RELEASE_NOTES revision 82017
1 SENDMAIL RELEASE NOTES 2 $Id: RELEASE_NOTES,v 8.561.2.5.2.261 2001/08/20 14:45:32 gshapiro Exp $ 3 4 5This listing shows the version of the sendmail binary, the version 6of the sendmail configuration files, the date of release, and a 7summary of the changes in that release. 8 98.11.6/8.11.6 2001/08/20 10 SECURITY: Fix a possible memory access violation when specifying 11 out-of-bounds debug parameters. Problem detected by 12 Cade Cairns of SecurityFocus. 13 Avoid leaking recipient information in unrelated DSNs. This could 14 happen if a connection is aborted, several mails had been 15 scheduled for delivery via that connection, and the timeout 16 is reached such that several DSNs are sent next. Problem 17 noted by Dileepan Moorkanat of Hewlett-Packard. 18 Fix a possible segmentation violation when specifying too many 19 wildcard operators in a rule. Problem detected by 20 Werner Wiethege. 21 Avoid a segmentation fault on non-matching Hesiod lookups. Problem 22 noted by Russell McOrmond of flora.ca 23 248.11.5/8.11.5 2001/07/31 25 Fix a possible race condition when sending a HUP signal to restart 26 the daemon. This could terminate the current process without 27 starting a new daemon. Problem reported by Wolfgang Breyha 28 of SE Netway Communications. 29 Only apply MaxHeadersLength when receiving a message via SMTP or 30 the command line. Problem noted by Andrey J. Melnikoff. 31 When finding the system's local hostname on an IPv6-enabled system 32 which doesn't have any IPv6 interface addresses, fall back 33 to looking up only IPv4 addresses. Problem noted by Tim 34 Bosserman of EarthLink. 35 When commands were being rejected due to check_relay or TCP 36 Wrappers, the ETRN command was not giving a response. 37 Incoming IPv4 connections on a Family=inet6 daemon (using 38 IPv4-mapped addresses) were incorrectly labeled as "may be 39 forged". Problem noted by Per Steinar Iversen of Oslo 40 University College. 41 Shutdown address test mode cleanly on SIGTERM. Problem noted by 42 Greg King of the OAO Corporation. 43 Restore the original real uid (changed in main() to prevent 44 out of band signals) before invoking a delivery agent. 45 Some delivery agents use this for the "From " envelope 46 "header". Problem noted by Leslie Carroll of the 47 University at Albany. 48 Mark closed file descriptors properly to avoid reuse. Problem 49 noted by Jeff Bronson of J.D. Bronson, Inc. 50 Setting Timeout options on the command line will also override 51 their sub-suboptions in the .cf file, e.g., -O 52 Timeout.queuereturn=2d will set all queuereturn timeouts 53 to 2 days. Problem noted by Roger B.A. Klorese. 54 Portability: 55 BSD/OS has a broken setreuid() implementation. Problem 56 noted by Vernon Schryver of Rhyolite Software. 57 BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?). 58 Noted by Vernon Schryver of Rhyolite Software. 59 BSD/OS has fchown(2). Noted by Dave Yadallee of Netline 60 2000 Internet Solutions Inc. 61 Solaris 2.X and later have strerror(3). From Sebastian 62 Hagedorn of Cologne University. 63 CONFIG: Fix parsing for IPv6 domain literals in addresses 64 (user@[IPv6:address]). Problem noted by Liyuan Zhou. 65 668.11.4/8.11.4 2001/05/28 67 Clean up signal handling routines to reduce the chances of heap 68 corruption and other potential race conditions. 69 Terminating and restarting the daemon may not be 70 instantaneous due to this change. Also, non-root users can 71 no longer send out-of-band signals. Problem reported by 72 Michal Zalewski of BindView. 73 If LogLevel is greater than 9 and SASL fails to negotiate an 74 encryption layer, avoid core dump logging the encryption 75 strength. Problem noted by Miroslav Zubcic of Crol. 76 If a server offers "AUTH=" and "AUTH " and the list of mechanisms is 77 different in those two lines, sendmail might not have 78 recognized (and used) all of the offered mechanisms. 79 Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch 80 from Kenji Miyake. 81 This time, really don't use the .. directory when expanding 82 QueueDirectory wildcards. 83 If a process is interrupted while closing a map, don't try to close 84 the same map again while exiting. 85 Allow local mailers (F=l) to contact remote hosts (e.g., via 86 LMTP). Problem noted by Norbert Klasen of the University 87 of Tuebingen. 88 If Timeout.QueueReturn was set to a value less the time it took 89 to write a new queue file (e.g., 0 seconds), the bounce 90 message would be lost. Problem noted by Lorraine L Goff of 91 Oklahoma State University. 92 Pass map argument vector into map rewriting engine for the regex 93 and prog map types. Problem noted by Stephen Gildea of 94 InTouch Systems, Inc. 95 When closing an LDAP map due to a temporary error, close all of the 96 other LDAP maps which share the original map's connection 97 to the LDAP server. Patch from Victor Duchovni of 98 Morgan Stanley. 99 To detect changes of NDBM aliases files check the timestamp of the 100 .pag file instead of the .dir file. Problem noted by Neil 101 Rickert of Northern Illinois University. 102 Don't treat temporary hesiod lookup failures as permanent. Patch 103 from Werner Wiethege. 104 If ClientPortOptions is set, make sure to create the outgoing socket 105 with the family set in that option. Patch from Sean Farley. 106 Avoid a segmentation fault trying to dereference a NULL pointer 107 when logging a MaxHopCount exceeded error with an empty 108 recipient list. Problem noted by Chris Adams of HiWAAY 109 Internet Services. 110 Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich 111 Windl of the Universitaet Regensburg. 112 Fix DSN for "mail loops back to me" bounces. Problem noticed by 113 Kari Hurtta of the Finnish Meteorological Institute. 114 Portability: 115 OpenBSD has a broken setreuid() implementation. 116 CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back 117 to 553 since it is allowed by DRUMS. 118 CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X. 119 DEVTOOLS: install.sh did not properly handle paths in the source 120 file name argument. Noted by Kari Hurtta of the Finnish 121 Meteorological Institute. 122 DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD 123 since it generates random process ids. 124 PRALIASES: Add back adaptive algorithm to deal with different endings 125 of entries in the database (with/without trailing '\0'). 126 Patch from John Beck of Sun Microsystems. 127 New Files: 128 cf/ostype/freebsd4.m4 129 1308.11.3/8.11.3 2001/02/27 131 Prevent a segmentation fault when a bogus value was used in the 132 LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus 133 option was used. Problem noted by Allan E Johannesen of 134 Worcester Polytechnic Institute. 135 Prevent "token too long" message by shortening {currHeader} which 136 could be too long if the last copied character was a quote. 137 Problem detected by Jan Krueger of digitalanswers 138 communications consulting gmbh. 139 Additional IPv6 check for unspecified addresses. Patch from 140 Jun-ichiro itojun Hagino of the KAME Project. 141 Do not ignore the ClientPortOptions setting if DaemonPortOptions 142 Modifier=b (bind to same interface) is set and the 143 connection came in from the command line. 144 Do not bind to the loopback address if DaemonPortOptions 145 Modifier=b (bind to same interface) is set. Patch from 146 John Beck of Sun Microsystems. 147 Properly deal with open failures on non-optional maps used in 148 check_* rulesets by returning a temporary failure. 149 Buffered file I/O files were not being properly fsync'ed to disk 150 when they were committed. 151 Properly encode '=' for the AUTH= parameter of the MAIL command. 152 Problem noted by Hadmut Danisch. 153 Under certain circumstances the macro {server_name} could be set 154 to the wrong hostname (of a previous connection), which may 155 cause some rulesets to return wrong results. This would 156 usually cause mail to be queued up and delivered later on. 157 Ignore F=z (LMTP) mailer flag if $u is given in the mailer A= 158 equate. Problem noted by Motonori Nakamura of Kyoto 159 University. 160 Work around broken accept() implementations which only partially 161 fill in the peer address if the socket is closed before 162 accept() completes. 163 Return an SMTP "421" temporary failure if the data file can't be 164 opened where the "354" reply would normally be given. 165 Prevent a CPU loop in trying to expand a macro which doesn't exist 166 in a queue run. Problem noted by Gordon Lack of Glaxo 167 Wellcome. 168 If delivering via a program and that program exits with EX_TEMPFAIL, 169 note that fact for the mailq display instead of just showing 170 "Deferred". Problem noted by Motonori Nakamura of Kyoto 171 University. 172 If doing canonification via /etc/hosts, try both the fully 173 qualified hostname as well as the first portion of the 174 hostname. Problem noted by David Bremner of the 175 University of New Brunswick. 176 Portability: 177 Fix a compilation problem for mail.local and rmail if SFIO 178 is in use. Problem noted by Auteria Wally 179 Winzer Jr. of Champion Nutrition. 180 IPv6 changes for platforms using KAME. Patch from 181 Jun-ichiro itojun Hagino of the KAME Project. 182 OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and 183 higher has BSDI-style login classes. Patch from 184 Todd C. Miller of Courtesan Consulting. 185 Unixware 7.1.1 doesn't allow h_errno to be set directly if 186 sendmail is being compiled with -kthread. Problem 187 noted by Orion Poplawski of CQG, Inc. 188 CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and 189 current left hand side for $LHS in virtuser files. 190 DEVTOOLS: Do not pass make targets to recursive Build invocations. 191 Problem noted by Jeff Bronson of J.D. Bronson, Inc. 192 MAIL.LOCAL: In LMTP mode, do not return errors regarding problems 193 storing the temporary message file until after the remote 194 side has sent the final DATA termination dot. Problem 195 noted by Allan E Johannesen of Worcester Polytechnic 196 Institute. 197 MAIL.LOCAL: If LMTP mode is set, give a temporary error if users 198 are also specified on the command line. Patch from 199 Motonori Nakamura of Kyoto University. 200 PRALIASES: Skip over AliasFile specifications which aren't based on 201 database files (i.e., only show dbm, hash, and btree). 202 Renamed Files: 203 devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x 204 2058.11.2/8.11.2 2000/12/29 206 Prevent a segmentation fault when trying to set a class in 207 address test mode due to a negative array index. Audit 208 other array indexing. This bug is not believed to be 209 exploitable. Noted by Michal Zalewski of the "Internet for 210 Schools" project (IdS). 211 Add an FFR (for future release) to drop privileges when using 212 address test mode. This will be turned on in 8.12. It can 213 be enabled by compiling with: 214 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS') 215 in your devtools/Site/site.config.m4 file. Suggested by 216 Michal Zalewski of the "Internet for Schools" project (IdS). 217 Fix potential problem with Cyrus-SASL security layer which may have 218 caused I/O errors, especially for mechanism DIGEST-MD5. 219 When QueueSortOrder was set to host, sendmail might not read 220 enough of the queue file to determine the host, making the 221 sort sub-optimal. Problem noted by Jeff Earickson of 222 Colby College. 223 Don't issue DSNs for addresses which use the NOTIFY parameter (per 224 RFC 1891) but don't have FAILURE as value. 225 Initialize Cyrus-SASL library before the SMTP daemon is started. 226 This implies that every change to SASL related files requires 227 a restart of the daemon, e.g., Sendmail.conf, new SASL 228 mechanisms (in form of shared libraries). 229 Properly set the STARTTLS related macros during a queue run for 230 a cached connection. Bug reported by Michael Kellen of 231 NxNetworks, Inc. 232 Log the server name in relay= for ruleset tls_server instead of the 233 client name. 234 Include original length of bad field/header when reporting 235 MaxMimeHeaderLength problems. Requested by Ulrich Windl of 236 the Universitat Regensburg. 237 Fix delivery to set-user-ID files that are expanded from aliases in 238 DeliveryMode queue. Problem noted by Ric Anderson of the 239 University of Arizona. 240 Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano 241 of Collective Technologies. 242 Avoid using a negative argument for sleep() calls when delaying answers 243 to EXPN/VRFY commands on systems which respond very slowly. 244 Problem noted by Mikolaj J. Habryn of Optus Internet 245 Engineering. 246 Make sure the F=u flag is set in the default prog mailer 247 definition. Problem noted by Kari Hurtta of the Finnish 248 Meteorological Institute. 249 Fix IPv6 check for unspecified addresses. Patch from 250 Jun-ichiro itojun Hagino of the KAME Project. 251 Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish 252 Meteorological Institute. 253 Fix parsing of DaemonPortOptions and ClientPortOptions. Read all 254 of the parameters to find Family= setting before trying to 255 interpret Addr= and Port=. Problem noted by Valdis 256 Kletnieks of Virginia Tech. 257 When delivering to a file directly from an alias, do not call 258 initgroups(); instead use the DefaultUser group information. 259 Problem noted by Marc Schaefer of ALPHANET NF. 260 RunAsUser now overrides the ownership of the control socket, if 261 created. Otherwise, sendmail can not remove it upon 262 close. Problem noted by Werner Wiethege. 263 Fix ConnectionRateThrottle counting as the option is the number of 264 overall connections, not the number of connections per 265 socket. A future version may change this to per socket 266 counting. 267 Portability: 268 Clean up libsmdb so it functions properly on platforms 269 where sizeof(u_int32_t) != sizeof(size_t). Problem 270 noted by Rein Tollevik of Basefarm AS. 271 Fix man page formatting for compatibility with Solaris' 272 whatis. From Stephen Gildea of InTouch Systems, Inc. 273 UnixWare 7 includes snprintf() support. From Larry 274 Rosenman. 275 IPv6 changes for platforms using KAME. Patch from 276 Jun-ichiro itojun Hagino of the KAME Project. 277 Avoid a typedef compile conflict with Berkeley DB 3.X and 278 Solaris 2.5 or earlier. Problem noted by Bob Hughes 279 of Pacific Access. 280 Add preliminary support for AIX 5. Contributed by 281 Valdis Kletnieks of Virginia Tech. 282 Solaris 9 load average support from Andrew Tucker of Sun 283 Microsystems. 284 CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r') 285 is used. Problem noted by Phil Homewood of Asia Online, 286 patch from Neil Rickert of Northern Illinois University. 287 CONFIG: Change the default DNS based blacklist server for 288 FEATURE(`dnsbl') to blackholes.mail-abuse.org. 289 CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e., 290 implicitly assume canonical host names. 291 CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on 292 patch by Motonori Nakamura of Kyoto University. 293 CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of 294 Virginia Tech. 295 CONFIG: Pass the illegal header form <list:;> through untouched 296 instead of making it worse. Problem noted by Motonori 297 Nakamura of Kyoto University. 298 CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`). 299 CONTRIB: qtool.pl: An empty queue is not an error. Problem noted 300 by Jan Krueger of digitalanswers communications consulting 301 gmbh. 302 CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark 303 Roth of the University of Illinois at Urbana-Champaign. 304 DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4 305 variables into bldOS, bldREL, and bldARCH to prevent 306 namespace collisions. Problem noted by Motonori Nakamura 307 of Kyoto University. 308 RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It 309 causes some changes in behavior and may break rmail for 310 installations where sendmail is actually a wrapper to 311 another MTA. The change will re-appear in a future 312 version. 313 SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X, 314 and SunOS 5.8. Requested by Jeff A. Earickson of Colby 315 College and John Beck of Sun Microsystems. 316 VACATION: Fix pattern matching for addresses to ignore. 317 VACATION: Don't reply to addresses of the form owner-* 318 or *-owner. 319 New Files: 320 cf/ostype/aix5.m4 321 contrib/buildvirtuser 322 devtools/OS/AIX.5.0 323 3248.11.1/8.11.1 2000/09/27 325 Fix SMTP EXPN command output if the address expands to a single 326 name. Fix from John Beck of Sun Microsystems. 327 Don't try STARTTLS in the client if the PRNG has not been properly 328 seeded. This problem only occurs on systems without 329 /dev/urandom. Problem detected by Jan Krueger of 330 digitalanswers communications consulting gmbh and 331 Neil Rickert of Northern Illinois University. 332 Don't use the . and .. directories when expanding QueueDirectory 333 wildcards. 334 Do not try to cache LDAP connections across processes as a parent 335 process may close the connection before the child process 336 has completed. Problem noted by Lai Yiu Fai of the Hong 337 Kong University of Science and Technology and Wolfgang 338 Hottgenroth of UUNET. 339 Use Timeout.fileopen to limit the amount of time spent trying to 340 read the LDAP secret from a file. 341 Prevent SIGTERM from removing a command line submitted item after 342 the user submits the message and before the first delivery 343 attempt completes. Problem noted by Max France of AlphaNet. 344 Fix from Neil Rickert of Northern Illinois University. 345 Deal correctly with MaxMessageSize restriction if message size is 346 greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman 347 of EarthLink. 348 Turn off queue checkpointing if CheckpointInterval is set to zero. 349 Treat an empty home directory (from getpw*() or $HOME) as 350 non-existent instead of treating it as /. Problem noted by 351 Todd C. Miller of Courtesan Consulting. 352 Don't drop duplicate headers when reading a queued item. Problem 353 noted by Motonori Nakamura of Kyoto University. 354 Avoid bogus error text when logging the savemail panic "cannot 355 save rejected email anywhere". Problem noted by Marc G. 356 Fournier of Acadia University. 357 If an LDAP search fails because the LDAP server went down, close 358 the map so subsequent searches reopen the map. If there are 359 multiple LDAP servers, the down server will be skipped and 360 one of the others may be able to take over. 361 Set the ${load_avg} macro to the current load average, not the 362 previous load average query result. 363 If a non-optional map used in a check_* ruleset can't be opened, 364 return a temporary failure to the remote SMTP client 365 instead of ignoring the map. Problem noted by Allan E 366 Johannesen of Worcester Polytechnic Institute. 367 Avoid a race condition when queuing up split envelopes by saving 368 the split envelopes before the original envelope. 369 Fix a bug in the PH_MAP code which caused mail to bounce instead of 370 defer if the PH server could not be contacted. From Mark 371 Roth of the University of Illinois at Urbana-Champaign. 372 Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and 373 ETRN. Problem noted by Erik R. Leo of SoVerNet. 374 Change error code for unrecognized parameters to the SMTP MAIL and 375 RCPT commands from 501 to 555 per RFC 1869. Problem 376 reported to Postfix by Robert Norris of Monash University. 377 Prevent overwriting the argument of -B on certain OS. Problem 378 noted by Matteo Gelosa of I.NET S.p.A. 379 Use the proper routine for freeing memory with Netscape's LDAP 380 client libraries. Patch from Paul Hilchey of the 381 University of British Columbia. 382 Portability: 383 Move the NETINET6 define to devtools/OS/SunOS.5.{8,9} 384 instead of defining it in conf.h so users can 385 override the setting. Suggested by 386 Henrik Nordstrom of Ericsson. 387 On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of 388 /usr/lib/sendmail for rmail and vacation. From 389 Jeff A. Earickson of Colby College. 390 On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which 391 does not exist). From Jeff A. Earickson of Colby 392 College. 393 Avoid using the UCB subsystem on NCR MP-RAS 3.x. From 394 Tom Moore of NCR. 395 NeXT 3.X and 4.X installs man pages in /usr/man. From 396 Hisanori Gogota of NTT/InterCommunicationCenter. 397 Solaris 8 and later include /var/run. The default PID file 398 location is now /var/run/sendmail.pid. From John 399 Beck of Sun Microsystems. 400 SFIO includes snprintf() for those operating systems 401 which do not. From Todd C. Miller of Courtesan 402 Consulting. 403 CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}. 404 Problem noted by Kaspar Brand of futureLab AG. 405 CONFIG: Change 553 SMTP reply code to 501 to avoid problems with 406 errors in the MAIL address. 407 CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem 408 noted by Ron Jarrell of Virginia Tech. 409 CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8). 410 Contributed by John Beck of Sun Microsystems. 411 CONFIG: Set confFROM_HEADER such that the mail hub can possibly add 412 GECOS information for an address. This more closely 413 matches pre-8.10 nullclient behavior. From Per Hedeland of 414 Ericsson. 415 CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for 416 SMTP to all *smtp* mailers and those for RELAY to the relay 417 mailer as described in cf/README. 418 MAIL.LOCAL: Open the mailbox as the recipient not root so quotas 419 are obeyed. Problem noted by Damian Kuczynski of NIK. 420 MAKEMAP: Do not change a map's owner to the TrustedUser if using 421 makemap to 'unmake' the map. 422 RMAIL: Avoid overflowing the list of recipients being passed to 423 sendmail. 424 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway 425 submission. Problem noted by Kari Hurtta of the Finnish 426 Meteorological Institute. 427 VACATION: Read the complete message to avoid "broken pipe" signals. 428 VACATION: Do not cut off vacation.msg files which have a single 429 dot as the only character on the line. 430 New Files: 431 cf/ostype/solaris8.m4 432 4338.11.0/8.11.0 2000/07/19 434 SECURITY: If sendmail is installed as a non-root set-user-ID binary 435 (not the normal case), some operating systems will still 436 keep a saved-uid of the effective-uid when sendmail tries 437 to drop all of its privileges. If sendmail needs to drop 438 these privileges and the operating system doesn't set the 439 saved-uid as well, exit with an error. Problem noted by 440 Kari Hurtta of the Finnish Meteorological Institute. 441 SECURITY: sendmail depends on snprintf() NUL terminating the string 442 it populates. It is possible that some broken 443 implementations of snprintf() exist that do not do this. 444 Systems in this category should compile with 445 -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your 446 system and report broken implementations to 447 sendmail-bugs@sendmail.org and your OS vendor. Problem 448 noted by Slawomir Piotrowski of TELSAT GP. 449 Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS). 450 Implementation influenced by the example programs of 451 OpenSSL and the work of Lutz Jaenicke of TU Cottbus. 452 Add new STARTTLS related options CACERTPath, CACERTFile, 453 ClientCertFile, ClientKeyFile, DHParameters, RandFile, 454 ServerCertFile, and ServerKeyFile. These are documented in 455 cf/README and doc/op/op.*. 456 New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, 457 ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, 458 ${server_name}, and ${server_addr}. These are documented 459 in cf/README and doc/op/op.*. 460 Add support for the Entropy Gathering Daemon (EGD) for better 461 random data. 462 New DontBlameSendmail option InsufficientEntropy for systems which 463 don't properly seed the PRNG for OpenSSL but want to 464 try to use STARTTLS despite the security problems. 465 Support the security layer in SMTP AUTH for mechanisms which 466 support encryption. Based on code contributed by Tim 467 Martin of CMU. 468 Add new macro ${auth_ssf} to reflect the SMTP AUTH security 469 strength factor. 470 LDAP's -1 (single match only) flag was not honored if the -z 471 (delimiter) flag was not given. Problem noted by ST Wong of 472 the Chinese University of Hong Kong. Fix from Mark Adamson 473 of CMU. 474 Add more protection from accidentally tripping OpenLDAP 1.X's 475 ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute(). 476 Suggested by Kurt Zeilenga of OpenLDAP. 477 Fix the default family selection for DaemonPortOptions. As 478 documented, unless a family is specified in a 479 DaemonPortOptions option, "inet" is the default. It is 480 also the default if no DaemonPortOptions value is set. 481 Therefore, IPv6 users should configure additional sockets 482 by adding DaemonPortOptions settings with Family=inet6 if 483 they wish to also listen on IPv6 interfaces. Problem noted 484 by Jun-ichiro itojun Hagino of the KAME Project. 485 Set ${if_family} when setting ${if_addr} and ${if_name} to reflect 486 the interface information for an outgoing connection. 487 Not doing so was creating a mismatch between the socket 488 family and address used in subsequent connections if the 489 M=b modifier was set in DaemonPortOptions. Problem noted 490 by John Beck of Sun Microsystems. 491 If DaemonPortOptions modifier M=b is used, determine the socket 492 family based on the IP address. ${if_family} is no longer 493 persistent (i.e., saved in qf files). Patch from John Beck 494 of Sun Microsystems. 495 sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family} 496 macros for both the incoming interface address/family and 497 the outgoing interface address/family. In order for M=b 498 modifier in DaemonPortOptions to work properly, preserve 499 the incoming information in the queue file for later 500 delivery attempts. 501 Use SMTP error code and enhanced status code from check_relay in 502 responses to commands. Problem noted by Jeff Wasilko of 503 smoe.org. 504 Add more vigilance in checking for putc() errors on output streams 505 to protect from a bug in Solaris 2.6's putc(). Problem 506 noted by Graeme Hewson of Oracle. 507 The LDAP map -n option (return attribute names only) wasn't working. 508 Problem noted by Ajay Matia. 509 Under certain circumstances, an address could be listed as deferred 510 but would be bounced back to the sender as failed to be 511 delivered when it really should have been queued. Problem 512 noted by Allan E Johannesen of Worcester Polytechnic Institute. 513 Prevent a segmentation fault in a child SMTP process from getting 514 the SMTP transaction out of sync. Problem noted by Per 515 Hedeland of Ericsson. 516 Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT 517 is defined to avoid a core dump due to incompatibilities 518 between sfio and stdio. Problem noted by Neil Rickert 519 of Northern Illinois University. 520 Don't log useless envelope ID on initial connection log. Problem 521 noted by Kari Hurtta of the Finnish Meteorological Institute. 522 Convert the free disk space shown in a control socket status query 523 to kilobyte units. 524 If TryNullMXList is True and there is a temporary DNS failure 525 looking up the hostname, requeue the message for a later 526 attempt. Problem noted by Ari Heikkinen of Pohjois-Savo 527 Polytechnic. 528 Under the proper circumstances, failed connections would be recorded 529 as "Bad file number" instead of "Connection failed" in the 530 queue file and persistent host status. Problem noted by 531 Graeme Hewson of Oracle. 532 Avoid getting into an endless loop if a non-hoststat directory exists 533 within the hoststatus directory (e.g., lost+found). 534 Patch from Valdis Kletnieks of Virginia Tech. 535 Make sure Timeout.queuereturn=now returns a bounce message to the 536 sender. Problem noted by Per Hedeland of Ericsson. 537 If a message data file can't be opened at delivery time, panic and 538 abort the attempt instead of delivering a message that 539 states "<<< No Message Collected >>>". 540 Fixup the GID checking code from 8.10.2 as it was overly 541 restrictive. Problem noted by Mark G. Thomas of Mark 542 G. Thomas Consulting. 543 Preserve source port number instead of replacing it with the ident 544 port number (113). 545 Document the queue status characters in the mailq man page. 546 Suggested by Ulrich Windl of the Universitat Regensburg. 547 Process queued items in which none of the recipient addresses have 548 host portions (or there are no recipients). Problem noted 549 by Valdis Kletnieks of Virginia Tech. 550 If a cached LDAP connection is used for multiple maps, make sure 551 only the first to open the connection is allowed to close 552 it so a later map close doesn't break the connection for 553 other maps. Problem noted by Wolfgang Hottgenroth of UUNET. 554 Netscape's LDAP libraries do not support Kerberos V4 555 authentication. Patch from Rainer Schoepf of the 556 University of Mainz. 557 Provide workaround for inconsistent handling of data passed 558 via callbacks to Cyrus SASL prior to version 1.5.23. 559 Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission 560 noted by Ulrich Windl of the Universitat Regensburg. 561 Portability: 562 Add the ability to read IPv6 interface addresses into class 563 'w' under FreeBSD (and possibly others). From Jun 564 Kuriyama of IMG SRC, Inc. and the FreeBSD Project. 565 Replace code for finding the number of CPUs on HPUX. 566 NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not 567 work properly causing problems if the accept() 568 fails and the socket needs to be reopened. Patch 569 from Tom Moore of NCR. 570 NetBSD uses a .0 extension of formatted man pages. From 571 Andrew Brown of Crossbar Security. 572 Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED 573 for calls to getipnodebyname(). The Linux 574 implementation is broken so AI_ADDRCONFIG is stripped 575 under Linux. From John Beck of Sun Microsystems and 576 John Kennedy of Cal State University, Chico. 577 CONFIG: Catch invalid addresses containing a ',' at the wrong place. 578 Patch from Neil Rickert of Northern Illinois University. 579 CONFIG: New variables for the new sendmail options: 580 confCACERT_PATH CACERTPath 581 confCACERT CACERTFile 582 confCLIENT_CERT ClientCertFile 583 confCLIENT_KEY ClientKeyFile 584 confDH_PARAMETERS DHParameters 585 confRAND_FILE RandFile 586 confSERVER_CERT ServerCertFile 587 confSERVER_KEY ServerKeyFile 588 CONFIG: Provide basic rulesets for TLS policy control and add new 589 tags to the access database to support these policies. See 590 cf/README for more information. 591 CONFIG: Add TLS information to the Received: header. 592 CONFIG: Call tls_client ruleset from check_mail in case it wasn't 593 called due to a STARTTLS command. 594 CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent 595 instead of temporary. 596 CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with 597 the access map and relaying to a domain without using a To: 598 tag. Problem noted by Mark G. Thomas of Mark G. Thomas 599 Consulting. 600 CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in 601 OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of 602 RootsWeb.com. 603 CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and 604 forwarding to make it as close to the old behavior as 605 possible. Problem noted by George W. Baltz of the 606 University of Maryland. 607 CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From 608 Wilfredo Sanchez of Apple Computer, Inc. 609 CONFIG: Changed the map names used by FEATURE(`ldap_routing') from 610 ldap_mailhost and ldap_mailroutingaddress to ldapmh and 611 ldapmra as underscores in map names cause problems if 612 underscore is in OperatorChars. Problem noted by Bob Zeitz 613 of the University of Alberta. 614 CONFIG: Apply blacklist_recipients also to hosts in class {w}. 615 Patch from Michael Tratz of Esosoft Corporation. 616 CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers. 617 CONTRIB: Add link_hash.sh to create symbolic links to the hash 618 of X.509 certificates. 619 CONTRIB: passwd-to-alias.pl: More protection from special characters; 620 treat special shells as root aliases; skip entries where the 621 GECOS full name and username match. From Ulrich Windl of the 622 Universitat Regensburg. 623 CONTRIB: qtool.pl: Add missing last_modified_time method and fix a 624 typo. Patch from Graeme Hewson of Oracle. 625 CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue 626 and sendmail. Patch from Graeme Hewson of Oracle. 627 CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as 628 subroutine Patch from Graeme Hewson of Oracle. 629 CONTRIB: Add movemail.pl (move old mail messages between queues by 630 calling re-mqueue.pl) and movemail.conf (configuration 631 script for movemail.pl). From Graeme Hewson of Oracle. 632 CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to 633 makemap). From Derek J. Balling of Yahoo,Inc. 634 DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any 635 extension modifications (e.g., MAN8EXT) to the installation 636 target. Patch from James Ralston of Carnegie Mellon 637 University. 638 DEVTOOLS: Add support for SunOS 5.9. 639 DEVTOOLS: New option confLN contains the command used to create 640 links. 641 LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not 642 reported. 643 MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of 644 Denman Tire Corporation. 645 MAIL.LOCAL: Prevent a possible DoS attack when compiled with 646 -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU. 647 MAILSTATS: Fix usage statement (-p and -o are optional). 648 MAKEMAP: Change man page layout as workaround for problem with nroff 649 and -man on Solaris 7. Patch from Larry Williamson. 650 RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of 651 Black Diamond Equipment, Limited. 652 RMAIL: Prevent a segmentation fault if the incoming message does not 653 have a From line. 654 VACATION: Read all of the headers before deciding whether or not 655 to respond instead of stopping after finding recipient. 656 Added Files: 657 cf/ostype/darwin.m4 658 contrib/cidrexpand 659 contrib/link_hash.sh 660 contrib/movemail.conf 661 contrib/movemail.pl 662 devtools/OS/SunOS.5.9 663 test/t_snprintf.c 664 6658.10.2/8.10.2 2000/06/07 666 SECURITY: Work around broken Linux setuid() implementation. 667 On Linux, a normal user process has the ability to subvert 668 the setuid() call such that it is impossible for a root 669 process to drop its privileges. Problem noted by Wojciech 670 Purczynski of elzabsoft.pl. 671 SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(), 672 initgroups(), and chroot() calls. 673 Added Files: 674 test/t_setuid.c 675 6768.10.1/8.10.1 2000/04/06 677 SECURITY: Limit the choice of outgoing (client-side) SMTP 678 Authentication mechanisms to those specified in 679 AuthMechanisms to prevent information leakage. We do not 680 recommend use of PLAIN for outgoing mail as it sends the 681 password in clear text to possibly untrusted servers. See 682 cf/README's DefaultAuthInfo section for additional information. 683 Copy the ident argument for openlog() to avoid problems on some 684 OSs. Based on patch from Rob Bajorek from Webhelp.com. 685 Avoid bogus error message when reporting an alias line as too long. 686 Avoid bogus socket error message if sendmail.cf version level is 687 greater than sendmail binary supported version. Patch 688 from John Beck of Sun Microsystems. 689 Prevent a malformed ruleset (missing right hand side) from causing 690 a segmentation fault when using address test mode. Based on 691 patch from John Beck of Sun Microsystems. 692 Prevent memory leak from use of NIS maps and yp_match(3). Problem 693 noted by Gil Kloepfer of the University of Texas at Austin. 694 Fix queue file permission checks to allow for TrustedUser ownership. 695 Change logging of errors from the trust_auth ruleset to LogLevel 10 696 or higher. 697 Avoid simple password cracking attacks against SMTP AUTH by using 698 exponential delay after too many tries within one connection. 699 Encode an initial empty AUTH challenge as '=', not as empty string. 700 Avoid segmentation fault on EX_SOFTWARE internal error logs. 701 Problem noted by Allan E Johannesen of Worcester 702 Polytechnic Institute. 703 Ensure that a header check which resolves to $#discard actually 704 discards the message. 705 Emit missing value warnings for aliases with no right hand side 706 when newaliases is run instead of only when delivery is 707 attempted to the alias. 708 Remove AuthOptions missing value warning for consistency with other 709 flag options. 710 Portability: 711 SECURITY: Specify a run-time shared library search path for 712 AIX 4.X instead of using the dangerous AIX 4.X 713 linker semantics. AIX 4.X users should consult 714 sendmail/README for further information. Problem 715 noted by Valdis Kletnieks of Virginia Tech. 716 Avoid use of strerror(3) call. Problem noted by Charles 717 Levert of Ecole Polytechnique de Montreal. 718 DGUX requires -lsocket -lnsl and has a non-standard install 719 program. From Tim Boyer of Denman Tire Corporation. 720 HPUX 11.0 has a broken res_search() function. 721 Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X 722 from J. P. McCann of E I A. 723 Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3). 724 Problem noted by Michael Long of Info Avenue Internet 725 Services, LLC. 726 Modern (post-199912) OpenBSD versions include working 727 strlc{at,py}(3) functions. From Todd C. Miller of 728 Courtesan Consulting. 729 SINIX doesn't have random(3). From Gerald Rinske of 730 Siemens Business Services. 731 CONFIG: Change error message about unresolvable sender domain to 732 include the sender address. Proposed by Wolfgang Rupprecht 733 of WSRCC. 734 CONFIG: Fix usenet mailer calls. 735 CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS 736 to be backward compatible with 8.9. 737 CONFIG: Change handling of default case @domain for virtusertable 738 to allow for +*@domain to deal with +detail. 739 CONTRIB: Remove converting.sun.configs -- it is obsolete. 740 DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki 741 of NEC. 742 DEVTOOLS: Add to NCR platform list and include the architecture 743 (i486). From Tom J. Moore of NCR. 744 DEVTOOLS: SECURITY: Change method of linking with sendmail utility 745 libraries to work around the AIX 4.X and SunOS 4.X linker's 746 overloaded -L option. Problem noted by Valdis Kletnieks of 747 Virginia Tech. 748 DEVTOOLS: configure.sh was overriding the user's choice for 749 confNROFF. Problem noted by Glenn A. Malling of Syracuse 750 University. 751 DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added 752 for other internal projects but included in the open source 753 release. 754 LIBSMDB: Check for ".db" instead of simply "db" at the end of the 755 map name to determine whether or not to add the extension. 756 This fixes makemap when building the userdb file. Problem 757 noted by Andrew J Cole of the University of Leeds. 758 LIBSMDB: Allow a database to be opened for updating and created if 759 it doesn't already exist. Problem noted by Rand Wacker of 760 Sendmail. 761 LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are 762 available, fall back to NDBM if NEWDB open fails. This 763 fixes praliases. Patch from John Beck of Sun Microsystems. 764 LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted 765 as SFF_NOWRFILES. 766 OP.ME: Clarify some issues regarding mailer flags. Suggested by 767 Martin Mokrejs of The Charles University and Neil Rickert of 768 Northern Illinois University. 769 PRALIASES: Restore 8.9.X functionality of being able to search for 770 particular keys in a database by specifying the keys on the 771 command line. Man page updated accordingly. Patch from 772 John Beck of Sun Microsystems. 773 VACATION: SunOS 4.X portability from Charles Levert of Ecole 774 Polytechnique de Montreal. 775 VACATION: Fix -t option which is ignored but available for 776 compatibility with Sun's version, based on patch from 777 Volker Dobler of Infratest Burke. 778 Added Files: 779 devtools/M4/UNIX/smlib.m4 780 devtools/OS/OSF1.V5.0 781 Deleted Files: 782 contrib/converting.sun.configs 783 Deleted Directories (already done in 8.10.0 but not listed): 784 doc/intro 785 doc/usenix 786 doc/changes 787 7888.10.0/8.10.0 2000/03/01 789 ************************************************************* 790 * The engineering department at Sendmail, Inc. has suffered * 791 * the tragic loss of a key member of our engineering team. * 792 * Julie Van Bourg was the Vice President of Engineering * 793 * at Sendmail, Inc. during the development and deployment * 794 * of this release. It was her vision, dedication, and * 795 * support that has made this release a success. Julie died * 796 * on October 26, 1999 of cancer. We have lost a leader, a * 797 * coach, and a friend. * 798 * * 799 * This release is dedicated to her memory and to the joy, * 800 * strength, ideals, and hope that she brought to all of us. * 801 * Julie, we miss you! * 802 ************************************************************* 803 SECURITY: The safe file checks now back track through symbolic 804 links to make sure the files can't be compromised due 805 to poor permissions on the parent directories of the 806 symbolic link target. 807 SECURITY: Only root, TrustedUser, and users in class t can rebuild 808 the alias map. Problem noted by Michal Zalewski of the 809 "Internet for Schools" project (IdS). 810 SECURITY: There is a potential for a denial of service attack if 811 the AutoRebuildAliases option is set as a user can kill the 812 sendmail process while it is rebuilding the aliases file 813 (leaving it in an inconsistent state). This option and 814 its use is deprecated and will be removed from a future 815 version of sendmail. 816 SECURITY: Make sure all file descriptors (besides stdin, stdout, and 817 stderr) are closed before restarting sendmail. Problem noted 818 by Michal Zalewski of the "Internet for Schools" project 819 (IdS). 820 Begin using /etc/mail/ for sendmail related files. This affects 821 a large number of files. See cf/README for more details. 822 The directory structure of the distribution has changed slightly 823 for easier code sharing among the programs. 824 Support SMTP AUTH (see RFC 2554). New macros for this purpose 825 are ${auth_authen}, ${auth_type}, and ${auth_author} 826 which hold the client's authentication credentials, 827 the mechanism used for authentication, and the 828 authorization identity (i.e., the AUTH= parameter if 829 supplied). Based on code contributed by Tim Martin of CMU. 830 On systems which use the Torek stdio library (all of the BSD 831 distributions), use memory-buffered files to reduce 832 file system overhead by not creating temporary files on 833 disk. Contributed by Exactis.com, Inc. 834 New option DataFileBufferSize to control the maximum size of a 835 memory-buffered data (df) file before a disk-based file is 836 used. Contributed by Exactis.com, Inc. 837 New option XscriptFileBufferSize to control the maximum size of a 838 memory-buffered transcript (xf) file before a disk-based 839 file is used. Contributed by Exactis.com, Inc. 840 sendmail implements RFC 2476 (Message Submission), e.g., it can 841 now listen on several different ports. Use: 842 O DaemonPortOptions=Name=MSA, Port=587, M=E 843 to run a Message Submission Agent (MSA); this is turned 844 on by default in m4-generated .cf files; it can be turned 845 off with FEATURE(`no_default_msa'). 846 The 'XUSR' SMTP command is deprecated. Mail user agents should 847 begin using RFC 2476 Message Submission for initial user 848 message submission. XUSR may disappear from a future release. 849 The new '-G' (relay (gateway) submission) command line option 850 indicates that the message being submitted from the command 851 line is for relaying, not initial submission. This means 852 the message will be rejected if the addresses are not fully 853 qualified and no canonicalization will be done. Future 854 releases may even reject improperly formed messages. 855 The '-U' (initial user submission) command line option is 856 deprecated and may be removed from a future release. 857 Mail user agents should begin using '-G' to indicate that 858 this is a relay submission (the inverse of -U). 859 The next release of sendmail will assume that any message submitted 860 from the command line is an initial user submission and act 861 accordingly. 862 If sendmail doesn't have enough privileges to run a .forward 863 program or deliver to file as the owner of that file, the 864 address is marked as unsafe. This means if RunAsUser is 865 set, users won't be able to use programs or delivery to 866 files in their .forward files. Administrators can override 867 this by setting the DontBlameSendmail option to the new 868 setting NonRootSafeAddr. 869 Allow group or world writable directories if the sticky bit is set 870 on the directory and DontBlameSendmail is set to 871 TrustStickyBit. Based on patch from Chris Metcalf of 872 InCert Software. 873 Prevent logging of unsafe directory paths for non-existent forward 874 files if the new DontWarnForwardFileInUnsafeDirPath bit is 875 set in the DontBlameSendmail option. Requested by many. 876 New Timeout.control option to limit the total time spent satisfying 877 a control socket request. 878 New Timeout.resolver options for controlling BIND resolver 879 settings: 880 Timeout.resolver.retrans 881 Sets the resolver's retransmission time interval (in 882 seconds). Sets both Timeout.resolver.retrans.first 883 and Timeout.resolver.retrans.normal. 884 Timeout.resolver.retrans.first 885 Sets the resolver's retransmission time interval (in 886 seconds) for the first attempt to deliver a message. 887 Timeout.resolver.retrans.normal 888 Sets the resolver's retransmission time interval (in 889 seconds) for all resolver lookups except the first 890 delivery attempt. 891 Timeout.resolver.retry 892 Sets the number of times to retransmit a resolver 893 query. Sets both Timeout.resolver.retry.first 894 and Timeout.resolver.retry.normal. 895 Timeout.resolver.retry.first 896 Sets the number of times to retransmit a resolver 897 query for the first attempt to deliver a message. 898 Timeout.resolver.retry.normal 899 Sets the number of times to retransmit a resolver 900 query for all resolver lookups except the first 901 delivery attempt. 902 Contributed by Exactis.com, Inc. 903 Support multiple queue directories. To use multiple queues, supply 904 a QueueDirectory option value ending with an asterisk. For 905 example, /var/spool/mqueue/q* will use all of the 906 directories or symbolic links to directories beginning with 907 'q' in /var/spool/mqueue as queue directories. Keep in 908 mind, the queue directory structure should not be changed 909 while sendmail is running. Queue runs create a separate 910 process for running each queue unless the verbose flag is 911 given on a non-daemon queue run. New items are randomly 912 assigned to a queue. Contributed by Exactis.com, Inc. 913 Support different directories for qf, df, and xf queue files; if 914 subdirectories or symbolic links to directories of those names 915 exist in the queue directories, they are used for the 916 corresponding queue files. Keep in mind, the queue 917 directory structure should not be changed while sendmail is 918 running. Proposed by Mathias Koerber of Singapore 919 Telecommunications Ltd. 920 New queue file naming system which uses a filename guaranteed to be 921 unique for 60 years. This allows queue IDs to be assigned 922 without fancy file system locking. Queued items can be 923 moved between queues easily. Contributed by Exactis.com, 924 Inc. 925 Messages which are undeliverable due to temporary address failures 926 (e.g., DNS failure) will now go to the FallBackMX host, if 927 set. Contributed by Exactis.com, Inc. 928 New command line option '-L tag' which sets the identifier used for 929 syslog. Contributed by Exactis.com, Inc. 930 QueueSortOrder=Filename will sort the queue by filename. This 931 avoids opening and reading each queue file when preparing 932 to run the queue. Contributed by Exactis.com, Inc. 933 Shared memory counters and microtimers functionality has been 934 donated by Exactis.com, Inc. 935 The SCCS ID tags have been replaced with RCS ID tags. 936 Allow trusted users (those on a T line or in $=t) to set the 937 QueueDirectory (Q) option without an X-Authentication-Warning: 938 being added. Suggested by Michael K. Sanders. 939 IPv6 support based on patches from John Kennedy of Cal State 940 University, Chico, Motonori Nakamura of Kyoto University, 941 and John Beck of Sun Microsystems. 942 In low-disk space situations, where sendmail would previously refuse 943 connections, still accept them, but only allow ETRN commands. 944 Suggested by Mathias Koerber of Singapore Telecommunications 945 Ltd. 946 The [IPC] builtin mailer now allows delivery to a UNIX domain socket 947 on systems which support them. This can be used with LMTP 948 local delivery agents which listen on a named socket. An 949 example mailer might be: 950 Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n, 951 S=10, R=20/40, T=DNS/RFC822/X-Unix, 952 A=FILE /var/run/lmtpd 953 Code contributed by Lyndon Nerenberg of Messaging Direct. 954 The [TCP] builtin mailer name is now deprecated. Use [IPC] 955 instead. 956 The first mailer argument in the [IPC] mailer is now checked for a 957 legitimate value. Possible values are TCP (for TCP/IP 958 connections), IPC (which will be deprecated in a future 959 version), and FILE (for UNIX domain socket delivery). 960 PrivacyOptions=goaway no longer includes the noetrn and the noreceipts 961 flags. 962 PrivacyOptions=nobodyreturn instructs sendmail not to include the 963 body of the original message on delivery status 964 notifications. 