.SunOS.5.7.m4 if you plan on using those
1050 APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1051 APPENDDEF(`confENVDEF', `-DLDAP_VERSION_MAX=3')
1052 APPENDDEF(`confLIBS', `-lldap')
1054 Also, Sun's patch 107555 is needed to prevent a crash in the call
1055 to ldap_set_option for LDAP_OPT_REFERRALS in ldapmap_setopts if
1056 LDAP support is compiled in sendmail.
1058 Solaris 8 and later (SunOS 5.8 and later)
1059 Solaris 8 and later can optionally install LDAP support. If you
1060 have installed the Entire Distribution meta-cluster, you can use
1061 the following in devtools/Site/site.SunOS.5.8.m4 (or other
1062 appropriately versioned file) to enable LDAP:
1064 APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1065 APPENDDEF(`confLIBS', `-lldap')
1067 Solaris 9 and later (SunOS 5.9 and later)
1068 Solaris 9 and later have a revised LDAP library, libldap.so.5,
1069 which is derived from a Netscape implementation, thus requiring
1070 that SM_CONF_LDAP_MEMFREE be defined in conjunction with LDAPMAP:
1072 APPENDDEF(`confMAPDEF', `-DLDAPMAP')
1073 APPENDDEF(`confENVDEF', `-DSM_CONF_LDAP_MEMFREE')
1074 APPENDDEF(`confLIBS', `-lldap')
1077 If you are using dns for hostname resolution on Solaris, make sure
1078 that the 'dns' entry is last on the hosts line in
1079 '/etc/nsswitch.conf'. For example, use:
1081 hosts: nisplus files dns
1085 hosts: nisplus dns [NOTFOUND=return] files
1087 Note that 'nisplus' above is an illustration. The same comment
1088 applies no matter what naming services you are using. If you have
1089 anything other than dns last, even after "[NOTFOUND=return]",
1090 sendmail may not be able to determine whether an error was
1091 temporary or permanent. The error returned by the solaris
1092 gethostbyname() is the error for the last lookup used, and other
1093 naming services do not have the same concept of temporary failure.
1096 By default, the IDENT protocol is turned off on Ultrix. If you
1097 are running Ultrix 4.4 or later, or if you have included patch
1098 CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
1099 IDENT on in the configuration file by setting the "ident" timeout.
1101 The Ultrix 4.5 Y2K patch (ULTV45-022-1) has changed the resolver
1102 included in libc.a. Unfortunately, the __RES symbol hasn't changed
1103 and therefore, sendmail can no longer automatically detect the
1104 newer version. If you get a compiler error:
1106 /lib/libc.a(gethostent.o): local_hostname_length: multiply defined
1108 Then rebuild with this in devtools/Site/site.ULTRIX.m4:
1110 APPENDDEF(`conf_sendmail_ENVDEF', `-DNEEDLOCAL_HOSTNAME_LENGTH=0')
1112 Digital UNIX (formerly DEC OSF/1)
1113 If you are compiling on OSF/1 (DEC Alpha), you must use
1114 -L/usr/shlib (otherwise it core dumps on startup). You may also
1115 need -mld to get the nlist() function, although some versions
1116 apparently don't need this.
1118 Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
1119 it, just create the link to the sendmail binary.
1121 On DEC OSF/1 3.2 or earlier, the MatchGECOS option doesn't work
1122 properly due to a bug in the getpw* routines. If you want to use
1123 this, use -DDEC_OSF_BROKEN_GETPWENT=1. The problem is fixed in 3.2C.
1125 Digital's mail delivery agent, /bin/mail (aka /bin/binmail), will
1126 only preserve the envelope sender in the "From " header if
1127 DefaultUserID is set to daemon. Setting this to mailnull will
1128 cause all mail to have the header "From mailnull ...". To use
1129 a different DefaultUserID, you will need to use a different mail
1130 delivery agent (such as mail.local found in the sendmail
1133 On Digital UNIX 4.0 and later, Berkeley DB 1.85 is included with the
1134 operating system and already has the ndbm.o module removed. However,
1135 Digital has modified the original Berkeley DB db.h include file.
1136 This results in the following warning while compiling map.c and udb.c:
1138 cc: Warning: /usr/include/db.h, line 74: The redefinition of the macro
1139 "__signed" conflicts with a current definition because the replacement
1140 lists differ. The redefinition is now in effect.
1141 #define __signed signed
1142 ------------------------^
1144 This warning can be ignored.
1146 Digital UNIX's linker checks /usr/ccs/lib/ before /usr/lib/.
1147 If you have installed a new version of BIND in /usr/include
1148 and /usr/lib, you will experience difficulties as Digital ships
1149 libresolv.a in /usr/ccs/lib/ as well. Be sure to replace both
1150 copies of libresolv.a.
