warn of the sins of wildcard MX records
[unix-history] / usr / src / usr.sbin / sendmail / src / READ_ME
# Copyright (c) 1983, 1995 Eric P. Allman
# Copyright (c) 1988 The Regents of the University of California.
# All rights reserved.
#
# %sccs.include.redist.sh%
#
# @(#)READ_ME 8.97 (Berkeley) %G%
#
This directory contains the source files for sendmail.
For detailed instructions, please read the document ../doc/op.me:
eqn ../doc/op.me | pic | ditroff -me
*********************
!! DO NOT USE MAKE !! to compile sendmail -- instead, use the
********************* "makesendmail" script located in the src
directory. It will find an appropriate Makefile, and create an
appropriate obj.* subdirectory so that multiplatform support
works easily.
The Makefile is for the new (4.4BSD) Berkeley make and uses syntax
that is not recognized by older makes. It also has assumptions
about the 4.4 file system layout built in. See below for details
about other Makefiles.
If you are porting to a new architecture for which there is no existing
Makefile, you might start with Makefile.dist. This works on the old
traditional make, but isn't customized for any particular architecture.
**************************************************
** Read below for more details of Makefiles. **
**************************************************
**************************************************************************
** IMPORTANT: DO NOT USE OPTIMIZATION (``-O'') IF YOU ARE RUNNING **
** GCC 2.4.x or 2.5.x. THERE IS A BUG IN THE GCC OPTIMIZER THAT **
** CAUSES SENDMAIL COMPILES TO FAIL MISERABLY. **
**************************************************************************
Jim Wilson of Cygnus believes he has found the problem -- it will
probably be fixed in GCC 2.5.6 -- but until this is verified, be
very suspicious of gcc -O.
This problem is reported to have been fixed in gcc 2.6.
**************************************************************************
** IMPORTANT: Read the appropriate paragraphs in the section on **
** ``Operating System and Compile Quirks''. **
**************************************************************************
+-----------+
| MAKEFILES |
+-----------+
By far, the easiest way to compile sendmail is to use the "makesendmail"
script:
sh makesendmail
This uses the "uname" command to figure out what architecture you are
on and selects a proper Makefile accordingly. It also creates a
subdirectory per object format, so that multiarchitecture support is
easy. In general this should be all you need. However, if for some
reason this doesn't work (e.g., NeXT systems don't have the "uname"
command) you may have to set up your compile environment by hand.
The "Makefile"s in these directories are from 4.4 BSD, and hence
really only work properly if you are on a 4.4 system. In particular,
they use new syntax that will not be recognized on old make programs,
and some of them do things like ``.include ../../Makefile.inc'' to
pick up some system defines. If you are getting sendmail separately,
these files won't be included in the distribution, as they are
outside of the sendmail tree.
Instead, you should use one of the other Makefiles, such as
Makefile.SunOS for a SunOS system, and so forth. These should
work with the version of make that is appropriate for that
system. All other Makefiles are in the "src/Makefiles" subdirectory.
They use the version of make that is native for that system. These
are the Makefiles that I use, and they have "Berkeley quirks" in them.
I can't guarantee that they will work unmodified in your environment.
In particular, Many of them include -I/usr/sww/include/db and
-L/usr/sww/lib -- these are Berkeley's locations in the ``Software
Warehouse'' for the new database libraries, described below. You don't
have to remove these definitions if you don't have these directories,
but you may have to remove -DNEWDB from the DBMDEF definition.
Please look for an appropriate Makefile before you start trying to
compile with Makefile or Makefile.dist.
If you want to port the new Berkeley make, you can get it from
ftp.uu.net in the directory /systems/unix/bsd-sources/usr.bin/make.
Diffs and instructions for building this version of make under
SunOS 4.1.x are available on ftp.css.itd.umich.edu in
/pub/systems/sun/Net2-make-sun4.diff.Z. Diffs and instructions
for building this version of make under IBM AIX 3.2.4 are available
on ftp.uni-stuttgart.de in /sw/src/patches/bsd-make-rus-patches.
For Ultrix, try ftp.vix.com:~ftp/pub/patches/pmake-for-ultrix.Z.
Paul Southworth <pauls@umich.edu> published a description of porting
this make in comp.unix.bsd.
The complete text of the Makefile.inc that is in the parent of the
sendmail directory is:
# @(#)Makefile.inc 8.1 (Berkeley) 6/6/93
BINDIR?= /usr/sbin
+----------------------+
| DATABASE DEFINITIONS |
+----------------------+
There are several database formats that can be used for the alias files
and for general maps. When used for alias files they interact in an
attempt to be back compatible.
The three options are NEWDB (the new Berkeley DB package), NDBM (the
older DBM implementation -- the very old V7 implementation is no
longer supported), and NIS (Network Information Services). Used alone
these just include the support they indicate. [If you are using NEWDB,
get the latest version from FTP.CS.Berkeley.EDU in /ucb/4bsd/db.tar.Z
(or db.tar.gz). DO NOT use the version from the Net2 distribution!
However, if you are on BSD/386 or 386BSD-based systems, use the one
that already exists on your system. You may need to #define OLD_NEWDB
1 to do this.]
[NOTE WELL: it is CRITICAL that you remove ndbm.o from libdb.a and
ndbm.h from the appropriate include directories if you want to get
ndbm support. These files OVERRIDE calls to ndbm routines -- in
particular, if you leave ndbm.h in, you can find yourself using
the new db package even if you don't define NEWDB.]
