mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-30 15:38:06 +01:00
58162a7314
The conflict merge will happen shortly after.
732 lines
32 KiB
Plaintext
732 lines
32 KiB
Plaintext
Newsgroups: comp.mail.sendmail,comp.mail.misc,comp.mail.smail,comp.answers,news.answers
|
|
Subject: comp.mail.sendmail Frequently Asked Questions (FAQ)
|
|
From: brad@birch.ims.disa.mil (Brad Knowles)
|
|
Followup-to: comp.mail.sendmail
|
|
Summary: This posting contains a list of Frequently Asked Questions
|
|
(and their answers) about the program "sendmail", distributed
|
|
with many versions of Unix (and available for some other
|
|
operating systems). This FAQ is shared between
|
|
comp.mail.sendmail and the Sendmail V8 distribution. It should
|
|
be read by anyone who wishes to post to comp.mail.sendmail, or
|
|
anyone having questions about the newsgroup itself.
|
|
|
|
Archive-name: mail/sendmail-faq
|
|
Posting-Frequency: monthly (first Monday)
|
|
|
|
|
|
[The most recent copy of this document can be obtained via anonymous
|
|
FTP from rtfm.mit.edu in /pub/usenet/news.answers/mail/sendmail-faq.
|
|
If you do not have access to anonymous FTP, you can retrieve it by
|
|
sending email to mail-server@rtfm.mit.edu with the command "send
|
|
usenet/news.answers/mail/sendmail-faq" in the message.]
|
|
|
|
|
|
|
|
Sendmail Version 8
|
|
Frequently Asked Questions
|
|
Last updated 9/17/95
|
|
|
|
|
|
This FAQ is specific to Version 8.6.10 of sendmail. Other questions,
|
|
particularly regarding compilation and configuration, are answered in
|
|
src/READ_ME and cf/README (found in the V8 sendmail distribution).
|
|
|
|
This is also the official FAQ for the Usenet newsgroup
|
|
comp.mail.sendmail.
|
|
|
|
======================================================================
|
|
BEFORE YOU GO ANY FURTHER
|
|
======================================================================
|
|
|
|
* What do you wish everyone would do before sending you mail or
|
|
posting to comp.mail.sendmail?
|
|
|
|
Read this FAQ completely. Read src/READ_ME and cf/README
|
|
completely. Read the books written to help with common
|
|
problems such as compilation and installation, configuration,
|
|
security issues, etc.... Ask themselves if their question
|
|
hasn't already been answered.
|
|
----------------------------------------------------------------------
|
|
* How can I be sure if this is the right place to look for answers
|
|
to my questions?
|
|
|
|
1. Do you know, for a fact, that the question is related to
|
|
sendmail V8?
|
|
|
|
2. Do you know, for a fact, that the question is related to an
|
|
older version of sendmail?
|
|
|
|
3. Is the question about a sendmail-like program (e.g., Smail,
|
|
Zmailer, MMDF, etc...)?
|
|
|
|
4. Is the question about an SMTP Gateway product for a LAN
|
|
mail package (e.g., cc:Mail, MS-Mail, WordPerfect
|
|
Office/GroupWise, etc...)?
|
|
|
|
If you answered "yes" to the question #1, then this is the
|
|
right place.
|
|
|
|
If you answered "yes" to questions #2 or #3, then you should
|
|
seriously consider upgrading to the most recent version of
|
|
sendmail V8.
|
|
|
|
For question #2, If you're going to continue using an older
|
|
version of sendmail, you may not find much help and will
|
|
probably get some responses that amount to "Get V8".
|
|
Otherwise, this is probably the best place to look for
|
|
answers.
|
|
|
|
If you answered "yes" to question #3 and are not going to
|
|
upgrade to sendmail V8, then this is probably not the right
|
|
place to look.
|
|
|
|
If you answered "yes" to question #4, then this is almost
|
|
certainly not the right place to look.
|
|
|
|
For questions #3 and #4, try looking around elsewhere in the
|
|
"comp.mail.*" hierarchy for a more appropriate newsgroup.
|
|
For example, you might want to try posting to comp.mail.misc
|
|
or comp.mail.smail.
|
|
|
|
If you couldn't answer "yes" to any of the above questions,
|
|
then you're DEFINITELY in the wrong place. For the sake of
|
|
your sanity and ego, not to mention avoiding the waste of
|
|
your time and ours, try asking your System or E-Mail
|
|
Administrator(s) before you post any questions publicly.
