RELEASE_NOTES revision 90792
1 SENDMAIL RELEASE NOTES 2 $Id: RELEASE_NOTES,v 8.1218 2002/01/13 18:24:15 ca Exp $ 3 4 5This listing shows the version of the sendmail binary, the version 6of the sendmail configuration files, the date of release, and a 7summary of the changes in that release. 8 98.12.2/8.12.2 2002/01/13 10 Don't complain too much if stdin, stdout, or stderr are missing 11 at startup, only log an error message. 12 Fix potential problem if an unknown operation mode (character 13 following -b) has been specified. 14 Prevent purgestat from looping even if someone changes the 15 permissions or owner of hoststatus files. Problem noted 16 by Kari Hurtta of the Finnish Meteorological Institute. 17 Properly record dropped connections in persistent host status. 18 Problem noted by Ulrich Windl of the Universitat 19 Regensburg. 20 Remove newlines from recipients read via sendmail -t to prevent 21 SMTP protocol errors when sending the RCPT command. 22 Problem noted by William D. Colburn of the New Mexico 23 Institute of Mining and Technology. 24 Only log milter body replacements once instead of for each body 25 chunk sent by a filter. Problem noted by Kari Hurtta of 26 the Finnish Meteorological Institute. 27 In 8.12.0 and 8.12.1, the headers were mistakenly not included in 28 the message size calculation. Problem noted by Kari Hurtta 29 of the Finnish Meteorological Institute. 30 Since 8.12 no longer forks at the SMTP MAIL command, the daemon 31 needs to collect children status to avoid zombie processes. 32 Problem noted by Chris Adams of HiWAAY Informations Services. 33 Shut down "nullserver" and ETRN-only connections after 25 bad 34 commands are issued. This makes it consistent with normal 35 SMTP connections. 36 Avoid duplicate logging of milter rejections. Problem noted by 37 William D. Colburn of the New Mexico Institute of Mining 38 and Technology. 39 Error and delay DSNs were being sent to postmaster instead of the 40 message sender if the sender had used a deprecated RFC822 41 source route. Problem noted by Kari Hurtta of the Finnish 42 Meteorological Institute. 43 Fix FallbackMXhost behavior for temporary errors during address 44 parsing. Problem noted by Jorg Bielak from Coastal Web 45 Online. 46 For systems on which stat(2) does not return a value for st_blksize 47 that is the "optimal blocksize for I/O" three new compile 48 time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF, 49 and SM_IO_MAX_BUF, which define an upper limit for 50 regular files, and a lower and upper limit for other file 51 types, respectively. 52 Fix a potential deadlock if two events are supposed to occur at 53 exactly the same time. Problem noted by Valdis Kletnieks 54 of Virginia Tech. 55 Perform envelope splitting for aliases listed directly in the 56 alias file, not just for include/.forward files. 57 Problem noted by John Beck of Sun Microsystems. 58 Allow selection of queue group for mailq using -qGgroup. 59 Based on patch by John Beck of Sun Microsystems. 60 Make sure cached LDAP connections used my multiple maps in the same 61 process are closed. Patch from Taso N. Devetzis. 62 If running as root, allow reading of class files in protected 63 directories. Patch from Alexander Talos of the University 64 of Vienna. 65 Correct a few LDAP related memory leaks. Patch from David Powell 66 of Sun Microsystems. 67 Allow specification of an empty realm via the authinfo ruleset. 68 This is necessary to interoperate as an SMTP AUTH client 69 with servers that do not support realms when using 70 CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin. 71 Avoid a potential information leak if AUTH PLAIN is used and the 72 server gets stuck while processing that command. Problem 73 noted by Chris Adams from HiWAAY Informations Services. 74 In addition to printing errors when parsing recipients during 75 command line invocations log them to make it simpler 76 to understand possible DSNs to postmaster. 77 Do not use FallbackMXhost on mailers which have the F=0 flag set. 78 Allow local mailers (F=l) to specify a host for TCP connections 79 instead of forcing localhost. 80 Obey ${DESTDIR} for installation of the client mail queue and 81 submit.cf. Patch from Peter 'Luna' Runestig. 82 Re-enable support for -M option which was broken in 8.12.1. Problem 83 noted by Neil Rickert of Northern Illinois University. 84 If a remote server violates the SMTP standard by unexpectedly 85 dropping the connection during an SMTP transaction, stop 86 sending commands. This prevents bogus "Bad file number" 87 recipient status. Problem noted by Allan E Johannesen of 88 Worcester Polytechnic Institute. 89 Do not use a size estimate of 100 for postmaster bounces, it's 90 almost always too small; do not guess the size at all. 91 New VENDOR_DEC for Compaq/DEC. Requested by James Seagraves of 92 Compaq Computer Corp. 93 Fix DaemonPortOptions IPv6 address parsing such that ::1 works 94 properly. Problem noted by Valdis Kletnieks of Virginia 95 Tech. 96 Portability: 97 Fix IPv6 network interface probing on HP-UX 11.X. Based on 98 patch provided by HP. 99 Mac OS X (aka Darwin) has a broken setreuid() call, but a 100 working seteuid() call. From Daniel J. Luke. 101 Use proper type for a 32-bit integer on SINIX. From Ganu 102 Sachin of Siemens. 103 Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX. 104 Reduce optimization from +O3 to +O2 on HP-UX 11. This 105 fixes a problem that caused additional bogus 106 characters to be written to the qf file. Problem 107 noted by Tapani Tarvainen. 108 Set LDA_USE_LOCKF by default for UnixWare. Problem noted 109 by Boyd Lynn Gerber. 110 Add support for HP MPE/iX. See sendmail/README for port 111 information. From Mark Bixby of Hewlett-Packard. 112 New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON, 113 USE_DOUBLE_FORK, and NEEDLINK. See sendmail/README 114 for more information. From Mark Bixby of 115 Hewlett-Packard. 116 If an OS doesn't have a method of finding free disk space 117 (SFS_NONE), lie and say there is plenty of space. 118 From Mark Bixby of Hewlett-Packard. 119 Add support for AIX 5.1. From Valdis Kletnieks of 120 Virginia Tech. 121 Fix man page location for NeXTSTEP. From Hisanori Gogota 122 of the NTT/InterCommunication Center. 123 Do not assume that strerror() always returns a string. 124 Problem noted by John Beck of Sun Microsystems. 125 CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed 126 UUCP from the base operating system. From Mark Murray of 127 FreeBSD Services, Ltd. 128 CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX 129 systems. From Mark Bixby of Hewlett-Packard. 130 CONFIG: Add support for selecting a queue group for all mailers. 131 Based on proposal by Stephen L. Ulmer of the University of 132 Florida. 133 CONFIG: Fix error reporting for compat_check.m4. Problem noted by 134 Altin Waldmann. 135 CONFIG: Do not override user selections for confRUN_AS_USER and 136 confTRUSTED_USER in FEATURE(msp). From Mark Bixby of 137 Hewlett-Packard. 138 LIBMILTER: Fix bug that prevented the removal of a socket after 139 libmilter terminated. Problem reported by Andrey V. Pevnev 140 of MSFU. 141 LIBMILTER: Fix configuration error that required libsm for linking. 142 Problem noted by Kari Hurtta of the Finnish Meteorological 143 Institute. 144 LIBMILTER: Portability fix for OpenUNIX. Patch from Larry Rosenman. 145 LIBMILTER: Fix a theoretical memory leak and a possible attempt 146 to free memory twice. 147 LIBSM: Fix a potential segmentation violation in the I/O library. 148 Problem found and analyzed by John Beck and Tim Haley 149 of Sun Microsystems. 150 LIBSM: Do not clear the LDAP configuration information when 151 terminating the mailbox database connection in the LDAP 152 example code. Problem noted by Nikos Voutsinas of the 153 University of Athens. 154 New Files: 155 cf/cf/generic-mpeix.cf 156 cf/cf/generic-mpeix.mc 157 cf/ostype/freebsd5.m4 158 cf/ostype/mpeix.m4 159 devtools/OS/AIX.5.1 160 devtools/OS/MPE-iX 161 include/sm/os/sm_os_mpeix.h 162 libsm/mpeix.c 163 1648.12.1/8.12.1 2001/10/01 165 SECURITY: Check whether dropping group privileges actually succeeded 166 to avoid possible compromises of the mail system by 167 supplying bogus data. Add configuration options for 168 different set*gid() calls to reset saved gid. Problem 169 found by Michal Zalewski. 170 PRIVACY: Prevent information leakage when sendmail has extra 171 privileges by disabling debugging (command line -d flag) 172 during queue runs and disabling ETRN when sendmail -bs is 173 used. Suggested by Michal Zalewski. 174 Avoid memory corruption problems resulting from bogus .cf files. 175 Problem found by Michal Zalewski. 176 Set the ${server_addr} macro to name of mailer when doing LMTP 177 delivery. LMTP systems may offer SMTP Authentication or 178 STARTTLS causing sendmail to use this macro in rulesets. 179 If debugging is turned on (-d0.10) print not just the default 180 values for configuration file and pid file but also the 181 selected values. Problem noted by Brad Chapman. 182 Continue dealing with broken nameservers by ignoring SERVFAIL 183 errors returned on T_AAAA (IPv6) lookups at delivery time 184 if ResolverOptions=WorkAroundBrokenAAAA is set. Previously 185 this only applied to hostname canonification. Problem 186 noted by Bill Fenner of AT&T Research. 187 Ignore comments in NIS host records when trying to find the 188 canonical name for a host. 189 When sendmail has extra privileges, limit mail submission command 190 line flags (i.e., -G, -h, -F, etc.) to mail submission 191 operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on 192 suggestion from Michal Zalewski. 193 Portability: 194 AIX: Use `oslevel` if available to determine OS version. 195 `uname` does not given complete information. 196 Problem noted by Keith Neufeld of the Cessna 197 Aircraft Company. 198 OpenUNIX: Use lockf() for LDA delivery (affects mail.local). 199 Problem noticed by Boyd Lynn Gerber of ZENEX. 200 Avoid compiler warnings by not using pointers to pass 201 integers. Problem noted by Todd C. Miller of 202 Courtesan Consulting. 203 CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize 204 problems with potential misconfigurations. 205 CONFIG: Fix comment showing default value of MaxHopCount. Problem 206 noted by Greg Robinson of the Defence Science and 207 Technology Organisation of Australia. 208 CONFIG: dnsbl: If an argument specifies an error message in case 209 of temporary lookup failures for DNS based blacklists 210 then use it. 211 LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by 212 Richard A. Nelson of Debian. 213 LIBMILTER: Add __P definition for OS that lack it. Problem noted 214 by Chris Adams from HiWAAY Informations Services. 215 LIBSMDB: Fix a lock race condition that affects makemap, praliases, 216 and vacation. 217 MAKEMAP: Avoid going beyond the end of an input line if it does 218 not contain a value for a key. Based on patch from 219 Mark Bixby from Hewlett-Packard. 220 New Files: 221 test/Build 222 test/Makefile 223 test/Makefile.m4 224 test/README 225 test/t_dropgid.c 226 test/t_setgid.c 227 Deleted Files: 228 include/sm/stdio.h 229 include/sm/sysstat.h 230 2318.12.0/8.12.0 2001/09/08 232 *NOTICE*: The default installation of sendmail does not use 233 set-user-ID root anymore. You need to create a new user and 234 a new group before installing sendmail (both called smmsp by 235 default). The installation process tries to install 236 /etc/mail/submit.cf and creates /var/spool/clientmqueue by 237 default. Please see sendmail/SECURITY for details. 238 SECURITY: Check for group and world writable forward and :include: 239 files. These checks can be turned off if absolutely 240 necessary using the DontBlameSendmail option and the new 241 flags: 242 GroupWritableForwardFile 243 WorldWritableForwardFile 244 GroupWritableIncludeFile 245 WorldWritableIncludeFile 246 Problem noted by Slawek Zak of Politechnika Warszawska, 247 SECURITY: Drop privileges when using address test mode. Suggested 248 by Michal Zalewski of the "Internet for Schools" project 249 (IdS). 250 Fixed problem of a global variable being used for a timeout jump 251 point where the variable could become overused for more than 252 one timeout concurrently. This erroneous behavior resulted in 253 a corrupted stack causing a core dump. The timeout is now 254 handled via libsm. Problem noted by Michael Shapiro, 255 John Beck, and Carl Smith of Sun Microsystems. 256 If sendmail is set-group-ID then that group ID is used for permission 257 checks (group ID of RunAsUser). This allows use of a 258 set-group-ID sendmail binary for initial message submission 259 and no set-user-ID root sendmail is needed. For details 260 see sendmail/SECURITY. 261 Log a warning if a non-trusted user changes the syslog label. 262 Based on notice from Bryan Costales of SL3D, Inc. 263 If sendmail is called for initial delivery, try to use submit.cf 264 with a fallback of sendmail.cf as configuration file. See 265 sendmail/SECURITY. 266 New configuration file option UseMSP to allow group writable queue 267 files if the group is the same as that of a set-group-ID 268 sendmail binary. See sendmail/SECURITY. 269 The .cf file is chosen based on the operation mode. For -bm (default), 270 -bs, and -t it is submit.cf if it exists for all others it 271 is sendmail.cf (to be backward compatible). This selection 272 can be changed by the new option -Ac or -Am (alternative .cf 273 file: client or mta). See sendmail/SECURITY. 274 The SMTP server no longer forks on each MAIL command. The ONEX 275 command has been removed. 276 Implement SMTP PIPELINING per RFC 2920. It can be turned off 277 at compile time or per host (ruleset). 278 New option MailboxDatabase specifies the type of mailbox database 279 used to look up local mail recipients; the default value 280 is "pw", which means to use getpwnam(). New mailbox database 281 types can be added by adding custom code to libsm/mbdb.c. 282 Queue file names are now 15 characters long, rather than 14 characters 283 long, to accomodate envelope splitting. File systems with 284 a 14 character file name length limit are no longer 285 supported. 286 Recipient list used for delivery now gets internally ordered by 287 hostsignature (character string version of MX RR). This orders 288 recipients for the same MX RR's together meaning smaller 289 portions of the list need to be scanned (instead of the whole 290 list) each delivery() pass to determine piggybacking. The 291 significance of the change is better the larger the recipient 292 list. Hostsignature is now created during recipient list 293 creation rather than just before delivery. 294 Enhancements for more opportunistic piggybacking. Previous 295 piggybacking (called coincidental) extended to coattail 296 piggybacking. Rather than complete MX RR matching 297 (coincidental) piggybacking is done if just the lowest value 298 preference matches (coattail). 299 If sendmail receives a temporary error on a RCPT TO: command, it will 300 try other MX hosts if available. 301 DefaultAuthInfo can contain a list of mechanisms to be used for 302 outgoing (client-side) SMTP Authentication. 303 New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable 304 AUTH (overrides 'a' modifier in DaemonPortOptions). Based 305 on patch from Lyndon Nerenberg of Messaging Direct. 306 Enable AUTH mechanism EXTERNAL if STARTTLS is used. 307 A new ruleset authinfo can be used to return client side 308 authentication information for AUTH instead of DefaultAuthInfo. 309 Therefore the DefaultAuthInfo option is deprecated and will be 310 removed in future versions. 311 Accept any SMTP continuation code 3xy for AUTH even though RFC 2554 312 requires 334. Mercury 1.48 is a known offender. 313 Add new option AuthMaxBits to limit the overall encryption strength 314 for the security layer in SMTP AUTH (SASL). See 315 doc/op/op.me for details. 316 Introduce new STARTTLS related macros {cn_issuer}, {cn_subject}, 317 {cert_md5} which hold the CN (common name) of the CA that 318 signed the presented certificate, the CN and the MD5 hash 319 of the presented certificate, respectively. 320 New ruleset try_tls to decide whether to try (as client) STARTTLS. 321 New ruleset srv_features to enable/disable certain features in the 322 server per connection. See doc/op/op.me for details. 323 New ruleset tls_rcpt to decide whether to send e-mail to a particular 324 recipient; useful to decide whether a conection is secure 325 enough on a per recipient basis. 326 New option TLSSrvOptions to modify some aspects of the server 327 for STARTTLS. 328 If no certificate has been requested, the macro {verify} has the 329 value "NOT". 330 New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off 331 using/offering STARTTLS when delivering/receiving e-mail. 332 Macro expand filenames/directories for certs and keys in the .cf file. 333 Proposed by Neil Rickert of Northern Illinois University. 334 Generate an ephemeral RSA key for a STARTTLS connection only if 335 really required. This change results in a noticable 336 performance gains on most machines. Moreover, if shared 337 memory is in use, reuse the key several times. 338 Add queue groups which can be used to group queue directories with 339 the same behavior together. See doc/op/op.me for details. 340 If the new option FastSplit (defaults to one) has a value greater 341 than zero, it suppresses the MX lookups on addresses when they 342 are initially sorted which may result in faster envelope 343 splitting. If the mail is submitted directly from the 344 command line, then the value also limits the number of 345 processes to deliver the envelopes; if more envelopes are 346 created they are only queued up and must be taken care of 347 by a queue run. 348 The check for 'enough disk space' now pays attention to which file 349 system each queue directory resides in. 350 All queue runners can be cleanly terminated via SIGTERM to parent. 351 New option QueueFileMode for the default permissions of queue files. 352 Add parallel queue runner code. Allows multiple queue runners per work 353 group (one or more queues in a multi-queue environment 354 collected together) to process the same work list at the 355 same time. 356 Option MaxQueueChildren added to limit the number of concurrently 357 active queue runner processes. 358 New option MaxRunnersPerQueue to specify the maximum number of queue 359 runners per queue group. 360 Queue member selection by substring pattern matching now allows 361 the pattern to be negated. For -qI, -qR and -qS it is 362 permissible for -q!I, -q!R and -q!S to mean remove members 363 of the queue that match during processing. 364 New -qp[time] option is similar to -qtime, except that instead of 365 periodically forking a child to process the queue, a single 366 child is forked for each queue that sleeps between queue 367 runs. A SIGHUP signal can be sent to restart this 368 persistent queue runner. 369 The SIGHUP signal now restarts a timed queue run process (i.e., a 370 sendmail process which only runs the queue at an interval: 371 sendmail -q15m). 372 New option NiceQueueRun to set the priority of queue runners. 373 Proposed by Thom O'Connor. 374 sendmail will run the queue(s) in the background when invoked with -q 375 unless the new -qf option or -v is used. 376 QueueSortOrder=Random sorts the queue randomly, which is useful if 377 several queue runners are started by hand to avoid contention. 378 QueueSortOrder=Modification sorts the queue by the modification time 379 of the qf file (older entries first). 380 Support Deliver By SMTP Service Extension (RFC 2852) which allows 381 a client to specify an amount of time within which an e-mail 382 should be delivered. New option DeliverByMin added to set the 383 minimum amount of time or disable the extension. 384 Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are 385 not allowed unless escaped or quoted. 386 Add support for a generic DNS map. Based on a patch contributed 387 by Leif Johansson of Stockholm University, which was based on 388 work by Assar Westerlund of Swedish Institute of Computer 389 Science, Kista, and Johan Danielsson of Royal Institute of 390 Technology, Stockholm, Sweden. 391 MX records will be looked up for FallBackMXhost. To use the old 392 behavior (no MX lookups), put the name in square brackets. 393 Proposed by Thom O'Connor. 394 Use shared memory to store free space of filesystems that are used 395 for queues, if shared memory is available and if a key is set 396 via SharedMemoryKey. This minimizes the number of system 397 calls to check the available space. See doc/op/op.me for 398 details. 399 If shared memory is compiled in the option -bP can be used to print 400 the number of entries in the queue(s). 401 Enable generic mail filter API (milter). See libmilter/README 402 and the usual documentation for details. 403 Remove AutoRebuildAliases option, deprecated since 8.10. 404 Remove '-U' (initial user submission) command line option as 405 announced in 8.10. 406 Remove support for non-standard SMTP command XUSR. Use an MSA instead. 407 New macro {addr_type} which contains whether the current address is 408 an envelope sender or recipient address. Suggested by 409 Neil Rickert of Northern Illinois University. 410 Two new options for host maps: -d (retransmission timeout), 411 -r (number of retries). 412 New option for LDAP maps: the -V<sep> allows you to specify a 413 separator such that a lookup can return both an attribute 414 and value separated by the given separator. 415 Add new operators '%', '|', '&' (modulo, binary or, binary and) 416 to map class arith. 417 If DoubleBounceAddress expands to an empty string, ``double bounces'' 418 (errors that occur when sending an error message) are dropped. 419 New DontBlameSendmail options GroupReadableSASLDBFile and 420 GroupWritableSASLDBFile to relax requirements for sasldb files. 421 New DontBlameSendmail options GroupReadableKeyFile to relax 422 requirements for files containing secret keys. This is 423 necessary for the MSP if client authentification is used. 424 Properly handle quoted filenames for class files (to allow for 425 filenames with spaces). 426 Honor the resolver option RES_NOALIASES when canonifying hostnames. 427 Add macros to avoid the reuse of {if_addr} etc: 428 {if_name_out} hostname of interface of outgoing connection. 429 {if_addr_out} address of interface of outgoing connection. 430 {if_family_out} family of interface of outgoing connection. 431 The latter two are only set if the interface does not belong 432 to the loopback net. 433 Add macro {nrcpts} which holds the number of (validated) recipients. 434 DialDelay option applies only to mailers with flag 'Z'. Patch from 435 Juergen Georgi of RUS University of Stuttgart. 436 New Timeout.lhlo,auth,starttls options to limit the time waiting for 437 an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command. 438 New Timeout.aconnect option to limit the overall waiting time for 439 all connections for a single delivery attempt to succeed. 440 Limit the rate recipients in the SMTP envelope are accepted once 441 a threshold number of recipients has been rejected (option 442 BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD 443 Development Group. 444 New option DelayLA to delay connections if the load averages 445 exceeds the specified value. The default of 0 does not 446 change the previous behavior. A value greater than 0 447 will cause sendmail to sleep for one second on most 448 SMTP commands and before accepting connections if that 449 load average is exceeded. 450 Use a dynamic (instead of fixed-size) buffer for the list of 451 recipients that are sent during a connection to a mailer. 452 This also introduces a new mailer field 'r' which defines 453 the maximum number of recipients (defaults to 100). 454 Based on patch by Motonori Nakamura of Kyoto University. 455 Add new F=1 mailer flag to disable sending of null characters ('\0'). 456 Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead. 457 The deprecated [TCP] builtin mailer pathname (P=) is gone. Use [IPC] 458 instead. 459 IPC is no longer available as first mailer argument (A=) for [IPC] 460 builtin mailer pathnames. Use TCP instead. 461 PH map code updated to use the new libphclient API instead of the 462 old libqiapi library. Contributed by Mark Roth of the 463 University of Illinois at Urbana-Champaign. 464 New option DirectSubmissionModifiers to define {daemon_flags} 465 for direct (command line) submissions. 466 New M=O modifier for DaemonPortOptions to ignore the socket in 467 case of failures. Based on patch by Jun-ichiro itojun 468 Hagino of the KAME Project. 469 Add Disposition-Notification-To: (RFC 2298) to the list of headers 470 whose content is rewritten similar to Reply-To:. 471 Proposed by Andrzej Filip. 472 Use STARTTLS/AUTH=server/client for logging incoming/outgoing 473 STARTTLS/AUTH connections; log incoming connections at level 474 9 or higher. Use AUTH/STARTTLS instead of SASL/TLS for SMTP 475 AUTH/STARTTLS related logfile entries. 476 Convert unprintable characters (and backslash) into octal or C format 477 before logging. 478 Log recipients if no message is transferred but QUIT/RSET is given 479 (at LogLevel 9/10 or higher). 480 Log discarded recipients at LogLevel 10 or higher. 481 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections 482 in which most commands are rejected due to check_relay or 483 TCP Wrappers if the host tries one of those commands anyway. 484 Change logging format for cloned envelopes to be similar to that for 485 DSNs ("old id: new id: clone"). Suggested by Ulrich Windl 486 of the Universitat Regensburg. 487 Added libsm, a C library of general purpose abstractions including 488 assertions, tracing and debugging with named debug categories, 489 exception handling, malloc debugging, resource pools, 490 portability abstractions, and an extensible buffered I/O 491 package. It will at some point replace libsmutil. 492 See libsm/index.html for details. 493 Fixed most memory leaks in sendmail which were previously taken 494 care of by fork() and exit(). 495 Use new sm_io*() functions in place of stdio calls. Allows for 496 more consistent portablity amongst different platforms 497 new and old (from new libsm). 498 Common I/O pkg means just one buffering method needed instead of two 499 ('bf_portable' and 'bf_torek' now just 'bf'). 500 Sfio no longer needed as SASL/TLS code uses sm_io*() API's. 501 New possible value 'interactive' for SuperSafe which can be used 502 together with DeliveryMode=interactive is to avoid some disk 503 synchronizations calls. 504 Add per-recipient status information to mailq -v output. 505 T_ANY queries are no longer used by sendmail. 506 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS" 507 too (see include/sm/cdefs.h for more info). 508 sendmail -d now has general support for named debug categories. 509 See libsm/debug.html and section 3.4 of doc/op/op.me 510 for details. 511 Eliminate the "postmaster warning" DSNs on address parsing errors 512 such as unbalanced angle brackets or parentheses. The DSNs 513 generated by this condition were illegal (not RFC conform). 514 Problem noted by Ulrich Windl of the Universitaet Regensburg. 515 Do not issue a DSN if the ruleset localaddr resolves to the $#error 516 mailer and the recipient has hence been rejected during the 517 SMTP dialogue. Problem reported by Larry Greenfield of CMU. 518 Deal with a case of multiple deliveries on misconfigured systems 519 that do not have postmaster defined. If an email was sent 520 from an address to which a DSN cannot be returned and 521 in which at least one recipient address is non-deliverable, 522 then that email had been delivered in each queue run. 523 Problem reported by Matteo HCE Valsasna of Universita 524 degli Studi dell'Insubria. 525 The compilation options SMTP, DAEMON, and QUEUE have been removed, 526 i.e., the corresponding code is always compiled in now. 527 Log the command line in daemon/queue-run mode at LogLevel 10 and 528 higher. Suggested by Robert Harker of Harker Systems. 529 New ResolverOptions setting: WorkAroundBrokenAAAA. When 530 attempting to canonify a hostname, some broken nameservers 531 will return SERVFAIL (a temporary failure) on T_AAAA (IPv6) 532 lookups. If you want to excuse this behavior, use this new 533 flag. Suggested by Chris Foote of SE Network Access and 534 Mark Roth of the University of Illinois at 535 Urbana-Champaign. 536 Free the memory allocated by getipnodeby{addr,name}(). Problem 537 noted by Joy Latten of IBM. 538 ConnectionRateThrottle limits the number of connections per second 539 to each daemon individually, not the overall number of 540 connections. 541 Specifying only "ldap:" as an AliasFile specification will force 542 sendmail to use a default alias schema as outlined in the 543 ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of 544 cf/README. 545 Add a new syntax for the 'F' (file class) sendmail.cf command. If 546 the first character after the class name is not a '/' or a 547 '|' and it contains an '@' (e.g., F{X}key@class:spec), the 548 rest of the line will be parsed as a map lookup. This 549 allows classes to be filled via a map lookup. See op.me 550 for more syntax information. Specifically, this can be 551 used for commands such as VIRTUSER_DOMAIN_FILE() to read 552 the list of domains via LDAP (see the ``USING LDAP FOR 553 ALIASES, MAPS, and CLASSES'' section of cf/README for an 554 example). 555 The new macro ${sendmailMTACluster} determines the LDAP cluster for 556 the default schema used in the above two items. 557 Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a 558 warning if a program being run from a mailer or file class 559 (e.g., F|/path/to/prog) is in an unsafe directory path. 560 Unless DontBlameSendmail=RunWritableProgram is set, log a warning 561 if a program being run from a mailer or file class 562 (e.g., F|/path/to/prog) is group or world writable. 563 Loopback interfaces (e.g., "lo0") are now probed for class {w} 564 hostnames. Setting DontProbeInterfaces to "loopback" 565 (without quotes) will disable this and return to the 566 pre-8.12 behavior of only probing non-loopback interfaces. 567 Suggested by Bryan Stansell of GNAC. 568 In accordance with RFC 2821 section 4.1.4, accept multiple 569 HELO/EHLO commands. 570 Multiple ClientPortOptions settings are now allowed, one for each 571 possible protocol family which may be used for outgoing 572 connections. Restrictions placed on one family only affect 573 outgoing connections on that particular family. Because of 574 this change, the ${client_flags} macro is not set until the 575 connection is established. Based on patch from Motonori 576 Nakamura of Kyoto University. 577 PrivacyOptions=restrictexpand instructs sendmail to drop privileges 578 when the -bv option is given by users who are neither root 579 nor the TrustedUser so users can not read private aliases, 580 forwards, or :include: files. It also will override the -v 581 (verbose) command line option. 582 If the M=b modifier is set in DaemonPortOptions and the interface 583 address can't be used for the outgoing connection, fall 584 back to the settings in ClientPortOptions (if set). 585 Problem noted by John Beck of Sun Microsystems. 586 New named config file rule check_data for DATA command (input: 587 number of recipients). Based on patch from Mark Roth of 588 the University of Illinois at Urbana-Champaign. 589 Add support for ETRN queue selection per RFC 1985. The queue group 590 can be specified using the '#' option character. For 591 example, 'ETRN #queuegroup'. 592 If an LDAP server times out or becomes unavailable, close the 593 current connection and reopen to get to one of the fallback 594 servers. Patch from Paul Hilchey of the University of 595 British Columbia. 596 Make default error number on $#error messages 550 instead of 501 597 because 501 is not allowed on all commands. 598 The .cf file option UnsafeGroupWrites is deprecated, it should be 599 replaced with the settings GroupWritableForwardFileSafe 600 and GroupWritableIncludeFileSafe in DontBlameSendmail 601 if required. 602 The deprecated ldapx map class has been removed. Use the ldap map 603 class instead. 604 Any IPv6 addresses used in configuration should be prefixed by the 605 "IPv6:" tag to identify the address properly. For example, 606 if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to 607 class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4]. 608 Change the $&{opMode} macro if the operation mode changes while the 609 MTA is running. For example, during a queue run. 610 Add "use_inet6" as a new ResolverOptions flag to control the 611 RES_USE_INET6 resolver option. Based on patch from Rick 612 Nelson of IBM. 613 The maximum number of commands before the MTA slows down when too 614 many "light weight" commands have been received are now 615 configurable during compile time. The current values and 616 their defaults are: 617 MAXBADCOMMANDS 25 unknown commands 618 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 619 MAXHELOCOMMANDS 3 HELO, EHLO 620 MAXVRFYCOMMANDS 6 VRFY, EXPN 621 MAXETRNCOMMANDS 8 ETRN 622 Setting a value to 0 disables the check. Patch from Bryan 623 Costales of SL3D, Inc. 624 The header syntax H?${MyMacro}?X-My-Header: now not only checks if 625 ${MyMacro} is defined but also that it is not empty. 626 Properly quote usernames with special characters if they are used 627 in headers. Problem noted by Kari Hurtta of the Finnish 628 Meteorological Institute. 629 Be sure to include the proper Final-Recipient: DSN header in bounce 630 messages for messages for mailing list expanded addresses 631 which are not delivered on the initial attempt. 632 Do not treat errors as sticky when doing delivery via LMTP after 633 the final dot has been sent to avoid affecting future 634 deliveries. Problem reported by Larry Greenfield of CMU. 635 New compile time flag REQUIRES_DIR_FSYNC which turns on support for 636 file systems that require to call fsync() for a directory 637 if the meta-data in it has been changed. This should be 638 set at least for ReiserFS; it is enabled by default for Linux. 639 See sendmail/README for further information. 640 Avoid file locking deadlock when updating the statistics file if 641 sendmail is signaled to terminate. Problem noted by 642 Christophe Wolfhugel of France Telecom. 643 Set the $c macro (hop count) as it is being set instead of when the 644 envelope is initialized. Problem noted by Kari Hurtta of 645 the Finnish Meteorological Institute. 646 Properly count recipients for DeliveryMode defer and queue. Fix 647 from Peter A. Friend of EarthLink. 648 Treat invalid hesiod lookups as permanent errors instead of 649 temporary errors. Problem noted by Russell McOrmond of 650 flora.ca. 651 Portability: 652 Remove support for AIX 2, which supports only 14 character 653 filenames and is outdated anyway. Suggested by 654 Valdis Kletnieks of Virginia Tech. 655 Change several settings for Irix 6: remove confSBINDIR, 656 i.e., use default /usr/sbin, change owner/group 657 of man pages and user-executable to root/sys, set 658 optimization limit to 0 (unlimited). Based on patch 659 from Ayamura Kikuchi, M.D, and proposal from Kari 660 Hurtta of the Finnish Meteorological Institute. 661 Do not assume LDAP support is installed by default under 662 Solaris 8 and later. 663 Add support for OpenUNIX. 664 CONFIG: Increment version number of config file to 10. 665 CONFIG: Add an install target and a README file in cf/cf. 666 CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc. 667 CONFIG: Reject empty recipient addresses (in check_rcpt). 668 CONFIG: The access map uses an option of -T<TMPF> to deal with 669 temporary lookup failures. 670 CONFIG: New value for access map: SKIP, which causes the default 671 action to be taken by aborting the search for domain names 672 or IP nets. 673 CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or 674 relay address as long as the other part allows the email 675 to get through. 676 CONFIG: Entries for virtusertable can make use of a third parameter 677 "%3" which contains "+detail" of a wildcard match, i.e., an 678 entry like user+*@domain. This allows handling of details by 679 using %1%3 as the RHS. Additionally, a "+" wildcard has been 680 introduced to match only non-empty details of addresses. 681 CONFIG: Numbers for rulesets used by MAILERs have been removed 682 and hence there is no required order within the MAILER 683 section anymore except for MAILER(`uucp') which must come 684 after MAILER(`smtp') if uucp-dom and uucp-uudom are used. 685 CONFIG: Hosts listed in the generics domain class {G} 686 (GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated 687 as canonical. Suggested by Per Hedeland of Ericsson. 688 CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup 689 in the access map which returns OK or RELAY actually 690 terminates check_* ruleset checking. 691 CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset 692 tls_rcpt, see cf/README for details. 693 CONFIG: Change format of Received: header line which reveals whether 694 STARTTLS has been used to "(version=${tls_version} 695 cipher=${cipher} bits=${cipher_bits} verify=${verify})". 696 CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks') 697 options friends/haters instead of "To:" and enable 698 specification of whole domains instead of just users. 699 Notice: this change is not backward compatible. 700 Suggested by Chris Adams from HiWAAY Informations Services. 701 CONFIG: Allow for local extensions for most new rulesets, see 702 cf/README for details. 703 CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in 704 the access map. Proposed by Randall Winchester of the 705 University of Maryland. 706 CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for 707 the local mailer. Proposed by Ingo Brueckl of Wupper Online. 708 CONFIG: confRELAY_MSG/confREJECT_MSG can override the default 709 messages for an unauthorized relaying attempt/for access 710 map entries with RHS REJECT, respectively. 711 CONFIG: FEATURE(`always_add_domain') takes an optional argument 712 to specify another domain to be added instead of the local one. 713 Suggested by Richard H. Gumpertz of Computer Problem 714 Solving. 715 CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific 716 options, see doc/op/op.me for details. 717 CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for 718 the security layer in SMTP AUTH (SASL). 719 CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated 720 immediately. 721 CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which 722 allows checking of the return values of the DNS lookups. 723 See cf/README for details. 724 CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for 725 temporary lookup failures. 726 CONFIG: New option confDELIVER_BY_MIN to specify minimum time for 727 Deliver By (RFC 2852) or to turn off the extension. 728 CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared 729 memory use. 730 CONFIG: New FEATURE(`compat_check') to look up a key consisting 731 of the sender and the recipient address delimited by the 732 string "<@>", e.g., sender@sdomain<@>recipient@rdomain, 733 in the access map. Based on code contributed by Mathias 734 Koerber of Singapore Telecommunications Ltd. 735 CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user 736 file. Suggested by John Beck of Sun Microsystems. 737 CONFIG: Don't use MAILER-DAEMON for error messages delivered 738 via LMTP. Problem reported by Larry Greenfield of CMU. 739 CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of 740 the recipient host if LUSER_RELAY is used. 741 CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the 742 +detail portion of the address when passing address to 743 local delivery agent. Disables alias and .forward +detail 744 stripping. Only use if LDA supports this. 745 CONFIG: Removed deprecated FEATURE(`rbl'). 746 CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE() 747 which allow you to specify 'equivalent' hosts for LDAP 748 Routing lookups. Equivalent hostnames are replaced by the 749 masquerade domain name for lookups. See cf/README for 750 additional details. 751 CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which 752 instructs the rulesets on what to do if the address being 753 looked up has +detail information. See cf/README for more 754 information. 755 CONFIG: When chosing a new destination via LDAP Routing, also look 756 up the new routing address/host in the mailertable. Based 757 on patch from Don Badrak of the United States Census Bureau. 758 CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing 759 is in use and the bounce option is enabled. Only reject 760 recipients as user unknown. 761 CONFIG: Provide LDAP support for the remaining database map 762 features. See the ``USING LDAP FOR ALIASES AND MAPS'' 763 section of cf/README for more information. 764 CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster} 765 macro used for LDAP searches as described above in ``USING 766 LDAP FOR ALIASES, MAPS, AND CLASSES''. 767 CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(), 768 which takes the options as argument and can be used 769 multiple times; see cf/README for details. 770 CONFIG: Add configuration macros for new options: 771 confBAD_RCPT_THROTTLE BadRcptThrottle 772 confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 773 confMAILBOX_DATABASE MailboxDatabase 774 confMAX_QUEUE_CHILDREN MaxQueueChildren 775 confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 776 confNICE_QUEUE_RUN NiceQueueRun 777 confQUEUE_FILE_MODE QueueFileMode 778 confFAST_SPLIT FastSplit 779 confTLS_SRV_OPTIONS TLSSrvOptions 780 See above (and related documentation) for further information. 781 CONFIG: Add configuration variables for new timeout options: 782 confTO_ACONNECT Timeout.aconnect 783 confTO_AUTH Timeout.auth 784 confTO_LHLO Timeout.lhlo 785 confTO_STARTTLS Timeout.starttls 786 CONFIG: Add configuration macros for mail filter API: 787 confINPUT_MAIL_FILTERS InputMailFilters 788 confMILTER_LOG_LEVEL Milter.LogLevel 789 confMILTER_MACROS_CONNECT Milter.macros.connect 790 confMILTER_MACROS_HELO Milter.macros.helo 791 confMILTER_MACROS_ENVFROM Milter.macros.envfrom 792 confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 793 Mail filters can be defined via INPUT_MAIL_FILTER() and 794 MAIL_FILTER(). See libmilter/README, cf/README, and 795 doc/op/op.me for details. 796 CONFIG: Add support for accepting temporarily unresolvable domains. 797 See cf/README for details. Based on patch by Motonori 798 Nakamura of Kyoto University. 799 CONFIG: confDEQUOTE_OPTS can be used to specify options for the 800 dequote map. 801 CONFIG: New macro QUEUE_GROUP() to define queue groups. 802 CONFIG: New FEATURE(`queuegroup') to select a queue group based 803 on the full e-mail address or the domain of the recipient. 804 CONFIG: Any IPv6 addresses used in configuration should be prefixed 805 by the "IPv6:" tag to identify the address properly. For 806 example, if you want to use the IPv6 address 807 2002:c0a8:51d2::23f4 in the access database, you would need 808 to use IPv6:2002:c0a8:51d2::23f4 on the left hand side. 809 This affects the access database as well as the 810 relay-domains and local-host-names files. 811 CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux). 812 CONFIG: Avoid expansion of m4 keywords in SMART_HOST. 813 CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading 814 exceptions from a file. Suggested by Trey Breckenridge of 815 Mississippi State University. 816 CONFIG: Add LOCAL_USER_FILE() for reading local users 817 (LOCAL_USER() -- $={L}) entries from a file. 818 CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4 819 which allows to lookup error codes in the access map. 820 Contributed by Neil Rickert of Northern Illinois University. 821 DEVTOOLS: Add new options for installation of include and library 822 files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP, 823 confLIBMODE, confLIBOWN. 824 DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off 825 installation of the the formatted man pages on operating 826 systems which don't include cat directories. 827 EDITMAP: New program for editing maps as supplement to makemap. 828 MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up 829 local mail recipients. New option -D mbdb specifies the 830 mailbox database type. 831 MAIL.LOCAL: New option "-h filename" which instructs mail.local to 832 deliver the mail to the named file in the user's home 833 directory instead of the system mail spool area. Based on 834 patch from Doug Hardie of the Los Angeles Free-Net. 835 MAILSTATS: New command line option -P which acts the same as -p but 836 doesn't truncate the statistics file. 837 MAKEMAP: Add new option -t to specify a different delimiter 838 instead of white space. 839 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway 840 submission. Problem noted by Kari Hurtta of the Finnish 841 Meteorological Institute. 842 SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later. 843 VACATION: Change Auto-Submitted: header value from auto-generated to 844 auto-replied. From Kenneth Murchison of Oceana Matrix Ltd. 845 VACATION: New option -d to send error/debug messages to stdout 846 instead of syslog. 847 VACATION: New option -U which prevents the attempt to lookup login 848 in the password file. The -f and -m options must be used 849 to specify the database and message file since there is no 850 home directory for the default settings for these options. 851 VACATION: Vacation now uses the libsm mbdb package to look up 852 local mail recipients; it reads the MailboxDatabase option 853 from the sendmail.cf file. New option -C cffile which 854 specifies the path of the sendmail.cf file. 855 New Directories: 856 libmilter/docs 857 New Files: 858 cf/cf/README 859 cf/cf/submit.cf 860 cf/cf/submit.mc 861 cf/feature/authinfo.m4 862 cf/feature/compat_check.m4 863 cf/feature/enhdnsbl.m4 864 cf/feature/msp.m4 865 cf/feature/local_no_masquerade.m4 866 cf/feature/lookupdotdomain.m4 867 cf/feature/preserve_luser_host.m4 868 cf/feature/preserve_local_plus_detail.m4 869 cf/feature/queuegroup.m4 870 cf/sendmail.schema 871 contrib/dnsblaccess.m4 872 devtools/M4/UNIX/sm-test.m4 873 devtools/OS/OpenUNIX.5.i386 874 editmap/* 875 include/sm/* 876 libsm/* 877 libsmutil/cf.c 878 libsmutil/err.c 879 sendmail/SECURITY 880 sendmail/TUNING 881 sendmail/bf.c 882 sendmail/bf.h 883 sendmail/sasl.c 884 sendmail/sm_resolve.c 885 sendmail/sm_resolve.h 886 sendmail/tls.c 887 Deleted Files: 888 cf/feature/rbl.m4 889 cf/ostype/aix2.m4 890 devtools/OS/AIX.2 891 include/sendmail/cdefs.h 892 include/sendmail/errstring.h 893 include/sendmail/useful.h 894 libsmutil/errstring.c 895 sendmail/bf_portable.c 896 sendmail/bf_portable.h 897 sendmail/bf_torek.c 898 sendmail/bf_torek.h 899 sendmail/clock.c 900 Renamed Files: 901 cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc 902 cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf 903 cf/ostype/aux.m4 => cf/ostype/a-ux.m4 904 9058.11.6/8.11.6 2001/08/20 906 SECURITY: Fix a possible memory access violation when specifying 907 out-of-bounds debug parameters. Problem detected by 908 Cade Cairns of SecurityFocus. 909 Avoid leaking recipient information in unrelated DSNs. This could 910 happen if a connection is aborted, several mails had been 911 scheduled for delivery via that connection, and the timeout 912 is reached such that several DSNs are sent next. Problem 913 noted by Dileepan Moorkanat of Hewlett-Packard. 914 Fix a possible segmentation violation when specifying too many 915 wildcard operators in a rule. Problem detected by 916 Werner Wiethege. 917 Avoid a segmentation fault on non-matching Hesiod lookups. Problem 918 noted by Russell McOrmond of flora.ca 919 9208.11.5/8.11.5 2001/07/31 921 Fix a possible race condition when sending a HUP signal to restart 922 the daemon. This could terminate the current process without 923 starting a new daemon. Problem reported by Wolfgang Breyha 924 of SE Netway Communications. 925 Only apply MaxHeadersLength when receiving a message via SMTP or 926 the command line. Problem noted by Andrey J. Melnikoff. 927 When finding the system's local hostname on an IPv6-enabled system 928 which doesn't have any IPv6 interface addresses, fall back 929 to looking up only IPv4 addresses. Problem noted by Tim 930 Bosserman of EarthLink. 931 When commands were being rejected due to check_relay or TCP 932 Wrappers, the ETRN command was not giving a response. 933 Incoming IPv4 connections on a Family=inet6 daemon (using 934 IPv4-mapped addresses) were incorrectly labeled as "may be 935 forged". Problem noted by Per Steinar Iversen of Oslo 936 University College. 937 Shutdown address test mode cleanly on SIGTERM. Problem noted by 938 Greg King of the OAO Corporation. 939 Restore the original real uid (changed in main() to prevent 940 out of band signals) before invoking a delivery agent. 941 Some delivery agents use this for the "From " envelope 942 "header". Problem noted by Leslie Carroll of the 943 University at Albany. 944 Mark closed file descriptors properly to avoid reuse. Problem 945 noted by Jeff Bronson of J.D. Bronson, Inc. 946 Setting Timeout options on the command line will also override 947 their sub-suboptions in the .cf file, e.g., -O 948 Timeout.queuereturn=2d will set all queuereturn timeouts 949 to 2 days. Problem noted by Roger B.A. Klorese. 950 Portability: 951 BSD/OS has a broken setreuid() implementation. Problem 952 noted by Vernon Schryver of Rhyolite Software. 953 BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?). 954 Noted by Vernon Schryver of Rhyolite Software. 955 BSD/OS has fchown(2). Noted by Dave Yadallee of Netline 956 2000 Internet Solutions Inc. 957 Solaris 2.X and later have strerror(3). From Sebastian 958 Hagedorn of Cologne University. 959 CONFIG: Fix parsing for IPv6 domain literals in addresses 960 (user@[IPv6:address]). Problem noted by Liyuan Zhou. 961 9628.11.4/8.11.4 2001/05/28 963 Clean up signal handling routines to reduce the chances of heap 964 corruption and other potential race conditions. 965 Terminating and restarting the daemon may not be 966 instantaneous due to this change. Also, non-root users can 967 no longer send out-of-band signals. Problem reported by 968 Michal Zalewski of BindView. 969 If LogLevel is greater than 9 and SASL fails to negotiate an 970 encryption layer, avoid core dump logging the encryption 971 strength. Problem noted by Miroslav Zubcic of Crol. 972 If a server offers "AUTH=" and "AUTH " and the list of mechanisms is 973 different in those two lines, sendmail might not have 974 recognized (and used) all of the offered mechanisms. 975 Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch 976 from Kenji Miyake. 977 This time, really don't use the .. directory when expanding 978 QueueDirectory wildcards. 979 If a process is interrupted while closing a map, don't try to close 980 the same map again while exiting. 981 Allow local mailers (F=l) to contact remote hosts (e.g., via 982 LMTP). Problem noted by Norbert Klasen of the University 983 of Tuebingen. 984 If Timeout.QueueReturn was set to a value less the time it took 985 to write a new queue file (e.g., 0 seconds), the bounce 986 message would be lost. Problem noted by Lorraine L Goff of 987 Oklahoma State University. 988 Pass map argument vector into map rewriting engine for the regex 989 and prog map types. Problem noted by Stephen Gildea of 990 InTouch Systems, Inc. 991 When closing an LDAP map due to a temporary error, close all of the 992 other LDAP maps which share the original map's connection 993 to the LDAP server. Patch from Victor Duchovni of 994 Morgan Stanley. 995 To detect changes of NDBM aliases files check the timestamp of the 996 .pag file instead of the .dir file. Problem noted by Neil 997 Rickert of Northern Illinois University. 998 Don't treat temporary hesiod lookup failures as permanent. Patch 999 from Werner Wiethege. 1000 If ClientPortOptions is set, make sure to create the outgoing socket 1001 with the family set in that option. Patch from Sean Farley. 1002 Avoid a segmentation fault trying to dereference a NULL pointer 1003 when logging a MaxHopCount exceeded error with an empty 1004 recipient list. Problem noted by Chris Adams of HiWAAY 1005 Internet Services. 1006 Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich 1007 Windl of the Universitaet Regensburg. 1008 Fix DSN for "mail loops back to me" bounces. Problem noticed by 1009 Kari Hurtta of the Finnish Meteorological Institute. 1010 Portability: 1011 OpenBSD has a broken setreuid() implementation. 1012 CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back 1013 to 553 since it is allowed by DRUMS. 1014 CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X. 1015 DEVTOOLS: install.sh did not properly handle paths in the source 1016 file name argument. Noted by Kari Hurtta of the Finnish 1017 Meteorological Institute. 1018 DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD 1019 since it generates random process ids. 1020 PRALIASES: Add back adaptive algorithm to deal with different endings 1021 of entries in the database (with/without trailing '\0'). 1022 Patch from John Beck of Sun Microsystems. 1023 New Files: 1024 cf/ostype/freebsd4.m4 1025 10268.11.3/8.11.3 2001/02/27 1027 Prevent a segmentation fault when a bogus value was used in the 1028 LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus 1029 option was used. Problem noted by Allan E Johannesen of 1030 Worcester Polytechnic Institute. 1031 Prevent "token too long" message by shortening {currHeader} which 1032 could be too long if the last copied character was a quote. 1033 Problem detected by Jan Krueger of digitalanswers 1034 communications consulting gmbh. 1035 Additional IPv6 check for unspecified addresses. Patch from 1036 Jun-ichiro itojun Hagino of the KAME Project. 1037 Do not ignore the ClientPortOptions setting if DaemonPortOptions 1038 Modifier=b (bind to same interface) is set and the 1039 connection came in from the command line. 1040 Do not bind to the loopback address if DaemonPortOptions 1041 Modifier=b (bind to same interface) is set. Patch from 1042 John Beck of Sun Microsystems. 1043 Properly deal with open failures on non-optional maps used in 1044 check_* rulesets by returning a temporary failure. 1045 Buffered file I/O files were not being properly fsync'ed to disk 1046 when they were committed. 1047 Properly encode '=' for the AUTH= parameter of the MAIL command. 1048 Problem noted by Hadmut Danisch. 1049 Under certain circumstances the macro {server_name} could be set 1050 to the wrong hostname (of a previous connection), which may 1051 cause some rulesets to return wrong results. This would 1052 usually cause mail to be queued up and delivered later on. 1053 Ignore F=z (LMTP) mailer flag if $u is given in the mailer A= 1054 equate. Problem noted by Motonori Nakamura of Kyoto 1055 University. 1056 Work around broken accept() implementations which only partially 1057 fill in the peer address if the socket is closed before 1058 accept() completes. 1059 Return an SMTP "421" temporary failure if the data file can't be 1060 opened where the "354" reply would normally be given. 1061 Prevent a CPU loop in trying to expand a macro which doesn't exist 1062 in a queue run. Problem noted by Gordon Lack of Glaxo 1063 Wellcome. 1064 If delivering via a program and that program exits with EX_TEMPFAIL, 1065 note that fact for the mailq display instead of just showing 1066 "Deferred". Problem noted by Motonori Nakamura of Kyoto 1067 University. 1068 If doing canonification via /etc/hosts, try both the fully 1069 qualified hostname as well as the first portion of the 1070 hostname. Problem noted by David Bremner of the 1071 University of New Brunswick. 