RELEASE_NOTES revision 161389
1 SENDMAIL RELEASE NOTES 2 $Id: RELEASE_NOTES,v 8.1777.2.15 2006/08/07 17:22:09 ca Exp $ 3 4 5This listing shows the version of the sendmail binary, the version 6of the sendmail configuration files, the date of release, and a 7summary of the changes in that release. 8 98.13.8/8.13.8 2006/08/09 10 Fix a regression in 8.13.7: if shared memory is activated, then 11 the server can erroneously report that there is 12 insufficient disk space. Additionally make sure that 13 an internal variable is set properly to avoid those 14 misleading errors. Based on patch from Steve Hubert 15 of University of Washington. 16 Fix a regression in 8.13.7: the PidFile could be removed after 17 the process that forks the daemon exited, i.e., if 18 sendmail -bd is invoked. Problem reported by Kan Sasaki 19 of Fusion Communications Corp. and Werner Wiethege. 20 Avoid opening qf files if QueueSortOrder is "none". Patch from 21 David F. Skoll. 22 Avoid a crash when finishing due to referencing a freed variable. 23 Problem reported and diagnosed by Moritz Jodeit. 24 CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4 25 range (0..255). 26 LIBMILTER: The "hostname" argument of the xxfi_connect() callback 27 previously was the equivalent of {client_ptr}. However, 28 this did not match the documentation of the function, hence 29 it has been changed to {client_name}. See doc/op/op.* 30 about these macros. 31 328.13.7/8.13.7 2006/06/14 33 A malformed MIME structure with many parts can cause sendmail to 34 crash while trying to send a mail due to a stack overflow, 35 e.g., if the stack size is limited (ulimit -s). This 36 happens because the recursion of the function mime8to7() 37 was not restricted. The function is called for MIME 8 to 38 7 bit conversion and also to enforce MaxMimeHeaderLength. 39 To work around this problem, recursive calls are limited to 40 a depth of MAXMIMENESTING (20); message content after this 41 limit is treated as opaque and is not checked further. 42 Problem noted by Frank Sheiness. 43 The changes to the I/O layer in 8.13.6 caused a regression for 44 SASL mechanisms that use the security layer, e.g., 45 DIGEST-MD5. Problem noted by Robert Stampfli. 46 If a timeout occurs while reading a message (during the DATA phase) 47 a df file might have been left behind in the queue. 48 This was another side effect of the changes to the I/O 49 layer made in 8.13.6. 50 Several minor problems have been fixed that were found by a 51 Coverity scan of sendmail 8 as part of the NetBSD 52 distribution. See http://scan.coverity.com/ 53 Note: the scan generated also a lot of "false positives", 54 e.g., "error" reports about situations that cannot happen. 55 Most of those code places are marked with lint(1) comments 56 like NOTREACHED, but Coverity does not understand those. 57 Hence an explicit assertion has been added in some cases 58 to avoid those false positives. 59 If the start of the sendmail daemon fails due to a configuration 60 error then in some cases shared memory segments or pid 61 files were not removed. 62 If DSN support is disabled via access_db, then related ESMTP 63 parameters for MAIL and RCPT should be rejected. Problem 64 reported by Akihiro Sagawa. 65 Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding 66 bug work-around. Hence if sendmail is linked against 67 either of these versions and compression is available, 68 the padding bug work-around is turned off. Based on 69 patch from Victor Duchovni of Morgan Stanley. 70 CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used 71 blackholes.mail-abuse.org as default domain for lookups, 72 however, that list is no longer available. To avoid 73 further problems, no default value is available anymore, 74 but an argument must be specified. 75 Portability: 76 Fix compilation on OSF/1 for sfsasl.c. Patch from 77 Pieter Bowman of the University of Utah. 78 798.13.6/8.13.6 2006/03/22 80 SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server 81 and client side of sendmail with timeouts in the libsm I/O 82 layer and fix problems in that code. Also fix handling of 83 a buffer in sm_syslog() which could have been used as an 84 attack vector to exploit the unsafe handling of 85 setjmp(3)/longjmp(3) in combination with signals. 86 Problem detected by Mark Dowd of ISS X-Force. 87 Handle theoretical integer overflows that could triggered if 88 the server accepted headers larger than the maximum 89 (signed) integer value. This is prevented in the default 90 configuration by restricting the size of a header, and on 91 most machines memory allocations would fail before reaching 92 those values. Problems found by Phil Brass of ISS. 93 If a server returns 421 for an RSET command when trying to start 94 another transaction in a session while sending mail, do 95 not trigger an internal consistency check. Problem found 96 by Allan E Johannesen of Worcester Polytechnic Institute. 97 If a server returns a 5xy error code (other than 501) in response 98 to a STARTTLS command despite the fact that it advertised 99 STARTTLS and that the code is not valid according to RFC 100 2487 treat it nevertheless as a permanent failure instead 101 of a protocol error (which has been changed to a 102 temporary error in 8.13.5). Problem reported by Jeff 103 A. Earickson of Colby College. 104 Clear SMTP state after a HELO/EHLO command. Patch from John 105 Myers of Proofpoint. 106 Observe MinQueueAge option when gathering entries from the queue 107 for sorting etc instead of waiting until the entries are 108 processed. Patch from Brian Fundakowski Feldman. 109 Set up TLS session cache to properly handle clients that try to 110 resume a stored TLS session. 111 Properly count the number of (direct) child processes such that 112 a configured value (MaxDaemonChildren) is not exceeded. 113 Based on patch from Attila Bruncsak. 114 LIBMILTER: Remove superfluous backslash in macro definition 115 (libmilter.h). Based on patch from Mike Kupfer of 116 Sun Microsystems. 117 LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets. 118 This generates an error message from libmilter on 119 Solaris, though other systems appear to just discard the 120 request silently. 121 LIBMILTER: Deal with sigwait(2) implementations that return 122 -1 and set errno instead of returning an error code 123 directly. Patch from Chris Adams of HiWAAY Informations 124 Services. 125 Portability: 126 Fix compilation checks for closefrom(3) and statvfs(2) 127 in NetBSD. Problem noted by S. Moonesamy, patch from 128 Andrew Brown. 129 1308.13.5/8.13.5 2005/09/16 131 Store the filesystem identifier of the df/ subdirectory (if it 132 exists) in an internal structure instead of the base 133 directory. This structure is used decide whether there 134 is enough free disk space when selecting a queue, hence 135 without this change queue selection could fail if a df/ 136 subdirectory exists and is on a different filesystem 137 than the base directory. 138 Use the queue index of the df file (instead of the qf file) for 139 checking whether a link(2) operation can be used to split 140 an envelope across queue groups. Problem found by 141 Werner Wiethege. 142 If the list of items in the queue is larger than the maximum 143 number of items to process, sort the queue first and 144 then cut the list off instead of the other way around. 145 Patch from Matej Vela of Rudjer Boskovic Institute. 146 Fix helpfile to show full entry for ETRN. Problem noted by 147 Penelope Fudd, patch from Neil Rickert of Northern Illinois 148 University. 149 FallbackSmartHost should also be tried on temporary errors. 150 From John Beck of Sun Microsystems. 151 When a server responds with 421 to the STARTTLS command then treat 152 it as a temporary error, not as protocol error. Problem 153 noted by Andrey J. Melnikoff. 154 Properly define two functions in libsm as static because their 155 prototype used static too. Patch from Peter Klein. 156 Fix syntax errors in helpfile for MAIL and RCPT commands. 157 LIBMILTER: When smfi_replacebody() is called with bodylen equals 158 zero then do not silently ignore that call. Patch from 159 Gurusamy Sarathy of Active State. 160 LIBMILTER: Recognize "421" also in a multi-line reply to terminate 161 the SMTP session with that error. Fix from Brian Kantor. 162 Portability: New option HASSNPRINTF which can be set if the OS 163 has a properly working snprintf(3) to get rid 164 of the last two (safe) sprintf(3) calls in the 165 source code. 166 Add support for AIX 5.3. 167 Add support for SunOS 5.11 (aka Solaris 11). 168 Add support for Darwin 8.x. Patch from Lyndon Nerenberg. 169 OpenBSD 3.7 has removed support for NETISO. 170 CONFIG: Add OSTYPE(freebsd6) for FreeBSD 6.X. 171 Set DontBlameSendmail to AssumeSafeChown and 172 GroupWritableDirPathSafe for OSTYPE(darwin). 173 Patch from Lyndon Nerenberg. 174 Some features still used 4.7.1 as enhanced status code which 175 was supposed to be eliminated in 8.13.0 because some 176 broken systems misinterpret it as a permanent error. 177 Patch from Matej Vela of Rudjer Boskovic Institute. 178 Some default values in a generated cf file did not match 179 the defaults in the sendmail binary. Problem noted 180 by Mike Pechkin. 181 New Files: 182 cf/ostype/freebsd6.m4 183 devtools/OS/AIX.5.3 184 devtools/OS/Darwin.8.x 185 devtools/OS/SunOS.5.11 186 include/sm/time.h 187 1888.13.4/8.13.4 2005/03/27 189 The bug fixes in 8.13.3 for connection handling uncovered a 190 different error which could result in connections that 191 stay in CLOSE_WAIT state due to a variable that was not 192 properly initialized. Problem noted by Michael Sims. 193 Deal with empty hostnames in hostsignature(). This bug could lead 194 to an endless loop when doing LMTP deliveries to another 195 host. Problem first reported by Martin Lathoud and 196 tracked down by Gael Roualland. 197 Make sure return parameters are initialized in getmxrr(). Problem 198 found by Gael Roualland using valgrind. 199 If shared memory is used and the RunAsUser option is set, then the 200 owner and group of the shared memory segment is set to 201 the ids specified RunAsUser and the access mode is set 202 to 0660 to allow for updates by sendmail processes. 203 The number of queue entries that is (optionally) kept in shared 204 memory was wrong in some cases, e.g., envelope splitting 205 and bounce generation. 206 Undo a change made in 8.13.0 to silently truncate long strings 207 in address rewriting because the message can be triggered 208 for header checks where long strings are legitimate. 209 Problem reported by Mary Verge DeSisto, and tracked 210 down with the help of John Beck of Sun Microsystems. 211 The internal stab map did not obey the -m flag. Patch from 212 Rob McMahon of Warwick University, England. 213 The socket map did not obey the -f flag. Problem noted by 214 Dan Ringdahl, forwarded by Andrzej Filip. 215 The addition of LDAP recursion in 8.13.0 broke enforcement of 216 the LDAP map -1 argument which tells the MTA to only 217 return success if and only if a single LDAP match is found. 218 Add additional error checks in the MTA for milter communication 219 to avoid a possible segmentation fault. Based on patch 220 by Joe Maimon. 221 Do not trigger an assertion if X509_digest() returns success but 222 does not assign a value to its output parameter. Based 223 on patch by Brian Kantor. 224 Add more checks when resetting internal AUTH data (applies only 225 to Cyrus SASL version 2). Otherwise an SMTP session might 226 be dropped after an AUTH failure. 227 Portability: 228 Add LA_LONGLONG as valid LA_TYPE type for systems that use 229 "long long" to read load average data, e.g., 230 AIX 5.1 in 32 bit mode. Note: this has to be set 231 "by hand", it is not (yet) automatically detected. 232 Problem noted by Burak Bilen. 233 Use socklen_t for accept(), etc. on AIX 5.x. This should 234 fix problems when compiling in 64 bit mode. 235 Problem first reported by Harry Meiert of 236 University of Bremen. 237 New Files: 238 include/sm/sem.h 239 libsm/sem.c 240 libsm/t-sem.c 241 2428.13.3/8.13.3 2005/01/11 243 Enhance handling of I/O errors, especially EOF, when STARTTLS 244 is active. 245 Make sure a connection is not reused after it has been closed 246 due to a 421 error. Problem found by Allan E Johannesen 247 of Worcester Polytechnic Institute. 248 Avoid triggering an assertion when sendmail is interrupted while 249 closing a connection. Problem found by Allan E Johannesen 250 of Worcester Polytechnic Institute. 251 Regression: a change in 8.13.2 caused sendmail not to try the 252 next MX host (or FallbackMXhost if configured) when, at 253 connection open, the current server returns a 4xy or 5xy 254 SMTP reply code. Problem noted by Mark Tranchant. 255 2568.13.2/8.13.2 2004/12/15 257 Do not split the first header even if it exceeds the internal 258 buffer size. Previously a part of such a header would 259 end up in the body of the message. Problem noted by 260 Simple Nomad of BindView. 261 Do not complain about "cataddr: string too long" when checking 262 headers that do not contain RFC 2822 addresses. 263 Problem noted by Rich Graves of Brandeis University. 264 If a server returns a 421 reply to the RSET command between 265 message deliveries, do not attempt to deliver any more 266 messages on that connection. This prevents bogus "Bad 267 file number" recipient status. Problem noted by 268 Allan E Johannesen of Worcester Polytechnic Institute. 269 Allow trailing white space in EHLO command as recommended by RFC 270 2821. Problem noted by Ralph Santagato of SBC Services. 271 Deal with clients which use AUTH but negotiate a smaller buffer size 272 for data exchanges than the value used by sendmail, e.g., 273 Cyrus IMAP lmtp server. Based on patch by Jamie Clark. 274 When passing ESMTP arguments for RCPT to a milter, do not cut 275 them off at a comma. Problem noted by Krzysztof Oledzki. 276 Add more logging to milter change header functions to 277 complement existing logging. Based on patch from 278 Gurusamy Sarathy of Active State. 279 Include <lber.h> in include/sm/config.h when LDAPMAP is defined. 280 Patch from Edgar Hoch of the University of Stuttgart. 281 Fix DNS lookup if IPv6 is enabled when converting an IP address 282 to a hostname for use with SASL. Problem noted by Ken Jones; 283 patch from Hajimu UMEMOTO. 284 CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog 285 mailer. Patch from John Beck of Sun Microsystems. 286 LIBMILTER: It was possible that xxfi_abort() was called after 287 xxfi_eom() for a message if some timeouts were triggered. 288 Patch from Alexey Kravchuk. 289 LIBMILTER: Slightly rearrange mutex use in listener.c to allow 290 different threads to call smfi_opensocket() and smfi_main(). 291 Patch from Jordan Ritter of Cloudmark. 292 MAIL.LOCAL: Properly terminate MBDB before exiting. Problem 293 noted by Nelson Fung. 294 MAIL.LOCAL: make strip-mail.local used a wrong path to access 295 mail.local. Problem noted by William Park. 296 VACATION: Properly terminate MBDB before exiting. Problem noted 297 by Nelson Fung. 298 Portability: 299 Add support for DragonFly BSD. 300 New Files: 301 cf/ostype/dragonfly.m4 302 devtools/OS/DragonFly 303 include/sm/os/sm_os_dragonfly.h 304 Deleted Files: 305 libsm/vsscanf.c 306 3078.13.1/8.13.1 2004/07/30 308 Using the default AliasFile ldap: specification would cause the 309 objectClasses of the LDAP response to be included in the 310 alias expansion. Problem noted by Brenden Conte of 311 Rensselaer Polytechnic Institute. 312 Fix support for a fallback smart host for system where DNS is 313 (partially) available. From John Beck of Sun Microsystems. 314 Fix SuperSafe=PostMilter behavior when a milter replaces a body 315 but the data file is not yet stored on disk because it is 316 smaller than the size of the memory buffer. Problem noted 317 by David Russell. 318 Fix certificate revocation list support; if a CRL was specified 319 but the other side presented a cert that was signed by 320 a different (trusted) CA than the one which issued the CRL, 321 verification would always fail. Problem noted by Al Smith. 322 Run mailer programs as the RunAsUser when RunAsUser is set and 323 the F=S mailer flag is set without a U= mailer equate. 324 Problem noted by John Gardiner Myers of Proofpoint. 325 ${nbadrcpts} was off by one if BadRcptThrottle is zero. 326 Patch from Sung-hoon Choi of DreamWiz Inc. 327 CONFIG: Emit a warning if FEATURE(`access_db') is used after 328 FEATURE(`greet_pause') because then the latter will not 329 use the access map. Note: if no default value is given 330 for FEATURE(`greet_pause') then it issues an error if 331 FEATURE(`access_db') is not specified before it. 332 Problem noted by Alexander Dalloz of University of 333 Bielefeld. 334 CONFIG: Invoke ruleset Local_greet_pause if FEATURE(`greet_pause') 335 is used to give more flexibility for local changes. 336 Portability: 337 Fix a 64 bit problem in the socket map code. Problem 338 noted by Geoff Adams. 339 NetBSD 2.0F has closefrom(3). Patch from Andrew Brown. 340 NetBSD can use sysctl(3) to get the number of CPUs in 341 a system. Patch from Andrew Brown. 342 Add a README file in doc/op/ to explain potential 343 incompatibilities with various *roff related 344 tools. Problem tracked down by Per Hedeland. 345 New Files: 346 doc/op/README 347 3488.13.0/8.13.0 2004/06/20 349 Do not include AUTH data in a bounce to avoid leaking confidential 350 information. See also cf/README about MSP and the section 351 "Providing SMTP AUTH Data when sendmail acts as Client". 352 Problem noted by Neil Rickert of Northern Illinois 353 University. 354 Fix compilation error in libsm/clock.c for -D_FFR_SLEEP_USE_SELECT=n 355 and -DSM_CONF_SETITIMER=0. Problem noted by Juergen Georgi 356 of RUS University of Stuttgart. 357 Fix bug in conversion from 8bit to quoted-printable. Problem found 358 by Christof Haerens, patch from Per Hedeland. 359 Add support for LDAP recursion based on types given to attribute 360 specifications in an LDAP map definition. This allows 361 LDAP queries to return a new query, a DN, or an LDAP 362 URL which will in turn be queried. See the ``LDAP 363 Recursion'' section of doc/op/op.me for more information. 364 Based on patch from Andrew Baucom. 365 Extend the default LDAP specifications for AliasFile 366 (O AliasFile=ldap:) and file classes (F{X}@LDAP) to 367 include support for LDAP recursion via new attributes. 368 See ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section 369 of cf/README for more information. 370 New option for LDAP maps: the -w option allows you to specify the 371 LDAP API/protocol version to use. The default depends on 372 the LDAP library. 373 New option for LDAP maps: the -H option allows you to specify an 374 LDAP URI instead of specifying the LDAP server via -h host 375 and -p port. This also allows for the use of LDAP over 376 SSL and connections via named sockets if your LDAP 377 library supports it. 378 New compile time flag SM_CONF_LDAP_INITIALIZE: set this if 379 ldap_initialize(3) is available (and LDAPMAP is set). 380 If MaxDaemonChildren is set and a command is repeated too often 381 during a SMTP session then terminate it just like it is 382 done for too many bad SMTP commands. 383 Basic connection rate control support has been added: the daemon 384 maintains the number of incoming connections per client 385 IP address and total in the macros {client_rate} and 386 {total_rate}, respectively. These macros can be used 387 in the cf file to impose connection rate limits. 388 A new option ConnectionRateWindowSize (default: 60s) 389 determines the length of the interval for which the 390 number of connections is stored. Based on patch from 391 Jose Marcio Martins da Cruz, Ecole des Mines de Paris. 392 Add optional protection from open proxies and SMTP slammers which 393 send SMTP traffic without waiting for the SMTP greeting. 394 If enabled by the new ruleset greet_pause (see 395 FEATURE(`greet_pause')), sendmail will wait the specified 396 amount of time before sending the initial 220 SMTP 397 greeting. If any traffic is received before then, a 554 398 SMTP response is sent and all SMTP commands are rejected 399 during that connection. 400 If 32 NOOP (or unknown/bad) commands are issued by a client the SMTP 401 server could sleep for a very long time. Fix based on 402 patch from Tadashi Kobayashi of IIJ. 403 Fix a potential memory leak in persistent queue runners if the 404 number of entries in the queue exceeds the limit of jobs. 405 Problem noted by Steve Hubert of University of Washington. 406 Do not use 4.7.1 as enhanced status code because some broken systems 407 misinterpret it as a permanent error. 408 New value for SuperSafe: PostMilter which will delay fsync() until 409 all milters accepted the mail. This can increase 410 performance if many mails are rejected by milters due to 411 body scans. Based on patch from David F. Skoll. 412 New macro {msg_id} which contains the value of the Message-Id: 413 header, whether provided by the client or generated by 414 sendmail. 415 New macro {client_connections} which contains the number of open 416 connections in the SMTP server for the client IP address. 417 Based on patch from Jose Marcio Martins da Cruz, Ecole des 418 Mines de Paris. 419 sendmail will now remove its pidfile when it exits. This was done 420 to prevent confusion caused by running sendmail stop 421 scripts two or more times, where the second and subsequent 422 runs would report misleading error messages about sendmail's 423 pid no longer existing. See section 1.3.15 of doc/op/op.me 424 for a discussion of the implications of this, including 425 how to correct broken scripts which may have depended on 426 the old behavior. From John Beck of Sun Microsystems. 427 Support per-daemon input filter lists which override the default 428 filter list specified in InputMailFilters. The filters 429 can be listed in the I= equate of DaemonPortOptions. 430 Do not add all domain prefixes of the hostname to class 'w'. If 431 your configuration relies on this behavior, you have to 432 add those names to class 'w' yourself. Problem noted 433 by Sander Eerkes. 434 Support message quarantining in the mail queue. Quarantined 435 messages are not run on normal queue displays or runs 436 unless specifically requested with -qQ. Quarantined queue 437 files are named with an hf prefix instead of a qf prefix. 438 The -q command line option now can specify which queue to display 439 or run. -qQ operates on quarantined queue items. -qL 440 operates on lost queue items. 441 Restricted mail queue runs and displays can be done based on the 442 quarantined reason using -qQtext to run or display 443 quarantined items if the quarantine reason contains the 444 given text. Similarly, -q!Qtext will run or display 445 quarantined items which do not have the given text in the 446 quarantine reason. 447 Items in the queue can be quarantined or unquarantined using the 448 new -Q option. See doc/op/op.me for more information. 449 When displaying the quarantine mailq with 'mailq -qQ', the 450 quarantine reason is shown in a new line prefixed by 451 "QUARANTINE:". 452 A new error code for the $#error mailer, $@ quarantine, can be used 453 to quarantine messages in check_* (except check_compat) and 454 header check rulesets. The $: of the mailer triplet will 455 be used for the quarantine reason. 456 Add a new quarantine count to the mailstats collected. 457 Add a new macro ${quarantine} which is the quarantine reason for a 458 message if it is quarantined. 459 New map type "socket" for a trivial query protocol over UNIX domain 460 or TCP sockets (requires compile time option SOCKETMAP). 461 See sendmail/README and doc/op/op.me for details as well as 462 socketmapServer.pl and socketmapClient.pl in contrib. 463 Code donated by Bastiaan Bakker of LifeLine Networks. 464 Define new macro ${client_ptr} which holds the result of the PTR 465 lookup for the client IP address. Note: this is the same 466 as ${client_name} if and only if ${client_resolve} is OK. 467 Add a new macro ${nbadrcpts} which contains the number of bad 468 recipients received so far in a transaction. 469 Call check_relay with the value of ${client_name} to deal with bogus 470 DNS entries. See also FEATURE(`use_client_ptr'). Problem 471 noted by Kai Schlichting. 472 Treat Delivery-Receipt-To: headers the same as Return-Receipt-To: 473 headers (turn them into DSNs). Delivery-Receipt-To: is 474 apparently used by SIMS (Sun Internet Mail System). 475 Enable connection caching for LPC mailers. Patch from Christophe 476 Wolfhugel of France Telecom Oleane. 477 Do not silently truncate long strings in address rewriting. 478 Add support for Cyrus SASL version 2. From Kenneth Murchison of 479 Oceana Matrix Ltd. 480 Add a new AuthOption=m flag to require the use of mechanisms which 481 support mutual authentication. From Kenneth Murchison of 482 Oceana Matrix Ltd. 483 Fix logging of TLS related problems (introduced in 8.12.11). 484 The macros {auth_author} and {auth_authen} are stored in xtext 485 format just like the STARTTLS related macros to avoid 486 problems with parsing them. Problem noted by Pierangelo 487 Masarati of SysNet s.n.c. 488 New option AuthRealm to set the authentication realm that is 489 passed to the Cyrus SASL library. Patch from Gary Mills 490 of the University of Manitoba. 491 Enable AUTH mechanism EXTERNAL if STARTTLS verification was 492 successful, otherwise relaying would be allowed if 493 EXTERNAL is listed in TRUST_AUTH_MECH() and STARTTLS 494 is active. 495 Add basic support for certificate revocation lists. Note: if a 496 CRLFile is specified but the file is unusable, STARTTLS 497 is disabled. Based on patch by Ralf Hornik. 498 Enable workaround for inconsistent Cyrus SASLv1 API for mechanisms 499 DIGEST-MD5 and LOGIN. 500 Write pid to file also if sendmail only acts as persistent queue 501 runner. Proposed by Gary Mills of the University of Manitoba. 502 Keep daemon pid file(s) locked so other daemons don't try to 503 overwrite each other's pid files. 504 Increase maximum length of logfile fields for {cert_subject} and 505 {cert_issuer} from 128 to 256. Requested by Christophe 506 Wolfhugel of France Telecom. 507 Log the TLS verification message on the STARTTLS= log line at 508 LogLevel 12 or higher. 509 If the MSP is invoked with the verbose option (-v) then it will 510 try to use the SMTP command VERB to propagate this option 511 to the MTA which in turn will show the delivery just like 512 it was done before the default 8.12 separation of MSP and 513 MTA. Based on patch by Per Hedeland. 514 If a daemon is refusing connections for longer than the time specified 515 by the new option RejectLogInterval (default: 3 hours) due 516 to high load, log this information. Patch from John Beck 517 of Sun Microsystems. 518 Remove the ability for non-trusted users to raise the value of 519 CheckpointInterval on the command line. 520 New mailer flag 'B' to strip leading backslashes, which is a 521 subset of the functionality of the 's' flag. 522 New mailer flag 'W' to ignore long term host status information. 523 Patch from Juergen Georgi of RUS University of Stuttgart. 524 Enable generic mail filter API (milter) by default. To turn 525 it off, add -DMILTER=0 to the compile time options. 526 An internal SMTP session discard flag was lost after an RSET/HELO/EHLO 527 causing subsequent messages to be sent instead of being 528 discarded. This also caused milter callbacks to be called 529 out of order after the SMTP session was reset. 530 New option RequiresDirfsync to turn off the compile time flag 531 REQUIRES_DIR_FSYNC at runtime. See sendmail/README for 532 further information. 533 New command line option -D logfile to send debug output to 534 the indicated log file instead of stdout. 535 Add Timeout.queuereturn.dsn and Timeout.queuewarn.dsn to control 536 queue return and warning times for delivery status 537 notifications. 538 New queue sort order option: 'n'one for not sorting the queue entries 539 at all. 540 Several more return values for ruleset srv_features have been added 541 to enable/disable certain features in the server per 542 connection. See doc/op/op.me for details. 543 Support for SMTP over SSL (smtps), activated by Modifier=s 544 for DaemonPortOptions. 545 Continue with DNS lookups on ECONNREFUSED and TRY_AGAIN when 546 trying to canonify hostnames. Suggested by Neil Rickert 547 of Northern Illinois University. 548 Add support for a fallback smart host (option FallbackSmartHost) to 549 be tried as a last resort after all other fallbacks. This 550 is designed for sites with partial DNS (e.g., an accurate 551 view of inside the company, but an incomplete view of 552 outside). From John Beck of Sun Microsystems. 553 Enable timeout for STARTTLS even if client does not start the TLS 554 handshake. Based on patch by Andrey J. Melnikoff. 555 Remove deprecated -v option for PH map, use -k instead. Patch from 556 Mark Roth of the University of Illinois at Urbana-Champaign. 557 libphclient is version 1.2.x by default, if version 1.1.x is required 558 then compile with -DNPH_VERSION=10100. Patch from Mark Roth 559 of the University of Illinois at Urbana-Champaign. 560 Add Milter.macros.eom, allowing macros to be sent to milter 561 applications for use in the xxfi_eom() callback. 562 New macro {time} which contains the output of the time(3) function, 563 i.e., the number of seconds since 0 hours, 0 minutes, 564 0 seconds, January 1, 1970, Coordinated Universal Time (UTC). 565 If check_relay sets the reply code to "421" the SMTP server will 566 terminate the SMTP session with a 421 error message. 567 Get rid of dead code that tried to access the environment variable 568 HOSTALIASES. 569 Deprecate the use of ErrorMode=write. To enable this in 8.13 570 compile with -DUSE_TTYPATH=1. 571 Header check rulesets using $>+ (do not strip comments) will get 572 the header value passed in without balancing quotes, 573 parentheses, and angle brackets. Based on patch from 574 Oleg Bulyzhin. 575 Do not complain and fix up unbalanced quotes, parentheses, and 576 angle brackets when reading in rulesets. This allows 577 rules to be written for header checks to catch strings 578 that contain quotes, parentheses, and/or angle brackets. 579 Based on patch from Oleg Bulyzhin. 580 Do not close socket when accept(2) in the daemon encounters 581 some temporary errors like ECONNABORTED. 582 Added list of CA certificates that are used by members of the 583 sendmail consortium, see CACerts. 584 Portability: 585 Two new compile options have been added: 586 HASCLOSEFROM System has closefrom(3). 587 HASFDWALK System has fdwalk(3). 588 Based on patch from John Beck of Sun Microsystems. 589 The Linux kernel version 2.4 series has a broken flock() so 590 change to using fcntl() locking until they can fix 591 it. Be sure to update other sendmail related 592 programs to match locking techniques. 593 New compile time option NEEDINTERRNO which should be set 594 if <errno.h> does not declare errno itself. 595 Support for UNICOS/mk and UNICOS/mp added, some changes for 596 UNICOS. Patches contributed by Aaron Davis and 597 Brian Ginsbach, Cray Inc., and Manu Mahonen of 598 Center for Scientific Computing. 599 Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther). 600 Extend support to Darwin 7.x/Mac OS X 10.3 (a.k.a. Panther). 601 Remove path from compiler definition for Interix because 602 Interix 3.0 and 3.5 put gcc in different locations. 603 Also use <sys/mkdev.h> to get the correct 604 major()/minor() definitions. Based on feedback 605 from Mark Funkenhauser. 606 CONFIG: Add support for LDAP recursion to the default LDAP searches 607 for maps via new attributes. See the ``USING LDAP FOR 608 ALIASES, MAPS, and CLASSES'' section of cf/README and 609 cf/sendmail.schema for more information. 610 CONFIG: Make sure confTRUSTED_USER is valid even if confRUN_AS_USER 611 is of the form "user:group" when used for submit.mc. 612 Problem noted by Carsten P. Gehrke, patch from Neil Rickert 613 of Northern Illinois University. 614 CONFIG: Add a new access DB value of QUARANTINE:reason which 615 instructs the check_* (except check_compat) to quarantine 616 the message using the given reason. 617 CONFIG: Use "dns -R A" as map type for dnsbl (just as for enhdnsbl) 618 instead of "host" to avoid problem with looking up other 619 DNS records than just A. 620 CONFIG: New option confCONNECTION_RATE_WINDOW_SIZE to define the 621 length of the interval for which the number of incoming 622 connections is maintained. 623 CONFIG: New FEATURE(`ratecontrol') to set the limits for connection 624 rate control for individual hosts or nets. 625 CONFIG: New FEATURE(`conncontrol') to set the limits for the 626 number of open SMTP connections for individual hosts or nets. 627 CONFIG: New FEATURE(`greet_pause') enables open proxy and SMTP 628 slamming protection described above. The feature can 629 take an argument specifying the milliseconds to wait and/or 630 use the access database to look the pause time based on 631 client hostname, domain, IP address, or subnet. 632 CONFIG: New FEATURE(`use_client_ptr') to have check_relay use 633 $&{client_ptr} as its first argument. This is useful for 634 rejections based on the unverified hostname of client, 635 which turns on the same behavior as in earlier sendmail 636 versions when delay_checks was not in use. See also entry 637 above about check_relay being invoked with ${client_name}. 638 CONFIG: New option confREJECT_LOG_INTERVAL to specify the log 639 interval when refusing connections for this long. 640 CONFIG: Remove quotes around usage of confREJECT_MSG; in some cases 641 this requires a change in a mc file. Requested by 642 Ted Roberts of Electronic Data Systems. 643 CONFIG: New option confAUTH_REALM to set the authentication realm 644 that is passed to the Cyrus SASL library. Patch from 645 Gary Mills of the University of Manitoba. 646 CONFIG: Rename the (internal) classes {tls}/{src} to {Tls}/{Src} 647 to follow the naming conventions. 648 CONFIG: Add a third optional argument to local_lmtp to specify 649 the A= argument. 650 CONFIG: Remove the f flag from the default mailer flags of 651 local_lmtp. 652 CONFIG: New option confREQUIRES_DIR_FSYNC to turn off the compile 653 time flag REQUIRES_DIR_FSYNC at runtime. 654 CONFIG: New LOCAL_UUCP macro to insert rules into the generated 655 cf file at the same place where MAILER(`uucp') inserts 656 its rules. 657 CONFIG: New options confTO_QUEUERETURN_DSN and confTO_QUEUEWARN_DSN 658 to control queue return and warning times for delivery 659 status notifications. 660 CONFIG: New option confFALLBACK_SMARTHOST to define FallbackSmartHost. 661 CONFIG: Add the mc file which has been used to create the cf 662 file to the end of the cf file when using make in cf/cf/. 663 Patch from Richard Rognlie. 664 CONFIG: FEATURE(nodns) has been removed, it was a no-op since 8.9. 665 Use ServiceSwitchFile to turn off DNS lookups, see 666 doc/op/op.me. 667 CONFIG: New option confMILTER_MACROS_EOM (sendmail Milter.macros.eom 668 option) defines macros to be sent to milter applications for 669 use in the xxfi_eom() callback. 670 CONFIG: New option confCRL to specify file which contains 671 certificate revocations lists. 672 CONFIG: Add a new value (sendertoo) for the third argument to 673 FEATURE(`ldap_routing') which will reject the SMTP 674 MAIL From: command if the sender address doesn't exist 675 in LDAP. See cf/README for more information. 676 CONFIG: Add a fifth argument to FEATURE(`ldap_routing') which 677 instructs the rulesets on whether or not to do a domain 678 lookup if a full address lookup doesn't match. See cf/README 679 for more information. 680 CONFIG: Add a sixth argument to FEATURE(`ldap_routing') which 681 instructs the rulesets on whether or not to queue the mail 682 or give an SMTP temporary error if the LDAP server can't be 683 reached. See cf/README for more information. Based on 684 patch from Billy Ray Miller of Caterpillar. 685 CONFIG: Experimental support for MTAMark, see cf/README for details. 686 CONFIG: New option confMESSAGEID_HEADER to define a different 687 Message-Id: header format. Patch from Bastiaan Bakker 688 of LifeLine Networks. 689 CONTRIB: New version of cidrexpand which uses Net::CIDR. From 690 Derek J. Balling. 691 CONTRIB: oldbind.compat.c has been removed due to security problems. 692 Found by code inspection done by Reasoning, Inc. 693 DEVTOOLS: Add an example file for devtools/Site/, contributed 694 by Neil Rickert of Northern Illinois University. 695 LIBMILTER: Add new function smfi_quarantine() which allows the 696 filter's EOM routine to quarantine the current message. 697 Filters which use this function must include the 698 SMFIF_QUARANTINE flag in the registered smfiDesc structure. 699 LIBMILTER: If a milter sets the reply code to "421", the SMTP server 700 will terminate the SMTP session with that error. 701 LIBMILTER: Upon filter shutdown, libmilter will not remove a 702 named socket in the file system if it is running as root. 703 LIBMILTER: Add new function smfi_progress() which allows the filter 704 to notify the MTA that an EOM operation is still in progress, 705 resetting the timeout. 706 LIBMILTER: Add new function smfi_opensocket() which allows the filter 707 to attempt to establish the interface socket, and detect 708 failure to do so before calling smfi_main(). 709 LIBMILTER: Add new function smfi_setmlreply() which allows the 710 filter to return a multi-line SMTP reply. 711 LIBMILTER: Deal with more temporary errors in accept() by ignoring 712 them instead of stopping after too many occurred. 713 Suggested by James Carlson of Sun Microsystems. 714 LIBMILTER: Fix a descriptor leak in the sample program found in 715 docs/sample.html. Reported by Dmitry Adamushko. 716 LIBMILTER: The sample program also needs to use SMFIF_ADDRCPT. 717 Reported by Carl Byington of 510 Software Group. 718 LIBMILTER: Document smfi_stop() and smfi_setdbg(). Patches 719 from Bryan Costales. 720 LIBMILTER: New compile time option SM_CONF_POLL; define this if 721 poll(2) should be used instead of select(2). 722 LIBMILTER: New function smfi_insheader() and related protocol 723 amendments to support header insertion operations. 724 MAIL.LOCAL: Add support for hashed mail directories, see 725 mail.local/README. Contributed by Chris Adams of HiWAAY 726 Informations Services. 727 MAILSTATS: Display quarantine message counts. 728 MAKEMAP: Add new flag -D to specify the comment character to use 729 instead of '#'. 730 VACATION: Add new flag -j to auto-respond to messages regardless of 731 whether or not the recipient is listed in the To: or Cc: 732 headers. 733 VACATION: Add new flag -R to specify the envelope sender address 734 for the auto-response message. 735 New Files: 736 CACerts 737 cf/feature/conncontrol.m4 738 cf/feature/greet_pause.m4 739 cf/feature/mtamark.m4 740 cf/feature/ratecontrol.m4 741 cf/feature/use_client_ptr.m4 742 cf/ostype/unicos.m4 743 cf/ostype/unicosmk.m4 744 cf/ostype/unicosmp.m4 745 contrib/socketmapClient.pl 746 contrib/socketmapServer.pl 747 devtools/OS/Darwin.7.0 748 devtools/OS/UNICOS-mk 749 devtools/OS/UNICOS-mp 750 devtools/Site/site.config.m4.sample 751 include/sm/os/sm_os_unicos.h 752 include/sm/os/sm_os_unicosmk.h 753 include/sm/os/sm_os_unicosmp.h 754 libmilter/docs/smfi_insheader.html 755 libmilter/docs/smfi_progress.html 756 libmilter/docs/smfi_quarantine.html 757 libmilter/docs/smfi_setdbg.html 758 libmilter/docs/smfi_setmlreply.html 759 libmilter/docs/smfi_stop.html 760 sendmail/ratectrl.c 761 Deleted Files: 762 cf/feature/nodns.m4 763 contrib/oldbind.compat.c 764 devtools/OS/CRAYT3E.2.0.x 765 devtools/OS/CRAYTS.10.0.x 766 libsm/vsprintf.c 767 Renamed Files: 768 devtools/OS/Darwin.7.0 => devtools/OS/Darwin.7.x 769 7708.12.11/8.12.11 2004/01/18 771 Use QueueFileMode when opening qf files. This error was a 772 regression in 8.12.10. Problem detected and diagnosed 773 Lech Szychowski of the Polish Power Grid Company. 774 Properly count the number of queue runners in a work group and 775 make sure the total limit of MaxQueueChildren is not 776 exceeded. Based on patch from Takayuki Yoshizawa of 777 Techfirm, Inc. 778 Take care of systems that can generate time values where the 779 seconds can exceed the usual range of 0 to 59. 780 Problem noted by Randy Diffenderfer of EDS. 781 Avoid regeneration of identical queue identifiers by processes 782 whose process id is the same as that of the initial 783 sendmail process that was used to start the daemon. 784 Problem noted by Randy Diffenderfer of EDS. 785 When a milter invokes smfi_delrcpt() compare the supplied 786 recipient address also against the printable addresses 787 of the current list to deal with rewritten addresses. 788 Based on patch from Sean Hanson of The Asylum. 789 BadRcptThrottle now also works for addresses which return the 790 error mailer, e.g., virtusertable entries with the 791 right hand side error:. Patch from Per Hedeland. 792 Fix printing of 8 bit characters as octals in log messages. 793 Based on patch by Andrey J. Melnikoff. 794 Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit 795 text that has been introduced in 8.12.3. There are some 796 examples where the new code fails, but the old code works. 797 To get the 8.12.3-8.12.10 version, compile sendmail with 798 -DMIME7TO8_OLD=0. If you have an example of improper 799 7 to 8 bit conversion please send it to us. 800 Return normal error code for unknown SMTP commands instead of 801 the one specified by check_relay or a milter for a 802 connection. Problem noted by Andrzej Filip. 803 Some ident responses contain data after the terminating CRLF which 804 causes sendmail to log "POSSIBLE ATTACK...newline in string". 805 To avoid this everything after LF is ignored. 806 If the operating system supports O_EXLOCK and HASFLOCK is set 807 then a possible race condition for creating qf files 808 can be avoided. Note: the race condition does not 809 exist within sendmail, but between sendmail and an 810 external application that accesses qf files. 811 Log the proper options name for TLS related mising files for 812 the CACertPath, CACertFile, and DHParameters options. 813 Do not split an envelope if it will be discarded, otherwise df 814 files could be left behind. Problem found by Wolfgang 815 Breyha. 816 The use of the environment variables HOME and HOSTALIASES has been 817 deprecated and will be removed in version 8.13. This only 818 effects configuration which preserve those variable via the 819 'E' command in the cf file as sendmail clears out its entire 820 environment. 821 Portability: 822 Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther). 823 Solaris 10 has unsetenv(), patch from Craig Mohrman of 824 Sun Microsystems. 825 LIBMILTER: Add extra checks in case a broken MTA sends bogus data 826 to libmilter. Based on code review by Rob Grzywinski. 827 SMRSH: Properly assemble commands that contain '&&' or '||'. 828 Problem noted by Eric Lee of Talking Heads. 829 New Files: 830 devtools/OS/Darwin.7.0 831 8328.12.10/8.12.10 2003/09/24 (Released: 2003/09/17) 833 SECURITY: Fix a buffer overflow in address parsing. Problem 834 detected by Michal Zalewski, patch from Todd C. Miller 835 of Courtesan Consulting. 836 Fix a potential buffer overflow in ruleset parsing. This problem 837 is not exploitable in the default sendmail configuration; 838 only if non-standard rulesets recipient (2), final (4), or 839 mailer-specific envelope recipients rulesets are used then 840 a problem may occur. Problem noted by Timo Sirainen. 841 Accept 0 (and 0/0) as valid input for set MaxMimeHeaderLength. 842 Problem noted by Thomas Schulz. 843 Add several checks to avoid (theoretical) buffer over/underflows. 844 Properly count message size when performing 7->8 or 8->7 bit MIME 845 conversions. Problem noted by Werner Wiethege. 846 Properly compute message priority based on size of entire message, 847 not just header. Problem noted by Axel Holscher. 848 Reset SevenBitInput to its configured value between SMTP 849 transactions for broken clients which do not properly 850 announce 8 bit data. Problem noted by Stefan Roehrich. 851 Set {addr_type} during queue runs when processing recipients. 852 Based on patch from Arne Jansen. 853 Better error handling in case of (very unlikely) queue-id conflicts. 854 Perform better error recovery for address parsing, e.g., when 855 encountering a comment that is too long. Problem noted by 856 Tanel Kokk, Union Bank of Estonia. 857 Add ':' to the allowed character list for bogus HELO/EHLO 858 checking. It is used for IPv6 domain literals. Patch from 859 Iwaizako Takahiro of FreeBit Co., Ltd. 860 Reset SASL connection context after a failed authentication attempt. 861 Based on patch from Rob Siemborski of CMU. 862 Check Berkeley DB compile time version against run time version 863 to make sure they match. 864 Do not attempt AAAA (IPv6) DNS lookups if IPv6 is not enabled 865 in the kernel. 866 When a milter adds recipients and one of them causes an error, 867 do not ignore the other recipients. Problem noted by 868 Bart Duchesne. 869 CONFIG: Use specified SMTP error code in mailertable entries which 870 lack a DSN, i.e., "error:### Text". Problem noted by 871 Craig Hunt. 872 CONFIG: Call Local_trust_auth with the correct argument. Patch 873 from Jerome Borsboom. 874 CONTRIB: Better handling of temporary filenames for doublebounce.pl 875 and expn.pl to avoid file overwrites, etc. Patches from 876 Richard A. Nelson of Debian and Paul Szabo. 877 MAIL.LOCAL: Fix obscure race condition that could lead to an 878 improper mailbox truncation if close() fails after the 879 mailbox is fsync()'ed and a new message is delivered 880 after the close() and before the truncate(). 881 MAIL.LOCAL: If mail delivery fails, do not leave behind a 882 stale lockfile (which is ignored after the lock timeout). 883 Patch from Oleg Bulyzhin of Cronyx Plus LLC. 884 Portability: 885 Port for AIX 5.2. Thanks to Steve Hubert of University 886 of Washington for providing access to a computer 887 with AIX 5.2. 888 setreuid(2) works on OpenBSD 3.3. Patch from 889 Todd C. Miller of Courtesan Consulting. 890 Allow for custom definition of SMRSH_CMDDIR and SMRSH_PATH 891 on all operating systems. Patch from Robert Harker 892 of Harker Systems. 893 Use strerror(3) on Linux. If this causes a problem on 894 your Linux distribution, compile with 895 -DHASSTRERROR=0 and tell sendmail.org about it. 896 Added Files: 897 devtools/OS/AIX.5.2 898 8998.12.9/8.12.9 2003/03/29 900 SECURITY: Fix a buffer overflow in address parsing due to 901 a char to int conversion problem which is potentially 902 remotely exploitable. Problem found by Michal Zalewski. 903 Note: an MTA that is not patched might be vulnerable to 904 data that it receives from untrusted sources, which 905 includes DNS. 906 To provide partial protection to internal, unpatched sendmail MTAs, 907 8.12.9 changes by default (char)0xff to (char)0x7f in 908 headers etc. To turn off this conversion compile with 909 -DALLOW_255 or use the command line option -d82.101. 910 To provide partial protection for internal, unpatched MTAs that may be 911 performing 7->8 or 8->7 bit MIME conversions, the default 912 for MaxMimeHeaderLength has been changed to 2048/1024. 913 Note: this does have a performance impact, and it only 914 protects against frontal attacks from the outside. 915 To disable the checks and return to pre-8.12.9 defaults, 916 set MaxMimeHeaderLength to 0/0. 917 Do not complain about -ba when submitting mail. Problem noted 918 by Derek Wueppelmann. 919 Fix compilation with Berkeley DB 1.85 on systems that do not 920 have flock(2). Problem noted by Andy Harper of Kings 921 College London. 922 Properly initialize data structure for dns maps to avoid various 923 errors, e.g., looping processes. Problem noted by 924 Maurice Makaay of InterNLnet B.V. 925 CONFIG: Prevent multiple application of rule to add smart host. 926 Patch from Andrzej Filip. 927 CONFIG: Fix queue group declaration in MAILER(`usenet'). 928 CONTRIB: buildvirtuser: New option -t builds the virtusertable 929 text file instead of the database map. 930 Portability: 931 Revert wrong change made in 8.12.7 and actually use the 932 builtin getopt() version in sendmail on Linux. 933 This can be overridden by using -DSM_CONF_GETOPT=0 934 in which case the OS supplied version will be used. 935 9368.12.8/8.12.8 2003/02/11 937 SECURITY: Fix a remote buffer overflow in header parsing by 938 dropping sender and recipient header comments if the 939 comments are too long. Problem noted by Mark Dowd 940 of ISS X-Force. 941 Fix a potential non-exploitable buffer overflow in parsing the 942 .cf queue settings and potential buffer underflow in 943 parsing ident responses. Problem noted by Yichen Xie of 944 Stanford University Compilation Group. 945 Fix ETRN #queuegroup command: actually start a queue run for 946 the selected queue group. Problem noted by Jos Vos. 947 If MaxMimeHeaderLength is set and a malformed MIME header is fixed, 948 log the fixup as "Fixed MIME header" instead of "Truncated 949 MIME header". Problem noted by Ian J Hart. 950 CONFIG: Fix regression bug in proto.m4 that caused a bogus 951 error message: "FEATURE() should be before MAILER()". 952 MAIL.LOCAL: Be more explicit in some error cases, i.e., whether 953 a mailbox has more than one link or whether it is not 954 a regular file. Patch from John Beck of Sun Microsystems. 955 9568.12.7/8.12.7 2002/12/29 957 Properly clean up macros to avoid persistence of session data 958 across various connections. This could cause session 959 oriented restrictions, e.g., STARTTLS requirements, 960 to erroneously allow a connection. Problem noted 961 by Tim Maletic of Priority Health. 962 Do not lookup MX records when sorting the MSP queue. The MSP 963 only needs to relay all mail to the MTA. Problem found 964 by Gary Mills of the University of Manitoba. 965 Do not restrict the length of connection information to 100 966 characters in some logging statements. Problem noted by 967 Erik Parker. 968 When converting an enhanced status code to an exit status, use 969 EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5 970 is used. 971 Reset macro $x when receiving another MAIL command. Problem 972 noted by Vlado Potisk of Wigro s.r.o. 973 Don't bother setting the permissions on the build area statistics 974 file, the proper permissions will be put on the file at 975 install time. This fixes installation over NFS for some 976 users. Problem noted by Martin J. Dellwo of 3-Dimensional 977 Pharmaceuticals, Inc. 978 Fix problem of decoding SASLv2 encrypted data. Problem noted by 979 Alex Deiter of Mobile TeleSystems, Komi Republic. 980 Log milter socket open errors at MilterLogLevel 1 or higher instead 981 of 11 or higher. 982 Print early system errors to the console instead of silently 983 exiting. Problem noted by James Jong of IBM. 984 Do not process a queue group if Runners is set to 0, regardless 985 of whether F=f or sendmail is run in verbose mode (-v). 986 The use of -qGname will still force queue group "name" 987 to be run even if Runners=0. 988 Change the level for logging the fact that a daemon is refusing 989 connections due to high load from LOG_INFO to LOG_NOTICE. 990 Patch from John Beck of Sun Microsystems. 991 Use location information for submit.cf from NetInfo 992 (/locations/sendmail/submit.cf) if available. 993 Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by 994 Neil Rickert of Northern Illinois University. 995 Make behavior of /canon in debug mode consistent with usage in 996 rulesets. Patch from Shigeno Kazutaka of IIJ. 997 Fix a potential memory leak in envelope splitting. Problem noted 998 by John Majikes of IBM. 999 Do not try to share an mailbox database LDAP connection across 1000 different processes. Problem noted by Randy Kunkee. 1001 Fix logging for undelivered recipients when the SMTP connection 1002 times out during message collection. Problem noted by Neil 1003 Rickert of Northern Illinois University. 1004 Avoid problems with QueueSortOrder=random due to problems with 1005 qsort() on Solaris (and maybe some other operating systems). 1006 Problem noted by Stephan Schulz of Gruner+Jahr.. 1007 If -f "" is specified, set the sender address to "<>". Problem 1008 noted by Matthias Andree. 1009 Fix formatting problem of footnotes for plain text output on some 1010 versions of tmac. Patch from Per Hedeland. 1011 Portability: 1012 Berkeley DB 4.1 support (requires at least 4.1.25). 1013 Some getopt(3) implementations in GNU/Linux are broken 1014 and pass a NULL pointer to an option which requires 1015 an argument, hence the builtin version of 1016 sendmail is used instead. This can be overridden 1017 by using -DSM_CONF_GETOPT=0. Problem noted by 1018 Vlado Potisk of Wigro s.r.o. 1019 Support for nph-1.2.0 from Mark D. Roth of the University 1020 of Illinois at Urbana-Champaign. 1021 Support for FreeBSD 5.0's MAC labeling from Robert Watson 1022 of the TrustedBSD Project. 1023 Support for reading the number of processors on an IRIX 1024 system from Michel Bourget of SGI. 1025 Support for UnixWare 7.1 based on input from Larry Rosenman. 1026 Interix support from Nedelcho Stanev of Atlantic Sky 1027 Corporation. 1028 Update Mac OS X/Darwin portability from Wilfredo Sanchez. 1029 CONFIG: Enforce tls_client restrictions even if delay_checks 1030 is used. Problem noted by Malte Starostik. 1031 CONFIG: Deal with an empty hostname created via bogus 1032 DNS entries to get around access restrictions. 1033 Problem noted by Kai Schlichting. 1034 CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default 1035 to avoid problems with hostname resolution for localhost 1036 which on many systems does not resolve to 127.0.0.1 (or 1037 ::1 for IPv6). If you do not use IPv4 but only IPv6 then 1038 you need to change submit.mc accordingly, see the comment 1039 in the file itself. 1040 CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid 1041 error messages from initgroups(3) on AIX 4.3 when sending 1042 mail to non-existing users. Problem noted by Mark Roth of 1043 the University of Illinois at Urbana-Champaign. 1044 CONFIG: Allow local_procmail to override local_lmtp settings. 1045 CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to 1046 relay. 1047 CONTRIB: cidrexpand: Deal with the prefix tags that may be included 1048 in access_db. 1049 CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell. 1050 LIBMILTER: On Solaris libmilter may get into an endless loop if 1051 an error in the communication from/to the MTA occurs. 1052 Patch from Gurusamy Sarathy of Active State. 1053 LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64. 1054 Patch from from Jose Marcio Martins da Cruz of Ecole 1055 Nationale Superieure des Mines de Paris. 1056 MAIL.LOCAL: Fix a truncation race condition if the close() on 1057 the mailbox fails. Problem noted by Tomoko Fukuzawa of 1058 Sun Microsystems. 1059 MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3) 1060 fails. Patch from John Beck of Sun Microsystems. 1061 SMRSH: SECURITY: Only allow regular files or symbolic links to be 1062 used for a command. Problem noted by David Endler of 1063 iDEFENSE, Inc. 1064 New Files: 1065 devtools/OS/Interix 1066 include/sm/bdb.h 1067 10688.12.6/8.12.6 2002/08/26 1069 Do not add the FallbackMXhost (or its MX records) to the list 1070 returned by the bestmx map when -z is used as option. 1071 Otherwise sendmail may act as an open relay if FallbackMXhost 1072 and FEATURE(`relay_based_on_MX') are used together. 1073 Problem noted by Alexander Ignatyev. 1074 Properly split owner- mailing list messages when SuperSafe is set 1075 to interactive. Problem noted by Todd C. Miller of 1076 Courtesan Consulting. 1077 Make sure that an envelope is queued in the selected queue group 1078 even if some recipients are deleted or invalid. Problem 1079 found by Chris Adams of HiWAAY Informations Services. 1080 Do not send a bounce message if a message is completely collected 1081 from the SMTP client. Problem noted by Kari Hurtta of the 1082 Finnish Meteorological Institute. 1083 Provide an 'install-submit-st' target for sendmail/Makefile to 1084 install the MSP statistics file using the file named in the 1085 confMSP_STFILE devtools variable. Requested by Jeff 1086 Earickson of Colby College. 1087 Queue up mail with a temporary error if setusercontext() fails 1088 during a delivery attempt. Patch from Todd C. Miller of 1089 Courtesan Consulting. 1090 Fix handling of base64 encoded client authentication data for 1091 SMTP AUTH. Patch from Elena Slobodnik of life medien GmbH. 1092 Set the OpenLDAP option LDAP_OPT_RESTART so the client libraries 1093 restart interrupted system calls. Problem noted by Luiz 1094 Henrique Duma of BSIOne. 1095 Prevent a segmentation fault if a program passed a NULL envp using 1096 execve(). 1097 Document a problem with the counting of queue runners that may 1098 cause delays if MaxQueueChildren is set too low. Problem 1099 noted by Ian Duplisse of Cable Television Laboratories, Inc. 1100 If discarding a message based on a recipient, don't try to look up 1101 the recipient in the mailbox database if F=w is set. This 1102 allows users to discard bogus recipients when dealing with 1103 spammers without tipping them off. Problem noted by Neil 1104 Rickert of Northern Illinois University. 1105 If applying a header check to a header with unstructured data, 1106 e.g., Subject:, then do not run syntax checks that are 1107 supposed for addresses on the header content. 1108 Count messages rejected/discarded via the check_data ruleset. 1109 Portability: 1110 Fix compilation on systems which do not allow simple 1111 copying of the variable argument va_list. Based on 1112 fix from Scott Walters. 1113 Fix NSD map open bug. From Michel Bourget of SGI. 1114 Add some additional IRIX shells to the default shell 1115 list. From Michel Bourget of SGI. 1116 Fix compilation issues on Mac OS X 10.2 (Darwin 6.0). 1117 NETISO support has been dropped. 1118 CONFIG: There was a seemingly minor change in 8.12.4 with respect 1119 to handling entries of IP nets/addresses with RHS REJECT. 1120 These would be rejected in check_rcpt instead of only 1121 being activated in check_relay. This change has been made to 1122 avoid potential bogus temporary rejection of relay attempts 1123 "450 4.7.1 Relaying temporarily denied. Cannot resolve PTR 1124 record for ..." if delay_checks is enabled. However, this 1125 modification causes a change of behavior if an IP net/address 1126 is listed in the access map with REJECT and a host/domain 1127 name is listed with OK or RELAY, hence it has been reversed 1128 such that the behavior of 8.12.3 is restored. The original 1129 change was made on request of Neil Rickert of Northern 1130 Illinois University, the side effect has been found by 1131 Stefaan Van Hoornick. 1132 CONFIG: Make sure delay_checks works even for sender addresses 1133 using the local hostname ($j) or domains in class {P}. 1134 Based on patch from Neil Rickert of Northern Illinois 1135 University. 1136 CONFIG: Fix temporary error handling for LDAP Routing lookups. 1137 Fix from Andrzej Filip. 1138 CONTRIB: New version of etrn.pl script and external man page 1139 (etrn.0) from John Beck of Sun Microsystems. 1140 LIBMILTER: Protect a free(3) operation from being called with a 1141 NULL pointer. Problem noted by Andrey J. Melnikoff. 1142 LIBMILTER: Protect against more interrupted select() calls. Based 1143 on patch from Jose Marcio Martins da Cruz of Ecole Nationale 1144 Superieure des Mines de Paris. 1145 New Files: 1146 contrib/etrn.0 1147 11488.12.5/8.12.5 2002/06/25 1149 SECURITY: The DNS map can cause a buffer overflow if the user 1150 specifies a dns map using TXT records in the configuration 1151 file and a rogue DNS server is queried. None of the 1152 sendmail supplied configuration files use this option hence 1153 they are not vulnerable. Problem noted independently by 1154 Joost Pol of PINE Internet and Anton Rang of Sun Microsystems. 1155 Unprintable characters in responses from DNS servers for the DNS 1156 map type are changed to 'X' to avoid potential problems 1157 with rogue DNS servers. 1158 Require a suboption when setting the Milter option. Problem noted 1159 by Bryan Costales. 1160 Do not silently overwrite command line settings for 1161 DirectSubmissionModifiers. Problem noted by Bryan 1162 Costales. 1163 Prevent a segmentation fault when clearing the event list by 1164 turning off alarms before checking if event list is 1165 empty. Problem noted by Allan E Johannesen of Worcester 1166 Polytechnic Institute. 1167 Close a potential race condition in transitioning a memory buffered 1168 file onto disk. From Janani Devarajan of Sun Microsystems. 1169 Portability: 1170 Include paths.h on Linux systems running glibc 2.0 or later 1171 to get the definition for _PATH_SENDMAIL, used by 1172 rmail and vacation. Problem noted by Kevin 1173 A. McGrail of Peregrine Hardware. 1174 NOTE: Linux appears to have broken flock() again. Unless 1175 the bug is fixed before sendmail 8.13 is shipped, 1176 8.13 will change the default locking method to 1177 fcntl() for Linux kernel 2.4 and later. You may 1178 want to do this in 8.12 by compiling with 1179 -DHASFLOCK=0. Be sure to update other sendmail 1180 related programs to match locking techniques. 1181 11828.12.4/8.12.4 2002/06/03 1183 SECURITY: Inherent limitations in the UNIX file locking model 1184 can leave systems open to a local denial of service 1185 attack. Be sure to read the "FILE AND MAP PERMISSIONS" 1186 section of the top level README for more information. 1187 Problem noted by lumpy. 1188 Use TempFileMode (defaults to 0600) for the permissions of PidFile 1189 instead of 0644. 1190 Change the default file permissions for new alias database files 1191 from 0644 to 0640. This can be overridden at compile time 1192 by setting the DBMMODE macro. 1193 Fix a potential core dump problem if the environment variable 1194 NAME is set. Problem noted by Beth A. Chaney of 1195 Purdue University. 1196 Expand macros before passing them to libmilter. Problem noted 1197 by Jose Marcio Martins da Cruz of Ecole Nationale 1198 Superieure des Mines de Paris. 1199 Rewind the df (message body) before truncating it when libmilter 1200 replaces the body of a message. Problem noted by Gisle Aas 1201 of Active State. 1202 Change SMTP reply code for AUTH failure from 500 to 535 and the 1203 initial zero-length response to "=" per RFC 2554. Patches 1204 from Kenneth Murchison of Oceana Matrix Ltd. 1205 Do not try to fix broken message/rfc822 MIME attachments by 1206 inserting a MIME-Version: header when MaxMimeHeaderLength 1207 is set and no 8 to 7 bit conversion is needed. Based on 1208 patch from Rehor Petr of ICZ (Czech Republic). 1209 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" if the connection 1210 is rejected anyway. Noted by Chris Loelke. 1211 Mention the submission mail queue in the mailq man page. Requested 1212 by Bill Fenner of AT&T. 1213 Set ${msg_size} macro when reading a message from the command line 1214 or the queue. 1215 Detach from shared memory before dropping privileges back to 1216 user who started sendmail. 1217 If AllowBogusHELO is set to false (default) then also complain if 1218 the argument to HELO/EHLO contains white space. Suggested 1219 by Seva Gluschenko of Cronyx Plus. 1220 Allow symbolicly linked forward files in writable directory paths 1221 if both ForwardFileInUnsafeDirPath and 1222 LinkedForwardFileInWritableDir DontBlameSendmail options 1223 are set. Problem noted by Werner Spirk of 1224 Leibniz-Rechenzentrum Munich. 1225 Portability: 1226 Operating systems that lack the ftruncate() call will not 1227 be able to use Milter's body replacement feature. 1228 This only affects Altos, Maxion, and MPE/iX. 1229 Digital UNIX 5.0 has changed flock() semantics to be 1230 non-compliant. Problem noted by Martin Mokrejs of 1231 Charles University in Prague. 1232 The sparc64 port of FreeBSD 5.0 now supports shared 1233 memory. 1234 CONFIG: FEATURE(`preserve_luser_host') needs the macro map. 1235 Problem noted by Andrzej Filip. 1236 CONFIG: Using 'local:' as a mailertable value with 1237 FEATURE(`preserve_luser_host') and LUSER_RELAY caused mail 1238 to be misaddressed. Problem noted by Andrzej Filip. 1239 CONFIG: Provide a workaround for DNS based rejection lists that 1240 fail for AAAA queries. Problem noted by Chris Boyd. 1241 CONFIG: Accept the machine's hostname as resolvable when checking 1242 the sender address. This allows locally submitted mail to 1243 be accepted if the machine isn't connected to a nameserver 1244 and doesn't have an /etc/hosts entry for itself. Problem 1245 noted by Robert Watson of the TrustedBSD Project. 1246 CONFIG: Use deferred expansion for checking the ${deliveryMode} 1247 macro in case the SMTP VERB command is used. Problem 1248 noted by Bryan Costales. 1249 CONFIG: Avoid a duplicate '@domain' virtusertable lookup if no 1250 matches are found. Fix from Andrzej Filip. 1251 CONFIG: Fix wording in default dnsbl rejection message. Suggested 1252 by Lou Katz of Metron Computerware, Ltd. 1253 CONFIG: Add mailer cyrusv2 for Cyrus V2. Contributed by 1254 Kenneth Murchison of Oceana Matrix Ltd. 1255 CONTRIB: Fix wording in default dnsblaccess rejection message to 1256 match dnsbl change. 1257 DEVTOOLS: Add new option for access mode of statistics file, 1258 confSTMODE, which specifies the permissions when initially 1259 installing the sendmail statistics file. 1260 LIBMILTER: Mark the listening socket as close-on-exec in case 1261 a user's filter starts other applications. 1262 LIBSM: Allow the MBDB initialize, lookup, and/or terminate 1263 functions in SmMbdbTypes to be set to NULL. 1264 MAKEMAP: Change the default file permissions for new databases from 1265 0644 to 0640. This can be overridden at compile time 1266 by setting the DBMMODE macro. 