Lines Matching +full:resolver +full:- +full:to +full:- +full:digital
11 some invalid input with respect to line endings
13 - Prevent transaction stuffing by ensuring SMTP clients
19 - Accept only CRLF . CRLF as end of an SMTP message
22 - Do not accept a CR or LF except in the combination
26 suggested to use 'u2' and 'g2' instead so the server
28 It is recommended to only turn these protections off
29 for trusted networks due to the potential for abuse.
31 are used, i.e., TLSA RR 2-x-y and 3-x-y are supported
37 variable OPENSSL_CONF to /etc/mail/sendmail.ossl
38 to override the default. The file name can be
41 Note: referring to a file which does not exist does
50 exist then {verify} will be set to "DANE_TEMP" thus
54 changed to
57 fail to respond when it should (the code change in
62 If a reply to a previous RCPT was received while sending
64 reply could have been assigned to the wrong RCPT.
65 New DontBlameSendmail option CertOwner to relax requirement
76 because the -a. option has been removed (as it only
77 applies to the entire result, not individual values).
79 VACATION: Add support for Return-Path header to set sender
80 to match OpenBSD and NetBSD functionality.
81 VACATION: Honor RFC3834 and avoid an auto-reply if
82 'Auto-Submitted: no' is found in the headers to
84 VACATION: Avoid an auto-reply if a 'List-Id:' is found in
85 the headers to match OpenBSD functionality.
88 original message to match OpenBSD and NetBSD
99 Note: if the code to set up TLS in the client fails, then
100 {verify} will be set to TEMP but DANE requirements
104 Pass server name to clt_features ruleset instead of client
105 name to account for limitations in macro availability
107 custom clt_features rulesets which expect to receive
112 to log the protocol stage as stage= for some errors during
113 delivery attempts to make troubleshooting simpler. This
119 When EAI is enabled, mailq prints UTF-8 addresses as such
125 fail to respond when it should. Problem reported by
130 Handle a possible change in an upcoming release of Cyrus-SASL
134 to the server and a milter is unavailable.
143 If a server replied with 421 to a RCPT command then a bogus reply=
150 set to 2048/1024. Problem reported by Tabata
152 CONFIG: The default clt_features ruleset tried to access
156 CONFIG: Properly quote host variable to prevent cf build
168 because the message is sent to libmilter after it
172 Make use of IN_LOOPBACK, if defined, to determine if
176 is used to avoid potential problems with IPv6 lookups.
179 Solaris 12 has been renamed to Solaris 11.4, hence
190 Deprecation notice: due to compatibility problems with some
191 third party code, we plan to finally switch from K&R
192 to ANSI C. If you are using sendmail on a system
195 how to proceed.
196 Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
201 the use of SMTPUTF8, e.g., because a header uses UTF-8
203 ASCII, then the new option -U must be used, and
207 (MTA-STS, see RFC 8461) is available when using
208 - the compile time option _FFR_MTA_STS (which requires
210 - FEATURE(sts), which implicitly sets the cf option
212 - postfix-mta-sts-resolver, see
213 https://github.com/Snawoot/postfix-mta-sts-resolver.git
217 New ruleset clt_features which can be used to select features
219 flags are available: D/M to disable DANE/MTA-STS,
221 New compile time option NO_EOH_FIELDS to disable the special
222 meaning of the headers Message: and Text: to denote the
225 delivery attempts to different servers. This problem
228 to different servers which could cause bogus logging
231 from 403 to 454 to better match the RFCs.
245 does have a CDB map open does not block an in-place
247 for that problem in earlier versions is to create
252 CONFIG: New FEATURE(`check_other') to provide a default
260 properly, as the persistent macro applies to all
261 RCPTs and hence implicitly to all destinations (servers).
264 CONTRIB: Added cidrexpand -O option for suppressing duplicates from
265 a CIDR expansion that overlaps a later entry and -S option
267 MAIL.LOCAL: Enhance some error messages to simplify
271 Use proper FreeBSD version define to allow for cross
276 CDB, flock() (-DHASFLOCK), or an earlier Berkeley
287 libsm/t-ixlen.c
288 libsm/t-ixlen.sh
289 libsm/t-streq.c
290 libsm/t-streq.sh
294 libsmutil/t-lockfile.c
295 libsmutil/t-lockfile-0.sh
296 libsmutil/t-maplock-0.sh
299 SECURITY: If sendmail tried to reuse an SMTP session which had
309 the compile time option DANE is set. Only TLSA RR 3-1-x
311 New options SSLEngine and SSLEnginePath to support OpenSSL engines.
315 New option CRLPath to specify a directory which contains
316 hashes pointing to certificate revocations files.
322 To automatically handle TLS interoperability problems for outgoing
331 Apply Timeout.starttls also to the server waiting for the TLS
332 handshake to begin. Based on patch from Simon Hradecky.
333 New compile time option TLS_EC to enable the use of elliptic
340 connection does not belong to the loopback net.
341 Fix logic to enable a milter to delete a recipient in
343 to alias expansion.
366 LDAP_OPT_NETWORK_TIMEOUT is available to enable the
367 new -c option for LDAP maps to specify the network timeout.
368 CONFIG: New FEATURE(`tls_session_features') to enable standard
373 CONFIG: New options confDANE to enable DANE support.
377 CONFIG: FEATURE(`blacklist_recipients') renamed to
379 CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
383 if the -z option is used.
384 DOC: Note to set MustQuoteChars=. due to DKIM signatures.
386 of Alcatel-Lucent.
393 MAKEMAP: New map type "implicit" refers to the first available type,
400 Add support for Darwin 14-18 (Mac OS X 10.x).
403 Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
406 of a FQHN) to 256 if it is less than that value.
418 libsm/t-notify.c
432 Also note that this option applies to the server side only.
436 CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
437 Patch from Lars-Johan Liman of Netnod Internet Exchange.
438 CONFIG: New option UseCompressedIPv6Addresses to select between
440 value depends on the compile-time option IPV6_FULL:
448 LIBMILTER: Deal with more invalid protocol data to avoid potential
450 LIBMILTER: Allow a milter to specify an empty macro list ("", not
453 MAKEMAP: A change to check TrustedUser in fewer cases which was
459 to be really useful. These features are usually not
462 - doc/op/op.* for rulesets and macros,
463 - cf/README for mc/cf options.
466 SECURITY: Properly set the close-on-exec flag for file descriptors
468 If header rewriting fails due to a temporary map lookup failure,
481 permits a zero subnet to have a more specific match,
488 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
490 APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
492 If debugging is turned on (-d0.14) also print the OpenSSL
495 If a connection to the MTA is dropped by the client before its
497 so that the unvalidated hostname is not passed to a
500 which can be specified using the -d option.
501 Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
503 The new option CertFingerprintAlgorithm specifies the finger-
504 print algorithm (digest) to use for the presented cert.
513 to md5.
515 to set SSL options for the server and client side
531 to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP.
533 TLS server to have a cert is removed. This only works
540 any spaces) to set up a second cert/key pair. This can
541 be used to have certs of different types, e.g., RSA
543 A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
545 without trailing {ip6,in-addr}.arpa.
547 sendmail -C new.cf -bC
551 Allow local (not just TCP) socket connections to the server, e.g.,
554 If the new option MaxQueueAge is set to a value greater than zero,
560 to relax requirement for DefaultAuthInfo file.
561 Reset timeout after receiving a message to appropriate value if
569 nospecial which describes whether to disallow "%" in the
571 DEVTOOLS: Fix regression in auto-detection of libraries when only
574 LIBMILTER: Mark communication socket as close-on-exec in case
578 SunOS 5.12 has changed the API for sigwait(2) to conform
584 SECURITY: Properly set the close-on-exec flag for file descriptors
589 DEVTOOLS: Fix regression in auto-detection of libraries when only
598 When looking up hostnames, ensure only to return those records
603 A new mailer flag '!' is available to suppress an MH hack
606 Add an FFR (for future release) to use uncompressed IPv6 addresses,
610 custom ruleset, etc) have to use the same format.
613 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_IPV6_FULL')
619 If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to
622 Avoid compiler warnings from a change in Cyrus-SASL 2.1.25.
624 Add support for DHParameters 2048-bit primes.
641 Drop support for IPv4-mapped IPv6 addresses to prevent the MTA
643 and to enforce the proper semantics over the IPv6
646 macros was sent to a milter in the EHLO stage.
651 to the "addr-type" field. Problem noted by Dan Lukes
660 resolve to the error mailer using a temporary failure
666 Unlike gcc, clang doesn't apply full prototypes to K&R
675 as that may cause addresses to change from lower case
676 to upper case or vice versa. These header modifications
682 internal counter was subject to a race condition.
694 If Timeout.resolver.retrans is set to a value larger than 20,
695 then resolver.retry was temporarily set to 0 for
696 gethostbyaddr() lookups. Now it is set to 1 instead.
698 If sendmail could not lock the statistics file due to a system
700 triggered such an error, then sendmail tried to access
703 Do not log negative values for size= nor pri= to avoid confusing
704 log parsers, instead limit the values to LONG_MAX.
705 Account for an API change in newer versions of Cyrus-SASL.
707 Do not try to resolve link-local addresses for IPv4 (just as it
710 that may be due to incompatible cipher lists by including
727 Avoid an out-of-bounds access in case a resolver reply for a DNS
730 If a job is aborted using the interrupt signal (e.g., control-C from
731 the keyboard), perform minimal cleanup to avoid invoking
732 functions that are not signal-safe. Note: in previous
739 use of RFC 4507-style session tickets.
742 to resolver functions on strict alignment platforms.
744 Read at most two AUTH lines from a server greeting (up to two
750 connection to an LDAP server is lost while making a query.
753 it would try to use an IPv6 address if an IPv4 (or
756 stored in xtext format to avoid problems with parsing
758 CONFIG: FEATURE(`ldap_routing') in 8.14.4 tried to add a missing
759 -T<TMPF> that is required, but failed for some cases
768 DOC: Use a better description for the -i option in sendmail.
780 Set SOCKADDR_LEN_T and SOCKOPT_LEN_T to socklen_t
794 The value of headers, e.g., Precedence, Content-Type, et.al.,
797 path was erroneously reduced from MAXNAME (256) to
803 to be happening on some Linux versions).
805 the MTA was delaying connections due to DelayLA.
815 If a Diffie-Hellman cipher is selected for STARTTLS, the
821 to none or a file (see doc/op/op.me). Patch from
828 If a milter sets the reply code to "421" during the transfer
830 with that error to match the behavior of the other callbacks.
831 Return EX_IOERR (instead of 0) if a mail submission fails due to
835 cause addresses not found in LDAP to be misparsed.
837 referred to a wrong macro. Patch from John Gardiner
845 were used. Patch from Vesa-Matti J Kari of the
856 LIBMILTER: Fix error messages which refer to "select()" to be
862 VACATION: Do not refer to a local variable outside its scope.
874 character to be inserted into the workspace and thus
885 The read timeout was fixed to be Timeout.datablock if STARTTLS
889 to operate incorrectly. Problem found by Werner Wiethege.
892 libmilter has been set to 1 so a milter can determine
894 MAKEMAP: If a delimiter is specified (-t) use that also when
908 a From: or To: header, then those characters could be
912 If MaxMimeHeaderLength is set to a value greater than 0 (which
914 is 0, sendmail corrupted in the non-transfer-encoding
915 case every MAXLINE-1 characters. Patch from John Gardiner
919 Note: DeliveryMode=interactive is silently converted to
921 Prior to 8.14 this happened only if milter could delete
926 Force a queue run for -qGqueuegroup even if no runners are
929 (-z and -Z), return only those that are relevant for
931 If the message transfer time to sendmail (when acting as server)
936 A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires
937 the MTA to deal with some input (i.e., "=") itself.
957 sendmail(8) had a bogus space in -qGname. Patch from Peng Haitao.
960 CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
973 it in its list of recipients and deliver to it if the
975 in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug
979 If a server shut down the connection in response to a STARTTLS
981 due to an internal inconsistency. Problem found by
987 CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
1002 AIX 5.{1,2}: libsm/util.c failed to compile due to
1005 Booth, University of Illinois at Urbana-Champaign.
1019 - header field names are still restricted to 7 bit.
1020 - RFC 2822 allows only 7 bit (US-ASCII) characters in
1023 number of spaces after the colon would be changed to
1029 .forward files that refer to others. Patch from
1032 "sendmail -bs" can trigger an assertion because the
1034 to "localhost" for the xxfi_connect() callback.
1037 New option HeloName to set the name for the HELO/EHLO command.
1039 New option SoftBounce to issue temporary errors (4xy) instead of
1041 New suboptions for DaemonPortOptions to set them individually
1048 New option -K for LDAP maps to replace %1 through %9 in the
1057 of the University of Illinois at Urbana-Champaign.
1062 New command "mstat" for control socket to provide "machine
1072 Increase size of key for ldap lookups to 1024 (MAXKEY).
1073 New option MaxNOOPCommands to override default of 20 for the
1077 enabled, the MTA can be asked to select a shared memory
1078 key itself by setting SharedMemoryKey to -1 and specifying
1079 a file where to store the selected key.
1080 Try to deal with open HTTP proxies that are used to send spam
1084 New PrivacyOptions noactualrecipient to avoid putting
1085 X-Actual-Recipient lines in DSNs revealing the actual
1086 account that addresses map to. Patch from Dan Harkless.
1088 -B: specify a domain that is always appended to queries.
1089 -z: specify the delimiter at which to cut off the result of
1091 -Z: specify the maximum number of entries to be concatenated
1092 to form the result of a lookup.
1104 New operator 'r' for the arith map to return a random number.
1106 New compile time option MILTER_NO_NAGLE to turn off the Nagle
1115 Restarting persistent queue runners by sending a HUP signal to
1117 Increase the length of an input line to 12288 to deal with
1120 If ARPANET mode (-ba) was selected STARTTLS would fail (due to
1123 If sendmail is linked against a library that initializes Cyrus-SASL
1124 before sendmail did it (such as libnss-ldap), then SMTP AUTH
1126 works around the API design flaw of Cyrus-SASLv2.
1127 CONFIG: Make it possible to unset the StatusFile option by
1129 the MTA will not attempt to open a statistics file on
1131 CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
1135 CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
1141 CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
1142 (MAIL) whose domain part resolves to a "bad" MX record.
1144 CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
1147 to allow entries in the access map to be of the form
1148 To:user@example.com RELAY
1149 CONFIG: New subsuboptions eoh and data to specify the list of
1152 CONFIG: New option confHELO_NAME for HeloName to set the name
1160 DEVTOOLS: New macro confMKDIR: if set to a program that creates
1161 directories, then it used for "make install" to create
1163 DEVTOOLS: New macro confCCLINK to specify the linker to use for
1164 executables (defaults to confCC).
1169 changed. It now refers only to the version of libmilter,
1170 not to the protocol version (which is used only internally,
1171 it is not user/milter-programmer visible). Additionally,
1175 LIBMILTER: A new callback xxfi_negotiate() can be used to
1177 protocol actions and features of the MTA and also to
1178 specify which of these a milter wants to use. This allows
1189 xxfi_body() callback to skip over further body chunks
1190 and directly advance to the xxfi_eom() callback. This
1193 rest of the body and the milter wants to invoke functions
1195 LIBMILTER: A new function smfi_addrcpt_par() can be used to add
1197 LIBMILTER: A new function smfi_chgfrom() can be used to change the
1199 LIBMILTER: A milter can now request to be informed about rejected
1200 recipients (RCPT) too. This requires to set the protocol
1205 wants to receive from the MTA for each protocol step
1211 does not add a leading space to headers that are added,
1213 LIBMILTER: If a milter sets the reply code to "421" for the HELO
1215 with that error to match the behavior of all other callbacks.
1233 libsm/t-memstat.c
1234 libsm/t-qic.c
1243 an internal variable is set properly to avoid those
1248 sendmail -bd is invoked. Problem reported by Kan Sasaki
1252 Avoid a crash when finishing due to referencing a freed variable.
1259 it has been changed to {client_name}. See doc/op/op.me
1263 A malformed MIME structure with many parts can cause sendmail to
1264 crash while trying to send a mail due to a stack overflow,
1265 e.g., if the stack size is limited (ulimit -s). This
1267 was not restricted. The function is called for MIME 8 to
1268 7 bit conversion and also to enforce MaxMimeHeaderLength.
1269 To work around this problem, recursive calls are limited to
1273 The changes to the I/O layer in 8.13.6 caused a regression for
1275 DIGEST-MD5. Problem noted by Robert Stampfli.
1278 This was another side effect of the changes to the I/O
1288 to avoid those false positives.
1289 If the start of the sendmail daemon fails due to a configuration
1296 bug work-around. Hence if sendmail is linked against
1298 the padding bug work-around is turned off. Based on
1301 blackholes.mail-abuse.org as default domain for lookups,
1302 however, that list is no longer available. To avoid
1314 attack vector to exploit the unsafe handling of
1316 Problem detected by Mark Dowd of ISS X-Force.
1323 If a server returns 421 for an RSET command when trying to start
1328 to a STARTTLS command despite the fact that it advertised
1329 STARTTLS and that the code is not valid according to RFC
1331 of a protocol error (which has been changed to a
1339 Set up TLS session cache to properly handle clients that try to
1347 LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
1349 Solaris, though other systems appear to just discard the
1352 -1 and set errno instead of returning an error code
1369 checking whether a link(2) operation can be used to split
1373 number of items to process, sort the queue first and
1376 Fix helpfile to show full entry for ETRN. Problem noted by
1381 When a server responds with 421 to the STARTTLS command then treat
1390 LIBMILTER: Recognize "421" also in a multi-line reply to terminate
1393 has a properly working snprintf(3) to get rid
1401 Set DontBlameSendmail to AssumeSafeChown and
1405 was supposed to be eliminated in 8.13.0 because some
1421 stay in CLOSE_WAIT state due to a variable that was not
1424 to an endless loop when doing LMTP deliveries to another
1430 owner and group of the shared memory segment is set to
1432 to 0660 to allow for updates by sendmail processes.
1436 Undo a change made in 8.13.0 to silently truncate long strings
1441 The internal stab map did not obey the -m flag. Patch from
1443 The socket map did not obey the -f flag. Problem noted by
1446 the LDAP map -1 argument which tells the MTA to only
1449 to avoid a possible segmentation fault. Based on patch
1452 does not assign a value to its output parameter. Based
1455 to Cyrus SASL version 2). Otherwise an SMTP session might
1459 "long long" to read load average data, e.g.,
1460 AIX 5.1 in 32 bit mode. Note: this has to be set
1470 libsm/t-sem.c
1476 due to a 421 error. Problem found by Allan E Johannesen
1481 Regression: a change in 8.13.2 caused sendmail not to try the
1494 If a server returns a 421 reply to the RSET command between
1495 message deliveries, do not attempt to deliver any more
1504 When passing ESMTP arguments for RCPT to a milter, do not cut
1506 Add more logging to milter change header functions to
1512 to a hostname for use with SASL. Problem noted by Ken Jones;
1519 LIBMILTER: Slightly rearrange mutex use in listener.c to allow
1520 different threads to call smfi_opensocket() and smfi_main().
1524 MAIL.LOCAL: make strip-mail.local used a wrong path to access
1539 objectClasses of the LDAP response to be included in the
1556 Patch from Sung-hoon Choi of DreamWiz Inc.
1565 is used to give more flexibility for local changes.
1570 NetBSD can use sysctl(3) to get the number of CPUs in
1572 Add a README file in doc/op/ to explain potential
1579 Do not include AUTH data in a bounce to avoid leaking confidential
1584 Fix compilation error in libsm/clock.c for -D_FFR_SLEEP_USE_SELECT=n
1585 and -DSM_CONF_SETITIMER=0. Problem noted by Juergen Georgi
1587 Fix bug in conversion from 8bit to quoted-printable. Problem found
1589 Add support for LDAP recursion based on types given to attribute
1591 LDAP queries to return a new query, a DN, or an LDAP
1596 (O AliasFile=ldap:) and file classes (F{X}@LDAP) to
1600 New option for LDAP maps: the -w option allows you to specify the
1601 LDAP API/protocol version to use. The default depends on
1603 New option for LDAP maps: the -H option allows you to specify an
1604 LDAP URI instead of specifying the LDAP server via -h host
1605 and -p port. This also allows for the use of LDAP over
1617 in the cf file to impose connection rate limits.
1640 performance if many mails are rejected by milters due to
1642 New macro {msg_id} which contains the value of the Message-Id:
1650 to prevent confusion caused by running sendmail stop
1655 how to correct broken scripts which may have depended on
1657 Support per-daemon input filter lists which override the default
1660 Do not add all domain prefixes of the hostname to class 'w'. If
1661 your configuration relies on this behavior, you have to
1662 add those names to class 'w' yourself. Problem noted
1666 unless specifically requested with -qQ. Quarantined queue
1668 The -q command line option now can specify which queue to display
1669 or run. -qQ operates on quarantined queue items. -qL
1672 quarantined reason using -qQtext to run or display
1674 given text. Similarly, -q!Qtext will run or display
1678 new -Q option. See doc/op/op.me for more information.
