diff options
| author | Richard Nelson <cowboy@debian.org> | 1998-06-23 10:00:00 -0500 |
|---|---|---|
| committer | Andreas Beckmann <debian@abeckmann.de> | 2012-10-01 19:58:37 +0200 |
| commit | 6202a816311c5e56f71ecd358850b1e6d8cd7065 (patch) | |
| tree | de47ad4f657df101b6f36a07a6c6e19191be7de9 /debian/part1 | |
| parent | 6c193ce1dd1d07ebdc1372e38bc4908ab1c37705 (diff) | |
| download | sendmail-debian/8.8.8-20.tar.gz | |
Imported Debian patch 8.8.8-20debian/8.8.8-20
Diffstat (limited to 'debian/part1')
| -rw-r--r-- | debian/part1 | 1755 |
1 files changed, 1755 insertions, 0 deletions
diff --git a/debian/part1 b/debian/part1 new file mode 100644 index 0000000..f6f347a --- /dev/null +++ b/debian/part1 @@ -0,0 +1,1755 @@ +Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!hookup!nic.ott.hookup.net!vertex.tor.hookup.net!nic.win.hookup.net!news-out.internetmci.com!newsfeed.internetmci.com!uwm.edu!math.ohio-state.edu!howland.erols.net!newsxfer3.itd.umich.edu!news.cic.net!not-for-mail +From: brad@etext.org +Newsgroups: comp.mail.sendmail,comp.mail.misc,comp.answers,news.answers +Subject: comp.mail.sendmail Frequently Asked Questions (Part 1 of 2) +Followup-To: comp.mail.sendmail +Date: 27 Mar 1997 06:01:28 GMT +Organization: The ETEXT Archives +Lines: 1734 +Approved: news-answers-request@MIT.Edu +Distribution: world +Expires: 05/01/97 02:00:01 +Message-ID: <5hd2fo$pou$1@news.cic.net> +Reply-To: sendmail-faq@etext.org (Sendmail FAQ Maintainers) +NNTP-Posting-Host: locust.cic.net +Summary: This posting contains a list of Frequently Asked Questions + (and their answers) about the program "sendmail", distributed with + many versions of Unix. It should be read by anyone who wishes to + post to the Usenet newsgroup comp.mail.sendmail. +Keywords: sendmail mail SMTP FAQ +X-Posting-Frequency: posted on the 27th of each month +Xref: senator-bedfellow.mit.edu comp.mail.sendmail:42630 comp.mail.misc:38790 comp.answers:25080 news.answers:98196 + +Posted-By: auto-faq 3.1.1.2 +Archive-name: mail/sendmail-faq/part1 + +URL: http://www.his.com/~brad/sendmail/index.html + + + comp.mail.sendmail + Frequently Asked Questions (FAQ) + Last updated March 24, 1997 + + Copyright 1996, by Brad Knowles, all rights reserved + + +This FAQ is edited and maintained by Brad Knowles <brad@etext.org>. +The official archive for all FAQs posted to <news:news.answers> +is <ftp://rtfm.mit.edu/pub/usenet/news.answers/>, with many known +mirrors. On this site, the latest version of this FAQ can be found +in <ftp://rtfm.mit.edu/pub/usenet/news.answers/mail/sendmail-faq/>. +Since this server tends to be extremely busy, as an alternative, +you might want to try using <http://www.imc.org/sendmail-faq-1> +and <http://www.imc.org/sendmail-faq-2> instead. + +If you don't have access to FTP or WWW, this FAQ can be retrieved by +sending Internet email to <mail-server@rtfm.mit.edu> with an empty +subject line (it gets ignored) and the command "send +usenet/news.answers/mail/sendmail-faq/part*" as the body of the +message (omitting the quotes, of course). + +As an alternative, you might want to try sending Internet email +to <info@imc.org> with an empty subject line (it gets ignored) +and "send sendmail-faq-*" as the body of the body of the message +(again, omitting the quotes). + +Additional alternative access methods are detailed within. + + +This FAQ is in RFC 1153 digest format. The "Date:" field of each +entry represents the date of the last update made to that entry. + + +This FAQ has now been split into two parts, to try and make it easier +to pass through older or less capable news or mail gateways. + + +The intent is to ultimately make this document more web-friendly (in +that all original work is done in SGML), and using the linuxdoc-sgml +tools, automatically generate both the HTML and ASCII text versions, +automatically posting the ASCII version to comp.mail.sendmail as +appropriate. + +In the meanwhile, all pseudo-HTMLized versions of this FAQ are +considered unsupported. We cannot be held responsible for what +someone else's program does to this document in an attempt to +make it more web-friendly. Nevertheless, the Landfield Hypertext +Usenet FAQ Archive seems to work well, and if you must access +the comp.mail.sendmail FAQ via the web, try slinging over to +<http://www.landfield.com/faqs/mail/sendmail-faq/>. + + +Comments/updates should be sent to <sendmail-faq@etext.org>. + +---------------------------------------------------------------------- + +Date: March 24, 1997 +Subject: Table of Contents + +Table of Contents +================= + + PART ONE + ======== + + 0. TO DO + + 1. COPYRIGHT NOTICE / REDISTRIBUTION REQUIREMENTS + + 2. INTRODUCTION / MISCELLANEOUS + 2.1 What is this newsgroup? + 2.2 What is the scope of this FAQ? + 2.3 Where can I find the latest version of this FAQ? + 2.4 How do I access comp.mail.sendmail by email? + 2.5 Where can I ask email-related DNS questions? + 2.6 How can I subscribe to these newsgroups? + 2.7 Which version of sendmail should I run? + 2.8 What is the latest release of sendmail? + 2.9 Where can I find it? + 2.10 What are the differences between Version 8 and other + versions? + 2.11 What's the best platform for running sendmail? + 2.12 What is BIND and where can I get the latest version? + 2.13 What is smrsh and where can I get it? + 2.14 What is smap and where can I get it? + 2.15 What is TCP-Wrappers and where can I get it? + 2.16 Why won't db 1.85 build for my SGI running Irix >= 5.2? + 2.17 What is makemap and where can I get it? + + 3. VERSION 8 SPECIFIC ISSUES + 3.1 How do I make all my addresses appear to be from a single + host? + 3.2 How do I rewrite my "From:" lines to read + ``First_Last@My.Domain''? + 3.3 So what was the user database feature intended for? + 3.4 Why are you so hostile to using full names for email + addresses? + 3.5 Where do I find this user database (UserDB) code? + 3.6 How do I get the user database to work with Pine or + with FEATURE(always_add_domain)? + 3.7 How do I manage several (virtual) domains? + 3.8 There are four UUCP mailers listed in the configuration + files. Which one should I use? + 3.9 How do I fix "undefined symbol inet_aton" and "undefined + symbol _strerror" messages? + 3.10 How do I solve "collect: I/O error on connection" errors? + 3.11 Why can't my users forward their mail to a program? + 3.12 Why do connections to the SMTP port take such a long time? + 3.13 Why do I get "unknown mailer error 5 -- mail: options + MUST PRECEDE recipients" errors? + 3.14 Why does version 8 sendmail panic my SunOS box? + 3.15 Why does the "From " header gets mysteriously munged + when I send to an alias? + 3.16 Why doesn't MASQUERADE_AS (or the user database) work + for envelope addresses as well as header addresses? + 3.17 How do I run version 8 sendmail and support the MAIL11V3 + protocol? + 3.18 Why do messages disappear from my queue unsent? + 3.19 When is sendmail going to support RFC 1522 MIME header + encoding? + 3.20 Why can't I get mail to some places, but instead + always get the error "reply: read error from + name.of.remote.host"? + 3.21 Why doesn't "FEATURE(xxx)" work? + 3.22 How do I configure sendmail to not use DNS? + 3.23 How do I get all my queued mail delivered to my Unix + box from my ISP? + + + PART TWO + ======== + + 4. GENERAL SENDMAIL ISSUES + 4.1 Should I use a wildcard MX for my domain? + 4.2 How can I set up an auto-responder? + 4.3 How can I get sendmail to deliver local mail to + $HOME/.mail instead of into /usr/spool/mail (or + /usr/mail)? + 4.4 Why does it deliver the mail interactively when I'm + trying to get it to go into queue only mode? + 4.5 How can I solve "config error: mail loops back to + myself" messages? + 4.6 Why does my sendmail process sometimes hang when + connecting over a SLIP/PPP link? + 4.7 How can I summarize the statistics generated by + sendmail in the syslog? + 4.8 How can I check my sendmail.cf to ensure that it's + re-writing addresses correctly? + 4.9 What is procmail, and where can I get it? + 4.10 How can I solve "cannot alias non-local names" errors? + + 5. VENDOR/OS SPECIFIC SENDMAIL ISSUES + 5.1 Sun Microsystems SunOS/Solaris 1.x/2.x + 5.1.1 How can I solve "line 273: replacement $3 out of + bounds" errors? + 5.1.2 How can I solve "line 445: bad ruleset 96 (50 max)" + errors? + 5.1.3 Why does version 8 sendmail (< 8.7.5) sometimes + hang under Solaris 2.5? + 5.1.4 Why can't I use SunOS/Solaris to get email to + certain large sites? + 5.2 IBM AIX + 5.2.1 The system resource controller always reports + sendmail as "inoperative". What's wrong? + 5.2.2 Why can't I use AIX to get email to some sites? + 5.2.3 Why can't I get sendmail 8.7.1 to use MX records + with AIX 3.2.5? + + 6. ADDITIONAL INFORMATION SOURCES (RFC 1807 bibliography format) + 6.1 Reference material devoted exlusively to sendmail + 6.2 Reference material with chapters or sections on sendmail + 6.3 Reference material on subjects related to sendmail + 6.4 World-wide web index pages on sendmail + 6.5 World-wide web index pages Internet email in general + 6.6 Online tutorials for sendmail + 6.7 Online archives of mailing lists and Usenet newsgroups, + relating to Internet email + + 7. THANKS! + +------------------------------ + +Date: January 17, 1997 +Subject: Q0 -- TO DO list + +* Make the FAQ more web-friendly by writing it in SGML and using + the linuxdoc-sgml tools to automate the generation of the HTML + and ASCII text versions. +* Index +* Additional net resources (web pages, anonymous ftp sites, etc...) +* Larger, more clearly written annotated bibliography (including RFCs + and comments/corrections for books specific to sendmail) +* Reorganize by platform/version of sendmail (All Sun questions in one + section, all AIX questions in another, etc...) + +------------------------------ + +Date: May 28, 1996 +Subject: Q1 -- COPYRIGHT NOTICE / REDISTRIBUTION REQUIREMENTS + + The entire contents of this document are copyright 1996 by Brad +Knowles, all rights reserved. + + This document may be freely distributed for non-profit purposes +(including, but not limited to: posting to mailing lists, Usenet +newsgroups, and world-wide-web pages; inclusion on CD-ROM or other +distribution media; and insertion into text retrieval systems), so +long as it is the latest version available at the time, all parts are +distributed together, and it is kept completely intact without +editing, changes, deletions, or additions. Non-profit redistribution +in accordance with these guidelines does not require contact with or +approval from the copyright holder. + + Redistribution of this document for profit without express prior +permission is not allowed. At the very least, expect to provide the +copyright holder a free copy of the product (exactly as it would be +sold to customers, all distribution media intact), or a percentage of +the gross revenue from said product and sufficient proof that the +integrity and completeness requirements set for non-profit +distribution will be met. + + + In the event that the copyright holder discovers a redistributed +version that is not in compliance with the above requirements, he will +make a good-faith effort to get it corrected or removed, and failing +that, at least note its deprecated status in a new version. Legal +action will likely be taken against redistribution for profit that +is not in compliance with the above requirements. + +------------------------------ + +Date: May 28, 1996 +Subject: Q2.1 -- What is this newsgroup? + + The Usenet newsgroup <news:comp.mail.sendmail> is dedicated to the +discussion of the program named "sendmail" in all its various forms. +It is most commonly found on computers running a flavor of the +Operating System known as Unix, or derived from Unix. + + This program has been ported to other OSes, but those versions +have typically been ported by a particular vendor and are considered +proprietary. There are many versions of sendmail, but the original +author (Eric Allman) is continuing development on a particular version +typically referred to as "Version Eight" or sometimes just "V8". This +is considered by many to be the One True Version. This is also the +version that this FAQ is centered around. + + + If you have a question that amounts to "How do I send mail to my +friend?", then you're in the wrong newsgroup. You should first check +with your System or E-Mail Administrator(s), BBS SysOp(s), etc... +before you post your question publicly, since the answer will likely +be very highly dependant on what software and hardware you have. You +also don't want to embarass yourself publicly, nor do you want to +annoy the kinds of people who are likely to be the counterparts of +your System or E-Mail Administrator(s), BBS SysOp(s), etc.... If +asking them doesn't do you any good, make sure you read this FAQ and +the other mail-related FAQs at the archive sites listed below. + + If you have a question about another program similar to sendmail +(technically referred to as an "SMTP MTA"), an SMTP Gateway package, +or a LAN email package, then you should see if there is another group +in the <news:comp.mail> hierarchy that more closely matches the +particular program you want to ask a question about. For example, the +SMTP MTA known as Smail has <news:comp.mail.smail> dedicated to it. +The Mail User Agent (MUA) Eudora has two newsgroups dedicated to it +(<news:comp.mail.eudora.mac> and <news:comp.mail.eudora.ms-windows>), +depending on which hardware platform you use. If there isn't a more +appropriate newsgroup, try <news:comp.mail.misc>. Again, make sure +your question isn't already addressed in one of the mail-related +FAQs or other available documentation. See the IMC website (more +info below) for a good list of mail-related FAQs. + + + If you have a question about an older or vendor-proprietary +version of sendmail, be prepared for a lot of answers that amount to +"Get V8". Version 8 isn't a panacea, but it does solve many problems +known to plague previous versions, as well as having many new features +that make it much easier to administer large or complex sites. In +many cases, it makes at least possible what was previously virtually +impossible, and relatively easy the previously difficult. + + + There are, of course, many alternative programs that have sprung +up in an attempt to answer one or another weakness or perceived fault +of sendmail, but so far, none of them have had the kind of success it +would require to unseat it as the de facto standard program for +sending Internet mail. Obviously, this forum should not be used to +discuss the merits of any of the alternative programs versus sendmail. +These kinds of discussions should be taken to <news:comp.mail.misc>, +or you should agitate to get a new newsgroup or newsgroup hierarchy +created where that sort of thing is acceptable (or even the norm, such +as a <news:comp.mail.advocacy> or <news:comp.mail.mta.advocacy> +newsgroup). + +------------------------------ + +Date: July 9, 1996 +Subject: Q2.2 -- What is the scope of this FAQ? + + This FAQ is strongly centered around version 8 sendmail, for many +reasons. First and foremost, this is the area of most interest on the +part of the maintainer of this FAQ. Secondly, version 8 is where most +of the additional development is being concentrated. Version 8 +sendmail is also the best documented of all SMTP MTAs, by virtue of +the book by Bryan Costales (see entry +sendmail-faq//book/ISBN/1-56592-056-2 in Q6.1). + + Other versions of sendmail get mentioned in passing, and some +interesting interactions between version 8 and various OSes is also +covered. + + This FAQ is aimed primarily at the experienced Unix System +Administrator/Postmaster/DNS Domain Administrator. If you're looking +for introductory texts, see the references in Q6.1. + + + Where I've provided URLs, I've generally tried to keep them +exactly as they should be entered, without line breaks or anything +else. This may make them or the surrounding text ugly, but hopefully +they'll be easier to cut-and-paste, or just click on once I've got an +HTMLized version. However, this has not been possible in the +bibliography section, since I'm trying to adhere to RFC 1807 +guidelines, and they explicitly require lines to be no longer than 79 +characters. In those cases, I've tried to break the lines at +relatively obvious and innocuous places. + +------------------------------ + +Date: January 21, 1997 +Subject: Q2.3 -- Where can I find the latest version of this FAQ? + + I post changes as they occur to my sendmail FAQ support page +at <http://www.his.com/pub/brad/sendmail/>. + + The ASCII text of my private version can be found at +<ftp://ftp.his.com/pub/brad/sendmail/sendmail-faq/part*>, while +the latest "single part" version before the split can be found at +<ftp://ftp.his.com/pub/brad/sendmail/sendmail-faq/old>. I don't +have an HTMLized version yet, but when I do, I will put in a link +to it from my support page as well as updating this document. + + + The official version (as posted to <news:news.answers>) is in +<ftp://rtfm.mit.edu/pub/usenet/news.answers/mail/sendmail-faq/>. + + The Internet Mail Consortium <http://www.imc.org> +maintains an archive of email related FAQs and many other +documents. On their site, the latest version of this FAQ +can be found in <http://www.imc.org/sendmail-faq-1> and +<http://www.imc.org/sendmail-faq-2>. + + + Unfortunately, the parser for the Ohio State semi-official +pseudo-HTMLized version tends to misinterpret the way I provide +URLs, so I no longer support it or provide the URL for this FAQ at +that site. However, Kent Landfield has put together an alternative +web archive of Usenet FAQs, and it appears to parse things in a +more sensible manner. + + The root of the Landfield FAQ archive is at +<http://www.landfield.com/faqs/>, and the comp.mail.sendmail FAQ +can be found at <http://www.landfield.com/faqs/mail/sendmail-faq/>. + + The Landfield Usenet Hypertext FAQ Archive supports full text +searching with multiple ways to access Usenet's Frequently Asked +Question postings. Hyperlinks are enabled where ever possible to +make references easy to follow. A full set of FAQ statistics is +also available. + + + If you don't have access to FTP or WWW, this FAQ can be +retrieved by sending Internet email to <mail-server@rtfm.mit.edu> +with an empty subject line (it gets ignored) and the command "send +usenet/news.answers/mail/sendmail-faq/part*" as the body of the +message (omitting the quotes, of