|
|
----------------------------------------------------------------------
|
|
* Where can I find the latest version of this FAQ?
|
|
|
|
It is included in the most recent Version 8 distribution of
|
|
sendmail (described below), as well as via anonymous FTP from
|
|
rtfm.mit.edu in /pub/usenet/news.answers/mail/sendmail-faq.
|
|
If you do not have access to anonymous FTP, you can retrieve
|
|
it by sending email to mail-server@rtfm.mit.edu with the
|
|
command "send usenet/news.answers/mail/sendmail-faq" in the
|
|
message.
|
|
----------------------------------------------------------------------
|
|
* I don't have access to Usenet news. Can I still get access to
|
|
comp.mail.sendmail?
|
|
|
|
Yes. Send email to mxt@dl.ac.uk with the command "sub
|
|
comp-news.comp.mail.sendmail <full-US-ordered-email-address>"
|
|
in the message.
|
|
|
|
E-mail you want posted on comp.mail.sendmail should be sent
|
|
to comp-mail-sendmail@dl.ac.uk
|
|
----------------------------------------------------------------------
|
|
* I have sendmail-related DNS questions. Where should I ask them?
|
|
|
|
Depending on how deeply they get into the DNS, they can be
|
|
asked here. However, you'll probably be told that you should
|
|
send them to the Info-BIND mailing list (if the question is
|
|
specific to that program) or to the Usenet newsgroup
|
|
comp.protocols.tcp-ip.domains (DNS in general).
|
|
----------------------------------------------------------------------
|
|
* How do I subscribe to either of these?
|
|
|
|
For comp.protocols.tcp-ip.domains, you have to be on Usenet.
|
|
They don't have a news-to-mail gateway yet.
|
|
|
|
For the Info-BIND mailing list, send email to
|
|
bind-request@uunet.uu.net with the command "subscribe" in the
|
|
message. Submissions should be sent to bind@uunet.uu.net
|
|
|
|
======================================================================
|
|
GENERAL QUESTIONS
|
|
======================================================================
|
|
|
|
* Where can I get Version 8?
|
|
|
|
Via anonymous FTP from FTP.CS.Berkeley.EDU in /ucb/sendmail.
|
|
----------------------------------------------------------------------
|
|
* What are the differences between Version 8 and other versions?
|
|
|
|
See doc/changes/changes.me in the sendmail distribution.
|
|
----------------------------------------------------------------------
|
|
* What happened to sendmail 6.x and 7.x?
|
|
|
|
When a new (Alpha/Beta) version of sendmail was released, it
|
|
was changed to Release 6. Development continued in that tree
|
|
until 4.4BSD was released, when everything on the 4.4 tape
|
|
was set to be version 8.1. Version 7.x never existed.
|
|
----------------------------------------------------------------------
|
|
* What books are available describing sendmail?
|
|
|
|
There is one book available devoted to sendmail:
|
|
|
|
Costales, Allman, and Rickert, _Sendmail_. O'Reilly &
|
|
Associates.
|
|
|
|
Several books have sendmail chapters, for example:
|
|
|
|
Nemeth, Snyder, and Seebass, _Unix System Administration
|
|
Handbook_. Prentice-Hall.
|
|
Carl-Mitchell and Quarterman, _Practical Internetworking with
|
|
TCP/IP and UNIX_. Addison-Wesley.
|
|
Hunt, _TCP/IP Network Administration_. O'Reilly & Associates.
|
|
|
|
Another book about sendmail is due out "soon":
|
|
|
|
Avolio & Vixie, _Sendmail Theory and Practice_. Digital
|
|
Press (release date unknown).
|
|
|
|
For details on sendmail-related DNS issues, consult:
|
|
|
|
Liu and Albitz, _DNS and BIND_. O'Reilly & Associates.
|
|
|
|
For details on UUCP, see:
|
|
|
|
O'Reilly and Todino, _Managing UUCP and Usenet_.
|
|
O'Reilly & Associates.
|
|
|
|
======================================================================
|
|
COMPILING AND INSTALLING SENDMAIL 8
|
|
======================================================================
|
|
|
|
* Version 8 requires a new version of "make". Where can I get this?
|
|
|
|
Actually, Version 8 does not require a new version of "make".
