RELEASE_NOTES revision 66494
1 SENDMAIL RELEASE NOTES 2 $Id: RELEASE_NOTES,v 8.561.2.5.2.125 2000/09/27 06:25:28 gshapiro Exp $ 3 4 5This listing shows the version of the sendmail binary, the version 6of the sendmail configuration files, the date of release, and a 7summary of the changes in that release. 8 98.11.1/8.11.1 2000/09/27 10 Fix SMTP EXPN command output if the address expands to a single 11 name. Fix from John Beck of Sun Microsystems. 12 Don't try STARTTLS in the client if the PRNG has not been properly 13 seeded. This problem only occurs on systems without 14 /dev/urandom. Problem detected by Jan Krueger of 15 digitalanswers communications consulting gmbh and 16 Neil Rickert of Northern Illinois University. 17 Don't use the . and .. directories when expanding QueueDirectory 18 wildcards. 19 Do not try to cache LDAP connections across processes as a parent 20 process may close the connection before the child process 21 has completed. Problem noted by Lai Yiu Fai of the Hong 22 Kong University of Science and Technology and Wolfgang 23 Hottgenroth of UUNET. 24 Use Timeout.fileopen to limit the amount of time spent trying to 25 read the LDAP secret from a file. 26 Prevent SIGTERM from removing a command line submitted item after 27 the user submits the message and before the first delivery 28 attempt completes. Problem noted by Max France of AlphaNet. 29 Fix from Neil Rickert of Northern Illinois University. 30 Deal correctly with MaxMessageSize restriction if message size is 31 greater than 2^31. 32 Turn off queue checkpointing if CheckpointInterval is set to zero. 33 Treat an empty home directory (from getpw*() or $HOME) as 34 non-existent instead of treating it as /. Problem noted by 35 Todd C. Miller of Courtesan Consulting. 36 Don't drop duplicate headers when reading a queued item. Problem 37 noted by Motonori Nakamura of Kyoto University. 38 Avoid bogus error text when logging the savemail panic "cannot 39 save rejected email anywhere". Problem noted by Marc G. 40 Fournier of Acadia University. 41 If an LDAP search fails because the LDAP server went down, close 42 the map so subsequent searches reopen the map. If there are 43 multiple LDAP servers, the down server will be skipped and 44 one of the others may be able to take over. 45 Set the ${load_avg} macro to the current load average, not the 46 previous load average query result. 47 If a non-optional map used in a check_* ruleset can't be opened, 48 return a temporary failure to the remote SMTP client 49 instead of ignoring the map. Problem noted by Allan E 50 Johannesen of Worcester Polytechnic Institute. 51 Avoid a race condition when queuing up split envelopes by saving 52 the split envelopes before the original envelope. 53 Fix a bug in the PH_MAP code which caused mail to bounce instead of 54 defer if the PH server could not be contacted. From Mark 55 Roth of the University of Illinois at Urbana-Champaign. 56 Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and 57 ETRN. Problem noted by Erik R. Leo of SoVerNet. 58 Change error code for unrecognized parameters to the SMTP MAIL and 59 RCPT commands from 501 to 555 per RFC 1869. Problem 60 reported to Postfix by Robert Norris of Monash University. 61 Prevent overwriting the argument of -B on certain OS. Problem 62 noted by Matteo Gelosa of I.NET S.p.A. 63 Use the proper routine for freeing memory with Netscape's LDAP 64 client libraries. Patch from Paul Hilchey of the 65 University of British Columbia. 66 Portability: 67 Move the NETINET6 define to devtools/OS/SunOS.5.{8,9} 68 instead of defining it in conf.h so users can 69 override the setting. Suggested by 70 Henrik Nordstrom of Ericsson. 71 On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of 72 /usr/lib/sendmail for rmail and vacation. From 73 Jeff A. Earickson of Colby College. 74 On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which 75 does not exist). From Jeff A. Earickson of Colby 76 College. 77 Avoid using the UCB subsystem on NCR MP-RAS 3.x. From 78 Tom Moore of NCR. 79 NeXT 3.X and 4.X installs man pages in /usr/man. From 80 Hisanori Gogota of NTT/InterCommunicationCenter. 81 Solaris 8 and later include /var/run. The default PID file 82 location is now /var/run/sendmail.pid. From John 83 Beck of Sun Microsystems. 84 SFIO includes snprintf() for those operating systems 85 which do not. From Todd C. Miller of Courtesan 86 Consulting. 87 CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}. 88 Problem noted by Kaspar Brand of futureLab AG. 89 CONFIG: Change 553 SMTP reply code to 501 to avoid problems with 90 errors in the MAIL address. 91 CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem 92 noted by Ron Jarrell of Virginia Tech. 93 CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8). 94 Contributed by John Beck of Sun Microsystems. 95 CONFIG: Set confFROM_HEADER such that the mail hub can possibly add 96 GECOS information for an address. This more closely 97 matches pre-8.10 nullclient behavior. From Per Hedeland of 98 Ericsson. 99 CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for 100 SMTP to all *smtp* mailers and those for RELAY to the relay 101 mailer as described in cf/README. 102 MAIL.LOCAL: Open the mailbox as the recipient not root so quotas 103 are obeyed. Problem noted by Damian Kuczynski of NIK. 104 MAKEMAP: Do not change a map's owner to the TrustedUser if using 105 makemap to 'unmake' the map. 106 RMAIL: Avoid overflowing the list of recipients being passed to 107 sendmail. 108 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway 109 submission. Problem noted by Kari Hurtta of the Finnish 110 Meteorological Institute. 111 VACATION: Read the complete message to avoid "broken pipe" signals. 112 VACATION: Do not cut off vacation.msg files which have a single 113 dot as the only character on the line. 114 New Files: 115 cf/ostype/solaris8.m4 116 1178.11.0/8.11.0 2000/07/19 118 SECURITY: If sendmail is installed as a non-root set-user-ID binary 119 (not the normal case), some operating systems will still 120 keep a saved-uid of the effective-uid when sendmail tries 121 to drop all of its privileges. If sendmail needs to drop 122 these privileges and the operating system doesn't set the 123 saved-uid as well, exit with an error. Problem noted by 124 Kari Hurtta of the Finnish Meteorological Institute. 125 SECURITY: sendmail depends on snprintf() NUL terminating the string 126 it populates. It is possible that some broken 127 implementations of snprintf() exist that do not do this. 128 Systems in this category should compile with 129 -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your 130 system and report broken implementations to 131 sendmail-bugs@sendmail.org and your OS vendor. Problem 132 noted by Slawomir Piotrowski of TELSAT GP. 133 Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS). 134 Implementation influenced by the example programs of 135 OpenSSL and the work of Lutz Jaenicke of TU Cottbus. 136 Add new STARTTLS related options CACERTPath, CACERTFile, 137 ClientCertFile, ClientKeyFile, DHParameters, RandFile, 138 ServerCertFile, and ServerKeyFile. These are documented in 139 cf/README and doc/op/op.*. 140 New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, 141 ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, 142 ${server_name}, and ${server_addr}. These are documented 143 in cf/README and doc/op/op.*. 144 Add support for the Entropy Gathering Daemon (EGD) for better 145 random data. 146 New DontBlameSendmail option InsufficientEntropy for systems which 147 don't properly seed the PRNG for OpenSSL but want to 148 try to use STARTTLS despite the security problems. 149 Support the security layer in SMTP AUTH for mechanisms which 150 support encryption. Based on code contributed by Tim 151 Martin of CMU. 152 Add new macro ${auth_ssf} to reflect the SMTP AUTH security 153 strength factor. 154 LDAP's -1 (single match only) flag was not honored if the -z 155 (delimiter) flag was not given. Problem noted by ST Wong of 156 the Chinese University of Hong Kong. Fix from Mark Adamson 157 of CMU. 158 Add more protection from accidentally tripping OpenLDAP 1.X's 159 ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute(). 160 Suggested by Kurt Zeilenga of OpenLDAP. 161 Fix the default family selection for DaemonPortOptions. As 162 documented, unless a family is specified in a 163 DaemonPortOptions option, "inet" is the default. It is 164 also the default if no DaemonPortOptions value is set. 165 Therefore, IPv6 users should configure additional sockets 166 by adding DaemonPortOptions settings with Family=inet6 if 167 they wish to also listen on IPv6 interfaces. Problem noted 168 by Jun-ichiro itojun Hagino of the KAME Project. 169 Set ${if_family} when setting ${if_addr} and ${if_name} to reflect 170 the interface information for an outgoing connection. 171 Not doing so was creating a mismatch between the socket 172 family and address used in subsequent connections if the 173 M=b modifier was set in DaemonPortOptions. Problem noted 174 by John Beck of Sun Microsystems. 175 If DaemonPortOptions modifier M=b is used, determine the socket 176 family based on the IP address. ${if_family} is no longer 177 persistent (i.e., saved in qf files). Patch from John Beck 178 of Sun Microsystems. 179 sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family} 180 macros for both the incoming interface address/family and 181 the outgoing interface address/family. In order for M=b 182 modifier in DaemonPortOptions to work properly, preserve 183 the incoming information in the queue file for later 184 delivery attempts. 185 Use SMTP error code and enhanced status code from check_relay in 186 responses to commands. Problem noted by Jeff Wasilko of 187 smoe.org. 188 Add more vigilance in checking for putc() errors on output streams 189 to protect from a bug in Solaris 2.6's putc(). Problem 190 noted by Graeme Hewson of Oracle. 191 The LDAP map -n option (return attribute names only) wasn't working. 192 Problem noted by Ajay Matia. 193 Under certain circumstances, an address could be listed as deferred 194 but would be bounced back to the sender as failed to be 195 delivered when it really should have been queued. Problem 196 noted by Allan E Johannesen of Worcester Polytechnic Institute. 197 Prevent a segmentation fault in a child SMTP process from getting 198 the SMTP transaction out of sync. Problem noted by Per 199 Hedeland of Ericsson. 200 Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT 201 is defined to avoid a core dump due to incompatibilities 202 between sfio and stdio. Problem noted by Neil Rickert 203 of Northern Illinois University. 204 Don't log useless envelope ID on initial connection log. Problem 205 noted by Kari Hurtta of the Finnish Meteorological Institute. 206 Convert the free disk space shown in a control socket status query 207 to kilobyte units. 208 If TryNullMXList is True and there is a temporary DNS failure 209 looking up the hostname, requeue the message for a later 210 attempt. Problem noted by Ari Heikkinen of Pohjois-Savo 211 Polytechnic. 212 Under the proper circumstances, failed connections would be recorded 213 as "Bad file number" instead of "Connection failed" in the 214 queue file and persistent host status. Problem noted by 215 Graeme Hewson of Oracle. 216 Avoid getting into an endless loop if a non-hoststat directory exists 217 within the hoststatus directory (e.g., lost+found). 218 Patch from Valdis Kletnieks of Virginia Tech. 219 Make sure Timeout.queuereturn=now returns a bounce message to the 220 sender. Problem noted by Per Hedeland of Ericsson. 221 If a message data file can't be opened at delivery time, panic and 222 abort the attempt instead of delivering a message that 223 states "<<< No Message Collected >>>". 224 Fixup the GID checking code from 8.10.2 as it was overly 225 restrictive. Problem noted by Mark G. Thomas of Mark 226 G. Thomas Consulting. 227 Preserve source port number instead of replacing it with the ident 228 port number (113). 229 Document the queue status characters in the mailq man page. 230 Suggested by Ulrich Windl of the Universitat Regensburg. 231 Process queued items in which none of the recipient addresses have 232 host portions (or there are no recipients). Problem noted 233 by Valdis Kletnieks of Virginia Tech. 234 If a cached LDAP connection is used for multiple maps, make sure 235 only the first to open the connection is allowed to close 236 it so a later map close doesn't break the connection for 237 other maps. Problem noted by Wolfgang Hottgenroth of UUNET. 238 Netscape's LDAP libraries do not support Kerberos V4 239 authentication. Patch from Rainer Schoepf of the 240 University of Mainz. 241 Provide workaround for inconsistent handling of data passed 242 via callbacks to Cyrus SASL prior to version 1.5.23. 243 Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission 244 noted by Ulrich Windl of the Universitat Regensburg. 245 Portability: 246 Add the ability to read IPv6 interface addresses into class 247 'w' under FreeBSD (and possibly others). From Jun 248 Kuriyama of IMG SRC, Inc. and the FreeBSD Project. 249 Replace code for finding the number of CPUs on HPUX. 250 NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not 251 work properly causing problems if the accept() 252 fails and the socket needs to be reopened. Patch 253 from Tom Moore of NCR. 254 NetBSD uses a .0 extension of formatted man pages. From 255 Andrew Brown of Crossbar Security. 256 Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED 257 for calls to getipnodebyname(). The Linux 258 implementation is broken so AI_ADDRCONFIG is stripped 259 under Linux. From John Beck of Sun Microsystems and 260 John Kennedy of Cal State University, Chico. 261 CONFIG: Catch invalid addresses containing a ',' at the wrong place. 262 Patch from Neil Rickert of Northern Illinois University. 263 CONFIG: New variables for the new sendmail options: 264 confCACERT_PATH CACERTPath 265 confCACERT CACERTFile 266 confCLIENT_CERT ClientCertFile 267 confCLIENT_KEY ClientKeyFile 268 confDH_PARAMETERS DHParameters 269 confRAND_FILE RandFile 270 confSERVER_CERT ServerCertFile 271 confSERVER_KEY ServerKeyFile 272 CONFIG: Provide basic rulesets for TLS policy control and add new 273 tags to the access database to support these policies. See 274 cf/README for more information. 275 CONFIG: Add TLS information to the Received: header. 276 CONFIG: Call tls_client ruleset from check_mail in case it wasn't 277 called due to a STARTTLS command. 278 CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent 279 instead of temporary. 280 CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with 281 the access map and relaying to a domain without using a To: 282 tag. Problem noted by Mark G. Thomas of Mark G. Thomas 283 Consulting. 284 CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in 285 OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of 286 RootsWeb.com. 287 CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and 288 forwarding to make it as close to the old behavior as 289 possible. Problem noted by George W. Baltz of the 290 University of Maryland. 291 CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From 292 Wilfredo Sanchez of Apple Computer, Inc. 293 CONFIG: Changed the map names used by FEATURE(`ldap_routing') from 294 ldap_mailhost and ldap_mailroutingaddress to ldapmh and 295 ldapmra as underscores in map names cause problems if 296 underscore is in OperatorChars. Problem noted by Bob Zeitz 297 of the University of Alberta. 298 CONFIG: Apply blacklist_recipients also to hosts in class {w}. 299 Patch from Michael Tratz of Esosoft Corporation. 300 CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers. 301 CONTRIB: Add link_hash.sh to create symbolic links to the hash 302 of X.509 certificates. 303 CONTRIB: passwd-to-alias.pl: More protection from special characters; 304 treat special shells as root aliases; skip entries where the 305 GECOS full name and username match. From Ulrich Windl of the 306 Universitat Regensburg. 307 CONTRIB: qtool.pl: Add missing last_modified_time method and fix a 308 typo. Patch from Graeme Hewson of Oracle. 309 CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue 310 and sendmail. Patch from Graeme Hewson of Oracle. 311 CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as 312 subroutine Patch from Graeme Hewson of Oracle. 313 CONTRIB: Add movemail.pl (move old mail messages between queues by 314 calling re-mqueue.pl) and movemail.conf (configuration 315 script for movemail.pl). From Graeme Hewson of Oracle. 316 CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to 317 makemap). From Derek J. Balling of Yahoo,Inc. 318 DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any 319 extension modifications (e.g., MAN8EXT) to the installation 320 target. Patch from James Ralston of Carnegie Mellon 321 University. 322 DEVTOOLS: Add support for SunOS 5.9. 323 DEVTOOLS: New option confLN contains the command used to create 324 links. 325 LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not 326 reported. 327 MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of 328 Denman Tire Corporation. 329 MAIL.LOCAL: Prevent a possible DoS attack when compiled with 330 -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU. 331 MAILSTATS: Fix usage statement (-p and -o are optional). 332 MAKEMAP: Change man page layout as workaround for problem with nroff 333 and -man on Solaris 7. Patch from Larry Williamson. 334 RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of 335 Black Diamond Equipment, Limited. 336 RMAIL: Prevent a segmentation fault if the incoming message does not 337 have a From line. 338 VACATION: Read all of the headers before deciding whether or not 339 to respond instead of stopping after finding recipient. 340 Added Files: 341 cf/ostype/darwin.m4 342 contrib/cidrexpand 343 contrib/link_hash.sh 344 contrib/movemail.conf 345 contrib/movemail.pl 346 devtools/OS/SunOS.5.9 347 test/t_snprintf.c 348 3498.10.2/8.10.2 2000/06/07 350 SECURITY: Work around broken Linux setuid() implementation. 351 On Linux, a normal user process has the ability to subvert 352 the setuid() call such that it is impossible for a root 353 process to drop its privileges. Problem noted by Wojciech 354 Purczynski of elzabsoft.pl. 355 SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(), 356 initgroups(), and chroot() calls. 357 Added Files: 358 test/t_setuid.c 359 3608.10.1/8.10.1 2000/04/06 361 SECURITY: Limit the choice of outgoing (client-side) SMTP 362 Authentication mechanisms to those specified in 363 AuthMechanisms to prevent information leakage. We do not 364 recommend use of PLAIN for outgoing mail as it sends the 365 password in clear text to possibly untrusted servers. See 366 cf/README's DefaultAuthInfo section for additional information. 367 Copy the ident argument for openlog() to avoid problems on some 368 OSs. Based on patch from Rob Bajorek from Webhelp.com. 369 Avoid bogus error message when reporting an alias line as too long. 370 Avoid bogus socket error message if sendmail.cf version level is 371 greater than sendmail binary supported version. Patch 372 from John Beck of Sun Microsystems. 373 Prevent a malformed ruleset (missing right hand side) from causing 374 a segmentation fault when using address test mode. Based on 375 patch from John Beck of Sun Microsystems. 376 Prevent memory leak from use of NIS maps and yp_match(3). Problem 377 noted by Gil Kloepfer of the University of Texas at Austin. 378 Fix queue file permission checks to allow for TrustedUser ownership. 379 Change logging of errors from the trust_auth ruleset to LogLevel 10 380 or higher. 381 Avoid simple password cracking attacks against SMTP AUTH by using 382 exponential delay after too many tries within one connection. 383 Encode an initial empty AUTH challenge as '=', not as empty string. 384 Avoid segmentation fault on EX_SOFTWARE internal error logs. 385 Problem noted by Allan E Johannesen of Worcester 386 Polytechnic Institute. 387 Ensure that a header check which resolves to $#discard actually 388 discards the message. 389 Emit missing value warnings for aliases with no right hand side 390 when newaliases is run instead of only when delivery is 391 attempted to the alias. 392 Remove AuthOptions missing value warning for consistency with other 393 flag options. 394 Portability: 395 SECURITY: Specify a run-time shared library search path for 396 AIX 4.X instead of using the dangerous AIX 4.X 397 linker semantics. AIX 4.X users should consult 398 sendmail/README for further information. Problem 399 noted by Valdis Kletnieks of Virginia Tech. 400 Avoid use of strerror(3) call. Problem noted by Charles 401 Levert of Ecole Polytechnique de Montreal. 402 DGUX requires -lsocket -lnsl and has a non-standard install 403 program. From Tim Boyer of Denman Tire Corporation. 404 HPUX 11.0 has a broken res_search() function. 405 Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X 406 from J. P. McCann of E I A. 407 Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3). 408 Problem noted by Michael Long of Info Avenue Internet 409 Services, LLC. 410 Modern (post-199912) OpenBSD versions include working 411 strlc{at,py}(3) functions. From Todd C. Miller of 412 Courtesan Consulting. 413 SINIX doesn't have random(3). From Gerald Rinske of 414 Siemens Business Services. 415 CONFIG: Change error message about unresolvable sender domain to 416 include the sender address. Proposed by Wolfgang Rupprecht 417 of WSRCC. 418 CONFIG: Fix usenet mailer calls. 419 CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS 420 to be backward compatible with 8.9. 421 CONFIG: Change handling of default case @domain for virtusertable 422 to allow for +*@domain to deal with +detail. 423 CONTRIB: Remove converting.sun.configs -- it is obsolete. 424 DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki 425 of NEC. 426 DEVTOOLS: Add to NCR platform list and include the architecture 427 (i486). From Tom J. Moore of NCR. 428 DEVTOOLS: SECURITY: Change method of linking with sendmail utility 429 libraries to work around the AIX 4.X and SunOS 4.X linker's 430 overloaded -L option. Problem noted by Valdis Kletnieks of 431 Virginia Tech. 432 DEVTOOLS: configure.sh was overriding the user's choice for 433 confNROFF. Problem noted by Glenn A. Malling of Syracuse 434 University. 435 DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added 436 for other internal projects but included in the open source 437 release. 438 LIBSMDB: Check for ".db" instead of simply "db" at the end of the 439 map name to determine whether or not to add the extension. 440 This fixes makemap when building the userdb file. Problem 441 noted by Andrew J Cole of the University of Leeds. 442 LIBSMDB: Allow a database to be opened for updating and created if 443 it doesn't already exist. Problem noted by Rand Wacker of 444 Sendmail. 445 LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are 446 available, fall back to NDBM if NEWDB open fails. This 447 fixes praliases. Patch from John Beck of Sun Microsystems. 448 LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted 449 as SFF_NOWRFILES. 450 OP.ME: Clarify some issues regarding mailer flags. Suggested by 451 Martin Mokrejs of The Charles University and Neil Rickert of 452 Northern Illinois University. 453 PRALIASES: Restore 8.9.X functionality of being able to search for 454 particular keys in a database by specifying the keys on the 455 command line. Man page updated accordingly. Patch from 456 John Beck of Sun Microsystems. 457 VACATION: SunOS 4.X portability from Charles Levert of Ecole 458 Polytechnique de Montreal. 459 VACATION: Fix -t option which is ignored but available for 460 compatibility with Sun's version, based on patch from 461 Volker Dobler of Infratest Burke. 462 Added Files: 463 devtools/M4/UNIX/smlib.m4 464 devtools/OS/OSF1.V5.0 465 Deleted Files: 466 contrib/converting.sun.configs 467 Deleted Directories (already done in 8.10.0 but not listed): 468 doc/intro 469 doc/usenix 470 doc/changes 471 4728.10.0/8.10.0 2000/03/01 473 ************************************************************* 474 * The engineering department at Sendmail, Inc. has suffered * 475 * the tragic loss of a key member of our engineering team. * 476 * Julie Van Bourg was the Vice President of Engineering * 477 * at Sendmail, Inc. during the development and deployment * 478 * of this release. It was her vision, dedication, and * 479 * support that has made this release a success. Julie died * 480 * on October 26, 1999 of cancer. We have lost a leader, a * 481 * coach, and a friend. * 482 * * 483 * This release is dedicated to her memory and to the joy, * 484 * strength, ideals, and hope that she brought to all of us. * 485 * Julie, we miss you! * 486 ************************************************************* 487 SECURITY: The safe file checks now back track through symbolic 488 links to make sure the files can't be compromised due 489 to poor permissions on the parent directories of the 490 symbolic link target. 491 SECURITY: Only root, TrustedUser, and users in class t can rebuild 492 the alias map. Problem noted by Michal Zalewski of the 493 "Internet for Schools" project (IdS). 494 SECURITY: There is a potential for a denial of service attack if 495 the AutoRebuildAliases option is set as a user can kill the 496 sendmail process while it is rebuilding the aliases file 497 (leaving it in an inconsistent state). This option and 498 its use is deprecated and will be removed from a future 499 version of sendmail. 500 SECURITY: Make sure all file descriptors (besides stdin, stdout, and 501 stderr) are closed before restarting sendmail. Problem noted 502 by Michal Zalewski of the "Internet for Schools" project 503 (IdS). 504 Begin using /etc/mail/ for sendmail related files. This affects 505 a large number of files. See cf/README for more details. 506 The directory structure of the distribution has changed slightly 507 for easier code sharing among the programs. 508 Support SMTP AUTH (see RFC 2554). New macros for this purpose 509 are ${auth_authen}, ${auth_type}, and ${auth_author} 510 which hold the client's authentication credentials, 511 the mechanism used for authentication, and the 512 authorization identity (i.e., the AUTH= parameter if 513 supplied). Based on code contributed by Tim Martin of CMU. 514 On systems which use the Torek stdio library (all of the BSD 515 distributions), use memory-buffered files to reduce 516 file system overhead by not creating temporary files on 517 disk. Contributed by Exactis.com, Inc. 518 New option DataFileBufferSize to control the maximum size of a 519 memory-buffered data (df) file before a disk-based file is 520 used. Contributed by Exactis.com, Inc. 521 New option XscriptFileBufferSize to control the maximum size of a 522 memory-buffered transcript (xf) file before a disk-based 523 file is used. Contributed by Exactis.com, Inc. 524 sendmail implements RFC 2476 (Message Submission), e.g., it can 525 now listen on several different ports. Use: 526 O DaemonPortOptions=Name=MSA, Port=587, M=E 527 to run a Message Submission Agent (MSA); this is turned 528 on by default in m4-generated .cf files; it can be turned 529 off with FEATURE(`no_default_msa'). 530 The 'XUSR' SMTP command is deprecated. Mail user agents should 531 begin using RFC 2476 Message Submission for initial user 532 message submission. XUSR may disappear from a future release. 533 The new '-G' (relay (gateway) submission) command line option 534 indicates that the message being submitted from the command 535 line is for relaying, not initial submission. This means 536 the message will be rejected if the addresses are not fully 537 qualified and no canonicalization will be done. Future 538 releases may even reject improperly formed messages. 539 The '-U' (initial user submission) command line option is 540 deprecated and may be removed from a future release. 541 Mail user agents should begin using '-G' to indicate that 542 this is a relay submission (the inverse of -U). 543 The next release of sendmail will assume that any message submitted 544 from the command line is an initial user submission and act 545 accordingly. 546 If sendmail doesn't have enough privileges to run a .forward 547 program or deliver to file as the owner of that file, the 548 address is marked as unsafe. This means if RunAsUser is 549 set, users won't be able to use programs or delivery to 550 files in their .forward files. Administrators can override 551 this by setting the DontBlameSendmail option to the new 552 setting NonRootSafeAddr. 553 Allow group or world writable directories if the sticky bit is set 554 on the directory and DontBlameSendmail is set to 555 TrustStickyBit. Based on patch from Chris Metcalf of 556 InCert Software. 557 Prevent logging of unsafe directory paths for non-existent forward 558 files if the new DontWarnForwardFileInUnsafeDirPath bit is 559 set in the DontBlameSendmail option. Requested by many. 560 New Timeout.control option to limit the total time spent satisfying 561 a control socket request. 562 New Timeout.resolver options for controlling BIND resolver 563 settings: 564 Timeout.resolver.retrans 565 Sets the resolver's retransmission time interval (in 566 seconds). Sets both Timeout.resolver.retrans.first 567 and Timeout.resolver.retrans.normal. 568 Timeout.resolver.retrans.first 569 Sets the resolver's retransmission time interval (in 570 seconds) for the first attempt to deliver a message. 571 Timeout.resolver.retrans.normal 572 Sets the resolver's retransmission time interval (in 573 seconds) for all resolver lookups except the first 574 delivery attempt. 575 Timeout.resolver.retry 576 Sets the number of times to retransmit a resolver 577 query. Sets both Timeout.resolver.retry.first 578 and Timeout.resolver.retry.normal. 579 Timeout.resolver.retry.first 580 Sets the number of times to retransmit a resolver 581 query for the first attempt to deliver a message. 582 Timeout.resolver.retry.normal 583 Sets the number of times to retransmit a resolver 584 query for all resolver lookups except the first 585 delivery attempt. 586 Contributed by Exactis.com, Inc. 587 Support multiple queue directories. To use multiple queues, supply 588 a QueueDirectory option value ending with an asterisk. For 589 example, /var/spool/mqueue/q* will use all of the 590 directories or symbolic links to directories beginning with 591 'q' in /var/spool/mqueue as queue directories. Keep in 592 mind, the queue directory structure should not be changed 593 while sendmail is running. Queue runs create a separate 594 process for running each queue unless the verbose flag is 595 given on a non-daemon queue run. New items are randomly 596 assigned to a queue. Contributed by Exactis.com, Inc. 597 Support different directories for qf, df, and xf queue files; if 598 subdirectories or symbolic links to directories of those names 599 exist in the queue directories, they are used for the 600 corresponding queue files. Keep in mind, the queue 601 directory structure should not be changed while sendmail is 602 running. Proposed by Mathias Koerber of Singapore 603 Telecommunications Ltd. 604 New queue file naming system which uses a filename guaranteed to be 605 unique for 60 years. This allows queue IDs to be assigned 606 without fancy file system locking. Queued items can be 607 moved between queues easily. Contributed by Exactis.com, 608 Inc. 609 Messages which are undeliverable due to temporary address failures 610 (e.g., DNS failure) will now go to the FallBackMX host, if 611 set. Contributed by Exactis.com, Inc. 612 New command line option '-L tag' which sets the identifier used for 613 syslog. Contributed by Exactis.com, Inc. 614 QueueSortOrder=Filename will sort the queue by filename. This 615 avoids opening and reading each queue file when preparing 616 to run the queue. Contributed by Exactis.com, Inc. 617 Shared memory counters and microtimers functionality has been 618 donated by Exactis.com, Inc. 619 The SCCS ID tags have been replaced with RCS ID tags. 620 Allow trusted users (those on a T line or in $=t) to set the 621 QueueDirectory (Q) option without an X-Authentication-Warning: 622 being added. Suggested by Michael K. Sanders. 623 IPv6 support based on patches from John Kennedy of Cal State 624 University, Chico, Motonori Nakamura of Kyoto University, 625 and John Beck of Sun Microsystems. 626 In low-disk space situations, where sendmail would previously refuse 627 connections, still accept them, but only allow ETRN commands. 628 Suggested by Mathias Koerber of Singapore Telecommunications 629 Ltd. 630 The [IPC] builtin mailer now allows delivery to a UNIX domain socket 631 on systems which support them. This can be used with LMTP 632 local delivery agents which listen on a named socket. An 633 example mailer might be: 634 Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n, 635 S=10, R=20/40, T=DNS/RFC822/X-Unix, 636 A=FILE /var/run/lmtpd 637 Code contributed by Lyndon Nerenberg of Messaging Direct. 638 The [TCP] builtin mailer name is now deprecated. Use [IPC] 639 instead. 640 The first mailer argument in the [IPC] mailer is now checked for a 641 legitimate value. Possible values are TCP (for TCP/IP 642 connections), IPC (which will be deprecated in a future 643 version), and FILE (for UNIX domain socket delivery). 644 PrivacyOptions=goaway no longer includes the noetrn and the noreceipts 645 flags. 646 PrivacyOptions=nobodyreturn instructs sendmail not to include the 647 body of the original message on delivery status 648 notifications. 649 Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted 650 by Dan Bernstein, fix from Robert Harker of Harker Systems. 651 Accept the SMTP RSET command even when rejecting commands due to TCP 652 Wrappers or the check_relay ruleset. Problem noted by 653 Steve Schweinhart of America Online. 654 Warn if OperatorChars is set multiple times. OperatorChars should 655 not be set after rulesets are defined. Suggested by 656 Mitchell Blank Jr of Exec-PC. 657 Do not report temporary failure on delivery to files. In 658 interactive delivery mode, this would result in two SMTP 659 responses after the DATA command. Problem noted by 660 Nik Conwell of Boston University. 661 Check file close when mailing to files. Problem noted by Nik 662 Conwell of Boston University. 663 Avoid a segmentation fault when using the LDAP map. Patch from 664 Curtis W. Hillegas of Princeton University. 665 Always bind to the LDAP server regardless of whether you are using 666 ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of 667 @Home Network. 668 New ruleset trust_auth to determine whether a given AUTH= 669 parameter of the MAIL command should be trusted. See SMTP 670 AUTH, cf/README, and doc/op/op.ps. 671 Allow new named config file rules check_vrfy, check_expn, and 672 check_etrn for VRFY, EXPN, and ETRN commands, respectively, 673 similar to check_rcpt etc. 674 Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr}, 675 ${mail_mailer}, ${mail_host}, ${mail_addr} that hold 676 the results of parsing the RCPT and MAIL arguments, i.e. 677 the resolved triplet from $#mailer $@host $:addr. 678 From Kari Hurtta of the Finnish Meteorological Institute. 679 New macro ${client_resolve} which holds the result of the resolve 680 call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed 681 by Kari Hurtta of the Finnish Meteorological Institute. 682 New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold 683 the corresponding DSN parameter values. Proposed by 684 Mathias Herberts. 685 New macro ${msg_size} which holds the value of the SIZE= parameter, 686 i.e., usually the size of the message (in an ESMTP dialogue), 687 before the message has been collected, thereafter it holds 688 the message size as computed by sendmail (and can be used 689 in check_compat). 690 The macro ${deliveryMode} now specifies the current delivery mode 691 sendmail is using instead of the value of the DeliveryMode 692 option. 693 New macro ${ntries} holds the number of delivery attempts. 694 Drop explicit From: if same as what would be generated only if it is 695 a local address. From Motonori Nakamura of Kyoto University. 696 Write pid to file also if sendmail only processes the queue. 697 Proposed by Roy J. Mongiovi of Georgia Tech. 698 Log "low on disk space" only when necessary. 699 New macro ${load_avg} can be used to check the current load average. 700 Suggested by Scott Gifford of The Internet Ramp. 701 Return-Receipt-To: header implies DSN request if option RrtImpliesDsn 702 is set. 703 Flag -S for maps to specify the character which is substituted 704 for spaces (instead of the default given by O BlankSub). 705 Flag -D for maps: perform no lookup in deferred delivery mode. 706 This flag is set by default for the host map. Based on a 707 proposal from Ian MacPhedran of the University of Saskatchewan. 708 Open maps only on demand, not at startup. 709 Log warning about unsupported IP address families. 710 New option MaxHeadersLength allows to specify a maximum length 711 of the sum of all headers. This can be used to prevent 712 a denial-of-service attack. 713 New option MaxMimeHeaderLength which limits the size of MIME 714 headers and parameters within those headers. This option 715 is intended to protect mail user agents from buffer 716 overflow attacks. 717 Added option MaxAliasRecursion to specify the maximum depth of 718 alias recursion. 719 New flag F=6 for mailers to strip headers to seven bit. 720 Map type syslog to log the key via syslogd. 721 Entries in the alias file can be continued by putting a backslash 722 directly before the newline. 723 New option DeadLetterDrop to define the location of the system-wide 724 dead.letter file, formerly hardcoded to 725 /usr/tmp/dead.letter. If this option is not set (the 726 default), sendmail will not attempt to save to a 727 system-wide dead.letter file if it can not bounce the mail 728 to the user nor postmaster. Instead, it will rename the qf 729 file as it has in the past when the dead.letter file 730 could not be opened. 731 New option PidFile to define the location of the pid file. The 732 value of this option is macro expanded. 733 New option ProcessTitlePrefix specifies a prefix string for the 734 process title shown in 'ps' listings. 735 New macros for use with the PidFile and ProcessTitlePrefix options 736 (along with the already existing macros): 737 ${daemon_info} Daemon information, e.g. 738 SMTP+queueing@00:30:00 739 ${daemon_addr} Daemon address, e.g., 0.0.0.0 740 ${daemon_family} Daemon family, e.g., inet, inet6, etc. 741 ${daemon_name} Daemon name, e.g., MSA. 742 ${daemon_port} Daemon port, e.g., 25 743 ${queue_interval} Queue run interval, e.g., 00:30:00 744 New macros especially for virtual hosting: 745 ${if_name} hostname of interface of incoming connection. 746 ${if_addr} address of interface of incoming connection. 747 The latter is only set if the interface does not belong to the 748 loopback net. 749 If a message being accepted via a method other than SMTP and 750 would be rejected by a header check, do not send the message. 751 Suggested by Phil Homewood of Mincom Pty Ltd. 752 Don't strip comments for header checks if $>+ is used instead of $>. 753 Provide header value as quoted string in the macro 754 ${currHeader} (possibly truncated to MAXNAME). Suggested by 755 Jan Krueger of Unix-AG of University of Hannover. 756 The length of the header value is stored in ${hdrlen}. 757 H*: allows to specify a default ruleset for header checks. This 758 ruleset will only be called if the individual header does 759 not have its own ruleset assigned. Suggested by Jan 760 Krueger of Unix-AG of University of Hannover. 761 The name of the header field stored in ${hdr_name}. 762 Comments (i.e., text within parentheses) in rulesets are not 763 removed if the config file version is greater than or equal 764 to 9. For example, "R$+ ( 1 ) $@ 1" matches the 765 input "token (1)" but does not match "token". 766 Avoid removing the Content-Transfer-Encoding MIME header on 767 MIME messages. Problem noted by Sigurbjorn B. Larusson of 768 Multimedia Consumer Services. Fix from Per Hedeland of 769 Ericsson. 770 Avoid duplicate Content-Transfer-Encoding MIME header on 771 messages with 8-bit text in headers. Problem noted by 772 Per Steinar Iversen of Oslo College. Fix from Per Hedeland 773 of Ericsson. 774 Avoid keeping maps locked longer than necessary when re-opening a 775 modified database map file. Problem noted by Chris Adams 776 of Renaissance Internet Services. 777 Resolving to the $#error mailer with a temporary failure code (e.g., 778 $#error $@ tempfail $: "400 Temporary failure") will now 779 queue up the message instead of bouncing it. 780 Be more liberal in acceptable responses to an SMTP RSET command as 781 standard does not provide any indication of what to do when 782 something other than 250 is received. Based on a patch 783 from Steve Schweinhart of America Online. 784 New option TrustedUser allows to specify a user who can own 785 important files instead of root. This requires HASFCHOWN. 786 Fix USERDB conditional so compiling with NEWDB or HESIOD and 787 setting USERDB=0 works. Fix from Jorg Zanger of Schock. 788 Fix another instance (similar to one in 8.9.3) of a network failure 789 being mis-logged as "Illegal Seek" instead of whatever 790 really went wrong. From John Beck of Sun Microsystems. 791 $? tests also whether the macro is non-null. 792 Print an error message if a mailer definition contains an invalid 793 equate name. 794 New mailer equate /= to specify a directory to chroot() into before 795 executing the mailer program. Suggested by Igor Vinokurov. 796 New mailer equate W= to specify the maximum time to wait for the 797 mailer to return after sending all data to it. 798 Only free memory from the process list when adding a new process 799 into a previously filled slot. Previously, the memory was 800 freed at removal time. Since removal can happen in a 801 signal handler, this may leave the memory map in an 802 inconsistent state. Problem noted by Jeff A. Earickson and 803 David Cooley of Colby College. 804 When using the UserDB @hostname catch-all, do not try to lookup 805 local users in the passwd file. The UserDB code has 806 already decided the message will be passed to another host 807 for processing. Fix from Tony Landells of Burdett 808 Buckeridge Young Limited. 809 Support LDAP authorization via either a file containing the 810 password or Kerberos V4 using the new map options 811 '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The 812 distinguished_name is who to login as. The method can be 813 one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or 814 LDAP_AUTH_KRBV4. The filename is the file containing the 815 secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos 816 ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense 817 of Stanford University. 818 The ldapx map has been renamed to ldap. The use of ldapx is 819 deprecated and will be removed in a future version. 820 If the result of an LDAP search returns a multi-valued attribute 821 and the map has the column delimiter set, it turns that 822 response into a delimiter separated string. The LDAP map 823 will traverse multiple entries as well. LDAP alias maps 824 automatically set the column delimiter to the comma. 825 Based on patch from Booker Bense of Stanford University and 826 idea from Philip A. Prindeville of Mirapoint, Inc. 827 Support return of multiple values for a single LDAP lookup. The 828 values to be returned should be in a comma separated string. 829 For example, `-v "email,emailother"'. Patch from 830 Curtis W. Hillegas of Princeton University. 831 Allow the use of LDAP for alias maps. 832 If no LDAP attributes are specified in an LDAP map declaration, all 833 attributes found in the match will be returned. 834 Prevent commas in quoted strings in the AliasFile value from 835 breaking up a single entry into multiple entries. This is 836 needed for LDAP alias file specifications to allow for 837 comma separated key and value strings. 838 Keep connections to LDAP server open instead of opening and closing 839 for each lookup. To reduce overhead, sendmail will cache 840 connections such that multiple maps which use the same 841 host, port, bind DN, and authentication will only result in 842 a single connection to that host. 843 Put timeout in the proper place for USE_LDAP_INIT. 844 Be more careful about checking for errors and freeing memory on 845 LDAP lookups. 846 Use asynchronous LDAP searches to save memory and network 847 resources. 848 Do not copy LDAP query results if the map's match only flag is set. 849 Increase portability to the Netscape LDAP libraries. 850 Change the parsing of the LDAP filter specification. '%s' is still 851 replaced with the literal contents of the map lookup key -- 852 note that this means a lookup can be done using the LDAP 853 special characters. The new '%0' token can be used instead 854 of '%s' to encode the key buffer according to RFC 2254. 855 For example, if the LDAP map specification contains '-k 856 "(user=%s)"' and a lookup is done on "*", this would be 857 equivalent to '-k "(user=*)"' -- matching ANY record with a 858 user attribute. Instead, if the LDAP map specification 859 contains '-k "(user=%0)"' and a lookup is done on "*", this 860 would be equivalent to '-k "(user=\2A)"' -- matching a user 861 with the name "*". 862 New LDAP map flags: "-1" requires a single match to be returned, if 863 more than one is returned, it is equivalent to no records 864 being found; "-r never|always|search|find" sets the LDAP 865 alias dereference option; "-Z size" limits the number of 866 matches to return. 867 New option LDAPDefaultSpec allows a default map specification for 868 LDAP maps. The value should only contain LDAP specific 869 settings such as "-h host -p port -d bindDN", etc. The 870 settings will be used for all LDAP maps unless they are 871 specified in the individual map specification ('K' 872 command). This option should be set before any LDAP maps 873 are defined. 874 Prevent an NDBM alias file opening loop when the NDBM open 875 continually fails. Fix from Roy J. Mongiovi of Georgia 876 Tech. 877 Reduce memory utilization for smaller symbol table entries. In 878 particular, class entries get much smaller, which can be 879 important if you have large classes. 880 On network-related temporary failures, record the hostname which 881 gave error in the queued status message. Requested by 882 Ulrich Windl of the Universitat Regensburg. 883 Add new F=% mailer flag to allow for a store and forward 884 configuration. Mailers which have this flag will not attempt 885 delivery on initial recipient of a message or on queue runs 886 unless the queued message is selected using one of the 887 -qI/-qR/-qS queue run modifiers or an ETRN request. Code 888 provided by Philip Guenther of Gustavus Adolphus College. 889 New option ControlSocketName which, when set, creates a daemon 890 control socket. This socket allows an external program to 891 control and query status from the running sendmail daemon 892 via a named socket, similar to the ctlinnd interface to the 893 INN news server. Access to this interface is controlled by 894 the UNIX file permissions on the named socket on most UNIX 895 systems (see sendmail/README for more information). An 896 example control program is provided as contrib/smcontrol.pl. 897 Change the default values of QueueLA from 8 to (8 * numproc) and 898 RefuseLA from 12 to (12 * numproc) where numproc is the 899 number of processors online on the system (if that can be 900 determined). For single processor machines, this change 901 has no effect. 902 Don't return body of message to postmaster on "Too many hops" bounces. 