965 Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted 966 by Dan Bernstein, fix from Robert Harker of Harker Systems. 967 Accept the SMTP RSET command even when rejecting commands due to TCP 968 Wrappers or the check_relay ruleset. Problem noted by 969 Steve Schweinhart of America Online. 970 Warn if OperatorChars is set multiple times. OperatorChars should 971 not be set after rulesets are defined. Suggested by 972 Mitchell Blank Jr of Exec-PC. 973 Do not report temporary failure on delivery to files. In 974 interactive delivery mode, this would result in two SMTP 975 responses after the DATA command. Problem noted by 976 Nik Conwell of Boston University. 977 Check file close when mailing to files. Problem noted by Nik 978 Conwell of Boston University. 979 Avoid a segmentation fault when using the LDAP map. Patch from 980 Curtis W. Hillegas of Princeton University. 981 Always bind to the LDAP server regardless of whether you are using 982 ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of 983 @Home Network. 984 New ruleset trust_auth to determine whether a given AUTH= 985 parameter of the MAIL command should be trusted. See SMTP 986 AUTH, cf/README, and doc/op/op.ps. 987 Allow new named config file rules check_vrfy, check_expn, and 988 check_etrn for VRFY, EXPN, and ETRN commands, respectively, 989 similar to check_rcpt etc. 990 Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr}, 991 ${mail_mailer}, ${mail_host}, ${mail_addr} that hold 992 the results of parsing the RCPT and MAIL arguments, i.e. 993 the resolved triplet from $#mailer $@host $:addr. 994 From Kari Hurtta of the Finnish Meteorological Institute. 995 New macro ${client_resolve} which holds the result of the resolve 996 call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed 997 by Kari Hurtta of the Finnish Meteorological Institute. 998 New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold 999 the corresponding DSN parameter values. Proposed by 1000 Mathias Herberts. 1001 New macro ${msg_size} which holds the value of the SIZE= parameter, 1002 i.e., usually the size of the message (in an ESMTP dialogue), 1003 before the message has been collected, thereafter it holds 1004 the message size as computed by sendmail (and can be used 1005 in check_compat). 1006 The macro ${deliveryMode} now specifies the current delivery mode 1007 sendmail is using instead of the value of the DeliveryMode 1008 option. 1009 New macro ${ntries} holds the number of delivery attempts. 1010 Drop explicit From: if same as what would be generated only if it is 1011 a local address. From Motonori Nakamura of Kyoto University. 1012 Write pid to file also if sendmail only processes the queue. 1013 Proposed by Roy J. Mongiovi of Georgia Tech. 1014 Log "low on disk space" only when necessary. 1015 New macro ${load_avg} can be used to check the current load average. 1016 Suggested by Scott Gifford of The Internet Ramp. 1017 Return-Receipt-To: header implies DSN request if option RrtImpliesDsn 1018 is set. 1019 Flag -S for maps to specify the character which is substituted 1020 for spaces (instead of the default given by O BlankSub). 1021 Flag -D for maps: perform no lookup in deferred delivery mode. 1022 This flag is set by default for the host map. Based on a 1023 proposal from Ian MacPhedran of the University of Saskatchewan. 1024 Open maps only on demand, not at startup. 1025 Log warning about unsupported IP address families. 1026 New option MaxHeadersLength allows to specify a maximum length 1027 of the sum of all headers. This can be used to prevent 1028 a denial-of-service attack. 1029 New option MaxMimeHeaderLength which limits the size of MIME 1030 headers and parameters within those headers. This option 1031 is intended to protect mail user agents from buffer 1032 overflow attacks. 1033 Added option MaxAliasRecursion to specify the maximum depth of 1034 alias recursion. 1035 New flag F=6 for mailers to strip headers to seven bit. 1036 Map type syslog to log the key via syslogd. 1037 Entries in the alias file can be continued by putting a backslash 1038 directly before the newline. 1039 New option DeadLetterDrop to define the location of the system-wide 1040 dead.letter file, formerly hardcoded to 1041 /usr/tmp/dead.letter. If this option is not set (the 1042 default), sendmail will not attempt to save to a 1043 system-wide dead.letter file if it can not bounce the mail 1044 to the user nor postmaster. Instead, it will rename the qf 1045 file as it has in the past when the dead.letter file 1046 could not be opened. 1047 New option PidFile to define the location of the pid file. The 1048 value of this option is macro expanded. 1049 New option ProcessTitlePrefix specifies a prefix string for the 1050 process title shown in 'ps' listings. 1051 New macros for use with the PidFile and ProcessTitlePrefix options 1052 (along with the already existing macros): 1053 ${daemon_info} Daemon information, e.g. 1054 SMTP+queueing@00:30:00 1055 ${daemon_addr} Daemon address, e.g., 0.0.0.0 1056 ${daemon_family} Daemon family, e.g., inet, inet6, etc. 1057 ${daemon_name} Daemon name, e.g., MSA. 1058 ${daemon_port} Daemon port, e.g., 25 1059 ${queue_interval} Queue run interval, e.g., 00:30:00 1060 New macros especially for virtual hosting: 1061 ${if_name} hostname of interface of incoming connection. 1062 ${if_addr} address of interface of incoming connection. 1063 The latter is only set if the interface does not belong to the 1064 loopback net. 1065 If a message being accepted via a method other than SMTP and 1066 would be rejected by a header check, do not send the message. 1067 Suggested by Phil Homewood of Mincom Pty Ltd. 1068 Don't strip comments for header checks if $>+ is used instead of $>. 1069 Provide header value as quoted string in the macro 1070 ${currHeader} (possibly truncated to MAXNAME). Suggested by 1071 Jan Krueger of Unix-AG of University of Hannover. 1072 The length of the header value is stored in ${hdrlen}. 1073 H*: allows to specify a default ruleset for header checks. This 1074 ruleset will only be called if the individual header does 1075 not have its own ruleset assigned. Suggested by Jan 1076 Krueger of Unix-AG of University of Hannover. 1077 The name of the header field stored in ${hdr_name}. 1078 Comments (i.e., text within parentheses) in rulesets are not 1079 removed if the config file version is greater than or equal 1080 to 9. For example, "R$+ ( 1 ) $@ 1" matches the 1081 input "token (1)" but does not match "token". 1082 Avoid removing the Content-Transfer-Encoding MIME header on 1083 MIME messages. Problem noted by Sigurbjorn B. Larusson of 1084 Multimedia Consumer Services. Fix from Per Hedeland of 1085 Ericsson. 1086 Avoid duplicate Content-Transfer-Encoding MIME header on 1087 messages with 8-bit text in headers. Problem noted by 1088 Per Steinar Iversen of Oslo College. Fix from Per Hedeland 1089 of Ericsson. 1090 Avoid keeping maps locked longer than necessary when re-opening a 1091 modified database map file. Problem noted by Chris Adams 1092 of Renaissance Internet Services. 1093 Resolving to the $#error mailer with a temporary failure code (e.g., 1094 $#error $@ tempfail $: "400 Temporary failure") will now 1095 queue up the message instead of bouncing it. 1096 Be more liberal in acceptable responses to an SMTP RSET command as 1097 standard does not provide any indication of what to do when 1098 something other than 250 is received. Based on a patch 1099 from Steve Schweinhart of America Online. 1100 New option TrustedUser allows to specify a user who can own 1101 important files instead of root. This requires HASFCHOWN. 1102 Fix USERDB conditional so compiling with NEWDB or HESIOD and 1103 setting USERDB=0 works. Fix from Jorg Zanger of Schock. 1104 Fix another instance (similar to one in 8.9.3) of a network failure 1105 being mis-logged as "Illegal Seek" instead of whatever 1106 really went wrong. From John Beck of Sun Microsystems. 1107 $? tests also whether the macro is non-null. 1108 Print an error message if a mailer definition contains an invalid 1109 equate name. 1110 New mailer equate /= to specify a directory to chroot() into before 1111 executing the mailer program. Suggested by Igor Vinokurov. 1112 New mailer equate W= to specify the maximum time to wait for the 1113 mailer to return after sending all data to it. 1114 Only free memory from the process list when adding a new process 1115 into a previously filled slot. Previously, the memory was 1116 freed at removal time. Since removal can happen in a 1117 signal handler, this may leave the memory map in an 1118 inconsistent state. Problem noted by Jeff A. Earickson and 1119 David Cooley of Colby College. 1120 When using the UserDB @hostname catch-all, do not try to lookup 1121 local users in the passwd file. The UserDB code has 1122 already decided the message will be passed to another host 1123 for processing. Fix from Tony Landells of Burdett 1124 Buckeridge Young Limited. 1125 Support LDAP authorization via either a file containing the 1126 password or Kerberos V4 using the new map options 1127 '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The 1128 distinguished_name is who to login as. The method can be 1129 one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or 1130 LDAP_AUTH_KRBV4. The filename is the file containing the 1131 secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos 1132 ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense 1133 of Stanford University. 1134 The ldapx map has been renamed to ldap. The use of ldapx is 1135 deprecated and will be removed in a future version. 1136 If the result of an LDAP search returns a multi-valued attribute 1137 and the map has the column delimiter set, it turns that 1138 response into a delimiter separated string. The LDAP map 1139 will traverse multiple entries as well. LDAP alias maps 1140 automatically set the column delimiter to the comma. 1141 Based on patch from Booker Bense of Stanford University and 1142 idea from Philip A. Prindeville of Mirapoint, Inc. 1143 Support return of multiple values for a single LDAP lookup. The 1144 values to be returned should be in a comma separated string. 1145 For example, `-v "email,emailother"'. Patch from 1146 Curtis W. Hillegas of Princeton University. 1147 Allow the use of LDAP for alias maps. 1148 If no LDAP attributes are specified in an LDAP map declaration, all 1149 attributes found in the match will be returned. 1150 Prevent commas in quoted strings in the AliasFile value from 1151 breaking up a single entry into multiple entries. This is 1152 needed for LDAP alias file specifications to allow for 1153 comma separated key and value strings. 1154 Keep connections to LDAP server open instead of opening and closing 1155 for each lookup. To reduce overhead, sendmail will cache 1156 connections such that multiple maps which use the same 1157 host, port, bind DN, and authentication will only result in 1158 a single connection to that host. 1159 Put timeout in the proper place for USE_LDAP_INIT. 1160 Be more careful about checking for errors and freeing memory on 1161 LDAP lookups. 1162 Use asynchronous LDAP searches to save memory and network 1163 resources. 1164 Do not copy LDAP query results if the map's match only flag is set. 1165 Increase portability to the Netscape LDAP libraries. 1166 Change the parsing of the LDAP filter specification. '%s' is still 1167 replaced with the literal contents of the map lookup key -- 1168 note that this means a lookup can be done using the LDAP 1169 special characters. The new '%0' token can be used instead 1170 of '%s' to encode the key buffer according to RFC 2254. 1171 For example, if the LDAP map specification contains '-k 1172 "(user=%s)"' and a lookup is done on "*", this would be 1173 equivalent to '-k "(user=*)"' -- matching ANY record with a 1174 user attribute. Instead, if the LDAP map specification 1175 contains '-k "(user=%0)"' and a lookup is done on "*", this 1176 would be equivalent to '-k "(user=\2A)"' -- matching a user 1177 with the name "*". 1178 New LDAP map flags: "-1" requires a single match to be returned, if 1179 more than one is returned, it is equivalent to no records 1180 being found; "-r never|always|search|find" sets the LDAP 1181 alias dereference option; "-Z size" limits the number of 1182 matches to return. 1183 New option LDAPDefaultSpec allows a default map specification for 1184 LDAP maps. The value should only contain LDAP specific 1185 settings such as "-h host -p port -d bindDN", etc. The 1186 settings will be used for all LDAP maps unless they are 1187 specified in the individual map specification ('K' 1188 command). This option should be set before any LDAP maps 1189 are defined. 1190 Prevent an NDBM alias file opening loop when the NDBM open 1191 continually fails. Fix from Roy J. Mongiovi of Georgia 1192 Tech. 1193 Reduce memory utilization for smaller symbol table entries. In 1194 particular, class entries get much smaller, which can be 1195 important if you have large classes. 1196 On network-related temporary failures, record the hostname which 1197 gave error in the queued status message. Requested by 1198 Ulrich Windl of the Universitat Regensburg. 1199 Add new F=% mailer flag to allow for a store and forward 1200 configuration. Mailers which have this flag will not attempt 1201 delivery on initial receipt of a message or on queue runs 1202 unless the queued message is selected using one of the 1203 -qI/-qR/-qS queue run modifiers or an ETRN request. Code 1204 provided by Philip Guenther of Gustavus Adolphus College. 1205 New option ControlSocketName which, when set, creates a daemon 1206 control socket. This socket allows an external program to 1207 control and query status from the running sendmail daemon 1208 via a named socket, similar to the ctlinnd interface to the 1209 INN news server. Access to this interface is controlled by 1210 the UNIX file permissions on the named socket on most UNIX 1211 systems (see sendmail/README for more information). An 1212 example control program is provided as contrib/smcontrol.pl. 1213 Change the default values of QueueLA from 8 to (8 * numproc) and 1214 RefuseLA from 12 to (12 * numproc) where numproc is the 1215 number of processors online on the system (if that can be 1216 determined). For single processor machines, this change 1217 has no effect. 1218 Don't return body of message to postmaster on "Too many hops" bounces. 1219 Based on fix from Motonori Nakamura of Kyoto University. 1220 Give more detailed DSN descriptions for some cases. Patch from 1221 Motonori Nakamura of Kyoto University. 1222 Logging of alias, forward file, and UserDB expansion now happens 1223 at LogLevel 11 or higher instead of 10 or higher. 1224 Logging of an envelope's complete delivery (the "done" message) now 1225 happens at LogLevel 10 or higher instead of 11 or higher. 1226 Logging of TCP/IP or UNIX standard input connections now happens at 1227 LogLevel 10 or higher. Previously, only TCP/IP connections 1228 were logged, and on at LogLevel 12 or higher. Setting 1229 LogLevel to 10 will now assist users in tracking frequent 1230 connection-based denial of service attacks. 1231 Log basic information about authenticated connections at LogLevel 1232 10 or higher. 1233 Log SMTP Authentication mechanism and author when logging the sender 1234 information (from= syslog line). 1235 Log the DSN code for each recipient if one is available as a new 1236 equate (dsn=). 1237 Macro expand PostmasterCopy and DoubleBounceAddress options. 1238 New "ph" map for performing ph queries in rulesets. More 1239 information is available at 1240 http://www-dev.cso.uiuc.edu/sendmail/. Contributed by Mark 1241 Roth of the University of Illinois at Urbana-Champaign. 1242 Detect temporary lookup failures in the host map if looking up a 1243 bracketed IP address. Problem noted by Kari Hurtta of the 1244 Finnish Meteorological Institute. 1245 Do not report a Remote-MTA on local deliveries. Problem noted by 1246 Kari Hurtta of the Finnish Meteorological Institute. 1247 When a forward file points to an alias which runs a program, run 1248 the program as the default user and the default group, not 1249 the forward file user. This change also assures the 1250 :include: directives in aliases are also processed using 1251 the default user and group. Problem noted by Sergiu 1252 Popovici of DNT Romania. 1253 Prevent attempts to save a dead.letter file for a user with 1254 no home directory (/no/such/directory). Problem noted by 1255 Michael Brown of Finnigan FT/MS. 1256 Include message delay and number of tries when logging that a 1257 message has been completely delivered (LogLevel of 10 or 1258 above). Suggested by Nick Hilliard of Ireland Online. 1259 Log the sender of a message even if none of the recipients were 1260 accepted. If some of the recipients were rejected, it is 1261 helpful to know the sender of the message. 1262 Check the root directory (/) when checking a path for safety. 1263 Problem noted by John Beck of Sun Microsystems. 1264 Prevent multiple responses to the DATA command if DeliveryMode is 1265 interactive and delivering to an alias which resolves to 1266 multiple files. 1267 Macros in the helpfile are expanded if the helpfile version is 2 or 1268 greater (see below); the help function doesn't print the 1269 version of sendmail any longer, instead it is placed in 1270 the helpfile ($v). Suggested by Chuck Foster of UUNET 1271 PIPEX. Additionally, comment lines (starting with #) are 1272 skipped and a version line (#vers) is introduced. The 1273 helpfile version for 8.10.0 is 2, if no version or an older 1274 version is found, a warning is logged. The '#vers' 1275 directive should be placed at the top of the help file. 1276 Use fsync() when delivering to a file to guarantee the delivery to 1277 disk succeeded. Suggested by Nick Christenson. 1278 If delivery to a file is unsuccessful, truncate the file back to its 1279 length before the attempt. 1280 If a forward points to a filename for delivery, change to the 1281 user's uid before checking permissions on the file. This 1282 allows delivery to files on NFS mounted directories where 1283 root is remapped to nobody. Problem noted by Harald 1284 Daeubler of Universitaet Ulm. 1285 purgestat and sendmail -bH purge only expired (Timeout.hoststatus) 1286 host status files, not all files. 1287 Any macros stored in the class $={persistentMacros} will be saved 1288 in the queue file for the message and set when delivery 1289 is attempted on the queued item. Suggested by Kyle Jones of 1290 Wonderworks Inc. 1291 Add support for storing information between rulesets using the new 1292 macro map class. This can be used to store information 1293 between queue runs as well using $={persistentMacros}. 1294 Based on an idea from Jan Krueger of Unix-AG of University 1295 of Hannover. 1296 New map class arith to allow for computations in rules. The 1297 operation (+, -, *, /, l (for less than), and =) is given 1298 as key. The two operands are specified as arguments; the 1299 lookup returns the result of the computation. For example, 1300 "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and 1301 "$(arith + $@ 4 $@ 2 $)" will return "6". 1302 Add new syntax for header declarations which decide whether to 1303 include the header based on a macro rather than a mailer 1304 flag: 1305 H?${MyMacro}?X-My-Header: ${MyMacro} 1306 This should be used along with $={persistentMacros}. 1307 It can be used for adding headers to a message based on 1308 the results of check_* and header check rulesets. 1309 Allow new named config file rule check_eoh which is called after 1310 all of the headers have been collected. The input to the 1311 ruleset the number of headers and the size of all of the 1312 headers in bytes separated by $|. This ruleset along with 1313 the macro storage map can be used to correlate information 1314 gathered between headers and to check for missing headers. 1315 See cf/README or doc/op/op.ps for an example. 1316 Change the default for the MeToo option to True to correspond 1317 to the clarification in the DRUMS SMTP Update spec. This 1318 option is deprecated and will be removed from a future 1319 version. 1320 Change the sendmail binary default for SendMimeErrors to True. 1321 Change the sendmail binary default for SuperSafe to True. 1322 Display ruleset names in debug and address test mode output 1323 if referencing a named ruleset. 1324 New mailer equate m= which will limit the number of messages 1325 delivered per connection on an SMTP or LMTP mailer. 1326 Improve QueueSortOrder=Host by reversing the hostname before 1327 using it to sort. Now all the same domains are really run 1328 through the queue together. If they have the same MX host, 1329 then they will have a much better opportunity to use the 1330 connection cache if available. This should be a reasonable 1331 performance improvement. Patch from Randall Winchester of 1332 the University of Maryland. 1333 If a message is rejected by a header check ruleset, log who would 1334 have received the message if it had not been rejected. 1335 New "now" value for Timeout.queuereturn to bounce entries from the 1336 queue immediately. No delivery attempt is made. 1337 Increase sleeping time exponentially after too many "bad" commands 1338 up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}- 1339 COMMANDS). 1340 New option ClientPortOptions similar to DaemonPortOptions 1341 but for outgoing connections. 1342 New suboptions for DaemonPortOptions: Name (a name used for 1343 error messages and logging) and Modifiers, i.e. 1344 a require authentication 1345 b bind to interface through which mail has 1346 been received 1347 c perform hostname canonification 1348 f require fully qualified hostname 1349 h use name of interface for outgoing HELO 1350 command 1351 C don't perform hostname canonification 1352 E disallow ETRN (see RFC 2476) 1353 New suboption for ClientPortOptions: Modifiers, i.e. 1354 h use name of interface for HELO command 1355 The version number for queue files (qf) has been incremented to 4. 1356 Log unacceptable HELO/EHLO domain name attempts if LogLevel is set 1357 to 10 or higher. Suggested by Rick Troxel of the National 1358 Institutes of Health. 1359 If a mailer dies, print the status in decimal instead of octal 1360 format. Suggested by Michael Shapiro of Sun Microsystems. 1361 Limit the length of all MX records considered for delivery to 8k. 1362 Move message priority from sender to recipient logging. Suggested by 1363 Ulrich Windl of the Universitat Regensburg. 1364 Add support for Berkeley DB 3.X. 1365 Add fix for Berkeley DB 2.X fcntl() locking race condition. 1366 Requires a post-2.7.5 version of Berkeley DB. 1367 Support writing traffic log (sendmail -X option) to a FIFO. 1368 Patch submitted by Rick Heaton of Network Associates, Inc. 1369 Do not ignore Timeout settings in the .cf file when a Timeout 1370 sub-options is set on the command line. Problem noted by 1371 Graeme Hewson of Oracle. 1372 Randomize equal preference MX records each time delivery is 1373 attempted via a new connection to a host instead of once per 1374 session. Suggested by Scott Salvidio of Compaq. 1375 Implement enhanced status codes as defined by RFC 2034. 1376 Add [hostname] to class w for the names of all interfaces unless 1377 DontProbeInterfaces is set. This is useful for sending mails 1378 to hosts which have dynamically assigned names. 1379 If a message is bounced due to bad MIME conformance, avoid bouncing 1380 the bounce for the same reason. If the body is not 8-bit 1381 clean, and EightBitMode isn't set to pass8, the body will 1382 not be included in the bounce. Problem noted by Valdis 1383 Kletnieks of Virginia Tech. 1384 The timeout for sending a message via SMTP has been changed from 1385 '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which 1386 simply checks for progress on sending data every 5 minutes. 1387 This will detect the inability to send information quicker 1388 and reduce the number of processes simply waiting to 1389 timeout. 1390 Prevent a segmentation fault on systems which give a partial filled 1391 interface address structure when loading the system network 1392 interface addresses. Fix from Reinier Bezuidenhout of 1393 Nanoteq. 1394 Add a compile-time configuration macro, MAXINTERFACES, which 1395 indicates the number of interfaces to read when probing 1396 for hostnames and IP addresses for class w ($=w). The 1397 default value is 512. Based on idea from Reinier 1398 Bezuidenhout of Nanoteq. 1399 If the RefuseLA option is set to 0, do not reject connections based 1400 on load average. 1401 Allow ruleset 0 to have a name. Problem noted by Neil Rickert of 1402 Northern Illinois University. 1403 Expand the Return-Path: header at delivery time, after "owner-" 1404 envelope splitting has occurred. 1405 Don't try to sort the queue if there are no entries. Patch from 1406 Luke Mewburn from RMIT University. 1407 Add a "/quit" command to address test mode. 1408 Include the proper sender in the UNIX "From " line and Return-Path: 1409 header when undeliverable mail is saved to ~/dead.letter. 1410 Problem noted by Kari Hurtta of the Finnish Meteorological 1411 Institute. 1412 The contents of a class can now be copied to another class using 1413 the syntax: "C{Dest} $={Source}". This would copy all of 1414 the items in class $={Source} into the class $={Dest}. 1415 Include original envelope's error transcript in bounces created for 1416 split (owner-) envelopes to see the original errors when 1417 the recipients were added. Based on fix from Motonori 1418 Nakamura of Kyoto University. 1419 Show reason for permanent delivery errors directly after the 1420 addresses. From Motonori Nakamura of Kyoto University. 1421 Prevent a segmentation fault when bouncing a split-envelope 1422 message. Patch from Motonori Nakamura of Kyoto University. 1423 If the specification for the queue run interval (-q###) has a 1424 syntax error, consider the error fatal and exit. 1425 Pay attention to CheckpointInterval during LMTP delivery. Problem 1426 noted by Motonori Nakamura of Kyoto University. 1427 On operating systems which have setlogin(2), use it to set the 1428 login name to the RunAsUserName when starting as a daemon. 1429 This is for delivery to programs which use getlogin(). 1430 Based on fix from Motonori Nakamura of Kyoto University. 1431 Differentiate between "command not implemented" and "command 1432 unrecognized" in the SMTP dialogue. 1433 Strip returns from forward and include files. Problem noted by 1434 Allan E Johannesen of Worcester Polytechnic Institute. 1435 Prevent a core dump when using 'sendmail -bv' on an address which 1436 resolves to the $#error mailer with a temporary failure. 1437 Based on fix from Neil Rickert of Northern Illinois 1438 University. 1439 Prevent multiple deliveries of a message with a "non-local alias" 1440 pointing to a local user, if canonicalization fails 1441 the message was requeued *and* delivered to the alias. 1442 If an invalid ruleset is declared, the ruleset name could be 1443 ignored and its rules added to S0. Instead, ignore the 1444 ruleset lines as well. 1445 Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient 1446 success DSN fields as well as duplicate entries for a 1447 single address due to S5 and UserDB processing. Problems 1448 noted by Kari Hurtta of the Finnish Meteorological 1449 Institute. 1450 Turn off timeouts when exiting sendmail due to an interrupt signal 1451 to prevent the timeout from firing during the exit process. 1452 Problem noted by Michael Shapiro of Sun Microsystems. 1453 Do not append @MyHostName to non-RFC822 addresses output by the EXPN 1454 command or on Final-Recipient: and X-Actual-Recipient: DSN 1455 headers. Non-RFC822 addresses include deliveries to 1456 programs, file, DECnet, etc. 1457 Fix logic for determining if a local user is using -f or -bs to 1458 spoof their return address. Based on idea from Neil Rickert 1459 of Northern Illinois University and patch from Per Hedeland 1460 of Ericsson. 1461 Report the proper UID in the bounce message if an :include: file is 1462 owned by a uid that doesn't map to a username and the 1463 :include: file contains delivery to a file or program. 1464 Problem noted by John Beck of Sun Microsystems. 1465 Avoid the attempt of trying to send a second SMTP QUIT command if 1466 the remote server responds to the first QUIT with a 4xx 1467 response code and drops the connection. This behavior was 1468 noted by Ulrich Windl of the Universitat Regensburg when 1469 sendmail was talking to the Mercury 1.43 MTA. 1470 If a hostname lookup times out and ServiceSwitchFile is set but the 1471 file is not present, the lookup failure would be marked as 1472 a permanent failure instead of a temporary failure. Fix 1473 from Russell King of the ARM Linux Project. 1474 Handle aliases or forwards which deliver to programs using tabs 1475 instead of spaces between arguments. Problem noted by Randy 1476 Wormser. Fix from Neil Rickert of Northern Illinois 1477 University. 1478 Allow MaxRecipientsPerMessage option to be set on the command line 1479 by normal users (e.g., sendmail won't drop its root 1480 privileges) to allow overrides for message submission via 1481 'sendmail -bs'. 1482 Set the names for help file and statistics file to "helpfile" and 1483 "statistics", respectively, if no parameters are given for 1484 them in the .cf file. 1485 Avoid bogus 'errbody: I/O Error -7' log messages when sending 1486 success DSN messages for messages relayed to non-DSN aware 1487 systems. Problem noted by Juergen Georgi of RUS University 1488 of Stuttgart and Kyle Tucker of Parexel International. 1489 Prevent +detail information from interfering with local delivery to 1490 multiple users in the same transaction (F=m). 1491 Add H_FORCE flag for the X-Authentication-Warning: header, so it 1492 will be added even if one already exists. Problem noted 1493 by Michal Zalewski of Marchew Industries. 1494 Stop processing SMTP commands if the SMTP connection is dropped. 1495 This prevents a remote system from flooding the connection 1496 with commands and then disconnecting. Previously, the 1497 server would process all of the buffered commands. Problem 1498 noted by Michal Zalewski of Marchew Industries. 1499 Properly process user-supplied headers beginning with '?'. Problem 1500 noted by Michal Zalewski of Marchew Industries. 1501 If multiple header checks resolve to the $#error mailer, use the 1502 last permanent (5XX) failure if any exist. Otherwise, use 1503 the last temporary (4XX) failure. 1504 RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch 1505 from Ronald F. Guilmette of Infinite Monkeys & Co. 1506 Timeout.ident now defaults to 5 seconds instead of 30 seconds to 1507 prevent the now common delays associated with mailing to a 1508 site which drops IDENT packets. Suggested by many. 1509 Persistent host status data is not reloaded disk when current data 1510 is available in the in-memory cache. Problem noted by Per 1511 Hedeland of Ericsson. 1512 mailq displays unprintable characters in addresses as their octal 1513 representation and a leading backslash. This avoids problems 1514 with "unprintable" characters. Problem noted by Michal 1515 Zalewski of the "Internet for Schools" project (IdS). 1516 The mail line length limit (L= equate) was adding the '!' indicator 1517 one character past the limit. This would cause subsequent 1518 hops to break the line again. The '!' is now placed in 1519 the last column of the limit if the line needs to be broken. 1520 Problem noted by Joe Pruett of Q7 Enterprises. Based on fix 1521 from Per Hedeland of Ericsson. 1522 If a resolver ANY query is larger than the UDP packet size, the 1523 resolver will fall back to TCP. However, some 1524 misconfigured firewalls black 53/TCP so the ANY lookup 1525 fails whereas an MX or A record might succeed. Therefore, 1526 don't fail on ANY queries. 1527 If an SMTP recipient is rejected due to syntax errors in the 1528 address, do not send an empty postmaster notification DSN 1529 to the postmaster. Problem noted by Neil Rickert of 1530 Northern Illinois University. 1531 Allow '_' and '.' in map names when parsing a sequence map 1532 specification. Patch from William Setzer of North Carolina 1533 State University. 1534 Fix hostname in logging of read timeouts for the QUIT command on 1535 cached connections. Problem noted by Neil Rickert of 1536 Northern Illinois University. 1537 Use a more descriptive entry to log "null" connections, i.e., 1538 "host did not issue MAIL/EXPN/VRFY/ETRN during connection". 1539 Fix a file descriptor leak in ONEX mode. 1540 Portability: 1541 Reverse signal handling logic such that sigaction(2) with 1542 the SA_RESTART flag is the preferred method and the 1543 other signal methods are only tried if SA_RESTART 1544 is not available. Problem noted by Allan E 1545 Johannesen of Worcester Polytechnic Institute. 1546 AIX 4.x supports the sa_len member of struct sockaddr. 1547 This allows network interface probing to work 1548 properly. Fix from David Bronder of the 1549 University of Iowa. 1550 AIX 4.3 has snprintf() support. 1551 Use "PPC" as the architecture name when building under 1552 AIX. This will be reflected in the obj.* directory 1553 name. 1554 Apple Darwin support based on Apple Rhapsody port. 1555 Fixed AIX 'make depend' method from Valdis Kletnieks of 1556 Virginia Tech. 1557 Digital UNIX has uname(2). 1558 GNU Hurd updates from Mark Kettenis of the University of 1559 Amsterdam. 1560 Improved HPUX 11.0 portability. 1561 Properly determine the number of CPUs on FreeBSD 2.X, 1562 FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X. 1563 Remove special IRIX ABI cases from Build script and the OS 1564 files. Use the standard 'cc' options used by SGI 1565 in building the operating system. Users can 1566 override the defaults by setting confCC and 1567 confLIBSEARCHPATH appropriately. 1568 IRIX nsd map support from Bob Mende of SGI. 1569 Minor devtools fixes for IRIX from Bob Mende of SGI. 1570 Linux patch for IP_SRCROUTE support from Joerg Dorchain 1571 of MW EDV & ELECTRONIC. 1572 Linux now uses /usr/sbin for confEBINDIR in the build 1573 system. From MATSUURA Takanori of Osaka University. 1574 Remove special treatment for Linux PPC in the build 1575 system. From MATSUURA Takanori of Osaka University. 1576 Motorolla UNIX SYSTEM V/88 Release 4.0 support from 1577 Sergey Rusanov of the Republic of Udmurtia. 1578 NCR MP-RAS 3.x includes regular expression support. From 1579 Tom J. Moore of NCR. 1580 NEC EWS-UX/V series settings for _PATH_VENDOR_CF and 1581 _PATH_SENDMAILPID from Oota Toshiya of 1582 NEC Computers Group Planning Division. 1583 Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D. 1584 NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and 1585 1024 in conf.h. Since confENVDEF would be used, 1586 use that value in conf.h. 1587 Use NeXT's NETINFO to get domain name. From Gerd Knops of 1588 BITart Consulting. 1589 Use NeXT's NETINFO for alias and hostname resolution if 1590 AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are 1591 defined. Patch from Wilfredo Sanchez of Apple 1592 Computer, Inc. 1593 NeXT portability tweaks. Problems reported by Dragan 1594 Milicic of the University of Utah and J. P. McCann 1595 of E I A. 1596 New compile flag FAST_PID_RECYCLE: set this if your system 1597 can reuse the same PID in the same second. 1598 New compile flag HASFCHOWN: set this if your OS has 1599 fchown(2). 1600 New compile flag HASRANDOM: set this to 0 if your OS does 1601 not have random(3). rand() will be used instead. 1602 New compile flag HASSRANDOMDEV: set this if your OS has 1603 srandomdev(3). 1604 New compile flag HASSETLOGIN: set this if your OS has 1605 setlogin(2). 1606 Replace SINIX and ReliantUNIX support with version 1607 specific SINIX files. From Gerald Rinske of 1608 Siemens Business Services. 1609 Use the 60-second load average instead of the 5 second load 1610 average on Compaq Tru64 UNIX (formerly Digital 1611 UNIX). From Chris Teakle of the University of Qld. 1612 Use ANSI C by default for Compaq Tru64 UNIX. Suggested by 1613 Randall Winchester of Swales Aerospace. 1614 Correct setgroups() prototype for Compaq Tru64 UNIX. 1615 Problem noted by Randall Winchester of Swales 1616 Aerospace. 1617 Hitachi 3050R/3050RX and 3500 Workstations running 1618 HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori 1619 NAKAMURA of Kyoto University. 1620 New compile flag NO_GETSERVBYNAME: set this to disable 1621 use of getservbyname() on systems which can 1622 not lookup a service by name over NIS, such as 1623 HI-UX. Patch from Motonori NAKAMURA of Kyoto 1624 University. 1625 Use devtools/bin/install.sh on SCO 5.x. Problem noted 1626 by Sun Wenbing of the China Engineering and 1627 Technology Information Network. 1628 make depend didn't work properly on UNIXWARE 4.2. Problem 1629 noted by Ariel Malik of Netology, Ltd. 1630 Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 1631 Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD, 1632 and OpenBSD. 1633 A recent Compaq Ultrix 4.5 Y2K patch has broken detection 1634 of local_hostname_length(). See sendmail/README 1635 for more details. Problem noted by Allan E 1636 Johannesen of Worcester Polytechnic Institute. 1637 CONFIG: Begin using /etc/mail/ for sendmail related files. This 1638 affects a large number of files. See cf/README for more 1639 details. 1640 CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including 1641 trailing slash) for the mail settings directory. 1642 CONFIG: Increment version number of config file to 9. 1643 CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been 1644 deprecated and may be removed from a future release. 1645 BSD/OS users should begin using OSTYPE(`bsdi'). 1646 CONFIG: OpenBSD 2.4 installs mail.local non-set-user-id root. This 1647 requires a new OSTYPE(`openbsd'). From Todd C. Miller of 1648 Courtesan Consulting. 1649 CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X. 1650 CONFIG: A syntax error in check_mail would cause fake top-level 1651 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to 1652 be improperly rejected as unresolvable. 1653 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of 1654 DNS server, rejection message) and can be included 1655 multiple times. 1656 CONFIG: New FEATURE(`relay_mail_from') allows relaying if the 1657 mail sender is listed as RELAY in the access map (and tagged 1658 with From:). 1659 CONFIG: Optional tagging of LHS in the access map (Connect:, 1660 From:, To:) to enable finer control. 1661 CONFIG: New FEATURE(`ldap_routing') implements LDAP address 1662 routing. See cf/README for a complete description of the 1663 new functionality. 1664 CONFIG: New variables for the new sendmail options: 1665 confAUTH_MECHANISMS AuthMechanisms 1666 confAUTH_OPTIONS AuthOptions 1667 confCLIENT_OPTIONS ClientPortOptions 1668 confCONTROL_SOCKET_NAME ControlSocketName 1669 confDEAD_LETTER_DROP DeadLetterDrop 1670 confDEF_AUTH_INFO DefaultAuthInfo 1671 confDF_BUFFER_SIZE DataFileBufferSize 1672 confLDAP_DEFAULT_SPEC LDAPDefaultSpec 1673 confMAX_ALIAS_RECURSION MaxAliasRecursion 1674 confMAX_HEADERS_LENGTH MaxHeadersLength 1675 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 1676 confPID_FILE PidFile 1677 confPROCESS_TITLE_PREFIX ProcessTitlePrefix 1678 confRRT_IMPLIES_DSN RrtImpliesDsn 1679 confTO_CONTROL Timeout.control 1680 confTO_RESOLVER_RETRANS Timeout.resolver.retrans 1681 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 1682 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 1683 confTO_RESOLVER_RETRY Timeout.resolver.retry 1684 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 1685 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 1686 confTRUSTED_USER TrustedUser 1687 confXF_BUFFER_SIZE XscriptFileBufferSize 1688 CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(), 1689 which takes the options as argument and can be used 1690 multiple times; see cf/README for details. 1691 CONFIG: Add a fifth mailer definition to MAILER(`smtp') called 1692 "dsmtp". This mail provides on-demand delivery using the 1693 F=% mailer flag described above. The "dsmtp" mailer 1694 definition uses the new DSMTP_MAILER_ARGS which defaults 1695 to "IPC $h". 1696 CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS, 1697 and RELAY_MAILER_MAXMSGS for setting the m= equate for the 1698 local, smtp, and relay mailers respectively. 1699 CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting 1700 the DSN Diagnostic-Code type for the local mailer. The 1701 value should be changed with care. 1702 CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type 1703 for the local mailer to the proper value of "SMTP". 1704 CONFIG: All included maps are no longer optional by default; if 1705 there there is a problem with a map, sendmail will 1706 complain. 1707 CONFIG: Removed root from class E; use EXPOSED_USER(`root') 1708 to get the old behavior. Suggested by Joe Pruett 1709 of Q7 Enterprises. 1710 CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which 1711 will not be masqueraded. Proposed by Arne Wichmann 1712 of MPI Saarbruecken, Griff Miller of PGS Tensor, 1713 Jayme Cox of Broderbund Software Inc. 1714 CONFIG: A list of exceptions for FEATURE(`nocanonify') can be 1715 specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 1716 i.e., a list of domains which are passed to $[ ... $] 1717 for canonification. Based on an idea from Neil Rickert 1718 of Northern Illinois University. 1719 CONFIG: If `canonify_hosts' is specified as parameter for 1720 FEATURE(`nocanonify') then addresses which have only 1721 a hostname, e.g., <user@host>, will be canonified. 1722 CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is 1723 nevertheless added to addresses with more than one component 1724 in it. 1725 CONFIG: Canonification is no longer attempted for any host or domain 1726 in class 'P' ($=P). 1727 CONFIG: New class for matching virtusertable entries $={VirtHost} that 1728 can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE. 1729 FEATURE(`virtuser_entire_domain') can be used to apply this 1730 class also to entire subdomains. Hosts in this class are 1731 treated as canonical in SCanonify2, i.e., a trailing dot 1732 is added. 1733 CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used, 1734 include $={VirtHost} in $=R (hosts allowed to relay). 1735 CONFIG: FEATURE(`generics_entire_domain') can be used to apply the 1736 genericstable also to subdomains of $=G. 1737 CONFIG: Pass "+detail" as %2 for virtusertable lookups. 1738 Patch from Noam Freedman from University of Chicago. 1739 CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested 1740 by Raymond S Brand of rsbx.net. 1741 CONFIG: Allow @domain in genericstable to override masquerading. 1742 Suggested by Owen Duffy from Owen Duffy & Associates. 1743 CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve 1744 Hubert of University of Washington. 1745 CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as 1746 GNU is now the canonical system name. From Mark 1747 Kettenis of the University of Amsterdam. 1748 CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman. 1749 CONFIG: Do not include '=' in option expansion if there is no value 1750 associated with the option. From Andrew Brown of 1751 Graffiti World Wide, Inc. 1752 CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed 1753 by Philip A. Prindeville of Enteka Enterprise Technology 1754 Services. 1755 CONFIG: MAILER(`cyrus') was not preserving case for mail folder 1756 names. Problem noted by Randall Winchester of Swales 1757 Aerospace. 1758 CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags 1759 for the relay mailer. Suggested by Doug Hughes of Auburn 1760 University and Brian Candler. 1761 CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path: 1762 header) by default. Suggested by Per Hedeland of Ericsson. 1763 CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host]. 1764 Suggested by Kari Hurtta of the Finnish Meteorological 1765 Institute. 1766 CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS; 1767 i.e., to set, add, or delete flags. 1768 CONFIG: If SMTP AUTH is used then relaying is allowed for any user 1769 who authenticated via a "trusted" mechanism, i.e., one that 1770 is defined via TRUST_AUTH_MECH(`list of mechanisms'). 1771 CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay 1772 after check_rcpt and allows for exceptions from the checks. 1773 CONFIG: Map declarations have been moved into their associated 1774 feature files to allow greater flexibility in use of 1775 sequence maps. Suggested by Per Hedeland of Ericsson. 1776 CONFIG: New macro LOCAL_MAILER_EOL to override the default end of 1777 line string for the local mailer. Requested by Il Oh of 1778 Willamette Industries, Inc. 1779 CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is 1780 converted to <user@d> 1781 CONFIG: Reject bogus return address of <@@hostname>, generated by 1782 Sun's older, broken configuration files. 1783 CONFIG: FEATURE(`nullclient') now provides the full rulesets of a 1784 normal configuration, allowing anti-spam checks to be 1785 performed. 1786 CONFIG: Don't return a permanent error (Relaying denied) if 1787 ${client_name} can't be resolved just temporarily. 1788 Suggested by Kari Hurtta of the Finnish Meteorological 1789 Institute. 1790 CONFIG: Change numbered rulesets into named (which still can 1791 be accessed by their numbers). 1792 CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial 1793 which describes whether to disallow "!" in the local part 1794 of an address. 1795 CONFIG: Call Local_localaddr from localaddr (S5) which can be used 1796 to rewrite an address from a mailer which has the F=5 flag 1797 set. If the ruleset returns a mailer, the appropriate 1798 action is taken, otherwise the returned tokens are ignored. 1799 CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4 1800 and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4. 1801 The latter is kept around for backward compatibility. 1802 CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries, 1803 where "D.S.N" is an RFC 1893 compliant error code. 1804 CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 1805 CONFIG: Remove second space between username and date in UNIX From_ 1806 line. Noted by Allan E Johannesen of Worcester Polytechnic 1807 Institute. 1808 CONFIG: Make sure all of the mailers have complete T= equates. 1809 CONFIG: Extend FEATURE(`local_procmail') so it can now take 1810 arguments overriding the mailer program, arguments, and 1811 mailer definition flags. This makes it possible to use 1812 other programs such as maildrop for local delivery. 1813 CONFIG: Emit warning if FEATURE(`local_lmtp') or 1814 FEATURE(`local_procmail') is given after MAILER(`local'). 1815 Patch from Richard A. Nelson of IBM. 1816 CONFIG: Add SMTP Authentication information to Received: header 1817 default value (confRECEIVED_HEADER). 1818 CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a 1819 local mailer. Problem noted by Per Hedeland of Ericsson. 1820 CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the 1821 University of California at Berkeley. 1822 CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of 1823 Illinois at Urbana-Champaign. 1824 CONTRIB: etrn.pl now recognizes bogus host names. Patch from 1825 Bruce Barnett of GE's R&D Lab. 1826 CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle 1827 Corporation UK. 1828 CONTRIB: Added qtool.pl to assist in managing the queues. 1829 DEVTOOLS: Prevent user environment variables from interfering with 1830 the Build scripts. Problem noted by Ezequiel H. Panepucci of 1831 Yale University. 1832 DEVTOOLS: 'Build -M' will display the obj.* directory which will 1833 be used for building. 1834 DEVTOOLS: 'Build -A' will display the architecture that would be 1835 used for a fresh build. 1836 DEVTOOLS: New variable confRANLIB, set automatically by configure.sh. 1837 DEVTOOLS: New variable confRANLIBOPTS for the options to send to 1838 ranlib. 1839 DEVTOOLS: 'Build -O <path>' will have the object files build in 1840 <path>/obj.*. Suggested by Bryan Costales of Exactis. 1841 DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the 1842 building of the man pages when defined. Suggested by Bryan 1843 Costales. 1844 DEVTOOLS: New variables confNO_HELPFILE_INSTALL and 1845 confNO_STATISTICS_INSTALL which will prevent the 1846 installation of the sendmail helpfile and statistics file 1847 respectively. Suggested by Bryan Costales. 1848 DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske 1849 of Siemens Business Services. 1850 DEVTOOLS: New variable confSTDIO_TYPE which defines the type of 1851 stdio library. The new buffered file I/O depends on the 1852 Torek stdio library. This option can be either portable or 1853 torek. 1854 DEVTOOLS: New variables confSRCADD and confSMSRCADD which 1855 correspond to confOBJADD and confSMOBJADD respectively. 1856 They should contain the C source files for the object files 1857 listed in confOBJADD and confSMOBJADD. These file names 1858 will be passed to the 'make depend' stage of compilation. 1859 DEVTOOLS: New program specific variables for each of the programs 1860 in the sendmail distribution. Each has the form 1861 `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'. 1862 The new variables are conf_prog_ENVDEF, conf_prog_LIBS, 1863 conf_prog_SRCADD, and conf_prog_OBJADD. 1864 DEVTOOLS: Build system redesign. This should have little affect on 1865 building the distribution, but documentation on the changes 1866 are in devtools/README. 1867 DEVTOOLS: Don't allow 'Build -f file' if an object directory already 1868 exists. Suggested by Valdis Kletnieks of Virginia Tech. 1869 DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies 1870 the path to the sendmail source directory. confSRCDIR is a 1871 new variable which identifies the root of the source 1872 directories for all of the programs in the distribution. 