Path: news1.ucsd.edu!ihnp4.ucsd.edu!swrinde!newsfeed.internetmci.com!in2.uu.net!ulowell.uml.edu!vtc.tacom.army.mil!news2.acs.oakland.edu!condor.ic.net!news.cic.net!news From: pauls@CIC.Net Newsgroups: comp.mail.sendmail,comp.mail.misc,comp.answers,news.answers Subject: comp.mail.sendmail Frequently Asked Questions (FAQ) Followup-To: comp.mail.sendmail Date: 27 Dec 1995 06:01:11 GMT Organization: CICNet, Inc. Lines: 990 Approved: news-answers-request@MIT.Edu Distribution: world Expires: 01/31/96 01:00:01 Message-ID: <4bqnf7$6f3@news.cic.net> Reply-To: sendmail-faq@etext.org (Sendmail FAQ Maintainers) NNTP-Posting-Host: locust.cic.net Summary: This posting contains a list of Frequently Asked Questions (and their answers) about the program "sendmail", distributed with many versions of Unix (and available for some other operating systems). It should be read by anyone who wishes to post to comp.mail.sendmail, or anyone having questions about the newsgroup itself. Keywords: sendmail mail SMTP FAQ X-Posting-Frequency: posted on the 27th of each month Xref: news1.ucsd.edu comp.mail.sendmail:19729 comp.mail.misc:19058 comp.answers:13243 news.answers:51770 Posted-By: auto-faq 3.1.1.2 Archive-name: mail/sendmail-faq [The most recent copy of this document can be obtained via anonymous FTP from rtfm.mit.edu in /pub/usenet/news.answers/mail/sendmail-faq. If you do not have access to anonymous FTP, you can retrieve it by sending email to mail-server@rtfm.mit.edu with the command "send usenet/news.answers/mail/sendmail-faq" in the message.] comp.mail.sendmail Frequently Asked Questions Last updated 13 Dec 1995 This FAQ is centered around version 8 sendmail (8.6.12 being the most recent release of sendmail 8.6, and 8.7.3 being the most recent release of sendmail 8.7). As of yet, it makes no attempt to cover other versions of sendmail in any depth, although certain other versions do get mentioned in passing. Comments should be sent to , although this address may be changing in the future (as I get settled in my new job, and get certain programs installed to help automate this kind of stuff). Note that much of this document is copied verbatim from the FAQ developed by Eric Allman for sendmail 8.6.9, although these two documents are continuing to diverge. I've tried to be very careful to emulate his style and tone, so that this document has a consistent "feel" to it. Unfortunately, I may not have completely succeeded and where he may have been succint, I may have come across as terse (or worse). I apologize in advance for anyone who is offended, but this document is currently targeted towards the experienced Unix System Administrator/Domain Administrator/Postmaster, and therefore much has been omitted in the interest of brevity (perhaps too much, at least on my part). With several major overhauls scheduled (including at least one complete re-write), this situation will hopefully improve dramatically, but you have to bear with me for the nonce. -Brad Knowles brad@etext.org comp.mail.sendmail FAQ Maintainer ====================================================================== BEFORE YOU GO ANY FURTHER ====================================================================== * What do you wish everyone would do before sending you mail or posting to comp.mail.sendmail? Read this FAQ completely. If they're posting a question about Sendmail V8, read src/READ_ME and cf/README completely. Read the books written to help with common problems such as compilation and installation, configuration, security issues, etc.... Ask themselves if their question hasn't already been answered. -------------------- * How can I be sure if this is the right place to look for answers to my questions? 1. Do you know, for a fact, that the question is related to the Unix program "sendmail"? 2. Is the question about a sendmail-like program (e.g., Smail, Zmailer, MMDF, etc...)? 3. Is the question about an SMTP Gateway product for a LAN mail package (e.g., cc:Mail, MS-Mail, WordPerfect Office/GroupWise, etc...) or a POP/IMAP client program (e.g., Eudora, Pegasus, Z-Mail, etc...)? If you answered "yes" to the question #1, then this is the right place. If you're not using the most recent version of sendmail V8, be prepared for a lot of answers that amount to "Get V8". V8 doesn't solve every single sendmail problem that exists (properly configured or not), but it is the area of heaviest current development and solves a long laundry list of problems that previous versions of sendmail are known to have. If you answered "yes" to question #2 and are not going to upgrade to sendmail (presumably V8), then this is probably not the right place to look. I recommend looking elsewhere in the "comp.mail.