903 Based on fix from Motonori Nakamura of Kyoto University. 904 Give more detailed DSN descriptions for some cases. Patch from 905 Motonori Nakamura of Kyoto University. 906 Logging of alias, forward file, and UserDB expansion now happens 907 at LogLevel 11 or higher instead of 10 or higher. 908 Logging of an envelope's complete delivery (the "done" message) now 909 happens at LogLevel 10 or higher instead of 11 or higher. 910 Logging of TCP/IP or UNIX standard input connections now happens at 911 LogLevel 10 or higher. Previously, only TCP/IP connections 912 were logged, and on at LogLevel 12 or higher. Setting 913 LogLevel to 10 will now assist users in tracking frequent 914 connection-based denial of service attacks. 915 Log basic information about authenticated connections at LogLevel 916 10 or higher. 917 Log SMTP Authentication mechanism and author when logging the sender 918 information (from= syslog line). 919 Log the DSN code for each recipient if one is available as a new 920 equate (dsn=). 921 Macro expand PostmasterCopy and DoubleBounceAddress options. 922 New "ph" map for performing ph queries in rulesets. More 923 information is available at 924 http://www-wsg.cso.uiuc.edu/sendmail/patches/. 925 Contributed by Mark Roth of the University of Illinois at 926 Urbana-Champaign. 927 Detect temporary lookup failures in the host map if looking up a 928 bracketed IP address. Problem noted by Kari Hurtta of the 929 Finnish Meteorological Institute. 930 Do not report a Remote-MTA on local deliveries. Problem noted by 931 Kari Hurtta of the Finnish Meteorological Institute. 932 When a forward file points to an alias which runs a program, run 933 the program as the default user and the default group, not 934 the forward file user. This change also assures the 935 :include: directives in aliases are also processed using 936 the default user and group. Problem noted by Sergiu 937 Popovici of DNT Romania. 938 Prevent attempts to save a dead.letter file for a user with 939 no home directory (/no/such/directory). Problem noted by 940 Michael Brown of Finnigan FT/MS. 941 Include message delay and number of tries when logging that a 942 message has been completely delivered (LogLevel of 10 or 943 above). Suggested by Nick Hilliard of Ireland Online. 944 Log the sender of a message even if none of the recipients were 945 accepted. If some of the recipients were rejected, it is 946 helpful to know the sender of the message. 947 Check the root directory (/) when checking a path for safety. 948 Problem noted by John Beck of Sun Microsystems. 949 Prevent multiple responses to the DATA command if DeliveryMode is 950 interactive and delivering to an alias which resolves to 951 multiple files. 952 Macros in the helpfile are expanded if the helpfile version is 2 or 953 greater (see below); the help function doesn't print the 954 version of sendmail any longer, instead it is placed in 955 the helpfile ($v). Suggested by Chuck Foster of UUNET 956 PIPEX. Additionally, comment lines (starting with #) are 957 skipped and a version line (#vers) is introduced. The 958 helpfile version for 8.10.0 is 2, if no version or an older 959 version is found, a warning is logged. The '#vers' 960 directive should be placed at the top of the help file. 961 Use fsync() when delivering to a file to guarantee the delivery to 962 disk succeeded. Suggested by Nick Christenson. 963 If delivery to a file is unsuccessful, truncate the file back to its 964 length before the attempt. 965 If a forward points to a filename for delivery, change to the 966 user's uid before checking permissions on the file. This 967 allows delivery to files on NFS mounted directories where 968 root is remapped to nobody. Problem noted by Harald 969 Daeubler of Universitaet Ulm. 970 purgestat and sendmail -bH purge only expired (Timeout.hoststatus) 971 host status files, not all files. 972 Any macros stored in the class $={persistentMacros} will be saved 973 in the queue file for the message and set when delivery 974 is attempted on the queued item. Suggested by Kyle Jones of 975 Wonderworks Inc. 976 Add support for storing information between rulesets using the new 977 macro map class. This can be used to store information 978 between queue runs as well using $={persistentMacros}. 979 Based on an idea from Jan Krueger of Unix-AG of University 980 of Hannover. 981 New map class arith to allow for computations in rules. The 982 operation (+, -, *, /, l (for less than), and =) is given 983 as key. The two operands are specified as arguments; the 984 lookup returns the result of the computation. For example, 985 "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and 986 "$(arith + $@ 4 $@ 2 $)" will return "6". 987 Add new syntax for header declarations which decide whether to 988 include the header based on a macro rather than a mailer 989 flag: 990 H?${MyMacro}?X-My-Header: ${MyMacro} 991 This should be used along with $={persistentMacros}. 992 It can be used for adding headers to a message based on 993 the results of check_* and header check rulesets. 994 Allow new named config file rule check_eoh which is called after 995 all of the headers have been collected. The input to the 996 ruleset the number of headers and the size of all of the 997 headers in bytes separated by $|. This ruleset along with 998 the macro storage map can be used to correlate information 999 gathered between headers and to check for missing headers. 1000 See cf/README or doc/op/op.ps for an example. 1001 Change the default for the MeToo option to True to correspond 1002 to the clarification in the DRUMS SMTP Update spec. This 1003 option is deprecated and will be removed from a future 1004 version. 1005 Change the sendmail binary default for SendMimeErrors to True. 1006 Change the sendmail binary default for SuperSafe to True. 1007 Display ruleset names in debug and address test mode output 1008 if referencing a named ruleset. 1009 New mailer equate m= which will limit the number of messages 1010 delivered per connection on an SMTP or LMTP mailer. 1011 Improve QueueSortOrder=Host by reversing the hostname before 1012 using it to sort. Now all the same domains are really run 1013 through the queue together. If they have the same MX host, 1014 then they will have a much better opportunity to use the 1015 connection cache if available. This should be a reasonable 1016 performance improvement. Patch from Randall Winchester of 1017 the University of Maryland. 1018 If a message is rejected by a header check ruleset, log who would 1019 have received the message if it had not been rejected. 1020 New "now" value for Timeout.queuereturn to bounce entries from the 1021 queue immediately. No delivery attempt is made. 1022 Increase sleeping time exponentially after too many "bad" commands 1023 up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}- 1024 COMMANDS). 1025 New option ClientPortOptions similar to DaemonPortOptions 1026 but for outgoing connections. 1027 New suboptions for DaemonPortOptions: Name (a name used for 1028 error messages and logging) and Modifiers, i.e. 1029 a require authentication 1030 b bind to interface through which mail has 1031 been received 1032 c perform hostname canonification 1033 f require fully qualified hostname 1034 h use name of interface for outgoing HELO 1035 command 1036 C don't perform hostname canonification 1037 E disallow ETRN (see RFC 2476) 1038 New suboption for ClientPortOptions: Modifiers, i.e. 1039 h use name of interface for HELO command 1040 The version number for queue files (qf) has been incremented to 4. 1041 Log unacceptable HELO/EHLO domain name attempts if LogLevel is set 1042 to 10 or higher. Suggested by Rick Troxel of the National 1043 Institutes of Health. 1044 If a mailer dies, print the status in decimal instead of octal 1045 format. Suggested by Michael Shapiro of Sun Microsystems. 1046 Limit the length of all MX records considered for delivery to 8k. 1047 Move message priority from sender to recipient logging. Suggested by 1048 Ulrich Windl of the Universitat Regensburg. 1049 Add support for Berkeley DB 3.X. 1050 Add fix for Berkeley DB 2.X fcntl() locking race condition. 1051 Requires a post-2.7.5 version of Berkeley DB. 1052 Support writing traffic log (sendmail -X option) to a FIFO. 1053 Patch submitted by Rick Heaton of Network Associates, Inc. 1054 Do not ignore Timeout settings in the .cf file when a Timeout 1055 sub-options is set on the command line. Problem noted by 1056 Graeme Hewson of Oracle. 1057 Randomize equal preference MX records each time delivery is 1058 attempted via a new connection to a host instead of once per 1059 session. Suggested by Scott Salvidio of Compaq. 1060 Implement enhanced status codes as defined by RFC 2034. 1061 Add [hostname] to class w for the names of all interfaces unless 1062 DontProbeInterfaces is set. This is useful for sending mails 1063 to hosts which have dynamically assigned names. 1064 If a message is bounced due to bad MIME conformance, avoid bouncing 1065 the bounce for the same reason. If the body is not 8-bit 1066 clean, and EightBitMode isn't set to pass8, the body will 1067 not be included in the bounce. Problem noted by Valdis 1068 Kletnieks of Virginia Tech. 1069 The timeout for sending a message via SMTP has been changed from 1070 '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which 1071 simply checks for progress on sending data every 5 minutes. 1072 This will detect the inability to send information quicker 1073 and reduce the number of processes simply waiting to 1074 timeout. 1075 Prevent a segmentation fault on systems which give a partial filled 1076 interface address structure when loading the system network 1077 interface addresses. Fix from Reinier Bezuidenhout of 1078 Nanoteq. 1079 Add a compile-time configuration macro, MAXINTERFACES, which 1080 indicates the number of interfaces to read when probing 1081 for hostnames and IP addresses for class w ($=w). The 1082 default value is 512. Based on idea from Reinier 1083 Bezuidenhout of Nanoteq. 1084 If the RefuseLA option is set to 0, do not reject connections based 1085 on load average. 1086 Allow ruleset 0 to have a name. Problem noted by Neil Rickert of 1087 Northern Illinois University. 1088 Expand the Return-Path: header at delivery time, after "owner-" 1089 envelope splitting has occurred. 1090 Don't try to sort the queue if there are no entries. Patch from 1091 Luke Mewburn from RMIT University. 1092 Add a "/quit" command to address test mode. 1093 Include the proper sender in the UNIX "From " line and Return-Path: 1094 header when undeliverable mail is saved to ~/dead.letter. 1095 Problem noted by Kari Hurtta of the Finnish Meteorological 1096 Institute. 1097 The contents of a class can now be copied to another class using 1098 the syntax: "C{Dest} $={Source}". This would copy all of 1099 the items in class $={Source} into the class $={Dest}. 1100 Include original envelope's error transcript in bounces created for 1101 split (owner-) envelopes to see the original errors when 1102 the recipients were added. Based on fix from Motonori 1103 Nakamura of Kyoto University. 1104 Show reason for permanent delivery errors directly after the 1105 addresses. From Motonori Nakamura of Kyoto University. 1106 Prevent a segmentation fault when bouncing a split-envelope 1107 message. Patch from Motonori Nakamura of Kyoto University. 1108 If the specification for the queue run interval (-q###) has a 1109 syntax error, consider the error fatal and exit. 1110 Pay attention to CheckpointInterval during LMTP delivery. Problem 1111 noted by Motonori Nakamura of Kyoto University. 1112 On operating systems which have setlogin(2), use it to set the 1113 login name to the RunAsUserName when starting as a daemon. 1114 This is for delivery to programs which use getlogin(). 1115 Based on fix from Motonori Nakamura of Kyoto University. 1116 Differentiate between "command not implemented" and "command 1117 unrecognized" in the SMTP dialogue. 1118 Strip returns from forward and include files. Problem noted by 1119 Allan E Johannesen of Worcester Polytechnic Institute. 1120 Prevent a core dump when using 'sendmail -bv' on an address which 1121 resolves to the $#error mailer with a temporary failure. 1122 Based on fix from Neil Rickert of Northern Illinois 1123 University. 1124 Prevent multiple deliveries of a message with a "non-local alias" 1125 pointing to a local user, if canonicalization fails 1126 the message was requeued *and* delivered to the alias. 1127 If an invalid ruleset is declared, the ruleset name could be 1128 ignored and its rules added to S0. Instead, ignore the 1129 ruleset lines as well. 1130 Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient 1131 success DSN fields as well as duplicate entries for a 1132 single address due to S5 and UserDB processing. Problems 1133 noted by Kari Hurtta of the Finnish Meteorological 1134 Institute. 1135 Turn off timeouts when exiting sendmail due to an interrupt signal 1136 to prevent the timeout from firing during the exit process. 1137 Problem noted by Michael Shapiro of Sun Microsystems. 1138 Do not append @MyHostName to non-RFC822 addresses output by the EXPN 1139 command or on Final-Recipient: and X-Actual-Recipient: DSN 1140 headers. Non-RFC822 addresses include deliveries to 1141 programs, file, DECnet, etc. 1142 Fix logic for determining if a local user is using -f or -bs to 1143 spoof their return address. Based on idea from Neil Rickert 1144 of Northern Illinois University and patch from Per Hedeland 1145 of Ericsson. 1146 Report the proper UID in the bounce message if an :include: file is 1147 owned by a uid that doesn't map to a username and the 1148 :include: file contains delivery to a file or program. 1149 Problem noted by John Beck of Sun Microsystems. 1150 Avoid the attempt of trying to send a second SMTP QUIT command if 1151 the remote server responds to the first QUIT with a 4xx 1152 response code and drops the connection. This behavior was 1153 noted by Ulrich Windl of the Universitat Regensburg when 1154 sendmail was talking to the Mercury 1.43 MTA. 1155 If a hostname lookup times out and ServiceSwitchFile is set but the 1156 file is not present, the lookup failure would be marked as 1157 a permanent failure instead of a temporary failure. Fix 1158 from Russell King of the ARM Linux Project. 1159 Handle aliases or forwards which deliver to programs using tabs 1160 instead of spaces between arguments. Problem noted by Randy 1161 Wormser. Fix from Neil Rickert of Northern Illinois 1162 University. 1163 Allow MaxRecipientsPerMessage option to be set on the command line 1164 by normal users (e.g., sendmail won't drop its root 1165 privileges) to allow overrides for message submission via 1166 'sendmail -bs'. 1167 Set the names for help file and statistics file to "helpfile" and 1168 "statistics", respectively, if no parameters are given for 1169 them in the .cf file. 1170 Avoid bogus 'errbody: I/O Error -7' log messages when sending 1171 success DSN messages for messages relayed to non-DSN aware 1172 systems. Problem noted by Juergen Georgi of RUS University 1173 of Stuttgart and Kyle Tucker of Parexel International. 1174 Prevent +detail information from interfering with local delivery to 1175 multiple users in the same transaction (F=m). 1176 Add H_FORCE flag for the X-Authentication-Warning: header, so it 1177 will be added even if one already exists. Problem noted 1178 by Michal Zalewski of Marchew Industries. 1179 Stop processing SMTP commands if the SMTP connection is dropped. 1180 This prevents a remote system from flooding the connection 1181 with commands and then disconnecting. Previously, the 1182 server would process all of the buffered commands. Problem 1183 noted by Michal Zalewski of Marchew Industries. 1184 Properly process user-supplied headers beginning with '?'. Problem 1185 noted by Michal Zalewski of Marchew Industries. 1186 If multiple header checks resolve to the $#error mailer, use the 1187 last permanent (5XX) failure if any exist. Otherwise, use 1188 the last temporary (4XX) failure. 1189 RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch 1190 from Ronald F. Guilmette of Infinite Monkeys & Co. 1191 Timeout.ident now defaults to 5 seconds instead of 30 seconds to 1192 prevent the now common delays associated with mailing to a 1193 site which drops IDENT packets. Suggested by many. 1194 Persistent host status data is not reloaded disk when current data 1195 is available in the in-memory cache. Problem noted by Per 1196 Hedeland of Ericsson. 1197 mailq displays unprintable characters in addresses as their octal 1198 representation and a leading backslash. This avoids problems 1199 with "unprintable" characters. Problem noted by Michal 1200 Zalewski of the "Internet for Schools" project (IdS). 1201 The mail line length limit (L= equate) was adding the '!' indicator 1202 one character past the limit. This would cause subsequent 1203 hops to break the line again. The '!' is now placed in 1204 the last column of the limit if the line needs to be broken. 1205 Problem noted by Joe Pruett of Q7 Enterprises. Based on fix 1206 from Per Hedeland of Ericsson. 1207 If a resolver ANY query is larger than the UDP packet size, the 1208 resolver will fall back to TCP. However, some 1209 misconfigured firewalls black 53/TCP so the ANY lookup 1210 fails whereas an MX or A record might succeed. Therefore, 1211 don't fail on ANY queries. 1212 If an SMTP recipient is rejected due to syntax errors in the 1213 address, do not send an empty postmaster notification DSN 1214 to the postmaster. Problem noted by Neil Rickert of 1215 Northern Illinois University. 1216 Allow '_' and '.' in map names when parsing a sequence map 1217 specification. Patch from William Setzer of North Carolina 1218 State University. 1219 Fix hostname in logging of read timeouts for the QUIT command on 1220 cached connections. Problem noted by Neil Rickert of 1221 Northern Illinois University. 1222 Use a more descriptive entry to log "null" connections, i.e., 1223 "host did not issue MAIL/EXPN/VRFY/ETRN during connection". 1224 Fix a file descriptor leak in ONEX mode. 1225 Portability: 1226 Reverse signal handling logic such that sigaction(2) with 1227 the SA_RESTART flag is the preferred method and the 1228 other signal methods are only tried if SA_RESTART 1229 is not available. Problem noted by Allan E 1230 Johannesen of Worcester Polytechnic Institute. 1231 AIX 4.x supports the sa_len member of struct sockaddr. 1232 This allows network interface probing to work 1233 properly. Fix from David Bronder of the 1234 University of Iowa. 1235 AIX 4.3 has snprintf() support. 1236 Use "PPC" as the architecture name when building under 1237 AIX. This will be reflected in the obj.* directory 1238 name. 1239 Apple Darwin support based on Apple Rhapsody port. 1240 Fixed AIX 'make depend' method from Valdis Kletnieks of 1241 Virginia Tech. 1242 Digital UNIX has uname(2). 1243 GNU Hurd updates from Mark Kettenis of the University of 1244 Amsterdam. 1245 Improved HPUX 11.0 portability. 1246 Properly determine the number of CPUs on FreeBSD 2.X, 1247 FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X. 1248 Remove special IRIX ABI cases from Build script and the OS 1249 files. Use the standard 'cc' options used by SGI 1250 in building the operating system. Users can 1251 override the defaults by setting confCC and 1252 confLIBSEARCHPATH appropriately. 1253 IRIX nsd map support from Bob Mende of SGI. 1254 Minor devtools fixes for IRIX from Bob Mende of SGI. 1255 Linux patch for IP_SRCROUTE support from Joerg Dorchain 1256 of MW EDV & ELECTRONIC. 1257 Linux now uses /usr/sbin for confEBINDIR in the build 1258 system. From MATSUURA Takanori of Osaka University. 1259 Remove special treatment for Linux PPC in the build 1260 system. From MATSUURA Takanori of Osaka University. 1261 Motorolla UNIX SYSTEM V/88 Release 4.0 support from 1262 Sergey Rusanov of the Republic of Udmurtia. 1263 NCR MP-RAS 3.x includes regular expression support. From 1264 Tom J. Moore of NCR. 1265 NEC EWS-UX/V series settings for _PATH_VENDOR_CF and 1266 _PATH_SENDMAILPID from Oota Toshiya of 1267 NEC Computers Group Planning Division. 1268 Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D. 1269 NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and 1270 1024 in conf.h. Since confENVDEF would be used, 1271 use that value in conf.h. 1272 Use NeXT's NETINFO to get domain name. From Gerd Knops of 1273 BITart Consulting. 1274 Use NeXT's NETINFO for alias and hostname resolution if 1275 AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are 1276 defined. Patch from Wilfredo Sanchez of Apple 1277 Computer, Inc. 1278 NeXT portability tweaks. Problems reported by Dragan 1279 Milicic of the University of Utah and J. P. McCann 1280 of E I A. 1281 New compile flag FAST_PID_RECYCLE: set this if your system 1282 can reuse the same PID in the same second. 1283 New compile flag HASFCHOWN: set this if your OS has 1284 fchown(2). 1285 New compile flag HASRANDOM: set this to 0 if your OS does 1286 not have random(3). rand() will be used instead. 1287 New compile flag HASSRANDOMDEV: set this if your OS has 1288 srandomdev(3). 1289 New compile flag HASSETLOGIN: set this if your OS has 1290 setlogin(2). 1291 Replace SINIX and ReliantUNIX support with version 1292 specific SINIX files. From Gerald Rinske of 1293 Siemens Business Services. 1294 Use the 60-second load average instead of the 5 second load 1295 average on Compaq Tru64 UNIX (formerly Digital 1296 UNIX). From Chris Teakle of the University of Qld. 1297 Use ANSI C by default for Compaq Tru64 UNIX. Suggested by 1298 Randall Winchester of Swales Aerospace. 1299 Correct setgroups() prototype for Compaq Tru64 UNIX. 1300 Problem noted by Randall Winchester of Swales 1301 Aerospace. 1302 Hitachi 3050R/3050RX and 3500 Workstations running 1303 HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori 1304 NAKAMURA of Kyoto University. 1305 New compile flag NO_GETSERVBYNAME: set this to disable 1306 use of getservbyname() on systems which can 1307 not lookup a service by name over NIS, such as 1308 HI-UX. Patch from Motonori NAKAMURA of Kyoto 1309 University. 1310 Use devtools/bin/install.sh on SCO 5.x. Problem noted 1311 by Sun Wenbing of the China Engineering and 1312 Technology Information Network. 1313 make depend didn't work properly on UNIXWARE 4.2. Problem 1314 noted by Ariel Malik of Netology, Ltd. 1315 Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 1316 Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD, 1317 and OpenBSD. 1318 A recent Compaq Ultrix 4.5 Y2K patch has broken detection 1319 of local_hostname_length(). See sendmail/README 1320 for more details. Problem noted by Allan E 1321 Johannesen of Worcester Polytechnic Institute. 1322 CONFIG: Begin using /etc/mail/ for sendmail related files. This 1323 affects a large number of files. See cf/README for more 1324 details. 1325 CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including 1326 trailing slash) for the mail settings directory. 1327 CONFIG: Increment version number of config file to 9. 1328 CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been 1329 deprecated and may be removed from a future release. 1330 BSD/OS users should begin using OSTYPE(`bsdi'). 1331 CONFIG: OpenBSD 2.4 installs mail.local non-setuid root. This 1332 requires a new OSTYPE(`openbsd'). From Todd C. Miller of 1333 Courtesan Consulting. 1334 CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X. 1335 CONFIG: A syntax error in check_mail would cause fake top-level 1336 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to 1337 be improperly rejected as unresolvable. 1338 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of 1339 DNS server, rejection message) and can be included 1340 multiple times. 1341 CONFIG: New FEATURE(`relay_mail_from') allows relaying if the 1342 mail sender is listed as RELAY in the access map (and tagged 1343 with From:). 1344 CONFIG: Optional tagging of LHS in the access map (Connect:, 1345 From:, To:) to enable finer control. 1346 CONFIG: New FEATURE(`ldap_routing') implements LDAP address 1347 routing. See cf/README for a complete description of the 1348 new functionality. 1349 CONFIG: New variables for the new sendmail options: 1350 confAUTH_MECHANISMS AuthMechanisms 1351 confAUTH_OPTIONS AuthOptions 1352 confCLIENT_OPTIONS ClientPortOptions 1353 confCONTROL_SOCKET_NAME ControlSocketName 1354 confDEAD_LETTER_DROP DeadLetterDrop 1355 confDEF_AUTH_INFO DefaultAuthInfo 1356 confDF_BUFFER_SIZE DataFileBufferSize 1357 confLDAP_DEFAULT_SPEC LDAPDefaultSpec 1358 confMAX_ALIAS_RECURSION MaxAliasRecursion 1359 confMAX_HEADERS_LENGTH MaxHeadersLength 1360 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 1361 confPID_FILE PidFile 1362 confPROCESS_TITLE_PREFIX ProcessTitlePrefix 1363 confRRT_IMPLIES_DSN RrtImpliesDsn 1364 confTO_CONTROL Timeout.control 1365 confTO_RESOLVER_RETRANS Timeout.resolver.retrans 1366 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 1367 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 1368 confTO_RESOLVER_RETRY Timeout.resolver.retry 1369 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 1370 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 1371 confTRUSTED_USER TrustedUser 1372 confXF_BUFFER_SIZE XscriptFileBufferSize 1373 CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(), 1374 which takes the options as argument and can be used 1375 multiple times; see cf/README for details. 1376 CONFIG: Add a fifth mailer definition to MAILER(`smtp') called 1377 "dsmtp". This mail provides on-demand delivery using the 1378 F=% mailer flag described above. The "dsmtp" mailer 1379 definition uses the new DSMTP_MAILER_ARGS which defaults 1380 to "IPC $h". 1381 CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS, 1382 and RELAY_MAILER_MAXMSGS for setting the m= equate for the 1383 local, smtp, and relay mailers respectively. 1384 CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting 1385 the DSN Diagnostic-Code type for the local mailer. The 1386 value should be changed with care. 1387 CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type 1388 for the local mailer to the proper value of "SMTP". 1389 CONFIG: All included maps are no longer optional by default; if 1390 there there is a problem with a map, sendmail will 1391 complain. 1392 CONFIG: Removed root from class E; use EXPOSED_USER(`root') 1393 to get the old behavior. Suggested by Joe Pruett 1394 of Q7 Enterprises. 1395 CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which 1396 will not be masqueraded. Proposed by Arne Wichmann 1397 of MPI Saarbruecken, Griff Miller of PGS Tensor, 1398 Jayme Cox of Broderbund Software Inc. 1399 CONFIG: A list of exceptions for FEATURE(`nocanonify') can be 1400 specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 1401 i.e., a list of domains which are passed to $[ ... $] 1402 for canonification. Based on an idea from Neil Rickert 1403 of Northern Illinois University. 1404 CONFIG: If `canonify_hosts' is specified as parameter for 1405 FEATURE(`nocanonify') then addresses which have only 1406 a hostname, e.g., <user@host>, will be canonified. 1407 CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is 1408 nevertheless added to addresses with more than one component 1409 in it. 1410 CONFIG: Canonification is no longer attempted for any host or domain 1411 in class 'P' ($=P). 1412 CONFIG: New class for matching virtusertable entries $={VirtHost} that 1413 can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE. 1414 FEATURE(`virtuser_entire_domain') can be used to apply this 1415 class also to entire subdomains. Hosts in this class are 1416 treated as canonical in SCanonify2, i.e., a trailing dot 1417 is added. 1418 CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used, 1419 include $={VirtHost} in $=R (hosts allowed to relay). 1420 CONFIG: FEATURE(`generics_entire_domain') can be used to apply the 1421 genericstable also to subdomains of $=G. 1422 CONFIG: Pass "+detail" as %2 for virtusertable lookups. 1423 Patch from Noam Freedman from University of Chicago. 1424 CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested 1425 by Raymond S Brand of rsbx.net. 1426 CONFIG: Allow @domain in genericstable to override masquerading. 1427 Suggested by Owen Duffy from Owen Duffy & Associates. 1428 CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve 1429 Hubert of University of Washington. 1430 CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as 1431 GNU is now the canonical system name. From Mark 1432 Kettenis of the University of Amsterdam. 1433 CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman. 1434 CONFIG: Do not include '=' in option expansion if there is no value 1435 associated with the option. From Andrew Brown of 1436 Graffiti World Wide, Inc. 1437 CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed 1438 by Philip A. Prindeville of Enteka Enterprise Technology 1439 Services. 1440 CONFIG: MAILER(`cyrus') was not preserving case for mail folder 1441 names. Problem noted by Randall Winchester of Swales 1442 Aerospace. 1443 CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags 1444 for the relay mailer. Suggested by Doug Hughes of Auburn 1445 University and Brian Candler. 1446 CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path: 1447 header) by default. Suggested by Per Hedeland of Ericsson. 1448 CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host]. 1449 Suggested by Kari Hurtta of the Finnish Meteorological 1450 Institute. 1451 CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS; 1452 i.e., to set, add, or delete flags. 1453 CONFIG: If SMTP AUTH is used then relaying is allowed for any user 1454 who authenticated via a "trusted" mechanism, i.e., one that 1455 is defined via TRUST_AUTH_MECH(`list of mechanisms'). 1456 CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay 1457 after check_rcpt and allows for exceptions from the checks. 1458 CONFIG: Map declarations have been moved into their associated 1459 feature files to allow greater flexibility in use of 1460 sequence maps. Suggested by Per Hedeland of Ericsson. 1461 CONFIG: New macro LOCAL_MAILER_EOL to override the default end of 1462 line string for the local mailer. Requested by Il Oh of 1463 Willamette Industries, Inc. 1464 CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is 1465 converted to <user@d> 1466 CONFIG: Reject bogus return address of <@@hostname>, generated by 1467 Sun's older, broken configuration files. 1468 CONFIG: FEATURE(`nullclient') now provides the full rulesets of a 1469 normal configuration, allowing anti-spam checks to be 1470 performed. 1471 CONFIG: Don't return a permanent error (Relaying denied) if 1472 ${client_name} can't be resolved just temporarily. 1473 Suggested by Kari Hurtta of the Finnish Meteorological 1474 Institute. 1475 CONFIG: Change numbered rulesets into named (which still can 1476 be accessed by their numbers). 1477 CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial 1478 which describes whether to disallow "!" in the local part 1479 of an address. 1480 CONFIG: Call Local_localaddr from localaddr (S5) which can be used 1481 to rewrite an address from a mailer which has the F=5 flag 1482 set. If the ruleset returns a mailer, the appropriate 1483 action is taken, otherwise the returned tokens are ignored. 1484 CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4 1485 and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4. 1486 The latter is kept around for backward compatibility. 1487 CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries, 1488 where "D.S.N" is an RFC 1893 compliant error code. 1489 CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 1490 CONFIG: Remove second space between username and date in UNIX From_ 1491 line. Noted by Allan E Johannesen of Worcester Polytechnic 1492 Institute. 1493 CONFIG: Make sure all of the mailers have complete T= equates. 1494 CONFIG: Extend FEATURE(`local_procmail') so it can now take 1495 arguments overriding the mailer program, arguments, and 1496 mailer definition flags. This makes it possible to use 1497 other programs such as maildrop for local delivery. 1498 CONFIG: Emit warning if FEATURE(`local_lmtp') or 1499 FEATURE(`local_procmail') is given after MAILER(`local'). 1500 Patch from Richard A. Nelson of IBM. 1501 CONFIG: Add SMTP Authentication information to Received: header 1502 default value (confRECEIVED_HEADER). 1503 CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a 1504 local mailer. Problem noted by Per Hedeland of Ericsson. 1505 CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the 1506 University of California at Berkeley. 1507 CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of 1508 Illinois at Urbana-Champaign. 1509 CONTRIB: etrn.pl now recognizes bogus host names. Patch from 1510 Bruce Barnett of GE's R&D Lab. 1511 CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle 1512 Corporation UK. 1513 CONTRIB: Added qtool.pl to assist in managing the queues. 1514 DEVTOOLS: Prevent user environment variables from interfering with 1515 the Build scripts. Problem noted by Ezequiel H. Panepucci of 1516 Yale University. 1517 DEVTOOLS: 'Build -M' will display the obj.* directory which will 1518 be used for building. 1519 DEVTOOLS: 'Build -A' will display the architecture that would be 1520 used for a fresh build. 1521 DEVTOOLS: New variable confRANLIB, set automatically by configure.sh. 1522 DEVTOOLS: New variable confRANLIBOPTS for the options to send to 1523 ranlib. 1524 DEVTOOLS: 'Build -O <path>' will have the object files build in 1525 <path>/obj.*. Suggested by Bryan Costales of Exactis. 1526 DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the 1527 building of the man pages when defined. Suggested by Bryan 1528 Costales. 1529 DEVTOOLS: New variables confNO_HELPFILE_INSTALL and 1530 confNO_STATISTICS_INSTALL which will prevent the 1531 installation of the sendmail helpfile and statistics file 1532 respectively. Suggested by Bryan Costales. 1533 DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske 1534 of Siemens Business Services. 1535 DEVTOOLS: New variable confSTDIO_TYPE which defines the type of 1536 stdio library. The new buffered file I/O depends on the 1537 Torek stdio library. This option can be either portable or 1538 torek. 1539 DEVTOOLS: New variables confSRCADD and confSMSRCADD which 1540 correspond to confOBJADD and confSMOBJADD respectively. 1541 They should contain the C source files for the object files 1542 listed in confOBJADD and confSMOBJADD. These file names 1543 will be passed to the 'make depend' stage of compilation. 1544 DEVTOOLS: New program specific variables for each of the programs 1545 in the sendmail distribution. Each has the form 1546 `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'. 1547 The new variables are conf_prog_ENVDEF, conf_prog_LIBS, 1548 conf_prog_SRCADD, and conf_prog_OBJADD. 1549 DEVTOOLS: Build system redesign. This should have little affect on 1550 building the distribution, but documentation on the changes 1551 are in devtools/README. 1552 DEVTOOLS: Don't allow 'Build -f file' if an object directory already 1553 exists. Suggested by Valdis Kletnieks of Virginia Tech. 1554 DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies 1555 the path to the sendmail source directory. confSRCDIR is a 1556 new variable which identifies the root of the source 1557 directories for all of the programs in the distribution. 1558 DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build 1559 time. They can both still be overridden by setting the m4 1560 macro. 1561 DEVTOOLS: confSBINGRP now defaults to bin instead of kmem. 1562 DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for 1563 build configurations, and places objects in obj.prefix.*/. 1564 Complains as 'Build -f file' does for existing object 1565 directories. Suggested by Tom Smith of Digital Equipment 1566 Corporation. 1567 DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted 1568 manual pages in the directory tree specified by 1569 confMANROOTMAN. 1570 DEVTOOLS: If formatting the manual pages fails, copy in the 1571 preformatted pages from the distribution. The new variable 1572 confCOPY specifies the copying program. 1573 DEVTOOLS: Defining confFORCE_RMAIL will install rmail without 1574 question. Suggested by Terry Lambert of Whistle 1575 Communications. 1576 DEVTOOLS: confSTFILE and confHFFILE can be used to change the names 1577 of the installed statistics and help files, respectively. 1578 DEVTOOLS: Remove spaces in `uname -r` output when determining 1579 operating system identity. Problem noted by Erik 1580 Wachtenheim of Dartmouth College. 1581 DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that 1582 will be search for the libraries specified in confLIBSEARCH. 1583 Defaults to "/lib /usr/lib /usr/shlib". 1584 DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying 1585 how to strip binaries. These are used by the new 1586 install-strip target. 1587 DEVTOOLS: New config file site.post.m4 which is included after 1588 the others (if it exists). 1589 DEVTOOLS: Change order of LIBS: first product specific libraries 1590 then the default ones. 1591 MAIL.LOCAL: Will not be installed setuid root. To use mail.local 1592 as local delivery agent without LMTP mode, use 1593 MODIFY_MAILER_FLAGS(`LOCAL', `+S') 1594 to set the S flag. 1595 MAIL.LOCAL: Do not reject addresses which would otherwise be 1596 accepted by sendmail. Suggested by Neil Rickert of 1597 Northern Illinois University. 1598 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise 1599 8BITMIME in the LHLO response. Suggested by Kari Hurtta of 1600 the Finnish Meteorological Institute. 1601 MAIL.LOCAL: Add support for the maillock() routines by defining 1602 MAILLOCK when compiling. Also requires linking with 1603 -lmail. Patch from Neil Rickert of Northern Illinois 1604 University. 1605 MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is 1606 defined when compiling. Automatically set for Solaris 2.3 1607 and later. Patch from Neil Rickert of Northern Illinois 1608 University. 1609 MAIL.LOCAL: Move the initialization of the 'notifybiff' address 1610 structure to the beginning of the program. This ensures that 1611 the getservbyname() is done before any seteuid to a possibly 1612 unauthenticated user. If you are using NIS+ and secure RPC 1613 on a Solaris system, this avoids syslog messages such as, 1614 "authdes_refresh: keyserv(1m) is unable to encrypt session 1615 key." Patch from Neil Rickert of Northern Illinois 1616 University. 1617 MAIL.LOCAL: Support group writable mail spool files when MAILGID is 1618 set to the gid to use (-DMAILGID=6) when compiling. 1619 Patch from Neil Rickert of Northern Illinois University. 1620 MAIL.LOCAL: When a mail message included lines longer than 2046 1621 characters (in LMTP mode), mail.local split the incoming 1622 line up into 2046-character output lines (excluding the 1623 newline). If an input line was 2047 characters long 1624 (excluding CR-LF) and the last character was a '.', 1625 mail.local saw it as the end of input, transfered it to the 1626 user mailbox and tried to write an `ok' back to sendmail. 1627 If the message was much longer, both sendmail and 1628 mail.local would deadlock waiting for each other to read 1629 what they have written. Problem noted by Peter Jeremy of 1630 Alcatel Australia Limited. 1631 MAIL.LOCAL: New option -b to return a permanent error instead of a 1632 temporary error if a mailbox exceeds quota. Suggested by 1633 Neil Rickert of Northern Illinois University. 1634 MAIL.LOCAL: The creation of a lockfile is subject to a global 1635 timeout to avoid starvation. 1636 MAIL.LOCAL: Properly parse addresses with multiple quoted 1637 local-parts. Problem noted by Ronald F. Guilmette of 1638 Infinite Monkeys & Co. 1639 MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR. 1640 MAILSTATS: New -p option to invoke program mode in which stats are 1641 printed in a machine readable fashion and the stats file 1642 is reset. Patch from Kevin Hildebrand of the University 1643 of Maryland. 1644 MAKEMAP: If running as root, automatically change the ownership of 1645 generated maps to the TrustedUser as specified in the 1646 sendmail configuration file. 1647 MAKEMAP: New -C option to accept an alternate sendmail 1648 configuration file to use for finding the TrustedUser 1649 option. 1650 MAKEMAP: New -u option to dump (unmap) a database. Based on 1651 code contributed by Roy Mongiovi of Georgia Tech. 1652 MAKEMAP: New -e option to allow empty values. Suggested by Philip 1653 A. Prindeville of Enteka Enterprise Technology Services. 1654 MAKEMAP: Compile cleanly on 64-bit operating systems. Problem 1655 noted by Gerald Rinske of Siemens Business Services. 1656 OP.ME: Correctly document interaction between F=S and U= mailer 1657 equates. Problem noted by Bob Halley of Internet Engines. 1658 OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle 1659 Corporation UK. 1660 OP.ME: The Timeout [r] option was incorrectly listed as "safe" 1661 (e.g., sendmail would not drop root privileges if the 1662 option was specified on the command line). Problem noted 1663 by Todd C. Miller of Courtesan Consulting. 1664 PRALIASES: Handle the hash and btree map specifications for 1665 Berkeley DB. Patch from Brian J. Coan of the 1666 Institute for Global Communications. 1667 PRALIASES: Read the sendmail.cf file for the location(s) of the 1668 alias file(s) if the -f option is not used. Patch from 1669 John Beck of Sun Microsystems. 1670 PRALIASES: New -C option to specify an alternate sendmail 1671 configuration file to use for finding alias file(s). Patch 1672 from John Beck of Sun Microsystems. 1673 SMRSH: allow shell commands echo, exec, and exit. Allow command 1674 lists using || and &&. Based on patch from Brian J. Coan 1675 of the Institute for Global Communications. 1676 SMRSH: Update README for the new Build system. From Tim Pierce 1677 of RootsWeb Genealogical Data Cooperative. 1678 VACATION: Added vacation auto-responder to sendmail distribution. 1679 LIBSMDB: Added abstracted database library. Works with Berkeley 1680 DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. 1681 Changed Files: 1682 The Build script in the various program subdirectories are 1683 no longer symbolic links. They are now scripts 1684 which execute the actual Build script in 1685 devtools/bin. 1686 All the manual pages are now written against -man and not 1687 -mandoc as they were previously. 1688 Add a simple Makefile to every directory so make instead 1689 of Build will work (unless parameters are 1690 required for Build). 1691 New Directories: 1692 devtools/M4/UNIX 1693 include 1694 libmilter 1695 libsmdb 1696 libsmutil 1697 vacation 1698 Renamed Directories: 1699 BuildTools => devtools 1700 src => sendmail 1701 Deleted Files: 1702 cf/m4/nullrelay.m4 1703 devtools/OS/Linux.ppc 1704 devtools/OS/ReliantUNIX 1705 devtools/OS/SINIX 1706 sendmail/ldap_map.h 1707 New Files: 1708 INSTALL 1709 PGPKEYS 1710 cf/cf/generic-linux.cf 1711 cf/cf/generic-linux.mc 1712 cf/feature/delay_checks.m4 1713 cf/feature/dnsbl.m4 1714 cf/feature/generics_entire_domain.m4 1715 cf/feature/no_default_msa.m4 1716 cf/feature/relay_mail_from.m4 1717 cf/feature/virtuser_entire_domain.m4 1718 cf/mailer/qpage.m4 1719 cf/ostype/bsdi.m4 1720 cf/ostype/hpux11.m4 1721 cf/ostype/openbsd.m4 1722 contrib/bounce-resender.pl 1723 contrib/domainmap.m4 1724 contrib/qtool.8 1725 contrib/qtool.pl 1726 devtools/M4/depend/AIX.m4 1727 devtools/M4/list.m4 1728 devtools/M4/string.m4 1729 devtools/M4/subst_ext.m4 1730 devtools/M4/switch.m4 1731 devtools/OS/Darwin 1732 devtools/OS/GNU 1733 devtools/OS/SINIX.5.43 1734 devtools/OS/SINIX.5.44 1735 devtools/OS/m88k 1736 devtools/bin/find_in_path.sh 1737 mail.local/Makefile 1738 mailstats/Makefile 1739 makemap/Makefile 1740 praliases/Makefile 1741 rmail/Makefile 1742 sendmail/Makefile 1743 sendmail/bf.h 1744 sendmail/bf_portable.c 1745 sendmail/bf_portable.h 1746 sendmail/bf_torek.c 1747 sendmail/bf_torek.h 1748 sendmail/shmticklib.c 1749 sendmail/statusd_shm.h 1750 sendmail/timers.c 1751 sendmail/timers.h 1752 smrsh/Makefile 1753 vacation/Makefile 1754 Renamed Files: 1755 cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4 1756 sendmail/cdefs.h => include/sendmail/cdefs.h 1757 sendmail/sendmail.hf => sendmail/helpfile 1758 sendmail/mailstats.h => include/sendmail/mailstats.h 1759 sendmail/pathnames.h => include/sendmail/pathnames.h 1760 sendmail/safefile.c => libsmutil/safefile.c 1761 sendmail/snprintf.c => libsmutil/snprintf.c 1762 sendmail/useful.h => include/sendmail/useful.h 1763 cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4 1764 Copied Files: 1765 cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4 1766 17678.9.3/8.9.3 1999/02/04 1768 SECURITY: Limit message headers to a maximum of 32K bytes (total 1769 of all headers in a single message) to prevent a denial of 1770 service attack. This limit will be configurable in 8.10. 1771 Problem noted by Michal Zalewski of the "Internet for 1772 Schools" project (IdS). 1773 Prevent segmentation fault on an LDAP lookup if the LDAP map 1774 was closed due to an earlier failure. Problem noted by 1775 Jeff Wasilko of smoe.org. Fix from Booker Bense of 1776 Stanford University and Per Hedeland of Ericsson. 1777 Preserve the order of the MIME headers in multipart messages 1778 when performing the MIME header length check. This 1779 will allow PGP signatures to function properly. Problem 1780 noted by Lars Hecking of University College, Cork, Ireland. 1781 If ruleset 5 rewrote the local address to an :include: directive, 1782 the delivery would fail with an "aliasing/forwarding loop 1783 broken" error. Problem noted by Eric C Hagberg of Morgan 1784 Stanley. Fix from Per Hedeland of Ericsson. 1785 Allow -T to work for bestmx maps. Fix from Aaron Schrab of 1786 ExecPC Internet Systems. 1787 During the transfer of a message in an SMTP transaction, if a 1788 TCP timeout occurs, the message would be properly queued 1789 for later retry but the failure would be logged as 1790 "Illegal Seek" instead of a timeout. Problem noted by 1791 Piotr Kucharski of the Warsaw School of Economics (SGH) 1792 and Carles Xavier Munyoz Baldo of CTV Internet. 1793 Prevent multiple deliveries on a self-referencing alias if the 1794 F=w mailer flag is not set. Problem noted by Murray S. 1795 Kucherawy of Concentric Network Corporation and Per 1796 Hedeland of Ericsson. 1797 Do not strip empty headers but if there is no value and a 1798 default is defined in sendmail.cf, use the default. 1799 Problem noted by Philip Guenther of Gustavus Adolphus 1800 College and Christopher McCrory of Netus, Inc. 1801 Don't inherit information about the sender (notably the full name) 1802 in SMTP (-bs) mode, since this might be called from inetd. 1803 Accept any 3xx reply code in response to DATA command instead of 1804 requiring 354. This change will match the wording to be 1805 published in the updated SMTP specification from the DRUMS 1806 group of the IETF. 1807 Portability: 1808 AIX 4.2.0 or 4.2.1 may become updated by the fileset 1809 bos.rte.net level 4.2.0.2. This introduces the 1810 softlink /usr/lib/libbind.a which should 1811 not be used. It conflicts with the resolver 1812 built into libc.a. "bind" has been removed 1813 from the confLIBSEARCH BuildTools variable. 1814 Users who have installed BIND 8.X will have 1815 to add it back in their site.config.m4 file. 1816 Problem noted by Ole Holm Nielsen of the 1817 Technical University of Denmark. 1818 CRAY TS 10.0.x from Sven Nielsen of San Diego 1819 Supercomputer Center. 