1. Which version of sendmail should I run?
2. What is the latest release of sendmail?
3. Where can I find it?
4. What are the differences between Version 9 and other versions?
5. What's the best platform for running sendmail?
6. What is BIND and where can I get the latest version?
7. What is smrsh and where can I get it?
8. What is smap and where can I get it?
9. What is TCP-wrappers and where can I get it?
10. Why won't db 1.85 build on my machine?
11. What is makemap and where can I get it?

 

Which version of sendmail should I run?

If you're concerned at all about the security of your machines, you should make sure you're at least running a recent release of version 8 sendmail (either from your vendor or the public version).

Check the CERT Alerts and Summaries to make sure that you're running a version that is free of known security holes. Just because the sendmail program provided by your vendor isn't listed doesn't mean that you're not vulnerable, however. If your particular vendor or version isn't listed, check with your vendor and on the appropriate Internet mailing lists and Usenet newsgroups to verify.

If nothing else, the most recent public version is usually a pretty good bet, although you should check comp.mail.sendmailto see if anyone has posted recent comments that haven't yet been folded into a new release.

That said, you need to look at what the primary function is for the machine. If its primary function is to run some CAD/CAM package on the desk of an engineer, then there's probably not much sense in replacing the vendor-supplied version of sendmail (assuming it's secure, according to the CERT Alerts and Summaries). Just set the machine up to forward all outbound mail to a central mail relay, and then worry about making that central mail relay the best it can be. Also arrange to have all their inbound mail pass through a central Mail eXchanger (probably the same machine as the central Mail Relay), for the same reasons.

If the primary function for a machine is to act as that central Mail Relay/Mail eXchanger, then we *strongly* recommend the best version of sendmail you can get, and in our opinion that is the latest release of version 8. IDA sendmail is also pretty good, but virtually everything it does, version 8 does better, and version 8 has the additional advantage of having continued development as well.

If fighting spam is a concern, then by all means upgrade to 8.10.X . 8.9.X has good anti-spam features, but 8.10.X has even more features, and the anti-spam ones are more flexible than those in 8.9.X .

However, keep in mind that version 8 still hasn't been ported (so far as we know) to some of the older (and perhaps more esoteric) platforms, and if you're stuck using one of them, you may not have much choice.

Some vendors have started shipping (or announced that they will soon ship) version 8 sendmail pre-configured for their machines. Unfortunately, in most cases this means you get a pre-compiled binary and a sendmail.cf file (that may need a bit of tweaking), but not much else of the "standard" version 8 sendmail installation kit. Silicon Graphics (SGI) and Hewlett-Packard are known to already be shipping version 8 sendmail in this fashion.

Sun Microsystems did the same with SunOS 5.5, 5.5.1 and 5.6, shipping a version based on 8.6 with their own proprietary config files. Recent patches for 5.5.1 and 5.6, however, upgrade to a version based on 8.8.8 with a sendmail.cf that is only slightly tweaked. More importantly, a cf hierarchy is available under /usr/lib/mail/. More details are available at the Sun migration page.

 

What is the latest release of sendmail?

For version 8 sendmail, there are six release trees.

For those people who, for whatever reason, are unable or unwilling to upgrade to version 8.14.x, releases of versions 8.13, 8.12, 8.11, 8.10 and 8.9 sendmail are still available but are not being updated. The last release of version 8.9 sendmail was 8.9.3; the last release of 8.10 was 8.10.2; the last release of 8.11 was 8.11.6; the last release of 8.12 was 8.12.11; the last release of 8.13 was 8.13.8 .

• Version 8.14.5 was released on May 17, 2011.
• Version 8.14.4 was released on December 30, 2009.
• Version 8.14.3 was released on May 3, 2008.
• Version 8.14.2 was released on November 1, 2007.
• Version 8.14.1 was released on April 3, 2007.
• Version 8.14.0 was released on January 31, 2007.
• Version 8.13.8 was released on August 9, 2006.
• Version 8.13.7 was released on June 14, 2006.
• Version 8.13.6 was released on March 22, 2006.
• Version 8.13.5 was released on September 16, 2005.
• Version 8.13.4 was released on March 27, 2005.
• Version 8.13.3 was released on January 11, 2005.
• Version 8.13.2 was released on December 15, 2004.
• Version 8.13.1 was released on July 30, 2004.
• Version 8.13.0 was released on June 20, 2004.
• Version 8.12.11 was released on January 18, 2004.
• Version 8.12.10 was released on September 17, 2003.
• Version 8.12.9 was released on March 29, 2003.
• Version 8.12.8 was released on March 3, 2003.
• Version 8.12.7 was released on December 29, 2002.
• Version 8.12.6 was released on August 26, 2002.
• Version 8.12.5 was released on June 25, 2002.
• Version 8.12.4 was released on June 3, 2002.
• Version 8.12.3 was released on April 5, 2002.
• Version 8.12.2 was released on January 13, 2002.
• Version 8.12.1 was released on October 1, 2001.
• Version 8.12.0 was released on September 8, 2001.
• Version 8.11.6 was released on August 20, 2001.
• Version 8.11.5 was released on July 31, 2001.
• Version 8.11.4 was released on May 28, 2001.
• Version 8.11.3 was released on February 27, 2001.
• Version 8.11.2 was released on December 29, 2000.
• Version 8.11.1 was released on September 28, 2000.
• Version 8.11.0 was released on July 19, 2000.
• Version 8.10.2 was released on June 7, 2000.
• Version 8.10.1 was released on April 7, 2000.
• Version 8.10.0 was released on March 7, 2000.
• Version 8.9.3 was released on February 4, 1999.
• Version 8.9.2 was released on December 31, 1998.
• Version 8.9.1 was released on July 2, 1998.
• Version 8.9.0 was released on May 20, 1998.

On machines exposed directly to the Internet, you should either already be running sendmail 8.14.4 or plan on upgrading in the immediate future. 8.14.4 is considered "stable", has fixes included that will not be found in any previous release, and therefore supercedes all previous releases. There is no further support for previous releases of sendmail.

 

Where can I find it?

By submitting a request at Proofpoint.com

There are no other known official version 8 sendmail mirrors.

 

What are the differences between Version 9 and other versions?

See doc/changes/changes.{me,ps} in the distribution. See also RELEASE_NOTES at the top level

 

What's the best platform for running sendmail?

Generally speaking, I adhere to the old axiom that you should choose what software you want to run first, then choose the platform (hardware and OS) that best runs this software. By this token, if sendmail is the software, then a recent version of BSD Unix would probably be best, since sendmail was developed at UC Berkeley on BSD Unix. FreeBSD and BSD/OS are two known implementations of BSD Unix for Intel-based PC's (among other hardware platforms), and this would make them the most "native" OSes for sendmail. FreeBSD is freely available by anonymous ftp or on CD-ROM, and BSD/OS is a commercial product

However, not everyone has this kind of "luxury". If you're on a homogeneous network (i.e., completely composed of only one type of hardware and OS), then you should probably be running the same OS as the rest of the machines on the network, regardless of the axiom stated above. You may have other problems, but you should at least be able to get some local support on the OS for your machine.

Either way, if the primary function of the machine is to handle "large" quantities of mail (for whatever value you define "large" to be), I strongly recommend getting the latest stable release of version 8 sendmail.

You may be surprised to find that it is easier for you to support only one version of sendmail across all the various platforms than it is to try to support multiple versions of sendmail, each unique for their particular platform. In that case, the easy solution is to put version 8 sendmail everywhere, and not have to worry about vendor-specific problems with older versions.

For more information on BSD Unix in general, see the Usenet newsgroups under comp.unix.bsd, comp.bugs.4bsd,comp.os.386bsd. For more information on BSD/OS, see the BSD newsgroups mentioned above, or the BSD/OS Home Page at http://www.bsdi.com/. For more information on FreeBSD, see the Usenet newsgroups under news:comp.unix.bsd.freebsd, or the FreeBSD Home Page at http://www.freebsd.org/.

 

What is BIND and where can I get the latest version?

BIND stands for "Berkeley Internet Name Daemon", and is the Internet de-facto standard program for turning host names into IP addresses.

The BIND Home Page is at https://www.isc.org/bind/, which provides pointers to the most recent release of BIND. In May of 1997, the first production version of BIND-8 was released. The ISC has deprecated BIND-4 other than for security related patches. No new features or portability changes will be added to BIND-4. You should be using BIND-8.

Note that there are bugs in older resolver libraries, which can cause problems getting to large sites (that list more than five IP addresses for a particular name), or represent a huge security hole as they do not check the returned data to see if it will fit in the amount of space pre-allocated for it.

If at all possible, you should get the most recent "release" version of BIND and make a serious attempt to integrate it into your configuration, since virtually all vendor-provided resolver libraries are woefully out of date.

Note that since the release of BIND version 8.1, many people building sendmail have experienced problems compiling and linking with the new BIND include files and libraries under /usr/local/. A section in our Compiling Sendmail page explains this.

 

What is smrsh and where can I get it?

smrsh is a restricted shell utility that provides the ability to specify, through a configuration, an explicit list of executable programs. When used in conjunction with sendmail, smrsh effectively limits sendmail's scope of program execution to only those programs specified in smrsh's configuration.

smrsh has been written with portability in mind, and uses traditional Unix library utilities. As such, smrsh should compile on most Unix C compilers

The purpose for restricting the list of programs that can be executed in this manner is to keep mail messages (either through an alias or the .forward file in a user's home directory) from being sent to arbitrary programs which are not necessarily known to be sufficiently paranoid in checking their input, and can therefore be easily subverted (this is related to, but different from, the /etc/shells feature discussed in Q3.11).

More information regarding the CERT-CC can be found at their web site, http://www.cert.org. For more information on CERT Alerts and CERT Summaries, see their advisories and summaries, respectively.

You can find smrsh in the most recent sendmail source archive. Other very useful programs can be found inhttp://www.cert.org/other_sources/tool_sources.html.

 

What is smap and where can I get it?

Smap (and smapd) are tools out of the Trusted Information Systems (TIS) Firewall Toolkit (fwtk). They were originally written by firewall expert Marcus Ranum under contract to TIS, and TIS is continuing what maintenance there is. Here is a link to the toolkit. Support questions regarding the toolkit may be sent to fwall-support@tis.com, while you may join their mailing list fwall-users@tis.com by sending electronic mail to fwall-users-request@tis.com

The concept of smap and smapd is that sendmail is a huge, monolithic setuid root program that is virtually impossible to verify as being "correct" and free from bugs (historically, sendmail has been rather buggy and an easy mark for system crackers to exploit, although with the advent of version 8 sendmail, this becomes much more difficult). In contrast, smap and smapd are very small (only a few hundred lines long), and relatively easy to verify as being correct and functioning as designed (however, as you will see later, we can question their design). According to the theory, it is therefore safer and "better" to run smap and smapd as "wrappers" around sendmail, which would no longer need to be run setuid root.