1153 The header files on SGI IRIX are completely prototyped, and as
1154 a result you can sometimes get some warning messages during
1155 compilation. These can be ignored. There are two errors in
1156 deliver only if you are using gcc, both of the form ``warning:
1157 passing arg N of `execve' from incompatible pointer type''.
1158 Also, if you compile with -DNIS, you will get a complaint
1159 about a declaration of struct dom_binding in a prototype
1160 when compiling map.c; this is not important because the
1161 function being prototyped is not used in that file.
1163 In order to compile sendmail you will have had to install
1164 the developers' option in order to get the necessary include
1167 If you compile with -lmalloc (the fast memory allocator), you may
1168 get warning messages such as the following:
1170 ld32: WARNING 85: definition of _calloc in /usr/lib32/libmalloc.so
1171 preempts that definition in /usr/lib32/mips3/libc.so.
1172 ld32: WARNING 85: definition of _malloc in /usr/lib32/libmalloc.so
1173 preempts that definition in /usr/lib32/mips3/libc.so.
1174 ld32: WARNING 85: definition of _realloc in /usr/lib32/libmalloc.so
1175 preempts that definition in /usr/lib32/mips3/libc.so.
1176 ld32: WARNING 85: definition of _free in /usr/lib32/libmalloc.so
1177 preempts that definition in /usr/lib32/mips3/libc.so.
1178 ld32: WARNING 85: definition of _cfree in /usr/lib32/libmalloc.so
1179 preempts that definition in /usr/lib32/mips3/libc.so.
1181 These are unavoidable and innocuous -- just ignore them.
1184 If you are using XFS filesystem, avoid using the -32 ABI switch to
1185 the cc compiler if possible.
1187 Broken inet_aton and inet_ntoa on IRIX using gcc: There's
1188 a problem with gcc on IRIX, i.e., gcc can't pass structs
1189 less than 16 bits long unless they are 8 bits; IRIX 6.2 has
1190 some other sized structs. See
1191 http://www.bitmechanic.com/mail-archives/mysql/current/0418.html
1192 This problem seems to be fixed by gcc v2.95.2, gcc v2.8.1
1193 is reported as broken. Check your gcc version for this bug
1194 before installing sendmail.
1197 The IRIX 6.5.4 version of /bin/m4 does not work properly with
1198 sendmail. Either install fw_m4.sw.m4 off the Freeware_May99 CD and
1199 use /usr/freeware/bin/m4 or install and use GNU m4.
1202 NEXTSTEP 3.3 and earlier ship with the old DBM library. Also,
1203 Berkeley DB does not currently run on NEXTSTEP.
1205 If you are compiling on NEXTSTEP, you will have to create an
1206 empty file "unistd.h" and create a file "dirent.h" containing:
1208 #include <sys/dir.h>
1209 #define dirent direct
1211 (devtools/OS/NeXT should try to do both of these for you.)
1213 Apparently, there is a bug in getservbyname on Nextstep 3.0
1214 that causes it to fail under some circumstances with the
1215 message "SYSERR: service "smtp" unknown" logged. You should
1216 be able to work around this by including the line:
1222 BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
1223 The "m4" from BSDI won't handle the config files properly.
1224 I haven't had a chance to test this myself.
1226 The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config
1227 files properly. One must use either GNU m4 1.1 or the PD-M4
1228 recently posted in comp.os.386bsd.bugs (and maybe others).
1229 NetBSD-current includes the PD-M4 (as stated in the NetBSD file
1232 FreeBSD 1.0 RELEASE has uname(2) now. Use -DUSEUNAME in order to
1233 use it (look into devtools/OS/FreeBSD). NetBSD-current may have
1234 it too but it has not been verified.
1236 The latest version of Berkeley DB uses a different naming
1237 scheme than the version that is supplied with your release. This
1238 means you will be able to use the current version of Berkeley DB
1239 with sendmail as long you use the new db.h when compiling
1240 sendmail and link it against the new libdb.a or libdb.so. You
1241 should probably keep the original db.h in /usr/include and the
1242 new db.h in /usr/local/include.