1267 SMRSH: Fix man page bug: replace SMRSH_CMDBIN with SMRSH_CMDDIR. 1268 Problem noted by Dave Alden of Ohio State University. 1269 VACATION: When listing the vacation database (-l), don't show 1270 bogus timestamps for excluded (-x) addresses. Problem 1271 noted by Bryan Costales. 1272 New Files: 1273 cf/mailer/cyrusv2.m4 1274 12758.12.3/8.12.3 2002/04/05 1276 NOTICE: In general queue files should not be moved if queue groups 1277 are used. In previous versions this could cause mail 1278 not to be delivered if a queue file is repeatedly moved 1279 by an external process whenever sendmail moved it back 1280 into the right place. Some precautions have been taken 1281 to avoid moving queue files if not really necessary. 1282 sendmail may use links to refer to queue files and it 1283 may store the path of data files in queue files. Hence 1284 queue files should not be moved unless those internals 1285 are understood and the integrity of the files is not 1286 compromised. Problem noted by Anne Bennett of Concordia 1287 University. 1288 If an error mail is created, and the mail is split across different 1289 queue directories, and SuperSafe is off, then write the mail 1290 to disk before splitting it, otherwise an assertion is 1291 triggered. Problem tracked down by Henning Schmiedehausen 1292 of INTERMETA. 1293 Fix possible race condition that could cause sendmail to forget 1294 running queues. Problem noted by Jeff Wasilko of smoe.org. 1295 Handle bogus qf files better without triggering assertions. 1296 Problem noted by Guy Feltin. 1297 Protect against interrupted select() call when enforcing Milter 1298 read and write timeouts. Patch from Gurusamy Sarathy of 1299 ActiveState. 1300 Matching queue IDs with -qI should be case sensitive. Problem 1301 noted by Anne Bennett of Concordia University. 1302 If privileges have been dropped, don't try to change group ID to 1303 the RunAsUser group. Problem noted by Neil Rickert of 1304 Northern Illinois University. 1305 Fix SafeFileEnvironment path munging when the specified path 1306 contains a trailing slash. Based on patch from Dirk Meyer 1307 of Dinoex. 1308 Do not limit sendmail command line length to SM_ARG_MAX (usually 1309 4096). Problem noted by Allan E Johannesen of Worcester 1310 Polytechnic Institute. 1311 Clear full name of sender for each new envelope to avoid bogus data 1312 if several mails are sent in one session and some of them 1313 do not have a From: header. Problem noted by Bas Haakman. 1314 Change timeout check such that cached information about a connection 1315 will be immediately invalid if ConnectionCacheTimeout is zero. 1316 Based on patch from David Burns of Portland State University. 1317 Properly count message size for mailstats during mail collection. 1318 Problem noted by Werner Wiethege. 1319 Log complete response from LMTP delivery agent on failure. Based on 1320 patch from by Motonori Nakamura of Kyoto University. 1321 Provide workaround for getopt() implementations that do not catch 1322 missing arguments. 1323 Fix the message size calculation if the message body is replaced by 1324 a milter filter and buffered file I/O is being used. 1325 Problem noted by Sergey Akhapkin of Dr.Web. 1326 Do not honor SIGUSR1 requests if running with extra privileges. 1327 Problem noted by Werner Wiethege. 1328 Prevent a file descriptor leak on mail delivery if the initial 1329 connect fails and DialDelay is set. Patch from Servaas 1330 Vandenberghe of Katholieke Universiteit Leuven. 1331 Properly deal with a case where sendmail is called by root running 1332 a set-user-ID (non-root) program. Problem noted by Jon 1333 Lusky of ISS Atlanta. 1334 Avoid leaving behind stray transcript (xf) files if multiple queue 1335 directories are used and mail is sent to a mailing list 1336 which has an owner- alias. Problem noted by Anne Bennett 1337 of Concordia University. 1338 Fix class map parsing code if optional key is specified. Problem 1339 found by Mario Nigrovic. 1340 The SMTP daemon no longer tries to fix up improperly dot-stuffed 1341 incoming messages. A leading dot is always stripped by the 1342 SMTP receiver regardless of whether or not it is followed by 1343 another dot. Problem noted by Jordan Ritter of darkridge.com. 1344 Fix corruption when doing automatic MIME 7-bit quoted-printable or 1345 base64 encoding to 8-bit text. Problem noted by Mark 1346 Elvers. 1347 Correct the statistics gathered for total number of connections. 1348 Instead of being the exact same number as the total number 1349 of messages (T line in mailstats) it now represents the 1350 total number of TCP connections. 1351 Be more explicit about syntax errors in addresses, especially 1352 non-ASCII characters, and properly create DSNs if necessary. 1353 Problem noted by Leena Heino of the University of Tampere. 1354 Prevent small timeouts from being lost on slow machines if itimers 1355 are used. Problem noted by Suresh Ramasubramanian. 1356 Prevent a race condition on child cleanup for delivery to files. 1357 Problem noted by Fletcher Mattox of the University of 1358 Texas. 1359 Change the SMTP error code for temporary map failures from 421 1360 to 451. 1361 Do not assume that realloc(NULL, size) works on all OS (this was 1362 only done in one place: queue group creation). Based on 1363 patch by Bryan Costales. 1364 Initialize Timeout.iconnect in the code to prevent randomly short 1365 timeouts. Problem noted by Bradley Watts of AT&T Canada. 1366 Do not try to send a second SMTP QUIT command if the remote 1367 responds to a MAIL command with a 421 reply or on I/O 1368 errors. By doing so, the host was marked as having a 1369 temporary problem and other mail destined for that host was 1370 queued for the next queue run. Problem noted by Fletcher 1371 Mattox of the University of Texas, Allan E Johannesen of 1372 Worcester Polytechnic Institute, Larry Greenfield of CMU, 1373 and Neil Rickert of Northern Illinois University. 1374 Ignore error replies from the SMTP QUIT command (including servers 1375 which drop the connection instead of responding to the 1376 command). 1377 Portability: 1378 Check LDAP_API_VERSION to determine if ldap_memfree() is 1379 available. 1380 Define HPUX10 when building on HP-UX 10.X. That platform 1381 now gets the proper _PATH_SENDMAIL and SMRSH_CMDDIR 1382 settings. Patch from Elias Halldor Agustsson of 1383 Skyrr. 1384 Fix dependency building on Mac OS X and Darwin. Problem 1385 noted by John Beck. 1386 Preliminary support for the sparc64 port of FreeBSD 5.0. 1387 Add /sbin/sh as an acceptable user shell on HP-UX. From 1388 Rajesh Somasund of Hewlett-Packard. 1389 CONFIG: Add FEATURE(`authinfo') to allow a separate database for 1390 SMTP AUTH information. This feature was actually added in 1391 8.12.0 but a release note was not included. 1392 CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce 1393 parameter is set and the LDAP lookup returns a temporary 1394 error. 1395 CONFIG: Honor FEATURE(`relay_hosts_only') when using 1396 FEATURE(`relay_mail_from', `domain'). Problem noted by 1397 Krzysztof Oledzki. 1398 CONFIG: FEATURE(`msp') now disables any type of alias 1399 initialization as aliases are not needed for the MSP. 1400 CONFIG: Allow users to override RELAY_MAILER_ARGS when FEATURE(`msp') 1401 is in use. Patch from Andrzej Filip. 1402 CONFIG: FEATURE(`msp') uses `[localhost]' as default instead of 1403 `localhost' and turns on MX lookups for the SMTP mailers. 1404 This will only have an effect if a parameter is specified, 1405 i.e., an MX lookup will be performed on the hostname unless 1406 it is embedded in square brackets. Problem noted by 1407 Theo Van Dinter of Collective Technologies. 1408 CONFIG: Set confTIME_ZONE to USE_TZ in submit.mc (TimeZoneSpec= in 1409 submit.cf) to use $TZ for time stamps. This is a compromise 1410 to allow for the proper time zone on systems where the 1411 default results in misleading time stamps. That is, syslog 1412 time stamps and Date headers on submitted mail will use the 1413 user's $TZ setting. Problem noted by Mark Roth of the 1414 University of Illinois at Urbana-Champaign, solution proposed 1415 by Neil Rickert of Northern Illinois University. 1416 CONFIG: Mac OS X (Darwin) ships with mail.local as non-set-user-ID 1417 binary. Adjust local mailer flags accordingly. Problem 1418 noted by John Beck. 1419 CONTRIB: Add a warning to qtool.pl to not move queue files around 1420 if queue groups are used. 1421 CONTRIB: buildvirtuser: Add -f option to force rebuild. 1422 CONTRIB: smcontrol.pl: Add -f option to specify control socket. 1423 CONTRIB: smcontrol.pl: Add support for 'memdump' command. 1424 Suggested by Bryan Costales. 1425 DEVTOOLS: Add dependency generation for test programs. 1426 LIBMILTER: Remove conversion of port number for the socket 1427 structure that is passed to xxfi_connect(). Notice: 1428 this fix requires that sendmail and libmilter both have 1429 this change; mixing versions may lead to wrong port 1430 values depending on the endianness of the involved systems. 1431 Problem noted by Gisle Aas of ActiveState. 1432 LIBMILTER: If smfi_setreply() sets a custom reply code of '4XX' but 1433 SMFI_REJECT is returned, ignore the custom reply. Do the 1434 same if '5XX' is used and SMFI_TEMPFAIL is returned. 1435 LIBMILTER: Install include files in ${INCLUDEDIR}/libmilter/ as 1436 required by mfapi.h. Problem noted by Jose Marcio Martins 1437 da Cruz of Ecole Nationale Superieure des Mines de Paris. 1438 LIBSM: Add SM_CONF_LDAP_MEMFREE as a configuration define. Set 1439 this to 1 if your LDAP client libraries include 1440 ldap_memfree(). 1441 LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X 1442 and NDBM on systems with the O_EXLOCK open(2) flag. 1443 SMRSH: Fix compilation problem on some operating systems. Problem 1444 noted by Christian Krackowizer of schuler technodat GmbH. 1445 VACATION: Allow root to operate on user vacation databases. Based 1446 on patch from Greg Couch of the University of California, 1447 San Francisco. 1448 VACATION: Don't ignore -C option. Based on patch by Bryan Costales. 1449 VACATION: Clarify option usage in the man page. Problem noted by 1450 Joe Barbish. 1451 New Files: 1452 libmilter/docs/smfi_setbacklog.html 1453 14548.12.2/8.12.2 2002/01/13 1455 Don't complain too much if stdin, stdout, or stderr are missing 1456 at startup, only log an error message. 1457 Fix potential problem if an unknown operation mode (character 1458 following -b) has been specified. 1459 Prevent purgestat from looping even if someone changes the 1460 permissions or owner of hoststatus files. Problem noted 1461 by Kari Hurtta of the Finnish Meteorological Institute. 1462 Properly record dropped connections in persistent host status. 1463 Problem noted by Ulrich Windl of the Universitat 1464 Regensburg. 1465 Remove newlines from recipients read via sendmail -t to prevent 1466 SMTP protocol errors when sending the RCPT command. 1467 Problem noted by William D. Colburn of the New Mexico 1468 Institute of Mining and Technology. 1469 Only log milter body replacements once instead of for each body 1470 chunk sent by a filter. Problem noted by Kari Hurtta of 1471 the Finnish Meteorological Institute. 1472 In 8.12.0 and 8.12.1, the headers were mistakenly not included in 1473 the message size calculation. Problem noted by Kari Hurtta 1474 of the Finnish Meteorological Institute. 1475 Since 8.12 no longer forks at the SMTP MAIL command, the daemon 1476 needs to collect children status to avoid zombie processes. 1477 Problem noted by Chris Adams of HiWAAY Informations Services. 1478 Shut down "nullserver" and ETRN-only connections after 25 bad 1479 commands are issued. This makes it consistent with normal 1480 SMTP connections. 1481 Avoid duplicate logging of milter rejections. Problem noted by 1482 William D. Colburn of the New Mexico Institute of Mining 1483 and Technology. 1484 Error and delay DSNs were being sent to postmaster instead of the 1485 message sender if the sender had used a deprecated RFC822 1486 source route. Problem noted by Kari Hurtta of the Finnish 1487 Meteorological Institute. 1488 Fix FallbackMXhost behavior for temporary errors during address 1489 parsing. Problem noted by Jorg Bielak from Coastal Web 1490 Online. 1491 For systems on which stat(2) does not return a value for st_blksize 1492 that is the "optimal blocksize for I/O" three new compile 1493 time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF, 1494 and SM_IO_MAX_BUF, which define an upper limit for 1495 regular files, and a lower and upper limit for other file 1496 types, respectively. 1497 Fix a potential deadlock if two events are supposed to occur at 1498 exactly the same time. Problem noted by Valdis Kletnieks 1499 of Virginia Tech. 1500 Perform envelope splitting for aliases listed directly in the 1501 alias file, not just for include/.forward files. 1502 Problem noted by John Beck of Sun Microsystems. 1503 Allow selection of queue group for mailq using -qGgroup. 1504 Based on patch by John Beck of Sun Microsystems. 1505 Make sure cached LDAP connections used my multiple maps in the same 1506 process are closed. Patch from Taso N. Devetzis. 1507 If running as root, allow reading of class files in protected 1508 directories. Patch from Alexander Talos of the University 1509 of Vienna. 1510 Correct a few LDAP related memory leaks. Patch from David Powell 1511 of Sun Microsystems. 1512 Allow specification of an empty realm via the authinfo ruleset. 1513 This is necessary to interoperate as an SMTP AUTH client 1514 with servers that do not support realms when using 1515 CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin. 1516 Avoid a potential information leak if AUTH PLAIN is used and the 1517 server gets stuck while processing that command. Problem 1518 noted by Chris Adams from HiWAAY Informations Services. 1519 In addition to printing errors when parsing recipients during 1520 command line invocations log them to make it simpler 1521 to understand possible DSNs to postmaster. 1522 Do not use FallbackMXhost on mailers which have the F=0 flag set. 1523 Allow local mailers (F=l) to specify a host for TCP connections 1524 instead of forcing localhost. 1525 Obey ${DESTDIR} for installation of the client mail queue and 1526 submit.cf. Patch from Peter 'Luna' Runestig. 1527 Re-enable support for -M option which was broken in 8.12.1. Problem 1528 noted by Neil Rickert of Northern Illinois University. 1529 If a remote server violates the SMTP standard by unexpectedly 1530 dropping the connection during an SMTP transaction, stop 1531 sending commands. This prevents bogus "Bad file number" 1532 recipient status. Problem noted by Allan E Johannesen of 1533 Worcester Polytechnic Institute. 1534 Do not use a size estimate of 100 for postmaster bounces, it's 1535 almost always too small; do not guess the size at all. 1536 New VENDOR_DEC for Compaq/DEC. Requested by James Seagraves of 1537 Compaq Computer Corp. 1538 Fix DaemonPortOptions IPv6 address parsing such that ::1 works 1539 properly. Problem noted by Valdis Kletnieks of Virginia 1540 Tech. 1541 Portability: 1542 Fix IPv6 network interface probing on HP-UX 11.X. Based on 1543 patch provided by HP. 1544 Mac OS X (aka Darwin) has a broken setreuid() call, but a 1545 working seteuid() call. From Daniel J. Luke. 1546 Use proper type for a 32-bit integer on SINIX. From Ganu 1547 Sachin of Siemens. 1548 Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX. 1549 Reduce optimization from +O3 to +O2 on HP-UX 11. This 1550 fixes a problem that caused additional bogus 1551 characters to be written to the qf file. Problem 1552 noted by Tapani Tarvainen. 1553 Set LDA_USE_LOCKF by default for UnixWare. Problem noted 1554 by Boyd Lynn Gerber. 1555 Add support for HP MPE/iX. See sendmail/README for port 1556 information. From Mark Bixby of Hewlett-Packard. 1557 New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON, 1558 USE_DOUBLE_FORK, and NEEDLINK. See sendmail/README 1559 for more information. From Mark Bixby of 1560 Hewlett-Packard. 1561 If an OS doesn't have a method of finding free disk space 1562 (SFS_NONE), lie and say there is plenty of space. 1563 From Mark Bixby of Hewlett-Packard. 1564 Add support for AIX 5.1. From Valdis Kletnieks of 1565 Virginia Tech. 1566 Fix man page location for NeXTSTEP. From Hisanori Gogota 1567 of the NTT/InterCommunication Center. 1568 Do not assume that strerror() always returns a string. 1569 Problem noted by John Beck of Sun Microsystems. 1570 CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed 1571 UUCP from the base operating system. From Mark Murray of 1572 FreeBSD Services, Ltd. 1573 CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX 1574 systems. From Mark Bixby of Hewlett-Packard. 1575 CONFIG: Add support for selecting a queue group for all mailers. 1576 Based on proposal by Stephen L. Ulmer of the University of 1577 Florida. 1578 CONFIG: Fix error reporting for compat_check.m4. Problem noted by 1579 Altin Waldmann. 1580 CONFIG: Do not override user selections for confRUN_AS_USER and 1581 confTRUSTED_USER in FEATURE(msp). From Mark Bixby of 1582 Hewlett-Packard. 1583 LIBMILTER: Fix bug that prevented the removal of a socket after 1584 libmilter terminated. Problem reported by Andrey V. Pevnev 1585 of MSFU. 1586 LIBMILTER: Fix configuration error that required libsm for linking. 1587 Problem noted by Kari Hurtta of the Finnish Meteorological 1588 Institute. 1589 LIBMILTER: Portability fix for OpenUNIX. Patch from Larry Rosenman. 1590 LIBMILTER: Fix a theoretical memory leak and a possible attempt 1591 to free memory twice. 1592 LIBSM: Fix a potential segmentation violation in the I/O library. 1593 Problem found and analyzed by John Beck and Tim Haley 1594 of Sun Microsystems. 1595 LIBSM: Do not clear the LDAP configuration information when 1596 terminating the mailbox database connection in the LDAP 1597 example code. Problem noted by Nikos Voutsinas of the 1598 University of Athens. 1599 New Files: 1600 cf/cf/generic-mpeix.cf 1601 cf/cf/generic-mpeix.mc 1602 cf/ostype/freebsd5.m4 1603 cf/ostype/mpeix.m4 1604 devtools/OS/AIX.5.1 1605 devtools/OS/MPE-iX 1606 include/sm/os/sm_os_mpeix.h 1607 libsm/mpeix.c 1608 16098.12.1/8.12.1 2001/10/01 1610 SECURITY: Check whether dropping group privileges actually succeeded 1611 to avoid possible compromises of the mail system by 1612 supplying bogus data. Add configuration options for 1613 different set*gid() calls to reset saved gid. Problem 1614 found by Michal Zalewski. 1615 PRIVACY: Prevent information leakage when sendmail has extra 1616 privileges by disabling debugging (command line -d flag) 1617 during queue runs and disabling ETRN when sendmail -bs is 1618 used. Suggested by Michal Zalewski. 1619 Avoid memory corruption problems resulting from bogus .cf files. 1620 Problem found by Michal Zalewski. 1621 Set the ${server_addr} macro to name of mailer when doing LMTP 1622 delivery. LMTP systems may offer SMTP Authentication or 1623 STARTTLS causing sendmail to use this macro in rulesets. 1624 If debugging is turned on (-d0.10) print not just the default 1625 values for configuration file and pid file but also the 1626 selected values. Problem noted by Brad Chapman. 1627 Continue dealing with broken nameservers by ignoring SERVFAIL 1628 errors returned on T_AAAA (IPv6) lookups at delivery time 1629 if ResolverOptions=WorkAroundBrokenAAAA is set. Previously 1630 this only applied to hostname canonification. Problem 1631 noted by Bill Fenner of AT&T Research. 1632 Ignore comments in NIS host records when trying to find the 1633 canonical name for a host. 1634 When sendmail has extra privileges, limit mail submission command 1635 line flags (i.e., -G, -h, -F, etc.) to mail submission 1636 operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on 1637 suggestion from Michal Zalewski. 1638 Portability: 1639 AIX: Use `oslevel` if available to determine OS version. 1640 `uname` does not given complete information. 1641 Problem noted by Keith Neufeld of the Cessna 1642 Aircraft Company. 1643 OpenUNIX: Use lockf() for LDA delivery (affects mail.local). 1644 Problem noticed by Boyd Lynn Gerber of ZENEX. 1645 Avoid compiler warnings by not using pointers to pass 1646 integers. Problem noted by Todd C. Miller of 1647 Courtesan Consulting. 1648 CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize 1649 problems with potential misconfigurations. 1650 CONFIG: Fix comment showing default value of MaxHopCount. Problem 1651 noted by Greg Robinson of the Defence Science and 1652 Technology Organisation of Australia. 1653 CONFIG: dnsbl: If an argument specifies an error message in case 1654 of temporary lookup failures for DNS based blacklists 1655 then use it. 1656 LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by 1657 Richard A. Nelson of Debian. 1658 LIBMILTER: Add __P definition for OS that lack it. Problem noted 1659 by Chris Adams from HiWAAY Informations Services. 1660 LIBSMDB: Fix a lock race condition that affects makemap, praliases, 1661 and vacation. 1662 MAKEMAP: Avoid going beyond the end of an input line if it does 1663 not contain a value for a key. Based on patch from 1664 Mark Bixby from Hewlett-Packard. 1665 New Files: 1666 test/Build 1667 test/Makefile 1668 test/Makefile.m4 1669 test/README 1670 test/t_dropgid.c 1671 test/t_setgid.c 1672 Deleted Files: 1673 include/sm/stdio.h 1674 include/sm/sysstat.h 1675 16768.12.0/8.12.0 2001/09/08 1677 *NOTICE*: The default installation of sendmail does not use 1678 set-user-ID root anymore. You need to create a new user and 1679 a new group before installing sendmail (both called smmsp by 1680 default). The installation process tries to install 1681 /etc/mail/submit.cf and creates /var/spool/clientmqueue by 1682 default. Please see sendmail/SECURITY for details. 1683 SECURITY: Check for group and world writable forward and :include: 1684 files. These checks can be turned off if absolutely 1685 necessary using the DontBlameSendmail option and the new 1686 flags: 1687 GroupWritableForwardFile 1688 WorldWritableForwardFile 1689 GroupWritableIncludeFile 1690 WorldWritableIncludeFile 1691 Problem noted by Slawek Zak of Politechnika Warszawska, 1692 SECURITY: Drop privileges when using address test mode. Suggested 1693 by Michal Zalewski of the "Internet for Schools" project 1694 (IdS). 1695 Fixed problem of a global variable being used for a timeout jump 1696 point where the variable could become overused for more than 1697 one timeout concurrently. This erroneous behavior resulted in 1698 a corrupted stack causing a core dump. The timeout is now 1699 handled via libsm. Problem noted by Michael Shapiro, 1700 John Beck, and Carl Smith of Sun Microsystems. 1701 If sendmail is set-group-ID then that group ID is used for permission 1702 checks (group ID of RunAsUser). This allows use of a 1703 set-group-ID sendmail binary for initial message submission 1704 and no set-user-ID root sendmail is needed. For details 1705 see sendmail/SECURITY. 1706 Log a warning if a non-trusted user changes the syslog label. 1707 Based on notice from Bryan Costales of SL3D, Inc. 1708 If sendmail is called for initial delivery, try to use submit.cf 1709 with a fallback of sendmail.cf as configuration file. See 1710 sendmail/SECURITY. 1711 New configuration file option UseMSP to allow group writable queue 1712 files if the group is the same as that of a set-group-ID 1713 sendmail binary. See sendmail/SECURITY. 1714 The .cf file is chosen based on the operation mode. For -bm (default), 1715 -bs, and -t it is submit.cf if it exists for all others it 1716 is sendmail.cf (to be backward compatible). This selection 1717 can be changed by the new option -Ac or -Am (alternative .cf 1718 file: client or mta). See sendmail/SECURITY. 1719 The SMTP server no longer forks on each MAIL command. The ONEX 1720 command has been removed. 1721 Implement SMTP PIPELINING per RFC 2920. It can be turned off 1722 at compile time or per host (ruleset). 1723 New option MailboxDatabase specifies the type of mailbox database 1724 used to look up local mail recipients; the default value 1725 is "pw", which means to use getpwnam(). New mailbox database 1726 types can be added by adding custom code to libsm/mbdb.c. 1727 Queue file names are now 15 characters long, rather than 14 characters 1728 long, to accomodate envelope splitting. File systems with 1729 a 14 character file name length limit are no longer 1730 supported. 1731 Recipient list used for delivery now gets internally ordered by 1732 hostsignature (character string version of MX RR). This orders 1733 recipients for the same MX RR's together meaning smaller 1734 portions of the list need to be scanned (instead of the whole 1735 list) each delivery() pass to determine piggybacking. The 1736 significance of the change is better the larger the recipient 1737 list. Hostsignature is now created during recipient list 1738 creation rather than just before delivery. 1739 Enhancements for more opportunistic piggybacking. Previous 1740 piggybacking (called coincidental) extended to coattail 1741 piggybacking. Rather than complete MX RR matching 1742 (coincidental) piggybacking is done if just the lowest value 1743 preference matches (coattail). 1744 If sendmail receives a temporary error on a RCPT TO: command, it will 1745 try other MX hosts if available. 1746 DefaultAuthInfo can contain a list of mechanisms to be used for 1747 outgoing (client-side) SMTP Authentication. 1748 New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable 1749 AUTH (overrides 'a' modifier in DaemonPortOptions). Based 1750 on patch from Lyndon Nerenberg of Messaging Direct. 1751 Enable AUTH mechanism EXTERNAL if STARTTLS is used. 1752 A new ruleset authinfo can be used to return client side 1753 authentication information for AUTH instead of DefaultAuthInfo. 1754 Therefore the DefaultAuthInfo option is deprecated and will be 1755 removed in future versions. 1756 Accept any SMTP continuation code 3xy for AUTH even though RFC 2554 1757 requires 334. Mercury 1.48 is a known offender. 1758 Add new option AuthMaxBits to limit the overall encryption strength 1759 for the security layer in SMTP AUTH (SASL). See 1760 doc/op/op.me for details. 1761 Introduce new STARTTLS related macros {cn_issuer}, {cn_subject}, 1762 {cert_md5} which hold the CN (common name) of the CA that 1763 signed the presented certificate, the CN and the MD5 hash 1764 of the presented certificate, respectively. 1765 New ruleset try_tls to decide whether to try (as client) STARTTLS. 1766 New ruleset srv_features to enable/disable certain features in the 1767 server per connection. See doc/op/op.me for details. 1768 New ruleset tls_rcpt to decide whether to send e-mail to a particular 1769 recipient; useful to decide whether a conection is secure 1770 enough on a per recipient basis. 1771 New option TLSSrvOptions to modify some aspects of the server 1772 for STARTTLS. 1773 If no certificate has been requested, the macro {verify} has the 1774 value "NOT". 1775 New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off 1776 using/offering STARTTLS when delivering/receiving e-mail. 1777 Macro expand filenames/directories for certs and keys in the .cf file. 1778 Proposed by Neil Rickert of Northern Illinois University. 1779 Generate an ephemeral RSA key for a STARTTLS connection only if 1780 really required. This change results in a noticable 1781 performance gains on most machines. Moreover, if shared 1782 memory is in use, reuse the key several times. 1783 Add queue groups which can be used to group queue directories with 1784 the same behavior together. See doc/op/op.me for details. 1785 If the new option FastSplit (defaults to one) has a value greater 1786 than zero, it suppresses the MX lookups on addresses when they 1787 are initially sorted which may result in faster envelope 1788 splitting. If the mail is submitted directly from the 1789 command line, then the value also limits the number of 1790 processes to deliver the envelopes; if more envelopes are 1791 created they are only queued up and must be taken care of 1792 by a queue run. 1793 The check for 'enough disk space' now pays attention to which file 1794 system each queue directory resides in. 1795 All queue runners can be cleanly terminated via SIGTERM to parent. 1796 New option QueueFileMode for the default permissions of queue files. 1797 Add parallel queue runner code. Allows multiple queue runners per work 1798 group (one or more queues in a multi-queue environment 1799 collected together) to process the same work list at the 1800 same time. 1801 Option MaxQueueChildren added to limit the number of concurrently 1802 active queue runner processes. 1803 New option MaxRunnersPerQueue to specify the maximum number of queue 1804 runners per queue group. 1805 Queue member selection by substring pattern matching now allows 1806 the pattern to be negated. For -qI, -qR and -qS it is 1807 permissible for -q!I, -q!R and -q!S to mean remove members 1808 of the queue that match during processing. 1809 New -qp[time] option is similar to -qtime, except that instead of 1810 periodically forking a child to process the queue, a single 1811 child is forked for each queue that sleeps between queue 1812 runs. A SIGHUP signal can be sent to restart this 1813 persistent queue runner. 1814 The SIGHUP signal now restarts a timed queue run process (i.e., a 1815 sendmail process which only runs the queue at an interval: 1816 sendmail -q15m). 1817 New option NiceQueueRun to set the priority of queue runners. 1818 Proposed by Thom O'Connor. 1819 sendmail will run the queue(s) in the background when invoked with -q 1820 unless the new -qf option or -v is used. 1821 QueueSortOrder=Random sorts the queue randomly, which is useful if 1822 several queue runners are started by hand to avoid contention. 1823 QueueSortOrder=Modification sorts the queue by the modification time 1824 of the qf file (older entries first). 1825 Support Deliver By SMTP Service Extension (RFC 2852) which allows 1826 a client to specify an amount of time within which an e-mail 1827 should be delivered. New option DeliverByMin added to set the 1828 minimum amount of time or disable the extension. 1829 Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are 1830 not allowed unless escaped or quoted. 1831 Add support for a generic DNS map. Based on a patch contributed 1832 by Leif Johansson of Stockholm University, which was based on 1833 work by Assar Westerlund of Swedish Institute of Computer 1834 Science, Kista, and Johan Danielsson of Royal Institute of 1835 Technology, Stockholm, Sweden. 1836 MX records will be looked up for FallBackMXhost. To use the old 1837 behavior (no MX lookups), put the name in square brackets. 1838 Proposed by Thom O'Connor. 1839 Use shared memory to store free space of filesystems that are used 1840 for queues, if shared memory is available and if a key is set 1841 via SharedMemoryKey. This minimizes the number of system 1842 calls to check the available space. See doc/op/op.me for 1843 details. 1844 If shared memory is compiled in the option -bP can be used to print 1845 the number of entries in the queue(s). 1846 Enable generic mail filter API (milter). See libmilter/README 1847 and the usual documentation for details. 1848 Remove AutoRebuildAliases option, deprecated since 8.10. 1849 Remove '-U' (initial user submission) command line option as 1850 announced in 8.10. 1851 Remove support for non-standard SMTP command XUSR. Use an MSA instead. 1852 New macro {addr_type} which contains whether the current address is 1853 an envelope sender or recipient address. Suggested by 1854 Neil Rickert of Northern Illinois University. 1855 Two new options for host maps: -d (retransmission timeout), 1856 -r (number of retries). 1857 New option for LDAP maps: the -V<sep> allows you to specify a 1858 separator such that a lookup can return both an attribute 1859 and value separated by the given separator. 1860 Add new operators '%', '|', '&' (modulo, binary or, binary and) 1861 to map class arith. 1862 If DoubleBounceAddress expands to an empty string, ``double bounces'' 1863 (errors that occur when sending an error message) are dropped. 1864 New DontBlameSendmail options GroupReadableSASLDBFile and 1865 GroupWritableSASLDBFile to relax requirements for sasldb files. 1866 New DontBlameSendmail options GroupReadableKeyFile to relax 1867 requirements for files containing secret keys. This is 1868 necessary for the MSP if client authentification is used. 1869 Properly handle quoted filenames for class files (to allow for 1870 filenames with spaces). 1871 Honor the resolver option RES_NOALIASES when canonifying hostnames. 1872 Add macros to avoid the reuse of {if_addr} etc: 1873 {if_name_out} hostname of interface of outgoing connection. 1874 {if_addr_out} address of interface of outgoing connection. 1875 {if_family_out} family of interface of outgoing connection. 1876 The latter two are only set if the interface does not belong 1877 to the loopback net. 1878 Add macro {nrcpts} which holds the number of (validated) recipients. 1879 DialDelay option applies only to mailers with flag 'Z'. Patch from 1880 Juergen Georgi of RUS University of Stuttgart. 1881 New Timeout.lhlo,auth,starttls options to limit the time waiting for 1882 an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command. 1883 New Timeout.aconnect option to limit the overall waiting time for 1884 all connections for a single delivery attempt to succeed. 1885 Limit the rate recipients in the SMTP envelope are accepted once 1886 a threshold number of recipients has been rejected (option 1887 BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD 1888 Development Group. 1889 New option DelayLA to delay connections if the load averages 1890 exceeds the specified value. The default of 0 does not 1891 change the previous behavior. A value greater than 0 1892 will cause sendmail to sleep for one second on most 1893 SMTP commands and before accepting connections if that 1894 load average is exceeded. 1895 Use a dynamic (instead of fixed-size) buffer for the list of 1896 recipients that are sent during a connection to a mailer. 1897 This also introduces a new mailer field 'r' which defines 1898 the maximum number of recipients (defaults to 100). 1899 Based on patch by Motonori Nakamura of Kyoto University. 1900 Add new F=1 mailer flag to disable sending of null characters ('\0'). 1901 Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead. 1902 The deprecated [TCP] builtin mailer pathname (P=) is gone. Use [IPC] 1903 instead. 1904 IPC is no longer available as first mailer argument (A=) for [IPC] 1905 builtin mailer pathnames. Use TCP instead. 1906 PH map code updated to use the new libphclient API instead of the 1907 old libqiapi library. Contributed by Mark Roth of the 1908 University of Illinois at Urbana-Champaign. 1909 New option DirectSubmissionModifiers to define {daemon_flags} 1910 for direct (command line) submissions. 1911 New M=O modifier for DaemonPortOptions to ignore the socket in 1912 case of failures. Based on patch by Jun-ichiro itojun 1913 Hagino of the KAME Project. 1914 Add Disposition-Notification-To: (RFC 2298) to the list of headers 1915 whose content is rewritten similar to Reply-To:. 1916 Proposed by Andrzej Filip. 1917 Use STARTTLS/AUTH=server/client for logging incoming/outgoing 1918 STARTTLS/AUTH connections; log incoming connections at level 1919 9 or higher. Use AUTH/STARTTLS instead of SASL/TLS for SMTP 1920 AUTH/STARTTLS related logfile entries. 1921 Convert unprintable characters (and backslash) into octal or C format 1922 before logging. 1923 Log recipients if no message is transferred but QUIT/RSET is given 1924 (at LogLevel 9/10 or higher). 1925 Log discarded recipients at LogLevel 10 or higher. 1926 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections 1927 in which most commands are rejected due to check_relay or 1928 TCP Wrappers if the host tries one of those commands anyway. 1929 Change logging format for cloned envelopes to be similar to that for 1930 DSNs ("old id: new id: clone"). Suggested by Ulrich Windl 1931 of the Universitat Regensburg. 1932 Added libsm, a C library of general purpose abstractions including 1933 assertions, tracing and debugging with named debug categories, 1934 exception handling, malloc debugging, resource pools, 1935 portability abstractions, and an extensible buffered I/O 1936 package. It will at some point replace libsmutil. 1937 See libsm/index.html for details. 1938 Fixed most memory leaks in sendmail which were previously taken 1939 care of by fork() and exit(). 1940 Use new sm_io*() functions in place of stdio calls. Allows for 1941 more consistent portablity amongst different platforms 1942 new and old (from new libsm). 1943 Common I/O pkg means just one buffering method needed instead of two 1944 ('bf_portable' and 'bf_torek' now just 'bf'). 1945 Sfio no longer needed as SASL/TLS code uses sm_io*() API's. 1946 New possible value 'interactive' for SuperSafe which can be used 1947 together with DeliveryMode=interactive is to avoid some disk 1948 synchronizations calls. 1949 Add per-recipient status information to mailq -v output. 1950 T_ANY queries are no longer used by sendmail. 1951 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS" 1952 too (see include/sm/cdefs.h for more info). 1953 sendmail -d now has general support for named debug categories. 1954 See libsm/debug.html and section 3.4 of doc/op/op.me 1955 for details. 1956 Eliminate the "postmaster warning" DSNs on address parsing errors 1957 such as unbalanced angle brackets or parentheses. The DSNs 1958 generated by this condition were illegal (not RFC conform). 1959 Problem noted by Ulrich Windl of the Universitaet Regensburg. 1960 Do not issue a DSN if the ruleset localaddr resolves to the $#error 1961 mailer and the recipient has hence been rejected during the 1962 SMTP dialogue. Problem reported by Larry Greenfield of CMU. 1963 Deal with a case of multiple deliveries on misconfigured systems 1964 that do not have postmaster defined. If an email was sent 1965 from an address to which a DSN cannot be returned and 1966 in which at least one recipient address is non-deliverable, 1967 then that email had been delivered in each queue run. 1968 Problem reported by Matteo HCE Valsasna of Universita 1969 degli Studi dell'Insubria. 1970 The compilation options SMTP, DAEMON, and QUEUE have been removed, 1971 i.e., the corresponding code is always compiled in now. 1972 Log the command line in daemon/queue-run mode at LogLevel 10 and 1973 higher. Suggested by Robert Harker of Harker Systems. 1974 New ResolverOptions setting: WorkAroundBrokenAAAA. When 1975 attempting to canonify a hostname, some broken nameservers 1976 will return SERVFAIL (a temporary failure) on T_AAAA (IPv6) 1977 lookups. If you want to excuse this behavior, use this new 1978 flag. Suggested by Chris Foote of SE Network Access and 1979 Mark Roth of the University of Illinois at 1980 Urbana-Champaign. 1981 Free the memory allocated by getipnodeby{addr,name}(). Problem 1982 noted by Joy Latten of IBM. 1983 ConnectionRateThrottle limits the number of connections per second 1984 to each daemon individually, not the overall number of 1985 connections. 1986 Specifying only "ldap:" as an AliasFile specification will force 1987 sendmail to use a default alias schema as outlined in the 1988 ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of 1989 cf/README. 1990 Add a new syntax for the 'F' (file class) sendmail.cf command. If 1991 the first character after the class name is not a '/' or a 1992 '|' and it contains an '@' (e.g., F{X}key@class:spec), the 1993 rest of the line will be parsed as a map lookup. This 1994 allows classes to be filled via a map lookup. See op.me 1995 for more syntax information. Specifically, this can be 1996 used for commands such as VIRTUSER_DOMAIN_FILE() to read 1997 the list of domains via LDAP (see the ``USING LDAP FOR 1998 ALIASES, MAPS, and CLASSES'' section of cf/README for an 1999 example). 2000 The new macro ${sendmailMTACluster} determines the LDAP cluster for 2001 the default schema used in the above two items. 2002 Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a 2003 warning if a program being run from a mailer or file class 2004 (e.g., F|/path/to/prog) is in an unsafe directory path. 2005 Unless DontBlameSendmail=RunWritableProgram is set, log a warning 2006 if a program being run from a mailer or file class 2007 (e.g., F|/path/to/prog) is group or world writable. 2008 Loopback interfaces (e.g., "lo0") are now probed for class {w} 2009 hostnames. Setting DontProbeInterfaces to "loopback" 2010 (without quotes) will disable this and return to the 2011 pre-8.12 behavior of only probing non-loopback interfaces. 2012 Suggested by Bryan Stansell of GNAC. 2013 In accordance with RFC 2821 section 4.1.4, accept multiple 2014 HELO/EHLO commands. 2015 Multiple ClientPortOptions settings are now allowed, one for each 2016 possible protocol family which may be used for outgoing 2017 connections. Restrictions placed on one family only affect 2018 outgoing connections on that particular family. Because of 2019 this change, the ${client_flags} macro is not set until the 2020 connection is established. Based on patch from Motonori 2021 Nakamura of Kyoto University. 2022 PrivacyOptions=restrictexpand instructs sendmail to drop privileges 2023 when the -bv option is given by users who are neither root 2024 nor the TrustedUser so users can not read private aliases, 2025 forwards, or :include: files. It also will override the -v 2026 (verbose) command line option. 2027 If the M=b modifier is set in DaemonPortOptions and the interface 2028 address can't be used for the outgoing connection, fall 2029 back to the settings in ClientPortOptions (if set). 2030 Problem noted by John Beck of Sun Microsystems. 2031 New named config file rule check_data for DATA command (input: 2032 number of recipients). Based on patch from Mark Roth of 2033 the University of Illinois at Urbana-Champaign. 2034 Add support for ETRN queue selection per RFC 1985. The queue group 2035 can be specified using the '#' option character. For 2036 example, 'ETRN #queuegroup'. 2037 If an LDAP server times out or becomes unavailable, close the 2038 current connection and reopen to get to one of the fallback 2039 servers. Patch from Paul Hilchey of the University of 2040 British Columbia. 2041 Make default error number on $#error messages 550 instead of 501 2042 because 501 is not allowed on all commands. 2043 The .cf file option UnsafeGroupWrites is deprecated, it should be 2044 replaced with the settings GroupWritableForwardFileSafe 2045 and GroupWritableIncludeFileSafe in DontBlameSendmail 2046 if required. 2047 The deprecated ldapx map class has been removed. Use the ldap map 2048 class instead. 2049 Any IPv6 addresses used in configuration should be prefixed by the 2050 "IPv6:" tag to identify the address properly. For example, 2051 if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to 2052 class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4]. 2053 Change the $&{opMode} macro if the operation mode changes while the 2054 MTA is running. For example, during a queue run. 2055 Add "use_inet6" as a new ResolverOptions flag to control the 2056 RES_USE_INET6 resolver option. Based on patch from Rick 2057 Nelson of IBM. 2058 The maximum number of commands before the MTA slows down when too 2059 many "light weight" commands have been received are now 2060 configurable during compile time. The current values and 2061 their defaults are: 2062 MAXBADCOMMANDS 25 unknown commands 2063 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 2064 MAXHELOCOMMANDS 3 HELO, EHLO 2065 MAXVRFYCOMMANDS 6 VRFY, EXPN 2066 MAXETRNCOMMANDS 8 ETRN 2067 Setting a value to 0 disables the check. Patch from Bryan 2068 Costales of SL3D, Inc. 2069 The header syntax H?${MyMacro}?X-My-Header: now not only checks if 2070 ${MyMacro} is defined but also that it is not empty. 2071 Properly quote usernames with special characters if they are used 2072 in headers. Problem noted by Kari Hurtta of the Finnish 2073 Meteorological Institute. 2074 Be sure to include the proper Final-Recipient: DSN header in bounce 2075 messages for messages for mailing list expanded addresses 2076 which are not delivered on the initial attempt. 2077 Do not treat errors as sticky when doing delivery via LMTP after 2078 the final dot has been sent to avoid affecting future 2079 deliveries. Problem reported by Larry Greenfield of CMU. 2080 New compile time flag REQUIRES_DIR_FSYNC which turns on support for 2081 file systems that require to call fsync() for a directory 2082 if the meta-data in it has been changed. This should be 2083 set at least for ReiserFS; it is enabled by default for Linux. 2084 See sendmail/README for further information. 2085 Avoid file locking deadlock when updating the statistics file if 2086 sendmail is signaled to terminate. Problem noted by 2087 Christophe Wolfhugel of France Telecom. 2088 Set the $c macro (hop count) as it is being set instead of when the 2089 envelope is initialized. Problem noted by Kari Hurtta of 2090 the Finnish Meteorological Institute. 2091 Properly count recipients for DeliveryMode defer and queue. Fix 2092 from Peter A. Friend of EarthLink. 2093 Treat invalid hesiod lookups as permanent errors instead of 2094 temporary errors. Problem noted by Russell McOrmond of 2095 flora.ca. 2096 Portability: 2097 Remove support for AIX 2, which supports only 14 character 2098 filenames and is outdated anyway. Suggested by 2099 Valdis Kletnieks of Virginia Tech. 2100 Change several settings for Irix 6: remove confSBINDIR, 2101 i.e., use default /usr/sbin, change owner/group 2102 of man pages and user-executable to root/sys, set 2103 optimization limit to 0 (unlimited). Based on patch 2104 from Ayamura Kikuchi, M.D, and proposal from Kari 2105 Hurtta of the Finnish Meteorological Institute. 2106 Do not assume LDAP support is installed by default under 2107 Solaris 8 and later. 2108 Add support for OpenUNIX. 2109 CONFIG: Increment version number of config file to 10. 2110 CONFIG: Add an install target and a README file in cf/cf. 2111 CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc. 2112 CONFIG: Reject empty recipient addresses (in check_rcpt). 2113 CONFIG: The access map uses an option of -T<TMPF> to deal with 2114 temporary lookup failures. 2115 CONFIG: New value for access map: SKIP, which causes the default 2116 action to be taken by aborting the search for domain names 2117 or IP nets. 2118 CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or 2119 relay address as long as the other part allows the email 2120 to get through. 2121 CONFIG: Entries for virtusertable can make use of a third parameter 2122 "%3" which contains "+detail" of a wildcard match, i.e., an 2123 entry like user+*@domain. This allows handling of details by 2124 using %1%3 as the RHS. Additionally, a "+" wildcard has been 2125 introduced to match only non-empty details of addresses. 2126 CONFIG: Numbers for rulesets used by MAILERs have been removed 2127 and hence there is no required order within the MAILER 2128 section anymore except for MAILER(`uucp') which must come 2129 after MAILER(`smtp') if uucp-dom and uucp-uudom are used. 2130 CONFIG: Hosts listed in the generics domain class {G} 2131 (GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated 2132 as canonical. Suggested by Per Hedeland of Ericsson. 2133 CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup 2134 in the access map which returns OK or RELAY actually 2135 terminates check_* ruleset checking. 2136 CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset 2137 tls_rcpt, see cf/README for details. 2138 CONFIG: Change format of Received: header line which reveals whether 2139 STARTTLS has been used to "(version=${tls_version} 2140 cipher=${cipher} bits=${cipher_bits} verify=${verify})". 2141 CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks') 2142 options friends/haters instead of "To:" and enable 2143 specification of whole domains instead of just users. 2144 Notice: this change is not backward compatible. 2145 Suggested by Chris Adams from HiWAAY Informations Services. 2146 CONFIG: Allow for local extensions for most new rulesets, see 2147 cf/README for details. 2148 CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in 2149 the access map. Proposed by Randall Winchester of the 2150 University of Maryland. 2151 CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for 2152 the local mailer. Proposed by Ingo Brueckl of Wupper Online. 2153 CONFIG: confRELAY_MSG/confREJECT_MSG can override the default 2154 messages for an unauthorized relaying attempt/for access 2155 map entries with RHS REJECT, respectively. 2156 CONFIG: FEATURE(`always_add_domain') takes an optional argument 2157 to specify another domain to be added instead of the local one. 2158 Suggested by Richard H. Gumpertz of Computer Problem 2159 Solving. 2160 CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific 2161 options, see doc/op/op.me for details. 2162 CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for 2163 the security layer in SMTP AUTH (SASL). 2164 CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated 2165 immediately. 2166 CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which 2167 allows checking of the return values of the DNS lookups. 2168 See cf/README for details. 2169 CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for 2170 temporary lookup failures. 2171 CONFIG: New option confDELIVER_BY_MIN to specify minimum time for 2172 Deliver By (RFC 2852) or to turn off the extension. 2173 CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared 2174 memory use. 2175 CONFIG: New FEATURE(`compat_check') to look up a key consisting 2176 of the sender and the recipient address delimited by the 2177 string "<@>", e.g., sender@sdomain<@>recipient@rdomain, 2178 in the access map. Based on code contributed by Mathias 2179 Koerber of Singapore Telecommunications Ltd. 2180 CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user 2181 file. Suggested by John Beck of Sun Microsystems. 2182 CONFIG: Don't use MAILER-DAEMON for error messages delivered 2183 via LMTP. Problem reported by Larry Greenfield of CMU. 2184 CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of 2185 the recipient host if LUSER_RELAY is used. 2186 CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the 2187 +detail portion of the address when passing address to 2188 local delivery agent. Disables alias and .forward +detail 2189 stripping. Only use if LDA supports this. 2190 CONFIG: Removed deprecated FEATURE(`rbl'). 2191 CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE() 2192 which allow you to specify 'equivalent' hosts for LDAP 2193 Routing lookups. Equivalent hostnames are replaced by the 2194 masquerade domain name for lookups. See cf/README for 2195 additional details. 2196 CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which 2197 instructs the rulesets on what to do if the address being 2198 looked up has +detail information. See cf/README for more 2199 information. 2200 CONFIG: When chosing a new destination via LDAP Routing, also look 2201 up the new routing address/host in the mailertable. Based 2202 on patch from Don Badrak of the United States Census Bureau. 2203 CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing 2204 is in use and the bounce option is enabled. Only reject 2205 recipients as user unknown. 2206 CONFIG: Provide LDAP support for the remaining database map 2207 features. See the ``USING LDAP FOR ALIASES AND MAPS'' 2208 section of cf/README for more information. 2209 CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster} 2210 macro used for LDAP searches as described above in ``USING 2211 LDAP FOR ALIASES, MAPS, AND CLASSES''. 2212 CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(), 2213 which takes the options as argument and can be used 2214 multiple times; see cf/README for details. 2215 CONFIG: Add configuration macros for new options: 2216 confBAD_RCPT_THROTTLE BadRcptThrottle 2217 confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 2218 confMAILBOX_DATABASE MailboxDatabase 2219 confMAX_QUEUE_CHILDREN MaxQueueChildren 2220 confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 2221 confNICE_QUEUE_RUN NiceQueueRun 2222 confQUEUE_FILE_MODE QueueFileMode 2223 confFAST_SPLIT FastSplit 2224 confTLS_SRV_OPTIONS TLSSrvOptions 2225 See above (and related documentation) for further information. 2226 CONFIG: Add configuration variables for new timeout options: 2227 confTO_ACONNECT Timeout.aconnect 2228 confTO_AUTH Timeout.auth 2229 confTO_LHLO Timeout.lhlo 2230 confTO_STARTTLS Timeout.starttls 2231 CONFIG: Add configuration macros for mail filter API: 2232 confINPUT_MAIL_FILTERS InputMailFilters 2233 confMILTER_LOG_LEVEL Milter.LogLevel 2234 confMILTER_MACROS_CONNECT Milter.macros.connect 2235 confMILTER_MACROS_HELO Milter.macros.helo 2236 confMILTER_MACROS_ENVFROM Milter.macros.envfrom 2237 confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 2238 Mail filters can be defined via INPUT_MAIL_FILTER() and 2239 MAIL_FILTER(). See libmilter/README, cf/README, and 2240 doc/op/op.me for details. 2241 CONFIG: Add support for accepting temporarily unresolvable domains. 2242 See cf/README for details. Based on patch by Motonori 2243 Nakamura of Kyoto University. 2244 CONFIG: confDEQUOTE_OPTS can be used to specify options for the 2245 dequote map. 2246 CONFIG: New macro QUEUE_GROUP() to define queue groups. 2247 CONFIG: New FEATURE(`queuegroup') to select a queue group based 2248 on the full e-mail address or the domain of the recipient. 2249 CONFIG: Any IPv6 addresses used in configuration should be prefixed 2250 by the "IPv6:" tag to identify the address properly. For 2251 example, if you want to use the IPv6 address 2252 2002:c0a8:51d2::23f4 in the access database, you would need 2253 to use IPv6:2002:c0a8:51d2::23f4 on the left hand side. 2254 This affects the access database as well as the 2255 relay-domains and local-host-names files. 2256 CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux). 2257 CONFIG: Avoid expansion of m4 keywords in SMART_HOST. 2258 CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading 2259 exceptions from a file. Suggested by Trey Breckenridge of 2260 Mississippi State University. 2261 CONFIG: Add LOCAL_USER_FILE() for reading local users 2262 (LOCAL_USER() -- $={L}) entries from a file. 2263 CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4 2264 which allows to lookup error codes in the access map. 2265 Contributed by Neil Rickert of Northern Illinois University. 2266 DEVTOOLS: Add new options for installation of include and library 2267 files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP, 2268 confLIBMODE, confLIBOWN. 2269 DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off 2270 installation of the the formatted man pages on operating 2271 systems which don't include cat directories. 2272 EDITMAP: New program for editing maps as supplement to makemap. 2273 MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up 2274 local mail recipients. New option -D mbdb specifies the 2275 mailbox database type. 2276 MAIL.LOCAL: New option "-h filename" which instructs mail.local to 2277 deliver the mail to the named file in the user's home 2278 directory instead of the system mail spool area. Based on 2279 patch from Doug Hardie of the Los Angeles Free-Net. 2280 MAILSTATS: New command line option -P which acts the same as -p but 2281 doesn't truncate the statistics file. 2282 MAKEMAP: Add new option -t to specify a different delimiter 2283 instead of white space. 2284 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway 2285 submission. Problem noted by Kari Hurtta of the Finnish 2286 Meteorological Institute. 2287 SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later. 2288 VACATION: Change Auto-Submitted: header value from auto-generated to 2289 auto-replied. From Kenneth Murchison of Oceana Matrix Ltd. 2290 VACATION: New option -d to send error/debug messages to stdout 2291 instead of syslog. 2292 VACATION: New option -U which prevents the attempt to lookup login 2293 in the password file. The -f and -m options must be used 2294 to specify the database and message file since there is no 2295 home directory for the default settings for these options. 2296 VACATION: Vacation now uses the libsm mbdb package to look up 2297 local mail recipients; it reads the MailboxDatabase option 2298 from the sendmail.cf file. New option -C cffile which 2299 specifies the path of the sendmail.cf file. 2300 New Directories: 2301 libmilter/docs 2302 New Files: 2303 cf/cf/README 2304 cf/cf/submit.cf 2305 cf/cf/submit.mc 2306 cf/feature/authinfo.m4 2307 cf/feature/compat_check.m4 2308 cf/feature/enhdnsbl.m4 2309 cf/feature/msp.m4 2310 cf/feature/local_no_masquerade.m4 2311 cf/feature/lookupdotdomain.m4 2312 cf/feature/preserve_luser_host.m4 2313 cf/feature/preserve_local_plus_detail.m4 2314 cf/feature/queuegroup.m4 2315 cf/sendmail.schema 2316 contrib/dnsblaccess.m4 2317 devtools/M4/UNIX/sm-test.m4 2318 devtools/OS/OpenUNIX.5.i386 2319 editmap/* 2320 include/sm/* 2321 libsm/* 2322 libsmutil/cf.c 2323 libsmutil/err.c 2324 sendmail/SECURITY 2325 sendmail/TUNING 2326 sendmail/bf.c 2327 sendmail/bf.h 2328 sendmail/sasl.c 2329 sendmail/sm_resolve.c 2330 sendmail/sm_resolve.h 2331 sendmail/tls.c 2332 Deleted Files: 2333 cf/feature/rbl.m4 2334 cf/ostype/aix2.m4 2335 devtools/OS/AIX.2 2336 include/sendmail/cdefs.h 2337 include/sendmail/errstring.h 2338 include/sendmail/useful.h 2339 libsmutil/errstring.c 2340 sendmail/bf_portable.c 2341 sendmail/bf_portable.h 2342 sendmail/bf_torek.c 2343 sendmail/bf_torek.h 2344 sendmail/clock.c 2345 Renamed Files: 2346 cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc 2347 cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf 2348 cf/ostype/aux.m4 => cf/ostype/a-ux.m4 2349 23508.11.7/8.11.7 2003/03/29 2351 SECURITY: Fix a remote buffer overflow in header parsing by 2352 dropping sender and recipient header comments if the 2353 comments are too long. Problem noted by Mark Dowd 2354 of ISS X-Force. 2355 SECURITY: Fix a buffer overflow in address parsing due to 2356 a char to int conversion problem which is potentially 2357 remotely exploitable. Problem found by Michal Zalewski. 2358 Note: an MTA that is not patched might be vulnerable to 2359 data that it receives from untrusted sources, which 2360 includes DNS. 2361 To provide partial protection to internal, unpatched sendmail MTAs, 2362 8.11.7 changes by default (char)0xff to (char)0x7f in 2363 headers etc. To turn off this conversion compile with 2364 -DALLOW_255 or use the command line option -d82.101. 2365 To provide partial protection for internal, unpatched MTAs that may be 2366 performing 7->8 or 8->7 bit MIME conversions, the default 2367 for MaxMimeHeaderLength has been changed to 2048/1024. 2368 Note: this does have a performance impact, and it only 2369 protects against frontal attacks from the outside. 2370 To disable the checks and return to pre-8.11.7 defaults, 2371 set MaxMimeHeaderLength to 0/0. 2372 Properly clean up macros to avoid persistence of session data 2373 across various connections. This could cause session 2374 oriented restrictions, e.g., STARTTLS requirements, 2375 to erroneously allow a connection. Problem noted 2376 by Tim Maletic of Priority Health. 2377 Ignore comments in NIS host records when trying to find the 2378 canonical name for a host. 2379 Fix a memory leak when closing Hesiod maps. 2380 Set ${msg_size} macro when reading a message from the command line 2381 or the queue. 2382 Prevent a segmentation fault when clearing the event list by 2383 turning off alarms before checking if event list is 2384 empty. Problem noted by Allan E Johannesen of Worcester 2385 Polytechnic Institute. 2386 Fix a potential core dump problem if the environment variable 2387 NAME is set. Problem noted by Beth A. Chaney of 2388 Purdue University. 2389 Prevent a race condition on child cleanup for delivery to files. 2390 Problem noted by Fletcher Mattox of the University of 2391 Texas. 2392 CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce 2393 parameter is set and the LDAP lookup returns a temporary 2394 error. 2395 CONFIG: Fix a syntax error in the try_tls ruleset if 2396 FEATURE(`access_db') is not enabled. 2397 LIBSMDB: Fix a lock race condition that affects makemap, praliases, 2398 and vacation. 2399 LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X 2400 and NDBM on systems with the O_EXLOCK open(2) flag. 2401 MAKEMAP: Avoid going beyond the end of an input line if it does 2402 not contain a value for a key. Based on patch from 2403 Mark Bixby from Hewlett-Packard. 2404 MAIL.LOCAL: Fix a truncation race condition if the close() on 2405 the mailbox fails. Problem noted by Tomoko Fukuzawa of 2406 Sun Microsystems. 2407 SMRSH: SECURITY: Only allow regular files or symbolic links to be 2408 used for a command. Problem noted by David Endler of 2409 iDEFENSE, Inc. 2410 24118.11.6/8.11.6 2001/08/20 2412 SECURITY: Fix a possible memory access violation when specifying 2413 out-of-bounds debug parameters. Problem detected by 2414 Cade Cairns of SecurityFocus. 2415 Avoid leaking recipient information in unrelated DSNs. This could 2416 happen if a connection is aborted, several mails had been 2417 scheduled for delivery via that connection, and the timeout 2418 is reached such that several DSNs are sent next. Problem 2419 noted by Dileepan Moorkanat of Hewlett-Packard. 2420 Fix a possible segmentation violation when specifying too many 2421 wildcard operators in a rule. Problem detected by 2422 Werner Wiethege. 2423 Avoid a segmentation fault on non-matching Hesiod lookups. Problem 2424 noted by Russell McOrmond of flora.ca 2425 24268.11.5/8.11.5 2001/07/31 2427 Fix a possible race condition when sending a HUP signal to restart 2428 the daemon. This could terminate the current process without 2429 starting a new daemon. Problem reported by Wolfgang Breyha 2430 of SE Netway Communications. 2431 Only apply MaxHeadersLength when receiving a message via SMTP or 2432 the command line. Problem noted by Andrey J. Melnikoff. 2433 When finding the system's local hostname on an IPv6-enabled system 2434 which doesn't have any IPv6 interface addresses, fall back 2435 to looking up only IPv4 addresses. Problem noted by Tim 2436 Bosserman of EarthLink. 2437 When commands were being rejected due to check_relay or TCP 2438 Wrappers, the ETRN command was not giving a response. 2439 Incoming IPv4 connections on a Family=inet6 daemon (using 2440 IPv4-mapped addresses) were incorrectly labeled as "may be 2441 forged". Problem noted by Per Steinar Iversen of Oslo 2442 University College. 2443 Shutdown address test mode cleanly on SIGTERM. Problem noted by 2444 Greg King of the OAO Corporation. 2445 Restore the original real uid (changed in main() to prevent 2446 out of band signals) before invoking a delivery agent. 2447 Some delivery agents use this for the "From " envelope 2448 "header". Problem noted by Leslie Carroll of the 2449 University at Albany. 2450 Mark closed file descriptors properly to avoid reuse. Problem 2451 noted by Jeff Bronson of J.D. Bronson, Inc. 2452 Setting Timeout options on the command line will also override 2453 their sub-suboptions in the .cf file, e.g., -O 2454 Timeout.queuereturn=2d will set all queuereturn timeouts 2455 to 2 days. Problem noted by Roger B.A. Klorese. 2456 Portability: 2457 BSD/OS has a broken setreuid() implementation. Problem 2458 noted by Vernon Schryver of Rhyolite Software. 2459 BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?). 2460 Noted by Vernon Schryver of Rhyolite Software. 2461 BSD/OS has fchown(2). Noted by Dave Yadallee of Netline 2462 2000 Internet Solutions Inc. 2463 Solaris 2.X and later have strerror(3). From Sebastian 2464 Hagedorn of Cologne University. 2465 CONFIG: Fix parsing for IPv6 domain literals in addresses 2466 (user@[IPv6:address]). Problem noted by Liyuan Zhou. 2467 24688.11.4/8.11.4 2001/05/28 2469 Clean up signal handling routines to reduce the chances of heap 2470 corruption and other potential race conditions. 2471 Terminating and restarting the daemon may not be 2472 instantaneous due to this change. Also, non-root users can 2473 no longer send out-of-band signals. Problem reported by 2474 Michal Zalewski of BindView. 2475 If LogLevel is greater than 9 and SASL fails to negotiate an 2476 encryption layer, avoid core dump logging the encryption 2477 strength. Problem noted by Miroslav Zubcic of Crol. 2478 If a server offers "AUTH=" and "AUTH " and the list of mechanisms is 2479 different in those two lines, sendmail might not have 2480 recognized (and used) all of the offered mechanisms. 2481 Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch 2482 from Kenji Miyake. 2483 This time, really don't use the .. directory when expanding 2484 QueueDirectory wildcards. 2485 If a process is interrupted while closing a map, don't try to close 2486 the same map again while exiting. 2487 Allow local mailers (F=l) to contact remote hosts (e.g., via 2488 LMTP). Problem noted by Norbert Klasen of the University 2489 of Tuebingen. 2490 If Timeout.QueueReturn was set to a value less the time it took 2491 to write a new queue file (e.g., 0 seconds), the bounce 2492 message would be lost. Problem noted by Lorraine L Goff of 2493 Oklahoma State University. 2494 Pass map argument vector into map rewriting engine for the regex 2495 and prog map types. Problem noted by Stephen Gildea of 2496 InTouch Systems, Inc. 2497 When closing an LDAP map due to a temporary error, close all of the 2498 other LDAP maps which share the original map's connection 2499 to the LDAP server. Patch from Victor Duchovni of 2500 Morgan Stanley. 