Unfortunately, smap and smapd have a few problems of their own, and don't appear to have been updated since late March 1996. There have been conflicting reports of incompatibilities between smapd and sendmail 8.7.y (both cannot be run on the same machine, although if you're running sendmail 8.6.x and smap/smapd on the local machine, people on the outside can still use sendmail 8.7.y to talk to you).

For further information on smap and smapd, see the documentation that comes with the TIS Firewall Toolkit.

For more information on firewalls, see the Firewalls FAQ at http://www.interhack.net/pubs/fwfaq/

 

What is TCP-wrappers and where can I get it?

TCP-Wrappers is another security enhancement package. The theory is that you take programs being run under inetd (see /etc/inetd.conf) and before you run the program to do the real work (ftpd, telnetd, etc...), you first run the connection attempt through a package that checks to see if the IP address of the source packet is coming from a host known to be either good or bad (you may filter connection attempts by source host name, domain name, raw IP address, port they are attempting to connect to; and either allow known good connections through thus refusing unknown connections, or accept all connections except those known to be bad).

The practice of TCP-Wrappers actually follows the theory quite well. It is a very useful and important tool in the System Administrator's Bag of Things To Help You Secure Your Machine From Crackers, Spammers, Junkmailers, and Other Undesirables. However, it only works for programs that communicate via TCP packets (not UDP, such as NFS) started up out of inetd. It does not work for RPC-based services, and programs that start up a daemon outside of inetd and just leave it running obviously don't benefit beyond the initial connection that gets the daemon started (however, see the FTP URL below for other packages that can help secure RPC and portmapper-based services).

However, most sendmail installations tend to start up a daemon and leave it running at all times. If you did run sendmail out of inetd, you'd lose the benefit of the load average checking code that is executed only in daemon mode, and for systems that handle a lot of mail, this is vitally important.

You can get TCP-Wrappers from ftp://ftp.porcupine.org/pub/security/, a site that has a whole host of other useful security tools, such as securelib, portmap, satan, cops, crack, etc... You can also find pointers to many other useful security tools at http://ciac.llnl.gov/ciac/SecurityTools.html, and the COAST Archive at http://www.cerias.purdue.edu/coast/ is a veritable cornucopia of all things security related.

For the adventurous, you can get a source patch for version 8 sendmail (created for 8.7.6, but, with work, applicable to older releases) that will take the core TCP-Wrappers code and integrate it into the daemon, so that you get the best of both worlds. However, this isn't as smoothly integrated as it should be, is not for the faint-of-heart, and is certainly not officially supported by the original author of sendmail (Eric Allman). This functionality is integrated in a different fashion into version 8.8.5 sendmail.

You should be able to find the unsupported patch at ftp://ftp.porcupine.org/pub/security/sendmail-tcpd.patch.

 

Why won't db 1.85 build on my machine?

As of release 8.9.X of sendmail, db 1.85 is no longer needed, as support for db 2.X is included (starting with 2.3.16). The rest of this answer only applies if you have not yet upgraded to 8.9.X .

The db 1.85 package as available from http://www.sleepycat.com/register.html provides Irix support up to Irix 4.05F, but 5.{2,3} need a slightly patched version, as does HP-UX 10.20. Some vendors also provide db standard with their OS (DEC Unix 4.0, for example).

A tarball incorporating these changes for Irix 5.x is available at ftp://ftp.his.com/pub/brad/sendmail/irix5.tar.gz. This will extract into ./db.1.85/PORT/irix.5.2, with a symbolic link created from ./db.1.85/PORT/irix.5.3 to this same directory. Make sure you extract this archive into the same directory where you extracted the db 1.85 archive as available from ftp.cs.berkeley.edu. (see Q3.5 for more information on getting the db 1.85 package). An ASCII context diff of this same patch is at ftp://ftp.his.com/pub/brad/sendmail/irix4-5.diff.

A version of db 1.85 that has supposedly been patched to compile under Irix 6.2 has been made available athttp://reality.sgi.com/ariel/freeware/#db, but I haven't had a chance to download and check it out yet.

The context diffs required to get db 1.85 working under HP-UX 10.20 are available atftp://ftp.his.com/pub/brad/sendmail/hpux.10.20.diff. A tarball incorporating these changes is available atftp://ftp.his.com/pub/brad/sendmail/hp-ux.10.20.tar.gz. This will extract into ./db.1.85/PORT/hpux.10.20, so make sure you extract this archive into the same directory where you extracted the db 1.85 archive as available from ftp.cs.berkeley.edu.

 

What is makemap and where can I get it?

The program "makemap" is used to build the databases used by version 8 sendmail, for things like the UserDB, mailertables, etc....

It is distributed as part of the basic operating system from some vendors, but source code for it is also included at the root level of the sendmail archive (at least, it is for sendmail 8.6.12 and 8.7.5, and presumably will continue to be as newer releases come out). However, it is not considered a "supported" part of version 8 sendmail. Just like the other source provided in the archive, the Makefile will likely need some tweaking for your specific site

It turns out that Irix 5.3 doesn't appear to have the dbm or ndbm libraries, but to compile makemap.c, you need to have -DNDBM on the "DBMDEF=" line (some necessary things are defined only in /usr/include/ndbm.h). Try just leaving off "-lndbm" from the "LIBS=" line in the Makefile for makemap.

If you plan on using makemap with db 1.85 on an SGI machine running a version of Irix later than 4.x, see Q2.16 for some additional steps to get db 1.85 compiled on your machine.

1. How do I make all my addresses to appear to be from a single host?
2. How do I rewrite my From: lines to read "First_Last@My.Domain" or "Different_Name@My.Domain"?
3. But what about fully qualified addresses, such as those from Pine of FEATURE(always_add_domain)?
4. So what was the user database database featured intended for?
5. Why the hostility toward using full names for email addresses?
6. How do I manage several (virtual) domains?
7. There are four UUCP mailers listed in the configuration files. Which one should I use?
8. How do I solve "collect: I/O error on connection" or "reply: read error from host.name" errors?
9. Why can't my users forward their mail to a program?
10. Why do connections to the SMTP port take such a long time?
11. Why do I get "unknown mailer error 5 -- mail: options MUST PRECEDE recipients" errors?
12. Why does version 8 sendmail panic my SunOS box?
13. Why does the Unix From line get mysteriously munged when I send to an alias?
14. Why doesn't MASQUERADE_AS (or the user database) work for envelope addresses as well as header addresses?
15. How do I run version 8 sendmail and support the MAIL11V3 protocol?
16. Why do messages disappear from my queue unsent?
17. When is sendmail going to support RFC 2047 MIME header encoding?
18. Why can't I get mail to some places, but instead always get the error "reply: read error from name.of.remote.host"?
19. Why doesn't "FEATURE(xxx)" work?
20. How do I configure sendmail not to use DNS?
21. How do I get all my queued mail delivered to my Unix box from my ISP?
22. Why do I get the error message unable to write /etc/mail/sendmail.pid?
23. Why can't I compile sendmail with Berkeley DB 2.X?
24. What operating systems has Berkeley sendmail been ported to?
25. How do I prevent Relaying Denied errors for my clients?
26. Why isn't virtual hosting working, even after I added a Kvirtuser to sendmail.cf?
27. How can I add a header specifying the actual recipient when having multiple users in a virtual domain go to a single mailbox?
28. What do I do when Build fails because groff was not found?
29. What does "class hash not available" mean?
30. How do I configure majordomo with sendmail 8.9 without relaxing the DontBlameSendmail option?
31. How do I configure my system in general with sendmail 8.9?
32. What does "foo not available for sendmail programs" mean?
33. How do I add a footer/signature to all (outgoing) e-email messages?
34. What does "Cannot open hash database ... Invalid argument" mean?
35. What does "parse error before `NDBM'" mean?
36. What does "may be forged" mean?
37. How do I send using an alternate port?
38. Why can't I use BerkeleyDB 4.1.x?
39. How do I use CIDR notation in the access map (or other places)?
40. Why isn't CIDR notation directly supported by sendmail?
41. What does "Need to recompile with -DNEWDB for hash support" mean?
42. I disabled sendmail on some machines which don't receive mail, but since upgrading to 8.12 they can't send mail either; why?

 

How do I make all my addresses to appear to be from a single host?

This question is answered in detail at the configuration Masquerading and Relaying page

 

How do I rewrite my From: lines to read "First_Last@My.Domain" or "Different_Name@My.Domain"?

Use the generics table, as described in steps 6 and 7 of the Virtual Hosting page.

 

But what about fully qualified addresses, such as those from Pine of FEATURE(always_add_domain)?

Note: this question used to be "How do I get the user database to work with Pine or with FEATURE(always_add_domain)?" But the user database is no longer the recommended solution for this problem, so the question has been clarified appropriately.The proper solution is to use the generics table, as described in steps 6 and 7 of the Virtual Hosting page. The important thing to note is that the host/domain part of the fully-qualified address must be specified via GENERICS_DOMAIN() orGENERICS_DOMAIN_FILE().

 

So what was the user database database featured intended for?

The intent was to have all information for a given user (where the user is the unique login name, not an inherently non-unique full name) in one place. This would include phone numbers, addresses, and so forth. The "maildrop" feature is because Berkeley does not use a centralized mail server (there are a number of reasons for this that are mostly historic), and so we need to know where each user gets his or her mail delivered -- i.e., the mail drop.

UC Berkeley is (was) in the process of setting up their environment so that mail sent to an unqualified "name" goes to that person's preferred maildrop; mail sent to "name@host" goes to that host. The purpose of "FEATURE(notsticky)" is to cause "name@host" to be looked up in the user database for delivery to the maildrop.

 

Why the hostility toward using full names for email addresses?

Because full names are not unique. For example, the computer community has two Peter Deutsches. At one time, Bell Labs had two Stephen R. Bournes with offices a few doors apart. You can create alternative addresses (e.g., Stephen_R_Bourne_2), but that's even worse -- which one of them has to have their name desecrated in this way? And you can bet that one of them will get most of the other person's email. Moreover, at institutions with high turnover (such as universities), a given name may refer to different people at different times, which can again lead to mail going to the wrong person

So called "full names" are just an attempt to create longer versions of unique names. Rather that lulling people into a sense of security, I'd rather that it be clear that these handles are arbitrary. People should use good user agents that have alias mappings so that they can attach arbitrary names for their personal use to those with whom they correspond (such as the MH alias file).

The problem is even worse outside of America, where non-ASCII characters (e.g., characters with umlauts or the Norwegian Ø) are used in names. Since non-ASCII characters cannot be used in the SMTP envelope or e-mail headers, the full names are mangled anyway.

Even worse is fuzzy matching in email -- this can make good addresses turn bad. For example, Eric Allman is currently (to the best of our knowledge) the only ``Allman'' at Berkeley, so mail sent to <Allman@Berkeley.EDU> should get to him. But if another Allman ever appears, this address could suddenly become ambiguous. He's been the only Allman at Berkeley for over fifteen years -- to suddenly have this "good address" bounce mail because it is ambiguous would be a heinous wrong.

