xref: /freebsd/contrib/sendmail/RELEASE_NOTES (revision 3823d5e198425b4f5e5a80267d195769d1063773)
1			SENDMAIL RELEASE NOTES
2
3
4This listing shows the version of the sendmail binary, the version
5of the sendmail configuration files, the date of release, and a
6summary of the changes in that release.
7
88.14.9/8.14.9	2014/05/21
9	SECURITY: Properly set the close-on-exec flag for file descriptors
10		(except stdin, stdout, and stderr) before executing mailers.
11	Fix a misformed comment in conf.c: "/*" within comment
12		which may cause a compilation error on some systems.
13		Problem reported by John Beck of Oracle.
14	DEVTOOLS: Fix regression in auto-detection of libraries when only
15		shared libraries are available.  Problem reported by
16		Bryan Costales.
17
188.14.8/8.14.8	2014/01/26
19	Properly initialize all OpenSSL algorithms for versions before
20		OpenSSL 0.9.8o. Without this SHA2 algorithms may not
21		work properly, causing for example failures for certs
22		that use sha256WithRSAEncryption as signature algorithm.
23	When looking up hostnames, ensure only to return those records
24		for the requested family (AF_INET or AF_INET6).
25		On system that have NEEDSGETIPNODE and NETINET6
26		this may have failed and cause delivery problems.
27		Problem noted by Kees Cook.
28	A new mailer flag '!' is available to suppress an MH hack
29		that drops an explicit From: header if it is the
30		same as what sendmail would generate.
31	Add an FFR (for future release) to use uncompressed IPv6 addresses,
32		i.e., they will not contain "::".  For example, instead
33		of ::1 it will be 0:0:0:0:0:0:0:1.  This means that
34		configuration data (including maps, files, classes,
35		custom ruleset, etc) have to use the same format.
36		This will be turned on in 8.15.  It can be enabled in 8.14
37		by compiling with:
38		APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_IPV6_FULL')
39		in your devtools/Site/site.config.m4 file.
40	Add an additional case for the WorkAroundBrokenAAAA check when
41		dealing with broken nameservers by ignoring SERVFAIL
42		errors returned on T_AAAA (IPv6) lookups at delivery time.
43		Problem noted by Pavel Timofeev of OCS.
44	If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to
45		setusercontext() on deliveries as a different user.
46		Patch from Edward Tomasz Napierala from FreeBSD.
47	Avoid compiler warnings from a change in Cyrus-SASL 2.1.25.
48		Patch from Hajimu UMEMOTO from FreeBSD.
49	Add support for DHParameters 2048-bit primes.
50	CONFIG: Accept IPv6 literals when evaluating the HELO/EHLO argument
51		in FEATURE(`block_bad_helo').  Suggested by Andrey Chernov.
52	LIBSMDB: Add a missing check for malloc() in libsmdb/smndbm.c.
53		Patch from Bill Parker.
54	LIBSMDB: Fix minor memory leaks in libsmdb/ if allocations
55		fail.  Patch from John Beck of Oracle.
56	Portability:
57		Add support for Darwin 12.x and 13.x (Mac OS X 10.8 and 10.9).
58		On Linux use socklen_t as the type for the 3rd argument
59		for getsockname/getpeername if the glibc version is at
60		least 2.1.
61	Added Files:
62		devtools/OS/Darwin.12.x
63		devtools/OS/Darwin.13.x
64
658.14.7/8.14.7	2013/04/21
66	Drop support for IPv4-mapped IPv6 addresses to prevent the MTA
67		from using a mapped address over a legitimate IPv6 address
68		and to enforce the proper semantics over the IPv6
69		connection.  Problem noted by Ulrich Sporlein.
70	Fix a regression introduced in 8.14.6: the wrong list of
71		macros was sent to a milter in the EHLO stage.
72		Problem found by Fabrice Bellet, reported via RedHat
73		(Jaroslav Skarvada).
74	Fix handling of ORCPT parameter for DSNs: xtext decoding
75		was not performed and a wrong syntax check was applied
76		to the "addr-type" field.  Problem noted by Dan Lukes
77		of Obludarium.
78	Fix handling of NUL characters in the MIME conversion functions
79		so that message bodies containing them will be sent
80		on properly. Note: this usually also affects mails
81		that are not converted as those functions are used
82		for other purposes too.  Problem noted by Elchonon
83		Edelson of Lockheed Martin.
84	Do not perform "duplicate" elimination of recipients if they
85		resolve to the error mailer using a temporary failure
86		(4xy) via ruleset 0.  Problem noted by Akira Takahashi
87		of IIJ.
88	CONTRIB: Updated version of etrn.pl script from John Beck
89		of Oracle.
90	Portability:
91		Unlike gcc, clang doesn't apply full prototypes to K&R
92		definitions.