*" hierarchy and seeing if there is a newsgroup that might be more appropriate (comp.mail.smail, comp.mail.misc, etc...). If you answered "yes" to question #3, then this is certainly not the right place to look. Look around elsewhere in the "comp.mail.*" or "comp.*" hierarchy for a more appropriate newsgroup. You may also find some useful information in (put together by Paul Southworth from various sources on comp.mail.misc). Note that Z-Mail now has its own newsgroup, comp.mail.zmail. If you couldn't answer "yes" to any of the above questions, then you're DEFINITELY in the wrong place. For the sake of your sanity and ego, not to mention avoiding the waste of your time and ours, try asking your System or E-Mail Administrator(s) before you post any questions publicly. -------------------- * Where can I find the latest version of this FAQ? The most recent version is available via anonymous ftp to rtfm.mit.edu in /pub/usenet/news.answers/mail/sendmail-faq. If you do not have access to anonymous FTP, you can retrieve it by sending email to mail-server@rtfm.mit.edu with the command "send usenet/news.answers/mail/sendmail-faq" in the message. There are mirrors for rtfm.mit.edu that can be found at and HTML-ized versions (if the original is in the right format) can be found at . -------------------- * I don't have access to Usenet news. Can I still get access to comp.mail.sendmail? Yes. Send email to mxt@dl.ac.uk with the command "sub comp-news.comp.mail.sendmail " in the message. E-mail you want posted on comp.mail.sendmail should be sent to comp-mail-sendmail@dl.ac.uk -------------------- * I have sendmail-related DNS questions. Where should I ask them? Depending on how deeply they get into the DNS, they can be asked here. However, you'll probably be told that you should send them to the Info-BIND mailing list (if the question is specific to that program) or to the Usenet newsgroup comp.protocols.tcp-ip.domains (DNS in general). -------------------- * How do I subscribe to either of these? For comp.protocols.tcp-ip.domains, you have to be on Usenet. They don't have a news-to-mail gateway yet (I'm working on this), but they do have a FAQ, and it can be found at . For the Info-BIND mailing list, send email to bind-request@uunet.uu.net with the command "subscribe" in the message. Submissions should be sent to bind@uunet.uu.net ====================================================================== TO DO (in no particular order) ====================================================================== Table of Contents Restructure content (outline format) Index Additional net resources (web pages, anonymous ftp sites, etc...) Annotated bibliography (including RFCs and comments/corrections for books specific to sendmail) Reorganize by platform/version of sendmail (All Sun questions in one section, all AIX questions in another, etc...) ====================================================================== GETTING STARTED ADVICE ====================================================================== * What's the best platform for running sendmail? Generally speaking, I adhere to the old axiom that you should choose what software you want to run first, then choose the platform (hardware and OS) that best runs this software. By this token, a recent version of BSD Unix would probably be best, since sendmail was developed at UC Berkeley on BSD Unix. FreeBSD and BSD/OS are two known implementations of BSD Unix for Intel-based PC's (among other hardware platforms), and this would make them the most "native" OSes for sendmail. FreeBSD is freely available by anonymous ftp or on CD-ROM, and BSD/OS is a commercial product. However, not everyone has this kind of "luxury". If you're on a homogenous network (i.e., completely composed of only one type of hardware and OS), then you should probably be running the same OS as the rest of the machines on the network, regardless of the axiom stated above. You may have other problems, but you should at least be able to get some local support on the OS for your machine. For more information on BSD Unix in general, see the Usenet newsgroups comp.unix.bsd.*, comp.bugs.4bsd.*, comp.os.386bsd.*. For more information on BSD/OS, see the BSD newsgroups mentioned above, or the BSD/OS Home Page at . For more information on FreeBSD, see the Usenet newsgroups comp.unix.bsd.freebsd.