Patch Name: PHNE_11466 Patch Description: s700_800 10.0X-10 5.65 sendmail(1M) cumulative patch Creation Date: 97/07/28 Post Date: 97/08/13 Hardware Platforms - OS Releases: s700: 10.00 10.01 10.10 s800: 10.00 10.01 10.10 Products: N/A Filesets: InternetSrvcs.INET-ENG-A-MAN InternetSrvcs.INETSVCS-RUN Automatic Reboot?: No Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_11466 Symptoms: PHNE_11466: 1. Reply-all to a message with more than 4 recipients causes the header of the replied message to be broken. 2. Sendmail patch PHNE_10090 does not handle Ou set to value other than 1 in /etc/mail/sendmail.cf. 3. If header lines specified in /etc/mail/sendmail.cf has <$u> not in first position, then sendmail does not expand the $u macro instead leaves an empty <> in the header. 4. Site hiding not working when sending mail to a local user. 5. If a message received has multiparts (boundary information describing the boundary is split over two lines) and the message is to be forwarded on to another system which does not support 8 bit mime/ESMTP, then forwarding fails. PHNE_10090: 1. PHNE_9622 won't work on HP-UX 10.00 and 10.01. PHNE_9622: 1. Sendmail daemon hangs when unable to process queue message. PHNE_8451: 1. sendmail from PHNE_8371 reports "/usr/lib/dld.sl unresolved symbol dbm_open(CODE)" when run on a 10.01 system. PHNE_8371: 1. Daemon does not accept new incoming SMTP connects if waiting for input on pending SMTP connection and queue processing occurs. PHNE_8067: 1. Patch does not work in 10.01 environments. PHNE_7481: 1. Corrupted msgid in syslog. 2. 250 Reply send to QUIT 3. Access check on files skipped 4. Defunct processes leftover during queue processing 5. X400 site hiding now supported 6. Uppercase local users supported in alias lists PHNE_6990: 1. If a new header was added to sendmail.cf that referenced $u inside <>, $u would not get expanded. PHNE_6834: 1. Newaliases and other sendmail functions would fail with an unresolved libdld reference. PHNE_6782: 1. DNS information which includes invalid characters can cause sendmail to act improperly. 2. The .forward file can be symbolically linked to a root-owned read-only file. Defect Description: PHNE_11466: 1. With sendmail PHNE_10090, reply-all breaks with multiple recipients 2. Sendmail patch PHNE_10090 does not handle Ou set to value other than 1. 3. 10.10 Sendmail not expanding $u macro if it is not in first position. 4. Site hiding not working when sending mail to a local user. 5. Sendmail ESMTP does not support multiple line boundary messages. PHNE_10090: 1. PHNE_9622 won't work on HP-UX 10.00 and 10.01. PHNE_9622: 1.When sendmail daemon processed the qf (Queue) file and tried to locate the df (Data) file, the file was gone due to the /usr/spool/mqueue may be full or nfile, ninode full. Then the sendmail will hang up with take CPU forever. PHNE_8451: 1. Patch built in 10.10 environment. PHNE_8371: 1. Signal handling defaults were improperly set. PHNE_8067: 1. Patch built in 10.10 environment. PHNE_7481: 1. Only checked for first < in headers.c logic. 2. 050 Informational code not prepended to remote VERBose 3. Access check not performed properly 4. Using signals instead of wait to clean up after children 5. Ruleset changes added to support X400 site hiding 6. Ignored alias expansions for lowercase conversion PHNE_6990: 1. Macro expansion only took place for $u if it was alone on the RHS of the header line. PHNE_6834: 1. Sendmail was built in a 10.10 environment instead of a 10.0. Sendmail has been rebuilt to work in all three environments. PHNE_6782: 1. Sendmail now looks for newlines and other characters in DNS/resolver calls, and properly safeguards against possible damage. 2. The .forward file can no longer be a symbolic link. SR: 5003369280 5003369769 5003367714 1653199240 1653204214 1653182204 5003319343 1653151860 1653135467 5003313601 5003312983 1653160473 4701313007 1653157529 1653160499 5000716258 4701338698 Patch Files: /usr/sbin/sendmail /usr/newconfig/etc/mail/sendmail.cf /usr/sbin/smrsh /usr/share/man/man1m.Z/smrsh.1m what(1) Output: /usr/sbin/sendmail: Copyright (c) 1988 Regents of the University of Cali fornia. version.c $Revision: 1.40.112.13 $ PHNE_11466 $Date: 97/07/28 22:12:51 $ version.c 5.65 (Berkeley) 8/29/90 /usr/newconfig/etc/mail/sendmail.cf: $Revision: 1.30.112.5 $ /usr/sbin/smrsh: smrsh.c 8.3 (Berkeley) 9/12/95 /usr/share/man/man1m.Z/smrsh.1m: None cksum(1) Output: 2739236514 180224 /usr/sbin/sendmail 499115198 76707 /usr/newconfig/etc/mail/sendmail.cf 1992585881 12288 /usr/sbin/smrsh 1647898701 2555 /usr/share/man/man1m.Z/smrsh.1m Patch Conflicts: PHNE_9623 Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_6782 PHNE_6834 PHNE_6990 PHNE_7481 PHNE_8067 PHNE_8371 PHNE_8451 PHNE_9622 PHNE_10090 Equivalent Patches: None Patch Package Size: 350 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_11466 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_11466.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_11466.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_11466. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_11466.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_11466.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: This patch forces sendmail to run with non-privileged user/group IDs for the values of the DefaultUser (Ou) and the DefaultGroup (Og) sendmail configuration options. It also enforces the use of /usr/bin/smrsh as the Prog Mailer. Users classified as privileged are root, daemon, bin and sys. Groups classified as privileged are root, bin, sys, daemon and mail. The sendmail configuration macros 'Ou' and 'Og' specify the Default UID and Default GID with which sendmail will be run. If the file /etc/mail/sendmail.cf already specifies a non-privileged user in 'Ou' and a non-privileged group in 'Og', then this patch does not create any new user or group and does not modify the Ou/Og entries in sendmail.cf. If the file /etc/mail/sendmail.cf specifies a privileged user/group in Ou/Og or if there is no Ou/Og entry, then this patch will need to create a unique non-privileged default user and group and appropriately modify the Ou/Og entries in sendmail.cf. To enable this, the user MUST specify a non-existent user/group in /etc/mail/users file and /etc/mail/groups file. Upon installation on the system, this patch will use the entry in /etc/mail/users and /etc/mail/groups as the default user and group and automatically create them. This patch will also modify the 'Ou' and 'Og' entries in /etc/mail/sendmail.cf to correspond to the newly created user and group. This causes sendmail to run with the newly created user and group ID. This patch will also modify /etc/mail/sendmail.cf to use smrsh (Sendmail Restricted Shell) as the shell for the prog mailer, instead of /usr/bin/sh. smrsh is a new file that is introduced in this patch. smrsh sharply limits the commands that can be run using the "|program" syntax in a .forward file. See smrsh(1m) for more details. NOTE: 1. This patch will NOT be installed on a system which has a 8.x sendmail patch already installed. The 8.x sendmail patch will have to be removed to enable this patch to be installed. This has been done because of the following reasons: o This patch does not install /etc/mail/sendmail.cf and the 8.x sendmail.cf is not compatible with sendmail installed by this patch. Hence after installation of this patch on top of a 8.x sendmail patch, sendmail will not work. If the user desires to install PHNE_11466 after 8.x sendmail patch has been installed, then the user should first remove all the 8.x sendmail patches installed and then install PHNE_11466. 2. If /etc/mail/sendmail.cf has a privileged user/group for Ou/Og entries or no entry for Ou/Og, then PHNE_11466 will NOT get installed unless /etc/mail/users and /etc/mail/groups files are created with an entry for non-privileged non-existent default user and group to be used by sendmail. The patch will validate the entries in /etc/mail/users and /etc/mail/groups and stop installation if all the entries are found to be invalid (ie the entries already exist on the system.) 3. The default group created by this patch to be used by sendmail SHOULD NOT be used for any other purpose. 4. If you are installing this patch on a system, on which HP Openmail is installed, it will have some side-effects on Openmail installations. Upon installation of this patch on a system on which HP Openmail is installed, a unique default user and group account is created and the Ou (default UID) and Og (default GID) macros in sendmail.cf are updated. This causes sendmail to run with a new user and group ID. As this new user information is not present in the /var/opt/openmail/xport.mappers/trusted.users file, sendmail will be unable to invoke Openmail's xport.in process and thus mail will immediately stop flowing to Openmail. You will see the following error in the logfile: SERIOUS ERROR Service Router(Incoming Trans) [OM 807] Invoker is not a trusted user The solution is to look at the Ou macro in the sendmail.cf file after installation of this patch, add this new sendmail username into the /var/opt/openmail/xport.mappers/trusted.users file and restart the sendmail interface using the commands: /opt/openmail/bin/omoff -d0 -s smintfc /opt/openmail/bin/omon -s smintfc. 5. A new copy of the sendmail.cf file is provided under /usr/newconfig/etc/mail/sendmail.cf. This file contains fixes for certain defects. If the user decides to use this file as the base, then he should do the following a. make a copy of /usr/newconfig/etc/mail/sendmail.cf b. roll all the site-specific modifications including the default user/group (Ou/Og)entries introduced by this patch from the existing /etc/mail/sendmail.cf into the new copy. c. The resultant file produced in step b should replace the existing /etc/mail/sendmail.cf d. Freeze the new sendmail configuration by executing /usr/sbin/freeze e. Restart the sendmail daemon by executing the following commands /sbin/init.d/sendmail stop /sbin/init.d/sendmail start