1245 If you are running a "virgin" version of 4.3BSD, you'll have
1246 a very old resolver and be missing some header files. The
1247 header files are simple -- create empty versions and everything
1248 will work fine. For the resolver you should really port a new
1249 version (4.8.3 or later) of the resolver; 4.9 is available on
1250 gatekeeper.DEC.COM in pub/BSD/bind/4.9. If you are really
1251 determined to continue to use your old, buggy version (or as
1252 a shortcut to get sendmail working -- I'm sure you have the
1253 best intentions to port a modern version of BIND), you can
1254 copy ../contrib/oldbind.compat.c into sendmail and add the
1255 following to devtools/Site/site.config.m4:
1257 APPENDDEF(`confOBJADD', `oldbind.compat.o')
1259 OpenBSD (up to 2.9 Release), NetBSD, FreeBSD (up to 4.3-RELEASE)
1260 m4 from *BSD won't handle libsm/Makefile.m4 properly, since the
1261 maximum length for strings is too short. You need to use GNU m4
1262 or patch m4, see for example:
1263 http://FreeBSD.org/cgi/cvsweb.cgi/src/usr.bin/m4/eval.c.diff?r1=1.11&r2=1.12
1266 Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT)
1267 From: "Eric C. Hagberg" <hagberg@med.cornell.edu>
1268 Subject: Fix for A/UX ndbm
1270 I guess this isn't really a sendmail bug, however, it is something
1271 that A/UX users should be aware of when compiling sendmail 8.6.
1273 Apparently, the calls that sendmail is using to the ndbm routines
1274 in A/UX 3.0.x contain calls to "broken" routines, in that the
1275 aliases database will break when it gets "just a little big"
1276 (sorry I don't have exact numbers here, but it broke somewhere
1277 around 20-25 aliases for me.), making all aliases non-functional
1278 after exceeding this point.
1280 What I did was to get the gnu-dbm-1.6 package, compile it, and
1281 then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
1282 ndbm.h header file that comes with the gnu-package. This makes
1283 things behave properly.
1284 [NOTE: see comment above about GDBM]
1286 I suppose porting the New Berkeley DB package is another route,
1287 however, I made a quick attempt at it, and found it difficult
1288 (not easy at least); the gnu-dbm package "configured" and
1291 [NOTE: Berkeley DB version 2.X runs on A/UX and can be used for
1295 From: Thomas Essebier <tom@stallion.oz.au>
1296 Organisation: Stallion Technologies Pty Ltd.
1298 It will probably help those who are trying to configure sendmail 8.6.9
1299 to know that if they are on SCO, they had better set
1301 or they will core dump as soon as they try to use the resolver.
1302 i.e., although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3,
1303 it does not inititialise it, nor does it understand 'search' in
1307 According to SCO, the m4 which ships with UnixWare 2.1.2 is broken.
1308 We recommend installing GNU m4 before attempting to build sendmail.
1310 On some versions a bogus error value is listed if connections
1311 time out (large negative number). To avoid this explicitly set
1312 Timeout.connect to a reasonable value (several minutes).
1315 Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run
1316 V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage.
1317 Originally, the DG /bin/mail program wasn't compatible with
1318 the V8 sendmail, since the DG /bin/mail requires the environment
1319 variable "_FORCE_MAIL_LOCAL_=yes" be set. Version 8.7 now includes
1320 this in the environment before invoking the local mailer. Some
1321 have used procmail to avoid this problem in the past. It works
1322 but some have experienced file locking problems with their DG/UX
1326 If you are compiling on Apollo, you will have to create an empty
1327 file "unistd.h" (for DomainOS 10.3 and earlier) and create a file
1328 "dirent.h" containing:
1330 #include <sys/dir.h>
1331 #define dirent direct
1333 (devtools/OS/DomainOS will attempt to do both of these for you.)
1336 Date: Mon, 24 Jan 1994 13:25:45 +0200
1337 From: Kimmo Suominen <Kimmo.Suominen@lut.fi>
1338 Subject: 8.6.5 w/ HP-UX 8.00 on s300
1340 Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (i.e.,
1341 a series 300 machine) running HP-UX 8.00.
1343 I was getting segmentation fault when delivering to a local user.
1344 With debugging I saw it was faulting when doing _free@libc... *sigh*
1345 It seems the new implementation of malloc on s300 is buggy as of 8.0,
1346 so I tried out the one in -lmalloc (malloc(3X)). With that it seems
1349 When linking, you will get the following error:
1351 ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a
1353 but you can just ignore it. You might want to add this info to the
1354 README file for the future...
1357 Something broke between versions 0.99.13 and 0.99.14 of Linux: the
1358 flock() system call gives errors. If you are running .14, you must
1359 not use flock. You can do this with -DHASFLOCK=0. We have also
1360 been getting complaints since version 2.4.X was released.