|
|
It includes a collection of Makefiles for different architectures,
|
|
only one or two of which require the new "make". For a supported
|
|
architecture, use ``sh makesendmail''. If you are porting to a
|
|
new architecture, start with Makefile.dist.
|
|
|
|
If you really do want the new make, it is available on any of
|
|
the BSD Net2 or 4.4-Lite distribution sites. These include:
|
|
|
|
ftp.uu.net /systems/unix/bsd-sources
|
|
gatekeeper.dec.com /.0/BSD/net2
|
|
ucquais.cba.uc.edu /pub/net2
|
|
ftp.luth.se /pub/unix/4.3bsd/net2
|
|
|
|
Diffs and instructions for building this version of make
|
|
under SunOS 4.1.x are available on ftp.css.itd.umich.edu in
|
|
/pub/systems/sun/Net2-make.sun4.diff.Z. A patchkit for
|
|
Ultrix is on ftp.vix.com in /pub/patches/pmake-for-ultrix.Z.
|
|
Patches for AIX 3.2.4 are available on ftp.uni-stuttgart.de
|
|
in /sw/src/patches/bsd-make-rus-patches.
|
|
|
|
There is also a Linux version available on the main Linux
|
|
distribution sites as pmake; this version is included as
|
|
standard with the current Slackware distributions.
|
|
----------------------------------------------------------------------
|
|
* What macro package do I use to format the V8 man pages?
|
|
|
|
The BSD group switched over the the ``mandoc'' macros for the
|
|
4.4 release. These include more hooks designed for hypertext
|
|
handling. However, new man pages won't format under the old
|
|
man macros. Fortunately, old man pages will format under the
|
|
new mandoc macros.
|
|
|
|
Get the new macros with the BSD Net2 or 4.4-Lite release (see
|
|
above for locations; for example, on FTP.UU.NET the files
|
|
/system/unix/bsd-sources/share/tmac/me/strip/sed and
|
|
/system/unix/bsd-sources/share/tmac/* are what you need).
|
|
|
|
This macro set is also included with newer versions of groff.
|
|
----------------------------------------------------------------------
|
|
* What modes should be used when installing sendmail?
|
|
|
|
The sendmail binary should be owned by root, mode 4755.
|
|
The queue directory should be owned by root, with a mode
|
|
between 700 and 755. Under no circumstances should
|
|
it be group or other writable!
|
|
The sendmail config file should be owned by root, mode 644.
|
|
The aliases file should generally be owned by one trusted
|
|
user and writable only by that user, although it is
|
|
not unreasonable to have it group writable by a
|
|
"sysadmin" group. It should not be world writable.
|
|
The aliases database files (aliases.db or aliases.{pag,dir}
|
|
depending on what database format you compile with)
|
|
should be owned by root, mode 644.
|
|
|
|
======================================================================
|
|
CONFIGURATION QUESTIONS
|
|
======================================================================
|
|
|
|
* How do I make all my addresses appear to be from a single host?
|
|
|
|
Using the V8 configuration macros, use:
|
|
|
|
MASQUERADE_AS(my.dom.ain)
|
|
|
|
This will cause all addresses to be sent out as being from
|
|
the indicated domain.
|
|
----------------------------------------------------------------------
|
|
* How do I rewrite my From: lines to read ``First_Last@My.Domain''?
|
|
|
|
There are a couple of ways of doing this. This describes
|
|
using the "user database" code. This is still experimental,
|
|
and was intended for a different purpose -- however, it does
|
|
work with a bit of care. It does require that you have the
|
|
Berkeley "db" package installed (it won't work with DBM).
|
|
|
|
First, create your input file. This should have lines like:
|
|
|
|
loginname:mailname First_Last
|
|
First_Last:maildrop loginname
|
|
|
|
Install it in (say) /etc/userdb. Create the database:
|
|
|
|
makemap btree /etc/userdb.db < /etc/userdb
|
|
|
|
You can then create a config file that uses this. You will
|
|
have to include the following in your .mc file:
|
|
|
|
define(confUSERDB_SPEC, /etc/userdb.db)
|
|
FEATURE(notsticky)
|
|
----------------------------------------------------------------------
|
|
* So what was the user database feature intended for?
|
|
|
|
The intent was to have all information for a given user
|
|
(where the user is the unique login name, not an inherently
|
|
non-unique full name) in one place. This would include phone
|
|
numbers, addresses, and so forth. The "maildrop" feature is
|
|
because Berkeley does not use a centralized mail server
|
|
(there are a number of reasons for this that are mostly
|
|
historic), and so we need to know where each user gets his or
|
|
her mail delivered -- i.e., the mail drop.
