HardenedBSD/contrib/sendmail
Peter Wemm 05b73c60a4 I obviously cannot read. I misread the ifdef in the Makefile - DONT_FSYNC
was not on by default.. Back previous change out.
1998-08-04 13:56:32 +00:00
..
BuildTools
cf
contrib
doc
mail.local
mailstats
makemap
praliases
rmail
smrsh
src
test
FAQ
KNOWNBUGS
LICENSE
Makefile
README
RELEASE_NOTES

/*-
 *	@(#)README	8.48 (Berkeley) 5/19/98
 */

			SENDMAIL RELEASE 8

This directory has the latest sendmail(TM) software from Sendmail, Inc.
See doc/changes/changes.me for a summary of changes since 5.67.

Report any bugs to sendmail-bugs@sendmail.ORG

There is a web site at http://WWW.Sendmail.ORG -- see that site for
the latest updates.

******************************************************************
**  DO NOT USE MAKE to compile sendmail.  Instead, cd src and	**
**  use the "Build" shell script.  On many environments this	**
**  will do everything for you, no fuss, no muss.  See		**
**  src/README for more details of compilation.  See cf/README	**
**  for details about building a runtime configuration file.	**
******************************************************************

Sendmail is a trademark of Sendmail, Inc.

+-----------------------+
| DIRECTORY PERMISSIONS |
+-----------------------+

Sendmail often gets blamed for many problems that are actually the
result of other problems, such as overly permissive modes on directories.
For this reason, sendmail checks the modes on system directories and
files to determine if can have been trusted.  For sendmail to run
without complaining, you MUST execute the following command:

	chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
	chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue

You will probably have to tweak this for your environment (for example,
some systems put the spool directory into /usr/spool instead of
/var/spool and use /etc/mail for aliases file instead of /etc).  If you
set the RunAsUser option in your sendmail.cf, the /var/spool/mqueue
directory will have to be owned by the RunAsUser user.  As a general rule,
after you have compiled sendmail, run the command

	sendmail -v -bi

to initialize the alias database.  If it gives messages such as

	WARNING: writable directory /etc
	WARNING: writable directory /usr/spool/mqueue

then the directories listed have inappropriate write permissions and
should be secured to avoid various possible security attacks.

Beginning with sendmail 8.9, these checks have become more strict to
prevent users from being able to access files they would normally not
be able to read.  In particular, .forward and :include: files in unsafe
directory paths (directory paths which are group or world writable) will
no longer be allowed.  This would mean that if user joe's home directory
was writable by group staff, sendmail would not use his .forward file.
This behavior can be altered, at the expense of system security, by
setting the DontBlameSendmail option.  For example, to allow .forward
files in group writable directories:

	O DontBlameSendmail=forwardfileingroupwritabledirpath

Or to allow them in both group and world writable directories:

	O DontBlameSendmail=forwardfileinunsafedirpath

Items from these unsafe .forward and :include: files will be marked
as unsafe addresses -- the items can not be deliveries to files or
programs.  This behavior can also be altered via DontBlameSendmail:

	O DontBlameSendmail=forwardfileinunsafedirpath,
		forwardfileinunsafedirpathsafe

The first flag allows the .forward file to be read, the second allows
the items in the file to be marked as safe for file and program
delivery.

Other files affected by this strengthened security include class
files (i.e. Fw /etc/sendmail.cw), persistent host status files, and
the files specified by the ErrorHeader and HelpFile options.  Similar
DontBlameSendmail flags are available for the class, ErrorHeader, and
HelpFile files.

If you have an unsafe configuration of .forward and :include:
files, you can make it safe by finding all such files, and doing
a "chmod go-w $FILE" on each.  Also, do a "chmod go-w $DIR" for
each directory in the file's path.


+--------------+
| MANUAL PAGES |
+--------------+

The sendmail manual pages use contemporary Berkeley troff macros.  If
your system does not process these manual pages, you can pick up the
new macros in a BSD Net/2 FTP site (e.g.  on FTP.UU.NET, the files
/systems/unix/bsd-sources/share/tmac/*).

The strip.sed file is only used in installation.

After installation, edit tmac.doc and tmac.andoc to reflect the
installation path of the tmac files.  Those files contain pointers to
/usr/share/tmac/, and those pointers are not changed by the `make
install` process.  There's also a bug in those files -- make the
following patch:

*** tmac.an~    Tue Jul 12 14:29:09 1994
--- tmac.an     Fri Jul 15 13:17:54 1994
***************
*** 50,55 ****
  .de TH
  .rn TH xX
  .so /usr/share/lib/tmac/tmac.an.old
! .TH \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8
  .rm xX
  ..
--- 50,55 ----
  .de TH
  .rn TH xX
  .so /usr/share/lib/tmac/tmac.an.old
! .TH "\\$1" "\\$2" "\\$3" "\\$4" "\\$5" "\\$6" "\\$7" "\\$8"
  .rm xX
  ..

