Patch Name: PHNE_10090 Patch Description: s700_800 10.0X-10 sendmail(1M) cumulative patch Creation Date: 97/02/11 Post Date: 97/04/24 Repost: 97/06/04 The documentation was modified to detail the side-effects this patch has on OpenMail installations. Warning: 97/06/04 - This Non-Critical Warning has been issued by HP. Please read the following if you are installing this patch on a system on which HP Openmail is installed. Upon installation of this patch a unique default user and group account is created and the Ou (default UID) and Og (default GID) macros in sendmail.cf are updated. This causes sendmail to run with a new user and group ID. As this new user information is not present in the /var/opt/openmail/xport.mappers/trusted.users file, sendmail will be unable to invoke Openmail's xport.in process and thus mail will immediately stop flowing to Openmail. You will see the following error in the logfile: SERIOUS ERROR Service Router(Incoming Trans) [OM 807] Invoker is not a trusted user The solution is to look at the Ou macro in the sendmail.cf file after installation of this patch, add this new sendmail username into the /var/opt/openmail/xport.mappers/trusted.users file and restart the sendmail interface using the commmands: /opt/openmail/bin/omoff -d0 -s smintfc /opt/openmail/bin/omon -s smintfc Hardware Platforms - OS Releases: s700: 10.00 10.01 10.10 s800: 10.00 10.01 10.10 Products: N/A Filesets: InternetSrvcs.INET-ENG-A-MAN InternetSrvcs.INETSVCS-RUN Automatic Reboot?: No Status: General Superseded With Warnings Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_10090 Symptoms: PHNE_10090: 1. PHNE_9622 won't work on HP-UX 10.00 and 10.01. PHNE_9622: 1. Sendmail daemon hangs when unable to process queue message. PHNE_8451: 1. sendmail from PHNE_8371 reports "/usr/lib/dld.sl unresolved symbol dbm_open(CODE)" when run on a 10.01 system. PHNE_8371: 1. Daemon does not accept new incoming SMTP connects if waiting for input on pending SMTP connection and queue processing occurs. PHNE_8067: 1. Patch does not work in 10.01 environments. PHNE_7481: 1. Corrupted msgid in syslog. 2. 250 Reply send to QUIT 3. Access check on files skipped 4. Defunct processes leftover during queue processing 5. X400 site hiding now supported 6. Uppercase local users supported in alias lists PHNE_6990: 1. If a new header was added to sendmail.cf that referenced $u inside <>, $u would not get expanded. PHNE_6834: 1. Newaliases and other sendmail functions would fail with an unresolved libdld reference. PHNE_6782: 1. DNS information which includes invalid characters can cause sendmail to act improperly. 2. The .forward file can be symbolically linked to a root-owned read-only file. Defect Description: PHNE_10090: 1. PHNE_9622 won't work on HP-UX 10.00 and 10.01. PHNE_9622: 1.When sendmail daemon processed the qf (Queue) file and tried to locate the df (Data) file, the file was gone due to the /usr/spool/mqueue may be full or nfile, ninode full. Then the sendmail will hang up with take CPU forever. PHNE_8451: 1. Patch built in 10.10 environment. PHNE_8371: 1. Signal handling defaults were improperly set. PHNE_8067: 1. Patch built in 10.10 environment. PHNE_7481: 1. Only checked for first < in headers.c logic. 2. 050 Informational code not prepended to remote VERBose 3. Access check not performed properly 4. Using signals instead of wait to clean up after children 5. Ruleset changes added to support X400 site hiding 6. Ignored alias expansions for lowercase conversion PHNE_6990: 1. Macro expansion only took place for $u if it was alone on the RHS of the header line. PHNE_6834: 1. Sendmail was built in a 10.10 environment instead of a 10.0. Sendmail has been rebuilt to work in all three environments. PHNE_6782: 1. Sendmail now looks for newlines and other characters in DNS/resolver calls, and properly safeguards against possible damage. 2. The .forward file can no longer be a symbolic link. SR: 1653182204 5003319343 1653151860 1653135467 5003313601 5003312983 1653160473 4701313007 1653157529 1653160499 5000716258 4701338698 Patch Files: /usr/sbin/sendmail /usr/newconfig/etc/mail/sendmail.cf /usr/sbin/smrsh /usr/share/man/man1m.Z/smrsh.1m what(1) Output: /usr/sbin/sendmail: Copyright (c) 1988 Regents of the University of Cali fornia. version.c $Revision: 1.40.112.12 $ PHNE_10090 $Date: 97/02/11 01:27:10 $ version.c 5.65 (Berkeley) 8/29/90 /usr/newconfig/etc/mail/sendmail.cf: $Revision: 1.30.112.2 $ /usr/sbin/smrsh: smrsh.c 8.3 (Berkeley) 9/12/95 /usr/share/man/man1m.Z/smrsh.1m: None cksum(1) Output: 1000992314 180224 /usr/sbin/sendmail 1407764920 75914 /usr/newconfig/etc/mail/sendmail.cf 1992585881 12288 /usr/sbin/smrsh 1647898701 2555 /usr/share/man/man1m.Z/smrsh.1m Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_6782 PHNE_6834 PHNE_6990 PHNE_7481 PHNE_8067 PHNE_8371 PHNE_8451 PHNE_9622 Equivalent Patches: PHNE_10116: s700: 9.01 9.03 9.05 9.07 s800: 9.00 9.04 Patch Package Size: 330 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_10090 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_10090.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_10090.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_10090. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_10090.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_10090.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: When this patch is installed on the system, a unique user account is created automatically, to be used exclusively for the DefaultUser (Ou) sendmail configuration option, instead of the usual value root. smrsh (Sendmail Restricted Shell) is the shell used for the prog mailer, instead of /sbin/sh. smrsh is a new file that is introduced in this patch. smrsh sharply limits the commands that can be run using the "|program" syntax in a .forward file. See smrsh(1m) for more details.