course). + + Since this server tends to be extremely busy, as an alternative, +you might want to try sending Internet email to <info@imc.org> with +an empty subject line (it gets ignored) and "send sendmail-faq-*" +as the body of the body of the message (again, omitting the quotes). + + + Well known mirrors for the FAQs archived at rtfm.mit.edu can be +found at: + + Continent URL + --------- ------------------------------------------- + North <ftp://mirrors.aol.com/pub/rtfm/usenet/> + America <ftp://ftp.uu.net/usenet/news.answers/> + <ftp://ftp.seas.gwu.edu/pub/rtfm/> + <http://www.landfield.com/faqs/> + Europe <ftp://ftp.uni-paderborn.de/pub/FAQ/> + <ftp://ftp.Germany.EU.net/pub/newsarchive/news.answers/> + <ftp://ftp.sunet.se/pub/usenet/> + <http://www.cs.ruu.nl/cgi-bin/faqwais/> + <http://www.lib.ox.ac.uk/internet/news/faq/by_group.index.html> + Asia <ftp://nctuccca.edu.tw/USENET/FAQ/> + <ftp://hwarang.postech.ac.kr/pub/usenet/news.answers/> + <ftp://ftp.hk.super.net/mirror/faqs/> + Australia <ftp://ftp.info.au/usenet/FAQs/> + + + + Additional information on how to get access +to various Internet resources by email can be +found in Bob Rankin's Internet-by-Email FAQ, +<ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email>. + + To get the latest edition of this document sent to you by return +email, send a message to one of these addresses: + + To: mail-server@rtfm.mit.edu (for US, Canada & South America) + Enter only this line in the BODY of the note: + send usenet/news.answers/internet-services/access-via-email + + To: mailbase@mailbase.ac.uk (for Europe, Asia, etc.) + Enter only this line in the BODY of the note: + send lis-iis e-access-inet.txt + +------------------------------ + +Date: November 24, 1996 +Subject: Q2.4 -- How do I access comp.mail.sendmail by email? + + Send email to <mxt@dl.ac.uk> with the command "sub +comp-news.comp.mail.sendmail full-US-ordered-email-address" as +the body of the message (with your correct address in place of the +"full-US-ordered-email-address", and omitting the double quotes in +all cases of this example). + + E-mail you want posted on comp.mail.sendmail should be sent to +<comp-mail-sendmail@dl.ac.uk> + +------------------------------ + +Date: March 23, 1996 +Subject: Q2.5 -- Where can I ask email-related DNS questions? + + Depending on how deeply they get into the DNS, they can be asked +here. However, you'll probably be told that you should send them to +the Usenet newsgroup <news:comp.protocols.tcp-ip.domains> (DNS in +general) or to the Info-BIND mailing list (if the question is specific +to that program). + +------------------------------ + +Date: May 23, 1996 +Subject: Q2.6 -- How can I subscribe to these? + + For <news:comp.protocols.tcp-ip.domains>, you have to be on +Usenet. They don't have a news-to-mail gateway yet (I'm working on +this), but they do have a FAQ, and it can be found at +<ftp://ftp.njit.edu/pub/dns/Comp.protocols.tcp-ip.domains.FAQ>. + + Questions from all levels of experience can be found on this +newsgroup (as well as people to answer them), so don't be shy about +asking a question you think may be too simple. + + + For the Info-BIND mailing list, send email to +<bind-request@vix.com> with and empty subject (it gets ignored) and +the command "subscribe" as the body of the message. Submissions +should be sent to <bind@vix.com>. + + Note that this list is now moderated, and anything you post to it +may get material added, deleted, or changed by the moderator. He +reserves the right to reject any postings (and possibly unsubscribe +the poster), if he deems them inappropriate. + +------------------------------ + +Date: May 23, 1996 +Subject: Q2.7 -- Which version of sendmail should I run? + + If you're concerned at all about the security of your machines, +you should make sure you're at least running a recent release of +version 8 sendmail (either from your vendor or the public version +detailed in 1.8). + + Check the CERT Alerts and Summaries (details in 1.13) to make sure +that you're running a version that is free of known security holes. +Just because the sendmail program provided by your vendor isn't list +doesn't mean that you're not vulnerable, however. If your particular +vendor or version isn't listed, check with your vendor and on the +appropriate Internet mailing lists and Usenet newsgroups to verify. + + If nothing else, the most recent public version is usually a +pretty good bet, although you should check <news:comp.mail.sendmail> +to see if anyone has posted recent comments that haven't yet been +folded into a new release. + + + That said, you need to look at what the primary function is for +the machine. If its primary function is to run some CAD/CAM package +on the desk of an Engineer, then there's probably not much sense in +replacing the vendor-supplied version of sendmail (assuming it's +secure, according to the CERT Alerts and Summaries). Just set the +machine up to forward all outbound mail to a central mail relay, and +then worry about making that central mail relay the best it can be. +Also arrange to have all their inbound mail pass through a central +Mail eXchanger (probably the same machine as the central Mail Relay), +for the same reasons. + + + If the primary function for a machine is to act as that central +Mail Relay/Mail eXchanger, then I *strongly* recommend the best +version of sendmail you can get, and in my opinion that is the latest +release of version 8. IDA sendmail is also pretty good, but virtually +everything it does, version 8 does better, and version 8 has the +additional advantage of having continued development as well. On a +central mailhub, recent versions of IDA sendmail are the oldest +sendmail that I'd even consider leaving in place instead of replacing +with version 8. + + However, keep in mind that version 8 still hasn't been ported (so +far as we know) to some of the older (and perhaps more esoteric) +platforms, and if you're stuck using one of them, you may not have +much choice. + + + Recently, some vendors have started shipping (or announced that +they will soon ship) version 8 sendmail pre-configured for their +machines. Unfortunately, in most cases this means you get a +pre-compiled binary and a sendmail.cf file (that may need a bit of +tweaking), but not much else of the "standard" version 8 sendmail +installation kit. Silicon Graphics (SGI) is known to already be +shipping version 8 sendmail in this fashion, and both Hewlett-Packard +and Sun Microsystems have announced that they soon will be (Sun has a +patch today that can be applied to upgrade many machines to an older +release of version 8 sendmail). + + This may be suitable for desktop machines forwarding all their +mail to a central Mail Relay and receiving all their mail from a +central Mail eXchanger, but I personally believe that this is not +likely to be suitable for the central Mail Relay/Mail eXchanger +itself. In that case, I recommend you get and install the latest +version and get the m4 macros, the on-line documentation, the source +code, etc.... + +------------------------------ + +Date: January 21, 1997 +Subject: Q2.8 -- What is the latest release of sendmail? + + For version 8 sendmail, there are three release trees. + + For those people who, for whatever reason, are unable or +unwilling to upgrade to version 8.8.z, releases of version 8.6 and +8.7 sendmail are still available. As of this writing, the most +recent release of version 8.6 sendmail is 8.6.13, and the most +recent release of version 8.7 sendmail is 8.7.6. + + For the most recent releases of 8.6 and 8.7 sendmail, there is a +version number difference between the sendmail program itself and the +associated configuration files. This is okay. The security-related +bug fixes that were made only required changes to the sendmail +program itself and not the configuration files, so only the version +number of the sendmail program itself was incremented. + + + The most recent release of version 8.8 sendmail is 8.8.5. + + On machines exposed directly to the Internet, you should either +already be running 8.8.5 sendmail or plan on upgrading to it in the +immediate future. This release is considered "mature", has security +fixes included that will not be found in any previous release, and +therefore supercedes all previous releases. + + There is no further support for previous releases of sendmail. + +------------------------------ + +Date: January 21, 1997 +Subject: Q2.9 -- Where can I find it? + + By anonymous FTP from ftp.sendmail.org in /pub/sendmail, or (in +URL form) via <ftp://ftp.sendmail.org/pub/sendmail/>. If you care, +there should be files in this directory that end with the extension +".sig" which you can check with PGP to make sure that corresponding +archives haven't been modified. You'll need to have the PGP key +of Eric Allman on your public keyring to be able to verify these +archives with their associated .sig files. + + Current releases of sendmail can also be found at +<ftp://ftp.cs.berkeley.edu/ucb/src/sendmail/>. + + There are no other known official version 8 sendmail mirrors. + + + Check the sendmail home page at <http://www.sendmail.org/> for +late-breaking updates and other useful information. + + If you want to be notified regarding future updates to sendmail +and other items of potential interest, you may want to subscribe +to the sendmail-announce mailing list. Address your subscription +requests to "majordomo@lists.sendmail.org" with "subscribe +sendmail-announce" as the body of the message. + +------------------------------ + +Date: March 23, 1996 +Subject: Q2.10 -- What are the differences between Version 8 and + other versions? + + See doc/changes/changes.