1679 When displaying the quarantine mailq with 'mailq -qQ', the
1683 to quarantine messages in check_* (except check_compat) and
1686 Add a new quarantine count to the mailstats collected.
1699 Call check_relay with the value of ${client_name} to deal with bogus
1702 Treat Delivery-Receipt-To: headers the same as Return-Receipt-To:
1703 headers (turn them into DSNs). Delivery-Receipt-To: is
1710 Add a new AuthOption=m flag to require the use of mechanisms which
1715 format just like the STARTTLS related macros to avoid
1718 New option AuthRealm to set the authentication realm that is
1719 passed to the Cyrus SASL library. Patch from Gary Mills
1729 DIGEST-MD5 and LOGIN.
1730 Write pid to file also if sendmail only acts as persistent queue
1732 Keep daemon pid file(s) locked so other daemons don't try to
1735 {cert_issuer} from 128 to 256. Requested by Christophe
1739 If the MSP is invoked with the verbose option (-v) then it will
1740 try to use the SMTP command VERB to propagate this option
1741 to the MTA which in turn will show the delivery just like
1746 to high load, log this information. Patch from John Beck
1748 Remove the ability for non-trusted users to raise the value of
1750 New mailer flag 'B' to strip leading backslashes, which is a
1752 New mailer flag 'W' to ignore long term host status information.
1754 Enable generic mail filter API (milter) by default. To turn
1755 it off, add -DMILTER=0 to the compile time options.
1757 causing subsequent messages to be sent instead of being
1758 discarded. This also caused milter callbacks to be called
1760 New option RequiresDirfsync to turn off the compile time flag
1763 New command line option -D logfile to send debug output to
1765 Add Timeout.queuereturn.dsn and Timeout.queuewarn.dsn to control
1771 to enable/disable certain features in the server per
1776 trying to canonify hostnames. Suggested by Neil Rickert
1778 Add support for a fallback smart host (option FallbackSmartHost) to
1785 Remove deprecated -v option for PH map, use -k instead. Patch from
1786 Mark Roth of the University of Illinois at Urbana-Champaign.
1788 then compile with -DNPH_VERSION=10100. Patch from Mark Roth
1789 of the University of Illinois at Urbana-Champaign.
1790 Add Milter.macros.eom, allowing macros to be sent to milter
1795 If check_relay sets the reply code to "421" the SMTP server will
1797 Get rid of dead code that tried to access the environment variable
1799 Deprecate the use of ErrorMode=write. To enable this in 8.13
1800 compile with -DUSE_TTYPATH=1.
1807 rules to be written for header checks to catch strings
1820 change to using fcntl() locking until they can fix
1821 it. Be sure to update other sendmail related
1822 programs to match locking techniques.
1830 Extend support to Darwin 7.x/Mac OS X 10.3 (a.k.a. Panther).
1833 Also use <sys/mkdev.h> to get the correct
1836 CONFIG: Add support for LDAP recursion to the default LDAP searches
1845 instructs the check_* (except check_compat) to quarantine
1847 CONFIG: Use "dns -R A" as map type for dnsbl (just as for enhdnsbl)
1848 instead of "host" to avoid problem with looking up other
1850 CONFIG: New option confCONNECTION_RATE_WINDOW_SIZE to define the
1853 CONFIG: New FEATURE(`ratecontrol') to set the limits for connection
1855 CONFIG: New FEATURE(`conncontrol') to set the limits for the
1859 take an argument specifying the milliseconds to wait and/or
1860 use the access database to look the pause time based on
1862 CONFIG: New FEATURE(`use_client_ptr') to have check_relay use
1868 CONFIG: New option confREJECT_LOG_INTERVAL to specify the log
1873 CONFIG: New option confAUTH_REALM to set the authentication realm
1874 that is passed to the Cyrus SASL library. Patch from
1876 CONFIG: Rename the (internal) classes {tls}/{src} to {Tls}/{Src}
1877 to follow the naming conventions.
1878 CONFIG: Add a third optional argument to local_lmtp to specify
1882 CONFIG: New option confREQUIRES_DIR_FSYNC to turn off the compile
1884 CONFIG: New LOCAL_UUCP macro to insert rules into the generated
1888 to control queue return and warning times for delivery
1890 CONFIG: New option confFALLBACK_SMARTHOST to define FallbackSmartHost.
1891 CONFIG: Add the mc file which has been used to create the cf
1892 file to the end of the cf file when using make in cf/cf/.
1894 CONFIG: FEATURE(nodns) has been removed, it was a no-op since 8.9.
1895 Use ServiceSwitchFile to turn off DNS lookups, see
1898 option) defines macros to be sent to milter applications for
1900 CONFIG: New option confCRL to specify file which contains
1902 CONFIG: Add a new value (sendertoo) for the third argument to
1906 CONFIG: Add a fifth argument to FEATURE(`ldap_routing') which
1907 instructs the rulesets on whether or not to do a domain
1910 CONFIG: Add a sixth argument to FEATURE(`ldap_routing') which
1911 instructs the rulesets on whether or not to queue the mail
1916 CONFIG: New option confMESSAGEID_HEADER to define a different
1917 Message-Id: header format. Patch from Bastiaan Bakker
1921 CONTRIB: oldbind.compat.c has been removed due to security problems.
1926 filter's EOM routine to quarantine the current message.
1929 LIBMILTER: If a milter sets the reply code to "421", the SMTP server
1934 to notify the MTA that an EOM operation is still in progress,
1937 to attempt to establish the interface socket, and detect
1938 failure to do so before calling smfi_main().
1940 filter to return a multi-line SMTP reply.
1946 LIBMILTER: The sample program also needs to use SMFIF_ADDRCPT.
1953 amendments to support header insertion operations.
1958 MAKEMAP: Add new flag -D to specify the comment character to use
1960 VACATION: Add new flag -j to auto-respond to messages regardless of
1961 whether or not the recipient is listed in the To: or Cc:
1963 VACATION: Add new flag -R to specify the envelope sender address
1964 for the auto-response message.
1978 devtools/OS/UNICOS-mk
1979 devtools/OS/UNICOS-mp
2009 seconds can exceed the usual range of 0 to 59.
2013 sendmail process that was used to start the daemon.
2017 of the current list to deal with rewritten addresses.
2024 Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit
2027 To get the 8.12.3-8.12.10 version, compile sendmail with
2028 -DMIME7TO8_OLD=0. If you have an example of improper
2029 7 to 8 bit conversion please send it to us.
2034 causes sendmail to log "POSSIBLE ATTACK...newline in string".
2035 To avoid this everything after LF is ignored.
2056 to libmilter. Based on code review by Rob Grzywinski.
2068 only if non-standard rulesets recipient (2), final (4), or
2069 mailer-specific envelope recipients rulesets are used then
2073 Add several checks to avoid (theoretical) buffer over/underflows.
2074 Properly count message size when performing 7->8 or 8->7 bit MIME
2078 Reset SevenBitInput to its configured value between SMTP
2083 Better error handling in case of (very unlikely) queue-id conflicts.
2087 Add ':' to the allowed character list for bogus HELO/EHLO
2093 to make sure they match.
2105 and expn.pl to avoid file overwrites, etc. Patches from
2107 MAIL.LOCAL: Fix obscure race condition that could lead to an
2115 Port for AIX 5.2. Thanks to Steve Hubert of University
2116 of Washington for providing access to a computer
2125 -DHASSTRERROR=0 and tell sendmail.org about it.
2130 SECURITY: Fix a buffer overflow in address parsing due to
2131 a char to int conversion problem which is potentially
2133 Note: an MTA that is not patched might be vulnerable to
2136 To provide partial protection to internal, unpatched sendmail MTAs,
2137 8.12.9 changes by default (char)0xff to (char)0x7f in
2138 headers etc. To turn off this conversion compile with
2139 -DALLOW_255 or use the command line option -d82.101.
2140 To provide partial protection for internal, unpatched MTAs that may be
2141 performing 7->8 or 8->7 bit MIME conversions, the default
2142 for MaxMimeHeaderLength has been changed to 2048/1024.
2145 To disable the checks and return to pre-8.12.9 defaults,
2146 set MaxMimeHeaderLength to 0/0.
2147 Do not complain about -ba when submitting mail. Problem noted
2152 Properly initialize data structure for dns maps to avoid various
2155 CONFIG: Prevent multiple application of rule to add smart host.
2158 CONTRIB: buildvirtuser: New option -t builds the virtusertable
2163 This can be overridden by using -DSM_CONF_GETOPT=0
2170 of ISS X-Force.
2171 Fix a potential non-exploitable buffer overflow in parsing the
2187 Properly clean up macros to avoid persistence of session data
2190 to erroneously allow a connection. Problem noted
2193 only needs to relay all mail to the MTA. Problem found
2195 Do not restrict the length of connection information to 100
2198 When converting an enhanced status code to an exit status, use
2206 users. Problem noted by Martin J. Dellwo of 3-Dimensional
2212 Print early system errors to the console instead of silently
2214 Do not process a queue group if Runners is set to 0, regardless
2215 of whether F=f or sendmail is run in verbose mode (-v).
2216 The use of -qGname will still force queue group "name"
2217 to be run even if Runners=0.
2219 connections due to high load from LOG_INFO to LOG_NOTICE.
2223 Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by
2229 Do not try to share an mailbox database LDAP connection across
2234 Avoid problems with QueueSortOrder=random due to problems with
2237 If -f "" is specified, set the sender address to "<>". Problem
2244 and pass a NULL pointer to an option which requires
2247 by using -DSM_CONF_GETOPT=0. Problem noted by
2249 Support for nph-1.2.0 from Mark D. Roth of the University
2250 of Illinois at Urbana-Champaign.
2262 DNS entries to get around access restrictions.
2265 to avoid problems with hostname resolution for localhost
2266 which on many systems does not resolve to 127.0.0.1 (or
2268 you need to change submit.mc accordingly, see the comment
2270 CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
2272 mail to non-existing users. Problem noted by Mark Roth of
2273 the University of Illinois at Urbana-Champaign.
2274 CONFIG: Allow local_procmail to override local_lmtp settings.
2275 CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
2281 an error in the communication from/to the MTA occurs.
2291 SMRSH: SECURITY: Only allow regular files or symbolic links to be
2299 Do not add the FallbackMXhost (or its MX records) to the list
2300 returned by the bestmx map when -z is used as option.
2304 Properly split owner- mailing list messages when SuperSafe is set
2305 to interactive. Problem noted by Todd C. Miller of
2313 Provide an 'install-submit-st' target for sendmail/Makefile to
2330 If discarding a message based on a recipient, don't try to look up
2332 allows users to discard bogus recipients when dealing with
2335 If applying a header check to a header with unstructured data,
2344 Add some additional IRIX shells to the default shell
2349 to handling entries of IP nets/addresses with RHS REJECT.
2351 being activated in check_relay. This change has been made to
2386 map type are changed to 'X' to avoid potential problems
2401 to get the definition for _PATH_SENDMAIL, used by
2404 NOTE: Linux appears to have broken flock() again. Unless
2406 8.13 will change the default locking method to
2408 want to do this in 8.12 by compiling with
2409 -DHASFLOCK=0. Be sure to update other sendmail
2410 related programs to match locking techniques.
2414 can leave systems open to a local denial of service
2415 attack. Be sure to read the "FILE AND MAP PERMISSIONS"
2418 Use TempFileMode (defaults to 0600) for the permissions of PidFile
2421 from 0644 to 0640. This can be overridden at compile time
2426 Expand macros before passing them to libmilter. Problem noted
2432 Change SMTP reply code for AUTH failure from 500 to 535 and the
2433 initial zero-length response to "=" per RFC 2554. Patches
2435 Do not try to fix broken message/rfc822 MIME attachments by
2436 inserting a MIME-Version: header when MaxMimeHeaderLength
2437 is set and no 8 to 7 bit conversion is needed. Based on
2445 Detach from shared memory before dropping privileges back to
2447 If AllowBogusHELO is set to false (default) then also complain if
2448 the argument to HELO/EHLO contains white space. Suggested
2454 Leibniz-Rechenzentrum Munich.
2457 be able to use Milter's body replacement feature.
2459 Digital UNIX 5.0 has changed flock() semantics to be
2460 non-compliant. Problem noted by Martin Mokrejs of
2468 to be misaddressed. Problem noted by Andrzej Filip.
2472 the sender address. This allows locally submitted mail to
2473 be accepted if the machine isn't connected to a nameserver
2485 CONTRIB: Fix wording in default dnsblaccess rejection message to
2490 LIBMILTER: Mark the listening socket as close-on-exec in case
2493 functions in SmMbdbTypes to be set to NULL.
2495 0644 to 0640. This can be overridden at compile time
2499 VACATION: When listing the vacation database (-l), don't show
2500 bogus timestamps for excluded (-x) addresses. Problem
2508 not to be delivered if a queue file is repeatedly moved
2511 to avoid moving queue files if not really necessary.
2512 sendmail may use links to refer to queue files and it
2520 to disk before splitting it, otherwise an assertion is
2523 Fix possible race condition that could cause sendmail to forget
2530 Matching queue IDs with -qI should be case sensitive. Problem
2532 If privileges have been dropped, don't try to change group ID to
2538 Do not limit sendmail command line length to SM_ARG_MAX (usually
2541 Clear full name of sender for each new envelope to avoid bogus data
2562 a set-user-ID (non-root) program. Problem noted by Jon
2565 directories are used and mail is sent to a mailing list
2566 which has an owner- alias. Problem noted by Anne Bennett
2570 The SMTP daemon no longer tries to fix up improperly dot-stuffed
2574 Fix corruption when doing automatic MIME 7-bit quoted-printable or
2575 base64 encoding to 8-bit text. Problem noted by Mark
2582 non-ASCII characters, and properly create DSNs if necessary.
2586 Prevent a race condition on child cleanup for delivery to files.
2590 to 451.
2594 Initialize Timeout.iconnect in the code to prevent randomly short
2596 Do not try to send a second SMTP QUIT command if the remote
2597 responds to a MAIL command with a 421 reply or on I/O
2605 which drop the connection instead of responding to the
2608 Check LDAP_API_VERSION to determine if ldap_memfree() is
2610 Define HPUX10 when building on HP-UX 10.X. That platform
2617 Add /sbin/sh as an acceptable user shell on HP-UX. From
2618 Rajesh Somasund of Hewlett-Packard.
2619 CONFIG: Add FEATURE(`authinfo') to allow a separate database for
2630 CONFIG: Allow users to override RELAY_MAILER_ARGS when FEATURE(`msp')
2638 CONFIG: Set confTIME_ZONE to USE_TZ in submit.mc (TimeZoneSpec= in
2639 submit.cf) to use $TZ for time stamps. This is a compromise
2640 to allow for the proper time zone on systems where the
2644 University of Illinois at Urbana-Champaign, solution proposed
2646 CONFIG: Mac OS X (Darwin) ships with mail.local as non-set-user-ID
2649 CONTRIB: Add a warning to qtool.pl to not move queue files around
2651 CONTRIB: buildvirtuser: Add -f option to force rebuild.
2652 CONTRIB: smcontrol.pl: Add -f option to specify control socket.
2657 structure that is passed to xxfi_connect(). Notice:
2659 this change; mixing versions may lead to wrong port
2669 this to 1 if your LDAP client libraries include
2675 VACATION: Allow root to operate on user vacation databases. Based
2678 VACATION: Don't ignore -C option. Based on patch by Bryan Costales.
2688 following -b) has been specified.
2695 Remove newlines from recipients read via sendmail -t to prevent
2706 needs to collect children status to avoid zombie processes.
2708 Shut down "nullserver" and ETRN-only connections after 25 bad
2714 Error and delay DSNs were being sent to postmaster instead of the
2727 Fix a potential deadlock if two events are supposed to occur at
2733 Allow selection of queue group for mailq using -qGgroup.
2743 This is necessary to interoperate as an SMTP AUTH client
2745 CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin.
2749 In addition to printing errors when parsing recipients during
2750 command line invocations log them to make it simpler
2751 to understand possible DSNs to postmaster.
2753 Allow local mailers (F=l) to specify a host for TCP connections
2757 Re-enable support for -M option which was broken in 8.12.1. Problem
2772 Fix IPv6 network interface probing on HP-UX 11.X. Based on
2776 Use proper type for a 32-bit integer on SINIX. From Ganu
2778 Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX.
2779 Reduce optimization from +O3 to +O2 on HP-UX 11. This
2781 characters to be written to the qf file. Problem
2786 information. From Mark Bixby of Hewlett-Packard.
2790 Hewlett-Packard.
2793 From Mark Bixby of Hewlett-Packard.
2804 systems. From Mark Bixby of Hewlett-Packard.
2812 Hewlett-Packard.
2821 to free memory twice.
2830 cf/cf/generic-mpeix.cf
2831 cf/cf/generic-mpeix.mc
2835 devtools/OS/MPE-iX
2841 to avoid possible compromises of the mail system by
2843 different set*gid() calls to reset saved gid. Problem
2846 privileges by disabling debugging (command line -d flag)
2847 during queue runs and disabling ETRN when sendmail -bs is
2851 Set the ${server_addr} macro to name of mailer when doing LMTP
2853 STARTTLS causing sendmail to use this macro in rulesets.
2854 If debugging is turned on (-d0.10) print not just the default
2860 this only applied to hostname canonification. Problem
2862 Ignore comments in NIS host records when trying to find the
2865 line flags (i.e., -G, -h, -F, etc.) to mail submission
2866 operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on
2869 AIX: Use `oslevel` if available to determine OS version.
2875 Avoid compiler warnings by not using pointers to pass
2878 CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize
2894 Mark Bixby from Hewlett-Packard.
2908 set-user-ID root anymore. You need to create a new user and
2910 default). The installation process tries to install
2931 If sendmail is set-group-ID then that group ID is used for permission
2933 set-group-ID sendmail binary for initial message submission
2934 and no set-user-ID root sendmail is needed. For details
2936 Log a warning if a non-trusted user changes the syslog label.
2938 If sendmail is called for initial delivery, try to use submit.cf
2941 New configuration file option UseMSP to allow group writable queue
2942 files if the group is the same as that of a set-group-ID
2944 The .cf file is chosen based on the operation mode. For -bm (default),
2945 -bs, and -t it is submit.cf if it exists for all others it
2946 is sendmail.cf (to be backward compatible). This selection
2947 can be changed by the new option -Ac or -Am (alternative .cf
2954 used to look up local mail recipients; the default value
2955 is "pw", which means to use getpwnam(). New mailbox database
2956 types can be added by adding custom code to libsm/mbdb.c.
2958 long, to accommodate envelope splitting. File systems with
2964 portions of the list need to be scanned (instead of the whole
2965 list) each delivery() pass to determine piggybacking. The
2970 piggybacking (called coincidental) extended to coattail
2974 If sendmail receives a temporary error on a RCPT TO: command, it will
2976 DefaultAuthInfo can contain a list of mechanisms to be used for
2977 outgoing (client-side) SMTP Authentication.
2978 New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable
2982 A new ruleset authinfo can be used to return client side
2988 Add new option AuthMaxBits to limit the overall encryption strength
2995 New ruleset try_tls to decide whether to try (as client) STARTTLS.
2996 New ruleset srv_features to enable/disable certain features in the
2998 New ruleset tls_rcpt to decide whether to send e-mail to a particular
2999 recipient; useful to decide whether a connection is secure
3001 New option TLSSrvOptions to modify some aspects of the server
3005 New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off
3006 using/offering STARTTLS when delivering/receiving e-mail.
3013 Add queue groups which can be used to group queue directories with
3015 If the new option FastSplit (defaults to one) has a value greater
3020 processes to deliver the envelopes; if more envelopes are
3023 The check for 'enough disk space' now pays attention to which file
3025 All queue runners can be cleanly terminated via SIGTERM to parent.
3028 group (one or more queues in a multi-queue environment
3029 collected together) to process the same work list at the
3031 Option MaxQueueChildren added to limit the number of concurrently
3033 New option MaxRunnersPerQueue to specify the maximum number of queue
3036 the pattern to be negated. For -qI, -qR and -qS it is
3037 permissible for -q!I, -q!R and -q!S to mean remove members
3039 New -qp[time] option is similar to -qtime, except that instead of
3040 periodically forking a child to process the queue, a single
3042 runs. A SIGHUP signal can be sent to restart this
3046 sendmail -q15m).
3047 New option NiceQueueRun to set the priority of queue runners.
3049 sendmail will run the queue(s) in the background when invoked with -q
3050 unless the new -qf option or -v is used.
3052 several queue runners are started by hand to avoid contention.
3056 a client to specify an amount of time within which an e-mail
3057 should be delivered. New option DeliverByMin added to set the
3059 Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are
3066 MX records will be looked up for FallBackMXhost. To use the old
3069 Use shared memory to store free space of filesystems that are used
3072 calls to check the available space. See doc/op/op.me for
3074 If shared memory is compiled in the option -bP can be used to print
3079 Remove '-U' (initial user submission) command line option as
3081 Remove support for non-standard SMTP command XUSR. Use an MSA instead.
3085 Two new options for host maps: -d (retransmission timeout),
3086 -r (number of retries).
3087 New option for LDAP maps: the -V<sep> allows you to specify a
3091 to map class arith.