Directory services should be as fuzzy as possible (within reason, of course). Mail services should be unique.

 

How do I manage several (virtual) domains?

This question is answered in detail at the Virtual Hosting page.

 

There are four UUCP mailers listed in the configuration files. Which one should I use?

This question is answered in detail at the configuration Using UUCP Mailers page

 

How do I solve "collect: I/O error on connection" or "reply: read error from host.name" errors?

If you are just getting occasional such messages, they're probably due to a temporary network problem, or the remote host crashing or otherwise abruptly terminating the connection. If you are getting a lot of these from a single host, there is probably some incompatibility between 8.x and that host (see Q3.12 and Q3.20). If you get a lot of them in general, you may have network problems that are causing connections to get reset

Note that this problem is sometimes caused by incompatible values of the MTU (Maximum Transmission Unit) size on a SLIP or PPP connection. Be sure that your MTU size is configured to be the same value as what your ISP has configured for your connection. If you are still having problems, then have your ISP configure your MTU size for 1500 (the maximum value), and you configure your MTU size similarly.

Another possibility is that you have a router/firewall filtering out all incoming ICMP messages, while your OS is doing "Path MTU discovery" (e.g. modern TCP/IP stacks do this by default). Path MTU discovery relies on certain ICMP messages being allowed through back to the host originating the traffic - see our tip on Path MTU Discovery and RFC 1191 for the details.

Lastly, here is part of a post from comp.mail.sendmail about a SCO 7.1.0 specific bug which may produce similar problems.

Subject: Re: Recipient mail server times out sendmail connection
Date: 5 Jun 2002 21:37:02 -0700
From: maillist@screamingplants.com (ike)

I ran a packet sniffer on mail traffic that was causing problems and found that the tcp checksums for large packets were all off by 14. I found out later that there is a network bug in the OS (SCO 7.1.0). After applying a few patches, the problem appears to have been resolved.

 

Why can't my users forward their mail to a program?

I just upgraded to version 8 sendmail and now when my users try to forward their mail to a program they get an "illegal shell" or "cannot mail to programs" message and their mail is not delivered. What's wrong?

In order for people to be able to run a program from their .forward file, version 8 sendmail insists that their shell (that is, the shell listed for that user in the passwd entry) be a "valid" shell, meaning a shell listed in /etc/shells. If /etc/shells does not exist, a default list is used, typically consisting of /bin/sh and /bin/csh.

This is to support environments that may have NFS-shared directories mounted on machines on which users do not have login permission. For example, many people make their file server inaccessible for performance or security reasons; although users have directories, their shell on the server is /usr/local/etc/nologin or some such. If you allowed them to run programs anyway you might as well let them log in.

If you are willing to let users run programs from their .forward file even though they cannot telnet or rsh in (as might be reasonable if you run smrsh to control the list of programs they can run) then add the line:

/SENDMAIL/ANY/SHELL/

to /etc/shells. This must be typed exactly as indicated, in caps, with the trailing slash.

NOTA BENE: DO NOT list /usr/local/etc/nologin in /etc/shells -- this will open up other security problems.

IBM AIX does not use /etc/shells -- a list of allowable login shells is contained, along with many other login parameters, in /etc/security/login.cfg. You can copy the information in the "shells=" stanza into a /etc/shells on your system so sendmail will have something to use. Do NOT add "/usr/lib/uucp/uucico" or any other non-login shell into /etc/shells.

Also note that there are some weird things that AFS throws into the mix, and these can keep a program from running or running correctly out of .forward files or the system-wide aliases.

See also "smrsh" in Q2.13 and Q3.34, and "directory permissions" in Q3.33.

 

Why do connections to the SMTP port take such a long time?

I just upgraded to version 8 sendmail and suddenly connections to the SMTP port take a long time. What is going wrong?

It's probably something weird in your TCP implementation that makes the IDENT code act oddly. On most systems version 8 sendmail tries to do a ``callback'' to the connecting host to get a validated user name (see RFC 1413 for detail). If the connecting host does not support such a service it will normally fail quickly with "Connection refused", but certain kinds of packet filters and certain TCP implementations just time out

To test this (pre-8.7.y sendmail), set the IDENT timeout to zero using:

define(`confREAD_TIMEOUT',`Ident=0')dnl

in the .mc file used by m4 to generate your sendmail.cf file. Alternatively, if you don't use m4, you can put ``OrIdent=0'' in the configuration file (we recommend the m4 solution, since that makes maintenance much easier for people who don't understand sendmail re-write rules, or after you've been away from it for a while). Either way, this will completely disable all use of the IDENT protocol.

For version 8.7.y sendmail (and above), you should instead use:

define(`confTO_IDENT',`0s')dnl

Another possible problem is that you have your name server and/or resolver configured improperly. Make sure that all "nameserver" entries in /etc/resolv.conf point to functional servers. If you are running your own server, make certain that all the servers listed in your root cache are up to date (this file is usually called something like "/var/namedb/root.cache"; see your /etc/named.boot file to get your value). Either of these can cause long delays.

You may also wish to check out our tips on how to set up DNS for your private address space.

 

Why do I get "unknown mailer error 5 -- mail: options MUST PRECEDE recipients" errors?

I just upgraded to version 8 sendmail and suddenly I get errors such as ``unknown mailer error 5 -- mail: options MUST PRECEDE recipients.'' What is going wrong?

You need OSTYPE(systype) in your .mc file, where "systype" is set correctly for your hardware & OS combination -- otherwise the configurations use a default that probably disagrees with your local mail system. See the configuration OSTYPE page for details.

If this is on a Sun workstation, you might also want to take a look at the local mailer flags in the Sun-supplied sendmail.cf and compare them to the local mailer flags generated for your version 8 sendmail.cf. If they differ, you might try changing the V8 flags to match the Sun flags.

 

Why does version 8 sendmail panic my SunOS box?

Sendmail 8.7.y panics SunOS 4.1.3_U1 (at least for 1 <= y <= 3) and SunOS 4.1.3, and sendmail 8.6.x seems fine on both machines (at least for 9 <= x <= 12).

The problem is that a kernel patch is missing, specifically 100584-08 (4.1.3), 102010-05 (4.1.3_U1), or 102517 (4.1.4). This should be available from your hardware vendor through your support contract or their online support facilities (including being available on the SunSolve CD).

 

Why does the Unix From line get mysteriously munged when I send to an alias?

"It's not a bug, it's a feature." This happens when you have an owner-list alias and you send to list. V8 propagates the owner information into the SMTP envelope sender field (which appears as the Unix From line [sometimes incorrectly referred to as the From-space "header"] on Unix mail or as the Return-Path: header) so that downstream errors are properly returned to the mailing list owner instead of to the sender. In order to make this appear as sensible as possible to end users, I recommend making the owner point to a "request" address -- for example:

% strings /path/to/smrsh | grep ^/

where /path/to/smrsh is the P= argument on the Mprog line in sendmail.cf .

So for example:

% cd /usr/adm/sm.bin
    % ln -s /usr/bin/vacation

would allow the vacation program to be run from a user's .forward file or an alias which uses the "|program" syntax.

Finally, if you want to disable use of smrsh, remove the FEATURE(`smrsh') line from the .mc file used to build sendmail.cf; see cf/README for details on this.

 

Why doesn't MASQUERADE_AS (or the user database) work for envelope addresses as well as header addresses?

Believe it or not, this is intentional. The interpretation of the standards by the version 8 sendmail development group was that this was an inappropriate rewriting, and that if the rewriting were incorrect at least the envelope would contain a valid return address.

If you're using version 8.7.y sendmail (or later), you can use

FEATURE(masquerade_envelope)

in your sendmail.mc file to change this behavior. This is discussed in greater detail at the configuration Masquerading and Relaying page.

 

How do I run version 8 sendmail and support the MAIL11V3 protocol?

Get the reimplementation of the mail11 protocol by Keith Moore from ftp://gatekeeper.dec.com/pub/misc/vixie/ (with contributions from Paul Vixie).

 

Why do messages disappear from my queue unsent?

When I look in the queue directory I see that qf* files have been renamed to Qf*, and sendmail doesn't see these. What's wrong

If you look closely you should find that the Qf files are owned by users other than root. Since sendmail runs as root it refuses to believe information in non-root-owned qf files, and it renames them to Qf to get them out of the way and make it easy for you to find. The usual cause of this is twofold: first, you have the queue directory world writable (which is probably a mistake -- this opens up other security problems) and someone is calling sendmail with an "unsafe" flag, usually a -o flag that sets an option that could compromise security. When sendmail sees this it gives up setuid root permissions.

The usual solution is to not use the problematic flags. If you must use them, you have to write a special queue directory and have them processed by the same uid that submitted the job in the first place.

 

When is sendmail going to support RFC 2047 MIME header encoding?

This is considered to be a MUA issue rather than an MTA issue.

Quoth Eric Allman:

The primary reason is that the information necessary to do the encoding (that is, 8->7 bit) is unknown to the MTA. In specific, the character set used to encode names in headers is _NOT_ necessarily the same as used to encode the body (which is already encoded in MIME in the charset parameter of the Content-Type: header). Furthermore, it is perfectly reasonable for, say, a Swede to be living and working in Korea, or a Russian living and working in Germany, and want their name to be encoded in their native character set; it could even be that the sender was Japanese, the recipient Russian, and the body encoded in ISO 8859-1. If all I have are 8-bit characters, I can't choose the charset properly.

Similarly, when doing 7->8 bit conversions, I don't want to throw away this information, as it is necessary for proper presentation to the end user.

 

Why can't I get mail to some places, but instead always get the error "reply: read error from name.of.remote.host"?

This is usually caused by a bug in the remote host's mail server, or Mail Transport Agent (MTA). The "EHLO" command of ESMTP causes the remote server to drop the SMTP connection. There are several MTAs that have this problem, but one of the most common server implementations can be identified by the "220 All set, fire away" greeting it gives when you telnet to its SMTP port.

To work around this problem, you can configure sendmail to use a mailertable with an entry telling sendmail to use plain SMTP when talking to that host:

name.of.remote.host smtp:name.of.remote.host

Sites which must run a host with this broken SMTP implementation should do so by having a site running sendmail or some other reliable (and reasonably modern) SMTP MTA act as an MX server for the problem host.

There is also a problem wherein some TCP/IP implementations are broken, and if any connection attempt to a remote end gets a "connection refused", then *all* connections to that site will get closed. Of course, if you try to use the IDENT protocol across a firewall (at either end), this is highly likely to result in the same apparent kind of "read error".