{me,ps} in the distribution. See also +RELEASE_NOTES at the top level. + +------------------------------ + +Date: March 24, 1997 +Subject: Q2.11 -- What is BIND and where can I get the latest version? + + BIND stands for "Berkeley Internet Name Daemon", and is the +Internet de-facto standard program for turning host names into IP +addresses. + + The BIND Home Page is at <http://www.isc.org/bind.html>, which +provides pointers to the most recent release of BIND. Note that +BIND 4.9.5-P1 is the most recent "production version", and BIND +8.1 (the next major release; skipping 5.x-7.x) is a "release +candidate" as of version 8.1T3B. See the BIND 8.1T3B announcement +at <ftp://ftp.isc.org/isc/bind/src/testing/t3b-ann.asc> for more +information. + + + Note that there are bugs in older resolver libraries, which can +cause problems getting to large sites (that list more than five IP +addresses for a particular name), or represent a huge security hole +as they do not check the returned data to see if it will fit in the +amount of space pre-allocated for it. + + If at all possible, you should get the most recent "release" +version of BIND and make a serious attempt to integrate it into +your configuration, since virtually all vendor-provided resolver +libaries are woefully out of date. + +------------------------------ + +Date: March 24, 1997 +Subject: Q2.12 -- What's the best platform for running sendmail? + + Generally speaking, I adhere to the old axiom that you should +choose what software you want to run first, then choose the platform +(hardware and OS) that best runs this software. By this token, if +sendmail is the software, then a recent version of BSD Unix would +probably be best, since sendmail was developed at UC Berkeley on +BSD Unix. FreeBSD and BSD/OS are two known implementations of +BSD Unix for Intel-based PC's (among other hardware platforms), +and this would make them the most "native" OSes for sendmail. +FreeBSD is freely available by anonymous ftp or on CD-ROM, and +BSD/OS is a commercial product. + + However, not everyone has this kind of "luxury". If you're on a +homogenous network (i.e., completely composed of only one type of +hardware and OS), then you should probably be running the same OS as +the rest of the machines on the network, regardless of the axiom +stated above. You may have other problems, but you should at least be +able to get some local support on the OS for your machine. + + + Either way, if the primary function of the machine is to handle +"large" quantities of mail (for whatever value you define "large" +to be), I strongly recommend getting the latest stable release of +version 8 sendmail. + + On the other hand, if the primary function of the machine is +to sit on some Engineer's desk and do CAD, then it may be easier +for you to leave the vendor-supplied version of sendmail on that +machine (after suitable configuration), and instead concentrate +your efforts on making the central mail handling machine(s) as +robust and capable as they can be. + + However, you may be surprised to find that it is easier +for you to support only one version of sendmail across all the +various platforms than it is to try and support multiple versions of +sendmail, each unique for their particular platform. In that case, +the easy solution is to put version 8 sendmail everywhere, and not +have to worry about vendor-specific problems with older versions. + + + For more information on BSD Unix in general, see the Usenet +newsgroups under <news:comp.unix.bsd>, <news:comp.bugs.4bsd>, +<news:comp.os.386bsd>. For more information on BSD/OS, see the BSD +newsgroups mentioned above, or the BSD/OS Home Page at +<http://www.bsdi.com/>. For more information on FreeBSD, see the +Usenet newsgroups under <news:comp.unix.bsd.freebsd>, or the FreeBSD +Home Page at <http://www.freebsd.org/>. + +------------------------------ + +Date: July 9, 1996 +Subject: Q2.13 -- What is smrsh and where can I get it? + + From <ftp://info.cert.org/pub/tools/smrsh/README>: + + smrsh is a restricted shell utility that provides the ability + to specify, through a configuration, an explicit list of + executable programs. When used in conjunction with sendmail, + smrsh effectively limits sendmail's scope of program execution + to only those programs specified in smrsh's configuration. + + smrsh has been written with portability in mind, and uses + traditional Unix library utilities. As such, smrsh should + compile on most Unix C compilers. + +The purpose for restricting the list of programs that can be executed +in this manner is to keep mail messages (either through an alias or +the .forward file in a user's home directory) from being sent to +arbitrary programs which are not necessarily known to be sufficiently +paranoid in checking their input, and can therefore be easily +subverted (this is related to, but different from, the /etc/shells +feature discussed in Q3.11). + + More information regarding the CERT-CC can be found at their web +site, <http://www.cert.org>. For more information on CERT Alerts and +CERT Summaries, see <ftp://info.cert.org/pub/cert_advisories/> and +<ftp://info.cert.org/pub/cert_summaries/>, respectively. + + + You can find smrsh in the most recent sendmail source archive, as +well as <ftp://info.cert.org/pub/tools/smrsh/>. Other very useful +programs can be found in <ftp://info.cert.org/pub/tools/>. + +------------------------------ + +Date: July 5, 1996 +Subject: Q2.14 -- What is smap and where can I get it? + + Smap (and smapd) are tools out of the Trusted Information Systems +(TIS) Firewall Toolkit (fwtk). They were originally written by +firewall expert Marcus Ranum under contract to TIS, and TIS is +continuing what maintenance there is. The toolkit may be found at +<ftp://ftp.tis.com/pub/firewalls/toolkit/>. Support questions +regarding the toolkit may be sent to <mailto:fwall-support@tis.com>, +while you may join their mailing list <mailto:fwall-users@tis.com> by +sending electronic mail to <mailto:fwall-users-request@tis.com>. + + + The concept of smap and smapd is that sendmail is a huge, +monolithic setuid root program that is virtually impossible to verify +as being "correct" and free from bugs (historically, sendmail has been +rather buggy and an easy mark for system crackers to exploit, although +with the advent of version 8 sendmail, this becomes much more +difficult). In contrast, smap and smapd are very small (only a few +hundred lines long), and relatively easy to verify as being correct +and functioning as designed (however, as you will see later, we can +question their design). According to the theory, it is therefore +safer and "better" to run smap and smapd as "wrappers" around +sendmail, which would no longer need to be run setuid root. + + Unfortunately, smap and smapd have a few problems of their +own, and don't appear to have been updated since late March 1996. +There have been conflicting reports of incompatibilities between +smapd and sendmail 8.7.y (both cannot be run on the same machine, +although if you're running sendmail 8.6.x and smap/smapd on the +local machine, people on the outside can still use sendmail 8.7.y +to talk to you). + + For further information on smap and smapd, see the documentation +that comes with the TIS Firewall Toolkit. + + + For more information on firewalls, see the Firewalls FAQ at +<http://www.v-one.com/newpages/faq.htm>. + +------------------------------ + +Date: January 21, 1996 +Subject: Q2.15 -- What is TCP-Wrappers and where can I get it? + + TCP-Wrappers is another security enhancement package. The theory +is that you take programs being run under inetd (see /etc/inetd.conf) +and before you run the program to do the real work (ftpd, telnetd, +etc...), you first run the connection attempt through a package that +checks to see if the IP address of the source packet is coming from a +host known to be either good or bad (you may filter connection +attempts by source host name, domain name, raw IP address, port they +are attempting to connect to; and either allow known good connections +through thus refusing unknown connections, or accept all connections +except those known to be bad). + + The practice of TCP-Wrappers actually follows the theory +quite well. It is a very useful and important tool in the System +Administrator's Bag of Things To Help You Secure Your Machine +>From Crackers, Spammers, Junkmailers, and Other Undesirables. +However, it only works for programs that communicate via TCP packets +(not UDP, such as NFS) started up out of inetd. It does not work +for RPC-based services, and programs that start up a daemon outside +of inetd and just leave it running obviously don't benefit beyond +the initial connection that gets the daemon started (however, see +the FTP URL below for other packages that can