1361 sendmail 8.13 has changed the default locking method to fcntl()
1362 for Linux kernel version 2.4 and later. Be sure to update other
1363 sendmail related programs to match locking techniques (some
1364 examples, besides makemap and mail.local, include procmail, mailx,
1367 Around the inclusion of bind-4.9.3 & Linux libc-4.6.20, the
1368 initialization of the _res structure changed. If /etc/hosts.conf
1369 was configured as "hosts, bind" the resolver code could return
1370 "Name server failure" errors. This is supposedly fixed in
1371 later versions of libc (>= 4.6.29?), and later versions of
1372 sendmail (> 8.6.10) try to work around the problem.
1374 Some older versions (< 4.6.20?) of the libc/include files conflict
1375 with sendmail's version of cdefs.h. Deleting sendmail's version
1376 on those systems should be non-harmful, and new versions don't care.
1378 NOTE ON LINUX & BIND: By default, the Makefile generated for Linux
1379 includes header files in /usr/local/include and libraries in
1380 /usr/local/lib. If you've installed BIND on your system, the header
1381 files typically end up in the search path and you need to add
1382 "-lresolv" to the LIBS line in your Makefile. Really old versions
1383 may need to include "-l44bsd" as well (particularly if the link phase
1384 complains about missing strcasecmp, strncasecmp or strpbrk).
1385 Complaints about an undefined reference to `__dn_skipname' in
1386 domain.o are a sure sign that you need to add -lresolv to LIBS.
1387 Newer versions of Linux are basically threaded BIND, so you may or
1388 may not see complaints if you accidentally mix BIND
1389 headers/libraries with virginal libc. If you have BIND headers in
1390 /usr/local/include (resolv.h, etc) you *should* be adding -lresolv
1391 to LIBS. Data structures may change and you'd be asking for a
1394 A number of problems have been reported regarding the Linux 2.2.0
1395 kernel. So far, these problems have been tracked down to syslog()
1396 and DNS resolution. We believe the problem is with the poll()
1397 implementation in the Linux 2.2.0 kernel and poll()-aware versions
1398 of glib (at least up to 2.0.111).
1401 glibc 2.2.1 (and possibly other versions) changed the value of
1402 __RES in resolv.h but failed to actually provide the IPv6 API
1403 changes that the change implied. Therefore, compiling with
1407 1) Compile without -DNETINET6
1408 2) Build against a real BIND 8.2.2 include/lib tree
1409 3) Wait for glibc to fix it
1412 The AIX 4.X linker uses library paths specified during compilation
1413 using -L for run-time shared library searches. Therefore, it is
1414 vital that relative and unsafe directory paths not be using when
1415 compiling sendmail. Because of this danger, by default, compiles
1416 on AIX use the -blibpath option to limit shared libraries to
1417 /usr/lib and /lib. If you need to allow more directories, such as
1418 /usr/local/lib, modify your devtools/Site/site.AIX.4.2.m4,
1419 site.AIX.4.3.m4, and/or site.AIX.4.x.m4 file(s) and set confLDOPTS
1420 appropriately. For example:
1422 define(`confLDOPTS', `-blibpath:/usr/lib:/lib:/usr/local/lib')
1424 Be sure to only add (safe) system directories.
1426 The AIX version of GNU ld also exhibits this problem. If you are
1427 using that version, instead of -blibpath, use its -rpath option.
1430 gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
1432 AIX 4.X If the test program t-event (and most others) in libsm fails,
1433 check your compiler settings. It seems that the flags -qnoro or
1434 -qnoroconst on some AIX versions trigger a compiler bug. Check
1435 your compiler settings or use cc instead of xlc.
1437 AIX 4.0-4.2, maybe some AIX 4.3 versions
1438 The AIX m4 implements a different mechanism for ifdef which is
1439 inconsistent with other versions of m4. Therefore, it will not
1440 work properly with the sendmail Build architecture or m4
1441 configuration method. To work around this problem, please use
1442 GNU m4 from ftp://ftp.gnu.org/pub/gnu/.
1443 The problem seems to be solved in AIX 4.3.3 at least.
1446 From: Valdis.Kletnieks@vt.edu
1447 Date: Sun, 02 Jul 2000 03:58:02 -0400
1449 Under AIX 4.3.3, after applying bos.adt.include 4.3.3.12 to close the
1450 BIND 8.2.2 security holes, you can no longer build with -DNETINET6
1451 because they changed the value of __RES in resolv.h but failed to
1452 actually provide the API changes that the change implied.
1455 1) Compile without -DNETINET6
1456 2) Build against a real BIND 8.2.2 include/lib tree
1457 3) Wait for IBM to fix it
1460 This version of sendmail does not support MB, MG, and MR resource
1461 records, which are supported by AIX sendmail.