93
948.14.6/8.14.6	2012/12/23
95	Fix a regression introduced in 8.14.5: if a server offers
96		two AUTH lines, the MTA would not read them after
97		STARTTLS has been used and hence SMTP AUTH for
98		the client side would fail.  Problem noted by Lena.
99	Do not cache hostnames internally in a non case sensitive way
100		as that may cause addresses to change from lower case
101		to upper case or vice versa. These header modifications
102		can cause problems with milters that rely on receiving
103		headers in the same way as they are being sent out such
104		as a DKIM signing milter.
105	If MaxQueueChildren is set then it was possible that new queue
106		runners could not be started anymore because an
107		internal counter was subject to a race condition.
108	If a milter decreases the timeout it waits for a communication
109		with the MTA, the MTA might experience a write() timeout.
110		In some situations, the resulting error might have been
111		ignored.  Problem noted by Werner Wiethege.
112		Note: decreasing the communication timeout in a milter
113		should not be done without considering the potential
114		problems.
115	smfi_setsymlist() now properly sets the list of macros for
116		the milter which invoked it, instead of a global
117		list for all milters.  Problem reported by
118		David Shrimpton of the University of Queensland.
119	If Timeout.resolver.retrans is set to a value larger than 20,
120		then resolver.retry was temporarily set to 0 for
121		gethostbyaddr() lookups. Now it is set to 1 instead.
122		Patch from Peter.
123	If sendmail could not lock the statistics file due to a system
124		error, and sendmail later sends a DSN for a mail that
125		triggered such an error, then sendmail tried to access
126		memory that was freed before (causing a crash on some
127		systems).  Problem reported by Ryan Stone.
128	Do not log negative values for size= nor pri= to avoid confusing
129		log parsers, instead limit the values to LONG_MAX.
130	Account for an API change in newer versions of Cyrus-SASL.
131		Patch from Hajimu UMEMOTO from FreeBSD.
132	Do not try to resolve link-local addresses for IPv4 (just as it
133		is done for IPv6).  Patch from John Beck of Oracle.
134	Improve logging of client and server STARTTLS connection failures
135		that may be due to incompatible cipher lists by including
136		the reason for the failure in a single log line.  Suggested
137		by James Carey of Boeing.
138	Portability:
139		Add support for Darwin 11.x (Mac OS X 10.7).
140		Add support for SunOS 5.12 (aka Solaris 12). Patch from
141		John Beck of Oracle.
142	Added Files:
143		devtools/OS/Darwin.11.x
144		devtools/OS/SunOS.5.12
145
1468.14.5/8.14.5	2011/05/17
147	Do not cache SMTP extensions across connections as the cache
148		is based on hostname which may not be a unique identifier
149		for a server, i.e., different machines may have the
150		same hostname but provide different SMTP extensions.
151		Problem noted by Jim Hermann.
152	Avoid an out-of-bounds access in case a resolver reply for a DNS
153		map lookup returns a size larger than 1K.  Based on a
154		patch from Dr. Werner Fink of SuSE.
155	If a job is aborted using the interrupt signal (e.g., control-C from
156		the keyboard), perform minimal cleanup to avoid invoking
157		functions that are not signal-safe. Note: in previous
158		versions the mail might have been queued up already
159		and would be delivered subsequently, now an interrupt
160		will always remove the queue files and thus prevent
161		delivery.
162	Per RFC 6176, when operating as a TLS client, do not offer SSLv2.
163	Since TLS session resumption is never used as a client, disable
164		use of RFC 4507-style session tickets.
165	Work around gcc4 versions which reverse 25 years of history and
166		no longer align char buffers on the stack, breaking calls
167		to resolver functions on strict alignment platforms.
168		Found by Stuart Henderson of OpenBSD.
169	Read at most two AUTH lines from a server greeting (up to two
170		lines are read because servers may use "AUTH mechs" and
171		"AUTH=mechs"). Otherwise a malicious server may exhaust
172		the memory of the client.  Bug report by Nils of MWR
173		InfoSecurity.
174	Avoid triggering an assertion in the OpenLDAP code when the
175		connection to an LDAP server is lost while making a query.
176		Problem noted and patch provided by Andy Fiddaman.
177	If ConnectOnlyTo is set and sendmail is compiled with NETINET6
178		it would try to use an IPv6 address if an IPv4 (or
179		unparseable) address is specified.
180	If SASLv2 is used, make sure that the macro {auth_authen} is
181		stored in xtext format to avoid problems with parsing
182		it.  Problem noted by Christophe Wolfhugel.
183	CONFIG: FEATURE(`ldap_routing') in 8.14.4 tried to add a missing
184		-T<TMPF> that is required, but failed for some cases
185		that did not use LDAP.  This change has been undone
186		until a better solution can be implemented.  Problem
187		found by Andy Fiddaman.