1873 DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build 1874 time. They can both still be overridden by setting the m4 1875 macro. 1876 DEVTOOLS: confSBINGRP now defaults to bin instead of kmem. 1877 DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for 1878 build configurations, and places objects in obj.prefix.*/. 1879 Complains as 'Build -f file' does for existing object 1880 directories. Suggested by Tom Smith of Digital Equipment 1881 Corporation. 1882 DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted 1883 manual pages in the directory tree specified by 1884 confMANROOTMAN. 1885 DEVTOOLS: If formatting the manual pages fails, copy in the 1886 preformatted pages from the distribution. The new variable 1887 confCOPY specifies the copying program. 1888 DEVTOOLS: Defining confFORCE_RMAIL will install rmail without 1889 question. Suggested by Terry Lambert of Whistle 1890 Communications. 1891 DEVTOOLS: confSTFILE and confHFFILE can be used to change the names 1892 of the installed statistics and help files, respectively. 1893 DEVTOOLS: Remove spaces in `uname -r` output when determining 1894 operating system identity. Problem noted by Erik 1895 Wachtenheim of Dartmouth College. 1896 DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that 1897 will be search for the libraries specified in confLIBSEARCH. 1898 Defaults to "/lib /usr/lib /usr/shlib". 1899 DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying 1900 how to strip binaries. These are used by the new 1901 install-strip target. 1902 DEVTOOLS: New config file site.post.m4 which is included after 1903 the others (if it exists). 1904 DEVTOOLS: Change order of LIBS: first product specific libraries 1905 then the default ones. 1906 MAIL.LOCAL: Will not be installed set-user-id root. To use mail.local 1907 as local delivery agent without LMTP mode, use 1908 MODIFY_MAILER_FLAGS(`LOCAL', `+S') 1909 to set the S flag. 1910 MAIL.LOCAL: Do not reject addresses which would otherwise be 1911 accepted by sendmail. Suggested by Neil Rickert of 1912 Northern Illinois University. 1913 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise 1914 8BITMIME in the LHLO response. Suggested by Kari Hurtta of 1915 the Finnish Meteorological Institute. 1916 MAIL.LOCAL: Add support for the maillock() routines by defining 1917 MAILLOCK when compiling. Also requires linking with 1918 -lmail. Patch from Neil Rickert of Northern Illinois 1919 University. 1920 MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is 1921 defined when compiling. Automatically set for Solaris 2.3 1922 and later. Patch from Neil Rickert of Northern Illinois 1923 University. 1924 MAIL.LOCAL: Move the initialization of the 'notifybiff' address 1925 structure to the beginning of the program. This ensures that 1926 the getservbyname() is done before any seteuid to a possibly 1927 unauthenticated user. If you are using NIS+ and secure RPC 1928 on a Solaris system, this avoids syslog messages such as, 1929 "authdes_refresh: keyserv(1m) is unable to encrypt session 1930 key." Patch from Neil Rickert of Northern Illinois 1931 University. 1932 MAIL.LOCAL: Support group writable mail spool files when MAILGID is 1933 set to the gid to use (-DMAILGID=6) when compiling. 1934 Patch from Neil Rickert of Northern Illinois University. 1935 MAIL.LOCAL: When a mail message included lines longer than 2046 1936 characters (in LMTP mode), mail.local split the incoming 1937 line up into 2046-character output lines (excluding the 1938 newline). If an input line was 2047 characters long 1939 (excluding CR-LF) and the last character was a '.', 1940 mail.local saw it as the end of input, transfered it to the 1941 user mailbox and tried to write an `ok' back to sendmail. 1942 If the message was much longer, both sendmail and 1943 mail.local would deadlock waiting for each other to read 1944 what they have written. Problem noted by Peter Jeremy of 1945 Alcatel Australia Limited. 1946 MAIL.LOCAL: New option -b to return a permanent error instead of a 1947 temporary error if a mailbox exceeds quota. Suggested by 1948 Neil Rickert of Northern Illinois University. 1949 MAIL.LOCAL: The creation of a lockfile is subject to a global 1950 timeout to avoid starvation. 1951 MAIL.LOCAL: Properly parse addresses with multiple quoted 1952 local-parts. Problem noted by Ronald F. Guilmette of 1953 Infinite Monkeys & Co. 1954 MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR. 1955 MAILSTATS: New -p option to invoke program mode in which stats are 1956 printed in a machine readable fashion and the stats file 1957 is reset. Patch from Kevin Hildebrand of the University 1958 of Maryland. 1959 MAKEMAP: If running as root, automatically change the ownership of 1960 generated maps to the TrustedUser as specified in the 1961 sendmail configuration file. 1962 MAKEMAP: New -C option to accept an alternate sendmail 1963 configuration file to use for finding the TrustedUser 1964 option. 1965 MAKEMAP: New -u option to dump (unmap) a database. Based on 1966 code contributed by Roy Mongiovi of Georgia Tech. 1967 MAKEMAP: New -e option to allow empty values. Suggested by Philip 1968 A. Prindeville of Enteka Enterprise Technology Services. 1969 MAKEMAP: Compile cleanly on 64-bit operating systems. Problem 1970 noted by Gerald Rinske of Siemens Business Services. 1971 OP.ME: Correctly document interaction between F=S and U= mailer 1972 equates. Problem noted by Bob Halley of Internet Engines. 1973 OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle 1974 Corporation UK. 1975 OP.ME: The Timeout [r] option was incorrectly listed as "safe" 1976 (e.g., sendmail would not drop root privileges if the 1977 option was specified on the command line). Problem noted 1978 by Todd C. Miller of Courtesan Consulting. 1979 PRALIASES: Handle the hash and btree map specifications for 1980 Berkeley DB. Patch from Brian J. Coan of the 1981 Institute for Global Communications. 1982 PRALIASES: Read the sendmail.cf file for the location(s) of the 1983 alias file(s) if the -f option is not used. Patch from 1984 John Beck of Sun Microsystems. 1985 PRALIASES: New -C option to specify an alternate sendmail 1986 configuration file to use for finding alias file(s). Patch 1987 from John Beck of Sun Microsystems. 1988 SMRSH: allow shell commands echo, exec, and exit. Allow command 1989 lists using || and &&. Based on patch from Brian J. Coan 1990 of the Institute for Global Communications. 1991 SMRSH: Update README for the new Build system. From Tim Pierce 1992 of RootsWeb Genealogical Data Cooperative. 1993 VACATION: Added vacation auto-responder to sendmail distribution. 1994 LIBSMDB: Added abstracted database library. Works with Berkeley 1995 DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. 1996 Changed Files: 1997 The Build script in the various program subdirectories are 1998 no longer symbolic links. They are now scripts 1999 which execute the actual Build script in 2000 devtools/bin. 2001 All the manual pages are now written against -man and not 2002 -mandoc as they were previously. 2003 Add a simple Makefile to every directory so make instead 2004 of Build will work (unless parameters are 2005 required for Build). 2006 New Directories: 2007 devtools/M4/UNIX 2008 include 2009 libmilter 2010 libsmdb 2011 libsmutil 2012 vacation 2013 Renamed Directories: 2014 BuildTools => devtools 2015 src => sendmail 2016 Deleted Files: 2017 cf/m4/nullrelay.m4 2018 devtools/OS/Linux.ppc 2019 devtools/OS/ReliantUNIX 2020 devtools/OS/SINIX 2021 sendmail/ldap_map.h 2022 New Files: 2023 INSTALL 2024 PGPKEYS 2025 cf/cf/generic-linux.cf 2026 cf/cf/generic-linux.mc 2027 cf/feature/delay_checks.m4 2028 cf/feature/dnsbl.m4 2029 cf/feature/generics_entire_domain.m4 2030 cf/feature/no_default_msa.m4 2031 cf/feature/relay_mail_from.m4 2032 cf/feature/virtuser_entire_domain.m4 2033 cf/mailer/qpage.m4 2034 cf/ostype/bsdi.m4 2035 cf/ostype/hpux11.m4 2036 cf/ostype/openbsd.m4 2037 contrib/bounce-resender.pl 2038 contrib/domainmap.m4 2039 contrib/qtool.8 2040 contrib/qtool.pl 2041 devtools/M4/depend/AIX.m4 2042 devtools/M4/list.m4 2043 devtools/M4/string.m4 2044 devtools/M4/subst_ext.m4 2045 devtools/M4/switch.m4 2046 devtools/OS/Darwin 2047 devtools/OS/GNU 2048 devtools/OS/SINIX.5.43 2049 devtools/OS/SINIX.5.44 2050 devtools/OS/m88k 2051 devtools/bin/find_in_path.sh 2052 mail.local/Makefile 2053 mailstats/Makefile 2054 makemap/Makefile 2055 praliases/Makefile 2056 rmail/Makefile 2057 sendmail/Makefile 2058 sendmail/bf.h 2059 sendmail/bf_portable.c 2060 sendmail/bf_portable.h 2061 sendmail/bf_torek.c 2062 sendmail/bf_torek.h 2063 sendmail/shmticklib.c 2064 sendmail/statusd_shm.h 2065 sendmail/timers.c 2066 sendmail/timers.h 2067 smrsh/Makefile 2068 vacation/Makefile 2069 Renamed Files: 2070 cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4 2071 sendmail/cdefs.h => include/sendmail/cdefs.h 2072 sendmail/sendmail.hf => sendmail/helpfile 2073 sendmail/mailstats.h => include/sendmail/mailstats.h 2074 sendmail/pathnames.h => include/sendmail/pathnames.h 2075 sendmail/safefile.c => libsmutil/safefile.c 2076 sendmail/snprintf.c => libsmutil/snprintf.c 2077 sendmail/useful.h => include/sendmail/useful.h 2078 cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4 2079 Copied Files: 2080 cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4 2081 20828.9.3/8.9.3 1999/02/04 2083 SECURITY: Limit message headers to a maximum of 32K bytes (total 2084 of all headers in a single message) to prevent a denial of 2085 service attack. This limit will be configurable in 8.10. 2086 Problem noted by Michal Zalewski of the "Internet for 2087 Schools" project (IdS). 2088 Prevent segmentation fault on an LDAP lookup if the LDAP map 2089 was closed due to an earlier failure. Problem noted by 2090 Jeff Wasilko of smoe.org. Fix from Booker Bense of 2091 Stanford University and Per Hedeland of Ericsson. 2092 Preserve the order of the MIME headers in multipart messages 2093 when performing the MIME header length check. This 2094 will allow PGP signatures to function properly. Problem 2095 noted by Lars Hecking of University College, Cork, Ireland. 2096 If ruleset 5 rewrote the local address to an :include: directive, 2097 the delivery would fail with an "aliasing/forwarding loop 2098 broken" error. Problem noted by Eric C Hagberg of Morgan 2099 Stanley. Fix from Per Hedeland of Ericsson. 2100 Allow -T to work for bestmx maps. Fix from Aaron Schrab of 2101 ExecPC Internet Systems. 2102 During the transfer of a message in an SMTP transaction, if a 2103 TCP timeout occurs, the message would be properly queued 2104 for later retry but the failure would be logged as 2105 "Illegal Seek" instead of a timeout. Problem noted by 2106 Piotr Kucharski of the Warsaw School of Economics (SGH) 2107 and Carles Xavier Munyoz Baldo of CTV Internet. 2108 Prevent multiple deliveries on a self-referencing alias if the 2109 F=w mailer flag is not set. Problem noted by Murray S. 2110 Kucherawy of Concentric Network Corporation and Per 2111 Hedeland of Ericsson. 2112 Do not strip empty headers but if there is no value and a 2113 default is defined in sendmail.cf, use the default. 2114 Problem noted by Philip Guenther of Gustavus Adolphus 2115 College and Christopher McCrory of Netus, Inc. 2116 Don't inherit information about the sender (notably the full name) 2117 in SMTP (-bs) mode, since this might be called from inetd. 2118 Accept any 3xx reply code in response to DATA command instead of 2119 requiring 354. This change will match the wording to be 2120 published in the updated SMTP specification from the DRUMS 2121 group of the IETF. 2122 Portability: 2123 AIX 4.2.0 or 4.2.1 may become updated by the fileset 2124 bos.rte.net level 4.2.0.2. This introduces the 2125 softlink /usr/lib/libbind.a which should 2126 not be used. It conflicts with the resolver 2127 built into libc.a. "bind" has been removed 2128 from the confLIBSEARCH BuildTools variable. 2129 Users who have installed BIND 8.X will have 2130 to add it back in their site.config.m4 file. 2131 Problem noted by Ole Holm Nielsen of the 2132 Technical University of Denmark. 2133 CRAY TS 10.0.x from Sven Nielsen of San Diego 2134 Supercomputer Center. 2135 Improved LDAP version 3 integration based on input 2136 from Kurt D. Zeilenga of the OpenLDAP Foundation, 2137 John Beck of Sun Microsystems, and Booker Bense 2138 of Stanford University. 2139 Linux doesn't have a standard way to get the timezone 2140 between different releases. Back out the 2141 change in 8.9.2 and don't attempt to derive 2142 a timezone. Problem reported by Igor S. Livshits 2143 of the University of Illinois at Urbana-Champaign 2144 and Michael Dickens of Tetranet Communications. 2145 Reliant UNIX, the new name for SINIX, from Gert-Jan Looy 2146 of Siemens/SNI. 2147 SunOS 5.8 from John Beck of Sun Microsystems. 2148 CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper 2149 timezone. Problem noted by Petr Lampa of Technical 2150 University of Brno. 2151 CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly 2152 when using FEATURE(bestmx_is_local). Patch from Neil W. 2153 Rickert of Northern Illinois University. 2154 CONFIG: Properly handle source routed and %-hack addresses on 2155 hosts which the mailertable remaps to local:. Patch from 2156 Neil W. Rickert of Northern Illinois University. 2157 CONFIG: Internal fixup of mailertable local: map value. Patch from 2158 Larry Parmelee of Cornell University. 2159 CONFIG: Only add back +detail from host portion of mailer triplet 2160 on local mailer triplets if it was originally +detail. 2161 Patch from Neil W. Rickert of Northern Illinois University. 2162 CONFIG: The bestmx_is_local checking done in check_rcpt would 2163 cause later checks to fail. Patch from Paul J Murphy of 2164 MIDS Europe. 2165 New Files: 2166 BuildTools/OS/CRAYTS.10.0.x 2167 BuildTools/OS/ReliantUNIX 2168 BuildTools/OS/SunOS.5.8 2169 21708.9.2/8.9.2 1998/12/30 2171 SECURITY: Remove five second sleep on accepting daemon connections 2172 due to an accept() failure. This sleep could be used 2173 for a denial of service attack. 2174 Do not silently ignore queue files with names which are too long. 2175 Patch from Bryan Costales of InfoBeat, Inc. 2176 Do not store failures closing an SMTP session in persistent 2177 host status. Reported by Graeme Hewson of Oracle 2178 Corporation UK. 2179 Allow symbolic link forward files if they are in safe directories. 2180 Problem noted by Andreas Schott of the Max Planck Society. 2181 Missing columns in a text map could cause a segmentation fault. 2182 Fix from David Lee of the University of Durham. 2183 Note that for 8.9.X, PrivacyOptions=goaway also includes the 2184 noetrn flag. This is scheduled to change in a future 2185 version of sendmail. Problem noted by Theo Van Dinter of 2186 Chrysalis Symbolic Designa and Alan Brown of Manawatu 2187 Internet Services. 2188 When trying to do host canonification in a Wildcard MX 2189 environment, try an MX lookup of the hostname without the 2190 default domain appended. Problem noted by Olaf Seibert of 2191 Polderland Language & Speech Technology. 2192 Reject SMTP RCPT To: commands with only comments (i.e. 2193 'RCPT TO: (comment)'. Problem noted by Earle Ake of 2194 Hassler Communication Systems Technology, Inc. 2195 Handle any number of %s in the LDAP filter spec. Patch from 2196 Per Hedeland of Ericsson. 2197 Clear ldapx open timeouts even if the map open failed to prevent 2198 a segmentation fault. Patch from Wayne Knowles of the 2199 National Institute of Water & Atmospheric Research Ltd. 2200 Do not syslog envelope clone messages when using address 2201 verification (-bv). Problem noted by Kari Hurtta of the 2202 Finnish Meteorological Institute. 2203 Continue to perform queue runs while in daemon mode even if the 2204 daemon is rejecting connections due to a disk full 2205 condition. Problem noted by JR Oldroyd of TerraNet 2206 Internet Services. 2207 Include full filename on installation of the sendmail.hf file 2208 in case the $HFDIR directory does not exist. Problem 2209 noted by Josef Svitak of Montana State University. 2210 Close all maps when exiting the process with one exception. 2211 Berkeley DB can use internal shared memory locking for 2212 its memory pool. Closing a map opened by another process 2213 will interfere with the shared memory and locks of the 2214 parent process leaving things in a bad state. For 2215 Berkeley DB, only close the map if the current process 2216 is also the one that opened the map, otherwise only close 2217 the map file descriptor. Thanks to Yoseff Francus of 2218 Collective Technologies for volunteering his system for 2219 extended testing. 2220 Avoid null pointer dereference on XDEBUG output for SMTP reply 2221 failures. Problem noted by Carlos Canau of EUnet Portugal. 2222 On mailq and hoststat listings being piped to another program, such 2223 as more, if the pipe closes (i.e., the user quits more), 2224 stop sending output and exit. Patch from Allan E Johannesen 2225 of Worcester Polytechnic Institute. 2226 In accordance with the documentation, LDAP map lookup failures 2227 are now considered temporary failures instead of permanent 2228 failures unless the -t flag is used in the map definition. 2229 Problem noted by Booker Bense of Stanford University and 2230 Eric C. Hagberg of Morgan Stanley. 2231 Fix by one error reporting on long alias names. Problem noted by 2232 H. Paul Hammann of the Missouri Research and Education 2233 Network. 2234 Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem 2235 noted by Barry S. Finkel of Argonne National Laboratory. 2236 When automatically converting from 8 bit to quoted printable MIME, 2237 be careful not to miss a multi-part boundary if that 2238 boundary is preceded by a boundary-like line. Problem 2239 noted by Andreas Raschle of Ansid Inc. Fix from 2240 Kari Hurtta of the Finnish Meteorological Institute. 2241 Avoid bogus reporting of "LMTP tobuf overflow" when the buffer 2242 has enough space for the additional address. Problem 2243 noted by Steve Cliffe of the University of Wollongong. 2244 Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem 2245 noted by Alex Vorobiev of Swarthmore College. 2246 If the check_compat ruleset resolves to the $#discard mailer, 2247 discard the current recipient. Unlike check_relay, 2248 check_mail, and check_rcpt, the entire envelope is not 2249 discarded. Problem noted by RZ D. Rahlfs. Fix from 2250 Claus Assmann of Christian-Albrechts-University of Kiel. 2251 Avoid segmentation fault when reading ServiceSwitchFile files with 2252 bogus formatting. Patch from Kari Hurtta of the Finnish 2253 Meteorological Institute. 2254 Support Berkeley DB 2.6.4 API change. 2255 OP.ME: Pages weren't properly output on duplexed printers. Fix 2256 from Matthew Black of CSU Long Beach. 2257 Portability: 2258 Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc. 2259 Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase 2260 option structure. Problem noted by Ashley M. 2261 Kirchner of Photo Craft Laboratories, Inc. 2262 Break out IP address to hostname translation for 2263 reading network interface addresses into 2264 class 'w'. Patch from John Kennedy of 2265 Cal State University, Chico. 2266 AIX 4.x use -qstrict with -O3 to prevent the optimized 2267 from changing the semantics of the compiled 2268 program. From Simon Travaglia of the 2269 University of Waikato, New Zealand. 2270 FreeBSD 2.2.2 and later support setusercontext(). From 2271 Peter Wemm of DIALix. 2272 FreeBSD 3.x fix from Peter Wemm of DIALix. 2273 IRIX 5.x has a syslog buffer size of 512 bytes. From 2274 Nao NINOMIYA of Utsunomiya University. 2275 IRIX 6.5 64-bit Build support. 2276 LDAP Version 3 support from John Beck and Ravi Iyer 2277 of Sun Microsystems. 2278 Linux does not implement seteuid() properly. From 2279 John Kennedy of Cal State University, Chico. 2280 Linux timezone type was set improperly. From Takeshi Itoh 2281 of Bits Co., Ltd. 2282 NCR MP-RAS 3.x needs -lresolv for confLIBS. From 2283 Tom J. Moore of NCR. 2284 NeXT 4.x correction to man page path. From J. P. McCann 2285 of E I A. 2286 System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs) 2287 from Paul Gampe of the Asia Pacific Network 2288 Information Center. 2289 ULTRIX now requires an optimization limit of 970 from 2290 Allan E Johannesen of Worcester Polytechnic 2291 Institute. 2292 Fix extern declaration for sm_dopr(). Fix from Henk 2293 van Oers of Algemeen Nederlands Persbureau. 2294 CONFIG: Catch @hostname,user@anotherhost.domain as relaying. 2295 Problem noted by Mark Rogov of AirMedia, Inc. Fix from 2296 Claus Assmann of Christian-Albrechts-University of Kiel. 2297 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as 2298 there are multiple RBL's available and the MAPS RBL may 2299 not be the one in use. Suggested by Alan Brown of 2300 Manawatu Internet Services. 2301 CONFIG: Properly strip route addresses (i.e., @host1:user@host2) 2302 when stripping down a recipient address to check for 2303 relaying. Patch from Claus Assmann of 2304 Christian-Albrechts-University of Kiel and Neil W Rickert 2305 of Northern Illinois University. 2306 CONFIG: Allow the access database to override RBL lookups. Patch 2307 from Claus Assmann of Christian-Albrechts-University of 2308 Kiel. 2309 CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch 2310 Dot Com. 2311 CONFIG: Fixed check for deferred delivery mode warning. Patch 2312 from Claus Assmann of Christian-Albrechts-University of 2313 Kiel and Per Hedeland of Ericsson. 2314 CONFIG: If a recipient using % addressing is used, e.g. 2315 user%site@othersite, and othersite's MX records are now 2316 checked for local hosts if FEATURE(relay_based_on_MX) is 2317 used. Problem noted by Alexander Litvin of Lucky Net Ltd. 2318 Patch from Alexander Litvin of Lucky Net Ltd and 2319 Claus Assmann of Christian-Albrechts-University of Kiel. 2320 MAIL.LOCAL: Prevent warning messages from appearing in the LMTP 2321 stream. Do not allow more than one response per recipient. 2322 MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix 2323 from John Beck of Sun Microsystems. 2324 MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from 2325 John Beck of Sun Microsystems. 2326 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in 2327 the envelope From header. 2328 MAIL.LOCAL: Accept underscores in hostnames in LMTP mode. 2329 Problem noted by Glenn A. Malling of Syracuse University. 2330 MAILSTATS: Document msgsrej and msgsdis fields in the man page. 2331 Problem noted by Richard Wong of Princeton University. 2332 MAKEMAP: Build group list so group writable files are allowed with 2333 the -s flag. Problem noted by Curt Sampson of Internet 2334 Portal Services, Inc. 2335 PRALIASES: Automatically handle alias files created without the 2336 NULL byte at the end of the key. Patch from John Beck of 2337 Sun Microsystems. 2338 PRALIASES: Support Berkeley DB 2.6.4 API change. 2339 New Files: 2340 BuildTools/OS/IRIX64.6.5 2341 BuildTools/OS/UnixWare.5.i386 2342 cf/ostype/unixware7.m4 2343 contrib/smcontrol.pl 2344 src/control.c 2345 23468.9.1/8.9.1 1998/07/02 2347 If both an OS specific site configuration file and a generic 2348 site.config.m4 file existed, only the latter was used 2349 instead of both. Problem noted by Geir Johannessen of 2350 the Norwegian University of Science and Technology. 2351 Fix segmentation fault while converting 8 bit to 7 bit MIME 2352 multipart messages by trying to write to an unopened 2353 file descriptor. Fix from Kari Hurtta of the Finnish 2354 Meteorological Institute. 2355 Do not assume Message: and Text: headers indicate the end of 2356 the header area when parsing MIME headers. Problem noted 2357 by Kari Hurtta of the Finnish Meteorological Institute. 2358 Setting the confMAN#SRC Build variable would only effect the 2359 installation commands. The man pages would still be 2360 built with .0 extensions. Problem noted by Bryan 2361 Costales of InfoBeat, Inc. 2362 Installation of manual pages didn't honor the DESTDIR environment 2363 variable. Problem noted by Bryan Costales of InfoBeat, Inc. 2364 If the check_relay ruleset resolved to the discard mailer, messages 2365 were still delivered. Problem noted by Mirek Luc of NASK. 2366 Mail delivery to files would fail with an Operating System Error 2367 if sendmail was not running as root, i.e., RunAsUser was set. 2368 Problem noted by Leonard N. Zubkoff of Dandelion Digital. 2369 Prevent MinQueueAge from interfering from queued items created 2370 in the future, i.e., if the system clock was set ahead 2371 and then back. Problem noted by Michael Miller of the 2372 University of Natal, Pietermaritzburg. 2373 Do not advertise ETRN support in ESTMP EHLO reply if noetrn is 2374 set in the PrivacyOptions option. Fix from Ted Rule of 2375 Flextech TV. 2376 Log invalid persistent host status file lines instead of 2377 bouncing the message. Problem noted by David Lindes of 2378 DaveLtd Enterprises. 2379 Move creation of empty sendmail.st file from installation to 2380 compilation. Installation may be done from a read-only 2381 mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric 2382 Anderson of the Oasis Research Center, Inc. 2383 Enforce the maximum number of User Database entries limit. Problem 2384 noted by Gary Buchanan of Credence Systems Inc. 2385 Allow dead.letter files in root's home directory. Problem noted 2386 by Anna Ullman of Sun Microsystems. 2387 Program deliveries in forward files could be marked unsafe if 2388 any directory listed in the ForwardPath option did not 2389 exist. Problem noted by Jorg Bielak of Coastal Web Online. 2390 Do not trust the length of the address structure returned by 2391 gethostbyname(). Problem noted by Chris Evans of Oxford 2392 University. 2393 If the SIZE= MAIL From: ESMTP parameter is too large, use the 2394 5.3.4 DSN status code instead of 5.2.2. Similarly, for 2395 non-local deliveries, if the message is larger than the 2396 mailer maximum message size, use 5.3.4 instead of 5.2.3. 2397 Suggested by Antony Bowesman of 2398 Fujitsu/TeaWARE Mail/MIME System. 2399 Portability: 2400 Fix the check for an IP address reverse lookup for 2401 use in $&{client_name} on 64 bit platforms. 2402 From Gilles Gallot of Institut for Development 2403 and Resources in Intensive Scientific computing. 2404 BSD-OS uses .0 for man page extensions. From Jeff Polk 2405 of BSDI. 2406 DomainOS detection for Build. Also, version 10.4 and later 2407 ship a unistd.h. Fixes from Takanobu Ishimura of 2408 PICT Inc. 2409 NeXT 4.x uses /usr/lib/man/cat for its man pages. From 2410 J. P. McCann of E I A. 2411 SCO 4.X and 5.X include NDBM support. From Vlado Potisk 2412 of TEMPEST, Ltd. 2413 CONFIG: Do not pass spoofed PTR results through resolver for 2414 qualification. Problem noted by Michiel Boland of 2415 Digital Valley Internet Professionals; fix from 2416 Kari Hurtta of the Finnish Meteorological Institute. 2417 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP, 2418 BITNET, and DECNET addresses for resolvable senders. 2419 Problem noted by Alexander Litvin of Lucky Net Ltd. 2420 CONFIG: Work around Sun's broken configuration which sends bounce 2421 messages as coming from @@hostname instead of <>. LMTP 2422 would not accept @@hostname. 2423 OP.ME: Corrections to complex sendmail startup script from Rick 2424 Troxel of the National Institutes of Health. 2425 RMAIL: Do not install rmail by default, require 'make force-install' 2426 as this rmail isn't the same as others. Suggested by 2427 Kari Hurtta of the Finnish Meteorological Institute. 2428 New Files: 2429 BuildTools/OS/DomainOS.10.4 2430 24318.9.0/8.9.0 1998/05/19 2432 SECURITY: To prevent users from reading files not normally 2433 readable, sendmail will no longer open forward, :include:, 2434 class, ErrorHeader, or HelpFile files located in unsafe 2435 (i.e., group or world writable) directory paths. Sites 2436 which need the ability to override security can use the 2437 DontBlameSendmail option. See the README file for more 2438 information. 2439 SECURITY: Problems can occur on poorly managed systems, specifically, 2440 if maps or alias files are in world writable directories. 2441 This fixes the change added to 8.8.6 to prevent links in these 2442 world writable directories. 2443 SECURITY: Make sure ServiceSwitchFile option file is not a link if 2444 it is in a world writable directory. 2445 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the 2446 tty it may be able to push bytes back to the senders input. 2447 Unfortunately this breaks -v mode. Problem noted by 2448 Wietse Venema of the Global Security Analysis Lab at 2449 IBM T.J. Watson Research. 2450 SECURITY: Empty group list if DontInitGroups is set to true to 2451 prevent program deliveries from picking up extra group 2452 privileges. Problem reported by Wolfgang Ley of DFN-CERT. 2453 SECURITY: The default value for DefaultUser is now set to the uid and 2454 gid of the first existing user mailnull, sendmail, or daemon 2455 that has a non-zero uid. If none of these exist, sendmail 2456 reverts back to the old behavior of using uid 1 and gid 1. 2457 This is a security problem for Linux which has chosen that 2458 uid and gid for user bin instead of daemon. If DefaultUser 2459 is set in the configuration file, that value overrides this 2460 default. 2461 SECURITY: Since 8.8.7, the check for non-set-user-id binaries 2462 interfered with setting an alternate group id for the 2463 RunAsUser option. Problem noted by Randall Winchester of 2464 the University of Maryland. 2465 Add support for Berkeley DB 2.X. Based on patch from John Kennedy 2466 of Cal State University, Chico. 2467 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users 2468 which previously defined OLD_NEWDB=1 must now upgrade to the 2469 current version of Berkeley DB. 2470 Added support for regular expressions using the new map class regex. 2471 From Jan Krueger of Unix-AG of University of Hannover. 2472 Support for BIND 8.1.1's hesiod for hesiod maps and hesiod 2473 UserDatabases from Randall Winchester of the University 2474 of Maryland. 2475 Allow any shell for user shell on program deliveries on V1 2476 configurations for backwards compatibility on machines which 2477 do not have getusershell(). Fix from John Beck of Sun 2478 Microsystems. 2479 On operating systems which change the process title by reusing the 2480 argument vector memory, sendmail could corrupt memory if the 2481 last argument was either "-q" or "-d". Problem noted by 2482 Frank Langbein of the University of Stuttgart. 2483 Support Local Mail Transfer Protocol (LMTP) between sendmail and 2484 mail.local on the F=z flag. 2485 Macro-expand the contents of the ErrMsgFile. Previously this was 2486 only done if you had magic characters (0x81) to indicate 2487 macro expansion. Now $x will be expanded. This means that 2488 real dollar signs have to be backslash escaped. 2489 TCP Wrappers expects "unknown" in the hostname argument if the 2490 reverse DNS lookup for the incoming connection fails. 2491 Problem noted by Randy Grimshaw of Syracuse University and 2492 Wietse Venema of the Global Security Analysis Lab at 2493 IBM T.J. Watson Research. 2494 DSN success bounces generated from an invocation of sendmail -t 2495 would be sent to both the sender and MAILER-DAEMON. 2496 Problem noted by Claus Assmann of 2497 Christian-Albrechts-University of Kiel. 2498 Avoid "Error 0" messages on delivery mailers which exit with a 2499 valid exit value such as EX_NOPERM. Fix from Andreas Luik 2500 of ISA Informationssysteme GmbH. 2501 Tokenize $&x expansions on right hand side of rules. This eliminates 2502 the need to use tricks like $(dequote "" $&{client_name} $) 2503 to cause the ${client_name} macro to be properly tokenized. 2504 Add the MaxRecipientsPerMessage option: this limits the number of 2505 recipients that will be accepted in a single SMTP 2506 transaction. After this number is reached, sendmail 2507 starts returning "452 Too many recipients" to all RCPT 2508 commands. This can be used to limit the number of recipients 2509 per envelope (in particular, to discourage use of the server 2510 for spamming). Note: a better approach is to restrict 2511 relaying entirely. 2512 Fixed pointer initialization for LDAP lmap struct, fixed -s option 2513 to ldapx map and added timeout for ldap_open call to 2514 avoid hanging sendmail in the event of hung LDAP servers. 2515 Patch from Booker Bense of Stanford University. 2516 Allow multiple -qI, -qR, or -qS queue run limiters. For example, 2517 '-qRfoo -qRbar' would deliver mail to recipients with foo or 2518 bar in their address. Patch from Allan E Johannesen of 2519 Worcester Polytechnic Institute. 2520 The bestmx map will now return a list of the MX servers for a host if 2521 passed a column delimiter via the -z map flag. This can be 2522 used to check if the server is an MX server for the recipient 2523 of a message. This can be used to help prevent relaying. 2524 Patch from Mitchell Blank Jr of Exec-PC. 2525 Mark failures for the *file* mailer and return bounce messages to the 2526 sender for those failures. 2527 Prevent bogus syslog timestamps on errors in sendmail.cf by 2528 preserving the TZ environment variable until TimeZoneSpec 2529 has been determined. Problem noted by Ralf Hildebrandt of 2530 Technical University of Braunschweig. Patch from Per Hedeland 2531 of Ericsson. 2532 Print test input in address test mode when input is not from the tty 2533 when the -v flag is given (i.e., sendmail -bt -v) to make 2534 output easier to decipher. Problem noted by Aidan Nichol 2535 of Procter & Gamble. 2536 The LDAP map -s flag was not properly parsed and the error message 2537 given included the remainder of the arguments instead of 2538 solely the argument in error. Problem noted by Aidan Nichol 2539 of Procter & Gamble. 2540 New DontBlameSendmail option. This option allows administrators to 2541 bypass some of sendmail's file security checks at the expense 2542 of system security. This should only be used if you are 2543 absolutely sure you know the consequences. The available 2544 DontBlameSendmail options are: 2545 Safe 2546 AssumeSafeChown 2547 ClassFileInUnsafeDirPath 2548 ErrorHeaderInUnsafeDirPath 2549 GroupWritableDirPathSafe 2550 GroupWritableForwardFileSafe 2551 GroupWritableIncludeFileSafe 2552 GroupWritableAliasFile 2553 HelpFileinUnsafeDirPath 2554 WorldWritableAliasFile 2555 ForwardFileInGroupWritableDirPath 2556 IncludeFileInGroupWritableDirPath 2557 ForwardFileInUnsafeDirPath 2558 IncludeFileInUnsafeDirPath 2559 ForwardFileInUnsafeDirPathSafe 2560 IncludeFileInUnsafeDirPathSafe 2561 MapInUnsafeDirPath 2562 LinkedAliasFileInWritableDir 2563 LinkedClassFileInWritableDir 2564 LinkedForwardFileInWritableDir 2565 LinkedIncludeFileInWritableDir 2566 LinkedMapInWritableDir 2567 LinkedServiceSwitchFileInWritableDir 2568 FileDeliveryToHardLink 2569 FileDeliveryToSymLink 2570 WriteMapToHardLink 2571 WriteMapToSymLink 2572 WriteStatsToHardLink 2573 WriteStatsToSymLink 2574 RunProgramInUnsafeDirPath 2575 RunWritableProgram 2576 New DontProbeInterfaces option to turn off the inclusion of all the 2577 interface names in $=w on startup. In particular, if you 2578 have lots of virtual interfaces, this option will speed up 2579 startup. However, unless you make other arrangements, mail 2580 sent to those addresses will be bounced. 2581 Automatically create alias databases if they don't exist and 2582 AutoRebuildAliases is set. 2583 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command. 2584 Suggested by Christophe Wolfhugel of the Institut Pasteur. 2585 Add PrivacyOptions=noverb flag to disable the SMTP VERB command. 2586 When determining the client host name ($&{client_name} macro), do 2587 a forward (A) DNS lookup on the result of the PTR lookup 2588 and compare results. If they differ or if the PTR lookup 2589 fails, &{client_name} will contain the IP address 2590 surrounded by square brackets (e.g., [127.0.0.1]). 2591 New map flag: -Tx appends "x" to lookups that return temporary failure 2592 (i.e, it is like -ax for the temporary failure case, in 2593 contrast to the success case). 2594 New syntax to do limited checking of header syntax. A config line 2595 of the form: 2596 HHeader: $>Ruleset 2597 causes the indicated Ruleset to be invoked on the Header 2598 when read. This ruleset works like the check_* rulesets -- 2599 that is, it can reject mail on the basis of the contents. 2600 Limit the size of the HELO/EHLO parameter to prevent spammers 2601 from hiding their connection information in Received: 2602 headers. 2603 When SingleThreadDelivery is active, deliveries to locked hosts 2604 are skipped. This will cause the delivering process to 2605 try the next MX host or queue the message if no other MX 2606 hosts are available. Suggested by Alexander Litvin. 2607 The [FILE] mailer type now delivers to the file specified in the 2608 A= equate of the mailer definition instead of $u. It also 2609 obeys all of the F= mailer flags such as the MIME 2610 7/8 bit conversion flags. This is useful for defining 2611 a mailer which delivers to the same file regardless of the 2612 recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail). 2613 Do not assume the identity of a remote connection is root@localhost 2614 if the remote connection closes the socket before the 2615 remote identity can be queried. 2616 Change semantics of the F=S mailer flag back to 8.7.5 behavior. 2617 Some mailers, including procmail, require that the real 2618 uid is left unchanged by sendmail. Problem noted by Per 2619 Hedeland of Ericsson. 2620 No longer is the src/obj*/Makefile selected from a large list -- it 2621 is now generated using the information in BuildTools/OS/ -- 2622 some of the details are determined dynamically via 2623 BuildTools/bin/configure.sh. 2624 The other programs in the sendmail distribution -- mail.local, 2625 mailstats, makemap, praliases, rmail, and smrsh -- now use 2626 the new Build method which creates an operating system 2627 specific Makefile using the information in BuildTools. 2628 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e., 2629 a failure on one message won't affect future messages to the 2630 same host). This is necessary if the remote host sends 2631 a 451 error if the domain of the sender does not resolve 2632 as is common in anti-spam configurations. Problem noted 2633 by Mitchell Blank Jr of Exec-PC. 2634 New "discard" mailer for check_* rulesets and header checking 2635 rulesets. If one of the above rulesets resolves to the 2636 $#discard mailer, the commands will be accepted but the 2637 message will be completely discarded after it is accepting. 2638 This means that even if only one of the recipients 2639 resolves to the $#discard mailer, none of the recipients 2640 will receive the mail. Suggested by Brian Kantor. 2641 All but the last cloned envelope of a split envelope were queued 2642 instead of being delivered. Problem noted by John Caruso 2643 of CNET: The Computer Network. 2644 Fix deadlock situation in persistent host status file locking. 2645 Syslog an error if a user forward file could not be read due to 2646 an error. Patch from John Beck of Sun Microsystems. 2647 Use the first name returned on machine lookups when canonifying a 2648 hostname via NetInfo. Patch from Timm Wetzel of GWDG. 2649 Clear the $&{client_addr}, $&{client_name}, and $&{client_port} 2650 macros when delivering a bounce message to prevent 2651 rejection by a check_compat ruleset which uses these macros. 2652 Problem noted by Jens Hamisch of AgiX Internetservices GmbH. 2653 If the check_relay ruleset resolves to the the error mailer, the 2654 error in the $: portion of the resolved triplet is used 2655 in the rejection message given to the remote machine. 2656 Suggested by Scott Gifford of The Internet Ramp. 2657 Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros 2658 before calling the check_relay ruleset. Suggested by Scott 2659 Gifford of The Internet Ramp. 2660 Sendmail would get a segmentation fault if a mailer exited with an 2661 exit code of 79. Problem noted by Aaron Schrab of ExecPC 2662 Internet. Fix from Christophe Wolfhugel of the Pasteur 2663 Institute. 2664 Separate snprintf/vsnprintf routines into separate file for use by 2665 mail.local. 2666 Allow multiple map lookups on right hand side, e.g., 2667 R$* $( host $1 $) $| $( passwd $1 $). Patch from 2668 Christophe Wolfhugel of the Pasteur Institute. 2669 Properly generate success DSN messages if requested for aliases 2670 which have owner- aliases. Problem noted by Kari Hurtta 2671 of the Finnish Meteorological Institute. 2672 Properly display delayed-expansion macros ($&{macroname}) in 2673 address test mode (-bt). Problem noted by Bryan Costales 2674 of InfoBeat, Inc. 2675 -qR could sometimes match names incorrectly. Problem noted by 2676 Lutz Euler of Lavielle EDV Systemberatung GmbH & Co. 2677 Include a magic number and version in the StatusFile for the 2678 mailstats command. 2679 Record the number of rejected and discarded messages in the 2680 StatusFile for display by the mailstats command. Patch 2681 from Randall Winchester of the University of Maryland. 2682 IDENT returns where the OSTYPE field equals "OTHER" now list the 2683 user portion as IDENT:username@site instead of 2684 username@site to differentiate the two. Suggested by 2685 Kari Hurtta of the Finnish Meteorological Institute. 2686 Enforce timeout for LDAP queries. Patch from Per Hedeland of 2687 Ericsson. 2688 Change persistent host status filename substitution so '/' is 2689 replaced by ':' instead of '|' to avoid clashes. Also 2690 avoid clashes with hostnames with leading dots. Fix from 2691 Mitchell Blank Jr. of Exec-PC. 2692 If the system lock table is full, only attempt to create a new 2693 queue entry five times before giving up. Previously, it 2694 was attempted indefinitely which could cause the partition 2695 to run out of inodes. Problem noted by Suzie Weigand of 2696 Stratus Computer, Inc. 2697 In verbose mode, warn if the sendmail.cf version is less than the 2698 currently supported version. 2699 Sorting for QueueSortOrder=host is now case insensitive. Patch 2700 from Randall S. Winchester of the University of Maryland. 2701 Properly quote a full name passed via the -F command line option, 2702 the Full-Name: header, or the NAME environment variable if 2703 it contains characters which must be quoted. Problem noted 2704 by Kari Hurtta of the Finnish Meteorological Institute. 2705 Avoid possible race condition that unlocked a mail job before 2706 releasing the transcript file on systems that use flock(2). 2707 In some cases, this might result in a "Transcript Unavailable" 2708 message in error bounces. 2709 Accept SMTP replies which contain only a reply code and no 2710 accompanying text. Problem noted by Fernando Fraticelli of 2711 Digital Equipment Corporation. 2712 Portability: 2713 AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura 2714 of Kyoto University. 2715 AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from 2716 Randall S. Winchester of the University of 2717 Maryland. 2718 AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS. 2719 CRAY T3E from Manu Mahonen of Center for Scientific Computing 2720 in Finland. 2721 Digital UNIX now uses statvfs for determining free 2722 disk space. Patch from Randall S. Winchester of 2723 the University of Maryland. 2724 HP-UX 11.x from Richard Allen of Opin Kerfi HF and 2725 Regis McEwen of Progress Software Corporation. 2726 IRIX 64 bit fixes from Kari Hurtta of the Finnish 2727 Meteorological Institute. 2728 IRIX 6.2 configuration fix for mail.local from Michael Kyle 2729 of CIC/Advanced Computing Laboratory. 2730 IRIX 6.5 from Thomas H Jones II of SGI. 2731 IRIX 6.X load average code from Bob Mende of SGI. 2732 QNX from Glen McCready <glen@qnx.com>. 2733 SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links 2734 to sendmail. Install with group bin instead of kmem 2735 as kmem does not exist. From Guillermo Freige of 2736 Gobernacion de la Pcia de Buenos Aires and Paul 2737 Fischer of BTG, Inc. 2738 SunOS 4.X does not include memmove(). Patch from 2739 Per Hedeland of Ericsson. 2740 SunOS 5.7 includes getloadavg() function for determining 2741 load average. Patch from John Beck of Sun 2742 Microsystems. 2743 CONFIG: Increment version number of config file. 2744 CONFIG: add DATABASE_MAP_TYPE to set the default type of database 2745 map for the various maps. The default is hash. Patch from 2746 Robert Harker of Harker Systems. 2747 CONFIG: new confEBINDIR m4 variable for defining the executable 2748 directory for certain programs. 2749 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for 2750 local mail delivery. By the default, /usr/libexec/mail.local 2751 is used. This is expected to be the mail.local shipped 2752 with 8.9 which is LMTP capable. The path is based on the 2753 new confEBINDIR m4 variable. 2754 CONFIG: Use confEBINDIR in determining path to smrsh for 2755 FEATURE(smrsh). Note that this changes the default from 2756 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the 2757 old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh). 2758 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to 2759 include $z/.forward.$w+$h and $z/.forward+$h which allow 2760 the user to setup different .forward files for 2761 user+detail addressing. 2762 CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES, 2763 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage, 2764 DontProbeInterfaces, and DontBlameSendmail options. 2765 CONFIG: by default do not allow relaying (that is, accepting mail 2766 from outside your domain and sending it to another host 2767 outside your domain). 2768 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from 2769 any site to any site. 2770 CONFIG: new FEATURE(relay_entire_domain) allows any host in your 2771 domain as defined by the 'm' class ($=m) to relay. 2772 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on 2773 the MX records of the host portion of an incoming recipient. 2774 CONFIG: new FEATURE(access_db) which turns on the access database 2775 feature. This database gives you the ability to allow 2776 or refuse to accept mail from specified domains for 2777 administrative reasons. By default, names that are listed 2778 as "OK" in the access db are domain names, not host names. 2779 CONFIG: new confCR_FILE m4 variable for defining the name of the file 2780 used for class 'R'. Defaults to /etc/mail/relay-domains. 2781 CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file) 2782 to add items to class 'R' ($=R) for hosts allowed to relay. 2783 CONFIG: new FEATURE(relay_hosts_only) to change the behavior 2784 of FEATURE(access_db) and class 'R' to lookup individual 2785 host names only. 2786 CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient 2787 using % addressing is used, e.g. user%site@othersite, 2788 and othersite is in class 'R', the check_rcpt ruleset 2789 will strip @othersite and recheck user@site for relaying. 2790 This feature changes that behavior. It should not be 2791 needed for most installations. 2792 CONFIG: new FEATURE(relay_local_from) to allow relaying if the 2793 domain portion of the mail sender is a local host. This 2794 should only be used if absolutely necessary as it opens 2795 a window for spammers. Patch from Randall S. Winchester of 2796 the University of Maryland. 2797 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to 2798 block incoming mail destined for certain recipient 2799 usernames, hostnames, or addresses. 2800 CONFIG: By default, MAIL FROM: commands in the SMTP session will be 2801 refused if the host part of the argument to MAIL FROM: cannot 2802 be located in the host name service (e.g., DNS). 2803 CONFIG: new FEATURE(accept_unresolvable_domains) accepts 2804 unresolvable hostnames in MAIL FROM: SMTP commands. 2805 CONFIG: new FEATURE(accept_unqualified_senders) accepts 2806 MAIL FROM: senders which do not include a domain. 2807 CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the 2808 Realtime Blackhole List. You can specify the RBL name 2809 server to contact by specifying it as an optional argument. 2810 The default is rbl.maps.vix.com. For details, see 2811 http://maps.vix.com/rbl/. 2812 CONFIG: Call Local_check_relay, Local_check_mail, and 2813 Local_check_rcpt from check_relay, check_mail, and 2814 check_rcpt. Users with local rulesets should place the 2815 rules using LOCAL_RULESETS. If a Local_check_* ruleset 2816 returns $#OK, the message is accepted. If the ruleset 2817 returns a mailer, the appropriate action is taken, else 2818 the return of the ruleset is ignored. 2819 CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by 2820 default to support file, :include:, and program deliveries. 2821 CONFIG: Remove the default for confDEF_USER_ID so the binary can 2822 pick the proper default value. See the SECURITY note 2823 above for more information. 2824 CONFIG: FEATURE(nodns) now warns the user that the feature is a 2825 no-op. Patch from Kari Hurtta of the Finnish 2826 Meteorological Institute. 2827 CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to 2828 daemon since DEC's /bin/mail will drop the envelope 2829 sender if run as mailnull. See the Digital UNIX section 2830 of src/README for more information. Problem noted by 2831 Kari Hurtta of the Finnish Meteorological Institute. 2832 CONFIG: .cf files are now stored in the same directory with the 2833 .mc files instead of in the obj directory. 2834 CONFIG: New options confSINGLE_LINE_FROM_HEADER, 2835 confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for 2836 setting SingleLineFromHeader, AllowBogusHELO, and 2837 MustQuoteChars respectively. 