RELEASE_NOTES revision 42575
1 SENDMAIL RELEASE NOTES 2 @(#)RELEASE_NOTES 8.9.2.4 (Berkeley) 12/29/1998 3 4 5This listing shows the version of the sendmail binary, the version 6of the sendmail configuration files, the date of release, and a 7summary of the changes in that release. 8 98.9.2/8.9.2 98/12/30 10 SECURITY: Remove five second sleep on accepting daemon connections 11 due to an accept() failure. This sleep could be used 12 for a denial of service attack. 13 Do not silently ignore queue files with names which are too long. 14 Patch from Bryan Costales of InfoBeat, Inc. 15 Do not store failures closing an SMTP session in persistent 16 host status. Reported by Graeme Hewson of Oracle 17 Corporation UK. 18 Allow symbolic link forward files if they are in safe directories. 19 Problem noted by Andreas Schott of the Max Planck Society. 20 Missing columns in a text map could cause a segmentation fault. 21 Fix from David Lee of the University of Durham. 22 Note that for 8.9.X, PrivacyFlags=goaway also includes the 23 noetrn flag. This is scheduled to change in a future 24 version of sendmail. Problem noted by Theo Van Dinter of 25 Chrysalis Symbolic Designa and Alan Brown of Manawatu 26 Internet Services. 27 When trying to do host canonification in a Wildcard MX 28 environment, try an MX lookup of the hostname without the 29 default domain appended. Problem noted by Olaf Seibert of 30 Polderland Language & Speech Technology. 31 Reject SMTP RCPT To: commands with only comments (i.e. 32 'RCPT TO: (comment)'. Problem noted by Earle Ake of 33 Hassler Communication Systems Technology, Inc. 34 Handle any number of %s in the LDAP filter spec. Patch from 35 Per Hedeland of Ericsson. 36 Clear ldapx open timeouts even if the map open failed to prevent 37 a segmentation fault. Patch from Wayne Knowles of the 38 National Institute of Water & Atmospheric Research Ltd. 39 Do not syslog envelope clone messages when using address 40 verification (-bv). Problem noted by Kari Hurtta of the 41 Finnish Meteorological Institute. 42 Continue to perform queue runs while in daemon mode even if the 43 daemon is rejecting connections due to a disk full 44 condition. Problem noted by JR Oldroyd of TerraNet 45 Internet Services. 46 Include full filename on installation of the sendmail.hf file 47 in case the $HFDIR directory does not exist. Problem 48 noted by Josef Svitak of Montana State University. 49 Close all maps when exiting the process with one exception. 50 Berkeley DB can use internal shared memory locking for 51 its memory pool. Closing a map opened by another process 52 will interfere with the shared memory and locks of the 53 parent process leaving things in a bad state. For 54 Berkeley DB, only close the map if the current process 55 is also the one that opened the map, otherwise only close 56 the map file descriptor. Thanks to Yoseff Francus of 57 Collective Technologies for volunteering his system for 58 extended testing. 59 Avoid null pointer dereference on XDEBUG output for SMTP reply 60 failures. Problem noted by Carlos Canau of EUnet Portugal. 61 On mailq and hoststat listings being piped to another program, such 62 as more, if the pipe closes (i.e. the user quits more), 63 stop sending output and exit. Patch from Allan E Johannesen 64 of Worcester Polytechnic Institute. 65 In accordance with the documentation, LDAP map lookup failures 66 are now considered temporary failures instead of permanent 67 failures unless the -t flag is used in the map definition. 68 Problem noted by Booker Bense of Stanford University and 69 Eric C. Hagberg of Morgan Stanley. 70 Fix by one error reporting on long alias names. Problem noted by 71 H. Paul Hammann of the Missouri Research and Education 72 Network. 73 Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem 74 noted by Barry S. Finkel of Argonne National Laboratory. 75 When automatically converting from 8 bit to quoted printable MIME, 76 be careful not to miss a multi-part boundary if that 77 boundary is preceded by a boundary-like line. Problem 78 noted by Andreas Raschle of Ansid Inc. Fix from 79 Kari Hurtta of the Finnish Meteorological Institute. 80 Avoid bogus reporting of "LMTP tobuf overflow" when the buffer 81 has enough space for the additional address. Problem 82 noted by Steve Cliffe of the University of Wollongong. 83 Fix DontBlameSendmail=FileDeliveryToSymlinks behavior. Problem 84 noted by Alex Vorobiev of Swarthmore College. 85 If the check_compat ruleset resolves to the $#discard mailer, 86 discard the current recipient. Unlike check_relay, 87 check_mail, and check_rcpt, the entire envelope is not 88 discarded. Problem noted by RZ D. Rahlfs. Fix from 89 Claus Assmann of Christian-Albrechts-University of Kiel. 90 Avoid segmentation fault when reading ServiceSwitch files with 91 bogus formatting. Patch from Kari Hurtta of the Finnish 92 Meteorological Institute. 93 Support Berkeley DB 2.6.4 API change. 94 OP.ME: Pages weren't properly output on duplexed printers. Fix 95 from Matthew Black of CSU Long Beach. 96 Portability: 97 Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc. 98 Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase 99 option structure. Problem noted by Ashley M. 100 Kirchner of Photo Craft Laboratories, Inc. 101 Break out IP address to hostname translation for 102 reading network interface addresses into 103 class 'w'. Patch from John Kennedy of 104 Cal State University, Chico. 105 AIX 4.x use -qstrict with -O3 to prevent the optimized 106 from changing the semantics of the compiled 107 program. From Simon Travaglia of the 108 University of Waikato, New Zealand. 109 FreeBSD 2.2.2 and later support setusercontext(). From 110 Peter Wemm of DIALix. 111 FreeBSD 3.x fix from Peter Wemm of DIALix. 112 IRIX 5.x has a syslog buffer size of 512 bytes. From 113 Nao NINOMIYA of Utsunomiya University. 114 IRIX 6.5 64-bit Build support. 115 LDAP Version 3 support from John Beck and Ravi Iyer 116 of Sun Microsystems. 117 Linux does not implement seteuid() properly. From 118 John Kennedy of Cal State University, Chico. 119 Linux timezone type was set improperly. From Takeshi Itoh 120 of Bits Co., Ltd. 121 NCR MP-RAS 3.x needs -lresolv for confLIBS. From 122 Tom J. Moore of NCR. 123 NeXT 4.x correction to man page path. From J. P. McCann 124 of E I A. 125 System V Rel 5.x (a.k.a Unixware7 w/o BSD-Compatibility Libs) 126 from Paul Gampe of the Asia Pacific Network 127 Information Center. 128 ULTRIX now requires an optimization limit of 970 from 129 Allan E Johannesen of Worcester Polytechnic 130 Institute. 131 Fix extern declaration for sm_dopr(). Fix from Henk 132 van Oers of Algemeen Nederlands Persbureau. 133 CONFIG: Catch @hostname,user@anotherhost.domain as relaying. 134 Problem noted by Mark Rogov of AirMedia, Inc. Fix from 135 Claus Assmann of Christian-Albrechts-University of Kiel. 136 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as 137 there are multiple RBL's available and the MAPS RBL may 138 not be the one in use. Suggested by Alan Brown of 139 Manawatu Internet Services. 140 CONFIG: Properly strip route addresses (i.e. @host1:user@host2) 141 when stripping down a recipient address to check for 142 relaying. Patch from Claus Assmann of 143 Christian-Albrechts-University of Kiel and Neil W Rickert 144 of Northern Illinois University. 145 CONFIG: Allow the access database to override RBL lookups. Patch 146 from Claus Assmann of Christian-Albrechts-University of 147 Kiel. 148 CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch 149 Dot Com. 150 CONFIG: Fixed check for deferred delivery mode warning. Patch 151 from Claus Assmann of Christian-Albrechts-University of 152 Kiel and Per Hedeland of Ericsson. 153 CONFIG: If a recipient using % addressing is used, e.g. 154 user%site@othersite, and othersite's MX records are now 155 checked for local hosts if FEATURE(relay_based_on_MX) is 156 used. Problem noted by Alexander Litvin of Lucky Net Ltd. 157 Patch from Alexander Litvin of Lucky Net Ltd and 158 Claus Assmann of Christian-Albrechts-University of Kiel. 159 MAIL.LOCAL: Prevent warning messages from appearing in the LMTP 160 stream. Do not allow more than one response per recipient. 161 MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix 162 from John Beck of Sun Microsystems. 163 MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from 164 John Beck of Sun Microsystems. 165 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in 166 the envelope From header. 167 MAIL.LOCAL: Accept underscores in hostnames in LMTP mode. 168 Problem noted by Glenn A. Malling of Syracuse University. 169 MAILSTATS: Document msgsrej and msgsdis fields in the man page. 170 Problem noted by Richard Wong of Princeton University. 171 MAKEMAP: Build group list so group writable files are allowed with 172 the -s flag. Problem noted by Curt Sampson of Internet 173 Portal Services, Inc. 174 PRALIASES: Automatically handle alias files created without the 175 NULL byte at the end of the key. Patch from John Beck of 176 Sun Microsystems. 177 PRALIASES: Support Berkeley DB 2.6.4 API change. 178 New Files: 179 BuildTools/OS/IRIX64.6.5 180 BuildTools/OS/UnixWare.5.i386 181 cf/cf/unixware7.m4 182 contrib/smcontrol.pl 183 src/control.c 184 1858.9.1/8.9.1 98/07/02 186 If both an OS specific site configuration file and a generic 187 site.config.m4 file existed, only the latter was used 188 instead of both. Problem noted by Geir Johannessen of 189 the Norwegian University of Science and Technology. 190 Fix segmentation fault while converting 8 bit to 7 bit MIME 191 multipart messages by trying to write to an unopened 192 file descriptor. Fix from Kari Hurtta of the Finnish 193 Meteorological Institute. 194 Do not assume Message: and Text: headers indicate the end of 195 the header area when parsing MIME headers. Problem noted 196 by Kari Hurtta of the Finnish Meteorological Institute. 197 Setting the confMAN#SRC Build variable would only effect the 198 installation commands. The man pages would still be 199 built with .0 extensions. Problem noted by Bryan 200 Costales of InfoBeat, Inc. 201 Installation of manual pages didn't honor the DESTDIR environment 202 variable. Problem noted by Bryan Costales of InfoBeat, Inc. 203 If the check_relay ruleset resolved to the discard mailer, messages 204 were still delivered. Problem noted by Mirek Luc of NASK. 205 Mail delivery to files would fail with an Operating System Error 206 if sendmail was not running as root, i.e. RunAsUser was set. 207 Problem noted by Leonard N. Zubkoff of Dandelion Digital. 208 Prevent MinQueueAge from interfering from queued items created 209 in the future, i.e. if the system clock was set ahead 210 and then back. Problem noted by Michael Miller of the 211 University of Natal, Pietermaritzburg. 212 Do not advertise ETRN support in ESTMP EHLO reply if noetrn is 213 set in the PrivacyFlags option. Fix from Ted Rule of 214 Flextech TV. 215 Log invalid persistent host status file lines instead of 216 bouncing the message. Problem noted by David Lindes of 217 DaveLtd Enterprises. 218 Move creation of empty sendmail.st file from installation to 219 compilation. Installation may be done from a read-only 220 mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric 221 Anderson of the Oasis Research Center, Inc. 222 Enforce the maximum number of User Database entries limit. Problem 223 noted by Gary Buchanan of Credence Systems Inc. 224 Allow dead.letter files in root's home directory. Problem noted 225 by Anna Ullman of Sun Microsystems. 226 Program deliveries in forward files could be marked unsafe if 227 any directory listed in the ForwardPath option did not 228 exist. Problem noted by Jorg Bielak of Coastal Web Online. 229 Do not trust the length of the address structure returned by 230 gethostbyname(). Problem noted by Chris Evans of Oxford 231 University. 232 If the SIZE= MAIL From: ESMTP parameter is too large, use the 233 5.3.4 DSN status code instead of 5.2.2. Similarly, for 234 non-local deliveries, if the message is larger than the 235 mailer maximum message size, use 5.3.4 instead of 5.2.3. 236 Suggested by Antony Bowesman of 237 Fujitsu/TeaWARE Mail/MIME System. 238 Portability: 239 Fix the check for an IP address reverse lookup for 240 use in $&{client_name} on 64 bit platforms. 241 From Gilles Gallot of Institut for Development 242 and Resources in Intensive Scientific computing. 243 BSD-OS uses .0 for man page extensions. From Jeff Polk 244 of BSDI. 245 DomainOS detection for Build. Also, version 10.4 and later 246 ship a unistd.h. Fixes from Takanobu Ishimura of 247 PICT Inc. 248 NeXT 4.x uses /usr/lib/man/cat for its man pages. From 249 J. P. McCann of E I A. 250 SCO 4.X and 5.X include NDBM support. From Vlado Potisk 251 of TEMPEST, Ltd. 252 CONFIG: Do not pass spoofed PTR results through resolver for 253 qualification. Problem noted by Michiel Boland of 254 Digital Valley Internet Professionals; fix from 255 Kari Hurtta of the Finnish Meteorological Institute. 256 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP, 257 BITNET, and DECNET addresses for resolvable senders. 258 Problem noted by Alexander Litvin of Lucky Net Ltd. 259 CONFIG: Work around Sun's broken configuration which sends bounce 260 messages as coming from @@hostname instead of <>. LMTP 261 would not accept @@hostname. 262 OP.ME: Corrections to complex sendmail startup script from Rick 263 Troxel of the National Institutes of Health. 264 RMAIL: Do not install rmail by default, require 'make force-install' 265 as this rmail isn't the same as others. Suggested by 266 Kari Hurtta of the Finnish Meteorological Institute. 267 New Files: 268 BuildTools/OS/DomainOS.10.4 269 2708.9.0/8.9.0 98/05/19 271 SECURITY: To prevent users from reading files not normally 272 readable, sendmail will no longer open forward, :include:, 273 class, ErrorHeader, or HelpFile files located in unsafe 274 (i.e. group or world writable) directory paths. Sites 275 which need the ability to override security can use the 276 DontBlameSendmail option. See the README file for more 277 information. 278 SECURITY: Problems can occur on poorly managed systems, specifically, 279 if maps or alias files are in world writable directories. 280 This fixes the change added to 8.8.6 to prevent links in these 281 world writable directories. 282 SECURITY: Make sure ServiceSwitchFile option file is not a link if 283 it is in a world writable directory. 284 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the 285 tty it may be able to push bytes back to the senders input. 286 Unfortunately this breaks -v mode. Problem noted by 287 Wietse Venema of the Global Security Analysis Lab at 288 IBM T.J. Watson Research. 289 SECURITY: Empty group list if DontInitGroups is set to true to 290 prevent program deliveries from picking up extra group 291 privileges. Problem reported by Wolfgang Ley of DFN-CERT. 292 SECURITY: The default value for DefaultUser is now set to the uid and 293 gid of the first existing user mailnull, sendmail, or daemon 294 that has a non-zero uid. If none of these exist, sendmail 295 reverts back to the old behavior of using uid 1 and gid 1. 296 This is a security problem for Linux which has chosen that 297 uid and gid for user bin instead of daemon. If DefaultUser 298 is set in the configuration file, that value overrides this 299 default. 300 SECURITY: Since 8.8.7, the check for non-setuid binaries 301 interfered with setting an alternate group id for the 302 RunAsUser option. Problem noted by Randall Winchester of 303 the University of Maryland. 304 Add support for Berkeley DB 2.X. Based on patch from John Kennedy 305 of Cal State University, Chico. 306 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users 307 which previously defined OLD_NEWDB=1 must now upgrade to the 308 current version of Berkeley DB. 309 Added support for regular expressions using the new map class regex. 310 From Jan Krueger of Unix-AG of University of Hannover. 311 Support for BIND 8.1.1's hesiod for hesiod maps and hesiod 312 UserDatabases from Randall Winchester of the University 313 of Maryland. 314 Allow any shell for user shell on program deliveries on V1 315 configurations for backwards compatibility on machines which 316 do not have getusershell(). Fix from John Beck of Sun 317 Microsystems. 318 On operating systems which change the process title by reusing the 319 argument vector memory, sendmail could corrupt memory if the 320 last argument was either "-q" or "-d". Problem noted by 321 Frank Langbein of the University of Stuttgart. 322 Support Local Mail Transfer Protocol (LMTP) between sendmail and 323 mail.local on the F=z flag. 324 Macro-expand the contents of the ErrMsgFile. Previously this was 325 only done if you had magic characters (0x81) to indicate 326 macro expansion. Now $x will be expanded. This means that 327 real dollar signs have to be backslash escaped. 328 TCP Wrappers expects "unknown" in the hostname argument if the 329 reverse DNS lookup for the incoming connection fails. 330 Problem noted by Randy Grimshaw of Syracuse University and 331 Wietse Venema of the Global Security Analysis Lab at 332 IBM T.J. Watson Research. 333 DSN success bounces generated from an invocation of sendmail -t 334 would be sent to both the sender and MAILER-DAEMON. 335 Problem noted by Claus Assmann of 336 Christian-Albrechts-University of Kiel. 337 Avoid "Error 0" messages on delivery mailers which exit with a 338 valid exit value such as EX_NOPERM. Fix from Andreas Luik 339 of ISA Informationssysteme GmbH. 340 Tokenize $&x expansions on right hand side of rules. This eliminates 341 the need to use tricks like $(dequote "" $&{client_name} $) 342 to cause the ${client_name} macro to be properly tokenized. 343 Add the MaxRecipientsPerMessage option: this limits the number of 344 recipients that will be accepted in a single SMTP 345 transaction. After this number is reached, sendmail 346 starts returning "452 Too many recipients" to all RCPT 347 commands. This can be used to limit the number of recipients 348 per envelope (in particular, to discourage use of the server 349 for spamming). Note: a better approach is to restrict 350 relaying entirely. 351 Fixed pointer initialization for LDAP lmap struct, fixed -s option 352 to ldapx map and added timeout for ldap_open call to 353 avoid hanging sendmail in the event of hung LDAP servers. 354 Patch from Booker Bense of Stanford University. 355 Allow multiple -qI, -qR, or -qS queue run limiters. For example, 356 '-qRfoo -qRbar' would deliver mail to recipients with foo or 357 bar in their address. Patch from Allan E Johannesen of 358 Worcester Polytechnic Institute. 359 The bestmx map will now return a list of the MX servers for a host if 360 passed a column delimiter via the -z map flag. This can be 361 used to check if the server is an MX server for the recipient 362 of a message. This can be used to help prevent relaying. 363 Patch from Mitchell Blank Jr of Exec-PC. 364 Mark failures for the *file* mailer and return bounce messages to the 365 sender for those failures. 366 Prevent bogus syslog timestamps on errors in sendmail.cf by 367 preserving the TZ environment variable until TimeZoneSpec 368 has been determined. Problem noted by Ralf Hildebrandt of 369 Technical University of Braunschweig. Patch from Per Hedeland 370 of Ericsson. 371 Print test input in address test mode when input is not from the tty 372 when the -v flag is given (i.e. sendmail -bt -v) to make 373 output easier to decipher. Problem noted by Aidan Nichol 374 of Procter & Gamble. 375 The LDAP map -s flag was not properly parsed and the error message 376 given included the remainder of the arguments instead of 377 solely the argument in error. Problem noted by Aidan Nichol 378 of Procter & Gamble. 379 New DontBlameSendmail option. This option allows administrators to 380 bypass some of sendmail's file security checks at the expense 381 of system security. This should only be used if you are 382 absolutely sure you know the consequences. The available 383 DontBlameSendmail options are: 384 Safe 385 AssumeSafeChown 386 ClassFileInUnsafeDirPath 387 ErrorHeaderInUnsafeDirPath 388 GroupWritableDirPathSafe 389 GroupWritableForwardFileSafe 390 GroupWritableIncludeFileSafe 391 GroupWritableAliasFile 392 HelpFileinUnsafeDirPath 393 WorldWritableAliasFile 394 ForwardFileInGroupWritableDirPath 395 IncludeFileInGroupWritableDirPath 396 ForwardFileInUnsafeDirPath 397 IncludeFileInUnsafeDirPath 398 ForwardFileInUnsafeDirPathSafe 399 IncludeFileInUnsafeDirPathSafe 400 MapInUnsafeDirPath 401 LinkedAliasFileInWritableDir 402 LinkedClassFileInWritableDir 403 LinkedForwardFileInWritableDir 404 LinkedIncludeFileInWritableDir 405 LinkedMapInWritableDir 406 LinkedServiceSwitchFileInWritableDir 407 FileDeliveryToHardLink 408 FileDeliveryToSymLink 409 WriteMapToHardLink 410 WriteMapToSymLink 411 WriteStatsToHardLink 412 WriteStatsToSymLink 413 RunProgramInUnsafeDirPath 414 RunWritableProgram 415 New DontProbeInterfaces option to turn off the inclusion of all the 416 interface names in $=w on startup. In particular, if you 417 have lots of virtual interfaces, this option will speed up 418 startup. However, unless you make other arrangements, mail 419 sent to those addresses will be bounced. 420 Automatically create alias databases if they don't exist and 421 AutoRebuildAliases is set. 422 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command. 423 Suggested by Christophe Wolfhugel of the Institut Pasteur. 424 Add PrivacyOptions=noverb flag to disable the SMTP VERB command. 425 When determining the client host name ($&{client_name} macro), do 426 a forward (A) DNS lookup on the result of the PTR lookup 427 and compare results. If they differ or if the PTR lookup 428 fails, &{client_name} will contain the IP address 429 surrounded by square brackets (e.g. [127.0.0.1]). 430 New map flag: -Tx appends "x" to lookups that return temporary failure 431 (i.e, it is like -ax for the temporary failure case, in 432 contrast to the success case). 433 New syntax to do limited checking of header syntax. A config line 434 of the form: 435 HHeader: $>Ruleset 436 causes the indicated Ruleset to be invoked on the Header 437 when read. This ruleset works like the check_* rulesets -- 438 that is, it can reject mail on the basis of the contents. 439 Limit the size of the HELO/EHLO parameter to prevent spammers 440 from hiding their connection information in Received: 441 headers. 442 When SingleThreadDelivery is active, deliveries to locked hosts 443 are skipped. This will cause the delivering process to 444 try the next MX host or queue the message if no other MX 445 hosts are available. Suggested by Alexander Litvin. 446 The [FILE] mailer type now delivers to the file specified in the 447 A= equate of the mailer definition instead of $u. It also 448 obeys all of the F= mailer flags such as the MIME 449 7/8 bit conversion flags. This is useful for defining 450 a mailer which delivers to the same file regardless of the 451 recipient (e.g. 'A=FILE /dev/null' to discard unwanted mail). 452 Do not assume the identity of a remote connection is root@localhost 453 if the remote connection closes the socket before the 454 remote identity can be queried. 455 Change semantics of the F=S mailer flag back to 8.7.5 behavior. 456 Some mailers, including procmail, require that the real 457 uid is left unchanged by sendmail. Problem noted by Per 458 Hedeland of Ericsson. 459 No longer is the src/obj*/Makefile selected from a large list -- it 460 is now generated using the information in BuildTools/OS/ -- 461 some of the details are determined dynamically via 462 BuildTools/bin/configure.sh. 463 The other programs in the sendmail distribution -- mail.local, 464 mailstats, makemap, praliases, rmail, and smrsh -- now use 465 the new Build method which creates an operating system 466 specific Makefile using the information in BuildTools. 467 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e., 468 a failure on one message won't affect future messages to the 469 same host). This is necessary if the remote host sends 470 a 451 error if the domain of the sender does not resolve 471 as is common in anti-spam configurations. Problem noted 472 by Mitchell Blank Jr of Exec-PC. 473 New "discard" mailer for check_* rulesets and header checking 474 rulesets. If one of the above rulesets resolves to the 475 $#discard mailer, the commands will be accepted but the 476 message will be completely discarded after it is accepting. 477 This means that even if only one of the recipients 478 resolves to the $#discard mailer, none of the recipients 479 will receive the mail. Suggested by Brian Kantor. 480 All but the last cloned envelope of a split envelope were queued 481 instead of being delivered. Problem noted by John Caruso 482 of CNET: The Computer Network. 483 Fix deadlock situation in persistent host status file locking. 484 Syslog an error if a user forward file could not be read due to 485 an error. Patch from John Beck of Sun Microsystems. 486 Use the first name returned on machine lookups when canonifying a 487 hostname via NetInfo. Patch from Timm Wetzel of GWDG. 488 Clear the $&{client_addr}, $&{client_name}, and $&{client_port} 489 macros when delivering a bounce message to prevent 490 rejection by a check_compat ruleset which uses these macros. 491 Problem noted by Jens Hamisch of AgiX Internetservices GmbH. 492 If the check_relay ruleset resolves to the the error mailer, the 493 error in the $: portion of the resolved triplet is used 494 in the rejection message given to the remote machine. 495 Suggested by Scott Gifford of The Internet Ramp. 496 Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros 497 before calling the check_relay ruleset. Suggested by Scott 498 Gifford of The Internet Ramp. 499 Sendmail would get a segmentation fault if a mailer exited with an 500 exit code of 79. Problem noted by Aaron Schrab of ExecPC 501 Internet. Fix from Christophe Wolfhugel of the Pasteur 502 Institute. 503 Separate snprintf/vsnprintf routines into separate file for use by 504 mail.local. 505 Allow multiple map lookups on right hand side, e.g., 506 R$* $( host $1 $) $| $( passwd $1 $). Patch from 507 Christophe Wolfhugel of the Pasteur Institute. 508 Properly generate success DSN messages if requested for aliases 509 which have owner- aliases. Problem noted by Kari Hurtta 510 of the Finnish Meteorological Institute. 511 Properly display delayed-expansion macros ($&{macroname}) in 512 address test mode (-bt). Problem noted by Bryan Costales 513 of InfoBeat, Inc. 514 -qR could sometimes match names incorrectly. Problem noted by 515 Lutz Euler of Lavielle EDV Systemberatung GmbH & Co. 516 Include a magic number and version in the StatusFile for the 517 mailstats command. 518 Record the number of rejected and discarded messages in the 519 StatusFile for display by the mailstats command. Patch 520 from Randall Winchester of the University of Maryland. 521 IDENT returns where the OSTYPE field equals "OTHER" now list the 522 user portion as IDENT:username@site instead of 523 username@site to differentiate the two. Suggested by 524 Kari Hurtta of the Finnish Meteorological Institute. 525 Enforce timeout for LDAP queries. Patch from Per Hedeland of 526 Ericsson. 527 Change persistent host status filename substitution so '/' is 528 replaced by ':' instead of '|' to avoid clashes. Also 529 avoid clashes with hostnames with leading dots. Fix from 530 Mitchell Blank Jr. of Exec-PC. 531 If the system lock table is full, only attempt to create a new 532 queue entry five times before giving up. Previously, it 533 was attempted indefinitely which could cause the partition 534 to run out of inodes. Problem noted by Suzie Weigand of 535 Stratus Computer, Inc. 536 In verbose mode, warn if the sendmail.cf version is less than the 537 currently supported version. 538 Sorting for QueueSortOrder=host is now case insensitive. Patch 539 from Randall S. Winchester of the University of Maryland. 540 Properly quote a full name passed via the -F command line option, 541 the Full-Name: header, or the NAME environment variable if 542 it contains characters which must be quoted. Problem noted 543 by Kari Hurtta of the Finnish Meteorological Institute. 544 Avoid possible race condition that unlocked a mail job before 545 releasing the transcript file on systems that use flock(2). 546 In some cases, this might result in a "Transcript Unavailable" 547 message in error bounces. 548 Accept SMTP replies which contain only a reply code and no 549 accompanying text. Problem noted by Fernando Fraticelli of 550 Digital Equipment Corporation. 551 Portability: 552 AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura 553 of Kyoto University. 554 AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from 555 Randall S. Winchester of the University of 556 Maryland. 557 AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS. 558 CRAY T3E from Manu Mahonen of Center for Scientific Computing 559 in Finland. 560 Digital UNIX now uses statvfs for determining free 561 disk space. Patch from Randall S. Winchester of 562 the University of Maryland. 563 HP-UX 11.x from Richard Allen of Opin Kerfi HF and 564 Regis McEwen of Progress Software Corporation. 565 IRIX 64 bit fixes from Kari Hurtta of the Finnish 566 Meteorological Institute. 567 IRIX 6.2 configuration fix for mail.local from Michael Kyle 568 of CIC/Advanced Computing Laboratory. 569 IRIX 6.5 from Thomas H Jones II of SGI. 570 IRIX 6.X load average code from Bob Mende of SGI. 571 QNX from Glen McCready <glen@qnx.com>. 572 SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links 573 to sendmail. Install with group bin instead of kmem 574 as kmem does not exist. From Guillermo Freige of 575 Gobernacion de la Pcia de Buenos Aires and Paul 576 Fischer of BTG, Inc. 577 SunOS 4.X does not include memmove(). Patch from 578 Per Hedeland of Ericsson. 579 SunOS 5.7 includes getloadavg() function for determining 580 load average. Patch from John Beck of Sun 581 Microsystems. 582 CONFIG: Increment version number of config file. 583 CONFIG: add DATABASE_MAP_TYPE to set the default type of database 584 map for the various maps. The default is hash. Patch from 585 Robert Harker of Harker Systems. 586 CONFIG: new confEBINDIR m4 variable for defining the executable 587 directory for certain programs. 588 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for 589 local mail delivery. By the default, /usr/libexec/mail.local 590 is used. This is expected to be the mail.local shipped 591 with 8.9 which is LMTP capable. The path is based on the 592 new confEBINDIR m4 variable. 593 CONFIG: Use confEBINDIR in determining path to smrsh for 594 FEATURE(smrsh). Note that this changes the default from 595 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the 596 old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh). 597 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to 598 include $z/.forward.$w+$h and $z/.forward+$h which allow 599 the user to setup different .forward files for 600 user+detail addressing. 601 CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES, 602 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage, 603 DontProbeInterfaces, and DontBlameSendmail options. 604 CONFIG: by default do not allow relaying (that is, accepting mail 605 from outside your domain and sending it to another host 606 outside your domain). 607 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from 608 any site to any site. 609 CONFIG: new FEATURE(relay_entire_domain) allows any host in your 610 domain as defined by the 'm' class ($=m) to relay. 611 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on 612 the MX records of the host portion of an incoming recipient. 613 CONFIG: new FEATURE(access_db) which turns on the access database 614 feature. This database give you the ability to allow 615 or refuse to accept mail from specified domains for 616 administrative reasons. By default, names that are listed 617 as "OK" in the access db are domain names, not host names. 618 CONFIG: new confCR_FILE m4 variable for defining the name of the file 619 used for class 'R'. Defaults to /etc/mail/relay-domains. 620 CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file) 621 to add items to class 'R' ($=R) for hosts allowed to relay. 622 CONFIG: new FEATURE(relay_hosts_only) to change the behavior 623 of FEATURE(access_db) and class 'R' to lookup individual 624 host names only. 625 CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient 626 using % addressing is used, e.g. user%site@othersite, 627 and othersite is in class 'R', the check_rcpt ruleset 628 will strip @othersite and recheck user@site for relaying. 629 This feature changes that behavior. It should not be 630 needed for most installations. 631 CONFIG: new FEATURE(relay_local_from) to allow relaying if the 632 domain portion of the mail sender is a local host. This 633 should only be used if absolutely necessary as it opens 634 a window for spammers. Patch from Randall S. Winchester of 635 the University of Maryland. 636 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to 637 block incoming mail destined for certain recipient 638 usernames, hostnames, or addresses. 639 CONFIG: By default, MAIL FROM: commands in the SMTP session will be 640 refused if the host part of the argument to MAIL FROM: cannot 641 be located in the host name service (e.g., DNS). 642 CONFIG: new FEATURE(accept_unresolvable_domains) accepts 643 unresolvable hostnames in MAIL FROM: SMTP commands. 644 CONFIG: new FEATURE(accept_unqualified_senders) accepts 645 MAIL FROM: senders which do not include a domain. 646 CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the 647 Realtime Blackhole List. You can specify the RBL name 648 server to contact by specifying it as an optional argument. 649 The default is rbl.maps.vix.com. For details, see 650 http://maps.vix.com/rbl/. 651 CONFIG: Call Local_check_relay, Local_check_mail, and 652 Local_check_rcpt from check_relay, check_mail, and 653 check_rcpt. Users with local rulesets should place the 654 rules using LOCAL_RULESETS. If a Local_check_* ruleset 655 returns $#OK, the message is accepted. If the ruleset 656 returns a mailer, the appropriate action is taken, else 657 the return of the ruleset is ignored. 658 CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by 659 default to support file, :include:, and program deliveries. 660 CONFIG: Remove the default for confDEF_USER_ID so the binary can 661 pick the proper default value. See the SECURITY note 662 above for more information. 663 CONFIG: FEATURE(nodns) now warns the user that the feature is a 664 no-op. Patch from Kari Hurtta of the Finnish 665 Meteorological Institute. 666 CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to 667 daemon since DEC's /bin/mail will drop the envelope 668 sender if run as mailnull. See the Digital UNIX section 669 of src/README for more information. Problem noted by 670 Kari Hurtta of the Finnish Meteorological Institute. 671 CONFIG: .cf files are now stored in the same directory with the 672 .mc files instead of in the obj directory. 673 CONFIG: New options confSINGLE_LINE_FROM_HEADER, 674 confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for 675 setting SingleLineFromHeader, AllowBogusHELO, and 676 MustQuoteChars respectively. 677 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This 678 SMTP-like protocol allows detailed reporting of delivery 679 status on a per-user basis. Code donated by John Myers of 680 CMU (now of Netscape). 681 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the 682 University of Maryland. NOTE: mail.local is not 683 compatible with the stock HP-UX mail format. Be sure to 684 read mail.local/README. 685 MAIL.LOCAL: Prevent other mail delivery agents from stealing a 686 mailbox lock. Patch from Randall S. Winchester of the 687 University of Maryland. 688 MAIL.LOCAL: glibc portability from John Kennedy of Cal State 689 University, Chico. 690 MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish 691 Meteorological Institute. 692 MAILSTATS: Display the number of rejected and discarded messages 693 in the StatusFile. Patch from Randall Winchester of the 694 University of Maryland. 695 MAKEMAP: New -s flag to ignore safety checks on database map files 696 such as linked files in world writable directories. 697 MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support. 698 PRALIASES: Add support for Berkeley DB 2.X. 699 PRALIASES: Do not automatically include NDBM support. Problem 700 noted by Ralf Hildebrandt of the Technical University of 701 Braunschweig. 702 RMAIL: Improve portability for other platforms. Patches from 703 Randall S. Winchester of the University of Maryland and 704 Kari Hurtta of the Finnish Meteorological Institute. 705 Changed Files: 706 src/Makefiles/Makefile.* files have been modified to use 707 the new build mechanism and are now BuildTools/OS/*. 708 src/makesendmail changed to symbolic link to src/Build. 709 New Files: 710 BuildTools/M4/header.m4 711 BuildTools/M4/depend/BSD.m4 712 BuildTools/M4/depend/CC-M.m4 713 BuildTools/M4/depend/NCR.m4 714 BuildTools/M4/depend/Solaris.m4 715 BuildTools/M4/depend/X11.m4 716 BuildTools/M4/depend/generic.m4 717 BuildTools/OS/AIX.4.2 718 BuildTools/OS/AIX.4.x 719 BuildTools/OS/CRAYT3E.2.0.x 720 BuildTools/OS/HP-UX.11.x 721 BuildTools/OS/IRIX.6.5 722 BuildTools/OS/NEXTSTEP.4.x 723 BuildTools/OS/NeXT.4.x 724 BuildTools/OS/NetBSD.8.3 725 BuildTools/OS/QNX 726 BuildTools/OS/SunOS.5.7 727 BuildTools/OS/dcosx.1.x.NILE 728 BuildTools/README 729 BuildTools/Site/README 730 BuildTools/bin/Build 731 BuildTools/bin/configure.sh 732 BuildTools/bin/find_m4.sh 733 BuildTools/bin/install.sh 734 Makefile 735 cf/cf/Build 736 cf/cf/generic-hpux10.cf 737 cf/feature/accept_unqualified_senders.m4 738 cf/feature/accept_unresolvable_domains.m4 739 cf/feature/access_db.m4 740 cf/feature/blacklist_recipients.m4 741 cf/feature/loose_relay_check.m4 742 cf/feature/local_lmtp.m4 743 cf/feature/promiscuous_relay.m4 744 cf/feature/rbl.m4 745 cf/feature/relay_based_on_MX.m4 746 cf/feature/relay_entire_domain.m4 747 cf/feature/relay_hosts_only.m4 748 cf/feature/relay_local_from.m4 749 cf/ostype/qnx.m4 750 contrib/doublebounce.pl 751 mail.local/Build 752 mail.local/Makefile.m4 753 mail.local/README 754 mailstats/Build 755 mailstats/Makefile.m4 756 makemap/Build 757 makemap/Makefile.m4 758 praliases/Build 759 praliases/Makefile.m4 760 rmail/Build 761 rmail/Makefile.m4 762 rmail/rmail.0 763 smrsh/Build 764 smrsh/Makefile.m4 765 src/Build 766 src/Makefile.m4 767 src/snprintf.c 768 Deleted Files: 769 cf/cf/Makefile (replaced by Makefile.dist) 770 mail.local/Makefile 771 mail.local/Makefile.dist 772 mailstats/Makefile 773 mailstats/Makefile.dist 774 makemap/Makefile 775 makemap/Makefile.dist 776 praliases/Makefile 777 praliases/Makefile.dist 778 rmail/Makefile 779 smrsh/Makefile 780 smrsh/Makefile.dist 781 src/Makefile 782 src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2) 783 src/Makefiles/Makefile.SMP_DC.OSx.NILE 784 (renamed BuildTools/OS/dcosx.1.x.NILE) 785 src/Makefiles/Makefile.Utah (obsolete platform) 786 Renamed Files: 787 READ_ME => README 788 cf/cf/Makefile.dist => Makefile 789 cf/cf/obj/* => cf/cf/* 790 src/READ_ME => src/README 791 7928.8.8/8.8.8 97/10/24 793 If the check_relay ruleset failed, the relay= field was logged 794 incorrectly. Problem noted by Kari Hurtta of the Finnish 795 Meteorological Institute. 796 If /usr/tmp/dead.letter already existed, sendmail could not 797 add additional bounces to it. Problem noted by Thomas J. 798 Arseneault of SRI International. 799 If an SMTP mailer used a non-standard port number for the outgoing 800 connection, it would be displayed incorrectly in verbose mode. 801 Problem noted by John Kennedy of Cal State University, Chico. 802 Log the ETRN parameter specified by the client before altering them 803 to internal form. Suggested by Bob Kupiec of GES-Verio. 804 EXPN and VRFY SMTP commands on malformed addresses were logging as 805 User unknown with bogus delay= values. Change them to log 806 the same as compliant addresses. Problem noted by Kari E. 807 Hurtta of the Finnish Meteorological Institute. 808 Ignore the debug resolver option unless using sendmail debug trace 809 option for resolver. Problem noted by Greg Nichols of Wind 810 River Systems. 811 If SingleThreadDelivery was enabled and the remote server returned a 812 protocol error on the DATA command, the connection would be 813 closed but the persistent host status file would not be 814 unlocked so other sendmail processes could not deliver to 815 that host. Problem noted by Peter Wemm of DIALix. 816 If queueing up a message due to an expensive mailer, don't increment 817 the number of delivery attempts or set the last delivery 818 attempt time so the message will be delivered on the next 819 queue run regardless of MinQueueAge. Problem noted by 820 Brian J. Coan of the Institute for Global Communications. 821 Authentication warnings of "Processed from queue _directory_" and 822 "Processed by _username_ with -C _filename_" would be logged 823 with the incorrect timestamp. Problem noted by Kari E. Hurtta 824 of the Finnish Meteorological Institute. 825 Use a better heuristic for detecting GDBM. 826 Log null connections on dropped connections. Problem noted by 827 Jon Lewis of Florida Digital Turnpike. 828 If class dbm maps are rebuilt, sendmail will now detect this and 829 reopen the map. Previously, they could give stale 830 results during a single message processing (but would 831 recover when the next message was received). Fix from 832 Joe Pruett of Q7 Enterprises. 833 Do not log failures such as "User unknown" on -bv or SMTP VRFY 834 requests. Problem noted by Kari E. Hurtta of the 835 Finnish Meteorological Institute. 836 Do not send a bounce message back to the sender regarding bad 837 recipients if the SMTP connection is dropped before the 838 message is accepted. Problem noted by Kari E. Hurtta of the 839 Finnish Meteorological Institute. 840 Use "localhost" instead of "[UNIX: localhost]" when connecting to 841 sendmail via a UNIX pipe. This will allow rulesets using 842 $&{client_name} to process without sending the string through 843 dequote. Problem noted by Alan Barrett of Internet Africa. 844 A combination of deferred delivery mode, a double bounce situation, 845 and the inability to save a bounce message to 846 /var/tmp/dead.letter would cause sendmail to send a bounce 847 to postmaster but not remove the offending envelope from the 848 queue causing it to create a new bounce message each time the 849 queue was run. Problem noted by Brad Doctor of Net Daemons 850 Associates. 