help secure RPC and +portmapper-based services). + + However, most sendmail installations tend to start up a daemon and +leave it running at all times. If you did run sendmail out of inetd, +you'd lose the benefit of the load average checking code that is +executed only in daemon mode, and for systems that handle a lot of +mail, this is vitally important. + + You can get TCP-Wrappers from +<ftp://ftp.win.tue.nl/pub/security/>, a site that has +a whole host of other useful security tools, such as +securelib, portmap, satan, cops, crack, etc... You can +also find pointers to many other useful security tools at +<http://ciac.llnl.gov/ciac/SecurityTools.html>, and the COAST Archive +at <http://www.cs.purdue.edu/homes/spaf/hotlists/csec.html> is a +veritable cornucopia of all things security related. The SANS 1996 +Network Security Roadmap at <http://www.sans.org/roadmap.html> has +much useful information and pointers to many other useful resources. + + + For the adventurous, you can get a source patch for version +8 sendmail (created for 8.7.6, but with work, applicable to older +releases) that will take the core TCP-Wrappers code and integrate +it into the daemon, so that you get the best of both worlds. +However, this isn't as smoothly integrated as it should be, is not +for the faint-of-heart, and is certainly not officially supported +by the orginal author of sendmail (Eric Allman). This functionality +is integrated in a different fashion into version 8.8.5 sendmail. + + You should be able to find the unsupported patch at +<ftp://ftp.win.tue.nl/pub/security/sendmail-tcpd.patch>. + +------------------------------ + +Date: November 24, 1996 + +Subject: Q2.16 -- Why won't db 1.85 build for my SGI running Irix + >= 5.2? + + The db 1.85 package as available from ftp.cs.berkeley.edu +provides Irix support up to Irix 4.05F, but 5.{2,3} need a slightly +patched version. Some vendors also provide db standard with their OS +(DEC Unix 4.0, for example). + + A tarball incorporating these changes is available at +<ftp://ftp.his.com/pub/brad/sendmail/irix5.tar.gz>. This will +extract into ./db.1.85/PORT/irix.5.2, with a symbolic link +created from ./db.1.85/PORT/irix.5.3 to this same directory. +Make sure you extract this archive into the same directory +where you extracted the db 1.85 archive as available from +ftp.cs.berkeley.edu. (see Q3.5 for more information on getting +the db 1.85 package). An ASCII context diff of this same patch is +at <ftp://ftp.his.com/pub/brad/sendmail/irix4-5.diff>. + + A version of db 1.85 that has been supposedly patched +to compile under Irix 6.2 has been made available at +<http://reality.sgi.com/ariel/db-1.85-irix.tar.Z>, but I haven't +had a chance to download and check it out yet. + +------------------------------ + +Date: August 30, 1996 + +Subject: Q2.17 -- What is makemap and where can I get it? + + The program "makemap" is used to build the databases used by +version 8 sendmail, for things like the UserDB, mailertables, +etc.... + + It is distributed as part of the basic Operating System from +some vendors, but source code for it is also included at the root +level of the sendmail archive (at least, it is for sendmail 8.6.12 +and 8.7.5, and presumably will continue to be as newer releases come +out). However, it is not considered a "supported" part of version +8 sendmail. Just like the other source provided in the archive, +the Makefile will likely need some tweaking for your specific site. + + It turns out that Irix 5.3 doesn't appear to have the dbm or +ndbm libraries, but to compile makemap.c, you need to have -DNDBM +on the "DBMDEF=" line (some necessary things are defined only +in /usr/include/ndbm.h). Try just leaving off "-lndbm" from the +"LIBS=" line in the Makefile for makemap. + + If you plan on using makemap with db 1.85 on an SGI machine +running a version of Irix later than 4.x, see Q2.16 for some +additional steps to get db 1.85 compiled on your machine. + +------------------------------ + +Date: May 28, 1996 +Subject: Q3.1 -- How do I make all my addresses appear to be from a + single host? + + Using the m4 macros, use: + + MASQUERADE_AS(my.dom.ain) + + This will cause all addresses to be sent out as being from the +indicated domain. + + On your mailhub/mailhost/Domain Mail eXchanger, you may need to +add "my.dom.ain" to the sendmail.cw file or the "Cwhost.my.dom.ain" +line in the sendmail.cf file. + + If you're using version 8.7 sendmail, and you want to hide this +information in the envelope as well as the headers, use: + + FEATURE(masquerade_envelope) + +------------------------------ + +Date: January 24, 1996 +Subject: Q3.2 -- How do I rewrite my From: lines to read + ``First_Last@My.Domain''? + + There are a couple of ways of doing this. This describes using +the "user database" code. This is still experimental, and was +intended for a different purpose -- however, it does work with a bit +of care. It does require that you have the Berkeley "db" package +installed (it won't work with DBM). + + First, create your input file. This should have lines like: + + loginname:mailname First_Last + First_Last:maildrop loginname + + If your login name is "john" and your full name is "John Q. +Public", then this would be: + + john:mailname John_Q_Public@your.domain.goes.here + John_Q_Public:maildrop john + + The words "mailname" and "maildrop" must be typed in literally, +just as they appear. + + + Install this file in (say) /etc/userdb. Create the database: + + makemap -d btree /etc/userdb.db < /etc/userdb + + You can then create a config file that uses this. You will have +to include the following in your .mc file: + + define(confUSERDB_SPEC, /etc/userdb.db) + FEATURE(notsticky) + + Version 8.7 sendmail changes the semantics of this feature such +that notsticky is turned on by default, and if you want the old (8.6) +behaviour, you instead define: + + FEATURE(stickyhost) + + + You also need to make sure that you have the "ik" flags specified +on the affected mailer definition. + + + Note: The program "makemap" is discussed in further detail +in Q2.17. The UserDB feature is discussed further on pp. 643-645 +of _sendmail, 2nd Ed._ by Costales. + +------------------------------ + +Date: March 23, 1996 +Subject: Q3.3 -- So what was the user database feature intended for? + + The intent was to have all information for a given user (where the +user is the unique login name, not an inherently non-unique full name) +in one place. This would include phone numbers, addresses, and so +forth. The "maildrop" feature is because Berkeley does not use a +centralized mail server (there are a number of reasons for this that +are mostly historic), and so we need to know where each user gets his +or her mail delivered -- i.e., the mail drop. + + UC Berkeley is (was) in the process of setting up their +environment so that mail sent to an unqualified "name" goes to that +person's preferred maildrop; mail sent to "name@host" goes to that +host. The purpose of "FEATURE(notsticky)" is to cause "name@host" to +be looked up in the user database for delivery to the maildrop. + +------------------------------ + +Date: March 23, 1996 +Subject: Q3.4 -- Why are you so hostile to using full names for email + addresses? + + Because full names are not unique. For example, the computer +community has two Andy Tannenbaums and two Peter Deutsches. At one +time, Bell Labs had two Stephen R. Bournes with offices a few doors +apart. You can create alternative addresses (e.g., +Stephen_R_Bourne_2), but that's even worse -- which one of them has to +have their name desecrated in this way? And you can bet that one of +them will get most of the other person's email. + + So called "full names" are just an attempt to create longer +versions of unique names. Rather that lulling people into a sense of +security, I'd rather that it be clear that these handles are +arbitrary. People should use good user agents that have alias +mappings so that they can attach arbitrary names for their personal +use to those with whom they correspond (such as the MH alias file). + + Even worse is fuzzy matching in email -- this can make good +addresses turn bad. For example, Eric Allman is currently (to the +best of our knowledge) the only ``Allman'' at Berkeley, so mail sent +to <Allman@Berkeley.EDU> should get to him. But if another Allman +ever appears, this address could suddenly become ambiguous. He's been +the only Allman at Berkeley for over fifteen years -- to suddenly have +this "good address" bounce mail because it is ambiguous would be a +heinous wrong. + + Directory services should be as fuzzy as possible (within reason, +of course). Mail services should be unique. + +------------------------------ + +Date: November 24, 1996 +Subject: Q3.5 -- Where do I find this user database (UserDB) code? + + The user database code is part of the Sendmail V8 distribution. +However, it depends on your installing the db library from the +package at <ftp://ftp.cs.berkeley.edu/pub/4bsd/db.1.85.tar.gz>. +If you install this library, edit the Makefile to include the +right option (-DNEWDB), and then make sendmail again, you get a +binary which has the database features described in the book and +the documentation provided in the sendmail source