If NEWDB and NDBM are defined (but not NIS), then sendmail will read
NDBM format alias files, but the next time a newaliases is run the
format will be converted to NEWDB; that format will be used forever
more. This is intended as a transition feature. [Note however that
the NEWDB library also catches and maps NDBM calls; you will have to
back out this feature to get this to work. See ``Quirks'' section
below for details.]
If all three are defined and the name of the file includes the string
"/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format alias
files. However, it will only read the NEWDB file; the NDBM format file
is used only by the NIS subsystem.
If NDBM and NIS are defined (regardless of the definition of NEWDB),
and the filename includes the string "/yp/", sendmail adds the special
tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
required if the NDBM file is to be used as an NIS map.
There is also preliminary support for NIS+ (-DNISPLUS), Hesiod
(-DHESIOD), and NetInfo (-DNETINFO). These have not been well
tested.
All of -DNEWDB, -DNDBM, -DNIS, -DNISPLUS, -DHESIOD, and -DNETINFO are
normally defined in the DBMDEF line in the Makefile.
+---------------+
| COMPILE FLAGS |
+---------------+
Whereever possible, I try to make sendmail pull in the correct
compilation options needed to compile on various environments based on
automatically defined symbols. Some machines don't seem to have useful
symbols availble, requiring the following compilation flags in the
Makefile:
SOLARIS Define this if you are running Solaris 2.0 or higher.
SOLARIS_2_3 Define this if you are running Solaris 2.3 or higher.
SUNOS403 Define this if you are running SunOS 4.0.3.
NeXT Define this if you are on a NeXT box. (This one may
be pre-defined for you.) There are other hacks you
have to make -- see below.
_AIX3 Define this if you are IBM AIX 3.x.
RISCOS Define this if you are running RISC/os from MIPS.
IRIX Define this if you are running IRIX from SGI.
_SCO_unix_ Define this if you are on SCO UNIX.
_SCO_unix_4_2 Define this if you are on SCO Open Server 3.2v4.
DGUX Define this if you are on DG/UX 5.4.3 or later
DGUX_5_4_2 Define this if you are on DG/UX systems prior to 5.4.3.
NonStop_UX_BXX Define this if you are on a Tandem NonStop-UX release
Bxx system.
IRIX64 Define this if you are on an IRIX64 system.
If you are a system that sendmail has already been ported to, you
probably won't have to touch these. But if you are porting, you may
have to tweak the following compilation flags in conf.h in order to
get it to compile and link properly:
SYSTEM5 Adjust for System V (not necessarily Release 4).
SYS5SIGNALS Use System V signal semantics -- the signal handler
is automatically dropped when the signal is caught.
If this is not set, use POSIX/BSD semantics, where the
signal handler stays in force until an exec or an
explicit delete. Implied by SYSTEM5.
SYS5SETPGRP Use System V setpgrp() semantics. Implied by SYSTEM5.
HASFLOCK Set this if you prefer to use the flock(2) system call
rather than using fcntl-based locking. Fcntl locking
has some semantic gotchas, but many vendor systems
also interface it to lockd(8) to do NFS-style locking.
For this reason, this should not be set unless you
don't have an alternative.
HASUNAME Set if you have the "uname" system call. Implied by
SYSTEM5.
HASUNSETENV Define this if your system library has the "unsetenv"
subroutine.
HASSETSID Define this if you have the setsid(2) system call. This
is implied if your system appears to be POSIX compliant.
HASINITGROUPS Define this if you have the initgroups(3) routine.
HASSETVBUF Define this if you have the setvbuf(3) library call.
If you don't, setlinebuf will be used instead. This
defaults on if your compiler defines __STDC__.
HASSETREUID Define this if you have setreuid(2) ***AND*** root can
use setreuid to change to an arbitrary user. This second
condition is not satisfied on AIX 3.x. You may find that
your system has setresuid(2), (for example, on HP-UX) in
which case you will also have to #define setreuid(r, e)
to be the appropriate call. Some systems (such as Solaris)
have a compatibility routine that doesn't work properly,
but may have "saved user ids" properly implemented so you
can ``#define setreuid(r, e) seteuid(e)'' and have it work.
The important thing is that you have a call that will set
the effective uid independently of the real or saved uid
and be able to set the effective uid back again when done.
There's a test program in ../test/t_setreuid.c that will
try things on your system. Setting this improves the
security, since sendmail doesn't have to read .forward
and :include: files as root. There are certain attacks
that may be unpreventable without this call.
USESETEUID Define this to 1 if you have seteuid(2) if you have a seteuid
system call that will allow root to set only the effective
user id to an arbitrary value ***AND*** you have saved user
ids. This is preferable to HASSETREUID if these conditions
are fulfilled. These are the semantics of the to-be-released
revision of Posix.1. The test program ../test/t_seteuid.c
will try this out on your system. If you define both
HASSETREUID and USESETEUID, the former is ignored.
HASLSTAT Define this if you have symbolic links (and thus the
lstat(2) system call). This improves security. Unlike
most other options, this one is on by default, so you
need to #undef it in conf.h if you don't have symbolic
links (these days everyone does).
HASSETRLIMIT Define this to 1 if you have the setrlimit(2) syscall.
You can define it to 0 to force it off. It is assumed
if you are running a BSD-like system.
HASULIMIT Define this if you have the ulimit(2) syscall (System V
style systems). HASSETRLIMIT overrides, as it is more
general.
NEEDGETOPT Define this if you need a reimplementation of getopt(3).
On some systems, getopt does very odd things if called
to scan the arguments twice. This flag will ask sendmail
to compile in a local version of getopt that works
properly.
NEEDSTRTOL Define this if your standard C library does not define
strtol(3). This will compile in a local version.
NEEDVPRINTF Define this if your standard C library does not define
vprintf(3). Note that the resulting fake implementation
is not very elegant and may not even work on some
architectures.