1072 Portability: 1073 Fix a compilation problem for mail.local and rmail if SFIO 1074 is in use. Problem noted by Auteria Wally 1075 Winzer Jr. of Champion Nutrition. 1076 IPv6 changes for platforms using KAME. Patch from 1077 Jun-ichiro itojun Hagino of the KAME Project. 1078 OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and 1079 higher has BSDI-style login classes. Patch from 1080 Todd C. Miller of Courtesan Consulting. 1081 Unixware 7.1.1 doesn't allow h_errno to be set directly if 1082 sendmail is being compiled with -kthread. Problem 1083 noted by Orion Poplawski of CQG, Inc. 1084 CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and 1085 current left hand side for $LHS in virtuser files. 1086 DEVTOOLS: Do not pass make targets to recursive Build invocations. 1087 Problem noted by Jeff Bronson of J.D. Bronson, Inc. 1088 MAIL.LOCAL: In LMTP mode, do not return errors regarding problems 1089 storing the temporary message file until after the remote 1090 side has sent the final DATA termination dot. Problem 1091 noted by Allan E Johannesen of Worcester Polytechnic 1092 Institute. 1093 MAIL.LOCAL: If LMTP mode is set, give a temporary error if users 1094 are also specified on the command line. Patch from 1095 Motonori Nakamura of Kyoto University. 1096 PRALIASES: Skip over AliasFile specifications which aren't based on 1097 database files (i.e., only show dbm, hash, and btree). 1098 Renamed Files: 1099 devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x 1100 11018.11.2/8.11.2 2000/12/29 1102 Prevent a segmentation fault when trying to set a class in 1103 address test mode due to a negative array index. Audit 1104 other array indexing. This bug is not believed to be 1105 exploitable. Noted by Michal Zalewski of the "Internet for 1106 Schools" project (IdS). 1107 Add an FFR (for future release) to drop privileges when using 1108 address test mode. This will be turned on in 8.12. It can 1109 be enabled by compiling with: 1110 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS') 1111 in your devtools/Site/site.config.m4 file. Suggested by 1112 Michal Zalewski of the "Internet for Schools" project (IdS). 1113 Fix potential problem with Cyrus-SASL security layer which may have 1114 caused I/O errors, especially for mechanism DIGEST-MD5. 1115 When QueueSortOrder was set to host, sendmail might not read 1116 enough of the queue file to determine the host, making the 1117 sort sub-optimal. Problem noted by Jeff Earickson of 1118 Colby College. 1119 Don't issue DSNs for addresses which use the NOTIFY parameter (per 1120 RFC 1891) but don't have FAILURE as value. 1121 Initialize Cyrus-SASL library before the SMTP daemon is started. 1122 This implies that every change to SASL related files requires 1123 a restart of the daemon, e.g., Sendmail.conf, new SASL 1124 mechanisms (in form of shared libraries). 1125 Properly set the STARTTLS related macros during a queue run for 1126 a cached connection. Bug reported by Michael Kellen of 1127 NxNetworks, Inc. 1128 Log the server name in relay= for ruleset tls_server instead of the 1129 client name. 1130 Include original length of bad field/header when reporting 1131 MaxMimeHeaderLength problems. Requested by Ulrich Windl of 1132 the Universitat Regensburg. 1133 Fix delivery to set-user-ID files that are expanded from aliases in 1134 DeliveryMode queue. Problem noted by Ric Anderson of the 1135 University of Arizona. 1136 Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano 1137 of Collective Technologies. 1138 Avoid using a negative argument for sleep() calls when delaying answers 1139 to EXPN/VRFY commands on systems which respond very slowly. 1140 Problem noted by Mikolaj J. Habryn of Optus Internet 1141 Engineering. 1142 Make sure the F=u flag is set in the default prog mailer 1143 definition. Problem noted by Kari Hurtta of the Finnish 1144 Meteorological Institute. 1145 Fix IPv6 check for unspecified addresses. Patch from 1146 Jun-ichiro itojun Hagino of the KAME Project. 1147 Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish 1148 Meteorological Institute. 1149 Fix parsing of DaemonPortOptions and ClientPortOptions. Read all 1150 of the parameters to find Family= setting before trying to 1151 interpret Addr= and Port=. Problem noted by Valdis 1152 Kletnieks of Virginia Tech. 1153 When delivering to a file directly from an alias, do not call 1154 initgroups(); instead use the DefaultUser group information. 1155 Problem noted by Marc Schaefer of ALPHANET NF. 1156 RunAsUser now overrides the ownership of the control socket, if 1157 created. Otherwise, sendmail can not remove it upon 1158 close. Problem noted by Werner Wiethege. 1159 Fix ConnectionRateThrottle counting as the option is the number of 1160 overall connections, not the number of connections per 1161 socket. A future version may change this to per socket 1162 counting. 1163 Portability: 1164 Clean up libsmdb so it functions properly on platforms 1165 where sizeof(u_int32_t) != sizeof(size_t). Problem 1166 noted by Rein Tollevik of Basefarm AS. 1167 Fix man page formatting for compatibility with Solaris' 1168 whatis. From Stephen Gildea of InTouch Systems, Inc. 1169 UnixWare 7 includes snprintf() support. From Larry 1170 Rosenman. 1171 IPv6 changes for platforms using KAME. Patch from 1172 Jun-ichiro itojun Hagino of the KAME Project. 1173 Avoid a typedef compile conflict with Berkeley DB 3.X and 1174 Solaris 2.5 or earlier. Problem noted by Bob Hughes 1175 of Pacific Access. 1176 Add preliminary support for AIX 5. Contributed by 1177 Valdis Kletnieks of Virginia Tech. 1178 Solaris 9 load average support from Andrew Tucker of Sun 1179 Microsystems. 1180 CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r') 1181 is used. Problem noted by Phil Homewood of Asia Online, 1182 patch from Neil Rickert of Northern Illinois University. 1183 CONFIG: Change the default DNS based blacklist server for 1184 FEATURE(`dnsbl') to blackholes.mail-abuse.org. 1185 CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e., 1186 implicitly assume canonical host names. 1187 CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on 1188 patch by Motonori Nakamura of Kyoto University. 1189 CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of 1190 Virginia Tech. 1191 CONFIG: Pass the illegal header form <list:;> through untouched 1192 instead of making it worse. Problem noted by Motonori 1193 Nakamura of Kyoto University. 1194 CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`). 1195 CONTRIB: qtool.pl: An empty queue is not an error. Problem noted 1196 by Jan Krueger of digitalanswers communications consulting 1197 gmbh. 1198 CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark 1199 Roth of the University of Illinois at Urbana-Champaign. 1200 DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4 1201 variables into bldOS, bldREL, and bldARCH to prevent 1202 namespace collisions. Problem noted by Motonori Nakamura 1203 of Kyoto University. 1204 RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It 1205 causes some changes in behavior and may break rmail for 1206 installations where sendmail is actually a wrapper to 1207 another MTA. The change will re-appear in a future 1208 version. 1209 SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X, 1210 and SunOS 5.8. Requested by Jeff A. Earickson of Colby 1211 College and John Beck of Sun Microsystems. 1212 VACATION: Fix pattern matching for addresses to ignore. 1213 VACATION: Don't reply to addresses of the form owner-* 1214 or *-owner. 1215 New Files: 1216 cf/ostype/aix5.m4 1217 contrib/buildvirtuser 1218 devtools/OS/AIX.5.0 1219 12208.11.1/8.11.1 2000/09/27 1221 Fix SMTP EXPN command output if the address expands to a single 1222 name. Fix from John Beck of Sun Microsystems. 1223 Don't try STARTTLS in the client if the PRNG has not been properly 1224 seeded. This problem only occurs on systems without 1225 /dev/urandom. Problem detected by Jan Krueger of 1226 digitalanswers communications consulting gmbh and 1227 Neil Rickert of Northern Illinois University. 1228 Don't use the . and .. directories when expanding QueueDirectory 1229 wildcards. 1230 Do not try to cache LDAP connections across processes as a parent 1231 process may close the connection before the child process 1232 has completed. Problem noted by Lai Yiu Fai of the Hong 1233 Kong University of Science and Technology and Wolfgang 1234 Hottgenroth of UUNET. 1235 Use Timeout.fileopen to limit the amount of time spent trying to 1236 read the LDAP secret from a file. 1237 Prevent SIGTERM from removing a command line submitted item after 1238 the user submits the message and before the first delivery 1239 attempt completes. Problem noted by Max France of AlphaNet. 1240 Fix from Neil Rickert of Northern Illinois University. 1241 Deal correctly with MaxMessageSize restriction if message size is 1242 greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman 1243 of EarthLink. 1244 Turn off queue checkpointing if CheckpointInterval is set to zero. 1245 Treat an empty home directory (from getpw*() or $HOME) as 1246 non-existent instead of treating it as /. Problem noted by 1247 Todd C. Miller of Courtesan Consulting. 1248 Don't drop duplicate headers when reading a queued item. Problem 1249 noted by Motonori Nakamura of Kyoto University. 1250 Avoid bogus error text when logging the savemail panic "cannot 1251 save rejected email anywhere". Problem noted by Marc G. 1252 Fournier of Acadia University. 1253 If an LDAP search fails because the LDAP server went down, close 1254 the map so subsequent searches reopen the map. If there are 1255 multiple LDAP servers, the down server will be skipped and 1256 one of the others may be able to take over. 1257 Set the ${load_avg} macro to the current load average, not the 1258 previous load average query result. 1259 If a non-optional map used in a check_* ruleset can't be opened, 1260 return a temporary failure to the remote SMTP client 1261 instead of ignoring the map. Problem noted by Allan E 1262 Johannesen of Worcester Polytechnic Institute. 1263 Avoid a race condition when queuing up split envelopes by saving 1264 the split envelopes before the original envelope. 1265 Fix a bug in the PH_MAP code which caused mail to bounce instead of 1266 defer if the PH server could not be contacted. From Mark 1267 Roth of the University of Illinois at Urbana-Champaign. 1268 Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and 1269 ETRN. Problem noted by Erik R. Leo of SoVerNet. 1270 Change error code for unrecognized parameters to the SMTP MAIL and 1271 RCPT commands from 501 to 555 per RFC 1869. Problem 1272 reported to Postfix by Robert Norris of Monash University. 1273 Prevent overwriting the argument of -B on certain OS. Problem 1274 noted by Matteo Gelosa of I.NET S.p.A. 1275 Use the proper routine for freeing memory with Netscape's LDAP 1276 client libraries. Patch from Paul Hilchey of the 1277 University of British Columbia. 1278 Portability: 1279 Move the NETINET6 define to devtools/OS/SunOS.5.{8,9} 1280 instead of defining it in conf.h so users can 1281 override the setting. Suggested by 1282 Henrik Nordstrom of Ericsson. 1283 On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of 1284 /usr/lib/sendmail for rmail and vacation. From 1285 Jeff A. Earickson of Colby College. 1286 On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which 1287 does not exist). From Jeff A. Earickson of Colby 1288 College. 1289 Avoid using the UCB subsystem on NCR MP-RAS 3.x. From 1290 Tom Moore of NCR. 1291 NeXT 3.X and 4.X installs man pages in /usr/man. From 1292 Hisanori Gogota of NTT/InterCommunicationCenter. 1293 Solaris 8 and later include /var/run. The default PID file 1294 location is now /var/run/sendmail.pid. From John 1295 Beck of Sun Microsystems. 1296 SFIO includes snprintf() for those operating systems 1297 which do not. From Todd C. Miller of Courtesan 1298 Consulting. 1299 CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}. 1300 Problem noted by Kaspar Brand of futureLab AG. 1301 CONFIG: Change 553 SMTP reply code to 501 to avoid problems with 1302 errors in the MAIL address. 1303 CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem 1304 noted by Ron Jarrell of Virginia Tech. 1305 CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8). 1306 Contributed by John Beck of Sun Microsystems. 1307 CONFIG: Set confFROM_HEADER such that the mail hub can possibly add 1308 GECOS information for an address. This more closely 1309 matches pre-8.10 nullclient behavior. From Per Hedeland of 1310 Ericsson. 1311 CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for 1312 SMTP to all *smtp* mailers and those for RELAY to the relay 1313 mailer as described in cf/README. 1314 MAIL.LOCAL: Open the mailbox as the recipient not root so quotas 1315 are obeyed. Problem noted by Damian Kuczynski of NIK. 1316 MAKEMAP: Do not change a map's owner to the TrustedUser if using 1317 makemap to 'unmake' the map. 1318 RMAIL: Avoid overflowing the list of recipients being passed to 1319 sendmail. 1320 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway 1321 submission. Problem noted by Kari Hurtta of the Finnish 1322 Meteorological Institute. 1323 VACATION: Read the complete message to avoid "broken pipe" signals. 1324 VACATION: Do not cut off vacation.msg files which have a single 1325 dot as the only character on the line. 1326 New Files: 1327 cf/ostype/solaris8.m4 1328 13298.11.0/8.11.0 2000/07/19 1330 SECURITY: If sendmail is installed as a non-root set-user-ID binary 1331 (not the normal case), some operating systems will still 1332 keep a saved-uid of the effective-uid when sendmail tries 1333 to drop all of its privileges. If sendmail needs to drop 1334 these privileges and the operating system doesn't set the 1335 saved-uid as well, exit with an error. Problem noted by 1336 Kari Hurtta of the Finnish Meteorological Institute. 1337 SECURITY: sendmail depends on snprintf() NUL terminating the string 1338 it populates. It is possible that some broken 1339 implementations of snprintf() exist that do not do this. 1340 Systems in this category should compile with 1341 -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your 1342 system and report broken implementations to 1343 sendmail-bugs@sendmail.org and your OS vendor. Problem 1344 noted by Slawomir Piotrowski of TELSAT GP. 1345 Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS). 1346 Implementation influenced by the example programs of 1347 OpenSSL and the work of Lutz Jaenicke of TU Cottbus. 1348 Add new STARTTLS related options CACERTPath, CACERTFile, 1349 ClientCertFile, ClientKeyFile, DHParameters, RandFile, 1350 ServerCertFile, and ServerKeyFile. These are documented in 1351 cf/README and doc/op/op.*. 1352 New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, 1353 ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, 1354 ${server_name}, and ${server_addr}. These are documented 1355 in cf/README and doc/op/op.*. 1356 Add support for the Entropy Gathering Daemon (EGD) for better 1357 random data. 1358 New DontBlameSendmail option InsufficientEntropy for systems which 1359 don't properly seed the PRNG for OpenSSL but want to 1360 try to use STARTTLS despite the security problems. 1361 Support the security layer in SMTP AUTH for mechanisms which 1362 support encryption. Based on code contributed by Tim 1363 Martin of CMU. 1364 Add new macro ${auth_ssf} to reflect the SMTP AUTH security 1365 strength factor. 1366 LDAP's -1 (single match only) flag was not honored if the -z 1367 (delimiter) flag was not given. Problem noted by ST Wong of 1368 the Chinese University of Hong Kong. Fix from Mark Adamson 1369 of CMU. 1370 Add more protection from accidentally tripping OpenLDAP 1.X's 1371 ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute(). 1372 Suggested by Kurt Zeilenga of OpenLDAP. 1373 Fix the default family selection for DaemonPortOptions. As 1374 documented, unless a family is specified in a 1375 DaemonPortOptions option, "inet" is the default. It is 1376 also the default if no DaemonPortOptions value is set. 1377 Therefore, IPv6 users should configure additional sockets 1378 by adding DaemonPortOptions settings with Family=inet6 if 1379 they wish to also listen on IPv6 interfaces. Problem noted 1380 by Jun-ichiro itojun Hagino of the KAME Project. 1381 Set ${if_family} when setting ${if_addr} and ${if_name} to reflect 1382 the interface information for an outgoing connection. 1383 Not doing so was creating a mismatch between the socket 1384 family and address used in subsequent connections if the 1385 M=b modifier was set in DaemonPortOptions. Problem noted 1386 by John Beck of Sun Microsystems. 1387 If DaemonPortOptions modifier M=b is used, determine the socket 1388 family based on the IP address. ${if_family} is no longer 1389 persistent (i.e., saved in qf files). Patch from John Beck 1390 of Sun Microsystems. 1391 sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family} 1392 macros for both the incoming interface address/family and 1393 the outgoing interface address/family. In order for M=b 1394 modifier in DaemonPortOptions to work properly, preserve 1395 the incoming information in the queue file for later 1396 delivery attempts. 1397 Use SMTP error code and enhanced status code from check_relay in 1398 responses to commands. Problem noted by Jeff Wasilko of 1399 smoe.org. 1400 Add more vigilance in checking for putc() errors on output streams 1401 to protect from a bug in Solaris 2.6's putc(). Problem 1402 noted by Graeme Hewson of Oracle. 1403 The LDAP map -n option (return attribute names only) wasn't working. 1404 Problem noted by Ajay Matia. 1405 Under certain circumstances, an address could be listed as deferred 1406 but would be bounced back to the sender as failed to be 1407 delivered when it really should have been queued. Problem 1408 noted by Allan E Johannesen of Worcester Polytechnic Institute. 1409 Prevent a segmentation fault in a child SMTP process from getting 1410 the SMTP transaction out of sync. Problem noted by Per 1411 Hedeland of Ericsson. 1412 Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT 1413 is defined to avoid a core dump due to incompatibilities 1414 between sfio and stdio. Problem noted by Neil Rickert 1415 of Northern Illinois University. 1416 Don't log useless envelope ID on initial connection log. Problem 1417 noted by Kari Hurtta of the Finnish Meteorological Institute. 1418 Convert the free disk space shown in a control socket status query 1419 to kilobyte units. 1420 If TryNullMXList is True and there is a temporary DNS failure 1421 looking up the hostname, requeue the message for a later 1422 attempt. Problem noted by Ari Heikkinen of Pohjois-Savo 1423 Polytechnic. 1424 Under the proper circumstances, failed connections would be recorded 1425 as "Bad file number" instead of "Connection failed" in the 1426 queue file and persistent host status. Problem noted by 1427 Graeme Hewson of Oracle. 1428 Avoid getting into an endless loop if a non-hoststat directory exists 1429 within the hoststatus directory (e.g., lost+found). 1430 Patch from Valdis Kletnieks of Virginia Tech. 1431 Make sure Timeout.queuereturn=now returns a bounce message to the 1432 sender. Problem noted by Per Hedeland of Ericsson. 1433 If a message data file can't be opened at delivery time, panic and 1434 abort the attempt instead of delivering a message that 1435 states "<<< No Message Collected >>>". 1436 Fixup the GID checking code from 8.10.2 as it was overly 1437 restrictive. Problem noted by Mark G. Thomas of Mark 1438 G. Thomas Consulting. 1439 Preserve source port number instead of replacing it with the ident 1440 port number (113). 1441 Document the queue status characters in the mailq man page. 1442 Suggested by Ulrich Windl of the Universitat Regensburg. 1443 Process queued items in which none of the recipient addresses have 1444 host portions (or there are no recipients). Problem noted 1445 by Valdis Kletnieks of Virginia Tech. 1446 If a cached LDAP connection is used for multiple maps, make sure 1447 only the first to open the connection is allowed to close 1448 it so a later map close doesn't break the connection for 1449 other maps. Problem noted by Wolfgang Hottgenroth of UUNET. 1450 Netscape's LDAP libraries do not support Kerberos V4 1451 authentication. Patch from Rainer Schoepf of the 1452 University of Mainz. 1453 Provide workaround for inconsistent handling of data passed 1454 via callbacks to Cyrus SASL prior to version 1.5.23. 1455 Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission 1456 noted by Ulrich Windl of the Universitat Regensburg. 1457 Portability: 1458 Add the ability to read IPv6 interface addresses into class 1459 'w' under FreeBSD (and possibly others). From Jun 1460 Kuriyama of IMG SRC, Inc. and the FreeBSD Project. 1461 Replace code for finding the number of CPUs on HPUX. 1462 NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not 1463 work properly causing problems if the accept() 1464 fails and the socket needs to be reopened. Patch 1465 from Tom Moore of NCR. 1466 NetBSD uses a .0 extension of formatted man pages. From 1467 Andrew Brown of Crossbar Security. 1468 Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED 1469 for calls to getipnodebyname(). The Linux 1470 implementation is broken so AI_ADDRCONFIG is stripped 1471 under Linux. From John Beck of Sun Microsystems and 1472 John Kennedy of Cal State University, Chico. 1473 CONFIG: Catch invalid addresses containing a ',' at the wrong place. 1474 Patch from Neil Rickert of Northern Illinois University. 1475 CONFIG: New variables for the new sendmail options: 1476 confCACERT_PATH CACERTPath 1477 confCACERT CACERTFile 1478 confCLIENT_CERT ClientCertFile 1479 confCLIENT_KEY ClientKeyFile 1480 confDH_PARAMETERS DHParameters 1481 confRAND_FILE RandFile 1482 confSERVER_CERT ServerCertFile 1483 confSERVER_KEY ServerKeyFile 1484 CONFIG: Provide basic rulesets for TLS policy control and add new 1485 tags to the access database to support these policies. See 1486 cf/README for more information. 1487 CONFIG: Add TLS information to the Received: header. 1488 CONFIG: Call tls_client ruleset from check_mail in case it wasn't 1489 called due to a STARTTLS command. 1490 CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent 1491 instead of temporary. 1492 CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with 1493 the access map and relaying to a domain without using a To: 1494 tag. Problem noted by Mark G. Thomas of Mark G. Thomas 1495 Consulting. 1496 CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in 1497 OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of 1498 RootsWeb.com. 1499 CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and 1500 forwarding to make it as close to the old behavior as 1501 possible. Problem noted by George W. Baltz of the 1502 University of Maryland. 1503 CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From 1504 Wilfredo Sanchez of Apple Computer, Inc. 1505 CONFIG: Changed the map names used by FEATURE(`ldap_routing') from 1506 ldap_mailhost and ldap_mailroutingaddress to ldapmh and 1507 ldapmra as underscores in map names cause problems if 1508 underscore is in OperatorChars. Problem noted by Bob Zeitz 1509 of the University of Alberta. 1510 CONFIG: Apply blacklist_recipients also to hosts in class {w}. 1511 Patch from Michael Tratz of Esosoft Corporation. 1512 CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers. 1513 CONTRIB: Add link_hash.sh to create symbolic links to the hash 1514 of X.509 certificates. 1515 CONTRIB: passwd-to-alias.pl: More protection from special characters; 1516 treat special shells as root aliases; skip entries where the 1517 GECOS full name and username match. From Ulrich Windl of the 1518 Universitat Regensburg. 1519 CONTRIB: qtool.pl: Add missing last_modified_time method and fix a 1520 typo. Patch from Graeme Hewson of Oracle. 1521 CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue 1522 and sendmail. Patch from Graeme Hewson of Oracle. 1523 CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as 1524 subroutine Patch from Graeme Hewson of Oracle. 1525 CONTRIB: Add movemail.pl (move old mail messages between queues by 1526 calling re-mqueue.pl) and movemail.conf (configuration 1527 script for movemail.pl). From Graeme Hewson of Oracle. 1528 CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to 1529 makemap). From Derek J. Balling of Yahoo,Inc. 1530 DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any 1531 extension modifications (e.g., MAN8EXT) to the installation 1532 target. Patch from James Ralston of Carnegie Mellon 1533 University. 1534 DEVTOOLS: Add support for SunOS 5.9. 1535 DEVTOOLS: New option confLN contains the command used to create 1536 links. 1537 LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not 1538 reported. 1539 MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of 1540 Denman Tire Corporation. 1541 MAIL.LOCAL: Prevent a possible DoS attack when compiled with 1542 -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU. 1543 MAILSTATS: Fix usage statement (-p and -o are optional). 1544 MAKEMAP: Change man page layout as workaround for problem with nroff 1545 and -man on Solaris 7. Patch from Larry Williamson. 1546 RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of 1547 Black Diamond Equipment, Limited. 1548 RMAIL: Prevent a segmentation fault if the incoming message does not 1549 have a From line. 1550 VACATION: Read all of the headers before deciding whether or not 1551 to respond instead of stopping after finding recipient. 1552 Added Files: 1553 cf/ostype/darwin.m4 1554 contrib/cidrexpand 1555 contrib/link_hash.sh 1556 contrib/movemail.conf 1557 contrib/movemail.pl 1558 devtools/OS/SunOS.5.9 1559 test/t_snprintf.c 1560 15618.10.2/8.10.2 2000/06/07 1562 SECURITY: Work around broken Linux setuid() implementation. 1563 On Linux, a normal user process has the ability to subvert 1564 the setuid() call such that it is impossible for a root 1565 process to drop its privileges. Problem noted by Wojciech 1566 Purczynski of elzabsoft.pl. 1567 SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(), 1568 initgroups(), and chroot() calls. 1569 Added Files: 1570 test/t_setuid.c 1571 15728.10.1/8.10.1 2000/04/06 1573 SECURITY: Limit the choice of outgoing (client-side) SMTP 1574 Authentication mechanisms to those specified in 1575 AuthMechanisms to prevent information leakage. We do not 1576 recommend use of PLAIN for outgoing mail as it sends the 1577 password in clear text to possibly untrusted servers. See 1578 cf/README's DefaultAuthInfo section for additional information. 1579 Copy the ident argument for openlog() to avoid problems on some 1580 OSs. Based on patch from Rob Bajorek from Webhelp.com. 1581 Avoid bogus error message when reporting an alias line as too long. 1582 Avoid bogus socket error message if sendmail.cf version level is 1583 greater than sendmail binary supported version. Patch 1584 from John Beck of Sun Microsystems. 1585 Prevent a malformed ruleset (missing right hand side) from causing 1586 a segmentation fault when using address test mode. Based on 1587 patch from John Beck of Sun Microsystems. 1588 Prevent memory leak from use of NIS maps and yp_match(3). Problem 1589 noted by Gil Kloepfer of the University of Texas at Austin. 1590 Fix queue file permission checks to allow for TrustedUser ownership. 1591 Change logging of errors from the trust_auth ruleset to LogLevel 10 1592 or higher. 1593 Avoid simple password cracking attacks against SMTP AUTH by using 1594 exponential delay after too many tries within one connection. 1595 Encode an initial empty AUTH challenge as '=', not as empty string. 1596 Avoid segmentation fault on EX_SOFTWARE internal error logs. 1597 Problem noted by Allan E Johannesen of Worcester 1598 Polytechnic Institute. 1599 Ensure that a header check which resolves to $#discard actually 1600 discards the message. 1601 Emit missing value warnings for aliases with no right hand side 1602 when newaliases is run instead of only when delivery is 1603 attempted to the alias. 1604 Remove AuthOptions missing value warning for consistency with other 1605 flag options. 1606 Portability: 1607 SECURITY: Specify a run-time shared library search path for 1608 AIX 4.X instead of using the dangerous AIX 4.X 1609 linker semantics. AIX 4.X users should consult 1610 sendmail/README for further information. Problem 1611 noted by Valdis Kletnieks of Virginia Tech. 1612 Avoid use of strerror(3) call. Problem noted by Charles 1613 Levert of Ecole Polytechnique de Montreal. 1614 DGUX requires -lsocket -lnsl and has a non-standard install 1615 program. From Tim Boyer of Denman Tire Corporation. 1616 HPUX 11.0 has a broken res_search() function. 1617 Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X 1618 from J. P. McCann of E I A. 1619 Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3). 1620 Problem noted by Michael Long of Info Avenue Internet 1621 Services, LLC. 1622 Modern (post-199912) OpenBSD versions include working 1623 strlc{at,py}(3) functions. From Todd C. Miller of 1624 Courtesan Consulting. 1625 SINIX doesn't have random(3). From Gerald Rinske of 1626 Siemens Business Services. 1627 CONFIG: Change error message about unresolvable sender domain to 1628 include the sender address. Proposed by Wolfgang Rupprecht 1629 of WSRCC. 1630 CONFIG: Fix usenet mailer calls. 1631 CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS 1632 to be backward compatible with 8.9. 1633 CONFIG: Change handling of default case @domain for virtusertable 1634 to allow for +*@domain to deal with +detail. 1635 CONTRIB: Remove converting.sun.configs -- it is obsolete. 1636 DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki 1637 of NEC. 1638 DEVTOOLS: Add to NCR platform list and include the architecture 1639 (i486). From Tom J. Moore of NCR. 1640 DEVTOOLS: SECURITY: Change method of linking with sendmail utility 1641 libraries to work around the AIX 4.X and SunOS 4.X linker's 1642 overloaded -L option. Problem noted by Valdis Kletnieks of 1643 Virginia Tech. 1644 DEVTOOLS: configure.sh was overriding the user's choice for 1645 confNROFF. Problem noted by Glenn A. Malling of Syracuse 1646 University. 1647 DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added 1648 for other internal projects but included in the open source 1649 release. 1650 LIBSMDB: Check for ".db" instead of simply "db" at the end of the 1651 map name to determine whether or not to add the extension. 1652 This fixes makemap when building the userdb file. Problem 1653 noted by Andrew J Cole of the University of Leeds. 1654 LIBSMDB: Allow a database to be opened for updating and created if 1655 it doesn't already exist. Problem noted by Rand Wacker of 1656 Sendmail. 1657 LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are 1658 available, fall back to NDBM if NEWDB open fails. This 1659 fixes praliases. Patch from John Beck of Sun Microsystems. 1660 LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted 1661 as SFF_NOWRFILES. 1662 OP.ME: Clarify some issues regarding mailer flags. Suggested by 1663 Martin Mokrejs of The Charles University and Neil Rickert of 1664 Northern Illinois University. 1665 PRALIASES: Restore 8.9.X functionality of being able to search for 1666 particular keys in a database by specifying the keys on the 1667 command line. Man page updated accordingly. Patch from 1668 John Beck of Sun Microsystems. 1669 VACATION: SunOS 4.X portability from Charles Levert of Ecole 1670 Polytechnique de Montreal. 1671 VACATION: Fix -t option which is ignored but available for 1672 compatibility with Sun's version, based on patch from 1673 Volker Dobler of Infratest Burke. 1674 Added Files: 1675 devtools/M4/UNIX/smlib.m4 1676 devtools/OS/OSF1.V5.0 1677 Deleted Files: 1678 contrib/converting.sun.configs 1679 Deleted Directories (already done in 8.10.0 but not listed): 1680 doc/intro 1681 doc/usenix 1682 doc/changes 1683 16848.10.0/8.10.0 2000/03/01 1685 ************************************************************* 1686 * The engineering department at Sendmail, Inc. has suffered * 1687 * the tragic loss of a key member of our engineering team. * 1688 * Julie Van Bourg was the Vice President of Engineering * 1689 * at Sendmail, Inc. during the development and deployment * 1690 * of this release. It was her vision, dedication, and * 1691 * support that has made this release a success. Julie died * 1692 * on October 26, 1999 of cancer. We have lost a leader, a * 1693 * coach, and a friend. * 1694 * * 1695 * This release is dedicated to her memory and to the joy, * 1696 * strength, ideals, and hope that she brought to all of us. * 1697 * Julie, we miss you! * 1698 ************************************************************* 1699 SECURITY: The safe file checks now back track through symbolic 1700 links to make sure the files can't be compromised due 1701 to poor permissions on the parent directories of the 1702 symbolic link target. 1703 SECURITY: Only root, TrustedUser, and users in class t can rebuild 1704 the alias map. Problem noted by Michal Zalewski of the 1705 "Internet for Schools" project (IdS). 1706 SECURITY: There is a potential for a denial of service attack if 1707 the AutoRebuildAliases option is set as a user can kill the 1708 sendmail process while it is rebuilding the aliases file 1709 (leaving it in an inconsistent state). This option and 1710 its use is deprecated and will be removed from a future 1711 version of sendmail. 1712 SECURITY: Make sure all file descriptors (besides stdin, stdout, and 1713 stderr) are closed before restarting sendmail. Problem noted 1714 by Michal Zalewski of the "Internet for Schools" project 1715 (IdS). 1716 Begin using /etc/mail/ for sendmail related files. This affects 1717 a large number of files. See cf/README for more details. 1718 The directory structure of the distribution has changed slightly 1719 for easier code sharing among the programs. 1720 Support SMTP AUTH (see RFC 2554). New macros for this purpose 1721 are ${auth_authen}, ${auth_type}, and ${auth_author} 1722 which hold the client's authentication credentials, 1723 the mechanism used for authentication, and the 1724 authorization identity (i.e., the AUTH= parameter if 1725 supplied). Based on code contributed by Tim Martin of CMU. 1726 On systems which use the Torek stdio library (all of the BSD 1727 distributions), use memory-buffered files to reduce 1728 file system overhead by not creating temporary files on 1729 disk. Contributed by Exactis.com, Inc. 1730 New option DataFileBufferSize to control the maximum size of a 1731 memory-buffered data (df) file before a disk-based file is 1732 used. Contributed by Exactis.com, Inc. 1733 New option XscriptFileBufferSize to control the maximum size of a 1734 memory-buffered transcript (xf) file before a disk-based 1735 file is used. Contributed by Exactis.com, Inc. 1736 sendmail implements RFC 2476 (Message Submission), e.g., it can 1737 now listen on several different ports. Use: 1738 O DaemonPortOptions=Name=MSA, Port=587, M=E 1739 to run a Message Submission Agent (MSA); this is turned 1740 on by default in m4-generated .cf files; it can be turned 1741 off with FEATURE(`no_default_msa'). 1742 The 'XUSR' SMTP command is deprecated. Mail user agents should 1743 begin using RFC 2476 Message Submission for initial user 1744 message submission. XUSR may disappear from a future release. 1745 The new '-G' (relay (gateway) submission) command line option 1746 indicates that the message being submitted from the command 1747 line is for relaying, not initial submission. This means 1748 the message will be rejected if the addresses are not fully 1749 qualified and no canonicalization will be done. Future 1750 releases may even reject improperly formed messages. 1751 The '-U' (initial user submission) command line option is 1752 deprecated and may be removed from a future release. 1753 Mail user agents should begin using '-G' to indicate that 1754 this is a relay submission (the inverse of -U). 1755 The next release of sendmail will assume that any message submitted 1756 from the command line is an initial user submission and act 1757 accordingly. 1758 If sendmail doesn't have enough privileges to run a .forward 1759 program or deliver to file as the owner of that file, the 1760 address is marked as unsafe. This means if RunAsUser is 1761 set, users won't be able to use programs or delivery to 1762 files in their .forward files. Administrators can override 1763 this by setting the DontBlameSendmail option to the new 1764 setting NonRootSafeAddr. 1765 Allow group or world writable directories if the sticky bit is set 1766 on the directory and DontBlameSendmail is set to 1767 TrustStickyBit. Based on patch from Chris Metcalf of 1768 InCert Software. 1769 Prevent logging of unsafe directory paths for non-existent forward 1770 files if the new DontWarnForwardFileInUnsafeDirPath bit is 1771 set in the DontBlameSendmail option. Requested by many. 1772 New Timeout.control option to limit the total time spent satisfying 1773 a control socket request. 1774 New Timeout.resolver options for controlling BIND resolver 1775 settings: 1776 Timeout.resolver.retrans 1777 Sets the resolver's retransmission time interval (in 1778 seconds). Sets both Timeout.resolver.retrans.first 1779 and Timeout.resolver.retrans.normal. 1780 Timeout.resolver.retrans.first 1781 Sets the resolver's retransmission time interval (in 1782 seconds) for the first attempt to deliver a message. 1783 Timeout.resolver.retrans.normal 1784 Sets the resolver's retransmission time interval (in 1785 seconds) for all resolver lookups except the first 1786 delivery attempt. 1787 Timeout.resolver.retry 1788 Sets the number of times to retransmit a resolver 1789 query. Sets both Timeout.resolver.retry.first 1790 and Timeout.resolver.retry.normal. 1791 Timeout.resolver.retry.first 1792 Sets the number of times to retransmit a resolver 1793 query for the first attempt to deliver a message. 1794 Timeout.resolver.retry.normal 1795 Sets the number of times to retransmit a resolver 1796 query for all resolver lookups except the first 1797 delivery attempt. 1798 Contributed by Exactis.com, Inc. 1799 Support multiple queue directories. To use multiple queues, supply 1800 a QueueDirectory option value ending with an asterisk. For 1801 example, /var/spool/mqueue/q* will use all of the 1802 directories or symbolic links to directories beginning with 1803 'q' in /var/spool/mqueue as queue directories. Keep in 1804 mind, the queue directory structure should not be changed 1805 while sendmail is running. Queue runs create a separate 1806 process for running each queue unless the verbose flag is 1807 given on a non-daemon queue run. New items are randomly 1808 assigned to a queue. Contributed by Exactis.com, Inc. 1809 Support different directories for qf, df, and xf queue files; if 1810 subdirectories or symbolic links to directories of those names 1811 exist in the queue directories, they are used for the 1812 corresponding queue files. Keep in mind, the queue 1813 directory structure should not be changed while sendmail is 1814 running. Proposed by Mathias Koerber of Singapore 1815 Telecommunications Ltd. 1816 New queue file naming system which uses a filename guaranteed to be 1817 unique for 60 years. This allows queue IDs to be assigned 1818 without fancy file system locking. Queued items can be 1819 moved between queues easily. Contributed by Exactis.com, 1820 Inc. 1821 Messages which are undeliverable due to temporary address failures 1822 (e.g., DNS failure) will now go to the FallBackMX host, if 1823 set. Contributed by Exactis.com, Inc. 1824 New command line option '-L tag' which sets the identifier used for 1825 syslog. Contributed by Exactis.com, Inc. 1826 QueueSortOrder=Filename will sort the queue by filename. This 1827 avoids opening and reading each queue file when preparing 1828 to run the queue. Contributed by Exactis.com, Inc. 1829 Shared memory counters and microtimers functionality has been 1830 donated by Exactis.com, Inc. 1831 The SCCS ID tags have been replaced with RCS ID tags. 1832 Allow trusted users (those on a T line or in $=t) to set the 1833 QueueDirectory (Q) option without an X-Authentication-Warning: 1834 being added. Suggested by Michael K. Sanders. 1835 IPv6 support based on patches from John Kennedy of Cal State 1836 University, Chico, Motonori Nakamura of Kyoto University, 1837 and John Beck of Sun Microsystems. 1838 In low-disk space situations, where sendmail would previously refuse 1839 connections, still accept them, but only allow ETRN commands. 1840 Suggested by Mathias Koerber of Singapore Telecommunications 1841 Ltd. 1842 The [IPC] builtin mailer now allows delivery to a UNIX domain socket 1843 on systems which support them. This can be used with LMTP 1844 local delivery agents which listen on a named socket. An 1845 example mailer might be: 1846 Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n, 1847 S=10, R=20/40, T=DNS/RFC822/X-Unix, 1848 A=FILE /var/run/lmtpd 1849 Code contributed by Lyndon Nerenberg of Messaging Direct. 1850 The [TCP] builtin mailer name is now deprecated. Use [IPC] 1851 instead. 1852 The first mailer argument in the [IPC] mailer is now checked for a 1853 legitimate value. Possible values are TCP (for TCP/IP 1854 connections), IPC (which will be deprecated in a future 1855 version), and FILE (for UNIX domain socket delivery). 1856 PrivacyOptions=goaway no longer includes the noetrn and the noreceipts 1857 flags. 1858 PrivacyOptions=nobodyreturn instructs sendmail not to include the 1859 body of the original message on delivery status 1860 notifications. 1861 Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted 1862 by Dan Bernstein, fix from Robert Harker of Harker Systems. 1863 Accept the SMTP RSET command even when rejecting commands due to TCP 1864 Wrappers or the check_relay ruleset. Problem noted by 1865 Steve Schweinhart of America Online. 1866 Warn if OperatorChars is set multiple times. OperatorChars should 1867 not be set after rulesets are defined. Suggested by 1868 Mitchell Blank Jr of Exec-PC. 1869 Do not report temporary failure on delivery to files. In 1870 interactive delivery mode, this would result in two SMTP 1871 responses after the DATA command. Problem noted by 1872 Nik Conwell of Boston University. 1873 Check file close when mailing to files. Problem noted by Nik 1874 Conwell of Boston University. 1875 Avoid a segmentation fault when using the LDAP map. Patch from 1876 Curtis W. Hillegas of Princeton University. 1877 Always bind to the LDAP server regardless of whether you are using 1878 ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of 1879 @Home Network. 1880 New ruleset trust_auth to determine whether a given AUTH= 1881 parameter of the MAIL command should be trusted. See SMTP 1882 AUTH, cf/README, and doc/op/op.ps. 1883 Allow new named config file rules check_vrfy, check_expn, and 1884 check_etrn for VRFY, EXPN, and ETRN commands, respectively, 1885 similar to check_rcpt etc. 1886 Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr}, 1887 ${mail_mailer}, ${mail_host}, ${mail_addr} that hold 1888 the results of parsing the RCPT and MAIL arguments, i.e. 1889 the resolved triplet from $#mailer $@host $:addr. 1890 From Kari Hurtta of the Finnish Meteorological Institute. 1891 New macro ${client_resolve} which holds the result of the resolve 1892 call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed 1893 by Kari Hurtta of the Finnish Meteorological Institute. 1894 New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold 1895 the corresponding DSN parameter values. Proposed by 1896 Mathias Herberts. 1897 New macro ${msg_size} which holds the value of the SIZE= parameter, 1898 i.e., usually the size of the message (in an ESMTP dialogue), 1899 before the message has been collected, thereafter it holds 1900 the message size as computed by sendmail (and can be used 1901 in check_compat). 1902 The macro ${deliveryMode} now specifies the current delivery mode 1903 sendmail is using instead of the value of the DeliveryMode 1904 option. 1905 New macro ${ntries} holds the number of delivery attempts. 1906 Drop explicit From: if same as what would be generated only if it is 1907 a local address. From Motonori Nakamura of Kyoto University. 1908 Write pid to file also if sendmail only processes the queue. 1909 Proposed by Roy J. Mongiovi of Georgia Tech. 1910 Log "low on disk space" only when necessary. 1911 New macro ${load_avg} can be used to check the current load average. 1912 Suggested by Scott Gifford of The Internet Ramp. 1913 Return-Receipt-To: header implies DSN request if option RrtImpliesDsn 1914 is set. 1915 Flag -S for maps to specify the character which is substituted 1916 for spaces (instead of the default given by O BlankSub). 1917 Flag -D for maps: perform no lookup in deferred delivery mode. 1918 This flag is set by default for the host map. Based on a 1919 proposal from Ian MacPhedran of the University of Saskatchewan. 1920 Open maps only on demand, not at startup. 1921 Log warning about unsupported IP address families. 1922 New option MaxHeadersLength allows to specify a maximum length 1923 of the sum of all headers. This can be used to prevent 1924 a denial-of-service attack. 1925 New option MaxMimeHeaderLength which limits the size of MIME 1926 headers and parameters within those headers. This option 1927 is intended to protect mail user agents from buffer 1928 overflow attacks. 1929 Added option MaxAliasRecursion to specify the maximum depth of 1930 alias recursion. 1931 New flag F=6 for mailers to strip headers to seven bit. 1932 Map type syslog to log the key via syslogd. 1933 Entries in the alias file can be continued by putting a backslash 1934 directly before the newline. 1935 New option DeadLetterDrop to define the location of the system-wide 1936 dead.letter file, formerly hardcoded to 1937 /usr/tmp/dead.letter. If this option is not set (the 1938 default), sendmail will not attempt to save to a 1939 system-wide dead.letter file if it can not bounce the mail 1940 to the user nor postmaster. Instead, it will rename the qf 1941 file as it has in the past when the dead.letter file 1942 could not be opened. 1943 New option PidFile to define the location of the pid file. The 1944 value of this option is macro expanded. 1945 New option ProcessTitlePrefix specifies a prefix string for the 1946 process title shown in 'ps' listings. 1947 New macros for use with the PidFile and ProcessTitlePrefix options 1948 (along with the already existing macros): 1949 ${daemon_info} Daemon information, e.g. 1950 SMTP+queueing@00:30:00 1951 ${daemon_addr} Daemon address, e.g., 0.0.0.0 1952 ${daemon_family} Daemon family, e.g., inet, inet6, etc. 1953 ${daemon_name} Daemon name, e.g., MSA. 1954 ${daemon_port} Daemon port, e.g., 25 1955 ${queue_interval} Queue run interval, e.g., 00:30:00 1956 New macros especially for virtual hosting: 1957 ${if_name} hostname of interface of incoming connection. 1958 ${if_addr} address of interface of incoming connection. 1959 The latter is only set if the interface does not belong to the 1960 loopback net. 1961 If a message being accepted via a method other than SMTP and 1962 would be rejected by a header check, do not send the message. 1963 Suggested by Phil Homewood of Mincom Pty Ltd. 1964 Don't strip comments for header checks if $>+ is used instead of $>. 1965 Provide header value as quoted string in the macro 1966 ${currHeader} (possibly truncated to MAXNAME). Suggested by 1967 Jan Krueger of Unix-AG of University of Hannover. 1968 The length of the header value is stored in ${hdrlen}. 1969 H*: allows to specify a default ruleset for header checks. This 1970 ruleset will only be called if the individual header does 1971 not have its own ruleset assigned. Suggested by Jan 1972 Krueger of Unix-AG of University of Hannover. 1973 The name of the header field stored in ${hdr_name}. 1974 Comments (i.e., text within parentheses) in rulesets are not 1975 removed if the config file version is greater than or equal 1976 to 9. For example, "R$+ ( 1 ) $@ 1" matches the 1977 input "token (1)" but does not match "token". 1978 Avoid removing the Content-Transfer-Encoding MIME header on 1979 MIME messages. Problem noted by Sigurbjorn B. Larusson of 1980 Multimedia Consumer Services. Fix from Per Hedeland of 1981 Ericsson. 1982 Avoid duplicate Content-Transfer-Encoding MIME header on 1983 messages with 8-bit text in headers. Problem noted by 1984 Per Steinar Iversen of Oslo College. Fix from Per Hedeland 1985 of Ericsson. 1986 Avoid keeping maps locked longer than necessary when re-opening a 1987 modified database map file. Problem noted by Chris Adams 1988 of Renaissance Internet Services. 1989 Resolving to the $#error mailer with a temporary failure code (e.g., 1990 $#error $@ tempfail $: "400 Temporary failure") will now 1991 queue up the message instead of bouncing it. 1992 Be more liberal in acceptable responses to an SMTP RSET command as 1993 standard does not provide any indication of what to do when 1994 something other than 250 is received. Based on a patch 1995 from Steve Schweinhart of America Online. 1996 New option TrustedUser allows to specify a user who can own 1997 important files instead of root. This requires HASFCHOWN. 1998 Fix USERDB conditional so compiling with NEWDB or HESIOD and 1999 setting USERDB=0 works. Fix from Jorg Zanger of Schock. 2000 Fix another instance (similar to one in 8.9.3) of a network failure 2001 being mis-logged as "Illegal Seek" instead of whatever 2002 really went wrong. From John Beck of Sun Microsystems. 2003 $? tests also whether the macro is non-null. 2004 Print an error message if a mailer definition contains an invalid 2005 equate name. 2006 New mailer equate /= to specify a directory to chroot() into before 2007 executing the mailer program. Suggested by Igor Vinokurov. 2008 New mailer equate W= to specify the maximum time to wait for the 2009 mailer to return after sending all data to it. 2010 Only free memory from the process list when adding a new process 2011 into a previously filled slot. Previously, the memory was 2012 freed at removal time. Since removal can happen in a 2013 signal handler, this may leave the memory map in an 2014 inconsistent state. Problem noted by Jeff A. Earickson and 2015 David Cooley of Colby College. 2016 When using the UserDB @hostname catch-all, do not try to lookup 2017 local users in the passwd file. The UserDB code has 2018 already decided the message will be passed to another host 2019 for processing. Fix from Tony Landells of Burdett 2020 Buckeridge Young Limited. 2021 Support LDAP authorization via either a file containing the 2022 password or Kerberos V4 using the new map options 2023 '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The 2024 distinguished_name is who to login as. The method can be 2025 one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or 2026 LDAP_AUTH_KRBV4. The filename is the file containing the 2027 secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos 2028 ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense 2029 of Stanford University. 2030 The ldapx map has been renamed to ldap. The use of ldapx is 2031 deprecated and will be removed in a future version. 2032 If the result of an LDAP search returns a multi-valued attribute 2033 and the map has the column delimiter set, it turns that 2034 response into a delimiter separated string. The LDAP map 2035 will traverse multiple entries as well. LDAP alias maps 2036 automatically set the column delimiter to the comma. 2037 Based on patch from Booker Bense of Stanford University and 2038 idea from Philip A. Prindeville of Mirapoint, Inc. 2039 Support return of multiple values for a single LDAP lookup. The 2040 values to be returned should be in a comma separated string. 2041 For example, `-v "email,emailother"'. Patch from 2042 Curtis W. Hillegas of Princeton University. 2043 Allow the use of LDAP for alias maps. 2044 If no LDAP attributes are specified in an LDAP map declaration, all 2045 attributes found in the match will be returned. 2046 Prevent commas in quoted strings in the AliasFile value from 2047 breaking up a single entry into multiple entries. This is 2048 needed for LDAP alias file specifications to allow for 2049 comma separated key and value strings. 2050 Keep connections to LDAP server open instead of opening and closing 2051 for each lookup. To reduce overhead, sendmail will cache 2052 connections such that multiple maps which use the same 2053 host, port, bind DN, and authentication will only result in 2054 a single connection to that host. 2055 Put timeout in the proper place for USE_LDAP_INIT. 2056 Be more careful about checking for errors and freeing memory on 2057 LDAP lookups. 2058 Use asynchronous LDAP searches to save memory and network 2059 resources. 2060 Do not copy LDAP query results if the map's match only flag is set. 2061 Increase portability to the Netscape LDAP libraries. 2062 Change the parsing of the LDAP filter specification. '%s' is still 2063 replaced with the literal contents of the map lookup key -- 2064 note that this means a lookup can be done using the LDAP 2065 special characters. The new '%0' token can be used instead 2066 of '%s' to encode the key buffer according to RFC 2254. 2067 For example, if the LDAP map specification contains '-k 2068 "(user=%s)"' and a lookup is done on "*", this would be 2069 equivalent to '-k "(user=*)"' -- matching ANY record with a 2070 user attribute. Instead, if the LDAP map specification 2071 contains '-k "(user=%0)"' and a lookup is done on "*", this 2072 would be equivalent to '-k "(user=\2A)"' -- matching a user 2073 with the name "*". 2074 New LDAP map flags: "-1" requires a single match to be returned, if 2075 more than one is returned, it is equivalent to no records 2076 being found; "-r never|always|search|find" sets the LDAP 2077 alias dereference option; "-Z size" limits the number of 2078 matches to return. 2079 New option LDAPDefaultSpec allows a default map specification for 2080 LDAP maps. The value should only contain LDAP specific 2081 settings such as "-h host -p port -d bindDN", etc. The 2082 settings will be used for all LDAP maps unless they are 2083 specified in the individual map specification ('K' 2084 command). This option should be set before any LDAP maps 2085 are defined. 2086 Prevent an NDBM alias file opening loop when the NDBM open 2087 continually fails. Fix from Roy J. Mongiovi of Georgia 2088 Tech. 2089 Reduce memory utilization for smaller symbol table entries. In 2090 particular, class entries get much smaller, which can be 2091 important if you have large classes. 2092 On network-related temporary failures, record the hostname which 2093 gave error in the queued status message. Requested by 2094 Ulrich Windl of the Universitat Regensburg. 2095 Add new F=% mailer flag to allow for a store and forward 2096 configuration. Mailers which have this flag will not attempt 2097 delivery on initial receipt of a message or on queue runs 2098 unless the queued message is selected using one of the 2099 -qI/-qR/-qS queue run modifiers or an ETRN request. Code 2100 provided by Philip Guenther of Gustavus Adolphus College. 2101 New option ControlSocketName which, when set, creates a daemon 2102 control socket. This socket allows an external program to 2103 control and query status from the running sendmail daemon 2104 via a named socket, similar to the ctlinnd interface to the 2105 INN news server. Access to this interface is controlled by 2106 the UNIX file permissions on the named socket on most UNIX 2107 systems (see sendmail/README for more information). An 2108 example control program is provided as contrib/smcontrol.pl. 2109 Change the default values of QueueLA from 8 to (8 * numproc) and 2110 RefuseLA from 12 to (12 * numproc) where numproc is the 2111 number of processors online on the system (if that can be 2112 determined). For single processor machines, this change 2113 has no effect. 