The fix is simple -- on those machines with broken TCP/IP implementations, do not attempt to use IDENT. When compiling newer releases of version 8 sendmail, the compiler should automatically detect whether you're on a machine that is known to have this kind of TCP/IP networking problem, and make sure that sendmail does not attempt to use IDENT. If you've since patched your machine so that it no longer has this problem, you'll need to go back in and explicitly configure sendmail for support of IDENT, if you want that feature.

 

Why doesn't "FEATURE(xxx)" work?

When creating m4 Master Config (".mc") files for version 8 sendmail, many FEATURE() macros simply change the definition of internal variables that are referenced in the MAILER() definitions.

To make sure that everything works as desired, you need to make sure that OSTYPE() macros are put at the very beginning of the file, followed by FEATURE() and HACK() macros, local definitions, and at the very bottom, the MAILER()definitions. See the configuration Introduction and Example page for more details.

 

How do I configure sendmail not to use DNS?

In situations where you're behind a firewall, or across a dial-up line, there are times when you need to make sure that programs (such as sendmail) do not use the DNS at all.

With older releases of version 8 sendmail (8.7 and earlier), you needed to recompile the binary and make sure that "NAMED_BIND" was turned off in src/conf.h.

With versions 8.8 and later, you change the service switch file to omit "DNS" and use only NIS, files, and other map types as appropriate. More information about the service switch file can be found under the ServiceSwitchFile option in§5.6 (Options) of the Installation and Operation Guide and all of §4.9 (Name Server Access).

And note that you'll need to forward all your outbound mail to another machine as a "relay" (one that does use DNS, and understands how to properly use MX records, etc...), otherwise you won't be able to get mail to any site(s) other than the one(s) you configure in your /etc/hosts file (or whatever). The use of a smart host is one way to do this; the following in your .mc will do:

define(`SMART_HOST', `name.of.smart.host')dnl

Also, starting with 8.9, it may help to include the following in your .mc file:

FEATURE(`accept_unresolvable_domains')dnl FEATURE(`accept_unqualified_senders')dnl

And starting with 8.12, changes to submit.cf are required as well; the following in your submit.mc can minimize the problem:

define(`confDIRECT_SUBMISSION_MODIFIERS', `C')dnl

 

How do I get all my queued mail delivered to my Unix box from my ISP?

In the contrib directory of the sendmail distribution is a Perl script called etrn.pl. Assuming you're running sendmail or some other SMTP MTA on some sort of a Unix host, and your ISP uses version 8.8 sendmail and they queue all mail for your domain (as opposed to stuffing it all in one file that you need to download via POP3 or some such), the command

% strings /path/to/smrsh | grep ^/

where /path/to/smrsh is the P= argument on the Mprog line in sendmail.cf .

So for example:

% cd /usr/adm/sm.bin
    % ln -s /usr/bin/vacation

would allow the vacation program to be run from a user's .forward file or an alias which uses the "|program" syntax.

Finally, if you want to disable use of smrsh, remove the FEATURE(`smrsh') line from the .mc file used to build sendmail.cf; see cf/README for details on this.

 

Why do I get the error message unable to write /etc/mail/sendmail.pid?

sendmail checks if it has write access to the directory in which it wants to create a file without granting special privileges to 'root'. To have sendmail run properly, the directories /etc, /etc/mail, and/or /var/run should be owned by root and be writable by its owner.

 

Why can't I compile sendmail with Berkeley DB 2.X?

sendmail 8.8 only supports Berkeley DB 1.85. It will not work with newer Berkeley DB versions, even in compatibility mode

Sendmail 8.9, however, does include support for Berkeley DB 2.X, starting with 2.3.16 .

 

What operating systems has Berkeley sendmail been ported to?

Berkeley sendmail 8.9.3 supports most known flavors of UNIX, including:

• 386BSD
• A-UX
• AIX
• Altos
• BSD-OS
• BSD43
• CLIX
• CSOS
• ConvexOS
• Dell
• DomainOS
• Dynix
• EWS-UX_V
• FreeBSD
• HP-UX
• IRIX
• ISC
• KSR
• LUNA
• Linux
• Mach386
• NCR.MP-RAS
• NEWS-OS
• NeXT
• NetBSD
• NonStop-UX
• OSF1
• OpenBSD
• PTX
• Paragon
• PowerUX
• RISCos
• SCO
• SINIX
• SMP_DC.OSx.NILE
• Solaris
• SVR4
• SunOS
• Titan
• ULTRIX
• UMAX
• UNICOS
• UNIX_SV.4.x.i386
• UX4800
• UXPDS
• Utah
• dgux
• maxion
• uts.systemV

Also, a Windows NT version is available from Sendmail, Inc..

 

How do I prevent Relaying Denied errors for my clients?

You need to add the fully-qualified host name and/or IP address of each client to class R, the set of relay-allowed domains. For version 8.8.X, this is typically defined by the file /etc/sendmail.cR ; for 8.9.X, it is typically/etc/mail/relay-domains . Note: if your DNS is problematic, you should list the IP address (e.g., 1.2.3.4); in general, however, this should not be necessary.

Once you've updated the appropriate file, SIGHUP your sendmail daemon and you should be OK.

Further details are available on our Allowing controlled SMTP relaying in Sendmail 8.9 page.

 

Why isn't virtual hosting working, even after I added a Kvirtuser to sendmail.cf?

Just adding the proper Kvirtuser line to sendmail.cf is not enough to enable the virtual user table feature, a key ingredient for virtual hosting. You need to use the m4 technique FEATURE(virtusertable); detailed instructions are provided at our Virtual Hosting with Sendmail page.

 

How can I add a header specifying the actual recipient when having multiple users in a virtual domain go to a single mailbox?

Stuffing multiple user's mail into a single mail box is not a good method of distributing user mail but if you must do this, the following solution should allow a tool like fetchmail to separate the messages for individual users.

 

What do I do when Build fails because groff was not found?

You can get groff from ftp://ftp.gnu.org/pub/gnu/. But it's not a big deal, because:

1. You've already successfully built the sendmail binary to get this far.
2. You can just use the preformatted man pages anyway:
   % cp *.0 obj*

 

What does "class hash not available" mean?

You've built sendmail and/or makemap without NEWDB specified in your DBMDEF configuration, but you specified the class hash in sendmail.cf or on a makemap command. The class hash requires NEWDB support, for which you need the Berkeley database. Please refer to the Database Definitions section of our Compiling Sendmail web page.

 

How do I configure majordomo with sendmail 8.9 without relaxing the DontBlameSendmail option?

We have had some queries about this, as majordomo apparently suggests some configuration values which sendmail 8.9 does not like. Here is what one expert suggests

The sendmail.cf contains:

O AliasFile=/etc/aliases, /etc/majordomo.aliases
    O DontBlameSendmail=Safe

/etc/aliases contains the general majordomo aliases:

# Majordomo
    majordomo: "|/usr/local/lib/majordomo/wrapper majordomo"
    owner-majordomo: postmaster
    majordomo-owner: postmaster

/etc/majordomo.aliases contains the majordomo lists of the form:

wookie: "|/usr/local/lib/majordomo/wrapper resend -l wookie
    wookie-list" wookie-list: :include:/usr/local/lib/majordomo/lists/wookie
    owner-wookie: head-wookie
    wookie-approval: owner-wookie
    wookie-request: "|/usr/local/lib/majordomo/wrapper majordomo -l wookie"

The various directory owners/groups/permissions:
drwxr-xr-x     20  root root 1024 Dec 1 15:20 /
drwxr-xr-x      25 root root 3072 Jan 26 01:26 /etc
drwxr-xr-x      20 root root 1024 Feb 4 1998 /usr
drwxr-xr-x      18 root root 1024 Jan 16 18:40 /usr/local
drwxr-xr-x      5 root root 1024 Feb 6 1996 /usr/local/lib
lrwxrwxrwx      1 root root 16 Dec 1 10:01 /usr/local/lib/majordomo -> majordomo-1.94.4
drwxr-x--x      5 majordom majordom 1024 Jan 25 23:12 /usr/local/lib/majordomo-1.94.4
drwxr-xr-x      2 majordom majordom 32768 Jan 26 00:49 /usr/local/lib/majordomo-1.94.4/lists
-rw-rw-r--      1 majordom majordom 655 Nov 3 17:03 /usr/local/lib/majordomo-1.94.4/lists/wookie
-rw-rw----      1 majordom majordom 14588 Jan 19 10:28 /usr/local/lib/majordomo-1.94.4/lists/wookie.config
-rw-rw-r--      1 majordom majordom 23 Jan 14 1997 /usr/local/lib/majordomo-1.94.4/lists/wookie.info

Now the differences that make this work that may not be the same as instructed by the majordomo instructions:

1. Put the majordomo.aliases file in /etc, not in the majordomo install directory (/usr/local/lib/majordomo). If you can't move the aliases file out of the majordomo directory, you'll need to create the database backing file by hand the first time as root:
   # touch /usr/local/lib/majordomo/aliases
       # new aliases -OAliasFile=/usr/local/lib/majordomo/aliases
2. Make the permissions on /usr/local/lib/majordomo 0751, not 0775.
3. Make the permissions on /usr/local/lib/majordomo/Log 0664, owned by majordom, group majordom.
4. /usr/local/lib/majordomo/lists is mode 0755, owner majordom, group majordom.
5. The permissions/owners for the lists should be as shown above. These permissions/ownership allow majordomto continue to manage the lists.

 

How do I configure my system in general with sendmail 8.9?

The following is taken directly from the DIRECTORY PERMISSIONS section of the top-level README file in the sendmail distribution.

Sendmail often gets blamed for many problems that are actually the result of other problems, such as overly permissive modes on directories. For this reason, sendmail checks the modes on system directories and files to determine if can have been trusted. For sendmail to run without complaining, you MUST execute the following command:

% strings /path/to/smrsh | grep ^/

where /path/to/smrsh is the P= argument on the Mprog line in sendmail.cf .

So for example:

% cd /usr/adm/sm.bin
    % ln -s /usr/bin/vacation

would allow the vacation program to be run from a user's .forward file or an alias which uses the "|program" syntax.

Finally, if you want to disable use of smrsh, remove the FEATURE(`smrsh') line from the .mc file used to build sendmail.cf; see cf/README for details on this.

 

What does "foo not available for sendmail programs" mean?

It means that you are using smrsh, the sendmail restricted shell; see Q2.13 for details on this. To fix this problem, you need to create a sym-link from smrsh's directory for restricted programs to the program foo. The default location of this directory for restricted programs is /usr/adm/sm.bin in the Open Source version, but vendor versions differ. For example, RedHat Linux 6.0 uses /etc/smrsh, and Solaris 8 uses /var/adm/sm.bin . If you don't know the directory for your OS, first check the smrsh man page, then if that fails, try:

% strings /path/to/smrsh | grep ^/

where /path/to/smrsh is the P= argument on the Mprog line in sendmail.cf .

So for example:

% cd /usr/adm/sm.bin
    % ln -s /usr/bin/vacation

would allow the vacation program to be run from a user's .forward file or an alias which uses the "|program" syntax.