NEEDFSYNC Define this if your standard C library does not define
fsync(2). This will try to simulate the operation using
fcntl(2); if that is not available it does nothing, which
isn't great, but at least it compiles and runs.
HASGETUSERSHELL Define this to 1 if you have getusershell(3) in your
standard C library. If this is not defined, or is defined
to be 0, sendmail will scan the /etc/shells file (no
NIS-style support, defaults to /bin/sh and /bin/csh if
that file does not exist) to get a list of unrestricted
user shells. This is used to determine whether users
are allowed to forward their mail to a program or a file.
NEEDPUTENV Define this if your system needs am emulation of the
putenv(3) call. Define to 1 to implement it in terms
of setenv(3) or to 2 to do it in terms of primitives.
GIDSET_T The type of entries in a gidset passed as the second
argument to getgroups(2). Historically this has been an
int, so this is the default, but some systems (such as
IRIX) pass it as a gid_t, which is an unsigned short.
This will make a difference, so it is important to get
this right! However, it is only an issue if you have
group sets.
SLEEP_T The type returned by the system sleep() function.
Defaults to "unsigned int". Don't worry about this
if you don't have compilation problems.
ARBPTR_T The type of an arbitrary pointer -- defaults to "void *".
If you are an very old compiler you may need to define
this to be "char *".
LA_TYPE The type of load average your kernel supports. These
can be one of:
LA_ZERO (1) -- it always returns the load average as
"zero" (and does so on all architectures).
LA_INT (2) to read /dev/kmem for the symbol avenrun and
interpret as a long integer.
LA_FLOAT (3) same, but interpret the result as a floating
point number.
LA_SHORT (6) to interpret as a short integer.
LA_SUBR (4) if you have the getloadavg(3) routine in your
system library.
LA_MACH (5) to use MACH-style load averages (calls
processor_set_info()),
LA_PROCSTR (7) to read /proc/loadavg and interpret it
as a string representing a floating-point
number (Linux-style).
LA_READKSYM (8) is an implementation suitable for some
versions of SVr4 that uses the MIOC_READKSYM ioctl
call to read /dev/kmem.
LA_DGUX (9) is a special implementation for DG/UX that uses
the dg_sys_info system call.
LA_HPUX (10) is an HP-UX specific version that uses the
pstat_getdynamic system call.
LA_INT, LA_SHORT, LA_FLOAT, and LA_READKSYM have several
other parameters that they try to divine: the name of your
kernel, the name of the variable in the kernel to examine,
the number of bits of precision in a fixed point load average,
and so forth.
In desperation, use LA_ZERO. The actual code is in
conf.c -- it can be tweaked if you are brave.
FSHIFT For LA_INT, LA_SHORT, and LA_READKSYM, this is the number
of bits of load average after the binary point -- i.e.,
the number of bits to shift right in order to scale the
integer to get the true integer load average. Defaults to 8.
_PATH_UNIX The path to your kernel. Needed only for LA_INT, LA_SHORT,
and LA_FLOAT. Defaults to "/unix" on System V, "/vmunix"
everywhere else.
LA_AVENRUN For LA_INT, LA_SHORT, and LA_FLOAT, the name of the kernel
variable that holds the load average. Defaults to "avenrun"
on System V, "_avenrun" everywhere else.
SFS_TYPE Encodes how your kernel can locate the amount of free
space on a disk partition. This can be set to SFS_NONE
(0) if you have no way of getting this information,
SFS_USTAT (1) if you have the ustat(2) system call,
SFS_4ARGS (2) if you have a four-argument statfs(2)
system call (and the include file is <sys/statfs.h>),
SFS_VFS (3), SFS_MOUNT (4), SFS_STATFS (5) if you have
the two-argument statfs(2) system call with includes in
<sys/vfs.h>, <sys/mount.h>, or <sys/statfs.h> respectively,
or SFS_STATVFS (6) if you have the two-argument statvfs(2)
call. The default if nothing is defined is SFS_NONE.
SFS_BAVAIL with SFS_4ARGS hou can also set SFS_BAVAIL to the field name
in the statfs structure that holds the useful information;
this defaults to f_bavail.
SPT_TYPE Encodes how your system can display what a process is doing
on a ps(1) command (SPT stands for Set Process Title). Can
be set to:
SPT_NONE (0) -- Don't try to set the process title at all.
SPT_REUSEARGV (1) -- Pad out your argv with the information;
this is the default if none specified.
SPT_BUILTIN (2) -- The system library has setproctitle.
SPT_PSTAT (3) -- Use the PSTAT_SETCMD option to pstat(2)
to set the process title; this is used by HP-UX.
SPT_PSSTRINGS (4) -- Use the magic PS_STRINGS pointer (4.4BSD).
SPT_PADCHAR Character used to pad the process title; if undefined,
the space character (0x20) is used. This is ignored if
SPT_TYPE != SPT_REUSEARGV
ERRLIST_PREDEFINED
If set, assumes that some header file defines sys_errlist.
This may be needed if you get type conflicts on this
variable -- otherwise don't worry about it.
WAITUNION The wait(2) routine takes a "union wait" argument instead
of an integer argument. This is for compatibility with
old versions of BSD.
SCANF You can set this to extend the F command to accept a
scanf string -- this gives you a primitive parser for
class definitions -- BUT it can make you vulnerable to
core dumps if the target file is poorly formed.
SYSLOG_BUFSIZE You can define this to be the size of the buffer that
syslog accepts. If it is not defined, it assumes a
1024-byte buffer. If the buffer is very small (under
256 bytes) the log message format changes -- each
e-mail message will log many more messages, since it
will log each piece of information as a separate line
in syslog.
