Sendmail 8.9.3 Release Notes First Edition Manufacturing Part Number: <5969-4321> U.S.A.
Legal Notices The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.
prohibited. Copyright Notices Copyright 2001 Hewlett-Packard Company. All rights reserved. Reproduction, adaptation, or translation of this document without prior written permission is prohibited, except as allowed under the copyright laws. iCOD and iCOD CPU Agent Software are products of Hewlett-Packard Company, and all are protected by copyright. Copyright 1979, 1980, 1983, 1985-93 Regents of the University of California.
Contents 1. New and Changed Features New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Sendmail using LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 LDAP Support using the sendmail.cf file . . . . . . . . . . . . . . . . . . . . . . .10 Generating the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 New Configuration File Options . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 6
1 New and Changed Features A new version of sendmail, sendmail 8.9.3, is now available on HP-UX platform as the following patches: • on HP-UX 10.
New and Changed Features • on HP-UX 11.00 as patch PHNE_18546 This version of sendmail includes fixes for the defects found in the sendmail 8.8.6 version and some new features. The above patches will supersede the sendmail-8.8.6 patch released last year. The delta training document for the same is available in the KMINE database. It is also available at the Internet Services Support Information web page available at the URL: http://snsltm.cup.hp.com/dir_IntServ/sendmail.
New and Changed Features New Features New Features The following are the new features in Sendmail 8.9.3: Sendmail using LDAP Sendmail-8.9.3 supports the use of the LDAP protocol for address lookup. The ldapx class (database) is used to lookup items in the ldap directory service. The syntax of this directive in the sendmail configuration file, sendmail.
New and Changed Features New Features NOTE Any ldap-style options must be double-quoted and must follow immediately after the option (i.e. no spaces between the option and the quote). To lookup a login name in this database and have the official email address for that user returned, you might use a declaration like this: example: Kldap ldapx -k"uid=%s" -v"mail" -h"test1.india.hp.
New and Changed Features New Features #R< > $- $: < > $(ldap $1 $: $1 $) #R< > $+ $=O $+ $@ $>97 $1 $2 $3 Local users only try again Generating the Configuration File A shell script "gen_cf" is distributed along with the sendmail-8.9.3 patch. When the patch is installed, the script will be installed in the directory /usr/newconfig/etc/mail/cf/cf. This script has to be executed as root and in the /usr/newconfig/etc/mail/cf/cf directory.
New and Changed Features New Features sendmail.cf with loose_relay_check sendmail.cf with promiscuous_relay The sendmail.cf file generated using this script will differ from the default sendmail.cf file provided in the /usr/newconfig/etc/mail directory with respect to the check_* rulesets(check_mail, check_relay, check_rcpt) only. All the other options are identical. New Configuration File Options Described below are the new configuration file (sendmail.cf) options added in sendmail-8.9.3.
New and Changed Features New Features • DontBlameSendmail This option is used to enforce security check on the mode of files on which sendmail operates (reads/writes). For example, by default sendmail will refuse to read most files that are group writable on the grounds that they might have been tampered with by someone other than the owner. It will even refuse to read files in group-writable directories if the above option is set.
New and Changed Features New Features Table 1-2 Value Description ErrorHeaderInUnsafeDirPath Allow the file named in the ErrorHeader option to be in an unsafe directory. GroupWritableDirPathSafe Consider group-writable directories to be safe. GroupWritableForwardFileSafe Accept group-writable.forward files. GroupWritableIncludeFile Accept group-writable :include: files. GroupWritableAliasFile Allow group-writable alias files. HelpFileinUnsafeDirPath Allow Help file to be in unsafe directory.
New and Changed Features New Features Table 1-2 Value Description IncludeFileInUnsafeDirPathSafe Allow a :include: file that is in an unsafe directory to include references to program and files. MapInUnsafeDirPath Allow maps (e.g., hash, btree, and dbm files) in unsafe directories. LinkedAliasFileInWritableDir Allow an alias file that is a link in a writable directory. LinkedClassFileInWritableDir Allow class files that are links in writable directory. LinkedForwardFileInWritableDir Allow .
New and Changed Features New Features Table 1-2 Value Description WriteStatsToSymLink Allow the status file to be a symbolic link. RunProgramInUnsafeDirPath Go ahead and run programs that are in writable directory. RunWritableProgram Go ahead and run programs that are group or world writable. • DontProbeInterfaces This option will turn OFF the addition of all the interface names into the $=w macro on start-up. If users have lots of virtual interfaces, this option will speed up start-up.
New and Changed Features New Features This option will allow eight bit header when set to TRUE. This option is mainly used to allow eight bit characters in the header line of a mail message. This option is set using: O EightBitHeader = TRUE This option is commented in the default sendmail.cf file. Support for New Mailer Delivery Agent and Map Sendmail 8.9.
New and Changed Features New Features $=R macro is used to define the hosts that are allowed to relay. The default file sendmail uses to read the values for the $=R macro is /etc/mail/relay-domains. It is set in the sendmail.cf file using, FR -o /etc/mail/relay-domains The above line is commented out by default in the default sendmail.cf file provided. The default file from where the $=R macro receives its input is /etc/mail/relay-domains. This can be replaced by a file of user’s choice.
