1 SENDMAIL RELEASE NOTES 2 $Id: RELEASE_NOTES,v 8.2024 2013/04/19 15:01:58 ca Exp $ 3 4 5This listing shows the version of the sendmail binary, the version 6of the sendmail configuration files, the date of release, and a 7summary of the changes in that release. 8 98.14.7/8.14.7 2013/04/21 10 Drop support for IPv4-mapped IPv6 addresses to prevent the MTA 11 from using a mapped address over a legitimate IPv6 address 12 and to enforce the proper semantics over the IPv6 13 connection. Problem noted by Ulrich Sporlein. 14 Fix a regression introduced in 8.14.6: the wrong list of 15 macros was sent to a milter in the EHLO stage. 16 Problem found by Fabrice Bellet, reported via RedHat 17 (Jaroslav Skarvada). 18 Fix handling of ORCPT parameter for DSNs: xtext decoding 19 was not performed and a wrong syntax check was applied 20 to the "addr-type" field. Problem noted by Dan Lukes 21 of Obludarium. 22 Fix handling of NUL characters in the MIME conversion functions 23 so that message bodies containing them will be sent 24 on properly. Note: this usually also affects mails 25 that are not converted as those functions are used 26 for other purposes too. Problem noted by Elchonon 27 Edelson of Lockheed Martin. 28 Do not perform "duplicate" elimination of recipients if they 29 resolve to the error mailer using a temporary failure 30 (4xy) via ruleset 0. Problem noted by Akira Takahashi 31 of IIJ. 32 CONTRIB: Updated version of etrn.pl script from John Beck 33 of Oracle. 34 Portability: 35 Unlike gcc, clang doesn't apply full prototypes to K&R 36 definitions. 37 388.14.6/8.14.6 2012/12/23 39 Fix a regression introduced in 8.14.5: if a server offers 40 two AUTH lines, the MTA would not read them after 41 STARTTLS has been used and hence SMTP AUTH for 42 the client side would fail. Problem noted by Lena. 43 Do not cache hostnames internally in a non case sensitive way 44 as that may cause addresses to change from lower case 45 to upper case or vice versa. These header modifications 46 can cause problems with milters that rely on receiving 47 headers in the same way as they are being sent out such 48 as a DKIM signing milter. 49 If MaxQueueChildren is set then it was possible that new queue 50 runners could not be started anymore because an 51 internal counter was subject to a race condition. 52 If a milter decreases the timeout it waits for a communication 53 with the MTA, the MTA might experience a write() timeout. 54 In some situations, the resulting error might have been 55 ignored. Problem noted by Werner Wiethege. 56 Note: decreasing the communication timeout in a milter 57 should not be done without considering the potential 58 problems. 59 smfi_setsymlist() now properly sets the list of macros for 60 the milter which invoked it, instead of a global 61 list for all milters. Problem reported by 62 David Shrimpton of the University of Queensland. 63 If Timeout.resolver.retrans is set to a value larger than 20, 64 then resolver.retry was temporarily set to 0 for 65 gethostbyaddr() lookups. Now it is set to 1 instead. 66 Patch from Peter. 67 If sendmail could not lock the statistics file due to a system 68 error, and sendmail later sends a DSN for a mail that 69 triggered such an error, then sendmail tried to access 70 memory that was freed before (causing a crash on some 71 systems). Problem reported by Ryan Stone. 72 Do not log negative values for size= nor pri= to avoid confusing 73 log parsers, instead limit the values to LONG_MAX. 74 Account for an API change in newer versions of Cyrus-SASL. 75 Patch from Hajimu UMEMOTO from FreeBSD. 76 Do not try to resolve link-local addresses for IPv4 (just as it 77 is done for IPv6). Patch from John Beck of Oracle. 78 Improve logging of client and server STARTTLS connection failures 79 that may be due to incompatible cipher lists by including 80 the reason for the failure in a single log line. Suggested 81 by James Carey of Boeing. 82 Portability: 83 Add support for Darwin 11.x and 12.x (Mac OS X 10.7 and 10.8). 84 Add support for SunOS 5.12 (aka Solaris 12). Patch from 85 John Beck of Oracle. 86 878.14.5/8.14.5 2011/05/17 88 Do not cache SMTP extensions across connections as the cache 89 is based on hostname which may not be a unique identifier 90 for a server, i.e., different machines may have the 91 same hostname but provide different SMTP extensions. 92 Problem noted by Jim Hermann. 93 Avoid an out-of-bounds access in case a resolver reply for a DNS 94 map lookup returns a size larger than 1K. Based on a 95 patch from Dr. Werner Fink of SuSE. 96 If a job is aborted using the interrupt signal (e.g., control-C from 97 the keyboard), perform minimal cleanup to avoid invoking 98 functions that are not signal-safe. Note: in previous 99 versions the mail might have been queued up already 100 and would be delivered subsequently, now an interrupt 101 will always remove the queue files and thus prevent 102 delivery. 103 Per RFC 6176, when operating as a TLS client, do not offer SSLv2. 104 Since TLS session resumption is never used as a client, disable 105 use of RFC 4507-style session tickets. 106 Work around gcc4 versions which reverse 25 years of history and 107 no longer align char buffers on the stack, breaking calls 108 to resolver functions on strict alignment platforms. 109 Found by Stuart Henderson of OpenBSD. 110 Read at most two AUTH lines from a server greeting (up to two 111 lines are read because servers may use "AUTH mechs" and 112 "AUTH=mechs"). Otherwise a malicious server may exhaust 113 the memory of the client. Bug report by Nils of MWR 114 InfoSecurity. 115 Avoid triggering an assertion in the OpenLDAP code when the 116 connection to an LDAP server is lost while making a query. 117 Problem noted and patch provided by Andy Fiddaman. 118 If ConnectOnlyTo is set and sendmail is compiled with NETINET6 119 it would try to use an IPv6 address if an IPv4 (or 120 unparseable) address is specified. 121 If SASLv2 is used, make sure that the macro {auth_authen} is 122 stored in xtext format to avoid problems with parsing 123 it. Problem noted by Christophe Wolfhugel. 124 CONFIG: FEATURE(`ldap_routing') in 8.14.4 tried to add a missing 125 -T<TMPF> that is required, but failed for some cases 126 that did not use LDAP. This change has been undone 127 until a better solution can be implemented. Problem 128 found by Andy Fiddaman. 129 CONFIG: Add cf/ostype/solaris11.m4 for Solaris11 support. 130 Contributed by Casper Dik of Oracle. 131 CONTRIB: qtool.pl: Deal with H entries that do not have a 132 letter between the question marks. Patch from 133 Stefan Christensen. 134 DOC: Use a better description for the -i option in sendmail. 135 Patch from Mitchell Berger. 136 Portability: 137 Add support for Darwin 10.x (Mac OS X 10.6). 138 Enable HAVE_NANOSLEEP for FreeBSD 3 and later. Patch 139 from John Marshall. 140 Enable HAVE_NANOSLEEP for OpenBSD 4.3 and later. 141 Use new directory "/system/volatile" for PidFile on 142 Solaris 11. Patch from Casper Dik of Oracle. 143 Fix compilation on Solaris 11 (and maybe some other 144 OSs) when using OpenSSL 1.0. Based on patch from 145 Jan Pechanec of Oracle. 146 Set SOCKADDR_LEN_T and SOCKOPT_LEN_T to socklen_t 147 for Solaris 11. Patch from Roger Faulkner of Oracle. 148 New Files: 149 cf/ostype/solaris11.m4 150 1518.14.4/8.14.4 2009/12/30 152 SECURITY: Handle bogus certificates containing NUL characters 153 in CNs by placing a string indicating a bad certificate 154 in the {cn_subject} or {cn_issuer} macro. Patch inspired 155 by Matthias Andree's changes for fetchmail. 156 During the generation of a queue identifier an integer overflow 157 could occur which might result in bogus characters 158 being used. Based on patch from John Vannoy of 159 Pepperdine University. 160 The value of headers, e.g., Precedence, Content-Type, et.al., 161 was not processed correctly. Patch from Per Hedeland. 162 Between 8.11.7 and 8.12.0 the length limitation on a return 163 path was erroneously reduced from MAXNAME (256) to 164 MAXSHORTSTR (203). Patch from John Gardiner Myers 165 of Proofpoint; the problem was also noted by Steve 166 Hubert of University of Washington. 167 Prevent a crash when a hostname lookup returns a seemingly 168 valid result which contains a NULL pointer (this seems 169 to be happening on some Linux versions). 170 The process title was missing the current load average when 171 the MTA was delaying connections due to DelayLA. 172 Patch from Dick St.Peters of NetHeaven. 173 Do not reset the number of queue entries in shared memory if 174 only some of them are processed. 175 Fix overflow of an internal array when parsing some replies 176 from a milter. Problem found by Scott Rotondo 177 of Sun Microsystems. 178 If STARTTLS is turned off in the server (via M=S) then it 179 would not be initialized for use in the client either. 180 Patch from Kazuteru Okahashi of IIJ. 181 If a Diffie-Hellman cipher is selected for STARTTLS, the 182 handshake could fail with some TLS implementations 183 because the prime used by the server is not long enough. 184 Note: the initialization of the DSA/DH parameters for 185 the server can take a significant amount of time on slow 186 machines. This can be turned off by setting DHParameters 187 to none or a file (see doc/op/op.me). Patch from 188 Petr Lampa of the Brno University of Technology. 189 Fix handling of `b' modifier for DaemonPortOptions on little 190 endian machines for loopback address. Patch from 191 John Beck of Sun Microsystems. 192 Fix a potential memory leak in libsmdb/smdb1.c found by parfait. 193 Based on patch from Jonathan Gray of OpenBSD. 194 If a milter sets the reply code to "421" during the transfer 195 of the body, the SMTP server will terminate the SMTP session 196 with that error to match the behavior of the other callbacks. 197 Return EX_IOERR (instead of 0) if a mail submission fails due to 198 missing disk space in the mail queue. Based on patch 199 from Martin Poole of RedHat. 200 CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would 201 cause addresses not found in LDAP to be misparsed. 202 CONFIG: Using a CN restriction did not work for TLS_Clt as it 203 referred to a wrong macro. Patch from John Gardiner 204 Myers of Proofpoint. 205 CONFIG: The option relaytofulladdress of FEATURE(`access_db') 206 did not work if FEATURE(`relay_hosts_only') is used too. 207 Problem noted by Kristian Shaw. 208 CONFIG: The internal function lower() was broken and hence 209 strcasecmp() did not work either, which could cause 210 problems for some FEATURE()s if upper case arguments 211 were used. Patch from Vesa-Matti J Kari of the 212 University of Helsinki. 213 LIBMILTER: Fix internal check whether a milter application 214 is compiled against the same version of libmilter as 215 it is linked against (especially useful for dynamic 216 libraries). 217 LIBMILTER: Fix memory leak that occurred when smfi_setsymlist() 218 was used. Based on patch by Dan Lukes. 219 LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters 220 which add, insert, or replace headers. From Benjamin 221 Pineau. 222 LIBMILTER: Fix error messages which refer to "select()" to be 223 correct if SM_CONF_POLL is used. Based on patch from 224 John Nemeth. 225 LIBSM: Fix handling of LDAP search failures where the error is 226 carried in the search result itself, such as seen with 227 OpenLDAP proxy servers. 228 VACATION: Do not refer to a local variable outside its scope. 229 Based on patch from Mark Costlow of Southwest Cyberport. 230 Portability: 231 Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from 232 John Beck of Sun Microsystems. 233 Drop NISPLUS from default SunOS 5.11 map definitions. 234 Patch from John Beck of Sun Microsystems. 235 2368.14.3/8.14.3 2008/05/03 237 During ruleset processing the generation of a key for a map 238 lookup and the parsing of the default value was broken 239 for some macros, e.g., $|, which caused the BlankSub 240 character to be inserted into the workspace and thus 241 failures, e.g., rules that should have matched did not. 242 8.14.2 caused a regression: it accessed (macro) storage which was 243 freed before. First instance of the problem reported by 244 Matthew Dillon of DragonFlyBSD; variations of the same 245 bug reported by Todd C. Miller of OpenBSD, Moritz 246 Jodeit, and Dave Hayes. 247 Improve pathname length checks for persistent host status. Patch 248 from Joerg Sonnenberger of DragonFlyBSD. 249 Reword misleading SMTP reply text for FEATURE(`badmx'). Problem 250 noted by Beth Halsema. 251 The read timeout was fixed to be Timeout.datablock if STARTTLS 252 was activated. This may cause problems if that value 253 is lowered from its default. Problem noted by Jens Elkner. 254 CONFIG: Using LOCAL_TLS_CLIENT caused the tls_client ruleset 255 to operate incorrectly. Problem found by Werner Wiethege. 256 LIBMILTER: Omitting some protocol steps via the xxfi_negotiate() 257 callback did not work properly. The patchlevel of 258 libmilter has been set to 1 so a milter can determine 259 whether libmilter contains this fix. 260 MAKEMAP: If a delimiter is specified (-t) use that also when 261 dumping a map. Patch from Todd C. Miller of OpenBSD. 262 Portability: 263 Add support for Darwin 9.x (Mac OS X 10.5). 264 Support shared libraries in Darwin 8 and 9. Patch from 265 Chris Behrens of Concentric. 266 Add support for SCO OpenServer 6, patch from Boyd Gerber. 267 DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing slash. 268 Added Files: 269 devtools/OS/Darwin.9.x 270 devtools/OS/OSR.i386 271 2728.14.2/8.14.2 2007/11/01 273 If a message was queued and it contained 8 bit characters in 274 a From: or To: header, then those characters could be 275 "mistaken" for internal control characters during a queue 276 run and trigger various consistency checks. Problem 277 noted by Neil Rickert of Northern Illinois University. 278 If MaxMimeHeaderLength is set to a value greater than 0 (which 279 it is by default) then even if the Linelimit parameter 280 is 0, sendmail corrupted in the non-transfer-encoding 281 case every MAXLINE-1 characters. Patch from John Gardiner 282 Myers of Proofpoint. 283 Setting the suboption DeliveryMode for DaemonPortOptions did not 284 work in earlier 8.14 versions. 285 Note: DeliveryMode=interactive is silently converted to 286 background if a milter can reject or delete a recipient. 287 Prior to 8.14 this happened only if milter could delete 288 recipients. 289 ClientRate should trigger when the limit was exceeded (as 290 documented), not when it was reached. Patch from 291 John Beck of Sun Microsystems. 292 Force a queue run for -qGqueuegroup even if no runners are 293 specified (R=0) and forking (F=f) is requested. 294 When multiple results are requested for a DNS map lookup 295 (-z and -Z), return only those that are relevant for 296 the query (not also those in the "additional section".) 297 If the message transfer time to sendmail (when acting as server) 298 exceeds Timeout.queuewarn or Timeout.queuereturn and 299 the message is refused (by a milter), sendmail previously 300 created a delivery status notification (DSN). Patch 301 from Doug Heath of The Hertz Corporation. 302 A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires 303 the MTA to deal with some input (i.e., "=") itself. 304 Problem noted by Eliot Lear. 305 sendmail counted a delivery as successful if PIPELINING is 306 compiled in but not offered by the server and the 307 delivery failed temporarily. Patch from Werner Wiethege. 308 If getting the result of an LDAP query times out then close the 309 map so it will be reopened on the next lookup. This 310 should help "failover" configurations that specify more 311 than one LDAP server. 312 If check_compat returns $#discard then a "savemail panic" could 313 be triggered under some circumstances (e.g., requiring 314 a system which does not have the compile time flag 315 HASFLOCK set). Based on patch by Motonori Nakamura 316 of National Institute of Informatics, Japan. 317 If a milter rejected a recipient, the count for nrcpts= in the 318 logfile entry might have been wrong. Problem found by 319 Petra Humann of TU Dresden. 320 If a milter invoked smfi_chgfrom() where ESMTP arguments are not 321 NULL, the message body was lost. Patch from Motonori 322 Nakamura of National Institute of Informatics, Japan. 323 sendmail(8) had a bogus space in -qGname. Patch from Peng Haitao. 324 CONTRIB: buildvirtuser: Preserve ownership and permissions when 325 replacing files. 326 CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when 327 reading the /etc/mail/virtusers/ directory. 328 CONTRIB: buildvirtuser: Emit warnings instead of exiting where 329 appropriate. 330 LIBMILTER: Fix ABI backwards compatibility so milters compiled 331 against an older libmilter.so shared library can use an 332 8.14 libmilter.so shared library. 333 LIBMILTER: smfi_version() did not properly extract the patchlevel 334 from the version number, however, the returned value was 335 correct for the current libmilter version. 336 3378.14.1/8.14.1 2007/04/03 338 Even though a milter rejects a recipient the MTA will still keep 339 it in its list of recipients and deliver to it if the 340 transaction is accepted. This is a regression introduced 341 in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug 342 found by Andy Fiddaman. 343 The new DaemonPortOptions which begin with a lower case character 344 could not be set in 8.14.0. 345 If a server shut down the connection in response to a STARTTLS 346 command, sendmail would log a misleading error message 347 due to an internal inconsistency. Problem found by 348 Werner Wiethege. 349 Document how some sendmail.cf options change the behavior of mailq. 350 Noted by Paul Menchini of the North Carolina School of 351 Science and Mathematics. 352 CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce. 353 CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition 354 of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE 355 m4 options for setting MaxNOOPCommands and 356 SharedMemoryKeyFile. 357 CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4 358 options for setting Milter.macros.eoh and Milter.macros.data. 359 CONTRIB: Use flock() and fcntl() in qtool.pl if necessary. 360 Patch from Daniel Carroll of Mesa State College. 361 LIBMILTER: Make sure an unknown command does not affect the 362 currently available macros. Problem found by Andy Fiddaman. 363 LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option 364 negotiation. Problem reported by Bryan Costales. 365 LIBMILTER: Fix several minor errors in the documentation. 366 Patches from Bryan Costales. 367 PORTABILITY FIXES: 368 AIX 5.{1,2}: libsm/util.c failed to compile due to 369 redefinition of several macros, e.g., SIG_ERR. 370 Patch from Jim Pirzyk with assistance by Bob 371 Booth, University of Illinois at Urbana-Champaign. 372 Add support for QNX.6. Patch from Sean Boudreau of QNX 373 Software Systems. 374 New Files: 375 devtools/M4/depend/QNX6.m4 376 devtools/OS/QNX.6.x 377 include/sm/os/sm_os_qnx.h 378 379 New Files added in 8.14.0, but not shown in the release notes entry: 380 libmilter/docs/smfi_chgfrom.html 381 libmilter/docs/smfi_version.html 382 3838.14.0/8.14.0 2007/01/31 384 Header field values are now 8 bit clean. Notes: 385 - header field names are still restricted to 7 bit. 386 - RFC 2822 allows only 7 bit (US-ASCII) characters in 387 headers. 388 Preserve spaces after the colon in a header. Previously, any 389 number of spaces after the colon would be changed to 390 exactly one space. 391 In some cases of deeply nested aliases/forwarding, mail can 392 be silently lost. Moreover, the MaxAliasRecursion 393 limit may be reached too early, e.g., the counter 394 may be off by a factor of 4 in case of a sequence of 395 .forward files that refer to others. Patch from 396 Motonori Nakamura of Kyoto University. 397 Fix a regression in 8.13.8: if InputMailFilters is set then 398 "sendmail -bs" can trigger an assertion because the 399 hostname of the client is undefined. It is now set 400 to "localhost" for the xxfi_connect() callback. 401 Avoid referencing a freed variable during cleanup when terminating. 402 Problem reported and diagnosed by Joe Maimon. 403 New option HeloName to set the name for the HELO/EHLO command. 404 Patch from Nik Clayton. 405 New option SoftBounce to issue temporary errors (4xy) instead of 406 permanent errors (5xy). This can be useful for testing. 407 New suboptions for DaemonPortOptions to set them individually 408 per daemon socket: 409 DeliveryMode DeliveryMode 410 refuseLA RefuseLA 411 delayLA DelayLA 412 queueLA QueueLA 413 children MaxDaemonChildren 414 New option -K for LDAP maps to replace %1 through %9 in the 415 lookup key with the LDAP escaped contents of the 416 arguments specified in the map lookup. Loosely based 417 on patch from Wolfgang Hottgenroth. 418 Log the time after which a greet_pause delay triggered. Patch 419 from Nik Clayton. 420 If a client is rejected via TCP wrapper or some other check 421 performed by validate_connection() (in conf.c) then do 422 not also invoke greet_pause. Problem noted by Jim Pirzyk 423 of the University of Illinois at Urbana-Champaign. 424 If a client terminates the SMTP connection during a pause 425 introduced by greet_pause, then a misleading message 426 was logged previously. Problem noted by Vernon Schryver 427 et.al., patch from Matej Vela. 428 New command "mstat" for control socket to provide "machine 429 readable" status. 430 New named config file rule check_eom which is called at the end 431 of a message, its parameter is the size of the message. 432 If the macro {addr_type} indicates that the current address 433 is a header address it also distinguishes between 434 recipient and sender addresses (as it is done for 435 envelope addresses). 436 When a macro is set in check_relay, then its value is accessible 437 by all transactions in the same SMTP session. 438 Increase size of key for ldap lookups to 1024 (MAXKEY). 439 New option MaxNOOPCommands to override default of 20 for the 440 number of "useless" commands before the SMTP server will 441 slow down responding. 442 New option SharedMemoryKeyFile: if shared memory support is 443 enabled, the MTA can be asked to select a shared memory 444 key itself by setting SharedMemoryKey to -1 and specifying 445 a file where to store the selected key. 446 Try to deal with open HTTP proxies that are used to send spam 447 by recognizing some commands from them. If the first command 448 from the client is GET, POST, CONNECT, or USER, then the 449 connection is terminated immediately. 450 New PrivacyOptions noactualrecipient to avoid putting 451 X-Actual-Recipient lines in DSNs revealing the actual 452 account that addresses map to. Patch from Dan Harkless. 453 New options B, z, and Z for DNS maps: 454 -B: specify a domain that is always appended to queries. 455 -z: specify the delimiter at which to cut off the result of 456 a query if it is too long. 457 -Z: specify the maximum number of entries to be concatenated 458 to form the result of a lookup. 459 New target "check" in the Makefile of libsm: instead of running tests 460 implicitly while building libsm, they must be explicitly 461 started by using "make check". 462 Fixed some inconsistent checks for NULL pointers that have been 463 reported by the SATURN tool which has been developed by 464 Isil Dillig and Thomas Dillig of Stanford University. 465 Fix a potential race condition caused by a signal handler for 466 terminated child processes. Problem noted by David F. Skoll. 467 When a milter deleted a recipient, that recipient could cause a 468 queue group selection. This has been disabled as it was not 469 intended. 470 New operator 'r' for the arith map to return a random number. 471 Patch from Motonori Nakamura of Kyoto University. 472 New compile time option MILTER_NO_NAGLE to turn off the Nagle 473 algorithm for communication with libmilter ("cork" on Linux), 474 which may improve the communication performance on some 475 operating systems. Patch from John Gardiner Myers of 476 Proofpoint. 477 If sendmail received input that contained a CR without subsequent LF 478 (thus violating RFC 2821 (2.3.7)), it could previously 479 generate an additional blank line in the output as the last 480 line. 481 Restarting persistent queue runners by sending a HUP signal to 482 the "queue control process" (QCP) works now. 483 Increase the length of an input line to 12288 to deal with 484 really long lines during SMTP AUTH negotiations. 485 Problem noted by Werner Wiethege. 486 If ARPANET mode (-ba) was selected STARTTLS would fail (due to 487 a missing initialization call for that case). Problem 488 noted by Neil Rickert of Northern Illinois University. 489 If sendmail is linked against a library that initializes Cyrus-SASL 490 before sendmail did it (such as libnss-ldap), then SMTP AUTH 491 could fail for the sendmail client. A patch by Moritz Both 492 works around the API design flaw of Cyrus-SASLv2. 493 CONFIG: Make it possible to unset the StatusFile option by 494 undefining STATUS_FILE. By not setting StatusFile, 495 the MTA will not attempt to open a statistics file on 496 each delivery. 497 CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP 498 clients whose IP address does not have proper reverse DNS. 499 Contributed by Neil Rickert of Northern Illinois University 500 and John Beck of Sun Microsystems. 501 CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP 502 clients which provide a HELO/EHLO argument which is either 503 unqualified, or is one of our own names (i.e., the server 504 name instead of the client name). Contributed by Neil 505 Rickert of Northern Illinois University and John Beck of 506 Sun Microsystems. 507 CONFIG: New FEATURE(`badmx') to reject envelope sender addresses 508 (MAIL) whose domain part resolves to a "bad" MX record. 509 Based on contribution from William Dell Wisner. 510 CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override 511 the maximum line length of the smtp mailers. 512 CONFIG: New option `relaytofulladdress' for FEATURE(`access_db') 513 to allow entries in the access map to be of the form 514 To:user@example.com RELAY 515 CONFIG: New subsuboptions eoh and data to specify the list of 516 macros a milter should receive at those stages in the 517 SMTP dialogue. 518 CONFIG: New option confHELO_NAME for HeloName to set the name 519 for the HELO/EHLO command. 520 CONFIG: dnsbl and enhdnsbl can now also discard or quarantine 521 messages by using those values as second argument. 522 Patches from Nelson Fung. 523 CONTRIB: cidrexpand uses a hash symbol as comment character and 524 ignores everything after it unless it is in quotes or 525 preceeded by a backslash. 526 DEVTOOLS: New macro confMKDIR: if set to a program that creates 527 directories, then it used for "make install" to create 528 the required installation directories. 529 DEVTOOLS: New macro confCCLINK to specify the linker to use for 530 executables (defaults to confCC). 531 LIBMILTER: A new version of the milter API has been created that 532 has several changes which are listed below and documented 533 in the webpages reachable via libmilter/docs/index.html. 534 LIBMILTER: The meaning of the version macro SMFI_VERSION has been 535 changed. It now refers only to the version of libmilter, 536 not to the protocol version (which is used only internally, 537 it is not user/milter-programmer visible). Additionally, 538 a version function smfi_version() has been introduced such 539 that a milter program can check the libmilter version also 540 at runtime which is useful if a shared library is used. 541 LIBMILTER: A new callback xxfi_negotiate() can be used to 542 dynamically (i.e., at runtime) determine the available 543 protocol actions and features of the MTA and also to 544 specify which of these a milter wants to use. This allows 545 for more flexibility than hardcoding these flags in the 546 xxfi_flags field of the smfiDesc structure. 547 LIBMILTER: A new callback xxfi_data() is available so milters 548 can act on the DATA command. 549 LIBMILTER: A new callback xxfi_unknown() is available so milters 550 can receive also unknown SMTP commands. 551 LIBMILTER: A new return code SMFIS_NOREPLY has been added which 552 can be used by the xxfi_header() callback provided the 553 milter requested the SMFIP_NOHREPL protocol action. 554 LIBMILTER: The new return code SMFIS_SKIP can be used in the 555 xxfi_body() callback to skip over further body chunks 556 and directly advance to the xxfi_eom() callback. This 557 is useful if a milter can make a decision based on the 558 body chunks it already received without reading the entire 559 rest of the body and the milter wants to invoke functions 560 that are only available from the xxfi_eom() callback. 561 LIBMILTER: A new function smfi_addrcpt_par() can be used to add 562 new recipients including ESMTP parameters. 563 LIBMILTER: A new function smfi_chgfrom() can be used to change the 564 envelope sender including ESMTP parameters. 565 LIBMILTER: A milter can now request to be informed about rejected 566 recipients (RCPT) too. This requires to set the protocol 567 flag SMFIP_RCPT_REJ during option negotiation. Whether 568 a RCPT has been rejected can be checked by comparing the 569 value of the macro {rcpt_mailer} with "error". 570 LIBMILTER: A milter can now override the list of macros that it 571 wants to receive from the MTA for each protocol step 572 by invoking the function smfi_setsymlist() during option 573 negotiation. 574 LIBMILTER: A milter can receive header field values with all 575 leading spaces by requesting the SMFIP_HDR_LEADSPC 576 protocol action. Also, if the flag is set then the MTA 577 does not add a leading space to headers that are added, 578 inserted, or replaced. 579 LIBMILTER: If a milter sets the reply code to "421" for the HELO 580 callback, the SMTP server will terminate the SMTP session 581 with that error to match the behavior of all other callbacks. 582 New Files: 583 cf/feature/badmx.m4 584 cf/feature/block_bad_helo.m4 585 cf/feature/require_rdns.m4 586 devtools/M4/UNIX/check.m4 587 include/sm/misc.h 588 include/sm/sendmail.h 589 include/sm/tailq.h 590 libmilter/docs/smfi_addrcpt_par.html 591 libmilter/docs/smfi_setsymlist.html 592 libmilter/docs/xxfi_data.html 593 libmilter/docs/xxfi_negotiate.html 594 libmilter/docs/xxfi_unknown.html 595 libmilter/example.c 596 libmilter/monitor.c 597 libmilter/worker.c 598 libsm/memstat.c 599 libsm/t-memstat.c 600 libsm/t-qic.c 601 libsm/util.c 602 sendmail/daemon.h 603 sendmail/map.h 604 6058.13.8/8.13.8 2006/08/09 606 Fix a regression in 8.13.7: if shared memory is activated, then 607 the server can erroneously report that there is 608 insufficient disk space. Additionally make sure that 609 an internal variable is set properly to avoid those 610 misleading errors. Based on patch from Steve Hubert 611 of University of Washington. 612 Fix a regression in 8.13.7: the PidFile could be removed after 613 the process that forks the daemon exited, i.e., if 614 sendmail -bd is invoked. Problem reported by Kan Sasaki 615 of Fusion Communications Corp. and Werner Wiethege. 616 Avoid opening qf files if QueueSortOrder is "none". Patch from 617 David F. Skoll. 618 Avoid a crash when finishing due to referencing a freed variable. 619 Problem reported and diagnosed by Moritz Jodeit. 620 CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4 621 range (0..255). 622 LIBMILTER: The "hostname" argument of the xxfi_connect() callback 623 previously was the equivalent of {client_ptr}. However, 624 this did not match the documentation of the function, hence 625 it has been changed to {client_name}. See doc/op/op.* 626 about these macros. 627 6288.13.7/8.13.7 2006/06/14 629 A malformed MIME structure with many parts can cause sendmail to 630 crash while trying to send a mail due to a stack overflow, 631 e.g., if the stack size is limited (ulimit -s). This 632 happens because the recursion of the function mime8to7() 633 was not restricted. The function is called for MIME 8 to 634 7 bit conversion and also to enforce MaxMimeHeaderLength. 635 To work around this problem, recursive calls are limited to 636 a depth of MAXMIMENESTING (20); message content after this 637 limit is treated as opaque and is not checked further. 638 Problem noted by Frank Sheiness. 639 The changes to the I/O layer in 8.13.6 caused a regression for 640 SASL mechanisms that use the security layer, e.g., 641 DIGEST-MD5. Problem noted by Robert Stampfli. 642 If a timeout occurs while reading a message (during the DATA phase) 643 a df file might have been left behind in the queue. 644 This was another side effect of the changes to the I/O 645 layer made in 8.13.6. 646 Several minor problems have been fixed that were found by a 647 Coverity scan of sendmail 8 as part of the NetBSD 648 distribution. See http://scan.coverity.com/ 649 Note: the scan generated also a lot of "false positives", 650 e.g., "error" reports about situations that cannot happen. 651 Most of those code places are marked with lint(1) comments 652 like NOTREACHED, but Coverity does not understand those. 653 Hence an explicit assertion has been added in some cases 654 to avoid those false positives. 655 If the start of the sendmail daemon fails due to a configuration 656 error then in some cases shared memory segments or pid 657 files were not removed. 658 If DSN support is disabled via access_db, then related ESMTP 659 parameters for MAIL and RCPT should be rejected. Problem 660 reported by Akihiro Sagawa. 661 Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding 662 bug work-around. Hence if sendmail is linked against 663 either of these versions and compression is available, 664 the padding bug work-around is turned off. Based on 665 patch from Victor Duchovni of Morgan Stanley. 666 CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used 667 blackholes.mail-abuse.org as default domain for lookups, 668 however, that list is no longer available. To avoid 669 further problems, no default value is available anymore, 670 but an argument must be specified. 671 Portability: 672 Fix compilation on OSF/1 for sfsasl.c. Patch from 673 Pieter Bowman of the University of Utah. 674 6758.13.6/8.13.6 2006/03/22 676 SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server 677 and client side of sendmail with timeouts in the libsm I/O 678 layer and fix problems in that code. Also fix handling of 679 a buffer in sm_syslog() which could have been used as an 680 attack vector to exploit the unsafe handling of 681 setjmp(3)/longjmp(3) in combination with signals. 682 Problem detected by Mark Dowd of ISS X-Force. 683 Handle theoretical integer overflows that could triggered if 684 the server accepted headers larger than the maximum 685 (signed) integer value. This is prevented in the default 686 configuration by restricting the size of a header, and on 687 most machines memory allocations would fail before reaching 688 those values. Problems found by Phil Brass of ISS. 689 If a server returns 421 for an RSET command when trying to start 690 another transaction in a session while sending mail, do 691 not trigger an internal consistency check. Problem found 692 by Allan E Johannesen of Worcester Polytechnic Institute. 693 If a server returns a 5xy error code (other than 501) in response 694 to a STARTTLS command despite the fact that it advertised 695 STARTTLS and that the code is not valid according to RFC 696 2487 treat it nevertheless as a permanent failure instead 697 of a protocol error (which has been changed to a 698 temporary error in 8.13.5). Problem reported by Jeff 699 A. Earickson of Colby College. 700 Clear SMTP state after a HELO/EHLO command. Patch from John 701 Myers of Proofpoint. 702 Observe MinQueueAge option when gathering entries from the queue 703 for sorting etc instead of waiting until the entries are 704 processed. Patch from Brian Fundakowski Feldman. 705 Set up TLS session cache to properly handle clients that try to 706 resume a stored TLS session. 707 Properly count the number of (direct) child processes such that 708 a configured value (MaxDaemonChildren) is not exceeded. 709 Based on patch from Attila Bruncsak. 710 LIBMILTER: Remove superfluous backslash in macro definition 711 (libmilter.h). Based on patch from Mike Kupfer of 712 Sun Microsystems. 713 LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets. 714 This generates an error message from libmilter on 715 Solaris, though other systems appear to just discard the 716 request silently. 717 LIBMILTER: Deal with sigwait(2) implementations that return 718 -1 and set errno instead of returning an error code 719 directly. Patch from Chris Adams of HiWAAY Informations 720 Services. 721 Portability: 722 Fix compilation checks for closefrom(3) and statvfs(2) 723 in NetBSD. Problem noted by S. Moonesamy, patch from 724 Andrew Brown. 725 7268.13.5/8.13.5 2005/09/16 727 Store the filesystem identifier of the df/ subdirectory (if it 728 exists) in an internal structure instead of the base 729 directory. This structure is used decide whether there 730 is enough free disk space when selecting a queue, hence 731 without this change queue selection could fail if a df/ 732 subdirectory exists and is on a different filesystem 733 than the base directory. 734 Use the queue index of the df file (instead of the qf file) for 735 checking whether a link(2) operation can be used to split 736 an envelope across queue groups. Problem found by 737 Werner Wiethege. 738 If the list of items in the queue is larger than the maximum 739 number of items to process, sort the queue first and 740 then cut the list off instead of the other way around. 741 Patch from Matej Vela of Rudjer Boskovic Institute. 742 Fix helpfile to show full entry for ETRN. Problem noted by 743 Penelope Fudd, patch from Neil Rickert of Northern Illinois 744 University. 745 FallbackSmartHost should also be tried on temporary errors. 746 From John Beck of Sun Microsystems. 747 When a server responds with 421 to the STARTTLS command then treat 748 it as a temporary error, not as protocol error. Problem 749 noted by Andrey J. Melnikoff. 750 Properly define two functions in libsm as static because their 751 prototype used static too. Patch from Peter Klein. 752 Fix syntax errors in helpfile for MAIL and RCPT commands. 753 LIBMILTER: When smfi_replacebody() is called with bodylen equals 754 zero then do not silently ignore that call. Patch from 755 Gurusamy Sarathy of Active State. 756 LIBMILTER: Recognize "421" also in a multi-line reply to terminate 757 the SMTP session with that error. Fix from Brian Kantor. 758 Portability: New option HASSNPRINTF which can be set if the OS 759 has a properly working snprintf(3) to get rid 760 of the last two (safe) sprintf(3) calls in the 761 source code. 762 Add support for AIX 5.3. 763 Add support for SunOS 5.11 (aka Solaris 11). 764 Add support for Darwin 8.x. Patch from Lyndon Nerenberg. 765 OpenBSD 3.7 has removed support for NETISO. 766 CONFIG: Add OSTYPE(freebsd6) for FreeBSD 6.X. 767 Set DontBlameSendmail to AssumeSafeChown and 768 GroupWritableDirPathSafe for OSTYPE(darwin). 769 Patch from Lyndon Nerenberg. 770 Some features still used 4.7.1 as enhanced status code which 771 was supposed to be eliminated in 8.13.0 because some 772 broken systems misinterpret it as a permanent error. 773 Patch from Matej Vela of Rudjer Boskovic Institute. 774 Some default values in a generated cf file did not match 775 the defaults in the sendmail binary. Problem noted 776 by Mike Pechkin. 777 New Files: 778 cf/ostype/freebsd6.m4 779 devtools/OS/AIX.5.3 780 devtools/OS/Darwin.8.x 781 devtools/OS/SunOS.5.11 782 include/sm/time.h 783 7848.13.4/8.13.4 2005/03/27 785 The bug fixes in 8.13.3 for connection handling uncovered a 786 different error which could result in connections that 787 stay in CLOSE_WAIT state due to a variable that was not 788 properly initialized. Problem noted by Michael Sims. 789 Deal with empty hostnames in hostsignature(). This bug could lead 790 to an endless loop when doing LMTP deliveries to another 791 host. Problem first reported by Martin Lathoud and 792 tracked down by Gael Roualland. 793 Make sure return parameters are initialized in getmxrr(). Problem 794 found by Gael Roualland using valgrind. 795 If shared memory is used and the RunAsUser option is set, then the 796 owner and group of the shared memory segment is set to 797 the ids specified RunAsUser and the access mode is set 798 to 0660 to allow for updates by sendmail processes. 799 The number of queue entries that is (optionally) kept in shared 800 memory was wrong in some cases, e.g., envelope splitting 801 and bounce generation. 802 Undo a change made in 8.13.0 to silently truncate long strings 803 in address rewriting because the message can be triggered 804 for header checks where long strings are legitimate. 805 Problem reported by Mary Verge DeSisto, and tracked 806 down with the help of John Beck of Sun Microsystems. 807 The internal stab map did not obey the -m flag. Patch from 808 Rob McMahon of Warwick University, England. 809 The socket map did not obey the -f flag. Problem noted by 810 Dan Ringdahl, forwarded by Andrzej Filip. 811 The addition of LDAP recursion in 8.13.0 broke enforcement of 812 the LDAP map -1 argument which tells the MTA to only 813 return success if and only if a single LDAP match is found. 814 Add additional error checks in the MTA for milter communication 815 to avoid a possible segmentation fault. Based on patch 816 by Joe Maimon. 817 Do not trigger an assertion if X509_digest() returns success but 818 does not assign a value to its output parameter. Based 819 on patch by Brian Kantor. 820 Add more checks when resetting internal AUTH data (applies only 821 to Cyrus SASL version 2). Otherwise an SMTP session might 822 be dropped after an AUTH failure. 823 Portability: 824 Add LA_LONGLONG as valid LA_TYPE type for systems that use 825 "long long" to read load average data, e.g., 826 AIX 5.1 in 32 bit mode. Note: this has to be set 827 "by hand", it is not (yet) automatically detected. 828 Problem noted by Burak Bilen. 829 Use socklen_t for accept(), etc. on AIX 5.x. This should 830 fix problems when compiling in 64 bit mode. 831 Problem first reported by Harry Meiert of 832 University of Bremen. 833 New Files: 834 include/sm/sem.h 835 libsm/sem.c 836 libsm/t-sem.c 837 8388.13.3/8.13.3 2005/01/11 839 Enhance handling of I/O errors, especially EOF, when STARTTLS 840 is active. 841 Make sure a connection is not reused after it has been closed 842 due to a 421 error. Problem found by Allan E Johannesen 843 of Worcester Polytechnic Institute. 844 Avoid triggering an assertion when sendmail is interrupted while 845 closing a connection. Problem found by Allan E Johannesen 846 of Worcester Polytechnic Institute. 847 Regression: a change in 8.13.2 caused sendmail not to try the 848 next MX host (or FallbackMXhost if configured) when, at 849 connection open, the current server returns a 4xy or 5xy 850 SMTP reply code. Problem noted by Mark Tranchant. 851 8528.13.2/8.13.2 2004/12/15 853 Do not split the first header even if it exceeds the internal 854 buffer size. Previously a part of such a header would 855 end up in the body of the message. Problem noted by 856 Simple Nomad of BindView. 857 Do not complain about "cataddr: string too long" when checking 858 headers that do not contain RFC 2822 addresses. 859 Problem noted by Rich Graves of Brandeis University. 860 If a server returns a 421 reply to the RSET command between 861 message deliveries, do not attempt to deliver any more 862 messages on that connection. This prevents bogus "Bad 863 file number" recipient status. Problem noted by 864 Allan E Johannesen of Worcester Polytechnic Institute. 865 Allow trailing white space in EHLO command as recommended by RFC 866 2821. Problem noted by Ralph Santagato of SBC Services. 867 Deal with clients which use AUTH but negotiate a smaller buffer size 868 for data exchanges than the value used by sendmail, e.g., 869 Cyrus IMAP lmtp server. Based on patch by Jamie Clark. 870 When passing ESMTP arguments for RCPT to a milter, do not cut 871 them off at a comma. Problem noted by Krzysztof Oledzki. 872 Add more logging to milter change header functions to 873 complement existing logging. Based on patch from 874 Gurusamy Sarathy of Active State. 875 Include <lber.h> in include/sm/config.h when LDAPMAP is defined. 876 Patch from Edgar Hoch of the University of Stuttgart. 877 Fix DNS lookup if IPv6 is enabled when converting an IP address 878 to a hostname for use with SASL. Problem noted by Ken Jones; 879 patch from Hajimu UMEMOTO. 880 CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog 881 mailer. Patch from John Beck of Sun Microsystems. 882 LIBMILTER: It was possible that xxfi_abort() was called after 883 xxfi_eom() for a message if some timeouts were triggered. 884 Patch from Alexey Kravchuk. 885 LIBMILTER: Slightly rearrange mutex use in listener.c to allow 886 different threads to call smfi_opensocket() and smfi_main(). 887 Patch from Jordan Ritter of Cloudmark. 888 MAIL.LOCAL: Properly terminate MBDB before exiting. Problem 889 noted by Nelson Fung. 890 MAIL.LOCAL: make strip-mail.local used a wrong path to access 891 mail.local. Problem noted by William Park. 892 VACATION: Properly terminate MBDB before exiting. Problem noted 893 by Nelson Fung. 894 Portability: 895 Add support for DragonFly BSD. 896 New Files: 897 cf/ostype/dragonfly.m4 898 devtools/OS/DragonFly 899 include/sm/os/sm_os_dragonfly.h 900 Deleted Files: 901 libsm/vsscanf.c 902 9038.13.1/8.13.1 2004/07/30 904 Using the default AliasFile ldap: specification would cause the 905 objectClasses of the LDAP response to be included in the 906 alias expansion. Problem noted by Brenden Conte of 907 Rensselaer Polytechnic Institute. 908 Fix support for a fallback smart host for system where DNS is 909 (partially) available. From John Beck of Sun Microsystems. 910 Fix SuperSafe=PostMilter behavior when a milter replaces a body 911 but the data file is not yet stored on disk because it is 912 smaller than the size of the memory buffer. Problem noted 913 by David Russell. 914 Fix certificate revocation list support; if a CRL was specified 915 but the other side presented a cert that was signed by 916 a different (trusted) CA than the one which issued the CRL, 917 verification would always fail. Problem noted by Al Smith. 918 Run mailer programs as the RunAsUser when RunAsUser is set and 919 the F=S mailer flag is set without a U= mailer equate. 920 Problem noted by John Gardiner Myers of Proofpoint. 921 ${nbadrcpts} was off by one if BadRcptThrottle is zero. 922 Patch from Sung-hoon Choi of DreamWiz Inc. 923 CONFIG: Emit a warning if FEATURE(`access_db') is used after 924 FEATURE(`greet_pause') because then the latter will not 925 use the access map. Note: if no default value is given 926 for FEATURE(`greet_pause') then it issues an error if 927 FEATURE(`access_db') is not specified before it. 928 Problem noted by Alexander Dalloz of University of 929 Bielefeld. 930 CONFIG: Invoke ruleset Local_greet_pause if FEATURE(`greet_pause') 931 is used to give more flexibility for local changes. 932 Portability: 933 Fix a 64 bit problem in the socket map code. Problem 934 noted by Geoff Adams. 935 NetBSD 2.0F has closefrom(3). Patch from Andrew Brown. 936 NetBSD can use sysctl(3) to get the number of CPUs in 937 a system. Patch from Andrew Brown. 938 Add a README file in doc/op/ to explain potential 939 incompatibilities with various *roff related 940 tools. Problem tracked down by Per Hedeland. 941 New Files: 942 doc/op/README 943 9448.13.0/8.13.0 2004/06/20 945 Do not include AUTH data in a bounce to avoid leaking confidential 946 information. See also cf/README about MSP and the section 947 "Providing SMTP AUTH Data when sendmail acts as Client". 948 Problem noted by Neil Rickert of Northern Illinois 949 University. 950 Fix compilation error in libsm/clock.c for -D_FFR_SLEEP_USE_SELECT=n 951 and -DSM_CONF_SETITIMER=0. Problem noted by Juergen Georgi 952 of RUS University of Stuttgart. 953 Fix bug in conversion from 8bit to quoted-printable. Problem found 954 by Christof Haerens, patch from Per Hedeland. 955 Add support for LDAP recursion based on types given to attribute 956 specifications in an LDAP map definition. This allows 957 LDAP queries to return a new query, a DN, or an LDAP 958 URL which will in turn be queried. See the ``LDAP 959 Recursion'' section of doc/op/op.me for more information. 960 Based on patch from Andrew Baucom. 961 Extend the default LDAP specifications for AliasFile 962 (O AliasFile=ldap:) and file classes (F{X}@LDAP) to 963 include support for LDAP recursion via new attributes. 964 See ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section 965 of cf/README for more information. 966 New option for LDAP maps: the -w option allows you to specify the 967 LDAP API/protocol version to use. The default depends on 968 the LDAP library. 969 New option for LDAP maps: the -H option allows you to specify an 970 LDAP URI instead of specifying the LDAP server via -h host 971 and -p port. This also allows for the use of LDAP over 972 SSL and connections via named sockets if your LDAP 973 library supports it. 974 New compile time flag SM_CONF_LDAP_INITIALIZE: set this if 975 ldap_initialize(3) is available (and LDAPMAP is set). 976 If MaxDaemonChildren is set and a command is repeated too often 977 during a SMTP session then terminate it just like it is 978 done for too many bad SMTP commands. 979 Basic connection rate control support has been added: the daemon 980 maintains the number of incoming connections per client 981 IP address and total in the macros {client_rate} and 982 {total_rate}, respectively. These macros can be used 983 in the cf file to impose connection rate limits. 984 A new option ConnectionRateWindowSize (default: 60s) 985 determines the length of the interval for which the 986 number of connections is stored. Based on patch from 987 Jose Marcio Martins da Cruz, Ecole des Mines de Paris. 988 Add optional protection from open proxies and SMTP slammers which 989 send SMTP traffic without waiting for the SMTP greeting. 990 If enabled by the new ruleset greet_pause (see 991 FEATURE(`greet_pause')), sendmail will wait the specified 992 amount of time before sending the initial 220 SMTP 993 greeting. If any traffic is received before then, a 554 994 SMTP response is sent and all SMTP commands are rejected 995 during that connection. 996 If 32 NOOP (or unknown/bad) commands are issued by a client the SMTP 997 server could sleep for a very long time. Fix based on 998 patch from Tadashi Kobayashi of IIJ. 999 Fix a potential memory leak in persistent queue runners if the 1000 number of entries in the queue exceeds the limit of jobs. 1001 Problem noted by Steve Hubert of University of Washington. 1002 Do not use 4.7.1 as enhanced status code because some broken systems 1003 misinterpret it as a permanent error. 1004 New value for SuperSafe: PostMilter which will delay fsync() until 1005 all milters accepted the mail. This can increase 1006 performance if many mails are rejected by milters due to 1007 body scans. Based on patch from David F. Skoll. 1008 New macro {msg_id} which contains the value of the Message-Id: 1009 header, whether provided by the client or generated by 1010 sendmail. 1011 New macro {client_connections} which contains the number of open 1012 connections in the SMTP server for the client IP address. 1013 Based on patch from Jose Marcio Martins da Cruz, Ecole des 1014 Mines de Paris. 1015 sendmail will now remove its pidfile when it exits. This was done 1016 to prevent confusion caused by running sendmail stop 1017 scripts two or more times, where the second and subsequent 1018 runs would report misleading error messages about sendmail's 1019 pid no longer existing. See section 1.3.15 of doc/op/op.me 1020 for a discussion of the implications of this, including 1021 how to correct broken scripts which may have depended on 1022 the old behavior. From John Beck of Sun Microsystems. 1023 Support per-daemon input filter lists which override the default 1024 filter list specified in InputMailFilters. The filters 1025 can be listed in the I= equate of DaemonPortOptions. 1026 Do not add all domain prefixes of the hostname to class 'w'. If 1027 your configuration relies on this behavior, you have to 1028 add those names to class 'w' yourself. Problem noted 1029 by Sander Eerkes. 1030 Support message quarantining in the mail queue. Quarantined 1031 messages are not run on normal queue displays or runs 1032 unless specifically requested with -qQ. Quarantined queue 1033 files are named with an hf prefix instead of a qf prefix. 1034 The -q command line option now can specify which queue to display 1035 or run. -qQ operates on quarantined queue items. -qL 1036 operates on lost queue items. 1037 Restricted mail queue runs and displays can be done based on the 1038 quarantined reason using -qQtext to run or display 1039 quarantined items if the quarantine reason contains the 1040 given text. Similarly, -q!Qtext will run or display 1041 quarantined items which do not have the given text in the 1042 quarantine reason. 1043 Items in the queue can be quarantined or unquarantined using the 1044 new -Q option. See doc/op/op.me for more information. 1045 When displaying the quarantine mailq with 'mailq -qQ', the 1046 quarantine reason is shown in a new line prefixed by 1047 "QUARANTINE:". 1048 A new error code for the $#error mailer, $@ quarantine, can be used 1049 to quarantine messages in check_* (except check_compat) and 1050 header check rulesets. The $: of the mailer triplet will 1051 be used for the quarantine reason. 1052 Add a new quarantine count to the mailstats collected. 1053 Add a new macro ${quarantine} which is the quarantine reason for a 1054 message if it is quarantined. 1055 New map type "socket" for a trivial query protocol over UNIX domain 1056 or TCP sockets (requires compile time option SOCKETMAP). 1057 See sendmail/README and doc/op/op.me for details as well as 1058 socketmapServer.pl and socketmapClient.pl in contrib. 1059 Code donated by Bastiaan Bakker of LifeLine Networks. 1060 Define new macro ${client_ptr} which holds the result of the PTR 1061 lookup for the client IP address. Note: this is the same 1062 as ${client_name} if and only if ${client_resolve} is OK. 1063 Add a new macro ${nbadrcpts} which contains the number of bad 1064 recipients received so far in a transaction. 1065 Call check_relay with the value of ${client_name} to deal with bogus 1066 DNS entries. See also FEATURE(`use_client_ptr'). Problem 1067 noted by Kai Schlichting. 1068 Treat Delivery-Receipt-To: headers the same as Return-Receipt-To: 1069 headers (turn them into DSNs). Delivery-Receipt-To: is 1070 apparently used by SIMS (Sun Internet Mail System). 1071 Enable connection caching for LPC mailers. Patch from Christophe 1072 Wolfhugel of France Telecom Oleane. 1073 Do not silently truncate long strings in address rewriting. 1074 Add support for Cyrus SASL version 2. From Kenneth Murchison of 1075 Oceana Matrix Ltd. 1076 Add a new AuthOption=m flag to require the use of mechanisms which 1077 support mutual authentication. From Kenneth Murchison of 1078 Oceana Matrix Ltd. 1079 Fix logging of TLS related problems (introduced in 8.12.11). 1080 The macros {auth_author} and {auth_authen} are stored in xtext 1081 format just like the STARTTLS related macros to avoid 1082 problems with parsing them. Problem noted by Pierangelo 1083 Masarati of SysNet s.n.c. 1084 New option AuthRealm to set the authentication realm that is 1085 passed to the Cyrus SASL library. Patch from Gary Mills 1086 of the University of Manitoba. 1087 Enable AUTH mechanism EXTERNAL if STARTTLS verification was 1088 successful, otherwise relaying would be allowed if 1089 EXTERNAL is listed in TRUST_AUTH_MECH() and STARTTLS 1090 is active. 1091 Add basic support for certificate revocation lists. Note: if a 1092 CRLFile is specified but the file is unusable, STARTTLS 1093 is disabled. Based on patch by Ralf Hornik. 1094 Enable workaround for inconsistent Cyrus SASLv1 API for mechanisms 1095 DIGEST-MD5 and LOGIN. 1096 Write pid to file also if sendmail only acts as persistent queue 1097 runner. Proposed by Gary Mills of the University of Manitoba. 1098 Keep daemon pid file(s) locked so other daemons don't try to 1099 overwrite each other's pid files. 1100 Increase maximum length of logfile fields for {cert_subject} and 1101 {cert_issuer} from 128 to 256. Requested by Christophe 1102 Wolfhugel of France Telecom. 1103 Log the TLS verification message on the STARTTLS= log line at 1104 LogLevel 12 or higher. 1105 If the MSP is invoked with the verbose option (-v) then it will 1106 try to use the SMTP command VERB to propagate this option 1107 to the MTA which in turn will show the delivery just like 1108 it was done before the default 8.12 separation of MSP and 1109 MTA. Based on patch by Per Hedeland. 1110 If a daemon is refusing connections for longer than the time specified 1111 by the new option RejectLogInterval (default: 3 hours) due 1112 to high load, log this information. Patch from John Beck 1113 of Sun Microsystems. 1114 Remove the ability for non-trusted users to raise the value of 1115 CheckpointInterval on the command line. 1116 New mailer flag 'B' to strip leading backslashes, which is a 1117 subset of the functionality of the 's' flag. 1118 New mailer flag 'W' to ignore long term host status information. 1119 Patch from Juergen Georgi of RUS University of Stuttgart. 1120 Enable generic mail filter API (milter) by default. To turn 1121 it off, add -DMILTER=0 to the compile time options. 1122 An internal SMTP session discard flag was lost after an RSET/HELO/EHLO 1123 causing subsequent messages to be sent instead of being 1124 discarded. This also caused milter callbacks to be called 1125 out of order after the SMTP session was reset. 1126 New option RequiresDirfsync to turn off the compile time flag 1127 REQUIRES_DIR_FSYNC at runtime. See sendmail/README for 1128 further information. 1129 New command line option -D logfile to send debug output to 1130 the indicated log file instead of stdout. 1131 Add Timeout.queuereturn.dsn and Timeout.queuewarn.dsn to control 1132 queue return and warning times for delivery status 1133 notifications. 1134 New queue sort order option: 'n'one for not sorting the queue entries 1135 at all. 1136 Several more return values for ruleset srv_features have been added 1137 to enable/disable certain features in the server per 1138 connection. See doc/op/op.me for details. 1139 Support for SMTP over SSL (smtps), activated by Modifier=s 1140 for DaemonPortOptions. 1141 Continue with DNS lookups on ECONNREFUSED and TRY_AGAIN when 1142 trying to canonify hostnames. Suggested by Neil Rickert 1143 of Northern Illinois University. 1144 Add support for a fallback smart host (option FallbackSmartHost) to 1145 be tried as a last resort after all other fallbacks. This 1146 is designed for sites with partial DNS (e.g., an accurate 1147 view of inside the company, but an incomplete view of 1148 outside). From John Beck of Sun Microsystems. 1149 Enable timeout for STARTTLS even if client does not start the TLS 1150 handshake. Based on patch by Andrey J. Melnikoff. 1151 Remove deprecated -v option for PH map, use -k instead. Patch from 1152 Mark Roth of the University of Illinois at Urbana-Champaign. 1153 libphclient is version 1.2.x by default, if version 1.1.x is required 1154 then compile with -DNPH_VERSION=10100. Patch from Mark Roth 1155 of the University of Illinois at Urbana-Champaign. 1156 Add Milter.macros.eom, allowing macros to be sent to milter 1157 applications for use in the xxfi_eom() callback. 1158 New macro {time} which contains the output of the time(3) function, 1159 i.e., the number of seconds since 0 hours, 0 minutes, 1160 0 seconds, January 1, 1970, Coordinated Universal Time (UTC). 1161 If check_relay sets the reply code to "421" the SMTP server will 1162 terminate the SMTP session with a 421 error message. 1163 Get rid of dead code that tried to access the environment variable 1164 HOSTALIASES. 1165 Deprecate the use of ErrorMode=write. To enable this in 8.13 1166 compile with -DUSE_TTYPATH=1. 1167 Header check rulesets using $>+ (do not strip comments) will get 1168 the header value passed in without balancing quotes, 1169 parentheses, and angle brackets. Based on patch from 1170 Oleg Bulyzhin. 1171 Do not complain and fix up unbalanced quotes, parentheses, and 1172 angle brackets when reading in rulesets. This allows 1173 rules to be written for header checks to catch strings 1174 that contain quotes, parentheses, and/or angle brackets. 1175 Based on patch from Oleg Bulyzhin. 1176 Do not close socket when accept(2) in the daemon encounters 1177 some temporary errors like ECONNABORTED. 1178 Added list of CA certificates that are used by members of the 1179 sendmail consortium, see CACerts. 1180 Portability: 1181 Two new compile options have been added: 1182 HASCLOSEFROM System has closefrom(3). 1183 HASFDWALK System has fdwalk(3). 1184 Based on patch from John Beck of Sun Microsystems. 1185 The Linux kernel version 2.4 series has a broken flock() so 1186 change to using fcntl() locking until they can fix 1187 it. Be sure to update other sendmail related 1188 programs to match locking techniques. 1189 New compile time option NEEDINTERRNO which should be set 1190 if <errno.h> does not declare errno itself. 1191 Support for UNICOS/mk and UNICOS/mp added, some changes for 1192 UNICOS. Patches contributed by Aaron Davis and 1193 Brian Ginsbach, Cray Inc., and Manu Mahonen of 1194 Center for Scientific Computing. 1195 Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther). 1196 Extend support to Darwin 7.x/Mac OS X 10.3 (a.k.a. Panther). 1197 Remove path from compiler definition for Interix because 1198 Interix 3.0 and 3.5 put gcc in different locations. 1199 Also use <sys/mkdev.h> to get the correct 1200 major()/minor() definitions. Based on feedback 1201 from Mark Funkenhauser. 1202 CONFIG: Add support for LDAP recursion to the default LDAP searches 1203 for maps via new attributes. See the ``USING LDAP FOR 1204 ALIASES, MAPS, and CLASSES'' section of cf/README and 1205 cf/sendmail.schema for more information. 1206 CONFIG: Make sure confTRUSTED_USER is valid even if confRUN_AS_USER 1207 is of the form "user:group" when used for submit.mc. 1208 Problem noted by Carsten P. Gehrke, patch from Neil Rickert 1209 of Northern Illinois University. 1210 CONFIG: Add a new access DB value of QUARANTINE:reason which 1211 instructs the check_* (except check_compat) to quarantine 1212 the message using the given reason. 1213 CONFIG: Use "dns -R A" as map type for dnsbl (just as for enhdnsbl) 1214 instead of "host" to avoid problem with looking up other 1215 DNS records than just A. 1216 CONFIG: New option confCONNECTION_RATE_WINDOW_SIZE to define the 1217 length of the interval for which the number of incoming 1218 connections is maintained. 1219 CONFIG: New FEATURE(`ratecontrol') to set the limits for connection 1220 rate control for individual hosts or nets. 1221 CONFIG: New FEATURE(`conncontrol') to set the limits for the 1222 number of open SMTP connections for individual hosts or nets. 1223 CONFIG: New FEATURE(`greet_pause') enables open proxy and SMTP 1224 slamming protection described above. The feature can 1225 take an argument specifying the milliseconds to wait and/or 1226 use the access database to look the pause time based on 1227 client hostname, domain, IP address, or subnet. 1228 CONFIG: New FEATURE(`use_client_ptr') to have check_relay use 1229 $&{client_ptr} as its first argument. This is useful for 1230 rejections based on the unverified hostname of client, 1231 which turns on the same behavior as in earlier sendmail 1232 versions when delay_checks was not in use. See also entry 1233 above about check_relay being invoked with ${client_name}. 1234 CONFIG: New option confREJECT_LOG_INTERVAL to specify the log 1235 interval when refusing connections for this long. 1236 CONFIG: Remove quotes around usage of confREJECT_MSG; in some cases 1237 this requires a change in a mc file. Requested by 1238 Ted Roberts of Electronic Data Systems. 1239 CONFIG: New option confAUTH_REALM to set the authentication realm 1240 that is passed to the Cyrus SASL library. Patch from 1241 Gary Mills of the University of Manitoba. 1242 CONFIG: Rename the (internal) classes {tls}/{src} to {Tls}/{Src} 1243 to follow the naming conventions. 1244 CONFIG: Add a third optional argument to local_lmtp to specify 1245 the A= argument. 1246 CONFIG: Remove the f flag from the default mailer flags of 1247 local_lmtp. 1248 CONFIG: New option confREQUIRES_DIR_FSYNC to turn off the compile 1249 time flag REQUIRES_DIR_FSYNC at runtime. 1250 CONFIG: New LOCAL_UUCP macro to insert rules into the generated 1251 cf file at the same place where MAILER(`uucp') inserts 1252 its rules. 1253 CONFIG: New options confTO_QUEUERETURN_DSN and confTO_QUEUEWARN_DSN 1254 to control queue return and warning times for delivery 1255 status notifications. 1256 CONFIG: New option confFALLBACK_SMARTHOST to define FallbackSmartHost. 1257 CONFIG: Add the mc file which has been used to create the cf 1258 file to the end of the cf file when using make in cf/cf/. 1259 Patch from Richard Rognlie. 1260 CONFIG: FEATURE(nodns) has been removed, it was a no-op since 8.9. 1261 Use ServiceSwitchFile to turn off DNS lookups, see 1262 doc/op/op.me. 1263 CONFIG: New option confMILTER_MACROS_EOM (sendmail Milter.macros.eom 1264 option) defines macros to be sent to milter applications for 1265 use in the xxfi_eom() callback. 1266 CONFIG: New option confCRL to specify file which contains 1267 certificate revocations lists. 1268 CONFIG: Add a new value (sendertoo) for the third argument to 1269 FEATURE(`ldap_routing') which will reject the SMTP 1270 MAIL From: command if the sender address doesn't exist 1271 in LDAP. See cf/README for more information. 1272 CONFIG: Add a fifth argument to FEATURE(`ldap_routing') which 1273 instructs the rulesets on whether or not to do a domain 1274 lookup if a full address lookup doesn't match. See cf/README 1275 for more information. 1276 CONFIG: Add a sixth argument to FEATURE(`ldap_routing') which 1277 instructs the rulesets on whether or not to queue the mail 1278 or give an SMTP temporary error if the LDAP server can't be 1279 reached. See cf/README for more information. Based on 1280 patch from Billy Ray Miller of Caterpillar. 1281 CONFIG: Experimental support for MTAMark, see cf/README for details. 1282 CONFIG: New option confMESSAGEID_HEADER to define a different 1283 Message-Id: header format. Patch from Bastiaan Bakker 1284 of LifeLine Networks. 1285 CONTRIB: New version of cidrexpand which uses Net::CIDR. From 1286 Derek J. Balling. 1287 CONTRIB: oldbind.compat.c has been removed due to security problems. 1288 Found by code inspection done by Reasoning, Inc. 1289 DEVTOOLS: Add an example file for devtools/Site/, contributed 1290 by Neil Rickert of Northern Illinois University. 1291 LIBMILTER: Add new function smfi_quarantine() which allows the 1292 filter's EOM routine to quarantine the current message. 1293 Filters which use this function must include the 1294 SMFIF_QUARANTINE flag in the registered smfiDesc structure. 1295 LIBMILTER: If a milter sets the reply code to "421", the SMTP server 1296 will terminate the SMTP session with that error. 1297 LIBMILTER: Upon filter shutdown, libmilter will not remove a 1298 named socket in the file system if it is running as root. 1299 LIBMILTER: Add new function smfi_progress() which allows the filter 1300 to notify the MTA that an EOM operation is still in progress, 1301 resetting the timeout. 1302 LIBMILTER: Add new function smfi_opensocket() which allows the filter 1303 to attempt to establish the interface socket, and detect 1304 failure to do so before calling smfi_main(). 1305 LIBMILTER: Add new function smfi_setmlreply() which allows the 1306 filter to return a multi-line SMTP reply. 1307 LIBMILTER: Deal with more temporary errors in accept() by ignoring 1308 them instead of stopping after too many occurred. 1309 Suggested by James Carlson of Sun Microsystems. 1310 LIBMILTER: Fix a descriptor leak in the sample program found in 1311 docs/sample.html. Reported by Dmitry Adamushko. 1312 LIBMILTER: The sample program also needs to use SMFIF_ADDRCPT. 1313 Reported by Carl Byington of 510 Software Group. 1314 LIBMILTER: Document smfi_stop() and smfi_setdbg(). Patches 1315 from Bryan Costales. 1316 LIBMILTER: New compile time option SM_CONF_POLL; define this if 1317 poll(2) should be used instead of select(2). 1318 LIBMILTER: New function smfi_insheader() and related protocol 1319 amendments to support header insertion operations. 1320 MAIL.LOCAL: Add support for hashed mail directories, see 1321 mail.local/README. Contributed by Chris Adams of HiWAAY 1322 Informations Services. 1323 MAILSTATS: Display quarantine message counts. 1324 MAKEMAP: Add new flag -D to specify the comment character to use 1325 instead of '#'. 1326 VACATION: Add new flag -j to auto-respond to messages regardless of 1327 whether or not the recipient is listed in the To: or Cc: 1328 headers. 1329 VACATION: Add new flag -R to specify the envelope sender address 1330 for the auto-response message. 