1463 Several people have reported that the IBM-supplied named returns
1464 fairly random results -- the named should be replaced. It is not
1465 necessary to replace the resolver, which will simplify installation.
1466 A new BIND resolver can be found at http://www.isc.org/isc/.
1469 The supplied load average code only works correctly for AIX 3.2.x.
1470 For 3.1, use -DLA_TYPE=LA_SUBR and get the latest ``monitor''
1471 package by Jussi Maki <jmaki@hut.fi> from ftp.funet.fi in the
1472 directory pub/unix/AIX/rs6000/monitor-1.12.tar.Z; use the loadavgd
1473 daemon, and the getloadavg subroutine supplied with that package.
1474 If you don't care about load average throttling, just turn off
1475 load average checking using -DLA_TYPE=LA_ZERO.
1478 RISC/os from MIPS is a merged AT&T/Berkeley system. When you
1479 compile on that platform you will get duplicate definitions
1480 on many files. You can ignore these.
1482 System V Release 4 Based Systems
1483 There is a single devtools OS that is intended for all SVR4-based
1484 systems (built from devtools/OS/SVR4). It defines __svr4__,
1485 which is predefined by some compilers. If your compiler already
1486 defines this compile variable, you can delete the definition from
1487 the generated Makefile or create a devtools/Site/site.config.m4
1490 It's been tested on Dell Issue 2.2.
1493 Date: Mon, 06 Dec 1993 10:42:29 EST
1494 From: "Kimmo Suominen" <kim@grendel.lut.fi>
1495 Message-ID: <2d0352f9.lento29@lento29.UUCP>
1496 To: eric@cs.berkeley.edu
1497 Cc: sendmail@cs.berkeley.edu
1498 Subject: Notes for DELL SVR4
1502 Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4. I ran
1503 across these things when helping out some people who contacted me by
1506 1) Use gcc 2.4.5 (or later?). Dell distributes gcc 2.1 with their
1507 Issue 2.2 Unix. It is too old, and gives you problems with
1508 clock.c, because sigset_t won't get defined in <sys/signal.h>.
1509 This is due to a problematic protection rule in there, and is
1510 fixed with gcc 2.4.5.
1512 2) If you don't use the new Berkeley DB (-DNEWDB), then you need
1513 to add "-lc -lucb" to the libraries to link with. This is because
1514 the -ldbm distributed by Dell needs the bcopy, bcmp and bzero
1515 functions. It is important that you specify both libraries in
1516 the given order to be sure you only get the BSTRING functions
1517 from the UCB library (and not the signal routines etc.).
1519 3) Don't leave out "-lelf" even if compiling with "-lc -lucb".
1520 The UCB library also has another copy of the nlist routines,
1521 but we do want the ones from "-lelf".
1523 If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they
1524 can use anonymous ftp to fetch them from lut.fi in the /kim directory.
1525 They are copies of what I use on grendel.lut.fi, and offering them
1526 does not imply that I would also support them. I have sent the DB
1527 port for SVR4 back to Keith Bostic for inclusion in the official
1528 distribution, but I haven't heard anything from him as of today.
1530 - gcc-2.4.5-svr4.tar.gz (gcc 2.4.5 and the corresponding libg++)
1531 - db-1.72.tar.gz (with source, objects and a installed copy)
1536 * Kimmo.Suominen@lut.fi * SysVr4 enthusiast at GRENDEL.LUT.FI *
1537 * KIM@FINFILES.BITNET * Postmaster and Hostmaster at LUT.FI *
1538 * + 358 200 865 718 * Unix area moderator at NIC.FUNET.FI *
1540 ConvexOS 10.1 and below
1541 In order to use the name server, you must create the file
1542 /etc/use_nameserver. If this file does not exist, the call
1543 to res_init() will fail and you will have absolutely no
1544 access to DNS, including MX records.
1547 In order to get UTS to work, you will have to port BIND 4.9.
1548 The vendor's BIND is reported to be ``totally inadequate.''
1549 See sendmail/contrib/AmdahlUTS.patch for the patches necessary
1550 to get BIND 4.9 compiled for UTS.
1553 According to Alexander Kolbasov <sasha@unitech.gamma.ru>,
1554 the m4 on UnixWare 2.0 (still in Beta) will core dump on the
1555 config files. GNU m4 and the m4 from UnixWare 1.x both work.
1557 According to Larry Rosenman <ler@lerami.lerctr.org>:
1559 UnixWare 2.1.[23]'s m4 chokes (not obviously) when
1560 processing the 8.9.0 cf files.