2501 To detect changes of NDBM aliases files check the timestamp of the 2502 .pag file instead of the .dir file. Problem noted by Neil 2503 Rickert of Northern Illinois University. 2504 Don't treat temporary hesiod lookup failures as permanent. Patch 2505 from Werner Wiethege. 2506 If ClientPortOptions is set, make sure to create the outgoing socket 2507 with the family set in that option. Patch from Sean Farley. 2508 Avoid a segmentation fault trying to dereference a NULL pointer 2509 when logging a MaxHopCount exceeded error with an empty 2510 recipient list. Problem noted by Chris Adams of HiWAAY 2511 Internet Services. 2512 Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich 2513 Windl of the Universitaet Regensburg. 2514 Fix DSN for "mail loops back to me" bounces. Problem noticed by 2515 Kari Hurtta of the Finnish Meteorological Institute. 2516 Portability: 2517 OpenBSD has a broken setreuid() implementation. 2518 CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back 2519 to 553 since it is allowed by DRUMS. 2520 CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X. 2521 DEVTOOLS: install.sh did not properly handle paths in the source 2522 file name argument. Noted by Kari Hurtta of the Finnish 2523 Meteorological Institute. 2524 DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD 2525 since it generates random process ids. 2526 PRALIASES: Add back adaptive algorithm to deal with different endings 2527 of entries in the database (with/without trailing '\0'). 2528 Patch from John Beck of Sun Microsystems. 2529 New Files: 2530 cf/ostype/freebsd4.m4 2531 25328.11.3/8.11.3 2001/02/27 2533 Prevent a segmentation fault when a bogus value was used in the 2534 LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus 2535 option was used. Problem noted by Allan E Johannesen of 2536 Worcester Polytechnic Institute. 2537 Prevent "token too long" message by shortening {currHeader} which 2538 could be too long if the last copied character was a quote. 2539 Problem detected by Jan Krueger of digitalanswers 2540 communications consulting gmbh. 2541 Additional IPv6 check for unspecified addresses. Patch from 2542 Jun-ichiro itojun Hagino of the KAME Project. 2543 Do not ignore the ClientPortOptions setting if DaemonPortOptions 2544 Modifier=b (bind to same interface) is set and the 2545 connection came in from the command line. 2546 Do not bind to the loopback address if DaemonPortOptions 2547 Modifier=b (bind to same interface) is set. Patch from 2548 John Beck of Sun Microsystems. 2549 Properly deal with open failures on non-optional maps used in 2550 check_* rulesets by returning a temporary failure. 2551 Buffered file I/O files were not being properly fsync'ed to disk 2552 when they were committed. 2553 Properly encode '=' for the AUTH= parameter of the MAIL command. 2554 Problem noted by Hadmut Danisch. 2555 Under certain circumstances the macro {server_name} could be set 2556 to the wrong hostname (of a previous connection), which may 2557 cause some rulesets to return wrong results. This would 2558 usually cause mail to be queued up and delivered later on. 2559 Ignore F=z (LMTP) mailer flag if $u is given in the mailer A= 2560 equate. Problem noted by Motonori Nakamura of Kyoto 2561 University. 2562 Work around broken accept() implementations which only partially 2563 fill in the peer address if the socket is closed before 2564 accept() completes. 2565 Return an SMTP "421" temporary failure if the data file can't be 2566 opened where the "354" reply would normally be given. 2567 Prevent a CPU loop in trying to expand a macro which doesn't exist 2568 in a queue run. Problem noted by Gordon Lack of Glaxo 2569 Wellcome. 2570 If delivering via a program and that program exits with EX_TEMPFAIL, 2571 note that fact for the mailq display instead of just showing 2572 "Deferred". Problem noted by Motonori Nakamura of Kyoto 2573 University. 2574 If doing canonification via /etc/hosts, try both the fully 2575 qualified hostname as well as the first portion of the 2576 hostname. Problem noted by David Bremner of the 2577 University of New Brunswick. 2578 Portability: 2579 Fix a compilation problem for mail.local and rmail if SFIO 2580 is in use. Problem noted by Auteria Wally 2581 Winzer Jr. of Champion Nutrition. 2582 IPv6 changes for platforms using KAME. Patch from 2583 Jun-ichiro itojun Hagino of the KAME Project. 2584 OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and 2585 higher has BSDI-style login classes. Patch from 2586 Todd C. Miller of Courtesan Consulting. 2587 Unixware 7.1.1 doesn't allow h_errno to be set directly if 2588 sendmail is being compiled with -kthread. Problem 2589 noted by Orion Poplawski of CQG, Inc. 2590 CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and 2591 current left hand side for $LHS in virtuser files. 2592 DEVTOOLS: Do not pass make targets to recursive Build invocations. 2593 Problem noted by Jeff Bronson of J.D. Bronson, Inc. 2594 MAIL.LOCAL: In LMTP mode, do not return errors regarding problems 2595 storing the temporary message file until after the remote 2596 side has sent the final DATA termination dot. Problem 2597 noted by Allan E Johannesen of Worcester Polytechnic 2598 Institute. 2599 MAIL.LOCAL: If LMTP mode is set, give a temporary error if users 2600 are also specified on the command line. Patch from 2601 Motonori Nakamura of Kyoto University. 2602 PRALIASES: Skip over AliasFile specifications which aren't based on 2603 database files (i.e., only show dbm, hash, and btree). 2604 Renamed Files: 2605 devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x 2606 26078.11.2/8.11.2 2000/12/29 2608 Prevent a segmentation fault when trying to set a class in 2609 address test mode due to a negative array index. Audit 2610 other array indexing. This bug is not believed to be 2611 exploitable. Noted by Michal Zalewski of the "Internet for 2612 Schools" project (IdS). 2613 Add an FFR (for future release) to drop privileges when using 2614 address test mode. This will be turned on in 8.12. It can 2615 be enabled by compiling with: 2616 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS') 2617 in your devtools/Site/site.config.m4 file. Suggested by 2618 Michal Zalewski of the "Internet for Schools" project (IdS). 2619 Fix potential problem with Cyrus-SASL security layer which may have 2620 caused I/O errors, especially for mechanism DIGEST-MD5. 2621 When QueueSortOrder was set to host, sendmail might not read 2622 enough of the queue file to determine the host, making the 2623 sort sub-optimal. Problem noted by Jeff Earickson of 2624 Colby College. 2625 Don't issue DSNs for addresses which use the NOTIFY parameter (per 2626 RFC 1891) but don't have FAILURE as value. 2627 Initialize Cyrus-SASL library before the SMTP daemon is started. 2628 This implies that every change to SASL related files requires 2629 a restart of the daemon, e.g., Sendmail.conf, new SASL 2630 mechanisms (in form of shared libraries). 2631 Properly set the STARTTLS related macros during a queue run for 2632 a cached connection. Bug reported by Michael Kellen of 2633 NxNetworks, Inc. 2634 Log the server name in relay= for ruleset tls_server instead of the 2635 client name. 2636 Include original length of bad field/header when reporting 2637 MaxMimeHeaderLength problems. Requested by Ulrich Windl of 2638 the Universitat Regensburg. 2639 Fix delivery to set-user-ID files that are expanded from aliases in 2640 DeliveryMode queue. Problem noted by Ric Anderson of the 2641 University of Arizona. 2642 Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano 2643 of Collective Technologies. 2644 Avoid using a negative argument for sleep() calls when delaying answers 2645 to EXPN/VRFY commands on systems which respond very slowly. 2646 Problem noted by Mikolaj J. Habryn of Optus Internet 2647 Engineering. 2648 Make sure the F=u flag is set in the default prog mailer 2649 definition. Problem noted by Kari Hurtta of the Finnish 2650 Meteorological Institute. 2651 Fix IPv6 check for unspecified addresses. Patch from 2652 Jun-ichiro itojun Hagino of the KAME Project. 2653 Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish 2654 Meteorological Institute. 2655 Fix parsing of DaemonPortOptions and ClientPortOptions. Read all 2656 of the parameters to find Family= setting before trying to 2657 interpret Addr= and Port=. Problem noted by Valdis 2658 Kletnieks of Virginia Tech. 2659 When delivering to a file directly from an alias, do not call 2660 initgroups(); instead use the DefaultUser group information. 2661 Problem noted by Marc Schaefer of ALPHANET NF. 2662 RunAsUser now overrides the ownership of the control socket, if 2663 created. Otherwise, sendmail can not remove it upon 2664 close. Problem noted by Werner Wiethege. 2665 Fix ConnectionRateThrottle counting as the option is the number of 2666 overall connections, not the number of connections per 2667 socket. A future version may change this to per socket 2668 counting. 2669 Portability: 2670 Clean up libsmdb so it functions properly on platforms 2671 where sizeof(u_int32_t) != sizeof(size_t). Problem 2672 noted by Rein Tollevik of Basefarm AS. 2673 Fix man page formatting for compatibility with Solaris' 2674 whatis. From Stephen Gildea of InTouch Systems, Inc. 2675 UnixWare 7 includes snprintf() support. From Larry 2676 Rosenman. 2677 IPv6 changes for platforms using KAME. Patch from 2678 Jun-ichiro itojun Hagino of the KAME Project. 2679 Avoid a typedef compile conflict with Berkeley DB 3.X and 2680 Solaris 2.5 or earlier. Problem noted by Bob Hughes 2681 of Pacific Access. 2682 Add preliminary support for AIX 5. Contributed by 2683 Valdis Kletnieks of Virginia Tech. 2684 Solaris 9 load average support from Andrew Tucker of Sun 2685 Microsystems. 2686 CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r') 2687 is used. Problem noted by Phil Homewood of Asia Online, 2688 patch from Neil Rickert of Northern Illinois University. 2689 CONFIG: Change the default DNS based blacklist server for 2690 FEATURE(`dnsbl') to blackholes.mail-abuse.org. 2691 CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e., 2692 implicitly assume canonical host names. 2693 CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on 2694 patch by Motonori Nakamura of Kyoto University. 2695 CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of 2696 Virginia Tech. 2697 CONFIG: Pass the illegal header form <list:;> through untouched 2698 instead of making it worse. Problem noted by Motonori 2699 Nakamura of Kyoto University. 2700 CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`). 2701 CONTRIB: qtool.pl: An empty queue is not an error. Problem noted 2702 by Jan Krueger of digitalanswers communications consulting 2703 gmbh. 2704 CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark 2705 Roth of the University of Illinois at Urbana-Champaign. 2706 DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4 2707 variables into bldOS, bldREL, and bldARCH to prevent 2708 namespace collisions. Problem noted by Motonori Nakamura 2709 of Kyoto University. 2710 RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It 2711 causes some changes in behavior and may break rmail for 2712 installations where sendmail is actually a wrapper to 2713 another MTA. The change will re-appear in a future 2714 version. 2715 SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X, 2716 and SunOS 5.8. Requested by Jeff A. Earickson of Colby 2717 College and John Beck of Sun Microsystems. 2718 VACATION: Fix pattern matching for addresses to ignore. 2719 VACATION: Don't reply to addresses of the form owner-* 2720 or *-owner. 2721 New Files: 2722 cf/ostype/aix5.m4 2723 contrib/buildvirtuser 2724 devtools/OS/AIX.5.0 2725 27268.11.1/8.11.1 2000/09/27 2727 Fix SMTP EXPN command output if the address expands to a single 2728 name. Fix from John Beck of Sun Microsystems. 2729 Don't try STARTTLS in the client if the PRNG has not been properly 2730 seeded. This problem only occurs on systems without 2731 /dev/urandom. Problem detected by Jan Krueger of 2732 digitalanswers communications consulting gmbh and 2733 Neil Rickert of Northern Illinois University. 2734 Don't use the . and .. directories when expanding QueueDirectory 2735 wildcards. 2736 Do not try to cache LDAP connections across processes as a parent 2737 process may close the connection before the child process 2738 has completed. Problem noted by Lai Yiu Fai of the Hong 2739 Kong University of Science and Technology and Wolfgang 2740 Hottgenroth of UUNET. 2741 Use Timeout.fileopen to limit the amount of time spent trying to 2742 read the LDAP secret from a file. 2743 Prevent SIGTERM from removing a command line submitted item after 2744 the user submits the message and before the first delivery 2745 attempt completes. Problem noted by Max France of AlphaNet. 2746 Fix from Neil Rickert of Northern Illinois University. 2747 Deal correctly with MaxMessageSize restriction if message size is 2748 greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman 2749 of EarthLink. 2750 Turn off queue checkpointing if CheckpointInterval is set to zero. 2751 Treat an empty home directory (from getpw*() or $HOME) as 2752 non-existent instead of treating it as /. Problem noted by 2753 Todd C. Miller of Courtesan Consulting. 2754 Don't drop duplicate headers when reading a queued item. Problem 2755 noted by Motonori Nakamura of Kyoto University. 2756 Avoid bogus error text when logging the savemail panic "cannot 2757 save rejected email anywhere". Problem noted by Marc G. 2758 Fournier of Acadia University. 2759 If an LDAP search fails because the LDAP server went down, close 2760 the map so subsequent searches reopen the map. If there are 2761 multiple LDAP servers, the down server will be skipped and 2762 one of the others may be able to take over. 2763 Set the ${load_avg} macro to the current load average, not the 2764 previous load average query result. 2765 If a non-optional map used in a check_* ruleset can't be opened, 2766 return a temporary failure to the remote SMTP client 2767 instead of ignoring the map. Problem noted by Allan E 2768 Johannesen of Worcester Polytechnic Institute. 2769 Avoid a race condition when queuing up split envelopes by saving 2770 the split envelopes before the original envelope. 2771 Fix a bug in the PH_MAP code which caused mail to bounce instead of 2772 defer if the PH server could not be contacted. From Mark 2773 Roth of the University of Illinois at Urbana-Champaign. 2774 Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and 2775 ETRN. Problem noted by Erik R. Leo of SoVerNet. 2776 Change error code for unrecognized parameters to the SMTP MAIL and 2777 RCPT commands from 501 to 555 per RFC 1869. Problem 2778 reported to Postfix by Robert Norris of Monash University. 2779 Prevent overwriting the argument of -B on certain OS. Problem 2780 noted by Matteo Gelosa of I.NET S.p.A. 2781 Use the proper routine for freeing memory with Netscape's LDAP 2782 client libraries. Patch from Paul Hilchey of the 2783 University of British Columbia. 2784 Portability: 2785 Move the NETINET6 define to devtools/OS/SunOS.5.{8,9} 2786 instead of defining it in conf.h so users can 2787 override the setting. Suggested by 2788 Henrik Nordstrom of Ericsson. 2789 On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of 2790 /usr/lib/sendmail for rmail and vacation. From 2791 Jeff A. Earickson of Colby College. 2792 On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which 2793 does not exist). From Jeff A. Earickson of Colby 2794 College. 2795 Avoid using the UCB subsystem on NCR MP-RAS 3.x. From 2796 Tom Moore of NCR. 2797 NeXT 3.X and 4.X installs man pages in /usr/man. From 2798 Hisanori Gogota of NTT/InterCommunicationCenter. 2799 Solaris 8 and later include /var/run. The default PID file 2800 location is now /var/run/sendmail.pid. From John 2801 Beck of Sun Microsystems. 2802 SFIO includes snprintf() for those operating systems 2803 which do not. From Todd C. Miller of Courtesan 2804 Consulting. 2805 CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}. 2806 Problem noted by Kaspar Brand of futureLab AG. 2807 CONFIG: Change 553 SMTP reply code to 501 to avoid problems with 2808 errors in the MAIL address. 2809 CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem 2810 noted by Ron Jarrell of Virginia Tech. 2811 CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8). 2812 Contributed by John Beck of Sun Microsystems. 2813 CONFIG: Set confFROM_HEADER such that the mail hub can possibly add 2814 GECOS information for an address. This more closely 2815 matches pre-8.10 nullclient behavior. From Per Hedeland of 2816 Ericsson. 2817 CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for 2818 SMTP to all *smtp* mailers and those for RELAY to the relay 2819 mailer as described in cf/README. 2820 MAIL.LOCAL: Open the mailbox as the recipient not root so quotas 2821 are obeyed. Problem noted by Damian Kuczynski of NIK. 2822 MAKEMAP: Do not change a map's owner to the TrustedUser if using 2823 makemap to 'unmake' the map. 2824 RMAIL: Avoid overflowing the list of recipients being passed to 2825 sendmail. 2826 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway 2827 submission. Problem noted by Kari Hurtta of the Finnish 2828 Meteorological Institute. 2829 VACATION: Read the complete message to avoid "broken pipe" signals. 2830 VACATION: Do not cut off vacation.msg files which have a single 2831 dot as the only character on the line. 2832 New Files: 2833 cf/ostype/solaris8.m4 2834 28358.11.0/8.11.0 2000/07/19 2836 SECURITY: If sendmail is installed as a non-root set-user-ID binary 2837 (not the normal case), some operating systems will still 2838 keep a saved-uid of the effective-uid when sendmail tries 2839 to drop all of its privileges. If sendmail needs to drop 2840 these privileges and the operating system doesn't set the 2841 saved-uid as well, exit with an error. Problem noted by 2842 Kari Hurtta of the Finnish Meteorological Institute. 2843 SECURITY: sendmail depends on snprintf() NUL terminating the string 2844 it populates. It is possible that some broken 2845 implementations of snprintf() exist that do not do this. 2846 Systems in this category should compile with 2847 -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your 2848 system and report broken implementations to 2849 sendmail-bugs@sendmail.org and your OS vendor. Problem 2850 noted by Slawomir Piotrowski of TELSAT GP. 2851 Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS). 2852 Implementation influenced by the example programs of 2853 OpenSSL and the work of Lutz Jaenicke of TU Cottbus. 2854 Add new STARTTLS related options CACERTPath, CACERTFile, 2855 ClientCertFile, ClientKeyFile, DHParameters, RandFile, 2856 ServerCertFile, and ServerKeyFile. These are documented in 2857 cf/README and doc/op/op.*. 2858 New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, 2859 ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, 2860 ${server_name}, and ${server_addr}. These are documented 2861 in cf/README and doc/op/op.*. 2862 Add support for the Entropy Gathering Daemon (EGD) for better 2863 random data. 2864 New DontBlameSendmail option InsufficientEntropy for systems which 2865 don't properly seed the PRNG for OpenSSL but want to 2866 try to use STARTTLS despite the security problems. 2867 Support the security layer in SMTP AUTH for mechanisms which 2868 support encryption. Based on code contributed by Tim 2869 Martin of CMU. 2870 Add new macro ${auth_ssf} to reflect the SMTP AUTH security 2871 strength factor. 2872 LDAP's -1 (single match only) flag was not honored if the -z 2873 (delimiter) flag was not given. Problem noted by ST Wong of 2874 the Chinese University of Hong Kong. Fix from Mark Adamson 2875 of CMU. 2876 Add more protection from accidentally tripping OpenLDAP 1.X's 2877 ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute(). 2878 Suggested by Kurt Zeilenga of OpenLDAP. 2879 Fix the default family selection for DaemonPortOptions. As 2880 documented, unless a family is specified in a 2881 DaemonPortOptions option, "inet" is the default. It is 2882 also the default if no DaemonPortOptions value is set. 2883 Therefore, IPv6 users should configure additional sockets 2884 by adding DaemonPortOptions settings with Family=inet6 if 2885 they wish to also listen on IPv6 interfaces. Problem noted 2886 by Jun-ichiro itojun Hagino of the KAME Project. 2887 Set ${if_family} when setting ${if_addr} and ${if_name} to reflect 2888 the interface information for an outgoing connection. 2889 Not doing so was creating a mismatch between the socket 2890 family and address used in subsequent connections if the 2891 M=b modifier was set in DaemonPortOptions. Problem noted 2892 by John Beck of Sun Microsystems. 2893 If DaemonPortOptions modifier M=b is used, determine the socket 2894 family based on the IP address. ${if_family} is no longer 2895 persistent (i.e., saved in qf files). Patch from John Beck 2896 of Sun Microsystems. 2897 sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family} 2898 macros for both the incoming interface address/family and 2899 the outgoing interface address/family. In order for M=b 2900 modifier in DaemonPortOptions to work properly, preserve 2901 the incoming information in the queue file for later 2902 delivery attempts. 2903 Use SMTP error code and enhanced status code from check_relay in 2904 responses to commands. Problem noted by Jeff Wasilko of 2905 smoe.org. 2906 Add more vigilance in checking for putc() errors on output streams 2907 to protect from a bug in Solaris 2.6's putc(). Problem 2908 noted by Graeme Hewson of Oracle. 2909 The LDAP map -n option (return attribute names only) wasn't working. 2910 Problem noted by Ajay Matia. 2911 Under certain circumstances, an address could be listed as deferred 2912 but would be bounced back to the sender as failed to be 2913 delivered when it really should have been queued. Problem 2914 noted by Allan E Johannesen of Worcester Polytechnic Institute. 2915 Prevent a segmentation fault in a child SMTP process from getting 2916 the SMTP transaction out of sync. Problem noted by Per 2917 Hedeland of Ericsson. 2918 Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT 2919 is defined to avoid a core dump due to incompatibilities 2920 between sfio and stdio. Problem noted by Neil Rickert 2921 of Northern Illinois University. 2922 Don't log useless envelope ID on initial connection log. Problem 2923 noted by Kari Hurtta of the Finnish Meteorological Institute. 2924 Convert the free disk space shown in a control socket status query 2925 to kilobyte units. 2926 If TryNullMXList is True and there is a temporary DNS failure 2927 looking up the hostname, requeue the message for a later 2928 attempt. Problem noted by Ari Heikkinen of Pohjois-Savo 2929 Polytechnic. 2930 Under the proper circumstances, failed connections would be recorded 2931 as "Bad file number" instead of "Connection failed" in the 2932 queue file and persistent host status. Problem noted by 2933 Graeme Hewson of Oracle. 2934 Avoid getting into an endless loop if a non-hoststat directory exists 2935 within the hoststatus directory (e.g., lost+found). 2936 Patch from Valdis Kletnieks of Virginia Tech. 2937 Make sure Timeout.queuereturn=now returns a bounce message to the 2938 sender. Problem noted by Per Hedeland of Ericsson. 2939 If a message data file can't be opened at delivery time, panic and 2940 abort the attempt instead of delivering a message that 2941 states "<<< No Message Collected >>>". 2942 Fixup the GID checking code from 8.10.2 as it was overly 2943 restrictive. Problem noted by Mark G. Thomas of Mark 2944 G. Thomas Consulting. 2945 Preserve source port number instead of replacing it with the ident 2946 port number (113). 2947 Document the queue status characters in the mailq man page. 2948 Suggested by Ulrich Windl of the Universitat Regensburg. 2949 Process queued items in which none of the recipient addresses have 2950 host portions (or there are no recipients). Problem noted 2951 by Valdis Kletnieks of Virginia Tech. 2952 If a cached LDAP connection is used for multiple maps, make sure 2953 only the first to open the connection is allowed to close 2954 it so a later map close doesn't break the connection for 2955 other maps. Problem noted by Wolfgang Hottgenroth of UUNET. 2956 Netscape's LDAP libraries do not support Kerberos V4 2957 authentication. Patch from Rainer Schoepf of the 2958 University of Mainz. 2959 Provide workaround for inconsistent handling of data passed 2960 via callbacks to Cyrus SASL prior to version 1.5.23. 2961 Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission 2962 noted by Ulrich Windl of the Universitat Regensburg. 2963 Portability: 2964 Add the ability to read IPv6 interface addresses into class 2965 'w' under FreeBSD (and possibly others). From Jun 2966 Kuriyama of IMG SRC, Inc. and the FreeBSD Project. 2967 Replace code for finding the number of CPUs on HPUX. 2968 NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not 2969 work properly causing problems if the accept() 2970 fails and the socket needs to be reopened. Patch 2971 from Tom Moore of NCR. 2972 NetBSD uses a .0 extension of formatted man pages. From 2973 Andrew Brown of Crossbar Security. 2974 Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED 2975 for calls to getipnodebyname(). The Linux 2976 implementation is broken so AI_ADDRCONFIG is stripped 2977 under Linux. From John Beck of Sun Microsystems and 2978 John Kennedy of Cal State University, Chico. 2979 CONFIG: Catch invalid addresses containing a ',' at the wrong place. 2980 Patch from Neil Rickert of Northern Illinois University. 2981 CONFIG: New variables for the new sendmail options: 2982 confCACERT_PATH CACERTPath 2983 confCACERT CACERTFile 2984 confCLIENT_CERT ClientCertFile 2985 confCLIENT_KEY ClientKeyFile 2986 confDH_PARAMETERS DHParameters 2987 confRAND_FILE RandFile 2988 confSERVER_CERT ServerCertFile 2989 confSERVER_KEY ServerKeyFile 2990 CONFIG: Provide basic rulesets for TLS policy control and add new 2991 tags to the access database to support these policies. See 2992 cf/README for more information. 2993 CONFIG: Add TLS information to the Received: header. 2994 CONFIG: Call tls_client ruleset from check_mail in case it wasn't 2995 called due to a STARTTLS command. 2996 CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent 2997 instead of temporary. 2998 CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with 2999 the access map and relaying to a domain without using a To: 3000 tag. Problem noted by Mark G. Thomas of Mark G. Thomas 3001 Consulting. 3002 CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in 3003 OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of 3004 RootsWeb.com. 3005 CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and 3006 forwarding to make it as close to the old behavior as 3007 possible. Problem noted by George W. Baltz of the 3008 University of Maryland. 3009 CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From 3010 Wilfredo Sanchez of Apple Computer, Inc. 3011 CONFIG: Changed the map names used by FEATURE(`ldap_routing') from 3012 ldap_mailhost and ldap_mailroutingaddress to ldapmh and 3013 ldapmra as underscores in map names cause problems if 3014 underscore is in OperatorChars. Problem noted by Bob Zeitz 3015 of the University of Alberta. 3016 CONFIG: Apply blacklist_recipients also to hosts in class {w}. 3017 Patch from Michael Tratz of Esosoft Corporation. 3018 CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers. 3019 CONTRIB: Add link_hash.sh to create symbolic links to the hash 3020 of X.509 certificates. 3021 CONTRIB: passwd-to-alias.pl: More protection from special characters; 3022 treat special shells as root aliases; skip entries where the 3023 GECOS full name and username match. From Ulrich Windl of the 3024 Universitat Regensburg. 3025 CONTRIB: qtool.pl: Add missing last_modified_time method and fix a 3026 typo. Patch from Graeme Hewson of Oracle. 3027 CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue 3028 and sendmail. Patch from Graeme Hewson of Oracle. 3029 CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as 3030 subroutine Patch from Graeme Hewson of Oracle. 3031 CONTRIB: Add movemail.pl (move old mail messages between queues by 3032 calling re-mqueue.pl) and movemail.conf (configuration 3033 script for movemail.pl). From Graeme Hewson of Oracle. 3034 CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to 3035 makemap). From Derek J. Balling of Yahoo,Inc. 3036 DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any 3037 extension modifications (e.g., MAN8EXT) to the installation 3038 target. Patch from James Ralston of Carnegie Mellon 3039 University. 3040 DEVTOOLS: Add support for SunOS 5.9. 3041 DEVTOOLS: New option confLN contains the command used to create 3042 links. 3043 LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not 3044 reported. 3045 MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of 3046 Denman Tire Corporation. 3047 MAIL.LOCAL: Prevent a possible DoS attack when compiled with 3048 -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU. 3049 MAILSTATS: Fix usage statement (-p and -o are optional). 3050 MAKEMAP: Change man page layout as workaround for problem with nroff 3051 and -man on Solaris 7. Patch from Larry Williamson. 3052 RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of 3053 Black Diamond Equipment, Limited. 3054 RMAIL: Prevent a segmentation fault if the incoming message does not 3055 have a From line. 3056 VACATION: Read all of the headers before deciding whether or not 3057 to respond instead of stopping after finding recipient. 3058 Added Files: 3059 cf/ostype/darwin.m4 3060 contrib/cidrexpand 3061 contrib/link_hash.sh 3062 contrib/movemail.conf 3063 contrib/movemail.pl 3064 devtools/OS/SunOS.5.9 3065 test/t_snprintf.c 3066 30678.10.2/8.10.2 2000/06/07 3068 SECURITY: Work around broken Linux setuid() implementation. 3069 On Linux, a normal user process has the ability to subvert 3070 the setuid() call such that it is impossible for a root 3071 process to drop its privileges. Problem noted by Wojciech 3072 Purczynski of elzabsoft.pl. 3073 SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(), 3074 initgroups(), and chroot() calls. 3075 Added Files: 3076 test/t_setuid.c 3077 30788.10.1/8.10.1 2000/04/06 3079 SECURITY: Limit the choice of outgoing (client-side) SMTP 3080 Authentication mechanisms to those specified in 3081 AuthMechanisms to prevent information leakage. We do not 3082 recommend use of PLAIN for outgoing mail as it sends the 3083 password in clear text to possibly untrusted servers. See 3084 cf/README's DefaultAuthInfo section for additional information. 3085 Copy the ident argument for openlog() to avoid problems on some 3086 OSs. Based on patch from Rob Bajorek from Webhelp.com. 3087 Avoid bogus error message when reporting an alias line as too long. 3088 Avoid bogus socket error message if sendmail.cf version level is 3089 greater than sendmail binary supported version. Patch 3090 from John Beck of Sun Microsystems. 3091 Prevent a malformed ruleset (missing right hand side) from causing 3092 a segmentation fault when using address test mode. Based on 3093 patch from John Beck of Sun Microsystems. 3094 Prevent memory leak from use of NIS maps and yp_match(3). Problem 3095 noted by Gil Kloepfer of the University of Texas at Austin. 3096 Fix queue file permission checks to allow for TrustedUser ownership. 3097 Change logging of errors from the trust_auth ruleset to LogLevel 10 3098 or higher. 3099 Avoid simple password cracking attacks against SMTP AUTH by using 3100 exponential delay after too many tries within one connection. 3101 Encode an initial empty AUTH challenge as '=', not as empty string. 3102 Avoid segmentation fault on EX_SOFTWARE internal error logs. 3103 Problem noted by Allan E Johannesen of Worcester 3104 Polytechnic Institute. 3105 Ensure that a header check which resolves to $#discard actually 3106 discards the message. 3107 Emit missing value warnings for aliases with no right hand side 3108 when newaliases is run instead of only when delivery is 3109 attempted to the alias. 3110 Remove AuthOptions missing value warning for consistency with other 3111 flag options. 3112 Portability: 3113 SECURITY: Specify a run-time shared library search path for 3114 AIX 4.X instead of using the dangerous AIX 4.X 3115 linker semantics. AIX 4.X users should consult 3116 sendmail/README for further information. Problem 3117 noted by Valdis Kletnieks of Virginia Tech. 3118 Avoid use of strerror(3) call. Problem noted by Charles 3119 Levert of Ecole Polytechnique de Montreal. 3120 DGUX requires -lsocket -lnsl and has a non-standard install 3121 program. From Tim Boyer of Denman Tire Corporation. 3122 HPUX 11.0 has a broken res_search() function. 3123 Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X 3124 from J. P. McCann of E I A. 3125 Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3). 3126 Problem noted by Michael Long of Info Avenue Internet 3127 Services, LLC. 3128 Modern (post-199912) OpenBSD versions include working 3129 strlc{at,py}(3) functions. From Todd C. Miller of 3130 Courtesan Consulting. 3131 SINIX doesn't have random(3). From Gerald Rinske of 3132 Siemens Business Services. 3133 CONFIG: Change error message about unresolvable sender domain to 3134 include the sender address. Proposed by Wolfgang Rupprecht 3135 of WSRCC. 3136 CONFIG: Fix usenet mailer calls. 3137 CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS 3138 to be backward compatible with 8.9. 3139 CONFIG: Change handling of default case @domain for virtusertable 3140 to allow for +*@domain to deal with +detail. 3141 CONTRIB: Remove converting.sun.configs -- it is obsolete. 3142 DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki 3143 of NEC. 3144 DEVTOOLS: Add to NCR platform list and include the architecture 3145 (i486). From Tom J. Moore of NCR. 3146 DEVTOOLS: SECURITY: Change method of linking with sendmail utility 3147 libraries to work around the AIX 4.X and SunOS 4.X linker's 3148 overloaded -L option. Problem noted by Valdis Kletnieks of 3149 Virginia Tech. 3150 DEVTOOLS: configure.sh was overriding the user's choice for 3151 confNROFF. Problem noted by Glenn A. Malling of Syracuse 3152 University. 3153 DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added 3154 for other internal projects but included in the open source 3155 release. 3156 LIBSMDB: Check for ".db" instead of simply "db" at the end of the 3157 map name to determine whether or not to add the extension. 3158 This fixes makemap when building the userdb file. Problem 3159 noted by Andrew J Cole of the University of Leeds. 3160 LIBSMDB: Allow a database to be opened for updating and created if 3161 it doesn't already exist. Problem noted by Rand Wacker of 3162 Sendmail. 3163 LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are 3164 available, fall back to NDBM if NEWDB open fails. This 3165 fixes praliases. Patch from John Beck of Sun Microsystems. 3166 LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted 3167 as SFF_NOWRFILES. 3168 OP.ME: Clarify some issues regarding mailer flags. Suggested by 3169 Martin Mokrejs of The Charles University and Neil Rickert of 3170 Northern Illinois University. 3171 PRALIASES: Restore 8.9.X functionality of being able to search for 3172 particular keys in a database by specifying the keys on the 3173 command line. Man page updated accordingly. Patch from 3174 John Beck of Sun Microsystems. 3175 VACATION: SunOS 4.X portability from Charles Levert of Ecole 3176 Polytechnique de Montreal. 3177 VACATION: Fix -t option which is ignored but available for 3178 compatibility with Sun's version, based on patch from 3179 Volker Dobler of Infratest Burke. 3180 Added Files: 3181 devtools/M4/UNIX/smlib.m4 3182 devtools/OS/OSF1.V5.0 3183 Deleted Files: 3184 contrib/converting.sun.configs 3185 Deleted Directories (already done in 8.10.0 but not listed): 3186 doc/intro 3187 doc/usenix 3188 doc/changes 3189 31908.10.0/8.10.0 2000/03/01 3191 ************************************************************* 3192 * The engineering department at Sendmail, Inc. has suffered * 3193 * the tragic loss of a key member of our engineering team. * 3194 * Julie Van Bourg was the Vice President of Engineering * 3195 * at Sendmail, Inc. during the development and deployment * 3196 * of this release. It was her vision, dedication, and * 3197 * support that has made this release a success. Julie died * 3198 * on October 26, 1999 of cancer. We have lost a leader, a * 3199 * coach, and a friend. * 3200 * * 3201 * This release is dedicated to her memory and to the joy, * 3202 * strength, ideals, and hope that she brought to all of us. * 3203 * Julie, we miss you! * 3204 ************************************************************* 3205 SECURITY: The safe file checks now back track through symbolic 3206 links to make sure the files can't be compromised due 3207 to poor permissions on the parent directories of the 3208 symbolic link target. 3209 SECURITY: Only root, TrustedUser, and users in class t can rebuild 3210 the alias map. Problem noted by Michal Zalewski of the 3211 "Internet for Schools" project (IdS). 3212 SECURITY: There is a potential for a denial of service attack if 3213 the AutoRebuildAliases option is set as a user can kill the 3214 sendmail process while it is rebuilding the aliases file 3215 (leaving it in an inconsistent state). This option and 3216 its use is deprecated and will be removed from a future 3217 version of sendmail. 3218 SECURITY: Make sure all file descriptors (besides stdin, stdout, and 3219 stderr) are closed before restarting sendmail. Problem noted 3220 by Michal Zalewski of the "Internet for Schools" project 3221 (IdS). 3222 Begin using /etc/mail/ for sendmail related files. This affects 3223 a large number of files. See cf/README for more details. 3224 The directory structure of the distribution has changed slightly 3225 for easier code sharing among the programs. 3226 Support SMTP AUTH (see RFC 2554). New macros for this purpose 3227 are ${auth_authen}, ${auth_type}, and ${auth_author} 3228 which hold the client's authentication credentials, 3229 the mechanism used for authentication, and the 3230 authorization identity (i.e., the AUTH= parameter if 3231 supplied). Based on code contributed by Tim Martin of CMU. 3232 On systems which use the Torek stdio library (all of the BSD 3233 distributions), use memory-buffered files to reduce 3234 file system overhead by not creating temporary files on 3235 disk. Contributed by Exactis.com, Inc. 3236 New option DataFileBufferSize to control the maximum size of a 3237 memory-buffered data (df) file before a disk-based file is 3238 used. Contributed by Exactis.com, Inc. 3239 New option XscriptFileBufferSize to control the maximum size of a 3240 memory-buffered transcript (xf) file before a disk-based 3241 file is used. Contributed by Exactis.com, Inc. 3242 sendmail implements RFC 2476 (Message Submission), e.g., it can 3243 now listen on several different ports. Use: 3244 O DaemonPortOptions=Name=MSA, Port=587, M=E 3245 to run a Message Submission Agent (MSA); this is turned 3246 on by default in m4-generated .cf files; it can be turned 3247 off with FEATURE(`no_default_msa'). 3248 The 'XUSR' SMTP command is deprecated. Mail user agents should 3249 begin using RFC 2476 Message Submission for initial user 3250 message submission. XUSR may disappear from a future release. 3251 The new '-G' (relay (gateway) submission) command line option 3252 indicates that the message being submitted from the command 3253 line is for relaying, not initial submission. This means 3254 the message will be rejected if the addresses are not fully 3255 qualified and no canonicalization will be done. Future 3256 releases may even reject improperly formed messages. 3257 The '-U' (initial user submission) command line option is 3258 deprecated and may be removed from a future release. 3259 Mail user agents should begin using '-G' to indicate that 3260 this is a relay submission (the inverse of -U). 3261 The next release of sendmail will assume that any message submitted 3262 from the command line is an initial user submission and act 3263 accordingly. 3264 If sendmail doesn't have enough privileges to run a .forward 3265 program or deliver to file as the owner of that file, the 3266 address is marked as unsafe. This means if RunAsUser is 3267 set, users won't be able to use programs or delivery to 3268 files in their .forward files. Administrators can override 3269 this by setting the DontBlameSendmail option to the new 3270 setting NonRootSafeAddr. 3271 Allow group or world writable directories if the sticky bit is set 3272 on the directory and DontBlameSendmail is set to 3273 TrustStickyBit. Based on patch from Chris Metcalf of 3274 InCert Software. 3275 Prevent logging of unsafe directory paths for non-existent forward 3276 files if the new DontWarnForwardFileInUnsafeDirPath bit is 3277 set in the DontBlameSendmail option. Requested by many. 3278 New Timeout.control option to limit the total time spent satisfying 3279 a control socket request. 3280 New Timeout.resolver options for controlling BIND resolver 3281 settings: 3282 Timeout.resolver.retrans 3283 Sets the resolver's retransmission time interval (in 3284 seconds). Sets both Timeout.resolver.retrans.first 3285 and Timeout.resolver.retrans.normal. 3286 Timeout.resolver.retrans.first 3287 Sets the resolver's retransmission time interval (in 3288 seconds) for the first attempt to deliver a message. 3289 Timeout.resolver.retrans.normal 3290 Sets the resolver's retransmission time interval (in 3291 seconds) for all resolver lookups except the first 3292 delivery attempt. 3293 Timeout.resolver.retry 3294 Sets the number of times to retransmit a resolver 3295 query. Sets both Timeout.resolver.retry.first 3296 and Timeout.resolver.retry.normal. 3297 Timeout.resolver.retry.first 3298 Sets the number of times to retransmit a resolver 3299 query for the first attempt to deliver a message. 3300 Timeout.resolver.retry.normal 3301 Sets the number of times to retransmit a resolver 3302 query for all resolver lookups except the first 3303 delivery attempt. 3304 Contributed by Exactis.com, Inc. 3305 Support multiple queue directories. To use multiple queues, supply 3306 a QueueDirectory option value ending with an asterisk. For 3307 example, /var/spool/mqueue/q* will use all of the 3308 directories or symbolic links to directories beginning with 3309 'q' in /var/spool/mqueue as queue directories. Keep in 3310 mind, the queue directory structure should not be changed 3311 while sendmail is running. Queue runs create a separate 3312 process for running each queue unless the verbose flag is 3313 given on a non-daemon queue run. New items are randomly 3314 assigned to a queue. Contributed by Exactis.com, Inc. 3315 Support different directories for qf, df, and xf queue files; if 3316 subdirectories or symbolic links to directories of those names 3317 exist in the queue directories, they are used for the 3318 corresponding queue files. Keep in mind, the queue 3319 directory structure should not be changed while sendmail is 3320 running. Proposed by Mathias Koerber of Singapore 3321 Telecommunications Ltd. 3322 New queue file naming system which uses a filename guaranteed to be 3323 unique for 60 years. This allows queue IDs to be assigned 3324 without fancy file system locking. Queued items can be 3325 moved between queues easily. Contributed by Exactis.com, 3326 Inc. 3327 Messages which are undeliverable due to temporary address failures 3328 (e.g., DNS failure) will now go to the FallBackMX host, if 3329 set. Contributed by Exactis.com, Inc. 3330 New command line option '-L tag' which sets the identifier used for 3331 syslog. Contributed by Exactis.com, Inc. 3332 QueueSortOrder=Filename will sort the queue by filename. This 3333 avoids opening and reading each queue file when preparing 3334 to run the queue. Contributed by Exactis.com, Inc. 3335 Shared memory counters and microtimers functionality has been 3336 donated by Exactis.com, Inc. 3337 The SCCS ID tags have been replaced with RCS ID tags. 3338 Allow trusted users (those on a T line or in $=t) to set the 3339 QueueDirectory (Q) option without an X-Authentication-Warning: 3340 being added. Suggested by Michael K. Sanders. 3341 IPv6 support based on patches from John Kennedy of Cal State 3342 University, Chico, Motonori Nakamura of Kyoto University, 3343 and John Beck of Sun Microsystems. 3344 In low-disk space situations, where sendmail would previously refuse 3345 connections, still accept them, but only allow ETRN commands. 3346 Suggested by Mathias Koerber of Singapore Telecommunications 3347 Ltd. 3348 The [IPC] builtin mailer now allows delivery to a UNIX domain socket 3349 on systems which support them. This can be used with LMTP 3350 local delivery agents which listen on a named socket. An 3351 example mailer might be: 3352 Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n, 3353 S=10, R=20/40, T=DNS/RFC822/X-Unix, 3354 A=FILE /var/run/lmtpd 3355 Code contributed by Lyndon Nerenberg of Messaging Direct. 3356 The [TCP] builtin mailer name is now deprecated. Use [IPC] 3357 instead. 3358 The first mailer argument in the [IPC] mailer is now checked for a 3359 legitimate value. Possible values are TCP (for TCP/IP 3360 connections), IPC (which will be deprecated in a future 3361 version), and FILE (for UNIX domain socket delivery). 3362 PrivacyOptions=goaway no longer includes the noetrn and the noreceipts 3363 flags. 3364 PrivacyOptions=nobodyreturn instructs sendmail not to include the 3365 body of the original message on delivery status 3366 notifications. 3367 Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted 3368 by Dan Bernstein, fix from Robert Harker of Harker Systems. 3369 Accept the SMTP RSET command even when rejecting commands due to TCP 3370 Wrappers or the check_relay ruleset. Problem noted by 3371 Steve Schweinhart of America Online. 3372 Warn if OperatorChars is set multiple times. OperatorChars should 3373 not be set after rulesets are defined. Suggested by 3374 Mitchell Blank Jr of Exec-PC. 3375 Do not report temporary failure on delivery to files. In 3376 interactive delivery mode, this would result in two SMTP 3377 responses after the DATA command. Problem noted by 3378 Nik Conwell of Boston University. 3379 Check file close when mailing to files. Problem noted by Nik 3380 Conwell of Boston University. 3381 Avoid a segmentation fault when using the LDAP map. Patch from 3382 Curtis W. Hillegas of Princeton University. 3383 Always bind to the LDAP server regardless of whether you are using 3384 ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of 3385 @Home Network. 3386 New ruleset trust_auth to determine whether a given AUTH= 3387 parameter of the MAIL command should be trusted. See SMTP 3388 AUTH, cf/README, and doc/op/op.ps. 3389 Allow new named config file rules check_vrfy, check_expn, and 3390 check_etrn for VRFY, EXPN, and ETRN commands, respectively, 3391 similar to check_rcpt etc. 3392 Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr}, 3393 ${mail_mailer}, ${mail_host}, ${mail_addr} that hold 3394 the results of parsing the RCPT and MAIL arguments, i.e. 3395 the resolved triplet from $#mailer $@host $:addr. 3396 From Kari Hurtta of the Finnish Meteorological Institute. 3397 New macro ${client_resolve} which holds the result of the resolve 3398 call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed 3399 by Kari Hurtta of the Finnish Meteorological Institute. 3400 New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold 3401 the corresponding DSN parameter values. Proposed by 3402 Mathias Herberts. 3403 New macro ${msg_size} which holds the value of the SIZE= parameter, 3404 i.e., usually the size of the message (in an ESMTP dialogue), 3405 before the message has been collected, thereafter it holds 3406 the message size as computed by sendmail (and can be used 3407 in check_compat). 3408 The macro ${deliveryMode} now specifies the current delivery mode 3409 sendmail is using instead of the value of the DeliveryMode 3410 option. 3411 New macro ${ntries} holds the number of delivery attempts. 3412 Drop explicit From: if same as what would be generated only if it is 3413 a local address. From Motonori Nakamura of Kyoto University. 3414 Write pid to file also if sendmail only processes the queue. 3415 Proposed by Roy J. Mongiovi of Georgia Tech. 3416 Log "low on disk space" only when necessary. 3417 New macro ${load_avg} can be used to check the current load average. 3418 Suggested by Scott Gifford of The Internet Ramp. 3419 Return-Receipt-To: header implies DSN request if option RrtImpliesDsn 3420 is set. 3421 Flag -S for maps to specify the character which is substituted 3422 for spaces (instead of the default given by O BlankSub). 3423 Flag -D for maps: perform no lookup in deferred delivery mode. 3424 This flag is set by default for the host map. Based on a 3425 proposal from Ian MacPhedran of the University of Saskatchewan. 3426 Open maps only on demand, not at startup. 3427 Log warning about unsupported IP address families. 3428 New option MaxHeadersLength allows to specify a maximum length 3429 of the sum of all headers. This can be used to prevent 3430 a denial-of-service attack. 3431 New option MaxMimeHeaderLength which limits the size of MIME 3432 headers and parameters within those headers. This option 3433 is intended to protect mail user agents from buffer 3434 overflow attacks. 3435 Added option MaxAliasRecursion to specify the maximum depth of 3436 alias recursion. 3437 New flag F=6 for mailers to strip headers to seven bit. 3438 Map type syslog to log the key via syslogd. 3439 Entries in the alias file can be continued by putting a backslash 3440 directly before the newline. 3441 New option DeadLetterDrop to define the location of the system-wide 3442 dead.letter file, formerly hardcoded to 3443 /usr/tmp/dead.letter. If this option is not set (the 3444 default), sendmail will not attempt to save to a 3445 system-wide dead.letter file if it can not bounce the mail 3446 to the user nor postmaster. Instead, it will rename the qf 3447 file as it has in the past when the dead.letter file 3448 could not be opened. 3449 New option PidFile to define the location of the pid file. The 3450 value of this option is macro expanded. 3451 New option ProcessTitlePrefix specifies a prefix string for the 3452 process title shown in 'ps' listings. 3453 New macros for use with the PidFile and ProcessTitlePrefix options 3454 (along with the already existing macros): 3455 ${daemon_info} Daemon information, e.g. 3456 SMTP+queueing@00:30:00 3457 ${daemon_addr} Daemon address, e.g., 0.0.0.0 3458 ${daemon_family} Daemon family, e.g., inet, inet6, etc. 3459 ${daemon_name} Daemon name, e.g., MSA. 3460 ${daemon_port} Daemon port, e.g., 25 3461 ${queue_interval} Queue run interval, e.g., 00:30:00 3462 New macros especially for virtual hosting: 3463 ${if_name} hostname of interface of incoming connection. 3464 ${if_addr} address of interface of incoming connection. 3465 The latter is only set if the interface does not belong to the 3466 loopback net. 3467 If a message being accepted via a method other than SMTP and 3468 would be rejected by a header check, do not send the message. 3469 Suggested by Phil Homewood of Mincom Pty Ltd. 3470 Don't strip comments for header checks if $>+ is used instead of $>. 3471 Provide header value as quoted string in the macro 3472 ${currHeader} (possibly truncated to MAXNAME). Suggested by 3473 Jan Krueger of Unix-AG of University of Hannover. 3474 The length of the header value is stored in ${hdrlen}. 3475 H*: allows to specify a default ruleset for header checks. This 3476 ruleset will only be called if the individual header does 3477 not have its own ruleset assigned. Suggested by Jan 3478 Krueger of Unix-AG of University of Hannover. 3479 The name of the header field stored in ${hdr_name}. 3480 Comments (i.e., text within parentheses) in rulesets are not 3481 removed if the config file version is greater than or equal 3482 to 9. For example, "R$+ ( 1 ) $@ 1" matches the 3483 input "token (1)" but does not match "token". 3484 Avoid removing the Content-Transfer-Encoding MIME header on 3485 MIME messages. Problem noted by Sigurbjorn B. Larusson of 3486 Multimedia Consumer Services. Fix from Per Hedeland of 3487 Ericsson. 3488 Avoid duplicate Content-Transfer-Encoding MIME header on 3489 messages with 8-bit text in headers. Problem noted by 3490 Per Steinar Iversen of Oslo College. Fix from Per Hedeland 3491 of Ericsson. 3492 Avoid keeping maps locked longer than necessary when re-opening a 3493 modified database map file. Problem noted by Chris Adams 3494 of Renaissance Internet Services. 3495 Resolving to the $#error mailer with a temporary failure code (e.g., 3496 $#error $@ tempfail $: "400 Temporary failure") will now 3497 queue up the message instead of bouncing it. 3498 Be more liberal in acceptable responses to an SMTP RSET command as 3499 standard does not provide any indication of what to do when 3500 something other than 250 is received. Based on a patch 3501 from Steve Schweinhart of America Online. 3502 New option TrustedUser allows to specify a user who can own 3503 important files instead of root. This requires HASFCHOWN. 3504 Fix USERDB conditional so compiling with NEWDB or HESIOD and 3505 setting USERDB=0 works. Fix from Jorg Zanger of Schock. 3506 Fix another instance (similar to one in 8.9.3) of a network failure 3507 being mis-logged as "Illegal Seek" instead of whatever 3508 really went wrong. From John Beck of Sun Microsystems. 3509 $? tests also whether the macro is non-null. 3510 Print an error message if a mailer definition contains an invalid 3511 equate name. 3512 New mailer equate /= to specify a directory to chroot() into before 3513 executing the mailer program. Suggested by Igor Vinokurov. 3514 New mailer equate W= to specify the maximum time to wait for the 3515 mailer to return after sending all data to it. 3516 Only free memory from the process list when adding a new process 3517 into a previously filled slot. Previously, the memory was 3518 freed at removal time. Since removal can happen in a 3519 signal handler, this may leave the memory map in an 3520 inconsistent state. Problem noted by Jeff A. Earickson and 3521 David Cooley of Colby College. 3522 When using the UserDB @hostname catch-all, do not try to lookup 3523 local users in the passwd file. The UserDB code has 3524 already decided the message will be passed to another host 3525 for processing. Fix from Tony Landells of Burdett 3526 Buckeridge Young Limited. 3527 Support LDAP authorization via either a file containing the 3528 password or Kerberos V4 using the new map options 3529 '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The 3530 distinguished_name is who to login as. The method can be 3531 one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or 3532 LDAP_AUTH_KRBV4. The filename is the file containing the 3533 secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos 3534 ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense 3535 of Stanford University. 3536 The ldapx map has been renamed to ldap. The use of ldapx is 3537 deprecated and will be removed in a future version. 3538 If the result of an LDAP search returns a multi-valued attribute 3539 and the map has the column delimiter set, it turns that 3540 response into a delimiter separated string. The LDAP map 3541 will traverse multiple entries as well. LDAP alias maps 3542 automatically set the column delimiter to the comma. 3543 Based on patch from Booker Bense of Stanford University and 3544 idea from Philip A. Prindeville of Mirapoint, Inc. 3545 Support return of multiple values for a single LDAP lookup. The 3546 values to be returned should be in a comma separated string. 3547 For example, `-v "email,emailother"'. Patch from 3548 Curtis W. Hillegas of Princeton University. 3549 Allow the use of LDAP for alias maps. 3550 If no LDAP attributes are specified in an LDAP map declaration, all 3551 attributes found in the match will be returned. 3552 Prevent commas in quoted strings in the AliasFile value from 3553 breaking up a single entry into multiple entries. This is 3554 needed for LDAP alias file specifications to allow for 3555 comma separated key and value strings. 3556 Keep connections to LDAP server open instead of opening and closing 3557 for each lookup. To reduce overhead, sendmail will cache 3558 connections such that multiple maps which use the same 3559 host, port, bind DN, and authentication will only result in 3560 a single connection to that host. 3561 Put timeout in the proper place for USE_LDAP_INIT. 3562 Be more careful about checking for errors and freeing memory on 3563 LDAP lookups. 3564 Use asynchronous LDAP searches to save memory and network 3565 resources. 3566 Do not copy LDAP query results if the map's match only flag is set. 3567 Increase portability to the Netscape LDAP libraries. 3568 Change the parsing of the LDAP filter specification. '%s' is still 3569 replaced with the literal contents of the map lookup key -- 3570 note that this means a lookup can be done using the LDAP 3571 special characters. The new '%0' token can be used instead 3572 of '%s' to encode the key buffer according to RFC 2254. 3573 For example, if the LDAP map specification contains '-k 3574 "(user=%s)"' and a lookup is done on "*", this would be 3575 equivalent to '-k "(user=*)"' -- matching ANY record with a 3576 user attribute. Instead, if the LDAP map specification 3577 contains '-k "(user=%0)"' and a lookup is done on "*", this 3578 would be equivalent to '-k "(user=\2A)"' -- matching a user 3579 with the name "*". 3580 New LDAP map flags: "-1" requires a single match to be returned, if 3581 more than one is returned, it is equivalent to no records 3582 being found; "-r never|always|search|find" sets the LDAP 3583 alias dereference option; "-Z size" limits the number of 3584 matches to return. 3585 New option LDAPDefaultSpec allows a default map specification for 3586 LDAP maps. The value should only contain LDAP specific 3587 settings such as "-h host -p port -d bindDN", etc. The 3588 settings will be used for all LDAP maps unless they are 3589 specified in the individual map specification ('K' 3590 command). This option should be set before any LDAP maps 3591 are defined. 3592 Prevent an NDBM alias file opening loop when the NDBM open 3593 continually fails. Fix from Roy J. Mongiovi of Georgia 3594 Tech. 3595 Reduce memory utilization for smaller symbol table entries. In 3596 particular, class entries get much smaller, which can be 3597 important if you have large classes. 3598 On network-related temporary failures, record the hostname which 3599 gave error in the queued status message. Requested by 3600 Ulrich Windl of the Universitat Regensburg. 3601 Add new F=% mailer flag to allow for a store and forward 3602 configuration. Mailers which have this flag will not attempt 3603 delivery on initial receipt of a message or on queue runs 3604 unless the queued message is selected using one of the 3605 -qI/-qR/-qS queue run modifiers or an ETRN request. Code 3606 provided by Philip Guenther of Gustavus Adolphus College. 3607 New option ControlSocketName which, when set, creates a daemon 3608 control socket. This socket allows an external program to 3609 control and query status from the running sendmail daemon 3610 via a named socket, similar to the ctlinnd interface to the 3611 INN news server. Access to this interface is controlled by 3612 the UNIX file permissions on the named socket on most UNIX 3613 systems (see sendmail/README for more information). An 3614 example control program is provided as contrib/smcontrol.pl. 3615 Change the default values of QueueLA from 8 to (8 * numproc) and 3616 RefuseLA from 12 to (12 * numproc) where numproc is the 3617 number of processors online on the system (if that can be 3618 determined). For single processor machines, this change 3619 has no effect. 3620 Don't return body of message to postmaster on "Too many hops" bounces. 3621 Based on fix from Motonori Nakamura of Kyoto University. 3622 Give more detailed DSN descriptions for some cases. Patch from 3623 Motonori Nakamura of Kyoto University. 3624 Logging of alias, forward file, and UserDB expansion now happens 3625 at LogLevel 11 or higher instead of 10 or higher. 3626 Logging of an envelope's complete delivery (the "done" message) now 3627 happens at LogLevel 10 or higher instead of 11 or higher. 3628 Logging of TCP/IP or UNIX standard input connections now happens at 3629 LogLevel 10 or higher. Previously, only TCP/IP connections 3630 were logged, and on at LogLevel 12 or higher. Setting 3631 LogLevel to 10 will now assist users in tracking frequent 3632 connection-based denial of service attacks. 3633 Log basic information about authenticated connections at LogLevel 3634 10 or higher. 3635 Log SMTP Authentication mechanism and author when logging the sender 3636 information (from= syslog line). 3637 Log the DSN code for each recipient if one is available as a new 3638 equate (dsn=). 3639 Macro expand PostmasterCopy and DoubleBounceAddress options. 3640 New "ph" map for performing ph queries in rulesets, see 3641 sendmail/README for details. Contributed by Mark Roth 3642 of the University of Illinois at Urbana-Champaign. 3643 Detect temporary lookup failures in the host map if looking up a 3644 bracketed IP address. Problem noted by Kari Hurtta of the 3645 Finnish Meteorological Institute. 3646 Do not report a Remote-MTA on local deliveries. Problem noted by 3647 Kari Hurtta of the Finnish Meteorological Institute. 3648 When a forward file points to an alias which runs a program, run 3649 the program as the default user and the default group, not 3650 the forward file user. This change also assures the 3651 :include: directives in aliases are also processed using 3652 the default user and group. Problem noted by Sergiu 3653 Popovici of DNT Romania. 3654 Prevent attempts to save a dead.letter file for a user with 3655 no home directory (/no/such/directory). Problem noted by 3656 Michael Brown of Finnigan FT/MS. 3657 Include message delay and number of tries when logging that a 3658 message has been completely delivered (LogLevel of 10 or 3659 above). Suggested by Nick Hilliard of Ireland Online. 3660 Log the sender of a message even if none of the recipients were 3661 accepted. If some of the recipients were rejected, it is 3662 helpful to know the sender of the message. 3663 Check the root directory (/) when checking a path for safety. 3664 Problem noted by John Beck of Sun Microsystems. 3665 Prevent multiple responses to the DATA command if DeliveryMode is 3666 interactive and delivering to an alias which resolves to 3667 multiple files. 3668 Macros in the helpfile are expanded if the helpfile version is 2 or 3669 greater (see below); the help function doesn't print the 3670 version of sendmail any longer, instead it is placed in 3671 the helpfile ($v). Suggested by Chuck Foster of UUNET 3672 PIPEX. Additionally, comment lines (starting with #) are 3673 skipped and a version line (#vers) is introduced. The 3674 helpfile version for 8.10.0 is 2, if no version or an older 3675 version is found, a warning is logged. The '#vers' 3676 directive should be placed at the top of the help file. 3677 Use fsync() when delivering to a file to guarantee the delivery to 3678 disk succeeded. Suggested by Nick Christenson. 3679 If delivery to a file is unsuccessful, truncate the file back to its 3680 length before the attempt. 3681 If a forward points to a filename for delivery, change to the 3682 user's uid before checking permissions on the file. This 3683 allows delivery to files on NFS mounted directories where 3684 root is remapped to nobody. Problem noted by Harald 3685 Daeubler of Universitaet Ulm. 3686 purgestat and sendmail -bH purge only expired (Timeout.hoststatus) 3687 host status files, not all files. 3688 Any macros stored in the class $={persistentMacros} will be saved 3689 in the queue file for the message and set when delivery 3690 is attempted on the queued item. Suggested by Kyle Jones of 3691 Wonderworks Inc. 3692 Add support for storing information between rulesets using the new 3693 macro map class. This can be used to store information 3694 between queue runs as well using $={persistentMacros}. 3695 Based on an idea from Jan Krueger of Unix-AG of University 3696 of Hannover. 3697 New map class arith to allow for computations in rules. The 3698 operation (+, -, *, /, l (for less than), and =) is given 3699 as key. The two operands are specified as arguments; the 3700 lookup returns the result of the computation. For example, 3701 "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and 3702 "$(arith + $@ 4 $@ 2 $)" will return "6". 3703 Add new syntax for header declarations which decide whether to 3704 include the header based on a macro rather than a mailer 3705 flag: 3706 H?${MyMacro}?X-My-Header: ${MyMacro} 3707 This should be used along with $={persistentMacros}. 3708 It can be used for adding headers to a message based on 3709 the results of check_* and header check rulesets. 3710 Allow new named config file rule check_eoh which is called after 3711 all of the headers have been collected. The input to the 3712 ruleset the number of headers and the size of all of the 3713 headers in bytes separated by $|. This ruleset along with 3714 the macro storage map can be used to correlate information 3715 gathered between headers and to check for missing headers. 