CAUTIONS for OPERATING SENDMAIL on DOMAIN/OS

Configuring Local Delivery for a Domain/OS Network

When configuring a local delivery mechanism on a Domain/OS network, we
recommend that you observe some precautions to avoid simultaneous file
write attempts by multiple nodes.  Concurrent file access from
multiple nodes can cause file-locking conflicts or file corruption.
Unfortunately, it isn't possible to prevent such conflicts entirely
within the sendmail program.

You should consider one of the following options for configuring local
mail delivery:

   + Require that all users address local mail to user@node_name,
     where node_name is the complete Internet name for each node.

   + Configure a small number of relay nodes (one if it can handle the
     load) to be able to resolve all mail addresses.  Have each user's
     mail delivered to a local spool directory on his/her home node.
     All peripheral nodes can have copies of the same sendmail
     configuration file.

     The above options require users to log in to their home node to
     read mail.

   + Have all nodes share a central spool directory residing on the
     relay node.

In all of these cases, peripheral nodes should never use a local
delivery agent that writes directly to the spool directory.  All
peripheral nodes should utilize SMTP to transfer mail to the sendmail
daemon on the node where the destination spool directory resides.
Although the Domain filesystem makes it easy to violate this protocol,
file access conflicts and/or corruption may result from simultaneous
access to a file by multiple local-delivery agents.

When diskless nodes share a spool directory, the disked node which
physically contains the spool directory should be the only one
performing local delivery, and the diskless nodes should use SMTP for
transmitting mail to its sendmail daemon.

Frozen Configuration Files

Although frozen configurations are available on Domain/OS, we
recommend that you avoid using them for two reasons:

   + They can cause synchronization problems between the ASCII and the
     frozen configuration files:  if you edit the ASCII file and don't
     freeze it, sendmail's internal precedence rules will ignore your
     changes.

   + Since sendmail seeks to re-freeze the frozen configuration file
     each time it runs, file-access conflicts may occur if several
     nodes share the same /usr/lib directory.

If you require frozen configuration files for security reasons or have
a severe need to improve startup performance, you should create a
"`node_data"-relative link so that the frozen configuration files
don't overlay each other.  We recommend the following link:

    ln -s `node_data/etc/sendmail.fc /usr/lib/sendmail.fc

Please NOTE: A bug on the DN10000 prevents freezing the configuration
file.  Attempting to do so will leave a corrupted frozen configuration
file image. Sendmail will not run if this image (/usr/lib/sendmail.fc)
is present.

The Alias Database

When multiple nodes share the same /usr/lib directory, create links
into `node_data/etc for aliases, alias.pag, and alias.dir.  These
links will prevent multiple nodes from attempting to write to the same
file, allowing use of the "alias autorebuild" option ('-oD' from the
command line or 'OD' in the configuration file) and will allow each
node to maintain its own private alias database. Diskless nodes and
nodes with links must all be considered to be sharing the /usr/lib
directory.

February 27, 1992
Hewlett Packard
OSSD/CSSL (formerly Apollo Computer Operating Systems Group)