2838 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This 2839 SMTP-like protocol allows detailed reporting of delivery 2840 status on a per-user basis. Code donated by John Myers of 2841 CMU (now of Netscape). 2842 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the 2843 University of Maryland. NOTE: mail.local is not 2844 compatible with the stock HP-UX mail format. Be sure to 2845 read mail.local/README. 2846 MAIL.LOCAL: Prevent other mail delivery agents from stealing a 2847 mailbox lock. Patch from Randall S. Winchester of the 2848 University of Maryland. 2849 MAIL.LOCAL: glibc portability from John Kennedy of Cal State 2850 University, Chico. 2851 MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish 2852 Meteorological Institute. 2853 MAILSTATS: Display the number of rejected and discarded messages 2854 in the StatusFile. Patch from Randall Winchester of the 2855 University of Maryland. 2856 MAKEMAP: New -s flag to ignore safety checks on database map files 2857 such as linked files in world writable directories. 2858 MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support. 2859 PRALIASES: Add support for Berkeley DB 2.X. 2860 PRALIASES: Do not automatically include NDBM support. Problem 2861 noted by Ralf Hildebrandt of the Technical University of 2862 Braunschweig. 2863 RMAIL: Improve portability for other platforms. Patches from 2864 Randall S. Winchester of the University of Maryland and 2865 Kari Hurtta of the Finnish Meteorological Institute. 2866 Changed Files: 2867 src/Makefiles/Makefile.* files have been modified to use 2868 the new build mechanism and are now BuildTools/OS/*. 2869 src/makesendmail changed to symbolic link to src/Build. 2870 New Files: 2871 BuildTools/M4/header.m4 2872 BuildTools/M4/depend/BSD.m4 2873 BuildTools/M4/depend/CC-M.m4 2874 BuildTools/M4/depend/NCR.m4 2875 BuildTools/M4/depend/Solaris.m4 2876 BuildTools/M4/depend/X11.m4 2877 BuildTools/M4/depend/generic.m4 2878 BuildTools/OS/AIX.4.2 2879 BuildTools/OS/AIX.4.x 2880 BuildTools/OS/CRAYT3E.2.0.x 2881 BuildTools/OS/HP-UX.11.x 2882 BuildTools/OS/IRIX.6.5 2883 BuildTools/OS/NEXTSTEP.4.x 2884 BuildTools/OS/NeXT.4.x 2885 BuildTools/OS/NetBSD.8.3 2886 BuildTools/OS/QNX 2887 BuildTools/OS/SunOS.5.7 2888 BuildTools/OS/dcosx.1.x.NILE 2889 BuildTools/README 2890 BuildTools/Site/README 2891 BuildTools/bin/Build 2892 BuildTools/bin/configure.sh 2893 BuildTools/bin/find_m4.sh 2894 BuildTools/bin/install.sh 2895 Makefile 2896 cf/cf/Build 2897 cf/cf/generic-hpux10.cf 2898 cf/feature/accept_unqualified_senders.m4 2899 cf/feature/accept_unresolvable_domains.m4 2900 cf/feature/access_db.m4 2901 cf/feature/blacklist_recipients.m4 2902 cf/feature/loose_relay_check.m4 2903 cf/feature/local_lmtp.m4 2904 cf/feature/promiscuous_relay.m4 2905 cf/feature/rbl.m4 2906 cf/feature/relay_based_on_MX.m4 2907 cf/feature/relay_entire_domain.m4 2908 cf/feature/relay_hosts_only.m4 2909 cf/feature/relay_local_from.m4 2910 cf/ostype/qnx.m4 2911 contrib/doublebounce.pl 2912 mail.local/Build 2913 mail.local/Makefile.m4 2914 mail.local/README 2915 mailstats/Build 2916 mailstats/Makefile.m4 2917 makemap/Build 2918 makemap/Makefile.m4 2919 praliases/Build 2920 praliases/Makefile.m4 2921 rmail/Build 2922 rmail/Makefile.m4 2923 rmail/rmail.0 2924 smrsh/Build 2925 smrsh/Makefile.m4 2926 src/Build 2927 src/Makefile.m4 2928 src/snprintf.c 2929 Deleted Files: 2930 cf/cf/Makefile (replaced by Makefile.dist) 2931 mail.local/Makefile 2932 mail.local/Makefile.dist 2933 mailstats/Makefile 2934 mailstats/Makefile.dist 2935 makemap/Makefile 2936 makemap/Makefile.dist 2937 praliases/Makefile 2938 praliases/Makefile.dist 2939 rmail/Makefile 2940 smrsh/Makefile 2941 smrsh/Makefile.dist 2942 src/Makefile 2943 src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2) 2944 src/Makefiles/Makefile.SMP_DC.OSx.NILE 2945 (renamed BuildTools/OS/dcosx.1.x.NILE) 2946 src/Makefiles/Makefile.Utah (obsolete platform) 2947 Renamed Files: 2948 READ_ME => README 2949 cf/cf/Makefile.dist => Makefile 2950 cf/cf/obj/* => cf/cf/* 2951 src/READ_ME => src/README 2952 29538.8.8/8.8.8 1997/10/24 2954 If the check_relay ruleset failed, the relay= field was logged 2955 incorrectly. Problem noted by Kari Hurtta of the Finnish 2956 Meteorological Institute. 2957 If /usr/tmp/dead.letter already existed, sendmail could not 2958 add additional bounces to it. Problem noted by Thomas J. 2959 Arseneault of SRI International. 2960 If an SMTP mailer used a non-standard port number for the outgoing 2961 connection, it would be displayed incorrectly in verbose mode. 2962 Problem noted by John Kennedy of Cal State University, Chico. 2963 Log the ETRN parameter specified by the client before altering them 2964 to internal form. Suggested by Bob Kupiec of GES-Verio. 2965 EXPN and VRFY SMTP commands on malformed addresses were logging as 2966 User unknown with bogus delay= values. Change them to log 2967 the same as compliant addresses. Problem noted by Kari E. 2968 Hurtta of the Finnish Meteorological Institute. 2969 Ignore the debug resolver option unless using sendmail debug trace 2970 option for resolver. Problem noted by Greg Nichols of Wind 2971 River Systems. 2972 If SingleThreadDelivery was enabled and the remote server returned a 2973 protocol error on the DATA command, the connection would be 2974 closed but the persistent host status file would not be 2975 unlocked so other sendmail processes could not deliver to 2976 that host. Problem noted by Peter Wemm of DIALix. 2977 If queueing up a message due to an expensive mailer, don't increment 2978 the number of delivery attempts or set the last delivery 2979 attempt time so the message will be delivered on the next 2980 queue run regardless of MinQueueAge. Problem noted by 2981 Brian J. Coan of the Institute for Global Communications. 2982 Authentication warnings of "Processed from queue _directory_" and 2983 "Processed by _username_ with -C _filename_" would be logged 2984 with the incorrect timestamp. Problem noted by Kari E. Hurtta 2985 of the Finnish Meteorological Institute. 2986 Use a better heuristic for detecting GDBM. 2987 Log null connections on dropped connections. Problem noted by 2988 Jon Lewis of Florida Digital Turnpike. 2989 If class dbm maps are rebuilt, sendmail will now detect this and 2990 reopen the map. Previously, they could give stale 2991 results during a single message processing (but would 2992 recover when the next message was received). Fix from 2993 Joe Pruett of Q7 Enterprises. 2994 Do not log failures such as "User unknown" on -bv or SMTP VRFY 2995 requests. Problem noted by Kari E. Hurtta of the 2996 Finnish Meteorological Institute. 2997 Do not send a bounce message back to the sender regarding bad 2998 recipients if the SMTP connection is dropped before the 2999 message is accepted. Problem noted by Kari E. Hurtta of the 3000 Finnish Meteorological Institute. 3001 Use "localhost" instead of "[UNIX: localhost]" when connecting to 3002 sendmail via a UNIX pipe. This will allow rulesets using 3003 $&{client_name} to process without sending the string through 3004 dequote. Problem noted by Alan Barrett of Internet Africa. 3005 A combination of deferred delivery mode, a double bounce situation, 3006 and the inability to save a bounce message to 3007 /var/tmp/dead.letter would cause sendmail to send a bounce 3008 to postmaster but not remove the offending envelope from the 3009 queue causing it to create a new bounce message each time the 3010 queue was run. Problem noted by Brad Doctor of Net Daemons 3011 Associates. 3012 Remove newlines from hostname information returned via DNS. There are 3013 no known security implications of newlines in hostnames as 3014 sendmail filters newlines in all vital areas; however, this 3015 could cause confusing error messages. 3016 Starting with sendmail 8.8.6, mail sent with the '-t' option would be 3017 rejected if any of the specified addresses were bad. This 3018 behavior was modified to only reject the bad addresses and not 3019 the entire message. Problem noted by Jozsef Hollosi of 3020 SuperNet, Inc. 3021 Use Timeout.fileopen when delivering mail to a file. Suggested by 3022 Bryan Costales of InfoBeat, Inc. 3023 Display the proper Final-Recipient on DSN messages for non-SMTP 3024 mailers. Problem noted by Kari E. Hurtta of the 3025 Finnish Meteorological Institute. 3026 An error in calculating the available space in the list of addresses 3027 for logging deliveries could cause an address to be silently 3028 dropped. 3029 Include the initial user environment if sendmail is restarted via 3030 a HUP signal. This will give room for the process title. 3031 Problem noted by Jon Lewis of Florida Digital Turnpike. 3032 Mail could be delivered without a body if the machine does not 3033 support flock locking and runs out of processes during 3034 delivery. Fix from Chuck Lever of the University of Michigan. 3035 Drop recipient address from 251 and 551 SMTP responses per RFC 821. 3036 Problem noted by Kari E. Hurtta of the Finnish Meteorological 3037 Institute. 3038 Make sure non-rebuildable database maps are opened before the 3039 rebuildable maps (i.e., alias files) in case the database maps 3040 are needed for verifying the left hand side of the aliases. 3041 Problem noted by Lloyd Parkes of Victoria University. 3042 Make sure sender RFC822 source route addresses are alias expanded for 3043 bounce messages. Problem noted by Juergen Georgi of 3044 RUS University of Stuttgart. 3045 Minor lint fixes. 3046 Return a temporary error instead of a permanent error if an LDAP map 3047 search returns an error. This will allow sequenced maps which 3048 use other LDAP servers to be checked. Fix from Booker Bense 3049 of Stanford University. 3050 When automatically converting from quoted printable to 8bit text do 3051 not pad bare linefeeds with a space. Problem noted by Theo 3052 Nolte of the University of Technology Aachen, Germany. 3053 Portability: 3054 Non-standard C compilers may have had a problem compiling 3055 conf.c due to a standard C external declaration of 3056 setproctitle(). Problem noted by Ted Roberts of 3057 Electronic Data Systems. 3058 AUX: has a broken O_EXCL implementation. Reported by Jim 3059 Jagielski of jaguNET Access Services. 3060 BSD/OS: didn't compile if HASSETUSERCONTEXT was defined. 3061 Digital UNIX: Digital UNIX (and possibly others) moves 3062 loader environment variables into the loader memory 3063 area. If one of these environment variables (such as 3064 LD_LIBRARY_PATH) was the last environment variable, 3065 an invalid memory address would be used by the process 3066 title routine causing memory corruption. Problem 3067 noted by Sam Hartman of Mesa Internet Systems. 3068 GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused 3069 chownsafe() to always return 0 even if the OS does 3070 not permit file giveaways. Problem noted by 3071 Yasutaka Sumi of The University of Tokyo. 3072 IRIX6: Syslog buffer size set to 512 bytes. Reported by 3073 Gerald Rinske of Siemens Business Services VAS. 3074 Linux: Pad process title with NULLs. Problem noted by 3075 Jon Lewis of Florida Digital Turnpike. 3076 SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an 3077 incorrect value for the number of interfaces. 3078 Problem noted by Chris Loelke of JetStream Internet 3079 Services. 3080 SINIX: Update for Makefile and syslog buffer size from Gerald 3081 Rinske of Siemens Business Services VAS. 3082 Solaris: Make sure HASGETUSERSHELL setting for SunOS is not 3083 used on a Solaris machine. Problem noted by 3084 Stephen Ma of Jtec Pty Limited. 3085 CONFIG: SINIX: Update from Gerald Rinske of Siemens Business 3086 Services VAS. 3087 MAKEMAP: Use a better heuristic for detecting GDBM. 3088 CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff. 3089 OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of 3090 Ericsson. 3091 30928.8.7/8.8.7 1997/08/03 3093 If using Berkeley DB on systems without O_EXLOCK (open a file with 3094 an exclusive lock already set -- i.e., almost all systems 3095 except 4.4-BSD derived systems), the initial attempt at 3096 rebuilding aliases file if the database didn't already 3097 exist would fail. Patch from Raymund Will of LST Software 3098 GmbH. 3099 Bogus incoming SMTP commands would reset the SMTP conversation. 3100 Problem noted by Fredrik J�nsson of the Royal Institute 3101 of Technology, Stockholm. 3102 Since TCP Wrappers includes setenv(), unsetenv(), and putenv(), 3103 some environments could give "multiple definitions" for these 3104 routines during compilation. If using TCP Wrappers, assume 3105 that these routines are included as though they were in the 3106 C library. Patch from Robert La Ferla. 3107 When a NEWDB database map was rebuilt at the same time it was being 3108 used by a queue run, the maps could be left locked for the 3109 duration of the queue run, causing other processes to hang. 3110 Problem noted by Kendall Libby of Shore.NET. 3111 In some cases, NoRecipientAction=add-bcc was being ignored, so the 3112 mail was passed on without any recipient header. This could 3113 cause problems downstream. Problem noted by Xander Jansen 3114 of SURFnet ExpertiseCentrum. 3115 Give error when GDBM is used with sendmail. GDBM's locking and 3116 linking of the .dir and .pag files interferes with sendmail's 3117 locking and security checks. Problems noted by Fyodor 3118 Yarochkin of the Kyrgyz Republic FreeNet. 3119 Don't fsync qf files if SuperSafe option is not set. 3120 Avoid extra calls to gethostbyname for addresses for which a 3121 gethostbyaddr found no value. Also, ignore any returns 3122 from gethostbyaddr that look like a dotted quad. 3123 If PTR lookup fails when looking up an SMTP peer, don't tag it as 3124 "may be forged", since at the network level we pretty much 3125 have to assume that the information is good. 3126 In some cases, errors during an SMTP session could leave files 3127 open or locked. 3128 Better handling of missing file descriptors (0, 1, 2) on startup. 3129 Better handling of non-set-user-id binaries -- avoids certain obnoxious 3130 errors during testing. 3131 Errors in file locking of NEWDB maps had the incorrect file name 3132 printed in the error message. 3133 If the AllowBogusHELO option were set and an EHLO with a bad or 3134 missing parameter were issued, the EHLO behaved like a HELO. 3135 Load limiting never kicked in for incoming SMTP transactions if the 3136 DeliveryMode=background and any recipient was an alias or 3137 had a .forward file. From Nik Conwell of Boston University. 3138 On some non-Posix systems, the decision of whether chown(2) permits 3139 file giveaway was undefined. From Tetsu Ushijima of the 3140 Tokyo Institute of Technology. 3141 Fix race condition that could cause the body of a message to be 3142 lost (so only the header was delivered). This only occurs 3143 on systems that do not use flock(2), and only when a queue 3144 runner runs during a critical section in another message 3145 delivery. Based on a patch from Steve Schweinhart of 3146 Results Computing. 3147 If a qf file was found in a mail queue directory that had a problem 3148 (wrong ownership, bad format, etc.) and the file name was 3149 exactly MAXQFNAME bytes long, then instead of being tried 3150 once, it would be tried on every queue run. Problem noted 3151 by Bryan Costales of Mercury Mail. 3152 If the system supports an st_gen field in the status structure, 3153 include it when reporting that a file has changed after open. 3154 This adds a new compile flag, HAS_ST_GEN (0/1 option). 3155 This out to be checked as well as reported, since it is 3156 theoretically possible for an attacker to remove a file after 3157 it is opened and replace it with another file that has the 3158 same i-number, but some filesystems (notably AFS) return 3159 garbage in this field, and hence always look like the file 3160 has changed. As a practical matter this is not a security 3161 problem, since the files can be neither hard nor soft links, 3162 and on no filesystem (that I am aware of) is it possible to 3163 have two files on the same filesystem with the same i-number 3164 simultaneously. 3165 Delete the root Makefile from the distribution -- it is only for 3166 use internally, and does not work at customer sites. 3167 Fix botch that caused the second MAIL FROM: command in a single 3168 transaction to clear the entire transaction. Problem 3169 noted by John Kennedy of Cal State University, Chico. 3170 Work properly on machines that have _PATH_VARTMP defined without 3171 a trailing slash. (And a pox on vendors that decide to 3172 ignore the established conventions!) Problem noted by 3173 Gregory Neil Shapiro of WPI. 3174 Internal changes to make it easier to add another protocol family 3175 (intended for IPv6). Patches are from John Kennedy of 3176 CSU Chico. 3177 In certain cases, 7->8 bit MIME decoding of Base64 text could leave 3178 an extra space at the beginning of some lines. Problem 3179 noted by Charles Karney of Princeton University; fix based 3180 on a patch from Christophe Wolfhugel. 3181 Portability: 3182 Allow _PATH_VENDOR_CF to be set in Makefile for consistency 3183 with the _Sendmail_ book, 2nd edition. Note that 3184 the book is actually wrong: _PATH_SENDMAILCF should 3185 be used instead. 3186 AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow 3187 of Argonne National Laboratory. 3188 OpenBSD from from Paul DuBois of the University of Wisconsin. 3189 RISC/os 4.0 from Paul DuBois of the University of Wisconsin. 3190 SunOS: Include <memory.h> to fix warning from util.c. From 3191 James Aldridge of EUnet Ltd. 3192 Solaris: Change STDIR (location of status file) to /etc/mail 3193 in Makefiles. 3194 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from 3195 Makefiles. Use NEWDB on Linux instead. 3196 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl 3197 exists but behaves differently than other OSes. 3198 Add SIOCGIFNUM_IS_BROKEN compile flag to get 3199 around the problem. Problem noted by Tom Moore of 3200 NCR Corp. 3201 HP-UX 9.x: fix compile warnings for old select API. Problem 3202 noted by Tom Smith of Digital Equipment Corp. 3203 UnixWare 2.x: compile warnings on offsetof macro. Problem 3204 noted by Tom Good of the Community Access Information 3205 Resource Network 3206 SCO 4.2: compile problems caused by a change in the type of 3207 the "length" parameters passed to accept, getpeername, 3208 getsockname, and getsockopt. Adds new compile flags 3209 SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported 3210 by Tom Good of St. Vincent's North Richmond Community 3211 Mental Health Center Residential Services. 3212 AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. 3213 Suggested by Brett Hogden of Rochester Gas & Electric 3214 Corp. 3215 Linux: avoid compile problem for versions of <setjmp.h> that 3216 #define both setjmp and longjmp. Problem pointed out 3217 by J.R. Oldroyd of TerraNet. 3218 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1) 3219 from Christopher Durham of SCO. 3220 CONFIG: NEXTSTEP: define confCW_FILE to 3221 /etc/sendmail/sendmail.cw to match the usual 3222 configuration. Patch from Dennis Glatting of 3223 PlainTalk. 3224 CONFIG: MAILER(fax) called a program that hasn't existed for a long 3225 time. Convert to use the HylaFAX 4.0 conventions. Suggested 3226 by Harry Styron. 3227 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These 3228 are the rulesets in use on sendmail.org. 3229 MAKEMAP: give error on GDBM files. 3230 MAIL.LOCAL: Make error messages a bit more explicit, for example, 3231 telling more details on what actually changed when "file 3232 changed after open". 3233 CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw 3234 files. 3235 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'. 3236 NEW FILES: 3237 src/Makefiles/Makefile.OpenBSD 3238 src/Makefiles/Makefile.RISCos.4_0 3239 test/t_exclopen.c 3240 cf/ostype/sco-uw-2.1.m4 3241 DELETED FILES: 3242 Makefile 3243 32448.8.6/8.8.6 1997/06/14 3245 ************************************************************* 3246 * The extensive assistance of Gregory Neil Shapiro of WPI * 3247 * in preparing this release is gratefully appreciated. * 3248 * Sun Microsystems has also provided resources toward * 3249 * continued sendmail development. * 3250 ************************************************************* 3251 SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open 3252 mode bits set to create a file that is a symbolic link that 3253 points nowhere. This makes it possible to create a root 3254 owned file in an arbitrary directory by inserting the symlink 3255 into a writable directory after the initial lstat(2) check 3256 determined that the file did not exist. The only verified 3257 example of a system having these odd semantics for O_EXCL 3258 and symbolic links was HP-UX prior to version 9.07. Most 3259 systems do not have the problem, since a exclusive create 3260 of a file disallows symbolic links. Systems that have been 3261 verified to NOT have the problem include AIX 3.x, *BSD, 3262 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris, 3263 and Ultrix. This is a potential exposure on systems that 3264 have this bug and which do not have a MAILER-DAEMON alias 3265 pointing at a legitimate account, since this will cause old 3266 mail to be dropped in /var/tmp/dead.letter. 3267 SECURITY: Problems can occur on poorly managed systems, specifically, 3268 if maps or alias files are in world writable directories. 3269 If your system has alias maps in writable directories, it 3270 is potentially possible for an attacker to replace the .db 3271 (or .dir and .pag) files by symbolic links pointing at 3272 another database; this can be used either to expose 3273 information (e.g., by pointing an alias file at /etc/spwd.db 3274 and probing for accounts), or as a denial-of-service attack 3275 (by trashing the password database). The fix disallows 3276 symbolic links entirely when rebuilding alias files or on 3277 maps that are in writable directories, and always warns on 3278 writable directories; 8.9 will probably consider writable 3279 directories to be fatal errors. This does not represent an 3280 exposure on systems that have alias files in unwritable 3281 system directories. 3282 SECURITY: disallow .forward or :include: files that are links (hard 3283 or soft) if the parent directory (or any directory in the 3284 path) is writable by anyone other than the owner. This is 3285 similar to the previous case for user files. This change 3286 should not affect most systems, but is necessary to prevent 3287 an attacker who can write the directory from pointing such 3288 files at other files that are readable only by the owner. 3289 SECURITY: Tighten safechown rules: many systems will say that they 3290 have a safe (restricted to root) chown even on files that 3291 are mounted from another system that allows owners to give 3292 away files. The new rules are very strict, trusting file 3293 ownership only in those few cases where the system has 3294 been verified to be at least as paranoid as necessary. 3295 However, it is possible to relax the rules to partially 3296 trust the ownership if the directory path is not world or 3297 group writable. This might allow someone who has a legitimate 3298 :include: file (referenced directly from /etc/aliases) to 3299 become another non-root user if the :include: file is in a 3300 non-writable directory on an NFS-mounted filesystem where 3301 the local system says that giveaway is denied but it is 3302 actually permitted. I believe this to be a very small set 3303 of cases. If in doubt, do not point :include: aliases at 3304 NFS-mounted filesystems. 3305 SECURITY: When setting a numeric group id using the RunAsUser option 3306 (e.g., "O RunAsUser=10:20", the group id would not be set. 3307 Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha 3308 group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine. 3309 The user id was still set properly. Problem noted by Uli 3310 Pralle of the Technical University of Berlin. 3311 Save the initial gid set for use when checking for if the 3312 PrivacyOptions=restrictmailq option is set. Problem reported 3313 by Wolfgang Ley of DFN-CERT. 3314 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a 3315 failure on one message won't affect future messages to the 3316 same host). 3317 IP source route printing had an "off by one" error that would 3318 affect any options that came after the route option. Patch 3319 from Theo de Raadt. 3320 The "Message is too large" error didn't successfully bounce the error 3321 back to the sender. Problem reported by Stephen More of 3322 PSI; patch from Gregory Neil Shapiro of WPI. 3323 Change SMTP status code 553 to map into Extended code 5.1.0 (instead 3324 of 5.1.3); it apparently gets used in multiple ways. 3325 Suggested by John Myers of Portola Communications. 3326 Fix possible extra null byte generated during collection if errors 3327 occur at the beginning of the stream. Patch contributed by 3328 Andrey A. Chernov and Gregory Neil Shapiro. 3329 Code changes to avoid possible reentrant call of malloc/free within 3330 a signal handler. Problem noted by John Beck of Sun 3331 Microsystems. 3332 Move map initialization to be earlier so that check_relay ruleset 3333 will have the latest version of the map data. Problem noted 3334 by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro. 3335 If there are fatal errors during the collection phase (e.g., message 3336 too large) don't send the bogus message. 3337 Avoid "cannot open xfAAA00000" messages when sending to aliases that 3338 have errors and have owner- aliases. Problem noted by Michael 3339 Barber of MTU; fix from Gregory Neil Shapiro of WPI. 3340 Avoid null pointer dereference on illegal Boundary= parameters in 3341 multipart/mixed Content-Type: header. Problem noted by 3342 Richard Muirden of RMIT University. 3343 Always print error messages during newaliases (-bi) even if the 3344 ErrorMode is not set to "print". Fix from Gregory Neil 3345 Shapiro. 3346 Test mode could core dump if you did a /map lookup in an optional map 3347 that could not be opened. Based on a fix from John Beck of 3348 Sun Microsystems. 3349 If DNS is misconfigured so that the last MX record tried points to 3350 a host that does not have an A record, but other MX records 3351 pointed to something reasonable, don't bounce the message 3352 with a "host unknown" error. Note that this should really 3353 be fixed in the zone file for the domain. Problem noted by 3354 Joe Rhett of Navigist, Inc. 3355 If a map fails (e.g., DNS times out) on all recipient addresses, mark 3356 the message as having been tried; otherwise the next queue 3357 run will not realize that this is a second attempt and will 3358 retry immediately. Problem noted by Bryan Costales of 3359 Mercury Mail. 3360 If the clock is set backwards, and a MinQueueAge is set, no jobs 3361 will be run until the later setting of the clock is reached. 3362 "Problem" (I use the term loosely) noted by Eric Hagberg of 3363 Morgan Stanley. 3364 If the load average rises above the cutoff threshold (above which 3365 sendmail will not process the queue at all) during a queue 3366 run, abort the queue run immediately. Problem noted by 3367 Bryan Costales of Mercury Mail. 3368 The variable queue processing algorithm (based on the message size, 3369 number of recipients, message precedence, and job age) was 3370 non-functional -- either the entire queue was processed or 3371 none of the queue was processed. The updated algorithm 3372 does no queue run if a single recipient zero size job will 3373 not be run. 3374 If there is a fatal ("panic") message that will cause sendmail to 3375 die immediately, never hold the error message for future 3376 printing. 3377 Force ErrorMode=print in -bt mode so that all errors are printed 3378 regardless of the setting of the ErrorMode option in the 3379 configuration file. Patch from Gregory Neil Shapiro. 3380 New compile flag HASSTRERROR says that this OS has the strerror(3) 3381 routine available in one of the libraries. Use it in conf.h. 3382 The -m (match only) flag now works on host class maps. 3383 If class hash or btree maps are rebuilt, sendmail will now detect 3384 this and reopen the map. Previously, they could give 3385 erroneous results during a single message processing 3386 (but would recover when the next message was received). 3387 Don't delete zero length queue files when doing queue runs until the 3388 files are at least ten minutes old. This avoids a potential 3389 race condition: the creator creates the qf file, getting back 3390 a file descriptor. The queue runner locks it and deletes it 3391 because it is zero length. The creator then writes the 3392 descriptor that is now for a disconnected file, and the 3393 job goes away. Based on a suggestion by Bryan Costales. 3394 When determining the "validated" host name ($_ macro), do a forward 3395 (A) DNS lookup on the result of the PTR lookup and compare 3396 results. If they differ or if the PTR lookup fails, tag the 3397 address as "may be forged". 3398 Log null connections (i.e., hosts that connect but do not do any 3399 substantive activity on the connection before disconnecting; 3400 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN. 3401 Always permit "writes" to /dev/null regardless of the link count. 3402 This is safe because /dev/null is special cased, and no open 3403 or write is ever actually attempted. Patch from Villy Kruse 3404 of TwinCom. 3405 If a message cannot be sent because of a 552 (exceeded storage 3406 allocation) response to the MAIL FROM:<>, and a SIZE= parameter 3407 was given, don't return the body in the bounce, since there 3408 is a very good chance that the message will double-bounce. 3409 Fix possible line truncation if a quoted-printable had an =00 escape 3410 in the body. Problem noted by Charles Karney of the Princeton 3411 Plasma Physics Laboratory. 3412 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses. 3413 Problem noted by Kari Hurtta of the Finnish Meteorological 3414 Institute. 3415 The MaxDaemonChildren option wasn't applying to queue runs as 3416 documented. Note that this increases the potential denial 3417 of service problems with this option: an attacker can 3418 connect many times, and thereby lock out queue runs as well 3419 as incoming connections. If you use this option, you should 3420 run the "sendmail -bd" and "sendmail -q30m" jobs separately 3421 to avoid this attack. Failure to limit noted by Matthew 3422 Dillon of BEST Internet Communications. 3423 Always give a message in newaliases if alias files cannot be 3424 opened instead of failing silently. Suggested by Gregory 3425 Neil Shapiro. This change makes the code match the O'Reilly 3426 book (2nd edition). 3427 Some older versions of the resolver could return with h_errno == -1 3428 if no name server could be reached, causing mail to bounce 3429 instead of queueing. Treat this like TRY_AGAIN. Fix from 3430 John Beck of SunSoft. 3431 If a :include: file is owned by a user that does not have an entry 3432 in the passwd file, sendmail could dereference a null pointer. 3433 Problem noted by Satish Mynam of Sun Microsystems. 3434 Take precautions to make sure that the SMTP protocol cannot get out 3435 of sync if (for example) an alias file cannot be opened. 3436 Fix a possible race condition that can cause a SIGALRM to come in 3437 immediately after a SIGHUP, causing the new sendmail to die. 3438 Avoid possible hang on SVr3 systems when doing child reaping. Patch 3439 from Villy Kruse of TwinCom. 3440 Ignore improperly formatted SMTP reply codes. Previously these were 3441 partially processed, which could cause confusing error 3442 returns. 3443 Fix possible bogus pointer dereference when doing ldapx map lookups 3444 on some architectures. 3445 Portability: 3446 A/UX: from Jim Jagielski of NASA/GSFC. 3447 glibc: SOCK_STREAM was changed from a #define to an enum, 3448 thus breaking #ifdef SOCK_STREAM. Only option seems 3449 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is 3450 defined. Problem reported by A Sun of the University 3451 of Washington. 3452 Solaris: use SIOCGIFNUM to get the number of interfaces on 3453 the system rather than guessing at compile time. 3454 Patch contributed by John Beck of Sun Microsystems. 3455 Intel Paragon: from Wendy Lin of Purdue University. 3456 GNU Hurd: from Miles Bader of the GNU project. 3457 RISC/os 4.50 from Harlan Stenn of PFCS Corporation. 3458 ISC Unix: wait never returns if SIGCLD signals are blocked. 3459 Unfortunately releasing them opens a race condition, 3460 but there appears to be no fix for this. Patch from 3461 Gregory Neil Shapiro. 3462 BIND 8.1 for IPv6 compatibility from John Kennedy. 3463 Solaris: a bug in strcasecmp caused characters with the 3464 high order bit set to apparently randomly match 3465 letters -- for example, $| (0233) matches "i" and "I". 3466 Problem noted by John Gregson of the University of 3467 Cambridge. 3468 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From 3469 Kari Hurtta. 3470 IRIX 6.x: Create Makefiles for systems that claim to be 3471 IRIX64 but are 6.2 or higher (so use the regular 3472 IRIX Makefile). 3473 IRIX 6.x: Fix load average computation on 64 bit kernels. 3474 Problem noted by Eric Hagberg of Morgan Stanley. 3475 CONFIG: Some canonification was still done for UUCP-like addresses 3476 even if FEATURE(nocanonify) was set. Problem pointed out by 3477 Brian Candler. 3478 CONFIG: In some cases UUCP mailers wouldn't properly recognize all 3479 local names as local. Problem noted by Jeff Polk of BSDI; 3480 fix provided by Gregory Neil Shapiro. 3481 CONFIG: The "local:user" syntax entries in mailertables and other 3482 "mailer:user" syntax locations returned an incorrect value 3483 for the $h macro. Problem noted by Gregory Neil Shapiro. 3484 CONFIG: Retain "+detail" information when forwarding mail to a 3485 MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip 3486 Guenther of Gustavus Adolphus College. 3487 CONFIG: Make sure user+detail works for FEATURE(virtusertable); 3488 rules are the same as for aliasing. Based on a patch from 3489 Gregory Neil Shapiro. 3490 CONFIG: Break up parsing rules into several pieces; this should 3491 have no functional change in this release, but makes it 3492 possible to have better anti-spam rulesets in the future. 3493 CONFIG: Disallow double dots in host names to avoid having the 3494 HostStatusDirectory store status under the wrong name. 3495 In some cases this can be used as a denial-of-service attack. 3496 Problem noted by Ron Jarrell of Virginia Tech, patch from 3497 Gregory Neil Shapiro. 3498 CONFIG: Don't use F=m (multiple recipients per invocation) for 3499 MAILER(procmail), but do pass F=Pn9 (include Return-Path:, 3500 don't include From_, and convert to 8-bit). Suggestions 3501 from Kimmo Suominen and Roderick Schertler. 3502 CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were 3503 being masqueraded as though FEATURE(masquerade_entire_domain) 3504 was specified, even when it wasn't. 3505 MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft. 3506 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't 3507 "slip in" a symbolic link between the lstat(2) call and the 3508 exclusive open. This is only a problem on System V derived 3509 systems that allow an exclusive create on files that are 3510 symbolic links pointing nowhere. 3511 MAIL.LOCAL: If the final mailbox close() failed, the user id was 3512 not reset back to root, which on some systems would cause 3513 later mailboxes to fail. Also, any partial message would 3514 not be truncated, which could result in repeated deliveries. 3515 Problem noted by Bruce Evans via Peter Wemm (FreeBSD 3516 developers). 3517 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar 3518 change to the sendmail map code was made in 8.8.3. Problem 3519 noted by Gregory Neil Shapiro. 3520 MAKEMAP: Give warnings on file problems such as map files that are 3521 symbolic links; although makemap is not set-user-id root, it is 3522 often run as root and hence has the potential for the same 3523 sorts of problems as alias rebuilds. 3524 MAKEMAP: Change compilation so that it will link properly on 3525 NEXTSTEP. 3526 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. 3527 Accept an optional list of arguments following the server 3528 name for the ETRN arguments to use (instead of $=w). Other 3529 miscellaneous bug fixes. From Christian von Roques via 3530 John Beck of Sun Microsystems. 3531 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This 3532 Perl script converts GECOS information in the /etc/passwd 3533 file into aliases, allowing for faster access to full name 3534 lookups; it is also clever about adding aliases (to root) 3535 for system accounts. 3536 NEW FILES: 3537 src/safefile.c 3538 cf/ostype/gnuhurd.m4 3539 cf/ostype/irix6.m4 3540 contrib/passwd-to-alias.pl 3541 src/Makefiles/Makefile.IRIX64.6.1 3542 src/Makefiles/Makefile.IRIX64.6.x 3543 RENAMED FILES: 3544 src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x 3545 src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0 3546 35478.8.5/8.8.5 1997/01/21 3548 SECURITY: Clear out group list during startup. Without this, sendmail 3549 will continue to run with the group permissions of the caller, 3550 even if RunAsUser is specified. 3551 SECURITY: Make purgestat (-bH) be root-only. This is not in response 3552 to any known attack, but it's best to be conservative. 3553 Suggested by Peter Wemm of DIALix. 3554 SECURITY: Fix buffer overrun problem in MIME code that has possible 3555 security implications. Patch from Alex Garthwaite of the 3556 University of Pennsylvania. 3557 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'") 3558 would truncate the address after "Full". Although the -f 3559 syntax is incorrect (since it is in the envelope, it 3560 shouldn't have comments and full names), the failure mode 3561 was unnecessarily awful. 3562 Fix a possible null pointer dereference when converting 8-bit data 3563 to a 7-bit format. Problem noted by Jim Hutchins of 3564 Sandia National Labs and David James of British Telecom. 3565 Clear out stale state that affected F=9 on SMTP mailers in queue 3566 runs. Although this really shouldn't be used (F=9 is for 3567 final delivery only, and using it on an SMTP mailer makes 3568 it possible for a message to be converted from 8->7->8->7 3569 bits several times), it shouldn't have failed with a syserr. 3570 Problem noted by Eric Hagberg of Morgan Stanley. 3571 _Really_ fix the multiple :maildrop code in the user database 3572 module. Patch from Roy Mongiovi of Georgia Tech. 3573 Let F lines in the configuration file actually read root-only 3574 files if the configuration file is safe. Based on a 3575 patch from Keith Reynolds of SCO. 3576 ETRN followed by QUIT would hold the connection open until the queue 3577 run completed. Problem noted by Truck Lewis of TDK 3578 Semiconductor Corp. 3579 It turns out that despite the documentation, the TCP wrappers library 3580 does _not_ log rejected connections. Do the logging ourselves. 3581 Problem noted by Fletcher Mattox of the University of Texas 3582 at Austin. 3583 If sendmail finds a qf file in its queue directory that is an unknown 3584 version (e.g., when backing out to an old version), the 3585 error is reported on every queue run. Change it to only 3586 give the error once (and rename the qf => Qf). Patch from 3587 William A. Gianopoulos of Raytheon Company. 3588 Start a new session when doing background delivery; currently it 3589 ignored signals but didn't start a new signal, that caused 3590 some problems if a background process tried to send mail 3591 under certain circumstances. Problem noted by Eric Hagberg 3592 of Morgan Stanley; fix from Kari Hurtta. 3593 Simplify test for skipping a queue run to just check if the current 3594 load average is >= the queueing load average. Previously 3595 the check factored in some other parameters that caused it 3596 to essentially never skip the queue run. Patch from Bryan 3597 Costales. 3598 If the SMTP server is running in "nullserver" mode (that is, it is 3599 rejecting all commands), start sleeping after MAXBADCOMMAND 3600 (25) commands; this helps prevent a bad guy from putting 3601 you into a tight loop as a denial-of-service attack. Based 3602 on an e-mail conversation with Brad Knowles of AOL. 3603 Slow down when too many "light weight" commands have been issued; 3604 this helps prevent a class of denial-of-service attacks. 3605 The current values and defaults are: 3606 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 3607 MAXHELOCOMMANDS 3 HELO, EHLO 3608 MAXVRFYCOMMANDS 6 VRFY, EXPN 3609 MAXETRNCOMMANDS 8 ETRN 3610 These will probably be configurable in a future release. 3611 On systems that have uid_t typedefed to be an unsigned short, programs 3612 that had the F=S flag and no U= equate would be invoked with 3613 the real uid set to 65535 rather than being left unchanged. 3614 In some cases, NOTIFY=NEVER was not being honored. Problem noted 3615 by Steve Hubert of the University of Washington, Seattle. 3616 Mail that was Quoted-Printable encoded and had a soft line break on 3617 the last line (i.e., an incomplete continuation) had the last 3618 line dropped. Since this appears to be illegal it isn't 3619 clear what to do with it, but flushing the last line seems 3620 to be a better "fail soft" approach. Based on a patch from 3621 Eric Hagberg. 3622 If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a 3623 bogus HELO command still causes the "Polite people say HELO 3624 first" error message. Problem pointed out by Chris Thomas 3625 of UCLA; patch from John Beck of SunSoft. 3626 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set 3627 in PrivacyOptions. The -q shouldn't turn this command off. 3628 Problem noted by Murray Kucherawy of Pacific Bell Internet; 3629 based on a patch from Gregory Neil Shapiro of WPI. 3630 Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation) 3631 in a DATA transaction to be sticky; these can occur because 3632 a message is too large, and smaller messages should still go 3633 through. Problem noted by Matt Dillon of Best Internet 3634 Communications. 3635 In some cases bounces were saved in /var/tmp/dead.letter even if they 3636 had been successfully delivered to the envelope sender. 3637 Problem noted Eric Hagberg of Morgan Stanley; solution from 3638 Gregory Neil Shapiro of WPI. 3639 Give better diagnostics on long alias lines. Based on code contributed 3640 by Patrick Gosling of the University of Cambridge. 3641 Increase the number of virtual interfaces that will be probed for 3642 alternate names. Problem noted by Amy Rich of Shore.Net. 3643 PORTABILITY: 3644 UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from 3645 Toshiaki Nomura of Fujitsu Limited. 3646 SunOS with LDAP support: compile problems with struct timeval. 3647 Patch from Nick Cuccia of TCSI Corporation. 3648 SCO: from Keith Reynolds of SCO. 3649 Solaris: kstat load average computation wasn't being used. 3650 Fixes from Michael Ju. Tokarev of Telecom Service, JSC 3651 (Moscow). 3652 OpenBSD: from Jason Downs of teeny.org. 3653 Altos System V: from Tim Rice. 3654 Solaris 2.5: from Alan Perry of SunSoft. 3655 Solaris 2.6: from John Beck of SunSoft. 3656 Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli 3657 of Pratt & Whitney <miorelli@pweh.com>. 3658 CONFIG: It seems that I hadn't gotten the Received: line syntax 3659 _just_right_ yet. Tweak it again. I'll omit the names 3660 of the "contributors" (quantity two) in this one case. 3661 As of now, NO MORE DISCUSSION about the syntax of the 3662 Received: line. 3663 CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E), 3664 it never inserts that class into the output file. Fix it 3665 so it will honor EXPOSED_USER but will _not_ include root 3666 automatically in this class. Problem noted by Ronan KERYELL 3667 of Centre de Recherche en Informatique de l'�cole Nationale 3668 Sup�rieure des Mines de Paris (CRI-ENSMP). 3669 CONFIG: Clean up handling of "local:" syntax in relay specifications 3670 such as LUSER_RELAY. This change permits the following 3671 syntaxes: ``local:'' will send to the same user on the 3672 local machine (e.g., in a mailertable entry for "host", 3673 ``local:'' will cause an address addressed to user@host to 3674 go to user on the local machone). ``local:user'' will send 3675 to the named user on the local machine. ``local:user@host'' 3676 is equivalent to ``local:user'' (the host is ignored). In 3677 all cases, the original user@host is passed in $@ (i.e., the 3678 detail information). Inspired by a report from Michael Fuhr. 3679 CONFIG: Strip quotes from the first word of an "error:" host 3680 indication. This lets you set (for example) the LUSER_RELAY 3681 to be ``error:\"5.1.1\" Your Message Here''. Note the use 3682 of the \" so that the resulting string is properly quoted. 3683 Problem noted by Gregory Neil Shapiro of WPI. 3684 OP.ME: documentation was inconsistent about whether sendmail did a 3685 NOOP or a RSET to probe the connection (it does a RSET). 3686 Inconsistency noted by Deeran Peethamparam. 3687 OP.ME: insert additional blank pages so it will print properly on 3688 a duplex printer. From Matthew Black of Cal State University, 3689 Long Beach. 3690 36918.8.4/8.8.4 1996/12/02 3692 SECURITY: under some circumstances, an attacker could get additional 3693 permissions by hard linking to files that were group 3694 writable by the attacker. The solution is to disallow any 3695 files that have hard links -- this will affect .forward, 3696 :include:, and output files. Problem noted by Terry 3697 Kyriacopoulos of Interlog Internet Services. As a 3698 workaround, set UnsafeGroupWrites -- always a good idea. 3699 SECURITY: the TryNullMXList (w) option should not be safe -- if it 3700 is, it is possible to do a denial-of-service attack on 3701 MX hosts that rely on the use of the null MX list. There 3702 is no danger if you have this option turned off (the default). 3703 Problem noted by Dan Bernstein. Also, make the DontInitGroups 3704 unsafe. I know of no specific attack against this, although 3705 a denial-of-service attack is probably possible, but in theory 3706 you should not be able to safely tweak anything that affects 3707 the permissions that are used when mail is delivered. 3708 Purgestat could go into an infinite loop if one of the host status 3709 directories somehow became empty. Problem noted by Roy 3710 Mongiovi of Georgia Tech. 3711 Processes got "lost" when counting children due to a race condition. 3712 This caused "proc_list_probe: lost pid" messages to be logged. 3713 Problem noted by several people. 3714 On systems with System V SIGCLD child signal semantics (notably AIX 3715 and HP-UX), mail transactions would print the message "451 3716 SMTP-MAIL: lost child: No child processes". Problem noted 3717 by several people. 3718 Miscellaneous compiler warnings on picky compilers (or when setting 3719 gcc to high warning levels). From Tom Moore of NCR Corp. 3720 SMTP protocol errors, and most errors on MAIL FROM: lines should 3721 not be persistent between runs, since they are based on the 3722 message rather than the host. Problem noted by Matt Dillon 3723 of Best Internet Communications. 3724 The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore 3725 of NCR (a.k.a., AT&T Global Information Solutions). 3726 Avoid the possibility of having a child daemon run to completion 3727 (including closing the SMTP socket) before the parent has 3728 had a chance to close the socket; this can cause the parent 3729 to hang for a long time waiting for the socket to drain. 3730 Patch from Don Lewis of TDK Semiconductor. 3731 If the fork() failed in a queue run, the queue runners would not be 3732 rescheduled (so queue runs would stop). Patch from Don Lewis. 3733 Some error conditions in ETRN could cause output without an SMTP 3734 status code. Problem noted by Don Lewis. 3735 Multiple :maildrop addresses in the user database didn't work properly. 3736 Patch from Roy Mongiovi of Georgia Tech. 3737 Add ".db" automatically onto any user database spec that does not 3738 already have it; this is for consistency with makemap, the 3739 K line, and the documentation. Inconsistency pointed out 3740 by Roy Mongiovi. 3741 Allow sendmail to be properly called in nohup mode. Patch from 3742 Kyle Jones of UUNET. 3743 Change ETRN to ignore but still update host status files; previously 3744 it would ignore them and not save the updated status, which 3745 caused stale information to be maintained. Based on a patch 3746 from Christopher Davis of Kapor Enterprises Inc. Also, have 3747 ETRN ignore the MinQueueAge option. 3748 Patch long term host status to recover more gracefully from an empty 3749 host status file condition. Patch from NAKAMURA Motonori 3750 of Kyoto University. 3751 Several patches to signal handling code to fix potential race 3752 conditions from Don Lewis. 3753 Make it possible to compile with -DDAEMON=0 (previously it had some 3754 compile errors). This turns DAEMON, QUEUE, and SMTP into 3755 0/1 compilation flags. Note that DAEMON is an obsolete 3756 compile flag; use NETINET instead. Solution based on a 3757 patch from Bryan Costales. 3758 PORTABILITY FIXES: 3759 AIX4: getpwnam() and getpwuid() do a sequential scan of the 3760 /etc/security/passwd file when called as root. This 3761 is very slow on some systems. To speed it up, use the 3762 (undocumented) _getpw{nam,uid}_shadow() routines. 3763 Patch from Chris Thomas of UCLA/OAC Systems Group. 3764 SCO 5.x: include -lprot in the Makefile. Patch from Bill 3765 Glicker of Burrelle's Information Service. 3766 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch 3767 from Makoto MATSUSHITA of Osaka University. 