1331 New Files: 1332 CACerts 1333 cf/feature/conncontrol.m4 1334 cf/feature/greet_pause.m4 1335 cf/feature/mtamark.m4 1336 cf/feature/ratecontrol.m4 1337 cf/feature/use_client_ptr.m4 1338 cf/ostype/unicos.m4 1339 cf/ostype/unicosmk.m4 1340 cf/ostype/unicosmp.m4 1341 contrib/socketmapClient.pl 1342 contrib/socketmapServer.pl 1343 devtools/OS/Darwin.7.0 1344 devtools/OS/UNICOS-mk 1345 devtools/OS/UNICOS-mp 1346 devtools/Site/site.config.m4.sample 1347 include/sm/os/sm_os_unicos.h 1348 include/sm/os/sm_os_unicosmk.h 1349 include/sm/os/sm_os_unicosmp.h 1350 libmilter/docs/smfi_insheader.html 1351 libmilter/docs/smfi_progress.html 1352 libmilter/docs/smfi_quarantine.html 1353 libmilter/docs/smfi_setdbg.html 1354 libmilter/docs/smfi_setmlreply.html 1355 libmilter/docs/smfi_stop.html 1356 sendmail/ratectrl.c 1357 Deleted Files: 1358 cf/feature/nodns.m4 1359 contrib/oldbind.compat.c 1360 devtools/OS/CRAYT3E.2.0.x 1361 devtools/OS/CRAYTS.10.0.x 1362 libsm/vsprintf.c 1363 Renamed Files: 1364 devtools/OS/Darwin.7.0 => devtools/OS/Darwin.7.x 1365 13668.12.11/8.12.11 2004/01/18 1367 Use QueueFileMode when opening qf files. This error was a 1368 regression in 8.12.10. Problem detected and diagnosed 1369 Lech Szychowski of the Polish Power Grid Company. 1370 Properly count the number of queue runners in a work group and 1371 make sure the total limit of MaxQueueChildren is not 1372 exceeded. Based on patch from Takayuki Yoshizawa of 1373 Techfirm, Inc. 1374 Take care of systems that can generate time values where the 1375 seconds can exceed the usual range of 0 to 59. 1376 Problem noted by Randy Diffenderfer of EDS. 1377 Avoid regeneration of identical queue identifiers by processes 1378 whose process id is the same as that of the initial 1379 sendmail process that was used to start the daemon. 1380 Problem noted by Randy Diffenderfer of EDS. 1381 When a milter invokes smfi_delrcpt() compare the supplied 1382 recipient address also against the printable addresses 1383 of the current list to deal with rewritten addresses. 1384 Based on patch from Sean Hanson of The Asylum. 1385 BadRcptThrottle now also works for addresses which return the 1386 error mailer, e.g., virtusertable entries with the 1387 right hand side error:. Patch from Per Hedeland. 1388 Fix printing of 8 bit characters as octals in log messages. 1389 Based on patch by Andrey J. Melnikoff. 1390 Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit 1391 text that has been introduced in 8.12.3. There are some 1392 examples where the new code fails, but the old code works. 1393 To get the 8.12.3-8.12.10 version, compile sendmail with 1394 -DMIME7TO8_OLD=0. If you have an example of improper 1395 7 to 8 bit conversion please send it to us. 1396 Return normal error code for unknown SMTP commands instead of 1397 the one specified by check_relay or a milter for a 1398 connection. Problem noted by Andrzej Filip. 1399 Some ident responses contain data after the terminating CRLF which 1400 causes sendmail to log "POSSIBLE ATTACK...newline in string". 1401 To avoid this everything after LF is ignored. 1402 If the operating system supports O_EXLOCK and HASFLOCK is set 1403 then a possible race condition for creating qf files 1404 can be avoided. Note: the race condition does not 1405 exist within sendmail, but between sendmail and an 1406 external application that accesses qf files. 1407 Log the proper options name for TLS related mising files for 1408 the CACertPath, CACertFile, and DHParameters options. 1409 Do not split an envelope if it will be discarded, otherwise df 1410 files could be left behind. Problem found by Wolfgang 1411 Breyha. 1412 The use of the environment variables HOME and HOSTALIASES has been 1413 deprecated and will be removed in version 8.13. This only 1414 effects configuration which preserve those variable via the 1415 'E' command in the cf file as sendmail clears out its entire 1416 environment. 1417 Portability: 1418 Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther). 1419 Solaris 10 has unsetenv(), patch from Craig Mohrman of 1420 Sun Microsystems. 1421 LIBMILTER: Add extra checks in case a broken MTA sends bogus data 1422 to libmilter. Based on code review by Rob Grzywinski. 1423 SMRSH: Properly assemble commands that contain '&&' or '||'. 1424 Problem noted by Eric Lee of Talking Heads. 1425 New Files: 1426 devtools/OS/Darwin.7.0 1427 14288.12.10/8.12.10 2003/09/24 (Released: 2003/09/17) 1429 SECURITY: Fix a buffer overflow in address parsing. Problem 1430 detected by Michal Zalewski, patch from Todd C. Miller 1431 of Courtesan Consulting. 1432 Fix a potential buffer overflow in ruleset parsing. This problem 1433 is not exploitable in the default sendmail configuration; 1434 only if non-standard rulesets recipient (2), final (4), or 1435 mailer-specific envelope recipients rulesets are used then 1436 a problem may occur. Problem noted by Timo Sirainen. 1437 Accept 0 (and 0/0) as valid input for set MaxMimeHeaderLength. 1438 Problem noted by Thomas Schulz. 1439 Add several checks to avoid (theoretical) buffer over/underflows. 1440 Properly count message size when performing 7->8 or 8->7 bit MIME 1441 conversions. Problem noted by Werner Wiethege. 1442 Properly compute message priority based on size of entire message, 1443 not just header. Problem noted by Axel Holscher. 1444 Reset SevenBitInput to its configured value between SMTP 1445 transactions for broken clients which do not properly 1446 announce 8 bit data. Problem noted by Stefan Roehrich. 1447 Set {addr_type} during queue runs when processing recipients. 1448 Based on patch from Arne Jansen. 1449 Better error handling in case of (very unlikely) queue-id conflicts. 1450 Perform better error recovery for address parsing, e.g., when 1451 encountering a comment that is too long. Problem noted by 1452 Tanel Kokk, Union Bank of Estonia. 1453 Add ':' to the allowed character list for bogus HELO/EHLO 1454 checking. It is used for IPv6 domain literals. Patch from 1455 Iwaizako Takahiro of FreeBit Co., Ltd. 1456 Reset SASL connection context after a failed authentication attempt. 1457 Based on patch from Rob Siemborski of CMU. 1458 Check Berkeley DB compile time version against run time version 1459 to make sure they match. 1460 Do not attempt AAAA (IPv6) DNS lookups if IPv6 is not enabled 1461 in the kernel. 1462 When a milter adds recipients and one of them causes an error, 1463 do not ignore the other recipients. Problem noted by 1464 Bart Duchesne. 1465 CONFIG: Use specified SMTP error code in mailertable entries which 1466 lack a DSN, i.e., "error:### Text". Problem noted by 1467 Craig Hunt. 1468 CONFIG: Call Local_trust_auth with the correct argument. Patch 1469 from Jerome Borsboom. 1470 CONTRIB: Better handling of temporary filenames for doublebounce.pl 1471 and expn.pl to avoid file overwrites, etc. Patches from 1472 Richard A. Nelson of Debian and Paul Szabo. 1473 MAIL.LOCAL: Fix obscure race condition that could lead to an 1474 improper mailbox truncation if close() fails after the 1475 mailbox is fsync()'ed and a new message is delivered 1476 after the close() and before the truncate(). 1477 MAIL.LOCAL: If mail delivery fails, do not leave behind a 1478 stale lockfile (which is ignored after the lock timeout). 1479 Patch from Oleg Bulyzhin of Cronyx Plus LLC. 1480 Portability: 1481 Port for AIX 5.2. Thanks to Steve Hubert of University 1482 of Washington for providing access to a computer 1483 with AIX 5.2. 1484 setreuid(2) works on OpenBSD 3.3. Patch from 1485 Todd C. Miller of Courtesan Consulting. 1486 Allow for custom definition of SMRSH_CMDDIR and SMRSH_PATH 1487 on all operating systems. Patch from Robert Harker 1488 of Harker Systems. 1489 Use strerror(3) on Linux. If this causes a problem on 1490 your Linux distribution, compile with 1491 -DHASSTRERROR=0 and tell sendmail.org about it. 1492 Added Files: 1493 devtools/OS/AIX.5.2 1494 14958.12.9/8.12.9 2003/03/29 1496 SECURITY: Fix a buffer overflow in address parsing due to 1497 a char to int conversion problem which is potentially 1498 remotely exploitable. Problem found by Michal Zalewski. 1499 Note: an MTA that is not patched might be vulnerable to 1500 data that it receives from untrusted sources, which 1501 includes DNS. 1502 To provide partial protection to internal, unpatched sendmail MTAs, 1503 8.12.9 changes by default (char)0xff to (char)0x7f in 1504 headers etc. To turn off this conversion compile with 1505 -DALLOW_255 or use the command line option -d82.101. 1506 To provide partial protection for internal, unpatched MTAs that may be 1507 performing 7->8 or 8->7 bit MIME conversions, the default 1508 for MaxMimeHeaderLength has been changed to 2048/1024. 1509 Note: this does have a performance impact, and it only 1510 protects against frontal attacks from the outside. 1511 To disable the checks and return to pre-8.12.9 defaults, 1512 set MaxMimeHeaderLength to 0/0. 1513 Do not complain about -ba when submitting mail. Problem noted 1514 by Derek Wueppelmann. 1515 Fix compilation with Berkeley DB 1.85 on systems that do not 1516 have flock(2). Problem noted by Andy Harper of Kings 1517 College London. 1518 Properly initialize data structure for dns maps to avoid various 1519 errors, e.g., looping processes. Problem noted by 1520 Maurice Makaay of InterNLnet B.V. 1521 CONFIG: Prevent multiple application of rule to add smart host. 1522 Patch from Andrzej Filip. 1523 CONFIG: Fix queue group declaration in MAILER(`usenet'). 1524 CONTRIB: buildvirtuser: New option -t builds the virtusertable 1525 text file instead of the database map. 1526 Portability: 1527 Revert wrong change made in 8.12.7 and actually use the 1528 builtin getopt() version in sendmail on Linux. 1529 This can be overridden by using -DSM_CONF_GETOPT=0 1530 in which case the OS supplied version will be used. 1531 15328.12.8/8.12.8 2003/02/11 1533 SECURITY: Fix a remote buffer overflow in header parsing by 1534 dropping sender and recipient header comments if the 1535 comments are too long. Problem noted by Mark Dowd 1536 of ISS X-Force. 1537 Fix a potential non-exploitable buffer overflow in parsing the 1538 .cf queue settings and potential buffer underflow in 1539 parsing ident responses. Problem noted by Yichen Xie of 1540 Stanford University Compilation Group. 1541 Fix ETRN #queuegroup command: actually start a queue run for 1542 the selected queue group. Problem noted by Jos Vos. 1543 If MaxMimeHeaderLength is set and a malformed MIME header is fixed, 1544 log the fixup as "Fixed MIME header" instead of "Truncated 1545 MIME header". Problem noted by Ian J Hart. 1546 CONFIG: Fix regression bug in proto.m4 that caused a bogus 1547 error message: "FEATURE() should be before MAILER()". 1548 MAIL.LOCAL: Be more explicit in some error cases, i.e., whether 1549 a mailbox has more than one link or whether it is not 1550 a regular file. Patch from John Beck of Sun Microsystems. 1551 15528.12.7/8.12.7 2002/12/29 1553 Properly clean up macros to avoid persistence of session data 1554 across various connections. This could cause session 1555 oriented restrictions, e.g., STARTTLS requirements, 1556 to erroneously allow a connection. Problem noted 1557 by Tim Maletic of Priority Health. 1558 Do not lookup MX records when sorting the MSP queue. The MSP 1559 only needs to relay all mail to the MTA. Problem found 1560 by Gary Mills of the University of Manitoba. 1561 Do not restrict the length of connection information to 100 1562 characters in some logging statements. Problem noted by 1563 Erik Parker. 1564 When converting an enhanced status code to an exit status, use 1565 EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5 1566 is used. 1567 Reset macro $x when receiving another MAIL command. Problem 1568 noted by Vlado Potisk of Wigro s.r.o. 1569 Don't bother setting the permissions on the build area statistics 1570 file, the proper permissions will be put on the file at 1571 install time. This fixes installation over NFS for some 1572 users. Problem noted by Martin J. Dellwo of 3-Dimensional 1573 Pharmaceuticals, Inc. 1574 Fix problem of decoding SASLv2 encrypted data. Problem noted by 1575 Alex Deiter of Mobile TeleSystems, Komi Republic. 1576 Log milter socket open errors at MilterLogLevel 1 or higher instead 1577 of 11 or higher. 1578 Print early system errors to the console instead of silently 1579 exiting. Problem noted by James Jong of IBM. 1580 Do not process a queue group if Runners is set to 0, regardless 1581 of whether F=f or sendmail is run in verbose mode (-v). 1582 The use of -qGname will still force queue group "name" 1583 to be run even if Runners=0. 1584 Change the level for logging the fact that a daemon is refusing 1585 connections due to high load from LOG_INFO to LOG_NOTICE. 1586 Patch from John Beck of Sun Microsystems. 1587 Use location information for submit.cf from NetInfo 1588 (/locations/sendmail/submit.cf) if available. 1589 Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by 1590 Neil Rickert of Northern Illinois University. 1591 Make behavior of /canon in debug mode consistent with usage in 1592 rulesets. Patch from Shigeno Kazutaka of IIJ. 1593 Fix a potential memory leak in envelope splitting. Problem noted 1594 by John Majikes of IBM. 1595 Do not try to share an mailbox database LDAP connection across 1596 different processes. Problem noted by Randy Kunkee. 1597 Fix logging for undelivered recipients when the SMTP connection 1598 times out during message collection. Problem noted by Neil 1599 Rickert of Northern Illinois University. 1600 Avoid problems with QueueSortOrder=random due to problems with 1601 qsort() on Solaris (and maybe some other operating systems). 1602 Problem noted by Stephan Schulz of Gruner+Jahr.. 1603 If -f "" is specified, set the sender address to "<>". Problem 1604 noted by Matthias Andree. 1605 Fix formatting problem of footnotes for plain text output on some 1606 versions of tmac. Patch from Per Hedeland. 1607 Portability: 1608 Berkeley DB 4.1 support (requires at least 4.1.25). 1609 Some getopt(3) implementations in GNU/Linux are broken 1610 and pass a NULL pointer to an option which requires 1611 an argument, hence the builtin version of 1612 sendmail is used instead. This can be overridden 1613 by using -DSM_CONF_GETOPT=0. Problem noted by 1614 Vlado Potisk of Wigro s.r.o. 1615 Support for nph-1.2.0 from Mark D. Roth of the University 1616 of Illinois at Urbana-Champaign. 1617 Support for FreeBSD 5.0's MAC labeling from Robert Watson 1618 of the TrustedBSD Project. 1619 Support for reading the number of processors on an IRIX 1620 system from Michel Bourget of SGI. 1621 Support for UnixWare 7.1 based on input from Larry Rosenman. 1622 Interix support from Nedelcho Stanev of Atlantic Sky 1623 Corporation. 1624 Update Mac OS X/Darwin portability from Wilfredo Sanchez. 1625 CONFIG: Enforce tls_client restrictions even if delay_checks 1626 is used. Problem noted by Malte Starostik. 1627 CONFIG: Deal with an empty hostname created via bogus 1628 DNS entries to get around access restrictions. 1629 Problem noted by Kai Schlichting. 1630 CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default 1631 to avoid problems with hostname resolution for localhost 1632 which on many systems does not resolve to 127.0.0.1 (or 1633 ::1 for IPv6). If you do not use IPv4 but only IPv6 then 1634 you need to change submit.mc accordingly, see the comment 1635 in the file itself. 1636 CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid 1637 error messages from initgroups(3) on AIX 4.3 when sending 1638 mail to non-existing users. Problem noted by Mark Roth of 1639 the University of Illinois at Urbana-Champaign. 1640 CONFIG: Allow local_procmail to override local_lmtp settings. 1641 CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to 1642 relay. 1643 CONTRIB: cidrexpand: Deal with the prefix tags that may be included 1644 in access_db. 1645 CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell. 1646 LIBMILTER: On Solaris libmilter may get into an endless loop if 1647 an error in the communication from/to the MTA occurs. 1648 Patch from Gurusamy Sarathy of Active State. 1649 LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64. 1650 Patch from from Jose Marcio Martins da Cruz of Ecole 1651 Nationale Superieure des Mines de Paris. 1652 MAIL.LOCAL: Fix a truncation race condition if the close() on 1653 the mailbox fails. Problem noted by Tomoko Fukuzawa of 1654 Sun Microsystems. 1655 MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3) 1656 fails. Patch from John Beck of Sun Microsystems. 1657 SMRSH: SECURITY: Only allow regular files or symbolic links to be 1658 used for a command. Problem noted by David Endler of 1659 iDEFENSE, Inc. 1660 New Files: 1661 devtools/OS/Interix 1662 include/sm/bdb.h 1663 16648.12.6/8.12.6 2002/08/26 1665 Do not add the FallbackMXhost (or its MX records) to the list 1666 returned by the bestmx map when -z is used as option. 1667 Otherwise sendmail may act as an open relay if FallbackMXhost 1668 and FEATURE(`relay_based_on_MX') are used together. 1669 Problem noted by Alexander Ignatyev. 1670 Properly split owner- mailing list messages when SuperSafe is set 1671 to interactive. Problem noted by Todd C. Miller of 1672 Courtesan Consulting. 1673 Make sure that an envelope is queued in the selected queue group 1674 even if some recipients are deleted or invalid. Problem 1675 found by Chris Adams of HiWAAY Informations Services. 1676 Do not send a bounce message if a message is completely collected 1677 from the SMTP client. Problem noted by Kari Hurtta of the 1678 Finnish Meteorological Institute. 1679 Provide an 'install-submit-st' target for sendmail/Makefile to 1680 install the MSP statistics file using the file named in the 1681 confMSP_STFILE devtools variable. Requested by Jeff 1682 Earickson of Colby College. 1683 Queue up mail with a temporary error if setusercontext() fails 1684 during a delivery attempt. Patch from Todd C. Miller of 1685 Courtesan Consulting. 1686 Fix handling of base64 encoded client authentication data for 1687 SMTP AUTH. Patch from Elena Slobodnik of life medien GmbH. 1688 Set the OpenLDAP option LDAP_OPT_RESTART so the client libraries 1689 restart interrupted system calls. Problem noted by Luiz 1690 Henrique Duma of BSIOne. 1691 Prevent a segmentation fault if a program passed a NULL envp using 1692 execve(). 1693 Document a problem with the counting of queue runners that may 1694 cause delays if MaxQueueChildren is set too low. Problem 1695 noted by Ian Duplisse of Cable Television Laboratories, Inc. 1696 If discarding a message based on a recipient, don't try to look up 1697 the recipient in the mailbox database if F=w is set. This 1698 allows users to discard bogus recipients when dealing with 1699 spammers without tipping them off. Problem noted by Neil 1700 Rickert of Northern Illinois University. 1701 If applying a header check to a header with unstructured data, 1702 e.g., Subject:, then do not run syntax checks that are 1703 supposed for addresses on the header content. 1704 Count messages rejected/discarded via the check_data ruleset. 1705 Portability: 1706 Fix compilation on systems which do not allow simple 1707 copying of the variable argument va_list. Based on 1708 fix from Scott Walters. 1709 Fix NSD map open bug. From Michel Bourget of SGI. 1710 Add some additional IRIX shells to the default shell 1711 list. From Michel Bourget of SGI. 1712 Fix compilation issues on Mac OS X 10.2 (Darwin 6.0). 1713 NETISO support has been dropped. 1714 CONFIG: There was a seemingly minor change in 8.12.4 with respect 1715 to handling entries of IP nets/addresses with RHS REJECT. 1716 These would be rejected in check_rcpt instead of only 1717 being activated in check_relay. This change has been made to 1718 avoid potential bogus temporary rejection of relay attempts 1719 "450 4.7.1 Relaying temporarily denied. Cannot resolve PTR 1720 record for ..." if delay_checks is enabled. However, this 1721 modification causes a change of behavior if an IP net/address 1722 is listed in the access map with REJECT and a host/domain 1723 name is listed with OK or RELAY, hence it has been reversed 1724 such that the behavior of 8.12.3 is restored. The original 1725 change was made on request of Neil Rickert of Northern 1726 Illinois University, the side effect has been found by 1727 Stefaan Van Hoornick. 1728 CONFIG: Make sure delay_checks works even for sender addresses 1729 using the local hostname ($j) or domains in class {P}. 1730 Based on patch from Neil Rickert of Northern Illinois 1731 University. 1732 CONFIG: Fix temporary error handling for LDAP Routing lookups. 1733 Fix from Andrzej Filip. 1734 CONTRIB: New version of etrn.pl script and external man page 1735 (etrn.0) from John Beck of Sun Microsystems. 1736 LIBMILTER: Protect a free(3) operation from being called with a 1737 NULL pointer. Problem noted by Andrey J. Melnikoff. 1738 LIBMILTER: Protect against more interrupted select() calls. Based 1739 on patch from Jose Marcio Martins da Cruz of Ecole Nationale 1740 Superieure des Mines de Paris. 1741 New Files: 1742 contrib/etrn.0 1743 17448.12.5/8.12.5 2002/06/25 1745 SECURITY: The DNS map can cause a buffer overflow if the user 1746 specifies a dns map using TXT records in the configuration 1747 file and a rogue DNS server is queried. None of the 1748 sendmail supplied configuration files use this option hence 1749 they are not vulnerable. Problem noted independently by 1750 Joost Pol of PINE Internet and Anton Rang of Sun Microsystems. 1751 Unprintable characters in responses from DNS servers for the DNS 1752 map type are changed to 'X' to avoid potential problems 1753 with rogue DNS servers. 1754 Require a suboption when setting the Milter option. Problem noted 1755 by Bryan Costales. 1756 Do not silently overwrite command line settings for 1757 DirectSubmissionModifiers. Problem noted by Bryan 1758 Costales. 1759 Prevent a segmentation fault when clearing the event list by 1760 turning off alarms before checking if event list is 1761 empty. Problem noted by Allan E Johannesen of Worcester 1762 Polytechnic Institute. 1763 Close a potential race condition in transitioning a memory buffered 1764 file onto disk. From Janani Devarajan of Sun Microsystems. 1765 Portability: 1766 Include paths.h on Linux systems running glibc 2.0 or later 1767 to get the definition for _PATH_SENDMAIL, used by 1768 rmail and vacation. Problem noted by Kevin 1769 A. McGrail of Peregrine Hardware. 1770 NOTE: Linux appears to have broken flock() again. Unless 1771 the bug is fixed before sendmail 8.13 is shipped, 1772 8.13 will change the default locking method to 1773 fcntl() for Linux kernel 2.4 and later. You may 1774 want to do this in 8.12 by compiling with 1775 -DHASFLOCK=0. Be sure to update other sendmail 1776 related programs to match locking techniques. 1777 17788.12.4/8.12.4 2002/06/03 1779 SECURITY: Inherent limitations in the UNIX file locking model 1780 can leave systems open to a local denial of service 1781 attack. Be sure to read the "FILE AND MAP PERMISSIONS" 1782 section of the top level README for more information. 1783 Problem noted by lumpy. 1784 Use TempFileMode (defaults to 0600) for the permissions of PidFile 1785 instead of 0644. 1786 Change the default file permissions for new alias database files 1787 from 0644 to 0640. This can be overridden at compile time 1788 by setting the DBMMODE macro. 1789 Fix a potential core dump problem if the environment variable 1790 NAME is set. Problem noted by Beth A. Chaney of 1791 Purdue University. 1792 Expand macros before passing them to libmilter. Problem noted 1793 by Jose Marcio Martins da Cruz of Ecole Nationale 1794 Superieure des Mines de Paris. 1795 Rewind the df (message body) before truncating it when libmilter 1796 replaces the body of a message. Problem noted by Gisle Aas 1797 of Active State. 1798 Change SMTP reply code for AUTH failure from 500 to 535 and the 1799 initial zero-length response to "=" per RFC 2554. Patches 1800 from Kenneth Murchison of Oceana Matrix Ltd. 1801 Do not try to fix broken message/rfc822 MIME attachments by 1802 inserting a MIME-Version: header when MaxMimeHeaderLength 1803 is set and no 8 to 7 bit conversion is needed. Based on 1804 patch from Rehor Petr of ICZ (Czech Republic). 1805 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" if the connection 1806 is rejected anyway. Noted by Chris Loelke. 1807 Mention the submission mail queue in the mailq man page. Requested 1808 by Bill Fenner of AT&T. 1809 Set ${msg_size} macro when reading a message from the command line 1810 or the queue. 1811 Detach from shared memory before dropping privileges back to 1812 user who started sendmail. 1813 If AllowBogusHELO is set to false (default) then also complain if 1814 the argument to HELO/EHLO contains white space. Suggested 1815 by Seva Gluschenko of Cronyx Plus. 1816 Allow symbolicly linked forward files in writable directory paths 1817 if both ForwardFileInUnsafeDirPath and 1818 LinkedForwardFileInWritableDir DontBlameSendmail options 1819 are set. Problem noted by Werner Spirk of 1820 Leibniz-Rechenzentrum Munich. 1821 Portability: 1822 Operating systems that lack the ftruncate() call will not 1823 be able to use Milter's body replacement feature. 1824 This only affects Altos, Maxion, and MPE/iX. 1825 Digital UNIX 5.0 has changed flock() semantics to be 1826 non-compliant. Problem noted by Martin Mokrejs of 1827 Charles University in Prague. 1828 The sparc64 port of FreeBSD 5.0 now supports shared 1829 memory. 1830 CONFIG: FEATURE(`preserve_luser_host') needs the macro map. 1831 Problem noted by Andrzej Filip. 1832 CONFIG: Using 'local:' as a mailertable value with 1833 FEATURE(`preserve_luser_host') and LUSER_RELAY caused mail 1834 to be misaddressed. Problem noted by Andrzej Filip. 1835 CONFIG: Provide a workaround for DNS based rejection lists that 1836 fail for AAAA queries. Problem noted by Chris Boyd. 1837 CONFIG: Accept the machine's hostname as resolvable when checking 1838 the sender address. This allows locally submitted mail to 1839 be accepted if the machine isn't connected to a nameserver 1840 and doesn't have an /etc/hosts entry for itself. Problem 1841 noted by Robert Watson of the TrustedBSD Project. 1842 CONFIG: Use deferred expansion for checking the ${deliveryMode} 1843 macro in case the SMTP VERB command is used. Problem 1844 noted by Bryan Costales. 1845 CONFIG: Avoid a duplicate '@domain' virtusertable lookup if no 1846 matches are found. Fix from Andrzej Filip. 1847 CONFIG: Fix wording in default dnsbl rejection message. Suggested 1848 by Lou Katz of Metron Computerware, Ltd. 1849 CONFIG: Add mailer cyrusv2 for Cyrus V2. Contributed by 1850 Kenneth Murchison of Oceana Matrix Ltd. 1851 CONTRIB: Fix wording in default dnsblaccess rejection message to 1852 match dnsbl change. 1853 DEVTOOLS: Add new option for access mode of statistics file, 1854 confSTMODE, which specifies the permissions when initially 1855 installing the sendmail statistics file. 1856 LIBMILTER: Mark the listening socket as close-on-exec in case 1857 a user's filter starts other applications. 1858 LIBSM: Allow the MBDB initialize, lookup, and/or terminate 1859 functions in SmMbdbTypes to be set to NULL. 1860 MAKEMAP: Change the default file permissions for new databases from 1861 0644 to 0640. This can be overridden at compile time 1862 by setting the DBMMODE macro. 1863 SMRSH: Fix man page bug: replace SMRSH_CMDBIN with SMRSH_CMDDIR. 1864 Problem noted by Dave Alden of Ohio State University. 1865 VACATION: When listing the vacation database (-l), don't show 1866 bogus timestamps for excluded (-x) addresses. Problem 1867 noted by Bryan Costales. 1868 New Files: 1869 cf/mailer/cyrusv2.m4 1870 18718.12.3/8.12.3 2002/04/05 1872 NOTICE: In general queue files should not be moved if queue groups 1873 are used. In previous versions this could cause mail 1874 not to be delivered if a queue file is repeatedly moved 1875 by an external process whenever sendmail moved it back 1876 into the right place. Some precautions have been taken 1877 to avoid moving queue files if not really necessary. 1878 sendmail may use links to refer to queue files and it 1879 may store the path of data files in queue files. Hence 1880 queue files should not be moved unless those internals 1881 are understood and the integrity of the files is not 1882 compromised. Problem noted by Anne Bennett of Concordia 1883 University. 1884 If an error mail is created, and the mail is split across different 1885 queue directories, and SuperSafe is off, then write the mail 1886 to disk before splitting it, otherwise an assertion is 1887 triggered. Problem tracked down by Henning Schmiedehausen 1888 of INTERMETA. 1889 Fix possible race condition that could cause sendmail to forget 1890 running queues. Problem noted by Jeff Wasilko of smoe.org. 1891 Handle bogus qf files better without triggering assertions. 1892 Problem noted by Guy Feltin. 1893 Protect against interrupted select() call when enforcing Milter 1894 read and write timeouts. Patch from Gurusamy Sarathy of 1895 ActiveState. 1896 Matching queue IDs with -qI should be case sensitive. Problem 1897 noted by Anne Bennett of Concordia University. 1898 If privileges have been dropped, don't try to change group ID to 1899 the RunAsUser group. Problem noted by Neil Rickert of 1900 Northern Illinois University. 1901 Fix SafeFileEnvironment path munging when the specified path 1902 contains a trailing slash. Based on patch from Dirk Meyer 1903 of Dinoex. 1904 Do not limit sendmail command line length to SM_ARG_MAX (usually 1905 4096). Problem noted by Allan E Johannesen of Worcester 1906 Polytechnic Institute. 1907 Clear full name of sender for each new envelope to avoid bogus data 1908 if several mails are sent in one session and some of them 1909 do not have a From: header. Problem noted by Bas Haakman. 1910 Change timeout check such that cached information about a connection 1911 will be immediately invalid if ConnectionCacheTimeout is zero. 1912 Based on patch from David Burns of Portland State University. 1913 Properly count message size for mailstats during mail collection. 1914 Problem noted by Werner Wiethege. 1915 Log complete response from LMTP delivery agent on failure. Based on 1916 patch from Motonori Nakamura of Kyoto University. 1917 Provide workaround for getopt() implementations that do not catch 1918 missing arguments. 1919 Fix the message size calculation if the message body is replaced by 1920 a milter filter and buffered file I/O is being used. 1921 Problem noted by Sergey Akhapkin of Dr.Web. 1922 Do not honor SIGUSR1 requests if running with extra privileges. 1923 Problem noted by Werner Wiethege. 1924 Prevent a file descriptor leak on mail delivery if the initial 1925 connect fails and DialDelay is set. Patch from Servaas 1926 Vandenberghe of Katholieke Universiteit Leuven. 1927 Properly deal with a case where sendmail is called by root running 1928 a set-user-ID (non-root) program. Problem noted by Jon 1929 Lusky of ISS Atlanta. 1930 Avoid leaving behind stray transcript (xf) files if multiple queue 1931 directories are used and mail is sent to a mailing list 1932 which has an owner- alias. Problem noted by Anne Bennett 1933 of Concordia University. 1934 Fix class map parsing code if optional key is specified. Problem 1935 found by Mario Nigrovic. 1936 The SMTP daemon no longer tries to fix up improperly dot-stuffed 1937 incoming messages. A leading dot is always stripped by the 1938 SMTP receiver regardless of whether or not it is followed by 1939 another dot. Problem noted by Jordan Ritter of darkridge.com. 1940 Fix corruption when doing automatic MIME 7-bit quoted-printable or 1941 base64 encoding to 8-bit text. Problem noted by Mark 1942 Elvers. 1943 Correct the statistics gathered for total number of connections. 1944 Instead of being the exact same number as the total number 1945 of messages (T line in mailstats) it now represents the 1946 total number of TCP connections. 1947 Be more explicit about syntax errors in addresses, especially 1948 non-ASCII characters, and properly create DSNs if necessary. 1949 Problem noted by Leena Heino of the University of Tampere. 1950 Prevent small timeouts from being lost on slow machines if itimers 1951 are used. Problem noted by Suresh Ramasubramanian. 1952 Prevent a race condition on child cleanup for delivery to files. 1953 Problem noted by Fletcher Mattox of the University of 1954 Texas. 1955 Change the SMTP error code for temporary map failures from 421 1956 to 451. 1957 Do not assume that realloc(NULL, size) works on all OS (this was 1958 only done in one place: queue group creation). Based on 1959 patch by Bryan Costales. 1960 Initialize Timeout.iconnect in the code to prevent randomly short 1961 timeouts. Problem noted by Bradley Watts of AT&T Canada. 1962 Do not try to send a second SMTP QUIT command if the remote 1963 responds to a MAIL command with a 421 reply or on I/O 1964 errors. By doing so, the host was marked as having a 1965 temporary problem and other mail destined for that host was 1966 queued for the next queue run. Problem noted by Fletcher 1967 Mattox of the University of Texas, Allan E Johannesen of 1968 Worcester Polytechnic Institute, Larry Greenfield of CMU, 1969 and Neil Rickert of Northern Illinois University. 1970 Ignore error replies from the SMTP QUIT command (including servers 1971 which drop the connection instead of responding to the 1972 command). 1973 Portability: 1974 Check LDAP_API_VERSION to determine if ldap_memfree() is 1975 available. 1976 Define HPUX10 when building on HP-UX 10.X. That platform 1977 now gets the proper _PATH_SENDMAIL and SMRSH_CMDDIR 1978 settings. Patch from Elias Halldor Agustsson of 1979 Skyrr. 1980 Fix dependency building on Mac OS X and Darwin. Problem 1981 noted by John Beck. 1982 Preliminary support for the sparc64 port of FreeBSD 5.0. 1983 Add /sbin/sh as an acceptable user shell on HP-UX. From 1984 Rajesh Somasund of Hewlett-Packard. 1985 CONFIG: Add FEATURE(`authinfo') to allow a separate database for 1986 SMTP AUTH information. This feature was actually added in 1987 8.12.0 but a release note was not included. 1988 CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce 1989 parameter is set and the LDAP lookup returns a temporary 1990 error. 1991 CONFIG: Honor FEATURE(`relay_hosts_only') when using 1992 FEATURE(`relay_mail_from', `domain'). Problem noted by 1993 Krzysztof Oledzki. 1994 CONFIG: FEATURE(`msp') now disables any type of alias 1995 initialization as aliases are not needed for the MSP. 1996 CONFIG: Allow users to override RELAY_MAILER_ARGS when FEATURE(`msp') 1997 is in use. Patch from Andrzej Filip. 1998 CONFIG: FEATURE(`msp') uses `[localhost]' as default instead of 1999 `localhost' and turns on MX lookups for the SMTP mailers. 2000 This will only have an effect if a parameter is specified, 2001 i.e., an MX lookup will be performed on the hostname unless 2002 it is embedded in square brackets. Problem noted by 2003 Theo Van Dinter of Collective Technologies. 2004 CONFIG: Set confTIME_ZONE to USE_TZ in submit.mc (TimeZoneSpec= in 2005 submit.cf) to use $TZ for time stamps. This is a compromise 2006 to allow for the proper time zone on systems where the 2007 default results in misleading time stamps. That is, syslog 2008 time stamps and Date headers on submitted mail will use the 2009 user's $TZ setting. Problem noted by Mark Roth of the 2010 University of Illinois at Urbana-Champaign, solution proposed 2011 by Neil Rickert of Northern Illinois University. 2012 CONFIG: Mac OS X (Darwin) ships with mail.local as non-set-user-ID 2013 binary. Adjust local mailer flags accordingly. Problem 2014 noted by John Beck. 2015 CONTRIB: Add a warning to qtool.pl to not move queue files around 2016 if queue groups are used. 2017 CONTRIB: buildvirtuser: Add -f option to force rebuild. 2018 CONTRIB: smcontrol.pl: Add -f option to specify control socket. 2019 CONTRIB: smcontrol.pl: Add support for 'memdump' command. 2020 Suggested by Bryan Costales. 2021 DEVTOOLS: Add dependency generation for test programs. 2022 LIBMILTER: Remove conversion of port number for the socket 2023 structure that is passed to xxfi_connect(). Notice: 2024 this fix requires that sendmail and libmilter both have 2025 this change; mixing versions may lead to wrong port 2026 values depending on the endianness of the involved systems. 2027 Problem noted by Gisle Aas of ActiveState. 2028 LIBMILTER: If smfi_setreply() sets a custom reply code of '4XX' but 2029 SMFI_REJECT is returned, ignore the custom reply. Do the 2030 same if '5XX' is used and SMFI_TEMPFAIL is returned. 2031 LIBMILTER: Install include files in ${INCLUDEDIR}/libmilter/ as 2032 required by mfapi.h. Problem noted by Jose Marcio Martins 2033 da Cruz of Ecole Nationale Superieure des Mines de Paris. 2034 LIBSM: Add SM_CONF_LDAP_MEMFREE as a configuration define. Set 2035 this to 1 if your LDAP client libraries include 2036 ldap_memfree(). 2037 LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X 2038 and NDBM on systems with the O_EXLOCK open(2) flag. 2039 SMRSH: Fix compilation problem on some operating systems. Problem 2040 noted by Christian Krackowizer of schuler technodat GmbH. 2041 VACATION: Allow root to operate on user vacation databases. Based 2042 on patch from Greg Couch of the University of California, 2043 San Francisco. 2044 VACATION: Don't ignore -C option. Based on patch by Bryan Costales. 2045 VACATION: Clarify option usage in the man page. Problem noted by 2046 Joe Barbish. 2047 New Files: 2048 libmilter/docs/smfi_setbacklog.html 2049 20508.12.2/8.12.2 2002/01/13 2051 Don't complain too much if stdin, stdout, or stderr are missing 2052 at startup, only log an error message. 2053 Fix potential problem if an unknown operation mode (character 2054 following -b) has been specified. 2055 Prevent purgestat from looping even if someone changes the 2056 permissions or owner of hoststatus files. Problem noted 2057 by Kari Hurtta of the Finnish Meteorological Institute. 2058 Properly record dropped connections in persistent host status. 2059 Problem noted by Ulrich Windl of the Universitat 2060 Regensburg. 2061 Remove newlines from recipients read via sendmail -t to prevent 2062 SMTP protocol errors when sending the RCPT command. 2063 Problem noted by William D. Colburn of the New Mexico 2064 Institute of Mining and Technology. 2065 Only log milter body replacements once instead of for each body 2066 chunk sent by a filter. Problem noted by Kari Hurtta of 2067 the Finnish Meteorological Institute. 2068 In 8.12.0 and 8.12.1, the headers were mistakenly not included in 2069 the message size calculation. Problem noted by Kari Hurtta 2070 of the Finnish Meteorological Institute. 2071 Since 8.12 no longer forks at the SMTP MAIL command, the daemon 2072 needs to collect children status to avoid zombie processes. 2073 Problem noted by Chris Adams of HiWAAY Informations Services. 2074 Shut down "nullserver" and ETRN-only connections after 25 bad 2075 commands are issued. This makes it consistent with normal 2076 SMTP connections. 2077 Avoid duplicate logging of milter rejections. Problem noted by 2078 William D. Colburn of the New Mexico Institute of Mining 2079 and Technology. 2080 Error and delay DSNs were being sent to postmaster instead of the 2081 message sender if the sender had used a deprecated RFC822 2082 source route. Problem noted by Kari Hurtta of the Finnish 2083 Meteorological Institute. 2084 Fix FallbackMXhost behavior for temporary errors during address 2085 parsing. Problem noted by Jorg Bielak from Coastal Web 2086 Online. 2087 For systems on which stat(2) does not return a value for st_blksize 2088 that is the "optimal blocksize for I/O" three new compile 2089 time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF, 2090 and SM_IO_MAX_BUF, which define an upper limit for 2091 regular files, and a lower and upper limit for other file 2092 types, respectively. 2093 Fix a potential deadlock if two events are supposed to occur at 2094 exactly the same time. Problem noted by Valdis Kletnieks 2095 of Virginia Tech. 2096 Perform envelope splitting for aliases listed directly in the 2097 alias file, not just for include/.forward files. 2098 Problem noted by John Beck of Sun Microsystems. 2099 Allow selection of queue group for mailq using -qGgroup. 2100 Based on patch by John Beck of Sun Microsystems. 2101 Make sure cached LDAP connections used my multiple maps in the same 2102 process are closed. Patch from Taso N. Devetzis. 2103 If running as root, allow reading of class files in protected 2104 directories. Patch from Alexander Talos of the University 2105 of Vienna. 2106 Correct a few LDAP related memory leaks. Patch from David Powell 2107 of Sun Microsystems. 2108 Allow specification of an empty realm via the authinfo ruleset. 2109 This is necessary to interoperate as an SMTP AUTH client 2110 with servers that do not support realms when using 2111 CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin. 2112 Avoid a potential information leak if AUTH PLAIN is used and the 2113 server gets stuck while processing that command. Problem 2114 noted by Chris Adams from HiWAAY Informations Services. 2115 In addition to printing errors when parsing recipients during 2116 command line invocations log them to make it simpler 2117 to understand possible DSNs to postmaster. 2118 Do not use FallbackMXhost on mailers which have the F=0 flag set. 2119 Allow local mailers (F=l) to specify a host for TCP connections 2120 instead of forcing localhost. 2121 Obey ${DESTDIR} for installation of the client mail queue and 2122 submit.cf. Patch from Peter 'Luna' Runestig. 2123 Re-enable support for -M option which was broken in 8.12.1. Problem 2124 noted by Neil Rickert of Northern Illinois University. 2125 If a remote server violates the SMTP standard by unexpectedly 2126 dropping the connection during an SMTP transaction, stop 2127 sending commands. This prevents bogus "Bad file number" 2128 recipient status. Problem noted by Allan E Johannesen of 2129 Worcester Polytechnic Institute. 2130 Do not use a size estimate of 100 for postmaster bounces, it's 2131 almost always too small; do not guess the size at all. 2132 New VENDOR_DEC for Compaq/DEC. Requested by James Seagraves of 2133 Compaq Computer Corp. 2134 Fix DaemonPortOptions IPv6 address parsing such that ::1 works 2135 properly. Problem noted by Valdis Kletnieks of Virginia 2136 Tech. 2137 Portability: 2138 Fix IPv6 network interface probing on HP-UX 11.X. Based on 2139 patch provided by HP. 2140 Mac OS X (aka Darwin) has a broken setreuid() call, but a 2141 working seteuid() call. From Daniel J. Luke. 2142 Use proper type for a 32-bit integer on SINIX. From Ganu 2143 Sachin of Siemens. 2144 Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX. 2145 Reduce optimization from +O3 to +O2 on HP-UX 11. This 2146 fixes a problem that caused additional bogus 2147 characters to be written to the qf file. Problem 2148 noted by Tapani Tarvainen. 2149 Set LDA_USE_LOCKF by default for UnixWare. Problem noted 2150 by Boyd Lynn Gerber. 2151 Add support for HP MPE/iX. See sendmail/README for port 2152 information. From Mark Bixby of Hewlett-Packard. 2153 New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON, 2154 USE_DOUBLE_FORK, and NEEDLINK. See sendmail/README 2155 for more information. From Mark Bixby of 2156 Hewlett-Packard. 2157 If an OS doesn't have a method of finding free disk space 2158 (SFS_NONE), lie and say there is plenty of space. 2159 From Mark Bixby of Hewlett-Packard. 2160 Add support for AIX 5.1. From Valdis Kletnieks of 2161 Virginia Tech. 2162 Fix man page location for NeXTSTEP. From Hisanori Gogota 2163 of the NTT/InterCommunication Center. 2164 Do not assume that strerror() always returns a string. 2165 Problem noted by John Beck of Sun Microsystems. 2166 CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed 2167 UUCP from the base operating system. From Mark Murray of 2168 FreeBSD Services, Ltd. 2169 CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX 2170 systems. From Mark Bixby of Hewlett-Packard. 2171 CONFIG: Add support for selecting a queue group for all mailers. 2172 Based on proposal by Stephen L. Ulmer of the University of 2173 Florida. 2174 CONFIG: Fix error reporting for compat_check.m4. Problem noted by 2175 Altin Waldmann. 2176 CONFIG: Do not override user selections for confRUN_AS_USER and 2177 confTRUSTED_USER in FEATURE(msp). From Mark Bixby of 2178 Hewlett-Packard. 2179 LIBMILTER: Fix bug that prevented the removal of a socket after 2180 libmilter terminated. Problem reported by Andrey V. Pevnev 2181 of MSFU. 2182 LIBMILTER: Fix configuration error that required libsm for linking. 2183 Problem noted by Kari Hurtta of the Finnish Meteorological 2184 Institute. 2185 LIBMILTER: Portability fix for OpenUNIX. Patch from Larry Rosenman. 2186 LIBMILTER: Fix a theoretical memory leak and a possible attempt 2187 to free memory twice. 2188 LIBSM: Fix a potential segmentation violation in the I/O library. 2189 Problem found and analyzed by John Beck and Tim Haley 2190 of Sun Microsystems. 2191 LIBSM: Do not clear the LDAP configuration information when 2192 terminating the mailbox database connection in the LDAP 2193 example code. Problem noted by Nikos Voutsinas of the 2194 University of Athens. 2195 New Files: 2196 cf/cf/generic-mpeix.cf 2197 cf/cf/generic-mpeix.mc 2198 cf/ostype/freebsd5.m4 2199 cf/ostype/mpeix.m4 2200 devtools/OS/AIX.5.1 2201 devtools/OS/MPE-iX 2202 include/sm/os/sm_os_mpeix.h 2203 libsm/mpeix.c 2204 22058.12.1/8.12.1 2001/10/01 2206 SECURITY: Check whether dropping group privileges actually succeeded 2207 to avoid possible compromises of the mail system by 2208 supplying bogus data. Add configuration options for 2209 different set*gid() calls to reset saved gid. Problem 2210 found by Michal Zalewski. 2211 PRIVACY: Prevent information leakage when sendmail has extra 2212 privileges by disabling debugging (command line -d flag) 2213 during queue runs and disabling ETRN when sendmail -bs is 2214 used. Suggested by Michal Zalewski. 2215 Avoid memory corruption problems resulting from bogus .cf files. 2216 Problem found by Michal Zalewski. 2217 Set the ${server_addr} macro to name of mailer when doing LMTP 2218 delivery. LMTP systems may offer SMTP Authentication or 2219 STARTTLS causing sendmail to use this macro in rulesets. 2220 If debugging is turned on (-d0.10) print not just the default 2221 values for configuration file and pid file but also the 2222 selected values. Problem noted by Brad Chapman. 2223 Continue dealing with broken nameservers by ignoring SERVFAIL 2224 errors returned on T_AAAA (IPv6) lookups at delivery time 2225 if ResolverOptions=WorkAroundBrokenAAAA is set. Previously 2226 this only applied to hostname canonification. Problem 2227 noted by Bill Fenner of AT&T Research. 2228 Ignore comments in NIS host records when trying to find the 2229 canonical name for a host. 2230 When sendmail has extra privileges, limit mail submission command 2231 line flags (i.e., -G, -h, -F, etc.) to mail submission 2232 operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on 2233 suggestion from Michal Zalewski. 2234 Portability: 2235 AIX: Use `oslevel` if available to determine OS version. 2236 `uname` does not given complete information. 2237 Problem noted by Keith Neufeld of the Cessna 2238 Aircraft Company. 2239 OpenUNIX: Use lockf() for LDA delivery (affects mail.local). 2240 Problem noticed by Boyd Lynn Gerber of ZENEX. 2241 Avoid compiler warnings by not using pointers to pass 2242 integers. Problem noted by Todd C. Miller of 2243 Courtesan Consulting. 2244 CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize 2245 problems with potential misconfigurations. 2246 CONFIG: Fix comment showing default value of MaxHopCount. Problem 2247 noted by Greg Robinson of the Defence Science and 2248 Technology Organisation of Australia. 2249 CONFIG: dnsbl: If an argument specifies an error message in case 2250 of temporary lookup failures for DNS based blacklists 2251 then use it. 2252 LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by 2253 Richard A. Nelson of Debian. 2254 LIBMILTER: Add __P definition for OS that lack it. Problem noted 2255 by Chris Adams from HiWAAY Informations Services. 2256 LIBSMDB: Fix a lock race condition that affects makemap, praliases, 2257 and vacation. 2258 MAKEMAP: Avoid going beyond the end of an input line if it does 2259 not contain a value for a key. Based on patch from 2260 Mark Bixby from Hewlett-Packard. 2261 New Files: 2262 test/Build 2263 test/Makefile 2264 test/Makefile.m4 2265 test/README 2266 test/t_dropgid.c 2267 test/t_setgid.c 2268 Deleted Files: 2269 include/sm/stdio.h 2270 include/sm/sysstat.h 2271 22728.12.0/8.12.0 2001/09/08 2273 *NOTICE*: The default installation of sendmail does not use 2274 set-user-ID root anymore. You need to create a new user and 2275 a new group before installing sendmail (both called smmsp by 2276 default). The installation process tries to install 2277 /etc/mail/submit.cf and creates /var/spool/clientmqueue by 2278 default. Please see sendmail/SECURITY for details. 2279 SECURITY: Check for group and world writable forward and :include: 2280 files. These checks can be turned off if absolutely 2281 necessary using the DontBlameSendmail option and the new 2282 flags: 2283 GroupWritableForwardFile 2284 WorldWritableForwardFile 2285 GroupWritableIncludeFile 2286 WorldWritableIncludeFile 2287 Problem noted by Slawek Zak of Politechnika Warszawska, 2288 SECURITY: Drop privileges when using address test mode. Suggested 2289 by Michal Zalewski of the "Internet for Schools" project 2290 (IdS). 2291 Fixed problem of a global variable being used for a timeout jump 2292 point where the variable could become overused for more than 2293 one timeout concurrently. This erroneous behavior resulted in 2294 a corrupted stack causing a core dump. The timeout is now 2295 handled via libsm. Problem noted by Michael Shapiro, 2296 John Beck, and Carl Smith of Sun Microsystems. 2297 If sendmail is set-group-ID then that group ID is used for permission 2298 checks (group ID of RunAsUser). This allows use of a 2299 set-group-ID sendmail binary for initial message submission 2300 and no set-user-ID root sendmail is needed. For details 2301 see sendmail/SECURITY. 2302 Log a warning if a non-trusted user changes the syslog label. 2303 Based on notice from Bryan Costales of SL3D, Inc. 2304 If sendmail is called for initial delivery, try to use submit.cf 2305 with a fallback of sendmail.cf as configuration file. See 2306 sendmail/SECURITY. 2307 New configuration file option UseMSP to allow group writable queue 2308 files if the group is the same as that of a set-group-ID 2309 sendmail binary. See sendmail/SECURITY. 2310 The .cf file is chosen based on the operation mode. For -bm (default), 2311 -bs, and -t it is submit.cf if it exists for all others it 2312 is sendmail.cf (to be backward compatible). This selection 2313 can be changed by the new option -Ac or -Am (alternative .cf 2314 file: client or mta). See sendmail/SECURITY. 2315 The SMTP server no longer forks on each MAIL command. The ONEX 2316 command has been removed. 2317 Implement SMTP PIPELINING per RFC 2920. It can be turned off 2318 at compile time or per host (ruleset). 2319 New option MailboxDatabase specifies the type of mailbox database 2320 used to look up local mail recipients; the default value 2321 is "pw", which means to use getpwnam(). New mailbox database 2322 types can be added by adding custom code to libsm/mbdb.c. 2323 Queue file names are now 15 characters long, rather than 14 characters 2324 long, to accomodate envelope splitting. File systems with 2325 a 14 character file name length limit are no longer 2326 supported. 2327 Recipient list used for delivery now gets internally ordered by 2328 hostsignature (character string version of MX RR). This orders 2329 recipients for the same MX RR's together meaning smaller 2330 portions of the list need to be scanned (instead of the whole 2331 list) each delivery() pass to determine piggybacking. The 2332 significance of the change is better the larger the recipient 2333 list. Hostsignature is now created during recipient list 2334 creation rather than just before delivery. 2335 Enhancements for more opportunistic piggybacking. Previous 2336 piggybacking (called coincidental) extended to coattail 2337 piggybacking. Rather than complete MX RR matching 2338 (coincidental) piggybacking is done if just the lowest value 2339 preference matches (coattail). 2340 If sendmail receives a temporary error on a RCPT TO: command, it will 2341 try other MX hosts if available. 2342 DefaultAuthInfo can contain a list of mechanisms to be used for 2343 outgoing (client-side) SMTP Authentication. 2344 New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable 2345 AUTH (overrides 'a' modifier in DaemonPortOptions). Based 2346 on patch from Lyndon Nerenberg of Messaging Direct. 2347 Enable AUTH mechanism EXTERNAL if STARTTLS is used. 2348 A new ruleset authinfo can be used to return client side 2349 authentication information for AUTH instead of DefaultAuthInfo. 2350 Therefore the DefaultAuthInfo option is deprecated and will be 2351 removed in future versions. 2352 Accept any SMTP continuation code 3xy for AUTH even though RFC 2554 2353 requires 334. Mercury 1.48 is a known offender. 2354 Add new option AuthMaxBits to limit the overall encryption strength 2355 for the security layer in SMTP AUTH (SASL). See 2356 doc/op/op.me for details. 2357 Introduce new STARTTLS related macros {cn_issuer}, {cn_subject}, 2358 {cert_md5} which hold the CN (common name) of the CA that 2359 signed the presented certificate, the CN and the MD5 hash 2360 of the presented certificate, respectively. 2361 New ruleset try_tls to decide whether to try (as client) STARTTLS. 2362 New ruleset srv_features to enable/disable certain features in the 2363 server per connection. See doc/op/op.me for details. 2364 New ruleset tls_rcpt to decide whether to send e-mail to a particular 2365 recipient; useful to decide whether a conection is secure 2366 enough on a per recipient basis. 2367 New option TLSSrvOptions to modify some aspects of the server 2368 for STARTTLS. 2369 If no certificate has been requested, the macro {verify} has the 2370 value "NOT". 2371 New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off 2372 using/offering STARTTLS when delivering/receiving e-mail. 2373 Macro expand filenames/directories for certs and keys in the .cf file. 2374 Proposed by Neil Rickert of Northern Illinois University. 2375 Generate an ephemeral RSA key for a STARTTLS connection only if 2376 really required. This change results in a noticable 2377 performance gains on most machines. Moreover, if shared 2378 memory is in use, reuse the key several times. 2379 Add queue groups which can be used to group queue directories with 2380 the same behavior together. See doc/op/op.me for details. 2381 If the new option FastSplit (defaults to one) has a value greater 2382 than zero, it suppresses the MX lookups on addresses when they 2383 are initially sorted which may result in faster envelope 2384 splitting. If the mail is submitted directly from the 2385 command line, then the value also limits the number of 2386 processes to deliver the envelopes; if more envelopes are 2387 created they are only queued up and must be taken care of 2388 by a queue run. 2389 The check for 'enough disk space' now pays attention to which file 2390 system each queue directory resides in. 2391 All queue runners can be cleanly terminated via SIGTERM to parent. 2392 New option QueueFileMode for the default permissions of queue files. 2393 Add parallel queue runner code. Allows multiple queue runners per work 2394 group (one or more queues in a multi-queue environment 2395 collected together) to process the same work list at the 2396 same time. 2397 Option MaxQueueChildren added to limit the number of concurrently 2398 active queue runner processes. 2399 New option MaxRunnersPerQueue to specify the maximum number of queue 2400 runners per queue group. 2401 Queue member selection by substring pattern matching now allows 2402 the pattern to be negated. For -qI, -qR and -qS it is 2403 permissible for -q!I, -q!R and -q!S to mean remove members 2404 of the queue that match during processing. 2405 New -qp[time] option is similar to -qtime, except that instead of 2406 periodically forking a child to process the queue, a single 2407 child is forked for each queue that sleeps between queue 2408 runs. A SIGHUP signal can be sent to restart this 2409 persistent queue runner. 2410 The SIGHUP signal now restarts a timed queue run process (i.e., a 2411 sendmail process which only runs the queue at an interval: 2412 sendmail -q15m). 2413 New option NiceQueueRun to set the priority of queue runners. 2414 Proposed by Thom O'Connor. 2415 sendmail will run the queue(s) in the background when invoked with -q 2416 unless the new -qf option or -v is used. 2417 QueueSortOrder=Random sorts the queue randomly, which is useful if 2418 several queue runners are started by hand to avoid contention. 2419 QueueSortOrder=Modification sorts the queue by the modification time 2420 of the qf file (older entries first). 2421 Support Deliver By SMTP Service Extension (RFC 2852) which allows 2422 a client to specify an amount of time within which an e-mail 2423 should be delivered. New option DeliverByMin added to set the 2424 minimum amount of time or disable the extension. 2425 Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are 2426 not allowed unless escaped or quoted. 2427 Add support for a generic DNS map. Based on a patch contributed 2428 by Leif Johansson of Stockholm University, which was based on 2429 work by Assar Westerlund of Swedish Institute of Computer 2430 Science, Kista, and Johan Danielsson of Royal Institute of 2431 Technology, Stockholm, Sweden. 2432 MX records will be looked up for FallBackMXhost. To use the old 2433 behavior (no MX lookups), put the name in square brackets. 2434 Proposed by Thom O'Connor. 2435 Use shared memory to store free space of filesystems that are used 2436 for queues, if shared memory is available and if a key is set 2437 via SharedMemoryKey. This minimizes the number of system 2438 calls to check the available space. See doc/op/op.me for 2439 details. 2440 If shared memory is compiled in the option -bP can be used to print 2441 the number of entries in the queue(s). 2442 Enable generic mail filter API (milter). See libmilter/README 2443 and the usual documentation for details. 2444 Remove AutoRebuildAliases option, deprecated since 8.10. 2445 Remove '-U' (initial user submission) command line option as 2446 announced in 8.10. 2447 Remove support for non-standard SMTP command XUSR. Use an MSA instead. 2448 New macro {addr_type} which contains whether the current address is 2449 an envelope sender or recipient address. Suggested by 2450 Neil Rickert of Northern Illinois University. 2451 Two new options for host maps: -d (retransmission timeout), 2452 -r (number of retries). 2453 New option for LDAP maps: the -V<sep> allows you to specify a 2454 separator such that a lookup can return both an attribute 2455 and value separated by the given separator. 2456 Add new operators '%', '|', '&' (modulo, binary or, binary and) 2457 to map class arith. 2458 If DoubleBounceAddress expands to an empty string, ``double bounces'' 2459 (errors that occur when sending an error message) are dropped. 2460 New DontBlameSendmail options GroupReadableSASLDBFile and 2461 GroupWritableSASLDBFile to relax requirements for sasldb files. 2462 New DontBlameSendmail options GroupReadableKeyFile to relax 2463 requirements for files containing secret keys. This is 2464 necessary for the MSP if client authentification is used. 2465 Properly handle quoted filenames for class files (to allow for 2466 filenames with spaces). 2467 Honor the resolver option RES_NOALIASES when canonifying hostnames. 2468 Add macros to avoid the reuse of {if_addr} etc: 2469 {if_name_out} hostname of interface of outgoing connection. 2470 {if_addr_out} address of interface of outgoing connection. 2471 {if_family_out} family of interface of outgoing connection. 2472 The latter two are only set if the interface does not belong 2473 to the loopback net. 2474 Add macro {nrcpts} which holds the number of (validated) recipients. 2475 DialDelay option applies only to mailers with flag 'Z'. Patch from 2476 Juergen Georgi of RUS University of Stuttgart. 2477 New Timeout.lhlo,auth,starttls options to limit the time waiting for 2478 an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command. 2479 New Timeout.aconnect option to limit the overall waiting time for 2480 all connections for a single delivery attempt to succeed. 2481 Limit the rate recipients in the SMTP envelope are accepted once 2482 a threshold number of recipients has been rejected (option 2483 BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD 2484 Development Group. 2485 New option DelayLA to delay connections if the load averages 2486 exceeds the specified value. The default of 0 does not 2487 change the previous behavior. A value greater than 0 2488 will cause sendmail to sleep for one second on most 2489 SMTP commands and before accepting connections if that 2490 load average is exceeded. 2491 Use a dynamic (instead of fixed-size) buffer for the list of 2492 recipients that are sent during a connection to a mailer. 2493 This also introduces a new mailer field 'r' which defines 2494 the maximum number of recipients (defaults to 100). 2495 Based on patch by Motonori Nakamura of Kyoto University. 2496 Add new F=1 mailer flag to disable sending of null characters ('\0'). 2497 Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead. 2498 The deprecated [TCP] builtin mailer pathname (P=) is gone. Use [IPC] 2499 instead. 2500 IPC is no longer available as first mailer argument (A=) for [IPC] 2501 builtin mailer pathnames. Use TCP instead. 2502 PH map code updated to use the new libphclient API instead of the 2503 old libqiapi library. Contributed by Mark Roth of the 2504 University of Illinois at Urbana-Champaign. 2505 New option DirectSubmissionModifiers to define {daemon_flags} 2506 for direct (command line) submissions. 2507 New M=O modifier for DaemonPortOptions to ignore the socket in 2508 case of failures. Based on patch by Jun-ichiro itojun 2509 Hagino of the KAME Project. 2510 Add Disposition-Notification-To: (RFC 2298) to the list of headers 2511 whose content is rewritten similar to Reply-To:. 2512 Proposed by Andrzej Filip. 2513 Use STARTTLS/AUTH=server/client for logging incoming/outgoing 2514 STARTTLS/AUTH connections; log incoming connections at level 2515 9 or higher. Use AUTH/STARTTLS instead of SASL/TLS for SMTP 2516 AUTH/STARTTLS related logfile entries. 2517 Convert unprintable characters (and backslash) into octal or C format 2518 before logging. 2519 Log recipients if no message is transferred but QUIT/RSET is given 2520 (at LogLevel 9/10 or higher). 2521 Log discarded recipients at LogLevel 10 or higher. 2522 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections 2523 in which most commands are rejected due to check_relay or 2524 TCP Wrappers if the host tries one of those commands anyway. 2525 Change logging format for cloned envelopes to be similar to that for 2526 DSNs ("old id: new id: clone"). Suggested by Ulrich Windl 2527 of the Universitat Regensburg. 2528 Added libsm, a C library of general purpose abstractions including 2529 assertions, tracing and debugging with named debug categories, 2530 exception handling, malloc debugging, resource pools, 2531 portability abstractions, and an extensible buffered I/O 2532 package. It will at some point replace libsmutil. 2533 See libsm/index.html for details. 2534 Fixed most memory leaks in sendmail which were previously taken 2535 care of by fork() and exit(). 2536 Use new sm_io*() functions in place of stdio calls. Allows for 2537 more consistent portablity amongst different platforms 2538 new and old (from new libsm). 2539 Common I/O pkg means just one buffering method needed instead of two 2540 ('bf_portable' and 'bf_torek' now just 'bf'). 2541 Sfio no longer needed as SASL/TLS code uses sm_io*() API's. 2542 New possible value 'interactive' for SuperSafe which can be used 2543 together with DeliveryMode=interactive is to avoid some disk 2544 synchronizations calls. 2545 Add per-recipient status information to mailq -v output. 2546 T_ANY queries are no longer used by sendmail. 2547 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS" 2548 too (see include/sm/cdefs.h for more info). 2549 sendmail -d now has general support for named debug categories. 2550 See libsm/debug.html and section 3.4 of doc/op/op.me 2551 for details. 2552 Eliminate the "postmaster warning" DSNs on address parsing errors 2553 such as unbalanced angle brackets or parentheses. The DSNs 2554 generated by this condition were illegal (not RFC conform). 2555 Problem noted by Ulrich Windl of the Universitaet Regensburg. 2556 Do not issue a DSN if the ruleset localaddr resolves to the $#error 2557 mailer and the recipient has hence been rejected during the 2558 SMTP dialogue. Problem reported by Larry Greenfield of CMU. 2559 Deal with a case of multiple deliveries on misconfigured systems 2560 that do not have postmaster defined. If an email was sent 2561 from an address to which a DSN cannot be returned and 2562 in which at least one recipient address is non-deliverable, 2563 then that email had been delivered in each queue run. 2564 Problem reported by Matteo HCE Valsasna of Universita 2565 degli Studi dell'Insubria. 2566 The compilation options SMTP, DAEMON, and QUEUE have been removed, 2567 i.e., the corresponding code is always compiled in now. 2568 Log the command line in daemon/queue-run mode at LogLevel 10 and 2569 higher. Suggested by Robert Harker of Harker Systems. 2570 New ResolverOptions setting: WorkAroundBrokenAAAA. When 2571 attempting to canonify a hostname, some broken nameservers 2572 will return SERVFAIL (a temporary failure) on T_AAAA (IPv6) 2573 lookups. If you want to excuse this behavior, use this new 2574 flag. Suggested by Chris Foote of SE Network Access and 2575 Mark Roth of the University of Illinois at 2576 Urbana-Champaign. 2577 Free the memory allocated by getipnodeby{addr,name}(). Problem 2578 noted by Joy Latten of IBM. 2579 ConnectionRateThrottle limits the number of connections per second 2580 to each daemon individually, not the overall number of 2581 connections. 2582 Specifying only "ldap:" as an AliasFile specification will force 2583 sendmail to use a default alias schema as outlined in the 2584 ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of 2585 cf/README. 2586 Add a new syntax for the 'F' (file class) sendmail.cf command. If 2587 the first character after the class name is not a '/' or a 2588 '|' and it contains an '@' (e.g., F{X}key@class:spec), the 2589 rest of the line will be parsed as a map lookup. This 2590 allows classes to be filled via a map lookup. See op.me 2591 for more syntax information. Specifically, this can be 2592 used for commands such as VIRTUSER_DOMAIN_FILE() to read 2593 the list of domains via LDAP (see the ``USING LDAP FOR 2594 ALIASES, MAPS, and CLASSES'' section of cf/README for an 2595 example). 2596 The new macro ${sendmailMTACluster} determines the LDAP cluster for 2597 the default schema used in the above two items. 2598 Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a 2599 warning if a program being run from a mailer or file class 2600 (e.g., F|/path/to/prog) is in an unsafe directory path. 2601 Unless DontBlameSendmail=RunWritableProgram is set, log a warning 2602 if a program being run from a mailer or file class 2603 (e.g., F|/path/to/prog) is group or world writable. 2604 Loopback interfaces (e.g., "lo0") are now probed for class {w} 2605 hostnames. Setting DontProbeInterfaces to "loopback" 2606 (without quotes) will disable this and return to the 2607 pre-8.12 behavior of only probing non-loopback interfaces. 2608 Suggested by Bryan Stansell of GNAC. 2609 In accordance with RFC 2821 section 4.1.4, accept multiple 2610 HELO/EHLO commands. 2611 Multiple ClientPortOptions settings are now allowed, one for each 2612 possible protocol family which may be used for outgoing 2613 connections. Restrictions placed on one family only affect 2614 outgoing connections on that particular family. Because of 2615 this change, the ${client_flags} macro is not set until the 2616 connection is established. Based on patch from Motonori 2617 Nakamura of Kyoto University. 2618 PrivacyOptions=restrictexpand instructs sendmail to drop privileges 2619 when the -bv option is given by users who are neither root 2620 nor the TrustedUser so users can not read private aliases, 2621 forwards, or :include: files. It also will override the -v 2622 (verbose) command line option. 2623 If the M=b modifier is set in DaemonPortOptions and the interface 2624 address can't be used for the outgoing connection, fall 2625 back to the settings in ClientPortOptions (if set). 2626 Problem noted by John Beck of Sun Microsystems. 2627 New named config file rule check_data for DATA command (input: 2628 number of recipients). Based on patch from Mark Roth of 2629 the University of Illinois at Urbana-Champaign. 2630 Add support for ETRN queue selection per RFC 1985. The queue group 2631 can be specified using the '#' option character. For 2632 example, 'ETRN #queuegroup'. 2633 If an LDAP server times out or becomes unavailable, close the 2634 current connection and reopen to get to one of the fallback 2635 servers. Patch from Paul Hilchey of the University of 2636 British Columbia. 2637 Make default error number on $#error messages 550 instead of 501 2638 because 501 is not allowed on all commands. 