851 Remove newlines from hostname information returned via DNS. There are 852 no known security implications of newlines in hostnames as 853 sendmail filters newlines in all vital areas; however, this 854 could cause confusing error messages. 855 Starting with sendmail 8.8.6, mail sent with the '-t' option would be 856 rejected if any of the specified addresses were bad. This 857 behavior was modified to only reject the bad addresses and not 858 the entire message. Problem noted by Jozsef Hollosi of 859 SuperNet, Inc. 860 Use Timeout.fileopen when delivering mail to a file. Suggested by 861 Bryan Costales of InfoBeat, Inc. 862 Display the proper Final-Recipient on DSN messages for non-SMTP 863 mailers. Problem noted by Kari E. Hurtta of the 864 Finnish Meteorological Institute. 865 An error in calculating the available space in the list of addresses 866 for logging deliveries could cause an address to be silently 867 dropped. 868 Include the initial user environment if sendmail is restarted via 869 a HUP signal. This will give room for the process title. 870 Problem noted by Jon Lewis of Florida Digital Turnpike. 871 Mail could be delivered without a body if the machine does not 872 support flock locking and runs out of processes during 873 delivery. Fix from Chuck Lever of the University of Michigan. 874 Drop recipient address from 251 and 551 SMTP responses per RFC 821. 875 Problem noted by Kari E. Hurtta of the Finnish Meteorological 876 Institute. 877 Make sure non-rebuildable database maps are opened before the 878 rebuildable maps (i.e. alias files) in case the database maps 879 are needed for verifying the left hand side of the aliases. 880 Problem noted by Lloyd Parkes of Victoria University. 881 Make sure sender RFC822 source route addresses are alias expanded for 882 bounce messages. Problem noted by Juergen Georgi of 883 RUS University of Stuttgart. 884 Minor lint fixes. 885 Return a temporary error instead of a permanent error if an LDAP map 886 search returns an error. This will allow sequenced maps which 887 use other LDAP servers to be checked. Fix from Booker Bense 888 of Stanford University. 889 When automatically converting from quoted printable to 8bit text do 890 not pad bare linefeeds with a space. Problem noted by Theo 891 Nolte of the University of Technology Aachen, Germany. 892 Portability: 893 Non-standard C compilers may have had a problem compiling 894 conf.c due to a standard C external declaration of 895 setproctitle(). Problem noted by Ted Roberts of 896 Electronic Data Systems. 897 AUX: has a broken O_EXCL implementation. Reported by Jim 898 Jagielski of jaguNET Access Services. 899 BSD/OS: didn't compile if HASSETUSERCONTEXT was defined. 900 Digital UNIX: Digital UNIX (and possibly others) moves 901 loader environment variables into the loader memory 902 area. If one of these environment variables (such as 903 LD_LIBRARY_PATH) was the last environment variable, 904 an invalid memory address would be used by the process 905 title routine causing memory corruption. Problem 906 noted by Sam Hartman of Mesa Internet Systems. 907 GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused 908 chownsafe() to always return 0 even if the OS does 909 not permit file giveaways. Problem noted by 910 Yasutaka Sumi of The University of Tokyo. 911 IRIX6: Syslog buffer size set to 512 bytes. Reported by 912 Gerald Rinske of Siemens Business Services VAS. 913 Linux: Pad process title with NULLs. Problem noted by 914 Jon Lewis of Florida Digital Turnpike. 915 SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an 916 incorrect value for the number of interfaces. 917 Problem noted by Chris Loelke of JetStream Internet 918 Services. 919 SINIX: Update for Makefile and syslog buffer size from Gerald 920 Rinske of Siemens Business Services VAS. 921 Solaris: Make sure HASGETUSERSHELL setting for SunOS is not 922 used on a Solaris machine. Problem noted by 923 Stephen Ma of Jtec Pty Limited. 924 CONFIG: SINIX: Update from Gerald Rinske of Siemens Business 925 Services VAS. 926 MAKEMAP: Use a better heuristic for detecting GDBM. 927 CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff. 928 OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of 929 Ericsson. 930 9318.8.7/8.8.7 97/08/03 932 If using Berkeley DB on systems without O_EXLOCK (open a file with 933 an exclusive lock already set -- i.e., almost all systems 934 except 4.4-BSD derived systems), the initial attempt at 935 rebuilding aliases file if the database didn't already 936 exist would fail. Patch from Raymund Will of LST Software 937 GmbH. 938 Bogus incoming SMTP commands would reset the SMTP conversation. 939 Problem noted by Fredrik J�nsson of the Royal Institute 940 of Technology, Stockholm. 941 Since TCP Wrappers includes setenv(), unsetenv(), and putenv(), 942 some environments could give "multiple definitions" for these 943 routines during compilation. If using TCP Wrappers, assume 944 that these routines are included as though they were in the 945 C library. Patch from Robert La Ferla. 946 When a NEWDB database map was rebuilt at the same time it was being 947 used by a queue run, the maps could be left locked for the 948 duration of the queue run, causing other processes to hang. 949 Problem noted by Kendall Libby of Shore.NET. 950 In some cases, NoRecipientAction=add-bcc was being ignored, so the 951 mail was passed on without any recipient header. This could 952 cause problems downstream. Problem noted by Xander Jansen 953 of SURFnet ExpertiseCentrum. 954 Give error when GDBM is used with sendmail. GDBM's locking and 955 linking of the .dir and .pag files interferes with sendmail's 956 locking and security checks. Problems noted by Fyodor 957 Yarochkin of the Kyrgyz Republic FreeNet. 958 Don't fsync qf files if SuperSafe option is not set. 959 Avoid extra calls to gethostbyname for addresses for which a 960 gethostbyaddr found no value. Also, ignore any returns 961 from gethostbyaddr that look like a dotted quad. 962 If PTR lookup fails when looking up an SMTP peer, don't tag it as 963 "may be forged", since at the network level we pretty much 964 have to assume that the information is good. 965 In some cases, errors during an SMTP session could leave files 966 open or locked. 967 Better handling of missing file descriptors (0, 1, 2) on startup. 968 Better handling of non-setuid binaries -- avoids certain obnoxious 969 errors during testing. 970 Errors in file locking of NEWDB maps had the incorrect file name 971 printed in the error message. 972 If the AllowBogusHELO option were set and an EHLO with a bad or 973 missing parameter were issued, the EHLO behaved like a HELO. 974 Load limiting never kicked in for incoming SMTP transactions if the 975 DeliverMode=background and any recipient was an alias or 976 had a .forward file. From Nik Conwell of Boston University. 977 On some non-Posix systems, the decision of whether chown(2) permits 978 file giveaway was undefined. From Tetsu Ushijima of the 979 Tokyo Institute of Technology. 980 Fix race condition that could cause the body of a message to be 981 lost (so only the header was delivered). This only occurs 982 on systems that do not use flock(2), and only when a queue 983 runner runs during a critical section in another message 984 delivery. Based on a patch from Steve Schweinhart of 985 Results Computing. 986 If a qf file was found in a mail queue directory that had a problem 987 (wrong ownership, bad format, etc.) and the file name was 988 exactly MAXQFNAME bytes long, then instead of being tried 989 once, it would be tried on every queue run. Problem noted 990 by Bryan Costales of Mercury Mail. 991 If the system supports an st_gen field in the status structure, 992 include it when reporting that a file has changed after open. 993 This adds a new compile flag, HAS_ST_GEN (0/1 option). 994 This out to be checked as well as reported, since it is 995 theoretically possible for an attacker to remove a file after 996 it is opened and replace it with another file that has the 997 same i-number, but some filesystems (notably AFS) return 998 garbage in this field, and hence always look like the file 999 has changed. As a practical matter this is not a security 1000 problem, since the files can be neither hard nor soft links, 1001 and on no filesystem (that I am aware of) is it possible to 1002 have two files on the same filesystem with the same i-number 1003 simultaneously. 1004 Delete the root Makefile from the distribution -- it is only for 1005 use internally, and does not work at customer sites. 1006 Fix botch that caused the second MAIL FROM: command in a single 1007 transaction to clear the entire transaction. Problem 1008 noted by John Kennedy of Cal State University, Chico. 1009 Work properly on machines that have _PATH_VARTMP defined without 1010 a trailing slash. (And a pox on vendors that decide to 1011 ignore the established conventions!) Problem noted by 1012 Gregory Neil Shapiro of WPI. 1013 Internal changes to make it easier to add another protocol family 1014 (intended for IPv6). Patches are from John Kennedy of 1015 CSU Chico. 1016 In certain cases, 7->8 bit MIME decoding of Base64 text could leave 1017 an extra space at the beginning of some lines. Problem 1018 noted by Charles Karney of Princeton University; fix based 1019 on a patch from Christophe Wolfhugel. 1020 Portability: 1021 Allow _PATH_VENDOR_CF to be set in Makefile for consistency 1022 with the _Sendmail_ book, 2nd edition. Note that 1023 the book is actually wrong: _PATH_SENDMAILCF should 1024 be used instead. 1025 AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow 1026 of Argonne National Laboratory. 1027 OpenBSD from from Paul DuBois of the University of Wisconsin. 1028 RISC/os 4.0 from Paul DuBois of the University of Wisconsin. 1029 SunOS: Include <memory.h> to fix warning from util.c. From 1030 James Aldridge of EUnet Ltd. 1031 Solaris: Change STDIR (location of status file) to /etc/mail 1032 in Makefiles. 1033 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from 1034 Makefiles. Use NEWDB on Linux instead. 1035 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl 1036 exists but behaves differently than other OSes. 1037 Add SIOCGIFNUM_IS_BROKEN compile flag to get 1038 around the problem. Problem noted by Tom Moore of 1039 NCR Corp. 1040 HP-UX 9.x: fix compile warnings for old select API. Problem 1041 noted by Tom Smith of Digital Equipment Corp. 1042 UnixWare 2.x: compile warnings on offsetof macro. Problem 1043 noted by Tom Good of the Community Access Information 1044 Resource Network 1045 SCO 4.2: compile problems caused by a change in the type of 1046 the "length" parameters passed to accept, getpeername, 1047 getsockname, and getsockopt. Adds new compile flags 1048 SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported 1049 by Tom Good of St. Vincent's North Richmond Community 1050 Mental Health Center Residential Services. 1051 AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. 1052 Suggested by Brett Hogden of Rochester Gas & Electric 1053 Corp. 1054 Linux: avoid compile problem for versions of <setjmp.h> that 1055 #define both setjmp and longjmp. Problem pointed out 1056 by J.R. Oldroyd of TerraNet. 1057 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1) 1058 from Christopher Durham of SCO. 1059 CONFIG: NEXTSTEP: define confCW_FILE to 1060 /etc/sendmail/sendmail.cw to match the usual 1061 configuration. Patch from Dennis Glatting of 1062 PlainTalk. 1063 CONFIG: MAILER(fax) called a program that hasn't existed for a long 1064 time. Convert to use the HylaFAX 4.0 conventions. Suggested 1065 by Harry Styron. 1066 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These 1067 are the rulesets in use on sendmail.org. 1068 MAKEMAP: give error on GDBM files. 1069 MAIL.LOCAL: Make error messages a bit more explicit, for example, 1070 telling more details on what actually changed when "file 1071 changed after open". 1072 CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw 1073 files. 1074 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'. 1075 NEW FILES: 1076 src/Makefiles/Makefile.OpenBSD 1077 src/Makefiles/Makefile.RISCos.4_0 1078 test/t_exclopen.c 1079 cf/ostype/sco-uw-2.1.m4 1080 DELETED FILES: 1081 Makefile 1082 10838.8.6/8.8.6 97/06/14 1084 ************************************************************* 1085 * The extensive assistance of Gregory Neil Shapiro of WPI * 1086 * in preparing this release is gratefully appreciated. * 1087 * Sun Microsystems has also provided resources toward * 1088 * continued sendmail development. * 1089 ************************************************************* 1090 SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open 1091 mode bits set to create a file that is a symbolic link that 1092 points nowhere. This makes it possible to create a root 1093 owned file in an arbitrary directory by inserting the symlink 1094 into a writable directory after the initial lstat(2) check 1095 determined that the file did not exist. The only verified 1096 example of a system having these odd semantics for O_EXCL 1097 and symbolic links was HP-UX prior to version 9.07. Most 1098 systems do not have the problem, since a exclusive create 1099 of a file disallows symbolic links. Systems that have been 1100 verified to NOT have the problem include AIX 3.x, *BSD, 1101 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris, 1102 and Ultrix. This is a potential exposure on systems that 1103 have this bug and which do not have a MAILER-DAEMON alias 1104 pointing at a legitimate account, since this will cause old 1105 mail to be dropped in /var/tmp/dead.letter. 1106 SECURITY: Problems can occur on poorly managed systems, specifically, 1107 if maps or alias files are in world writable directories. 1108 If your system has alias maps in writable directories, it 1109 is potentially possible for an attacker to replace the .db 1110 (or .dir and .pag) files by symbolic links pointing at 1111 another database; this can be used either to expose 1112 information (e.g., by pointing an alias file at /etc/spwd.db 1113 and probing for accounts), or as a denial-of-service attack 1114 (by trashing the password database). The fix disallows 1115 symbolic links entirely when rebuilding alias files or on 1116 maps that are in writable directories, and always warns on 1117 writable directories; 8.9 will probably consider writable 1118 directories to be fatal errors. This does not represent an 1119 exposure on systems that have alias files in unwritable 1120 system directories. 1121 SECURITY: disallow .forward or :include: files that are links (hard 1122 or soft) if the parent directory (or any directory in the 1123 path) is writable by anyone other than the owner. This is 1124 similar to the previous case for user files. This change 1125 should not affect most systems, but is necessary to prevent 1126 an attacker who can write the directory from pointing such 1127 files at other files that are readable only by the owner. 1128 SECURITY: Tighten safechown rules: many systems will say that they 1129 have a safe (restricted to root) chown even on files that 1130 are mounted from another system that allows owners to give 1131 away files. The new rules are very strict, trusting file 1132 ownership only in those few cases where the system has 1133 been verified to be at least as paranoid as necessary. 1134 However, it is possible to relax the rules to partially 1135 trust the ownership if the directory path is not world or 1136 group writable. This might allow someone who has a legitimate 1137 :include: file (referenced directly from /etc/aliases) to 1138 become another non-root user if the :include: file is in a 1139 non-writable directory on an NFS-mounted filesystem where 1140 the local system says that giveaway is denied but it is 1141 actually permitted. I believe this to be a very small set 1142 of cases. If in doubt, do not point :include: aliases at 1143 NFS-mounted filesystems. 1144 SECURITY: When setting a numeric group id using the RunAsUser option 1145 (e.g., "O RunAsUser=10:20", the group id would not be set. 1146 Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha 1147 group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine. 1148 The user id was still set properly. Problem noted by Uli 1149 Pralle of the Technical University of Berlin. 1150 Save the initial gid set for use when checking for if the 1151 PrivacyOptions=restrictmailq option is set. Problem reported 1152 by Wolfgang Ley of DFN-CERT. 1153 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a 1154 failure on one message won't affect future messages to the 1155 same host). 1156 IP source route printing had an "off by one" error that would 1157 affect any options that came after the route option. Patch 1158 from Theo de Raadt. 1159 The "Message is too large" error didn't successfully bounce the error 1160 back to the sender. Problem reported by Stephen More of 1161 PSI; patch from Gregory Neil Shapiro of WPI. 1162 Change SMTP status code 553 to map into Extended code 5.1.0 (instead 1163 of 5.1.3); it apparently gets used in multiple ways. 1164 Suggested by John Myers of Portola Communications. 1165 Fix possible extra null byte generated during collection if errors 1166 occur at the beginning of the stream. Patch contributed by 1167 Andrey A. Chernov and Gregory Neil Shapiro. 1168 Code changes to avoid possible reentrant call of malloc/free within 1169 a signal handler. Problem noted by John Beck of Sun 1170 Microsystems. 1171 Move map initialization to be earlier so that check_relay ruleset 1172 will have the latest version of the map data. Problem noted 1173 by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro. 1174 If there are fatal errors during the collection phase (e.g., message 1175 too large) don't send the bogus message. 1176 Avoid "cannot open xfAAA00000" messages when sending to aliases that 1177 have errors and have owner- aliases. Problem noted by Michael 1178 Barber of MTU; fix from Gregory Neil Shapiro of WPI. 1179 Avoid null pointer dereference on illegal Boundary= parameters in 1180 multipart/mixed Content-Type: header. Problem noted by 1181 Richard Muirden of RMIT University. 1182 Always print error messages during newaliases (-bi) even if the 1183 ErrorMode is not set to "print". Fix from Gregory Neil 1184 Shapiro. 1185 Test mode could core dump if you did a /map lookup in an optional map 1186 that could not be opened. Based on a fix from John Beck of 1187 Sun Microsystems. 1188 If DNS is misconfigured so that the last MX record tried points to 1189 a host that does not have an A record, but other MX records 1190 pointed to something reasonable, don't bounce the message 1191 with a "host unknown" error. Note that this should really 1192 be fixed in the zone file for the domain. Problem noted by 1193 Joe Rhett of Navigist, Inc. 1194 If a map fails (e.g., DNS times out) on all recipient addresses, mark 1195 the message as having been tried; otherwise the next queue 1196 run will not realize that this is a second attempt and will 1197 retry immediately. Problem noted by Bryan Costales of 1198 Mercury Mail. 1199 If the clock is set backwards, and a MinQueueAge is set, no jobs 1200 will be run until the later setting of the clock is reached. 1201 "Problem" (I use the term loosely) noted by Eric Hagberg of 1202 Morgan Stanley. 1203 If the load average rises above the cutoff threshold (above which 1204 sendmail will not process the queue at all) during a queue 1205 run, abort the queue run immediately. Problem noted by 1206 Bryan Costales of Mercury Mail. 1207 The variable queue processing algorithm (based on the message size, 1208 number of recipients, message precedence, and job age) was 1209 non-functional -- either the entire queue was processed or 1210 none of the queue was processed. The updated algorithm 1211 does no queue run if a single recipient zero size job will 1212 not be run. 1213 If there is a fatal ("panic") message that will cause sendmail to 1214 die immediately, never hold the error message for future 1215 printing. 1216 Force ErrorMode=print in -bt mode so that all errors are printed 1217 regardless of the setting of the ErrorMode option in the 1218 configuration file. Patch from Gregory Neil Shapiro. 1219 New compile flag HASSTRERROR says that this OS has the strerror(3) 1220 routine available in one of the libraries. Use it in conf.h. 1221 The -m (match only) flag now works on host class maps. 1222 If class hash or btree maps are rebuilt, sendmail will now detect 1223 this and reopen the map. Previously, they could give 1224 erroneous results during a single message processing 1225 (but would recover when the next message was received). 1226 Don't delete zero length queue files when doing queue runs until the 1227 files are at least ten minutes old. This avoids a potential 1228 race condition: the creator creates the qf file, getting back 1229 a file descriptor. The queue runner locks it and deletes it 1230 because it is zero length. The creator then writes the 1231 descriptor that is now for a disconnected file, and the 1232 job goes away. Based on a suggestion by Bryan Costales. 1233 When determining the "validated" host name ($_ macro), do a forward 1234 (A) DNS lookup on the result of the PTR lookup and compare 1235 results. If they differ or if the PTR lookup fails, tag the 1236 address as "may be forged". 1237 Log null connections (i.e., hosts that connect but do not do any 1238 substantive activity on the connection before disconnecting; 1239 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN. 1240 Always permit "writes" to /dev/null regardless of the link count. 1241 This is safe because /dev/null is special cased, and no open 1242 or write is ever actually attempted. Patch from Villy Kruse 1243 of TwinCom. 1244 If a message cannot be sent because of a 552 (exceeded storage 1245 allocation) response to the MAIL FROM:<>, and a SIZE= parameter 1246 was given, don't return the body in the bounce, since there 1247 is a very good chance that the message will double-bounce. 1248 Fix possible line truncation if a quoted-printable had an =00 escape 1249 in the body. Problem noted by Charles Karney of the Princeton 1250 Plasma Physics Laboratory. 1251 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses. 1252 Problem noted by Kari Hurtta of the Finnish Meteorological 1253 Institute. 1254 The MaxDaemonChildren option wasn't applying to queue runs as 1255 documented. Note that this increases the potential denial 1256 of service problems with this option: an attacker can 1257 connect many times, and thereby lock out queue runs as well 1258 as incoming connections. If you use this option, you should 1259 run the "sendmail -bd" and "sendmail -q30m" jobs separately 1260 to avoid this attack. Failure to limit noted by Matthew 1261 Dillon of BEST Internet Communications. 1262 Always give a message in newaliases if alias files cannot be 1263 opened instead of failing silently. Suggested by Gregory 1264 Neil Shapiro. This change makes the code match the O'Reilly 1265 book (2nd edition). 1266 Some older versions of the resolver could return with h_errno == -1 1267 if no name server could be reached, causing mail to bounce 1268 instead of queueing. Treat this like TRY_AGAIN. Fix from 1269 John Beck of SunSoft. 1270 If a :include: file is owned by a user that does not have an entry 1271 in the passwd file, sendmail could dereference a null pointer. 1272 Problem noted by Satish Mynam of Sun Microsystems. 1273 Take precautions to make sure that the SMTP protocol cannot get out 1274 of sync if (for example) an alias file cannot be opened. 1275 Fix a possible race condition that can cause a SIGALRM to come in 1276 immediately after a SIGHUP, causing the new sendmail to die. 1277 Avoid possible hang on SVr3 systems when doing child reaping. Patch 1278 from Villy Kruse of TwinCom. 1279 Ignore improperly formatted SMTP reply codes. Previously these were 1280 partially processed, which could cause confusing error 1281 returns. 1282 Fix possible bogus pointer dereference when doing ldapx map lookups 1283 on some architectures. 1284 Portability: 1285 A/UX: from Jim Jagielski of NASA/GSFC. 1286 glibc: SOCK_STREAM was changed from a #define to an enum, 1287 thus breaking #ifdef SOCK_STREAM. Only option seems 1288 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is 1289 defined. Problem reported by A Sun of the University 1290 of Washington. 1291 Solaris: use SIOCGIFNUM to get the number of interfaces on 1292 the system rather than guessing at compile time. 1293 Patch contributed by John Beck of Sun Microsystems. 1294 Intel Paragon: from Wendy Lin of Purdue University. 1295 GNU Hurd: from Miles Bader of the GNU project. 1296 RISC/os 4.50 from Harlan Stenn of PFCS Corporation. 1297 ISC Unix: wait never returns if SIGCLD signals are blocked. 1298 Unfortunately releasing them opens a race condition, 1299 but there appears to be no fix for this. Patch from 1300 Gregory Neil Shapiro. 1301 BIND 8.1 for IPv6 compatibility from John Kennedy. 1302 Solaris: a bug in strcasecmp caused characters with the 1303 high order bit set to apparently randomly match 1304 letters -- for example, $| (0233) matches "i" and "I". 1305 Problem noted by John Gregson of the University of 1306 Cambridge. 1307 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From 1308 Kari Hurtta. 1309 IRIX 6.x: Create Makefiles for systems that claim to be 1310 IRIX64 but are 6.2 or higher (so use the regular 1311 IRIX Makefile). 1312 IRIX 6.x: Fix load average computation on 64 bit kernels. 1313 Problem noted by Eric Hagberg of Morgan Stanley. 1314 CONFIG: Some canonification was still done for UUCP-like addresses 1315 even if FEATURE(nocanonify) was set. Problem pointed out by 1316 Brian Candler. 1317 CONFIG: In some cases UUCP mailers wouldn't properly recognize all 1318 local names as local. Problem noted by Jeff Polk of BSDI; 1319 fix provided by Gregory Neil Shapiro. 1320 CONFIG: The "local:user" syntax entries in mailertables and other 1321 "mailer:user" syntax locations returned an incorrect value 1322 for the $h macro. Problem noted by Gregory Neil Shapiro. 1323 CONFIG: Retain "+detail" information when forwarding mail to a 1324 MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip 1325 Guenther of Gustavus Adolphus College. 1326 CONFIG: Make sure user+detail works for FEATURE(virtusertable); 1327 rules are the same as for aliasing. Based on a patch from 1328 Gregory Neil Shapiro. 1329 CONFIG: Break up parsing rules into several pieces; this should 1330 have no functional change in this release, but makes it 1331 possible to have better anti-spam rulesets in the future. 1332 CONFIG: Disallow double dots in host names to avoid having the 1333 HostStatusDirectory store status under the wrong name. 1334 In some cases this can be used as a denial-of-service attack. 1335 Problem noted by Ron Jarrell of Virginia Tech, patch from 1336 Gregory Neil Shapiro. 1337 CONFIG: Don't use F=m (multiple recipients per invocation) for 1338 MAILER(procmail), but do pass F=Pn9 (include Return-Path:, 1339 don't include From_, and convert to 8-bit). Suggestions 1340 from Kimmo Suominen and Roderick Schertler. 1341 CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) where 1342 being masqueraded as though FEATURE(masquerade_entire_domain) 1343 was specified, even when it wasn't. 1344 MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft. 1345 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't 1346 "slip in" a symbolic link between the lstat(2) call and the 1347 exclusive open. This is only a problem on System V derived 1348 systems that allow an exclusive create on files that are 1349 symbolic links pointing nowhere. 1350 MAIL.LOCAL: If the final mailbox close() failed, the user id was 1351 not reset back to root, which on some systems would cause 1352 later mailboxes to fail. Also, any partial message would 1353 not be truncated, which could result in repeated deliveries. 1354 Problem noted by Bruce Evans via Peter Wemm (FreeBSD 1355 developers). 1356 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar 1357 change to the sendmail map code was made in 8.8.3. Problem 1358 noted by Gregory Neil Shapiro. 1359 MAKEMAP: Give warnings on file problems such as map files that are 1360 symbolic links; although makemap is not setuid root, it is 1361 often run as root and hence has the potential for the same 1362 sorts of problems as alias rebuilds. 1363 MAKEMAP: Change compilation so that it will link properly on 1364 NEXTSTEP. 1365 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. 1366 Accept an optional list of arguments following the server 1367 name for the ETRN arguments to use (instead of $=w). Other 1368 miscellaneous bug fixes. From Christian von Roques via 1369 John Beck of Sun Microsystems. 1370 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This 1371 Perl script converts GECOS information in the /etc/passwd 1372 file into aliases, allowing for faster access to full name 1373 lookups; it is also clever about adding aliases (to root) 1374 for system accounts. 1375 NEW FILES: 1376 src/safefile.c 1377 cf/ostype/gnuhurd.m4 1378 cf/ostype/irix6.m4 1379 contrib/passwd-to-alias.pl 1380 src/Makefiles/Makefile.IRIX64.6.1 1381 src/Makefiles/Makefile.IRIX64.6.x 1382 RENAMED FILES: 1383 src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x 1384 src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0 1385 13868.8.5/8.8.5 97/01/21 1387 SECURITY: Clear out group list during startup. Without this, sendmail 1388 will continue to run with the group permissions of the caller, 1389 even if RunAsUser is specified. 1390 SECURITY: Make purgestat (-bH) be root-only. This is not in response 1391 to any known attack, but it's best to be conservative. 1392 Suggested by Peter Wemm of DIALix. 1393 SECURITY: Fix buffer overrun problem in MIME code that has possible 1394 security implications. Patch from Alex Garthwaite of the 1395 University of Pennsylvania. 1396 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'") 1397 would truncate the address after "Full". Although the -f 1398 syntax is incorrect (since it is in the envelope, it 1399 shouldn't have comments and full names), the failure mode 1400 was unnecessarily awful. 1401 Fix a possible null pointer dereference when converting 8-bit data 1402 to a 7-bit format. Problem noted by Jim Hutchins of 1403 Sandia National Labs and David James of British Telecom. 1404 Clear out stale state that affected F=9 on SMTP mailers in queue 1405 runs. Although this really shouldn't be used (F=9 is for 1406 final delivery only, and using it on an SMTP mailer makes 1407 it possible for a message to be converted from 8->7->8->7 1408 bits several times), it shouldn't have failed with a syserr. 1409 Problem noted by Eric Hagberg of Morgan Stanley. 1410 _Really_ fix the multiple :maildrop code in the user database 1411 module. Patch from Roy Mongiovi of Georgia Tech. 1412 Let F lines in the configuration file actually read root-only 1413 files if the configuration file is safe. Based on a 1414 patch from Keith Reynolds of SCO. 1415 ETRN followed by QUIT would hold the connection open until the queue 1416 run completed. Problem noted by Truck Lewis of TDK 1417 Semiconductor Corp. 1418 It turns out that despite the documentation, the TCP wrappers library 1419 does _not_ log rejected connections. Do the logging ourselves. 1420 Problem noted by Fletcher Mattox of the University of Texas 1421 at Austin. 1422 If sendmail finds a qf file in its queue directory that is an unknown 1423 version (e.g., when backing out to an old version), the 1424 error is reported on every queue run. Change it to only 1425 give the error once (and rename the qf => Qf). Patch from 1426 William A. Gianopoulos of Raytheon Company. 1427 Start a new session when doing background delivery; currently it 1428 ignored signals but didn't start a new signal, that caused 1429 some problems if a background process tried to send mail 1430 under certain circumstances. Problem noted by Eric Hagberg 1431 of Morgan Stanley; fix from Kari Hurtta. 1432 Simplify test for skipping a queue run to just check if the current 1433 load average is >= the queueing load average. Previously 1434 the check factored in some other parameters that caused it 1435 to essentially never skip the queue run. Patch from Bryan 1436 Costales. 1437 If the SMTP server is running in "nullserver" mode (that is, it is 1438 rejecting all commands), start sleeping after MAXBADCOMMAND 1439 (25) commands; this helps prevent a bad guy from putting 1440 you into a tight loop as a denial-of-service attack. Based 1441 on an e-mail conversation with Brad Knowles of AOL. 1442 Slow down when too many "light weight" commands have been issued; 1443 this helps prevent a class of denial-of-service attacks. 1444 The current values and defaults are: 1445 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 1446 MAXHELOCOMMANDS 3 HELO, EHLO 1447 MAXVRFYCOMMANDS 6 VRFY, EXPN 1448 MAXETRNCOMMANDS 8 ETRN 1449 These will probably be configurable in a future release. 1450 On systems that have uid_t typedefed to be an unsigned short, programs 1451 that had the F=S flag and no U= equate would be invoked with 1452 the real uid set to 65535 rather than being left unchanged. 1453 In some cases, NOTIFY=NEVER was not being honored. Problem noted 1454 by Steve Hubert of the University of Washington, Seattle. 1455 Mail that was Quoted-Printable encoded and had a soft line break on 1456 the last line (i.e., an incomplete continuation) had the last 1457 line dropped. Since this appears to be illegal it isn't 1458 clear what to do with it, but flushing the last line seems 1459 to be a better "fail soft" approach. Based on a patch from 1460 Eric Hagberg. 1461 If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a 1462 bogus HELO command still causes the "Polite people say HELO 1463 first" error message. Problem pointed out by Chris Thomas 1464 of UCLA; patch from John Beck of SunSoft. 1465 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set 1466 in PrivacyFlags. The -q shouldn't turn this command off. 1467 Problem noted by Murray Kucherawy of Pacific Bell Internet; 1468 based on a patch from Gregory Neil Shapiro of WPI. 1469 Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation) 1470 in a DATA transaction to be sticky; these can occur because 1471 a message is too large, and smaller messages should still go 1472 through. Problem noted by Matt Dillon of Best Internet 1473 Communications. 1474 In some cases bounces were saved in /var/tmp/dead.letter even if they 1475 had been successfully delivered to the envelope sender. 1476 Problem noted Eric Hagberg of Morgan Stanley; solution from 1477 Gregory Neil Shapiro of WPI. 1478 Give better diagnostics on long alias lines. Based on code contributed 1479 by Patrick Gosling of the University of Cambridge. 1480 Increase the number of virtual interfaces that will be probed for 1481 alternate names. Problem noted by Amy Rich of Shore.Net. 1482 PORTABILITY: 1483 UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from 1484 Toshiaki Nomura of Fujitsu Limited. 1485 SunOS with LDAP support: compile problems with struct timeval. 1486 Patch from Nick Cuccia of TCSI Corporation. 1487 SCO: from Keith Reynolds of SCO. 1488 Solaris: kstat load average computation wasn't being used. 1489 Fixes from Michael Ju. Tokarev of Telecom Service, JSC 1490 (Moscow). 1491 OpenBSD: from Jason Downs of teeny.org. 1492 Altos System V: from Tim Rice. 1493 Solaris 2.5: from Alan Perry of SunSoft. 1494 Solaris 2.6: from John Beck of SunSoft. 1495 Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli 1496 of Pratt & Whitney <miorelli@pweh.com>. 1497 CONFIG: It seems that I hadn't gotten the Received: line syntax 1498 _just_right_ yet. Tweak it again. I'll omit the names 1499 of the "contributors" (quantity two) in this one case. 1500 As of now, NO MORE DISCUSSION about the syntax of the 1501 Received: line. 1502 CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E), 1503 it never inserts that class into the output file. Fix it 1504 so it will honor EXPOSED_USER but will _not_ include root 1505 automatically in this class. Problem noted by Ronan KERYELL 1506 of Centre de Recherche en Informatique de l'�cole Nationale 1507 Sup�rieure des Mines de Paris (CRI-ENSMP). 1508 CONFIG: Clean up handling of "local:" syntax in relay specifications 1509 such as LUSER_RELAY. This change permits the following 1510 syntaxes: ``local:'' will send to the same user on the 1511 local machine (e.g., in a mailertable entry for "host", 1512 ``local:'' will cause an address addressed to user@host to 1513 go to user on the local machone). ``local:user'' will send 1514 to the named user on the local machine. ``local:user@host'' 1515 is equivalent to ``local:user'' (the host is ignored). In 1516 all cases, the original user@host is passed in $@ (i.e., the 1517 detail information). Inspired by a report from Michael Fuhr. 1518 CONFIG: Strip quotes from the first word of an "error:" host 1519 indication. This lets you set (for example) the LUSER_RELAY 1520 to be ``error:\"5.1.1\" Your Message Here''. Note the use 1521 of the \" so that the resulting string is properly quoted. 1522 Problem noted by Gregory Neil Shapiro of WPI. 1523 OP.ME: documentation was inconsistent about whether sendmail did a 1524 NOOP or a RSET to probe the connection (it does a RSET). 1525 Inconsistency noted by Deeran Peethamparam. 1526 OP.ME: insert additional blank pages so it will print properly on 1527 a duplex printer. From Matthew Black of Cal State University, 1528 Long Beach. 1529 15308.8.4/8.8.4 96/12/02 1531 SECURITY: under some circumstances, an attacker could get additional 1532 permissions by hard linking to files that were group 1533 writable by the attacker. The solution is to disallow any 1534 files that have hard links -- this will affect .forward, 1535 :include:, and output files. Problem noted by Terry 1536 Kyriacopoulos of Interlog Internet Services. As a 1537 workaround, set UnsafeGroupWrites -- always a good idea. 1538 SECURITY: the TryNullMXList (w) option should not be safe -- if it 1539 is, it is possible to do a denial-of-service attack on 1540 MX hosts that rely on the use of the null MX list. There 1541 is no danger if you have this option turned off (the default). 1542 Problem noted by Dan Bernstein. Also, make the DontInitGroups 1543 unsafe. I know of no specific attack against this, although 1544 a denial-of-service attack is probably possible, but in theory 1545 you should not be able to safely tweak anything that affects 1546 the permissions that are used when mail is delivered. 1547 Purgestat could go into an infinite loop if one of the host status 1548 directories somehow became empty. Problem noted by Roy 1549 Mongiovi of Georgia Tech. 1550 Processes got "lost" when counting children due to a race condition. 1551 This caused "proc_list_probe: lost pid" messages to be logged. 1552 Problem noted by several people. 1553 On systems with System V SIGCLD child signal semantics (notably AIX 1554 and HP-UX), mail transactions would print the message "451 1555 SMTP-MAIL: lost child: No child processes". Problem noted 1556 by several people. 1557 Miscellaneous compiler warnings on picky compilers (or when setting 1558 gcc to high warning levels). From Tom Moore of NCR Corp. 1559 SMTP protocol errors, and most errors on MAIL FROM: lines should 1560 not be persistent between runs, since they are based on the 1561 message rather than the host. Problem noted by Matt Dillon 1562 of Best Internet Communications. 1563 The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore 1564 of NCR (a.k.a., AT&T Global Information Solutions). 1565 Avoid the possibility of having a child daemon run to completion 1566 (including closing the SMTP socket) before the parent has 1567 had a chance to close the socket; this can cause the parent 1568 to hang for a long time waiting for the socket to drain. 1569 Patch from Don Lewis of TDK Semiconductor. 1570 If the fork() failed in a queue run, the queue runners would not be 1571 rescheduled (so queue runs would stop). Patch from Don Lewis. 1572 Some error conditions in ETRN could cause output without an SMTP 1573 status code. Problem noted by Don Lewis. 1574 Multiple :maildrop addresses in the user database didn't work properly. 1575 Patch from Roy Mongiovi of Georgia Tech. 1576 Add ".db" automatically onto any user database spec that does not 1577 already have it; this is for consistency with makemap, the 1578 K line, and the documentation. Inconsistency pointed out 1579 by Roy Mongiovi. 1580 Allow sendmail to be properly called in nohup mode. Patch from 1581 Kyle Jones of UUNET. 1582 Change ETRN to ignore but still update host status files; previously 1583 it would ignore them and not save the updated status, which 1584 caused stale information to be maintained. Based on a patch 1585 from Christopher Davis of Kapor Enterprises Inc. Also, have 1586 ETRN ignore the MinQueueAge option. 1587 Patch long term host status to recover more gracefully from an empty 1588 host status file condition. Patch from NAKAMURA Motonori 1589 of Kyoto University. 1590 Several patches to signal handling code to fix potential race 1591 conditions from Don Lewis. 1592 Make it possible to compile with -DDAEMON=0 (previously it had some 1593 compile errors). This turns DAEMON, QUEUE, and SMTP into 1594 0/1 compilation flags. Note that DAEMON is an obsolete 1595 compile flag; use NETINET instead. Solution based on a 1596 patch from Bryan Costales. 1597 PORTABILITY FIXES: 1598 AIX4: getpwnam() and getpwuid() do a sequential scan of the 1599 /etc/security/passwd file when called as root. This 1600 is very slow on some systems. To speed it up, use the 1601 (undocumented) _getpw{nam,uid}_shadow() routines. 1602 Patch from Chris Thomas of UCLA/OAC Systems Group. 1603 SCO 5.x: include -lprot in the Makefile. Patch from Bill 1604 Glicker of Burrelle's Information Service. 1605 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch 1606 from Makoto MATSUSHITA of Osaka University. 1607 SunOS 4.0.3: compile problems. Patches from Andrew Cole of 1608 Leeds University and SASABE Tetsuro of the University 1609 of Tokyo. 