1820 Improved LDAP version 3 integration based on input 1821 from Kurt D. Zeilenga of the OpenLDAP Foundation, 1822 John Beck of Sun Microsystems, and Booker Bense 1823 of Stanford University. 1824 Linux doesn't have a standard way to get the timezone 1825 between different releases. Back out the 1826 change in 8.9.2 and don't attempt to derive 1827 a timezone. Problem reported by Igor S. Livshits 1828 of the University of Illinois at Urbana-Champaign 1829 and Michael Dickens of Tetranet Communications. 1830 Reliant UNIX, the new name for SINIX, from Gert-Jan Looy 1831 of Siemens/SNI. 1832 SunOS 5.8 from John Beck of Sun Microsystems. 1833 CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper 1834 timezone. Problem noted by Petr Lampa of Technical 1835 University of Brno. 1836 CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly 1837 when using FEATURE(bestmx_is_local). Patch from Neil W. 1838 Rickert of Northern Illinois University. 1839 CONFIG: Properly handle source routed and %-hack addresses on 1840 hosts which the mailertable remaps to local:. Patch from 1841 Neil W. Rickert of Northern Illinois University. 1842 CONFIG: Internal fixup of mailertable local: map value. Patch from 1843 Larry Parmelee of Cornell University. 1844 CONFIG: Only add back +detail from host portion of mailer triplet 1845 on local mailer triplets if it was originally +detail. 1846 Patch from Neil W. Rickert of Northern Illinois University. 1847 CONFIG: The bestmx_is_local checking done in check_rcpt would 1848 cause later checks to fail. Patch from Paul J Murphy of 1849 MIDS Europe. 1850 New Files: 1851 BuildTools/OS/CRAYTS.10.0.x 1852 BuildTools/OS/ReliantUNIX 1853 BuildTools/OS/SunOS.5.8 1854 18558.9.2/8.9.2 1998/12/30 1856 SECURITY: Remove five second sleep on accepting daemon connections 1857 due to an accept() failure. This sleep could be used 1858 for a denial of service attack. 1859 Do not silently ignore queue files with names which are too long. 1860 Patch from Bryan Costales of InfoBeat, Inc. 1861 Do not store failures closing an SMTP session in persistent 1862 host status. Reported by Graeme Hewson of Oracle 1863 Corporation UK. 1864 Allow symbolic link forward files if they are in safe directories. 1865 Problem noted by Andreas Schott of the Max Planck Society. 1866 Missing columns in a text map could cause a segmentation fault. 1867 Fix from David Lee of the University of Durham. 1868 Note that for 8.9.X, PrivacyOptions=goaway also includes the 1869 noetrn flag. This is scheduled to change in a future 1870 version of sendmail. Problem noted by Theo Van Dinter of 1871 Chrysalis Symbolic Designa and Alan Brown of Manawatu 1872 Internet Services. 1873 When trying to do host canonification in a Wildcard MX 1874 environment, try an MX lookup of the hostname without the 1875 default domain appended. Problem noted by Olaf Seibert of 1876 Polderland Language & Speech Technology. 1877 Reject SMTP RCPT To: commands with only comments (i.e. 1878 'RCPT TO: (comment)'. Problem noted by Earle Ake of 1879 Hassler Communication Systems Technology, Inc. 1880 Handle any number of %s in the LDAP filter spec. Patch from 1881 Per Hedeland of Ericsson. 1882 Clear ldapx open timeouts even if the map open failed to prevent 1883 a segmentation fault. Patch from Wayne Knowles of the 1884 National Institute of Water & Atmospheric Research Ltd. 1885 Do not syslog envelope clone messages when using address 1886 verification (-bv). Problem noted by Kari Hurtta of the 1887 Finnish Meteorological Institute. 1888 Continue to perform queue runs while in daemon mode even if the 1889 daemon is rejecting connections due to a disk full 1890 condition. Problem noted by JR Oldroyd of TerraNet 1891 Internet Services. 1892 Include full filename on installation of the sendmail.hf file 1893 in case the $HFDIR directory does not exist. Problem 1894 noted by Josef Svitak of Montana State University. 1895 Close all maps when exiting the process with one exception. 1896 Berkeley DB can use internal shared memory locking for 1897 its memory pool. Closing a map opened by another process 1898 will interfere with the shared memory and locks of the 1899 parent process leaving things in a bad state. For 1900 Berkeley DB, only close the map if the current process 1901 is also the one that opened the map, otherwise only close 1902 the map file descriptor. Thanks to Yoseff Francus of 1903 Collective Technologies for volunteering his system for 1904 extended testing. 1905 Avoid null pointer dereference on XDEBUG output for SMTP reply 1906 failures. Problem noted by Carlos Canau of EUnet Portugal. 1907 On mailq and hoststat listings being piped to another program, such 1908 as more, if the pipe closes (i.e., the user quits more), 1909 stop sending output and exit. Patch from Allan E Johannesen 1910 of Worcester Polytechnic Institute. 1911 In accordance with the documentation, LDAP map lookup failures 1912 are now considered temporary failures instead of permanent 1913 failures unless the -t flag is used in the map definition. 1914 Problem noted by Booker Bense of Stanford University and 1915 Eric C. Hagberg of Morgan Stanley. 1916 Fix by one error reporting on long alias names. Problem noted by 1917 H. Paul Hammann of the Missouri Research and Education 1918 Network. 1919 Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem 1920 noted by Barry S. Finkel of Argonne National Laboratory. 1921 When automatically converting from 8 bit to quoted printable MIME, 1922 be careful not to miss a multi-part boundary if that 1923 boundary is preceded by a boundary-like line. Problem 1924 noted by Andreas Raschle of Ansid Inc. Fix from 1925 Kari Hurtta of the Finnish Meteorological Institute. 1926 Avoid bogus reporting of "LMTP tobuf overflow" when the buffer 1927 has enough space for the additional address. Problem 1928 noted by Steve Cliffe of the University of Wollongong. 1929 Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem 1930 noted by Alex Vorobiev of Swarthmore College. 1931 If the check_compat ruleset resolves to the $#discard mailer, 1932 discard the current recipient. Unlike check_relay, 1933 check_mail, and check_rcpt, the entire envelope is not 1934 discarded. Problem noted by RZ D. Rahlfs. Fix from 1935 Claus Assmann of Christian-Albrechts-University of Kiel. 1936 Avoid segmentation fault when reading ServiceSwitchFile files with 1937 bogus formatting. Patch from Kari Hurtta of the Finnish 1938 Meteorological Institute. 1939 Support Berkeley DB 2.6.4 API change. 1940 OP.ME: Pages weren't properly output on duplexed printers. Fix 1941 from Matthew Black of CSU Long Beach. 1942 Portability: 1943 Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc. 1944 Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase 1945 option structure. Problem noted by Ashley M. 1946 Kirchner of Photo Craft Laboratories, Inc. 1947 Break out IP address to hostname translation for 1948 reading network interface addresses into 1949 class 'w'. Patch from John Kennedy of 1950 Cal State University, Chico. 1951 AIX 4.x use -qstrict with -O3 to prevent the optimized 1952 from changing the semantics of the compiled 1953 program. From Simon Travaglia of the 1954 University of Waikato, New Zealand. 1955 FreeBSD 2.2.2 and later support setusercontext(). From 1956 Peter Wemm of DIALix. 1957 FreeBSD 3.x fix from Peter Wemm of DIALix. 1958 IRIX 5.x has a syslog buffer size of 512 bytes. From 1959 Nao NINOMIYA of Utsunomiya University. 1960 IRIX 6.5 64-bit Build support. 1961 LDAP Version 3 support from John Beck and Ravi Iyer 1962 of Sun Microsystems. 1963 Linux does not implement seteuid() properly. From 1964 John Kennedy of Cal State University, Chico. 1965 Linux timezone type was set improperly. From Takeshi Itoh 1966 of Bits Co., Ltd. 1967 NCR MP-RAS 3.x needs -lresolv for confLIBS. From 1968 Tom J. Moore of NCR. 1969 NeXT 4.x correction to man page path. From J. P. McCann 1970 of E I A. 1971 System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs) 1972 from Paul Gampe of the Asia Pacific Network 1973 Information Center. 1974 ULTRIX now requires an optimization limit of 970 from 1975 Allan E Johannesen of Worcester Polytechnic 1976 Institute. 1977 Fix extern declaration for sm_dopr(). Fix from Henk 1978 van Oers of Algemeen Nederlands Persbureau. 1979 CONFIG: Catch @hostname,user@anotherhost.domain as relaying. 1980 Problem noted by Mark Rogov of AirMedia, Inc. Fix from 1981 Claus Assmann of Christian-Albrechts-University of Kiel. 1982 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as 1983 there are multiple RBL's available and the MAPS RBL may 1984 not be the one in use. Suggested by Alan Brown of 1985 Manawatu Internet Services. 1986 CONFIG: Properly strip route addresses (i.e., @host1:user@host2) 1987 when stripping down a recipient address to check for 1988 relaying. Patch from Claus Assmann of 1989 Christian-Albrechts-University of Kiel and Neil W Rickert 1990 of Northern Illinois University. 1991 CONFIG: Allow the access database to override RBL lookups. Patch 1992 from Claus Assmann of Christian-Albrechts-University of 1993 Kiel. 1994 CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch 1995 Dot Com. 1996 CONFIG: Fixed check for deferred delivery mode warning. Patch 1997 from Claus Assmann of Christian-Albrechts-University of 1998 Kiel and Per Hedeland of Ericsson. 1999 CONFIG: If a recipient using % addressing is used, e.g. 2000 user%site@othersite, and othersite's MX records are now 2001 checked for local hosts if FEATURE(relay_based_on_MX) is 2002 used. Problem noted by Alexander Litvin of Lucky Net Ltd. 2003 Patch from Alexander Litvin of Lucky Net Ltd and 2004 Claus Assmann of Christian-Albrechts-University of Kiel. 2005 MAIL.LOCAL: Prevent warning messages from appearing in the LMTP 2006 stream. Do not allow more than one response per recipient. 2007 MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix 2008 from John Beck of Sun Microsystems. 2009 MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from 2010 John Beck of Sun Microsystems. 2011 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in 2012 the envelope From header. 2013 MAIL.LOCAL: Accept underscores in hostnames in LMTP mode. 2014 Problem noted by Glenn A. Malling of Syracuse University. 2015 MAILSTATS: Document msgsrej and msgsdis fields in the man page. 2016 Problem noted by Richard Wong of Princeton University. 2017 MAKEMAP: Build group list so group writable files are allowed with 2018 the -s flag. Problem noted by Curt Sampson of Internet 2019 Portal Services, Inc. 2020 PRALIASES: Automatically handle alias files created without the 2021 NULL byte at the end of the key. Patch from John Beck of 2022 Sun Microsystems. 2023 PRALIASES: Support Berkeley DB 2.6.4 API change. 2024 New Files: 2025 BuildTools/OS/IRIX64.6.5 2026 BuildTools/OS/UnixWare.5.i386 2027 cf/ostype/unixware7.m4 2028 contrib/smcontrol.pl 2029 src/control.c 2030 20318.9.1/8.9.1 1998/07/02 2032 If both an OS specific site configuration file and a generic 2033 site.config.m4 file existed, only the latter was used 2034 instead of both. Problem noted by Geir Johannessen of 2035 the Norwegian University of Science and Technology. 2036 Fix segmentation fault while converting 8 bit to 7 bit MIME 2037 multipart messages by trying to write to an unopened 2038 file descriptor. Fix from Kari Hurtta of the Finnish 2039 Meteorological Institute. 2040 Do not assume Message: and Text: headers indicate the end of 2041 the header area when parsing MIME headers. Problem noted 2042 by Kari Hurtta of the Finnish Meteorological Institute. 2043 Setting the confMAN#SRC Build variable would only effect the 2044 installation commands. The man pages would still be 2045 built with .0 extensions. Problem noted by Bryan 2046 Costales of InfoBeat, Inc. 2047 Installation of manual pages didn't honor the DESTDIR environment 2048 variable. Problem noted by Bryan Costales of InfoBeat, Inc. 2049 If the check_relay ruleset resolved to the discard mailer, messages 2050 were still delivered. Problem noted by Mirek Luc of NASK. 2051 Mail delivery to files would fail with an Operating System Error 2052 if sendmail was not running as root, i.e., RunAsUser was set. 2053 Problem noted by Leonard N. Zubkoff of Dandelion Digital. 2054 Prevent MinQueueAge from interfering from queued items created 2055 in the future, i.e., if the system clock was set ahead 2056 and then back. Problem noted by Michael Miller of the 2057 University of Natal, Pietermaritzburg. 2058 Do not advertise ETRN support in ESTMP EHLO reply if noetrn is 2059 set in the PrivacyOptions option. Fix from Ted Rule of 2060 Flextech TV. 2061 Log invalid persistent host status file lines instead of 2062 bouncing the message. Problem noted by David Lindes of 2063 DaveLtd Enterprises. 2064 Move creation of empty sendmail.st file from installation to 2065 compilation. Installation may be done from a read-only 2066 mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric 2067 Anderson of the Oasis Research Center, Inc. 2068 Enforce the maximum number of User Database entries limit. Problem 2069 noted by Gary Buchanan of Credence Systems Inc. 2070 Allow dead.letter files in root's home directory. Problem noted 2071 by Anna Ullman of Sun Microsystems. 2072 Program deliveries in forward files could be marked unsafe if 2073 any directory listed in the ForwardPath option did not 2074 exist. Problem noted by Jorg Bielak of Coastal Web Online. 2075 Do not trust the length of the address structure returned by 2076 gethostbyname(). Problem noted by Chris Evans of Oxford 2077 University. 2078 If the SIZE= MAIL From: ESMTP parameter is too large, use the 2079 5.3.4 DSN status code instead of 5.2.2. Similarly, for 2080 non-local deliveries, if the message is larger than the 2081 mailer maximum message size, use 5.3.4 instead of 5.2.3. 2082 Suggested by Antony Bowesman of 2083 Fujitsu/TeaWARE Mail/MIME System. 2084 Portability: 2085 Fix the check for an IP address reverse lookup for 2086 use in $&{client_name} on 64 bit platforms. 2087 From Gilles Gallot of Institut for Development 2088 and Resources in Intensive Scientific computing. 2089 BSD-OS uses .0 for man page extensions. From Jeff Polk 2090 of BSDI. 2091 DomainOS detection for Build. Also, version 10.4 and later 2092 ship a unistd.h. Fixes from Takanobu Ishimura of 2093 PICT Inc. 2094 NeXT 4.x uses /usr/lib/man/cat for its man pages. From 2095 J. P. McCann of E I A. 2096 SCO 4.X and 5.X include NDBM support. From Vlado Potisk 2097 of TEMPEST, Ltd. 2098 CONFIG: Do not pass spoofed PTR results through resolver for 2099 qualification. Problem noted by Michiel Boland of 2100 Digital Valley Internet Professionals; fix from 2101 Kari Hurtta of the Finnish Meteorological Institute. 2102 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP, 2103 BITNET, and DECNET addresses for resolvable senders. 2104 Problem noted by Alexander Litvin of Lucky Net Ltd. 2105 CONFIG: Work around Sun's broken configuration which sends bounce 2106 messages as coming from @@hostname instead of <>. LMTP 2107 would not accept @@hostname. 2108 OP.ME: Corrections to complex sendmail startup script from Rick 2109 Troxel of the National Institutes of Health. 2110 RMAIL: Do not install rmail by default, require 'make force-install' 2111 as this rmail isn't the same as others. Suggested by 2112 Kari Hurtta of the Finnish Meteorological Institute. 2113 New Files: 2114 BuildTools/OS/DomainOS.10.4 2115 21168.9.0/8.9.0 1998/05/19 2117 SECURITY: To prevent users from reading files not normally 2118 readable, sendmail will no longer open forward, :include:, 2119 class, ErrorHeader, or HelpFile files located in unsafe 2120 (i.e., group or world writable) directory paths. Sites 2121 which need the ability to override security can use the 2122 DontBlameSendmail option. See the README file for more 2123 information. 2124 SECURITY: Problems can occur on poorly managed systems, specifically, 2125 if maps or alias files are in world writable directories. 2126 This fixes the change added to 8.8.6 to prevent links in these 2127 world writable directories. 2128 SECURITY: Make sure ServiceSwitchFile option file is not a link if 2129 it is in a world writable directory. 2130 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the 2131 tty it may be able to push bytes back to the senders input. 2132 Unfortunately this breaks -v mode. Problem noted by 2133 Wietse Venema of the Global Security Analysis Lab at 2134 IBM T.J. Watson Research. 2135 SECURITY: Empty group list if DontInitGroups is set to true to 2136 prevent program deliveries from picking up extra group 2137 privileges. Problem reported by Wolfgang Ley of DFN-CERT. 2138 SECURITY: The default value for DefaultUser is now set to the uid and 2139 gid of the first existing user mailnull, sendmail, or daemon 2140 that has a non-zero uid. If none of these exist, sendmail 2141 reverts back to the old behavior of using uid 1 and gid 1. 2142 This is a security problem for Linux which has chosen that 2143 uid and gid for user bin instead of daemon. If DefaultUser 2144 is set in the configuration file, that value overrides this 2145 default. 2146 SECURITY: Since 8.8.7, the check for non-setuid binaries 2147 interfered with setting an alternate group id for the 2148 RunAsUser option. Problem noted by Randall Winchester of 2149 the University of Maryland. 2150 Add support for Berkeley DB 2.X. Based on patch from John Kennedy 2151 of Cal State University, Chico. 2152 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users 2153 which previously defined OLD_NEWDB=1 must now upgrade to the 2154 current version of Berkeley DB. 2155 Added support for regular expressions using the new map class regex. 2156 From Jan Krueger of Unix-AG of University of Hannover. 2157 Support for BIND 8.1.1's hesiod for hesiod maps and hesiod 2158 UserDatabases from Randall Winchester of the University 2159 of Maryland. 2160 Allow any shell for user shell on program deliveries on V1 2161 configurations for backwards compatibility on machines which 2162 do not have getusershell(). Fix from John Beck of Sun 2163 Microsystems. 2164 On operating systems which change the process title by reusing the 2165 argument vector memory, sendmail could corrupt memory if the 2166 last argument was either "-q" or "-d". Problem noted by 2167 Frank Langbein of the University of Stuttgart. 2168 Support Local Mail Transfer Protocol (LMTP) between sendmail and 2169 mail.local on the F=z flag. 2170 Macro-expand the contents of the ErrMsgFile. Previously this was 2171 only done if you had magic characters (0x81) to indicate 2172 macro expansion. Now $x will be expanded. This means that 2173 real dollar signs have to be backslash escaped. 2174 TCP Wrappers expects "unknown" in the hostname argument if the 2175 reverse DNS lookup for the incoming connection fails. 2176 Problem noted by Randy Grimshaw of Syracuse University and 2177 Wietse Venema of the Global Security Analysis Lab at 2178 IBM T.J. Watson Research. 2179 DSN success bounces generated from an invocation of sendmail -t 2180 would be sent to both the sender and MAILER-DAEMON. 2181 Problem noted by Claus Assmann of 2182 Christian-Albrechts-University of Kiel. 2183 Avoid "Error 0" messages on delivery mailers which exit with a 2184 valid exit value such as EX_NOPERM. Fix from Andreas Luik 2185 of ISA Informationssysteme GmbH. 2186 Tokenize $&x expansions on right hand side of rules. This eliminates 2187 the need to use tricks like $(dequote "" $&{client_name} $) 2188 to cause the ${client_name} macro to be properly tokenized. 2189 Add the MaxRecipientsPerMessage option: this limits the number of 2190 recipients that will be accepted in a single SMTP 2191 transaction. After this number is reached, sendmail 2192 starts returning "452 Too many recipients" to all RCPT 2193 commands. This can be used to limit the number of recipients 2194 per envelope (in particular, to discourage use of the server 2195 for spamming). Note: a better approach is to restrict 2196 relaying entirely. 2197 Fixed pointer initialization for LDAP lmap struct, fixed -s option 2198 to ldapx map and added timeout for ldap_open call to 2199 avoid hanging sendmail in the event of hung LDAP servers. 2200 Patch from Booker Bense of Stanford University. 2201 Allow multiple -qI, -qR, or -qS queue run limiters. For example, 2202 '-qRfoo -qRbar' would deliver mail to recipients with foo or 2203 bar in their address. Patch from Allan E Johannesen of 2204 Worcester Polytechnic Institute. 2205 The bestmx map will now return a list of the MX servers for a host if 2206 passed a column delimiter via the -z map flag. This can be 2207 used to check if the server is an MX server for the recipient 2208 of a message. This can be used to help prevent relaying. 2209 Patch from Mitchell Blank Jr of Exec-PC. 2210 Mark failures for the *file* mailer and return bounce messages to the 2211 sender for those failures. 2212 Prevent bogus syslog timestamps on errors in sendmail.cf by 2213 preserving the TZ environment variable until TimeZoneSpec 2214 has been determined. Problem noted by Ralf Hildebrandt of 2215 Technical University of Braunschweig. Patch from Per Hedeland 2216 of Ericsson. 2217 Print test input in address test mode when input is not from the tty 2218 when the -v flag is given (i.e., sendmail -bt -v) to make 2219 output easier to decipher. Problem noted by Aidan Nichol 2220 of Procter & Gamble. 2221 The LDAP map -s flag was not properly parsed and the error message 2222 given included the remainder of the arguments instead of 2223 solely the argument in error. Problem noted by Aidan Nichol 2224 of Procter & Gamble. 2225 New DontBlameSendmail option. This option allows administrators to 2226 bypass some of sendmail's file security checks at the expense 2227 of system security. This should only be used if you are 2228 absolutely sure you know the consequences. The available 2229 DontBlameSendmail options are: 2230 Safe 2231 AssumeSafeChown 2232 ClassFileInUnsafeDirPath 2233 ErrorHeaderInUnsafeDirPath 2234 GroupWritableDirPathSafe 2235 GroupWritableForwardFileSafe 2236 GroupWritableIncludeFileSafe 2237 GroupWritableAliasFile 2238 HelpFileinUnsafeDirPath 2239 WorldWritableAliasFile 2240 ForwardFileInGroupWritableDirPath 2241 IncludeFileInGroupWritableDirPath 2242 ForwardFileInUnsafeDirPath 2243 IncludeFileInUnsafeDirPath 2244 ForwardFileInUnsafeDirPathSafe 2245 IncludeFileInUnsafeDirPathSafe 2246 MapInUnsafeDirPath 2247 LinkedAliasFileInWritableDir 2248 LinkedClassFileInWritableDir 2249 LinkedForwardFileInWritableDir 2250 LinkedIncludeFileInWritableDir 2251 LinkedMapInWritableDir 2252 LinkedServiceSwitchFileInWritableDir 2253 FileDeliveryToHardLink 2254 FileDeliveryToSymLink 2255 WriteMapToHardLink 2256 WriteMapToSymLink 2257 WriteStatsToHardLink 2258 WriteStatsToSymLink 2259 RunProgramInUnsafeDirPath 2260 RunWritableProgram 2261 New DontProbeInterfaces option to turn off the inclusion of all the 2262 interface names in $=w on startup. In particular, if you 2263 have lots of virtual interfaces, this option will speed up 2264 startup. However, unless you make other arrangements, mail 2265 sent to those addresses will be bounced. 2266 Automatically create alias databases if they don't exist and 2267 AutoRebuildAliases is set. 2268 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command. 2269 Suggested by Christophe Wolfhugel of the Institut Pasteur. 2270 Add PrivacyOptions=noverb flag to disable the SMTP VERB command. 2271 When determining the client host name ($&{client_name} macro), do 2272 a forward (A) DNS lookup on the result of the PTR lookup 2273 and compare results. If they differ or if the PTR lookup 2274 fails, &{client_name} will contain the IP address 2275 surrounded by square brackets (e.g., [127.0.0.1]). 2276 New map flag: -Tx appends "x" to lookups that return temporary failure 2277 (i.e, it is like -ax for the temporary failure case, in 2278 contrast to the success case). 2279 New syntax to do limited checking of header syntax. A config line 2280 of the form: 2281 HHeader: $>Ruleset 2282 causes the indicated Ruleset to be invoked on the Header 2283 when read. This ruleset works like the check_* rulesets -- 2284 that is, it can reject mail on the basis of the contents. 2285 Limit the size of the HELO/EHLO parameter to prevent spammers 2286 from hiding their connection information in Received: 2287 headers. 2288 When SingleThreadDelivery is active, deliveries to locked hosts 2289 are skipped. This will cause the delivering process to 2290 try the next MX host or queue the message if no other MX 2291 hosts are available. Suggested by Alexander Litvin. 2292 The [FILE] mailer type now delivers to the file specified in the 2293 A= equate of the mailer definition instead of $u. It also 2294 obeys all of the F= mailer flags such as the MIME 2295 7/8 bit conversion flags. This is useful for defining 2296 a mailer which delivers to the same file regardless of the 2297 recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail). 2298 Do not assume the identity of a remote connection is root@localhost 2299 if the remote connection closes the socket before the 2300 remote identity can be queried. 2301 Change semantics of the F=S mailer flag back to 8.7.5 behavior. 2302 Some mailers, including procmail, require that the real 2303 uid is left unchanged by sendmail. Problem noted by Per 2304 Hedeland of Ericsson. 2305 No longer is the src/obj*/Makefile selected from a large list -- it 2306 is now generated using the information in BuildTools/OS/ -- 2307 some of the details are determined dynamically via 2308 BuildTools/bin/configure.sh. 2309 The other programs in the sendmail distribution -- mail.local, 2310 mailstats, makemap, praliases, rmail, and smrsh -- now use 2311 the new Build method which creates an operating system 2312 specific Makefile using the information in BuildTools. 2313 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e., 2314 a failure on one message won't affect future messages to the 2315 same host). This is necessary if the remote host sends 2316 a 451 error if the domain of the sender does not resolve 2317 as is common in anti-spam configurations. Problem noted 2318 by Mitchell Blank Jr of Exec-PC. 2319 New "discard" mailer for check_* rulesets and header checking 2320 rulesets. If one of the above rulesets resolves to the 2321 $#discard mailer, the commands will be accepted but the 2322 message will be completely discarded after it is accepting. 2323 This means that even if only one of the recipients 2324 resolves to the $#discard mailer, none of the recipients 2325 will receive the mail. Suggested by Brian Kantor. 2326 All but the last cloned envelope of a split envelope were queued 2327 instead of being delivered. Problem noted by John Caruso 2328 of CNET: The Computer Network. 2329 Fix deadlock situation in persistent host status file locking. 2330 Syslog an error if a user forward file could not be read due to 2331 an error. Patch from John Beck of Sun Microsystems. 2332 Use the first name returned on machine lookups when canonifying a 2333 hostname via NetInfo. Patch from Timm Wetzel of GWDG. 2334 Clear the $&{client_addr}, $&{client_name}, and $&{client_port} 2335 macros when delivering a bounce message to prevent 2336 rejection by a check_compat ruleset which uses these macros. 2337 Problem noted by Jens Hamisch of AgiX Internetservices GmbH. 2338 If the check_relay ruleset resolves to the the error mailer, the 2339 error in the $: portion of the resolved triplet is used 2340 in the rejection message given to the remote machine. 2341 Suggested by Scott Gifford of The Internet Ramp. 2342 Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros 2343 before calling the check_relay ruleset. Suggested by Scott 2344 Gifford of The Internet Ramp. 2345 Sendmail would get a segmentation fault if a mailer exited with an 2346 exit code of 79. Problem noted by Aaron Schrab of ExecPC 2347 Internet. Fix from Christophe Wolfhugel of the Pasteur 2348 Institute. 2349 Separate snprintf/vsnprintf routines into separate file for use by 2350 mail.local. 2351 Allow multiple map lookups on right hand side, e.g., 2352 R$* $( host $1 $) $| $( passwd $1 $). Patch from 2353 Christophe Wolfhugel of the Pasteur Institute. 2354 Properly generate success DSN messages if requested for aliases 2355 which have owner- aliases. Problem noted by Kari Hurtta 2356 of the Finnish Meteorological Institute. 2357 Properly display delayed-expansion macros ($&{macroname}) in 2358 address test mode (-bt). Problem noted by Bryan Costales 2359 of InfoBeat, Inc. 2360 -qR could sometimes match names incorrectly. Problem noted by 2361 Lutz Euler of Lavielle EDV Systemberatung GmbH & Co. 2362 Include a magic number and version in the StatusFile for the 2363 mailstats command. 2364 Record the number of rejected and discarded messages in the 2365 StatusFile for display by the mailstats command. Patch 2366 from Randall Winchester of the University of Maryland. 2367 IDENT returns where the OSTYPE field equals "OTHER" now list the 2368 user portion as IDENT:username@site instead of 2369 username@site to differentiate the two. Suggested by 2370 Kari Hurtta of the Finnish Meteorological Institute. 2371 Enforce timeout for LDAP queries. Patch from Per Hedeland of 2372 Ericsson. 2373 Change persistent host status filename substitution so '/' is 2374 replaced by ':' instead of '|' to avoid clashes. Also 2375 avoid clashes with hostnames with leading dots. Fix from 2376 Mitchell Blank Jr. of Exec-PC. 2377 If the system lock table is full, only attempt to create a new 2378 queue entry five times before giving up. Previously, it 2379 was attempted indefinitely which could cause the partition 2380 to run out of inodes. Problem noted by Suzie Weigand of 2381 Stratus Computer, Inc. 2382 In verbose mode, warn if the sendmail.cf version is less than the 2383 currently supported version. 2384 Sorting for QueueSortOrder=host is now case insensitive. Patch 2385 from Randall S. Winchester of the University of Maryland. 2386 Properly quote a full name passed via the -F command line option, 2387 the Full-Name: header, or the NAME environment variable if 2388 it contains characters which must be quoted. Problem noted 2389 by Kari Hurtta of the Finnish Meteorological Institute. 2390 Avoid possible race condition that unlocked a mail job before 2391 releasing the transcript file on systems that use flock(2). 2392 In some cases, this might result in a "Transcript Unavailable" 2393 message in error bounces. 2394 Accept SMTP replies which contain only a reply code and no 2395 accompanying text. Problem noted by Fernando Fraticelli of 2396 Digital Equipment Corporation. 2397 Portability: 2398 AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura 2399 of Kyoto University. 2400 AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from 2401 Randall S. Winchester of the University of 2402 Maryland. 2403 AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS. 2404 CRAY T3E from Manu Mahonen of Center for Scientific Computing 2405 in Finland. 2406 Digital UNIX now uses statvfs for determining free 2407 disk space. Patch from Randall S. Winchester of 2408 the University of Maryland. 2409 HP-UX 11.x from Richard Allen of Opin Kerfi HF and 2410 Regis McEwen of Progress Software Corporation. 2411 IRIX 64 bit fixes from Kari Hurtta of the Finnish 2412 Meteorological Institute. 2413 IRIX 6.2 configuration fix for mail.local from Michael Kyle 2414 of CIC/Advanced Computing Laboratory. 2415 IRIX 6.5 from Thomas H Jones II of SGI. 2416 IRIX 6.X load average code from Bob Mende of SGI. 2417 QNX from Glen McCready <glen@qnx.com>. 2418 SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links 2419 to sendmail. Install with group bin instead of kmem 2420 as kmem does not exist. From Guillermo Freige of 2421 Gobernacion de la Pcia de Buenos Aires and Paul 2422 Fischer of BTG, Inc. 2423 SunOS 4.X does not include memmove(). Patch from 2424 Per Hedeland of Ericsson. 2425 SunOS 5.7 includes getloadavg() function for determining 2426 load average. Patch from John Beck of Sun 2427 Microsystems. 2428 CONFIG: Increment version number of config file. 2429 CONFIG: add DATABASE_MAP_TYPE to set the default type of database 2430 map for the various maps. The default is hash. Patch from 2431 Robert Harker of Harker Systems. 2432 CONFIG: new confEBINDIR m4 variable for defining the executable 2433 directory for certain programs. 2434 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for 2435 local mail delivery. By the default, /usr/libexec/mail.local 2436 is used. This is expected to be the mail.local shipped 2437 with 8.9 which is LMTP capable. The path is based on the 2438 new confEBINDIR m4 variable. 2439 CONFIG: Use confEBINDIR in determining path to smrsh for 2440 FEATURE(smrsh). Note that this changes the default from 2441 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the 2442 old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh). 2443 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to 2444 include $z/.forward.$w+$h and $z/.forward+$h which allow 2445 the user to setup different .forward files for 2446 user+detail addressing. 2447 CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES, 2448 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage, 2449 DontProbeInterfaces, and DontBlameSendmail options. 2450 CONFIG: by default do not allow relaying (that is, accepting mail 2451 from outside your domain and sending it to another host 2452 outside your domain). 2453 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from 2454 any site to any site. 2455 CONFIG: new FEATURE(relay_entire_domain) allows any host in your 2456 domain as defined by the 'm' class ($=m) to relay. 2457 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on 2458 the MX records of the host portion of an incoming recipient. 2459 CONFIG: new FEATURE(access_db) which turns on the access database 2460 feature. This database give you the ability to allow 2461 or refuse to accept mail from specified domains for 2462 administrative reasons. By default, names that are listed 2463 as "OK" in the access db are domain names, not host names. 2464 CONFIG: new confCR_FILE m4 variable for defining the name of the file 2465 used for class 'R'. Defaults to /etc/mail/relay-domains. 2466 CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file) 2467 to add items to class 'R' ($=R) for hosts allowed to relay. 2468 CONFIG: new FEATURE(relay_hosts_only) to change the behavior 2469 of FEATURE(access_db) and class 'R' to lookup individual 2470 host names only. 2471 CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient 2472 using % addressing is used, e.g. user%site@othersite, 2473 and othersite is in class 'R', the check_rcpt ruleset 2474 will strip @othersite and recheck user@site for relaying. 2475 This feature changes that behavior. It should not be 2476 needed for most installations. 2477 CONFIG: new FEATURE(relay_local_from) to allow relaying if the 2478 domain portion of the mail sender is a local host. This 2479 should only be used if absolutely necessary as it opens 2480 a window for spammers. Patch from Randall S. Winchester of 2481 the University of Maryland. 2482 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to 2483 block incoming mail destined for certain recipient 2484 usernames, hostnames, or addresses. 2485 CONFIG: By default, MAIL FROM: commands in the SMTP session will be 2486 refused if the host part of the argument to MAIL FROM: cannot 2487 be located in the host name service (e.g., DNS). 2488 CONFIG: new FEATURE(accept_unresolvable_domains) accepts 2489 unresolvable hostnames in MAIL FROM: SMTP commands. 2490 CONFIG: new FEATURE(accept_unqualified_senders) accepts 2491 MAIL FROM: senders which do not include a domain. 2492 CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the 2493 Realtime Blackhole List. You can specify the RBL name 2494 server to contact by specifying it as an optional argument. 2495 The default is rbl.maps.vix.com. For details, see 2496 http://maps.vix.com/rbl/. 2497 CONFIG: Call Local_check_relay, Local_check_mail, and 2498 Local_check_rcpt from check_relay, check_mail, and 2499 check_rcpt. Users with local rulesets should place the 2500 rules using LOCAL_RULESETS. If a Local_check_* ruleset 2501 returns $#OK, the message is accepted. If the ruleset 2502 returns a mailer, the appropriate action is taken, else 2503 the return of the ruleset is ignored. 2504 CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by 2505 default to support file, :include:, and program deliveries. 2506 CONFIG: Remove the default for confDEF_USER_ID so the binary can 2507 pick the proper default value. See the SECURITY note 2508 above for more information. 2509 CONFIG: FEATURE(nodns) now warns the user that the feature is a 2510 no-op. Patch from Kari Hurtta of the Finnish 2511 Meteorological Institute. 2512 CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to 2513 daemon since DEC's /bin/mail will drop the envelope 2514 sender if run as mailnull. See the Digital UNIX section 2515 of src/README for more information. Problem noted by 2516 Kari Hurtta of the Finnish Meteorological Institute. 2517 CONFIG: .cf files are now stored in the same directory with the 2518 .mc files instead of in the obj directory. 2519 CONFIG: New options confSINGLE_LINE_FROM_HEADER, 2520 confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for 2521 setting SingleLineFromHeader, AllowBogusHELO, and 2522 MustQuoteChars respectively. 2523 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This 2524 SMTP-like protocol allows detailed reporting of delivery 2525 status on a per-user basis. Code donated by John Myers of 2526 CMU (now of Netscape). 2527 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the 2528 University of Maryland. NOTE: mail.local is not 2529 compatible with the stock HP-UX mail format. Be sure to 2530 read mail.local/README. 2531 MAIL.LOCAL: Prevent other mail delivery agents from stealing a 2532 mailbox lock. Patch from Randall S. Winchester of the 2533 University of Maryland. 2534 MAIL.LOCAL: glibc portability from John Kennedy of Cal State 2535 University, Chico. 2536 MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish 2537 Meteorological Institute. 2538 MAILSTATS: Display the number of rejected and discarded messages 2539 in the StatusFile. Patch from Randall Winchester of the 2540 University of Maryland. 2541 MAKEMAP: New -s flag to ignore safety checks on database map files 2542 such as linked files in world writable directories. 2543 MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support. 2544 PRALIASES: Add support for Berkeley DB 2.X. 2545 PRALIASES: Do not automatically include NDBM support. Problem 2546 noted by Ralf Hildebrandt of the Technical University of 2547 Braunschweig. 2548 RMAIL: Improve portability for other platforms. Patches from 2549 Randall S. Winchester of the University of Maryland and 2550 Kari Hurtta of the Finnish Meteorological Institute. 2551 Changed Files: 2552 src/Makefiles/Makefile.* files have been modified to use 2553 the new build mechanism and are now BuildTools/OS/*. 2554 src/makesendmail changed to symbolic link to src/Build. 2555 New Files: 2556 BuildTools/M4/header.m4 2557 BuildTools/M4/depend/BSD.m4 2558 BuildTools/M4/depend/CC-M.m4 2559 BuildTools/M4/depend/NCR.m4 2560 BuildTools/M4/depend/Solaris.m4 2561 BuildTools/M4/depend/X11.m4 2562 BuildTools/M4/depend/generic.m4 2563 BuildTools/OS/AIX.4.2 2564 BuildTools/OS/AIX.4.x 2565 BuildTools/OS/CRAYT3E.2.0.x 2566 BuildTools/OS/HP-UX.11.x 2567 BuildTools/OS/IRIX.6.5 2568 BuildTools/OS/NEXTSTEP.4.x 2569 BuildTools/OS/NeXT.4.x 2570 BuildTools/OS/NetBSD.8.3 2571 BuildTools/OS/QNX 2572 BuildTools/OS/SunOS.5.7 2573 BuildTools/OS/dcosx.1.x.NILE 2574 BuildTools/README 2575 BuildTools/Site/README 2576 BuildTools/bin/Build 2577 BuildTools/bin/configure.sh 2578 BuildTools/bin/find_m4.sh 2579 BuildTools/bin/install.sh 2580 Makefile 2581 cf/cf/Build 2582 cf/cf/generic-hpux10.cf 2583 cf/feature/accept_unqualified_senders.m4 2584 cf/feature/accept_unresolvable_domains.m4 2585 cf/feature/access_db.m4 2586 cf/feature/blacklist_recipients.m4 2587 cf/feature/loose_relay_check.m4 2588 cf/feature/local_lmtp.m4 2589 cf/feature/promiscuous_relay.m4 2590 cf/feature/rbl.m4 2591 cf/feature/relay_based_on_MX.m4 2592 cf/feature/relay_entire_domain.m4 2593 cf/feature/relay_hosts_only.m4 2594 cf/feature/relay_local_from.m4 2595 cf/ostype/qnx.m4 2596 contrib/doublebounce.pl 2597 mail.local/Build 2598 mail.local/Makefile.m4 2599 mail.local/README 2600 mailstats/Build 2601 mailstats/Makefile.m4 2602 makemap/Build 2603 makemap/Makefile.m4 2604 praliases/Build 2605 praliases/Makefile.m4 2606 rmail/Build 2607 rmail/Makefile.m4 2608 rmail/rmail.0 2609 smrsh/Build 2610 smrsh/Makefile.m4 2611 src/Build 2612 src/Makefile.m4 2613 src/snprintf.c 2614 Deleted Files: 2615 cf/cf/Makefile (replaced by Makefile.dist) 2616 mail.local/Makefile 2617 mail.local/Makefile.dist 2618 mailstats/Makefile 2619 mailstats/Makefile.dist 2620 makemap/Makefile 2621 makemap/Makefile.dist 2622 praliases/Makefile 2623 praliases/Makefile.dist 2624 rmail/Makefile 2625 smrsh/Makefile 2626 smrsh/Makefile.dist 2627 src/Makefile 2628 src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2) 2629 src/Makefiles/Makefile.SMP_DC.OSx.NILE 2630 (renamed BuildTools/OS/dcosx.1.x.NILE) 2631 src/Makefiles/Makefile.Utah (obsolete platform) 2632 Renamed Files: 2633 READ_ME => README 2634 cf/cf/Makefile.dist => Makefile 2635 cf/cf/obj/* => cf/cf/* 2636 src/READ_ME => src/README 2637 26388.8.8/8.8.8 1997/10/24 2639 If the check_relay ruleset failed, the relay= field was logged 2640 incorrectly. Problem noted by Kari Hurtta of the Finnish 2641 Meteorological Institute. 2642 If /usr/tmp/dead.letter already existed, sendmail could not 2643 add additional bounces to it. Problem noted by Thomas J. 2644 Arseneault of SRI International. 2645 If an SMTP mailer used a non-standard port number for the outgoing 2646 connection, it would be displayed incorrectly in verbose mode. 2647 Problem noted by John Kennedy of Cal State University, Chico. 2648 Log the ETRN parameter specified by the client before altering them 2649 to internal form. Suggested by Bob Kupiec of GES-Verio. 2650 EXPN and VRFY SMTP commands on malformed addresses were logging as 2651 User unknown with bogus delay= values. Change them to log 2652 the same as compliant addresses. Problem noted by Kari E. 2653 Hurtta of the Finnish Meteorological Institute. 2654 Ignore the debug resolver option unless using sendmail debug trace 2655 option for resolver. Problem noted by Greg Nichols of Wind 2656 River Systems. 2657 If SingleThreadDelivery was enabled and the remote server returned a 2658 protocol error on the DATA command, the connection would be 2659 closed but the persistent host status file would not be 2660 unlocked so other sendmail processes could not deliver to 2661 that host. Problem noted by Peter Wemm of DIALix. 2662 If queueing up a message due to an expensive mailer, don't increment 2663 the number of delivery attempts or set the last delivery 2664 attempt time so the message will be delivered on the next 2665 queue run regardless of MinQueueAge. Problem noted by 2666 Brian J. Coan of the Institute for Global Communications. 2667 Authentication warnings of "Processed from queue _directory_" and 2668 "Processed by _username_ with -C _filename_" would be logged 2669 with the incorrect timestamp. Problem noted by Kari E. Hurtta 2670 of the Finnish Meteorological Institute. 2671 Use a better heuristic for detecting GDBM. 2672 Log null connections on dropped connections. Problem noted by 2673 Jon Lewis of Florida Digital Turnpike. 2674 If class dbm maps are rebuilt, sendmail will now detect this and 2675 reopen the map. Previously, they could give stale 2676 results during a single message processing (but would 2677 recover when the next message was received). Fix from 2678 Joe Pruett of Q7 Enterprises. 2679 Do not log failures such as "User unknown" on -bv or SMTP VRFY 2680 requests. Problem noted by Kari E. Hurtta of the 2681 Finnish Meteorological Institute. 2682 Do not send a bounce message back to the sender regarding bad 2683 recipients if the SMTP connection is dropped before the 2684 message is accepted. Problem noted by Kari E. Hurtta of the 2685 Finnish Meteorological Institute. 2686 Use "localhost" instead of "[UNIX: localhost]" when connecting to 2687 sendmail via a UNIX pipe. This will allow rulesets using 2688 $&{client_name} to process without sending the string through 2689 dequote. Problem noted by Alan Barrett of Internet Africa. 2690 A combination of deferred delivery mode, a double bounce situation, 2691 and the inability to save a bounce message to 2692 /var/tmp/dead.letter would cause sendmail to send a bounce 2693 to postmaster but not remove the offending envelope from the 2694 queue causing it to create a new bounce message each time the 2695 queue was run. Problem noted by Brad Doctor of Net Daemons 2696 Associates. 2697 Remove newlines from hostname information returned via DNS. There are 2698 no known security implications of newlines in hostnames as 2699 sendmail filters newlines in all vital areas; however, this 2700 could cause confusing error messages. 2701 Starting with sendmail 8.8.6, mail sent with the '-t' option would be 2702 rejected if any of the specified addresses were bad. This 2703 behavior was modified to only reject the bad addresses and not 2704 the entire message. Problem noted by Jozsef Hollosi of 2705 SuperNet, Inc. 2706 Use Timeout.fileopen when delivering mail to a file. Suggested by 2707 Bryan Costales of InfoBeat, Inc. 2708 Display the proper Final-Recipient on DSN messages for non-SMTP 2709 mailers. Problem noted by Kari E. Hurtta of the 2710 Finnish Meteorological Institute. 2711 An error in calculating the available space in the list of addresses 2712 for logging deliveries could cause an address to be silently 2713 dropped. 2714 Include the initial user environment if sendmail is restarted via 2715 a HUP signal. This will give room for the process title. 2716 Problem noted by Jon Lewis of Florida Digital Turnpike. 2717 Mail could be delivered without a body if the machine does not 2718 support flock locking and runs out of processes during 2719 delivery. Fix from Chuck Lever of the University of Michigan. 2720 Drop recipient address from 251 and 551 SMTP responses per RFC 821. 2721 Problem noted by Kari E. Hurtta of the Finnish Meteorological 2722 Institute. 2723 Make sure non-rebuildable database maps are opened before the 2724 rebuildable maps (i.e., alias files) in case the database maps 2725 are needed for verifying the left hand side of the aliases. 2726 Problem noted by Lloyd Parkes of Victoria University. 2727 Make sure sender RFC822 source route addresses are alias expanded for 2728 bounce messages. Problem noted by Juergen Georgi of 2729 RUS University of Stuttgart. 2730 Minor lint fixes. 2731 Return a temporary error instead of a permanent error if an LDAP map 2732 search returns an error. This will allow sequenced maps which 2733 use other LDAP servers to be checked. Fix from Booker Bense 2734 of Stanford University. 2735 When automatically converting from quoted printable to 8bit text do 2736 not pad bare linefeeds with a space. Problem noted by Theo 2737 Nolte of the University of Technology Aachen, Germany. 2738 Portability: 2739 Non-standard C compilers may have had a problem compiling 2740 conf.c due to a standard C external declaration of 2741 setproctitle(). Problem noted by Ted Roberts of 2742 Electronic Data Systems. 2743 AUX: has a broken O_EXCL implementation. Reported by Jim 2744 Jagielski of jaguNET Access Services. 2745 BSD/OS: didn't compile if HASSETUSERCONTEXT was defined. 