2639 The .cf file option UnsafeGroupWrites is deprecated, it should be 2640 replaced with the settings GroupWritableForwardFileSafe 2641 and GroupWritableIncludeFileSafe in DontBlameSendmail 2642 if required. 2643 The deprecated ldapx map class has been removed. Use the ldap map 2644 class instead. 2645 Any IPv6 addresses used in configuration should be prefixed by the 2646 "IPv6:" tag to identify the address properly. For example, 2647 if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to 2648 class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4]. 2649 Change the $&{opMode} macro if the operation mode changes while the 2650 MTA is running. For example, during a queue run. 2651 Add "use_inet6" as a new ResolverOptions flag to control the 2652 RES_USE_INET6 resolver option. Based on patch from Rick 2653 Nelson of IBM. 2654 The maximum number of commands before the MTA slows down when too 2655 many "light weight" commands have been received are now 2656 configurable during compile time. The current values and 2657 their defaults are: 2658 MAXBADCOMMANDS 25 unknown commands 2659 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 2660 MAXHELOCOMMANDS 3 HELO, EHLO 2661 MAXVRFYCOMMANDS 6 VRFY, EXPN 2662 MAXETRNCOMMANDS 8 ETRN 2663 Setting a value to 0 disables the check. Patch from Bryan 2664 Costales of SL3D, Inc. 2665 The header syntax H?${MyMacro}?X-My-Header: now not only checks if 2666 ${MyMacro} is defined but also that it is not empty. 2667 Properly quote usernames with special characters if they are used 2668 in headers. Problem noted by Kari Hurtta of the Finnish 2669 Meteorological Institute. 2670 Be sure to include the proper Final-Recipient: DSN header in bounce 2671 messages for messages for mailing list expanded addresses 2672 which are not delivered on the initial attempt. 2673 Do not treat errors as sticky when doing delivery via LMTP after 2674 the final dot has been sent to avoid affecting future 2675 deliveries. Problem reported by Larry Greenfield of CMU. 2676 New compile time flag REQUIRES_DIR_FSYNC which turns on support for 2677 file systems that require to call fsync() for a directory 2678 if the meta-data in it has been changed. This should be 2679 set at least for ReiserFS; it is enabled by default for Linux. 2680 See sendmail/README for further information. 2681 Avoid file locking deadlock when updating the statistics file if 2682 sendmail is signaled to terminate. Problem noted by 2683 Christophe Wolfhugel of France Telecom. 2684 Set the $c macro (hop count) as it is being set instead of when the 2685 envelope is initialized. Problem noted by Kari Hurtta of 2686 the Finnish Meteorological Institute. 2687 Properly count recipients for DeliveryMode defer and queue. Fix 2688 from Peter A. Friend of EarthLink. 2689 Treat invalid hesiod lookups as permanent errors instead of 2690 temporary errors. Problem noted by Russell McOrmond of 2691 flora.ca. 2692 Portability: 2693 Remove support for AIX 2, which supports only 14 character 2694 filenames and is outdated anyway. Suggested by 2695 Valdis Kletnieks of Virginia Tech. 2696 Change several settings for Irix 6: remove confSBINDIR, 2697 i.e., use default /usr/sbin, change owner/group 2698 of man pages and user-executable to root/sys, set 2699 optimization limit to 0 (unlimited). Based on patch 2700 from Ayamura Kikuchi, M.D, and proposal from Kari 2701 Hurtta of the Finnish Meteorological Institute. 2702 Do not assume LDAP support is installed by default under 2703 Solaris 8 and later. 2704 Add support for OpenUNIX. 2705 CONFIG: Increment version number of config file to 10. 2706 CONFIG: Add an install target and a README file in cf/cf. 2707 CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc. 2708 CONFIG: Reject empty recipient addresses (in check_rcpt). 2709 CONFIG: The access map uses an option of -T<TMPF> to deal with 2710 temporary lookup failures. 2711 CONFIG: New value for access map: SKIP, which causes the default 2712 action to be taken by aborting the search for domain names 2713 or IP nets. 2714 CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or 2715 relay address as long as the other part allows the email 2716 to get through. 2717 CONFIG: Entries for virtusertable can make use of a third parameter 2718 "%3" which contains "+detail" of a wildcard match, i.e., an 2719 entry like user+*@domain. This allows handling of details by 2720 using %1%3 as the RHS. Additionally, a "+" wildcard has been 2721 introduced to match only non-empty details of addresses. 2722 CONFIG: Numbers for rulesets used by MAILERs have been removed 2723 and hence there is no required order within the MAILER 2724 section anymore except for MAILER(`uucp') which must come 2725 after MAILER(`smtp') if uucp-dom and uucp-uudom are used. 2726 CONFIG: Hosts listed in the generics domain class {G} 2727 (GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated 2728 as canonical. Suggested by Per Hedeland of Ericsson. 2729 CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup 2730 in the access map which returns OK or RELAY actually 2731 terminates check_* ruleset checking. 2732 CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset 2733 tls_rcpt, see cf/README for details. 2734 CONFIG: Change format of Received: header line which reveals whether 2735 STARTTLS has been used to "(version=${tls_version} 2736 cipher=${cipher} bits=${cipher_bits} verify=${verify})". 2737 CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks') 2738 options friends/haters instead of "To:" and enable 2739 specification of whole domains instead of just users. 2740 Notice: this change is not backward compatible. 2741 Suggested by Chris Adams from HiWAAY Informations Services. 2742 CONFIG: Allow for local extensions for most new rulesets, see 2743 cf/README for details. 2744 CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in 2745 the access map. Proposed by Randall Winchester of the 2746 University of Maryland. 2747 CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for 2748 the local mailer. Proposed by Ingo Brueckl of Wupper Online. 2749 CONFIG: confRELAY_MSG/confREJECT_MSG can override the default 2750 messages for an unauthorized relaying attempt/for access 2751 map entries with RHS REJECT, respectively. 2752 CONFIG: FEATURE(`always_add_domain') takes an optional argument 2753 to specify another domain to be added instead of the local one. 2754 Suggested by Richard H. Gumpertz of Computer Problem 2755 Solving. 2756 CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific 2757 options, see doc/op/op.me for details. 2758 CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for 2759 the security layer in SMTP AUTH (SASL). 2760 CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated 2761 immediately. 2762 CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which 2763 allows checking of the return values of the DNS lookups. 2764 See cf/README for details. 2765 CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for 2766 temporary lookup failures. 2767 CONFIG: New option confDELIVER_BY_MIN to specify minimum time for 2768 Deliver By (RFC 2852) or to turn off the extension. 2769 CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared 2770 memory use. 2771 CONFIG: New FEATURE(`compat_check') to look up a key consisting 2772 of the sender and the recipient address delimited by the 2773 string "<@>", e.g., sender@sdomain<@>recipient@rdomain, 2774 in the access map. Based on code contributed by Mathias 2775 Koerber of Singapore Telecommunications Ltd. 2776 CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user 2777 file. Suggested by John Beck of Sun Microsystems. 2778 CONFIG: Don't use MAILER-DAEMON for error messages delivered 2779 via LMTP. Problem reported by Larry Greenfield of CMU. 2780 CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of 2781 the recipient host if LUSER_RELAY is used. 2782 CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the 2783 +detail portion of the address when passing address to 2784 local delivery agent. Disables alias and .forward +detail 2785 stripping. Only use if LDA supports this. 2786 CONFIG: Removed deprecated FEATURE(`rbl'). 2787 CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE() 2788 which allow you to specify 'equivalent' hosts for LDAP 2789 Routing lookups. Equivalent hostnames are replaced by the 2790 masquerade domain name for lookups. See cf/README for 2791 additional details. 2792 CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which 2793 instructs the rulesets on what to do if the address being 2794 looked up has +detail information. See cf/README for more 2795 information. 2796 CONFIG: When chosing a new destination via LDAP Routing, also look 2797 up the new routing address/host in the mailertable. Based 2798 on patch from Don Badrak of the United States Census Bureau. 2799 CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing 2800 is in use and the bounce option is enabled. Only reject 2801 recipients as user unknown. 2802 CONFIG: Provide LDAP support for the remaining database map 2803 features. See the ``USING LDAP FOR ALIASES AND MAPS'' 2804 section of cf/README for more information. 2805 CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster} 2806 macro used for LDAP searches as described above in ``USING 2807 LDAP FOR ALIASES, MAPS, AND CLASSES''. 2808 CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(), 2809 which takes the options as argument and can be used 2810 multiple times; see cf/README for details. 2811 CONFIG: Add configuration macros for new options: 2812 confBAD_RCPT_THROTTLE BadRcptThrottle 2813 confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 2814 confMAILBOX_DATABASE MailboxDatabase 2815 confMAX_QUEUE_CHILDREN MaxQueueChildren 2816 confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 2817 confNICE_QUEUE_RUN NiceQueueRun 2818 confQUEUE_FILE_MODE QueueFileMode 2819 confFAST_SPLIT FastSplit 2820 confTLS_SRV_OPTIONS TLSSrvOptions 2821 See above (and related documentation) for further information. 2822 CONFIG: Add configuration variables for new timeout options: 2823 confTO_ACONNECT Timeout.aconnect 2824 confTO_AUTH Timeout.auth 2825 confTO_LHLO Timeout.lhlo 2826 confTO_STARTTLS Timeout.starttls 2827 CONFIG: Add configuration macros for mail filter API: 2828 confINPUT_MAIL_FILTERS InputMailFilters 2829 confMILTER_LOG_LEVEL Milter.LogLevel 2830 confMILTER_MACROS_CONNECT Milter.macros.connect 2831 confMILTER_MACROS_HELO Milter.macros.helo 2832 confMILTER_MACROS_ENVFROM Milter.macros.envfrom 2833 confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 2834 Mail filters can be defined via INPUT_MAIL_FILTER() and 2835 MAIL_FILTER(). See libmilter/README, cf/README, and 2836 doc/op/op.me for details. 2837 CONFIG: Add support for accepting temporarily unresolvable domains. 2838 See cf/README for details. Based on patch by Motonori 2839 Nakamura of Kyoto University. 2840 CONFIG: confDEQUOTE_OPTS can be used to specify options for the 2841 dequote map. 2842 CONFIG: New macro QUEUE_GROUP() to define queue groups. 2843 CONFIG: New FEATURE(`queuegroup') to select a queue group based 2844 on the full e-mail address or the domain of the recipient. 2845 CONFIG: Any IPv6 addresses used in configuration should be prefixed 2846 by the "IPv6:" tag to identify the address properly. For 2847 example, if you want to use the IPv6 address 2848 2002:c0a8:51d2::23f4 in the access database, you would need 2849 to use IPv6:2002:c0a8:51d2::23f4 on the left hand side. 2850 This affects the access database as well as the 2851 relay-domains and local-host-names files. 2852 CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux). 2853 CONFIG: Avoid expansion of m4 keywords in SMART_HOST. 2854 CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading 2855 exceptions from a file. Suggested by Trey Breckenridge of 2856 Mississippi State University. 2857 CONFIG: Add LOCAL_USER_FILE() for reading local users 2858 (LOCAL_USER() -- $={L}) entries from a file. 2859 CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4 2860 which allows to lookup error codes in the access map. 2861 Contributed by Neil Rickert of Northern Illinois University. 2862 DEVTOOLS: Add new options for installation of include and library 2863 files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP, 2864 confLIBMODE, confLIBOWN. 2865 DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off 2866 installation of the the formatted man pages on operating 2867 systems which don't include cat directories. 2868 EDITMAP: New program for editing maps as supplement to makemap. 2869 MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up 2870 local mail recipients. New option -D mbdb specifies the 2871 mailbox database type. 2872 MAIL.LOCAL: New option "-h filename" which instructs mail.local to 2873 deliver the mail to the named file in the user's home 2874 directory instead of the system mail spool area. Based on 2875 patch from Doug Hardie of the Los Angeles Free-Net. 2876 MAILSTATS: New command line option -P which acts the same as -p but 2877 doesn't truncate the statistics file. 2878 MAKEMAP: Add new option -t to specify a different delimiter 2879 instead of white space. 2880 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway 2881 submission. Problem noted by Kari Hurtta of the Finnish 2882 Meteorological Institute. 2883 SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later. 2884 VACATION: Change Auto-Submitted: header value from auto-generated to 2885 auto-replied. From Kenneth Murchison of Oceana Matrix Ltd. 2886 VACATION: New option -d to send error/debug messages to stdout 2887 instead of syslog. 2888 VACATION: New option -U which prevents the attempt to lookup login 2889 in the password file. The -f and -m options must be used 2890 to specify the database and message file since there is no 2891 home directory for the default settings for these options. 2892 VACATION: Vacation now uses the libsm mbdb package to look up 2893 local mail recipients; it reads the MailboxDatabase option 2894 from the sendmail.cf file. New option -C cffile which 2895 specifies the path of the sendmail.cf file. 2896 New Directories: 2897 libmilter/docs 2898 New Files: 2899 cf/cf/README 2900 cf/cf/submit.cf 2901 cf/cf/submit.mc 2902 cf/feature/authinfo.m4 2903 cf/feature/compat_check.m4 2904 cf/feature/enhdnsbl.m4 2905 cf/feature/msp.m4 2906 cf/feature/local_no_masquerade.m4 2907 cf/feature/lookupdotdomain.m4 2908 cf/feature/preserve_luser_host.m4 2909 cf/feature/preserve_local_plus_detail.m4 2910 cf/feature/queuegroup.m4 2911 cf/sendmail.schema 2912 contrib/dnsblaccess.m4 2913 devtools/M4/UNIX/sm-test.m4 2914 devtools/OS/OpenUNIX.5.i386 2915 editmap/* 2916 include/sm/* 2917 libsm/* 2918 libsmutil/cf.c 2919 libsmutil/err.c 2920 sendmail/SECURITY 2921 sendmail/TUNING 2922 sendmail/bf.c 2923 sendmail/bf.h 2924 sendmail/sasl.c 2925 sendmail/sm_resolve.c 2926 sendmail/sm_resolve.h 2927 sendmail/tls.c 2928 Deleted Files: 2929 cf/feature/rbl.m4 2930 cf/ostype/aix2.m4 2931 devtools/OS/AIX.2 2932 include/sendmail/cdefs.h 2933 include/sendmail/errstring.h 2934 include/sendmail/useful.h 2935 libsmutil/errstring.c 2936 sendmail/bf_portable.c 2937 sendmail/bf_portable.h 2938 sendmail/bf_torek.c 2939 sendmail/bf_torek.h 2940 sendmail/clock.c 2941 Renamed Files: 2942 cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc 2943 cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf 2944 cf/ostype/aux.m4 => cf/ostype/a-ux.m4 2945 29468.11.7/8.11.7 2003/03/29 2947 SECURITY: Fix a remote buffer overflow in header parsing by 2948 dropping sender and recipient header comments if the 2949 comments are too long. Problem noted by Mark Dowd 2950 of ISS X-Force. 2951 SECURITY: Fix a buffer overflow in address parsing due to 2952 a char to int conversion problem which is potentially 2953 remotely exploitable. Problem found by Michal Zalewski. 2954 Note: an MTA that is not patched might be vulnerable to 2955 data that it receives from untrusted sources, which 2956 includes DNS. 2957 To provide partial protection to internal, unpatched sendmail MTAs, 2958 8.11.7 changes by default (char)0xff to (char)0x7f in 2959 headers etc. To turn off this conversion compile with 2960 -DALLOW_255 or use the command line option -d82.101. 2961 To provide partial protection for internal, unpatched MTAs that may be 2962 performing 7->8 or 8->7 bit MIME conversions, the default 2963 for MaxMimeHeaderLength has been changed to 2048/1024. 2964 Note: this does have a performance impact, and it only 2965 protects against frontal attacks from the outside. 2966 To disable the checks and return to pre-8.11.7 defaults, 2967 set MaxMimeHeaderLength to 0/0. 2968 Properly clean up macros to avoid persistence of session data 2969 across various connections. This could cause session 2970 oriented restrictions, e.g., STARTTLS requirements, 2971 to erroneously allow a connection. Problem noted 2972 by Tim Maletic of Priority Health. 2973 Ignore comments in NIS host records when trying to find the 2974 canonical name for a host. 2975 Fix a memory leak when closing Hesiod maps. 2976 Set ${msg_size} macro when reading a message from the command line 2977 or the queue. 2978 Prevent a segmentation fault when clearing the event list by 2979 turning off alarms before checking if event list is 2980 empty. Problem noted by Allan E Johannesen of Worcester 2981 Polytechnic Institute. 2982 Fix a potential core dump problem if the environment variable 2983 NAME is set. Problem noted by Beth A. Chaney of 2984 Purdue University. 2985 Prevent a race condition on child cleanup for delivery to files. 2986 Problem noted by Fletcher Mattox of the University of 2987 Texas. 2988 CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce 2989 parameter is set and the LDAP lookup returns a temporary 2990 error. 2991 CONFIG: Fix a syntax error in the try_tls ruleset if 2992 FEATURE(`access_db') is not enabled. 2993 LIBSMDB: Fix a lock race condition that affects makemap, praliases, 2994 and vacation. 2995 LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X 2996 and NDBM on systems with the O_EXLOCK open(2) flag. 2997 MAKEMAP: Avoid going beyond the end of an input line if it does 2998 not contain a value for a key. Based on patch from 2999 Mark Bixby from Hewlett-Packard. 3000 MAIL.LOCAL: Fix a truncation race condition if the close() on 3001 the mailbox fails. Problem noted by Tomoko Fukuzawa of 3002 Sun Microsystems. 3003 SMRSH: SECURITY: Only allow regular files or symbolic links to be 3004 used for a command. Problem noted by David Endler of 3005 iDEFENSE, Inc. 3006 30078.11.6/8.11.6 2001/08/20 3008 SECURITY: Fix a possible memory access violation when specifying 3009 out-of-bounds debug parameters. Problem detected by 3010 Cade Cairns of SecurityFocus. 3011 Avoid leaking recipient information in unrelated DSNs. This could 3012 happen if a connection is aborted, several mails had been 3013 scheduled for delivery via that connection, and the timeout 3014 is reached such that several DSNs are sent next. Problem 3015 noted by Dileepan Moorkanat of Hewlett-Packard. 3016 Fix a possible segmentation violation when specifying too many 3017 wildcard operators in a rule. Problem detected by 3018 Werner Wiethege. 3019 Avoid a segmentation fault on non-matching Hesiod lookups. Problem 3020 noted by Russell McOrmond of flora.ca 3021 30228.11.5/8.11.5 2001/07/31 3023 Fix a possible race condition when sending a HUP signal to restart 3024 the daemon. This could terminate the current process without 3025 starting a new daemon. Problem reported by Wolfgang Breyha 3026 of SE Netway Communications. 3027 Only apply MaxHeadersLength when receiving a message via SMTP or 3028 the command line. Problem noted by Andrey J. Melnikoff. 3029 When finding the system's local hostname on an IPv6-enabled system 3030 which doesn't have any IPv6 interface addresses, fall back 3031 to looking up only IPv4 addresses. Problem noted by Tim 3032 Bosserman of EarthLink. 3033 When commands were being rejected due to check_relay or TCP 3034 Wrappers, the ETRN command was not giving a response. 3035 Incoming IPv4 connections on a Family=inet6 daemon (using 3036 IPv4-mapped addresses) were incorrectly labeled as "may be 3037 forged". Problem noted by Per Steinar Iversen of Oslo 3038 University College. 3039 Shutdown address test mode cleanly on SIGTERM. Problem noted by 3040 Greg King of the OAO Corporation. 3041 Restore the original real uid (changed in main() to prevent 3042 out of band signals) before invoking a delivery agent. 3043 Some delivery agents use this for the "From " envelope 3044 "header". Problem noted by Leslie Carroll of the 3045 University at Albany. 3046 Mark closed file descriptors properly to avoid reuse. Problem 3047 noted by Jeff Bronson of J.D. Bronson, Inc. 3048 Setting Timeout options on the command line will also override 3049 their sub-suboptions in the .cf file, e.g., -O 3050 Timeout.queuereturn=2d will set all queuereturn timeouts 3051 to 2 days. Problem noted by Roger B.A. Klorese. 3052 Portability: 3053 BSD/OS has a broken setreuid() implementation. Problem 3054 noted by Vernon Schryver of Rhyolite Software. 3055 BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?). 3056 Noted by Vernon Schryver of Rhyolite Software. 3057 BSD/OS has fchown(2). Noted by Dave Yadallee of Netline 3058 2000 Internet Solutions Inc. 3059 Solaris 2.X and later have strerror(3). From Sebastian 3060 Hagedorn of Cologne University. 3061 CONFIG: Fix parsing for IPv6 domain literals in addresses 3062 (user@[IPv6:address]). Problem noted by Liyuan Zhou. 3063 30648.11.4/8.11.4 2001/05/28 3065 Clean up signal handling routines to reduce the chances of heap 3066 corruption and other potential race conditions. 3067 Terminating and restarting the daemon may not be 3068 instantaneous due to this change. Also, non-root users can 3069 no longer send out-of-band signals. Problem reported by 3070 Michal Zalewski of BindView. 3071 If LogLevel is greater than 9 and SASL fails to negotiate an 3072 encryption layer, avoid core dump logging the encryption 3073 strength. Problem noted by Miroslav Zubcic of Crol. 3074 If a server offers "AUTH=" and "AUTH " and the list of mechanisms is 3075 different in those two lines, sendmail might not have 3076 recognized (and used) all of the offered mechanisms. 3077 Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch 3078 from Kenji Miyake. 3079 This time, really don't use the .. directory when expanding 3080 QueueDirectory wildcards. 3081 If a process is interrupted while closing a map, don't try to close 3082 the same map again while exiting. 3083 Allow local mailers (F=l) to contact remote hosts (e.g., via 3084 LMTP). Problem noted by Norbert Klasen of the University 3085 of Tuebingen. 3086 If Timeout.QueueReturn was set to a value less the time it took 3087 to write a new queue file (e.g., 0 seconds), the bounce 3088 message would be lost. Problem noted by Lorraine L Goff of 3089 Oklahoma State University. 3090 Pass map argument vector into map rewriting engine for the regex 3091 and prog map types. Problem noted by Stephen Gildea of 3092 InTouch Systems, Inc. 3093 When closing an LDAP map due to a temporary error, close all of the 3094 other LDAP maps which share the original map's connection 3095 to the LDAP server. Patch from Victor Duchovni of 3096 Morgan Stanley. 3097 To detect changes of NDBM aliases files check the timestamp of the 3098 .pag file instead of the .dir file. Problem noted by Neil 3099 Rickert of Northern Illinois University. 3100 Don't treat temporary hesiod lookup failures as permanent. Patch 3101 from Werner Wiethege. 3102 If ClientPortOptions is set, make sure to create the outgoing socket 3103 with the family set in that option. Patch from Sean Farley. 3104 Avoid a segmentation fault trying to dereference a NULL pointer 3105 when logging a MaxHopCount exceeded error with an empty 3106 recipient list. Problem noted by Chris Adams of HiWAAY 3107 Internet Services. 3108 Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich 3109 Windl of the Universitaet Regensburg. 3110 Fix DSN for "mail loops back to me" bounces. Problem noticed by 3111 Kari Hurtta of the Finnish Meteorological Institute. 3112 Portability: 3113 OpenBSD has a broken setreuid() implementation. 3114 CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back 3115 to 553 since it is allowed by DRUMS. 3116 CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X. 3117 DEVTOOLS: install.sh did not properly handle paths in the source 3118 file name argument. Noted by Kari Hurtta of the Finnish 3119 Meteorological Institute. 3120 DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD 3121 since it generates random process ids. 3122 PRALIASES: Add back adaptive algorithm to deal with different endings 3123 of entries in the database (with/without trailing '\0'). 3124 Patch from John Beck of Sun Microsystems. 3125 New Files: 3126 cf/ostype/freebsd4.m4 3127 31288.11.3/8.11.3 2001/02/27 3129 Prevent a segmentation fault when a bogus value was used in the 3130 LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus 3131 option was used. Problem noted by Allan E Johannesen of 3132 Worcester Polytechnic Institute. 3133 Prevent "token too long" message by shortening {currHeader} which 3134 could be too long if the last copied character was a quote. 3135 Problem detected by Jan Krueger of digitalanswers 3136 communications consulting gmbh. 3137 Additional IPv6 check for unspecified addresses. Patch from 3138 Jun-ichiro itojun Hagino of the KAME Project. 3139 Do not ignore the ClientPortOptions setting if DaemonPortOptions 3140 Modifier=b (bind to same interface) is set and the 3141 connection came in from the command line. 3142 Do not bind to the loopback address if DaemonPortOptions 3143 Modifier=b (bind to same interface) is set. Patch from 3144 John Beck of Sun Microsystems. 3145 Properly deal with open failures on non-optional maps used in 3146 check_* rulesets by returning a temporary failure. 3147 Buffered file I/O files were not being properly fsync'ed to disk 3148 when they were committed. 3149 Properly encode '=' for the AUTH= parameter of the MAIL command. 3150 Problem noted by Hadmut Danisch. 3151 Under certain circumstances the macro {server_name} could be set 3152 to the wrong hostname (of a previous connection), which may 3153 cause some rulesets to return wrong results. This would 3154 usually cause mail to be queued up and delivered later on. 3155 Ignore F=z (LMTP) mailer flag if $u is given in the mailer A= 3156 equate. Problem noted by Motonori Nakamura of Kyoto 3157 University. 3158 Work around broken accept() implementations which only partially 3159 fill in the peer address if the socket is closed before 3160 accept() completes. 3161 Return an SMTP "421" temporary failure if the data file can't be 3162 opened where the "354" reply would normally be given. 3163 Prevent a CPU loop in trying to expand a macro which doesn't exist 3164 in a queue run. Problem noted by Gordon Lack of Glaxo 3165 Wellcome. 3166 If delivering via a program and that program exits with EX_TEMPFAIL, 3167 note that fact for the mailq display instead of just showing 3168 "Deferred". Problem noted by Motonori Nakamura of Kyoto 3169 University. 3170 If doing canonification via /etc/hosts, try both the fully 3171 qualified hostname as well as the first portion of the 3172 hostname. Problem noted by David Bremner of the 3173 University of New Brunswick. 3174 Portability: 3175 Fix a compilation problem for mail.local and rmail if SFIO 3176 is in use. Problem noted by Auteria Wally 3177 Winzer Jr. of Champion Nutrition. 3178 IPv6 changes for platforms using KAME. Patch from 3179 Jun-ichiro itojun Hagino of the KAME Project. 3180 OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and 3181 higher has BSDI-style login classes. Patch from 3182 Todd C. Miller of Courtesan Consulting. 3183 Unixware 7.1.1 doesn't allow h_errno to be set directly if 3184 sendmail is being compiled with -kthread. Problem 3185 noted by Orion Poplawski of CQG, Inc. 3186 CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and 3187 current left hand side for $LHS in virtuser files. 3188 DEVTOOLS: Do not pass make targets to recursive Build invocations. 3189 Problem noted by Jeff Bronson of J.D. Bronson, Inc. 3190 MAIL.LOCAL: In LMTP mode, do not return errors regarding problems 3191 storing the temporary message file until after the remote 3192 side has sent the final DATA termination dot. Problem 3193 noted by Allan E Johannesen of Worcester Polytechnic 3194 Institute. 3195 MAIL.LOCAL: If LMTP mode is set, give a temporary error if users 3196 are also specified on the command line. Patch from 3197 Motonori Nakamura of Kyoto University. 3198 PRALIASES: Skip over AliasFile specifications which aren't based on 3199 database files (i.e., only show dbm, hash, and btree). 3200 Renamed Files: 3201 devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x 3202 32038.11.2/8.11.2 2000/12/29 3204 Prevent a segmentation fault when trying to set a class in 3205 address test mode due to a negative array index. Audit 3206 other array indexing. This bug is not believed to be 3207 exploitable. Noted by Michal Zalewski of the "Internet for 3208 Schools" project (IdS). 3209 Add an FFR (for future release) to drop privileges when using 3210 address test mode. This will be turned on in 8.12. It can 3211 be enabled by compiling with: 3212 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS') 3213 in your devtools/Site/site.config.m4 file. Suggested by 3214 Michal Zalewski of the "Internet for Schools" project (IdS). 3215 Fix potential problem with Cyrus-SASL security layer which may have 3216 caused I/O errors, especially for mechanism DIGEST-MD5. 3217 When QueueSortOrder was set to host, sendmail might not read 3218 enough of the queue file to determine the host, making the 3219 sort sub-optimal. Problem noted by Jeff Earickson of 3220 Colby College. 3221 Don't issue DSNs for addresses which use the NOTIFY parameter (per 3222 RFC 1891) but don't have FAILURE as value. 3223 Initialize Cyrus-SASL library before the SMTP daemon is started. 3224 This implies that every change to SASL related files requires 3225 a restart of the daemon, e.g., Sendmail.conf, new SASL 3226 mechanisms (in form of shared libraries). 3227 Properly set the STARTTLS related macros during a queue run for 3228 a cached connection. Bug reported by Michael Kellen of 3229 NxNetworks, Inc. 3230 Log the server name in relay= for ruleset tls_server instead of the 3231 client name. 3232 Include original length of bad field/header when reporting 3233 MaxMimeHeaderLength problems. Requested by Ulrich Windl of 3234 the Universitat Regensburg. 3235 Fix delivery to set-user-ID files that are expanded from aliases in 3236 DeliveryMode queue. Problem noted by Ric Anderson of the 3237 University of Arizona. 3238 Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano 3239 of Collective Technologies. 3240 Avoid using a negative argument for sleep() calls when delaying answers 3241 to EXPN/VRFY commands on systems which respond very slowly. 3242 Problem noted by Mikolaj J. Habryn of Optus Internet 3243 Engineering. 3244 Make sure the F=u flag is set in the default prog mailer 3245 definition. Problem noted by Kari Hurtta of the Finnish 3246 Meteorological Institute. 3247 Fix IPv6 check for unspecified addresses. Patch from 3248 Jun-ichiro itojun Hagino of the KAME Project. 3249 Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish 3250 Meteorological Institute. 3251 Fix parsing of DaemonPortOptions and ClientPortOptions. Read all 3252 of the parameters to find Family= setting before trying to 3253 interpret Addr= and Port=. Problem noted by Valdis 3254 Kletnieks of Virginia Tech. 3255 When delivering to a file directly from an alias, do not call 3256 initgroups(); instead use the DefaultUser group information. 3257 Problem noted by Marc Schaefer of ALPHANET NF. 3258 RunAsUser now overrides the ownership of the control socket, if 3259 created. Otherwise, sendmail can not remove it upon 3260 close. Problem noted by Werner Wiethege. 3261 Fix ConnectionRateThrottle counting as the option is the number of 3262 overall connections, not the number of connections per 3263 socket. A future version may change this to per socket 3264 counting. 3265 Portability: 3266 Clean up libsmdb so it functions properly on platforms 3267 where sizeof(u_int32_t) != sizeof(size_t). Problem 3268 noted by Rein Tollevik of Basefarm AS. 3269 Fix man page formatting for compatibility with Solaris' 3270 whatis. From Stephen Gildea of InTouch Systems, Inc. 3271 UnixWare 7 includes snprintf() support. From Larry 3272 Rosenman. 3273 IPv6 changes for platforms using KAME. Patch from 3274 Jun-ichiro itojun Hagino of the KAME Project. 3275 Avoid a typedef compile conflict with Berkeley DB 3.X and 3276 Solaris 2.5 or earlier. Problem noted by Bob Hughes 3277 of Pacific Access. 3278 Add preliminary support for AIX 5. Contributed by 3279 Valdis Kletnieks of Virginia Tech. 3280 Solaris 9 load average support from Andrew Tucker of Sun 3281 Microsystems. 3282 CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r') 3283 is used. Problem noted by Phil Homewood of Asia Online, 3284 patch from Neil Rickert of Northern Illinois University. 3285 CONFIG: Change the default DNS based blacklist server for 3286 FEATURE(`dnsbl') to blackholes.mail-abuse.org. 3287 CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e., 3288 implicitly assume canonical host names. 3289 CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on 3290 patch by Motonori Nakamura of Kyoto University. 3291 CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of 3292 Virginia Tech. 3293 CONFIG: Pass the illegal header form <list:;> through untouched 3294 instead of making it worse. Problem noted by Motonori 3295 Nakamura of Kyoto University. 3296 CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`). 3297 CONTRIB: qtool.pl: An empty queue is not an error. Problem noted 3298 by Jan Krueger of digitalanswers communications consulting 3299 gmbh. 3300 CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark 3301 Roth of the University of Illinois at Urbana-Champaign. 3302 DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4 3303 variables into bldOS, bldREL, and bldARCH to prevent 3304 namespace collisions. Problem noted by Motonori Nakamura 3305 of Kyoto University. 3306 RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It 3307 causes some changes in behavior and may break rmail for 3308 installations where sendmail is actually a wrapper to 3309 another MTA. The change will re-appear in a future 3310 version. 3311 SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X, 3312 and SunOS 5.8. Requested by Jeff A. Earickson of Colby 3313 College and John Beck of Sun Microsystems. 3314 VACATION: Fix pattern matching for addresses to ignore. 3315 VACATION: Don't reply to addresses of the form owner-* 3316 or *-owner. 3317 New Files: 3318 cf/ostype/aix5.m4 3319 contrib/buildvirtuser 3320 devtools/OS/AIX.5.0 3321 33228.11.1/8.11.1 2000/09/27 3323 Fix SMTP EXPN command output if the address expands to a single 3324 name. Fix from John Beck of Sun Microsystems. 3325 Don't try STARTTLS in the client if the PRNG has not been properly 3326 seeded. This problem only occurs on systems without 3327 /dev/urandom. Problem detected by Jan Krueger of 3328 digitalanswers communications consulting gmbh and 3329 Neil Rickert of Northern Illinois University. 3330 Don't use the . and .. directories when expanding QueueDirectory 3331 wildcards. 3332 Do not try to cache LDAP connections across processes as a parent 3333 process may close the connection before the child process 3334 has completed. Problem noted by Lai Yiu Fai of the Hong 3335 Kong University of Science and Technology and Wolfgang 3336 Hottgenroth of UUNET. 3337 Use Timeout.fileopen to limit the amount of time spent trying to 3338 read the LDAP secret from a file. 3339 Prevent SIGTERM from removing a command line submitted item after 3340 the user submits the message and before the first delivery 3341 attempt completes. Problem noted by Max France of AlphaNet. 3342 Fix from Neil Rickert of Northern Illinois University. 3343 Deal correctly with MaxMessageSize restriction if message size is 3344 greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman 3345 of EarthLink. 3346 Turn off queue checkpointing if CheckpointInterval is set to zero. 3347 Treat an empty home directory (from getpw*() or $HOME) as 3348 non-existent instead of treating it as /. Problem noted by 3349 Todd C. Miller of Courtesan Consulting. 3350 Don't drop duplicate headers when reading a queued item. Problem 3351 noted by Motonori Nakamura of Kyoto University. 3352 Avoid bogus error text when logging the savemail panic "cannot 3353 save rejected email anywhere". Problem noted by Marc G. 3354 Fournier of Acadia University. 3355 If an LDAP search fails because the LDAP server went down, close 3356 the map so subsequent searches reopen the map. If there are 3357 multiple LDAP servers, the down server will be skipped and 3358 one of the others may be able to take over. 3359 Set the ${load_avg} macro to the current load average, not the 3360 previous load average query result. 3361 If a non-optional map used in a check_* ruleset can't be opened, 3362 return a temporary failure to the remote SMTP client 3363 instead of ignoring the map. Problem noted by Allan E 3364 Johannesen of Worcester Polytechnic Institute. 3365 Avoid a race condition when queuing up split envelopes by saving 3366 the split envelopes before the original envelope. 3367 Fix a bug in the PH_MAP code which caused mail to bounce instead of 3368 defer if the PH server could not be contacted. From Mark 3369 Roth of the University of Illinois at Urbana-Champaign. 3370 Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and 3371 ETRN. Problem noted by Erik R. Leo of SoVerNet. 3372 Change error code for unrecognized parameters to the SMTP MAIL and 3373 RCPT commands from 501 to 555 per RFC 1869. Problem 3374 reported to Postfix by Robert Norris of Monash University. 3375 Prevent overwriting the argument of -B on certain OS. Problem 3376 noted by Matteo Gelosa of I.NET S.p.A. 3377 Use the proper routine for freeing memory with Netscape's LDAP 3378 client libraries. Patch from Paul Hilchey of the 3379 University of British Columbia. 3380 Portability: 3381 Move the NETINET6 define to devtools/OS/SunOS.5.{8,9} 3382 instead of defining it in conf.h so users can 3383 override the setting. Suggested by 3384 Henrik Nordstrom of Ericsson. 3385 On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of 3386 /usr/lib/sendmail for rmail and vacation. From 3387 Jeff A. Earickson of Colby College. 3388 On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which 3389 does not exist). From Jeff A. Earickson of Colby 3390 College. 3391 Avoid using the UCB subsystem on NCR MP-RAS 3.x. From 3392 Tom Moore of NCR. 3393 NeXT 3.X and 4.X installs man pages in /usr/man. From 3394 Hisanori Gogota of NTT/InterCommunicationCenter. 3395 Solaris 8 and later include /var/run. The default PID file 3396 location is now /var/run/sendmail.pid. From John 3397 Beck of Sun Microsystems. 3398 SFIO includes snprintf() for those operating systems 3399 which do not. From Todd C. Miller of Courtesan 3400 Consulting. 3401 CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}. 3402 Problem noted by Kaspar Brand of futureLab AG. 3403 CONFIG: Change 553 SMTP reply code to 501 to avoid problems with 3404 errors in the MAIL address. 3405 CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem 3406 noted by Ron Jarrell of Virginia Tech. 3407 CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8). 3408 Contributed by John Beck of Sun Microsystems. 3409 CONFIG: Set confFROM_HEADER such that the mail hub can possibly add 3410 GECOS information for an address. This more closely 3411 matches pre-8.10 nullclient behavior. From Per Hedeland of 3412 Ericsson. 3413 CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for 3414 SMTP to all *smtp* mailers and those for RELAY to the relay 3415 mailer as described in cf/README. 3416 MAIL.LOCAL: Open the mailbox as the recipient not root so quotas 3417 are obeyed. Problem noted by Damian Kuczynski of NIK. 3418 MAKEMAP: Do not change a map's owner to the TrustedUser if using 3419 makemap to 'unmake' the map. 3420 RMAIL: Avoid overflowing the list of recipients being passed to 3421 sendmail. 3422 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway 3423 submission. Problem noted by Kari Hurtta of the Finnish 3424 Meteorological Institute. 3425 VACATION: Read the complete message to avoid "broken pipe" signals. 3426 VACATION: Do not cut off vacation.msg files which have a single 3427 dot as the only character on the line. 3428 New Files: 3429 cf/ostype/solaris8.m4 3430 34318.11.0/8.11.0 2000/07/19 3432 SECURITY: If sendmail is installed as a non-root set-user-ID binary 3433 (not the normal case), some operating systems will still 3434 keep a saved-uid of the effective-uid when sendmail tries 3435 to drop all of its privileges. If sendmail needs to drop 3436 these privileges and the operating system doesn't set the 3437 saved-uid as well, exit with an error. Problem noted by 3438 Kari Hurtta of the Finnish Meteorological Institute. 3439 SECURITY: sendmail depends on snprintf() NUL terminating the string 3440 it populates. It is possible that some broken 3441 implementations of snprintf() exist that do not do this. 3442 Systems in this category should compile with 3443 -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your 3444 system and report broken implementations to 3445 sendmail-bugs@sendmail.org and your OS vendor. Problem 3446 noted by Slawomir Piotrowski of TELSAT GP. 3447 Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS). 3448 Implementation influenced by the example programs of 3449 OpenSSL and the work of Lutz Jaenicke of TU Cottbus. 3450 Add new STARTTLS related options CACERTPath, CACERTFile, 3451 ClientCertFile, ClientKeyFile, DHParameters, RandFile, 3452 ServerCertFile, and ServerKeyFile. These are documented in 3453 cf/README and doc/op/op.*. 3454 New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, 3455 ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, 3456 ${server_name}, and ${server_addr}. These are documented 3457 in cf/README and doc/op/op.*. 3458 Add support for the Entropy Gathering Daemon (EGD) for better 3459 random data. 3460 New DontBlameSendmail option InsufficientEntropy for systems which 3461 don't properly seed the PRNG for OpenSSL but want to 3462 try to use STARTTLS despite the security problems. 3463 Support the security layer in SMTP AUTH for mechanisms which 3464 support encryption. Based on code contributed by Tim 3465 Martin of CMU. 3466 Add new macro ${auth_ssf} to reflect the SMTP AUTH security 3467 strength factor. 3468 LDAP's -1 (single match only) flag was not honored if the -z 3469 (delimiter) flag was not given. Problem noted by ST Wong of 3470 the Chinese University of Hong Kong. Fix from Mark Adamson 3471 of CMU. 3472 Add more protection from accidentally tripping OpenLDAP 1.X's 3473 ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute(). 3474 Suggested by Kurt Zeilenga of OpenLDAP. 3475 Fix the default family selection for DaemonPortOptions. As 3476 documented, unless a family is specified in a 3477 DaemonPortOptions option, "inet" is the default. It is 3478 also the default if no DaemonPortOptions value is set. 3479 Therefore, IPv6 users should configure additional sockets 3480 by adding DaemonPortOptions settings with Family=inet6 if 3481 they wish to also listen on IPv6 interfaces. Problem noted 3482 by Jun-ichiro itojun Hagino of the KAME Project. 3483 Set ${if_family} when setting ${if_addr} and ${if_name} to reflect 3484 the interface information for an outgoing connection. 3485 Not doing so was creating a mismatch between the socket 3486 family and address used in subsequent connections if the 3487 M=b modifier was set in DaemonPortOptions. Problem noted 3488 by John Beck of Sun Microsystems. 3489 If DaemonPortOptions modifier M=b is used, determine the socket 3490 family based on the IP address. ${if_family} is no longer 3491 persistent (i.e., saved in qf files). Patch from John Beck 3492 of Sun Microsystems. 3493 sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family} 3494 macros for both the incoming interface address/family and 3495 the outgoing interface address/family. In order for M=b 3496 modifier in DaemonPortOptions to work properly, preserve 3497 the incoming information in the queue file for later 3498 delivery attempts. 3499 Use SMTP error code and enhanced status code from check_relay in 3500 responses to commands. Problem noted by Jeff Wasilko of 3501 smoe.org. 3502 Add more vigilance in checking for putc() errors on output streams 3503 to protect from a bug in Solaris 2.6's putc(). Problem 3504 noted by Graeme Hewson of Oracle. 3505 The LDAP map -n option (return attribute names only) wasn't working. 3506 Problem noted by Ajay Matia. 3507 Under certain circumstances, an address could be listed as deferred 3508 but would be bounced back to the sender as failed to be 3509 delivered when it really should have been queued. Problem 3510 noted by Allan E Johannesen of Worcester Polytechnic Institute. 3511 Prevent a segmentation fault in a child SMTP process from getting 3512 the SMTP transaction out of sync. Problem noted by Per 3513 Hedeland of Ericsson. 3514 Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT 3515 is defined to avoid a core dump due to incompatibilities 3516 between sfio and stdio. Problem noted by Neil Rickert 3517 of Northern Illinois University. 3518 Don't log useless envelope ID on initial connection log. Problem 3519 noted by Kari Hurtta of the Finnish Meteorological Institute. 3520 Convert the free disk space shown in a control socket status query 3521 to kilobyte units. 3522 If TryNullMXList is True and there is a temporary DNS failure 3523 looking up the hostname, requeue the message for a later 3524 attempt. Problem noted by Ari Heikkinen of Pohjois-Savo 3525 Polytechnic. 3526 Under the proper circumstances, failed connections would be recorded 3527 as "Bad file number" instead of "Connection failed" in the 3528 queue file and persistent host status. Problem noted by 3529 Graeme Hewson of Oracle. 3530 Avoid getting into an endless loop if a non-hoststat directory exists 3531 within the hoststatus directory (e.g., lost+found). 3532 Patch from Valdis Kletnieks of Virginia Tech. 3533 Make sure Timeout.queuereturn=now returns a bounce message to the 3534 sender. Problem noted by Per Hedeland of Ericsson. 3535 If a message data file can't be opened at delivery time, panic and 3536 abort the attempt instead of delivering a message that 3537 states "<<< No Message Collected >>>". 3538 Fixup the GID checking code from 8.10.2 as it was overly 3539 restrictive. Problem noted by Mark G. Thomas of Mark 3540 G. Thomas Consulting. 3541 Preserve source port number instead of replacing it with the ident 3542 port number (113). 3543 Document the queue status characters in the mailq man page. 3544 Suggested by Ulrich Windl of the Universitat Regensburg. 3545 Process queued items in which none of the recipient addresses have 3546 host portions (or there are no recipients). Problem noted 3547 by Valdis Kletnieks of Virginia Tech. 3548 If a cached LDAP connection is used for multiple maps, make sure 3549 only the first to open the connection is allowed to close 3550 it so a later map close doesn't break the connection for 3551 other maps. Problem noted by Wolfgang Hottgenroth of UUNET. 3552 Netscape's LDAP libraries do not support Kerberos V4 3553 authentication. Patch from Rainer Schoepf of the 3554 University of Mainz. 3555 Provide workaround for inconsistent handling of data passed 3556 via callbacks to Cyrus SASL prior to version 1.5.23. 3557 Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission 3558 noted by Ulrich Windl of the Universitat Regensburg. 3559 Portability: 3560 Add the ability to read IPv6 interface addresses into class 3561 'w' under FreeBSD (and possibly others). From Jun 3562 Kuriyama of IMG SRC, Inc. and the FreeBSD Project. 3563 Replace code for finding the number of CPUs on HPUX. 3564 NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not 3565 work properly causing problems if the accept() 3566 fails and the socket needs to be reopened. Patch 3567 from Tom Moore of NCR. 3568 NetBSD uses a .0 extension of formatted man pages. From 3569 Andrew Brown of Crossbar Security. 3570 Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED 3571 for calls to getipnodebyname(). The Linux 3572 implementation is broken so AI_ADDRCONFIG is stripped 3573 under Linux. From John Beck of Sun Microsystems and 3574 John Kennedy of Cal State University, Chico. 3575 CONFIG: Catch invalid addresses containing a ',' at the wrong place. 3576 Patch from Neil Rickert of Northern Illinois University. 3577 CONFIG: New variables for the new sendmail options: 3578 confCACERT_PATH CACERTPath 3579 confCACERT CACERTFile 3580 confCLIENT_CERT ClientCertFile 3581 confCLIENT_KEY ClientKeyFile 3582 confDH_PARAMETERS DHParameters 3583 confRAND_FILE RandFile 3584 confSERVER_CERT ServerCertFile 3585 confSERVER_KEY ServerKeyFile 3586 CONFIG: Provide basic rulesets for TLS policy control and add new 3587 tags to the access database to support these policies. See 3588 cf/README for more information. 3589 CONFIG: Add TLS information to the Received: header. 3590 CONFIG: Call tls_client ruleset from check_mail in case it wasn't 3591 called due to a STARTTLS command. 3592 CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent 3593 instead of temporary. 3594 CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with 3595 the access map and relaying to a domain without using a To: 3596 tag. Problem noted by Mark G. Thomas of Mark G. Thomas 3597 Consulting. 3598 CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in 3599 OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of 3600 RootsWeb.com. 3601 CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and 3602 forwarding to make it as close to the old behavior as 3603 possible. Problem noted by George W. Baltz of the 3604 University of Maryland. 3605 CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From 3606 Wilfredo Sanchez of Apple Computer, Inc. 3607 CONFIG: Changed the map names used by FEATURE(`ldap_routing') from 3608 ldap_mailhost and ldap_mailroutingaddress to ldapmh and 3609 ldapmra as underscores in map names cause problems if 3610 underscore is in OperatorChars. Problem noted by Bob Zeitz 3611 of the University of Alberta. 3612 CONFIG: Apply blacklist_recipients also to hosts in class {w}. 3613 Patch from Michael Tratz of Esosoft Corporation. 3614 CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers. 3615 CONTRIB: Add link_hash.sh to create symbolic links to the hash 3616 of X.509 certificates. 3617 CONTRIB: passwd-to-alias.pl: More protection from special characters; 3618 treat special shells as root aliases; skip entries where the 3619 GECOS full name and username match. From Ulrich Windl of the 3620 Universitat Regensburg. 3621 CONTRIB: qtool.pl: Add missing last_modified_time method and fix a 3622 typo. Patch from Graeme Hewson of Oracle. 3623 CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue 3624 and sendmail. Patch from Graeme Hewson of Oracle. 3625 CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as 3626 subroutine Patch from Graeme Hewson of Oracle. 3627 CONTRIB: Add movemail.pl (move old mail messages between queues by 3628 calling re-mqueue.pl) and movemail.conf (configuration 3629 script for movemail.pl). From Graeme Hewson of Oracle. 3630 CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to 3631 makemap). From Derek J. Balling of Yahoo,Inc. 3632 DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any 3633 extension modifications (e.g., MAN8EXT) to the installation 3634 target. Patch from James Ralston of Carnegie Mellon 3635 University. 3636 DEVTOOLS: Add support for SunOS 5.9. 3637 DEVTOOLS: New option confLN contains the command used to create 3638 links. 3639 LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not 3640 reported. 3641 MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of 3642 Denman Tire Corporation. 3643 MAIL.LOCAL: Prevent a possible DoS attack when compiled with 3644 -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU. 3645 MAILSTATS: Fix usage statement (-p and -o are optional). 3646 MAKEMAP: Change man page layout as workaround for problem with nroff 3647 and -man on Solaris 7. Patch from Larry Williamson. 3648 RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of 3649 Black Diamond Equipment, Limited. 3650 RMAIL: Prevent a segmentation fault if the incoming message does not 3651 have a From line. 3652 VACATION: Read all of the headers before deciding whether or not 3653 to respond instead of stopping after finding recipient. 3654 Added Files: 3655 cf/ostype/darwin.m4 3656 contrib/cidrexpand 3657 contrib/link_hash.sh 3658 contrib/movemail.conf 3659 contrib/movemail.pl 3660 devtools/OS/SunOS.5.9 3661 test/t_snprintf.c 3662 36638.10.2/8.10.2 2000/06/07 3664 SECURITY: Work around broken Linux setuid() implementation. 3665 On Linux, a normal user process has the ability to subvert 3666 the setuid() call such that it is impossible for a root 3667 process to drop its privileges. Problem noted by Wojciech 3668 Purczynski of elzabsoft.pl. 3669 SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(), 3670 initgroups(), and chroot() calls. 3671 Added Files: 3672 test/t_setuid.c 3673 36748.10.1/8.10.1 2000/04/06 3675 SECURITY: Limit the choice of outgoing (client-side) SMTP 3676 Authentication mechanisms to those specified in 3677 AuthMechanisms to prevent information leakage. We do not 3678 recommend use of PLAIN for outgoing mail as it sends the 3679 password in clear text to possibly untrusted servers. See 3680 cf/README's DefaultAuthInfo section for additional information. 3681 Copy the ident argument for openlog() to avoid problems on some 3682 OSs. Based on patch from Rob Bajorek from Webhelp.com. 3683 Avoid bogus error message when reporting an alias line as too long. 3684 Avoid bogus socket error message if sendmail.cf version level is 3685 greater than sendmail binary supported version. Patch 3686 from John Beck of Sun Microsystems. 3687 Prevent a malformed ruleset (missing right hand side) from causing 3688 a segmentation fault when using address test mode. Based on 3689 patch from John Beck of Sun Microsystems. 3690 Prevent memory leak from use of NIS maps and yp_match(3). Problem 3691 noted by Gil Kloepfer of the University of Texas at Austin. 3692 Fix queue file permission checks to allow for TrustedUser ownership. 3693 Change logging of errors from the trust_auth ruleset to LogLevel 10 3694 or higher. 3695 Avoid simple password cracking attacks against SMTP AUTH by using 3696 exponential delay after too many tries within one connection. 3697 Encode an initial empty AUTH challenge as '=', not as empty string. 3698 Avoid segmentation fault on EX_SOFTWARE internal error logs. 3699 Problem noted by Allan E Johannesen of Worcester 3700 Polytechnic Institute. 3701 Ensure that a header check which resolves to $#discard actually 3702 discards the message. 3703 Emit missing value warnings for aliases with no right hand side 3704 when newaliases is run instead of only when delivery is 3705 attempted to the alias. 3706 Remove AuthOptions missing value warning for consistency with other 3707 flag options. 3708 Portability: 3709 SECURITY: Specify a run-time shared library search path for 3710 AIX 4.X instead of using the dangerous AIX 4.X 3711 linker semantics. AIX 4.X users should consult 3712 sendmail/README for further information. Problem 3713 noted by Valdis Kletnieks of Virginia Tech. 3714 Avoid use of strerror(3) call. Problem noted by Charles 3715 Levert of Ecole Polytechnique de Montreal. 3716 DGUX requires -lsocket -lnsl and has a non-standard install 3717 program. From Tim Boyer of Denman Tire Corporation. 3718 HPUX 11.0 has a broken res_search() function. 3719 Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X 3720 from J. P. McCann of E I A. 3721 Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3). 3722 Problem noted by Michael Long of Info Avenue Internet 3723 Services, LLC. 3724 Modern (post-199912) OpenBSD versions include working 3725 strlc{at,py}(3) functions. From Todd C. Miller of 3726 Courtesan Consulting. 3727 SINIX doesn't have random(3). From Gerald Rinske of 3728 Siemens Business Services. 3729 CONFIG: Change error message about unresolvable sender domain to 3730 include the sender address. Proposed by Wolfgang Rupprecht 3731 of WSRCC. 3732 CONFIG: Fix usenet mailer calls. 3733 CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS 3734 to be backward compatible with 8.9. 3735 CONFIG: Change handling of default case @domain for virtusertable 3736 to allow for +*@domain to deal with +detail. 3737 CONTRIB: Remove converting.sun.configs -- it is obsolete. 3738 DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki 3739 of NEC. 3740 DEVTOOLS: Add to NCR platform list and include the architecture 3741 (i486). From Tom J. Moore of NCR. 3742 DEVTOOLS: SECURITY: Change method of linking with sendmail utility 3743 libraries to work around the AIX 4.X and SunOS 4.X linker's 3744 overloaded -L option. Problem noted by Valdis Kletnieks of 3745 Virginia Tech. 3746 DEVTOOLS: configure.sh was overriding the user's choice for 3747 confNROFF. Problem noted by Glenn A. Malling of Syracuse 3748 University. 3749 DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added 3750 for other internal projects but included in the open source 3751 release. 3752 LIBSMDB: Check for ".db" instead of simply "db" at the end of the 3753 map name to determine whether or not to add the extension. 3754 This fixes makemap when building the userdb file. Problem 3755 noted by Andrew J Cole of the University of Leeds. 3756 LIBSMDB: Allow a database to be opened for updating and created if 3757 it doesn't already exist. Problem noted by Rand Wacker of 3758 Sendmail. 3759 LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are 3760 available, fall back to NDBM if NEWDB open fails. This 3761 fixes praliases. Patch from John Beck of Sun Microsystems. 3762 LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted 3763 as SFF_NOWRFILES. 3764 OP.ME: Clarify some issues regarding mailer flags. Suggested by 3765 Martin Mokrejs of The Charles University and Neil Rickert of 3766 Northern Illinois University. 3767 PRALIASES: Restore 8.9.X functionality of being able to search for 3768 particular keys in a database by specifying the keys on the 3769 command line. Man page updated accordingly. Patch from 3770 John Beck of Sun Microsystems. 3771 VACATION: SunOS 4.X portability from Charles Levert of Ecole 3772 Polytechnique de Montreal. 3773 VACATION: Fix -t option which is ignored but available for 3774 compatibility with Sun's version, based on patch from 3775 Volker Dobler of Infratest Burke. 3776 Added Files: 3777 devtools/M4/UNIX/smlib.m4 3778 devtools/OS/OSF1.V5.0 3779 Deleted Files: 3780 contrib/converting.sun.configs 3781 Deleted Directories (already done in 8.10.0 but not listed): 3782 doc/intro 3783 doc/usenix 3784 doc/changes 3785 37868.10.0/8.10.0 2000/03/01 3787 ************************************************************* 3788 * The engineering department at Sendmail, Inc. has suffered * 3789 * the tragic loss of a key member of our engineering team. * 3790 * Julie Van Bourg was the Vice President of Engineering * 3791 * at Sendmail, Inc. during the development and deployment * 3792 * of this release. It was her vision, dedication, and * 3793 * support that has made this release a success. Julie died * 3794 * on October 26, 1999 of cancer. We have lost a leader, a * 3795 * coach, and a friend. * 3796 * * 3797 * This release is dedicated to her memory and to the joy, * 3798 * strength, ideals, and hope that she brought to all of us. * 3799 * Julie, we miss you! * 3800 ************************************************************* 3801 SECURITY: The safe file checks now back track through symbolic 3802 links to make sure the files can't be compromised due 3803 to poor permissions on the parent directories of the 3804 symbolic link target. 3805 SECURITY: Only root, TrustedUser, and users in class t can rebuild 3806 the alias map. Problem noted by Michal Zalewski of the 3807 "Internet for Schools" project (IdS). 3808 SECURITY: There is a potential for a denial of service attack if 3809 the AutoRebuildAliases option is set as a user can kill the 3810 sendmail process while it is rebuilding the aliases file 3811 (leaving it in an inconsistent state). This option and 3812 its use is deprecated and will be removed from a future 3813 version of sendmail. 3814 SECURITY: Make sure all file descriptors (besides stdin, stdout, and 3815 stderr) are closed before restarting sendmail. Problem noted 3816 by Michal Zalewski of the "Internet for Schools" project 3817 (IdS). 3818 Begin using /etc/mail/ for sendmail related files. This affects 3819 a large number of files. See cf/README for more details. 3820 The directory structure of the distribution has changed slightly 3821 for easier code sharing among the programs. 3822 Support SMTP AUTH (see RFC 2554). New macros for this purpose 3823 are ${auth_authen}, ${auth_type}, and ${auth_author} 3824 which hold the client's authentication credentials, 3825 the mechanism used for authentication, and the 3826 authorization identity (i.e., the AUTH= parameter if 3827 supplied). Based on code contributed by Tim Martin of CMU. 3828 On systems which use the Torek stdio library (all of the BSD 3829 distributions), use memory-buffered files to reduce 3830 file system overhead by not creating temporary files on 3831 disk. Contributed by Exactis.com, Inc. 3832 New option DataFileBufferSize to control the maximum size of a 3833 memory-buffered data (df) file before a disk-based file is 3834 used. Contributed by Exactis.com, Inc. 3835 New option XscriptFileBufferSize to control the maximum size of a 3836 memory-buffered transcript (xf) file before a disk-based 3837 file is used. Contributed by Exactis.com, Inc. 3838 sendmail implements RFC 2476 (Message Submission), e.g., it can 3839 now listen on several different ports. Use: 3840 O DaemonPortOptions=Name=MSA, Port=587, M=E 3841 to run a Message Submission Agent (MSA); this is turned 3842 on by default in m4-generated .cf files; it can be turned 3843 off with FEATURE(`no_default_msa'). 3844 The 'XUSR' SMTP command is deprecated. Mail user agents should 3845 begin using RFC 2476 Message Submission for initial user 3846 message submission. XUSR may disappear from a future release. 3847 The new '-G' (relay (gateway) submission) command line option 3848 indicates that the message being submitted from the command 3849 line is for relaying, not initial submission. This means 3850 the message will be rejected if the addresses are not fully 3851 qualified and no canonicalization will be done. Future 3852 releases may even reject improperly formed messages. 3853 The '-U' (initial user submission) command line option is 3854 deprecated and may be removed from a future release. 3855 Mail user agents should begin using '-G' to indicate that 3856 this is a relay submission (the inverse of -U). 3857 The next release of sendmail will assume that any message submitted 3858 from the command line is an initial user submission and act 3859 accordingly. 3860 If sendmail doesn't have enough privileges to run a .forward 3861 program or deliver to file as the owner of that file, the 3862 address is marked as unsafe. This means if RunAsUser is 3863 set, users won't be able to use programs or delivery to 3864 files in their .forward files. Administrators can override 3865 this by setting the DontBlameSendmail option to the new 3866 setting NonRootSafeAddr. 3867 Allow group or world writable directories if the sticky bit is set 3868 on the directory and DontBlameSendmail is set to 3869 TrustStickyBit. Based on patch from Chris Metcalf of 3870 InCert Software. 3871 Prevent logging of unsafe directory paths for non-existent forward 3872 files if the new DontWarnForwardFileInUnsafeDirPath bit is 3873 set in the DontBlameSendmail option. Requested by many. 3874 New Timeout.control option to limit the total time spent satisfying 3875 a control socket request. 3876 New Timeout.resolver options for controlling BIND resolver 3877 settings: 3878 Timeout.resolver.retrans 3879 Sets the resolver's retransmission time interval (in 3880 seconds). Sets both Timeout.resolver.retrans.first 3881 and Timeout.resolver.retrans.normal. 3882 Timeout.resolver.retrans.first 3883 Sets the resolver's retransmission time interval (in 3884 seconds) for the first attempt to deliver a message. 3885 Timeout.resolver.retrans.normal 3886 Sets the resolver's retransmission time interval (in 3887 seconds) for all resolver lookups except the first 3888 delivery attempt. 3889 Timeout.resolver.retry 3890 Sets the number of times to retransmit a resolver 3891 query. Sets both Timeout.resolver.retry.first 3892 and Timeout.resolver.retry.normal. 3893 Timeout.resolver.retry.first 3894 Sets the number of times to retransmit a resolver 3895 query for the first attempt to deliver a message. 3896 Timeout.resolver.retry.normal 3897 Sets the number of times to retransmit a resolver 3898 query for all resolver lookups except the first 3899 delivery attempt. 3900 Contributed by Exactis.com, Inc. 3901 Support multiple queue directories. To use multiple queues, supply 3902 a QueueDirectory option value ending with an asterisk. For 3903 example, /var/spool/mqueue/q* will use all of the 3904 directories or symbolic links to directories beginning with 3905 'q' in /var/spool/mqueue as queue directories. Keep in 3906 mind, the queue directory structure should not be changed 3907 while sendmail is running. Queue runs create a separate 3908 process for running each queue unless the verbose flag is 3909 given on a non-daemon queue run. New items are randomly 3910 assigned to a queue. Contributed by Exactis.com, Inc. 3911 Support different directories for qf, df, and xf queue files; if 3912 subdirectories or symbolic links to directories of those names 3913 exist in the queue directories, they are used for the 3914 corresponding queue files. Keep in mind, the queue 3915 directory structure should not be changed while sendmail is 3916 running. Proposed by Mathias Koerber of Singapore 3917 Telecommunications Ltd. 3918 New queue file naming system which uses a filename guaranteed to be 3919 unique for 60 years. This allows queue IDs to be assigned 3920 without fancy file system locking. Queued items can be 3921 moved between queues easily. Contributed by Exactis.com, 3922 Inc. 3923 Messages which are undeliverable due to temporary address failures 3924 (e.g., DNS failure) will now go to the FallBackMX host, if 3925 set. Contributed by Exactis.com, Inc. 3926 New command line option '-L tag' which sets the identifier used for 3927 syslog. Contributed by Exactis.com, Inc. 3928 QueueSortOrder=Filename will sort the queue by filename. This 3929 avoids opening and reading each queue file when preparing 3930 to run the queue. Contributed by Exactis.com, Inc. 3931 Shared memory counters and microtimers functionality has been 3932 donated by Exactis.com, Inc. 3933 The SCCS ID tags have been replaced with RCS ID tags. 3934 Allow trusted users (those on a T line or in $=t) to set the 3935 QueueDirectory (Q) option without an X-Authentication-Warning: 3936 being added. Suggested by Michael K. Sanders. 3937 IPv6 support based on patches from John Kennedy of Cal State 3938 University, Chico, Motonori Nakamura of Kyoto University, 3939 and John Beck of Sun Microsystems. 3940 In low-disk space situations, where sendmail would previously refuse 3941 connections, still accept them, but only allow ETRN commands. 3942 Suggested by Mathias Koerber of Singapore Telecommunications 3943 Ltd. 3944 The [IPC] builtin mailer now allows delivery to a UNIX domain socket 3945 on systems which support them. This can be used with LMTP 3946 local delivery agents which listen on a named socket. An 3947 example mailer might be: 3948 Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n, 3949 S=10, R=20/40, T=DNS/RFC822/X-Unix, 3950 A=FILE /var/run/lmtpd 3951 Code contributed by Lyndon Nerenberg of Messaging Direct. 3952 The [TCP] builtin mailer name is now deprecated. Use [IPC] 3953 instead. 3954 The first mailer argument in the [IPC] mailer is now checked for a 3955 legitimate value. Possible values are TCP (for TCP/IP 3956 connections), IPC (which will be deprecated in a future 3957 version), and FILE (for UNIX domain socket delivery). 3958 PrivacyOptions=goaway no longer includes the noetrn and the noreceipts 3959 flags. 3960 PrivacyOptions=nobodyreturn instructs sendmail not to include the 3961 body of the original message on delivery status 3962 notifications. 3963 Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted 3964 by Dan Bernstein, fix from Robert Harker of Harker Systems. 3965 Accept the SMTP RSET command even when rejecting commands due to TCP 3966 Wrappers or the check_relay ruleset. Problem noted by 3967 Steve Schweinhart of America Online. 3968 Warn if OperatorChars is set multiple times. OperatorChars should 3969 not be set after rulesets are defined. Suggested by 3970 Mitchell Blank Jr of Exec-PC. 3971 Do not report temporary failure on delivery to files. In 3972 interactive delivery mode, this would result in two SMTP 3973 responses after the DATA command. Problem noted by 3974 Nik Conwell of Boston University. 