3768 SunOS 4.0.3: compile problems. Patches from Andrew Cole of 3769 Leeds University and SASABE Tetsuro of the University 3770 of Tokyo. 3771 DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support 3772 Services, Inc. 3773 Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp. 3774 I believe this to have only been a problem if you 3775 compiled with -DUSE_VENDOR_CF_PATH -- another reason 3776 to stick with /etc/sendmail.cf as your One True Path. 3777 Digital UNIX (OSF/1 on Alpha) load average computation from 3778 Martin Laubach of the Technischen Universit�t Wien. 3779 CONFIG: change default Received: line to be multiple lines rather 3780 than one long one. By popular demand. 3781 MAIL.LOCAL: warnings weren't being logged on some systems. Patch 3782 from Jerome Berkman of U.C. Berkeley. 3783 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs 3784 to take a very long time. Problem noted by Yoshiro YONEYA 3785 of NTT Software Corporation. 3786 CONTRIB: add etrn.pl, contributed by John Beck. 3787 NEW FILES: 3788 contrib/etrn.pl 3789 37908.8.3/8.8.3 1996/11/17 3791 SECURITY: it was possible to get a root shell by lying to sendmail 3792 about argv[0] and then sending it a signal. Problem noted 3793 by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the 3794 best-of-security list. 3795 Log sendmail binary version number in "Warning: .cf version level 3796 (%d) exceeds program functionality (%d) message" -- this 3797 should make it clearer to people that they are running 3798 the wrong binary. 3799 Fix a problem that occurs when you open an SMTP connection and then 3800 do one or more ETRN commands followed by a MAIL command; at 3801 the end of the DATA phase sendmail would incorrectly report 3802 "451 SMTP-MAIL: lost child: No child processes". Problem 3803 noted by Eric Bishop of Virginia Tech. 3804 When doing text-based host canonification (typically /etc/hosts 3805 lookup), a null host name would match any /etc/hosts entry 3806 with space at the end of the line. Problem noted by Steve 3807 Hubert of the University of Washington, Seattle. 3808 7 to 8 bit BASE64 MIME conversions could duplicate bits of text. 3809 Problem reported by Tom Smith of Digital Equipment Corp. 3810 Increase the size of the DNS answer buffer -- the standard UDP packet 3811 size PACKETSZ (512) is not sufficient for some nameserver 3812 answers containing very many resource records. The resolver 3813 may also switch to TCP and retry if it detects UDP packet 3814 overflow. Also, allow for the fact that the resolver 3815 routines res_query and res_search return the size of the 3816 *un*truncated answer in case the supplied answer buffer it 3817 not big enough to accommodate the entire answer. Patch from 3818 Eric Wassenaar. 3819 Improvements to MaxDaemonChildren code. If you think you have too 3820 many children, probe the ones you have to verify that they 3821 are still around. Suggested by Jared Mauch of CICnet, Inc. 3822 Also, do this probe before growing the vector of children 3823 pids; this previously caused the vector to grow indefinitely 3824 due to a race condition. Problem reported by Kyle Jones of 3825 UUNET. 3826 On some architectures, <db.h> (from the Berkeley DB library) defines 3827 O_EXLOCK to zero; this fools the map compilation code into 3828 thinking that it can avoid race conditions by locking on open. 3829 Change it to check for O_EXLOCK non-zero. Problem noted by 3830 Leif Erlingsson of Data Lege. 3831 Always call res_init() on startup (if compiled in, of course) to 3832 allow the sendmail.cf file to tweak resolver flags; without 3833 it, flag tweaks in ResolverOptions are ignored. Patch from 3834 Andrew Sun of Merrill Lynch. 3835 Improvements to host status printing code. Suggested by Steve Hubert 3836 of the University of Washington, Seattle. 3837 Change MinQueueAge option processing to do the check for the job age 3838 when reading the queue file, rather than at the end; this 3839 avoids parsing the addresses, which can do DNS lookups. 3840 Problem noted by John Beck of InReference, Inc. 3841 When MIME was being 7->8 bit decoded, "From " lines weren't being 3842 properly escaped. Problem noted by Peter Nilsson of the 3843 University of Linkoping. 3844 In some cases, sendmail would retain root permissions during queue 3845 runs even if RunAsUser was set. Problem noted by Mark 3846 Thomas of Mark G. Thomas Consulting. 3847 If the F=l flag was set on an SMTP mailer to indicate that it is 3848 actually local delivery, and NOTIFY=SUCCESS is specified in 3849 the envelope, and the receiving SMTP server speaks DSN, then 3850 the DSN would be both generated locally and propagated to the 3851 other end. 3852 The U= mailer field didn't correctly extract the group id if the 3853 user id was numeric. Problem noted by Kenneth Herron of 3854 MCI Telecommunications Communications. 3855 If a message exceeded the fixed maximum size on input, the body of 3856 the message was included in the bounce. Note that this did 3857 not occur if it exceeded the maximum _output_ size. Problem 3858 reported by Kyle Jones of UUNET. 3859 PORTABILITY FIXES: 3860 AIX4: 4.1 doesn't have a working setreuid(2); change the 3861 AIX4 defines to use seteuid(2) instead, which 3862 works on 4.1 as well as 4.2. Problem noted by 3863 H�kan Lindholm of interAF, Sweden. 3864 AIX4: use tzname[] vector to determine time zone name. 3865 Patch from NAKAMURA Motonori of Kyoto University. 3866 MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support. 3867 Contributed by Paul DuBois <dubois@primate.wisc.edu>. 3868 Solaris: kstat(3k) support for retrieving the load average. 3869 This adds the LA_KSTAT definition for LA_TYPE. 3870 The outline of the implementation was contributed 3871 by Michael Tokarev of Telecom Service, JSC, Moscow. 3872 HP-UX 10.0 gripes about the (perfectly legal!) forward 3873 declaration of struct rusage at the top of conf.h; 3874 change it to only be included if you are using gcc, 3875 which is apparently the only compiler that requires 3876 it in the first place. Problem noted by Jeff 3877 Earickson of Colby College. 3878 IRIX: don't default to using gcc. IRIX is a civilized 3879 operating system that comes with a decent compiler 3880 by default. Problem noted by Barry Bouwsma and 3881 Kari Hurtta. 3882 CONFIG: specify F=9 as default in FEATURE(local_procmail) for 3883 consistency with other local mailers. Inconsistency 3884 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>. 3885 CONFIG: if the "limited best mx" feature is used (to reduce DNS 3886 overhead) as part of the bestmx_is_local feature, the 3887 domain part was dropped from the name. Patch from Steve 3888 Hubert of the University of Washington, Seattle. 3889 CONFIG: catch addresses of the form "user@.dom.ain"; these could 3890 end up being translated to the null host name, which would 3891 return any entry in /etc/hosts that had a space at the end 3892 of the line. Problem noted by Steve Hubert of the 3893 University of Washington, Seattle. 3894 CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer 3895 Polytechnic Institute. 3896 MAKEMAP: tweak hash and btree parameters for better performance. 3897 Patch from Matt Dillon of Best Internet Communications. 3898 NEW FILES: 3899 src/Makefiles/Makefile.Linux.ppc 3900 cf/ostype/aix4.m4 3901 cf/ostype/mklinux.m4 3902 39038.8.2/8.8.2 1996/10/18 3904 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch 3905 changed the code but didn't fix the problem. 3906 PORTABILITY FIXES: 3907 Solaris: Don't use the system getusershell(3); it can 3908 apparently corrupt the heap in some circumstances. 3909 Problem found by Ken Pizzini of Spry, Inc. 3910 OP.ME: document several mailer flags that were accidentally omitted 3911 from this document. These flags were F=d, F=j, F=R, and F=9. 3912 CONFIG: no changes. 3913 39148.8.1/8.8.1 1996/10/17 3915 SECURITY: unset all environment variables that the resolver will 3916 examine during queue runs and daemon mode. Problem noted 3917 by Dan Bernstein of the University of Illinois at Chicago. 3918 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain 3919 message could overflow a buffer if it was converted back 3920 to 8 bits. This caused core dumps and has the potential 3921 for a remote attack. Problem first noted by Gregory Shapiro 3922 of WPI. 3923 Avoid duplicate deliveries of error messages on systems that don't 3924 have flock(2) support. Patch from Motonori Nakamura of 3925 Kyoto University. 3926 Ignore null FallBackMX (V) options. If this option is null (as 3927 opposed to undefined) it can cause "null signature" syserrs 3928 on illegal host names. 3929 If a Base64 encoded text/plain message has no trailing newline in 3930 the encoded text, conversion back to 8 bits will drop the 3931 final line. Problem noted by Pierre David. 3932 If running with a RunAsUser, sendmail would give bogus "cannot 3933 setuid" (or seteuid, or setreuid) messages on some systems. 3934 Problem pointed out by Jordan Mendelson of Web Services, Inc. 3935 Always print error messages in -bv mode -- previously, -bv would 3936 be absolutely silent on errors if the error mode was sent 3937 to (say) mail-back. Problem noted by Kyle Jones of UUNET. 3938 If -qI/R/S is set (or the ETRN command is used), ignore all long 3939 term host status. This is necessary because it is common 3940 to do this when you know a host has just come back up. 3941 Disallow duplicate HELO/EHLO commands as required by RFC 1651 section 3942 4.2. Excessive permissiveness noted by Lee Flight of the 3943 University of Leicester. 3944 If a service (such as NIS) is specified as the last entry in the 3945 service switch, but that service is not compiled in, sendmail 3946 would return a temporary failure when an entry was not found 3947 in the map. This caused the message to be queued instead of 3948 bouncing immediately. Problem noted by Harry Edmon of the 3949 University of Washington. 3950 PORTABILITY FIXES: 3951 Solaris 2.3 had compilation problems in conf.c. Several 3952 people pointed this out. 3953 NetBSD from Charles Hannum of MIT. 3954 AIX4 improvements based on info from Steve Bauer of South 3955 Dakota School of Mines & Technology. 3956 CONFIG: ``error:code message'' syntax was broken in virtusertable. 3957 Patch from Gil Kloepfer Jr. 3958 CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set 3959 using MASQUERADE_DOMAIN) were not masqueraded unless they 3960 were also in $=w. Problem noted by Zoltan Basti of 3961 Softec. 3962 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based 3963 on a patch from Eric Hagberg of Morgan Stanley. 3964 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan 3965 of Stanford via Robert La Ferla. 3966 39678.8.0/8.8.0 1996/09/26 3968 Under some circumstances, Bcc: headers would not be properly 3969 deleted. Pointed out by Jonathan Kamens of OpenVision. 3970 Log a warning if the sendmail daemon is invoked without a full 3971 pathname, which prevents "kill -1" from working. I was 3972 urged to put this in by Andrey A. Chernov of DEMOS (Russia). 3973 Fix small buffer overflow. Since the data in this buffer was not 3974 read externally, there was no security problem (and in fact 3975 probably wouldn't really overflow on most compilers). Pointed 3976 out by KIZU takashi of Osaka University. 3977 Fix problem causing domain literals such as [1.2.3.4] to be ignored 3978 if a FallbackMXHost was specified in the configuration file 3979 -- all mail would be sent to the fallback even if the original 3980 host was accessible. Pointed out by Munenari Hirayama of 3981 NSC (Japan). 3982 A message that didn't terminate with a newline would (sometimes) not 3983 have the trailing "." added properly in the SMTP dialogue, 3984 causing SMTP to hang. Patch from Per Hedeland of Ericsson. 3985 The DaemonPortOptions suboption to bind to a particular address was 3986 incorrect and nonfunctional due to a misunderstanding of the 3987 semantics of binding on a passive socket. Patch from 3988 NIIBE Yutaka of Mitsubishi Research Institute. 3989 Increase the number of MX hosts for a single name to 100 to better 3990 handle the truly huge service providers such as AOL, which 3991 has 13 at the moment (and climbing). In order to avoid 3992 trashing memory, the buffer for all names has only been 3993 slightly increased in size, to 12.8K from 10.2K -- this means 3994 that if a single name had 100 MX records, the average size 3995 of those records could not exceed 128 bytes. Requested by 3996 Brad Knowles of America On Line. 3997 Restore use of IDENT returns where the OSTYPE field equals "OTHER". 3998 Urged by Dan Bernstein of U.C. Berkeley. 3999 Print q_statdate and q_specificity in address structure debugging 4000 printout. 4001 Expand MCI structure flag bits for debugging output. 4002 Support IPv6-style domain literals, which can have colons between 4003 square braces. 4004 Log open file descriptors for the "cannot dup" messages in deliver(); 4005 this is an attempt to track down a bug that one person seems 4006 to be having (it may be a Solaris bug!). 4007 DSN NOTIFY parameters were not properly propagated across queue runs; 4008 this caused the NOTIFY info to sometimes be lost. Problem 4009 pointed out by Claus Assmann of the 4010 Christian-Albrechts-University of Kiel. 4011 The statistics gathered in the sendmail.st file were too high; in 4012 some cases failures (e.g., user unknown or temporary failure) 4013 would count as a delivery as far as the statistics were 4014 concerned. Problem noted by Tom Moore of AT&T GIS. 4015 Systems that don't have flock() would not send split envelopes in 4016 the initial run. Problem pointed out by Leonard Zubkoff of 4017 Dandelion Digital. 4018 Move buffer overflow checking -- these primarily involve distrusting 4019 results that may come from NIS and DNS. 4020 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't 4021 include <paths.h> and hence had the wrong pathnames for a few 4022 things like /var/tmp. Reported by Matthew Green. 4023 Conditions were reversed for the Priority: header, resulting in all 4024 values being interpreted as non-urgent except for non-urgent, 4025 which was interpreted as normal. Patch from Bryan Costales. 4026 The -o (optional) flag was being ignored on hash and btree maps 4027 since 8.7.2. Fix from Bryan Costales. 4028 Content-Types listed in class "q" will always be encoded as 4029 Quoted-Printable (or more accurately, will never be encoded 4030 as base64). The class can have primary types (e.g., "text") 4031 or full types (e.g., "text/plain"). Based on a suggestion by 4032 Marius Olafsson of the University of Iceland. 4033 Define ${envid} to be the original envelope id (from the ESMTP DSN 4034 dialogue) so it can be passed to programs in mailers. 4035 Define ${bodytype} to be the body type (from the -B flag or the 4036 BODY= ESMTP parameter) so it can be passed to programs in 4037 mailers. 4038 Cause the VRFY command to return 252 instead of 250 unless the F=q 4039 flag is set in the mailer descriptor. Suggested by John 4040 Myers of CMU. 4041 Implement ESMTP ETRN command to flush the queue for a specific host. 4042 The command takes a host name; data for that host is 4043 immediately (and asynchronously) flushed. Because this shares 4044 the -qR implementation, other hosts may be attempted, but 4045 there should be no security implications. Implementation 4046 from John Beck of InReference, Inc. See RFC 1985 for details. 4047 Add three new command line flags to pass in DSN parameters: -V envid 4048 (equivalent to ENVID=envid on the MAIL command), -R ret 4049 (equivalent to RET=ret on the MAIL command), and -Nnotify 4050 (equivalent to NOTIFY=notify on the RCPT command). Note 4051 that the -N flag applies to all recipients; there is no way 4052 to specify per-address notifications on the command line, 4053 nor is there an equivalent for the ORCPT= per-address 4054 parameter. 4055 Restore LogLevel option to be safe (it can only be increased); 4056 apparently I went into paranoid mode between 8.6 and 8.7 4057 and made it unsafe. Pointed out by Dabe Murphy of the 4058 University of Maryland. 4059 New logging on log level 15: all SMTP traffic. Patches from 4060 Andrew Gross of San Diego Supercomputer Center. 4061 NetInfo property value searching code wasn't stopping when it found 4062 a match. This was causing the wrong values to be found (and 4063 had a memory leak). Found by Bastian Schleuter of TU-Berlin. 4064 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed 4065 out by Bill Wisner of Electronics for Imaging that you can't 4066 use the bracket address form for the MAIL_HUB macro, since 4067 that causes the brackets to remain in the envelope recipient 4068 address used for delivery. The simple fix (stripping off the 4069 brackets in the config file) breaks the use of IP literal 4070 addresses. This flag will solve that problem. 4071 Add MustQuoteChars option. This is a list of characters that must 4072 be quoted if they are found in the phrase part of an address 4073 (that is, the full name part). The characters @,;:\()[] are 4074 always in this list and cannot be removed. The default is 4075 this list plus . and ' to match RFC 822. 4076 Add AllowBogusHELO option; if set, sendmail will allow HELO commands 4077 that do not include a host name for back compatibility with 4078 some stupid SMTP clients. Setting this violates RFC 1123 4079 section 5.2.5. 4080 Add MaxDaemonChildren option; if this is set, sendmail will start 4081 rejecting connections if it has more than this many 4082 outstanding children accepting mail. Note that you may 4083 see more processes than this because of outgoing mail; this 4084 is for incoming connections only. 4085 Add ConnectionRateThrottle option. If set to a positive value, the 4086 number of incoming SMTP connections that will be permitted 4087 in a single second is limited to this number. Connections are 4088 not refused during this time, just deferred. The intent is to 4089 flatten out demand so that load average limiting can kick in. 4090 It is less radical than MaxDaemonChildren, which will stop 4091 accepting connections even if all the connections are idle 4092 (e.g., due to connection caching). 4093 Add Timeout.hoststatus option. This interval (defaulting to 30m) 4094 specifies how long cached information about the state of a 4095 host will be kept before they are considered stale and the 4096 host is retried. If you are using persistent host status 4097 (i.e., the HostStatusDirectory option is set) this will apply 4098 between runs; otherwise, it applies only within a single queue 4099 run and hence is useful only for hosts that have large queues 4100 that take a very long time to run. 4101 Add SingleLineFromHeader option. If set, From: headers are coerced 4102 into being a single line even if they had newlines in them 4103 when read. This is to get around a botch in Lotus Notes. 4104 Text class maps were totally broken -- if you ever retrieved the last 4105 item in a table it would be truncated. Problem noted by 4106 Gregory Neil Shapiro of WPI. 4107 Extend the lines printed by the mailq command (== the -bp flag) when 4108 -v is given to 120 characters; this allows more information 4109 to be displayed. Suggested by Gregory Neil Shapiro of WPI. 4110 Allow macro definitions (`D' lines) with unquoted commas; previously 4111 this was treated as end-of-input. Problem noted by Bryan 4112 Costales. 4113 The RET= envelope parameter (used for DSNs) wasn't properly written 4114 to the queue file. Fix from John Hughes of Atlantic 4115 Technologies, Inc. 4116 Close /var/tmp/dead.letter after a successful write -- otherwise 4117 if this happens in a queue run it can cause nasty delays. 4118 Problem noted by Mark Horton of AT&T. 4119 If userdb entries pointed to userdb entries, and there were multiple 4120 values for a given key, the database cursor would get 4121 trashed by the recursive call. Problem noted by Roy Mongiovi 4122 of Georgia Tech. Fixed by reading all the values and creating 4123 a comma-separated list; thus, the -v output will be somewhat 4124 different for this case. 4125 Fix buffer allocation problem with Hesiod-based userdb maps when 4126 HES_GETMAILHOST is defined. Based on a patch by Betty Lee 4127 of Stanford University. 4128 When envelopes were split due to aliases with owner- aliases, and 4129 there was some error on one of the lists, more than one of 4130 the owners would get the message. Problem pointed out by 4131 Roy Mongiovi of Georgia Tech. 4132 Detect excessive recursion in macro expansions, e.g., $X defined 4133 in terms of $Y which is defined in terms of $X. Problem 4134 noted by Bryan Costales; patch from Eric Wassenaar. 4135 When using F=U to get "ugly UUCP" From_ lines, a buffer could in 4136 some cases get trashed causing bogus From_ lines. Fix from 4137 Kyle Jones of UUNET. 4138 When doing load average initialization, if the nlist call for avenrun 4139 failed, the second and subsequent lookups wouldn't notice 4140 that fact causing bogus load averages to be returned. Noted 4141 by Casper Dik of Sun Holland. 4142 Fix problem with incompatibility with some versions of inet_aton that 4143 have changed the return value to unsigned, so a check for an 4144 error return of -1 doesn't work. Use INADDR_NONE instead. 4145 This could cause mail to addresses such as [foo.com] to bounce 4146 or get dropped. Problem noted by Christophe Wolfhugel of the 4147 Pasteur Institute. 4148 DSNs were inconsistent if a failure occurred during the DATA phase 4149 rather than the RCPT phase: the Action: would be correct, but 4150 the detailed status information would be wrong. Problem noted 4151 by Bob Snyder of General Electric Company. 4152 Add -U command line flag and the XUSR ESMTP extension, both indicating 4153 that this is the initial MUA->MTA submission. The flag current 4154 does nothing, but in future releases (when MUAs start using 4155 these flags) it will probably turn on things like DNS 4156 canonification. 4157 Default end-of-line string (E= specification on mailer [M] lines) 4158 to \r\n on SMTP mailers. Default remains \n on non-SMTP 4159 mailers. 4160 Change the internal definition for the *file* and *include* mailers 4161 to have $u in the argument vectors so that they aren't 4162 misinterpreted as SMTP mailers and thus use \r\n line 4163 termination. This will affect anyone who has redefined 4164 either of these in their configuration file. 4165 Don't assume that IDENT servers close the connection after a query; 4166 responses can be newline terminated. From Terry Kennedy of 4167 St. Peter's College. 4168 Avoid core dumps on erroneous configuration files that have 4169 $#mailer with nothing following. From Bryan Costales. 4170 Avoid null pointer dereference with high debug values in unlockqueue. 4171 Fix from Randy Martin of Clemson University. 4172 Fix possible buffer overrun when expanding very large macros. Fix 4173 from Kyle Jones of UUNET. 4174 After 25 EXPN or VRFY commands, start pausing for a second before 4175 processing each one. This avoids a certain form of denial 4176 of service attack. Potential attack pointed out by Bryan 4177 Costales. 4178 Allow new named (not numbered!) config file rules to do validity 4179 checking on SMTP arguments: check_mail for MAIL commands and 4180 check_rcpt for RCPT commands. These rulesets can do anything 4181 they want; their result is ignored unless they resolve to the 4182 $#error mailer, in which case the indicated message is printed 4183 and the command is rejected. Similarly, the check_compat 4184 ruleset is called before delivery with "from_addr $| to_addr" 4185 (the $| is a meta-symbol used to separate the two addresses); 4186 it can give a "this sender can't send to this recipient" 4187 notification. Note that this patch allows $| to stand alone 4188 in rulesets. 4189 Define new macros ${client_name}, ${client_addr}, and ${client_port} 4190 that have the name, IP address, and port number (respectively) 4191 of the SMTP client (that is, the entity at the other end of 4192 the connection. These can be used in (e.g.) check_rcpt to 4193 verify that someone isn't trying to relay mail through your 4194 host inappropriately. Be sure to use the deferred evaluation 4195 form, for example $&{client_name}, to avoid having these bound 4196 when sendmail reads the configuration file. 4197 Add new config file rule check_relay to check the incoming connection 4198 information. Like check_compat, it is passed the host name 4199 and host address separated by $| and can reject connections 4200 on that basis. 4201 Allow IDA-style recursive function calls. Code contributed by Mark 4202 Lovell and Paul Vixie. 4203 Eliminate the "No ! in UUCP From address!" message" -- instead, create 4204 a virtual UUCP address using either a domain address or the $k 4205 macro. Based on code contributed by Mark Lovell and Paul 4206 Vixie. 4207 Add Stanford LDAP map. Requires special libraries that are not 4208 included with sendmail. Contributed by Booker C. Bense 4209 <bbense@networking.stanford.edu>; contact him for support. 4210 See also the src/READ_ME file. 4211 Allow -dANSI to turn on ANSI escape sequences in debug output; this 4212 puts metasymbols (e.g., $+) in reverse video. Really useful 4213 only for debugging deep bits of code where it is important to 4214 distinguish between the single-character metasymbol $+ and the 4215 two characters $, +. 4216 Changed ruleset 89 (executed in dumpstate()) to a named ruleset, 4217 debug_dumpstate. 4218 Add new UnsafeGroupWrites option; if set, .forward and :include: 4219 files that are group writable are considered "unsafe" -- that 4220 is, programs and files referenced from such files are not 4221 valid recipients. 4222 Delete bogosity test for FallBackMX host; this prevented it to be a 4223 name that was not in DNS or was a domain-literal. Problem 4224 noted by Tom May. 4225 Change the introduction to error messages to more clearly delineate 4226 permanent from temporary failures; if both existed in a 4227 single message it could be confusing. Suggested by John 4228 Beck of InReference, Inc. 4229 The IngoreDot (i) option didn't work for lines that were terminated 4230 with CRLF. Problem noted by Ted Stockwell of Secure 4231 Computing Corporation. 4232 Add a heuristic to improve the handling of unbalanced `<' signs in 4233 message headers. Problem reported by Matt Dillon of Best 4234 Internet Communications. 4235 Check for bogus characters in the 0200-0237 range; since these are 4236 used internally, very strange errors can occur if those 4237 characters appear in headers. Problem noted by Anders Gertz 4238 of Lysator. 4239 Implement 7 -> 8 bit MIME conversions. This only takes place if the 4240 recipient mailer has the F=9 flag set, and only works on 4241 text/plain body types. Code contributed by Marius Olafsson 4242 of the University of Iceland. 4243 Special case "postmaster" name so that it is always treated as lower 4244 case in alias files regardless of configuration settings; 4245 this prevents some potential problems where "Postmaster" or 4246 "POSTMASTER" might not match "postmaster". In most cases 4247 this change is a no-op. 4248 The -o map flag was ignored for text maps. Problem noted by Bryan 4249 Costales. 4250 The -a map flag was ignored for dequote maps. Problem noted by 4251 Bryan Costales. 4252 Fix core dump when a lookup of a class "prog" map returns no 4253 response. Patch from Bryan Costales. 4254 Log instances where sendmail is deferring or rejecting connections 4255 on LogLevel 14. Suggested by Kyle Jones of UUNET. 4256 Include port number in process title for network daemons. Suggested 4257 by Kyle Jones of UUNET. 4258 Send ``double bounces'' (errors that occur when sending an error 4259 message) to the address indicated in the DoubleBounceAddress 4260 option (default: postmaster). Previously they were always 4261 sent to postmaster. Suggested by Kyle Jones of UUNET. 4262 Add new mode, -bD, that acts like -bd in all respects except that 4263 it runs in foreground. This is useful for using with a 4264 wrapper that "watches" system services. Suggested by Kyle 4265 Jones of UUNET. 4266 Fix botch in spacing around (parenthesized) comments in addresses 4267 when the comment comes before the address. Patch from 4268 Motonori Nakamura of Kyoto University. 4269 Use the prefix "Postmaster notify" on the Subject: lines of messages 4270 that are being bounced to postmaster, rather than "Returned 4271 mail". This permits the person who is postmaster more 4272 easily determine what messages are to their role as 4273 postmaster versus bounces to mail they actually sent. Based 4274 on a suggestion by Motonori Nakamura. 4275 Add new value "time" for QueueSortOrder option; this causes the queue 4276 to be sorted strictly by the time of submission. Note that 4277 this can cause very bad behavior over slow lines (because 4278 large jobs will tend to delay small jobs) and on nodes with 4279 heavy traffic (because old things in the queue for hosts that 4280 are down delay processing of new jobs). Also, this does not 4281 guarantee that jobs will be delivered in submission order 4282 unless you also set DeliveryMode=queue. In general, it should 4283 probably only be used on the command line, and only in 4284 conjunction with -qRhost.domain. In fact, there are very few 4285 cases where it should be used at all. Based on an 4286 implementation by Motonori Nakamura. 4287 If a map lookup in ruleset 5 returns tempfail, queue the message in 4288 the same manner as other rulesets. Previously a temporary 4289 failure in ruleset 5 was ignored. Patch from Booker Bense 4290 of Stanford University. 4291 Don't proceed to the next MX host if an SMTP MAIL command returns a 4292 5yz (permanent failure) code. The next MX host will still be 4293 tried if the connection cannot be opened in the first place 4294 or if the MAIL command returns a 4yz (temporary failure) code. 4295 (It's hard to know what to do here, since neither RFC 974 nor 4296 RFC 1123 specify when to proceed to the next MX host.) 4297 Suggested by Jonathan Kamens of OpenVision, Inc. 4298 Add new "-t" flag for map definitions (the "K" line in the .cf file). 4299 This causes map lookups that get a temporary failure (e.g., 4300 name server failure) to _not_ defer the delivery of the 4301 message. This should only be used if your configuration file 4302 is prepared to do something sensible in this case. Based on 4303 an idea by Gregory Shapiro of WPI. 4304 Fix problem finding network interface addresses. Patch from 4305 Motonori Nakamura. 4306 Don't reject qf entries that are not owned by your effective uid if 4307 you are not running set-user-id; this makes management of 4308 certain kinds of firewall setups difficult. Patch 4309 suggested by Eamonn Coleman of Qualcomm. 4310 Add persistent host status. This keeps the information normally 4311 maintained within a single queue run in disk files that are 4312 shared between sendmail instances. The HostStatusDirectory 4313 is the directory in which the information is maintained. If 4314 not set, persistent host status is turned off. If not a full 4315 pathname, it is relative to the queue directory. A common 4316 value is ".hoststat". 4317 There are also two new operation modes: 4318 * -bh prints the status of hosts that have had recent 4319 connections. 4320 * -bH purges the host statuses. No attempt is made to save 4321 recent status information. 4322 This feature was originally written by Paul Vixie of Vixie 4323 Enterprises for KJS and adapted for V8 by Mark Lovell of 4324 Bigrock Consulting. Paul's funding of Mark and Mark's patience 4325 with my insistence that things fit cleanly into the V8 4326 framework is gratefully appreciated. 4327 New SingleThreadDelivery option (requires HostStatusDirectory to 4328 operate). Avoids letting two sendmails on the local machine 4329 open connections to the same remote host at the same time. 4330 This reduces load on the other machine, but can cause mail to 4331 be delayed (for example, if one sendmail is delivering a huge 4332 message, other sendmails won't be able to send even small 4333 messages). Also, it requires another file descriptor (for the 4334 lock file) per connection, so you may have to reduce 4335 ConnectionCacheSize to avoid running out of per-process 4336 file descriptors. Based on the persistent host status code 4337 contributed by Paul Vixie and Mark Lovell. 4338 Allow sending to non-simple files (e.g., /dev/null) even if the 4339 SafeFileEnvironment option is set. Problem noted by Bryan 4340 Costales. 4341 The -qR flag mistakenly matched flags in the "R" line of the queue 4342 file. Problem noted by Bryan Costales. 4343 If a job was aborted using the interrupt signal (e.g., control-C from 4344 the keyboard), on some occasions an empty df file would be 4345 left around; these would collect in the queue directory. 4346 Problem noted by Bryan Costales. 4347 Change the makesendmail script to enhance the search for Makefiles 4348 based on release number. For example, on SunOS 5.5.1, it will 4349 search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then 4350 Makefile.SunOS.5.x (in addition to the other rules, e.g., 4351 adding $arch). Problem noted by Jason Mastaler of Atlanta 4352 Webmasters. 4353 When creating maps using "newaliases", always map the keys to lower 4354 case when creating the map unless the -f flag is specified on 4355 the map itself. Previously this was done based on the F=u 4356 flag in the local mailer, which meant you could create aliases 4357 that you could never access. Problem noted by Bob Wu of DEC. 4358 When a job was read from the queue, the bits causing notification on 4359 failure or delay were always set. This caused those 4360 notifications to be sent even if NOTIFY=NEVER had been 4361 specified. Problem noted by Steve Hubert of the University 4362 of Washington, Seattle. 4363 Add new configurable routine validate_connection (in conf.c). This 4364 lets you decide if you are willing to accept traffic from 4365 this host. If it returns FALSE, all SMTP commands will return 4366 "550 Access denied". -DTCPWRAPPERS will include support for 4367 TCP wrappers; you will need to add -lwrap to the link line. 4368 (See src/READ_ME for details.) 4369 Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster 4370 bounces. Some people seemed to think that this could be 4371 confusing (even though it is true). Suggested by Motonori 4372 Nakamura. 4373 Add new RunAsUser option; this causes sendmail to do a setuid to that 4374 user early in processing to avoid potential security problems. 4375 However, this means that all .forward and :include: files must 4376 be readable by that user, and all files to be written must be 4377 writable by that user and all programs will be executed by that 4378 user. It is also incompatible with the SafeFileEnvironment 4379 option. In other words, it may not actually add much to 4380 security. However, it should be useful on firewalls and other 4381 places where users don't have accounts and the aliases file is 4382 well constrained. 4383 Add Timeout.iconnect. This is like Timeout.connect except it is used 4384 only on the first attempt to delivery to an address. It could 4385 be set to be lower than Timeout.connect on the principle that 4386 the mail should go through quickly to responsive hosts; less 4387 responsive hosts get to wait for the next queue run. 4388 Fix a problem on Solaris that occasionally causes programs 4389 (such as vacation) to hang with their standard input connected 4390 to a UDP port. It also created some signal handling problems. 4391 The problems turned out to be an interaction between vfork(2) 4392 and some of the libraries, particularly NIS/NIS+. I am 4393 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix. 4394 Change user class map to do the same matching that actual delivery 4395 will do instead of just a /etc/passwd lookup. This adds 4396 fuzzy matching to the user map. Patch from Dan Oscarsson. 4397 The Timeout.* options are not safe -- they can be used to create a 4398 denial-of-service attack. Problem noted by Christophe 4399 Wolfhugel. 4400 Don't send PostmasterCopy messages in the event of a "delayed" 4401 notification. Suggested by Barry Bouwsma. 4402 Don't advertise "VERB" ESMTP extension if the "noexpn" privacy 4403 option is set, since this disables VERB mode. Suggested 4404 by John Hawkinson of MIT. 4405 Complain if the QueueDirectory (Q) option is not set. Problem noted 4406 by Motonori Nakamura of Kyoto University. 4407 Only queue messages on transient .forward open failures if there 4408 were no successful opens. The previous behavior caused it 4409 to queue even if a "fall back" .forward was found. Problem 4410 noted by Ann-Kian Yeo of the Dept. of Information Systems 4411 and Computer Science (DISCS), NUS, Singapore. 4412 Don't do 8->7 bit conversions when bouncing a MIME message that 4413 is bouncing because of a MIME error during 8->7 bit conversion; 4414 the encapsulated message will bounce again, causing a loop. 4415 Problem noted by Steve Hubert of the University of Washington. 4416 Create xf (transcript) files using the TempFileMode option value 4417 instead of 0644. Suggested by Ann-Kian Yeo of the 4418 National University of Singapore. 4419 Print errors if setgid/setuid/etc. fail during delivery. This helps 4420 detect cases where DefaultUid is set to something that the 4421 system can't cope with. 4422 PORTABILITY FIXES: 4423 Support for AIX/RS 2.2.1 from Mark Whetzel of Western 4424 Atlas International. 4425 Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell 4426 <bicknell@ufp.org>. 4427 On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only 4428 work on the first recipient of a message due to a 4429 bug in the getpwent family. If this is something you 4430 use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a 4431 workaround. From Maximum Entropy of Sanford C. 4432 Bernstein and Associates. 4433 FreeBSD 1.1.5.1 uname -r returns a string containing 4434 parentheses, which breaks makesendmail. Reported 4435 by Piero Serini <piero@strider.ibenet.it>. 4436 Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of 4437 Systems and Computer Technology Corporation. 4438 Solaris 2.x: omit the UUCP grade parameter (-g flag) because 4439 it is system-dependent. Problem noted by J.J. Bailey 4440 of Bailey Computer Consulting. 4441 Pyramid NILE running DC/OSx support from Earle F. Ake of 4442 Hassler Communication Systems Technology, Inc. 4443 HP-UX 10.x compile glitches, reported by Anne Brink of the 4444 U.S. Army and James Byrne of Harte & Lyne Limited. 4445 NetBSD from Matthew Green of the NetBSD crew. 4446 SCO 5.x from Keith Reynolds of SCO. 4447 IRIX 6.2 from Robert Tarrall of the University of 4448 Colorado and Kari Hurtta of the Finnish Meteorological 4449 Institute. 4450 UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R. 4451 Lopez, CICA (Seville). 4452 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR. 4453 PTX 3.2.0 from Kenneth Stailey of the US Department of Labor 4454 Employment Standards Administration. 4455 Altos System V (5.3.1) from Tim Rice of Multitalents. 4456 Concurrent Systems Corporation Maxion from Donald R. Laster 4457 Jr. 4458 NetInfo maps (improved debugging and multi-valued aliases) 4459 from Adrian Steinmann of Steinmann Consulting. 4460 ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler) 4461 from Eric Schnoebelen of Convex. 4462 Linux 2.0 mail.local patches from Horst von Brand. 4463 NEXTSTEP 3.x compilation from Robert La Ferla. 4464 NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT. 4465 Solaris 2.5 configuration fixes for mail.local by Jim Davis 4466 of the University of Arizona. 4467 Solaris 2.5 has a working setreuid. Noted by David Linn of 4468 Vanderbilt University. 4469 Solaris changes for praliases, makemap, mailstats, and smrsh. 4470 Previously you had to add -DSOLARIS in Makefile.dist; 4471 this auto-detects. Based on a patch from Randall 4472 Winchester of the University of Maryland. 4473 CONFIG: add generic-nextstep3.3.mc file. Contributed by 4474 Robert La Ferla of Hot Software. 4475 CONFIG: allow mailertables to resolve to ``error:code message'' 4476 (where "code" is an exit status) on domains (previously 4477 worked only on hosts). Patch from Cor Bosman of Xs4all 4478 Foundation. 4479 CONFIG: hooks for IPv6-style domain literals. 4480 CONFIG: predefine ALIAS_FILE and change the prototype file so that 4481 if it is undefined the AliasFile option is never set; this 4482 should be transparent for most everyone. Suggested by John 4483 Myers of CMU. 4484 CONFIG: add FEATURE(limited_masquerade). Without this feature, any 4485 domain listed in $=w is masqueraded. With it, only those 4486 domains listed in a MASQUERADE_DOMAIN macro are masqueraded. 4487 CONFIG: add FEATURE(masquerade_entire_domain). This causes 4488 masquerading specified by MASQUERADE_DOMAIN to apply to all 4489 hosts under those domains as well as the domain headers 4490 themselves. For example, if a configuration had 4491 MASQUERADE_DOMAIN(foo.com), then without this feature only 4492 foo.com would be masqueraded; with it, *.foo.com would be 4493 masqueraded as well. Based on an implementation by Richard 4494 (Pug) Bainter of U. Texas. 4495 CONFIG: add FEATURE(genericstable) to do a more general rewriting of 4496 outgoing addresses. Defaults to ``hash -o /etc/genericstable''. 4497 Keys are user names; values are outgoing mail addresses. Yes, 4498 this does overlap with the user database, and figuring out 4499 just when to use which one may be tricky. Based on code 4500 contributed by Richard (Pug) Bainter of U. Texas with updates 4501 from Per Hedeland of Ericsson. 4502 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of 4503 incoming addresses. Defaults to ``hash -o /etc/virtusertable''. 4504 Keys are either fully qualified addresses or just the host 4505 part (with the @ sign). For example, a table containing: 4506 info@foo.com foo-info 4507 info@bar.com bar-info 4508 @baz.org jane@elsewhere.net 4509 would send all mail destined for info@foo.com to foo-info 4510 (which is presumably an alias), mail addressed to info@bar.com 4511 to bar-info, and anything addressed to anyone at baz.org will 4512 be sent to jane@elsewhere.net. The names foo.com, bar.com, 4513 and baz.org must all be in $=w. Based on discussions with 4514 a great many people. 4515 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS. 4516 Suggested by Richard Bainter. 4517 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the 4518 "fax" mailer. 4519 CONFIG: allow mailertable entries to resolve to local:user; this 4520 passes the original user@host in to procmail-style local 4521 mailers as the "detail" information to allow them to do 4522 additional clever processing. From Joe Pruett of 4523 Teleport Corporation. Delivery to the original user can 4524 be done by specifying "local:" (with nothing after the colon). 4525 CONFIG: allow any context that takes "mailer:domain" to also take 4526 "mailer:user@domain" to force mailing to the given user; 4527 "local:user" can also be used to do local delivery. This 4528 applies on *_RELAY and in the mailertable entries. Based 4529 on a suggestion by Ribert Kiessling of Easynet. 4530 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that 4531 limits the possible domains; this reduces the number of DNS 4532 lookups required to support this feature. For example, 4533 FEATURE(bestmx_is_local, my.site.com) limits the lookups 4534 to domains under my.site.com. Code contributed by Anthony 4535 Thyssen <anthony@cit.gu.edu.au>. 4536 CONFIG: LOCAL_RULESETS introduces any locally defined rulesets, 4537 such as the check_rcpt ruleset. Suggested by Gregory Shapiro 4538 of WPI. 4539 CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the 4540 event you have to define local mailers. Suggested by 4541 Gregory Shapiro of WPI. 4542 CONFIG: fix cases where a three- (or more-) stage route-addr could 4543 be misinterpreted as a list:...; syntax. Based on a patch by 4544 Vlado Potisk <Vlado_Potisk@tempest.sk>. 4545 CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is 4546 remotely connected. The address host!user was being 4547 converted to host!user@thishost instead of host!user@uurelay. 4548 Problem noted by William Gianopoulos of Raytheon Company. 4549 CONFIG: add confTO_ICONNECT to set Timeout.iconnect. 4550 CONFIG: change FEATURE(redirect) message from "User not local" to 4551 "User has moved"; the former wording was confusing if the 4552 new address is still on the local host. Based on a suggestion 4553 by Andreas Luik. 4554 CONFIG: add support in FEATURE(nullclient) for $=E (exposed users). 4555 However, the class is not pre-initialized to contain root. 4556 Suggested by Gregory Neil Shapiro. 4557 CONTRIB: Remove XLA code at the request of the author, Christophe 4558 Wolfhugel. 4559 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm. 4560 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note 4561 well: this produces a slightly different mailbox format (no 4562 Content-Length: headers), file ownerships and modes are 4563 different (not owned by group mail; mode 600 instead of 660), 4564 and the local mailer flags will have to be tweaked (make them 4565 match bsd4.4) in order to use this mailer. Patches from Paul 4566 Hammann of the Missouri Research and Education Network. 4567 MAIL.LOCAL: in some cases it could return EX_OK even though there 4568 was a delivery error, such as if the ownership on the file 4569 was wrong or the mode changed between the initial stat and 4570 the open. Problem reported by William Colburn of the New 4571 Mexico Institute of Mining and Technology. 4572 MAILSTATS: handle zero length files more reliably. Patch from Bryan 4573 Costales. 4574 MAILSTATS: add man page contributed by Keith Bostic of BSDI. 4575 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't 4576 honored. Fix from Michael Scott Shappe. 4577 PRALIASES: add man page contributed by Keith Bostic of BSDI. 4578 NEW FILES: 4579 src/Makefiles/Makefile.AIX.2 4580 src/Makefiles/Makefile.IRIX.6.2 4581 src/Makefiles/Makefile.maxion 4582 src/Makefiles/Makefile.NCR.MP-RAS.3.x 4583 src/Makefiles/Makefile.SCO.5.x 4584 src/Makefiles/Makefile.UXPDSV20 4585 mailstats/mailstats.8 4586 praliases/praliases.8 4587 cf/cf/generic-nextstep3.3.mc 4588 cf/feature/genericstable.m4 4589 cf/feature/limited_masquerade.m4 4590 cf/feature/masquerade_entire_domain.m4 4591 cf/feature/virtusertable.m4 4592 cf/ostype/aix2.m4 4593 cf/ostype/altos.m4 4594 cf/ostype/maxion.m4 4595 cf/ostype/solaris2.ml.m4 4596 cf/ostype/uxpds.m4 4597 contrib/re-mqueue.pl 4598 DELETED FILES: 4599 src/Makefiles/Makefile.Solaris 4600 contrib/xla/README 4601 contrib/xla/xla.c 4602 RENAMED FILES: 4603 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x 4604 src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2 4605 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10 4606 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x 4607 src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x 4608 46098.7.6/8.7.3 1996/09/17 4610 SECURITY: It is possible to force getpwuid to fail when writing the 4611 queue file, causing sendmail to fall back to running programs 4612 as the default user. This is not exploitable from off-site. 4613 Workarounds include using a unique user for the DefaultUser 4614 (old u & g options) and using smrsh as the local shell. 4615 SECURITY: fix some buffer overruns; in at least one case this allows 4616 a local user to get root. This is not known to be exploitable 4617 from off-site. The workaround is to disable chfn(1) commands. 4618 46198.7.5/8.7.3 1996/03/04 4620 Fix glitch in 8.7.4 when putting certain internal lines; this can 4621 in some case cause connections to hang or messages to have 4622 extra spaces in odd places. Patch from Eric Wassenaar; 4623 reports from Eric Hall of Chiron Corporation, Stephen 4624 Hansen of Stanford University, Dean Gaudet of HotWired, 4625 and others. 4626 46278.7.4/8.7.3 1996/02/18 4628 SECURITY: In some cases it was still possible for an attacker to 4629 insert newlines into a queue file, thus allowing access to 4630 any user (except root). 4631 CONFIG: no changes -- it is not a bug that the configuration 4632 version number is unchanged. 4633 46348.7.3/8.7.3 1995/12/03 4635 Fix botch in name server timeout in RCPT code; this problem caused 4636 two responses in SMTP, which breaks things horribly. Fix 4637 from Gregory Neil Shapiro of WPI. 4638 Verify that L= value on M lines cannot be negative, which could cause 4639 negative array subscripting. Not a security problem since 4640 this has to be in the config file, but it could have caused 4641 core dumps. Pointed out by Bryan Costales. 4642 Fix -d21 debug output for long macro names. Pointed out by Bryan 4643 Costales. 4644 PORTABILITY FIXES: 4645 SCO doesn't have ftruncate. From Bill Aten of Computerizers. 4646 IBM's version of arpa/nameser.h defaults to the wrong byte 4647 order. Tweak it to work properly. Based on fixes 4648 from Fletcher Mattox of UTexas and Betty Lee of 4649 Stanford University. 4650 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option. 4651 Deficiency pointed out by Bryan Costales of ICSI. 4652 46538.7.2/8.7.2 1995/11/19 4654 REALLY fix the backslash escapes in SmtpGreetingMessage, 4655 OperatorChars, and UnixFromLine options. They were not 4656 properly repaired in 8.7.1. 4657 Completely delete the Bcc: header if and only if there are other 4658 valid recipient headers (To:, Cc: or Apparently-To:, the 4659 last being a historic botch, of course). If Bcc: is the 4660 only recipient header in the message, its value is tossed, 4661 but the header name is kept. The old behavior (always keep 4662 the header name and toss the value) allowed primary recipients 4663 to see that a Bcc: went to _someone_. 4664 Include queue id on ``Authentication-Warning: <host>: <user> set 4665 sender to <address> using -f'' syslog messages. Suggested 4666 by Kari Hurtta. 