Finally, if you want to disable use of smrsh, remove the FEATURE(`smrsh') line from the .mc file used to build sendmail.cf; see cf/README for details on this.

 

How do I add a footer/signature to all (outgoing) e-email messages?

This is quite complicated. At first sight it might be simple: just "cat" some text (taken from a file or whatever) to the end of an e-mail message passing through sendmail. However, there is a big problem: what about structured e-mail messages, i.e., MIME messages? These can be arbitrarily complex and just "cat"ting a footer to the end of the body can break the MIME structure. (A MIME aware MUA will just not show such a footer, so it's pretty useless in any case.) But signed messages (think: PGP) will break. Another problem is the character set used by the mime part to which the disclaimer is added needs to match the actual character set of the disclaimer itself. Hence, there is no easy solution to this problem!

If you know enough about MIME and some C programming, then take a look at sendmail 8.11 (or later) and libmilter/README. It now offers the functionality to achieve this goal.

Some open source milters are capable of adding footers, e.g. MIMEDefang.

 

What does "Cannot open hash database ... Invalid argument" mean?

It's an error returned from the Berkeley DB library. It normally means that the db file was built with a different version of Berkeley DB than the one sendmail is currently using. You need to recompile makemap with the same version of Berkeley DB that sendmail was compiled with, and re-make your maps with that new version of makemap.

From a typical Unix 'errno' man page:

22 EINVAL Invalid argument. Some invalid argument was supplied.

From the Berkeley DB 2.x 'db_open' man page (1.x 'dbopen' is similar):

EINVAL
    ...
    There is a mismatch between the version number of file and the software.

Berkeley DB 3.x uses a special errno value for this - from its 'db_open' man page:

DB_OLD_VERSION
    The database cannot be opened without being first upgraded.

Unfortunately this isn't specifically handled by sendmail upto and including 8.11.2, resulting in an error message that says something like "Error -30990" instead of "Invalid argument".

Here is a table mapping versions of Berkeley DB with the corresponding sendmail versions in which they are supported:

Berkeley DB	Sendmail
0.X - 1.4 (OLD_NEWDB)	8.1 - 8.8.8
1.5 and later 1.X	8.1 and later
2.0.0-2.6.3	8.9.0 and later
2.6.4 and later 2.X	8.9.2 and later
3.0 and later 3.X	8.10.0 and later

 

What does "parse error before `NDBM'" mean?

This error is generally accompanied by a message indicating which file it occurred in, and which line number of that file, usually:

ERROR NDBM or NEWDB must be defined.

You are supposed to read that line, and do something about it.

Normally, on Linux and the various BSDs, NEWDB is used, whereas on the "commercial" Unix variants (Solaris, HP-UX, possibly others), NDBM is used. Perhaps you failed to install the required libraries when you installed your system.

Please refer to 3.31 and the Database Definitions section of our Compiling Sendmail web page for further details.

 

What does "may be forged" mean?

After sendmail does a hostname look-up on the IP address of the connecting client, the IP addresses of that hostname are looked up. If the client IP address does not appear in that list, then the may be forged tag is added.

 

How do I send using an alternate port?

The port used for outgoing SMTP connections can be changed via the respective *_MAILER_ARGS macros for the various SMTP mailers. In a default configuration, sendmail uses either the relay mailer (for e.g. SMART_HOST when no mailer is specified) or the esmtp mailer (when sending directly to the MX of the recipient domain).

So, if you want all outgoing SMTP connections to use port 2525, you can use this in your .mc file:

define(`RELAY_MAILER_ARGS', `TCP $h 2525')
    define(`ESMTP_MAILER_ARGS', `TCP $h 2525')

If you want to use an alternate port only for specific destinations, change (e.g.) only the RELAY_MAILER_ARGS, and make sure the relay mailer is not used for anything else. E.g. you can have sendmail use port 2525 only when sending to your domain with this in your .mc file:

FEATURE(`mailertable')
    define(`confRELAY_MAILER', `esmtp')
    define(`RELAY_MAILER_ARGS', `TCP $h 2525')

and then in your mailertable:

yourdomain.com
    relay:mail.yourdomain.com

This will force sendmail to use port 2525 for connections to yourdomain.com. Of course, change 2525 to whatever alternate port number you wish to use.

 

Why can't I use BerkeleyDB 4.1.x?

SleepyCat changed the API from Berkeley DB 4.0 to 4.1. Hence it is not supported in sendmail 8.12.6. Moreover, the semantics of the open() call have been changed, hence sendmail doesn't work with DB 4.1.x (x <= 24), even if the "obvious" API changes are made.

However, with the release of Berkeley DB 4.1.25 and sendmail 8.12.7, things should work again with these versions (or greater, when the time comes).

 

How do I use CIDR notation in the access map (or other places)?

Use contrib/cidrexpand to pre-process the data into a format that is supported by sendmail. For example:

cidrexpand < access | makemap hash access

 

Why isn't CIRD notation directly supported by sendmail?

Because it is in general very expensive to do this. Here's an explanation from Per Hedeland:

And not just more complex, it would have to do many more (comparatively expensive) lookups - there's no way, given (e.g.) the IP address 66.205.192.123, to find the matching "66.205.192.0/19" with a single lookup in a general key/value hashed map. The code would have to look for "66.205.192.123", "66.205.192.122/31", "66.205.192.120/30", "66.205.192.120/29", etc, etc - 14 lookups to find a /19, 32 to establish a non-match.

which is 8 times more than the available octet boundary lookup.

I haven't done any measurements, but I wouldn't be surprised if even in the absolute worst case, that your map is 128 times bigger than it "needs" to be, the time for a single lookup won't even double - i.e. you'll lose already on the second lookup.

 

What does "Need to recompile with -DNEWDB for hash support" mean?

See Q3.31. This is the newer form of the same error message, updated to be more informative and clueful. The actual line of code contains:

"%s: Need to recompile with -D%s for %s support\n"

 

I disabled sendmail on some machines which don't receive mail, but since upgrading to 8.12 they can't send mail either; why?

8.12 uses a new paradigm: the binary is no longer setuid-root; to make this work, there are now two queues, a "main" queue and a client-only queue. To match these, there are two config files: one for the main queue (sendmail.cf) and one for the client-only queue (submit.cf). There are also two sendmail processes which need to run: a daemon and a client queue runner. In the default configuration of sendmail, the client queue runner must be able to submit mail to the daemon on the local SMTP port. If the daemon is not listening on the SMTP port, the mail remains in the client-only queue. If you don't want to accept mail from other machines, you should add some or all of the following lines to your .mc file:

FEATURE(`no_default_msa')dnl
    DAEMON_OPTIONS(`NAME=NoMTA4, Family=inet, Addr=127.0.0.1')dnl
    DAEMON_OPTIONS(`Name=MSA4, Family=inet, Addr=127.0.0.1, Port=587, M=E')dnl
    DAEMON_OPTIONS(`NAME=NoMTA6, Family=inet6, Addr=::1')dnl
    DAEMON_OPTIONS(`Name=MSA6, Family=inet6, Addr=::1, Port=587, M=E')dnl

Use the FEATURE line regardless, then if your machine has IPv4 addresses configured, use the first twoDAEMON_OPTIONS lines; likewise, use the second two DAEMON_OPTIONS lines if it has IPv6 addresses configured, and all four if both types of addresses are configured. Then build a new .cf file from your .mc file, install it as /etc/mail/sendmail.cf and start sendmail.

In some cases, however, it might be better instead to modify submit.mc, to use

FEATURE(`msp', `smart_host')dnl

instead of the default

FEATURE(`msp', `[127.0.0.1]')dnl

This has the advantage that you don't have to run a daemon on the local host, but a disadvantage of introducing a dependency on the smart_host machine. Which of the two solutions is better for you depends on whether or not your network architecture has such a smart_host, how reliable you deem that smart_host to be, and how inconvenient running a daemon locally would be.

1. Should I use a wildcard MX for my domain?
2. How can I set up an auto-responder?
3. How can I get sendmail to deliver local mail to $HOME/.mail instead of into /usr/spool/mail (or /usr/mail)?
4. Why does it deliver the mail interactively when I'm trying to get it to go into queue only mode?
5. How can I solve "MX list for hostname points back to hostname" and "config error: mail loops back to myself" messages?
6. Why does my sendmail process sometimes hang when connecting over a SLIP/PPP link?
7. How can I summarize the statistics generated by sendmail in the syslog?
8. How can I check my sendmail.cf to ensure that it's re-writing addresses correctly?
9. What is procmail, and where can I get it?
10. How can I solve "cannot alias non-local names" errors?
11. Is sendmail Year-2000 (Y2K) compliant?
12. How can I batch remote mail to be sent using my ISP while delivering local mail immediately?
13. What does "unknown mailer error 1" mean?
14. How do I queue mail for another domain?
15. How do I create attachments with sendmail?
16. How do I find sendmail's version number?
17. How do I handle user names with upper-case characters?
18. What does "NOQUEUE: Null connection from ..." mean?
19. How do I configure sendmail for POP/IMAP/...?
20. How can I automatically copy messages based on sender or recipient addresses?
21. How can I send mail to all users?
22. Why can't I receive external mail?
23. How do I restrict attachments with sendmail?
24. Can I get sendmail to verify an entire e-mail address instead of just the domain?

 

Should I use a wildcard MX for my domain?

If at all possible, no.

Wildcard MX records have lots of semantic "gotcha"s. For example, they will match a host "unknown.your.domain" -- if you don't explicitly test for unknown hosts in your domain, you will get "MX list for hostname points back to hostname" or "config error: mail loops back to myself".

See RFCs 1535, 1536, and 1912 (updates RFC 1537) for more detail and other related (or common) problems. See also _DNS and BIND_ by Albitz and Liu.

They can also cause your system to add your domain to outgoing FQDNs in a desperate attempt to get the mail to where it's supposed to go, but because *.your.domain is valid due to the wildcard MX, delivery to not.real.domain.your.domain will get dumped on you, and you may even find yourself in a loop as the domain keeps getting tacked on time after time after time (the "config error: mail loops back to myself" problem).

Wildcard MX records are just a bad idea, plain and simple. They don't work the way you'd expect, and virtually no one gets them right. Avoid them at all costs.

 

How can I set up an auto-responder?

This is a local mailer issue, not a sendmail issue. Depending on what you're doing, look at procmail (see Q4.9), ftpmail, Majordomo or of course vacation, which is part of the sendmail (8.10.0 and later) distribution.

The latest version of Majordomo can be found at ftp://ftp.greatcircle.com/pub/majordomo/. It is written in Perl and requires either Perl 4.036, and appears to run with only minor tweaks under 5.001a or later. Make sure to check out the web interface for Majordomo called LWGate at http://www.netspace.org/users/dwb/lwgate.html. The latest versions of Perl (both 4.x and 5.x) can be found in http://www.metronet.com/perlinfo/src/. More information about Perl can be found at http://www.metronet.com/perlinfo/perl5.html

The latest version of ftpmail can be found at ftp://src.doc.ic.ac.uk/packages/ftpmail or any comp.sources.misc archive (volume 37).