New and Changed Features New Features Table 1-3 Value Meaning REJECT Reject the sender or recipient with a general purpose message. DISCARD Discard the message completely using the $#discard mailer. This only works for sender addresses (i.e., it indicates that you should discard anything received from the indicated domain). ### any text where ### is an RFC 821 compliant error code and "any text" is a message to return for the command.
New and Changed Features New Features makemap dbm /etc/mail/access < /etc/mail/access Refer to makemap(1M) manpage for details on makemap utility. • Relaying Transmission of messages from a site outside your domain to another site outside your domain (relaying) is denied by default when using a sendmail-8.9.3 sendmail.cf file. Previous versions of sendmail allowed relaying by default. There are a lot of new features (rulesets) introduced in sendmail-8.9.
New and Changed Features New Features Setting this option, will allow relaying of all those mail messages where the sender of the mail messages is a valid user on that machine. For example, if abc is a valid user on host 1 then, user cbz on host 2 can telnet to host 1 as user abc and then send mail to user xyz on host 3 i.e. host 1 is now relaying. This should only be used if absolutely necessary as it opens a window for spammers.
New and Changed Features New Features accept such domains, use the features discussed below. — Accept unresolvable domains Setting this option, will allow accepting of all those MAIL FROM: parameters that are not fully qualified i.e, if the host part of the argument to MAIL FROM: command cannot be located in the host name service (e.g, DNS). This feature is commented in the default sendmail.cf file. To enable this feature, use the gen_cf script distributed along with the sendmail-8.9.3 patch.
New and Changed Features New Features spammer@aol.com REJECT cyberspammer.com REJECT Mail can’t be sent to spammer@aol.com or anyone at cyberspammer.com. To enable this feature use the gen_cf script distributed along with the sendmail-8.9.3 patch. — Realtime Blackhole List Setting this option, will turn ON rejection of hosts found in the Realtime Blackhole List. The default list is maintained on the server rbl.maps.vix.com. To use the default list maintained on the server rbl.maps.
New and Changed Features New Features If the above lines are included in the sendmail.cf file then, all header messages of the form "Message-Id:" will result in the ruleset SCheckMessageID to be called which will check the validity of the Message-Id header. Turning on this feature will increase the time sendmail takes to deliver a message as sendmail will now perform header checking.It will also check sender and recipient addresses by default (feature of sendmail-8.9.3).
2 Installation Information Read this chapter before installing Sendmail 8.9.3 on your system.
Installation Information Compatibility with Previous Versions Compatibility with Previous Versions Customers currently using any 8.x version of Sendmail do not need to modify their configuration file. It is compatible with this release of Sendmail. However, HP recommends using the Sendmail 8.9.3 configuration file (/usr/newconfig/etc/mail) delivered with this release in order to effectively use the new features and changes incorporated in this version. Site-specific changes can be made as required.
Installation Information Compatibility with Previous Versions Database Changes The version of the DB included in this patch is 3.0.55. The file format of the database files has changed considerably when compared to the previous versions. If the customers are using any db files it is required that they re-build all the maps using makemap utility and rebuild all the aliases using newaliases.
Installation Information System Requirements System Requirements The following are the system requirements to install Sendmail 8.9.3: • Hewlett-Packard 9000 Computer • HP-UX operating system version 10.20/11.
Installation Information Installing Sendmail 8.9.3 Installing Sendmail 8.9.3 The following are the Sendmail 8.9.3 patches: • on HP-UX 10.20 as patch PHNE_18979 • on HP-UX 11.00 as patch PHNE_18546 Install the appropriate patch as per the following steps: 1. Run the following command on the command line. swinstall -s Where is the absolute path where you downloaded the Sendmail 8.9.3 patch to. A GUI screen appears. 2. Select the Sendmail 8.9.3 product in the GUI screen.
Installation Information Installing Sendmail 8.9.
3 Documentation The following product documentation is available with Sendmail 8.9.
Documentation Man Pages Man Pages The following man pages are distributed with Sendmail 8.9.3 release: • mailstats.1 • idlookup.1 • mailq.1 • praliases.1 • sendmail.1m • makemap.1m • mtail.1m • newaliases.1m • killsm.1m • smrsh.1m • convert_awk.1m • identd.1m • owners.1m • aliases.
4 Known Problems and Limitations This chapter discusses the known problems and limitations in this release of Sendmail.
Known Problems and Limitations Known Problems Known Problems If LDAP is used for address lookup and if the LDAP lookup fails due to either network or server errors then the mail messages will be queued including those messages addressed to root. This is not acceptable as mail messsages addresssed to root need to be delivered immediately as they could be messages about system panics. A work-around solution to this problem will be to comment out the "CL" class macro in the sendmail.
Known Problems and Limitations Limitations Limitations There are no limitations in Sendmail 8.9.3.
Known Problems and Limitations Limitations 36 Chapter 4