1562 I had a LOCAL_RULE_0 that wound up AFTER the
1563 SBasic_check_rcpt rules using the SCO supplied M4.
1567 Some people have reported that the -O flag on UNICOS can cause
1568 problems. You may want to turn this off if you have problems
1569 running sendmail. Reported by Jerry G. DeLapp <jgd@acl.lanl.gov>.
1571 Darwin/Mac OS X (10.X.X)
1572 The linker errors produced regarding getopt() and its associated
1573 variables can safely be ignored.
1575 From Mike Zimmerman <zimmy@torrentnet.com>:
1577 From scratch here is what Darwin users need to do to the standard
1578 10.0.0, 10.0.1 install to get sendmail working.
1579 1. chmod g-w / /private /private/etc
1580 2. Properly set HOSTNAME in /etc/hostconfig to your FQDN:
1581 HOSTNAME=-my.domain.com-
1582 3. Edit /etc/rc.boot:
1583 hostname my.domain.com
1584 domainname domain.com
1585 4. Edit /System/Library/StartupItems/Sendmail/Sendmail:
1586 Remove the "&" after the sendmail command:
1587 /usr/sbin/sendmail -bd -q1h
1589 From Carsten Klapp <carsten.klapp@home.com>:
1591 The easiest workaround is to remove the group-writable permission
1592 for the root directory and the symbolic /etc inherits this
1593 change. While this does fix sendmail, the unfortunate side-effect
1594 is the OS X admin will no longer be able to manipulate icons in the
1595 top level of the Startup disk unless logged into the GUI as the
1598 In applying the alternate workaround, care must be taken while
1599 swapping the symlink /etc with the directory /private/etc. In all
1600 likelihood any admin who is concerned with this sendmail error has
1601 enough experience to not accidentally harm anything in the process.
1603 a. Swap the /etc symlink with /private/etc (as superuser):
1605 mv /private/etc /etc
1606 ln -s /etc /private/etc
1608 b. Set / to group unwritable (as superuser):
1611 Darwin/Mac OS X (10.1.5)
1612 Apple's upgrade to sendmail 8.12 is incorrectly configured. You
1613 will need to manually fix it up by doing the following:
1615 1. chown smmsp:smmsp /var/spool/clientmqueue
1616 2. chmod 2770 /var/spool/clientmqueue
1617 3. chgrp smmsp /usr/sbin/sendmail
1618 4. chmod g+s /usr/sbin/sendmail
1620 From Daniel J. Luke <dluke@geeklair.net>:
1622 It appears that setting the sendmail.cf property in
1623 /locations/sendmail in NetInfo on Mac OS X 10.1.5 with sendmail
1624 8.12.4 causes 'bad things' to happen.
1626 Specifically sendmail instances that should be getting their config
1627 from /etc/mail/submit.cf don't (so mail/mutt/perl scripts which
1628 open pipes to sendmail stop working as sendmail tries to write to
1629 /var/spool/mqueue and cannot as sendmail is no longer suid root).
1631 Removing the entry from NetInfo fixes this problem.
1634 I'm told that GNU getopt has a problem in that it gets confused
1635 by the double call. Use the version in conf.c instead.
1637 BIND 4.9.2 and Ultrix
1638 If you are running on Ultrix, be sure you read conf/Info.Ultrix
1639 in the BIND distribution very carefully -- there is information
1640 in there that you need to know in order to avoid errors of the
1643 /lib/libc.a(gethostent.o): sethostent: multiply defined
1644 /lib/libc.a(gethostent.o): endhostent: multiply defined
1645 /lib/libc.a(gethostent.o): gethostbyname: multiply defined
1646 /lib/libc.a(gethostent.o): gethostbyaddr: multiply defined
1648 during the link stage.
1651 BIND 8.X returns HOST_NOT_FOUND instead of TRY_AGAIN on temporary
1652 DNS failures when trying to find the hostname associated with an IP
1653 address (gethostbyaddr()). This can cause problems as
1654 $&{client_name} based lookups in class R ($=R) and the access
1655 database won't succeed.