2746 Digital UNIX: Digital UNIX (and possibly others) moves 2747 loader environment variables into the loader memory 2748 area. If one of these environment variables (such as 2749 LD_LIBRARY_PATH) was the last environment variable, 2750 an invalid memory address would be used by the process 2751 title routine causing memory corruption. Problem 2752 noted by Sam Hartman of Mesa Internet Systems. 2753 GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused 2754 chownsafe() to always return 0 even if the OS does 2755 not permit file giveaways. Problem noted by 2756 Yasutaka Sumi of The University of Tokyo. 2757 IRIX6: Syslog buffer size set to 512 bytes. Reported by 2758 Gerald Rinske of Siemens Business Services VAS. 2759 Linux: Pad process title with NULLs. Problem noted by 2760 Jon Lewis of Florida Digital Turnpike. 2761 SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an 2762 incorrect value for the number of interfaces. 2763 Problem noted by Chris Loelke of JetStream Internet 2764 Services. 2765 SINIX: Update for Makefile and syslog buffer size from Gerald 2766 Rinske of Siemens Business Services VAS. 2767 Solaris: Make sure HASGETUSERSHELL setting for SunOS is not 2768 used on a Solaris machine. Problem noted by 2769 Stephen Ma of Jtec Pty Limited. 2770 CONFIG: SINIX: Update from Gerald Rinske of Siemens Business 2771 Services VAS. 2772 MAKEMAP: Use a better heuristic for detecting GDBM. 2773 CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff. 2774 OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of 2775 Ericsson. 2776 27778.8.7/8.8.7 1997/08/03 2778 If using Berkeley DB on systems without O_EXLOCK (open a file with 2779 an exclusive lock already set -- i.e., almost all systems 2780 except 4.4-BSD derived systems), the initial attempt at 2781 rebuilding aliases file if the database didn't already 2782 exist would fail. Patch from Raymund Will of LST Software 2783 GmbH. 2784 Bogus incoming SMTP commands would reset the SMTP conversation. 2785 Problem noted by Fredrik J�nsson of the Royal Institute 2786 of Technology, Stockholm. 2787 Since TCP Wrappers includes setenv(), unsetenv(), and putenv(), 2788 some environments could give "multiple definitions" for these 2789 routines during compilation. If using TCP Wrappers, assume 2790 that these routines are included as though they were in the 2791 C library. Patch from Robert La Ferla. 2792 When a NEWDB database map was rebuilt at the same time it was being 2793 used by a queue run, the maps could be left locked for the 2794 duration of the queue run, causing other processes to hang. 2795 Problem noted by Kendall Libby of Shore.NET. 2796 In some cases, NoRecipientAction=add-bcc was being ignored, so the 2797 mail was passed on without any recipient header. This could 2798 cause problems downstream. Problem noted by Xander Jansen 2799 of SURFnet ExpertiseCentrum. 2800 Give error when GDBM is used with sendmail. GDBM's locking and 2801 linking of the .dir and .pag files interferes with sendmail's 2802 locking and security checks. Problems noted by Fyodor 2803 Yarochkin of the Kyrgyz Republic FreeNet. 2804 Don't fsync qf files if SuperSafe option is not set. 2805 Avoid extra calls to gethostbyname for addresses for which a 2806 gethostbyaddr found no value. Also, ignore any returns 2807 from gethostbyaddr that look like a dotted quad. 2808 If PTR lookup fails when looking up an SMTP peer, don't tag it as 2809 "may be forged", since at the network level we pretty much 2810 have to assume that the information is good. 2811 In some cases, errors during an SMTP session could leave files 2812 open or locked. 2813 Better handling of missing file descriptors (0, 1, 2) on startup. 2814 Better handling of non-setuid binaries -- avoids certain obnoxious 2815 errors during testing. 2816 Errors in file locking of NEWDB maps had the incorrect file name 2817 printed in the error message. 2818 If the AllowBogusHELO option were set and an EHLO with a bad or 2819 missing parameter were issued, the EHLO behaved like a HELO. 2820 Load limiting never kicked in for incoming SMTP transactions if the 2821 DeliveryMode=background and any recipient was an alias or 2822 had a .forward file. From Nik Conwell of Boston University. 2823 On some non-Posix systems, the decision of whether chown(2) permits 2824 file giveaway was undefined. From Tetsu Ushijima of the 2825 Tokyo Institute of Technology. 2826 Fix race condition that could cause the body of a message to be 2827 lost (so only the header was delivered). This only occurs 2828 on systems that do not use flock(2), and only when a queue 2829 runner runs during a critical section in another message 2830 delivery. Based on a patch from Steve Schweinhart of 2831 Results Computing. 2832 If a qf file was found in a mail queue directory that had a problem 2833 (wrong ownership, bad format, etc.) and the file name was 2834 exactly MAXQFNAME bytes long, then instead of being tried 2835 once, it would be tried on every queue run. Problem noted 2836 by Bryan Costales of Mercury Mail. 2837 If the system supports an st_gen field in the status structure, 2838 include it when reporting that a file has changed after open. 2839 This adds a new compile flag, HAS_ST_GEN (0/1 option). 2840 This out to be checked as well as reported, since it is 2841 theoretically possible for an attacker to remove a file after 2842 it is opened and replace it with another file that has the 2843 same i-number, but some filesystems (notably AFS) return 2844 garbage in this field, and hence always look like the file 2845 has changed. As a practical matter this is not a security 2846 problem, since the files can be neither hard nor soft links, 2847 and on no filesystem (that I am aware of) is it possible to 2848 have two files on the same filesystem with the same i-number 2849 simultaneously. 2850 Delete the root Makefile from the distribution -- it is only for 2851 use internally, and does not work at customer sites. 2852 Fix botch that caused the second MAIL FROM: command in a single 2853 transaction to clear the entire transaction. Problem 2854 noted by John Kennedy of Cal State University, Chico. 2855 Work properly on machines that have _PATH_VARTMP defined without 2856 a trailing slash. (And a pox on vendors that decide to 2857 ignore the established conventions!) Problem noted by 2858 Gregory Neil Shapiro of WPI. 2859 Internal changes to make it easier to add another protocol family 2860 (intended for IPv6). Patches are from John Kennedy of 2861 CSU Chico. 2862 In certain cases, 7->8 bit MIME decoding of Base64 text could leave 2863 an extra space at the beginning of some lines. Problem 2864 noted by Charles Karney of Princeton University; fix based 2865 on a patch from Christophe Wolfhugel. 2866 Portability: 2867 Allow _PATH_VENDOR_CF to be set in Makefile for consistency 2868 with the _Sendmail_ book, 2nd edition. Note that 2869 the book is actually wrong: _PATH_SENDMAILCF should 2870 be used instead. 2871 AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow 2872 of Argonne National Laboratory. 2873 OpenBSD from from Paul DuBois of the University of Wisconsin. 2874 RISC/os 4.0 from Paul DuBois of the University of Wisconsin. 2875 SunOS: Include <memory.h> to fix warning from util.c. From 2876 James Aldridge of EUnet Ltd. 2877 Solaris: Change STDIR (location of status file) to /etc/mail 2878 in Makefiles. 2879 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from 2880 Makefiles. Use NEWDB on Linux instead. 2881 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl 2882 exists but behaves differently than other OSes. 2883 Add SIOCGIFNUM_IS_BROKEN compile flag to get 2884 around the problem. Problem noted by Tom Moore of 2885 NCR Corp. 2886 HP-UX 9.x: fix compile warnings for old select API. Problem 2887 noted by Tom Smith of Digital Equipment Corp. 2888 UnixWare 2.x: compile warnings on offsetof macro. Problem 2889 noted by Tom Good of the Community Access Information 2890 Resource Network 2891 SCO 4.2: compile problems caused by a change in the type of 2892 the "length" parameters passed to accept, getpeername, 2893 getsockname, and getsockopt. Adds new compile flags 2894 SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported 2895 by Tom Good of St. Vincent's North Richmond Community 2896 Mental Health Center Residential Services. 2897 AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. 2898 Suggested by Brett Hogden of Rochester Gas & Electric 2899 Corp. 2900 Linux: avoid compile problem for versions of <setjmp.h> that 2901 #define both setjmp and longjmp. Problem pointed out 2902 by J.R. Oldroyd of TerraNet. 2903 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1) 2904 from Christopher Durham of SCO. 2905 CONFIG: NEXTSTEP: define confCW_FILE to 2906 /etc/sendmail/sendmail.cw to match the usual 2907 configuration. Patch from Dennis Glatting of 2908 PlainTalk. 2909 CONFIG: MAILER(fax) called a program that hasn't existed for a long 2910 time. Convert to use the HylaFAX 4.0 conventions. Suggested 2911 by Harry Styron. 2912 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These 2913 are the rulesets in use on sendmail.org. 2914 MAKEMAP: give error on GDBM files. 2915 MAIL.LOCAL: Make error messages a bit more explicit, for example, 2916 telling more details on what actually changed when "file 2917 changed after open". 2918 CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw 2919 files. 2920 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'. 2921 NEW FILES: 2922 src/Makefiles/Makefile.OpenBSD 2923 src/Makefiles/Makefile.RISCos.4_0 2924 test/t_exclopen.c 2925 cf/ostype/sco-uw-2.1.m4 2926 DELETED FILES: 2927 Makefile 2928 29298.8.6/8.8.6 1997/06/14 2930 ************************************************************* 2931 * The extensive assistance of Gregory Neil Shapiro of WPI * 2932 * in preparing this release is gratefully appreciated. * 2933 * Sun Microsystems has also provided resources toward * 2934 * continued sendmail development. * 2935 ************************************************************* 2936 SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open 2937 mode bits set to create a file that is a symbolic link that 2938 points nowhere. This makes it possible to create a root 2939 owned file in an arbitrary directory by inserting the symlink 2940 into a writable directory after the initial lstat(2) check 2941 determined that the file did not exist. The only verified 2942 example of a system having these odd semantics for O_EXCL 2943 and symbolic links was HP-UX prior to version 9.07. Most 2944 systems do not have the problem, since a exclusive create 2945 of a file disallows symbolic links. Systems that have been 2946 verified to NOT have the problem include AIX 3.x, *BSD, 2947 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris, 2948 and Ultrix. This is a potential exposure on systems that 2949 have this bug and which do not have a MAILER-DAEMON alias 2950 pointing at a legitimate account, since this will cause old 2951 mail to be dropped in /var/tmp/dead.letter. 2952 SECURITY: Problems can occur on poorly managed systems, specifically, 2953 if maps or alias files are in world writable directories. 2954 If your system has alias maps in writable directories, it 2955 is potentially possible for an attacker to replace the .db 2956 (or .dir and .pag) files by symbolic links pointing at 2957 another database; this can be used either to expose 2958 information (e.g., by pointing an alias file at /etc/spwd.db 2959 and probing for accounts), or as a denial-of-service attack 2960 (by trashing the password database). The fix disallows 2961 symbolic links entirely when rebuilding alias files or on 2962 maps that are in writable directories, and always warns on 2963 writable directories; 8.9 will probably consider writable 2964 directories to be fatal errors. This does not represent an 2965 exposure on systems that have alias files in unwritable 2966 system directories. 2967 SECURITY: disallow .forward or :include: files that are links (hard 2968 or soft) if the parent directory (or any directory in the 2969 path) is writable by anyone other than the owner. This is 2970 similar to the previous case for user files. This change 2971 should not affect most systems, but is necessary to prevent 2972 an attacker who can write the directory from pointing such 2973 files at other files that are readable only by the owner. 2974 SECURITY: Tighten safechown rules: many systems will say that they 2975 have a safe (restricted to root) chown even on files that 2976 are mounted from another system that allows owners to give 2977 away files. The new rules are very strict, trusting file 2978 ownership only in those few cases where the system has 2979 been verified to be at least as paranoid as necessary. 2980 However, it is possible to relax the rules to partially 2981 trust the ownership if the directory path is not world or 2982 group writable. This might allow someone who has a legitimate 2983 :include: file (referenced directly from /etc/aliases) to 2984 become another non-root user if the :include: file is in a 2985 non-writable directory on an NFS-mounted filesystem where 2986 the local system says that giveaway is denied but it is 2987 actually permitted. I believe this to be a very small set 2988 of cases. If in doubt, do not point :include: aliases at 2989 NFS-mounted filesystems. 2990 SECURITY: When setting a numeric group id using the RunAsUser option 2991 (e.g., "O RunAsUser=10:20", the group id would not be set. 2992 Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha 2993 group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine. 2994 The user id was still set properly. Problem noted by Uli 2995 Pralle of the Technical University of Berlin. 2996 Save the initial gid set for use when checking for if the 2997 PrivacyOptions=restrictmailq option is set. Problem reported 2998 by Wolfgang Ley of DFN-CERT. 2999 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a 3000 failure on one message won't affect future messages to the 3001 same host). 3002 IP source route printing had an "off by one" error that would 3003 affect any options that came after the route option. Patch 3004 from Theo de Raadt. 3005 The "Message is too large" error didn't successfully bounce the error 3006 back to the sender. Problem reported by Stephen More of 3007 PSI; patch from Gregory Neil Shapiro of WPI. 3008 Change SMTP status code 553 to map into Extended code 5.1.0 (instead 3009 of 5.1.3); it apparently gets used in multiple ways. 3010 Suggested by John Myers of Portola Communications. 3011 Fix possible extra null byte generated during collection if errors 3012 occur at the beginning of the stream. Patch contributed by 3013 Andrey A. Chernov and Gregory Neil Shapiro. 3014 Code changes to avoid possible reentrant call of malloc/free within 3015 a signal handler. Problem noted by John Beck of Sun 3016 Microsystems. 3017 Move map initialization to be earlier so that check_relay ruleset 3018 will have the latest version of the map data. Problem noted 3019 by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro. 3020 If there are fatal errors during the collection phase (e.g., message 3021 too large) don't send the bogus message. 3022 Avoid "cannot open xfAAA00000" messages when sending to aliases that 3023 have errors and have owner- aliases. Problem noted by Michael 3024 Barber of MTU; fix from Gregory Neil Shapiro of WPI. 3025 Avoid null pointer dereference on illegal Boundary= parameters in 3026 multipart/mixed Content-Type: header. Problem noted by 3027 Richard Muirden of RMIT University. 3028 Always print error messages during newaliases (-bi) even if the 3029 ErrorMode is not set to "print". Fix from Gregory Neil 3030 Shapiro. 3031 Test mode could core dump if you did a /map lookup in an optional map 3032 that could not be opened. Based on a fix from John Beck of 3033 Sun Microsystems. 3034 If DNS is misconfigured so that the last MX record tried points to 3035 a host that does not have an A record, but other MX records 3036 pointed to something reasonable, don't bounce the message 3037 with a "host unknown" error. Note that this should really 3038 be fixed in the zone file for the domain. Problem noted by 3039 Joe Rhett of Navigist, Inc. 3040 If a map fails (e.g., DNS times out) on all recipient addresses, mark 3041 the message as having been tried; otherwise the next queue 3042 run will not realize that this is a second attempt and will 3043 retry immediately. Problem noted by Bryan Costales of 3044 Mercury Mail. 3045 If the clock is set backwards, and a MinQueueAge is set, no jobs 3046 will be run until the later setting of the clock is reached. 3047 "Problem" (I use the term loosely) noted by Eric Hagberg of 3048 Morgan Stanley. 3049 If the load average rises above the cutoff threshold (above which 3050 sendmail will not process the queue at all) during a queue 3051 run, abort the queue run immediately. Problem noted by 3052 Bryan Costales of Mercury Mail. 3053 The variable queue processing algorithm (based on the message size, 3054 number of recipients, message precedence, and job age) was 3055 non-functional -- either the entire queue was processed or 3056 none of the queue was processed. The updated algorithm 3057 does no queue run if a single recipient zero size job will 3058 not be run. 3059 If there is a fatal ("panic") message that will cause sendmail to 3060 die immediately, never hold the error message for future 3061 printing. 3062 Force ErrorMode=print in -bt mode so that all errors are printed 3063 regardless of the setting of the ErrorMode option in the 3064 configuration file. Patch from Gregory Neil Shapiro. 3065 New compile flag HASSTRERROR says that this OS has the strerror(3) 3066 routine available in one of the libraries. Use it in conf.h. 3067 The -m (match only) flag now works on host class maps. 3068 If class hash or btree maps are rebuilt, sendmail will now detect 3069 this and reopen the map. Previously, they could give 3070 erroneous results during a single message processing 3071 (but would recover when the next message was received). 3072 Don't delete zero length queue files when doing queue runs until the 3073 files are at least ten minutes old. This avoids a potential 3074 race condition: the creator creates the qf file, getting back 3075 a file descriptor. The queue runner locks it and deletes it 3076 because it is zero length. The creator then writes the 3077 descriptor that is now for a disconnected file, and the 3078 job goes away. Based on a suggestion by Bryan Costales. 3079 When determining the "validated" host name ($_ macro), do a forward 3080 (A) DNS lookup on the result of the PTR lookup and compare 3081 results. If they differ or if the PTR lookup fails, tag the 3082 address as "may be forged". 3083 Log null connections (i.e., hosts that connect but do not do any 3084 substantive activity on the connection before disconnecting; 3085 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN. 3086 Always permit "writes" to /dev/null regardless of the link count. 3087 This is safe because /dev/null is special cased, and no open 3088 or write is ever actually attempted. Patch from Villy Kruse 3089 of TwinCom. 3090 If a message cannot be sent because of a 552 (exceeded storage 3091 allocation) response to the MAIL FROM:<>, and a SIZE= parameter 3092 was given, don't return the body in the bounce, since there 3093 is a very good chance that the message will double-bounce. 3094 Fix possible line truncation if a quoted-printable had an =00 escape 3095 in the body. Problem noted by Charles Karney of the Princeton 3096 Plasma Physics Laboratory. 3097 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses. 3098 Problem noted by Kari Hurtta of the Finnish Meteorological 3099 Institute. 3100 The MaxDaemonChildren option wasn't applying to queue runs as 3101 documented. Note that this increases the potential denial 3102 of service problems with this option: an attacker can 3103 connect many times, and thereby lock out queue runs as well 3104 as incoming connections. If you use this option, you should 3105 run the "sendmail -bd" and "sendmail -q30m" jobs separately 3106 to avoid this attack. Failure to limit noted by Matthew 3107 Dillon of BEST Internet Communications. 3108 Always give a message in newaliases if alias files cannot be 3109 opened instead of failing silently. Suggested by Gregory 3110 Neil Shapiro. This change makes the code match the O'Reilly 3111 book (2nd edition). 3112 Some older versions of the resolver could return with h_errno == -1 3113 if no name server could be reached, causing mail to bounce 3114 instead of queueing. Treat this like TRY_AGAIN. Fix from 3115 John Beck of SunSoft. 3116 If a :include: file is owned by a user that does not have an entry 3117 in the passwd file, sendmail could dereference a null pointer. 3118 Problem noted by Satish Mynam of Sun Microsystems. 3119 Take precautions to make sure that the SMTP protocol cannot get out 3120 of sync if (for example) an alias file cannot be opened. 3121 Fix a possible race condition that can cause a SIGALRM to come in 3122 immediately after a SIGHUP, causing the new sendmail to die. 3123 Avoid possible hang on SVr3 systems when doing child reaping. Patch 3124 from Villy Kruse of TwinCom. 3125 Ignore improperly formatted SMTP reply codes. Previously these were 3126 partially processed, which could cause confusing error 3127 returns. 3128 Fix possible bogus pointer dereference when doing ldapx map lookups 3129 on some architectures. 3130 Portability: 3131 A/UX: from Jim Jagielski of NASA/GSFC. 3132 glibc: SOCK_STREAM was changed from a #define to an enum, 3133 thus breaking #ifdef SOCK_STREAM. Only option seems 3134 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is 3135 defined. Problem reported by A Sun of the University 3136 of Washington. 3137 Solaris: use SIOCGIFNUM to get the number of interfaces on 3138 the system rather than guessing at compile time. 3139 Patch contributed by John Beck of Sun Microsystems. 3140 Intel Paragon: from Wendy Lin of Purdue University. 3141 GNU Hurd: from Miles Bader of the GNU project. 3142 RISC/os 4.50 from Harlan Stenn of PFCS Corporation. 3143 ISC Unix: wait never returns if SIGCLD signals are blocked. 3144 Unfortunately releasing them opens a race condition, 3145 but there appears to be no fix for this. Patch from 3146 Gregory Neil Shapiro. 3147 BIND 8.1 for IPv6 compatibility from John Kennedy. 3148 Solaris: a bug in strcasecmp caused characters with the 3149 high order bit set to apparently randomly match 3150 letters -- for example, $| (0233) matches "i" and "I". 3151 Problem noted by John Gregson of the University of 3152 Cambridge. 3153 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From 3154 Kari Hurtta. 3155 IRIX 6.x: Create Makefiles for systems that claim to be 3156 IRIX64 but are 6.2 or higher (so use the regular 3157 IRIX Makefile). 3158 IRIX 6.x: Fix load average computation on 64 bit kernels. 3159 Problem noted by Eric Hagberg of Morgan Stanley. 3160 CONFIG: Some canonification was still done for UUCP-like addresses 3161 even if FEATURE(nocanonify) was set. Problem pointed out by 3162 Brian Candler. 3163 CONFIG: In some cases UUCP mailers wouldn't properly recognize all 3164 local names as local. Problem noted by Jeff Polk of BSDI; 3165 fix provided by Gregory Neil Shapiro. 3166 CONFIG: The "local:user" syntax entries in mailertables and other 3167 "mailer:user" syntax locations returned an incorrect value 3168 for the $h macro. Problem noted by Gregory Neil Shapiro. 3169 CONFIG: Retain "+detail" information when forwarding mail to a 3170 MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip 3171 Guenther of Gustavus Adolphus College. 3172 CONFIG: Make sure user+detail works for FEATURE(virtusertable); 3173 rules are the same as for aliasing. Based on a patch from 3174 Gregory Neil Shapiro. 3175 CONFIG: Break up parsing rules into several pieces; this should 3176 have no functional change in this release, but makes it 3177 possible to have better anti-spam rulesets in the future. 3178 CONFIG: Disallow double dots in host names to avoid having the 3179 HostStatusDirectory store status under the wrong name. 3180 In some cases this can be used as a denial-of-service attack. 3181 Problem noted by Ron Jarrell of Virginia Tech, patch from 3182 Gregory Neil Shapiro. 3183 CONFIG: Don't use F=m (multiple recipients per invocation) for 3184 MAILER(procmail), but do pass F=Pn9 (include Return-Path:, 3185 don't include From_, and convert to 8-bit). Suggestions 3186 from Kimmo Suominen and Roderick Schertler. 3187 CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were 3188 being masqueraded as though FEATURE(masquerade_entire_domain) 3189 was specified, even when it wasn't. 3190 MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft. 3191 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't 3192 "slip in" a symbolic link between the lstat(2) call and the 3193 exclusive open. This is only a problem on System V derived 3194 systems that allow an exclusive create on files that are 3195 symbolic links pointing nowhere. 3196 MAIL.LOCAL: If the final mailbox close() failed, the user id was 3197 not reset back to root, which on some systems would cause 3198 later mailboxes to fail. Also, any partial message would 3199 not be truncated, which could result in repeated deliveries. 3200 Problem noted by Bruce Evans via Peter Wemm (FreeBSD 3201 developers). 3202 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar 3203 change to the sendmail map code was made in 8.8.3. Problem 3204 noted by Gregory Neil Shapiro. 3205 MAKEMAP: Give warnings on file problems such as map files that are 3206 symbolic links; although makemap is not setuid root, it is 3207 often run as root and hence has the potential for the same 3208 sorts of problems as alias rebuilds. 3209 MAKEMAP: Change compilation so that it will link properly on 3210 NEXTSTEP. 3211 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. 3212 Accept an optional list of arguments following the server 3213 name for the ETRN arguments to use (instead of $=w). Other 3214 miscellaneous bug fixes. From Christian von Roques via 3215 John Beck of Sun Microsystems. 3216 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This 3217 Perl script converts GECOS information in the /etc/passwd 3218 file into aliases, allowing for faster access to full name 3219 lookups; it is also clever about adding aliases (to root) 3220 for system accounts. 3221 NEW FILES: 3222 src/safefile.c 3223 cf/ostype/gnuhurd.m4 3224 cf/ostype/irix6.m4 3225 contrib/passwd-to-alias.pl 3226 src/Makefiles/Makefile.IRIX64.6.1 3227 src/Makefiles/Makefile.IRIX64.6.x 3228 RENAMED FILES: 3229 src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x 3230 src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0 3231 32328.8.5/8.8.5 1997/01/21 3233 SECURITY: Clear out group list during startup. Without this, sendmail 3234 will continue to run with the group permissions of the caller, 3235 even if RunAsUser is specified. 3236 SECURITY: Make purgestat (-bH) be root-only. This is not in response 3237 to any known attack, but it's best to be conservative. 3238 Suggested by Peter Wemm of DIALix. 3239 SECURITY: Fix buffer overrun problem in MIME code that has possible 3240 security implications. Patch from Alex Garthwaite of the 3241 University of Pennsylvania. 3242 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'") 3243 would truncate the address after "Full". Although the -f 3244 syntax is incorrect (since it is in the envelope, it 3245 shouldn't have comments and full names), the failure mode 3246 was unnecessarily awful. 3247 Fix a possible null pointer dereference when converting 8-bit data 3248 to a 7-bit format. Problem noted by Jim Hutchins of 3249 Sandia National Labs and David James of British Telecom. 3250 Clear out stale state that affected F=9 on SMTP mailers in queue 3251 runs. Although this really shouldn't be used (F=9 is for 3252 final delivery only, and using it on an SMTP mailer makes 3253 it possible for a message to be converted from 8->7->8->7 3254 bits several times), it shouldn't have failed with a syserr. 3255 Problem noted by Eric Hagberg of Morgan Stanley. 3256 _Really_ fix the multiple :maildrop code in the user database 3257 module. Patch from Roy Mongiovi of Georgia Tech. 3258 Let F lines in the configuration file actually read root-only 3259 files if the configuration file is safe. Based on a 3260 patch from Keith Reynolds of SCO. 3261 ETRN followed by QUIT would hold the connection open until the queue 3262 run completed. Problem noted by Truck Lewis of TDK 3263 Semiconductor Corp. 3264 It turns out that despite the documentation, the TCP wrappers library 3265 does _not_ log rejected connections. Do the logging ourselves. 3266 Problem noted by Fletcher Mattox of the University of Texas 3267 at Austin. 3268 If sendmail finds a qf file in its queue directory that is an unknown 3269 version (e.g., when backing out to an old version), the 3270 error is reported on every queue run. Change it to only 3271 give the error once (and rename the qf => Qf). Patch from 3272 William A. Gianopoulos of Raytheon Company. 3273 Start a new session when doing background delivery; currently it 3274 ignored signals but didn't start a new signal, that caused 3275 some problems if a background process tried to send mail 3276 under certain circumstances. Problem noted by Eric Hagberg 3277 of Morgan Stanley; fix from Kari Hurtta. 3278 Simplify test for skipping a queue run to just check if the current 3279 load average is >= the queueing load average. Previously 3280 the check factored in some other parameters that caused it 3281 to essentially never skip the queue run. Patch from Bryan 3282 Costales. 3283 If the SMTP server is running in "nullserver" mode (that is, it is 3284 rejecting all commands), start sleeping after MAXBADCOMMAND 3285 (25) commands; this helps prevent a bad guy from putting 3286 you into a tight loop as a denial-of-service attack. Based 3287 on an e-mail conversation with Brad Knowles of AOL. 3288 Slow down when too many "light weight" commands have been issued; 3289 this helps prevent a class of denial-of-service attacks. 3290 The current values and defaults are: 3291 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 3292 MAXHELOCOMMANDS 3 HELO, EHLO 3293 MAXVRFYCOMMANDS 6 VRFY, EXPN 3294 MAXETRNCOMMANDS 8 ETRN 3295 These will probably be configurable in a future release. 3296 On systems that have uid_t typedefed to be an unsigned short, programs 3297 that had the F=S flag and no U= equate would be invoked with 3298 the real uid set to 65535 rather than being left unchanged. 3299 In some cases, NOTIFY=NEVER was not being honored. Problem noted 3300 by Steve Hubert of the University of Washington, Seattle. 3301 Mail that was Quoted-Printable encoded and had a soft line break on 3302 the last line (i.e., an incomplete continuation) had the last 3303 line dropped. Since this appears to be illegal it isn't 3304 clear what to do with it, but flushing the last line seems 3305 to be a better "fail soft" approach. Based on a patch from 3306 Eric Hagberg. 3307 If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a 3308 bogus HELO command still causes the "Polite people say HELO 3309 first" error message. Problem pointed out by Chris Thomas 3310 of UCLA; patch from John Beck of SunSoft. 3311 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set 3312 in PrivacyOptions. The -q shouldn't turn this command off. 3313 Problem noted by Murray Kucherawy of Pacific Bell Internet; 3314 based on a patch from Gregory Neil Shapiro of WPI. 3315 Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation) 3316 in a DATA transaction to be sticky; these can occur because 3317 a message is too large, and smaller messages should still go 3318 through. Problem noted by Matt Dillon of Best Internet 3319 Communications. 3320 In some cases bounces were saved in /var/tmp/dead.letter even if they 3321 had been successfully delivered to the envelope sender. 3322 Problem noted Eric Hagberg of Morgan Stanley; solution from 3323 Gregory Neil Shapiro of WPI. 3324 Give better diagnostics on long alias lines. Based on code contributed 3325 by Patrick Gosling of the University of Cambridge. 3326 Increase the number of virtual interfaces that will be probed for 3327 alternate names. Problem noted by Amy Rich of Shore.Net. 3328 PORTABILITY: 3329 UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from 3330 Toshiaki Nomura of Fujitsu Limited. 3331 SunOS with LDAP support: compile problems with struct timeval. 3332 Patch from Nick Cuccia of TCSI Corporation. 3333 SCO: from Keith Reynolds of SCO. 3334 Solaris: kstat load average computation wasn't being used. 3335 Fixes from Michael Ju. Tokarev of Telecom Service, JSC 3336 (Moscow). 3337 OpenBSD: from Jason Downs of teeny.org. 3338 Altos System V: from Tim Rice. 3339 Solaris 2.5: from Alan Perry of SunSoft. 3340 Solaris 2.6: from John Beck of SunSoft. 3341 Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli 3342 of Pratt & Whitney <miorelli@pweh.com>. 3343 CONFIG: It seems that I hadn't gotten the Received: line syntax 3344 _just_right_ yet. Tweak it again. I'll omit the names 3345 of the "contributors" (quantity two) in this one case. 3346 As of now, NO MORE DISCUSSION about the syntax of the 3347 Received: line. 3348 CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E), 3349 it never inserts that class into the output file. Fix it 3350 so it will honor EXPOSED_USER but will _not_ include root 3351 automatically in this class. Problem noted by Ronan KERYELL 3352 of Centre de Recherche en Informatique de l'�cole Nationale 3353 Sup�rieure des Mines de Paris (CRI-ENSMP). 3354 CONFIG: Clean up handling of "local:" syntax in relay specifications 3355 such as LUSER_RELAY. This change permits the following 3356 syntaxes: ``local:'' will send to the same user on the 3357 local machine (e.g., in a mailertable entry for "host", 3358 ``local:'' will cause an address addressed to user@host to 3359 go to user on the local machone). ``local:user'' will send 3360 to the named user on the local machine. ``local:user@host'' 3361 is equivalent to ``local:user'' (the host is ignored). In 3362 all cases, the original user@host is passed in $@ (i.e., the 3363 detail information). Inspired by a report from Michael Fuhr. 3364 CONFIG: Strip quotes from the first word of an "error:" host 3365 indication. This lets you set (for example) the LUSER_RELAY 3366 to be ``error:\"5.1.1\" Your Message Here''. Note the use 3367 of the \" so that the resulting string is properly quoted. 3368 Problem noted by Gregory Neil Shapiro of WPI. 3369 OP.ME: documentation was inconsistent about whether sendmail did a 3370 NOOP or a RSET to probe the connection (it does a RSET). 3371 Inconsistency noted by Deeran Peethamparam. 3372 OP.ME: insert additional blank pages so it will print properly on 3373 a duplex printer. From Matthew Black of Cal State University, 3374 Long Beach. 3375 33768.8.4/8.8.4 1996/12/02 3377 SECURITY: under some circumstances, an attacker could get additional 3378 permissions by hard linking to files that were group 3379 writable by the attacker. The solution is to disallow any 3380 files that have hard links -- this will affect .forward, 3381 :include:, and output files. Problem noted by Terry 3382 Kyriacopoulos of Interlog Internet Services. As a 3383 workaround, set UnsafeGroupWrites -- always a good idea. 3384 SECURITY: the TryNullMXList (w) option should not be safe -- if it 3385 is, it is possible to do a denial-of-service attack on 3386 MX hosts that rely on the use of the null MX list. There 3387 is no danger if you have this option turned off (the default). 3388 Problem noted by Dan Bernstein. Also, make the DontInitGroups 3389 unsafe. I know of no specific attack against this, although 3390 a denial-of-service attack is probably possible, but in theory 3391 you should not be able to safely tweak anything that affects 3392 the permissions that are used when mail is delivered. 3393 Purgestat could go into an infinite loop if one of the host status 3394 directories somehow became empty. Problem noted by Roy 3395 Mongiovi of Georgia Tech. 3396 Processes got "lost" when counting children due to a race condition. 3397 This caused "proc_list_probe: lost pid" messages to be logged. 3398 Problem noted by several people. 3399 On systems with System V SIGCLD child signal semantics (notably AIX 3400 and HP-UX), mail transactions would print the message "451 3401 SMTP-MAIL: lost child: No child processes". Problem noted 3402 by several people. 3403 Miscellaneous compiler warnings on picky compilers (or when setting 3404 gcc to high warning levels). From Tom Moore of NCR Corp. 3405 SMTP protocol errors, and most errors on MAIL FROM: lines should 3406 not be persistent between runs, since they are based on the 3407 message rather than the host. Problem noted by Matt Dillon 3408 of Best Internet Communications. 3409 The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore 3410 of NCR (a.k.a., AT&T Global Information Solutions). 3411 Avoid the possibility of having a child daemon run to completion 3412 (including closing the SMTP socket) before the parent has 3413 had a chance to close the socket; this can cause the parent 3414 to hang for a long time waiting for the socket to drain. 3415 Patch from Don Lewis of TDK Semiconductor. 3416 If the fork() failed in a queue run, the queue runners would not be 3417 rescheduled (so queue runs would stop). Patch from Don Lewis. 3418 Some error conditions in ETRN could cause output without an SMTP 3419 status code. Problem noted by Don Lewis. 3420 Multiple :maildrop addresses in the user database didn't work properly. 3421 Patch from Roy Mongiovi of Georgia Tech. 3422 Add ".db" automatically onto any user database spec that does not 3423 already have it; this is for consistency with makemap, the 3424 K line, and the documentation. Inconsistency pointed out 3425 by Roy Mongiovi. 3426 Allow sendmail to be properly called in nohup mode. Patch from 3427 Kyle Jones of UUNET. 3428 Change ETRN to ignore but still update host status files; previously 3429 it would ignore them and not save the updated status, which 3430 caused stale information to be maintained. Based on a patch 3431 from Christopher Davis of Kapor Enterprises Inc. Also, have 3432 ETRN ignore the MinQueueAge option. 3433 Patch long term host status to recover more gracefully from an empty 3434 host status file condition. Patch from NAKAMURA Motonori 3435 of Kyoto University. 3436 Several patches to signal handling code to fix potential race 3437 conditions from Don Lewis. 3438 Make it possible to compile with -DDAEMON=0 (previously it had some 3439 compile errors). This turns DAEMON, QUEUE, and SMTP into 3440 0/1 compilation flags. Note that DAEMON is an obsolete 3441 compile flag; use NETINET instead. Solution based on a 3442 patch from Bryan Costales. 3443 PORTABILITY FIXES: 3444 AIX4: getpwnam() and getpwuid() do a sequential scan of the 3445 /etc/security/passwd file when called as root. This 3446 is very slow on some systems. To speed it up, use the 3447 (undocumented) _getpw{nam,uid}_shadow() routines. 3448 Patch from Chris Thomas of UCLA/OAC Systems Group. 3449 SCO 5.x: include -lprot in the Makefile. Patch from Bill 3450 Glicker of Burrelle's Information Service. 3451 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch 3452 from Makoto MATSUSHITA of Osaka University. 3453 SunOS 4.0.3: compile problems. Patches from Andrew Cole of 3454 Leeds University and SASABE Tetsuro of the University 3455 of Tokyo. 3456 DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support 3457 Services, Inc. 3458 Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp. 3459 I believe this to have only been a problem if you 3460 compiled with -DUSE_VENDOR_CF_PATH -- another reason 3461 to stick with /etc/sendmail.cf as your One True Path. 3462 Digital UNIX (OSF/1 on Alpha) load average computation from 3463 Martin Laubach of the Technischen Universit�t Wien. 3464 CONFIG: change default Received: line to be multiple lines rather 3465 than one long one. By popular demand. 3466 MAIL.LOCAL: warnings weren't being logged on some systems. Patch 3467 from Jerome Berkman of U.C. Berkeley. 3468 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs 3469 to take a very long time. Problem noted by Yoshiro YONEYA 3470 of NTT Software Corporation. 3471 CONTRIB: add etrn.pl, contributed by John Beck. 3472 NEW FILES: 3473 contrib/etrn.pl 3474 34758.8.3/8.8.3 1996/11/17 3476 SECURITY: it was possible to get a root shell by lying to sendmail 3477 about argv[0] and then sending it a signal. Problem noted 3478 by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the 3479 best-of-security list. 3480 Log sendmail binary version number in "Warning: .cf version level 3481 (%d) exceeds program functionality (%d) message" -- this 3482 should make it clearer to people that they are running 3483 the wrong binary. 3484 Fix a problem that occurs when you open an SMTP connection and then 3485 do one or more ETRN commands followed by a MAIL command; at 3486 the end of the DATA phase sendmail would incorrectly report 3487 "451 SMTP-MAIL: lost child: No child processes". Problem 3488 noted by Eric Bishop of Virginia Tech. 3489 When doing text-based host canonification (typically /etc/hosts 3490 lookup), a null host name would match any /etc/hosts entry 3491 with space at the end of the line. Problem noted by Steve 3492 Hubert of the University of Washington, Seattle. 3493 7 to 8 bit BASE64 MIME conversions could duplicate bits of text. 3494 Problem reported by Tom Smith of Digital Equipment Corp. 3495 Increase the size of the DNS answer buffer -- the standard UDP packet 3496 size PACKETSZ (512) is not sufficient for some nameserver 3497 answers containing very many resource records. The resolver 3498 may also switch to TCP and retry if it detects UDP packet 3499 overflow. Also, allow for the fact that the resolver 3500 routines res_query and res_search return the size of the 3501 *un*truncated answer in case the supplied answer buffer it 3502 not big enough to accommodate the entire answer. Patch from 3503 Eric Wassenaar. 3504 Improvements to MaxDaemonChildren code. If you think you have too 3505 many children, probe the ones you have to verify that they 3506 are still around. Suggested by Jared Mauch of CICnet, Inc. 3507 Also, do this probe before growing the vector of children 3508 pids; this previously caused the vector to grow indefinitely 3509 due to a race condition. Problem reported by Kyle Jones of 3510 UUNET. 3511 On some architectures, <db.h> (from the Berkeley DB library) defines 3512 O_EXLOCK to zero; this fools the map compilation code into 3513 thinking that it can avoid race conditions by locking on open. 3514 Change it to check for O_EXLOCK non-zero. Problem noted by 3515 Leif Erlingsson of Data Lege. 3516 Always call res_init() on startup (if compiled in, of course) to 3517 allow the sendmail.cf file to tweak resolver flags; without 3518 it, flag tweaks in ResolverOptions are ignored. Patch from 3519 Andrew Sun of Merrill Lynch. 3520 Improvements to host status printing code. Suggested by Steve Hubert 3521 of the University of Washington, Seattle. 3522 Change MinQueueAge option processing to do the check for the job age 3523 when reading the queue file, rather than at the end; this 3524 avoids parsing the addresses, which can do DNS lookups. 3525 Problem noted by John Beck of InReference, Inc. 3526 When MIME was being 7->8 bit decoded, "From " lines weren't being 3527 properly escaped. Problem noted by Peter Nilsson of the 3528 University of Linkoping. 3529 In some cases, sendmail would retain root permissions during queue 3530 runs even if RunAsUser was set. Problem noted by Mark 3531 Thomas of Mark G. Thomas Consulting. 3532 If the F=l flag was set on an SMTP mailer to indicate that it is 3533 actually local delivery, and NOTIFY=SUCCESS is specified in 3534 the envelope, and the receiving SMTP server speaks DSN, then 3535 the DSN would be both generated locally and propagated to the 3536 other end. 3537 The U= mailer field didn't correctly extract the group id if the 3538 user id was numeric. Problem noted by Kenneth Herron of 3539 MCI Telecommunications Communications. 3540 If a message exceeded the fixed maximum size on input, the body of 3541 the message was included in the bounce. Note that this did 3542 not occur if it exceeded the maximum _output_ size. Problem 3543 reported by Kyle Jones of UUNET. 3544 PORTABILITY FIXES: 3545 AIX4: 4.1 doesn't have a working setreuid(2); change the 3546 AIX4 defines to use seteuid(2) instead, which 3547 works on 4.1 as well as 4.2. Problem noted by 3548 H�kan Lindholm of interAF, Sweden. 3549 AIX4: use tzname[] vector to determine time zone name. 3550 Patch from NAKAMURA Motonori of Kyoto University. 3551 MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support. 3552 Contributed by Paul DuBois <dubois@primate.wisc.edu>. 3553 Solaris: kstat(3k) support for retrieving the load average. 3554 This adds the LA_KSTAT definition for LA_TYPE. 3555 The outline of the implementation was contributed 3556 by Michael Tokarev of Telecom Service, JSC, Moscow. 3557 HP-UX 10.0 gripes about the (perfectly legal!) forward 3558 declaration of struct rusage at the top of conf.h; 3559 change it to only be included if you are using gcc, 3560 which is apparently the only compiler that requires 3561 it in the first place. Problem noted by Jeff 3562 Earickson of Colby College. 3563 IRIX: don't default to using gcc. IRIX is a civilized 3564 operating system that comes with a decent compiler 3565 by default. Problem noted by Barry Bouwsma and 3566 Kari Hurtta. 3567 CONFIG: specify F=9 as default in FEATURE(local_procmail) for 3568 consistency with other local mailers. Inconsistency 3569 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>. 3570 CONFIG: if the "limited best mx" feature is used (to reduce DNS 3571 overhead) as part of the bestmx_is_local feature, the 3572 domain part was dropped from the name. Patch from Steve 3573 Hubert of the University of Washington, Seattle. 3574 CONFIG: catch addresses of the form "user@.dom.ain"; these could 3575 end up being translated to the null host name, which would 3576 return any entry in /etc/hosts that had a space at the end 3577 of the line. Problem noted by Steve Hubert of the 3578 University of Washington, Seattle. 3579 CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer 3580 Polytechnic Institute. 3581 MAKEMAP: tweak hash and btree parameters for better performance. 3582 Patch from Matt Dillon of Best Internet Communications. 3583 NEW FILES: 3584 src/Makefiles/Makefile.Linux.ppc 3585 cf/ostype/aix4.m4 3586 cf/ostype/mklinux.m4 3587 35888.8.2/8.8.2 1996/10/18 3589 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch 3590 changed the code but didn't fix the problem. 3591 PORTABILITY FIXES: 3592 Solaris: Don't use the system getusershell(3); it can 3593 apparently corrupt the heap in some circumstances. 3594 Problem found by Ken Pizzini of Spry, Inc. 3595 OP.ME: document several mailer flags that were accidentally omitted 3596 from this document. These flags were F=d, F=j, F=R, and F=9. 3597 CONFIG: no changes. 3598 35998.8.1/8.8.1 1996/10/17 3600 SECURITY: unset all environment variables that the resolver will 3601 examine during queue runs and daemon mode. Problem noted 3602 by Dan Bernstein of the University of Illinois at Chicago. 3603 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain 3604 message could overflow a buffer if it was converted back 3605 to 8 bits. This caused core dumps and has the potential 3606 for a remote attack. Problem first noted by Gregory Shapiro 3607 of WPI. 3608 Avoid duplicate deliveries of error messages on systems that don't 3609 have flock(2) support. Patch from Motonori Nakamura of 3610 Kyoto University. 