1610 DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support 1611 Services, Inc. 1612 Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp. 1613 I believe this to have only been a problem if you 1614 compiled with -DUSE_VENDOR_CF_PATH -- another reason 1615 to stick with /etc/sendmail.cf as your One True Path. 1616 Digital UNIX (OSF/1 on Alpha) load average computation from 1617 Martin Laubach of the Technischen Universit�t Wien. 1618 CONFIG: change default Received: line to be multiple lines rather 1619 than one long one. By popular demand. 1620 MAIL.LOCAL: warnings weren't being logged on some systems. Patch 1621 from Jerome Berkman of U.C. Berkeley. 1622 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs 1623 to take a very long time. Problem noted by Yoshiro YONEYA 1624 of NTT Software Corporation. 1625 CONTRIB: add etrn.pl, contributed by John Beck. 1626 NEW FILES: 1627 contrib/etrn.pl 1628 16298.8.3/8.8.3 96/11/17 1630 SECURITY: it was possible to get a root shell by lying to sendmail 1631 about argv[0] and then sending it a signal. Problem noted 1632 by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the 1633 best-of-security list. 1634 Log sendmail binary version number in "Warning: .cf version level 1635 (%d) exceeds program functionality (%d) message" -- this 1636 should make it clearer to people that they are running 1637 the wrong binary. 1638 Fix a problem that occurs when you open an SMTP connection and then 1639 do one or more ETRN commands followed by a MAIL command; at 1640 the end of the DATA phase sendmail would incorrectly report 1641 "451 SMTP-MAIL: lost child: No child processes". Problem 1642 noted by Eric Bishop of Virginia Tech. 1643 When doing text-based host canonification (typically /etc/hosts 1644 lookup), a null host name would match any /etc/hosts entry 1645 with space at the end of the line. Problem noted by Steve 1646 Hubert of the University of Washington, Seattle. 1647 7 to 8 bit BASE64 MIME conversions could duplicate bits of text. 1648 Problem reported by Tom Smith of Digital Equipment Corp. 1649 Increase the size of the DNS answer buffer -- the standard UDP packet 1650 size PACKETSZ (512) is not sufficient for some nameserver 1651 answers containing very many resource records. The resolver 1652 may also switch to TCP and retry if it detects UDP packet 1653 overflow. Also, allow for the fact that the resolver 1654 routines res_query and res_search return the size of the 1655 *un*truncated answer in case the supplied answer buffer it 1656 not big enough to accommodate the entire answer. Patch from 1657 Eric Wassenaar. 1658 Improvements to MaxDaemonChildren code. If you think you have too 1659 many children, probe the ones you have to verify that they 1660 are still around. Suggested by Jared Mauch of CICnet, Inc. 1661 Also, do this probe before growing the vector of children 1662 pids; this previously caused the vector to grow indefinitely 1663 due to a race condition. Problem reported by Kyle Jones of 1664 UUNET. 1665 On some architectures, <db.h> (from the Berkeley DB library) defines 1666 O_EXLOCK to zero; this fools the map compilation code into 1667 thinking that it can avoid race conditions by locking on open. 1668 Change it to check for O_EXLOCK non-zero. Problem noted by 1669 Leif Erlingsson of Data Lege. 1670 Always call res_init() on startup (if compiled in, of course) to 1671 allow the sendmail.cf file to tweak resolver flags; without 1672 it, flag tweaks in ResolverOptions are ignored. Patch from 1673 Andrew Sun of Merrill Lynch. 1674 Improvements to host status printing code. Suggested by Steve Hubert 1675 of the University of Washington, Seattle. 1676 Change MinQueueAge option processing to do the check for the job age 1677 when reading the queue file, rather than at the end; this 1678 avoids parsing the addresses, which can do DNS lookups. 1679 Problem noted by John Beck of InReference, Inc. 1680 When MIME was being 7->8 bit decoded, "From " lines weren't being 1681 properly escaped. Problem noted by Peter Nilsson of the 1682 University of Linkoping. 1683 In some cases, sendmail would retain root permissions during queue 1684 runs even if RunAsUser was set. Problem noted by Mark 1685 Thomas of Mark G. Thomas Consulting. 1686 If the F=l flag was set on an SMTP mailer to indicate that it is 1687 actually local delivery, and NOTIFY=SUCCESS is specified in 1688 the envelope, and the receiving SMTP server speaks DSN, then 1689 the DSN would be both generated locally and propagated to the 1690 other end. 1691 The U= mailer field didn't correctly extract the group id if the 1692 user id was numeric. Problem noted by Kenneth Herron of 1693 MCI Telecommunications Communications. 1694 If a message exceeded the fixed maximum size on input, the body of 1695 the message was included in the bounce. Note that this did 1696 not occur if it exceeded the maximum _output_ size. Problem 1697 reported by Kyle Jones of UUNET. 1698 PORTABILITY FIXES: 1699 AIX4: 4.1 doesn't have a working setreuid(2); change the 1700 AIX4 defines to use seteuid(2) instead, which 1701 works on 4.1 as well as 4.2. Problem noted by 1702 H�kan Lindholm of interAF, Sweden. 1703 AIX4: use tzname[] vector to determine time zone name. 1704 Patch from NAKAMURA Motonori of Kyoto University. 1705 MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support. 1706 Contributed by Paul DuBois <dubois@primate.wisc.edu>. 1707 Solaris: kstat(3k) support for retrieving the load average. 1708 This adds the LA_KSTAT definition for LA_TYPE. 1709 The outline of the implementation was contributed 1710 by Michael Tokarev of Telecom Service, JSC, Moscow. 1711 HP-UX 10.0 gripes about the (perfectly legal!) forward 1712 declaration of struct rusage at the top of conf.h; 1713 change it to only be included if you are using gcc, 1714 which is apparently the only compiler that requires 1715 it in the first place. Problem noted by Jeff 1716 Earickson of Colby College. 1717 IRIX: don't default to using gcc. IRIX is a civilized 1718 operating system that comes with a decent compiler 1719 by default. Problem noted by Barry Bouwsma and 1720 Kari Hurtta. 1721 CONFIG: specify F=9 as default in FEATURE(local_procmail) for 1722 consistency with other local mailers. Inconsistency 1723 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>. 1724 CONFIG: if the "limited best mx" feature is used (to reduce DNS 1725 overhead) as part of the bestmx_is_local feature, the 1726 domain part was dropped from the name. Patch from Steve 1727 Hubert of the University of Washington, Seattle. 1728 CONFIG: catch addresses of the form "user@.dom.ain"; these could 1729 end up being translated to the null host name, which would 1730 return any entry in /etc/hosts that had a space at the end 1731 of the line. Problem noted by Steve Hubert of the 1732 University of Washington, Seattle. 1733 CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer 1734 Polytechnic Institute. 1735 MAKEMAP: tweak hash and btree parameters for better performance. 1736 Patch from Matt Dillon of Best Internet Communications. 1737 NEW FILES: 1738 src/Makefiles/Makefile.Linux.ppc 1739 cf/ostype/aix4.m4 1740 cf/ostype/mklinux.m4 1741 17428.8.2/8.8.2 96/10/18 1743 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch 1744 changed the code but didn't fix the problem. 1745 PORTABILITY FIXES: 1746 Solaris: Don't use the system getusershell(3); it can 1747 apparently corrupt the heap in some circumstances. 1748 Problem found by Ken Pizzini of Spry, Inc. 1749 OP.ME: document several mailer flags that were accidentally omitted 1750 from this document. These flags were F=d, F=j, F=R, and F=9. 1751 CONFIG: no changes. 1752 17538.8.1/8.8.1 96/10/17 1754 SECURITY: unset all environment variables that the resolver will 1755 examine during queue runs and daemon mode. Problem noted 1756 by Dan Bernstein of the University of Illinois at Chicago. 1757 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain 1758 message could overflow a buffer if it was converted back 1759 to 8 bits. This caused core dumps and has the potential 1760 for a remote attack. Problem first noted by Gregory Shapiro 1761 of WPI. 1762 Avoid duplicate deliveries of error messages on systems that don't 1763 have flock(2) support. Patch from Motonori Nakamura of 1764 Kyoto University. 1765 Ignore null FallBackMX (V) options. If this option is null (as 1766 opposed to undefined) it can cause "null signature" syserrs 1767 on illegal host names. 1768 If a Base64 encoded text/plain message has no trailing newline in 1769 the encoded text, conversion back to 8 bits will drop the 1770 final line. Problem noted by Pierre David. 1771 If running with a RunAsUser, sendmail would give bogus "cannot 1772 setuid" (or seteuid, or setreuid) messages on some systems. 1773 Problem pointed out by Jordan Mendelson of Web Services, Inc. 1774 Always print error messages in -bv mode -- previously, -bv would 1775 be absolutely silent on errors if the error mode was sent 1776 to (say) mail-back. Problem noted by Kyle Jones of UUNET. 1777 If -qI/R/S is set (or the ETRN command is used), ignore all long 1778 term host status. This is necessary because it is common 1779 to do this when you know a host has just come back up. 1780 Disallow duplicate HELO/EHLO commands as required by RFC 1651 section 1781 4.2. Excessive permissiveness noted by Lee Flight of the 1782 University of Leicester. 1783 If a service (such as NIS) is specified as the last entry in the 1784 service switch, but that service is not compiled in, sendmail 1785 would return a temporary failure when an entry was not found 1786 in the map. This caused the message to be queued instead of 1787 bouncing immediately. Problem noted by Harry Edmon of the 1788 University of Washington. 1789 PORTABILITY FIXES: 1790 Solaris 2.3 had compilation problems in conf.c. Several 1791 people pointed this out. 1792 NetBSD from Charles Hannum of MIT. 1793 AIX4 improvements based on info from Steve Bauer of South 1794 Dakota School of Mines & Technology. 1795 CONFIG: ``error:code message'' syntax was broken in virtusertable. 1796 Patch from Gil Kloepfer Jr. 1797 CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set 1798 using MASQUERADE_DOMAIN) were not masqueraded unless they 1799 were also in $=w. Problem noted by Zoltan Basti of 1800 Softec. 1801 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based 1802 on a patch from Eric Hagberg of Morgan Stanley. 1803 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan 1804 of Stanford via Robert La Ferla. 1805 18068.8.0/8.8.0 96/09/26 1807 Under some circumstances, Bcc: headers would not be properly 1808 deleted. Pointed out by Jonathan Kamens of OpenVision. 1809 Log a warning if the sendmail daemon is invoked without a full 1810 pathname, which prevents "kill -1" from working. I was 1811 urged to put this in by Andrey A. Chernov of DEMOS (Russia). 1812 Fix small buffer overflow. Since the data in this buffer was not 1813 read externally, there was no security problem (and in fact 1814 probably wouldn't really overflow on most compilers). Pointed 1815 out by KIZU takashi of Osaka University. 1816 Fix problem causing domain literals such as [1.2.3.4] to be ignored 1817 if a FallbackMXHost was specified in the configuration file 1818 -- all mail would be sent to the fallback even if the original 1819 host was accessible. Pointed out by Munenari Hirayama of 1820 NSC (Japan). 1821 A message that didn't terminate with a newline would (sometimes) not 1822 have the trailing "." added properly in the SMTP dialogue, 1823 causing SMTP to hang. Patch from Per Hedeland of Ericsson. 1824 The DaemonPortOptions suboption to bind to a particular address was 1825 incorrect and nonfunctional due to a misunderstanding of the 1826 semantics of binding on a passive socket. Patch from 1827 NIIBE Yutaka of Mitsubishi Research Institute. 1828 Increase the number of MX hosts for a single name to 100 to better 1829 handle the truly huge service providers such as AOL, which 1830 has 13 at the moment (and climbing). In order to avoid 1831 trashing memory, the buffer for all names has only been 1832 slightly increased in size, to 12.8K from 10.2K -- this means 1833 that if a single name had 100 MX records, the average size 1834 of those records could not exceed 128 bytes. Requested by 1835 Brad Knowles of America On Line. 1836 Restore use of IDENT returns where the OSTYPE field equals "OTHER". 1837 Urged by Dan Bernstein of U.C. Berkeley. 1838 Print q_statdate and q_specificity in address structure debugging 1839 printout. 1840 Expand MCI structure flag bits for debugging output. 1841 Support IPv6-style domain literals, which can have colons between 1842 square braces. 1843 Log open file descriptors for the "cannot dup" messages in deliver(); 1844 this is an attempt to track down a bug that one person seems 1845 to be having (it may be a Solaris bug!). 1846 DSN NOTIFY parameters were not properly propagated across queue runs; 1847 this caused the NOTIFY info to sometimes be lost. Problem 1848 pointed out by Claus Assmann of the 1849 Christian-Albrechts-University of Kiel. 1850 The statistics gathered in the sendmail.st file were too high; in 1851 some cases failures (e.g., user unknown or temporary failure) 1852 would count as a delivery as far as the statistics were 1853 concerned. Problem noted by Tom Moore of AT&T GIS. 1854 Systems that don't have flock() would not send split envelopes in 1855 the initial run. Problem pointed out by Leonard Zubkoff of 1856 Dandelion Digital. 1857 Move buffer overflow checking -- these primarily involve distrusting 1858 results that may come from NIS and DNS. 1859 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't 1860 include <paths.h> and hence had the wrong pathnames for a few 1861 things like /var/tmp. Reported by Matthew Green. 1862 Conditions were reversed for the Priority: header, resulting in all 1863 values being interpreted as non-urgent except for non-urgent, 1864 which was interpreted as normal. Patch from Bryan Costales. 1865 The -o (optional) flag was being ignored on hash and btree maps 1866 since 8.7.2. Fix from Bryan Costales. 1867 Content-Types listed in class "q" will always be encoded as 1868 Quoted-Printable (or more accurately, will never be encoded 1869 as base64). The class can have primary types (e.g., "text") 1870 or full types (e.g., "text/plain"). Based on a suggestion by 1871 Marius Olafsson of the University of Iceland. 1872 Define ${envid} to be the original envelope id (from the ESMTP DSN 1873 dialogue) so it can be passed to programs in mailers. 1874 Define ${bodytype} to be the body type (from the -B flag or the 1875 BODY= ESMTP parameter) so it can be passed to programs in 1876 mailers. 1877 Cause the VRFY command to return 252 instead of 250 unless the F=q 1878 flag is set in the mailer descriptor. Suggested by John 1879 Myers of CMU. 1880 Implement ESMTP ETRN command to flush the queue for a specific host. 1881 The command takes a host name; data for that host is 1882 immediately (and asynchronously) flushed. Because this shares 1883 the -qR implementation, other hosts may be attempted, but 1884 there should be no security implications. Implementation 1885 from John Beck of InReference, Inc. See RFC 1985 for details. 1886 Add three new command line flags to pass in DSN parameters: -V envid 1887 (equivalent to ENVID=envid on the MAIL command), -R ret 1888 (equivalent to RET=ret on the MAIL command), and -Nnotify 1889 (equivalent to NOTIFY=notify on the RCPT command). Note 1890 that the -N flag applies to all recipients; there is no way 1891 to specify per-address notifications on the command line, 1892 nor is there an equivalent for the ORCPT= per-address 1893 parameter. 1894 Restore LogLevel option to be safe (it can only be increased); 1895 apparently I went into paranoid mode between 8.6 and 8.7 1896 and made it unsafe. Pointed out by Dabe Murphy of the 1897 University of Maryland. 1898 New logging on log level 15: all SMTP traffic. Patches from 1899 Andrew Gross of San Diego Supercomputer Center. 1900 NetInfo property value searching code wasn't stopping when it found 1901 a match. This was causing the wrong values to be found (and 1902 had a memory leak). Found by Bastian Schleuter of TU-Berlin. 1903 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed 1904 out by Bill Wisner of Electronics for Imaging that you can't 1905 use the bracket address form for the MAIL_HUB macro, since 1906 that causes the brackets to remain in the envelope recipient 1907 address used for delivery. The simple fix (stripping off the 1908 brackets in the config file) breaks the use of IP literal 1909 addresses. This flag will solve that problem. 1910 Add MustQuoteChars option. This is a list of characters that must 1911 be quoted if they are found in the phrase part of an address 1912 (that is, the full name part). The characters @,;:\()[] are 1913 always in this list and cannot be removed. The default is 1914 this list plus . and ' to match RFC 822. 1915 Add AllowBogusHELO option; if set, sendmail will allow HELO commands 1916 that do not include a host name for back compatibility with 1917 some stupid SMTP clients. Setting this violates RFC 1123 1918 section 5.2.5. 1919 Add MaxDaemonChildren option; if this is set, sendmail will start 1920 rejecting connections if it has more than this many 1921 outstanding children accepting mail. Note that you may 1922 see more processes than this because of outgoing mail; this 1923 is for incoming connections only. 1924 Add ConnectionRateThrottle option. If set to a positive value, the 1925 number of incoming SMTP connections that will be permitted 1926 in a single second is limited to this number. Connections are 1927 not refused during this time, just deferred. The intent is to 1928 flatten out demand so that load average limiting can kick in. 1929 It is less radical than MaxDaemonChildren, which will stop 1930 accepting connections even if all the connections are idle 1931 (e.g., due to connection caching). 1932 Add Timeout.hoststatus option. This interval (defaulting to 30m) 1933 specifies how long cached information about the state of a 1934 host will be kept before they are considered stale and the 1935 host is retried. If you are using persistent host status 1936 (i.e., the HostStatusDirectory option is set) this will apply 1937 between runs; otherwise, it applies only within a single queue 1938 run and hence is useful only for hosts that have large queues 1939 that take a very long time to run. 1940 Add SingleLineFromHeader option. If set, From: headers are coerced 1941 into being a single line even if they had newlines in them 1942 when read. This is to get around a botch in Lotus Notes. 1943 Text class maps were totally broken -- if you ever retrieved the last 1944 item in a table it would be truncated. Problem noted by 1945 Gregory Neil Shapiro of WPI. 1946 Extend the lines printed by the mailq command (== the -bp flag) when 1947 -v is given to 120 characters; this allows more information 1948 to be displayed. Suggested by Gregory Neil Shapiro of WPI. 1949 Allow macro definitions (`D' lines) with unquoted commas; previously 1950 this was treated as end-of-input. Problem noted by Bryan 1951 Costales. 1952 The RET= envelope parameter (used for DSNs) wasn't properly written 1953 to the queue file. Fix from John Hughes of Atlantic 1954 Technologies, Inc. 1955 Close /var/tmp/dead.letter after a successful write -- otherwise 1956 if this happens in a queue run it can cause nasty delays. 1957 Problem noted by Mark Horton of AT&T. 1958 If userdb entries pointed to userdb entries, and there were multiple 1959 values for a given key, the database cursor would get 1960 trashed by the recursive call. Problem noted by Roy Mongiovi 1961 of Georgia Tech. Fixed by reading all the values and creating 1962 a comma-separated list; thus, the -v output will be somewhat 1963 different for this case. 1964 Fix buffer allocation problem with Hesiod-based userdb maps when 1965 HES_GETMAILHOST is defined. Based on a patch by Betty Lee 1966 of Stanford University. 1967 When envelopes were split due to aliases with owner- aliases, and 1968 there was some error on one of the lists, more than one of 1969 the owners would get the message. Problem pointed out by 1970 Roy Mongiovi of Georgia Tech. 1971 Detect excessive recursion in macro expansions, e.g., $X defined 1972 in terms of $Y which is defined in terms of $X. Problem 1973 noted by Bryan Costales; patch from Eric Wassenaar. 1974 When using F=U to get "ugly UUCP" From_ lines, a buffer could in 1975 some cases get trashed causing bogus From_ lines. Fix from 1976 Kyle Jones of UUNET. 1977 When doing load average initialization, if the nlist call for avenrun 1978 failed, the second and subsequent lookups wouldn't notice 1979 that fact causing bogus load averages to be returned. Noted 1980 by Casper Dik of Sun Holland. 1981 Fix problem with incompatibility with some versions of inet_aton that 1982 have changed the return value to unsigned, so a check for an 1983 error return of -1 doesn't work. Use INADDR_NONE instead. 1984 This could cause mail to addresses such as [foo.com] to bounce 1985 or get dropped. Problem noted by Christophe Wolfhugel of the 1986 Pasteur Institute. 1987 DSNs were inconsistent if a failure occurred during the DATA phase 1988 rather than the RCPT phase: the Action: would be correct, but 1989 the detailed status information would be wrong. Problem noted 1990 by Bob Snyder of General Electric Company. 1991 Add -U command line flag and the XUSR ESMTP extension, both indicating 1992 that this is the initial MUA->MTA submission. The flag current 1993 does nothing, but in future releases (when MUAs start using 1994 these flags) it will probably turn on things like DNS 1995 canonification. 1996 Default end-of-line string (E= specification on mailer [M] lines) 1997 to \r\n on SMTP mailers. Default remains \n on non-SMTP 1998 mailers. 1999 Change the internal definition for the *file* and *include* mailers 2000 to have $u in the argument vectors so that they aren't 2001 misinterpreted as SMTP mailers and thus use \r\n line 2002 termination. This will affect anyone who has redefined 2003 either of these in their configuration file. 2004 Don't assume that IDENT servers close the connection after a query; 2005 responses can be newline terminated. From Terry Kennedy of 2006 St. Peter's College. 2007 Avoid core dumps on erroneous configuration files that have 2008 $#mailer with nothing following. From Bryan Costales. 2009 Avoid null pointer dereference with high debug values in unlockqueue. 2010 Fix from Randy Martin of Clemson University. 2011 Fix possible buffer overrun when expanding very large macros. Fix 2012 from Kyle Jones of UUNET. 2013 After 25 EXPN or VRFY commands, start pausing for a second before 2014 processing each one. This avoids a certain form of denial 2015 of service attack. Potential attack pointed out by Bryan 2016 Costales. 2017 Allow new named (not numbered!) config file rules to do validity 2018 checking on SMTP arguments: check_mail for MAIL commands and 2019 check_rcpt for RCPT commands. These rulesets can do anything 2020 they want; their result is ignored unless they resolve to the 2021 $#error mailer, in which case the indicated message is printed 2022 and the command is rejected. Similarly, the check_compat 2023 ruleset is called before delivery with "from_addr $| to_addr" 2024 (the $| is a meta-symbol used to separate the two addresses); 2025 it can give a "this sender can't send to this recipient" 2026 notification. Note that this patch allows $| to stand alone 2027 in rulesets. 2028 Define new macros ${client_name}, ${client_addr}, and ${client_port} 2029 that have the name, IP address, and port number (respectively) 2030 of the SMTP client (that is, the entity at the other end of 2031 the connection. These can be used in (e.g.) check_rcpt to 2032 verify that someone isn't trying to relay mail through your 2033 host inappropriately. Be sure to use the deferred evaluation 2034 form, for example $&{client_name}, to avoid having these bound 2035 when sendmail reads the configuration file. 2036 Add new config file rule check_relay to check the incoming connection 2037 information. Like check_compat, it is passed the host name 2038 and host address separated by $| and can reject connections 2039 on that basis. 2040 Allow IDA-style recursive function calls. Code contributed by Mark 2041 Lovell and Paul Vixie. 2042 Eliminate the "No ! in UUCP From address!" message" -- instead, create 2043 a virtual UUCP address using either a domain address or the $k 2044 macro. Based on code contributed by Mark Lovell and Paul 2045 Vixie. 2046 Add Stanford LDAP map. Requires special libraries that are not 2047 included with sendmail. Contributed by Booker C. Bense 2048 <bbense@networking.stanford.edu>; contact him for support. 2049 See also the src/READ_ME file. 2050 Allow -dANSI to turn on ANSI escape sequences in debug output; this 2051 puts metasymbols (e.g., $+) in reverse video. Really useful 2052 only for debugging deep bits of code where it is important to 2053 distinguish between the single-character metasymbol $+ and the 2054 two characters $, +. 2055 Changed ruleset 89 (executed in dumpstate()) to a named ruleset, 2056 debug_dumpstate. 2057 Add new UnsafeGroupWrites option; if set, .forward and :include: 2058 files that are group writable are considered "unsafe" -- that 2059 is, programs and files referenced from such files are not 2060 valid recipients. 2061 Delete bogosity test for FallBackMX host; this prevented it to be a 2062 name that was not in DNS or was a domain-literal. Problem 2063 noted by Tom May. 2064 Change the introduction to error messages to more clearly delineate 2065 permanent from temporary failures; if both existed in a 2066 single message it could be confusing. Suggested by John 2067 Beck of InReference, Inc. 2068 The IngoreDot (i) option didn't work for lines that were terminated 2069 with CRLF. Problem noted by Ted Stockwell of Secure 2070 Computing Corporation. 2071 Add a heuristic to improve the handling of unbalanced `<' signs in 2072 message headers. Problem reported by Matt Dillon of Best 2073 Internet Communications. 2074 Check for bogus characters in the 0200-0237 range; since these are 2075 used internally, very strange errors can occur if those 2076 characters appear in headers. Problem noted by Anders Gertz 2077 of Lysator. 2078 Implement 7 -> 8 bit MIME conversions. This only takes place if the 2079 recipient mailer has the F=9 flag set, and only works on 2080 text/plain body types. Code contributed by Marius Olafsson 2081 of the University of Iceland. 2082 Special case "postmaster" name so that it is always treated as lower 2083 case in alias files regardless of configuration settings; 2084 this prevents some potential problems where "Postmaster" or 2085 "POSTMASTER" might not match "postmaster". In most cases 2086 this change is a no-op. 2087 The -o map flag was ignored for text maps. Problem noted by Bryan 2088 Costales. 2089 The -a map flag was ignored for dequote maps. Problem noted by 2090 Bryan Costales. 2091 Fix core dump when a lookup of a class "prog" map returns no 2092 response. Patch from Bryan Costales. 2093 Log instances where sendmail is deferring or rejecting connections 2094 on LogLevel 14. Suggested by Kyle Jones of UUNET. 2095 Include port number in process title for network daemons. Suggested 2096 by Kyle Jones of UUNET. 2097 Send ``double bounces'' (errors that occur when sending an error 2098 message) to the address indicated in the DoubleBounceAddress 2099 option (default: postmaster). Previously they were always 2100 sent to postmaster. Suggested by Kyle Jones of UUNET. 2101 Add new mode, -bD, that acts like -bd in all respects except that 2102 it runs in foreground. This is useful for using with a 2103 wrapper that "watches" system services. Suggested by Kyle 2104 Jones of UUNET. 2105 Fix botch in spacing around (parenthesized) comments in addresses 2106 when the comment comes before the address. Patch from 2107 Motonori Nakamura of Kyoto University. 2108 Use the prefix "Postmaster notify" on the Subject: lines of messages 2109 that are being bounced to postmaster, rather than "Returned 2110 mail". This permits the person who is postmaster more 2111 easily determine what messages are to their role as 2112 postmaster versus bounces to mail they actually sent. Based 2113 on a suggestion by Motonori Nakamura. 2114 Add new value "time" for QueueSortOrder option; this causes the queue 2115 to be sorted strictly by the time of submission. Note that 2116 this can cause very bad behaviour over slow lines (because 2117 large jobs will tend to delay small jobs) and on nodes with 2118 heavy traffic (because old things in the queue for hosts that 2119 are down delay processing of new jobs). Also, this does not 2120 guarantee that jobs will be delivered in submission order 2121 unless you also set DeliveryMode=queue. In general, it should 2122 probably only be used on the command line, and only in 2123 conjunction with -qRhost.domain. In fact, there are very few 2124 cases where it should be used at all. Based on an 2125 implementation by Motonori Nakamura. 2126 If a map lookup in ruleset 5 returns tempfail, queue the message in 2127 the same manner as other rulesets. Previously a temporary 2128 failure in ruleset 5 was ignored. Patch from Booker Bense 2129 of Stanford University. 2130 Don't proceed to the next MX host if an SMTP MAIL command returns a 2131 5yz (permanent failure) code. The next MX host will still be 2132 tried if the connection cannot be opened in the first place 2133 or if the MAIL command returns a 4yz (temporary failure) code. 2134 (It's hard to know what to do here, since neither RFC 974 nor 2135 RFC 1123 specify when to proceed to the next MX host.) 2136 Suggested by Jonathan Kamens of OpenVision, Inc. 2137 Add new "-t" flag for map definitions (the "K" line in the .cf file). 2138 This causes map lookups that get a temporary failure (e.g., 2139 name server failure) to _not_ defer the delivery of the 2140 message. This should only be used if your configuration file 2141 is prepared to do something sensible in this case. Based on 2142 an idea by Gregory Shapiro of WPI. 2143 Fix problem finding network interface addresses. Patch from 2144 Motonori Nakamura. 2145 Don't reject qf entries that are not owned by your effective uid if 2146 you are not running setuid; this makes management of certain 2147 kinds of firewall setups difficult. Patch suggested by 2148 Eamonn Coleman of Qualcomm. 2149 Add persistent host status. This keeps the information normally 2150 maintained within a single queue run in disk files that are 2151 shared between sendmail instances. The HostStatusDirectory 2152 is the directory in which the information is maintained. If 2153 not set, persistent host status is turned off. If not a full 2154 pathname, it is relative to the queue directory. A common 2155 value is ".hoststat". 2156 There are also two new operation modes: 2157 * -bh prints the status of hosts that have had recent 2158 connections. 2159 * -bH purges the host statuses. No attempt is made to save 2160 recent status information. 2161 This feature was originally written by Paul Vixie of Vixie 2162 Enterprises for KJS and adapted for V8 by Mark Lovell of 2163 Bigrock Consulting. Paul's funding of Mark and Mark's patience 2164 with my insistence that things fit cleanly into the V8 2165 framework is gratefully appreciated. 2166 New SingleThreadDelivery option (requires HostStatusDirectory to 2167 operate). Avoids letting two sendmails on the local machine 2168 open connections to the same remote host at the same time. 2169 This reduces load on the other machine, but can cause mail to 2170 be delayed (for example, if one sendmail is delivering a huge 2171 message, other sendmails won't be able to send even small 2172 messages). Also, it requires another file descriptor (for the 2173 lock file) per connection, so you may have to reduce 2174 ConnectionCacheSize to avoid running out of per-process 2175 file descriptors. Based on the persistent host status code 2176 contributed by Paul Vixie and Mark Lovell. 2177 Allow sending to non-simple files (e.g., /dev/null) even if the 2178 SafeFileEnvironment option is set. Problem noted by Bryan 2179 Costales. 2180 The -qR flag mistakenly matched flags in the "R" line of the queue 2181 file. Problem noted by Bryan Costales. 2182 If a job was aborted using the interrupt signal (e.g., control-C from 2183 the keyboard), on some occasions an empty df file would be 2184 left around; these would collect in the queue directory. 2185 Problem noted by Bryan Costales. 2186 Change the makesendmail script to enhance the search for Makefiles 2187 based on release number. For example, on SunOS 5.5.1, it will 2188 search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then 2189 Makefile.SunOS.5.x (in addition to the other rules, e.g., 2190 adding $arch). Problem noted by Jason Mastaler of Atlanta 2191 Webmasters. 2192 When creating maps using "newaliases", always map the keys to lower 2193 case when creating the map unless the -f flag is specified on 2194 the map itself. Previously this was done based on the F=u 2195 flag in the local mailer, which meant you could create aliases 2196 that you could never access. Problem noted by Bob Wu of DEC. 2197 When a job was read from the queue, the bits causing notification on 2198 failure or delay were always set. This caused those 2199 notifications to be sent even if NOTIFY=NEVER had been 2200 specified. Problem noted by Steve Hubert of the University 2201 of Washington, Seattle. 2202 Add new configurable routine validate_connection (in conf.c). This 2203 lets you decide if you are willing to accept traffic from 2204 this host. If it returns FALSE, all SMTP commands will return 2205 "550 Access denied". -DTCPWRAPPERS will include support for 2206 TCP wrappers; you will need to add -lwrap to the link line. 2207 (See src/READ_ME for details.) 2208 Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster 2209 bounces. Some people seemed to think that this could be 2210 confusing (even though it is true). Suggested by Motonori 2211 Nakamura. 2212 Add new RunAsUser option; this causes sendmail to do a setuid to that 2213 user early in processing to avoid potential security problems. 2214 However, this means that all .forward and :include: files must 2215 be readable by that user, and all files to be written must be 2216 writable by that user and all programs will be executed by that 2217 user. It is also incompatible with the SafeFileEnvironment 2218 option. In other words, it may not actually add much to 2219 security. However, it should be useful on firewalls and other 2220 places where users don't have accounts and the aliases file is 2221 well constrained. 2222 Add Timeout.iconnect. This is like Timeout.connect except it is used 2223 only on the first attempt to delivery to an address. It could 2224 be set to be lower than Timeout.connect on the principle that 2225 the mail should go through quickly to responsive hosts; less 2226 responsive hosts get to wait for the next queue run. 2227 Fix a problem on Solaris that occasionally causes programs 2228 (such as vacation) to hang with their standard input connected 2229 to a UDP port. It also created some signal handling problems. 2230 The problems turned out to be an interaction between vfork(2) 2231 and some of the libraries, particularly NIS/NIS+. I am 2232 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix. 2233 Change user class map to do the same matching that actual delivery 2234 will do instead of just a /etc/passwd lookup. This adds 2235 fuzzy matching to the user map. Patch from Dan Oscarsson. 2236 The Timeout.* options are not safe -- they can be used to create a 2237 denial-of-service attack. Problem noted by Christophe 2238 Wolfhugel. 2239 Don't send PostMasterCopy messages in the event of a "delayed" 2240 notification. Suggested by Barry Bouwsma. 2241 Don't advertise "VERB" ESMTP extension if the "noexpn" privacy 2242 option is set, since this disables VERB mode. Suggested 2243 by John Hawkinson of MIT. 2244 Complain if the QueueDirectory (Q) option is not set. Problem noted 2245 by Motonori Nakamura of Kyoto University. 2246 Only queue messages on transient .forward open failures if there 2247 were no successful opens. The previous behaviour caused it 2248 to queue even if a "fall back" .forward was found. Problem 2249 noted by Ann-Kian Yeo of the Dept. of Information Systems 2250 and Computer Science (DISCS), NUS, Singapore. 2251 Don't do 8->7 bit conversions when bouncing a MIME message that 2252 is bouncing because of a MIME error during 8->7 bit conversion; 2253 the encapsulated message will bounce again, causing a loop. 2254 Problem noted by Steve Hubert of the University of Washington. 2255 Create xf (transcript) files using the TempFileMode option value 2256 instead of 0644. Suggested by Ann-Kian Yeo of the 2257 National University of Singapore. 2258 Print errors if setgid/setuid/etc. fail during delivery. This helps 2259 detect cases where DefaultUid is set to something that the 2260 system can't cope with. 2261 PORTABILITY FIXES: 2262 Support for AIX/RS 2.2.1 from Mark Whetzel of Western 2263 Atlas International. 2264 Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell 2265 <bicknell@ufp.org>. 2266 On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only 2267 work on the first recipient of a message due to a 2268 bug in the getpwent family. If this is something you 2269 use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a 2270 workaround. From Maximum Entropy of Sanford C. 2271 Bernstein and Associates. 2272 FreeBSD 1.1.5.1 uname -r returns a string containing 2273 parentheses, which breaks makesendmail. Reported 2274 by Piero Serini <piero@strider.ibenet.it>. 2275 Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of 2276 Systems and Computer Technology Corporation. 2277 Solaris 2.x: omit the UUCP grade parameter (-g flag) because 2278 it is system-dependent. Problem noted by J.J. Bailey 2279 of Bailey Computer Consulting. 2280 Pyramid NILE running DC/OSx support from Earle F. Ake of 2281 Hassler Communication Systems Technology, Inc. 2282 HP-UX 10.x compile glitches, reported by Anne Brink of the 2283 U.S. Army and James Byrne of Harte & Lyne Limited. 2284 NetBSD from Matthew Green of the NetBSD crew. 2285 SCO 5.x from Keith Reynolds of SCO. 2286 IRIX 6.2 from Robert Tarrall of the University of 2287 Colorado and Kari Hurtta of the Finnish Meteorological 2288 Institute. 2289 UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R. 2290 Lopez, CICA (Seville). 2291 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR. 2292 PTX 3.2.0 from Kenneth Stailey of the US Department of Labor 2293 Employment Standards Administration. 2294 Altos System V (5.3.1) from Tim Rice of Multitalents. 2295 Concurrent Systems Corporation Maxion from Donald R. Laster 2296 Jr. 2297 NetInfo maps (improved debugging and multi-valued aliases) 2298 from Adrian Steinmann of Steinmann Consulting. 2299 ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler) 2300 from Eric Schnoebelen of Convex. 2301 Linux 2.0 mail.local patches from Horst von Brand. 2302 NEXTSTEP 3.x compilation from Robert La Ferla. 2303 NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT. 2304 Solaris 2.5 configuration fixes for mail.local by Jim Davis 2305 of the University of Arizona. 2306 Solaris 2.5 has a working setreuid. Noted by David Linn of 2307 Vanderbilt University. 2308 Solaris changes for praliases, makemap, mailstats, and smrsh. 2309 Previously you had to add -DSOLARIS in Makefile.dist; 2310 this auto-detects. Based on a patch from Randall 2311 Winchester of the University of Maryland. 2312 CONFIG: add generic-nextstep3.3.mc file. Contributed by 2313 Robert La Ferla of Hot Software. 2314 CONFIG: allow mailertables to resolve to ``error:code message'' 2315 (where "code" is an exit status) on domains (previously 2316 worked only on hosts). Patch from Cor Bosman of Xs4all 2317 Foundation. 2318 CONFIG: hooks for IPv6-style domain literals. 2319 CONFIG: predefine ALIAS_FILE and change the prototype file so that 2320 if it is undefined the AliasFile option is never set; this 2321 should be transparent for most everyone. Suggested by John 2322 Myers of CMU. 2323 CONFIG: add FEATURE(limited_masquerade). Without this feature, any 2324 domain listed in $=w is masqueraded. With it, only those 2325 domains listed in a MASQUERADE_DOMAIN macro are masqueraded. 2326 CONFIG: add FEATURE(masquerade_entire_domain). This causes 2327 masquerading specified by MASQUERADE_DOMAIN to apply to all 2328 hosts under those domains as well as the domain headers 2329 themselves. For example, if a configuration had 2330 MASQUERADE_DOMAIN(foo.com), then without this feature only 2331 foo.com would be masqueraded; with it, *.foo.com would be 2332 masqueraded as well. Based on an implementation by Richard 2333 (Pug) Bainter of U. Texas. 2334 CONFIG: add FEATURE(genericstable) to do a more general rewriting of 2335 outgoing addresses. Defaults to ``hash -o /etc/genericstable''. 2336 Keys are user names; values are outgoing mail addresses. Yes, 2337 this does overlap with the user database, and figuring out 2338 just when to use which one may be tricky. Based on code 2339 contributed by Richard (Pug) Bainter of U. Texas with updates 2340 from Per Hedeland of Ericsson. 2341 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of 2342 incoming addresses. Defaults to ``hash -o /etc/virtusertable''. 2343 Keys are either fully qualified addresses or just the host 2344 part (with the @ sign). For example, a table containing: 2345 info@foo.com foo-info 2346 info@bar.com bar-info 2347 @baz.org jane@elsewhere.net 2348 would send all mail destined for info@foo.com to foo-info 2349 (which is presumably an alias), mail addressed to info@bar.com 2350 to bar-info, and anything addressed to anyone at baz.org will 2351 be sent to jane@elsewhere.net. The names foo.com, bar.com, 2352 and baz.org must all be in $=w. Based on discussions with 2353 a great many people. 2354 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS. 2355 Suggested by Richard Bainter. 2356 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the 2357 "fax" mailer. 