1657 This will be fixed in BIND 8.2.1. For earlier versions, this can
1658 be fixed by making "dns" the last name service queried for host
1659 resolution in /etc/irs.conf:
1661 hosts local continue
1665 Some compilers (notably gcc) claim to be ANSI C but do not
1666 include the ANSI-required routine "strtoul". If your compiler
1667 has this problem, you will get an error in srvrsmtp.c on the
1670 # ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
1671 e->e_msgsize = strtoul(vp, (char **) NULL, 10);
1673 e->e_msgsize = strtol(vp, (char **) NULL, 10);
1676 You can use -DBROKEN_ANSI_LIBRARY to get around this problem.
1679 Date: 23 Sep 1995 23:56:07 GMT
1680 Message-ID: <95925101334.~INN-AUMa00187.comp-news@dl.ac.uk>
1681 From: alansz@mellers1.psych.berkeley.edu (Alan Schwartz)
1682 Subject: Listproc 6.0c + Sendmail 8.7 [Helpful hint]
1684 Just upgraded to sendmail 8.7, and discovered that listproc 6.0c
1685 breaks, because it, by default, sends a blank "HELO" rather than
1686 a "HELO hostname" when using the 'system' or 'telnet' mail method.
1688 The fix is to include -DZMAILER in the compilation, which will
1689 cause it to use "HELO hostname" (which Z-mail apparently requires
1693 PH support is provided by Mark Roth <roth@uiuc.edu>.
1695 NOTE: The "spacedname" pseudo-field which was used by earlier
1696 versions of the PH map code is no longer supported! See the URL
1697 listed above for more information.
1699 Please contact Mark Roth for support and questions regarding the
1703 If you are using -DTCPWRAPPERS to get TCP Wrappers support you will
1704 also need to install libwrap.a and modify your site.config.m4 file
1705 or the generated Makefile to include -lwrap in the LIBS line
1706 (make sure that INCDIRS and LIBDIRS point to where the tcpd.h and
1707 libwrap.a can be found).
1709 TCP Wrappers is available at ftp://ftp.porcupine.org/pub/security/.
1711 If you have alternate MX sites for your site, be sure that all of
1712 your MX sites reject the same set of hosts. If not, a bad guy whom
1713 you reject will connect to your site, fail, and move on to the next
1714 MX site, which will accept the mail for you and forward it on to you.
1716 Regular Expressions (MAP_REGEX)
1717 If sendmail linking fails with:
1719 undefined reference to 'regcomp'
1721 or sendmail gives an error about a regular expression with:
1723 pattern-compile-error: : Operation not applicable
1725 Your libc does not include a running version of POSIX-regex. Use
1726 librx or regex.o from the GNU Free Software Foundation,
1727 ftp://ftp.gnu.org/pub/gnu/rx-?.?.tar.gz or
1728 ftp://ftp.gnu.org/pub/gnu/regex-?.?.tar.gz.
1729 You can also use the regex-lib by Henry Spencer,
1730 ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz
1731 Make sure, your compiler reads regex.h from the distribution,
1732 not from /usr/include, otherwise sendmail will dump a core.
1734 Fedora Core 5, 64 bit version
1735 If the ld stage fails with undefined functions like
1736 __res_querydomain, __dn_expand
1737 then add these lines to devtools/Site/site.config.m4
1739 APPENDDEF(`confLIBDIRS', `-L/usr/lib64')
1740 APPENDDEF(`confINCDIRS', `-I/usr/include/bind9')
1742 and rebuild (sh ./Build -c).
1744 Problem noted by Daniel Krones, solution suggested by
1752 The manual pages have been written against the -man macros, and
1753 should format correctly with any reasonable *roff.
1760 As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log
1761 some debugging output (logged at LOG_DEBUG severity). The
1762 information dumped is:
1764 * The value of the $j macro.
1765 * A warning if $j is not in the set $=w.
1766 * A list of the open file descriptors.
1767 * The contents of the connection cache.
1768 * If ruleset 89 is defined, it is evaluated and the results printed.
1770 This allows you to get information regarding the runtime state of the
1771 daemon on the fly. This should not be done too frequently, since
1772 the process of rewriting may lose memory which will not be recovered.
1773 Also, ruleset 89 may call non-reentrant routines, so there is a small
1774 non-zero probability that this will cause other problems. It is
1775 really only for debugging serious problems.
1777 A typical formulation of ruleset 89 would be:
1779 R$* $@ $>0 some test address
1782 +-----------------------------+
1783 | DESCRIPTION OF SOURCE FILES |
1784 +-----------------------------+
1786 The following list describes the files in this directory:
1788 Build Shell script for building sendmail.
1789 Makefile A convenience for calling ./Build.
1790 Makefile.m4 A template for constructing a makefile based on the
1791 information in the devtools directory.
1793 TRACEFLAGS My own personal list of the trace flags -- not guaranteed
1794 to be particularly up to date.
1795 alias.c Does name aliasing in all forms.
1796 aliases.5 Man page describing the format of the aliases file.
1797 arpadate.c A subroutine which creates ARPANET standard dates.