|
|
|
|
We are in the process of setting up our environment so that
|
|
mail sent to an unqualified "name" goes to that person's
|
|
preferred maildrop; mail sent to "name@host" goes to that
|
|
host. The purpose of "FEATURE(notsticky)" is to cause
|
|
"name@host" to be looked up in the user database for delivery
|
|
to the maildrop.
|
|
----------------------------------------------------------------------
|
|
* Why are you so hostile to using full names for e-mail addresses?
|
|
|
|
Because full names are not unique. For example, the computer
|
|
community has two Andy Tannenbaums and two Peter Deutsches.
|
|
At one time, Bell Labs had two Stephen R. Bournes with
|
|
offices a few doors apart. You can create alternative
|
|
addresses (e.g., Stephen_R_Bourne_2), but that's even worse
|
|
-- which one of them has to have their name desecrated in
|
|
this way? And you can bet that one of them will get most of
|
|
the other person's e-mail.
|
|
|
|
So called "full names" are just an attempt to create longer
|
|
versions of unique names. Rather that lulling people into a
|
|
sense of security, I'd rather that it be clear that these
|
|
handles are arbitrary. People should use good user agents
|
|
that have alias mappings so that they can attach arbitrary
|
|
names for their personal use to those with whom they
|
|
correspond (such as the MH alias file).
|
|
|
|
Even worse is fuzzy matching in e-mail -- this can make good
|
|
addresses turn bad. For example, Eric Allman is currently
|
|
(to the best of our knowledge) the only ``Allman'' at
|
|
Berkeley, so mail sent to "Allman@Berkeley.EDU" should get to
|
|
him. But if another Allman ever appears, this address could
|
|
suddenly become ambiguous. He's been the only Allman at
|
|
Berkeley for over fifteen years -- to suddenly have this
|
|
"good address" bounce mail because it is ambiguous would be a
|
|
heinous wrong.
|
|
|
|
Finger services should be as fuzzy as possible (within
|
|
reason, of course). Mail services should be unique.
|
|
----------------------------------------------------------------------
|
|
* Should I use a wildcard MX for my domain?
|
|
|
|
If at all possible, no.
|
|
|
|
Wildcard MX records have lots of semantic "gotcha"s. For
|
|
example, they will match a host "unknown.your.domain" -- if
|
|
you don't explicitly test for unknown hosts in your domain,
|
|
you will get "config error: mail loops back to myself"
|
|
errors.
|
|
|
|
See RFCs 1535-1537 for more detail and other related (or
|
|
common) problems.
|
|
----------------------------------------------------------------------
|
|
* How can I get sendmail to process messages sent to an account and
|
|
send the results back to the originator?
|
|
|
|
This is a local mailer issue, not a sendmail issue.
|
|
Depending on what you're doing, look at procmail (mentioned
|
|
again below), ftpmail, or Majordomo.
|
|
|
|
Check your local archie server to see what machine(s) nearest
|
|
you have the most recent versions of these programs.
|
|
----------------------------------------------------------------------
|
|
* How can I get sendmail to deliver local mail to $HOME/.mail
|
|
instead of into /usr/spool/mail (or /usr/mail)?
|
|
|
|
Again, this is a local mailer issue, not a sendmail issue.
|
|
Either modify your local mailer (source code will be
|
|
required) or change the program called in the "local" mailer
|
|
configuration description to be a new program that does this
|
|
local delivery. One program that is capable of doing this is
|
|
"procmail", although there are probably many others as well.
|
|
|
|
You might be interested in reading the paper ``HLFSD:
|
|
Delivering Email to your $HOME'' available in the Proceedings
|
|
of the USENIX System Administration (LISA VII) Conference
|
|
(November 1993). This is also available via public FTP from
|
|
ftp.cs.columbia.edu in /pub/hlfsd/{README.hlfsd,hlfsd.ps}.
|
|
----------------------------------------------------------------------
|
|
* I'm trying to to get my mail to go into queue only mode, and it
|
|
delivers the mail interactively anyway. (Or, I'm trying to use
|
|
the "don't deliver to expensive mailer" flag, and it delivers the
|
|
mail interactively anyway.) I can see it does it: here's the
|
|
output of "sendmail -v foo@somehost" (or Mail -v or equivalent).
