sendmail 8.12
Last Update 2004-08-11
Introduction
sendmail 8.12
aims at higher performance and better
security.
sendmail 8.12.11
is available (2004-01-18).
sendmail 8.12.10
is available (2003-09-17).
Unfortunately we were forced to release this version early
without having a chance to coordinate with vendors that
distribute sendmail.
Notice
To achieve better security than the default installation you
should consider enabling the
RunAsUser
option as explained in the
operations guide.
Even though this option restricts some functionality and
requires (for conventional (V7) mailboxes) a set-user-ID root
local delivery agent (e.g., procmail or mail.local),
it greatly enhances the overall security of the mail system
because sendmail will not run as root in all cases where it deals
with external input.
Notice
Only sendmail 8.12.7 and newer work with Berkeley DB 4.1.25
(you can't use earlier versions of either).
Problems and Patches
-
sendmail sleeps if too many bad commands are issued.
Unfortunately the code which limits the time to sleep is broken
for one case. A
patch for
sendmail/srvrsmtp.c
fixes this case.
Note: this patch is also useful for
sendmail 8.11.
- There's a regression in 8.12.11 which breaks logging of some
STARTTLS related problems, which can be fixed by a
patch for
sendmail/tls.c.
Note: the patches below are not needed for
sendmail 8.12.10 or newer!
- Due to a typo, sendmail doesn't accept 0 as value for
MaxMimeHeaderLength without complaining. A
patch is available,
a simple workaround is to use -1 instead of 0.
- Activating MaxMimeHeaderLength uncovered a bug in the message size
computation logic (hence the mailstats output is wrong).
A
patch is available
for testing.
- If you run sendmail 8.12.8 on Linux and you encounter errors
mentioning send-mail or Cannot mail directly to files
then add
APPENDDEF(`confENVDEF', `-DSM_CONF_GETOPT=0')
to devtools/Site/site.config.m4 and recompile sendmail, e.g.,
cd sendmail && sh ./Build -c && sh ./Build install
-
[2003-03-23]
If you use a dns map then you should apply this
patch
and rebuild your sendmail binary.
-
There might be some way to circumvent anti-relay protection;
it's not yet clear whether that's a result of an "unconventional"
interpretation of DNS lookups or actual a problem in the cf file.
You may want to apply a this
patch for
cf/m4/proto.m4
and rebuild your cf file.
A similar problem is explained on the main
Sendmail
page.
-
In some cases the MSP might complain during a queue run about
"MX list for ... points back to ..."
.
This can be fixed by
a patch for recipient.c
.
-
If you use Cyrus-SASLv2 and DIGEST-MD5 then transferring larger
messages will fail unless you apply
this patch.
-
If you use
FallbackMXhost
and
FEATURE(`relay_based_on_MX')
together then your system may become an open relay.
If you have an older version than 8.12.6 and you use
those features then
please apply this patch.
-
If you run
8.12.x (x >= 4) and you use sendmail as
client to authenticate
against a server using LOGIN, then you need also
this patch.
- 8.12.3 may cause a bus error on some OSs if the
environment variable
NAME
is set.
Either upgrade to the latest version or apply this
patch.
- On HP-UX you may need to add
APPENDDEF(`conf_smrsh_ENVDEF', `-DNOT_SENDMAIL')
APPENDDEF(`conf_mail_local_ENVDEF', `-DNOT_SENDMAIL')
to devtools/Site/site.config.m4 if you want to compile/use
smrsh or mail.local.
- On HP-UX 11.11 you may need to reduce the optimization level from
+O3 to +O2.
Otherwise additional bogus characters may end up in a qf file.
- On HP-UX 10.x you may get a compilation error in
bf.c
. Either upgrade to the latest version or
try this patch.
libmilter
-
Jose Marcio MARTINS DA CRUZ
wrote some patches to change the libmilter threading model
from the current "one thread per connection"
to a worker model.
