
			NESTING-FILTER PACKAGE

This directory has the latest open source "nesting-filter" software from
Sendmail, Inc.

+--------------+
| INTRODUCTION |
+--------------+

The nesting-filter package is an open source filter produced by Sendmail
to provide a layer of protection against known denial-of-service attacks
against versions of the Sendmail MTA prior to v8.13.7.


+--------------+
| DEPENDENCIES |
+--------------+

To compile and operate, this package requires the following:

o sendmail v8.11.0 (or later), and libmilter from the same distribution
  (http://www.sendmail.org)


+---------------------+
| DIRECTORY STRUCTURE |
+---------------------+

devtools	m4-based build scripts and other data needed to compile
		the package.

nesting-filter	A milter-based filter application which detects and blocks
		messages which contain properties that could be used
		to perform a denial-of-service attack against a machine
		running unpatched versions of the Sendmail MTA.

+--------------------------+
| COMPILING AND INSTALLING |
+--------------------------+

See the INSTALL file in this directory and nesting-filter/README for
compilation and installation instructions.

+----------------+
| RUNTIME ISSUES |
+----------------+

WARNING: sendmail symbol 'X' not available

 The filter attempted to get some information from the MTA which the MTA
 did not provide.

 At various points in the interaction between the MTA and the filter, certain
 macros containing information about the job in progress or the connection
 being handled are passed from the MTA to the filter.  The names of the macros
 the MTA should pass to the filter are defined by the "Milter.macros"
 settings in sendmail.cf, e.g. "Milter.macros.connect",
 "Milter.macros.envfrom", etc.  This message indicates that the filter needed
 the contents of macro X, but that macro was not passed down from the MTA.

 Typically the values needed by this filter are passed from the MTA if the
 sendmail.cf was generated by the usual m4 method.  If you do not have
 those options defined in your sendmail.cf, make sure your M4 configuration
 files are current and rebuild your sendmail.cf to get appropriate lines
 added to your sendmail.cf, and then restart sendmail.

+---------+
| SUPPORT |
+---------+

Support for this filter is being provided to the open source community
on a best-effort basis only.  Please contact nf-bugs@sendmail.org for
questions or problem reports not covered elsewhere in the documentation
in this package or online at http://www.sendmail.org.

$Revision: 1.2 $, Last updated $Date: 2006/06/12 23:53:08 $