3975 Check file close when mailing to files. Problem noted by Nik 3976 Conwell of Boston University. 3977 Avoid a segmentation fault when using the LDAP map. Patch from 3978 Curtis W. Hillegas of Princeton University. 3979 Always bind to the LDAP server regardless of whether you are using 3980 ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of 3981 @Home Network. 3982 New ruleset trust_auth to determine whether a given AUTH= 3983 parameter of the MAIL command should be trusted. See SMTP 3984 AUTH, cf/README, and doc/op/op.ps. 3985 Allow new named config file rules check_vrfy, check_expn, and 3986 check_etrn for VRFY, EXPN, and ETRN commands, respectively, 3987 similar to check_rcpt etc. 3988 Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr}, 3989 ${mail_mailer}, ${mail_host}, ${mail_addr} that hold 3990 the results of parsing the RCPT and MAIL arguments, i.e. 3991 the resolved triplet from $#mailer $@host $:addr. 3992 From Kari Hurtta of the Finnish Meteorological Institute. 3993 New macro ${client_resolve} which holds the result of the resolve 3994 call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed 3995 by Kari Hurtta of the Finnish Meteorological Institute. 3996 New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold 3997 the corresponding DSN parameter values. Proposed by 3998 Mathias Herberts. 3999 New macro ${msg_size} which holds the value of the SIZE= parameter, 4000 i.e., usually the size of the message (in an ESMTP dialogue), 4001 before the message has been collected, thereafter it holds 4002 the message size as computed by sendmail (and can be used 4003 in check_compat). 4004 The macro ${deliveryMode} now specifies the current delivery mode 4005 sendmail is using instead of the value of the DeliveryMode 4006 option. 4007 New macro ${ntries} holds the number of delivery attempts. 4008 Drop explicit From: if same as what would be generated only if it is 4009 a local address. From Motonori Nakamura of Kyoto University. 4010 Write pid to file also if sendmail only processes the queue. 4011 Proposed by Roy J. Mongiovi of Georgia Tech. 4012 Log "low on disk space" only when necessary. 4013 New macro ${load_avg} can be used to check the current load average. 4014 Suggested by Scott Gifford of The Internet Ramp. 4015 Return-Receipt-To: header implies DSN request if option RrtImpliesDsn 4016 is set. 4017 Flag -S for maps to specify the character which is substituted 4018 for spaces (instead of the default given by O BlankSub). 4019 Flag -D for maps: perform no lookup in deferred delivery mode. 4020 This flag is set by default for the host map. Based on a 4021 proposal from Ian MacPhedran of the University of Saskatchewan. 4022 Open maps only on demand, not at startup. 4023 Log warning about unsupported IP address families. 4024 New option MaxHeadersLength allows to specify a maximum length 4025 of the sum of all headers. This can be used to prevent 4026 a denial-of-service attack. 4027 New option MaxMimeHeaderLength which limits the size of MIME 4028 headers and parameters within those headers. This option 4029 is intended to protect mail user agents from buffer 4030 overflow attacks. 4031 Added option MaxAliasRecursion to specify the maximum depth of 4032 alias recursion. 4033 New flag F=6 for mailers to strip headers to seven bit. 4034 Map type syslog to log the key via syslogd. 4035 Entries in the alias file can be continued by putting a backslash 4036 directly before the newline. 4037 New option DeadLetterDrop to define the location of the system-wide 4038 dead.letter file, formerly hardcoded to 4039 /usr/tmp/dead.letter. If this option is not set (the 4040 default), sendmail will not attempt to save to a 4041 system-wide dead.letter file if it can not bounce the mail 4042 to the user nor postmaster. Instead, it will rename the qf 4043 file as it has in the past when the dead.letter file 4044 could not be opened. 4045 New option PidFile to define the location of the pid file. The 4046 value of this option is macro expanded. 4047 New option ProcessTitlePrefix specifies a prefix string for the 4048 process title shown in 'ps' listings. 4049 New macros for use with the PidFile and ProcessTitlePrefix options 4050 (along with the already existing macros): 4051 ${daemon_info} Daemon information, e.g. 4052 SMTP+queueing@00:30:00 4053 ${daemon_addr} Daemon address, e.g., 0.0.0.0 4054 ${daemon_family} Daemon family, e.g., inet, inet6, etc. 4055 ${daemon_name} Daemon name, e.g., MSA. 4056 ${daemon_port} Daemon port, e.g., 25 4057 ${queue_interval} Queue run interval, e.g., 00:30:00 4058 New macros especially for virtual hosting: 4059 ${if_name} hostname of interface of incoming connection. 4060 ${if_addr} address of interface of incoming connection. 4061 The latter is only set if the interface does not belong to the 4062 loopback net. 4063 If a message being accepted via a method other than SMTP and 4064 would be rejected by a header check, do not send the message. 4065 Suggested by Phil Homewood of Mincom Pty Ltd. 4066 Don't strip comments for header checks if $>+ is used instead of $>. 4067 Provide header value as quoted string in the macro 4068 ${currHeader} (possibly truncated to MAXNAME). Suggested by 4069 Jan Krueger of Unix-AG of University of Hannover. 4070 The length of the header value is stored in ${hdrlen}. 4071 H*: allows to specify a default ruleset for header checks. This 4072 ruleset will only be called if the individual header does 4073 not have its own ruleset assigned. Suggested by Jan 4074 Krueger of Unix-AG of University of Hannover. 4075 The name of the header field stored in ${hdr_name}. 4076 Comments (i.e., text within parentheses) in rulesets are not 4077 removed if the config file version is greater than or equal 4078 to 9. For example, "R$+ ( 1 ) $@ 1" matches the 4079 input "token (1)" but does not match "token". 4080 Avoid removing the Content-Transfer-Encoding MIME header on 4081 MIME messages. Problem noted by Sigurbjorn B. Larusson of 4082 Multimedia Consumer Services. Fix from Per Hedeland of 4083 Ericsson. 4084 Avoid duplicate Content-Transfer-Encoding MIME header on 4085 messages with 8-bit text in headers. Problem noted by 4086 Per Steinar Iversen of Oslo College. Fix from Per Hedeland 4087 of Ericsson. 4088 Avoid keeping maps locked longer than necessary when re-opening a 4089 modified database map file. Problem noted by Chris Adams 4090 of Renaissance Internet Services. 4091 Resolving to the $#error mailer with a temporary failure code (e.g., 4092 $#error $@ tempfail $: "400 Temporary failure") will now 4093 queue up the message instead of bouncing it. 4094 Be more liberal in acceptable responses to an SMTP RSET command as 4095 standard does not provide any indication of what to do when 4096 something other than 250 is received. Based on a patch 4097 from Steve Schweinhart of America Online. 4098 New option TrustedUser allows to specify a user who can own 4099 important files instead of root. This requires HASFCHOWN. 4100 Fix USERDB conditional so compiling with NEWDB or HESIOD and 4101 setting USERDB=0 works. Fix from Jorg Zanger of Schock. 4102 Fix another instance (similar to one in 8.9.3) of a network failure 4103 being mis-logged as "Illegal Seek" instead of whatever 4104 really went wrong. From John Beck of Sun Microsystems. 4105 $? tests also whether the macro is non-null. 4106 Print an error message if a mailer definition contains an invalid 4107 equate name. 4108 New mailer equate /= to specify a directory to chroot() into before 4109 executing the mailer program. Suggested by Igor Vinokurov. 4110 New mailer equate W= to specify the maximum time to wait for the 4111 mailer to return after sending all data to it. 4112 Only free memory from the process list when adding a new process 4113 into a previously filled slot. Previously, the memory was 4114 freed at removal time. Since removal can happen in a 4115 signal handler, this may leave the memory map in an 4116 inconsistent state. Problem noted by Jeff A. Earickson and 4117 David Cooley of Colby College. 4118 When using the UserDB @hostname catch-all, do not try to lookup 4119 local users in the passwd file. The UserDB code has 4120 already decided the message will be passed to another host 4121 for processing. Fix from Tony Landells of Burdett 4122 Buckeridge Young Limited. 4123 Support LDAP authorization via either a file containing the 4124 password or Kerberos V4 using the new map options 4125 '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The 4126 distinguished_name is who to login as. The method can be 4127 one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or 4128 LDAP_AUTH_KRBV4. The filename is the file containing the 4129 secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos 4130 ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense 4131 of Stanford University. 4132 The ldapx map has been renamed to ldap. The use of ldapx is 4133 deprecated and will be removed in a future version. 4134 If the result of an LDAP search returns a multi-valued attribute 4135 and the map has the column delimiter set, it turns that 4136 response into a delimiter separated string. The LDAP map 4137 will traverse multiple entries as well. LDAP alias maps 4138 automatically set the column delimiter to the comma. 4139 Based on patch from Booker Bense of Stanford University and 4140 idea from Philip A. Prindeville of Mirapoint, Inc. 4141 Support return of multiple values for a single LDAP lookup. The 4142 values to be returned should be in a comma separated string. 4143 For example, `-v "email,emailother"'. Patch from 4144 Curtis W. Hillegas of Princeton University. 4145 Allow the use of LDAP for alias maps. 4146 If no LDAP attributes are specified in an LDAP map declaration, all 4147 attributes found in the match will be returned. 4148 Prevent commas in quoted strings in the AliasFile value from 4149 breaking up a single entry into multiple entries. This is 4150 needed for LDAP alias file specifications to allow for 4151 comma separated key and value strings. 4152 Keep connections to LDAP server open instead of opening and closing 4153 for each lookup. To reduce overhead, sendmail will cache 4154 connections such that multiple maps which use the same 4155 host, port, bind DN, and authentication will only result in 4156 a single connection to that host. 4157 Put timeout in the proper place for USE_LDAP_INIT. 4158 Be more careful about checking for errors and freeing memory on 4159 LDAP lookups. 4160 Use asynchronous LDAP searches to save memory and network 4161 resources. 4162 Do not copy LDAP query results if the map's match only flag is set. 4163 Increase portability to the Netscape LDAP libraries. 4164 Change the parsing of the LDAP filter specification. '%s' is still 4165 replaced with the literal contents of the map lookup key -- 4166 note that this means a lookup can be done using the LDAP 4167 special characters. The new '%0' token can be used instead 4168 of '%s' to encode the key buffer according to RFC 2254. 4169 For example, if the LDAP map specification contains '-k 4170 "(user=%s)"' and a lookup is done on "*", this would be 4171 equivalent to '-k "(user=*)"' -- matching ANY record with a 4172 user attribute. Instead, if the LDAP map specification 4173 contains '-k "(user=%0)"' and a lookup is done on "*", this 4174 would be equivalent to '-k "(user=\2A)"' -- matching a user 4175 with the name "*". 4176 New LDAP map flags: "-1" requires a single match to be returned, if 4177 more than one is returned, it is equivalent to no records 4178 being found; "-r never|always|search|find" sets the LDAP 4179 alias dereference option; "-Z size" limits the number of 4180 matches to return. 4181 New option LDAPDefaultSpec allows a default map specification for 4182 LDAP maps. The value should only contain LDAP specific 4183 settings such as "-h host -p port -d bindDN", etc. The 4184 settings will be used for all LDAP maps unless they are 4185 specified in the individual map specification ('K' 4186 command). This option should be set before any LDAP maps 4187 are defined. 4188 Prevent an NDBM alias file opening loop when the NDBM open 4189 continually fails. Fix from Roy J. Mongiovi of Georgia 4190 Tech. 4191 Reduce memory utilization for smaller symbol table entries. In 4192 particular, class entries get much smaller, which can be 4193 important if you have large classes. 4194 On network-related temporary failures, record the hostname which 4195 gave error in the queued status message. Requested by 4196 Ulrich Windl of the Universitat Regensburg. 4197 Add new F=% mailer flag to allow for a store and forward 4198 configuration. Mailers which have this flag will not attempt 4199 delivery on initial receipt of a message or on queue runs 4200 unless the queued message is selected using one of the 4201 -qI/-qR/-qS queue run modifiers or an ETRN request. Code 4202 provided by Philip Guenther of Gustavus Adolphus College. 4203 New option ControlSocketName which, when set, creates a daemon 4204 control socket. This socket allows an external program to 4205 control and query status from the running sendmail daemon 4206 via a named socket, similar to the ctlinnd interface to the 4207 INN news server. Access to this interface is controlled by 4208 the UNIX file permissions on the named socket on most UNIX 4209 systems (see sendmail/README for more information). An 4210 example control program is provided as contrib/smcontrol.pl. 4211 Change the default values of QueueLA from 8 to (8 * numproc) and 4212 RefuseLA from 12 to (12 * numproc) where numproc is the 4213 number of processors online on the system (if that can be 4214 determined). For single processor machines, this change 4215 has no effect. 4216 Don't return body of message to postmaster on "Too many hops" bounces. 4217 Based on fix from Motonori Nakamura of Kyoto University. 4218 Give more detailed DSN descriptions for some cases. Patch from 4219 Motonori Nakamura of Kyoto University. 4220 Logging of alias, forward file, and UserDB expansion now happens 4221 at LogLevel 11 or higher instead of 10 or higher. 4222 Logging of an envelope's complete delivery (the "done" message) now 4223 happens at LogLevel 10 or higher instead of 11 or higher. 4224 Logging of TCP/IP or UNIX standard input connections now happens at 4225 LogLevel 10 or higher. Previously, only TCP/IP connections 4226 were logged, and on at LogLevel 12 or higher. Setting 4227 LogLevel to 10 will now assist users in tracking frequent 4228 connection-based denial of service attacks. 4229 Log basic information about authenticated connections at LogLevel 4230 10 or higher. 4231 Log SMTP Authentication mechanism and author when logging the sender 4232 information (from= syslog line). 4233 Log the DSN code for each recipient if one is available as a new 4234 equate (dsn=). 4235 Macro expand PostmasterCopy and DoubleBounceAddress options. 4236 New "ph" map for performing ph queries in rulesets, see 4237 sendmail/README for details. Contributed by Mark Roth 4238 of the University of Illinois at Urbana-Champaign. 4239 Detect temporary lookup failures in the host map if looking up a 4240 bracketed IP address. Problem noted by Kari Hurtta of the 4241 Finnish Meteorological Institute. 4242 Do not report a Remote-MTA on local deliveries. Problem noted by 4243 Kari Hurtta of the Finnish Meteorological Institute. 4244 When a forward file points to an alias which runs a program, run 4245 the program as the default user and the default group, not 4246 the forward file user. This change also assures the 4247 :include: directives in aliases are also processed using 4248 the default user and group. Problem noted by Sergiu 4249 Popovici of DNT Romania. 4250 Prevent attempts to save a dead.letter file for a user with 4251 no home directory (/no/such/directory). Problem noted by 4252 Michael Brown of Finnigan FT/MS. 4253 Include message delay and number of tries when logging that a 4254 message has been completely delivered (LogLevel of 10 or 4255 above). Suggested by Nick Hilliard of Ireland Online. 4256 Log the sender of a message even if none of the recipients were 4257 accepted. If some of the recipients were rejected, it is 4258 helpful to know the sender of the message. 4259 Check the root directory (/) when checking a path for safety. 4260 Problem noted by John Beck of Sun Microsystems. 4261 Prevent multiple responses to the DATA command if DeliveryMode is 4262 interactive and delivering to an alias which resolves to 4263 multiple files. 4264 Macros in the helpfile are expanded if the helpfile version is 2 or 4265 greater (see below); the help function doesn't print the 4266 version of sendmail any longer, instead it is placed in 4267 the helpfile ($v). Suggested by Chuck Foster of UUNET 4268 PIPEX. Additionally, comment lines (starting with #) are 4269 skipped and a version line (#vers) is introduced. The 4270 helpfile version for 8.10.0 is 2, if no version or an older 4271 version is found, a warning is logged. The '#vers' 4272 directive should be placed at the top of the help file. 4273 Use fsync() when delivering to a file to guarantee the delivery to 4274 disk succeeded. Suggested by Nick Christenson. 4275 If delivery to a file is unsuccessful, truncate the file back to its 4276 length before the attempt. 4277 If a forward points to a filename for delivery, change to the 4278 user's uid before checking permissions on the file. This 4279 allows delivery to files on NFS mounted directories where 4280 root is remapped to nobody. Problem noted by Harald 4281 Daeubler of Universitaet Ulm. 4282 purgestat and sendmail -bH purge only expired (Timeout.hoststatus) 4283 host status files, not all files. 4284 Any macros stored in the class $={persistentMacros} will be saved 4285 in the queue file for the message and set when delivery 4286 is attempted on the queued item. Suggested by Kyle Jones of 4287 Wonderworks Inc. 4288 Add support for storing information between rulesets using the new 4289 macro map class. This can be used to store information 4290 between queue runs as well using $={persistentMacros}. 4291 Based on an idea from Jan Krueger of Unix-AG of University 4292 of Hannover. 4293 New map class arith to allow for computations in rules. The 4294 operation (+, -, *, /, l (for less than), and =) is given 4295 as key. The two operands are specified as arguments; the 4296 lookup returns the result of the computation. For example, 4297 "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and 4298 "$(arith + $@ 4 $@ 2 $)" will return "6". 4299 Add new syntax for header declarations which decide whether to 4300 include the header based on a macro rather than a mailer 4301 flag: 4302 H?${MyMacro}?X-My-Header: ${MyMacro} 4303 This should be used along with $={persistentMacros}. 4304 It can be used for adding headers to a message based on 4305 the results of check_* and header check rulesets. 4306 Allow new named config file rule check_eoh which is called after 4307 all of the headers have been collected. The input to the 4308 ruleset the number of headers and the size of all of the 4309 headers in bytes separated by $|. This ruleset along with 4310 the macro storage map can be used to correlate information 4311 gathered between headers and to check for missing headers. 4312 See cf/README or doc/op/op.ps for an example. 4313 Change the default for the MeToo option to True to correspond 4314 to the clarification in the DRUMS SMTP Update spec. This 4315 option is deprecated and will be removed from a future 4316 version. 4317 Change the sendmail binary default for SendMimeErrors to True. 4318 Change the sendmail binary default for SuperSafe to True. 4319 Display ruleset names in debug and address test mode output 4320 if referencing a named ruleset. 4321 New mailer equate m= which will limit the number of messages 4322 delivered per connection on an SMTP or LMTP mailer. 4323 Improve QueueSortOrder=Host by reversing the hostname before 4324 using it to sort. Now all the same domains are really run 4325 through the queue together. If they have the same MX host, 4326 then they will have a much better opportunity to use the 4327 connection cache if available. This should be a reasonable 4328 performance improvement. Patch from Randall Winchester of 4329 the University of Maryland. 4330 If a message is rejected by a header check ruleset, log who would 4331 have received the message if it had not been rejected. 4332 New "now" value for Timeout.queuereturn to bounce entries from the 4333 queue immediately. No delivery attempt is made. 4334 Increase sleeping time exponentially after too many "bad" commands 4335 up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}- 4336 COMMANDS). 4337 New option ClientPortOptions similar to DaemonPortOptions 4338 but for outgoing connections. 4339 New suboptions for DaemonPortOptions: Name (a name used for 4340 error messages and logging) and Modifiers, i.e. 4341 a require authentication 4342 b bind to interface through which mail has 4343 been received 4344 c perform hostname canonification 4345 f require fully qualified hostname 4346 h use name of interface for outgoing HELO 4347 command 4348 C don't perform hostname canonification 4349 E disallow ETRN (see RFC 2476) 4350 New suboption for ClientPortOptions: Modifiers, i.e. 4351 h use name of interface for HELO command 4352 The version number for queue files (qf) has been incremented to 4. 4353 Log unacceptable HELO/EHLO domain name attempts if LogLevel is set 4354 to 10 or higher. Suggested by Rick Troxel of the National 4355 Institutes of Health. 4356 If a mailer dies, print the status in decimal instead of octal 4357 format. Suggested by Michael Shapiro of Sun Microsystems. 4358 Limit the length of all MX records considered for delivery to 8k. 4359 Move message priority from sender to recipient logging. Suggested by 4360 Ulrich Windl of the Universitat Regensburg. 4361 Add support for Berkeley DB 3.X. 4362 Add fix for Berkeley DB 2.X fcntl() locking race condition. 4363 Requires a post-2.7.5 version of Berkeley DB. 4364 Support writing traffic log (sendmail -X option) to a FIFO. 4365 Patch submitted by Rick Heaton of Network Associates, Inc. 4366 Do not ignore Timeout settings in the .cf file when a Timeout 4367 sub-options is set on the command line. Problem noted by 4368 Graeme Hewson of Oracle. 4369 Randomize equal preference MX records each time delivery is 4370 attempted via a new connection to a host instead of once per 4371 session. Suggested by Scott Salvidio of Compaq. 4372 Implement enhanced status codes as defined by RFC 2034. 4373 Add [hostname] to class w for the names of all interfaces unless 4374 DontProbeInterfaces is set. This is useful for sending mails 4375 to hosts which have dynamically assigned names. 4376 If a message is bounced due to bad MIME conformance, avoid bouncing 4377 the bounce for the same reason. If the body is not 8-bit 4378 clean, and EightBitMode isn't set to pass8, the body will 4379 not be included in the bounce. Problem noted by Valdis 4380 Kletnieks of Virginia Tech. 4381 The timeout for sending a message via SMTP has been changed from 4382 '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which 4383 simply checks for progress on sending data every 5 minutes. 4384 This will detect the inability to send information quicker 4385 and reduce the number of processes simply waiting to 4386 timeout. 4387 Prevent a segmentation fault on systems which give a partial filled 4388 interface address structure when loading the system network 4389 interface addresses. Fix from Reinier Bezuidenhout of 4390 Nanoteq. 4391 Add a compile-time configuration macro, MAXINTERFACES, which 4392 indicates the number of interfaces to read when probing 4393 for hostnames and IP addresses for class w ($=w). The 4394 default value is 512. Based on idea from Reinier 4395 Bezuidenhout of Nanoteq. 4396 If the RefuseLA option is set to 0, do not reject connections based 4397 on load average. 4398 Allow ruleset 0 to have a name. Problem noted by Neil Rickert of 4399 Northern Illinois University. 4400 Expand the Return-Path: header at delivery time, after "owner-" 4401 envelope splitting has occurred. 4402 Don't try to sort the queue if there are no entries. Patch from 4403 Luke Mewburn from RMIT University. 4404 Add a "/quit" command to address test mode. 4405 Include the proper sender in the UNIX "From " line and Return-Path: 4406 header when undeliverable mail is saved to ~/dead.letter. 4407 Problem noted by Kari Hurtta of the Finnish Meteorological 4408 Institute. 4409 The contents of a class can now be copied to another class using 4410 the syntax: "C{Dest} $={Source}". This would copy all of 4411 the items in class $={Source} into the class $={Dest}. 4412 Include original envelope's error transcript in bounces created for 4413 split (owner-) envelopes to see the original errors when 4414 the recipients were added. Based on fix from Motonori 4415 Nakamura of Kyoto University. 4416 Show reason for permanent delivery errors directly after the 4417 addresses. From Motonori Nakamura of Kyoto University. 4418 Prevent a segmentation fault when bouncing a split-envelope 4419 message. Patch from Motonori Nakamura of Kyoto University. 4420 If the specification for the queue run interval (-q###) has a 4421 syntax error, consider the error fatal and exit. 4422 Pay attention to CheckpointInterval during LMTP delivery. Problem 4423 noted by Motonori Nakamura of Kyoto University. 4424 On operating systems which have setlogin(2), use it to set the 4425 login name to the RunAsUserName when starting as a daemon. 4426 This is for delivery to programs which use getlogin(). 4427 Based on fix from Motonori Nakamura of Kyoto University. 4428 Differentiate between "command not implemented" and "command 4429 unrecognized" in the SMTP dialogue. 4430 Strip returns from forward and include files. Problem noted by 4431 Allan E Johannesen of Worcester Polytechnic Institute. 4432 Prevent a core dump when using 'sendmail -bv' on an address which 4433 resolves to the $#error mailer with a temporary failure. 4434 Based on fix from Neil Rickert of Northern Illinois 4435 University. 4436 Prevent multiple deliveries of a message with a "non-local alias" 4437 pointing to a local user, if canonicalization fails 4438 the message was requeued *and* delivered to the alias. 4439 If an invalid ruleset is declared, the ruleset name could be 4440 ignored and its rules added to S0. Instead, ignore the 4441 ruleset lines as well. 4442 Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient 4443 success DSN fields as well as duplicate entries for a 4444 single address due to S5 and UserDB processing. Problems 4445 noted by Kari Hurtta of the Finnish Meteorological 4446 Institute. 4447 Turn off timeouts when exiting sendmail due to an interrupt signal 4448 to prevent the timeout from firing during the exit process. 4449 Problem noted by Michael Shapiro of Sun Microsystems. 4450 Do not append @MyHostName to non-RFC822 addresses output by the EXPN 4451 command or on Final-Recipient: and X-Actual-Recipient: DSN 4452 headers. Non-RFC822 addresses include deliveries to 4453 programs, file, DECnet, etc. 4454 Fix logic for determining if a local user is using -f or -bs to 4455 spoof their return address. Based on idea from Neil Rickert 4456 of Northern Illinois University and patch from Per Hedeland 4457 of Ericsson. 4458 Report the proper UID in the bounce message if an :include: file is 4459 owned by a uid that doesn't map to a username and the 4460 :include: file contains delivery to a file or program. 4461 Problem noted by John Beck of Sun Microsystems. 4462 Avoid the attempt of trying to send a second SMTP QUIT command if 4463 the remote server responds to the first QUIT with a 4xx 4464 response code and drops the connection. This behavior was 4465 noted by Ulrich Windl of the Universitat Regensburg when 4466 sendmail was talking to the Mercury 1.43 MTA. 4467 If a hostname lookup times out and ServiceSwitchFile is set but the 4468 file is not present, the lookup failure would be marked as 4469 a permanent failure instead of a temporary failure. Fix 4470 from Russell King of the ARM Linux Project. 4471 Handle aliases or forwards which deliver to programs using tabs 4472 instead of spaces between arguments. Problem noted by Randy 4473 Wormser. Fix from Neil Rickert of Northern Illinois 4474 University. 4475 Allow MaxRecipientsPerMessage option to be set on the command line 4476 by normal users (e.g., sendmail won't drop its root 4477 privileges) to allow overrides for message submission via 4478 'sendmail -bs'. 4479 Set the names for help file and statistics file to "helpfile" and 4480 "statistics", respectively, if no parameters are given for 4481 them in the .cf file. 4482 Avoid bogus 'errbody: I/O Error -7' log messages when sending 4483 success DSN messages for messages relayed to non-DSN aware 4484 systems. Problem noted by Juergen Georgi of RUS University 4485 of Stuttgart and Kyle Tucker of Parexel International. 4486 Prevent +detail information from interfering with local delivery to 4487 multiple users in the same transaction (F=m). 4488 Add H_FORCE flag for the X-Authentication-Warning: header, so it 4489 will be added even if one already exists. Problem noted 4490 by Michal Zalewski of Marchew Industries. 4491 Stop processing SMTP commands if the SMTP connection is dropped. 4492 This prevents a remote system from flooding the connection 4493 with commands and then disconnecting. Previously, the 4494 server would process all of the buffered commands. Problem 4495 noted by Michal Zalewski of Marchew Industries. 4496 Properly process user-supplied headers beginning with '?'. Problem 4497 noted by Michal Zalewski of Marchew Industries. 4498 If multiple header checks resolve to the $#error mailer, use the 4499 last permanent (5XX) failure if any exist. Otherwise, use 4500 the last temporary (4XX) failure. 4501 RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch 4502 from Ronald F. Guilmette of Infinite Monkeys & Co. 4503 Timeout.ident now defaults to 5 seconds instead of 30 seconds to 4504 prevent the now common delays associated with mailing to a 4505 site which drops IDENT packets. Suggested by many. 4506 Persistent host status data is not reloaded disk when current data 4507 is available in the in-memory cache. Problem noted by Per 4508 Hedeland of Ericsson. 4509 mailq displays unprintable characters in addresses as their octal 4510 representation and a leading backslash. This avoids problems 4511 with "unprintable" characters. Problem noted by Michal 4512 Zalewski of the "Internet for Schools" project (IdS). 4513 The mail line length limit (L= equate) was adding the '!' indicator 4514 one character past the limit. This would cause subsequent 4515 hops to break the line again. The '!' is now placed in 4516 the last column of the limit if the line needs to be broken. 4517 Problem noted by Joe Pruett of Q7 Enterprises. Based on fix 4518 from Per Hedeland of Ericsson. 4519 If a resolver ANY query is larger than the UDP packet size, the 4520 resolver will fall back to TCP. However, some 4521 misconfigured firewalls black 53/TCP so the ANY lookup 4522 fails whereas an MX or A record might succeed. Therefore, 4523 don't fail on ANY queries. 4524 If an SMTP recipient is rejected due to syntax errors in the 4525 address, do not send an empty postmaster notification DSN 4526 to the postmaster. Problem noted by Neil Rickert of 4527 Northern Illinois University. 4528 Allow '_' and '.' in map names when parsing a sequence map 4529 specification. Patch from William Setzer of North Carolina 4530 State University. 4531 Fix hostname in logging of read timeouts for the QUIT command on 4532 cached connections. Problem noted by Neil Rickert of 4533 Northern Illinois University. 4534 Use a more descriptive entry to log "null" connections, i.e., 4535 "host did not issue MAIL/EXPN/VRFY/ETRN during connection". 4536 Fix a file descriptor leak in ONEX mode. 4537 Portability: 4538 Reverse signal handling logic such that sigaction(2) with 4539 the SA_RESTART flag is the preferred method and the 4540 other signal methods are only tried if SA_RESTART 4541 is not available. Problem noted by Allan E 4542 Johannesen of Worcester Polytechnic Institute. 4543 AIX 4.x supports the sa_len member of struct sockaddr. 4544 This allows network interface probing to work 4545 properly. Fix from David Bronder of the 4546 University of Iowa. 4547 AIX 4.3 has snprintf() support. 4548 Use "PPC" as the architecture name when building under 4549 AIX. This will be reflected in the obj.* directory 4550 name. 4551 Apple Darwin support based on Apple Rhapsody port. 4552 Fixed AIX 'make depend' method from Valdis Kletnieks of 4553 Virginia Tech. 4554 Digital UNIX has uname(2). 4555 GNU Hurd updates from Mark Kettenis of the University of 4556 Amsterdam. 4557 Improved HPUX 11.0 portability. 4558 Properly determine the number of CPUs on FreeBSD 2.X, 4559 FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X. 4560 Remove special IRIX ABI cases from Build script and the OS 4561 files. Use the standard 'cc' options used by SGI 4562 in building the operating system. Users can 4563 override the defaults by setting confCC and 4564 confLIBSEARCHPATH appropriately. 4565 IRIX nsd map support from Bob Mende of SGI. 4566 Minor devtools fixes for IRIX from Bob Mende of SGI. 4567 Linux patch for IP_SRCROUTE support from Joerg Dorchain 4568 of MW EDV & ELECTRONIC. 4569 Linux now uses /usr/sbin for confEBINDIR in the build 4570 system. From MATSUURA Takanori of Osaka University. 4571 Remove special treatment for Linux PPC in the build 4572 system. From MATSUURA Takanori of Osaka University. 4573 Motorolla UNIX SYSTEM V/88 Release 4.0 support from 4574 Sergey Rusanov of the Republic of Udmurtia. 4575 NCR MP-RAS 3.x includes regular expression support. From 4576 Tom J. Moore of NCR. 4577 NEC EWS-UX/V series settings for _PATH_VENDOR_CF and 4578 _PATH_SENDMAILPID from Oota Toshiya of 4579 NEC Computers Group Planning Division. 4580 Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D. 4581 NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and 4582 1024 in conf.h. Since confENVDEF would be used, 4583 use that value in conf.h. 4584 Use NeXT's NETINFO to get domain name. From Gerd Knops of 4585 BITart Consulting. 4586 Use NeXT's NETINFO for alias and hostname resolution if 4587 AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are 4588 defined. Patch from Wilfredo Sanchez of Apple 4589 Computer, Inc. 4590 NeXT portability tweaks. Problems reported by Dragan 4591 Milicic of the University of Utah and J. P. McCann 4592 of E I A. 4593 New compile flag FAST_PID_RECYCLE: set this if your system 4594 can reuse the same PID in the same second. 4595 New compile flag HASFCHOWN: set this if your OS has 4596 fchown(2). 4597 New compile flag HASRANDOM: set this to 0 if your OS does 4598 not have random(3). rand() will be used instead. 4599 New compile flag HASSRANDOMDEV: set this if your OS has 4600 srandomdev(3). 4601 New compile flag HASSETLOGIN: set this if your OS has 4602 setlogin(2). 4603 Replace SINIX and ReliantUNIX support with version 4604 specific SINIX files. From Gerald Rinske of 4605 Siemens Business Services. 4606 Use the 60-second load average instead of the 5 second load 4607 average on Compaq Tru64 UNIX (formerly Digital 4608 UNIX). From Chris Teakle of the University of Qld. 4609 Use ANSI C by default for Compaq Tru64 UNIX. Suggested by 4610 Randall Winchester of Swales Aerospace. 4611 Correct setgroups() prototype for Compaq Tru64 UNIX. 4612 Problem noted by Randall Winchester of Swales 4613 Aerospace. 4614 Hitachi 3050R/3050RX and 3500 Workstations running 4615 HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori 4616 NAKAMURA of Kyoto University. 4617 New compile flag NO_GETSERVBYNAME: set this to disable 4618 use of getservbyname() on systems which can 4619 not lookup a service by name over NIS, such as 4620 HI-UX. Patch from Motonori NAKAMURA of Kyoto 4621 University. 4622 Use devtools/bin/install.sh on SCO 5.x. Problem noted 4623 by Sun Wenbing of the China Engineering and 4624 Technology Information Network. 4625 make depend didn't work properly on UNIXWARE 4.2. Problem 4626 noted by Ariel Malik of Netology, Ltd. 4627 Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 4628 Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD, 4629 and OpenBSD. 4630 A recent Compaq Ultrix 4.5 Y2K patch has broken detection 4631 of local_hostname_length(). See sendmail/README 4632 for more details. Problem noted by Allan E 4633 Johannesen of Worcester Polytechnic Institute. 4634 CONFIG: Begin using /etc/mail/ for sendmail related files. This 4635 affects a large number of files. See cf/README for more 4636 details. 4637 CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including 4638 trailing slash) for the mail settings directory. 4639 CONFIG: Increment version number of config file to 9. 4640 CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been 4641 deprecated and may be removed from a future release. 4642 BSD/OS users should begin using OSTYPE(`bsdi'). 4643 CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This 4644 requires a new OSTYPE(`openbsd'). From Todd C. Miller of 4645 Courtesan Consulting. 4646 CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X. 4647 CONFIG: A syntax error in check_mail would cause fake top-level 4648 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to 4649 be improperly rejected as unresolvable. 4650 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of 4651 DNS server, rejection message) and can be included 4652 multiple times. 4653 CONFIG: New FEATURE(`relay_mail_from') allows relaying if the 4654 mail sender is listed as RELAY in the access map (and tagged 4655 with From:). 4656 CONFIG: Optional tagging of LHS in the access map (Connect:, 4657 From:, To:) to enable finer control. 4658 CONFIG: New FEATURE(`ldap_routing') implements LDAP address 4659 routing. See cf/README for a complete description of the 4660 new functionality. 4661 CONFIG: New variables for the new sendmail options: 4662 confAUTH_MECHANISMS AuthMechanisms 4663 confAUTH_OPTIONS AuthOptions 4664 confCLIENT_OPTIONS ClientPortOptions 4665 confCONTROL_SOCKET_NAME ControlSocketName 4666 confDEAD_LETTER_DROP DeadLetterDrop 4667 confDEF_AUTH_INFO DefaultAuthInfo 4668 confDF_BUFFER_SIZE DataFileBufferSize 4669 confLDAP_DEFAULT_SPEC LDAPDefaultSpec 4670 confMAX_ALIAS_RECURSION MaxAliasRecursion 4671 confMAX_HEADERS_LENGTH MaxHeadersLength 4672 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 4673 confPID_FILE PidFile 4674 confPROCESS_TITLE_PREFIX ProcessTitlePrefix 4675 confRRT_IMPLIES_DSN RrtImpliesDsn 4676 confTO_CONTROL Timeout.control 4677 confTO_RESOLVER_RETRANS Timeout.resolver.retrans 4678 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 4679 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 4680 confTO_RESOLVER_RETRY Timeout.resolver.retry 4681 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 4682 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 4683 confTRUSTED_USER TrustedUser 4684 confXF_BUFFER_SIZE XscriptFileBufferSize 4685 CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(), 4686 which takes the options as argument and can be used 4687 multiple times; see cf/README for details. 4688 CONFIG: Add a fifth mailer definition to MAILER(`smtp') called 4689 "dsmtp". This mail provides on-demand delivery using the 4690 F=% mailer flag described above. The "dsmtp" mailer 4691 definition uses the new DSMTP_MAILER_ARGS which defaults 4692 to "IPC $h". 4693 CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS, 4694 and RELAY_MAILER_MAXMSGS for setting the m= equate for the 4695 local, smtp, and relay mailers respectively. 4696 CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting 4697 the DSN Diagnostic-Code type for the local mailer. The 4698 value should be changed with care. 4699 CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type 4700 for the local mailer to the proper value of "SMTP". 4701 CONFIG: All included maps are no longer optional by default; if 4702 there there is a problem with a map, sendmail will 4703 complain. 4704 CONFIG: Removed root from class E; use EXPOSED_USER(`root') 4705 to get the old behavior. Suggested by Joe Pruett 4706 of Q7 Enterprises. 4707 CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which 4708 will not be masqueraded. Proposed by Arne Wichmann 4709 of MPI Saarbruecken, Griff Miller of PGS Tensor, 4710 Jayme Cox of Broderbund Software Inc. 4711 CONFIG: A list of exceptions for FEATURE(`nocanonify') can be 4712 specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 4713 i.e., a list of domains which are passed to $[ ... $] 4714 for canonification. Based on an idea from Neil Rickert 4715 of Northern Illinois University. 4716 CONFIG: If `canonify_hosts' is specified as parameter for 4717 FEATURE(`nocanonify') then addresses which have only 4718 a hostname, e.g., <user@host>, will be canonified. 4719 CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is 4720 nevertheless added to addresses with more than one component 4721 in it. 4722 CONFIG: Canonification is no longer attempted for any host or domain 4723 in class 'P' ($=P). 4724 CONFIG: New class for matching virtusertable entries $={VirtHost} that 4725 can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE. 4726 FEATURE(`virtuser_entire_domain') can be used to apply this 4727 class also to entire subdomains. Hosts in this class are 4728 treated as canonical in SCanonify2, i.e., a trailing dot 4729 is added. 4730 CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used, 4731 include $={VirtHost} in $=R (hosts allowed to relay). 4732 CONFIG: FEATURE(`generics_entire_domain') can be used to apply the 4733 genericstable also to subdomains of $=G. 4734 CONFIG: Pass "+detail" as %2 for virtusertable lookups. 4735 Patch from Noam Freedman from University of Chicago. 4736 CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested 4737 by Raymond S Brand of rsbx.net. 4738 CONFIG: Allow @domain in genericstable to override masquerading. 4739 Suggested by Owen Duffy from Owen Duffy & Associates. 4740 CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve 4741 Hubert of University of Washington. 4742 CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as 4743 GNU is now the canonical system name. From Mark 4744 Kettenis of the University of Amsterdam. 4745 CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman. 4746 CONFIG: Do not include '=' in option expansion if there is no value 4747 associated with the option. From Andrew Brown of 4748 Graffiti World Wide, Inc. 4749 CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed 4750 by Philip A. Prindeville of Enteka Enterprise Technology 4751 Services. 4752 CONFIG: MAILER(`cyrus') was not preserving case for mail folder 4753 names. Problem noted by Randall Winchester of Swales 4754 Aerospace. 4755 CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags 4756 for the relay mailer. Suggested by Doug Hughes of Auburn 4757 University and Brian Candler. 4758 CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path: 4759 header) by default. Suggested by Per Hedeland of Ericsson. 4760 CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host]. 4761 Suggested by Kari Hurtta of the Finnish Meteorological 4762 Institute. 4763 CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS; 4764 i.e., to set, add, or delete flags. 4765 CONFIG: If SMTP AUTH is used then relaying is allowed for any user 4766 who authenticated via a "trusted" mechanism, i.e., one that 4767 is defined via TRUST_AUTH_MECH(`list of mechanisms'). 4768 CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay 4769 after check_rcpt and allows for exceptions from the checks. 4770 CONFIG: Map declarations have been moved into their associated 4771 feature files to allow greater flexibility in use of 4772 sequence maps. Suggested by Per Hedeland of Ericsson. 4773 CONFIG: New macro LOCAL_MAILER_EOL to override the default end of 4774 line string for the local mailer. Requested by Il Oh of 4775 Willamette Industries, Inc. 4776 CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is 4777 converted to <user@d> 4778 CONFIG: Reject bogus return address of <@@hostname>, generated by 4779 Sun's older, broken configuration files. 4780 CONFIG: FEATURE(`nullclient') now provides the full rulesets of a 4781 normal configuration, allowing anti-spam checks to be 4782 performed. 4783 CONFIG: Don't return a permanent error (Relaying denied) if 4784 ${client_name} can't be resolved just temporarily. 4785 Suggested by Kari Hurtta of the Finnish Meteorological 4786 Institute. 4787 CONFIG: Change numbered rulesets into named (which still can 4788 be accessed by their numbers). 4789 CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial 4790 which describes whether to disallow "!" in the local part 4791 of an address. 4792 CONFIG: Call Local_localaddr from localaddr (S5) which can be used 4793 to rewrite an address from a mailer which has the F=5 flag 4794 set. If the ruleset returns a mailer, the appropriate 4795 action is taken, otherwise the returned tokens are ignored. 4796 CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4 4797 and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4. 4798 The latter is kept around for backward compatibility. 4799 CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries, 4800 where "D.S.N" is an RFC 1893 compliant error code. 4801 CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 4802 CONFIG: Remove second space between username and date in UNIX From_ 4803 line. Noted by Allan E Johannesen of Worcester Polytechnic 4804 Institute. 4805 CONFIG: Make sure all of the mailers have complete T= equates. 4806 CONFIG: Extend FEATURE(`local_procmail') so it can now take 4807 arguments overriding the mailer program, arguments, and 4808 mailer definition flags. This makes it possible to use 4809 other programs such as maildrop for local delivery. 4810 CONFIG: Emit warning if FEATURE(`local_lmtp') or 4811 FEATURE(`local_procmail') is given after MAILER(`local'). 4812 Patch from Richard A. Nelson of IBM. 4813 CONFIG: Add SMTP Authentication information to Received: header 4814 default value (confRECEIVED_HEADER). 4815 CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a 4816 local mailer. Problem noted by Per Hedeland of Ericsson. 4817 CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the 4818 University of California at Berkeley. 4819 CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of 4820 Illinois at Urbana-Champaign. 4821 CONTRIB: etrn.pl now recognizes bogus host names. Patch from 4822 Bruce Barnett of GE's R&D Lab. 4823 CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle 4824 Corporation UK. 4825 CONTRIB: Added qtool.pl to assist in managing the queues. 4826 DEVTOOLS: Prevent user environment variables from interfering with 4827 the Build scripts. Problem noted by Ezequiel H. Panepucci of 4828 Yale University. 4829 DEVTOOLS: 'Build -M' will display the obj.* directory which will 4830 be used for building. 4831 DEVTOOLS: 'Build -A' will display the architecture that would be 4832 used for a fresh build. 4833 DEVTOOLS: New variable confRANLIB, set automatically by configure.sh. 4834 DEVTOOLS: New variable confRANLIBOPTS for the options to send to 4835 ranlib. 4836 DEVTOOLS: 'Build -O <path>' will have the object files build in 4837 <path>/obj.*. Suggested by Bryan Costales of Exactis. 4838 DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the 4839 building of the man pages when defined. Suggested by Bryan 4840 Costales. 4841 DEVTOOLS: New variables confNO_HELPFILE_INSTALL and 4842 confNO_STATISTICS_INSTALL which will prevent the 4843 installation of the sendmail helpfile and statistics file 4844 respectively. Suggested by Bryan Costales. 4845 DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske 4846 of Siemens Business Services. 4847 DEVTOOLS: New variable confSTDIO_TYPE which defines the type of 4848 stdio library. The new buffered file I/O depends on the 4849 Torek stdio library. This option can be either portable or 4850 torek. 4851 DEVTOOLS: New variables confSRCADD and confSMSRCADD which 4852 correspond to confOBJADD and confSMOBJADD respectively. 4853 They should contain the C source files for the object files 4854 listed in confOBJADD and confSMOBJADD. These file names 4855 will be passed to the 'make depend' stage of compilation. 4856 DEVTOOLS: New program specific variables for each of the programs 4857 in the sendmail distribution. Each has the form 4858 `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'. 4859 The new variables are conf_prog_ENVDEF, conf_prog_LIBS, 4860 conf_prog_SRCADD, and conf_prog_OBJADD. 4861 DEVTOOLS: Build system redesign. This should have little affect on 4862 building the distribution, but documentation on the changes 4863 are in devtools/README. 4864 DEVTOOLS: Don't allow 'Build -f file' if an object directory already 4865 exists. Suggested by Valdis Kletnieks of Virginia Tech. 4866 DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies 4867 the path to the sendmail source directory. confSRCDIR is a 4868 new variable which identifies the root of the source 4869 directories for all of the programs in the distribution. 4870 DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build 4871 time. They can both still be overridden by setting the m4 4872 macro. 4873 DEVTOOLS: confSBINGRP now defaults to bin instead of kmem. 4874 DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for 4875 build configurations, and places objects in obj.prefix.*/. 4876 Complains as 'Build -f file' does for existing object 4877 directories. Suggested by Tom Smith of Digital Equipment 4878 Corporation. 4879 DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted 4880 manual pages in the directory tree specified by 4881 confMANROOTMAN. 4882 DEVTOOLS: If formatting the manual pages fails, copy in the 4883 preformatted pages from the distribution. The new variable 4884 confCOPY specifies the copying program. 4885 DEVTOOLS: Defining confFORCE_RMAIL will install rmail without 4886 question. Suggested by Terry Lambert of Whistle 4887 Communications. 4888 DEVTOOLS: confSTFILE and confHFFILE can be used to change the names 4889 of the installed statistics and help files, respectively. 4890 DEVTOOLS: Remove spaces in `uname -r` output when determining 4891 operating system identity. Problem noted by Erik 4892 Wachtenheim of Dartmouth College. 4893 DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that 4894 will be search for the libraries specified in confLIBSEARCH. 4895 Defaults to "/lib /usr/lib /usr/shlib". 4896 DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying 4897 how to strip binaries. These are used by the new 4898 install-strip target. 4899 DEVTOOLS: New config file site.post.m4 which is included after 4900 the others (if it exists). 4901 DEVTOOLS: Change order of LIBS: first product specific libraries 4902 then the default ones. 4903 MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local 4904 as local delivery agent without LMTP mode, use 4905 MODIFY_MAILER_FLAGS(`LOCAL', `+S') 4906 to set the S flag. 4907 MAIL.LOCAL: Do not reject addresses which would otherwise be 4908 accepted by sendmail. Suggested by Neil Rickert of 4909 Northern Illinois University. 4910 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise 4911 8BITMIME in the LHLO response. Suggested by Kari Hurtta of 4912 the Finnish Meteorological Institute. 4913 MAIL.LOCAL: Add support for the maillock() routines by defining 4914 MAILLOCK when compiling. Also requires linking with 4915 -lmail. Patch from Neil Rickert of Northern Illinois 4916 University. 4917 MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is 4918 defined when compiling. Automatically set for Solaris 2.3 4919 and later. Patch from Neil Rickert of Northern Illinois 4920 University. 4921 MAIL.LOCAL: Move the initialization of the 'notifybiff' address 4922 structure to the beginning of the program. This ensures that 4923 the getservbyname() is done before any seteuid to a possibly 4924 unauthenticated user. If you are using NIS+ and secure RPC 4925 on a Solaris system, this avoids syslog messages such as, 4926 "authdes_refresh: keyserv(1m) is unable to encrypt session 4927 key." Patch from Neil Rickert of Northern Illinois 4928 University. 4929 MAIL.LOCAL: Support group writable mail spool files when MAILGID is 4930 set to the gid to use (-DMAILGID=6) when compiling. 4931 Patch from Neil Rickert of Northern Illinois University. 4932 MAIL.LOCAL: When a mail message included lines longer than 2046 4933 characters (in LMTP mode), mail.local split the incoming 4934 line up into 2046-character output lines (excluding the 4935 newline). If an input line was 2047 characters long 4936 (excluding CR-LF) and the last character was a '.', 4937 mail.local saw it as the end of input, transfered it to the 4938 user mailbox and tried to write an `ok' back to sendmail. 4939 If the message was much longer, both sendmail and 4940 mail.local would deadlock waiting for each other to read 4941 what they have written. Problem noted by Peter Jeremy of 4942 Alcatel Australia Limited. 4943 MAIL.LOCAL: New option -b to return a permanent error instead of a 4944 temporary error if a mailbox exceeds quota. Suggested by 4945 Neil Rickert of Northern Illinois University. 4946 MAIL.LOCAL: The creation of a lockfile is subject to a global 4947 timeout to avoid starvation. 4948 MAIL.LOCAL: Properly parse addresses with multiple quoted 4949 local-parts. Problem noted by Ronald F. Guilmette of 4950 Infinite Monkeys & Co. 4951 MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR. 4952 MAILSTATS: New -p option to invoke program mode in which stats are 4953 printed in a machine readable fashion and the stats file 4954 is reset. Patch from Kevin Hildebrand of the University 4955 of Maryland. 4956 MAKEMAP: If running as root, automatically change the ownership of 4957 generated maps to the TrustedUser as specified in the 4958 sendmail configuration file. 4959 MAKEMAP: New -C option to accept an alternate sendmail 4960 configuration file to use for finding the TrustedUser 4961 option. 4962 MAKEMAP: New -u option to dump (unmap) a database. Based on 4963 code contributed by Roy Mongiovi of Georgia Tech. 4964 MAKEMAP: New -e option to allow empty values. Suggested by Philip 4965 A. Prindeville of Enteka Enterprise Technology Services. 4966 MAKEMAP: Compile cleanly on 64-bit operating systems. Problem 4967 noted by Gerald Rinske of Siemens Business Services. 4968 OP.ME: Correctly document interaction between F=S and U= mailer 4969 equates. Problem noted by Bob Halley of Internet Engines. 4970 OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle 4971 Corporation UK. 4972 OP.ME: The Timeout [r] option was incorrectly listed as "safe" 4973 (e.g., sendmail would not drop root privileges if the 4974 option was specified on the command line). Problem noted 4975 by Todd C. Miller of Courtesan Consulting. 4976 PRALIASES: Handle the hash and btree map specifications for 4977 Berkeley DB. Patch from Brian J. Coan of the 4978 Institute for Global Communications. 4979 PRALIASES: Read the sendmail.cf file for the location(s) of the 4980 alias file(s) if the -f option is not used. Patch from 4981 John Beck of Sun Microsystems. 4982 PRALIASES: New -C option to specify an alternate sendmail 4983 configuration file to use for finding alias file(s). Patch 4984 from John Beck of Sun Microsystems. 4985 SMRSH: allow shell commands echo, exec, and exit. Allow command 4986 lists using || and &&. Based on patch from Brian J. Coan 4987 of the Institute for Global Communications. 4988 SMRSH: Update README for the new Build system. From Tim Pierce 4989 of RootsWeb Genealogical Data Cooperative. 4990 VACATION: Added vacation auto-responder to sendmail distribution. 4991 LIBSMDB: Added abstracted database library. Works with Berkeley 4992 DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. 4993 Changed Files: 4994 The Build script in the various program subdirectories are 4995 no longer symbolic links. They are now scripts 4996 which execute the actual Build script in 4997 devtools/bin. 4998 All the manual pages are now written against -man and not 4999 -mandoc as they were previously. 5000 Add a simple Makefile to every directory so make instead 5001 of Build will work (unless parameters are 5002 required for Build). 5003 New Directories: 5004 devtools/M4/UNIX 5005 include 5006 libmilter 5007 libsmdb 5008 libsmutil 5009 vacation 5010 Renamed Directories: 5011 BuildTools => devtools 5012 src => sendmail 5013 Deleted Files: 5014 cf/m4/nullrelay.m4 5015 devtools/OS/Linux.ppc 5016 devtools/OS/ReliantUNIX 5017 devtools/OS/SINIX 5018 sendmail/ldap_map.h 5019 New Files: 5020 INSTALL 5021 PGPKEYS 5022 cf/cf/generic-linux.cf 5023 cf/cf/generic-linux.mc 5024 cf/feature/delay_checks.m4 5025 cf/feature/dnsbl.m4 5026 cf/feature/generics_entire_domain.m4 5027 cf/feature/no_default_msa.m4 5028 cf/feature/relay_mail_from.m4 5029 cf/feature/virtuser_entire_domain.m4 5030 cf/mailer/qpage.m4 5031 cf/ostype/bsdi.m4 5032 cf/ostype/hpux11.m4 5033 cf/ostype/openbsd.m4 5034 contrib/bounce-resender.pl 5035 contrib/domainmap.m4 5036 contrib/qtool.8 5037 contrib/qtool.pl 5038 devtools/M4/depend/AIX.m4 5039 devtools/M4/list.m4 5040 devtools/M4/string.m4 5041 devtools/M4/subst_ext.m4 5042 devtools/M4/switch.m4 5043 devtools/OS/Darwin 5044 devtools/OS/GNU 5045 devtools/OS/SINIX.5.43 5046 devtools/OS/SINIX.5.44 5047 devtools/OS/m88k 5048 devtools/bin/find_in_path.sh 5049 mail.local/Makefile 5050 mailstats/Makefile 5051 makemap/Makefile 5052 praliases/Makefile 5053 rmail/Makefile 5054 sendmail/Makefile 5055 sendmail/bf.h 5056 sendmail/bf_portable.c 5057 sendmail/bf_portable.h 5058 sendmail/bf_torek.c 5059 sendmail/bf_torek.h 5060 sendmail/shmticklib.c 5061 sendmail/statusd_shm.h 5062 sendmail/timers.c 5063 sendmail/timers.h 5064 smrsh/Makefile 5065 vacation/Makefile 5066 Renamed Files: 5067 cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4 5068 sendmail/cdefs.h => include/sendmail/cdefs.h 5069 sendmail/sendmail.hf => sendmail/helpfile 5070 sendmail/mailstats.h => include/sendmail/mailstats.h 5071 sendmail/pathnames.h => include/sendmail/pathnames.h 5072 sendmail/safefile.c => libsmutil/safefile.c 5073 sendmail/snprintf.c => libsmutil/snprintf.c 5074 sendmail/useful.h => include/sendmail/useful.h 5075 cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4 5076 Copied Files: 5077 cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4 5078 50798.9.3/8.9.3 1999/02/04 5080 SECURITY: Limit message headers to a maximum of 32K bytes (total 5081 of all headers in a single message) to prevent a denial of 5082 service attack. This limit will be configurable in 8.10. 5083 Problem noted by Michal Zalewski of the "Internet for 5084 Schools" project (IdS). 5085 Prevent segmentation fault on an LDAP lookup if the LDAP map 5086 was closed due to an earlier failure. Problem noted by 5087 Jeff Wasilko of smoe.org. Fix from Booker Bense of 5088 Stanford University and Per Hedeland of Ericsson. 5089 Preserve the order of the MIME headers in multipart messages 5090 when performing the MIME header length check. This 5091 will allow PGP signatures to function properly. Problem 5092 noted by Lars Hecking of University College, Cork, Ireland. 5093 If ruleset 5 rewrote the local address to an :include: directive, 5094 the delivery would fail with an "aliasing/forwarding loop 5095 broken" error. Problem noted by Eric C Hagberg of Morgan 5096 Stanley. Fix from Per Hedeland of Ericsson. 5097 Allow -T to work for bestmx maps. Fix from Aaron Schrab of 5098 ExecPC Internet Systems. 5099 During the transfer of a message in an SMTP transaction, if a 5100 TCP timeout occurs, the message would be properly queued 5101 for later retry but the failure would be logged as 5102 "Illegal Seek" instead of a timeout. Problem noted by 5103 Piotr Kucharski of the Warsaw School of Economics (SGH) 5104 and Carles Xavier Munyoz Baldo of CTV Internet. 5105 Prevent multiple deliveries on a self-referencing alias if the 5106 F=w mailer flag is not set. Problem noted by Murray S. 5107 Kucherawy of Concentric Network Corporation and Per 5108 Hedeland of Ericsson. 5109 Do not strip empty headers but if there is no value and a 5110 default is defined in sendmail.cf, use the default. 5111 Problem noted by Philip Guenther of Gustavus Adolphus 5112 College and Christopher McCrory of Netus, Inc. 5113 Don't inherit information about the sender (notably the full name) 5114 in SMTP (-bs) mode, since this might be called from inetd. 5115 Accept any 3xx reply code in response to DATA command instead of 5116 requiring 354. This change will match the wording to be 5117 published in the updated SMTP specification from the DRUMS 5118 group of the IETF. 5119 Portability: 5120 AIX 4.2.0 or 4.2.1 may become updated by the fileset 5121 bos.rte.net level 4.2.0.2. This introduces the 5122 softlink /usr/lib/libbind.a which should 5123 not be used. It conflicts with the resolver 5124 built into libc.a. "bind" has been removed 5125 from the confLIBSEARCH BuildTools variable. 5126 Users who have installed BIND 8.X will have 5127 to add it back in their site.config.m4 file. 5128 Problem noted by Ole Holm Nielsen of the 5129 Technical University of Denmark. 5130 CRAY TS 10.0.x from Sven Nielsen of San Diego 5131 Supercomputer Center. 5132 Improved LDAP version 3 integration based on input 5133 from Kurt D. Zeilenga of the OpenLDAP Foundation, 5134 John Beck of Sun Microsystems, and Booker Bense 5135 of Stanford University. 5136 Linux doesn't have a standard way to get the timezone 5137 between different releases. Back out the 5138 change in 8.9.2 and don't attempt to derive 5139 a timezone. Problem reported by Igor S. Livshits 5140 of the University of Illinois at Urbana-Champaign 5141 and Michael Dickens of Tetranet Communications. 5142 Reliant UNIX, the new name for SINIX, from Gert-Jan Looy 5143 of Siemens/SNI. 5144 SunOS 5.8 from John Beck of Sun Microsystems. 5145 CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper 5146 timezone. Problem noted by Petr Lampa of Technical 5147 University of Brno. 5148 CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly 5149 when using FEATURE(bestmx_is_local). Patch from Neil W. 5150 Rickert of Northern Illinois University. 5151 CONFIG: Properly handle source routed and %-hack addresses on 5152 hosts which the mailertable remaps to local:. Patch from 5153 Neil W. Rickert of Northern Illinois University. 5154 CONFIG: Internal fixup of mailertable local: map value. Patch from 5155 Larry Parmelee of Cornell University. 5156 CONFIG: Only add back +detail from host portion of mailer triplet 5157 on local mailer triplets if it was originally +detail. 5158 Patch from Neil W. Rickert of Northern Illinois University. 5159 CONFIG: The bestmx_is_local checking done in check_rcpt would 5160 cause later checks to fail. Patch from Paul J Murphy of 5161 MIDS Europe. 5162 New Files: 5163 BuildTools/OS/CRAYTS.10.0.x 5164 BuildTools/OS/ReliantUNIX 5165 BuildTools/OS/SunOS.5.8 5166 51678.9.2/8.9.2 1998/12/30 5168 SECURITY: Remove five second sleep on accepting daemon connections 5169 due to an accept() failure. This sleep could be used 5170 for a denial of service attack. 5171 Do not silently ignore queue files with names which are too long. 5172 Patch from Bryan Costales of InfoBeat, Inc. 5173 Do not store failures closing an SMTP session in persistent 5174 host status. Reported by Graeme Hewson of Oracle 5175 Corporation UK. 5176 Allow symbolic link forward files if they are in safe directories. 5177 Problem noted by Andreas Schott of the Max Planck Society. 5178 Missing columns in a text map could cause a segmentation fault. 5179 Fix from David Lee of the University of Durham. 5180 Note that for 8.9.X, PrivacyOptions=goaway also includes the 5181 noetrn flag. This is scheduled to change in a future 5182 version of sendmail. Problem noted by Theo Van Dinter of 5183 Chrysalis Symbolic Designa and Alan Brown of Manawatu 5184 Internet Services. 5185 When trying to do host canonification in a Wildcard MX 5186 environment, try an MX lookup of the hostname without the 5187 default domain appended. Problem noted by Olaf Seibert of 5188 Polderland Language & Speech Technology. 5189 Reject SMTP RCPT To: commands with only comments (i.e. 5190 'RCPT TO: (comment)'. Problem noted by Earle Ake of 5191 Hassler Communication Systems Technology, Inc. 5192 Handle any number of %s in the LDAP filter spec. Patch from 5193 Per Hedeland of Ericsson. 5194 Clear ldapx open timeouts even if the map open failed to prevent 5195 a segmentation fault. Patch from Wayne Knowles of the 5196 National Institute of Water & Atmospheric Research Ltd. 5197 Do not syslog envelope clone messages when using address 5198 verification (-bv). Problem noted by Kari Hurtta of the 5199 Finnish Meteorological Institute. 5200 Continue to perform queue runs while in daemon mode even if the 5201 daemon is rejecting connections due to a disk full 5202 condition. Problem noted by JR Oldroyd of TerraNet 5203 Internet Services. 5204 Include full filename on installation of the sendmail.hf file 5205 in case the $HFDIR directory does not exist. Problem 5206 noted by Josef Svitak of Montana State University. 5207 Close all maps when exiting the process with one exception. 5208 Berkeley DB can use internal shared memory locking for 5209 its memory pool. Closing a map opened by another process 5210 will interfere with the shared memory and locks of the 5211 parent process leaving things in a bad state. For 5212 Berkeley DB, only close the map if the current process 5213 is also the one that opened the map, otherwise only close 5214 the map file descriptor. Thanks to Yoseff Francus of 5215 Collective Technologies for volunteering his system for 5216 extended testing. 5217 Avoid null pointer dereference on XDEBUG output for SMTP reply 5218 failures. Problem noted by Carlos Canau of EUnet Portugal. 5219 On mailq and hoststat listings being piped to another program, such 5220 as more, if the pipe closes (i.e., the user quits more), 5221 stop sending output and exit. Patch from Allan E Johannesen 5222 of Worcester Polytechnic Institute. 5223 In accordance with the documentation, LDAP map lookup failures 5224 are now considered temporary failures instead of permanent 5225 failures unless the -t flag is used in the map definition. 5226 Problem noted by Booker Bense of Stanford University and 5227 Eric C. Hagberg of Morgan Stanley. 5228 Fix by one error reporting on long alias names. Problem noted by 5229 H. Paul Hammann of the Missouri Research and Education 5230 Network. 5231 Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem 5232 noted by Barry S. Finkel of Argonne National Laboratory. 5233 When automatically converting from 8 bit to quoted printable MIME, 5234 be careful not to miss a multi-part boundary if that 5235 boundary is preceded by a boundary-like line. Problem 5236 noted by Andreas Raschle of Ansid Inc. Fix from 5237 Kari Hurtta of the Finnish Meteorological Institute. 5238 Avoid bogus reporting of "LMTP tobuf overflow" when the buffer 5239 has enough space for the additional address. Problem 5240 noted by Steve Cliffe of the University of Wollongong. 5241 Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem 5242 noted by Alex Vorobiev of Swarthmore College. 5243 If the check_compat ruleset resolves to the $#discard mailer, 5244 discard the current recipient. Unlike check_relay, 5245 check_mail, and check_rcpt, the entire envelope is not 5246 discarded. Problem noted by RZ D. Rahlfs. Fix from 5247 Claus Assmann of Christian-Albrechts-University of Kiel. 5248 Avoid segmentation fault when reading ServiceSwitchFile files with 5249 bogus formatting. Patch from Kari Hurtta of the Finnish 5250 Meteorological Institute. 5251 Support Berkeley DB 2.6.4 API change. 5252 OP.ME: Pages weren't properly output on duplexed printers. Fix 5253 from Matthew Black of CSU Long Beach. 5254 Portability: 5255 Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc. 5256 Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase 5257 option structure. Problem noted by Ashley M. 5258 Kirchner of Photo Craft Laboratories, Inc. 5259 Break out IP address to hostname translation for 5260 reading network interface addresses into 5261 class 'w'. Patch from John Kennedy of 5262 Cal State University, Chico. 5263 AIX 4.x use -qstrict with -O3 to prevent the optimized 5264 from changing the semantics of the compiled 5265 program. From Simon Travaglia of the 5266 University of Waikato, New Zealand. 5267 FreeBSD 2.2.2 and later support setusercontext(). From 5268 Peter Wemm of DIALix. 5269 FreeBSD 3.x fix from Peter Wemm of DIALix. 5270 IRIX 5.x has a syslog buffer size of 512 bytes. From 5271 Nao NINOMIYA of Utsunomiya University. 5272 IRIX 6.5 64-bit Build support. 5273 LDAP Version 3 support from John Beck and Ravi Iyer 5274 of Sun Microsystems. 5275 Linux does not implement seteuid() properly. From 5276 John Kennedy of Cal State University, Chico. 5277 Linux timezone type was set improperly. From Takeshi Itoh 5278 of Bits Co., Ltd. 5279 NCR MP-RAS 3.x needs -lresolv for confLIBS. From 5280 Tom J. Moore of NCR. 5281 NeXT 4.x correction to man page path. From J. P. McCann 5282 of E I A. 5283 System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs) 5284 from Paul Gampe of the Asia Pacific Network 5285 Information Center. 5286 ULTRIX now requires an optimization limit of 970 from 5287 Allan E Johannesen of Worcester Polytechnic 5288 Institute. 5289 Fix extern declaration for sm_dopr(). Fix from Henk 5290 van Oers of Algemeen Nederlands Persbureau. 