*, or the FreeBSD Home Page at . -------------------- * Which version of sendmail should I run? You need to look at what the primary function for the machine is. If its primary function is to run some CAD/CAM package on the desk of an Engineer, then there's probably not much sense in replacing the vendor-supplied version of sendmail. Just set the machine up to forward all outbound mail to a central mail relay, and then worry about making that central mail relay the best it can be. Also arrange to have all their inbound mail pass through a central Mail eXchanger (probably the same machine as the central Mail Relay), for the same reasons. If the primary function for a machine is to act as that central Mail Relay/Mail eXchanger, then I strongly recommend the best version of sendmail you can get -- the latest release of version 8 (8.7.3 being the latest release of sendmail 8.7, with 8.6.12 still being available if you desire it). IDA sendmail is also pretty good, but virtually everything it does, version 8 does better, and version 8 has the additional advantage of having continued development as well. On a central mailhub, recent versions of IDA sendmail are the oldest sendmail that I'd even consider leaving in place instead of replacing with version 8. However, keep in mind that version 8 still hasn't been ported (so far as we know) to some of the older (and perhaps more esoteric) platforms, and if you're stuck using one of them, you may not have much choice. Recently, some vendors have started shipping (or announced that they will soon ship) version 8 sendmail pre-configured for their machines. Unfortunately, in most cases this means you get a pre-compiled binary and a sendmail.cf file (that may need a bit of tweaking), but not much else of the "standard" version 8 sendmail installation kit. Silicon Graphics (SGI) is known to already be shipping version 8 sendmail in this fashion, and Hewlett-Packard has announced that they soon will be. This may be suitable for desktop machines forwarding all their mail to a central Mail Relay and receiving all their mail from a central Mail eXchanger, but I personally believe that this is not likely to be suitable for the central Mail Relay/Mail eXchanger itself. In that case, I recommend you get and install the latest version and get the m4 macros, the on-line documentation, the source code, etc.... ====================================================================== GENERAL QUESTIONS ====================================================================== * Where can I get Version 8? Via anonymous FTP from FTP.CS.Berkeley.EDU in /ucb/sendmail, or via . As of yet, there are no known official version 8 sendmail mirrors. -------------------- * What are the differences between Version 8 and other versions? See doc/changes/changes.me in the sendmail V8 distribution. See also RELEASE_NOTES at the top level of the distribution. -------------------- * What books are available describing sendmail? There are two books available devoted to sendmail: Costales, Allman, and Rickert, _Sendmail_. O'Reilly & Associates. Avolio & Vixie, _Sendmail: Theory and Practice_. Digital Press. As of yet, there are no books published that discuss version 8.7.y sendmail. Several books have sendmail chapters, for example: Nemeth, Snyder, and Seebass, _Unix System Administration Handbook_. Prentice-Hall. Carl-Mitchell and Quarterman, _Practical Internetworking with TCP/IP and UNIX_. Addison-Wesley. Hunt, _TCP/IP Network Administration_. O'Reilly & Associates. For details on sendmail-related DNS issues, consult: Liu and Albitz, _DNS and BIND_. O'Reilly & Associates. For details on UUCP, see: O'Reilly and Todino, _Managing UUCP and Usenet_. O'Reilly & Associates. ====================================================================== CONFIGURATION QUESTIONS (V8 unless otherwise indicated) ====================================================================== * How do I make all my addresses appear to be from a single host? Using the m4 macros, use: MASQUERADE_AS(my.dom.ain) This will cause all addresses to be sent out as being from the indicated domain. On your mailhub/mailhost/Domain Mail eXchanger, you may need to add "my.dom.ain" to the sendmail.cw file or the "Cwhost.my.dom.ain" line in the sendmail.cf file. If you're using version 8.7 sendmail, and you want to hide this information in the envelope as well as the headers, use: FEATURE(envelope_masquerade) -------------------- * How do I rewrite my From: lines to read ``First_Last@My.Domain''? There are a couple of ways of doing this. This describes using the "user database" code. This is still experimental, and was intended for a different purpose -- however, it does work with a bit of care. It does require that you have the Berkeley "db" package installed (it won't work with DBM). First, create