3092 If DoubleBounceAddress expands to an empty string, ``double bounces''
3095 GroupWritableSASLDBFile to relax requirements for sasldb files.
3096 New DontBlameSendmail options GroupReadableKeyFile to relax
3099 Properly handle quoted filenames for class files (to allow for
3101 Honor the resolver option RES_NOALIASES when canonifying hostnames.
3102 Add macros to avoid the reuse of {if_addr} etc:
3107 to the loopback net.
3109 DialDelay option applies only to mailers with flag 'Z'. Patch from
3111 New Timeout.lhlo,auth,starttls options to limit the time waiting for
3112 an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command.
3113 New Timeout.aconnect option to limit the overall waiting time for
3114 all connections for a single delivery attempt to succeed.
3117 BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD
3119 New option DelayLA to delay connections if the load averages
3122 will cause sendmail to sleep for one second on most
3125 Use a dynamic (instead of fixed-size) buffer for the list of
3126 recipients that are sent during a connection to a mailer.
3128 the maximum number of recipients (defaults to 100).
3130 Add new F=1 mailer flag to disable sending of null characters ('\0').
3131 Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead.
3136 PH map code updated to use the new libphclient API instead of the
3138 University of Illinois at Urbana-Champaign.
3139 New option DirectSubmissionModifiers to define {daemon_flags}
3141 New M=O modifier for DaemonPortOptions to ignore the socket in
3142 case of failures. Based on patch by Jun-ichiro itojun
3144 Add Disposition-Notification-To: (RFC 2298) to the list of headers
3145 whose content is rewritten similar to Reply-To:.
3157 in which most commands are rejected due to check_relay or
3159 Change logging format for cloned envelopes to be similar to that for
3177 together with DeliveryMode=interactive is to avoid some disk
3179 Add per-recipient status information to mailq -v output.
3181 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
3183 sendmail -d now has general support for named debug categories.
3190 Do not issue a DSN if the ruleset localaddr resolves to the $#error
3195 from an address to which a DSN cannot be returned and
3196 in which at least one recipient address is non-deliverable,
3202 Log the command line in daemon/queue-run mode at LogLevel 10 and
3205 attempting to canonify a hostname, some broken nameservers
3207 lookups. If you want to excuse this behavior, use this new
3210 Urbana-Champaign.
3214 to each daemon individually, not the overall number of
3217 sendmail to use a default alias schema as outlined in the
3224 allows classes to be filled via a map lookup. See op.me
3226 used for commands such as VIRTUSER_DOMAIN_FILE() to read
3234 (e.g., F|/path/to/prog) is in an unsafe directory path.
3237 (e.g., F|/path/to/prog) is group or world writable.
3239 hostnames. Setting DontProbeInterfaces to "loopback"
3240 (without quotes) will disable this and return to the
3241 pre-8.12 behavior of only probing non-loopback interfaces.
3252 PrivacyOptions=restrictexpand instructs sendmail to drop privileges
3253 when the -bv option is given by users who are neither root
3255 forwards, or :include: files. It also will override the -v
3259 back to the settings in ClientPortOptions (if set).
3263 the University of Illinois at Urbana-Champaign.
3268 current connection and reopen to get to one of the fallback
3280 "IPv6:" tag to identify the address properly. For example,
3281 if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to
3282 class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4].
3285 Add "use_inet6" as a new ResolverOptions flag to control the
3286 RES_USE_INET6 resolver option. Based on patch from Rick
3297 Setting a value to 0 disables the check. Patch from Bryan
3299 The header syntax H?${MyMacro}?X-My-Header: now not only checks if
3304 Be sure to include the proper Final-Recipient: DSN header in bounce
3308 the final dot has been sent to avoid affecting future
3311 file systems that require to call fsync() for a directory
3312 if the meta-data in it has been changed. This should be
3316 sendmail is signaled to terminate. Problem noted by
3332 of man pages and user-executable to root/sys, set
3333 optimization limit to 0 (unlimited). Based on patch
3339 CONFIG: Increment version number of config file to 10.
3343 CONFIG: The access map uses an option of -T<TMPF> to deal with
3346 action to be taken by aborting the search for domain names
3350 to get through.
3355 introduced to match only non-empty details of addresses.
3359 after MAILER(`smtp') if uucp-dom and uucp-uudom are used.
3366 CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset
3369 STARTTLS has been used to "(version=${tls_version}
3372 options friends/haters instead of "To:" and enable
3378 CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in
3381 CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for
3387 to specify another domain to be added instead of the local one.
3390 CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific
3394 CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated
3399 CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for
3401 CONFIG: New option confDELIVER_BY_MIN to specify minimum time for
3402 Deliver By (RFC 2852) or to turn off the extension.
3403 CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared
3405 CONFIG: New FEATURE(`compat_check') to look up a key consisting
3410 CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user
3412 CONFIG: Don't use MAILER-DAEMON for error messages delivered
3414 CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of
3416 CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the
3417 +detail portion of the address when passing address to
3422 which allow you to specify 'equivalent' hosts for LDAP
3426 CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which
3427 instructs the rulesets on what to do if the address being
3474 CONFIG: confDEQUOTE_OPTS can be used to specify options for the
3476 CONFIG: New macro QUEUE_GROUP() to define queue groups.
3477 CONFIG: New FEATURE(`queuegroup') to select a queue group based
3478 on the full e-mail address or the domain of the recipient.
3480 by the "IPv6:" tag to identify the address properly. For
3481 example, if you want to use the IPv6 address
3483 to use IPv6:2002:c0a8:51d2::23f4 on the left hand side.
3485 relay-domains and local-host-names files.
3486 CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux).
3492 (LOCAL_USER() -- $={L}) entries from a file.
3494 which allows to lookup error codes in the access map.
3499 DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off
3502 EDITMAP: New program for editing maps as supplement to makemap.
3503 MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up
3504 local mail recipients. New option -D mbdb specifies the
3506 MAIL.LOCAL: New option "-h filename" which instructs mail.local to
3507 deliver the mail to the named file in the user's home
3509 patch from Doug Hardie of the Los Angeles Free-Net.
3510 MAILSTATS: New command line option -P which acts the same as -p but
3512 MAKEMAP: Add new option -t to specify a different delimiter
3514 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
3518 VACATION: Change Auto-Submitted: header value from auto-generated to
3519 auto-replied. From Kenneth Murchison of Oceana Matrix Ltd.
3520 VACATION: New option -d to send error/debug messages to stdout
3522 VACATION: New option -U which prevents the attempt to lookup login
3523 in the password file. The -f and -m options must be used
3524 to specify the database and message file since there is no
3526 VACATION: Vacation now uses the libsm mbdb package to look up
3528 from the sendmail.cf file. New option -C cffile which
3547 devtools/M4/UNIX/sm-test.m4
3576 cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc
3577 cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf
3578 cf/ostype/aux.m4 => cf/ostype/a-ux.m4
3584 of ISS X-Force.
3585 SECURITY: Fix a buffer overflow in address parsing due to
3586 a char to int conversion problem which is potentially
3588 Note: an MTA that is not patched might be vulnerable to
3591 To provide partial protection to internal, unpatched sendmail MTAs,
3592 8.11.7 changes by default (char)0xff to (char)0x7f in
3593 headers etc. To turn off this conversion compile with
3594 -DALLOW_255 or use the command line option -d82.101.
3595 To provide partial protection for internal, unpatched MTAs that may be
3596 performing 7->8 or 8->7 bit MIME conversions, the default
3597 for MaxMimeHeaderLength has been changed to 2048/1024.
3600 To disable the checks and return to pre-8.11.7 defaults,
3601 set MaxMimeHeaderLength to 0/0.
3602 Properly clean up macros to avoid persistence of session data
3605 to erroneously allow a connection. Problem noted
3607 Ignore comments in NIS host records when trying to find the
3619 Prevent a race condition on child cleanup for delivery to files.
3633 Mark Bixby from Hewlett-Packard.
3637 SMRSH: SECURITY: Only allow regular files or symbolic links to be
3643 out-of-bounds debug parameters. Problem detected by
3649 noted by Dileepan Moorkanat of Hewlett-Packard.
3653 Avoid a segmentation fault on non-matching Hesiod lookups. Problem
3657 Fix a possible race condition when sending a HUP signal to restart
3663 When finding the system's local hostname on an IPv6-enabled system
3665 to looking up only IPv4 addresses. Problem noted by Tim
3667 When commands were being rejected due to check_relay or TCP
3670 IPv4-mapped addresses) were incorrectly labeled as "may be
3675 Restore the original real uid (changed in main() to prevent
3680 Mark closed file descriptors properly to avoid reuse. Problem
3683 their sub-suboptions in the .cf file, e.g., -O
3685 to 2 days. Problem noted by Roger B.A. Klorese.
3699 Clean up signal handling routines to reduce the chances of heap
3702 instantaneous due to this change. Also, non-root users can
3703 no longer send out-of-band signals. Problem reported by
3705 If LogLevel is greater than 9 and SASL fails to negotiate an
3711 Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch
3715 If a process is interrupted while closing a map, don't try to close
3717 Allow local mailers (F=l) to contact remote hosts (e.g., via
3720 If Timeout.QueueReturn was set to a value less the time it took
3721 to write a new queue file (e.g., 0 seconds), the bounce
3727 When closing an LDAP map due to a temporary error, close all of the
3729 to the LDAP server. Patch from Victor Duchovni of
3731 To detect changes of NDBM aliases files check the timestamp of the
3736 If ClientPortOptions is set, make sure to create the outgoing socket
3738 Avoid a segmentation fault trying to dereference a NULL pointer
3744 Fix DSN for "mail loops back to me" bounces. Problem noticed by
3749 to 553 since it is allowed by DRUMS.
3754 DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD
3756 PRALIASES: Add back adaptive algorithm to deal with different endings
3764 LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus
3772 Jun-ichiro itojun Hagino of the KAME Project.
3774 Modifier=b (bind to same interface) is set and the
3776 Do not bind to the loopback address if DaemonPortOptions
3777 Modifier=b (bind to same interface) is set. Patch from
3779 Properly deal with open failures on non-optional maps used in
3781 Buffered file I/O files were not being properly fsync'ed to disk
3786 to the wrong hostname (of a previous connection), which may
3787 cause some rulesets to return wrong results. This would
3788 usually cause mail to be queued up and delivered later on.
3797 Prevent a CPU loop in trying to expand a macro which doesn't exist
3813 Jun-ichiro itojun Hagino of the KAME Project.
3815 higher has BSDI-style login classes. Patch from
3817 Unixware 7.1.1 doesn't allow h_errno to be set directly if
3818 sendmail is being compiled with -kthread. Problem
3822 DEVTOOLS: Do not pass make targets to recursive Build invocations.
3838 Prevent a segmentation fault when trying to set a class in
3839 address test mode due to a negative array index. Audit
3840 other array indexing. This bug is not believed to be
3843 Add an FFR (for future release) to drop privileges when using
3846 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS')
3849 Fix potential problem with Cyrus-SASL security layer which may have
3850 caused I/O errors, especially for mechanism DIGEST-MD5.
3851 When QueueSortOrder was set to host, sendmail might not read
3852 enough of the queue file to determine the host, making the
3853 sort sub-optimal. Problem noted by Jeff Earickson of
3857 Initialize Cyrus-SASL library before the SMTP daemon is started.
3858 This implies that every change to SASL related files requires
3869 Fix delivery to set-user-ID files that are expanded from aliases in
3872 Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano
3875 to EXPN/VRFY commands on systems which respond very slowly.
3882 Jun-ichiro itojun Hagino of the KAME Project.
3886 of the parameters to find Family= setting before trying to
3889 When delivering to a file directly from an alias, do not call
3897 socket. A future version may change this to per socket
3908 Jun-ichiro itojun Hagino of the KAME Project.
3920 FEATURE(`dnsbl') to blackholes.mail-abuse.org.
3934 CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark
3935 Roth of the University of Illinois at Urbana-Champaign.
3937 variables into bldOS, bldREL, and bldARCH to prevent
3940 RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It
3942 installations where sendmail is actually a wrapper to
3943 another MTA. The change will re-appear in a future
3948 VACATION: Fix pattern matching for addresses to ignore.
3949 VACATION: Don't reply to addresses of the form owner-*
3950 or *-owner.
3957 Fix SMTP EXPN command output if the address expands to a single
3966 Do not try to cache LDAP connections across processes as a parent
3971 Use Timeout.fileopen to limit the amount of time spent trying to
3980 Turn off queue checkpointing if CheckpointInterval is set to zero.
3982 non-existent instead of treating it as /. Problem noted by
3992 one of the others may be able to take over.
3993 Set the ${load_avg} macro to the current load average, not the
3995 If a non-optional map used in a check_* ruleset can't be opened,
3996 return a temporary failure to the remote SMTP client
4001 Fix a bug in the PH_MAP code which caused mail to bounce instead of
4003 Roth of the University of Illinois at Urbana-Champaign.
4004 Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and
4006 Change error code for unrecognized parameters to the SMTP MAIL and
4007 RCPT commands from 501 to 555 per RFC 1869. Problem
4008 reported to Postfix by Robert Norris of Monash University.
4009 Prevent overwriting the argument of -B on certain OS. Problem
4015 Move the NETINET6 define to devtools/OS/SunOS.5.{8,9}
4019 On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of
4022 On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which
4025 Avoid using the UCB subsystem on NCR MP-RAS 3.x. From
4037 CONFIG: Change 553 SMTP reply code to 501 to avoid problems with
4045 matches pre-8.10 nullclient behavior. From Per Hedeland of
4048 SMTP to all *smtp* mailers and those for RELAY to the relay
4052 MAKEMAP: Do not change a map's owner to the TrustedUser if using
4053 makemap to 'unmake' the map.
4054 RMAIL: Avoid overflowing the list of recipients being passed to
4056 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
4059 VACATION: Read the complete message to avoid "broken pipe" signals.
4066 SECURITY: If sendmail is installed as a non-root set-user-ID binary
4068 keep a saved-uid of the effective-uid when sendmail tries
4069 to drop all of its privileges. If sendmail needs to drop
4071 saved-uid as well, exit with an error. Problem noted by
4077 -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
4078 system and report broken implementations to
4079 sendmail-bugs@sendmail.org and your OS vendor. Problem
4095 don't properly seed the PRNG for OpenSSL but want to
4096 try to use STARTTLS despite the security problems.
4100 Add new macro ${auth_ssf} to reflect the SMTP AUTH security
4102 LDAP's -1 (single match only) flag was not honored if the -z
4115 they wish to also listen on IPv6 interfaces. Problem noted
4116 by Jun-ichiro itojun Hagino of the KAME Project.
4117 Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
4130 modifier in DaemonPortOptions to work properly, preserve
4134 responses to commands. Problem noted by Jeff Wasilko of
4137 to protect from a bug in Solaris 2.6's putc(). Problem
4139 The LDAP map -n option (return attribute names only) wasn't working.
4142 but would be bounced back to the sender as failed to be
4149 is defined to avoid a core dump due to incompatibilities
4155 to kilobyte units.
4158 attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
4164 Avoid getting into an endless loop if a non-hoststat directory exists
4167 Make sure Timeout.queuereturn=now returns a bounce message to the
4183 only the first to open the connection is allowed to close
4190 via callbacks to Cyrus SASL prior to version 1.5.23.
4194 Add the ability to read IPv6 interface addresses into class
4198 NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
4200 fails and the socket needs to be reopened. Patch
4204 Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
4205 for calls to getipnodebyname(). The Linux
4221 tags to the access database to support these policies. See
4223 CONFIG: Add TLS information to the Received: header.
4225 called due to a STARTTLS command.
4229 the access map and relaying to a domain without using a To:
4232 CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
4236 forwarding to make it as close to the old behavior as
4242 ldap_mailhost and ldap_mailroutingaddress to ldapmh and
4246 CONFIG: Apply blacklist_recipients also to hosts in class {w}.
4249 CONTRIB: Add link_hash.sh to create symbolic links to the hash
4251 CONTRIB: passwd-to-alias.pl: More protection from special characters;
4257 CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
4259 CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
4262 calling re-mqueue.pl) and movemail.conf (configuration
4264 CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
4267 extension modifications (e.g., MAN8EXT) to the installation
4271 DEVTOOLS: New option confLN contains the command used to create
4278 -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
4279 MAILSTATS: Fix usage statement (-p and -o are optional).
4281 and -man on Solaris 7. Patch from Larry Williamson.
4287 to respond instead of stopping after finding recipient.
4299 On Linux, a normal user process has the ability to subvert
4301 process to drop its privileges. Problem noted by Wojciech
4309 SECURITY: Limit the choice of outgoing (client-side) SMTP
4310 Authentication mechanisms to those specified in
4311 AuthMechanisms to prevent information leakage. We do not
4313 password in clear text to possibly untrusted servers. See
4315 Copy the ident argument for openlog() to avoid problems on some
4326 Fix queue file permission checks to allow for TrustedUser ownership.
4327 Change logging of errors from the trust_auth ruleset to LogLevel 10
4335 Ensure that a header check which resolves to $#discard actually
4339 attempted to the alias.
4343 SECURITY: Specify a run-time shared library search path for
4350 DGUX requires -lsocket -lnsl and has a non-standard install
4353 Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X
4355 Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3).
4358 Modern (post-199912) OpenBSD versions include working
4363 CONFIG: Change error message about unresolvable sender domain to
4368 to be backward compatible with 8.9.
4370 to allow for +*@domain to deal with +detail.
4371 CONTRIB: Remove converting.sun.configs -- it is obsolete.
4374 DEVTOOLS: Add to NCR platform list and include the architecture
4377 libraries to work around the AIX 4.X and SunOS 4.X linker's
4378 overloaded -L option. Problem noted by Valdis Kletnieks of
4387 map name to determine whether or not to add the extension.
4390 LIBSMDB: Allow a database to be opened for updating and created if
4394 available, fall back to NDBM if NEWDB open fails. This
4401 PRALIASES: Restore 8.9.X functionality of being able to search for
4407 VACATION: Fix -t option which is ignored but available for
4431 * This release is dedicated to her memory and to the joy, *
4432 * strength, ideals, and hope that she brought to all of us. *
4436 links to make sure the files can't be compromised due
4437 to poor permissions on the parent directories of the
4463 distributions), use memory-buffered files to reduce
4466 New option DataFileBufferSize to control the maximum size of a
4467 memory-buffered data (df) file before a disk-based file is
4469 New option XscriptFileBufferSize to control the maximum size of a
4470 memory-buffered transcript (xf) file before a disk-based
4475 to run a Message Submission Agent (MSA); this is turned
4476 on by default in m4-generated .cf files; it can be turned
4481 The new '-G' (relay (gateway) submission) command line option
4487 The '-U' (initial user submission) command line option is
4489 Mail user agents should begin using '-G' to indicate that
4490 this is a relay submission (the inverse of -U).
4494 If sendmail doesn't have enough privileges to run a .forward
4495 program or deliver to file as the owner of that file, the
4497 set, users won't be able to use programs or delivery to
4499 this by setting the DontBlameSendmail option to the new
4502 on the directory and DontBlameSendmail is set to
4505 Prevent logging of unsafe directory paths for non-existent forward
4508 New Timeout.control option to limit the total time spent satisfying
4510 New Timeout.resolver options for controlling BIND resolver
4512 Timeout.resolver.retrans
4513 Sets the resolver's retransmission time interval (in
4514 seconds). Sets both Timeout.resolver.retrans.first
4515 and Timeout.resolver.retrans.normal.
4516 Timeout.resolver.retrans.first
4517 Sets the resolver's retransmission time interval (in
4518 seconds) for the first attempt to deliver a message.
4519 Timeout.resolver.retrans.normal
4520 Sets the resolver's retransmission time interval (in
4521 seconds) for all resolver lookups except the first
4523 Timeout.resolver.retry
4524 Sets the number of times to retransmit a resolver
4525 query. Sets both Timeout.resolver.retry.first
4526 and Timeout.resolver.retry.normal.
4527 Timeout.resolver.retry.first
4528 Sets the number of times to retransmit a resolver
4529 query for the first attempt to deliver a message.
4530 Timeout.resolver.retry.normal
4531 Sets the number of times to retransmit a resolver
4532 query for all resolver lookups except the first
4535 Support multiple queue directories. To use multiple queues, supply
4538 directories or symbolic links to directories beginning with
4543 given on a non-daemon queue run. New items are randomly
4544 assigned to a queue. Contributed by Exactis.com, Inc.
4546 subdirectories or symbolic links to directories of those names
4552 New queue file naming system which uses a filename guaranteed to be
4553 unique for 60 years. This allows queue IDs to be assigned
4557 Messages which are undeliverable due to temporary address failures
4558 (e.g., DNS failure) will now go to the FallBackMX host, if
4560 New command line option '-L tag' which sets the identifier used for
4564 to run the queue. Contributed by Exactis.com, Inc.