4667 If a sequence or switch map lookup entry gets a tempfail but then 4668 continues on to another map type, but the name is not found, 4669 return a temporary failure from the sequence or switch map. 4670 For example, if hosts search ``dns files'' and DNS fails 4671 with a tempfail, the hosts map will go on and search files, 4672 but if it fails the whole thing should be a tempfail, not 4673 a permanent (host unknown) failure, even though that is the 4674 failure in the hosts.files map. This error caused hard 4675 bounces when it should have requeued. 4676 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo 4677 owned by bar mode 700 and inbox being set-user-id bar stopped 4678 working properly due to excessive paranoia. Pointed out by 4679 John Hawkinson of Panix. 4680 An SMTP RCPT command referencing a host that gave a nameserver 4681 timeout would return a 451 command (8.6 accepted it and 4682 queued it locally). Revert to the 8.6 behavior in order 4683 to simplify queue management for clustered systems. Suggested 4684 by Gregory Neil Shapiro of WPI. The same problem could break 4685 MH, which assumes that the SMTP session will succeed (tsk, tsk 4686 -- mail gets lost!); this was pointed out by Stuart Pook of 4687 Infobiogen. 4688 Fix possible buffer overflow in munchstring(). This was not a security 4689 problem because you couldn't specify any argument to this 4690 without first giving up root privileges, but it is still a 4691 good idea to avoid future problems. Problem noted by John 4692 Hawkinson and Sam Hartman of MIT. 4693 ``452 Out of disk space for temp file'' messages weren't being 4694 printed. Fix from David Perlin of Nanosoft. 4695 Don't advertise the ESMTP DSN extension if the SendMimeErrors option 4696 is not set, since this is required to get the actual DSNs 4697 created. Problem pointed out by John Gardiner Myers of CMU. 4698 Log permission problems that cause .forward and :include: files to 4699 be untrusted or ignored on log level 12 and higher. Suggested 4700 by Randy Martin of Clemson University. 4701 Allow user ids in U= clauses of M lines to have hyphens and 4702 underscores. 4703 Fix overcounting of recipients -- only happened when sending to an 4704 alias. Pointed out by Mark Andrews of SGI and Jack Woolley 4705 of Systems and Computer Technology Corporation. 4706 If a message is sent to an address that fails, the error message that 4707 is returned could show some extraneous "success" information 4708 included even if the user did not request success notification, 4709 which was confusing. Pointed out by Allan Johannesen of WPI. 4710 Config files that had no AliasFile definition were defaulting to 4711 using /etc/aliases; this caused problems with nullclient 4712 configurations. Change it back to the 8.6 semantics of 4713 having no local alias file unless it is declared. Problem 4714 noted by Charles Karney of Princeton University. 4715 Fix compile problem if NOTUNIX is defined. Pointed out by Bryan 4716 Costales of ICSI. 4717 Map lookups of class "userdb" maps were always case sensitive; they 4718 should be controlled by the -f flag like other maps. Pointed 4719 out by Bjart Kvarme <bjart.kvarme@usit.uio.no>. 4720 Fix problem that caused some addresses to be passed through ruleset 5 4721 even when they were tagged as "sticky" by prefixing the 4722 address with an "@". Patch from Thomas Dwyer III of Michigan 4723 Technological University. 4724 When converting a message to Quoted-Printable, prevent any lines with 4725 dots alone on a line by themselves. This is because of the 4726 preponderance of broken mailers that still get this wrong. 4727 Code contributed by Per Hedeland of Ericsson. 4728 Fix F{macro}/file construct -- it previously did nothing. Pointed 4729 out by Bjart Kvarme of USIT/UiO (Norway). 4730 Announce whether a cached connection is SMTP or ESMTP (in -v mode). 4731 Requested by Allan Johannesen. 4732 Delete check for text format of alias files -- it should be legal 4733 to have the database format of the alias files without the 4734 text version. Problem pointed out by Joe Rhett of Navigist, 4735 Inc. 4736 If "Ot" was specified with no value, the TZ variable was not properly 4737 imported from the environment. Pointed out by Frank Crawford 4738 <frank@ansto.gov.au>. 4739 Some architectures core dumped on "program" maps that didn't have 4740 extra arguments. Patch from Booker C. Bense of Stanford 4741 University. 4742 Queue run processes would re-spawn daemons when given a SIGHUP; only 4743 the parent should do this. Fix from Brian Coan of the 4744 Association for Progressive Communications. 4745 If MinQueueAge was set and a message was considered but not run 4746 during a queue run and the Timeout.queuereturn interval was 4747 reached, a "timed out" error message would be returned that 4748 didn't include the failed address (and claimed to be a warning 4749 even though it was fatal). The fix is to not return such 4750 messages until they are actually tried, i.e., in the next 4751 MinQueueAge interval. Problem noted by Rein Tollevik of 4752 SINTEF RUNIT, Oslo. 4753 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions 4754 that have the hes_getmailhost() routine. DEC Hesiod 4755 distributions do not have this routine. Based on a patch 4756 from Betty Lee of Stanford University. 4757 Extensive cleanups to map open code to handle a locking race condition 4758 in ndbm, hash, and btree format database files on some (most 4759 non-4.4-BSD based) OS architectures. This should solve the 4760 occasional "user unknown" problem during alias rebuilds that 4761 has plagued me for quite some time. Based on a patch from 4762 Thomas Dwyer III of Michigan Technological University. 4763 PORTABILITY FIXES: 4764 Solaris: Change location of newaliases and mailq from 4765 /usr/ucb to /usr/bin to match Sun settings. From 4766 James B. Davis of TCI. 4767 DomainOS: Makefile.DomainOS doesn't require -ldbm. From 4768 Don Lewis of Silicon Systems. 4769 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x 4770 so that the makesendmail script will find it. Pointed 4771 out by Richard Allen of the University of Iceland. 4772 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which 4773 isn't supported on all compilers. 4774 UXPDS: compilation fixes from Diego R. Lopez. 4775 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless 4776 you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE. 4777 CONFIG: Minor glitch in S21 -- attachment of local domain name 4778 didn't have trailing dot. From Jim Hickstein of Teradyne. 4779 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as 4780 user%host@thishost. From Claude Scarpelli of Infobiogen 4781 (France). 4782 CONFIG: OSTYPE(hpux10) failed to define the location of the help file. 4783 Pointed out by Hannu Martikka of Nokia Telecommunications. 4784 CONFIG: Diagnose some inappropriate ordering in configuration files, 4785 such as FEATURE(smrsh) listed after MAILER(local). Based on 4786 a bug report submitted by Paul Hoffman of Proper Publishing. 4787 CONFIG: Make OSTYPE files consistently not override settings that 4788 have already been set. Previously it worked differently 4789 for different files. 4790 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take 4791 is that this is wrong, but the change was causing problems 4792 for some people. From Per Hedeland of Ericsson. 4793 CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>; 4794 portability changes for Posix environments (no functional 4795 changes). 4796 47978.7.1/8.7.1 1995/10/01 4798 Old macros that have become options (SmtpGreetingMessage, 4799 OperatorChars, and UnixFromLine) didn't allow backslash 4800 escapes in the options, where they previously had. Bug 4801 pointed out by John Hawkinson of MIT. 4802 Fix strange case of an executable called by a program map that 4803 returns a value but also a non-zero exit status; this 4804 would give contradictory results in the higher level; in 4805 particular, the default clause in the map lookup would be 4806 ignored. Change to ignore the value if the program returns 4807 non-zero exit status. From Tom Moore of AT&T GIS. 4808 Shorten parameters passed to syslog() in some contexts to avoid a 4809 bug in many vendors' implementations of that routine. Although 4810 this isn't really a bug in sendmail per se, and my solution 4811 has to assume that syslog() has at least a 1K buffer size 4812 internally (I know some vendors have shortened this 4813 dramatically -- they're on their own), sendmail is a popular 4814 target. Also, limit the size of %s arguments in sprintf. 4815 These both have possible security implications. Solutions 4816 suggested by Casper Dik of Sun's Network Security Group 4817 (Holland), Mark Seiden, and others. 4818 Fix a problem that might cause a non-standard -B (body type) 4819 parameter to be passed to the next server with undefined 4820 results. This could have security implications. 4821 If a filesystem was at > 100% utilization, the freediskspace() 4822 routine incorrectly returned an error rather than zero. 4823 Problem noted by G. Paul Ziemba of Alantec. 4824 Change MX sort order so that local hostnames (those in $=w) always 4825 sort first within a given preference. This forces the bestmx 4826 map to always return the local host first, if it is included 4827 in the list of highest priority MX records. From K. Robert 4828 Elz. 4829 Avoid some possible null pointer dereferences. Fixes from Randy 4830 Martin <WOLF@CLEMSON.EDU> 4831 When sendmail starts up on systems that have no fully qualified 4832 domain name (FQDN) anywhere in the first matching host map 4833 (e.g., /etc/hosts if the hosts service searches "files dns"), 4834 sendmail would sleep to try to find a FQDN, which it really 4835 really needs. This has been changed to fall through to the 4836 next map type if it can't find a FQDN -- i.e., if the hosts 4837 file doesn't have a FQDN, it will try dns even though the 4838 short name was found in /etc/hosts. This is probably a crock, 4839 but many people have hosts files without FQDNs. Remember: 4840 domain names are your friends. 4841 Log a high-priority message if you can't find your FQDN during startup. 4842 Suggested by Simon Barnes of Schlumberger Limited. 4843 When using Hesiod, initialize it early to improve error reporting. 4844 Patch from Don Lewis of Silicon Systems, Inc. 4845 Apparently at least some versions of Linux have a 90 !minute! TCP 4846 connection timeout in the kernel. Add a new "connect" timeout 4847 to limit this time. Defaults to zero (use whatever the 4848 kernel provides). Based on code contributed by J.R. Oldroyd 4849 of TerraNet. 4850 Under some circumstances, a failed message would not be properly 4851 removed from the queue, causing tons of bogus error messages. 4852 (This fix eliminates the problematic EF_KEEPQUEUE flag.) 4853 Problem noted by Allan E Johannesen and Gregory Neil Shapiro 4854 of WPI. 4855 PORTABILITY FIXES: 4856 On IRIX 5.x, there was an inconsistency in the setting 4857 of sendmail.st location. Change the Makefile to 4858 install it in /var/sendmail.st to match the OSTYPE 4859 file and SGI standards. From Andre 4860 <andre@curry.zfe.siemens.de>. 4861 Support for Fujitsu/ICL UXP/DS (For the DS/90 Series) 4862 from Diego R. Lopez <drlopez@cica.es>. 4863 Linux compilation patches from J.R. Oldroyd of TerraNet, Inc. 4864 LUNA 2 Mach patches from Motonori Nakamura. 4865 SunOS Makefile was including -ldbm, which is for the old 4866 dbm library. The ndbm library is part of libc. 4867 CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with 4868 ``local configuration error'' in nullclient configuration. 4869 Patch from Gregory Neil Shapiro of WPI. 4870 CONFIG: don't allow an alias file in nullclient configurations -- 4871 since all addresses are relayed, they give errors during 4872 rebuild. Suggested by Per Hedeland of Ericsson. 4873 CONFIG: local mailer on Solaris 2 should always get a -f flag because 4874 otherwise the F=S causes the From_ line to imply that root is 4875 the sender. Problem pointed out by Claude Scarpelli of 4876 Infobiogen (France). 4877 NEW FILES: 4878 cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake) 4879 src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake) 4880 src/Makefiles/Makefile.UXPDS 4881 48828.7/8.7 1995/09/16 4883 Fix a problem that could cause sendmail to run out of file 4884 descriptors due to a trashed data structure after a 4885 vfork. Fix from Brian Coan of the Institute for 4886 Global Communications. 4887 Change the VRFY response if you have disabled VRFY -- some 4888 people seemed to think that it was too rude. 4889 Avoid reference to uninitialized file descriptor if HASFLOCK 4890 was not defined. This was used "safely" in the sense 4891 that it only did a stat, but it would have set the 4892 map modification time improperly. Problem pointed out 4893 by Roy Mongiovi of Georgia Tech. 4894 Clean up the Subject: line on warning messages and return 4895 receipts so that they don't say "Returned mail:"; this 4896 can be confusing. 4897 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is 4898 useful enough to make it worthwhile printing on "-d". 4899 Avoid logging alias statistics every time you read the alias 4900 file on systems with no database method compiled in. 4901 If you have a name with a trailing dot, and you try looking it 4902 up using gethostbyname without the dot (for /etc/hosts 4903 compatibility), be sure to turn off RES_DEFNAMES and 4904 RES_DNSRCH to avoid finding the wrong name accidentally. 4905 Problem noted by Charles Amos of the University of 4906 Maryland. 4907 Don't do timeouts in collect if you are not running SMTP. 4908 There is nothing that says you can't have a long 4909 running program piped into sendmail (possibly via 4910 /bin/mail, which just execs sendmail). Problem reported 4911 by Don "Truck" Lewis of Silicon Systems. 4912 Try gethostbyname() even if the DNS lookup fails iff option I 4913 is not set. This allows you to have hosts listed in 4914 NIS or /etc/hosts that are not known to DNS. It's normally 4915 a bad idea, but can be useful on firewall machines. This 4916 should really be broken out on a separate flag, I suppose. 4917 Avoid compile warnings against BIND 4.9.3, which uses function 4918 prototypes. From Don Lewis of Silicon Systems. 4919 Avoid possible incorrect diagnosis of DNS-related errors caused 4920 by things like attempts to resolve uucp names using 4921 $[ ... $] -- the fix is to clear h_errno at appropriate 4922 times. From Kyle Jones of UUNET. 4923 SECURITY: avoid denial-of-service attacks possible by destroying 4924 the alias database file by setting resource limits low. 4925 This involves adding two new compile-time options: 4926 HASSETRLIMIT (indicating that setrlimit(2) support is 4927 available) and HASULIMIT (indicating that ulimit(2) support 4928 is available -- the Release 3 form is used). The former 4929 is assumed on BSD-based systems, the latter on System 4930 V-based systems. Attack noted by Phil Brandenberger of 4931 Swarthmore University. 4932 New syntaxes in test (-bt) mode: 4933 ``.Dmvalue'' will define macro "m" to "value". 4934 ``.Ccvalue'' will add "value" to class "c". 4935 ``=Sruleset'' will dump the contents of the indicated 4936 ruleset. 4937 ``=M'' will display the known mailers. 4938 ``-ddebug-spec'' is equivalent to the command-line 4939 -d debug flag. 4940 ``$m'' will print the value of macro $m. 4941 ``$=c'' will print the contents of class $=c. 4942 ``/mx host'' returns the MX records for ``host''. 4943 ``/parse address'' will parse address, returning the value of 4944 crackaddr (essentially, the comment information) 4945 and the parsed address. 4946 ``/try mailer address'' will rewrite address into the form 4947 it will have when presented to the indicated mailer. 4948 ``/tryflags flags'' will set flags used by parsing. The 4949 flags can be `H' for header or `E' for envelope, 4950 and `S' for sender or `R' for recipient. These 4951 can be combined, so `HR' sets flags for header 4952 recipients. 4953 ``/canon hostname'' will try to canonify hostname and 4954 return the result. 4955 ``/map mapname key'' will look up `key' in the indicated 4956 `mapname' and return the result. 4957 Somewhat better handling of UNIX-domain socket addresses -- it 4958 should show the pathname rather than hex bytes. 4959 Restore ``-ba'' mode -- this reads a file from stdin and parses 4960 the header for envelope sender information and uses 4961 CR-LF as message terminators. It was thought to be 4962 obsolete (used only for Arpanet NCP protocols), but it 4963 turns out that the UK ``Grey Book'' protocols require 4964 that functionality. 4965 Fix a fix in previous release -- if gethostname and gethostbyname 4966 return a name without dots, and if an attempt to canonify 4967 that name fails, wait one minute and try again. This can 4968 result in an extra 60 second delay on startup if your system 4969 hostname (as returned by hostname(1)) has no dot and no names 4970 listed in /etc/hosts or your NIS map have a dot. 4971 Check for proper domain name on HELO and EHLO commands per 4972 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III 4973 of Michigan Technological University. 4974 Relax chownsafe rules slightly -- old version said that if you 4975 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, 4976 if fpathconf returned EINVAL or ENOSYS), assume that 4977 chown is not safe. The new version falls back to whether 4978 you are on a BSD system or not. This is important for 4979 SunOS, which apparently always returns one of those 4980 error codes. This impacts whether you can mail to files 4981 or not. 4982 Syntax errors such as unbalanced parentheses in the configuration 4983 file could be omitted if you had "Oem" prior to the 4984 syntax error in the config file. Change to always print 4985 the error message. It was especially weird because it 4986 would cause a "warning" message to be sent to the Postmaster 4987 for every message sent (but with no transcript). Problem 4988 noted by Gregory Paris of Motorola. 4989 Rewrite collect and putbody to handle full 8-bit data, including 4990 zero bytes. These changes are internally extensive, but 4991 should have minimal impact on external function. 4992 Allow full words for option names -- if the option letter is 4993 (apparently) a space, then take the word following -- e.g., 4994 O MatchGECOS=TRUE 4995 The full list of old and new names is as follows: 4996 7 SevenBitInput 4997 8 EightBitMode 4998 A AliasFile 4999 a AliasWait 5000 B BlankSub 5001 b MinFreeBlocks/MaxMessageSize 5002 C CheckpointInterval 5003 c HoldExpensive 5004 D AutoRebuildAliases 5005 d DeliveryMode 5006 E ErrorHeader 5007 e ErrorMode 5008 f SaveFromLine 5009 F TempFileMode 5010 G MatchGECOS 5011 H HelpFile 5012 h MaxHopCount 5013 i IgnoreDots 5014 I ResolverOptions 5015 J ForwardPath 5016 j SendMimeErrors 5017 k ConnectionCacheSize 5018 K ConnectionCacheTimeout 5019 L LogLevel 5020 l UseErrorsTo 5021 m MeToo 5022 n CheckAliases 5023 O DaemonPortOptions 5024 o OldStyleHeaders 5025 P PostmasterCopy 5026 p PrivacyOptions 5027 Q QueueDirectory 5028 q QueueFactor 5029 R DontPruneRoutes 5030 r, T Timeout 5031 S StatusFile 5032 s SuperSafe 5033 t TimeZoneSpec 5034 u DefaultUser 5035 U UserDatabaseSpec 5036 V FallbackMXHost 5037 v Verbose 5038 w TryNullMXList 5039 x QueueLA 5040 X RefuseLA 5041 Y ForkEachJob 5042 y RecipientFactor 5043 z ClassFactor 5044 Z RetryFactor 5045 The old macros that passed information into sendmail have 5046 been changed to options; those correspondences are: 5047 $e SmtpGreetingMessage 5048 $l UnixFromLine 5049 $o OperatorChars 5050 $q (deleted -- not necessary) 5051 To avoid possible problems with an older sendmail, 5052 configuration level 6 is accepted by this version of 5053 sendmail; any config file using the new names should 5054 specify "V6" in the configuration. 5055 Change address parsing to properly note that a phrase before a 5056 colon and a trailing semicolon are essentially the same 5057 as text outside of angle brackets (i.e., sendmail should 5058 treat them as comments). This is to handle the 5059 ``group name: addr1, addr2, ..., addrN;'' syntax (it will 5060 assume that ``group name:'' is a comment on the first 5061 address and the ``;'' is a comment on the last address). 5062 This requires config file support to get right. It does 5063 understand that :: is NOT this syntax, and can be turned 5064 off completely by setting the ColonOkInAddresses option. 5065 Level 6 config files added with new mailer flags: 5066 A Addresses are aliasable. 5067 i Do udb rewriting on envelope as well as header 5068 sender lines. Applies to the from address mailer 5069 flags rather than the recipient mailer flags. 5070 j Do udb rewriting on header recipient addresses. 5071 Applies to the sender mailer flags rather than the 5072 recipient mailer flags. 5073 k Disable check for loops when doing HELO command. 5074 o Always run as the mail recipient, even on local 5075 delivery. 5076 w Check for an /etc/passwd entry for this user. 5077 5 Pass addresses through ruleset 5. 5078 : Check for :include: on this address. 5079 | Check for |program on this address. 5080 / Check for /file on this address. 5081 @ Look up sender header addresses in the user 5082 database. Applies to the mailer flags for the 5083 mailer corresponding to the envelope sender 5084 address, rather than to recipient mailer flags. 5085 Pre-level 6 configuration files set A, w, 5, :, |, /, and @ 5086 on the "local" mailer, the o flag on the "prog" and "*file*" 5087 mailers, and the ColonOkInAddresses option. 5088 Eight-to-seven bit MIME conversions. This borrows ideas from 5089 John Beck of Hewlett-Packard, who generously contributed 5090 their implementation to me, which I then didn't use (see 5091 mime.c for an explanation of why). This adds the 5092 EightBitMode option (a.k.a. `8') and an F=8 mailer flag 5093 to control handling of 8-bit data. These have to cope with 5094 two types of 8-bit data: unlabelled 8-bit data (that is, 5095 8-bit data that is entered without declaring it as 8-bit 5096 MIME -- technically this is illegal according to the 5097 specs) and labelled 8-bit data (that is, it was declared 5098 as 8BITMIME in the ESMTP session or by using the 5099 -B8BITMIME command line flag). If the F=8 mailer flag is 5100 set then 8-bit data is sent to non-8BITMIME machines 5101 instead of converting to 7 bit (essentially using 5102 just-send-8 semantics). The values for EightBitMode are: 5103 m convert unlabelled 8-bit input to 8BITMIME, and do 5104 any necessary conversion of 8BITMIME to 7BIT 5105 (essentially, the full MIME option). 5106 p pass unlabelled 8-bit input, but convert labelled 5107 8BITMIME input to 7BIT as required (default). 5108 s strict adherence: reject unlabelled 8-bit input, 5109 convert 8BITMIME to 7BIT as required. The F=8 5110 flag is ignored. 5111 Unlabelled 8-bit data is rejected in mode `s' regardless of 5112 the setting of F=8. 5113 Add new internal class 'n', which is the set of MIME Content-Types 5114 which can not be 8 to 7 bit encoded because of other 5115 considerations. Types "multipart/*" and "message/*" are 5116 never directly encoded (although their components can be). 5117 Add new internal class 's', which is the set of subtypes of the 5118 MIME message/* content type that can be treated as though 5119 they are an RFC822 message. It is predefined to have 5120 "rfc822". Suggested By Kari Hurtta. 5121 Add new internal class 'e'. This is the set of MIME 5122 Content-Transfer-Encodings that can be converted to 5123 a seven bit format (Quoted-Printable or Base64). It is 5124 preinitialized to contain "7bit", "8bit", and "binary". 5125 Add C=charset mailer parameter and the the DefaultCharSet option (no 5126 short name) to set the default character set to use in the 5127 Content-Type: header when doing encoding of an 8-bit message 5128 which isn't marked as MIME into MIME format. If the C= 5129 parameter is set on the Envelope From address, use that as 5130 the default encoding; else use the DefaultCharSet option. 5131 If neither is set, it defaults to "unknown-8bit" as 5132 suggested by RFC 1428 section 3. 5133 Allow ``U=user:group'' field in mailer definition to set a default 5134 user and group that a mailer will be executed as. This 5135 overrides the 'u' and 'g' options, and if the `F=S' flag is 5136 also set, it is the uid/gid that will always be used (that 5137 is, the controlling address is ignored). The values may be 5138 numeric or symbolic; if only a symbolic user is given (no 5139 group) that user's default group in the passwd file is used 5140 as the group. Based on code donated by Chip Rosenthal of 5141 Unicom. 5142 Allow `u' option to also accept user:group as a value, in the same 5143 fashion as the U= mailer option. 5144 Add the symbolic time zone name in the Arpanet format dates (as 5145 a comment). This adds a new compile-time configuration 5146 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value 5147 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value 5148 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char 5149 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use 5150 timezone()), or TZ_NONE (don't include the comment). Code 5151 from Chip Rosenthal. 5152 The "Timeout" option (formerly "r") is extended to allow suboptions. 5153 For example, 5154 O Timeout.helo = 2m 5155 There are also two new suboptions "queuereturn" and 5156 "queuewarn"; these subsume the old T option. Thus, to 5157 set them both the preferred new syntax is 5158 O Timeout.queuereturn = 5d 5159 O Timeout.queuewarn = 4h 5160 Sort queue by host name instead of by message priority if the 5161 QueueSortOrder option (no short name) is set is set to 5162 ``host''. This makes better use of the connection cache, 5163 but may delay more ``interactive'' messages behind large 5164 backlogs under some circumstances. This is probably a 5165 good option if you have high speed links or don't do lots 5166 of ``batch'' messages, but less good if you are using 5167 something like PPP on a 14.4 modem. Based on code 5168 contributed by Roy Mongiovi of Georgia Tech (my main 5169 contribution was to make it configurable). 5170 Save i-number of df file in qf file to simplify rebuilding of queue 5171 after disastrous disk crash. Suggested by Kyle Jones of 5172 UUNET; closely based on code from KJS DECWRL code written 5173 by Paul Vixie. NOTA BENE: The qf files produced by 8.7 5174 are NOT back compatible with 8.6 -- that is, you can convert 5175 from 8.6 to 8.7, but not the other direction. 5176 Add ``F=d'' mailer flag to disable all use of angle brackets in 5177 route-addrs in envelopes; this is because in some cases 5178 they can be sent to the shell, which interprets them as 5179 I/O redirection. 5180 Don't include error file (option E) with return-receipts; this 5181 can be confusing. 5182 Don't send "Warning: cannot send" messages to owner-* or 5183 *-request addresses. Suggested by Christophe Wolfhugel 5184 of the Institut Pasteur, Paris. 5185 Allow -O command line flag to set long form options. 5186 Add "MinQueueAge" option to set the minimum time between attempts 5187 to run the queue. For example, if the queue interval 5188 (-q value) is five minutes, but the minimum queue age 5189 is fifteen minutes, jobs won't be tried more often than 5190 once every fifteen minutes. This can be used to give 5191 you more responsiveness if your delivery mode is set to 5192 queue-only. 5193 Allow "fileopen" timeout (default: 60 seconds) for opening 5194 :include: and .forward files. 5195 Add "-k", "-v", and "-z" flags to map definitions; these set the 5196 key field name, the value field name, and the field 5197 delimiter. The field delimiter can be a single character 5198 or the sequence "\t" or "\n" for tab or newline. 5199 These are for use by NIS+ and similar access methods. 5200 Change maps to always strip quotes before lookups; the -q flag 5201 turns off this behavior. Suggested by Motonori Nakamura. 5202 Add "nisplus" map class. Takes -k and -v flags to choose the 5203 key and value field names respectively. Code donated by 5204 Sun Microsystems. 5205 Add "hesiod" map class. The "file name" is used as the 5206 "HesiodNameType" parameter to hes_resolve(3). Returns the 5207 first value found for the match. Code donated by Scott 5208 Hutton of Indiana University. 5209 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to 5210 specify the name of the property that is searched as the 5211 key and a -v flag to specify the name of the property that 5212 is returned as the value (defaults to "members"). The 5213 default map is "/aliases". Some code based on code 5214 contributed by Robert La Ferla of Hot Software. 5215 Add "text" map class. This does slow, linear searches through 5216 text files. The -z flag specifies a column delimiter 5217 (defaults to any sequence of white space), the -k flag 5218 sets the key column number, and the -v flag sets the 5219 value column number. Lines beginning with `#' are treated 5220 as comments. 5221 Add "program" map class to execute arbitrary programs. The search 5222 key is presented as the last argument; the output is one 5223 line read from the programs standard output. Exit statuses 5224 are from sysexits.h. 5225 Add "sequence" map class -- searches maps in sequence until it 5226 finds a match. For example, the declarations: 5227 Kmap1 ... 5228 Kmap2 ... 5229 Kmapseq sequence map1 map2 5230 defines a map "mapseq" that first searches map1; if the 5231 value is found it is returned immediately, otherwise 5232 map2 is searched and the value returned. 5233 Add "switch" map class. This is much like "sequence" except that 5234 the ordering is fetched from an external file, usually 5235 the system service switch. The parameter is the name of 5236 the service to switch on, and the maps that it will use 5237 are the name of the switch map followed by ".service_type". 5238 For example, if the declaration of the map is 5239 Ksample switch hosts 5240 and the system service switch specifies that hosts are 5241 looked up using dns and nis in that order, then this is 5242 equivalent to 5243 Ksample sequence sample.dns sample.nis 5244 The subordinate maps (sample.*) must already be defined. 5245 Add "user" map class -- looks up users using getpwnam. Takes a 5246 "-v field" flag on the definition that tells what passwd 5247 entry to return -- legal values are name, passwd, uid, gid, 5248 gecos, dir, and shell. Generally expected to be used with 5249 the -m (matchonly) flag. 5250 Add "bestmx" map class -- returns the best MX value for the host 5251 listed as the value. If there are several "best" MX records 5252 for this host, one will be chosen at random. 5253 Add "userdb" map class -- looks up entries in the user database. 5254 The "file name" is actually the tag that will be used, 5255 typically "mailname". If there are multiple entries 5256 matching the name, the one chosen is undefined. 5257 Add multiple queue timeouts (both return and warning). These are 5258 set by the Precedence: or Priority: header fields to one of 5259 three values. If a Priority: is set and has value "normal", 5260 "urgent", or "non-urgent" the corresponding timeouts are 5261 used. If no priority is set, the Precedence: is consulted; 5262 if negative, non-urgent timeouts are used; if greater than 5263 zero, urgent timeouts are used. Otherwise, normal timeouts 5264 are used. The timeouts are set by setting the six timeouts 5265 queue{warn,return}.{urgent,normal,non-urgent}. 5266 Fix problem when a mail address is resolved to a $#error mailer 5267 with a temporary failure indication; it works in SMTP, 5268 but when delivering locally the mail is silently discarded. 5269 This patch, from Kyle Jones of UUNET, bounces it instead 5270 of queueing it (queueing is very hard). 5271 When using /etc/hosts or NIS-style lookups, don't assume that 5272 the first name in the list is the best one -- instead, 5273 search for the first one with a dot. For example, if 5274 an /etc/hosts entry reads 5275 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU 5276 this change will use the second name as the canonical 5277 machine name instead of the initial, unqualified name. 5278 Change dequote map to replace spaces in quoted text with a value 5279 indicated by the -s flag on the dequote map definition. 5280 For example, ``Mdequote dequote -s_'' will change 5281 "Foo Bar" into an unquoted Foo_Bar instead of leaving it 5282 quoted (because of the space character). Suggested by Dan 5283 Oscarsson for use in X.400 addresses. 5284 Implement long macro names as ${name}; long class names can 5285 be similarly referenced as $={name} and $~{name}. 5286 Definitions are (e.g.) ``D{name}value''. Names that have 5287 a leading lower case letter or punctuation characters are 5288 reserved for internal use by sendmail; i.e., config files 5289 should use names that begin with a capital letter. Based 5290 on code contributed by Dan Oscarsson. 5291 Fix core dump if getgrgid returns a null group list (as opposed 5292 to an empty group list, that is, a pointer to a list 5293 with no members). Fix from Andrew Chang of Sun Microsystems. 5294 Fix possible core dump if malloc fails -- if the malloc in xalloc 5295 failed, it called syserr which called newstr which called 5296 xalloc.... The newstr is now avoided for "panic" messages. 5297 Reported by Stuart Kemp of James Cook University. 5298 Improve connection cache timeouts; previously, they were not even 5299 checked if you were delivering to anything other than an 5300 IPC-connected host, so a series of (say) local mail 5301 deliveries could cause cached connections to be open 5302 much longer than the specified timeout. 5303 If an incoming message exceeds the maximum message size, stop 5304 writing the incoming bytes to the queue data file, since 5305 this can fill your mqueue partition -- this is a possible 5306 denial-of-service attack. 5307 Don't reject all numeric local user names unless HESIOD is 5308 defined. It turns out that Posix allows all-numeric 5309 user names. Fix from Tony Sanders of BSDI. 5310 Add service switch support. If the local OS has a service 5311 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf 5312 on DEC systems) that will be used; otherwise, it falls back 5313 to using a local mechanism based on the ServiceSwitchFile 5314 option (default: /etc/service.switch). For example, if the 5315 service switch lists "files" and "nis" for the aliases 5316 service, that will be the default lookup order. the "files" 5317 ("local" on DEC) service type expands to any alias files 5318 you listed in the configuration file, even if they aren't 5319 actually file lookups. 5320 Option I (NameServerOptions) no longer sets the "UseNameServer" 5321 variable which tells whether or not DNS should be considered 5322 canonical. This is now determined based on whether or not 5323 "dns" is in the service list for "hosts". 5324 Add preliminary support for the ESMTP "DSN" extension (Delivery 5325 Status Notifications). DSN notifications override 5326 Return-Receipt-To: headers, which are bogus anyhow -- 5327 support for them has been removed. 5328 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer 5329 definitions to define the types used in DSN returns for 5330 MTA names, addresses, and diagnostics respectively. 5331 Extend heuristic to force running in ESMTP mode to look for the 5332 five-character string "ESMTP" anywhere in the 220 greeting 5333 message (not just the second line). This is to provide 5334 better compatibility with other ESMTP servers. 5335 Print sequence number of job when running the queue so you can 5336 easily see how much progress you have made. Suggested 5337 by Peter Wemm of DIALix. 5338 Map newlines to spaces in logged message-ids; some versions of 5339 syslog truncate the rest of the line after newlines. 5340 Suggested by Fletcher Mattox of U. Texas. 5341 Move up forking for job runs so that if a message is split into 5342 multiple envelopes you don't get "fork storms" -- this 5343 also improves the connection cache utilization. 5344 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 5345 the purposes of refusing to send error returns. Suggested 5346 by Motonori Nakamura of Ritsumeikan University. 5347 Relax rules on when a file can be written when referenced from 5348 the aliases file: use the default uid/gid instead of the 5349 real uid/gid. This allows you to create a file owned by 5350 and writable only by the default uid/gid that will work 5351 all the time (without having the set-user-id bit set). Change 5352 suggested by Shau-Ping Lo and Andrew Cheng of Sun 5353 Microsystems. 5354 Add "DialDelay" option (no short name) to provide an "extra" 5355 delay for dial on demand systems. If this is non-zero 5356 and a connect fails, sendmail will wait this long and 5357 then try again. If it takes longer than the kernel 5358 timeout interval to establish the connection, this 5359 option can give the network software time to establish 5360 the link. The default units are seconds. 5361 Move logging of sender information to be as early as possible; 5362 previously, it could be delayed a while for SMTP mail 5363 sent to aliases. Suggested by Brad Knowles of the 5364 Defense Information Systems Agency. 5365 Call res_init() before setting RES_DEBUG; this is required by 5366 BIND 4.9.3, or so I'm told. From Douglas Anderson of 5367 the National Computer Security Center. 5368 Add xdelay= field in logs -- this is a transaction delay, telling 5369 you how long it took to deliver to this address on the 5370 last try. It is intended to be used for sorting mailing 5371 lists to favor "quick" addresses. Provided for use by 5372 the mailprio scripts (see below). 5373 If a map cannot be opened, and that map is non-optional, and 5374 an address requires that map for resolution, queue the 5375 map instead of bouncing it. This involves creating a 5376 pseudo-class of maps called "bogus-map" -- if a required 5377 map cannot be opened, the class is changed to bogus-map; 5378 all queries against bogus-map return "tempfail". The 5379 bogus-map class is not directly accessible. A sample 5380 implementation was donated by Jem Taylor of Glasgow 5381 University Computing Service. 5382 Fix a possible core dump when mailing to a program that talks 5383 SMTP on its standard input. Fix from Keith Moore of 5384 the University of Kentucky. 5385 Make it possible to resolve filenames to $#local $: @ /filename; 5386 previously, the "@" would cause it to not be recognized 5387 as a file. Problem noted by Brian Hill of U.C. Davis. 5388 Accept a -1 signal to re-exec the daemon. This only works if 5389 argv[0] is a full path to sendmail. 5390 Fix bug in "addr=..." field in O option on little-endian machines 5391 -- the network number wasn't being converted to network 5392 byte order. Patch from Kurt Lidl of Pix Technologies 5393 Corporation. 5394 Pre-initialize the resolver early on; this is to avoid a bug with 5395 BIND 4.9.3 that can cause the _res.retry field to get 5396 reset to zero, causing all name server lookups to time 5397 out. Fix from Matt Day of Artisoft. 5398 Restore T line (trusted users) in config file -- but instead of 5399 locking out the -f flag, they just tell whether or not 5400 an X-Authentication-Warning: will be added. This really 5401 just creates new entries in class 't', so "Ft/file/name" 5402 can be used to read trusted user names from a file. 5403 Trusted users are also allowed to execute programs even 5404 if they have a shell that isn't in /etc/shells. 5405 Improve NEWDB alias file rebuilding so it will create them 5406 properly if they do not already exist. This had been 5407 a MAYBENEXTRELEASE feature in 8.6.9. 5408 Check for @:@ entry in NIS maps before starting up to avoid 5409 (but not prevent, sigh) race conditions. This ought to 5410 be handled properly in ypserv, but isn't. Suggested by 5411 Michael Beirne of Motorola. 5412 Refuse connections if there isn't enough space on the filesystem 5413 holding the queue. Contributed by Robert Dana of Wolf 5414 Communications. 5415 Skip checking for directory permissions in the path to a file 5416 when checking for file permissions iff setreuid() 5417 succeeded -- it is unnecessary in that case. This avoids 5418 significant performance problems when looking for .forward 5419 files. Based on a suggestion by Win Bent of USC. 5420 Allow symbolic ruleset names. Syntax can be "Sname" to get an 5421 arbitrary ruleset number assigned or "Sname = integer" 5422 to assign a specific ruleset number. Reference is 5423 $>name_or_number. Names can be composed of alphas, digits, 5424 underscore, or hyphen (first character must be non-numeric). 5425 Allow -o flag on AliasFile lines to make the alias file optional. 5426 From Bryan Costales of ICSI. 5427 Add NoRecipientAction option to handle the case where there is 5428 no legal recipient header in the message. It can take 5429 on values: 5430 None Leave the message as is. The 5431 message will be passed on even 5432 though it is in technically 5433 illegal syntax. 5434 Add-To Add a To: header with any 5435 recipients that it can find from 5436 the envelope. This risks exposing 5437 Bcc: recipients. 5438 Add-Apparently-To Add an Apparently-To: header. This 5439 has almost no redeeming social value, 5440 and is provided only for back 5441 compatibility. 5442 Add-To-Undisclosed Add a header reading 5443 To: undisclosed-recipients:; 5444 which will have the effect of 5445 making the message legal without 5446 exposing Bcc: recipients. 5447 Add-Bcc To add an empty Bcc: header. 5448 There is a chance that mailers down 5449 the line will delete this header, 5450 which could cause exposure of Bcc: 5451 recipients. 5452 The default is NoRecipientAction=None. 5453 Truncate (rather than delete) Bcc: lines in the header. This 5454 should prevent later sendmails (at least, those that don't 5455 themselves delete Bcc:) from considering this message to 5456 be non-conforming -- although it does imply that non-blind 5457 recipients can see that a Bcc: was sent, albeit not to whom. 5458 Add SafeFileEnvironment option. If declared, files named as delivery 5459 targets must be regular files in addition to the regular 5460 checks. Also, if the option is non-null then it is used as 5461 the name of a directory that is used as a chroot(2) 5462 environment for the delivery; the file names listed in an 5463 alias or forward should include the name of this root. 5464 For example, if you run with 5465 O SafeFileEnvironment=/arch 5466 then aliases should reference "/arch/rest/of/path". If a 5467 value is given, sendmail also won't try to save to 5468 /usr/tmp/dead.letter (instead it just leaves the job in the 5469 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. 5470 Support -A flag for alias files; this will comma concatenate like 5471 entries. For example, given the aliases: 5472 list: member1 5473 list: member2 5474 and an alias file declared as: 5475 OAhash:-A /etc/aliases 5476 the final alias inserted will be "list: member1,member2"; 5477 without -A you will get an error on the second and subsequent 5478 alias for "list". Contributed by Bryan Costales of ICSI. 5479 Line-buffer transcript file. Suggested by Liudvikas Bukys. 5480 Fix a problem that could cause very long addresses to core dump in 5481 some special circumstances. Problem pointed out by Allan 5482 Johannesen. 5483 (Internal change.) Change interface to expand() (macro expansion) 5484 to be simpler and more consistent. 5485 Delete check for funny qf file names. This didn't really give 5486 any extra security and caused some people some problems. 5487 (If you -really- want this, define PICKY_QF_NAME_CHECK 5488 at compile time.) Suggested by Kyle Jones of UUNET. 5489 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and 5490 merge with DSN code; this is simpler and more consistent. 5491 This may affect some people who have written their own 5492 checkcompat() routine. 5493 (Internal change.) Eliminate `D' line in qf file. The df file 5494 is now assumed to be the same name as the qf file (with 5495 the `q' changed to a `d', of course). 5496 Avoid forking for delivery if all recipient mailers are marked as 5497 "expensive" -- this can be a major cost on some systems. 5498 Essentially, this forces sendmail into "queue only" mode 5499 if all it is going to do is queue anyway. 5500 Avoid sending a null message in some rather unusual circumstances 5501 (specifically, the RCPT command returns a temporary 5502 failure but the connection is lost before the DATA 5503 command). Fix from Scott Hammond of Secure Computing 5504 Corporation. 5505 Change makesendmail to use a somewhat more rational naming scheme: 5506 Makefiles and obj directories are named $os.$rel.$arch, 5507 where $os is the operating system (e.g., SunOS), $rel is 5508 the release number (e.g., 5.3), and $arch is the machine 5509 architecture (e.g., sun4). Any of these can be omitted, 5510 and anything after the first dot in a release number can 5511 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous 5512 version used $os.$arch.$rel and was rather less general. 5513 Change makesendmail to do a "make depend" in the target directory 5514 when it is being created. This involves adding an empty 5515 "depend:" entry in most Makefiles. 5516 Ignore IDENT return value if the OSTYPE field returns "OTHER", 5517 as indicated by RFC 1413. Pointed out by Kari Hurtta 5518 of the Finnish Meteorological Institute. 5519 Fix problem that could cause multiple responses to DATA command 5520 on header syntax errors (e.g., lines beginning with colons). 5521 Problem noted by Jens Thomassen of the University of Oslo. 5522 Don't let null bytes in headers cause truncation of the rest of 5523 the header. 5524 Log Authentication-Warning:s. Suggested by Motonori Nakamura. 5525 Increase timeouts on message data puts to allow time for receivers 5526 to canonify addresses in headers on the fly. This is still 5527 a rather ugly heuristic. From Motonori Nakamura. 5528 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX 5529 records are not used when canonifying names, and when MX 5530 lookups are done for addressing they must be fully 5531 qualified. This is useful if you have a wildcard MX record, 5532 although it may cause other problems. In general, don't use 5533 wildcard MX records. Patch from Motonori Nakamura. 5534 Eliminate default two-line SMTP greeting message. Instead of 5535 adding an extra "ESMTP spoken here" line, the word "ESMTP" 5536 is added between the first and second word of the first 5537 line of the greeting message (i.e., immediately after the 5538 host name). This eliminates the need for the BROKEN_SMTP_PEERS 5539 compile flag. Old sendmails won't see the ESMTP, but that's 5540 acceptable because SIZE was the only useful extension that 5541 old sendmails understand. 5542 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 5543 invoked state dumps. From Masaharu Onishi. 5544 Allow on-line comments in .forward and :include: files; they are 5545 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> 5546 is a space or a tab. This is intended for native 5547 representation of non-ASCII sets such as Japanese, where 5548 existing encodings would be unreadable or would lose 5549 data -- for example, 5550 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori 5551 (romanized/less information) 5552 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= 5553 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= 5554 (with MIME encoding, not human readable) 5555 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B 5556 (native encoding with ISO-2022-JP) 5557 The last form is human readable in the Japanese environment. 5558 Based on a fix from (surprise!) Motonori Nakamura. 5559 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all 5560 messages to that host; these are most frequently associated 5561 with addresses rather than the host, with the exception of 5562 421 (service shutting down). The effect was to cause queues 5563 to sometimes take an excessive time to flush. Reported by 5564 Robert Sargent of Southern Geographics Technologies and 5565 Eric Prestemon of American University. 5566 Add Nice=N mailer option to set the niceness at which a mailer will 5567 run. This is actually a relative niceness (that is, an 5568 increment on the background value). 5569 Log queue runs that are skipped due to high loads. They are logged 5570 at LOG_INFO priority iff the log level is > 8. Contributed 5571 by Bruce Nagel of Data General. 5572 Allow the error mailer to accept a DSN-style error status code 5573 instead of an sysexits status code in the host part. 5574 Anything with a dot will be interpreted as a DSN-style code. 5575 Add new mailer flag: F=3 will tell translations to Quoted-Printable 5576 to encode characters that might be munged by an EBCDIC system 5577 in addition to the set required by RFC 1521. The additional 5578 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. 5579 (Think of "IBM 360" as the mnemonic for this flag.) 5580 Change check for mailing to files to look for a pathname of [FILE] 5581 rather than looking for the mailer named *file*. The mapping 5582 of leading slashes still goes to the *file* mailer. This 5583 allows you to implement the *file* mailer as a separate 5584 program, for example, to insert a Content-Length: header 5585 or do special security policy. However, note that the usual 5586 initial checking for the file permissions is still done, and 5587 the program in question needs to be very careful about how 5588 it does the file write to avoid security problems. 