5291 CONFIG: Catch @hostname,user@anotherhost.domain as relaying. 5292 Problem noted by Mark Rogov of AirMedia, Inc. Fix from 5293 Claus Assmann of Christian-Albrechts-University of Kiel. 5294 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as 5295 there are multiple RBL's available and the MAPS RBL may 5296 not be the one in use. Suggested by Alan Brown of 5297 Manawatu Internet Services. 5298 CONFIG: Properly strip route addresses (i.e., @host1:user@host2) 5299 when stripping down a recipient address to check for 5300 relaying. Patch from Claus Assmann of 5301 Christian-Albrechts-University of Kiel and Neil W Rickert 5302 of Northern Illinois University. 5303 CONFIG: Allow the access database to override RBL lookups. Patch 5304 from Claus Assmann of Christian-Albrechts-University of 5305 Kiel. 5306 CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch 5307 Dot Com. 5308 CONFIG: Fixed check for deferred delivery mode warning. Patch 5309 from Claus Assmann of Christian-Albrechts-University of 5310 Kiel and Per Hedeland of Ericsson. 5311 CONFIG: If a recipient using % addressing is used, e.g. 5312 user%site@othersite, and othersite's MX records are now 5313 checked for local hosts if FEATURE(relay_based_on_MX) is 5314 used. Problem noted by Alexander Litvin of Lucky Net Ltd. 5315 Patch from Alexander Litvin of Lucky Net Ltd and 5316 Claus Assmann of Christian-Albrechts-University of Kiel. 5317 MAIL.LOCAL: Prevent warning messages from appearing in the LMTP 5318 stream. Do not allow more than one response per recipient. 5319 MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix 5320 from John Beck of Sun Microsystems. 5321 MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from 5322 John Beck of Sun Microsystems. 5323 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in 5324 the envelope From header. 5325 MAIL.LOCAL: Accept underscores in hostnames in LMTP mode. 5326 Problem noted by Glenn A. Malling of Syracuse University. 5327 MAILSTATS: Document msgsrej and msgsdis fields in the man page. 5328 Problem noted by Richard Wong of Princeton University. 5329 MAKEMAP: Build group list so group writable files are allowed with 5330 the -s flag. Problem noted by Curt Sampson of Internet 5331 Portal Services, Inc. 5332 PRALIASES: Automatically handle alias files created without the 5333 NULL byte at the end of the key. Patch from John Beck of 5334 Sun Microsystems. 5335 PRALIASES: Support Berkeley DB 2.6.4 API change. 5336 New Files: 5337 BuildTools/OS/IRIX64.6.5 5338 BuildTools/OS/UnixWare.5.i386 5339 cf/ostype/unixware7.m4 5340 contrib/smcontrol.pl 5341 src/control.c 5342 53438.9.1/8.9.1 1998/07/02 5344 If both an OS specific site configuration file and a generic 5345 site.config.m4 file existed, only the latter was used 5346 instead of both. Problem noted by Geir Johannessen of 5347 the Norwegian University of Science and Technology. 5348 Fix segmentation fault while converting 8 bit to 7 bit MIME 5349 multipart messages by trying to write to an unopened 5350 file descriptor. Fix from Kari Hurtta of the Finnish 5351 Meteorological Institute. 5352 Do not assume Message: and Text: headers indicate the end of 5353 the header area when parsing MIME headers. Problem noted 5354 by Kari Hurtta of the Finnish Meteorological Institute. 5355 Setting the confMAN#SRC Build variable would only effect the 5356 installation commands. The man pages would still be 5357 built with .0 extensions. Problem noted by Bryan 5358 Costales of InfoBeat, Inc. 5359 Installation of manual pages didn't honor the DESTDIR environment 5360 variable. Problem noted by Bryan Costales of InfoBeat, Inc. 5361 If the check_relay ruleset resolved to the discard mailer, messages 5362 were still delivered. Problem noted by Mirek Luc of NASK. 5363 Mail delivery to files would fail with an Operating System Error 5364 if sendmail was not running as root, i.e., RunAsUser was set. 5365 Problem noted by Leonard N. Zubkoff of Dandelion Digital. 5366 Prevent MinQueueAge from interfering from queued items created 5367 in the future, i.e., if the system clock was set ahead 5368 and then back. Problem noted by Michael Miller of the 5369 University of Natal, Pietermaritzburg. 5370 Do not advertise ETRN support in ESTMP EHLO reply if noetrn is 5371 set in the PrivacyOptions option. Fix from Ted Rule of 5372 Flextech TV. 5373 Log invalid persistent host status file lines instead of 5374 bouncing the message. Problem noted by David Lindes of 5375 DaveLtd Enterprises. 5376 Move creation of empty sendmail.st file from installation to 5377 compilation. Installation may be done from a read-only 5378 mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric 5379 Anderson of the Oasis Research Center, Inc. 5380 Enforce the maximum number of User Database entries limit. Problem 5381 noted by Gary Buchanan of Credence Systems Inc. 5382 Allow dead.letter files in root's home directory. Problem noted 5383 by Anna Ullman of Sun Microsystems. 5384 Program deliveries in forward files could be marked unsafe if 5385 any directory listed in the ForwardPath option did not 5386 exist. Problem noted by Jorg Bielak of Coastal Web Online. 5387 Do not trust the length of the address structure returned by 5388 gethostbyname(). Problem noted by Chris Evans of Oxford 5389 University. 5390 If the SIZE= MAIL From: ESMTP parameter is too large, use the 5391 5.3.4 DSN status code instead of 5.2.2. Similarly, for 5392 non-local deliveries, if the message is larger than the 5393 mailer maximum message size, use 5.3.4 instead of 5.2.3. 5394 Suggested by Antony Bowesman of 5395 Fujitsu/TeaWARE Mail/MIME System. 5396 Portability: 5397 Fix the check for an IP address reverse lookup for 5398 use in $&{client_name} on 64 bit platforms. 5399 From Gilles Gallot of Institut for Development 5400 and Resources in Intensive Scientific computing. 5401 BSD-OS uses .0 for man page extensions. From Jeff Polk 5402 of BSDI. 5403 DomainOS detection for Build. Also, version 10.4 and later 5404 ship a unistd.h. Fixes from Takanobu Ishimura of 5405 PICT Inc. 5406 NeXT 4.x uses /usr/lib/man/cat for its man pages. From 5407 J. P. McCann of E I A. 5408 SCO 4.X and 5.X include NDBM support. From Vlado Potisk 5409 of TEMPEST, Ltd. 5410 CONFIG: Do not pass spoofed PTR results through resolver for 5411 qualification. Problem noted by Michiel Boland of 5412 Digital Valley Internet Professionals; fix from 5413 Kari Hurtta of the Finnish Meteorological Institute. 5414 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP, 5415 BITNET, and DECNET addresses for resolvable senders. 5416 Problem noted by Alexander Litvin of Lucky Net Ltd. 5417 CONFIG: Work around Sun's broken configuration which sends bounce 5418 messages as coming from @@hostname instead of <>. LMTP 5419 would not accept @@hostname. 5420 OP.ME: Corrections to complex sendmail startup script from Rick 5421 Troxel of the National Institutes of Health. 5422 RMAIL: Do not install rmail by default, require 'make force-install' 5423 as this rmail isn't the same as others. Suggested by 5424 Kari Hurtta of the Finnish Meteorological Institute. 5425 New Files: 5426 BuildTools/OS/DomainOS.10.4 5427 54288.9.0/8.9.0 1998/05/19 5429 SECURITY: To prevent users from reading files not normally 5430 readable, sendmail will no longer open forward, :include:, 5431 class, ErrorHeader, or HelpFile files located in unsafe 5432 (i.e., group or world writable) directory paths. Sites 5433 which need the ability to override security can use the 5434 DontBlameSendmail option. See the README file for more 5435 information. 5436 SECURITY: Problems can occur on poorly managed systems, specifically, 5437 if maps or alias files are in world writable directories. 5438 This fixes the change added to 8.8.6 to prevent links in these 5439 world writable directories. 5440 SECURITY: Make sure ServiceSwitchFile option file is not a link if 5441 it is in a world writable directory. 5442 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the 5443 tty it may be able to push bytes back to the senders input. 5444 Unfortunately this breaks -v mode. Problem noted by 5445 Wietse Venema of the Global Security Analysis Lab at 5446 IBM T.J. Watson Research. 5447 SECURITY: Empty group list if DontInitGroups is set to true to 5448 prevent program deliveries from picking up extra group 5449 privileges. Problem reported by Wolfgang Ley of DFN-CERT. 5450 SECURITY: The default value for DefaultUser is now set to the uid and 5451 gid of the first existing user mailnull, sendmail, or daemon 5452 that has a non-zero uid. If none of these exist, sendmail 5453 reverts back to the old behavior of using uid 1 and gid 1. 5454 This is a security problem for Linux which has chosen that 5455 uid and gid for user bin instead of daemon. If DefaultUser 5456 is set in the configuration file, that value overrides this 5457 default. 5458 SECURITY: Since 8.8.7, the check for non-set-user-ID binaries 5459 interfered with setting an alternate group id for the 5460 RunAsUser option. Problem noted by Randall Winchester of 5461 the University of Maryland. 5462 Add support for Berkeley DB 2.X. Based on patch from John Kennedy 5463 of Cal State University, Chico. 5464 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users 5465 which previously defined OLD_NEWDB=1 must now upgrade to the 5466 current version of Berkeley DB. 5467 Added support for regular expressions using the new map class regex. 5468 From Jan Krueger of Unix-AG of University of Hannover. 5469 Support for BIND 8.1.1's hesiod for hesiod maps and hesiod 5470 UserDatabases from Randall Winchester of the University 5471 of Maryland. 5472 Allow any shell for user shell on program deliveries on V1 5473 configurations for backwards compatibility on machines which 5474 do not have getusershell(). Fix from John Beck of Sun 5475 Microsystems. 5476 On operating systems which change the process title by reusing the 5477 argument vector memory, sendmail could corrupt memory if the 5478 last argument was either "-q" or "-d". Problem noted by 5479 Frank Langbein of the University of Stuttgart. 5480 Support Local Mail Transfer Protocol (LMTP) between sendmail and 5481 mail.local on the F=z flag. 5482 Macro-expand the contents of the ErrMsgFile. Previously this was 5483 only done if you had magic characters (0x81) to indicate 5484 macro expansion. Now $x will be expanded. This means that 5485 real dollar signs have to be backslash escaped. 5486 TCP Wrappers expects "unknown" in the hostname argument if the 5487 reverse DNS lookup for the incoming connection fails. 5488 Problem noted by Randy Grimshaw of Syracuse University and 5489 Wietse Venema of the Global Security Analysis Lab at 5490 IBM T.J. Watson Research. 5491 DSN success bounces generated from an invocation of sendmail -t 5492 would be sent to both the sender and MAILER-DAEMON. 5493 Problem noted by Claus Assmann of 5494 Christian-Albrechts-University of Kiel. 5495 Avoid "Error 0" messages on delivery mailers which exit with a 5496 valid exit value such as EX_NOPERM. Fix from Andreas Luik 5497 of ISA Informationssysteme GmbH. 5498 Tokenize $&x expansions on right hand side of rules. This eliminates 5499 the need to use tricks like $(dequote "" $&{client_name} $) 5500 to cause the ${client_name} macro to be properly tokenized. 5501 Add the MaxRecipientsPerMessage option: this limits the number of 5502 recipients that will be accepted in a single SMTP 5503 transaction. After this number is reached, sendmail 5504 starts returning "452 Too many recipients" to all RCPT 5505 commands. This can be used to limit the number of recipients 5506 per envelope (in particular, to discourage use of the server 5507 for spamming). Note: a better approach is to restrict 5508 relaying entirely. 5509 Fixed pointer initialization for LDAP lmap struct, fixed -s option 5510 to ldapx map and added timeout for ldap_open call to 5511 avoid hanging sendmail in the event of hung LDAP servers. 5512 Patch from Booker Bense of Stanford University. 5513 Allow multiple -qI, -qR, or -qS queue run limiters. For example, 5514 '-qRfoo -qRbar' would deliver mail to recipients with foo or 5515 bar in their address. Patch from Allan E Johannesen of 5516 Worcester Polytechnic Institute. 5517 The bestmx map will now return a list of the MX servers for a host if 5518 passed a column delimiter via the -z map flag. This can be 5519 used to check if the server is an MX server for the recipient 5520 of a message. This can be used to help prevent relaying. 5521 Patch from Mitchell Blank Jr of Exec-PC. 5522 Mark failures for the *file* mailer and return bounce messages to the 5523 sender for those failures. 5524 Prevent bogus syslog timestamps on errors in sendmail.cf by 5525 preserving the TZ environment variable until TimeZoneSpec 5526 has been determined. Problem noted by Ralf Hildebrandt of 5527 Technical University of Braunschweig. Patch from Per Hedeland 5528 of Ericsson. 5529 Print test input in address test mode when input is not from the tty 5530 when the -v flag is given (i.e., sendmail -bt -v) to make 5531 output easier to decipher. Problem noted by Aidan Nichol 5532 of Procter & Gamble. 5533 The LDAP map -s flag was not properly parsed and the error message 5534 given included the remainder of the arguments instead of 5535 solely the argument in error. Problem noted by Aidan Nichol 5536 of Procter & Gamble. 5537 New DontBlameSendmail option. This option allows administrators to 5538 bypass some of sendmail's file security checks at the expense 5539 of system security. This should only be used if you are 5540 absolutely sure you know the consequences. The available 5541 DontBlameSendmail options are: 5542 Safe 5543 AssumeSafeChown 5544 ClassFileInUnsafeDirPath 5545 ErrorHeaderInUnsafeDirPath 5546 GroupWritableDirPathSafe 5547 GroupWritableForwardFileSafe 5548 GroupWritableIncludeFileSafe 5549 GroupWritableAliasFile 5550 HelpFileinUnsafeDirPath 5551 WorldWritableAliasFile 5552 ForwardFileInGroupWritableDirPath 5553 IncludeFileInGroupWritableDirPath 5554 ForwardFileInUnsafeDirPath 5555 IncludeFileInUnsafeDirPath 5556 ForwardFileInUnsafeDirPathSafe 5557 IncludeFileInUnsafeDirPathSafe 5558 MapInUnsafeDirPath 5559 LinkedAliasFileInWritableDir 5560 LinkedClassFileInWritableDir 5561 LinkedForwardFileInWritableDir 5562 LinkedIncludeFileInWritableDir 5563 LinkedMapInWritableDir 5564 LinkedServiceSwitchFileInWritableDir 5565 FileDeliveryToHardLink 5566 FileDeliveryToSymLink 5567 WriteMapToHardLink 5568 WriteMapToSymLink 5569 WriteStatsToHardLink 5570 WriteStatsToSymLink 5571 RunProgramInUnsafeDirPath 5572 RunWritableProgram 5573 New DontProbeInterfaces option to turn off the inclusion of all the 5574 interface names in $=w on startup. In particular, if you 5575 have lots of virtual interfaces, this option will speed up 5576 startup. However, unless you make other arrangements, mail 5577 sent to those addresses will be bounced. 5578 Automatically create alias databases if they don't exist and 5579 AutoRebuildAliases is set. 5580 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command. 5581 Suggested by Christophe Wolfhugel of the Institut Pasteur. 5582 Add PrivacyOptions=noverb flag to disable the SMTP VERB command. 5583 When determining the client host name ($&{client_name} macro), do 5584 a forward (A) DNS lookup on the result of the PTR lookup 5585 and compare results. If they differ or if the PTR lookup 5586 fails, &{client_name} will contain the IP address 5587 surrounded by square brackets (e.g., [127.0.0.1]). 5588 New map flag: -Tx appends "x" to lookups that return temporary failure 5589 (i.e, it is like -ax for the temporary failure case, in 5590 contrast to the success case). 5591 New syntax to do limited checking of header syntax. A config line 5592 of the form: 5593 HHeader: $>Ruleset 5594 causes the indicated Ruleset to be invoked on the Header 5595 when read. This ruleset works like the check_* rulesets -- 5596 that is, it can reject mail on the basis of the contents. 5597 Limit the size of the HELO/EHLO parameter to prevent spammers 5598 from hiding their connection information in Received: 5599 headers. 5600 When SingleThreadDelivery is active, deliveries to locked hosts 5601 are skipped. This will cause the delivering process to 5602 try the next MX host or queue the message if no other MX 5603 hosts are available. Suggested by Alexander Litvin. 5604 The [FILE] mailer type now delivers to the file specified in the 5605 A= equate of the mailer definition instead of $u. It also 5606 obeys all of the F= mailer flags such as the MIME 5607 7/8 bit conversion flags. This is useful for defining 5608 a mailer which delivers to the same file regardless of the 5609 recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail). 5610 Do not assume the identity of a remote connection is root@localhost 5611 if the remote connection closes the socket before the 5612 remote identity can be queried. 5613 Change semantics of the F=S mailer flag back to 8.7.5 behavior. 5614 Some mailers, including procmail, require that the real 5615 uid is left unchanged by sendmail. Problem noted by Per 5616 Hedeland of Ericsson. 5617 No longer is the src/obj*/Makefile selected from a large list -- it 5618 is now generated using the information in BuildTools/OS/ -- 5619 some of the details are determined dynamically via 5620 BuildTools/bin/configure.sh. 5621 The other programs in the sendmail distribution -- mail.local, 5622 mailstats, makemap, praliases, rmail, and smrsh -- now use 5623 the new Build method which creates an operating system 5624 specific Makefile using the information in BuildTools. 5625 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e., 5626 a failure on one message won't affect future messages to the 5627 same host). This is necessary if the remote host sends 5628 a 451 error if the domain of the sender does not resolve 5629 as is common in anti-spam configurations. Problem noted 5630 by Mitchell Blank Jr of Exec-PC. 5631 New "discard" mailer for check_* rulesets and header checking 5632 rulesets. If one of the above rulesets resolves to the 5633 $#discard mailer, the commands will be accepted but the 5634 message will be completely discarded after it is accepting. 5635 This means that even if only one of the recipients 5636 resolves to the $#discard mailer, none of the recipients 5637 will receive the mail. Suggested by Brian Kantor. 5638 All but the last cloned envelope of a split envelope were queued 5639 instead of being delivered. Problem noted by John Caruso 5640 of CNET: The Computer Network. 5641 Fix deadlock situation in persistent host status file locking. 5642 Syslog an error if a user forward file could not be read due to 5643 an error. Patch from John Beck of Sun Microsystems. 5644 Use the first name returned on machine lookups when canonifying a 5645 hostname via NetInfo. Patch from Timm Wetzel of GWDG. 5646 Clear the $&{client_addr}, $&{client_name}, and $&{client_port} 5647 macros when delivering a bounce message to prevent 5648 rejection by a check_compat ruleset which uses these macros. 5649 Problem noted by Jens Hamisch of AgiX Internetservices GmbH. 5650 If the check_relay ruleset resolves to the the error mailer, the 5651 error in the $: portion of the resolved triplet is used 5652 in the rejection message given to the remote machine. 5653 Suggested by Scott Gifford of The Internet Ramp. 5654 Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros 5655 before calling the check_relay ruleset. Suggested by Scott 5656 Gifford of The Internet Ramp. 5657 Sendmail would get a segmentation fault if a mailer exited with an 5658 exit code of 79. Problem noted by Aaron Schrab of ExecPC 5659 Internet. Fix from Christophe Wolfhugel of the Pasteur 5660 Institute. 5661 Separate snprintf/vsnprintf routines into separate file for use by 5662 mail.local. 5663 Allow multiple map lookups on right hand side, e.g., 5664 R$* $( host $1 $) $| $( passwd $1 $). Patch from 5665 Christophe Wolfhugel of the Pasteur Institute. 5666 Properly generate success DSN messages if requested for aliases 5667 which have owner- aliases. Problem noted by Kari Hurtta 5668 of the Finnish Meteorological Institute. 5669 Properly display delayed-expansion macros ($&{macroname}) in 5670 address test mode (-bt). Problem noted by Bryan Costales 5671 of InfoBeat, Inc. 5672 -qR could sometimes match names incorrectly. Problem noted by 5673 Lutz Euler of Lavielle EDV Systemberatung GmbH & Co. 5674 Include a magic number and version in the StatusFile for the 5675 mailstats command. 5676 Record the number of rejected and discarded messages in the 5677 StatusFile for display by the mailstats command. Patch 5678 from Randall Winchester of the University of Maryland. 5679 IDENT returns where the OSTYPE field equals "OTHER" now list the 5680 user portion as IDENT:username@site instead of 5681 username@site to differentiate the two. Suggested by 5682 Kari Hurtta of the Finnish Meteorological Institute. 5683 Enforce timeout for LDAP queries. Patch from Per Hedeland of 5684 Ericsson. 5685 Change persistent host status filename substitution so '/' is 5686 replaced by ':' instead of '|' to avoid clashes. Also 5687 avoid clashes with hostnames with leading dots. Fix from 5688 Mitchell Blank Jr. of Exec-PC. 5689 If the system lock table is full, only attempt to create a new 5690 queue entry five times before giving up. Previously, it 5691 was attempted indefinitely which could cause the partition 5692 to run out of inodes. Problem noted by Suzie Weigand of 5693 Stratus Computer, Inc. 5694 In verbose mode, warn if the sendmail.cf version is less than the 5695 currently supported version. 5696 Sorting for QueueSortOrder=host is now case insensitive. Patch 5697 from Randall S. Winchester of the University of Maryland. 5698 Properly quote a full name passed via the -F command line option, 5699 the Full-Name: header, or the NAME environment variable if 5700 it contains characters which must be quoted. Problem noted 5701 by Kari Hurtta of the Finnish Meteorological Institute. 5702 Avoid possible race condition that unlocked a mail job before 5703 releasing the transcript file on systems that use flock(2). 5704 In some cases, this might result in a "Transcript Unavailable" 5705 message in error bounces. 5706 Accept SMTP replies which contain only a reply code and no 5707 accompanying text. Problem noted by Fernando Fraticelli of 5708 Digital Equipment Corporation. 5709 Portability: 5710 AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura 5711 of Kyoto University. 5712 AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from 5713 Randall S. Winchester of the University of 5714 Maryland. 5715 AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS. 5716 CRAY T3E from Manu Mahonen of Center for Scientific Computing 5717 in Finland. 5718 Digital UNIX now uses statvfs for determining free 5719 disk space. Patch from Randall S. Winchester of 5720 the University of Maryland. 5721 HP-UX 11.x from Richard Allen of Opin Kerfi HF and 5722 Regis McEwen of Progress Software Corporation. 5723 IRIX 64 bit fixes from Kari Hurtta of the Finnish 5724 Meteorological Institute. 5725 IRIX 6.2 configuration fix for mail.local from Michael Kyle 5726 of CIC/Advanced Computing Laboratory. 5727 IRIX 6.5 from Thomas H Jones II of SGI. 5728 IRIX 6.X load average code from Bob Mende of SGI. 5729 QNX from Glen McCready <glen@qnx.com>. 5730 SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links 5731 to sendmail. Install with group bin instead of kmem 5732 as kmem does not exist. From Guillermo Freige of 5733 Gobernacion de la Pcia de Buenos Aires and Paul 5734 Fischer of BTG, Inc. 5735 SunOS 4.X does not include memmove(). Patch from 5736 Per Hedeland of Ericsson. 5737 SunOS 5.7 includes getloadavg() function for determining 5738 load average. Patch from John Beck of Sun 5739 Microsystems. 5740 CONFIG: Increment version number of config file. 5741 CONFIG: add DATABASE_MAP_TYPE to set the default type of database 5742 map for the various maps. The default is hash. Patch from 5743 Robert Harker of Harker Systems. 5744 CONFIG: new confEBINDIR m4 variable for defining the executable 5745 directory for certain programs. 5746 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for 5747 local mail delivery. By the default, /usr/libexec/mail.local 5748 is used. This is expected to be the mail.local shipped 5749 with 8.9 which is LMTP capable. The path is based on the 5750 new confEBINDIR m4 variable. 5751 CONFIG: Use confEBINDIR in determining path to smrsh for 5752 FEATURE(smrsh). Note that this changes the default from 5753 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the 5754 old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh). 5755 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to 5756 include $z/.forward.$w+$h and $z/.forward+$h which allow 5757 the user to setup different .forward files for 5758 user+detail addressing. 5759 CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES, 5760 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage, 5761 DontProbeInterfaces, and DontBlameSendmail options. 5762 CONFIG: by default do not allow relaying (that is, accepting mail 5763 from outside your domain and sending it to another host 5764 outside your domain). 5765 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from 5766 any site to any site. 5767 CONFIG: new FEATURE(relay_entire_domain) allows any host in your 5768 domain as defined by the 'm' class ($=m) to relay. 5769 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on 5770 the MX records of the host portion of an incoming recipient. 5771 CONFIG: new FEATURE(access_db) which turns on the access database 5772 feature. This database gives you the ability to allow 5773 or refuse to accept mail from specified domains for 5774 administrative reasons. By default, names that are listed 5775 as "OK" in the access db are domain names, not host names. 5776 CONFIG: new confCR_FILE m4 variable for defining the name of the file 5777 used for class 'R'. Defaults to /etc/mail/relay-domains. 5778 CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file) 5779 to add items to class 'R' ($=R) for hosts allowed to relay. 5780 CONFIG: new FEATURE(relay_hosts_only) to change the behavior 5781 of FEATURE(access_db) and class 'R' to lookup individual 5782 host names only. 5783 CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient 5784 using % addressing is used, e.g. user%site@othersite, 5785 and othersite is in class 'R', the check_rcpt ruleset 5786 will strip @othersite and recheck user@site for relaying. 5787 This feature changes that behavior. It should not be 5788 needed for most installations. 5789 CONFIG: new FEATURE(relay_local_from) to allow relaying if the 5790 domain portion of the mail sender is a local host. This 5791 should only be used if absolutely necessary as it opens 5792 a window for spammers. Patch from Randall S. Winchester of 5793 the University of Maryland. 5794 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to 5795 block incoming mail destined for certain recipient 5796 usernames, hostnames, or addresses. 5797 CONFIG: By default, MAIL FROM: commands in the SMTP session will be 5798 refused if the host part of the argument to MAIL FROM: cannot 5799 be located in the host name service (e.g., DNS). 5800 CONFIG: new FEATURE(accept_unresolvable_domains) accepts 5801 unresolvable hostnames in MAIL FROM: SMTP commands. 5802 CONFIG: new FEATURE(accept_unqualified_senders) accepts 5803 MAIL FROM: senders which do not include a domain. 5804 CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the 5805 Realtime Blackhole List. You can specify the RBL name 5806 server to contact by specifying it as an optional argument. 5807 The default is rbl.maps.vix.com. For details, see 5808 http://maps.vix.com/rbl/. 5809 CONFIG: Call Local_check_relay, Local_check_mail, and 5810 Local_check_rcpt from check_relay, check_mail, and 5811 check_rcpt. Users with local rulesets should place the 5812 rules using LOCAL_RULESETS. If a Local_check_* ruleset 5813 returns $#OK, the message is accepted. If the ruleset 5814 returns a mailer, the appropriate action is taken, else 5815 the return of the ruleset is ignored. 5816 CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by 5817 default to support file, :include:, and program deliveries. 5818 CONFIG: Remove the default for confDEF_USER_ID so the binary can 5819 pick the proper default value. See the SECURITY note 5820 above for more information. 5821 CONFIG: FEATURE(nodns) now warns the user that the feature is a 5822 no-op. Patch from Kari Hurtta of the Finnish 5823 Meteorological Institute. 5824 CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to 5825 daemon since DEC's /bin/mail will drop the envelope 5826 sender if run as mailnull. See the Digital UNIX section 5827 of src/README for more information. Problem noted by 5828 Kari Hurtta of the Finnish Meteorological Institute. 5829 CONFIG: .cf files are now stored in the same directory with the 5830 .mc files instead of in the obj directory. 5831 CONFIG: New options confSINGLE_LINE_FROM_HEADER, 5832 confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for 5833 setting SingleLineFromHeader, AllowBogusHELO, and 5834 MustQuoteChars respectively. 5835 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This 5836 SMTP-like protocol allows detailed reporting of delivery 5837 status on a per-user basis. Code donated by John Myers of 5838 CMU (now of Netscape). 5839 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the 5840 University of Maryland. NOTE: mail.local is not 5841 compatible with the stock HP-UX mail format. Be sure to 5842 read mail.local/README. 5843 MAIL.LOCAL: Prevent other mail delivery agents from stealing a 5844 mailbox lock. Patch from Randall S. Winchester of the 5845 University of Maryland. 5846 MAIL.LOCAL: glibc portability from John Kennedy of Cal State 5847 University, Chico. 5848 MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish 5849 Meteorological Institute. 5850 MAILSTATS: Display the number of rejected and discarded messages 5851 in the StatusFile. Patch from Randall Winchester of the 5852 University of Maryland. 5853 MAKEMAP: New -s flag to ignore safety checks on database map files 5854 such as linked files in world writable directories. 5855 MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support. 5856 PRALIASES: Add support for Berkeley DB 2.X. 5857 PRALIASES: Do not automatically include NDBM support. Problem 5858 noted by Ralf Hildebrandt of the Technical University of 5859 Braunschweig. 5860 RMAIL: Improve portability for other platforms. Patches from 5861 Randall S. Winchester of the University of Maryland and 5862 Kari Hurtta of the Finnish Meteorological Institute. 5863 Changed Files: 5864 src/Makefiles/Makefile.* files have been modified to use 5865 the new build mechanism and are now BuildTools/OS/*. 5866 src/makesendmail changed to symbolic link to src/Build. 5867 New Files: 5868 BuildTools/M4/header.m4 5869 BuildTools/M4/depend/BSD.m4 5870 BuildTools/M4/depend/CC-M.m4 5871 BuildTools/M4/depend/NCR.m4 5872 BuildTools/M4/depend/Solaris.m4 5873 BuildTools/M4/depend/X11.m4 5874 BuildTools/M4/depend/generic.m4 5875 BuildTools/OS/AIX.4.2 5876 BuildTools/OS/AIX.4.x 5877 BuildTools/OS/CRAYT3E.2.0.x 5878 BuildTools/OS/HP-UX.11.x 5879 BuildTools/OS/IRIX.6.5 5880 BuildTools/OS/NEXTSTEP.4.x 5881 BuildTools/OS/NeXT.4.x 5882 BuildTools/OS/NetBSD.8.3 5883 BuildTools/OS/QNX 5884 BuildTools/OS/SunOS.5.7 5885 BuildTools/OS/dcosx.1.x.NILE 5886 BuildTools/README 5887 BuildTools/Site/README 5888 BuildTools/bin/Build 5889 BuildTools/bin/configure.sh 5890 BuildTools/bin/find_m4.sh 5891 BuildTools/bin/install.sh 5892 Makefile 5893 cf/cf/Build 5894 cf/cf/generic-hpux10.cf 5895 cf/feature/accept_unqualified_senders.m4 5896 cf/feature/accept_unresolvable_domains.m4 5897 cf/feature/access_db.m4 5898 cf/feature/blacklist_recipients.m4 5899 cf/feature/loose_relay_check.m4 5900 cf/feature/local_lmtp.m4 5901 cf/feature/promiscuous_relay.m4 5902 cf/feature/rbl.m4 5903 cf/feature/relay_based_on_MX.m4 5904 cf/feature/relay_entire_domain.m4 5905 cf/feature/relay_hosts_only.m4 5906 cf/feature/relay_local_from.m4 5907 cf/ostype/qnx.m4 5908 contrib/doublebounce.pl 5909 mail.local/Build 5910 mail.local/Makefile.m4 5911 mail.local/README 5912 mailstats/Build 5913 mailstats/Makefile.m4 5914 makemap/Build 5915 makemap/Makefile.m4 5916 praliases/Build 5917 praliases/Makefile.m4 5918 rmail/Build 5919 rmail/Makefile.m4 5920 rmail/rmail.0 5921 smrsh/Build 5922 smrsh/Makefile.m4 5923 src/Build 5924 src/Makefile.m4 5925 src/snprintf.c 5926 Deleted Files: 5927 cf/cf/Makefile (replaced by Makefile.dist) 5928 mail.local/Makefile 5929 mail.local/Makefile.dist 5930 mailstats/Makefile 5931 mailstats/Makefile.dist 5932 makemap/Makefile 5933 makemap/Makefile.dist 5934 praliases/Makefile 5935 praliases/Makefile.dist 5936 rmail/Makefile 5937 smrsh/Makefile 5938 smrsh/Makefile.dist 5939 src/Makefile 5940 src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2) 5941 src/Makefiles/Makefile.SMP_DC.OSx.NILE 5942 (renamed BuildTools/OS/dcosx.1.x.NILE) 5943 src/Makefiles/Makefile.Utah (obsolete platform) 5944 Renamed Files: 5945 READ_ME => README 5946 cf/cf/Makefile.dist => Makefile 5947 cf/cf/obj/* => cf/cf/* 5948 src/READ_ME => src/README 5949 59508.8.8/8.8.8 1997/10/24 5951 If the check_relay ruleset failed, the relay= field was logged 5952 incorrectly. Problem noted by Kari Hurtta of the Finnish 5953 Meteorological Institute. 5954 If /usr/tmp/dead.letter already existed, sendmail could not 5955 add additional bounces to it. Problem noted by Thomas J. 5956 Arseneault of SRI International. 5957 If an SMTP mailer used a non-standard port number for the outgoing 5958 connection, it would be displayed incorrectly in verbose mode. 5959 Problem noted by John Kennedy of Cal State University, Chico. 5960 Log the ETRN parameter specified by the client before altering them 5961 to internal form. Suggested by Bob Kupiec of GES-Verio. 5962 EXPN and VRFY SMTP commands on malformed addresses were logging as 5963 User unknown with bogus delay= values. Change them to log 5964 the same as compliant addresses. Problem noted by Kari E. 5965 Hurtta of the Finnish Meteorological Institute. 5966 Ignore the debug resolver option unless using sendmail debug trace 5967 option for resolver. Problem noted by Greg Nichols of Wind 5968 River Systems. 5969 If SingleThreadDelivery was enabled and the remote server returned a 5970 protocol error on the DATA command, the connection would be 5971 closed but the persistent host status file would not be 5972 unlocked so other sendmail processes could not deliver to 5973 that host. Problem noted by Peter Wemm of DIALix. 5974 If queueing up a message due to an expensive mailer, don't increment 5975 the number of delivery attempts or set the last delivery 5976 attempt time so the message will be delivered on the next 5977 queue run regardless of MinQueueAge. Problem noted by 5978 Brian J. Coan of the Institute for Global Communications. 5979 Authentication warnings of "Processed from queue _directory_" and 5980 "Processed by _username_ with -C _filename_" would be logged 5981 with the incorrect timestamp. Problem noted by Kari E. Hurtta 5982 of the Finnish Meteorological Institute. 5983 Use a better heuristic for detecting GDBM. 5984 Log null connections on dropped connections. Problem noted by 5985 Jon Lewis of Florida Digital Turnpike. 5986 If class dbm maps are rebuilt, sendmail will now detect this and 5987 reopen the map. Previously, they could give stale 5988 results during a single message processing (but would 5989 recover when the next message was received). Fix from 5990 Joe Pruett of Q7 Enterprises. 5991 Do not log failures such as "User unknown" on -bv or SMTP VRFY 5992 requests. Problem noted by Kari E. Hurtta of the 5993 Finnish Meteorological Institute. 5994 Do not send a bounce message back to the sender regarding bad 5995 recipients if the SMTP connection is dropped before the 5996 message is accepted. Problem noted by Kari E. Hurtta of the 5997 Finnish Meteorological Institute. 5998 Use "localhost" instead of "[UNIX: localhost]" when connecting to 5999 sendmail via a UNIX pipe. This will allow rulesets using 6000 $&{client_name} to process without sending the string through 6001 dequote. Problem noted by Alan Barrett of Internet Africa. 6002 A combination of deferred delivery mode, a double bounce situation, 6003 and the inability to save a bounce message to 6004 /var/tmp/dead.letter would cause sendmail to send a bounce 6005 to postmaster but not remove the offending envelope from the 6006 queue causing it to create a new bounce message each time the 6007 queue was run. Problem noted by Brad Doctor of Net Daemons 6008 Associates. 6009 Remove newlines from hostname information returned via DNS. There are 6010 no known security implications of newlines in hostnames as 6011 sendmail filters newlines in all vital areas; however, this 6012 could cause confusing error messages. 6013 Starting with sendmail 8.8.6, mail sent with the '-t' option would be 6014 rejected if any of the specified addresses were bad. This 6015 behavior was modified to only reject the bad addresses and not 6016 the entire message. Problem noted by Jozsef Hollosi of 6017 SuperNet, Inc. 6018 Use Timeout.fileopen when delivering mail to a file. Suggested by 6019 Bryan Costales of InfoBeat, Inc. 6020 Display the proper Final-Recipient on DSN messages for non-SMTP 6021 mailers. Problem noted by Kari E. Hurtta of the 6022 Finnish Meteorological Institute. 6023 An error in calculating the available space in the list of addresses 6024 for logging deliveries could cause an address to be silently 6025 dropped. 6026 Include the initial user environment if sendmail is restarted via 6027 a HUP signal. This will give room for the process title. 6028 Problem noted by Jon Lewis of Florida Digital Turnpike. 6029 Mail could be delivered without a body if the machine does not 6030 support flock locking and runs out of processes during 6031 delivery. Fix from Chuck Lever of the University of Michigan. 6032 Drop recipient address from 251 and 551 SMTP responses per RFC 821. 6033 Problem noted by Kari E. Hurtta of the Finnish Meteorological 6034 Institute. 6035 Make sure non-rebuildable database maps are opened before the 6036 rebuildable maps (i.e., alias files) in case the database maps 6037 are needed for verifying the left hand side of the aliases. 6038 Problem noted by Lloyd Parkes of Victoria University. 6039 Make sure sender RFC822 source route addresses are alias expanded for 6040 bounce messages. Problem noted by Juergen Georgi of 6041 RUS University of Stuttgart. 6042 Minor lint fixes. 6043 Return a temporary error instead of a permanent error if an LDAP map 6044 search returns an error. This will allow sequenced maps which 6045 use other LDAP servers to be checked. Fix from Booker Bense 6046 of Stanford University. 6047 When automatically converting from quoted printable to 8bit text do 6048 not pad bare linefeeds with a space. Problem noted by Theo 6049 Nolte of the University of Technology Aachen, Germany. 6050 Portability: 6051 Non-standard C compilers may have had a problem compiling 6052 conf.c due to a standard C external declaration of 6053 setproctitle(). Problem noted by Ted Roberts of 6054 Electronic Data Systems. 6055 AUX: has a broken O_EXCL implementation. Reported by Jim 6056 Jagielski of jaguNET Access Services. 6057 BSD/OS: didn't compile if HASSETUSERCONTEXT was defined. 6058 Digital UNIX: Digital UNIX (and possibly others) moves 6059 loader environment variables into the loader memory 6060 area. If one of these environment variables (such as 6061 LD_LIBRARY_PATH) was the last environment variable, 6062 an invalid memory address would be used by the process 6063 title routine causing memory corruption. Problem 6064 noted by Sam Hartman of Mesa Internet Systems. 6065 GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused 6066 chownsafe() to always return 0 even if the OS does 6067 not permit file giveaways. Problem noted by 6068 Yasutaka Sumi of The University of Tokyo. 6069 IRIX6: Syslog buffer size set to 512 bytes. Reported by 6070 Gerald Rinske of Siemens Business Services VAS. 6071 Linux: Pad process title with NULLs. Problem noted by 6072 Jon Lewis of Florida Digital Turnpike. 6073 SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an 6074 incorrect value for the number of interfaces. 6075 Problem noted by Chris Loelke of JetStream Internet 6076 Services. 6077 SINIX: Update for Makefile and syslog buffer size from Gerald 6078 Rinske of Siemens Business Services VAS. 6079 Solaris: Make sure HASGETUSERSHELL setting for SunOS is not 6080 used on a Solaris machine. Problem noted by 6081 Stephen Ma of Jtec Pty Limited. 6082 CONFIG: SINIX: Update from Gerald Rinske of Siemens Business 6083 Services VAS. 6084 MAKEMAP: Use a better heuristic for detecting GDBM. 6085 CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff. 6086 OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of 6087 Ericsson. 6088 60898.8.7/8.8.7 1997/08/03 6090 If using Berkeley DB on systems without O_EXLOCK (open a file with 6091 an exclusive lock already set -- i.e., almost all systems 6092 except 4.4-BSD derived systems), the initial attempt at 6093 rebuilding aliases file if the database didn't already 6094 exist would fail. Patch from Raymund Will of LST Software 6095 GmbH. 6096 Bogus incoming SMTP commands would reset the SMTP conversation. 6097 Problem noted by Fredrik J�nsson of the Royal Institute 6098 of Technology, Stockholm. 6099 Since TCP Wrappers includes setenv(), unsetenv(), and putenv(), 6100 some environments could give "multiple definitions" for these 6101 routines during compilation. If using TCP Wrappers, assume 6102 that these routines are included as though they were in the 6103 C library. Patch from Robert La Ferla. 6104 When a NEWDB database map was rebuilt at the same time it was being 6105 used by a queue run, the maps could be left locked for the 6106 duration of the queue run, causing other processes to hang. 6107 Problem noted by Kendall Libby of Shore.NET. 6108 In some cases, NoRecipientAction=add-bcc was being ignored, so the 6109 mail was passed on without any recipient header. This could 6110 cause problems downstream. Problem noted by Xander Jansen 6111 of SURFnet ExpertiseCentrum. 6112 Give error when GDBM is used with sendmail. GDBM's locking and 6113 linking of the .dir and .pag files interferes with sendmail's 6114 locking and security checks. Problems noted by Fyodor 6115 Yarochkin of the Kyrgyz Republic FreeNet. 6116 Don't fsync qf files if SuperSafe option is not set. 6117 Avoid extra calls to gethostbyname for addresses for which a 6118 gethostbyaddr found no value. Also, ignore any returns 6119 from gethostbyaddr that look like a dotted quad. 6120 If PTR lookup fails when looking up an SMTP peer, don't tag it as 6121 "may be forged", since at the network level we pretty much 6122 have to assume that the information is good. 6123 In some cases, errors during an SMTP session could leave files 6124 open or locked. 6125 Better handling of missing file descriptors (0, 1, 2) on startup. 6126 Better handling of non-set-user-ID binaries -- avoids certain obnoxious 6127 errors during testing. 6128 Errors in file locking of NEWDB maps had the incorrect file name 6129 printed in the error message. 6130 If the AllowBogusHELO option were set and an EHLO with a bad or 6131 missing parameter were issued, the EHLO behaved like a HELO. 6132 Load limiting never kicked in for incoming SMTP transactions if the 6133 DeliveryMode=background and any recipient was an alias or 6134 had a .forward file. From Nik Conwell of Boston University. 6135 On some non-Posix systems, the decision of whether chown(2) permits 6136 file giveaway was undefined. From Tetsu Ushijima of the 6137 Tokyo Institute of Technology. 6138 Fix race condition that could cause the body of a message to be 6139 lost (so only the header was delivered). This only occurs 6140 on systems that do not use flock(2), and only when a queue 6141 runner runs during a critical section in another message 6142 delivery. Based on a patch from Steve Schweinhart of 6143 Results Computing. 6144 If a qf file was found in a mail queue directory that had a problem 6145 (wrong ownership, bad format, etc.) and the file name was 6146 exactly MAXQFNAME bytes long, then instead of being tried 6147 once, it would be tried on every queue run. Problem noted 6148 by Bryan Costales of Mercury Mail. 6149 If the system supports an st_gen field in the status structure, 6150 include it when reporting that a file has changed after open. 6151 This adds a new compile flag, HAS_ST_GEN (0/1 option). 6152 This out to be checked as well as reported, since it is 6153 theoretically possible for an attacker to remove a file after 6154 it is opened and replace it with another file that has the 6155 same i-number, but some filesystems (notably AFS) return 6156 garbage in this field, and hence always look like the file 6157 has changed. As a practical matter this is not a security 6158 problem, since the files can be neither hard nor soft links, 6159 and on no filesystem (that I am aware of) is it possible to 6160 have two files on the same filesystem with the same i-number 6161 simultaneously. 6162 Delete the root Makefile from the distribution -- it is only for 6163 use internally, and does not work at customer sites. 6164 Fix botch that caused the second MAIL FROM: command in a single 6165 transaction to clear the entire transaction. Problem 6166 noted by John Kennedy of Cal State University, Chico. 6167 Work properly on machines that have _PATH_VARTMP defined without 6168 a trailing slash. (And a pox on vendors that decide to 6169 ignore the established conventions!) Problem noted by 6170 Gregory Neil Shapiro of WPI. 6171 Internal changes to make it easier to add another protocol family 6172 (intended for IPv6). Patches are from John Kennedy of 6173 CSU Chico. 6174 In certain cases, 7->8 bit MIME decoding of Base64 text could leave 6175 an extra space at the beginning of some lines. Problem 6176 noted by Charles Karney of Princeton University; fix based 6177 on a patch from Christophe Wolfhugel. 6178 Portability: 6179 Allow _PATH_VENDOR_CF to be set in Makefile for consistency 6180 with the _Sendmail_ book, 2nd edition. Note that 6181 the book is actually wrong: _PATH_SENDMAILCF should 6182 be used instead. 6183 AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow 6184 of Argonne National Laboratory. 6185 OpenBSD from from Paul DuBois of the University of Wisconsin. 6186 RISC/os 4.0 from Paul DuBois of the University of Wisconsin. 6187 SunOS: Include <memory.h> to fix warning from util.c. From 6188 James Aldridge of EUnet Ltd. 6189 Solaris: Change STDIR (location of status file) to /etc/mail 6190 in Makefiles. 6191 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from 6192 Makefiles. Use NEWDB on Linux instead. 6193 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl 6194 exists but behaves differently than other OSes. 6195 Add SIOCGIFNUM_IS_BROKEN compile flag to get 6196 around the problem. Problem noted by Tom Moore of 6197 NCR Corp. 6198 HP-UX 9.x: fix compile warnings for old select API. Problem 6199 noted by Tom Smith of Digital Equipment Corp. 6200 UnixWare 2.x: compile warnings on offsetof macro. Problem 6201 noted by Tom Good of the Community Access Information 6202 Resource Network 6203 SCO 4.2: compile problems caused by a change in the type of 6204 the "length" parameters passed to accept, getpeername, 6205 getsockname, and getsockopt. Adds new compile flags 6206 SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported 6207 by Tom Good of St. Vincent's North Richmond Community 6208 Mental Health Center Residential Services. 6209 AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. 6210 Suggested by Brett Hogden of Rochester Gas & Electric 6211 Corp. 6212 Linux: avoid compile problem for versions of <setjmp.h> that 6213 #define both setjmp and longjmp. Problem pointed out 6214 by J.R. Oldroyd of TerraNet. 6215 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1) 6216 from Christopher Durham of SCO. 6217 CONFIG: NEXTSTEP: define confCW_FILE to 6218 /etc/sendmail/sendmail.cw to match the usual 6219 configuration. Patch from Dennis Glatting of 6220 PlainTalk. 6221 CONFIG: MAILER(fax) called a program that hasn't existed for a long 6222 time. Convert to use the HylaFAX 4.0 conventions. Suggested 6223 by Harry Styron. 6224 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These 6225 are the rulesets in use on sendmail.org. 6226 MAKEMAP: give error on GDBM files. 6227 MAIL.LOCAL: Make error messages a bit more explicit, for example, 6228 telling more details on what actually changed when "file 6229 changed after open". 6230 CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw 6231 files. 6232 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'. 6233 NEW FILES: 6234 src/Makefiles/Makefile.OpenBSD 6235 src/Makefiles/Makefile.RISCos.4_0 6236 test/t_exclopen.c 6237 cf/ostype/sco-uw-2.1.m4 6238 DELETED FILES: 6239 Makefile 6240 62418.8.6/8.8.6 1997/06/14 6242 ************************************************************* 6243 * The extensive assistance of Gregory Neil Shapiro of WPI * 6244 * in preparing this release is gratefully appreciated. * 6245 * Sun Microsystems has also provided resources toward * 6246 * continued sendmail development. * 6247 ************************************************************* 6248 SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open 6249 mode bits set to create a file that is a symbolic link that 6250 points nowhere. This makes it possible to create a root 6251 owned file in an arbitrary directory by inserting the symlink 6252 into a writable directory after the initial lstat(2) check 6253 determined that the file did not exist. The only verified 6254 example of a system having these odd semantics for O_EXCL 6255 and symbolic links was HP-UX prior to version 9.07. Most 6256 systems do not have the problem, since a exclusive create 6257 of a file disallows symbolic links. Systems that have been 6258 verified to NOT have the problem include AIX 3.x, *BSD, 6259 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris, 6260 and Ultrix. This is a potential exposure on systems that 6261 have this bug and which do not have a MAILER-DAEMON alias 6262 pointing at a legitimate account, since this will cause old 6263 mail to be dropped in /var/tmp/dead.letter. 6264 SECURITY: Problems can occur on poorly managed systems, specifically, 6265 if maps or alias files are in world writable directories. 6266 If your system has alias maps in writable directories, it 6267 is potentially possible for an attacker to replace the .db 6268 (or .dir and .pag) files by symbolic links pointing at 6269 another database; this can be used either to expose 6270 information (e.g., by pointing an alias file at /etc/spwd.db 6271 and probing for accounts), or as a denial-of-service attack 6272 (by trashing the password database). The fix disallows 6273 symbolic links entirely when rebuilding alias files or on 6274 maps that are in writable directories, and always warns on 6275 writable directories; 8.9 will probably consider writable 6276 directories to be fatal errors. This does not represent an 6277 exposure on systems that have alias files in unwritable 6278 system directories. 6279 SECURITY: disallow .forward or :include: files that are links (hard 6280 or soft) if the parent directory (or any directory in the 6281 path) is writable by anyone other than the owner. This is 6282 similar to the previous case for user files. This change 6283 should not affect most systems, but is necessary to prevent 6284 an attacker who can write the directory from pointing such 6285 files at other files that are readable only by the owner. 6286 SECURITY: Tighten safechown rules: many systems will say that they 6287 have a safe (restricted to root) chown even on files that 6288 are mounted from another system that allows owners to give 6289 away files. The new rules are very strict, trusting file 6290 ownership only in those few cases where the system has 6291 been verified to be at least as paranoid as necessary. 6292 However, it is possible to relax the rules to partially 6293 trust the ownership if the directory path is not world or 6294 group writable. This might allow someone who has a legitimate 6295 :include: file (referenced directly from /etc/aliases) to 6296 become another non-root user if the :include: file is in a 6297 non-writable directory on an NFS-mounted filesystem where 6298 the local system says that giveaway is denied but it is 6299 actually permitted. I believe this to be a very small set 6300 of cases. If in doubt, do not point :include: aliases at 6301 NFS-mounted filesystems. 6302 SECURITY: When setting a numeric group id using the RunAsUser option 6303 (e.g., "O RunAsUser=10:20", the group id would not be set. 6304 Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha 6305 group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine. 6306 The user id was still set properly. Problem noted by Uli 6307 Pralle of the Technical University of Berlin. 6308 Save the initial gid set for use when checking for if the 6309 PrivacyOptions=restrictmailq option is set. Problem reported 6310 by Wolfgang Ley of DFN-CERT. 6311 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a 6312 failure on one message won't affect future messages to the 6313 same host). 6314 IP source route printing had an "off by one" error that would 6315 affect any options that came after the route option. Patch 6316 from Theo de Raadt. 6317 The "Message is too large" error didn't successfully bounce the error 6318 back to the sender. Problem reported by Stephen More of 6319 PSI; patch from Gregory Neil Shapiro of WPI. 6320 Change SMTP status code 553 to map into Extended code 5.1.0 (instead 6321 of 5.1.3); it apparently gets used in multiple ways. 6322 Suggested by John Myers of Portola Communications. 6323 Fix possible extra null byte generated during collection if errors 6324 occur at the beginning of the stream. Patch contributed by 6325 Andrey A. Chernov and Gregory Neil Shapiro. 6326 Code changes to avoid possible reentrant call of malloc/free within 6327 a signal handler. Problem noted by John Beck of Sun 6328 Microsystems. 6329 Move map initialization to be earlier so that check_relay ruleset 6330 will have the latest version of the map data. Problem noted 6331 by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro. 6332 If there are fatal errors during the collection phase (e.g., message 6333 too large) don't send the bogus message. 6334 Avoid "cannot open xfAAA00000" messages when sending to aliases that 6335 have errors and have owner- aliases. Problem noted by Michael 6336 Barber of MTU; fix from Gregory Neil Shapiro of WPI. 6337 Avoid null pointer dereference on illegal Boundary= parameters in 6338 multipart/mixed Content-Type: header. Problem noted by 6339 Richard Muirden of RMIT University. 6340 Always print error messages during newaliases (-bi) even if the 6341 ErrorMode is not set to "print". Fix from Gregory Neil 6342 Shapiro. 6343 Test mode could core dump if you did a /map lookup in an optional map 6344 that could not be opened. Based on a fix from John Beck of 6345 Sun Microsystems. 6346 If DNS is misconfigured so that the last MX record tried points to 6347 a host that does not have an A record, but other MX records 6348 pointed to something reasonable, don't bounce the message 6349 with a "host unknown" error. Note that this should really 6350 be fixed in the zone file for the domain. Problem noted by 6351 Joe Rhett of Navigist, Inc. 6352 If a map fails (e.g., DNS times out) on all recipient addresses, mark 6353 the message as having been tried; otherwise the next queue 6354 run will not realize that this is a second attempt and will 6355 retry immediately. Problem noted by Bryan Costales of 6356 Mercury Mail. 6357 If the clock is set backwards, and a MinQueueAge is set, no jobs 6358 will be run until the later setting of the clock is reached. 6359 "Problem" (I use the term loosely) noted by Eric Hagberg of 6360 Morgan Stanley. 6361 If the load average rises above the cutoff threshold (above which 6362 sendmail will not process the queue at all) during a queue 6363 run, abort the queue run immediately. Problem noted by 6364 Bryan Costales of Mercury Mail. 6365 The variable queue processing algorithm (based on the message size, 6366 number of recipients, message precedence, and job age) was 6367 non-functional -- either the entire queue was processed or 6368 none of the queue was processed. The updated algorithm 6369 does no queue run if a single recipient zero size job will 6370 not be run. 6371 If there is a fatal ("panic") message that will cause sendmail to 6372 die immediately, never hold the error message for future 6373 printing. 6374 Force ErrorMode=print in -bt mode so that all errors are printed 6375 regardless of the setting of the ErrorMode option in the 6376 configuration file. Patch from Gregory Neil Shapiro. 6377 New compile flag HASSTRERROR says that this OS has the strerror(3) 6378 routine available in one of the libraries. Use it in conf.h. 6379 The -m (match only) flag now works on host class maps. 6380 If class hash or btree maps are rebuilt, sendmail will now detect 6381 this and reopen the map. Previously, they could give 6382 erroneous results during a single message processing 6383 (but would recover when the next message was received). 6384 Don't delete zero length queue files when doing queue runs until the 6385 files are at least ten minutes old. This avoids a potential 6386 race condition: the creator creates the qf file, getting back 6387 a file descriptor. The queue runner locks it and deletes it 6388 because it is zero length. The creator then writes the 6389 descriptor that is now for a disconnected file, and the 6390 job goes away. Based on a suggestion by Bryan Costales. 6391 When determining the "validated" host name ($_ macro), do a forward 6392 (A) DNS lookup on the result of the PTR lookup and compare 6393 results. If they differ or if the PTR lookup fails, tag the 6394 address as "may be forged". 6395 Log null connections (i.e., hosts that connect but do not do any 6396 substantive activity on the connection before disconnecting; 6397 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN. 6398 Always permit "writes" to /dev/null regardless of the link count. 6399 This is safe because /dev/null is special cased, and no open 6400 or write is ever actually attempted. Patch from Villy Kruse 6401 of TwinCom. 6402 If a message cannot be sent because of a 552 (exceeded storage 6403 allocation) response to the MAIL FROM:<>, and a SIZE= parameter 6404 was given, don't return the body in the bounce, since there 6405 is a very good chance that the message will double-bounce. 6406 Fix possible line truncation if a quoted-printable had an =00 escape 6407 in the body. Problem noted by Charles Karney of the Princeton 6408 Plasma Physics Laboratory. 6409 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses. 6410 Problem noted by Kari Hurtta of the Finnish Meteorological 6411 Institute. 6412 The MaxDaemonChildren option wasn't applying to queue runs as 6413 documented. Note that this increases the potential denial 6414 of service problems with this option: an attacker can 6415 connect many times, and thereby lock out queue runs as well 6416 as incoming connections. If you use this option, you should 6417 run the "sendmail -bd" and "sendmail -q30m" jobs separately 6418 to avoid this attack. Failure to limit noted by Matthew 6419 Dillon of BEST Internet Communications. 6420 Always give a message in newaliases if alias files cannot be 6421 opened instead of failing silently. Suggested by Gregory 6422 Neil Shapiro. This change makes the code match the O'Reilly 6423 book (2nd edition). 6424 Some older versions of the resolver could return with h_errno == -1 6425 if no name server could be reached, causing mail to bounce 6426 instead of queueing. Treat this like TRY_AGAIN. Fix from 6427 John Beck of SunSoft. 6428 If a :include: file is owned by a user that does not have an entry 6429 in the passwd file, sendmail could dereference a null pointer. 6430 Problem noted by Satish Mynam of Sun Microsystems. 6431 Take precautions to make sure that the SMTP protocol cannot get out 6432 of sync if (for example) an alias file cannot be opened. 6433 Fix a possible race condition that can cause a SIGALRM to come in 6434 immediately after a SIGHUP, causing the new sendmail to die. 6435 Avoid possible hang on SVr3 systems when doing child reaping. Patch 6436 from Villy Kruse of TwinCom. 6437 Ignore improperly formatted SMTP reply codes. Previously these were 6438 partially processed, which could cause confusing error 6439 returns. 6440 Fix possible bogus pointer dereference when doing ldapx map lookups 6441 on some architectures. 6442 Portability: 6443 A/UX: from Jim Jagielski of NASA/GSFC. 6444 glibc: SOCK_STREAM was changed from a #define to an enum, 6445 thus breaking #ifdef SOCK_STREAM. Only option seems 6446 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is 6447 defined. Problem reported by A Sun of the University 6448 of Washington. 6449 Solaris: use SIOCGIFNUM to get the number of interfaces on 6450 the system rather than guessing at compile time. 6451 Patch contributed by John Beck of Sun Microsystems. 6452 Intel Paragon: from Wendy Lin of Purdue University. 6453 GNU Hurd: from Miles Bader of the GNU project. 6454 RISC/os 4.50 from Harlan Stenn of PFCS Corporation. 6455 ISC Unix: wait never returns if SIGCLD signals are blocked. 6456 Unfortunately releasing them opens a race condition, 6457 but there appears to be no fix for this. Patch from 6458 Gregory Neil Shapiro. 6459 BIND 8.1 for IPv6 compatibility from John Kennedy. 6460 Solaris: a bug in strcasecmp caused characters with the 6461 high order bit set to apparently randomly match 6462 letters -- for example, $| (0233) matches "i" and "I". 6463 Problem noted by John Gregson of the University of 6464 Cambridge. 6465 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From 6466 Kari Hurtta. 6467 IRIX 6.x: Create Makefiles for systems that claim to be 6468 IRIX64 but are 6.2 or higher (so use the regular 6469 IRIX Makefile). 6470 IRIX 6.x: Fix load average computation on 64 bit kernels. 6471 Problem noted by Eric Hagberg of Morgan Stanley. 6472 CONFIG: Some canonification was still done for UUCP-like addresses 6473 even if FEATURE(nocanonify) was set. Problem pointed out by 6474 Brian Candler. 6475 CONFIG: In some cases UUCP mailers wouldn't properly recognize all 6476 local names as local. Problem noted by Jeff Polk of BSDI; 6477 fix provided by Gregory Neil Shapiro. 6478 CONFIG: The "local:user" syntax entries in mailertables and other 6479 "mailer:user" syntax locations returned an incorrect value 6480 for the $h macro. Problem noted by Gregory Neil Shapiro. 6481 CONFIG: Retain "+detail" information when forwarding mail to a 6482 MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip 6483 Guenther of Gustavus Adolphus College. 6484 CONFIG: Make sure user+detail works for FEATURE(virtusertable); 6485 rules are the same as for aliasing. Based on a patch from 6486 Gregory Neil Shapiro. 6487 CONFIG: Break up parsing rules into several pieces; this should 6488 have no functional change in this release, but makes it 6489 possible to have better anti-spam rulesets in the future. 6490 CONFIG: Disallow double dots in host names to avoid having the 6491 HostStatusDirectory store status under the wrong name. 6492 In some cases this can be used as a denial-of-service attack. 6493 Problem noted by Ron Jarrell of Virginia Tech, patch from 6494 Gregory Neil Shapiro. 6495 CONFIG: Don't use F=m (multiple recipients per invocation) for 6496 MAILER(procmail), but do pass F=Pn9 (include Return-Path:, 6497 don't include From_, and convert to 8-bit). Suggestions 6498 from Kimmo Suominen and Roderick Schertler. 6499 CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were 6500 being masqueraded as though FEATURE(masquerade_entire_domain) 6501 was specified, even when it wasn't. 6502 MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft. 6503 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't 6504 "slip in" a symbolic link between the lstat(2) call and the 6505 exclusive open. This is only a problem on System V derived 6506 systems that allow an exclusive create on files that are 6507 symbolic links pointing nowhere. 6508 MAIL.LOCAL: If the final mailbox close() failed, the user id was 6509 not reset back to root, which on some systems would cause 6510 later mailboxes to fail. Also, any partial message would 6511 not be truncated, which could result in repeated deliveries. 6512 Problem noted by Bruce Evans via Peter Wemm (FreeBSD 6513 developers). 6514 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar 6515 change to the sendmail map code was made in 8.8.3. Problem 6516 noted by Gregory Neil Shapiro. 6517 MAKEMAP: Give warnings on file problems such as map files that are 6518 symbolic links; although makemap is not set-user-ID root, it is 6519 often run as root and hence has the potential for the same 6520 sorts of problems as alias rebuilds. 6521 MAKEMAP: Change compilation so that it will link properly on 6522 NEXTSTEP. 6523 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. 6524 Accept an optional list of arguments following the server 6525 name for the ETRN arguments to use (instead of $=w). Other 6526 miscellaneous bug fixes. From Christian von Roques via 6527 John Beck of Sun Microsystems. 6528 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This 6529 Perl script converts GECOS information in the /etc/passwd 6530 file into aliases, allowing for faster access to full name 6531 lookups; it is also clever about adding aliases (to root) 6532 for system accounts. 6533 NEW FILES: 6534 src/safefile.c 6535 cf/ostype/gnuhurd.m4 6536 cf/ostype/irix6.m4 6537 contrib/passwd-to-alias.pl 6538 src/Makefiles/Makefile.IRIX64.6.1 6539 src/Makefiles/Makefile.IRIX64.6.x 6540 RENAMED FILES: 6541 src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x 6542 src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0 6543 65448.8.5/8.8.5 1997/01/21 6545 SECURITY: Clear out group list during startup. Without this, sendmail 6546 will continue to run with the group permissions of the caller, 6547 even if RunAsUser is specified. 6548 SECURITY: Make purgestat (-bH) be root-only. This is not in response 6549 to any known attack, but it's best to be conservative. 6550 Suggested by Peter Wemm of DIALix. 6551 SECURITY: Fix buffer overrun problem in MIME code that has possible 6552 security implications. Patch from Alex Garthwaite of the 6553 University of Pennsylvania. 6554 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'") 6555 would truncate the address after "Full". Although the -f 6556 syntax is incorrect (since it is in the envelope, it 6557 shouldn't have comments and full names), the failure mode 6558 was unnecessarily awful. 6559 Fix a possible null pointer dereference when converting 8-bit data 6560 to a 7-bit format. Problem noted by Jim Hutchins of 6561 Sandia National Labs and David James of British Telecom. 6562 Clear out stale state that affected F=9 on SMTP mailers in queue 6563 runs. Although this really shouldn't be used (F=9 is for 6564 final delivery only, and using it on an SMTP mailer makes 6565 it possible for a message to be converted from 8->7->8->7 6566 bits several times), it shouldn't have failed with a syserr. 6567 Problem noted by Eric Hagberg of Morgan Stanley. 6568 _Really_ fix the multiple :maildrop code in the user database 6569 module. Patch from Roy Mongiovi of Georgia Tech. 6570 Let F lines in the configuration file actually read root-only 6571 files if the configuration file is safe. Based on a 6572 patch from Keith Reynolds of SCO. 6573 ETRN followed by QUIT would hold the connection open until the queue 6574 run completed. Problem noted by Truck Lewis of TDK 6575 Semiconductor Corp. 6576 It turns out that despite the documentation, the TCP wrappers library 6577 does _not_ log rejected connections. Do the logging ourselves. 6578 Problem noted by Fletcher Mattox of the University of Texas 6579 at Austin. 6580 If sendmail finds a qf file in its queue directory that is an unknown 6581 version (e.g., when backing out to an old version), the 6582 error is reported on every queue run. Change it to only 6583 give the error once (and rename the qf => Qf). Patch from 6584 William A. Gianopoulos of Raytheon Company. 6585 Start a new session when doing background delivery; currently it 6586 ignored signals but didn't start a new signal, that caused 6587 some problems if a background process tried to send mail 6588 under certain circumstances. Problem noted by Eric Hagberg 6589 of Morgan Stanley; fix from Kari Hurtta. 6590 Simplify test for skipping a queue run to just check if the current 6591 load average is >= the queueing load average. Previously 6592 the check factored in some other parameters that caused it 6593 to essentially never skip the queue run. Patch from Bryan 6594 Costales. 6595 If the SMTP server is running in "nullserver" mode (that is, it is 6596 rejecting all commands), start sleeping after MAXBADCOMMAND 6597 (25) commands; this helps prevent a bad guy from putting 6598 you into a tight loop as a denial-of-service attack. Based 6599 on an e-mail conversation with Brad Knowles of AOL. 6600 Slow down when too many "light weight" commands have been issued; 6601 this helps prevent a class of denial-of-service attacks. 