3611 Ignore null FallBackMX (V) options. If this option is null (as 3612 opposed to undefined) it can cause "null signature" syserrs 3613 on illegal host names. 3614 If a Base64 encoded text/plain message has no trailing newline in 3615 the encoded text, conversion back to 8 bits will drop the 3616 final line. Problem noted by Pierre David. 3617 If running with a RunAsUser, sendmail would give bogus "cannot 3618 setuid" (or seteuid, or setreuid) messages on some systems. 3619 Problem pointed out by Jordan Mendelson of Web Services, Inc. 3620 Always print error messages in -bv mode -- previously, -bv would 3621 be absolutely silent on errors if the error mode was sent 3622 to (say) mail-back. Problem noted by Kyle Jones of UUNET. 3623 If -qI/R/S is set (or the ETRN command is used), ignore all long 3624 term host status. This is necessary because it is common 3625 to do this when you know a host has just come back up. 3626 Disallow duplicate HELO/EHLO commands as required by RFC 1651 section 3627 4.2. Excessive permissiveness noted by Lee Flight of the 3628 University of Leicester. 3629 If a service (such as NIS) is specified as the last entry in the 3630 service switch, but that service is not compiled in, sendmail 3631 would return a temporary failure when an entry was not found 3632 in the map. This caused the message to be queued instead of 3633 bouncing immediately. Problem noted by Harry Edmon of the 3634 University of Washington. 3635 PORTABILITY FIXES: 3636 Solaris 2.3 had compilation problems in conf.c. Several 3637 people pointed this out. 3638 NetBSD from Charles Hannum of MIT. 3639 AIX4 improvements based on info from Steve Bauer of South 3640 Dakota School of Mines & Technology. 3641 CONFIG: ``error:code message'' syntax was broken in virtusertable. 3642 Patch from Gil Kloepfer Jr. 3643 CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set 3644 using MASQUERADE_DOMAIN) were not masqueraded unless they 3645 were also in $=w. Problem noted by Zoltan Basti of 3646 Softec. 3647 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based 3648 on a patch from Eric Hagberg of Morgan Stanley. 3649 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan 3650 of Stanford via Robert La Ferla. 3651 36528.8.0/8.8.0 1996/09/26 3653 Under some circumstances, Bcc: headers would not be properly 3654 deleted. Pointed out by Jonathan Kamens of OpenVision. 3655 Log a warning if the sendmail daemon is invoked without a full 3656 pathname, which prevents "kill -1" from working. I was 3657 urged to put this in by Andrey A. Chernov of DEMOS (Russia). 3658 Fix small buffer overflow. Since the data in this buffer was not 3659 read externally, there was no security problem (and in fact 3660 probably wouldn't really overflow on most compilers). Pointed 3661 out by KIZU takashi of Osaka University. 3662 Fix problem causing domain literals such as [1.2.3.4] to be ignored 3663 if a FallbackMXHost was specified in the configuration file 3664 -- all mail would be sent to the fallback even if the original 3665 host was accessible. Pointed out by Munenari Hirayama of 3666 NSC (Japan). 3667 A message that didn't terminate with a newline would (sometimes) not 3668 have the trailing "." added properly in the SMTP dialogue, 3669 causing SMTP to hang. Patch from Per Hedeland of Ericsson. 3670 The DaemonPortOptions suboption to bind to a particular address was 3671 incorrect and nonfunctional due to a misunderstanding of the 3672 semantics of binding on a passive socket. Patch from 3673 NIIBE Yutaka of Mitsubishi Research Institute. 3674 Increase the number of MX hosts for a single name to 100 to better 3675 handle the truly huge service providers such as AOL, which 3676 has 13 at the moment (and climbing). In order to avoid 3677 trashing memory, the buffer for all names has only been 3678 slightly increased in size, to 12.8K from 10.2K -- this means 3679 that if a single name had 100 MX records, the average size 3680 of those records could not exceed 128 bytes. Requested by 3681 Brad Knowles of America On Line. 3682 Restore use of IDENT returns where the OSTYPE field equals "OTHER". 3683 Urged by Dan Bernstein of U.C. Berkeley. 3684 Print q_statdate and q_specificity in address structure debugging 3685 printout. 3686 Expand MCI structure flag bits for debugging output. 3687 Support IPv6-style domain literals, which can have colons between 3688 square braces. 3689 Log open file descriptors for the "cannot dup" messages in deliver(); 3690 this is an attempt to track down a bug that one person seems 3691 to be having (it may be a Solaris bug!). 3692 DSN NOTIFY parameters were not properly propagated across queue runs; 3693 this caused the NOTIFY info to sometimes be lost. Problem 3694 pointed out by Claus Assmann of the 3695 Christian-Albrechts-University of Kiel. 3696 The statistics gathered in the sendmail.st file were too high; in 3697 some cases failures (e.g., user unknown or temporary failure) 3698 would count as a delivery as far as the statistics were 3699 concerned. Problem noted by Tom Moore of AT&T GIS. 3700 Systems that don't have flock() would not send split envelopes in 3701 the initial run. Problem pointed out by Leonard Zubkoff of 3702 Dandelion Digital. 3703 Move buffer overflow checking -- these primarily involve distrusting 3704 results that may come from NIS and DNS. 3705 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't 3706 include <paths.h> and hence had the wrong pathnames for a few 3707 things like /var/tmp. Reported by Matthew Green. 3708 Conditions were reversed for the Priority: header, resulting in all 3709 values being interpreted as non-urgent except for non-urgent, 3710 which was interpreted as normal. Patch from Bryan Costales. 3711 The -o (optional) flag was being ignored on hash and btree maps 3712 since 8.7.2. Fix from Bryan Costales. 3713 Content-Types listed in class "q" will always be encoded as 3714 Quoted-Printable (or more accurately, will never be encoded 3715 as base64). The class can have primary types (e.g., "text") 3716 or full types (e.g., "text/plain"). Based on a suggestion by 3717 Marius Olafsson of the University of Iceland. 3718 Define ${envid} to be the original envelope id (from the ESMTP DSN 3719 dialogue) so it can be passed to programs in mailers. 3720 Define ${bodytype} to be the body type (from the -B flag or the 3721 BODY= ESMTP parameter) so it can be passed to programs in 3722 mailers. 3723 Cause the VRFY command to return 252 instead of 250 unless the F=q 3724 flag is set in the mailer descriptor. Suggested by John 3725 Myers of CMU. 3726 Implement ESMTP ETRN command to flush the queue for a specific host. 3727 The command takes a host name; data for that host is 3728 immediately (and asynchronously) flushed. Because this shares 3729 the -qR implementation, other hosts may be attempted, but 3730 there should be no security implications. Implementation 3731 from John Beck of InReference, Inc. See RFC 1985 for details. 3732 Add three new command line flags to pass in DSN parameters: -V envid 3733 (equivalent to ENVID=envid on the MAIL command), -R ret 3734 (equivalent to RET=ret on the MAIL command), and -Nnotify 3735 (equivalent to NOTIFY=notify on the RCPT command). Note 3736 that the -N flag applies to all recipients; there is no way 3737 to specify per-address notifications on the command line, 3738 nor is there an equivalent for the ORCPT= per-address 3739 parameter. 3740 Restore LogLevel option to be safe (it can only be increased); 3741 apparently I went into paranoid mode between 8.6 and 8.7 3742 and made it unsafe. Pointed out by Dabe Murphy of the 3743 University of Maryland. 3744 New logging on log level 15: all SMTP traffic. Patches from 3745 Andrew Gross of San Diego Supercomputer Center. 3746 NetInfo property value searching code wasn't stopping when it found 3747 a match. This was causing the wrong values to be found (and 3748 had a memory leak). Found by Bastian Schleuter of TU-Berlin. 3749 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed 3750 out by Bill Wisner of Electronics for Imaging that you can't 3751 use the bracket address form for the MAIL_HUB macro, since 3752 that causes the brackets to remain in the envelope recipient 3753 address used for delivery. The simple fix (stripping off the 3754 brackets in the config file) breaks the use of IP literal 3755 addresses. This flag will solve that problem. 3756 Add MustQuoteChars option. This is a list of characters that must 3757 be quoted if they are found in the phrase part of an address 3758 (that is, the full name part). The characters @,;:\()[] are 3759 always in this list and cannot be removed. The default is 3760 this list plus . and ' to match RFC 822. 3761 Add AllowBogusHELO option; if set, sendmail will allow HELO commands 3762 that do not include a host name for back compatibility with 3763 some stupid SMTP clients. Setting this violates RFC 1123 3764 section 5.2.5. 3765 Add MaxDaemonChildren option; if this is set, sendmail will start 3766 rejecting connections if it has more than this many 3767 outstanding children accepting mail. Note that you may 3768 see more processes than this because of outgoing mail; this 3769 is for incoming connections only. 3770 Add ConnectionRateThrottle option. If set to a positive value, the 3771 number of incoming SMTP connections that will be permitted 3772 in a single second is limited to this number. Connections are 3773 not refused during this time, just deferred. The intent is to 3774 flatten out demand so that load average limiting can kick in. 3775 It is less radical than MaxDaemonChildren, which will stop 3776 accepting connections even if all the connections are idle 3777 (e.g., due to connection caching). 3778 Add Timeout.hoststatus option. This interval (defaulting to 30m) 3779 specifies how long cached information about the state of a 3780 host will be kept before they are considered stale and the 3781 host is retried. If you are using persistent host status 3782 (i.e., the HostStatusDirectory option is set) this will apply 3783 between runs; otherwise, it applies only within a single queue 3784 run and hence is useful only for hosts that have large queues 3785 that take a very long time to run. 3786 Add SingleLineFromHeader option. If set, From: headers are coerced 3787 into being a single line even if they had newlines in them 3788 when read. This is to get around a botch in Lotus Notes. 3789 Text class maps were totally broken -- if you ever retrieved the last 3790 item in a table it would be truncated. Problem noted by 3791 Gregory Neil Shapiro of WPI. 3792 Extend the lines printed by the mailq command (== the -bp flag) when 3793 -v is given to 120 characters; this allows more information 3794 to be displayed. Suggested by Gregory Neil Shapiro of WPI. 3795 Allow macro definitions (`D' lines) with unquoted commas; previously 3796 this was treated as end-of-input. Problem noted by Bryan 3797 Costales. 3798 The RET= envelope parameter (used for DSNs) wasn't properly written 3799 to the queue file. Fix from John Hughes of Atlantic 3800 Technologies, Inc. 3801 Close /var/tmp/dead.letter after a successful write -- otherwise 3802 if this happens in a queue run it can cause nasty delays. 3803 Problem noted by Mark Horton of AT&T. 3804 If userdb entries pointed to userdb entries, and there were multiple 3805 values for a given key, the database cursor would get 3806 trashed by the recursive call. Problem noted by Roy Mongiovi 3807 of Georgia Tech. Fixed by reading all the values and creating 3808 a comma-separated list; thus, the -v output will be somewhat 3809 different for this case. 3810 Fix buffer allocation problem with Hesiod-based userdb maps when 3811 HES_GETMAILHOST is defined. Based on a patch by Betty Lee 3812 of Stanford University. 3813 When envelopes were split due to aliases with owner- aliases, and 3814 there was some error on one of the lists, more than one of 3815 the owners would get the message. Problem pointed out by 3816 Roy Mongiovi of Georgia Tech. 3817 Detect excessive recursion in macro expansions, e.g., $X defined 3818 in terms of $Y which is defined in terms of $X. Problem 3819 noted by Bryan Costales; patch from Eric Wassenaar. 3820 When using F=U to get "ugly UUCP" From_ lines, a buffer could in 3821 some cases get trashed causing bogus From_ lines. Fix from 3822 Kyle Jones of UUNET. 3823 When doing load average initialization, if the nlist call for avenrun 3824 failed, the second and subsequent lookups wouldn't notice 3825 that fact causing bogus load averages to be returned. Noted 3826 by Casper Dik of Sun Holland. 3827 Fix problem with incompatibility with some versions of inet_aton that 3828 have changed the return value to unsigned, so a check for an 3829 error return of -1 doesn't work. Use INADDR_NONE instead. 3830 This could cause mail to addresses such as [foo.com] to bounce 3831 or get dropped. Problem noted by Christophe Wolfhugel of the 3832 Pasteur Institute. 3833 DSNs were inconsistent if a failure occurred during the DATA phase 3834 rather than the RCPT phase: the Action: would be correct, but 3835 the detailed status information would be wrong. Problem noted 3836 by Bob Snyder of General Electric Company. 3837 Add -U command line flag and the XUSR ESMTP extension, both indicating 3838 that this is the initial MUA->MTA submission. The flag current 3839 does nothing, but in future releases (when MUAs start using 3840 these flags) it will probably turn on things like DNS 3841 canonification. 3842 Default end-of-line string (E= specification on mailer [M] lines) 3843 to \r\n on SMTP mailers. Default remains \n on non-SMTP 3844 mailers. 3845 Change the internal definition for the *file* and *include* mailers 3846 to have $u in the argument vectors so that they aren't 3847 misinterpreted as SMTP mailers and thus use \r\n line 3848 termination. This will affect anyone who has redefined 3849 either of these in their configuration file. 3850 Don't assume that IDENT servers close the connection after a query; 3851 responses can be newline terminated. From Terry Kennedy of 3852 St. Peter's College. 3853 Avoid core dumps on erroneous configuration files that have 3854 $#mailer with nothing following. From Bryan Costales. 3855 Avoid null pointer dereference with high debug values in unlockqueue. 3856 Fix from Randy Martin of Clemson University. 3857 Fix possible buffer overrun when expanding very large macros. Fix 3858 from Kyle Jones of UUNET. 3859 After 25 EXPN or VRFY commands, start pausing for a second before 3860 processing each one. This avoids a certain form of denial 3861 of service attack. Potential attack pointed out by Bryan 3862 Costales. 3863 Allow new named (not numbered!) config file rules to do validity 3864 checking on SMTP arguments: check_mail for MAIL commands and 3865 check_rcpt for RCPT commands. These rulesets can do anything 3866 they want; their result is ignored unless they resolve to the 3867 $#error mailer, in which case the indicated message is printed 3868 and the command is rejected. Similarly, the check_compat 3869 ruleset is called before delivery with "from_addr $| to_addr" 3870 (the $| is a meta-symbol used to separate the two addresses); 3871 it can give a "this sender can't send to this recipient" 3872 notification. Note that this patch allows $| to stand alone 3873 in rulesets. 3874 Define new macros ${client_name}, ${client_addr}, and ${client_port} 3875 that have the name, IP address, and port number (respectively) 3876 of the SMTP client (that is, the entity at the other end of 3877 the connection. These can be used in (e.g.) check_rcpt to 3878 verify that someone isn't trying to relay mail through your 3879 host inappropriately. Be sure to use the deferred evaluation 3880 form, for example $&{client_name}, to avoid having these bound 3881 when sendmail reads the configuration file. 3882 Add new config file rule check_relay to check the incoming connection 3883 information. Like check_compat, it is passed the host name 3884 and host address separated by $| and can reject connections 3885 on that basis. 3886 Allow IDA-style recursive function calls. Code contributed by Mark 3887 Lovell and Paul Vixie. 3888 Eliminate the "No ! in UUCP From address!" message" -- instead, create 3889 a virtual UUCP address using either a domain address or the $k 3890 macro. Based on code contributed by Mark Lovell and Paul 3891 Vixie. 3892 Add Stanford LDAP map. Requires special libraries that are not 3893 included with sendmail. Contributed by Booker C. Bense 3894 <bbense@networking.stanford.edu>; contact him for support. 3895 See also the src/READ_ME file. 3896 Allow -dANSI to turn on ANSI escape sequences in debug output; this 3897 puts metasymbols (e.g., $+) in reverse video. Really useful 3898 only for debugging deep bits of code where it is important to 3899 distinguish between the single-character metasymbol $+ and the 3900 two characters $, +. 3901 Changed ruleset 89 (executed in dumpstate()) to a named ruleset, 3902 debug_dumpstate. 3903 Add new UnsafeGroupWrites option; if set, .forward and :include: 3904 files that are group writable are considered "unsafe" -- that 3905 is, programs and files referenced from such files are not 3906 valid recipients. 3907 Delete bogosity test for FallBackMX host; this prevented it to be a 3908 name that was not in DNS or was a domain-literal. Problem 3909 noted by Tom May. 3910 Change the introduction to error messages to more clearly delineate 3911 permanent from temporary failures; if both existed in a 3912 single message it could be confusing. Suggested by John 3913 Beck of InReference, Inc. 3914 The IngoreDot (i) option didn't work for lines that were terminated 3915 with CRLF. Problem noted by Ted Stockwell of Secure 3916 Computing Corporation. 3917 Add a heuristic to improve the handling of unbalanced `<' signs in 3918 message headers. Problem reported by Matt Dillon of Best 3919 Internet Communications. 3920 Check for bogus characters in the 0200-0237 range; since these are 3921 used internally, very strange errors can occur if those 3922 characters appear in headers. Problem noted by Anders Gertz 3923 of Lysator. 3924 Implement 7 -> 8 bit MIME conversions. This only takes place if the 3925 recipient mailer has the F=9 flag set, and only works on 3926 text/plain body types. Code contributed by Marius Olafsson 3927 of the University of Iceland. 3928 Special case "postmaster" name so that it is always treated as lower 3929 case in alias files regardless of configuration settings; 3930 this prevents some potential problems where "Postmaster" or 3931 "POSTMASTER" might not match "postmaster". In most cases 3932 this change is a no-op. 3933 The -o map flag was ignored for text maps. Problem noted by Bryan 3934 Costales. 3935 The -a map flag was ignored for dequote maps. Problem noted by 3936 Bryan Costales. 3937 Fix core dump when a lookup of a class "prog" map returns no 3938 response. Patch from Bryan Costales. 3939 Log instances where sendmail is deferring or rejecting connections 3940 on LogLevel 14. Suggested by Kyle Jones of UUNET. 3941 Include port number in process title for network daemons. Suggested 3942 by Kyle Jones of UUNET. 3943 Send ``double bounces'' (errors that occur when sending an error 3944 message) to the address indicated in the DoubleBounceAddress 3945 option (default: postmaster). Previously they were always 3946 sent to postmaster. Suggested by Kyle Jones of UUNET. 3947 Add new mode, -bD, that acts like -bd in all respects except that 3948 it runs in foreground. This is useful for using with a 3949 wrapper that "watches" system services. Suggested by Kyle 3950 Jones of UUNET. 3951 Fix botch in spacing around (parenthesized) comments in addresses 3952 when the comment comes before the address. Patch from 3953 Motonori Nakamura of Kyoto University. 3954 Use the prefix "Postmaster notify" on the Subject: lines of messages 3955 that are being bounced to postmaster, rather than "Returned 3956 mail". This permits the person who is postmaster more 3957 easily determine what messages are to their role as 3958 postmaster versus bounces to mail they actually sent. Based 3959 on a suggestion by Motonori Nakamura. 3960 Add new value "time" for QueueSortOrder option; this causes the queue 3961 to be sorted strictly by the time of submission. Note that 3962 this can cause very bad behavior over slow lines (because 3963 large jobs will tend to delay small jobs) and on nodes with 3964 heavy traffic (because old things in the queue for hosts that 3965 are down delay processing of new jobs). Also, this does not 3966 guarantee that jobs will be delivered in submission order 3967 unless you also set DeliveryMode=queue. In general, it should 3968 probably only be used on the command line, and only in 3969 conjunction with -qRhost.domain. In fact, there are very few 3970 cases where it should be used at all. Based on an 3971 implementation by Motonori Nakamura. 3972 If a map lookup in ruleset 5 returns tempfail, queue the message in 3973 the same manner as other rulesets. Previously a temporary 3974 failure in ruleset 5 was ignored. Patch from Booker Bense 3975 of Stanford University. 3976 Don't proceed to the next MX host if an SMTP MAIL command returns a 3977 5yz (permanent failure) code. The next MX host will still be 3978 tried if the connection cannot be opened in the first place 3979 or if the MAIL command returns a 4yz (temporary failure) code. 3980 (It's hard to know what to do here, since neither RFC 974 nor 3981 RFC 1123 specify when to proceed to the next MX host.) 3982 Suggested by Jonathan Kamens of OpenVision, Inc. 3983 Add new "-t" flag for map definitions (the "K" line in the .cf file). 3984 This causes map lookups that get a temporary failure (e.g., 3985 name server failure) to _not_ defer the delivery of the 3986 message. This should only be used if your configuration file 3987 is prepared to do something sensible in this case. Based on 3988 an idea by Gregory Shapiro of WPI. 3989 Fix problem finding network interface addresses. Patch from 3990 Motonori Nakamura. 3991 Don't reject qf entries that are not owned by your effective uid if 3992 you are not running setuid; this makes management of certain 3993 kinds of firewall setups difficult. Patch suggested by 3994 Eamonn Coleman of Qualcomm. 3995 Add persistent host status. This keeps the information normally 3996 maintained within a single queue run in disk files that are 3997 shared between sendmail instances. The HostStatusDirectory 3998 is the directory in which the information is maintained. If 3999 not set, persistent host status is turned off. If not a full 4000 pathname, it is relative to the queue directory. A common 4001 value is ".hoststat". 4002 There are also two new operation modes: 4003 * -bh prints the status of hosts that have had recent 4004 connections. 4005 * -bH purges the host statuses. No attempt is made to save 4006 recent status information. 4007 This feature was originally written by Paul Vixie of Vixie 4008 Enterprises for KJS and adapted for V8 by Mark Lovell of 4009 Bigrock Consulting. Paul's funding of Mark and Mark's patience 4010 with my insistence that things fit cleanly into the V8 4011 framework is gratefully appreciated. 4012 New SingleThreadDelivery option (requires HostStatusDirectory to 4013 operate). Avoids letting two sendmails on the local machine 4014 open connections to the same remote host at the same time. 4015 This reduces load on the other machine, but can cause mail to 4016 be delayed (for example, if one sendmail is delivering a huge 4017 message, other sendmails won't be able to send even small 4018 messages). Also, it requires another file descriptor (for the 4019 lock file) per connection, so you may have to reduce 4020 ConnectionCacheSize to avoid running out of per-process 4021 file descriptors. Based on the persistent host status code 4022 contributed by Paul Vixie and Mark Lovell. 4023 Allow sending to non-simple files (e.g., /dev/null) even if the 4024 SafeFileEnvironment option is set. Problem noted by Bryan 4025 Costales. 4026 The -qR flag mistakenly matched flags in the "R" line of the queue 4027 file. Problem noted by Bryan Costales. 4028 If a job was aborted using the interrupt signal (e.g., control-C from 4029 the keyboard), on some occasions an empty df file would be 4030 left around; these would collect in the queue directory. 4031 Problem noted by Bryan Costales. 4032 Change the makesendmail script to enhance the search for Makefiles 4033 based on release number. For example, on SunOS 5.5.1, it will 4034 search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then 4035 Makefile.SunOS.5.x (in addition to the other rules, e.g., 4036 adding $arch). Problem noted by Jason Mastaler of Atlanta 4037 Webmasters. 4038 When creating maps using "newaliases", always map the keys to lower 4039 case when creating the map unless the -f flag is specified on 4040 the map itself. Previously this was done based on the F=u 4041 flag in the local mailer, which meant you could create aliases 4042 that you could never access. Problem noted by Bob Wu of DEC. 4043 When a job was read from the queue, the bits causing notification on 4044 failure or delay were always set. This caused those 4045 notifications to be sent even if NOTIFY=NEVER had been 4046 specified. Problem noted by Steve Hubert of the University 4047 of Washington, Seattle. 4048 Add new configurable routine validate_connection (in conf.c). This 4049 lets you decide if you are willing to accept traffic from 4050 this host. If it returns FALSE, all SMTP commands will return 4051 "550 Access denied". -DTCPWRAPPERS will include support for 4052 TCP wrappers; you will need to add -lwrap to the link line. 4053 (See src/READ_ME for details.) 4054 Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster 4055 bounces. Some people seemed to think that this could be 4056 confusing (even though it is true). Suggested by Motonori 4057 Nakamura. 4058 Add new RunAsUser option; this causes sendmail to do a setuid to that 4059 user early in processing to avoid potential security problems. 4060 However, this means that all .forward and :include: files must 4061 be readable by that user, and all files to be written must be 4062 writable by that user and all programs will be executed by that 4063 user. It is also incompatible with the SafeFileEnvironment 4064 option. In other words, it may not actually add much to 4065 security. However, it should be useful on firewalls and other 4066 places where users don't have accounts and the aliases file is 4067 well constrained. 4068 Add Timeout.iconnect. This is like Timeout.connect except it is used 4069 only on the first attempt to delivery to an address. It could 4070 be set to be lower than Timeout.connect on the principle that 4071 the mail should go through quickly to responsive hosts; less 4072 responsive hosts get to wait for the next queue run. 4073 Fix a problem on Solaris that occasionally causes programs 4074 (such as vacation) to hang with their standard input connected 4075 to a UDP port. It also created some signal handling problems. 4076 The problems turned out to be an interaction between vfork(2) 4077 and some of the libraries, particularly NIS/NIS+. I am 4078 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix. 4079 Change user class map to do the same matching that actual delivery 4080 will do instead of just a /etc/passwd lookup. This adds 4081 fuzzy matching to the user map. Patch from Dan Oscarsson. 4082 The Timeout.* options are not safe -- they can be used to create a 4083 denial-of-service attack. Problem noted by Christophe 4084 Wolfhugel. 4085 Don't send PostmasterCopy messages in the event of a "delayed" 4086 notification. Suggested by Barry Bouwsma. 4087 Don't advertise "VERB" ESMTP extension if the "noexpn" privacy 4088 option is set, since this disables VERB mode. Suggested 4089 by John Hawkinson of MIT. 4090 Complain if the QueueDirectory (Q) option is not set. Problem noted 4091 by Motonori Nakamura of Kyoto University. 4092 Only queue messages on transient .forward open failures if there 4093 were no successful opens. The previous behavior caused it 4094 to queue even if a "fall back" .forward was found. Problem 4095 noted by Ann-Kian Yeo of the Dept. of Information Systems 4096 and Computer Science (DISCS), NUS, Singapore. 4097 Don't do 8->7 bit conversions when bouncing a MIME message that 4098 is bouncing because of a MIME error during 8->7 bit conversion; 4099 the encapsulated message will bounce again, causing a loop. 4100 Problem noted by Steve Hubert of the University of Washington. 4101 Create xf (transcript) files using the TempFileMode option value 4102 instead of 0644. Suggested by Ann-Kian Yeo of the 4103 National University of Singapore. 4104 Print errors if setgid/setuid/etc. fail during delivery. This helps 4105 detect cases where DefaultUid is set to something that the 4106 system can't cope with. 4107 PORTABILITY FIXES: 4108 Support for AIX/RS 2.2.1 from Mark Whetzel of Western 4109 Atlas International. 4110 Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell 4111 <bicknell@ufp.org>. 4112 On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only 4113 work on the first recipient of a message due to a 4114 bug in the getpwent family. If this is something you 4115 use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a 4116 workaround. From Maximum Entropy of Sanford C. 4117 Bernstein and Associates. 4118 FreeBSD 1.1.5.1 uname -r returns a string containing 4119 parentheses, which breaks makesendmail. Reported 4120 by Piero Serini <piero@strider.ibenet.it>. 4121 Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of 4122 Systems and Computer Technology Corporation. 4123 Solaris 2.x: omit the UUCP grade parameter (-g flag) because 4124 it is system-dependent. Problem noted by J.J. Bailey 4125 of Bailey Computer Consulting. 4126 Pyramid NILE running DC/OSx support from Earle F. Ake of 4127 Hassler Communication Systems Technology, Inc. 4128 HP-UX 10.x compile glitches, reported by Anne Brink of the 4129 U.S. Army and James Byrne of Harte & Lyne Limited. 4130 NetBSD from Matthew Green of the NetBSD crew. 4131 SCO 5.x from Keith Reynolds of SCO. 4132 IRIX 6.2 from Robert Tarrall of the University of 4133 Colorado and Kari Hurtta of the Finnish Meteorological 4134 Institute. 4135 UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R. 4136 Lopez, CICA (Seville). 4137 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR. 4138 PTX 3.2.0 from Kenneth Stailey of the US Department of Labor 4139 Employment Standards Administration. 4140 Altos System V (5.3.1) from Tim Rice of Multitalents. 4141 Concurrent Systems Corporation Maxion from Donald R. Laster 4142 Jr. 4143 NetInfo maps (improved debugging and multi-valued aliases) 4144 from Adrian Steinmann of Steinmann Consulting. 4145 ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler) 4146 from Eric Schnoebelen of Convex. 4147 Linux 2.0 mail.local patches from Horst von Brand. 4148 NEXTSTEP 3.x compilation from Robert La Ferla. 4149 NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT. 4150 Solaris 2.5 configuration fixes for mail.local by Jim Davis 4151 of the University of Arizona. 4152 Solaris 2.5 has a working setreuid. Noted by David Linn of 4153 Vanderbilt University. 4154 Solaris changes for praliases, makemap, mailstats, and smrsh. 4155 Previously you had to add -DSOLARIS in Makefile.dist; 4156 this auto-detects. Based on a patch from Randall 4157 Winchester of the University of Maryland. 4158 CONFIG: add generic-nextstep3.3.mc file. Contributed by 4159 Robert La Ferla of Hot Software. 4160 CONFIG: allow mailertables to resolve to ``error:code message'' 4161 (where "code" is an exit status) on domains (previously 4162 worked only on hosts). Patch from Cor Bosman of Xs4all 4163 Foundation. 4164 CONFIG: hooks for IPv6-style domain literals. 4165 CONFIG: predefine ALIAS_FILE and change the prototype file so that 4166 if it is undefined the AliasFile option is never set; this 4167 should be transparent for most everyone. Suggested by John 4168 Myers of CMU. 4169 CONFIG: add FEATURE(limited_masquerade). Without this feature, any 4170 domain listed in $=w is masqueraded. With it, only those 4171 domains listed in a MASQUERADE_DOMAIN macro are masqueraded. 4172 CONFIG: add FEATURE(masquerade_entire_domain). This causes 4173 masquerading specified by MASQUERADE_DOMAIN to apply to all 4174 hosts under those domains as well as the domain headers 4175 themselves. For example, if a configuration had 4176 MASQUERADE_DOMAIN(foo.com), then without this feature only 4177 foo.com would be masqueraded; with it, *.foo.com would be 4178 masqueraded as well. Based on an implementation by Richard 4179 (Pug) Bainter of U. Texas. 4180 CONFIG: add FEATURE(genericstable) to do a more general rewriting of 4181 outgoing addresses. Defaults to ``hash -o /etc/genericstable''. 4182 Keys are user names; values are outgoing mail addresses. Yes, 4183 this does overlap with the user database, and figuring out 4184 just when to use which one may be tricky. Based on code 4185 contributed by Richard (Pug) Bainter of U. Texas with updates 4186 from Per Hedeland of Ericsson. 4187 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of 4188 incoming addresses. Defaults to ``hash -o /etc/virtusertable''. 4189 Keys are either fully qualified addresses or just the host 4190 part (with the @ sign). For example, a table containing: 4191 info@foo.com foo-info 4192 info@bar.com bar-info 4193 @baz.org jane@elsewhere.net 4194 would send all mail destined for info@foo.com to foo-info 4195 (which is presumably an alias), mail addressed to info@bar.com 4196 to bar-info, and anything addressed to anyone at baz.org will 4197 be sent to jane@elsewhere.net. The names foo.com, bar.com, 4198 and baz.org must all be in $=w. Based on discussions with 4199 a great many people. 4200 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS. 4201 Suggested by Richard Bainter. 4202 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the 4203 "fax" mailer. 4204 CONFIG: allow mailertable entries to resolve to local:user; this 4205 passes the original user@host in to procmail-style local 4206 mailers as the "detail" information to allow them to do 4207 additional clever processing. From Joe Pruett of 4208 Teleport Corporation. Delivery to the original user can 4209 be done by specifying "local:" (with nothing after the colon). 4210 CONFIG: allow any context that takes "mailer:domain" to also take 4211 "mailer:user@domain" to force mailing to the given user; 4212 "local:user" can also be used to do local delivery. This 4213 applies on *_RELAY and in the mailertable entries. Based 4214 on a suggestion by Ribert Kiessling of Easynet. 4215 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that 4216 limits the possible domains; this reduces the number of DNS 4217 lookups required to support this feature. For example, 4218 FEATURE(bestmx_is_local, my.site.com) limits the lookups 4219 to domains under my.site.com. Code contributed by Anthony 4220 Thyssen <anthony@cit.gu.edu.au>. 4221 CONFIG: LOCAL_RULESETS introduces any locally defined rulesets, 4222 such as the check_rcpt ruleset. Suggested by Gregory Shapiro 4223 of WPI. 4224 CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the 4225 event you have to define local mailers. Suggested by 4226 Gregory Shapiro of WPI. 4227 CONFIG: fix cases where a three- (or more-) stage route-addr could 4228 be misinterpreted as a list:...; syntax. Based on a patch by 4229 Vlado Potisk <Vlado_Potisk@tempest.sk>. 4230 CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is 4231 remotely connected. The address host!user was being 4232 converted to host!user@thishost instead of host!user@uurelay. 4233 Problem noted by William Gianopoulos of Raytheon Company. 4234 CONFIG: add confTO_ICONNECT to set Timeout.iconnect. 4235 CONFIG: change FEATURE(redirect) message from "User not local" to 4236 "User has moved"; the former wording was confusing if the 4237 new address is still on the local host. Based on a suggestion 4238 by Andreas Luik. 4239 CONFIG: add support in FEATURE(nullclient) for $=E (exposed users). 4240 However, the class is not pre-initialized to contain root. 4241 Suggested by Gregory Neil Shapiro. 4242 CONTRIB: Remove XLA code at the request of the author, Christophe 4243 Wolfhugel. 4244 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm. 4245 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note 4246 well: this produces a slightly different mailbox format (no 4247 Content-Length: headers), file ownerships and modes are 4248 different (not owned by group mail; mode 600 instead of 660), 4249 and the local mailer flags will have to be tweaked (make them 4250 match bsd4.4) in order to use this mailer. Patches from Paul 4251 Hammann of the Missouri Research and Education Network. 4252 MAIL.LOCAL: in some cases it could return EX_OK even though there 4253 was a delivery error, such as if the ownership on the file 4254 was wrong or the mode changed between the initial stat and 4255 the open. Problem reported by William Colburn of the New 4256 Mexico Institute of Mining and Technology. 4257 MAILSTATS: handle zero length files more reliably. Patch from Bryan 4258 Costales. 4259 MAILSTATS: add man page contributed by Keith Bostic of BSDI. 4260 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't 4261 honored. Fix from Michael Scott Shappe. 4262 PRALIASES: add man page contributed by Keith Bostic of BSDI. 4263 NEW FILES: 4264 src/Makefiles/Makefile.AIX.2 4265 src/Makefiles/Makefile.IRIX.6.2 4266 src/Makefiles/Makefile.maxion 4267 src/Makefiles/Makefile.NCR.MP-RAS.3.x 4268 src/Makefiles/Makefile.SCO.5.x 4269 src/Makefiles/Makefile.UXPDSV20 4270 mailstats/mailstats.8 4271 praliases/praliases.8 4272 cf/cf/generic-nextstep3.3.mc 4273 cf/feature/genericstable.m4 4274 cf/feature/limited_masquerade.m4 4275 cf/feature/masquerade_entire_domain.m4 4276 cf/feature/virtusertable.m4 4277 cf/ostype/aix2.m4 4278 cf/ostype/altos.m4 4279 cf/ostype/maxion.m4 4280 cf/ostype/solaris2.ml.m4 4281 cf/ostype/uxpds.m4 4282 contrib/re-mqueue.pl 4283 DELETED FILES: 4284 src/Makefiles/Makefile.Solaris 4285 contrib/xla/README 4286 contrib/xla/xla.c 4287 RENAMED FILES: 4288 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x 4289 src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2 4290 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10 4291 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x 4292 src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x 4293 42948.7.6/8.7.3 1996/09/17 4295 SECURITY: It is possible to force getpwuid to fail when writing the 4296 queue file, causing sendmail to fall back to running programs 4297 as the default user. This is not exploitable from off-site. 4298 Workarounds include using a unique user for the DefaultUser 4299 (old u & g options) and using smrsh as the local shell. 4300 SECURITY: fix some buffer overruns; in at least one case this allows 4301 a local user to get root. This is not known to be exploitable 4302 from off-site. The workaround is to disable chfn(1) commands. 4303 43048.7.5/8.7.3 1996/03/04 4305 Fix glitch in 8.7.4 when putting certain internal lines; this can 4306 in some case cause connections to hang or messages to have 4307 extra spaces in odd places. Patch from Eric Wassenaar; 4308 reports from Eric Hall of Chiron Corporation, Stephen 4309 Hansen of Stanford University, Dean Gaudet of HotWired, 4310 and others. 4311 43128.7.4/8.7.3 1996/02/18 4313 SECURITY: In some cases it was still possible for an attacker to 4314 insert newlines into a queue file, thus allowing access to 4315 any user (except root). 4316 CONFIG: no changes -- it is not a bug that the configuration 4317 version number is unchanged. 4318 43198.7.3/8.7.3 1995/12/03 4320 Fix botch in name server timeout in RCPT code; this problem caused 4321 two responses in SMTP, which breaks things horribly. Fix 4322 from Gregory Neil Shapiro of WPI. 4323 Verify that L= value on M lines cannot be negative, which could cause 4324 negative array subscripting. Not a security problem since 4325 this has to be in the config file, but it could have caused 4326 core dumps. Pointed out by Bryan Costales. 4327 Fix -d21 debug output for long macro names. Pointed out by Bryan 4328 Costales. 4329 PORTABILITY FIXES: 4330 SCO doesn't have ftruncate. From Bill Aten of Computerizers. 4331 IBM's version of arpa/nameser.h defaults to the wrong byte 4332 order. Tweak it to work properly. Based on fixes 4333 from Fletcher Mattox of UTexas and Betty Lee of 4334 Stanford University. 4335 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option. 4336 Deficiency pointed out by Bryan Costales of ICSI. 4337 43388.7.2/8.7.2 1995/11/19 4339 REALLY fix the backslash escapes in SmtpGreetingMessage, 4340 OperatorChars, and UnixFromLine options. They were not 4341 properly repaired in 8.7.1. 4342 Completely delete the Bcc: header if and only if there are other 4343 valid recipient headers (To:, Cc: or Apparently-To:, the 4344 last being a historic botch, of course). If Bcc: is the 4345 only recipient header in the message, its value is tossed, 4346 but the header name is kept. The old behavior (always keep 4347 the header name and toss the value) allowed primary recipients 4348 to see that a Bcc: went to _someone_. 4349 Include queue id on ``Authentication-Warning: <host>: <user> set 4350 sender to <address> using -f'' syslog messages. Suggested 4351 by Kari Hurtta. 4352 If a sequence or switch map lookup entry gets a tempfail but then 4353 continues on to another map type, but the name is not found, 4354 return a temporary failure from the sequence or switch map. 4355 For example, if hosts search ``dns files'' and DNS fails 4356 with a tempfail, the hosts map will go on and search files, 4357 but if it fails the whole thing should be a tempfail, not 4358 a permanent (host unknown) failure, even though that is the 4359 failure in the hosts.files map. This error caused hard 4360 bounces when it should have requeued. 4361 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo 4362 owned by bar mode 700 and inbox being setuid bar stopped 4363 working properly due to excessive paranoia. Pointed out by 4364 John Hawkinson of Panix. 4365 An SMTP RCPT command referencing a host that gave a nameserver 4366 timeout would return a 451 command (8.6 accepted it and 4367 queued it locally). Revert to the 8.6 behavior in order 4368 to simplify queue management for clustered systems. Suggested 4369 by Gregory Neil Shapiro of WPI. The same problem could break 4370 MH, which assumes that the SMTP session will succeed (tsk, tsk 4371 -- mail gets lost!); this was pointed out by Stuart Pook of 4372 Infobiogen. 4373 Fix possible buffer overflow in munchstring(). This was not a security 4374 problem because you couldn't specify any argument to this 4375 without first giving up root privileges, but it is still a 4376 good idea to avoid future problems. Problem noted by John 4377 Hawkinson and Sam Hartman of MIT. 4378 ``452 Out of disk space for temp file'' messages weren't being 4379 printed. Fix from David Perlin of Nanosoft. 4380 Don't advertise the ESMTP DSN extension if the SendMimeErrors option 4381 is not set, since this is required to get the actual DSNs 4382 created. Problem pointed out by John Gardiner Myers of CMU. 4383 Log permission problems that cause .forward and :include: files to 4384 be untrusted or ignored on log level 12 and higher. Suggested 4385 by Randy Martin of Clemson University. 4386 Allow user ids in U= clauses of M lines to have hyphens and 4387 underscores. 4388 Fix overcounting of recipients -- only happened when sending to an 4389 alias. Pointed out by Mark Andrews of SGI and Jack Woolley 4390 of Systems and Computer Technology Corporation. 4391 If a message is sent to an address that fails, the error message that 4392 is returned could show some extraneous "success" information 4393 included even if the user did not request success notification, 4394 which was confusing. Pointed out by Allan Johannesen of WPI. 4395 Config files that had no AliasFile definition were defaulting to 4396 using /etc/aliases; this caused problems with nullclient 4397 configurations. Change it back to the 8.6 semantics of 4398 having no local alias file unless it is declared. Problem 4399 noted by Charles Karney of Princeton University. 4400 Fix compile problem if NOTUNIX is defined. Pointed out by Bryan 4401 Costales of ICSI. 4402 Map lookups of class "userdb" maps were always case sensitive; they 4403 should be controlled by the -f flag like other maps. Pointed 4404 out by Bjart Kvarme <bjart.kvarme@usit.uio.no>. 4405 Fix problem that caused some addresses to be passed through ruleset 5 4406 even when they were tagged as "sticky" by prefixing the 4407 address with an "@". Patch from Thomas Dwyer III of Michigan 4408 Technological University. 4409 When converting a message to Quoted-Printable, prevent any lines with 4410 dots alone on a line by themselves. This is because of the 4411 preponderance of broken mailers that still get this wrong. 4412 Code contributed by Per Hedeland of Ericsson. 4413 Fix F{macro}/file construct -- it previously did nothing. Pointed 4414 out by Bjart Kvarme of USIT/UiO (Norway). 4415 Announce whether a cached connection is SMTP or ESMTP (in -v mode). 4416 Requested by Allan Johannesen. 4417 Delete check for text format of alias files -- it should be legal 4418 to have the database format of the alias files without the 4419 text version. Problem pointed out by Joe Rhett of Navigist, 4420 Inc. 4421 If "Ot" was specified with no value, the TZ variable was not properly 4422 imported from the environment. Pointed out by Frank Crawford 4423 <frank@ansto.gov.au>. 4424 Some architectures core dumped on "program" maps that didn't have 4425 extra arguments. Patch from Booker C. Bense of Stanford 4426 University. 4427 Queue run processes would re-spawn daemons when given a SIGHUP; only 4428 the parent should do this. Fix from Brian Coan of the 4429 Association for Progressive Communications. 4430 If MinQueueAge was set and a message was considered but not run 4431 during a queue run and the Timeout.queuereturn interval was 4432 reached, a "timed out" error message would be returned that 4433 didn't include the failed address (and claimed to be a warning 4434 even though it was fatal). The fix is to not return such 4435 messages until they are actually tried, i.e., in the next 4436 MinQueueAge interval. Problem noted by Rein Tollevik of 4437 SINTEF RUNIT, Oslo. 4438 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions 4439 that have the hes_getmailhost() routine. DEC Hesiod 4440 distributions do not have this routine. Based on a patch 4441 from Betty Lee of Stanford University. 4442 Extensive cleanups to map open code to handle a locking race condition 4443 in ndbm, hash, and btree format database files on some (most 4444 non-4.4-BSD based) OS architectures. This should solve the 4445 occasional "user unknown" problem during alias rebuilds that 4446 has plagued me for quite some time. Based on a patch from 4447 Thomas Dwyer III of Michigan Technological University. 4448 PORTABILITY FIXES: 4449 Solaris: Change location of newaliases and mailq from 4450 /usr/ucb to /usr/bin to match Sun settings. From 4451 James B. Davis of TCI. 4452 DomainOS: Makefile.DomainOS doesn't require -ldbm. From 4453 Don Lewis of Silicon Systems. 4454 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x 4455 so that the makesendmail script will find it. Pointed 4456 out by Richard Allen of the University of Iceland. 