archive. + + If you're using SGI Irix above 4.x, see Q2.16 for the patches +you will need to get db 1.85 working on your machine. + +------------------------------ + +Date: July 19, 1996 +Subject: Q3.6 -- How do I get the user database to work with Pine or + with FEATURE(always_add_domain)? + + The basic incompatibility with Pine and the user database option +is in how Pine writes From addresses in the header. Most MUAs write +the From address as "From: user", while Pine, for reasons given in +its documentation, write the From address as "From: user@FQDN" +(FQDN=fully qualified domain name). Using the m4 feature macro +"always_add_domain" has the same effect. Because of this difference, +the user database does not rewrite these headers. + + One solution to this problem is to make the following change in +the sendmail.mc file compiled by m4 into your /etc/sendmail.cf (or +wherever your sendmail.cf file is located) after you have the user +database option installed and working with other MUAs: + + Early in the section(s) where you are setting configuration +variables, add the following: + + # Define our userdb file for FQDN rewrites + Kuserdb btree -o /etc/userdb.db + + And a bit later, before the "MAILER()" entries, but after other +configuration options have been set: + + LOCAL_RULE_1 + ######################################################## + ### Local Ruleset 1, rewrite sender header & envelope ## + ######################################################## + #Thanks to Bjart Kvarme <bjart.kvarme@usit.uio.no> + S1 + R$- $1 < @ $j . > user => user@localhost + R$- < @ $=w . > $* $: $1 < @ $2 . > $3 ?? $1 user@localhost ? + R$+ ?? $+ $: $1 ?? $(userdb $2 : mailname $: @ $) + R$+ ?? @ $@ $1 Not found + R$+ ?? $+ $>3 $2 Found, rewrite + + #NOTE ^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^ + # Use Tab Characters Use Tab Characters in these regions + # to make three columns (the line with "mailname" only has 2 columns). + + Now the user database should re-write messages sent with Pine or +anything else that causes local users to have their address be fully +qualified (both header and envelope sender will be properly +re-written). If this still does not work for you, try adding the +following to either the system-wide pine.conf, pine.conf.fixed, or +your personal .pinerc: + + user-domain=localhost + + This has been known to help solve the problem for some people. + + However, a more elegant (read: m4-based) solution for version 8 +sendmail users has yet to be created. + +------------------------------ + +Date: March 24, 1997 +Subject: Q3.7 -- How do I manage several (virtual) domains? + + If you want to provide mailservice to several domains and be able +to add identical names across different domains, as in this example: + + user@a.dom.ain mb1@dom.ain + user@b.dom.ain mb2@dom.ain + user@c.dom.ain mb@outer.space + + you may accomplish this by using an external database in +conjunction with minor Ruleset rewriting in sendmail.cf. Many ISPs +(Internet Service Providers) have asked me and here's a general +solution (you may combine it with userdb's if you need to): + + 1. Make a textfile (I usually make one for each domain and + concatenate them before database-compilation) with the + following structure: + + user@a.dom.ain mb1@dom.ain + user@b.dom.ain mb2@dom.ain + user@c.dom.ain mb@outer.space + + The LHS (Left Hand Side) is the mail-adress of a particular + user and the RHS is the corresponding mailbox. An example + that might apply to the real world: + + webmaster@josnet.se wm.list@eowyn.josnet.se + webmaster@client1.se joe@client1.se + webmaster@client2.se anne@another.provider.se + webmaster@client3.se joe@client3.se + joe@client1.se c1_joe@mail.josnet.se + joe@client3.se joeuser + + Note that you have to spell out the complete email-address in + the LHS entry. The RHS entry may be either a local address + (for example 'johan' if that account exists) or a complete + email-adress on another system (or a domain that the server + recognizes as local for that matter). + + 2. Compile the textfile into a database: + + makemap hash mbt.db <mbt + + You may you use other lookup-methods than hash (btree for + example). The resulting database is mbt.db in this example + and the input is the textfile mbt. + + 3. Add a few lines in sendmail.cf: + + A. In the beginning (typically in the "local info" section or + together with the user database option in the "options" + section): + + # Declare mbt as a hash-lookup database: + Kmbt hash /etc/mail/mbt.db + + B. In the Ruleset 98 (local part of ruleset 0) section, add: + + # Use mailboxtable-database: + R$+ < @ $+ . > $: $1 < @ $2 > . + R$+ < @ $+ > $* $: $(mbt $1@$2 $: $1 < @ $2 > $3 $) + R$+ < @ $+ > $* $: $(mbt $2 $: $1 < @ $2 > $3 $) + RERROR $* $#error $: $1 + R$+ < @ $+ > . $: $1 < @ $2 . > + + If you have any other rewrite rules in ruleset 98, these + should be able to either go after or before the existing + rules, but you may have to do some experimenting to + find out which placement works best. + + 4. The next-to-last line of these rules let you have an alias + file like: + + joe@somedom.com joe + jim@somedom.com jim@othersite + somedom.com ERROR "No such user" + + And still have mail addressed to unknown users at that domain + bounce properly. You can also do a form of redirects, such + as: + + fred@somedom.com ERROR "This user has moved to fred@otherdom.com" + + 5. Test with sendmail -bv and/or sendmail -bt + + 6. Restart sendmail. You must do this in order to have the + daemon reread the sendmail.cf. + + + Note: Alternate sets of instructions and/or kits +can be found at <http://www.westnet.com/providers>, +<http://hub.org/softdocs/Sendmail-VD>, +<ftp://samson.oslo.uninett.no/pub/unix/sendmail/>, and +<http://jos.net/projects/mbt/>. None of these have been tested +by the maintainer of this FAQ, but are believed to work correctly. +Which you use is a matter of your personal aesthetics. + + + If you're using version 8.8 sendmail, you can make use of the +new "virtual user table" feature (for one thing, it won't require +that you add new rewrite rules to your sendmail configuration, as +the previous example does). + + 1. Put "FEATURE(virtusertable)" in your sendmail.mc + file. + + 2. By default, sendmail will build tables out of + /etc/virtusertable. If you want to change this, put + something like: + + define(`VIRTUSER_TABLE', `-o hash /usr/local/lib/virtusertable')dnl + + in your sendmail.mc file. + + 3. Construct the virtusertable file like so: + + info@foo.com foo-info + info@bar.com bar-info + @baz.org jane@elsewhere.net + @somedom.com error : 5.5.0 User unknown + + (Contrast with steps 1 and 4 in the previous example + using regular mailertables). + + 4. Compile the textfile into a database: + + makemap hash /etc/virtusertable.db </etc/virtusertable + + You may you use other lookup-methods than hash (btree + for example). Make sure that this database type matches + what is defined for the table in step 2. + + 5. Put all the domains listed on the LHS of these aliases + in your sendmail.cw file, or on the Cw line in your + sendmail.cf. + + 6. Recompile your sendmail.cf from your sendmail.mc and + test it. + + 7. Once you are satisfied, move it into place and restart + sendmail. + + + Note that the virtusertable is only referenced for inbound +mail (more accurately, only for controlling delivery). If you +want to rewrite mail addresses from your virtual domain users as +they pass through your system, you'll also need to make comparable +modifications to the genericstable (used for rewriting). + +------------------------------ + +Date: July 9, 1996 +Subject: Q3.8 -- There are four UUCP mailers listed in the + configuration files. Which one should I use? + + The choice is partly a matter of local preferences and what is +running at the other end of your UUCP connection. Unlike good +protocols that define what will go over the wire, UUCP uses the policy +that you should do what is right for the other end; if they change, +you have to change. This makes it hard to do the right thing, and +discourages people from updating their software. In general, if you +can avoid UUCP, please do. + + If you can't avoid it, you'll have to find the version that is +closest to what the other end accepts. Following is a summary of the +UUCP mailers available. + + uucp-old (obsolete name: "uucp") + This is the oldest, the worst (but the closest to UUCP) way of + sending messages across UUCP connections. It does bangify + everything and prepends $U (your UUCP name) to the sender's + address (which can already be a bang path itself). It can only + send to one address at a time, so it spends a lot of time + copying duplicates of messages. Avoid this if at all possible. + + uucp-new (obsolete name: "suucp") + The same as above, except that it assumes that in one rmail + command you can specify several recipients. It still has a lot + of other problems. + + uucp-dom + This UUCP mailer keeps everything as domain addresses. + Basically, it uses the SMTP mailer rewriting rules. + + Unfortunately, a lot of UUCP mailer transport agents require + bangified addresses in the envelope, although you can use + domain-based addresses in the message header. (The envelope + shows up as the From_ line