3716 See cf/README or doc/op/op.ps for an example. 3717 Change the default for the MeToo option to True to correspond 3718 to the clarification in the DRUMS SMTP Update spec. This 3719 option is deprecated and will be removed from a future 3720 version. 3721 Change the sendmail binary default for SendMimeErrors to True. 3722 Change the sendmail binary default for SuperSafe to True. 3723 Display ruleset names in debug and address test mode output 3724 if referencing a named ruleset. 3725 New mailer equate m= which will limit the number of messages 3726 delivered per connection on an SMTP or LMTP mailer. 3727 Improve QueueSortOrder=Host by reversing the hostname before 3728 using it to sort. Now all the same domains are really run 3729 through the queue together. If they have the same MX host, 3730 then they will have a much better opportunity to use the 3731 connection cache if available. This should be a reasonable 3732 performance improvement. Patch from Randall Winchester of 3733 the University of Maryland. 3734 If a message is rejected by a header check ruleset, log who would 3735 have received the message if it had not been rejected. 3736 New "now" value for Timeout.queuereturn to bounce entries from the 3737 queue immediately. No delivery attempt is made. 3738 Increase sleeping time exponentially after too many "bad" commands 3739 up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}- 3740 COMMANDS). 3741 New option ClientPortOptions similar to DaemonPortOptions 3742 but for outgoing connections. 3743 New suboptions for DaemonPortOptions: Name (a name used for 3744 error messages and logging) and Modifiers, i.e. 3745 a require authentication 3746 b bind to interface through which mail has 3747 been received 3748 c perform hostname canonification 3749 f require fully qualified hostname 3750 h use name of interface for outgoing HELO 3751 command 3752 C don't perform hostname canonification 3753 E disallow ETRN (see RFC 2476) 3754 New suboption for ClientPortOptions: Modifiers, i.e. 3755 h use name of interface for HELO command 3756 The version number for queue files (qf) has been incremented to 4. 3757 Log unacceptable HELO/EHLO domain name attempts if LogLevel is set 3758 to 10 or higher. Suggested by Rick Troxel of the National 3759 Institutes of Health. 3760 If a mailer dies, print the status in decimal instead of octal 3761 format. Suggested by Michael Shapiro of Sun Microsystems. 3762 Limit the length of all MX records considered for delivery to 8k. 3763 Move message priority from sender to recipient logging. Suggested by 3764 Ulrich Windl of the Universitat Regensburg. 3765 Add support for Berkeley DB 3.X. 3766 Add fix for Berkeley DB 2.X fcntl() locking race condition. 3767 Requires a post-2.7.5 version of Berkeley DB. 3768 Support writing traffic log (sendmail -X option) to a FIFO. 3769 Patch submitted by Rick Heaton of Network Associates, Inc. 3770 Do not ignore Timeout settings in the .cf file when a Timeout 3771 sub-options is set on the command line. Problem noted by 3772 Graeme Hewson of Oracle. 3773 Randomize equal preference MX records each time delivery is 3774 attempted via a new connection to a host instead of once per 3775 session. Suggested by Scott Salvidio of Compaq. 3776 Implement enhanced status codes as defined by RFC 2034. 3777 Add [hostname] to class w for the names of all interfaces unless 3778 DontProbeInterfaces is set. This is useful for sending mails 3779 to hosts which have dynamically assigned names. 3780 If a message is bounced due to bad MIME conformance, avoid bouncing 3781 the bounce for the same reason. If the body is not 8-bit 3782 clean, and EightBitMode isn't set to pass8, the body will 3783 not be included in the bounce. Problem noted by Valdis 3784 Kletnieks of Virginia Tech. 3785 The timeout for sending a message via SMTP has been changed from 3786 '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which 3787 simply checks for progress on sending data every 5 minutes. 3788 This will detect the inability to send information quicker 3789 and reduce the number of processes simply waiting to 3790 timeout. 3791 Prevent a segmentation fault on systems which give a partial filled 3792 interface address structure when loading the system network 3793 interface addresses. Fix from Reinier Bezuidenhout of 3794 Nanoteq. 3795 Add a compile-time configuration macro, MAXINTERFACES, which 3796 indicates the number of interfaces to read when probing 3797 for hostnames and IP addresses for class w ($=w). The 3798 default value is 512. Based on idea from Reinier 3799 Bezuidenhout of Nanoteq. 3800 If the RefuseLA option is set to 0, do not reject connections based 3801 on load average. 3802 Allow ruleset 0 to have a name. Problem noted by Neil Rickert of 3803 Northern Illinois University. 3804 Expand the Return-Path: header at delivery time, after "owner-" 3805 envelope splitting has occurred. 3806 Don't try to sort the queue if there are no entries. Patch from 3807 Luke Mewburn from RMIT University. 3808 Add a "/quit" command to address test mode. 3809 Include the proper sender in the UNIX "From " line and Return-Path: 3810 header when undeliverable mail is saved to ~/dead.letter. 3811 Problem noted by Kari Hurtta of the Finnish Meteorological 3812 Institute. 3813 The contents of a class can now be copied to another class using 3814 the syntax: "C{Dest} $={Source}". This would copy all of 3815 the items in class $={Source} into the class $={Dest}. 3816 Include original envelope's error transcript in bounces created for 3817 split (owner-) envelopes to see the original errors when 3818 the recipients were added. Based on fix from Motonori 3819 Nakamura of Kyoto University. 3820 Show reason for permanent delivery errors directly after the 3821 addresses. From Motonori Nakamura of Kyoto University. 3822 Prevent a segmentation fault when bouncing a split-envelope 3823 message. Patch from Motonori Nakamura of Kyoto University. 3824 If the specification for the queue run interval (-q###) has a 3825 syntax error, consider the error fatal and exit. 3826 Pay attention to CheckpointInterval during LMTP delivery. Problem 3827 noted by Motonori Nakamura of Kyoto University. 3828 On operating systems which have setlogin(2), use it to set the 3829 login name to the RunAsUserName when starting as a daemon. 3830 This is for delivery to programs which use getlogin(). 3831 Based on fix from Motonori Nakamura of Kyoto University. 3832 Differentiate between "command not implemented" and "command 3833 unrecognized" in the SMTP dialogue. 3834 Strip returns from forward and include files. Problem noted by 3835 Allan E Johannesen of Worcester Polytechnic Institute. 3836 Prevent a core dump when using 'sendmail -bv' on an address which 3837 resolves to the $#error mailer with a temporary failure. 3838 Based on fix from Neil Rickert of Northern Illinois 3839 University. 3840 Prevent multiple deliveries of a message with a "non-local alias" 3841 pointing to a local user, if canonicalization fails 3842 the message was requeued *and* delivered to the alias. 3843 If an invalid ruleset is declared, the ruleset name could be 3844 ignored and its rules added to S0. Instead, ignore the 3845 ruleset lines as well. 3846 Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient 3847 success DSN fields as well as duplicate entries for a 3848 single address due to S5 and UserDB processing. Problems 3849 noted by Kari Hurtta of the Finnish Meteorological 3850 Institute. 3851 Turn off timeouts when exiting sendmail due to an interrupt signal 3852 to prevent the timeout from firing during the exit process. 3853 Problem noted by Michael Shapiro of Sun Microsystems. 3854 Do not append @MyHostName to non-RFC822 addresses output by the EXPN 3855 command or on Final-Recipient: and X-Actual-Recipient: DSN 3856 headers. Non-RFC822 addresses include deliveries to 3857 programs, file, DECnet, etc. 3858 Fix logic for determining if a local user is using -f or -bs to 3859 spoof their return address. Based on idea from Neil Rickert 3860 of Northern Illinois University and patch from Per Hedeland 3861 of Ericsson. 3862 Report the proper UID in the bounce message if an :include: file is 3863 owned by a uid that doesn't map to a username and the 3864 :include: file contains delivery to a file or program. 3865 Problem noted by John Beck of Sun Microsystems. 3866 Avoid the attempt of trying to send a second SMTP QUIT command if 3867 the remote server responds to the first QUIT with a 4xx 3868 response code and drops the connection. This behavior was 3869 noted by Ulrich Windl of the Universitat Regensburg when 3870 sendmail was talking to the Mercury 1.43 MTA. 3871 If a hostname lookup times out and ServiceSwitchFile is set but the 3872 file is not present, the lookup failure would be marked as 3873 a permanent failure instead of a temporary failure. Fix 3874 from Russell King of the ARM Linux Project. 3875 Handle aliases or forwards which deliver to programs using tabs 3876 instead of spaces between arguments. Problem noted by Randy 3877 Wormser. Fix from Neil Rickert of Northern Illinois 3878 University. 3879 Allow MaxRecipientsPerMessage option to be set on the command line 3880 by normal users (e.g., sendmail won't drop its root 3881 privileges) to allow overrides for message submission via 3882 'sendmail -bs'. 3883 Set the names for help file and statistics file to "helpfile" and 3884 "statistics", respectively, if no parameters are given for 3885 them in the .cf file. 3886 Avoid bogus 'errbody: I/O Error -7' log messages when sending 3887 success DSN messages for messages relayed to non-DSN aware 3888 systems. Problem noted by Juergen Georgi of RUS University 3889 of Stuttgart and Kyle Tucker of Parexel International. 3890 Prevent +detail information from interfering with local delivery to 3891 multiple users in the same transaction (F=m). 3892 Add H_FORCE flag for the X-Authentication-Warning: header, so it 3893 will be added even if one already exists. Problem noted 3894 by Michal Zalewski of Marchew Industries. 3895 Stop processing SMTP commands if the SMTP connection is dropped. 3896 This prevents a remote system from flooding the connection 3897 with commands and then disconnecting. Previously, the 3898 server would process all of the buffered commands. Problem 3899 noted by Michal Zalewski of Marchew Industries. 3900 Properly process user-supplied headers beginning with '?'. Problem 3901 noted by Michal Zalewski of Marchew Industries. 3902 If multiple header checks resolve to the $#error mailer, use the 3903 last permanent (5XX) failure if any exist. Otherwise, use 3904 the last temporary (4XX) failure. 3905 RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch 3906 from Ronald F. Guilmette of Infinite Monkeys & Co. 3907 Timeout.ident now defaults to 5 seconds instead of 30 seconds to 3908 prevent the now common delays associated with mailing to a 3909 site which drops IDENT packets. Suggested by many. 3910 Persistent host status data is not reloaded disk when current data 3911 is available in the in-memory cache. Problem noted by Per 3912 Hedeland of Ericsson. 3913 mailq displays unprintable characters in addresses as their octal 3914 representation and a leading backslash. This avoids problems 3915 with "unprintable" characters. Problem noted by Michal 3916 Zalewski of the "Internet for Schools" project (IdS). 3917 The mail line length limit (L= equate) was adding the '!' indicator 3918 one character past the limit. This would cause subsequent 3919 hops to break the line again. The '!' is now placed in 3920 the last column of the limit if the line needs to be broken. 3921 Problem noted by Joe Pruett of Q7 Enterprises. Based on fix 3922 from Per Hedeland of Ericsson. 3923 If a resolver ANY query is larger than the UDP packet size, the 3924 resolver will fall back to TCP. However, some 3925 misconfigured firewalls black 53/TCP so the ANY lookup 3926 fails whereas an MX or A record might succeed. Therefore, 3927 don't fail on ANY queries. 3928 If an SMTP recipient is rejected due to syntax errors in the 3929 address, do not send an empty postmaster notification DSN 3930 to the postmaster. Problem noted by Neil Rickert of 3931 Northern Illinois University. 3932 Allow '_' and '.' in map names when parsing a sequence map 3933 specification. Patch from William Setzer of North Carolina 3934 State University. 3935 Fix hostname in logging of read timeouts for the QUIT command on 3936 cached connections. Problem noted by Neil Rickert of 3937 Northern Illinois University. 3938 Use a more descriptive entry to log "null" connections, i.e., 3939 "host did not issue MAIL/EXPN/VRFY/ETRN during connection". 3940 Fix a file descriptor leak in ONEX mode. 3941 Portability: 3942 Reverse signal handling logic such that sigaction(2) with 3943 the SA_RESTART flag is the preferred method and the 3944 other signal methods are only tried if SA_RESTART 3945 is not available. Problem noted by Allan E 3946 Johannesen of Worcester Polytechnic Institute. 3947 AIX 4.x supports the sa_len member of struct sockaddr. 3948 This allows network interface probing to work 3949 properly. Fix from David Bronder of the 3950 University of Iowa. 3951 AIX 4.3 has snprintf() support. 3952 Use "PPC" as the architecture name when building under 3953 AIX. This will be reflected in the obj.* directory 3954 name. 3955 Apple Darwin support based on Apple Rhapsody port. 3956 Fixed AIX 'make depend' method from Valdis Kletnieks of 3957 Virginia Tech. 3958 Digital UNIX has uname(2). 3959 GNU Hurd updates from Mark Kettenis of the University of 3960 Amsterdam. 3961 Improved HPUX 11.0 portability. 3962 Properly determine the number of CPUs on FreeBSD 2.X, 3963 FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X. 3964 Remove special IRIX ABI cases from Build script and the OS 3965 files. Use the standard 'cc' options used by SGI 3966 in building the operating system. Users can 3967 override the defaults by setting confCC and 3968 confLIBSEARCHPATH appropriately. 3969 IRIX nsd map support from Bob Mende of SGI. 3970 Minor devtools fixes for IRIX from Bob Mende of SGI. 3971 Linux patch for IP_SRCROUTE support from Joerg Dorchain 3972 of MW EDV & ELECTRONIC. 3973 Linux now uses /usr/sbin for confEBINDIR in the build 3974 system. From MATSUURA Takanori of Osaka University. 3975 Remove special treatment for Linux PPC in the build 3976 system. From MATSUURA Takanori of Osaka University. 3977 Motorolla UNIX SYSTEM V/88 Release 4.0 support from 3978 Sergey Rusanov of the Republic of Udmurtia. 3979 NCR MP-RAS 3.x includes regular expression support. From 3980 Tom J. Moore of NCR. 3981 NEC EWS-UX/V series settings for _PATH_VENDOR_CF and 3982 _PATH_SENDMAILPID from Oota Toshiya of 3983 NEC Computers Group Planning Division. 3984 Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D. 3985 NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and 3986 1024 in conf.h. Since confENVDEF would be used, 3987 use that value in conf.h. 3988 Use NeXT's NETINFO to get domain name. From Gerd Knops of 3989 BITart Consulting. 3990 Use NeXT's NETINFO for alias and hostname resolution if 3991 AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are 3992 defined. Patch from Wilfredo Sanchez of Apple 3993 Computer, Inc. 3994 NeXT portability tweaks. Problems reported by Dragan 3995 Milicic of the University of Utah and J. P. McCann 3996 of E I A. 3997 New compile flag FAST_PID_RECYCLE: set this if your system 3998 can reuse the same PID in the same second. 3999 New compile flag HASFCHOWN: set this if your OS has 4000 fchown(2). 4001 New compile flag HASRANDOM: set this to 0 if your OS does 4002 not have random(3). rand() will be used instead. 4003 New compile flag HASSRANDOMDEV: set this if your OS has 4004 srandomdev(3). 4005 New compile flag HASSETLOGIN: set this if your OS has 4006 setlogin(2). 4007 Replace SINIX and ReliantUNIX support with version 4008 specific SINIX files. From Gerald Rinske of 4009 Siemens Business Services. 4010 Use the 60-second load average instead of the 5 second load 4011 average on Compaq Tru64 UNIX (formerly Digital 4012 UNIX). From Chris Teakle of the University of Qld. 4013 Use ANSI C by default for Compaq Tru64 UNIX. Suggested by 4014 Randall Winchester of Swales Aerospace. 4015 Correct setgroups() prototype for Compaq Tru64 UNIX. 4016 Problem noted by Randall Winchester of Swales 4017 Aerospace. 4018 Hitachi 3050R/3050RX and 3500 Workstations running 4019 HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori 4020 NAKAMURA of Kyoto University. 4021 New compile flag NO_GETSERVBYNAME: set this to disable 4022 use of getservbyname() on systems which can 4023 not lookup a service by name over NIS, such as 4024 HI-UX. Patch from Motonori NAKAMURA of Kyoto 4025 University. 4026 Use devtools/bin/install.sh on SCO 5.x. Problem noted 4027 by Sun Wenbing of the China Engineering and 4028 Technology Information Network. 4029 make depend didn't work properly on UNIXWARE 4.2. Problem 4030 noted by Ariel Malik of Netology, Ltd. 4031 Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 4032 Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD, 4033 and OpenBSD. 4034 A recent Compaq Ultrix 4.5 Y2K patch has broken detection 4035 of local_hostname_length(). See sendmail/README 4036 for more details. Problem noted by Allan E 4037 Johannesen of Worcester Polytechnic Institute. 4038 CONFIG: Begin using /etc/mail/ for sendmail related files. This 4039 affects a large number of files. See cf/README for more 4040 details. 4041 CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including 4042 trailing slash) for the mail settings directory. 4043 CONFIG: Increment version number of config file to 9. 4044 CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been 4045 deprecated and may be removed from a future release. 4046 BSD/OS users should begin using OSTYPE(`bsdi'). 4047 CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This 4048 requires a new OSTYPE(`openbsd'). From Todd C. Miller of 4049 Courtesan Consulting. 4050 CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X. 4051 CONFIG: A syntax error in check_mail would cause fake top-level 4052 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to 4053 be improperly rejected as unresolvable. 4054 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of 4055 DNS server, rejection message) and can be included 4056 multiple times. 4057 CONFIG: New FEATURE(`relay_mail_from') allows relaying if the 4058 mail sender is listed as RELAY in the access map (and tagged 4059 with From:). 4060 CONFIG: Optional tagging of LHS in the access map (Connect:, 4061 From:, To:) to enable finer control. 4062 CONFIG: New FEATURE(`ldap_routing') implements LDAP address 4063 routing. See cf/README for a complete description of the 4064 new functionality. 4065 CONFIG: New variables for the new sendmail options: 4066 confAUTH_MECHANISMS AuthMechanisms 4067 confAUTH_OPTIONS AuthOptions 4068 confCLIENT_OPTIONS ClientPortOptions 4069 confCONTROL_SOCKET_NAME ControlSocketName 4070 confDEAD_LETTER_DROP DeadLetterDrop 4071 confDEF_AUTH_INFO DefaultAuthInfo 4072 confDF_BUFFER_SIZE DataFileBufferSize 4073 confLDAP_DEFAULT_SPEC LDAPDefaultSpec 4074 confMAX_ALIAS_RECURSION MaxAliasRecursion 4075 confMAX_HEADERS_LENGTH MaxHeadersLength 4076 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 4077 confPID_FILE PidFile 4078 confPROCESS_TITLE_PREFIX ProcessTitlePrefix 4079 confRRT_IMPLIES_DSN RrtImpliesDsn 4080 confTO_CONTROL Timeout.control 4081 confTO_RESOLVER_RETRANS Timeout.resolver.retrans 4082 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 4083 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 4084 confTO_RESOLVER_RETRY Timeout.resolver.retry 4085 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 4086 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 4087 confTRUSTED_USER TrustedUser 4088 confXF_BUFFER_SIZE XscriptFileBufferSize 4089 CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(), 4090 which takes the options as argument and can be used 4091 multiple times; see cf/README for details. 4092 CONFIG: Add a fifth mailer definition to MAILER(`smtp') called 4093 "dsmtp". This mail provides on-demand delivery using the 4094 F=% mailer flag described above. The "dsmtp" mailer 4095 definition uses the new DSMTP_MAILER_ARGS which defaults 4096 to "IPC $h". 4097 CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS, 4098 and RELAY_MAILER_MAXMSGS for setting the m= equate for the 4099 local, smtp, and relay mailers respectively. 4100 CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting 4101 the DSN Diagnostic-Code type for the local mailer. The 4102 value should be changed with care. 4103 CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type 4104 for the local mailer to the proper value of "SMTP". 4105 CONFIG: All included maps are no longer optional by default; if 4106 there there is a problem with a map, sendmail will 4107 complain. 4108 CONFIG: Removed root from class E; use EXPOSED_USER(`root') 4109 to get the old behavior. Suggested by Joe Pruett 4110 of Q7 Enterprises. 4111 CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which 4112 will not be masqueraded. Proposed by Arne Wichmann 4113 of MPI Saarbruecken, Griff Miller of PGS Tensor, 4114 Jayme Cox of Broderbund Software Inc. 4115 CONFIG: A list of exceptions for FEATURE(`nocanonify') can be 4116 specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 4117 i.e., a list of domains which are passed to $[ ... $] 4118 for canonification. Based on an idea from Neil Rickert 4119 of Northern Illinois University. 4120 CONFIG: If `canonify_hosts' is specified as parameter for 4121 FEATURE(`nocanonify') then addresses which have only 4122 a hostname, e.g., <user@host>, will be canonified. 4123 CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is 4124 nevertheless added to addresses with more than one component 4125 in it. 4126 CONFIG: Canonification is no longer attempted for any host or domain 4127 in class 'P' ($=P). 4128 CONFIG: New class for matching virtusertable entries $={VirtHost} that 4129 can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE. 4130 FEATURE(`virtuser_entire_domain') can be used to apply this 4131 class also to entire subdomains. Hosts in this class are 4132 treated as canonical in SCanonify2, i.e., a trailing dot 4133 is added. 4134 CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used, 4135 include $={VirtHost} in $=R (hosts allowed to relay). 4136 CONFIG: FEATURE(`generics_entire_domain') can be used to apply the 4137 genericstable also to subdomains of $=G. 4138 CONFIG: Pass "+detail" as %2 for virtusertable lookups. 4139 Patch from Noam Freedman from University of Chicago. 4140 CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested 4141 by Raymond S Brand of rsbx.net. 4142 CONFIG: Allow @domain in genericstable to override masquerading. 4143 Suggested by Owen Duffy from Owen Duffy & Associates. 4144 CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve 4145 Hubert of University of Washington. 4146 CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as 4147 GNU is now the canonical system name. From Mark 4148 Kettenis of the University of Amsterdam. 4149 CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman. 4150 CONFIG: Do not include '=' in option expansion if there is no value 4151 associated with the option. From Andrew Brown of 4152 Graffiti World Wide, Inc. 4153 CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed 4154 by Philip A. Prindeville of Enteka Enterprise Technology 4155 Services. 4156 CONFIG: MAILER(`cyrus') was not preserving case for mail folder 4157 names. Problem noted by Randall Winchester of Swales 4158 Aerospace. 4159 CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags 4160 for the relay mailer. Suggested by Doug Hughes of Auburn 4161 University and Brian Candler. 4162 CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path: 4163 header) by default. Suggested by Per Hedeland of Ericsson. 4164 CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host]. 4165 Suggested by Kari Hurtta of the Finnish Meteorological 4166 Institute. 4167 CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS; 4168 i.e., to set, add, or delete flags. 4169 CONFIG: If SMTP AUTH is used then relaying is allowed for any user 4170 who authenticated via a "trusted" mechanism, i.e., one that 4171 is defined via TRUST_AUTH_MECH(`list of mechanisms'). 4172 CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay 4173 after check_rcpt and allows for exceptions from the checks. 4174 CONFIG: Map declarations have been moved into their associated 4175 feature files to allow greater flexibility in use of 4176 sequence maps. Suggested by Per Hedeland of Ericsson. 4177 CONFIG: New macro LOCAL_MAILER_EOL to override the default end of 4178 line string for the local mailer. Requested by Il Oh of 4179 Willamette Industries, Inc. 4180 CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is 4181 converted to <user@d> 4182 CONFIG: Reject bogus return address of <@@hostname>, generated by 4183 Sun's older, broken configuration files. 4184 CONFIG: FEATURE(`nullclient') now provides the full rulesets of a 4185 normal configuration, allowing anti-spam checks to be 4186 performed. 4187 CONFIG: Don't return a permanent error (Relaying denied) if 4188 ${client_name} can't be resolved just temporarily. 4189 Suggested by Kari Hurtta of the Finnish Meteorological 4190 Institute. 4191 CONFIG: Change numbered rulesets into named (which still can 4192 be accessed by their numbers). 4193 CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial 4194 which describes whether to disallow "!" in the local part 4195 of an address. 4196 CONFIG: Call Local_localaddr from localaddr (S5) which can be used 4197 to rewrite an address from a mailer which has the F=5 flag 4198 set. If the ruleset returns a mailer, the appropriate 4199 action is taken, otherwise the returned tokens are ignored. 4200 CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4 4201 and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4. 4202 The latter is kept around for backward compatibility. 4203 CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries, 4204 where "D.S.N" is an RFC 1893 compliant error code. 4205 CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 4206 CONFIG: Remove second space between username and date in UNIX From_ 4207 line. Noted by Allan E Johannesen of Worcester Polytechnic 4208 Institute. 4209 CONFIG: Make sure all of the mailers have complete T= equates. 4210 CONFIG: Extend FEATURE(`local_procmail') so it can now take 4211 arguments overriding the mailer program, arguments, and 4212 mailer definition flags. This makes it possible to use 4213 other programs such as maildrop for local delivery. 4214 CONFIG: Emit warning if FEATURE(`local_lmtp') or 4215 FEATURE(`local_procmail') is given after MAILER(`local'). 4216 Patch from Richard A. Nelson of IBM. 4217 CONFIG: Add SMTP Authentication information to Received: header 4218 default value (confRECEIVED_HEADER). 4219 CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a 4220 local mailer. Problem noted by Per Hedeland of Ericsson. 4221 CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the 4222 University of California at Berkeley. 4223 CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of 4224 Illinois at Urbana-Champaign. 4225 CONTRIB: etrn.pl now recognizes bogus host names. Patch from 4226 Bruce Barnett of GE's R&D Lab. 4227 CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle 4228 Corporation UK. 4229 CONTRIB: Added qtool.pl to assist in managing the queues. 4230 DEVTOOLS: Prevent user environment variables from interfering with 4231 the Build scripts. Problem noted by Ezequiel H. Panepucci of 4232 Yale University. 4233 DEVTOOLS: 'Build -M' will display the obj.* directory which will 4234 be used for building. 4235 DEVTOOLS: 'Build -A' will display the architecture that would be 4236 used for a fresh build. 4237 DEVTOOLS: New variable confRANLIB, set automatically by configure.sh. 4238 DEVTOOLS: New variable confRANLIBOPTS for the options to send to 4239 ranlib. 4240 DEVTOOLS: 'Build -O <path>' will have the object files build in 4241 <path>/obj.*. Suggested by Bryan Costales of Exactis. 4242 DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the 4243 building of the man pages when defined. Suggested by Bryan 4244 Costales. 4245 DEVTOOLS: New variables confNO_HELPFILE_INSTALL and 4246 confNO_STATISTICS_INSTALL which will prevent the 4247 installation of the sendmail helpfile and statistics file 4248 respectively. Suggested by Bryan Costales. 4249 DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske 4250 of Siemens Business Services. 4251 DEVTOOLS: New variable confSTDIO_TYPE which defines the type of 4252 stdio library. The new buffered file I/O depends on the 4253 Torek stdio library. This option can be either portable or 4254 torek. 4255 DEVTOOLS: New variables confSRCADD and confSMSRCADD which 4256 correspond to confOBJADD and confSMOBJADD respectively. 4257 They should contain the C source files for the object files 4258 listed in confOBJADD and confSMOBJADD. These file names 4259 will be passed to the 'make depend' stage of compilation. 4260 DEVTOOLS: New program specific variables for each of the programs 4261 in the sendmail distribution. Each has the form 4262 `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'. 4263 The new variables are conf_prog_ENVDEF, conf_prog_LIBS, 4264 conf_prog_SRCADD, and conf_prog_OBJADD. 4265 DEVTOOLS: Build system redesign. This should have little affect on 4266 building the distribution, but documentation on the changes 4267 are in devtools/README. 4268 DEVTOOLS: Don't allow 'Build -f file' if an object directory already 4269 exists. Suggested by Valdis Kletnieks of Virginia Tech. 4270 DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies 4271 the path to the sendmail source directory. confSRCDIR is a 4272 new variable which identifies the root of the source 4273 directories for all of the programs in the distribution. 4274 DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build 4275 time. They can both still be overridden by setting the m4 4276 macro. 4277 DEVTOOLS: confSBINGRP now defaults to bin instead of kmem. 4278 DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for 4279 build configurations, and places objects in obj.prefix.*/. 4280 Complains as 'Build -f file' does for existing object 4281 directories. Suggested by Tom Smith of Digital Equipment 4282 Corporation. 4283 DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted 4284 manual pages in the directory tree specified by 4285 confMANROOTMAN. 4286 DEVTOOLS: If formatting the manual pages fails, copy in the 4287 preformatted pages from the distribution. The new variable 4288 confCOPY specifies the copying program. 4289 DEVTOOLS: Defining confFORCE_RMAIL will install rmail without 4290 question. Suggested by Terry Lambert of Whistle 4291 Communications. 4292 DEVTOOLS: confSTFILE and confHFFILE can be used to change the names 4293 of the installed statistics and help files, respectively. 4294 DEVTOOLS: Remove spaces in `uname -r` output when determining 4295 operating system identity. Problem noted by Erik 4296 Wachtenheim of Dartmouth College. 4297 DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that 4298 will be search for the libraries specified in confLIBSEARCH. 4299 Defaults to "/lib /usr/lib /usr/shlib". 4300 DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying 4301 how to strip binaries. These are used by the new 4302 install-strip target. 4303 DEVTOOLS: New config file site.post.m4 which is included after 4304 the others (if it exists). 4305 DEVTOOLS: Change order of LIBS: first product specific libraries 4306 then the default ones. 4307 MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local 4308 as local delivery agent without LMTP mode, use 4309 MODIFY_MAILER_FLAGS(`LOCAL', `+S') 4310 to set the S flag. 4311 MAIL.LOCAL: Do not reject addresses which would otherwise be 4312 accepted by sendmail. Suggested by Neil Rickert of 4313 Northern Illinois University. 4314 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise 4315 8BITMIME in the LHLO response. Suggested by Kari Hurtta of 4316 the Finnish Meteorological Institute. 4317 MAIL.LOCAL: Add support for the maillock() routines by defining 4318 MAILLOCK when compiling. Also requires linking with 4319 -lmail. Patch from Neil Rickert of Northern Illinois 4320 University. 4321 MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is 4322 defined when compiling. Automatically set for Solaris 2.3 4323 and later. Patch from Neil Rickert of Northern Illinois 4324 University. 4325 MAIL.LOCAL: Move the initialization of the 'notifybiff' address 4326 structure to the beginning of the program. This ensures that 4327 the getservbyname() is done before any seteuid to a possibly 4328 unauthenticated user. If you are using NIS+ and secure RPC 4329 on a Solaris system, this avoids syslog messages such as, 4330 "authdes_refresh: keyserv(1m) is unable to encrypt session 4331 key." Patch from Neil Rickert of Northern Illinois 4332 University. 4333 MAIL.LOCAL: Support group writable mail spool files when MAILGID is 4334 set to the gid to use (-DMAILGID=6) when compiling. 4335 Patch from Neil Rickert of Northern Illinois University. 4336 MAIL.LOCAL: When a mail message included lines longer than 2046 4337 characters (in LMTP mode), mail.local split the incoming 4338 line up into 2046-character output lines (excluding the 4339 newline). If an input line was 2047 characters long 4340 (excluding CR-LF) and the last character was a '.', 4341 mail.local saw it as the end of input, transfered it to the 4342 user mailbox and tried to write an `ok' back to sendmail. 4343 If the message was much longer, both sendmail and 4344 mail.local would deadlock waiting for each other to read 4345 what they have written. Problem noted by Peter Jeremy of 4346 Alcatel Australia Limited. 4347 MAIL.LOCAL: New option -b to return a permanent error instead of a 4348 temporary error if a mailbox exceeds quota. Suggested by 4349 Neil Rickert of Northern Illinois University. 4350 MAIL.LOCAL: The creation of a lockfile is subject to a global 4351 timeout to avoid starvation. 4352 MAIL.LOCAL: Properly parse addresses with multiple quoted 4353 local-parts. Problem noted by Ronald F. Guilmette of 4354 Infinite Monkeys & Co. 4355 MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR. 4356 MAILSTATS: New -p option to invoke program mode in which stats are 4357 printed in a machine readable fashion and the stats file 4358 is reset. Patch from Kevin Hildebrand of the University 4359 of Maryland. 4360 MAKEMAP: If running as root, automatically change the ownership of 4361 generated maps to the TrustedUser as specified in the 4362 sendmail configuration file. 4363 MAKEMAP: New -C option to accept an alternate sendmail 4364 configuration file to use for finding the TrustedUser 4365 option. 4366 MAKEMAP: New -u option to dump (unmap) a database. Based on 4367 code contributed by Roy Mongiovi of Georgia Tech. 4368 MAKEMAP: New -e option to allow empty values. Suggested by Philip 4369 A. Prindeville of Enteka Enterprise Technology Services. 4370 MAKEMAP: Compile cleanly on 64-bit operating systems. Problem 4371 noted by Gerald Rinske of Siemens Business Services. 4372 OP.ME: Correctly document interaction between F=S and U= mailer 4373 equates. Problem noted by Bob Halley of Internet Engines. 4374 OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle 4375 Corporation UK. 4376 OP.ME: The Timeout [r] option was incorrectly listed as "safe" 4377 (e.g., sendmail would not drop root privileges if the 4378 option was specified on the command line). Problem noted 4379 by Todd C. Miller of Courtesan Consulting. 4380 PRALIASES: Handle the hash and btree map specifications for 4381 Berkeley DB. Patch from Brian J. Coan of the 4382 Institute for Global Communications. 4383 PRALIASES: Read the sendmail.cf file for the location(s) of the 4384 alias file(s) if the -f option is not used. Patch from 4385 John Beck of Sun Microsystems. 4386 PRALIASES: New -C option to specify an alternate sendmail 4387 configuration file to use for finding alias file(s). Patch 4388 from John Beck of Sun Microsystems. 4389 SMRSH: allow shell commands echo, exec, and exit. Allow command 4390 lists using || and &&. Based on patch from Brian J. Coan 4391 of the Institute for Global Communications. 4392 SMRSH: Update README for the new Build system. From Tim Pierce 4393 of RootsWeb Genealogical Data Cooperative. 4394 VACATION: Added vacation auto-responder to sendmail distribution. 4395 LIBSMDB: Added abstracted database library. Works with Berkeley 4396 DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. 4397 Changed Files: 4398 The Build script in the various program subdirectories are 4399 no longer symbolic links. They are now scripts 4400 which execute the actual Build script in 4401 devtools/bin. 4402 All the manual pages are now written against -man and not 4403 -mandoc as they were previously. 4404 Add a simple Makefile to every directory so make instead 4405 of Build will work (unless parameters are 4406 required for Build). 4407 New Directories: 4408 devtools/M4/UNIX 4409 include 4410 libmilter 4411 libsmdb 4412 libsmutil 4413 vacation 4414 Renamed Directories: 4415 BuildTools => devtools 4416 src => sendmail 4417 Deleted Files: 4418 cf/m4/nullrelay.m4 4419 devtools/OS/Linux.ppc 4420 devtools/OS/ReliantUNIX 4421 devtools/OS/SINIX 4422 sendmail/ldap_map.h 4423 New Files: 4424 INSTALL 4425 PGPKEYS 4426 cf/cf/generic-linux.cf 4427 cf/cf/generic-linux.mc 4428 cf/feature/delay_checks.m4 4429 cf/feature/dnsbl.m4 4430 cf/feature/generics_entire_domain.m4 4431 cf/feature/no_default_msa.m4 4432 cf/feature/relay_mail_from.m4 4433 cf/feature/virtuser_entire_domain.m4 4434 cf/mailer/qpage.m4 4435 cf/ostype/bsdi.m4 4436 cf/ostype/hpux11.m4 4437 cf/ostype/openbsd.m4 4438 contrib/bounce-resender.pl 4439 contrib/domainmap.m4 4440 contrib/qtool.8 4441 contrib/qtool.pl 4442 devtools/M4/depend/AIX.m4 4443 devtools/M4/list.m4 4444 devtools/M4/string.m4 4445 devtools/M4/subst_ext.m4 4446 devtools/M4/switch.m4 4447 devtools/OS/Darwin 4448 devtools/OS/GNU 4449 devtools/OS/SINIX.5.43 4450 devtools/OS/SINIX.5.44 4451 devtools/OS/m88k 4452 devtools/bin/find_in_path.sh 4453 mail.local/Makefile 4454 mailstats/Makefile 4455 makemap/Makefile 4456 praliases/Makefile 4457 rmail/Makefile 4458 sendmail/Makefile 4459 sendmail/bf.h 4460 sendmail/bf_portable.c 4461 sendmail/bf_portable.h 4462 sendmail/bf_torek.c 4463 sendmail/bf_torek.h 4464 sendmail/shmticklib.c 4465 sendmail/statusd_shm.h 4466 sendmail/timers.c 4467 sendmail/timers.h 4468 smrsh/Makefile 4469 vacation/Makefile 4470 Renamed Files: 4471 cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4 4472 sendmail/cdefs.h => include/sendmail/cdefs.h 4473 sendmail/sendmail.hf => sendmail/helpfile 4474 sendmail/mailstats.h => include/sendmail/mailstats.h 4475 sendmail/pathnames.h => include/sendmail/pathnames.h 4476 sendmail/safefile.c => libsmutil/safefile.c 4477 sendmail/snprintf.c => libsmutil/snprintf.c 4478 sendmail/useful.h => include/sendmail/useful.h 4479 cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4 4480 Copied Files: 4481 cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4 4482 44838.9.3/8.9.3 1999/02/04 4484 SECURITY: Limit message headers to a maximum of 32K bytes (total 4485 of all headers in a single message) to prevent a denial of 4486 service attack. This limit will be configurable in 8.10. 4487 Problem noted by Michal Zalewski of the "Internet for 4488 Schools" project (IdS). 4489 Prevent segmentation fault on an LDAP lookup if the LDAP map 4490 was closed due to an earlier failure. Problem noted by 4491 Jeff Wasilko of smoe.org. Fix from Booker Bense of 4492 Stanford University and Per Hedeland of Ericsson. 4493 Preserve the order of the MIME headers in multipart messages 4494 when performing the MIME header length check. This 4495 will allow PGP signatures to function properly. Problem 4496 noted by Lars Hecking of University College, Cork, Ireland. 4497 If ruleset 5 rewrote the local address to an :include: directive, 4498 the delivery would fail with an "aliasing/forwarding loop 4499 broken" error. Problem noted by Eric C Hagberg of Morgan 4500 Stanley. Fix from Per Hedeland of Ericsson. 4501 Allow -T to work for bestmx maps. Fix from Aaron Schrab of 4502 ExecPC Internet Systems. 4503 During the transfer of a message in an SMTP transaction, if a 4504 TCP timeout occurs, the message would be properly queued 4505 for later retry but the failure would be logged as 4506 "Illegal Seek" instead of a timeout. Problem noted by 4507 Piotr Kucharski of the Warsaw School of Economics (SGH) 4508 and Carles Xavier Munyoz Baldo of CTV Internet. 4509 Prevent multiple deliveries on a self-referencing alias if the 4510 F=w mailer flag is not set. Problem noted by Murray S. 4511 Kucherawy of Concentric Network Corporation and Per 4512 Hedeland of Ericsson. 4513 Do not strip empty headers but if there is no value and a 4514 default is defined in sendmail.cf, use the default. 4515 Problem noted by Philip Guenther of Gustavus Adolphus 4516 College and Christopher McCrory of Netus, Inc. 4517 Don't inherit information about the sender (notably the full name) 4518 in SMTP (-bs) mode, since this might be called from inetd. 4519 Accept any 3xx reply code in response to DATA command instead of 4520 requiring 354. This change will match the wording to be 4521 published in the updated SMTP specification from the DRUMS 4522 group of the IETF. 4523 Portability: 4524 AIX 4.2.0 or 4.2.1 may become updated by the fileset 4525 bos.rte.net level 4.2.0.2. This introduces the 4526 softlink /usr/lib/libbind.a which should 4527 not be used. It conflicts with the resolver 4528 built into libc.a. "bind" has been removed 4529 from the confLIBSEARCH BuildTools variable. 4530 Users who have installed BIND 8.X will have 4531 to add it back in their site.config.m4 file. 4532 Problem noted by Ole Holm Nielsen of the 4533 Technical University of Denmark. 4534 CRAY TS 10.0.x from Sven Nielsen of San Diego 4535 Supercomputer Center. 4536 Improved LDAP version 3 integration based on input 4537 from Kurt D. Zeilenga of the OpenLDAP Foundation, 4538 John Beck of Sun Microsystems, and Booker Bense 4539 of Stanford University. 4540 Linux doesn't have a standard way to get the timezone 4541 between different releases. Back out the 4542 change in 8.9.2 and don't attempt to derive 4543 a timezone. Problem reported by Igor S. Livshits 4544 of the University of Illinois at Urbana-Champaign 4545 and Michael Dickens of Tetranet Communications. 4546 Reliant UNIX, the new name for SINIX, from Gert-Jan Looy 4547 of Siemens/SNI. 4548 SunOS 5.8 from John Beck of Sun Microsystems. 4549 CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper 4550 timezone. Problem noted by Petr Lampa of Technical 4551 University of Brno. 4552 CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly 4553 when using FEATURE(bestmx_is_local). Patch from Neil W. 4554 Rickert of Northern Illinois University. 4555 CONFIG: Properly handle source routed and %-hack addresses on 4556 hosts which the mailertable remaps to local:. Patch from 4557 Neil W. Rickert of Northern Illinois University. 4558 CONFIG: Internal fixup of mailertable local: map value. Patch from 4559 Larry Parmelee of Cornell University. 4560 CONFIG: Only add back +detail from host portion of mailer triplet 4561 on local mailer triplets if it was originally +detail. 4562 Patch from Neil W. Rickert of Northern Illinois University. 4563 CONFIG: The bestmx_is_local checking done in check_rcpt would 4564 cause later checks to fail. Patch from Paul J Murphy of 4565 MIDS Europe. 4566 New Files: 4567 BuildTools/OS/CRAYTS.10.0.x 4568 BuildTools/OS/ReliantUNIX 4569 BuildTools/OS/SunOS.5.8 4570 45718.9.2/8.9.2 1998/12/30 4572 SECURITY: Remove five second sleep on accepting daemon connections 4573 due to an accept() failure. This sleep could be used 4574 for a denial of service attack. 4575 Do not silently ignore queue files with names which are too long. 4576 Patch from Bryan Costales of InfoBeat, Inc. 4577 Do not store failures closing an SMTP session in persistent 4578 host status. Reported by Graeme Hewson of Oracle 4579 Corporation UK. 4580 Allow symbolic link forward files if they are in safe directories. 4581 Problem noted by Andreas Schott of the Max Planck Society. 4582 Missing columns in a text map could cause a segmentation fault. 4583 Fix from David Lee of the University of Durham. 4584 Note that for 8.9.X, PrivacyOptions=goaway also includes the 4585 noetrn flag. This is scheduled to change in a future 4586 version of sendmail. Problem noted by Theo Van Dinter of 4587 Chrysalis Symbolic Designa and Alan Brown of Manawatu 4588 Internet Services. 4589 When trying to do host canonification in a Wildcard MX 4590 environment, try an MX lookup of the hostname without the 4591 default domain appended. Problem noted by Olaf Seibert of 4592 Polderland Language & Speech Technology. 4593 Reject SMTP RCPT To: commands with only comments (i.e. 4594 'RCPT TO: (comment)'. Problem noted by Earle Ake of 4595 Hassler Communication Systems Technology, Inc. 4596 Handle any number of %s in the LDAP filter spec. Patch from 4597 Per Hedeland of Ericsson. 4598 Clear ldapx open timeouts even if the map open failed to prevent 4599 a segmentation fault. Patch from Wayne Knowles of the 4600 National Institute of Water & Atmospheric Research Ltd. 4601 Do not syslog envelope clone messages when using address 4602 verification (-bv). Problem noted by Kari Hurtta of the 4603 Finnish Meteorological Institute. 4604 Continue to perform queue runs while in daemon mode even if the 4605 daemon is rejecting connections due to a disk full 4606 condition. Problem noted by JR Oldroyd of TerraNet 4607 Internet Services. 4608 Include full filename on installation of the sendmail.hf file 4609 in case the $HFDIR directory does not exist. Problem 4610 noted by Josef Svitak of Montana State University. 4611 Close all maps when exiting the process with one exception. 4612 Berkeley DB can use internal shared memory locking for 4613 its memory pool. Closing a map opened by another process 4614 will interfere with the shared memory and locks of the 4615 parent process leaving things in a bad state. For 4616 Berkeley DB, only close the map if the current process 4617 is also the one that opened the map, otherwise only close 4618 the map file descriptor. Thanks to Yoseff Francus of 4619 Collective Technologies for volunteering his system for 4620 extended testing. 4621 Avoid null pointer dereference on XDEBUG output for SMTP reply 4622 failures. Problem noted by Carlos Canau of EUnet Portugal. 4623 On mailq and hoststat listings being piped to another program, such 4624 as more, if the pipe closes (i.e., the user quits more), 4625 stop sending output and exit. Patch from Allan E Johannesen 4626 of Worcester Polytechnic Institute. 4627 In accordance with the documentation, LDAP map lookup failures 4628 are now considered temporary failures instead of permanent 4629 failures unless the -t flag is used in the map definition. 4630 Problem noted by Booker Bense of Stanford University and 4631 Eric C. Hagberg of Morgan Stanley. 4632 Fix by one error reporting on long alias names. Problem noted by 4633 H. Paul Hammann of the Missouri Research and Education 4634 Network. 4635 Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem 4636 noted by Barry S. Finkel of Argonne National Laboratory. 4637 When automatically converting from 8 bit to quoted printable MIME, 4638 be careful not to miss a multi-part boundary if that 4639 boundary is preceded by a boundary-like line. Problem 4640 noted by Andreas Raschle of Ansid Inc. Fix from 4641 Kari Hurtta of the Finnish Meteorological Institute. 4642 Avoid bogus reporting of "LMTP tobuf overflow" when the buffer 4643 has enough space for the additional address. Problem 4644 noted by Steve Cliffe of the University of Wollongong. 4645 Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem 4646 noted by Alex Vorobiev of Swarthmore College. 4647 If the check_compat ruleset resolves to the $#discard mailer, 4648 discard the current recipient. Unlike check_relay, 4649 check_mail, and check_rcpt, the entire envelope is not 4650 discarded. Problem noted by RZ D. Rahlfs. Fix from 4651 Claus Assmann of Christian-Albrechts-University of Kiel. 4652 Avoid segmentation fault when reading ServiceSwitchFile files with 4653 bogus formatting. Patch from Kari Hurtta of the Finnish 4654 Meteorological Institute. 4655 Support Berkeley DB 2.6.4 API change. 4656 OP.ME: Pages weren't properly output on duplexed printers. Fix 4657 from Matthew Black of CSU Long Beach. 4658 Portability: 4659 Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc. 4660 Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase 4661 option structure. Problem noted by Ashley M. 4662 Kirchner of Photo Craft Laboratories, Inc. 4663 Break out IP address to hostname translation for 4664 reading network interface addresses into 4665 class 'w'. Patch from John Kennedy of 4666 Cal State University, Chico. 4667 AIX 4.x use -qstrict with -O3 to prevent the optimized 4668 from changing the semantics of the compiled 4669 program. From Simon Travaglia of the 4670 University of Waikato, New Zealand. 4671 FreeBSD 2.2.2 and later support setusercontext(). From 4672 Peter Wemm of DIALix. 4673 FreeBSD 3.x fix from Peter Wemm of DIALix. 4674 IRIX 5.x has a syslog buffer size of 512 bytes. From 4675 Nao NINOMIYA of Utsunomiya University. 4676 IRIX 6.5 64-bit Build support. 4677 LDAP Version 3 support from John Beck and Ravi Iyer 4678 of Sun Microsystems. 4679 Linux does not implement seteuid() properly. From 4680 John Kennedy of Cal State University, Chico. 4681 Linux timezone type was set improperly. From Takeshi Itoh 4682 of Bits Co., Ltd. 4683 NCR MP-RAS 3.x needs -lresolv for confLIBS. From 4684 Tom J. Moore of NCR. 4685 NeXT 4.x correction to man page path. From J. P. McCann 4686 of E I A. 4687 System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs) 4688 from Paul Gampe of the Asia Pacific Network 4689 Information Center. 4690 ULTRIX now requires an optimization limit of 970 from 4691 Allan E Johannesen of Worcester Polytechnic 4692 Institute. 4693 Fix extern declaration for sm_dopr(). Fix from Henk 4694 van Oers of Algemeen Nederlands Persbureau. 4695 CONFIG: Catch @hostname,user@anotherhost.domain as relaying. 4696 Problem noted by Mark Rogov of AirMedia, Inc. Fix from 4697 Claus Assmann of Christian-Albrechts-University of Kiel. 4698 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as 4699 there are multiple RBL's available and the MAPS RBL may 4700 not be the one in use. Suggested by Alan Brown of 4701 Manawatu Internet Services. 4702 CONFIG: Properly strip route addresses (i.e., @host1:user@host2) 4703 when stripping down a recipient address to check for 4704 relaying. Patch from Claus Assmann of 4705 Christian-Albrechts-University of Kiel and Neil W Rickert 4706 of Northern Illinois University. 4707 CONFIG: Allow the access database to override RBL lookups. Patch 4708 from Claus Assmann of Christian-Albrechts-University of 4709 Kiel. 4710 CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch 4711 Dot Com. 4712 CONFIG: Fixed check for deferred delivery mode warning. Patch 4713 from Claus Assmann of Christian-Albrechts-University of 4714 Kiel and Per Hedeland of Ericsson. 4715 CONFIG: If a recipient using % addressing is used, e.g. 4716 user%site@othersite, and othersite's MX records are now 4717 checked for local hosts if FEATURE(relay_based_on_MX) is 4718 used. Problem noted by Alexander Litvin of Lucky Net Ltd. 4719 Patch from Alexander Litvin of Lucky Net Ltd and 4720 Claus Assmann of Christian-Albrechts-University of Kiel. 4721 MAIL.LOCAL: Prevent warning messages from appearing in the LMTP 4722 stream. Do not allow more than one response per recipient. 4723 MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix 4724 from John Beck of Sun Microsystems. 4725 MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from 4726 John Beck of Sun Microsystems. 4727 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in 4728 the envelope From header. 4729 MAIL.LOCAL: Accept underscores in hostnames in LMTP mode. 4730 Problem noted by Glenn A. Malling of Syracuse University. 4731 MAILSTATS: Document msgsrej and msgsdis fields in the man page. 4732 Problem noted by Richard Wong of Princeton University. 4733 MAKEMAP: Build group list so group writable files are allowed with 4734 the -s flag. Problem noted by Curt Sampson of Internet 4735 Portal Services, Inc. 4736 PRALIASES: Automatically handle alias files created without the 4737 NULL byte at the end of the key. Patch from John Beck of 4738 Sun Microsystems. 4739 PRALIASES: Support Berkeley DB 2.6.4 API change. 4740 New Files: 4741 BuildTools/OS/IRIX64.6.5 4742 BuildTools/OS/UnixWare.5.i386 4743 cf/ostype/unixware7.m4 4744 contrib/smcontrol.pl 4745 src/control.c 4746 47478.9.1/8.9.1 1998/07/02 4748 If both an OS specific site configuration file and a generic 4749 site.config.m4 file existed, only the latter was used 4750 instead of both. Problem noted by Geir Johannessen of 4751 the Norwegian University of Science and Technology. 4752 Fix segmentation fault while converting 8 bit to 7 bit MIME 4753 multipart messages by trying to write to an unopened 4754 file descriptor. Fix from Kari Hurtta of the Finnish 4755 Meteorological Institute. 4756 Do not assume Message: and Text: headers indicate the end of 4757 the header area when parsing MIME headers. Problem noted 4758 by Kari Hurtta of the Finnish Meteorological Institute. 4759 Setting the confMAN#SRC Build variable would only effect the 4760 installation commands. The man pages would still be 4761 built with .0 extensions. Problem noted by Bryan 4762 Costales of InfoBeat, Inc. 4763 Installation of manual pages didn't honor the DESTDIR environment 4764 variable. Problem noted by Bryan Costales of InfoBeat, Inc. 4765 If the check_relay ruleset resolved to the discard mailer, messages 4766 were still delivered. Problem noted by Mirek Luc of NASK. 4767 Mail delivery to files would fail with an Operating System Error 4768 if sendmail was not running as root, i.e., RunAsUser was set. 4769 Problem noted by Leonard N. Zubkoff of Dandelion Digital. 4770 Prevent MinQueueAge from interfering from queued items created 4771 in the future, i.e., if the system clock was set ahead 4772 and then back. Problem noted by Michael Miller of the 4773 University of Natal, Pietermaritzburg. 4774 Do not advertise ETRN support in ESTMP EHLO reply if noetrn is 4775 set in the PrivacyOptions option. Fix from Ted Rule of 4776 Flextech TV. 4777 Log invalid persistent host status file lines instead of 4778 bouncing the message. Problem noted by David Lindes of 4779 DaveLtd Enterprises. 4780 Move creation of empty sendmail.st file from installation to 4781 compilation. Installation may be done from a read-only 4782 mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric 4783 Anderson of the Oasis Research Center, Inc. 4784 Enforce the maximum number of User Database entries limit. Problem 4785 noted by Gary Buchanan of Credence Systems Inc. 4786 Allow dead.letter files in root's home directory. Problem noted 4787 by Anna Ullman of Sun Microsystems. 4788 Program deliveries in forward files could be marked unsafe if 4789 any directory listed in the ForwardPath option did not 4790 exist. Problem noted by Jorg Bielak of Coastal Web Online. 4791 Do not trust the length of the address structure returned by 4792 gethostbyname(). Problem noted by Chris Evans of Oxford 4793 University. 4794 If the SIZE= MAIL From: ESMTP parameter is too large, use the 4795 5.3.4 DSN status code instead of 5.2.2. Similarly, for 4796 non-local deliveries, if the message is larger than the 4797 mailer maximum message size, use 5.3.4 instead of 5.2.3. 4798 Suggested by Antony Bowesman of 4799 Fujitsu/TeaWARE Mail/MIME System. 4800 Portability: 4801 Fix the check for an IP address reverse lookup for 4802 use in $&{client_name} on 64 bit platforms. 4803 From Gilles Gallot of Institut for Development 4804 and Resources in Intensive Scientific computing. 4805 BSD-OS uses .0 for man page extensions. From Jeff Polk 4806 of BSDI. 4807 DomainOS detection for Build. Also, version 10.4 and later 4808 ship a unistd.h. Fixes from Takanobu Ishimura of 4809 PICT Inc. 4810 NeXT 4.x uses /usr/lib/man/cat for its man pages. From 4811 J. P. McCann of E I A. 4812 SCO 4.X and 5.X include NDBM support. From Vlado Potisk 4813 of TEMPEST, Ltd. 4814 CONFIG: Do not pass spoofed PTR results through resolver for 4815 qualification. Problem noted by Michiel Boland of 4816 Digital Valley Internet Professionals; fix from 4817 Kari Hurtta of the Finnish Meteorological Institute. 4818 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP, 4819 BITNET, and DECNET addresses for resolvable senders. 4820 Problem noted by Alexander Litvin of Lucky Net Ltd. 4821 CONFIG: Work around Sun's broken configuration which sends bounce 4822 messages as coming from @@hostname instead of <>. LMTP 4823 would not accept @@hostname. 4824 OP.ME: Corrections to complex sendmail startup script from Rick 4825 Troxel of the National Institutes of Health. 4826 RMAIL: Do not install rmail by default, require 'make force-install' 4827 as this rmail isn't the same as others. Suggested by 4828 Kari Hurtta of the Finnish Meteorological Institute. 4829 New Files: 4830 BuildTools/OS/DomainOS.10.4 4831 48328.9.0/8.9.0 1998/05/19 4833 SECURITY: To prevent users from reading files not normally 4834 readable, sendmail will no longer open forward, :include:, 4835 class, ErrorHeader, or HelpFile files located in unsafe 4836 (i.e., group or world writable) directory paths. Sites 4837 which need the ability to override security can use the 4838 DontBlameSendmail option. See the README file for more 4839 information. 4840 SECURITY: Problems can occur on poorly managed systems, specifically, 4841 if maps or alias files are in world writable directories. 4842 This fixes the change added to 8.8.6 to prevent links in these 4843 world writable directories. 4844 SECURITY: Make sure ServiceSwitchFile option file is not a link if 4845 it is in a world writable directory. 4846 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the 4847 tty it may be able to push bytes back to the senders input. 4848 Unfortunately this breaks -v mode. Problem noted by 4849 Wietse Venema of the Global Security Analysis Lab at 4850 IBM T.J. Watson Research. 4851 SECURITY: Empty group list if DontInitGroups is set to true to 4852 prevent program deliveries from picking up extra group 4853 privileges. Problem reported by Wolfgang Ley of DFN-CERT. 4854 SECURITY: The default value for DefaultUser is now set to the uid and 4855 gid of the first existing user mailnull, sendmail, or daemon 4856 that has a non-zero uid. If none of these exist, sendmail 4857 reverts back to the old behavior of using uid 1 and gid 1. 4858 This is a security problem for Linux which has chosen that 4859 uid and gid for user bin instead of daemon. If DefaultUser 4860 is set in the configuration file, that value overrides this 4861 default. 4862 SECURITY: Since 8.8.7, the check for non-set-user-ID binaries 4863 interfered with setting an alternate group id for the 4864 RunAsUser option. Problem noted by Randall Winchester of 4865 the University of Maryland. 4866 Add support for Berkeley DB 2.X. Based on patch from John Kennedy 4867 of Cal State University, Chico. 4868 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users 4869 which previously defined OLD_NEWDB=1 must now upgrade to the 4870 current version of Berkeley DB. 4871 Added support for regular expressions using the new map class regex. 4872 From Jan Krueger of Unix-AG of University of Hannover. 4873 Support for BIND 8.1.1's hesiod for hesiod maps and hesiod 4874 UserDatabases from Randall Winchester of the University 4875 of Maryland. 4876 Allow any shell for user shell on program deliveries on V1 4877 configurations for backwards compatibility on machines which 4878 do not have getusershell(). Fix from John Beck of Sun 4879 Microsystems. 4880 On operating systems which change the process title by reusing the 4881 argument vector memory, sendmail could corrupt memory if the 4882 last argument was either "-q" or "-d". Problem noted by 4883 Frank Langbein of the University of Stuttgart. 4884 Support Local Mail Transfer Protocol (LMTP) between sendmail and 4885 mail.local on the F=z flag. 4886 Macro-expand the contents of the ErrMsgFile. Previously this was 4887 only done if you had magic characters (0x81) to indicate 4888 macro expansion. Now $x will be expanded. This means that 4889 real dollar signs have to be backslash escaped. 4890 TCP Wrappers expects "unknown" in the hostname argument if the 4891 reverse DNS lookup for the incoming connection fails. 4892 Problem noted by Randy Grimshaw of Syracuse University and 4893 Wietse Venema of the Global Security Analysis Lab at 4894 IBM T.J. Watson Research. 4895 DSN success bounces generated from an invocation of sendmail -t 4896 would be sent to both the sender and MAILER-DAEMON. 4897 Problem noted by Claus Assmann of 4898 Christian-Albrechts-University of Kiel. 4899 Avoid "Error 0" messages on delivery mailers which exit with a 4900 valid exit value such as EX_NOPERM. Fix from Andreas Luik 4901 of ISA Informationssysteme GmbH. 4902 Tokenize $&x expansions on right hand side of rules. This eliminates 4903 the need to use tricks like $(dequote "" $&{client_name} $) 4904 to cause the ${client_name} macro to be properly tokenized. 4905 Add the MaxRecipientsPerMessage option: this limits the number of 4906 recipients that will be accepted in a single SMTP 4907 transaction. After this number is reached, sendmail 4908 starts returning "452 Too many recipients" to all RCPT 4909 commands. This can be used to limit the number of recipients 4910 per envelope (in particular, to discourage use of the server 4911 for spamming). Note: a better approach is to restrict 4912 relaying entirely. 4913 Fixed pointer initialization for LDAP lmap struct, fixed -s option 4914 to ldapx map and added timeout for ldap_open call to 4915 avoid hanging sendmail in the event of hung LDAP servers. 4916 Patch from Booker Bense of Stanford University. 4917 Allow multiple -qI, -qR, or -qS queue run limiters. For example, 4918 '-qRfoo -qRbar' would deliver mail to recipients with foo or 4919 bar in their address. Patch from Allan E Johannesen of 4920 Worcester Polytechnic Institute. 4921 The bestmx map will now return a list of the MX servers for a host if 4922 passed a column delimiter via the -z map flag. This can be 4923 used to check if the server is an MX server for the recipient 4924 of a message. This can be used to help prevent relaying. 4925 Patch from Mitchell Blank Jr of Exec-PC. 4926 Mark failures for the *file* mailer and return bounce messages to the 4927 sender for those failures. 4928 Prevent bogus syslog timestamps on errors in sendmail.cf by 4929 preserving the TZ environment variable until TimeZoneSpec 4930 has been determined. Problem noted by Ralf Hildebrandt of 4931 Technical University of Braunschweig. Patch from Per Hedeland 4932 of Ericsson. 4933 Print test input in address test mode when input is not from the tty 4934 when the -v flag is given (i.e., sendmail -bt -v) to make 4935 output easier to decipher. Problem noted by Aidan Nichol 4936 of Procter & Gamble. 4937 The LDAP map -s flag was not properly parsed and the error message 4938 given included the remainder of the arguments instead of 4939 solely the argument in error. Problem noted by Aidan Nichol 4940 of Procter & Gamble. 4941 New DontBlameSendmail option. This option allows administrators to 4942 bypass some of sendmail's file security checks at the expense 4943 of system security. This should only be used if you are 4944 absolutely sure you know the consequences. The available 4945 DontBlameSendmail options are: 4946 Safe 4947 AssumeSafeChown 4948 ClassFileInUnsafeDirPath 4949 ErrorHeaderInUnsafeDirPath 4950 GroupWritableDirPathSafe 4951 GroupWritableForwardFileSafe 4952 GroupWritableIncludeFileSafe 4953 GroupWritableAliasFile 4954 HelpFileinUnsafeDirPath 4955 WorldWritableAliasFile 4956 ForwardFileInGroupWritableDirPath 4957 IncludeFileInGroupWritableDirPath 4958 ForwardFileInUnsafeDirPath 4959 IncludeFileInUnsafeDirPath 4960 ForwardFileInUnsafeDirPathSafe 4961 IncludeFileInUnsafeDirPathSafe 4962 MapInUnsafeDirPath 4963 LinkedAliasFileInWritableDir 4964 LinkedClassFileInWritableDir 4965 LinkedForwardFileInWritableDir 4966 LinkedIncludeFileInWritableDir 4967 LinkedMapInWritableDir 4968 LinkedServiceSwitchFileInWritableDir 4969 FileDeliveryToHardLink 4970 FileDeliveryToSymLink 4971 WriteMapToHardLink 4972 WriteMapToSymLink 4973 WriteStatsToHardLink 4974 WriteStatsToSymLink 4975 RunProgramInUnsafeDirPath 4976 RunWritableProgram 4977 New DontProbeInterfaces option to turn off the inclusion of all the 4978 interface names in $=w on startup. In particular, if you 4979 have lots of virtual interfaces, this option will speed up 4980 startup. However, unless you make other arrangements, mail 4981 sent to those addresses will be bounced. 4982 Automatically create alias databases if they don't exist and 4983 AutoRebuildAliases is set. 4984 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command. 4985 Suggested by Christophe Wolfhugel of the Institut Pasteur. 4986 Add PrivacyOptions=noverb flag to disable the SMTP VERB command. 