2114 Don't return body of message to postmaster on "Too many hops" bounces. 2115 Based on fix from Motonori Nakamura of Kyoto University. 2116 Give more detailed DSN descriptions for some cases. Patch from 2117 Motonori Nakamura of Kyoto University. 2118 Logging of alias, forward file, and UserDB expansion now happens 2119 at LogLevel 11 or higher instead of 10 or higher. 2120 Logging of an envelope's complete delivery (the "done" message) now 2121 happens at LogLevel 10 or higher instead of 11 or higher. 2122 Logging of TCP/IP or UNIX standard input connections now happens at 2123 LogLevel 10 or higher. Previously, only TCP/IP connections 2124 were logged, and on at LogLevel 12 or higher. Setting 2125 LogLevel to 10 will now assist users in tracking frequent 2126 connection-based denial of service attacks. 2127 Log basic information about authenticated connections at LogLevel 2128 10 or higher. 2129 Log SMTP Authentication mechanism and author when logging the sender 2130 information (from= syslog line). 2131 Log the DSN code for each recipient if one is available as a new 2132 equate (dsn=). 2133 Macro expand PostmasterCopy and DoubleBounceAddress options. 2134 New "ph" map for performing ph queries in rulesets. More 2135 information is available at 2136 http://www-dev.cso.uiuc.edu/sendmail/. Contributed by Mark 2137 Roth of the University of Illinois at Urbana-Champaign. 2138 Detect temporary lookup failures in the host map if looking up a 2139 bracketed IP address. Problem noted by Kari Hurtta of the 2140 Finnish Meteorological Institute. 2141 Do not report a Remote-MTA on local deliveries. Problem noted by 2142 Kari Hurtta of the Finnish Meteorological Institute. 2143 When a forward file points to an alias which runs a program, run 2144 the program as the default user and the default group, not 2145 the forward file user. This change also assures the 2146 :include: directives in aliases are also processed using 2147 the default user and group. Problem noted by Sergiu 2148 Popovici of DNT Romania. 2149 Prevent attempts to save a dead.letter file for a user with 2150 no home directory (/no/such/directory). Problem noted by 2151 Michael Brown of Finnigan FT/MS. 2152 Include message delay and number of tries when logging that a 2153 message has been completely delivered (LogLevel of 10 or 2154 above). Suggested by Nick Hilliard of Ireland Online. 2155 Log the sender of a message even if none of the recipients were 2156 accepted. If some of the recipients were rejected, it is 2157 helpful to know the sender of the message. 2158 Check the root directory (/) when checking a path for safety. 2159 Problem noted by John Beck of Sun Microsystems. 2160 Prevent multiple responses to the DATA command if DeliveryMode is 2161 interactive and delivering to an alias which resolves to 2162 multiple files. 2163 Macros in the helpfile are expanded if the helpfile version is 2 or 2164 greater (see below); the help function doesn't print the 2165 version of sendmail any longer, instead it is placed in 2166 the helpfile ($v). Suggested by Chuck Foster of UUNET 2167 PIPEX. Additionally, comment lines (starting with #) are 2168 skipped and a version line (#vers) is introduced. The 2169 helpfile version for 8.10.0 is 2, if no version or an older 2170 version is found, a warning is logged. The '#vers' 2171 directive should be placed at the top of the help file. 2172 Use fsync() when delivering to a file to guarantee the delivery to 2173 disk succeeded. Suggested by Nick Christenson. 2174 If delivery to a file is unsuccessful, truncate the file back to its 2175 length before the attempt. 2176 If a forward points to a filename for delivery, change to the 2177 user's uid before checking permissions on the file. This 2178 allows delivery to files on NFS mounted directories where 2179 root is remapped to nobody. Problem noted by Harald 2180 Daeubler of Universitaet Ulm. 2181 purgestat and sendmail -bH purge only expired (Timeout.hoststatus) 2182 host status files, not all files. 2183 Any macros stored in the class $={persistentMacros} will be saved 2184 in the queue file for the message and set when delivery 2185 is attempted on the queued item. Suggested by Kyle Jones of 2186 Wonderworks Inc. 2187 Add support for storing information between rulesets using the new 2188 macro map class. This can be used to store information 2189 between queue runs as well using $={persistentMacros}. 2190 Based on an idea from Jan Krueger of Unix-AG of University 2191 of Hannover. 2192 New map class arith to allow for computations in rules. The 2193 operation (+, -, *, /, l (for less than), and =) is given 2194 as key. The two operands are specified as arguments; the 2195 lookup returns the result of the computation. For example, 2196 "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and 2197 "$(arith + $@ 4 $@ 2 $)" will return "6". 2198 Add new syntax for header declarations which decide whether to 2199 include the header based on a macro rather than a mailer 2200 flag: 2201 H?${MyMacro}?X-My-Header: ${MyMacro} 2202 This should be used along with $={persistentMacros}. 2203 It can be used for adding headers to a message based on 2204 the results of check_* and header check rulesets. 2205 Allow new named config file rule check_eoh which is called after 2206 all of the headers have been collected. The input to the 2207 ruleset the number of headers and the size of all of the 2208 headers in bytes separated by $|. This ruleset along with 2209 the macro storage map can be used to correlate information 2210 gathered between headers and to check for missing headers. 2211 See cf/README or doc/op/op.ps for an example. 2212 Change the default for the MeToo option to True to correspond 2213 to the clarification in the DRUMS SMTP Update spec. This 2214 option is deprecated and will be removed from a future 2215 version. 2216 Change the sendmail binary default for SendMimeErrors to True. 2217 Change the sendmail binary default for SuperSafe to True. 2218 Display ruleset names in debug and address test mode output 2219 if referencing a named ruleset. 2220 New mailer equate m= which will limit the number of messages 2221 delivered per connection on an SMTP or LMTP mailer. 2222 Improve QueueSortOrder=Host by reversing the hostname before 2223 using it to sort. Now all the same domains are really run 2224 through the queue together. If they have the same MX host, 2225 then they will have a much better opportunity to use the 2226 connection cache if available. This should be a reasonable 2227 performance improvement. Patch from Randall Winchester of 2228 the University of Maryland. 2229 If a message is rejected by a header check ruleset, log who would 2230 have received the message if it had not been rejected. 2231 New "now" value for Timeout.queuereturn to bounce entries from the 2232 queue immediately. No delivery attempt is made. 2233 Increase sleeping time exponentially after too many "bad" commands 2234 up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}- 2235 COMMANDS). 2236 New option ClientPortOptions similar to DaemonPortOptions 2237 but for outgoing connections. 2238 New suboptions for DaemonPortOptions: Name (a name used for 2239 error messages and logging) and Modifiers, i.e. 2240 a require authentication 2241 b bind to interface through which mail has 2242 been received 2243 c perform hostname canonification 2244 f require fully qualified hostname 2245 h use name of interface for outgoing HELO 2246 command 2247 C don't perform hostname canonification 2248 E disallow ETRN (see RFC 2476) 2249 New suboption for ClientPortOptions: Modifiers, i.e. 2250 h use name of interface for HELO command 2251 The version number for queue files (qf) has been incremented to 4. 2252 Log unacceptable HELO/EHLO domain name attempts if LogLevel is set 2253 to 10 or higher. Suggested by Rick Troxel of the National 2254 Institutes of Health. 2255 If a mailer dies, print the status in decimal instead of octal 2256 format. Suggested by Michael Shapiro of Sun Microsystems. 2257 Limit the length of all MX records considered for delivery to 8k. 2258 Move message priority from sender to recipient logging. Suggested by 2259 Ulrich Windl of the Universitat Regensburg. 2260 Add support for Berkeley DB 3.X. 2261 Add fix for Berkeley DB 2.X fcntl() locking race condition. 2262 Requires a post-2.7.5 version of Berkeley DB. 2263 Support writing traffic log (sendmail -X option) to a FIFO. 2264 Patch submitted by Rick Heaton of Network Associates, Inc. 2265 Do not ignore Timeout settings in the .cf file when a Timeout 2266 sub-options is set on the command line. Problem noted by 2267 Graeme Hewson of Oracle. 2268 Randomize equal preference MX records each time delivery is 2269 attempted via a new connection to a host instead of once per 2270 session. Suggested by Scott Salvidio of Compaq. 2271 Implement enhanced status codes as defined by RFC 2034. 2272 Add [hostname] to class w for the names of all interfaces unless 2273 DontProbeInterfaces is set. This is useful for sending mails 2274 to hosts which have dynamically assigned names. 2275 If a message is bounced due to bad MIME conformance, avoid bouncing 2276 the bounce for the same reason. If the body is not 8-bit 2277 clean, and EightBitMode isn't set to pass8, the body will 2278 not be included in the bounce. Problem noted by Valdis 2279 Kletnieks of Virginia Tech. 2280 The timeout for sending a message via SMTP has been changed from 2281 '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which 2282 simply checks for progress on sending data every 5 minutes. 2283 This will detect the inability to send information quicker 2284 and reduce the number of processes simply waiting to 2285 timeout. 2286 Prevent a segmentation fault on systems which give a partial filled 2287 interface address structure when loading the system network 2288 interface addresses. Fix from Reinier Bezuidenhout of 2289 Nanoteq. 2290 Add a compile-time configuration macro, MAXINTERFACES, which 2291 indicates the number of interfaces to read when probing 2292 for hostnames and IP addresses for class w ($=w). The 2293 default value is 512. Based on idea from Reinier 2294 Bezuidenhout of Nanoteq. 2295 If the RefuseLA option is set to 0, do not reject connections based 2296 on load average. 2297 Allow ruleset 0 to have a name. Problem noted by Neil Rickert of 2298 Northern Illinois University. 2299 Expand the Return-Path: header at delivery time, after "owner-" 2300 envelope splitting has occurred. 2301 Don't try to sort the queue if there are no entries. Patch from 2302 Luke Mewburn from RMIT University. 2303 Add a "/quit" command to address test mode. 2304 Include the proper sender in the UNIX "From " line and Return-Path: 2305 header when undeliverable mail is saved to ~/dead.letter. 2306 Problem noted by Kari Hurtta of the Finnish Meteorological 2307 Institute. 2308 The contents of a class can now be copied to another class using 2309 the syntax: "C{Dest} $={Source}". This would copy all of 2310 the items in class $={Source} into the class $={Dest}. 2311 Include original envelope's error transcript in bounces created for 2312 split (owner-) envelopes to see the original errors when 2313 the recipients were added. Based on fix from Motonori 2314 Nakamura of Kyoto University. 2315 Show reason for permanent delivery errors directly after the 2316 addresses. From Motonori Nakamura of Kyoto University. 2317 Prevent a segmentation fault when bouncing a split-envelope 2318 message. Patch from Motonori Nakamura of Kyoto University. 2319 If the specification for the queue run interval (-q###) has a 2320 syntax error, consider the error fatal and exit. 2321 Pay attention to CheckpointInterval during LMTP delivery. Problem 2322 noted by Motonori Nakamura of Kyoto University. 2323 On operating systems which have setlogin(2), use it to set the 2324 login name to the RunAsUserName when starting as a daemon. 2325 This is for delivery to programs which use getlogin(). 2326 Based on fix from Motonori Nakamura of Kyoto University. 2327 Differentiate between "command not implemented" and "command 2328 unrecognized" in the SMTP dialogue. 2329 Strip returns from forward and include files. Problem noted by 2330 Allan E Johannesen of Worcester Polytechnic Institute. 2331 Prevent a core dump when using 'sendmail -bv' on an address which 2332 resolves to the $#error mailer with a temporary failure. 2333 Based on fix from Neil Rickert of Northern Illinois 2334 University. 2335 Prevent multiple deliveries of a message with a "non-local alias" 2336 pointing to a local user, if canonicalization fails 2337 the message was requeued *and* delivered to the alias. 2338 If an invalid ruleset is declared, the ruleset name could be 2339 ignored and its rules added to S0. Instead, ignore the 2340 ruleset lines as well. 2341 Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient 2342 success DSN fields as well as duplicate entries for a 2343 single address due to S5 and UserDB processing. Problems 2344 noted by Kari Hurtta of the Finnish Meteorological 2345 Institute. 2346 Turn off timeouts when exiting sendmail due to an interrupt signal 2347 to prevent the timeout from firing during the exit process. 2348 Problem noted by Michael Shapiro of Sun Microsystems. 2349 Do not append @MyHostName to non-RFC822 addresses output by the EXPN 2350 command or on Final-Recipient: and X-Actual-Recipient: DSN 2351 headers. Non-RFC822 addresses include deliveries to 2352 programs, file, DECnet, etc. 2353 Fix logic for determining if a local user is using -f or -bs to 2354 spoof their return address. Based on idea from Neil Rickert 2355 of Northern Illinois University and patch from Per Hedeland 2356 of Ericsson. 2357 Report the proper UID in the bounce message if an :include: file is 2358 owned by a uid that doesn't map to a username and the 2359 :include: file contains delivery to a file or program. 2360 Problem noted by John Beck of Sun Microsystems. 2361 Avoid the attempt of trying to send a second SMTP QUIT command if 2362 the remote server responds to the first QUIT with a 4xx 2363 response code and drops the connection. This behavior was 2364 noted by Ulrich Windl of the Universitat Regensburg when 2365 sendmail was talking to the Mercury 1.43 MTA. 2366 If a hostname lookup times out and ServiceSwitchFile is set but the 2367 file is not present, the lookup failure would be marked as 2368 a permanent failure instead of a temporary failure. Fix 2369 from Russell King of the ARM Linux Project. 2370 Handle aliases or forwards which deliver to programs using tabs 2371 instead of spaces between arguments. Problem noted by Randy 2372 Wormser. Fix from Neil Rickert of Northern Illinois 2373 University. 2374 Allow MaxRecipientsPerMessage option to be set on the command line 2375 by normal users (e.g., sendmail won't drop its root 2376 privileges) to allow overrides for message submission via 2377 'sendmail -bs'. 2378 Set the names for help file and statistics file to "helpfile" and 2379 "statistics", respectively, if no parameters are given for 2380 them in the .cf file. 2381 Avoid bogus 'errbody: I/O Error -7' log messages when sending 2382 success DSN messages for messages relayed to non-DSN aware 2383 systems. Problem noted by Juergen Georgi of RUS University 2384 of Stuttgart and Kyle Tucker of Parexel International. 2385 Prevent +detail information from interfering with local delivery to 2386 multiple users in the same transaction (F=m). 2387 Add H_FORCE flag for the X-Authentication-Warning: header, so it 2388 will be added even if one already exists. Problem noted 2389 by Michal Zalewski of Marchew Industries. 2390 Stop processing SMTP commands if the SMTP connection is dropped. 2391 This prevents a remote system from flooding the connection 2392 with commands and then disconnecting. Previously, the 2393 server would process all of the buffered commands. Problem 2394 noted by Michal Zalewski of Marchew Industries. 2395 Properly process user-supplied headers beginning with '?'. Problem 2396 noted by Michal Zalewski of Marchew Industries. 2397 If multiple header checks resolve to the $#error mailer, use the 2398 last permanent (5XX) failure if any exist. Otherwise, use 2399 the last temporary (4XX) failure. 2400 RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch 2401 from Ronald F. Guilmette of Infinite Monkeys & Co. 2402 Timeout.ident now defaults to 5 seconds instead of 30 seconds to 2403 prevent the now common delays associated with mailing to a 2404 site which drops IDENT packets. Suggested by many. 2405 Persistent host status data is not reloaded disk when current data 2406 is available in the in-memory cache. Problem noted by Per 2407 Hedeland of Ericsson. 2408 mailq displays unprintable characters in addresses as their octal 2409 representation and a leading backslash. This avoids problems 2410 with "unprintable" characters. Problem noted by Michal 2411 Zalewski of the "Internet for Schools" project (IdS). 2412 The mail line length limit (L= equate) was adding the '!' indicator 2413 one character past the limit. This would cause subsequent 2414 hops to break the line again. The '!' is now placed in 2415 the last column of the limit if the line needs to be broken. 2416 Problem noted by Joe Pruett of Q7 Enterprises. Based on fix 2417 from Per Hedeland of Ericsson. 2418 If a resolver ANY query is larger than the UDP packet size, the 2419 resolver will fall back to TCP. However, some 2420 misconfigured firewalls black 53/TCP so the ANY lookup 2421 fails whereas an MX or A record might succeed. Therefore, 2422 don't fail on ANY queries. 2423 If an SMTP recipient is rejected due to syntax errors in the 2424 address, do not send an empty postmaster notification DSN 2425 to the postmaster. Problem noted by Neil Rickert of 2426 Northern Illinois University. 2427 Allow '_' and '.' in map names when parsing a sequence map 2428 specification. Patch from William Setzer of North Carolina 2429 State University. 2430 Fix hostname in logging of read timeouts for the QUIT command on 2431 cached connections. Problem noted by Neil Rickert of 2432 Northern Illinois University. 2433 Use a more descriptive entry to log "null" connections, i.e., 2434 "host did not issue MAIL/EXPN/VRFY/ETRN during connection". 2435 Fix a file descriptor leak in ONEX mode. 2436 Portability: 2437 Reverse signal handling logic such that sigaction(2) with 2438 the SA_RESTART flag is the preferred method and the 2439 other signal methods are only tried if SA_RESTART 2440 is not available. Problem noted by Allan E 2441 Johannesen of Worcester Polytechnic Institute. 2442 AIX 4.x supports the sa_len member of struct sockaddr. 2443 This allows network interface probing to work 2444 properly. Fix from David Bronder of the 2445 University of Iowa. 2446 AIX 4.3 has snprintf() support. 2447 Use "PPC" as the architecture name when building under 2448 AIX. This will be reflected in the obj.* directory 2449 name. 2450 Apple Darwin support based on Apple Rhapsody port. 2451 Fixed AIX 'make depend' method from Valdis Kletnieks of 2452 Virginia Tech. 2453 Digital UNIX has uname(2). 2454 GNU Hurd updates from Mark Kettenis of the University of 2455 Amsterdam. 2456 Improved HPUX 11.0 portability. 2457 Properly determine the number of CPUs on FreeBSD 2.X, 2458 FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X. 2459 Remove special IRIX ABI cases from Build script and the OS 2460 files. Use the standard 'cc' options used by SGI 2461 in building the operating system. Users can 2462 override the defaults by setting confCC and 2463 confLIBSEARCHPATH appropriately. 2464 IRIX nsd map support from Bob Mende of SGI. 2465 Minor devtools fixes for IRIX from Bob Mende of SGI. 2466 Linux patch for IP_SRCROUTE support from Joerg Dorchain 2467 of MW EDV & ELECTRONIC. 2468 Linux now uses /usr/sbin for confEBINDIR in the build 2469 system. From MATSUURA Takanori of Osaka University. 2470 Remove special treatment for Linux PPC in the build 2471 system. From MATSUURA Takanori of Osaka University. 2472 Motorolla UNIX SYSTEM V/88 Release 4.0 support from 2473 Sergey Rusanov of the Republic of Udmurtia. 2474 NCR MP-RAS 3.x includes regular expression support. From 2475 Tom J. Moore of NCR. 2476 NEC EWS-UX/V series settings for _PATH_VENDOR_CF and 2477 _PATH_SENDMAILPID from Oota Toshiya of 2478 NEC Computers Group Planning Division. 2479 Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D. 2480 NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and 2481 1024 in conf.h. Since confENVDEF would be used, 2482 use that value in conf.h. 2483 Use NeXT's NETINFO to get domain name. From Gerd Knops of 2484 BITart Consulting. 2485 Use NeXT's NETINFO for alias and hostname resolution if 2486 AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are 2487 defined. Patch from Wilfredo Sanchez of Apple 2488 Computer, Inc. 2489 NeXT portability tweaks. Problems reported by Dragan 2490 Milicic of the University of Utah and J. P. McCann 2491 of E I A. 2492 New compile flag FAST_PID_RECYCLE: set this if your system 2493 can reuse the same PID in the same second. 2494 New compile flag HASFCHOWN: set this if your OS has 2495 fchown(2). 2496 New compile flag HASRANDOM: set this to 0 if your OS does 2497 not have random(3). rand() will be used instead. 2498 New compile flag HASSRANDOMDEV: set this if your OS has 2499 srandomdev(3). 2500 New compile flag HASSETLOGIN: set this if your OS has 2501 setlogin(2). 2502 Replace SINIX and ReliantUNIX support with version 2503 specific SINIX files. From Gerald Rinske of 2504 Siemens Business Services. 2505 Use the 60-second load average instead of the 5 second load 2506 average on Compaq Tru64 UNIX (formerly Digital 2507 UNIX). From Chris Teakle of the University of Qld. 2508 Use ANSI C by default for Compaq Tru64 UNIX. Suggested by 2509 Randall Winchester of Swales Aerospace. 2510 Correct setgroups() prototype for Compaq Tru64 UNIX. 2511 Problem noted by Randall Winchester of Swales 2512 Aerospace. 2513 Hitachi 3050R/3050RX and 3500 Workstations running 2514 HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori 2515 NAKAMURA of Kyoto University. 2516 New compile flag NO_GETSERVBYNAME: set this to disable 2517 use of getservbyname() on systems which can 2518 not lookup a service by name over NIS, such as 2519 HI-UX. Patch from Motonori NAKAMURA of Kyoto 2520 University. 2521 Use devtools/bin/install.sh on SCO 5.x. Problem noted 2522 by Sun Wenbing of the China Engineering and 2523 Technology Information Network. 2524 make depend didn't work properly on UNIXWARE 4.2. Problem 2525 noted by Ariel Malik of Netology, Ltd. 2526 Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 2527 Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD, 2528 and OpenBSD. 2529 A recent Compaq Ultrix 4.5 Y2K patch has broken detection 2530 of local_hostname_length(). See sendmail/README 2531 for more details. Problem noted by Allan E 2532 Johannesen of Worcester Polytechnic Institute. 2533 CONFIG: Begin using /etc/mail/ for sendmail related files. This 2534 affects a large number of files. See cf/README for more 2535 details. 2536 CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including 2537 trailing slash) for the mail settings directory. 2538 CONFIG: Increment version number of config file to 9. 2539 CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been 2540 deprecated and may be removed from a future release. 2541 BSD/OS users should begin using OSTYPE(`bsdi'). 2542 CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This 2543 requires a new OSTYPE(`openbsd'). From Todd C. Miller of 2544 Courtesan Consulting. 2545 CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X. 2546 CONFIG: A syntax error in check_mail would cause fake top-level 2547 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to 2548 be improperly rejected as unresolvable. 2549 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of 2550 DNS server, rejection message) and can be included 2551 multiple times. 2552 CONFIG: New FEATURE(`relay_mail_from') allows relaying if the 2553 mail sender is listed as RELAY in the access map (and tagged 2554 with From:). 2555 CONFIG: Optional tagging of LHS in the access map (Connect:, 2556 From:, To:) to enable finer control. 2557 CONFIG: New FEATURE(`ldap_routing') implements LDAP address 2558 routing. See cf/README for a complete description of the 2559 new functionality. 2560 CONFIG: New variables for the new sendmail options: 2561 confAUTH_MECHANISMS AuthMechanisms 2562 confAUTH_OPTIONS AuthOptions 2563 confCLIENT_OPTIONS ClientPortOptions 2564 confCONTROL_SOCKET_NAME ControlSocketName 2565 confDEAD_LETTER_DROP DeadLetterDrop 2566 confDEF_AUTH_INFO DefaultAuthInfo 2567 confDF_BUFFER_SIZE DataFileBufferSize 2568 confLDAP_DEFAULT_SPEC LDAPDefaultSpec 2569 confMAX_ALIAS_RECURSION MaxAliasRecursion 2570 confMAX_HEADERS_LENGTH MaxHeadersLength 2571 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 2572 confPID_FILE PidFile 2573 confPROCESS_TITLE_PREFIX ProcessTitlePrefix 2574 confRRT_IMPLIES_DSN RrtImpliesDsn 2575 confTO_CONTROL Timeout.control 2576 confTO_RESOLVER_RETRANS Timeout.resolver.retrans 2577 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 2578 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 2579 confTO_RESOLVER_RETRY Timeout.resolver.retry 2580 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 2581 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 2582 confTRUSTED_USER TrustedUser 2583 confXF_BUFFER_SIZE XscriptFileBufferSize 2584 CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(), 2585 which takes the options as argument and can be used 2586 multiple times; see cf/README for details. 2587 CONFIG: Add a fifth mailer definition to MAILER(`smtp') called 2588 "dsmtp". This mail provides on-demand delivery using the 2589 F=% mailer flag described above. The "dsmtp" mailer 2590 definition uses the new DSMTP_MAILER_ARGS which defaults 2591 to "IPC $h". 2592 CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS, 2593 and RELAY_MAILER_MAXMSGS for setting the m= equate for the 2594 local, smtp, and relay mailers respectively. 2595 CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting 2596 the DSN Diagnostic-Code type for the local mailer. The 2597 value should be changed with care. 2598 CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type 2599 for the local mailer to the proper value of "SMTP". 2600 CONFIG: All included maps are no longer optional by default; if 2601 there there is a problem with a map, sendmail will 2602 complain. 2603 CONFIG: Removed root from class E; use EXPOSED_USER(`root') 2604 to get the old behavior. Suggested by Joe Pruett 2605 of Q7 Enterprises. 2606 CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which 2607 will not be masqueraded. Proposed by Arne Wichmann 2608 of MPI Saarbruecken, Griff Miller of PGS Tensor, 2609 Jayme Cox of Broderbund Software Inc. 2610 CONFIG: A list of exceptions for FEATURE(`nocanonify') can be 2611 specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 2612 i.e., a list of domains which are passed to $[ ... $] 2613 for canonification. Based on an idea from Neil Rickert 2614 of Northern Illinois University. 2615 CONFIG: If `canonify_hosts' is specified as parameter for 2616 FEATURE(`nocanonify') then addresses which have only 2617 a hostname, e.g., <user@host>, will be canonified. 2618 CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is 2619 nevertheless added to addresses with more than one component 2620 in it. 2621 CONFIG: Canonification is no longer attempted for any host or domain 2622 in class 'P' ($=P). 2623 CONFIG: New class for matching virtusertable entries $={VirtHost} that 2624 can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE. 2625 FEATURE(`virtuser_entire_domain') can be used to apply this 2626 class also to entire subdomains. Hosts in this class are 2627 treated as canonical in SCanonify2, i.e., a trailing dot 2628 is added. 2629 CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used, 2630 include $={VirtHost} in $=R (hosts allowed to relay). 2631 CONFIG: FEATURE(`generics_entire_domain') can be used to apply the 2632 genericstable also to subdomains of $=G. 2633 CONFIG: Pass "+detail" as %2 for virtusertable lookups. 2634 Patch from Noam Freedman from University of Chicago. 2635 CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested 2636 by Raymond S Brand of rsbx.net. 2637 CONFIG: Allow @domain in genericstable to override masquerading. 2638 Suggested by Owen Duffy from Owen Duffy & Associates. 2639 CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve 2640 Hubert of University of Washington. 2641 CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as 2642 GNU is now the canonical system name. From Mark 2643 Kettenis of the University of Amsterdam. 2644 CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman. 2645 CONFIG: Do not include '=' in option expansion if there is no value 2646 associated with the option. From Andrew Brown of 2647 Graffiti World Wide, Inc. 2648 CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed 2649 by Philip A. Prindeville of Enteka Enterprise Technology 2650 Services. 2651 CONFIG: MAILER(`cyrus') was not preserving case for mail folder 2652 names. Problem noted by Randall Winchester of Swales 2653 Aerospace. 2654 CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags 2655 for the relay mailer. Suggested by Doug Hughes of Auburn 2656 University and Brian Candler. 2657 CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path: 2658 header) by default. Suggested by Per Hedeland of Ericsson. 2659 CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host]. 2660 Suggested by Kari Hurtta of the Finnish Meteorological 2661 Institute. 2662 CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS; 2663 i.e., to set, add, or delete flags. 2664 CONFIG: If SMTP AUTH is used then relaying is allowed for any user 2665 who authenticated via a "trusted" mechanism, i.e., one that 2666 is defined via TRUST_AUTH_MECH(`list of mechanisms'). 2667 CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay 2668 after check_rcpt and allows for exceptions from the checks. 2669 CONFIG: Map declarations have been moved into their associated 2670 feature files to allow greater flexibility in use of 2671 sequence maps. Suggested by Per Hedeland of Ericsson. 2672 CONFIG: New macro LOCAL_MAILER_EOL to override the default end of 2673 line string for the local mailer. Requested by Il Oh of 2674 Willamette Industries, Inc. 2675 CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is 2676 converted to <user@d> 2677 CONFIG: Reject bogus return address of <@@hostname>, generated by 2678 Sun's older, broken configuration files. 2679 CONFIG: FEATURE(`nullclient') now provides the full rulesets of a 2680 normal configuration, allowing anti-spam checks to be 2681 performed. 2682 CONFIG: Don't return a permanent error (Relaying denied) if 2683 ${client_name} can't be resolved just temporarily. 2684 Suggested by Kari Hurtta of the Finnish Meteorological 2685 Institute. 2686 CONFIG: Change numbered rulesets into named (which still can 2687 be accessed by their numbers). 2688 CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial 2689 which describes whether to disallow "!" in the local part 2690 of an address. 2691 CONFIG: Call Local_localaddr from localaddr (S5) which can be used 2692 to rewrite an address from a mailer which has the F=5 flag 2693 set. If the ruleset returns a mailer, the appropriate 2694 action is taken, otherwise the returned tokens are ignored. 2695 CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4 2696 and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4. 2697 The latter is kept around for backward compatibility. 2698 CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries, 2699 where "D.S.N" is an RFC 1893 compliant error code. 2700 CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 2701 CONFIG: Remove second space between username and date in UNIX From_ 2702 line. Noted by Allan E Johannesen of Worcester Polytechnic 2703 Institute. 2704 CONFIG: Make sure all of the mailers have complete T= equates. 2705 CONFIG: Extend FEATURE(`local_procmail') so it can now take 2706 arguments overriding the mailer program, arguments, and 2707 mailer definition flags. This makes it possible to use 2708 other programs such as maildrop for local delivery. 2709 CONFIG: Emit warning if FEATURE(`local_lmtp') or 2710 FEATURE(`local_procmail') is given after MAILER(`local'). 2711 Patch from Richard A. Nelson of IBM. 2712 CONFIG: Add SMTP Authentication information to Received: header 2713 default value (confRECEIVED_HEADER). 2714 CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a 2715 local mailer. Problem noted by Per Hedeland of Ericsson. 2716 CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the 2717 University of California at Berkeley. 2718 CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of 2719 Illinois at Urbana-Champaign. 2720 CONTRIB: etrn.pl now recognizes bogus host names. Patch from 2721 Bruce Barnett of GE's R&D Lab. 2722 CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle 2723 Corporation UK. 2724 CONTRIB: Added qtool.pl to assist in managing the queues. 2725 DEVTOOLS: Prevent user environment variables from interfering with 2726 the Build scripts. Problem noted by Ezequiel H. Panepucci of 2727 Yale University. 2728 DEVTOOLS: 'Build -M' will display the obj.* directory which will 2729 be used for building. 2730 DEVTOOLS: 'Build -A' will display the architecture that would be 2731 used for a fresh build. 2732 DEVTOOLS: New variable confRANLIB, set automatically by configure.sh. 2733 DEVTOOLS: New variable confRANLIBOPTS for the options to send to 2734 ranlib. 2735 DEVTOOLS: 'Build -O <path>' will have the object files build in 2736 <path>/obj.*. Suggested by Bryan Costales of Exactis. 2737 DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the 2738 building of the man pages when defined. Suggested by Bryan 2739 Costales. 2740 DEVTOOLS: New variables confNO_HELPFILE_INSTALL and 2741 confNO_STATISTICS_INSTALL which will prevent the 2742 installation of the sendmail helpfile and statistics file 2743 respectively. Suggested by Bryan Costales. 2744 DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske 2745 of Siemens Business Services. 2746 DEVTOOLS: New variable confSTDIO_TYPE which defines the type of 2747 stdio library. The new buffered file I/O depends on the 2748 Torek stdio library. This option can be either portable or 2749 torek. 2750 DEVTOOLS: New variables confSRCADD and confSMSRCADD which 2751 correspond to confOBJADD and confSMOBJADD respectively. 2752 They should contain the C source files for the object files 2753 listed in confOBJADD and confSMOBJADD. These file names 2754 will be passed to the 'make depend' stage of compilation. 2755 DEVTOOLS: New program specific variables for each of the programs 2756 in the sendmail distribution. Each has the form 2757 `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'. 2758 The new variables are conf_prog_ENVDEF, conf_prog_LIBS, 2759 conf_prog_SRCADD, and conf_prog_OBJADD. 2760 DEVTOOLS: Build system redesign. This should have little affect on 2761 building the distribution, but documentation on the changes 2762 are in devtools/README. 2763 DEVTOOLS: Don't allow 'Build -f file' if an object directory already 2764 exists. Suggested by Valdis Kletnieks of Virginia Tech. 2765 DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies 2766 the path to the sendmail source directory. confSRCDIR is a 2767 new variable which identifies the root of the source 2768 directories for all of the programs in the distribution. 2769 DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build 2770 time. They can both still be overridden by setting the m4 2771 macro. 2772 DEVTOOLS: confSBINGRP now defaults to bin instead of kmem. 2773 DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for 2774 build configurations, and places objects in obj.prefix.*/. 2775 Complains as 'Build -f file' does for existing object 2776 directories. Suggested by Tom Smith of Digital Equipment 2777 Corporation. 2778 DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted 2779 manual pages in the directory tree specified by 2780 confMANROOTMAN. 2781 DEVTOOLS: If formatting the manual pages fails, copy in the 2782 preformatted pages from the distribution. The new variable 2783 confCOPY specifies the copying program. 2784 DEVTOOLS: Defining confFORCE_RMAIL will install rmail without 2785 question. Suggested by Terry Lambert of Whistle 2786 Communications. 2787 DEVTOOLS: confSTFILE and confHFFILE can be used to change the names 2788 of the installed statistics and help files, respectively. 2789 DEVTOOLS: Remove spaces in `uname -r` output when determining 2790 operating system identity. Problem noted by Erik 2791 Wachtenheim of Dartmouth College. 2792 DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that 2793 will be search for the libraries specified in confLIBSEARCH. 2794 Defaults to "/lib /usr/lib /usr/shlib". 2795 DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying 2796 how to strip binaries. These are used by the new 2797 install-strip target. 2798 DEVTOOLS: New config file site.post.m4 which is included after 2799 the others (if it exists). 2800 DEVTOOLS: Change order of LIBS: first product specific libraries 2801 then the default ones. 2802 MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local 2803 as local delivery agent without LMTP mode, use 2804 MODIFY_MAILER_FLAGS(`LOCAL', `+S') 2805 to set the S flag. 2806 MAIL.LOCAL: Do not reject addresses which would otherwise be 2807 accepted by sendmail. Suggested by Neil Rickert of 2808 Northern Illinois University. 2809 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise 2810 8BITMIME in the LHLO response. Suggested by Kari Hurtta of 2811 the Finnish Meteorological Institute. 2812 MAIL.LOCAL: Add support for the maillock() routines by defining 2813 MAILLOCK when compiling. Also requires linking with 2814 -lmail. Patch from Neil Rickert of Northern Illinois 2815 University. 2816 MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is 2817 defined when compiling. Automatically set for Solaris 2.3 2818 and later. Patch from Neil Rickert of Northern Illinois 2819 University. 2820 MAIL.LOCAL: Move the initialization of the 'notifybiff' address 2821 structure to the beginning of the program. This ensures that 2822 the getservbyname() is done before any seteuid to a possibly 2823 unauthenticated user. If you are using NIS+ and secure RPC 2824 on a Solaris system, this avoids syslog messages such as, 2825 "authdes_refresh: keyserv(1m) is unable to encrypt session 2826 key." Patch from Neil Rickert of Northern Illinois 2827 University. 2828 MAIL.LOCAL: Support group writable mail spool files when MAILGID is 2829 set to the gid to use (-DMAILGID=6) when compiling. 2830 Patch from Neil Rickert of Northern Illinois University. 2831 MAIL.LOCAL: When a mail message included lines longer than 2046 2832 characters (in LMTP mode), mail.local split the incoming 2833 line up into 2046-character output lines (excluding the 2834 newline). If an input line was 2047 characters long 2835 (excluding CR-LF) and the last character was a '.', 2836 mail.local saw it as the end of input, transfered it to the 2837 user mailbox and tried to write an `ok' back to sendmail. 2838 If the message was much longer, both sendmail and 2839 mail.local would deadlock waiting for each other to read 2840 what they have written. Problem noted by Peter Jeremy of 2841 Alcatel Australia Limited. 2842 MAIL.LOCAL: New option -b to return a permanent error instead of a 2843 temporary error if a mailbox exceeds quota. Suggested by 2844 Neil Rickert of Northern Illinois University. 2845 MAIL.LOCAL: The creation of a lockfile is subject to a global 2846 timeout to avoid starvation. 2847 MAIL.LOCAL: Properly parse addresses with multiple quoted 2848 local-parts. Problem noted by Ronald F. Guilmette of 2849 Infinite Monkeys & Co. 2850 MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR. 2851 MAILSTATS: New -p option to invoke program mode in which stats are 2852 printed in a machine readable fashion and the stats file 2853 is reset. Patch from Kevin Hildebrand of the University 2854 of Maryland. 2855 MAKEMAP: If running as root, automatically change the ownership of 2856 generated maps to the TrustedUser as specified in the 2857 sendmail configuration file. 2858 MAKEMAP: New -C option to accept an alternate sendmail 2859 configuration file to use for finding the TrustedUser 2860 option. 2861 MAKEMAP: New -u option to dump (unmap) a database. Based on 2862 code contributed by Roy Mongiovi of Georgia Tech. 2863 MAKEMAP: New -e option to allow empty values. Suggested by Philip 2864 A. Prindeville of Enteka Enterprise Technology Services. 2865 MAKEMAP: Compile cleanly on 64-bit operating systems. Problem 2866 noted by Gerald Rinske of Siemens Business Services. 2867 OP.ME: Correctly document interaction between F=S and U= mailer 2868 equates. Problem noted by Bob Halley of Internet Engines. 2869 OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle 2870 Corporation UK. 2871 OP.ME: The Timeout [r] option was incorrectly listed as "safe" 2872 (e.g., sendmail would not drop root privileges if the 2873 option was specified on the command line). Problem noted 2874 by Todd C. Miller of Courtesan Consulting. 2875 PRALIASES: Handle the hash and btree map specifications for 2876 Berkeley DB. Patch from Brian J. Coan of the 2877 Institute for Global Communications. 2878 PRALIASES: Read the sendmail.cf file for the location(s) of the 2879 alias file(s) if the -f option is not used. Patch from 2880 John Beck of Sun Microsystems. 2881 PRALIASES: New -C option to specify an alternate sendmail 2882 configuration file to use for finding alias file(s). Patch 2883 from John Beck of Sun Microsystems. 2884 SMRSH: allow shell commands echo, exec, and exit. Allow command 2885 lists using || and &&. Based on patch from Brian J. Coan 2886 of the Institute for Global Communications. 2887 SMRSH: Update README for the new Build system. From Tim Pierce 2888 of RootsWeb Genealogical Data Cooperative. 2889 VACATION: Added vacation auto-responder to sendmail distribution. 2890 LIBSMDB: Added abstracted database library. Works with Berkeley 2891 DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. 2892 Changed Files: 2893 The Build script in the various program subdirectories are 2894 no longer symbolic links. They are now scripts 2895 which execute the actual Build script in 2896 devtools/bin. 2897 All the manual pages are now written against -man and not 2898 -mandoc as they were previously. 2899 Add a simple Makefile to every directory so make instead 2900 of Build will work (unless parameters are 2901 required for Build). 2902 New Directories: 2903 devtools/M4/UNIX 2904 include 2905 libmilter 2906 libsmdb 2907 libsmutil 2908 vacation 2909 Renamed Directories: 2910 BuildTools => devtools 2911 src => sendmail 2912 Deleted Files: 2913 cf/m4/nullrelay.m4 2914 devtools/OS/Linux.ppc 2915 devtools/OS/ReliantUNIX 2916 devtools/OS/SINIX 2917 sendmail/ldap_map.h 2918 New Files: 2919 INSTALL 2920 PGPKEYS 2921 cf/cf/generic-linux.cf 2922 cf/cf/generic-linux.mc 2923 cf/feature/delay_checks.m4 2924 cf/feature/dnsbl.m4 2925 cf/feature/generics_entire_domain.m4 2926 cf/feature/no_default_msa.m4 2927 cf/feature/relay_mail_from.m4 2928 cf/feature/virtuser_entire_domain.m4 2929 cf/mailer/qpage.m4 2930 cf/ostype/bsdi.m4 2931 cf/ostype/hpux11.m4 2932 cf/ostype/openbsd.m4 2933 contrib/bounce-resender.pl 2934 contrib/domainmap.m4 2935 contrib/qtool.8 2936 contrib/qtool.pl 2937 devtools/M4/depend/AIX.m4 2938 devtools/M4/list.m4 2939 devtools/M4/string.m4 2940 devtools/M4/subst_ext.m4 2941 devtools/M4/switch.m4 2942 devtools/OS/Darwin 2943 devtools/OS/GNU 2944 devtools/OS/SINIX.5.43 2945 devtools/OS/SINIX.5.44 2946 devtools/OS/m88k 2947 devtools/bin/find_in_path.sh 2948 mail.local/Makefile 2949 mailstats/Makefile 2950 makemap/Makefile 2951 praliases/Makefile 2952 rmail/Makefile 2953 sendmail/Makefile 2954 sendmail/bf.h 2955 sendmail/bf_portable.c 2956 sendmail/bf_portable.h 2957 sendmail/bf_torek.c 2958 sendmail/bf_torek.h 2959 sendmail/shmticklib.c 2960 sendmail/statusd_shm.h 2961 sendmail/timers.c 2962 sendmail/timers.h 2963 smrsh/Makefile 2964 vacation/Makefile 2965 Renamed Files: 2966 cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4 2967 sendmail/cdefs.h => include/sendmail/cdefs.h 2968 sendmail/sendmail.hf => sendmail/helpfile 2969 sendmail/mailstats.h => include/sendmail/mailstats.h 2970 sendmail/pathnames.h => include/sendmail/pathnames.h 2971 sendmail/safefile.c => libsmutil/safefile.c 2972 sendmail/snprintf.c => libsmutil/snprintf.c 2973 sendmail/useful.h => include/sendmail/useful.h 2974 cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4 2975 Copied Files: 2976 cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4 2977 29788.9.3/8.9.3 1999/02/04 2979 SECURITY: Limit message headers to a maximum of 32K bytes (total 2980 of all headers in a single message) to prevent a denial of 2981 service attack. This limit will be configurable in 8.10. 2982 Problem noted by Michal Zalewski of the "Internet for 2983 Schools" project (IdS). 2984 Prevent segmentation fault on an LDAP lookup if the LDAP map 2985 was closed due to an earlier failure. Problem noted by 2986 Jeff Wasilko of smoe.org. Fix from Booker Bense of 2987 Stanford University and Per Hedeland of Ericsson. 2988 Preserve the order of the MIME headers in multipart messages 2989 when performing the MIME header length check. This 2990 will allow PGP signatures to function properly. Problem 2991 noted by Lars Hecking of University College, Cork, Ireland. 2992 If ruleset 5 rewrote the local address to an :include: directive, 2993 the delivery would fail with an "aliasing/forwarding loop 2994 broken" error. Problem noted by Eric C Hagberg of Morgan 2995 Stanley. Fix from Per Hedeland of Ericsson. 2996 Allow -T to work for bestmx maps. Fix from Aaron Schrab of 2997 ExecPC Internet Systems. 2998 During the transfer of a message in an SMTP transaction, if a 2999 TCP timeout occurs, the message would be properly queued 3000 for later retry but the failure would be logged as 3001 "Illegal Seek" instead of a timeout. Problem noted by 3002 Piotr Kucharski of the Warsaw School of Economics (SGH) 3003 and Carles Xavier Munyoz Baldo of CTV Internet. 3004 Prevent multiple deliveries on a self-referencing alias if the 3005 F=w mailer flag is not set. Problem noted by Murray S. 3006 Kucherawy of Concentric Network Corporation and Per 3007 Hedeland of Ericsson. 3008 Do not strip empty headers but if there is no value and a 3009 default is defined in sendmail.cf, use the default. 3010 Problem noted by Philip Guenther of Gustavus Adolphus 3011 College and Christopher McCrory of Netus, Inc. 3012 Don't inherit information about the sender (notably the full name) 3013 in SMTP (-bs) mode, since this might be called from inetd. 3014 Accept any 3xx reply code in response to DATA command instead of 3015 requiring 354. This change will match the wording to be 3016 published in the updated SMTP specification from the DRUMS 3017 group of the IETF. 3018 Portability: 3019 AIX 4.2.0 or 4.2.1 may become updated by the fileset 3020 bos.rte.net level 4.2.0.2. This introduces the 3021 softlink /usr/lib/libbind.a which should 3022 not be used. It conflicts with the resolver 3023 built into libc.a. "bind" has been removed 3024 from the confLIBSEARCH BuildTools variable. 3025 Users who have installed BIND 8.X will have 3026 to add it back in their site.config.m4 file. 3027 Problem noted by Ole Holm Nielsen of the 3028 Technical University of Denmark. 3029 CRAY TS 10.0.x from Sven Nielsen of San Diego 3030 Supercomputer Center. 3031 Improved LDAP version 3 integration based on input 3032 from Kurt D. Zeilenga of the OpenLDAP Foundation, 3033 John Beck of Sun Microsystems, and Booker Bense 3034 of Stanford University. 3035 Linux doesn't have a standard way to get the timezone 3036 between different releases. Back out the 3037 change in 8.9.2 and don't attempt to derive 3038 a timezone. Problem reported by Igor S. Livshits 3039 of the University of Illinois at Urbana-Champaign 3040 and Michael Dickens of Tetranet Communications. 3041 Reliant UNIX, the new name for SINIX, from Gert-Jan Looy 3042 of Siemens/SNI. 3043 SunOS 5.8 from John Beck of Sun Microsystems. 3044 CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper 3045 timezone. Problem noted by Petr Lampa of Technical 3046 University of Brno. 3047 CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly 3048 when using FEATURE(bestmx_is_local). Patch from Neil W. 3049 Rickert of Northern Illinois University. 3050 CONFIG: Properly handle source routed and %-hack addresses on 3051 hosts which the mailertable remaps to local:. Patch from 3052 Neil W. Rickert of Northern Illinois University. 3053 CONFIG: Internal fixup of mailertable local: map value. Patch from 3054 Larry Parmelee of Cornell University. 3055 CONFIG: Only add back +detail from host portion of mailer triplet 3056 on local mailer triplets if it was originally +detail. 3057 Patch from Neil W. Rickert of Northern Illinois University. 3058 CONFIG: The bestmx_is_local checking done in check_rcpt would 3059 cause later checks to fail. Patch from Paul J Murphy of 3060 MIDS Europe. 3061 New Files: 3062 BuildTools/OS/CRAYTS.10.0.x 3063 BuildTools/OS/ReliantUNIX 3064 BuildTools/OS/SunOS.5.8 3065 30668.9.2/8.9.2 1998/12/30 3067 SECURITY: Remove five second sleep on accepting daemon connections 3068 due to an accept() failure. This sleep could be used 3069 for a denial of service attack. 3070 Do not silently ignore queue files with names which are too long. 3071 Patch from Bryan Costales of InfoBeat, Inc. 3072 Do not store failures closing an SMTP session in persistent 3073 host status. Reported by Graeme Hewson of Oracle 3074 Corporation UK. 3075 Allow symbolic link forward files if they are in safe directories. 3076 Problem noted by Andreas Schott of the Max Planck Society. 3077 Missing columns in a text map could cause a segmentation fault. 3078 Fix from David Lee of the University of Durham. 3079 Note that for 8.9.X, PrivacyOptions=goaway also includes the 3080 noetrn flag. This is scheduled to change in a future 3081 version of sendmail. Problem noted by Theo Van Dinter of 3082 Chrysalis Symbolic Designa and Alan Brown of Manawatu 3083 Internet Services. 3084 When trying to do host canonification in a Wildcard MX 3085 environment, try an MX lookup of the hostname without the 3086 default domain appended. Problem noted by Olaf Seibert of 3087 Polderland Language & Speech Technology. 3088 Reject SMTP RCPT To: commands with only comments (i.e. 3089 'RCPT TO: (comment)'. Problem noted by Earle Ake of 3090 Hassler Communication Systems Technology, Inc. 3091 Handle any number of %s in the LDAP filter spec. Patch from 3092 Per Hedeland of Ericsson. 3093 Clear ldapx open timeouts even if the map open failed to prevent 3094 a segmentation fault. Patch from Wayne Knowles of the 3095 National Institute of Water & Atmospheric Research Ltd. 3096 Do not syslog envelope clone messages when using address 3097 verification (-bv). Problem noted by Kari Hurtta of the 3098 Finnish Meteorological Institute. 3099 Continue to perform queue runs while in daemon mode even if the 3100 daemon is rejecting connections due to a disk full 3101 condition. Problem noted by JR Oldroyd of TerraNet 3102 Internet Services. 3103 Include full filename on installation of the sendmail.hf file 3104 in case the $HFDIR directory does not exist. Problem 3105 noted by Josef Svitak of Montana State University. 3106 Close all maps when exiting the process with one exception. 3107 Berkeley DB can use internal shared memory locking for 3108 its memory pool. Closing a map opened by another process 3109 will interfere with the shared memory and locks of the 3110 parent process leaving things in a bad state. For 3111 Berkeley DB, only close the map if the current process 3112 is also the one that opened the map, otherwise only close 3113 the map file descriptor. Thanks to Yoseff Francus of 3114 Collective Technologies for volunteering his system for 3115 extended testing. 3116 Avoid null pointer dereference on XDEBUG output for SMTP reply 3117 failures. Problem noted by Carlos Canau of EUnet Portugal. 3118 On mailq and hoststat listings being piped to another program, such 3119 as more, if the pipe closes (i.e., the user quits more), 3120 stop sending output and exit. Patch from Allan E Johannesen 3121 of Worcester Polytechnic Institute. 3122 In accordance with the documentation, LDAP map lookup failures 3123 are now considered temporary failures instead of permanent 3124 failures unless the -t flag is used in the map definition. 3125 Problem noted by Booker Bense of Stanford University and 3126 Eric C. Hagberg of Morgan Stanley. 3127 Fix by one error reporting on long alias names. Problem noted by 3128 H. Paul Hammann of the Missouri Research and Education 3129 Network. 3130 Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem 3131 noted by Barry S. Finkel of Argonne National Laboratory. 3132 When automatically converting from 8 bit to quoted printable MIME, 3133 be careful not to miss a multi-part boundary if that 3134 boundary is preceded by a boundary-like line. Problem 3135 noted by Andreas Raschle of Ansid Inc. Fix from 3136 Kari Hurtta of the Finnish Meteorological Institute. 3137 Avoid bogus reporting of "LMTP tobuf overflow" when the buffer 3138 has enough space for the additional address. Problem 3139 noted by Steve Cliffe of the University of Wollongong. 3140 Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem 3141 noted by Alex Vorobiev of Swarthmore College. 3142 If the check_compat ruleset resolves to the $#discard mailer, 3143 discard the current recipient. Unlike check_relay, 3144 check_mail, and check_rcpt, the entire envelope is not 3145 discarded. Problem noted by RZ D. Rahlfs. Fix from 3146 Claus Assmann of Christian-Albrechts-University of Kiel. 3147 Avoid segmentation fault when reading ServiceSwitchFile files with 3148 bogus formatting. Patch from Kari Hurtta of the Finnish 3149 Meteorological Institute. 3150 Support Berkeley DB 2.6.4 API change. 3151 OP.ME: Pages weren't properly output on duplexed printers. Fix 3152 from Matthew Black of CSU Long Beach. 3153 Portability: 3154 Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc. 3155 Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase 3156 option structure. Problem noted by Ashley M. 3157 Kirchner of Photo Craft Laboratories, Inc. 3158 Break out IP address to hostname translation for 3159 reading network interface addresses into 3160 class 'w'. Patch from John Kennedy of 3161 Cal State University, Chico. 3162 AIX 4.x use -qstrict with -O3 to prevent the optimized 3163 from changing the semantics of the compiled 3164 program. From Simon Travaglia of the 3165 University of Waikato, New Zealand. 3166 FreeBSD 2.2.2 and later support setusercontext(). From 3167 Peter Wemm of DIALix. 3168 FreeBSD 3.x fix from Peter Wemm of DIALix. 3169 IRIX 5.x has a syslog buffer size of 512 bytes. From 3170 Nao NINOMIYA of Utsunomiya University. 3171 IRIX 6.5 64-bit Build support. 3172 LDAP Version 3 support from John Beck and Ravi Iyer 3173 of Sun Microsystems. 3174 Linux does not implement seteuid() properly. From 3175 John Kennedy of Cal State University, Chico. 