1798 bf.c Routines to implement memory-buffered file system using
1799 hooks provided by libsm now (formerly Torek stdio library).
1800 bf.h Buffered file I/O function declarations and
1801 data structure and function declarations for bf.c.
1802 collect.c The routine that actually reads the mail into a temp
1803 file. It also does a certain amount of parsing of
1805 conf.c The configuration file. This contains information
1806 that is presumed to be quite static and non-
1807 controversial, or code compiled in for efficiency
1808 reasons. Most of the configuration is in sendmail.cf.
1809 conf.h Configuration that must be known everywhere.
1810 control.c Routines to implement control socket.
1811 convtime.c A routine to sanely process times.
1812 daemon.c Routines to implement daemon mode.
1813 daemon.h Header file for daemon.c.
1814 deliver.c Routines to deliver mail.
1815 domain.c Routines that interface with DNS (the Domain Name
1817 envelope.c Routines to manipulate the envelope structure.
1818 err.c Routines to print error messages.
1819 headers.c Routines to process message headers.
1820 helpfile An example helpfile for the SMTP HELP command and -bt mode.
1821 macro.c The macro expander. This is used internally to
1822 insert information from the configuration file.
1823 mailq.1 Man page for the mailq command.
1824 main.c The main routine to sendmail. This file also
1825 contains some miscellaneous routines.
1826 makesendmail A convenience for calling ./Build.
1827 map.c Support for database maps.
1828 map.h Header file for map.c.
1829 mci.c Routines that handle mail connection information caching.
1830 milter.c MTA portions of the mail filter API.
1831 mime.c MIME conversion routines.
1832 newaliases.1 Man page for the newaliases command.
1833 parseaddr.c The routines which do address parsing.
1834 queue.c Routines to implement message queueing.
1835 ratectrl.c Routines for rate/connnection control.
1836 ratectrl.h Header file for rate/connnection control.
1837 readcf.c The routine that reads the configuration file and
1838 translates it to internal form.
1839 recipient.c Routines that manipulate the recipient list.
1840 sasl.c Routines to interact with Cyrys-SASL.
1841 savemail.c Routines which save the letter on processing errors.
1842 sched.c Routines for scheduling queue management.
1843 sendmail.8 Man page for the sendmail command.
1844 sendmail.h Main header file for sendmail.
1845 sfsasl.c I/O interface between SASL/TLS and the MTA.
1846 sfsasl.h Header file for sfsasl.c.
1847 shmticklib.c Routines for shared memory counters.
1848 sm_resolve.c Routines for DNS lookups (for DNS map type).
1849 sm_resolve.h Header file for sm_resolve.c.
1850 srvrsmtp.c Routines to implement server SMTP.
1851 stab.c Routines to manage the symbol table.
1852 stats.c Routines to collect and post the statistics.
1853 statusd_shm.h Data structure and function declarations for shmticklib.c.
1854 sysexits.c List of error messages associated with error codes
1856 sysexits.h List of error codes for systems that lack their own.
1857 timers.c Routines to provide microtimers.
1858 timers.h Data structure and function declarations for timers.h.
1859 tls.c Routines for TLS.
1860 tls.h Header file for tls*.c
1861 tlsh.c Helper routines for TLS, mostly DANE.
1862 trace.c The trace package. These routines allow setting and
1863 testing of trace flags with a high granularity.
1864 udb.c The user database interface module.
1865 usersmtp.c Routines to implement user SMTP.
1866 util.c Some general purpose routines used by sendmail.
1867 version.c The version number and information about this
1868 version of sendmail.
1871 +---------------------------+
1872 | SOME NOTES ABOUT THE CODE |
1873 +---------------------------+
1875 Some things are not easy to understand by just reading the source
1876 code, so this section has some notes which might be interesting for
1877 those who want to enhance sendmail. These notes are not exhaustive
1878 but just cover some things which might be interesting.
1880 Address format: sendmail uses a range of 8 bit characters for its
1881 internal purposes as noted in sendmail.h:
1883 ** Special characters in rewriting rules.
1884 ** These are used internally only.
1886 To handle all 8 bit characters, sendmail uses two address formats:
1887 internal and external -- for details see the comments in cataddr()
1888 as well as the functions quote_internal_chars() and
1889 dequote_internal_chars() in libsm/util.c.
1891 These formats are marked in many places with [i] and [x] respectively.
1892 Some functions only work on one kind of those formats, so it is
1893 important to mark the strings accordingly. In some cases the marker
1894 [A] is used to denote that the string format does not matter (which
1895 is the default) -- this is only used in cases where there might be
1896 some confusion about any format requirements.