4987 When determining the client host name ($&{client_name} macro), do 4988 a forward (A) DNS lookup on the result of the PTR lookup 4989 and compare results. If they differ or if the PTR lookup 4990 fails, &{client_name} will contain the IP address 4991 surrounded by square brackets (e.g., [127.0.0.1]). 4992 New map flag: -Tx appends "x" to lookups that return temporary failure 4993 (i.e, it is like -ax for the temporary failure case, in 4994 contrast to the success case). 4995 New syntax to do limited checking of header syntax. A config line 4996 of the form: 4997 HHeader: $>Ruleset 4998 causes the indicated Ruleset to be invoked on the Header 4999 when read. This ruleset works like the check_* rulesets -- 5000 that is, it can reject mail on the basis of the contents. 5001 Limit the size of the HELO/EHLO parameter to prevent spammers 5002 from hiding their connection information in Received: 5003 headers. 5004 When SingleThreadDelivery is active, deliveries to locked hosts 5005 are skipped. This will cause the delivering process to 5006 try the next MX host or queue the message if no other MX 5007 hosts are available. Suggested by Alexander Litvin. 5008 The [FILE] mailer type now delivers to the file specified in the 5009 A= equate of the mailer definition instead of $u. It also 5010 obeys all of the F= mailer flags such as the MIME 5011 7/8 bit conversion flags. This is useful for defining 5012 a mailer which delivers to the same file regardless of the 5013 recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail). 5014 Do not assume the identity of a remote connection is root@localhost 5015 if the remote connection closes the socket before the 5016 remote identity can be queried. 5017 Change semantics of the F=S mailer flag back to 8.7.5 behavior. 5018 Some mailers, including procmail, require that the real 5019 uid is left unchanged by sendmail. Problem noted by Per 5020 Hedeland of Ericsson. 5021 No longer is the src/obj*/Makefile selected from a large list -- it 5022 is now generated using the information in BuildTools/OS/ -- 5023 some of the details are determined dynamically via 5024 BuildTools/bin/configure.sh. 5025 The other programs in the sendmail distribution -- mail.local, 5026 mailstats, makemap, praliases, rmail, and smrsh -- now use 5027 the new Build method which creates an operating system 5028 specific Makefile using the information in BuildTools. 5029 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e., 5030 a failure on one message won't affect future messages to the 5031 same host). This is necessary if the remote host sends 5032 a 451 error if the domain of the sender does not resolve 5033 as is common in anti-spam configurations. Problem noted 5034 by Mitchell Blank Jr of Exec-PC. 5035 New "discard" mailer for check_* rulesets and header checking 5036 rulesets. If one of the above rulesets resolves to the 5037 $#discard mailer, the commands will be accepted but the 5038 message will be completely discarded after it is accepting. 5039 This means that even if only one of the recipients 5040 resolves to the $#discard mailer, none of the recipients 5041 will receive the mail. Suggested by Brian Kantor. 5042 All but the last cloned envelope of a split envelope were queued 5043 instead of being delivered. Problem noted by John Caruso 5044 of CNET: The Computer Network. 5045 Fix deadlock situation in persistent host status file locking. 5046 Syslog an error if a user forward file could not be read due to 5047 an error. Patch from John Beck of Sun Microsystems. 5048 Use the first name returned on machine lookups when canonifying a 5049 hostname via NetInfo. Patch from Timm Wetzel of GWDG. 5050 Clear the $&{client_addr}, $&{client_name}, and $&{client_port} 5051 macros when delivering a bounce message to prevent 5052 rejection by a check_compat ruleset which uses these macros. 5053 Problem noted by Jens Hamisch of AgiX Internetservices GmbH. 5054 If the check_relay ruleset resolves to the the error mailer, the 5055 error in the $: portion of the resolved triplet is used 5056 in the rejection message given to the remote machine. 5057 Suggested by Scott Gifford of The Internet Ramp. 5058 Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros 5059 before calling the check_relay ruleset. Suggested by Scott 5060 Gifford of The Internet Ramp. 5061 Sendmail would get a segmentation fault if a mailer exited with an 5062 exit code of 79. Problem noted by Aaron Schrab of ExecPC 5063 Internet. Fix from Christophe Wolfhugel of the Pasteur 5064 Institute. 5065 Separate snprintf/vsnprintf routines into separate file for use by 5066 mail.local. 5067 Allow multiple map lookups on right hand side, e.g., 5068 R$* $( host $1 $) $| $( passwd $1 $). Patch from 5069 Christophe Wolfhugel of the Pasteur Institute. 5070 Properly generate success DSN messages if requested for aliases 5071 which have owner- aliases. Problem noted by Kari Hurtta 5072 of the Finnish Meteorological Institute. 5073 Properly display delayed-expansion macros ($&{macroname}) in 5074 address test mode (-bt). Problem noted by Bryan Costales 5075 of InfoBeat, Inc. 5076 -qR could sometimes match names incorrectly. Problem noted by 5077 Lutz Euler of Lavielle EDV Systemberatung GmbH & Co. 5078 Include a magic number and version in the StatusFile for the 5079 mailstats command. 5080 Record the number of rejected and discarded messages in the 5081 StatusFile for display by the mailstats command. Patch 5082 from Randall Winchester of the University of Maryland. 5083 IDENT returns where the OSTYPE field equals "OTHER" now list the 5084 user portion as IDENT:username@site instead of 5085 username@site to differentiate the two. Suggested by 5086 Kari Hurtta of the Finnish Meteorological Institute. 5087 Enforce timeout for LDAP queries. Patch from Per Hedeland of 5088 Ericsson. 5089 Change persistent host status filename substitution so '/' is 5090 replaced by ':' instead of '|' to avoid clashes. Also 5091 avoid clashes with hostnames with leading dots. Fix from 5092 Mitchell Blank Jr. of Exec-PC. 5093 If the system lock table is full, only attempt to create a new 5094 queue entry five times before giving up. Previously, it 5095 was attempted indefinitely which could cause the partition 5096 to run out of inodes. Problem noted by Suzie Weigand of 5097 Stratus Computer, Inc. 5098 In verbose mode, warn if the sendmail.cf version is less than the 5099 currently supported version. 5100 Sorting for QueueSortOrder=host is now case insensitive. Patch 5101 from Randall S. Winchester of the University of Maryland. 5102 Properly quote a full name passed via the -F command line option, 5103 the Full-Name: header, or the NAME environment variable if 5104 it contains characters which must be quoted. Problem noted 5105 by Kari Hurtta of the Finnish Meteorological Institute. 5106 Avoid possible race condition that unlocked a mail job before 5107 releasing the transcript file on systems that use flock(2). 5108 In some cases, this might result in a "Transcript Unavailable" 5109 message in error bounces. 5110 Accept SMTP replies which contain only a reply code and no 5111 accompanying text. Problem noted by Fernando Fraticelli of 5112 Digital Equipment Corporation. 5113 Portability: 5114 AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura 5115 of Kyoto University. 5116 AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from 5117 Randall S. Winchester of the University of 5118 Maryland. 5119 AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS. 5120 CRAY T3E from Manu Mahonen of Center for Scientific Computing 5121 in Finland. 5122 Digital UNIX now uses statvfs for determining free 5123 disk space. Patch from Randall S. Winchester of 5124 the University of Maryland. 5125 HP-UX 11.x from Richard Allen of Opin Kerfi HF and 5126 Regis McEwen of Progress Software Corporation. 5127 IRIX 64 bit fixes from Kari Hurtta of the Finnish 5128 Meteorological Institute. 5129 IRIX 6.2 configuration fix for mail.local from Michael Kyle 5130 of CIC/Advanced Computing Laboratory. 5131 IRIX 6.5 from Thomas H Jones II of SGI. 5132 IRIX 6.X load average code from Bob Mende of SGI. 5133 QNX from Glen McCready <glen@qnx.com>. 5134 SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links 5135 to sendmail. Install with group bin instead of kmem 5136 as kmem does not exist. From Guillermo Freige of 5137 Gobernacion de la Pcia de Buenos Aires and Paul 5138 Fischer of BTG, Inc. 5139 SunOS 4.X does not include memmove(). Patch from 5140 Per Hedeland of Ericsson. 5141 SunOS 5.7 includes getloadavg() function for determining 5142 load average. Patch from John Beck of Sun 5143 Microsystems. 5144 CONFIG: Increment version number of config file. 5145 CONFIG: add DATABASE_MAP_TYPE to set the default type of database 5146 map for the various maps. The default is hash. Patch from 5147 Robert Harker of Harker Systems. 5148 CONFIG: new confEBINDIR m4 variable for defining the executable 5149 directory for certain programs. 5150 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for 5151 local mail delivery. By the default, /usr/libexec/mail.local 5152 is used. This is expected to be the mail.local shipped 5153 with 8.9 which is LMTP capable. The path is based on the 5154 new confEBINDIR m4 variable. 5155 CONFIG: Use confEBINDIR in determining path to smrsh for 5156 FEATURE(smrsh). Note that this changes the default from 5157 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the 5158 old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh). 5159 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to 5160 include $z/.forward.$w+$h and $z/.forward+$h which allow 5161 the user to setup different .forward files for 5162 user+detail addressing. 5163 CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES, 5164 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage, 5165 DontProbeInterfaces, and DontBlameSendmail options. 5166 CONFIG: by default do not allow relaying (that is, accepting mail 5167 from outside your domain and sending it to another host 5168 outside your domain). 5169 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from 5170 any site to any site. 5171 CONFIG: new FEATURE(relay_entire_domain) allows any host in your 5172 domain as defined by the 'm' class ($=m) to relay. 5173 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on 5174 the MX records of the host portion of an incoming recipient. 5175 CONFIG: new FEATURE(access_db) which turns on the access database 5176 feature. This database gives you the ability to allow 5177 or refuse to accept mail from specified domains for 5178 administrative reasons. By default, names that are listed 5179 as "OK" in the access db are domain names, not host names. 5180 CONFIG: new confCR_FILE m4 variable for defining the name of the file 5181 used for class 'R'. Defaults to /etc/mail/relay-domains. 5182 CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file) 5183 to add items to class 'R' ($=R) for hosts allowed to relay. 5184 CONFIG: new FEATURE(relay_hosts_only) to change the behavior 5185 of FEATURE(access_db) and class 'R' to lookup individual 5186 host names only. 5187 CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient 5188 using % addressing is used, e.g. user%site@othersite, 5189 and othersite is in class 'R', the check_rcpt ruleset 5190 will strip @othersite and recheck user@site for relaying. 5191 This feature changes that behavior. It should not be 5192 needed for most installations. 5193 CONFIG: new FEATURE(relay_local_from) to allow relaying if the 5194 domain portion of the mail sender is a local host. This 5195 should only be used if absolutely necessary as it opens 5196 a window for spammers. Patch from Randall S. Winchester of 5197 the University of Maryland. 5198 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to 5199 block incoming mail destined for certain recipient 5200 usernames, hostnames, or addresses. 5201 CONFIG: By default, MAIL FROM: commands in the SMTP session will be 5202 refused if the host part of the argument to MAIL FROM: cannot 5203 be located in the host name service (e.g., DNS). 5204 CONFIG: new FEATURE(accept_unresolvable_domains) accepts 5205 unresolvable hostnames in MAIL FROM: SMTP commands. 5206 CONFIG: new FEATURE(accept_unqualified_senders) accepts 5207 MAIL FROM: senders which do not include a domain. 5208 CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the 5209 Realtime Blackhole List. You can specify the RBL name 5210 server to contact by specifying it as an optional argument. 5211 The default is rbl.maps.vix.com. For details, see 5212 http://maps.vix.com/rbl/. 5213 CONFIG: Call Local_check_relay, Local_check_mail, and 5214 Local_check_rcpt from check_relay, check_mail, and 5215 check_rcpt. Users with local rulesets should place the 5216 rules using LOCAL_RULESETS. If a Local_check_* ruleset 5217 returns $#OK, the message is accepted. If the ruleset 5218 returns a mailer, the appropriate action is taken, else 5219 the return of the ruleset is ignored. 5220 CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by 5221 default to support file, :include:, and program deliveries. 5222 CONFIG: Remove the default for confDEF_USER_ID so the binary can 5223 pick the proper default value. See the SECURITY note 5224 above for more information. 5225 CONFIG: FEATURE(nodns) now warns the user that the feature is a 5226 no-op. Patch from Kari Hurtta of the Finnish 5227 Meteorological Institute. 5228 CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to 5229 daemon since DEC's /bin/mail will drop the envelope 5230 sender if run as mailnull. See the Digital UNIX section 5231 of src/README for more information. Problem noted by 5232 Kari Hurtta of the Finnish Meteorological Institute. 5233 CONFIG: .cf files are now stored in the same directory with the 5234 .mc files instead of in the obj directory. 5235 CONFIG: New options confSINGLE_LINE_FROM_HEADER, 5236 confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for 5237 setting SingleLineFromHeader, AllowBogusHELO, and 5238 MustQuoteChars respectively. 5239 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This 5240 SMTP-like protocol allows detailed reporting of delivery 5241 status on a per-user basis. Code donated by John Myers of 5242 CMU (now of Netscape). 5243 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the 5244 University of Maryland. NOTE: mail.local is not 5245 compatible with the stock HP-UX mail format. Be sure to 5246 read mail.local/README. 5247 MAIL.LOCAL: Prevent other mail delivery agents from stealing a 5248 mailbox lock. Patch from Randall S. Winchester of the 5249 University of Maryland. 5250 MAIL.LOCAL: glibc portability from John Kennedy of Cal State 5251 University, Chico. 5252 MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish 5253 Meteorological Institute. 5254 MAILSTATS: Display the number of rejected and discarded messages 5255 in the StatusFile. Patch from Randall Winchester of the 5256 University of Maryland. 5257 MAKEMAP: New -s flag to ignore safety checks on database map files 5258 such as linked files in world writable directories. 5259 MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support. 5260 PRALIASES: Add support for Berkeley DB 2.X. 5261 PRALIASES: Do not automatically include NDBM support. Problem 5262 noted by Ralf Hildebrandt of the Technical University of 5263 Braunschweig. 5264 RMAIL: Improve portability for other platforms. Patches from 5265 Randall S. Winchester of the University of Maryland and 5266 Kari Hurtta of the Finnish Meteorological Institute. 5267 Changed Files: 5268 src/Makefiles/Makefile.* files have been modified to use 5269 the new build mechanism and are now BuildTools/OS/*. 5270 src/makesendmail changed to symbolic link to src/Build. 5271 New Files: 5272 BuildTools/M4/header.m4 5273 BuildTools/M4/depend/BSD.m4 5274 BuildTools/M4/depend/CC-M.m4 5275 BuildTools/M4/depend/NCR.m4 5276 BuildTools/M4/depend/Solaris.m4 5277 BuildTools/M4/depend/X11.m4 5278 BuildTools/M4/depend/generic.m4 5279 BuildTools/OS/AIX.4.2 5280 BuildTools/OS/AIX.4.x 5281 BuildTools/OS/CRAYT3E.2.0.x 5282 BuildTools/OS/HP-UX.11.x 5283 BuildTools/OS/IRIX.6.5 5284 BuildTools/OS/NEXTSTEP.4.x 5285 BuildTools/OS/NeXT.4.x 5286 BuildTools/OS/NetBSD.8.3 5287 BuildTools/OS/QNX 5288 BuildTools/OS/SunOS.5.7 5289 BuildTools/OS/dcosx.1.x.NILE 5290 BuildTools/README 5291 BuildTools/Site/README 5292 BuildTools/bin/Build 5293 BuildTools/bin/configure.sh 5294 BuildTools/bin/find_m4.sh 5295 BuildTools/bin/install.sh 5296 Makefile 5297 cf/cf/Build 5298 cf/cf/generic-hpux10.cf 5299 cf/feature/accept_unqualified_senders.m4 5300 cf/feature/accept_unresolvable_domains.m4 5301 cf/feature/access_db.m4 5302 cf/feature/blacklist_recipients.m4 5303 cf/feature/loose_relay_check.m4 5304 cf/feature/local_lmtp.m4 5305 cf/feature/promiscuous_relay.m4 5306 cf/feature/rbl.m4 5307 cf/feature/relay_based_on_MX.m4 5308 cf/feature/relay_entire_domain.m4 5309 cf/feature/relay_hosts_only.m4 5310 cf/feature/relay_local_from.m4 5311 cf/ostype/qnx.m4 5312 contrib/doublebounce.pl 5313 mail.local/Build 5314 mail.local/Makefile.m4 5315 mail.local/README 5316 mailstats/Build 5317 mailstats/Makefile.m4 5318 makemap/Build 5319 makemap/Makefile.m4 5320 praliases/Build 5321 praliases/Makefile.m4 5322 rmail/Build 5323 rmail/Makefile.m4 5324 rmail/rmail.0 5325 smrsh/Build 5326 smrsh/Makefile.m4 5327 src/Build 5328 src/Makefile.m4 5329 src/snprintf.c 5330 Deleted Files: 5331 cf/cf/Makefile (replaced by Makefile.dist) 5332 mail.local/Makefile 5333 mail.local/Makefile.dist 5334 mailstats/Makefile 5335 mailstats/Makefile.dist 5336 makemap/Makefile 5337 makemap/Makefile.dist 5338 praliases/Makefile 5339 praliases/Makefile.dist 5340 rmail/Makefile 5341 smrsh/Makefile 5342 smrsh/Makefile.dist 5343 src/Makefile 5344 src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2) 5345 src/Makefiles/Makefile.SMP_DC.OSx.NILE 5346 (renamed BuildTools/OS/dcosx.1.x.NILE) 5347 src/Makefiles/Makefile.Utah (obsolete platform) 5348 Renamed Files: 5349 READ_ME => README 5350 cf/cf/Makefile.dist => Makefile 5351 cf/cf/obj/* => cf/cf/* 5352 src/READ_ME => src/README 5353 53548.8.8/8.8.8 1997/10/24 5355 If the check_relay ruleset failed, the relay= field was logged 5356 incorrectly. Problem noted by Kari Hurtta of the Finnish 5357 Meteorological Institute. 5358 If /usr/tmp/dead.letter already existed, sendmail could not 5359 add additional bounces to it. Problem noted by Thomas J. 5360 Arseneault of SRI International. 5361 If an SMTP mailer used a non-standard port number for the outgoing 5362 connection, it would be displayed incorrectly in verbose mode. 5363 Problem noted by John Kennedy of Cal State University, Chico. 5364 Log the ETRN parameter specified by the client before altering them 5365 to internal form. Suggested by Bob Kupiec of GES-Verio. 5366 EXPN and VRFY SMTP commands on malformed addresses were logging as 5367 User unknown with bogus delay= values. Change them to log 5368 the same as compliant addresses. Problem noted by Kari E. 5369 Hurtta of the Finnish Meteorological Institute. 5370 Ignore the debug resolver option unless using sendmail debug trace 5371 option for resolver. Problem noted by Greg Nichols of Wind 5372 River Systems. 5373 If SingleThreadDelivery was enabled and the remote server returned a 5374 protocol error on the DATA command, the connection would be 5375 closed but the persistent host status file would not be 5376 unlocked so other sendmail processes could not deliver to 5377 that host. Problem noted by Peter Wemm of DIALix. 5378 If queueing up a message due to an expensive mailer, don't increment 5379 the number of delivery attempts or set the last delivery 5380 attempt time so the message will be delivered on the next 5381 queue run regardless of MinQueueAge. Problem noted by 5382 Brian J. Coan of the Institute for Global Communications. 5383 Authentication warnings of "Processed from queue _directory_" and 5384 "Processed by _username_ with -C _filename_" would be logged 5385 with the incorrect timestamp. Problem noted by Kari E. Hurtta 5386 of the Finnish Meteorological Institute. 5387 Use a better heuristic for detecting GDBM. 5388 Log null connections on dropped connections. Problem noted by 5389 Jon Lewis of Florida Digital Turnpike. 5390 If class dbm maps are rebuilt, sendmail will now detect this and 5391 reopen the map. Previously, they could give stale 5392 results during a single message processing (but would 5393 recover when the next message was received). Fix from 5394 Joe Pruett of Q7 Enterprises. 5395 Do not log failures such as "User unknown" on -bv or SMTP VRFY 5396 requests. Problem noted by Kari E. Hurtta of the 5397 Finnish Meteorological Institute. 5398 Do not send a bounce message back to the sender regarding bad 5399 recipients if the SMTP connection is dropped before the 5400 message is accepted. Problem noted by Kari E. Hurtta of the 5401 Finnish Meteorological Institute. 5402 Use "localhost" instead of "[UNIX: localhost]" when connecting to 5403 sendmail via a UNIX pipe. This will allow rulesets using 5404 $&{client_name} to process without sending the string through 5405 dequote. Problem noted by Alan Barrett of Internet Africa. 5406 A combination of deferred delivery mode, a double bounce situation, 5407 and the inability to save a bounce message to 5408 /var/tmp/dead.letter would cause sendmail to send a bounce 5409 to postmaster but not remove the offending envelope from the 5410 queue causing it to create a new bounce message each time the 5411 queue was run. Problem noted by Brad Doctor of Net Daemons 5412 Associates. 5413 Remove newlines from hostname information returned via DNS. There are 5414 no known security implications of newlines in hostnames as 5415 sendmail filters newlines in all vital areas; however, this 5416 could cause confusing error messages. 5417 Starting with sendmail 8.8.6, mail sent with the '-t' option would be 5418 rejected if any of the specified addresses were bad. This 5419 behavior was modified to only reject the bad addresses and not 5420 the entire message. Problem noted by Jozsef Hollosi of 5421 SuperNet, Inc. 5422 Use Timeout.fileopen when delivering mail to a file. Suggested by 5423 Bryan Costales of InfoBeat, Inc. 5424 Display the proper Final-Recipient on DSN messages for non-SMTP 5425 mailers. Problem noted by Kari E. Hurtta of the 5426 Finnish Meteorological Institute. 5427 An error in calculating the available space in the list of addresses 5428 for logging deliveries could cause an address to be silently 5429 dropped. 5430 Include the initial user environment if sendmail is restarted via 5431 a HUP signal. This will give room for the process title. 5432 Problem noted by Jon Lewis of Florida Digital Turnpike. 5433 Mail could be delivered without a body if the machine does not 5434 support flock locking and runs out of processes during 5435 delivery. Fix from Chuck Lever of the University of Michigan. 5436 Drop recipient address from 251 and 551 SMTP responses per RFC 821. 5437 Problem noted by Kari E. Hurtta of the Finnish Meteorological 5438 Institute. 5439 Make sure non-rebuildable database maps are opened before the 5440 rebuildable maps (i.e., alias files) in case the database maps 5441 are needed for verifying the left hand side of the aliases. 5442 Problem noted by Lloyd Parkes of Victoria University. 5443 Make sure sender RFC822 source route addresses are alias expanded for 5444 bounce messages. Problem noted by Juergen Georgi of 5445 RUS University of Stuttgart. 5446 Minor lint fixes. 5447 Return a temporary error instead of a permanent error if an LDAP map 5448 search returns an error. This will allow sequenced maps which 5449 use other LDAP servers to be checked. Fix from Booker Bense 5450 of Stanford University. 5451 When automatically converting from quoted printable to 8bit text do 5452 not pad bare linefeeds with a space. Problem noted by Theo 5453 Nolte of the University of Technology Aachen, Germany. 5454 Portability: 5455 Non-standard C compilers may have had a problem compiling 5456 conf.c due to a standard C external declaration of 5457 setproctitle(). Problem noted by Ted Roberts of 5458 Electronic Data Systems. 5459 AUX: has a broken O_EXCL implementation. Reported by Jim 5460 Jagielski of jaguNET Access Services. 5461 BSD/OS: didn't compile if HASSETUSERCONTEXT was defined. 5462 Digital UNIX: Digital UNIX (and possibly others) moves 5463 loader environment variables into the loader memory 5464 area. If one of these environment variables (such as 5465 LD_LIBRARY_PATH) was the last environment variable, 5466 an invalid memory address would be used by the process 5467 title routine causing memory corruption. Problem 5468 noted by Sam Hartman of Mesa Internet Systems. 5469 GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused 5470 chownsafe() to always return 0 even if the OS does 5471 not permit file giveaways. Problem noted by 5472 Yasutaka Sumi of The University of Tokyo. 5473 IRIX6: Syslog buffer size set to 512 bytes. Reported by 5474 Gerald Rinske of Siemens Business Services VAS. 5475 Linux: Pad process title with NULLs. Problem noted by 5476 Jon Lewis of Florida Digital Turnpike. 5477 SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an 5478 incorrect value for the number of interfaces. 5479 Problem noted by Chris Loelke of JetStream Internet 5480 Services. 5481 SINIX: Update for Makefile and syslog buffer size from Gerald 5482 Rinske of Siemens Business Services VAS. 5483 Solaris: Make sure HASGETUSERSHELL setting for SunOS is not 5484 used on a Solaris machine. Problem noted by 5485 Stephen Ma of Jtec Pty Limited. 5486 CONFIG: SINIX: Update from Gerald Rinske of Siemens Business 5487 Services VAS. 5488 MAKEMAP: Use a better heuristic for detecting GDBM. 5489 CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff. 5490 OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of 5491 Ericsson. 5492 54938.8.7/8.8.7 1997/08/03 5494 If using Berkeley DB on systems without O_EXLOCK (open a file with 5495 an exclusive lock already set -- i.e., almost all systems 5496 except 4.4-BSD derived systems), the initial attempt at 5497 rebuilding aliases file if the database didn't already 5498 exist would fail. Patch from Raymund Will of LST Software 5499 GmbH. 5500 Bogus incoming SMTP commands would reset the SMTP conversation. 5501 Problem noted by Fredrik J�nsson of the Royal Institute 5502 of Technology, Stockholm. 5503 Since TCP Wrappers includes setenv(), unsetenv(), and putenv(), 5504 some environments could give "multiple definitions" for these 5505 routines during compilation. If using TCP Wrappers, assume 5506 that these routines are included as though they were in the 5507 C library. Patch from Robert La Ferla. 5508 When a NEWDB database map was rebuilt at the same time it was being 5509 used by a queue run, the maps could be left locked for the 5510 duration of the queue run, causing other processes to hang. 5511 Problem noted by Kendall Libby of Shore.NET. 5512 In some cases, NoRecipientAction=add-bcc was being ignored, so the 5513 mail was passed on without any recipient header. This could 5514 cause problems downstream. Problem noted by Xander Jansen 5515 of SURFnet ExpertiseCentrum. 5516 Give error when GDBM is used with sendmail. GDBM's locking and 5517 linking of the .dir and .pag files interferes with sendmail's 5518 locking and security checks. Problems noted by Fyodor 5519 Yarochkin of the Kyrgyz Republic FreeNet. 5520 Don't fsync qf files if SuperSafe option is not set. 5521 Avoid extra calls to gethostbyname for addresses for which a 5522 gethostbyaddr found no value. Also, ignore any returns 5523 from gethostbyaddr that look like a dotted quad. 5524 If PTR lookup fails when looking up an SMTP peer, don't tag it as 5525 "may be forged", since at the network level we pretty much 5526 have to assume that the information is good. 5527 In some cases, errors during an SMTP session could leave files 5528 open or locked. 5529 Better handling of missing file descriptors (0, 1, 2) on startup. 5530 Better handling of non-set-user-ID binaries -- avoids certain obnoxious 5531 errors during testing. 5532 Errors in file locking of NEWDB maps had the incorrect file name 5533 printed in the error message. 5534 If the AllowBogusHELO option were set and an EHLO with a bad or 5535 missing parameter were issued, the EHLO behaved like a HELO. 5536 Load limiting never kicked in for incoming SMTP transactions if the 5537 DeliveryMode=background and any recipient was an alias or 5538 had a .forward file. From Nik Conwell of Boston University. 5539 On some non-Posix systems, the decision of whether chown(2) permits 5540 file giveaway was undefined. From Tetsu Ushijima of the 5541 Tokyo Institute of Technology. 5542 Fix race condition that could cause the body of a message to be 5543 lost (so only the header was delivered). This only occurs 5544 on systems that do not use flock(2), and only when a queue 5545 runner runs during a critical section in another message 5546 delivery. Based on a patch from Steve Schweinhart of 5547 Results Computing. 5548 If a qf file was found in a mail queue directory that had a problem 5549 (wrong ownership, bad format, etc.) and the file name was 5550 exactly MAXQFNAME bytes long, then instead of being tried 5551 once, it would be tried on every queue run. Problem noted 5552 by Bryan Costales of Mercury Mail. 5553 If the system supports an st_gen field in the status structure, 5554 include it when reporting that a file has changed after open. 5555 This adds a new compile flag, HAS_ST_GEN (0/1 option). 5556 This out to be checked as well as reported, since it is 5557 theoretically possible for an attacker to remove a file after 5558 it is opened and replace it with another file that has the 5559 same i-number, but some filesystems (notably AFS) return 5560 garbage in this field, and hence always look like the file 5561 has changed. As a practical matter this is not a security 5562 problem, since the files can be neither hard nor soft links, 5563 and on no filesystem (that I am aware of) is it possible to 5564 have two files on the same filesystem with the same i-number 5565 simultaneously. 5566 Delete the root Makefile from the distribution -- it is only for 5567 use internally, and does not work at customer sites. 5568 Fix botch that caused the second MAIL FROM: command in a single 5569 transaction to clear the entire transaction. Problem 5570 noted by John Kennedy of Cal State University, Chico. 5571 Work properly on machines that have _PATH_VARTMP defined without 5572 a trailing slash. (And a pox on vendors that decide to 5573 ignore the established conventions!) Problem noted by 5574 Gregory Neil Shapiro of WPI. 5575 Internal changes to make it easier to add another protocol family 5576 (intended for IPv6). Patches are from John Kennedy of 5577 CSU Chico. 5578 In certain cases, 7->8 bit MIME decoding of Base64 text could leave 5579 an extra space at the beginning of some lines. Problem 5580 noted by Charles Karney of Princeton University; fix based 5581 on a patch from Christophe Wolfhugel. 5582 Portability: 5583 Allow _PATH_VENDOR_CF to be set in Makefile for consistency 5584 with the _Sendmail_ book, 2nd edition. Note that 5585 the book is actually wrong: _PATH_SENDMAILCF should 5586 be used instead. 5587 AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow 5588 of Argonne National Laboratory. 5589 OpenBSD from from Paul DuBois of the University of Wisconsin. 5590 RISC/os 4.0 from Paul DuBois of the University of Wisconsin. 5591 SunOS: Include <memory.h> to fix warning from util.c. From 5592 James Aldridge of EUnet Ltd. 5593 Solaris: Change STDIR (location of status file) to /etc/mail 5594 in Makefiles. 5595 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from 5596 Makefiles. Use NEWDB on Linux instead. 5597 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl 5598 exists but behaves differently than other OSes. 5599 Add SIOCGIFNUM_IS_BROKEN compile flag to get 5600 around the problem. Problem noted by Tom Moore of 5601 NCR Corp. 5602 HP-UX 9.x: fix compile warnings for old select API. Problem 5603 noted by Tom Smith of Digital Equipment Corp. 5604 UnixWare 2.x: compile warnings on offsetof macro. Problem 5605 noted by Tom Good of the Community Access Information 5606 Resource Network 5607 SCO 4.2: compile problems caused by a change in the type of 5608 the "length" parameters passed to accept, getpeername, 5609 getsockname, and getsockopt. Adds new compile flags 5610 SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported 5611 by Tom Good of St. Vincent's North Richmond Community 5612 Mental Health Center Residential Services. 5613 AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. 5614 Suggested by Brett Hogden of Rochester Gas & Electric 5615 Corp. 5616 Linux: avoid compile problem for versions of <setjmp.h> that 5617 #define both setjmp and longjmp. Problem pointed out 5618 by J.R. Oldroyd of TerraNet. 5619 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1) 5620 from Christopher Durham of SCO. 5621 CONFIG: NEXTSTEP: define confCW_FILE to 5622 /etc/sendmail/sendmail.cw to match the usual 5623 configuration. Patch from Dennis Glatting of 5624 PlainTalk. 5625 CONFIG: MAILER(fax) called a program that hasn't existed for a long 5626 time. Convert to use the HylaFAX 4.0 conventions. Suggested 5627 by Harry Styron. 5628 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These 5629 are the rulesets in use on sendmail.org. 5630 MAKEMAP: give error on GDBM files. 5631 MAIL.LOCAL: Make error messages a bit more explicit, for example, 5632 telling more details on what actually changed when "file 5633 changed after open". 5634 CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw 5635 files. 5636 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'. 5637 NEW FILES: 5638 src/Makefiles/Makefile.OpenBSD 5639 src/Makefiles/Makefile.RISCos.4_0 5640 test/t_exclopen.c 5641 cf/ostype/sco-uw-2.1.m4 5642 DELETED FILES: 5643 Makefile 5644 56458.8.6/8.8.6 1997/06/14 5646 ************************************************************* 5647 * The extensive assistance of Gregory Neil Shapiro of WPI * 5648 * in preparing this release is gratefully appreciated. * 5649 * Sun Microsystems has also provided resources toward * 5650 * continued sendmail development. * 5651 ************************************************************* 5652 SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open 5653 mode bits set to create a file that is a symbolic link that 5654 points nowhere. This makes it possible to create a root 5655 owned file in an arbitrary directory by inserting the symlink 5656 into a writable directory after the initial lstat(2) check 5657 determined that the file did not exist. The only verified 5658 example of a system having these odd semantics for O_EXCL 5659 and symbolic links was HP-UX prior to version 9.07. Most 5660 systems do not have the problem, since a exclusive create 5661 of a file disallows symbolic links. Systems that have been 5662 verified to NOT have the problem include AIX 3.x, *BSD, 5663 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris, 5664 and Ultrix. This is a potential exposure on systems that 5665 have this bug and which do not have a MAILER-DAEMON alias 5666 pointing at a legitimate account, since this will cause old 5667 mail to be dropped in /var/tmp/dead.letter. 5668 SECURITY: Problems can occur on poorly managed systems, specifically, 5669 if maps or alias files are in world writable directories. 5670 If your system has alias maps in writable directories, it 5671 is potentially possible for an attacker to replace the .db 5672 (or .dir and .pag) files by symbolic links pointing at 5673 another database; this can be used either to expose 5674 information (e.g., by pointing an alias file at /etc/spwd.db 5675 and probing for accounts), or as a denial-of-service attack 5676 (by trashing the password database). The fix disallows 5677 symbolic links entirely when rebuilding alias files or on 5678 maps that are in writable directories, and always warns on 5679 writable directories; 8.9 will probably consider writable 5680 directories to be fatal errors. This does not represent an 5681 exposure on systems that have alias files in unwritable 5682 system directories. 5683 SECURITY: disallow .forward or :include: files that are links (hard 5684 or soft) if the parent directory (or any directory in the 5685 path) is writable by anyone other than the owner. This is 5686 similar to the previous case for user files. This change 5687 should not affect most systems, but is necessary to prevent 5688 an attacker who can write the directory from pointing such 5689 files at other files that are readable only by the owner. 5690 SECURITY: Tighten safechown rules: many systems will say that they 5691 have a safe (restricted to root) chown even on files that 5692 are mounted from another system that allows owners to give 5693 away files. The new rules are very strict, trusting file 5694 ownership only in those few cases where the system has 5695 been verified to be at least as paranoid as necessary. 5696 However, it is possible to relax the rules to partially 5697 trust the ownership if the directory path is not world or 5698 group writable. This might allow someone who has a legitimate 5699 :include: file (referenced directly from /etc/aliases) to 5700 become another non-root user if the :include: file is in a 5701 non-writable directory on an NFS-mounted filesystem where 5702 the local system says that giveaway is denied but it is 5703 actually permitted. I believe this to be a very small set 5704 of cases. If in doubt, do not point :include: aliases at 5705 NFS-mounted filesystems. 5706 SECURITY: When setting a numeric group id using the RunAsUser option 5707 (e.g., "O RunAsUser=10:20", the group id would not be set. 5708 Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha 5709 group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine. 5710 The user id was still set properly. Problem noted by Uli 5711 Pralle of the Technical University of Berlin. 5712 Save the initial gid set for use when checking for if the 5713 PrivacyOptions=restrictmailq option is set. Problem reported 5714 by Wolfgang Ley of DFN-CERT. 5715 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a 5716 failure on one message won't affect future messages to the 5717 same host). 5718 IP source route printing had an "off by one" error that would 5719 affect any options that came after the route option. Patch 5720 from Theo de Raadt. 5721 The "Message is too large" error didn't successfully bounce the error 5722 back to the sender. Problem reported by Stephen More of 5723 PSI; patch from Gregory Neil Shapiro of WPI. 5724 Change SMTP status code 553 to map into Extended code 5.1.0 (instead 5725 of 5.1.3); it apparently gets used in multiple ways. 5726 Suggested by John Myers of Portola Communications. 5727 Fix possible extra null byte generated during collection if errors 5728 occur at the beginning of the stream. Patch contributed by 5729 Andrey A. Chernov and Gregory Neil Shapiro. 5730 Code changes to avoid possible reentrant call of malloc/free within 5731 a signal handler. Problem noted by John Beck of Sun 5732 Microsystems. 5733 Move map initialization to be earlier so that check_relay ruleset 5734 will have the latest version of the map data. Problem noted 5735 by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro. 5736 If there are fatal errors during the collection phase (e.g., message 5737 too large) don't send the bogus message. 5738 Avoid "cannot open xfAAA00000" messages when sending to aliases that 5739 have errors and have owner- aliases. Problem noted by Michael 5740 Barber of MTU; fix from Gregory Neil Shapiro of WPI. 5741 Avoid null pointer dereference on illegal Boundary= parameters in 5742 multipart/mixed Content-Type: header. Problem noted by 5743 Richard Muirden of RMIT University. 5744 Always print error messages during newaliases (-bi) even if the 5745 ErrorMode is not set to "print". Fix from Gregory Neil 5746 Shapiro. 5747 Test mode could core dump if you did a /map lookup in an optional map 5748 that could not be opened. Based on a fix from John Beck of 5749 Sun Microsystems. 5750 If DNS is misconfigured so that the last MX record tried points to 5751 a host that does not have an A record, but other MX records 5752 pointed to something reasonable, don't bounce the message 5753 with a "host unknown" error. Note that this should really 5754 be fixed in the zone file for the domain. Problem noted by 5755 Joe Rhett of Navigist, Inc. 5756 If a map fails (e.g., DNS times out) on all recipient addresses, mark 5757 the message as having been tried; otherwise the next queue 5758 run will not realize that this is a second attempt and will 5759 retry immediately. Problem noted by Bryan Costales of 5760 Mercury Mail. 5761 If the clock is set backwards, and a MinQueueAge is set, no jobs 5762 will be run until the later setting of the clock is reached. 5763 "Problem" (I use the term loosely) noted by Eric Hagberg of 5764 Morgan Stanley. 5765 If the load average rises above the cutoff threshold (above which 5766 sendmail will not process the queue at all) during a queue 5767 run, abort the queue run immediately. Problem noted by 5768 Bryan Costales of Mercury Mail. 5769 The variable queue processing algorithm (based on the message size, 5770 number of recipients, message precedence, and job age) was 5771 non-functional -- either the entire queue was processed or 5772 none of the queue was processed. The updated algorithm 5773 does no queue run if a single recipient zero size job will 5774 not be run. 5775 If there is a fatal ("panic") message that will cause sendmail to 5776 die immediately, never hold the error message for future 5777 printing. 5778 Force ErrorMode=print in -bt mode so that all errors are printed 5779 regardless of the setting of the ErrorMode option in the 5780 configuration file. Patch from Gregory Neil Shapiro. 5781 New compile flag HASSTRERROR says that this OS has the strerror(3) 5782 routine available in one of the libraries. Use it in conf.h. 5783 The -m (match only) flag now works on host class maps. 5784 If class hash or btree maps are rebuilt, sendmail will now detect 5785 this and reopen the map. Previously, they could give 5786 erroneous results during a single message processing 5787 (but would recover when the next message was received). 5788 Don't delete zero length queue files when doing queue runs until the 5789 files are at least ten minutes old. This avoids a potential 5790 race condition: the creator creates the qf file, getting back 5791 a file descriptor. The queue runner locks it and deletes it 5792 because it is zero length. The creator then writes the 5793 descriptor that is now for a disconnected file, and the 5794 job goes away. Based on a suggestion by Bryan Costales. 5795 When determining the "validated" host name ($_ macro), do a forward 5796 (A) DNS lookup on the result of the PTR lookup and compare 5797 results. If they differ or if the PTR lookup fails, tag the 5798 address as "may be forged". 5799 Log null connections (i.e., hosts that connect but do not do any 5800 substantive activity on the connection before disconnecting; 5801 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN. 5802 Always permit "writes" to /dev/null regardless of the link count. 5803 This is safe because /dev/null is special cased, and no open 5804 or write is ever actually attempted. Patch from Villy Kruse 5805 of TwinCom. 5806 If a message cannot be sent because of a 552 (exceeded storage 5807 allocation) response to the MAIL FROM:<>, and a SIZE= parameter 5808 was given, don't return the body in the bounce, since there 5809 is a very good chance that the message will double-bounce. 5810 Fix possible line truncation if a quoted-printable had an =00 escape 5811 in the body. Problem noted by Charles Karney of the Princeton 5812 Plasma Physics Laboratory. 5813 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses. 5814 Problem noted by Kari Hurtta of the Finnish Meteorological 5815 Institute. 5816 The MaxDaemonChildren option wasn't applying to queue runs as 5817 documented. Note that this increases the potential denial 5818 of service problems with this option: an attacker can 5819 connect many times, and thereby lock out queue runs as well 5820 as incoming connections. If you use this option, you should 5821 run the "sendmail -bd" and "sendmail -q30m" jobs separately 5822 to avoid this attack. Failure to limit noted by Matthew 5823 Dillon of BEST Internet Communications. 5824 Always give a message in newaliases if alias files cannot be 5825 opened instead of failing silently. Suggested by Gregory 5826 Neil Shapiro. This change makes the code match the O'Reilly 5827 book (2nd edition). 5828 Some older versions of the resolver could return with h_errno == -1 5829 if no name server could be reached, causing mail to bounce 5830 instead of queueing. Treat this like TRY_AGAIN. Fix from 5831 John Beck of SunSoft. 5832 If a :include: file is owned by a user that does not have an entry 5833 in the passwd file, sendmail could dereference a null pointer. 5834 Problem noted by Satish Mynam of Sun Microsystems. 5835 Take precautions to make sure that the SMTP protocol cannot get out 5836 of sync if (for example) an alias file cannot be opened. 5837 Fix a possible race condition that can cause a SIGALRM to come in 5838 immediately after a SIGHUP, causing the new sendmail to die. 5839 Avoid possible hang on SVr3 systems when doing child reaping. Patch 5840 from Villy Kruse of TwinCom. 5841 Ignore improperly formatted SMTP reply codes. Previously these were 5842 partially processed, which could cause confusing error 5843 returns. 5844 Fix possible bogus pointer dereference when doing ldapx map lookups 5845 on some architectures. 5846 Portability: 5847 A/UX: from Jim Jagielski of NASA/GSFC. 5848 glibc: SOCK_STREAM was changed from a #define to an enum, 5849 thus breaking #ifdef SOCK_STREAM. Only option seems 5850 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is 5851 defined. Problem reported by A Sun of the University 5852 of Washington. 5853 Solaris: use SIOCGIFNUM to get the number of interfaces on 5854 the system rather than guessing at compile time. 5855 Patch contributed by John Beck of Sun Microsystems. 5856 Intel Paragon: from Wendy Lin of Purdue University. 5857 GNU Hurd: from Miles Bader of the GNU project. 5858 RISC/os 4.50 from Harlan Stenn of PFCS Corporation. 5859 ISC Unix: wait never returns if SIGCLD signals are blocked. 5860 Unfortunately releasing them opens a race condition, 5861 but there appears to be no fix for this. Patch from 5862 Gregory Neil Shapiro. 5863 BIND 8.1 for IPv6 compatibility from John Kennedy. 5864 Solaris: a bug in strcasecmp caused characters with the 5865 high order bit set to apparently randomly match 5866 letters -- for example, $| (0233) matches "i" and "I". 5867 Problem noted by John Gregson of the University of 5868 Cambridge. 5869 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From 5870 Kari Hurtta. 5871 IRIX 6.x: Create Makefiles for systems that claim to be 5872 IRIX64 but are 6.2 or higher (so use the regular 5873 IRIX Makefile). 5874 IRIX 6.x: Fix load average computation on 64 bit kernels. 5875 Problem noted by Eric Hagberg of Morgan Stanley. 5876 CONFIG: Some canonification was still done for UUCP-like addresses 5877 even if FEATURE(nocanonify) was set. Problem pointed out by 5878 Brian Candler. 5879 CONFIG: In some cases UUCP mailers wouldn't properly recognize all 5880 local names as local. Problem noted by Jeff Polk of BSDI; 5881 fix provided by Gregory Neil Shapiro. 5882 CONFIG: The "local:user" syntax entries in mailertables and other 5883 "mailer:user" syntax locations returned an incorrect value 5884 for the $h macro. Problem noted by Gregory Neil Shapiro. 5885 CONFIG: Retain "+detail" information when forwarding mail to a 5886 MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip 5887 Guenther of Gustavus Adolphus College. 5888 CONFIG: Make sure user+detail works for FEATURE(virtusertable); 5889 rules are the same as for aliasing. Based on a patch from 5890 Gregory Neil Shapiro. 5891 CONFIG: Break up parsing rules into several pieces; this should 5892 have no functional change in this release, but makes it 5893 possible to have better anti-spam rulesets in the future. 5894 CONFIG: Disallow double dots in host names to avoid having the 5895 HostStatusDirectory store status under the wrong name. 5896 In some cases this can be used as a denial-of-service attack. 5897 Problem noted by Ron Jarrell of Virginia Tech, patch from 5898 Gregory Neil Shapiro. 5899 CONFIG: Don't use F=m (multiple recipients per invocation) for 5900 MAILER(procmail), but do pass F=Pn9 (include Return-Path:, 5901 don't include From_, and convert to 8-bit). Suggestions 5902 from Kimmo Suominen and Roderick Schertler. 5903 CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were 5904 being masqueraded as though FEATURE(masquerade_entire_domain) 5905 was specified, even when it wasn't. 5906 MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft. 5907 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't 5908 "slip in" a symbolic link between the lstat(2) call and the 5909 exclusive open. This is only a problem on System V derived 5910 systems that allow an exclusive create on files that are 5911 symbolic links pointing nowhere. 5912 MAIL.LOCAL: If the final mailbox close() failed, the user id was 5913 not reset back to root, which on some systems would cause 5914 later mailboxes to fail. Also, any partial message would 5915 not be truncated, which could result in repeated deliveries. 5916 Problem noted by Bruce Evans via Peter Wemm (FreeBSD 5917 developers). 5918 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar 5919 change to the sendmail map code was made in 8.8.3. Problem 5920 noted by Gregory Neil Shapiro. 5921 MAKEMAP: Give warnings on file problems such as map files that are 5922 symbolic links; although makemap is not set-user-ID root, it is 5923 often run as root and hence has the potential for the same 5924 sorts of problems as alias rebuilds. 5925 MAKEMAP: Change compilation so that it will link properly on 5926 NEXTSTEP. 5927 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. 5928 Accept an optional list of arguments following the server 5929 name for the ETRN arguments to use (instead of $=w). Other 5930 miscellaneous bug fixes. From Christian von Roques via 5931 John Beck of Sun Microsystems. 5932 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This 5933 Perl script converts GECOS information in the /etc/passwd 5934 file into aliases, allowing for faster access to full name 5935 lookups; it is also clever about adding aliases (to root) 5936 for system accounts. 5937 NEW FILES: 5938 src/safefile.c 5939 cf/ostype/gnuhurd.m4 5940 cf/ostype/irix6.m4 5941 contrib/passwd-to-alias.pl 5942 src/Makefiles/Makefile.IRIX64.6.1 5943 src/Makefiles/Makefile.IRIX64.6.x 5944 RENAMED FILES: 5945 src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x 5946 src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0 5947 59488.8.5/8.8.5 1997/01/21 5949 SECURITY: Clear out group list during startup. Without this, sendmail 5950 will continue to run with the group permissions of the caller, 5951 even if RunAsUser is specified. 5952 SECURITY: Make purgestat (-bH) be root-only. This is not in response 5953 to any known attack, but it's best to be conservative. 5954 Suggested by Peter Wemm of DIALix. 5955 SECURITY: Fix buffer overrun problem in MIME code that has possible 5956 security implications. Patch from Alex Garthwaite of the 5957 University of Pennsylvania. 5958 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'") 5959 would truncate the address after "Full". Although the -f 5960 syntax is incorrect (since it is in the envelope, it 5961 shouldn't have comments and full names), the failure mode 5962 was unnecessarily awful. 5963 Fix a possible null pointer dereference when converting 8-bit data 5964 to a 7-bit format. Problem noted by Jim Hutchins of 5965 Sandia National Labs and David James of British Telecom. 5966 Clear out stale state that affected F=9 on SMTP mailers in queue 5967 runs. Although this really shouldn't be used (F=9 is for 5968 final delivery only, and using it on an SMTP mailer makes 5969 it possible for a message to be converted from 8->7->8->7 5970 bits several times), it shouldn't have failed with a syserr. 5971 Problem noted by Eric Hagberg of Morgan Stanley. 5972 _Really_ fix the multiple :maildrop code in the user database 5973 module. Patch from Roy Mongiovi of Georgia Tech. 5974 Let F lines in the configuration file actually read root-only 5975 files if the configuration file is safe. Based on a 5976 patch from Keith Reynolds of SCO. 5977 ETRN followed by QUIT would hold the connection open until the queue 5978 run completed. Problem noted by Truck Lewis of TDK 5979 Semiconductor Corp. 5980 It turns out that despite the documentation, the TCP wrappers library 5981 does _not_ log rejected connections. Do the logging ourselves. 5982 Problem noted by Fletcher Mattox of the University of Texas 5983 at Austin. 5984 If sendmail finds a qf file in its queue directory that is an unknown 5985 version (e.g., when backing out to an old version), the 5986 error is reported on every queue run. Change it to only 5987 give the error once (and rename the qf => Qf). Patch from 5988 William A. Gianopoulos of Raytheon Company. 5989 Start a new session when doing background delivery; currently it 5990 ignored signals but didn't start a new signal, that caused 5991 some problems if a background process tried to send mail 5992 under certain circumstances. Problem noted by Eric Hagberg 5993 of Morgan Stanley; fix from Kari Hurtta. 5994 Simplify test for skipping a queue run to just check if the current 5995 load average is >= the queueing load average. Previously 5996 the check factored in some other parameters that caused it 5997 to essentially never skip the queue run. Patch from Bryan 5998 Costales. 5999 If the SMTP server is running in "nullserver" mode (that is, it is 6000 rejecting all commands), start sleeping after MAXBADCOMMAND 6001 (25) commands; this helps prevent a bad guy from putting 6002 you into a tight loop as a denial-of-service attack. Based 6003 on an e-mail conversation with Brad Knowles of AOL. 6004 Slow down when too many "light weight" commands have been issued; 6005 this helps prevent a class of denial-of-service attacks. 6006 The current values and defaults are: 6007 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 6008 MAXHELOCOMMANDS 3 HELO, EHLO 6009 MAXVRFYCOMMANDS 6 VRFY, EXPN 6010 MAXETRNCOMMANDS 8 ETRN 6011 These will probably be configurable in a future release. 6012 On systems that have uid_t typedefed to be an unsigned short, programs 6013 that had the F=S flag and no U= equate would be invoked with 6014 the real uid set to 65535 rather than being left unchanged. 6015 In some cases, NOTIFY=NEVER was not being honored. Problem noted 6016 by Steve Hubert of the University of Washington, Seattle. 6017 Mail that was Quoted-Printable encoded and had a soft line break on 6018 the last line (i.e., an incomplete continuation) had the last 6019 line dropped. Since this appears to be illegal it isn't 6020 clear what to do with it, but flushing the last line seems 6021 to be a better "fail soft" approach. Based on a patch from 6022 Eric Hagberg. 6023 If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a 6024 bogus HELO command still causes the "Polite people say HELO 6025 first" error message. Problem pointed out by Chris Thomas 6026 of UCLA; patch from John Beck of SunSoft. 6027 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set 6028 in PrivacyOptions. The -q shouldn't turn this command off. 6029 Problem noted by Murray Kucherawy of Pacific Bell Internet; 6030 based on a patch from Gregory Neil Shapiro of WPI. 6031 Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation) 6032 in a DATA transaction to be sticky; these can occur because 6033 a message is too large, and smaller messages should still go 6034 through. Problem noted by Matt Dillon of Best Internet 6035 Communications. 6036 In some cases bounces were saved in /var/tmp/dead.letter even if they 6037 had been successfully delivered to the envelope sender. 6038 Problem noted Eric Hagberg of Morgan Stanley; solution from 6039 Gregory Neil Shapiro of WPI. 6040 Give better diagnostics on long alias lines. Based on code contributed 6041 by Patrick Gosling of the University of Cambridge. 6042 Increase the number of virtual interfaces that will be probed for 6043 alternate names. Problem noted by Amy Rich of Shore.Net. 6044 PORTABILITY: 6045 UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from 6046 Toshiaki Nomura of Fujitsu Limited. 6047 SunOS with LDAP support: compile problems with struct timeval. 6048 Patch from Nick Cuccia of TCSI Corporation. 6049 SCO: from Keith Reynolds of SCO. 6050 Solaris: kstat load average computation wasn't being used. 6051 Fixes from Michael Ju. Tokarev of Telecom Service, JSC 6052 (Moscow). 6053 OpenBSD: from Jason Downs of teeny.org. 6054 Altos System V: from Tim Rice. 6055 Solaris 2.5: from Alan Perry of SunSoft. 6056 Solaris 2.6: from John Beck of SunSoft. 6057 Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli 6058 of Pratt & Whitney <miorelli@pweh.com>. 6059 CONFIG: It seems that I hadn't gotten the Received: line syntax 6060 _just_right_ yet. Tweak it again. I'll omit the names 6061 of the "contributors" (quantity two) in this one case. 6062 As of now, NO MORE DISCUSSION about the syntax of the 6063 Received: line. 6064 CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E), 6065 it never inserts that class into the output file. Fix it 6066 so it will honor EXPOSED_USER but will _not_ include root 6067 automatically in this class. Problem noted by Ronan KERYELL 6068 of Centre de Recherche en Informatique de l'�cole Nationale 6069 Sup�rieure des Mines de Paris (CRI-ENSMP). 6070 CONFIG: Clean up handling of "local:" syntax in relay specifications 6071 such as LUSER_RELAY. This change permits the following 6072 syntaxes: ``local:'' will send to the same user on the 6073 local machine (e.g., in a mailertable entry for "host", 6074 ``local:'' will cause an address addressed to user@host to 6075 go to user on the local machone). ``local:user'' will send 6076 to the named user on the local machine. ``local:user@host'' 6077 is equivalent to ``local:user'' (the host is ignored). In 6078 all cases, the original user@host is passed in $@ (i.e., the 6079 detail information). Inspired by a report from Michael Fuhr. 6080 CONFIG: Strip quotes from the first word of an "error:" host 6081 indication. This lets you set (for example) the LUSER_RELAY 6082 to be ``error:\"5.1.1\" Your Message Here''. Note the use 6083 of the \" so that the resulting string is properly quoted. 6084 Problem noted by Gregory Neil Shapiro of WPI. 6085 OP.ME: documentation was inconsistent about whether sendmail did a 6086 NOOP or a RSET to probe the connection (it does a RSET). 6087 Inconsistency noted by Deeran Peethamparam. 6088 OP.ME: insert additional blank pages so it will print properly on 6089 a duplex printer. From Matthew Black of Cal State University, 6090 Long Beach. 6091 60928.8.4/8.8.4 1996/12/02 6093 SECURITY: under some circumstances, an attacker could get additional 6094 permissions by hard linking to files that were group 6095 writable by the attacker. The solution is to disallow any 6096 files that have hard links -- this will affect .forward, 6097 :include:, and output files. Problem noted by Terry 6098 Kyriacopoulos of Interlog Internet Services. As a 6099 workaround, set UnsafeGroupWrites -- always a good idea. 6100 SECURITY: the TryNullMXList (w) option should not be safe -- if it 6101 is, it is possible to do a denial-of-service attack on 6102 MX hosts that rely on the use of the null MX list. There 6103 is no danger if you have this option turned off (the default). 6104 Problem noted by Dan Bernstein. Also, make the DontInitGroups 6105 unsafe. I know of no specific attack against this, although 6106 a denial-of-service attack is probably possible, but in theory 6107 you should not be able to safely tweak anything that affects 6108 the permissions that are used when mail is delivered. 6109 Purgestat could go into an infinite loop if one of the host status 6110 directories somehow became empty. Problem noted by Roy 6111 Mongiovi of Georgia Tech. 6112 Processes got "lost" when counting children due to a race condition. 6113 This caused "proc_list_probe: lost pid" messages to be logged. 6114 Problem noted by several people. 6115 On systems with System V SIGCLD child signal semantics (notably AIX 6116 and HP-UX), mail transactions would print the message "451 6117 SMTP-MAIL: lost child: No child processes". Problem noted 6118 by several people. 6119 Miscellaneous compiler warnings on picky compilers (or when setting 6120 gcc to high warning levels). From Tom Moore of NCR Corp. 6121 SMTP protocol errors, and most errors on MAIL FROM: lines should 6122 not be persistent between runs, since they are based on the 6123 message rather than the host. Problem noted by Matt Dillon 6124 of Best Internet Communications. 6125 The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore 6126 of NCR (a.k.a., AT&T Global Information Solutions). 6127 Avoid the possibility of having a child daemon run to completion 6128 (including closing the SMTP socket) before the parent has 6129 had a chance to close the socket; this can cause the parent 6130 to hang for a long time waiting for the socket to drain. 6131 Patch from Don Lewis of TDK Semiconductor. 6132 If the fork() failed in a queue run, the queue runners would not be 6133 rescheduled (so queue runs would stop). Patch from Don Lewis. 6134 Some error conditions in ETRN could cause output without an SMTP 6135 status code. Problem noted by Don Lewis. 6136 Multiple :maildrop addresses in the user database didn't work properly. 6137 Patch from Roy Mongiovi of Georgia Tech. 6138 Add ".db" automatically onto any user database spec that does not 6139 already have it; this is for consistency with makemap, the 6140 K line, and the documentation. Inconsistency pointed out 6141 by Roy Mongiovi. 6142 Allow sendmail to be properly called in nohup mode. Patch from 6143 Kyle Jones of UUNET. 6144 Change ETRN to ignore but still update host status files; previously 6145 it would ignore them and not save the updated status, which 6146 caused stale information to be maintained. Based on a patch 6147 from Christopher Davis of Kapor Enterprises Inc. Also, have 6148 ETRN ignore the MinQueueAge option. 6149 Patch long term host status to recover more gracefully from an empty 6150 host status file condition. Patch from NAKAMURA Motonori 6151 of Kyoto University. 6152 Several patches to signal handling code to fix potential race 6153 conditions from Don Lewis. 6154 Make it possible to compile with -DDAEMON=0 (previously it had some 6155 compile errors). This turns DAEMON, QUEUE, and SMTP into 6156 0/1 compilation flags. Note that DAEMON is an obsolete 6157 compile flag; use NETINET instead. Solution based on a 6158 patch from Bryan Costales. 6159 PORTABILITY FIXES: 6160 AIX4: getpwnam() and getpwuid() do a sequential scan of the 6161 /etc/security/passwd file when called as root. This 6162 is very slow on some systems. To speed it up, use the 6163 (undocumented) _getpw{nam,uid}_shadow() routines. 6164 Patch from Chris Thomas of UCLA/OAC Systems Group. 6165 SCO 5.x: include -lprot in the Makefile. Patch from Bill 6166 Glicker of Burrelle's Information Service. 6167 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch 6168 from Makoto MATSUSHITA of Osaka University. 6169 SunOS 4.0.3: compile problems. Patches from Andrew Cole of 6170 Leeds University and SASABE Tetsuro of the University 6171 of Tokyo. 6172 DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support 6173 Services, Inc. 6174 Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp. 6175 I believe this to have only been a problem if you 6176 compiled with -DUSE_VENDOR_CF_PATH -- another reason 6177 to stick with /etc/sendmail.cf as your One True Path. 6178 Digital UNIX (OSF/1 on Alpha) load average computation from 6179 Martin Laubach of the Technischen Universit�t Wien. 6180 CONFIG: change default Received: line to be multiple lines rather 6181 than one long one. By popular demand. 6182 MAIL.LOCAL: warnings weren't being logged on some systems. Patch 6183 from Jerome Berkman of U.C. Berkeley. 6184 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs 6185 to take a very long time. Problem noted by Yoshiro YONEYA 6186 of NTT Software Corporation. 6187 CONTRIB: add etrn.pl, contributed by John Beck. 6188 NEW FILES: 6189 contrib/etrn.pl 6190 61918.8.3/8.8.3 1996/11/17 6192 SECURITY: it was possible to get a root shell by lying to sendmail 6193 about argv[0] and then sending it a signal. Problem noted 6194 by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the 6195 best-of-security list. 6196 Log sendmail binary version number in "Warning: .cf version level 6197 (%d) exceeds program functionality (%d) message" -- this 6198 should make it clearer to people that they are running 6199 the wrong binary. 6200 Fix a problem that occurs when you open an SMTP connection and then 6201 do one or more ETRN commands followed by a MAIL command; at 6202 the end of the DATA phase sendmail would incorrectly report 6203 "451 SMTP-MAIL: lost child: No child processes". Problem 6204 noted by Eric Bishop of Virginia Tech. 6205 When doing text-based host canonification (typically /etc/hosts 6206 lookup), a null host name would match any /etc/hosts entry 6207 with space at the end of the line. Problem noted by Steve 6208 Hubert of the University of Washington, Seattle. 