BROKEN_RES_SEARCH
On Ultrix (and maybe other systems?) if you use the
res_search routine with an unknown host name, it returns
-1 but sets h_errno to 0 instead of HOST_NOT_FOUND. If
you set this, sendmail considers 0 to be the same as
HOST_NOT_FOUND.
NAMELISTMASK If defined, values returned by nlist(3) are masked
against this value before use -- a common value is
0x7fffffff to strip off the top bit.
BSD4_4_SOCKADDR If defined, socket addresses have an sa_len field that
defines the length of this address.
+-----------------------+
| COMPILE-TIME FEATURES |
+-----------------------+
There are a bunch of features that you can decide to compile in, such
as selecting various database packages and special protocol support.
Several are assumed based on other compilation flags -- if you want to
"un-assume" something, you probably need to edit conf.h. Compilation
flags that add support for special features include:
NDBM Include support for "new" DBM library for aliases and maps.
Normally defined in the Makefile.
NEWDB Include support for Berkeley "db" package (hash & btree)
for aliases and maps. Normally defined in the Makefile.
OLD_NEWDB If non-zero, the version of NEWDB you have is the old
one that does not include the "fd" call. This call was
added in version 1.5 of the Berkeley DB code. If you
use -DOLD_NEWDB=0 it forces you to use the new interface.
NIS Define this to get NIS (YP) support for aliases and maps.
Normally defined in the Makefile.
NISPLUS Define this to get NIS+ support for aliases and maps.
Normally defined in the Makefile.
HESIOD Define this to get Hesiod support for aliases and maps.
Normally defined in the Makefile.
NETINFO Define this to get NeXT NetInfo support for aliases and maps.
Normally defined in the Makefile.
USERDB Define this to 1 to include support for the User Information
Database. Implied by NEWDB or HESIOD. You can use
-DUSERDB=0 to explicitly turn it off.
IDENTPROTO Define this as 1 to get IDENT (RFC 1413) protocol support.
This is assumed unless you are running on Ultrix or
HP-UX, both of which have a problem in the UDP
implementation. You can define it to be 0 to explicitly
turn off IDENT protocol support. If defined off, the code
is actually still compiled in, but it defaults off; you
can turn it on by setting the IDENT timeout to 30s in the
configuration file.
IP_SRCROUTE Define this to 1 to get IP source routing information
displayed in the Received: header. This is assumed on
most systems, but some (e.g., Ultrix) apparently have a
broken version of getsockopt that doesn't properly
support the IP_OPTIONS call. You probably want this if
your OS can cope with it. Symptoms of failure will be that
it won't compile properly (that is, no support for fetching
IP_OPTIONs), or it compiles but source-routed TCP connections
either refuse to open or open and hang for no apparent reason.
Ultrix and AIX are known to fail this way.
LOG Set this to get syslog(3) support. Defined by default
in conf.h. You want this if at all possible.
NETINET Set this to get TCP/IP support. Defined by default
in conf.h. You probably want this.
NETISO Define this to get ISO networking support.
SMTP Define this to get the SMTP code. Implied by NETINET
or NETISO.
NAMED_BIND If non-zero, include DNS (name daemon) support, including
MX support. The specs you must use this if you run
SMTP. Defined by default in conf.h.
QUEUE Define this to get queueing code. Implied by NETINET
or NETISO; required by SMTP. This gives you other good
stuff -- it should be on.
DAEMON Define this to get general network support. Implied by
NETINET or NETISO. Defined by default in conf.h. You
almost certainly want it on.
MATCHGECOS Permit fuzzy matching of user names against the full
name (GECOS) field in the /etc/passwd file. This should
probably be on, since you can disable it from the config
file if you want to. Defined by default in conf.h.
MIME8TO7 If non-zero, include 8 to 7 bit MIME conversions. This
also controls advertisement of 8BITMIME in the ESMTP
startup dialogue.
MIME7TO8 If non-zero, include 7 to 8 bit MIME conversions. Not yet
implemented.
+---------------------+
| DNS/RESOLVER ISSUES |
+---------------------+
Many systems have old versions of the resolver library. At a minimum,
you should be running BIND 4.8.3; older versions may compile, but they
have known bugs that should give you pause.
Common problems in old versions include "undefined" errors for
dn_skipname.
Some people have had a problem with BIND 4.9; it uses some routines
that it expects to be externally defined such as strerror(). It may
help to link with "-l44bsd" to solve this problem.
!PLEASE! be sure to link with the same version of the resolver as
the header files you used -- some people have used the 4.9 headers
and linked with BIND 4.8 or vice versa, and it doesn't work.
Unfortunately, it doesn't fail in an obvious way -- things just
subtly don't work.
WILDCARD MX RECORDS ARE A BAD IDEA! The only situation in which they
work reliably is if you have two versions of DNS, one in the real world
which has a wildcard pointing to your firewall, and a completely
different version of the database internally that does not include
wildcard MX records that match your domain. ANYTHING ELSE WILL GIVE
YOU HEADACHES!
+-------------------------------------+
| OPERATING SYSTEM AND COMPILE QUIRKS |
+-------------------------------------+
GCC 2.5.x problems *** IMPORTANT ***
Date: Mon, 29 Nov 93 19:08:44 PST
From: wilson@cygnus.com (Jim Wilson)
Message-Id: <9311300308.AA04608@cygnus.com>
To: kenner@vlsi1.ultra.nyu.edu
Subject: [cattelan@thebarn.com: gcc 2.5.4-2.5.5 -O bug]
Cc: cattelan@thebarn.com, rms@gnu.ai.mit.edu, sendmail@cs.berkeley.edu
This fixes a problem that occurs when gcc 2.5.5 is used to compile
sendmail 8.6.4 with optimization on a sparc.