2358 CONFIG: allow mailertable entries to resolve to local:user; this 2359 passes the original user@host in to procmail-style local 2360 mailers as the "detail" information to allow them to do 2361 additional clever processing. From Joe Pruett of 2362 Teleport Corporation. Delivery to the original user can 2363 be done by specifying "local:" (with nothing after the colon). 2364 CONFIG: allow any context that takes "mailer:domain" to also take 2365 "mailer:user@domain" to force mailing to the given user; 2366 "local:user" can also be used to do local delivery. This 2367 applies on *_RELAY and in the mailertable entries. Based 2368 on a suggestion by Ribert Kiessling of Easynet. 2369 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that 2370 limits the possible domains; this reduces the number of DNS 2371 lookups required to support this feature. For example, 2372 FEATURE(bestmx_is_local, my.site.com) limits the lookups 2373 to domains under my.site.com. Code contributed by Anthony 2374 Thyssen <anthony@cit.gu.edu.au>. 2375 CONFIG: LOCAL_RULESETS introduces any locally defined rulesets, 2376 such as the check_rcpt ruleset. Suggested by Gregory Shapiro 2377 of WPI. 2378 CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the 2379 event you have to define local mailers. Suggested by 2380 Gregory Shapiro of WPI. 2381 CONFIG: fix cases where a three- (or more-) stage route-addr could 2382 be misinterpreted as a list:...; syntax. Based on a patch by 2383 Vlado Potisk <Vlado_Potisk@tempest.sk>. 2384 CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is 2385 remotely connected. The address host!user was being 2386 converted to host!user@thishost instead of host!user@uurelay. 2387 Problem noted by William Gianopoulos of Raytheon Company. 2388 CONFIG: add confTO_ICONNECT to set Timeout.iconnect. 2389 CONFIG: change FEATURE(redirect) message from "User not local" to 2390 "User has moved"; the former wording was confusing if the 2391 new address is still on the local host. Based on a suggestion 2392 by Andreas Luik. 2393 CONFIG: add support in FEATURE(nullclient) for $=E (exposed users). 2394 However, the class is not pre-initialized to contain root. 2395 Suggested by Gregory Neil Shapiro. 2396 CONTRIB: Remove XLA code at the request of the author, Christophe 2397 Wolfhugel. 2398 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm. 2399 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note 2400 well: this produces a slightly different mailbox format (no 2401 Content-Length: headers), file ownerships and modes are 2402 different (not owned by group mail; mode 600 instead of 660), 2403 and the local mailer flags will have to be tweaked (make them 2404 match bsd4.4) in order to use this mailer. Patches from Paul 2405 Hammann of the Missouri Research and Education Network. 2406 MAIL.LOCAL: in some cases it could return EX_OK even though there 2407 was a delivery error, such as if the ownership on the file 2408 was wrong or the mode changed between the initial stat and 2409 the open. Problem reported by William Colburn of the New 2410 Mexico Institute of Mining and Technology. 2411 MAILSTATS: handle zero length files more reliably. Patch from Bryan 2412 Costales. 2413 MAILSTATS: add man page contributed by Keith Bostic of BSDI. 2414 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't 2415 honored. Fix from Michael Scott Shappe. 2416 PRALIASES: add man page contributed by Keith Bostic of BSDI. 2417 NEW FILES: 2418 src/Makefiles/Makefile.AIX.2 2419 src/Makefiles/Makefile.IRIX.6.2 2420 src/Makefiles/Makefile.maxion 2421 src/Makefiles/Makefile.NCR.MP-RAS.3.x 2422 src/Makefiles/Makefile.SCO.5.x 2423 src/Makefiles/Makefile.UXPDSV20 2424 mailstats/mailstats.8 2425 praliases/praliases.8 2426 cf/cf/generic-nextstep3.3.mc 2427 cf/feature/genericstable.m4 2428 cf/feature/limited_masquerade.m4 2429 cf/feature/masquerade_entire_domain.m4 2430 cf/feature/virtusertable.m4 2431 cf/ostype/aix2.m4 2432 cf/ostype/altos.m4 2433 cf/ostype/maxion.m4 2434 cf/ostype/solaris2.ml.m4 2435 cf/ostype/uxpds.m4 2436 contrib/re-mqueue.pl 2437 DELETED FILES: 2438 src/Makefiles/Makefile.Solaris 2439 contrib/xla/README 2440 contrib/xla/xla.c 2441 RENAMED FILES: 2442 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x 2443 src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2 2444 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10 2445 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x 2446 src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x 2447 24488.7.6/8.7.3 96/09/17 2449 SECURITY: It is possible to force getpwuid to fail when writing the 2450 queue file, causing sendmail to fall back to running programs 2451 as the default user. This is not exploitable from off-site. 2452 Workarounds include using a unique user for the DefaultUser 2453 (old u & g options) and using smrsh as the local shell. 2454 SECURITY: fix some buffer overruns; in at least one case this allows 2455 a local user to get root. This is not known to be exploitable 2456 from off-site. The workaround is to disable chfn(1) commands. 2457 24588.7.5/8.7.3 96/03/04 2459 Fix glitch in 8.7.4 when putting certain internal lines; this can 2460 in some case cause connections to hang or messages to have 2461 extra spaces in odd places. Patch from Eric Wassenaar; 2462 reports from Eric Hall of Chiron Corporation, Stephen 2463 Hansen of Stanford University, Dean Gaudet of HotWired, 2464 and others. 2465 24668.7.4/8.7.3 96/02/18 2467 SECURITY: In some cases it was still possible for an attacker to 2468 insert newlines into a queue file, thus allowing access to 2469 any user (except root). 2470 CONFIG: no changes -- it is not a bug that the configuration 2471 version number is unchanged. 2472 24738.7.3/8.7.3 95/12/03 2474 Fix botch in name server timeout in RCPT code; this problem caused 2475 two responses in SMTP, which breaks things horribly. Fix 2476 from Gregory Neil Shapiro of WPI. 2477 Verify that L= value on M lines cannot be negative, which could cause 2478 negative array subscripting. Not a security problem since 2479 this has to be in the config file, but it could have caused 2480 core dumps. Pointed out by Bryan Costales. 2481 Fix -d21 debug output for long macro names. Pointed out by Bryan 2482 Costales. 2483 PORTABILITY FIXES: 2484 SCO doesn't have ftruncate. From Bill Aten of Computerizers. 2485 IBM's version of arpa/nameser.h defaults to the wrong byte 2486 order. Tweak it to work properly. Based on fixes 2487 from Fletcher Mattox of UTexas and Betty Lee of 2488 Stanford University. 2489 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option. 2490 Deficiency pointed out by Bryan Costales of ICSI. 2491 24928.7.2/8.7.2 95/11/19 2493 REALLY fix the backslash escapes in SmtpGreetingMessage, 2494 OperatorChars, and UnixFromLine options. They were not 2495 properly repaired in 8.7.1. 2496 Completely delete the Bcc: header if and only if there are other 2497 valid recipient headers (To:, Cc: or Apparently-To:, the 2498 last being a historic botch, of course). If Bcc: is the 2499 only recipient header in the message, its value is tossed, 2500 but the header name is kept. The old behaviour (always keep 2501 the header name and toss the value) allowed primary recipients 2502 to see that a Bcc: went to _someone_. 2503 Include queue id on ``Authentication-Warning: <host>: <user> set 2504 sender to <address> using -f'' syslog messages. Suggested 2505 by Kari Hurtta. 2506 If a sequence or switch map lookup entry gets a tempfail but then 2507 continues on to another map type, but the name is not found, 2508 return a temporary failure from the sequence or switch map. 2509 For example, if hosts search ``dns files'' and DNS fails 2510 with a tempfail, the hosts map will go on and search files, 2511 but if it fails the whole thing should be a tempfail, not 2512 a permanent (host unknown) failure, even though that is the 2513 failure in the hosts.files map. This error caused hard 2514 bounces when it should have requeued. 2515 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo 2516 owned by bar mode 700 and inbox being setuid bar stopped 2517 working properly due to excessive paranoia. Pointed out by 2518 John Hawkinson of Panix. 2519 An SMTP RCPT command referencing a host that gave a nameserver 2520 timeout would return a 451 command (8.6 accepted it and 2521 queued it locally). Revert to the 8.6 behaviour in order 2522 to simplify queue management for clustered systems. Suggested 2523 by Gregory Neil Shapiro of WPI. The same problem could break 2524 MH, which assumes that the SMTP session will succeed (tsk, tsk 2525 -- mail gets lost!); this was pointed out by Stuart Pook of 2526 Infobiogen. 2527 Fix possible buffer overflow in munchstring(). This was not a security 2528 problem because you couldn't specify any argument to this 2529 without first giving up root privileges, but it is still a 2530 good idea to avoid future problems. Problem noted by John 2531 Hawkinson and Sam Hartman of MIT. 2532 ``452 Out of disk space for temp file'' messages weren't being 2533 printed. Fix from David Perlin of Nanosoft. 2534 Don't advertise the ESMTP DSN extension if the SendMIMEErrors option 2535 is not set, since this is required to get the actual DSNs 2536 created. Problem pointed out by John Gardiner Myers of CMU. 2537 Log permission problems that cause .forward and :include: files to 2538 be untrusted or ignored on log level 12 and higher. Suggested 2539 by Randy Martin of Clemson University. 2540 Allow user ids in U= clauses of M lines to have hyphens and 2541 underscores. 2542 Fix overcounting of recipients -- only happened when sending to an 2543 alias. Pointed out by Mark Andrews of SGI and Jack Woolley 2544 of Systems and Computer Technology Corporation. 2545 If a message is sent to an address that fails, the error message that 2546 is returned could show some extraneous "success" information 2547 included even if the user did not request success notification, 2548 which was confusing. Pointed out by Allan Johannesen of WPI. 2549 Config files that had no AliasFile definition were defaulting to 2550 using /etc/aliases; this caused problems with nullclient 2551 configurations. Change it back to the 8.6 semantics of 2552 having no local alias file unless it is declared. Problem 2553 noted by Charles Karney of Princeton University. 2554 Fix compile problem if NOTUNIX is defined. Pointed out by Bryan 2555 Costales of ICSI. 2556 Map lookups of class "userdb" maps were always case sensitive; they 2557 should be controlled by the -f flag like other maps. Pointed 2558 out by Bjart Kvarme <bjart.kvarme@usit.uio.no>. 2559 Fix problem that caused some addresses to be passed through ruleset 5 2560 even when they were tagged as "sticky" by prefixing the 2561 address with an "@". Patch from Thomas Dwyer III of Michigan 2562 Technological University. 2563 When converting a message to Quoted-Printable, prevent any lines with 2564 dots alone on a line by themselves. This is because of the 2565 preponderance of broken mailers that still get this wrong. 2566 Code contributed by Per Hedeland of Ericsson. 2567 Fix F{macro}/file construct -- it previously did nothing. Pointed 2568 out by Bjart Kvarme of USIT/UiO (Norway). 2569 Announce whether a cached connection is SMTP or ESMTP (in -v mode). 2570 Requested by Allan Johannesen. 2571 Delete check for text format of alias files -- it should be legal 2572 to have the database format of the alias files without the 2573 text version. Problem pointed out by Joe Rhett of Navigist, 2574 Inc. 2575 If "Ot" was specified with no value, the TZ variable was not properly 2576 imported from the environment. Pointed out by Frank Crawford 2577 <frank@ansto.gov.au>. 2578 Some architectures core dumped on "program" maps that didn't have 2579 extra arguments. Patch from Booker C. Bense of Stanford 2580 University. 2581 Queue run processes would re-spawn daemons when given a SIGHUP; only 2582 the parent should do this. Fix from Brian Coan of the 2583 Association for Progressive Communications. 2584 If MinQueueAge was set and a message was considered but not run 2585 during a queue run and the Timeout.queuereturn interval was 2586 reached, a "timed out" error message would be returned that 2587 didn't include the failed address (and claimed to be a warning 2588 even though it was fatal). The fix is to not return such 2589 messages until they are actually tried, i.e., in the next 2590 MinQueueAge interval. Problem noted by Rein Tollevik of 2591 SINTEF RUNIT, Oslo. 2592 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions 2593 that have the hes_getmailhost() routine. DEC Hesiod 2594 distributions do not have this routine. Based on a patch 2595 from Betty Lee of Stanford University. 2596 Extensive cleanups to map open code to handle a locking race condition 2597 in ndbm, hash, and btree format database files on some (most 2598 non-4.4-BSD based) OS architectures. This should solve the 2599 occasional "user unknown" problem during alias rebuilds that 2600 has plagued me for quite some time. Based on a patch from 2601 Thomas Dwyer III of Michigan Technological University. 2602 PORTABILITY FIXES: 2603 Solaris: Change location of newaliases and mailq from 2604 /usr/ucb to /usr/bin to match Sun settings. From 2605 James B. Davis of TCI. 2606 DomainOS: Makefile.DomainOS doesn't require -ldbm. From 2607 Don Lewis of Silicon Systems. 2608 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x 2609 so that the makesendmail script will find it. Pointed 2610 out by Richard Allen of the University of Iceland. 2611 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which 2612 isn't supported on all compilers. 2613 UXPDS: compilation fixes from Diego R. Lopez. 2614 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless 2615 you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE. 2616 CONFIG: Minor glitch in S21 -- attachment of local domain name 2617 didn't have trailing dot. From Jim Hickstein of Teradyne. 2618 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as 2619 user%host@thishost. From Claude Scarpelli of Infobiogen 2620 (France). 2621 CONFIG: OSTYPE(hpux10) failed to define the location of the help file. 2622 Pointed out by Hannu Martikka of Nokia Telecommunications. 2623 CONFIG: Diagnose some inappropriate ordering in configuration files, 2624 such as FEATURE(smrsh) listed after MAILER(local). Based on 2625 a bug report submitted by Paul Hoffman of Proper Publishing. 2626 CONFIG: Make OSTYPE files consistently not override settings that 2627 have already been set. Previously it worked differently 2628 for different files. 2629 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take 2630 is that this is wrong, but the change was causing problems 2631 for some people. From Per Hedeland of Ericsson. 2632 CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>; 2633 portability changes for Posix environments (no functional 2634 changes). 2635 26368.7.1/8.7.1 95/10/01 2637 Old macros that have become options (SmtpGreetingMessage, 2638 OperatorChars, and UnixFromLine) didn't allow backslash 2639 escapes in the options, where they previously had. Bug 2640 pointed out by John Hawkinson of MIT. 2641 Fix strange case of an executable called by a program map that 2642 returns a value but also a non-zero exit status; this 2643 would give contradictory results in the higher level; in 2644 particular, the default clause in the map lookup would be 2645 ignored. Change to ignore the value if the program returns 2646 non-zero exit status. From Tom Moore of AT&T GIS. 2647 Shorten parameters passed to syslog() in some contexts to avoid a 2648 bug in many vendors' implementations of that routine. Although 2649 this isn't really a bug in sendmail per se, and my solution 2650 has to assume that syslog() has at least a 1K buffer size 2651 internally (I know some vendors have shortened this 2652 dramatically -- they're on their own), sendmail is a popular 2653 target. Also, limit the size of %s arguments in sprintf. 2654 These both have possible security implications. Solutions 2655 suggested by Casper Dik of Sun's Network Security Group 2656 (Holland), Mark Seiden, and others. 2657 Fix a problem that might cause a non-standard -B (body type) 2658 parameter to be passed to the next server with undefined 2659 results. This could have security implications. 2660 If a filesystem was at > 100% utilization, the freediskspace() 2661 routine incorrectly returned an error rather than zero. 2662 Problem noted by G. Paul Ziemba of Alantec. 2663 Change MX sort order so that local hostnames (those in $=w) always 2664 sort first within a given preference. This forces the bestmx 2665 map to always return the local host first, if it is included 2666 in the list of highest priority MX records. From K. Robert 2667 Elz. 2668 Avoid some possible null pointer dereferences. Fixes from Randy 2669 Martin <WOLF@CLEMSON.EDU> 2670 When sendmail starts up on systems that have no fully qualified 2671 domain name (FQDN) anywhere in the first matching host map 2672 (e.g., /etc/hosts if the hosts service searches "files dns"), 2673 sendmail would sleep to try to find a FQDN, which it really 2674 really needs. This has been changed to fall through to the 2675 next map type if it can't find a FQDN -- i.e., if the hosts 2676 file doesn't have a FQDN, it will try dns even though the 2677 short name was found in /etc/hosts. This is probably a crock, 2678 but many people have hosts files without FQDNs. Remember: 2679 domain names are your friends. 2680 Log a high-priority message if you can't find your FQDN during startup. 2681 Suggested by Simon Barnes of Schlumberger Limited. 2682 When using Hesiod, initialize it early to improve error reporting. 2683 Patch from Don Lewis of Silicon Systems, Inc. 2684 Apparently at least some versions of Linux have a 90 !minute! TCP 2685 connection timeout in the kernel. Add a new "connect" timeout 2686 to limit this time. Defaults to zero (use whatever the 2687 kernel provides). Based on code contributed by J.R. Oldroyd 2688 of TerraNet. 2689 Under some circumstances, a failed message would not be properly 2690 removed from the queue, causing tons of bogus error messages. 2691 (This fix eliminates the problematic EF_KEEPQUEUE flag.) 2692 Problem noted by Allan E Johannesen and Gregory Neil Shapiro 2693 of WPI. 2694 PORTABILITY FIXES: 2695 On IRIX 5.x, there was an inconsistency in the setting 2696 of sendmail.st location. Change the Makefile to 2697 install it in /var/sendmail.st to match the OSTYPE 2698 file and SGI standards. From Andre 2699 <andre@curry.zfe.siemens.de>. 2700 Support for Fujitsu/ICL UXP/DS (For the DS/90 Series) 2701 from Diego R. Lopez <drlopez@cica.es>. 2702 Linux compilation patches from J.R. Oldroyd of TerraNet, Inc. 2703 LUNA 2 Mach patches from Motonori Nakamura. 2704 SunOS Makefile was including -ldbm, which is for the old 2705 dbm library. The ndbm library is part of libc. 2706 CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with 2707 ``local configuration error'' in nullclient configuration. 2708 Patch from Gregory Neil Shapiro of WPI. 2709 CONFIG: don't allow an alias file in nullclient configurations -- 2710 since all addresses are relayed, they give errors during 2711 rebuild. Suggested by Per Hedeland of Ericsson. 2712 CONFIG: local mailer on Solaris 2 should always get a -f flag because 2713 otherwise the F=S causes the From_ line to imply that root is 2714 the sender. Problem pointed out by Claude Scarpelli of 2715 Infobiogen (France). 2716 NEW FILES: 2717 cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake) 2718 src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake) 2719 src/Makefiles/Makefile.UXPDS 2720 27218.7/8.7 95/09/16 2722 Fix a problem that could cause sendmail to run out of file 2723 descriptors due to a trashed data structure after a 2724 vfork. Fix from Brian Coan of the Institute for 2725 Global Communications. 2726 Change the VRFY response if you have disabled VRFY -- some 2727 people seemed to think that it was too rude. 2728 Avoid reference to uninitialized file descriptor if HASFLOCK 2729 was not defined. This was used "safely" in the sense 2730 that it only did a stat, but it would have set the 2731 map modification time improperly. Problem pointed out 2732 by Roy Mongiovi of Georgia Tech. 2733 Clean up the Subject: line on warning messages and return 2734 receipts so that they don't say "Returned mail:"; this 2735 can be confusing. 2736 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is 2737 useful enough to make it worthwhile printing on "-d". 2738 Avoid logging alias statistics every time you read the alias 2739 file on systems with no database method compiled in. 2740 If you have a name with a trailing dot, and you try looking it 2741 up using gethostbyname without the dot (for /etc/hosts 2742 compatibility), be sure to turn off RES_DEFNAMES and 2743 RES_DNSRCH to avoid finding the wrong name accidentally. 2744 Problem noted by Charles Amos of the University of 2745 Maryland. 2746 Don't do timeouts in collect if you are not running SMTP. 2747 There is nothing that says you can't have a long 2748 running program piped into sendmail (possibly via 2749 /bin/mail, which just execs sendmail). Problem reported 2750 by Don "Truck" Lewis of Silicon Systems. 2751 Try gethostbyname() even if the DNS lookup fails iff option I 2752 is not set. This allows you to have hosts listed in 2753 NIS or /etc/hosts that are not known to DNS. It's normally 2754 a bad idea, but can be useful on firewall machines. This 2755 should really be broken out on a separate flag, I suppose. 2756 Avoid compile warnings against BIND 4.9.3, which uses function 2757 prototypes. From Don Lewis of Silicon Systems. 2758 Avoid possible incorrect diagnosis of DNS-related errors caused 2759 by things like attempts to resolve uucp names using 2760 $[ ... $] -- the fix is to clear h_errno at appropriate 2761 times. From Kyle Jones of UUNET. 2762 SECURITY: avoid denial-of-service attacks possible by destroying 2763 the alias database file by setting resource limits low. 2764 This involves adding two new compile-time options: 2765 HASSETRLIMIT (indicating that setrlimit(2) support is 2766 available) and HASULIMIT (indicating that ulimit(2) support 2767 is available -- the Release 3 form is used). The former 2768 is assumed on BSD-based systems, the latter on System 2769 V-based systems. Attack noted by Phil Brandenberger of 2770 Swarthmore University. 2771 New syntaxes in test (-bt) mode: 2772 ``.Dmvalue'' will define macro "m" to "value". 2773 ``.Ccvalue'' will add "value" to class "c". 2774 ``=Sruleset'' will dump the contents of the indicated 2775 ruleset. 2776 ``=M'' will display the known mailers. 2777 ``-ddebug-spec'' is equivalent to the command-line 2778 -d debug flag. 2779 ``$m'' will print the value of macro $m. 2780 ``$=c'' will print the contents of class $=c. 2781 ``/mx host'' returns the MX records for ``host''. 2782 ``/parse address'' will parse address, returning the value of 2783 crackaddr (essentially, the comment information) 2784 and the parsed address. 2785 ``/try mailer address'' will rewrite address into the form 2786 it will have when presented to the indicated mailer. 2787 ``/tryflags flags'' will set flags used by parsing. The 2788 flags can be `H' for header or `E' for envelope, 2789 and `S' for sender or `R' for recipient. These 2790 can be combined, so `HR' sets flags for header 2791 recipients. 2792 ``/canon hostname'' will try to canonify hostname and 2793 return the result. 2794 ``/map mapname key'' will look up `key' in the indicated 2795 `mapname' and return the result. 2796 Somewhat better handling of UNIX-domain socket addresses -- it 2797 should show the pathname rather than hex bytes. 2798 Restore ``-ba'' mode -- this reads a file from stdin and parses 2799 the header for envelope sender information and uses 2800 CR-LF as message terminators. It was thought to be 2801 obsolete (used only for Arpanet NCP protocols), but it 2802 turns out that the UK ``Grey Book'' protocols require 2803 that functionality. 2804 Fix a fix in previous release -- if gethostname and gethostbyname 2805 return a name without dots, and if an attempt to canonify 2806 that name fails, wait one minute and try again. This can 2807 result in an extra 60 second delay on startup if your system 2808 hostname (as returned by hostname(1)) has no dot and no names 2809 listed in /etc/hosts or your NIS map have a dot. 2810 Check for proper domain name on HELO and EHLO commands per 2811 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III 2812 of Michigan Technological University. 2813 Relax chownsafe rules slightly -- old version said that if you 2814 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, 2815 if fpathconf returned EINVAL or ENOSYS), assume that 2816 chown is not safe. The new version falls back to whether 2817 you are on a BSD system or not. This is important for 2818 SunOS, which apparently always returns one of those 2819 error codes. This impacts whether you can mail to files 2820 or not. 2821 Syntax errors such as unbalanced parentheses in the configuration 2822 file could be omitted if you had "Oem" prior to the 2823 syntax error in the config file. Change to always print 2824 the error message. It was especially weird because it 2825 would cause a "warning" message to be sent to the Postmaster 2826 for every message sent (but with no transcript). Problem 2827 noted by Gregory Paris of Motorola. 2828 Rewrite collect and putbody to handle full 8-bit data, including 2829 zero bytes. These changes are internally extensive, but 2830 should have minimal impact on external function. 2831 Allow full words for option names -- if the option letter is 2832 (apparently) a space, then take the word following -- e.g., 2833 O MatchGECOS=TRUE 2834 The full list of old and new names is as follows: 2835 7 SevenBitInput 2836 8 EightBitMode 2837 A AliasFile 2838 a AliasWait 2839 B BlankSub 2840 b MinFreeBlocks/MaxMessageSize 2841 C CheckpointInterval 2842 c HoldExpensive 2843 D AutoRebuildAliases 2844 d DeliveryMode 2845 E ErrorHeader 2846 e ErrorMode 2847 f SaveFromLine 2848 F TempFileMode 2849 G MatchGECOS 2850 H HelpFile 2851 h MaxHopCount 2852 i IgnoreDots 2853 I ResolverOptions 2854 J ForwardPath 2855 j SendMimeErrors 2856 k ConnectionCacheSize 2857 K ConnectionCacheTimeout 2858 L LogLevel 2859 l UseErrorsTo 2860 m MeToo 2861 n CheckAliases 2862 O DaemonPortOptions 2863 o OldStyleHeaders 2864 P PostmasterCopy 2865 p PrivacyOptions 2866 Q QueueDirectory 2867 q QueueFactor 2868 R DontPruneRoutes 2869 r, T Timeout 2870 S StatusFile 2871 s SuperSafe 2872 t TimeZoneSpec 2873 u DefaultUser 2874 U UserDatabaseSpec 2875 V FallbackMXhost 2876 v Verbose 2877 w TryNullMXList 2878 x QueueLA 2879 X RefuseLA 2880 Y ForkEachJob 2881 y RecipientFactor 2882 z ClassFactor 2883 Z RetryFactor 2884 The old macros that passed information into sendmail have 2885 been changed to options; those correspondences are: 2886 $e SmtpGreetingMessage 2887 $l UnixFromLine 2888 $o OperatorChars 2889 $q (deleted -- not necessary) 2890 To avoid possible problems with an older sendmail, 2891 configuration level 6 is accepted by this version of 2892 sendmail; any config file using the new names should 2893 specify "V6" in the configuration. 2894 Change address parsing to properly note that a phrase before a 2895 colon and a trailing semicolon are essentially the same 2896 as text outside of angle brackets (i.e., sendmail should 2897 treat them as comments). This is to handle the 2898 ``group name: addr1, addr2, ..., addrN;'' syntax (it will 2899 assume that ``group name:'' is a comment on the first 2900 address and the ``;'' is a comment on the last address). 2901 This requires config file support to get right. It does 2902 understand that :: is NOT this syntax, and can be turned 2903 off completely by setting the ColonOkInAddresses option. 2904 Level 6 config files added with new mailer flags: 2905 A Addresses are aliasable. 2906 i Do udb rewriting on envelope as well as header 2907 sender lines. Applies to the from address mailer 2908 flags rather than the recipient mailer flags. 2909 j Do udb rewriting on header recipient addresses. 2910 Applies to the sender mailer flags rather than the 2911 recipient mailer flags. 2912 k Disable check for loops when doing HELO command. 2913 o Always run as the mail recipient, even on local 2914 delivery. 2915 w Check for an /etc/passwd entry for this user. 2916 5 Pass addresses through ruleset 5. 2917 : Check for :include: on this address. 2918 | Check for |program on this address. 2919 / Check for /file on this address. 2920 @ Look up sender header addresses in the user 2921 database. Applies to the mailer flags for the 2922 mailer corresponding to the envelope sender 2923 address, rather than to recipient mailer flags. 2924 Pre-level 6 configuration files set A, w, 5, :, |, /, and @ 2925 on the "local" mailer, the o flag on the "prog" and "*file*" 2926 mailers, and the ColonOkInAddresses option. 2927 Eight-to-seven bit MIME conversions. This borrows ideas from 2928 John Beck of Hewlett-Packard, who generously contributed 2929 their implementation to me, which I then didn't use (see 2930 mime.c for an explanation of why). This adds the 2931 EightBitMode option (a.k.a. `8') and an F=8 mailer flag 2932 to control handling of 8-bit data. These have to cope with 2933 two types of 8-bit data: unlabelled 8-bit data (that is, 2934 8-bit data that is entered without declaring it as 8-bit 2935 MIME -- technically this is illegal according to the 2936 specs) and labelled 8-bit data (that is, it was declared 2937 as 8BITMIME in the ESMTP session or by using the 2938 -B8BITMIME command line flag). If the F=8 mailer flag is 2939 set then 8-bit data is sent to non-8BITMIME machines 2940 instead of converting to 7 bit (essentially using 2941 just-send-8 semantics). The values for EightBitMode are: 2942 m convert unlabelled 8-bit input to 8BITMIME, and do 2943 any necessary conversion of 8BITMIME to 7BIT 2944 (essentially, the full MIME option). 2945 p pass unlabelled 8-bit input, but convert labelled 2946 8BITMIME input to 7BIT as required (default). 2947 s strict adherence: reject unlabelled 8-bit input, 2948 convert 8BITMIME to 7BIT as required. The F=8 2949 flag is ignored. 2950 Unlabelled 8-bit data is rejected in mode `s' regardless of 2951 the setting of F=8. 2952 Add new internal class 'n', which is the set of MIME Content-Types 2953 which can not be 8 to 7 bit encoded because of other 2954 considerations. Types "multipart/*" and "message/*" are 2955 never directly encoded (although their components can be). 2956 Add new internal class 's', which is the set of subtypes of the 2957 MIME message/* content type that can be treated as though 2958 they are an RFC822 message. It is predefined to have 2959 "rfc822". Suggested By Kari Hurtta. 2960 Add new internal class 'e'. This is the set of MIME 2961 Content-Transfer-Encodings that can be converted to 2962 a seven bit format (Quoted-Printable or Base64). It is 2963 preinitialized to contain "7bit", "8bit", and "binary". 2964 Add C=charset mailer parameter and the the DefaultCharSet option (no 2965 short name) to set the default character set to use in the 2966 Content-Type: header when doing encoding of an 8-bit message 2967 which isn't marked as MIME into MIME format. If the C= 2968 parameter is set on the Envelope From address, use that as 2969 the default encoding; else use the DefaultCharSet option. 2970 If neither is set, it defaults to "unknown-8bit" as 2971 suggested by RFC 1428 section 3. 2972 Allow ``U=user:group'' field in mailer definition to set a default 2973 user and group that a mailer will be executed as. This 2974 overrides the 'u' and 'g' options, and if the `F=S' flag is 2975 also set, it is the uid/gid that will always be used (that 2976 is, the controlling address is ignored). The values may be 2977 numeric or symbolic; if only a symbolic user is given (no 2978 group) that user's default group in the passwd file is used 2979 as the group. Based on code donated by Chip Rosenthal of 2980 Unicom. 2981 Allow `u' option to also accept user:group as a value, in the same 2982 fashion as the U= mailer option. 2983 Add the symbolic time zone name in the Arpanet format dates (as 2984 a comment). This adds a new compile-time configuration 2985 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value 2986 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value 2987 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char 2988 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use 2989 timezone()), or TZ_NONE (don't include the comment). Code 2990 from Chip Rosenthal. 2991 The "Timeout" option (formerly "r") is extended to allow suboptions. 2992 For example, 2993 O Timeout.helo = 2m 2994 There are also two new suboptions "queuereturn" and 2995 "queuewarn"; these subsume the old T option. Thus, to 2996 set them both the preferred new syntax is 2997 O Timeout.queuereturn = 5d 2998 O Timeout.queuewarn = 4h 2999 Sort queue by host name instead of by message priority if the 3000 QueueSortOrder option (no short name) is set is set to 3001 ``host''. This makes better use of the connection cache, 3002 but may delay more ``interactive'' messages behind large 3003 backlogs under some circumstances. This is probably a 3004 good option if you have high speed links or don't do lots 3005 of ``batch'' messages, but less good if you are using 3006 something like PPP on a 14.4 modem. Based on code 3007 contributed by Roy Mongiovi of Georgia Tech (my main 3008 contribution was to make it configurable). 3009 Save i-number of df file in qf file to simplify rebuilding of queue 3010 after disastrous disk crash. Suggested by Kyle Jones of 3011 UUNET; closely based on code from KJS DECWRL code written 3012 by Paul Vixie. NOTA BENE: The qf files produced by 8.7 3013 are NOT back compatible with 8.6 -- that is, you can convert 3014 from 8.6 to 8.7, but not the other direction. 3015 Add ``F=d'' mailer flag to disable all use of angle brackets in 3016 route-addrs in envelopes; this is because in some cases 3017 they can be sent to the shell, which interprets them as 3018 I/O redirection. 3019 Don't include error file (option E) with return-receipts; this 3020 can be confusing. 3021 Don't send "Warning: cannot send" messages to owner-* or 3022 *-request addresses. Suggested by Christophe Wolfhugel 3023 of the Institut Pasteur, Paris. 3024 Allow -O command line flag to set long form options. 3025 Add "MinQueueAge" option to set the minimum time between attempts 3026 to run the queue. For example, if the queue interval 3027 (-q value) is five minutes, but the minimum queue age 3028 is fifteen minutes, jobs won't be tried more often than 3029 once every fifteen minutes. This can be used to give 3030 you more responsiveness if your delivery mode is set to 3031 queue-only. 3032 Allow "fileopen" timeout (default: 60 seconds) for opening 3033 :include: and .forward files. 3034 Add "-k", "-v", and "-z" flags to map definitions; these set the 3035 key field name, the value field name, and the field 3036 delimiter. The field delimiter can be a single character 3037 or the sequence "\t" or "\n" for tab or newline. 3038 These are for use by NIS+ and similar access methods. 3039 Change maps to always strip quotes before lookups; the -q flag 3040 turns off this behaviour. Suggested by Motonori Nakamura. 3041 Add "nisplus" map class. Takes -k and -v flags to choose the 3042 key and value field names respectively. Code donated by 3043 Sun Microsystems. 3044 Add "hesiod" map class. The "file name" is used as the 3045 "HesiodNameType" parameter to hes_resolve(3). Returns the 3046 first value found for the match. Code donated by Scott 3047 Hutton of Indiana University. 3048 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to 3049 specify the name of the property that is searched as the 3050 key and a -v flag to specify the name of the property that 3051 is returned as the value (defaults to "members"). The 3052 default map is "/aliases". Some code based on code 3053 contributed by Robert La Ferla of Hot Software. 3054 Add "text" map class. This does slow, linear searches through 3055 text files. The -z flag specifies a column delimiter 3056 (defaults to any sequence of white space), the -k flag 3057 sets the key column number, and the -v flag sets the 3058 value column number. Lines beginning with `#' are treated 3059 as comments. 3060 Add "program" map class to execute arbitrary programs. The search 3061 key is presented as the last argument; the output is one 3062 line read from the programs standard output. Exit statuses 3063 are from sysexits.h. 3064 Add "sequence" map class -- searches maps in sequence until it 3065 finds a match. For example, the declarations: 3066 Kmap1 ... 3067 Kmap2 ... 3068 Kmapseq sequence map1 map2 3069 defines a map "mapseq" that first searches map1; if the 3070 value is found it is returned immediately, otherwise 3071 map2 is searched and the value returned. 3072 Add "switch" map class. This is much like "sequence" except that 3073 the ordering is fetched from an external file, usually 3074 the system service switch. The parameter is the name of 3075 the service to switch on, and the maps that it will use 3076 are the name of the switch map followed by ".service_type". 3077 For example, if the declaration of the map is 3078 Ksample switch hosts 3079 and the system service switch specifies that hosts are 3080 looked up using dns and nis in that order, then this is 3081 equivalent to 3082 Ksample sequence sample.dns sample.nis 3083 The subordinate maps (sample.*) must already be defined. 3084 Add "user" map class -- looks up users using getpwnam. Takes a 3085 "-v field" flag on the definition that tells what passwd 3086 entry to return -- legal values are name, passwd, uid, gid, 3087 gecos, dir, and shell. Generally expected to be used with 3088 the -m (matchonly) flag. 3089 Add "bestmx" map class -- returns the best MX value for the host 3090 listed as the value. If there are several "best" MX records 3091 for this host, one will be chosen at random. 3092 Add "userdb" map class -- looks up entries in the user database. 3093 The "file name" is actually the tag that will be used, 3094 typically "mailname". If there are multiple entries 3095 matching the name, the one chosen is undefined. 3096 Add multiple queue timeouts (both return and warning). These are 3097 set by the Precedence: or Priority: header fields to one of 3098 three values. If a Priority: is set and has value "normal", 3099 "urgent", or "non-urgent" the corresponding timeouts are 3100 used. If no priority is set, the Precedence: is consulted; 3101 if negative, non-urgent timeouts are used; if greater than 3102 zero, urgent timeouts are used. Otherwise, normal timeouts 3103 are used. The timeouts are set by setting the six timeouts 3104 queue{warn,return}.{urgent,normal,non-urgent}. 3105 Fix problem when a mail address is resolved to a $#error mailer 3106 with a temporary failure indication; it works in SMTP, 3107 but when delivering locally the mail is silently discarded. 3108 This patch, from Kyle Jones of UUNET, bounces it instead 3109 of queueing it (queueing is very hard). 3110 When using /etc/hosts or NIS-style lookups, don't assume that 3111 the first name in the list is the best one -- instead, 3112 search for the first one with a dot. For example, if 3113 an /etc/hosts entry reads 3114 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU 3115 this change will use the second name as the canonical 3116 machine name instead of the initial, unqualified name. 3117 Change dequote map to replace spaces in quoted text with a value 3118 indicated by the -s flag on the dequote map definition. 3119 For example, ``Mdequote dequote -s_'' will change 3120 "Foo Bar" into an unquoted Foo_Bar instead of leaving it 3121 quoted (because of the space character). Suggested by Dan 3122 Oscarsson for use in X.400 addresses. 3123 Implement long macro names as ${name}; long class names can 3124 be similarly referenced as $={name} and $~{name}. 3125 Definitions are (e.g.) ``D{name}value''. Names that have 3126 a leading lower case letter or punctuation characters are 3127 reserved for internal use by sendmail; i.e., config files 3128 should use names that begin with a capital letter. Based 3129 on code contributed by Dan Oscarsson. 3130 Fix core dump if getgrgid returns a null group list (as opposed 3131 to an empty group list, that is, a pointer to a list 3132 with no members). Fix from Andrew Chang of Sun Microsystems. 3133 Fix possible core dump if malloc fails -- if the malloc in xalloc 3134 failed, it called syserr which called newstr which called 3135 xalloc.... The newstr is now avoided for "panic" messages. 3136 Reported by Stuart Kemp of James Cook University. 3137 Improve connection cache timeouts; previously, they were not even 3138 checked if you were delivering to anything other than an 3139 IPC-connected host, so a series of (say) local mail 3140 deliveries could cause cached connections to be open 3141 much longer than the specified timeout. 3142 If an incoming message exceeds the maximum message size, stop 3143 writing the incoming bytes to the queue data file, since 3144 this can fill your mqueue partition -- this is a possible 3145 denial-of-service attack. 3146 Don't reject all numeric local user names unless HESIOD is 3147 defined. It turns out that Posix allows all-numeric 3148 user names. Fix from Tony Sanders of BSDI. 3149 Add service switch support. If the local OS has a service 3150 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf 3151 on DEC systems) that will be used; otherwise, it falls back 3152 to using a local mechanism based on the ServiceSwitchFile 3153 option (default: /etc/service.switch). For example, if the 3154 service switch lists "files" and "nis" for the aliases 3155 service, that will be the default lookup order. the "files" 3156 ("local" on DEC) service type expands to any alias files 3157 you listed in the configuration file, even if they aren't 3158 actually file lookups. 3159 Option I (NameServerOptions) no longer sets the "UseNameServer" 3160 variable which tells whether or not DNS should be considered 3161 canonical. This is now determined based on whether or not 3162 "dns" is in the service list for "hosts". 3163 Add preliminary support for the ESMTP "DSN" extension (Delivery 3164 Status Notifications). DSN notifications override 3165 Return-Receipt-To: headers, which are bogus anyhow -- 3166 support for them has been removed. 