6209 7 to 8 bit BASE64 MIME conversions could duplicate bits of text. 6210 Problem reported by Tom Smith of Digital Equipment Corp. 6211 Increase the size of the DNS answer buffer -- the standard UDP packet 6212 size PACKETSZ (512) is not sufficient for some nameserver 6213 answers containing very many resource records. The resolver 6214 may also switch to TCP and retry if it detects UDP packet 6215 overflow. Also, allow for the fact that the resolver 6216 routines res_query and res_search return the size of the 6217 *un*truncated answer in case the supplied answer buffer it 6218 not big enough to accommodate the entire answer. Patch from 6219 Eric Wassenaar. 6220 Improvements to MaxDaemonChildren code. If you think you have too 6221 many children, probe the ones you have to verify that they 6222 are still around. Suggested by Jared Mauch of CICnet, Inc. 6223 Also, do this probe before growing the vector of children 6224 pids; this previously caused the vector to grow indefinitely 6225 due to a race condition. Problem reported by Kyle Jones of 6226 UUNET. 6227 On some architectures, <db.h> (from the Berkeley DB library) defines 6228 O_EXLOCK to zero; this fools the map compilation code into 6229 thinking that it can avoid race conditions by locking on open. 6230 Change it to check for O_EXLOCK non-zero. Problem noted by 6231 Leif Erlingsson of Data Lege. 6232 Always call res_init() on startup (if compiled in, of course) to 6233 allow the sendmail.cf file to tweak resolver flags; without 6234 it, flag tweaks in ResolverOptions are ignored. Patch from 6235 Andrew Sun of Merrill Lynch. 6236 Improvements to host status printing code. Suggested by Steve Hubert 6237 of the University of Washington, Seattle. 6238 Change MinQueueAge option processing to do the check for the job age 6239 when reading the queue file, rather than at the end; this 6240 avoids parsing the addresses, which can do DNS lookups. 6241 Problem noted by John Beck of InReference, Inc. 6242 When MIME was being 7->8 bit decoded, "From " lines weren't being 6243 properly escaped. Problem noted by Peter Nilsson of the 6244 University of Linkoping. 6245 In some cases, sendmail would retain root permissions during queue 6246 runs even if RunAsUser was set. Problem noted by Mark 6247 Thomas of Mark G. Thomas Consulting. 6248 If the F=l flag was set on an SMTP mailer to indicate that it is 6249 actually local delivery, and NOTIFY=SUCCESS is specified in 6250 the envelope, and the receiving SMTP server speaks DSN, then 6251 the DSN would be both generated locally and propagated to the 6252 other end. 6253 The U= mailer field didn't correctly extract the group id if the 6254 user id was numeric. Problem noted by Kenneth Herron of 6255 MCI Telecommunications Communications. 6256 If a message exceeded the fixed maximum size on input, the body of 6257 the message was included in the bounce. Note that this did 6258 not occur if it exceeded the maximum _output_ size. Problem 6259 reported by Kyle Jones of UUNET. 6260 PORTABILITY FIXES: 6261 AIX4: 4.1 doesn't have a working setreuid(2); change the 6262 AIX4 defines to use seteuid(2) instead, which 6263 works on 4.1 as well as 4.2. Problem noted by 6264 H�kan Lindholm of interAF, Sweden. 6265 AIX4: use tzname[] vector to determine time zone name. 6266 Patch from NAKAMURA Motonori of Kyoto University. 6267 MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support. 6268 Contributed by Paul DuBois <dubois@primate.wisc.edu>. 6269 Solaris: kstat(3k) support for retrieving the load average. 6270 This adds the LA_KSTAT definition for LA_TYPE. 6271 The outline of the implementation was contributed 6272 by Michael Tokarev of Telecom Service, JSC, Moscow. 6273 HP-UX 10.0 gripes about the (perfectly legal!) forward 6274 declaration of struct rusage at the top of conf.h; 6275 change it to only be included if you are using gcc, 6276 which is apparently the only compiler that requires 6277 it in the first place. Problem noted by Jeff 6278 Earickson of Colby College. 6279 IRIX: don't default to using gcc. IRIX is a civilized 6280 operating system that comes with a decent compiler 6281 by default. Problem noted by Barry Bouwsma and 6282 Kari Hurtta. 6283 CONFIG: specify F=9 as default in FEATURE(local_procmail) for 6284 consistency with other local mailers. Inconsistency 6285 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>. 6286 CONFIG: if the "limited best mx" feature is used (to reduce DNS 6287 overhead) as part of the bestmx_is_local feature, the 6288 domain part was dropped from the name. Patch from Steve 6289 Hubert of the University of Washington, Seattle. 6290 CONFIG: catch addresses of the form "user@.dom.ain"; these could 6291 end up being translated to the null host name, which would 6292 return any entry in /etc/hosts that had a space at the end 6293 of the line. Problem noted by Steve Hubert of the 6294 University of Washington, Seattle. 6295 CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer 6296 Polytechnic Institute. 6297 MAKEMAP: tweak hash and btree parameters for better performance. 6298 Patch from Matt Dillon of Best Internet Communications. 6299 NEW FILES: 6300 src/Makefiles/Makefile.Linux.ppc 6301 cf/ostype/aix4.m4 6302 cf/ostype/mklinux.m4 6303 63048.8.2/8.8.2 1996/10/18 6305 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch 6306 changed the code but didn't fix the problem. 6307 PORTABILITY FIXES: 6308 Solaris: Don't use the system getusershell(3); it can 6309 apparently corrupt the heap in some circumstances. 6310 Problem found by Ken Pizzini of Spry, Inc. 6311 OP.ME: document several mailer flags that were accidentally omitted 6312 from this document. These flags were F=d, F=j, F=R, and F=9. 6313 CONFIG: no changes. 6314 63158.8.1/8.8.1 1996/10/17 6316 SECURITY: unset all environment variables that the resolver will 6317 examine during queue runs and daemon mode. Problem noted 6318 by Dan Bernstein of the University of Illinois at Chicago. 6319 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain 6320 message could overflow a buffer if it was converted back 6321 to 8 bits. This caused core dumps and has the potential 6322 for a remote attack. Problem first noted by Gregory Shapiro 6323 of WPI. 6324 Avoid duplicate deliveries of error messages on systems that don't 6325 have flock(2) support. Patch from Motonori Nakamura of 6326 Kyoto University. 6327 Ignore null FallBackMX (V) options. If this option is null (as 6328 opposed to undefined) it can cause "null signature" syserrs 6329 on illegal host names. 6330 If a Base64 encoded text/plain message has no trailing newline in 6331 the encoded text, conversion back to 8 bits will drop the 6332 final line. Problem noted by Pierre David. 6333 If running with a RunAsUser, sendmail would give bogus "cannot 6334 setuid" (or seteuid, or setreuid) messages on some systems. 6335 Problem pointed out by Jordan Mendelson of Web Services, Inc. 6336 Always print error messages in -bv mode -- previously, -bv would 6337 be absolutely silent on errors if the error mode was sent 6338 to (say) mail-back. Problem noted by Kyle Jones of UUNET. 6339 If -qI/R/S is set (or the ETRN command is used), ignore all long 6340 term host status. This is necessary because it is common 6341 to do this when you know a host has just come back up. 6342 Disallow duplicate HELO/EHLO commands as required by RFC 1651 section 6343 4.2. Excessive permissiveness noted by Lee Flight of the 6344 University of Leicester. 6345 If a service (such as NIS) is specified as the last entry in the 6346 service switch, but that service is not compiled in, sendmail 6347 would return a temporary failure when an entry was not found 6348 in the map. This caused the message to be queued instead of 6349 bouncing immediately. Problem noted by Harry Edmon of the 6350 University of Washington. 6351 PORTABILITY FIXES: 6352 Solaris 2.3 had compilation problems in conf.c. Several 6353 people pointed this out. 6354 NetBSD from Charles Hannum of MIT. 6355 AIX4 improvements based on info from Steve Bauer of South 6356 Dakota School of Mines & Technology. 6357 CONFIG: ``error:code message'' syntax was broken in virtusertable. 6358 Patch from Gil Kloepfer Jr. 6359 CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set 6360 using MASQUERADE_DOMAIN) were not masqueraded unless they 6361 were also in $=w. Problem noted by Zoltan Basti of 6362 Softec. 6363 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based 6364 on a patch from Eric Hagberg of Morgan Stanley. 6365 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan 6366 of Stanford via Robert La Ferla. 6367 63688.8.0/8.8.0 1996/09/26 6369 Under some circumstances, Bcc: headers would not be properly 6370 deleted. Pointed out by Jonathan Kamens of OpenVision. 6371 Log a warning if the sendmail daemon is invoked without a full 6372 pathname, which prevents "kill -1" from working. I was 6373 urged to put this in by Andrey A. Chernov of DEMOS (Russia). 6374 Fix small buffer overflow. Since the data in this buffer was not 6375 read externally, there was no security problem (and in fact 6376 probably wouldn't really overflow on most compilers). Pointed 6377 out by KIZU takashi of Osaka University. 6378 Fix problem causing domain literals such as [1.2.3.4] to be ignored 6379 if a FallbackMXHost was specified in the configuration file 6380 -- all mail would be sent to the fallback even if the original 6381 host was accessible. Pointed out by Munenari Hirayama of 6382 NSC (Japan). 6383 A message that didn't terminate with a newline would (sometimes) not 6384 have the trailing "." added properly in the SMTP dialogue, 6385 causing SMTP to hang. Patch from Per Hedeland of Ericsson. 6386 The DaemonPortOptions suboption to bind to a particular address was 6387 incorrect and nonfunctional due to a misunderstanding of the 6388 semantics of binding on a passive socket. Patch from 6389 NIIBE Yutaka of Mitsubishi Research Institute. 6390 Increase the number of MX hosts for a single name to 100 to better 6391 handle the truly huge service providers such as AOL, which 6392 has 13 at the moment (and climbing). In order to avoid 6393 trashing memory, the buffer for all names has only been 6394 slightly increased in size, to 12.8K from 10.2K -- this means 6395 that if a single name had 100 MX records, the average size 6396 of those records could not exceed 128 bytes. Requested by 6397 Brad Knowles of America On Line. 6398 Restore use of IDENT returns where the OSTYPE field equals "OTHER". 6399 Urged by Dan Bernstein of U.C. Berkeley. 6400 Print q_statdate and q_specificity in address structure debugging 6401 printout. 6402 Expand MCI structure flag bits for debugging output. 6403 Support IPv6-style domain literals, which can have colons between 6404 square braces. 6405 Log open file descriptors for the "cannot dup" messages in deliver(); 6406 this is an attempt to track down a bug that one person seems 6407 to be having (it may be a Solaris bug!). 6408 DSN NOTIFY parameters were not properly propagated across queue runs; 6409 this caused the NOTIFY info to sometimes be lost. Problem 6410 pointed out by Claus Assmann of the 6411 Christian-Albrechts-University of Kiel. 6412 The statistics gathered in the sendmail.st file were too high; in 6413 some cases failures (e.g., user unknown or temporary failure) 6414 would count as a delivery as far as the statistics were 6415 concerned. Problem noted by Tom Moore of AT&T GIS. 6416 Systems that don't have flock() would not send split envelopes in 6417 the initial run. Problem pointed out by Leonard Zubkoff of 6418 Dandelion Digital. 6419 Move buffer overflow checking -- these primarily involve distrusting 6420 results that may come from NIS and DNS. 6421 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't 6422 include <paths.h> and hence had the wrong pathnames for a few 6423 things like /var/tmp. Reported by Matthew Green. 6424 Conditions were reversed for the Priority: header, resulting in all 6425 values being interpreted as non-urgent except for non-urgent, 6426 which was interpreted as normal. Patch from Bryan Costales. 6427 The -o (optional) flag was being ignored on hash and btree maps 6428 since 8.7.2. Fix from Bryan Costales. 6429 Content-Types listed in class "q" will always be encoded as 6430 Quoted-Printable (or more accurately, will never be encoded 6431 as base64). The class can have primary types (e.g., "text") 6432 or full types (e.g., "text/plain"). Based on a suggestion by 6433 Marius Olafsson of the University of Iceland. 6434 Define ${envid} to be the original envelope id (from the ESMTP DSN 6435 dialogue) so it can be passed to programs in mailers. 6436 Define ${bodytype} to be the body type (from the -B flag or the 6437 BODY= ESMTP parameter) so it can be passed to programs in 6438 mailers. 6439 Cause the VRFY command to return 252 instead of 250 unless the F=q 6440 flag is set in the mailer descriptor. Suggested by John 6441 Myers of CMU. 6442 Implement ESMTP ETRN command to flush the queue for a specific host. 6443 The command takes a host name; data for that host is 6444 immediately (and asynchronously) flushed. Because this shares 6445 the -qR implementation, other hosts may be attempted, but 6446 there should be no security implications. Implementation 6447 from John Beck of InReference, Inc. See RFC 1985 for details. 6448 Add three new command line flags to pass in DSN parameters: -V envid 6449 (equivalent to ENVID=envid on the MAIL command), -R ret 6450 (equivalent to RET=ret on the MAIL command), and -Nnotify 6451 (equivalent to NOTIFY=notify on the RCPT command). Note 6452 that the -N flag applies to all recipients; there is no way 6453 to specify per-address notifications on the command line, 6454 nor is there an equivalent for the ORCPT= per-address 6455 parameter. 6456 Restore LogLevel option to be safe (it can only be increased); 6457 apparently I went into paranoid mode between 8.6 and 8.7 6458 and made it unsafe. Pointed out by Dabe Murphy of the 6459 University of Maryland. 6460 New logging on log level 15: all SMTP traffic. Patches from 6461 Andrew Gross of San Diego Supercomputer Center. 6462 NetInfo property value searching code wasn't stopping when it found 6463 a match. This was causing the wrong values to be found (and 6464 had a memory leak). Found by Bastian Schleuter of TU-Berlin. 6465 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed 6466 out by Bill Wisner of Electronics for Imaging that you can't 6467 use the bracket address form for the MAIL_HUB macro, since 6468 that causes the brackets to remain in the envelope recipient 6469 address used for delivery. The simple fix (stripping off the 6470 brackets in the config file) breaks the use of IP literal 6471 addresses. This flag will solve that problem. 6472 Add MustQuoteChars option. This is a list of characters that must 6473 be quoted if they are found in the phrase part of an address 6474 (that is, the full name part). The characters @,;:\()[] are 6475 always in this list and cannot be removed. The default is 6476 this list plus . and ' to match RFC 822. 6477 Add AllowBogusHELO option; if set, sendmail will allow HELO commands 6478 that do not include a host name for back compatibility with 6479 some stupid SMTP clients. Setting this violates RFC 1123 6480 section 5.2.5. 6481 Add MaxDaemonChildren option; if this is set, sendmail will start 6482 rejecting connections if it has more than this many 6483 outstanding children accepting mail. Note that you may 6484 see more processes than this because of outgoing mail; this 6485 is for incoming connections only. 6486 Add ConnectionRateThrottle option. If set to a positive value, the 6487 number of incoming SMTP connections that will be permitted 6488 in a single second is limited to this number. Connections are 6489 not refused during this time, just deferred. The intent is to 6490 flatten out demand so that load average limiting can kick in. 6491 It is less radical than MaxDaemonChildren, which will stop 6492 accepting connections even if all the connections are idle 6493 (e.g., due to connection caching). 6494 Add Timeout.hoststatus option. This interval (defaulting to 30m) 6495 specifies how long cached information about the state of a 6496 host will be kept before they are considered stale and the 6497 host is retried. If you are using persistent host status 6498 (i.e., the HostStatusDirectory option is set) this will apply 6499 between runs; otherwise, it applies only within a single queue 6500 run and hence is useful only for hosts that have large queues 6501 that take a very long time to run. 6502 Add SingleLineFromHeader option. If set, From: headers are coerced 6503 into being a single line even if they had newlines in them 6504 when read. This is to get around a botch in Lotus Notes. 6505 Text class maps were totally broken -- if you ever retrieved the last 6506 item in a table it would be truncated. Problem noted by 6507 Gregory Neil Shapiro of WPI. 6508 Extend the lines printed by the mailq command (== the -bp flag) when 6509 -v is given to 120 characters; this allows more information 6510 to be displayed. Suggested by Gregory Neil Shapiro of WPI. 6511 Allow macro definitions (`D' lines) with unquoted commas; previously 6512 this was treated as end-of-input. Problem noted by Bryan 6513 Costales. 6514 The RET= envelope parameter (used for DSNs) wasn't properly written 6515 to the queue file. Fix from John Hughes of Atlantic 6516 Technologies, Inc. 6517 Close /var/tmp/dead.letter after a successful write -- otherwise 6518 if this happens in a queue run it can cause nasty delays. 6519 Problem noted by Mark Horton of AT&T. 6520 If userdb entries pointed to userdb entries, and there were multiple 6521 values for a given key, the database cursor would get 6522 trashed by the recursive call. Problem noted by Roy Mongiovi 6523 of Georgia Tech. Fixed by reading all the values and creating 6524 a comma-separated list; thus, the -v output will be somewhat 6525 different for this case. 6526 Fix buffer allocation problem with Hesiod-based userdb maps when 6527 HES_GETMAILHOST is defined. Based on a patch by Betty Lee 6528 of Stanford University. 6529 When envelopes were split due to aliases with owner- aliases, and 6530 there was some error on one of the lists, more than one of 6531 the owners would get the message. Problem pointed out by 6532 Roy Mongiovi of Georgia Tech. 6533 Detect excessive recursion in macro expansions, e.g., $X defined 6534 in terms of $Y which is defined in terms of $X. Problem 6535 noted by Bryan Costales; patch from Eric Wassenaar. 6536 When using F=U to get "ugly UUCP" From_ lines, a buffer could in 6537 some cases get trashed causing bogus From_ lines. Fix from 6538 Kyle Jones of UUNET. 6539 When doing load average initialization, if the nlist call for avenrun 6540 failed, the second and subsequent lookups wouldn't notice 6541 that fact causing bogus load averages to be returned. Noted 6542 by Casper Dik of Sun Holland. 6543 Fix problem with incompatibility with some versions of inet_aton that 6544 have changed the return value to unsigned, so a check for an 6545 error return of -1 doesn't work. Use INADDR_NONE instead. 6546 This could cause mail to addresses such as [foo.com] to bounce 6547 or get dropped. Problem noted by Christophe Wolfhugel of the 6548 Pasteur Institute. 6549 DSNs were inconsistent if a failure occurred during the DATA phase 6550 rather than the RCPT phase: the Action: would be correct, but 6551 the detailed status information would be wrong. Problem noted 6552 by Bob Snyder of General Electric Company. 6553 Add -U command line flag and the XUSR ESMTP extension, both indicating 6554 that this is the initial MUA->MTA submission. The flag current 6555 does nothing, but in future releases (when MUAs start using 6556 these flags) it will probably turn on things like DNS 6557 canonification. 6558 Default end-of-line string (E= specification on mailer [M] lines) 6559 to \r\n on SMTP mailers. Default remains \n on non-SMTP 6560 mailers. 6561 Change the internal definition for the *file* and *include* mailers 6562 to have $u in the argument vectors so that they aren't 6563 misinterpreted as SMTP mailers and thus use \r\n line 6564 termination. This will affect anyone who has redefined 6565 either of these in their configuration file. 6566 Don't assume that IDENT servers close the connection after a query; 6567 responses can be newline terminated. From Terry Kennedy of 6568 St. Peter's College. 6569 Avoid core dumps on erroneous configuration files that have 6570 $#mailer with nothing following. From Bryan Costales. 6571 Avoid null pointer dereference with high debug values in unlockqueue. 6572 Fix from Randy Martin of Clemson University. 6573 Fix possible buffer overrun when expanding very large macros. Fix 6574 from Kyle Jones of UUNET. 6575 After 25 EXPN or VRFY commands, start pausing for a second before 6576 processing each one. This avoids a certain form of denial 6577 of service attack. Potential attack pointed out by Bryan 6578 Costales. 6579 Allow new named (not numbered!) config file rules to do validity 6580 checking on SMTP arguments: check_mail for MAIL commands and 6581 check_rcpt for RCPT commands. These rulesets can do anything 6582 they want; their result is ignored unless they resolve to the 6583 $#error mailer, in which case the indicated message is printed 6584 and the command is rejected. Similarly, the check_compat 6585 ruleset is called before delivery with "from_addr $| to_addr" 6586 (the $| is a meta-symbol used to separate the two addresses); 6587 it can give a "this sender can't send to this recipient" 6588 notification. Note that this patch allows $| to stand alone 6589 in rulesets. 6590 Define new macros ${client_name}, ${client_addr}, and ${client_port} 6591 that have the name, IP address, and port number (respectively) 6592 of the SMTP client (that is, the entity at the other end of 6593 the connection. These can be used in (e.g.) check_rcpt to 6594 verify that someone isn't trying to relay mail through your 6595 host inappropriately. Be sure to use the deferred evaluation 6596 form, for example $&{client_name}, to avoid having these bound 6597 when sendmail reads the configuration file. 6598 Add new config file rule check_relay to check the incoming connection 6599 information. Like check_compat, it is passed the host name 6600 and host address separated by $| and can reject connections 6601 on that basis. 6602 Allow IDA-style recursive function calls. Code contributed by Mark 6603 Lovell and Paul Vixie. 6604 Eliminate the "No ! in UUCP From address!" message" -- instead, create 6605 a virtual UUCP address using either a domain address or the $k 6606 macro. Based on code contributed by Mark Lovell and Paul 6607 Vixie. 6608 Add Stanford LDAP map. Requires special libraries that are not 6609 included with sendmail. Contributed by Booker C. Bense 6610 <bbense@networking.stanford.edu>; contact him for support. 6611 See also the src/READ_ME file. 6612 Allow -dANSI to turn on ANSI escape sequences in debug output; this 6613 puts metasymbols (e.g., $+) in reverse video. Really useful 6614 only for debugging deep bits of code where it is important to 6615 distinguish between the single-character metasymbol $+ and the 6616 two characters $, +. 6617 Changed ruleset 89 (executed in dumpstate()) to a named ruleset, 6618 debug_dumpstate. 6619 Add new UnsafeGroupWrites option; if set, .forward and :include: 6620 files that are group writable are considered "unsafe" -- that 6621 is, programs and files referenced from such files are not 6622 valid recipients. 6623 Delete bogosity test for FallBackMX host; this prevented it to be a 6624 name that was not in DNS or was a domain-literal. Problem 6625 noted by Tom May. 6626 Change the introduction to error messages to more clearly delineate 6627 permanent from temporary failures; if both existed in a 6628 single message it could be confusing. Suggested by John 6629 Beck of InReference, Inc. 6630 The IngoreDot (i) option didn't work for lines that were terminated 6631 with CRLF. Problem noted by Ted Stockwell of Secure 6632 Computing Corporation. 6633 Add a heuristic to improve the handling of unbalanced `<' signs in 6634 message headers. Problem reported by Matt Dillon of Best 6635 Internet Communications. 6636 Check for bogus characters in the 0200-0237 range; since these are 6637 used internally, very strange errors can occur if those 6638 characters appear in headers. Problem noted by Anders Gertz 6639 of Lysator. 6640 Implement 7 -> 8 bit MIME conversions. This only takes place if the 6641 recipient mailer has the F=9 flag set, and only works on 6642 text/plain body types. Code contributed by Marius Olafsson 6643 of the University of Iceland. 6644 Special case "postmaster" name so that it is always treated as lower 6645 case in alias files regardless of configuration settings; 6646 this prevents some potential problems where "Postmaster" or 6647 "POSTMASTER" might not match "postmaster". In most cases 6648 this change is a no-op. 6649 The -o map flag was ignored for text maps. Problem noted by Bryan 6650 Costales. 6651 The -a map flag was ignored for dequote maps. Problem noted by 6652 Bryan Costales. 6653 Fix core dump when a lookup of a class "prog" map returns no 6654 response. Patch from Bryan Costales. 6655 Log instances where sendmail is deferring or rejecting connections 6656 on LogLevel 14. Suggested by Kyle Jones of UUNET. 6657 Include port number in process title for network daemons. Suggested 6658 by Kyle Jones of UUNET. 6659 Send ``double bounces'' (errors that occur when sending an error 6660 message) to the address indicated in the DoubleBounceAddress 6661 option (default: postmaster). Previously they were always 6662 sent to postmaster. Suggested by Kyle Jones of UUNET. 6663 Add new mode, -bD, that acts like -bd in all respects except that 6664 it runs in foreground. This is useful for using with a 6665 wrapper that "watches" system services. Suggested by Kyle 6666 Jones of UUNET. 6667 Fix botch in spacing around (parenthesized) comments in addresses 6668 when the comment comes before the address. Patch from 6669 Motonori Nakamura of Kyoto University. 6670 Use the prefix "Postmaster notify" on the Subject: lines of messages 6671 that are being bounced to postmaster, rather than "Returned 6672 mail". This permits the person who is postmaster more 6673 easily determine what messages are to their role as 6674 postmaster versus bounces to mail they actually sent. Based 6675 on a suggestion by Motonori Nakamura. 6676 Add new value "time" for QueueSortOrder option; this causes the queue 6677 to be sorted strictly by the time of submission. Note that 6678 this can cause very bad behavior over slow lines (because 6679 large jobs will tend to delay small jobs) and on nodes with 6680 heavy traffic (because old things in the queue for hosts that 6681 are down delay processing of new jobs). Also, this does not 6682 guarantee that jobs will be delivered in submission order 6683 unless you also set DeliveryMode=queue. In general, it should 6684 probably only be used on the command line, and only in 6685 conjunction with -qRhost.domain. In fact, there are very few 6686 cases where it should be used at all. Based on an 6687 implementation by Motonori Nakamura. 6688 If a map lookup in ruleset 5 returns tempfail, queue the message in 6689 the same manner as other rulesets. Previously a temporary 6690 failure in ruleset 5 was ignored. Patch from Booker Bense 6691 of Stanford University. 6692 Don't proceed to the next MX host if an SMTP MAIL command returns a 6693 5yz (permanent failure) code. The next MX host will still be 6694 tried if the connection cannot be opened in the first place 6695 or if the MAIL command returns a 4yz (temporary failure) code. 6696 (It's hard to know what to do here, since neither RFC 974 nor 6697 RFC 1123 specify when to proceed to the next MX host.) 6698 Suggested by Jonathan Kamens of OpenVision, Inc. 6699 Add new "-t" flag for map definitions (the "K" line in the .cf file). 6700 This causes map lookups that get a temporary failure (e.g., 6701 name server failure) to _not_ defer the delivery of the 6702 message. This should only be used if your configuration file 6703 is prepared to do something sensible in this case. Based on 6704 an idea by Gregory Shapiro of WPI. 6705 Fix problem finding network interface addresses. Patch from 6706 Motonori Nakamura. 6707 Don't reject qf entries that are not owned by your effective uid if 6708 you are not running set-user-ID; this makes management of 6709 certain kinds of firewall setups difficult. Patch 6710 suggested by Eamonn Coleman of Qualcomm. 6711 Add persistent host status. This keeps the information normally 6712 maintained within a single queue run in disk files that are 6713 shared between sendmail instances. The HostStatusDirectory 6714 is the directory in which the information is maintained. If 6715 not set, persistent host status is turned off. If not a full 6716 pathname, it is relative to the queue directory. A common 6717 value is ".hoststat". 6718 There are also two new operation modes: 6719 * -bh prints the status of hosts that have had recent 6720 connections. 6721 * -bH purges the host statuses. No attempt is made to save 6722 recent status information. 6723 This feature was originally written by Paul Vixie of Vixie 6724 Enterprises for KJS and adapted for V8 by Mark Lovell of 6725 Bigrock Consulting. Paul's funding of Mark and Mark's patience 6726 with my insistence that things fit cleanly into the V8 6727 framework is gratefully appreciated. 6728 New SingleThreadDelivery option (requires HostStatusDirectory to 6729 operate). Avoids letting two sendmails on the local machine 6730 open connections to the same remote host at the same time. 6731 This reduces load on the other machine, but can cause mail to 6732 be delayed (for example, if one sendmail is delivering a huge 6733 message, other sendmails won't be able to send even small 6734 messages). Also, it requires another file descriptor (for the 6735 lock file) per connection, so you may have to reduce 6736 ConnectionCacheSize to avoid running out of per-process 6737 file descriptors. Based on the persistent host status code 6738 contributed by Paul Vixie and Mark Lovell. 6739 Allow sending to non-simple files (e.g., /dev/null) even if the 6740 SafeFileEnvironment option is set. Problem noted by Bryan 6741 Costales. 6742 The -qR flag mistakenly matched flags in the "R" line of the queue 6743 file. Problem noted by Bryan Costales. 6744 If a job was aborted using the interrupt signal (e.g., control-C from 6745 the keyboard), on some occasions an empty df file would be 6746 left around; these would collect in the queue directory. 6747 Problem noted by Bryan Costales. 6748 Change the makesendmail script to enhance the search for Makefiles 6749 based on release number. For example, on SunOS 5.5.1, it will 6750 search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then 6751 Makefile.SunOS.5.x (in addition to the other rules, e.g., 6752 adding $arch). Problem noted by Jason Mastaler of Atlanta 6753 Webmasters. 6754 When creating maps using "newaliases", always map the keys to lower 6755 case when creating the map unless the -f flag is specified on 6756 the map itself. Previously this was done based on the F=u 6757 flag in the local mailer, which meant you could create aliases 6758 that you could never access. Problem noted by Bob Wu of DEC. 6759 When a job was read from the queue, the bits causing notification on 6760 failure or delay were always set. This caused those 6761 notifications to be sent even if NOTIFY=NEVER had been 6762 specified. Problem noted by Steve Hubert of the University 6763 of Washington, Seattle. 6764 Add new configurable routine validate_connection (in conf.c). This 6765 lets you decide if you are willing to accept traffic from 6766 this host. If it returns FALSE, all SMTP commands will return 6767 "550 Access denied". -DTCPWRAPPERS will include support for 6768 TCP wrappers; you will need to add -lwrap to the link line. 6769 (See src/READ_ME for details.) 6770 Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster 6771 bounces. Some people seemed to think that this could be 6772 confusing (even though it is true). Suggested by Motonori 6773 Nakamura. 6774 Add new RunAsUser option; this causes sendmail to do a setuid to that 6775 user early in processing to avoid potential security problems. 6776 However, this means that all .forward and :include: files must 6777 be readable by that user, and all files to be written must be 6778 writable by that user and all programs will be executed by that 6779 user. It is also incompatible with the SafeFileEnvironment 6780 option. In other words, it may not actually add much to 6781 security. However, it should be useful on firewalls and other 6782 places where users don't have accounts and the aliases file is 6783 well constrained. 6784 Add Timeout.iconnect. This is like Timeout.connect except it is used 6785 only on the first attempt to delivery to an address. It could 6786 be set to be lower than Timeout.connect on the principle that 6787 the mail should go through quickly to responsive hosts; less 6788 responsive hosts get to wait for the next queue run. 6789 Fix a problem on Solaris that occasionally causes programs 6790 (such as vacation) to hang with their standard input connected 6791 to a UDP port. It also created some signal handling problems. 6792 The problems turned out to be an interaction between vfork(2) 6793 and some of the libraries, particularly NIS/NIS+. I am 6794 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix. 6795 Change user class map to do the same matching that actual delivery 6796 will do instead of just a /etc/passwd lookup. This adds 6797 fuzzy matching to the user map. Patch from Dan Oscarsson. 6798 The Timeout.* options are not safe -- they can be used to create a 6799 denial-of-service attack. Problem noted by Christophe 6800 Wolfhugel. 6801 Don't send PostmasterCopy messages in the event of a "delayed" 6802 notification. Suggested by Barry Bouwsma. 6803 Don't advertise "VERB" ESMTP extension if the "noexpn" privacy 6804 option is set, since this disables VERB mode. Suggested 6805 by John Hawkinson of MIT. 6806 Complain if the QueueDirectory (Q) option is not set. Problem noted 6807 by Motonori Nakamura of Kyoto University. 6808 Only queue messages on transient .forward open failures if there 6809 were no successful opens. The previous behavior caused it 6810 to queue even if a "fall back" .forward was found. Problem 6811 noted by Ann-Kian Yeo of the Dept. of Information Systems 6812 and Computer Science (DISCS), NUS, Singapore. 6813 Don't do 8->7 bit conversions when bouncing a MIME message that 6814 is bouncing because of a MIME error during 8->7 bit conversion; 6815 the encapsulated message will bounce again, causing a loop. 6816 Problem noted by Steve Hubert of the University of Washington. 6817 Create xf (transcript) files using the TempFileMode option value 6818 instead of 0644. Suggested by Ann-Kian Yeo of the 6819 National University of Singapore. 6820 Print errors if setgid/setuid/etc. fail during delivery. This helps 6821 detect cases where DefaultUid is set to something that the 6822 system can't cope with. 6823 PORTABILITY FIXES: 6824 Support for AIX/RS 2.2.1 from Mark Whetzel of Western 6825 Atlas International. 6826 Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell 6827 <bicknell@ufp.org>. 6828 On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only 6829 work on the first recipient of a message due to a 6830 bug in the getpwent family. If this is something you 6831 use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a 6832 workaround. From Maximum Entropy of Sanford C. 6833 Bernstein and Associates. 6834 FreeBSD 1.1.5.1 uname -r returns a string containing 6835 parentheses, which breaks makesendmail. Reported 6836 by Piero Serini <piero@strider.ibenet.it>. 6837 Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of 6838 Systems and Computer Technology Corporation. 6839 Solaris 2.x: omit the UUCP grade parameter (-g flag) because 6840 it is system-dependent. Problem noted by J.J. Bailey 6841 of Bailey Computer Consulting. 6842 Pyramid NILE running DC/OSx support from Earle F. Ake of 6843 Hassler Communication Systems Technology, Inc. 6844 HP-UX 10.x compile glitches, reported by Anne Brink of the 6845 U.S. Army and James Byrne of Harte & Lyne Limited. 6846 NetBSD from Matthew Green of the NetBSD crew. 6847 SCO 5.x from Keith Reynolds of SCO. 6848 IRIX 6.2 from Robert Tarrall of the University of 6849 Colorado and Kari Hurtta of the Finnish Meteorological 6850 Institute. 6851 UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R. 6852 Lopez, CICA (Seville). 6853 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR. 6854 PTX 3.2.0 from Kenneth Stailey of the US Department of Labor 6855 Employment Standards Administration. 6856 Altos System V (5.3.1) from Tim Rice of Multitalents. 6857 Concurrent Systems Corporation Maxion from Donald R. Laster 6858 Jr. 6859 NetInfo maps (improved debugging and multi-valued aliases) 6860 from Adrian Steinmann of Steinmann Consulting. 6861 ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler) 6862 from Eric Schnoebelen of Convex. 6863 Linux 2.0 mail.local patches from Horst von Brand. 6864 NEXTSTEP 3.x compilation from Robert La Ferla. 6865 NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT. 6866 Solaris 2.5 configuration fixes for mail.local by Jim Davis 6867 of the University of Arizona. 6868 Solaris 2.5 has a working setreuid. Noted by David Linn of 6869 Vanderbilt University. 6870 Solaris changes for praliases, makemap, mailstats, and smrsh. 6871 Previously you had to add -DSOLARIS in Makefile.dist; 6872 this auto-detects. Based on a patch from Randall 6873 Winchester of the University of Maryland. 6874 CONFIG: add generic-nextstep3.3.mc file. Contributed by 6875 Robert La Ferla of Hot Software. 6876 CONFIG: allow mailertables to resolve to ``error:code message'' 6877 (where "code" is an exit status) on domains (previously 6878 worked only on hosts). Patch from Cor Bosman of Xs4all 6879 Foundation. 6880 CONFIG: hooks for IPv6-style domain literals. 6881 CONFIG: predefine ALIAS_FILE and change the prototype file so that 6882 if it is undefined the AliasFile option is never set; this 6883 should be transparent for most everyone. Suggested by John 6884 Myers of CMU. 6885 CONFIG: add FEATURE(limited_masquerade). Without this feature, any 6886 domain listed in $=w is masqueraded. With it, only those 6887 domains listed in a MASQUERADE_DOMAIN macro are masqueraded. 6888 CONFIG: add FEATURE(masquerade_entire_domain). This causes 6889 masquerading specified by MASQUERADE_DOMAIN to apply to all 6890 hosts under those domains as well as the domain headers 6891 themselves. For example, if a configuration had 6892 MASQUERADE_DOMAIN(foo.com), then without this feature only 6893 foo.com would be masqueraded; with it, *.foo.com would be 6894 masqueraded as well. Based on an implementation by Richard 6895 (Pug) Bainter of U. Texas. 6896 CONFIG: add FEATURE(genericstable) to do a more general rewriting of 6897 outgoing addresses. Defaults to ``hash -o /etc/genericstable''. 6898 Keys are user names; values are outgoing mail addresses. Yes, 6899 this does overlap with the user database, and figuring out 6900 just when to use which one may be tricky. Based on code 6901 contributed by Richard (Pug) Bainter of U. Texas with updates 6902 from Per Hedeland of Ericsson. 6903 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of 6904 incoming addresses. Defaults to ``hash -o /etc/virtusertable''. 6905 Keys are either fully qualified addresses or just the host 6906 part (with the @ sign). For example, a table containing: 6907 info@foo.com foo-info 6908 info@bar.com bar-info 6909 @baz.org jane@elsewhere.net 6910 would send all mail destined for info@foo.com to foo-info 6911 (which is presumably an alias), mail addressed to info@bar.com 6912 to bar-info, and anything addressed to anyone at baz.org will 6913 be sent to jane@elsewhere.net. The names foo.com, bar.com, 6914 and baz.org must all be in $=w. Based on discussions with 6915 a great many people. 6916 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS. 6917 Suggested by Richard Bainter. 6918 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the 6919 "fax" mailer. 6920 CONFIG: allow mailertable entries to resolve to local:user; this 6921 passes the original user@host in to procmail-style local 6922 mailers as the "detail" information to allow them to do 6923 additional clever processing. From Joe Pruett of 6924 Teleport Corporation. Delivery to the original user can 6925 be done by specifying "local:" (with nothing after the colon). 6926 CONFIG: allow any context that takes "mailer:domain" to also take 6927 "mailer:user@domain" to force mailing to the given user; 6928 "local:user" can also be used to do local delivery. This 6929 applies on *_RELAY and in the mailertable entries. Based 6930 on a suggestion by Ribert Kiessling of Easynet. 6931 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that 6932 limits the possible domains; this reduces the number of DNS 6933 lookups required to support this feature. For example, 6934 FEATURE(bestmx_is_local, my.site.com) limits the lookups 6935 to domains under my.site.com. Code contributed by Anthony 6936 Thyssen <anthony@cit.gu.edu.au>. 6937 CONFIG: LOCAL_RULESETS introduces any locally defined rulesets, 6938 such as the check_rcpt ruleset. Suggested by Gregory Shapiro 6939 of WPI. 6940 CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the 6941 event you have to define local mailers. Suggested by 6942 Gregory Shapiro of WPI. 6943 CONFIG: fix cases where a three- (or more-) stage route-addr could 6944 be misinterpreted as a list:...; syntax. Based on a patch by 6945 Vlado Potisk <Vlado_Potisk@tempest.sk>. 6946 CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is 6947 remotely connected. The address host!user was being 6948 converted to host!user@thishost instead of host!user@uurelay. 6949 Problem noted by William Gianopoulos of Raytheon Company. 6950 CONFIG: add confTO_ICONNECT to set Timeout.iconnect. 6951 CONFIG: change FEATURE(redirect) message from "User not local" to 6952 "User has moved"; the former wording was confusing if the 6953 new address is still on the local host. Based on a suggestion 6954 by Andreas Luik. 6955 CONFIG: add support in FEATURE(nullclient) for $=E (exposed users). 6956 However, the class is not pre-initialized to contain root. 6957 Suggested by Gregory Neil Shapiro. 6958 CONTRIB: Remove XLA code at the request of the author, Christophe 6959 Wolfhugel. 6960 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm. 6961 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note 6962 well: this produces a slightly different mailbox format (no 6963 Content-Length: headers), file ownerships and modes are 6964 different (not owned by group mail; mode 600 instead of 660), 6965 and the local mailer flags will have to be tweaked (make them 6966 match bsd4.4) in order to use this mailer. Patches from Paul 6967 Hammann of the Missouri Research and Education Network. 6968 MAIL.LOCAL: in some cases it could return EX_OK even though there 6969 was a delivery error, such as if the ownership on the file 6970 was wrong or the mode changed between the initial stat and 6971 the open. Problem reported by William Colburn of the New 6972 Mexico Institute of Mining and Technology. 6973 MAILSTATS: handle zero length files more reliably. Patch from Bryan 6974 Costales. 6975 MAILSTATS: add man page contributed by Keith Bostic of BSDI. 6976 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't 6977 honored. Fix from Michael Scott Shappe. 6978 PRALIASES: add man page contributed by Keith Bostic of BSDI. 6979 NEW FILES: 6980 src/Makefiles/Makefile.AIX.2 6981 src/Makefiles/Makefile.IRIX.6.2 6982 src/Makefiles/Makefile.maxion 6983 src/Makefiles/Makefile.NCR.MP-RAS.3.x 6984 src/Makefiles/Makefile.SCO.5.x 6985 src/Makefiles/Makefile.UXPDSV20 6986 mailstats/mailstats.8 6987 praliases/praliases.8 6988 cf/cf/generic-nextstep3.3.mc 6989 cf/feature/genericstable.m4 6990 cf/feature/limited_masquerade.m4 6991 cf/feature/masquerade_entire_domain.m4 6992 cf/feature/virtusertable.m4 6993 cf/ostype/aix2.m4 6994 cf/ostype/altos.m4 6995 cf/ostype/maxion.m4 6996 cf/ostype/solaris2.ml.m4 6997 cf/ostype/uxpds.m4 6998 contrib/re-mqueue.pl 6999 DELETED FILES: 7000 src/Makefiles/Makefile.Solaris 7001 contrib/xla/README 7002 contrib/xla/xla.c 7003 RENAMED FILES: 7004 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x 7005 src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2 7006 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10 7007 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x 7008 src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x 7009 70108.7.6/8.7.3 1996/09/17 7011 SECURITY: It is possible to force getpwuid to fail when writing the 7012 queue file, causing sendmail to fall back to running programs 7013 as the default user. This is not exploitable from off-site. 7014 Workarounds include using a unique user for the DefaultUser 7015 (old u & g options) and using smrsh as the local shell. 7016 SECURITY: fix some buffer overruns; in at least one case this allows 7017 a local user to get root. This is not known to be exploitable 7018 from off-site. The workaround is to disable chfn(1) commands. 7019 70208.7.5/8.7.3 1996/03/04 7021 Fix glitch in 8.7.4 when putting certain internal lines; this can 7022 in some case cause connections to hang or messages to have 7023 extra spaces in odd places. Patch from Eric Wassenaar; 7024 reports from Eric Hall of Chiron Corporation, Stephen 7025 Hansen of Stanford University, Dean Gaudet of HotWired, 7026 and others. 7027 70288.7.4/8.7.3 1996/02/18 7029 SECURITY: In some cases it was still possible for an attacker to 7030 insert newlines into a queue file, thus allowing access to 7031 any user (except root). 7032 CONFIG: no changes -- it is not a bug that the configuration 7033 version number is unchanged. 7034 70358.7.3/8.7.3 1995/12/03 7036 Fix botch in name server timeout in RCPT code; this problem caused 7037 two responses in SMTP, which breaks things horribly. Fix 7038 from Gregory Neil Shapiro of WPI. 7039 Verify that L= value on M lines cannot be negative, which could cause 7040 negative array subscripting. Not a security problem since 7041 this has to be in the config file, but it could have caused 7042 core dumps. Pointed out by Bryan Costales. 7043 Fix -d21 debug output for long macro names. Pointed out by Bryan 7044 Costales. 7045 PORTABILITY FIXES: 7046 SCO doesn't have ftruncate. From Bill Aten of Computerizers. 7047 IBM's version of arpa/nameser.h defaults to the wrong byte 7048 order. Tweak it to work properly. Based on fixes 7049 from Fletcher Mattox of UTexas and Betty Lee of 7050 Stanford University. 7051 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option. 7052 Deficiency pointed out by Bryan Costales of ICSI. 7053 70548.7.2/8.7.2 1995/11/19 7055 REALLY fix the backslash escapes in SmtpGreetingMessage, 7056 OperatorChars, and UnixFromLine options. They were not 7057 properly repaired in 8.7.1. 7058 Completely delete the Bcc: header if and only if there are other 7059 valid recipient headers (To:, Cc: or Apparently-To:, the 7060 last being a historic botch, of course). If Bcc: is the 7061 only recipient header in the message, its value is tossed, 7062 but the header name is kept. The old behavior (always keep 7063 the header name and toss the value) allowed primary recipients 7064 to see that a Bcc: went to _someone_. 7065 Include queue id on ``Authentication-Warning: <host>: <user> set 7066 sender to <address> using -f'' syslog messages. Suggested 7067 by Kari Hurtta. 7068 If a sequence or switch map lookup entry gets a tempfail but then 7069 continues on to another map type, but the name is not found, 7070 return a temporary failure from the sequence or switch map. 7071 For example, if hosts search ``dns files'' and DNS fails 7072 with a tempfail, the hosts map will go on and search files, 7073 but if it fails the whole thing should be a tempfail, not 7074 a permanent (host unknown) failure, even though that is the 7075 failure in the hosts.files map. This error caused hard 7076 bounces when it should have requeued. 7077 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo 7078 owned by bar mode 700 and inbox being set-user-ID bar stopped 7079 working properly due to excessive paranoia. Pointed out by 7080 John Hawkinson of Panix. 7081 An SMTP RCPT command referencing a host that gave a nameserver 7082 timeout would return a 451 command (8.6 accepted it and 7083 queued it locally). Revert to the 8.6 behavior in order 7084 to simplify queue management for clustered systems. Suggested 7085 by Gregory Neil Shapiro of WPI. The same problem could break 7086 MH, which assumes that the SMTP session will succeed (tsk, tsk 7087 -- mail gets lost!); this was pointed out by Stuart Pook of 7088 Infobiogen. 7089 Fix possible buffer overflow in munchstring(). This was not a security 7090 problem because you couldn't specify any argument to this 7091 without first giving up root privileges, but it is still a 7092 good idea to avoid future problems. Problem noted by John 7093 Hawkinson and Sam Hartman of MIT. 7094 ``452 Out of disk space for temp file'' messages weren't being 7095 printed. Fix from David Perlin of Nanosoft. 7096 Don't advertise the ESMTP DSN extension if the SendMimeErrors option 7097 is not set, since this is required to get the actual DSNs 7098 created. Problem pointed out by John Gardiner Myers of CMU. 7099 Log permission problems that cause .forward and :include: files to 7100 be untrusted or ignored on log level 12 and higher. Suggested 7101 by Randy Martin of Clemson University. 7102 Allow user ids in U= clauses of M lines to have hyphens and 7103 underscores. 7104 Fix overcounting of recipients -- only happened when sending to an 7105 alias. Pointed out by Mark Andrews of SGI and Jack Woolley 7106 of Systems and Computer Technology Corporation. 7107 If a message is sent to an address that fails, the error message that 7108 is returned could show some extraneous "success" information 7109 included even if the user did not request success notification, 7110 which was confusing. Pointed out by Allan Johannesen of WPI. 7111 Config files that had no AliasFile definition were defaulting to 7112 using /etc/aliases; this caused problems with nullclient 7113 configurations. Change it back to the 8.6 semantics of 7114 having no local alias file unless it is declared. Problem 7115 noted by Charles Karney of Princeton University. 7116 Fix compile problem if NOTUNIX is defined. Pointed out by Bryan 7117 Costales of ICSI. 7118 Map lookups of class "userdb" maps were always case sensitive; they 7119 should be controlled by the -f flag like other maps. Pointed 7120 out by Bjart Kvarme <bjart.kvarme@usit.uio.no>. 7121 Fix problem that caused some addresses to be passed through ruleset 5 7122 even when they were tagged as "sticky" by prefixing the 7123 address with an "@". Patch from Thomas Dwyer III of Michigan 7124 Technological University. 7125 When converting a message to Quoted-Printable, prevent any lines with 7126 dots alone on a line by themselves. This is because of the 7127 preponderance of broken mailers that still get this wrong. 7128 Code contributed by Per Hedeland of Ericsson. 7129 Fix F{macro}/file construct -- it previously did nothing. Pointed 7130 out by Bjart Kvarme of USIT/UiO (Norway). 7131 Announce whether a cached connection is SMTP or ESMTP (in -v mode). 7132 Requested by Allan Johannesen. 7133 Delete check for text format of alias files -- it should be legal 7134 to have the database format of the alias files without the 7135 text version. Problem pointed out by Joe Rhett of Navigist, 7136 Inc. 7137 If "Ot" was specified with no value, the TZ variable was not properly 7138 imported from the environment. Pointed out by Frank Crawford 7139 <frank@ansto.gov.au>. 7140 Some architectures core dumped on "program" maps that didn't have 7141 extra arguments. Patch from Booker C. Bense of Stanford 7142 University. 7143 Queue run processes would re-spawn daemons when given a SIGHUP; only 7144 the parent should do this. Fix from Brian Coan of the 7145 Association for Progressive Communications. 7146 If MinQueueAge was set and a message was considered but not run 7147 during a queue run and the Timeout.queuereturn interval was 7148 reached, a "timed out" error message would be returned that 7149 didn't include the failed address (and claimed to be a warning 7150 even though it was fatal). The fix is to not return such 7151 messages until they are actually tried, i.e., in the next 7152 MinQueueAge interval. Problem noted by Rein Tollevik of 7153 SINTEF RUNIT, Oslo. 7154 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions 7155 that have the hes_getmailhost() routine. DEC Hesiod 7156 distributions do not have this routine. Based on a patch 7157 from Betty Lee of Stanford University. 7158 Extensive cleanups to map open code to handle a locking race condition 7159 in ndbm, hash, and btree format database files on some (most 7160 non-4.4-BSD based) OS architectures. This should solve the 7161 occasional "user unknown" problem during alias rebuilds that 7162 has plagued me for quite some time. Based on a patch from 7163 Thomas Dwyer III of Michigan Technological University. 7164 PORTABILITY FIXES: 7165 Solaris: Change location of newaliases and mailq from 7166 /usr/ucb to /usr/bin to match Sun settings. From 7167 James B. Davis of TCI. 7168 DomainOS: Makefile.DomainOS doesn't require -ldbm. From 7169 Don Lewis of Silicon Systems. 7170 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x 7171 so that the makesendmail script will find it. Pointed 7172 out by Richard Allen of the University of Iceland. 7173 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which 7174 isn't supported on all compilers. 7175 UXPDS: compilation fixes from Diego R. Lopez. 7176 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless 7177 you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE. 7178 CONFIG: Minor glitch in S21 -- attachment of local domain name 7179 didn't have trailing dot. From Jim Hickstein of Teradyne. 7180 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as 7181 user%host@thishost. From Claude Scarpelli of Infobiogen 7182 (France). 7183 CONFIG: OSTYPE(hpux10) failed to define the location of the help file. 7184 Pointed out by Hannu Martikka of Nokia Telecommunications. 7185 CONFIG: Diagnose some inappropriate ordering in configuration files, 7186 such as FEATURE(smrsh) listed after MAILER(local). Based on 7187 a bug report submitted by Paul Hoffman of Proper Publishing. 7188 CONFIG: Make OSTYPE files consistently not override settings that 7189 have already been set. Previously it worked differently 7190 for different files. 7191 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take 7192 is that this is wrong, but the change was causing problems 7193 for some people. From Per Hedeland of Ericsson. 7194 CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>; 7195 portability changes for Posix environments (no functional 7196 changes). 7197 71988.7.1/8.7.1 1995/10/01 7199 Old macros that have become options (SmtpGreetingMessage, 7200 OperatorChars, and UnixFromLine) didn't allow backslash 7201 escapes in the options, where they previously had. Bug 7202 pointed out by John Hawkinson of MIT. 7203 Fix strange case of an executable called by a program map that 7204 returns a value but also a non-zero exit status; this 7205 would give contradictory results in the higher level; in 7206 particular, the default clause in the map lookup would be 7207 ignored. Change to ignore the value if the program returns 7208 non-zero exit status. From Tom Moore of AT&T GIS. 7209 Shorten parameters passed to syslog() in some contexts to avoid a 7210 bug in many vendors' implementations of that routine. Although 7211 this isn't really a bug in sendmail per se, and my solution 7212 has to assume that syslog() has at least a 1K buffer size 7213 internally (I know some vendors have shortened this 7214 dramatically -- they're on their own), sendmail is a popular 7215 target. Also, limit the size of %s arguments in sprintf. 7216 These both have possible security implications. Solutions 7217 suggested by Casper Dik of Sun's Network Security Group 7218 (Holland), Mark Seiden, and others. 7219 Fix a problem that might cause a non-standard -B (body type) 7220 parameter to be passed to the next server with undefined 7221 results. This could have security implications. 7222 If a filesystem was at > 100% utilization, the freediskspace() 7223 routine incorrectly returned an error rather than zero. 7224 Problem noted by G. Paul Ziemba of Alantec. 7225 Change MX sort order so that local hostnames (those in $=w) always 7226 sort first within a given preference. This forces the bestmx 7227 map to always return the local host first, if it is included 7228 in the list of highest priority MX records. From K. Robert 7229 Elz. 7230 Avoid some possible null pointer dereferences. Fixes from Randy 7231 Martin <WOLF@CLEMSON.EDU> 7232 When sendmail starts up on systems that have no fully qualified 7233 domain name (FQDN) anywhere in the first matching host map 7234 (e.g., /etc/hosts if the hosts service searches "files dns"), 7235 sendmail would sleep to try to find a FQDN, which it really 7236 really needs. This has been changed to fall through to the 7237 next map type if it can't find a FQDN -- i.e., if the hosts 7238 file doesn't have a FQDN, it will try dns even though the 7239 short name was found in /etc/hosts. This is probably a crock, 7240 but many people have hosts files without FQDNs. Remember: 7241 domain names are your friends. 7242 Log a high-priority message if you can't find your FQDN during startup. 7243 Suggested by Simon Barnes of Schlumberger Limited. 7244 When using Hesiod, initialize it early to improve error reporting. 7245 Patch from Don Lewis of Silicon Systems, Inc. 7246 Apparently at least some versions of Linux have a 90 !minute! TCP 7247 connection timeout in the kernel. Add a new "connect" timeout 7248 to limit this time. Defaults to zero (use whatever the 7249 kernel provides). Based on code contributed by J.R. Oldroyd 7250 of TerraNet. 7251 Under some circumstances, a failed message would not be properly 7252 removed from the queue, causing tons of bogus error messages. 7253 (This fix eliminates the problematic EF_KEEPQUEUE flag.) 7254 Problem noted by Allan E Johannesen and Gregory Neil Shapiro 7255 of WPI. 7256 PORTABILITY FIXES: 7257 On IRIX 5.x, there was an inconsistency in the setting 7258 of sendmail.st location. Change the Makefile to 7259 install it in /var/sendmail.st to match the OSTYPE 7260 file and SGI standards. From Andre 7261 <andre@curry.zfe.siemens.de>. 7262 Support for Fujitsu/ICL UXP/DS (For the DS/90 Series) 7263 from Diego R. Lopez <drlopez@cica.es>. 7264 Linux compilation patches from J.R. Oldroyd of TerraNet, Inc. 7265 LUNA 2 Mach patches from Motonori Nakamura. 7266 SunOS Makefile was including -ldbm, which is for the old 7267 dbm library. The ndbm library is part of libc. 7268 CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with 7269 ``local configuration error'' in nullclient configuration. 7270 Patch from Gregory Neil Shapiro of WPI. 7271 CONFIG: don't allow an alias file in nullclient configurations -- 7272 since all addresses are relayed, they give errors during 7273 rebuild. Suggested by Per Hedeland of Ericsson. 7274 CONFIG: local mailer on Solaris 2 should always get a -f flag because 7275 otherwise the F=S causes the From_ line to imply that root is 7276 the sender. Problem pointed out by Claude Scarpelli of 7277 Infobiogen (France). 7278 NEW FILES: 7279 cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake) 7280 src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake) 7281 src/Makefiles/Makefile.UXPDS 7282 72838.7/8.7 1995/09/16 7284 Fix a problem that could cause sendmail to run out of file 7285 descriptors due to a trashed data structure after a 7286 vfork. Fix from Brian Coan of the Institute for 7287 Global Communications. 7288 Change the VRFY response if you have disabled VRFY -- some 7289 people seemed to think that it was too rude. 7290 Avoid reference to uninitialized file descriptor if HASFLOCK 7291 was not defined. This was used "safely" in the sense 7292 that it only did a stat, but it would have set the 7293 map modification time improperly. Problem pointed out 7294 by Roy Mongiovi of Georgia Tech. 7295 Clean up the Subject: line on warning messages and return 7296 receipts so that they don't say "Returned mail:"; this 7297 can be confusing. 7298 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is 7299 useful enough to make it worthwhile printing on "-d". 7300 Avoid logging alias statistics every time you read the alias 7301 file on systems with no database method compiled in. 7302 If you have a name with a trailing dot, and you try looking it 7303 up using gethostbyname without the dot (for /etc/hosts 7304 compatibility), be sure to turn off RES_DEFNAMES and 7305 RES_DNSRCH to avoid finding the wrong name accidentally. 7306 Problem noted by Charles Amos of the University of 7307 Maryland. 7308 Don't do timeouts in collect if you are not running SMTP. 7309 There is nothing that says you can't have a long 7310 running program piped into sendmail (possibly via 7311 /bin/mail, which just execs sendmail). Problem reported 7312 by Don "Truck" Lewis of Silicon Systems. 7313 Try gethostbyname() even if the DNS lookup fails iff option I 7314 is not set. This allows you to have hosts listed in 7315 NIS or /etc/hosts that are not known to DNS. It's normally 7316 a bad idea, but can be useful on firewall machines. This 7317 should really be broken out on a separate flag, I suppose. 7318 Avoid compile warnings against BIND 4.9.3, which uses function 7319 prototypes. From Don Lewis of Silicon Systems. 7320 Avoid possible incorrect diagnosis of DNS-related errors caused 7321 by things like attempts to resolve uucp names using 7322 $[ ... $] -- the fix is to clear h_errno at appropriate 7323 times. From Kyle Jones of UUNET. 7324 SECURITY: avoid denial-of-service attacks possible by destroying 7325 the alias database file by setting resource limits low. 7326 This involves adding two new compile-time options: 7327 HASSETRLIMIT (indicating that setrlimit(2) support is 7328 available) and HASULIMIT (indicating that ulimit(2) support 7329 is available -- the Release 3 form is used). The former 7330 is assumed on BSD-based systems, the latter on System 7331 V-based systems. Attack noted by Phil Brandenberger of 7332 Swarthmore University. 7333 New syntaxes in test (-bt) mode: 7334 ``.Dmvalue'' will define macro "m" to "value". 7335 ``.Ccvalue'' will add "value" to class "c". 7336 ``=Sruleset'' will dump the contents of the indicated 7337 ruleset. 7338 ``=M'' will display the known mailers. 7339 ``-ddebug-spec'' is equivalent to the command-line 7340 -d debug flag. 7341 ``$m'' will print the value of macro $m. 7342 ``$=c'' will print the contents of class $=c. 7343 ``/mx host'' returns the MX records for ``host''. 7344 ``/parse address'' will parse address, returning the value of 7345 crackaddr (essentially, the comment information) 7346 and the parsed address. 7347 ``/try mailer address'' will rewrite address into the form 7348 it will have when presented to the indicated mailer. 7349 ``/tryflags flags'' will set flags used by parsing. The 7350 flags can be `H' for header or `E' for envelope, 7351 and `S' for sender or `R' for recipient. These 7352 can be combined, so `HR' sets flags for header 7353 recipients. 7354 ``/canon hostname'' will try to canonify hostname and 7355 return the result. 7356 ``/map mapname key'' will look up `key' in the indicated 7357 `mapname' and return the result. 7358 Somewhat better handling of UNIX-domain socket addresses -- it 7359 should show the pathname rather than hex bytes. 7360 Restore ``-ba'' mode -- this reads a file from stdin and parses 7361 the header for envelope sender information and uses 7362 CR-LF as message terminators. It was thought to be 7363 obsolete (used only for Arpanet NCP protocols), but it 7364 turns out that the UK ``Grey Book'' protocols require 7365 that functionality. 7366 Fix a fix in previous release -- if gethostname and gethostbyname 7367 return a name without dots, and if an attempt to canonify 7368 that name fails, wait one minute and try again. This can 7369 result in an extra 60 second delay on startup if your system 7370 hostname (as returned by hostname(1)) has no dot and no names 7371 listed in /etc/hosts or your NIS map have a dot. 7372 Check for proper domain name on HELO and EHLO commands per 7373 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III 7374 of Michigan Technological University. 7375 Relax chownsafe rules slightly -- old version said that if you 7376 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, 7377 if fpathconf returned EINVAL or ENOSYS), assume that 7378 chown is not safe. The new version falls back to whether 7379 you are on a BSD system or not. This is important for 7380 SunOS, which apparently always returns one of those 7381 error codes. This impacts whether you can mail to files 7382 or not. 7383 Syntax errors such as unbalanced parentheses in the configuration 7384 file could be omitted if you had "Oem" prior to the 7385 syntax error in the config file. Change to always print 7386 the error message. It was especially weird because it 7387 would cause a "warning" message to be sent to the Postmaster 7388 for every message sent (but with no transcript). Problem 7389 noted by Gregory Paris of Motorola. 