on UNIX mail.) So.... + + uucp-uudom + This is a cross between uucp-new (for the envelope addresses) + and uucp-dom (for the header addresses). It bangifies the + envelope sender (From_ line in messages) without adding the + local hostname, unless there is no host name on the address at + all (e.g., "wolf") or the host component is a UUCP host name + instead of a domain name ("somehost!wolf" instead of + "some.dom.ain!wolf"). + + Examples: + + We are on host grasp.insa-lyon.fr (UUCP host name "grasp"). The + following summarizes the sender rewriting for various mailers: + + Mailer sender rewriting in the envelope + ------ ------ ------------------------- + uucp-{old,new} wolf grasp!wolf + uucp-dom wolf wolf@grasp.insa-lyon.fr + uucp-uudom wolf grasp.insa-lyon.fr!wolf + + uucp-{old,new} wolf@fr.net grasp!fr.net!wolf + uucp-dom wolf@fr.net wolf@fr.net + uucp-uudom wolf@fr.net fr.net!wolf + + uucp-{old,new} somehost!wolf grasp!somehost!wolf + uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr + uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf + + + If your only contact with the external world is through UUCP, +you'll probably want to recompile sendmail with support for DNS turned +off (if your host architecture supports a service switch file that +sendmail understands, it will use the service switch however you've +got it configured, even if you've compiled sendmail with DNS support +turned off, so make sure the service switch file is also properly +configured). + + Using "FEATURE(nodns)" probably won't completely satisfy you, as +more recent releases of version 8 sendmail really, REALLY, want to +know what their canonical hostname is, and will go to great lengths to +figure this out from the DNS. But if you don't have any nameservers, +this can obviously add significant amounts of time to process startup +as sendmail repeatedly tries (and fails) to find this information. It +then becomes doubly important to have the proper Fully Qualified +Domain Name (FQDN) listed first in your /etc/hosts file or in the file +used to build your NIS/NIS+ table (or whatever you use). + + For more information on "FEATURE(nodns)", see the RELEASE_NOTES +file for sendmail versions 8.7.1 and later (search for "FQDN"), as +well as _sendmail_, page 741 (page reference correct as of first +edition, first printing). + +------------------------------ + +Date: March 23, 1996 +Subject: Q3.9 -- How do I fix "undefined symbol inet_aton" and + "undefined symbol _strerror" messages? + + You've probably replaced your resolver with the version from BIND +4.9.3. You need to compile with -l44bsd in order to get the +additional routines. + +------------------------------ + +Date: March 24, 1997 +Subject: Q3.10 -- How do I solve "collect: I/O error on connection" + errors? + + There is nothing wrong. This is just a diagnosis of a condition +that had not been diagnosed before. If you are getting a lot of these +from a single host, there is probably some incompatibility between 8.x +and that host. If you get a lot of them in general, you may have +network problems that are causing connections to get reset. + + Note that if you are using PPP and the MTU on your end does +not match what your service provider has configured, you may see +these problems. Discuss with your service provider what the MTU +should be set to, and correct if there is a mismatch. + +------------------------------ + +Date: July 9, 1996 +Subject: Q3.11 -- Why can't my users forward their mail to a program? + + I just upgraded to version 8 sendmail and now when my users try to +forward their mail to a program they get an "illegal shell" or "cannot +mail to programs" message and their mail is not delivered. What's +wrong? + + In order for people to be able to run a program from their +.forward file, version 8 sendmail insists that their shell (that is, +the shell listed for that user in the passwd entry) be a "valid" +shell, meaning a shell listed in /etc/shells. If /etc/shells does not +exist, a default list is used, typically consisting of /bin/sh and +/bin/csh. + + This is to support environments that may have NFS-shared +directories mounted on machines on which users do not have login +permission. For example, many people make their file server +inaccessible for performance or security reasons; although users have +directories, their shell on the server is /usr/local/etc/nologin or +some such. If you allowed them to run programs anyway you might as +well let them log in. + + If you are willing to let users run programs from their .forward +file even though they cannot telnet or rsh in (as might be reasonable +if you run smrsh to control the list of programs they can run) then +add the line: + + /SENDMAIL/ANY/SHELL/ + +to /etc/shells. This must be typed exactly as indicated, in caps, +with the trailing slash. + +NOTA BENE: DO NOT list /usr/local/etc/nologin in /etc/shells -- this +will open up other security problems. + + + IBM AIX does not use /etc/shells -- a list of allowable login +shells is contained, along with many other login parameters, in +/etc/security/login.cfg. You can copy the information in the +"shells=" stanza into a /etc/shells on your system so sendmail will +have something to use. Do NOT add "/usr/lib/uucp/uucico" or any other +non-login shell into /etc/shells. + + Also note that there are some weird things that AFS throws into +the mix, and these can keep a program from running or running +correctly out of .forward files or the system-wide aliases. + + + See also "smrsh" in Q2.13. + +------------------------------ + +Date: November 24, 1996 +Subject: Q3.12 -- Why do connections to the SMTP port take such a + long time? + + I just upgraded to version 8 sendmail and suddenly connections to +the SMTP port take a long time. What is going wrong? + + It's probably something weird in your TCP implementation that +makes the IDENT code act oddly. On most systems version 8 sendmail +tries to do a ``callback'' to the connecting host to get a validated +user name (see RFC 1413 for detail). If the connecting host does not +support such a service it will normally fail quickly with "Connection +refused", but certain kinds of packet filters and certain TCP +implementations just time out. + + To test this (pre-8.7.y sendmail), set the IDENT timeout to zero +using: + + define(`confREAD_TIMEOUT',`Ident=0')dnl + +in the .mc file used by m4 to generate your sendmail.cf file. +Alternatively, if you don't use m4, you can put ``OrIdent=0'' in the +configuration file (we recommend the m4 solution, since that makes +maintenance much easier for people who don't understand sendmail +re-write rules, or after you've been away from it for a while). +Either way, this will completely disable all use of the IDENT +protocol. + + For version 8.7.y sendmail (and above), you should instead use: + + define(`confTO_IDENT',`0s')dnl + + + Another possible problem is that you have your name server and/or +resolver configured improperly. Make sure that all "nameserver" +entries in /etc/resolv.conf point to functional servers. If you are +running your own server, make certain that all the servers listed in +your root cache are up to date (this file is usually called something +like "/var/namedb/root.cache"; see your /etc/named.boot file to get +your value). Either of these can cause long delays. + +------------------------------ + +Date: March 23, 1996 +Subject: Q3.13 -- Why do I get "unknown mailer error 5 -- mail: + options MUST PRECEDE recipients" errors? + + I just upgraded to version 8 sendmail and suddenly I get errors +such as ``unknown mailer error 5 -- mail: options MUST PRECEDE +recipients.'' What is going wrong? + + You need OSTYPE(systype) in your .mc file, where "systype" is set +correctly for your hardware & OS combination -- otherwise the +configurations use a default that probably disagrees with your local +mail system. See cf/README for details. + + If this is on a Sun workstation, you might also want to take a +look at the local mailer flags in the Sun-supplied sendmail.cf and +compare them to the local mailer flags generated for your version 8 +sendmail.cf. If they differ, you might try changing the V8 flags to +match the Sun flags. + +------------------------------ + +Date: March 24, 1996 +Subject: Q3.14 -- Why does version 8 sendmail panic my SunOS box? + + Sendmail 8.7.y panics SunOS 4.1.3_U1 (at least for 1<=y<=3) +and SunOS 4.1.3, and sendmail 8.6.x seems fine on both machines (at +least for 9<=x<=12). + + The problem is that a kernel patch is missing, specifically +100584-08 (4.1.3), 102010-03 (4.1.3_U1), or 102517 (4.1.4). +This should be available from your hardware vendor through your +support contract or their online support facilities (including +being available on the SunSolve CD). + +------------------------------ + +Date: March 23, 1996 +Subject: Q3.15 -- Why does the "From " header gets mysteriously + munged when I send to an alias? + + ``It's not a bug, it's a feature.'' This happens when you have a +"owner-list" alias and you send to "list". V8 propagates the owner +information into the envelope sender field (which appears as the "From +" header on UNIX mail or as the Return-Path: header) so that +downstream errors are properly returned to the mailing