|
|
|
|
The -v flag to sendmail (which is implied by the -v flag to
|
|
Mail and other programs in that family) tells sendmail to
|
|
watch the transaction. Since you have explicitly asked to
|
|
see what's going on, it assumes that you do not want to to
|
|
auto-queue, and turns that feature off. Remove the -v flag
|
|
and use a "tail -f" of the log instead to see what's going
|
|
on.
|
|
|
|
If you are trying to use the "don't deliver to expensive
|
|
mailer" flag (mailer flag "e"), be sure you also turn on
|
|
global option "c" -- otherwise it ignores the mailer flag.
|
|
----------------------------------------------------------------------
|
|
* There are four UUCP mailers listed in the configuration files.
|
|
Which one should I use?
|
|
|
|
The choice is partly a matter of local preferences and what
|
|
is running at the other end of your UUCP connection. Unlike
|
|
good protocols that define what will go over the wire, UUCP
|
|
uses the policy that you should do what is right for the
|
|
other end; if they change, you have to change. This makes it
|
|
hard to do the right thing, and discourages people from
|
|
updating their software. In general, if you can avoid UUCP,
|
|
please do.
|
|
|
|
If you can't avoid it, you'll have to find the version that
|
|
is closest to what the other end accepts. Following is a
|
|
summary of the UUCP mailers available.
|
|
|
|
uucp-old (obsolete name: "uucp")
|
|
This is the oldest, the worst (but the closest to UUCP) way
|
|
of sending messages across UUCP connections. It does
|
|
bangify everything and prepends $U (your UUCP name) to the
|
|
sender's address (which can already be a bang path
|
|
itself). It can only send to one address at a time, so it
|
|
spends a lot of time copying duplicates of messages. Avoid
|
|
this if at all possible.
|
|
|
|
uucp-new (obsolete name: "suucp")
|
|
The same as above, except that it assumes that in one rmail
|
|
command you can specify several recipients. It still has a
|
|
lot of other problems.
|
|
|
|
uucp-dom
|
|
This UUCP mailer keeps everything as domain addresses.
|
|
Basically, it uses the SMTP mailer rewriting rules.
|
|
|
|
Unfortunately, a lot of UUCP mailer transport agents
|
|
require bangified addresses in the envelope, although you
|
|
can use domain-based addresses in the message header. (The
|
|
envelope shows up as the From_ line on UNIX mail.) So....
|
|
|
|
uucp-uudom
|
|
This is a cross between uucp-new (for the envelope
|
|
addresses) and uucp-dom (for the header addresses). It
|
|
bangifies the envelope sender (From_ line in messages)
|
|
without adding the local hostname, unless there is no host
|
|
name on the address at all (e.g., "wolf") or the host
|
|
component is a UUCP host name instead of a domain name
|
|
("somehost!wolf" instead of "some.dom.ain!wolf").
|
|
|
|
Examples:
|
|
|
|
We are on host grasp.insa-lyon.fr (UUCP host name "grasp").
|
|
The following summarizes the sender rewriting for various
|
|
mailers.
|
|
|
|
Mailer sender rewriting in the envelope
|
|
------ ------ -------------------------
|
|
uucp-{old,new} wolf grasp!wolf
|
|
uucp-dom wolf wolf@grasp.insa-lyon.fr
|
|
uucp-uudom wolf grasp.insa-lyon.fr!wolf
|
|
|
|
uucp-{old,new} wolf@fr.net grasp!fr.net!wolf
|
|
uucp-dom wolf@fr.net wolf@fr.net
|
|
uucp-uudom wolf@fr.net fr.net!wolf
|
|
|
|
uucp-{old,new} somehost!wolf grasp!somehost!wolf
|
|
uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr
|
|
uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf
|
|
|
|
======================================================================
|
|
RESOLVING PROBLEMS
|
|
======================================================================
|
|
|
|
* When I compile, I get "undefined symbol inet_aton" messages.
|
|
|
|
You've probably replaced your resolver with the version from
|
|
BIND 4.9.3. You need to compile with -l44bsd in order to get
|
|
the additional routines.
|
|
----------------------------------------------------------------------
|
|
* I'm getting "Local configuration error" messages, such as:
|
|
|
|
553 relay.domain.net config error: mail loops back to myself
|
|
554 <user@domain.net>... Local configuration error
|
|
|
|
How can I solve this problem?