4568 Allow trusted users (those on a T line or in $=t) to set the
4569 QueueDirectory (Q) option without an X-Authentication-Warning:
4574 In low-disk space situations, where sendmail would previously refuse
4578 The [IPC] builtin mailer now allows delivery to a UNIX domain socket
4583 S=10, R=20/40, T=DNS/RFC822/X-Unix,
4594 PrivacyOptions=nobodyreturn instructs sendmail not to include the
4599 Accept the SMTP RSET command even when rejecting commands due to TCP
4604 Mitchell Blank Jr of Exec-PC.
4605 Do not report temporary failure on delivery to files. In
4609 Check file close when mailing to files. Problem noted by Nik
4613 Always bind to the LDAP server regardless of whether you are using
4616 New ruleset trust_auth to determine whether a given AUTH=
4621 similar to check_rcpt etc.
4644 Write pid to file also if sendmail only processes the queue.
4647 New macro ${load_avg} can be used to check the current load average.
4649 Return-Receipt-To: header implies DSN request if option RrtImpliesDsn
4651 Flag -S for maps to specify the character which is substituted
4653 Flag -D for maps: perform no lookup in deferred delivery mode.
4658 New option MaxHeadersLength allows to specify a maximum length
4659 of the sum of all headers. This can be used to prevent
4660 a denial-of-service attack.
4663 is intended to protect mail user agents from buffer
4665 Added option MaxAliasRecursion to specify the maximum depth of
4667 New flag F=6 for mailers to strip headers to seven bit.
4668 Map type syslog to log the key via syslogd.
4671 New option DeadLetterDrop to define the location of the system-wide
4672 dead.letter file, formerly hardcoded to
4674 default), sendmail will not attempt to save to a
4675 system-wide dead.letter file if it can not bounce the mail
4676 to the user nor postmaster. Instead, it will rename the qf
4679 New option PidFile to define the location of the pid file. The
4695 The latter is only set if the interface does not belong to the
4702 ${currHeader} (possibly truncated to MAXNAME). Suggested by
4703 Jan Krueger of Unix-AG of University of Hannover.
4705 H*: allows to specify a default ruleset for header checks. This
4708 Krueger of Unix-AG of University of Hannover.
4712 to 9. For example, "R$+ ( 1 ) $@ 1" matches the
4714 Avoid removing the Content-Transfer-Encoding MIME header on
4718 Avoid duplicate Content-Transfer-Encoding MIME header on
4719 messages with 8-bit text in headers. Problem noted by
4722 Avoid keeping maps locked longer than necessary when re-opening a
4725 Resolving to the $#error mailer with a temporary failure code (e.g.,
4728 Be more liberal in acceptable responses to an SMTP RSET command as
4729 standard does not provide any indication of what to do when
4732 New option TrustedUser allows to specify a user who can own
4736 Fix another instance (similar to one in 8.9.3) of a network failure
4737 being mis-logged as "Illegal Seek" instead of whatever
4739 $? tests also whether the macro is non-null.
4742 New mailer equate /= to specify a directory to chroot() into before
4744 New mailer equate W= to specify the maximum time to wait for the
4745 mailer to return after sending all data to it.
4752 When using the UserDB @hostname catch-all, do not try to lookup
4754 already decided the message will be passed to another host
4759 '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The
4760 distinguished_name is who to login as. The method can be
4766 The ldapx map has been renamed to ldap. The use of ldapx is
4768 If the result of an LDAP search returns a multi-valued attribute
4772 automatically set the column delimiter to the comma.
4776 values to be returned should be in a comma separated string.
4777 For example, `-v "email,emailother"'. Patch from
4784 needed for LDAP alias file specifications to allow for
4786 Keep connections to LDAP server open instead of opening and closing
4787 for each lookup. To reduce overhead, sendmail will cache
4790 a single connection to that host.
4794 Use asynchronous LDAP searches to save memory and network
4797 Increase portability to the Netscape LDAP libraries.
4799 replaced with the literal contents of the map lookup key --
4802 of '%s' to encode the key buffer according to RFC 2254.
4803 For example, if the LDAP map specification contains '-k
4805 equivalent to '-k "(user=*)"' -- matching ANY record with a
4807 contains '-k "(user=%0)"' and a lookup is done on "*", this
4808 would be equivalent to '-k "(user=\2A)"' -- matching a user
4810 New LDAP map flags: "-1" requires a single match to be returned, if
4811 more than one is returned, it is equivalent to no records
4812 being found; "-r never|always|search|find" sets the LDAP
4813 alias dereference option; "-Z size" limits the number of
4814 matches to return.
4817 settings such as "-h host -p port -d bindDN", etc. The
4828 On network-related temporary failures, record the hostname which
4831 Add new F=% mailer flag to allow for a store and forward
4835 -qI/-qR/-qS queue run modifiers or an ETRN request. Code
4838 control socket. This socket allows an external program to
4840 via a named socket, similar to the ctlinnd interface to the
4841 INN news server. Access to this interface is controlled by
4845 Change the default values of QueueLA from 8 to (8 * numproc) and
4846 RefuseLA from 12 to (12 * numproc) where numproc is the
4850 Don't return body of message to postmaster on "Too many hops" bounces.
4861 LogLevel to 10 will now assist users in tracking frequent
4862 connection-based denial of service attacks.
4872 of the University of Illinois at Urbana-Champaign.
4876 Do not report a Remote-MTA on local deliveries. Problem noted by
4878 When a forward file points to an alias which runs a program, run
4884 Prevent attempts to save a dead.letter file for a user with
4892 helpful to know the sender of the message.
4895 Prevent multiple responses to the DATA command if DeliveryMode is
4896 interactive and delivering to an alias which resolves to
4907 Use fsync() when delivering to a file to guarantee the delivery to
4909 If delivery to a file is unsuccessful, truncate the file back to its
4911 If a forward points to a filename for delivery, change to the
4913 allows delivery to files on NFS mounted directories where
4914 root is remapped to nobody. Problem noted by Harald
4916 purgestat and sendmail -bH purge only expired (Timeout.hoststatus)
4923 macro map class. This can be used to store information
4925 Based on an idea from Jan Krueger of Unix-AG of University
4927 New map class arith to allow for computations in rules. The
4928 operation (+, -, *, /, l (for less than), and =) is given
4933 Add new syntax for header declarations which decide whether to
4936 H?${MyMacro}?X-My-Header: ${MyMacro}
4938 It can be used for adding headers to a message based on
4941 all of the headers have been collected. The input to the
4944 the macro storage map can be used to correlate information
4945 gathered between headers and to check for missing headers.
4947 Change the default for the MeToo option to True to correspond
4948 to the clarification in the DRUMS SMTP Update spec. This
4951 Change the sendmail binary default for SendMimeErrors to True.
4952 Change the sendmail binary default for SuperSafe to True.
4958 using it to sort. Now all the same domains are really run
4960 then they will have a much better opportunity to use the
4966 New "now" value for Timeout.queuereturn to bounce entries from the
4969 up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}-
4971 New option ClientPortOptions similar to DaemonPortOptions
4976 b bind to interface through which mail has
4986 The version number for queue files (qf) has been incremented to 4.
4988 to 10 or higher. Suggested by Rick Troxel of the National
4992 Limit the length of all MX records considered for delivery to 8k.
4993 Move message priority from sender to recipient logging. Suggested by
4997 Requires a post-2.7.5 version of Berkeley DB.
4998 Support writing traffic log (sendmail -X option) to a FIFO.
5001 sub-options is set on the command line. Problem noted by
5004 attempted via a new connection to a host instead of once per
5007 Add [hostname] to class w for the names of all interfaces unless
5009 to hosts which have dynamically assigned names.
5010 If a message is bounced due to bad MIME conformance, avoid bouncing
5011 the bounce for the same reason. If the body is not 8-bit
5012 clean, and EightBitMode isn't set to pass8, the body will
5016 '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which
5018 This will detect the inability to send information quicker
5019 and reduce the number of processes simply waiting to
5025 Add a compile-time configuration macro, MAXINTERFACES, which
5026 indicates the number of interfaces to read when probing
5030 If the RefuseLA option is set to 0, do not reject connections based
5032 Allow ruleset 0 to have a name. Problem noted by Neil Rickert of
5034 Expand the Return-Path: header at delivery time, after "owner-"
5036 Don't try to sort the queue if there are no entries. Patch from
5038 Add a "/quit" command to address test mode.
5039 Include the proper sender in the UNIX "From " line and Return-Path:
5040 header when undeliverable mail is saved to ~/dead.letter.
5043 The contents of a class can now be copied to another class using
5047 split (owner-) envelopes to see the original errors when
5052 Prevent a segmentation fault when bouncing a split-envelope
5054 If the specification for the queue run interval (-q###) has a
5056 Pay attention to CheckpointInterval during LMTP delivery. Problem
5058 On operating systems which have setlogin(2), use it to set the
5059 login name to the RunAsUserName when starting as a daemon.
5060 This is for delivery to programs which use getlogin().
5066 Prevent a core dump when using 'sendmail -bv' on an address which
5067 resolves to the $#error mailer with a temporary failure.
5070 Prevent multiple deliveries of a message with a "non-local alias"
5071 pointing to a local user, if canonicalization fails
5072 the message was requeued *and* delivered to the alias.
5074 ignored and its rules added to S0. Instead, ignore the
5076 Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient
5078 single address due to S5 and UserDB processing. Problems
5081 Turn off timeouts when exiting sendmail due to an interrupt signal
5082 to prevent the timeout from firing during the exit process.
5084 Do not append @MyHostName to non-RFC822 addresses output by the EXPN
5085 command or on Final-Recipient: and X-Actual-Recipient: DSN
5086 headers. Non-RFC822 addresses include deliveries to
5088 Fix logic for determining if a local user is using -f or -bs to
5093 owned by a uid that doesn't map to a username and the
5094 :include: file contains delivery to a file or program.
5096 Avoid the attempt of trying to send a second SMTP QUIT command if
5097 the remote server responds to the first QUIT with a 4xx
5100 sendmail was talking to the Mercury 1.43 MTA.
5105 Handle aliases or forwards which deliver to programs using tabs
5109 Allow MaxRecipientsPerMessage option to be set on the command line
5111 privileges) to allow overrides for message submission via
5112 'sendmail -bs'.
5113 Set the names for help file and statistics file to "helpfile" and
5116 Avoid bogus 'errbody: I/O Error -7' log messages when sending
5117 success DSN messages for messages relayed to non-DSN aware
5120 Prevent +detail information from interfering with local delivery to
5122 Add H_FORCE flag for the X-Authentication-Warning: header, so it
5130 Properly process user-supplied headers beginning with '?'. Problem
5132 If multiple header checks resolve to the $#error mailer, use the
5135 RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch
5137 Timeout.ident now defaults to 5 seconds instead of 30 seconds to
5138 prevent the now common delays associated with mailing to a
5141 is available in the in-memory cache. Problem noted by Per
5149 hops to break the line again. The '!' is now placed in
5150 the last column of the limit if the line needs to be broken.
5153 If a resolver ANY query is larger than the UDP packet size, the
5154 resolver will fall back to TCP. However, some
5158 If an SMTP recipient is rejected due to syntax errors in the
5160 to the postmaster. Problem noted by Neil Rickert of
5168 Use a more descriptive entry to log "null" connections, i.e.,
5178 This allows network interface probing to work
5188 Digital UNIX has uname(2).
5209 NCR MP-RAS 3.x includes regular expression support. From
5211 NEC EWS-UX/V series settings for _PATH_VENDOR_CF and
5215 NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and
5218 Use NeXT's NETINFO to get domain name. From Gerd Knops of
5231 New compile flag HASRANDOM: set this to 0 if your OS does
5240 Use the 60-second load average instead of the 5 second load
5241 average on Compaq Tru64 UNIX (formerly Digital
5249 HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori
5251 New compile flag NO_GETSERVBYNAME: set this to disable
5254 HI-UX. Patch from Motonori NAKAMURA of Kyoto
5261 Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
5262 Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD,
5273 CONFIG: Increment version number of config file to 9.
5277 CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This
5281 CONFIG: A syntax error in check_mail would cause fake top-level
5282 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to
5284 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of
5291 From:, To:) to enable finer control.
5311 confTO_RESOLVER_RETRANS Timeout.resolver.retrans
5312 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first
5313 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal
5314 confTO_RESOLVER_RETRY Timeout.resolver.retry
5315 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first
5316 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal
5322 CONFIG: Add a fifth mailer definition to MAILER(`smtp') called
5323 "dsmtp". This mail provides on-demand delivery using the
5326 to "IPC $h".
5331 the DSN Diagnostic-Code type for the local mailer. The
5333 CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type
5334 for the local mailer to the proper value of "SMTP".
5339 to get the old behavior. Suggested by Joe Pruett
5347 i.e., a list of domains which are passed to $[ ... $]
5354 nevertheless added to addresses with more than one component
5360 FEATURE(`virtuser_entire_domain') can be used to apply this
5361 class also to entire subdomains. Hosts in this class are
5365 include $={VirtHost} in $=R (hosts allowed to relay).
5366 CONFIG: FEATURE(`generics_entire_domain') can be used to apply the
5367 genericstable also to subdomains of $=G.
5372 CONFIG: Allow @domain in genericstable to override masquerading.
5374 CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve
5383 CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed
5389 CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags
5392 CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path:
5397 CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS;
5398 i.e., to set, add, or delete flags.
5405 feature files to allow greater flexibility in use of
5407 CONFIG: New macro LOCAL_MAILER_EOL to override the default end of
5411 converted to <user@d>
5415 normal configuration, allowing anti-spam checks to be
5424 which describes whether to disallow "!" in the local part
5427 to rewrite an address from a mailer which has the F=5 flag
5430 CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4
5435 CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
5442 mailer definition flags. This makes it possible to use
5447 CONFIG: Add SMTP Authentication information to Received: header
5451 CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the
5454 Illinois at Urbana-Champaign.
5457 CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle
5459 CONTRIB: Added qtool.pl to assist in managing the queues.
5463 DEVTOOLS: 'Build -M' will display the obj.* directory which will
5465 DEVTOOLS: 'Build -A' will display the architecture that would be
5468 DEVTOOLS: New variable confRANLIBOPTS for the options to send to
5470 DEVTOOLS: 'Build -O <path>' will have the object files build in
5486 correspond to confOBJADD and confSMOBJADD respectively.
5489 will be passed to the 'make depend' stage of compilation.
5498 DEVTOOLS: Don't allow 'Build -f file' if an object directory already
5500 DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies
5501 the path to the sendmail source directory. confSRCDIR is a
5507 DEVTOOLS: confSBINGRP now defaults to bin instead of kmem.
5508 DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for
5510 Complains as 'Build -f file' does for existing object
5511 directories. Suggested by Tom Smith of Digital Equipment
5522 DEVTOOLS: confSTFILE and confHFFILE can be used to change the names
5524 DEVTOOLS: Remove spaces in `uname -r` output when determining
5527 DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that
5529 Defaults to "/lib /usr/lib /usr/shlib".
5531 how to strip binaries. These are used by the new
5532 install-strip target.
5537 MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local
5540 to set the S flag.
5544 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise
5549 -lmail. Patch from Neil Rickert of Northern Illinois
5551 MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is
5556 structure to the beginning of the program. This ensures that
5557 the getservbyname() is done before any seteuid to a possibly
5560 "authdes_refresh: keyserv(1m) is unable to encrypt session
5564 set to the gid to use (-DMAILGID=6) when compiling.
5568 line up into 2046-character output lines (excluding the
5571 mail.local saw it as the end of input, transferred it to the
5572 user mailbox and tried to write an `ok' back to sendmail.
5574 mail.local would deadlock waiting for each other to read
5577 MAIL.LOCAL: New option -b to return a permanent error instead of a
5580 MAIL.LOCAL: The creation of a lockfile is subject to a global
5581 timeout to avoid starvation.
5583 local-parts. Problem noted by Ronald F. Guilmette of
5586 MAILSTATS: New -p option to invoke program mode in which stats are
5591 generated maps to the TrustedUser as specified in the
5593 MAKEMAP: New -C option to accept an alternate sendmail
5594 configuration file to use for finding the TrustedUser
5596 MAKEMAP: New -u option to dump (unmap) a database. Based on
5598 MAKEMAP: New -e option to allow empty values. Suggested by Philip
5600 MAKEMAP: Compile cleanly on 64-bit operating systems. Problem
5614 alias file(s) if the -f option is not used. Patch from
5616 PRALIASES: New -C option to specify an alternate sendmail
5617 configuration file to use for finding alias file(s). Patch
5624 VACATION: Added vacation auto-responder to sendmail distribution.
5632 All the manual pages are now written against -man and not
5633 -mandoc as they were previously.
5634 Add a simple Makefile to every directory so make instead
5656 cf/cf/generic-linux.cf
5657 cf/cf/generic-linux.mc
5668 contrib/bounce-resender.pl
5714 SECURITY: Limit message headers to a maximum of 32K bytes (total
5715 of all headers in a single message) to prevent a denial of
5720 was closed due to an earlier failure. Problem noted by
5725 will allow PGP signatures to function properly. Problem
5727 If ruleset 5 rewrote the local address to an :include: directive,
5731 Allow -T to work for bestmx maps. Fix from Aaron Schrab of
5739 Prevent multiple deliveries on a self-referencing alias if the
5748 in SMTP (-bs) mode, since this might be called from inetd.
5749 Accept any 3xx reply code in response to DATA command instead of
5750 requiring 354. This change will match the wording to be
5757 not be used. It conflicts with the resolver
5761 to add it back in their site.config.m4 file.
5770 Linux doesn't have a standard way to get the timezone
5772 change in 8.9.2 and don't attempt to derive
5774 of the University of Illinois at Urbana-Champaign
5776 Reliant UNIX, the new name for SINIX, from Gert-Jan Looy
5779 CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper
5782 CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly
5785 CONFIG: Properly handle source routed and %-hack addresses on
5786 hosts which the mailertable remaps to local:. Patch from
5794 cause later checks to fail. Patch from Paul J Murphy of
5803 due to an accept() failure. This sleep could be used
5815 noetrn flag. This is scheduled to change in a future
5819 When trying to do host canonification in a Wildcard MX
5823 Reject SMTP RCPT To: commands with only comments (i.e.
5824 'RCPT TO: (comment)'. Problem noted by Earle Ake of
5828 Clear ldapx open timeouts even if the map open failed to prevent
5832 verification (-bv). Problem noted by Kari Hurtta of the
5834 Continue to perform queue runs while in daemon mode even if the
5835 daemon is rejecting connections due to a disk full
5848 the map file descriptor. Thanks to Yoseff Francus of
5853 On mailq and hoststat listings being piped to another program, such
5859 failures unless the -t flag is used in the map definition.
5867 When automatically converting from 8 bit to quoted printable MIME,
5868 be careful not to miss a multi-part boundary if that
5869 boundary is preceded by a boundary-like line. Problem
5877 If the check_compat ruleset resolves to the $#discard mailer,
5881 Claus Assmann of Christian-Albrechts-University of Kiel.
5893 Break out IP address to hostname translation for
5897 AIX 4.x use -qstrict with -O3 to prevent the optimized
5906 IRIX 6.5 64-bit Build support.
5913 NCR MP-RAS 3.x needs -lresolv for confLIBS. From
5915 NeXT 4.x correction to man page path. From J. P. McCann
5917 System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs)
5927 Claus Assmann of Christian-Albrechts-University of Kiel.
5928 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as
5933 when stripping down a recipient address to check for
5935 Christian-Albrechts-University of Kiel and Neil W Rickert
5937 CONFIG: Allow the access database to override RBL lookups. Patch
5938 from Claus Assmann of Christian-Albrechts-University of
5943 from Claus Assmann of Christian-Albrechts-University of
5950 Claus Assmann of Christian-Albrechts-University of Kiel.
5957 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in
5964 the -s flag. Problem noted by Curt Sampson of Internet
5982 Fix segmentation fault while converting 8 bit to 7 bit MIME
5983 multipart messages by trying to write to an unopened
5995 If the check_relay ruleset resolved to the discard mailer, messages
5997 Mail delivery to files would fail with an Operating System Error
5999 Problem noted by Leonard N. Zubkoff of Dandelion Digital.
6010 Move creation of empty sendmail.st file from installation to
6011 compilation. Installation may be done from a read-only
6026 non-local deliveries, if the message is larger than the
6035 BSD-OS uses .0 for man page extensions. From Jeff Polk
6044 CONFIG: Do not pass spoofed PTR results through resolver for
6046 Digital Valley Internet Professionals; fix from
6048 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP,
6054 OP.ME: Corrections to complex sendmail startup script from Rick
6056 RMAIL: Do not install rmail by default, require 'make force-install'
6063 SECURITY: To prevent users from reading files not normally
6067 which need the ability to override security can use the
6072 This fixes the change added to 8.8.6 to prevent links in these
6076 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the
6077 tty it may be able to push bytes back to the senders input.
6078 Unfortunately this breaks -v mode. Problem noted by
6081 SECURITY: Empty group list if DontInitGroups is set to true to
6083 privileges. Problem reported by Wolfgang Ley of DFN-CERT.
6084 SECURITY: The default value for DefaultUser is now set to the uid and
6086 that has a non-zero uid. If none of these exist, sendmail
6087 reverts back to the old behavior of using uid 1 and gid 1.