3176 Linux timezone type was set improperly. From Takeshi Itoh 3177 of Bits Co., Ltd. 3178 NCR MP-RAS 3.x needs -lresolv for confLIBS. From 3179 Tom J. Moore of NCR. 3180 NeXT 4.x correction to man page path. From J. P. McCann 3181 of E I A. 3182 System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs) 3183 from Paul Gampe of the Asia Pacific Network 3184 Information Center. 3185 ULTRIX now requires an optimization limit of 970 from 3186 Allan E Johannesen of Worcester Polytechnic 3187 Institute. 3188 Fix extern declaration for sm_dopr(). Fix from Henk 3189 van Oers of Algemeen Nederlands Persbureau. 3190 CONFIG: Catch @hostname,user@anotherhost.domain as relaying. 3191 Problem noted by Mark Rogov of AirMedia, Inc. Fix from 3192 Claus Assmann of Christian-Albrechts-University of Kiel. 3193 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as 3194 there are multiple RBL's available and the MAPS RBL may 3195 not be the one in use. Suggested by Alan Brown of 3196 Manawatu Internet Services. 3197 CONFIG: Properly strip route addresses (i.e., @host1:user@host2) 3198 when stripping down a recipient address to check for 3199 relaying. Patch from Claus Assmann of 3200 Christian-Albrechts-University of Kiel and Neil W Rickert 3201 of Northern Illinois University. 3202 CONFIG: Allow the access database to override RBL lookups. Patch 3203 from Claus Assmann of Christian-Albrechts-University of 3204 Kiel. 3205 CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch 3206 Dot Com. 3207 CONFIG: Fixed check for deferred delivery mode warning. Patch 3208 from Claus Assmann of Christian-Albrechts-University of 3209 Kiel and Per Hedeland of Ericsson. 3210 CONFIG: If a recipient using % addressing is used, e.g. 3211 user%site@othersite, and othersite's MX records are now 3212 checked for local hosts if FEATURE(relay_based_on_MX) is 3213 used. Problem noted by Alexander Litvin of Lucky Net Ltd. 3214 Patch from Alexander Litvin of Lucky Net Ltd and 3215 Claus Assmann of Christian-Albrechts-University of Kiel. 3216 MAIL.LOCAL: Prevent warning messages from appearing in the LMTP 3217 stream. Do not allow more than one response per recipient. 3218 MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix 3219 from John Beck of Sun Microsystems. 3220 MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from 3221 John Beck of Sun Microsystems. 3222 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in 3223 the envelope From header. 3224 MAIL.LOCAL: Accept underscores in hostnames in LMTP mode. 3225 Problem noted by Glenn A. Malling of Syracuse University. 3226 MAILSTATS: Document msgsrej and msgsdis fields in the man page. 3227 Problem noted by Richard Wong of Princeton University. 3228 MAKEMAP: Build group list so group writable files are allowed with 3229 the -s flag. Problem noted by Curt Sampson of Internet 3230 Portal Services, Inc. 3231 PRALIASES: Automatically handle alias files created without the 3232 NULL byte at the end of the key. Patch from John Beck of 3233 Sun Microsystems. 3234 PRALIASES: Support Berkeley DB 2.6.4 API change. 3235 New Files: 3236 BuildTools/OS/IRIX64.6.5 3237 BuildTools/OS/UnixWare.5.i386 3238 cf/ostype/unixware7.m4 3239 contrib/smcontrol.pl 3240 src/control.c 3241 32428.9.1/8.9.1 1998/07/02 3243 If both an OS specific site configuration file and a generic 3244 site.config.m4 file existed, only the latter was used 3245 instead of both. Problem noted by Geir Johannessen of 3246 the Norwegian University of Science and Technology. 3247 Fix segmentation fault while converting 8 bit to 7 bit MIME 3248 multipart messages by trying to write to an unopened 3249 file descriptor. Fix from Kari Hurtta of the Finnish 3250 Meteorological Institute. 3251 Do not assume Message: and Text: headers indicate the end of 3252 the header area when parsing MIME headers. Problem noted 3253 by Kari Hurtta of the Finnish Meteorological Institute. 3254 Setting the confMAN#SRC Build variable would only effect the 3255 installation commands. The man pages would still be 3256 built with .0 extensions. Problem noted by Bryan 3257 Costales of InfoBeat, Inc. 3258 Installation of manual pages didn't honor the DESTDIR environment 3259 variable. Problem noted by Bryan Costales of InfoBeat, Inc. 3260 If the check_relay ruleset resolved to the discard mailer, messages 3261 were still delivered. Problem noted by Mirek Luc of NASK. 3262 Mail delivery to files would fail with an Operating System Error 3263 if sendmail was not running as root, i.e., RunAsUser was set. 3264 Problem noted by Leonard N. Zubkoff of Dandelion Digital. 3265 Prevent MinQueueAge from interfering from queued items created 3266 in the future, i.e., if the system clock was set ahead 3267 and then back. Problem noted by Michael Miller of the 3268 University of Natal, Pietermaritzburg. 3269 Do not advertise ETRN support in ESTMP EHLO reply if noetrn is 3270 set in the PrivacyOptions option. Fix from Ted Rule of 3271 Flextech TV. 3272 Log invalid persistent host status file lines instead of 3273 bouncing the message. Problem noted by David Lindes of 3274 DaveLtd Enterprises. 3275 Move creation of empty sendmail.st file from installation to 3276 compilation. Installation may be done from a read-only 3277 mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric 3278 Anderson of the Oasis Research Center, Inc. 3279 Enforce the maximum number of User Database entries limit. Problem 3280 noted by Gary Buchanan of Credence Systems Inc. 3281 Allow dead.letter files in root's home directory. Problem noted 3282 by Anna Ullman of Sun Microsystems. 3283 Program deliveries in forward files could be marked unsafe if 3284 any directory listed in the ForwardPath option did not 3285 exist. Problem noted by Jorg Bielak of Coastal Web Online. 3286 Do not trust the length of the address structure returned by 3287 gethostbyname(). Problem noted by Chris Evans of Oxford 3288 University. 3289 If the SIZE= MAIL From: ESMTP parameter is too large, use the 3290 5.3.4 DSN status code instead of 5.2.2. Similarly, for 3291 non-local deliveries, if the message is larger than the 3292 mailer maximum message size, use 5.3.4 instead of 5.2.3. 3293 Suggested by Antony Bowesman of 3294 Fujitsu/TeaWARE Mail/MIME System. 3295 Portability: 3296 Fix the check for an IP address reverse lookup for 3297 use in $&{client_name} on 64 bit platforms. 3298 From Gilles Gallot of Institut for Development 3299 and Resources in Intensive Scientific computing. 3300 BSD-OS uses .0 for man page extensions. From Jeff Polk 3301 of BSDI. 3302 DomainOS detection for Build. Also, version 10.4 and later 3303 ship a unistd.h. Fixes from Takanobu Ishimura of 3304 PICT Inc. 3305 NeXT 4.x uses /usr/lib/man/cat for its man pages. From 3306 J. P. McCann of E I A. 3307 SCO 4.X and 5.X include NDBM support. From Vlado Potisk 3308 of TEMPEST, Ltd. 3309 CONFIG: Do not pass spoofed PTR results through resolver for 3310 qualification. Problem noted by Michiel Boland of 3311 Digital Valley Internet Professionals; fix from 3312 Kari Hurtta of the Finnish Meteorological Institute. 3313 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP, 3314 BITNET, and DECNET addresses for resolvable senders. 3315 Problem noted by Alexander Litvin of Lucky Net Ltd. 3316 CONFIG: Work around Sun's broken configuration which sends bounce 3317 messages as coming from @@hostname instead of <>. LMTP 3318 would not accept @@hostname. 3319 OP.ME: Corrections to complex sendmail startup script from Rick 3320 Troxel of the National Institutes of Health. 3321 RMAIL: Do not install rmail by default, require 'make force-install' 3322 as this rmail isn't the same as others. Suggested by 3323 Kari Hurtta of the Finnish Meteorological Institute. 3324 New Files: 3325 BuildTools/OS/DomainOS.10.4 3326 33278.9.0/8.9.0 1998/05/19 3328 SECURITY: To prevent users from reading files not normally 3329 readable, sendmail will no longer open forward, :include:, 3330 class, ErrorHeader, or HelpFile files located in unsafe 3331 (i.e., group or world writable) directory paths. Sites 3332 which need the ability to override security can use the 3333 DontBlameSendmail option. See the README file for more 3334 information. 3335 SECURITY: Problems can occur on poorly managed systems, specifically, 3336 if maps or alias files are in world writable directories. 3337 This fixes the change added to 8.8.6 to prevent links in these 3338 world writable directories. 3339 SECURITY: Make sure ServiceSwitchFile option file is not a link if 3340 it is in a world writable directory. 3341 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the 3342 tty it may be able to push bytes back to the senders input. 3343 Unfortunately this breaks -v mode. Problem noted by 3344 Wietse Venema of the Global Security Analysis Lab at 3345 IBM T.J. Watson Research. 3346 SECURITY: Empty group list if DontInitGroups is set to true to 3347 prevent program deliveries from picking up extra group 3348 privileges. Problem reported by Wolfgang Ley of DFN-CERT. 3349 SECURITY: The default value for DefaultUser is now set to the uid and 3350 gid of the first existing user mailnull, sendmail, or daemon 3351 that has a non-zero uid. If none of these exist, sendmail 3352 reverts back to the old behavior of using uid 1 and gid 1. 3353 This is a security problem for Linux which has chosen that 3354 uid and gid for user bin instead of daemon. If DefaultUser 3355 is set in the configuration file, that value overrides this 3356 default. 3357 SECURITY: Since 8.8.7, the check for non-set-user-ID binaries 3358 interfered with setting an alternate group id for the 3359 RunAsUser option. Problem noted by Randall Winchester of 3360 the University of Maryland. 3361 Add support for Berkeley DB 2.X. Based on patch from John Kennedy 3362 of Cal State University, Chico. 3363 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users 3364 which previously defined OLD_NEWDB=1 must now upgrade to the 3365 current version of Berkeley DB. 3366 Added support for regular expressions using the new map class regex. 3367 From Jan Krueger of Unix-AG of University of Hannover. 3368 Support for BIND 8.1.1's hesiod for hesiod maps and hesiod 3369 UserDatabases from Randall Winchester of the University 3370 of Maryland. 3371 Allow any shell for user shell on program deliveries on V1 3372 configurations for backwards compatibility on machines which 3373 do not have getusershell(). Fix from John Beck of Sun 3374 Microsystems. 3375 On operating systems which change the process title by reusing the 3376 argument vector memory, sendmail could corrupt memory if the 3377 last argument was either "-q" or "-d". Problem noted by 3378 Frank Langbein of the University of Stuttgart. 3379 Support Local Mail Transfer Protocol (LMTP) between sendmail and 3380 mail.local on the F=z flag. 3381 Macro-expand the contents of the ErrMsgFile. Previously this was 3382 only done if you had magic characters (0x81) to indicate 3383 macro expansion. Now $x will be expanded. This means that 3384 real dollar signs have to be backslash escaped. 3385 TCP Wrappers expects "unknown" in the hostname argument if the 3386 reverse DNS lookup for the incoming connection fails. 3387 Problem noted by Randy Grimshaw of Syracuse University and 3388 Wietse Venema of the Global Security Analysis Lab at 3389 IBM T.J. Watson Research. 3390 DSN success bounces generated from an invocation of sendmail -t 3391 would be sent to both the sender and MAILER-DAEMON. 3392 Problem noted by Claus Assmann of 3393 Christian-Albrechts-University of Kiel. 3394 Avoid "Error 0" messages on delivery mailers which exit with a 3395 valid exit value such as EX_NOPERM. Fix from Andreas Luik 3396 of ISA Informationssysteme GmbH. 3397 Tokenize $&x expansions on right hand side of rules. This eliminates 3398 the need to use tricks like $(dequote "" $&{client_name} $) 3399 to cause the ${client_name} macro to be properly tokenized. 3400 Add the MaxRecipientsPerMessage option: this limits the number of 3401 recipients that will be accepted in a single SMTP 3402 transaction. After this number is reached, sendmail 3403 starts returning "452 Too many recipients" to all RCPT 3404 commands. This can be used to limit the number of recipients 3405 per envelope (in particular, to discourage use of the server 3406 for spamming). Note: a better approach is to restrict 3407 relaying entirely. 3408 Fixed pointer initialization for LDAP lmap struct, fixed -s option 3409 to ldapx map and added timeout for ldap_open call to 3410 avoid hanging sendmail in the event of hung LDAP servers. 3411 Patch from Booker Bense of Stanford University. 3412 Allow multiple -qI, -qR, or -qS queue run limiters. For example, 3413 '-qRfoo -qRbar' would deliver mail to recipients with foo or 3414 bar in their address. Patch from Allan E Johannesen of 3415 Worcester Polytechnic Institute. 3416 The bestmx map will now return a list of the MX servers for a host if 3417 passed a column delimiter via the -z map flag. This can be 3418 used to check if the server is an MX server for the recipient 3419 of a message. This can be used to help prevent relaying. 3420 Patch from Mitchell Blank Jr of Exec-PC. 3421 Mark failures for the *file* mailer and return bounce messages to the 3422 sender for those failures. 3423 Prevent bogus syslog timestamps on errors in sendmail.cf by 3424 preserving the TZ environment variable until TimeZoneSpec 3425 has been determined. Problem noted by Ralf Hildebrandt of 3426 Technical University of Braunschweig. Patch from Per Hedeland 3427 of Ericsson. 3428 Print test input in address test mode when input is not from the tty 3429 when the -v flag is given (i.e., sendmail -bt -v) to make 3430 output easier to decipher. Problem noted by Aidan Nichol 3431 of Procter & Gamble. 3432 The LDAP map -s flag was not properly parsed and the error message 3433 given included the remainder of the arguments instead of 3434 solely the argument in error. Problem noted by Aidan Nichol 3435 of Procter & Gamble. 3436 New DontBlameSendmail option. This option allows administrators to 3437 bypass some of sendmail's file security checks at the expense 3438 of system security. This should only be used if you are 3439 absolutely sure you know the consequences. The available 3440 DontBlameSendmail options are: 3441 Safe 3442 AssumeSafeChown 3443 ClassFileInUnsafeDirPath 3444 ErrorHeaderInUnsafeDirPath 3445 GroupWritableDirPathSafe 3446 GroupWritableForwardFileSafe 3447 GroupWritableIncludeFileSafe 3448 GroupWritableAliasFile 3449 HelpFileinUnsafeDirPath 3450 WorldWritableAliasFile 3451 ForwardFileInGroupWritableDirPath 3452 IncludeFileInGroupWritableDirPath 3453 ForwardFileInUnsafeDirPath 3454 IncludeFileInUnsafeDirPath 3455 ForwardFileInUnsafeDirPathSafe 3456 IncludeFileInUnsafeDirPathSafe 3457 MapInUnsafeDirPath 3458 LinkedAliasFileInWritableDir 3459 LinkedClassFileInWritableDir 3460 LinkedForwardFileInWritableDir 3461 LinkedIncludeFileInWritableDir 3462 LinkedMapInWritableDir 3463 LinkedServiceSwitchFileInWritableDir 3464 FileDeliveryToHardLink 3465 FileDeliveryToSymLink 3466 WriteMapToHardLink 3467 WriteMapToSymLink 3468 WriteStatsToHardLink 3469 WriteStatsToSymLink 3470 RunProgramInUnsafeDirPath 3471 RunWritableProgram 3472 New DontProbeInterfaces option to turn off the inclusion of all the 3473 interface names in $=w on startup. In particular, if you 3474 have lots of virtual interfaces, this option will speed up 3475 startup. However, unless you make other arrangements, mail 3476 sent to those addresses will be bounced. 3477 Automatically create alias databases if they don't exist and 3478 AutoRebuildAliases is set. 3479 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command. 3480 Suggested by Christophe Wolfhugel of the Institut Pasteur. 3481 Add PrivacyOptions=noverb flag to disable the SMTP VERB command. 3482 When determining the client host name ($&{client_name} macro), do 3483 a forward (A) DNS lookup on the result of the PTR lookup 3484 and compare results. If they differ or if the PTR lookup 3485 fails, &{client_name} will contain the IP address 3486 surrounded by square brackets (e.g., [127.0.0.1]). 3487 New map flag: -Tx appends "x" to lookups that return temporary failure 3488 (i.e, it is like -ax for the temporary failure case, in 3489 contrast to the success case). 3490 New syntax to do limited checking of header syntax. A config line 3491 of the form: 3492 HHeader: $>Ruleset 3493 causes the indicated Ruleset to be invoked on the Header 3494 when read. This ruleset works like the check_* rulesets -- 3495 that is, it can reject mail on the basis of the contents. 3496 Limit the size of the HELO/EHLO parameter to prevent spammers 3497 from hiding their connection information in Received: 3498 headers. 3499 When SingleThreadDelivery is active, deliveries to locked hosts 3500 are skipped. This will cause the delivering process to 3501 try the next MX host or queue the message if no other MX 3502 hosts are available. Suggested by Alexander Litvin. 3503 The [FILE] mailer type now delivers to the file specified in the 3504 A= equate of the mailer definition instead of $u. It also 3505 obeys all of the F= mailer flags such as the MIME 3506 7/8 bit conversion flags. This is useful for defining 3507 a mailer which delivers to the same file regardless of the 3508 recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail). 3509 Do not assume the identity of a remote connection is root@localhost 3510 if the remote connection closes the socket before the 3511 remote identity can be queried. 3512 Change semantics of the F=S mailer flag back to 8.7.5 behavior. 3513 Some mailers, including procmail, require that the real 3514 uid is left unchanged by sendmail. Problem noted by Per 3515 Hedeland of Ericsson. 3516 No longer is the src/obj*/Makefile selected from a large list -- it 3517 is now generated using the information in BuildTools/OS/ -- 3518 some of the details are determined dynamically via 3519 BuildTools/bin/configure.sh. 3520 The other programs in the sendmail distribution -- mail.local, 3521 mailstats, makemap, praliases, rmail, and smrsh -- now use 3522 the new Build method which creates an operating system 3523 specific Makefile using the information in BuildTools. 3524 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e., 3525 a failure on one message won't affect future messages to the 3526 same host). This is necessary if the remote host sends 3527 a 451 error if the domain of the sender does not resolve 3528 as is common in anti-spam configurations. Problem noted 3529 by Mitchell Blank Jr of Exec-PC. 3530 New "discard" mailer for check_* rulesets and header checking 3531 rulesets. If one of the above rulesets resolves to the 3532 $#discard mailer, the commands will be accepted but the 3533 message will be completely discarded after it is accepting. 3534 This means that even if only one of the recipients 3535 resolves to the $#discard mailer, none of the recipients 3536 will receive the mail. Suggested by Brian Kantor. 3537 All but the last cloned envelope of a split envelope were queued 3538 instead of being delivered. Problem noted by John Caruso 3539 of CNET: The Computer Network. 3540 Fix deadlock situation in persistent host status file locking. 3541 Syslog an error if a user forward file could not be read due to 3542 an error. Patch from John Beck of Sun Microsystems. 3543 Use the first name returned on machine lookups when canonifying a 3544 hostname via NetInfo. Patch from Timm Wetzel of GWDG. 3545 Clear the $&{client_addr}, $&{client_name}, and $&{client_port} 3546 macros when delivering a bounce message to prevent 3547 rejection by a check_compat ruleset which uses these macros. 3548 Problem noted by Jens Hamisch of AgiX Internetservices GmbH. 3549 If the check_relay ruleset resolves to the the error mailer, the 3550 error in the $: portion of the resolved triplet is used 3551 in the rejection message given to the remote machine. 3552 Suggested by Scott Gifford of The Internet Ramp. 3553 Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros 3554 before calling the check_relay ruleset. Suggested by Scott 3555 Gifford of The Internet Ramp. 3556 Sendmail would get a segmentation fault if a mailer exited with an 3557 exit code of 79. Problem noted by Aaron Schrab of ExecPC 3558 Internet. Fix from Christophe Wolfhugel of the Pasteur 3559 Institute. 3560 Separate snprintf/vsnprintf routines into separate file for use by 3561 mail.local. 3562 Allow multiple map lookups on right hand side, e.g., 3563 R$* $( host $1 $) $| $( passwd $1 $). Patch from 3564 Christophe Wolfhugel of the Pasteur Institute. 3565 Properly generate success DSN messages if requested for aliases 3566 which have owner- aliases. Problem noted by Kari Hurtta 3567 of the Finnish Meteorological Institute. 3568 Properly display delayed-expansion macros ($&{macroname}) in 3569 address test mode (-bt). Problem noted by Bryan Costales 3570 of InfoBeat, Inc. 3571 -qR could sometimes match names incorrectly. Problem noted by 3572 Lutz Euler of Lavielle EDV Systemberatung GmbH & Co. 3573 Include a magic number and version in the StatusFile for the 3574 mailstats command. 3575 Record the number of rejected and discarded messages in the 3576 StatusFile for display by the mailstats command. Patch 3577 from Randall Winchester of the University of Maryland. 3578 IDENT returns where the OSTYPE field equals "OTHER" now list the 3579 user portion as IDENT:username@site instead of 3580 username@site to differentiate the two. Suggested by 3581 Kari Hurtta of the Finnish Meteorological Institute. 3582 Enforce timeout for LDAP queries. Patch from Per Hedeland of 3583 Ericsson. 3584 Change persistent host status filename substitution so '/' is 3585 replaced by ':' instead of '|' to avoid clashes. Also 3586 avoid clashes with hostnames with leading dots. Fix from 3587 Mitchell Blank Jr. of Exec-PC. 3588 If the system lock table is full, only attempt to create a new 3589 queue entry five times before giving up. Previously, it 3590 was attempted indefinitely which could cause the partition 3591 to run out of inodes. Problem noted by Suzie Weigand of 3592 Stratus Computer, Inc. 3593 In verbose mode, warn if the sendmail.cf version is less than the 3594 currently supported version. 3595 Sorting for QueueSortOrder=host is now case insensitive. Patch 3596 from Randall S. Winchester of the University of Maryland. 3597 Properly quote a full name passed via the -F command line option, 3598 the Full-Name: header, or the NAME environment variable if 3599 it contains characters which must be quoted. Problem noted 3600 by Kari Hurtta of the Finnish Meteorological Institute. 3601 Avoid possible race condition that unlocked a mail job before 3602 releasing the transcript file on systems that use flock(2). 3603 In some cases, this might result in a "Transcript Unavailable" 3604 message in error bounces. 3605 Accept SMTP replies which contain only a reply code and no 3606 accompanying text. Problem noted by Fernando Fraticelli of 3607 Digital Equipment Corporation. 3608 Portability: 3609 AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura 3610 of Kyoto University. 3611 AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from 3612 Randall S. Winchester of the University of 3613 Maryland. 3614 AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS. 3615 CRAY T3E from Manu Mahonen of Center for Scientific Computing 3616 in Finland. 3617 Digital UNIX now uses statvfs for determining free 3618 disk space. Patch from Randall S. Winchester of 3619 the University of Maryland. 3620 HP-UX 11.x from Richard Allen of Opin Kerfi HF and 3621 Regis McEwen of Progress Software Corporation. 3622 IRIX 64 bit fixes from Kari Hurtta of the Finnish 3623 Meteorological Institute. 3624 IRIX 6.2 configuration fix for mail.local from Michael Kyle 3625 of CIC/Advanced Computing Laboratory. 3626 IRIX 6.5 from Thomas H Jones II of SGI. 3627 IRIX 6.X load average code from Bob Mende of SGI. 3628 QNX from Glen McCready <glen@qnx.com>. 3629 SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links 3630 to sendmail. Install with group bin instead of kmem 3631 as kmem does not exist. From Guillermo Freige of 3632 Gobernacion de la Pcia de Buenos Aires and Paul 3633 Fischer of BTG, Inc. 3634 SunOS 4.X does not include memmove(). Patch from 3635 Per Hedeland of Ericsson. 3636 SunOS 5.7 includes getloadavg() function for determining 3637 load average. Patch from John Beck of Sun 3638 Microsystems. 3639 CONFIG: Increment version number of config file. 3640 CONFIG: add DATABASE_MAP_TYPE to set the default type of database 3641 map for the various maps. The default is hash. Patch from 3642 Robert Harker of Harker Systems. 3643 CONFIG: new confEBINDIR m4 variable for defining the executable 3644 directory for certain programs. 3645 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for 3646 local mail delivery. By the default, /usr/libexec/mail.local 3647 is used. This is expected to be the mail.local shipped 3648 with 8.9 which is LMTP capable. The path is based on the 3649 new confEBINDIR m4 variable. 3650 CONFIG: Use confEBINDIR in determining path to smrsh for 3651 FEATURE(smrsh). Note that this changes the default from 3652 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the 3653 old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh). 3654 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to 3655 include $z/.forward.$w+$h and $z/.forward+$h which allow 3656 the user to setup different .forward files for 3657 user+detail addressing. 3658 CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES, 3659 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage, 3660 DontProbeInterfaces, and DontBlameSendmail options. 3661 CONFIG: by default do not allow relaying (that is, accepting mail 3662 from outside your domain and sending it to another host 3663 outside your domain). 3664 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from 3665 any site to any site. 3666 CONFIG: new FEATURE(relay_entire_domain) allows any host in your 3667 domain as defined by the 'm' class ($=m) to relay. 3668 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on 3669 the MX records of the host portion of an incoming recipient. 3670 CONFIG: new FEATURE(access_db) which turns on the access database 3671 feature. This database gives you the ability to allow 3672 or refuse to accept mail from specified domains for 3673 administrative reasons. By default, names that are listed 3674 as "OK" in the access db are domain names, not host names. 3675 CONFIG: new confCR_FILE m4 variable for defining the name of the file 3676 used for class 'R'. Defaults to /etc/mail/relay-domains. 3677 CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file) 3678 to add items to class 'R' ($=R) for hosts allowed to relay. 3679 CONFIG: new FEATURE(relay_hosts_only) to change the behavior 3680 of FEATURE(access_db) and class 'R' to lookup individual 3681 host names only. 3682 CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient 3683 using % addressing is used, e.g. user%site@othersite, 3684 and othersite is in class 'R', the check_rcpt ruleset 3685 will strip @othersite and recheck user@site for relaying. 3686 This feature changes that behavior. It should not be 3687 needed for most installations. 3688 CONFIG: new FEATURE(relay_local_from) to allow relaying if the 3689 domain portion of the mail sender is a local host. This 3690 should only be used if absolutely necessary as it opens 3691 a window for spammers. Patch from Randall S. Winchester of 3692 the University of Maryland. 3693 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to 3694 block incoming mail destined for certain recipient 3695 usernames, hostnames, or addresses. 3696 CONFIG: By default, MAIL FROM: commands in the SMTP session will be 3697 refused if the host part of the argument to MAIL FROM: cannot 3698 be located in the host name service (e.g., DNS). 3699 CONFIG: new FEATURE(accept_unresolvable_domains) accepts 3700 unresolvable hostnames in MAIL FROM: SMTP commands. 3701 CONFIG: new FEATURE(accept_unqualified_senders) accepts 3702 MAIL FROM: senders which do not include a domain. 3703 CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the 3704 Realtime Blackhole List. You can specify the RBL name 3705 server to contact by specifying it as an optional argument. 3706 The default is rbl.maps.vix.com. For details, see 3707 http://maps.vix.com/rbl/. 3708 CONFIG: Call Local_check_relay, Local_check_mail, and 3709 Local_check_rcpt from check_relay, check_mail, and 3710 check_rcpt. Users with local rulesets should place the 3711 rules using LOCAL_RULESETS. If a Local_check_* ruleset 3712 returns $#OK, the message is accepted. If the ruleset 3713 returns a mailer, the appropriate action is taken, else 3714 the return of the ruleset is ignored. 3715 CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by 3716 default to support file, :include:, and program deliveries. 3717 CONFIG: Remove the default for confDEF_USER_ID so the binary can 3718 pick the proper default value. See the SECURITY note 3719 above for more information. 3720 CONFIG: FEATURE(nodns) now warns the user that the feature is a 3721 no-op. Patch from Kari Hurtta of the Finnish 3722 Meteorological Institute. 3723 CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to 3724 daemon since DEC's /bin/mail will drop the envelope 3725 sender if run as mailnull. See the Digital UNIX section 3726 of src/README for more information. Problem noted by 3727 Kari Hurtta of the Finnish Meteorological Institute. 3728 CONFIG: .cf files are now stored in the same directory with the 3729 .mc files instead of in the obj directory. 3730 CONFIG: New options confSINGLE_LINE_FROM_HEADER, 3731 confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for 3732 setting SingleLineFromHeader, AllowBogusHELO, and 3733 MustQuoteChars respectively. 3734 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This 3735 SMTP-like protocol allows detailed reporting of delivery 3736 status on a per-user basis. Code donated by John Myers of 3737 CMU (now of Netscape). 3738 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the 3739 University of Maryland. NOTE: mail.local is not 3740 compatible with the stock HP-UX mail format. Be sure to 3741 read mail.local/README. 3742 MAIL.LOCAL: Prevent other mail delivery agents from stealing a 3743 mailbox lock. Patch from Randall S. Winchester of the 3744 University of Maryland. 3745 MAIL.LOCAL: glibc portability from John Kennedy of Cal State 3746 University, Chico. 3747 MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish 3748 Meteorological Institute. 3749 MAILSTATS: Display the number of rejected and discarded messages 3750 in the StatusFile. Patch from Randall Winchester of the 3751 University of Maryland. 3752 MAKEMAP: New -s flag to ignore safety checks on database map files 3753 such as linked files in world writable directories. 3754 MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support. 3755 PRALIASES: Add support for Berkeley DB 2.X. 3756 PRALIASES: Do not automatically include NDBM support. Problem 3757 noted by Ralf Hildebrandt of the Technical University of 3758 Braunschweig. 3759 RMAIL: Improve portability for other platforms. Patches from 3760 Randall S. Winchester of the University of Maryland and 3761 Kari Hurtta of the Finnish Meteorological Institute. 3762 Changed Files: 3763 src/Makefiles/Makefile.* files have been modified to use 3764 the new build mechanism and are now BuildTools/OS/*. 3765 src/makesendmail changed to symbolic link to src/Build. 3766 New Files: 3767 BuildTools/M4/header.m4 3768 BuildTools/M4/depend/BSD.m4 3769 BuildTools/M4/depend/CC-M.m4 3770 BuildTools/M4/depend/NCR.m4 3771 BuildTools/M4/depend/Solaris.m4 3772 BuildTools/M4/depend/X11.m4 3773 BuildTools/M4/depend/generic.m4 3774 BuildTools/OS/AIX.4.2 3775 BuildTools/OS/AIX.4.x 3776 BuildTools/OS/CRAYT3E.2.0.x 3777 BuildTools/OS/HP-UX.11.x 3778 BuildTools/OS/IRIX.6.5 3779 BuildTools/OS/NEXTSTEP.4.x 3780 BuildTools/OS/NeXT.4.x 3781 BuildTools/OS/NetBSD.8.3 3782 BuildTools/OS/QNX 3783 BuildTools/OS/SunOS.5.7 3784 BuildTools/OS/dcosx.1.x.NILE 3785 BuildTools/README 3786 BuildTools/Site/README 3787 BuildTools/bin/Build 3788 BuildTools/bin/configure.sh 3789 BuildTools/bin/find_m4.sh 3790 BuildTools/bin/install.sh 3791 Makefile 3792 cf/cf/Build 3793 cf/cf/generic-hpux10.cf 3794 cf/feature/accept_unqualified_senders.m4 3795 cf/feature/accept_unresolvable_domains.m4 3796 cf/feature/access_db.m4 3797 cf/feature/blacklist_recipients.m4 3798 cf/feature/loose_relay_check.m4 3799 cf/feature/local_lmtp.m4 3800 cf/feature/promiscuous_relay.m4 3801 cf/feature/rbl.m4 3802 cf/feature/relay_based_on_MX.m4 3803 cf/feature/relay_entire_domain.m4 3804 cf/feature/relay_hosts_only.m4 3805 cf/feature/relay_local_from.m4 3806 cf/ostype/qnx.m4 3807 contrib/doublebounce.pl 3808 mail.local/Build 3809 mail.local/Makefile.m4 3810 mail.local/README 3811 mailstats/Build 3812 mailstats/Makefile.m4 3813 makemap/Build 3814 makemap/Makefile.m4 3815 praliases/Build 3816 praliases/Makefile.m4 3817 rmail/Build 3818 rmail/Makefile.m4 3819 rmail/rmail.0 3820 smrsh/Build 3821 smrsh/Makefile.m4 3822 src/Build 3823 src/Makefile.m4 3824 src/snprintf.c 3825 Deleted Files: 3826 cf/cf/Makefile (replaced by Makefile.dist) 3827 mail.local/Makefile 3828 mail.local/Makefile.dist 3829 mailstats/Makefile 3830 mailstats/Makefile.dist 3831 makemap/Makefile 3832 makemap/Makefile.dist 3833 praliases/Makefile 3834 praliases/Makefile.dist 3835 rmail/Makefile 3836 smrsh/Makefile 3837 smrsh/Makefile.dist 3838 src/Makefile 3839 src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2) 3840 src/Makefiles/Makefile.SMP_DC.OSx.NILE 3841 (renamed BuildTools/OS/dcosx.1.x.NILE) 3842 src/Makefiles/Makefile.Utah (obsolete platform) 3843 Renamed Files: 3844 READ_ME => README 3845 cf/cf/Makefile.dist => Makefile 3846 cf/cf/obj/* => cf/cf/* 3847 src/READ_ME => src/README 3848 38498.8.8/8.8.8 1997/10/24 3850 If the check_relay ruleset failed, the relay= field was logged 3851 incorrectly. Problem noted by Kari Hurtta of the Finnish 3852 Meteorological Institute. 3853 If /usr/tmp/dead.letter already existed, sendmail could not 3854 add additional bounces to it. Problem noted by Thomas J. 3855 Arseneault of SRI International. 3856 If an SMTP mailer used a non-standard port number for the outgoing 3857 connection, it would be displayed incorrectly in verbose mode. 3858 Problem noted by John Kennedy of Cal State University, Chico. 3859 Log the ETRN parameter specified by the client before altering them 3860 to internal form. Suggested by Bob Kupiec of GES-Verio. 3861 EXPN and VRFY SMTP commands on malformed addresses were logging as 3862 User unknown with bogus delay= values. Change them to log 3863 the same as compliant addresses. Problem noted by Kari E. 3864 Hurtta of the Finnish Meteorological Institute. 3865 Ignore the debug resolver option unless using sendmail debug trace 3866 option for resolver. Problem noted by Greg Nichols of Wind 3867 River Systems. 3868 If SingleThreadDelivery was enabled and the remote server returned a 3869 protocol error on the DATA command, the connection would be 3870 closed but the persistent host status file would not be 3871 unlocked so other sendmail processes could not deliver to 3872 that host. Problem noted by Peter Wemm of DIALix. 3873 If queueing up a message due to an expensive mailer, don't increment 3874 the number of delivery attempts or set the last delivery 3875 attempt time so the message will be delivered on the next 3876 queue run regardless of MinQueueAge. Problem noted by 3877 Brian J. Coan of the Institute for Global Communications. 3878 Authentication warnings of "Processed from queue _directory_" and 3879 "Processed by _username_ with -C _filename_" would be logged 3880 with the incorrect timestamp. Problem noted by Kari E. Hurtta 3881 of the Finnish Meteorological Institute. 3882 Use a better heuristic for detecting GDBM. 3883 Log null connections on dropped connections. Problem noted by 3884 Jon Lewis of Florida Digital Turnpike. 3885 If class dbm maps are rebuilt, sendmail will now detect this and 3886 reopen the map. Previously, they could give stale 3887 results during a single message processing (but would 3888 recover when the next message was received). Fix from 3889 Joe Pruett of Q7 Enterprises. 3890 Do not log failures such as "User unknown" on -bv or SMTP VRFY 3891 requests. Problem noted by Kari E. Hurtta of the 3892 Finnish Meteorological Institute. 3893 Do not send a bounce message back to the sender regarding bad 3894 recipients if the SMTP connection is dropped before the 3895 message is accepted. Problem noted by Kari E. Hurtta of the 3896 Finnish Meteorological Institute. 3897 Use "localhost" instead of "[UNIX: localhost]" when connecting to 3898 sendmail via a UNIX pipe. This will allow rulesets using 3899 $&{client_name} to process without sending the string through 3900 dequote. Problem noted by Alan Barrett of Internet Africa. 3901 A combination of deferred delivery mode, a double bounce situation, 3902 and the inability to save a bounce message to 3903 /var/tmp/dead.letter would cause sendmail to send a bounce 3904 to postmaster but not remove the offending envelope from the 3905 queue causing it to create a new bounce message each time the 3906 queue was run. Problem noted by Brad Doctor of Net Daemons 3907 Associates. 3908 Remove newlines from hostname information returned via DNS. There are 3909 no known security implications of newlines in hostnames as 3910 sendmail filters newlines in all vital areas; however, this 3911 could cause confusing error messages. 3912 Starting with sendmail 8.8.6, mail sent with the '-t' option would be 3913 rejected if any of the specified addresses were bad. This 3914 behavior was modified to only reject the bad addresses and not 3915 the entire message. Problem noted by Jozsef Hollosi of 3916 SuperNet, Inc. 3917 Use Timeout.fileopen when delivering mail to a file. Suggested by 3918 Bryan Costales of InfoBeat, Inc. 3919 Display the proper Final-Recipient on DSN messages for non-SMTP 3920 mailers. Problem noted by Kari E. Hurtta of the 3921 Finnish Meteorological Institute. 3922 An error in calculating the available space in the list of addresses 3923 for logging deliveries could cause an address to be silently 3924 dropped. 3925 Include the initial user environment if sendmail is restarted via 3926 a HUP signal. This will give room for the process title. 3927 Problem noted by Jon Lewis of Florida Digital Turnpike. 3928 Mail could be delivered without a body if the machine does not 3929 support flock locking and runs out of processes during 3930 delivery. Fix from Chuck Lever of the University of Michigan. 3931 Drop recipient address from 251 and 551 SMTP responses per RFC 821. 3932 Problem noted by Kari E. Hurtta of the Finnish Meteorological 3933 Institute. 3934 Make sure non-rebuildable database maps are opened before the 3935 rebuildable maps (i.e., alias files) in case the database maps 3936 are needed for verifying the left hand side of the aliases. 3937 Problem noted by Lloyd Parkes of Victoria University. 3938 Make sure sender RFC822 source route addresses are alias expanded for 3939 bounce messages. Problem noted by Juergen Georgi of 3940 RUS University of Stuttgart. 3941 Minor lint fixes. 3942 Return a temporary error instead of a permanent error if an LDAP map 3943 search returns an error. This will allow sequenced maps which 3944 use other LDAP servers to be checked. Fix from Booker Bense 3945 of Stanford University. 3946 When automatically converting from quoted printable to 8bit text do 3947 not pad bare linefeeds with a space. Problem noted by Theo 3948 Nolte of the University of Technology Aachen, Germany. 3949 Portability: 3950 Non-standard C compilers may have had a problem compiling 3951 conf.c due to a standard C external declaration of 3952 setproctitle(). Problem noted by Ted Roberts of 3953 Electronic Data Systems. 3954 AUX: has a broken O_EXCL implementation. Reported by Jim 3955 Jagielski of jaguNET Access Services. 3956 BSD/OS: didn't compile if HASSETUSERCONTEXT was defined. 3957 Digital UNIX: Digital UNIX (and possibly others) moves 3958 loader environment variables into the loader memory 3959 area. If one of these environment variables (such as 3960 LD_LIBRARY_PATH) was the last environment variable, 3961 an invalid memory address would be used by the process 3962 title routine causing memory corruption. Problem 3963 noted by Sam Hartman of Mesa Internet Systems. 3964 GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused 3965 chownsafe() to always return 0 even if the OS does 3966 not permit file giveaways. Problem noted by 3967 Yasutaka Sumi of The University of Tokyo. 3968 IRIX6: Syslog buffer size set to 512 bytes. Reported by 3969 Gerald Rinske of Siemens Business Services VAS. 3970 Linux: Pad process title with NULLs. Problem noted by 3971 Jon Lewis of Florida Digital Turnpike. 3972 SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an 3973 incorrect value for the number of interfaces. 3974 Problem noted by Chris Loelke of JetStream Internet 3975 Services. 3976 SINIX: Update for Makefile and syslog buffer size from Gerald 3977 Rinske of Siemens Business Services VAS. 3978 Solaris: Make sure HASGETUSERSHELL setting for SunOS is not 3979 used on a Solaris machine. Problem noted by 3980 Stephen Ma of Jtec Pty Limited. 3981 CONFIG: SINIX: Update from Gerald Rinske of Siemens Business 3982 Services VAS. 3983 MAKEMAP: Use a better heuristic for detecting GDBM. 3984 CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff. 3985 OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of 3986 Ericsson. 3987 39888.8.7/8.8.7 1997/08/03 3989 If using Berkeley DB on systems without O_EXLOCK (open a file with 3990 an exclusive lock already set -- i.e., almost all systems 3991 except 4.4-BSD derived systems), the initial attempt at 3992 rebuilding aliases file if the database didn't already 3993 exist would fail. Patch from Raymund Will of LST Software 3994 GmbH. 3995 Bogus incoming SMTP commands would reset the SMTP conversation. 3996 Problem noted by Fredrik J�nsson of the Royal Institute 3997 of Technology, Stockholm. 3998 Since TCP Wrappers includes setenv(), unsetenv(), and putenv(), 3999 some environments could give "multiple definitions" for these 4000 routines during compilation. If using TCP Wrappers, assume 4001 that these routines are included as though they were in the 4002 C library. Patch from Robert La Ferla. 4003 When a NEWDB database map was rebuilt at the same time it was being 4004 used by a queue run, the maps could be left locked for the 4005 duration of the queue run, causing other processes to hang. 4006 Problem noted by Kendall Libby of Shore.NET. 4007 In some cases, NoRecipientAction=add-bcc was being ignored, so the 4008 mail was passed on without any recipient header. This could 4009 cause problems downstream. Problem noted by Xander Jansen 4010 of SURFnet ExpertiseCentrum. 4011 Give error when GDBM is used with sendmail. GDBM's locking and 4012 linking of the .dir and .pag files interferes with sendmail's 4013 locking and security checks. Problems noted by Fyodor 4014 Yarochkin of the Kyrgyz Republic FreeNet. 4015 Don't fsync qf files if SuperSafe option is not set. 4016 Avoid extra calls to gethostbyname for addresses for which a 4017 gethostbyaddr found no value. Also, ignore any returns 4018 from gethostbyaddr that look like a dotted quad. 4019 If PTR lookup fails when looking up an SMTP peer, don't tag it as 4020 "may be forged", since at the network level we pretty much 4021 have to assume that the information is good. 4022 In some cases, errors during an SMTP session could leave files 4023 open or locked. 4024 Better handling of missing file descriptors (0, 1, 2) on startup. 4025 Better handling of non-set-user-ID binaries -- avoids certain obnoxious 4026 errors during testing. 4027 Errors in file locking of NEWDB maps had the incorrect file name 4028 printed in the error message. 4029 If the AllowBogusHELO option were set and an EHLO with a bad or 4030 missing parameter were issued, the EHLO behaved like a HELO. 4031 Load limiting never kicked in for incoming SMTP transactions if the 4032 DeliveryMode=background and any recipient was an alias or 4033 had a .forward file. From Nik Conwell of Boston University. 4034 On some non-Posix systems, the decision of whether chown(2) permits 4035 file giveaway was undefined. From Tetsu Ushijima of the 4036 Tokyo Institute of Technology. 4037 Fix race condition that could cause the body of a message to be 4038 lost (so only the header was delivered). This only occurs 4039 on systems that do not use flock(2), and only when a queue 4040 runner runs during a critical section in another message 4041 delivery. Based on a patch from Steve Schweinhart of 4042 Results Computing. 4043 If a qf file was found in a mail queue directory that had a problem 4044 (wrong ownership, bad format, etc.) and the file name was 4045 exactly MAXQFNAME bytes long, then instead of being tried 4046 once, it would be tried on every queue run. Problem noted 4047 by Bryan Costales of Mercury Mail. 4048 If the system supports an st_gen field in the status structure, 4049 include it when reporting that a file has changed after open. 4050 This adds a new compile flag, HAS_ST_GEN (0/1 option). 4051 This out to be checked as well as reported, since it is 4052 theoretically possible for an attacker to remove a file after 4053 it is opened and replace it with another file that has the 4054 same i-number, but some filesystems (notably AFS) return 4055 garbage in this field, and hence always look like the file 4056 has changed. As a practical matter this is not a security 4057 problem, since the files can be neither hard nor soft links, 4058 and on no filesystem (that I am aware of) is it possible to 4059 have two files on the same filesystem with the same i-number 4060 simultaneously. 4061 Delete the root Makefile from the distribution -- it is only for 4062 use internally, and does not work at customer sites. 4063 Fix botch that caused the second MAIL FROM: command in a single 4064 transaction to clear the entire transaction. Problem 4065 noted by John Kennedy of Cal State University, Chico. 4066 Work properly on machines that have _PATH_VARTMP defined without 4067 a trailing slash. (And a pox on vendors that decide to 4068 ignore the established conventions!) Problem noted by 4069 Gregory Neil Shapiro of WPI. 4070 Internal changes to make it easier to add another protocol family 4071 (intended for IPv6). Patches are from John Kennedy of 4072 CSU Chico. 4073 In certain cases, 7->8 bit MIME decoding of Base64 text could leave 4074 an extra space at the beginning of some lines. Problem 4075 noted by Charles Karney of Princeton University; fix based 4076 on a patch from Christophe Wolfhugel. 4077 Portability: 4078 Allow _PATH_VENDOR_CF to be set in Makefile for consistency 4079 with the _Sendmail_ book, 2nd edition. Note that 4080 the book is actually wrong: _PATH_SENDMAILCF should 4081 be used instead. 4082 AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow 4083 of Argonne National Laboratory. 4084 OpenBSD from from Paul DuBois of the University of Wisconsin. 4085 RISC/os 4.0 from Paul DuBois of the University of Wisconsin. 4086 SunOS: Include <memory.h> to fix warning from util.c. From 4087 James Aldridge of EUnet Ltd. 4088 Solaris: Change STDIR (location of status file) to /etc/mail 4089 in Makefiles. 4090 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from 4091 Makefiles. Use NEWDB on Linux instead. 4092 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl 4093 exists but behaves differently than other OSes. 4094 Add SIOCGIFNUM_IS_BROKEN compile flag to get 4095 around the problem. Problem noted by Tom Moore of 4096 NCR Corp. 4097 HP-UX 9.x: fix compile warnings for old select API. Problem 4098 noted by Tom Smith of Digital Equipment Corp. 4099 UnixWare 2.x: compile warnings on offsetof macro. Problem 4100 noted by Tom Good of the Community Access Information 4101 Resource Network 4102 SCO 4.2: compile problems caused by a change in the type of 4103 the "length" parameters passed to accept, getpeername, 4104 getsockname, and getsockopt. Adds new compile flags 4105 SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported 4106 by Tom Good of St. Vincent's North Richmond Community 4107 Mental Health Center Residential Services. 4108 AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. 4109 Suggested by Brett Hogden of Rochester Gas & Electric 4110 Corp. 4111 Linux: avoid compile problem for versions of <setjmp.h> that 4112 #define both setjmp and longjmp. Problem pointed out 4113 by J.R. Oldroyd of TerraNet. 4114 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1) 4115 from Christopher Durham of SCO. 4116 CONFIG: NEXTSTEP: define confCW_FILE to 4117 /etc/sendmail/sendmail.cw to match the usual 4118 configuration. Patch from Dennis Glatting of 4119 PlainTalk. 4120 CONFIG: MAILER(fax) called a program that hasn't existed for a long 4121 time. Convert to use the HylaFAX 4.0 conventions. Suggested 4122 by Harry Styron. 4123 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These 4124 are the rulesets in use on sendmail.org. 4125 MAKEMAP: give error on GDBM files. 4126 MAIL.LOCAL: Make error messages a bit more explicit, for example, 4127 telling more details on what actually changed when "file 4128 changed after open". 4129 CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw 4130 files. 4131 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'. 4132 NEW FILES: 4133 src/Makefiles/Makefile.OpenBSD 4134 src/Makefiles/Makefile.RISCos.4_0 4135 test/t_exclopen.c 4136 cf/ostype/sco-uw-2.1.m4 4137 DELETED FILES: 4138 Makefile 4139 41408.8.6/8.8.6 1997/06/14 4141 ************************************************************* 4142 * The extensive assistance of Gregory Neil Shapiro of WPI * 4143 * in preparing this release is gratefully appreciated. * 4144 * Sun Microsystems has also provided resources toward * 4145 * continued sendmail development. * 4146 ************************************************************* 4147 SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open 4148 mode bits set to create a file that is a symbolic link that 4149 points nowhere. This makes it possible to create a root 4150 owned file in an arbitrary directory by inserting the symlink 4151 into a writable directory after the initial lstat(2) check 4152 determined that the file did not exist. The only verified 4153 example of a system having these odd semantics for O_EXCL 4154 and symbolic links was HP-UX prior to version 9.07. Most 4155 systems do not have the problem, since a exclusive create 4156 of a file disallows symbolic links. Systems that have been 4157 verified to NOT have the problem include AIX 3.x, *BSD, 4158 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris, 4159 and Ultrix. This is a potential exposure on systems that 4160 have this bug and which do not have a MAILER-DAEMON alias 4161 pointing at a legitimate account, since this will cause old 4162 mail to be dropped in /var/tmp/dead.letter. 4163 SECURITY: Problems can occur on poorly managed systems, specifically, 4164 if maps or alias files are in world writable directories. 4165 If your system has alias maps in writable directories, it 4166 is potentially possible for an attacker to replace the .db 4167 (or .dir and .pag) files by symbolic links pointing at 4168 another database; this can be used either to expose 4169 information (e.g., by pointing an alias file at /etc/spwd.db 4170 and probing for accounts), or as a denial-of-service attack 4171 (by trashing the password database). The fix disallows 4172 symbolic links entirely when rebuilding alias files or on 4173 maps that are in writable directories, and always warns on 4174 writable directories; 8.9 will probably consider writable 4175 directories to be fatal errors. This does not represent an 4176 exposure on systems that have alias files in unwritable 4177 system directories. 4178 SECURITY: disallow .forward or :include: files that are links (hard 4179 or soft) if the parent directory (or any directory in the 4180 path) is writable by anyone other than the owner. This is 4181 similar to the previous case for user files. This change 4182 should not affect most systems, but is necessary to prevent 4183 an attacker who can write the directory from pointing such 4184 files at other files that are readable only by the owner. 4185 SECURITY: Tighten safechown rules: many systems will say that they 4186 have a safe (restricted to root) chown even on files that 4187 are mounted from another system that allows owners to give 4188 away files. The new rules are very strict, trusting file 4189 ownership only in those few cases where the system has 4190 been verified to be at least as paranoid as necessary. 4191 However, it is possible to relax the rules to partially 4192 trust the ownership if the directory path is not world or 4193 group writable. This might allow someone who has a legitimate 4194 :include: file (referenced directly from /etc/aliases) to 4195 become another non-root user if the :include: file is in a 4196 non-writable directory on an NFS-mounted filesystem where 4197 the local system says that giveaway is denied but it is 4198 actually permitted. I believe this to be a very small set 4199 of cases. If in doubt, do not point :include: aliases at 4200 NFS-mounted filesystems. 4201 SECURITY: When setting a numeric group id using the RunAsUser option 4202 (e.g., "O RunAsUser=10:20", the group id would not be set. 4203 Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha 4204 group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine. 4205 The user id was still set properly. Problem noted by Uli 4206 Pralle of the Technical University of Berlin. 4207 Save the initial gid set for use when checking for if the 4208 PrivacyOptions=restrictmailq option is set. Problem reported 4209 by Wolfgang Ley of DFN-CERT. 4210 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a 4211 failure on one message won't affect future messages to the 4212 same host). 4213 IP source route printing had an "off by one" error that would 4214 affect any options that came after the route option. Patch 4215 from Theo de Raadt. 4216 The "Message is too large" error didn't successfully bounce the error 4217 back to the sender. Problem reported by Stephen More of 4218 PSI; patch from Gregory Neil Shapiro of WPI. 4219 Change SMTP status code 553 to map into Extended code 5.1.0 (instead 4220 of 5.1.3); it apparently gets used in multiple ways. 4221 Suggested by John Myers of Portola Communications. 4222 Fix possible extra null byte generated during collection if errors 4223 occur at the beginning of the stream. Patch contributed by 4224 Andrey A. Chernov and Gregory Neil Shapiro. 4225 Code changes to avoid possible reentrant call of malloc/free within 4226 a signal handler. Problem noted by John Beck of Sun 4227 Microsystems. 4228 Move map initialization to be earlier so that check_relay ruleset 4229 will have the latest version of the map data. Problem noted 4230 by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro. 4231 If there are fatal errors during the collection phase (e.g., message 4232 too large) don't send the bogus message. 4233 Avoid "cannot open xfAAA00000" messages when sending to aliases that 4234 have errors and have owner- aliases. Problem noted by Michael 4235 Barber of MTU; fix from Gregory Neil Shapiro of WPI. 4236 Avoid null pointer dereference on illegal Boundary= parameters in 4237 multipart/mixed Content-Type: header. Problem noted by 4238 Richard Muirden of RMIT University. 4239 Always print error messages during newaliases (-bi) even if the 4240 ErrorMode is not set to "print". Fix from Gregory Neil 4241 Shapiro. 