|
|
|
|
You have asked mail to the domain (e.g., domain.net) to be
|
|
forwarded to a specific host (in this case, relay.domain.net)
|
|
by using an MX record, but the relay machine doesn't
|
|
recognize itself as domain.net. Add domain.net to
|
|
/etc/sendmail.cw (if you are using FEATURE(use_cw_file)) or
|
|
add "Cw domain.net" to your configuration file.
|
|
|
|
IMPORTANT: Be sure you kill and restart the sendmail daemon
|
|
after you change the configuration file (for ANY change in
|
|
the configuration, not just this one):
|
|
|
|
kill `head -1 /etc/sendmail.pid`
|
|
sh -c "`tail -1 /etc/sendmail.pid`"
|
|
|
|
NOTA BENE: kill -1 does not work!
|
|
----------------------------------------------------------------------
|
|
* When I use sendmail V8 with a Sun config file I get lines like:
|
|
|
|
/etc/sendmail.cf: line 273: replacement $3 out of bounds
|
|
|
|
the line in question reads:
|
|
|
|
R$*<@$%y>$* $1<@$2.LOCAL>$3 user@ether
|
|
|
|
what does this mean? How do I fix it?
|
|
|
|
V8 doesn't recognize the Sun "$%y" syntax, so as far as it is
|
|
concerned, there is only a $1 and a $2 (but no $3) in this
|
|
line. Read Rick McCarty's paper on "Converting Standard Sun
|
|
Config Files to Sendmail Version 8", in the contrib directory
|
|
(file "converting.sun.configs") on the sendmail distribution
|
|
for a full discussion of how to do this.
|
|
----------------------------------------------------------------------
|
|
* When I use sendmail V8 on a Sun, I sometimes get lines like:
|
|
|
|
/etc/sendmail.cf: line 445: bad ruleset 96 (50 max)
|
|
|
|
what does this mean? How do I fix it?
|
|
|
|
You're somehow trying to start up the old Sun sendmail (or
|
|
sendmail.mx) with a sendmail V8 config file, which Sun's
|
|
sendmail doesn't like. Check your /etc/rc.local, any
|
|
procedures that have been created to stop and re-start the
|
|
sendmail processes, etc.... Make sure that you've switched
|
|
everything over to using the new sendmail. To keep this
|
|
problem from ever happening again, try the following:
|
|
|
|
mv /usr/lib/sendmail /usr/lib/sendmail.old
|
|
ln -s /usr/local/lib/sendmail.v8 /usr/lib/sendmail
|
|
mv /usr/lib/sendmail.mx /usr/lib/sendmail.mx.old
|
|
ln -s /usr/local/lib/sendmail.v8 /usr/lib/sendmail.mx
|
|
chmod 0000 /usr/lib/sendmail.old
|
|
chmod 0000 /usr/lib/sendmail.mx.old
|
|
|
|
Assuming you have installed sendmail V8 in /usr/local/lib.
|
|
----------------------------------------------------------------------
|
|
* When I use sendmail V8 on an IBM RS/6000 running AIX, the system
|
|
resource controller always reports sendmail as "inoperative" even
|
|
though it is running. What's wrong?
|
|
|
|
IBM's system resource controller is one of their "value
|
|
added" features to AIX -- it's not a Unix standard. You'll
|
|
need to either redefine the subsystem to use signals (see
|
|
chssys(1)) or dump the entire subsystem and invoke sendmail
|
|
in /etc/rc.tcpip or some other boot script.
|
|
----------------------------------------------------------------------
|
|
* When I use sendmail V8 on an Intel x86 machine running Linux, I
|
|
have some problems. Specifically, I have....
|
|
|
|
The current versions of Linux are generally considered to be
|
|
great for hobbyists and anyone else who wants to learn Unix
|
|
inside and out, or wants to always have something to do, or
|
|
wants a machine for light-duty mostly personal use and not
|
|
high-volume multi-user purposes.
|
|
|
|
However, for those who want a system that will just sit in
|
|
the background and work without a fuss handling thousands of
|
|
mail messages a day for lots of different users, it's not
|
|
(yet) stable enough to fit the bill.
|
|
|
|
Unfortunately, there are no known shareware/freeware
|
|
implementations of any operating system that provides the
|
|
level of stability necessary to handle that kind of load
|
|
(i.e., there are no free lunches).