3167 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer 3168 definitions to define the types used in DSN returns for 3169 MTA names, addresses, and diagnostics respectively. 3170 Extend heuristic to force running in ESMTP mode to look for the 3171 five-character string "ESMTP" anywhere in the 220 greeting 3172 message (not just the second line). This is to provide 3173 better compatibility with other ESMTP servers. 3174 Print sequence number of job when running the queue so you can 3175 easily see how much progress you have made. Suggested 3176 by Peter Wemm of DIALix. 3177 Map newlines to spaces in logged message-ids; some versions of 3178 syslog truncate the rest of the line after newlines. 3179 Suggested by Fletcher Mattox of U. Texas. 3180 Move up forking for job runs so that if a message is split into 3181 multiple envelopes you don't get "fork storms" -- this 3182 also improves the connection cache utilization. 3183 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 3184 the purposes of refusing to send error returns. Suggested 3185 by Motonori Nakamura of Ritsumeikan University. 3186 Relax rules on when a file can be written when referenced from 3187 the aliases file: use the default uid/gid instead of the 3188 real uid/gid. This allows you to create a file owned by 3189 and writable only by the default uid/gid that will work 3190 all the time (without having the setuid bit set). Change 3191 suggested by Shau-Ping Lo and Andrew Cheng of Sun 3192 Microsystems. 3193 Add "DialDelay" option (no short name) to provide an "extra" 3194 delay for dial on demand systems. If this is non-zero 3195 and a connect fails, sendmail will wait this long and 3196 then try again. If it takes longer than the kernel 3197 timeout interval to establish the connection, this 3198 option can give the network software time to establish 3199 the link. The default units are seconds. 3200 Move logging of sender information to be as early as possible; 3201 previously, it could be delayed a while for SMTP mail 3202 sent to aliases. Suggested by Brad Knowles of the 3203 Defense Information Systems Agency. 3204 Call res_init() before setting RES_DEBUG; this is required by 3205 BIND 4.9.3, or so I'm told. From Douglas Anderson of 3206 the National Computer Security Center. 3207 Add xdelay= field in logs -- this is a transaction delay, telling 3208 you how long it took to deliver to this address on the 3209 last try. It is intended to be used for sorting mailing 3210 lists to favor "quick" addresses. Provided for use by 3211 the mailprio scripts (see below). 3212 If a map cannot be opened, and that map is non-optional, and 3213 an address requires that map for resolution, queue the 3214 map instead of bouncing it. This involves creating a 3215 pseudo-class of maps called "bogus-map" -- if a required 3216 map cannot be opened, the class is changed to bogus-map; 3217 all queries against bogus-map return "tempfail". The 3218 bogus-map class is not directly accessible. A sample 3219 implementation was donated by Jem Taylor of Glasgow 3220 University Computing Service. 3221 Fix a possible core dump when mailing to a program that talks 3222 SMTP on its standard input. Fix from Keith Moore of 3223 the University of Kentucky. 3224 Make it possible to resolve filenames to $#local $: @ /filename; 3225 previously, the "@" would cause it to not be recognized 3226 as a file. Problem noted by Brian Hill of U.C. Davis. 3227 Accept a -1 signal to re-exec the daemon. This only works if 3228 argv[0] is a full path to sendmail. 3229 Fix bug in "addr=..." field in O option on little-endian machines 3230 -- the network number wasn't being converted to network 3231 byte order. Patch from Kurt Lidl of Pix Technologies 3232 Corporation. 3233 Pre-initialize the resolver early on; this is to avoid a bug with 3234 BIND 4.9.3 that can cause the _res.retry field to get 3235 reset to zero, causing all name server lookups to time 3236 out. Fix from Matt Day of Artisoft. 3237 Restore T line (trusted users) in config file -- but instead of 3238 locking out the -f flag, they just tell whether or not 3239 an X-Authentication-Warning: will be added. This really 3240 just creates new entries in class 't', so "Ft/file/name" 3241 can be used to read trusted user names from a file. 3242 Trusted users are also allowed to execute programs even 3243 if they have a shell that isn't in /etc/shells. 3244 Improve NEWDB alias file rebuilding so it will create them 3245 properly if they do not already exist. This had been 3246 a MAYBENEXTRELEASE feature in 8.6.9. 3247 Check for @:@ entry in NIS maps before starting up to avoid 3248 (but not prevent, sigh) race conditions. This ought to 3249 be handled properly in ypserv, but isn't. Suggested by 3250 Michael Beirne of Motorola. 3251 Refuse connections if there isn't enough space on the filesystem 3252 holding the queue. Contributed by Robert Dana of Wolf 3253 Communications. 3254 Skip checking for directory permissions in the path to a file 3255 when checking for file permissions iff setreuid() 3256 succeeded -- it is unnecessary in that case. This avoids 3257 significant performance problems when looking for .forward 3258 files. Based on a suggestion by Win Bent of USC. 3259 Allow symbolic ruleset names. Syntax can be "Sname" to get an 3260 arbitrary ruleset number assigned or "Sname = integer" 3261 to assign a specific ruleset number. Reference is 3262 $>name_or_number. Names can be composed of alphas, digits, 3263 underscore, or hyphen (first character must be non-numeric). 3264 Allow -o flag on AliasFile lines to make the alias file optional. 3265 From Bryan Costales of ICSI. 3266 Add NoRecipientAction option to handle the case where there is 3267 no legal recipient header in the message. It can take 3268 on values: 3269 None Leave the message as is. The 3270 message will be passed on even 3271 though it is in technically 3272 illegal syntax. 3273 Add-To Add a To: header with any 3274 recipients that it can find from 3275 the envelope. This risks exposing 3276 Bcc: recipients. 3277 Add-Apparently-To Add an Apparently-To: header. This 3278 has almost no redeeming social value, 3279 and is provided only for back 3280 compatibility. 3281 Add-To-Undisclosed Add a header reading 3282 To: undisclosed-recipients:; 3283 which will have the effect of 3284 making the message legal without 3285 exposing Bcc: recipients. 3286 Add-Bcc To add an empty Bcc: header. 3287 There is a chance that mailers down 3288 the line will delete this header, 3289 which could cause exposure of Bcc: 3290 recipients. 3291 The default is NoRecipientAction=None. 3292 Truncate (rather than delete) Bcc: lines in the header. This 3293 should prevent later sendmails (at least, those that don't 3294 themselves delete Bcc:) from considering this message to 3295 be non-conforming -- although it does imply that non-blind 3296 recipients can see that a Bcc: was sent, albeit not to whom. 3297 Add SafeFileEnvironment option. If declared, files named as delivery 3298 targets must be regular files in addition to the regular 3299 checks. Also, if the option is non-null then it is used as 3300 the name of a directory that is used as a chroot(2) 3301 environment for the delivery; the file names listed in an 3302 alias or forward should include the name of this root. 3303 For example, if you run with 3304 O SafeFileEnvironment=/arch 3305 then aliases should reference "/arch/rest/of/path". If a 3306 value is given, sendmail also won't try to save to 3307 /usr/tmp/dead.letter (instead it just leaves the job in the 3308 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. 3309 Support -A flag for alias files; this will comma concatenate like 3310 entries. For example, given the aliases: 3311 list: member1 3312 list: member2 3313 and an alias file declared as: 3314 OAhash:-A /etc/aliases 3315 the final alias inserted will be "list: member1,member2"; 3316 without -A you will get an error on the second and subsequent 3317 alias for "list". Contributed by Bryan Costales of ICSI. 3318 Line-buffer transcript file. Suggested by Liudvikas Bukys. 3319 Fix a problem that could cause very long addresses to core dump in 3320 some special circumstances. Problem pointed out by Allan 3321 Johannesen. 3322 (Internal change.) Change interface to expand() (macro expansion) 3323 to be simpler and more consistent. 3324 Delete check for funny qf file names. This didn't really give 3325 any extra security and caused some people some problems. 3326 (If you -really- want this, define PICKY_QF_NAME_CHECK 3327 at compile time.) Suggested by Kyle Jones of UUNET. 3328 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and 3329 merge with DSN code; this is simpler and more consistent. 3330 This may affect some people who have written their own 3331 checkcompat() routine. 3332 (Internal change.) Eliminate `D' line in qf file. The df file 3333 is now assumed to be the same name as the qf file (with 3334 the `q' changed to a `d', of course). 3335 Avoid forking for delivery if all recipient mailers are marked as 3336 "expensive" -- this can be a major cost on some systems. 3337 Essentially, this forces sendmail into "queue only" mode 3338 if all it is going to do is queue anyway. 3339 Avoid sending a null message in some rather unusual circumstances 3340 (specifically, the RCPT command returns a temporary 3341 failure but the connection is lost before the DATA 3342 command). Fix from Scott Hammond of Secure Computing 3343 Corporation. 3344 Change makesendmail to use a somewhat more rational naming scheme: 3345 Makefiles and obj directories are named $os.$rel.$arch, 3346 where $os is the operating system (e.g., SunOS), $rel is 3347 the release number (e.g., 5.3), and $arch is the machine 3348 architecture (e.g., sun4). Any of these can be omitted, 3349 and anything after the first dot in a release number can 3350 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous 3351 version used $os.$arch.$rel and was rather less general. 3352 Change makesendmail to do a "make depend" in the target directory 3353 when it is being created. This involves adding an empty 3354 "depend:" entry in most Makefiles. 3355 Ignore IDENT return value if the OSTYPE field returns "OTHER", 3356 as indicated by RFC 1413. Pointed out by Kari Hurtta 3357 of the Finnish Meteorological Institute. 3358 Fix problem that could cause multiple responses to DATA command 3359 on header syntax errors (e.g., lines beginning with colons). 3360 Problem noted by Jens Thomassen of the University of Oslo. 3361 Don't let null bytes in headers cause truncation of the rest of 3362 the header. 3363 Log Authentication-Warning:s. Suggested by Motonori Nakamura. 3364 Increase timeouts on message data puts to allow time for receivers 3365 to canonify addresses in headers on the fly. This is still 3366 a rather ugly heuristic. From Motonori Nakamura. 3367 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX 3368 records are not used when canonifying names, and when MX 3369 lookups are done for addressing they must be fully 3370 qualified. This is useful if you have a wildcard MX record, 3371 although it may cause other problems. In general, don't use 3372 wildcard MX records. Patch from Motonori Nakamura. 3373 Eliminate default two-line SMTP greeting message. Instead of 3374 adding an extra "ESMTP spoken here" line, the word "ESMTP" 3375 is added between the first and second word of the first 3376 line of the greeting message (i.e., immediately after the 3377 host name). This eliminates the need for the BROKEN_SMTP_PEERS 3378 compile flag. Old sendmails won't see the ESMTP, but that's 3379 acceptable because SIZE was the only useful extension that 3380 old sendmails understand. 3381 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 3382 invoked state dumps. From Masaharu Onishi. 3383 Allow on-line comments in .forward and :include: files; they are 3384 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> 3385 is a space or a tab. This is intended for native 3386 representation of non-ASCII sets such as Japanese, where 3387 existing encodings would be unreadable or would lose 3388 data -- for example, 3389 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori 3390 (romanized/less information) 3391 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= 3392 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= 3393 (with MIME encoding, not human readable) 3394 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B 3395 (native encoding with ISO-2022-JP) 3396 The last form is human readable in the Japanese environment. 3397 Based on a fix from (surprise!) Motonori Nakamura. 3398 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all 3399 messages to that host; these are most frequently associated 3400 with addresses rather than the host, with the exception of 3401 421 (service shutting down). The effect was to cause queues 3402 to sometimes take an excessive time to flush. Reported by 3403 Robert Sargent of Southern Geographics Technologies and 3404 Eric Prestemon of American University. 3405 Add Nice=N mailer option to set the niceness at which a mailer will 3406 run. This is actually a relative niceness (that is, an 3407 increment on the background value). 3408 Log queue runs that are skipped due to high loads. They are logged 3409 at LOG_INFO priority iff the log level is > 8. Contributed 3410 by Bruce Nagel of Data General. 3411 Allow the error mailer to accept a DSN-style error status code 3412 instead of an sysexits status code in the host part. 3413 Anything with a dot will be interpreted as a DSN-style code. 3414 Add new mailer flag: F=3 will tell translations to Quoted-Printable 3415 to encode characters that might be munged by an EBCDIC system 3416 in addition to the set required by RFC 1521. The additional 3417 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. 3418 (Think of "IBM 360" as the mnemonic for this flag.) 3419 Change check for mailing to files to look for a pathname of [FILE] 3420 rather than looking for the mailer named *file*. The mapping 3421 of leading slashes still goes to the *file* mailer. This 3422 allows you to implement the *file* mailer as a separate 3423 program, for example, to insert a Content-Length: header 3424 or do special security policy. However, note that the usual 3425 initial checking for the file permissions is still done, and 3426 the program in question needs to be very careful about how 3427 it does the file write to avoid security problems. 3428 Be able to read ~root/.forward even if the path isn't accessible to 3429 regular users. This is disrecommended because sendmail 3430 sometimes does not run as root (e.g., when an unsafe option 3431 is specified on the command line), but should otherwise be 3432 safe because .forward files must be owned by the user for 3433 whom mail is being forwarded, and cannot be a symbolic link. 3434 Suggested by Forrest Aldrich of Wang Laboratories. 3435 Add new "HostsFile" option that is the pathname to the /etc/hosts 3436 file. This is used for canonifying hostnames when the 3437 service type is "files". 3438 Implement programs on F (read class from file) line. The syntax is 3439 Fc|/path/to/program to read the output from the program 3440 into class "c". 3441 Probe the network interfaces to find alternate names for this 3442 host. Requires the SIOCGIFCONF ioctl call. Code 3443 contributed by SunSoft. 3444 Add "E" configuration line to set or propagate environment 3445 variables into children. "E<envar>" will propagate 3446 the named variable from the environment when sendmail 3447 was invoked into any children it calls; "E<envar>=<value>" 3448 sets the named variable to the indicated value. Any 3449 variables not explicitly named will not be in the child 3450 environment. However, sendmail still forces an 3451 "AGENT=sendmail" environment variable, in part to enforce 3452 at least one environment variable, since many programs and 3453 libraries die horribly if this is not guaranteed. 3454 Change heuristic for rebuilding both NEWDB and NDBM versions of 3455 alias databases -- new algorithm looks for the substring 3456 "/yp/" in the file name. This is more portable and involves 3457 less overhead. Suggested by Motonori Nakamura. 3458 Dynamically allocate the queue work list so that you don't lose 3459 jobs in large queue runs. The old QUEUESIZE compile parameter 3460 is replaced by QUEUESEGSIZE (the unit of allocation, which 3461 should not need to be changed) and the MaxQueueRunSize option, 3462 which is the absolute maximum number of jobs that will ever 3463 be handled in a single queue run. Based on code contributed 3464 by Brian Coan of the Institute for Global Communications. 3465 Log message when a message is dropped because it exceeds the maximum 3466 message size. Suggested by Leo Bicknell of Virginia Tech. 3467 Allow trusted users (those on a T line or in $=t) to use -bs without 3468 an X-Authentication-Warning: added. Suggested by Mark Thomas 3469 of Mark G. Thomas Consulting. 3470 Announce state of compile flags on -d0.1 (-d0.10 throws in the 3471 OS-dependent defines). The old semantic of -d0.1 to not 3472 run the daemon in background has been moved to -d99.100, 3473 and the old 52.5 flag (to avoid disconnect() from closing 3474 all output files) has been moved to 52.100. This makes 3475 things more consistent (flags below .100 don't change 3476 semantics) and separates out the backgrounding so that 3477 it doesn't happen automatically on other unrelated debugging 3478 flags. 3479 If -t is used but no addresses are found in the header, give an 3480 error message rather than just doing nothing. Fix from 3481 Motonori Nakamura. 3482 On systems (like SunOS) where the effective gid is not necessarily 3483 included in the group list returned by getgroups(), the 3484 `restrictmailq' option could sometimes cause an authorized 3485 user to not be able to use `mailq'. Fix from Charles Hannum 3486 of MIT. 3487 Allow symbolic service names for [IPC] mailers. Suggested by 3488 Gerry Magennis of Logica International. 3489 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs 3490 when running DNS. For example, if the name FTP.Foo.ORG is 3491 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in 3492 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG" 3493 if this option is not set, or "FTP.Foo.ORG" if it is set. 3494 This is technically illegal under RFC 822 and 1123, but the 3495 IETF is moving toward legalizing it. Note that turning on 3496 this option is not sufficient to guarantee that a downstream 3497 neighbor won't rewrite the address for you. 3498 Add "-m" flag to makesendmail script -- this tells you what object 3499 directory and Makefile it will use, but doesn't actually do 3500 the make. 3501 Do some additional checking on the contents of the qf file to try 3502 to detect attacks against the qf file. In particular, 3503 abort on any line beginning "From ", and add an "end of 3504 file" line -- any data after that line is prohibited. 3505 Always use /etc/sendmail.cf, regardless of the arbitrary vendor 3506 choices. This can be overridden in the Makefile by using 3507 either -DUSE_VENDOR_CF_PATH to get the vendor location 3508 (to the extent that we know it) or by defining 3509 _PATH_SENDMAILCF (which is a "hard override"). This allows 3510 sendmail 8 to have more consistent installation instructions. 3511 Allow macros on `K' line in config file. Suggested by Andrew Chang 3512 of Sun Microsystems. 3513 Improved symbol table hash function from Eric Wassenaar. This one 3514 is at least 50% faster. 3515 Fix problem that didn't notice that timeout on file open was a 3516 transient error. Fix from Larry Parmelee of Cornell 3517 University. 3518 Allow comments (lines beginning with a `#') in files read for 3519 classes. Suggested by Motonori Nakamura. 3520 Make SIGINT (usually ^C) in test mode return to the prompt instead 3521 of dropping out entirely. This makes testing some of the 3522 name server lookups easier to deal with when there are 3523 hung servers. From Motonori Nakamura. 3524 Add new ${opMode} macro that is set to the current operation mode 3525 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by 3526 Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>. 3527 Add new delivery mode (Odd) that defers all map lookups to queue runs. 3528 Kind of like queue-only mode (Odq) except it tries to avoid 3529 any external service requests; for dial-on-demand hosts that 3530 want to minimize DNS lookups when mail is being queued. For 3531 this to work you will also have to make sure that gethostbyname 3532 of your local host name does not do a DNS lookup. 3533 Improved handling of "out of space" conditions from John Myers of 3534 Carnegie Mellon. 3535 Improved security for mailing to files on systems that have fchmod(2) 3536 support. 3537 Improve "cannot send message for N days" message -- now says "could 3538 not send for past N days". Suggested by Tom Moore of AT&T 3539 Global Information Solutions. 3540 Less misleading Subject: line on messages sent to postmaster only. 3541 From Motonori Nakamura. 3542 Avoid duplicate error messages on bad command line flags. From 3543 Motonori Nakamura. 3544 Better error message for case where ruleset 0 falls off the end 3545 or otherwise does not resolve to a canonical triple. 3546 Fix a problem that could cause multiple bounce messages if a bad 3547 address was sent along with a good address to an SMTP 3548 site where that SMTP site returned a 4yz code in response 3549 to the final dot of the data. Problem reported by David 3550 James of British Telecom. 3551 Add "volatile" declarations so that gcc -O2 will work. Patches 3552 from Alexander Dupuy of System Management ARTS. 3553 Delete duplicates in MX lists -- believe it or not, there are sites 3554 that list the same host twice in an MX list. This deletion 3555 only works on adjacent preferences, so an MX list that 3556 had A=5, B=10, A=15 would leave both As, but one that had 3557 A=5, A=10, B=15 would reduce to A, B. This is intentional, 3558 just in case there is something weird I haven't thought of. 3559 Suggested by Barry Shein of Software Tool & Die. 3560 SECURITY: .forward files cannot be symbolic links. If they are, 3561 a bad guy can read your private files. 3562 PORTABILITY FIXES: 3563 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. 3564 System V Release 4 from Motonori Nakamura of Ritsumeikan 3565 University. This expands the disk size 3566 checking to include all (?) SVR4 configurations. 3567 System V Release 4 from Kimmo Suominen -- initgroups(3) 3568 and setrlimit(2) are both available. 3569 System V Release 4 from sob@sculley.ffg.com -- some versions 3570 apparently "have EX_OK defined in other headerfiles." 3571 Linux Makefile typo. 3572 Linux getusershell(3) is broken in Slackware 2.0 -- 3573 from Andrew Pam of Xanadu Australia. 3574 More Linux tweaking from John Kennedy of California State 3575 University, Chico. 3576 Cray changes from Eric Wassenaar: ``On Cray, shorts, 3577 ints, and longs are all 64 bits, and all structs 3578 are multiples of 64 bits. This means that the 3579 sizeof operator returns only multiples of 8. 3580 This requires adaptation of code that really 3581 deals with 32 bit or 16 bit fields, such as IP 3582 addresses or nameserver fields.'' 3583 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To 3584 get the old behaviour, use -DDGUX_5_4_2. 3585 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment 3586 variable to fix bogus /bin/mail behaviour. 3587 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. 3588 This also cleans up some System V Release 4 compile 3589 problems. 3590 Solaris 2: sendmail.cw file should be in /etc/mail to 3591 match all the other configuration files. Fix 3592 from Glenn Barry of Emory University. 3593 Solaris 2.3: compile problem in conf.c. Fix from Alain 3594 Nissen of the University of Liege, Belgium. 3595 Ultrix: freespace calculation was incorrect. Fix from 3596 Takashi Kizu of Osaka University. 3597 SVR4: running in background gets a SIGTTOU because the 3598 emulation code doesn't realize that "getpeername" 3599 doesn't require reading the file. Fix from Peter 3600 Wemm of DIALix. 3601 Solaris 2.3: due to an apparent bug in the socket emulation 3602 library, sockets can get into a "wedged" state where 3603 they just return EPROTO; closing and re-opening the 3604 socket clears the problem. Fix from Bob Manson 3605 of Ohio State University. 3606 Hitachi 3050R & 3050RX running HI-UX/WE2: portability 3607 fixes from Akihiro Hashimoto ("Hash") of Chiba 3608 University. 3609 AIX changes to allow setproctitle to work from Rainer Sch�pf 3610 of Zentrum f�r Datenverarbeitung der Universit�t 3611 Mainz. 3612 AIX changes for load average from Ed Ravin of NASA/Goddard. 3613 SCO Unix from Chip Rosenthal of Unicom (code was using the 3614 wrong statfs call). 3615 ANSI C fixes from Adam Glass (NetBSD project). 3616 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers 3617 University. 3618 DG-UX fixes from Bruce Nagel of Data General. 3619 IRIX64 updates from Mark Levinson of the University of 3620 Rochester Medical Center. 3621 Altos System V (``the first UNIX/XENIX merge the Altos 3622 did for their Series 1000 & Series 2000 line; 3623 their merged code was licensed back to AT&T and 3624 Microsoft and became System V release 3.2'') from 3625 Tim Rice <timr@crl.com>. 3626 OSF/1 running on Intel Paragon from Jeff A. Earickson 3627 <jeff@ssd.intel.com> of Intel Scalable Systems 3628 Division. 3629 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson 3630 <janet@dialix.oz.au>. 3631 System V Release 4 (statvfs semantic fix) from Alain 3632 Durand of I.M.A.G. 3633 HP-UX 10.x multiprocessor load average changes from 3634 Scott Hutton and Jeff Sumler of Indiana University. 3635 Cray CSOS from Scott Bolte of Cray Computer Corporation. 3636 Unicos 8.0 from Douglas K. Rand of the University of North 3637 Dakota, Scientific Computing Center. 3638 Solaris 2.4 fixes from Sanjay Dani of Dani Communications. 3639 ConvexOS 11.0 from Christophe Wolfhugel. 3640 IRIX 4.0.5 from David Ashton-Reader of CADcentre. 3641 ISC UNIX from J. J. Bailey. 3642 HP-UX 9.xx on the 8xx series machines from Remy Giraud 3643 of Meteo France. 3644 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>. 3645 IRIX 5.2 and 5.3 from Kari E. Hurtta. 3646 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. 3647 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. 3648 Omron LUNA unios-b, mach from Motonori Nakamura. 3649 NEC EWS-UX/V 4.2 from Motonori Nakamura. 3650 NeXT 2.1 from Bryan Costales. 3651 AUX patch thanks to Mike Erwin of Apple Computer. 3652 HP-UX 10.0 from John Beck of Hewlett-Packard. 3653 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a 3654 non-DEC resolver. Suggested by Allan Johannesen. 3655 UnixWare 2.0 fixes from Petr Lampa of the Technical 3656 University of Brno (Czech Republic). 3657 KSR OS 1.2.2 support from Todd Miller of the University 3658 of Colorado. 3659 UX4800 support from Kazuhisa Shimizu of NEC. 3660 MAKEMAP: allow -d flag to allow insertion of duplicate aliases 3661 in type ``btree'' maps. The semantics of this are undefined 3662 for regular maps, but it can be useful for the user database. 3663 MAKEMAP: lock database file while rebuilding to avoid sendmail 3664 lookups while the rebuild is going on. There is a race 3665 condition between the open(... O_TRUNC ...) and the lock 3666 on the file, but it should be quite small. 3667 SMRSH: sendmail restricted shell added to the release. This can 3668 be used as an alternative to /bin/sh for the "prog" mailer, 3669 giving the local administrator more control over what 3670 programs can be run from sendmail. 3671 MAIL.LOCAL: add this local mailer to the tape. It is not really 3672 part of the release proper, and isn't fully supported; in 3673 particular, it does not run on System V based systems and 3674 never will. 3675 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon 3676 to allow rmail to compile on systems that don't have 3677 function prototypes and systems that don't have snprintf. 3678 CONTRIB: add the "mailprio" scripts that will help you sort mailing 3679 lists by transaction delay times so that addresses that 3680 respond quickly get sent first. This is to prevent very 3681 sluggish servers from delaying other peoples' mail. 3682 Contributed by Tony Sanders of BSDI. 3683 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders 3684 of BSDI. This has a lot of comments to help people out. 3685 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead, 3686 put this on the m4 command line. On GNU m4 (which 3687 supports the __file__ primitive) you can run m4 in an 3688 arbitrary directory -- use either: 3689 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 3690 or 3691 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf 3692 On other versions of m4 that don't support __file__, you 3693 can use: 3694 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ... 3695 (Note the trailing slash on the _CF_DIR_ definition.) 3696 Old versions of m4 will default to _CF_DIR_=.. for back 3697 compatibility. 3698 CONFIG: fix mail from <> so it will properly convert to 3699 MAILER-DAEMON on local addresses. 3700 CONFIG: fix code that was supposed to catch colons in host 3701 names. Problem noted by John Gardiner Myers of CMU. 3702 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. 3703 From Paul Riddle of the University of Maryland, Baltimore 3704 County. 3705 CONFIG: Catch and reject "." as a host address. 3706 CONFIG: Generalize domaintable to look up all domains, not 3707 just unqualified ones. 3708 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it 3709 was never used and didn't work anyway. 3710 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer 3711 and d on all mailers in the UUCP class. 3712 CONFIG: Allow "user+detail" to be aliased specially: it will first 3713 look for an alias for "user+detail", then for "user+*", and 3714 finally for "user". This is intended for forwarding mail 3715 for system aliases such as root and postmaster to a 3716 centralized hub. 3717 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). 3718 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. 3719 The F=8 flag is also set on the "relay" mailer, since 3720 this is expected to be another sendmail. 3721 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with 3722 the name of the UUCP_RELAY -- in some cases, this is the 3723 wrong value (e.g., when we have local UUCP connections), 3724 and this can create unreplyable addresses. From Chip 3725 Rosenthal of Unicom. 3726 CONFIG: add confRECEIVED_HEADER to change the format of the 3727 Received: header inserted into all messages. Suggested by 3728 Gary Mills of the University of Manitoba. 3729 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) 3730 to get the old behaviour. I did this upon observing 3731 that almost everyone needed this feature, and that the 3732 concept I was trying to make happen didn't work with 3733 some user agents anyway. FEATURE(notsticky) still works, 3734 but it is a no-op. 3735 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user 3736 names are sent, rather than immediately diagnosing them 3737 as User Unknown. 3738 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, 3739 and RELAY_MAILER_ARGS to set the arguments for the 3740 indicated mailers. All default to "IPC $h". Patch from 3741 Larry Parmelee of Cornell University. 3742 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects 3743 on the client side" and F=P to get an appropriate 3744 return-path. From Kimmo Suominen. 3745 CONFIG: add FEATURE(local_procmail) to use the procmail program 3746 as the local mailer. For addresses of the form "user+detail" 3747 the "detail" part is passed to procmail via the -a flag. 3748 Contributed by Kimmo Suominen. 3749 CONFIG: add MAILER(procmail) to add an interface to procmail for 3750 use from mailertables. This lets you execute arbitrary 3751 procmail scripts. Contributed by Kimmo Suominen. 3752 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. 3753 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From 3754 Paul Southworth of CICNet Systems Support. 3755 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. 3756 This causes the null return path to be rewritten as 3757 MAILER-DAEMON; otherwise UUCP gets horribly confused. 3758 From Michael Hohmuth of Technische Universitat Dresden. 3759 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that 3760 list us as the best possible MX record to be treated as 3761 though they were local (essentially, assume that they 3762 are included in $=w). This can cause additional DNS 3763 traffic, but is easier to administer if this fits your 3764 local model. It does not work reliably if there are 3765 multiple hosts that share the best MX preference. 3766 Code contributed by John Oleynick of Rutgers. 3767 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted 3768 SHell) instead of /bin/sh as the program used for delivery 3769 to programs. If an argument is included, it is used as 3770 the path to smrsh; otherwise, /usr/local/etc/smrsh is 3771 assumed. 3772 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the 3773 size of messages to the local and procmail mailers 3774 respectively. Contributed by Brad Knowles of the Defense 3775 Information Systems Agency. 3776 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments 3777 (just like text outside of angle brackets) in order to 3778 properly deal with ``group: addr1, ... addrN;'' syntax. 3779 CONFIG: Require OSTYPE macro (the defaults really don't apply to 3780 any real systems any more) and tweak the DOMAIN macro 3781 so that it is less likely that users will accidentally use 3782 the Berkeley defaults. Also, create some generic files 3783 that really can be used in the real world. 3784 CONFIG: Add new configuration macros to set character sets for 3785 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, 3786 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. 3787 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. 3788 The old name will still be accepted for a while at least. 3789 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET 3790 mail (.DECNET pseudo-domain or node::user) will be sent. 3791 As with all relays, it can be ``mailer:hostname''. Suggested 3792 by Scott Hutton. 3793 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed 3794 by Barb Dijker of Labyrinth Computer Services. 3795 CONFIG: change confCHECK_ALIASES to default to False -- it has poor 3796 performance for large alias files, and this confused many 3797 people. 3798 CONFIG: Add confCF_VERSION to append local information to the 3799 configuration version number displayed during SMTP startup. 3800 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it 3801 would only work when locally addressed. Fix from 3802 Edvard Tuinder of Cistron Internet Services. 3803 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option 3804 "n" (CheckAlaises) is set when rebuilding alias database. 3805 Based on code contributed by Claude Marinier. 3806 CONFIG: Allow mailertable to have values of the form 3807 ``error:code message''. The ``code'' is a status code 3808 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE. 3809 Contributed by David James <dwj@agw.bt.co.uk>. 3810 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of 3811 sender domains that will be replaced with the masquerade name. 3812 These domains will not be treated as local, but if mail passes 3813 through with sender addresses in those domains they will be 3814 replaced by the masquerade name. These can also be specified 3815 in a file using MASQUERADE_DOMAIN_FILE(filename). 3816 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope 3817 as well as the header. Substantial improvements to this 3818 code were contributed by Per Hedeland. 3819 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be 3820 accessed from a mailertable to do CCSO ph lookups. Contributed 3821 by Kimmo Suominen. 3822 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be 3823 used to define cyrus and cyrusbb mailers (for IMAP support). 3824 Contributed by John Gardiner Myers of Carnegie Mellon. 3825 CONFIG: add confUUCP_MAILER to select default mailer to use for 3826 UUCP addressing. Suggested by Tom Moore of AT&T GIS. 3827 NEW FILES: 3828 cf/cf/cs-hpux10.mc 3829 cf/cf/cs-solaris2.mc 3830 cf/cf/cyrusproto.mc 3831 cf/cf/generic-bsd4.4.mc 3832 cf/cf/generic-hpux10.mc 3833 cf/cf/generic-hpux9.mc 3834 cf/cf/generic-osf1.mc 3835 cf/cf/generic-solaris2.mc 3836 cf/cf/generic-sunos4.1.mc 3837 cf/cf/generic-ultrix4.mc 3838 cf/cf/huginn.cs.mc 3839 cf/domain/berkeley-only.m4 3840 cf/domain/generic.m4 3841 cf/feature/bestmx_is_local.m4 3842 cf/feature/local_procmail.m4 3843 cf/feature/masquerade_envelope.m4 3844 cf/feature/smrsh.m4 3845 cf/feature/stickyhost.m4 3846 cf/feature/use_ct_file.m4 3847 cf/m4/cfhead.m4 3848 cf/mailer/cyrus.m4 3849 cf/mailer/mail11.m4 3850 cf/mailer/phquery.m4 3851 cf/mailer/procmail.m4 3852 cf/ostype/amdahl-uts.m4 3853 cf/ostype/bsdi2.0.m4 3854 cf/ostype/hpux10.m4 3855 cf/ostype/irix5.m4 3856 cf/ostype/isc4.1.m4 3857 cf/ostype/ptx2.m4 3858 cf/ostype/unknown.m4 3859 contrib/bsdi.mc 3860 contrib/mailprio 3861 contrib/rmail.oldsys.patch 3862 mail.local/mail.local.0 3863 makemap/makemap.0 3864 smrsh/README 3865 smrsh/smrsh.0 3866 smrsh/smrsh.8 3867 smrsh/smrsh.c 3868 src/Makefiles/Makefile.CSOS 3869 src/Makefiles/Makefile.EWS-UX_V 3870 src/Makefiles/Makefile.HP-UX.10 3871 src/Makefiles/Makefile.IRIX.5.x 3872 src/Makefiles/Makefile.IRIX64 3873 src/Makefiles/Makefile.ISC 3874 src/Makefiles/Makefile.KSR 3875 src/Makefiles/Makefile.NEWS-OS.4.x 3876 src/Makefiles/Makefile.NEWS-OS.6.x 3877 src/Makefiles/Makefile.NEXTSTEP 3878 src/Makefiles/Makefile.NonStop-UX 3879 src/Makefiles/Makefile.Paragon 3880 src/Makefiles/Makefile.SCO.3.2v4.2 3881 src/Makefiles/Makefile.SunOS.5.3 3882 src/Makefiles/Makefile.SunOS.5.4 3883 src/Makefiles/Makefile.SunOS.5.5 3884 src/Makefiles/Makefile.UNIX_SV.4.x.i386 3885 src/Makefiles/Makefile.uts.systemV 3886 src/Makefiles/Makefile.UX4800 3887 src/aliases.0 3888 src/mailq.0 3889 src/mime.c 3890 src/newaliases.0 3891 src/sendmail.0 3892 test/t_seteuid.c 3893 RENAMED FILES: 3894 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc 3895 cf/cf/chez.mc => cf/cf/chez.cs.mc 3896 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc 3897 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc 3898 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc 3899 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc 3900 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc 3901 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc 3902 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 3903 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 3904 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 3905 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 3906 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 3907 cf/ostype/irix.m4 => cf/ostype/irix4.m4 3908 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 3909 src/Makefile.* => src/Makefiles/Makefile.* 3910 src/Makefile.AUX => src/Makefiles/Makefile.A-UX 3911 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS 3912 src/Makefile.DGUX => src/Makefiles/Makefile.dgux 3913 src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS 3914 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0 3915 OBSOLETED FILES: 3916 cf/cf/cogsci.mc 3917 cf/cf/cs-exposed.mc 3918 cf/cf/cs-hidden.mc 3919 cf/cf/hpux-cs-hidden.mc 3920 cf/cf/knecht.mc 3921 cf/cf/osf1-cs-hidden.mc 3922 cf/cf/sunos3.5-cs-exposed.mc 3923 cf/cf/sunos3.5-cs-hidden.mc 3924 cf/cf/sunos4.1-cs-hidden.mc 3925 cf/cf/ultrix4.1-cs-hidden.mc 3926 cf/domain/cs-hidden.m4 3927 contrib/rcpt-streaming 3928 src/Makefiles/Makefile.SunOS.5.x 3929 39308.6.13/8.6.12 96/01/25 3931 SECURITY: In some cases it was still possible for an attacker to 3932 insert newlines into a queue file, thus allowing access to 3933 any user (except root). 3934 CONFIG: no changes -- it is not a bug that the configuration 3935 version number is unchanged. 3936 39378.6.12/8.6.12 95/03/28 3938 Fix to IDENT code (it was getting the size of the reply buffer 3939 too small, so nothing was ever accepted). Fix from several 3940 people, including Allan Johannesen, Shane Castle of the 3941 Boulder County Information Services, and Jeff Smith of 3942 Warwick University (all arrived within a few hours of 3943 each other!). 3944 Fix a problem that could cause large jobs to run out of 3945 file descriptors on systems that use vfork() rather 3946 than fork(). 3947 39488.6.11/8.6.11 95/03/08 3949 The ``possible attack'' message would be logged more often 3950 than necessary if you are using Pine as a user agent. 3951 The wrong host would be reported in the ``possible attack'' 3952 message when attempted from IDENT. 3953 In some cases the syslog buffer could be overflowed when 3954 reporting the ``possible attack'' message. This can 3955 cause denial of service attacks. Truncate the message 3956 to 80 characters to prevent this problem. 3957 When reading the IDENT response a loop is needed around the 3958 read from the network to ensure that you don't get 3959 partial lines. 3960 Password entries without any shell listed (that is, a null 3961 shell) wouldn't match as "ok". Problem noted by 3962 Rob McMahon. 3963 When running BIND 4.9.x a problem could occur because the 3964 _res.options field is initialized differently than it 3965 was historically -- this requires that sendmail call 3966 res_init before it tweaks any bits. 3967 Fix an incompatibility in openxscript() between the file open mode 3968 and the stdio mode passed to fdopen. This caused UnixWare 3969 2.0 to have conniptions. Fix from Martin Sohnius of 3970 Novell Labs Europe. 3971 Fix problem with static linking of local getopt routine when 3972 using GNU's ld command. Fix from John Kennedy of 3973 Cal State Chico. 3974 It was possible to turn off privacy flags. Problem noted by 3975 *Hobbit*. 3976 Be more paranoid about writing files. Suggestions by *Hobbit* 3977 and Liudvikas Bukys. 3978 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) 3979 from Spider Boardman. 3980 CONFIG: No changes (version number only, to keep it in sync 3981 with the binaries). 3982 39838.6.10/8.6.10 95/02/10 3984 SECURITY: Diagnose bogus values to some command line flags that 3985 could allow trash to get into headers and qf files. 3986 Validate the name of the user returned by the IDENT protocol. 