 

How can I get sendmail to deliver local mail to $HOME/.mail instead of into /usr/spool/mail (or /usr/mail)?

Again, this is a local mailer issue, not a sendmail issue. Either modify your local mailer (source code will be required) or change the program called in the "local" mailer configuration description to be a new program that does this local delivery. One program that is capable of doing this is procmail (see Q4.9), although there are probably many others as well.

 

Why does it deliver the mail interactively when I'm trying to get it to go into queue only mode?

Or, I'm trying to use the "don't deliver to expensive mailer" flag, and it delivers the mail interactively anyway. I can see it does it: here's the output of "sendmail -v foo@somehost" (or Mail -v or equivalent).

The -v flag to sendmail (which is implied by the -v flag to Mail and other programs in that family) tells sendmail to watch the transaction. Since you have explicitly asked to see what's going on, it assumes that you do not want to to auto-queue, and turns that feature off. Remove the -v flag and use a "tail -f" of the log instead to see what's going on.

If you are trying to use the "don't deliver to expensive mailer" flag (mailer flag "e"), be sure you also turn on global option "HoldExpensive" (whose old one-character name was "c") -- otherwise it ignores the mailer flag.

 

How can I solve "MX list for hostname points back to hostname" and "config error: mail loops back to myself" messages?

I'm getting these error messages:

553 MX list for domain.net points back to relay.domain.net
    554 <user@domain.net>... Local configuration error

How can I solve this problem?

You have asked mail to a domain (e.g., domain.net) to be forwarded to a specific host (in this case, relay.domain.net) by using an MX record, but the relay machine doesn't recognize itself as domain.net. Add domain.net to/etc/mail/local-host-names [known as /etc/sendmail.cw prior to version 8.10] (if you are using FEATURE(`use_cw_file')) or add "Cw domain.net" to your configuration file.

There are a couple of additional cases where you don't actually want local delivery, and thus adding domain.net to class w is not the right fix:

• When relay.domain.net should just be acting as a forwarder, e.g. a firewall/gateway box. The proper fix could be to set up a mailertable entry for domain.net.
• When relay.domain.net is a secondary (etc.) MX, and the MX mistakenly points to a CNAME or other "non-canonical" name [this gives "config error: mail loops back to me (MX problem?)"]. The proper fix is to point the MX at the actual name, a "work-around" to add the MX target to class w.

Important: When making changes to your configuration file, be sure you kill and restart the sendmail daemon (for anychange in the configuration, not just this one):

kill -HUP `head -1 /var/run/sendmail.pid`

Note: You can also get this error message (MX loops ...) when two sendmail systems talk to each other, and both have the same value of $j . The best solution is "don't do that."

 

Why does my sendmail process sometimes hang when connecting over a SLIP/PPP link?

I'm connected to the network via a SLIP/PPP link. Sometimes my sendmail process hangs (although it looks like part of the message has been transfered). Everything else works. What's wrong?

Most likely, the problem isn't sendmail at all, but the low level network connection. It's important that the MTU (Maximum Transfer Unit) for the SLIP connection be set properly at both ends. If they disagree, large packets will be trashed and the connection will hang.

 

How can I summarize the statistics generated by sendmail in the syslog?

This question is addressed on pages 445-449 of _sendmail, 2nd Ed_ (see page 319 of first edition) by Bryan Costales (see entry sendmail-faq//book/ISBN/1-56592-222-0 in Q6.1).

To see what else is available today, check the Comprehensive Perl Archive Network. For more information, see the comp.lang.perl.* FAQs at ftp://rtfm.mit.edu/pub/usenet-by-hierarchy/comp/lang/perl/.

If you're interested in using these kinds of tools to help you do some near real-time monitoring of your system, you might be interested in MEWS (Mail Early Warning System). From the README:

If you've ever written a perl script to parse sendmail log files looking for errors, MEWS might be of interest to you. If you've ever thought about writing a perl script to munge sendmail log files, cringed a little and hurriedly came up with an excuse not to do it, read on.

If you don't have a Solaris 2.5 machine, you can probably stop reading here.

The Mail Early Warning System (MEWS) gives postmasters immediate notification of trouble spots on your mail backbone. It only works with sendmail.

To explain it in a nutshell, whenever sendmail returns a 4xx or 5xx SMTP code, with the MEWS modifications, it also sends the code over UDP to a daemon which then replays the error message to interested parties. The man pages go into a little bit more detail.

If this sounds like something you might be interested in getting more details about, you can find the MEWS archive at ftp://ftp.qualcomm.com/pub/people/eamonn/mews.tar.Z.

Here's an update from Stephane Lentz on June 29, 2000:

• anteater - written in C++ (+ STL lib), fast, really promising (you can add modules)
• mreport - written in C, works fine on small logs but not with big hubs' log (all data are stored into memory)

See also John Oliver's sendmail tools page for pointers to several related scripts. (May 25, 2001)

Brad Knowles's links for popstats, smtpstats and syslog_stats have been revived at a new location. (May 29, 2001)

Two new links (November 12, 2001):

• Counterpane: Log Analysis Resources
• LogReport

 

How can I check my sendmail.cf to ensure that it's re-writing addresses correctly?

Sendmail's test mode is best for this. Here is a short sample:

% sendmail -bt -C /path/to/test/sendmail.cf
    ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
    Enter <ruleset> <address>
    > /tryflags hs
    > /try esmtp user@domain.com
    Trying header sender address user@domain.com for mailer esmtp
    ...
    > /quit %

 

What is procmail, and where can I get it?

The program "procmail" is a replacement for the local mailer (variously called /bin/mail, /usr/bin/mail, mail.local, rmail, etc...). It has been ported to run on virtually every Unix-like OS you're likely to run into, and has a whole host of features. It is typically about 30% faster performing the job of the local mailer than programs such as /bin/mail or /usr/bin/mail, it has been hammered on widely to make it extremely secure (much more so than most local mailers) and very robust. Procmail is also capable of helping you put a quota on a user's mailbox through the standard Unix quota mechanism (see Q4.3).

In short, whatever you've got, you're almost guaranteed that procmail is better (if nothing else, the author has been able to focus lots of time and energy into making it the best and fastest tool available, while most system vendors just throw something together as fast as they can and move on to the whole rest of the OS).

However, this only begins to scratch the surface of what procmail is capable of. It's most important feature is the fact that it gives you a standard way to create rules (procmail calls them "recipes") to process your mail before the messages get put into your mailbox, and for that feature alone, it is one of the most important tools any administrator can have in their repertoire. By filtering out or automatically dealing with 80% of your daily cruft, it lets you spend more time on the hard 20%.

Note that recent releases of version 8 sendmail natively support using procmail as an alternate local mailer (see "FEATURE(local_procmail)" for version 8.7 and above). They also support procmail as an additional local mailer, if you're concerned about flat-out replacing your current local mailer with procmail (see "MAILER(procmail)" in version 8.7 and above).

You can also install procmail as a user and run it out of your .forward file, although this tends to be a bit slower and less efficient.

More information about procmail can be found at http://www.procmail.org/ and the latest version can be found at ftp://ftp.procmail.org/pub/procmail/.

Procmail is also the core to a mailing list management package called "SmartList", so if you've already got procmail, adding SmartList may be a good option. Some listowners prefer Majordomo, Listserv, or one of those other programs, but SmartList has more than a few adherents as well. Your personal tastes will dictate whether you swear by SmartList or at it.

 

How can I solve "cannot alias non-local names" errors?

I upgraded from my vendor's sendmail to the latest version and now I'm getting these error messages when I run "newaliases":

/etc/aliases: line 13: MAILER-DAEMON... cannot alias non-local names
    /etc/aliases: line 14: postmaster... cannot alias non-local names

How can I solve this problem?

Your local mailer doesn't have the "A" flag specified. Edit the Mlocal line in sendmail.cf and add "A" to the flags listed after "F=".

Better yet, if you're running a recent version of sendmail that uses m4 to generate .cf files from .mc files, regenerate your sendmail.cf and see if that fixes the problem. Remember to install the new sendmail.cf and restart the sendmail daemon.

 

Is sendmail Year-2000 (Y2K) compliant?

Please refer to the Sendmail Year 2000 Readiness Disclosure statement.

 

How can I batch remote mail to be sent using my ISP while delivering local mail immediately?

First, you need to get sendmail not to use DNS on your local machine so your host doesn't trying to connect to your ISP for a DNS query.

You also need to designate a "smart host" or external relay to handle all mail that you can't deliver locally (this would be your ISP's mail host).

You need to configure it so that the smtp mailer is considered "expensive" by adding the F=e mailer flag and tell sendmail not to connect to expensive mailers by default by setting the HoldExpensive option to True.

You need to add mydomain.com to the sendmail.cw file or the Cw line in the sendmail.cf.

Finally, you need to run a program periodically to check in with your ISP and get them to deliver any mail they may have queued for you.

Andrzej Filip offers a different solution based on use of the dsmtp mailer (introduced in 8.10) instead of expensive mailers.

 

What does "unknown mailer error 1" mean?

In general, sendmail does not perform final delivery of messages, but relies on a local delivery agent instead. Such an agent, mail.local, is provided with the sendmail distribution. Any such agent that sendmail invokes for message delivery, as specified on an M line in sendmail.cf, must exit with code 0 (success), or one of the failure codes noted insrc/sysexits.h. These generally run in the range 64 - 78, so 1 would be out of range, and lead to sendmail generating the above error.

 

How do I queue mail for another domain?

Situation: Your system mailserver.my.domain should act as a backup mailserver formailserver.destination.domain. The client wants to receive mail for the address user@destination.domain. This requires:

1. MX Records:
   destination.domain.                            IN MX 10 mailserver.destination.domain.
       destination.domain.                        IN MX 20 mailserver.my.domain.
       mailserver.destination.domain.       IN MX 10 mailserver.destination.domain.
       mailserver.destination.domain.       IN MX 20 mailserver.my.domain.

The last two records are there "just in case" (someone forgot masquerading).

Make sure you use the real names of all systems. mailserver.my.domain must know its own name, otherwise you'll get the famous mail loops back to myself error.

Instead of using MX records that point to mailserver.destination.domain, you can use theFEATURE(mailer table) on mailserver.my.domain as explained in cf/README for routing e-mails.

1. On your system: do nothing unless you have anti-relay rules installed (which you really should have!). In this case, add destination.domain to the required files (8.9) (or for 8.8). Don't add destination.domain ormailserver.destination.domain to class w on your system!

If you want finer-grained control, then instead of updating /etc/mail/relay-domains, add the following to/etc/mail/access, as the access map entries allows relaying only "To:" a domain, while relay-domainsallows both directions.