|
|
|
|
If you're wedded to the Intel x86 platform and want to run
|
|
sendmail, we suggest you look at commercial implementations
|
|
of Unix such as Interactive, UnixWare, Solaris, or BSD/386
|
|
(just a sample of the dozens of different versions of Unix
|
|
for Intel x86).
|
|
|
|
Of all known vendor supported versions of Unix for Intel x86,
|
|
BSDI's BSD/386 is least expensive and the only one known to
|
|
currently ship with sendmail V8 pre-installed. Since sendmail
|
|
V8 is continuing to be developed at UC Berkeley, and BSD/386
|
|
is a full BSD 4.4 implementation, this is obviously be the most
|
|
"native" sendmail V8 environment.
|
|
----------------------------------------------------------------------
|
|
* When I use sendmail on an Intel x86 machine running OS/2, I have
|
|
some problems. Specifically, I have....
|
|
|
|
The OS/2 port of sendmail is known to have left out huge
|
|
chunks of the code and functionality of even much older
|
|
versions of sendmail, in large part because the underlying OS
|
|
just doesn't have the necessary hooks to make it happen.
|
|
This port is so broken that we make no attempt to provide any
|
|
kind of support for it. Try BSDI's BSD/386 instead.
|
|
----------------------------------------------------------------------
|
|
* I'm connected to the network via a SLIP/PPP link. Sometimes my
|
|
sendmail process hangs (although it looks like part of the
|
|
message has been transfered). Everything else works. What's
|
|
wrong?
|
|
|
|
Most likely, the problem isn't sendmail at all, but the low
|
|
level network connection. It's important that the MTU
|
|
(Maximum Transfer Unit) for the SLIP connection be set
|
|
properly at both ends. If they disagree, large packets will
|
|
be trashed and the connection will hang.
|
|
----------------------------------------------------------------------
|
|
* I just upgraded to 8.x and suddenly I'm getting messages in my
|
|
syslog of the form "collect: I/O error on connection". What is
|
|
going wrong?
|
|
|
|
Nothing. This is just a diagnosis of a condition that had
|
|
not been diagnosed before. If you are getting a lot of these
|
|
from a single host, there is probably some incompatibility
|
|
between 8.x and that host. If you get a lot of them in
|
|
general, you may have network problems that are causing
|
|
connections to get reset.
|
|
----------------------------------------------------------------------
|
|
* I just upgraded to 8.x and now when my users try to forward their
|
|
mail to a program they get an "illegal shell" message and their
|
|
mail is not delivered. What's wrong?
|
|
|
|
In order for people to be able to run a program from their
|
|
.forward file, 8.x insists that their shell (that is, the
|
|
shell listed for that user in the passwd entry) be a "valid"
|
|
shell, meaning a shell listed in /etc/shells. If /etc/shells
|
|
does not exist, a default list is used, typically consisting
|
|
of /bin/sh and /bin/csh.
|
|
|
|
This is to support environments that may have NFS-shared
|
|
directories mounted on machines on which users do not have
|
|
login permission. For example, many people make their
|
|
file server inaccessible for performance or security
|
|
reasons; although users have directories, their shell on
|
|
the server is /usr/local/etc/nologin or some such. If you
|
|
allowed them to run programs anyway you might as well let
|
|
them log in.
|
|
|
|
If you are willing to let users run programs from their
|
|
.forward file even though they cannot telnet or rsh in (as
|
|
might be reasonable if you run smrsh to control the list of
|
|
programs they can run) then add the line
|
|
|
|
/SENDMAIL/ANY/SHELL/
|
|
|
|
to /etc/shells. This must be typed exactly as indicated,
|
|
in caps, with the trailing slash. NOTA BENE: DO NOT
|
|
list /usr/local/etc/nologin in /etc/shells -- this will
|
|
open up other security problems.
|
|
----------------------------------------------------------------------
|
|
* I just upgraded to 8.x and suddenly connections to the SMTP port
|
|
take a long time. What is going wrong?
|
|
|
|
It's probably something weird in your TCP implementation that
|
|
makes the IDENT code act oddly. On most systems V8 tries to
|
|
do a ``callback'' to the connecting host to get a validated
|
|
user name (see RFC 1413 for detail). If the connecting host
|
|
does not support such a service it will normally fail quickly
|
|
with "Connection refused", but certain kinds of packet
|
|
filters and certain TCP implementations just time out.