3987 Some systems that really dislike IDENT send intentionally 3988 bogus information. Problem pointed out by Michael Bushnell 3989 of the Free Software Foundation. Has some security 3990 implications. 3991 Fix a problem causing error messages about DNS problems when 3992 the host name contained a percent sign to act oddly 3993 because it was passed as a printf-style format string. 3994 In some cases this could cause core dumps. 3995 Avoid possible buffer overrun in returntosender() if error 3996 message is quite long. From Fletcher Mattox of the 3997 University of Texas. 3998 Fix a problem that would silently drop "too many hops" error 3999 messages if and only if you were sending to an alias. 4000 From Jon Giltner of the University of Colorado and 4001 Dan Harton of Oak Ridge National Laboratory. 4002 Fix a bug that caused core dumps on some systems if -d11.2 was 4003 set and e->e_message was null. Fix from Bruce Nagel of 4004 Data General. 4005 Fix problem that can still cause df files to be left around 4006 after "hop count exceeded" messages. Fix from Andrew 4007 Chang and Shau-Ping Lo of SunSoft. 4008 Fix a problem that can cause buffer overflows on very long 4009 user names (as might occur if you piped to a program 4010 with a lot of arguments). 4011 Avoid returning an error and re-queueing if the host signature 4012 is null; this can occur on addresses like ``user@.''. 4013 Problem noted by Wesley Craig and the University of 4014 Michigan. 4015 Avoid possible calls to malloc(0) if MCI caching is turned 4016 off. Bug fix from Pierre David of the Laboratoire 4017 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), 4018 Universite de Versailles - St Quentin, and Jacky 4019 Thibault. 4020 Make a local copy of the line being sent via senttolist() -- in 4021 some cases, buffers could get trashed by map lookups 4022 causing it to do unexpected things. This also simplifies 4023 some of the map code. 4024 CONFIG: No changes (version number only, to keep it in sync 4025 with the binaries). 4026 40278.6.9/8.6.9 94/04/19 4028 Do all mail delivery completely disconnected from any terminal. 4029 This provides consistency with daemon delivery and 4030 may have some security implications. 4031 Make sure that malloc doesn't get called with zero size, 4032 since that fails on some systems. Reported by Ed 4033 Hill of the University of Iowa. 4034 Fix multi-line values for $e (SMTP greeting message). Reported 4035 by Mike O'Connor of Ford Motor Company. 4036 Avoid syserr if no NIS domain name is defined, but the map it 4037 is trying to open is optional. From Win Bent of USC. 4038 Changes for picky compilers from Ed Gould of Digital Equipment. 4039 Hesiod support for UDB from Todd Miller of the University of 4040 Colorado. Use "hesiod" as the service name in the U 4041 option. 4042 Fix a problem that failed to set the "authentic" host name (that 4043 is, the one derived from the socket info) if you called 4044 sendmail -bs from inetd. Based on code contributed by 4045 Todd Miller (this problem was also reported by Guy Helmer 4046 of Dakota State University). This also fixes a related 4047 problem reported by Liudvikas Bukys of the University of 4048 Rochester. 4049 Parameterize "nroff -h" in all the Makefiles so people with 4050 variant versions can use them easily. Suggested by 4051 Peter Collinson of Hillside Systems. 4052 SMTP "MAIL" commands with multiple ESMTP parameters required two 4053 spaces between parameters instead of one. Reported by 4054 Valdis Kletnieks of Virginia Tech. 4055 Reduce the number of system calls during message collection by 4056 using global timeouts around the collect() loop. This 4057 code was contributed by Eric Wassenaar. 4058 If the initial hostname name gathering results in a name 4059 without a dot (usually caused by NIS misconfiguration) 4060 and BIND is compiled in, directly access DNS to get 4061 the canonical name. This should make life easier for 4062 Solaris systems. If it still can't be resolved, and 4063 if the name server is listed as "required", try again 4064 in 30 seconds. If that also fails, exit immediately to 4065 avoid bogus "config error: mail loops back to myself" 4066 messages. 4067 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error 4068 message to explain how much space was available and 4069 sound a bit less threatening. Suggested by Stan Janet 4070 of the National Institute of Standards and Technology. 4071 If mail is delivered to an alias that has an owner, deliver any 4072 requested return-receipt immediately, and strip the 4073 Return-Receipt-To: header from the subsequent message. 4074 This prevents a certain class of denial of service 4075 attack, arguably gives more reasonable semantics, and 4076 moves things more towards what will probably become a 4077 network standard. Suggested by Christopher Davis of 4078 Kapor Enterprises. 4079 Add a "noreceipts" privacy flag to turn off all return receipts 4080 without recompiling. 4081 Avoid printing ESMTP parameters as part of the error message 4082 if there are errors during parsing. This change is 4083 purely cosmetic. 4084 Avoid sending out error messages during the collect phase of 4085 SMTP; there is an MVS mailer from UCLA that gets 4086 confused by this. Of course, I think it's their bug.... 4087 Check for the $j macro getting undefined, losing a dot, or getting 4088 lost from $=w in the daemon before accepting a connection; 4089 if it is, it dumps state, prints a LOG_ALERT message, 4090 and drops core for debugging. This is an attempt to 4091 track down a bug that I thought was long since gone. 4092 If you see this, please forward the log fragment to 4093 sendmail@sendmail.ORG. 4094 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off 4095 with -DOLD_NEWDB=0 on the command line. From Christophe 4096 Wolfhugel. 4097 Instead of trying to truncate the listen queue for the server 4098 SMTP port when the load average is too high, just close 4099 the port completely and reopen it later as needed. 4100 This ensures that the other end gets a quick "connection 4101 refused" response, and that the connection can be 4102 recovered later. In particular, some socket emulations 4103 seem to get confused if you tweak the listen queue 4104 size around and can never start listening to connections 4105 again. The down side is that someone could start up 4106 another daemon process in the interim, so you could 4107 have multiple daemons all not listening to connections; 4108 this could in turn cause the sendmail.pid file to be 4109 incorrect. A better approach might be to accept the 4110 connection and give a 421 code, but that could break 4111 other mailers in mysterious ways and have paging behaviour 4112 implications. 4113 Fix a glitch in TCP-level debugging that caused flag 16.101 to 4114 set debugging on the wrong socket. From Eric Wassenaar. 4115 When creating a df* temporary file, be sure you truncate any 4116 existing data in the file -- otherwise system crashes 4117 and the like could result in extra data being sent. 4118 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the 4119 doc directory. This includes some additional 4120 information. 4121 CONFIG: change UUCP rules to never add $U! or $k! on the front 4122 of recipient envelope addresses. This should have been 4123 handled by the $&h trick, but broke if people were 4124 mixing domainized and UUCP addresses. They should 4125 probably have converted all the way over to uucp-uudom 4126 instead of uucp-{new,old}, but the failure mode was to 4127 loop the mail, which was bad news. 4128 Portability fixes: 4129 Newer BSDI systems (several people). 4130 Older BSDI systems from Christophe Wolfhugel. 4131 Intergraph CLIX, from Paul Southworth of CICNet. 4132 UnixWare, from Evan Champion. 4133 NetBSD from Adam Glass. 4134 Solaris from Quentin Campbell of the University of 4135 Newcastle upon Tyne. 4136 IRIX from Dean Cookson and Bill Driscoll of Mitre 4137 Corporation. 4138 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. 4139 SunOS (it has setsid() and setvbuf() calls) from 4140 Jonathan Kamens of OpenVision Technologies. 4141 HP-UX from Tor Lillqvist. 4142 New Files: 4143 src/Makefile.CLIX 4144 src/Makefile.NCR3000 4145 doc/changes/Makefile 4146 doc/changes/changes.me 4147 doc/changes/changes.ps 4148 41498.6.8/8.6.6 94/03/21 4150 SECURITY: it was possible to read any file as root using the 4151 E (error message) option. Reported by Richard Jones; 4152 fixed by Michael Corrigan and Christophe Wolfhugel. 4153 41548.6.7/8.6.6 94/03/14 4155 SECURITY: it was possible to get root access by using weird 4156 values to the -d flag. Thanks to Alain Durand of 4157 INRIA for forwarding me the notice from the bugtraq 4158 list. 4159 41608.6.6/8.6.6 94/03/13 4161 SECURITY: the ability to give files away on System V-based 4162 systems proved dangerous -- don't run as the owner 4163 of a :include: file on a system that allows giveaways. 4164 Unfortunately, this also applies to determining a 4165 valid shell. 4166 IMPORTANT: Previous versions weren't expiring old connections 4167 in the connection cache for a long time under some 4168 circumstances. This could result in resource exhaustion, 4169 both at your end and at the other end. This checks the 4170 connections for timeouts much more frequently. From 4171 Doug Anderson of NCSC. 4172 Fix a glitch that snuck in that caused programs to be run as 4173 the sender instead of the recipient if the mail was 4174 from a local user to another local user. From 4175 Motonori Nakamura of Kyoto University. 4176 Fix "wildcard" on /etc/shells matching -- instead of looking 4177 for "*", look for "/SENDMAIL/ANY/SHELL/". From 4178 Bryan Costales of ICSI. 4179 Change the method used to declare the "statfs" availability; 4180 instead of HASSTATFS and/or HASUSTAT with a ton of 4181 tweaking in conf.c, there is a single #define called 4182 SFS_TYPE which takes on one of six values (SFS_NONE 4183 for no statfs availability, SFS_USTAT for the ustat(2) 4184 syscall, SFS_4ARGS for a four argument statfs(2) call, 4185 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument 4186 statfs(2) call with the declarations in <sys/vfs.h>, 4187 <sys/mount.h>, or <sys/statfs.h> respectively). 4188 Fix glitch in NetInfo support that could return garbage if 4189 there was no "/locations/sendmail" property. From 4190 David Meyer of the University of Virginia. 4191 Change HASFLOCK from defined/not-defined to a 0/1 definition 4192 to allow Linux to turn it off even though it is a 4193 BSD-like system. 4194 Allow setting of "ident" timeout to zero to turn off the ident 4195 protocol entirely. 4196 Make 7-bit stripping local to a connection (instead of to a 4197 mailer); this allows you to specify that SMTP is a 4198 7-bit channel, but revert to 8-bit should it advertise 4199 that it supports 8BITMIME. You still have to specify 4200 mailer flag 7 to get this stripping at all. 4201 Improve makesendmail script so it handles more cases automatically. 4202 Tighten up restrictions on taking ownership of :include: files 4203 to avoid problems on systems that allow you to give away 4204 files. 4205 Fix a problem that made it impossible to rebuild the alias 4206 file if it was on a read-only file system. From 4207 Harry Edmon of the University of Washington. 4208 Improve MX randomization function. From John Gardiner Myers 4209 of CMU. 4210 Fix a minor glitch causing a bogus message to be printed (used 4211 %s instead of %d in a printf string for the line number) 4212 when a bad queue file was read. From Harry Edmon. 4213 Allow $s to remain NULL on locally generated mail. I'm not 4214 sure this is necessary, but a lot of people have complained 4215 about it, and there is a legitimate question as to whether 4216 "localhost" is legal as an 822-style domain. 4217 Fix a problem with very short line lengths (mailer L= flag) in 4218 headers. This causes a leading space to be added onto 4219 continuation lines (including in the body!), and also 4220 tries to wrap headers containing addresses (From:, To:, 4221 etc) intelligently at the shorter line lengths. Problem 4222 Reported by Lars-Johan Liman of SUNET Operations Center. 4223 Log the real user name when logging syserrs, since these can have 4224 security implications. Suggested by several people. 4225 Fix address logging of cached connections -- it used to always 4226 log the numeric address as zero. This is a somewhat 4227 bogus implementation in that it does an extra system 4228 call, but it should be an inexpensive one. Fix from 4229 Motonori Nakamura. 4230 Tighten up handling of short syslog buffers even more -- there 4231 were cases where the outgoing relay= name was too long 4232 to share a line with delay= and mailer= logging. 4233 Limit the overhead on split envelopes to one open file descriptor 4234 per envelope -- previously the overhead was three 4235 descriptors. This was in response to a problem reported 4236 by P{r (Pell) Emanuelsson. 4237 Fixes to better handle the case of unexpected connection closes; 4238 this redirects the output to the transcript so the info 4239 is not lost. From Eric Wassenaar. 4240 Fix potential string overrun if you macro evaluate a string that 4241 has a naked $ at the end. Problem noted by James Matheson 4242 <jmrm@eng.cam.ac.uk>. 4243 Make default error number on $#error messages 553 (``Requested 4244 action not taken: mailbox name not allowed'') instead of 4245 501 (``Syntax error in parameters or arguments'') to 4246 avoid bogus "protocol error" messages. 4247 Strip off any existing trailing dot on names during $[ ... $] 4248 lookup. This prevents it from ending up with two dots 4249 on the end of dot terminated names. From Wesley Craig 4250 of the University of Michigan and Bryan Costales of ICSI. 4251 Clean up file class reading so that the debugging information is 4252 more informative. It hadn't been using setclass, so you 4253 didn't see the class items being added. 4254 Avoid core dump if you are running a version of sendmail where 4255 NIS is compiled in, and you specify an NIS map, but 4256 NIS is not running. Fix from John Oleynick of 4257 Rutgers. 4258 Diagnose bizarre case where res_search returns a failure value, 4259 but sets h_errno to a success value. 4260 Make sure that "too many hops" messages are considered important 4261 enough to send an error to the Postmaster (that is, the 4262 address specified in the P option). This fix should 4263 help problems that cause the df file to be left around 4264 sometimes -- unfortunately, I can't seem to reproduce 4265 the problem myself. 4266 Avoid core dump (null pointer reference) on EXPN command; this 4267 only occurred if your log level was set to 10 or higher 4268 and the target account was an alias or had a .forward file. 4269 Problem noted by Janne Himanka. 4270 Avoid "denial of service" attacks by someone who is flooding your 4271 SMTP port with bad commands by shutting the connection 4272 after 25 bad commands are issued. From Kyle Jones of 4273 UUNET. 4274 Fix core dump on error messages with very long "to" buffers; 4275 fmtmsg overflows the message buffer. Fixed by trimming 4276 the to address to 203 characters. Problem reported by 4277 John Oleynick. 4278 Fix configuration for HASFLOCK -- there were some spots where 4279 a #ifndef was incorrectly #ifdef. Pointed out by 4280 George Baltz of the University of Maryland. 4281 Fix a typo in savemail() that could cause the error message To: 4282 lists to be incorrect in some places. From Motonori 4283 Nakamura. 4284 Fix a glitch that can cause duplicate error messages on split 4285 envelopes where an address on one of the lists has a 4286 name server failure. Fix from Voradesh Yenbut of the 4287 University of Washington. 4288 Fix possible bogus pointer reference on ESMTP parameters that 4289 don't have an ``=value'' part. 4290 CNAME loops caused an error message to be generated, but also 4291 re-queued the message. Changed to just re-queue the 4292 message (it's really hard to just bounce it because 4293 of the weird way the name server works in the presence 4294 of CNAME loops). Problem noted by James M.R.Matheson 4295 of Cambridge University. 4296 Avoid giving ``warning: foo owned process doing -bs'' messages 4297 if they use ``MAIL FROM:<foo>'' where foo is their true 4298 user name. Suggested by Andreas Stolcke of ICSI. 4299 Change the NAMED_BIND compile flag to be a 0/1 flag so you can 4300 override it easily in the Makefile -- that is, you can 4301 turn it off using -DNAMED_BIND=0. 4302 If a gethostbyname(...) of an address with a trailing dot fails, 4303 try it without the trailing dot. This is because if 4304 you have a version of gethostbyname() that falls back 4305 to NIS or the /etc/hosts file it will fail to find 4306 perfectly reasonable names that just don't happen to 4307 be dot terminated in the hosts file. You don't want to 4308 strip the dot first though because we're trying to ensure 4309 that country names that match one of your subdomains get 4310 a chance. 4311 PRALIASES: fix bogus output on non-null-terminated strings. 4312 From Bill Gianopoulos of Raytheon. 4313 CONFIG: Avoid rewriting anything that matches $w to be $j. 4314 This was in code intended to only catch the self-literal 4315 address (that is, [1.2.3.4], where 1.2.3.4 is your 4316 IP address), but the code was broken. However, it will 4317 still do this if $M is defined; this is necessary to 4318 get client configurations to work (sigh). Note that this 4319 means that $M overrides :mailname entries in the user 4320 database! Problem noted by Paul Southworth. 4321 CONFIG: Fix definition of Solaris help file location. From 4322 Steve Cliffe <steve@gorgon.cs.uow.edu.au>. 4323 CONFIG: Fix bug that broke news.group.USENET mappings. 4324 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, 4325 and USENET_MAILER_MAX to tweak the maximum message 4326 size for various mailers. 4327 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] 4328 instead of assuming that it is "inews" for consistency 4329 with other mailers. From Michael Corrigan of UC San Diego. 4330 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, 4331 qualify the address in the SMTP envelope as user@{relay|hub} 4332 instead of user@$j. From Bill Wisner of The Well. 4333 CONFIG: Fix route-addr syntax in nullrelay configuration set. 4334 CONFIG: Don't turn off case mapping of user names in the local 4335 mailer for IRIX. This was different than most every other 4336 system. 4337 CONFIG: Avoid infinite loops on certainly list:; syntaxes in 4338 envelope. Noted by Thierry Besancon 4339 <besancon@excalibur.ens.fr>. 4340 CONFIG: Don't include -z by default on uux line -- most systems 4341 don't want it set by default. Pointed out by Philippe 4342 Michel of Thomson CSF. 4343 CONFIG: Fix some bugs with mailertables -- for example, if your 4344 host name was foo.bar.ray.com and you matched against 4345 ".ray.com", the old implementation bound %1 to "bar" 4346 instead of "foo.bar". Also, allow "." in the mailertable 4347 to match anything -- essentially, take over SMART_HOST. 4348 This also moves matching of explicit local host names 4349 before the mailertable so they don't have to be special 4350 cased in the mailertable data. Reported by Bill 4351 Gianopoulos of Raytheon; the fix for the %1 binding 4352 problem was contributed by Nicholas Comanos of the 4353 University of Sydney. 4354 CONFIG: Don't include "root" in class $=L (users to deliver 4355 locally, even if a hub or relay exists) by default. 4356 This is because of the known bug where definition of 4357 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore 4358 both and deliver into the local mailbox. 4359 CONFIG: Move up bitdomain and uudomain handling so that they 4360 are done before .UUCP class matching; uudomain was 4361 reported as ineffective before. This also frees up 4362 diversion 8 for future use. Problem reported by Kimmo 4363 Suominen. 4364 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) 4365 into host names. As pointed out by Jonathan Kamens, 4366 these are often used because either the forward or reverse 4367 mapping is broken; this translation makes it broken again. 4368 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo 4369 Suominen. 4370 Portability fixes: 4371 Unicos from David L. Kensiski of Sterling Software. 4372 DomainOS from Don Lewis of Silicon Systems. 4373 GNU m4 1.0.3 from Karst Koymans of Utrecht University. 4374 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. 4375 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. 4376 BSD/386 from Tony Sanders of BSDI. 4377 Apollo from Eric Wassenaar. 4378 DGUX from Doug Anderson. 4379 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. 4380 NEW FILES: 4381 src/Makefile.DomainOS 4382 src/Makefile.PTX 4383 src/Makefile.SunOS.5.1 4384 src/Makefile.SunOS.5.2 4385 src/Makefile.SunOS.5.x 4386 src/mailq.1 4387 cf/ostype/domainos.m4 4388 doc/op/Makefile 4389 doc/intro/Makefile 4390 doc/usenix/Makefile 4391 43928.6.5/8.6.5 94/01/13 4393 Security fix: /.forward could be owned by anyone (the test 4394 to allow root to own any file was backwards). From 4395 Bob Campbell at U.C. Berkeley. 4396 Security fix: group ids were not completely set when programs 4397 were invoked. This caused programs to have group 4398 permissions they should not have had (usually group 4399 daemon instead of their own group). In particular, 4400 Perl scripts would refuse to run. 4401 Security: check to make sure files that are written are not 4402 symbolic links (at least under some circumstances). 4403 Although this does not respond to a specific known 4404 attack, it's just a good idea. Suggested by 4405 Christian Wettergren. 4406 Security fix: if a user had an NFS mounted home directory on 4407 a system with a restricted shell listed in their 4408 /etc/passwd entry, they could still execute any 4409 program by putting that in their .forward file. 4410 This fix prevents that by insisting that their shell 4411 appear in /etc/shells before allowing a .forward to 4412 execute a program or write a file. You can disable 4413 this by putting "*" in /etc/shells. It also won't 4414 permit world-writable :include: files to reference 4415 programs or files (there's no way to disable this). 4416 These behaviours are only one level deep -- for 4417 example, it is legal for a world-writable :include: 4418 file to reference an alias that writes a file, on 4419 the assumption that the alias file is well controlled. 4420 Security fix: root was not treated suspiciously enough when 4421 looking into subdirectories. This would potentially 4422 allow a cracker to examine files that were publicly 4423 readable but in a non-publicly searchable directory. 4424 Fix a problem that causes an error on QUIT on a cached 4425 connection to create problems on the current job. 4426 These are typically unrelated, so errors occur in 4427 the wrong place. 4428 Reset CurrentLA in sendall() -- this makes sendmail queue 4429 runs more responsive to load average, and fixes a 4430 problem that ignored the load average in locally 4431 generated mail. From Eric Wassenaar. 4432 Fix possible core dump on aliases with null LHS. From 4433 John Orthoefer of BB&N. 4434 Revert to using flock() whenever possible -- there are just 4435 too many bugs in fcntl() locking, particularly over 4436 NFS, that cause sendmail to fail in perverse ways. 4437 Fix a bug that causes the connection cache to get confused 4438 when sending error messages. This resulted in 4439 "unexpected close" messages. It should fix itself 4440 on the following queue run. Problem noted by 4441 Liudvikas Bukys of the University of Rochester. 4442 Include $k in $=k as documented in the Install & Op Guide. 4443 This seems odd, but it was documented.... From 4444 Michael Corrigan of UCSD. 4445 Fix problem that caused :include:s from alias files to be 4446 forced to be owned by root instead of daemon 4447 (actually DefUid). From Tim Irvin. 4448 Diagnose unrecognized I option values -- from Mortin Forssen 4449 of the Chalmers University of Technology. 4450 Make "error" mailer work consistently when there is no error 4451 code associated with it -- previously it returned OK 4452 even though there was a real problem. Now it assumes 4453 EX_UNAVAILABLE. 4454 Fix bug that caused the last header line of messages that had 4455 no body and which were terminated with EOF instead of 4456 "." to be discarded. Problem noted by Liudvikas Bukys. 4457 Fix core dump on SMTP mail to programs that failed -- it tried 4458 to go to a "next MX host" when none existed, causing 4459 a core dump. From der Mouse at McGill University. 4460 Change IDENTPROTO from a defined/not defined to a 0/1 switch; 4461 this makes it easier to turn it off (using 4462 -DIDENTPROTO=0 in the Makefile). From der Mouse. 4463 Fix YP_MASTER_NAME store to use the unupdated result of 4464 gethostname() (instead of myhostname(), which tries 4465 to fully qualify the name) to be consistent with 4466 SunOS. If your hostname is unqualified, this fixes 4467 transfers to slave servers. Bug noted by Keith 4468 McMillan of Ameritech Services, Inc. 4469 Fix Ultrix problem: gethostbyname() can return a very large 4470 (> 500) h_length field, which causes the sockaddr 4471 to be trashed. Use the size of the sockaddr instead. 4472 Fix from Bob Manson of Ohio State. 4473 Don't assume "-a." on host lookups if NAMED_BIND is not 4474 defined -- this confuses gethostbyname on hosts 4475 file lookups, which doesn't understand the trailing 4476 dot convention. 4477 Log SMTP server subprocesses that die with a signal instead 4478 of from a clean exit. 4479 If you don't have option "I" set, don't assume that a DNS 4480 "host unknown" message is authoritative -- it 4481 might still be found in /etc/hosts. 4482 Fix a problem that would cause Deferred: messages to be sent 4483 as the subject of an error message, even though the 4484 actual cause of a message was more severe than that. 4485 Problem noted by Chris Seabrook of OSSI. 4486 Fix race condition in DBM alias file locking. From Kyle 4487 Jones of UUNET. 4488 Limit delivery syslog line length to avoid bugs in some 4489 versions of syslog(3). This adds a new compile time 4490 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton 4491 University, which is in turn derived from IDA. 4492 Fix quotes inside of comments in addresses -- previously 4493 it insisted that they be balanced, but the 822 spec 4494 says that they should be ignored. 4495 Dump open file state to syslog upon receiving SIGUSR1 (for 4496 debugging). This also evaluates ruleset 89, if set 4497 (with the null input), and logs the result. This 4498 should be used sparingly, since the rewrite process 4499 is not reentrant. 4500 Change -qI, -qR, and -qS flags to be case-insensitive as 4501 documented in the Bat Book. 4502 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not 4503 return an error message and did not requeue the message. 4504 Fix based on code from Roland Dirlewanger of 4505 Reseau Regional Aquarel, Bordeaux, France. 4506 Fix a problem that caused a seg fault if you got a 421 error 4507 code during some parts of connection initialization. 4508 I've only seen this when talking to buggy mailers on 4509 the other end, but it shouldn't give a seg fault in 4510 any case. From Amir Plivatsky. 4511 Fix core dump caused by a ruleset call that returns null. 4512 Fix from Bryan Costales of ICSI. 4513 Full-Name: field was being ignored. Fix from Motonori Nakamura 4514 of Kyoto University. 4515 Fix a possible problem with very long input lines in setproctitle. 4516 From P{r Emanuelsson. 4517 Avoid putting "This is a warning message" out on return receipts. 4518 Suggested by Douglas Anderson. 4519 Detect loops caused by recursive ruleset calls. Suggested by 4520 Bryan Costales. 4521 Initialize non-alias maps during alias rebuilds -- they may be 4522 needed for parsing. Problem noted by Douglas Anderson. 4523 Log sender address even if no message was collected in SMTP 4524 (e.g., if all RCPTs failed). Suggested by Motonori 4525 Nakamura. 4526 Don't reflect the owner-list contents into the envelope sender 4527 address if the value contains ", :, /, or | (to avoid 4528 illegal addresses appearing there). 4529 Efficiency hack for toktype macro -- from Craig Partridge of 4530 BB&N. 4531 Clean up DNS error printing so that a host name is always 4532 included. 4533 Remember to set $i during queue runs. Reported by Stephen 4534 Campbell of Dartmouth University. 4535 If the environment variable HOSTALIASES is set, use it during 4536 canonification as the name of a file with per-user host 4537 translations so that headers are properly mapped. Reported 4538 by Anne Bennett of Concordia University. 4539 Avoid printing misleading error message if SMTP mailer (not 4540 using [IPC]) should die on a core dump. 4541 Avoid incorrect diagnosis of "file 1 closed" when it is caused 4542 by the other end closing the connection. From 4543 Dave Morrison of Oracle. 4544 Improve several of the error messages printed by "mailq" 4545 to include a host name or other useful information. 4546 Add NetInfo preliminary support for NeXT systems. From Vince 4547 DeMarco. 4548 Fix a glitch that sometimes caused :include:s that pointed to 4549 NFS filesystems that were down to give an "aliasing/ 4550 forwarding loop broken" message instead of queueing 4551 the message for retry. Noted by William C Fenner of 4552 the NRL Connection Machine Facility. 4553 Fix a problem that could cause a core dump if the input sequence 4554 had (or somehow acquired) a \231 character. 4555 Make sure that route-addrs always have <angle brackets> around 4556 them in non-SMTP envelopes (SMTP envelopes already do 4557 this properly). 4558 Avoid weird headers on unbalanced punctuation of the form: 4559 ``Joe User <user)'' -- this caused reference to the 4560 null macro. Fix from Rick McCarty of IO.COM. 4561 Fix a problem that caused an alias "user: user@local.host" to 4562 not have the QNOTREMOTE bit set; this caused configs 4563 to act as if FEATURE(notsticky) was defined even when 4564 it was not. The effect of the problem was to make it 4565 very hard to to set up satellite sites that had a few 4566 local accounts, with everything else forwarded to a 4567 corporate hub. Reported by Detlef Drewanz of the 4568 University of Rostock and Mark Frost of NCD. 4569 Change queuing to not call rulesets 3, {1 or 2}, 4 on header 4570 addresses. This is more efficient (fewer name server 4571 calls) and fixes certain unusual configurations, such 4572 as those that have ruleset 4 do something that is 4573 non-idempotent unless a mailer-specific ruleset did 4574 something else. Problem reported by Brian J. Coan 4575 of the Institute for Global Communications. 4576 Fix the "obsolete argument" routine in main to better understand 4577 new arguments. For example, if you used ``sendmail 4578 -C config -v -q'' it would choke on the -q because 4579 the -C would stop looking for old-format arguments. 4580 Fix the code that was intended to allow two users to forward their 4581 mail to the same program and have them appear unique. 4582 Portability fixes for: 4583 SCO UNIX from Murray Kucherawy. 4584 SCO Open Server 3.2v4 from Philippe Brand. 4585 System V Release 4 from Rick Ellis and others. 4586 OSF/1 from Steve Campbell. 4587 DG/UX from Ben Mesander of the USGS and Bryan Curnutt 4588 of Stoner Associates. 4589 Motorola SysV88 from Kevin Johnson of Motorola. 4590 Solaris 2.3 from Casper H.S. Dik of the University 4591 of Amsterdam and John Caruso of University 4592 of Maryland. 4593 FreeBSD from Ollivier Robert. 4594 NetBSD from Adam Glass. 4595 TitanOS from Kate Hedstrom of Rutgers University. 4596 Irix from Bryan Curnutt. 4597 Dynix from Jim Davis of the University of Arizona. 4598 RISC/os. 4599 Linux from John Kennedy of California State University 4600 at Chico. 4601 Solaris 2.x from Tony Boner of the U.S. Air Force. 4602 NEXTSTEP 3.x from Vince DeMarco. 4603 HP-UX from various people. NOTA BENE: the location 4604 of the config file has moved to /usr/lib 4605 to match the HP-UX version of sendmail. 4606 CONFIG: Don't do any recipient rewriting on relay mailer; 4607 since this is intended only for internal use, the 4608 usual RFC 821/822/1123 rules can be relaxed. The 4609 main point of this is to avoid munging (ugh) UUCP 4610 addresses when relaying internally. 4611 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; 4612 syntax addresses delivered via UUCP. Solution 4613 provided by Peter Wemm. 4614 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset 4615 zero; it caused double @ signs in addresses. From 4616 Irving Reid of the University of Toronto. 4617 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 4618 from Markku Toijala of ICL Personal Systems Oy. 4619 CONFIG: Add trailing "." on pseudo-domains for consistency; 4620 this fixes a problem (noted by Al Whaley of Sunnyside) 4621 that made it hard to recognize your own pseudodomain 4622 names. 4623 CONFIG: catch "@host" syntax errors (i.e., null local-parts) 4624 rather than letting them get "local configuration 4625 error"s. Problem noted by John Gardiner Myers. 4626 CONFIG: add uucp-uudom mailer variant, based on code posted 4627 by Spider Boardman <spider@Orb.Nashua.NH.US>; this 4628 has uucp-dom semantics but old UUCP syntax. This 4629 also permits "uucp-old" as an alias for "uucp" and 4630 "uucp-new" as a synonym for "suucp" for consistency. 4631 CONFIG: add POP mailer support (from Kimmo Suominen 4632 <kim@grendel.lut.fi>). 4633 CONFIG: drop CSNET_RELAY support -- CSNET is long gone. 4634 CONFIG: fix bug caused with domain literal addresses (e.g., 4635 ``[128.32.131.12]'') when FEATURE(allmasquerade) 4636 was set; it would get an additional @masquerade.host 4637 added to the address. Problem noted by Peter Wan 4638 of Georgia Tech. 4639 CONFIG: make sure that the local UUCP name is in $=w. From 4640 Jim Murray of Stratus. 4641 CONFIG: changes to UUCP rewriting to simulate IDA-style "V" 4642 mailer flag. Briefly, if you are sending to host 4643 "foo", then it rewrites "foo!...!baz" to "...!baz", 4644 "foo!baz" remains "foo!baz", and anything else has 4645 the local name prepended. 4646 CONFIG: portability fixes for HP-UX. 4647 DOC: several minor problems fixed in the Install & Op Guide. 4648 MAKEMAP: fix core dump problem on lines that are too long or 4649 which lack newline. From Mark Delany. 4650 MAILSTATS: print sums of columns (total messages & kbytes 4651 in and out of the system). From Tom Ferrin of UC 4652 San Francisco Computer Graphics Lab. 4653 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: 4654 On HP-UX, /etc/sendmail.cf has been moved to 4655 /usr/lib/sendmail.cf to match HP sendmail. 4656 Permissions have been tightened up on world-writable 4657 :include: files and accounts that have shells 4658 that are not listed in /etc/shells. This may 4659 cause some .forward files that have worked 4660 before to start failing. 4661 SIGUSR1 dumps some state to the log. 4662 NEW FILES: 4663 src/Makefile.DGUX 4664 src/Makefile.Dynix 4665 src/Makefile.FreeBSD 4666 src/Makefile.Mach386 4667 src/Makefile.NetBSD 4668 src/Makefile.RISCos 4669 src/Makefile.SCO 4670 src/Makefile.SVR4 4671 src/Makefile.Titan 4672 cf/mailer/pop.m4 4673 cf/ostype/bsdi1.0.m4 4674 cf/ostype/dgux.m4 4675 cf/ostype/dynix3.2.m4 4676 cf/ostype/sco3.2.m4 4677 makemap/Makefile.dist 4678 praliases/Makefile.dist 4679 46808.6.4/8.6.4 93/10/31 4681 Repair core-dump problem (write to read-only memory segment) 4682 if you fall back to the return-to-Postmaster case in 4683 savemail. Problem reported by Richard Liu. 4684 Immediately diagnose bogus sender addresses in SMTP. This 4685 makes quite certain that crackers can't use this 4686 class of attack. 4687 Reliability Fix: check return value from fclose() and fsync() 4688 in a few critical places. 4689 Minor problem in initsys() that reversed a condition for 4690 redirecting the output channel on queue runs. It's 4691 not clear this code even does anything. From Eric 4692 Wassenaar of the Dutch National Institute for Nuclear 4693 and High-Energy Physics. 4694 Fix some problems that caused queue runs to do "too much work", 4695 such as double-reading the Errors-To: header. From 4696 Eric Wassenaar. 4697 Error messages on writing the temporary file (including the 4698 data file) were getting suppressed in SMTP -- this 4699 fix causes them to be properly reported. From Eric 4700 Wassenaar. 4701 Some changes to support AF_UNIX sockets -- this will only 4702 really become relevant in the next release, but some 4703 people need it for local patches. From Michael 4704 Corrigan of UC San Diego. 4705 Use dynamically allocated memory (instead of static buffers) 4706 for macros defined in initsys() and settime(); since 4707 these can have different values depending on which 4708 envelope they are in. From Eric Wassenaar. 4709 Improve logging to show ctladdr on to= logging; this tells you 4710 what uid/gid processes ran as. 4711 Fix a problem that caused error messages to be discarded if 4712 the sender address was unparseable for some reason; 4713 this was supposed to fall back to the "return to 4714 postmaster" case. 4715 Improve aliaswait backoff algorithm. 4716 Portability patches for Linux (8.6.3 required another header 4717 file) (from Karl London) and SCO UNIX. 4718 CONFIG: patch prog mailer to not strip host name off of envelope 4719 addresses (so that it matches local again). From 4720 Christopher Davis. 4721 CONFIG: change uucp-dom mailer so that "<>" translates to $n; 4722 this prevents uux from seeing lines with null names like 4723 ``From Sat Oct 30 14:55:31 1993''. From Motonori 4724 Nakamura of Kyoto University. 4725 CONFIG: handle <list:;> syntax correctly. This isn't legal, but 4726 it shouldn't fail miserably. From Motonori Nakamura. 4727 47288.6.2/8.6.2 93/10/15 4729 Put a "successful delivery" message in the transcript for 4730 addresses that get return-receipts. 4731 Put a prominent "this is only a warning" message in warning 4732 messages -- some people don't read carefully enough 4733 and end up sending the message several times. 4734 Include reason for temporary failure in the "warning" return 4735 message. Currently, it just says "cannot send for 4736 four hours". 4737 Fix the "Original message received" time generated for 4738 returntosender messages. It was previously listed as 4739 the current time. Bug reported by Eric Hagberg of 4740 Cornell University Medical College. 4741 If there is an error when writing the body of a message, 4742 don't send the trailing dot and wait for a response 4743 in sender SMTP, as this could cause the connection to 4744 hang up under some bizarre circumstances. From Eric 4745 Wassenaar. 4746 Fix some server SMTP synchronization problems caused when 4747 connections fail during message collection. From 4748 Eric Wassenaar. 4749 Fix a problem that can cause srvrsmtp to reject mail if the 4750 name server is down -- it accepts the RCPT but rejects 4751 the DATA command. Problem reported by Jim Murray of 4752 Stratus. 4753 Fix a problem that can cause core dumps if the config file 4754 incorrectly resolves to a null hostname. Reported by 4755 Allan Johannesen of WPI. 4756 Non-root use of -C flag, dangerous -f flags, and use of -oQ 4757 by non-root users were not put into 4758 X-Authentication-Warning:s as intended because the 4759 config file hadn't set the PrivacyFlags yet. Fix 4760 from Sven-Ove Westberg of the University of Lulea. 4761 Under very odd circumstances, the alias file rebuild code 4762 could get confused as to whether a database was 4763 open or not. 4764 Check "vendor code" on the end of V lines -- this is 4765 intended to provide a hook for vendor-specific 4766 configuration syntax. (This is a "new feature", 4767 but I've made an exception to my rule in a belief 4768 that this is a highly exceptional case.) 4769 Portability fixes for DG/UX (from Douglas Anderson of NCSC), 4770 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 4771 (from Jon Forrest of UC Berkeley) 4772 CONFIG: fix ``mailer:host'' form of UUCP relay naming. 4773 47748.6.1/8.6 93/10/08 4775 Portability fixes for A/UX and Encore UMAX V. 4776 Fix error message handling -- if you had a name server down 4777 causing an error during parsing, that message was never 4778 propagated to the queue file. 4779 47808.6/8.6 93/10/05 4781 Configuration cleanup: make it easier to undo IDENTPROTO in 4782 conf.h (other systems have the same bug). 4783 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume 4784 getdtablesize() instead of sysconf(); a disturbingly 4785 large number of systems defined _SC_OPEN_MAX in the 4786 header files but don't have the syscall. 4787 Another patch to really truly ignore MX records in getcanonname 4788 if trymx == FALSE. 4789 Fix problem that caused the "250 IAA25499 Message accepted for 4790 delivery" message to be omitted if there was an error 4791 in the header of the message (e.g., a bad Errors-To: 4792 line). Pointed out by Michael Corrigan of UCSD. 4793 Announce name of host we are chatting when we get errors; this 4794 is an IDA-ism suggested by Christophe Wolfhugel. 4795 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the 4796 Australian Artificial Intelligence Institute), SCO Unix 4797 (from Murray Kucherawy of Hookup Communication Corp.), 4798 NeXT (from Vince DeMarco and myself), Linux (from 4799 Karl London <karl@borg.demon.co.uk>), BSDI (from 4800 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo 4801 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. 4802 Some changes to get around gcc optimizer bugs. From Takahiro 4803 Kanbe. 4804 Fix error recovery in queueup if another tf file of the same 4805 name already exists. Problem stumbled over by Bill 4806 Wisner of The Well. 4807 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. 4808 Problem noted by Keith McMillan of Ameritech Services. 4809 Deal with group permissions properly when opening .forward and 4810 :include: files. This relaxes the 8.1C restrictions 4811 slightly more. This includes proper setting of groups 4812 when reading :include: files, allowing you to read some 4813 files that you should be able to read but have previously 4814 been denied unless you owned them or they had "other" 4815 read permission. 4816 Make certain that $j is in $=w (after the .cf is read) so that 4817 if the user is forced to override some silly system, 4818 MX suppression will still work. 4819 Fix a couple of efficiency problems where newstr was double- 4820 calling expensive routines. In at least one case, it 4821 wasn't guaranteed that they would always return the 4822 same result. Problem noted by Christophe Wolfhugel. 