6602 The current values and defaults are: 6603 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 6604 MAXHELOCOMMANDS 3 HELO, EHLO 6605 MAXVRFYCOMMANDS 6 VRFY, EXPN 6606 MAXETRNCOMMANDS 8 ETRN 6607 These will probably be configurable in a future release. 6608 On systems that have uid_t typedefed to be an unsigned short, programs 6609 that had the F=S flag and no U= equate would be invoked with 6610 the real uid set to 65535 rather than being left unchanged. 6611 In some cases, NOTIFY=NEVER was not being honored. Problem noted 6612 by Steve Hubert of the University of Washington, Seattle. 6613 Mail that was Quoted-Printable encoded and had a soft line break on 6614 the last line (i.e., an incomplete continuation) had the last 6615 line dropped. Since this appears to be illegal it isn't 6616 clear what to do with it, but flushing the last line seems 6617 to be a better "fail soft" approach. Based on a patch from 6618 Eric Hagberg. 6619 If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a 6620 bogus HELO command still causes the "Polite people say HELO 6621 first" error message. Problem pointed out by Chris Thomas 6622 of UCLA; patch from John Beck of SunSoft. 6623 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set 6624 in PrivacyOptions. The -q shouldn't turn this command off. 6625 Problem noted by Murray Kucherawy of Pacific Bell Internet; 6626 based on a patch from Gregory Neil Shapiro of WPI. 6627 Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation) 6628 in a DATA transaction to be sticky; these can occur because 6629 a message is too large, and smaller messages should still go 6630 through. Problem noted by Matt Dillon of Best Internet 6631 Communications. 6632 In some cases bounces were saved in /var/tmp/dead.letter even if they 6633 had been successfully delivered to the envelope sender. 6634 Problem noted Eric Hagberg of Morgan Stanley; solution from 6635 Gregory Neil Shapiro of WPI. 6636 Give better diagnostics on long alias lines. Based on code contributed 6637 by Patrick Gosling of the University of Cambridge. 6638 Increase the number of virtual interfaces that will be probed for 6639 alternate names. Problem noted by Amy Rich of Shore.Net. 6640 PORTABILITY: 6641 UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from 6642 Toshiaki Nomura of Fujitsu Limited. 6643 SunOS with LDAP support: compile problems with struct timeval. 6644 Patch from Nick Cuccia of TCSI Corporation. 6645 SCO: from Keith Reynolds of SCO. 6646 Solaris: kstat load average computation wasn't being used. 6647 Fixes from Michael Ju. Tokarev of Telecom Service, JSC 6648 (Moscow). 6649 OpenBSD: from Jason Downs of teeny.org. 6650 Altos System V: from Tim Rice. 6651 Solaris 2.5: from Alan Perry of SunSoft. 6652 Solaris 2.6: from John Beck of SunSoft. 6653 Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli 6654 of Pratt & Whitney <miorelli@pweh.com>. 6655 CONFIG: It seems that I hadn't gotten the Received: line syntax 6656 _just_right_ yet. Tweak it again. I'll omit the names 6657 of the "contributors" (quantity two) in this one case. 6658 As of now, NO MORE DISCUSSION about the syntax of the 6659 Received: line. 6660 CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E), 6661 it never inserts that class into the output file. Fix it 6662 so it will honor EXPOSED_USER but will _not_ include root 6663 automatically in this class. Problem noted by Ronan KERYELL 6664 of Centre de Recherche en Informatique de l'�cole Nationale 6665 Sup�rieure des Mines de Paris (CRI-ENSMP). 6666 CONFIG: Clean up handling of "local:" syntax in relay specifications 6667 such as LUSER_RELAY. This change permits the following 6668 syntaxes: ``local:'' will send to the same user on the 6669 local machine (e.g., in a mailertable entry for "host", 6670 ``local:'' will cause an address addressed to user@host to 6671 go to user on the local machone). ``local:user'' will send 6672 to the named user on the local machine. ``local:user@host'' 6673 is equivalent to ``local:user'' (the host is ignored). In 6674 all cases, the original user@host is passed in $@ (i.e., the 6675 detail information). Inspired by a report from Michael Fuhr. 6676 CONFIG: Strip quotes from the first word of an "error:" host 6677 indication. This lets you set (for example) the LUSER_RELAY 6678 to be ``error:\"5.1.1\" Your Message Here''. Note the use 6679 of the \" so that the resulting string is properly quoted. 6680 Problem noted by Gregory Neil Shapiro of WPI. 6681 OP.ME: documentation was inconsistent about whether sendmail did a 6682 NOOP or a RSET to probe the connection (it does a RSET). 6683 Inconsistency noted by Deeran Peethamparam. 6684 OP.ME: insert additional blank pages so it will print properly on 6685 a duplex printer. From Matthew Black of Cal State University, 6686 Long Beach. 6687 66888.8.4/8.8.4 1996/12/02 6689 SECURITY: under some circumstances, an attacker could get additional 6690 permissions by hard linking to files that were group 6691 writable by the attacker. The solution is to disallow any 6692 files that have hard links -- this will affect .forward, 6693 :include:, and output files. Problem noted by Terry 6694 Kyriacopoulos of Interlog Internet Services. As a 6695 workaround, set UnsafeGroupWrites -- always a good idea. 6696 SECURITY: the TryNullMXList (w) option should not be safe -- if it 6697 is, it is possible to do a denial-of-service attack on 6698 MX hosts that rely on the use of the null MX list. There 6699 is no danger if you have this option turned off (the default). 6700 Problem noted by Dan Bernstein. Also, make the DontInitGroups 6701 unsafe. I know of no specific attack against this, although 6702 a denial-of-service attack is probably possible, but in theory 6703 you should not be able to safely tweak anything that affects 6704 the permissions that are used when mail is delivered. 6705 Purgestat could go into an infinite loop if one of the host status 6706 directories somehow became empty. Problem noted by Roy 6707 Mongiovi of Georgia Tech. 6708 Processes got "lost" when counting children due to a race condition. 6709 This caused "proc_list_probe: lost pid" messages to be logged. 6710 Problem noted by several people. 6711 On systems with System V SIGCLD child signal semantics (notably AIX 6712 and HP-UX), mail transactions would print the message "451 6713 SMTP-MAIL: lost child: No child processes". Problem noted 6714 by several people. 6715 Miscellaneous compiler warnings on picky compilers (or when setting 6716 gcc to high warning levels). From Tom Moore of NCR Corp. 6717 SMTP protocol errors, and most errors on MAIL FROM: lines should 6718 not be persistent between runs, since they are based on the 6719 message rather than the host. Problem noted by Matt Dillon 6720 of Best Internet Communications. 6721 The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore 6722 of NCR (a.k.a., AT&T Global Information Solutions). 6723 Avoid the possibility of having a child daemon run to completion 6724 (including closing the SMTP socket) before the parent has 6725 had a chance to close the socket; this can cause the parent 6726 to hang for a long time waiting for the socket to drain. 6727 Patch from Don Lewis of TDK Semiconductor. 6728 If the fork() failed in a queue run, the queue runners would not be 6729 rescheduled (so queue runs would stop). Patch from Don Lewis. 6730 Some error conditions in ETRN could cause output without an SMTP 6731 status code. Problem noted by Don Lewis. 6732 Multiple :maildrop addresses in the user database didn't work properly. 6733 Patch from Roy Mongiovi of Georgia Tech. 6734 Add ".db" automatically onto any user database spec that does not 6735 already have it; this is for consistency with makemap, the 6736 K line, and the documentation. Inconsistency pointed out 6737 by Roy Mongiovi. 6738 Allow sendmail to be properly called in nohup mode. Patch from 6739 Kyle Jones of UUNET. 6740 Change ETRN to ignore but still update host status files; previously 6741 it would ignore them and not save the updated status, which 6742 caused stale information to be maintained. Based on a patch 6743 from Christopher Davis of Kapor Enterprises Inc. Also, have 6744 ETRN ignore the MinQueueAge option. 6745 Patch long term host status to recover more gracefully from an empty 6746 host status file condition. Patch from NAKAMURA Motonori 6747 of Kyoto University. 6748 Several patches to signal handling code to fix potential race 6749 conditions from Don Lewis. 6750 Make it possible to compile with -DDAEMON=0 (previously it had some 6751 compile errors). This turns DAEMON, QUEUE, and SMTP into 6752 0/1 compilation flags. Note that DAEMON is an obsolete 6753 compile flag; use NETINET instead. Solution based on a 6754 patch from Bryan Costales. 6755 PORTABILITY FIXES: 6756 AIX4: getpwnam() and getpwuid() do a sequential scan of the 6757 /etc/security/passwd file when called as root. This 6758 is very slow on some systems. To speed it up, use the 6759 (undocumented) _getpw{nam,uid}_shadow() routines. 6760 Patch from Chris Thomas of UCLA/OAC Systems Group. 6761 SCO 5.x: include -lprot in the Makefile. Patch from Bill 6762 Glicker of Burrelle's Information Service. 6763 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch 6764 from Makoto MATSUSHITA of Osaka University. 6765 SunOS 4.0.3: compile problems. Patches from Andrew Cole of 6766 Leeds University and SASABE Tetsuro of the University 6767 of Tokyo. 6768 DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support 6769 Services, Inc. 6770 Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp. 6771 I believe this to have only been a problem if you 6772 compiled with -DUSE_VENDOR_CF_PATH -- another reason 6773 to stick with /etc/sendmail.cf as your One True Path. 6774 Digital UNIX (OSF/1 on Alpha) load average computation from 6775 Martin Laubach of the Technischen Universit�t Wien. 6776 CONFIG: change default Received: line to be multiple lines rather 6777 than one long one. By popular demand. 6778 MAIL.LOCAL: warnings weren't being logged on some systems. Patch 6779 from Jerome Berkman of U.C. Berkeley. 6780 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs 6781 to take a very long time. Problem noted by Yoshiro YONEYA 6782 of NTT Software Corporation. 6783 CONTRIB: add etrn.pl, contributed by John Beck. 6784 NEW FILES: 6785 contrib/etrn.pl 6786 67878.8.3/8.8.3 1996/11/17 6788 SECURITY: it was possible to get a root shell by lying to sendmail 6789 about argv[0] and then sending it a signal. Problem noted 6790 by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the 6791 best-of-security list. 6792 Log sendmail binary version number in "Warning: .cf version level 6793 (%d) exceeds program functionality (%d) message" -- this 6794 should make it clearer to people that they are running 6795 the wrong binary. 6796 Fix a problem that occurs when you open an SMTP connection and then 6797 do one or more ETRN commands followed by a MAIL command; at 6798 the end of the DATA phase sendmail would incorrectly report 6799 "451 SMTP-MAIL: lost child: No child processes". Problem 6800 noted by Eric Bishop of Virginia Tech. 6801 When doing text-based host canonification (typically /etc/hosts 6802 lookup), a null host name would match any /etc/hosts entry 6803 with space at the end of the line. Problem noted by Steve 6804 Hubert of the University of Washington, Seattle. 6805 7 to 8 bit BASE64 MIME conversions could duplicate bits of text. 6806 Problem reported by Tom Smith of Digital Equipment Corp. 6807 Increase the size of the DNS answer buffer -- the standard UDP packet 6808 size PACKETSZ (512) is not sufficient for some nameserver 6809 answers containing very many resource records. The resolver 6810 may also switch to TCP and retry if it detects UDP packet 6811 overflow. Also, allow for the fact that the resolver 6812 routines res_query and res_search return the size of the 6813 *un*truncated answer in case the supplied answer buffer it 6814 not big enough to accommodate the entire answer. Patch from 6815 Eric Wassenaar. 6816 Improvements to MaxDaemonChildren code. If you think you have too 6817 many children, probe the ones you have to verify that they 6818 are still around. Suggested by Jared Mauch of CICnet, Inc. 6819 Also, do this probe before growing the vector of children 6820 pids; this previously caused the vector to grow indefinitely 6821 due to a race condition. Problem reported by Kyle Jones of 6822 UUNET. 6823 On some architectures, <db.h> (from the Berkeley DB library) defines 6824 O_EXLOCK to zero; this fools the map compilation code into 6825 thinking that it can avoid race conditions by locking on open. 6826 Change it to check for O_EXLOCK non-zero. Problem noted by 6827 Leif Erlingsson of Data Lege. 6828 Always call res_init() on startup (if compiled in, of course) to 6829 allow the sendmail.cf file to tweak resolver flags; without 6830 it, flag tweaks in ResolverOptions are ignored. Patch from 6831 Andrew Sun of Merrill Lynch. 6832 Improvements to host status printing code. Suggested by Steve Hubert 6833 of the University of Washington, Seattle. 6834 Change MinQueueAge option processing to do the check for the job age 6835 when reading the queue file, rather than at the end; this 6836 avoids parsing the addresses, which can do DNS lookups. 6837 Problem noted by John Beck of InReference, Inc. 6838 When MIME was being 7->8 bit decoded, "From " lines weren't being 6839 properly escaped. Problem noted by Peter Nilsson of the 6840 University of Linkoping. 6841 In some cases, sendmail would retain root permissions during queue 6842 runs even if RunAsUser was set. Problem noted by Mark 6843 Thomas of Mark G. Thomas Consulting. 6844 If the F=l flag was set on an SMTP mailer to indicate that it is 6845 actually local delivery, and NOTIFY=SUCCESS is specified in 6846 the envelope, and the receiving SMTP server speaks DSN, then 6847 the DSN would be both generated locally and propagated to the 6848 other end. 6849 The U= mailer field didn't correctly extract the group id if the 6850 user id was numeric. Problem noted by Kenneth Herron of 6851 MCI Telecommunications Communications. 6852 If a message exceeded the fixed maximum size on input, the body of 6853 the message was included in the bounce. Note that this did 6854 not occur if it exceeded the maximum _output_ size. Problem 6855 reported by Kyle Jones of UUNET. 6856 PORTABILITY FIXES: 6857 AIX4: 4.1 doesn't have a working setreuid(2); change the 6858 AIX4 defines to use seteuid(2) instead, which 6859 works on 4.1 as well as 4.2. Problem noted by 6860 H�kan Lindholm of interAF, Sweden. 6861 AIX4: use tzname[] vector to determine time zone name. 6862 Patch from NAKAMURA Motonori of Kyoto University. 6863 MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support. 6864 Contributed by Paul DuBois <dubois@primate.wisc.edu>. 6865 Solaris: kstat(3k) support for retrieving the load average. 6866 This adds the LA_KSTAT definition for LA_TYPE. 6867 The outline of the implementation was contributed 6868 by Michael Tokarev of Telecom Service, JSC, Moscow. 6869 HP-UX 10.0 gripes about the (perfectly legal!) forward 6870 declaration of struct rusage at the top of conf.h; 6871 change it to only be included if you are using gcc, 6872 which is apparently the only compiler that requires 6873 it in the first place. Problem noted by Jeff 6874 Earickson of Colby College. 6875 IRIX: don't default to using gcc. IRIX is a civilized 6876 operating system that comes with a decent compiler 6877 by default. Problem noted by Barry Bouwsma and 6878 Kari Hurtta. 6879 CONFIG: specify F=9 as default in FEATURE(local_procmail) for 6880 consistency with other local mailers. Inconsistency 6881 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>. 6882 CONFIG: if the "limited best mx" feature is used (to reduce DNS 6883 overhead) as part of the bestmx_is_local feature, the 6884 domain part was dropped from the name. Patch from Steve 6885 Hubert of the University of Washington, Seattle. 6886 CONFIG: catch addresses of the form "user@.dom.ain"; these could 6887 end up being translated to the null host name, which would 6888 return any entry in /etc/hosts that had a space at the end 6889 of the line. Problem noted by Steve Hubert of the 6890 University of Washington, Seattle. 6891 CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer 6892 Polytechnic Institute. 6893 MAKEMAP: tweak hash and btree parameters for better performance. 6894 Patch from Matt Dillon of Best Internet Communications. 6895 NEW FILES: 6896 src/Makefiles/Makefile.Linux.ppc 6897 cf/ostype/aix4.m4 6898 cf/ostype/mklinux.m4 6899 69008.8.2/8.8.2 1996/10/18 6901 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch 6902 changed the code but didn't fix the problem. 6903 PORTABILITY FIXES: 6904 Solaris: Don't use the system getusershell(3); it can 6905 apparently corrupt the heap in some circumstances. 6906 Problem found by Ken Pizzini of Spry, Inc. 6907 OP.ME: document several mailer flags that were accidentally omitted 6908 from this document. These flags were F=d, F=j, F=R, and F=9. 6909 CONFIG: no changes. 6910 69118.8.1/8.8.1 1996/10/17 6912 SECURITY: unset all environment variables that the resolver will 6913 examine during queue runs and daemon mode. Problem noted 6914 by Dan Bernstein of the University of Illinois at Chicago. 6915 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain 6916 message could overflow a buffer if it was converted back 6917 to 8 bits. This caused core dumps and has the potential 6918 for a remote attack. Problem first noted by Gregory Shapiro 6919 of WPI. 6920 Avoid duplicate deliveries of error messages on systems that don't 6921 have flock(2) support. Patch from Motonori Nakamura of 6922 Kyoto University. 6923 Ignore null FallBackMX (V) options. If this option is null (as 6924 opposed to undefined) it can cause "null signature" syserrs 6925 on illegal host names. 6926 If a Base64 encoded text/plain message has no trailing newline in 6927 the encoded text, conversion back to 8 bits will drop the 6928 final line. Problem noted by Pierre David. 6929 If running with a RunAsUser, sendmail would give bogus "cannot 6930 setuid" (or seteuid, or setreuid) messages on some systems. 6931 Problem pointed out by Jordan Mendelson of Web Services, Inc. 6932 Always print error messages in -bv mode -- previously, -bv would 6933 be absolutely silent on errors if the error mode was sent 6934 to (say) mail-back. Problem noted by Kyle Jones of UUNET. 6935 If -qI/R/S is set (or the ETRN command is used), ignore all long 6936 term host status. This is necessary because it is common 6937 to do this when you know a host has just come back up. 6938 Disallow duplicate HELO/EHLO commands as required by RFC 1651 section 6939 4.2. Excessive permissiveness noted by Lee Flight of the 6940 University of Leicester. 6941 If a service (such as NIS) is specified as the last entry in the 6942 service switch, but that service is not compiled in, sendmail 6943 would return a temporary failure when an entry was not found 6944 in the map. This caused the message to be queued instead of 6945 bouncing immediately. Problem noted by Harry Edmon of the 6946 University of Washington. 6947 PORTABILITY FIXES: 6948 Solaris 2.3 had compilation problems in conf.c. Several 6949 people pointed this out. 6950 NetBSD from Charles Hannum of MIT. 6951 AIX4 improvements based on info from Steve Bauer of South 6952 Dakota School of Mines & Technology. 6953 CONFIG: ``error:code message'' syntax was broken in virtusertable. 6954 Patch from Gil Kloepfer Jr. 6955 CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set 6956 using MASQUERADE_DOMAIN) were not masqueraded unless they 6957 were also in $=w. Problem noted by Zoltan Basti of 6958 Softec. 6959 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based 6960 on a patch from Eric Hagberg of Morgan Stanley. 6961 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan 6962 of Stanford via Robert La Ferla. 6963 69648.8.0/8.8.0 1996/09/26 6965 Under some circumstances, Bcc: headers would not be properly 6966 deleted. Pointed out by Jonathan Kamens of OpenVision. 6967 Log a warning if the sendmail daemon is invoked without a full 6968 pathname, which prevents "kill -1" from working. I was 6969 urged to put this in by Andrey A. Chernov of DEMOS (Russia). 6970 Fix small buffer overflow. Since the data in this buffer was not 6971 read externally, there was no security problem (and in fact 6972 probably wouldn't really overflow on most compilers). Pointed 6973 out by KIZU takashi of Osaka University. 6974 Fix problem causing domain literals such as [1.2.3.4] to be ignored 6975 if a FallbackMXHost was specified in the configuration file 6976 -- all mail would be sent to the fallback even if the original 6977 host was accessible. Pointed out by Munenari Hirayama of 6978 NSC (Japan). 6979 A message that didn't terminate with a newline would (sometimes) not 6980 have the trailing "." added properly in the SMTP dialogue, 6981 causing SMTP to hang. Patch from Per Hedeland of Ericsson. 6982 The DaemonPortOptions suboption to bind to a particular address was 6983 incorrect and nonfunctional due to a misunderstanding of the 6984 semantics of binding on a passive socket. Patch from 6985 NIIBE Yutaka of Mitsubishi Research Institute. 6986 Increase the number of MX hosts for a single name to 100 to better 6987 handle the truly huge service providers such as AOL, which 6988 has 13 at the moment (and climbing). In order to avoid 6989 trashing memory, the buffer for all names has only been 6990 slightly increased in size, to 12.8K from 10.2K -- this means 6991 that if a single name had 100 MX records, the average size 6992 of those records could not exceed 128 bytes. Requested by 6993 Brad Knowles of America On Line. 6994 Restore use of IDENT returns where the OSTYPE field equals "OTHER". 6995 Urged by Dan Bernstein of U.C. Berkeley. 6996 Print q_statdate and q_specificity in address structure debugging 6997 printout. 6998 Expand MCI structure flag bits for debugging output. 6999 Support IPv6-style domain literals, which can have colons between 7000 square braces. 7001 Log open file descriptors for the "cannot dup" messages in deliver(); 7002 this is an attempt to track down a bug that one person seems 7003 to be having (it may be a Solaris bug!). 7004 DSN NOTIFY parameters were not properly propagated across queue runs; 7005 this caused the NOTIFY info to sometimes be lost. Problem 7006 pointed out by Claus Assmann of the 7007 Christian-Albrechts-University of Kiel. 7008 The statistics gathered in the sendmail.st file were too high; in 7009 some cases failures (e.g., user unknown or temporary failure) 7010 would count as a delivery as far as the statistics were 7011 concerned. Problem noted by Tom Moore of AT&T GIS. 7012 Systems that don't have flock() would not send split envelopes in 7013 the initial run. Problem pointed out by Leonard Zubkoff of 7014 Dandelion Digital. 7015 Move buffer overflow checking -- these primarily involve distrusting 7016 results that may come from NIS and DNS. 7017 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't 7018 include <paths.h> and hence had the wrong pathnames for a few 7019 things like /var/tmp. Reported by Matthew Green. 7020 Conditions were reversed for the Priority: header, resulting in all 7021 values being interpreted as non-urgent except for non-urgent, 7022 which was interpreted as normal. Patch from Bryan Costales. 7023 The -o (optional) flag was being ignored on hash and btree maps 7024 since 8.7.2. Fix from Bryan Costales. 7025 Content-Types listed in class "q" will always be encoded as 7026 Quoted-Printable (or more accurately, will never be encoded 7027 as base64). The class can have primary types (e.g., "text") 7028 or full types (e.g., "text/plain"). Based on a suggestion by 7029 Marius Olafsson of the University of Iceland. 7030 Define ${envid} to be the original envelope id (from the ESMTP DSN 7031 dialogue) so it can be passed to programs in mailers. 7032 Define ${bodytype} to be the body type (from the -B flag or the 7033 BODY= ESMTP parameter) so it can be passed to programs in 7034 mailers. 7035 Cause the VRFY command to return 252 instead of 250 unless the F=q 7036 flag is set in the mailer descriptor. Suggested by John 7037 Myers of CMU. 7038 Implement ESMTP ETRN command to flush the queue for a specific host. 7039 The command takes a host name; data for that host is 7040 immediately (and asynchronously) flushed. Because this shares 7041 the -qR implementation, other hosts may be attempted, but 7042 there should be no security implications. Implementation 7043 from John Beck of InReference, Inc. See RFC 1985 for details. 7044 Add three new command line flags to pass in DSN parameters: -V envid 7045 (equivalent to ENVID=envid on the MAIL command), -R ret 7046 (equivalent to RET=ret on the MAIL command), and -Nnotify 7047 (equivalent to NOTIFY=notify on the RCPT command). Note 7048 that the -N flag applies to all recipients; there is no way 7049 to specify per-address notifications on the command line, 7050 nor is there an equivalent for the ORCPT= per-address 7051 parameter. 7052 Restore LogLevel option to be safe (it can only be increased); 7053 apparently I went into paranoid mode between 8.6 and 8.7 7054 and made it unsafe. Pointed out by Dabe Murphy of the 7055 University of Maryland. 7056 New logging on log level 15: all SMTP traffic. Patches from 7057 Andrew Gross of San Diego Supercomputer Center. 7058 NetInfo property value searching code wasn't stopping when it found 7059 a match. This was causing the wrong values to be found (and 7060 had a memory leak). Found by Bastian Schleuter of TU-Berlin. 7061 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed 7062 out by Bill Wisner of Electronics for Imaging that you can't 7063 use the bracket address form for the MAIL_HUB macro, since 7064 that causes the brackets to remain in the envelope recipient 7065 address used for delivery. The simple fix (stripping off the 7066 brackets in the config file) breaks the use of IP literal 7067 addresses. This flag will solve that problem. 7068 Add MustQuoteChars option. This is a list of characters that must 7069 be quoted if they are found in the phrase part of an address 7070 (that is, the full name part). The characters @,;:\()[] are 7071 always in this list and cannot be removed. The default is 7072 this list plus . and ' to match RFC 822. 7073 Add AllowBogusHELO option; if set, sendmail will allow HELO commands 7074 that do not include a host name for back compatibility with 7075 some stupid SMTP clients. Setting this violates RFC 1123 7076 section 5.2.5. 7077 Add MaxDaemonChildren option; if this is set, sendmail will start 7078 rejecting connections if it has more than this many 7079 outstanding children accepting mail. Note that you may 7080 see more processes than this because of outgoing mail; this 7081 is for incoming connections only. 7082 Add ConnectionRateThrottle option. If set to a positive value, the 7083 number of incoming SMTP connections that will be permitted 7084 in a single second is limited to this number. Connections are 7085 not refused during this time, just deferred. The intent is to 7086 flatten out demand so that load average limiting can kick in. 7087 It is less radical than MaxDaemonChildren, which will stop 7088 accepting connections even if all the connections are idle 7089 (e.g., due to connection caching). 7090 Add Timeout.hoststatus option. This interval (defaulting to 30m) 7091 specifies how long cached information about the state of a 7092 host will be kept before they are considered stale and the 7093 host is retried. If you are using persistent host status 7094 (i.e., the HostStatusDirectory option is set) this will apply 7095 between runs; otherwise, it applies only within a single queue 7096 run and hence is useful only for hosts that have large queues 7097 that take a very long time to run. 7098 Add SingleLineFromHeader option. If set, From: headers are coerced 7099 into being a single line even if they had newlines in them 7100 when read. This is to get around a botch in Lotus Notes. 7101 Text class maps were totally broken -- if you ever retrieved the last 7102 item in a table it would be truncated. Problem noted by 7103 Gregory Neil Shapiro of WPI. 7104 Extend the lines printed by the mailq command (== the -bp flag) when 7105 -v is given to 120 characters; this allows more information 7106 to be displayed. Suggested by Gregory Neil Shapiro of WPI. 7107 Allow macro definitions (`D' lines) with unquoted commas; previously 7108 this was treated as end-of-input. Problem noted by Bryan 7109 Costales. 7110 The RET= envelope parameter (used for DSNs) wasn't properly written 7111 to the queue file. Fix from John Hughes of Atlantic 7112 Technologies, Inc. 7113 Close /var/tmp/dead.letter after a successful write -- otherwise 7114 if this happens in a queue run it can cause nasty delays. 7115 Problem noted by Mark Horton of AT&T. 7116 If userdb entries pointed to userdb entries, and there were multiple 7117 values for a given key, the database cursor would get 7118 trashed by the recursive call. Problem noted by Roy Mongiovi 7119 of Georgia Tech. Fixed by reading all the values and creating 7120 a comma-separated list; thus, the -v output will be somewhat 7121 different for this case. 7122 Fix buffer allocation problem with Hesiod-based userdb maps when 7123 HES_GETMAILHOST is defined. Based on a patch by Betty Lee 7124 of Stanford University. 7125 When envelopes were split due to aliases with owner- aliases, and 7126 there was some error on one of the lists, more than one of 7127 the owners would get the message. Problem pointed out by 7128 Roy Mongiovi of Georgia Tech. 7129 Detect excessive recursion in macro expansions, e.g., $X defined 7130 in terms of $Y which is defined in terms of $X. Problem 7131 noted by Bryan Costales; patch from Eric Wassenaar. 7132 When using F=U to get "ugly UUCP" From_ lines, a buffer could in 7133 some cases get trashed causing bogus From_ lines. Fix from 7134 Kyle Jones of UUNET. 7135 When doing load average initialization, if the nlist call for avenrun 7136 failed, the second and subsequent lookups wouldn't notice 7137 that fact causing bogus load averages to be returned. Noted 7138 by Casper Dik of Sun Holland. 7139 Fix problem with incompatibility with some versions of inet_aton that 7140 have changed the return value to unsigned, so a check for an 7141 error return of -1 doesn't work. Use INADDR_NONE instead. 7142 This could cause mail to addresses such as [foo.com] to bounce 7143 or get dropped. Problem noted by Christophe Wolfhugel of the 7144 Pasteur Institute. 7145 DSNs were inconsistent if a failure occurred during the DATA phase 7146 rather than the RCPT phase: the Action: would be correct, but 7147 the detailed status information would be wrong. Problem noted 7148 by Bob Snyder of General Electric Company. 7149 Add -U command line flag and the XUSR ESMTP extension, both indicating 7150 that this is the initial MUA->MTA submission. The flag current 7151 does nothing, but in future releases (when MUAs start using 7152 these flags) it will probably turn on things like DNS 7153 canonification. 7154 Default end-of-line string (E= specification on mailer [M] lines) 7155 to \r\n on SMTP mailers. Default remains \n on non-SMTP 7156 mailers. 7157 Change the internal definition for the *file* and *include* mailers 7158 to have $u in the argument vectors so that they aren't 7159 misinterpreted as SMTP mailers and thus use \r\n line 7160 termination. This will affect anyone who has redefined 7161 either of these in their configuration file. 7162 Don't assume that IDENT servers close the connection after a query; 7163 responses can be newline terminated. From Terry Kennedy of 7164 St. Peter's College. 7165 Avoid core dumps on erroneous configuration files that have 7166 $#mailer with nothing following. From Bryan Costales. 7167 Avoid null pointer dereference with high debug values in unlockqueue. 7168 Fix from Randy Martin of Clemson University. 7169 Fix possible buffer overrun when expanding very large macros. Fix 7170 from Kyle Jones of UUNET. 7171 After 25 EXPN or VRFY commands, start pausing for a second before 7172 processing each one. This avoids a certain form of denial 7173 of service attack. Potential attack pointed out by Bryan 7174 Costales. 7175 Allow new named (not numbered!) config file rules to do validity 7176 checking on SMTP arguments: check_mail for MAIL commands and 7177 check_rcpt for RCPT commands. These rulesets can do anything 7178 they want; their result is ignored unless they resolve to the 7179 $#error mailer, in which case the indicated message is printed 7180 and the command is rejected. Similarly, the check_compat 7181 ruleset is called before delivery with "from_addr $| to_addr" 7182 (the $| is a meta-symbol used to separate the two addresses); 7183 it can give a "this sender can't send to this recipient" 7184 notification. Note that this patch allows $| to stand alone 7185 in rulesets. 7186 Define new macros ${client_name}, ${client_addr}, and ${client_port} 7187 that have the name, IP address, and port number (respectively) 7188 of the SMTP client (that is, the entity at the other end of 7189 the connection. These can be used in (e.g.) check_rcpt to 7190 verify that someone isn't trying to relay mail through your 7191 host inappropriately. Be sure to use the deferred evaluation 7192 form, for example $&{client_name}, to avoid having these bound 7193 when sendmail reads the configuration file. 7194 Add new config file rule check_relay to check the incoming connection 7195 information. Like check_compat, it is passed the host name 7196 and host address separated by $| and can reject connections 7197 on that basis. 7198 Allow IDA-style recursive function calls. Code contributed by Mark 7199 Lovell and Paul Vixie. 7200 Eliminate the "No ! in UUCP From address!" message" -- instead, create 7201 a virtual UUCP address using either a domain address or the $k 7202 macro. Based on code contributed by Mark Lovell and Paul 7203 Vixie. 7204 Add Stanford LDAP map. Requires special libraries that are not 7205 included with sendmail. Contributed by Booker C. Bense 7206 <bbense@networking.stanford.edu>; contact him for support. 7207 See also the src/READ_ME file. 7208 Allow -dANSI to turn on ANSI escape sequences in debug output; this 7209 puts metasymbols (e.g., $+) in reverse video. Really useful 7210 only for debugging deep bits of code where it is important to 7211 distinguish between the single-character metasymbol $+ and the 7212 two characters $, +. 7213 Changed ruleset 89 (executed in dumpstate()) to a named ruleset, 7214 debug_dumpstate. 7215 Add new UnsafeGroupWrites option; if set, .forward and :include: 7216 files that are group writable are considered "unsafe" -- that 7217 is, programs and files referenced from such files are not 7218 valid recipients. 7219 Delete bogosity test for FallBackMX host; this prevented it to be a 7220 name that was not in DNS or was a domain-literal. Problem 7221 noted by Tom May. 7222 Change the introduction to error messages to more clearly delineate 7223 permanent from temporary failures; if both existed in a 7224 single message it could be confusing. Suggested by John 7225 Beck of InReference, Inc. 7226 The IngoreDot (i) option didn't work for lines that were terminated 7227 with CRLF. Problem noted by Ted Stockwell of Secure 7228 Computing Corporation. 7229 Add a heuristic to improve the handling of unbalanced `<' signs in 7230 message headers. Problem reported by Matt Dillon of Best 7231 Internet Communications. 7232 Check for bogus characters in the 0200-0237 range; since these are 7233 used internally, very strange errors can occur if those 7234 characters appear in headers. Problem noted by Anders Gertz 7235 of Lysator. 7236 Implement 7 -> 8 bit MIME conversions. This only takes place if the 7237 recipient mailer has the F=9 flag set, and only works on 7238 text/plain body types. Code contributed by Marius Olafsson 7239 of the University of Iceland. 7240 Special case "postmaster" name so that it is always treated as lower 7241 case in alias files regardless of configuration settings; 7242 this prevents some potential problems where "Postmaster" or 7243 "POSTMASTER" might not match "postmaster". In most cases 7244 this change is a no-op. 7245 The -o map flag was ignored for text maps. Problem noted by Bryan 7246 Costales. 7247 The -a map flag was ignored for dequote maps. Problem noted by 7248 Bryan Costales. 7249 Fix core dump when a lookup of a class "prog" map returns no 7250 response. Patch from Bryan Costales. 7251 Log instances where sendmail is deferring or rejecting connections 7252 on LogLevel 14. Suggested by Kyle Jones of UUNET. 7253 Include port number in process title for network daemons. Suggested 7254 by Kyle Jones of UUNET. 7255 Send ``double bounces'' (errors that occur when sending an error 7256 message) to the address indicated in the DoubleBounceAddress 7257 option (default: postmaster). Previously they were always 7258 sent to postmaster. Suggested by Kyle Jones of UUNET. 7259 Add new mode, -bD, that acts like -bd in all respects except that 7260 it runs in foreground. This is useful for using with a 7261 wrapper that "watches" system services. Suggested by Kyle 7262 Jones of UUNET. 7263 Fix botch in spacing around (parenthesized) comments in addresses 7264 when the comment comes before the address. Patch from 7265 Motonori Nakamura of Kyoto University. 7266 Use the prefix "Postmaster notify" on the Subject: lines of messages 7267 that are being bounced to postmaster, rather than "Returned 7268 mail". This permits the person who is postmaster more 7269 easily determine what messages are to their role as 7270 postmaster versus bounces to mail they actually sent. Based 7271 on a suggestion by Motonori Nakamura. 7272 Add new value "time" for QueueSortOrder option; this causes the queue 7273 to be sorted strictly by the time of submission. Note that 7274 this can cause very bad behavior over slow lines (because 7275 large jobs will tend to delay small jobs) and on nodes with 7276 heavy traffic (because old things in the queue for hosts that 7277 are down delay processing of new jobs). Also, this does not 7278 guarantee that jobs will be delivered in submission order 7279 unless you also set DeliveryMode=queue. In general, it should 7280 probably only be used on the command line, and only in 7281 conjunction with -qRhost.domain. In fact, there are very few 7282 cases where it should be used at all. Based on an 7283 implementation by Motonori Nakamura. 7284 If a map lookup in ruleset 5 returns tempfail, queue the message in 7285 the same manner as other rulesets. Previously a temporary 7286 failure in ruleset 5 was ignored. Patch from Booker Bense 7287 of Stanford University. 7288 Don't proceed to the next MX host if an SMTP MAIL command returns a 7289 5yz (permanent failure) code. The next MX host will still be 7290 tried if the connection cannot be opened in the first place 7291 or if the MAIL command returns a 4yz (temporary failure) code. 7292 (It's hard to know what to do here, since neither RFC 974 nor 7293 RFC 1123 specify when to proceed to the next MX host.) 7294 Suggested by Jonathan Kamens of OpenVision, Inc. 7295 Add new "-t" flag for map definitions (the "K" line in the .cf file). 7296 This causes map lookups that get a temporary failure (e.g., 7297 name server failure) to _not_ defer the delivery of the 7298 message. This should only be used if your configuration file 7299 is prepared to do something sensible in this case. Based on 7300 an idea by Gregory Shapiro of WPI. 7301 Fix problem finding network interface addresses. Patch from 7302 Motonori Nakamura. 7303 Don't reject qf entries that are not owned by your effective uid if 7304 you are not running set-user-ID; this makes management of 7305 certain kinds of firewall setups difficult. Patch 7306 suggested by Eamonn Coleman of Qualcomm. 7307 Add persistent host status. This keeps the information normally 7308 maintained within a single queue run in disk files that are 7309 shared between sendmail instances. The HostStatusDirectory 7310 is the directory in which the information is maintained. If 7311 not set, persistent host status is turned off. If not a full 7312 pathname, it is relative to the queue directory. A common 7313 value is ".hoststat". 7314 There are also two new operation modes: 7315 * -bh prints the status of hosts that have had recent 7316 connections. 7317 * -bH purges the host statuses. No attempt is made to save 7318 recent status information. 7319 This feature was originally written by Paul Vixie of Vixie 7320 Enterprises for KJS and adapted for V8 by Mark Lovell of 7321 Bigrock Consulting. Paul's funding of Mark and Mark's patience 7322 with my insistence that things fit cleanly into the V8 7323 framework is gratefully appreciated. 7324 New SingleThreadDelivery option (requires HostStatusDirectory to 7325 operate). Avoids letting two sendmails on the local machine 7326 open connections to the same remote host at the same time. 7327 This reduces load on the other machine, but can cause mail to 7328 be delayed (for example, if one sendmail is delivering a huge 7329 message, other sendmails won't be able to send even small 7330 messages). Also, it requires another file descriptor (for the 7331 lock file) per connection, so you may have to reduce 7332 ConnectionCacheSize to avoid running out of per-process 7333 file descriptors. Based on the persistent host status code 7334 contributed by Paul Vixie and Mark Lovell. 7335 Allow sending to non-simple files (e.g., /dev/null) even if the 7336 SafeFileEnvironment option is set. Problem noted by Bryan 7337 Costales. 7338 The -qR flag mistakenly matched flags in the "R" line of the queue 7339 file. Problem noted by Bryan Costales. 7340 If a job was aborted using the interrupt signal (e.g., control-C from 7341 the keyboard), on some occasions an empty df file would be 7342 left around; these would collect in the queue directory. 7343 Problem noted by Bryan Costales. 7344 Change the makesendmail script to enhance the search for Makefiles 7345 based on release number. For example, on SunOS 5.5.1, it will 7346 search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then 7347 Makefile.SunOS.5.x (in addition to the other rules, e.g., 7348 adding $arch). Problem noted by Jason Mastaler of Atlanta 7349 Webmasters. 7350 When creating maps using "newaliases", always map the keys to lower 7351 case when creating the map unless the -f flag is specified on 7352 the map itself. Previously this was done based on the F=u 7353 flag in the local mailer, which meant you could create aliases 7354 that you could never access. Problem noted by Bob Wu of DEC. 7355 When a job was read from the queue, the bits causing notification on 7356 failure or delay were always set. This caused those 7357 notifications to be sent even if NOTIFY=NEVER had been 7358 specified. Problem noted by Steve Hubert of the University 7359 of Washington, Seattle. 7360 Add new configurable routine validate_connection (in conf.c). This 7361 lets you decide if you are willing to accept traffic from 7362 this host. If it returns FALSE, all SMTP commands will return 7363 "550 Access denied". -DTCPWRAPPERS will include support for 7364 TCP wrappers; you will need to add -lwrap to the link line. 7365 (See src/READ_ME for details.) 7366 Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster 7367 bounces. Some people seemed to think that this could be 7368 confusing (even though it is true). Suggested by Motonori 7369 Nakamura. 7370 Add new RunAsUser option; this causes sendmail to do a setuid to that 7371 user early in processing to avoid potential security problems. 7372 However, this means that all .forward and :include: files must 7373 be readable by that user, and all files to be written must be 7374 writable by that user and all programs will be executed by that 7375 user. It is also incompatible with the SafeFileEnvironment 7376 option. In other words, it may not actually add much to 7377 security. However, it should be useful on firewalls and other 7378 places where users don't have accounts and the aliases file is 7379 well constrained. 7380 Add Timeout.iconnect. This is like Timeout.connect except it is used 7381 only on the first attempt to delivery to an address. It could 7382 be set to be lower than Timeout.connect on the principle that 7383 the mail should go through quickly to responsive hosts; less 7384 responsive hosts get to wait for the next queue run. 7385 Fix a problem on Solaris that occasionally causes programs 7386 (such as vacation) to hang with their standard input connected 7387 to a UDP port. It also created some signal handling problems. 7388 The problems turned out to be an interaction between vfork(2) 7389 and some of the libraries, particularly NIS/NIS+. I am 7390 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix. 7391 Change user class map to do the same matching that actual delivery 7392 will do instead of just a /etc/passwd lookup. This adds 7393 fuzzy matching to the user map. Patch from Dan Oscarsson. 7394 The Timeout.* options are not safe -- they can be used to create a 7395 denial-of-service attack. Problem noted by Christophe 7396 Wolfhugel. 7397 Don't send PostmasterCopy messages in the event of a "delayed" 7398 notification. Suggested by Barry Bouwsma. 7399 Don't advertise "VERB" ESMTP extension if the "noexpn" privacy 7400 option is set, since this disables VERB mode. Suggested 7401 by John Hawkinson of MIT. 7402 Complain if the QueueDirectory (Q) option is not set. Problem noted 7403 by Motonori Nakamura of Kyoto University. 7404 Only queue messages on transient .forward open failures if there 7405 were no successful opens. The previous behavior caused it 7406 to queue even if a "fall back" .forward was found. Problem 7407 noted by Ann-Kian Yeo of the Dept. of Information Systems 7408 and Computer Science (DISCS), NUS, Singapore. 7409 Don't do 8->7 bit conversions when bouncing a MIME message that 7410 is bouncing because of a MIME error during 8->7 bit conversion; 7411 the encapsulated message will bounce again, causing a loop. 7412 Problem noted by Steve Hubert of the University of Washington. 7413 Create xf (transcript) files using the TempFileMode option value 7414 instead of 0644. Suggested by Ann-Kian Yeo of the 7415 National University of Singapore. 7416 Print errors if setgid/setuid/etc. fail during delivery. This helps 7417 detect cases where DefaultUid is set to something that the 7418 system can't cope with. 7419 PORTABILITY FIXES: 7420 Support for AIX/RS 2.2.1 from Mark Whetzel of Western 7421 Atlas International. 7422 Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell 7423 <bicknell@ufp.org>. 7424 On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only 7425 work on the first recipient of a message due to a 7426 bug in the getpwent family. If this is something you 7427 use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a 7428 workaround. From Maximum Entropy of Sanford C. 7429 Bernstein and Associates. 7430 FreeBSD 1.1.5.1 uname -r returns a string containing 7431 parentheses, which breaks makesendmail. Reported 7432 by Piero Serini <piero@strider.ibenet.it>. 7433 Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of 7434 Systems and Computer Technology Corporation. 7435 Solaris 2.x: omit the UUCP grade parameter (-g flag) because 7436 it is system-dependent. Problem noted by J.J. Bailey 7437 of Bailey Computer Consulting. 7438 Pyramid NILE running DC/OSx support from Earle F. Ake of 7439 Hassler Communication Systems Technology, Inc. 7440 HP-UX 10.x compile glitches, reported by Anne Brink of the 7441 U.S. Army and James Byrne of Harte & Lyne Limited. 7442 NetBSD from Matthew Green of the NetBSD crew. 7443 SCO 5.x from Keith Reynolds of SCO. 7444 IRIX 6.2 from Robert Tarrall of the University of 7445 Colorado and Kari Hurtta of the Finnish Meteorological 7446 Institute. 7447 UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R. 7448 Lopez, CICA (Seville). 7449 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR. 7450 PTX 3.2.0 from Kenneth Stailey of the US Department of Labor 7451 Employment Standards Administration. 7452 Altos System V (5.3.1) from Tim Rice of Multitalents. 7453 Concurrent Systems Corporation Maxion from Donald R. Laster 7454 Jr. 7455 NetInfo maps (improved debugging and multi-valued aliases) 7456 from Adrian Steinmann of Steinmann Consulting. 7457 ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler) 7458 from Eric Schnoebelen of Convex. 7459 Linux 2.0 mail.local patches from Horst von Brand. 7460 NEXTSTEP 3.x compilation from Robert La Ferla. 7461 NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT. 7462 Solaris 2.5 configuration fixes for mail.local by Jim Davis 7463 of the University of Arizona. 7464 Solaris 2.5 has a working setreuid. Noted by David Linn of 7465 Vanderbilt University. 7466 Solaris changes for praliases, makemap, mailstats, and smrsh. 7467 Previously you had to add -DSOLARIS in Makefile.dist; 7468 this auto-detects. Based on a patch from Randall 7469 Winchester of the University of Maryland. 7470 CONFIG: add generic-nextstep3.3.mc file. Contributed by 7471 Robert La Ferla of Hot Software. 7472 CONFIG: allow mailertables to resolve to ``error:code message'' 7473 (where "code" is an exit status) on domains (previously 7474 worked only on hosts). Patch from Cor Bosman of Xs4all 7475 Foundation. 7476 CONFIG: hooks for IPv6-style domain literals. 7477 CONFIG: predefine ALIAS_FILE and change the prototype file so that 7478 if it is undefined the AliasFile option is never set; this 7479 should be transparent for most everyone. Suggested by John 7480 Myers of CMU. 7481 CONFIG: add FEATURE(limited_masquerade). Without this feature, any 7482 domain listed in $=w is masqueraded. With it, only those 7483 domains listed in a MASQUERADE_DOMAIN macro are masqueraded. 7484 CONFIG: add FEATURE(masquerade_entire_domain). This causes 7485 masquerading specified by MASQUERADE_DOMAIN to apply to all 7486 hosts under those domains as well as the domain headers 7487 themselves. For example, if a configuration had 7488 MASQUERADE_DOMAIN(foo.com), then without this feature only 7489 foo.com would be masqueraded; with it, *.foo.com would be 7490 masqueraded as well. Based on an implementation by Richard 7491 (Pug) Bainter of U. Texas. 7492 CONFIG: add FEATURE(genericstable) to do a more general rewriting of 7493 outgoing addresses. Defaults to ``hash -o /etc/genericstable''. 7494 Keys are user names; values are outgoing mail addresses. Yes, 7495 this does overlap with the user database, and figuring out 7496 just when to use which one may be tricky. Based on code 7497 contributed by Richard (Pug) Bainter of U. Texas with updates 7498 from Per Hedeland of Ericsson. 7499 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of 7500 incoming addresses. Defaults to ``hash -o /etc/virtusertable''. 7501 Keys are either fully qualified addresses or just the host 7502 part (with the @ sign). For example, a table containing: 7503 info@foo.com foo-info 7504 info@bar.com bar-info 7505 @baz.org jane@elsewhere.net 7506 would send all mail destined for info@foo.com to foo-info 7507 (which is presumably an alias), mail addressed to info@bar.com 7508 to bar-info, and anything addressed to anyone at baz.org will 7509 be sent to jane@elsewhere.net. The names foo.com, bar.com, 7510 and baz.org must all be in $=w. Based on discussions with 7511 a great many people. 7512 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS. 7513 Suggested by Richard Bainter. 7514 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the 7515 "fax" mailer. 7516 CONFIG: allow mailertable entries to resolve to local:user; this 7517 passes the original user@host in to procmail-style local 7518 mailers as the "detail" information to allow them to do 7519 additional clever processing. From Joe Pruett of 7520 Teleport Corporation. Delivery to the original user can 7521 be done by specifying "local:" (with nothing after the colon). 7522 CONFIG: allow any context that takes "mailer:domain" to also take 7523 "mailer:user@domain" to force mailing to the given user; 7524 "local:user" can also be used to do local delivery. This 7525 applies on *_RELAY and in the mailertable entries. Based 7526 on a suggestion by Ribert Kiessling of Easynet. 7527 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that 7528 limits the possible domains; this reduces the number of DNS 7529 lookups required to support this feature. For example, 7530 FEATURE(bestmx_is_local, my.site.com) limits the lookups 7531 to domains under my.site.com. Code contributed by Anthony 7532 Thyssen <anthony@cit.gu.edu.au>. 7533 CONFIG: LOCAL_RULESETS introduces any locally defined rulesets, 7534 such as the check_rcpt ruleset. Suggested by Gregory Shapiro 7535 of WPI. 7536 CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the 7537 event you have to define local mailers. Suggested by 7538 Gregory Shapiro of WPI. 7539 CONFIG: fix cases where a three- (or more-) stage route-addr could 7540 be misinterpreted as a list:...; syntax. Based on a patch by 7541 Vlado Potisk <Vlado_Potisk@tempest.sk>. 7542 CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is 7543 remotely connected. The address host!user was being 7544 converted to host!user@thishost instead of host!user@uurelay. 7545 Problem noted by William Gianopoulos of Raytheon Company. 7546 CONFIG: add confTO_ICONNECT to set Timeout.iconnect. 7547 CONFIG: change FEATURE(redirect) message from "User not local" to 7548 "User has moved"; the former wording was confusing if the 7549 new address is still on the local host. Based on a suggestion 7550 by Andreas Luik. 7551 CONFIG: add support in FEATURE(nullclient) for $=E (exposed users). 7552 However, the class is not pre-initialized to contain root. 7553 Suggested by Gregory Neil Shapiro. 7554 CONTRIB: Remove XLA code at the request of the author, Christophe 7555 Wolfhugel. 7556 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm. 7557 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note 7558 well: this produces a slightly different mailbox format (no 7559 Content-Length: headers), file ownerships and modes are 7560 different (not owned by group mail; mode 600 instead of 660), 7561 and the local mailer flags will have to be tweaked (make them 7562 match bsd4.4) in order to use this mailer. Patches from Paul 7563 Hammann of the Missouri Research and Education Network. 7564 MAIL.LOCAL: in some cases it could return EX_OK even though there 7565 was a delivery error, such as if the ownership on the file 7566 was wrong or the mode changed between the initial stat and 7567 the open. Problem reported by William Colburn of the New 7568 Mexico Institute of Mining and Technology. 7569 MAILSTATS: handle zero length files more reliably. Patch from Bryan 7570 Costales. 7571 MAILSTATS: add man page contributed by Keith Bostic of BSDI. 7572 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't 7573 honored. Fix from Michael Scott Shappe. 7574 PRALIASES: add man page contributed by Keith Bostic of BSDI. 7575 NEW FILES: 7576 src/Makefiles/Makefile.AIX.2 7577 src/Makefiles/Makefile.IRIX.6.2 7578 src/Makefiles/Makefile.maxion 7579 src/Makefiles/Makefile.NCR.MP-RAS.3.x 7580 src/Makefiles/Makefile.SCO.5.x 7581 src/Makefiles/Makefile.UXPDSV20 7582 mailstats/mailstats.8 7583 praliases/praliases.8 7584 cf/cf/generic-nextstep3.3.mc 7585 cf/feature/genericstable.m4 7586 cf/feature/limited_masquerade.m4 7587 cf/feature/masquerade_entire_domain.m4 7588 cf/feature/virtusertable.m4 7589 cf/ostype/aix2.m4 7590 cf/ostype/altos.m4 7591 cf/ostype/maxion.m4 7592 cf/ostype/solaris2.ml.m4 7593 cf/ostype/uxpds.m4 7594 contrib/re-mqueue.pl 7595 DELETED FILES: 7596 src/Makefiles/Makefile.Solaris 7597 contrib/xla/README 7598 contrib/xla/xla.c 7599 RENAMED FILES: 7600 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x 7601 src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2 7602 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10 7603 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x 7604 src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x 7605 76068.7.6/8.7.3 1996/09/17 7607 SECURITY: It is possible to force getpwuid to fail when writing the 7608 queue file, causing sendmail to fall back to running programs 7609 as the default user. This is not exploitable from off-site. 7610 Workarounds include using a unique user for the DefaultUser 7611 (old u & g options) and using smrsh as the local shell. 7612 SECURITY: fix some buffer overruns; in at least one case this allows 7613 a local user to get root. This is not known to be exploitable 7614 from off-site. The workaround is to disable chfn(1) commands. 7615 76168.7.5/8.7.3 1996/03/04 7617 Fix glitch in 8.7.4 when putting certain internal lines; this can 7618 in some case cause connections to hang or messages to have 7619 extra spaces in odd places. Patch from Eric Wassenaar; 7620 reports from Eric Hall of Chiron Corporation, Stephen 7621 Hansen of Stanford University, Dean Gaudet of HotWired, 7622 and others. 7623 76248.7.4/8.7.3 1996/02/18 7625 SECURITY: In some cases it was still possible for an attacker to 7626 insert newlines into a queue file, thus allowing access to 7627 any user (except root). 7628 CONFIG: no changes -- it is not a bug that the configuration 7629 version number is unchanged. 7630 76318.7.3/8.7.3 1995/12/03 7632 Fix botch in name server timeout in RCPT code; this problem caused 7633 two responses in SMTP, which breaks things horribly. Fix 7634 from Gregory Neil Shapiro of WPI. 7635 Verify that L= value on M lines cannot be negative, which could cause 7636 negative array subscripting. Not a security problem since 7637 this has to be in the config file, but it could have caused 7638 core dumps. Pointed out by Bryan Costales. 7639 Fix -d21 debug output for long macro names. Pointed out by Bryan 7640 Costales. 7641 PORTABILITY FIXES: 7642 SCO doesn't have ftruncate. From Bill Aten of Computerizers. 7643 IBM's version of arpa/nameser.h defaults to the wrong byte 7644 order. Tweak it to work properly. Based on fixes 7645 from Fletcher Mattox of UTexas and Betty Lee of 7646 Stanford University. 7647 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option. 7648 Deficiency pointed out by Bryan Costales of ICSI. 7649 76508.7.2/8.7.2 1995/11/19 7651 REALLY fix the backslash escapes in SmtpGreetingMessage, 7652 OperatorChars, and UnixFromLine options. They were not 7653 properly repaired in 8.7.1. 7654 Completely delete the Bcc: header if and only if there are other 7655 valid recipient headers (To:, Cc: or Apparently-To:, the 7656 last being a historic botch, of course). If Bcc: is the 7657 only recipient header in the message, its value is tossed, 7658 but the header name is kept. The old behavior (always keep 7659 the header name and toss the value) allowed primary recipients 7660 to see that a Bcc: went to _someone_. 7661 Include queue id on ``Authentication-Warning: <host>: <user> set 7662 sender to <address> using -f'' syslog messages. Suggested 7663 by Kari Hurtta. 7664 If a sequence or switch map lookup entry gets a tempfail but then 7665 continues on to another map type, but the name is not found, 7666 return a temporary failure from the sequence or switch map. 7667 For example, if hosts search ``dns files'' and DNS fails 7668 with a tempfail, the hosts map will go on and search files, 7669 but if it fails the whole thing should be a tempfail, not 7670 a permanent (host unknown) failure, even though that is the 7671 failure in the hosts.files map. This error caused hard 7672 bounces when it should have requeued. 7673 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo 7674 owned by bar mode 700 and inbox being set-user-ID bar stopped 7675 working properly due to excessive paranoia. Pointed out by 7676 John Hawkinson of Panix. 7677 An SMTP RCPT command referencing a host that gave a nameserver 7678 timeout would return a 451 command (8.6 accepted it and 7679 queued it locally). Revert to the 8.6 behavior in order 7680 to simplify queue management for clustered systems. Suggested 7681 by Gregory Neil Shapiro of WPI. The same problem could break 7682 MH, which assumes that the SMTP session will succeed (tsk, tsk 7683 -- mail gets lost!); this was pointed out by Stuart Pook of 7684 Infobiogen. 7685 Fix possible buffer overflow in munchstring(). This was not a security 7686 problem because you couldn't specify any argument to this 7687 without first giving up root privileges, but it is still a 7688 good idea to avoid future problems. Problem noted by John 7689 Hawkinson and Sam Hartman of MIT. 7690 ``452 Out of disk space for temp file'' messages weren't being 7691 printed. Fix from David Perlin of Nanosoft. 7692 Don't advertise the ESMTP DSN extension if the SendMimeErrors option 7693 is not set, since this is required to get the actual DSNs 7694 created. Problem pointed out by John Gardiner Myers of CMU. 7695 Log permission problems that cause .forward and :include: files to 7696 be untrusted or ignored on log level 12 and higher. Suggested 7697 by Randy Martin of Clemson University. 7698 Allow user ids in U= clauses of M lines to have hyphens and 7699 underscores. 7700 Fix overcounting of recipients -- only happened when sending to an 7701 alias. Pointed out by Mark Andrews of SGI and Jack Woolley 7702 of Systems and Computer Technology Corporation. 7703 If a message is sent to an address that fails, the error message that 7704 is returned could show some extraneous "success" information 7705 included even if the user did not request success notification, 7706 which was confusing. Pointed out by Allan Johannesen of WPI. 7707 Config files that had no AliasFile definition were defaulting to 7708 using /etc/aliases; this caused problems with nullclient 7709 configurations. Change it back to the 8.6 semantics of 7710 having no local alias file unless it is declared. Problem 7711 noted by Charles Karney of Princeton University. 7712 Fix compile problem if NOTUNIX is defined. Pointed out by Bryan 7713 Costales of ICSI. 7714 Map lookups of class "userdb" maps were always case sensitive; they 7715 should be controlled by the -f flag like other maps. Pointed 7716 out by Bjart Kvarme <bjart.kvarme@usit.uio.no>. 7717 Fix problem that caused some addresses to be passed through ruleset 5 7718 even when they were tagged as "sticky" by prefixing the 7719 address with an "@". Patch from Thomas Dwyer III of Michigan 7720 Technological University. 7721 When converting a message to Quoted-Printable, prevent any lines with 7722 dots alone on a line by themselves. This is because of the 7723 preponderance of broken mailers that still get this wrong. 7724 Code contributed by Per Hedeland of Ericsson. 7725 Fix F{macro}/file construct -- it previously did nothing. Pointed 7726 out by Bjart Kvarme of USIT/UiO (Norway). 7727 Announce whether a cached connection is SMTP or ESMTP (in -v mode). 7728 Requested by Allan Johannesen. 7729 Delete check for text format of alias files -- it should be legal 7730 to have the database format of the alias files without the 7731 text version. Problem pointed out by Joe Rhett of Navigist, 7732 Inc. 7733 If "Ot" was specified with no value, the TZ variable was not properly 7734 imported from the environment. Pointed out by Frank Crawford 7735 <frank@ansto.gov.au>. 7736 Some architectures core dumped on "program" maps that didn't have 7737 extra arguments. Patch from Booker C. Bense of Stanford 7738 University. 7739 Queue run processes would re-spawn daemons when given a SIGHUP; only 7740 the parent should do this. Fix from Brian Coan of the 7741 Association for Progressive Communications. 7742 If MinQueueAge was set and a message was considered but not run 7743 during a queue run and the Timeout.queuereturn interval was 7744 reached, a "timed out" error message would be returned that 7745 didn't include the failed address (and claimed to be a warning 7746 even though it was fatal). The fix is to not return such 7747 messages until they are actually tried, i.e., in the next 7748 MinQueueAge interval. Problem noted by Rein Tollevik of 7749 SINTEF RUNIT, Oslo. 7750 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions 7751 that have the hes_getmailhost() routine. DEC Hesiod 7752 distributions do not have this routine. Based on a patch 7753 from Betty Lee of Stanford University. 7754 Extensive cleanups to map open code to handle a locking race condition 7755 in ndbm, hash, and btree format database files on some (most 7756 non-4.4-BSD based) OS architectures. This should solve the 7757 occasional "user unknown" problem during alias rebuilds that 7758 has plagued me for quite some time. Based on a patch from 7759 Thomas Dwyer III of Michigan Technological University. 7760 PORTABILITY FIXES: 7761 Solaris: Change location of newaliases and mailq from 7762 /usr/ucb to /usr/bin to match Sun settings. From 7763 James B. Davis of TCI. 7764 DomainOS: Makefile.DomainOS doesn't require -ldbm. From 7765 Don Lewis of Silicon Systems. 7766 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x 7767 so that the makesendmail script will find it. Pointed 7768 out by Richard Allen of the University of Iceland. 7769 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which 7770 isn't supported on all compilers. 7771 UXPDS: compilation fixes from Diego R. Lopez. 7772 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless 7773 you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE. 7774 CONFIG: Minor glitch in S21 -- attachment of local domain name 7775 didn't have trailing dot. From Jim Hickstein of Teradyne. 7776 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as 7777 user%host@thishost. From Claude Scarpelli of Infobiogen 7778 (France). 7779 CONFIG: OSTYPE(hpux10) failed to define the location of the help file. 7780 Pointed out by Hannu Martikka of Nokia Telecommunications. 7781 CONFIG: Diagnose some inappropriate ordering in configuration files, 7782 such as FEATURE(smrsh) listed after MAILER(local). Based on 7783 a bug report submitted by Paul Hoffman of Proper Publishing. 7784 CONFIG: Make OSTYPE files consistently not override settings that 7785 have already been set. Previously it worked differently 7786 for different files. 7787 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take 7788 is that this is wrong, but the change was causing problems 7789 for some people. From Per Hedeland of Ericsson. 7790 CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>; 7791 portability changes for Posix environments (no functional 7792 changes). 7793 77948.7.1/8.7.1 1995/10/01 7795 Old macros that have become options (SmtpGreetingMessage, 7796 OperatorChars, and UnixFromLine) didn't allow backslash 7797 escapes in the options, where they previously had. Bug 7798 pointed out by John Hawkinson of MIT. 7799 Fix strange case of an executable called by a program map that 7800 returns a value but also a non-zero exit status; this 7801 would give contradictory results in the higher level; in 7802 particular, the default clause in the map lookup would be 7803 ignored. Change to ignore the value if the program returns 7804 non-zero exit status. From Tom Moore of AT&T GIS. 7805 Shorten parameters passed to syslog() in some contexts to avoid a 7806 bug in many vendors' implementations of that routine. Although 7807 this isn't really a bug in sendmail per se, and my solution 7808 has to assume that syslog() has at least a 1K buffer size 7809 internally (I know some vendors have shortened this 7810 dramatically -- they're on their own), sendmail is a popular 7811 target. Also, limit the size of %s arguments in sprintf. 7812 These both have possible security implications. Solutions 7813 suggested by Casper Dik of Sun's Network Security Group 7814 (Holland), Mark Seiden, and others. 7815 Fix a problem that might cause a non-standard -B (body type) 7816 parameter to be passed to the next server with undefined 7817 results. This could have security implications. 7818 If a filesystem was at > 100% utilization, the freediskspace() 7819 routine incorrectly returned an error rather than zero. 7820 Problem noted by G. Paul Ziemba of Alantec. 7821 Change MX sort order so that local hostnames (those in $=w) always 7822 sort first within a given preference. This forces the bestmx 7823 map to always return the local host first, if it is included 7824 in the list of highest priority MX records. From K. Robert 7825 Elz. 7826 Avoid some possible null pointer dereferences. Fixes from Randy 7827 Martin <WOLF@CLEMSON.EDU> 7828 When sendmail starts up on systems that have no fully qualified 7829 domain name (FQDN) anywhere in the first matching host map 7830 (e.g., /etc/hosts if the hosts service searches "files dns"), 7831 sendmail would sleep to try to find a FQDN, which it really 7832 really needs. This has been changed to fall through to the 7833 next map type if it can't find a FQDN -- i.e., if the hosts 7834 file doesn't have a FQDN, it will try dns even though the 7835 short name was found in /etc/hosts. This is probably a crock, 7836 but many people have hosts files without FQDNs. Remember: 7837 domain names are your friends. 7838 Log a high-priority message if you can't find your FQDN during startup. 7839 Suggested by Simon Barnes of Schlumberger Limited. 7840 When using Hesiod, initialize it early to improve error reporting. 7841 Patch from Don Lewis of Silicon Systems, Inc. 7842 Apparently at least some versions of Linux have a 90 !minute! TCP 7843 connection timeout in the kernel. Add a new "connect" timeout 7844 to limit this time. Defaults to zero (use whatever the 7845 kernel provides). Based on code contributed by J.R. Oldroyd 7846 of TerraNet. 