Mon Nov 29 19:00:14 1993 Jim Wilson (wilson@sphagnum.cygnus.com)
* reload.c (find_reloads_toplev): Replace obsolete reference to
BYTE_LOADS_*_EXTEND with LOAD_EXTEND_OP.
*** clean-ss-931128/reload.c Sun Nov 14 16:20:01 1993
--- ss-931128/reload.c Mon Nov 29 18:52:55 1993
*************** find_reloads_toplev (x, opnum, type, ind
*** 3888,3894 ****
force a reload in that case. So we should not do anything here. */
else if (regno >= FIRST_PSEUDO_REGISTER
! #if defined(BYTE_LOADS_ZERO_EXTEND) || defined(BYTE_LOADS_SIGN_EXTEND)
&& (GET_MODE_SIZE (GET_MODE (x))
<= GET_MODE_SIZE (GET_MODE (SUBREG_REG (x))))
#endif
--- 3888,3894 ----
force a reload in that case. So we should not do anything here. */
else if (regno >= FIRST_PSEUDO_REGISTER
! #ifdef LOAD_EXTEND_OP
&& (GET_MODE_SIZE (GET_MODE (x))
<= GET_MODE_SIZE (GET_MODE (SUBREG_REG (x))))
#endif
SunOS 4.x (Solaris 1.x)
You may have to use -lresolv on SunOS. However, beware that
this links in a new version of gethostbyname that does not
understand NIS, so you must have all of your hosts in DNS.
Some people have reported problems with the SunOS version of
-lresolv and/or in.named, and suggest that you get a newer
version. The symptoms are delays when you connect to the
SMTP server on a SunOS machine or having your domain added to
addresses inappropriately. There is a version of BIND
version 4.9 on gatekeeper.DEC.COM in pub/BSD/bind/4.9.
There is substantial disagreement about whether you can make
this work with resolv+, which allows you to specify a search-path
of services. Some people report that it works fine, others
claim it doesn't work at all (including causing sendmail to
drop core when it tries to do multiple resolv+ lookups for a
single job). I haven't tried resolv+, as we use DNS exclusively.
Should you want to try resolv+, it is on ftp.uu.net in
/networking/ip/dns.
Apparently getservbyname() can fail under moderate to high
load under some circumstances. This will exhibit itself as
the message ``554 makeconnection: service "smtp" unknown''.
The problem has been traced to one or more blank lines in
/etc/services on the NIS server machine. Delete these
and it should work. This info is thanks to Brian Bartholomew
<bb@math.ufl.edu> of I-Kinetics, Inc.
Solaris 2.x (SunOS 5.x)
To compile for Solaris, be sure you use -DSOLARIS.
To the best of my knowledge, Solaris does not have the
gethostbyname problem described above. However, it does
have another one:
From a correspondent:
For solaris 2.2, I have
hosts: files dns
in /etc/nsswitch.conf and /etc/hosts has to have the fully
qualified host name. I think "files" has to be before "dns"
in /etc/nsswitch.conf during bootup.
From another correspondent:
When running sendmail under Solaris, the gethostbyname()
hack in conf.c which should perform proper canonicalization
of host names could fail. Result: the host name is not
canonicalized despite the hack, and you'll have to define $j
and $m in sendmail.cf somewhere.
The reason could be that /etc/nsswitch.conf is improperly
configured (at least from sendmail's point of view). For
example, the line
hosts: files nisplus dns
will make gethostbyname() look in /etc/hosts first, then ask
nisplus, then dns. However, if /etc/hosts does not contain
the full canonicalized hostname, then no amount of
gethostbyname()s will work.
Solution (or rather, a workaround): Ask nisplus first, then
dns, then local files:
hosts: nisplus dns [NOTFOUND=return] files
The Solaris "syslog" function is apparently limited to something
about 90 characters because of a kernel limitation. If you have
source code, you can probably up this number. You can get patches
that fix this problem: the patch ids are:
Solaris 2.1 100834
Solaris 2.2 100999
Solaris 2.3 101318
Be sure you have the appropriate patch installed or you won't
see system logging.
Solaris 2.4 (SunOS 5.4)
If you include /usr/lib at the end of your LD_LIBRARY_PATH you run
the risk of getting the wrong libraries under some circumstances.
This is because of a new feature in Solaris 2.4, described by
Rod.Evans@Eng.Sun.COM:
>> Prior to SunOS 5.4, any LD_LIBRARY_PATH setting was ignored by the
>> runtime linker if the application was setxid (secure), thus your
>> applications search path would be:
>>
>> /usr/local/lib LD_LIBRARY_PATH component - IGNORED
>> /usr/lib LD_LIBRARY_PATH component - IGNORED
>> /usr/local/lib RPATH - honored
>> /usr/lib RPATH - honored
>>
>> the effect is that path 3 would be the first used, and this would
>> satisfy your resolv.so lookup.
>>
>> In SunOS 5.4 we made the LD_LIBRARY_PATH a little more flexible.
>> People who developed setxid applications wanted to be able to alter
>> the library search path to some degree to allow for their own
>> testing and debugging mechanisms. It was decided that the only
>> secure way to do this was to allow a `trusted' path to be used in
>> LD_LIBRARY_PATH. The only trusted directory we presently define
>> is /usr/lib. Thus a setuid root developer could play with some
>> alternative shared object implementations and place them in
>> /usr/lib (being root we assume they'ed have access to write in this
>> directory). This change was made as part of 1155380 - after a
>> *huge* amount of discussion regarding the security aspect of things.