Rename the existing tmac.an to be tmac.an.old, and rename tmac.andoc
to be tmac.an.

tmac.an will choose between tmac.an.old, your old macros, or tmac.doc,
which are the new macros, so that both the new man pages and the
existing man pages will be translated properly.

I'm also told that the groff distribution from MIT has a tmac.doc
macro set that is compatible with these macros.


+-----------------------+
| RELATED DOCUMENTATION |
+-----------------------+

There are other files you should read.  Rooted in this directory are:

  doc/changes/changes.ps
	Describes changes between Release 5 and Release 8 of sendmail.
	There are some things that may behave somewhat differently.
	For example, the rules governing when :include: files will
	be read have been tightened up for security reasons.
  FAQ
	Answers to Frequently Asked Questions.
  KNOWNBUGS
	Known bugs in the current release.  I try to keep this up
	to date -- get the latest version from FTP.Sendmail.ORG
	in /ucb/sendmail/KNOWNBUGS.
  RELEASE_NOTES
	A detailed description of the changes in each version.  This
	is quite long, but informative.
  src/README
	Details on compiling and installing sendmail.
  cf/README
	Details on configuring sendmail.
  doc/op/op.me
	The sendmail Installation & Operations Guide.  Be warned: if
	you are running this off on SunOS or some other system with an
	old version of -me, you need to add the following macro to the
	macros:

		.de sm
		\s-1\\$1\\s0\\$2
		..

	This sets a word in a smaller pointsize.


+--------------+
| RELATED RFCS |
+--------------+

There are several related RFCs that you may wish to read -- they are
available via anonymous FTP to several sites, including:

	ftp://nic.ddn.mil/rfc/
	ftp://nis.nsf.net/documents/rfc/
	ftp://nisc.jvnc.net/rfc/
	ftp://venera.isi.edu/in-notes/
	ftp://wuarchive.wustl.edu/doc/rfc/

For a list of the primary repositories see:

	http://www.isi.edu/in-notes/rfc-retrieval.txt

They are also online at:

	http://www.ietf.org/

They can also be retrieved via electronic mail by sending
email to one of:

	mail-server@nisc.sri.com
		Put "send rfcNNN" in message body
	nis-info@nis.nsf.net
		Put "send RFCnnn.TXT-1" in message body
	sendrfc@jvnc.net
		Put "RFCnnn" as Subject: line

For further instructions see:

	http://www.isi.edu/in-notes/rfc-editor/rfc-info

Important RFCs for electronic mail are:

	RFC821	SMTP protocol
	RFC822	Mail header format
	RFC974	MX routing
	RFC976	UUCP mail format
	RFC1123	Host requirements (modifies 821, 822, and 974)
	RFC1413	Identification server
	RFC1869	SMTP Service Extensions (ESMTP spec)
	RFC1652	SMTP Service Extension for 8bit-MIMEtransport
	RFC1870	SMTP Service Extension for Message Size Declaration
	RFC2045	Multipurpose Internet Mail Extensions (MIME) Part One:
		Format of Internet Message Bodies
	RFC1344	Implications of MIME for Internet Mail Gateways
	RFC1428	Transition of Internet Mail from Just-Send-8 to
		8-bit SMTP/MIME
	RFC1891	SMTP Service Extension for Delivery Status Notifications
	RFC1892	Multipart/Report Content Type for the Reporting of
		Mail System Administrative Messages
	RFC1893	Enhanced Mail System Status Codes
	RFC1894	An Extensible Message Format for Delivery Status
		Notifications
	RFC1985	SMTP Service Extension for Remote Message Queue Starting

Other standards that may be of interest (but which are less directly
relevant to sendmail) are:

	RFC987	Mapping between RFC822 and X.400
	RFC1049	Content-Type header field (extension to RFC822)

Warning to AIX users: this version of sendmail does not implement
MB, MR, or MG DNS resource records, as defined (as experiments) in
RFC1035.


+-------------------+
| DATABASE ROUTINES |
+-------------------+

IF YOU WANT TO RUN THE NEW BERKELEY DB SOFTWARE:  ****  DO NOT  ****
use the version that was on the Net2 tape -- it has a number of
nefarious bugs that were bad enough when I got them; you shouldn't have
to go through the same thing.  Instead, get a new version via the web at
http://www.sleepycat.com/.  This software is highly recommended; it gets
rid of several stupid limits, it's much faster, and the interface is
nicer to animals and plants.  If the Berkeley DB include files
are installed in a location other than those which your compiler searches,
you will need to provide that directory when building:

	Build -I/path/to/include/directory

If you are using Berkeley DB versions 1.85 or 1.86, you are *strongly*
urged to upgrade to DB version 2, available from http://www.sleepycat.com/.
Berkeley DB versions 1.85 and 1.86 are known to be broken in various nasty
ways (see http://www.sleepycat.com/db.185.html), and can cause sendmail
to dump core.  In addition, the newest versions of gcc and the Solaris
compilers perform optimizations in those versions that may cause fairly
random core dumps.