4242 Test mode could core dump if you did a /map lookup in an optional map 4243 that could not be opened. Based on a fix from John Beck of 4244 Sun Microsystems. 4245 If DNS is misconfigured so that the last MX record tried points to 4246 a host that does not have an A record, but other MX records 4247 pointed to something reasonable, don't bounce the message 4248 with a "host unknown" error. Note that this should really 4249 be fixed in the zone file for the domain. Problem noted by 4250 Joe Rhett of Navigist, Inc. 4251 If a map fails (e.g., DNS times out) on all recipient addresses, mark 4252 the message as having been tried; otherwise the next queue 4253 run will not realize that this is a second attempt and will 4254 retry immediately. Problem noted by Bryan Costales of 4255 Mercury Mail. 4256 If the clock is set backwards, and a MinQueueAge is set, no jobs 4257 will be run until the later setting of the clock is reached. 4258 "Problem" (I use the term loosely) noted by Eric Hagberg of 4259 Morgan Stanley. 4260 If the load average rises above the cutoff threshold (above which 4261 sendmail will not process the queue at all) during a queue 4262 run, abort the queue run immediately. Problem noted by 4263 Bryan Costales of Mercury Mail. 4264 The variable queue processing algorithm (based on the message size, 4265 number of recipients, message precedence, and job age) was 4266 non-functional -- either the entire queue was processed or 4267 none of the queue was processed. The updated algorithm 4268 does no queue run if a single recipient zero size job will 4269 not be run. 4270 If there is a fatal ("panic") message that will cause sendmail to 4271 die immediately, never hold the error message for future 4272 printing. 4273 Force ErrorMode=print in -bt mode so that all errors are printed 4274 regardless of the setting of the ErrorMode option in the 4275 configuration file. Patch from Gregory Neil Shapiro. 4276 New compile flag HASSTRERROR says that this OS has the strerror(3) 4277 routine available in one of the libraries. Use it in conf.h. 4278 The -m (match only) flag now works on host class maps. 4279 If class hash or btree maps are rebuilt, sendmail will now detect 4280 this and reopen the map. Previously, they could give 4281 erroneous results during a single message processing 4282 (but would recover when the next message was received). 4283 Don't delete zero length queue files when doing queue runs until the 4284 files are at least ten minutes old. This avoids a potential 4285 race condition: the creator creates the qf file, getting back 4286 a file descriptor. The queue runner locks it and deletes it 4287 because it is zero length. The creator then writes the 4288 descriptor that is now for a disconnected file, and the 4289 job goes away. Based on a suggestion by Bryan Costales. 4290 When determining the "validated" host name ($_ macro), do a forward 4291 (A) DNS lookup on the result of the PTR lookup and compare 4292 results. If they differ or if the PTR lookup fails, tag the 4293 address as "may be forged". 4294 Log null connections (i.e., hosts that connect but do not do any 4295 substantive activity on the connection before disconnecting; 4296 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN. 4297 Always permit "writes" to /dev/null regardless of the link count. 4298 This is safe because /dev/null is special cased, and no open 4299 or write is ever actually attempted. Patch from Villy Kruse 4300 of TwinCom. 4301 If a message cannot be sent because of a 552 (exceeded storage 4302 allocation) response to the MAIL FROM:<>, and a SIZE= parameter 4303 was given, don't return the body in the bounce, since there 4304 is a very good chance that the message will double-bounce. 4305 Fix possible line truncation if a quoted-printable had an =00 escape 4306 in the body. Problem noted by Charles Karney of the Princeton 4307 Plasma Physics Laboratory. 4308 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses. 4309 Problem noted by Kari Hurtta of the Finnish Meteorological 4310 Institute. 4311 The MaxDaemonChildren option wasn't applying to queue runs as 4312 documented. Note that this increases the potential denial 4313 of service problems with this option: an attacker can 4314 connect many times, and thereby lock out queue runs as well 4315 as incoming connections. If you use this option, you should 4316 run the "sendmail -bd" and "sendmail -q30m" jobs separately 4317 to avoid this attack. Failure to limit noted by Matthew 4318 Dillon of BEST Internet Communications. 4319 Always give a message in newaliases if alias files cannot be 4320 opened instead of failing silently. Suggested by Gregory 4321 Neil Shapiro. This change makes the code match the O'Reilly 4322 book (2nd edition). 4323 Some older versions of the resolver could return with h_errno == -1 4324 if no name server could be reached, causing mail to bounce 4325 instead of queueing. Treat this like TRY_AGAIN. Fix from 4326 John Beck of SunSoft. 4327 If a :include: file is owned by a user that does not have an entry 4328 in the passwd file, sendmail could dereference a null pointer. 4329 Problem noted by Satish Mynam of Sun Microsystems. 4330 Take precautions to make sure that the SMTP protocol cannot get out 4331 of sync if (for example) an alias file cannot be opened. 4332 Fix a possible race condition that can cause a SIGALRM to come in 4333 immediately after a SIGHUP, causing the new sendmail to die. 4334 Avoid possible hang on SVr3 systems when doing child reaping. Patch 4335 from Villy Kruse of TwinCom. 4336 Ignore improperly formatted SMTP reply codes. Previously these were 4337 partially processed, which could cause confusing error 4338 returns. 4339 Fix possible bogus pointer dereference when doing ldapx map lookups 4340 on some architectures. 4341 Portability: 4342 A/UX: from Jim Jagielski of NASA/GSFC. 4343 glibc: SOCK_STREAM was changed from a #define to an enum, 4344 thus breaking #ifdef SOCK_STREAM. Only option seems 4345 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is 4346 defined. Problem reported by A Sun of the University 4347 of Washington. 4348 Solaris: use SIOCGIFNUM to get the number of interfaces on 4349 the system rather than guessing at compile time. 4350 Patch contributed by John Beck of Sun Microsystems. 4351 Intel Paragon: from Wendy Lin of Purdue University. 4352 GNU Hurd: from Miles Bader of the GNU project. 4353 RISC/os 4.50 from Harlan Stenn of PFCS Corporation. 4354 ISC Unix: wait never returns if SIGCLD signals are blocked. 4355 Unfortunately releasing them opens a race condition, 4356 but there appears to be no fix for this. Patch from 4357 Gregory Neil Shapiro. 4358 BIND 8.1 for IPv6 compatibility from John Kennedy. 4359 Solaris: a bug in strcasecmp caused characters with the 4360 high order bit set to apparently randomly match 4361 letters -- for example, $| (0233) matches "i" and "I". 4362 Problem noted by John Gregson of the University of 4363 Cambridge. 4364 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From 4365 Kari Hurtta. 4366 IRIX 6.x: Create Makefiles for systems that claim to be 4367 IRIX64 but are 6.2 or higher (so use the regular 4368 IRIX Makefile). 4369 IRIX 6.x: Fix load average computation on 64 bit kernels. 4370 Problem noted by Eric Hagberg of Morgan Stanley. 4371 CONFIG: Some canonification was still done for UUCP-like addresses 4372 even if FEATURE(nocanonify) was set. Problem pointed out by 4373 Brian Candler. 4374 CONFIG: In some cases UUCP mailers wouldn't properly recognize all 4375 local names as local. Problem noted by Jeff Polk of BSDI; 4376 fix provided by Gregory Neil Shapiro. 4377 CONFIG: The "local:user" syntax entries in mailertables and other 4378 "mailer:user" syntax locations returned an incorrect value 4379 for the $h macro. Problem noted by Gregory Neil Shapiro. 4380 CONFIG: Retain "+detail" information when forwarding mail to a 4381 MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip 4382 Guenther of Gustavus Adolphus College. 4383 CONFIG: Make sure user+detail works for FEATURE(virtusertable); 4384 rules are the same as for aliasing. Based on a patch from 4385 Gregory Neil Shapiro. 4386 CONFIG: Break up parsing rules into several pieces; this should 4387 have no functional change in this release, but makes it 4388 possible to have better anti-spam rulesets in the future. 4389 CONFIG: Disallow double dots in host names to avoid having the 4390 HostStatusDirectory store status under the wrong name. 4391 In some cases this can be used as a denial-of-service attack. 4392 Problem noted by Ron Jarrell of Virginia Tech, patch from 4393 Gregory Neil Shapiro. 4394 CONFIG: Don't use F=m (multiple recipients per invocation) for 4395 MAILER(procmail), but do pass F=Pn9 (include Return-Path:, 4396 don't include From_, and convert to 8-bit). Suggestions 4397 from Kimmo Suominen and Roderick Schertler. 4398 CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were 4399 being masqueraded as though FEATURE(masquerade_entire_domain) 4400 was specified, even when it wasn't. 4401 MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft. 4402 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't 4403 "slip in" a symbolic link between the lstat(2) call and the 4404 exclusive open. This is only a problem on System V derived 4405 systems that allow an exclusive create on files that are 4406 symbolic links pointing nowhere. 4407 MAIL.LOCAL: If the final mailbox close() failed, the user id was 4408 not reset back to root, which on some systems would cause 4409 later mailboxes to fail. Also, any partial message would 4410 not be truncated, which could result in repeated deliveries. 4411 Problem noted by Bruce Evans via Peter Wemm (FreeBSD 4412 developers). 4413 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar 4414 change to the sendmail map code was made in 8.8.3. Problem 4415 noted by Gregory Neil Shapiro. 4416 MAKEMAP: Give warnings on file problems such as map files that are 4417 symbolic links; although makemap is not set-user-ID root, it is 4418 often run as root and hence has the potential for the same 4419 sorts of problems as alias rebuilds. 4420 MAKEMAP: Change compilation so that it will link properly on 4421 NEXTSTEP. 4422 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. 4423 Accept an optional list of arguments following the server 4424 name for the ETRN arguments to use (instead of $=w). Other 4425 miscellaneous bug fixes. From Christian von Roques via 4426 John Beck of Sun Microsystems. 4427 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This 4428 Perl script converts GECOS information in the /etc/passwd 4429 file into aliases, allowing for faster access to full name 4430 lookups; it is also clever about adding aliases (to root) 4431 for system accounts. 4432 NEW FILES: 4433 src/safefile.c 4434 cf/ostype/gnuhurd.m4 4435 cf/ostype/irix6.m4 4436 contrib/passwd-to-alias.pl 4437 src/Makefiles/Makefile.IRIX64.6.1 4438 src/Makefiles/Makefile.IRIX64.6.x 4439 RENAMED FILES: 4440 src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x 4441 src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0 4442 44438.8.5/8.8.5 1997/01/21 4444 SECURITY: Clear out group list during startup. Without this, sendmail 4445 will continue to run with the group permissions of the caller, 4446 even if RunAsUser is specified. 4447 SECURITY: Make purgestat (-bH) be root-only. This is not in response 4448 to any known attack, but it's best to be conservative. 4449 Suggested by Peter Wemm of DIALix. 4450 SECURITY: Fix buffer overrun problem in MIME code that has possible 4451 security implications. Patch from Alex Garthwaite of the 4452 University of Pennsylvania. 4453 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'") 4454 would truncate the address after "Full". Although the -f 4455 syntax is incorrect (since it is in the envelope, it 4456 shouldn't have comments and full names), the failure mode 4457 was unnecessarily awful. 4458 Fix a possible null pointer dereference when converting 8-bit data 4459 to a 7-bit format. Problem noted by Jim Hutchins of 4460 Sandia National Labs and David James of British Telecom. 4461 Clear out stale state that affected F=9 on SMTP mailers in queue 4462 runs. Although this really shouldn't be used (F=9 is for 4463 final delivery only, and using it on an SMTP mailer makes 4464 it possible for a message to be converted from 8->7->8->7 4465 bits several times), it shouldn't have failed with a syserr. 4466 Problem noted by Eric Hagberg of Morgan Stanley. 4467 _Really_ fix the multiple :maildrop code in the user database 4468 module. Patch from Roy Mongiovi of Georgia Tech. 4469 Let F lines in the configuration file actually read root-only 4470 files if the configuration file is safe. Based on a 4471 patch from Keith Reynolds of SCO. 4472 ETRN followed by QUIT would hold the connection open until the queue 4473 run completed. Problem noted by Truck Lewis of TDK 4474 Semiconductor Corp. 4475 It turns out that despite the documentation, the TCP wrappers library 4476 does _not_ log rejected connections. Do the logging ourselves. 4477 Problem noted by Fletcher Mattox of the University of Texas 4478 at Austin. 4479 If sendmail finds a qf file in its queue directory that is an unknown 4480 version (e.g., when backing out to an old version), the 4481 error is reported on every queue run. Change it to only 4482 give the error once (and rename the qf => Qf). Patch from 4483 William A. Gianopoulos of Raytheon Company. 4484 Start a new session when doing background delivery; currently it 4485 ignored signals but didn't start a new signal, that caused 4486 some problems if a background process tried to send mail 4487 under certain circumstances. Problem noted by Eric Hagberg 4488 of Morgan Stanley; fix from Kari Hurtta. 4489 Simplify test for skipping a queue run to just check if the current 4490 load average is >= the queueing load average. Previously 4491 the check factored in some other parameters that caused it 4492 to essentially never skip the queue run. Patch from Bryan 4493 Costales. 4494 If the SMTP server is running in "nullserver" mode (that is, it is 4495 rejecting all commands), start sleeping after MAXBADCOMMAND 4496 (25) commands; this helps prevent a bad guy from putting 4497 you into a tight loop as a denial-of-service attack. Based 4498 on an e-mail conversation with Brad Knowles of AOL. 4499 Slow down when too many "light weight" commands have been issued; 4500 this helps prevent a class of denial-of-service attacks. 4501 The current values and defaults are: 4502 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 4503 MAXHELOCOMMANDS 3 HELO, EHLO 4504 MAXVRFYCOMMANDS 6 VRFY, EXPN 4505 MAXETRNCOMMANDS 8 ETRN 4506 These will probably be configurable in a future release. 4507 On systems that have uid_t typedefed to be an unsigned short, programs 4508 that had the F=S flag and no U= equate would be invoked with 4509 the real uid set to 65535 rather than being left unchanged. 4510 In some cases, NOTIFY=NEVER was not being honored. Problem noted 4511 by Steve Hubert of the University of Washington, Seattle. 4512 Mail that was Quoted-Printable encoded and had a soft line break on 4513 the last line (i.e., an incomplete continuation) had the last 4514 line dropped. Since this appears to be illegal it isn't 4515 clear what to do with it, but flushing the last line seems 4516 to be a better "fail soft" approach. Based on a patch from 4517 Eric Hagberg. 4518 If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a 4519 bogus HELO command still causes the "Polite people say HELO 4520 first" error message. Problem pointed out by Chris Thomas 4521 of UCLA; patch from John Beck of SunSoft. 4522 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set 4523 in PrivacyOptions. The -q shouldn't turn this command off. 4524 Problem noted by Murray Kucherawy of Pacific Bell Internet; 4525 based on a patch from Gregory Neil Shapiro of WPI. 4526 Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation) 4527 in a DATA transaction to be sticky; these can occur because 4528 a message is too large, and smaller messages should still go 4529 through. Problem noted by Matt Dillon of Best Internet 4530 Communications. 4531 In some cases bounces were saved in /var/tmp/dead.letter even if they 4532 had been successfully delivered to the envelope sender. 4533 Problem noted Eric Hagberg of Morgan Stanley; solution from 4534 Gregory Neil Shapiro of WPI. 4535 Give better diagnostics on long alias lines. Based on code contributed 4536 by Patrick Gosling of the University of Cambridge. 4537 Increase the number of virtual interfaces that will be probed for 4538 alternate names. Problem noted by Amy Rich of Shore.Net. 4539 PORTABILITY: 4540 UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from 4541 Toshiaki Nomura of Fujitsu Limited. 4542 SunOS with LDAP support: compile problems with struct timeval. 4543 Patch from Nick Cuccia of TCSI Corporation. 4544 SCO: from Keith Reynolds of SCO. 4545 Solaris: kstat load average computation wasn't being used. 4546 Fixes from Michael Ju. Tokarev of Telecom Service, JSC 4547 (Moscow). 4548 OpenBSD: from Jason Downs of teeny.org. 4549 Altos System V: from Tim Rice. 4550 Solaris 2.5: from Alan Perry of SunSoft. 4551 Solaris 2.6: from John Beck of SunSoft. 4552 Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli 4553 of Pratt & Whitney <miorelli@pweh.com>. 4554 CONFIG: It seems that I hadn't gotten the Received: line syntax 4555 _just_right_ yet. Tweak it again. I'll omit the names 4556 of the "contributors" (quantity two) in this one case. 4557 As of now, NO MORE DISCUSSION about the syntax of the 4558 Received: line. 4559 CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E), 4560 it never inserts that class into the output file. Fix it 4561 so it will honor EXPOSED_USER but will _not_ include root 4562 automatically in this class. Problem noted by Ronan KERYELL 4563 of Centre de Recherche en Informatique de l'�cole Nationale 4564 Sup�rieure des Mines de Paris (CRI-ENSMP). 4565 CONFIG: Clean up handling of "local:" syntax in relay specifications 4566 such as LUSER_RELAY. This change permits the following 4567 syntaxes: ``local:'' will send to the same user on the 4568 local machine (e.g., in a mailertable entry for "host", 4569 ``local:'' will cause an address addressed to user@host to 4570 go to user on the local machone). ``local:user'' will send 4571 to the named user on the local machine. ``local:user@host'' 4572 is equivalent to ``local:user'' (the host is ignored). In 4573 all cases, the original user@host is passed in $@ (i.e., the 4574 detail information). Inspired by a report from Michael Fuhr. 4575 CONFIG: Strip quotes from the first word of an "error:" host 4576 indication. This lets you set (for example) the LUSER_RELAY 4577 to be ``error:\"5.1.1\" Your Message Here''. Note the use 4578 of the \" so that the resulting string is properly quoted. 4579 Problem noted by Gregory Neil Shapiro of WPI. 4580 OP.ME: documentation was inconsistent about whether sendmail did a 4581 NOOP or a RSET to probe the connection (it does a RSET). 4582 Inconsistency noted by Deeran Peethamparam. 4583 OP.ME: insert additional blank pages so it will print properly on 4584 a duplex printer. From Matthew Black of Cal State University, 4585 Long Beach. 4586 45878.8.4/8.8.4 1996/12/02 4588 SECURITY: under some circumstances, an attacker could get additional 4589 permissions by hard linking to files that were group 4590 writable by the attacker. The solution is to disallow any 4591 files that have hard links -- this will affect .forward, 4592 :include:, and output files. Problem noted by Terry 4593 Kyriacopoulos of Interlog Internet Services. As a 4594 workaround, set UnsafeGroupWrites -- always a good idea. 4595 SECURITY: the TryNullMXList (w) option should not be safe -- if it 4596 is, it is possible to do a denial-of-service attack on 4597 MX hosts that rely on the use of the null MX list. There 4598 is no danger if you have this option turned off (the default). 4599 Problem noted by Dan Bernstein. Also, make the DontInitGroups 4600 unsafe. I know of no specific attack against this, although 4601 a denial-of-service attack is probably possible, but in theory 4602 you should not be able to safely tweak anything that affects 4603 the permissions that are used when mail is delivered. 4604 Purgestat could go into an infinite loop if one of the host status 4605 directories somehow became empty. Problem noted by Roy 4606 Mongiovi of Georgia Tech. 4607 Processes got "lost" when counting children due to a race condition. 4608 This caused "proc_list_probe: lost pid" messages to be logged. 4609 Problem noted by several people. 4610 On systems with System V SIGCLD child signal semantics (notably AIX 4611 and HP-UX), mail transactions would print the message "451 4612 SMTP-MAIL: lost child: No child processes". Problem noted 4613 by several people. 4614 Miscellaneous compiler warnings on picky compilers (or when setting 4615 gcc to high warning levels). From Tom Moore of NCR Corp. 4616 SMTP protocol errors, and most errors on MAIL FROM: lines should 4617 not be persistent between runs, since they are based on the 4618 message rather than the host. Problem noted by Matt Dillon 4619 of Best Internet Communications. 4620 The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore 4621 of NCR (a.k.a., AT&T Global Information Solutions). 4622 Avoid the possibility of having a child daemon run to completion 4623 (including closing the SMTP socket) before the parent has 4624 had a chance to close the socket; this can cause the parent 4625 to hang for a long time waiting for the socket to drain. 4626 Patch from Don Lewis of TDK Semiconductor. 4627 If the fork() failed in a queue run, the queue runners would not be 4628 rescheduled (so queue runs would stop). Patch from Don Lewis. 4629 Some error conditions in ETRN could cause output without an SMTP 4630 status code. Problem noted by Don Lewis. 4631 Multiple :maildrop addresses in the user database didn't work properly. 4632 Patch from Roy Mongiovi of Georgia Tech. 4633 Add ".db" automatically onto any user database spec that does not 4634 already have it; this is for consistency with makemap, the 4635 K line, and the documentation. Inconsistency pointed out 4636 by Roy Mongiovi. 4637 Allow sendmail to be properly called in nohup mode. Patch from 4638 Kyle Jones of UUNET. 4639 Change ETRN to ignore but still update host status files; previously 4640 it would ignore them and not save the updated status, which 4641 caused stale information to be maintained. Based on a patch 4642 from Christopher Davis of Kapor Enterprises Inc. Also, have 4643 ETRN ignore the MinQueueAge option. 4644 Patch long term host status to recover more gracefully from an empty 4645 host status file condition. Patch from NAKAMURA Motonori 4646 of Kyoto University. 4647 Several patches to signal handling code to fix potential race 4648 conditions from Don Lewis. 4649 Make it possible to compile with -DDAEMON=0 (previously it had some 4650 compile errors). This turns DAEMON, QUEUE, and SMTP into 4651 0/1 compilation flags. Note that DAEMON is an obsolete 4652 compile flag; use NETINET instead. Solution based on a 4653 patch from Bryan Costales. 4654 PORTABILITY FIXES: 4655 AIX4: getpwnam() and getpwuid() do a sequential scan of the 4656 /etc/security/passwd file when called as root. This 4657 is very slow on some systems. To speed it up, use the 4658 (undocumented) _getpw{nam,uid}_shadow() routines. 4659 Patch from Chris Thomas of UCLA/OAC Systems Group. 4660 SCO 5.x: include -lprot in the Makefile. Patch from Bill 4661 Glicker of Burrelle's Information Service. 4662 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch 4663 from Makoto MATSUSHITA of Osaka University. 4664 SunOS 4.0.3: compile problems. Patches from Andrew Cole of 4665 Leeds University and SASABE Tetsuro of the University 4666 of Tokyo. 4667 DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support 4668 Services, Inc. 4669 Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp. 4670 I believe this to have only been a problem if you 4671 compiled with -DUSE_VENDOR_CF_PATH -- another reason 4672 to stick with /etc/sendmail.cf as your One True Path. 4673 Digital UNIX (OSF/1 on Alpha) load average computation from 4674 Martin Laubach of the Technischen Universit�t Wien. 4675 CONFIG: change default Received: line to be multiple lines rather 4676 than one long one. By popular demand. 4677 MAIL.LOCAL: warnings weren't being logged on some systems. Patch 4678 from Jerome Berkman of U.C. Berkeley. 4679 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs 4680 to take a very long time. Problem noted by Yoshiro YONEYA 4681 of NTT Software Corporation. 4682 CONTRIB: add etrn.pl, contributed by John Beck. 4683 NEW FILES: 4684 contrib/etrn.pl 4685 46868.8.3/8.8.3 1996/11/17 4687 SECURITY: it was possible to get a root shell by lying to sendmail 4688 about argv[0] and then sending it a signal. Problem noted 4689 by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the 4690 best-of-security list. 4691 Log sendmail binary version number in "Warning: .cf version level 4692 (%d) exceeds program functionality (%d) message" -- this 4693 should make it clearer to people that they are running 4694 the wrong binary. 4695 Fix a problem that occurs when you open an SMTP connection and then 4696 do one or more ETRN commands followed by a MAIL command; at 4697 the end of the DATA phase sendmail would incorrectly report 4698 "451 SMTP-MAIL: lost child: No child processes". Problem 4699 noted by Eric Bishop of Virginia Tech. 4700 When doing text-based host canonification (typically /etc/hosts 4701 lookup), a null host name would match any /etc/hosts entry 4702 with space at the end of the line. Problem noted by Steve 4703 Hubert of the University of Washington, Seattle. 4704 7 to 8 bit BASE64 MIME conversions could duplicate bits of text. 4705 Problem reported by Tom Smith of Digital Equipment Corp. 4706 Increase the size of the DNS answer buffer -- the standard UDP packet 4707 size PACKETSZ (512) is not sufficient for some nameserver 4708 answers containing very many resource records. The resolver 4709 may also switch to TCP and retry if it detects UDP packet 4710 overflow. Also, allow for the fact that the resolver 4711 routines res_query and res_search return the size of the 4712 *un*truncated answer in case the supplied answer buffer it 4713 not big enough to accommodate the entire answer. Patch from 4714 Eric Wassenaar. 4715 Improvements to MaxDaemonChildren code. If you think you have too 4716 many children, probe the ones you have to verify that they 4717 are still around. Suggested by Jared Mauch of CICnet, Inc. 4718 Also, do this probe before growing the vector of children 4719 pids; this previously caused the vector to grow indefinitely 4720 due to a race condition. Problem reported by Kyle Jones of 4721 UUNET. 4722 On some architectures, <db.h> (from the Berkeley DB library) defines 4723 O_EXLOCK to zero; this fools the map compilation code into 4724 thinking that it can avoid race conditions by locking on open. 4725 Change it to check for O_EXLOCK non-zero. Problem noted by 4726 Leif Erlingsson of Data Lege. 4727 Always call res_init() on startup (if compiled in, of course) to 4728 allow the sendmail.cf file to tweak resolver flags; without 4729 it, flag tweaks in ResolverOptions are ignored. Patch from 4730 Andrew Sun of Merrill Lynch. 4731 Improvements to host status printing code. Suggested by Steve Hubert 4732 of the University of Washington, Seattle. 4733 Change MinQueueAge option processing to do the check for the job age 4734 when reading the queue file, rather than at the end; this 4735 avoids parsing the addresses, which can do DNS lookups. 4736 Problem noted by John Beck of InReference, Inc. 4737 When MIME was being 7->8 bit decoded, "From " lines weren't being 4738 properly escaped. Problem noted by Peter Nilsson of the 4739 University of Linkoping. 4740 In some cases, sendmail would retain root permissions during queue 4741 runs even if RunAsUser was set. Problem noted by Mark 4742 Thomas of Mark G. Thomas Consulting. 4743 If the F=l flag was set on an SMTP mailer to indicate that it is 4744 actually local delivery, and NOTIFY=SUCCESS is specified in 4745 the envelope, and the receiving SMTP server speaks DSN, then 4746 the DSN would be both generated locally and propagated to the 4747 other end. 4748 The U= mailer field didn't correctly extract the group id if the 4749 user id was numeric. Problem noted by Kenneth Herron of 4750 MCI Telecommunications Communications. 4751 If a message exceeded the fixed maximum size on input, the body of 4752 the message was included in the bounce. Note that this did 4753 not occur if it exceeded the maximum _output_ size. Problem 4754 reported by Kyle Jones of UUNET. 4755 PORTABILITY FIXES: 4756 AIX4: 4.1 doesn't have a working setreuid(2); change the 4757 AIX4 defines to use seteuid(2) instead, which 4758 works on 4.1 as well as 4.2. Problem noted by 4759 H�kan Lindholm of interAF, Sweden. 4760 AIX4: use tzname[] vector to determine time zone name. 4761 Patch from NAKAMURA Motonori of Kyoto University. 4762 MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support. 4763 Contributed by Paul DuBois <dubois@primate.wisc.edu>. 4764 Solaris: kstat(3k) support for retrieving the load average. 4765 This adds the LA_KSTAT definition for LA_TYPE. 4766 The outline of the implementation was contributed 4767 by Michael Tokarev of Telecom Service, JSC, Moscow. 4768 HP-UX 10.0 gripes about the (perfectly legal!) forward 4769 declaration of struct rusage at the top of conf.h; 4770 change it to only be included if you are using gcc, 4771 which is apparently the only compiler that requires 4772 it in the first place. Problem noted by Jeff 4773 Earickson of Colby College. 4774 IRIX: don't default to using gcc. IRIX is a civilized 4775 operating system that comes with a decent compiler 4776 by default. Problem noted by Barry Bouwsma and 4777 Kari Hurtta. 4778 CONFIG: specify F=9 as default in FEATURE(local_procmail) for 4779 consistency with other local mailers. Inconsistency 4780 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>. 4781 CONFIG: if the "limited best mx" feature is used (to reduce DNS 4782 overhead) as part of the bestmx_is_local feature, the 4783 domain part was dropped from the name. Patch from Steve 4784 Hubert of the University of Washington, Seattle. 4785 CONFIG: catch addresses of the form "user@.dom.ain"; these could 4786 end up being translated to the null host name, which would 4787 return any entry in /etc/hosts that had a space at the end 4788 of the line. Problem noted by Steve Hubert of the 4789 University of Washington, Seattle. 4790 CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer 4791 Polytechnic Institute. 4792 MAKEMAP: tweak hash and btree parameters for better performance. 4793 Patch from Matt Dillon of Best Internet Communications. 4794 NEW FILES: 4795 src/Makefiles/Makefile.Linux.ppc 4796 cf/ostype/aix4.m4 4797 cf/ostype/mklinux.m4 4798 47998.8.2/8.8.2 1996/10/18 4800 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch 4801 changed the code but didn't fix the problem. 4802 PORTABILITY FIXES: 4803 Solaris: Don't use the system getusershell(3); it can 4804 apparently corrupt the heap in some circumstances. 4805 Problem found by Ken Pizzini of Spry, Inc. 4806 OP.ME: document several mailer flags that were accidentally omitted 4807 from this document. These flags were F=d, F=j, F=R, and F=9. 4808 CONFIG: no changes. 4809 48108.8.1/8.8.1 1996/10/17 4811 SECURITY: unset all environment variables that the resolver will 4812 examine during queue runs and daemon mode. Problem noted 4813 by Dan Bernstein of the University of Illinois at Chicago. 4814 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain 4815 message could overflow a buffer if it was converted back 4816 to 8 bits. This caused core dumps and has the potential 4817 for a remote attack. Problem first noted by Gregory Shapiro 4818 of WPI. 4819 Avoid duplicate deliveries of error messages on systems that don't 4820 have flock(2) support. Patch from Motonori Nakamura of 4821 Kyoto University. 4822 Ignore null FallBackMX (V) options. If this option is null (as 4823 opposed to undefined) it can cause "null signature" syserrs 4824 on illegal host names. 4825 If a Base64 encoded text/plain message has no trailing newline in 4826 the encoded text, conversion back to 8 bits will drop the 4827 final line. Problem noted by Pierre David. 4828 If running with a RunAsUser, sendmail would give bogus "cannot 4829 setuid" (or seteuid, or setreuid) messages on some systems. 4830 Problem pointed out by Jordan Mendelson of Web Services, Inc. 4831 Always print error messages in -bv mode -- previously, -bv would 4832 be absolutely silent on errors if the error mode was sent 4833 to (say) mail-back. Problem noted by Kyle Jones of UUNET. 4834 If -qI/R/S is set (or the ETRN command is used), ignore all long 4835 term host status. This is necessary because it is common 4836 to do this when you know a host has just come back up. 4837 Disallow duplicate HELO/EHLO commands as required by RFC 1651 section 4838 4.2. Excessive permissiveness noted by Lee Flight of the 4839 University of Leicester. 4840 If a service (such as NIS) is specified as the last entry in the 4841 service switch, but that service is not compiled in, sendmail 4842 would return a temporary failure when an entry was not found 4843 in the map. This caused the message to be queued instead of 4844 bouncing immediately. Problem noted by Harry Edmon of the 4845 University of Washington. 4846 PORTABILITY FIXES: 4847 Solaris 2.3 had compilation problems in conf.c. Several 4848 people pointed this out. 4849 NetBSD from Charles Hannum of MIT. 4850 AIX4 improvements based on info from Steve Bauer of South 4851 Dakota School of Mines & Technology. 4852 CONFIG: ``error:code message'' syntax was broken in virtusertable. 4853 Patch from Gil Kloepfer Jr. 4854 CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set 4855 using MASQUERADE_DOMAIN) were not masqueraded unless they 4856 were also in $=w. Problem noted by Zoltan Basti of 4857 Softec. 4858 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based 4859 on a patch from Eric Hagberg of Morgan Stanley. 4860 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan 4861 of Stanford via Robert La Ferla. 4862 48638.8.0/8.8.0 1996/09/26 4864 Under some circumstances, Bcc: headers would not be properly 4865 deleted. Pointed out by Jonathan Kamens of OpenVision. 4866 Log a warning if the sendmail daemon is invoked without a full 4867 pathname, which prevents "kill -1" from working. I was 4868 urged to put this in by Andrey A. Chernov of DEMOS (Russia). 4869 Fix small buffer overflow. Since the data in this buffer was not 4870 read externally, there was no security problem (and in fact 4871 probably wouldn't really overflow on most compilers). Pointed 4872 out by KIZU takashi of Osaka University. 4873 Fix problem causing domain literals such as [1.2.3.4] to be ignored 4874 if a FallbackMXHost was specified in the configuration file 4875 -- all mail would be sent to the fallback even if the original 4876 host was accessible. Pointed out by Munenari Hirayama of 4877 NSC (Japan). 4878 A message that didn't terminate with a newline would (sometimes) not 4879 have the trailing "." added properly in the SMTP dialogue, 4880 causing SMTP to hang. Patch from Per Hedeland of Ericsson. 4881 The DaemonPortOptions suboption to bind to a particular address was 4882 incorrect and nonfunctional due to a misunderstanding of the 4883 semantics of binding on a passive socket. Patch from 4884 NIIBE Yutaka of Mitsubishi Research Institute. 4885 Increase the number of MX hosts for a single name to 100 to better 4886 handle the truly huge service providers such as AOL, which 4887 has 13 at the moment (and climbing). In order to avoid 4888 trashing memory, the buffer for all names has only been 4889 slightly increased in size, to 12.8K from 10.2K -- this means 4890 that if a single name had 100 MX records, the average size 4891 of those records could not exceed 128 bytes. Requested by 4892 Brad Knowles of America On Line. 4893 Restore use of IDENT returns where the OSTYPE field equals "OTHER". 4894 Urged by Dan Bernstein of U.C. Berkeley. 4895 Print q_statdate and q_specificity in address structure debugging 4896 printout. 4897 Expand MCI structure flag bits for debugging output. 4898 Support IPv6-style domain literals, which can have colons between 4899 square braces. 4900 Log open file descriptors for the "cannot dup" messages in deliver(); 4901 this is an attempt to track down a bug that one person seems 4902 to be having (it may be a Solaris bug!). 4903 DSN NOTIFY parameters were not properly propagated across queue runs; 4904 this caused the NOTIFY info to sometimes be lost. Problem 4905 pointed out by Claus Assmann of the 4906 Christian-Albrechts-University of Kiel. 4907 The statistics gathered in the sendmail.st file were too high; in 4908 some cases failures (e.g., user unknown or temporary failure) 4909 would count as a delivery as far as the statistics were 4910 concerned. Problem noted by Tom Moore of AT&T GIS. 4911 Systems that don't have flock() would not send split envelopes in 4912 the initial run. Problem pointed out by Leonard Zubkoff of 4913 Dandelion Digital. 4914 Move buffer overflow checking -- these primarily involve distrusting 4915 results that may come from NIS and DNS. 4916 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't 4917 include <paths.h> and hence had the wrong pathnames for a few 4918 things like /var/tmp. Reported by Matthew Green. 4919 Conditions were reversed for the Priority: header, resulting in all 4920 values being interpreted as non-urgent except for non-urgent, 4921 which was interpreted as normal. Patch from Bryan Costales. 4922 The -o (optional) flag was being ignored on hash and btree maps 4923 since 8.7.2. Fix from Bryan Costales. 4924 Content-Types listed in class "q" will always be encoded as 4925 Quoted-Printable (or more accurately, will never be encoded 4926 as base64). The class can have primary types (e.g., "text") 4927 or full types (e.g., "text/plain"). Based on a suggestion by 4928 Marius Olafsson of the University of Iceland. 4929 Define ${envid} to be the original envelope id (from the ESMTP DSN 4930 dialogue) so it can be passed to programs in mailers. 4931 Define ${bodytype} to be the body type (from the -B flag or the 4932 BODY= ESMTP parameter) so it can be passed to programs in 4933 mailers. 4934 Cause the VRFY command to return 252 instead of 250 unless the F=q 4935 flag is set in the mailer descriptor. Suggested by John 4936 Myers of CMU. 4937 Implement ESMTP ETRN command to flush the queue for a specific host. 4938 The command takes a host name; data for that host is 4939 immediately (and asynchronously) flushed. Because this shares 4940 the -qR implementation, other hosts may be attempted, but 4941 there should be no security implications. Implementation 4942 from John Beck of InReference, Inc. See RFC 1985 for details. 4943 Add three new command line flags to pass in DSN parameters: -V envid 4944 (equivalent to ENVID=envid on the MAIL command), -R ret 4945 (equivalent to RET=ret on the MAIL command), and -Nnotify 4946 (equivalent to NOTIFY=notify on the RCPT command). Note 4947 that the -N flag applies to all recipients; there is no way 4948 to specify per-address notifications on the command line, 4949 nor is there an equivalent for the ORCPT= per-address 4950 parameter. 4951 Restore LogLevel option to be safe (it can only be increased); 4952 apparently I went into paranoid mode between 8.6 and 8.7 4953 and made it unsafe. Pointed out by Dabe Murphy of the 4954 University of Maryland. 4955 New logging on log level 15: all SMTP traffic. Patches from 4956 Andrew Gross of San Diego Supercomputer Center. 4957 NetInfo property value searching code wasn't stopping when it found 4958 a match. This was causing the wrong values to be found (and 4959 had a memory leak). Found by Bastian Schleuter of TU-Berlin. 4960 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed 4961 out by Bill Wisner of Electronics for Imaging that you can't 4962 use the bracket address form for the MAIL_HUB macro, since 4963 that causes the brackets to remain in the envelope recipient 4964 address used for delivery. The simple fix (stripping off the 4965 brackets in the config file) breaks the use of IP literal 4966 addresses. This flag will solve that problem. 4967 Add MustQuoteChars option. This is a list of characters that must 4968 be quoted if they are found in the phrase part of an address 4969 (that is, the full name part). The characters @,;:\()[] are 4970 always in this list and cannot be removed. The default is 4971 this list plus . and ' to match RFC 822. 4972 Add AllowBogusHELO option; if set, sendmail will allow HELO commands 4973 that do not include a host name for back compatibility with 4974 some stupid SMTP clients. Setting this violates RFC 1123 4975 section 5.2.5. 4976 Add MaxDaemonChildren option; if this is set, sendmail will start 4977 rejecting connections if it has more than this many 4978 outstanding children accepting mail. Note that you may 4979 see more processes than this because of outgoing mail; this 4980 is for incoming connections only. 4981 Add ConnectionRateThrottle option. If set to a positive value, the 4982 number of incoming SMTP connections that will be permitted 4983 in a single second is limited to this number. Connections are 4984 not refused during this time, just deferred. The intent is to 4985 flatten out demand so that load average limiting can kick in. 4986 It is less radical than MaxDaemonChildren, which will stop 4987 accepting connections even if all the connections are idle 4988 (e.g., due to connection caching). 4989 Add Timeout.hoststatus option. This interval (defaulting to 30m) 4990 specifies how long cached information about the state of a 4991 host will be kept before they are considered stale and the 4992 host is retried. If you are using persistent host status 4993 (i.e., the HostStatusDirectory option is set) this will apply 4994 between runs; otherwise, it applies only within a single queue 4995 run and hence is useful only for hosts that have large queues 4996 that take a very long time to run. 4997 Add SingleLineFromHeader option. If set, From: headers are coerced 4998 into being a single line even if they had newlines in them 4999 when read. This is to get around a botch in Lotus Notes. 5000 Text class maps were totally broken -- if you ever retrieved the last 5001 item in a table it would be truncated. Problem noted by 5002 Gregory Neil Shapiro of WPI. 5003 Extend the lines printed by the mailq command (== the -bp flag) when 5004 -v is given to 120 characters; this allows more information 5005 to be displayed. Suggested by Gregory Neil Shapiro of WPI. 5006 Allow macro definitions (`D' lines) with unquoted commas; previously 5007 this was treated as end-of-input. Problem noted by Bryan 5008 Costales. 5009 The RET= envelope parameter (used for DSNs) wasn't properly written 5010 to the queue file. Fix from John Hughes of Atlantic 5011 Technologies, Inc. 5012 Close /var/tmp/dead.letter after a successful write -- otherwise 5013 if this happens in a queue run it can cause nasty delays. 5014 Problem noted by Mark Horton of AT&T. 5015 If userdb entries pointed to userdb entries, and there were multiple 5016 values for a given key, the database cursor would get 5017 trashed by the recursive call. Problem noted by Roy Mongiovi 5018 of Georgia Tech. Fixed by reading all the values and creating 5019 a comma-separated list; thus, the -v output will be somewhat 5020 different for this case. 5021 Fix buffer allocation problem with Hesiod-based userdb maps when 5022 HES_GETMAILHOST is defined. Based on a patch by Betty Lee 5023 of Stanford University. 5024 When envelopes were split due to aliases with owner- aliases, and 5025 there was some error on one of the lists, more than one of 5026 the owners would get the message. Problem pointed out by 5027 Roy Mongiovi of Georgia Tech. 5028 Detect excessive recursion in macro expansions, e.g., $X defined 5029 in terms of $Y which is defined in terms of $X. Problem 5030 noted by Bryan Costales; patch from Eric Wassenaar. 5031 When using F=U to get "ugly UUCP" From_ lines, a buffer could in 5032 some cases get trashed causing bogus From_ lines. Fix from 5033 Kyle Jones of UUNET. 5034 When doing load average initialization, if the nlist call for avenrun 5035 failed, the second and subsequent lookups wouldn't notice 5036 that fact causing bogus load averages to be returned. Noted 5037 by Casper Dik of Sun Holland. 5038 Fix problem with incompatibility with some versions of inet_aton that 5039 have changed the return value to unsigned, so a check for an 5040 error return of -1 doesn't work. Use INADDR_NONE instead. 5041 This could cause mail to addresses such as [foo.com] to bounce 5042 or get dropped. Problem noted by Christophe Wolfhugel of the 5043 Pasteur Institute. 5044 DSNs were inconsistent if a failure occurred during the DATA phase 5045 rather than the RCPT phase: the Action: would be correct, but 5046 the detailed status information would be wrong. Problem noted 5047 by Bob Snyder of General Electric Company. 5048 Add -U command line flag and the XUSR ESMTP extension, both indicating 5049 that this is the initial MUA->MTA submission. The flag current 5050 does nothing, but in future releases (when MUAs start using 5051 these flags) it will probably turn on things like DNS 5052 canonification. 5053 Default end-of-line string (E= specification on mailer [M] lines) 5054 to \r\n on SMTP mailers. Default remains \n on non-SMTP 5055 mailers. 5056 Change the internal definition for the *file* and *include* mailers 5057 to have $u in the argument vectors so that they aren't 5058 misinterpreted as SMTP mailers and thus use \r\n line 5059 termination. This will affect anyone who has redefined 5060 either of these in their configuration file. 5061 Don't assume that IDENT servers close the connection after a query; 5062 responses can be newline terminated. From Terry Kennedy of 5063 St. Peter's College. 5064 Avoid core dumps on erroneous configuration files that have 5065 $#mailer with nothing following. From Bryan Costales. 5066 Avoid null pointer dereference with high debug values in unlockqueue. 5067 Fix from Randy Martin of Clemson University. 5068 Fix possible buffer overrun when expanding very large macros. Fix 5069 from Kyle Jones of UUNET. 5070 After 25 EXPN or VRFY commands, start pausing for a second before 5071 processing each one. This avoids a certain form of denial 5072 of service attack. Potential attack pointed out by Bryan 5073 Costales. 5074 Allow new named (not numbered!) config file rules to do validity 5075 checking on SMTP arguments: check_mail for MAIL commands and 5076 check_rcpt for RCPT commands. These rulesets can do anything 5077 they want; their result is ignored unless they resolve to the 5078 $#error mailer, in which case the indicated message is printed 5079 and the command is rejected. Similarly, the check_compat 5080 ruleset is called before delivery with "from_addr $| to_addr" 5081 (the $| is a meta-symbol used to separate the two addresses); 5082 it can give a "this sender can't send to this recipient" 5083 notification. Note that this patch allows $| to stand alone 5084 in rulesets. 5085 Define new macros ${client_name}, ${client_addr}, and ${client_port} 5086 that have the name, IP address, and port number (respectively) 5087 of the SMTP client (that is, the entity at the other end of 5088 the connection. These can be used in (e.g.) check_rcpt to 5089 verify that someone isn't trying to relay mail through your 5090 host inappropriately. Be sure to use the deferred evaluation 5091 form, for example $&{client_name}, to avoid having these bound 5092 when sendmail reads the configuration file. 5093 Add new config file rule check_relay to check the incoming connection 5094 information. Like check_compat, it is passed the host name 5095 and host address separated by $| and can reject connections 5096 on that basis. 5097 Allow IDA-style recursive function calls. Code contributed by Mark 5098 Lovell and Paul Vixie. 5099 Eliminate the "No ! in UUCP From address!" message" -- instead, create 5100 a virtual UUCP address using either a domain address or the $k 5101 macro. Based on code contributed by Mark Lovell and Paul 5102 Vixie. 5103 Add Stanford LDAP map. Requires special libraries that are not 5104 included with sendmail. Contributed by Booker C. Bense 5105 <bbense@networking.stanford.edu>; contact him for support. 5106 See also the src/READ_ME file. 5107 Allow -dANSI to turn on ANSI escape sequences in debug output; this 5108 puts metasymbols (e.g., $+) in reverse video. Really useful 5109 only for debugging deep bits of code where it is important to 5110 distinguish between the single-character metasymbol $+ and the 5111 two characters $, +. 5112 Changed ruleset 89 (executed in dumpstate()) to a named ruleset, 5113 debug_dumpstate. 5114 Add new UnsafeGroupWrites option; if set, .forward and :include: 5115 files that are group writable are considered "unsafe" -- that 5116 is, programs and files referenced from such files are not 5117 valid recipients. 5118 Delete bogosity test for FallBackMX host; this prevented it to be a 5119 name that was not in DNS or was a domain-literal. Problem 5120 noted by Tom May. 5121 Change the introduction to error messages to more clearly delineate 5122 permanent from temporary failures; if both existed in a 5123 single message it could be confusing. Suggested by John 5124 Beck of InReference, Inc. 5125 The IngoreDot (i) option didn't work for lines that were terminated 5126 with CRLF. Problem noted by Ted Stockwell of Secure 5127 Computing Corporation. 5128 Add a heuristic to improve the handling of unbalanced `<' signs in 5129 message headers. Problem reported by Matt Dillon of Best 5130 Internet Communications. 5131 Check for bogus characters in the 0200-0237 range; since these are 5132 used internally, very strange errors can occur if those 5133 characters appear in headers. Problem noted by Anders Gertz 5134 of Lysator. 5135 Implement 7 -> 8 bit MIME conversions. This only takes place if the 5136 recipient mailer has the F=9 flag set, and only works on 5137 text/plain body types. Code contributed by Marius Olafsson 5138 of the University of Iceland. 5139 Special case "postmaster" name so that it is always treated as lower 5140 case in alias files regardless of configuration settings; 5141 this prevents some potential problems where "Postmaster" or 5142 "POSTMASTER" might not match "postmaster". In most cases 5143 this change is a no-op. 5144 The -o map flag was ignored for text maps. Problem noted by Bryan 5145 Costales. 5146 The -a map flag was ignored for dequote maps. Problem noted by 5147 Bryan Costales. 5148 Fix core dump when a lookup of a class "prog" map returns no 5149 response. Patch from Bryan Costales. 5150 Log instances where sendmail is deferring or rejecting connections 5151 on LogLevel 14. Suggested by Kyle Jones of UUNET. 5152 Include port number in process title for network daemons. Suggested 5153 by Kyle Jones of UUNET. 5154 Send ``double bounces'' (errors that occur when sending an error 5155 message) to the address indicated in the DoubleBounceAddress 5156 option (default: postmaster). Previously they were always 5157 sent to postmaster. Suggested by Kyle Jones of UUNET. 5158 Add new mode, -bD, that acts like -bd in all respects except that 5159 it runs in foreground. This is useful for using with a 5160 wrapper that "watches" system services. Suggested by Kyle 5161 Jones of UUNET. 5162 Fix botch in spacing around (parenthesized) comments in addresses 5163 when the comment comes before the address. Patch from 5164 Motonori Nakamura of Kyoto University. 5165 Use the prefix "Postmaster notify" on the Subject: lines of messages 5166 that are being bounced to postmaster, rather than "Returned 5167 mail". This permits the person who is postmaster more 5168 easily determine what messages are to their role as 5169 postmaster versus bounces to mail they actually sent. Based 5170 on a suggestion by Motonori Nakamura. 5171 Add new value "time" for QueueSortOrder option; this causes the queue 5172 to be sorted strictly by the time of submission. Note that 5173 this can cause very bad behavior over slow lines (because 5174 large jobs will tend to delay small jobs) and on nodes with 5175 heavy traffic (because old things in the queue for hosts that 5176 are down delay processing of new jobs). Also, this does not 5177 guarantee that jobs will be delivered in submission order 5178 unless you also set DeliveryMode=queue. In general, it should 5179 probably only be used on the command line, and only in 5180 conjunction with -qRhost.domain. In fact, there are very few 5181 cases where it should be used at all. Based on an 5182 implementation by Motonori Nakamura. 5183 If a map lookup in ruleset 5 returns tempfail, queue the message in 5184 the same manner as other rulesets. Previously a temporary 5185 failure in ruleset 5 was ignored. Patch from Booker Bense 5186 of Stanford University. 5187 Don't proceed to the next MX host if an SMTP MAIL command returns a 5188 5yz (permanent failure) code. The next MX host will still be 5189 tried if the connection cannot be opened in the first place 5190 or if the MAIL command returns a 4yz (temporary failure) code. 5191 (It's hard to know what to do here, since neither RFC 974 nor 5192 RFC 1123 specify when to proceed to the next MX host.) 5193 Suggested by Jonathan Kamens of OpenVision, Inc. 5194 Add new "-t" flag for map definitions (the "K" line in the .cf file). 5195 This causes map lookups that get a temporary failure (e.g., 5196 name server failure) to _not_ defer the delivery of the 5197 message. This should only be used if your configuration file 5198 is prepared to do something sensible in this case. Based on 5199 an idea by Gregory Shapiro of WPI. 5200 Fix problem finding network interface addresses. Patch from 5201 Motonori Nakamura. 5202 Don't reject qf entries that are not owned by your effective uid if 5203 you are not running set-user-ID; this makes management of 5204 certain kinds of firewall setups difficult. Patch 5205 suggested by Eamonn Coleman of Qualcomm. 5206 Add persistent host status. This keeps the information normally 5207 maintained within a single queue run in disk files that are 5208 shared between sendmail instances. The HostStatusDirectory 5209 is the directory in which the information is maintained. If 5210 not set, persistent host status is turned off. If not a full 5211 pathname, it is relative to the queue directory. A common 5212 value is ".hoststat". 5213 There are also two new operation modes: 5214 * -bh prints the status of hosts that have had recent 5215 connections. 5216 * -bH purges the host statuses. No attempt is made to save 5217 recent status information. 5218 This feature was originally written by Paul Vixie of Vixie 5219 Enterprises for KJS and adapted for V8 by Mark Lovell of 5220 Bigrock Consulting. Paul's funding of Mark and Mark's patience 5221 with my insistence that things fit cleanly into the V8 5222 framework is gratefully appreciated. 