>>
>> So, in SunOS 5.4 your applications search path would be:
>>
>> /usr/local/lib from LD_LIBRARY_PATH - IGNORED (untrustworthy)
>> /usr/lib from LD_LIBRARY_PATH - honored (trustworthy)
>> /usr/local/lib from RPATH - honored
>> /usr/lib from RPATH - honored
>>
>> here, path 2 would be the first used.
Ultrix
By default, the IDENT protocol is turned off on Ultrix. If you
are running Ultrix 4.4 or later, or if you have included patch
CXO-8919 for Ultrix 4.2 or 4.3 to fix the TCP problem, you can turn
IDENT on in the configuration file by setting the "ident" timeout
to 30 seconds.
OSF/1
If you are compiling on OSF/1 (DEC Alpha), you must use
-L/usr/shlib (otherwise it core dumps on startup). You may also
need -mld to get the nlist() function, although some versions
apparently don't need this.
Also, the enclosed makefile removed /usr/sbin/smtpd; if you need
it, just create the link to the sendmail binary.
IRIX
The header files on SGI IRIX are completely prototyped, and as
a result you can sometimes get some warning messages during
compilation. These can be ignored. There are two errors in
deliver only if you are using gcc, both of the form ``warning:
passing arg N of `execve' from incompatible pointer type''.
Also, if you compile with -DNIS, you will get a complaint
about a declaration of struct dom_binding in a prototype
when compiling map.c; this is not important because the
function being prototyped is not used in that file.
In order to compile sendmail you will have had to install
the developers' option in order to get the necessary include
files.
NeXT or NEXTSTEP
NEXTSTEP 3.3 and earlier ship with the old DBM library. You will
need to acquire the new Berkeley DB from ftp.cs.berkeley.edu.
Install it in /usr/local/{lib,include}.
If you are compiling on NEXTSTEP, you will have to create an
empty file "unistd.h" and create a file "dirent.h" containing:
#include <sys/dir.h>
#define dirent direct
(The Makefile.NeXT should try to do both of these for you.)
Apparently, there is a bug in getservbyname on Nextstep 3.0
that causes it to fail under some circumstances with the
message "SYSERR: service "smtp" unknown" logged. You should
be able to work around this by including the line:
OOPort=25
in your .cf file.
You may have to use -DNeXT.
BSDI (BSD/386) 1.0, NetBSD 0.9, FreeBSD 1.0
The "m4" from BSDI won't handle the config files properly.
I haven't had a chance to test this myself.
The M4 shipped in FreeBSD and NetBSD 0.9 don't handle the config
files properly. One must use either GNU m4 1.1 or the PD-M4
recently posted in comp.os.386bsd.bugs (and maybe others).
NetBSD-current includes the PD-M4 (as stated in the NetBSD file
CHANGES).
FreeBSD 1.0 RELEASE has uname(2) now. Use -DUSEUNAME in order to
use it (look into Makefile.FreeBSD). NetBSD-current may have
it too but it has not been verified.
You cannot port the latest version of the Berkeley db library
and use it with sendmail without recompiling the world. This
is because C library routines use the older version which have
incompatible header files -- the result is that it can't read
other system files, such as /etc/passwd, unless you use the
new db format throughout your system. You should normally just
use the version of db supplied in your release. You may need
to use -DOLD_NEWDB=1 to make this work -- this turns off some
new interface calls (for file locking) that are not in older
versions of db. You'll get compile errors if you need this
flag and don't have it set.
4.3BSD
If you are running a "virgin" version of 4.3BSD, you'll have
a very old resolver and be missing some header files. The
header files are simple -- create empty versions and everything
will work fine. For the resolver you should really port a new
version (4.8.3 or later) of the resolver; 4.9 is available on
gatekeeper.DEC.COM in pub/BSD/bind/4.9. If you are really
determined to continue to use your old, buggy version (or as
a shortcut to get sendmail working -- I'm sure you have the
best intentions to port a modern version of BIND), you can
copy ../contrib/oldbind.compat.c into src and add
oldbind.compat.o to OBJADD in the Makefile.
A/UX
Date: Tue, 12 Oct 1993 18:28:28 -0400 (EDT)
From: "Eric C. Hagberg" <hagberg@med.cornell.edu>
Subject: Fix for A/UX ndbm
I guess this isn't really a sendmail bug, however, it is something
that A/UX users should be aware of when compiling sendmail 8.6.
Apparently, the calls that sendmail is using to the ndbm routines
in A/UX 3.0.x contain calls to "broken" routines, in that the
aliases database will break when it gets "just a little big"
(sorry I don't have exact numbers here, but it broke somewhere
around 20-25 aliases for me.), making all aliases non-functional
after exceeding this point.
What I did was to get the gnu-dbm-1.6 package, compile it, and
then re-compile sendmail with "-lgdbm", "-DNDBM", and using the
ndbm.h header file that comes with the gnu-package. This makes
things behave properly.
I suppose porting the New Berkeley db package is another route,
however, I made a quick attempt at it, and found it difficult
(not easy at least); the gnu-dbm package "configured" and
compiled easily.
SCO Unix
From: Thomas Essebier <tom@stallion.oz.au>
Organisation: Stallion Technologies Pty Ltd.
It will probably help those who are trying to configure sendmail 8.6.9
to know that if they are on SCO, they had better set
OI-dnsrch
or they will core dump as soon as they try to use the resolver.
ie. although SCO has _res.dnsrch defined, and is kinda BIND 4.8.3, it
does not inititialise it, nor does it understand 'search' in
/etc/named.boot.