7847 Under some circumstances, a failed message would not be properly 7848 removed from the queue, causing tons of bogus error messages. 7849 (This fix eliminates the problematic EF_KEEPQUEUE flag.) 7850 Problem noted by Allan E Johannesen and Gregory Neil Shapiro 7851 of WPI. 7852 PORTABILITY FIXES: 7853 On IRIX 5.x, there was an inconsistency in the setting 7854 of sendmail.st location. Change the Makefile to 7855 install it in /var/sendmail.st to match the OSTYPE 7856 file and SGI standards. From Andre 7857 <andre@curry.zfe.siemens.de>. 7858 Support for Fujitsu/ICL UXP/DS (For the DS/90 Series) 7859 from Diego R. Lopez <drlopez@cica.es>. 7860 Linux compilation patches from J.R. Oldroyd of TerraNet, Inc. 7861 LUNA 2 Mach patches from Motonori Nakamura. 7862 SunOS Makefile was including -ldbm, which is for the old 7863 dbm library. The ndbm library is part of libc. 7864 CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with 7865 ``local configuration error'' in nullclient configuration. 7866 Patch from Gregory Neil Shapiro of WPI. 7867 CONFIG: don't allow an alias file in nullclient configurations -- 7868 since all addresses are relayed, they give errors during 7869 rebuild. Suggested by Per Hedeland of Ericsson. 7870 CONFIG: local mailer on Solaris 2 should always get a -f flag because 7871 otherwise the F=S causes the From_ line to imply that root is 7872 the sender. Problem pointed out by Claude Scarpelli of 7873 Infobiogen (France). 7874 NEW FILES: 7875 cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake) 7876 src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake) 7877 src/Makefiles/Makefile.UXPDS 7878 78798.7/8.7 1995/09/16 7880 Fix a problem that could cause sendmail to run out of file 7881 descriptors due to a trashed data structure after a 7882 vfork. Fix from Brian Coan of the Institute for 7883 Global Communications. 7884 Change the VRFY response if you have disabled VRFY -- some 7885 people seemed to think that it was too rude. 7886 Avoid reference to uninitialized file descriptor if HASFLOCK 7887 was not defined. This was used "safely" in the sense 7888 that it only did a stat, but it would have set the 7889 map modification time improperly. Problem pointed out 7890 by Roy Mongiovi of Georgia Tech. 7891 Clean up the Subject: line on warning messages and return 7892 receipts so that they don't say "Returned mail:"; this 7893 can be confusing. 7894 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is 7895 useful enough to make it worthwhile printing on "-d". 7896 Avoid logging alias statistics every time you read the alias 7897 file on systems with no database method compiled in. 7898 If you have a name with a trailing dot, and you try looking it 7899 up using gethostbyname without the dot (for /etc/hosts 7900 compatibility), be sure to turn off RES_DEFNAMES and 7901 RES_DNSRCH to avoid finding the wrong name accidentally. 7902 Problem noted by Charles Amos of the University of 7903 Maryland. 7904 Don't do timeouts in collect if you are not running SMTP. 7905 There is nothing that says you can't have a long 7906 running program piped into sendmail (possibly via 7907 /bin/mail, which just execs sendmail). Problem reported 7908 by Don "Truck" Lewis of Silicon Systems. 7909 Try gethostbyname() even if the DNS lookup fails iff option I 7910 is not set. This allows you to have hosts listed in 7911 NIS or /etc/hosts that are not known to DNS. It's normally 7912 a bad idea, but can be useful on firewall machines. This 7913 should really be broken out on a separate flag, I suppose. 7914 Avoid compile warnings against BIND 4.9.3, which uses function 7915 prototypes. From Don Lewis of Silicon Systems. 7916 Avoid possible incorrect diagnosis of DNS-related errors caused 7917 by things like attempts to resolve uucp names using 7918 $[ ... $] -- the fix is to clear h_errno at appropriate 7919 times. From Kyle Jones of UUNET. 7920 SECURITY: avoid denial-of-service attacks possible by destroying 7921 the alias database file by setting resource limits low. 7922 This involves adding two new compile-time options: 7923 HASSETRLIMIT (indicating that setrlimit(2) support is 7924 available) and HASULIMIT (indicating that ulimit(2) support 7925 is available -- the Release 3 form is used). The former 7926 is assumed on BSD-based systems, the latter on System 7927 V-based systems. Attack noted by Phil Brandenberger of 7928 Swarthmore University. 7929 New syntaxes in test (-bt) mode: 7930 ``.Dmvalue'' will define macro "m" to "value". 7931 ``.Ccvalue'' will add "value" to class "c". 7932 ``=Sruleset'' will dump the contents of the indicated 7933 ruleset. 7934 ``=M'' will display the known mailers. 7935 ``-ddebug-spec'' is equivalent to the command-line 7936 -d debug flag. 7937 ``$m'' will print the value of macro $m. 7938 ``$=c'' will print the contents of class $=c. 7939 ``/mx host'' returns the MX records for ``host''. 7940 ``/parse address'' will parse address, returning the value of 7941 crackaddr (essentially, the comment information) 7942 and the parsed address. 7943 ``/try mailer address'' will rewrite address into the form 7944 it will have when presented to the indicated mailer. 7945 ``/tryflags flags'' will set flags used by parsing. The 7946 flags can be `H' for header or `E' for envelope, 7947 and `S' for sender or `R' for recipient. These 7948 can be combined, so `HR' sets flags for header 7949 recipients. 7950 ``/canon hostname'' will try to canonify hostname and 7951 return the result. 7952 ``/map mapname key'' will look up `key' in the indicated 7953 `mapname' and return the result. 7954 Somewhat better handling of UNIX-domain socket addresses -- it 7955 should show the pathname rather than hex bytes. 7956 Restore ``-ba'' mode -- this reads a file from stdin and parses 7957 the header for envelope sender information and uses 7958 CR-LF as message terminators. It was thought to be 7959 obsolete (used only for Arpanet NCP protocols), but it 7960 turns out that the UK ``Grey Book'' protocols require 7961 that functionality. 7962 Fix a fix in previous release -- if gethostname and gethostbyname 7963 return a name without dots, and if an attempt to canonify 7964 that name fails, wait one minute and try again. This can 7965 result in an extra 60 second delay on startup if your system 7966 hostname (as returned by hostname(1)) has no dot and no names 7967 listed in /etc/hosts or your NIS map have a dot. 7968 Check for proper domain name on HELO and EHLO commands per 7969 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III 7970 of Michigan Technological University. 7971 Relax chownsafe rules slightly -- old version said that if you 7972 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, 7973 if fpathconf returned EINVAL or ENOSYS), assume that 7974 chown is not safe. The new version falls back to whether 7975 you are on a BSD system or not. This is important for 7976 SunOS, which apparently always returns one of those 7977 error codes. This impacts whether you can mail to files 7978 or not. 7979 Syntax errors such as unbalanced parentheses in the configuration 7980 file could be omitted if you had "Oem" prior to the 7981 syntax error in the config file. Change to always print 7982 the error message. It was especially weird because it 7983 would cause a "warning" message to be sent to the Postmaster 7984 for every message sent (but with no transcript). Problem 7985 noted by Gregory Paris of Motorola. 7986 Rewrite collect and putbody to handle full 8-bit data, including 7987 zero bytes. These changes are internally extensive, but 7988 should have minimal impact on external function. 7989 Allow full words for option names -- if the option letter is 7990 (apparently) a space, then take the word following -- e.g., 7991 O MatchGECOS=TRUE 7992 The full list of old and new names is as follows: 7993 7 SevenBitInput 7994 8 EightBitMode 7995 A AliasFile 7996 a AliasWait 7997 B BlankSub 7998 b MinFreeBlocks/MaxMessageSize 7999 C CheckpointInterval 8000 c HoldExpensive 8001 D AutoRebuildAliases 8002 d DeliveryMode 8003 E ErrorHeader 8004 e ErrorMode 8005 f SaveFromLine 8006 F TempFileMode 8007 G MatchGECOS 8008 H HelpFile 8009 h MaxHopCount 8010 i IgnoreDots 8011 I ResolverOptions 8012 J ForwardPath 8013 j SendMimeErrors 8014 k ConnectionCacheSize 8015 K ConnectionCacheTimeout 8016 L LogLevel 8017 l UseErrorsTo 8018 m MeToo 8019 n CheckAliases 8020 O DaemonPortOptions 8021 o OldStyleHeaders 8022 P PostmasterCopy 8023 p PrivacyOptions 8024 Q QueueDirectory 8025 q QueueFactor 8026 R DontPruneRoutes 8027 r, T Timeout 8028 S StatusFile 8029 s SuperSafe 8030 t TimeZoneSpec 8031 u DefaultUser 8032 U UserDatabaseSpec 8033 V FallbackMXHost 8034 v Verbose 8035 w TryNullMXList 8036 x QueueLA 8037 X RefuseLA 8038 Y ForkEachJob 8039 y RecipientFactor 8040 z ClassFactor 8041 Z RetryFactor 8042 The old macros that passed information into sendmail have 8043 been changed to options; those correspondences are: 8044 $e SmtpGreetingMessage 8045 $l UnixFromLine 8046 $o OperatorChars 8047 $q (deleted -- not necessary) 8048 To avoid possible problems with an older sendmail, 8049 configuration level 6 is accepted by this version of 8050 sendmail; any config file using the new names should 8051 specify "V6" in the configuration. 8052 Change address parsing to properly note that a phrase before a 8053 colon and a trailing semicolon are essentially the same 8054 as text outside of angle brackets (i.e., sendmail should 8055 treat them as comments). This is to handle the 8056 ``group name: addr1, addr2, ..., addrN;'' syntax (it will 8057 assume that ``group name:'' is a comment on the first 8058 address and the ``;'' is a comment on the last address). 8059 This requires config file support to get right. It does 8060 understand that :: is NOT this syntax, and can be turned 8061 off completely by setting the ColonOkInAddresses option. 8062 Level 6 config files added with new mailer flags: 8063 A Addresses are aliasable. 8064 i Do udb rewriting on envelope as well as header 8065 sender lines. Applies to the from address mailer 8066 flags rather than the recipient mailer flags. 8067 j Do udb rewriting on header recipient addresses. 8068 Applies to the sender mailer flags rather than the 8069 recipient mailer flags. 8070 k Disable check for loops when doing HELO command. 8071 o Always run as the mail recipient, even on local 8072 delivery. 8073 w Check for an /etc/passwd entry for this user. 8074 5 Pass addresses through ruleset 5. 8075 : Check for :include: on this address. 8076 | Check for |program on this address. 8077 / Check for /file on this address. 8078 @ Look up sender header addresses in the user 8079 database. Applies to the mailer flags for the 8080 mailer corresponding to the envelope sender 8081 address, rather than to recipient mailer flags. 8082 Pre-level 6 configuration files set A, w, 5, :, |, /, and @ 8083 on the "local" mailer, the o flag on the "prog" and "*file*" 8084 mailers, and the ColonOkInAddresses option. 8085 Eight-to-seven bit MIME conversions. This borrows ideas from 8086 John Beck of Hewlett-Packard, who generously contributed 8087 their implementation to me, which I then didn't use (see 8088 mime.c for an explanation of why). This adds the 8089 EightBitMode option (a.k.a. `8') and an F=8 mailer flag 8090 to control handling of 8-bit data. These have to cope with 8091 two types of 8-bit data: unlabelled 8-bit data (that is, 8092 8-bit data that is entered without declaring it as 8-bit 8093 MIME -- technically this is illegal according to the 8094 specs) and labelled 8-bit data (that is, it was declared 8095 as 8BITMIME in the ESMTP session or by using the 8096 -B8BITMIME command line flag). If the F=8 mailer flag is 8097 set then 8-bit data is sent to non-8BITMIME machines 8098 instead of converting to 7 bit (essentially using 8099 just-send-8 semantics). The values for EightBitMode are: 8100 m convert unlabelled 8-bit input to 8BITMIME, and do 8101 any necessary conversion of 8BITMIME to 7BIT 8102 (essentially, the full MIME option). 8103 p pass unlabelled 8-bit input, but convert labelled 8104 8BITMIME input to 7BIT as required (default). 8105 s strict adherence: reject unlabelled 8-bit input, 8106 convert 8BITMIME to 7BIT as required. The F=8 8107 flag is ignored. 8108 Unlabelled 8-bit data is rejected in mode `s' regardless of 8109 the setting of F=8. 8110 Add new internal class 'n', which is the set of MIME Content-Types 8111 which can not be 8 to 7 bit encoded because of other 8112 considerations. Types "multipart/*" and "message/*" are 8113 never directly encoded (although their components can be). 8114 Add new internal class 's', which is the set of subtypes of the 8115 MIME message/* content type that can be treated as though 8116 they are an RFC822 message. It is predefined to have 8117 "rfc822". Suggested By Kari Hurtta. 8118 Add new internal class 'e'. This is the set of MIME 8119 Content-Transfer-Encodings that can be converted to 8120 a seven bit format (Quoted-Printable or Base64). It is 8121 preinitialized to contain "7bit", "8bit", and "binary". 8122 Add C=charset mailer parameter and the the DefaultCharSet option (no 8123 short name) to set the default character set to use in the 8124 Content-Type: header when doing encoding of an 8-bit message 8125 which isn't marked as MIME into MIME format. If the C= 8126 parameter is set on the Envelope From address, use that as 8127 the default encoding; else use the DefaultCharSet option. 8128 If neither is set, it defaults to "unknown-8bit" as 8129 suggested by RFC 1428 section 3. 8130 Allow ``U=user:group'' field in mailer definition to set a default 8131 user and group that a mailer will be executed as. This 8132 overrides the 'u' and 'g' options, and if the `F=S' flag is 8133 also set, it is the uid/gid that will always be used (that 8134 is, the controlling address is ignored). The values may be 8135 numeric or symbolic; if only a symbolic user is given (no 8136 group) that user's default group in the passwd file is used 8137 as the group. Based on code donated by Chip Rosenthal of 8138 Unicom. 8139 Allow `u' option to also accept user:group as a value, in the same 8140 fashion as the U= mailer option. 8141 Add the symbolic time zone name in the Arpanet format dates (as 8142 a comment). This adds a new compile-time configuration 8143 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value 8144 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value 8145 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char 8146 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use 8147 timezone()), or TZ_NONE (don't include the comment). Code 8148 from Chip Rosenthal. 8149 The "Timeout" option (formerly "r") is extended to allow suboptions. 8150 For example, 8151 O Timeout.helo = 2m 8152 There are also two new suboptions "queuereturn" and 8153 "queuewarn"; these subsume the old T option. Thus, to 8154 set them both the preferred new syntax is 8155 O Timeout.queuereturn = 5d 8156 O Timeout.queuewarn = 4h 8157 Sort queue by host name instead of by message priority if the 8158 QueueSortOrder option (no short name) is set is set to 8159 ``host''. This makes better use of the connection cache, 8160 but may delay more ``interactive'' messages behind large 8161 backlogs under some circumstances. This is probably a 8162 good option if you have high speed links or don't do lots 8163 of ``batch'' messages, but less good if you are using 8164 something like PPP on a 14.4 modem. Based on code 8165 contributed by Roy Mongiovi of Georgia Tech (my main 8166 contribution was to make it configurable). 8167 Save i-number of df file in qf file to simplify rebuilding of queue 8168 after disastrous disk crash. Suggested by Kyle Jones of 8169 UUNET; closely based on code from KJS DECWRL code written 8170 by Paul Vixie. NOTA BENE: The qf files produced by 8.7 8171 are NOT back compatible with 8.6 -- that is, you can convert 8172 from 8.6 to 8.7, but not the other direction. 8173 Add ``F=d'' mailer flag to disable all use of angle brackets in 8174 route-addrs in envelopes; this is because in some cases 8175 they can be sent to the shell, which interprets them as 8176 I/O redirection. 8177 Don't include error file (option E) with return-receipts; this 8178 can be confusing. 8179 Don't send "Warning: cannot send" messages to owner-* or 8180 *-request addresses. Suggested by Christophe Wolfhugel 8181 of the Institut Pasteur, Paris. 8182 Allow -O command line flag to set long form options. 8183 Add "MinQueueAge" option to set the minimum time between attempts 8184 to run the queue. For example, if the queue interval 8185 (-q value) is five minutes, but the minimum queue age 8186 is fifteen minutes, jobs won't be tried more often than 8187 once every fifteen minutes. This can be used to give 8188 you more responsiveness if your delivery mode is set to 8189 queue-only. 8190 Allow "fileopen" timeout (default: 60 seconds) for opening 8191 :include: and .forward files. 8192 Add "-k", "-v", and "-z" flags to map definitions; these set the 8193 key field name, the value field name, and the field 8194 delimiter. The field delimiter can be a single character 8195 or the sequence "\t" or "\n" for tab or newline. 8196 These are for use by NIS+ and similar access methods. 8197 Change maps to always strip quotes before lookups; the -q flag 8198 turns off this behavior. Suggested by Motonori Nakamura. 8199 Add "nisplus" map class. Takes -k and -v flags to choose the 8200 key and value field names respectively. Code donated by 8201 Sun Microsystems. 8202 Add "hesiod" map class. The "file name" is used as the 8203 "HesiodNameType" parameter to hes_resolve(3). Returns the 8204 first value found for the match. Code donated by Scott 8205 Hutton of Indiana University. 8206 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to 8207 specify the name of the property that is searched as the 8208 key and a -v flag to specify the name of the property that 8209 is returned as the value (defaults to "members"). The 8210 default map is "/aliases". Some code based on code 8211 contributed by Robert La Ferla of Hot Software. 8212 Add "text" map class. This does slow, linear searches through 8213 text files. The -z flag specifies a column delimiter 8214 (defaults to any sequence of white space), the -k flag 8215 sets the key column number, and the -v flag sets the 8216 value column number. Lines beginning with `#' are treated 8217 as comments. 8218 Add "program" map class to execute arbitrary programs. The search 8219 key is presented as the last argument; the output is one 8220 line read from the programs standard output. Exit statuses 8221 are from sysexits.h. 8222 Add "sequence" map class -- searches maps in sequence until it 8223 finds a match. For example, the declarations: 8224 Kmap1 ... 8225 Kmap2 ... 8226 Kmapseq sequence map1 map2 8227 defines a map "mapseq" that first searches map1; if the 8228 value is found it is returned immediately, otherwise 8229 map2 is searched and the value returned. 8230 Add "switch" map class. This is much like "sequence" except that 8231 the ordering is fetched from an external file, usually 8232 the system service switch. The parameter is the name of 8233 the service to switch on, and the maps that it will use 8234 are the name of the switch map followed by ".service_type". 8235 For example, if the declaration of the map is 8236 Ksample switch hosts 8237 and the system service switch specifies that hosts are 8238 looked up using dns and nis in that order, then this is 8239 equivalent to 8240 Ksample sequence sample.dns sample.nis 8241 The subordinate maps (sample.*) must already be defined. 8242 Add "user" map class -- looks up users using getpwnam. Takes a 8243 "-v field" flag on the definition that tells what passwd 8244 entry to return -- legal values are name, passwd, uid, gid, 8245 gecos, dir, and shell. Generally expected to be used with 8246 the -m (matchonly) flag. 8247 Add "bestmx" map class -- returns the best MX value for the host 8248 listed as the value. If there are several "best" MX records 8249 for this host, one will be chosen at random. 8250 Add "userdb" map class -- looks up entries in the user database. 8251 The "file name" is actually the tag that will be used, 8252 typically "mailname". If there are multiple entries 8253 matching the name, the one chosen is undefined. 8254 Add multiple queue timeouts (both return and warning). These are 8255 set by the Precedence: or Priority: header fields to one of 8256 three values. If a Priority: is set and has value "normal", 8257 "urgent", or "non-urgent" the corresponding timeouts are 8258 used. If no priority is set, the Precedence: is consulted; 8259 if negative, non-urgent timeouts are used; if greater than 8260 zero, urgent timeouts are used. Otherwise, normal timeouts 8261 are used. The timeouts are set by setting the six timeouts 8262 queue{warn,return}.{urgent,normal,non-urgent}. 8263 Fix problem when a mail address is resolved to a $#error mailer 8264 with a temporary failure indication; it works in SMTP, 8265 but when delivering locally the mail is silently discarded. 8266 This patch, from Kyle Jones of UUNET, bounces it instead 8267 of queueing it (queueing is very hard). 8268 When using /etc/hosts or NIS-style lookups, don't assume that 8269 the first name in the list is the best one -- instead, 8270 search for the first one with a dot. For example, if 8271 an /etc/hosts entry reads 8272 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU 8273 this change will use the second name as the canonical 8274 machine name instead of the initial, unqualified name. 8275 Change dequote map to replace spaces in quoted text with a value 8276 indicated by the -s flag on the dequote map definition. 8277 For example, ``Mdequote dequote -s_'' will change 8278 "Foo Bar" into an unquoted Foo_Bar instead of leaving it 8279 quoted (because of the space character). Suggested by Dan 8280 Oscarsson for use in X.400 addresses. 8281 Implement long macro names as ${name}; long class names can 8282 be similarly referenced as $={name} and $~{name}. 8283 Definitions are (e.g.) ``D{name}value''. Names that have 8284 a leading lower case letter or punctuation characters are 8285 reserved for internal use by sendmail; i.e., config files 8286 should use names that begin with a capital letter. Based 8287 on code contributed by Dan Oscarsson. 8288 Fix core dump if getgrgid returns a null group list (as opposed 8289 to an empty group list, that is, a pointer to a list 8290 with no members). Fix from Andrew Chang of Sun Microsystems. 8291 Fix possible core dump if malloc fails -- if the malloc in xalloc 8292 failed, it called syserr which called newstr which called 8293 xalloc.... The newstr is now avoided for "panic" messages. 8294 Reported by Stuart Kemp of James Cook University. 8295 Improve connection cache timeouts; previously, they were not even 8296 checked if you were delivering to anything other than an 8297 IPC-connected host, so a series of (say) local mail 8298 deliveries could cause cached connections to be open 8299 much longer than the specified timeout. 8300 If an incoming message exceeds the maximum message size, stop 8301 writing the incoming bytes to the queue data file, since 8302 this can fill your mqueue partition -- this is a possible 8303 denial-of-service attack. 8304 Don't reject all numeric local user names unless HESIOD is 8305 defined. It turns out that Posix allows all-numeric 8306 user names. Fix from Tony Sanders of BSDI. 8307 Add service switch support. If the local OS has a service 8308 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf 8309 on DEC systems) that will be used; otherwise, it falls back 8310 to using a local mechanism based on the ServiceSwitchFile 8311 option (default: /etc/service.switch). For example, if the 8312 service switch lists "files" and "nis" for the aliases 8313 service, that will be the default lookup order. the "files" 8314 ("local" on DEC) service type expands to any alias files 8315 you listed in the configuration file, even if they aren't 8316 actually file lookups. 8317 Option I (NameServerOptions) no longer sets the "UseNameServer" 8318 variable which tells whether or not DNS should be considered 8319 canonical. This is now determined based on whether or not 8320 "dns" is in the service list for "hosts". 8321 Add preliminary support for the ESMTP "DSN" extension (Delivery 8322 Status Notifications). DSN notifications override 8323 Return-Receipt-To: headers, which are bogus anyhow -- 8324 support for them has been removed. 8325 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer 8326 definitions to define the types used in DSN returns for 8327 MTA names, addresses, and diagnostics respectively. 8328 Extend heuristic to force running in ESMTP mode to look for the 8329 five-character string "ESMTP" anywhere in the 220 greeting 8330 message (not just the second line). This is to provide 8331 better compatibility with other ESMTP servers. 8332 Print sequence number of job when running the queue so you can 8333 easily see how much progress you have made. Suggested 8334 by Peter Wemm of DIALix. 8335 Map newlines to spaces in logged message-ids; some versions of 8336 syslog truncate the rest of the line after newlines. 8337 Suggested by Fletcher Mattox of U. Texas. 8338 Move up forking for job runs so that if a message is split into 8339 multiple envelopes you don't get "fork storms" -- this 8340 also improves the connection cache utilization. 8341 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 8342 the purposes of refusing to send error returns. Suggested 8343 by Motonori Nakamura of Ritsumeikan University. 8344 Relax rules on when a file can be written when referenced from 8345 the aliases file: use the default uid/gid instead of the 8346 real uid/gid. This allows you to create a file owned by 8347 and writable only by the default uid/gid that will work 8348 all the time (without having the set-user-ID bit set). Change 8349 suggested by Shau-Ping Lo and Andrew Cheng of Sun 8350 Microsystems. 8351 Add "DialDelay" option (no short name) to provide an "extra" 8352 delay for dial on demand systems. If this is non-zero 8353 and a connect fails, sendmail will wait this long and 8354 then try again. If it takes longer than the kernel 8355 timeout interval to establish the connection, this 8356 option can give the network software time to establish 8357 the link. The default units are seconds. 8358 Move logging of sender information to be as early as possible; 8359 previously, it could be delayed a while for SMTP mail 8360 sent to aliases. Suggested by Brad Knowles of the 8361 Defense Information Systems Agency. 8362 Call res_init() before setting RES_DEBUG; this is required by 8363 BIND 4.9.3, or so I'm told. From Douglas Anderson of 8364 the National Computer Security Center. 8365 Add xdelay= field in logs -- this is a transaction delay, telling 8366 you how long it took to deliver to this address on the 8367 last try. It is intended to be used for sorting mailing 8368 lists to favor "quick" addresses. Provided for use by 8369 the mailprio scripts (see below). 8370 If a map cannot be opened, and that map is non-optional, and 8371 an address requires that map for resolution, queue the 8372 map instead of bouncing it. This involves creating a 8373 pseudo-class of maps called "bogus-map" -- if a required 8374 map cannot be opened, the class is changed to bogus-map; 8375 all queries against bogus-map return "tempfail". The 8376 bogus-map class is not directly accessible. A sample 8377 implementation was donated by Jem Taylor of Glasgow 8378 University Computing Service. 8379 Fix a possible core dump when mailing to a program that talks 8380 SMTP on its standard input. Fix from Keith Moore of 8381 the University of Kentucky. 8382 Make it possible to resolve filenames to $#local $: @ /filename; 8383 previously, the "@" would cause it to not be recognized 8384 as a file. Problem noted by Brian Hill of U.C. Davis. 8385 Accept a -1 signal to re-exec the daemon. This only works if 8386 argv[0] is a full path to sendmail. 8387 Fix bug in "addr=..." field in O option on little-endian machines 8388 -- the network number wasn't being converted to network 8389 byte order. Patch from Kurt Lidl of Pix Technologies 8390 Corporation. 8391 Pre-initialize the resolver early on; this is to avoid a bug with 8392 BIND 4.9.3 that can cause the _res.retry field to get 8393 reset to zero, causing all name server lookups to time 8394 out. Fix from Matt Day of Artisoft. 8395 Restore T line (trusted users) in config file -- but instead of 8396 locking out the -f flag, they just tell whether or not 8397 an X-Authentication-Warning: will be added. This really 8398 just creates new entries in class 't', so "Ft/file/name" 8399 can be used to read trusted user names from a file. 8400 Trusted users are also allowed to execute programs even 8401 if they have a shell that isn't in /etc/shells. 8402 Improve NEWDB alias file rebuilding so it will create them 8403 properly if they do not already exist. This had been 8404 a MAYBENEXTRELEASE feature in 8.6.9. 8405 Check for @:@ entry in NIS maps before starting up to avoid 8406 (but not prevent, sigh) race conditions. This ought to 8407 be handled properly in ypserv, but isn't. Suggested by 8408 Michael Beirne of Motorola. 8409 Refuse connections if there isn't enough space on the filesystem 8410 holding the queue. Contributed by Robert Dana of Wolf 8411 Communications. 8412 Skip checking for directory permissions in the path to a file 8413 when checking for file permissions iff setreuid() 8414 succeeded -- it is unnecessary in that case. This avoids 8415 significant performance problems when looking for .forward 8416 files. Based on a suggestion by Win Bent of USC. 8417 Allow symbolic ruleset names. Syntax can be "Sname" to get an 8418 arbitrary ruleset number assigned or "Sname = integer" 8419 to assign a specific ruleset number. Reference is 8420 $>name_or_number. Names can be composed of alphas, digits, 8421 underscore, or hyphen (first character must be non-numeric). 8422 Allow -o flag on AliasFile lines to make the alias file optional. 8423 From Bryan Costales of ICSI. 8424 Add NoRecipientAction option to handle the case where there is 8425 no legal recipient header in the message. It can take 8426 on values: 8427 None Leave the message as is. The 8428 message will be passed on even 8429 though it is in technically 8430 illegal syntax. 8431 Add-To Add a To: header with any 8432 recipients that it can find from 8433 the envelope. This risks exposing 8434 Bcc: recipients. 8435 Add-Apparently-To Add an Apparently-To: header. This 8436 has almost no redeeming social value, 8437 and is provided only for back 8438 compatibility. 8439 Add-To-Undisclosed Add a header reading 8440 To: undisclosed-recipients:; 8441 which will have the effect of 8442 making the message legal without 8443 exposing Bcc: recipients. 8444 Add-Bcc To add an empty Bcc: header. 8445 There is a chance that mailers down 8446 the line will delete this header, 8447 which could cause exposure of Bcc: 8448 recipients. 8449 The default is NoRecipientAction=None. 8450 Truncate (rather than delete) Bcc: lines in the header. This 8451 should prevent later sendmails (at least, those that don't 8452 themselves delete Bcc:) from considering this message to 8453 be non-conforming -- although it does imply that non-blind 8454 recipients can see that a Bcc: was sent, albeit not to whom. 8455 Add SafeFileEnvironment option. If declared, files named as delivery 8456 targets must be regular files in addition to the regular 8457 checks. Also, if the option is non-null then it is used as 8458 the name of a directory that is used as a chroot(2) 8459 environment for the delivery; the file names listed in an 8460 alias or forward should include the name of this root. 8461 For example, if you run with 8462 O SafeFileEnvironment=/arch 8463 then aliases should reference "/arch/rest/of/path". If a 8464 value is given, sendmail also won't try to save to 8465 /usr/tmp/dead.letter (instead it just leaves the job in the 8466 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. 8467 Support -A flag for alias files; this will comma concatenate like 8468 entries. For example, given the aliases: 8469 list: member1 8470 list: member2 8471 and an alias file declared as: 8472 OAhash:-A /etc/aliases 8473 the final alias inserted will be "list: member1,member2"; 8474 without -A you will get an error on the second and subsequent 8475 alias for "list". Contributed by Bryan Costales of ICSI. 8476 Line-buffer transcript file. Suggested by Liudvikas Bukys. 8477 Fix a problem that could cause very long addresses to core dump in 8478 some special circumstances. Problem pointed out by Allan 8479 Johannesen. 8480 (Internal change.) Change interface to expand() (macro expansion) 8481 to be simpler and more consistent. 8482 Delete check for funny qf file names. This didn't really give 8483 any extra security and caused some people some problems. 8484 (If you -really- want this, define PICKY_QF_NAME_CHECK 8485 at compile time.) Suggested by Kyle Jones of UUNET. 8486 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and 8487 merge with DSN code; this is simpler and more consistent. 8488 This may affect some people who have written their own 8489 checkcompat() routine. 8490 (Internal change.) Eliminate `D' line in qf file. The df file 8491 is now assumed to be the same name as the qf file (with 8492 the `q' changed to a `d', of course). 8493 Avoid forking for delivery if all recipient mailers are marked as 8494 "expensive" -- this can be a major cost on some systems. 8495 Essentially, this forces sendmail into "queue only" mode 8496 if all it is going to do is queue anyway. 8497 Avoid sending a null message in some rather unusual circumstances 8498 (specifically, the RCPT command returns a temporary 8499 failure but the connection is lost before the DATA 8500 command). Fix from Scott Hammond of Secure Computing 8501 Corporation. 8502 Change makesendmail to use a somewhat more rational naming scheme: 8503 Makefiles and obj directories are named $os.$rel.$arch, 8504 where $os is the operating system (e.g., SunOS), $rel is 8505 the release number (e.g., 5.3), and $arch is the machine 8506 architecture (e.g., sun4). Any of these can be omitted, 8507 and anything after the first dot in a release number can 8508 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous 8509 version used $os.$arch.$rel and was rather less general. 8510 Change makesendmail to do a "make depend" in the target directory 8511 when it is being created. This involves adding an empty 8512 "depend:" entry in most Makefiles. 8513 Ignore IDENT return value if the OSTYPE field returns "OTHER", 8514 as indicated by RFC 1413. Pointed out by Kari Hurtta 8515 of the Finnish Meteorological Institute. 8516 Fix problem that could cause multiple responses to DATA command 8517 on header syntax errors (e.g., lines beginning with colons). 8518 Problem noted by Jens Thomassen of the University of Oslo. 8519 Don't let null bytes in headers cause truncation of the rest of 8520 the header. 8521 Log Authentication-Warning:s. Suggested by Motonori Nakamura. 8522 Increase timeouts on message data puts to allow time for receivers 8523 to canonify addresses in headers on the fly. This is still 8524 a rather ugly heuristic. From Motonori Nakamura. 8525 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX 8526 records are not used when canonifying names, and when MX 8527 lookups are done for addressing they must be fully 8528 qualified. This is useful if you have a wildcard MX record, 8529 although it may cause other problems. In general, don't use 8530 wildcard MX records. Patch from Motonori Nakamura. 8531 Eliminate default two-line SMTP greeting message. Instead of 8532 adding an extra "ESMTP spoken here" line, the word "ESMTP" 8533 is added between the first and second word of the first 8534 line of the greeting message (i.e., immediately after the 8535 host name). This eliminates the need for the BROKEN_SMTP_PEERS 8536 compile flag. Old sendmails won't see the ESMTP, but that's 8537 acceptable because SIZE was the only useful extension that 8538 old sendmails understand. 8539 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 8540 invoked state dumps. From Masaharu Onishi. 8541 Allow on-line comments in .forward and :include: files; they are 8542 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> 8543 is a space or a tab. This is intended for native 8544 representation of non-ASCII sets such as Japanese, where 8545 existing encodings would be unreadable or would lose 8546 data -- for example, 8547 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori 8548 (romanized/less information) 8549 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= 8550 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= 8551 (with MIME encoding, not human readable) 8552 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B 8553 (native encoding with ISO-2022-JP) 8554 The last form is human readable in the Japanese environment. 8555 Based on a fix from (surprise!) Motonori Nakamura. 8556 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all 8557 messages to that host; these are most frequently associated 8558 with addresses rather than the host, with the exception of 8559 421 (service shutting down). The effect was to cause queues 8560 to sometimes take an excessive time to flush. Reported by 8561 Robert Sargent of Southern Geographics Technologies and 8562 Eric Prestemon of American University. 8563 Add Nice=N mailer option to set the niceness at which a mailer will 8564 run. This is actually a relative niceness (that is, an 8565 increment on the background value). 8566 Log queue runs that are skipped due to high loads. They are logged 8567 at LOG_INFO priority iff the log level is > 8. Contributed 8568 by Bruce Nagel of Data General. 8569 Allow the error mailer to accept a DSN-style error status code 8570 instead of an sysexits status code in the host part. 8571 Anything with a dot will be interpreted as a DSN-style code. 8572 Add new mailer flag: F=3 will tell translations to Quoted-Printable 8573 to encode characters that might be munged by an EBCDIC system 8574 in addition to the set required by RFC 1521. The additional 8575 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. 8576 (Think of "IBM 360" as the mnemonic for this flag.) 8577 Change check for mailing to files to look for a pathname of [FILE] 8578 rather than looking for the mailer named *file*. The mapping 8579 of leading slashes still goes to the *file* mailer. This 8580 allows you to implement the *file* mailer as a separate 8581 program, for example, to insert a Content-Length: header 8582 or do special security policy. However, note that the usual 8583 initial checking for the file permissions is still done, and 8584 the program in question needs to be very careful about how 8585 it does the file write to avoid security problems. 8586 Be able to read ~root/.forward even if the path isn't accessible to 8587 regular users. This is disrecommended because sendmail 8588 sometimes does not run as root (e.g., when an unsafe option 8589 is specified on the command line), but should otherwise be 8590 safe because .forward files must be owned by the user for 8591 whom mail is being forwarded, and cannot be a symbolic link. 8592 Suggested by Forrest Aldrich of Wang Laboratories. 8593 Add new "HostsFile" option that is the pathname to the /etc/hosts 8594 file. This is used for canonifying hostnames when the 8595 service type is "files". 8596 Implement programs on F (read class from file) line. The syntax is 8597 Fc|/path/to/program to read the output from the program 8598 into class "c". 8599 Probe the network interfaces to find alternate names for this 8600 host. Requires the SIOCGIFCONF ioctl call. Code 8601 contributed by SunSoft. 8602 Add "E" configuration line to set or propagate environment 8603 variables into children. "E<envar>" will propagate 8604 the named variable from the environment when sendmail 8605 was invoked into any children it calls; "E<envar>=<value>" 8606 sets the named variable to the indicated value. Any 8607 variables not explicitly named will not be in the child 8608 environment. However, sendmail still forces an 8609 "AGENT=sendmail" environment variable, in part to enforce 8610 at least one environment variable, since many programs and 8611 libraries die horribly if this is not guaranteed. 8612 Change heuristic for rebuilding both NEWDB and NDBM versions of 8613 alias databases -- new algorithm looks for the substring 8614 "/yp/" in the file name. This is more portable and involves 8615 less overhead. Suggested by Motonori Nakamura. 8616 Dynamically allocate the queue work list so that you don't lose 8617 jobs in large queue runs. The old QUEUESIZE compile parameter 8618 is replaced by QUEUESEGSIZE (the unit of allocation, which 8619 should not need to be changed) and the MaxQueueRunSize option, 8620 which is the absolute maximum number of jobs that will ever 8621 be handled in a single queue run. Based on code contributed 8622 by Brian Coan of the Institute for Global Communications. 8623 Log message when a message is dropped because it exceeds the maximum 8624 message size. Suggested by Leo Bicknell of Virginia Tech. 8625 Allow trusted users (those on a T line or in $=t) to use -bs without 8626 an X-Authentication-Warning: added. Suggested by Mark Thomas 8627 of Mark G. Thomas Consulting. 8628 Announce state of compile flags on -d0.1 (-d0.10 throws in the 8629 OS-dependent defines). The old semantic of -d0.1 to not 8630 run the daemon in background has been moved to -d99.100, 8631 and the old 52.5 flag (to avoid disconnect() from closing 8632 all output files) has been moved to 52.100. This makes 8633 things more consistent (flags below .100 don't change 8634 semantics) and separates out the backgrounding so that 8635 it doesn't happen automatically on other unrelated debugging 8636 flags. 8637 If -t is used but no addresses are found in the header, give an 8638 error message rather than just doing nothing. Fix from 8639 Motonori Nakamura. 8640 On systems (like SunOS) where the effective gid is not necessarily 8641 included in the group list returned by getgroups(), the 8642 `restrictmailq' option could sometimes cause an authorized 8643 user to not be able to use `mailq'. Fix from Charles Hannum 8644 of MIT. 8645 Allow symbolic service names for [IPC] mailers. Suggested by 8646 Gerry Magennis of Logica International. 8647 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs 8648 when running DNS. For example, if the name FTP.Foo.ORG is 8649 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in 8650 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG" 8651 if this option is not set, or "FTP.Foo.ORG" if it is set. 8652 This is technically illegal under RFC 822 and 1123, but the 8653 IETF is moving toward legalizing it. Note that turning on 8654 this option is not sufficient to guarantee that a downstream 8655 neighbor won't rewrite the address for you. 8656 Add "-m" flag to makesendmail script -- this tells you what object 8657 directory and Makefile it will use, but doesn't actually do 8658 the make. 8659 Do some additional checking on the contents of the qf file to try 8660 to detect attacks against the qf file. In particular, 8661 abort on any line beginning "From ", and add an "end of 8662 file" line -- any data after that line is prohibited. 8663 Always use /etc/sendmail.cf, regardless of the arbitrary vendor 8664 choices. This can be overridden in the Makefile by using 8665 either -DUSE_VENDOR_CF_PATH to get the vendor location 8666 (to the extent that we know it) or by defining 8667 _PATH_SENDMAILCF (which is a "hard override"). This allows 8668 sendmail 8 to have more consistent installation instructions. 8669 Allow macros on `K' line in config file. Suggested by Andrew Chang 8670 of Sun Microsystems. 8671 Improved symbol table hash function from Eric Wassenaar. This one 8672 is at least 50% faster. 8673 Fix problem that didn't notice that timeout on file open was a 8674 transient error. Fix from Larry Parmelee of Cornell 8675 University. 8676 Allow comments (lines beginning with a `#') in files read for 8677 classes. Suggested by Motonori Nakamura. 8678 Make SIGINT (usually ^C) in test mode return to the prompt instead 8679 of dropping out entirely. This makes testing some of the 8680 name server lookups easier to deal with when there are 8681 hung servers. From Motonori Nakamura. 8682 Add new ${opMode} macro that is set to the current operation mode 8683 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by 8684 Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>. 8685 Add new delivery mode (Odd) that defers all map lookups to queue runs. 8686 Kind of like queue-only mode (Odq) except it tries to avoid 8687 any external service requests; for dial-on-demand hosts that 8688 want to minimize DNS lookups when mail is being queued. For 8689 this to work you will also have to make sure that gethostbyname 8690 of your local host name does not do a DNS lookup. 8691 Improved handling of "out of space" conditions from John Myers of 8692 Carnegie Mellon. 8693 Improved security for mailing to files on systems that have fchmod(2) 8694 support. 8695 Improve "cannot send message for N days" message -- now says "could 8696 not send for past N days". Suggested by Tom Moore of AT&T 8697 Global Information Solutions. 8698 Less misleading Subject: line on messages sent to postmaster only. 8699 From Motonori Nakamura. 8700 Avoid duplicate error messages on bad command line flags. From 8701 Motonori Nakamura. 8702 Better error message for case where ruleset 0 falls off the end 8703 or otherwise does not resolve to a canonical triple. 8704 Fix a problem that could cause multiple bounce messages if a bad 8705 address was sent along with a good address to an SMTP 8706 site where that SMTP site returned a 4yz code in response 8707 to the final dot of the data. Problem reported by David 8708 James of British Telecom. 8709 Add "volatile" declarations so that gcc -O2 will work. Patches 8710 from Alexander Dupuy of System Management ARTS. 8711 Delete duplicates in MX lists -- believe it or not, there are sites 8712 that list the same host twice in an MX list. This deletion 8713 only works on adjacent preferences, so an MX list that 8714 had A=5, B=10, A=15 would leave both As, but one that had 8715 A=5, A=10, B=15 would reduce to A, B. This is intentional, 8716 just in case there is something weird I haven't thought of. 8717 Suggested by Barry Shein of Software Tool & Die. 8718 SECURITY: .forward files cannot be symbolic links. If they are, 8719 a bad guy can read your private files. 8720 PORTABILITY FIXES: 8721 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. 8722 System V Release 4 from Motonori Nakamura of Ritsumeikan 8723 University. This expands the disk size 8724 checking to include all (?) SVR4 configurations. 8725 System V Release 4 from Kimmo Suominen -- initgroups(3) 8726 and setrlimit(2) are both available. 8727 System V Release 4 from sob@sculley.ffg.com -- some versions 8728 apparently "have EX_OK defined in other headerfiles." 8729 Linux Makefile typo. 8730 Linux getusershell(3) is broken in Slackware 2.0 -- 8731 from Andrew Pam of Xanadu Australia. 8732 More Linux tweaking from John Kennedy of California State 8733 University, Chico. 8734 Cray changes from Eric Wassenaar: ``On Cray, shorts, 8735 ints, and longs are all 64 bits, and all structs 8736 are multiples of 64 bits. This means that the 8737 sizeof operator returns only multiples of 8. 8738 This requires adaptation of code that really 8739 deals with 32 bit or 16 bit fields, such as IP 8740 addresses or nameserver fields.'' 8741 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To 8742 get the old behavior, use -DDGUX_5_4_2. 8743 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment 8744 variable to fix bogus /bin/mail behavior. 8745 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. 8746 This also cleans up some System V Release 4 compile 8747 problems. 8748 Solaris 2: sendmail.cw file should be in /etc/mail to 8749 match all the other configuration files. Fix 8750 from Glenn Barry of Emory University. 8751 Solaris 2.3: compile problem in conf.c. Fix from Alain 8752 Nissen of the University of Liege, Belgium. 8753 Ultrix: freespace calculation was incorrect. Fix from 8754 Takashi Kizu of Osaka University. 8755 SVR4: running in background gets a SIGTTOU because the 8756 emulation code doesn't realize that "getpeername" 8757 doesn't require reading the file. Fix from Peter 8758 Wemm of DIALix. 8759 Solaris 2.3: due to an apparent bug in the socket emulation 8760 library, sockets can get into a "wedged" state where 8761 they just return EPROTO; closing and re-opening the 8762 socket clears the problem. Fix from Bob Manson 8763 of Ohio State University. 8764 Hitachi 3050R & 3050RX running HI-UX/WE2: portability 8765 fixes from Akihiro Hashimoto ("Hash") of Chiba 8766 University. 8767 AIX changes to allow setproctitle to work from Rainer Sch�pf 8768 of Zentrum f�r Datenverarbeitung der Universit�t 8769 Mainz. 8770 AIX changes for load average from Ed Ravin of NASA/Goddard. 8771 SCO Unix from Chip Rosenthal of Unicom (code was using the 8772 wrong statfs call). 8773 ANSI C fixes from Adam Glass (NetBSD project). 8774 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers 8775 University. 8776 DG-UX fixes from Bruce Nagel of Data General. 8777 IRIX64 updates from Mark Levinson of the University of 8778 Rochester Medical Center. 8779 Altos System V (``the first UNIX/XENIX merge the Altos 8780 did for their Series 1000 & Series 2000 line; 8781 their merged code was licensed back to AT&T and 8782 Microsoft and became System V release 3.2'') from 8783 Tim Rice <timr@crl.com>. 8784 OSF/1 running on Intel Paragon from Jeff A. Earickson 8785 <jeff@ssd.intel.com> of Intel Scalable Systems 8786 Division. 8787 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson 8788 <janet@dialix.oz.au>. 8789 System V Release 4 (statvfs semantic fix) from Alain 8790 Durand of I.M.A.G. 8791 HP-UX 10.x multiprocessor load average changes from 8792 Scott Hutton and Jeff Sumler of Indiana University. 8793 Cray CSOS from Scott Bolte of Cray Computer Corporation. 8794 Unicos 8.0 from Douglas K. Rand of the University of North 8795 Dakota, Scientific Computing Center. 8796 Solaris 2.4 fixes from Sanjay Dani of Dani Communications. 8797 ConvexOS 11.0 from Christophe Wolfhugel. 8798 IRIX 4.0.5 from David Ashton-Reader of CADcentre. 8799 ISC UNIX from J. J. Bailey. 8800 HP-UX 9.xx on the 8xx series machines from Remy Giraud 8801 of Meteo France. 8802 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>. 8803 IRIX 5.2 and 5.3 from Kari E. Hurtta. 8804 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. 8805 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. 8806 Omron LUNA unios-b, mach from Motonori Nakamura. 8807 NEC EWS-UX/V 4.2 from Motonori Nakamura. 8808 NeXT 2.1 from Bryan Costales. 8809 AUX patch thanks to Mike Erwin of Apple Computer. 8810 HP-UX 10.0 from John Beck of Hewlett-Packard. 8811 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a 8812 non-DEC resolver. Suggested by Allan Johannesen. 8813 UnixWare 2.0 fixes from Petr Lampa of the Technical 8814 University of Brno (Czech Republic). 8815 KSR OS 1.2.2 support from Todd Miller of the University 8816 of Colorado. 8817 UX4800 support from Kazuhisa Shimizu of NEC. 8818 MAKEMAP: allow -d flag to allow insertion of duplicate aliases 8819 in type ``btree'' maps. The semantics of this are undefined 8820 for regular maps, but it can be useful for the user database. 8821 MAKEMAP: lock database file while rebuilding to avoid sendmail 8822 lookups while the rebuild is going on. There is a race 8823 condition between the open(... O_TRUNC ...) and the lock 8824 on the file, but it should be quite small. 8825 SMRSH: sendmail restricted shell added to the release. This can 8826 be used as an alternative to /bin/sh for the "prog" mailer, 8827 giving the local administrator more control over what 8828 programs can be run from sendmail. 8829 MAIL.LOCAL: add this local mailer to the tape. It is not really 8830 part of the release proper, and isn't fully supported; in 8831 particular, it does not run on System V based systems and 8832 never will. 8833 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon 8834 to allow rmail to compile on systems that don't have 8835 function prototypes and systems that don't have snprintf. 8836 CONTRIB: add the "mailprio" scripts that will help you sort mailing 8837 lists by transaction delay times so that addresses that 8838 respond quickly get sent first. This is to prevent very 8839 sluggish servers from delaying other peoples' mail. 8840 Contributed by Tony Sanders of BSDI. 8841 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders 8842 of BSDI. This has a lot of comments to help people out. 8843 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead, 8844 put this on the m4 command line. On GNU m4 (which 8845 supports the __file__ primitive) you can run m4 in an 8846 arbitrary directory -- use either: 8847 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 8848 or 8849 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf 8850 On other versions of m4 that don't support __file__, you 8851 can use: 8852 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ... 8853 (Note the trailing slash on the _CF_DIR_ definition.) 8854 Old versions of m4 will default to _CF_DIR_=.. for back 8855 compatibility. 8856 CONFIG: fix mail from <> so it will properly convert to 8857 MAILER-DAEMON on local addresses. 8858 CONFIG: fix code that was supposed to catch colons in host 8859 names. Problem noted by John Gardiner Myers of CMU. 8860 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. 8861 From Paul Riddle of the University of Maryland, Baltimore 8862 County. 8863 CONFIG: Catch and reject "." as a host address. 8864 CONFIG: Generalize domaintable to look up all domains, not 8865 just unqualified ones. 8866 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it 8867 was never used and didn't work anyway. 8868 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer 8869 and d on all mailers in the UUCP class. 8870 CONFIG: Allow "user+detail" to be aliased specially: it will first 8871 look for an alias for "user+detail", then for "user+*", and 8872 finally for "user". This is intended for forwarding mail 8873 for system aliases such as root and postmaster to a 8874 centralized hub. 8875 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). 8876 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. 8877 The F=8 flag is also set on the "relay" mailer, since 8878 this is expected to be another sendmail. 8879 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with 8880 the name of the UUCP_RELAY -- in some cases, this is the 8881 wrong value (e.g., when we have local UUCP connections), 8882 and this can create unreplyable addresses. From Chip 8883 Rosenthal of Unicom. 8884 CONFIG: add confRECEIVED_HEADER to change the format of the 8885 Received: header inserted into all messages. Suggested by 8886 Gary Mills of the University of Manitoba. 8887 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) 8888 to get the old behavior. I did this upon observing 8889 that almost everyone needed this feature, and that the 8890 concept I was trying to make happen didn't work with 8891 some user agents anyway. FEATURE(notsticky) still works, 8892 but it is a no-op. 8893 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user 8894 names are sent, rather than immediately diagnosing them 8895 as User Unknown. 8896 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, 8897 and RELAY_MAILER_ARGS to set the arguments for the 8898 indicated mailers. All default to "IPC $h". Patch from 8899 Larry Parmelee of Cornell University. 8900 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects 8901 on the client side" and F=P to get an appropriate 8902 return-path. From Kimmo Suominen. 8903 CONFIG: add FEATURE(local_procmail) to use the procmail program 8904 as the local mailer. For addresses of the form "user+detail" 8905 the "detail" part is passed to procmail via the -a flag. 8906 Contributed by Kimmo Suominen. 8907 CONFIG: add MAILER(procmail) to add an interface to procmail for 8908 use from mailertables. This lets you execute arbitrary 8909 procmail scripts. Contributed by Kimmo Suominen. 8910 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. 8911 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From 8912 Paul Southworth of CICNet Systems Support. 8913 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. 8914 This causes the null return path to be rewritten as 8915 MAILER-DAEMON; otherwise UUCP gets horribly confused. 8916 From Michael Hohmuth of Technische Universitat Dresden. 8917 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that 8918 list us as the best possible MX record to be treated as 8919 though they were local (essentially, assume that they 8920 are included in $=w). This can cause additional DNS 8921 traffic, but is easier to administer if this fits your 8922 local model. It does not work reliably if there are 8923 multiple hosts that share the best MX preference. 8924 Code contributed by John Oleynick of Rutgers. 8925 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted 8926 SHell) instead of /bin/sh as the program used for delivery 8927 to programs. If an argument is included, it is used as 8928 the path to smrsh; otherwise, /usr/local/etc/smrsh is 8929 assumed. 8930 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the 8931 size of messages to the local and procmail mailers 8932 respectively. Contributed by Brad Knowles of the Defense 8933 Information Systems Agency. 8934 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments 8935 (just like text outside of angle brackets) in order to 8936 properly deal with ``group: addr1, ... addrN;'' syntax. 8937 CONFIG: Require OSTYPE macro (the defaults really don't apply to 8938 any real systems any more) and tweak the DOMAIN macro 8939 so that it is less likely that users will accidentally use 8940 the Berkeley defaults. Also, create some generic files 8941 that really can be used in the real world. 8942 CONFIG: Add new configuration macros to set character sets for 8943 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, 8944 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. 8945 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. 8946 The old name will still be accepted for a while at least. 8947 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET 8948 mail (.DECNET pseudo-domain or node::user) will be sent. 8949 As with all relays, it can be ``mailer:hostname''. Suggested 8950 by Scott Hutton. 8951 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed 8952 by Barb Dijker of Labyrinth Computer Services. 8953 CONFIG: change confCHECK_ALIASES to default to False -- it has poor 8954 performance for large alias files, and this confused many 8955 people. 8956 CONFIG: Add confCF_VERSION to append local information to the 8957 configuration version number displayed during SMTP startup. 8958 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it 8959 would only work when locally addressed. Fix from 8960 Edvard Tuinder of Cistron Internet Services. 8961 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option 8962 "n" (CheckAliases) is set when rebuilding alias database. 8963 Based on code contributed by Claude Marinier. 8964 CONFIG: Allow mailertable to have values of the form 8965 ``error:code message''. The ``code'' is a status code 8966 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE. 8967 Contributed by David James <dwj@agw.bt.co.uk>. 8968 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of 8969 sender domains that will be replaced with the masquerade name. 8970 These domains will not be treated as local, but if mail passes 8971 through with sender addresses in those domains they will be 8972 replaced by the masquerade name. These can also be specified 8973 in a file using MASQUERADE_DOMAIN_FILE(filename). 8974 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope 8975 as well as the header. Substantial improvements to this 8976 code were contributed by Per Hedeland. 8977 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be 8978 accessed from a mailertable to do CCSO ph lookups. Contributed 8979 by Kimmo Suominen. 8980 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be 8981 used to define cyrus and cyrusbb mailers (for IMAP support). 8982 Contributed by John Gardiner Myers of Carnegie Mellon. 8983 CONFIG: add confUUCP_MAILER to select default mailer to use for 8984 UUCP addressing. Suggested by Tom Moore of AT&T GIS. 8985 NEW FILES: 8986 cf/cf/cs-hpux10.mc 8987 cf/cf/cs-solaris2.mc 8988 cf/cf/cyrusproto.mc 8989 cf/cf/generic-bsd4.4.mc 8990 cf/cf/generic-hpux10.mc 8991 cf/cf/generic-hpux9.mc 8992 cf/cf/generic-osf1.mc 8993 cf/cf/generic-solaris2.mc 8994 cf/cf/generic-sunos4.1.mc 8995 cf/cf/generic-ultrix4.mc 8996 cf/cf/huginn.cs.mc 8997 cf/domain/berkeley-only.m4 8998 cf/domain/generic.m4 8999 cf/feature/bestmx_is_local.m4 9000 cf/feature/local_procmail.m4 9001 cf/feature/masquerade_envelope.m4 9002 cf/feature/smrsh.m4 9003 cf/feature/stickyhost.m4 9004 cf/feature/use_ct_file.m4 9005 cf/m4/cfhead.m4 9006 cf/mailer/cyrus.m4 9007 cf/mailer/mail11.m4 9008 cf/mailer/phquery.m4 9009 cf/mailer/procmail.m4 9010 cf/ostype/amdahl-uts.m4 9011 cf/ostype/bsdi2.0.m4 9012 cf/ostype/hpux10.m4 9013 cf/ostype/irix5.m4 9014 cf/ostype/isc4.1.m4 9015 cf/ostype/ptx2.m4 9016 cf/ostype/unknown.m4 9017 contrib/bsdi.mc 9018 contrib/mailprio 9019 contrib/rmail.oldsys.patch 9020 mail.local/mail.local.0 9021 makemap/makemap.0 9022 smrsh/README 9023 smrsh/smrsh.0 9024 smrsh/smrsh.8 9025 smrsh/smrsh.c 9026 src/Makefiles/Makefile.CSOS 9027 src/Makefiles/Makefile.EWS-UX_V 9028 src/Makefiles/Makefile.HP-UX.10 9029 src/Makefiles/Makefile.IRIX.5.x 9030 src/Makefiles/Makefile.IRIX64 9031 src/Makefiles/Makefile.ISC 9032 src/Makefiles/Makefile.KSR 9033 src/Makefiles/Makefile.NEWS-OS.4.x 9034 src/Makefiles/Makefile.NEWS-OS.6.x 9035 src/Makefiles/Makefile.NEXTSTEP 9036 src/Makefiles/Makefile.NonStop-UX 9037 src/Makefiles/Makefile.Paragon 9038 src/Makefiles/Makefile.SCO.3.2v4.2 9039 src/Makefiles/Makefile.SunOS.5.3 9040 src/Makefiles/Makefile.SunOS.5.4 9041 src/Makefiles/Makefile.SunOS.5.5 9042 src/Makefiles/Makefile.UNIX_SV.4.x.i386 9043 src/Makefiles/Makefile.uts.systemV 9044 src/Makefiles/Makefile.UX4800 9045 src/aliases.0 9046 src/mailq.0 9047 src/mime.c 9048 src/newaliases.0 9049 src/sendmail.0 9050 test/t_seteuid.c 9051 RENAMED FILES: 9052 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc 9053 cf/cf/chez.mc => cf/cf/chez.cs.mc 9054 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc 9055 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc 9056 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc 9057 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc 9058 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc 9059 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc 9060 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 9061 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 9062 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 9063 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 9064 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 9065 cf/ostype/irix.m4 => cf/ostype/irix4.m4 9066 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 9067 src/Makefile.* => src/Makefiles/Makefile.* 9068 src/Makefile.AUX => src/Makefiles/Makefile.A-UX 9069 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS 9070 src/Makefile.DGUX => src/Makefiles/Makefile.dgux 9071 src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS 9072 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0 9073 OBSOLETED FILES: 9074 cf/cf/cogsci.mc 9075 cf/cf/cs-exposed.mc 9076 cf/cf/cs-hidden.mc 9077 cf/cf/hpux-cs-hidden.mc 9078 cf/cf/knecht.mc 9079 cf/cf/osf1-cs-hidden.mc 9080 cf/cf/sunos3.5-cs-exposed.mc 9081 cf/cf/sunos3.5-cs-hidden.mc 9082 cf/cf/sunos4.1-cs-hidden.mc 9083 cf/cf/ultrix4.1-cs-hidden.mc 9084 cf/domain/cs-hidden.m4 9085 contrib/rcpt-streaming 9086 src/Makefiles/Makefile.SunOS.5.x 9087 90888.6.13/8.6.12 1996/01/25 9089 SECURITY: In some cases it was still possible for an attacker to 9090 insert newlines into a queue file, thus allowing access to 9091 any user (except root). 9092 CONFIG: no changes -- it is not a bug that the configuration 9093 version number is unchanged. 9094 90958.6.12/8.6.12 1995/03/28 9096 Fix to IDENT code (it was getting the size of the reply buffer 9097 too small, so nothing was ever accepted). Fix from several 9098 people, including Allan Johannesen, Shane Castle of the 9099 Boulder County Information Services, and Jeff Smith of 9100 Warwick University (all arrived within a few hours of 9101 each other!). 9102 Fix a problem that could cause large jobs to run out of 9103 file descriptors on systems that use vfork() rather 9104 than fork(). 9105 91068.6.11/8.6.11 1995/03/08 9107 The ``possible attack'' message would be logged more often 9108 than necessary if you are using Pine as a user agent. 9109 The wrong host would be reported in the ``possible attack'' 9110 message when attempted from IDENT. 9111 In some cases the syslog buffer could be overflowed when 9112 reporting the ``possible attack'' message. This can 9113 cause denial of service attacks. Truncate the message 9114 to 80 characters to prevent this problem. 9115 When reading the IDENT response a loop is needed around the 9116 read from the network to ensure that you don't get 9117 partial lines. 9118 Password entries without any shell listed (that is, a null 9119 shell) wouldn't match as "ok". Problem noted by 9120 Rob McMahon. 9121 When running BIND 4.9.x a problem could occur because the 9122 _res.options field is initialized differently than it 9123 was historically -- this requires that sendmail call 9124 res_init before it tweaks any bits. 9125 Fix an incompatibility in openxscript() between the file open mode 9126 and the stdio mode passed to fdopen. This caused UnixWare 9127 2.0 to have conniptions. Fix from Martin Sohnius of 9128 Novell Labs Europe. 9129 Fix problem with static linking of local getopt routine when 9130 using GNU's ld command. Fix from John Kennedy of 9131 Cal State Chico. 9132 It was possible to turn off privacy flags. Problem noted by 9133 *Hobbit*. 9134 Be more paranoid about writing files. Suggestions by *Hobbit* 9135 and Liudvikas Bukys. 9136 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) 9137 from Spider Boardman. 9138 CONFIG: No changes (version number only, to keep it in sync 9139 with the binaries). 9140 91418.6.10/8.6.10 1995/02/10 9142 SECURITY: Diagnose bogus values to some command line flags that 9143 could allow trash to get into headers and qf files. 9144 Validate the name of the user returned by the IDENT protocol. 9145 Some systems that really dislike IDENT send intentionally 9146 bogus information. Problem pointed out by Michael Bushnell 9147 of the Free Software Foundation. Has some security 9148 implications. 9149 Fix a problem causing error messages about DNS problems when 9150 the host name contained a percent sign to act oddly 9151 because it was passed as a printf-style format string. 9152 In some cases this could cause core dumps. 9153 Avoid possible buffer overrun in returntosender() if error 9154 message is quite long. From Fletcher Mattox of the 9155 University of Texas. 9156 Fix a problem that would silently drop "too many hops" error 9157 messages if and only if you were sending to an alias. 9158 From Jon Giltner of the University of Colorado and 9159 Dan Harton of Oak Ridge National Laboratory. 9160 Fix a bug that caused core dumps on some systems if -d11.2 was 9161 set and e->e_message was null. Fix from Bruce Nagel of 9162 Data General. 9163 Fix problem that can still cause df files to be left around 9164 after "hop count exceeded" messages. Fix from Andrew 9165 Chang and Shau-Ping Lo of SunSoft. 9166 Fix a problem that can cause buffer overflows on very long 9167 user names (as might occur if you piped to a program 9168 with a lot of arguments). 9169 Avoid returning an error and re-queueing if the host signature 9170 is null; this can occur on addresses like ``user@.''. 9171 Problem noted by Wesley Craig and the University of 9172 Michigan. 9173 Avoid possible calls to malloc(0) if MCI caching is turned 9174 off. Bug fix from Pierre David of the Laboratoire 9175 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), 9176 Universite de Versailles - St Quentin, and Jacky 9177 Thibault. 9178 Make a local copy of the line being sent via senttolist() -- in 9179 some cases, buffers could get trashed by map lookups 9180 causing it to do unexpected things. This also simplifies 9181 some of the map code. 9182 CONFIG: No changes (version number only, to keep it in sync 9183 with the binaries). 9184 91858.6.9/8.6.9 1994/04/19 9186 Do all mail delivery completely disconnected from any terminal. 9187 This provides consistency with daemon delivery and 9188 may have some security implications. 9189 Make sure that malloc doesn't get called with zero size, 9190 since that fails on some systems. Reported by Ed 9191 Hill of the University of Iowa. 9192 Fix multi-line values for $e (SMTP greeting message). Reported 9193 by Mike O'Connor of Ford Motor Company. 