5223 New SingleThreadDelivery option (requires HostStatusDirectory to 5224 operate). Avoids letting two sendmails on the local machine 5225 open connections to the same remote host at the same time. 5226 This reduces load on the other machine, but can cause mail to 5227 be delayed (for example, if one sendmail is delivering a huge 5228 message, other sendmails won't be able to send even small 5229 messages). Also, it requires another file descriptor (for the 5230 lock file) per connection, so you may have to reduce 5231 ConnectionCacheSize to avoid running out of per-process 5232 file descriptors. Based on the persistent host status code 5233 contributed by Paul Vixie and Mark Lovell. 5234 Allow sending to non-simple files (e.g., /dev/null) even if the 5235 SafeFileEnvironment option is set. Problem noted by Bryan 5236 Costales. 5237 The -qR flag mistakenly matched flags in the "R" line of the queue 5238 file. Problem noted by Bryan Costales. 5239 If a job was aborted using the interrupt signal (e.g., control-C from 5240 the keyboard), on some occasions an empty df file would be 5241 left around; these would collect in the queue directory. 5242 Problem noted by Bryan Costales. 5243 Change the makesendmail script to enhance the search for Makefiles 5244 based on release number. For example, on SunOS 5.5.1, it will 5245 search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then 5246 Makefile.SunOS.5.x (in addition to the other rules, e.g., 5247 adding $arch). Problem noted by Jason Mastaler of Atlanta 5248 Webmasters. 5249 When creating maps using "newaliases", always map the keys to lower 5250 case when creating the map unless the -f flag is specified on 5251 the map itself. Previously this was done based on the F=u 5252 flag in the local mailer, which meant you could create aliases 5253 that you could never access. Problem noted by Bob Wu of DEC. 5254 When a job was read from the queue, the bits causing notification on 5255 failure or delay were always set. This caused those 5256 notifications to be sent even if NOTIFY=NEVER had been 5257 specified. Problem noted by Steve Hubert of the University 5258 of Washington, Seattle. 5259 Add new configurable routine validate_connection (in conf.c). This 5260 lets you decide if you are willing to accept traffic from 5261 this host. If it returns FALSE, all SMTP commands will return 5262 "550 Access denied". -DTCPWRAPPERS will include support for 5263 TCP wrappers; you will need to add -lwrap to the link line. 5264 (See src/READ_ME for details.) 5265 Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster 5266 bounces. Some people seemed to think that this could be 5267 confusing (even though it is true). Suggested by Motonori 5268 Nakamura. 5269 Add new RunAsUser option; this causes sendmail to do a setuid to that 5270 user early in processing to avoid potential security problems. 5271 However, this means that all .forward and :include: files must 5272 be readable by that user, and all files to be written must be 5273 writable by that user and all programs will be executed by that 5274 user. It is also incompatible with the SafeFileEnvironment 5275 option. In other words, it may not actually add much to 5276 security. However, it should be useful on firewalls and other 5277 places where users don't have accounts and the aliases file is 5278 well constrained. 5279 Add Timeout.iconnect. This is like Timeout.connect except it is used 5280 only on the first attempt to delivery to an address. It could 5281 be set to be lower than Timeout.connect on the principle that 5282 the mail should go through quickly to responsive hosts; less 5283 responsive hosts get to wait for the next queue run. 5284 Fix a problem on Solaris that occasionally causes programs 5285 (such as vacation) to hang with their standard input connected 5286 to a UDP port. It also created some signal handling problems. 5287 The problems turned out to be an interaction between vfork(2) 5288 and some of the libraries, particularly NIS/NIS+. I am 5289 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix. 5290 Change user class map to do the same matching that actual delivery 5291 will do instead of just a /etc/passwd lookup. This adds 5292 fuzzy matching to the user map. Patch from Dan Oscarsson. 5293 The Timeout.* options are not safe -- they can be used to create a 5294 denial-of-service attack. Problem noted by Christophe 5295 Wolfhugel. 5296 Don't send PostmasterCopy messages in the event of a "delayed" 5297 notification. Suggested by Barry Bouwsma. 5298 Don't advertise "VERB" ESMTP extension if the "noexpn" privacy 5299 option is set, since this disables VERB mode. Suggested 5300 by John Hawkinson of MIT. 5301 Complain if the QueueDirectory (Q) option is not set. Problem noted 5302 by Motonori Nakamura of Kyoto University. 5303 Only queue messages on transient .forward open failures if there 5304 were no successful opens. The previous behavior caused it 5305 to queue even if a "fall back" .forward was found. Problem 5306 noted by Ann-Kian Yeo of the Dept. of Information Systems 5307 and Computer Science (DISCS), NUS, Singapore. 5308 Don't do 8->7 bit conversions when bouncing a MIME message that 5309 is bouncing because of a MIME error during 8->7 bit conversion; 5310 the encapsulated message will bounce again, causing a loop. 5311 Problem noted by Steve Hubert of the University of Washington. 5312 Create xf (transcript) files using the TempFileMode option value 5313 instead of 0644. Suggested by Ann-Kian Yeo of the 5314 National University of Singapore. 5315 Print errors if setgid/setuid/etc. fail during delivery. This helps 5316 detect cases where DefaultUid is set to something that the 5317 system can't cope with. 5318 PORTABILITY FIXES: 5319 Support for AIX/RS 2.2.1 from Mark Whetzel of Western 5320 Atlas International. 5321 Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell 5322 <bicknell@ufp.org>. 5323 On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only 5324 work on the first recipient of a message due to a 5325 bug in the getpwent family. If this is something you 5326 use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a 5327 workaround. From Maximum Entropy of Sanford C. 5328 Bernstein and Associates. 5329 FreeBSD 1.1.5.1 uname -r returns a string containing 5330 parentheses, which breaks makesendmail. Reported 5331 by Piero Serini <piero@strider.ibenet.it>. 5332 Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of 5333 Systems and Computer Technology Corporation. 5334 Solaris 2.x: omit the UUCP grade parameter (-g flag) because 5335 it is system-dependent. Problem noted by J.J. Bailey 5336 of Bailey Computer Consulting. 5337 Pyramid NILE running DC/OSx support from Earle F. Ake of 5338 Hassler Communication Systems Technology, Inc. 5339 HP-UX 10.x compile glitches, reported by Anne Brink of the 5340 U.S. Army and James Byrne of Harte & Lyne Limited. 5341 NetBSD from Matthew Green of the NetBSD crew. 5342 SCO 5.x from Keith Reynolds of SCO. 5343 IRIX 6.2 from Robert Tarrall of the University of 5344 Colorado and Kari Hurtta of the Finnish Meteorological 5345 Institute. 5346 UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R. 5347 Lopez, CICA (Seville). 5348 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR. 5349 PTX 3.2.0 from Kenneth Stailey of the US Department of Labor 5350 Employment Standards Administration. 5351 Altos System V (5.3.1) from Tim Rice of Multitalents. 5352 Concurrent Systems Corporation Maxion from Donald R. Laster 5353 Jr. 5354 NetInfo maps (improved debugging and multi-valued aliases) 5355 from Adrian Steinmann of Steinmann Consulting. 5356 ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler) 5357 from Eric Schnoebelen of Convex. 5358 Linux 2.0 mail.local patches from Horst von Brand. 5359 NEXTSTEP 3.x compilation from Robert La Ferla. 5360 NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT. 5361 Solaris 2.5 configuration fixes for mail.local by Jim Davis 5362 of the University of Arizona. 5363 Solaris 2.5 has a working setreuid. Noted by David Linn of 5364 Vanderbilt University. 5365 Solaris changes for praliases, makemap, mailstats, and smrsh. 5366 Previously you had to add -DSOLARIS in Makefile.dist; 5367 this auto-detects. Based on a patch from Randall 5368 Winchester of the University of Maryland. 5369 CONFIG: add generic-nextstep3.3.mc file. Contributed by 5370 Robert La Ferla of Hot Software. 5371 CONFIG: allow mailertables to resolve to ``error:code message'' 5372 (where "code" is an exit status) on domains (previously 5373 worked only on hosts). Patch from Cor Bosman of Xs4all 5374 Foundation. 5375 CONFIG: hooks for IPv6-style domain literals. 5376 CONFIG: predefine ALIAS_FILE and change the prototype file so that 5377 if it is undefined the AliasFile option is never set; this 5378 should be transparent for most everyone. Suggested by John 5379 Myers of CMU. 5380 CONFIG: add FEATURE(limited_masquerade). Without this feature, any 5381 domain listed in $=w is masqueraded. With it, only those 5382 domains listed in a MASQUERADE_DOMAIN macro are masqueraded. 5383 CONFIG: add FEATURE(masquerade_entire_domain). This causes 5384 masquerading specified by MASQUERADE_DOMAIN to apply to all 5385 hosts under those domains as well as the domain headers 5386 themselves. For example, if a configuration had 5387 MASQUERADE_DOMAIN(foo.com), then without this feature only 5388 foo.com would be masqueraded; with it, *.foo.com would be 5389 masqueraded as well. Based on an implementation by Richard 5390 (Pug) Bainter of U. Texas. 5391 CONFIG: add FEATURE(genericstable) to do a more general rewriting of 5392 outgoing addresses. Defaults to ``hash -o /etc/genericstable''. 5393 Keys are user names; values are outgoing mail addresses. Yes, 5394 this does overlap with the user database, and figuring out 5395 just when to use which one may be tricky. Based on code 5396 contributed by Richard (Pug) Bainter of U. Texas with updates 5397 from Per Hedeland of Ericsson. 5398 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of 5399 incoming addresses. Defaults to ``hash -o /etc/virtusertable''. 5400 Keys are either fully qualified addresses or just the host 5401 part (with the @ sign). For example, a table containing: 5402 info@foo.com foo-info 5403 info@bar.com bar-info 5404 @baz.org jane@elsewhere.net 5405 would send all mail destined for info@foo.com to foo-info 5406 (which is presumably an alias), mail addressed to info@bar.com 5407 to bar-info, and anything addressed to anyone at baz.org will 5408 be sent to jane@elsewhere.net. The names foo.com, bar.com, 5409 and baz.org must all be in $=w. Based on discussions with 5410 a great many people. 5411 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS. 5412 Suggested by Richard Bainter. 5413 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the 5414 "fax" mailer. 5415 CONFIG: allow mailertable entries to resolve to local:user; this 5416 passes the original user@host in to procmail-style local 5417 mailers as the "detail" information to allow them to do 5418 additional clever processing. From Joe Pruett of 5419 Teleport Corporation. Delivery to the original user can 5420 be done by specifying "local:" (with nothing after the colon). 5421 CONFIG: allow any context that takes "mailer:domain" to also take 5422 "mailer:user@domain" to force mailing to the given user; 5423 "local:user" can also be used to do local delivery. This 5424 applies on *_RELAY and in the mailertable entries. Based 5425 on a suggestion by Ribert Kiessling of Easynet. 5426 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that 5427 limits the possible domains; this reduces the number of DNS 5428 lookups required to support this feature. For example, 5429 FEATURE(bestmx_is_local, my.site.com) limits the lookups 5430 to domains under my.site.com. Code contributed by Anthony 5431 Thyssen <anthony@cit.gu.edu.au>. 5432 CONFIG: LOCAL_RULESETS introduces any locally defined rulesets, 5433 such as the check_rcpt ruleset. Suggested by Gregory Shapiro 5434 of WPI. 5435 CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the 5436 event you have to define local mailers. Suggested by 5437 Gregory Shapiro of WPI. 5438 CONFIG: fix cases where a three- (or more-) stage route-addr could 5439 be misinterpreted as a list:...; syntax. Based on a patch by 5440 Vlado Potisk <Vlado_Potisk@tempest.sk>. 5441 CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is 5442 remotely connected. The address host!user was being 5443 converted to host!user@thishost instead of host!user@uurelay. 5444 Problem noted by William Gianopoulos of Raytheon Company. 5445 CONFIG: add confTO_ICONNECT to set Timeout.iconnect. 5446 CONFIG: change FEATURE(redirect) message from "User not local" to 5447 "User has moved"; the former wording was confusing if the 5448 new address is still on the local host. Based on a suggestion 5449 by Andreas Luik. 5450 CONFIG: add support in FEATURE(nullclient) for $=E (exposed users). 5451 However, the class is not pre-initialized to contain root. 5452 Suggested by Gregory Neil Shapiro. 5453 CONTRIB: Remove XLA code at the request of the author, Christophe 5454 Wolfhugel. 5455 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm. 5456 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note 5457 well: this produces a slightly different mailbox format (no 5458 Content-Length: headers), file ownerships and modes are 5459 different (not owned by group mail; mode 600 instead of 660), 5460 and the local mailer flags will have to be tweaked (make them 5461 match bsd4.4) in order to use this mailer. Patches from Paul 5462 Hammann of the Missouri Research and Education Network. 5463 MAIL.LOCAL: in some cases it could return EX_OK even though there 5464 was a delivery error, such as if the ownership on the file 5465 was wrong or the mode changed between the initial stat and 5466 the open. Problem reported by William Colburn of the New 5467 Mexico Institute of Mining and Technology. 5468 MAILSTATS: handle zero length files more reliably. Patch from Bryan 5469 Costales. 5470 MAILSTATS: add man page contributed by Keith Bostic of BSDI. 5471 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't 5472 honored. Fix from Michael Scott Shappe. 5473 PRALIASES: add man page contributed by Keith Bostic of BSDI. 5474 NEW FILES: 5475 src/Makefiles/Makefile.AIX.2 5476 src/Makefiles/Makefile.IRIX.6.2 5477 src/Makefiles/Makefile.maxion 5478 src/Makefiles/Makefile.NCR.MP-RAS.3.x 5479 src/Makefiles/Makefile.SCO.5.x 5480 src/Makefiles/Makefile.UXPDSV20 5481 mailstats/mailstats.8 5482 praliases/praliases.8 5483 cf/cf/generic-nextstep3.3.mc 5484 cf/feature/genericstable.m4 5485 cf/feature/limited_masquerade.m4 5486 cf/feature/masquerade_entire_domain.m4 5487 cf/feature/virtusertable.m4 5488 cf/ostype/aix2.m4 5489 cf/ostype/altos.m4 5490 cf/ostype/maxion.m4 5491 cf/ostype/solaris2.ml.m4 5492 cf/ostype/uxpds.m4 5493 contrib/re-mqueue.pl 5494 DELETED FILES: 5495 src/Makefiles/Makefile.Solaris 5496 contrib/xla/README 5497 contrib/xla/xla.c 5498 RENAMED FILES: 5499 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x 5500 src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2 5501 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10 5502 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x 5503 src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x 5504 55058.7.6/8.7.3 1996/09/17 5506 SECURITY: It is possible to force getpwuid to fail when writing the 5507 queue file, causing sendmail to fall back to running programs 5508 as the default user. This is not exploitable from off-site. 5509 Workarounds include using a unique user for the DefaultUser 5510 (old u & g options) and using smrsh as the local shell. 5511 SECURITY: fix some buffer overruns; in at least one case this allows 5512 a local user to get root. This is not known to be exploitable 5513 from off-site. The workaround is to disable chfn(1) commands. 5514 55158.7.5/8.7.3 1996/03/04 5516 Fix glitch in 8.7.4 when putting certain internal lines; this can 5517 in some case cause connections to hang or messages to have 5518 extra spaces in odd places. Patch from Eric Wassenaar; 5519 reports from Eric Hall of Chiron Corporation, Stephen 5520 Hansen of Stanford University, Dean Gaudet of HotWired, 5521 and others. 5522 55238.7.4/8.7.3 1996/02/18 5524 SECURITY: In some cases it was still possible for an attacker to 5525 insert newlines into a queue file, thus allowing access to 5526 any user (except root). 5527 CONFIG: no changes -- it is not a bug that the configuration 5528 version number is unchanged. 5529 55308.7.3/8.7.3 1995/12/03 5531 Fix botch in name server timeout in RCPT code; this problem caused 5532 two responses in SMTP, which breaks things horribly. Fix 5533 from Gregory Neil Shapiro of WPI. 5534 Verify that L= value on M lines cannot be negative, which could cause 5535 negative array subscripting. Not a security problem since 5536 this has to be in the config file, but it could have caused 5537 core dumps. Pointed out by Bryan Costales. 5538 Fix -d21 debug output for long macro names. Pointed out by Bryan 5539 Costales. 5540 PORTABILITY FIXES: 5541 SCO doesn't have ftruncate. From Bill Aten of Computerizers. 5542 IBM's version of arpa/nameser.h defaults to the wrong byte 5543 order. Tweak it to work properly. Based on fixes 5544 from Fletcher Mattox of UTexas and Betty Lee of 5545 Stanford University. 5546 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option. 5547 Deficiency pointed out by Bryan Costales of ICSI. 5548 55498.7.2/8.7.2 1995/11/19 5550 REALLY fix the backslash escapes in SmtpGreetingMessage, 5551 OperatorChars, and UnixFromLine options. They were not 5552 properly repaired in 8.7.1. 5553 Completely delete the Bcc: header if and only if there are other 5554 valid recipient headers (To:, Cc: or Apparently-To:, the 5555 last being a historic botch, of course). If Bcc: is the 5556 only recipient header in the message, its value is tossed, 5557 but the header name is kept. The old behavior (always keep 5558 the header name and toss the value) allowed primary recipients 5559 to see that a Bcc: went to _someone_. 5560 Include queue id on ``Authentication-Warning: <host>: <user> set 5561 sender to <address> using -f'' syslog messages. Suggested 5562 by Kari Hurtta. 5563 If a sequence or switch map lookup entry gets a tempfail but then 5564 continues on to another map type, but the name is not found, 5565 return a temporary failure from the sequence or switch map. 5566 For example, if hosts search ``dns files'' and DNS fails 5567 with a tempfail, the hosts map will go on and search files, 5568 but if it fails the whole thing should be a tempfail, not 5569 a permanent (host unknown) failure, even though that is the 5570 failure in the hosts.files map. This error caused hard 5571 bounces when it should have requeued. 5572 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo 5573 owned by bar mode 700 and inbox being set-user-ID bar stopped 5574 working properly due to excessive paranoia. Pointed out by 5575 John Hawkinson of Panix. 5576 An SMTP RCPT command referencing a host that gave a nameserver 5577 timeout would return a 451 command (8.6 accepted it and 5578 queued it locally). Revert to the 8.6 behavior in order 5579 to simplify queue management for clustered systems. Suggested 5580 by Gregory Neil Shapiro of WPI. The same problem could break 5581 MH, which assumes that the SMTP session will succeed (tsk, tsk 5582 -- mail gets lost!); this was pointed out by Stuart Pook of 5583 Infobiogen. 5584 Fix possible buffer overflow in munchstring(). This was not a security 5585 problem because you couldn't specify any argument to this 5586 without first giving up root privileges, but it is still a 5587 good idea to avoid future problems. Problem noted by John 5588 Hawkinson and Sam Hartman of MIT. 5589 ``452 Out of disk space for temp file'' messages weren't being 5590 printed. Fix from David Perlin of Nanosoft. 5591 Don't advertise the ESMTP DSN extension if the SendMimeErrors option 5592 is not set, since this is required to get the actual DSNs 5593 created. Problem pointed out by John Gardiner Myers of CMU. 5594 Log permission problems that cause .forward and :include: files to 5595 be untrusted or ignored on log level 12 and higher. Suggested 5596 by Randy Martin of Clemson University. 5597 Allow user ids in U= clauses of M lines to have hyphens and 5598 underscores. 5599 Fix overcounting of recipients -- only happened when sending to an 5600 alias. Pointed out by Mark Andrews of SGI and Jack Woolley 5601 of Systems and Computer Technology Corporation. 5602 If a message is sent to an address that fails, the error message that 5603 is returned could show some extraneous "success" information 5604 included even if the user did not request success notification, 5605 which was confusing. Pointed out by Allan Johannesen of WPI. 5606 Config files that had no AliasFile definition were defaulting to 5607 using /etc/aliases; this caused problems with nullclient 5608 configurations. Change it back to the 8.6 semantics of 5609 having no local alias file unless it is declared. Problem 5610 noted by Charles Karney of Princeton University. 5611 Fix compile problem if NOTUNIX is defined. Pointed out by Bryan 5612 Costales of ICSI. 5613 Map lookups of class "userdb" maps were always case sensitive; they 5614 should be controlled by the -f flag like other maps. Pointed 5615 out by Bjart Kvarme <bjart.kvarme@usit.uio.no>. 5616 Fix problem that caused some addresses to be passed through ruleset 5 5617 even when they were tagged as "sticky" by prefixing the 5618 address with an "@". Patch from Thomas Dwyer III of Michigan 5619 Technological University. 5620 When converting a message to Quoted-Printable, prevent any lines with 5621 dots alone on a line by themselves. This is because of the 5622 preponderance of broken mailers that still get this wrong. 5623 Code contributed by Per Hedeland of Ericsson. 5624 Fix F{macro}/file construct -- it previously did nothing. Pointed 5625 out by Bjart Kvarme of USIT/UiO (Norway). 5626 Announce whether a cached connection is SMTP or ESMTP (in -v mode). 5627 Requested by Allan Johannesen. 5628 Delete check for text format of alias files -- it should be legal 5629 to have the database format of the alias files without the 5630 text version. Problem pointed out by Joe Rhett of Navigist, 5631 Inc. 5632 If "Ot" was specified with no value, the TZ variable was not properly 5633 imported from the environment. Pointed out by Frank Crawford 5634 <frank@ansto.gov.au>. 5635 Some architectures core dumped on "program" maps that didn't have 5636 extra arguments. Patch from Booker C. Bense of Stanford 5637 University. 5638 Queue run processes would re-spawn daemons when given a SIGHUP; only 5639 the parent should do this. Fix from Brian Coan of the 5640 Association for Progressive Communications. 5641 If MinQueueAge was set and a message was considered but not run 5642 during a queue run and the Timeout.queuereturn interval was 5643 reached, a "timed out" error message would be returned that 5644 didn't include the failed address (and claimed to be a warning 5645 even though it was fatal). The fix is to not return such 5646 messages until they are actually tried, i.e., in the next 5647 MinQueueAge interval. Problem noted by Rein Tollevik of 5648 SINTEF RUNIT, Oslo. 5649 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions 5650 that have the hes_getmailhost() routine. DEC Hesiod 5651 distributions do not have this routine. Based on a patch 5652 from Betty Lee of Stanford University. 5653 Extensive cleanups to map open code to handle a locking race condition 5654 in ndbm, hash, and btree format database files on some (most 5655 non-4.4-BSD based) OS architectures. This should solve the 5656 occasional "user unknown" problem during alias rebuilds that 5657 has plagued me for quite some time. Based on a patch from 5658 Thomas Dwyer III of Michigan Technological University. 5659 PORTABILITY FIXES: 5660 Solaris: Change location of newaliases and mailq from 5661 /usr/ucb to /usr/bin to match Sun settings. From 5662 James B. Davis of TCI. 5663 DomainOS: Makefile.DomainOS doesn't require -ldbm. From 5664 Don Lewis of Silicon Systems. 5665 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x 5666 so that the makesendmail script will find it. Pointed 5667 out by Richard Allen of the University of Iceland. 5668 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which 5669 isn't supported on all compilers. 5670 UXPDS: compilation fixes from Diego R. Lopez. 5671 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless 5672 you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE. 5673 CONFIG: Minor glitch in S21 -- attachment of local domain name 5674 didn't have trailing dot. From Jim Hickstein of Teradyne. 5675 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as 5676 user%host@thishost. From Claude Scarpelli of Infobiogen 5677 (France). 5678 CONFIG: OSTYPE(hpux10) failed to define the location of the help file. 5679 Pointed out by Hannu Martikka of Nokia Telecommunications. 5680 CONFIG: Diagnose some inappropriate ordering in configuration files, 5681 such as FEATURE(smrsh) listed after MAILER(local). Based on 5682 a bug report submitted by Paul Hoffman of Proper Publishing. 5683 CONFIG: Make OSTYPE files consistently not override settings that 5684 have already been set. Previously it worked differently 5685 for different files. 5686 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take 5687 is that this is wrong, but the change was causing problems 5688 for some people. From Per Hedeland of Ericsson. 5689 CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>; 5690 portability changes for Posix environments (no functional 5691 changes). 5692 56938.7.1/8.7.1 1995/10/01 5694 Old macros that have become options (SmtpGreetingMessage, 5695 OperatorChars, and UnixFromLine) didn't allow backslash 5696 escapes in the options, where they previously had. Bug 5697 pointed out by John Hawkinson of MIT. 5698 Fix strange case of an executable called by a program map that 5699 returns a value but also a non-zero exit status; this 5700 would give contradictory results in the higher level; in 5701 particular, the default clause in the map lookup would be 5702 ignored. Change to ignore the value if the program returns 5703 non-zero exit status. From Tom Moore of AT&T GIS. 5704 Shorten parameters passed to syslog() in some contexts to avoid a 5705 bug in many vendors' implementations of that routine. Although 5706 this isn't really a bug in sendmail per se, and my solution 5707 has to assume that syslog() has at least a 1K buffer size 5708 internally (I know some vendors have shortened this 5709 dramatically -- they're on their own), sendmail is a popular 5710 target. Also, limit the size of %s arguments in sprintf. 5711 These both have possible security implications. Solutions 5712 suggested by Casper Dik of Sun's Network Security Group 5713 (Holland), Mark Seiden, and others. 5714 Fix a problem that might cause a non-standard -B (body type) 5715 parameter to be passed to the next server with undefined 5716 results. This could have security implications. 5717 If a filesystem was at > 100% utilization, the freediskspace() 5718 routine incorrectly returned an error rather than zero. 5719 Problem noted by G. Paul Ziemba of Alantec. 5720 Change MX sort order so that local hostnames (those in $=w) always 5721 sort first within a given preference. This forces the bestmx 5722 map to always return the local host first, if it is included 5723 in the list of highest priority MX records. From K. Robert 5724 Elz. 5725 Avoid some possible null pointer dereferences. Fixes from Randy 5726 Martin <WOLF@CLEMSON.EDU> 5727 When sendmail starts up on systems that have no fully qualified 5728 domain name (FQDN) anywhere in the first matching host map 5729 (e.g., /etc/hosts if the hosts service searches "files dns"), 5730 sendmail would sleep to try to find a FQDN, which it really 5731 really needs. This has been changed to fall through to the 5732 next map type if it can't find a FQDN -- i.e., if the hosts 5733 file doesn't have a FQDN, it will try dns even though the 5734 short name was found in /etc/hosts. This is probably a crock, 5735 but many people have hosts files without FQDNs. Remember: 5736 domain names are your friends. 5737 Log a high-priority message if you can't find your FQDN during startup. 5738 Suggested by Simon Barnes of Schlumberger Limited. 5739 When using Hesiod, initialize it early to improve error reporting. 5740 Patch from Don Lewis of Silicon Systems, Inc. 5741 Apparently at least some versions of Linux have a 90 !minute! TCP 5742 connection timeout in the kernel. Add a new "connect" timeout 5743 to limit this time. Defaults to zero (use whatever the 5744 kernel provides). Based on code contributed by J.R. Oldroyd 5745 of TerraNet. 5746 Under some circumstances, a failed message would not be properly 5747 removed from the queue, causing tons of bogus error messages. 5748 (This fix eliminates the problematic EF_KEEPQUEUE flag.) 5749 Problem noted by Allan E Johannesen and Gregory Neil Shapiro 5750 of WPI. 5751 PORTABILITY FIXES: 5752 On IRIX 5.x, there was an inconsistency in the setting 5753 of sendmail.st location. Change the Makefile to 5754 install it in /var/sendmail.st to match the OSTYPE 5755 file and SGI standards. From Andre 5756 <andre@curry.zfe.siemens.de>. 5757 Support for Fujitsu/ICL UXP/DS (For the DS/90 Series) 5758 from Diego R. Lopez <drlopez@cica.es>. 5759 Linux compilation patches from J.R. Oldroyd of TerraNet, Inc. 5760 LUNA 2 Mach patches from Motonori Nakamura. 5761 SunOS Makefile was including -ldbm, which is for the old 5762 dbm library. The ndbm library is part of libc. 5763 CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with 5764 ``local configuration error'' in nullclient configuration. 5765 Patch from Gregory Neil Shapiro of WPI. 5766 CONFIG: don't allow an alias file in nullclient configurations -- 5767 since all addresses are relayed, they give errors during 5768 rebuild. Suggested by Per Hedeland of Ericsson. 5769 CONFIG: local mailer on Solaris 2 should always get a -f flag because 5770 otherwise the F=S causes the From_ line to imply that root is 5771 the sender. Problem pointed out by Claude Scarpelli of 5772 Infobiogen (France). 5773 NEW FILES: 5774 cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake) 5775 src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake) 5776 src/Makefiles/Makefile.UXPDS 5777 57788.7/8.7 1995/09/16 5779 Fix a problem that could cause sendmail to run out of file 5780 descriptors due to a trashed data structure after a 5781 vfork. Fix from Brian Coan of the Institute for 5782 Global Communications. 5783 Change the VRFY response if you have disabled VRFY -- some 5784 people seemed to think that it was too rude. 5785 Avoid reference to uninitialized file descriptor if HASFLOCK 5786 was not defined. This was used "safely" in the sense 5787 that it only did a stat, but it would have set the 5788 map modification time improperly. Problem pointed out 5789 by Roy Mongiovi of Georgia Tech. 5790 Clean up the Subject: line on warning messages and return 5791 receipts so that they don't say "Returned mail:"; this 5792 can be confusing. 5793 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is 5794 useful enough to make it worthwhile printing on "-d". 5795 Avoid logging alias statistics every time you read the alias 5796 file on systems with no database method compiled in. 5797 If you have a name with a trailing dot, and you try looking it 5798 up using gethostbyname without the dot (for /etc/hosts 5799 compatibility), be sure to turn off RES_DEFNAMES and 5800 RES_DNSRCH to avoid finding the wrong name accidentally. 5801 Problem noted by Charles Amos of the University of 5802 Maryland. 5803 Don't do timeouts in collect if you are not running SMTP. 5804 There is nothing that says you can't have a long 5805 running program piped into sendmail (possibly via 5806 /bin/mail, which just execs sendmail). Problem reported 5807 by Don "Truck" Lewis of Silicon Systems. 5808 Try gethostbyname() even if the DNS lookup fails iff option I 5809 is not set. This allows you to have hosts listed in 5810 NIS or /etc/hosts that are not known to DNS. It's normally 5811 a bad idea, but can be useful on firewall machines. This 5812 should really be broken out on a separate flag, I suppose. 5813 Avoid compile warnings against BIND 4.9.3, which uses function 5814 prototypes. From Don Lewis of Silicon Systems. 5815 Avoid possible incorrect diagnosis of DNS-related errors caused 5816 by things like attempts to resolve uucp names using 5817 $[ ... $] -- the fix is to clear h_errno at appropriate 5818 times. From Kyle Jones of UUNET. 5819 SECURITY: avoid denial-of-service attacks possible by destroying 5820 the alias database file by setting resource limits low. 5821 This involves adding two new compile-time options: 5822 HASSETRLIMIT (indicating that setrlimit(2) support is 5823 available) and HASULIMIT (indicating that ulimit(2) support 5824 is available -- the Release 3 form is used). The former 5825 is assumed on BSD-based systems, the latter on System 5826 V-based systems. Attack noted by Phil Brandenberger of 5827 Swarthmore University. 5828 New syntaxes in test (-bt) mode: 5829 ``.Dmvalue'' will define macro "m" to "value". 5830 ``.Ccvalue'' will add "value" to class "c". 5831 ``=Sruleset'' will dump the contents of the indicated 5832 ruleset. 5833 ``=M'' will display the known mailers. 5834 ``-ddebug-spec'' is equivalent to the command-line 5835 -d debug flag. 5836 ``$m'' will print the value of macro $m. 5837 ``$=c'' will print the contents of class $=c. 5838 ``/mx host'' returns the MX records for ``host''. 5839 ``/parse address'' will parse address, returning the value of 5840 crackaddr (essentially, the comment information) 5841 and the parsed address. 5842 ``/try mailer address'' will rewrite address into the form 5843 it will have when presented to the indicated mailer. 5844 ``/tryflags flags'' will set flags used by parsing. The 5845 flags can be `H' for header or `E' for envelope, 5846 and `S' for sender or `R' for recipient. These 5847 can be combined, so `HR' sets flags for header 5848 recipients. 5849 ``/canon hostname'' will try to canonify hostname and 5850 return the result. 5851 ``/map mapname key'' will look up `key' in the indicated 5852 `mapname' and return the result. 5853 Somewhat better handling of UNIX-domain socket addresses -- it 5854 should show the pathname rather than hex bytes. 5855 Restore ``-ba'' mode -- this reads a file from stdin and parses 5856 the header for envelope sender information and uses 5857 CR-LF as message terminators. It was thought to be 5858 obsolete (used only for Arpanet NCP protocols), but it 5859 turns out that the UK ``Grey Book'' protocols require 5860 that functionality. 5861 Fix a fix in previous release -- if gethostname and gethostbyname 5862 return a name without dots, and if an attempt to canonify 5863 that name fails, wait one minute and try again. This can 5864 result in an extra 60 second delay on startup if your system 5865 hostname (as returned by hostname(1)) has no dot and no names 5866 listed in /etc/hosts or your NIS map have a dot. 5867 Check for proper domain name on HELO and EHLO commands per 5868 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III 5869 of Michigan Technological University. 5870 Relax chownsafe rules slightly -- old version said that if you 5871 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, 5872 if fpathconf returned EINVAL or ENOSYS), assume that 5873 chown is not safe. The new version falls back to whether 5874 you are on a BSD system or not. This is important for 5875 SunOS, which apparently always returns one of those 5876 error codes. This impacts whether you can mail to files 5877 or not. 5878 Syntax errors such as unbalanced parentheses in the configuration 5879 file could be omitted if you had "Oem" prior to the 5880 syntax error in the config file. Change to always print 5881 the error message. It was especially weird because it 5882 would cause a "warning" message to be sent to the Postmaster 5883 for every message sent (but with no transcript). Problem 5884 noted by Gregory Paris of Motorola. 5885 Rewrite collect and putbody to handle full 8-bit data, including 5886 zero bytes. These changes are internally extensive, but 5887 should have minimal impact on external function. 5888 Allow full words for option names -- if the option letter is 5889 (apparently) a space, then take the word following -- e.g., 5890 O MatchGECOS=TRUE 5891 The full list of old and new names is as follows: 5892 7 SevenBitInput 5893 8 EightBitMode 5894 A AliasFile 5895 a AliasWait 5896 B BlankSub 5897 b MinFreeBlocks/MaxMessageSize 5898 C CheckpointInterval 5899 c HoldExpensive 5900 D AutoRebuildAliases 5901 d DeliveryMode 5902 E ErrorHeader 5903 e ErrorMode 5904 f SaveFromLine 5905 F TempFileMode 5906 G MatchGECOS 5907 H HelpFile 5908 h MaxHopCount 5909 i IgnoreDots 5910 I ResolverOptions 5911 J ForwardPath 5912 j SendMimeErrors 5913 k ConnectionCacheSize 5914 K ConnectionCacheTimeout 5915 L LogLevel 5916 l UseErrorsTo 5917 m MeToo 5918 n CheckAliases 5919 O DaemonPortOptions 5920 o OldStyleHeaders 5921 P PostmasterCopy 5922 p PrivacyOptions 5923 Q QueueDirectory 5924 q QueueFactor 5925 R DontPruneRoutes 5926 r, T Timeout 5927 S StatusFile 5928 s SuperSafe 5929 t TimeZoneSpec 5930 u DefaultUser 5931 U UserDatabaseSpec 5932 V FallbackMXHost 5933 v Verbose 5934 w TryNullMXList 5935 x QueueLA 5936 X RefuseLA 5937 Y ForkEachJob 5938 y RecipientFactor 5939 z ClassFactor 5940 Z RetryFactor 5941 The old macros that passed information into sendmail have 5942 been changed to options; those correspondences are: 5943 $e SmtpGreetingMessage 5944 $l UnixFromLine 5945 $o OperatorChars 5946 $q (deleted -- not necessary) 5947 To avoid possible problems with an older sendmail, 5948 configuration level 6 is accepted by this version of 5949 sendmail; any config file using the new names should 5950 specify "V6" in the configuration. 5951 Change address parsing to properly note that a phrase before a 5952 colon and a trailing semicolon are essentially the same 5953 as text outside of angle brackets (i.e., sendmail should 5954 treat them as comments). This is to handle the 5955 ``group name: addr1, addr2, ..., addrN;'' syntax (it will 5956 assume that ``group name:'' is a comment on the first 5957 address and the ``;'' is a comment on the last address). 5958 This requires config file support to get right. It does 5959 understand that :: is NOT this syntax, and can be turned 5960 off completely by setting the ColonOkInAddresses option. 5961 Level 6 config files added with new mailer flags: 5962 A Addresses are aliasable. 5963 i Do udb rewriting on envelope as well as header 5964 sender lines. Applies to the from address mailer 5965 flags rather than the recipient mailer flags. 5966 j Do udb rewriting on header recipient addresses. 5967 Applies to the sender mailer flags rather than the 5968 recipient mailer flags. 5969 k Disable check for loops when doing HELO command. 5970 o Always run as the mail recipient, even on local 5971 delivery. 5972 w Check for an /etc/passwd entry for this user. 5973 5 Pass addresses through ruleset 5. 5974 : Check for :include: on this address. 5975 | Check for |program on this address. 5976 / Check for /file on this address. 5977 @ Look up sender header addresses in the user 5978 database. Applies to the mailer flags for the 5979 mailer corresponding to the envelope sender 5980 address, rather than to recipient mailer flags. 5981 Pre-level 6 configuration files set A, w, 5, :, |, /, and @ 5982 on the "local" mailer, the o flag on the "prog" and "*file*" 5983 mailers, and the ColonOkInAddresses option. 5984 Eight-to-seven bit MIME conversions. This borrows ideas from 5985 John Beck of Hewlett-Packard, who generously contributed 5986 their implementation to me, which I then didn't use (see 5987 mime.c for an explanation of why). This adds the 5988 EightBitMode option (a.k.a. `8') and an F=8 mailer flag 5989 to control handling of 8-bit data. These have to cope with 5990 two types of 8-bit data: unlabelled 8-bit data (that is, 5991 8-bit data that is entered without declaring it as 8-bit 5992 MIME -- technically this is illegal according to the 5993 specs) and labelled 8-bit data (that is, it was declared 5994 as 8BITMIME in the ESMTP session or by using the 5995 -B8BITMIME command line flag). If the F=8 mailer flag is 5996 set then 8-bit data is sent to non-8BITMIME machines 5997 instead of converting to 7 bit (essentially using 5998 just-send-8 semantics). The values for EightBitMode are: 5999 m convert unlabelled 8-bit input to 8BITMIME, and do 6000 any necessary conversion of 8BITMIME to 7BIT 6001 (essentially, the full MIME option). 6002 p pass unlabelled 8-bit input, but convert labelled 6003 8BITMIME input to 7BIT as required (default). 6004 s strict adherence: reject unlabelled 8-bit input, 6005 convert 8BITMIME to 7BIT as required. The F=8 6006 flag is ignored. 6007 Unlabelled 8-bit data is rejected in mode `s' regardless of 6008 the setting of F=8. 6009 Add new internal class 'n', which is the set of MIME Content-Types 6010 which can not be 8 to 7 bit encoded because of other 6011 considerations. Types "multipart/*" and "message/*" are 6012 never directly encoded (although their components can be). 6013 Add new internal class 's', which is the set of subtypes of the 6014 MIME message/* content type that can be treated as though 6015 they are an RFC822 message. It is predefined to have 6016 "rfc822". Suggested By Kari Hurtta. 6017 Add new internal class 'e'. This is the set of MIME 6018 Content-Transfer-Encodings that can be converted to 6019 a seven bit format (Quoted-Printable or Base64). It is 6020 preinitialized to contain "7bit", "8bit", and "binary". 6021 Add C=charset mailer parameter and the the DefaultCharSet option (no 6022 short name) to set the default character set to use in the 6023 Content-Type: header when doing encoding of an 8-bit message 6024 which isn't marked as MIME into MIME format. If the C= 6025 parameter is set on the Envelope From address, use that as 6026 the default encoding; else use the DefaultCharSet option. 6027 If neither is set, it defaults to "unknown-8bit" as 6028 suggested by RFC 1428 section 3. 6029 Allow ``U=user:group'' field in mailer definition to set a default 6030 user and group that a mailer will be executed as. This 6031 overrides the 'u' and 'g' options, and if the `F=S' flag is 6032 also set, it is the uid/gid that will always be used (that 6033 is, the controlling address is ignored). The values may be 6034 numeric or symbolic; if only a symbolic user is given (no 6035 group) that user's default group in the passwd file is used 6036 as the group. Based on code donated by Chip Rosenthal of 6037 Unicom. 6038 Allow `u' option to also accept user:group as a value, in the same 6039 fashion as the U= mailer option. 6040 Add the symbolic time zone name in the Arpanet format dates (as 6041 a comment). This adds a new compile-time configuration 6042 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value 6043 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value 6044 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char 6045 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use 6046 timezone()), or TZ_NONE (don't include the comment). Code 6047 from Chip Rosenthal. 6048 The "Timeout" option (formerly "r") is extended to allow suboptions. 6049 For example, 6050 O Timeout.helo = 2m 6051 There are also two new suboptions "queuereturn" and 6052 "queuewarn"; these subsume the old T option. Thus, to 6053 set them both the preferred new syntax is 6054 O Timeout.queuereturn = 5d 6055 O Timeout.queuewarn = 4h 6056 Sort queue by host name instead of by message priority if the 6057 QueueSortOrder option (no short name) is set is set to 6058 ``host''. This makes better use of the connection cache, 6059 but may delay more ``interactive'' messages behind large 6060 backlogs under some circumstances. This is probably a 6061 good option if you have high speed links or don't do lots 6062 of ``batch'' messages, but less good if you are using 6063 something like PPP on a 14.4 modem. Based on code 6064 contributed by Roy Mongiovi of Georgia Tech (my main 6065 contribution was to make it configurable). 6066 Save i-number of df file in qf file to simplify rebuilding of queue 6067 after disastrous disk crash. Suggested by Kyle Jones of 6068 UUNET; closely based on code from KJS DECWRL code written 6069 by Paul Vixie. NOTA BENE: The qf files produced by 8.7 6070 are NOT back compatible with 8.6 -- that is, you can convert 6071 from 8.6 to 8.7, but not the other direction. 6072 Add ``F=d'' mailer flag to disable all use of angle brackets in 6073 route-addrs in envelopes; this is because in some cases 6074 they can be sent to the shell, which interprets them as 6075 I/O redirection. 6076 Don't include error file (option E) with return-receipts; this 6077 can be confusing. 6078 Don't send "Warning: cannot send" messages to owner-* or 6079 *-request addresses. Suggested by Christophe Wolfhugel 6080 of the Institut Pasteur, Paris. 6081 Allow -O command line flag to set long form options. 6082 Add "MinQueueAge" option to set the minimum time between attempts 6083 to run the queue. For example, if the queue interval 6084 (-q value) is five minutes, but the minimum queue age 6085 is fifteen minutes, jobs won't be tried more often than 6086 once every fifteen minutes. This can be used to give 6087 you more responsiveness if your delivery mode is set to 6088 queue-only. 6089 Allow "fileopen" timeout (default: 60 seconds) for opening 6090 :include: and .forward files. 6091 Add "-k", "-v", and "-z" flags to map definitions; these set the 6092 key field name, the value field name, and the field 6093 delimiter. The field delimiter can be a single character 6094 or the sequence "\t" or "\n" for tab or newline. 6095 These are for use by NIS+ and similar access methods. 6096 Change maps to always strip quotes before lookups; the -q flag 6097 turns off this behavior. Suggested by Motonori Nakamura. 6098 Add "nisplus" map class. Takes -k and -v flags to choose the 6099 key and value field names respectively. Code donated by 6100 Sun Microsystems. 6101 Add "hesiod" map class. The "file name" is used as the 6102 "HesiodNameType" parameter to hes_resolve(3). Returns the 6103 first value found for the match. Code donated by Scott 6104 Hutton of Indiana University. 6105 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to 6106 specify the name of the property that is searched as the 6107 key and a -v flag to specify the name of the property that 6108 is returned as the value (defaults to "members"). The 6109 default map is "/aliases". Some code based on code 6110 contributed by Robert La Ferla of Hot Software. 6111 Add "text" map class. This does slow, linear searches through 6112 text files. The -z flag specifies a column delimiter 6113 (defaults to any sequence of white space), the -k flag 6114 sets the key column number, and the -v flag sets the 6115 value column number. Lines beginning with `#' are treated 6116 as comments. 6117 Add "program" map class to execute arbitrary programs. The search 6118 key is presented as the last argument; the output is one 6119 line read from the programs standard output. Exit statuses 6120 are from sysexits.h. 6121 Add "sequence" map class -- searches maps in sequence until it 6122 finds a match. For example, the declarations: 6123 Kmap1 ... 6124 Kmap2 ... 6125 Kmapseq sequence map1 map2 6126 defines a map "mapseq" that first searches map1; if the 6127 value is found it is returned immediately, otherwise 6128 map2 is searched and the value returned. 6129 Add "switch" map class. This is much like "sequence" except that 6130 the ordering is fetched from an external file, usually 6131 the system service switch. The parameter is the name of 6132 the service to switch on, and the maps that it will use 6133 are the name of the switch map followed by ".service_type". 6134 For example, if the declaration of the map is 6135 Ksample switch hosts 6136 and the system service switch specifies that hosts are 6137 looked up using dns and nis in that order, then this is 6138 equivalent to 6139 Ksample sequence sample.dns sample.nis 6140 The subordinate maps (sample.*) must already be defined. 6141 Add "user" map class -- looks up users using getpwnam. Takes a 6142 "-v field" flag on the definition that tells what passwd 6143 entry to return -- legal values are name, passwd, uid, gid, 6144 gecos, dir, and shell. Generally expected to be used with 6145 the -m (matchonly) flag. 6146 Add "bestmx" map class -- returns the best MX value for the host 6147 listed as the value. If there are several "best" MX records 6148 for this host, one will be chosen at random. 6149 Add "userdb" map class -- looks up entries in the user database. 6150 The "file name" is actually the tag that will be used, 6151 typically "mailname". If there are multiple entries 6152 matching the name, the one chosen is undefined. 6153 Add multiple queue timeouts (both return and warning). These are 6154 set by the Precedence: or Priority: header fields to one of 6155 three values. If a Priority: is set and has value "normal", 6156 "urgent", or "non-urgent" the corresponding timeouts are 6157 used. If no priority is set, the Precedence: is consulted; 6158 if negative, non-urgent timeouts are used; if greater than 6159 zero, urgent timeouts are used. Otherwise, normal timeouts 6160 are used. The timeouts are set by setting the six timeouts 6161 queue{warn,return}.{urgent,normal,non-urgent}. 6162 Fix problem when a mail address is resolved to a $#error mailer 6163 with a temporary failure indication; it works in SMTP, 6164 but when delivering locally the mail is silently discarded. 6165 This patch, from Kyle Jones of UUNET, bounces it instead 6166 of queueing it (queueing is very hard). 6167 When using /etc/hosts or NIS-style lookups, don't assume that 6168 the first name in the list is the best one -- instead, 6169 search for the first one with a dot. For example, if 6170 an /etc/hosts entry reads 6171 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU 6172 this change will use the second name as the canonical 6173 machine name instead of the initial, unqualified name. 6174 Change dequote map to replace spaces in quoted text with a value 6175 indicated by the -s flag on the dequote map definition. 6176 For example, ``Mdequote dequote -s_'' will change 6177 "Foo Bar" into an unquoted Foo_Bar instead of leaving it 6178 quoted (because of the space character). Suggested by Dan 6179 Oscarsson for use in X.400 addresses. 6180 Implement long macro names as ${name}; long class names can 6181 be similarly referenced as $={name} and $~{name}. 6182 Definitions are (e.g.) ``D{name}value''. Names that have 6183 a leading lower case letter or punctuation characters are 6184 reserved for internal use by sendmail; i.e., config files 6185 should use names that begin with a capital letter. Based 6186 on code contributed by Dan Oscarsson. 6187 Fix core dump if getgrgid returns a null group list (as opposed 6188 to an empty group list, that is, a pointer to a list 6189 with no members). Fix from Andrew Chang of Sun Microsystems. 6190 Fix possible core dump if malloc fails -- if the malloc in xalloc 6191 failed, it called syserr which called newstr which called 6192 xalloc.... The newstr is now avoided for "panic" messages. 6193 Reported by Stuart Kemp of James Cook University. 6194 Improve connection cache timeouts; previously, they were not even 6195 checked if you were delivering to anything other than an 6196 IPC-connected host, so a series of (say) local mail 6197 deliveries could cause cached connections to be open 6198 much longer than the specified timeout. 6199 If an incoming message exceeds the maximum message size, stop 6200 writing the incoming bytes to the queue data file, since 6201 this can fill your mqueue partition -- this is a possible 6202 denial-of-service attack. 6203 Don't reject all numeric local user names unless HESIOD is 6204 defined. It turns out that Posix allows all-numeric 6205 user names. Fix from Tony Sanders of BSDI. 6206 Add service switch support. If the local OS has a service 6207 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf 6208 on DEC systems) that will be used; otherwise, it falls back 6209 to using a local mechanism based on the ServiceSwitchFile 6210 option (default: /etc/service.switch). For example, if the 6211 service switch lists "files" and "nis" for the aliases 6212 service, that will be the default lookup order. the "files" 6213 ("local" on DEC) service type expands to any alias files 6214 you listed in the configuration file, even if they aren't 6215 actually file lookups. 6216 Option I (NameServerOptions) no longer sets the "UseNameServer" 6217 variable which tells whether or not DNS should be considered 6218 canonical. This is now determined based on whether or not 6219 "dns" is in the service list for "hosts". 6220 Add preliminary support for the ESMTP "DSN" extension (Delivery 6221 Status Notifications). DSN notifications override 6222 Return-Receipt-To: headers, which are bogus anyhow -- 6223 support for them has been removed. 6224 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer 6225 definitions to define the types used in DSN returns for 6226 MTA names, addresses, and diagnostics respectively. 6227 Extend heuristic to force running in ESMTP mode to look for the 6228 five-character string "ESMTP" anywhere in the 220 greeting 6229 message (not just the second line). This is to provide 6230 better compatibility with other ESMTP servers. 6231 Print sequence number of job when running the queue so you can 6232 easily see how much progress you have made. Suggested 6233 by Peter Wemm of DIALix. 6234 Map newlines to spaces in logged message-ids; some versions of 6235 syslog truncate the rest of the line after newlines. 6236 Suggested by Fletcher Mattox of U. Texas. 6237 Move up forking for job runs so that if a message is split into 6238 multiple envelopes you don't get "fork storms" -- this 6239 also improves the connection cache utilization. 6240 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 6241 the purposes of refusing to send error returns. Suggested 6242 by Motonori Nakamura of Ritsumeikan University. 6243 Relax rules on when a file can be written when referenced from 6244 the aliases file: use the default uid/gid instead of the 6245 real uid/gid. This allows you to create a file owned by 6246 and writable only by the default uid/gid that will work 6247 all the time (without having the set-user-ID bit set). Change 6248 suggested by Shau-Ping Lo and Andrew Cheng of Sun 6249 Microsystems. 6250 Add "DialDelay" option (no short name) to provide an "extra" 6251 delay for dial on demand systems. If this is non-zero 6252 and a connect fails, sendmail will wait this long and 6253 then try again. If it takes longer than the kernel 6254 timeout interval to establish the connection, this 6255 option can give the network software time to establish 6256 the link. The default units are seconds. 6257 Move logging of sender information to be as early as possible; 6258 previously, it could be delayed a while for SMTP mail 6259 sent to aliases. Suggested by Brad Knowles of the 6260 Defense Information Systems Agency. 6261 Call res_init() before setting RES_DEBUG; this is required by 6262 BIND 4.9.3, or so I'm told. From Douglas Anderson of 6263 the National Computer Security Center. 6264 Add xdelay= field in logs -- this is a transaction delay, telling 6265 you how long it took to deliver to this address on the 6266 last try. It is intended to be used for sorting mailing 6267 lists to favor "quick" addresses. Provided for use by 6268 the mailprio scripts (see below). 