5589 Be able to read ~root/.forward even if the path isn't accessible to 5590 regular users. This is disrecommended because sendmail 5591 sometimes does not run as root (e.g., when an unsafe option 5592 is specified on the command line), but should otherwise be 5593 safe because .forward files must be owned by the user for 5594 whom mail is being forwarded, and cannot be a symbolic link. 5595 Suggested by Forrest Aldrich of Wang Laboratories. 5596 Add new "HostsFile" option that is the pathname to the /etc/hosts 5597 file. This is used for canonifying hostnames when the 5598 service type is "files". 5599 Implement programs on F (read class from file) line. The syntax is 5600 Fc|/path/to/program to read the output from the program 5601 into class "c". 5602 Probe the network interfaces to find alternate names for this 5603 host. Requires the SIOCGIFCONF ioctl call. Code 5604 contributed by SunSoft. 5605 Add "E" configuration line to set or propagate environment 5606 variables into children. "E<envar>" will propagate 5607 the named variable from the environment when sendmail 5608 was invoked into any children it calls; "E<envar>=<value>" 5609 sets the named variable to the indicated value. Any 5610 variables not explicitly named will not be in the child 5611 environment. However, sendmail still forces an 5612 "AGENT=sendmail" environment variable, in part to enforce 5613 at least one environment variable, since many programs and 5614 libraries die horribly if this is not guaranteed. 5615 Change heuristic for rebuilding both NEWDB and NDBM versions of 5616 alias databases -- new algorithm looks for the substring 5617 "/yp/" in the file name. This is more portable and involves 5618 less overhead. Suggested by Motonori Nakamura. 5619 Dynamically allocate the queue work list so that you don't lose 5620 jobs in large queue runs. The old QUEUESIZE compile parameter 5621 is replaced by QUEUESEGSIZE (the unit of allocation, which 5622 should not need to be changed) and the MaxQueueRunSize option, 5623 which is the absolute maximum number of jobs that will ever 5624 be handled in a single queue run. Based on code contributed 5625 by Brian Coan of the Institute for Global Communications. 5626 Log message when a message is dropped because it exceeds the maximum 5627 message size. Suggested by Leo Bicknell of Virginia Tech. 5628 Allow trusted users (those on a T line or in $=t) to use -bs without 5629 an X-Authentication-Warning: added. Suggested by Mark Thomas 5630 of Mark G. Thomas Consulting. 5631 Announce state of compile flags on -d0.1 (-d0.10 throws in the 5632 OS-dependent defines). The old semantic of -d0.1 to not 5633 run the daemon in background has been moved to -d99.100, 5634 and the old 52.5 flag (to avoid disconnect() from closing 5635 all output files) has been moved to 52.100. This makes 5636 things more consistent (flags below .100 don't change 5637 semantics) and separates out the backgrounding so that 5638 it doesn't happen automatically on other unrelated debugging 5639 flags. 5640 If -t is used but no addresses are found in the header, give an 5641 error message rather than just doing nothing. Fix from 5642 Motonori Nakamura. 5643 On systems (like SunOS) where the effective gid is not necessarily 5644 included in the group list returned by getgroups(), the 5645 `restrictmailq' option could sometimes cause an authorized 5646 user to not be able to use `mailq'. Fix from Charles Hannum 5647 of MIT. 5648 Allow symbolic service names for [IPC] mailers. Suggested by 5649 Gerry Magennis of Logica International. 5650 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs 5651 when running DNS. For example, if the name FTP.Foo.ORG is 5652 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in 5653 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG" 5654 if this option is not set, or "FTP.Foo.ORG" if it is set. 5655 This is technically illegal under RFC 822 and 1123, but the 5656 IETF is moving toward legalizing it. Note that turning on 5657 this option is not sufficient to guarantee that a downstream 5658 neighbor won't rewrite the address for you. 5659 Add "-m" flag to makesendmail script -- this tells you what object 5660 directory and Makefile it will use, but doesn't actually do 5661 the make. 5662 Do some additional checking on the contents of the qf file to try 5663 to detect attacks against the qf file. In particular, 5664 abort on any line beginning "From ", and add an "end of 5665 file" line -- any data after that line is prohibited. 5666 Always use /etc/sendmail.cf, regardless of the arbitrary vendor 5667 choices. This can be overridden in the Makefile by using 5668 either -DUSE_VENDOR_CF_PATH to get the vendor location 5669 (to the extent that we know it) or by defining 5670 _PATH_SENDMAILCF (which is a "hard override"). This allows 5671 sendmail 8 to have more consistent installation instructions. 5672 Allow macros on `K' line in config file. Suggested by Andrew Chang 5673 of Sun Microsystems. 5674 Improved symbol table hash function from Eric Wassenaar. This one 5675 is at least 50% faster. 5676 Fix problem that didn't notice that timeout on file open was a 5677 transient error. Fix from Larry Parmelee of Cornell 5678 University. 5679 Allow comments (lines beginning with a `#') in files read for 5680 classes. Suggested by Motonori Nakamura. 5681 Make SIGINT (usually ^C) in test mode return to the prompt instead 5682 of dropping out entirely. This makes testing some of the 5683 name server lookups easier to deal with when there are 5684 hung servers. From Motonori Nakamura. 5685 Add new ${opMode} macro that is set to the current operation mode 5686 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by 5687 Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>. 5688 Add new delivery mode (Odd) that defers all map lookups to queue runs. 5689 Kind of like queue-only mode (Odq) except it tries to avoid 5690 any external service requests; for dial-on-demand hosts that 5691 want to minimize DNS lookups when mail is being queued. For 5692 this to work you will also have to make sure that gethostbyname 5693 of your local host name does not do a DNS lookup. 5694 Improved handling of "out of space" conditions from John Myers of 5695 Carnegie Mellon. 5696 Improved security for mailing to files on systems that have fchmod(2) 5697 support. 5698 Improve "cannot send message for N days" message -- now says "could 5699 not send for past N days". Suggested by Tom Moore of AT&T 5700 Global Information Solutions. 5701 Less misleading Subject: line on messages sent to postmaster only. 5702 From Motonori Nakamura. 5703 Avoid duplicate error messages on bad command line flags. From 5704 Motonori Nakamura. 5705 Better error message for case where ruleset 0 falls off the end 5706 or otherwise does not resolve to a canonical triple. 5707 Fix a problem that could cause multiple bounce messages if a bad 5708 address was sent along with a good address to an SMTP 5709 site where that SMTP site returned a 4yz code in response 5710 to the final dot of the data. Problem reported by David 5711 James of British Telecom. 5712 Add "volatile" declarations so that gcc -O2 will work. Patches 5713 from Alexander Dupuy of System Management ARTS. 5714 Delete duplicates in MX lists -- believe it or not, there are sites 5715 that list the same host twice in an MX list. This deletion 5716 only works on adjacent preferences, so an MX list that 5717 had A=5, B=10, A=15 would leave both As, but one that had 5718 A=5, A=10, B=15 would reduce to A, B. This is intentional, 5719 just in case there is something weird I haven't thought of. 5720 Suggested by Barry Shein of Software Tool & Die. 5721 SECURITY: .forward files cannot be symbolic links. If they are, 5722 a bad guy can read your private files. 5723 PORTABILITY FIXES: 5724 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. 5725 System V Release 4 from Motonori Nakamura of Ritsumeikan 5726 University. This expands the disk size 5727 checking to include all (?) SVR4 configurations. 5728 System V Release 4 from Kimmo Suominen -- initgroups(3) 5729 and setrlimit(2) are both available. 5730 System V Release 4 from sob@sculley.ffg.com -- some versions 5731 apparently "have EX_OK defined in other headerfiles." 5732 Linux Makefile typo. 5733 Linux getusershell(3) is broken in Slackware 2.0 -- 5734 from Andrew Pam of Xanadu Australia. 5735 More Linux tweaking from John Kennedy of California State 5736 University, Chico. 5737 Cray changes from Eric Wassenaar: ``On Cray, shorts, 5738 ints, and longs are all 64 bits, and all structs 5739 are multiples of 64 bits. This means that the 5740 sizeof operator returns only multiples of 8. 5741 This requires adaptation of code that really 5742 deals with 32 bit or 16 bit fields, such as IP 5743 addresses or nameserver fields.'' 5744 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To 5745 get the old behavior, use -DDGUX_5_4_2. 5746 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment 5747 variable to fix bogus /bin/mail behavior. 5748 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. 5749 This also cleans up some System V Release 4 compile 5750 problems. 5751 Solaris 2: sendmail.cw file should be in /etc/mail to 5752 match all the other configuration files. Fix 5753 from Glenn Barry of Emory University. 5754 Solaris 2.3: compile problem in conf.c. Fix from Alain 5755 Nissen of the University of Liege, Belgium. 5756 Ultrix: freespace calculation was incorrect. Fix from 5757 Takashi Kizu of Osaka University. 5758 SVR4: running in background gets a SIGTTOU because the 5759 emulation code doesn't realize that "getpeername" 5760 doesn't require reading the file. Fix from Peter 5761 Wemm of DIALix. 5762 Solaris 2.3: due to an apparent bug in the socket emulation 5763 library, sockets can get into a "wedged" state where 5764 they just return EPROTO; closing and re-opening the 5765 socket clears the problem. Fix from Bob Manson 5766 of Ohio State University. 5767 Hitachi 3050R & 3050RX running HI-UX/WE2: portability 5768 fixes from Akihiro Hashimoto ("Hash") of Chiba 5769 University. 5770 AIX changes to allow setproctitle to work from Rainer Sch�pf 5771 of Zentrum f�r Datenverarbeitung der Universit�t 5772 Mainz. 5773 AIX changes for load average from Ed Ravin of NASA/Goddard. 5774 SCO Unix from Chip Rosenthal of Unicom (code was using the 5775 wrong statfs call). 5776 ANSI C fixes from Adam Glass (NetBSD project). 5777 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers 5778 University. 5779 DG-UX fixes from Bruce Nagel of Data General. 5780 IRIX64 updates from Mark Levinson of the University of 5781 Rochester Medical Center. 5782 Altos System V (``the first UNIX/XENIX merge the Altos 5783 did for their Series 1000 & Series 2000 line; 5784 their merged code was licensed back to AT&T and 5785 Microsoft and became System V release 3.2'') from 5786 Tim Rice <timr@crl.com>. 5787 OSF/1 running on Intel Paragon from Jeff A. Earickson 5788 <jeff@ssd.intel.com> of Intel Scalable Systems 5789 Division. 5790 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson 5791 <janet@dialix.oz.au>. 5792 System V Release 4 (statvfs semantic fix) from Alain 5793 Durand of I.M.A.G. 5794 HP-UX 10.x multiprocessor load average changes from 5795 Scott Hutton and Jeff Sumler of Indiana University. 5796 Cray CSOS from Scott Bolte of Cray Computer Corporation. 5797 Unicos 8.0 from Douglas K. Rand of the University of North 5798 Dakota, Scientific Computing Center. 5799 Solaris 2.4 fixes from Sanjay Dani of Dani Communications. 5800 ConvexOS 11.0 from Christophe Wolfhugel. 5801 IRIX 4.0.5 from David Ashton-Reader of CADcentre. 5802 ISC UNIX from J. J. Bailey. 5803 HP-UX 9.xx on the 8xx series machines from Remy Giraud 5804 of Meteo France. 5805 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>. 5806 IRIX 5.2 and 5.3 from Kari E. Hurtta. 5807 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. 5808 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. 5809 Omron LUNA unios-b, mach from Motonori Nakamura. 5810 NEC EWS-UX/V 4.2 from Motonori Nakamura. 5811 NeXT 2.1 from Bryan Costales. 5812 AUX patch thanks to Mike Erwin of Apple Computer. 5813 HP-UX 10.0 from John Beck of Hewlett-Packard. 5814 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a 5815 non-DEC resolver. Suggested by Allan Johannesen. 5816 UnixWare 2.0 fixes from Petr Lampa of the Technical 5817 University of Brno (Czech Republic). 5818 KSR OS 1.2.2 support from Todd Miller of the University 5819 of Colorado. 5820 UX4800 support from Kazuhisa Shimizu of NEC. 5821 MAKEMAP: allow -d flag to allow insertion of duplicate aliases 5822 in type ``btree'' maps. The semantics of this are undefined 5823 for regular maps, but it can be useful for the user database. 5824 MAKEMAP: lock database file while rebuilding to avoid sendmail 5825 lookups while the rebuild is going on. There is a race 5826 condition between the open(... O_TRUNC ...) and the lock 5827 on the file, but it should be quite small. 5828 SMRSH: sendmail restricted shell added to the release. This can 5829 be used as an alternative to /bin/sh for the "prog" mailer, 5830 giving the local administrator more control over what 5831 programs can be run from sendmail. 5832 MAIL.LOCAL: add this local mailer to the tape. It is not really 5833 part of the release proper, and isn't fully supported; in 5834 particular, it does not run on System V based systems and 5835 never will. 5836 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon 5837 to allow rmail to compile on systems that don't have 5838 function prototypes and systems that don't have snprintf. 5839 CONTRIB: add the "mailprio" scripts that will help you sort mailing 5840 lists by transaction delay times so that addresses that 5841 respond quickly get sent first. This is to prevent very 5842 sluggish servers from delaying other peoples' mail. 5843 Contributed by Tony Sanders of BSDI. 5844 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders 5845 of BSDI. This has a lot of comments to help people out. 5846 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead, 5847 put this on the m4 command line. On GNU m4 (which 5848 supports the __file__ primitive) you can run m4 in an 5849 arbitrary directory -- use either: 5850 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 5851 or 5852 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf 5853 On other versions of m4 that don't support __file__, you 5854 can use: 5855 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ... 5856 (Note the trailing slash on the _CF_DIR_ definition.) 5857 Old versions of m4 will default to _CF_DIR_=.. for back 5858 compatibility. 5859 CONFIG: fix mail from <> so it will properly convert to 5860 MAILER-DAEMON on local addresses. 5861 CONFIG: fix code that was supposed to catch colons in host 5862 names. Problem noted by John Gardiner Myers of CMU. 5863 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. 5864 From Paul Riddle of the University of Maryland, Baltimore 5865 County. 5866 CONFIG: Catch and reject "." as a host address. 5867 CONFIG: Generalize domaintable to look up all domains, not 5868 just unqualified ones. 5869 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it 5870 was never used and didn't work anyway. 5871 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer 5872 and d on all mailers in the UUCP class. 5873 CONFIG: Allow "user+detail" to be aliased specially: it will first 5874 look for an alias for "user+detail", then for "user+*", and 5875 finally for "user". This is intended for forwarding mail 5876 for system aliases such as root and postmaster to a 5877 centralized hub. 5878 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). 5879 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. 5880 The F=8 flag is also set on the "relay" mailer, since 5881 this is expected to be another sendmail. 5882 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with 5883 the name of the UUCP_RELAY -- in some cases, this is the 5884 wrong value (e.g., when we have local UUCP connections), 5885 and this can create unreplyable addresses. From Chip 5886 Rosenthal of Unicom. 5887 CONFIG: add confRECEIVED_HEADER to change the format of the 5888 Received: header inserted into all messages. Suggested by 5889 Gary Mills of the University of Manitoba. 5890 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) 5891 to get the old behavior. I did this upon observing 5892 that almost everyone needed this feature, and that the 5893 concept I was trying to make happen didn't work with 5894 some user agents anyway. FEATURE(notsticky) still works, 5895 but it is a no-op. 5896 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user 5897 names are sent, rather than immediately diagnosing them 5898 as User Unknown. 5899 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, 5900 and RELAY_MAILER_ARGS to set the arguments for the 5901 indicated mailers. All default to "IPC $h". Patch from 5902 Larry Parmelee of Cornell University. 5903 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects 5904 on the client side" and F=P to get an appropriate 5905 return-path. From Kimmo Suominen. 5906 CONFIG: add FEATURE(local_procmail) to use the procmail program 5907 as the local mailer. For addresses of the form "user+detail" 5908 the "detail" part is passed to procmail via the -a flag. 5909 Contributed by Kimmo Suominen. 5910 CONFIG: add MAILER(procmail) to add an interface to procmail for 5911 use from mailertables. This lets you execute arbitrary 5912 procmail scripts. Contributed by Kimmo Suominen. 5913 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. 5914 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From 5915 Paul Southworth of CICNet Systems Support. 5916 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. 5917 This causes the null return path to be rewritten as 5918 MAILER-DAEMON; otherwise UUCP gets horribly confused. 5919 From Michael Hohmuth of Technische Universitat Dresden. 5920 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that 5921 list us as the best possible MX record to be treated as 5922 though they were local (essentially, assume that they 5923 are included in $=w). This can cause additional DNS 5924 traffic, but is easier to administer if this fits your 5925 local model. It does not work reliably if there are 5926 multiple hosts that share the best MX preference. 5927 Code contributed by John Oleynick of Rutgers. 5928 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted 5929 SHell) instead of /bin/sh as the program used for delivery 5930 to programs. If an argument is included, it is used as 5931 the path to smrsh; otherwise, /usr/local/etc/smrsh is 5932 assumed. 5933 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the 5934 size of messages to the local and procmail mailers 5935 respectively. Contributed by Brad Knowles of the Defense 5936 Information Systems Agency. 5937 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments 5938 (just like text outside of angle brackets) in order to 5939 properly deal with ``group: addr1, ... addrN;'' syntax. 5940 CONFIG: Require OSTYPE macro (the defaults really don't apply to 5941 any real systems any more) and tweak the DOMAIN macro 5942 so that it is less likely that users will accidentally use 5943 the Berkeley defaults. Also, create some generic files 5944 that really can be used in the real world. 5945 CONFIG: Add new configuration macros to set character sets for 5946 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, 5947 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. 5948 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. 5949 The old name will still be accepted for a while at least. 5950 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET 5951 mail (.DECNET pseudo-domain or node::user) will be sent. 5952 As with all relays, it can be ``mailer:hostname''. Suggested 5953 by Scott Hutton. 5954 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed 5955 by Barb Dijker of Labyrinth Computer Services. 5956 CONFIG: change confCHECK_ALIASES to default to False -- it has poor 5957 performance for large alias files, and this confused many 5958 people. 5959 CONFIG: Add confCF_VERSION to append local information to the 5960 configuration version number displayed during SMTP startup. 5961 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it 5962 would only work when locally addressed. Fix from 5963 Edvard Tuinder of Cistron Internet Services. 5964 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option 5965 "n" (CheckAliases) is set when rebuilding alias database. 5966 Based on code contributed by Claude Marinier. 5967 CONFIG: Allow mailertable to have values of the form 5968 ``error:code message''. The ``code'' is a status code 5969 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE. 5970 Contributed by David James <dwj@agw.bt.co.uk>. 5971 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of 5972 sender domains that will be replaced with the masquerade name. 5973 These domains will not be treated as local, but if mail passes 5974 through with sender addresses in those domains they will be 5975 replaced by the masquerade name. These can also be specified 5976 in a file using MASQUERADE_DOMAIN_FILE(filename). 5977 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope 5978 as well as the header. Substantial improvements to this 5979 code were contributed by Per Hedeland. 5980 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be 5981 accessed from a mailertable to do CCSO ph lookups. Contributed 5982 by Kimmo Suominen. 5983 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be 5984 used to define cyrus and cyrusbb mailers (for IMAP support). 5985 Contributed by John Gardiner Myers of Carnegie Mellon. 5986 CONFIG: add confUUCP_MAILER to select default mailer to use for 5987 UUCP addressing. Suggested by Tom Moore of AT&T GIS. 5988 NEW FILES: 5989 cf/cf/cs-hpux10.mc 5990 cf/cf/cs-solaris2.mc 5991 cf/cf/cyrusproto.mc 5992 cf/cf/generic-bsd4.4.mc 5993 cf/cf/generic-hpux10.mc 5994 cf/cf/generic-hpux9.mc 5995 cf/cf/generic-osf1.mc 5996 cf/cf/generic-solaris2.mc 5997 cf/cf/generic-sunos4.1.mc 5998 cf/cf/generic-ultrix4.mc 5999 cf/cf/huginn.cs.mc 6000 cf/domain/berkeley-only.m4 6001 cf/domain/generic.m4 6002 cf/feature/bestmx_is_local.m4 6003 cf/feature/local_procmail.m4 6004 cf/feature/masquerade_envelope.m4 6005 cf/feature/smrsh.m4 6006 cf/feature/stickyhost.m4 6007 cf/feature/use_ct_file.m4 6008 cf/m4/cfhead.m4 6009 cf/mailer/cyrus.m4 6010 cf/mailer/mail11.m4 6011 cf/mailer/phquery.m4 6012 cf/mailer/procmail.m4 6013 cf/ostype/amdahl-uts.m4 6014 cf/ostype/bsdi2.0.m4 6015 cf/ostype/hpux10.m4 6016 cf/ostype/irix5.m4 6017 cf/ostype/isc4.1.m4 6018 cf/ostype/ptx2.m4 6019 cf/ostype/unknown.m4 6020 contrib/bsdi.mc 6021 contrib/mailprio 6022 contrib/rmail.oldsys.patch 6023 mail.local/mail.local.0 6024 makemap/makemap.0 6025 smrsh/README 6026 smrsh/smrsh.0 6027 smrsh/smrsh.8 6028 smrsh/smrsh.c 6029 src/Makefiles/Makefile.CSOS 6030 src/Makefiles/Makefile.EWS-UX_V 6031 src/Makefiles/Makefile.HP-UX.10 6032 src/Makefiles/Makefile.IRIX.5.x 6033 src/Makefiles/Makefile.IRIX64 6034 src/Makefiles/Makefile.ISC 6035 src/Makefiles/Makefile.KSR 6036 src/Makefiles/Makefile.NEWS-OS.4.x 6037 src/Makefiles/Makefile.NEWS-OS.6.x 6038 src/Makefiles/Makefile.NEXTSTEP 6039 src/Makefiles/Makefile.NonStop-UX 6040 src/Makefiles/Makefile.Paragon 6041 src/Makefiles/Makefile.SCO.3.2v4.2 6042 src/Makefiles/Makefile.SunOS.5.3 6043 src/Makefiles/Makefile.SunOS.5.4 6044 src/Makefiles/Makefile.SunOS.5.5 6045 src/Makefiles/Makefile.UNIX_SV.4.x.i386 6046 src/Makefiles/Makefile.uts.systemV 6047 src/Makefiles/Makefile.UX4800 6048 src/aliases.0 6049 src/mailq.0 6050 src/mime.c 6051 src/newaliases.0 6052 src/sendmail.0 6053 test/t_seteuid.c 6054 RENAMED FILES: 6055 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc 6056 cf/cf/chez.mc => cf/cf/chez.cs.mc 6057 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc 6058 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc 6059 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc 6060 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc 6061 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc 6062 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc 6063 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 6064 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 6065 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 6066 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 6067 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 6068 cf/ostype/irix.m4 => cf/ostype/irix4.m4 6069 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 6070 src/Makefile.* => src/Makefiles/Makefile.* 6071 src/Makefile.AUX => src/Makefiles/Makefile.A-UX 6072 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS 6073 src/Makefile.DGUX => src/Makefiles/Makefile.dgux 6074 src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS 6075 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0 6076 OBSOLETED FILES: 6077 cf/cf/cogsci.mc 6078 cf/cf/cs-exposed.mc 6079 cf/cf/cs-hidden.mc 6080 cf/cf/hpux-cs-hidden.mc 6081 cf/cf/knecht.mc 6082 cf/cf/osf1-cs-hidden.mc 6083 cf/cf/sunos3.5-cs-exposed.mc 6084 cf/cf/sunos3.5-cs-hidden.mc 6085 cf/cf/sunos4.1-cs-hidden.mc 6086 cf/cf/ultrix4.1-cs-hidden.mc 6087 cf/domain/cs-hidden.m4 6088 contrib/rcpt-streaming 6089 src/Makefiles/Makefile.SunOS.5.x 6090 60918.6.13/8.6.12 1996/01/25 6092 SECURITY: In some cases it was still possible for an attacker to 6093 insert newlines into a queue file, thus allowing access to 6094 any user (except root). 6095 CONFIG: no changes -- it is not a bug that the configuration 6096 version number is unchanged. 6097 60988.6.12/8.6.12 1995/03/28 6099 Fix to IDENT code (it was getting the size of the reply buffer 6100 too small, so nothing was ever accepted). Fix from several 6101 people, including Allan Johannesen, Shane Castle of the 6102 Boulder County Information Services, and Jeff Smith of 6103 Warwick University (all arrived within a few hours of 6104 each other!). 6105 Fix a problem that could cause large jobs to run out of 6106 file descriptors on systems that use vfork() rather 6107 than fork(). 6108 61098.6.11/8.6.11 1995/03/08 6110 The ``possible attack'' message would be logged more often 6111 than necessary if you are using Pine as a user agent. 6112 The wrong host would be reported in the ``possible attack'' 6113 message when attempted from IDENT. 6114 In some cases the syslog buffer could be overflowed when 6115 reporting the ``possible attack'' message. This can 6116 cause denial of service attacks. Truncate the message 6117 to 80 characters to prevent this problem. 6118 When reading the IDENT response a loop is needed around the 6119 read from the network to ensure that you don't get 6120 partial lines. 6121 Password entries without any shell listed (that is, a null 6122 shell) wouldn't match as "ok". Problem noted by 6123 Rob McMahon. 6124 When running BIND 4.9.x a problem could occur because the 6125 _res.options field is initialized differently than it 6126 was historically -- this requires that sendmail call 6127 res_init before it tweaks any bits. 6128 Fix an incompatibility in openxscript() between the file open mode 6129 and the stdio mode passed to fdopen. This caused UnixWare 6130 2.0 to have conniptions. Fix from Martin Sohnius of 6131 Novell Labs Europe. 6132 Fix problem with static linking of local getopt routine when 6133 using GNU's ld command. Fix from John Kennedy of 6134 Cal State Chico. 6135 It was possible to turn off privacy flags. Problem noted by 6136 *Hobbit*. 6137 Be more paranoid about writing files. Suggestions by *Hobbit* 6138 and Liudvikas Bukys. 6139 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) 6140 from Spider Boardman. 6141 CONFIG: No changes (version number only, to keep it in sync 6142 with the binaries). 6143 61448.6.10/8.6.10 1995/02/10 6145 SECURITY: Diagnose bogus values to some command line flags that 6146 could allow trash to get into headers and qf files. 6147 Validate the name of the user returned by the IDENT protocol. 6148 Some systems that really dislike IDENT send intentionally 6149 bogus information. Problem pointed out by Michael Bushnell 6150 of the Free Software Foundation. Has some security 6151 implications. 6152 Fix a problem causing error messages about DNS problems when 6153 the host name contained a percent sign to act oddly 6154 because it was passed as a printf-style format string. 6155 In some cases this could cause core dumps. 6156 Avoid possible buffer overrun in returntosender() if error 6157 message is quite long. From Fletcher Mattox of the 6158 University of Texas. 6159 Fix a problem that would silently drop "too many hops" error 6160 messages if and only if you were sending to an alias. 6161 From Jon Giltner of the University of Colorado and 6162 Dan Harton of Oak Ridge National Laboratory. 6163 Fix a bug that caused core dumps on some systems if -d11.2 was 6164 set and e->e_message was null. Fix from Bruce Nagel of 6165 Data General. 6166 Fix problem that can still cause df files to be left around 6167 after "hop count exceeded" messages. Fix from Andrew 6168 Chang and Shau-Ping Lo of SunSoft. 6169 Fix a problem that can cause buffer overflows on very long 6170 user names (as might occur if you piped to a program 6171 with a lot of arguments). 6172 Avoid returning an error and re-queueing if the host signature 6173 is null; this can occur on addresses like ``user@.''. 6174 Problem noted by Wesley Craig and the University of 6175 Michigan. 6176 Avoid possible calls to malloc(0) if MCI caching is turned 6177 off. Bug fix from Pierre David of the Laboratoire 6178 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), 6179 Universite de Versailles - St Quentin, and Jacky 6180 Thibault. 6181 Make a local copy of the line being sent via senttolist() -- in 6182 some cases, buffers could get trashed by map lookups 6183 causing it to do unexpected things. This also simplifies 6184 some of the map code. 6185 CONFIG: No changes (version number only, to keep it in sync 6186 with the binaries). 6187 61888.6.9/8.6.9 1994/04/19 6189 Do all mail delivery completely disconnected from any terminal. 6190 This provides consistency with daemon delivery and 6191 may have some security implications. 6192 Make sure that malloc doesn't get called with zero size, 6193 since that fails on some systems. Reported by Ed 6194 Hill of the University of Iowa. 6195 Fix multi-line values for $e (SMTP greeting message). Reported 6196 by Mike O'Connor of Ford Motor Company. 6197 Avoid syserr if no NIS domain name is defined, but the map it 6198 is trying to open is optional. From Win Bent of USC. 6199 Changes for picky compilers from Ed Gould of Digital Equipment. 6200 Hesiod support for UDB from Todd Miller of the University of 6201 Colorado. Use "hesiod" as the service name in the U 6202 option. 6203 Fix a problem that failed to set the "authentic" host name (that 6204 is, the one derived from the socket info) if you called 6205 sendmail -bs from inetd. Based on code contributed by 6206 Todd Miller (this problem was also reported by Guy Helmer 6207 of Dakota State University). This also fixes a related 6208 problem reported by Liudvikas Bukys of the University of 6209 Rochester. 6210 Parameterize "nroff -h" in all the Makefiles so people with 6211 variant versions can use them easily. Suggested by 6212 Peter Collinson of Hillside Systems. 6213 SMTP "MAIL" commands with multiple ESMTP parameters required two 6214 spaces between parameters instead of one. Reported by 6215 Valdis Kletnieks of Virginia Tech. 6216 Reduce the number of system calls during message collection by 6217 using global timeouts around the collect() loop. This 6218 code was contributed by Eric Wassenaar. 6219 If the initial hostname name gathering results in a name 6220 without a dot (usually caused by NIS misconfiguration) 6221 and BIND is compiled in, directly access DNS to get 6222 the canonical name. This should make life easier for 6223 Solaris systems. If it still can't be resolved, and 6224 if the name server is listed as "required", try again 6225 in 30 seconds. If that also fails, exit immediately to 6226 avoid bogus "config error: mail loops back to myself" 6227 messages. 6228 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error 6229 message to explain how much space was available and 6230 sound a bit less threatening. Suggested by Stan Janet 6231 of the National Institute of Standards and Technology. 6232 If mail is delivered to an alias that has an owner, deliver any 6233 requested return-receipt immediately, and strip the 6234 Return-Receipt-To: header from the subsequent message. 6235 This prevents a certain class of denial of service 6236 attack, arguably gives more reasonable semantics, and 6237 moves things more towards what will probably become a 6238 network standard. Suggested by Christopher Davis of 6239 Kapor Enterprises. 6240 Add a "noreceipts" privacy flag to turn off all return receipts 6241 without recompiling. 6242 Avoid printing ESMTP parameters as part of the error message 6243 if there are errors during parsing. This change is 6244 purely cosmetic. 6245 Avoid sending out error messages during the collect phase of 6246 SMTP; there is an MVS mailer from UCLA that gets 6247 confused by this. Of course, I think it's their bug.... 6248 Check for the $j macro getting undefined, losing a dot, or getting 6249 lost from $=w in the daemon before accepting a connection; 6250 if it is, it dumps state, prints a LOG_ALERT message, 6251 and drops core for debugging. This is an attempt to 6252 track down a bug that I thought was long since gone. 6253 If you see this, please forward the log fragment to 6254 sendmail@sendmail.ORG. 6255 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off 6256 with -DOLD_NEWDB=0 on the command line. From Christophe 6257 Wolfhugel. 6258 Instead of trying to truncate the listen queue for the server 6259 SMTP port when the load average is too high, just close 6260 the port completely and reopen it later as needed. 6261 This ensures that the other end gets a quick "connection 6262 refused" response, and that the connection can be 6263 recovered later. In particular, some socket emulations 6264 seem to get confused if you tweak the listen queue 6265 size around and can never start listening to connections 6266 again. The down side is that someone could start up 6267 another daemon process in the interim, so you could 6268 have multiple daemons all not listening to connections; 6269 this could in turn cause the sendmail.pid file to be 6270 incorrect. A better approach might be to accept the 6271 connection and give a 421 code, but that could break 6272 other mailers in mysterious ways and have paging behavior 6273 implications. 6274 Fix a glitch in TCP-level debugging that caused flag 16.101 to 6275 set debugging on the wrong socket. From Eric Wassenaar. 6276 When creating a df* temporary file, be sure you truncate any 6277 existing data in the file -- otherwise system crashes 6278 and the like could result in extra data being sent. 6279 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the 6280 doc directory. This includes some additional 6281 information. 6282 CONFIG: change UUCP rules to never add $U! or $k! on the front 6283 of recipient envelope addresses. This should have been 6284 handled by the $&h trick, but broke if people were 6285 mixing domainized and UUCP addresses. They should 6286 probably have converted all the way over to uucp-uudom 6287 instead of uucp-{new,old}, but the failure mode was to 6288 loop the mail, which was bad news. 6289 Portability fixes: 6290 Newer BSDI systems (several people). 6291 Older BSDI systems from Christophe Wolfhugel. 6292 Intergraph CLIX, from Paul Southworth of CICNet. 6293 UnixWare, from Evan Champion. 6294 NetBSD from Adam Glass. 6295 Solaris from Quentin Campbell of the University of 6296 Newcastle upon Tyne. 6297 IRIX from Dean Cookson and Bill Driscoll of Mitre 6298 Corporation. 6299 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. 6300 SunOS (it has setsid() and setvbuf() calls) from 6301 Jonathan Kamens of OpenVision Technologies. 6302 HP-UX from Tor Lillqvist. 6303 New Files: 6304 src/Makefile.CLIX 6305 src/Makefile.NCR3000 6306 doc/changes/Makefile 6307 doc/changes/changes.me 6308 doc/changes/changes.ps 6309 63108.6.8/8.6.6 1994/03/21 6311 SECURITY: it was possible to read any file as root using the 6312 E (error message) option. Reported by Richard Jones; 6313 fixed by Michael Corrigan and Christophe Wolfhugel. 6314 63158.6.7/8.6.6 1994/03/14 6316 SECURITY: it was possible to get root access by using weird 6317 values to the -d flag. Thanks to Alain Durand of 6318 INRIA for forwarding me the notice from the bugtraq 6319 list. 6320 63218.6.6/8.6.6 1994/03/13 6322 SECURITY: the ability to give files away on System V-based 6323 systems proved dangerous -- don't run as the owner 6324 of a :include: file on a system that allows giveaways. 6325 Unfortunately, this also applies to determining a 6326 valid shell. 6327 IMPORTANT: Previous versions weren't expiring old connections 6328 in the connection cache for a long time under some 6329 circumstances. This could result in resource exhaustion, 6330 both at your end and at the other end. This checks the 6331 connections for timeouts much more frequently. From 6332 Doug Anderson of NCSC. 6333 Fix a glitch that snuck in that caused programs to be run as 6334 the sender instead of the recipient if the mail was 6335 from a local user to another local user. From 6336 Motonori Nakamura of Kyoto University. 6337 Fix "wildcard" on /etc/shells matching -- instead of looking 6338 for "*", look for "/SENDMAIL/ANY/SHELL/". From 6339 Bryan Costales of ICSI. 6340 Change the method used to declare the "statfs" availability; 6341 instead of HASSTATFS and/or HASUSTAT with a ton of 6342 tweaking in conf.c, there is a single #define called 6343 SFS_TYPE which takes on one of six values (SFS_NONE 6344 for no statfs availability, SFS_USTAT for the ustat(2) 6345 syscall, SFS_4ARGS for a four argument statfs(2) call, 6346 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument 6347 statfs(2) call with the declarations in <sys/vfs.h>, 6348 <sys/mount.h>, or <sys/statfs.h> respectively). 6349 Fix glitch in NetInfo support that could return garbage if 6350 there was no "/locations/sendmail" property. From 6351 David Meyer of the University of Virginia. 6352 Change HASFLOCK from defined/not-defined to a 0/1 definition 6353 to allow Linux to turn it off even though it is a 6354 BSD-like system. 6355 Allow setting of "ident" timeout to zero to turn off the ident 6356 protocol entirely. 6357 Make 7-bit stripping local to a connection (instead of to a 6358 mailer); this allows you to specify that SMTP is a 6359 7-bit channel, but revert to 8-bit should it advertise 6360 that it supports 8BITMIME. You still have to specify 6361 mailer flag 7 to get this stripping at all. 6362 Improve makesendmail script so it handles more cases automatically. 6363 Tighten up restrictions on taking ownership of :include: files 6364 to avoid problems on systems that allow you to give away 6365 files. 6366 Fix a problem that made it impossible to rebuild the alias 6367 file if it was on a read-only file system. From 6368 Harry Edmon of the University of Washington. 6369 Improve MX randomization function. From John Gardiner Myers 6370 of CMU. 6371 Fix a minor glitch causing a bogus message to be printed (used 6372 %s instead of %d in a printf string for the line number) 6373 when a bad queue file was read. From Harry Edmon. 6374 Allow $s to remain NULL on locally generated mail. I'm not 6375 sure this is necessary, but a lot of people have complained 6376 about it, and there is a legitimate question as to whether 6377 "localhost" is legal as an 822-style domain. 6378 Fix a problem with very short line lengths (mailer L= flag) in 6379 headers. This causes a leading space to be added onto 6380 continuation lines (including in the body!), and also 6381 tries to wrap headers containing addresses (From:, To:, 6382 etc) intelligently at the shorter line lengths. Problem 6383 Reported by Lars-Johan Liman of SUNET Operations Center. 6384 Log the real user name when logging syserrs, since these can have 6385 security implications. Suggested by several people. 6386 Fix address logging of cached connections -- it used to always 6387 log the numeric address as zero. This is a somewhat 6388 bogus implementation in that it does an extra system 6389 call, but it should be an inexpensive one. Fix from 6390 Motonori Nakamura. 6391 Tighten up handling of short syslog buffers even more -- there 6392 were cases where the outgoing relay= name was too long 6393 to share a line with delay= and mailer= logging. 6394 Limit the overhead on split envelopes to one open file descriptor 6395 per envelope -- previously the overhead was three 6396 descriptors. This was in response to a problem reported 6397 by P{r (Pell) Emanuelsson. 6398 Fixes to better handle the case of unexpected connection closes; 6399 this redirects the output to the transcript so the info 6400 is not lost. From Eric Wassenaar. 6401 Fix potential string overrun if you macro evaluate a string that 6402 has a naked $ at the end. Problem noted by James Matheson 6403 <jmrm@eng.cam.ac.uk>. 6404 Make default error number on $#error messages 553 (``Requested 6405 action not taken: mailbox name not allowed'') instead of 6406 501 (``Syntax error in parameters or arguments'') to 6407 avoid bogus "protocol error" messages. 6408 Strip off any existing trailing dot on names during $[ ... $] 6409 lookup. This prevents it from ending up with two dots 6410 on the end of dot terminated names. From Wesley Craig 6411 of the University of Michigan and Bryan Costales of ICSI. 6412 Clean up file class reading so that the debugging information is 6413 more informative. It hadn't been using setclass, so you 6414 didn't see the class items being added. 6415 Avoid core dump if you are running a version of sendmail where 6416 NIS is compiled in, and you specify an NIS map, but 6417 NIS is not running. Fix from John Oleynick of 6418 Rutgers. 6419 Diagnose bizarre case where res_search returns a failure value, 6420 but sets h_errno to a success value. 6421 Make sure that "too many hops" messages are considered important 6422 enough to send an error to the Postmaster (that is, the 6423 address specified in the P option). This fix should 6424 help problems that cause the df file to be left around 6425 sometimes -- unfortunately, I can't seem to reproduce 6426 the problem myself. 6427 Avoid core dump (null pointer reference) on EXPN command; this 6428 only occurred if your log level was set to 10 or higher 6429 and the target account was an alias or had a .forward file. 6430 Problem noted by Janne Himanka. 6431 Avoid "denial of service" attacks by someone who is flooding your 6432 SMTP port with bad commands by shutting the connection 6433 after 25 bad commands are issued. From Kyle Jones of 6434 UUNET. 6435 Fix core dump on error messages with very long "to" buffers; 6436 fmtmsg overflows the message buffer. Fixed by trimming 6437 the to address to 203 characters. Problem reported by 6438 John Oleynick. 6439 Fix configuration for HASFLOCK -- there were some spots where 6440 a #ifndef was incorrectly #ifdef. Pointed out by 6441 George Baltz of the University of Maryland. 6442 Fix a typo in savemail() that could cause the error message To: 6443 lists to be incorrect in some places. From Motonori 6444 Nakamura. 6445 Fix a glitch that can cause duplicate error messages on split 6446 envelopes where an address on one of the lists has a 6447 name server failure. Fix from Voradesh Yenbut of the 6448 University of Washington. 6449 Fix possible bogus pointer reference on ESMTP parameters that 6450 don't have an ``=value'' part. 6451 CNAME loops caused an error message to be generated, but also 6452 re-queued the message. Changed to just re-queue the 6453 message (it's really hard to just bounce it because 6454 of the weird way the name server works in the presence 6455 of CNAME loops). Problem noted by James M.R.Matheson 6456 of Cambridge University. 6457 Avoid giving ``warning: foo owned process doing -bs'' messages 6458 if they use ``MAIL FROM:<foo>'' where foo is their true 6459 user name. Suggested by Andreas Stolcke of ICSI. 6460 Change the NAMED_BIND compile flag to be a 0/1 flag so you can 6461 override it easily in the Makefile -- that is, you can 6462 turn it off using -DNAMED_BIND=0. 6463 If a gethostbyname(...) of an address with a trailing dot fails, 6464 try it without the trailing dot. This is because if 6465 you have a version of gethostbyname() that falls back 6466 to NIS or the /etc/hosts file it will fail to find 6467 perfectly reasonable names that just don't happen to 6468 be dot terminated in the hosts file. You don't want to 6469 strip the dot first though because we're trying to ensure 6470 that country names that match one of your subdomains get 6471 a chance. 6472 PRALIASES: fix bogus output on non-null-terminated strings. 6473 From Bill Gianopoulos of Raytheon. 6474 CONFIG: Avoid rewriting anything that matches $w to be $j. 6475 This was in code intended to only catch the self-literal 6476 address (that is, [1.2.3.4], where 1.2.3.4 is your 6477 IP address), but the code was broken. However, it will 6478 still do this if $M is defined; this is necessary to 6479 get client configurations to work (sigh). Note that this 6480 means that $M overrides :mailname entries in the user 6481 database! Problem noted by Paul Southworth. 6482 CONFIG: Fix definition of Solaris help file location. From 6483 Steve Cliffe <steve@gorgon.cs.uow.edu.au>. 6484 CONFIG: Fix bug that broke news.group.USENET mappings. 6485 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, 6486 and USENET_MAILER_MAX to tweak the maximum message 6487 size for various mailers. 6488 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] 6489 instead of assuming that it is "inews" for consistency 6490 with other mailers. From Michael Corrigan of UC San Diego. 6491 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, 6492 qualify the address in the SMTP envelope as user@{relay|hub} 6493 instead of user@$j. From Bill Wisner of The Well. 6494 CONFIG: Fix route-addr syntax in nullrelay configuration set. 6495 CONFIG: Don't turn off case mapping of user names in the local 6496 mailer for IRIX. This was different than most every other 6497 system. 6498 CONFIG: Avoid infinite loops on certainly list:; syntaxes in 6499 envelope. Noted by Thierry Besancon 6500 <besancon@excalibur.ens.fr>. 6501 CONFIG: Don't include -z by default on uux line -- most systems 6502 don't want it set by default. Pointed out by Philippe 6503 Michel of Thomson CSF. 6504 CONFIG: Fix some bugs with mailertables -- for example, if your 6505 host name was foo.bar.ray.com and you matched against 6506 ".ray.com", the old implementation bound %1 to "bar" 6507 instead of "foo.bar". Also, allow "." in the mailertable 6508 to match anything -- essentially, take over SMART_HOST. 6509 This also moves matching of explicit local host names 6510 before the mailertable so they don't have to be special 6511 cased in the mailertable data. Reported by Bill 6512 Gianopoulos of Raytheon; the fix for the %1 binding 6513 problem was contributed by Nicholas Comanos of the 6514 University of Sydney. 6515 CONFIG: Don't include "root" in class $=L (users to deliver 6516 locally, even if a hub or relay exists) by default. 6517 This is because of the known bug where definition of 6518 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore 6519 both and deliver into the local mailbox. 6520 CONFIG: Move up bitdomain and uudomain handling so that they 6521 are done before .UUCP class matching; uudomain was 6522 reported as ineffective before. This also frees up 6523 diversion 8 for future use. Problem reported by Kimmo 6524 Suominen. 6525 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) 6526 into host names. As pointed out by Jonathan Kamens, 6527 these are often used because either the forward or reverse 6528 mapping is broken; this translation makes it broken again. 6529 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo 6530 Suominen. 6531 Portability fixes: 6532 Unicos from David L. Kensiski of Sterling Software. 6533 DomainOS from Don Lewis of Silicon Systems. 6534 GNU m4 1.0.3 from Karst Koymans of Utrecht University. 6535 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. 6536 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. 6537 BSD/386 from Tony Sanders of BSDI. 6538 Apollo from Eric Wassenaar. 6539 DGUX from Doug Anderson. 6540 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. 6541 NEW FILES: 6542 src/Makefile.DomainOS 6543 src/Makefile.PTX 6544 src/Makefile.SunOS.5.1 6545 src/Makefile.SunOS.5.2 6546 src/Makefile.SunOS.5.x 6547 src/mailq.1 6548 cf/ostype/domainos.m4 6549 doc/op/Makefile 6550 doc/intro/Makefile 6551 doc/usenix/Makefile 6552 65538.6.5/8.6.5 1994/01/13 6554 Security fix: /.forward could be owned by anyone (the test 6555 to allow root to own any file was backwards). From 6556 Bob Campbell at U.C. Berkeley. 6557 Security fix: group ids were not completely set when programs 6558 were invoked. This caused programs to have group 6559 permissions they should not have had (usually group 6560 daemon instead of their own group). In particular, 6561 Perl scripts would refuse to run. 6562 Security: check to make sure files that are written are not 6563 symbolic links (at least under some circumstances). 6564 Although this does not respond to a specific known 6565 attack, it's just a good idea. Suggested by 6566 Christian Wettergren. 