Please send feedback to
the usual
sendmail.org addresses.
-
If multiple milters replace the body of an e-mail, then the body
may become corrupted.
Apply this patch
(for 8.12.0 - 8.12.3).
New Features
sendmail 8.12 has several
new features
which are listed in the
RELEASE_NOTES.
In the following some of them are explained.
Most important of all: sendmail is not set-user-ID root anymore.
See sendmail/SECURITY for details.
To deal with broken MTAs it is possible to turn off
STARTTLS
(and other features)
on a per host basis using the
tagged entries in the
access map.
For the server, you can use:
Srv_Features:some.domain flags
where flags can be a (comma or space separated) list of
the following characters:
A |
Do not offer AUTH |
P |
Do not offer PIPELINING |
S |
Do not offer STARTTLS |
V |
Do not request a client certificate in STARTTLS |
Generally upper case characters turn off a feature while lower case
characters turn it on.
STARTTLS related
sendmail 8.12 allows more control over the use of
STARTTLS.
In addition to the
features of 8.11, a new tag
TLS_Rcpt has been introduced that controls
STARTTLS on a per-recipient basis instead of per-host.
Furthermore, there can be a list of extensions.
Such a list starts with +
and the items are separated by ++.
Allowed extensions are:
CN:name | name must match ${cn_subject} |
CN | ${server_name} must match ${cn_subject} |
CS:name | name must match ${cert_subject} |
CI:name | name must match ${cert_issuer} |
Example:
e-mail send to secure.example.com should only use an encrypted
connection. e-mail received from hosts within the laptop.example.com
domain should only be accepted if they have been authenticated.
The host which receives e-mail for darth@endmail.org must present
a cert that uses the CN smtp.endmail.org.
TLS_Srv:secure.example.com | ENCR:112 |
TLS_Clt:laptop.example.com | PERM+VERIFY:112 |
TLS_Rcpt:darth@endmail.org | ENCR:112+CN:smtp.endmail.org |
The
STARTTLS related part of the
Received: header has been changed:
(version=${tls_version} cipher=${cipher} bit=${cipher_bits} verify=${verify})
If sendmail acts as client, it needs some information how to
authenticate against another MTA. This information can be provided
by the ruleset authinfo. The authinfo ruleset looks up {server_name}
using the tag AuthInfo: in the access map. If no entry is found,
{server_addr} is looked up in the same way and finally just the tag
AuthInfo: to provide default values.
The RHS for an Auth: entry in the access map should consists of a
list of tokens, each of which has the form: "TDstring" (including
the quotes). T is a tag which describes the item, D is a delimiter,
either ':' for simple text or '=' for a base64 encoded string.
Valid values for the tag are:
U | user (authorization) id |
I | authentication id |
P | password |
R | realm |
M | list of mechanisms delimited by spaces |
Example entries are:
AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
AuthInfo:more.dom "U:user" "P=c2VjcmV0"
User or authentication id must exist as well as the password. All
other entries have default values. If one of user or authentication
id is missing, the existing value is used for the missing item.
Realm defaults to $j and the list of mechanisms to those specified
by AuthMechanisms.
Since this map contains sensitive information, either the access
map must be unreadable by everyone but root (or the trusted user)
or FEATURE(`authinfo') must be used which provides a separate map.
Notice: It is not checked whether the map is actually
group/world-unreadable, this is left to the user.
Notice: the default configuration file causes the option DefaultAuthInfo
to fail since the ruleset authinfo is in the .cf file. If you really
want to use DefaultAuthInfo (it is deprecated) then you have to
remove the ruleset.
Misc
A first version of a
TUNING
guide is available.
Please send feedback
to me.
[(links)]
[Hints]
[Avoiding UBE]
[cf/README]
[New]
Copyright ©
Claus Aßmann
Please send comments to:
<ca at sendmail.org>
Disclaimer: the information provided may be inaccurate or outdated
or incomplete.
Please
contact me
if you find an error.