your input file. This should have lines like: loginname:mailname First_Last First_Last:maildrop loginname Install it in (say) /etc/userdb. Create the database: makemap btree /etc/userdb.db < /etc/userdb You can then create a config file that uses this. You will have to include the following in your .mc file: define(confUSERDB_SPEC, /etc/userdb.db) FEATURE(notsticky) -------------------- * So what was the user database feature intended for? The intent was to have all information for a given user (where the user is the unique login name, not an inherently non-unique full name) in one place. This would include phone numbers, addresses, and so forth. The "maildrop" feature is because Berkeley does not use a centralized mail server (there are a number of reasons for this that are mostly historic), and so we need to know where each user gets his or her mail delivered -- i.e., the mail drop. We are in the process of setting up our environment so that mail sent to an unqualified "name" goes to that person's preferred maildrop; mail sent to "name@host" goes to that host. The purpose of "FEATURE(notsticky)" is to cause "name@host" to be looked up in the user database for delivery to the maildrop. -------------------- * Why are you so hostile to using full names for e-mail addresses? Because full names are not unique. For example, the computer community has two Andy Tannenbaums and two Peter Deutsches. At one time, Bell Labs had two Stephen R. Bournes with offices a few doors apart. You can create alternative addresses (e.g., Stephen_R_Bourne_2), but that's even worse -- which one of them has to have their name desecrated in this way? And you can bet that one of them will get most of the other person's e-mail. So called "full names" are just an attempt to create longer versions of unique names. Rather that lulling people into a sense of security, I'd rather that it be clear that these handles are arbitrary. People should use good user agents that have alias mappings so that they can attach arbitrary names for their personal use to those with whom they correspond (such as the MH alias file). Even worse is fuzzy matching in e-mail -- this can make good addresses turn bad. For example, Eric Allman is currently (to the best of our knowledge) the only ``Allman'' at Berkeley, so mail sent to "Allman@Berkeley.EDU" should get to him. But if another Allman ever appears, this address could suddenly become ambiguous. He's been the only Allman at Berkeley for over fifteen years -- to suddenly have this "good address" bounce mail because it is ambiguous would be a heinous wrong. Directory services should be as fuzzy as possible (within reason, of course). Mail services should be unique. -------------------- * Where do I find this user database (UserDB) code? Looking on ftp.cs.berkely.edu, I found /pub/4bsd/db.1.85.tar.gz, is this it? The user database code is part of the Sendmail V8 distribution. If you install the db library, edit the Makefile to include the right option (-NEWDB), and then make sendmail again, you get a binary which has the database features described in the book and the on-line documentation. -------------------- * How do I manage several domains with sendmail V8? If you want to provide mailservice to several domains and be able to add identical names across different domains (example: user@a.dom.ain mb1@dom.ain user@b.dom.ain mb2@dom.ain user@c.dom.ain mb@outer.space you may accomplish this by using an external database in conjunction with minor Ruleset rewriting in sendmail.cf. Many ISPs (Internet Service Providers) has asked me and here's a general solution (you may combine it with userdb's if you need to). Here it goes: 1. Make a textfile (I usually make one for each domain and concatenate them before database-compilation) with the following structure: user@a.dom.ain mb1@dom.ain user@b.dom.ain mb2@dom.ain user@c.dom.ain mb@outer.space The LHS (Left Hand Side) is the mail-adress of a particular user and the RHS is the corresponding mailbox. An example from the that might apply to the real world: webmaster@josnet.se wm.list@eowyn.josnet.se webmaster@client1.se joe@client1.se webmaster@client2.se anne@another.provider.se webmaster@client3.se joe@client3.se joe@client1.se c1_joe@mail.josnet.se joe@client3.se joeuser Note that you have to spell out the complete email-address in the LHS entry. The RHS entry may be either a local address (for example 'johan' if that account exists) or a complete email-adress on another system (or a domain that the server recognizes as local for that matter). 