6092 SECURITY: Since 8.8.7, the check for non-set-user-ID binaries
6098 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users
6099 which previously defined OLD_NEWDB=1 must now upgrade to the
6102 From Jan Krueger of Unix-AG of University of Hannover.
6112 last argument was either "-q" or "-d". Problem noted by
6116 Macro-expand the contents of the ErrMsgFile. Previously this was
6117 only done if you had magic characters (0x81) to indicate
6119 real dollar signs have to be backslash escaped.
6125 DSN success bounces generated from an invocation of sendmail -t
6126 would be sent to both the sender and MAILER-DAEMON.
6128 Christian-Albrechts-University of Kiel.
6133 the need to use tricks like $(dequote "" $&{client_name} $)
6134 to cause the ${client_name} macro to be properly tokenized.
6138 starts returning "452 Too many recipients" to all RCPT
6139 commands. This can be used to limit the number of recipients
6140 per envelope (in particular, to discourage use of the server
6141 for spamming). Note: a better approach is to restrict
6143 Fixed pointer initialization for LDAP lmap struct, fixed -s option
6144 to ldapx map and added timeout for ldap_open call to
6147 Allow multiple -qI, -qR, or -qS queue run limiters. For example,
6148 '-qRfoo -qRbar' would deliver mail to recipients with foo or
6152 passed a column delimiter via the -z map flag. This can be
6153 used to check if the server is an MX server for the recipient
6154 of a message. This can be used to help prevent relaying.
6155 Patch from Mitchell Blank Jr of Exec-PC.
6156 Mark failures for the *file* mailer and return bounce messages to the
6164 when the -v flag is given (i.e., sendmail -bt -v) to make
6165 output easier to decipher. Problem noted by Aidan Nichol
6167 The LDAP map -s flag was not properly parsed and the error message
6171 New DontBlameSendmail option. This option allows administrators to
6207 New DontProbeInterfaces option to turn off the inclusion of all the
6211 sent to those addresses will be bounced.
6214 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command.
6216 Add PrivacyOptions=noverb flag to disable the SMTP VERB command.
6222 New map flag: -Tx appends "x" to lookups that return temporary failure
6223 (i.e, it is like -ax for the temporary failure case, in
6224 contrast to the success case).
6225 New syntax to do limited checking of header syntax. A config line
6228 causes the indicated Ruleset to be invoked on the Header
6229 when read. This ruleset works like the check_* rulesets --
6231 Limit the size of the HELO/EHLO parameter to prevent spammers
6234 When SingleThreadDelivery is active, deliveries to locked hosts
6235 are skipped. This will cause the delivering process to
6238 The [FILE] mailer type now delivers to the file specified in the
6242 a mailer which delivers to the same file regardless of the
6243 recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail).
6247 Change semantics of the F=S mailer flag back to 8.7.5 behavior.
6251 No longer is the src/obj*/Makefile selected from a large list -- it
6252 is now generated using the information in BuildTools/OS/ --
6255 The other programs in the sendmail distribution -- mail.local,
6256 mailstats, makemap, praliases, rmail, and smrsh -- now use
6259 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e.,
6260 a failure on one message won't affect future messages to the
6263 as is common in anti-spam configurations. Problem noted
6264 by Mitchell Blank Jr of Exec-PC.
6266 rulesets. If one of the above rulesets resolves to the
6270 resolves to the $#discard mailer, none of the recipients
6276 Syslog an error if a user forward file could not be read due to
6281 macros when delivering a bounce message to prevent
6284 If the check_relay ruleset resolves to the the error mailer, the
6286 in the rejection message given to the remote machine.
6301 which have owner- aliases. Problem noted by Kari Hurtta
6303 Properly display delayed-expansion macros ($&{macroname}) in
6304 address test mode (-bt). Problem noted by Bryan Costales
6306 -qR could sometimes match names incorrectly. Problem noted by
6315 username@site to differentiate the two. Suggested by
6320 replaced by ':' instead of '|' to avoid clashes. Also
6322 Mitchell Blank Jr. of Exec-PC.
6323 If the system lock table is full, only attempt to create a new
6326 to run out of inodes. Problem noted by Suzie Weigand of
6332 Properly quote a full name passed via the -F command line option,
6333 the Full-Name: header, or the NAME environment variable if
6342 Digital Equipment Corporation.
6352 Digital UNIX now uses statvfs for determining free
6355 HP-UX 11.x from Richard Allen of Opin Kerfi HF and
6365 to sendmail. Install with group bin instead of kmem
6375 CONFIG: add DATABASE_MAP_TYPE to set the default type of database
6380 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for
6382 is used. This is expected to be the mail.local shipped
6385 CONFIG: Use confEBINDIR in determining path to smrsh for
6387 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the
6389 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to
6391 the user to setup different .forward files for
6394 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage,
6397 from outside your domain and sending it to another host
6399 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from
6400 any site to any site.
6402 domain as defined by the 'm' class ($=m) to relay.
6403 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on
6406 feature. This database gives you the ability to allow
6407 or refuse to accept mail from specified domains for
6411 used for class 'R'. Defaults to /etc/mail/relay-domains.
6413 to add items to class 'R' ($=R) for hosts allowed to relay.
6414 CONFIG: new FEATURE(relay_hosts_only) to change the behavior
6415 of FEATURE(access_db) and class 'R' to lookup individual
6423 CONFIG: new FEATURE(relay_local_from) to allow relaying if the
6428 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to
6432 refused if the host part of the argument to MAIL FROM: cannot
6440 server to contact by specifying it as an optional argument.
6451 default to support file, :include:, and program deliveries.
6456 no-op. Patch from Kari Hurtta of the Finnish
6458 CONFIG: OSTYPE(osf1) now sets DefaultUser (confDEF_USER_ID) to
6460 sender if run as mailnull. See the Digital UNIX section
6469 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This
6470 SMTP-like protocol allows detailed reporting of delivery
6471 status on a per-user basis. Code donated by John Myers of
6473 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the
6475 compatible with the stock HP-UX mail format. Be sure to
6487 MAKEMAP: New -s flag to ignore safety checks on database map files
6498 src/Makefiles/Makefile.* files have been modified to use
6500 src/makesendmail changed to symbolic link to src/Build.
6504 BuildTools/M4/depend/CC-M.m4
6512 BuildTools/OS/HP-UX.11.x
6528 cf/cf/generic-hpux10.cf
6589 add additional bounces to it. Problem noted by Thomas J.
6591 If an SMTP mailer used a non-standard port number for the outgoing
6595 to internal form. Suggested by Bob Kupiec of GES-Verio.
6597 User unknown with bogus delay= values. Change them to log
6600 Ignore the debug resolver option unless using sendmail debug trace
6601 option for resolver. Problem noted by Greg Nichols of Wind
6606 unlocked so other sendmail processes could not deliver to
6608 If queueing up a message due to an expensive mailer, don't increment
6614 "Processed by _username_ with -C _filename_" would be logged
6619 Jon Lewis of Florida Digital Turnpike.
6625 Do not log failures such as "User unknown" on -bv or SMTP VRFY
6628 Do not send a bounce message back to the sender regarding bad
6632 Use "localhost" instead of "[UNIX: localhost]" when connecting to
6634 $&{client_name} to process without sending the string through
6637 and the inability to save a bounce message to
6638 /var/tmp/dead.letter would cause sendmail to send a bounce
6639 to postmaster but not remove the offending envelope from the
6640 queue causing it to create a new bounce message each time the
6647 Starting with sendmail 8.8.6, mail sent with the '-t' option would be
6649 behavior was modified to only reject the bad addresses and not
6652 Use Timeout.fileopen when delivering mail to a file. Suggested by
6654 Display the proper Final-Recipient on DSN messages for non-SMTP
6658 for logging deliveries could cause an address to be silently
6662 Problem noted by Jon Lewis of Florida Digital Turnpike.
6669 Make sure non-rebuildable database maps are opened before the
6679 use other LDAP servers to be checked. Fix from Booker Bense
6681 When automatically converting from quoted printable to 8bit text do
6685 Non-standard C compilers may have had a problem compiling
6686 conf.c due to a standard C external declaration of
6692 Digital UNIX: Digital UNIX (and possibly others) moves
6700 chownsafe() to always return 0 even if the OS does
6703 IRIX6: Syslog buffer size set to 512 bytes. Reported by
6706 Jon Lewis of Florida Digital Turnpike.
6725 an exclusive lock already set -- i.e., almost all systems
6726 except 4.4-BSD derived systems), the initial attempt at
6740 duration of the queue run, causing other processes to hang.
6742 In some cases, NoRecipientAction=add-bcc was being ignored, so the
6751 Avoid extra calls to gethostbyname for addresses for which a
6756 have to assume that the information is good.
6760 Better handling of non-set-user-ID binaries -- avoids certain obnoxious
6769 On some non-Posix systems, the decision of whether chown(2) permits
6772 Fix race condition that could cause the body of a message to be
6786 This out to be checked as well as reported, since it is
6787 theoretically possible for an attacker to remove a file after
6789 same i-number, but some filesystems (notably AFS) return
6793 and on no filesystem (that I am aware of) is it possible to
6794 have two files on the same filesystem with the same i-number
6796 Delete the root Makefile from the distribution -- it is only for
6799 transaction to clear the entire transaction. Problem
6802 a trailing slash. (And a pox on vendors that decide to
6805 Internal changes to make it easier to add another protocol family
6808 In certain cases, 7->8 bit MIME decoding of Base64 text could leave
6813 Allow _PATH_VENDOR_CF to be set in Makefile for consistency
6821 SunOS: Include <memory.h> to fix warning from util.c. From
6823 Solaris: Change STDIR (location of status file) to /etc/mail
6825 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from
6827 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl
6829 Add SIOCGIFNUM_IS_BROKEN compile flag to get
6832 HP-UX 9.x: fix compile warnings for old select API. Problem
6833 noted by Tom Smith of Digital Equipment Corp.
6838 the "length" parameters passed to accept, getpeername,
6849 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1)
6851 CONFIG: NEXTSTEP: define confCW_FILE to
6852 /etc/sendmail/sendmail.cw to match the usual
6856 time. Convert to use the HylaFAX 4.0 conventions. Suggested
6858 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These
6866 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'.
6871 cf/ostype/sco-uw-2.1.m4
6883 mode bits set to create a file that is a symbolic link that
6884 points nowhere. This makes it possible to create a root
6889 and symbolic links was HP-UX prior to version 9.07. Most
6892 verified to NOT have the problem include AIX 3.x, *BSD,
6893 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris,
6895 have this bug and which do not have a MAILER-DAEMON alias
6897 mail to be dropped in /var/tmp/dead.letter.
6901 is potentially possible for an attacker to replace the .db
6903 another database; this can be used either to expose
6905 and probing for accounts), or as a denial-of-service attack
6910 directories to be fatal errors. This does not represent an
6916 similar to the previous case for user files. This change
6917 should not affect most systems, but is necessary to prevent
6921 have a safe (restricted to root) chown even on files that
6922 are mounted from another system that allows owners to give
6925 been verified to be at least as paranoid as necessary.
6926 However, it is possible to relax the rules to partially
6929 :include: file (referenced directly from /etc/aliases) to
6930 become another non-root user if the :include: file is in a
6931 non-writable directory on an NFS-mounted filesystem where
6933 actually permitted. I believe this to be a very small set
6935 NFS-mounted filesystems.
6944 by Wolfgang Ley of DFN-CERT.
6945 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a
6946 failure on one message won't affect future messages to the
6952 back to the sender. Problem reported by Stephen More of
6954 Change SMTP status code 553 to map into Extended code 5.1.0 (instead
6960 Code changes to avoid possible reentrant call of malloc/free within
6963 Move map initialization to be earlier so that check_relay ruleset
6968 Avoid "cannot open xfAAA00000" messages when sending to aliases that
6969 have errors and have owner- aliases. Problem noted by Michael
6972 multipart/mixed Content-Type: header. Problem noted by
6974 Always print error messages during newaliases (-bi) even if the
6975 ErrorMode is not set to "print". Fix from Gregory Neil
6980 If DNS is misconfigured so that the last MX record tried points to
6982 pointed to something reasonable, don't bounce the message
7001 non-functional -- either the entire queue was processed or
7005 If there is a fatal ("panic") message that will cause sendmail to
7008 Force ErrorMode=print in -bt mode so that all errors are printed
7013 The -m (match only) flag now works on host class maps.
7031 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN.
7032 Always permit "writes" to /dev/null regardless of the link count.
7037 allocation) response to the MAIL FROM:<>, and a SIZE= parameter
7039 is a very good chance that the message will double-bounce.
7040 Fix possible line truncation if a quoted-printable had an =00 escape
7043 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses.
7046 The MaxDaemonChildren option wasn't applying to queue runs as
7051 run the "sendmail -bd" and "sendmail -q30m" jobs separately
7052 to avoid this attack. Failure to limit noted by Matthew
7058 Some older versions of the resolver could return with h_errno == -1
7059 if no name server could be reached, causing mail to bounce
7065 Take precautions to make sure that the SMTP protocol cannot get out
7067 Fix a possible race condition that can cause a SIGALRM to come in
7068 immediately after a SIGHUP, causing the new sendmail to die.
7078 glibc: SOCK_STREAM was changed from a #define to an enum,
7080 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is
7083 Solaris: use SIOCGIFNUM to get the number of interfaces on
7091 but there appears to be no fix for this. Patch from
7095 high order bit set to apparently randomly match
7096 letters -- for example, $| (0233) matches "i" and "I".
7099 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From
7101 IRIX 6.x: Create Makefiles for systems that claim to be
7106 CONFIG: Some canonification was still done for UUCP-like addresses
7115 CONFIG: Retain "+detail" information when forwarding mail to a
7123 possible to have better anti-spam rulesets in the future.
7124 CONFIG: Disallow double dots in host names to avoid having the
7126 In some cases this can be used as a denial-of-service attack.
7130 MAILER(procmail), but do pass F=Pn9 (include Return-Path:,
7131 don't include From_, and convert to 8-bit). Suggestions
7137 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't
7143 not reset back to root, which on some systems would cause
7144 later mailboxes to fail. Also, any partial message would
7148 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar
7149 change to the sendmail map code was made in 8.8.3. Problem
7152 symbolic links; although makemap is not set-user-ID root, it is
7159 name for the ETRN arguments to use (instead of $=w). Other
7162 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This
7164 file into aliases, allowing for faster access to full name
7165 lookups; it is also clever about adding aliases (to root)
7171 contrib/passwd-to-alias.pl
7180 will continue to run with the group permissions of the caller,
7182 SECURITY: Make purgestat (-bH) be root-only. This is not in response
7183 to any known attack, but it's best to be conservative.
7188 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'")
7189 would truncate the address after "Full". Although the -f
7193 Fix a possible null pointer dereference when converting 8-bit data
7194 to a 7-bit format. Problem noted by Jim Hutchins of
7199 it possible for a message to be converted from 8->7->8->7
7204 Let F lines in the configuration file actually read root-only
7215 version (e.g., when backing out to an old version), the
7216 error is reported on every queue run. Change it to only
7221 some problems if a background process tried to send mail
7224 Simplify test for skipping a queue run to just check if the current
7227 to essentially never skip the queue run. Patch from Bryan
7232 you into a tight loop as a denial-of-service attack. Based
7233 on an e-mail conversation with Brad Knowles of AOL.
7235 this helps prevent a class of denial-of-service attacks.
7242 On systems that have uid_t typedefed to be an unsigned short, programs
7244 the real uid set to 65535 rather than being left unchanged.
7247 Mail that was Quoted-Printable encoded and had a soft line break on
7249 line dropped. Since this appears to be illegal it isn't
7250 clear what to do with it, but flushing the last line seems
7251 to be a better "fail soft" approach. Based on a patch from
7257 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set
7258 in PrivacyOptions. The -q shouldn't turn this command off.
7262 in a DATA transaction to be sticky; these can occur because
7267 had been successfully delivered to the envelope sender.
7299 Sup�rieure des Mines de Paris (CRI-ENSMP).
7302 syntaxes: ``local:'' will send to the same user on the
7304 ``local:'' will cause an address addressed to user@host to
7305 go to user on the local machone). ``local:user'' will send
7306 to the named user on the local machine. ``local:user@host''
7307 is equivalent to ``local:user'' (the host is ignored). In
7312 to be ``error:\"5.1.1\" Your Message Here''. Note the use
7316 NOOP or a RSET to probe the connection (it does a RSET).
7324 permissions by hard linking to files that were group
7325 writable by the attacker. The solution is to disallow any
7326 files that have hard links -- this will affect .forward,
7329 workaround, set UnsafeGroupWrites -- always a good idea.
7330 SECURITY: the TryNullMXList (w) option should not be safe -- if it
7331 is, it is possible to do a denial-of-service attack on
7336 a denial-of-service attack is probably possible, but in theory
7337 you should not be able to safely tweak anything that affects
7342 Processes got "lost" when counting children due to a race condition.
7343 This caused "proc_list_probe: lost pid" messages to be logged.
7346 and HP-UX), mail transactions would print the message "451
7347 SMTP-MAIL: lost child: No child processes". Problem noted
7350 gcc to high warning levels). From Tom Moore of NCR Corp.
7357 Avoid the possibility of having a child daemon run to completion
7359 had a chance to close the socket; this can cause the parent
7360 to hang for a long time waiting for the socket to drain.
7372 Allow sendmail to be properly called in nohup mode. Patch from
7374 Change ETRN to ignore but still update host status files; previously
7376 caused stale information to be maintained. Based on a patch
7379 Patch long term host status to recover more gracefully from an empty
7382 Several patches to signal handling code to fix potential race
7384 Make it possible to compile with -DDAEMON=0 (previously it had some
7392 is very slow on some systems. To speed it up, use the
7395 SCO 5.x: include -lprot in the Makefile. Patch from Bill
7397 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch
7405 I believe this to have only been a problem if you
7406 compiled with -DUSE_VENDOR_CF_PATH -- another reason
7407 to stick with /etc/sendmail.cf as your One True Path.
7408 Digital UNIX (OSF/1 on Alpha) load average computation from
7410 CONFIG: change default Received: line to be multiple lines rather
7414 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs
7415 to take a very long time. Problem noted by Yoshiro YONEYA
7422 SECURITY: it was possible to get a root shell by lying to sendmail
7425 best-of-security list.
7427 (%d) exceeds program functionality (%d) message" -- this
7428 should make it clearer to people that they are running
7433 "451 SMTP-MAIL: lost child: No child processes". Problem
7435 When doing text-based host canonification (typically /etc/hosts
7439 7 to 8 bit BASE64 MIME conversions could duplicate bits of text.
7440 Problem reported by Tom Smith of Digital Equipment Corp.
7441 Increase the size of the DNS answer buffer -- the standard UDP packet
7443 answers containing very many resource records. The resolver
7444 may also switch to TCP and retry if it detects UDP packet
7445 overflow. Also, allow for the fact that the resolver
7448 not big enough to accommodate the entire answer. Patch from
7450 Improvements to MaxDaemonChildren code. If you think you have too
7451 many children, probe the ones you have to verify that they
7454 pids; this previously caused the vector to grow indefinitely
7455 due to a race condition. Problem reported by Kyle Jones of
7458 O_EXLOCK to zero; this fools the map compilation code into
7460 Change it to check for O_EXLOCK non-zero. Problem noted by
7462 Always call res_init() on startup (if compiled in, of course) to
7463 allow the sendmail.cf file to tweak resolver flags; without
7466 Improvements to host status printing code. Suggested by Steve Hubert
7468 Change MinQueueAge option processing to do the check for the job age
7472 When MIME was being 7->8 bit decoded, "From " lines weren't being
7478 If the F=l flag was set on an SMTP mailer to indicate that it is
7481 the DSN would be both generated locally and propagated to the
7492 AIX4 defines to use seteuid(2) instead, which
7495 AIX4: use tzname[] vector to determine time zone name.
7503 HP-UX 10.0 gripes about the (perfectly legal!) forward
7505 change it to only be included if you are using gcc,
7509 IRIX: don't default to using gcc. IRIX is a civilized
7515 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>.
7516 CONFIG: if the "limited best mx" feature is used (to reduce DNS
7521 end up being translated to the null host name, which would
7535 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch
7546 SECURITY: unset all environment variables that the resolver will
7549 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain
7551 to 8 bits. This caused core dumps and has the potential
7558 opposed to undefined) it can cause "null signature" syserrs
7561 the encoded text, conversion back to 8 bits will drop the
7566 Always print error messages in -bv mode -- previously, -bv would
7568 to (say) mail-back. Problem noted by Kyle Jones of UUNET.
7569 If -qI/R/S is set (or the ETRN command is used), ignore all long
7571 to do this when you know a host has just come back up.
7578 in the map. This caused the message to be queued instead of
7593 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based
7595 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan
7602 pathname, which prevents "kill -1" from working. I was
7603 urged to put this in by Andrey A. Chernov of DEMOS (Russia).
7608 Fix problem causing domain literals such as [1.2.3.4] to be ignored
7610 -- all mail would be sent to the fallback even if the original
7615 causing SMTP to hang. Patch from Per Hedeland of Ericsson.