6567 Security fix: if a user had an NFS mounted home directory on 6568 a system with a restricted shell listed in their 6569 /etc/passwd entry, they could still execute any 6570 program by putting that in their .forward file. 6571 This fix prevents that by insisting that their shell 6572 appear in /etc/shells before allowing a .forward to 6573 execute a program or write a file. You can disable 6574 this by putting "*" in /etc/shells. It also won't 6575 permit world-writable :include: files to reference 6576 programs or files (there's no way to disable this). 6577 These behaviors are only one level deep -- for 6578 example, it is legal for a world-writable :include: 6579 file to reference an alias that writes a file, on 6580 the assumption that the alias file is well controlled. 6581 Security fix: root was not treated suspiciously enough when 6582 looking into subdirectories. This would potentially 6583 allow a cracker to examine files that were publicly 6584 readable but in a non-publicly searchable directory. 6585 Fix a problem that causes an error on QUIT on a cached 6586 connection to create problems on the current job. 6587 These are typically unrelated, so errors occur in 6588 the wrong place. 6589 Reset CurrentLA in sendall() -- this makes sendmail queue 6590 runs more responsive to load average, and fixes a 6591 problem that ignored the load average in locally 6592 generated mail. From Eric Wassenaar. 6593 Fix possible core dump on aliases with null LHS. From 6594 John Orthoefer of BB&N. 6595 Revert to using flock() whenever possible -- there are just 6596 too many bugs in fcntl() locking, particularly over 6597 NFS, that cause sendmail to fail in perverse ways. 6598 Fix a bug that causes the connection cache to get confused 6599 when sending error messages. This resulted in 6600 "unexpected close" messages. It should fix itself 6601 on the following queue run. Problem noted by 6602 Liudvikas Bukys of the University of Rochester. 6603 Include $k in $=k as documented in the Install & Op Guide. 6604 This seems odd, but it was documented.... From 6605 Michael Corrigan of UCSD. 6606 Fix problem that caused :include:s from alias files to be 6607 forced to be owned by root instead of daemon 6608 (actually DefUid). From Tim Irvin. 6609 Diagnose unrecognized I option values -- from Mortin Forssen 6610 of the Chalmers University of Technology. 6611 Make "error" mailer work consistently when there is no error 6612 code associated with it -- previously it returned OK 6613 even though there was a real problem. Now it assumes 6614 EX_UNAVAILABLE. 6615 Fix bug that caused the last header line of messages that had 6616 no body and which were terminated with EOF instead of 6617 "." to be discarded. Problem noted by Liudvikas Bukys. 6618 Fix core dump on SMTP mail to programs that failed -- it tried 6619 to go to a "next MX host" when none existed, causing 6620 a core dump. From der Mouse at McGill University. 6621 Change IDENTPROTO from a defined/not defined to a 0/1 switch; 6622 this makes it easier to turn it off (using 6623 -DIDENTPROTO=0 in the Makefile). From der Mouse. 6624 Fix YP_MASTER_NAME store to use the unupdated result of 6625 gethostname() (instead of myhostname(), which tries 6626 to fully qualify the name) to be consistent with 6627 SunOS. If your hostname is unqualified, this fixes 6628 transfers to slave servers. Bug noted by Keith 6629 McMillan of Ameritech Services, Inc. 6630 Fix Ultrix problem: gethostbyname() can return a very large 6631 (> 500) h_length field, which causes the sockaddr 6632 to be trashed. Use the size of the sockaddr instead. 6633 Fix from Bob Manson of Ohio State. 6634 Don't assume "-a." on host lookups if NAMED_BIND is not 6635 defined -- this confuses gethostbyname on hosts 6636 file lookups, which doesn't understand the trailing 6637 dot convention. 6638 Log SMTP server subprocesses that die with a signal instead 6639 of from a clean exit. 6640 If you don't have option "I" set, don't assume that a DNS 6641 "host unknown" message is authoritative -- it 6642 might still be found in /etc/hosts. 6643 Fix a problem that would cause Deferred: messages to be sent 6644 as the subject of an error message, even though the 6645 actual cause of a message was more severe than that. 6646 Problem noted by Chris Seabrook of OSSI. 6647 Fix race condition in DBM alias file locking. From Kyle 6648 Jones of UUNET. 6649 Limit delivery syslog line length to avoid bugs in some 6650 versions of syslog(3). This adds a new compile time 6651 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton 6652 University, which is in turn derived from IDA. 6653 Fix quotes inside of comments in addresses -- previously 6654 it insisted that they be balanced, but the 822 spec 6655 says that they should be ignored. 6656 Dump open file state to syslog upon receiving SIGUSR1 (for 6657 debugging). This also evaluates ruleset 89, if set 6658 (with the null input), and logs the result. This 6659 should be used sparingly, since the rewrite process 6660 is not reentrant. 6661 Change -qI, -qR, and -qS flags to be case-insensitive as 6662 documented in the Bat Book. 6663 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not 6664 return an error message and did not requeue the message. 6665 Fix based on code from Roland Dirlewanger of 6666 Reseau Regional Aquarel, Bordeaux, France. 6667 Fix a problem that caused a seg fault if you got a 421 error 6668 code during some parts of connection initialization. 6669 I've only seen this when talking to buggy mailers on 6670 the other end, but it shouldn't give a seg fault in 6671 any case. From Amir Plivatsky. 6672 Fix core dump caused by a ruleset call that returns null. 6673 Fix from Bryan Costales of ICSI. 6674 Full-Name: field was being ignored. Fix from Motonori Nakamura 6675 of Kyoto University. 6676 Fix a possible problem with very long input lines in setproctitle. 6677 From P{r Emanuelsson. 6678 Avoid putting "This is a warning message" out on return receipts. 6679 Suggested by Douglas Anderson. 6680 Detect loops caused by recursive ruleset calls. Suggested by 6681 Bryan Costales. 6682 Initialize non-alias maps during alias rebuilds -- they may be 6683 needed for parsing. Problem noted by Douglas Anderson. 6684 Log sender address even if no message was collected in SMTP 6685 (e.g., if all RCPTs failed). Suggested by Motonori 6686 Nakamura. 6687 Don't reflect the owner-list contents into the envelope sender 6688 address if the value contains ", :, /, or | (to avoid 6689 illegal addresses appearing there). 6690 Efficiency hack for toktype macro -- from Craig Partridge of 6691 BB&N. 6692 Clean up DNS error printing so that a host name is always 6693 included. 6694 Remember to set $i during queue runs. Reported by Stephen 6695 Campbell of Dartmouth University. 6696 If the environment variable HOSTALIASES is set, use it during 6697 canonification as the name of a file with per-user host 6698 translations so that headers are properly mapped. Reported 6699 by Anne Bennett of Concordia University. 6700 Avoid printing misleading error message if SMTP mailer (not 6701 using [IPC]) should die on a core dump. 6702 Avoid incorrect diagnosis of "file 1 closed" when it is caused 6703 by the other end closing the connection. From 6704 Dave Morrison of Oracle. 6705 Improve several of the error messages printed by "mailq" 6706 to include a host name or other useful information. 6707 Add NetInfo preliminary support for NeXT systems. From Vince 6708 DeMarco. 6709 Fix a glitch that sometimes caused :include:s that pointed to 6710 NFS filesystems that were down to give an "aliasing/ 6711 forwarding loop broken" message instead of queueing 6712 the message for retry. Noted by William C Fenner of 6713 the NRL Connection Machine Facility. 6714 Fix a problem that could cause a core dump if the input sequence 6715 had (or somehow acquired) a \231 character. 6716 Make sure that route-addrs always have <angle brackets> around 6717 them in non-SMTP envelopes (SMTP envelopes already do 6718 this properly). 6719 Avoid weird headers on unbalanced punctuation of the form: 6720 ``Joe User <user)'' -- this caused reference to the 6721 null macro. Fix from Rick McCarty of IO.COM. 6722 Fix a problem that caused an alias "user: user@local.host" to 6723 not have the QNOTREMOTE bit set; this caused configs 6724 to act as if FEATURE(notsticky) was defined even when 6725 it was not. The effect of the problem was to make it 6726 very hard to to set up satellite sites that had a few 6727 local accounts, with everything else forwarded to a 6728 corporate hub. Reported by Detlef Drewanz of the 6729 University of Rostock and Mark Frost of NCD. 6730 Change queuing to not call rulesets 3, {1 or 2}, 4 on header 6731 addresses. This is more efficient (fewer name server 6732 calls) and fixes certain unusual configurations, such 6733 as those that have ruleset 4 do something that is 6734 non-idempotent unless a mailer-specific ruleset did 6735 something else. Problem reported by Brian J. Coan 6736 of the Institute for Global Communications. 6737 Fix the "obsolete argument" routine in main to better understand 6738 new arguments. For example, if you used ``sendmail 6739 -C config -v -q'' it would choke on the -q because 6740 the -C would stop looking for old-format arguments. 6741 Fix the code that was intended to allow two users to forward their 6742 mail to the same program and have them appear unique. 6743 Portability fixes for: 6744 SCO UNIX from Murray Kucherawy. 6745 SCO Open Server 3.2v4 from Philippe Brand. 6746 System V Release 4 from Rick Ellis and others. 6747 OSF/1 from Steve Campbell. 6748 DG/UX from Ben Mesander of the USGS and Bryan Curnutt 6749 of Stoner Associates. 6750 Motorola SysV88 from Kevin Johnson of Motorola. 6751 Solaris 2.3 from Casper H.S. Dik of the University 6752 of Amsterdam and John Caruso of University 6753 of Maryland. 6754 FreeBSD from Ollivier Robert. 6755 NetBSD from Adam Glass. 6756 TitanOS from Kate Hedstrom of Rutgers University. 6757 Irix from Bryan Curnutt. 6758 Dynix from Jim Davis of the University of Arizona. 6759 RISC/os. 6760 Linux from John Kennedy of California State University 6761 at Chico. 6762 Solaris 2.x from Tony Boner of the U.S. Air Force. 6763 NEXTSTEP 3.x from Vince DeMarco. 6764 HP-UX from various people. NOTA BENE: the location 6765 of the config file has moved to /usr/lib 6766 to match the HP-UX version of sendmail. 6767 CONFIG: Don't do any recipient rewriting on relay mailer; 6768 since this is intended only for internal use, the 6769 usual RFC 821/822/1123 rules can be relaxed. The 6770 main point of this is to avoid munging (ugh) UUCP 6771 addresses when relaying internally. 6772 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; 6773 syntax addresses delivered via UUCP. Solution 6774 provided by Peter Wemm. 6775 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset 6776 zero; it caused double @ signs in addresses. From 6777 Irving Reid of the University of Toronto. 6778 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 6779 from Markku Toijala of ICL Personal Systems Oy. 6780 CONFIG: Add trailing "." on pseudo-domains for consistency; 6781 this fixes a problem (noted by Al Whaley of Sunnyside) 6782 that made it hard to recognize your own pseudodomain 6783 names. 6784 CONFIG: catch "@host" syntax errors (i.e., null local-parts) 6785 rather than letting them get "local configuration 6786 error"s. Problem noted by John Gardiner Myers. 6787 CONFIG: add uucp-uudom mailer variant, based on code posted 6788 by Spider Boardman <spider@Orb.Nashua.NH.US>; this 6789 has uucp-dom semantics but old UUCP syntax. This 6790 also permits "uucp-old" as an alias for "uucp" and 6791 "uucp-new" as a synonym for "suucp" for consistency. 6792 CONFIG: add POP mailer support (from Kimmo Suominen 6793 <kim@grendel.lut.fi>). 6794 CONFIG: drop CSNET_RELAY support -- CSNET is long gone. 6795 CONFIG: fix bug caused with domain literal addresses (e.g., 6796 ``[128.32.131.12]'') when FEATURE(allmasquerade) 6797 was set; it would get an additional @masquerade.host 6798 added to the address. Problem noted by Peter Wan 6799 of Georgia Tech. 6800 CONFIG: make sure that the local UUCP name is in $=w. From 6801 Jim Murray of Stratus. 6802 CONFIG: changes to UUCP rewriting to simulate IDA-style "V" 6803 mailer flag. Briefly, if you are sending to host 6804 "foo", then it rewrites "foo!...!baz" to "...!baz", 6805 "foo!baz" remains "foo!baz", and anything else has 6806 the local name prepended. 6807 CONFIG: portability fixes for HP-UX. 6808 DOC: several minor problems fixed in the Install & Op Guide. 6809 MAKEMAP: fix core dump problem on lines that are too long or 6810 which lack newline. From Mark Delany. 6811 MAILSTATS: print sums of columns (total messages & kbytes 6812 in and out of the system). From Tom Ferrin of UC 6813 San Francisco Computer Graphics Lab. 6814 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: 6815 On HP-UX, /etc/sendmail.cf has been moved to 6816 /usr/lib/sendmail.cf to match HP sendmail. 6817 Permissions have been tightened up on world-writable 6818 :include: files and accounts that have shells 6819 that are not listed in /etc/shells. This may 6820 cause some .forward files that have worked 6821 before to start failing. 6822 SIGUSR1 dumps some state to the log. 6823 NEW FILES: 6824 src/Makefile.DGUX 6825 src/Makefile.Dynix 6826 src/Makefile.FreeBSD 6827 src/Makefile.Mach386 6828 src/Makefile.NetBSD 6829 src/Makefile.RISCos 6830 src/Makefile.SCO 6831 src/Makefile.SVR4 6832 src/Makefile.Titan 6833 cf/mailer/pop.m4 6834 cf/ostype/bsdi1.0.m4 6835 cf/ostype/dgux.m4 6836 cf/ostype/dynix3.2.m4 6837 cf/ostype/sco3.2.m4 6838 makemap/Makefile.dist 6839 praliases/Makefile.dist 6840 68418.6.4/8.6.4 1993/10/31 6842 Repair core-dump problem (write to read-only memory segment) 6843 if you fall back to the return-to-Postmaster case in 6844 savemail. Problem reported by Richard Liu. 6845 Immediately diagnose bogus sender addresses in SMTP. This 6846 makes quite certain that crackers can't use this 6847 class of attack. 6848 Reliability Fix: check return value from fclose() and fsync() 6849 in a few critical places. 6850 Minor problem in initsys() that reversed a condition for 6851 redirecting the output channel on queue runs. It's 6852 not clear this code even does anything. From Eric 6853 Wassenaar of the Dutch National Institute for Nuclear 6854 and High-Energy Physics. 6855 Fix some problems that caused queue runs to do "too much work", 6856 such as double-reading the Errors-To: header. From 6857 Eric Wassenaar. 6858 Error messages on writing the temporary file (including the 6859 data file) were getting suppressed in SMTP -- this 6860 fix causes them to be properly reported. From Eric 6861 Wassenaar. 6862 Some changes to support AF_UNIX sockets -- this will only 6863 really become relevant in the next release, but some 6864 people need it for local patches. From Michael 6865 Corrigan of UC San Diego. 6866 Use dynamically allocated memory (instead of static buffers) 6867 for macros defined in initsys() and settime(); since 6868 these can have different values depending on which 6869 envelope they are in. From Eric Wassenaar. 6870 Improve logging to show ctladdr on to= logging; this tells you 6871 what uid/gid processes ran as. 6872 Fix a problem that caused error messages to be discarded if 6873 the sender address was unparseable for some reason; 6874 this was supposed to fall back to the "return to 6875 postmaster" case. 6876 Improve aliaswait backoff algorithm. 6877 Portability patches for Linux (8.6.3 required another header 6878 file) (from Karl London) and SCO UNIX. 6879 CONFIG: patch prog mailer to not strip host name off of envelope 6880 addresses (so that it matches local again). From 6881 Christopher Davis. 6882 CONFIG: change uucp-dom mailer so that "<>" translates to $n; 6883 this prevents uux from seeing lines with null names like 6884 ``From Sat Oct 30 14:55:31 1993''. From Motonori 6885 Nakamura of Kyoto University. 6886 CONFIG: handle <list:;> syntax correctly. This isn't legal, but 6887 it shouldn't fail miserably. From Motonori Nakamura. 6888 68898.6.2/8.6.2 1993/10/15 6890 Put a "successful delivery" message in the transcript for 6891 addresses that get return-receipts. 6892 Put a prominent "this is only a warning" message in warning 6893 messages -- some people don't read carefully enough 6894 and end up sending the message several times. 6895 Include reason for temporary failure in the "warning" return 6896 message. Currently, it just says "cannot send for 6897 four hours". 6898 Fix the "Original message received" time generated for 6899 returntosender messages. It was previously listed as 6900 the current time. Bug reported by Eric Hagberg of 6901 Cornell University Medical College. 6902 If there is an error when writing the body of a message, 6903 don't send the trailing dot and wait for a response 6904 in sender SMTP, as this could cause the connection to 6905 hang up under some bizarre circumstances. From Eric 6906 Wassenaar. 6907 Fix some server SMTP synchronization problems caused when 6908 connections fail during message collection. From 6909 Eric Wassenaar. 6910 Fix a problem that can cause srvrsmtp to reject mail if the 6911 name server is down -- it accepts the RCPT but rejects 6912 the DATA command. Problem reported by Jim Murray of 6913 Stratus. 6914 Fix a problem that can cause core dumps if the config file 6915 incorrectly resolves to a null hostname. Reported by 6916 Allan Johannesen of WPI. 6917 Non-root use of -C flag, dangerous -f flags, and use of -oQ 6918 by non-root users were not put into 6919 X-Authentication-Warning:s as intended because the 6920 config file hadn't set the PrivacyOptions yet. Fix 6921 from Sven-Ove Westberg of the University of Lulea. 6922 Under very odd circumstances, the alias file rebuild code 6923 could get confused as to whether a database was 6924 open or not. 6925 Check "vendor code" on the end of V lines -- this is 6926 intended to provide a hook for vendor-specific 6927 configuration syntax. (This is a "new feature", 6928 but I've made an exception to my rule in a belief 6929 that this is a highly exceptional case.) 6930 Portability fixes for DG/UX (from Douglas Anderson of NCSC), 6931 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 6932 (from Jon Forrest of UC Berkeley) 6933 CONFIG: fix ``mailer:host'' form of UUCP relay naming. 6934 69358.6.1/8.6 1993/10/08 6936 Portability fixes for A/UX and Encore UMAX V. 6937 Fix error message handling -- if you had a name server down 6938 causing an error during parsing, that message was never 6939 propagated to the queue file. 6940 69418.6/8.6 1993/10/05 6942 Configuration cleanup: make it easier to undo IDENTPROTO in 6943 conf.h (other systems have the same bug). 6944 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume 6945 getdtablesize() instead of sysconf(); a disturbingly 6946 large number of systems defined _SC_OPEN_MAX in the 6947 header files but don't have the syscall. 6948 Another patch to really truly ignore MX records in getcanonname 6949 if trymx == FALSE. 6950 Fix problem that caused the "250 IAA25499 Message accepted for 6951 delivery" message to be omitted if there was an error 6952 in the header of the message (e.g., a bad Errors-To: 6953 line). Pointed out by Michael Corrigan of UCSD. 6954 Announce name of host we are chatting when we get errors; this 6955 is an IDA-ism suggested by Christophe Wolfhugel. 6956 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the 6957 Australian Artificial Intelligence Institute), SCO Unix 6958 (from Murray Kucherawy of Hookup Communication Corp.), 6959 NeXT (from Vince DeMarco and myself), Linux (from 6960 Karl London <karl@borg.demon.co.uk>), BSDI (from 6961 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo 6962 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. 6963 Some changes to get around gcc optimizer bugs. From Takahiro 6964 Kanbe. 6965 Fix error recovery in queueup if another tf file of the same 6966 name already exists. Problem stumbled over by Bill 6967 Wisner of The Well. 6968 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. 6969 Problem noted by Keith McMillan of Ameritech Services. 6970 Deal with group permissions properly when opening .forward and 6971 :include: files. This relaxes the 8.1C restrictions 6972 slightly more. This includes proper setting of groups 6973 when reading :include: files, allowing you to read some 6974 files that you should be able to read but have previously 6975 been denied unless you owned them or they had "other" 6976 read permission. 6977 Make certain that $j is in $=w (after the .cf is read) so that 6978 if the user is forced to override some silly system, 6979 MX suppression will still work. 6980 Fix a couple of efficiency problems where newstr was double- 6981 calling expensive routines. In at least one case, it 6982 wasn't guaranteed that they would always return the 6983 same result. Problem noted by Christophe Wolfhugel. 6984 Fix null pointer dereference in putoutmsg -- only on an error 6985 condition from a non-SMTP mailer. From Motonori 6986 Nakamura. 6987 Macro expand "C" line class definitions before scanning so that 6988 "CX $Z" works. 6989 Fix problem that caused error message to be sent while still 6990 trying to send the original message if the connection 6991 is closed during a DATA command after getting an error 6992 on an RCPT command (pretty obscure). Problem reported 6993 by John Myers of CMU. 6994 Fix reply to NOOP to be 250 instead of 200 -- this is a long 6995 term bug. 6996 Fix a nasty bug causing core dumps when returning the "warning: 6997 cannot deliver for N hours -- will keep trying" message; 6998 it only occurred if you had PostmasterCopy set and 6999 only on some architectures. Although sendmail would 7000 keep trying, it would send error messages on each 7001 queue interval. This is an important fix. 7002 Allow u and g options to take user and group names respectively. 7003 Don't do a chdir into the queue directory in -bt mode to make 7004 ruleset testing a bit easier. 7005 Don't allow users to turn off logging (using -oL) on the command 7006 line -- command line can only raise, not lower, logging 7007 level. 7008 Set $u to the original recipient on the SMTP transaction or on 7009 the command line. This is only done if there is exactly 7010 one recipient. Technically, this does not meet the 7011 specs, because it does not guarantee a domain on the 7012 address. 7013 Fix a problem that dumped error messages on bad addresses if 7014 you used the -t flag. Problem noted by Josh Smith of 7015 Harvey Mudd College. 7016 Given an address such as ``<foo> <bar>'', auto-quote the first 7017 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to 7018 avoid the problem of people who use angle brackets in 7019 their full name information. 7020 Fix a null pointer dereference if you set option "l", have 7021 an Errors-To: header in the message, and have Errors-To: 7022 defined in the config file H lines. From J.R. Oldroyd. 7023 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get 7024 wrong when compiling. Suggested by Rick McCarty of TI. 7025 Fix a problem that could pass negative SIZE parameter if the 7026 df file got lost; this would cause servers to always 7027 give a temporary failure, making the problem even worse. 7028 Problem noted by Allan Johannesen of WPI. 7029 Add "ident" timeout (one of the "r" option selectors) for IDENT 7030 protocol timeouts (30s default). Requested by Murray 7031 Kucherawy of HookUp Communication Corp. to handle bogus 7032 PC TCP/IP implementations. 7033 Change $w default definition to be just the first component of 7034 the domain name on config level 5. The $j macro defaults 7035 to the FQDN; $m remains as before. This lets well-behaved 7036 config files use any of the short, long, or subdomain 7037 names. 7038 Add makesendmail script in src to try to automate multi-architecture 7039 builds. I know, this is sub-optimal, but it is still 7040 helpful. 7041 Fix very obscure race condition that can cause a queue run to 7042 get a queue file for an already completed job. This 7043 problem has existed for years. Problem noted by the 7044 long suffering Allan Johannesen of WPI. 7045 Fix a problem that caused the raw sender name to be passed to 7046 udbsender instead of the canonified name -- this caused 7047 it to sometimes miss records that it should have found. 7048 Relax check of name on HELO packet so that a program using -bs 7049 that claims to be itself works properly. 7050 Restore rewriting of $: part of address through 2, R, 4 in 7051 buildaddr -- this requires passing a lot of flags to get 7052 it right. Unlike old versions, this ONLY rewrites 7053 recipient addresses, not sender addresses. 7054 Fix a bug that caused core dumps in config files that cannot 7055 resolve /file/name style addresses. Fix from Jonathan 7056 Kamens of OpenVision Technologies. 7057 Fix problem with fcntl locking that can cause error returns to 7058 be lost if the lock is lost; this required fully 7059 queueing everything, dropping the envelope (so errors 7060 would get returned), and then re-reading the queue from 7061 scratch. 7062 Fix a problem that caused aliases that redefine an otherwise 7063 true address to still send to the original address 7064 if and only if the alias failed in certain bizarre 7065 ways (e.g, if they pointed at a list:; syntax address). 7066 Problem pointed out by Jonathan Kamens. 7067 Remove support for frozen configuration files. They caused 7068 more trouble than it was worth. 7069 Fix problem that can cause error messages to get ignored when 7070 using both -odb and -t flags. Problem noted by Rob 7071 McNicholas at U.C. Berkeley. 7072 Include all "normal" variations on hostname in $=w. For example, 7073 if the host name is vangogh.cs.berkeley.edu, $=w will 7074 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. 7075 Add "restrictqrun" privacy flag -- without this, anyone can run 7076 the queue. 7077 Reset SmtpPhase global on initial connection creation so that 7078 messages don't come out with stale information. 7079 Pass an "ext" argument to lockfile so that error/log messages 7080 will properly reflect the true filename being locked. 7081 Put all [...] address forms into $=w -- this eliminates the need 7082 for MAXIPADDR in conf.h. Suggested by John Gardiner 7083 Myers of CMU. 7084 Fix a bug that can cause qf files to be left around even after 7085 an SMTP RSET command. Problem and fix from Michael 7086 Corrigan. 7087 Don't send a PostmasterCopy to errors when the Precedence: is 7088 negative. Error reports still go to the envelope 7089 sender address. 7090 Add LA_SHORT for load averages. 7091 Lock sendmail.st file when posting statistics. 7092 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to 7093 set the size of the TCP send and receive buffers; if you 7094 run over a slow slip line you may need to set these down 7095 (although it would be better to fix the SLIP implementation 7096 so that it's not necessary to recompile every program 7097 that does bulk data transfer). 7098 Allow null defaults on $( ... $) lookups. Problem reported by 7099 Amir Plivatsky. 7100 Diagnose crufty S and V config lines. This resulted from an 7101 observation that some people were using the SITE macro 7102 without the SITECONFIG macro first, which was causing 7103 bogus config files that were not caught. 7104 Fix makemap -f flag to turn off case folding (it was turning it 7105 on instead). THIS IS A USER VISIBLE CHANGE!!! 7106 Fix a problem that caused multiple error messages to be sent if 7107 you used "sendmail -t -oem -odb", your system uses fcntl 7108 locking, and one of the recipient addresses is unknown. 7109 Reset uid earlier in include() so that recursive .forwards or 7110 :include:s don't use the wrong uid. 7111 If file descriptor 0, 1, or 2 was closed when sendmail was 7112 called, the code to recover the descriptor was broken. 7113 This sometimes (only sometimes) caused problems with the 7114 alias file. Fix from Motonori Nakamura. 7115 Fix a problem that caused aliaswait to go into infinite recursion 7116 if the @:@ metasymbol wasn't found in the alias file. 7117 Improve error message on newaliases if database files cannot be 7118 opened or if running with no database format defined. 7119 Do a better estimation of the size of error messages when NoReturn 7120 is set. Problem noted by P{r (Pell) Emanuelsson. 7121 Fix a problem causing the "c" option (don't connect to expensive 7122 mailers) to be ignored in SMTP. Problem noted and the 7123 solution suggested by Robert Elz of The University of 7124 Melbourne. 7125 Improve connection caching algorithm by passing "[host]" to 7126 hostsignature, which strips the square brackets and 7127 returns the real name. This allows mailertable entries 7128 to match regular entries. 7129 Re-enable Return-Receipt-To: -- people seem to want this stupid 7130 feature, even if it doesn't work right. 7131 Catch and log attempts to try the "wiz" command in server SMTP. 7132 This also ups the log level from LOG_NOTICE to LOG_CRIT. 7133 Be more generous at assigning $z to the home directory -- do this 7134 for programs that are specified through a .forward file. 7135 Fix from Andrew Chang of Sun Microsystems. 7136 Always save a fatal error message in preference to a non-fatal 7137 error message so that the "subject" line of return 7138 messages is the best possible. 7139 CONFIG: reduce the number of quotes needed to quote configuration 7140 parameters with commas: two quotes should work now, e.g., 7141 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). 7142 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom 7143 connections (domain-ized UUCP). 7144 CONFIG: fix bug in default maps (-o must be before database file 7145 name). Pointed out by Christophe Wolfhugel. 7146 CONFIG: add FEATURE(nodns) to state that we are not relying on 7147 DNS. This would presumably be used in UUCP islands. 7148 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). 7149 CONFIG: log $u in Received: line. This is in technical violation 7150 of the standards, since it doesn't guarantee a domain 7151 on the address. 7152 CONFIG: don't assume "m" in local mailer flags -- this means that 7153 if you redefine LOCAL_MAILER_FLAGS you will have to include 7154 the "m" flag should you want it. Apparently some Solaris 2.2 7155 installations can't handle multiple local recipients. 7156 Problem noted by Josh Smith. 7157 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). 7158 CONFIG: change default version level from 4 to 5. 7159 CONFIG: add FEATURE(nullclient) to create a config file that 7160 forwards all mail to a hub without ever looking at the 7161 addresses in any detail. 7162 CONFIG: properly strip mailer: information off of relays when 7163 used to change .BITNET form into %-hack form. 7164 CONFIG: fix a problem that caused infinite loops if presented 7165 with an address such as "!foo". 7166 CONFIG: check for self literal (e.g., [128.32.131.12]) even if 7167 the reverse "PTR" mapping is broken. There's a better 7168 way to do this, but the change is fairly major and I 7169 want to hold it for another release. Problem noted by 7170 Bret Marquis. 7171 71728.5/8.5 1993/07/23 7173 Serious bug: if you used a command line recipient that was unknown 7174 sendmail would not send a return message (it was treating 7175 everything as though it had an SMTP-style client that 7176 would do the return itself). Problem noted by Josh Smith. 7177 Change "trymx" option in getcanonname() to ignore all MX data, 7178 even during a T_ANY query. This actually didn't break 7179 anything, because the only time you called getcanonname 7180 with !trymx was if you already knew there were no MX 7181 records, but it is somewhat cleaner. From Motonori 7182 Nakamura. 7183 Don't call getcanonname from getmxrr if you already know there 7184 are no DNS records matching the name. 7185 Fix a problem causing error messages to always include "The 7186 original message was received ... from localhost". 7187 The correct original host information is now included. 7188 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their 7189 version of "test" doesn't have the -x flag). Change it 7190 to use -f instead. From John Myers. 7191 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to 7192 esmtp -- it should be smtp. 7193 CONFIG: send all relayed mail using confRELAY_MAILER (defaults 7194 to "relay" (a variant of "smtp") if MAILER(smtp) is used, 7195 else "suucp" if MAILER(uucp) is used, else "unknown"); 7196 this cleans up the configs somewhat. This fixes a serious 7197 problem that caused route-addrs to get mistaken as relays, 7198 pointed out by John Myers. WARNING: this also causes 7199 the default on SMART_HOST to change from "suucp" to 7200 "relay" if you have MAILER(smtp) specified. 7201 72028.4/8.4 1993/07/22 7203 Add option `w'. If you receive a message that comes to you because 7204 you are the best (lowest preference) target of an MX, and 7205 you haven't explicitly recognized the source MX host in 7206 your .cf file, this option will cause you to try the target 7207 host directly (as if there were no MX for it at all). If 7208 `w' is not set, this case is a configuration error. 7209 Beware: if `w' is set, senders may get bogus errors like 7210 "message timed out" or "host unknown" for problems that 7211 are really configuration errors. This option is 7212 disrecommended, provided only for compatibility with 7213 UIUC sendmail. 7214 Fix a problem that caused the incoming socket to be left open 7215 when sendmail forks after the DATA command. This caused 7216 calling systems to wait in FIN_WAIT_2 state until the 7217 entire list was processed and the child closed -- a 7218 potentially prodigious amount of time. Problem noted 7219 by Neil Rickert. 7220 Fix problem (created in 6.64) that caused mail sent to multiple 7221 addresses, one of which was a bad address, to completely 7222 suppress the sending of the message. This changes 7223 handling of EF_FATALERRS somewhat, and adds an 7224 EF_GLOBALERRS flag. This also fixes a potential problem 7225 with duplicate error messages if there is a syntax error 7226 in the header of a message that isn't noticed until late 7227 in processing. Original problem pointed out by Josh Smith 7228 of Harvey Mudd College. This release includes quite a bit 7229 of dickering with error handling (see below). 7230 Back out SMTP transaction if MAIL gets nested 501 error. This 7231 will only hurt already-broken software and should help 7232 humans. 7233 Fix a problem that broke aliases when neither NDBM nor NEWDB were 7234 compiled in. It would never read the alias file. 7235 Repair unbalanced `)' and `>' (the "open" versions are already 7236 repaired). 7237 Logging of "done" in dropenvelope() was incorrect: it would 7238 log this even when the queue file still existed. Change 7239 this to only log "done" (at log level 11) when the 7240 queue file is actually removed. From John Myers. 7241 Log "lost connection" in server SMTP at log level 20 if there 7242 is no pending transaction. Some senders just close the 7243 connection rather than sending QUIT. 7244 Fix a bug causing getmxrr to add a dot to the end of unqualified 7245 domains that do not have MX records -- this would cause 7246 the subsequent host name lookup to fail. The problem 7247 only occurred if you had FEATURE(nocanonify) set. 7248 Problem noted by Rick McCarty of Texas Instruments. 7249 Fix invocation of setvbuf when passed a -X flag -- I had 7250 unwittingly used an ANSI C extension, and this caused 7251 core dumps on some machines. 7252 Diagnose self-destructive alias loops on RCPT as well as EXPN. 7253 Previously it just gave an empty send queue, which 7254 then gave either "Need RCPT (recipient)" at the DATA 7255 (confusing, since you had given an RCPT command which 7256 returned 250) or just dropped the email, depending on 7257 whether you were running VERBose mode. Now it usually 7258 diagnoses this case as "aliasing/forwarding loop broken". 7259 Unfortunately, it still doesn't adequately diagnose 7260 some true error conditions. 7261 Add internal concept of "warning messages" using 6xx codes. 7262 These are not reported only to Postmaster. Unbalanced 7263 parens, brackets, and quotes are printed as 653 codes. 7264 They are always mapped to 5xx codes before use in SMTP. 7265 Clean up error messages to tell both the actual address that 7266 failed and the alias they arose from. This makes it 7267 somewhat easier to diagnose problems. Difficulty noted 7268 by Motonori Nakamura. 7269 Fix a problem that inappropriately added a ctladdr to addresses 7270 that shouldn't have had one during a queue run. This 7271 caused error messages to be handled differently during 7272 a queue run than a direct run. 7273 Don't print the qf name and line number if you get errors during 7274 the direct run of the queue from srvrsmtp -- this was 7275 just extra stuff for users to crawl through. 7276 Put command line flags on second line of pid file so you can 7277 auto-restart the daemon with all appropriate arguments. 7278 Use "kill `head -1 /etc/sendmail.pid`" to stop the 7279 daemon, and "eval `tail -1 /etc/sendmail.pid`" to 7280 restart it. 7281 Remove the ``setuid(getuid())'' in main -- this caused the 7282 IDENT daemon to screw up. This required that I change 7283 HASSETEUID to HASSETREUID and complicate the mode 7284 changing somewhat because both Ultrix and SunOS seem 7285 to have a bug causing seteuid() to set the saved uid 7286 as well as the effective. The program test/t_setreuid.c 7287 will test to see if your implementation of setreuid(2) 7288 is appropriately functional. 7289 The FallBackMX (option V) handling failed to properly identify 7290 fallback to yourself -- most of the code was there, 7291 but it wasn't being enabled. Problem noted by Murray 7292 Kucherawy of the University of Waterloo. 7293 Change :include: open timeout from ETIMEDOUT to an internal 7294 code EOPENTIMEOUT; this avoids adding "during SmtpPhase 7295 with CurHostName" in error messages, which can be 7296 confusing. Reported by Jonathan Kamens of OpenVision 7297 Technologies. 7298 Back out setpgrp (setpgid on POSIX systems) call to reset the 7299 process group id. The original fix was to get around 7300 some problems with recalcitrant MUAs, but it breaks 7301 any call from a shell that creates a process group id 7302 different from the process id. I could try to fix 7303 this by diddling the tty owner (using tcsetpgrp or 7304 equivalent) but this is too likely to break other 7305 things. 7306 Portability changes: 7307 Support -M as equivalent to -oM on Ultrix -- apparently 7308 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs 7309 instead of using standard flags. Oh joy. This 7310 behavior reported by Jon Giltner of University 7311 of Colorado. 7312 SGI IRIX -- this includes several changes that should 7313 help other strict ANSI compilers. 7314 SCO Unix -- from Murray Kucherawy of HookUp Communication 7315 Corporation. 7316 Solaris running the Sun C compiler (which despite the 7317 documentation apparently doesn't define 7318 __STDC__ by default). 7319 ConvexOS from Eric Schnoebelen of Convex. 7320 Sony NEWS workstations and Omron LUNA workstations from 7321 Motonori Nakamura. 7322 CONFIG: add confTRY_NULL_MX_LIST to set option `w'. 7323 CONFIG: delete `C' and `e' from default SMTP mailers flags; 7324 several people have made a good argument that this 7325 creates more problems than it solves (although this 7326 may prove painful in the short run). 7327 CONFIG: generalize all the relays to accept a "mailer:host" 7328 format. 7329 CONFIG: move local processing in ruleset 0 into a new ruleset 7330 98 (8 on old sendmail). Domain literal [a.b.c.d] 7331 addresses are also passed through this ruleset. 7332 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, 7333 internet-style addresses would "fall off the end" of 7334 ruleset zero and be interpreted as local -- however, 7335 the angle brackets confused the recursive call. 7336 These are now diagnosed as "Unrecognized host name". 7337 CONFIG: USENET rules weren't included in S0 because of a mistaken 7338 ifdef(`_MAILER_USENET_') instead of 7339 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik 7340 of SINTEF RUNIT, Oslo. 7341 CONFIG: move up LOCAL_RULE_0 processing so that it happens very 7342 early in ruleset 0; this allows .mc authors to bypass 7343 things like the "short circuit" code for local addresses. 7344 Prompted by a comment by Bill Wisner of The Well. 7345 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or 7346 esmtp) to send SMTP mail. This allows you to default 7347 to esmtp but use a mailertable or other override to 7348 deal with broken servers. This logic was pointed out 7349 to me by Bill Wisner. Ditto for confLOCAL_MAILER. 7350 Changes to cf/sh/makeinfo.sh to make it portable to SVR4 7351 environments. Ugly as sin. 7352 73538.3/8.3 1993/07/13 7354 Fix setuid problems introduced in 8.2 that caused messages 7355 like "Cannot create qfXXXXXX: Invalid argument" 7356 or "Cannot reopen dfXXXXXX: Permission denied". This 7357 involved a new compile flag "HASSETEUID" that takes 7358 the place of the old _POSIX_SAVED_IDS -- it turns out 7359 that the POSIX interface is broken enough to break 7360 some systems badly. This includes some fixes for 7361 HP-UX. Also fixes problems where the real uid is 7362 not reset properly on startup (from Neil Rickert). 7363 Fix a problem that caused timed out messages to not report the 7364 addresses that timed out. Error messages are also more 7365 "user friendly". 7366 Drop required bandwidth on connections from 64 bytes/sec to 7367 16 bytes/sec. 7368 Further Solaris portability changes -- doesn't require the BSD 7369 compatibility library. This also adds a new 7370 "HASGETDTABLESIZE" compile flag which can be used if 7371 you want to use getdtablesize(2) instead of sysconf(2). 7372 These are loosely based on changes from David Meyer at 7373 University of Oregon. This now seems to work, at least 7374 for quick test cases. 7375 Fix a problem that can cause duplicate error messages to be 7376 sent if you are in SMTP, you send to multiple addresses, 7377 and at least one of those addresses is good and points 7378 to an account that has a .forward file (whew!). 7379 Fix a problem causing messages to be discarded if checkcompat() 7380 returned EX_TEMPFAIL (because it didn't properly mark 7381 the "to" address). Problem noted by John Myers. 7382 Fix dfopen to return NULL if the open failed; I was depending 7383 on fdopen(-1) returning NULL, which isn't the case. This 7384 isn't serious, but does result in weird error diagnoses. 7385 From Michael Corrigan. 7386 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of 7387 messages sent through UUCP-family mailers. Suggested 7388 by Bill Wisner of The Well. 7389 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, 7390 include a "uucp-dom" mailer that uses domain-style 7391 addressing. Suggested by Bill Wisner. 7392 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match 7393 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by 7394 Christophe Wolfhugel. 7395 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 7396 73978.2/8.2 1993/07/11 7398 Don't drop out on config file parse errors in -bt mode. 7399 On older configuration files, assume option "l" (use Errors-To 7400 header) for back compatibility. NOTE: this DOES NOT 7401 imply an endorsement of the Errors-To: header in any way. 7402 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? 7403 Don't log errors on EHLO -- it isn't a "real" error for an old 7404 SMTP server to give an error on this command, and 7405 logging it in the transcript can be confusing. Fix 7406 from Bill Wisner. 7407 IRIX compatibility changes provided by Dan Rich 7408 <drich@sandman.lerc.nasa.gov>. 7409 Solaris 2 compatibility changes. Provided by Bob Cunningham 7410 <bob@kahala.soest.hawaii.edu>, John Oleynick 7411 <juo@klinzhai.rutgers.edu> 7412 Debugging: -d17 was overloaded (hostsignature and usersmtp.c); 7413 move usersmtp (smtpinit and smtpmailfrom) to -d18 to 7414 match the other flags in that file. 7415 Flush transcript before fork in mailfile(). From Eric Wassenaar. 7416 Save h_errno in mci struct and improve error message display. 7417 Changes from Eric Wassenaar. 7418 Open /dev/null for the transcript if the create of the xf file 7419 failed; this avoids at least one possible null pointer 7420 reference in very weird cases. From Eric Wassenaar. 7421 Clean up statistics gathering; it was over-reporting because of 7422 forks. From Eric Wassenaar. 7423 Fix problem that causes old Return-Path: line to override new 7424 Return-Path: line (conf.c needs H_FORCE to avoid 7425 re-using old value). From Motonori Nakamura. 7426 Fix broken -m flag in K definition -- even if -m (match only) 7427 was specified, it would still replace the key with the 7428 value. Noted by Rick McCarty of Texas Instruments. 7429 If the name server timed out over several days, no "timed out" 7430 message would ever be sent back. The timeout code 7431 has been moved from markfailure() to dropenvelope() 7432 so that all such failures should be diagnosed. Pointed 7433 out by Christophe Wolfhugel and others. 7434 Relax safefile() constraints: directories in an include or 7435 forward path must be readable by self if the controlling 7436 user owns the entry, readable by all otherwise (e.g., 7437 when reading your .forward file, you have to own and 7438 have X permission in it; everyone needs X permission in 7439 the root and directories leading up to your home); 7440 include files must be readable by anyone, but need not 7441 be owned by you. 7442 If _POSIX_SAVED_IDS is defined, setuid to the owner before 7443 reading a .forward file; this gets around some problems 7444 on NFS mounts if root permission is not exported and 7445 the user's home directory isn't x'able. 7446 Additional NeXT portability enhancements from Axel Zinser. 7447 Additional HP-UX portability enhancements from Brian Bullen. 7448 Add a timeout around SMTP message writes; this assumes you can 7449 get throughput of at least 64 bytes/second. Note that 7450 this does not impact the "datafinal" default, which 7451 is separate; this is just intended to work around 7452 network clogs that will occur before the final dot 7453 is sent. From Eric Wassenaar. 7454 Change map code to set the "include null" flag adaptively -- 7455 it initially tries both, but if it finds anything 7456 matching without a null it never tries again with a 7457 null and vice versa. If -N is specified, it never 7458 tries without the null and creates new maps with a 7459 null byte. If -O is specified, it never tries with 7460 the null (for efficiency). If -N and -O are specified, 7461 you get -NO (get it?) lookup at all, so this would 7462 be a bad idea. If you don't specify either -N or -O, 7463 it adapts. 7464 Fix recognition of "same from address" so that MH submissions 7465 will insert the appropriate full name information; 7466 this used to work and got broken somewhere along the 7467 way. 7468 Some changes to eliminate some unnecessary SYSERRs in the 7469 log. For example, if you lost a connection, don't 7470 bother reporting that fact on the connection you lost. 7471 Add some "extended debugging" flags to try to track down 7472 why we get occasional problems with file descriptor 7473 one being closed when execing a mailer; it seems to 7474 only happen when there has been another error in the 7475 same transaction. This requires XDEBUG, defined 7476 by default in conf.h. 7477 Add "-X filename" command line flag, which logs both sides of 7478 all SMTP transactions. This is intended ONLY for 7479 debugging bad implementations of other mailers; start 7480 it up, send a message from a mailer that is failing, 7481 and then kill it off and examine the indicated log. 7482 This output is not intended to be particularly human 7483 readable. This also adds the HASSETVBUF compile 7484 flag, defaulted on if your compiler defines __STDC__. 7485 CONFIG: change SMART_HOST to override an SMTP mailer. If you 7486 have a local net that should get direct connects, you 7487 will need to use LOCAL_NET_CONFIG to catch these hosts. 7488 See cf/README for an example. 7489 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle 7490 sites that don't use the -d flag. 7491 CONFIG: hide recipient addresses as well as sender addresses 7492 behind $M if FEATURE(allmasquerade) is specified; this 7493 has been requested by several people, but can break 7494 local aliases. For example, if you mail to "localalias" 7495 this will be rewritten as "localalias@masqueradehost"; 7496 although initial delivery will work, replies will be 7497 broken. Use it sparingly. 7498 CONFIG: add FEATURE(domaintable). This maps unqualified domains 7499 to qualified domains in headers. I believe this is 7500 largely equivalent to the IDA feature of the same name. 7501 CONFIG: use $U as UUCP name instead of $k. This permits you 7502 to override the "system name" as your UUCP name -- 7503 in particular, to use domain-ized UUCP names. From 7504 Bill Wisner of The Well. 7505 CONFIG: create new mailer "esmtp" that always tries EHLO 7506 first. This is currently unused in the config files, 7507 but could be used in a mailertable entry. 7508 75098.1C/8.1B 1993/06/27 7510 Serious security bug fix: it was possible to read any file on 7511 the system, regardless of ownership and permissions. 7512 If a subroutine returns a fully qualified address, return it 7513 immediately instead of feeding it back into rewriting. 7514 This fixes a problem with mailertable lookups. 7515 CONFIG: fix some M4 frotz (concat => CONCAT) 7516 75178.1B/8.1A 1993/06/12 7518 Serious bug fix: pattern matching backup algorithm stepped by 7519 two tokens in classes instead of one. Found by Claus 7520 Assmann at University of Kiel, Germany. 7521 75228.1A/8.1A 1993/06/08 7523 Another mailertable fix.... 7524 75258.1/8.1 1993/06/07 7526 4.4BSD freeze. No semantic changes. 7527