2. Compile the textfile into a database: makemap hash mbt.db $: $1 < @ $2 > . R$+ < @ $+ > $* $: $(mbt $1@$2 $: $1 < @ $2 > $3 $) R$+ < @ $+ > $* $: $(mbt $2 $: $1 < @ $2 > $3 $) R$+ < @ $+ > . $: $1 < @ $2 . > 4. Restart sendmail: You must do this in order to reread the cf-file. 5. Up and going! 6. Test with sendmail -bv or sendmail -bt Note: an alternate set of instructions can be found at . Both it and the instructions here have yet to be tested by the maintainer of this FAQ, but are believed to work correctly. Which you use is a matter of your personal aesthetics. -------------------- * Should I use a wildcard MX for my domain? If at all possible, no. Wildcard MX records have lots of semantic "gotcha"s. For example, they will match a host "unknown.your.domain" -- if you don't explicitly test for unknown hosts in your domain, you will get "config error: mail loops back to myself" errors. See RFCs 1535-1537 for more detail and other related (or common) problems. See also _DNS and BIND_ by Albitz and Liu. -------------------- * How can I get sendmail to process messages sent to an account and send the results back to the originator? This is a local mailer issue, not a sendmail issue. Depending on what you're doing, look at procmail (mentioned again below), ftpmail, or Majordomo. Check your local archie server to see what machine(s) nearest you have the most recent versions of these programs. -------------------- * How can I get sendmail to deliver local mail to $HOME/.mail instead of into /usr/spool/mail (or /usr/mail)? Again, this is a local mailer issue, not a sendmail issue. Either modify your local mailer (source code will be required) or change the program called in the "local" mailer configuration description to be a new program that does this local delivery. One program that is capable of doing this is "procmail", although there are probably many others as well. You might be interested in reading the paper ``HLFSD: Delivering Email to your $HOME'' available in the Proceedings of the USENIX System Administration (LISA VII) Conference (November 1993). This is also available via public FTP from ftp.cs.columbia.edu in /pub/hlfsd/{README.hlfsd,hlfsd.ps}. -------------------- * I'm trying to to get my mail to go into queue only mode, and it delivers the mail interactively anyway. (Or, I'm trying to use the "don't deliver to expensive mailer" flag, and it delivers the mail interactively anyway.) I can see it does it: here's the output of "sendmail -v foo@somehost" (or Mail -v or equivalent). The -v flag to sendmail (which is implied by the -v flag to Mail and other programs in that family) tells sendmail to watch the transaction. Since you have explicitly asked to see what's going on, it assumes that you do not want to to auto-queue, and turns that feature off. Remove the -v flag and use a "tail -f" of the log instead to see what's going on. If you are trying to use the "don't deliver to expensive mailer" flag (mailer flag "e"), be sure you also turn on global option "c" -- otherwise it ignores the mailer flag. -------------------- * There are four UUCP mailers listed in the configuration files. Which one should I use? The choice is partly a matter of local preferences and what is running at the other end of your UUCP connection. Unlike good protocols that define what will go over the wire, UUCP uses the policy that you should do what is right for the other end; if they change, you have to change. This makes it hard to do the right thing, and discourages people from updating their software. In general, if you can avoid UUCP, please do. If you can't avoid it, you'll have to find the version that is closest to what the other end accepts. Following is a summary of the UUCP mailers available. uucp-old (obsolete name: "uucp") This is the oldest, the worst (but the closest to UUCP) way of sending messages across UUCP connections. It does bangify everything and prepends $U (your UUCP name) to the sender's address (which can already be a bang path itself). It can only send to one address at a time, so it spends a lot of time copying duplicates of messages. Avoid this if at all possible. uucp-new (obsolete name: "suucp") The same as above, except that it assumes that in one rmail command you can specify several recipients. It still has a lot of other problems. uucp-dom This UUCP mailer keeps everything as domain addresses. Basically, it uses the SMTP mailer rewriting rules. Unfortunately, a lot of UUCP mailer transport agents require bangified addresses in the envelope, although you can use domain-based addresses in the message header. (The envelope shows up as the From_ line on UNIX mail.) So.... uucp-uudom This is a cross between