To:destination.domain       RELAY

1. sendmail on your system will try to deliver mail during queue runs, however, the client may trigger delivery by using the ETRN command.

 

How do I create attachments with sendmail?

You don't. Sendmail is a mail transfer agent (MTA). Creating e-mail messages, including adding attachments or signatures, is the function of a mail user agent (MUA). Some popular MUAs include mutt, elm, exmh, Netscape, Eudora and Pine. Some specialized packages (metamail, some Perl modules, etc.) can also be used to create messages with attachments.

 

How do I find sendmail's version number?

To find out which version is actually running, from without, telnet to the SMTP port (port 25). The daemon usually announces its name and version number, as in

thishost% telnet that.host 25
    Trying IP_addr...
    Connected to that.host.
    Escape character is '^]'.
    220 that.host ESMTP Sendmail 8.12.1/8.12.1; Fri, 28 Dec 2001 11:39:34 -0800
    QUIT

To query a binary on your local host, the following command should display its version number, along with some extra configuration information, possibly including the configuration version number:

% echo \$Z | /usr/sbin/sendmail -bt -d0
    Version 8.12.1
    Compiled with: MAP_REGEX LOG MATCHGECOS MIME7TO8 MIME8TO7 NAMED_BIND
    NETINET NETUNIX NEWDB NIS QUEUE SCANF SMTP USERDB XDEBUG

    ============ SYSTEM IDENTITY (after readcf) ============
    (short domain name) $w = knecht
    (canonical domain name) $j = knecht.Sendmail.ORG
    (subdomain name) $m = Sendmail.ORG
    (node name) $k = knecht.Sendmail.ORG
    ========================================================

    ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
    Enter <ruleset> <address>
    > 8.12.1
    %

Adjust the pathname as needed; /usr/lib and /usr/sbin are the most common locations.

 

How do I handle user names with upper-case characters?

You really shouldn't, because upper case characters in user names are contrary to the Unix tradition. If you do, then e-mail addresses will be case sensitive, so that mail to <USER@your.host> will bounce instead of being delivered to <user@your.host>. As this is contrary to the expectations of many, it is not recommended.

But if you insist on doing so anyway, and you have version 8.10, put the following in your .mc file:

MODIFY_MAILER_FLAGS(`LOCAL', `+u')dnl

If you don't have 8.10, you will need to redefine the LOCAL_MAILER_FLAGS m4 variable, but the initial value varies from OS to OS, so this is yet another reason not to mess with this flag.

Another hack is the creation of aliases for Uppercase local users in the form:

# lowercase version to real one
    uppercase: Uppercase

It will make sendmail deliver messages to uppercase local recipients in a case insensitive manner.

 

What does "NOQUEUE: Null connection from ..." mean?

An entry like:

NOQUEUE: Null connection from host.domain [IP.AD.DD.RESS]

 

How do I configure sendmail for POP/IMAP/...?

You don't. Sendmail is a mail transfer agent whose primary purpose is to send and receive e-mail (primarily via SMTP). Sendmail does not implement any remote access protocols such as POP or IMAP.

 

How can I automatically copy messages based on sender or recipient addresses?

It would require custom programming. You could either write a mail filter using the new Milter API in sendmail 8.10 and later (see libmilter/README) or you could look at some of these other unsupported hints:

• Axel Reinhold's logall.c module
• Message-Id: <33AA593A.4B701C3F@syntegra.nl>
• the procmailrc man page

Note that no such feature has been added to sendmail. When asked about this one of the sendmail developers said it was "because we still believe a bit in privacy."

 

How can I send mail to all users?

There is no magic short-cut for this. But it is not hard to set up: create an aliases entry

alluser:            :include:/etc/mail/allusers

Don't forget to run 'newaliases'. Then list your users, one per line, in the file '/etc/mail/allusers'. You might be able to do that with

awk -F: '$3 > 100 { print $1 }' /etc/passwd > /etc/mail/allusers

 

Why can't I receive external mail?

Several vendors have changed the way that sendmail is run. They decided that most people need a client-only version of sendmail. So it is listening only on the localhost interface. Check the system documentation on how to change your .mc file. Here is a partial table of where some vendors ship their sendmail configuration hierarchy:

sendmail distribution ./cf Solaris 7,8,9 /usr/lib/mail Solaris 10 /etc/mail/cf Red Hat 6.2 /usr/lib/sendmail-cf Red Hat 7 /usr/share/sendmail-cf Slackware 7.1 /usr/src/sendmail/cf

But you should check for yourself on your own system. When in doubt, do a find for "proto.m4", then go up the tree one level. When you find the .mc file, look for the string "DAEMON_OPTIONS" and for the comment lines near that string.

 

How do I restrict attachments with sendmail?

sendmail itself does not look at the content of a message, so it is not in a position to strip attachments. You need a filtering package that works with sendmail. You might want to look at www.milter.org for some open source solutions that use our "milter" facility. There's also something called MIMEDefang that can do it. You can also get commercial products to do it.

 

Can I get sendmail to verify an entire e-mail address instead of just the domain?

If the e-mail comes from example.com, you have to look up the MX or A records for example.com to figure out which mail server to ask if the user is valid. The DNS could be slow or unresponsive. The remote server could be slow or unresponsive.

If you were to make such checks, a bad guy could bombard you with mail claiming to come from hotmail.com users, and then suddenly you would be connection-bombing Hotmail's mail servers asking them about the recipients the bad guy is claiming to be.

The only safe way to do this is to verify that the sender exists when the sender claims to be in your domain. Naturally you are then in a position to confirm or deny the sender is valid.

1. Sun Microsystems SunOS/Solaris 1.x/2.x
   1. How can I solve "line 273: replacement $3 out of bounds" errors?
   2. How can I solve "line 445: bad ruleset 96 (50 max)" errors?
   3. Why does version 8 sendmail (< 8.7.5) sometimes hang under Solaris 2.5?
   4. Why can't I use SunOS/Solaris to get email to certain large sites?
   5. Why do I have trouble compiling on Solaris?
   6. How does 8.X compare to 8.X+Sun?
2. IBM AIX
   1. The system resource controller always reports sendmail as "inoperative". What's wrong?
   2. Why can't I use AIX to get email to some sites?
   3. Why can't I get sendmail 8.7.1 to use MX records with AIX 3.2.5?
3. Linux
   1. Red Hat
      1. Why do I have so many sendmail problems configuring sendmail with linuxconf?
      2. I built sendmail.cf from sendmail.mc and it works until the next reboot of the machine. What is going on?
      3. Why can't I receive mail with Red Hat 7.1 and later?
   2. SusE
      1. Where is the sendmail.mc file on SuSE Linux?

 

SUN MICROSYSTEMS SUNOS/SOLARIS 1.X/2.X

How can I solve "line 273: replacement $3 out of bounds" errors?

When I use sendmail V8 with a Sun config file I get lines like:

/etc/sendmail.cf: line 273: replacement $3 out of bounds

the line in question reads:

R$*<@$%y>$*            $1<@$2.LOCAL>$3            user@ether

what does this mean? How do I fix it?

V8 doesn't recognize the Sun "$%y" syntax, so as far as it is concerned, there is only a $1 and a $2 (but no $3) in this line. Read Rick McCarty's paper on "Converting Standard Sun Config Files to Sendmail Version 8", in the contrib directory (file "converting.sun.configs") in the latest version 8 sendmail distribution for a full discussion of how to do this.

 

How can I solve "line 445: bad ruleset 96 (50 max)" errors?

When I use sendmail V8 on a Sun, I sometimes get lines like:

/etc/sendmail.cf: line 445: bad ruleset 96 (50 max)

what does this mean? How do I fix it?

You're somehow trying to start up the old Sun sendmail (or sendmail.mx) with a version 8 sendmail config file, which Sun's sendmail doesn't like. Check your /etc/rc.local, any procedures that have been created to stop and re-start the sendmail processes, etc.... Make sure that you've switched everything over to using the new sendmail. To keep this problem from ever happening again, try the following (make sure you're logged in as root):

mv /usr/lib/sendmail /usr/lib/sendmail.old
    ln -s /usr/local/lib/sendmail.v8 /usr/lib/sendmail
    mv /usr/lib/sendmail.mx /usr/lib/sendmail.mx.old
    ln -s /usr/local/lib/sendmail.v8 /usr/lib/sendmail.mx
    chmod 0000 /usr/lib/sendmail.old
    chmod 0000 /usr/lib/sendmail.mx.old

Assuming, of course, that you have installed sendmail V8 in /usr/local/lib/sendmail.v8.

 

Why does version 8 sendmail (< 8.7.5) sometimes hang under Solaris 2.5?

In moving from Solaris 2.4 to Solaris 2.5, the kernel changed its name and is now in /kernel/genunix instead of /kernel/unix, so _PATH_UNIX in conf.h is pointing to the wrong place.

If you can't upgrade to the latest release of sendmail 8.8.z, the next best thing to do is change _PATH_UNIX in conf.h (in the solaris2 part) to point to the generic interface /dev/ksyms, like so:

# define _PATH_UNIX "/dev/ksyms"

 

Why can't I use SunOS/Solaris to get email to certain large sites?

This is most likely a problem in your resolver libraries (DNS, /etc/hosts, NIS, etc...). Older Sun (and Solaris?) resolver libraries allocated enough room for only five IP addresses for each host name, and if any program ever ran across a name with more than five IP addresses for it, the program would crash.

For example, this would keep you from getting mail to CompuServe, since (at the time of this writing) they list eleven IP addresses for mx1.compuserve.com (one of the named MXes for compuserve.com).

This will affect you even if you use version 8 sendmail, since it's a problem in the resolver libraries, and not in sendmail itself.

You should either get patches to the resolver libraries from Sun, or the latest version of BIND (see Q2.12) and install their resolver library routines. Between the two, installing BIND is a bit more work, but it typically gives you much more up-to-date code to help you resist attacks to your systems, more capable programs to be used for serving the DNS (including support for IPv6 and several other features), and some very useful utility programs.

 

Why do I have trouble compiling on Solaris?

Many people have experienced compilation problems on Solaris, with the compiler typically complaining about tm_zoneor TopFrame.

 

How does 8.X compare to 8.X+Sun?

With a Vn/Berkeley config file, they're identical. There are a few minor differences between 8.X with a Vn/Berkeleyconfig file and 8.X+Sun with the same config file, but the V line changed to Vn/Sun. But most differences are the backwards compatibility hacks needed for 8.X+Sun to support old V1/Sun config files.

 

IMB AIX

The system resource controller always reports sendmail as "inoperative". What's wrong?

When I use version 8 sendmail on an IBM RS/6000 running AIX, the system resource controller always reports sendmail as "inoperative", even though it's actually running. What's wrong?