7616 The DaemonPortOptions suboption to bind to a particular address was
7617 incorrect and nonfunctional due to a misunderstanding of the
7620 Increase the number of MX hosts for a single name to 100 to better
7622 has 13 at the moment (and climbing). In order to avoid
7624 slightly increased in size, to 12.8K from 10.2K -- this means
7633 Support IPv6-style domain literals, which can have colons between
7636 this is an attempt to track down a bug that one person seems
7637 to be having (it may be a Solaris bug!).
7639 this caused the NOTIFY info to sometimes be lost. Problem
7641 Christian-Albrechts-University of Kiel.
7648 Dandelion Digital.
7649 Move buffer overflow checking -- these primarily involve distrusting
7651 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't
7655 values being interpreted as non-urgent except for non-urgent,
7657 The -o (optional) flag was being ignored on hash and btree maps
7659 Content-Types listed in class "q" will always be encoded as
7660 Quoted-Printable (or more accurately, will never be encoded
7664 Define ${envid} to be the original envelope id (from the ESMTP DSN
7665 dialogue) so it can be passed to programs in mailers.
7666 Define ${bodytype} to be the body type (from the -B flag or the
7667 BODY= ESMTP parameter) so it can be passed to programs in
7669 Cause the VRFY command to return 252 instead of 250 unless the F=q
7672 Implement ESMTP ETRN command to flush the queue for a specific host.
7675 the -qR implementation, other hosts may be attempted, but
7678 Add three new command line flags to pass in DSN parameters: -V envid
7679 (equivalent to ENVID=envid on the MAIL command), -R ret
7680 (equivalent to RET=ret on the MAIL command), and -Nnotify
7681 (equivalent to NOTIFY=notify on the RCPT command). Note
7682 that the -N flag applies to all recipients; there is no way
7683 to specify per-address notifications on the command line,
7684 nor is there an equivalent for the ORCPT= per-address
7686 Restore LogLevel option to be safe (it can only be increased);
7693 a match. This was causing the wrong values to be found (and
7694 had a memory leak). Found by Bastian Schleuter of TU-Berlin.
7695 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed
7698 that causes the brackets to remain in the envelope recipient
7706 this list plus . and ' to match RFC 822.
7716 Add ConnectionRateThrottle option. If set to a positive value, the
7718 in a single second is limited to this number. Connections are
7719 not refused during this time, just deferred. The intent is to
7723 (e.g., due to connection caching).
7724 Add Timeout.hoststatus option. This interval (defaulting to 30m)
7731 that take a very long time to run.
7734 when read. This is to get around a botch in Lotus Notes.
7735 Text class maps were totally broken -- if you ever retrieved the last
7738 Extend the lines printed by the mailq command (== the -bp flag) when
7739 -v is given to 120 characters; this allows more information
7740 to be displayed. Suggested by Gregory Neil Shapiro of WPI.
7742 this was treated as end-of-input. Problem noted by Bryan
7745 to the queue file. Fix from John Hughes of Atlantic
7747 Close /var/tmp/dead.letter after a successful write -- otherwise
7750 If userdb entries pointed to userdb entries, and there were multiple
7754 a comma-separated list; thus, the -v output will be somewhat
7756 Fix buffer allocation problem with Hesiod-based userdb maps when
7759 When envelopes were split due to aliases with owner- aliases, and
7766 When using F=U to get "ugly UUCP" From_ lines, a buffer could in
7771 that fact causing bogus load averages to be returned. Noted
7774 have changed the return value to unsigned, so a check for an
7775 error return of -1 doesn't work. Use INADDR_NONE instead.
7776 This could cause mail to addresses such as [foo.com] to bounce
7783 Add -U command line flag and the XUSR ESMTP extension, both indicating
7784 that this is the initial MUA->MTA submission. The flag current
7788 Default end-of-line string (E= specification on mailer [M] lines)
7789 to \r\n on SMTP mailers. Default remains \n on non-SMTP
7792 to have $u in the argument vectors so that they aren't
7809 Allow new named (not numbered!) config file rules to do validity
7812 they want; their result is ignored unless they resolve to the
7816 (the $| is a meta-symbol used to separate the two addresses);
7817 it can give a "this sender can't send to this recipient"
7818 notification. Note that this patch allows $| to stand alone
7823 the connection. These can be used in (e.g.) check_rcpt to
7824 verify that someone isn't trying to relay mail through your
7825 host inappropriately. Be sure to use the deferred evaluation
7826 form, for example $&{client_name}, to avoid having these bound
7828 Add new config file rule check_relay to check the incoming connection
7832 Allow IDA-style recursive function calls. Code contributed by Mark
7834 Eliminate the "No ! in UUCP From address!" message" -- instead, create
7842 Allow -dANSI to turn on ANSI escape sequences in debug output; this
7844 only for debugging deep bits of code where it is important to
7845 distinguish between the single-character metasymbol $+ and the
7847 Changed ruleset 89 (executed in dumpstate()) to a named ruleset,
7850 files that are group writable are considered "unsafe" -- that
7853 Delete bogosity test for FallBackMXhost; this prevented it to be a
7854 name that was not in DNS or was a domain-literal. Problem
7856 Change the introduction to error messages to more clearly delineate
7863 Add a heuristic to improve the handling of unbalanced `<' signs in
7866 Check for bogus characters in the 0200-0237 range; since these are
7870 Implement 7 -> 8 bit MIME conversions. This only takes place if the
7878 this change is a no-op.
7879 The -o map flag was ignored for text maps. Problem noted by Bryan
7881 The -a map flag was ignored for dequote maps. Problem noted by
7890 message) to the address indicated in the DoubleBounceAddress
7892 sent to postmaster. Suggested by Kyle Jones of UUNET.
7893 Add new mode, -bD, that acts like -bd in all respects except that
7901 that are being bounced to postmaster, rather than "Returned
7903 easily determine what messages are to their role as
7904 postmaster versus bounces to mail they actually sent. Based
7907 to be sorted strictly by the time of submission. Note that
7909 large jobs will tend to delay small jobs) and on nodes with
7915 conjunction with -qRhost.domain. In fact, there are very few
7922 Don't proceed to the next MX host if an SMTP MAIL command returns a
7926 (It's hard to know what to do here, since neither RFC 974 nor
7927 RFC 1123 specify when to proceed to the next MX host.)
7929 Add new "-t" flag for map definitions (the "K" line in the .cf file).
7931 name server failure) to _not_ defer the delivery of the
7933 is prepared to do something sensible in this case. Based on
7938 you are not running set-user-ID; this makes management of
7946 pathname, it is relative to the queue directory. A common
7949 * -bh prints the status of hosts that have had recent
7951 * -bH purges the host statuses. No attempt is made to save
7958 New SingleThreadDelivery option (requires HostStatusDirectory to
7960 open connections to the same remote host at the same time.
7961 This reduces load on the other machine, but can cause mail to
7963 message, other sendmails won't be able to send even small
7965 lock file) per connection, so you may have to reduce
7966 ConnectionCacheSize to avoid running out of per-process
7969 Allow sending to non-simple files (e.g., /dev/null) even if the
7972 The -qR flag mistakenly matched flags in the "R" line of the queue
7974 If a job was aborted using the interrupt signal (e.g., control-C from
7978 Change the makesendmail script to enhance the search for Makefiles
7981 Makefile.SunOS.5.x (in addition to the other rules, e.g.,
7984 When creating maps using "newaliases", always map the keys to lower
7985 case when creating the map unless the -f flag is specified on
7991 notifications to be sent even if NOTIFY=NEVER had been
7995 lets you decide if you are willing to accept traffic from
7997 "550 Access denied". -DTCPWRAPPERS will include support for
7998 TCP wrappers; you will need to add -lwrap to the link line.
8001 bounces. Some people seemed to think that this could be
8004 Add new RunAsUser option; this causes sendmail to do a setuid to that
8005 user early in processing to avoid potential security problems.
8007 be readable by that user, and all files to be written must be
8010 option. In other words, it may not actually add much to
8015 only on the first attempt to delivery to an address. It could
8016 be set to be lower than Timeout.connect on the principle that
8017 the mail should go through quickly to responsive hosts; less
8018 responsive hosts get to wait for the next queue run.
8020 (such as vacation) to hang with their standard input connected
8021 to a UDP port. It also created some signal handling problems.
8022 The problems turned out to be an interaction between vfork(2)
8024 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix.
8025 Change user class map to do the same matching that actual delivery
8027 fuzzy matching to the user map. Patch from Dan Oscarsson.
8028 The Timeout.* options are not safe -- they can be used to create a
8029 denial-of-service attack. Problem noted by Christophe
8040 to queue even if a "fall back" .forward was found. Problem
8041 noted by Ann-Kian Yeo of the Dept. of Information Systems
8043 Don't do 8->7 bit conversions when bouncing a MIME message that
8044 is bouncing because of a MIME error during 8->7 bit conversion;
8048 instead of 0644. Suggested by Ann-Kian Yeo of the
8051 detect cases where DefaultUser is set to something that the
8059 work on the first recipient of a message due to a
8064 FreeBSD 1.1.5.1 uname -r returns a string containing
8069 Solaris 2.x: omit the UUCP grade parameter (-g flag) because
8070 it is system-dependent. Problem noted by J.J. Bailey
8074 HP-UX 10.x compile glitches, reported by Anne Brink of the
8083 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR.
8089 NetInfo maps (improved debugging and multi-valued aliases)
8101 Previously you had to add -DSOLARIS in Makefile.dist;
8102 this auto-detects. Based on a patch from Randall
8104 CONFIG: add generic-nextstep3.3.mc file. Contributed by
8106 CONFIG: allow mailertables to resolve to ``error:code message''
8110 CONFIG: hooks for IPv6-style domain literals.
8119 masquerading specified by MASQUERADE_DOMAIN to apply to all
8126 CONFIG: add FEATURE(genericstable) to do a more general rewriting of
8127 outgoing addresses. Defaults to ``hash -o /etc/genericstable''.
8130 just when to use which one may be tricky. Based on code
8133 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of
8134 incoming addresses. Defaults to ``hash -o /etc/virtusertable''.
8137 info@foo.com foo-info
8138 info@bar.com bar-info
8140 would send all mail destined for info@foo.com to foo-info
8141 (which is presumably an alias), mail addressed to info@bar.com
8142 to bar-info, and anything addressed to anyone at baz.org will
8143 be sent to jane@elsewhere.net. The names foo.com, bar.com,
8146 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS.
8148 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the
8150 CONFIG: allow mailertable entries to resolve to local:user; this
8151 passes the original user@host in to procmail-style local
8152 mailers as the "detail" information to allow them to do
8154 Teleport Corporation. Delivery to the original user can
8156 CONFIG: allow any context that takes "mailer:domain" to also take
8157 "mailer:user@domain" to force mailing to the given user;
8158 "local:user" can also be used to do local delivery. This
8161 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that
8163 lookups required to support this feature. For example,
8165 to domains under my.site.com. Code contributed by Anthony
8171 event you have to define local mailers. Suggested by
8173 CONFIG: fix cases where a three- (or more-) stage route-addr could
8178 converted to host!user@thishost instead of host!user@uurelay.
8180 CONFIG: add confTO_ICONNECT to set Timeout.iconnect.
8181 CONFIG: change FEATURE(redirect) message from "User not local" to
8186 However, the class is not pre-initialized to contain root.
8190 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm.
8191 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note
8193 Content-Length: headers), file ownerships and modes are
8195 and the local mailer flags will have to be tweaked (make them
8196 match bsd4.4) in order to use this mailer. Patches from Paul
8206 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't
8213 src/Makefiles/Makefile.NCR.MP-RAS.3.x
8218 cf/cf/generic-nextstep3.3.mc
8228 contrib/re-mqueue.pl
8234 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x
8241 SECURITY: It is possible to force getpwuid to fail when writing the
8242 queue file, causing sendmail to fall back to running programs
8243 as the default user. This is not exploitable from off-site.
8247 a local user to get root. This is not known to be exploitable
8248 from off-site. The workaround is to disable chfn(1) commands.
8252 in some case cause connections to hang or messages to have
8259 SECURITY: In some cases it was still possible for an attacker to
8260 insert newlines into a queue file, thus allowing access to
8262 CONFIG: no changes -- it is not a bug that the configuration
8271 this has to be in the config file, but it could have caused
8273 Fix -d21 debug output for long macro names. Pointed out by Bryan
8277 IBM's version of arpa/nameser.h defaults to the wrong byte
8278 order. Tweak it to work properly. Based on fixes
8281 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option.
8289 valid recipient headers (To:, Cc: or Apparently-To:, the
8294 to see that a Bcc: went to _someone_.
8295 Include queue id on ``Authentication-Warning: <host>: <user> set
8296 sender to <address> using -f'' syslog messages. Suggested
8299 continues on to another map type, but the name is not found,
8307 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo
8308 owned by bar mode 700 and inbox being set-user-ID bar stopped
8309 working properly due to excessive paranoia. Pointed out by
8313 queued it locally). Revert to the 8.6 behavior in order
8314 to simplify queue management for clustered systems. Suggested
8317 -- mail gets lost!); this was pointed out by Stuart Pook of
8320 problem because you couldn't specify any argument to this
8322 good idea to avoid future problems. Problem noted by John
8327 is not set, since this is required to get the actual DSNs
8329 Log permission problems that cause .forward and :include: files to
8332 Allow user ids in U= clauses of M lines to have hyphens and
8334 Fix overcounting of recipients -- only happened when sending to an
8337 If a message is sent to an address that fails, the error message that
8341 Config files that had no AliasFile definition were defaulting to
8343 configurations. Change it back to the 8.6 semantics of
8349 should be controlled by the -f flag like other maps. Pointed
8351 Fix problem that caused some addresses to be passed through ruleset 5
8355 When converting a message to Quoted-Printable, prevent any lines with
8359 Fix F{macro}/file construct -- it previously did nothing. Pointed
8361 Announce whether a cached connection is SMTP or ESMTP (in -v mode).
8363 Delete check for text format of alias files -- it should be legal
8364 to have the database format of the alias files without the
8373 Queue run processes would re-spawn daemons when given a SIGHUP; only
8379 didn't include the failed address (and claimed to be a warning
8380 even though it was fatal). The fix is to not return such
8384 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions
8388 Extensive cleanups to map open code to handle a locking race condition
8390 non-4.4-BSD based) OS architectures. This should solve the
8396 /usr/ucb to /usr/bin to match Sun settings. From
8398 DomainOS: Makefile.DomainOS doesn't require -ldbm. From
8400 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x
8403 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which
8406 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless
8408 CONFIG: Minor glitch in S21 -- attachment of local domain name
8410 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as
8413 CONFIG: OSTYPE(hpux10) failed to define the location of the help file.
8421 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take
8434 returns a value but also a non-zero exit status; this
8437 ignored. Change to ignore the value if the program returns
8438 non-zero exit status. From Tom Moore of AT&T GIS.
8439 Shorten parameters passed to syslog() in some contexts to avoid a
8442 has to assume that syslog() has at least a 1K buffer size
8444 dramatically -- they're on their own), sendmail is a popular
8449 Fix a problem that might cause a non-standard -B (body type)
8450 parameter to be passed to the next server with undefined
8457 map to always return the local host first, if it is included
8465 sendmail would sleep to try to find a FQDN, which it really
8466 really needs. This has been changed to fall through to the
8467 next map type if it can't find a FQDN -- i.e., if the hosts
8472 Log a high-priority message if you can't find your FQDN during startup.
8474 When using Hesiod, initialize it early to improve error reporting.
8478 to limit this time. Defaults to zero (use whatever the
8488 of sendmail.st location. Change the Makefile to
8489 install it in /var/sendmail.st to match the OSTYPE
8496 SunOS Makefile was including -ldbm, which is for the old
8501 CONFIG: don't allow an alias file in nullclient configurations --
8504 CONFIG: local mailer on Solaris 2 should always get a -f flag because
8505 otherwise the F=S causes the From_ line to imply that root is
8514 Fix a problem that could cause sendmail to run out of file
8515 descriptors due to a trashed data structure after a
8518 Change the VRFY response if you have disabled VRFY -- some
8519 people seemed to think that it was too rude.
8520 Avoid reference to uninitialized file descriptor if HASFLOCK
8528 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is
8529 useful enough to make it worthwhile printing on "-d".
8534 compatibility), be sure to turn off RES_DEFNAMES and
8535 RES_DNSRCH to avoid finding the wrong name accidentally.
8544 is not set. This allows you to have hosts listed in
8545 NIS or /etc/hosts that are not known to DNS. It's normally
8550 Avoid possible incorrect diagnosis of DNS-related errors caused
8551 by things like attempts to resolve uucp names using
8552 $[ ... $] -- the fix is to clear h_errno at appropriate
8554 SECURITY: avoid denial-of-service attacks possible by destroying
8556 This involves adding two new compile-time options:
8559 is available -- the Release 3 form is used). The former
8560 is assumed on BSD-based systems, the latter on System
8561 V-based systems. Attack noted by Phil Brandenberger of
8563 New syntaxes in test (-bt) mode:
8564 ``.Dmvalue'' will define macro "m" to "value".
8565 ``.Ccvalue'' will add "value" to class "c".
8569 ``-ddebug-spec'' is equivalent to the command-line
8570 -d debug flag.
8578 it will have when presented to the indicated mailer.
8584 ``/canon hostname'' will try to canonify hostname and
8588 Somewhat better handling of UNIX-domain socket addresses -- it
8590 Restore ``-ba'' mode -- this reads a file from stdin and parses
8592 CRLF as message terminators. It was thought to be
8596 Fix a fix in previous release -- if gethostname and gethostbyname
8597 return a name without dots, and if an attempt to canonify
8605 Relax chownsafe rules slightly -- old version said that if you
8608 chown is not safe. The new version falls back to whether
8611 error codes. This impacts whether you can mail to files
8614 file could be omitted if you had "Oem" prior to the
8615 syntax error in the config file. Change to always print
8617 would cause a "warning" message to be sent to the Postmaster
8620 Rewrite collect and putbody to handle full 8-bit data, including
8623 Allow full words for option names -- if the option letter is
8624 (apparently) a space, then take the word following -- e.g.,
8677 been changed to options; those correspondences are:
8681 $q (deleted -- not necessary)
8682 To avoid possible problems with an older sendmail,
8686 Change address parsing to properly note that a phrase before a
8689 treat them as comments). This is to handle the
8693 This requires config file support to get right. It does
8699 sender lines. Applies to the from address mailer
8702 Applies to the sender mailer flags rather than the
8713 database. Applies to the mailer flags for the
8714 mailer corresponding to the envelope sender
8715 address, rather than to recipient mailer flags.
8716 Pre-level 6 configuration files set A, w, 5, :, |, /, and @
8719 Eight-to-seven bit MIME conversions. This borrows ideas from
8720 John Beck of Hewlett-Packard, who generously contributed
8721 their implementation to me, which I then didn't use (see
8724 to control handling of 8-bit data. These have to cope with
8725 two types of 8-bit data: unlabelled 8-bit data (that is,
8726 8-bit data that is entered without declaring it as 8-bit
8727 MIME -- technically this is illegal according to the
8728 specs) and labelled 8-bit data (that is, it was declared
8730 -B8BITMIME command line flag). If the F=8 mailer flag is
8731 set then 8-bit data is sent to non-8BITMIME machines
8732 instead of converting to 7 bit (essentially using
8733 just-send-8 semantics). The values for EightBitMode are:
8734 m convert unlabelled 8-bit input to 8BITMIME, and do
8735 any necessary conversion of 8BITMIME to 7BIT
8737 p pass unlabelled 8-bit input, but convert labelled
8738 8BITMIME input to 7BIT as required (default).
8739 s strict adherence: reject unlabelled 8-bit input,
8740 convert 8BITMIME to 7BIT as required. The F=8
8742 Unlabelled 8-bit data is rejected in mode `s' regardless of
8744 Add new internal class 'n', which is the set of MIME Content-Types
8745 which can not be 8 to 7 bit encoded because of other
8750 they are an RFC822 message. It is predefined to have
8753 Content-Transfer-Encodings that can be converted to
8754 a seven bit format (Quoted-Printable or Base64). It is
8755 preinitialized to contain "7bit", "8bit", and "binary".
8757 short name) to set the default character set to use in the
8758 Content-Type: header when doing encoding of an 8-bit message
8762 If neither is set, it defaults to "unknown-8bit" as
8764 Allow ``U=user:group'' field in mailer definition to set a default
8773 Allow `u' option to also accept user:group as a value, in the same
8776 a comment). This adds a new compile-time configuration
8777 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value
8778 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value
8779 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char
8780 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use
8783 The "Timeout" option (formerly "r") is extended to allow suboptions.
8787 "queuewarn"; these subsume the old T option. Thus, to
8792 QueueSortOrder option (no short name) is set is set to
8800 contribution was to make it configurable).
8801 Save i-number of df file in qf file to simplify rebuilding of queue
8805 are NOT back compatible with 8.6 -- that is, you can convert
8806 from 8.6 to 8.7, but not the other direction.