4457 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which 4458 isn't supported on all compilers. 4459 UXPDS: compilation fixes from Diego R. Lopez. 4460 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless 4461 you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE. 4462 CONFIG: Minor glitch in S21 -- attachment of local domain name 4463 didn't have trailing dot. From Jim Hickstein of Teradyne. 4464 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as 4465 user%host@thishost. From Claude Scarpelli of Infobiogen 4466 (France). 4467 CONFIG: OSTYPE(hpux10) failed to define the location of the help file. 4468 Pointed out by Hannu Martikka of Nokia Telecommunications. 4469 CONFIG: Diagnose some inappropriate ordering in configuration files, 4470 such as FEATURE(smrsh) listed after MAILER(local). Based on 4471 a bug report submitted by Paul Hoffman of Proper Publishing. 4472 CONFIG: Make OSTYPE files consistently not override settings that 4473 have already been set. Previously it worked differently 4474 for different files. 4475 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take 4476 is that this is wrong, but the change was causing problems 4477 for some people. From Per Hedeland of Ericsson. 4478 CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>; 4479 portability changes for Posix environments (no functional 4480 changes). 4481 44828.7.1/8.7.1 1995/10/01 4483 Old macros that have become options (SmtpGreetingMessage, 4484 OperatorChars, and UnixFromLine) didn't allow backslash 4485 escapes in the options, where they previously had. Bug 4486 pointed out by John Hawkinson of MIT. 4487 Fix strange case of an executable called by a program map that 4488 returns a value but also a non-zero exit status; this 4489 would give contradictory results in the higher level; in 4490 particular, the default clause in the map lookup would be 4491 ignored. Change to ignore the value if the program returns 4492 non-zero exit status. From Tom Moore of AT&T GIS. 4493 Shorten parameters passed to syslog() in some contexts to avoid a 4494 bug in many vendors' implementations of that routine. Although 4495 this isn't really a bug in sendmail per se, and my solution 4496 has to assume that syslog() has at least a 1K buffer size 4497 internally (I know some vendors have shortened this 4498 dramatically -- they're on their own), sendmail is a popular 4499 target. Also, limit the size of %s arguments in sprintf. 4500 These both have possible security implications. Solutions 4501 suggested by Casper Dik of Sun's Network Security Group 4502 (Holland), Mark Seiden, and others. 4503 Fix a problem that might cause a non-standard -B (body type) 4504 parameter to be passed to the next server with undefined 4505 results. This could have security implications. 4506 If a filesystem was at > 100% utilization, the freediskspace() 4507 routine incorrectly returned an error rather than zero. 4508 Problem noted by G. Paul Ziemba of Alantec. 4509 Change MX sort order so that local hostnames (those in $=w) always 4510 sort first within a given preference. This forces the bestmx 4511 map to always return the local host first, if it is included 4512 in the list of highest priority MX records. From K. Robert 4513 Elz. 4514 Avoid some possible null pointer dereferences. Fixes from Randy 4515 Martin <WOLF@CLEMSON.EDU> 4516 When sendmail starts up on systems that have no fully qualified 4517 domain name (FQDN) anywhere in the first matching host map 4518 (e.g., /etc/hosts if the hosts service searches "files dns"), 4519 sendmail would sleep to try to find a FQDN, which it really 4520 really needs. This has been changed to fall through to the 4521 next map type if it can't find a FQDN -- i.e., if the hosts 4522 file doesn't have a FQDN, it will try dns even though the 4523 short name was found in /etc/hosts. This is probably a crock, 4524 but many people have hosts files without FQDNs. Remember: 4525 domain names are your friends. 4526 Log a high-priority message if you can't find your FQDN during startup. 4527 Suggested by Simon Barnes of Schlumberger Limited. 4528 When using Hesiod, initialize it early to improve error reporting. 4529 Patch from Don Lewis of Silicon Systems, Inc. 4530 Apparently at least some versions of Linux have a 90 !minute! TCP 4531 connection timeout in the kernel. Add a new "connect" timeout 4532 to limit this time. Defaults to zero (use whatever the 4533 kernel provides). Based on code contributed by J.R. Oldroyd 4534 of TerraNet. 4535 Under some circumstances, a failed message would not be properly 4536 removed from the queue, causing tons of bogus error messages. 4537 (This fix eliminates the problematic EF_KEEPQUEUE flag.) 4538 Problem noted by Allan E Johannesen and Gregory Neil Shapiro 4539 of WPI. 4540 PORTABILITY FIXES: 4541 On IRIX 5.x, there was an inconsistency in the setting 4542 of sendmail.st location. Change the Makefile to 4543 install it in /var/sendmail.st to match the OSTYPE 4544 file and SGI standards. From Andre 4545 <andre@curry.zfe.siemens.de>. 4546 Support for Fujitsu/ICL UXP/DS (For the DS/90 Series) 4547 from Diego R. Lopez <drlopez@cica.es>. 4548 Linux compilation patches from J.R. Oldroyd of TerraNet, Inc. 4549 LUNA 2 Mach patches from Motonori Nakamura. 4550 SunOS Makefile was including -ldbm, which is for the old 4551 dbm library. The ndbm library is part of libc. 4552 CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with 4553 ``local configuration error'' in nullclient configuration. 4554 Patch from Gregory Neil Shapiro of WPI. 4555 CONFIG: don't allow an alias file in nullclient configurations -- 4556 since all addresses are relayed, they give errors during 4557 rebuild. Suggested by Per Hedeland of Ericsson. 4558 CONFIG: local mailer on Solaris 2 should always get a -f flag because 4559 otherwise the F=S causes the From_ line to imply that root is 4560 the sender. Problem pointed out by Claude Scarpelli of 4561 Infobiogen (France). 4562 NEW FILES: 4563 cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake) 4564 src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake) 4565 src/Makefiles/Makefile.UXPDS 4566 45678.7/8.7 1995/09/16 4568 Fix a problem that could cause sendmail to run out of file 4569 descriptors due to a trashed data structure after a 4570 vfork. Fix from Brian Coan of the Institute for 4571 Global Communications. 4572 Change the VRFY response if you have disabled VRFY -- some 4573 people seemed to think that it was too rude. 4574 Avoid reference to uninitialized file descriptor if HASFLOCK 4575 was not defined. This was used "safely" in the sense 4576 that it only did a stat, but it would have set the 4577 map modification time improperly. Problem pointed out 4578 by Roy Mongiovi of Georgia Tech. 4579 Clean up the Subject: line on warning messages and return 4580 receipts so that they don't say "Returned mail:"; this 4581 can be confusing. 4582 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is 4583 useful enough to make it worthwhile printing on "-d". 4584 Avoid logging alias statistics every time you read the alias 4585 file on systems with no database method compiled in. 4586 If you have a name with a trailing dot, and you try looking it 4587 up using gethostbyname without the dot (for /etc/hosts 4588 compatibility), be sure to turn off RES_DEFNAMES and 4589 RES_DNSRCH to avoid finding the wrong name accidentally. 4590 Problem noted by Charles Amos of the University of 4591 Maryland. 4592 Don't do timeouts in collect if you are not running SMTP. 4593 There is nothing that says you can't have a long 4594 running program piped into sendmail (possibly via 4595 /bin/mail, which just execs sendmail). Problem reported 4596 by Don "Truck" Lewis of Silicon Systems. 4597 Try gethostbyname() even if the DNS lookup fails iff option I 4598 is not set. This allows you to have hosts listed in 4599 NIS or /etc/hosts that are not known to DNS. It's normally 4600 a bad idea, but can be useful on firewall machines. This 4601 should really be broken out on a separate flag, I suppose. 4602 Avoid compile warnings against BIND 4.9.3, which uses function 4603 prototypes. From Don Lewis of Silicon Systems. 4604 Avoid possible incorrect diagnosis of DNS-related errors caused 4605 by things like attempts to resolve uucp names using 4606 $[ ... $] -- the fix is to clear h_errno at appropriate 4607 times. From Kyle Jones of UUNET. 4608 SECURITY: avoid denial-of-service attacks possible by destroying 4609 the alias database file by setting resource limits low. 4610 This involves adding two new compile-time options: 4611 HASSETRLIMIT (indicating that setrlimit(2) support is 4612 available) and HASULIMIT (indicating that ulimit(2) support 4613 is available -- the Release 3 form is used). The former 4614 is assumed on BSD-based systems, the latter on System 4615 V-based systems. Attack noted by Phil Brandenberger of 4616 Swarthmore University. 4617 New syntaxes in test (-bt) mode: 4618 ``.Dmvalue'' will define macro "m" to "value". 4619 ``.Ccvalue'' will add "value" to class "c". 4620 ``=Sruleset'' will dump the contents of the indicated 4621 ruleset. 4622 ``=M'' will display the known mailers. 4623 ``-ddebug-spec'' is equivalent to the command-line 4624 -d debug flag. 4625 ``$m'' will print the value of macro $m. 4626 ``$=c'' will print the contents of class $=c. 4627 ``/mx host'' returns the MX records for ``host''. 4628 ``/parse address'' will parse address, returning the value of 4629 crackaddr (essentially, the comment information) 4630 and the parsed address. 4631 ``/try mailer address'' will rewrite address into the form 4632 it will have when presented to the indicated mailer. 4633 ``/tryflags flags'' will set flags used by parsing. The 4634 flags can be `H' for header or `E' for envelope, 4635 and `S' for sender or `R' for recipient. These 4636 can be combined, so `HR' sets flags for header 4637 recipients. 4638 ``/canon hostname'' will try to canonify hostname and 4639 return the result. 4640 ``/map mapname key'' will look up `key' in the indicated 4641 `mapname' and return the result. 4642 Somewhat better handling of UNIX-domain socket addresses -- it 4643 should show the pathname rather than hex bytes. 4644 Restore ``-ba'' mode -- this reads a file from stdin and parses 4645 the header for envelope sender information and uses 4646 CR-LF as message terminators. It was thought to be 4647 obsolete (used only for Arpanet NCP protocols), but it 4648 turns out that the UK ``Grey Book'' protocols require 4649 that functionality. 4650 Fix a fix in previous release -- if gethostname and gethostbyname 4651 return a name without dots, and if an attempt to canonify 4652 that name fails, wait one minute and try again. This can 4653 result in an extra 60 second delay on startup if your system 4654 hostname (as returned by hostname(1)) has no dot and no names 4655 listed in /etc/hosts or your NIS map have a dot. 4656 Check for proper domain name on HELO and EHLO commands per 4657 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III 4658 of Michigan Technological University. 4659 Relax chownsafe rules slightly -- old version said that if you 4660 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, 4661 if fpathconf returned EINVAL or ENOSYS), assume that 4662 chown is not safe. The new version falls back to whether 4663 you are on a BSD system or not. This is important for 4664 SunOS, which apparently always returns one of those 4665 error codes. This impacts whether you can mail to files 4666 or not. 4667 Syntax errors such as unbalanced parentheses in the configuration 4668 file could be omitted if you had "Oem" prior to the 4669 syntax error in the config file. Change to always print 4670 the error message. It was especially weird because it 4671 would cause a "warning" message to be sent to the Postmaster 4672 for every message sent (but with no transcript). Problem 4673 noted by Gregory Paris of Motorola. 4674 Rewrite collect and putbody to handle full 8-bit data, including 4675 zero bytes. These changes are internally extensive, but 4676 should have minimal impact on external function. 4677 Allow full words for option names -- if the option letter is 4678 (apparently) a space, then take the word following -- e.g., 4679 O MatchGECOS=TRUE 4680 The full list of old and new names is as follows: 4681 7 SevenBitInput 4682 8 EightBitMode 4683 A AliasFile 4684 a AliasWait 4685 B BlankSub 4686 b MinFreeBlocks/MaxMessageSize 4687 C CheckpointInterval 4688 c HoldExpensive 4689 D AutoRebuildAliases 4690 d DeliveryMode 4691 E ErrorHeader 4692 e ErrorMode 4693 f SaveFromLine 4694 F TempFileMode 4695 G MatchGECOS 4696 H HelpFile 4697 h MaxHopCount 4698 i IgnoreDots 4699 I ResolverOptions 4700 J ForwardPath 4701 j SendMimeErrors 4702 k ConnectionCacheSize 4703 K ConnectionCacheTimeout 4704 L LogLevel 4705 l UseErrorsTo 4706 m MeToo 4707 n CheckAliases 4708 O DaemonPortOptions 4709 o OldStyleHeaders 4710 P PostmasterCopy 4711 p PrivacyOptions 4712 Q QueueDirectory 4713 q QueueFactor 4714 R DontPruneRoutes 4715 r, T Timeout 4716 S StatusFile 4717 s SuperSafe 4718 t TimeZoneSpec 4719 u DefaultUser 4720 U UserDatabaseSpec 4721 V FallbackMXHost 4722 v Verbose 4723 w TryNullMXList 4724 x QueueLA 4725 X RefuseLA 4726 Y ForkEachJob 4727 y RecipientFactor 4728 z ClassFactor 4729 Z RetryFactor 4730 The old macros that passed information into sendmail have 4731 been changed to options; those correspondences are: 4732 $e SmtpGreetingMessage 4733 $l UnixFromLine 4734 $o OperatorChars 4735 $q (deleted -- not necessary) 4736 To avoid possible problems with an older sendmail, 4737 configuration level 6 is accepted by this version of 4738 sendmail; any config file using the new names should 4739 specify "V6" in the configuration. 4740 Change address parsing to properly note that a phrase before a 4741 colon and a trailing semicolon are essentially the same 4742 as text outside of angle brackets (i.e., sendmail should 4743 treat them as comments). This is to handle the 4744 ``group name: addr1, addr2, ..., addrN;'' syntax (it will 4745 assume that ``group name:'' is a comment on the first 4746 address and the ``;'' is a comment on the last address). 4747 This requires config file support to get right. It does 4748 understand that :: is NOT this syntax, and can be turned 4749 off completely by setting the ColonOkInAddresses option. 4750 Level 6 config files added with new mailer flags: 4751 A Addresses are aliasable. 4752 i Do udb rewriting on envelope as well as header 4753 sender lines. Applies to the from address mailer 4754 flags rather than the recipient mailer flags. 4755 j Do udb rewriting on header recipient addresses. 4756 Applies to the sender mailer flags rather than the 4757 recipient mailer flags. 4758 k Disable check for loops when doing HELO command. 4759 o Always run as the mail recipient, even on local 4760 delivery. 4761 w Check for an /etc/passwd entry for this user. 4762 5 Pass addresses through ruleset 5. 4763 : Check for :include: on this address. 4764 | Check for |program on this address. 4765 / Check for /file on this address. 4766 @ Look up sender header addresses in the user 4767 database. Applies to the mailer flags for the 4768 mailer corresponding to the envelope sender 4769 address, rather than to recipient mailer flags. 4770 Pre-level 6 configuration files set A, w, 5, :, |, /, and @ 4771 on the "local" mailer, the o flag on the "prog" and "*file*" 4772 mailers, and the ColonOkInAddresses option. 4773 Eight-to-seven bit MIME conversions. This borrows ideas from 4774 John Beck of Hewlett-Packard, who generously contributed 4775 their implementation to me, which I then didn't use (see 4776 mime.c for an explanation of why). This adds the 4777 EightBitMode option (a.k.a. `8') and an F=8 mailer flag 4778 to control handling of 8-bit data. These have to cope with 4779 two types of 8-bit data: unlabelled 8-bit data (that is, 4780 8-bit data that is entered without declaring it as 8-bit 4781 MIME -- technically this is illegal according to the 4782 specs) and labelled 8-bit data (that is, it was declared 4783 as 8BITMIME in the ESMTP session or by using the 4784 -B8BITMIME command line flag). If the F=8 mailer flag is 4785 set then 8-bit data is sent to non-8BITMIME machines 4786 instead of converting to 7 bit (essentially using 4787 just-send-8 semantics). The values for EightBitMode are: 4788 m convert unlabelled 8-bit input to 8BITMIME, and do 4789 any necessary conversion of 8BITMIME to 7BIT 4790 (essentially, the full MIME option). 4791 p pass unlabelled 8-bit input, but convert labelled 4792 8BITMIME input to 7BIT as required (default). 4793 s strict adherence: reject unlabelled 8-bit input, 4794 convert 8BITMIME to 7BIT as required. The F=8 4795 flag is ignored. 4796 Unlabelled 8-bit data is rejected in mode `s' regardless of 4797 the setting of F=8. 4798 Add new internal class 'n', which is the set of MIME Content-Types 4799 which can not be 8 to 7 bit encoded because of other 4800 considerations. Types "multipart/*" and "message/*" are 4801 never directly encoded (although their components can be). 4802 Add new internal class 's', which is the set of subtypes of the 4803 MIME message/* content type that can be treated as though 4804 they are an RFC822 message. It is predefined to have 4805 "rfc822". Suggested By Kari Hurtta. 4806 Add new internal class 'e'. This is the set of MIME 4807 Content-Transfer-Encodings that can be converted to 4808 a seven bit format (Quoted-Printable or Base64). It is 4809 preinitialized to contain "7bit", "8bit", and "binary". 4810 Add C=charset mailer parameter and the the DefaultCharSet option (no 4811 short name) to set the default character set to use in the 4812 Content-Type: header when doing encoding of an 8-bit message 4813 which isn't marked as MIME into MIME format. If the C= 4814 parameter is set on the Envelope From address, use that as 4815 the default encoding; else use the DefaultCharSet option. 4816 If neither is set, it defaults to "unknown-8bit" as 4817 suggested by RFC 1428 section 3. 4818 Allow ``U=user:group'' field in mailer definition to set a default 4819 user and group that a mailer will be executed as. This 4820 overrides the 'u' and 'g' options, and if the `F=S' flag is 4821 also set, it is the uid/gid that will always be used (that 4822 is, the controlling address is ignored). The values may be 4823 numeric or symbolic; if only a symbolic user is given (no 4824 group) that user's default group in the passwd file is used 4825 as the group. Based on code donated by Chip Rosenthal of 4826 Unicom. 4827 Allow `u' option to also accept user:group as a value, in the same 4828 fashion as the U= mailer option. 4829 Add the symbolic time zone name in the Arpanet format dates (as 4830 a comment). This adds a new compile-time configuration 4831 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value 4832 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value 4833 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char 4834 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use 4835 timezone()), or TZ_NONE (don't include the comment). Code 4836 from Chip Rosenthal. 4837 The "Timeout" option (formerly "r") is extended to allow suboptions. 4838 For example, 4839 O Timeout.helo = 2m 4840 There are also two new suboptions "queuereturn" and 4841 "queuewarn"; these subsume the old T option. Thus, to 4842 set them both the preferred new syntax is 4843 O Timeout.queuereturn = 5d 4844 O Timeout.queuewarn = 4h 4845 Sort queue by host name instead of by message priority if the 4846 QueueSortOrder option (no short name) is set is set to 4847 ``host''. This makes better use of the connection cache, 4848 but may delay more ``interactive'' messages behind large 4849 backlogs under some circumstances. This is probably a 4850 good option if you have high speed links or don't do lots 4851 of ``batch'' messages, but less good if you are using 4852 something like PPP on a 14.4 modem. Based on code 4853 contributed by Roy Mongiovi of Georgia Tech (my main 4854 contribution was to make it configurable). 4855 Save i-number of df file in qf file to simplify rebuilding of queue 4856 after disastrous disk crash. Suggested by Kyle Jones of 4857 UUNET; closely based on code from KJS DECWRL code written 4858 by Paul Vixie. NOTA BENE: The qf files produced by 8.7 4859 are NOT back compatible with 8.6 -- that is, you can convert 4860 from 8.6 to 8.7, but not the other direction. 4861 Add ``F=d'' mailer flag to disable all use of angle brackets in 4862 route-addrs in envelopes; this is because in some cases 4863 they can be sent to the shell, which interprets them as 4864 I/O redirection. 4865 Don't include error file (option E) with return-receipts; this 4866 can be confusing. 4867 Don't send "Warning: cannot send" messages to owner-* or 4868 *-request addresses. Suggested by Christophe Wolfhugel 4869 of the Institut Pasteur, Paris. 4870 Allow -O command line flag to set long form options. 4871 Add "MinQueueAge" option to set the minimum time between attempts 4872 to run the queue. For example, if the queue interval 4873 (-q value) is five minutes, but the minimum queue age 4874 is fifteen minutes, jobs won't be tried more often than 4875 once every fifteen minutes. This can be used to give 4876 you more responsiveness if your delivery mode is set to 4877 queue-only. 4878 Allow "fileopen" timeout (default: 60 seconds) for opening 4879 :include: and .forward files. 4880 Add "-k", "-v", and "-z" flags to map definitions; these set the 4881 key field name, the value field name, and the field 4882 delimiter. The field delimiter can be a single character 4883 or the sequence "\t" or "\n" for tab or newline. 4884 These are for use by NIS+ and similar access methods. 4885 Change maps to always strip quotes before lookups; the -q flag 4886 turns off this behavior. Suggested by Motonori Nakamura. 4887 Add "nisplus" map class. Takes -k and -v flags to choose the 4888 key and value field names respectively. Code donated by 4889 Sun Microsystems. 4890 Add "hesiod" map class. The "file name" is used as the 4891 "HesiodNameType" parameter to hes_resolve(3). Returns the 4892 first value found for the match. Code donated by Scott 4893 Hutton of Indiana University. 4894 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to 4895 specify the name of the property that is searched as the 4896 key and a -v flag to specify the name of the property that 4897 is returned as the value (defaults to "members"). The 4898 default map is "/aliases". Some code based on code 4899 contributed by Robert La Ferla of Hot Software. 4900 Add "text" map class. This does slow, linear searches through 4901 text files. The -z flag specifies a column delimiter 4902 (defaults to any sequence of white space), the -k flag 4903 sets the key column number, and the -v flag sets the 4904 value column number. Lines beginning with `#' are treated 4905 as comments. 4906 Add "program" map class to execute arbitrary programs. The search 4907 key is presented as the last argument; the output is one 4908 line read from the programs standard output. Exit statuses 4909 are from sysexits.h. 4910 Add "sequence" map class -- searches maps in sequence until it 4911 finds a match. For example, the declarations: 4912 Kmap1 ... 4913 Kmap2 ... 4914 Kmapseq sequence map1 map2 4915 defines a map "mapseq" that first searches map1; if the 4916 value is found it is returned immediately, otherwise 4917 map2 is searched and the value returned. 4918 Add "switch" map class. This is much like "sequence" except that 4919 the ordering is fetched from an external file, usually 4920 the system service switch. The parameter is the name of 4921 the service to switch on, and the maps that it will use 4922 are the name of the switch map followed by ".service_type". 4923 For example, if the declaration of the map is 4924 Ksample switch hosts 4925 and the system service switch specifies that hosts are 4926 looked up using dns and nis in that order, then this is 4927 equivalent to 4928 Ksample sequence sample.dns sample.nis 4929 The subordinate maps (sample.*) must already be defined. 4930 Add "user" map class -- looks up users using getpwnam. Takes a 4931 "-v field" flag on the definition that tells what passwd 4932 entry to return -- legal values are name, passwd, uid, gid, 4933 gecos, dir, and shell. Generally expected to be used with 4934 the -m (matchonly) flag. 4935 Add "bestmx" map class -- returns the best MX value for the host 4936 listed as the value. If there are several "best" MX records 4937 for this host, one will be chosen at random. 4938 Add "userdb" map class -- looks up entries in the user database. 4939 The "file name" is actually the tag that will be used, 4940 typically "mailname". If there are multiple entries 4941 matching the name, the one chosen is undefined. 4942 Add multiple queue timeouts (both return and warning). These are 4943 set by the Precedence: or Priority: header fields to one of 4944 three values. If a Priority: is set and has value "normal", 4945 "urgent", or "non-urgent" the corresponding timeouts are 4946 used. If no priority is set, the Precedence: is consulted; 4947 if negative, non-urgent timeouts are used; if greater than 4948 zero, urgent timeouts are used. Otherwise, normal timeouts 4949 are used. The timeouts are set by setting the six timeouts 4950 queue{warn,return}.{urgent,normal,non-urgent}. 4951 Fix problem when a mail address is resolved to a $#error mailer 4952 with a temporary failure indication; it works in SMTP, 4953 but when delivering locally the mail is silently discarded. 4954 This patch, from Kyle Jones of UUNET, bounces it instead 4955 of queueing it (queueing is very hard). 4956 When using /etc/hosts or NIS-style lookups, don't assume that 4957 the first name in the list is the best one -- instead, 4958 search for the first one with a dot. For example, if 4959 an /etc/hosts entry reads 4960 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU 4961 this change will use the second name as the canonical 4962 machine name instead of the initial, unqualified name. 4963 Change dequote map to replace spaces in quoted text with a value 4964 indicated by the -s flag on the dequote map definition. 4965 For example, ``Mdequote dequote -s_'' will change 4966 "Foo Bar" into an unquoted Foo_Bar instead of leaving it 4967 quoted (because of the space character). Suggested by Dan 4968 Oscarsson for use in X.400 addresses. 4969 Implement long macro names as ${name}; long class names can 4970 be similarly referenced as $={name} and $~{name}. 4971 Definitions are (e.g.) ``D{name}value''. Names that have 4972 a leading lower case letter or punctuation characters are 4973 reserved for internal use by sendmail; i.e., config files 4974 should use names that begin with a capital letter. Based 4975 on code contributed by Dan Oscarsson. 4976 Fix core dump if getgrgid returns a null group list (as opposed 4977 to an empty group list, that is, a pointer to a list 4978 with no members). Fix from Andrew Chang of Sun Microsystems. 4979 Fix possible core dump if malloc fails -- if the malloc in xalloc 4980 failed, it called syserr which called newstr which called 4981 xalloc.... The newstr is now avoided for "panic" messages. 4982 Reported by Stuart Kemp of James Cook University. 4983 Improve connection cache timeouts; previously, they were not even 4984 checked if you were delivering to anything other than an 4985 IPC-connected host, so a series of (say) local mail 4986 deliveries could cause cached connections to be open 4987 much longer than the specified timeout. 4988 If an incoming message exceeds the maximum message size, stop 4989 writing the incoming bytes to the queue data file, since 4990 this can fill your mqueue partition -- this is a possible 4991 denial-of-service attack. 4992 Don't reject all numeric local user names unless HESIOD is 4993 defined. It turns out that Posix allows all-numeric 4994 user names. Fix from Tony Sanders of BSDI. 4995 Add service switch support. If the local OS has a service 4996 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf 4997 on DEC systems) that will be used; otherwise, it falls back 4998 to using a local mechanism based on the ServiceSwitchFile 4999 option (default: /etc/service.switch). For example, if the 5000 service switch lists "files" and "nis" for the aliases 5001 service, that will be the default lookup order. the "files" 5002 ("local" on DEC) service type expands to any alias files 5003 you listed in the configuration file, even if they aren't 5004 actually file lookups. 5005 Option I (NameServerOptions) no longer sets the "UseNameServer" 5006 variable which tells whether or not DNS should be considered 5007 canonical. This is now determined based on whether or not 5008 "dns" is in the service list for "hosts". 5009 Add preliminary support for the ESMTP "DSN" extension (Delivery 5010 Status Notifications). DSN notifications override 5011 Return-Receipt-To: headers, which are bogus anyhow -- 5012 support for them has been removed. 5013 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer 5014 definitions to define the types used in DSN returns for 5015 MTA names, addresses, and diagnostics respectively. 5016 Extend heuristic to force running in ESMTP mode to look for the 5017 five-character string "ESMTP" anywhere in the 220 greeting 5018 message (not just the second line). This is to provide 5019 better compatibility with other ESMTP servers. 5020 Print sequence number of job when running the queue so you can 5021 easily see how much progress you have made. Suggested 5022 by Peter Wemm of DIALix. 5023 Map newlines to spaces in logged message-ids; some versions of 5024 syslog truncate the rest of the line after newlines. 5025 Suggested by Fletcher Mattox of U. Texas. 5026 Move up forking for job runs so that if a message is split into 5027 multiple envelopes you don't get "fork storms" -- this 5028 also improves the connection cache utilization. 5029 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 5030 the purposes of refusing to send error returns. Suggested 5031 by Motonori Nakamura of Ritsumeikan University. 5032 Relax rules on when a file can be written when referenced from 5033 the aliases file: use the default uid/gid instead of the 5034 real uid/gid. This allows you to create a file owned by 5035 and writable only by the default uid/gid that will work 5036 all the time (without having the setuid bit set). Change 5037 suggested by Shau-Ping Lo and Andrew Cheng of Sun 5038 Microsystems. 5039 Add "DialDelay" option (no short name) to provide an "extra" 5040 delay for dial on demand systems. If this is non-zero 5041 and a connect fails, sendmail will wait this long and 5042 then try again. If it takes longer than the kernel 5043 timeout interval to establish the connection, this 5044 option can give the network software time to establish 5045 the link. The default units are seconds. 5046 Move logging of sender information to be as early as possible; 5047 previously, it could be delayed a while for SMTP mail 5048 sent to aliases. Suggested by Brad Knowles of the 5049 Defense Information Systems Agency. 5050 Call res_init() before setting RES_DEBUG; this is required by 5051 BIND 4.9.3, or so I'm told. From Douglas Anderson of 5052 the National Computer Security Center. 5053 Add xdelay= field in logs -- this is a transaction delay, telling 5054 you how long it took to deliver to this address on the 5055 last try. It is intended to be used for sorting mailing 5056 lists to favor "quick" addresses. Provided for use by 5057 the mailprio scripts (see below). 5058 If a map cannot be opened, and that map is non-optional, and 5059 an address requires that map for resolution, queue the 5060 map instead of bouncing it. This involves creating a 5061 pseudo-class of maps called "bogus-map" -- if a required 5062 map cannot be opened, the class is changed to bogus-map; 5063 all queries against bogus-map return "tempfail". The 5064 bogus-map class is not directly accessible. A sample 5065 implementation was donated by Jem Taylor of Glasgow 5066 University Computing Service. 5067 Fix a possible core dump when mailing to a program that talks 5068 SMTP on its standard input. Fix from Keith Moore of 5069 the University of Kentucky. 5070 Make it possible to resolve filenames to $#local $: @ /filename; 5071 previously, the "@" would cause it to not be recognized 5072 as a file. Problem noted by Brian Hill of U.C. Davis. 5073 Accept a -1 signal to re-exec the daemon. This only works if 5074 argv[0] is a full path to sendmail. 5075 Fix bug in "addr=..." field in O option on little-endian machines 5076 -- the network number wasn't being converted to network 5077 byte order. Patch from Kurt Lidl of Pix Technologies 5078 Corporation. 5079 Pre-initialize the resolver early on; this is to avoid a bug with 5080 BIND 4.9.3 that can cause the _res.retry field to get 5081 reset to zero, causing all name server lookups to time 5082 out. Fix from Matt Day of Artisoft. 5083 Restore T line (trusted users) in config file -- but instead of 5084 locking out the -f flag, they just tell whether or not 5085 an X-Authentication-Warning: will be added. This really 5086 just creates new entries in class 't', so "Ft/file/name" 5087 can be used to read trusted user names from a file. 5088 Trusted users are also allowed to execute programs even 5089 if they have a shell that isn't in /etc/shells. 5090 Improve NEWDB alias file rebuilding so it will create them 5091 properly if they do not already exist. This had been 5092 a MAYBENEXTRELEASE feature in 8.6.9. 5093 Check for @:@ entry in NIS maps before starting up to avoid 5094 (but not prevent, sigh) race conditions. This ought to 5095 be handled properly in ypserv, but isn't. Suggested by 5096 Michael Beirne of Motorola. 5097 Refuse connections if there isn't enough space on the filesystem 5098 holding the queue. Contributed by Robert Dana of Wolf 5099 Communications. 5100 Skip checking for directory permissions in the path to a file 5101 when checking for file permissions iff setreuid() 5102 succeeded -- it is unnecessary in that case. This avoids 5103 significant performance problems when looking for .forward 5104 files. Based on a suggestion by Win Bent of USC. 5105 Allow symbolic ruleset names. Syntax can be "Sname" to get an 5106 arbitrary ruleset number assigned or "Sname = integer" 5107 to assign a specific ruleset number. Reference is 5108 $>name_or_number. Names can be composed of alphas, digits, 5109 underscore, or hyphen (first character must be non-numeric). 5110 Allow -o flag on AliasFile lines to make the alias file optional. 5111 From Bryan Costales of ICSI. 5112 Add NoRecipientAction option to handle the case where there is 5113 no legal recipient header in the message. It can take 5114 on values: 5115 None Leave the message as is. The 5116 message will be passed on even 5117 though it is in technically 5118 illegal syntax. 5119 Add-To Add a To: header with any 5120 recipients that it can find from 5121 the envelope. This risks exposing 5122 Bcc: recipients. 5123 Add-Apparently-To Add an Apparently-To: header. This 5124 has almost no redeeming social value, 5125 and is provided only for back 5126 compatibility. 5127 Add-To-Undisclosed Add a header reading 5128 To: undisclosed-recipients:; 5129 which will have the effect of 5130 making the message legal without 5131 exposing Bcc: recipients. 5132 Add-Bcc To add an empty Bcc: header. 5133 There is a chance that mailers down 5134 the line will delete this header, 5135 which could cause exposure of Bcc: 5136 recipients. 5137 The default is NoRecipientAction=None. 5138 Truncate (rather than delete) Bcc: lines in the header. This 5139 should prevent later sendmails (at least, those that don't 5140 themselves delete Bcc:) from considering this message to 5141 be non-conforming -- although it does imply that non-blind 5142 recipients can see that a Bcc: was sent, albeit not to whom. 5143 Add SafeFileEnvironment option. If declared, files named as delivery 5144 targets must be regular files in addition to the regular 5145 checks. Also, if the option is non-null then it is used as 5146 the name of a directory that is used as a chroot(2) 5147 environment for the delivery; the file names listed in an 5148 alias or forward should include the name of this root. 5149 For example, if you run with 5150 O SafeFileEnvironment=/arch 5151 then aliases should reference "/arch/rest/of/path". If a 5152 value is given, sendmail also won't try to save to 5153 /usr/tmp/dead.letter (instead it just leaves the job in the 5154 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. 5155 Support -A flag for alias files; this will comma concatenate like 5156 entries. For example, given the aliases: 5157 list: member1 5158 list: member2 5159 and an alias file declared as: 5160 OAhash:-A /etc/aliases 5161 the final alias inserted will be "list: member1,member2"; 5162 without -A you will get an error on the second and subsequent 5163 alias for "list". Contributed by Bryan Costales of ICSI. 5164 Line-buffer transcript file. Suggested by Liudvikas Bukys. 5165 Fix a problem that could cause very long addresses to core dump in 5166 some special circumstances. Problem pointed out by Allan 5167 Johannesen. 5168 (Internal change.) Change interface to expand() (macro expansion) 5169 to be simpler and more consistent. 5170 Delete check for funny qf file names. This didn't really give 5171 any extra security and caused some people some problems. 5172 (If you -really- want this, define PICKY_QF_NAME_CHECK 5173 at compile time.) Suggested by Kyle Jones of UUNET. 5174 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and 5175 merge with DSN code; this is simpler and more consistent. 5176 This may affect some people who have written their own 5177 checkcompat() routine. 5178 (Internal change.) Eliminate `D' line in qf file. The df file 5179 is now assumed to be the same name as the qf file (with 5180 the `q' changed to a `d', of course). 5181 Avoid forking for delivery if all recipient mailers are marked as 5182 "expensive" -- this can be a major cost on some systems. 5183 Essentially, this forces sendmail into "queue only" mode 5184 if all it is going to do is queue anyway. 5185 Avoid sending a null message in some rather unusual circumstances 5186 (specifically, the RCPT command returns a temporary 5187 failure but the connection is lost before the DATA 5188 command). Fix from Scott Hammond of Secure Computing 5189 Corporation. 5190 Change makesendmail to use a somewhat more rational naming scheme: 5191 Makefiles and obj directories are named $os.$rel.$arch, 5192 where $os is the operating system (e.g., SunOS), $rel is 5193 the release number (e.g., 5.3), and $arch is the machine 5194 architecture (e.g., sun4). Any of these can be omitted, 5195 and anything after the first dot in a release number can 5196 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous 5197 version used $os.$arch.$rel and was rather less general. 5198 Change makesendmail to do a "make depend" in the target directory 5199 when it is being created. This involves adding an empty 5200 "depend:" entry in most Makefiles. 5201 Ignore IDENT return value if the OSTYPE field returns "OTHER", 5202 as indicated by RFC 1413. Pointed out by Kari Hurtta 5203 of the Finnish Meteorological Institute. 5204 Fix problem that could cause multiple responses to DATA command 5205 on header syntax errors (e.g., lines beginning with colons). 5206 Problem noted by Jens Thomassen of the University of Oslo. 5207 Don't let null bytes in headers cause truncation of the rest of 5208 the header. 5209 Log Authentication-Warning:s. Suggested by Motonori Nakamura. 5210 Increase timeouts on message data puts to allow time for receivers 5211 to canonify addresses in headers on the fly. This is still 5212 a rather ugly heuristic. From Motonori Nakamura. 5213 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX 5214 records are not used when canonifying names, and when MX 5215 lookups are done for addressing they must be fully 5216 qualified. This is useful if you have a wildcard MX record, 5217 although it may cause other problems. In general, don't use 5218 wildcard MX records. Patch from Motonori Nakamura. 5219 Eliminate default two-line SMTP greeting message. Instead of 5220 adding an extra "ESMTP spoken here" line, the word "ESMTP" 5221 is added between the first and second word of the first 5222 line of the greeting message (i.e., immediately after the 5223 host name). This eliminates the need for the BROKEN_SMTP_PEERS 5224 compile flag. Old sendmails won't see the ESMTP, but that's 5225 acceptable because SIZE was the only useful extension that 5226 old sendmails understand. 5227 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 5228 invoked state dumps. From Masaharu Onishi. 5229 Allow on-line comments in .forward and :include: files; they are 5230 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> 5231 is a space or a tab. This is intended for native 5232 representation of non-ASCII sets such as Japanese, where 5233 existing encodings would be unreadable or would lose 5234 data -- for example, 5235 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori 5236 (romanized/less information) 5237 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= 5238 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= 5239 (with MIME encoding, not human readable) 5240 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B 5241 (native encoding with ISO-2022-JP) 5242 The last form is human readable in the Japanese environment. 5243 Based on a fix from (surprise!) Motonori Nakamura. 5244 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all 5245 messages to that host; these are most frequently associated 5246 with addresses rather than the host, with the exception of 5247 421 (service shutting down). The effect was to cause queues 5248 to sometimes take an excessive time to flush. Reported by 5249 Robert Sargent of Southern Geographics Technologies and 5250 Eric Prestemon of American University. 5251 Add Nice=N mailer option to set the niceness at which a mailer will 5252 run. This is actually a relative niceness (that is, an 5253 increment on the background value). 5254 Log queue runs that are skipped due to high loads. They are logged 5255 at LOG_INFO priority iff the log level is > 8. Contributed 5256 by Bruce Nagel of Data General. 5257 Allow the error mailer to accept a DSN-style error status code 5258 instead of an sysexits status code in the host part. 5259 Anything with a dot will be interpreted as a DSN-style code. 5260 Add new mailer flag: F=3 will tell translations to Quoted-Printable 5261 to encode characters that might be munged by an EBCDIC system 5262 in addition to the set required by RFC 1521. The additional 5263 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. 5264 (Think of "IBM 360" as the mnemonic for this flag.) 5265 Change check for mailing to files to look for a pathname of [FILE] 5266 rather than looking for the mailer named *file*. The mapping 5267 of leading slashes still goes to the *file* mailer. This 5268 allows you to implement the *file* mailer as a separate 5269 program, for example, to insert a Content-Length: header 5270 or do special security policy. However, note that the usual 5271 initial checking for the file permissions is still done, and 5272 the program in question needs to be very careful about how 5273 it does the file write to avoid security problems. 5274 Be able to read ~root/.forward even if the path isn't accessible to 5275 regular users. This is disrecommended because sendmail 5276 sometimes does not run as root (e.g., when an unsafe option 5277 is specified on the command line), but should otherwise be 5278 safe because .forward files must be owned by the user for 5279 whom mail is being forwarded, and cannot be a symbolic link. 5280 Suggested by Forrest Aldrich of Wang Laboratories. 5281 Add new "HostsFile" option that is the pathname to the /etc/hosts 5282 file. This is used for canonifying hostnames when the 5283 service type is "files". 5284 Implement programs on F (read class from file) line. The syntax is 5285 Fc|/path/to/program to read the output from the program 5286 into class "c". 5287 Probe the network interfaces to find alternate names for this 5288 host. Requires the SIOCGIFCONF ioctl call. Code 5289 contributed by SunSoft. 5290 Add "E" configuration line to set or propagate environment 5291 variables into children. "E<envar>" will propagate 5292 the named variable from the environment when sendmail 5293 was invoked into any children it calls; "E<envar>=<value>" 5294 sets the named variable to the indicated value. Any 5295 variables not explicitly named will not be in the child 5296 environment. However, sendmail still forces an 5297 "AGENT=sendmail" environment variable, in part to enforce 5298 at least one environment variable, since many programs and 5299 libraries die horribly if this is not guaranteed. 5300 Change heuristic for rebuilding both NEWDB and NDBM versions of 5301 alias databases -- new algorithm looks for the substring 5302 "/yp/" in the file name. This is more portable and involves 5303 less overhead. Suggested by Motonori Nakamura. 5304 Dynamically allocate the queue work list so that you don't lose 5305 jobs in large queue runs. The old QUEUESIZE compile parameter 5306 is replaced by QUEUESEGSIZE (the unit of allocation, which 5307 should not need to be changed) and the MaxQueueRunSize option, 5308 which is the absolute maximum number of jobs that will ever 5309 be handled in a single queue run. Based on code contributed 5310 by Brian Coan of the Institute for Global Communications. 5311 Log message when a message is dropped because it exceeds the maximum 5312 message size. Suggested by Leo Bicknell of Virginia Tech. 5313 Allow trusted users (those on a T line or in $=t) to use -bs without 5314 an X-Authentication-Warning: added. Suggested by Mark Thomas 5315 of Mark G. Thomas Consulting. 5316 Announce state of compile flags on -d0.1 (-d0.10 throws in the 5317 OS-dependent defines). The old semantic of -d0.1 to not 5318 run the daemon in background has been moved to -d99.100, 5319 and the old 52.5 flag (to avoid disconnect() from closing 5320 all output files) has been moved to 52.100. This makes 5321 things more consistent (flags below .100 don't change 5322 semantics) and separates out the backgrounding so that 5323 it doesn't happen automatically on other unrelated debugging 5324 flags. 5325 If -t is used but no addresses are found in the header, give an 5326 error message rather than just doing nothing. Fix from 5327 Motonori Nakamura. 5328 On systems (like SunOS) where the effective gid is not necessarily 5329 included in the group list returned by getgroups(), the 5330 `restrictmailq' option could sometimes cause an authorized 5331 user to not be able to use `mailq'. Fix from Charles Hannum 5332 of MIT. 5333 Allow symbolic service names for [IPC] mailers. Suggested by 5334 Gerry Magennis of Logica International. 5335 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs 5336 when running DNS. For example, if the name FTP.Foo.ORG is 5337 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in 5338 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG" 5339 if this option is not set, or "FTP.Foo.ORG" if it is set. 5340 This is technically illegal under RFC 822 and 1123, but the 5341 IETF is moving toward legalizing it. Note that turning on 5342 this option is not sufficient to guarantee that a downstream 5343 neighbor won't rewrite the address for you. 5344 Add "-m" flag to makesendmail script -- this tells you what object 5345 directory and Makefile it will use, but doesn't actually do 5346 the make. 5347 Do some additional checking on the contents of the qf file to try 5348 to detect attacks against the qf file. In particular, 5349 abort on any line beginning "From ", and add an "end of 5350 file" line -- any data after that line is prohibited. 