- sigh -
DG/UX
Doug Anderson <dlander@afterlife.ncsc.mil> has successfully run
V8 on the DG/UX 5.4.2 and 5.4R3.x platforms under heavy usage.
Originally, the DG /bin/mail program wasn't compatible with
the V8 sendmail, since the DG /bin/mail requires the environment
variable "_FORCE_MAIL_LOCAL_=yes" be set. Version 8.7 now includes
this in the environment before invoking the local mailer. Some
have used procmail to avoid this problem in the past. It works
but some have experienced file locking problems with their DG/UX
ports of procmail.
Apollo DomainOS
If you are compiling on Apollo, you will have to create an empty
file "unistd.h" and create a file "dirent.h" containing:
#include <sys/dir.h>
#define dirent direct
(The Makefile.DomainOS will attempt to do both of these for you.)
HP-UX 8.00
Date: Mon, 24 Jan 1994 13:25:45 +0200
From: Kimmo Suominen <Kimmo.Suominen@lut.fi>
Subject: 8.6.5 w/ HP-UX 8.00 on s300
Just compiled and fought with sendmail 8.6.5 on a HP9000/360 (ie. a
series 300 machine) running HP-UX 8.00.
I was getting segmentation fault when delivering to a local user.
With debugging I saw it was faulting when doing _free@libc... *sigh*
It seems the new implementation of malloc on s300 is buggy as of 8.0,
so I tried out the one in -lmalloc (malloc(3X)). With that it seems
to work just dandy.
When linking, you will get the following error:
ld: multiply defined symbol _freespace in file /usr/lib/libmalloc.a
but you can just ignore it. You might want to add this info to the
README file for the future...
Linux
Something broke between versions 0.99.13 and 0.99.14 of Linux:
the flock() system call gives errors. If you are running .14,
you must not use flock. You can do this with -DHASFLOCK=0.
Around the inclusion of bind-4.9.3 & linux libc-4.6.20, the
initialization of the _res structure changed. If /etc/hosts.conf
was configured as "hosts, bind" the resolver code could return
"Name server failure" errors. This is supposedly fixed in
later versions of libc (>= 4.6.29?), and later versions of
sendmail (> 8.6.10) try to work around the problem.
Some older versions (< 4.6.20?) of the libc/include files conflict
with sendmail's version of cdefs.h. Deleting sendmail's version
on those systems should be non-harmful, and new versions don't care.
AIX
This version of sendmail does not support MB, MG, and MR resource
records, which are supported by AIX sendmail.
RISC/os
RISC/os from MIPS is a merged AT&T/Berkeley system. When you
compile on that platform you will get duplicate definitions
on many files. You can ignore these.
System V Release 4 Based Systems
There is a single Makefile that is intended for all SVR4-based
systems (called Makefile.SVR4). It defines __svr4__, which is
predefined by some compilers. If your compiler already defines
this compile variable, you can delete the definition from the
Makefile.
It's been tested on Dell Issue 2.2.
DELL SVR4
Date: Mon, 06 Dec 1993 10:42:29 EST
From: "Kimmo Suominen" <kim@grendel.lut.fi>
Message-ID: <2d0352f9.lento29@lento29.UUCP>
To: eric@cs.berkeley.edu
Cc: sendmail@cs.berkeley.edu
Subject: Notes for DELL SVR4
Eric,
Here are some notes for compiling Sendmail 8.6.4 on DELL SVR4. I ran
across these things when helping out some people who contacted me by
e-mail.
1) Use gcc 2.4.5 (or later?). Dell distributes gcc 2.1 with their
Issue 2.2 Unix. It is too old, and gives you problems with
clock.c, because sigset_t won't get defined in <sys/signal.h>.
This is due to a problematic protection rule in there, and is
fixed with gcc 2.4.5.
2) If you don't use the new Berkeley DB (-DNEWDB), then you need
to add "-lc -lucb" to the libraries to link with. This is because
the -ldbm distributed by Dell needs the bcopy, bcmp and bzero
functions. It is important that you specify both libraries in
the given order to be sure you only get the BSTRING functions
from the UCB library (and not the signal routines etc.).
3) Don't leave out "-lelf" even if compiling with "-lc -lucb".
The UCB library also has another copy of the nlist routines,
but we do want the ones from "-lelf".
If anyone needs a compiled gcc 2.4.5 and/or a ported DB library, they
can use anonymous ftp to fetch them from lut.fi in the /kim directory.
They are copies of what I use on grendel.lut.fi, and offering them
does not imply that I would also support them. I have sent the DB
port for SVR4 back to Keith Bostic for inclusion in the official
distribution, but I haven't heard anything from him as of today.
- gcc-2.4.5-svr4.tar.gz (gcc 2.4.5 and the corresponding libg++)
- db-1.72.tar.gz (with source, objects and a installed copy)
Cheers
+ Kim
--
* Kimmo.Suominen@lut.fi * SysVr4 enthusiast at GRENDEL.LUT.FI *
* KIM@FINFILES.BITNET * Postmaster and Hostmaster at LUT.FI *
* + 358 200 865 718 * Unix area moderator at NIC.FUNET.FI *
ConvexOS 10.1 and below
In order to use the name server, you must create the file
/etc/use_nameserver. If this file does not exist, the call
to res_init() will fail and you will have absolutely no
access to DNS, including MX records.
Amdahl UTS 2.1.5
In order to get UTS to work, you will have to port BIND 4.9.
The vendor's BIND is reported to be ``totally inadequate.''
See sendmail/contrib/AmdahlUTS.patch for the patches necessary
to get BIND 4.9 compiled for UTS.