4823 Fix null pointer dereference in putoutmsg -- only on an error 4824 condition from a non-SMTP mailer. From Motonori 4825 Nakamura. 4826 Macro expand "C" line class definitions before scanning so that 4827 "CX $Z" works. 4828 Fix problem that caused error message to be sent while still 4829 trying to send the original message if the connection 4830 is closed during a DATA command after getting an error 4831 on an RCPT command (pretty obscure). Problem reported 4832 by John Myers of CMU. 4833 Fix reply to NOOP to be 250 instead of 200 -- this is a long 4834 term bug. 4835 Fix a nasty bug causing core dumps when returning the "warning: 4836 cannot deliver for N hours -- will keep trying" message; 4837 it only occurred if you had PostMasterCopy set and 4838 only on some architectures. Although sendmail would 4839 keep trying, it would send error messages on each 4840 queue interval. This is an important fix. 4841 Allow u and g options to take user and group names respectively. 4842 Don't do a chdir into the queue directory in -bt mode to make 4843 ruleset testing a bit easier. 4844 Don't allow users to turn off logging (using -oL) on the command 4845 line -- command line can only raise, not lower, logging 4846 level. 4847 Set $u to the original recipient on the SMTP transaction or on 4848 the command line. This is only done if there is exactly 4849 one recipient. Technically, this does not meet the 4850 specs, because it does not guarantee a domain on the 4851 address. 4852 Fix a problem that dumped error messages on bad addresses if 4853 you used the -t flag. Problem noted by Josh Smith of 4854 Harvey Mudd College. 4855 Given an address such as ``<foo> <bar>'', auto-quote the first 4856 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to 4857 avoid the problem of people who use angle brackets in 4858 their full name information. 4859 Fix a null pointer dereference if you set option "l", have 4860 an Errors-To: header in the message, and have Errors-To: 4861 defined in the config file H lines. From J.R. Oldroyd. 4862 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get 4863 wrong when compiling. Suggested by Rick McCarty of TI. 4864 Fix a problem that could pass negative SIZE parameter if the 4865 df file got lost; this would cause servers to always 4866 give a temporary failure, making the problem even worse. 4867 Problem noted by Allan Johannesen of WPI. 4868 Add "ident" timeout (one of the "r" option selectors) for IDENT 4869 protocol timeouts (30s default). Requested by Murray 4870 Kucherawy of HookUp Communication Corp. to handle bogus 4871 PC TCP/IP implementations. 4872 Change $w default definition to be just the first component of 4873 the domain name on config level 5. The $j macro defaults 4874 to the FQDN; $m remains as before. This lets well-behaved 4875 config files use any of the short, long, or subdomain 4876 names. 4877 Add makesendmail script in src to try to automate multi-architecture 4878 builds. I know, this is sub-optimal, but it is still 4879 helpful. 4880 Fix very obscure race condition that can cause a queue run to 4881 get a queue file for an already completed job. This 4882 problem has existed for years. Problem noted by the 4883 long suffering Allan Johannesen of WPI. 4884 Fix a problem that caused the raw sender name to be passed to 4885 udbsender instead of the canonified name -- this caused 4886 it to sometimes miss records that it should have found. 4887 Relax check of name on HELO packet so that a program using -bs 4888 that claims to be itself works properly. 4889 Restore rewriting of $: part of address through 2, R, 4 in 4890 buildaddr -- this requires passing a lot of flags to get 4891 it right. Unlike old versions, this ONLY rewrites 4892 recipient addresses, not sender addresses. 4893 Fix a bug that caused core dumps in config files that cannot 4894 resolve /file/name style addresses. Fix from Jonathan 4895 Kamens of OpenVision Technologies. 4896 Fix problem with fcntl locking that can cause error returns to 4897 be lost if the lock is lost; this required fully 4898 queueing everything, dropping the envelope (so errors 4899 would get returned), and then re-reading the queue from 4900 scratch. 4901 Fix a problem that caused aliases that redefine an otherwise 4902 true address to still send to the original address 4903 if and only if the alias failed in certain bizarre 4904 ways (e.g, if they pointed at a list:; syntax address). 4905 Problem pointed out by Jonathan Kamens. 4906 Remove support for frozen configuration files. They caused 4907 more trouble than it was worth. 4908 Fix problem that can cause error messages to get ignored when 4909 using both -odb and -t flags. Problem noted by Rob 4910 McNicholas at U.C. Berkeley. 4911 Include all "normal" variations on hostname in $=w. For example, 4912 if the host name is vangogh.cs.berkeley.edu, $=w will 4913 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. 4914 Add "restrictqrun" privacy flag -- without this, anyone can run 4915 the queue. 4916 Reset SmtpPhase global on initial connection creation so that 4917 messages don't come out with stale information. 4918 Pass an "ext" argument to lockfile so that error/log messages 4919 will properly reflect the true filename being locked. 4920 Put all [...] address forms into $=w -- this eliminates the need 4921 for MAXIPADDR in conf.h. Suggested by John Gardiner 4922 Myers of CMU. 4923 Fix a bug that can cause qf files to be left around even after 4924 an SMTP RSET command. Problem and fix from Michael 4925 Corrigan. 4926 Don't send a PostMasterCopy to errors when the Precedence: is 4927 negative. Error reports still go to the envelope 4928 sender address. 4929 Add LA_SHORT for load averages. 4930 Lock sendmail.st file when posting statistics. 4931 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to 4932 set the size of the TCP send and receive buffers; if you 4933 run over a slow slip line you may need to set these down 4934 (although it would be better to fix the SLIP implementation 4935 so that it's not necessary to recompile every program 4936 that does bulk data transfer). 4937 Allow null defaults on $( ... $) lookups. Problem reported by 4938 Amir Plivatsky. 4939 Diagnose crufty S and V config lines. This resulted from an 4940 observation that some people were using the SITE macro 4941 without the SITECONFIG macro first, which was causing 4942 bogus config files that were not caught. 4943 Fix makemap -f flag to turn off case folding (it was turning it 4944 on instead). THIS IS A USER VISIBLE CHANGE!!! 4945 Fix a problem that caused multiple error messages to be sent if 4946 you used "sendmail -t -oem -odb", your system uses fcntl 4947 locking, and one of the recipient addresses is unknown. 4948 Reset uid earlier in include() so that recursive .forwards or 4949 :include:s don't use the wrong uid. 4950 If file descriptor 0, 1, or 2 was closed when sendmail was 4951 called, the code to recover the descriptor was broken. 4952 This sometimes (only sometimes) caused problems with the 4953 alias file. Fix from Motonori Nakamura. 4954 Fix a problem that caused aliaswait to go into infinite recursion 4955 if the @:@ metasymbol wasn't found in the alias file. 4956 Improve error message on newaliases if database files cannot be 4957 opened or if running with no database format defined. 4958 Do a better estimation of the size of error messages when NoReturn 4959 is set. Problem noted by P{r (Pell) Emanuelsson. 4960 Fix a problem causing the "c" option (don't connect to expensive 4961 mailers) to be ignored in SMTP. Problem noted and the 4962 solution suggested by Robert Elz of The University of 4963 Melbourne. 4964 Improve connection caching algorithm by passing "[host]" to 4965 hostsignature, which strips the square brackets and 4966 returns the real name. This allows mailertable entries 4967 to match regular entries. 4968 Re-enable Return-Receipt-To: -- people seem to want this stupid 4969 feature, even if it doesn't work right. 4970 Catch and log attempts to try the "wiz" command in server SMTP. 4971 This also ups the log level from LOG_NOTICE to LOG_CRIT. 4972 Be more generous at assigning $z to the home directory -- do this 4973 for programs that are specified through a .forward file. 4974 Fix from Andrew Chang of Sun Microsystems. 4975 Always save a fatal error message in preference to a non-fatal 4976 error message so that the "subject" line of return 4977 messages is the best possible. 4978 CONFIG: reduce the number of quotes needed to quote configuration 4979 parameters with commas: two quotes should work now, e.g., 4980 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). 4981 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom 4982 connections (domain-ized UUCP). 4983 CONFIG: fix bug in default maps (-o must be before database file 4984 name). Pointed out by Christophe Wolfhugel. 4985 CONFIG: add FEATURE(nodns) to state that we are not relying on 4986 DNS. This would presumably be used in UUCP islands. 4987 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). 4988 CONFIG: log $u in Received: line. This is in technical violation 4989 of the standards, since it doesn't guarantee a domain 4990 on the address. 4991 CONFIG: don't assume "m" in local mailer flags -- this means that 4992 if you redefine LOCAL_MAILER_FLAGS you will have to include 4993 the "m" flag should you want it. Apparently some Solaris 2.2 4994 installations can't handle multiple local recipients. 4995 Problem noted by Josh Smith. 4996 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). 4997 CONFIG: change default version level from 4 to 5. 4998 CONFIG: add FEATURE(nullclient) to create a config file that 4999 forwards all mail to a hub without ever looking at the 5000 addresses in any detail. 5001 CONFIG: properly strip mailer: information off of relays when 5002 used to change .BITNET form into %-hack form. 5003 CONFIG: fix a problem that caused infinite loops if presented 5004 with an address such as "!foo". 5005 CONFIG: check for self literal (e.g., [128.32.131.12]) even if 5006 the reverse "PTR" mapping is broken. There's a better 5007 way to do this, but the change is fairly major and I 5008 want to hold it for another release. Problem noted by 5009 Bret Marquis. 5010 50118.5/8.5 93/07/23 5012 Serious bug: if you used a command line recipient that was unknown 5013 sendmail would not send a return message (it was treating 5014 everything as though it had an SMTP-style client that 5015 would do the return itself). Problem noted by Josh Smith. 5016 Change "trymx" option in getcanonname() to ignore all MX data, 5017 even during a T_ANY query. This actually didn't break 5018 anything, because the only time you called getcanonname 5019 with !trymx was if you already knew there were no MX 5020 records, but it is somewhat cleaner. From Motonori 5021 Nakamura. 5022 Don't call getcanonname from getmxrr if you already know there 5023 are no DNS records matching the name. 5024 Fix a problem causing error messages to always include "The 5025 original message was received ... from localhost". 5026 The correct original host information is now included. 5027 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their 5028 version of "test" doesn't have the -x flag). Change it 5029 to use -f instead. From John Myers. 5030 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to 5031 esmtp -- it should be smtp. 5032 CONFIG: send all relayed mail using confRELAY_MAILER (defaults 5033 to "relay" (a variant of "smtp") if MAILER(smtp) is used, 5034 else "suucp" if MAILER(uucp) is used, else "unknown"); 5035 this cleans up the configs somewhat. This fixes a serious 5036 problem that caused route-addrs to get mistaken as relays, 5037 pointed out by John Myers. WARNING: this also causes 5038 the default on SMART_HOST to change from "suucp" to 5039 "relay" if you have MAILER(smtp) specified. 5040 50418.4/8.4 93/07/22 5042 Add option `w'. If you receive a message that comes to you because 5043 you are the best (lowest preference) target of an MX, and 5044 you haven't explicitly recognized the source MX host in 5045 your .cf file, this option will cause you to try the target 5046 host directly (as if there were no MX for it at all). If 5047 `w' is not set, this case is a configuration error. 5048 Beware: if `w' is set, senders may get bogus errors like 5049 "message timed out" or "host unknown" for problems that 5050 are really configuration errors. This option is 5051 disrecommended, provided only for compatibility with 5052 UIUC sendmail. 5053 Fix a problem that caused the incoming socket to be left open 5054 when sendmail forks after the DATA command. This caused 5055 calling systems to wait in FIN_WAIT_2 state until the 5056 entire list was processed and the child closed -- a 5057 potentially prodigious amount of time. Problem noted 5058 by Neil Rickert. 5059 Fix problem (created in 6.64) that caused mail sent to multiple 5060 addresses, one of which was a bad address, to completely 5061 suppress the sending of the message. This changes 5062 handling of EF_FATALERRS somewhat, and adds an 5063 EF_GLOBALERRS flag. This also fixes a potential problem 5064 with duplicate error messages if there is a syntax error 5065 in the header of a message that isn't noticed until late 5066 in processing. Original problem pointed out by Josh Smith 5067 of Harvey Mudd College. This release includes quite a bit 5068 of dickering with error handling (see below). 5069 Back out SMTP transaction if MAIL gets nested 501 error. This 5070 will only hurt already-broken software and should help 5071 humans. 5072 Fix a problem that broke aliases when neither NDBM nor NEWDB were 5073 compiled in. It would never read the alias file. 5074 Repair unbalanced `)' and `>' (the "open" versions are already 5075 repaired). 5076 Logging of "done" in dropenvelope() was incorrect: it would 5077 log this even when the queue file still existed. Change 5078 this to only log "done" (at log level 11) when the 5079 queue file is actually removed. From John Myers. 5080 Log "lost connection" in server SMTP at log level 20 if there 5081 is no pending transaction. Some senders just close the 5082 connection rather than sending QUIT. 5083 Fix a bug causing getmxrr to add a dot to the end of unqualified 5084 domains that do not have MX records -- this would cause 5085 the subsequent host name lookup to fail. The problem 5086 only occurred if you had FEATURE(nocanonify) set. 5087 Problem noted by Rick McCarty of Texas Instruments. 5088 Fix invocation of setvbuf when passed a -X flag -- I had 5089 unwittingly used an ANSI C extension, and this caused 5090 core dumps on some machines. 5091 Diagnose self-destructive alias loops on RCPT as well as EXPN. 5092 Previously it just gave an empty send queue, which 5093 then gave either "Need RCPT (recipient)" at the DATA 5094 (confusing, since you had given an RCPT command which 5095 returned 250) or just dropped the email, depending on 5096 whether you were running VERBose mode. Now it usually 5097 diagnoses this case as "aliasing/forwarding loop broken". 5098 Unfortunately, it still doesn't adequately diagnose 5099 some true error conditions. 5100 Add internal concept of "warning messages" using 6xx codes. 5101 These are not reported only to Postmaster. Unbalanced 5102 parens, brackets, and quotes are printed as 653 codes. 5103 They are always mapped to 5xx codes before use in SMTP. 5104 Clean up error messages to tell both the actual address that 5105 failed and the alias they arose from. This makes it 5106 somewhat easier to diagnose problems. Difficulty noted 5107 by Motonori Nakamura. 5108 Fix a problem that inappropriately added a ctladdr to addresses 5109 that shouldn't have had one during a queue run. This 5110 caused error messages to be handled differently during 5111 a queue run than a direct run. 5112 Don't print the qf name and line number if you get errors during 5113 the direct run of the queue from srvrsmtp -- this was 5114 just extra stuff for users to crawl through. 5115 Put command line flags on second line of pid file so you can 5116 auto-restart the daemon with all appropriate arguments. 5117 Use "kill `head -1 /etc/sendmail.pid`" to stop the 5118 daemon, and "eval `tail -1 /etc/sendmail.pid`" to 5119 restart it. 5120 Remove the ``setuid(getuid())'' in main -- this caused the 5121 IDENT daemon to screw up. This required that I change 5122 HASSETEUID to HASSETREUID and complicate the mode 5123 changing somewhat because both Ultrix and SunOS seem 5124 to have a bug causing seteuid() to set the saved uid 5125 as well as the effective. The program test/t_setreuid.c 5126 will test to see if your implementation of setreuid(2) 5127 is appropriately functional. 5128 The FallBackMX (option V) handling failed to properly identify 5129 fallback to yourself -- most of the code was there, 5130 but it wasn't being enabled. Problem noted by Murray 5131 Kucherawy of the University of Waterloo. 5132 Change :include: open timeout from ETIMEDOUT to an internal 5133 code EOPENTIMEOUT; this avoids adding "during SmtpPhase 5134 with CurHostName" in error messages, which can be 5135 confusing. Reported by Jonathan Kamens of OpenVision 5136 Technologies. 5137 Back out setpgrp (setpgid on POSIX systems) call to reset the 5138 process group id. The original fix was to get around 5139 some problems with recalcitrant MUAs, but it breaks 5140 any call from a shell that creates a process group id 5141 different from the process id. I could try to fix 5142 this by diddling the tty owner (using tcsetpgrp or 5143 equivalent) but this is too likely to break other 5144 things. 5145 Portability changes: 5146 Support -M as equivalent to -oM on Ultrix -- apparently 5147 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs 5148 instead of using standard flags. Oh joy. This 5149 behaviour reported by Jon Giltner of University 5150 of Colorado. 5151 SGI IRIX -- this includes several changes that should 5152 help other strict ANSI compilers. 5153 SCO Unix -- from Murray Kucherawy of HookUp Communication 5154 Corporation. 5155 Solaris running the Sun C compiler (which despite the 5156 documentation apparently doesn't define 5157 __STDC__ by default). 5158 ConvexOS from Eric Schnoebelen of Convex. 5159 Sony NEWS workstations and Omron LUNA workstations from 5160 Motonori Nakamura. 5161 CONFIG: add confTRY_NULL_MX_LIST to set option `w'. 5162 CONFIG: delete `C' and `e' from default SMTP mailers flags; 5163 several people have made a good argument that this 5164 creates more problems than it solves (although this 5165 may prove painful in the short run). 5166 CONFIG: generalize all the relays to accept a "mailer:host" 5167 format. 5168 CONFIG: move local processing in ruleset 0 into a new ruleset 5169 98 (8 on old sendmail). Domain literal [a.b.c.d] 5170 addresses are also passed through this ruleset. 5171 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, 5172 internet-style addresses would "fall off the end" of 5173 ruleset zero and be interpreted as local -- however, 5174 the angle brackets confused the recursive call. 5175 These are now diagnosed as "Unrecognized host name". 5176 CONFIG: USENET rules weren't included in S0 because of a mistaken 5177 ifdef(`_MAILER_USENET_') instead of 5178 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik 5179 of SINTEF RUNIT, Oslo. 5180 CONFIG: move up LOCAL_RULE_0 processing so that it happens very 5181 early in ruleset 0; this allows .mc authors to bypass 5182 things like the "short circuit" code for local addresses. 5183 Prompted by a comment by Bill Wisner of The Well. 5184 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or 5185 esmtp) to send SMTP mail. This allows you to default 5186 to esmtp but use a mailertable or other override to 5187 deal with broken servers. This logic was pointed out 5188 to me by Bill Wisner. Ditto for confLOCAL_MAILER. 5189 Changes to cf/sh/makeinfo.sh to make it portable to SVR4 5190 environments. Ugly as sin. 5191 51928.3/8.3 93/07/13 5193 Fix setuid problems introduced in 8.2 that caused messages 5194 like "Cannot create qfXXXXXX: Invalid argument" 5195 or "Cannot reopen dfXXXXXX: Permission denied". This 5196 involved a new compile flag "HASSETEUID" that takes 5197 the place of the old _POSIX_SAVED_IDS -- it turns out 5198 that the POSIX interface is broken enough to break 5199 some systems badly. This includes some fixes for 5200 HP-UX. Also fixes problems where the real uid is 5201 not reset properly on startup (from Neil Rickert). 5202 Fix a problem that caused timed out messages to not report the 5203 addresses that timed out. Error messages are also more 5204 "user friendly". 5205 Drop required bandwidth on connections from 64 bytes/sec to 5206 16 bytes/sec. 5207 Further Solaris portability changes -- doesn't require the BSD 5208 compatibility library. This also adds a new 5209 "HASGETDTABLESIZE" compile flag which can be used if 5210 you want to use getdtablesize(2) instead of sysconf(2). 5211 These are loosely based on changes from David Meyer at 5212 University of Oregon. This now seems to work, at least 5213 for quick test cases. 5214 Fix a problem that can cause duplicate error messages to be 5215 sent if you are in SMTP, you send to multiple addresses, 5216 and at least one of those addresses is good and points 5217 to an account that has a .forward file (whew!). 5218 Fix a problem causing messages to be discarded if checkcompat() 5219 returned EX_TEMPFAIL (because it didn't properly mark 5220 the "to" address). Problem noted by John Myers. 5221 Fix dfopen to return NULL if the open failed; I was depending 5222 on fdopen(-1) returning NULL, which isn't the case. This 5223 isn't serious, but does result in weird error diagnoses. 5224 From Michael Corrigan. 5225 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of 5226 messages sent through UUCP-family mailers. Suggested 5227 by Bill Wisner of The Well. 5228 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, 5229 include a "uucp-dom" mailer that uses domain-style 5230 addressing. Suggested by Bill Wisner. 5231 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match 5232 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by 5233 Christophe Wolfhugel. 5234 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 5235 52368.2/8.2 93/07/11 5237 Don't drop out on config file parse errors in -bt mode. 5238 On older configuration files, assume option "l" (use Errors-To 5239 header) for back compatibility. NOTE: this DOES NOT 5240 imply an endorsement of the Errors-To: header in any way. 5241 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? 5242 Don't log errors on EHLO -- it isn't a "real" error for an old 5243 SMTP server to give an error on this command, and 5244 logging it in the transcript can be confusing. Fix 5245 from Bill Wisner. 5246 IRIX compatibility changes provided by Dan Rich 5247 <drich@sandman.lerc.nasa.gov>. 5248 Solaris 2 compatibility changes. Provided by Bob Cunningham 5249 <bob@kahala.soest.hawaii.edu>, John Oleynick 5250 <juo@klinzhai.rutgers.edu> 5251 Debugging: -d17 was overloaded (hostsignature and usersmtp.c); 5252 move usersmtp (smtpinit and smtpmailfrom) to -d18 to 5253 match the other flags in that file. 5254 Flush transcript before fork in mailfile(). From Eric Wassenaar. 5255 Save h_errno in mci struct and improve error message display. 5256 Changes from Eric Wassenaar. 5257 Open /dev/null for the transcript if the create of the xf file 5258 failed; this avoids at least one possible null pointer 5259 reference in very weird cases. From Eric Wassenaar. 5260 Clean up statistics gathering; it was over-reporting because of 5261 forks. From Eric Wassenaar. 5262 Fix problem that causes old Return-Path: line to override new 5263 Return-Path: line (conf.c needs H_FORCE to avoid 5264 re-using old value). From Motonori Nakamura. 5265 Fix broken -m flag in K definition -- even if -m (match only) 5266 was specified, it would still replace the key with the 5267 value. Noted by Rick McCarty of Texas Instruments. 5268 If the name server timed out over several days, no "timed out" 5269 message would ever be sent back. The timeout code 5270 has been moved from markfailure() to dropenvelope() 5271 so that all such failures should be diagnosed. Pointed 5272 out by Christophe Wolfhugel and others. 5273 Relax safefile() constraints: directories in an include or 5274 forward path must be readable by self if the controlling 5275 user owns the entry, readable by all otherwise (e.g., 5276 when reading your .forward file, you have to own and 5277 have X permission in it; everyone needs X permission in 5278 the root and directories leading up to your home); 5279 include files must be readable by anyone, but need not 5280 be owned by you. 5281 If _POSIX_SAVED_IDS is defined, setuid to the owner before 5282 reading a .forward file; this gets around some problems 5283 on NFS mounts if root permission is not exported and 5284 the user's home directory isn't x'able. 5285 Additional NeXT portability enhancements from Axel Zinser. 5286 Additional HP-UX portability enhancements from Brian Bullen. 5287 Add a timeout around SMTP message writes; this assumes you can 5288 get throughput of at least 64 bytes/second. Note that 5289 this does not impact the "datafinal" default, which 5290 is separate; this is just intended to work around 5291 network clogs that will occur before the final dot 5292 is sent. From Eric Wassenaar. 5293 Change map code to set the "include null" flag adaptively -- 5294 it initially tries both, but if it finds anything 5295 matching without a null it never tries again with a 5296 null and vice versa. If -N is specified, it never 5297 tries without the null and creates new maps with a 5298 null byte. If -O is specified, it never tries with 5299 the null (for efficiency). If -N and -O are specified, 5300 you get -NO (get it?) lookup at all, so this would 5301 be a bad idea. If you don't specify either -N or -O, 5302 it adapts. 5303 Fix recognition of "same from address" so that MH submissions 5304 will insert the appropriate full name information; 5305 this used to work and got broken somewhere along the 5306 way. 5307 Some changes to eliminate some unnecessary SYSERRs in the 5308 log. For example, if you lost a connection, don't 5309 bother reporting that fact on the connection you lost. 5310 Add some "extended debugging" flags to try to track down 5311 why we get occasional problems with file descriptor 5312 one being closed when execing a mailer; it seems to 5313 only happen when there has been another error in the 5314 same transaction. This requires XDEBUG, defined 5315 by default in conf.h. 5316 Add "-X filename" command line flag, which logs both sides of 5317 all SMTP transactions. This is intended ONLY for 5318 debugging bad implementations of other mailers; start 5319 it up, send a message from a mailer that is failing, 5320 and then kill it off and examine the indicated log. 5321 This output is not intended to be particularly human 5322 readable. This also adds the HASSETVBUF compile 5323 flag, defaulted on if your compiler defines __STDC__. 5324 CONFIG: change SMART_HOST to override an SMTP mailer. If you 5325 have a local net that should get direct connects, you 5326 will need to use LOCAL_NET_CONFIG to catch these hosts. 5327 See cf/README for an example. 5328 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle 5329 sites that don't use the -d flag. 5330 CONFIG: hide recipient addresses as well as sender addresses 5331 behind $M if FEATURE(allmasquerade) is specified; this 5332 has been requested by several people, but can break 5333 local aliases. For example, if you mail to "localalias" 5334 this will be rewritten as "localalias@masqueradehost"; 5335 although initial delivery will work, replies will be 5336 broken. Use it sparingly. 5337 CONFIG: add FEATURE(domaintable). This maps unqualified domains 5338 to qualified domains in headers. I believe this is 5339 largely equivalent to the IDA feature of the same name. 5340 CONFIG: use $U as UUCP name instead of $k. This permits you 5341 to override the "system name" as your UUCP name -- 5342 in particular, to use domain-ized UUCP names. From 5343 Bill Wisner of The Well. 5344 CONFIG: create new mailer "esmtp" that always tries EHLO 5345 first. This is currently unused in the config files, 5346 but could be used in a mailertable entry. 5347 53488.1C/8.1B 93/06/27 5349 Serious security bug fix: it was possible to read any file on 5350 the system, regardless of ownership and permissions. 5351 If a subroutine returns a fully qualified address, return it 5352 immediately instead of feeding it back into rewriting. 5353 This fixes a problem with mailertable lookups. 5354 CONFIG: fix some M4 frotz (concat => CONCAT) 5355 53568.1B/8.1A 93/06/12 5357 Serious bug fix: pattern matching backup algorithm stepped by 5358 two tokens in classes instead of one. Found by Claus 5359 Assmann at University of Kiel, Germany. 5360 53618.1A/8.1A 93/06/08 5362 Another mailertable fix.... 5363 53648.1/8.1 93/06/07 5365 4.4BSD freeze. No semantic changes. 5366 53676.65/6.34 93/06/06 5368 Fix some lintish problems. 5369 Fix some cases where server SMTP behaved poorly when handed bogus 5370 input, pointed out by Eric Wassenaar. 5371 CONFIG: fix some more (sigh) mailertable bugs -- thanks to 5372 Motonori Nakamura of Kyoto University (again). 5373 53746.64/6.33 93/06/05 5375 Don't send 050 (-v) information after the 250 response to a QUIT 5376 command in srvrsmtp -- clients usually close the connection 5377 at this point, and it causes bogus error messages. 5378 Don't send messages that have errors on input (such as unbalanced 5379 parentheses) during SMTP transactions, since a return 5380 message has (probably) already been sent. 5381 Give better diagnostics on timeouts during network reads, including 5382 information similar to the SMTP phase. 5383 Fix bug that caused SMTP messages to deliver synchronously; this 5384 happened after the DATA 250, and hence caused reading the 5385 next command to be delayed. 5386 Ignore Errors-To: header unless 'l' (lower case el) header is 5387 specified. The Errors-To: header violates RFC 1123. 5388 Errors-To: was only needed to take the place of the 5389 envelope sender in the days when most Unix mailers 5390 didn't understand about the two kinds of senders. 5391 Don't send warning messages in response to automatically generated 5392 messages (that is, those From:<>). 5393 CONFIG: fix some rather stupid typos in the mailertable code 5394 pointed out by Motonori Nakamura of Kyoto University. 5395 CONFIG: add confUSE_ERRORS_TO configuration option. 5396 CONFIG: if ALWAYS_ADD_DOMAIN is selected, try to use $M 5397 (masquerade name) instead of $j. 5398 CONFIG: don't add dots to relay names (added in 6.29); it breaks 5399 several things, and can be simulated by dot terminating 5400 the names of relays. For example, use: 5401 DBbit.net.relay. 5402 (note the trailing dot). 5403 54046.63/6.32 93/06/01 5405 Fix prototypes to eliminate chars in argument lists -- some 5406 compilers are pissy about this. 5407 Log protocol ($r) and body type if set so we can determine if 5408 the adaptive algorithms are working. 5409 Pessimize on locking of database files (particularly for NEWDB 5410 databases) during opens. There were problems with 5411 processes opening the file while it was rebuilt; since 5412 NEWDB caches heavily, the reader opened an empty file, 5413 which is an error. If your system has the ability to 5414 lock atomically on open, this works properly; otherwise, 5415 there are race conditions. 5416 Check mod time on .pag file instead of .dir in NDBM aliases 5417 because the .dir file doesn't get updated for small 5418 alias files. From John Gardiner Myers of CMU. 5419 More Solaris portability -- it now compiles on Solaris, but 5420 hangs up in gethostbyname(). 5421 Move setting of RES_DEBUG flag before first myhostname() call 5422 so we can see name server traffic on that call. 5423 Fsync() queue files. 5424 Fix a problem that causes -bi to try to rebuild maps other than 5425 the alias file(s). 5426 Fix a problem that caused udb to reject entries from any but 5427 the first database listed. 5428 Rearrange doc subdirectory for 4.4BSD release tape. 5429 CONFIG: put $r into the Received line. This was an oversight. 5430 CONFIG: fix typo (call to ruleset 99 should have been ruleset 90). 5431 CONFIG: move "auxiliary" subroutines to be in ruleset 90-99 5432 range -- in the long run, single digit rulesets may 5433 become reserved for builtin use by sendmail. 5434 CONFIG: fix major problem that causes host aliases (that is, 5435 anything in $=w != $j) to not be recognized. This has 5436 been around since 6.30. 5437 54386.62/6.31 93/05/28 5439 BETA RELEASE 5440 Fix recursive syserr (if there is an error printing a syserr 5441 message). This makes the code much less eager to consider 5442 a write error as serious. This also includes some 5443 heuristics to be clever about closed connections. 5444 Lock NEWDB files during gets. This requires version 1.5 or later 5445 of the db library. If you have an older version, you 5446 can use -DOLD_NEWDB. This will go away in a few weeks. 5447 Fix problem causing aliases that use host maps to get overwritten. 5448 Do appropriate byte swapping on port numbers in ident protocol 5449 code. Fix from Allan Johannesen of WPI. 5450 Defer opening of map files to the same time as alias files so that 5451 the daemon will tend to pick up new versions more promptly. 5452 Prototype a bunch more functions. 5453 Some Solaris 2.1 changes (still doesn't link though). 5454 Try to simplify Makefiles by including more subordinate #defines 5455 in conf.h (based on OS type). 5456 CONFIG: check for domains if FEATURE(mailertable) is defined. 5457 For example, if the host name is "knecht.cs.berkeley.edu" 5458 it will search the following mailertable keys: 5459 knecht.cs.berkeley.edu 5460 .cs.berkeley.edu 5461 .berkeley.edu 5462 .edu 5463 This could be used to replace the special relays for bitnet 5464 and similar nets. 5465 54666.61/6.30 93/05/24 5467 Fix problem that prevented appending dots on canonified host 5468 names. This breaks tons of config files -- very 5469 important fix. 5470 Fix improper pointer dereference in response to HELO command. 5471 Fix core dump if debugging set in map_rewrite. 5472 CONFIG: add FEATURE(always_add_domain) to always attach the 5473 local domain (only impacts local mail). 5474 CONFIG: try to avoid turning names into $j -- although 5475 technically a host can only have one "canonical name", 5476 it seems to be common practice to have several. 5477 54786.60/6.29 93/05/22 5479 Major change: merge alias databases with maps. This expands and 5480 changes the map class interface but fixes a bunch of bugs. 5481 The important user-visible change is that the file name 5482 in a K line now does not include the ".db" extension; this 5483 is added automatically. Also, the -d (NIS domain) flag is 5484 missing from the K config line; use @domain instead. 5485 When compiling, the *_MAP names are gone -- just compile 5486 in NDBM, NEWDB, and/or NIS support. 5487 Announce mailer/host/user triple on -bv flag -- from Brian 5488 Bullen of Stirling University. 5489 Don't send more than one line in response to HELO -- it confuses 5490 Pony Express, which then behaves very badly. However, 5491 this change does send two line 220 greetings, with the 5492 second line reading "ESMTP spoken here". The usersmtp 5493 module recognizes this and goes into ESMTP mode regardless 5494 of the setting of the "a" mailer flag. Thus, "a" means 5495 "always try EHLO". 5496 AIX portability changes (thanks to Christophe Wolfhugel of 5497 Herve Schauer Consultants (Paris) for providing me with 5498 an INSA account for this purpose). Lightly tested. Use 5499 -D_AIX3. This probably breaks compatibility with some 5500 older systems (e.g., 4.2bsd) but still works on SunOS 5501 4.1.2, Ultrix 4.2A, HP-UX 8.07, OSF/1 T1.3, and AIX 3.2.3. 5502 Fix a problem causing an error message loop if the output channel 5503 is hosed. 5504 Add the Makefiles that I use for various environments -- some are 5505 Berkeley make versions and some are old make versions. 5506 My makefile for the NeXT box has gotten lost, alas! 5507 PRALIASES: support for printing NEWDB databases. From 5508 Michael J. Corrigan of U.C. San Diego. 5509 CONFIG: don't pass pseudo-domains to $[ ... $] (if you have 5510 a wildcard MX it can have weird results). From 5511 Christophe Wolfhugel. 5512 CONFIG: dot terminate relay hostnames in S0. From Christophe 5513 Wolfhugel. 5514 55156.59/6.28 93/05/13 5516 Log version with SMTP daemon startup message. 5517 Adjust setproctitle to work on NetBSD and BSD/386. 5518 Fix null pointer reference in MX fallback code. 5519 A bunch of minor fixes from Eric Wassenaar: 5520 If deliver cannot execv the mailer, return EX_OSERR 5521 instead of EX_TEMPFAIL (to give better 5522 error messages). 5523 Consistently malloc e_message. 5524 Catch degenerate case of calling returntosender() 5525 with an empty returnq. 5526 MIME reformatting. 5527 55286.58/6.28 93/05/13 5529 Fix bug that can cause incorrect verbose display of user smtp 5530 messages. 5531 Disable SMTP VERB command if PRIV_NOEXPN is set (since this 5532 could reveal the same information. 5533 Allow failure when reading SMTP greeting message to go on to 5534 next MX host. 5535 Add "MIME-Version: 1.0" header if using MIME (this was NOT 5536 included in RFC 1344, but Bill King of Allan-Bradley 5537 Company forwarded me email from Nathaniel Borenstein 5538 claiming that it was an inadvertent omission). 5539 Don't use Content-Type: X-message-header. According to John 5540 Myers of CMU, many MIME readers will completely ignore 5541 the data if they don't recognize it. Instead, just 5542 add a blank line to make it a legal (empty) message. 5543 Fix problem causing dots to keep getting appended to cached 5544 hostnames. This can cause buffer overrun conditions. 5545 The problem was found by Erik Forsberg of Retix, 5546 although I used a different bug fix than he provided. 5547 Fix parsing of split header/envelope rewriting specs -- from 5548 Eric Forsberg. 5549 Fix from Eric Wassenaar to correct To: lists in error messages. 5550 55516.57/6.28 93/05/11 5552 Fix minor glitch causing extra ctladdrs to be output to queue 5553 file. Just an annoyance. 5554 Cache results of name server canonification lookups to avoid 5555 backed up queue runs. 5556 Major rewrite of alias.c: considerable cleanup, plus sample 5557 (untested) support for NIS aliases. The "A" option 5558 can now be a comma separated list (or be repeated) -- 5559 that is, you can have multiple alias databases. Each 5560 database can have the syntax ``class:file''; if no class 5561 is specified, the "implicit" class is assumed. Implicit 5562 searches through a list of compiled in types -- hash, 5563 dbm, nis, and stab. Alias files are searched in the 5564 order they are listed. For example: 5565 OAhash:/etc/aliases.local,/etc/aliases 5566 OAnis:mail.aliases@my.nis.domain 5567 first searches the hash database /etc/aliases.local, 5568 then the regular /etc/aliases database, then the NIS 5569 map "mail.aliases" in the NIS domain "my.nis.domain". 5570 If in Verbose mode (probably from VERB command) run SMTP job 5571 in foreground and don't do RCPT optimizations. 5572 Add udb :mailsender as equivalent to owner- for regular aliases. 5573 Delete option 8; add option 7 that means the opposite. That is, 5574 default to 8-bit mode; a special option is needed to 5575 force sendmail into 7 bit mode. 5576 Send error messages in encapsulated MIME format. 5577 New compile flag "NIS" that turns on NIS alias and NIS map 5578 support. 5579 Add "j" option to send error messages in MIME (RFC 1341) 5580 encapsulated message format per RFC 1344. The 5581 syntax is pretty ugly if you don't have MIME-aware 5582 user agents. 5583 Clean up message handling (for display in mailq output). 5584 New setproctitle implementation for 4.4bsd. 5585 Create files (such as ~/dead.letter) using mode FileMode (the 5586 F option value) instead of 0666. 5587 Fix bug causing output of EXPN command to not be fully qualified. 5588 This may cause some problems with UUCP addresses that 5589 will require some config file assistance -- specifically, 5590 the $: part has to include the host name for this output 5591 to make sense. 5592 Fix a problem that sometimes diagnosed errors and still sent the 5593 message if the header syntax was bad. 5594 Fix a bug that caused an error message to be emailed when sendmail 5595 was operating in -bv mode. 5596 Add "ListenQueueSize" keyword to daemon options option (OO) to 5597 set the queue size parameter passed to listen(). You 5598 will normally have to tweak your kernel to up this. 5599 Strip spaces off of beginning of message-id before logging (in 5600 case it was folded across lines). 5601 Tweak compile flags in daemon.c -- there were some cases where 5602 it wouldn't work without NETINET. 5603 Change *file* mailer to output all the usual default headers 5604 (From, Date, Message-Id). It gets used when sending 5605 back error messages. 5606 CONFIG: explicitly catch and diagnose list:; syntax in ruleset 5607 zero -- this is not a valid recipient syntax according 5608 to RFC 821. 5609 CONFIG: add confMIME_FORMAT_ERRORS to send error messages in 5610 MIME format. Defaults to on. 5611 CONFIG: add SMTP_MAILER_FLAGS and UUCP_MAILER_FLAGS to augment 5612 the flags for those mailers. 5613 56146.56/6.27 93/05/01 5615 Fix problem that causes the fallback mail to postmaster 5616 (case ESM_POSTMASTER in savemail()) to not look at 5617 aliases (ugh). 5618 Some more HPUX tweaking (compile flag hpux => __hpux so it 5619 still works in ANSI mode). 5620 Don't try to flock non-regular files when mailing to a file. 5621 In particular, this was a problem if you tried to 5622 send to /dev/null. 5623 Fix a weird bug that can cause senders to be queued as 5624 recipients if the name server is down when the mail 5625 is initially sent. This hack just ignores sender 5626 deletion (essentially, it sets the MeToo flag) if there 5627 is a TEMPFAIL during processing of the sender address. 5628 Obscure. 5629 Fix a dangling else problem -- from Brian Bullen from University 5630 of Stirling, UK. 5631 Add the "b" mailer flag to force a blank line on the end of 5632 messages. Some brilliant versions of /bin/mail insist 5633 on this but do not add it themselves. 