8807 Add ``F=d'' mailer flag to disable all use of angle brackets in
8808 route-addrs in envelopes; this is because in some cases
8809 they can be sent to the shell, which interprets them as
8811 Don't include error file (option E) with return-receipts; this
8813 Don't send "Warning: cannot send" messages to owner-* or
8814 *-request addresses. Suggested by Christophe Wolfhugel
8816 Allow -O command line flag to set long form options.
8817 Add "MinQueueAge" option to set the minimum time between attempts
8818 to run the queue. For example, if the queue interval
8819 (-q value) is five minutes, but the minimum queue age
8821 once every fifteen minutes. This can be used to give
8822 you more responsiveness if your delivery mode is set to
8823 queue-only.
8826 Add "-k", "-v", and "-z" flags to map definitions; these set the
8831 Change maps to always strip quotes before lookups; the -q flag
8833 Add "nisplus" map class. Takes -k and -v flags to choose the
8837 "HesiodNameType" parameter to hes_resolve(3). Returns the
8840 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to
8842 key and a -v flag to specify the name of the property that
8843 is returned as the value (defaults to "members"). The
8847 text files. The -z flag specifies a column delimiter
8848 (defaults to any sequence of white space), the -k flag
8849 sets the key column number, and the -v flag sets the
8852 Add "program" map class to execute arbitrary programs. The search
8856 Add "sequence" map class -- searches maps in sequence until it
8867 the service to switch on, and the maps that it will use
8873 equivalent to
8876 Add "user" map class -- looks up users using getpwnam. Takes a
8877 "-v field" flag on the definition that tells what passwd
8878 entry to return -- legal values are name, passwd, uid, gid,
8879 gecos, dir, and shell. Generally expected to be used with
8880 the -m (matchonly) flag.
8881 Add "bestmx" map class -- returns the best MX value for the host
8884 Add "userdb" map class -- looks up entries in the user database.
8889 set by the Precedence: or Priority: header fields to one of
8891 "urgent", or "non-urgent" the corresponding timeouts are
8893 if negative, non-urgent timeouts are used; if greater than
8896 queue{warn,return}.{urgent,normal,non-urgent}.
8897 Fix problem when a mail address is resolved to a $#error mailer
8902 When using /etc/hosts or NIS-style lookups, don't assume that
8903 the first name in the list is the best one -- instead,
8909 Change dequote map to replace spaces in quoted text with a value
8910 indicated by the -s flag on the dequote map definition.
8911 For example, ``Mdequote dequote -s_'' will change
8923 to an empty group list, that is, a pointer to a list
8925 Fix possible core dump if malloc fails -- if the malloc in xalloc
8930 checked if you were delivering to anything other than an
8931 IPC-connected host, so a series of (say) local mail
8932 deliveries could cause cached connections to be open
8935 writing the incoming bytes to the queue data file, since
8936 this can fill your mqueue partition -- this is a possible
8937 denial-of-service attack.
8939 defined. It turns out that Posix allows all-numeric
8944 to using a local mechanism based on the ServiceSwitchFile
8948 ("local" on DEC) service type expands to any alias files
8957 Return-Receipt-To: headers, which are bogus anyhow --
8959 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer
8960 definitions to define the types used in DSN returns for
8962 Extend heuristic to force running in ESMTP mode to look for the
8963 five-character string "ESMTP" anywhere in the 220 greeting
8964 message (not just the second line). This is to provide
8969 Map newlines to spaces in logged message-ids; some versions of
8973 multiple envelopes you don't get "fork storms" -- this
8975 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for
8976 the purposes of refusing to send error returns. Suggested
8980 real uid/gid. This allows you to create a file owned by
8982 all the time (without having the set-user-ID bit set). Change
8983 suggested by Shau-Ping Lo and Andrew Cheng of Sun
8985 Add "DialDelay" option (no short name) to provide an "extra"
8986 delay for dial on demand systems. If this is non-zero
8989 timeout interval to establish the connection, this
8990 option can give the network software time to establish
8992 Move logging of sender information to be as early as possible;
8994 sent to aliases. Suggested by Brad Knowles of the
8999 Add xdelay= field in logs -- this is a transaction delay, telling
9000 you how long it took to deliver to this address on the
9001 last try. It is intended to be used for sorting mailing
9002 lists to favor "quick" addresses. Provided for use by
9004 If a map cannot be opened, and that map is non-optional, and
9007 pseudo-class of maps called "bogus-map" -- if a required
9008 map cannot be opened, the class is changed to bogus-map;
9009 all queries against bogus-map return "tempfail". The
9010 bogus-map class is not directly accessible. A sample
9013 Fix a possible core dump when mailing to a program that talks
9016 Make it possible to resolve filenames to $#local $: @ /filename;
9017 previously, the "@" would cause it to not be recognized
9019 Accept a -1 signal to re-exec the daemon. This only works if
9020 argv[0] is a full path to sendmail.
9021 Fix bug in "addr=..." field in O option on little-endian machines
9022 -- the network number wasn't being converted to network
9025 Pre-initialize the resolver early on; this is to avoid a bug with
9026 BIND 4.9.3 that can cause the _res.retry field to get
9027 reset to zero, causing all name server lookups to time
9029 Restore T line (trusted users) in config file -- but instead of
9030 locking out the -f flag, they just tell whether or not
9031 an X-Authentication-Warning: will be added. This really
9033 can be used to read trusted user names from a file.
9034 Trusted users are also allowed to execute programs even
9039 Check for @:@ entry in NIS maps before starting up to avoid
9040 (but not prevent, sigh) race conditions. This ought to
9046 Skip checking for directory permissions in the path to a file
9048 succeeded -- it is unnecessary in that case. This avoids
9051 Allow symbolic ruleset names. Syntax can be "Sname" to get an
9053 to assign a specific ruleset number. Reference is
9055 underscore, or hyphen (first character must be non-numeric).
9056 Allow -o flag on AliasFile lines to make the alias file optional.
9058 Add NoRecipientAction option to handle the case where there is
9065 Add-To Add a To: header with any
9069 Add-Apparently-To Add an Apparently-To: header. This
9073 Add-To-Undisclosed Add a header reading
9074 To: undisclosed-recipients:;
9078 Add-Bcc To add an empty Bcc: header.
9086 themselves delete Bcc:) from considering this message to
9087 be non-conforming -- although it does imply that non-blind
9088 recipients can see that a Bcc: was sent, albeit not to whom.
9090 targets must be regular files in addition to the regular
9091 checks. Also, if the option is non-null then it is used as
9098 value is given, sendmail also won't try to save to
9101 Support -A flag for alias files; this will comma concatenate like
9106 OAhash:-A /etc/aliases
9108 without -A you will get an error on the second and subsequent
9110 Line-buffer transcript file. Suggested by Liudvikas Bukys.
9111 Fix a problem that could cause very long addresses to core dump in
9114 (Internal change.) Change interface to expand() (macro expansion)
9115 to be simpler and more consistent.
9118 (If you -really- want this, define PICKY_QF_NAME_CHECK
9120 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and
9125 is now assumed to be the same name as the qf file (with
9126 the `q' changed to a `d', of course).
9128 "expensive" -- this can be a major cost on some systems.
9130 if all it is going to do is queue anyway.
9136 Change makesendmail to use a somewhat more rational naming scheme:
9144 Change makesendmail to do a "make depend" in the target directory
9150 Fix problem that could cause multiple responses to DATA command
9155 Log Authentication-Warning:s. Suggested by Motonori Nakamura.
9156 Increase timeouts on message data puts to allow time for receivers
9157 to canonify addresses in headers on the fly. This is still
9159 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX
9165 Eliminate default two-line SMTP greeting message. Instead of
9175 Allow on-line comments in .forward and :include: files; they are
9178 representation of non-ASCII sets such as Japanese, where
9180 data -- for example,
9183 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?=
9184 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?=
9187 (native encoding with ISO-2022-JP)
9191 messages to that host; these are most frequently associated
9193 421 (service shutting down). The effect was to cause queues
9194 to sometimes take an excessive time to flush. Reported by
9197 Add Nice=N mailer option to set the niceness at which a mailer will
9200 Log queue runs that are skipped due to high loads. They are logged
9203 Allow the error mailer to accept a DSN-style error status code
9205 Anything with a dot will be interpreted as a DSN-style code.
9206 Add new mailer flag: F=3 will tell translations to Quoted-Printable
9207 to encode characters that might be munged by an EBCDIC system
9208 in addition to the set required by RFC 1521. The additional
9211 Change check for mailing to files to look for a pathname of [FILE]
9213 of leading slashes still goes to the *file* mailer. This
9214 allows you to implement the *file* mailer as a separate
9215 program, for example, to insert a Content-Length: header
9218 the program in question needs to be very careful about how
9219 it does the file write to avoid security problems.
9220 Be able to read ~root/.forward even if the path isn't accessible to
9227 Add new "HostsFile" option that is the pathname to the /etc/hosts
9231 Fc|/path/to/program to read the output from the program
9233 Probe the network interfaces to find alternate names for this
9236 Add "E" configuration line to set or propagate environment
9240 sets the named variable to the indicated value. Any
9243 "AGENT=sendmail" environment variable, in part to enforce
9247 alias databases -- new algorithm looks for the substring
9253 should not need to be changed) and the MaxQueueRunSize option,
9259 Allow trusted users (those on a T line or in $=t) to use -bs without
9260 an X-Authentication-Warning: added. Suggested by Mark Thomas
9262 Announce state of compile flags on -d0.1 (-d0.10 throws in the
9263 OS-dependent defines). The old semantic of -d0.1 to not
9264 run the daemon in background has been moved to -d99.100,
9265 and the old 52.5 flag (to avoid disconnect() from closing
9266 all output files) has been moved to 52.100. This makes
9271 If -t is used but no addresses are found in the header, give an
9277 user to not be able to use `mailq'. Fix from Charles Hannum
9281 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs
9288 this option is not sufficient to guarantee that a downstream
9290 Add "-m" flag to makesendmail script -- this tells you what object
9293 Do some additional checking on the contents of the qf file to try
9294 to detect attacks against the qf file. In particular,
9296 file" line -- any data after that line is prohibited.
9299 either -DUSE_VENDOR_CF_PATH to get the vendor location
9300 (to the extent that we know it) or by defining
9302 sendmail 8 to have more consistent installation instructions.
9312 Make SIGINT (usually ^C) in test mode return to the prompt instead
9314 name server lookups easier to deal with when there are
9316 Add new ${opMode} macro that is set to the current operation mode
9317 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by
9319 Add new delivery mode (Odd) that defers all map lookups to queue runs.
9320 Kind of like queue-only mode (Odq) except it tries to avoid
9321 any external service requests; for dial-on-demand hosts that
9322 want to minimize DNS lookups when mail is being queued. For
9323 this to work you will also have to make sure that gethostbyname
9327 Improved security for mailing to files on systems that have fchmod(2)
9329 Improve "cannot send message for N days" message -- now says "could
9332 Less misleading Subject: line on messages sent to postmaster only.
9337 or otherwise does not resolve to a canonical triple.
9339 address was sent along with a good address to an SMTP
9341 to the final dot of the data. Problem reported by David
9343 Add "volatile" declarations so that gcc -O2 will work. Patches
9345 Delete duplicates in MX lists -- believe it or not, there are sites
9349 A=5, A=10, B=15 would reduce to A, B. This is intentional,
9358 checking to include all (?) SVR4 configurations.
9359 System V Release 4 from Kimmo Suominen -- initgroups(3)
9361 System V Release 4 from sob@sculley.ffg.com -- some versions
9364 Linux getusershell(3) is broken in Slackware 2.0 --
9375 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To
9376 get the old behavior, use -DDGUX_5_4_2.
9378 variable to fix bogus /bin/mail behavior.
9379 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>.
9382 Solaris 2: sendmail.cw file should be in /etc/mail to
9393 Solaris 2.3: due to an apparent bug in the socket emulation
9395 they just return EPROTO; closing and re-opening the
9398 Hitachi 3050R & 3050RX running HI-UX/WE2: portability
9401 AIX changes to allow setproctitle to work from Rainer Sch�pf
9410 DG-UX fixes from Bruce Nagel of Data General.
9415 their merged code was licensed back to AT&T and
9421 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson
9425 HP-UX 10.x multiprocessor load average changes from
9432 IRIX 4.0.5 from David Ashton-Reader of CADcentre.
9434 HP-UX 9.xx on the 8xx series machines from Remy Giraud
9436 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>.
9439 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura.
9440 Omron LUNA unios-b, mach from Motonori Nakamura.
9441 NEC EWS-UX/V 4.2 from Motonori Nakamura.
9443 AUX patch thanks to Mike Erwin of Apple Computer.
9444 HP-UX 10.0 from John Beck of Hewlett-Packard.
9445 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a
9446 non-DEC resolver. Suggested by Allan Johannesen.
9452 MAKEMAP: allow -d flag to allow insertion of duplicate aliases
9455 MAKEMAP: lock database file while rebuilding to avoid sendmail
9459 SMRSH: sendmail restricted shell added to the release. This can
9460 be used as an alternative to /bin/sh for the "prog" mailer,
9463 MAIL.LOCAL: add this local mailer to the tape. It is not really
9467 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon
9468 to allow rmail to compile on systems that don't have
9472 respond quickly get sent first. This is to prevent very
9476 of BSDI. This has a lot of comments to help people out.
9477 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead,
9480 arbitrary directory -- use either:
9483 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf
9486 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ...
9488 Old versions of m4 will default to _CF_DIR_=.. for back
9490 CONFIG: fix mail from <> so it will properly convert to
9491 MAILER-DAEMON on local addresses.
9492 CONFIG: fix code that was supposed to catch colons in host
9498 CONFIG: Generalize domaintable to look up all domains, not
9500 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it
9504 CONFIG: Allow "user+detail" to be aliased specially: it will first
9507 for system aliases such as root and postmaster to a
9509 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above).
9510 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set.
9512 this is expected to be another sendmail.
9514 the name of the UUCP_RELAY -- in some cases, this is the
9518 CONFIG: add confRECEIVED_HEADER to change the format of the
9522 to get the old behavior. I did this upon observing
9524 concept I was trying to make happen didn't work with
9526 but it is a no-op.
9527 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user
9531 and RELAY_MAILER_ARGS to set the arguments for the
9532 indicated mailers. All default to "IPC $h". Patch from
9534 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects
9535 on the client side" and F=P to get an appropriate
9536 return-path. From Kimmo Suominen.
9537 CONFIG: add FEATURE(local_procmail) to use the procmail program
9539 the "detail" part is passed to procmail via the -a flag.
9541 CONFIG: add MAILER(procmail) to add an interface to procmail for
9544 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers.
9547 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f.
9548 This causes the null return path to be rewritten as
9549 MAILER-DAEMON; otherwise UUCP gets horribly confused.
9551 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that
9552 list us as the best possible MX record to be treated as
9555 traffic, but is easier to administer if this fits your
9559 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted
9561 to programs. If an argument is included, it is used as
9562 the path to smrsh; otherwise, /usr/local/etc/smrsh is
9564 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the
9565 size of messages to the local and procmail mailers
9569 (just like text outside of angle brackets) in order to
9571 CONFIG: Require OSTYPE macro (the defaults really don't apply to
9576 CONFIG: Add new configuration macros to set character sets for
9579 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency.
9581 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET
9582 mail (.DECNET pseudo-domain or node::user) will be sent.
9585 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed
9587 CONFIG: change confCHECK_ALIASES to default to False -- it has poor
9590 CONFIG: Add confCF_VERSION to append local information to the
9595 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option
9598 CONFIG: Allow mailertable to have values of the form
9600 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE.
9602 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of
9608 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope
9609 as well as the header. Substantial improvements to this
9611 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be
9612 accessed from a mailertable to do CCSO ph lookups. Contributed
9614 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be
9615 used to define cyrus and cyrusbb mailers (for IMAP support).
9617 CONFIG: add confUUCP_MAILER to select default mailer to use for
9620 cf/cf/cs-hpux10.mc
9621 cf/cf/cs-solaris2.mc
9623 cf/cf/generic-bsd4.4.mc
9624 cf/cf/generic-hpux10.mc
9625 cf/cf/generic-hpux9.mc
9626 cf/cf/generic-osf1.mc
9627 cf/cf/generic-solaris2.mc
9628 cf/cf/generic-sunos4.1.mc
9629 cf/cf/generic-ultrix4.mc
9631 cf/domain/berkeley-only.m4
9644 cf/ostype/amdahl-uts.m4
9661 src/Makefiles/Makefile.EWS-UX_V
9662 src/Makefiles/Makefile.HP-UX.10
9667 src/Makefiles/Makefile.NEWS-OS.4.x
9668 src/Makefiles/Makefile.NEWS-OS.6.x
9670 src/Makefiles/Makefile.NonStop-UX
9686 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc
9688 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc
9689 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc
9690 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc
9691 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc
9692 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc
9695 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4
9696 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4
9702 src/Makefile.AUX => src/Makefiles/Makefile.A-UX
9703 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS
9709 cf/cf/cs-exposed.mc
9710 cf/cf/cs-hidden.mc
9711 cf/cf/hpux-cs-hidden.mc
9713 cf/cf/osf1-cs-hidden.mc
9714 cf/cf/sunos3.5-cs-exposed.mc
9715 cf/cf/sunos3.5-cs-hidden.mc
9716 cf/cf/sunos4.1-cs-hidden.mc
9717 cf/cf/ultrix4.1-cs-hidden.mc
9718 cf/domain/cs-hidden.m4
9719 contrib/rcpt-streaming
9723 SECURITY: In some cases it was still possible for an attacker to
9724 insert newlines into a queue file, thus allowing access to
9726 CONFIG: no changes -- it is not a bug that the configuration
9730 Fix to IDENT code (it was getting the size of the reply buffer
9736 Fix a problem that could cause large jobs to run out of
9748 to 80 characters to prevent this problem.
9750 read from the network to ensure that you don't get
9757 was historically -- this requires that sendmail call
9760 and the stdio mode passed to fdopen. This caused UnixWare
9761 2.0 to have conniptions. Fix from Martin Sohnius of
9766 It was possible to turn off privacy flags. Problem noted by
9772 CONFIG: No changes (version number only, to keep it in sync
9776 SECURITY: Diagnose bogus values to some command line flags that
9777 could allow trash to get into headers and qf files.
9784 the host name contained a percent sign to act oddly
9785 because it was passed as a printf-style format string.
9791 messages if and only if you were sending to an alias.
9794 Fix a bug that caused core dumps on some systems if -d11.2 was
9795 set and e->e_message was null. Fix from Bruce Nagel of
9797 Fix problem that can still cause df files to be left around
9799 Chang and Shau-Ping Lo of SunSoft.
9801 user names (as might occur if you piped to a program
9803 Avoid returning an error and re-queueing if the host signature
9807 Avoid possible calls to malloc(0) if MCI caching is turned
9810 Universite de Versailles - St Quentin, and Jacky
9812 Make a local copy of the line being sent via senttolist() -- in
9814 causing it to do unexpected things. This also simplifies
9816 CONFIG: No changes (version number only, to keep it in sync
9826 Fix multi-line values for $e (SMTP greeting message). Reported
9829 is trying to open is optional. From Win Bent of USC.
9830 Changes for picky compilers from Ed Gould of Digital Equipment.
9834 Fix a problem that failed to set the "authentic" host name (that
9836 sendmail -bs from inetd. Based on code contributed by
9841 Parameterize "nroff -h" in all the Makefiles so people with
9852 and BIND is compiled in, directly access DNS to get
9856 in 30 seconds. If that also fails, exit immediately to
9857 avoid bogus "config error: mail loops back to myself"
9860 message to explain how much space was available and
9863 If mail is delivered to an alias that has an owner, deliver any
9864 requested return-receipt immediately, and strip the
9865 Return-Receipt-To: header from the subsequent message.
9871 Add a "noreceipts" privacy flag to turn off all return receipts
9882 and drops core for debugging. This is an attempt to
9884 If you see this, please forward the log fragment to
9886 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off
9887 with -DOLD_NEWDB=0 on the command line. From Christophe
9889 Instead of trying to truncate the listen queue for the server
9895 seem to get confused if you tweak the listen queue
9896 size around and can never start listening to connections
9899 have multiple daemons all not listening to connections;
9900 this could in turn cause the sendmail.pid file to be
9901 incorrect. A better approach might be to accept the
9905 Fix a glitch in TCP-level debugging that caused flag 16.101 to
9908 existing data in the file -- otherwise system crashes
9910 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the
9913 CONFIG: change UUCP rules to never add $U! or $k! on the front
9917 probably have converted all the way over to uucp-uudom
9918 instead of uucp-{new,old}, but the failure mode was to
9933 HP-UX from Tor Lillqvist.
9942 SECURITY: it was possible to read any file as root using the
9947 SECURITY: it was possible to get root access by using weird
9948 values to the -d flag. Thanks to Alain Durand of
9953 SECURITY: the ability to give files away on System V-based
9954 systems proved dangerous -- don't run as the owner
9956 Unfortunately, this also applies to determining a
9964 Fix a glitch that snuck in that caused programs to be run as
9966 from a local user to another local user. From
9968 Fix "wildcard" on /etc/shells matching -- instead of looking
9971 Change the method used to declare the "statfs" availability;
9983 Change HASFLOCK from defined/not-defined to a 0/1 definition
9984 to allow Linux to turn it off even though it is a
9985 BSD-like system.
9986 Allow setting of "ident" timeout to zero to turn off the ident
9988 Make 7-bit stripping local to a connection (instead of to a
9989 mailer); this allows you to specify that SMTP is a
9990 7-bit channel, but revert to 8-bit should it advertise
9991 that it supports 8BITMIME. You still have to specify
9992 mailer flag 7 to get this stripping at all.