6269 If a map cannot be opened, and that map is non-optional, and 6270 an address requires that map for resolution, queue the 6271 map instead of bouncing it. This involves creating a 6272 pseudo-class of maps called "bogus-map" -- if a required 6273 map cannot be opened, the class is changed to bogus-map; 6274 all queries against bogus-map return "tempfail". The 6275 bogus-map class is not directly accessible. A sample 6276 implementation was donated by Jem Taylor of Glasgow 6277 University Computing Service. 6278 Fix a possible core dump when mailing to a program that talks 6279 SMTP on its standard input. Fix from Keith Moore of 6280 the University of Kentucky. 6281 Make it possible to resolve filenames to $#local $: @ /filename; 6282 previously, the "@" would cause it to not be recognized 6283 as a file. Problem noted by Brian Hill of U.C. Davis. 6284 Accept a -1 signal to re-exec the daemon. This only works if 6285 argv[0] is a full path to sendmail. 6286 Fix bug in "addr=..." field in O option on little-endian machines 6287 -- the network number wasn't being converted to network 6288 byte order. Patch from Kurt Lidl of Pix Technologies 6289 Corporation. 6290 Pre-initialize the resolver early on; this is to avoid a bug with 6291 BIND 4.9.3 that can cause the _res.retry field to get 6292 reset to zero, causing all name server lookups to time 6293 out. Fix from Matt Day of Artisoft. 6294 Restore T line (trusted users) in config file -- but instead of 6295 locking out the -f flag, they just tell whether or not 6296 an X-Authentication-Warning: will be added. This really 6297 just creates new entries in class 't', so "Ft/file/name" 6298 can be used to read trusted user names from a file. 6299 Trusted users are also allowed to execute programs even 6300 if they have a shell that isn't in /etc/shells. 6301 Improve NEWDB alias file rebuilding so it will create them 6302 properly if they do not already exist. This had been 6303 a MAYBENEXTRELEASE feature in 8.6.9. 6304 Check for @:@ entry in NIS maps before starting up to avoid 6305 (but not prevent, sigh) race conditions. This ought to 6306 be handled properly in ypserv, but isn't. Suggested by 6307 Michael Beirne of Motorola. 6308 Refuse connections if there isn't enough space on the filesystem 6309 holding the queue. Contributed by Robert Dana of Wolf 6310 Communications. 6311 Skip checking for directory permissions in the path to a file 6312 when checking for file permissions iff setreuid() 6313 succeeded -- it is unnecessary in that case. This avoids 6314 significant performance problems when looking for .forward 6315 files. Based on a suggestion by Win Bent of USC. 6316 Allow symbolic ruleset names. Syntax can be "Sname" to get an 6317 arbitrary ruleset number assigned or "Sname = integer" 6318 to assign a specific ruleset number. Reference is 6319 $>name_or_number. Names can be composed of alphas, digits, 6320 underscore, or hyphen (first character must be non-numeric). 6321 Allow -o flag on AliasFile lines to make the alias file optional. 6322 From Bryan Costales of ICSI. 6323 Add NoRecipientAction option to handle the case where there is 6324 no legal recipient header in the message. It can take 6325 on values: 6326 None Leave the message as is. The 6327 message will be passed on even 6328 though it is in technically 6329 illegal syntax. 6330 Add-To Add a To: header with any 6331 recipients that it can find from 6332 the envelope. This risks exposing 6333 Bcc: recipients. 6334 Add-Apparently-To Add an Apparently-To: header. This 6335 has almost no redeeming social value, 6336 and is provided only for back 6337 compatibility. 6338 Add-To-Undisclosed Add a header reading 6339 To: undisclosed-recipients:; 6340 which will have the effect of 6341 making the message legal without 6342 exposing Bcc: recipients. 6343 Add-Bcc To add an empty Bcc: header. 6344 There is a chance that mailers down 6345 the line will delete this header, 6346 which could cause exposure of Bcc: 6347 recipients. 6348 The default is NoRecipientAction=None. 6349 Truncate (rather than delete) Bcc: lines in the header. This 6350 should prevent later sendmails (at least, those that don't 6351 themselves delete Bcc:) from considering this message to 6352 be non-conforming -- although it does imply that non-blind 6353 recipients can see that a Bcc: was sent, albeit not to whom. 6354 Add SafeFileEnvironment option. If declared, files named as delivery 6355 targets must be regular files in addition to the regular 6356 checks. Also, if the option is non-null then it is used as 6357 the name of a directory that is used as a chroot(2) 6358 environment for the delivery; the file names listed in an 6359 alias or forward should include the name of this root. 6360 For example, if you run with 6361 O SafeFileEnvironment=/arch 6362 then aliases should reference "/arch/rest/of/path". If a 6363 value is given, sendmail also won't try to save to 6364 /usr/tmp/dead.letter (instead it just leaves the job in the 6365 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. 6366 Support -A flag for alias files; this will comma concatenate like 6367 entries. For example, given the aliases: 6368 list: member1 6369 list: member2 6370 and an alias file declared as: 6371 OAhash:-A /etc/aliases 6372 the final alias inserted will be "list: member1,member2"; 6373 without -A you will get an error on the second and subsequent 6374 alias for "list". Contributed by Bryan Costales of ICSI. 6375 Line-buffer transcript file. Suggested by Liudvikas Bukys. 6376 Fix a problem that could cause very long addresses to core dump in 6377 some special circumstances. Problem pointed out by Allan 6378 Johannesen. 6379 (Internal change.) Change interface to expand() (macro expansion) 6380 to be simpler and more consistent. 6381 Delete check for funny qf file names. This didn't really give 6382 any extra security and caused some people some problems. 6383 (If you -really- want this, define PICKY_QF_NAME_CHECK 6384 at compile time.) Suggested by Kyle Jones of UUNET. 6385 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and 6386 merge with DSN code; this is simpler and more consistent. 6387 This may affect some people who have written their own 6388 checkcompat() routine. 6389 (Internal change.) Eliminate `D' line in qf file. The df file 6390 is now assumed to be the same name as the qf file (with 6391 the `q' changed to a `d', of course). 6392 Avoid forking for delivery if all recipient mailers are marked as 6393 "expensive" -- this can be a major cost on some systems. 6394 Essentially, this forces sendmail into "queue only" mode 6395 if all it is going to do is queue anyway. 6396 Avoid sending a null message in some rather unusual circumstances 6397 (specifically, the RCPT command returns a temporary 6398 failure but the connection is lost before the DATA 6399 command). Fix from Scott Hammond of Secure Computing 6400 Corporation. 6401 Change makesendmail to use a somewhat more rational naming scheme: 6402 Makefiles and obj directories are named $os.$rel.$arch, 6403 where $os is the operating system (e.g., SunOS), $rel is 6404 the release number (e.g., 5.3), and $arch is the machine 6405 architecture (e.g., sun4). Any of these can be omitted, 6406 and anything after the first dot in a release number can 6407 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous 6408 version used $os.$arch.$rel and was rather less general. 6409 Change makesendmail to do a "make depend" in the target directory 6410 when it is being created. This involves adding an empty 6411 "depend:" entry in most Makefiles. 6412 Ignore IDENT return value if the OSTYPE field returns "OTHER", 6413 as indicated by RFC 1413. Pointed out by Kari Hurtta 6414 of the Finnish Meteorological Institute. 6415 Fix problem that could cause multiple responses to DATA command 6416 on header syntax errors (e.g., lines beginning with colons). 6417 Problem noted by Jens Thomassen of the University of Oslo. 6418 Don't let null bytes in headers cause truncation of the rest of 6419 the header. 6420 Log Authentication-Warning:s. Suggested by Motonori Nakamura. 6421 Increase timeouts on message data puts to allow time for receivers 6422 to canonify addresses in headers on the fly. This is still 6423 a rather ugly heuristic. From Motonori Nakamura. 6424 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX 6425 records are not used when canonifying names, and when MX 6426 lookups are done for addressing they must be fully 6427 qualified. This is useful if you have a wildcard MX record, 6428 although it may cause other problems. In general, don't use 6429 wildcard MX records. Patch from Motonori Nakamura. 6430 Eliminate default two-line SMTP greeting message. Instead of 6431 adding an extra "ESMTP spoken here" line, the word "ESMTP" 6432 is added between the first and second word of the first 6433 line of the greeting message (i.e., immediately after the 6434 host name). This eliminates the need for the BROKEN_SMTP_PEERS 6435 compile flag. Old sendmails won't see the ESMTP, but that's 6436 acceptable because SIZE was the only useful extension that 6437 old sendmails understand. 6438 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 6439 invoked state dumps. From Masaharu Onishi. 6440 Allow on-line comments in .forward and :include: files; they are 6441 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> 6442 is a space or a tab. This is intended for native 6443 representation of non-ASCII sets such as Japanese, where 6444 existing encodings would be unreadable or would lose 6445 data -- for example, 6446 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori 6447 (romanized/less information) 6448 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= 6449 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= 6450 (with MIME encoding, not human readable) 6451 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B 6452 (native encoding with ISO-2022-JP) 6453 The last form is human readable in the Japanese environment. 6454 Based on a fix from (surprise!) Motonori Nakamura. 6455 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all 6456 messages to that host; these are most frequently associated 6457 with addresses rather than the host, with the exception of 6458 421 (service shutting down). The effect was to cause queues 6459 to sometimes take an excessive time to flush. Reported by 6460 Robert Sargent of Southern Geographics Technologies and 6461 Eric Prestemon of American University. 6462 Add Nice=N mailer option to set the niceness at which a mailer will 6463 run. This is actually a relative niceness (that is, an 6464 increment on the background value). 6465 Log queue runs that are skipped due to high loads. They are logged 6466 at LOG_INFO priority iff the log level is > 8. Contributed 6467 by Bruce Nagel of Data General. 6468 Allow the error mailer to accept a DSN-style error status code 6469 instead of an sysexits status code in the host part. 6470 Anything with a dot will be interpreted as a DSN-style code. 6471 Add new mailer flag: F=3 will tell translations to Quoted-Printable 6472 to encode characters that might be munged by an EBCDIC system 6473 in addition to the set required by RFC 1521. The additional 6474 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. 6475 (Think of "IBM 360" as the mnemonic for this flag.) 6476 Change check for mailing to files to look for a pathname of [FILE] 6477 rather than looking for the mailer named *file*. The mapping 6478 of leading slashes still goes to the *file* mailer. This 6479 allows you to implement the *file* mailer as a separate 6480 program, for example, to insert a Content-Length: header 6481 or do special security policy. However, note that the usual 6482 initial checking for the file permissions is still done, and 6483 the program in question needs to be very careful about how 6484 it does the file write to avoid security problems. 6485 Be able to read ~root/.forward even if the path isn't accessible to 6486 regular users. This is disrecommended because sendmail 6487 sometimes does not run as root (e.g., when an unsafe option 6488 is specified on the command line), but should otherwise be 6489 safe because .forward files must be owned by the user for 6490 whom mail is being forwarded, and cannot be a symbolic link. 6491 Suggested by Forrest Aldrich of Wang Laboratories. 6492 Add new "HostsFile" option that is the pathname to the /etc/hosts 6493 file. This is used for canonifying hostnames when the 6494 service type is "files". 6495 Implement programs on F (read class from file) line. The syntax is 6496 Fc|/path/to/program to read the output from the program 6497 into class "c". 6498 Probe the network interfaces to find alternate names for this 6499 host. Requires the SIOCGIFCONF ioctl call. Code 6500 contributed by SunSoft. 6501 Add "E" configuration line to set or propagate environment 6502 variables into children. "E<envar>" will propagate 6503 the named variable from the environment when sendmail 6504 was invoked into any children it calls; "E<envar>=<value>" 6505 sets the named variable to the indicated value. Any 6506 variables not explicitly named will not be in the child 6507 environment. However, sendmail still forces an 6508 "AGENT=sendmail" environment variable, in part to enforce 6509 at least one environment variable, since many programs and 6510 libraries die horribly if this is not guaranteed. 6511 Change heuristic for rebuilding both NEWDB and NDBM versions of 6512 alias databases -- new algorithm looks for the substring 6513 "/yp/" in the file name. This is more portable and involves 6514 less overhead. Suggested by Motonori Nakamura. 6515 Dynamically allocate the queue work list so that you don't lose 6516 jobs in large queue runs. The old QUEUESIZE compile parameter 6517 is replaced by QUEUESEGSIZE (the unit of allocation, which 6518 should not need to be changed) and the MaxQueueRunSize option, 6519 which is the absolute maximum number of jobs that will ever 6520 be handled in a single queue run. Based on code contributed 6521 by Brian Coan of the Institute for Global Communications. 6522 Log message when a message is dropped because it exceeds the maximum 6523 message size. Suggested by Leo Bicknell of Virginia Tech. 6524 Allow trusted users (those on a T line or in $=t) to use -bs without 6525 an X-Authentication-Warning: added. Suggested by Mark Thomas 6526 of Mark G. Thomas Consulting. 6527 Announce state of compile flags on -d0.1 (-d0.10 throws in the 6528 OS-dependent defines). The old semantic of -d0.1 to not 6529 run the daemon in background has been moved to -d99.100, 6530 and the old 52.5 flag (to avoid disconnect() from closing 6531 all output files) has been moved to 52.100. This makes 6532 things more consistent (flags below .100 don't change 6533 semantics) and separates out the backgrounding so that 6534 it doesn't happen automatically on other unrelated debugging 6535 flags. 6536 If -t is used but no addresses are found in the header, give an 6537 error message rather than just doing nothing. Fix from 6538 Motonori Nakamura. 6539 On systems (like SunOS) where the effective gid is not necessarily 6540 included in the group list returned by getgroups(), the 6541 `restrictmailq' option could sometimes cause an authorized 6542 user to not be able to use `mailq'. Fix from Charles Hannum 6543 of MIT. 6544 Allow symbolic service names for [IPC] mailers. Suggested by 6545 Gerry Magennis of Logica International. 6546 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs 6547 when running DNS. For example, if the name FTP.Foo.ORG is 6548 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in 6549 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG" 6550 if this option is not set, or "FTP.Foo.ORG" if it is set. 6551 This is technically illegal under RFC 822 and 1123, but the 6552 IETF is moving toward legalizing it. Note that turning on 6553 this option is not sufficient to guarantee that a downstream 6554 neighbor won't rewrite the address for you. 6555 Add "-m" flag to makesendmail script -- this tells you what object 6556 directory and Makefile it will use, but doesn't actually do 6557 the make. 6558 Do some additional checking on the contents of the qf file to try 6559 to detect attacks against the qf file. In particular, 6560 abort on any line beginning "From ", and add an "end of 6561 file" line -- any data after that line is prohibited. 6562 Always use /etc/sendmail.cf, regardless of the arbitrary vendor 6563 choices. This can be overridden in the Makefile by using 6564 either -DUSE_VENDOR_CF_PATH to get the vendor location 6565 (to the extent that we know it) or by defining 6566 _PATH_SENDMAILCF (which is a "hard override"). This allows 6567 sendmail 8 to have more consistent installation instructions. 6568 Allow macros on `K' line in config file. Suggested by Andrew Chang 6569 of Sun Microsystems. 6570 Improved symbol table hash function from Eric Wassenaar. This one 6571 is at least 50% faster. 6572 Fix problem that didn't notice that timeout on file open was a 6573 transient error. Fix from Larry Parmelee of Cornell 6574 University. 6575 Allow comments (lines beginning with a `#') in files read for 6576 classes. Suggested by Motonori Nakamura. 6577 Make SIGINT (usually ^C) in test mode return to the prompt instead 6578 of dropping out entirely. This makes testing some of the 6579 name server lookups easier to deal with when there are 6580 hung servers. From Motonori Nakamura. 6581 Add new ${opMode} macro that is set to the current operation mode 6582 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by 6583 Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>. 6584 Add new delivery mode (Odd) that defers all map lookups to queue runs. 6585 Kind of like queue-only mode (Odq) except it tries to avoid 6586 any external service requests; for dial-on-demand hosts that 6587 want to minimize DNS lookups when mail is being queued. For 6588 this to work you will also have to make sure that gethostbyname 6589 of your local host name does not do a DNS lookup. 6590 Improved handling of "out of space" conditions from John Myers of 6591 Carnegie Mellon. 6592 Improved security for mailing to files on systems that have fchmod(2) 6593 support. 6594 Improve "cannot send message for N days" message -- now says "could 6595 not send for past N days". Suggested by Tom Moore of AT&T 6596 Global Information Solutions. 6597 Less misleading Subject: line on messages sent to postmaster only. 6598 From Motonori Nakamura. 6599 Avoid duplicate error messages on bad command line flags. From 6600 Motonori Nakamura. 6601 Better error message for case where ruleset 0 falls off the end 6602 or otherwise does not resolve to a canonical triple. 6603 Fix a problem that could cause multiple bounce messages if a bad 6604 address was sent along with a good address to an SMTP 6605 site where that SMTP site returned a 4yz code in response 6606 to the final dot of the data. Problem reported by David 6607 James of British Telecom. 6608 Add "volatile" declarations so that gcc -O2 will work. Patches 6609 from Alexander Dupuy of System Management ARTS. 6610 Delete duplicates in MX lists -- believe it or not, there are sites 6611 that list the same host twice in an MX list. This deletion 6612 only works on adjacent preferences, so an MX list that 6613 had A=5, B=10, A=15 would leave both As, but one that had 6614 A=5, A=10, B=15 would reduce to A, B. This is intentional, 6615 just in case there is something weird I haven't thought of. 6616 Suggested by Barry Shein of Software Tool & Die. 6617 SECURITY: .forward files cannot be symbolic links. If they are, 6618 a bad guy can read your private files. 6619 PORTABILITY FIXES: 6620 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. 6621 System V Release 4 from Motonori Nakamura of Ritsumeikan 6622 University. This expands the disk size 6623 checking to include all (?) SVR4 configurations. 6624 System V Release 4 from Kimmo Suominen -- initgroups(3) 6625 and setrlimit(2) are both available. 6626 System V Release 4 from sob@sculley.ffg.com -- some versions 6627 apparently "have EX_OK defined in other headerfiles." 6628 Linux Makefile typo. 6629 Linux getusershell(3) is broken in Slackware 2.0 -- 6630 from Andrew Pam of Xanadu Australia. 6631 More Linux tweaking from John Kennedy of California State 6632 University, Chico. 6633 Cray changes from Eric Wassenaar: ``On Cray, shorts, 6634 ints, and longs are all 64 bits, and all structs 6635 are multiples of 64 bits. This means that the 6636 sizeof operator returns only multiples of 8. 6637 This requires adaptation of code that really 6638 deals with 32 bit or 16 bit fields, such as IP 6639 addresses or nameserver fields.'' 6640 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To 6641 get the old behavior, use -DDGUX_5_4_2. 6642 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment 6643 variable to fix bogus /bin/mail behavior. 6644 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. 6645 This also cleans up some System V Release 4 compile 6646 problems. 6647 Solaris 2: sendmail.cw file should be in /etc/mail to 6648 match all the other configuration files. Fix 6649 from Glenn Barry of Emory University. 6650 Solaris 2.3: compile problem in conf.c. Fix from Alain 6651 Nissen of the University of Liege, Belgium. 6652 Ultrix: freespace calculation was incorrect. Fix from 6653 Takashi Kizu of Osaka University. 6654 SVR4: running in background gets a SIGTTOU because the 6655 emulation code doesn't realize that "getpeername" 6656 doesn't require reading the file. Fix from Peter 6657 Wemm of DIALix. 6658 Solaris 2.3: due to an apparent bug in the socket emulation 6659 library, sockets can get into a "wedged" state where 6660 they just return EPROTO; closing and re-opening the 6661 socket clears the problem. Fix from Bob Manson 6662 of Ohio State University. 6663 Hitachi 3050R & 3050RX running HI-UX/WE2: portability 6664 fixes from Akihiro Hashimoto ("Hash") of Chiba 6665 University. 6666 AIX changes to allow setproctitle to work from Rainer Sch�pf 6667 of Zentrum f�r Datenverarbeitung der Universit�t 6668 Mainz. 6669 AIX changes for load average from Ed Ravin of NASA/Goddard. 6670 SCO Unix from Chip Rosenthal of Unicom (code was using the 6671 wrong statfs call). 6672 ANSI C fixes from Adam Glass (NetBSD project). 6673 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers 6674 University. 6675 DG-UX fixes from Bruce Nagel of Data General. 6676 IRIX64 updates from Mark Levinson of the University of 6677 Rochester Medical Center. 6678 Altos System V (``the first UNIX/XENIX merge the Altos 6679 did for their Series 1000 & Series 2000 line; 6680 their merged code was licensed back to AT&T and 6681 Microsoft and became System V release 3.2'') from 6682 Tim Rice <timr@crl.com>. 6683 OSF/1 running on Intel Paragon from Jeff A. Earickson 6684 <jeff@ssd.intel.com> of Intel Scalable Systems 6685 Division. 6686 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson 6687 <janet@dialix.oz.au>. 6688 System V Release 4 (statvfs semantic fix) from Alain 6689 Durand of I.M.A.G. 6690 HP-UX 10.x multiprocessor load average changes from 6691 Scott Hutton and Jeff Sumler of Indiana University. 6692 Cray CSOS from Scott Bolte of Cray Computer Corporation. 6693 Unicos 8.0 from Douglas K. Rand of the University of North 6694 Dakota, Scientific Computing Center. 6695 Solaris 2.4 fixes from Sanjay Dani of Dani Communications. 6696 ConvexOS 11.0 from Christophe Wolfhugel. 6697 IRIX 4.0.5 from David Ashton-Reader of CADcentre. 6698 ISC UNIX from J. J. Bailey. 6699 HP-UX 9.xx on the 8xx series machines from Remy Giraud 6700 of Meteo France. 6701 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>. 6702 IRIX 5.2 and 5.3 from Kari E. Hurtta. 6703 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. 6704 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. 6705 Omron LUNA unios-b, mach from Motonori Nakamura. 6706 NEC EWS-UX/V 4.2 from Motonori Nakamura. 6707 NeXT 2.1 from Bryan Costales. 6708 AUX patch thanks to Mike Erwin of Apple Computer. 6709 HP-UX 10.0 from John Beck of Hewlett-Packard. 6710 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a 6711 non-DEC resolver. Suggested by Allan Johannesen. 6712 UnixWare 2.0 fixes from Petr Lampa of the Technical 6713 University of Brno (Czech Republic). 6714 KSR OS 1.2.2 support from Todd Miller of the University 6715 of Colorado. 6716 UX4800 support from Kazuhisa Shimizu of NEC. 6717 MAKEMAP: allow -d flag to allow insertion of duplicate aliases 6718 in type ``btree'' maps. The semantics of this are undefined 6719 for regular maps, but it can be useful for the user database. 6720 MAKEMAP: lock database file while rebuilding to avoid sendmail 6721 lookups while the rebuild is going on. There is a race 6722 condition between the open(... O_TRUNC ...) and the lock 6723 on the file, but it should be quite small. 6724 SMRSH: sendmail restricted shell added to the release. This can 6725 be used as an alternative to /bin/sh for the "prog" mailer, 6726 giving the local administrator more control over what 6727 programs can be run from sendmail. 6728 MAIL.LOCAL: add this local mailer to the tape. It is not really 6729 part of the release proper, and isn't fully supported; in 6730 particular, it does not run on System V based systems and 6731 never will. 6732 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon 6733 to allow rmail to compile on systems that don't have 6734 function prototypes and systems that don't have snprintf. 6735 CONTRIB: add the "mailprio" scripts that will help you sort mailing 6736 lists by transaction delay times so that addresses that 6737 respond quickly get sent first. This is to prevent very 6738 sluggish servers from delaying other peoples' mail. 6739 Contributed by Tony Sanders of BSDI. 6740 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders 6741 of BSDI. This has a lot of comments to help people out. 6742 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead, 6743 put this on the m4 command line. On GNU m4 (which 6744 supports the __file__ primitive) you can run m4 in an 6745 arbitrary directory -- use either: 6746 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 6747 or 6748 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf 6749 On other versions of m4 that don't support __file__, you 6750 can use: 6751 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ... 6752 (Note the trailing slash on the _CF_DIR_ definition.) 6753 Old versions of m4 will default to _CF_DIR_=.. for back 6754 compatibility. 6755 CONFIG: fix mail from <> so it will properly convert to 6756 MAILER-DAEMON on local addresses. 6757 CONFIG: fix code that was supposed to catch colons in host 6758 names. Problem noted by John Gardiner Myers of CMU. 6759 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. 6760 From Paul Riddle of the University of Maryland, Baltimore 6761 County. 6762 CONFIG: Catch and reject "." as a host address. 6763 CONFIG: Generalize domaintable to look up all domains, not 6764 just unqualified ones. 6765 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it 6766 was never used and didn't work anyway. 6767 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer 6768 and d on all mailers in the UUCP class. 6769 CONFIG: Allow "user+detail" to be aliased specially: it will first 6770 look for an alias for "user+detail", then for "user+*", and 6771 finally for "user". This is intended for forwarding mail 6772 for system aliases such as root and postmaster to a 6773 centralized hub. 6774 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). 6775 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. 6776 The F=8 flag is also set on the "relay" mailer, since 6777 this is expected to be another sendmail. 6778 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with 6779 the name of the UUCP_RELAY -- in some cases, this is the 6780 wrong value (e.g., when we have local UUCP connections), 6781 and this can create unreplyable addresses. From Chip 6782 Rosenthal of Unicom. 6783 CONFIG: add confRECEIVED_HEADER to change the format of the 6784 Received: header inserted into all messages. Suggested by 6785 Gary Mills of the University of Manitoba. 6786 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) 6787 to get the old behavior. I did this upon observing 6788 that almost everyone needed this feature, and that the 6789 concept I was trying to make happen didn't work with 6790 some user agents anyway. FEATURE(notsticky) still works, 6791 but it is a no-op. 6792 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user 6793 names are sent, rather than immediately diagnosing them 6794 as User Unknown. 6795 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, 6796 and RELAY_MAILER_ARGS to set the arguments for the 6797 indicated mailers. All default to "IPC $h". Patch from 6798 Larry Parmelee of Cornell University. 6799 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects 6800 on the client side" and F=P to get an appropriate 6801 return-path. From Kimmo Suominen. 6802 CONFIG: add FEATURE(local_procmail) to use the procmail program 6803 as the local mailer. For addresses of the form "user+detail" 6804 the "detail" part is passed to procmail via the -a flag. 6805 Contributed by Kimmo Suominen. 6806 CONFIG: add MAILER(procmail) to add an interface to procmail for 6807 use from mailertables. This lets you execute arbitrary 6808 procmail scripts. Contributed by Kimmo Suominen. 6809 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. 6810 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From 6811 Paul Southworth of CICNet Systems Support. 6812 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. 6813 This causes the null return path to be rewritten as 6814 MAILER-DAEMON; otherwise UUCP gets horribly confused. 6815 From Michael Hohmuth of Technische Universitat Dresden. 6816 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that 6817 list us as the best possible MX record to be treated as 6818 though they were local (essentially, assume that they 6819 are included in $=w). This can cause additional DNS 6820 traffic, but is easier to administer if this fits your 6821 local model. It does not work reliably if there are 6822 multiple hosts that share the best MX preference. 6823 Code contributed by John Oleynick of Rutgers. 6824 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted 6825 SHell) instead of /bin/sh as the program used for delivery 6826 to programs. If an argument is included, it is used as 6827 the path to smrsh; otherwise, /usr/local/etc/smrsh is 6828 assumed. 6829 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the 6830 size of messages to the local and procmail mailers 6831 respectively. Contributed by Brad Knowles of the Defense 6832 Information Systems Agency. 6833 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments 6834 (just like text outside of angle brackets) in order to 6835 properly deal with ``group: addr1, ... addrN;'' syntax. 6836 CONFIG: Require OSTYPE macro (the defaults really don't apply to 6837 any real systems any more) and tweak the DOMAIN macro 6838 so that it is less likely that users will accidentally use 6839 the Berkeley defaults. Also, create some generic files 6840 that really can be used in the real world. 6841 CONFIG: Add new configuration macros to set character sets for 6842 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, 6843 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. 6844 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. 6845 The old name will still be accepted for a while at least. 6846 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET 6847 mail (.DECNET pseudo-domain or node::user) will be sent. 6848 As with all relays, it can be ``mailer:hostname''. Suggested 6849 by Scott Hutton. 6850 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed 6851 by Barb Dijker of Labyrinth Computer Services. 6852 CONFIG: change confCHECK_ALIASES to default to False -- it has poor 6853 performance for large alias files, and this confused many 6854 people. 6855 CONFIG: Add confCF_VERSION to append local information to the 6856 configuration version number displayed during SMTP startup. 6857 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it 6858 would only work when locally addressed. Fix from 6859 Edvard Tuinder of Cistron Internet Services. 6860 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option 6861 "n" (CheckAliases) is set when rebuilding alias database. 6862 Based on code contributed by Claude Marinier. 6863 CONFIG: Allow mailertable to have values of the form 6864 ``error:code message''. The ``code'' is a status code 6865 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE. 6866 Contributed by David James <dwj@agw.bt.co.uk>. 6867 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of 6868 sender domains that will be replaced with the masquerade name. 6869 These domains will not be treated as local, but if mail passes 6870 through with sender addresses in those domains they will be 6871 replaced by the masquerade name. These can also be specified 6872 in a file using MASQUERADE_DOMAIN_FILE(filename). 6873 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope 6874 as well as the header. Substantial improvements to this 6875 code were contributed by Per Hedeland. 6876 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be 6877 accessed from a mailertable to do CCSO ph lookups. Contributed 6878 by Kimmo Suominen. 6879 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be 6880 used to define cyrus and cyrusbb mailers (for IMAP support). 6881 Contributed by John Gardiner Myers of Carnegie Mellon. 6882 CONFIG: add confUUCP_MAILER to select default mailer to use for 6883 UUCP addressing. Suggested by Tom Moore of AT&T GIS. 6884 NEW FILES: 6885 cf/cf/cs-hpux10.mc 6886 cf/cf/cs-solaris2.mc 6887 cf/cf/cyrusproto.mc 6888 cf/cf/generic-bsd4.4.mc 6889 cf/cf/generic-hpux10.mc 6890 cf/cf/generic-hpux9.mc 6891 cf/cf/generic-osf1.mc 6892 cf/cf/generic-solaris2.mc 6893 cf/cf/generic-sunos4.1.mc 6894 cf/cf/generic-ultrix4.mc 6895 cf/cf/huginn.cs.mc 6896 cf/domain/berkeley-only.m4 6897 cf/domain/generic.m4 6898 cf/feature/bestmx_is_local.m4 6899 cf/feature/local_procmail.m4 6900 cf/feature/masquerade_envelope.m4 6901 cf/feature/smrsh.m4 6902 cf/feature/stickyhost.m4 6903 cf/feature/use_ct_file.m4 6904 cf/m4/cfhead.m4 6905 cf/mailer/cyrus.m4 6906 cf/mailer/mail11.m4 6907 cf/mailer/phquery.m4 6908 cf/mailer/procmail.m4 6909 cf/ostype/amdahl-uts.m4 6910 cf/ostype/bsdi2.0.m4 6911 cf/ostype/hpux10.m4 6912 cf/ostype/irix5.m4 6913 cf/ostype/isc4.1.m4 6914 cf/ostype/ptx2.m4 6915 cf/ostype/unknown.m4 6916 contrib/bsdi.mc 6917 contrib/mailprio 6918 contrib/rmail.oldsys.patch 6919 mail.local/mail.local.0 6920 makemap/makemap.0 6921 smrsh/README 6922 smrsh/smrsh.0 6923 smrsh/smrsh.8 6924 smrsh/smrsh.c 6925 src/Makefiles/Makefile.CSOS 6926 src/Makefiles/Makefile.EWS-UX_V 6927 src/Makefiles/Makefile.HP-UX.10 6928 src/Makefiles/Makefile.IRIX.5.x 6929 src/Makefiles/Makefile.IRIX64 6930 src/Makefiles/Makefile.ISC 6931 src/Makefiles/Makefile.KSR 6932 src/Makefiles/Makefile.NEWS-OS.4.x 6933 src/Makefiles/Makefile.NEWS-OS.6.x 6934 src/Makefiles/Makefile.NEXTSTEP 6935 src/Makefiles/Makefile.NonStop-UX 6936 src/Makefiles/Makefile.Paragon 6937 src/Makefiles/Makefile.SCO.3.2v4.2 6938 src/Makefiles/Makefile.SunOS.5.3 6939 src/Makefiles/Makefile.SunOS.5.4 6940 src/Makefiles/Makefile.SunOS.5.5 6941 src/Makefiles/Makefile.UNIX_SV.4.x.i386 6942 src/Makefiles/Makefile.uts.systemV 6943 src/Makefiles/Makefile.UX4800 6944 src/aliases.0 6945 src/mailq.0 6946 src/mime.c 6947 src/newaliases.0 6948 src/sendmail.0 6949 test/t_seteuid.c 6950 RENAMED FILES: 6951 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc 6952 cf/cf/chez.mc => cf/cf/chez.cs.mc 6953 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc 6954 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc 6955 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc 6956 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc 6957 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc 6958 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc 6959 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 6960 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 6961 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 6962 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 6963 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 6964 cf/ostype/irix.m4 => cf/ostype/irix4.m4 6965 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 6966 src/Makefile.* => src/Makefiles/Makefile.* 6967 src/Makefile.AUX => src/Makefiles/Makefile.A-UX 6968 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS 6969 src/Makefile.DGUX => src/Makefiles/Makefile.dgux 6970 src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS 6971 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0 6972 OBSOLETED FILES: 6973 cf/cf/cogsci.mc 6974 cf/cf/cs-exposed.mc 6975 cf/cf/cs-hidden.mc 6976 cf/cf/hpux-cs-hidden.mc 6977 cf/cf/knecht.mc 6978 cf/cf/osf1-cs-hidden.mc 6979 cf/cf/sunos3.5-cs-exposed.mc 6980 cf/cf/sunos3.5-cs-hidden.mc 6981 cf/cf/sunos4.1-cs-hidden.mc 6982 cf/cf/ultrix4.1-cs-hidden.mc 6983 cf/domain/cs-hidden.m4 6984 contrib/rcpt-streaming 6985 src/Makefiles/Makefile.SunOS.5.x 6986 69878.6.13/8.6.12 1996/01/25 6988 SECURITY: In some cases it was still possible for an attacker to 6989 insert newlines into a queue file, thus allowing access to 6990 any user (except root). 6991 CONFIG: no changes -- it is not a bug that the configuration 6992 version number is unchanged. 6993 69948.6.12/8.6.12 1995/03/28 6995 Fix to IDENT code (it was getting the size of the reply buffer 6996 too small, so nothing was ever accepted). Fix from several 6997 people, including Allan Johannesen, Shane Castle of the 6998 Boulder County Information Services, and Jeff Smith of 6999 Warwick University (all arrived within a few hours of 7000 each other!). 7001 Fix a problem that could cause large jobs to run out of 7002 file descriptors on systems that use vfork() rather 7003 than fork(). 7004 70058.6.11/8.6.11 1995/03/08 7006 The ``possible attack'' message would be logged more often 7007 than necessary if you are using Pine as a user agent. 7008 The wrong host would be reported in the ``possible attack'' 7009 message when attempted from IDENT. 7010 In some cases the syslog buffer could be overflowed when 7011 reporting the ``possible attack'' message. This can 7012 cause denial of service attacks. Truncate the message 7013 to 80 characters to prevent this problem. 7014 When reading the IDENT response a loop is needed around the 7015 read from the network to ensure that you don't get 7016 partial lines. 7017 Password entries without any shell listed (that is, a null 7018 shell) wouldn't match as "ok". Problem noted by 7019 Rob McMahon. 7020 When running BIND 4.9.x a problem could occur because the 7021 _res.options field is initialized differently than it 7022 was historically -- this requires that sendmail call 7023 res_init before it tweaks any bits. 7024 Fix an incompatibility in openxscript() between the file open mode 7025 and the stdio mode passed to fdopen. This caused UnixWare 7026 2.0 to have conniptions. Fix from Martin Sohnius of 7027 Novell Labs Europe. 7028 Fix problem with static linking of local getopt routine when 7029 using GNU's ld command. Fix from John Kennedy of 7030 Cal State Chico. 7031 It was possible to turn off privacy flags. Problem noted by 7032 *Hobbit*. 7033 Be more paranoid about writing files. Suggestions by *Hobbit* 7034 and Liudvikas Bukys. 7035 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) 7036 from Spider Boardman. 7037 CONFIG: No changes (version number only, to keep it in sync 7038 with the binaries). 7039 70408.6.10/8.6.10 1995/02/10 7041 SECURITY: Diagnose bogus values to some command line flags that 7042 could allow trash to get into headers and qf files. 7043 Validate the name of the user returned by the IDENT protocol. 7044 Some systems that really dislike IDENT send intentionally 7045 bogus information. Problem pointed out by Michael Bushnell 7046 of the Free Software Foundation. Has some security 7047 implications. 7048 Fix a problem causing error messages about DNS problems when 7049 the host name contained a percent sign to act oddly 7050 because it was passed as a printf-style format string. 7051 In some cases this could cause core dumps. 7052 Avoid possible buffer overrun in returntosender() if error 7053 message is quite long. From Fletcher Mattox of the 7054 University of Texas. 7055 Fix a problem that would silently drop "too many hops" error 7056 messages if and only if you were sending to an alias. 7057 From Jon Giltner of the University of Colorado and 7058 Dan Harton of Oak Ridge National Laboratory. 7059 Fix a bug that caused core dumps on some systems if -d11.2 was 7060 set and e->e_message was null. Fix from Bruce Nagel of 7061 Data General. 7062 Fix problem that can still cause df files to be left around 7063 after "hop count exceeded" messages. Fix from Andrew 7064 Chang and Shau-Ping Lo of SunSoft. 7065 Fix a problem that can cause buffer overflows on very long 7066 user names (as might occur if you piped to a program 7067 with a lot of arguments). 7068 Avoid returning an error and re-queueing if the host signature 7069 is null; this can occur on addresses like ``user@.''. 7070 Problem noted by Wesley Craig and the University of 7071 Michigan. 7072 Avoid possible calls to malloc(0) if MCI caching is turned 7073 off. Bug fix from Pierre David of the Laboratoire 7074 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), 7075 Universite de Versailles - St Quentin, and Jacky 7076 Thibault. 7077 Make a local copy of the line being sent via senttolist() -- in 7078 some cases, buffers could get trashed by map lookups 7079 causing it to do unexpected things. This also simplifies 7080 some of the map code. 7081 CONFIG: No changes (version number only, to keep it in sync 7082 with the binaries). 7083 70848.6.9/8.6.9 1994/04/19 7085 Do all mail delivery completely disconnected from any terminal. 7086 This provides consistency with daemon delivery and 7087 may have some security implications. 7088 Make sure that malloc doesn't get called with zero size, 7089 since that fails on some systems. Reported by Ed 7090 Hill of the University of Iowa. 7091 Fix multi-line values for $e (SMTP greeting message). Reported 7092 by Mike O'Connor of Ford Motor Company. 7093 Avoid syserr if no NIS domain name is defined, but the map it 7094 is trying to open is optional. From Win Bent of USC. 7095 Changes for picky compilers from Ed Gould of Digital Equipment. 7096 Hesiod support for UDB from Todd Miller of the University of 7097 Colorado. Use "hesiod" as the service name in the U 7098 option. 7099 Fix a problem that failed to set the "authentic" host name (that 7100 is, the one derived from the socket info) if you called 7101 sendmail -bs from inetd. Based on code contributed by 7102 Todd Miller (this problem was also reported by Guy Helmer 7103 of Dakota State University). This also fixes a related 7104 problem reported by Liudvikas Bukys of the University of 7105 Rochester. 7106 Parameterize "nroff -h" in all the Makefiles so people with 7107 variant versions can use them easily. Suggested by 7108 Peter Collinson of Hillside Systems. 7109 SMTP "MAIL" commands with multiple ESMTP parameters required two 7110 spaces between parameters instead of one. Reported by 7111 Valdis Kletnieks of Virginia Tech. 7112 Reduce the number of system calls during message collection by 7113 using global timeouts around the collect() loop. This 7114 code was contributed by Eric Wassenaar. 7115 If the initial hostname name gathering results in a name 7116 without a dot (usually caused by NIS misconfiguration) 7117 and BIND is compiled in, directly access DNS to get 7118 the canonical name. This should make life easier for 7119 Solaris systems. If it still can't be resolved, and 7120 if the name server is listed as "required", try again 7121 in 30 seconds. If that also fails, exit immediately to 7122 avoid bogus "config error: mail loops back to myself" 7123 messages. 7124 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error 7125 message to explain how much space was available and 7126 sound a bit less threatening. Suggested by Stan Janet 7127 of the National Institute of Standards and Technology. 7128 If mail is delivered to an alias that has an owner, deliver any 7129 requested return-receipt immediately, and strip the 7130 Return-Receipt-To: header from the subsequent message. 7131 This prevents a certain class of denial of service 7132 attack, arguably gives more reasonable semantics, and 7133 moves things more towards what will probably become a 7134 network standard. Suggested by Christopher Davis of 7135 Kapor Enterprises. 7136 Add a "noreceipts" privacy flag to turn off all return receipts 7137 without recompiling. 7138 Avoid printing ESMTP parameters as part of the error message 7139 if there are errors during parsing. This change is 7140 purely cosmetic. 7141 Avoid sending out error messages during the collect phase of 7142 SMTP; there is an MVS mailer from UCLA that gets 7143 confused by this. Of course, I think it's their bug.... 7144 Check for the $j macro getting undefined, losing a dot, or getting 7145 lost from $=w in the daemon before accepting a connection; 7146 if it is, it dumps state, prints a LOG_ALERT message, 7147 and drops core for debugging. This is an attempt to 7148 track down a bug that I thought was long since gone. 7149 If you see this, please forward the log fragment to 7150 sendmail@sendmail.ORG. 7151 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off 7152 with -DOLD_NEWDB=0 on the command line. From Christophe 7153 Wolfhugel. 7154 Instead of trying to truncate the listen queue for the server 7155 SMTP port when the load average is too high, just close 7156 the port completely and reopen it later as needed. 7157 This ensures that the other end gets a quick "connection 7158 refused" response, and that the connection can be 7159 recovered later. In particular, some socket emulations 7160 seem to get confused if you tweak the listen queue 7161 size around and can never start listening to connections 7162 again. The down side is that someone could start up 7163 another daemon process in the interim, so you could 7164 have multiple daemons all not listening to connections; 7165 this could in turn cause the sendmail.pid file to be 7166 incorrect. A better approach might be to accept the 7167 connection and give a 421 code, but that could break 7168 other mailers in mysterious ways and have paging behavior 7169 implications. 7170 Fix a glitch in TCP-level debugging that caused flag 16.101 to 7171 set debugging on the wrong socket. From Eric Wassenaar. 7172 When creating a df* temporary file, be sure you truncate any 7173 existing data in the file -- otherwise system crashes 7174 and the like could result in extra data being sent. 7175 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the 7176 doc directory. This includes some additional 7177 information. 7178 CONFIG: change UUCP rules to never add $U! or $k! on the front 7179 of recipient envelope addresses. This should have been 7180 handled by the $&h trick, but broke if people were 7181 mixing domainized and UUCP addresses. They should 7182 probably have converted all the way over to uucp-uudom 7183 instead of uucp-{new,old}, but the failure mode was to 7184 loop the mail, which was bad news. 7185 Portability fixes: 7186 Newer BSDI systems (several people). 7187 Older BSDI systems from Christophe Wolfhugel. 7188 Intergraph CLIX, from Paul Southworth of CICNet. 7189 UnixWare, from Evan Champion. 7190 NetBSD from Adam Glass. 7191 Solaris from Quentin Campbell of the University of 7192 Newcastle upon Tyne. 7193 IRIX from Dean Cookson and Bill Driscoll of Mitre 7194 Corporation. 7195 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. 7196 SunOS (it has setsid() and setvbuf() calls) from 7197 Jonathan Kamens of OpenVision Technologies. 7198 HP-UX from Tor Lillqvist. 7199 New Files: 7200 src/Makefile.CLIX 7201 src/Makefile.NCR3000 7202 doc/changes/Makefile 7203 doc/changes/changes.me 7204 doc/changes/changes.ps 7205 72068.6.8/8.6.6 1994/03/21 7207 SECURITY: it was possible to read any file as root using the 7208 E (error message) option. Reported by Richard Jones; 7209 fixed by Michael Corrigan and Christophe Wolfhugel. 7210 72118.6.7/8.6.6 1994/03/14 7212 SECURITY: it was possible to get root access by using weird 7213 values to the -d flag. Thanks to Alain Durand of 7214 INRIA for forwarding me the notice from the bugtraq 7215 list. 7216 72178.6.6/8.6.6 1994/03/13 7218 SECURITY: the ability to give files away on System V-based 7219 systems proved dangerous -- don't run as the owner 7220 of a :include: file on a system that allows giveaways. 7221 Unfortunately, this also applies to determining a 7222 valid shell. 7223 IMPORTANT: Previous versions weren't expiring old connections 7224 in the connection cache for a long time under some 7225 circumstances. This could result in resource exhaustion, 7226 both at your end and at the other end. This checks the 7227 connections for timeouts much more frequently. From 7228 Doug Anderson of NCSC. 7229 Fix a glitch that snuck in that caused programs to be run as 7230 the sender instead of the recipient if the mail was 7231 from a local user to another local user. From 7232 Motonori Nakamura of Kyoto University. 7233 Fix "wildcard" on /etc/shells matching -- instead of looking 7234 for "*", look for "/SENDMAIL/ANY/SHELL/". From 7235 Bryan Costales of ICSI. 7236 Change the method used to declare the "statfs" availability; 7237 instead of HASSTATFS and/or HASUSTAT with a ton of 7238 tweaking in conf.c, there is a single #define called 7239 SFS_TYPE which takes on one of six values (SFS_NONE 7240 for no statfs availability, SFS_USTAT for the ustat(2) 7241 syscall, SFS_4ARGS for a four argument statfs(2) call, 7242 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument 7243 statfs(2) call with the declarations in <sys/vfs.h>, 7244 <sys/mount.h>, or <sys/statfs.h> respectively). 7245 Fix glitch in NetInfo support that could return garbage if 7246 there was no "/locations/sendmail" property. From 7247 David Meyer of the University of Virginia. 7248 Change HASFLOCK from defined/not-defined to a 0/1 definition 7249 to allow Linux to turn it off even though it is a 7250 BSD-like system. 7251 Allow setting of "ident" timeout to zero to turn off the ident 7252 protocol entirely. 7253 Make 7-bit stripping local to a connection (instead of to a 7254 mailer); this allows you to specify that SMTP is a 7255 7-bit channel, but revert to 8-bit should it advertise 7256 that it supports 8BITMIME. You still have to specify 7257 mailer flag 7 to get this stripping at all. 7258 Improve makesendmail script so it handles more cases automatically. 7259 Tighten up restrictions on taking ownership of :include: files 7260 to avoid problems on systems that allow you to give away 7261 files. 7262 Fix a problem that made it impossible to rebuild the alias 7263 file if it was on a read-only file system. From 7264 Harry Edmon of the University of Washington. 7265 Improve MX randomization function. From John Gardiner Myers 7266 of CMU. 7267 Fix a minor glitch causing a bogus message to be printed (used 7268 %s instead of %d in a printf string for the line number) 7269 when a bad queue file was read. From Harry Edmon. 7270 Allow $s to remain NULL on locally generated mail. I'm not 7271 sure this is necessary, but a lot of people have complained 7272 about it, and there is a legitimate question as to whether 7273 "localhost" is legal as an 822-style domain. 7274 Fix a problem with very short line lengths (mailer L= flag) in 7275 headers. This causes a leading space to be added onto 7276 continuation lines (including in the body!), and also 7277 tries to wrap headers containing addresses (From:, To:, 7278 etc) intelligently at the shorter line lengths. Problem 7279 Reported by Lars-Johan Liman of SUNET Operations Center. 7280 Log the real user name when logging syserrs, since these can have 7281 security implications. Suggested by several people. 7282 Fix address logging of cached connections -- it used to always 7283 log the numeric address as zero. This is a somewhat 7284 bogus implementation in that it does an extra system 7285 call, but it should be an inexpensive one. Fix from 7286 Motonori Nakamura. 7287 Tighten up handling of short syslog buffers even more -- there 7288 were cases where the outgoing relay= name was too long 7289 to share a line with delay= and mailer= logging. 7290 Limit the overhead on split envelopes to one open file descriptor 7291 per envelope -- previously the overhead was three 7292 descriptors. This was in response to a problem reported 7293 by P{r (Pell) Emanuelsson. 7294 Fixes to better handle the case of unexpected connection closes; 7295 this redirects the output to the transcript so the info 7296 is not lost. From Eric Wassenaar. 7297 Fix potential string overrun if you macro evaluate a string that 7298 has a naked $ at the end. Problem noted by James Matheson 7299 <jmrm@eng.cam.ac.uk>. 7300 Make default error number on $#error messages 553 (``Requested 7301 action not taken: mailbox name not allowed'') instead of 7302 501 (``Syntax error in parameters or arguments'') to 7303 avoid bogus "protocol error" messages. 7304 Strip off any existing trailing dot on names during $[ ... $] 7305 lookup. This prevents it from ending up with two dots 7306 on the end of dot terminated names. From Wesley Craig 7307 of the University of Michigan and Bryan Costales of ICSI. 7308 Clean up file class reading so that the debugging information is 7309 more informative. It hadn't been using setclass, so you 7310 didn't see the class items being added. 7311 Avoid core dump if you are running a version of sendmail where 7312 NIS is compiled in, and you specify an NIS map, but 7313 NIS is not running. Fix from John Oleynick of 7314 Rutgers. 7315 Diagnose bizarre case where res_search returns a failure value, 7316 but sets h_errno to a success value. 7317 Make sure that "too many hops" messages are considered important 7318 enough to send an error to the Postmaster (that is, the 7319 address specified in the P option). This fix should 7320 help problems that cause the df file to be left around 7321 sometimes -- unfortunately, I can't seem to reproduce 7322 the problem myself. 7323 Avoid core dump (null pointer reference) on EXPN command; this 7324 only occurred if your log level was set to 10 or higher 7325 and the target account was an alias or had a .forward file. 7326 Problem noted by Janne Himanka. 7327 Avoid "denial of service" attacks by someone who is flooding your 7328 SMTP port with bad commands by shutting the connection 7329 after 25 bad commands are issued. From Kyle Jones of 7330 UUNET. 7331 Fix core dump on error messages with very long "to" buffers; 7332 fmtmsg overflows the message buffer. Fixed by trimming 7333 the to address to 203 characters. Problem reported by 7334 John Oleynick. 7335 Fix configuration for HASFLOCK -- there were some spots where 7336 a #ifndef was incorrectly #ifdef. Pointed out by 7337 George Baltz of the University of Maryland. 7338 Fix a typo in savemail() that could cause the error message To: 7339 lists to be incorrect in some places. From Motonori 7340 Nakamura. 7341 Fix a glitch that can cause duplicate error messages on split 7342 envelopes where an address on one of the lists has a 7343 name server failure. Fix from Voradesh Yenbut of the 7344 University of Washington. 7345 Fix possible bogus pointer reference on ESMTP parameters that 7346 don't have an ``=value'' part. 7347 CNAME loops caused an error message to be generated, but also 7348 re-queued the message. Changed to just re-queue the 7349 message (it's really hard to just bounce it because 7350 of the weird way the name server works in the presence 7351 of CNAME loops). Problem noted by James M.R.Matheson 7352 of Cambridge University. 