5634 Add the "g" mailer flag to prevent user SMTP from sending 5635 "MAIL From:<>". This is only intended to be a 5636 transitional gesture, and should not be used if at 5637 all possible. It appears that Berkeley and IDA 5638 config files have always handled this properly; the 5639 UK config kit apparently does not. 5640 Don't lowercase and then capitalize header field names -- leave 5641 them with original capitalization. Fixes from Bill 5642 King of Allen-Bradley Company. 5643 Further cleanup and improved reporting of error messages, 5644 particularly conditions that cause messages to be 5645 requeued for future delivery. 5646 Tweak syslog priorities in some cases. 5647 CONFIG: clean up route-addr on UUCP addresses. 5648 56496.55/6.25 93/04/27 5650 HPUX 8.07 compatibility changes in getla() -- I had to make 5651 these changes to get it to work at Berkeley, although 5652 others seem to have been working before (???). 5653 Various patches to XLA code. 5654 Fix problem that causes setuid bit on files to be ignored from 5655 SMTP or in queue runs. Problem noted by Jason Ornstein 5656 of Under The Wire, Inc. 5657 Fix problem that can cause CNAMEs to be ignored. 5658 Generalize getmxrr to match local host in $=w instead of a 5659 single name passed in. 5660 Some cleanup from Eric Wassenaar: 5661 Use FileMailer instead of ProgMailer in two places. 5662 Eliminate duplicate 8th-bit stripping in commaize. 5663 Fix a problem with mis-parsing of backslash escapes 5664 under some circumstances. 5665 NIS map fix (was always including trailing null character) 5666 from Mike Glendinning of Ingres UK. 5667 Add "a" mailer flag to try using ESMTP. It tries the EHLO 5668 command and if that fails falls back to regular SMTP. 5669 Also parses EHLO option keywords. If host supports 5670 SIZE extension, this is added to the MAIL FROM: 5671 command. 5672 Extend "b" option to include a second value which is the 5673 maximum message size this server is willing to accept. 5674 For example, a value of "10/1000000" says that there 5675 must be ten blocks free, and sendmail will reject 5676 any message larger than one megabyte. 5677 Some portability hooks for NeXT (this could be applicable 5678 to Mach in general). You have to create an empty 5679 file called "unistd.h" to get it to compile. 5680 Adjust config values (MAXLINE, MAXATOM, and PSBUFSIZE) to 5681 be more generous. 5682 Add X400-Received: to the list of headers tagged with H_TRACE 5683 in conf.c. From Bill King, Allen-Bradley Co. 5684 56856.54/6.25 93/04/19 5686 Fix problem that caused redefinition of SMTP and QUEUE compile 5687 flags. Pointed out by Jon Forrest of the Sequoia 2000 5688 project at Berkeley. 5689 Properly handle \! hack -- it was treating host\!user as one 5690 token (host!user) instead of three (host, !, user). 5691 Fix from Eric Wassenaar of NIKHEF-H. 5692 Fix compilation problem in getauthinfo() if IDENTPROTO is off. 5693 Turn off DEFNAMES and DNSRCH when getting the hostsignature 5694 (i.e., MX records) in level 1 configuration files; this 5695 matches the old behaviour. From Motonori Nakamura of 5696 Kyoto University. 5697 Improve error message printing -- if sent through an alias, 5698 error messages include the name of the alias in the 5699 message. Unfortunately, in order to make this work 5700 properly in queue runs, this changes the format of the 5701 C line in the qf file. The relatively uselessness of 5702 the previous information was pointed out to me by 5703 Allan E Johannesen of WPI. 5704 Add XLA compile flag to add hooks to Christophe Wolfhugel's 5705 extended load average code. This is still in very early 5706 form. For information regarding the guts of the xla 5707 code, contact Christophe.Wolfhugel@grasp.insa-lyon.fr. 5708 Additional hooks for detecting tempfails in rewriting rules 5709 (that is, in map lookups). 5710 57116.53/6.25 93/04/15 5712 Properly diagnose ruleset zero returning null (instead of a mailer 5713 triple). From Motonori Nakamura of Kyoto University. 5714 More generalization of socket code for other protocols. 5715 Shorten timeouts on reverse name lookups -- since they are done 5716 during connection establishment, long timeouts here can 5717 cause higher level timeouts. This mainly serves to accept 5718 mail from hosts that do not have proper reverse (PTR) DNS 5719 records set up. 5720 Reset e_statmsg before each mailer invocation to avoid bogus 5721 messages in the log. 5722 Redefine $r, $s, and $_ in error envelopes so you don't get 5723 incorrect cruft in the error message. Problem noted by 5724 Motonori Nakamura of Kyoto University. 5725 Fix a problem that can cause failure to return errors to Postmaster 5726 in certain cases. From Motonori Nakamura. 5727 Fix a problem that can cause some systems to give duplicate error 5728 messages when a bad syntax address such as "<a" is presented 5729 to an SMTP server. It doesn't seem to occur on all 5730 machines. From Motonori Nakamura. 5731 Default IDENTPROTO off for Ultrix and HPUX, which apparently have 5732 the interesting "feature" that when they receive a "Host 5733 unreachable" message they closes all open connections to 5734 that host. However, some firewall gateways send this message 5735 if you try to connect to an unauthorized port, such as the 5736 IDENT port (113). Thus, no email can be received from such 5737 hosts. There is some evidence that versions of Ultrix before 5738 4.3 do not have this problem. Thanks to Tom Ivar Helbekkmo 5739 for pointing out this behaviour to me and to Michael Corrigan 5740 of U.C. San Diego for informing me about the HPUX problem. 5741 Allow IPC mailers to return a colon-separated list of hosts in the 5742 $@ clause; these are searched in order as though they were 5743 MX records. 5744 When sending an error report, print the list of addresses tagged 5745 as bad. Requested by Allan E Johannesen of WPI. 5746 Change map function calls to return a status code. This gets 5747 passed back as the result of rewrite. Parseaddr marks 5748 the address as a QUEUEUP address if the return code is 5749 EX_TEMPFAIL. All this to queue properly if the name 5750 server is down. This code is not well tested. This code 5751 changes the interface to map lookup functions (a fifth 5752 parameter, int *statp, is added). Feature requested by 5753 Dan Oscarsson. 5754 Don't delete quotes (in the dequote map) if there are spaces in 5755 the string, since this would cause them to be replaced by 5756 the SpaceSub character. 5757 Accept BODY=8BITMIME on SMTP MAIL command. This isn't advertised 5758 because the 8BIT to 7BIT translation doesn't exist yet. 5759 This does add a "bodytype" field to both envelope and 5760 queue file and a -B command line flag to pass the type in 5761 during direct invocations. 5762 Discard return error messages only on responses to responses to 5763 responses, not on responses to responses. That is, the 5764 algorithm is to try return to sender, then return to 5765 postmaster, then discard. Previously it discarded 5766 immediately if the return to sender pass failed. 5767 CONFIG: back out change to hide unqualified hostnames behind %-hack. 5768 This screws up local aliases and .forward files. 5769 CONFIG: add FEATURE(nocanonify) to turn off calls to $[ ... $]; 5770 some sites only handle completely canonified names. 5771 Requested by John Gardiner Myers of CMU. 5772 CONFIG: some UUCP code was still included even if FEATURE(nouucp) 5773 was specified. 5774 57756.52/6.24 93/04/10 5776 Clean up some minor glitches on error return messages pointed out 5777 by Motonori Nakamura of Kyoto University. 5778 Fix reply() to not reset SmtpReplyBuffer on fatal errors; this 5779 was supposed to reset SmtpMsg Buffer. This makes the 5780 client side code virtually useless. Reported by Allan 5781 E Johannesen of WPI and Phil Brandenberger of Swarthmore. 5782 Better debug messages if fuzzy is disabled, suggested by Allan 5783 E Johannesen of WPI. 5784 Offset SmtpReplyBuffer by four in usersmtp when checking for 5785 loopback. From Eric Wassenaar. 5786 Don't set $s until after runinchild in srvrsmtp -- otherwise 5787 it gets cleared. From Eric Wassenaar. 5788 Implement IDA-style $&x for deferred macro expansion. 5789 More POSIX compatibility. 5790 CONFIG: Hide unqualified hostnames behind %-hack using $s as the 5791 actual sender. This is only done if $r is non-null, that 5792 is, if this is not locally submitted mail. 5793 CONFIG: Add FEATURE(bitdomain) allowing mapping of BITNET host 5794 names to internet domains. A program contributed by 5795 John Gardiner Myers of CMU to create the maps is included 5796 in the contrib directory (in the "misc" tar file). 5797 CONFIG: Add FEATURE(uucpdomain) for a similar mapping for UUCP 5798 hosts. There is currently no tool to create this map. 5799 58006.51/6.23 93/04/04 5801 Add D= mailer flag to specify a path of possible working directories 5802 in which to execute the mailer. This is intended for the 5803 prog mailer; some shells can get upset if they don't have 5804 access to the current directory. 5805 Add RFC 1413 (IDENT) protocol support. This is only very loosely 5806 tested. This adds a $_ macro to be the authenticated 5807 info (in ``user@domain [address]'' form) and debug flag 5808 9 to trace the protocol. 5809 Check for loopbacks in usersmtp instead of srvrsmtp -- there is no 5810 reason for a local agent to not be talking to the localhost 5811 (although the inverse is not true). 5812 Add a few hooks for automated map rebuilding. This is certainly 5813 not done yet. 5814 CONFIG: Have prog mailer specify a path of ``D=$z:/'' -- that is, 5815 user's home directory then the root. 5816 CONFIG: Log RFC 1413 identification in Received: line. 5817 58186.50/6.22 93/04/01 5819 Fixes to requeueing code to make it compute priority, nrcpts, 5820 and the like properly. 5821 58226.49/6.22 93/04/01 5823 Diagnose incorrect privacy flags. Suggested by Bryan Costales 5824 of ICSI. 5825 Some ANSI C fixes. 5826 Arrange to quote backslashes as well as other special characters 5827 in the phrase part of a route-addr. 5828 Some fixes to FallBackMX code suggested by Motonori Nakamura of 5829 Kyoto University. 5830 More vigorous zeroing of CurHostAddr to avoid logging of bogus 5831 host addresses when you are actually just printing 5832 information from the MCI structure; problem noted by 5833 Michael Corrigan of U.C. San Diego. 5834 Don't ignore rest of queue if any job is not runnable. This can 5835 also cause an incorrect job to be lost. Fix from 5836 Eric Wassenaar. 5837 Always respond "quickly" to RCPT command; do alias expansion and 5838 the like later. This also means that mail for lists that 5839 have errors will be accepted, and an error sent back 5840 later. This is done by instantiating the queue file 5841 and then immediately running and requeueing it. 5842 58436.48/6.22 93/03/30 5844 Fix incorrect diagnosis of infinite loop in ruleset. Problem noted 5845 by several people. 5846 Improve information printed when infinite loops are discovered. 5847 Zero CurHostAddr to fix erroneous internet addresses in log when no 5848 addresses can be bound. Pointed out by Motonori Nakamura 5849 of Kyoto University. 5850 "Probe" SMTP connections using RSET instead of NOOP "just in case". 5851 Suggested by John Gardiner Myers of CMU. 5852 Don't warn about -f if you are setting sender to yourself. 5853 58546.47/6.22 93/03/29 5855 Fix incompatible call to endmailer in smtpquit which causes core 5856 dumps. Noted by Allan E Johannesen of WPI. 5857 HPUX portability changes from Michael J. Corrigan of UC San Diego. 5858 Require MAIL before RCPT command in srvrsmtp.c. This had been 5859 intentional from the 821 draft days when the order wasn't 5860 clear, but is silly now. 5861 Fix bug in nis_magic routine that was initializing parameters 5862 incorrectly. Fix from Takahiro Kanbe of Fuji Xerox 5863 Information Systems Co., Ltd. 5864 Change default for PrivacyFlags in conf.c to 0 -- since it always 5865 "or"s in new values, there was no way to turn off the 5866 AuthWarning stuff. 5867 Add O option to set SMTP daemon options. 5868 Add V option to set fallback MX host. This always sorts at lower 5869 priority than anything it gets from the name server. It 5870 should only be used for environments with very bad network 5871 connectivity. Requested by several people. 5872 Log sending info. It's not clear this is a good idea. 5873 CONFIG: fix typo in mailertable code. Noted by Phil Brandenberger 5874 of Swarthmore. 5875 CONFIG: add confDAEMON_OPTIONS and confFALLBACK_MX to set options 5876 O and V, respectively. 5877 58786.46/6.21 93/03/26 5879 Fix botch in server SMTP that broke transactions that did not 5880 use HELO first (like MH). Fix from Michael Corrigan 5881 of U.C. San Diego. 5882 Fall back to other MX records if there is an error anywhere 5883 in delivery (actually on MAIL or DATA -- RCPT is harder). 5884 Suggested by John Gardiner Myers and Motonori Nakamura. 5885 Revert to non-prototypes -- it turns out that our ANSI C 5886 compiler is more forgiving than most others about 5887 mixing prototyped extern declarations with non-prototyped 5888 function definitions. 5889 Fix a problem with multi-word class matching pointed out by 5890 Neil Rickert. Given: 5891 CX b a.b.c 5892 R$+ $=X $+ $: $1 < $2 > $3 5893 the input "user@a.b.c" failed instead of being properly 5894 rewritten as "user@a.<b>.c". 5895 Neil also convinced me that it was correct that $~ should match 5896 only one token -- the problem is that it's always possible 5897 to add another token, so $~ matches far too eagerly. 5898 58996.45/6.21 93/03/25 5900 Implement multi-word classes (properly!). 5901 59026.44/6.21 93/03/25 5903 Add X-Authentication-Warning: headers to clue users into possible 5904 attempts to forge mail. This is on the authwarnings 5905 privacy flag, but is the default. Suggested by Bryan 5906 Costales of ICSI. 5907 Pass default units for convtime in so they can be more reasonable. 5908 Allow config files to always add a new Comments: header (i.e., 5909 they will be added even if an old one already exists). 5910 Suggested by Bryan Costales of ICSI. 5911 Allow config files to delete an existing Return-Path: header. 5912 These should only be added at final delivery. Suggested 5913 by Bryan Costales of ICSI. 5914 Some debugging additions. Suggested by Bryan Costales of ICSI. 5915 Clean up logging of Family 0 addresses. Noted by David Muir 5916 Sharnoff and others. 5917 Add a "dequote" map class. This allows config files to strip 5918 quotes off of addresses. Note that this is not a builtin 5919 map, just a class -- so you have to define the map 5920 using the K line. 5921 Fix a bug in the queueup() loop getting a locked tf where in 5922 very odd cases it can fall off the bottom and core dump. 5923 Of course, it was P{r Emanuelsson who found it.... 5924 Open a new transcript when splitting an envelope. Problem found 5925 by Allan E Johannesen of WPI. 5926 Improved error output in endmailer if the mailer core dumps. 5927 CONFIG: Fix typo in UUCP mailer definition. 5928 CONFIG: Default several of the new options on: eight bit input, 5929 privacy flags set to "authwarnings", and message warning 5930 set to 4h. 5931 CONFIG: Use dequote map. 5932 59336.43/6.20 93/03/23 5934 Fix problem with assumption of an sa_len field in a generic 5935 sockaddr -- it turns out that most vendors haven't 5936 picked up this (very important) fix. 5937 Change compilation flags for daemon code -- select one or both 5938 of NETINET or NETISO, but don't ever set DAEMON manually. 5939 CONFIG: add FEATURE(mailertable) to do IDA-style mailertables. 5940 59416.42/6.19 93/03/19 5942 Use Postmaster as default fallback return address, not root. 5943 POSIX changes for file descriptor handling. 5944 Diagnose errors writing new queue file. 5945 If you change the owner using an owner- alias, also change the 5946 error mode to EM_MAIL so that errors don't get dropped 5947 into an inappropriate directory. Problem noted by 5948 Allan E Johannesen of WPI. 5949 If you are su'ed to root, send email as who you really are, not 5950 as root. From Brian Kantor of U.C. San Diego. 5951 Allow warning messages to be sent after a configurable interval 5952 has passed without delivery. The message is sent only 5953 once per envelope. This changes the format of the qf 5954 file to have an F line, and the format of the T option 5955 to accept take the format "return/warn" (both intervals). 5956 Don't force all local names to lower case -- this was left over 5957 from the weird handling of case mapping on aliases. It 5958 is now driven (as expected) by the "u" mailer flag. 5959 Problem noted by P{r Emanuelsson. 5960 Fix problem that caused headers on returned email to be trashed; 5961 they were getting freed, but are still accessible via 5962 BlankEnvelope. 5963 Fix problem that caused bogus ids to be created on returned 5964 mail. 5965 Add support for ISO and other non-INET networking. This is by 5966 no means finished yet. This does assume a lot of other 5967 system support, like a version of gethostbyname that 5968 returns non-AF_INET addresses. 5969 CONFIG: change default on prog mailer to keep upper case in 5970 user names (i.e., in the program command line). 5971 CONFIG: strip trailing dots off of hosts in uucp mailer before 5972 convert to bang format. 5973 CONFIG: create new "relay" mailer for $R (LOCAL_RELAY) and $H 5974 (MAIL_HUB) delivery that doesn't add local domain. Note 5975 that this violates 821, but is probably "more correct" 5976 for what we are trying to do. Problem pointed out by 5977 Michael Graff of Iowa State. 5978 59796.41/6.18 93/03/18 5980 Clean up unnecessary creates of queue ids (i.e., empty qf files) 5981 when not needed, such as when starting up an SMTP 5982 connection. 5983 Fix problem where split envelopes aren't instantiated in the queue. 5984 This is quite a serious bug. 5985 Owner- aliases had problems with leading spaces causing a 5986 premature delimitation. 5987 59886.40/6.18 93/03/18 5989 Have ending 250 (after DATA) include the id; suggested by 5990 Brian Kantor of UC San Diego. 5991 Add logging on envelope splitting. 5992 Change queue ids to have one more letter encoding the hour of 5993 the day so that during a single day there is a greater 5994 likelihood of uniqueness; requested by Brian Kantor. 5995 59966.39/6.18 93/03/18 5997 Fix minor compile problem if LOCKF is defined. 5998 Define size of tobuf in conf.h. Observed by Toshinari Takahashi 5999 of Toshiba. 6000 Restore e_sender -- this is equivalent to e_from.q_paddr without 6001 decorations such as angle brackets and comments. 6002 OSF/1 on Alpha changes from Allan E Johannesen of WPI. 6003 CONFIG: fix typo in S3 for list syntax (;: => :;). Thanks to 6004 Christopher Hoover for noting the problem. 6005 60066.38/6.17 93/03/17 6007 Pass envelope to disconnect to avoid another use of CurEnv, which 6008 can apparently end up being null at inopportune times. 6009 Log "received from" as "relay=" for consistency (suggested by 6010 John Gardiner Myers). 6011 Fix major bug in header handling: if no From: line existed in 6012 the header (so sendmail inserts one), and the sender is 6013 an alias that has an owner, the From: line shows the 6014 owner (as well as the envelope). Fixed by early binding 6015 the headers (which will change debugging output). 6016 HPUX portability patches from Michael J. Corrigan of UC San Diego. 6017 Some attempts to adapt better to out of open file conditions. 6018 Some changes to ctladdr handling in queue files. 6019 60206.37/6.17 93/03/16 6021 MAJOR CHANGE: delete e_sender and e_returnpath (why are these 6022 different from e_from?) and $< macro. 6023 Log correct IP address in relay= field even if the connection 6024 times out. 6025 Log "received from [RESPONSE]" on EF_RESPONSE messages (from 6026 John Gardiner Myers). 6027 Fixes to SysExMsg logging (sometimes just got "message: %s" 6028 instead of "message: error message"), noted by Eric 6029 Wassenaar. Also reported by Motonori Nakamura. 6030 Improvements to MX piggybacking code, from Motonori Nakamura. 6031 Fix case where CurHostName points to an auto variable that has 6032 been deallocated (from Motonori Nakamura). 6033 Fix bug causing newlines to be included in aliases if option 6034 "n" (check alias RHS) is set; bug noted by David Muir 6035 Sharnoff. 6036 Fix problem causing user names that should be mapped to lower 6037 case to not be mapped if they are sent during a queue 6038 run. This greatly simplifies the case mapping code. 6039 Problem noted by Allan E Johannesen of WPI. 6040 Don't do recipient address rewriting in buildaddr. This 6041 improperly did recipient rewriting on sender addresses, 6042 and just seems bogus in general -- but the change could 6043 break some .cf files. 6044 Pass TZ envariable to child processes for System V. 6045 CONFIG: allow LOCAL_RULE_1 and LOCAL_RULE_2 if you want to 6046 define those rulesets. 6047 KNOWN PROBLEM: I have seen some problems on SunOS that causes 6048 the User Data Base to give errors on some addresses. I 6049 have tracked the problem back at least as far as 93.02.15 6050 (version 6.22). Running with debugging on makes it 6051 go away, so I conclude that it is referencing uninitialized 6052 stack data. I haven't been able to track this down yet. 6053 60546.36/6.16 93/03/08 6055 Allow local mailer to specify $@host -- this lets you assign the 6056 "foo" part of jgm+foo to $h for passing in to the local 6057 mailer. 6058 Additional debug printing in getcanonname (show query type). 6059 Don't add the e_fromdomain on sender addresses -- this interacts 6060 weirdly with the owner- code. 6061 Improve delivery logging to not log obvious or meaningless stuff. 6062 Include numeric IP address in Received: lines per RFC 1123 section 6063 5.2.8. 6064 Fixed a bug in checking stat() return value if restrictmailq is 6065 set. Also, check the entire group set instead of just the 6066 primary group. Both from John Gardiner Myers. 6067 Don't have usrerr automatically print errno, since this is often 6068 misleading. 6069 Use transienterror() in makeconnection after connect() fails and 6070 in openmailer after execve() fails (from Eric Wassenaar). 6071 Also moved transienterror() from util.c to conf.c. 6072 Clean up from= logging on response messages. 6073 Undo patch allowing prescan to return a null vector -- it breaks 6074 too many things. 6075 Config: FEATURE(notsticky) lets you use UDB for everything coming 6076 in to the machine, even if it is specifically targetted 6077 to this machine. Without it, UDB is bypassed if the user 6078 name is fully qualified. 6079 Config: fix another minor botch with <> (local mailer wasn't 6080 mapping them properly). 6081 60826.35/6.15 93/03/05 6083 Fix getrealhostname to return null if sinlen <= 0 -- this can 6084 occur if stdin is a pipe. 6085 Avoid infinite loop in getcanonname if name server return 6086 NO_DATA (for example). 6087 Config: avoid having C flag qualify list syntax and error syntax. 6088 60896.34/6.14 93/03/05 6090 Fix logging in deliver to not pass too many parameters to Ultrix 6091 versions of syslog. 6092 Don't write the pid file until after the daemon has actually 6093 opened and conditioned the connection. 6094 Consider addresses "different" if their q_uids differ (so that 6095 two users forwarding to the same program will be seen 6096 as different, rather than the same). 6097 Fix problem with bad parameters in main() -- they set ExitStat 6098 but don't exit. 6099 Fix null pointer references through RealHostName -- painfully 6100 discovered by Allan E Johannesen of WPI. 6101 Fix bug causing user@@localhost to core dump (yuch). 6102 Config: don't put two @host.dom.ain on users in $=E in SMTP 6103 mailer. Also, catch user@ (no host) in ruleset 0. 6104 61056.33/6.13 93/03/03 6106 Config: add confCW_FILE as the name of the cw configuration file 6107 (defaults to /etc/sendmail.cw). From P{r Emanuelsson. 6108 Allow prescan to return a pointer to an empty list -- this is 6109 not an error. Also, clean up error reporting to avoid 6110 double errors (prescan reports once, then the caller 6111 reports again). 6112 Changes to avoid trusting T_ANY queries -- run them, but if you 6113 don't get the info you expected, do T_A and T_MX queries 6114 anyhow. This also fixes an oversight where _res.options 6115 bits were being ignored. 6116 If PRIV_NOVRFY is set, use 252 response code instead of 502 per 6117 RFC 1123 section 5.2.3. It's not 100% clear that this 6118 is correct, but it probably works better with stupid 6119 mailers that do a VRFY and only check the first digit. 6120 61216.32/6.12 93/03/02 6122 Fix uninitialized variable "protocol" in smtp code. 6123 Include <unistd.h> in sendmail.h -- move towards POSIX/ANSI. 6124 Additional hooks for RFC 1427 (ESMTP SIZE extension). This 6125 includes requiring that enoughspace() know the system 6126 block size, which will undoubtedly break most ports. 6127 Trace flag 19 in use for srvrsmtp.c. 6128 Additional logging -- notably the sending mailer name. This 6129 also changes the delivery logging to strict field=value 6130 syntax. 6131 Fix some problems with messages getting sent even to addresses 6132 that had been marked bad -- from Eric Wassenaar. 6133 More WIDE changes: accept host name inside [...] as non-MXed 6134 host. This is intended ONLY for use inside firewalled 6135 environments, where the MX points at the gateway. 6136 Change .cf file conventions so that mapping for <> addresses 6137 don't have an @ in them (to avoid confusing the C mailer 6138 flag). Pointed out by Neil Rickert. 6139 Config extensions for Sam Leffler's FlexFAX software. 6140 61416.31/6.10 93/02/28 6142 Fix some more bugs in alias owner code -- there were some weird 6143 cases where an error in a non-aliased name would override 6144 the return info in an aliased name with an owner. 6145 Changes from WIDE Project, forwarded to me by Motonori Nakamura: 6146 Log actual delivery host (after MX et al); from 6147 yasuhiro@dcl.co.jp. 6148 Log daemon startup. 6149 Deliver Postmaster copies without a body. 6150 Better logging of SMTP senders. 6151 Send all program email as daemon even when local. 6152 As requested in various forms from many people, accept -qIstring 6153 to limit queue runs to jobs with queue-id matching string. 6154 Similarly for -qRstring for recipients, -qSstring for 6155 senders. 6156 Initial hooks for ESMTP support (see RFC 1425). 6157 Fixed a syntax error in the UUCP mailer specification that caused 6158 core dumps on startup. 6159 Check for missing A= or P= arguments in mailer definitions. 6160 61616.30/6.10 93/02/27 6162 Require FROZENCONFIG compilation flag to include frozen 6163 configuration code. Frozen configuration is really 6164 not a very good idea any more, particularly in shared 6165 library environments. 6166 Do better checking of errno after opens of :include: and .forward 6167 files to defer delivery on network and other transient 6168 errors. Suggestion from Craig Everhart. 6169 Fix minor botch in read timeout macro processing. 6170 Add FEATURE(nouucp) to config files for sites that know absolutely 6171 nothing about UUCP. 6172 Add built cf files to distribution tape and clarify how to build 6173 them if you don't have the Berkeley make. 6174 Some sizeof(long) portability changes for the Alpha, from Allan 6175 E Johannesen. 6176 Add "restrictmailq" privacy flag -- if set, only people in the same 6177 group as your queue directory can print the queue. If you 6178 set this, be sure you also restrict access to log files.... 6179 Fix another bug in owner-list stuff that can cause data files to 6180 be "lost". 6181 Fix a bug with queue runs that cause forwards to yourself to go 6182 into alias/forwarding loops. I'm still iffy about this 6183 fix. 6184 Fix from Eric Wassenaar for suppression of return message code. 6185 61866.29/6.9 93/02/24 6187 Fix yet another problem in alias owner code -- put the wrong return 6188 address on the enclosed return-to-sender letter. 6189 61906.28/6.9 93/02/24 6191 Fix botch in alias owner code that caused it to not operate if the 6192 error was detected locally. 6193 61946.27/6.9 93/02/24 6195 M_LOCAL => M_LOCALMAILER to avoid conflict with Ultrix include 6196 file <sys/mount.h>. 6197 Miscellaneous bug fixes from Eric Wassenaar: 6198 sendmail -bv -t logs the from line even though in verify 6199 mode only. 6200 sendmail -v can go into queue mode if shouldqueue returns 6201 TRUE. 6202 Add route-addr pruning per RFC 1123 section 5.3.3. This can be 6203 disabled using the "R" option. 6204 Delete (always undocumented) -R flag (save original recipients); 6205 there are ways to syslog(3) these now. 6206 Clean up SMTP reply codes -- specify them as needed in the code, 6207 instead of in conf.c -- this was needed during the NCP to 6208 TCP transition, but seems silly now. This also changes 6209 parameters to message and nmessage. 6210 Have mailstats read the .cf file to find the sendmail.st file and 6211 get text versions of mailer names. An initial version of 6212 this code was provided by Tuominen Keijo (although the 6213 comments indicate the good bits were written by "E.V."). 6214 Add yet more System V compatibility hacks. 6215 Fix bug in VRFY code (assumes everything must be a local user). 6216 Allow specification of any of the hard-wired pathnames in the 6217 Makefile. 6218 Delete concept of "trusted users" -- this really didn't provide 6219 any security anyway, and caused some problems. 6220 Delete last vestige of support for the word "at" as an equivalent 6221 to the character "@". 6222 Propagate owner-foo alias information into the envelope sender. 6223 Based on code from John Gardiner Myers. This is a major 6224 semantic change -- beware! 6225 Allow $@ on LHS to indicate "match zero" -- this is used to match 6226 the null expression. 6227 62286.26/6.8 93/02/21 6229 Don't "lose" queue runs. Very important fix from (who else?) 6230 Eric Wassenaar. 6231 Completely reset state on RSET command -- from Eric Wassenaar. 6232 Send error messages and return receipts using an envelope sender 6233 of <> regardless of the setting of $n. Rewriting rules 6234 can undo this if they feel the necessity, as might be 6235 needed for networks that don't understand the syntax. 6236 This is permitted by RFC 821 section 3.6 and required by 6237 RFC 1123 section 5.3.3. THIS REQUIRES VERSION 4 CONFIG 6238 FILES because the rulesets must be able to parse <> 6239 properly. 6240 Don't ever send error messages to "<>" -- they will get sent to 6241 the local postmaster or dumped in /usr/tmp/dead.letter 6242 instead. Per RFC 1123 section 5.3.3. 6243 Explicitly check for email to yourself as a dotted quad. You 6244 have to call $[ [ ... ] $] to get this. 6245 Up the message timeout to five days per RFC 1123 section 5.3.1.1. 6246 Make all read timeouts individually configurable, as strongly 6247 recommended by RFC 1123 section 5.3.2. 6248 Use f_bavail (blocks available to regular users) instead of f_bfree 6249 (blocks available to superuser) in free block checks. 6250 Change $d macro to be the current time, not the origination time, 6251 since this is consistent with how it is used now. 6252 Generalization of enoughspace from Eric Wassenaar covering 6253 SGI, Apollo, HPUX, Ultrix, and SunOS. 6254 Ignore process group signals -- some front ends can do this if 6255 you kill a window too quickly. From Eric Wassenaar. 6256 Change umask to 022. 6257 62586.25/6.8 93/02/20 6259 Close all cached connections before calling mailers and after 6260 forking for delivery (caused double closes which resulted 6261 in false errors). 6262 Add FEATURE(redirect) in config files -- this allows you to alias 6263 old addresses to a pointer to the new address that will 6264 give a 551 error message, but not deliver the mail. 6265 Some code changes to make the 551 errors look pretty. 6266 Names of M4 program paths in config files have changed -- they 6267 are all XXX_MAILER_PATH now, to match XXX_MAILER_FLAGS. 6268 Fix a bug in the QSELFREF code having to do with empty .forward 6269 files, reported by Eric Wassenaar. 6270 Add option "p" (privacy flags); this allows you to tune how 6271 picky the SMTP server will be. This also adds the 6272 confPRIVACY_FLAGS M4 macro in the config files. 6273 Add option "b" (minimum blocks free). If there are fewer than 6274 this number of blocks free on the filesystem containing 6275 the queue directory, the SMTP MAIL command will return 6276 a 452 response and ask you to try again later. This 6277 also adds the confMIN_FREE_BLOCKS M4 macro in the config 6278 files. 6279 Made VRFY just verify (doesn't expand aliases and .forward files); 6280 EXPN does full expansion. RCPT in queue-only mode also 6281 doesn't chase aliases and .forward. 6282 62836.24/6.7 93/02/19 6284 Increase the number of domain search entries in domain.c to allow 6285 for the extra "" entry indicating the root domain. 6286 Reported by Motonori Nakamura of Kyoto U. 6287 Add a "SMART_HOST" in the configs for UUCP-connected sites that 6288 want to forward all mail with extra "@"s to that site. 6289 Also allows SMART_HOST, LOCAL_RELAY, and MAIL_HUB to 6290 be specified as ``mailer:hostname'' to use an alternate 6291 mailer. 6292 Clarified and updated some wording in the Operations Guide. 6293 Add the "c" mailer flag -- this suppresses all comment parts of 6294 addresses (requested by John Curran of NEARnet). 6295 Have -v print prompts in -bt mode even if stdin is not a terminal 6296 (default behaviour is to be silent if not reading from 6297 a terminal). Suggested by Bryan Costales, ICSI. 6298 Move the metacharacters from C0 space (\001-\037) into C1 space 6299 (\201-\237). This also fixes a bunch of potential bugs 6300 with G1 characters (\240-\276) in headers relating to 6301 negative numbers passed to isspace() et al. 6302 Add YP_LAST_MODIFIED and YP_MASTER_NAME to DBM version of alias 6303 database if YPCOMPAT is #defined. Enhancement from 6304 Takahiro Kanbe of Fuji Xerox Information Systems Co., Ltd. 6305 Add "list" Precedence (-30); this can be used with old sendmails 6306 which will map to precedence 0 (which will return error 6307 messages). Suggested by Stephen R. van den Berg. 6308 Many bug fixes from Eric Wassenaar of the National Institute for 6309 Nuclear and High-Energy Physics, Amsterdam: 6310 Clear timeouts properly on open failures in include(). 6311 Don't dereference through NULL if no home directory found. 6312 Re-establish SIGCHLD signal on System 5 in reapchild(). 6313 Avoid NULL pointer reference on -pFOO flag. 6314 Properly handle backslash escapes in comments. 6315 Correctly check reply status on SMTP NOOP command. 6316 Properly save SMTP error message if peer gives 6317 "Service Shutting Down" message. 6318 Avoid writing to the transcript if it couldn't be opened. 6319 Signal errors in SMTP children to parent properly. 6320 Handle self references in a list more globally (include a 6321 QSELFREF bit in the address flags). This enhancement 6322 was suggested by Eric Wassenaar. 6323 Use initgroups() in hpux, even though it's System-V based. The 6324 HASINITGROUPS compile flag can set this on other systems. 6325 This HPUX behaviour was pointed out by Eric Wassenaar. 6326 63276.23/6.6 93/02/16 6328 Clean up handling of LogLevel to make it easier to figure out 6329 what's on what level. 6330 Change log levels to have some consistency: 6331 1 serious system failures, security problems 6332 2 lost communications, protocol failures 6333 3 other serious failures 6334 4 minor errors 6335 5 message collection 6336 6 vrfy logging, creation of return-to-sender 6337 7 delivery failures 6338 8 delivery successes 6339 9 delivery tempfails (queue ups) 6340 10 database expansion 6341 >64 debugging 6342 Allow IDA-style separated processing on S= and R= in Mailer 6343 definition lines. Note that rulesets 1 and 2 are 6344 still used for both addresses as before. Bruce Lilly 6345 gave a convincing argument that RFC976 insists on 6346 this behaviour. 6347 Added some time zones to arpatounix -- they may not be in the 6348 standards, but they are in use. However, I may delete 6349 arpatounix entirely -- there appears to be no reason 6350 for it to exist. 6351 Change to UUCP mailer (in cf directory) to try to do a saner job. 6352 I'm still not certain about this mailer in general. 6353 63546.22/6.5 93/02/15 6355 Fix bug that prevents saving letters in ~/dead.letter. 6356 Don't add angle brackets in VRFY command if angle brackets already 6357 exist in the address. 6358 Fix bogus error message in udbexpand. 6359 Null terminate host buffers in buildaddr (broken in 6.21) -- 6360 IMPORTANT FIX!! 6361 63626.21/6.5 93/02/15 6363 Fix another incorrect error message in alias.c, found by Azuma 6364 Okamoto. 6365 Fix a couple of problems in the more-configurable config files, 6366 found by Tom Ivar Helbekkmo. 6367 Fix problem with quoted :include: entries. 6368 Don't duplicate the filename on verbose printing of .forward and 6369 :include: contents. 6370 Extend size of prescan buffer (to allow bigger addresses). Also, 6371 detect some buffer overflows. 6372 Log user SMTP protocol errors (log level 4). 6373 63746.20/6.4 93/02/14 6375 Fix another problem in the MCI state machine caused when there 6376 were errors generated from the other end to commands 6377 other than RCPT. 6378 63796.19/6.4 93/02/14 6380 Include load average support for DEC Alpha running OSF/1. 6381 Fix multiple-response problem with errors in MAIL From: line. 6382 Fix SMTP reply codes for invalid address syntaxes (give 501; 6383 never give multiple error messages for a single message). 6384 Fix problem where a cached connection timeout rejects all 6385 later connects to that host. 6386 Fix incorrect error message if alias.c is compiled with DBM only. 6387 Additional changes to fix nested conditionals (from Bruce Lilly). 6388 Recover more gracefully from operating system failures, particularly 6389 NULL returns from openmailer (from Noritoshi Demizu, 6390 OMRON Corporation). 6391 Log forward, alias, and userdb expand operations on log level 10; 6392 concept suggested by P{r (Pell) Emanuelsson. 6393 Changes for HPUX 8.07 compatibility. 6394 63956.18/6.4 93/02/12 6396 Allow any config option to be set using an M4 define. 6397 Change UNAME compile flag to HASUNAME for IDA compatibility 6398 (besides, it's a better name). 6399 Note in README that on SunOS it must be linked -Bstatic. 6400 Fairly major change in domain.c to handle wildcard MX records 6401 more rationally. NOTE: the "w" option (no wildcard MX 6402 records match local domain) has been eliminated. 6403 Fix some unset variable references pointed out by Bruce Lilly. 6404 Fix host name in process titles when using cached connection. 6405 64066.17/6.3 93/01/28 6407 Fix System 5 compatibility changes to be compatible with the rest 6408 of the world. 6409 64106.16/6.3 93/01/28 6411 Experimental fix for problem handling errors in the SMTP 6412 protocol in conjunction with connection caching. 6413 System 5 compatibility changes. 6414 64156.15/6.3 93/01/26 6416 Fix a bug that causes local mail delivered using -odq to be 6417 eliminated as a duplicate (because it matched the 6418 ctladdr, now passed in as a C line). These changes 6419 are pretty tricky...... 6420 64216.14/6.3 93/01/25 6422 Add debugging for some MCI errors. 6423 64246.13/6.3 93/01/22 6425 Fix -e compatibility flag to take a value. 6426 Fix a couple of minor compilation warnings on Sun cc. 6427 Improve error messages in a few cases to be more self-explanatory. 6428 64296.12/6.3 93/01/21 6430 Fix yet-another problem with environment handling, pointed out 6431 by Yoshitaka Tokugawa and Tom Ivar Helbekkmo. 6432 Some heuristics to try to limit resource exhaustion problems 6433 if a downstream host has been down for a long time. 6434 Fix problem with incorrect host name being logged in "Connection 6435 timed out" messages (from Tom Ivar Helbekkmo). 6436 Fix some ANSI C problems (from Takahiro Kanbe). 6437 Properly log message sender on returned mail during queue run. 6438 Count number of recipients properly. 6439 Fix a problem in yp map code. 6440 Diagnose "message timed out" (from Motonori Nakamura). 6441 64426.11/6.3 93/01/20 6443 Fix problem with address delimitor inside quotes. 6444 Define $k and $=k to be the UUCP name (from the uname call) 6445 based on code from Bruce Lilly. 6446 64476.10/6.2 93/01/18 6448 Implement arpatounix (largely code from Bruce Lilly). 6449 Log more info (suggested by John Myers). 6450 Allow nested $?...$|...$. (inspired by code from Bruce Lilly of 6451 Sony US). 6452 POSIX compatibility (noted by Keith Bostic). 6453 Handle SMTP MAIL command errors properly (urged by several people, 6454 notably John Myers of CMU). 6455 Do early diagnosis of .cf errors (notably referencing a RHS 6456 substitution that isn't on the LHS). 6457 Adjust checkpointing to better handle batched recipients, suggested 6458 by John Myers. 6459 Fix miscellaneous bugs. 6460 (config files:) Implement MAIL_HUB for all local mail (to handle 6461 NFS-mounted directories) as urged by Tom Ivar Helbekkmo 6462 of the Norwegian School of Economics. 6463 64646.9/6.1 93/01/13 6465 Environment handling simplification/bug fix -- child processes 6466 get a minimal, fixed environment. This avoids different 6467 behaviour in queue runs. 6468 Handle commas inside comments properly. 6469 Properly limit large messages submitted in -obq mode. 6470 64716.8/6.1 93/01/10 6472 Check mtime of thaw file against .cf and sendmail binary, based on 6473 code from John Myers. 6474 64756.7/6.1 93/01/10 6476 MX piggybacking, based on code from John Myers@CMU. 6477 Allow checkcompat to return -1 to mean tempfail. 6478 Bug fix in m_mno computation. 6479 64806.6/6.1 93/01/09 6481 Tuning of queueing functions as recommended by John Gardiner Myers. 6482 Return mail headers (no body) on messages with negative precedence. 6483 Minor other bug fixes. 6484 64856.5/6.1 93/01/03 6486 Fix botch causing queued headers to have ?XX? prefixes. 6487 64886.4/6.1 93/01/02 6489 Changes to recognize special mailer types (e.g., file) early. 6490 64916.3/6.1 93/01/01 6492 Pass timeouts to sfgets. 6493 Check for control characters in addresses. 6494 Fixed deferred error reporting. 6495 Report duplicate aliases. 6496 Handle mixed case recursive aliases. 6497 Misc bug fixes. 6498 64996.2/6.1 92/12/30 6500 Put return-receipt-to on a conf.c flag (but don't set it). 6501 Fix minor syslog problem. 6502