7390 Rewrite collect and putbody to handle full 8-bit data, including 7391 zero bytes. These changes are internally extensive, but 7392 should have minimal impact on external function. 7393 Allow full words for option names -- if the option letter is 7394 (apparently) a space, then take the word following -- e.g., 7395 O MatchGECOS=TRUE 7396 The full list of old and new names is as follows: 7397 7 SevenBitInput 7398 8 EightBitMode 7399 A AliasFile 7400 a AliasWait 7401 B BlankSub 7402 b MinFreeBlocks/MaxMessageSize 7403 C CheckpointInterval 7404 c HoldExpensive 7405 D AutoRebuildAliases 7406 d DeliveryMode 7407 E ErrorHeader 7408 e ErrorMode 7409 f SaveFromLine 7410 F TempFileMode 7411 G MatchGECOS 7412 H HelpFile 7413 h MaxHopCount 7414 i IgnoreDots 7415 I ResolverOptions 7416 J ForwardPath 7417 j SendMimeErrors 7418 k ConnectionCacheSize 7419 K ConnectionCacheTimeout 7420 L LogLevel 7421 l UseErrorsTo 7422 m MeToo 7423 n CheckAliases 7424 O DaemonPortOptions 7425 o OldStyleHeaders 7426 P PostmasterCopy 7427 p PrivacyOptions 7428 Q QueueDirectory 7429 q QueueFactor 7430 R DontPruneRoutes 7431 r, T Timeout 7432 S StatusFile 7433 s SuperSafe 7434 t TimeZoneSpec 7435 u DefaultUser 7436 U UserDatabaseSpec 7437 V FallbackMXHost 7438 v Verbose 7439 w TryNullMXList 7440 x QueueLA 7441 X RefuseLA 7442 Y ForkEachJob 7443 y RecipientFactor 7444 z ClassFactor 7445 Z RetryFactor 7446 The old macros that passed information into sendmail have 7447 been changed to options; those correspondences are: 7448 $e SmtpGreetingMessage 7449 $l UnixFromLine 7450 $o OperatorChars 7451 $q (deleted -- not necessary) 7452 To avoid possible problems with an older sendmail, 7453 configuration level 6 is accepted by this version of 7454 sendmail; any config file using the new names should 7455 specify "V6" in the configuration. 7456 Change address parsing to properly note that a phrase before a 7457 colon and a trailing semicolon are essentially the same 7458 as text outside of angle brackets (i.e., sendmail should 7459 treat them as comments). This is to handle the 7460 ``group name: addr1, addr2, ..., addrN;'' syntax (it will 7461 assume that ``group name:'' is a comment on the first 7462 address and the ``;'' is a comment on the last address). 7463 This requires config file support to get right. It does 7464 understand that :: is NOT this syntax, and can be turned 7465 off completely by setting the ColonOkInAddresses option. 7466 Level 6 config files added with new mailer flags: 7467 A Addresses are aliasable. 7468 i Do udb rewriting on envelope as well as header 7469 sender lines. Applies to the from address mailer 7470 flags rather than the recipient mailer flags. 7471 j Do udb rewriting on header recipient addresses. 7472 Applies to the sender mailer flags rather than the 7473 recipient mailer flags. 7474 k Disable check for loops when doing HELO command. 7475 o Always run as the mail recipient, even on local 7476 delivery. 7477 w Check for an /etc/passwd entry for this user. 7478 5 Pass addresses through ruleset 5. 7479 : Check for :include: on this address. 7480 | Check for |program on this address. 7481 / Check for /file on this address. 7482 @ Look up sender header addresses in the user 7483 database. Applies to the mailer flags for the 7484 mailer corresponding to the envelope sender 7485 address, rather than to recipient mailer flags. 7486 Pre-level 6 configuration files set A, w, 5, :, |, /, and @ 7487 on the "local" mailer, the o flag on the "prog" and "*file*" 7488 mailers, and the ColonOkInAddresses option. 7489 Eight-to-seven bit MIME conversions. This borrows ideas from 7490 John Beck of Hewlett-Packard, who generously contributed 7491 their implementation to me, which I then didn't use (see 7492 mime.c for an explanation of why). This adds the 7493 EightBitMode option (a.k.a. `8') and an F=8 mailer flag 7494 to control handling of 8-bit data. These have to cope with 7495 two types of 8-bit data: unlabelled 8-bit data (that is, 7496 8-bit data that is entered without declaring it as 8-bit 7497 MIME -- technically this is illegal according to the 7498 specs) and labelled 8-bit data (that is, it was declared 7499 as 8BITMIME in the ESMTP session or by using the 7500 -B8BITMIME command line flag). If the F=8 mailer flag is 7501 set then 8-bit data is sent to non-8BITMIME machines 7502 instead of converting to 7 bit (essentially using 7503 just-send-8 semantics). The values for EightBitMode are: 7504 m convert unlabelled 8-bit input to 8BITMIME, and do 7505 any necessary conversion of 8BITMIME to 7BIT 7506 (essentially, the full MIME option). 7507 p pass unlabelled 8-bit input, but convert labelled 7508 8BITMIME input to 7BIT as required (default). 7509 s strict adherence: reject unlabelled 8-bit input, 7510 convert 8BITMIME to 7BIT as required. The F=8 7511 flag is ignored. 7512 Unlabelled 8-bit data is rejected in mode `s' regardless of 7513 the setting of F=8. 7514 Add new internal class 'n', which is the set of MIME Content-Types 7515 which can not be 8 to 7 bit encoded because of other 7516 considerations. Types "multipart/*" and "message/*" are 7517 never directly encoded (although their components can be). 7518 Add new internal class 's', which is the set of subtypes of the 7519 MIME message/* content type that can be treated as though 7520 they are an RFC822 message. It is predefined to have 7521 "rfc822". Suggested By Kari Hurtta. 7522 Add new internal class 'e'. This is the set of MIME 7523 Content-Transfer-Encodings that can be converted to 7524 a seven bit format (Quoted-Printable or Base64). It is 7525 preinitialized to contain "7bit", "8bit", and "binary". 7526 Add C=charset mailer parameter and the the DefaultCharSet option (no 7527 short name) to set the default character set to use in the 7528 Content-Type: header when doing encoding of an 8-bit message 7529 which isn't marked as MIME into MIME format. If the C= 7530 parameter is set on the Envelope From address, use that as 7531 the default encoding; else use the DefaultCharSet option. 7532 If neither is set, it defaults to "unknown-8bit" as 7533 suggested by RFC 1428 section 3. 7534 Allow ``U=user:group'' field in mailer definition to set a default 7535 user and group that a mailer will be executed as. This 7536 overrides the 'u' and 'g' options, and if the `F=S' flag is 7537 also set, it is the uid/gid that will always be used (that 7538 is, the controlling address is ignored). The values may be 7539 numeric or symbolic; if only a symbolic user is given (no 7540 group) that user's default group in the passwd file is used 7541 as the group. Based on code donated by Chip Rosenthal of 7542 Unicom. 7543 Allow `u' option to also accept user:group as a value, in the same 7544 fashion as the U= mailer option. 7545 Add the symbolic time zone name in the Arpanet format dates (as 7546 a comment). This adds a new compile-time configuration 7547 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value 7548 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value 7549 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char 7550 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use 7551 timezone()), or TZ_NONE (don't include the comment). Code 7552 from Chip Rosenthal. 7553 The "Timeout" option (formerly "r") is extended to allow suboptions. 7554 For example, 7555 O Timeout.helo = 2m 7556 There are also two new suboptions "queuereturn" and 7557 "queuewarn"; these subsume the old T option. Thus, to 7558 set them both the preferred new syntax is 7559 O Timeout.queuereturn = 5d 7560 O Timeout.queuewarn = 4h 7561 Sort queue by host name instead of by message priority if the 7562 QueueSortOrder option (no short name) is set is set to 7563 ``host''. This makes better use of the connection cache, 7564 but may delay more ``interactive'' messages behind large 7565 backlogs under some circumstances. This is probably a 7566 good option if you have high speed links or don't do lots 7567 of ``batch'' messages, but less good if you are using 7568 something like PPP on a 14.4 modem. Based on code 7569 contributed by Roy Mongiovi of Georgia Tech (my main 7570 contribution was to make it configurable). 7571 Save i-number of df file in qf file to simplify rebuilding of queue 7572 after disastrous disk crash. Suggested by Kyle Jones of 7573 UUNET; closely based on code from KJS DECWRL code written 7574 by Paul Vixie. NOTA BENE: The qf files produced by 8.7 7575 are NOT back compatible with 8.6 -- that is, you can convert 7576 from 8.6 to 8.7, but not the other direction. 7577 Add ``F=d'' mailer flag to disable all use of angle brackets in 7578 route-addrs in envelopes; this is because in some cases 7579 they can be sent to the shell, which interprets them as 7580 I/O redirection. 7581 Don't include error file (option E) with return-receipts; this 7582 can be confusing. 7583 Don't send "Warning: cannot send" messages to owner-* or 7584 *-request addresses. Suggested by Christophe Wolfhugel 7585 of the Institut Pasteur, Paris. 7586 Allow -O command line flag to set long form options. 7587 Add "MinQueueAge" option to set the minimum time between attempts 7588 to run the queue. For example, if the queue interval 7589 (-q value) is five minutes, but the minimum queue age 7590 is fifteen minutes, jobs won't be tried more often than 7591 once every fifteen minutes. This can be used to give 7592 you more responsiveness if your delivery mode is set to 7593 queue-only. 7594 Allow "fileopen" timeout (default: 60 seconds) for opening 7595 :include: and .forward files. 7596 Add "-k", "-v", and "-z" flags to map definitions; these set the 7597 key field name, the value field name, and the field 7598 delimiter. The field delimiter can be a single character 7599 or the sequence "\t" or "\n" for tab or newline. 7600 These are for use by NIS+ and similar access methods. 7601 Change maps to always strip quotes before lookups; the -q flag 7602 turns off this behavior. Suggested by Motonori Nakamura. 7603 Add "nisplus" map class. Takes -k and -v flags to choose the 7604 key and value field names respectively. Code donated by 7605 Sun Microsystems. 7606 Add "hesiod" map class. The "file name" is used as the 7607 "HesiodNameType" parameter to hes_resolve(3). Returns the 7608 first value found for the match. Code donated by Scott 7609 Hutton of Indiana University. 7610 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to 7611 specify the name of the property that is searched as the 7612 key and a -v flag to specify the name of the property that 7613 is returned as the value (defaults to "members"). The 7614 default map is "/aliases". Some code based on code 7615 contributed by Robert La Ferla of Hot Software. 7616 Add "text" map class. This does slow, linear searches through 7617 text files. The -z flag specifies a column delimiter 7618 (defaults to any sequence of white space), the -k flag 7619 sets the key column number, and the -v flag sets the 7620 value column number. Lines beginning with `#' are treated 7621 as comments. 7622 Add "program" map class to execute arbitrary programs. The search 7623 key is presented as the last argument; the output is one 7624 line read from the programs standard output. Exit statuses 7625 are from sysexits.h. 7626 Add "sequence" map class -- searches maps in sequence until it 7627 finds a match. For example, the declarations: 7628 Kmap1 ... 7629 Kmap2 ... 7630 Kmapseq sequence map1 map2 7631 defines a map "mapseq" that first searches map1; if the 7632 value is found it is returned immediately, otherwise 7633 map2 is searched and the value returned. 7634 Add "switch" map class. This is much like "sequence" except that 7635 the ordering is fetched from an external file, usually 7636 the system service switch. The parameter is the name of 7637 the service to switch on, and the maps that it will use 7638 are the name of the switch map followed by ".service_type". 7639 For example, if the declaration of the map is 7640 Ksample switch hosts 7641 and the system service switch specifies that hosts are 7642 looked up using dns and nis in that order, then this is 7643 equivalent to 7644 Ksample sequence sample.dns sample.nis 7645 The subordinate maps (sample.*) must already be defined. 7646 Add "user" map class -- looks up users using getpwnam. Takes a 7647 "-v field" flag on the definition that tells what passwd 7648 entry to return -- legal values are name, passwd, uid, gid, 7649 gecos, dir, and shell. Generally expected to be used with 7650 the -m (matchonly) flag. 7651 Add "bestmx" map class -- returns the best MX value for the host 7652 listed as the value. If there are several "best" MX records 7653 for this host, one will be chosen at random. 7654 Add "userdb" map class -- looks up entries in the user database. 7655 The "file name" is actually the tag that will be used, 7656 typically "mailname". If there are multiple entries 7657 matching the name, the one chosen is undefined. 7658 Add multiple queue timeouts (both return and warning). These are 7659 set by the Precedence: or Priority: header fields to one of 7660 three values. If a Priority: is set and has value "normal", 7661 "urgent", or "non-urgent" the corresponding timeouts are 7662 used. If no priority is set, the Precedence: is consulted; 7663 if negative, non-urgent timeouts are used; if greater than 7664 zero, urgent timeouts are used. Otherwise, normal timeouts 7665 are used. The timeouts are set by setting the six timeouts 7666 queue{warn,return}.{urgent,normal,non-urgent}. 7667 Fix problem when a mail address is resolved to a $#error mailer 7668 with a temporary failure indication; it works in SMTP, 7669 but when delivering locally the mail is silently discarded. 7670 This patch, from Kyle Jones of UUNET, bounces it instead 7671 of queueing it (queueing is very hard). 7672 When using /etc/hosts or NIS-style lookups, don't assume that 7673 the first name in the list is the best one -- instead, 7674 search for the first one with a dot. For example, if 7675 an /etc/hosts entry reads 7676 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU 7677 this change will use the second name as the canonical 7678 machine name instead of the initial, unqualified name. 7679 Change dequote map to replace spaces in quoted text with a value 7680 indicated by the -s flag on the dequote map definition. 7681 For example, ``Mdequote dequote -s_'' will change 7682 "Foo Bar" into an unquoted Foo_Bar instead of leaving it 7683 quoted (because of the space character). Suggested by Dan 7684 Oscarsson for use in X.400 addresses. 7685 Implement long macro names as ${name}; long class names can 7686 be similarly referenced as $={name} and $~{name}. 7687 Definitions are (e.g.) ``D{name}value''. Names that have 7688 a leading lower case letter or punctuation characters are 7689 reserved for internal use by sendmail; i.e., config files 7690 should use names that begin with a capital letter. Based 7691 on code contributed by Dan Oscarsson. 7692 Fix core dump if getgrgid returns a null group list (as opposed 7693 to an empty group list, that is, a pointer to a list 7694 with no members). Fix from Andrew Chang of Sun Microsystems. 7695 Fix possible core dump if malloc fails -- if the malloc in xalloc 7696 failed, it called syserr which called newstr which called 7697 xalloc.... The newstr is now avoided for "panic" messages. 7698 Reported by Stuart Kemp of James Cook University. 7699 Improve connection cache timeouts; previously, they were not even 7700 checked if you were delivering to anything other than an 7701 IPC-connected host, so a series of (say) local mail 7702 deliveries could cause cached connections to be open 7703 much longer than the specified timeout. 7704 If an incoming message exceeds the maximum message size, stop 7705 writing the incoming bytes to the queue data file, since 7706 this can fill your mqueue partition -- this is a possible 7707 denial-of-service attack. 7708 Don't reject all numeric local user names unless HESIOD is 7709 defined. It turns out that Posix allows all-numeric 7710 user names. Fix from Tony Sanders of BSDI. 7711 Add service switch support. If the local OS has a service 7712 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf 7713 on DEC systems) that will be used; otherwise, it falls back 7714 to using a local mechanism based on the ServiceSwitchFile 7715 option (default: /etc/service.switch). For example, if the 7716 service switch lists "files" and "nis" for the aliases 7717 service, that will be the default lookup order. the "files" 7718 ("local" on DEC) service type expands to any alias files 7719 you listed in the configuration file, even if they aren't 7720 actually file lookups. 7721 Option I (NameServerOptions) no longer sets the "UseNameServer" 7722 variable which tells whether or not DNS should be considered 7723 canonical. This is now determined based on whether or not 7724 "dns" is in the service list for "hosts". 7725 Add preliminary support for the ESMTP "DSN" extension (Delivery 7726 Status Notifications). DSN notifications override 7727 Return-Receipt-To: headers, which are bogus anyhow -- 7728 support for them has been removed. 7729 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer 7730 definitions to define the types used in DSN returns for 7731 MTA names, addresses, and diagnostics respectively. 7732 Extend heuristic to force running in ESMTP mode to look for the 7733 five-character string "ESMTP" anywhere in the 220 greeting 7734 message (not just the second line). This is to provide 7735 better compatibility with other ESMTP servers. 7736 Print sequence number of job when running the queue so you can 7737 easily see how much progress you have made. Suggested 7738 by Peter Wemm of DIALix. 7739 Map newlines to spaces in logged message-ids; some versions of 7740 syslog truncate the rest of the line after newlines. 7741 Suggested by Fletcher Mattox of U. Texas. 7742 Move up forking for job runs so that if a message is split into 7743 multiple envelopes you don't get "fork storms" -- this 7744 also improves the connection cache utilization. 7745 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 7746 the purposes of refusing to send error returns. Suggested 7747 by Motonori Nakamura of Ritsumeikan University. 7748 Relax rules on when a file can be written when referenced from 7749 the aliases file: use the default uid/gid instead of the 7750 real uid/gid. This allows you to create a file owned by 7751 and writable only by the default uid/gid that will work 7752 all the time (without having the set-user-ID bit set). Change 7753 suggested by Shau-Ping Lo and Andrew Cheng of Sun 7754 Microsystems. 7755 Add "DialDelay" option (no short name) to provide an "extra" 7756 delay for dial on demand systems. If this is non-zero 7757 and a connect fails, sendmail will wait this long and 7758 then try again. If it takes longer than the kernel 7759 timeout interval to establish the connection, this 7760 option can give the network software time to establish 7761 the link. The default units are seconds. 7762 Move logging of sender information to be as early as possible; 7763 previously, it could be delayed a while for SMTP mail 7764 sent to aliases. Suggested by Brad Knowles of the 7765 Defense Information Systems Agency. 7766 Call res_init() before setting RES_DEBUG; this is required by 7767 BIND 4.9.3, or so I'm told. From Douglas Anderson of 7768 the National Computer Security Center. 7769 Add xdelay= field in logs -- this is a transaction delay, telling 7770 you how long it took to deliver to this address on the 7771 last try. It is intended to be used for sorting mailing 7772 lists to favor "quick" addresses. Provided for use by 7773 the mailprio scripts (see below). 7774 If a map cannot be opened, and that map is non-optional, and 7775 an address requires that map for resolution, queue the 7776 map instead of bouncing it. This involves creating a 7777 pseudo-class of maps called "bogus-map" -- if a required 7778 map cannot be opened, the class is changed to bogus-map; 7779 all queries against bogus-map return "tempfail". The 7780 bogus-map class is not directly accessible. A sample 7781 implementation was donated by Jem Taylor of Glasgow 7782 University Computing Service. 7783 Fix a possible core dump when mailing to a program that talks 7784 SMTP on its standard input. Fix from Keith Moore of 7785 the University of Kentucky. 7786 Make it possible to resolve filenames to $#local $: @ /filename; 7787 previously, the "@" would cause it to not be recognized 7788 as a file. Problem noted by Brian Hill of U.C. Davis. 7789 Accept a -1 signal to re-exec the daemon. This only works if 7790 argv[0] is a full path to sendmail. 7791 Fix bug in "addr=..." field in O option on little-endian machines 7792 -- the network number wasn't being converted to network 7793 byte order. Patch from Kurt Lidl of Pix Technologies 7794 Corporation. 7795 Pre-initialize the resolver early on; this is to avoid a bug with 7796 BIND 4.9.3 that can cause the _res.retry field to get 7797 reset to zero, causing all name server lookups to time 7798 out. Fix from Matt Day of Artisoft. 7799 Restore T line (trusted users) in config file -- but instead of 7800 locking out the -f flag, they just tell whether or not 7801 an X-Authentication-Warning: will be added. This really 7802 just creates new entries in class 't', so "Ft/file/name" 7803 can be used to read trusted user names from a file. 7804 Trusted users are also allowed to execute programs even 7805 if they have a shell that isn't in /etc/shells. 7806 Improve NEWDB alias file rebuilding so it will create them 7807 properly if they do not already exist. This had been 7808 a MAYBENEXTRELEASE feature in 8.6.9. 7809 Check for @:@ entry in NIS maps before starting up to avoid 7810 (but not prevent, sigh) race conditions. This ought to 7811 be handled properly in ypserv, but isn't. Suggested by 7812 Michael Beirne of Motorola. 7813 Refuse connections if there isn't enough space on the filesystem 7814 holding the queue. Contributed by Robert Dana of Wolf 7815 Communications. 7816 Skip checking for directory permissions in the path to a file 7817 when checking for file permissions iff setreuid() 7818 succeeded -- it is unnecessary in that case. This avoids 7819 significant performance problems when looking for .forward 7820 files. Based on a suggestion by Win Bent of USC. 7821 Allow symbolic ruleset names. Syntax can be "Sname" to get an 7822 arbitrary ruleset number assigned or "Sname = integer" 7823 to assign a specific ruleset number. Reference is 7824 $>name_or_number. Names can be composed of alphas, digits, 7825 underscore, or hyphen (first character must be non-numeric). 7826 Allow -o flag on AliasFile lines to make the alias file optional. 7827 From Bryan Costales of ICSI. 7828 Add NoRecipientAction option to handle the case where there is 7829 no legal recipient header in the message. It can take 7830 on values: 7831 None Leave the message as is. The 7832 message will be passed on even 7833 though it is in technically 7834 illegal syntax. 7835 Add-To Add a To: header with any 7836 recipients that it can find from 7837 the envelope. This risks exposing 7838 Bcc: recipients. 7839 Add-Apparently-To Add an Apparently-To: header. This 7840 has almost no redeeming social value, 7841 and is provided only for back 7842 compatibility. 7843 Add-To-Undisclosed Add a header reading 7844 To: undisclosed-recipients:; 7845 which will have the effect of 7846 making the message legal without 7847 exposing Bcc: recipients. 7848 Add-Bcc To add an empty Bcc: header. 7849 There is a chance that mailers down 7850 the line will delete this header, 7851 which could cause exposure of Bcc: 7852 recipients. 7853 The default is NoRecipientAction=None. 7854 Truncate (rather than delete) Bcc: lines in the header. This 7855 should prevent later sendmails (at least, those that don't 7856 themselves delete Bcc:) from considering this message to 7857 be non-conforming -- although it does imply that non-blind 7858 recipients can see that a Bcc: was sent, albeit not to whom. 7859 Add SafeFileEnvironment option. If declared, files named as delivery 7860 targets must be regular files in addition to the regular 7861 checks. Also, if the option is non-null then it is used as 7862 the name of a directory that is used as a chroot(2) 7863 environment for the delivery; the file names listed in an 7864 alias or forward should include the name of this root. 7865 For example, if you run with 7866 O SafeFileEnvironment=/arch 7867 then aliases should reference "/arch/rest/of/path". If a 7868 value is given, sendmail also won't try to save to 7869 /usr/tmp/dead.letter (instead it just leaves the job in the 7870 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. 7871 Support -A flag for alias files; this will comma concatenate like 7872 entries. For example, given the aliases: 7873 list: member1 7874 list: member2 7875 and an alias file declared as: 7876 OAhash:-A /etc/aliases 7877 the final alias inserted will be "list: member1,member2"; 7878 without -A you will get an error on the second and subsequent 7879 alias for "list". Contributed by Bryan Costales of ICSI. 7880 Line-buffer transcript file. Suggested by Liudvikas Bukys. 7881 Fix a problem that could cause very long addresses to core dump in 7882 some special circumstances. Problem pointed out by Allan 7883 Johannesen. 7884 (Internal change.) Change interface to expand() (macro expansion) 7885 to be simpler and more consistent. 7886 Delete check for funny qf file names. This didn't really give 7887 any extra security and caused some people some problems. 7888 (If you -really- want this, define PICKY_QF_NAME_CHECK 7889 at compile time.) Suggested by Kyle Jones of UUNET. 7890 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and 7891 merge with DSN code; this is simpler and more consistent. 7892 This may affect some people who have written their own 7893 checkcompat() routine. 7894 (Internal change.) Eliminate `D' line in qf file. The df file 7895 is now assumed to be the same name as the qf file (with 7896 the `q' changed to a `d', of course). 7897 Avoid forking for delivery if all recipient mailers are marked as 7898 "expensive" -- this can be a major cost on some systems. 7899 Essentially, this forces sendmail into "queue only" mode 7900 if all it is going to do is queue anyway. 7901 Avoid sending a null message in some rather unusual circumstances 7902 (specifically, the RCPT command returns a temporary 7903 failure but the connection is lost before the DATA 7904 command). Fix from Scott Hammond of Secure Computing 7905 Corporation. 7906 Change makesendmail to use a somewhat more rational naming scheme: 7907 Makefiles and obj directories are named $os.$rel.$arch, 7908 where $os is the operating system (e.g., SunOS), $rel is 7909 the release number (e.g., 5.3), and $arch is the machine 7910 architecture (e.g., sun4). Any of these can be omitted, 7911 and anything after the first dot in a release number can 7912 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous 7913 version used $os.$arch.$rel and was rather less general. 7914 Change makesendmail to do a "make depend" in the target directory 7915 when it is being created. This involves adding an empty 7916 "depend:" entry in most Makefiles. 7917 Ignore IDENT return value if the OSTYPE field returns "OTHER", 7918 as indicated by RFC 1413. Pointed out by Kari Hurtta 7919 of the Finnish Meteorological Institute. 7920 Fix problem that could cause multiple responses to DATA command 7921 on header syntax errors (e.g., lines beginning with colons). 7922 Problem noted by Jens Thomassen of the University of Oslo. 7923 Don't let null bytes in headers cause truncation of the rest of 7924 the header. 7925 Log Authentication-Warning:s. Suggested by Motonori Nakamura. 7926 Increase timeouts on message data puts to allow time for receivers 7927 to canonify addresses in headers on the fly. This is still 7928 a rather ugly heuristic. From Motonori Nakamura. 7929 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX 7930 records are not used when canonifying names, and when MX 7931 lookups are done for addressing they must be fully 7932 qualified. This is useful if you have a wildcard MX record, 7933 although it may cause other problems. In general, don't use 7934 wildcard MX records. Patch from Motonori Nakamura. 7935 Eliminate default two-line SMTP greeting message. Instead of 7936 adding an extra "ESMTP spoken here" line, the word "ESMTP" 7937 is added between the first and second word of the first 7938 line of the greeting message (i.e., immediately after the 7939 host name). This eliminates the need for the BROKEN_SMTP_PEERS 7940 compile flag. Old sendmails won't see the ESMTP, but that's 7941 acceptable because SIZE was the only useful extension that 7942 old sendmails understand. 7943 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 7944 invoked state dumps. From Masaharu Onishi. 7945 Allow on-line comments in .forward and :include: files; they are 7946 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> 7947 is a space or a tab. This is intended for native 7948 representation of non-ASCII sets such as Japanese, where 7949 existing encodings would be unreadable or would lose 7950 data -- for example, 7951 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori 7952 (romanized/less information) 7953 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= 7954 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= 7955 (with MIME encoding, not human readable) 7956 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B 7957 (native encoding with ISO-2022-JP) 7958 The last form is human readable in the Japanese environment. 7959 Based on a fix from (surprise!) Motonori Nakamura. 7960 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all 7961 messages to that host; these are most frequently associated 7962 with addresses rather than the host, with the exception of 7963 421 (service shutting down). The effect was to cause queues 7964 to sometimes take an excessive time to flush. Reported by 7965 Robert Sargent of Southern Geographics Technologies and 7966 Eric Prestemon of American University. 7967 Add Nice=N mailer option to set the niceness at which a mailer will 7968 run. This is actually a relative niceness (that is, an 7969 increment on the background value). 7970 Log queue runs that are skipped due to high loads. They are logged 7971 at LOG_INFO priority iff the log level is > 8. Contributed 7972 by Bruce Nagel of Data General. 7973 Allow the error mailer to accept a DSN-style error status code 7974 instead of an sysexits status code in the host part. 7975 Anything with a dot will be interpreted as a DSN-style code. 7976 Add new mailer flag: F=3 will tell translations to Quoted-Printable 7977 to encode characters that might be munged by an EBCDIC system 7978 in addition to the set required by RFC 1521. The additional 7979 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. 7980 (Think of "IBM 360" as the mnemonic for this flag.) 7981 Change check for mailing to files to look for a pathname of [FILE] 7982 rather than looking for the mailer named *file*. The mapping 7983 of leading slashes still goes to the *file* mailer. This 7984 allows you to implement the *file* mailer as a separate 7985 program, for example, to insert a Content-Length: header 7986 or do special security policy. However, note that the usual 7987 initial checking for the file permissions is still done, and 7988 the program in question needs to be very careful about how 7989 it does the file write to avoid security problems. 7990 Be able to read ~root/.forward even if the path isn't accessible to 7991 regular users. This is disrecommended because sendmail 7992 sometimes does not run as root (e.g., when an unsafe option 7993 is specified on the command line), but should otherwise be 7994 safe because .forward files must be owned by the user for 7995 whom mail is being forwarded, and cannot be a symbolic link. 7996 Suggested by Forrest Aldrich of Wang Laboratories. 7997 Add new "HostsFile" option that is the pathname to the /etc/hosts 7998 file. This is used for canonifying hostnames when the 7999 service type is "files". 8000 Implement programs on F (read class from file) line. The syntax is 8001 Fc|/path/to/program to read the output from the program 8002 into class "c". 8003 Probe the network interfaces to find alternate names for this 8004 host. Requires the SIOCGIFCONF ioctl call. Code 8005 contributed by SunSoft. 8006 Add "E" configuration line to set or propagate environment 8007 variables into children. "E<envar>" will propagate 8008 the named variable from the environment when sendmail 8009 was invoked into any children it calls; "E<envar>=<value>" 8010 sets the named variable to the indicated value. Any 8011 variables not explicitly named will not be in the child 8012 environment. However, sendmail still forces an 8013 "AGENT=sendmail" environment variable, in part to enforce 8014 at least one environment variable, since many programs and 8015 libraries die horribly if this is not guaranteed. 8016 Change heuristic for rebuilding both NEWDB and NDBM versions of 8017 alias databases -- new algorithm looks for the substring 8018 "/yp/" in the file name. This is more portable and involves 8019 less overhead. Suggested by Motonori Nakamura. 8020 Dynamically allocate the queue work list so that you don't lose 8021 jobs in large queue runs. The old QUEUESIZE compile parameter 8022 is replaced by QUEUESEGSIZE (the unit of allocation, which 8023 should not need to be changed) and the MaxQueueRunSize option, 8024 which is the absolute maximum number of jobs that will ever 8025 be handled in a single queue run. Based on code contributed 8026 by Brian Coan of the Institute for Global Communications. 8027 Log message when a message is dropped because it exceeds the maximum 8028 message size. Suggested by Leo Bicknell of Virginia Tech. 8029 Allow trusted users (those on a T line or in $=t) to use -bs without 8030 an X-Authentication-Warning: added. Suggested by Mark Thomas 8031 of Mark G. Thomas Consulting. 8032 Announce state of compile flags on -d0.1 (-d0.10 throws in the 8033 OS-dependent defines). The old semantic of -d0.1 to not 8034 run the daemon in background has been moved to -d99.100, 8035 and the old 52.5 flag (to avoid disconnect() from closing 8036 all output files) has been moved to 52.100. This makes 8037 things more consistent (flags below .100 don't change 8038 semantics) and separates out the backgrounding so that 8039 it doesn't happen automatically on other unrelated debugging 8040 flags. 8041 If -t is used but no addresses are found in the header, give an 8042 error message rather than just doing nothing. Fix from 8043 Motonori Nakamura. 8044 On systems (like SunOS) where the effective gid is not necessarily 8045 included in the group list returned by getgroups(), the 8046 `restrictmailq' option could sometimes cause an authorized 8047 user to not be able to use `mailq'. Fix from Charles Hannum 8048 of MIT. 8049 Allow symbolic service names for [IPC] mailers. Suggested by 8050 Gerry Magennis of Logica International. 8051 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs 8052 when running DNS. For example, if the name FTP.Foo.ORG is 8053 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in 8054 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG" 8055 if this option is not set, or "FTP.Foo.ORG" if it is set. 8056 This is technically illegal under RFC 822 and 1123, but the 8057 IETF is moving toward legalizing it. Note that turning on 8058 this option is not sufficient to guarantee that a downstream 8059 neighbor won't rewrite the address for you. 8060 Add "-m" flag to makesendmail script -- this tells you what object 8061 directory and Makefile it will use, but doesn't actually do 8062 the make. 8063 Do some additional checking on the contents of the qf file to try 8064 to detect attacks against the qf file. In particular, 8065 abort on any line beginning "From ", and add an "end of 8066 file" line -- any data after that line is prohibited. 8067 Always use /etc/sendmail.cf, regardless of the arbitrary vendor 8068 choices. This can be overridden in the Makefile by using 8069 either -DUSE_VENDOR_CF_PATH to get the vendor location 8070 (to the extent that we know it) or by defining 8071 _PATH_SENDMAILCF (which is a "hard override"). This allows 8072 sendmail 8 to have more consistent installation instructions. 8073 Allow macros on `K' line in config file. Suggested by Andrew Chang 8074 of Sun Microsystems. 8075 Improved symbol table hash function from Eric Wassenaar. This one 8076 is at least 50% faster. 8077 Fix problem that didn't notice that timeout on file open was a 8078 transient error. Fix from Larry Parmelee of Cornell 8079 University. 8080 Allow comments (lines beginning with a `#') in files read for 8081 classes. Suggested by Motonori Nakamura. 8082 Make SIGINT (usually ^C) in test mode return to the prompt instead 8083 of dropping out entirely. This makes testing some of the 8084 name server lookups easier to deal with when there are 8085 hung servers. From Motonori Nakamura. 8086 Add new ${opMode} macro that is set to the current operation mode 8087 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by 8088 Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>. 8089 Add new delivery mode (Odd) that defers all map lookups to queue runs. 8090 Kind of like queue-only mode (Odq) except it tries to avoid 8091 any external service requests; for dial-on-demand hosts that 8092 want to minimize DNS lookups when mail is being queued. For 8093 this to work you will also have to make sure that gethostbyname 8094 of your local host name does not do a DNS lookup. 8095 Improved handling of "out of space" conditions from John Myers of 8096 Carnegie Mellon. 8097 Improved security for mailing to files on systems that have fchmod(2) 8098 support. 8099 Improve "cannot send message for N days" message -- now says "could 8100 not send for past N days". Suggested by Tom Moore of AT&T 8101 Global Information Solutions. 8102 Less misleading Subject: line on messages sent to postmaster only. 8103 From Motonori Nakamura. 8104 Avoid duplicate error messages on bad command line flags. From 8105 Motonori Nakamura. 8106 Better error message for case where ruleset 0 falls off the end 8107 or otherwise does not resolve to a canonical triple. 8108 Fix a problem that could cause multiple bounce messages if a bad 8109 address was sent along with a good address to an SMTP 8110 site where that SMTP site returned a 4yz code in response 8111 to the final dot of the data. Problem reported by David 8112 James of British Telecom. 8113 Add "volatile" declarations so that gcc -O2 will work. Patches 8114 from Alexander Dupuy of System Management ARTS. 8115 Delete duplicates in MX lists -- believe it or not, there are sites 8116 that list the same host twice in an MX list. This deletion 8117 only works on adjacent preferences, so an MX list that 8118 had A=5, B=10, A=15 would leave both As, but one that had 8119 A=5, A=10, B=15 would reduce to A, B. This is intentional, 8120 just in case there is something weird I haven't thought of. 8121 Suggested by Barry Shein of Software Tool & Die. 8122 SECURITY: .forward files cannot be symbolic links. If they are, 8123 a bad guy can read your private files. 8124 PORTABILITY FIXES: 8125 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. 8126 System V Release 4 from Motonori Nakamura of Ritsumeikan 8127 University. This expands the disk size 8128 checking to include all (?) SVR4 configurations. 8129 System V Release 4 from Kimmo Suominen -- initgroups(3) 8130 and setrlimit(2) are both available. 8131 System V Release 4 from sob@sculley.ffg.com -- some versions 8132 apparently "have EX_OK defined in other headerfiles." 8133 Linux Makefile typo. 8134 Linux getusershell(3) is broken in Slackware 2.0 -- 8135 from Andrew Pam of Xanadu Australia. 8136 More Linux tweaking from John Kennedy of California State 8137 University, Chico. 8138 Cray changes from Eric Wassenaar: ``On Cray, shorts, 8139 ints, and longs are all 64 bits, and all structs 8140 are multiples of 64 bits. This means that the 8141 sizeof operator returns only multiples of 8. 8142 This requires adaptation of code that really 8143 deals with 32 bit or 16 bit fields, such as IP 8144 addresses or nameserver fields.'' 8145 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To 8146 get the old behavior, use -DDGUX_5_4_2. 8147 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment 8148 variable to fix bogus /bin/mail behavior. 8149 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. 8150 This also cleans up some System V Release 4 compile 8151 problems. 8152 Solaris 2: sendmail.cw file should be in /etc/mail to 8153 match all the other configuration files. Fix 8154 from Glenn Barry of Emory University. 8155 Solaris 2.3: compile problem in conf.c. Fix from Alain 8156 Nissen of the University of Liege, Belgium. 8157 Ultrix: freespace calculation was incorrect. Fix from 8158 Takashi Kizu of Osaka University. 8159 SVR4: running in background gets a SIGTTOU because the 8160 emulation code doesn't realize that "getpeername" 8161 doesn't require reading the file. Fix from Peter 8162 Wemm of DIALix. 8163 Solaris 2.3: due to an apparent bug in the socket emulation 8164 library, sockets can get into a "wedged" state where 8165 they just return EPROTO; closing and re-opening the 8166 socket clears the problem. Fix from Bob Manson 8167 of Ohio State University. 8168 Hitachi 3050R & 3050RX running HI-UX/WE2: portability 8169 fixes from Akihiro Hashimoto ("Hash") of Chiba 8170 University. 8171 AIX changes to allow setproctitle to work from Rainer Sch�pf 8172 of Zentrum f�r Datenverarbeitung der Universit�t 8173 Mainz. 8174 AIX changes for load average from Ed Ravin of NASA/Goddard. 8175 SCO Unix from Chip Rosenthal of Unicom (code was using the 8176 wrong statfs call). 8177 ANSI C fixes from Adam Glass (NetBSD project). 8178 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers 8179 University. 8180 DG-UX fixes from Bruce Nagel of Data General. 8181 IRIX64 updates from Mark Levinson of the University of 8182 Rochester Medical Center. 8183 Altos System V (``the first UNIX/XENIX merge the Altos 8184 did for their Series 1000 & Series 2000 line; 8185 their merged code was licensed back to AT&T and 8186 Microsoft and became System V release 3.2'') from 8187 Tim Rice <timr@crl.com>. 8188 OSF/1 running on Intel Paragon from Jeff A. Earickson 8189 <jeff@ssd.intel.com> of Intel Scalable Systems 8190 Division. 8191 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson 8192 <janet@dialix.oz.au>. 8193 System V Release 4 (statvfs semantic fix) from Alain 8194 Durand of I.M.A.G. 8195 HP-UX 10.x multiprocessor load average changes from 8196 Scott Hutton and Jeff Sumler of Indiana University. 8197 Cray CSOS from Scott Bolte of Cray Computer Corporation. 8198 Unicos 8.0 from Douglas K. Rand of the University of North 8199 Dakota, Scientific Computing Center. 8200 Solaris 2.4 fixes from Sanjay Dani of Dani Communications. 8201 ConvexOS 11.0 from Christophe Wolfhugel. 8202 IRIX 4.0.5 from David Ashton-Reader of CADcentre. 8203 ISC UNIX from J. J. Bailey. 8204 HP-UX 9.xx on the 8xx series machines from Remy Giraud 8205 of Meteo France. 8206 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>. 8207 IRIX 5.2 and 5.3 from Kari E. Hurtta. 8208 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. 8209 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. 8210 Omron LUNA unios-b, mach from Motonori Nakamura. 8211 NEC EWS-UX/V 4.2 from Motonori Nakamura. 8212 NeXT 2.1 from Bryan Costales. 8213 AUX patch thanks to Mike Erwin of Apple Computer. 8214 HP-UX 10.0 from John Beck of Hewlett-Packard. 8215 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a 8216 non-DEC resolver. Suggested by Allan Johannesen. 8217 UnixWare 2.0 fixes from Petr Lampa of the Technical 8218 University of Brno (Czech Republic). 8219 KSR OS 1.2.2 support from Todd Miller of the University 8220 of Colorado. 8221 UX4800 support from Kazuhisa Shimizu of NEC. 8222 MAKEMAP: allow -d flag to allow insertion of duplicate aliases 8223 in type ``btree'' maps. The semantics of this are undefined 8224 for regular maps, but it can be useful for the user database. 8225 MAKEMAP: lock database file while rebuilding to avoid sendmail 8226 lookups while the rebuild is going on. There is a race 8227 condition between the open(... O_TRUNC ...) and the lock 8228 on the file, but it should be quite small. 8229 SMRSH: sendmail restricted shell added to the release. This can 8230 be used as an alternative to /bin/sh for the "prog" mailer, 8231 giving the local administrator more control over what 8232 programs can be run from sendmail. 8233 MAIL.LOCAL: add this local mailer to the tape. It is not really 8234 part of the release proper, and isn't fully supported; in 8235 particular, it does not run on System V based systems and 8236 never will. 8237 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon 8238 to allow rmail to compile on systems that don't have 8239 function prototypes and systems that don't have snprintf. 8240 CONTRIB: add the "mailprio" scripts that will help you sort mailing 8241 lists by transaction delay times so that addresses that 8242 respond quickly get sent first. This is to prevent very 8243 sluggish servers from delaying other peoples' mail. 8244 Contributed by Tony Sanders of BSDI. 8245 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders 8246 of BSDI. This has a lot of comments to help people out. 8247 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead, 8248 put this on the m4 command line. On GNU m4 (which 8249 supports the __file__ primitive) you can run m4 in an 8250 arbitrary directory -- use either: 8251 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 8252 or 8253 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf 8254 On other versions of m4 that don't support __file__, you 8255 can use: 8256 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ... 8257 (Note the trailing slash on the _CF_DIR_ definition.) 8258 Old versions of m4 will default to _CF_DIR_=.. for back 8259 compatibility. 8260 CONFIG: fix mail from <> so it will properly convert to 8261 MAILER-DAEMON on local addresses. 8262 CONFIG: fix code that was supposed to catch colons in host 8263 names. Problem noted by John Gardiner Myers of CMU. 8264 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. 8265 From Paul Riddle of the University of Maryland, Baltimore 8266 County. 8267 CONFIG: Catch and reject "." as a host address. 8268 CONFIG: Generalize domaintable to look up all domains, not 8269 just unqualified ones. 8270 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it 8271 was never used and didn't work anyway. 8272 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer 8273 and d on all mailers in the UUCP class. 8274 CONFIG: Allow "user+detail" to be aliased specially: it will first 8275 look for an alias for "user+detail", then for "user+*", and 8276 finally for "user". This is intended for forwarding mail 8277 for system aliases such as root and postmaster to a 8278 centralized hub. 8279 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). 8280 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. 8281 The F=8 flag is also set on the "relay" mailer, since 8282 this is expected to be another sendmail. 8283 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with 8284 the name of the UUCP_RELAY -- in some cases, this is the 8285 wrong value (e.g., when we have local UUCP connections), 8286 and this can create unreplyable addresses. From Chip 8287 Rosenthal of Unicom. 8288 CONFIG: add confRECEIVED_HEADER to change the format of the 8289 Received: header inserted into all messages. Suggested by 8290 Gary Mills of the University of Manitoba. 8291 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) 8292 to get the old behavior. I did this upon observing 8293 that almost everyone needed this feature, and that the 8294 concept I was trying to make happen didn't work with 8295 some user agents anyway. FEATURE(notsticky) still works, 8296 but it is a no-op. 8297 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user 8298 names are sent, rather than immediately diagnosing them 8299 as User Unknown. 8300 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, 8301 and RELAY_MAILER_ARGS to set the arguments for the 8302 indicated mailers. All default to "IPC $h". Patch from 8303 Larry Parmelee of Cornell University. 8304 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects 8305 on the client side" and F=P to get an appropriate 8306 return-path. From Kimmo Suominen. 8307 CONFIG: add FEATURE(local_procmail) to use the procmail program 8308 as the local mailer. For addresses of the form "user+detail" 8309 the "detail" part is passed to procmail via the -a flag. 8310 Contributed by Kimmo Suominen. 8311 CONFIG: add MAILER(procmail) to add an interface to procmail for 8312 use from mailertables. This lets you execute arbitrary 8313 procmail scripts. Contributed by Kimmo Suominen. 8314 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. 8315 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From 8316 Paul Southworth of CICNet Systems Support. 8317 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. 8318 This causes the null return path to be rewritten as 8319 MAILER-DAEMON; otherwise UUCP gets horribly confused. 8320 From Michael Hohmuth of Technische Universitat Dresden. 8321 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that 8322 list us as the best possible MX record to be treated as 8323 though they were local (essentially, assume that they 8324 are included in $=w). This can cause additional DNS 8325 traffic, but is easier to administer if this fits your 8326 local model. It does not work reliably if there are 8327 multiple hosts that share the best MX preference. 8328 Code contributed by John Oleynick of Rutgers. 8329 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted 8330 SHell) instead of /bin/sh as the program used for delivery 8331 to programs. If an argument is included, it is used as 8332 the path to smrsh; otherwise, /usr/local/etc/smrsh is 8333 assumed. 8334 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the 8335 size of messages to the local and procmail mailers 8336 respectively. Contributed by Brad Knowles of the Defense 8337 Information Systems Agency. 8338 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments 8339 (just like text outside of angle brackets) in order to 8340 properly deal with ``group: addr1, ... addrN;'' syntax. 8341 CONFIG: Require OSTYPE macro (the defaults really don't apply to 8342 any real systems any more) and tweak the DOMAIN macro 8343 so that it is less likely that users will accidentally use 8344 the Berkeley defaults. Also, create some generic files 8345 that really can be used in the real world. 8346 CONFIG: Add new configuration macros to set character sets for 8347 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, 8348 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. 8349 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. 8350 The old name will still be accepted for a while at least. 8351 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET 8352 mail (.DECNET pseudo-domain or node::user) will be sent. 8353 As with all relays, it can be ``mailer:hostname''. Suggested 8354 by Scott Hutton. 8355 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed 8356 by Barb Dijker of Labyrinth Computer Services. 8357 CONFIG: change confCHECK_ALIASES to default to False -- it has poor 8358 performance for large alias files, and this confused many 8359 people. 8360 CONFIG: Add confCF_VERSION to append local information to the 8361 configuration version number displayed during SMTP startup. 8362 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it 8363 would only work when locally addressed. Fix from 8364 Edvard Tuinder of Cistron Internet Services. 8365 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option 8366 "n" (CheckAliases) is set when rebuilding alias database. 8367 Based on code contributed by Claude Marinier. 8368 CONFIG: Allow mailertable to have values of the form 8369 ``error:code message''. The ``code'' is a status code 8370 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE. 8371 Contributed by David James <dwj@agw.bt.co.uk>. 8372 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of 8373 sender domains that will be replaced with the masquerade name. 8374 These domains will not be treated as local, but if mail passes 8375 through with sender addresses in those domains they will be 8376 replaced by the masquerade name. These can also be specified 8377 in a file using MASQUERADE_DOMAIN_FILE(filename). 8378 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope 8379 as well as the header. Substantial improvements to this 8380 code were contributed by Per Hedeland. 8381 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be 8382 accessed from a mailertable to do CCSO ph lookups. Contributed 8383 by Kimmo Suominen. 8384 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be 8385 used to define cyrus and cyrusbb mailers (for IMAP support). 8386 Contributed by John Gardiner Myers of Carnegie Mellon. 8387 CONFIG: add confUUCP_MAILER to select default mailer to use for 8388 UUCP addressing. Suggested by Tom Moore of AT&T GIS. 8389 NEW FILES: 8390 cf/cf/cs-hpux10.mc 8391 cf/cf/cs-solaris2.mc 8392 cf/cf/cyrusproto.mc 8393 cf/cf/generic-bsd4.4.mc 8394 cf/cf/generic-hpux10.mc 8395 cf/cf/generic-hpux9.mc 8396 cf/cf/generic-osf1.mc 8397 cf/cf/generic-solaris2.mc 8398 cf/cf/generic-sunos4.1.mc 8399 cf/cf/generic-ultrix4.mc 8400 cf/cf/huginn.cs.mc 8401 cf/domain/berkeley-only.m4 8402 cf/domain/generic.m4 8403 cf/feature/bestmx_is_local.m4 8404 cf/feature/local_procmail.m4 8405 cf/feature/masquerade_envelope.m4 8406 cf/feature/smrsh.m4 8407 cf/feature/stickyhost.m4 8408 cf/feature/use_ct_file.m4 8409 cf/m4/cfhead.m4 8410 cf/mailer/cyrus.m4 8411 cf/mailer/mail11.m4 8412 cf/mailer/phquery.m4 8413 cf/mailer/procmail.m4 8414 cf/ostype/amdahl-uts.m4 8415 cf/ostype/bsdi2.0.m4 8416 cf/ostype/hpux10.m4 8417 cf/ostype/irix5.m4 8418 cf/ostype/isc4.1.m4 8419 cf/ostype/ptx2.m4 8420 cf/ostype/unknown.m4 8421 contrib/bsdi.mc 8422 contrib/mailprio 8423 contrib/rmail.oldsys.patch 8424 mail.local/mail.local.0 8425 makemap/makemap.0 8426 smrsh/README 8427 smrsh/smrsh.0 8428 smrsh/smrsh.8 8429 smrsh/smrsh.c 8430 src/Makefiles/Makefile.CSOS 8431 src/Makefiles/Makefile.EWS-UX_V 8432 src/Makefiles/Makefile.HP-UX.10 8433 src/Makefiles/Makefile.IRIX.5.x 8434 src/Makefiles/Makefile.IRIX64 8435 src/Makefiles/Makefile.ISC 8436 src/Makefiles/Makefile.KSR 8437 src/Makefiles/Makefile.NEWS-OS.4.x 8438 src/Makefiles/Makefile.NEWS-OS.6.x 8439 src/Makefiles/Makefile.NEXTSTEP 8440 src/Makefiles/Makefile.NonStop-UX 8441 src/Makefiles/Makefile.Paragon 8442 src/Makefiles/Makefile.SCO.3.2v4.2 8443 src/Makefiles/Makefile.SunOS.5.3 8444 src/Makefiles/Makefile.SunOS.5.4 8445 src/Makefiles/Makefile.SunOS.5.5 8446 src/Makefiles/Makefile.UNIX_SV.4.x.i386 8447 src/Makefiles/Makefile.uts.systemV 8448 src/Makefiles/Makefile.UX4800 8449 src/aliases.0 8450 src/mailq.0 8451 src/mime.c 8452 src/newaliases.0 8453 src/sendmail.0 8454 test/t_seteuid.c 8455 RENAMED FILES: 8456 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc 8457 cf/cf/chez.mc => cf/cf/chez.cs.mc 8458 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc 8459 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc 8460 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc 8461 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc 8462 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc 8463 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc 8464 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 8465 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 8466 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 8467 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 8468 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 8469 cf/ostype/irix.m4 => cf/ostype/irix4.m4 8470 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 8471 src/Makefile.* => src/Makefiles/Makefile.* 8472 src/Makefile.AUX => src/Makefiles/Makefile.A-UX 8473 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS 8474 src/Makefile.DGUX => src/Makefiles/Makefile.dgux 8475 src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS 8476 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0 8477 OBSOLETED FILES: 8478 cf/cf/cogsci.mc 8479 cf/cf/cs-exposed.mc 8480 cf/cf/cs-hidden.mc 8481 cf/cf/hpux-cs-hidden.mc 8482 cf/cf/knecht.mc 8483 cf/cf/osf1-cs-hidden.mc 8484 cf/cf/sunos3.5-cs-exposed.mc 8485 cf/cf/sunos3.5-cs-hidden.mc 8486 cf/cf/sunos4.1-cs-hidden.mc 8487 cf/cf/ultrix4.1-cs-hidden.mc 8488 cf/domain/cs-hidden.m4 8489 contrib/rcpt-streaming 8490 src/Makefiles/Makefile.SunOS.5.x 8491 84928.6.13/8.6.12 1996/01/25 8493 SECURITY: In some cases it was still possible for an attacker to 8494 insert newlines into a queue file, thus allowing access to 8495 any user (except root). 8496 CONFIG: no changes -- it is not a bug that the configuration 8497 version number is unchanged. 8498 84998.6.12/8.6.12 1995/03/28 8500 Fix to IDENT code (it was getting the size of the reply buffer 8501 too small, so nothing was ever accepted). Fix from several 8502 people, including Allan Johannesen, Shane Castle of the 8503 Boulder County Information Services, and Jeff Smith of 8504 Warwick University (all arrived within a few hours of 8505 each other!). 8506 Fix a problem that could cause large jobs to run out of 8507 file descriptors on systems that use vfork() rather 8508 than fork(). 8509 85108.6.11/8.6.11 1995/03/08 8511 The ``possible attack'' message would be logged more often 8512 than necessary if you are using Pine as a user agent. 8513 The wrong host would be reported in the ``possible attack'' 8514 message when attempted from IDENT. 8515 In some cases the syslog buffer could be overflowed when 8516 reporting the ``possible attack'' message. This can 8517 cause denial of service attacks. Truncate the message 8518 to 80 characters to prevent this problem. 8519 When reading the IDENT response a loop is needed around the 8520 read from the network to ensure that you don't get 8521 partial lines. 8522 Password entries without any shell listed (that is, a null 8523 shell) wouldn't match as "ok". Problem noted by 8524 Rob McMahon. 8525 When running BIND 4.9.x a problem could occur because the 8526 _res.options field is initialized differently than it 8527 was historically -- this requires that sendmail call 8528 res_init before it tweaks any bits. 8529 Fix an incompatibility in openxscript() between the file open mode 8530 and the stdio mode passed to fdopen. This caused UnixWare 8531 2.0 to have conniptions. Fix from Martin Sohnius of 8532 Novell Labs Europe. 8533 Fix problem with static linking of local getopt routine when 8534 using GNU's ld command. Fix from John Kennedy of 8535 Cal State Chico. 8536 It was possible to turn off privacy flags. Problem noted by 8537 *Hobbit*. 8538 Be more paranoid about writing files. Suggestions by *Hobbit* 8539 and Liudvikas Bukys. 8540 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) 8541 from Spider Boardman. 8542 CONFIG: No changes (version number only, to keep it in sync 8543 with the binaries). 8544 85458.6.10/8.6.10 1995/02/10 8546 SECURITY: Diagnose bogus values to some command line flags that 8547 could allow trash to get into headers and qf files. 8548 Validate the name of the user returned by the IDENT protocol. 8549 Some systems that really dislike IDENT send intentionally 8550 bogus information. Problem pointed out by Michael Bushnell 8551 of the Free Software Foundation. Has some security 8552 implications. 8553 Fix a problem causing error messages about DNS problems when 8554 the host name contained a percent sign to act oddly 8555 because it was passed as a printf-style format string. 8556 In some cases this could cause core dumps. 8557 Avoid possible buffer overrun in returntosender() if error 8558 message is quite long. From Fletcher Mattox of the 8559 University of Texas. 8560 Fix a problem that would silently drop "too many hops" error 8561 messages if and only if you were sending to an alias. 8562 From Jon Giltner of the University of Colorado and 8563 Dan Harton of Oak Ridge National Laboratory. 8564 Fix a bug that caused core dumps on some systems if -d11.2 was 8565 set and e->e_message was null. Fix from Bruce Nagel of 8566 Data General. 8567 Fix problem that can still cause df files to be left around 8568 after "hop count exceeded" messages. Fix from Andrew 8569 Chang and Shau-Ping Lo of SunSoft. 8570 Fix a problem that can cause buffer overflows on very long 8571 user names (as might occur if you piped to a program 8572 with a lot of arguments). 8573 Avoid returning an error and re-queueing if the host signature 8574 is null; this can occur on addresses like ``user@.''. 8575 Problem noted by Wesley Craig and the University of 8576 Michigan. 8577 Avoid possible calls to malloc(0) if MCI caching is turned 8578 off. Bug fix from Pierre David of the Laboratoire 8579 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), 8580 Universite de Versailles - St Quentin, and Jacky 8581 Thibault. 8582 Make a local copy of the line being sent via senttolist() -- in 8583 some cases, buffers could get trashed by map lookups 8584 causing it to do unexpected things. This also simplifies 8585 some of the map code. 8586 CONFIG: No changes (version number only, to keep it in sync 8587 with the binaries). 8588 85898.6.9/8.6.9 1994/04/19 8590 Do all mail delivery completely disconnected from any terminal. 8591 This provides consistency with daemon delivery and 8592 may have some security implications. 8593 Make sure that malloc doesn't get called with zero size, 8594 since that fails on some systems. Reported by Ed 8595 Hill of the University of Iowa. 8596 Fix multi-line values for $e (SMTP greeting message). Reported 8597 by Mike O'Connor of Ford Motor Company. 8598 Avoid syserr if no NIS domain name is defined, but the map it 8599 is trying to open is optional. From Win Bent of USC. 8600 Changes for picky compilers from Ed Gould of Digital Equipment. 8601 Hesiod support for UDB from Todd Miller of the University of 8602 Colorado. Use "hesiod" as the service name in the U 8603 option. 8604 Fix a problem that failed to set the "authentic" host name (that 8605 is, the one derived from the socket info) if you called 8606 sendmail -bs from inetd. Based on code contributed by 8607 Todd Miller (this problem was also reported by Guy Helmer 8608 of Dakota State University). This also fixes a related 8609 problem reported by Liudvikas Bukys of the University of 8610 Rochester. 8611 Parameterize "nroff -h" in all the Makefiles so people with 8612 variant versions can use them easily. Suggested by 8613 Peter Collinson of Hillside Systems. 8614 SMTP "MAIL" commands with multiple ESMTP parameters required two 8615 spaces between parameters instead of one. Reported by 8616 Valdis Kletnieks of Virginia Tech. 8617 Reduce the number of system calls during message collection by 8618 using global timeouts around the collect() loop. This 8619 code was contributed by Eric Wassenaar. 8620 If the initial hostname name gathering results in a name 8621 without a dot (usually caused by NIS misconfiguration) 8622 and BIND is compiled in, directly access DNS to get 8623 the canonical name. This should make life easier for 8624 Solaris systems. If it still can't be resolved, and 8625 if the name server is listed as "required", try again 8626 in 30 seconds. If that also fails, exit immediately to 8627 avoid bogus "config error: mail loops back to myself" 8628 messages. 8629 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error 8630 message to explain how much space was available and 8631 sound a bit less threatening. Suggested by Stan Janet 8632 of the National Institute of Standards and Technology. 8633 If mail is delivered to an alias that has an owner, deliver any 8634 requested return-receipt immediately, and strip the 8635 Return-Receipt-To: header from the subsequent message. 8636 This prevents a certain class of denial of service 8637 attack, arguably gives more reasonable semantics, and 8638 moves things more towards what will probably become a 8639 network standard. Suggested by Christopher Davis of 8640 Kapor Enterprises. 8641 Add a "noreceipts" privacy flag to turn off all return receipts 8642 without recompiling. 8643 Avoid printing ESMTP parameters as part of the error message 8644 if there are errors during parsing. This change is 8645 purely cosmetic. 8646 Avoid sending out error messages during the collect phase of 8647 SMTP; there is an MVS mailer from UCLA that gets 8648 confused by this. Of course, I think it's their bug.... 8649 Check for the $j macro getting undefined, losing a dot, or getting 8650 lost from $=w in the daemon before accepting a connection; 8651 if it is, it dumps state, prints a LOG_ALERT message, 8652 and drops core for debugging. This is an attempt to 8653 track down a bug that I thought was long since gone. 8654 If you see this, please forward the log fragment to 8655 sendmail@sendmail.ORG. 8656 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off 8657 with -DOLD_NEWDB=0 on the command line. From Christophe 8658 Wolfhugel. 8659 Instead of trying to truncate the listen queue for the server 8660 SMTP port when the load average is too high, just close 8661 the port completely and reopen it later as needed. 