5351 Always use /etc/sendmail.cf, regardless of the arbitrary vendor 5352 choices. This can be overridden in the Makefile by using 5353 either -DUSE_VENDOR_CF_PATH to get the vendor location 5354 (to the extent that we know it) or by defining 5355 _PATH_SENDMAILCF (which is a "hard override"). This allows 5356 sendmail 8 to have more consistent installation instructions. 5357 Allow macros on `K' line in config file. Suggested by Andrew Chang 5358 of Sun Microsystems. 5359 Improved symbol table hash function from Eric Wassenaar. This one 5360 is at least 50% faster. 5361 Fix problem that didn't notice that timeout on file open was a 5362 transient error. Fix from Larry Parmelee of Cornell 5363 University. 5364 Allow comments (lines beginning with a `#') in files read for 5365 classes. Suggested by Motonori Nakamura. 5366 Make SIGINT (usually ^C) in test mode return to the prompt instead 5367 of dropping out entirely. This makes testing some of the 5368 name server lookups easier to deal with when there are 5369 hung servers. From Motonori Nakamura. 5370 Add new ${opMode} macro that is set to the current operation mode 5371 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by 5372 Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>. 5373 Add new delivery mode (Odd) that defers all map lookups to queue runs. 5374 Kind of like queue-only mode (Odq) except it tries to avoid 5375 any external service requests; for dial-on-demand hosts that 5376 want to minimize DNS lookups when mail is being queued. For 5377 this to work you will also have to make sure that gethostbyname 5378 of your local host name does not do a DNS lookup. 5379 Improved handling of "out of space" conditions from John Myers of 5380 Carnegie Mellon. 5381 Improved security for mailing to files on systems that have fchmod(2) 5382 support. 5383 Improve "cannot send message for N days" message -- now says "could 5384 not send for past N days". Suggested by Tom Moore of AT&T 5385 Global Information Solutions. 5386 Less misleading Subject: line on messages sent to postmaster only. 5387 From Motonori Nakamura. 5388 Avoid duplicate error messages on bad command line flags. From 5389 Motonori Nakamura. 5390 Better error message for case where ruleset 0 falls off the end 5391 or otherwise does not resolve to a canonical triple. 5392 Fix a problem that could cause multiple bounce messages if a bad 5393 address was sent along with a good address to an SMTP 5394 site where that SMTP site returned a 4yz code in response 5395 to the final dot of the data. Problem reported by David 5396 James of British Telecom. 5397 Add "volatile" declarations so that gcc -O2 will work. Patches 5398 from Alexander Dupuy of System Management ARTS. 5399 Delete duplicates in MX lists -- believe it or not, there are sites 5400 that list the same host twice in an MX list. This deletion 5401 only works on adjacent preferences, so an MX list that 5402 had A=5, B=10, A=15 would leave both As, but one that had 5403 A=5, A=10, B=15 would reduce to A, B. This is intentional, 5404 just in case there is something weird I haven't thought of. 5405 Suggested by Barry Shein of Software Tool & Die. 5406 SECURITY: .forward files cannot be symbolic links. If they are, 5407 a bad guy can read your private files. 5408 PORTABILITY FIXES: 5409 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. 5410 System V Release 4 from Motonori Nakamura of Ritsumeikan 5411 University. This expands the disk size 5412 checking to include all (?) SVR4 configurations. 5413 System V Release 4 from Kimmo Suominen -- initgroups(3) 5414 and setrlimit(2) are both available. 5415 System V Release 4 from sob@sculley.ffg.com -- some versions 5416 apparently "have EX_OK defined in other headerfiles." 5417 Linux Makefile typo. 5418 Linux getusershell(3) is broken in Slackware 2.0 -- 5419 from Andrew Pam of Xanadu Australia. 5420 More Linux tweaking from John Kennedy of California State 5421 University, Chico. 5422 Cray changes from Eric Wassenaar: ``On Cray, shorts, 5423 ints, and longs are all 64 bits, and all structs 5424 are multiples of 64 bits. This means that the 5425 sizeof operator returns only multiples of 8. 5426 This requires adaptation of code that really 5427 deals with 32 bit or 16 bit fields, such as IP 5428 addresses or nameserver fields.'' 5429 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To 5430 get the old behavior, use -DDGUX_5_4_2. 5431 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment 5432 variable to fix bogus /bin/mail behavior. 5433 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. 5434 This also cleans up some System V Release 4 compile 5435 problems. 5436 Solaris 2: sendmail.cw file should be in /etc/mail to 5437 match all the other configuration files. Fix 5438 from Glenn Barry of Emory University. 5439 Solaris 2.3: compile problem in conf.c. Fix from Alain 5440 Nissen of the University of Liege, Belgium. 5441 Ultrix: freespace calculation was incorrect. Fix from 5442 Takashi Kizu of Osaka University. 5443 SVR4: running in background gets a SIGTTOU because the 5444 emulation code doesn't realize that "getpeername" 5445 doesn't require reading the file. Fix from Peter 5446 Wemm of DIALix. 5447 Solaris 2.3: due to an apparent bug in the socket emulation 5448 library, sockets can get into a "wedged" state where 5449 they just return EPROTO; closing and re-opening the 5450 socket clears the problem. Fix from Bob Manson 5451 of Ohio State University. 5452 Hitachi 3050R & 3050RX running HI-UX/WE2: portability 5453 fixes from Akihiro Hashimoto ("Hash") of Chiba 5454 University. 5455 AIX changes to allow setproctitle to work from Rainer Sch�pf 5456 of Zentrum f�r Datenverarbeitung der Universit�t 5457 Mainz. 5458 AIX changes for load average from Ed Ravin of NASA/Goddard. 5459 SCO Unix from Chip Rosenthal of Unicom (code was using the 5460 wrong statfs call). 5461 ANSI C fixes from Adam Glass (NetBSD project). 5462 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers 5463 University. 5464 DG-UX fixes from Bruce Nagel of Data General. 5465 IRIX64 updates from Mark Levinson of the University of 5466 Rochester Medical Center. 5467 Altos System V (``the first UNIX/XENIX merge the Altos 5468 did for their Series 1000 & Series 2000 line; 5469 their merged code was licensed back to AT&T and 5470 Microsoft and became System V release 3.2'') from 5471 Tim Rice <timr@crl.com>. 5472 OSF/1 running on Intel Paragon from Jeff A. Earickson 5473 <jeff@ssd.intel.com> of Intel Scalable Systems 5474 Division. 5475 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson 5476 <janet@dialix.oz.au>. 5477 System V Release 4 (statvfs semantic fix) from Alain 5478 Durand of I.M.A.G. 5479 HP-UX 10.x multiprocessor load average changes from 5480 Scott Hutton and Jeff Sumler of Indiana University. 5481 Cray CSOS from Scott Bolte of Cray Computer Corporation. 5482 Unicos 8.0 from Douglas K. Rand of the University of North 5483 Dakota, Scientific Computing Center. 5484 Solaris 2.4 fixes from Sanjay Dani of Dani Communications. 5485 ConvexOS 11.0 from Christophe Wolfhugel. 5486 IRIX 4.0.5 from David Ashton-Reader of CADcentre. 5487 ISC UNIX from J. J. Bailey. 5488 HP-UX 9.xx on the 8xx series machines from Remy Giraud 5489 of Meteo France. 5490 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>. 5491 IRIX 5.2 and 5.3 from Kari E. Hurtta. 5492 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. 5493 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. 5494 Omron LUNA unios-b, mach from Motonori Nakamura. 5495 NEC EWS-UX/V 4.2 from Motonori Nakamura. 5496 NeXT 2.1 from Bryan Costales. 5497 AUX patch thanks to Mike Erwin of Apple Computer. 5498 HP-UX 10.0 from John Beck of Hewlett-Packard. 5499 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a 5500 non-DEC resolver. Suggested by Allan Johannesen. 5501 UnixWare 2.0 fixes from Petr Lampa of the Technical 5502 University of Brno (Czech Republic). 5503 KSR OS 1.2.2 support from Todd Miller of the University 5504 of Colorado. 5505 UX4800 support from Kazuhisa Shimizu of NEC. 5506 MAKEMAP: allow -d flag to allow insertion of duplicate aliases 5507 in type ``btree'' maps. The semantics of this are undefined 5508 for regular maps, but it can be useful for the user database. 5509 MAKEMAP: lock database file while rebuilding to avoid sendmail 5510 lookups while the rebuild is going on. There is a race 5511 condition between the open(... O_TRUNC ...) and the lock 5512 on the file, but it should be quite small. 5513 SMRSH: sendmail restricted shell added to the release. This can 5514 be used as an alternative to /bin/sh for the "prog" mailer, 5515 giving the local administrator more control over what 5516 programs can be run from sendmail. 5517 MAIL.LOCAL: add this local mailer to the tape. It is not really 5518 part of the release proper, and isn't fully supported; in 5519 particular, it does not run on System V based systems and 5520 never will. 5521 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon 5522 to allow rmail to compile on systems that don't have 5523 function prototypes and systems that don't have snprintf. 5524 CONTRIB: add the "mailprio" scripts that will help you sort mailing 5525 lists by transaction delay times so that addresses that 5526 respond quickly get sent first. This is to prevent very 5527 sluggish servers from delaying other peoples' mail. 5528 Contributed by Tony Sanders of BSDI. 5529 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders 5530 of BSDI. This has a lot of comments to help people out. 5531 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead, 5532 put this on the m4 command line. On GNU m4 (which 5533 supports the __file__ primitive) you can run m4 in an 5534 arbitrary directory -- use either: 5535 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 5536 or 5537 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf 5538 On other versions of m4 that don't support __file__, you 5539 can use: 5540 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ... 5541 (Note the trailing slash on the _CF_DIR_ definition.) 5542 Old versions of m4 will default to _CF_DIR_=.. for back 5543 compatibility. 5544 CONFIG: fix mail from <> so it will properly convert to 5545 MAILER-DAEMON on local addresses. 5546 CONFIG: fix code that was supposed to catch colons in host 5547 names. Problem noted by John Gardiner Myers of CMU. 5548 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. 5549 From Paul Riddle of the University of Maryland, Baltimore 5550 County. 5551 CONFIG: Catch and reject "." as a host address. 5552 CONFIG: Generalize domaintable to look up all domains, not 5553 just unqualified ones. 5554 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it 5555 was never used and didn't work anyway. 5556 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer 5557 and d on all mailers in the UUCP class. 5558 CONFIG: Allow "user+detail" to be aliased specially: it will first 5559 look for an alias for "user+detail", then for "user+*", and 5560 finally for "user". This is intended for forwarding mail 5561 for system aliases such as root and postmaster to a 5562 centralized hub. 5563 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). 5564 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. 5565 The F=8 flag is also set on the "relay" mailer, since 5566 this is expected to be another sendmail. 5567 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with 5568 the name of the UUCP_RELAY -- in some cases, this is the 5569 wrong value (e.g., when we have local UUCP connections), 5570 and this can create unreplyable addresses. From Chip 5571 Rosenthal of Unicom. 5572 CONFIG: add confRECEIVED_HEADER to change the format of the 5573 Received: header inserted into all messages. Suggested by 5574 Gary Mills of the University of Manitoba. 5575 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) 5576 to get the old behavior. I did this upon observing 5577 that almost everyone needed this feature, and that the 5578 concept I was trying to make happen didn't work with 5579 some user agents anyway. FEATURE(notsticky) still works, 5580 but it is a no-op. 5581 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user 5582 names are sent, rather than immediately diagnosing them 5583 as User Unknown. 5584 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, 5585 and RELAY_MAILER_ARGS to set the arguments for the 5586 indicated mailers. All default to "IPC $h". Patch from 5587 Larry Parmelee of Cornell University. 5588 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects 5589 on the client side" and F=P to get an appropriate 5590 return-path. From Kimmo Suominen. 5591 CONFIG: add FEATURE(local_procmail) to use the procmail program 5592 as the local mailer. For addresses of the form "user+detail" 5593 the "detail" part is passed to procmail via the -a flag. 5594 Contributed by Kimmo Suominen. 5595 CONFIG: add MAILER(procmail) to add an interface to procmail for 5596 use from mailertables. This lets you execute arbitrary 5597 procmail scripts. Contributed by Kimmo Suominen. 5598 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. 5599 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From 5600 Paul Southworth of CICNet Systems Support. 5601 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. 5602 This causes the null return path to be rewritten as 5603 MAILER-DAEMON; otherwise UUCP gets horribly confused. 5604 From Michael Hohmuth of Technische Universitat Dresden. 5605 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that 5606 list us as the best possible MX record to be treated as 5607 though they were local (essentially, assume that they 5608 are included in $=w). This can cause additional DNS 5609 traffic, but is easier to administer if this fits your 5610 local model. It does not work reliably if there are 5611 multiple hosts that share the best MX preference. 5612 Code contributed by John Oleynick of Rutgers. 5613 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted 5614 SHell) instead of /bin/sh as the program used for delivery 5615 to programs. If an argument is included, it is used as 5616 the path to smrsh; otherwise, /usr/local/etc/smrsh is 5617 assumed. 5618 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the 5619 size of messages to the local and procmail mailers 5620 respectively. Contributed by Brad Knowles of the Defense 5621 Information Systems Agency. 5622 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments 5623 (just like text outside of angle brackets) in order to 5624 properly deal with ``group: addr1, ... addrN;'' syntax. 5625 CONFIG: Require OSTYPE macro (the defaults really don't apply to 5626 any real systems any more) and tweak the DOMAIN macro 5627 so that it is less likely that users will accidentally use 5628 the Berkeley defaults. Also, create some generic files 5629 that really can be used in the real world. 5630 CONFIG: Add new configuration macros to set character sets for 5631 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, 5632 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. 5633 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. 5634 The old name will still be accepted for a while at least. 5635 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET 5636 mail (.DECNET pseudo-domain or node::user) will be sent. 5637 As with all relays, it can be ``mailer:hostname''. Suggested 5638 by Scott Hutton. 5639 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed 5640 by Barb Dijker of Labyrinth Computer Services. 5641 CONFIG: change confCHECK_ALIASES to default to False -- it has poor 5642 performance for large alias files, and this confused many 5643 people. 5644 CONFIG: Add confCF_VERSION to append local information to the 5645 configuration version number displayed during SMTP startup. 5646 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it 5647 would only work when locally addressed. Fix from 5648 Edvard Tuinder of Cistron Internet Services. 5649 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option 5650 "n" (CheckAliases) is set when rebuilding alias database. 5651 Based on code contributed by Claude Marinier. 5652 CONFIG: Allow mailertable to have values of the form 5653 ``error:code message''. The ``code'' is a status code 5654 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE. 5655 Contributed by David James <dwj@agw.bt.co.uk>. 5656 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of 5657 sender domains that will be replaced with the masquerade name. 5658 These domains will not be treated as local, but if mail passes 5659 through with sender addresses in those domains they will be 5660 replaced by the masquerade name. These can also be specified 5661 in a file using MASQUERADE_DOMAIN_FILE(filename). 5662 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope 5663 as well as the header. Substantial improvements to this 5664 code were contributed by Per Hedeland. 5665 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be 5666 accessed from a mailertable to do CCSO ph lookups. Contributed 5667 by Kimmo Suominen. 5668 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be 5669 used to define cyrus and cyrusbb mailers (for IMAP support). 5670 Contributed by John Gardiner Myers of Carnegie Mellon. 5671 CONFIG: add confUUCP_MAILER to select default mailer to use for 5672 UUCP addressing. Suggested by Tom Moore of AT&T GIS. 5673 NEW FILES: 5674 cf/cf/cs-hpux10.mc 5675 cf/cf/cs-solaris2.mc 5676 cf/cf/cyrusproto.mc 5677 cf/cf/generic-bsd4.4.mc 5678 cf/cf/generic-hpux10.mc 5679 cf/cf/generic-hpux9.mc 5680 cf/cf/generic-osf1.mc 5681 cf/cf/generic-solaris2.mc 5682 cf/cf/generic-sunos4.1.mc 5683 cf/cf/generic-ultrix4.mc 5684 cf/cf/huginn.cs.mc 5685 cf/domain/berkeley-only.m4 5686 cf/domain/generic.m4 5687 cf/feature/bestmx_is_local.m4 5688 cf/feature/local_procmail.m4 5689 cf/feature/masquerade_envelope.m4 5690 cf/feature/smrsh.m4 5691 cf/feature/stickyhost.m4 5692 cf/feature/use_ct_file.m4 5693 cf/m4/cfhead.m4 5694 cf/mailer/cyrus.m4 5695 cf/mailer/mail11.m4 5696 cf/mailer/phquery.m4 5697 cf/mailer/procmail.m4 5698 cf/ostype/amdahl-uts.m4 5699 cf/ostype/bsdi2.0.m4 5700 cf/ostype/hpux10.m4 5701 cf/ostype/irix5.m4 5702 cf/ostype/isc4.1.m4 5703 cf/ostype/ptx2.m4 5704 cf/ostype/unknown.m4 5705 contrib/bsdi.mc 5706 contrib/mailprio 5707 contrib/rmail.oldsys.patch 5708 mail.local/mail.local.0 5709 makemap/makemap.0 5710 smrsh/README 5711 smrsh/smrsh.0 5712 smrsh/smrsh.8 5713 smrsh/smrsh.c 5714 src/Makefiles/Makefile.CSOS 5715 src/Makefiles/Makefile.EWS-UX_V 5716 src/Makefiles/Makefile.HP-UX.10 5717 src/Makefiles/Makefile.IRIX.5.x 5718 src/Makefiles/Makefile.IRIX64 5719 src/Makefiles/Makefile.ISC 5720 src/Makefiles/Makefile.KSR 5721 src/Makefiles/Makefile.NEWS-OS.4.x 5722 src/Makefiles/Makefile.NEWS-OS.6.x 5723 src/Makefiles/Makefile.NEXTSTEP 5724 src/Makefiles/Makefile.NonStop-UX 5725 src/Makefiles/Makefile.Paragon 5726 src/Makefiles/Makefile.SCO.3.2v4.2 5727 src/Makefiles/Makefile.SunOS.5.3 5728 src/Makefiles/Makefile.SunOS.5.4 5729 src/Makefiles/Makefile.SunOS.5.5 5730 src/Makefiles/Makefile.UNIX_SV.4.x.i386 5731 src/Makefiles/Makefile.uts.systemV 5732 src/Makefiles/Makefile.UX4800 5733 src/aliases.0 5734 src/mailq.0 5735 src/mime.c 5736 src/newaliases.0 5737 src/sendmail.0 5738 test/t_seteuid.c 5739 RENAMED FILES: 5740 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc 5741 cf/cf/chez.mc => cf/cf/chez.cs.mc 5742 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc 5743 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc 5744 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc 5745 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc 5746 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc 5747 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc 5748 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 5749 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 5750 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 5751 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 5752 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 5753 cf/ostype/irix.m4 => cf/ostype/irix4.m4 5754 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 5755 src/Makefile.* => src/Makefiles/Makefile.* 5756 src/Makefile.AUX => src/Makefiles/Makefile.A-UX 5757 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS 5758 src/Makefile.DGUX => src/Makefiles/Makefile.dgux 5759 src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS 5760 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0 5761 OBSOLETED FILES: 5762 cf/cf/cogsci.mc 5763 cf/cf/cs-exposed.mc 5764 cf/cf/cs-hidden.mc 5765 cf/cf/hpux-cs-hidden.mc 5766 cf/cf/knecht.mc 5767 cf/cf/osf1-cs-hidden.mc 5768 cf/cf/sunos3.5-cs-exposed.mc 5769 cf/cf/sunos3.5-cs-hidden.mc 5770 cf/cf/sunos4.1-cs-hidden.mc 5771 cf/cf/ultrix4.1-cs-hidden.mc 5772 cf/domain/cs-hidden.m4 5773 contrib/rcpt-streaming 5774 src/Makefiles/Makefile.SunOS.5.x 5775 57768.6.13/8.6.12 1996/01/25 5777 SECURITY: In some cases it was still possible for an attacker to 5778 insert newlines into a queue file, thus allowing access to 5779 any user (except root). 5780 CONFIG: no changes -- it is not a bug that the configuration 5781 version number is unchanged. 5782 57838.6.12/8.6.12 1995/03/28 5784 Fix to IDENT code (it was getting the size of the reply buffer 5785 too small, so nothing was ever accepted). Fix from several 5786 people, including Allan Johannesen, Shane Castle of the 5787 Boulder County Information Services, and Jeff Smith of 5788 Warwick University (all arrived within a few hours of 5789 each other!). 5790 Fix a problem that could cause large jobs to run out of 5791 file descriptors on systems that use vfork() rather 5792 than fork(). 5793 57948.6.11/8.6.11 1995/03/08 5795 The ``possible attack'' message would be logged more often 5796 than necessary if you are using Pine as a user agent. 5797 The wrong host would be reported in the ``possible attack'' 5798 message when attempted from IDENT. 5799 In some cases the syslog buffer could be overflowed when 5800 reporting the ``possible attack'' message. This can 5801 cause denial of service attacks. Truncate the message 5802 to 80 characters to prevent this problem. 5803 When reading the IDENT response a loop is needed around the 5804 read from the network to ensure that you don't get 5805 partial lines. 5806 Password entries without any shell listed (that is, a null 5807 shell) wouldn't match as "ok". Problem noted by 5808 Rob McMahon. 5809 When running BIND 4.9.x a problem could occur because the 5810 _res.options field is initialized differently than it 5811 was historically -- this requires that sendmail call 5812 res_init before it tweaks any bits. 5813 Fix an incompatibility in openxscript() between the file open mode 5814 and the stdio mode passed to fdopen. This caused UnixWare 5815 2.0 to have conniptions. Fix from Martin Sohnius of 5816 Novell Labs Europe. 5817 Fix problem with static linking of local getopt routine when 5818 using GNU's ld command. Fix from John Kennedy of 5819 Cal State Chico. 5820 It was possible to turn off privacy flags. Problem noted by 5821 *Hobbit*. 5822 Be more paranoid about writing files. Suggestions by *Hobbit* 5823 and Liudvikas Bukys. 5824 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) 5825 from Spider Boardman. 5826 CONFIG: No changes (version number only, to keep it in sync 5827 with the binaries). 5828 58298.6.10/8.6.10 1995/02/10 5830 SECURITY: Diagnose bogus values to some command line flags that 5831 could allow trash to get into headers and qf files. 5832 Validate the name of the user returned by the IDENT protocol. 5833 Some systems that really dislike IDENT send intentionally 5834 bogus information. Problem pointed out by Michael Bushnell 5835 of the Free Software Foundation. Has some security 5836 implications. 5837 Fix a problem causing error messages about DNS problems when 5838 the host name contained a percent sign to act oddly 5839 because it was passed as a printf-style format string. 5840 In some cases this could cause core dumps. 5841 Avoid possible buffer overrun in returntosender() if error 5842 message is quite long. From Fletcher Mattox of the 5843 University of Texas. 5844 Fix a problem that would silently drop "too many hops" error 5845 messages if and only if you were sending to an alias. 5846 From Jon Giltner of the University of Colorado and 5847 Dan Harton of Oak Ridge National Laboratory. 5848 Fix a bug that caused core dumps on some systems if -d11.2 was 5849 set and e->e_message was null. Fix from Bruce Nagel of 5850 Data General. 5851 Fix problem that can still cause df files to be left around 5852 after "hop count exceeded" messages. Fix from Andrew 5853 Chang and Shau-Ping Lo of SunSoft. 5854 Fix a problem that can cause buffer overflows on very long 5855 user names (as might occur if you piped to a program 5856 with a lot of arguments). 5857 Avoid returning an error and re-queueing if the host signature 5858 is null; this can occur on addresses like ``user@.''. 5859 Problem noted by Wesley Craig and the University of 5860 Michigan. 5861 Avoid possible calls to malloc(0) if MCI caching is turned 5862 off. Bug fix from Pierre David of the Laboratoire 5863 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), 5864 Universite de Versailles - St Quentin, and Jacky 5865 Thibault. 5866 Make a local copy of the line being sent via senttolist() -- in 5867 some cases, buffers could get trashed by map lookups 5868 causing it to do unexpected things. This also simplifies 5869 some of the map code. 5870 CONFIG: No changes (version number only, to keep it in sync 5871 with the binaries). 5872 58738.6.9/8.6.9 1994/04/19 5874 Do all mail delivery completely disconnected from any terminal. 5875 This provides consistency with daemon delivery and 5876 may have some security implications. 5877 Make sure that malloc doesn't get called with zero size, 5878 since that fails on some systems. Reported by Ed 5879 Hill of the University of Iowa. 5880 Fix multi-line values for $e (SMTP greeting message). Reported 5881 by Mike O'Connor of Ford Motor Company. 5882 Avoid syserr if no NIS domain name is defined, but the map it 5883 is trying to open is optional. From Win Bent of USC. 5884 Changes for picky compilers from Ed Gould of Digital Equipment. 5885 Hesiod support for UDB from Todd Miller of the University of 5886 Colorado. Use "hesiod" as the service name in the U 5887 option. 5888 Fix a problem that failed to set the "authentic" host name (that 5889 is, the one derived from the socket info) if you called 5890 sendmail -bs from inetd. Based on code contributed by 5891 Todd Miller (this problem was also reported by Guy Helmer 5892 of Dakota State University). This also fixes a related 5893 problem reported by Liudvikas Bukys of the University of 5894 Rochester. 5895 Parameterize "nroff -h" in all the Makefiles so people with 5896 variant versions can use them easily. Suggested by 5897 Peter Collinson of Hillside Systems. 5898 SMTP "MAIL" commands with multiple ESMTP parameters required two 5899 spaces between parameters instead of one. Reported by 5900 Valdis Kletnieks of Virginia Tech. 5901 Reduce the number of system calls during message collection by 5902 using global timeouts around the collect() loop. This 5903 code was contributed by Eric Wassenaar. 5904 If the initial hostname name gathering results in a name 5905 without a dot (usually caused by NIS misconfiguration) 5906 and BIND is compiled in, directly access DNS to get 5907 the canonical name. This should make life easier for 5908 Solaris systems. If it still can't be resolved, and 5909 if the name server is listed as "required", try again 5910 in 30 seconds. If that also fails, exit immediately to 5911 avoid bogus "config error: mail loops back to myself" 5912 messages. 5913 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error 5914 message to explain how much space was available and 5915 sound a bit less threatening. Suggested by Stan Janet 5916 of the National Institute of Standards and Technology. 5917 If mail is delivered to an alias that has an owner, deliver any 5918 requested return-receipt immediately, and strip the 5919 Return-Receipt-To: header from the subsequent message. 5920 This prevents a certain class of denial of service 5921 attack, arguably gives more reasonable semantics, and 5922 moves things more towards what will probably become a 5923 network standard. Suggested by Christopher Davis of 5924 Kapor Enterprises. 5925 Add a "noreceipts" privacy flag to turn off all return receipts 5926 without recompiling. 5927 Avoid printing ESMTP parameters as part of the error message 5928 if there are errors during parsing. This change is 5929 purely cosmetic. 5930 Avoid sending out error messages during the collect phase of 5931 SMTP; there is an MVS mailer from UCLA that gets 5932 confused by this. Of course, I think it's their bug.... 5933 Check for the $j macro getting undefined, losing a dot, or getting 5934 lost from $=w in the daemon before accepting a connection; 5935 if it is, it dumps state, prints a LOG_ALERT message, 5936 and drops core for debugging. This is an attempt to 5937 track down a bug that I thought was long since gone. 5938 If you see this, please forward the log fragment to 5939 sendmail@sendmail.ORG. 5940 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off 5941 with -DOLD_NEWDB=0 on the command line. From Christophe 5942 Wolfhugel. 5943 Instead of trying to truncate the listen queue for the server 5944 SMTP port when the load average is too high, just close 5945 the port completely and reopen it later as needed. 5946 This ensures that the other end gets a quick "connection 5947 refused" response, and that the connection can be 5948 recovered later. In particular, some socket emulations 5949 seem to get confused if you tweak the listen queue 5950 size around and can never start listening to connections 5951 again. The down side is that someone could start up 5952 another daemon process in the interim, so you could 5953 have multiple daemons all not listening to connections; 5954 this could in turn cause the sendmail.pid file to be 5955 incorrect. A better approach might be to accept the 5956 connection and give a 421 code, but that could break 5957 other mailers in mysterious ways and have paging behavior 5958 implications. 5959 Fix a glitch in TCP-level debugging that caused flag 16.101 to 5960 set debugging on the wrong socket. From Eric Wassenaar. 5961 When creating a df* temporary file, be sure you truncate any 5962 existing data in the file -- otherwise system crashes 5963 and the like could result in extra data being sent. 5964 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the 5965 doc directory. This includes some additional 5966 information. 5967 CONFIG: change UUCP rules to never add $U! or $k! on the front 5968 of recipient envelope addresses. This should have been 5969 handled by the $&h trick, but broke if people were 5970 mixing domainized and UUCP addresses. They should 5971 probably have converted all the way over to uucp-uudom 5972 instead of uucp-{new,old}, but the failure mode was to 5973 loop the mail, which was bad news. 5974 Portability fixes: 5975 Newer BSDI systems (several people). 5976 Older BSDI systems from Christophe Wolfhugel. 5977 Intergraph CLIX, from Paul Southworth of CICNet. 5978 UnixWare, from Evan Champion. 5979 NetBSD from Adam Glass. 5980 Solaris from Quentin Campbell of the University of 5981 Newcastle upon Tyne. 5982 IRIX from Dean Cookson and Bill Driscoll of Mitre 5983 Corporation. 5984 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. 5985 SunOS (it has setsid() and setvbuf() calls) from 5986 Jonathan Kamens of OpenVision Technologies. 5987 HP-UX from Tor Lillqvist. 5988 New Files: 5989 src/Makefile.CLIX 5990 src/Makefile.NCR3000 5991 doc/changes/Makefile 5992 doc/changes/changes.me 5993 doc/changes/changes.ps 5994 59958.6.8/8.6.6 1994/03/21 5996 SECURITY: it was possible to read any file as root using the 5997 E (error message) option. Reported by Richard Jones; 5998 fixed by Michael Corrigan and Christophe Wolfhugel. 5999 60008.6.7/8.6.6 1994/03/14 6001 SECURITY: it was possible to get root access by using weird 6002 values to the -d flag. Thanks to Alain Durand of 6003 INRIA for forwarding me the notice from the bugtraq 6004 list. 6005 60068.6.6/8.6.6 1994/03/13 6007 SECURITY: the ability to give files away on System V-based 6008 systems proved dangerous -- don't run as the owner 6009 of a :include: file on a system that allows giveaways. 6010 Unfortunately, this also applies to determining a 6011 valid shell. 6012 IMPORTANT: Previous versions weren't expiring old connections 6013 in the connection cache for a long time under some 6014 circumstances. This could result in resource exhaustion, 6015 both at your end and at the other end. This checks the 6016 connections for timeouts much more frequently. From 6017 Doug Anderson of NCSC. 6018 Fix a glitch that snuck in that caused programs to be run as 6019 the sender instead of the recipient if the mail was 6020 from a local user to another local user. From 6021 Motonori Nakamura of Kyoto University. 6022 Fix "wildcard" on /etc/shells matching -- instead of looking 6023 for "*", look for "/SENDMAIL/ANY/SHELL/". From 6024 Bryan Costales of ICSI. 6025 Change the method used to declare the "statfs" availability; 6026 instead of HASSTATFS and/or HASUSTAT with a ton of 6027 tweaking in conf.c, there is a single #define called 6028 SFS_TYPE which takes on one of six values (SFS_NONE 6029 for no statfs availability, SFS_USTAT for the ustat(2) 6030 syscall, SFS_4ARGS for a four argument statfs(2) call, 6031 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument 6032 statfs(2) call with the declarations in <sys/vfs.h>, 6033 <sys/mount.h>, or <sys/statfs.h> respectively). 6034 Fix glitch in NetInfo support that could return garbage if 6035 there was no "/locations/sendmail" property. From 6036 David Meyer of the University of Virginia. 6037 Change HASFLOCK from defined/not-defined to a 0/1 definition 6038 to allow Linux to turn it off even though it is a 6039 BSD-like system. 6040 Allow setting of "ident" timeout to zero to turn off the ident 6041 protocol entirely. 6042 Make 7-bit stripping local to a connection (instead of to a 6043 mailer); this allows you to specify that SMTP is a 6044 7-bit channel, but revert to 8-bit should it advertise 6045 that it supports 8BITMIME. You still have to specify 6046 mailer flag 7 to get this stripping at all. 6047 Improve makesendmail script so it handles more cases automatically. 6048 Tighten up restrictions on taking ownership of :include: files 6049 to avoid problems on systems that allow you to give away 6050 files. 6051 Fix a problem that made it impossible to rebuild the alias 6052 file if it was on a read-only file system. From 6053 Harry Edmon of the University of Washington. 6054 Improve MX randomization function. From John Gardiner Myers 6055 of CMU. 6056 Fix a minor glitch causing a bogus message to be printed (used 6057 %s instead of %d in a printf string for the line number) 6058 when a bad queue file was read. From Harry Edmon. 6059 Allow $s to remain NULL on locally generated mail. I'm not 6060 sure this is necessary, but a lot of people have complained 6061 about it, and there is a legitimate question as to whether 6062 "localhost" is legal as an 822-style domain. 6063 Fix a problem with very short line lengths (mailer L= flag) in 6064 headers. This causes a leading space to be added onto 6065 continuation lines (including in the body!), and also 6066 tries to wrap headers containing addresses (From:, To:, 6067 etc) intelligently at the shorter line lengths. Problem 6068 Reported by Lars-Johan Liman of SUNET Operations Center. 6069 Log the real user name when logging syserrs, since these can have 6070 security implications. Suggested by several people. 6071 Fix address logging of cached connections -- it used to always 6072 log the numeric address as zero. This is a somewhat 6073 bogus implementation in that it does an extra system 6074 call, but it should be an inexpensive one. Fix from 6075 Motonori Nakamura. 6076 Tighten up handling of short syslog buffers even more -- there 6077 were cases where the outgoing relay= name was too long 6078 to share a line with delay= and mailer= logging. 6079 Limit the overhead on split envelopes to one open file descriptor 6080 per envelope -- previously the overhead was three 6081 descriptors. This was in response to a problem reported 6082 by P{r (Pell) Emanuelsson. 6083 Fixes to better handle the case of unexpected connection closes; 6084 this redirects the output to the transcript so the info 6085 is not lost. From Eric Wassenaar. 6086 Fix potential string overrun if you macro evaluate a string that 6087 has a naked $ at the end. Problem noted by James Matheson 6088 <jmrm@eng.cam.ac.uk>. 6089 Make default error number on $#error messages 553 (``Requested 6090 action not taken: mailbox name not allowed'') instead of 6091 501 (``Syntax error in parameters or arguments'') to 6092 avoid bogus "protocol error" messages. 6093 Strip off any existing trailing dot on names during $[ ... $] 6094 lookup. This prevents it from ending up with two dots 6095 on the end of dot terminated names. From Wesley Craig 6096 of the University of Michigan and Bryan Costales of ICSI. 6097 Clean up file class reading so that the debugging information is 6098 more informative. It hadn't been using setclass, so you 6099 didn't see the class items being added. 6100 Avoid core dump if you are running a version of sendmail where 6101 NIS is compiled in, and you specify an NIS map, but 6102 NIS is not running. Fix from John Oleynick of 6103 Rutgers. 6104 Diagnose bizarre case where res_search returns a failure value, 6105 but sets h_errno to a success value. 6106 Make sure that "too many hops" messages are considered important 6107 enough to send an error to the Postmaster (that is, the 6108 address specified in the P option). This fix should 6109 help problems that cause the df file to be left around 6110 sometimes -- unfortunately, I can't seem to reproduce 6111 the problem myself. 6112 Avoid core dump (null pointer reference) on EXPN command; this 6113 only occurred if your log level was set to 10 or higher 6114 and the target account was an alias or had a .forward file. 6115 Problem noted by Janne Himanka. 6116 Avoid "denial of service" attacks by someone who is flooding your 6117 SMTP port with bad commands by shutting the connection 6118 after 25 bad commands are issued. From Kyle Jones of 6119 UUNET. 6120 Fix core dump on error messages with very long "to" buffers; 6121 fmtmsg overflows the message buffer. Fixed by trimming 6122 the to address to 203 characters. Problem reported by 6123 John Oleynick. 6124 Fix configuration for HASFLOCK -- there were some spots where 6125 a #ifndef was incorrectly #ifdef. Pointed out by 6126 George Baltz of the University of Maryland. 6127 Fix a typo in savemail() that could cause the error message To: 6128 lists to be incorrect in some places. From Motonori 6129 Nakamura. 6130 Fix a glitch that can cause duplicate error messages on split 6131 envelopes where an address on one of the lists has a 6132 name server failure. Fix from Voradesh Yenbut of the 6133 University of Washington. 6134 Fix possible bogus pointer reference on ESMTP parameters that 6135 don't have an ``=value'' part. 6136 CNAME loops caused an error message to be generated, but also 6137 re-queued the message. Changed to just re-queue the 6138 message (it's really hard to just bounce it because 6139 of the weird way the name server works in the presence 6140 of CNAME loops). Problem noted by James M.R.Matheson 6141 of Cambridge University. 6142 Avoid giving ``warning: foo owned process doing -bs'' messages 6143 if they use ``MAIL FROM:<foo>'' where foo is their true 6144 user name. Suggested by Andreas Stolcke of ICSI. 6145 Change the NAMED_BIND compile flag to be a 0/1 flag so you can 6146 override it easily in the Makefile -- that is, you can 6147 turn it off using -DNAMED_BIND=0. 6148 If a gethostbyname(...) of an address with a trailing dot fails, 6149 try it without the trailing dot. This is because if 6150 you have a version of gethostbyname() that falls back 6151 to NIS or the /etc/hosts file it will fail to find 6152 perfectly reasonable names that just don't happen to 6153 be dot terminated in the hosts file. You don't want to 6154 strip the dot first though because we're trying to ensure 6155 that country names that match one of your subdomains get 6156 a chance. 6157 PRALIASES: fix bogus output on non-null-terminated strings. 6158 From Bill Gianopoulos of Raytheon. 6159 CONFIG: Avoid rewriting anything that matches $w to be $j. 6160 This was in code intended to only catch the self-literal 6161 address (that is, [1.2.3.4], where 1.2.3.4 is your 6162 IP address), but the code was broken. However, it will 6163 still do this if $M is defined; this is necessary to 6164 get client configurations to work (sigh). Note that this 6165 means that $M overrides :mailname entries in the user 6166 database! Problem noted by Paul Southworth. 6167 CONFIG: Fix definition of Solaris help file location. From 6168 Steve Cliffe <steve@gorgon.cs.uow.edu.au>. 6169 CONFIG: Fix bug that broke news.group.USENET mappings. 6170 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, 6171 and USENET_MAILER_MAX to tweak the maximum message 6172 size for various mailers. 6173 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] 6174 instead of assuming that it is "inews" for consistency 6175 with other mailers. From Michael Corrigan of UC San Diego. 6176 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, 6177 qualify the address in the SMTP envelope as user@{relay|hub} 6178 instead of user@$j. From Bill Wisner of The Well. 6179 CONFIG: Fix route-addr syntax in nullrelay configuration set. 6180 CONFIG: Don't turn off case mapping of user names in the local 6181 mailer for IRIX. This was different than most every other 6182 system. 6183 CONFIG: Avoid infinite loops on certainly list:; syntaxes in 6184 envelope. Noted by Thierry Besancon 6185 <besancon@excalibur.ens.fr>. 6186 CONFIG: Don't include -z by default on uux line -- most systems 6187 don't want it set by default. Pointed out by Philippe 6188 Michel of Thomson CSF. 6189 CONFIG: Fix some bugs with mailertables -- for example, if your 6190 host name was foo.bar.ray.com and you matched against 6191 ".ray.com", the old implementation bound %1 to "bar" 6192 instead of "foo.bar". Also, allow "." in the mailertable 6193 to match anything -- essentially, take over SMART_HOST. 6194 This also moves matching of explicit local host names 6195 before the mailertable so they don't have to be special 6196 cased in the mailertable data. Reported by Bill 6197 Gianopoulos of Raytheon; the fix for the %1 binding 6198 problem was contributed by Nicholas Comanos of the 6199 University of Sydney. 6200 CONFIG: Don't include "root" in class $=L (users to deliver 6201 locally, even if a hub or relay exists) by default. 6202 This is because of the known bug where definition of 6203 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore 6204 both and deliver into the local mailbox. 6205 CONFIG: Move up bitdomain and uudomain handling so that they 6206 are done before .UUCP class matching; uudomain was 6207 reported as ineffective before. This also frees up 6208 diversion 8 for future use. Problem reported by Kimmo 6209 Suominen. 6210 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) 6211 into host names. As pointed out by Jonathan Kamens, 6212 these are often used because either the forward or reverse 6213 mapping is broken; this translation makes it broken again. 6214 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo 6215 Suominen. 6216 Portability fixes: 6217 Unicos from David L. Kensiski of Sterling Software. 6218 DomainOS from Don Lewis of Silicon Systems. 6219 GNU m4 1.0.3 from Karst Koymans of Utrecht University. 6220 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. 6221 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. 6222 BSD/386 from Tony Sanders of BSDI. 6223 Apollo from Eric Wassenaar. 6224 DGUX from Doug Anderson. 6225 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. 6226 NEW FILES: 6227 src/Makefile.DomainOS 6228 src/Makefile.PTX 6229 src/Makefile.SunOS.5.1 6230 src/Makefile.SunOS.5.2 6231 src/Makefile.SunOS.5.x 6232 src/mailq.1 6233 cf/ostype/domainos.m4 6234 doc/op/Makefile 6235 doc/intro/Makefile 6236 doc/usenix/Makefile 6237 62388.6.5/8.6.5 1994/01/13 6239 Security fix: /.forward could be owned by anyone (the test 6240 to allow root to own any file was backwards). From 6241 Bob Campbell at U.C. Berkeley. 6242 Security fix: group ids were not completely set when programs 6243 were invoked. This caused programs to have group 6244 permissions they should not have had (usually group 6245 daemon instead of their own group). In particular, 6246 Perl scripts would refuse to run. 6247 Security: check to make sure files that are written are not 6248 symbolic links (at least under some circumstances). 6249 Although this does not respond to a specific known 6250 attack, it's just a good idea. Suggested by 6251 Christian Wettergren. 6252 Security fix: if a user had an NFS mounted home directory on 6253 a system with a restricted shell listed in their 6254 /etc/passwd entry, they could still execute any 6255 program by putting that in their .forward file. 6256 This fix prevents that by insisting that their shell 6257 appear in /etc/shells before allowing a .forward to 6258 execute a program or write a file. You can disable 6259 this by putting "*" in /etc/shells. It also won't 6260 permit world-writable :include: files to reference 6261 programs or files (there's no way to disable this). 6262 These behaviors are only one level deep -- for 6263 example, it is legal for a world-writable :include: 6264 file to reference an alias that writes a file, on 6265 the assumption that the alias file is well controlled. 6266 Security fix: root was not treated suspiciously enough when 6267 looking into subdirectories. This would potentially 6268 allow a cracker to examine files that were publicly 6269 readable but in a non-publicly searchable directory. 6270 Fix a problem that causes an error on QUIT on a cached 6271 connection to create problems on the current job. 6272 These are typically unrelated, so errors occur in 6273 the wrong place. 6274 Reset CurrentLA in sendall() -- this makes sendmail queue 6275 runs more responsive to load average, and fixes a 6276 problem that ignored the load average in locally 6277 generated mail. From Eric Wassenaar. 6278 Fix possible core dump on aliases with null LHS. From 6279 John Orthoefer of BB&N. 6280 Revert to using flock() whenever possible -- there are just 6281 too many bugs in fcntl() locking, particularly over 6282 NFS, that cause sendmail to fail in perverse ways. 6283 Fix a bug that causes the connection cache to get confused 6284 when sending error messages. This resulted in 6285 "unexpected close" messages. It should fix itself 6286 on the following queue run. Problem noted by 6287 Liudvikas Bukys of the University of Rochester. 6288 Include $k in $=k as documented in the Install & Op Guide. 6289 This seems odd, but it was documented.... From 6290 Michael Corrigan of UCSD. 6291 Fix problem that caused :include:s from alias files to be 6292 forced to be owned by root instead of daemon 6293 (actually DefUid). From Tim Irvin. 