uucp-new (for the envelope addresses) and uucp-dom (for the header addresses). It bangifies the envelope sender (From_ line in messages) without adding the local hostname, unless there is no host name on the address at all (e.g., "wolf") or the host component is a UUCP host name instead of a domain name ("somehost!wolf" instead of "some.dom.ain!wolf"). Examples: We are on host grasp.insa-lyon.fr (UUCP host name "grasp"). The following summarizes the sender rewriting for various mailers. Mailer sender rewriting in the envelope ------ ------ ------------------------- uucp-{old,new} wolf grasp!wolf uucp-dom wolf wolf@grasp.insa-lyon.fr uucp-uudom wolf grasp.insa-lyon.fr!wolf uucp-{old,new} wolf@fr.net grasp!fr.net!wolf uucp-dom wolf@fr.net wolf@fr.net uucp-uudom wolf@fr.net fr.net!wolf uucp-{old,new} somehost!wolf grasp!somehost!wolf uucp-dom somehost!wolf somehost!wolf@grasp.insa-lyon.fr uucp-uudom somehost!wolf grasp.insa-lyon.fr!somehost!wolf ====================================================================== RESOLVING PROBLEMS (V8 unless otherwise specified) ====================================================================== * When I compile, I get "undefined symbol inet_aton" and "undefined symbol _strerror" messages. You've probably replaced your resolver with the version from BIND 4.9.3. You need to compile with -l44bsd in order to get the additional routines. -------------------- * I'm getting "Local configuration error" messages, such as: 553 relay.domain.net config error: mail loops back to myself 554 ... Local configuration error How can I solve this problem? You have asked mail to the domain (e.g., domain.net) to be forwarded to a specific host (in this case, relay.domain.net) by using an MX record, but the relay machine doesn't recognize itself as domain.net. Add domain.net to /etc/sendmail.cw (if you are using FEATURE(use_cw_file)) or add "Cw domain.net" to your configuration file. IMPORTANT: Be sure you kill and restart the sendmail daemon after you change the configuration file (for ANY change in the configuration, not just this one): kill `head -1 /etc/sendmail.pid` sh -c "`tail -1 /etc/sendmail.pid`" NOTA BENE: kill -1 does not work with version 8.6.x! With version 8.7.y sendmail, if the daemon was started up with a full pathname (i.e., "/usr/lib/sendmail -bd -q13m"), then you should be able to send it a HUP signal and get it to reload itself. -------------------- * When I use sendmail V8 with a Sun config file I get lines like: /etc/sendmail.cf: line 273: replacement $3 out of bounds the line in question reads: R$*<@$%y>$* $1<@$2.LOCAL>$3 user@ether what does this mean? How do I fix it? V8 doesn't recognize the Sun "$%y" syntax, so as far as it is concerned, there is only a $1 and a $2 (but no $3) in this line. Read Rick McCarty's paper on "Converting Standard Sun Config Files to Sendmail Version 8", in the contrib directory (file "converting.sun.configs") in the latest sendmail V8 distribution for a full discussion of how to do this. -------------------- * When I use sendmail V8 on a Sun, I sometimes get lines like: /etc/sendmail.cf: line 445: bad ruleset 96 (50 max) what does this mean? How do I fix it? You're somehow trying to start up the old Sun sendmail (or sendmail.mx) with a sendmail V8 config file, which Sun's sendmail doesn't like. Check your /etc/rc.local, any procedures that have been created to stop and re-start the sendmail processes, etc.... Make sure that you've switched everything over to using the new sendmail. To keep this problem from ever happening again, try the following (make sure you're logged in as root): mv /usr/lib/sendmail /usr/lib/sendmail.old ln -s /usr/local/lib/sendmail.v8 /usr/lib/sendmail mv /usr/lib/sendmail.mx /usr/lib/sendmail.mx.old ln -s /usr/local/lib/sendmail.v8 /usr/lib/sendmail.mx chmod 0000 /usr/lib/sendmail.old chmod 0000 /usr/lib/sendmail.mx.old Assuming you have installed sendmail V8 in /usr/local/lib/sendmail.v8. -------------------- * When I use sendmail V8 on an IBM RS/6000 running AIX, the system resource controller always reports sendmail as "inoperative" even though it is running. What's wrong? When running as a daemon, sendmail detaches from its parent process, fooling the SRC into thinking that sendmail has exited. To fix this, issue the commands: kill `head -1 /etc/sendmail.pid` chssys -s sendmail -f 9 -n 15 -S -a "-d0.1" startsrc -s sendmail -a "-bd -q30m" # your sendmail args may vary Now the SRC should report the correct status of sendmail. A side-effect of the "-d0.1" option is that a few lines of debug output will be printed on the system console every time sendmail starts up. For