8662 This ensures that the other end gets a quick "connection 8663 refused" response, and that the connection can be 8664 recovered later. In particular, some socket emulations 8665 seem to get confused if you tweak the listen queue 8666 size around and can never start listening to connections 8667 again. The down side is that someone could start up 8668 another daemon process in the interim, so you could 8669 have multiple daemons all not listening to connections; 8670 this could in turn cause the sendmail.pid file to be 8671 incorrect. A better approach might be to accept the 8672 connection and give a 421 code, but that could break 8673 other mailers in mysterious ways and have paging behavior 8674 implications. 8675 Fix a glitch in TCP-level debugging that caused flag 16.101 to 8676 set debugging on the wrong socket. From Eric Wassenaar. 8677 When creating a df* temporary file, be sure you truncate any 8678 existing data in the file -- otherwise system crashes 8679 and the like could result in extra data being sent. 8680 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the 8681 doc directory. This includes some additional 8682 information. 8683 CONFIG: change UUCP rules to never add $U! or $k! on the front 8684 of recipient envelope addresses. This should have been 8685 handled by the $&h trick, but broke if people were 8686 mixing domainized and UUCP addresses. They should 8687 probably have converted all the way over to uucp-uudom 8688 instead of uucp-{new,old}, but the failure mode was to 8689 loop the mail, which was bad news. 8690 Portability fixes: 8691 Newer BSDI systems (several people). 8692 Older BSDI systems from Christophe Wolfhugel. 8693 Intergraph CLIX, from Paul Southworth of CICNet. 8694 UnixWare, from Evan Champion. 8695 NetBSD from Adam Glass. 8696 Solaris from Quentin Campbell of the University of 8697 Newcastle upon Tyne. 8698 IRIX from Dean Cookson and Bill Driscoll of Mitre 8699 Corporation. 8700 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. 8701 SunOS (it has setsid() and setvbuf() calls) from 8702 Jonathan Kamens of OpenVision Technologies. 8703 HP-UX from Tor Lillqvist. 8704 New Files: 8705 src/Makefile.CLIX 8706 src/Makefile.NCR3000 8707 doc/changes/Makefile 8708 doc/changes/changes.me 8709 doc/changes/changes.ps 8710 87118.6.8/8.6.6 1994/03/21 8712 SECURITY: it was possible to read any file as root using the 8713 E (error message) option. Reported by Richard Jones; 8714 fixed by Michael Corrigan and Christophe Wolfhugel. 8715 87168.6.7/8.6.6 1994/03/14 8717 SECURITY: it was possible to get root access by using weird 8718 values to the -d flag. Thanks to Alain Durand of 8719 INRIA for forwarding me the notice from the bugtraq 8720 list. 8721 87228.6.6/8.6.6 1994/03/13 8723 SECURITY: the ability to give files away on System V-based 8724 systems proved dangerous -- don't run as the owner 8725 of a :include: file on a system that allows giveaways. 8726 Unfortunately, this also applies to determining a 8727 valid shell. 8728 IMPORTANT: Previous versions weren't expiring old connections 8729 in the connection cache for a long time under some 8730 circumstances. This could result in resource exhaustion, 8731 both at your end and at the other end. This checks the 8732 connections for timeouts much more frequently. From 8733 Doug Anderson of NCSC. 8734 Fix a glitch that snuck in that caused programs to be run as 8735 the sender instead of the recipient if the mail was 8736 from a local user to another local user. From 8737 Motonori Nakamura of Kyoto University. 8738 Fix "wildcard" on /etc/shells matching -- instead of looking 8739 for "*", look for "/SENDMAIL/ANY/SHELL/". From 8740 Bryan Costales of ICSI. 8741 Change the method used to declare the "statfs" availability; 8742 instead of HASSTATFS and/or HASUSTAT with a ton of 8743 tweaking in conf.c, there is a single #define called 8744 SFS_TYPE which takes on one of six values (SFS_NONE 8745 for no statfs availability, SFS_USTAT for the ustat(2) 8746 syscall, SFS_4ARGS for a four argument statfs(2) call, 8747 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument 8748 statfs(2) call with the declarations in <sys/vfs.h>, 8749 <sys/mount.h>, or <sys/statfs.h> respectively). 8750 Fix glitch in NetInfo support that could return garbage if 8751 there was no "/locations/sendmail" property. From 8752 David Meyer of the University of Virginia. 8753 Change HASFLOCK from defined/not-defined to a 0/1 definition 8754 to allow Linux to turn it off even though it is a 8755 BSD-like system. 8756 Allow setting of "ident" timeout to zero to turn off the ident 8757 protocol entirely. 8758 Make 7-bit stripping local to a connection (instead of to a 8759 mailer); this allows you to specify that SMTP is a 8760 7-bit channel, but revert to 8-bit should it advertise 8761 that it supports 8BITMIME. You still have to specify 8762 mailer flag 7 to get this stripping at all. 8763 Improve makesendmail script so it handles more cases automatically. 8764 Tighten up restrictions on taking ownership of :include: files 8765 to avoid problems on systems that allow you to give away 8766 files. 8767 Fix a problem that made it impossible to rebuild the alias 8768 file if it was on a read-only file system. From 8769 Harry Edmon of the University of Washington. 8770 Improve MX randomization function. From John Gardiner Myers 8771 of CMU. 8772 Fix a minor glitch causing a bogus message to be printed (used 8773 %s instead of %d in a printf string for the line number) 8774 when a bad queue file was read. From Harry Edmon. 8775 Allow $s to remain NULL on locally generated mail. I'm not 8776 sure this is necessary, but a lot of people have complained 8777 about it, and there is a legitimate question as to whether 8778 "localhost" is legal as an 822-style domain. 8779 Fix a problem with very short line lengths (mailer L= flag) in 8780 headers. This causes a leading space to be added onto 8781 continuation lines (including in the body!), and also 8782 tries to wrap headers containing addresses (From:, To:, 8783 etc) intelligently at the shorter line lengths. Problem 8784 Reported by Lars-Johan Liman of SUNET Operations Center. 8785 Log the real user name when logging syserrs, since these can have 8786 security implications. Suggested by several people. 8787 Fix address logging of cached connections -- it used to always 8788 log the numeric address as zero. This is a somewhat 8789 bogus implementation in that it does an extra system 8790 call, but it should be an inexpensive one. Fix from 8791 Motonori Nakamura. 8792 Tighten up handling of short syslog buffers even more -- there 8793 were cases where the outgoing relay= name was too long 8794 to share a line with delay= and mailer= logging. 8795 Limit the overhead on split envelopes to one open file descriptor 8796 per envelope -- previously the overhead was three 8797 descriptors. This was in response to a problem reported 8798 by P{r (Pell) Emanuelsson. 8799 Fixes to better handle the case of unexpected connection closes; 8800 this redirects the output to the transcript so the info 8801 is not lost. From Eric Wassenaar. 8802 Fix potential string overrun if you macro evaluate a string that 8803 has a naked $ at the end. Problem noted by James Matheson 8804 <jmrm@eng.cam.ac.uk>. 8805 Make default error number on $#error messages 553 (``Requested 8806 action not taken: mailbox name not allowed'') instead of 8807 501 (``Syntax error in parameters or arguments'') to 8808 avoid bogus "protocol error" messages. 8809 Strip off any existing trailing dot on names during $[ ... $] 8810 lookup. This prevents it from ending up with two dots 8811 on the end of dot terminated names. From Wesley Craig 8812 of the University of Michigan and Bryan Costales of ICSI. 8813 Clean up file class reading so that the debugging information is 8814 more informative. It hadn't been using setclass, so you 8815 didn't see the class items being added. 8816 Avoid core dump if you are running a version of sendmail where 8817 NIS is compiled in, and you specify an NIS map, but 8818 NIS is not running. Fix from John Oleynick of 8819 Rutgers. 8820 Diagnose bizarre case where res_search returns a failure value, 8821 but sets h_errno to a success value. 8822 Make sure that "too many hops" messages are considered important 8823 enough to send an error to the Postmaster (that is, the 8824 address specified in the P option). This fix should 8825 help problems that cause the df file to be left around 8826 sometimes -- unfortunately, I can't seem to reproduce 8827 the problem myself. 8828 Avoid core dump (null pointer reference) on EXPN command; this 8829 only occurred if your log level was set to 10 or higher 8830 and the target account was an alias or had a .forward file. 8831 Problem noted by Janne Himanka. 8832 Avoid "denial of service" attacks by someone who is flooding your 8833 SMTP port with bad commands by shutting the connection 8834 after 25 bad commands are issued. From Kyle Jones of 8835 UUNET. 8836 Fix core dump on error messages with very long "to" buffers; 8837 fmtmsg overflows the message buffer. Fixed by trimming 8838 the to address to 203 characters. Problem reported by 8839 John Oleynick. 8840 Fix configuration for HASFLOCK -- there were some spots where 8841 a #ifndef was incorrectly #ifdef. Pointed out by 8842 George Baltz of the University of Maryland. 8843 Fix a typo in savemail() that could cause the error message To: 8844 lists to be incorrect in some places. From Motonori 8845 Nakamura. 8846 Fix a glitch that can cause duplicate error messages on split 8847 envelopes where an address on one of the lists has a 8848 name server failure. Fix from Voradesh Yenbut of the 8849 University of Washington. 8850 Fix possible bogus pointer reference on ESMTP parameters that 8851 don't have an ``=value'' part. 8852 CNAME loops caused an error message to be generated, but also 8853 re-queued the message. Changed to just re-queue the 8854 message (it's really hard to just bounce it because 8855 of the weird way the name server works in the presence 8856 of CNAME loops). Problem noted by James M.R.Matheson 8857 of Cambridge University. 8858 Avoid giving ``warning: foo owned process doing -bs'' messages 8859 if they use ``MAIL FROM:<foo>'' where foo is their true 8860 user name. Suggested by Andreas Stolcke of ICSI. 8861 Change the NAMED_BIND compile flag to be a 0/1 flag so you can 8862 override it easily in the Makefile -- that is, you can 8863 turn it off using -DNAMED_BIND=0. 8864 If a gethostbyname(...) of an address with a trailing dot fails, 8865 try it without the trailing dot. This is because if 8866 you have a version of gethostbyname() that falls back 8867 to NIS or the /etc/hosts file it will fail to find 8868 perfectly reasonable names that just don't happen to 8869 be dot terminated in the hosts file. You don't want to 8870 strip the dot first though because we're trying to ensure 8871 that country names that match one of your subdomains get 8872 a chance. 8873 PRALIASES: fix bogus output on non-null-terminated strings. 8874 From Bill Gianopoulos of Raytheon. 8875 CONFIG: Avoid rewriting anything that matches $w to be $j. 8876 This was in code intended to only catch the self-literal 8877 address (that is, [1.2.3.4], where 1.2.3.4 is your 8878 IP address), but the code was broken. However, it will 8879 still do this if $M is defined; this is necessary to 8880 get client configurations to work (sigh). Note that this 8881 means that $M overrides :mailname entries in the user 8882 database! Problem noted by Paul Southworth. 8883 CONFIG: Fix definition of Solaris help file location. From 8884 Steve Cliffe <steve@gorgon.cs.uow.edu.au>. 8885 CONFIG: Fix bug that broke news.group.USENET mappings. 8886 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, 8887 and USENET_MAILER_MAX to tweak the maximum message 8888 size for various mailers. 8889 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] 8890 instead of assuming that it is "inews" for consistency 8891 with other mailers. From Michael Corrigan of UC San Diego. 8892 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, 8893 qualify the address in the SMTP envelope as user@{relay|hub} 8894 instead of user@$j. From Bill Wisner of The Well. 8895 CONFIG: Fix route-addr syntax in nullrelay configuration set. 8896 CONFIG: Don't turn off case mapping of user names in the local 8897 mailer for IRIX. This was different than most every other 8898 system. 8899 CONFIG: Avoid infinite loops on certainly list:; syntaxes in 8900 envelope. Noted by Thierry Besancon 8901 <besancon@excalibur.ens.fr>. 8902 CONFIG: Don't include -z by default on uux line -- most systems 8903 don't want it set by default. Pointed out by Philippe 8904 Michel of Thomson CSF. 8905 CONFIG: Fix some bugs with mailertables -- for example, if your 8906 host name was foo.bar.ray.com and you matched against 8907 ".ray.com", the old implementation bound %1 to "bar" 8908 instead of "foo.bar". Also, allow "." in the mailertable 8909 to match anything -- essentially, take over SMART_HOST. 8910 This also moves matching of explicit local host names 8911 before the mailertable so they don't have to be special 8912 cased in the mailertable data. Reported by Bill 8913 Gianopoulos of Raytheon; the fix for the %1 binding 8914 problem was contributed by Nicholas Comanos of the 8915 University of Sydney. 8916 CONFIG: Don't include "root" in class $=L (users to deliver 8917 locally, even if a hub or relay exists) by default. 8918 This is because of the known bug where definition of 8919 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore 8920 both and deliver into the local mailbox. 8921 CONFIG: Move up bitdomain and uudomain handling so that they 8922 are done before .UUCP class matching; uudomain was 8923 reported as ineffective before. This also frees up 8924 diversion 8 for future use. Problem reported by Kimmo 8925 Suominen. 8926 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) 8927 into host names. As pointed out by Jonathan Kamens, 8928 these are often used because either the forward or reverse 8929 mapping is broken; this translation makes it broken again. 8930 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo 8931 Suominen. 8932 Portability fixes: 8933 Unicos from David L. Kensiski of Sterling Software. 8934 DomainOS from Don Lewis of Silicon Systems. 8935 GNU m4 1.0.3 from Karst Koymans of Utrecht University. 8936 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. 8937 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. 8938 BSD/386 from Tony Sanders of BSDI. 8939 Apollo from Eric Wassenaar. 8940 DGUX from Doug Anderson. 8941 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. 8942 NEW FILES: 8943 src/Makefile.DomainOS 8944 src/Makefile.PTX 8945 src/Makefile.SunOS.5.1 8946 src/Makefile.SunOS.5.2 8947 src/Makefile.SunOS.5.x 8948 src/mailq.1 8949 cf/ostype/domainos.m4 8950 doc/op/Makefile 8951 doc/intro/Makefile 8952 doc/usenix/Makefile 8953 89548.6.5/8.6.5 1994/01/13 8955 Security fix: /.forward could be owned by anyone (the test 8956 to allow root to own any file was backwards). From 8957 Bob Campbell at U.C. Berkeley. 8958 Security fix: group ids were not completely set when programs 8959 were invoked. This caused programs to have group 8960 permissions they should not have had (usually group 8961 daemon instead of their own group). In particular, 8962 Perl scripts would refuse to run. 8963 Security: check to make sure files that are written are not 8964 symbolic links (at least under some circumstances). 8965 Although this does not respond to a specific known 8966 attack, it's just a good idea. Suggested by 8967 Christian Wettergren. 8968 Security fix: if a user had an NFS mounted home directory on 8969 a system with a restricted shell listed in their 8970 /etc/passwd entry, they could still execute any 8971 program by putting that in their .forward file. 8972 This fix prevents that by insisting that their shell 8973 appear in /etc/shells before allowing a .forward to 8974 execute a program or write a file. You can disable 8975 this by putting "*" in /etc/shells. It also won't 8976 permit world-writable :include: files to reference 8977 programs or files (there's no way to disable this). 8978 These behaviors are only one level deep -- for 8979 example, it is legal for a world-writable :include: 8980 file to reference an alias that writes a file, on 8981 the assumption that the alias file is well controlled. 8982 Security fix: root was not treated suspiciously enough when 8983 looking into subdirectories. This would potentially 8984 allow a cracker to examine files that were publicly 8985 readable but in a non-publicly searchable directory. 8986 Fix a problem that causes an error on QUIT on a cached 8987 connection to create problems on the current job. 8988 These are typically unrelated, so errors occur in 8989 the wrong place. 8990 Reset CurrentLA in sendall() -- this makes sendmail queue 8991 runs more responsive to load average, and fixes a 8992 problem that ignored the load average in locally 8993 generated mail. From Eric Wassenaar. 8994 Fix possible core dump on aliases with null LHS. From 8995 John Orthoefer of BB&N. 8996 Revert to using flock() whenever possible -- there are just 8997 too many bugs in fcntl() locking, particularly over 8998 NFS, that cause sendmail to fail in perverse ways. 8999 Fix a bug that causes the connection cache to get confused 9000 when sending error messages. This resulted in 9001 "unexpected close" messages. It should fix itself 9002 on the following queue run. Problem noted by 9003 Liudvikas Bukys of the University of Rochester. 9004 Include $k in $=k as documented in the Install & Op Guide. 9005 This seems odd, but it was documented.... From 9006 Michael Corrigan of UCSD. 9007 Fix problem that caused :include:s from alias files to be 9008 forced to be owned by root instead of daemon 9009 (actually DefUid). From Tim Irvin. 9010 Diagnose unrecognized I option values -- from Mortin Forssen 9011 of the Chalmers University of Technology. 9012 Make "error" mailer work consistently when there is no error 9013 code associated with it -- previously it returned OK 9014 even though there was a real problem. Now it assumes 9015 EX_UNAVAILABLE. 9016 Fix bug that caused the last header line of messages that had 9017 no body and which were terminated with EOF instead of 9018 "." to be discarded. Problem noted by Liudvikas Bukys. 9019 Fix core dump on SMTP mail to programs that failed -- it tried 9020 to go to a "next MX host" when none existed, causing 9021 a core dump. From der Mouse at McGill University. 9022 Change IDENTPROTO from a defined/not defined to a 0/1 switch; 9023 this makes it easier to turn it off (using 9024 -DIDENTPROTO=0 in the Makefile). From der Mouse. 9025 Fix YP_MASTER_NAME store to use the unupdated result of 9026 gethostname() (instead of myhostname(), which tries 9027 to fully qualify the name) to be consistent with 9028 SunOS. If your hostname is unqualified, this fixes 9029 transfers to slave servers. Bug noted by Keith 9030 McMillan of Ameritech Services, Inc. 9031 Fix Ultrix problem: gethostbyname() can return a very large 9032 (> 500) h_length field, which causes the sockaddr 9033 to be trashed. Use the size of the sockaddr instead. 9034 Fix from Bob Manson of Ohio State. 9035 Don't assume "-a." on host lookups if NAMED_BIND is not 9036 defined -- this confuses gethostbyname on hosts 9037 file lookups, which doesn't understand the trailing 9038 dot convention. 9039 Log SMTP server subprocesses that die with a signal instead 9040 of from a clean exit. 9041 If you don't have option "I" set, don't assume that a DNS 9042 "host unknown" message is authoritative -- it 9043 might still be found in /etc/hosts. 9044 Fix a problem that would cause Deferred: messages to be sent 9045 as the subject of an error message, even though the 9046 actual cause of a message was more severe than that. 9047 Problem noted by Chris Seabrook of OSSI. 9048 Fix race condition in DBM alias file locking. From Kyle 9049 Jones of UUNET. 9050 Limit delivery syslog line length to avoid bugs in some 9051 versions of syslog(3). This adds a new compile time 9052 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton 9053 University, which is in turn derived from IDA. 9054 Fix quotes inside of comments in addresses -- previously 9055 it insisted that they be balanced, but the 822 spec 9056 says that they should be ignored. 9057 Dump open file state to syslog upon receiving SIGUSR1 (for 9058 debugging). This also evaluates ruleset 89, if set 9059 (with the null input), and logs the result. This 9060 should be used sparingly, since the rewrite process 9061 is not reentrant. 9062 Change -qI, -qR, and -qS flags to be case-insensitive as 9063 documented in the Bat Book. 9064 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not 9065 return an error message and did not requeue the message. 9066 Fix based on code from Roland Dirlewanger of 9067 Reseau Regional Aquarel, Bordeaux, France. 9068 Fix a problem that caused a seg fault if you got a 421 error 9069 code during some parts of connection initialization. 9070 I've only seen this when talking to buggy mailers on 9071 the other end, but it shouldn't give a seg fault in 9072 any case. From Amir Plivatsky. 9073 Fix core dump caused by a ruleset call that returns null. 9074 Fix from Bryan Costales of ICSI. 9075 Full-Name: field was being ignored. Fix from Motonori Nakamura 9076 of Kyoto University. 9077 Fix a possible problem with very long input lines in setproctitle. 9078 From P{r Emanuelsson. 9079 Avoid putting "This is a warning message" out on return receipts. 9080 Suggested by Douglas Anderson. 9081 Detect loops caused by recursive ruleset calls. Suggested by 9082 Bryan Costales. 9083 Initialize non-alias maps during alias rebuilds -- they may be 9084 needed for parsing. Problem noted by Douglas Anderson. 9085 Log sender address even if no message was collected in SMTP 9086 (e.g., if all RCPTs failed). Suggested by Motonori 9087 Nakamura. 9088 Don't reflect the owner-list contents into the envelope sender 9089 address if the value contains ", :, /, or | (to avoid 9090 illegal addresses appearing there). 9091 Efficiency hack for toktype macro -- from Craig Partridge of 9092 BB&N. 9093 Clean up DNS error printing so that a host name is always 9094 included. 9095 Remember to set $i during queue runs. Reported by Stephen 9096 Campbell of Dartmouth University. 9097 If the environment variable HOSTALIASES is set, use it during 9098 canonification as the name of a file with per-user host 9099 translations so that headers are properly mapped. Reported 9100 by Anne Bennett of Concordia University. 9101 Avoid printing misleading error message if SMTP mailer (not 9102 using [IPC]) should die on a core dump. 9103 Avoid incorrect diagnosis of "file 1 closed" when it is caused 9104 by the other end closing the connection. From 9105 Dave Morrison of Oracle. 9106 Improve several of the error messages printed by "mailq" 9107 to include a host name or other useful information. 9108 Add NetInfo preliminary support for NeXT systems. From Vince 9109 DeMarco. 9110 Fix a glitch that sometimes caused :include:s that pointed to 9111 NFS filesystems that were down to give an "aliasing/ 9112 forwarding loop broken" message instead of queueing 9113 the message for retry. Noted by William C Fenner of 9114 the NRL Connection Machine Facility. 9115 Fix a problem that could cause a core dump if the input sequence 9116 had (or somehow acquired) a \231 character. 9117 Make sure that route-addrs always have <angle brackets> around 9118 them in non-SMTP envelopes (SMTP envelopes already do 9119 this properly). 9120 Avoid weird headers on unbalanced punctuation of the form: 9121 ``Joe User <user)'' -- this caused reference to the 9122 null macro. Fix from Rick McCarty of IO.COM. 9123 Fix a problem that caused an alias "user: user@local.host" to 9124 not have the QNOTREMOTE bit set; this caused configs 9125 to act as if FEATURE(notsticky) was defined even when 9126 it was not. The effect of the problem was to make it 9127 very hard to to set up satellite sites that had a few 9128 local accounts, with everything else forwarded to a 9129 corporate hub. Reported by Detlef Drewanz of the 9130 University of Rostock and Mark Frost of NCD. 9131 Change queuing to not call rulesets 3, {1 or 2}, 4 on header 9132 addresses. This is more efficient (fewer name server 9133 calls) and fixes certain unusual configurations, such 9134 as those that have ruleset 4 do something that is 9135 non-idempotent unless a mailer-specific ruleset did 9136 something else. Problem reported by Brian J. Coan 9137 of the Institute for Global Communications. 9138 Fix the "obsolete argument" routine in main to better understand 9139 new arguments. For example, if you used ``sendmail 9140 -C config -v -q'' it would choke on the -q because 9141 the -C would stop looking for old-format arguments. 9142 Fix the code that was intended to allow two users to forward their 9143 mail to the same program and have them appear unique. 9144 Portability fixes for: 9145 SCO UNIX from Murray Kucherawy. 9146 SCO Open Server 3.2v4 from Philippe Brand. 9147 System V Release 4 from Rick Ellis and others. 9148 OSF/1 from Steve Campbell. 9149 DG/UX from Ben Mesander of the USGS and Bryan Curnutt 9150 of Stoner Associates. 9151 Motorola SysV88 from Kevin Johnson of Motorola. 9152 Solaris 2.3 from Casper H.S. Dik of the University 9153 of Amsterdam and John Caruso of University 9154 of Maryland. 9155 FreeBSD from Ollivier Robert. 9156 NetBSD from Adam Glass. 9157 TitanOS from Kate Hedstrom of Rutgers University. 9158 Irix from Bryan Curnutt. 9159 Dynix from Jim Davis of the University of Arizona. 9160 RISC/os. 9161 Linux from John Kennedy of California State University 9162 at Chico. 9163 Solaris 2.x from Tony Boner of the U.S. Air Force. 9164 NEXTSTEP 3.x from Vince DeMarco. 9165 HP-UX from various people. NOTA BENE: the location 9166 of the config file has moved to /usr/lib 9167 to match the HP-UX version of sendmail. 9168 CONFIG: Don't do any recipient rewriting on relay mailer; 9169 since this is intended only for internal use, the 9170 usual RFC 821/822/1123 rules can be relaxed. The 9171 main point of this is to avoid munging (ugh) UUCP 9172 addresses when relaying internally. 9173 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; 9174 syntax addresses delivered via UUCP. Solution 9175 provided by Peter Wemm. 9176 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset 9177 zero; it caused double @ signs in addresses. From 9178 Irving Reid of the University of Toronto. 9179 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 9180 from Markku Toijala of ICL Personal Systems Oy. 9181 CONFIG: Add trailing "." on pseudo-domains for consistency; 9182 this fixes a problem (noted by Al Whaley of Sunnyside) 9183 that made it hard to recognize your own pseudodomain 9184 names. 9185 CONFIG: catch "@host" syntax errors (i.e., null local-parts) 9186 rather than letting them get "local configuration 9187 error"s. Problem noted by John Gardiner Myers. 9188 CONFIG: add uucp-uudom mailer variant, based on code posted 9189 by Spider Boardman <spider@Orb.Nashua.NH.US>; this 9190 has uucp-dom semantics but old UUCP syntax. This 9191 also permits "uucp-old" as an alias for "uucp" and 9192 "uucp-new" as a synonym for "suucp" for consistency. 9193 CONFIG: add POP mailer support (from Kimmo Suominen 9194 <kim@grendel.lut.fi>). 9195 CONFIG: drop CSNET_RELAY support -- CSNET is long gone. 9196 CONFIG: fix bug caused with domain literal addresses (e.g., 9197 ``[128.32.131.12]'') when FEATURE(allmasquerade) 9198 was set; it would get an additional @masquerade.host 9199 added to the address. Problem noted by Peter Wan 9200 of Georgia Tech. 9201 CONFIG: make sure that the local UUCP name is in $=w. From 9202 Jim Murray of Stratus. 9203 CONFIG: changes to UUCP rewriting to simulate IDA-style "V" 9204 mailer flag. Briefly, if you are sending to host 9205 "foo", then it rewrites "foo!...!baz" to "...!baz", 9206 "foo!baz" remains "foo!baz", and anything else has 9207 the local name prepended. 9208 CONFIG: portability fixes for HP-UX. 9209 DOC: several minor problems fixed in the Install & Op Guide. 9210 MAKEMAP: fix core dump problem on lines that are too long or 9211 which lack newline. From Mark Delany. 9212 MAILSTATS: print sums of columns (total messages & kbytes 9213 in and out of the system). From Tom Ferrin of UC 9214 San Francisco Computer Graphics Lab. 9215 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: 9216 On HP-UX, /etc/sendmail.cf has been moved to 9217 /usr/lib/sendmail.cf to match HP sendmail. 9218 Permissions have been tightened up on world-writable 9219 :include: files and accounts that have shells 9220 that are not listed in /etc/shells. This may 9221 cause some .forward files that have worked 9222 before to start failing. 9223 SIGUSR1 dumps some state to the log. 9224 NEW FILES: 9225 src/Makefile.DGUX 9226 src/Makefile.Dynix 9227 src/Makefile.FreeBSD 9228 src/Makefile.Mach386 9229 src/Makefile.NetBSD 9230 src/Makefile.RISCos 9231 src/Makefile.SCO 9232 src/Makefile.SVR4 9233 src/Makefile.Titan 9234 cf/mailer/pop.m4 9235 cf/ostype/bsdi1.0.m4 9236 cf/ostype/dgux.m4 9237 cf/ostype/dynix3.2.m4 9238 cf/ostype/sco3.2.m4 9239 makemap/Makefile.dist 9240 praliases/Makefile.dist 9241 92428.6.4/8.6.4 1993/10/31 9243 Repair core-dump problem (write to read-only memory segment) 9244 if you fall back to the return-to-Postmaster case in 9245 savemail. Problem reported by Richard Liu. 9246 Immediately diagnose bogus sender addresses in SMTP. This 9247 makes quite certain that crackers can't use this 9248 class of attack. 9249 Reliability Fix: check return value from fclose() and fsync() 9250 in a few critical places. 9251 Minor problem in initsys() that reversed a condition for 9252 redirecting the output channel on queue runs. It's 9253 not clear this code even does anything. From Eric 9254 Wassenaar of the Dutch National Institute for Nuclear 9255 and High-Energy Physics. 9256 Fix some problems that caused queue runs to do "too much work", 9257 such as double-reading the Errors-To: header. From 9258 Eric Wassenaar. 9259 Error messages on writing the temporary file (including the 9260 data file) were getting suppressed in SMTP -- this 9261 fix causes them to be properly reported. From Eric 9262 Wassenaar. 9263 Some changes to support AF_UNIX sockets -- this will only 9264 really become relevant in the next release, but some 9265 people need it for local patches. From Michael 9266 Corrigan of UC San Diego. 9267 Use dynamically allocated memory (instead of static buffers) 9268 for macros defined in initsys() and settime(); since 9269 these can have different values depending on which 9270 envelope they are in. From Eric Wassenaar. 9271 Improve logging to show ctladdr on to= logging; this tells you 9272 what uid/gid processes ran as. 9273 Fix a problem that caused error messages to be discarded if 9274 the sender address was unparseable for some reason; 9275 this was supposed to fall back to the "return to 9276 postmaster" case. 9277 Improve aliaswait backoff algorithm. 9278 Portability patches for Linux (8.6.3 required another header 9279 file) (from Karl London) and SCO UNIX. 9280 CONFIG: patch prog mailer to not strip host name off of envelope 9281 addresses (so that it matches local again). From 9282 Christopher Davis. 9283 CONFIG: change uucp-dom mailer so that "<>" translates to $n; 9284 this prevents uux from seeing lines with null names like 9285 ``From Sat Oct 30 14:55:31 1993''. From Motonori 9286 Nakamura of Kyoto University. 9287 CONFIG: handle <list:;> syntax correctly. This isn't legal, but 9288 it shouldn't fail miserably. From Motonori Nakamura. 9289 92908.6.2/8.6.2 1993/10/15 9291 Put a "successful delivery" message in the transcript for 9292 addresses that get return-receipts. 9293 Put a prominent "this is only a warning" message in warning 9294 messages -- some people don't read carefully enough 9295 and end up sending the message several times. 9296 Include reason for temporary failure in the "warning" return 9297 message. Currently, it just says "cannot send for 9298 four hours". 9299 Fix the "Original message received" time generated for 9300 returntosender messages. It was previously listed as 9301 the current time. Bug reported by Eric Hagberg of 9302 Cornell University Medical College. 9303 If there is an error when writing the body of a message, 9304 don't send the trailing dot and wait for a response 9305 in sender SMTP, as this could cause the connection to 9306 hang up under some bizarre circumstances. From Eric 9307 Wassenaar. 9308 Fix some server SMTP synchronization problems caused when 9309 connections fail during message collection. From 9310 Eric Wassenaar. 9311 Fix a problem that can cause srvrsmtp to reject mail if the 9312 name server is down -- it accepts the RCPT but rejects 9313 the DATA command. Problem reported by Jim Murray of 9314 Stratus. 9315 Fix a problem that can cause core dumps if the config file 9316 incorrectly resolves to a null hostname. Reported by 9317 Allan Johannesen of WPI. 9318 Non-root use of -C flag, dangerous -f flags, and use of -oQ 9319 by non-root users were not put into 9320 X-Authentication-Warning:s as intended because the 9321 config file hadn't set the PrivacyOptions yet. Fix 9322 from Sven-Ove Westberg of the University of Lulea. 9323 Under very odd circumstances, the alias file rebuild code 9324 could get confused as to whether a database was 9325 open or not. 9326 Check "vendor code" on the end of V lines -- this is 9327 intended to provide a hook for vendor-specific 9328 configuration syntax. (This is a "new feature", 9329 but I've made an exception to my rule in a belief 9330 that this is a highly exceptional case.) 9331 Portability fixes for DG/UX (from Douglas Anderson of NCSC), 9332 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 9333 (from Jon Forrest of UC Berkeley) 9334 CONFIG: fix ``mailer:host'' form of UUCP relay naming. 9335 93368.6.1/8.6 1993/10/08 9337 Portability fixes for A/UX and Encore UMAX V. 9338 Fix error message handling -- if you had a name server down 9339 causing an error during parsing, that message was never 9340 propagated to the queue file. 9341 93428.6/8.6 1993/10/05 9343 Configuration cleanup: make it easier to undo IDENTPROTO in 9344 conf.h (other systems have the same bug). 9345 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume 9346 getdtablesize() instead of sysconf(); a disturbingly 9347 large number of systems defined _SC_OPEN_MAX in the 9348 header files but don't have the syscall. 9349 Another patch to really truly ignore MX records in getcanonname 9350 if trymx == FALSE. 9351 Fix problem that caused the "250 IAA25499 Message accepted for 9352 delivery" message to be omitted if there was an error 9353 in the header of the message (e.g., a bad Errors-To: 9354 line). Pointed out by Michael Corrigan of UCSD. 9355 Announce name of host we are chatting when we get errors; this 9356 is an IDA-ism suggested by Christophe Wolfhugel. 9357 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the 9358 Australian Artificial Intelligence Institute), SCO Unix 9359 (from Murray Kucherawy of Hookup Communication Corp.), 9360 NeXT (from Vince DeMarco and myself), Linux (from 9361 Karl London <karl@borg.demon.co.uk>), BSDI (from 9362 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo 9363 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. 9364 Some changes to get around gcc optimizer bugs. From Takahiro 9365 Kanbe. 9366 Fix error recovery in queueup if another tf file of the same 9367 name already exists. Problem stumbled over by Bill 9368 Wisner of The Well. 9369 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. 9370 Problem noted by Keith McMillan of Ameritech Services. 9371 Deal with group permissions properly when opening .forward and 9372 :include: files. This relaxes the 8.1C restrictions 9373 slightly more. This includes proper setting of groups 9374 when reading :include: files, allowing you to read some 9375 files that you should be able to read but have previously 9376 been denied unless you owned them or they had "other" 9377 read permission. 9378 Make certain that $j is in $=w (after the .cf is read) so that 9379 if the user is forced to override some silly system, 9380 MX suppression will still work. 9381 Fix a couple of efficiency problems where newstr was double- 9382 calling expensive routines. In at least one case, it 9383 wasn't guaranteed that they would always return the 9384 same result. Problem noted by Christophe Wolfhugel. 9385 Fix null pointer dereference in putoutmsg -- only on an error 9386 condition from a non-SMTP mailer. From Motonori 9387 Nakamura. 9388 Macro expand "C" line class definitions before scanning so that 9389 "CX $Z" works. 9390 Fix problem that caused error message to be sent while still 9391 trying to send the original message if the connection 9392 is closed during a DATA command after getting an error 9393 on an RCPT command (pretty obscure). Problem reported 9394 by John Myers of CMU. 9395 Fix reply to NOOP to be 250 instead of 200 -- this is a long 9396 term bug. 9397 Fix a nasty bug causing core dumps when returning the "warning: 9398 cannot deliver for N hours -- will keep trying" message; 9399 it only occurred if you had PostmasterCopy set and 9400 only on some architectures. Although sendmail would 9401 keep trying, it would send error messages on each 9402 queue interval. This is an important fix. 9403 Allow u and g options to take user and group names respectively. 9404 Don't do a chdir into the queue directory in -bt mode to make 9405 ruleset testing a bit easier. 9406 Don't allow users to turn off logging (using -oL) on the command 9407 line -- command line can only raise, not lower, logging 9408 level. 9409 Set $u to the original recipient on the SMTP transaction or on 9410 the command line. This is only done if there is exactly 9411 one recipient. Technically, this does not meet the 9412 specs, because it does not guarantee a domain on the 9413 address. 9414 Fix a problem that dumped error messages on bad addresses if 9415 you used the -t flag. Problem noted by Josh Smith of 9416 Harvey Mudd College. 9417 Given an address such as ``<foo> <bar>'', auto-quote the first 9418 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to 9419 avoid the problem of people who use angle brackets in 9420 their full name information. 9421 Fix a null pointer dereference if you set option "l", have 9422 an Errors-To: header in the message, and have Errors-To: 9423 defined in the config file H lines. From J.R. Oldroyd. 9424 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get 9425 wrong when compiling. Suggested by Rick McCarty of TI. 9426 Fix a problem that could pass negative SIZE parameter if the 9427 df file got lost; this would cause servers to always 9428 give a temporary failure, making the problem even worse. 9429 Problem noted by Allan Johannesen of WPI. 9430 Add "ident" timeout (one of the "r" option selectors) for IDENT 9431 protocol timeouts (30s default). Requested by Murray 9432 Kucherawy of HookUp Communication Corp. to handle bogus 9433 PC TCP/IP implementations. 9434 Change $w default definition to be just the first component of 9435 the domain name on config level 5. The $j macro defaults 9436 to the FQDN; $m remains as before. This lets well-behaved 9437 config files use any of the short, long, or subdomain 9438 names. 9439 Add makesendmail script in src to try to automate multi-architecture 9440 builds. I know, this is sub-optimal, but it is still 9441 helpful. 9442 Fix very obscure race condition that can cause a queue run to 9443 get a queue file for an already completed job. This 9444 problem has existed for years. Problem noted by the 9445 long suffering Allan Johannesen of WPI. 9446 Fix a problem that caused the raw sender name to be passed to 9447 udbsender instead of the canonified name -- this caused 9448 it to sometimes miss records that it should have found. 9449 Relax check of name on HELO packet so that a program using -bs 9450 that claims to be itself works properly. 9451 Restore rewriting of $: part of address through 2, R, 4 in 9452 buildaddr -- this requires passing a lot of flags to get 9453 it right. Unlike old versions, this ONLY rewrites 9454 recipient addresses, not sender addresses. 9455 Fix a bug that caused core dumps in config files that cannot 9456 resolve /file/name style addresses. Fix from Jonathan 9457 Kamens of OpenVision Technologies. 9458 Fix problem with fcntl locking that can cause error returns to 9459 be lost if the lock is lost; this required fully 9460 queueing everything, dropping the envelope (so errors 9461 would get returned), and then re-reading the queue from 9462 scratch. 9463 Fix a problem that caused aliases that redefine an otherwise 9464 true address to still send to the original address 9465 if and only if the alias failed in certain bizarre 9466 ways (e.g, if they pointed at a list:; syntax address). 9467 Problem pointed out by Jonathan Kamens. 9468 Remove support for frozen configuration files. They caused 9469 more trouble than it was worth. 9470 Fix problem that can cause error messages to get ignored when 9471 using both -odb and -t flags. Problem noted by Rob 9472 McNicholas at U.C. Berkeley. 9473 Include all "normal" variations on hostname in $=w. For example, 9474 if the host name is vangogh.cs.berkeley.edu, $=w will 9475 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. 9476 Add "restrictqrun" privacy flag -- without this, anyone can run 9477 the queue. 9478 Reset SmtpPhase global on initial connection creation so that 9479 messages don't come out with stale information. 9480 Pass an "ext" argument to lockfile so that error/log messages 9481 will properly reflect the true filename being locked. 9482 Put all [...] address forms into $=w -- this eliminates the need 9483 for MAXIPADDR in conf.h. Suggested by John Gardiner 9484 Myers of CMU. 9485 Fix a bug that can cause qf files to be left around even after 9486 an SMTP RSET command. Problem and fix from Michael 9487 Corrigan. 9488 Don't send a PostmasterCopy to errors when the Precedence: is 9489 negative. Error reports still go to the envelope 9490 sender address. 9491 Add LA_SHORT for load averages. 9492 Lock sendmail.st file when posting statistics. 9493 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to 9494 set the size of the TCP send and receive buffers; if you 9495 run over a slow slip line you may need to set these down 9496 (although it would be better to fix the SLIP implementation 9497 so that it's not necessary to recompile every program 9498 that does bulk data transfer). 9499 Allow null defaults on $( ... $) lookups. Problem reported by 9500 Amir Plivatsky. 9501 Diagnose crufty S and V config lines. This resulted from an 9502 observation that some people were using the SITE macro 9503 without the SITECONFIG macro first, which was causing 9504 bogus config files that were not caught. 9505 Fix makemap -f flag to turn off case folding (it was turning it 9506 on instead). THIS IS A USER VISIBLE CHANGE!!! 9507 Fix a problem that caused multiple error messages to be sent if 9508 you used "sendmail -t -oem -odb", your system uses fcntl 9509 locking, and one of the recipient addresses is unknown. 9510 Reset uid earlier in include() so that recursive .forwards or 9511 :include:s don't use the wrong uid. 9512 If file descriptor 0, 1, or 2 was closed when sendmail was 9513 called, the code to recover the descriptor was broken. 9514 This sometimes (only sometimes) caused problems with the 9515 alias file. Fix from Motonori Nakamura. 9516 Fix a problem that caused aliaswait to go into infinite recursion 9517 if the @:@ metasymbol wasn't found in the alias file. 9518 Improve error message on newaliases if database files cannot be 9519 opened or if running with no database format defined. 9520 Do a better estimation of the size of error messages when NoReturn 9521 is set. Problem noted by P{r (Pell) Emanuelsson. 9522 Fix a problem causing the "c" option (don't connect to expensive 9523 mailers) to be ignored in SMTP. Problem noted and the 9524 solution suggested by Robert Elz of The University of 9525 Melbourne. 9526 Improve connection caching algorithm by passing "[host]" to 9527 hostsignature, which strips the square brackets and 9528 returns the real name. This allows mailertable entries 9529 to match regular entries. 9530 Re-enable Return-Receipt-To: -- people seem to want this stupid 9531 feature, even if it doesn't work right. 9532 Catch and log attempts to try the "wiz" command in server SMTP. 9533 This also ups the log level from LOG_NOTICE to LOG_CRIT. 9534 Be more generous at assigning $z to the home directory -- do this 9535 for programs that are specified through a .forward file. 9536 Fix from Andrew Chang of Sun Microsystems. 9537 Always save a fatal error message in preference to a non-fatal 9538 error message so that the "subject" line of return 9539 messages is the best possible. 9540 CONFIG: reduce the number of quotes needed to quote configuration 9541 parameters with commas: two quotes should work now, e.g., 9542 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). 9543 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom 9544 connections (domain-ized UUCP). 9545 CONFIG: fix bug in default maps (-o must be before database file 9546 name). Pointed out by Christophe Wolfhugel. 9547 CONFIG: add FEATURE(nodns) to state that we are not relying on 9548 DNS. This would presumably be used in UUCP islands. 9549 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). 9550 CONFIG: log $u in Received: line. This is in technical violation 9551 of the standards, since it doesn't guarantee a domain 9552 on the address. 9553 CONFIG: don't assume "m" in local mailer flags -- this means that 9554 if you redefine LOCAL_MAILER_FLAGS you will have to include 9555 the "m" flag should you want it. Apparently some Solaris 2.2 9556 installations can't handle multiple local recipients. 9557 Problem noted by Josh Smith. 9558 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). 9559 CONFIG: change default version level from 4 to 5. 9560 CONFIG: add FEATURE(nullclient) to create a config file that 9561 forwards all mail to a hub without ever looking at the 9562 addresses in any detail. 9563 CONFIG: properly strip mailer: information off of relays when 9564 used to change .BITNET form into %-hack form. 9565 CONFIG: fix a problem that caused infinite loops if presented 9566 with an address such as "!foo". 9567 CONFIG: check for self literal (e.g., [128.32.131.12]) even if 9568 the reverse "PTR" mapping is broken. There's a better 9569 way to do this, but the change is fairly major and I 9570 want to hold it for another release. Problem noted by 9571 Bret Marquis. 9572 95738.5/8.5 1993/07/23 9574 Serious bug: if you used a command line recipient that was unknown 9575 sendmail would not send a return message (it was treating 9576 everything as though it had an SMTP-style client that 9577 would do the return itself). Problem noted by Josh Smith. 9578 Change "trymx" option in getcanonname() to ignore all MX data, 9579 even during a T_ANY query. This actually didn't break 9580 anything, because the only time you called getcanonname 9581 with !trymx was if you already knew there were no MX 9582 records, but it is somewhat cleaner. From Motonori 9583 Nakamura. 9584 Don't call getcanonname from getmxrr if you already know there 9585 are no DNS records matching the name. 9586 Fix a problem causing error messages to always include "The 9587 original message was received ... from localhost". 9588 The correct original host information is now included. 9589 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their 9590 version of "test" doesn't have the -x flag). Change it 9591 to use -f instead. From John Myers. 9592 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to 9593 esmtp -- it should be smtp. 9594 CONFIG: send all relayed mail using confRELAY_MAILER (defaults 9595 to "relay" (a variant of "smtp") if MAILER(smtp) is used, 9596 else "suucp" if MAILER(uucp) is used, else "unknown"); 9597 this cleans up the configs somewhat. This fixes a serious 9598 problem that caused route-addrs to get mistaken as relays, 9599 pointed out by John Myers. WARNING: this also causes 9600 the default on SMART_HOST to change from "suucp" to 9601 "relay" if you have MAILER(smtp) specified. 9602 96038.4/8.4 1993/07/22 9604 Add option `w'. If you receive a message that comes to you because 9605 you are the best (lowest preference) target of an MX, and 9606 you haven't explicitly recognized the source MX host in 9607 your .cf file, this option will cause you to try the target 9608 host directly (as if there were no MX for it at all). If 9609 `w' is not set, this case is a configuration error. 9610 Beware: if `w' is set, senders may get bogus errors like 9611 "message timed out" or "host unknown" for problems that 9612 are really configuration errors. This option is 9613 disrecommended, provided only for compatibility with 9614 UIUC sendmail. 9615 Fix a problem that caused the incoming socket to be left open 9616 when sendmail forks after the DATA command. This caused 9617 calling systems to wait in FIN_WAIT_2 state until the 9618 entire list was processed and the child closed -- a 9619 potentially prodigious amount of time. Problem noted 9620 by Neil Rickert. 9621 Fix problem (created in 6.64) that caused mail sent to multiple 9622 addresses, one of which was a bad address, to completely 9623 suppress the sending of the message. This changes 9624 handling of EF_FATALERRS somewhat, and adds an 9625 EF_GLOBALERRS flag. This also fixes a potential problem 9626 with duplicate error messages if there is a syntax error 9627 in the header of a message that isn't noticed until late 9628 in processing. Original problem pointed out by Josh Smith 9629 of Harvey Mudd College. This release includes quite a bit 9630 of dickering with error handling (see below). 9631 Back out SMTP transaction if MAIL gets nested 501 error. This 9632 will only hurt already-broken software and should help 9633 humans. 9634 Fix a problem that broke aliases when neither NDBM nor NEWDB were 9635 compiled in. It would never read the alias file. 9636 Repair unbalanced `)' and `>' (the "open" versions are already 9637 repaired). 9638 Logging of "done" in dropenvelope() was incorrect: it would 9639 log this even when the queue file still existed. Change 9640 this to only log "done" (at log level 11) when the 9641 queue file is actually removed. From John Myers. 9642 Log "lost connection" in server SMTP at log level 20 if there 9643 is no pending transaction. Some senders just close the 9644 connection rather than sending QUIT. 9645 Fix a bug causing getmxrr to add a dot to the end of unqualified 9646 domains that do not have MX records -- this would cause 9647 the subsequent host name lookup to fail. The problem 9648 only occurred if you had FEATURE(nocanonify) set. 9649 Problem noted by Rick McCarty of Texas Instruments. 9650 Fix invocation of setvbuf when passed a -X flag -- I had 9651 unwittingly used an ANSI C extension, and this caused 9652 core dumps on some machines. 9653 Diagnose self-destructive alias loops on RCPT as well as EXPN. 9654 Previously it just gave an empty send queue, which 9655 then gave either "Need RCPT (recipient)" at the DATA 9656 (confusing, since you had given an RCPT command which 9657 returned 250) or just dropped the email, depending on 9658 whether you were running VERBose mode. Now it usually 9659 diagnoses this case as "aliasing/forwarding loop broken". 9660 Unfortunately, it still doesn't adequately diagnose 9661 some true error conditions. 9662 Add internal concept of "warning messages" using 6xx codes. 9663 These are not reported only to Postmaster. Unbalanced 9664 parens, brackets, and quotes are printed as 653 codes. 9665 They are always mapped to 5xx codes before use in SMTP. 9666 Clean up error messages to tell both the actual address that 9667 failed and the alias they arose from. This makes it 9668 somewhat easier to diagnose problems. Difficulty noted 9669 by Motonori Nakamura. 9670 Fix a problem that inappropriately added a ctladdr to addresses 9671 that shouldn't have had one during a queue run. This 9672 caused error messages to be handled differently during 9673 a queue run than a direct run. 9674 Don't print the qf name and line number if you get errors during 9675 the direct run of the queue from srvrsmtp -- this was 9676 just extra stuff for users to crawl through. 9677 Put command line flags on second line of pid file so you can 9678 auto-restart the daemon with all appropriate arguments. 9679 Use "kill `head -1 /etc/sendmail.pid`" to stop the 9680 daemon, and "eval `tail -1 /etc/sendmail.pid`" to 9681 restart it. 9682 Remove the ``setuid(getuid())'' in main -- this caused the 9683 IDENT daemon to screw up. This required that I change 9684 HASSETEUID to HASSETREUID and complicate the mode 9685 changing somewhat because both Ultrix and SunOS seem 9686 to have a bug causing seteuid() to set the saved uid 9687 as well as the effective. The program test/t_setreuid.c 9688 will test to see if your implementation of setreuid(2) 9689 is appropriately functional. 9690 The FallBackMX (option V) handling failed to properly identify 9691 fallback to yourself -- most of the code was there, 9692 but it wasn't being enabled. Problem noted by Murray 9693 Kucherawy of the University of Waterloo. 9694 Change :include: open timeout from ETIMEDOUT to an internal 9695 code EOPENTIMEOUT; this avoids adding "during SmtpPhase 9696 with CurHostName" in error messages, which can be 9697 confusing. Reported by Jonathan Kamens of OpenVision 9698 Technologies. 9699 Back out setpgrp (setpgid on POSIX systems) call to reset the 9700 process group id. The original fix was to get around 9701 some problems with recalcitrant MUAs, but it breaks 9702 any call from a shell that creates a process group id 9703 different from the process id. I could try to fix 9704 this by diddling the tty owner (using tcsetpgrp or 9705 equivalent) but this is too likely to break other 9706 things. 9707 Portability changes: 9708 Support -M as equivalent to -oM on Ultrix -- apparently 9709 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs 9710 instead of using standard flags. Oh joy. This 9711 behavior reported by Jon Giltner of University 9712 of Colorado. 9713 SGI IRIX -- this includes several changes that should 9714 help other strict ANSI compilers. 9715 SCO Unix -- from Murray Kucherawy of HookUp Communication 9716 Corporation. 9717 Solaris running the Sun C compiler (which despite the 9718 documentation apparently doesn't define 9719 __STDC__ by default). 9720 ConvexOS from Eric Schnoebelen of Convex. 9721 Sony NEWS workstations and Omron LUNA workstations from 9722 Motonori Nakamura. 9723 CONFIG: add confTRY_NULL_MX_LIST to set option `w'. 9724 CONFIG: delete `C' and `e' from default SMTP mailers flags; 9725 several people have made a good argument that this 9726 creates more problems than it solves (although this 9727 may prove painful in the short run). 9728 CONFIG: generalize all the relays to accept a "mailer:host" 9729 format. 9730 CONFIG: move local processing in ruleset 0 into a new ruleset 9731 98 (8 on old sendmail). Domain literal [a.b.c.d] 9732 addresses are also passed through this ruleset. 9733 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, 9734 internet-style addresses would "fall off the end" of 9735 ruleset zero and be interpreted as local -- however, 9736 the angle brackets confused the recursive call. 9737 These are now diagnosed as "Unrecognized host name". 9738 CONFIG: USENET rules weren't included in S0 because of a mistaken 9739 ifdef(`_MAILER_USENET_') instead of 9740 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik 9741 of SINTEF RUNIT, Oslo. 9742 CONFIG: move up LOCAL_RULE_0 processing so that it happens very 9743 early in ruleset 0; this allows .mc authors to bypass 9744 things like the "short circuit" code for local addresses. 9745 Prompted by a comment by Bill Wisner of The Well. 9746 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or 9747 esmtp) to send SMTP mail. This allows you to default 9748 to esmtp but use a mailertable or other override to 9749 deal with broken servers. This logic was pointed out 9750 to me by Bill Wisner. Ditto for confLOCAL_MAILER. 9751 Changes to cf/sh/makeinfo.sh to make it portable to SVR4 9752 environments. Ugly as sin. 9753 97548.3/8.3 1993/07/13 9755 Fix setuid problems introduced in 8.2 that caused messages 9756 like "Cannot create qfXXXXXX: Invalid argument" 9757 or "Cannot reopen dfXXXXXX: Permission denied". This 9758 involved a new compile flag "HASSETEUID" that takes 9759 the place of the old _POSIX_SAVED_IDS -- it turns out 9760 that the POSIX interface is broken enough to break 9761 some systems badly. This includes some fixes for 9762 HP-UX. Also fixes problems where the real uid is 9763 not reset properly on startup (from Neil Rickert). 9764 Fix a problem that caused timed out messages to not report the 9765 addresses that timed out. Error messages are also more 9766 "user friendly". 9767 Drop required bandwidth on connections from 64 bytes/sec to 9768 16 bytes/sec. 9769 Further Solaris portability changes -- doesn't require the BSD 9770 compatibility library. This also adds a new 9771 "HASGETDTABLESIZE" compile flag which can be used if 9772 you want to use getdtablesize(2) instead of sysconf(2). 9773 These are loosely based on changes from David Meyer at 9774 University of Oregon. This now seems to work, at least 9775 for quick test cases. 9776 Fix a problem that can cause duplicate error messages to be 9777 sent if you are in SMTP, you send to multiple addresses, 9778 and at least one of those addresses is good and points 9779 to an account that has a .forward file (whew!). 9780 Fix a problem causing messages to be discarded if checkcompat() 9781 returned EX_TEMPFAIL (because it didn't properly mark 9782 the "to" address). Problem noted by John Myers. 9783 Fix dfopen to return NULL if the open failed; I was depending 9784 on fdopen(-1) returning NULL, which isn't the case. This 9785 isn't serious, but does result in weird error diagnoses. 9786 From Michael Corrigan. 9787 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of 9788 messages sent through UUCP-family mailers. Suggested 9789 by Bill Wisner of The Well. 9790 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, 9791 include a "uucp-dom" mailer that uses domain-style 9792 addressing. Suggested by Bill Wisner. 9793 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match 9794 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by 9795 Christophe Wolfhugel. 9796 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 9797 97988.2/8.2 1993/07/11 9799 Don't drop out on config file parse errors in -bt mode. 9800 On older configuration files, assume option "l" (use Errors-To 9801 header) for back compatibility. NOTE: this DOES NOT 9802 imply an endorsement of the Errors-To: header in any way. 9803 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? 9804 Don't log errors on EHLO -- it isn't a "real" error for an old 9805 SMTP server to give an error on this command, and 9806 logging it in the transcript can be confusing. Fix 9807 from Bill Wisner. 9808 IRIX compatibility changes provided by Dan Rich 9809 <drich@sandman.lerc.nasa.gov>. 9810 Solaris 2 compatibility changes. Provided by Bob Cunningham 9811 <bob@kahala.soest.hawaii.edu>, John Oleynick 9812 <juo@klinzhai.rutgers.edu> 9813 Debugging: -d17 was overloaded (hostsignature and usersmtp.c); 9814 move usersmtp (smtpinit and smtpmailfrom) to -d18 to 9815 match the other flags in that file. 9816 Flush transcript before fork in mailfile(). From Eric Wassenaar. 9817 Save h_errno in mci struct and improve error message display. 9818 Changes from Eric Wassenaar. 9819 Open /dev/null for the transcript if the create of the xf file 9820 failed; this avoids at least one possible null pointer 9821 reference in very weird cases. From Eric Wassenaar. 9822 Clean up statistics gathering; it was over-reporting because of 9823 forks. From Eric Wassenaar. 9824 Fix problem that causes old Return-Path: line to override new 9825 Return-Path: line (conf.c needs H_FORCE to avoid 9826 re-using old value). From Motonori Nakamura. 9827 Fix broken -m flag in K definition -- even if -m (match only) 9828 was specified, it would still replace the key with the 9829 value. Noted by Rick McCarty of Texas Instruments. 9830 If the name server timed out over several days, no "timed out" 9831 message would ever be sent back. The timeout code 9832 has been moved from markfailure() to dropenvelope() 9833 so that all such failures should be diagnosed. Pointed 9834 out by Christophe Wolfhugel and others. 9835 Relax safefile() constraints: directories in an include or 9836 forward path must be readable by self if the controlling 9837 user owns the entry, readable by all otherwise (e.g., 9838 when reading your .forward file, you have to own and 9839 have X permission in it; everyone needs X permission in 9840 the root and directories leading up to your home); 9841 include files must be readable by anyone, but need not 9842 be owned by you. 9843 If _POSIX_SAVED_IDS is defined, setuid to the owner before 9844 reading a .forward file; this gets around some problems 9845 on NFS mounts if root permission is not exported and 9846 the user's home directory isn't x'able. 9847 Additional NeXT portability enhancements from Axel Zinser. 9848 Additional HP-UX portability enhancements from Brian Bullen. 9849 Add a timeout around SMTP message writes; this assumes you can 9850 get throughput of at least 64 bytes/second. Note that 9851 this does not impact the "datafinal" default, which 9852 is separate; this is just intended to work around 9853 network clogs that will occur before the final dot 9854 is sent. From Eric Wassenaar. 9855 Change map code to set the "include null" flag adaptively -- 9856 it initially tries both, but if it finds anything 9857 matching without a null it never tries again with a 9858 null and vice versa. If -N is specified, it never 9859 tries without the null and creates new maps with a 9860 null byte. If -O is specified, it never tries with 9861 the null (for efficiency). If -N and -O are specified, 9862 you get -NO (get it?) lookup at all, so this would 9863 be a bad idea. If you don't specify either -N or -O, 9864 it adapts. 9865 Fix recognition of "same from address" so that MH submissions 9866 will insert the appropriate full name information; 9867 this used to work and got broken somewhere along the 9868 way. 9869 Some changes to eliminate some unnecessary SYSERRs in the 9870 log. For example, if you lost a connection, don't 9871 bother reporting that fact on the connection you lost. 9872 Add some "extended debugging" flags to try to track down 9873 why we get occasional problems with file descriptor 9874 one being closed when execing a mailer; it seems to 9875 only happen when there has been another error in the 9876 same transaction. This requires XDEBUG, defined 9877 by default in conf.h. 9878 Add "-X filename" command line flag, which logs both sides of 9879 all SMTP transactions. This is intended ONLY for 9880 debugging bad implementations of other mailers; start 9881 it up, send a message from a mailer that is failing, 9882 and then kill it off and examine the indicated log. 9883 This output is not intended to be particularly human 9884 readable. This also adds the HASSETVBUF compile 9885 flag, defaulted on if your compiler defines __STDC__. 9886 CONFIG: change SMART_HOST to override an SMTP mailer. If you 9887 have a local net that should get direct connects, you 9888 will need to use LOCAL_NET_CONFIG to catch these hosts. 9889 See cf/README for an example. 9890 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle 9891 sites that don't use the -d flag. 9892 CONFIG: hide recipient addresses as well as sender addresses 9893 behind $M if FEATURE(allmasquerade) is specified; this 9894 has been requested by several people, but can break 9895 local aliases. For example, if you mail to "localalias" 9896 this will be rewritten as "localalias@masqueradehost"; 9897 although initial delivery will work, replies will be 9898 broken. Use it sparingly. 9899 CONFIG: add FEATURE(domaintable). This maps unqualified domains 9900 to qualified domains in headers. I believe this is 9901 largely equivalent to the IDA feature of the same name. 9902 CONFIG: use $U as UUCP name instead of $k. This permits you 9903 to override the "system name" as your UUCP name -- 9904 in particular, to use domain-ized UUCP names. From 9905 Bill Wisner of The Well. 9906 CONFIG: create new mailer "esmtp" that always tries EHLO 9907 first. This is currently unused in the config files, 9908 but could be used in a mailertable entry. 9909 99108.1C/8.1B 1993/06/27 9911 Serious security bug fix: it was possible to read any file on 9912 the system, regardless of ownership and permissions. 9913 If a subroutine returns a fully qualified address, return it 9914 immediately instead of feeding it back into rewriting. 9915 This fixes a problem with mailertable lookups. 9916 CONFIG: fix some M4 frotz (concat => CONCAT) 9917 99188.1B/8.1A 1993/06/12 9919 Serious bug fix: pattern matching backup algorithm stepped by 9920 two tokens in classes instead of one. Found by Claus 9921 Assmann at University of Kiel, Germany. 9922 99238.1A/8.1A 1993/06/08 9924 Another mailertable fix.... 9925 99268.1/8.1 1993/06/07 9927 4.4BSD freeze. No semantic changes. 9928