9995 to avoid problems on systems that allow you to give away
9997 Fix a problem that made it impossible to rebuild the alias
9998 file if it was on a read-only file system. From
10002 Fix a minor glitch causing a bogus message to be printed (used
10005 Allow $s to remain NULL on locally generated mail. I'm not
10007 about it, and there is a legitimate question as to whether
10008 "localhost" is legal as an 822-style domain.
10010 headers. This causes a leading space to be added onto
10012 tries to wrap headers containing addresses (From:, To:,
10014 Reported by Lars-Johan Liman of SUNET Operations Center.
10017 Fix address logging of cached connections -- it used to always
10022 Tighten up handling of short syslog buffers even more -- there
10024 to share a line with delay= and mailer= logging.
10025 Limit the overhead on split envelopes to one open file descriptor
10026 per envelope -- previously the overhead was three
10027 descriptors. This was in response to a problem reported
10029 Fixes to better handle the case of unexpected connection closes;
10030 this redirects the output to the transcript so the info
10037 501 (``Syntax error in parameters or arguments'') to
10051 but sets h_errno to a success value.
10053 enough to send an error to the Postmaster (that is, the
10055 help problems that cause the df file to be left around
10056 sometimes -- unfortunately, I can't seem to reproduce
10059 only occurred if your log level was set to 10 or higher
10066 Fix core dump on error messages with very long "to" buffers;
10068 the to address to 203 characters. Problem reported by
10070 Fix configuration for HASFLOCK -- there were some spots where
10073 Fix a typo in savemail() that could cause the error message To:
10074 lists to be incorrect in some places. From Motonori
10082 CNAME loops caused an error message to be generated, but also
10083 re-queued the message. Changed to just re-queue the
10084 message (it's really hard to just bounce it because
10088 Avoid giving ``warning: foo owned process doing -bs'' messages
10091 Change the NAMED_BIND compile flag to be a 0/1 flag so you can
10092 override it easily in the Makefile -- that is, you can
10093 turn it off using -DNAMED_BIND=0.
10097 to NIS or the /etc/hosts file it will fail to find
10098 perfectly reasonable names that just don't happen to
10099 be dot terminated in the hosts file. You don't want to
10100 strip the dot first though because we're trying to ensure
10103 PRALIASES: fix bogus output on non-null-terminated strings.
10105 CONFIG: Avoid rewriting anything that matches $w to be $j.
10106 This was in code intended to only catch the self-literal
10109 still do this if $M is defined; this is necessary to
10110 get client configurations to work (sigh). Note that this
10117 and USENET_MAILER_MAX to tweak the maximum message
10119 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0]
10122 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB,
10125 CONFIG: Fix route-addr syntax in nullrelay configuration set.
10132 CONFIG: Don't include -z by default on uux line -- most systems
10135 CONFIG: Fix some bugs with mailertables -- for example, if your
10137 ".ray.com", the old implementation bound %1 to "bar"
10139 to match anything -- essentially, take over SMART_HOST.
10141 before the mailertable so they don't have to be special
10146 CONFIG: Don't include "root" in class $=L (users to deliver
10149 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore
10156 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4])
10167 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>.
10186 to allow root to own any file was backwards). From
10189 were invoked. This caused programs to have group
10192 Perl scripts would refuse to run.
10193 Security: check to make sure files that are written are not
10195 Although this does not respond to a specific known
10203 appear in /etc/shells before allowing a .forward to
10206 permit world-writable :include: files to reference
10207 programs or files (there's no way to disable this).
10208 These behaviors are only one level deep -- for
10209 example, it is legal for a world-writable :include:
10210 file to reference an alias that writes a file, on
10214 allow a cracker to examine files that were publicly
10215 readable but in a non-publicly searchable directory.
10217 connection to create problems on the current job.
10220 Reset CurrentLA in sendall() -- this makes sendmail queue
10221 runs more responsive to load average, and fixes a
10226 Revert to using flock() whenever possible -- there are just
10228 NFS, that cause sendmail to fail in perverse ways.
10229 Fix a bug that causes the connection cache to get confused
10237 Fix problem that caused :include:s from alias files to be
10238 forced to be owned by root instead of daemon
10240 Diagnose unrecognized I option values -- from Mortin Forssen
10243 code associated with it -- previously it returned OK
10248 "." to be discarded. Problem noted by Liudvikas Bukys.
10249 Fix core dump on SMTP mail to programs that failed -- it tried
10250 to go to a "next MX host" when none existed, causing
10252 Change IDENTPROTO from a defined/not defined to a 0/1 switch;
10253 this makes it easier to turn it off (using
10254 -DIDENTPROTO=0 in the Makefile). From der Mouse.
10255 Fix YP_MASTER_NAME store to use the unupdated result of
10257 to fully qualify the name) to be consistent with
10259 transfers to secondary servers. Bug noted by Keith
10263 to be trashed. Use the size of the sockaddr instead.
10265 Don't assume "-a." on host lookups if NAMED_BIND is not
10266 defined -- this confuses gethostbyname on hosts
10272 "host unknown" message is authoritative -- it
10274 Fix a problem that would cause Deferred: messages to be sent
10280 Limit delivery syslog line length to avoid bugs in some
10284 Fix quotes inside of comments in addresses -- previously
10287 Dump open file state to syslog upon receiving SIGUSR1 (for
10292 Change -qI, -qR, and -qS flags to be case-insensitive as
10300 I've only seen this when talking to buggy mailers on
10305 Full-Name: field was being ignored. Fix from Motonori Nakamura
10313 Initialize non-alias maps during alias rebuilds -- they may be
10318 Don't reflect the owner-list contents into the envelope sender
10319 address if the value contains ", :, /, or | (to avoid
10321 Efficiency hack for toktype macro -- from Craig Partridge of
10325 Remember to set $i during queue runs. Reported by Stephen
10328 canonification as the name of a file with per-user host
10337 to include a host name or other useful information.
10340 Fix a glitch that sometimes caused :include:s that pointed to
10341 NFS filesystems that were down to give an "aliasing/
10347 Make sure that route-addrs always have <angle brackets> around
10348 them in non-SMTP envelopes (SMTP envelopes already do
10351 ``Joe User <user)'' -- this caused reference to the
10353 Fix a problem that caused an alias "user: user@local.host" to
10355 to act as if FEATURE(notsticky) was defined even when
10356 it was not. The effect of the problem was to make it
10357 very hard to to set up satellite sites that had a few
10358 local accounts, with everything else forwarded to a
10361 Change queuing to not call rulesets 3, {1 or 2}, 4 on header
10365 non-idempotent unless a mailer-specific ruleset did
10368 Fix the "obsolete argument" routine in main to better understand
10370 -C config -v -q'' it would choke on the -q because
10371 the -C would stop looking for old-format arguments.
10372 Fix the code that was intended to allow two users to forward their
10373 mail to the same program and have them appear unique.
10395 HP-UX from various people. NOTA BENE: the location
10396 of the config file has moved to /usr/lib
10397 to match the HP-UX version of sendmail.
10401 main point of this is to avoid munging (ugh) UUCP
10406 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset
10411 CONFIG: Add trailing "." on pseudo-domains for consistency;
10413 that made it hard to recognize your own pseudodomain
10415 CONFIG: catch "@host" syntax errors (i.e., null local-parts)
10418 CONFIG: add uucp-uudom mailer variant, based on code posted
10420 has uucp-dom semantics but old UUCP syntax. This
10421 also permits "uucp-old" as an alias for "uucp" and
10422 "uucp-new" as a synonym for "suucp" for consistency.
10425 CONFIG: drop CSNET_RELAY support -- CSNET is long gone.
10429 added to the address. Problem noted by Peter Wan
10433 CONFIG: changes to UUCP rewriting to simulate IDA-style "V"
10434 mailer flag. Briefly, if you are sending to host
10435 "foo", then it rewrites "foo!...!baz" to "...!baz",
10438 CONFIG: portability fixes for HP-UX.
10445 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES:
10446 On HP-UX, /etc/sendmail.cf has been moved to
10447 /usr/lib/sendmail.cf to match HP sendmail.
10448 Permissions have been tightened up on world-writable
10452 before to start failing.
10453 SIGUSR1 dumps some state to the log.
10473 Repair core-dump problem (write to read-only memory segment)
10474 if you fall back to the return-to-Postmaster case in
10485 and High-Energy Physics.
10486 Fix some problems that caused queue runs to do "too much work",
10487 such as double-reading the Errors-To: header. From
10490 data file) were getting suppressed in SMTP -- this
10491 fix causes them to be properly reported. From Eric
10493 Some changes to support AF_UNIX sockets -- this will only
10501 Improve logging to show ctladdr on to= logging; this tells you
10503 Fix a problem that caused error messages to be discarded if
10505 this was supposed to fall back to the "return to
10510 CONFIG: patch prog mailer to not strip host name off of envelope
10513 CONFIG: change uucp-dom mailer so that "<>" translates to $n;
10522 addresses that get return-receipts.
10524 messages -- some people don't read carefully enough
10535 in sender SMTP, as this could cause the connection to
10541 Fix a problem that can cause srvrsmtp to reject mail if the
10542 name server is down -- it accepts the RCPT but rejects
10546 incorrectly resolves to a null hostname. Reported by
10548 Non-root use of -C flag, dangerous -f flags, and use of -oQ
10549 by non-root users were not put into
10550 X-Authentication-Warning:s as intended because the
10552 from Sven-Ove Westberg of the University of Lulea.
10554 could get confused as to whether a database was
10556 Check "vendor code" on the end of V lines -- this is
10557 intended to provide a hook for vendor-specific
10559 but I've made an exception to my rule in a belief
10568 Fix error message handling -- if you had a name server down
10570 propagated to the queue file.
10573 Configuration cleanup: make it easier to undo IDENTPROTO in
10579 Another patch to really truly ignore MX records in getcanonname
10582 delivery" message to be omitted if there was an error
10583 in the header of the message (e.g., a bad Errors-To:
10586 is an IDA-ism suggested by Christophe Wolfhugel.
10594 Some changes to get around gcc optimizer bugs. From Takahiro
10604 when reading :include: files, allowing you to read some
10605 files that you should be able to read but have previously
10609 if the user is forced to override some silly system,
10611 Fix a couple of efficiency problems where newstr was double-
10615 Fix null pointer dereference in putoutmsg -- only on an error
10616 condition from a non-SMTP mailer. From Motonori
10620 Fix problem that caused error message to be sent while still
10621 trying to send the original message if the connection
10625 Fix reply to NOOP to be 250 instead of 200 -- this is a long
10628 cannot deliver for N hours -- will keep trying" message;
10633 Allow u and g options to take user and group names respectively.
10634 Don't do a chdir into the queue directory in -bt mode to make
10636 Don't allow users to turn off logging (using -oL) on the command
10637 line -- command line can only raise, not lower, logging
10639 Set $u to the original recipient on the SMTP transaction or on
10645 you used the -t flag. Problem noted by Josh Smith of
10647 Given an address such as ``<foo> <bar>'', auto-quote the first
10648 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to
10652 an Errors-To: header in the message, and have Errors-To:
10654 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get
10657 df file got lost; this would cause servers to always
10662 Kucherawy of HookUp Communication Corp. to handle bogus
10664 Change $w default definition to be just the first component of
10666 to the FQDN; $m remains as before. This lets well-behaved
10669 Add makesendmail script in src to try to automate multi-architecture
10670 builds. I know, this is sub-optimal, but it is still
10672 Fix very obscure race condition that can cause a queue run to
10676 Fix a problem that caused the raw sender name to be passed to
10677 udbsender instead of the canonified name -- this caused
10678 it to sometimes miss records that it should have found.
10679 Relax check of name on HELO packet so that a program using -bs
10680 that claims to be itself works properly.
10682 buildaddr -- this requires passing a lot of flags to get
10688 Fix problem with fcntl locking that can cause error returns to
10691 would get returned), and then re-reading the queue from
10694 true address to still send to the original address
10700 Fix problem that can cause error messages to get ignored when
10701 using both -odb and -t flags. Problem noted by Rob
10706 Add "restrictqrun" privacy flag -- without this, anyone can run
10710 Pass an "ext" argument to lockfile so that error/log messages
10712 Put all [...] address forms into $=w -- this eliminates the need
10715 Fix a bug that can cause qf files to be left around even after
10718 Don't send a PostmasterCopy to errors when the Precedence: is
10719 negative. Error reports still go to the envelope
10723 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to
10725 run over a slow slip line you may need to set these down
10726 (although it would be better to fix the SLIP implementation
10727 so that it's not necessary to recompile every program
10735 Fix makemap -f flag to turn off case folding (it was turning it
10737 Fix a problem that caused multiple error messages to be sent if
10738 you used "sendmail -t -oem -odb", your system uses fcntl
10743 called, the code to recover the descriptor was broken.
10746 Fix a problem that caused aliaswait to go into infinite recursion
10752 Fix a problem causing the "c" option (don't connect to expensive
10753 mailers) to be ignored in SMTP. Problem noted and the
10756 Improve connection caching algorithm by passing "[host]" to
10759 to match regular entries.
10760 Re-enable Return-Receipt-To: -- people seem to want this stupid
10762 Catch and log attempts to try the "wiz" command in server SMTP.
10763 This also ups the log level from LOG_NOTICE to LOG_CRIT.
10764 Be more generous at assigning $z to the home directory -- do this
10767 Always save a fatal error message in preference to a non-fatal
10770 CONFIG: reduce the number of quotes needed to quote configuration
10773 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom
10774 connections (domain-ized UUCP).
10775 CONFIG: fix bug in default maps (-o must be before database file
10777 CONFIG: add FEATURE(nodns) to state that we are not relying on
10783 CONFIG: don't assume "m" in local mailer flags -- this means that
10784 if you redefine LOCAL_MAILER_FLAGS you will have to include
10788 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults).
10789 CONFIG: change default version level from 4 to 5.
10790 CONFIG: add FEATURE(nullclient) to create a config file that
10791 forwards all mail to a hub without ever looking at the
10794 used to change .BITNET form into %-hack form.
10799 way to do this, but the change is fairly major and I
10800 want to hold it for another release. Problem noted by
10806 everything as though it had an SMTP-style client that
10808 Change "trymx" option in getcanonname() to ignore all MX data,
10816 Fix a problem causing error messages to always include "The
10819 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their
10820 version of "test" doesn't have the -x flag). Change it
10821 to use -f instead. From John Myers.
10822 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to
10823 esmtp -- it should be smtp.
10825 to "relay" (a variant of "smtp") if MAILER(smtp) is used,
10828 problem that caused route-addrs to get mistaken as relays,
10830 the default on SMART_HOST to change from "suucp" to
10834 Add option `w'. If you receive a message that comes to you because
10837 your .cf file, this option will cause you to try the target
10845 Fix a problem that caused the incoming socket to be left open
10847 calling systems to wait in FIN_WAIT_2 state until the
10848 entire list was processed and the child closed -- a
10851 Fix problem (created in 6.64) that caused mail sent to multiple
10852 addresses, one of which was a bad address, to completely
10862 will only hurt already-broken software and should help
10870 this to only log "done" (at log level 11) when the
10875 Fix a bug causing getmxrr to add a dot to the end of unqualified
10876 domains that do not have MX records -- this would cause
10877 the subsequent host name lookup to fail. The problem
10880 Fix invocation of setvbuf when passed a -X flag -- I had
10883 Diagnose self-destructive alias loops on RCPT as well as EXPN.
10893 These are not reported only to Postmaster. Unbalanced
10895 They are always mapped to 5xx codes before use in SMTP.
10896 Clean up error messages to tell both the actual address that
10898 somewhat easier to diagnose problems. Difficulty noted
10900 Fix a problem that inappropriately added a ctladdr to addresses
10902 caused error messages to be handled differently during
10905 the direct run of the queue from srvrsmtp -- this was
10906 just extra stuff for users to crawl through.
10908 auto-restart the daemon with all appropriate arguments.
10909 Use "kill `head -1 /etc/sendmail.pid`" to stop the
10910 daemon, and "eval `tail -1 /etc/sendmail.pid`" to
10912 Remove the ``setuid(getuid())'' in main -- this caused the
10913 IDENT daemon to screw up. This required that I change
10914 HASSETEUID to HASSETREUID and complicate the mode
10916 to have a bug causing seteuid() to set the saved uid
10918 will test to see if your implementation of setreuid(2)
10920 The FallBackMXhost (option V) handling failed to properly identify
10921 fallback to yourself -- most of the code was there,
10924 Change :include: open timeout from ETIMEDOUT to an internal
10929 Back out setpgrp (setpgid on POSIX systems) call to reset the
10930 process group id. The original fix was to get around
10933 different from the process id. I could try to fix
10935 equivalent) but this is too likely to break other
10938 Support -M as equivalent to -oM on Ultrix -- apparently
10939 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs
10943 SGI IRIX -- this includes several changes that should
10945 SCO Unix -- from Murray Kucherawy of HookUp Communication
10953 CONFIG: add confTRY_NULL_MX_LIST to set option `w'.
10958 CONFIG: generalize all the relays to accept a "mailer:host"
10964 internet-style addresses would "fall off the end" of
10965 ruleset zero and be interpreted as local -- however,
10973 early in ruleset 0; this allows .mc authors to bypass
10976 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or
10977 esmtp) to send SMTP mail. This allows you to default
10978 to esmtp but use a mailertable or other override to
10980 to me by Bill Wisner. Ditto for confLOCAL_MAILER.
10981 Changes to cf/sh/makeinfo.sh to make it portable to SVR4
10989 the place of the old _POSIX_SAVED_IDS -- it turns out
10990 that the POSIX interface is broken enough to break
10992 HP-UX. Also fixes problems where the real uid is
10994 Fix a problem that caused timed out messages to not report the
10997 Drop required bandwidth on connections from 64 bytes/sec to
10999 Further Solaris portability changes -- doesn't require the BSD
11002 you want to use getdtablesize(2) instead of sysconf(2).
11004 University of Oregon. This now seems to work, at least
11006 Fix a problem that can cause duplicate error messages to be
11007 sent if you are in SMTP, you send to multiple addresses,
11009 to an account that has a .forward file (whew!).
11010 Fix a problem causing messages to be discarded if checkcompat()
11012 the "to" address). Problem noted by John Myers.
11013 Fix dfopen to return NULL if the open failed; I was depending
11014 on fdopen(-1) returning NULL, which isn't the case. This
11017 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of
11018 messages sent through UUCP-family mailers. Suggested
11021 include a "uucp-dom" mailer that uses domain-style
11023 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match
11029 Don't drop out on config file parse errors in -bt mode.
11030 On older configuration files, assume option "l" (use Errors-To
11032 imply an endorsement of the Errors-To: header in any way.
11033 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why???
11034 Don't log errors on EHLO -- it isn't a "real" error for an old
11035 SMTP server to give an error on this command, and
11043 Debugging: -d17 was overloaded (hostsignature and usersmtp.c);
11044 move usersmtp (smtpinit and smtpmailfrom) to -d18 to
11052 Clean up statistics gathering; it was over-reporting because of
11054 Fix problem that causes old Return-Path: line to override new
11055 Return-Path: line (conf.c needs H_FORCE to avoid
11056 re-using old value). From Motonori Nakamura.
11057 Fix broken -m flag in K definition -- even if -m (match only)
11062 has been moved from markfailure() to dropenvelope()
11068 when reading your .forward file, you have to own and
11070 the root and directories leading up to your home);
11073 If _POSIX_SAVED_IDS is defined, setuid to the owner before
11078 Additional HP-UX portability enhancements from Brian Bullen.
11082 is separate; this is just intended to work around
11085 Change map code to set the "include null" flag adaptively --
11088 null and vice versa. If -N is specified, it never
11090 null byte. If -O is specified, it never tries with
11091 the null (for efficiency). If -N and -O are specified,
11092 you get -NO (get it?) lookup at all, so this would
11093 be a bad idea. If you don't specify either -N or -O,
11097 this used to work and got broken somewhere along the
11099 Some changes to eliminate some unnecessary SYSERRs in the
11102 Add some "extended debugging" flags to try to track down
11104 one being closed when execing a mailer; it seems to
11108 Add "-X filename" command line flag, which logs both sides of
11113 This output is not intended to be particularly human
11116 CONFIG: change SMART_HOST to override an SMTP mailer. If you
11118 will need to use LOCAL_NET_CONFIG to catch these hosts.
11120 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle
11121 sites that don't use the -d flag.
11125 local aliases. For example, if you mail to "localalias"
11130 to qualified domains in headers. I believe this is
11131 largely equivalent to the IDA feature of the same name.
11133 to override the "system name" as your UUCP name --
11134 in particular, to use domain-ized UUCP names. From
11141 Serious security bug fix: it was possible to read any file on