list owner +instead of to the sender. In order to make this appear as sensible as +possible to end users, I recommend making the owner point to a +"request" address -- for example: + + list: :include:/path/name/list.list + owner-list: list-request + list-request: eric + + This will make message sent to "list" come out as being "From +list-request" instead of "From eric". + +------------------------------ + +Date: November 24, 1996 +Subject: Q3.16 -- Why doesn't MASQUERADE_AS (or the user database) + work for envelope addresses as well as header addresses? + + Believe it or not, this is intentional. The interpretation of the +standards by the version 8 sendmail development group was that this +was an inappropriate rewriting, and that if the rewriting were +incorrect at least the envelope would contain a valid return address. + + + If you're using version 8.7.y sendmail (or later), you can use + + FEATURE(masquerade_envelope) + + in your sendmail.mc file to change this behaviour. + +------------------------------ + +Date: March 23, 1996 +Subject: Q3.17 -- How do I run version 8 sendmail and support the + MAIL11V3 protocol? + + Get the reimplementation of the mail11 protocol by Keith Moore +from <ftp://gatekeeper.dec.com/pub/DEC/gwtools/> (with contributions +from Paul Vixie). + +------------------------------ + +Date: March 23, 1996 +Subject: Q3.18 -- Why do messages disappear from my queue unsent? + + When I look in the queue directory I see that qf* files have been +renamed to Qf*, and sendmail doesn't see these. What's wrong? + + If you look closely you should find that the Qf files are owned by +users other than root. Since sendmail runs as root it refuses to +believe information in non-root-owned qf files, and it renames them to +Qf to get them out of the way and make it easy for you to find. The +usual cause of this is twofold: first, you have the queue directory +world writable (which is probably a mistake -- this opens up other +security problems) and someone is calling sendmail with an "unsafe" +flag, usually a -o flag that sets an option that could compromise +security. When sendmail sees this it gives up setuid root +permissions. + + The usual solution is to not use the problematic flags. If you +must use them, you have to write a special queue directory and have +them processed by the same uid that submitted the job in the first +place. + +------------------------------ + +Date: March 23, 1996 +Subject: Q3.19 -- When is sendmail going to support RFC 1522 MIME + header encoding? + + This is considered to be a MUA issue rather than an MTA issue. + +Quoth Eric Allman: + + The primary reason is that the information necessary to + do the encoding (that is, 8->7 bit) is unknown to the MTA. + In specific, the character set used to encode names in headers + is _NOT_ necessarily the same as used to encode the body + (which is already encoded in MIME in the charset parameter + of the Content-Type: header). Furthermore, it is perfectly + reasonable for, say, a Swede to be living and working in Korea, + or a Russian living and working in Germany, and want their + name to be encoded in their native character set; it could + even be that the sender was Japanese, the recipient Russian, + and the body encoded in ISO 8859-1. If all I have are 8-bit + characters, I can't choose the charset properly. + + Similarly, when doing 7->8 bit conversions, I don't want + to throw away this information, as it is necessary for proper + presentation to the end user. + +------------------------------ + +Date: January 17, 1997 +Subject: Q3.20 -- Why can't I get mail to some places, but + instead always get the error "reply: read error from + name.of.remote.host"? + + This is usually caused by a bug in the remote host's mail server, +or Mail Transport Agent (MTA). The "EHLO" command of ESMTP causes +the remote server to drop the SMTP connection. There are several +MTAs that have this problem, but one of the most common server +implementations can be identified by the "220 All set, fire away" +greeting it gives when you telnet to its SMTP port. + + To work around this problem, you can configure sendmail to use +a mailertable with an entry telling sendmail to use plain SMTP when +talking to that host: + + name.of.remote.host smtp:name.of.remote.host + + + Sites which must run a host with this broken SMTP implemetation +should do so by having a site running sendmail or some other +reliable (and reasonably modern) SMTP MTA act as an MX server for +the problem host. + + + There is also a problem wherein some TCP/IP implementations +are broken, and if any connection attempt to a remote end gets a +"connection refused", then *all* connections to that site will +get closed. Of course, if you try to use the IDENT protocol across +a firewall (at either end), this is highly likely to result in the +same apparent kind of "read error". + + The fix is simple -- on those machines with broken TCP/IP +implementations, do not attempt to use IDENT. When compiling newer +releases of version 8 sendmail, the compiler should automatically +detect whether you're on a machine that is known to have this kind +of TCP/IP networking problem, and make sure that sendmail does +not attempt to use IDENT. If you've since patched your machine so +that it no longer has this problem, you'll need to go back in and +explicitly configure sendmail for support of IDENT, if you want +that feature. + +------------------------------ + +Date: January 17, 1996 +Subject: Q3.21 -- Why doesn't "FEATURE(xxx)" work? + + When creating m4 Master Config (".mc") files for version 8 +sendmail, many "FEATURE()" macros simply change the definition of +internal variables that are referenced in the "MAILER()" definitions. + + To make sure that everything works as desired, you need to +make sure that "OSTYPE()" macros are put at the very beginning +of the file, followed by "FEATURE()" and "HACK()" macros, local +definitions, and at the very bottom, the "MAILER()" definitions. + +------------------------------ + +Date: March 24, 1997 +Subject: Q3.22 -- How do I configure sendmail to not use DNS? + + In situations where you're behind a firewall, or across a +dial-up line, there are times when you need to make sure that +programs (such as sendmail) do not use the DNS at all. + + + With version 8.8, you change the service switch file to omit +"DNS" and use only NIS, files, and other map types as appropriate. + + With previous releases of version 8 sendmail, you need to +recompile the binary and make sure that "NAMED_BIND" is turned off +in src/conf.h. + + + Note that you'll need to forward all your outbound mail to +another machine as a "relay" (one that does use DNS, and understands +how to properly use MX records, etc...), otherwise you won't be able +to get mail to any site(s) other than the one(s) you configure in +your /etc/hosts file (or whatever). + +------------------------------ + +Date: March 24, 1997 +Subject: Q3.23 -- How do I get all my queued mail delivered to my + Unix box from my ISP? + + Assuming you're running sendmail or some other SMTP MTA on +some sort of a Unix host, and your ISP uses version 8.8 sendmail +and they queue all mail for your domain (as opposed to stuffing it +all in one file that you need to download via POP3 or somesuch), +something like the following script should do the trick: + + #!/bin/sh + telnet mail.myisp.com. 25 < __EOF__ + EHLO me.mydomain.com + ETRN mydomain.com + QUIT + __EOF__ + + + Note that this is indented for readability, and the real script +would have column position #1 of the file be the first printable +character in each line. + + Of course, you'll have to fill in the appropriate details for +"mail.myisp.com", "mydomain.com", etc.... + + + If this script doesn't work, you may have problems with "here" +documents being fed as standard input to commands (like telnet). In +that case, you'll need to build a similar script using "expect". For +more information on expect, see <http://expect.nist.gov> and the book +"Exploring Expect: A Tcl-Based Toolkit for Automating Interactive +Applications" (<http://www.ora.com/catalog/expect/noframes.html>). + + + If your ISP doesn't use version 8.8 sendmail, you may have to +cobble together alternative solutions. They may have a "ppplogin" +script that is executed every time your machines dials them up, and +if so, you may be able to have them modified this script so as to +put a "sendmail -qRmydomain.com" in it (which is effectively what +the "ETRN" command does, but in a safer fashion). + + Alternatively, they may have a hacked finger daemon, so +that you'd put "finger mydomain.com@theirhost.theirdomain.com" +in your script. Or, they may have some other solution for you. +However, only they would be able to answer what solutions they have +available to them. + + Obviously, the easiest and most "standard" solution is to have +them upgrade their system to the most recent stable release of +version 8.8 sendmail. + +------------------------------ + +Comments/updates should be sent to <sendmail-faq@etext.org>. + +Copyright 1996, by Brad Knowles, all rights reserved + +End of comp.mail.sendmail Frequently Asked Questions (FAQ), part 1 of 2 +*********************************************************************** |