6294 Diagnose unrecognized I option values -- from Mortin Forssen 6295 of the Chalmers University of Technology. 6296 Make "error" mailer work consistently when there is no error 6297 code associated with it -- previously it returned OK 6298 even though there was a real problem. Now it assumes 6299 EX_UNAVAILABLE. 6300 Fix bug that caused the last header line of messages that had 6301 no body and which were terminated with EOF instead of 6302 "." to be discarded. Problem noted by Liudvikas Bukys. 6303 Fix core dump on SMTP mail to programs that failed -- it tried 6304 to go to a "next MX host" when none existed, causing 6305 a core dump. From der Mouse at McGill University. 6306 Change IDENTPROTO from a defined/not defined to a 0/1 switch; 6307 this makes it easier to turn it off (using 6308 -DIDENTPROTO=0 in the Makefile). From der Mouse. 6309 Fix YP_MASTER_NAME store to use the unupdated result of 6310 gethostname() (instead of myhostname(), which tries 6311 to fully qualify the name) to be consistent with 6312 SunOS. If your hostname is unqualified, this fixes 6313 transfers to slave servers. Bug noted by Keith 6314 McMillan of Ameritech Services, Inc. 6315 Fix Ultrix problem: gethostbyname() can return a very large 6316 (> 500) h_length field, which causes the sockaddr 6317 to be trashed. Use the size of the sockaddr instead. 6318 Fix from Bob Manson of Ohio State. 6319 Don't assume "-a." on host lookups if NAMED_BIND is not 6320 defined -- this confuses gethostbyname on hosts 6321 file lookups, which doesn't understand the trailing 6322 dot convention. 6323 Log SMTP server subprocesses that die with a signal instead 6324 of from a clean exit. 6325 If you don't have option "I" set, don't assume that a DNS 6326 "host unknown" message is authoritative -- it 6327 might still be found in /etc/hosts. 6328 Fix a problem that would cause Deferred: messages to be sent 6329 as the subject of an error message, even though the 6330 actual cause of a message was more severe than that. 6331 Problem noted by Chris Seabrook of OSSI. 6332 Fix race condition in DBM alias file locking. From Kyle 6333 Jones of UUNET. 6334 Limit delivery syslog line length to avoid bugs in some 6335 versions of syslog(3). This adds a new compile time 6336 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton 6337 University, which is in turn derived from IDA. 6338 Fix quotes inside of comments in addresses -- previously 6339 it insisted that they be balanced, but the 822 spec 6340 says that they should be ignored. 6341 Dump open file state to syslog upon receiving SIGUSR1 (for 6342 debugging). This also evaluates ruleset 89, if set 6343 (with the null input), and logs the result. This 6344 should be used sparingly, since the rewrite process 6345 is not reentrant. 6346 Change -qI, -qR, and -qS flags to be case-insensitive as 6347 documented in the Bat Book. 6348 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not 6349 return an error message and did not requeue the message. 6350 Fix based on code from Roland Dirlewanger of 6351 Reseau Regional Aquarel, Bordeaux, France. 6352 Fix a problem that caused a seg fault if you got a 421 error 6353 code during some parts of connection initialization. 6354 I've only seen this when talking to buggy mailers on 6355 the other end, but it shouldn't give a seg fault in 6356 any case. From Amir Plivatsky. 6357 Fix core dump caused by a ruleset call that returns null. 6358 Fix from Bryan Costales of ICSI. 6359 Full-Name: field was being ignored. Fix from Motonori Nakamura 6360 of Kyoto University. 6361 Fix a possible problem with very long input lines in setproctitle. 6362 From P{r Emanuelsson. 6363 Avoid putting "This is a warning message" out on return receipts. 6364 Suggested by Douglas Anderson. 6365 Detect loops caused by recursive ruleset calls. Suggested by 6366 Bryan Costales. 6367 Initialize non-alias maps during alias rebuilds -- they may be 6368 needed for parsing. Problem noted by Douglas Anderson. 6369 Log sender address even if no message was collected in SMTP 6370 (e.g., if all RCPTs failed). Suggested by Motonori 6371 Nakamura. 6372 Don't reflect the owner-list contents into the envelope sender 6373 address if the value contains ", :, /, or | (to avoid 6374 illegal addresses appearing there). 6375 Efficiency hack for toktype macro -- from Craig Partridge of 6376 BB&N. 6377 Clean up DNS error printing so that a host name is always 6378 included. 6379 Remember to set $i during queue runs. Reported by Stephen 6380 Campbell of Dartmouth University. 6381 If the environment variable HOSTALIASES is set, use it during 6382 canonification as the name of a file with per-user host 6383 translations so that headers are properly mapped. Reported 6384 by Anne Bennett of Concordia University. 6385 Avoid printing misleading error message if SMTP mailer (not 6386 using [IPC]) should die on a core dump. 6387 Avoid incorrect diagnosis of "file 1 closed" when it is caused 6388 by the other end closing the connection. From 6389 Dave Morrison of Oracle. 6390 Improve several of the error messages printed by "mailq" 6391 to include a host name or other useful information. 6392 Add NetInfo preliminary support for NeXT systems. From Vince 6393 DeMarco. 6394 Fix a glitch that sometimes caused :include:s that pointed to 6395 NFS filesystems that were down to give an "aliasing/ 6396 forwarding loop broken" message instead of queueing 6397 the message for retry. Noted by William C Fenner of 6398 the NRL Connection Machine Facility. 6399 Fix a problem that could cause a core dump if the input sequence 6400 had (or somehow acquired) a \231 character. 6401 Make sure that route-addrs always have <angle brackets> around 6402 them in non-SMTP envelopes (SMTP envelopes already do 6403 this properly). 6404 Avoid weird headers on unbalanced punctuation of the form: 6405 ``Joe User <user)'' -- this caused reference to the 6406 null macro. Fix from Rick McCarty of IO.COM. 6407 Fix a problem that caused an alias "user: user@local.host" to 6408 not have the QNOTREMOTE bit set; this caused configs 6409 to act as if FEATURE(notsticky) was defined even when 6410 it was not. The effect of the problem was to make it 6411 very hard to to set up satellite sites that had a few 6412 local accounts, with everything else forwarded to a 6413 corporate hub. Reported by Detlef Drewanz of the 6414 University of Rostock and Mark Frost of NCD. 6415 Change queuing to not call rulesets 3, {1 or 2}, 4 on header 6416 addresses. This is more efficient (fewer name server 6417 calls) and fixes certain unusual configurations, such 6418 as those that have ruleset 4 do something that is 6419 non-idempotent unless a mailer-specific ruleset did 6420 something else. Problem reported by Brian J. Coan 6421 of the Institute for Global Communications. 6422 Fix the "obsolete argument" routine in main to better understand 6423 new arguments. For example, if you used ``sendmail 6424 -C config -v -q'' it would choke on the -q because 6425 the -C would stop looking for old-format arguments. 6426 Fix the code that was intended to allow two users to forward their 6427 mail to the same program and have them appear unique. 6428 Portability fixes for: 6429 SCO UNIX from Murray Kucherawy. 6430 SCO Open Server 3.2v4 from Philippe Brand. 6431 System V Release 4 from Rick Ellis and others. 6432 OSF/1 from Steve Campbell. 6433 DG/UX from Ben Mesander of the USGS and Bryan Curnutt 6434 of Stoner Associates. 6435 Motorola SysV88 from Kevin Johnson of Motorola. 6436 Solaris 2.3 from Casper H.S. Dik of the University 6437 of Amsterdam and John Caruso of University 6438 of Maryland. 6439 FreeBSD from Ollivier Robert. 6440 NetBSD from Adam Glass. 6441 TitanOS from Kate Hedstrom of Rutgers University. 6442 Irix from Bryan Curnutt. 6443 Dynix from Jim Davis of the University of Arizona. 6444 RISC/os. 6445 Linux from John Kennedy of California State University 6446 at Chico. 6447 Solaris 2.x from Tony Boner of the U.S. Air Force. 6448 NEXTSTEP 3.x from Vince DeMarco. 6449 HP-UX from various people. NOTA BENE: the location 6450 of the config file has moved to /usr/lib 6451 to match the HP-UX version of sendmail. 6452 CONFIG: Don't do any recipient rewriting on relay mailer; 6453 since this is intended only for internal use, the 6454 usual RFC 821/822/1123 rules can be relaxed. The 6455 main point of this is to avoid munging (ugh) UUCP 6456 addresses when relaying internally. 6457 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; 6458 syntax addresses delivered via UUCP. Solution 6459 provided by Peter Wemm. 6460 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset 6461 zero; it caused double @ signs in addresses. From 6462 Irving Reid of the University of Toronto. 6463 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 6464 from Markku Toijala of ICL Personal Systems Oy. 6465 CONFIG: Add trailing "." on pseudo-domains for consistency; 6466 this fixes a problem (noted by Al Whaley of Sunnyside) 6467 that made it hard to recognize your own pseudodomain 6468 names. 6469 CONFIG: catch "@host" syntax errors (i.e., null local-parts) 6470 rather than letting them get "local configuration 6471 error"s. Problem noted by John Gardiner Myers. 6472 CONFIG: add uucp-uudom mailer variant, based on code posted 6473 by Spider Boardman <spider@Orb.Nashua.NH.US>; this 6474 has uucp-dom semantics but old UUCP syntax. This 6475 also permits "uucp-old" as an alias for "uucp" and 6476 "uucp-new" as a synonym for "suucp" for consistency. 6477 CONFIG: add POP mailer support (from Kimmo Suominen 6478 <kim@grendel.lut.fi>). 6479 CONFIG: drop CSNET_RELAY support -- CSNET is long gone. 6480 CONFIG: fix bug caused with domain literal addresses (e.g., 6481 ``[128.32.131.12]'') when FEATURE(allmasquerade) 6482 was set; it would get an additional @masquerade.host 6483 added to the address. Problem noted by Peter Wan 6484 of Georgia Tech. 6485 CONFIG: make sure that the local UUCP name is in $=w. From 6486 Jim Murray of Stratus. 6487 CONFIG: changes to UUCP rewriting to simulate IDA-style "V" 6488 mailer flag. Briefly, if you are sending to host 6489 "foo", then it rewrites "foo!...!baz" to "...!baz", 6490 "foo!baz" remains "foo!baz", and anything else has 6491 the local name prepended. 6492 CONFIG: portability fixes for HP-UX. 6493 DOC: several minor problems fixed in the Install & Op Guide. 6494 MAKEMAP: fix core dump problem on lines that are too long or 6495 which lack newline. From Mark Delany. 6496 MAILSTATS: print sums of columns (total messages & kbytes 6497 in and out of the system). From Tom Ferrin of UC 6498 San Francisco Computer Graphics Lab. 6499 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: 6500 On HP-UX, /etc/sendmail.cf has been moved to 6501 /usr/lib/sendmail.cf to match HP sendmail. 6502 Permissions have been tightened up on world-writable 6503 :include: files and accounts that have shells 6504 that are not listed in /etc/shells. This may 6505 cause some .forward files that have worked 6506 before to start failing. 6507 SIGUSR1 dumps some state to the log. 6508 NEW FILES: 6509 src/Makefile.DGUX 6510 src/Makefile.Dynix 6511 src/Makefile.FreeBSD 6512 src/Makefile.Mach386 6513 src/Makefile.NetBSD 6514 src/Makefile.RISCos 6515 src/Makefile.SCO 6516 src/Makefile.SVR4 6517 src/Makefile.Titan 6518 cf/mailer/pop.m4 6519 cf/ostype/bsdi1.0.m4 6520 cf/ostype/dgux.m4 6521 cf/ostype/dynix3.2.m4 6522 cf/ostype/sco3.2.m4 6523 makemap/Makefile.dist 6524 praliases/Makefile.dist 6525 65268.6.4/8.6.4 1993/10/31 6527 Repair core-dump problem (write to read-only memory segment) 6528 if you fall back to the return-to-Postmaster case in 6529 savemail. Problem reported by Richard Liu. 6530 Immediately diagnose bogus sender addresses in SMTP. This 6531 makes quite certain that crackers can't use this 6532 class of attack. 6533 Reliability Fix: check return value from fclose() and fsync() 6534 in a few critical places. 6535 Minor problem in initsys() that reversed a condition for 6536 redirecting the output channel on queue runs. It's 6537 not clear this code even does anything. From Eric 6538 Wassenaar of the Dutch National Institute for Nuclear 6539 and High-Energy Physics. 6540 Fix some problems that caused queue runs to do "too much work", 6541 such as double-reading the Errors-To: header. From 6542 Eric Wassenaar. 6543 Error messages on writing the temporary file (including the 6544 data file) were getting suppressed in SMTP -- this 6545 fix causes them to be properly reported. From Eric 6546 Wassenaar. 6547 Some changes to support AF_UNIX sockets -- this will only 6548 really become relevant in the next release, but some 6549 people need it for local patches. From Michael 6550 Corrigan of UC San Diego. 6551 Use dynamically allocated memory (instead of static buffers) 6552 for macros defined in initsys() and settime(); since 6553 these can have different values depending on which 6554 envelope they are in. From Eric Wassenaar. 6555 Improve logging to show ctladdr on to= logging; this tells you 6556 what uid/gid processes ran as. 6557 Fix a problem that caused error messages to be discarded if 6558 the sender address was unparseable for some reason; 6559 this was supposed to fall back to the "return to 6560 postmaster" case. 6561 Improve aliaswait backoff algorithm. 6562 Portability patches for Linux (8.6.3 required another header 6563 file) (from Karl London) and SCO UNIX. 6564 CONFIG: patch prog mailer to not strip host name off of envelope 6565 addresses (so that it matches local again). From 6566 Christopher Davis. 6567 CONFIG: change uucp-dom mailer so that "<>" translates to $n; 6568 this prevents uux from seeing lines with null names like 6569 ``From Sat Oct 30 14:55:31 1993''. From Motonori 6570 Nakamura of Kyoto University. 6571 CONFIG: handle <list:;> syntax correctly. This isn't legal, but 6572 it shouldn't fail miserably. From Motonori Nakamura. 6573 65748.6.2/8.6.2 1993/10/15 6575 Put a "successful delivery" message in the transcript for 6576 addresses that get return-receipts. 6577 Put a prominent "this is only a warning" message in warning 6578 messages -- some people don't read carefully enough 6579 and end up sending the message several times. 6580 Include reason for temporary failure in the "warning" return 6581 message. Currently, it just says "cannot send for 6582 four hours". 6583 Fix the "Original message received" time generated for 6584 returntosender messages. It was previously listed as 6585 the current time. Bug reported by Eric Hagberg of 6586 Cornell University Medical College. 6587 If there is an error when writing the body of a message, 6588 don't send the trailing dot and wait for a response 6589 in sender SMTP, as this could cause the connection to 6590 hang up under some bizarre circumstances. From Eric 6591 Wassenaar. 6592 Fix some server SMTP synchronization problems caused when 6593 connections fail during message collection. From 6594 Eric Wassenaar. 6595 Fix a problem that can cause srvrsmtp to reject mail if the 6596 name server is down -- it accepts the RCPT but rejects 6597 the DATA command. Problem reported by Jim Murray of 6598 Stratus. 6599 Fix a problem that can cause core dumps if the config file 6600 incorrectly resolves to a null hostname. Reported by 6601 Allan Johannesen of WPI. 6602 Non-root use of -C flag, dangerous -f flags, and use of -oQ 6603 by non-root users were not put into 6604 X-Authentication-Warning:s as intended because the 6605 config file hadn't set the PrivacyOptions yet. Fix 6606 from Sven-Ove Westberg of the University of Lulea. 6607 Under very odd circumstances, the alias file rebuild code 6608 could get confused as to whether a database was 6609 open or not. 6610 Check "vendor code" on the end of V lines -- this is 6611 intended to provide a hook for vendor-specific 6612 configuration syntax. (This is a "new feature", 6613 but I've made an exception to my rule in a belief 6614 that this is a highly exceptional case.) 6615 Portability fixes for DG/UX (from Douglas Anderson of NCSC), 6616 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 6617 (from Jon Forrest of UC Berkeley) 6618 CONFIG: fix ``mailer:host'' form of UUCP relay naming. 6619 66208.6.1/8.6 1993/10/08 6621 Portability fixes for A/UX and Encore UMAX V. 6622 Fix error message handling -- if you had a name server down 6623 causing an error during parsing, that message was never 6624 propagated to the queue file. 6625 66268.6/8.6 1993/10/05 6627 Configuration cleanup: make it easier to undo IDENTPROTO in 6628 conf.h (other systems have the same bug). 6629 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume 6630 getdtablesize() instead of sysconf(); a disturbingly 6631 large number of systems defined _SC_OPEN_MAX in the 6632 header files but don't have the syscall. 6633 Another patch to really truly ignore MX records in getcanonname 6634 if trymx == FALSE. 6635 Fix problem that caused the "250 IAA25499 Message accepted for 6636 delivery" message to be omitted if there was an error 6637 in the header of the message (e.g., a bad Errors-To: 6638 line). Pointed out by Michael Corrigan of UCSD. 6639 Announce name of host we are chatting when we get errors; this 6640 is an IDA-ism suggested by Christophe Wolfhugel. 6641 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the 6642 Australian Artificial Intelligence Institute), SCO Unix 6643 (from Murray Kucherawy of Hookup Communication Corp.), 6644 NeXT (from Vince DeMarco and myself), Linux (from 6645 Karl London <karl@borg.demon.co.uk>), BSDI (from 6646 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo 6647 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. 6648 Some changes to get around gcc optimizer bugs. From Takahiro 6649 Kanbe. 6650 Fix error recovery in queueup if another tf file of the same 6651 name already exists. Problem stumbled over by Bill 6652 Wisner of The Well. 6653 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. 6654 Problem noted by Keith McMillan of Ameritech Services. 6655 Deal with group permissions properly when opening .forward and 6656 :include: files. This relaxes the 8.1C restrictions 6657 slightly more. This includes proper setting of groups 6658 when reading :include: files, allowing you to read some 6659 files that you should be able to read but have previously 6660 been denied unless you owned them or they had "other" 6661 read permission. 6662 Make certain that $j is in $=w (after the .cf is read) so that 6663 if the user is forced to override some silly system, 6664 MX suppression will still work. 6665 Fix a couple of efficiency problems where newstr was double- 6666 calling expensive routines. In at least one case, it 6667 wasn't guaranteed that they would always return the 6668 same result. Problem noted by Christophe Wolfhugel. 6669 Fix null pointer dereference in putoutmsg -- only on an error 6670 condition from a non-SMTP mailer. From Motonori 6671 Nakamura. 6672 Macro expand "C" line class definitions before scanning so that 6673 "CX $Z" works. 6674 Fix problem that caused error message to be sent while still 6675 trying to send the original message if the connection 6676 is closed during a DATA command after getting an error 6677 on an RCPT command (pretty obscure). Problem reported 6678 by John Myers of CMU. 6679 Fix reply to NOOP to be 250 instead of 200 -- this is a long 6680 term bug. 6681 Fix a nasty bug causing core dumps when returning the "warning: 6682 cannot deliver for N hours -- will keep trying" message; 6683 it only occurred if you had PostmasterCopy set and 6684 only on some architectures. Although sendmail would 6685 keep trying, it would send error messages on each 6686 queue interval. This is an important fix. 6687 Allow u and g options to take user and group names respectively. 6688 Don't do a chdir into the queue directory in -bt mode to make 6689 ruleset testing a bit easier. 6690 Don't allow users to turn off logging (using -oL) on the command 6691 line -- command line can only raise, not lower, logging 6692 level. 6693 Set $u to the original recipient on the SMTP transaction or on 6694 the command line. This is only done if there is exactly 6695 one recipient. Technically, this does not meet the 6696 specs, because it does not guarantee a domain on the 6697 address. 6698 Fix a problem that dumped error messages on bad addresses if 6699 you used the -t flag. Problem noted by Josh Smith of 6700 Harvey Mudd College. 6701 Given an address such as ``<foo> <bar>'', auto-quote the first 6702 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to 6703 avoid the problem of people who use angle brackets in 6704 their full name information. 6705 Fix a null pointer dereference if you set option "l", have 6706 an Errors-To: header in the message, and have Errors-To: 6707 defined in the config file H lines. From J.R. Oldroyd. 6708 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get 6709 wrong when compiling. Suggested by Rick McCarty of TI. 6710 Fix a problem that could pass negative SIZE parameter if the 6711 df file got lost; this would cause servers to always 6712 give a temporary failure, making the problem even worse. 6713 Problem noted by Allan Johannesen of WPI. 6714 Add "ident" timeout (one of the "r" option selectors) for IDENT 6715 protocol timeouts (30s default). Requested by Murray 6716 Kucherawy of HookUp Communication Corp. to handle bogus 6717 PC TCP/IP implementations. 6718 Change $w default definition to be just the first component of 6719 the domain name on config level 5. The $j macro defaults 6720 to the FQDN; $m remains as before. This lets well-behaved 6721 config files use any of the short, long, or subdomain 6722 names. 6723 Add makesendmail script in src to try to automate multi-architecture 6724 builds. I know, this is sub-optimal, but it is still 6725 helpful. 6726 Fix very obscure race condition that can cause a queue run to 6727 get a queue file for an already completed job. This 6728 problem has existed for years. Problem noted by the 6729 long suffering Allan Johannesen of WPI. 6730 Fix a problem that caused the raw sender name to be passed to 6731 udbsender instead of the canonified name -- this caused 6732 it to sometimes miss records that it should have found. 6733 Relax check of name on HELO packet so that a program using -bs 6734 that claims to be itself works properly. 6735 Restore rewriting of $: part of address through 2, R, 4 in 6736 buildaddr -- this requires passing a lot of flags to get 6737 it right. Unlike old versions, this ONLY rewrites 6738 recipient addresses, not sender addresses. 6739 Fix a bug that caused core dumps in config files that cannot 6740 resolve /file/name style addresses. Fix from Jonathan 6741 Kamens of OpenVision Technologies. 6742 Fix problem with fcntl locking that can cause error returns to 6743 be lost if the lock is lost; this required fully 6744 queueing everything, dropping the envelope (so errors 6745 would get returned), and then re-reading the queue from 6746 scratch. 6747 Fix a problem that caused aliases that redefine an otherwise 6748 true address to still send to the original address 6749 if and only if the alias failed in certain bizarre 6750 ways (e.g, if they pointed at a list:; syntax address). 6751 Problem pointed out by Jonathan Kamens. 6752 Remove support for frozen configuration files. They caused 6753 more trouble than it was worth. 6754 Fix problem that can cause error messages to get ignored when 6755 using both -odb and -t flags. Problem noted by Rob 6756 McNicholas at U.C. Berkeley. 6757 Include all "normal" variations on hostname in $=w. For example, 6758 if the host name is vangogh.cs.berkeley.edu, $=w will 6759 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. 6760 Add "restrictqrun" privacy flag -- without this, anyone can run 6761 the queue. 6762 Reset SmtpPhase global on initial connection creation so that 6763 messages don't come out with stale information. 6764 Pass an "ext" argument to lockfile so that error/log messages 6765 will properly reflect the true filename being locked. 6766 Put all [...] address forms into $=w -- this eliminates the need 6767 for MAXIPADDR in conf.h. Suggested by John Gardiner 6768 Myers of CMU. 6769 Fix a bug that can cause qf files to be left around even after 6770 an SMTP RSET command. Problem and fix from Michael 6771 Corrigan. 6772 Don't send a PostmasterCopy to errors when the Precedence: is 6773 negative. Error reports still go to the envelope 6774 sender address. 6775 Add LA_SHORT for load averages. 6776 Lock sendmail.st file when posting statistics. 6777 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to 6778 set the size of the TCP send and receive buffers; if you 6779 run over a slow slip line you may need to set these down 6780 (although it would be better to fix the SLIP implementation 6781 so that it's not necessary to recompile every program 6782 that does bulk data transfer). 6783 Allow null defaults on $( ... $) lookups. Problem reported by 6784 Amir Plivatsky. 6785 Diagnose crufty S and V config lines. This resulted from an 6786 observation that some people were using the SITE macro 6787 without the SITECONFIG macro first, which was causing 6788 bogus config files that were not caught. 6789 Fix makemap -f flag to turn off case folding (it was turning it 6790 on instead). THIS IS A USER VISIBLE CHANGE!!! 6791 Fix a problem that caused multiple error messages to be sent if 6792 you used "sendmail -t -oem -odb", your system uses fcntl 6793 locking, and one of the recipient addresses is unknown. 6794 Reset uid earlier in include() so that recursive .forwards or 6795 :include:s don't use the wrong uid. 6796 If file descriptor 0, 1, or 2 was closed when sendmail was 6797 called, the code to recover the descriptor was broken. 6798 This sometimes (only sometimes) caused problems with the 6799 alias file. Fix from Motonori Nakamura. 6800 Fix a problem that caused aliaswait to go into infinite recursion 6801 if the @:@ metasymbol wasn't found in the alias file. 6802 Improve error message on newaliases if database files cannot be 6803 opened or if running with no database format defined. 6804 Do a better estimation of the size of error messages when NoReturn 6805 is set. Problem noted by P{r (Pell) Emanuelsson. 6806 Fix a problem causing the "c" option (don't connect to expensive 6807 mailers) to be ignored in SMTP. Problem noted and the 6808 solution suggested by Robert Elz of The University of 6809 Melbourne. 6810 Improve connection caching algorithm by passing "[host]" to 6811 hostsignature, which strips the square brackets and 6812 returns the real name. This allows mailertable entries 6813 to match regular entries. 6814 Re-enable Return-Receipt-To: -- people seem to want this stupid 6815 feature, even if it doesn't work right. 6816 Catch and log attempts to try the "wiz" command in server SMTP. 6817 This also ups the log level from LOG_NOTICE to LOG_CRIT. 6818 Be more generous at assigning $z to the home directory -- do this 6819 for programs that are specified through a .forward file. 6820 Fix from Andrew Chang of Sun Microsystems. 6821 Always save a fatal error message in preference to a non-fatal 6822 error message so that the "subject" line of return 6823 messages is the best possible. 6824 CONFIG: reduce the number of quotes needed to quote configuration 6825 parameters with commas: two quotes should work now, e.g., 6826 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). 6827 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom 6828 connections (domain-ized UUCP). 6829 CONFIG: fix bug in default maps (-o must be before database file 6830 name). Pointed out by Christophe Wolfhugel. 6831 CONFIG: add FEATURE(nodns) to state that we are not relying on 6832 DNS. This would presumably be used in UUCP islands. 6833 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). 6834 CONFIG: log $u in Received: line. This is in technical violation 6835 of the standards, since it doesn't guarantee a domain 6836 on the address. 6837 CONFIG: don't assume "m" in local mailer flags -- this means that 6838 if you redefine LOCAL_MAILER_FLAGS you will have to include 6839 the "m" flag should you want it. Apparently some Solaris 2.2 6840 installations can't handle multiple local recipients. 6841 Problem noted by Josh Smith. 6842 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). 6843 CONFIG: change default version level from 4 to 5. 6844 CONFIG: add FEATURE(nullclient) to create a config file that 6845 forwards all mail to a hub without ever looking at the 6846 addresses in any detail. 6847 CONFIG: properly strip mailer: information off of relays when 6848 used to change .BITNET form into %-hack form. 6849 CONFIG: fix a problem that caused infinite loops if presented 6850 with an address such as "!foo". 6851 CONFIG: check for self literal (e.g., [128.32.131.12]) even if 6852 the reverse "PTR" mapping is broken. There's a better 6853 way to do this, but the change is fairly major and I 6854 want to hold it for another release. Problem noted by 6855 Bret Marquis. 6856 68578.5/8.5 1993/07/23 6858 Serious bug: if you used a command line recipient that was unknown 6859 sendmail would not send a return message (it was treating 6860 everything as though it had an SMTP-style client that 6861 would do the return itself). Problem noted by Josh Smith. 6862 Change "trymx" option in getcanonname() to ignore all MX data, 6863 even during a T_ANY query. This actually didn't break 6864 anything, because the only time you called getcanonname 6865 with !trymx was if you already knew there were no MX 6866 records, but it is somewhat cleaner. From Motonori 6867 Nakamura. 6868 Don't call getcanonname from getmxrr if you already know there 6869 are no DNS records matching the name. 6870 Fix a problem causing error messages to always include "The 6871 original message was received ... from localhost". 6872 The correct original host information is now included. 6873 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their 6874 version of "test" doesn't have the -x flag). Change it 6875 to use -f instead. From John Myers. 6876 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to 6877 esmtp -- it should be smtp. 6878 CONFIG: send all relayed mail using confRELAY_MAILER (defaults 6879 to "relay" (a variant of "smtp") if MAILER(smtp) is used, 6880 else "suucp" if MAILER(uucp) is used, else "unknown"); 6881 this cleans up the configs somewhat. This fixes a serious 6882 problem that caused route-addrs to get mistaken as relays, 6883 pointed out by John Myers. WARNING: this also causes 6884 the default on SMART_HOST to change from "suucp" to 6885 "relay" if you have MAILER(smtp) specified. 6886 68878.4/8.4 1993/07/22 6888 Add option `w'. If you receive a message that comes to you because 6889 you are the best (lowest preference) target of an MX, and 6890 you haven't explicitly recognized the source MX host in 6891 your .cf file, this option will cause you to try the target 6892 host directly (as if there were no MX for it at all). If 6893 `w' is not set, this case is a configuration error. 6894 Beware: if `w' is set, senders may get bogus errors like 6895 "message timed out" or "host unknown" for problems that 6896 are really configuration errors. This option is 6897 disrecommended, provided only for compatibility with 6898 UIUC sendmail. 6899 Fix a problem that caused the incoming socket to be left open 6900 when sendmail forks after the DATA command. This caused 6901 calling systems to wait in FIN_WAIT_2 state until the 6902 entire list was processed and the child closed -- a 6903 potentially prodigious amount of time. Problem noted 6904 by Neil Rickert. 6905 Fix problem (created in 6.64) that caused mail sent to multiple 6906 addresses, one of which was a bad address, to completely 6907 suppress the sending of the message. This changes 6908 handling of EF_FATALERRS somewhat, and adds an 6909 EF_GLOBALERRS flag. This also fixes a potential problem 6910 with duplicate error messages if there is a syntax error 6911 in the header of a message that isn't noticed until late 6912 in processing. Original problem pointed out by Josh Smith 6913 of Harvey Mudd College. This release includes quite a bit 6914 of dickering with error handling (see below). 6915 Back out SMTP transaction if MAIL gets nested 501 error. This 6916 will only hurt already-broken software and should help 6917 humans. 6918 Fix a problem that broke aliases when neither NDBM nor NEWDB were 6919 compiled in. It would never read the alias file. 6920 Repair unbalanced `)' and `>' (the "open" versions are already 6921 repaired). 6922 Logging of "done" in dropenvelope() was incorrect: it would 6923 log this even when the queue file still existed. Change 6924 this to only log "done" (at log level 11) when the 6925 queue file is actually removed. From John Myers. 6926 Log "lost connection" in server SMTP at log level 20 if there 6927 is no pending transaction. Some senders just close the 6928 connection rather than sending QUIT. 6929 Fix a bug causing getmxrr to add a dot to the end of unqualified 6930 domains that do not have MX records -- this would cause 6931 the subsequent host name lookup to fail. The problem 6932 only occurred if you had FEATURE(nocanonify) set. 6933 Problem noted by Rick McCarty of Texas Instruments. 6934 Fix invocation of setvbuf when passed a -X flag -- I had 6935 unwittingly used an ANSI C extension, and this caused 6936 core dumps on some machines. 6937 Diagnose self-destructive alias loops on RCPT as well as EXPN. 6938 Previously it just gave an empty send queue, which 6939 then gave either "Need RCPT (recipient)" at the DATA 6940 (confusing, since you had given an RCPT command which 6941 returned 250) or just dropped the email, depending on 6942 whether you were running VERBose mode. Now it usually 6943 diagnoses this case as "aliasing/forwarding loop broken". 6944 Unfortunately, it still doesn't adequately diagnose 6945 some true error conditions. 6946 Add internal concept of "warning messages" using 6xx codes. 6947 These are not reported only to Postmaster. Unbalanced 6948 parens, brackets, and quotes are printed as 653 codes. 6949 They are always mapped to 5xx codes before use in SMTP. 6950 Clean up error messages to tell both the actual address that 6951 failed and the alias they arose from. This makes it 6952 somewhat easier to diagnose problems. Difficulty noted 6953 by Motonori Nakamura. 6954 Fix a problem that inappropriately added a ctladdr to addresses 6955 that shouldn't have had one during a queue run. This 6956 caused error messages to be handled differently during 6957 a queue run than a direct run. 6958 Don't print the qf name and line number if you get errors during 6959 the direct run of the queue from srvrsmtp -- this was 6960 just extra stuff for users to crawl through. 6961 Put command line flags on second line of pid file so you can 6962 auto-restart the daemon with all appropriate arguments. 6963 Use "kill `head -1 /etc/sendmail.pid`" to stop the 6964 daemon, and "eval `tail -1 /etc/sendmail.pid`" to 6965 restart it. 6966 Remove the ``setuid(getuid())'' in main -- this caused the 6967 IDENT daemon to screw up. This required that I change 6968 HASSETEUID to HASSETREUID and complicate the mode 6969 changing somewhat because both Ultrix and SunOS seem 6970 to have a bug causing seteuid() to set the saved uid 6971 as well as the effective. The program test/t_setreuid.c 6972 will test to see if your implementation of setreuid(2) 6973 is appropriately functional. 6974 The FallBackMX (option V) handling failed to properly identify 6975 fallback to yourself -- most of the code was there, 6976 but it wasn't being enabled. Problem noted by Murray 6977 Kucherawy of the University of Waterloo. 6978 Change :include: open timeout from ETIMEDOUT to an internal 6979 code EOPENTIMEOUT; this avoids adding "during SmtpPhase 6980 with CurHostName" in error messages, which can be 6981 confusing. Reported by Jonathan Kamens of OpenVision 6982 Technologies. 6983 Back out setpgrp (setpgid on POSIX systems) call to reset the 6984 process group id. The original fix was to get around 6985 some problems with recalcitrant MUAs, but it breaks 6986 any call from a shell that creates a process group id 6987 different from the process id. I could try to fix 6988 this by diddling the tty owner (using tcsetpgrp or 6989 equivalent) but this is too likely to break other 6990 things. 6991 Portability changes: 6992 Support -M as equivalent to -oM on Ultrix -- apparently 6993 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs 6994 instead of using standard flags. Oh joy. This 6995 behavior reported by Jon Giltner of University 6996 of Colorado. 6997 SGI IRIX -- this includes several changes that should 6998 help other strict ANSI compilers. 6999 SCO Unix -- from Murray Kucherawy of HookUp Communication 7000 Corporation. 7001 Solaris running the Sun C compiler (which despite the 7002 documentation apparently doesn't define 7003 __STDC__ by default). 7004 ConvexOS from Eric Schnoebelen of Convex. 7005 Sony NEWS workstations and Omron LUNA workstations from 7006 Motonori Nakamura. 7007 CONFIG: add confTRY_NULL_MX_LIST to set option `w'. 7008 CONFIG: delete `C' and `e' from default SMTP mailers flags; 7009 several people have made a good argument that this 7010 creates more problems than it solves (although this 7011 may prove painful in the short run). 7012 CONFIG: generalize all the relays to accept a "mailer:host" 7013 format. 7014 CONFIG: move local processing in ruleset 0 into a new ruleset 7015 98 (8 on old sendmail). Domain literal [a.b.c.d] 7016 addresses are also passed through this ruleset. 7017 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, 7018 internet-style addresses would "fall off the end" of 7019 ruleset zero and be interpreted as local -- however, 7020 the angle brackets confused the recursive call. 7021 These are now diagnosed as "Unrecognized host name". 7022 CONFIG: USENET rules weren't included in S0 because of a mistaken 7023 ifdef(`_MAILER_USENET_') instead of 7024 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik 7025 of SINTEF RUNIT, Oslo. 7026 CONFIG: move up LOCAL_RULE_0 processing so that it happens very 7027 early in ruleset 0; this allows .mc authors to bypass 7028 things like the "short circuit" code for local addresses. 7029 Prompted by a comment by Bill Wisner of The Well. 7030 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or 7031 esmtp) to send SMTP mail. This allows you to default 7032 to esmtp but use a mailertable or other override to 7033 deal with broken servers. This logic was pointed out 7034 to me by Bill Wisner. Ditto for confLOCAL_MAILER. 7035 Changes to cf/sh/makeinfo.sh to make it portable to SVR4 7036 environments. Ugly as sin. 7037 70388.3/8.3 1993/07/13 7039 Fix setuid problems introduced in 8.2 that caused messages 7040 like "Cannot create qfXXXXXX: Invalid argument" 7041 or "Cannot reopen dfXXXXXX: Permission denied". This 7042 involved a new compile flag "HASSETEUID" that takes 7043 the place of the old _POSIX_SAVED_IDS -- it turns out 7044 that the POSIX interface is broken enough to break 7045 some systems badly. This includes some fixes for 7046 HP-UX. Also fixes problems where the real uid is 7047 not reset properly on startup (from Neil Rickert). 7048 Fix a problem that caused timed out messages to not report the 7049 addresses that timed out. Error messages are also more 7050 "user friendly". 7051 Drop required bandwidth on connections from 64 bytes/sec to 7052 16 bytes/sec. 7053 Further Solaris portability changes -- doesn't require the BSD 7054 compatibility library. This also adds a new 7055 "HASGETDTABLESIZE" compile flag which can be used if 7056 you want to use getdtablesize(2) instead of sysconf(2). 7057 These are loosely based on changes from David Meyer at 7058 University of Oregon. This now seems to work, at least 7059 for quick test cases. 7060 Fix a problem that can cause duplicate error messages to be 7061 sent if you are in SMTP, you send to multiple addresses, 7062 and at least one of those addresses is good and points 7063 to an account that has a .forward file (whew!). 7064 Fix a problem causing messages to be discarded if checkcompat() 7065 returned EX_TEMPFAIL (because it didn't properly mark 7066 the "to" address). Problem noted by John Myers. 7067 Fix dfopen to return NULL if the open failed; I was depending 7068 on fdopen(-1) returning NULL, which isn't the case. This 7069 isn't serious, but does result in weird error diagnoses. 7070 From Michael Corrigan. 7071 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of 7072 messages sent through UUCP-family mailers. Suggested 7073 by Bill Wisner of The Well. 7074 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, 7075 include a "uucp-dom" mailer that uses domain-style 7076 addressing. Suggested by Bill Wisner. 7077 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match 7078 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by 7079 Christophe Wolfhugel. 7080 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 7081 70828.2/8.2 1993/07/11 7083 Don't drop out on config file parse errors in -bt mode. 7084 On older configuration files, assume option "l" (use Errors-To 7085 header) for back compatibility. NOTE: this DOES NOT 7086 imply an endorsement of the Errors-To: header in any way. 7087 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? 7088 Don't log errors on EHLO -- it isn't a "real" error for an old 7089 SMTP server to give an error on this command, and 7090 logging it in the transcript can be confusing. Fix 7091 from Bill Wisner. 7092 IRIX compatibility changes provided by Dan Rich 7093 <drich@sandman.lerc.nasa.gov>. 7094 Solaris 2 compatibility changes. Provided by Bob Cunningham 7095 <bob@kahala.soest.hawaii.edu>, John Oleynick 7096 <juo@klinzhai.rutgers.edu> 7097 Debugging: -d17 was overloaded (hostsignature and usersmtp.c); 7098 move usersmtp (smtpinit and smtpmailfrom) to -d18 to 7099 match the other flags in that file. 7100 Flush transcript before fork in mailfile(). From Eric Wassenaar. 7101 Save h_errno in mci struct and improve error message display. 7102 Changes from Eric Wassenaar. 7103 Open /dev/null for the transcript if the create of the xf file 7104 failed; this avoids at least one possible null pointer 7105 reference in very weird cases. From Eric Wassenaar. 7106 Clean up statistics gathering; it was over-reporting because of 7107 forks. From Eric Wassenaar. 7108 Fix problem that causes old Return-Path: line to override new 7109 Return-Path: line (conf.c needs H_FORCE to avoid 7110 re-using old value). From Motonori Nakamura. 7111 Fix broken -m flag in K definition -- even if -m (match only) 7112 was specified, it would still replace the key with the 7113 value. Noted by Rick McCarty of Texas Instruments. 7114 If the name server timed out over several days, no "timed out" 7115 message would ever be sent back. The timeout code 7116 has been moved from markfailure() to dropenvelope() 7117 so that all such failures should be diagnosed. Pointed 7118 out by Christophe Wolfhugel and others. 7119 Relax safefile() constraints: directories in an include or 7120 forward path must be readable by self if the controlling 7121 user owns the entry, readable by all otherwise (e.g., 7122 when reading your .forward file, you have to own and 7123 have X permission in it; everyone needs X permission in 7124 the root and directories leading up to your home); 7125 include files must be readable by anyone, but need not 7126 be owned by you. 7127 If _POSIX_SAVED_IDS is defined, setuid to the owner before 7128 reading a .forward file; this gets around some problems 7129 on NFS mounts if root permission is not exported and 7130 the user's home directory isn't x'able. 7131 Additional NeXT portability enhancements from Axel Zinser. 7132 Additional HP-UX portability enhancements from Brian Bullen. 7133 Add a timeout around SMTP message writes; this assumes you can 7134 get throughput of at least 64 bytes/second. Note that 7135 this does not impact the "datafinal" default, which 7136 is separate; this is just intended to work around 7137 network clogs that will occur before the final dot 7138 is sent. From Eric Wassenaar. 7139 Change map code to set the "include null" flag adaptively -- 7140 it initially tries both, but if it finds anything 7141 matching without a null it never tries again with a 7142 null and vice versa. If -N is specified, it never 7143 tries without the null and creates new maps with a 7144 null byte. If -O is specified, it never tries with 7145 the null (for efficiency). If -N and -O are specified, 7146 you get -NO (get it?) lookup at all, so this would 7147 be a bad idea. If you don't specify either -N or -O, 7148 it adapts. 7149 Fix recognition of "same from address" so that MH submissions 7150 will insert the appropriate full name information; 7151 this used to work and got broken somewhere along the 7152 way. 7153 Some changes to eliminate some unnecessary SYSERRs in the 7154 log. For example, if you lost a connection, don't 7155 bother reporting that fact on the connection you lost. 7156 Add some "extended debugging" flags to try to track down 7157 why we get occasional problems with file descriptor 7158 one being closed when execing a mailer; it seems to 7159 only happen when there has been another error in the 7160 same transaction. This requires XDEBUG, defined 7161 by default in conf.h. 7162 Add "-X filename" command line flag, which logs both sides of 7163 all SMTP transactions. This is intended ONLY for 7164 debugging bad implementations of other mailers; start 7165 it up, send a message from a mailer that is failing, 7166 and then kill it off and examine the indicated log. 7167 This output is not intended to be particularly human 7168 readable. This also adds the HASSETVBUF compile 7169 flag, defaulted on if your compiler defines __STDC__. 7170 CONFIG: change SMART_HOST to override an SMTP mailer. If you 7171 have a local net that should get direct connects, you 7172 will need to use LOCAL_NET_CONFIG to catch these hosts. 7173 See cf/README for an example. 7174 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle 7175 sites that don't use the -d flag. 7176 CONFIG: hide recipient addresses as well as sender addresses 7177 behind $M if FEATURE(allmasquerade) is specified; this 7178 has been requested by several people, but can break 7179 local aliases. For example, if you mail to "localalias" 7180 this will be rewritten as "localalias@masqueradehost"; 7181 although initial delivery will work, replies will be 7182 broken. Use it sparingly. 7183 CONFIG: add FEATURE(domaintable). This maps unqualified domains 7184 to qualified domains in headers. I believe this is 7185 largely equivalent to the IDA feature of the same name. 7186 CONFIG: use $U as UUCP name instead of $k. This permits you 7187 to override the "system name" as your UUCP name -- 7188 in particular, to use domain-ized UUCP names. From 7189 Bill Wisner of The Well. 7190 CONFIG: create new mailer "esmtp" that always tries EHLO 7191 first. This is currently unused in the config files, 7192 but could be used in a mailertable entry. 7193 71948.1C/8.1B 1993/06/27 7195 Serious security bug fix: it was possible to read any file on 7196 the system, regardless of ownership and permissions. 7197 If a subroutine returns a fully qualified address, return it 7198 immediately instead of feeding it back into rewriting. 7199 This fixes a problem with mailertable lookups. 7200 CONFIG: fix some M4 frotz (concat => CONCAT) 7201 72028.1B/8.1A 1993/06/12 7203 Serious bug fix: pattern matching backup algorithm stepped by 7204 two tokens in classes instead of one. Found by Claus 7205 Assmann at University of Kiel, Germany. 7206 72078.1A/8.1A 1993/06/08 7208 Another mailertable fix.... 7209 72108.1/8.1 1993/06/07 7211 4.4BSD freeze. No semantic changes. 7212