|
|
|
|
To test this, set the IDENT timeout to zero using
|
|
``OrIdent=0'' in the configuration file. This will
|
|
completely disable all use of the IDENT protocol.
|
|
|
|
Another possible problem is that you have your name server
|
|
and/or resolver configured improperly. Make sure that all
|
|
"nameserver" entries in /etc/resolv.conf point to functional
|
|
servers. If you are running your own server make certain
|
|
that all the servers listed in your root cache (usually
|
|
called something like "/var/namedb/root.cache"; see your
|
|
/etc/named.boot file to get your value) are up to date.
|
|
Either of these can cause long delays.
|
|
----------------------------------------------------------------------
|
|
* I just upgraded to 8.x and suddenly I get errors such as ``unknown
|
|
mailer error 5 -- mail: options MUST PRECEDE recipients.'' What is
|
|
going wrong?
|
|
|
|
You need OSTYPE(systype) in your .mc file -- otherwise the
|
|
configurations use a default that probably disagrees with
|
|
your local mail system. See cf/README for details.
|
|
----------------------------------------------------------------------
|
|
* Under V8, the "From " header gets mysteriously munged when I send
|
|
to an alias.
|
|
|
|
``It's not a bug, it's a feature.'' This happens when you
|
|
have a "owner-list" alias and you send to "list". V8
|
|
propagates the owner information into the envelope sender
|
|
field (which appears as the "From " header on UNIX mail or as
|
|
the Return-Path: header) so that downstream errors are
|
|
properly returned to the mailing list owner instead of to the
|
|
sender. In order to make this appear as sensible as possible
|
|
to end users, I recommend making the owner point to a
|
|
"request" address -- for example:
|
|
|
|
list: :include:/path/name/list.list
|
|
owner-list: list-request
|
|
list-request: eric
|
|
|
|
This will make message sent to "list" come out as being "From
|
|
list-request" instead of "From eric".
|
|
----------------------------------------------------------------------
|
|
* I am trying to use MASQUERADE_AS (or the user database) to
|
|
rewrite from addresses, and although it works in the From: header
|
|
line, it doesn't work in the envelope (e.g., the "From " line).
|
|
|
|
Believe it or not, this is intentional. The interpretation
|
|
of the standards by the V8 development group was that this
|
|
was an inappropriate rewriting, and that if the rewriting
|
|
were incorrect at least the envelope would contain a valid
|
|
return address. Other people have since described scenarios
|
|
where the envelope cannot be correct without this rewriting,
|
|
so 8.7 will have an option to rewrite both header and
|
|
envelope.
|
|
----------------------------------------------------------------------
|
|
* I want to run Sendmail version 8 on my DEC system, but you don't
|
|
have MAIL11V3 support in sendmail. How do I handle this?
|
|
|
|
Get Paul Vixie's reimplementation of the mail11 protocol from
|
|
gatekeeper.dec.com in /pub/DEC/gwtools.
|
|
|
|
Rumour has it that he will be fully integrating into sendmail
|
|
V8 what little is left of IDA sendmail that is not handled
|
|
(or handled as well) by V8. No additional information on
|
|
this project is currently available.
|
|
----------------------------------------------------------------------
|
|
* Messages seem to disappear from my queue unsent. When I look in
|
|
the queue directory I see that they have been renamed from qf* to
|
|
Qf*, and sendmail doesn't see these.
|
|
|
|
If you look closely you should find that the Qf files are
|
|
owned by users other than root. Since sendmail runs as root
|
|
it refuses to believe information in non-root-owned qf files,
|
|
and it renames them to Qf to get them out of the way and make
|
|
it easy for you to find. The usual cause of this is
|
|
twofold: first, you have the queue directory world writable
|
|
(which is probably a mistake -- this opens up other security
|
|
problems) and someone is calling sendmail with an "unsafe"
|
|
flag, usually a -o flag that sets an option that could
|
|
compromise security. When sendmail sees this it gives up
|
|
setuid root permissions.
|
|
|
|
The usual solution is to not use the problematic flags. If
|
|
you must use them, you have to write a special queue
|
|
directory and have them processed by the same uid that
|
|
submitted the job in the first place.
|
|
----------------------------------------------------------------------
|
|
@(#)FAQ 8.16 (Berkeley) 9/17/95
|
|
Send updates to sendmail@sendmail.ORG.
|