9194 Avoid syserr if no NIS domain name is defined, but the map it 9195 is trying to open is optional. From Win Bent of USC. 9196 Changes for picky compilers from Ed Gould of Digital Equipment. 9197 Hesiod support for UDB from Todd Miller of the University of 9198 Colorado. Use "hesiod" as the service name in the U 9199 option. 9200 Fix a problem that failed to set the "authentic" host name (that 9201 is, the one derived from the socket info) if you called 9202 sendmail -bs from inetd. Based on code contributed by 9203 Todd Miller (this problem was also reported by Guy Helmer 9204 of Dakota State University). This also fixes a related 9205 problem reported by Liudvikas Bukys of the University of 9206 Rochester. 9207 Parameterize "nroff -h" in all the Makefiles so people with 9208 variant versions can use them easily. Suggested by 9209 Peter Collinson of Hillside Systems. 9210 SMTP "MAIL" commands with multiple ESMTP parameters required two 9211 spaces between parameters instead of one. Reported by 9212 Valdis Kletnieks of Virginia Tech. 9213 Reduce the number of system calls during message collection by 9214 using global timeouts around the collect() loop. This 9215 code was contributed by Eric Wassenaar. 9216 If the initial hostname name gathering results in a name 9217 without a dot (usually caused by NIS misconfiguration) 9218 and BIND is compiled in, directly access DNS to get 9219 the canonical name. This should make life easier for 9220 Solaris systems. If it still can't be resolved, and 9221 if the name server is listed as "required", try again 9222 in 30 seconds. If that also fails, exit immediately to 9223 avoid bogus "config error: mail loops back to myself" 9224 messages. 9225 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error 9226 message to explain how much space was available and 9227 sound a bit less threatening. Suggested by Stan Janet 9228 of the National Institute of Standards and Technology. 9229 If mail is delivered to an alias that has an owner, deliver any 9230 requested return-receipt immediately, and strip the 9231 Return-Receipt-To: header from the subsequent message. 9232 This prevents a certain class of denial of service 9233 attack, arguably gives more reasonable semantics, and 9234 moves things more towards what will probably become a 9235 network standard. Suggested by Christopher Davis of 9236 Kapor Enterprises. 9237 Add a "noreceipts" privacy flag to turn off all return receipts 9238 without recompiling. 9239 Avoid printing ESMTP parameters as part of the error message 9240 if there are errors during parsing. This change is 9241 purely cosmetic. 9242 Avoid sending out error messages during the collect phase of 9243 SMTP; there is an MVS mailer from UCLA that gets 9244 confused by this. Of course, I think it's their bug.... 9245 Check for the $j macro getting undefined, losing a dot, or getting 9246 lost from $=w in the daemon before accepting a connection; 9247 if it is, it dumps state, prints a LOG_ALERT message, 9248 and drops core for debugging. This is an attempt to 9249 track down a bug that I thought was long since gone. 9250 If you see this, please forward the log fragment to 9251 sendmail@sendmail.ORG. 9252 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off 9253 with -DOLD_NEWDB=0 on the command line. From Christophe 9254 Wolfhugel. 9255 Instead of trying to truncate the listen queue for the server 9256 SMTP port when the load average is too high, just close 9257 the port completely and reopen it later as needed. 9258 This ensures that the other end gets a quick "connection 9259 refused" response, and that the connection can be 9260 recovered later. In particular, some socket emulations 9261 seem to get confused if you tweak the listen queue 9262 size around and can never start listening to connections 9263 again. The down side is that someone could start up 9264 another daemon process in the interim, so you could 9265 have multiple daemons all not listening to connections; 9266 this could in turn cause the sendmail.pid file to be 9267 incorrect. A better approach might be to accept the 9268 connection and give a 421 code, but that could break 9269 other mailers in mysterious ways and have paging behavior 9270 implications. 9271 Fix a glitch in TCP-level debugging that caused flag 16.101 to 9272 set debugging on the wrong socket. From Eric Wassenaar. 9273 When creating a df* temporary file, be sure you truncate any 9274 existing data in the file -- otherwise system crashes 9275 and the like could result in extra data being sent. 9276 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the 9277 doc directory. This includes some additional 9278 information. 9279 CONFIG: change UUCP rules to never add $U! or $k! on the front 9280 of recipient envelope addresses. This should have been 9281 handled by the $&h trick, but broke if people were 9282 mixing domainized and UUCP addresses. They should 9283 probably have converted all the way over to uucp-uudom 9284 instead of uucp-{new,old}, but the failure mode was to 9285 loop the mail, which was bad news. 9286 Portability fixes: 9287 Newer BSDI systems (several people). 9288 Older BSDI systems from Christophe Wolfhugel. 9289 Intergraph CLIX, from Paul Southworth of CICNet. 9290 UnixWare, from Evan Champion. 9291 NetBSD from Adam Glass. 9292 Solaris from Quentin Campbell of the University of 9293 Newcastle upon Tyne. 9294 IRIX from Dean Cookson and Bill Driscoll of Mitre 9295 Corporation. 9296 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. 9297 SunOS (it has setsid() and setvbuf() calls) from 9298 Jonathan Kamens of OpenVision Technologies. 9299 HP-UX from Tor Lillqvist. 9300 New Files: 9301 src/Makefile.CLIX 9302 src/Makefile.NCR3000 9303 doc/changes/Makefile 9304 doc/changes/changes.me 9305 doc/changes/changes.ps 9306 93078.6.8/8.6.6 1994/03/21 9308 SECURITY: it was possible to read any file as root using the 9309 E (error message) option. Reported by Richard Jones; 9310 fixed by Michael Corrigan and Christophe Wolfhugel. 9311 93128.6.7/8.6.6 1994/03/14 9313 SECURITY: it was possible to get root access by using weird 9314 values to the -d flag. Thanks to Alain Durand of 9315 INRIA for forwarding me the notice from the bugtraq 9316 list. 9317 93188.6.6/8.6.6 1994/03/13 9319 SECURITY: the ability to give files away on System V-based 9320 systems proved dangerous -- don't run as the owner 9321 of a :include: file on a system that allows giveaways. 9322 Unfortunately, this also applies to determining a 9323 valid shell. 9324 IMPORTANT: Previous versions weren't expiring old connections 9325 in the connection cache for a long time under some 9326 circumstances. This could result in resource exhaustion, 9327 both at your end and at the other end. This checks the 9328 connections for timeouts much more frequently. From 9329 Doug Anderson of NCSC. 9330 Fix a glitch that snuck in that caused programs to be run as 9331 the sender instead of the recipient if the mail was 9332 from a local user to another local user. From 9333 Motonori Nakamura of Kyoto University. 9334 Fix "wildcard" on /etc/shells matching -- instead of looking 9335 for "*", look for "/SENDMAIL/ANY/SHELL/". From 9336 Bryan Costales of ICSI. 9337 Change the method used to declare the "statfs" availability; 9338 instead of HASSTATFS and/or HASUSTAT with a ton of 9339 tweaking in conf.c, there is a single #define called 9340 SFS_TYPE which takes on one of six values (SFS_NONE 9341 for no statfs availability, SFS_USTAT for the ustat(2) 9342 syscall, SFS_4ARGS for a four argument statfs(2) call, 9343 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument 9344 statfs(2) call with the declarations in <sys/vfs.h>, 9345 <sys/mount.h>, or <sys/statfs.h> respectively). 9346 Fix glitch in NetInfo support that could return garbage if 9347 there was no "/locations/sendmail" property. From 9348 David Meyer of the University of Virginia. 9349 Change HASFLOCK from defined/not-defined to a 0/1 definition 9350 to allow Linux to turn it off even though it is a 9351 BSD-like system. 9352 Allow setting of "ident" timeout to zero to turn off the ident 9353 protocol entirely. 9354 Make 7-bit stripping local to a connection (instead of to a 9355 mailer); this allows you to specify that SMTP is a 9356 7-bit channel, but revert to 8-bit should it advertise 9357 that it supports 8BITMIME. You still have to specify 9358 mailer flag 7 to get this stripping at all. 9359 Improve makesendmail script so it handles more cases automatically. 9360 Tighten up restrictions on taking ownership of :include: files 9361 to avoid problems on systems that allow you to give away 9362 files. 9363 Fix a problem that made it impossible to rebuild the alias 9364 file if it was on a read-only file system. From 9365 Harry Edmon of the University of Washington. 9366 Improve MX randomization function. From John Gardiner Myers 9367 of CMU. 9368 Fix a minor glitch causing a bogus message to be printed (used 9369 %s instead of %d in a printf string for the line number) 9370 when a bad queue file was read. From Harry Edmon. 9371 Allow $s to remain NULL on locally generated mail. I'm not 9372 sure this is necessary, but a lot of people have complained 9373 about it, and there is a legitimate question as to whether 9374 "localhost" is legal as an 822-style domain. 9375 Fix a problem with very short line lengths (mailer L= flag) in 9376 headers. This causes a leading space to be added onto 9377 continuation lines (including in the body!), and also 9378 tries to wrap headers containing addresses (From:, To:, 9379 etc) intelligently at the shorter line lengths. Problem 9380 Reported by Lars-Johan Liman of SUNET Operations Center. 9381 Log the real user name when logging syserrs, since these can have 9382 security implications. Suggested by several people. 9383 Fix address logging of cached connections -- it used to always 9384 log the numeric address as zero. This is a somewhat 9385 bogus implementation in that it does an extra system 9386 call, but it should be an inexpensive one. Fix from 9387 Motonori Nakamura. 9388 Tighten up handling of short syslog buffers even more -- there 9389 were cases where the outgoing relay= name was too long 9390 to share a line with delay= and mailer= logging. 9391 Limit the overhead on split envelopes to one open file descriptor 9392 per envelope -- previously the overhead was three 9393 descriptors. This was in response to a problem reported 9394 by P{r (Pell) Emanuelsson. 9395 Fixes to better handle the case of unexpected connection closes; 9396 this redirects the output to the transcript so the info 9397 is not lost. From Eric Wassenaar. 9398 Fix potential string overrun if you macro evaluate a string that 9399 has a naked $ at the end. Problem noted by James Matheson 9400 <jmrm@eng.cam.ac.uk>. 9401 Make default error number on $#error messages 553 (``Requested 9402 action not taken: mailbox name not allowed'') instead of 9403 501 (``Syntax error in parameters or arguments'') to 9404 avoid bogus "protocol error" messages. 9405 Strip off any existing trailing dot on names during $[ ... $] 9406 lookup. This prevents it from ending up with two dots 9407 on the end of dot terminated names. From Wesley Craig 9408 of the University of Michigan and Bryan Costales of ICSI. 9409 Clean up file class reading so that the debugging information is 9410 more informative. It hadn't been using setclass, so you 9411 didn't see the class items being added. 9412 Avoid core dump if you are running a version of sendmail where 9413 NIS is compiled in, and you specify an NIS map, but 9414 NIS is not running. Fix from John Oleynick of 9415 Rutgers. 9416 Diagnose bizarre case where res_search returns a failure value, 9417 but sets h_errno to a success value. 9418 Make sure that "too many hops" messages are considered important 9419 enough to send an error to the Postmaster (that is, the 9420 address specified in the P option). This fix should 9421 help problems that cause the df file to be left around 9422 sometimes -- unfortunately, I can't seem to reproduce 9423 the problem myself. 9424 Avoid core dump (null pointer reference) on EXPN command; this 9425 only occurred if your log level was set to 10 or higher 9426 and the target account was an alias or had a .forward file. 9427 Problem noted by Janne Himanka. 9428 Avoid "denial of service" attacks by someone who is flooding your 9429 SMTP port with bad commands by shutting the connection 9430 after 25 bad commands are issued. From Kyle Jones of 9431 UUNET. 9432 Fix core dump on error messages with very long "to" buffers; 9433 fmtmsg overflows the message buffer. Fixed by trimming 9434 the to address to 203 characters. Problem reported by 9435 John Oleynick. 9436 Fix configuration for HASFLOCK -- there were some spots where 9437 a #ifndef was incorrectly #ifdef. Pointed out by 9438 George Baltz of the University of Maryland. 9439 Fix a typo in savemail() that could cause the error message To: 9440 lists to be incorrect in some places. From Motonori 9441 Nakamura. 9442 Fix a glitch that can cause duplicate error messages on split 9443 envelopes where an address on one of the lists has a 9444 name server failure. Fix from Voradesh Yenbut of the 9445 University of Washington. 9446 Fix possible bogus pointer reference on ESMTP parameters that 9447 don't have an ``=value'' part. 9448 CNAME loops caused an error message to be generated, but also 9449 re-queued the message. Changed to just re-queue the 9450 message (it's really hard to just bounce it because 9451 of the weird way the name server works in the presence 9452 of CNAME loops). Problem noted by James M.R.Matheson 9453 of Cambridge University. 9454 Avoid giving ``warning: foo owned process doing -bs'' messages 9455 if they use ``MAIL FROM:<foo>'' where foo is their true 9456 user name. Suggested by Andreas Stolcke of ICSI. 9457 Change the NAMED_BIND compile flag to be a 0/1 flag so you can 9458 override it easily in the Makefile -- that is, you can 9459 turn it off using -DNAMED_BIND=0. 9460 If a gethostbyname(...) of an address with a trailing dot fails, 9461 try it without the trailing dot. This is because if 9462 you have a version of gethostbyname() that falls back 9463 to NIS or the /etc/hosts file it will fail to find 9464 perfectly reasonable names that just don't happen to 9465 be dot terminated in the hosts file. You don't want to 9466 strip the dot first though because we're trying to ensure 9467 that country names that match one of your subdomains get 9468 a chance. 9469 PRALIASES: fix bogus output on non-null-terminated strings. 9470 From Bill Gianopoulos of Raytheon. 9471 CONFIG: Avoid rewriting anything that matches $w to be $j. 9472 This was in code intended to only catch the self-literal 9473 address (that is, [1.2.3.4], where 1.2.3.4 is your 9474 IP address), but the code was broken. However, it will 9475 still do this if $M is defined; this is necessary to 9476 get client configurations to work (sigh). Note that this 9477 means that $M overrides :mailname entries in the user 9478 database! Problem noted by Paul Southworth. 9479 CONFIG: Fix definition of Solaris help file location. From 9480 Steve Cliffe <steve@gorgon.cs.uow.edu.au>. 9481 CONFIG: Fix bug that broke news.group.USENET mappings. 9482 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, 9483 and USENET_MAILER_MAX to tweak the maximum message 9484 size for various mailers. 9485 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] 9486 instead of assuming that it is "inews" for consistency 9487 with other mailers. From Michael Corrigan of UC San Diego. 9488 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, 9489 qualify the address in the SMTP envelope as user@{relay|hub} 9490 instead of user@$j. From Bill Wisner of The Well. 9491 CONFIG: Fix route-addr syntax in nullrelay configuration set. 9492 CONFIG: Don't turn off case mapping of user names in the local 9493 mailer for IRIX. This was different than most every other 9494 system. 9495 CONFIG: Avoid infinite loops on certainly list:; syntaxes in 9496 envelope. Noted by Thierry Besancon 9497 <besancon@excalibur.ens.fr>. 9498 CONFIG: Don't include -z by default on uux line -- most systems 9499 don't want it set by default. Pointed out by Philippe 9500 Michel of Thomson CSF. 9501 CONFIG: Fix some bugs with mailertables -- for example, if your 9502 host name was foo.bar.ray.com and you matched against 9503 ".ray.com", the old implementation bound %1 to "bar" 9504 instead of "foo.bar". Also, allow "." in the mailertable 9505 to match anything -- essentially, take over SMART_HOST. 9506 This also moves matching of explicit local host names 9507 before the mailertable so they don't have to be special 9508 cased in the mailertable data. Reported by Bill 9509 Gianopoulos of Raytheon; the fix for the %1 binding 9510 problem was contributed by Nicholas Comanos of the 9511 University of Sydney. 9512 CONFIG: Don't include "root" in class $=L (users to deliver 9513 locally, even if a hub or relay exists) by default. 9514 This is because of the known bug where definition of 9515 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore 9516 both and deliver into the local mailbox. 9517 CONFIG: Move up bitdomain and uudomain handling so that they 9518 are done before .UUCP class matching; uudomain was 9519 reported as ineffective before. This also frees up 9520 diversion 8 for future use. Problem reported by Kimmo 9521 Suominen. 9522 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) 9523 into host names. As pointed out by Jonathan Kamens, 9524 these are often used because either the forward or reverse 9525 mapping is broken; this translation makes it broken again. 9526 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo 9527 Suominen. 9528 Portability fixes: 9529 Unicos from David L. Kensiski of Sterling Software. 9530 DomainOS from Don Lewis of Silicon Systems. 9531 GNU m4 1.0.3 from Karst Koymans of Utrecht University. 9532 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. 9533 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. 9534 BSD/386 from Tony Sanders of BSDI. 9535 Apollo from Eric Wassenaar. 9536 DGUX from Doug Anderson. 9537 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. 9538 NEW FILES: 9539 src/Makefile.DomainOS 9540 src/Makefile.PTX 9541 src/Makefile.SunOS.5.1 9542 src/Makefile.SunOS.5.2 9543 src/Makefile.SunOS.5.x 9544 src/mailq.1 9545 cf/ostype/domainos.m4 9546 doc/op/Makefile 9547 doc/intro/Makefile 9548 doc/usenix/Makefile 9549 95508.6.5/8.6.5 1994/01/13 9551 Security fix: /.forward could be owned by anyone (the test 9552 to allow root to own any file was backwards). From 9553 Bob Campbell at U.C. Berkeley. 9554 Security fix: group ids were not completely set when programs 9555 were invoked. This caused programs to have group 9556 permissions they should not have had (usually group 9557 daemon instead of their own group). In particular, 9558 Perl scripts would refuse to run. 9559 Security: check to make sure files that are written are not 9560 symbolic links (at least under some circumstances). 9561 Although this does not respond to a specific known 9562 attack, it's just a good idea. Suggested by 9563 Christian Wettergren. 9564 Security fix: if a user had an NFS mounted home directory on 9565 a system with a restricted shell listed in their 9566 /etc/passwd entry, they could still execute any 9567 program by putting that in their .forward file. 9568 This fix prevents that by insisting that their shell 9569 appear in /etc/shells before allowing a .forward to 9570 execute a program or write a file. You can disable 9571 this by putting "*" in /etc/shells. It also won't 9572 permit world-writable :include: files to reference 9573 programs or files (there's no way to disable this). 9574 These behaviors are only one level deep -- for 9575 example, it is legal for a world-writable :include: 9576 file to reference an alias that writes a file, on 9577 the assumption that the alias file is well controlled. 9578 Security fix: root was not treated suspiciously enough when 9579 looking into subdirectories. This would potentially 9580 allow a cracker to examine files that were publicly 9581 readable but in a non-publicly searchable directory. 9582 Fix a problem that causes an error on QUIT on a cached 9583 connection to create problems on the current job. 9584 These are typically unrelated, so errors occur in 9585 the wrong place. 9586 Reset CurrentLA in sendall() -- this makes sendmail queue 9587 runs more responsive to load average, and fixes a 9588 problem that ignored the load average in locally 9589 generated mail. From Eric Wassenaar. 9590 Fix possible core dump on aliases with null LHS. From 9591 John Orthoefer of BB&N. 9592 Revert to using flock() whenever possible -- there are just 9593 too many bugs in fcntl() locking, particularly over 9594 NFS, that cause sendmail to fail in perverse ways. 9595 Fix a bug that causes the connection cache to get confused 9596 when sending error messages. This resulted in 9597 "unexpected close" messages. It should fix itself 9598 on the following queue run. Problem noted by 9599 Liudvikas Bukys of the University of Rochester. 9600 Include $k in $=k as documented in the Install & Op Guide. 9601 This seems odd, but it was documented.... From 9602 Michael Corrigan of UCSD. 9603 Fix problem that caused :include:s from alias files to be 9604 forced to be owned by root instead of daemon 9605 (actually DefUid). From Tim Irvin. 9606 Diagnose unrecognized I option values -- from Mortin Forssen 9607 of the Chalmers University of Technology. 9608 Make "error" mailer work consistently when there is no error 9609 code associated with it -- previously it returned OK 9610 even though there was a real problem. Now it assumes 9611 EX_UNAVAILABLE. 9612 Fix bug that caused the last header line of messages that had 9613 no body and which were terminated with EOF instead of 9614 "." to be discarded. Problem noted by Liudvikas Bukys. 9615 Fix core dump on SMTP mail to programs that failed -- it tried 9616 to go to a "next MX host" when none existed, causing 9617 a core dump. From der Mouse at McGill University. 9618 Change IDENTPROTO from a defined/not defined to a 0/1 switch; 9619 this makes it easier to turn it off (using 9620 -DIDENTPROTO=0 in the Makefile). From der Mouse. 9621 Fix YP_MASTER_NAME store to use the unupdated result of 9622 gethostname() (instead of myhostname(), which tries 9623 to fully qualify the name) to be consistent with 9624 SunOS. If your hostname is unqualified, this fixes 9625 transfers to slave servers. Bug noted by Keith 9626 McMillan of Ameritech Services, Inc. 9627 Fix Ultrix problem: gethostbyname() can return a very large 9628 (> 500) h_length field, which causes the sockaddr 9629 to be trashed. Use the size of the sockaddr instead. 9630 Fix from Bob Manson of Ohio State. 9631 Don't assume "-a." on host lookups if NAMED_BIND is not 9632 defined -- this confuses gethostbyname on hosts 9633 file lookups, which doesn't understand the trailing 9634 dot convention. 9635 Log SMTP server subprocesses that die with a signal instead 9636 of from a clean exit. 9637 If you don't have option "I" set, don't assume that a DNS 9638 "host unknown" message is authoritative -- it 9639 might still be found in /etc/hosts. 9640 Fix a problem that would cause Deferred: messages to be sent 9641 as the subject of an error message, even though the 9642 actual cause of a message was more severe than that. 9643 Problem noted by Chris Seabrook of OSSI. 9644 Fix race condition in DBM alias file locking. From Kyle 9645 Jones of UUNET. 9646 Limit delivery syslog line length to avoid bugs in some 9647 versions of syslog(3). This adds a new compile time 9648 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton 9649 University, which is in turn derived from IDA. 9650 Fix quotes inside of comments in addresses -- previously 9651 it insisted that they be balanced, but the 822 spec 9652 says that they should be ignored. 9653 Dump open file state to syslog upon receiving SIGUSR1 (for 9654 debugging). This also evaluates ruleset 89, if set 9655 (with the null input), and logs the result. This 9656 should be used sparingly, since the rewrite process 9657 is not reentrant. 9658 Change -qI, -qR, and -qS flags to be case-insensitive as 9659 documented in the Bat Book. 9660 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not 9661 return an error message and did not requeue the message. 9662 Fix based on code from Roland Dirlewanger of 9663 Reseau Regional Aquarel, Bordeaux, France. 9664 Fix a problem that caused a seg fault if you got a 421 error 9665 code during some parts of connection initialization. 9666 I've only seen this when talking to buggy mailers on 9667 the other end, but it shouldn't give a seg fault in 9668 any case. From Amir Plivatsky. 9669 Fix core dump caused by a ruleset call that returns null. 9670 Fix from Bryan Costales of ICSI. 9671 Full-Name: field was being ignored. Fix from Motonori Nakamura 9672 of Kyoto University. 9673 Fix a possible problem with very long input lines in setproctitle. 9674 From P{r Emanuelsson. 9675 Avoid putting "This is a warning message" out on return receipts. 9676 Suggested by Douglas Anderson. 9677 Detect loops caused by recursive ruleset calls. Suggested by 9678 Bryan Costales. 9679 Initialize non-alias maps during alias rebuilds -- they may be 9680 needed for parsing. Problem noted by Douglas Anderson. 9681 Log sender address even if no message was collected in SMTP 9682 (e.g., if all RCPTs failed). Suggested by Motonori 9683 Nakamura. 9684 Don't reflect the owner-list contents into the envelope sender 9685 address if the value contains ", :, /, or | (to avoid 9686 illegal addresses appearing there). 9687 Efficiency hack for toktype macro -- from Craig Partridge of 9688 BB&N. 9689 Clean up DNS error printing so that a host name is always 9690 included. 9691 Remember to set $i during queue runs. Reported by Stephen 9692 Campbell of Dartmouth University. 9693 If the environment variable HOSTALIASES is set, use it during 9694 canonification as the name of a file with per-user host 9695 translations so that headers are properly mapped. Reported 9696 by Anne Bennett of Concordia University. 9697 Avoid printing misleading error message if SMTP mailer (not 9698 using [IPC]) should die on a core dump. 9699 Avoid incorrect diagnosis of "file 1 closed" when it is caused 9700 by the other end closing the connection. From 9701 Dave Morrison of Oracle. 9702 Improve several of the error messages printed by "mailq" 9703 to include a host name or other useful information. 9704 Add NetInfo preliminary support for NeXT systems. From Vince 9705 DeMarco. 9706 Fix a glitch that sometimes caused :include:s that pointed to 9707 NFS filesystems that were down to give an "aliasing/ 9708 forwarding loop broken" message instead of queueing 9709 the message for retry. Noted by William C Fenner of 9710 the NRL Connection Machine Facility. 9711 Fix a problem that could cause a core dump if the input sequence 9712 had (or somehow acquired) a \231 character. 9713 Make sure that route-addrs always have <angle brackets> around 9714 them in non-SMTP envelopes (SMTP envelopes already do 9715 this properly). 9716 Avoid weird headers on unbalanced punctuation of the form: 9717 ``Joe User <user)'' -- this caused reference to the 9718 null macro. Fix from Rick McCarty of IO.COM. 9719 Fix a problem that caused an alias "user: user@local.host" to 9720 not have the QNOTREMOTE bit set; this caused configs 9721 to act as if FEATURE(notsticky) was defined even when 9722 it was not. The effect of the problem was to make it 9723 very hard to to set up satellite sites that had a few 9724 local accounts, with everything else forwarded to a 9725 corporate hub. Reported by Detlef Drewanz of the 9726 University of Rostock and Mark Frost of NCD. 9727 Change queuing to not call rulesets 3, {1 or 2}, 4 on header 9728 addresses. This is more efficient (fewer name server 9729 calls) and fixes certain unusual configurations, such 9730 as those that have ruleset 4 do something that is 9731 non-idempotent unless a mailer-specific ruleset did 9732 something else. Problem reported by Brian J. Coan 9733 of the Institute for Global Communications. 9734 Fix the "obsolete argument" routine in main to better understand 9735 new arguments. For example, if you used ``sendmail 9736 -C config -v -q'' it would choke on the -q because 9737 the -C would stop looking for old-format arguments. 9738 Fix the code that was intended to allow two users to forward their 9739 mail to the same program and have them appear unique. 9740 Portability fixes for: 9741 SCO UNIX from Murray Kucherawy. 9742 SCO Open Server 3.2v4 from Philippe Brand. 9743 System V Release 4 from Rick Ellis and others. 9744 OSF/1 from Steve Campbell. 9745 DG/UX from Ben Mesander of the USGS and Bryan Curnutt 9746 of Stoner Associates. 9747 Motorola SysV88 from Kevin Johnson of Motorola. 9748 Solaris 2.3 from Casper H.S. Dik of the University 9749 of Amsterdam and John Caruso of University 9750 of Maryland. 9751 FreeBSD from Ollivier Robert. 9752 NetBSD from Adam Glass. 9753 TitanOS from Kate Hedstrom of Rutgers University. 9754 Irix from Bryan Curnutt. 9755 Dynix from Jim Davis of the University of Arizona. 9756 RISC/os. 9757 Linux from John Kennedy of California State University 9758 at Chico. 9759 Solaris 2.x from Tony Boner of the U.S. Air Force. 9760 NEXTSTEP 3.x from Vince DeMarco. 9761 HP-UX from various people. NOTA BENE: the location 9762 of the config file has moved to /usr/lib 9763 to match the HP-UX version of sendmail. 9764 CONFIG: Don't do any recipient rewriting on relay mailer; 9765 since this is intended only for internal use, the 9766 usual RFC 821/822/1123 rules can be relaxed. The 9767 main point of this is to avoid munging (ugh) UUCP 9768 addresses when relaying internally. 9769 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; 9770 syntax addresses delivered via UUCP. Solution 9771 provided by Peter Wemm. 9772 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset 9773 zero; it caused double @ signs in addresses. From 9774 Irving Reid of the University of Toronto. 9775 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 9776 from Markku Toijala of ICL Personal Systems Oy. 9777 CONFIG: Add trailing "." on pseudo-domains for consistency; 9778 this fixes a problem (noted by Al Whaley of Sunnyside) 9779 that made it hard to recognize your own pseudodomain 9780 names. 9781 CONFIG: catch "@host" syntax errors (i.e., null local-parts) 9782 rather than letting them get "local configuration 9783 error"s. Problem noted by John Gardiner Myers. 9784 CONFIG: add uucp-uudom mailer variant, based on code posted 9785 by Spider Boardman <spider@Orb.Nashua.NH.US>; this 9786 has uucp-dom semantics but old UUCP syntax. This 9787 also permits "uucp-old" as an alias for "uucp" and 9788 "uucp-new" as a synonym for "suucp" for consistency. 9789 CONFIG: add POP mailer support (from Kimmo Suominen 9790 <kim@grendel.lut.fi>). 9791 CONFIG: drop CSNET_RELAY support -- CSNET is long gone. 9792 CONFIG: fix bug caused with domain literal addresses (e.g., 9793 ``[128.32.131.12]'') when FEATURE(allmasquerade) 9794 was set; it would get an additional @masquerade.host 9795 added to the address. Problem noted by Peter Wan 9796 of Georgia Tech. 9797 CONFIG: make sure that the local UUCP name is in $=w. From 9798 Jim Murray of Stratus. 9799 CONFIG: changes to UUCP rewriting to simulate IDA-style "V" 9800 mailer flag. Briefly, if you are sending to host 9801 "foo", then it rewrites "foo!...!baz" to "...!baz", 9802 "foo!baz" remains "foo!baz", and anything else has 9803 the local name prepended. 9804 CONFIG: portability fixes for HP-UX. 9805 DOC: several minor problems fixed in the Install & Op Guide. 9806 MAKEMAP: fix core dump problem on lines that are too long or 9807 which lack newline. From Mark Delany. 9808 MAILSTATS: print sums of columns (total messages & kbytes 9809 in and out of the system). From Tom Ferrin of UC 9810 San Francisco Computer Graphics Lab. 9811 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: 9812 On HP-UX, /etc/sendmail.cf has been moved to 9813 /usr/lib/sendmail.cf to match HP sendmail. 9814 Permissions have been tightened up on world-writable 9815 :include: files and accounts that have shells 9816 that are not listed in /etc/shells. This may 9817 cause some .forward files that have worked 9818 before to start failing. 9819 SIGUSR1 dumps some state to the log. 9820 NEW FILES: 9821 src/Makefile.DGUX 9822 src/Makefile.Dynix 9823 src/Makefile.FreeBSD 9824 src/Makefile.Mach386 9825 src/Makefile.NetBSD 9826 src/Makefile.RISCos 9827 src/Makefile.SCO 9828 src/Makefile.SVR4 9829 src/Makefile.Titan 9830 cf/mailer/pop.m4 9831 cf/ostype/bsdi1.0.m4 9832 cf/ostype/dgux.m4 9833 cf/ostype/dynix3.2.m4 9834 cf/ostype/sco3.2.m4 9835 makemap/Makefile.dist 9836 praliases/Makefile.dist 9837 98388.6.4/8.6.4 1993/10/31 9839 Repair core-dump problem (write to read-only memory segment) 9840 if you fall back to the return-to-Postmaster case in 9841 savemail. Problem reported by Richard Liu. 9842 Immediately diagnose bogus sender addresses in SMTP. This 9843 makes quite certain that crackers can't use this 9844 class of attack. 9845 Reliability Fix: check return value from fclose() and fsync() 9846 in a few critical places. 9847 Minor problem in initsys() that reversed a condition for 9848 redirecting the output channel on queue runs. It's 9849 not clear this code even does anything. From Eric 9850 Wassenaar of the Dutch National Institute for Nuclear 9851 and High-Energy Physics. 9852 Fix some problems that caused queue runs to do "too much work", 9853 such as double-reading the Errors-To: header. From 9854 Eric Wassenaar. 9855 Error messages on writing the temporary file (including the 9856 data file) were getting suppressed in SMTP -- this 9857 fix causes them to be properly reported. From Eric 9858 Wassenaar. 9859 Some changes to support AF_UNIX sockets -- this will only 9860 really become relevant in the next release, but some 9861 people need it for local patches. From Michael 9862 Corrigan of UC San Diego. 9863 Use dynamically allocated memory (instead of static buffers) 9864 for macros defined in initsys() and settime(); since 9865 these can have different values depending on which 9866 envelope they are in. From Eric Wassenaar. 9867 Improve logging to show ctladdr on to= logging; this tells you 9868 what uid/gid processes ran as. 9869 Fix a problem that caused error messages to be discarded if 9870 the sender address was unparseable for some reason; 9871 this was supposed to fall back to the "return to 9872 postmaster" case. 9873 Improve aliaswait backoff algorithm. 9874 Portability patches for Linux (8.6.3 required another header 9875 file) (from Karl London) and SCO UNIX. 9876 CONFIG: patch prog mailer to not strip host name off of envelope 9877 addresses (so that it matches local again). From 9878 Christopher Davis. 9879 CONFIG: change uucp-dom mailer so that "<>" translates to $n; 9880 this prevents uux from seeing lines with null names like 9881 ``From Sat Oct 30 14:55:31 1993''. From Motonori 9882 Nakamura of Kyoto University. 9883 CONFIG: handle <list:;> syntax correctly. This isn't legal, but 9884 it shouldn't fail miserably. From Motonori Nakamura. 9885 98868.6.2/8.6.2 1993/10/15 9887 Put a "successful delivery" message in the transcript for 9888 addresses that get return-receipts. 9889 Put a prominent "this is only a warning" message in warning 9890 messages -- some people don't read carefully enough 9891 and end up sending the message several times. 9892 Include reason for temporary failure in the "warning" return 9893 message. Currently, it just says "cannot send for 9894 four hours". 9895 Fix the "Original message received" time generated for 9896 returntosender messages. It was previously listed as 9897 the current time. Bug reported by Eric Hagberg of 9898 Cornell University Medical College. 9899 If there is an error when writing the body of a message, 9900 don't send the trailing dot and wait for a response 9901 in sender SMTP, as this could cause the connection to 9902 hang up under some bizarre circumstances. From Eric 9903 Wassenaar. 9904 Fix some server SMTP synchronization problems caused when 9905 connections fail during message collection. From 9906 Eric Wassenaar. 9907 Fix a problem that can cause srvrsmtp to reject mail if the 9908 name server is down -- it accepts the RCPT but rejects 9909 the DATA command. Problem reported by Jim Murray of 9910 Stratus. 9911 Fix a problem that can cause core dumps if the config file 9912 incorrectly resolves to a null hostname. Reported by 9913 Allan Johannesen of WPI. 9914 Non-root use of -C flag, dangerous -f flags, and use of -oQ 9915 by non-root users were not put into 9916 X-Authentication-Warning:s as intended because the 9917 config file hadn't set the PrivacyOptions yet. Fix 9918 from Sven-Ove Westberg of the University of Lulea. 9919 Under very odd circumstances, the alias file rebuild code 9920 could get confused as to whether a database was 9921 open or not. 9922 Check "vendor code" on the end of V lines -- this is 9923 intended to provide a hook for vendor-specific 9924 configuration syntax. (This is a "new feature", 9925 but I've made an exception to my rule in a belief 9926 that this is a highly exceptional case.) 9927 Portability fixes for DG/UX (from Douglas Anderson of NCSC), 9928 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 9929 (from Jon Forrest of UC Berkeley) 9930 CONFIG: fix ``mailer:host'' form of UUCP relay naming. 9931 99328.6.1/8.6 1993/10/08 9933 Portability fixes for A/UX and Encore UMAX V. 9934 Fix error message handling -- if you had a name server down 9935 causing an error during parsing, that message was never 9936 propagated to the queue file. 9937 99388.6/8.6 1993/10/05 9939 Configuration cleanup: make it easier to undo IDENTPROTO in 9940 conf.h (other systems have the same bug). 9941 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume 9942 getdtablesize() instead of sysconf(); a disturbingly 9943 large number of systems defined _SC_OPEN_MAX in the 9944 header files but don't have the syscall. 9945 Another patch to really truly ignore MX records in getcanonname 9946 if trymx == FALSE. 9947 Fix problem that caused the "250 IAA25499 Message accepted for 9948 delivery" message to be omitted if there was an error 9949 in the header of the message (e.g., a bad Errors-To: 9950 line). Pointed out by Michael Corrigan of UCSD. 9951 Announce name of host we are chatting when we get errors; this 9952 is an IDA-ism suggested by Christophe Wolfhugel. 9953 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the 9954 Australian Artificial Intelligence Institute), SCO Unix 9955 (from Murray Kucherawy of Hookup Communication Corp.), 9956 NeXT (from Vince DeMarco and myself), Linux (from 9957 Karl London <karl@borg.demon.co.uk>), BSDI (from 9958 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo 9959 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. 9960 Some changes to get around gcc optimizer bugs. From Takahiro 9961 Kanbe. 9962 Fix error recovery in queueup if another tf file of the same 9963 name already exists. Problem stumbled over by Bill 9964 Wisner of The Well. 9965 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. 9966 Problem noted by Keith McMillan of Ameritech Services. 9967 Deal with group permissions properly when opening .forward and 9968 :include: files. This relaxes the 8.1C restrictions 9969 slightly more. This includes proper setting of groups 9970 when reading :include: files, allowing you to read some 9971 files that you should be able to read but have previously 9972 been denied unless you owned them or they had "other" 9973 read permission. 9974 Make certain that $j is in $=w (after the .cf is read) so that 9975 if the user is forced to override some silly system, 9976 MX suppression will still work. 9977 Fix a couple of efficiency problems where newstr was double- 9978 calling expensive routines. In at least one case, it 9979 wasn't guaranteed that they would always return the 9980 same result. Problem noted by Christophe Wolfhugel. 9981 Fix null pointer dereference in putoutmsg -- only on an error 9982 condition from a non-SMTP mailer. From Motonori 9983 Nakamura. 9984 Macro expand "C" line class definitions before scanning so that 9985 "CX $Z" works. 9986 Fix problem that caused error message to be sent while still 9987 trying to send the original message if the connection 9988 is closed during a DATA command after getting an error 9989 on an RCPT command (pretty obscure). Problem reported 9990 by John Myers of CMU. 9991 Fix reply to NOOP to be 250 instead of 200 -- this is a long 9992 term bug. 9993 Fix a nasty bug causing core dumps when returning the "warning: 9994 cannot deliver for N hours -- will keep trying" message; 9995 it only occurred if you had PostmasterCopy set and 9996 only on some architectures. Although sendmail would 9997 keep trying, it would send error messages on each 9998 queue interval. This is an important fix. 9999 Allow u and g options to take user and group names respectively. 10000 Don't do a chdir into the queue directory in -bt mode to make 10001 ruleset testing a bit easier. 10002 Don't allow users to turn off logging (using -oL) on the command 10003 line -- command line can only raise, not lower, logging 10004 level. 10005 Set $u to the original recipient on the SMTP transaction or on 10006 the command line. This is only done if there is exactly 10007 one recipient. Technically, this does not meet the 10008 specs, because it does not guarantee a domain on the 10009 address. 10010 Fix a problem that dumped error messages on bad addresses if 10011 you used the -t flag. Problem noted by Josh Smith of 10012 Harvey Mudd College. 10013 Given an address such as ``<foo> <bar>'', auto-quote the first 10014 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to 10015 avoid the problem of people who use angle brackets in 10016 their full name information. 10017 Fix a null pointer dereference if you set option "l", have 10018 an Errors-To: header in the message, and have Errors-To: 10019 defined in the config file H lines. From J.R. Oldroyd. 10020 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get 10021 wrong when compiling. Suggested by Rick McCarty of TI. 10022 Fix a problem that could pass negative SIZE parameter if the 10023 df file got lost; this would cause servers to always 10024 give a temporary failure, making the problem even worse. 10025 Problem noted by Allan Johannesen of WPI. 10026 Add "ident" timeout (one of the "r" option selectors) for IDENT 10027 protocol timeouts (30s default). Requested by Murray 10028 Kucherawy of HookUp Communication Corp. to handle bogus 10029 PC TCP/IP implementations. 10030 Change $w default definition to be just the first component of 10031 the domain name on config level 5. The $j macro defaults 10032 to the FQDN; $m remains as before. This lets well-behaved 10033 config files use any of the short, long, or subdomain 10034 names. 10035 Add makesendmail script in src to try to automate multi-architecture 10036 builds. I know, this is sub-optimal, but it is still 10037 helpful. 10038 Fix very obscure race condition that can cause a queue run to 10039 get a queue file for an already completed job. This 10040 problem has existed for years. Problem noted by the 10041 long suffering Allan Johannesen of WPI. 10042 Fix a problem that caused the raw sender name to be passed to 10043 udbsender instead of the canonified name -- this caused 10044 it to sometimes miss records that it should have found. 10045 Relax check of name on HELO packet so that a program using -bs 10046 that claims to be itself works properly. 10047 Restore rewriting of $: part of address through 2, R, 4 in 10048 buildaddr -- this requires passing a lot of flags to get 10049 it right. Unlike old versions, this ONLY rewrites 10050 recipient addresses, not sender addresses. 10051 Fix a bug that caused core dumps in config files that cannot 10052 resolve /file/name style addresses. Fix from Jonathan 10053 Kamens of OpenVision Technologies. 10054 Fix problem with fcntl locking that can cause error returns to 10055 be lost if the lock is lost; this required fully 10056 queueing everything, dropping the envelope (so errors 10057 would get returned), and then re-reading the queue from 10058 scratch. 10059 Fix a problem that caused aliases that redefine an otherwise 10060 true address to still send to the original address 10061 if and only if the alias failed in certain bizarre 10062 ways (e.g, if they pointed at a list:; syntax address). 10063 Problem pointed out by Jonathan Kamens. 10064 Remove support for frozen configuration files. They caused 10065 more trouble than it was worth. 10066 Fix problem that can cause error messages to get ignored when 10067 using both -odb and -t flags. Problem noted by Rob 10068 McNicholas at U.C. Berkeley. 10069 Include all "normal" variations on hostname in $=w. For example, 10070 if the host name is vangogh.cs.berkeley.edu, $=w will 10071 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. 10072 Add "restrictqrun" privacy flag -- without this, anyone can run 10073 the queue. 10074 Reset SmtpPhase global on initial connection creation so that 10075 messages don't come out with stale information. 10076 Pass an "ext" argument to lockfile so that error/log messages 10077 will properly reflect the true filename being locked. 10078 Put all [...] address forms into $=w -- this eliminates the need 10079 for MAXIPADDR in conf.h. Suggested by John Gardiner 10080 Myers of CMU. 10081 Fix a bug that can cause qf files to be left around even after 10082 an SMTP RSET command. Problem and fix from Michael 10083 Corrigan. 10084 Don't send a PostmasterCopy to errors when the Precedence: is 10085 negative. Error reports still go to the envelope 10086 sender address. 10087 Add LA_SHORT for load averages. 10088 Lock sendmail.st file when posting statistics. 10089 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to 10090 set the size of the TCP send and receive buffers; if you 10091 run over a slow slip line you may need to set these down 10092 (although it would be better to fix the SLIP implementation 10093 so that it's not necessary to recompile every program 10094 that does bulk data transfer). 10095 Allow null defaults on $( ... $) lookups. Problem reported by 10096 Amir Plivatsky. 10097 Diagnose crufty S and V config lines. This resulted from an 10098 observation that some people were using the SITE macro 10099 without the SITECONFIG macro first, which was causing 10100 bogus config files that were not caught. 10101 Fix makemap -f flag to turn off case folding (it was turning it 10102 on instead). THIS IS A USER VISIBLE CHANGE!!! 10103 Fix a problem that caused multiple error messages to be sent if 10104 you used "sendmail -t -oem -odb", your system uses fcntl 10105 locking, and one of the recipient addresses is unknown. 10106 Reset uid earlier in include() so that recursive .forwards or 10107 :include:s don't use the wrong uid. 10108 If file descriptor 0, 1, or 2 was closed when sendmail was 10109 called, the code to recover the descriptor was broken. 10110 This sometimes (only sometimes) caused problems with the 10111 alias file. Fix from Motonori Nakamura. 10112 Fix a problem that caused aliaswait to go into infinite recursion 10113 if the @:@ metasymbol wasn't found in the alias file. 10114 Improve error message on newaliases if database files cannot be 10115 opened or if running with no database format defined. 10116 Do a better estimation of the size of error messages when NoReturn 10117 is set. Problem noted by P{r (Pell) Emanuelsson. 10118 Fix a problem causing the "c" option (don't connect to expensive 10119 mailers) to be ignored in SMTP. Problem noted and the 10120 solution suggested by Robert Elz of The University of 10121 Melbourne. 10122 Improve connection caching algorithm by passing "[host]" to 10123 hostsignature, which strips the square brackets and 10124 returns the real name. This allows mailertable entries 10125 to match regular entries. 10126 Re-enable Return-Receipt-To: -- people seem to want this stupid 10127 feature, even if it doesn't work right. 10128 Catch and log attempts to try the "wiz" command in server SMTP. 10129 This also ups the log level from LOG_NOTICE to LOG_CRIT. 10130 Be more generous at assigning $z to the home directory -- do this 10131 for programs that are specified through a .forward file. 10132 Fix from Andrew Chang of Sun Microsystems. 10133 Always save a fatal error message in preference to a non-fatal 10134 error message so that the "subject" line of return 10135 messages is the best possible. 10136 CONFIG: reduce the number of quotes needed to quote configuration 10137 parameters with commas: two quotes should work now, e.g., 10138 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). 10139 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom 10140 connections (domain-ized UUCP). 10141 CONFIG: fix bug in default maps (-o must be before database file 10142 name). Pointed out by Christophe Wolfhugel. 10143 CONFIG: add FEATURE(nodns) to state that we are not relying on 10144 DNS. This would presumably be used in UUCP islands. 10145 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). 10146 CONFIG: log $u in Received: line. This is in technical violation 10147 of the standards, since it doesn't guarantee a domain 10148 on the address. 10149 CONFIG: don't assume "m" in local mailer flags -- this means that 10150 if you redefine LOCAL_MAILER_FLAGS you will have to include 10151 the "m" flag should you want it. Apparently some Solaris 2.2 10152 installations can't handle multiple local recipients. 10153 Problem noted by Josh Smith. 10154 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). 10155 CONFIG: change default version level from 4 to 5. 10156 CONFIG: add FEATURE(nullclient) to create a config file that 10157 forwards all mail to a hub without ever looking at the 10158 addresses in any detail. 10159 CONFIG: properly strip mailer: information off of relays when 10160 used to change .BITNET form into %-hack form. 10161 CONFIG: fix a problem that caused infinite loops if presented 10162 with an address such as "!foo". 10163 CONFIG: check for self literal (e.g., [128.32.131.12]) even if 10164 the reverse "PTR" mapping is broken. There's a better 10165 way to do this, but the change is fairly major and I 10166 want to hold it for another release. Problem noted by 10167 Bret Marquis. 10168 101698.5/8.5 1993/07/23 10170 Serious bug: if you used a command line recipient that was unknown 10171 sendmail would not send a return message (it was treating 10172 everything as though it had an SMTP-style client that 10173 would do the return itself). Problem noted by Josh Smith. 10174 Change "trymx" option in getcanonname() to ignore all MX data, 10175 even during a T_ANY query. This actually didn't break 10176 anything, because the only time you called getcanonname 10177 with !trymx was if you already knew there were no MX 10178 records, but it is somewhat cleaner. From Motonori 10179 Nakamura. 10180 Don't call getcanonname from getmxrr if you already know there 10181 are no DNS records matching the name. 10182 Fix a problem causing error messages to always include "The 10183 original message was received ... from localhost". 10184 The correct original host information is now included. 10185 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their 10186 version of "test" doesn't have the -x flag). Change it 10187 to use -f instead. From John Myers. 10188 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to 10189 esmtp -- it should be smtp. 10190 CONFIG: send all relayed mail using confRELAY_MAILER (defaults 10191 to "relay" (a variant of "smtp") if MAILER(smtp) is used, 10192 else "suucp" if MAILER(uucp) is used, else "unknown"); 10193 this cleans up the configs somewhat. This fixes a serious 10194 problem that caused route-addrs to get mistaken as relays, 10195 pointed out by John Myers. WARNING: this also causes 10196 the default on SMART_HOST to change from "suucp" to 10197 "relay" if you have MAILER(smtp) specified. 10198 101998.4/8.4 1993/07/22 10200 Add option `w'. If you receive a message that comes to you because 10201 you are the best (lowest preference) target of an MX, and 10202 you haven't explicitly recognized the source MX host in 10203 your .cf file, this option will cause you to try the target 10204 host directly (as if there were no MX for it at all). If 10205 `w' is not set, this case is a configuration error. 10206 Beware: if `w' is set, senders may get bogus errors like 10207 "message timed out" or "host unknown" for problems that 10208 are really configuration errors. This option is 10209 disrecommended, provided only for compatibility with 10210 UIUC sendmail. 10211 Fix a problem that caused the incoming socket to be left open 10212 when sendmail forks after the DATA command. This caused 10213 calling systems to wait in FIN_WAIT_2 state until the 10214 entire list was processed and the child closed -- a 10215 potentially prodigious amount of time. Problem noted 10216 by Neil Rickert. 10217 Fix problem (created in 6.64) that caused mail sent to multiple 10218 addresses, one of which was a bad address, to completely 10219 suppress the sending of the message. This changes 10220 handling of EF_FATALERRS somewhat, and adds an 10221 EF_GLOBALERRS flag. This also fixes a potential problem 10222 with duplicate error messages if there is a syntax error 10223 in the header of a message that isn't noticed until late 10224 in processing. Original problem pointed out by Josh Smith 10225 of Harvey Mudd College. This release includes quite a bit 10226 of dickering with error handling (see below). 10227 Back out SMTP transaction if MAIL gets nested 501 error. This 10228 will only hurt already-broken software and should help 10229 humans. 10230 Fix a problem that broke aliases when neither NDBM nor NEWDB were 10231 compiled in. It would never read the alias file. 10232 Repair unbalanced `)' and `>' (the "open" versions are already 10233 repaired). 10234 Logging of "done" in dropenvelope() was incorrect: it would 10235 log this even when the queue file still existed. Change 10236 this to only log "done" (at log level 11) when the 10237 queue file is actually removed. From John Myers. 10238 Log "lost connection" in server SMTP at log level 20 if there 10239 is no pending transaction. Some senders just close the 10240 connection rather than sending QUIT. 10241 Fix a bug causing getmxrr to add a dot to the end of unqualified 10242 domains that do not have MX records -- this would cause 10243 the subsequent host name lookup to fail. The problem 10244 only occurred if you had FEATURE(nocanonify) set. 10245 Problem noted by Rick McCarty of Texas Instruments. 10246 Fix invocation of setvbuf when passed a -X flag -- I had 10247 unwittingly used an ANSI C extension, and this caused 10248 core dumps on some machines. 10249 Diagnose self-destructive alias loops on RCPT as well as EXPN. 10250 Previously it just gave an empty send queue, which 10251 then gave either "Need RCPT (recipient)" at the DATA 10252 (confusing, since you had given an RCPT command which 10253 returned 250) or just dropped the email, depending on 10254 whether you were running VERBose mode. Now it usually 10255 diagnoses this case as "aliasing/forwarding loop broken". 10256 Unfortunately, it still doesn't adequately diagnose 10257 some true error conditions. 10258 Add internal concept of "warning messages" using 6xx codes. 10259 These are not reported only to Postmaster. Unbalanced 10260 parens, brackets, and quotes are printed as 653 codes. 10261 They are always mapped to 5xx codes before use in SMTP. 10262 Clean up error messages to tell both the actual address that 10263 failed and the alias they arose from. This makes it 10264 somewhat easier to diagnose problems. Difficulty noted 10265 by Motonori Nakamura. 10266 Fix a problem that inappropriately added a ctladdr to addresses 10267 that shouldn't have had one during a queue run. This 10268 caused error messages to be handled differently during 10269 a queue run than a direct run. 10270 Don't print the qf name and line number if you get errors during 10271 the direct run of the queue from srvrsmtp -- this was 10272 just extra stuff for users to crawl through. 10273 Put command line flags on second line of pid file so you can 10274 auto-restart the daemon with all appropriate arguments. 10275 Use "kill `head -1 /etc/sendmail.pid`" to stop the 10276 daemon, and "eval `tail -1 /etc/sendmail.pid`" to 10277 restart it. 10278 Remove the ``setuid(getuid())'' in main -- this caused the 10279 IDENT daemon to screw up. This required that I change 10280 HASSETEUID to HASSETREUID and complicate the mode 10281 changing somewhat because both Ultrix and SunOS seem 10282 to have a bug causing seteuid() to set the saved uid 10283 as well as the effective. The program test/t_setreuid.c 10284 will test to see if your implementation of setreuid(2) 10285 is appropriately functional. 10286 The FallBackMX (option V) handling failed to properly identify 10287 fallback to yourself -- most of the code was there, 10288 but it wasn't being enabled. Problem noted by Murray 10289 Kucherawy of the University of Waterloo. 10290 Change :include: open timeout from ETIMEDOUT to an internal 10291 code EOPENTIMEOUT; this avoids adding "during SmtpPhase 10292 with CurHostName" in error messages, which can be 10293 confusing. Reported by Jonathan Kamens of OpenVision 10294 Technologies. 10295 Back out setpgrp (setpgid on POSIX systems) call to reset the 10296 process group id. The original fix was to get around 10297 some problems with recalcitrant MUAs, but it breaks 10298 any call from a shell that creates a process group id 10299 different from the process id. I could try to fix 10300 this by diddling the tty owner (using tcsetpgrp or 10301 equivalent) but this is too likely to break other 10302 things. 10303 Portability changes: 10304 Support -M as equivalent to -oM on Ultrix -- apparently 10305 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs 10306 instead of using standard flags. Oh joy. This 10307 behavior reported by Jon Giltner of University 10308 of Colorado. 10309 SGI IRIX -- this includes several changes that should 10310 help other strict ANSI compilers. 10311 SCO Unix -- from Murray Kucherawy of HookUp Communication 10312 Corporation. 10313 Solaris running the Sun C compiler (which despite the 10314 documentation apparently doesn't define 10315 __STDC__ by default). 10316 ConvexOS from Eric Schnoebelen of Convex. 10317 Sony NEWS workstations and Omron LUNA workstations from 10318 Motonori Nakamura. 10319 CONFIG: add confTRY_NULL_MX_LIST to set option `w'. 10320 CONFIG: delete `C' and `e' from default SMTP mailers flags; 10321 several people have made a good argument that this 10322 creates more problems than it solves (although this 10323 may prove painful in the short run). 10324 CONFIG: generalize all the relays to accept a "mailer:host" 10325 format. 10326 CONFIG: move local processing in ruleset 0 into a new ruleset 10327 98 (8 on old sendmail). Domain literal [a.b.c.d] 10328 addresses are also passed through this ruleset. 10329 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, 10330 internet-style addresses would "fall off the end" of 10331 ruleset zero and be interpreted as local -- however, 10332 the angle brackets confused the recursive call. 10333 These are now diagnosed as "Unrecognized host name". 10334 CONFIG: USENET rules weren't included in S0 because of a mistaken 10335 ifdef(`_MAILER_USENET_') instead of 10336 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik 10337 of SINTEF RUNIT, Oslo. 10338 CONFIG: move up LOCAL_RULE_0 processing so that it happens very 10339 early in ruleset 0; this allows .mc authors to bypass 10340 things like the "short circuit" code for local addresses. 10341 Prompted by a comment by Bill Wisner of The Well. 10342 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or 10343 esmtp) to send SMTP mail. This allows you to default 10344 to esmtp but use a mailertable or other override to 10345 deal with broken servers. This logic was pointed out 10346 to me by Bill Wisner. Ditto for confLOCAL_MAILER. 10347 Changes to cf/sh/makeinfo.sh to make it portable to SVR4 10348 environments. Ugly as sin. 10349 103508.3/8.3 1993/07/13 10351 Fix setuid problems introduced in 8.2 that caused messages 10352 like "Cannot create qfXXXXXX: Invalid argument" 10353 or "Cannot reopen dfXXXXXX: Permission denied". This 10354 involved a new compile flag "HASSETEUID" that takes 10355 the place of the old _POSIX_SAVED_IDS -- it turns out 10356 that the POSIX interface is broken enough to break 10357 some systems badly. This includes some fixes for 10358 HP-UX. Also fixes problems where the real uid is 10359 not reset properly on startup (from Neil Rickert). 10360 Fix a problem that caused timed out messages to not report the 10361 addresses that timed out. Error messages are also more 10362 "user friendly". 10363 Drop required bandwidth on connections from 64 bytes/sec to 10364 16 bytes/sec. 10365 Further Solaris portability changes -- doesn't require the BSD 10366 compatibility library. This also adds a new 10367 "HASGETDTABLESIZE" compile flag which can be used if 10368 you want to use getdtablesize(2) instead of sysconf(2). 10369 These are loosely based on changes from David Meyer at 10370 University of Oregon. This now seems to work, at least 10371 for quick test cases. 10372 Fix a problem that can cause duplicate error messages to be 10373 sent if you are in SMTP, you send to multiple addresses, 10374 and at least one of those addresses is good and points 10375 to an account that has a .forward file (whew!). 10376 Fix a problem causing messages to be discarded if checkcompat() 10377 returned EX_TEMPFAIL (because it didn't properly mark 10378 the "to" address). Problem noted by John Myers. 10379 Fix dfopen to return NULL if the open failed; I was depending 10380 on fdopen(-1) returning NULL, which isn't the case. This 10381 isn't serious, but does result in weird error diagnoses. 10382 From Michael Corrigan. 10383 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of 10384 messages sent through UUCP-family mailers. Suggested 10385 by Bill Wisner of The Well. 10386 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, 10387 include a "uucp-dom" mailer that uses domain-style 10388 addressing. Suggested by Bill Wisner. 10389 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match 10390 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by 10391 Christophe Wolfhugel. 10392 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 10393 103948.2/8.2 1993/07/11 10395 Don't drop out on config file parse errors in -bt mode. 10396 On older configuration files, assume option "l" (use Errors-To 10397 header) for back compatibility. NOTE: this DOES NOT 10398 imply an endorsement of the Errors-To: header in any way. 10399 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? 10400 Don't log errors on EHLO -- it isn't a "real" error for an old 10401 SMTP server to give an error on this command, and 10402 logging it in the transcript can be confusing. Fix 10403 from Bill Wisner. 10404 IRIX compatibility changes provided by Dan Rich 10405 <drich@sandman.lerc.nasa.gov>. 10406 Solaris 2 compatibility changes. Provided by Bob Cunningham 10407 <bob@kahala.soest.hawaii.edu>, John Oleynick 10408 <juo@klinzhai.rutgers.edu> 10409 Debugging: -d17 was overloaded (hostsignature and usersmtp.c); 10410 move usersmtp (smtpinit and smtpmailfrom) to -d18 to 10411 match the other flags in that file. 10412 Flush transcript before fork in mailfile(). From Eric Wassenaar. 10413 Save h_errno in mci struct and improve error message display. 10414 Changes from Eric Wassenaar. 10415 Open /dev/null for the transcript if the create of the xf file 10416 failed; this avoids at least one possible null pointer 10417 reference in very weird cases. From Eric Wassenaar. 10418 Clean up statistics gathering; it was over-reporting because of 10419 forks. From Eric Wassenaar. 10420 Fix problem that causes old Return-Path: line to override new 10421 Return-Path: line (conf.c needs H_FORCE to avoid 10422 re-using old value). From Motonori Nakamura. 10423 Fix broken -m flag in K definition -- even if -m (match only) 10424 was specified, it would still replace the key with the 10425 value. Noted by Rick McCarty of Texas Instruments. 10426 If the name server timed out over several days, no "timed out" 10427 message would ever be sent back. The timeout code 10428 has been moved from markfailure() to dropenvelope() 10429 so that all such failures should be diagnosed. Pointed 10430 out by Christophe Wolfhugel and others. 10431 Relax safefile() constraints: directories in an include or 10432 forward path must be readable by self if the controlling 10433 user owns the entry, readable by all otherwise (e.g., 10434 when reading your .forward file, you have to own and 10435 have X permission in it; everyone needs X permission in 10436 the root and directories leading up to your home); 10437 include files must be readable by anyone, but need not 10438 be owned by you. 10439 If _POSIX_SAVED_IDS is defined, setuid to the owner before 10440 reading a .forward file; this gets around some problems 10441 on NFS mounts if root permission is not exported and 10442 the user's home directory isn't x'able. 10443 Additional NeXT portability enhancements from Axel Zinser. 10444 Additional HP-UX portability enhancements from Brian Bullen. 10445 Add a timeout around SMTP message writes; this assumes you can 10446 get throughput of at least 64 bytes/second. Note that 10447 this does not impact the "datafinal" default, which 10448 is separate; this is just intended to work around 10449 network clogs that will occur before the final dot 10450 is sent. From Eric Wassenaar. 10451 Change map code to set the "include null" flag adaptively -- 10452 it initially tries both, but if it finds anything 10453 matching without a null it never tries again with a 10454 null and vice versa. If -N is specified, it never 10455 tries without the null and creates new maps with a 10456 null byte. If -O is specified, it never tries with 10457 the null (for efficiency). If -N and -O are specified, 10458 you get -NO (get it?) lookup at all, so this would 10459 be a bad idea. If you don't specify either -N or -O, 10460 it adapts. 10461 Fix recognition of "same from address" so that MH submissions 10462 will insert the appropriate full name information; 10463 this used to work and got broken somewhere along the 10464 way. 10465 Some changes to eliminate some unnecessary SYSERRs in the 10466 log. For example, if you lost a connection, don't 10467 bother reporting that fact on the connection you lost. 10468 Add some "extended debugging" flags to try to track down 10469 why we get occasional problems with file descriptor 10470 one being closed when execing a mailer; it seems to 10471 only happen when there has been another error in the 10472 same transaction. This requires XDEBUG, defined 10473 by default in conf.h. 10474 Add "-X filename" command line flag, which logs both sides of 10475 all SMTP transactions. This is intended ONLY for 10476 debugging bad implementations of other mailers; start 10477 it up, send a message from a mailer that is failing, 10478 and then kill it off and examine the indicated log. 10479 This output is not intended to be particularly human 10480 readable. This also adds the HASSETVBUF compile 10481 flag, defaulted on if your compiler defines __STDC__. 10482 CONFIG: change SMART_HOST to override an SMTP mailer. If you 10483 have a local net that should get direct connects, you 10484 will need to use LOCAL_NET_CONFIG to catch these hosts. 10485 See cf/README for an example. 10486 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle 10487 sites that don't use the -d flag. 10488 CONFIG: hide recipient addresses as well as sender addresses 10489 behind $M if FEATURE(allmasquerade) is specified; this 10490 has been requested by several people, but can break 10491 local aliases. For example, if you mail to "localalias" 10492 this will be rewritten as "localalias@masqueradehost"; 10493 although initial delivery will work, replies will be 10494 broken. Use it sparingly. 10495 CONFIG: add FEATURE(domaintable). This maps unqualified domains 10496 to qualified domains in headers. I believe this is 10497 largely equivalent to the IDA feature of the same name. 10498 CONFIG: use $U as UUCP name instead of $k. This permits you 10499 to override the "system name" as your UUCP name -- 10500 in particular, to use domain-ized UUCP names. From 10501 Bill Wisner of The Well. 10502 CONFIG: create new mailer "esmtp" that always tries EHLO 10503 first. This is currently unused in the config files, 10504 but could be used in a mailertable entry. 10505 105068.1C/8.1B 1993/06/27 10507 Serious security bug fix: it was possible to read any file on 10508 the system, regardless of ownership and permissions. 10509 If a subroutine returns a fully qualified address, return it 10510 immediately instead of feeding it back into rewriting. 10511 This fixes a problem with mailertable lookups. 10512 CONFIG: fix some M4 frotz (concat => CONCAT) 10513 105148.1B/8.1A 1993/06/12 10515 Serious bug fix: pattern matching backup algorithm stepped by 10516 two tokens in classes instead of one. Found by Claus 10517 Assmann at University of Kiel, Germany. 10518 105198.1A/8.1A 1993/06/08 10520 Another mailertable fix.... 10521 105228.1/8.1 1993/06/07 10523 4.4BSD freeze. No semantic changes. 10524