UnixWare 2.0
According to Alexander Kolbasov <sasha@unitech.gamma.ru>,
the m4 on UnixWare 2.0 (still in Beta) will core dump on the
config files. GNU m4 and the m4 from UnixWare 1.x both work.
Non-DNS based sites
This version of sendmail always tries to connect to the Domain
Name System (DNS) to resolve names, regardless of the setting
of the `I' option. On most systems that are not running DNS,
this will fail quickly and sendmail will continue, but on some
systems it has a long timeout. If you have this problem, you
will have to recompile without NAMED_BIND. Some people have
claimed that they have successfully used "OI+USEVC" to force
sendmail to use a virtual circuit -- this will always time out
quickly, but also tells sendmail that a failed connection
should requeue the message (probably not what you intended).
A future release of sendmail will correct this problem.
Both NEWDB and NDBM
If you use both -DNDBM and -DNEWDB, you must delete the module
ndbm.o from libdb.a and delete the file "ndbm.h" from the files
that get installed (that is, use the OLD ndbm.h, not the new
ndbm.h). This compatibility module maps ndbm calls into DB
calls, and breaks things rather badly.
GNU getopt
I'm told that GNU getopt has a problem in that it gets confused
by the double call. Use the version in conf.c instead.
BIND 4.9.2 and Ultrix
If you are running on Ultrix, be sure you read conf/Info.Ultrix
in the BIND distribution very carefully -- there is information
in there that you need to know in order to avoid errors of the
form:
/lib/libc.a(gethostent.o): sethostent: multiply defined
/lib/libc.a(gethostent.o): endhostent: multiply defined
/lib/libc.a(gethostent.o): gethostbyname: multiply defined
/lib/libc.a(gethostent.o): gethostbyaddr: multiply defined
during the link stage.
strtoul
Some compilers (notably gcc) claim to be ANSI C but do not
include the ANSI-required routine "strtoul". If your compiler
has this problem, you will get an error in srvrsmtp.c on the
code:
# ifdef defined(__STDC__) && !defined(BROKEN_ANSI_LIBRARY)
e->e_msgsize = strtoul(vp, (char **) NULL, 10);
# else
e->e_msgsize = strtol(vp, (char **) NULL, 10);
# endif
You can use -DBROKEN_ANSI_LIBRARY to get around this problem.
+--------------+
| MANUAL PAGES |
+--------------+
The manual pages have been written against the -mandoc macros
instead of the -man macros. The latest version of groff has them
included. You can also get a copy from FTP.UU.NET in directory
/systems/unix/bsd-sources/share/tmac.
+-----------------+
| DEBUGGING HOOKS |
+-----------------+
As of 8.6.5, sendmail daemons will catch a SIGUSR1 signal and log
some debugging output (logged at LOG_DEBUG severity). The
information dumped is:
* The value of the $j macro.
* A warning if $j is not in the set $=w.
* A list of the open file descriptors.
* The contents of the connection cache.
* If ruleset 89 is defined, it is evaluated and the results printed.
This allows you to get information regarding the runtime state of the
daemon on the fly. This should not be done too frequently, since
the process of rewriting may lose memory which will not be recovered.
Also, ruleset 89 may call non-reentrant routines, so there is a small
non-zero probability that this will cause other problems. It is
really only for debugging serious problems.
A typical formulation of ruleset 89 would be:
R$* $@ $>0 some test address
+-----------------------------+
| DESCRIPTION OF SOURCE FILES |
+-----------------------------+
The following list describes the files in this directory:
Makefile The makefile used here; this version only works with
the new Berkeley make.
Makefile.dist A trimmed down version of the makefile that works with
the old make.
READ_ME This file.
TRACEFLAGS My own personal list of the trace flags -- not guaranteed
to be particularly up to date.
alias.c Does name aliasing in all forms.
arpadate.c A subroutine which creates ARPANET standard dates.
clock.c Routines to implement real-time oriented functions
in sendmail -- e.g., timeouts.
collect.c The routine that actually reads the mail into a temp
file. It also does a certain amount of parsing of
the header, etc.
conf.c The configuration file. This contains information
that is presumed to be quite static and non-
controversial, or code compiled in for efficiency
reasons. Most of the configuration is in sendmail.cf.
conf.h Configuration that must be known everywhere.
convtime.c A routine to sanely process times.
daemon.c Routines to implement daemon mode. This version is
specifically for Berkeley 4.1 IPC.
deliver.c Routines to deliver mail.
domain.c Routines that interface with DNS (the Domain Name
System).
err.c Routines to print error messages.
envelope.c Routines to manipulate the envelope structure.
headers.c Routines to process message headers.
macro.c The macro expander. This is used internally to
insert information from the configuration file.
main.c The main routine to sendmail. This file also
contains some miscellaneous routines.
map.c Support for database maps.
mci.c Routines that handle mail connection information caching.
parseaddr.c The routines which do address parsing.
queue.c Routines to implement message queueing.
readcf.c The routine that reads the configuration file and
translates it to internal form.
recipient.c Routines that manipulate the recipient list.
savemail.c Routines which save the letter on processing errors.
sendmail.h Main header file for sendmail.
srvrsmtp.c Routines to implement server SMTP.
stab.c Routines to manage the symbol table.
stats.c Routines to collect and post the statistics.
sysexits.c List of error messages associated with error codes
in sysexits.h.
trace.c The trace package. These routines allow setting and
testing of trace flags with a high granularity.
udb.c The user database interface module.
usersmtp.c Routines to implement user SMTP.
util.c Some general purpose routines used by sendmail.
version.c The version number and information about this
version of sendmail. Theoretically, this gets
modified on every change.
Eric Allman
(Version 8.97, last update %G% 18:11:35)