7353 Avoid giving ``warning: foo owned process doing -bs'' messages 7354 if they use ``MAIL FROM:<foo>'' where foo is their true 7355 user name. Suggested by Andreas Stolcke of ICSI. 7356 Change the NAMED_BIND compile flag to be a 0/1 flag so you can 7357 override it easily in the Makefile -- that is, you can 7358 turn it off using -DNAMED_BIND=0. 7359 If a gethostbyname(...) of an address with a trailing dot fails, 7360 try it without the trailing dot. This is because if 7361 you have a version of gethostbyname() that falls back 7362 to NIS or the /etc/hosts file it will fail to find 7363 perfectly reasonable names that just don't happen to 7364 be dot terminated in the hosts file. You don't want to 7365 strip the dot first though because we're trying to ensure 7366 that country names that match one of your subdomains get 7367 a chance. 7368 PRALIASES: fix bogus output on non-null-terminated strings. 7369 From Bill Gianopoulos of Raytheon. 7370 CONFIG: Avoid rewriting anything that matches $w to be $j. 7371 This was in code intended to only catch the self-literal 7372 address (that is, [1.2.3.4], where 1.2.3.4 is your 7373 IP address), but the code was broken. However, it will 7374 still do this if $M is defined; this is necessary to 7375 get client configurations to work (sigh). Note that this 7376 means that $M overrides :mailname entries in the user 7377 database! Problem noted by Paul Southworth. 7378 CONFIG: Fix definition of Solaris help file location. From 7379 Steve Cliffe <steve@gorgon.cs.uow.edu.au>. 7380 CONFIG: Fix bug that broke news.group.USENET mappings. 7381 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, 7382 and USENET_MAILER_MAX to tweak the maximum message 7383 size for various mailers. 7384 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] 7385 instead of assuming that it is "inews" for consistency 7386 with other mailers. From Michael Corrigan of UC San Diego. 7387 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, 7388 qualify the address in the SMTP envelope as user@{relay|hub} 7389 instead of user@$j. From Bill Wisner of The Well. 7390 CONFIG: Fix route-addr syntax in nullrelay configuration set. 7391 CONFIG: Don't turn off case mapping of user names in the local 7392 mailer for IRIX. This was different than most every other 7393 system. 7394 CONFIG: Avoid infinite loops on certainly list:; syntaxes in 7395 envelope. Noted by Thierry Besancon 7396 <besancon@excalibur.ens.fr>. 7397 CONFIG: Don't include -z by default on uux line -- most systems 7398 don't want it set by default. Pointed out by Philippe 7399 Michel of Thomson CSF. 7400 CONFIG: Fix some bugs with mailertables -- for example, if your 7401 host name was foo.bar.ray.com and you matched against 7402 ".ray.com", the old implementation bound %1 to "bar" 7403 instead of "foo.bar". Also, allow "." in the mailertable 7404 to match anything -- essentially, take over SMART_HOST. 7405 This also moves matching of explicit local host names 7406 before the mailertable so they don't have to be special 7407 cased in the mailertable data. Reported by Bill 7408 Gianopoulos of Raytheon; the fix for the %1 binding 7409 problem was contributed by Nicholas Comanos of the 7410 University of Sydney. 7411 CONFIG: Don't include "root" in class $=L (users to deliver 7412 locally, even if a hub or relay exists) by default. 7413 This is because of the known bug where definition of 7414 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore 7415 both and deliver into the local mailbox. 7416 CONFIG: Move up bitdomain and uudomain handling so that they 7417 are done before .UUCP class matching; uudomain was 7418 reported as ineffective before. This also frees up 7419 diversion 8 for future use. Problem reported by Kimmo 7420 Suominen. 7421 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) 7422 into host names. As pointed out by Jonathan Kamens, 7423 these are often used because either the forward or reverse 7424 mapping is broken; this translation makes it broken again. 7425 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo 7426 Suominen. 7427 Portability fixes: 7428 Unicos from David L. Kensiski of Sterling Software. 7429 DomainOS from Don Lewis of Silicon Systems. 7430 GNU m4 1.0.3 from Karst Koymans of Utrecht University. 7431 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. 7432 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. 7433 BSD/386 from Tony Sanders of BSDI. 7434 Apollo from Eric Wassenaar. 7435 DGUX from Doug Anderson. 7436 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. 7437 NEW FILES: 7438 src/Makefile.DomainOS 7439 src/Makefile.PTX 7440 src/Makefile.SunOS.5.1 7441 src/Makefile.SunOS.5.2 7442 src/Makefile.SunOS.5.x 7443 src/mailq.1 7444 cf/ostype/domainos.m4 7445 doc/op/Makefile 7446 doc/intro/Makefile 7447 doc/usenix/Makefile 7448 74498.6.5/8.6.5 1994/01/13 7450 Security fix: /.forward could be owned by anyone (the test 7451 to allow root to own any file was backwards). From 7452 Bob Campbell at U.C. Berkeley. 7453 Security fix: group ids were not completely set when programs 7454 were invoked. This caused programs to have group 7455 permissions they should not have had (usually group 7456 daemon instead of their own group). In particular, 7457 Perl scripts would refuse to run. 7458 Security: check to make sure files that are written are not 7459 symbolic links (at least under some circumstances). 7460 Although this does not respond to a specific known 7461 attack, it's just a good idea. Suggested by 7462 Christian Wettergren. 7463 Security fix: if a user had an NFS mounted home directory on 7464 a system with a restricted shell listed in their 7465 /etc/passwd entry, they could still execute any 7466 program by putting that in their .forward file. 7467 This fix prevents that by insisting that their shell 7468 appear in /etc/shells before allowing a .forward to 7469 execute a program or write a file. You can disable 7470 this by putting "*" in /etc/shells. It also won't 7471 permit world-writable :include: files to reference 7472 programs or files (there's no way to disable this). 7473 These behaviors are only one level deep -- for 7474 example, it is legal for a world-writable :include: 7475 file to reference an alias that writes a file, on 7476 the assumption that the alias file is well controlled. 7477 Security fix: root was not treated suspiciously enough when 7478 looking into subdirectories. This would potentially 7479 allow a cracker to examine files that were publicly 7480 readable but in a non-publicly searchable directory. 7481 Fix a problem that causes an error on QUIT on a cached 7482 connection to create problems on the current job. 7483 These are typically unrelated, so errors occur in 7484 the wrong place. 7485 Reset CurrentLA in sendall() -- this makes sendmail queue 7486 runs more responsive to load average, and fixes a 7487 problem that ignored the load average in locally 7488 generated mail. From Eric Wassenaar. 7489 Fix possible core dump on aliases with null LHS. From 7490 John Orthoefer of BB&N. 7491 Revert to using flock() whenever possible -- there are just 7492 too many bugs in fcntl() locking, particularly over 7493 NFS, that cause sendmail to fail in perverse ways. 7494 Fix a bug that causes the connection cache to get confused 7495 when sending error messages. This resulted in 7496 "unexpected close" messages. It should fix itself 7497 on the following queue run. Problem noted by 7498 Liudvikas Bukys of the University of Rochester. 7499 Include $k in $=k as documented in the Install & Op Guide. 7500 This seems odd, but it was documented.... From 7501 Michael Corrigan of UCSD. 7502 Fix problem that caused :include:s from alias files to be 7503 forced to be owned by root instead of daemon 7504 (actually DefUid). From Tim Irvin. 7505 Diagnose unrecognized I option values -- from Mortin Forssen 7506 of the Chalmers University of Technology. 7507 Make "error" mailer work consistently when there is no error 7508 code associated with it -- previously it returned OK 7509 even though there was a real problem. Now it assumes 7510 EX_UNAVAILABLE. 7511 Fix bug that caused the last header line of messages that had 7512 no body and which were terminated with EOF instead of 7513 "." to be discarded. Problem noted by Liudvikas Bukys. 7514 Fix core dump on SMTP mail to programs that failed -- it tried 7515 to go to a "next MX host" when none existed, causing 7516 a core dump. From der Mouse at McGill University. 7517 Change IDENTPROTO from a defined/not defined to a 0/1 switch; 7518 this makes it easier to turn it off (using 7519 -DIDENTPROTO=0 in the Makefile). From der Mouse. 7520 Fix YP_MASTER_NAME store to use the unupdated result of 7521 gethostname() (instead of myhostname(), which tries 7522 to fully qualify the name) to be consistent with 7523 SunOS. If your hostname is unqualified, this fixes 7524 transfers to slave servers. Bug noted by Keith 7525 McMillan of Ameritech Services, Inc. 7526 Fix Ultrix problem: gethostbyname() can return a very large 7527 (> 500) h_length field, which causes the sockaddr 7528 to be trashed. Use the size of the sockaddr instead. 7529 Fix from Bob Manson of Ohio State. 7530 Don't assume "-a." on host lookups if NAMED_BIND is not 7531 defined -- this confuses gethostbyname on hosts 7532 file lookups, which doesn't understand the trailing 7533 dot convention. 7534 Log SMTP server subprocesses that die with a signal instead 7535 of from a clean exit. 7536 If you don't have option "I" set, don't assume that a DNS 7537 "host unknown" message is authoritative -- it 7538 might still be found in /etc/hosts. 7539 Fix a problem that would cause Deferred: messages to be sent 7540 as the subject of an error message, even though the 7541 actual cause of a message was more severe than that. 7542 Problem noted by Chris Seabrook of OSSI. 7543 Fix race condition in DBM alias file locking. From Kyle 7544 Jones of UUNET. 7545 Limit delivery syslog line length to avoid bugs in some 7546 versions of syslog(3). This adds a new compile time 7547 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton 7548 University, which is in turn derived from IDA. 7549 Fix quotes inside of comments in addresses -- previously 7550 it insisted that they be balanced, but the 822 spec 7551 says that they should be ignored. 7552 Dump open file state to syslog upon receiving SIGUSR1 (for 7553 debugging). This also evaluates ruleset 89, if set 7554 (with the null input), and logs the result. This 7555 should be used sparingly, since the rewrite process 7556 is not reentrant. 7557 Change -qI, -qR, and -qS flags to be case-insensitive as 7558 documented in the Bat Book. 7559 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not 7560 return an error message and did not requeue the message. 7561 Fix based on code from Roland Dirlewanger of 7562 Reseau Regional Aquarel, Bordeaux, France. 7563 Fix a problem that caused a seg fault if you got a 421 error 7564 code during some parts of connection initialization. 7565 I've only seen this when talking to buggy mailers on 7566 the other end, but it shouldn't give a seg fault in 7567 any case. From Amir Plivatsky. 7568 Fix core dump caused by a ruleset call that returns null. 7569 Fix from Bryan Costales of ICSI. 7570 Full-Name: field was being ignored. Fix from Motonori Nakamura 7571 of Kyoto University. 7572 Fix a possible problem with very long input lines in setproctitle. 7573 From P{r Emanuelsson. 7574 Avoid putting "This is a warning message" out on return receipts. 7575 Suggested by Douglas Anderson. 7576 Detect loops caused by recursive ruleset calls. Suggested by 7577 Bryan Costales. 7578 Initialize non-alias maps during alias rebuilds -- they may be 7579 needed for parsing. Problem noted by Douglas Anderson. 7580 Log sender address even if no message was collected in SMTP 7581 (e.g., if all RCPTs failed). Suggested by Motonori 7582 Nakamura. 7583 Don't reflect the owner-list contents into the envelope sender 7584 address if the value contains ", :, /, or | (to avoid 7585 illegal addresses appearing there). 7586 Efficiency hack for toktype macro -- from Craig Partridge of 7587 BB&N. 7588 Clean up DNS error printing so that a host name is always 7589 included. 7590 Remember to set $i during queue runs. Reported by Stephen 7591 Campbell of Dartmouth University. 7592 If the environment variable HOSTALIASES is set, use it during 7593 canonification as the name of a file with per-user host 7594 translations so that headers are properly mapped. Reported 7595 by Anne Bennett of Concordia University. 7596 Avoid printing misleading error message if SMTP mailer (not 7597 using [IPC]) should die on a core dump. 7598 Avoid incorrect diagnosis of "file 1 closed" when it is caused 7599 by the other end closing the connection. From 7600 Dave Morrison of Oracle. 7601 Improve several of the error messages printed by "mailq" 7602 to include a host name or other useful information. 7603 Add NetInfo preliminary support for NeXT systems. From Vince 7604 DeMarco. 7605 Fix a glitch that sometimes caused :include:s that pointed to 7606 NFS filesystems that were down to give an "aliasing/ 7607 forwarding loop broken" message instead of queueing 7608 the message for retry. Noted by William C Fenner of 7609 the NRL Connection Machine Facility. 7610 Fix a problem that could cause a core dump if the input sequence 7611 had (or somehow acquired) a \231 character. 7612 Make sure that route-addrs always have <angle brackets> around 7613 them in non-SMTP envelopes (SMTP envelopes already do 7614 this properly). 7615 Avoid weird headers on unbalanced punctuation of the form: 7616 ``Joe User <user)'' -- this caused reference to the 7617 null macro. Fix from Rick McCarty of IO.COM. 7618 Fix a problem that caused an alias "user: user@local.host" to 7619 not have the QNOTREMOTE bit set; this caused configs 7620 to act as if FEATURE(notsticky) was defined even when 7621 it was not. The effect of the problem was to make it 7622 very hard to to set up satellite sites that had a few 7623 local accounts, with everything else forwarded to a 7624 corporate hub. Reported by Detlef Drewanz of the 7625 University of Rostock and Mark Frost of NCD. 7626 Change queuing to not call rulesets 3, {1 or 2}, 4 on header 7627 addresses. This is more efficient (fewer name server 7628 calls) and fixes certain unusual configurations, such 7629 as those that have ruleset 4 do something that is 7630 non-idempotent unless a mailer-specific ruleset did 7631 something else. Problem reported by Brian J. Coan 7632 of the Institute for Global Communications. 7633 Fix the "obsolete argument" routine in main to better understand 7634 new arguments. For example, if you used ``sendmail 7635 -C config -v -q'' it would choke on the -q because 7636 the -C would stop looking for old-format arguments. 7637 Fix the code that was intended to allow two users to forward their 7638 mail to the same program and have them appear unique. 7639 Portability fixes for: 7640 SCO UNIX from Murray Kucherawy. 7641 SCO Open Server 3.2v4 from Philippe Brand. 7642 System V Release 4 from Rick Ellis and others. 7643 OSF/1 from Steve Campbell. 7644 DG/UX from Ben Mesander of the USGS and Bryan Curnutt 7645 of Stoner Associates. 7646 Motorola SysV88 from Kevin Johnson of Motorola. 7647 Solaris 2.3 from Casper H.S. Dik of the University 7648 of Amsterdam and John Caruso of University 7649 of Maryland. 7650 FreeBSD from Ollivier Robert. 7651 NetBSD from Adam Glass. 7652 TitanOS from Kate Hedstrom of Rutgers University. 7653 Irix from Bryan Curnutt. 7654 Dynix from Jim Davis of the University of Arizona. 7655 RISC/os. 7656 Linux from John Kennedy of California State University 7657 at Chico. 7658 Solaris 2.x from Tony Boner of the U.S. Air Force. 7659 NEXTSTEP 3.x from Vince DeMarco. 7660 HP-UX from various people. NOTA BENE: the location 7661 of the config file has moved to /usr/lib 7662 to match the HP-UX version of sendmail. 7663 CONFIG: Don't do any recipient rewriting on relay mailer; 7664 since this is intended only for internal use, the 7665 usual RFC 821/822/1123 rules can be relaxed. The 7666 main point of this is to avoid munging (ugh) UUCP 7667 addresses when relaying internally. 7668 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; 7669 syntax addresses delivered via UUCP. Solution 7670 provided by Peter Wemm. 7671 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset 7672 zero; it caused double @ signs in addresses. From 7673 Irving Reid of the University of Toronto. 7674 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 7675 from Markku Toijala of ICL Personal Systems Oy. 7676 CONFIG: Add trailing "." on pseudo-domains for consistency; 7677 this fixes a problem (noted by Al Whaley of Sunnyside) 7678 that made it hard to recognize your own pseudodomain 7679 names. 7680 CONFIG: catch "@host" syntax errors (i.e., null local-parts) 7681 rather than letting them get "local configuration 7682 error"s. Problem noted by John Gardiner Myers. 7683 CONFIG: add uucp-uudom mailer variant, based on code posted 7684 by Spider Boardman <spider@Orb.Nashua.NH.US>; this 7685 has uucp-dom semantics but old UUCP syntax. This 7686 also permits "uucp-old" as an alias for "uucp" and 7687 "uucp-new" as a synonym for "suucp" for consistency. 7688 CONFIG: add POP mailer support (from Kimmo Suominen 7689 <kim@grendel.lut.fi>). 7690 CONFIG: drop CSNET_RELAY support -- CSNET is long gone. 7691 CONFIG: fix bug caused with domain literal addresses (e.g., 7692 ``[128.32.131.12]'') when FEATURE(allmasquerade) 7693 was set; it would get an additional @masquerade.host 7694 added to the address. Problem noted by Peter Wan 7695 of Georgia Tech. 7696 CONFIG: make sure that the local UUCP name is in $=w. From 7697 Jim Murray of Stratus. 7698 CONFIG: changes to UUCP rewriting to simulate IDA-style "V" 7699 mailer flag. Briefly, if you are sending to host 7700 "foo", then it rewrites "foo!...!baz" to "...!baz", 7701 "foo!baz" remains "foo!baz", and anything else has 7702 the local name prepended. 7703 CONFIG: portability fixes for HP-UX. 7704 DOC: several minor problems fixed in the Install & Op Guide. 7705 MAKEMAP: fix core dump problem on lines that are too long or 7706 which lack newline. From Mark Delany. 7707 MAILSTATS: print sums of columns (total messages & kbytes 7708 in and out of the system). From Tom Ferrin of UC 7709 San Francisco Computer Graphics Lab. 7710 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: 7711 On HP-UX, /etc/sendmail.cf has been moved to 7712 /usr/lib/sendmail.cf to match HP sendmail. 7713 Permissions have been tightened up on world-writable 7714 :include: files and accounts that have shells 7715 that are not listed in /etc/shells. This may 7716 cause some .forward files that have worked 7717 before to start failing. 7718 SIGUSR1 dumps some state to the log. 7719 NEW FILES: 7720 src/Makefile.DGUX 7721 src/Makefile.Dynix 7722 src/Makefile.FreeBSD 7723 src/Makefile.Mach386 7724 src/Makefile.NetBSD 7725 src/Makefile.RISCos 7726 src/Makefile.SCO 7727 src/Makefile.SVR4 7728 src/Makefile.Titan 7729 cf/mailer/pop.m4 7730 cf/ostype/bsdi1.0.m4 7731 cf/ostype/dgux.m4 7732 cf/ostype/dynix3.2.m4 7733 cf/ostype/sco3.2.m4 7734 makemap/Makefile.dist 7735 praliases/Makefile.dist 7736 77378.6.4/8.6.4 1993/10/31 7738 Repair core-dump problem (write to read-only memory segment) 7739 if you fall back to the return-to-Postmaster case in 7740 savemail. Problem reported by Richard Liu. 7741 Immediately diagnose bogus sender addresses in SMTP. This 7742 makes quite certain that crackers can't use this 7743 class of attack. 7744 Reliability Fix: check return value from fclose() and fsync() 7745 in a few critical places. 7746 Minor problem in initsys() that reversed a condition for 7747 redirecting the output channel on queue runs. It's 7748 not clear this code even does anything. From Eric 7749 Wassenaar of the Dutch National Institute for Nuclear 7750 and High-Energy Physics. 7751 Fix some problems that caused queue runs to do "too much work", 7752 such as double-reading the Errors-To: header. From 7753 Eric Wassenaar. 7754 Error messages on writing the temporary file (including the 7755 data file) were getting suppressed in SMTP -- this 7756 fix causes them to be properly reported. From Eric 7757 Wassenaar. 7758 Some changes to support AF_UNIX sockets -- this will only 7759 really become relevant in the next release, but some 7760 people need it for local patches. From Michael 7761 Corrigan of UC San Diego. 7762 Use dynamically allocated memory (instead of static buffers) 7763 for macros defined in initsys() and settime(); since 7764 these can have different values depending on which 7765 envelope they are in. From Eric Wassenaar. 7766 Improve logging to show ctladdr on to= logging; this tells you 7767 what uid/gid processes ran as. 7768 Fix a problem that caused error messages to be discarded if 7769 the sender address was unparseable for some reason; 7770 this was supposed to fall back to the "return to 7771 postmaster" case. 7772 Improve aliaswait backoff algorithm. 7773 Portability patches for Linux (8.6.3 required another header 7774 file) (from Karl London) and SCO UNIX. 7775 CONFIG: patch prog mailer to not strip host name off of envelope 7776 addresses (so that it matches local again). From 7777 Christopher Davis. 7778 CONFIG: change uucp-dom mailer so that "<>" translates to $n; 7779 this prevents uux from seeing lines with null names like 7780 ``From Sat Oct 30 14:55:31 1993''. From Motonori 7781 Nakamura of Kyoto University. 7782 CONFIG: handle <list:;> syntax correctly. This isn't legal, but 7783 it shouldn't fail miserably. From Motonori Nakamura. 7784 77858.6.2/8.6.2 1993/10/15 7786 Put a "successful delivery" message in the transcript for 7787 addresses that get return-receipts. 7788 Put a prominent "this is only a warning" message in warning 7789 messages -- some people don't read carefully enough 7790 and end up sending the message several times. 7791 Include reason for temporary failure in the "warning" return 7792 message. Currently, it just says "cannot send for 7793 four hours". 7794 Fix the "Original message received" time generated for 7795 returntosender messages. It was previously listed as 7796 the current time. Bug reported by Eric Hagberg of 7797 Cornell University Medical College. 7798 If there is an error when writing the body of a message, 7799 don't send the trailing dot and wait for a response 7800 in sender SMTP, as this could cause the connection to 7801 hang up under some bizarre circumstances. From Eric 7802 Wassenaar. 7803 Fix some server SMTP synchronization problems caused when 7804 connections fail during message collection. From 7805 Eric Wassenaar. 7806 Fix a problem that can cause srvrsmtp to reject mail if the 7807 name server is down -- it accepts the RCPT but rejects 7808 the DATA command. Problem reported by Jim Murray of 7809 Stratus. 7810 Fix a problem that can cause core dumps if the config file 7811 incorrectly resolves to a null hostname. Reported by 7812 Allan Johannesen of WPI. 7813 Non-root use of -C flag, dangerous -f flags, and use of -oQ 7814 by non-root users were not put into 7815 X-Authentication-Warning:s as intended because the 7816 config file hadn't set the PrivacyOptions yet. Fix 7817 from Sven-Ove Westberg of the University of Lulea. 7818 Under very odd circumstances, the alias file rebuild code 7819 could get confused as to whether a database was 7820 open or not. 7821 Check "vendor code" on the end of V lines -- this is 7822 intended to provide a hook for vendor-specific 7823 configuration syntax. (This is a "new feature", 7824 but I've made an exception to my rule in a belief 7825 that this is a highly exceptional case.) 7826 Portability fixes for DG/UX (from Douglas Anderson of NCSC), 7827 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 7828 (from Jon Forrest of UC Berkeley) 7829 CONFIG: fix ``mailer:host'' form of UUCP relay naming. 7830 78318.6.1/8.6 1993/10/08 7832 Portability fixes for A/UX and Encore UMAX V. 7833 Fix error message handling -- if you had a name server down 7834 causing an error during parsing, that message was never 7835 propagated to the queue file. 7836 78378.6/8.6 1993/10/05 7838 Configuration cleanup: make it easier to undo IDENTPROTO in 7839 conf.h (other systems have the same bug). 7840 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume 7841 getdtablesize() instead of sysconf(); a disturbingly 7842 large number of systems defined _SC_OPEN_MAX in the 7843 header files but don't have the syscall. 7844 Another patch to really truly ignore MX records in getcanonname 7845 if trymx == FALSE. 7846 Fix problem that caused the "250 IAA25499 Message accepted for 7847 delivery" message to be omitted if there was an error 7848 in the header of the message (e.g., a bad Errors-To: 7849 line). Pointed out by Michael Corrigan of UCSD. 7850 Announce name of host we are chatting when we get errors; this 7851 is an IDA-ism suggested by Christophe Wolfhugel. 7852 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the 7853 Australian Artificial Intelligence Institute), SCO Unix 7854 (from Murray Kucherawy of Hookup Communication Corp.), 7855 NeXT (from Vince DeMarco and myself), Linux (from 7856 Karl London <karl@borg.demon.co.uk>), BSDI (from 7857 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo 7858 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. 7859 Some changes to get around gcc optimizer bugs. From Takahiro 7860 Kanbe. 7861 Fix error recovery in queueup if another tf file of the same 7862 name already exists. Problem stumbled over by Bill 7863 Wisner of The Well. 7864 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. 7865 Problem noted by Keith McMillan of Ameritech Services. 7866 Deal with group permissions properly when opening .forward and 7867 :include: files. This relaxes the 8.1C restrictions 7868 slightly more. This includes proper setting of groups 7869 when reading :include: files, allowing you to read some 7870 files that you should be able to read but have previously 7871 been denied unless you owned them or they had "other" 7872 read permission. 7873 Make certain that $j is in $=w (after the .cf is read) so that 7874 if the user is forced to override some silly system, 7875 MX suppression will still work. 7876 Fix a couple of efficiency problems where newstr was double- 7877 calling expensive routines. In at least one case, it 7878 wasn't guaranteed that they would always return the 7879 same result. Problem noted by Christophe Wolfhugel. 7880 Fix null pointer dereference in putoutmsg -- only on an error 7881 condition from a non-SMTP mailer. From Motonori 7882 Nakamura. 7883 Macro expand "C" line class definitions before scanning so that 7884 "CX $Z" works. 7885 Fix problem that caused error message to be sent while still 7886 trying to send the original message if the connection 7887 is closed during a DATA command after getting an error 7888 on an RCPT command (pretty obscure). Problem reported 7889 by John Myers of CMU. 7890 Fix reply to NOOP to be 250 instead of 200 -- this is a long 7891 term bug. 7892 Fix a nasty bug causing core dumps when returning the "warning: 7893 cannot deliver for N hours -- will keep trying" message; 7894 it only occurred if you had PostmasterCopy set and 7895 only on some architectures. Although sendmail would 7896 keep trying, it would send error messages on each 7897 queue interval. This is an important fix. 7898 Allow u and g options to take user and group names respectively. 7899 Don't do a chdir into the queue directory in -bt mode to make 7900 ruleset testing a bit easier. 7901 Don't allow users to turn off logging (using -oL) on the command 7902 line -- command line can only raise, not lower, logging 7903 level. 7904 Set $u to the original recipient on the SMTP transaction or on 7905 the command line. This is only done if there is exactly 7906 one recipient. Technically, this does not meet the 7907 specs, because it does not guarantee a domain on the 7908 address. 7909 Fix a problem that dumped error messages on bad addresses if 7910 you used the -t flag. Problem noted by Josh Smith of 7911 Harvey Mudd College. 7912 Given an address such as ``<foo> <bar>'', auto-quote the first 7913 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to 7914 avoid the problem of people who use angle brackets in 7915 their full name information. 7916 Fix a null pointer dereference if you set option "l", have 7917 an Errors-To: header in the message, and have Errors-To: 7918 defined in the config file H lines. From J.R. Oldroyd. 7919 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get 7920 wrong when compiling. Suggested by Rick McCarty of TI. 7921 Fix a problem that could pass negative SIZE parameter if the 7922 df file got lost; this would cause servers to always 7923 give a temporary failure, making the problem even worse. 7924 Problem noted by Allan Johannesen of WPI. 7925 Add "ident" timeout (one of the "r" option selectors) for IDENT 7926 protocol timeouts (30s default). Requested by Murray 7927 Kucherawy of HookUp Communication Corp. to handle bogus 7928 PC TCP/IP implementations. 7929 Change $w default definition to be just the first component of 7930 the domain name on config level 5. The $j macro defaults 7931 to the FQDN; $m remains as before. This lets well-behaved 7932 config files use any of the short, long, or subdomain 7933 names. 7934 Add makesendmail script in src to try to automate multi-architecture 7935 builds. I know, this is sub-optimal, but it is still 7936 helpful. 7937 Fix very obscure race condition that can cause a queue run to 7938 get a queue file for an already completed job. This 7939 problem has existed for years. Problem noted by the 7940 long suffering Allan Johannesen of WPI. 7941 Fix a problem that caused the raw sender name to be passed to 7942 udbsender instead of the canonified name -- this caused 7943 it to sometimes miss records that it should have found. 7944 Relax check of name on HELO packet so that a program using -bs 7945 that claims to be itself works properly. 7946 Restore rewriting of $: part of address through 2, R, 4 in 7947 buildaddr -- this requires passing a lot of flags to get 7948 it right. Unlike old versions, this ONLY rewrites 7949 recipient addresses, not sender addresses. 7950 Fix a bug that caused core dumps in config files that cannot 7951 resolve /file/name style addresses. Fix from Jonathan 7952 Kamens of OpenVision Technologies. 7953 Fix problem with fcntl locking that can cause error returns to 7954 be lost if the lock is lost; this required fully 7955 queueing everything, dropping the envelope (so errors 7956 would get returned), and then re-reading the queue from 7957 scratch. 7958 Fix a problem that caused aliases that redefine an otherwise 7959 true address to still send to the original address 7960 if and only if the alias failed in certain bizarre 7961 ways (e.g, if they pointed at a list:; syntax address). 7962 Problem pointed out by Jonathan Kamens. 7963 Remove support for frozen configuration files. They caused 7964 more trouble than it was worth. 7965 Fix problem that can cause error messages to get ignored when 7966 using both -odb and -t flags. Problem noted by Rob 7967 McNicholas at U.C. Berkeley. 7968 Include all "normal" variations on hostname in $=w. For example, 7969 if the host name is vangogh.cs.berkeley.edu, $=w will 7970 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. 7971 Add "restrictqrun" privacy flag -- without this, anyone can run 7972 the queue. 7973 Reset SmtpPhase global on initial connection creation so that 7974 messages don't come out with stale information. 7975 Pass an "ext" argument to lockfile so that error/log messages 7976 will properly reflect the true filename being locked. 7977 Put all [...] address forms into $=w -- this eliminates the need 7978 for MAXIPADDR in conf.h. Suggested by John Gardiner 7979 Myers of CMU. 7980 Fix a bug that can cause qf files to be left around even after 7981 an SMTP RSET command. Problem and fix from Michael 7982 Corrigan. 7983 Don't send a PostmasterCopy to errors when the Precedence: is 7984 negative. Error reports still go to the envelope 7985 sender address. 7986 Add LA_SHORT for load averages. 7987 Lock sendmail.st file when posting statistics. 7988 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to 7989 set the size of the TCP send and receive buffers; if you 7990 run over a slow slip line you may need to set these down 7991 (although it would be better to fix the SLIP implementation 7992 so that it's not necessary to recompile every program 7993 that does bulk data transfer). 7994 Allow null defaults on $( ... $) lookups. Problem reported by 7995 Amir Plivatsky. 7996 Diagnose crufty S and V config lines. This resulted from an 7997 observation that some people were using the SITE macro 7998 without the SITECONFIG macro first, which was causing 7999 bogus config files that were not caught. 8000 Fix makemap -f flag to turn off case folding (it was turning it 8001 on instead). THIS IS A USER VISIBLE CHANGE!!! 8002 Fix a problem that caused multiple error messages to be sent if 8003 you used "sendmail -t -oem -odb", your system uses fcntl 8004 locking, and one of the recipient addresses is unknown. 8005 Reset uid earlier in include() so that recursive .forwards or 8006 :include:s don't use the wrong uid. 8007 If file descriptor 0, 1, or 2 was closed when sendmail was 8008 called, the code to recover the descriptor was broken. 8009 This sometimes (only sometimes) caused problems with the 8010 alias file. Fix from Motonori Nakamura. 8011 Fix a problem that caused aliaswait to go into infinite recursion 8012 if the @:@ metasymbol wasn't found in the alias file. 8013 Improve error message on newaliases if database files cannot be 8014 opened or if running with no database format defined. 8015 Do a better estimation of the size of error messages when NoReturn 8016 is set. Problem noted by P{r (Pell) Emanuelsson. 8017 Fix a problem causing the "c" option (don't connect to expensive 8018 mailers) to be ignored in SMTP. Problem noted and the 8019 solution suggested by Robert Elz of The University of 8020 Melbourne. 8021 Improve connection caching algorithm by passing "[host]" to 8022 hostsignature, which strips the square brackets and 8023 returns the real name. This allows mailertable entries 8024 to match regular entries. 8025 Re-enable Return-Receipt-To: -- people seem to want this stupid 8026 feature, even if it doesn't work right. 8027 Catch and log attempts to try the "wiz" command in server SMTP. 8028 This also ups the log level from LOG_NOTICE to LOG_CRIT. 8029 Be more generous at assigning $z to the home directory -- do this 8030 for programs that are specified through a .forward file. 8031 Fix from Andrew Chang of Sun Microsystems. 8032 Always save a fatal error message in preference to a non-fatal 8033 error message so that the "subject" line of return 8034 messages is the best possible. 8035 CONFIG: reduce the number of quotes needed to quote configuration 8036 parameters with commas: two quotes should work now, e.g., 8037 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). 8038 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom 8039 connections (domain-ized UUCP). 8040 CONFIG: fix bug in default maps (-o must be before database file 8041 name). Pointed out by Christophe Wolfhugel. 8042 CONFIG: add FEATURE(nodns) to state that we are not relying on 8043 DNS. This would presumably be used in UUCP islands. 8044 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). 8045 CONFIG: log $u in Received: line. This is in technical violation 8046 of the standards, since it doesn't guarantee a domain 8047 on the address. 8048 CONFIG: don't assume "m" in local mailer flags -- this means that 8049 if you redefine LOCAL_MAILER_FLAGS you will have to include 8050 the "m" flag should you want it. Apparently some Solaris 2.2 8051 installations can't handle multiple local recipients. 8052 Problem noted by Josh Smith. 8053 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). 8054 CONFIG: change default version level from 4 to 5. 8055 CONFIG: add FEATURE(nullclient) to create a config file that 8056 forwards all mail to a hub without ever looking at the 8057 addresses in any detail. 8058 CONFIG: properly strip mailer: information off of relays when 8059 used to change .BITNET form into %-hack form. 8060 CONFIG: fix a problem that caused infinite loops if presented 8061 with an address such as "!foo". 8062 CONFIG: check for self literal (e.g., [128.32.131.12]) even if 8063 the reverse "PTR" mapping is broken. There's a better 8064 way to do this, but the change is fairly major and I 8065 want to hold it for another release. Problem noted by 8066 Bret Marquis. 8067 80688.5/8.5 1993/07/23 8069 Serious bug: if you used a command line recipient that was unknown 8070 sendmail would not send a return message (it was treating 8071 everything as though it had an SMTP-style client that 8072 would do the return itself). Problem noted by Josh Smith. 8073 Change "trymx" option in getcanonname() to ignore all MX data, 8074 even during a T_ANY query. This actually didn't break 8075 anything, because the only time you called getcanonname 8076 with !trymx was if you already knew there were no MX 8077 records, but it is somewhat cleaner. From Motonori 8078 Nakamura. 8079 Don't call getcanonname from getmxrr if you already know there 8080 are no DNS records matching the name. 8081 Fix a problem causing error messages to always include "The 8082 original message was received ... from localhost". 8083 The correct original host information is now included. 8084 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their 8085 version of "test" doesn't have the -x flag). Change it 8086 to use -f instead. From John Myers. 8087 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to 8088 esmtp -- it should be smtp. 8089 CONFIG: send all relayed mail using confRELAY_MAILER (defaults 8090 to "relay" (a variant of "smtp") if MAILER(smtp) is used, 8091 else "suucp" if MAILER(uucp) is used, else "unknown"); 8092 this cleans up the configs somewhat. This fixes a serious 8093 problem that caused route-addrs to get mistaken as relays, 8094 pointed out by John Myers. WARNING: this also causes 8095 the default on SMART_HOST to change from "suucp" to 8096 "relay" if you have MAILER(smtp) specified. 8097 80988.4/8.4 1993/07/22 8099 Add option `w'. If you receive a message that comes to you because 8100 you are the best (lowest preference) target of an MX, and 8101 you haven't explicitly recognized the source MX host in 8102 your .cf file, this option will cause you to try the target 8103 host directly (as if there were no MX for it at all). If 8104 `w' is not set, this case is a configuration error. 8105 Beware: if `w' is set, senders may get bogus errors like 8106 "message timed out" or "host unknown" for problems that 8107 are really configuration errors. This option is 8108 disrecommended, provided only for compatibility with 8109 UIUC sendmail. 8110 Fix a problem that caused the incoming socket to be left open 8111 when sendmail forks after the DATA command. This caused 8112 calling systems to wait in FIN_WAIT_2 state until the 8113 entire list was processed and the child closed -- a 8114 potentially prodigious amount of time. Problem noted 8115 by Neil Rickert. 8116 Fix problem (created in 6.64) that caused mail sent to multiple 8117 addresses, one of which was a bad address, to completely 8118 suppress the sending of the message. This changes 8119 handling of EF_FATALERRS somewhat, and adds an 8120 EF_GLOBALERRS flag. This also fixes a potential problem 8121 with duplicate error messages if there is a syntax error 8122 in the header of a message that isn't noticed until late 8123 in processing. Original problem pointed out by Josh Smith 8124 of Harvey Mudd College. This release includes quite a bit 8125 of dickering with error handling (see below). 8126 Back out SMTP transaction if MAIL gets nested 501 error. This 8127 will only hurt already-broken software and should help 8128 humans. 8129 Fix a problem that broke aliases when neither NDBM nor NEWDB were 8130 compiled in. It would never read the alias file. 8131 Repair unbalanced `)' and `>' (the "open" versions are already 8132 repaired). 8133 Logging of "done" in dropenvelope() was incorrect: it would 8134 log this even when the queue file still existed. Change 8135 this to only log "done" (at log level 11) when the 8136 queue file is actually removed. From John Myers. 8137 Log "lost connection" in server SMTP at log level 20 if there 8138 is no pending transaction. Some senders just close the 8139 connection rather than sending QUIT. 8140 Fix a bug causing getmxrr to add a dot to the end of unqualified 8141 domains that do not have MX records -- this would cause 8142 the subsequent host name lookup to fail. The problem 8143 only occurred if you had FEATURE(nocanonify) set. 8144 Problem noted by Rick McCarty of Texas Instruments. 8145 Fix invocation of setvbuf when passed a -X flag -- I had 8146 unwittingly used an ANSI C extension, and this caused 8147 core dumps on some machines. 8148 Diagnose self-destructive alias loops on RCPT as well as EXPN. 8149 Previously it just gave an empty send queue, which 8150 then gave either "Need RCPT (recipient)" at the DATA 8151 (confusing, since you had given an RCPT command which 8152 returned 250) or just dropped the email, depending on 8153 whether you were running VERBose mode. Now it usually 8154 diagnoses this case as "aliasing/forwarding loop broken". 8155 Unfortunately, it still doesn't adequately diagnose 8156 some true error conditions. 8157 Add internal concept of "warning messages" using 6xx codes. 8158 These are not reported only to Postmaster. Unbalanced 8159 parens, brackets, and quotes are printed as 653 codes. 8160 They are always mapped to 5xx codes before use in SMTP. 8161 Clean up error messages to tell both the actual address that 8162 failed and the alias they arose from. This makes it 8163 somewhat easier to diagnose problems. Difficulty noted 8164 by Motonori Nakamura. 8165 Fix a problem that inappropriately added a ctladdr to addresses 8166 that shouldn't have had one during a queue run. This 8167 caused error messages to be handled differently during 8168 a queue run than a direct run. 8169 Don't print the qf name and line number if you get errors during 8170 the direct run of the queue from srvrsmtp -- this was 8171 just extra stuff for users to crawl through. 8172 Put command line flags on second line of pid file so you can 8173 auto-restart the daemon with all appropriate arguments. 8174 Use "kill `head -1 /etc/sendmail.pid`" to stop the 8175 daemon, and "eval `tail -1 /etc/sendmail.pid`" to 8176 restart it. 8177 Remove the ``setuid(getuid())'' in main -- this caused the 8178 IDENT daemon to screw up. This required that I change 8179 HASSETEUID to HASSETREUID and complicate the mode 8180 changing somewhat because both Ultrix and SunOS seem 8181 to have a bug causing seteuid() to set the saved uid 8182 as well as the effective. The program test/t_setreuid.c 8183 will test to see if your implementation of setreuid(2) 8184 is appropriately functional. 8185 The FallBackMX (option V) handling failed to properly identify 8186 fallback to yourself -- most of the code was there, 8187 but it wasn't being enabled. Problem noted by Murray 8188 Kucherawy of the University of Waterloo. 8189 Change :include: open timeout from ETIMEDOUT to an internal 8190 code EOPENTIMEOUT; this avoids adding "during SmtpPhase 8191 with CurHostName" in error messages, which can be 8192 confusing. Reported by Jonathan Kamens of OpenVision 8193 Technologies. 8194 Back out setpgrp (setpgid on POSIX systems) call to reset the 8195 process group id. The original fix was to get around 8196 some problems with recalcitrant MUAs, but it breaks 8197 any call from a shell that creates a process group id 8198 different from the process id. I could try to fix 8199 this by diddling the tty owner (using tcsetpgrp or 8200 equivalent) but this is too likely to break other 8201 things. 8202 Portability changes: 8203 Support -M as equivalent to -oM on Ultrix -- apparently 8204 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs 8205 instead of using standard flags. Oh joy. This 8206 behavior reported by Jon Giltner of University 8207 of Colorado. 8208 SGI IRIX -- this includes several changes that should 8209 help other strict ANSI compilers. 8210 SCO Unix -- from Murray Kucherawy of HookUp Communication 8211 Corporation. 8212 Solaris running the Sun C compiler (which despite the 8213 documentation apparently doesn't define 8214 __STDC__ by default). 8215 ConvexOS from Eric Schnoebelen of Convex. 8216 Sony NEWS workstations and Omron LUNA workstations from 8217 Motonori Nakamura. 8218 CONFIG: add confTRY_NULL_MX_LIST to set option `w'. 8219 CONFIG: delete `C' and `e' from default SMTP mailers flags; 8220 several people have made a good argument that this 8221 creates more problems than it solves (although this 8222 may prove painful in the short run). 8223 CONFIG: generalize all the relays to accept a "mailer:host" 8224 format. 8225 CONFIG: move local processing in ruleset 0 into a new ruleset 8226 98 (8 on old sendmail). Domain literal [a.b.c.d] 8227 addresses are also passed through this ruleset. 8228 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, 8229 internet-style addresses would "fall off the end" of 8230 ruleset zero and be interpreted as local -- however, 8231 the angle brackets confused the recursive call. 8232 These are now diagnosed as "Unrecognized host name". 8233 CONFIG: USENET rules weren't included in S0 because of a mistaken 8234 ifdef(`_MAILER_USENET_') instead of 8235 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik 8236 of SINTEF RUNIT, Oslo. 8237 CONFIG: move up LOCAL_RULE_0 processing so that it happens very 8238 early in ruleset 0; this allows .mc authors to bypass 8239 things like the "short circuit" code for local addresses. 8240 Prompted by a comment by Bill Wisner of The Well. 8241 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or 8242 esmtp) to send SMTP mail. This allows you to default 8243 to esmtp but use a mailertable or other override to 8244 deal with broken servers. This logic was pointed out 8245 to me by Bill Wisner. Ditto for confLOCAL_MAILER. 8246 Changes to cf/sh/makeinfo.sh to make it portable to SVR4 8247 environments. Ugly as sin. 8248 82498.3/8.3 1993/07/13 8250 Fix setuid problems introduced in 8.2 that caused messages 8251 like "Cannot create qfXXXXXX: Invalid argument" 8252 or "Cannot reopen dfXXXXXX: Permission denied". This 8253 involved a new compile flag "HASSETEUID" that takes 8254 the place of the old _POSIX_SAVED_IDS -- it turns out 8255 that the POSIX interface is broken enough to break 8256 some systems badly. This includes some fixes for 8257 HP-UX. Also fixes problems where the real uid is 8258 not reset properly on startup (from Neil Rickert). 8259 Fix a problem that caused timed out messages to not report the 8260 addresses that timed out. Error messages are also more 8261 "user friendly". 8262 Drop required bandwidth on connections from 64 bytes/sec to 8263 16 bytes/sec. 8264 Further Solaris portability changes -- doesn't require the BSD 8265 compatibility library. This also adds a new 8266 "HASGETDTABLESIZE" compile flag which can be used if 8267 you want to use getdtablesize(2) instead of sysconf(2). 8268 These are loosely based on changes from David Meyer at 8269 University of Oregon. This now seems to work, at least 8270 for quick test cases. 8271 Fix a problem that can cause duplicate error messages to be 8272 sent if you are in SMTP, you send to multiple addresses, 8273 and at least one of those addresses is good and points 8274 to an account that has a .forward file (whew!). 8275 Fix a problem causing messages to be discarded if checkcompat() 8276 returned EX_TEMPFAIL (because it didn't properly mark 8277 the "to" address). Problem noted by John Myers. 8278 Fix dfopen to return NULL if the open failed; I was depending 8279 on fdopen(-1) returning NULL, which isn't the case. This 8280 isn't serious, but does result in weird error diagnoses. 8281 From Michael Corrigan. 8282 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of 8283 messages sent through UUCP-family mailers. Suggested 8284 by Bill Wisner of The Well. 8285 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, 8286 include a "uucp-dom" mailer that uses domain-style 8287 addressing. Suggested by Bill Wisner. 8288 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match 8289 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by 8290 Christophe Wolfhugel. 8291 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 8292 82938.2/8.2 1993/07/11 8294 Don't drop out on config file parse errors in -bt mode. 8295 On older configuration files, assume option "l" (use Errors-To 8296 header) for back compatibility. NOTE: this DOES NOT 8297 imply an endorsement of the Errors-To: header in any way. 8298 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? 8299 Don't log errors on EHLO -- it isn't a "real" error for an old 8300 SMTP server to give an error on this command, and 8301 logging it in the transcript can be confusing. Fix 8302 from Bill Wisner. 8303 IRIX compatibility changes provided by Dan Rich 8304 <drich@sandman.lerc.nasa.gov>. 8305 Solaris 2 compatibility changes. Provided by Bob Cunningham 8306 <bob@kahala.soest.hawaii.edu>, John Oleynick 8307 <juo@klinzhai.rutgers.edu> 8308 Debugging: -d17 was overloaded (hostsignature and usersmtp.c); 8309 move usersmtp (smtpinit and smtpmailfrom) to -d18 to 8310 match the other flags in that file. 8311 Flush transcript before fork in mailfile(). From Eric Wassenaar. 8312 Save h_errno in mci struct and improve error message display. 8313 Changes from Eric Wassenaar. 8314 Open /dev/null for the transcript if the create of the xf file 8315 failed; this avoids at least one possible null pointer 8316 reference in very weird cases. From Eric Wassenaar. 8317 Clean up statistics gathering; it was over-reporting because of 8318 forks. From Eric Wassenaar. 8319 Fix problem that causes old Return-Path: line to override new 8320 Return-Path: line (conf.c needs H_FORCE to avoid 8321 re-using old value). From Motonori Nakamura. 8322 Fix broken -m flag in K definition -- even if -m (match only) 8323 was specified, it would still replace the key with the 8324 value. Noted by Rick McCarty of Texas Instruments. 8325 If the name server timed out over several days, no "timed out" 8326 message would ever be sent back. The timeout code 8327 has been moved from markfailure() to dropenvelope() 8328 so that all such failures should be diagnosed. Pointed 8329 out by Christophe Wolfhugel and others. 8330 Relax safefile() constraints: directories in an include or 8331 forward path must be readable by self if the controlling 8332 user owns the entry, readable by all otherwise (e.g., 8333 when reading your .forward file, you have to own and 8334 have X permission in it; everyone needs X permission in 8335 the root and directories leading up to your home); 8336 include files must be readable by anyone, but need not 8337 be owned by you. 8338 If _POSIX_SAVED_IDS is defined, setuid to the owner before 8339 reading a .forward file; this gets around some problems 8340 on NFS mounts if root permission is not exported and 8341 the user's home directory isn't x'able. 8342 Additional NeXT portability enhancements from Axel Zinser. 8343 Additional HP-UX portability enhancements from Brian Bullen. 8344 Add a timeout around SMTP message writes; this assumes you can 8345 get throughput of at least 64 bytes/second. Note that 8346 this does not impact the "datafinal" default, which 8347 is separate; this is just intended to work around 8348 network clogs that will occur before the final dot 8349 is sent. From Eric Wassenaar. 8350 Change map code to set the "include null" flag adaptively -- 8351 it initially tries both, but if it finds anything 8352 matching without a null it never tries again with a 8353 null and vice versa. If -N is specified, it never 8354 tries without the null and creates new maps with a 8355 null byte. If -O is specified, it never tries with 8356 the null (for efficiency). If -N and -O are specified, 8357 you get -NO (get it?) lookup at all, so this would 8358 be a bad idea. If you don't specify either -N or -O, 8359 it adapts. 8360 Fix recognition of "same from address" so that MH submissions 8361 will insert the appropriate full name information; 8362 this used to work and got broken somewhere along the 8363 way. 8364 Some changes to eliminate some unnecessary SYSERRs in the 8365 log. For example, if you lost a connection, don't 8366 bother reporting that fact on the connection you lost. 8367 Add some "extended debugging" flags to try to track down 8368 why we get occasional problems with file descriptor 8369 one being closed when execing a mailer; it seems to 8370 only happen when there has been another error in the 8371 same transaction. This requires XDEBUG, defined 8372 by default in conf.h. 8373 Add "-X filename" command line flag, which logs both sides of 8374 all SMTP transactions. This is intended ONLY for 8375 debugging bad implementations of other mailers; start 8376 it up, send a message from a mailer that is failing, 8377 and then kill it off and examine the indicated log. 8378 This output is not intended to be particularly human 8379 readable. This also adds the HASSETVBUF compile 8380 flag, defaulted on if your compiler defines __STDC__. 8381 CONFIG: change SMART_HOST to override an SMTP mailer. If you 8382 have a local net that should get direct connects, you 8383 will need to use LOCAL_NET_CONFIG to catch these hosts. 8384 See cf/README for an example. 8385 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle 8386 sites that don't use the -d flag. 8387 CONFIG: hide recipient addresses as well as sender addresses 8388 behind $M if FEATURE(allmasquerade) is specified; this 8389 has been requested by several people, but can break 8390 local aliases. For example, if you mail to "localalias" 8391 this will be rewritten as "localalias@masqueradehost"; 8392 although initial delivery will work, replies will be 8393 broken. Use it sparingly. 8394 CONFIG: add FEATURE(domaintable). This maps unqualified domains 8395 to qualified domains in headers. I believe this is 8396 largely equivalent to the IDA feature of the same name. 8397 CONFIG: use $U as UUCP name instead of $k. This permits you 8398 to override the "system name" as your UUCP name -- 8399 in particular, to use domain-ized UUCP names. From 8400 Bill Wisner of The Well. 8401 CONFIG: create new mailer "esmtp" that always tries EHLO 8402 first. This is currently unused in the config files, 8403 but could be used in a mailertable entry. 8404 84058.1C/8.1B 1993/06/27 8406 Serious security bug fix: it was possible to read any file on 8407 the system, regardless of ownership and permissions. 8408 If a subroutine returns a fully qualified address, return it 8409 immediately instead of feeding it back into rewriting. 8410 This fixes a problem with mailertable lookups. 8411 CONFIG: fix some M4 frotz (concat => CONCAT) 8412 84138.1B/8.1A 1993/06/12 8414 Serious bug fix: pattern matching backup algorithm stepped by 8415 two tokens in classes instead of one. Found by Claus 8416 Assmann at University of Kiel, Germany. 8417 84188.1A/8.1A 1993/06/08 8419 Another mailertable fix.... 8420 84218.1/8.1 1993/06/07 8422 4.4BSD freeze. No semantic changes. 8423