more information, read up on the System Resource Controller, the lssrc command and the chssys command in the online documentation. -------------------- * I'm connected to the network via a SLIP/PPP link. Sometimes my sendmail process hangs (although it looks like part of the message has been transfered). Everything else works. What's wrong? Most likely, the problem isn't sendmail at all, but the low level network connection. It's important that the MTU (Maximum Transfer Unit) for the SLIP connection be set properly at both ends. If they disagree, large packets will be trashed and the connection will hang. -------------------- * I just upgraded to 8.x and suddenly I'm getting messages in my syslog of the form "collect: I/O error on connection". What is going wrong? Nothing. This is just a diagnosis of a condition that had not been diagnosed before. If you are getting a lot of these from a single host, there is probably some incompatibility between 8.x and that host. If you get a lot of them in general, you may have network problems that are causing connections to get reset. -------------------- * I just upgraded to version 8 sendmail and now when my users try to forward their mail to a program they get an "illegal shell" message and their mail is not delivered. What's wrong? In order for people to be able to run a program from their .forward file, version 8 sendmail insists that their shell (that is, the shell listed for that user in the passwd entry) be a "valid" shell, meaning a shell listed in /etc/shells. If /etc/shells does not exist, a default list is used, typically consisting of /bin/sh and /bin/csh. This is to support environments that may have NFS-shared directories mounted on machines on which users do not have login permission. For example, many people make their file server inaccessible for performance or security reasons; although users have directories, their shell on the server is /usr/local/etc/nologin or some such. If you allowed them to run programs anyway you might as well let them log in. If you are willing to let users run programs from their .forward file even though they cannot telnet or rsh in (as might be reasonable if you run smrsh to control the list of programs they can run) then add the line /SENDMAIL/ANY/SHELL/ to /etc/shells. This must be typed exactly as indicated, in caps, with the trailing slash. NOTA BENE: DO NOT list /usr/local/etc/nologin in /etc/shells -- this will open up other security problems. Note that IBM AIX has its own version of the /etc/shells file that sendmail does not know about. You can either duplicate the information in both files, symbolically link one to the other, or complain to your vendor as to why they're being non-standard. Also note that there are some weird things that AFS throws into the mix, and these can keep a program from running or running correctly out of .forward files or the system-wide aliases. -------------------- * I just upgraded to version 8 sendmail and suddenly connections to the SMTP port take a long time. What is going wrong? It's probably something weird in your TCP implementation that makes the IDENT code act oddly. On most systems V8 tries to do a ``callback'' to the connecting host to get a validated user name (see RFC 1413 for detail). If the connecting host does not support such a service it will normally fail quickly with "Connection refused", but certain kinds of packet filters and certain TCP implementations just time out. To test this, set the IDENT timeout to zero using: define(`confREAD_TIMEOUT',`Ident=0')dnl in the .mc file used by m4 to generate your sendmail.cf file. Alternatively, if you don't use m4, you can put ``OrIdent=0'' in the configuration file (we recommend the m4 solution, since that makes maintenance much easier for people who don't understand sendmail re-write rules, or after you've been away from it for a while). Either way, this will completely disable all use of the IDENT protocol. Another possible problem is that you have your name server and/or resolver configured improperly. Make sure that all "nameserver" entries in /etc/resolv.conf point to functional servers. If you are running your own server make certain that all the servers listed in your root cache (usually called something like "/var/namedb/root.cache"; see your /etc/named.boot file to get your value) are up to date. Either of these can cause long delays. -------------------- * I just upgraded to version 8 sendmail and suddenly I get errors such as ``unknown mailer error 5 -- mail: options MUST PRECEDE recipients.'' What is going wrong? You need OSTYPE(systype) in your .mc file -- otherwise the configurations use a default that probably disagrees with your local mail system. See cf/README for details. If this is on a Sun workstation, you might also want to take a look at the local mailer flags in the Sun-supplied sendmail.cf and compare them to the local mailer flags generated for your version 8 sendmail.cf. If they differ, you might try changing the V8 flags to match the Sun flags. -------------------- * Under V8, the "From " header gets mysteriously munged when I send to an alias. ``It's not a bug, it's a feature.'' This happens when you have a "owner-list" alias and you send to "list". V8 propagates the owner information into the envelope sender field (which appears as the "From " header on UNIX mail or as the Return-Path: header) so that downstream errors are properly returned to the mailing list owner instead of to the sender. In order to make this appear as sensible as possible to end users, I recommend making the owner point to a "request" address -- for example: list: :include:/path/name/list.list owner-list: list-request list-request: eric This will make message sent to "list" come out as being "From list-request" instead of "From eric". -------------------- * I am trying to use MASQUERADE_AS (or the user database) to rewrite from addresses, and although it works in the From: header line, it doesn't work in the envelope (e.g., the "From " line). Believe it or not, this is intentional. The interpretation of the standards by the V8 development group was that this was an inappropriate rewriting, and that if the rewriting were incorrect at least the envelope would contain a valid return address. If you're using version 8.7 sendmail, you can use FEATURE(envelope_masquerade) in your sendmail.mc file to change this behaviour. -------------------- * I want to run Sendmail version 8 on my DEC system, but you don't have MAIL11V3 support in sendmail. How do I handle this? Get the reimplementation of the mail11 protocol by Keith Moore from gatekeeper.dec.com in /pub/DEC/gwtools (with contributions from Paul Vixie). -------------------- * Messages seem to disappear from my queue unsent. When I look in the queue directory I see that they have been renamed from qf* to Qf*, and sendmail doesn't see these. If you look closely you should find that the Qf files are owned by users other than root. Since sendmail runs as root it refuses to believe information in non-root-owned qf files, and it renames them to Qf to get them out of the way and make it easy for you to find. The usual cause of this is twofold: first, you have the queue directory world writable (which is probably a mistake -- this opens up other security problems) and someone is calling sendmail with an "unsafe" flag, usually a -o flag that sets an option that could compromise security. When sendmail sees this it gives up setuid root permissions. The usual solution is to not use the problematic flags. If you must use them, you have to write a special queue directory and have them processed by the same uid that submitted the job in the first place. -------------------- * When I use IBM's sendmail on an IBM RS/6000 running AIX trying to get to certain sites, it seems that I can get to some of them and not others. What's wrong? There are two possible problems here: 1) Your version of sendmail is not configured to recognize MX records in the DNS. Search through your sendmail.cf looking for "OK MX". Older configurations had this line commented out, and this will cause mail from you to some sites to fail (because those sites have MX records, but no A records in their DNS for the specific Fully Qualified Domain Name you're trying to mail to). For more information, see the comp.unix.aix FAQ . 2) There is a negative caching bug in AIX 3.2.5 with /usr/sbin/named executables that are less than 103000 bytes long. Ask your IBM representative to give you PMP 3251, or the most recent patch that fixes this problem for your particular configuration and version of the OS. -------------------- Special thanks to: Eric Allman The core of the material here comes from his FAQ for version 8.6.9 sendmail. I couldn't even have gotten started were it not for him. Paul Southworth Provides FAQ posting services, useful comments on various sections, and the mailclient-faq. I couldn't have kept doing this were it not for his help. Ed Ravin Virtually all the material regarding the use of sendmail on AIX is his, and most of it has been carried over verbatim. Thanks also to: Neil Hoggarth, Andras Salamon, Johan Svensson, Christopher X. Candreva, and the readers and posters of comp.mail.sendmail -------------------- .