If you have no choice but to use Berkeley DB 1.85 or 1.86, and you are
using both Berkeley DB and files in the UNIX ndbm format, remove ndbm.h
and ndbm.o from the DB library after building it.  You should also apply
all of the patches for DB 1.85 and 1.86 found at the Sleepycat web site
(see http://www.sleepycat.com/db.185.html), as they fix some of the known
problems.

If you are using a version of Berkeley DB 2 previous to 2.3.15, and you
are using both Berkeley DB and files in the UNIX ndbm format, remove dbm.o
from the DB library after building it.  No other changes are necessary.

If you are using Berkeley DB version 2.3.15 or greater, no changes are
necessary.

The underlying database file formats changed between Berkeley DB versions
1.85 and 1.86, and again between DB 1.86 and version 2.0.  If you are
upgrading from one of those versions, you must recreate your database
file(s).  Do this by rebuilding all maps with makemap and rebuilding the
alias file with newaliases.


+--------------------+
| HOST NAME SERVICES |
+--------------------+

If you are using NIS or /etc/hosts, it is critical that you
list the long (fully qualified) name somewhere (preferably first) in
the /etc/hosts file used to build the NIS database.  For example, the
line should read

	128.32.149.68   mastodon.CS.Berkeley.EDU mastodon

**** NOT ****

	128.32.149.68   mastodon

If you do not include the long name, sendmail will complain loudly
about ``unable to qualify my own domain name (mastodon) -- using
short name'' and conclude that your canonical name is the short
version and use that in messages.  The name "mastodon" doesn't mean
much outside of Berkeley, and so this creates incorrect and unreplyable
messages.


+-------------+
| USE WITH MH |
+-------------+

This version of sendmail notices and reports certain kinds of SMTP
protocol violations that were ignored by older versions.  If you
are running MH you may wish to install the patch in contrib/mh.patch
that will prevent these warning reports.  This patch also works
with the old version of sendmail, so it's safe to go ahead and
install it.


+----------------+
| USE WITH IDENT |
+----------------+

Sendmail 8 supports the IDENT protocol, as defined by RFC 1413.
No ident server is included with this distribution.  I have found
copies available on:

  ftp.lysator.liu.se		/pub/ident/servers
  romulus.ucs.uoknor.edu	/networking/ident/servers
  ftp.cyf-kr.edu.pl		/agh/uciagh/network/ident

If you want to run an IDENT server, I suggest getting a copy from
one of those sites.  Versions are available for several different
systems, including Apollo, BSD, NeXT, AIX, TOPS20, and VMS.


+---------------------+
| DIRECTORY STRUCTURE |
+---------------------+

The structure of this directory tree is:

cf		Source for sendmail configuration files.  These are
		different than what you've seen before.  They are a
		fairly dramatic rewrite, requiring the new sendmail
		(since they use new features).
contrib		Some contributed tools to help with sendmail.  THESE
		ARE NOT SUPPORTED by sendmail -- contact the original
		authors if you have problems.  (This directory is not
		on the 4.4BSD tape.)
doc		Documentation.  If you are getting source, read
		op.me -- it's long, but worth it.
mail.local	The source for the local delivery agent used for 4.4BSD.
		THIS IS NOT PART OF SENDMAIL! and may not compile
		everywhere, since it depends on some 4.4-isms.  Warning:
		it does mailbox locking differently than other systems.
mailstats	Statistics printing program.  It has the pathname of
		sendmail.st compiled in, so if you've changed that,
		beware.
makemap		A program that creates the keyed maps used by the $( ... $)
		construct in sendmail.  It is primitive but effective.
		It takes a very simple input format, so you will probably
		expect to preprocess must human-convenient formats
		using sed scripts before this program will like them.
		But it should be functionally complete.
praliases	A program to print the DBM or NEWDB version of the
		aliases file.
rmail		Source for rmail(8).  This is used as a delivery
		agent for for UUCP, and could presumably be used by
		other non-socket oriented mailers.  Older versions of
		rmail are probably deficient.  RMAIL IS NOT PART OF
		SENDMAIL!!!  The 4.4BSD source is included for you to
		look at or try to port to your system.  I know it doesn't
		compile on {SunOS, HP-UX, OSF/1, other} (pick one).
smrsh		The "sendmail restricted shell", which can be used as
		a replacement for /bin/sh in the prog mailer to provide
		increased security control.  NOT PART OF SENDMAIL!
src		Source for the sendmail program itself.
test		Some test scripts (currently only for compilation aids).