When running as a daemon, sendmail detaches from its parent process, fooling the SRC into thinking that sendmail has exited. To fix this, issue the commands:

    kill `head -1 /etc/sendmail.pid`
    chssys -s sendmail -f 9 -n 15 -S -a "-bD"
    startsrc -s sendmail -a "-bd -q30m"
    # your sendmail args may vary

Now the SRC should report the correct status of sendmail.

For more information, read up on the System Resource Controller, the lssrc command and the chssys command in the online AIX documentation.

 

Why can't I use AIX to get email to some sites?

When I use IBM's sendmail on an IBM RS/6000 running AIX trying to get to certain sites, it seems that I can get to some of them and not others. What's wrong?

There are two possible problems here:

1) Your version of sendmail is not configured to recognize MX records in the DNS. Search through your sendmail.cf looking for "OK MX" or "OK ALL". Older configurations had this line commented out, and this will cause mail from you to some sites to fail (because those sites have MX records, but no A records in their DNS for the specific Fully Qualified Domain Name you're trying to mail to).

For more information, see the comp.unix.aix FAQ ftp://rtfm.mit.edu/pub/usenet/news.answers/aix-faq/.

2) There is a negative caching bug in AIX 3.2.5 with /usr/sbin/named executables that are less than 103000 bytes long. Ask your IBM representative to give you PMP 3251, or the most recent patch that fixes this problem for your particular configuration and version of the OS.

 

Why can't I get sendmail 8.7.1 to use MX records with AIX 3.2.5?

BM, in their infinite wisdom, provided a header file that would easily mis-compile. This resulted in the struct{} for the DNS query to be mis-allocated, and MX processing would barf.

Fix 1) upgrade to 8.7.5 - this has a code fix for this problem.

Fix 2) Install the BIND 4.9.4 libraries and include files and tweak the Makefile.AIX to use them - I *think* these Get It Right (if not, at least it'll die during compile rather than failing weirdly at runtime).

Fix 3) Hack Makefile.AIX to pass a -DBIT_ZERO_ON_LEFT to cause the headers to use the right #ifdefs.

 

LINUX | RED HAT

Why do I have so many sendmail problems configuring sendmail with linuxconf?

Do not edit sendmail.cf with linuxconf. This tool and its module "mailconf" are broken and based on very old rulesets from 8.8.7 . You will have many troubles if you do this. First make sure that the sendmail-cf RPM is installed. Then create your own myhost.mc file in /usr/lib/sendmail-cf/cf:

% cd /usr/lib/sendmail-cf/cf
    % cp redhat.mc myhost.mc
    (Edit myhost.mc)
    % m4 ../m4/cf.m4 myhost.mc > myhost.cf
    (Test this new myhost.cf; once it's known good, install it:)
    (If 8.9.x or earlier:)
    % cp myhost.cf /etc/sendmail.cf
    % chown root /etc/sendmail.cf
    (If 8.10.x or later:)
    % cp myhost.cf /etc/mail/sendmail.cf
    % chown root /etc/mail/sendmail.cf

See /usr/doc/sendmail/README.cf (or just README) for features and detailed instructions how to do this.

 

I built sendmail.cf from sendmail.mc and it works until the next reboot of the machine. What is going on?

If you have used linuxconf's module "mailconf" just once, it will rewrite your sendmail.cf on every reboot if it sees that sendmail.cf is changed from linuxconf. The solution is to remove the mailconf module from linuxconf. Turn on linuxconf and go to item

Control files and systems > Configure Linuxconf modules

 

Why can't I receive mail with Red Hat 7.1 and later?

Red Hat, like some other vendors, changed the way that sendmail is run. They decided that most people need a client-only version of sendmail. So it is listening only on the localhost interface. Check the RH documentation on how to change that:

Make sure that you have installed the "sendmail-cf" package on your system -- it should be on your install media.

 

LINUX | SUSE

Where is the sendmail.mc file on SuSE Linux?

On SuSE Linux systems there is no real sendmail.mc file. This file is generated 'on the fly' by SuSEconfig using several variables in /etc/rc.config and /etc/rc.config.d/sendmail.rc.config (SuSE <= 7.3) or /etc/sysconfig/sendmail (SuSE >= 8.0).

SuSEconfig executes the script /sbin/conf.d/SuSEconfig.sendmail to a) build a temorary .mc file b) execute m4 to generate /etc/sendmail.cf and c) delete the temporary .mc file afterwards.

To make customisations you cannot achieve by modifying the variables in the configuration files mentioned above (using YaST or YaST2), you have two options:

1. Use /etc/mail/linux.mc (or /etc/mail/linux.nullclient.mc) as a starting point. Both files contain several helpful comments.
2. To get a .mc file based on your current configuration, modify /sbin/conf.d/SuSEconfig.sendmail to keep the temporary .mc file and execute SuSEconfig afterwards. Then use that copy as starting point.

In both cases you have to build your /etc/sendmail.cf (note: SuSE still uses /etc not /etc/mail as suggested in the manual) using the m4 macroprocessor:

m4 your.mc.file > /etc/sendmail.cf

Then reload sendmail with "rcsendmail reload".

To prevent SuSEconfig from overiding your new sendmail.cf in future runs, set the variable "SENDMAIL_TYPE" in /etc/rc.config.d/sendmail.rc.config to "no" (SuSE Linux <= 7.3). On systems >= 8.0 you probably will have to set an "exit" command atop of the file /sbin/conf.d/SuSEconfig.sendmail to do the same. SuSE 8.0 does not know the SENDMAIL_TYPE variable.

1. Reference material devoted exclusively to sendmail
2. Reference material with chapters or sections on sendmail
3. Reference material on subjects related to sendmail
4. World-wide web index pages on sendmail
5. World-wide web index pages Internet email in general
6. Online tutorials for sendmail
7. Online archives of mailing lists and Usenet newsgroups, relating to Internet email

 

Reference material devoted exclusively to sendmail

BIB-VERSION::	CS-TR-v2.1
ID::	sendmail-faq//online/reference/1
ENTRY::	March 23, 1996
TYPE::	Reference manual, available online in printable format
REVISION::	July 19, 2002
TITLE::	Sendmail Installation and Operation Guide
AUTHOR::	Allman, Eric
AUTHOR::	Shapiro, Gregory
AUTHOR::	Aßmann, Claus
CONTACT::	endmail-questions@Sendmail.ORG
DATE::	July 20, 2002
PAGES::	100
RETRIEVAL::	Contents of manual is in doc/op/op.ps of sendmail source archive
KEYWORD::	version 8.12.5 sendmail
LANGUAGE::	English
NOTES::	{g|n}roff "me" macro format version is in doc/op/op.me   See: URL: www.sendmail.com/sm/open_source

 

Reference material with chapters or sections on sendmail

BIB-VERSION::	CS-TR-v2.1
ID::	sendmail-faq//book/ISBN/0-13-151051-7
ENTRY::	March 23, 1996
TYPE::	Reference book, hardcopy
REVISION::	May 23, 1996; Updated abstract.
TITLE::	Unix System Administration Handbook, Second Edition
AUTHOR::	Nemeth, Evi
AUTHOR::	Snyder, Garth
AUTHOR::	Seebass, Scott
AUTHOR::	Hein, Trent R.
CONTACT::	sa-book@admin.com   Prentice-Hall, Inc.   Upper Saddle River, New Jersey 07458
DATE::	January, 1995
PAGES::	780
COPYRIGHT::	Copyright (c) 1995 by Prentice Hall PTR
LANGUAGE::	English
NOTES::	See: URL:http://www.admin.com/

 

Reference material on subjects related to sendmail

BIB-VERSION::	CS-TR-v2.1
ID::	sendmail-faq//book/ISBN/1-56592-512-2
ENTRY::	April 14, 1999
TYPE::	Reference book, hardcopy
REVISION::	April 14, 1999; Updated entire entry for 3rd Ed.
TITLE::	DNS and BIND 3rd Edition
AUTHOR::	Albitz, Paul
AUTHOR::	Liu, Cricket
CONTACT::	O'Reilly & Associates, Inc.   103 Morris Street, Suite A   Order by phone:     800-998-9938 (US/Canada inquiries)     800-889-8969 (US/Canada credit card orders)     707-829-0515 (local/overseas)
DATE::	September, 1998
PAGES::	502
COPYRIGHT::	Copyright (c) 1998 O'Reilly & Associates, Inc. All rights reserved.
LANGUAGE::	English
NOTES::	See: URL: www.ora.com/catalog/dns3

 

World-wide web index/resource pages on sendmail

BIB-VERSION::	CS-TR-v2.1
ID::	sendmail-faq//online/index/10
ENTRY::	March 23, 1996
TYPE::	Online sendmail index
REVISION::	April 14, 1999; updated to sendmail.org address
TITLE::	sendmail FAQ Support Page
AUTHOR::	Beck, John
CONTACT::	John Beck sendmail+faq@sendmail.org
OTHER_ACCESS::	URL: www.sendmail.com/sm/open_source/open_source_faq
LANGUAGE::	English

 

6.5 World-wide web index pages and other reference on Internet email in general

BIB-VERSION::	CS-TR-v2.1
ID::	sendmail-faq//online/index/12
ENTRY::	March 23, 1996
TYPE::	Online general Internet email index
REVISION::	March 27, 1996; moved URL from RETRIEVAL field to OTHER_ACCESS field.
TITLE::	Internet Mail Consortium web site
CORP-AUTHOR::	Internet Mail Consortium
CONTACT::	info@imc.org
OTHER_ACCESS::	URL: www.imc.org
LANGUAGE::	English

 

Online tutorials for sendmail

BIB-VERSION::	CS-TR-v2.1
ID::	sendmail-faq//online/tutorial/9
ENTRY::	March 23, 1996
TYPE::	Online sendmail tutorial
REVISION::	March 27, 1996; moved URL from RETRIEVAL field to OTHER_ACCESS field.
REVISION::	August 29, 1998; updated URL.
TITLE::	Sendmail V8: A (Smoother) Engine Powers Network Email
AUTHOR::	Reich, Richard
CONTACT::	Richard Reich richard@reich.com
DATE::	February 8, 1996
COPYRIGHT::	Copyright (c) 1995 The McGraw-Hill Companies, Inc. All Rights Reserved.
OTHER_ACCESS::	URL: www.networkcomputing.com/unixworld/tutorial/008/008.txt.html
LANGUAGE::	English
NOTES::	UnixWorld Online: Tutorial: Article No. 008

 

Online archives of mailing lists and Usenet newsgroups, relating to Internet email

BIB-VERSION::	CS-TR-v2.1
ID::	sendmail-faq//online/archive/18
ENTRY::	March 25, 1996
TYPE::	Online Usenet newgroup archive
REVISION::	March 27, 1996; moved URL from RETRIEVAL field to OTHER_ACCESS field.
TITLE::	DejaNews
OTHER_ACCESS::	URL: www.dejanews.com
LANGUAGE::	English
NOTES::	Archives/indexes only Usenet news.