188	CONFIG: Add cf/ostype/solaris11.m4 for Solaris11 support.
189		Contributed by Casper Dik of Oracle.
190	CONTRIB: qtool.pl: Deal with H entries that do not have a
191		letter between the question marks.  Patch from
192		Stefan Christensen.
193	DOC: Use a better description for the -i option in sendmail.
194		Patch from Mitchell Berger.
195	Portability:
196		Add support for Darwin 10.x (Mac OS X 10.6).
197		Enable HAVE_NANOSLEEP for FreeBSD 3 and later.  Patch
198		from John Marshall.
199		Enable HAVE_NANOSLEEP for OpenBSD 4.3 and later.
200		Use new directory "/system/volatile" for PidFile on
201		Solaris 11.  Patch from Casper Dik of Oracle.
202		Fix compilation on Solaris 11 (and maybe some other
203		OSs) when using OpenSSL 1.0.  Based on patch from
204		Jan Pechanec of Oracle.
205		Set SOCKADDR_LEN_T and SOCKOPT_LEN_T to socklen_t
206		for Solaris 11.  Patch from Roger Faulkner of Oracle.
207	New Files:
208		cf/ostype/solaris11.m4
209
2108.14.4/8.14.4	2009/12/30
211	SECURITY: Handle bogus certificates containing NUL characters
212		in CNs by placing a string indicating a bad certificate
213		in the {cn_subject} or {cn_issuer} macro.  Patch inspired
214		by Matthias Andree's changes for fetchmail.
215	During the generation of a queue identifier an integer overflow
216		could occur which might result in bogus characters
217		being used.  Based on patch from John Vannoy of
218		Pepperdine University.
219	The value of headers, e.g., Precedence, Content-Type, et.al.,
220		was not processed correctly.  Patch from Per Hedeland.
221	Between 8.11.7 and 8.12.0 the length limitation on a return
222		path was erroneously reduced from MAXNAME (256) to
223		MAXSHORTSTR (203).  Patch from John Gardiner Myers
224		of Proofpoint; the problem was also noted by Steve
225		Hubert of University of Washington.
226	Prevent a crash when a hostname lookup returns a seemingly
227		valid result which contains a NULL pointer (this seems
228		to be happening on some Linux versions).
229	The process title was missing the current load average when
230		the MTA was delaying connections due to DelayLA.
231		Patch from Dick St.Peters of NetHeaven.
232	Do not reset the number of queue entries in shared memory if
233		only some of them are processed.
234	Fix overflow of an internal array when parsing some replies
235		from a milter.  Problem found by Scott Rotondo
236		of Sun Microsystems.
237	If STARTTLS is turned off in the server (via M=S) then it
238		would not be initialized for use in the client either.
239		Patch from Kazuteru Okahashi of IIJ.
240	If a Diffie-Hellman cipher is selected for STARTTLS, the
241		handshake could fail with some TLS implementations
242		because the prime used by the server is not long enough.
243		Note: the initialization of the DSA/DH parameters for
244		the server can take a significant amount of time on slow
245		machines. This can be turned off by setting DHParameters
246		to none or a file (see doc/op/op.me).  Patch from
247		Petr Lampa of the Brno University of Technology.
248	Fix handling of `b' modifier for DaemonPortOptions on little
249		endian machines for loopback address.  Patch from
250		John Beck of Sun Microsystems.
251	Fix a potential memory leak in libsmdb/smdb1.c found by parfait.
252		Based on patch from Jonathan Gray of OpenBSD.
253	If a milter sets the reply code to "421" during the transfer
254		of the body, the SMTP server will terminate the SMTP session
255		with that error to match the behavior of the other callbacks.
256	Return EX_IOERR (instead of 0) if a mail submission fails due to
257		missing disk space in the mail queue.  Based on patch
258		from Martin Poole of RedHat.
259	CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would
260		cause addresses not found in LDAP to be misparsed.
261	CONFIG: Using a CN restriction did not work for TLS_Clt as it
262		referred to a wrong macro.  Patch from John Gardiner
263		Myers of Proofpoint.
264	CONFIG: The option relaytofulladdress of FEATURE(`access_db')
265		did not work if FEATURE(`relay_hosts_only') is used too.
266		Problem noted by Kristian Shaw.
267	CONFIG: The internal function lower() was broken and hence
268		strcasecmp() did not work either, which could cause
269		problems for some FEATURE()s if upper case arguments
270		were used.  Patch from Vesa-Matti J Kari of the
271		University of Helsinki.
272	LIBMILTER: Fix internal check whether a milter application
273		is compiled against the same version of libmilter as
274		it is linked against (especially useful for dynamic
275		libraries).
276	LIBMILTER: Fix memory leak that occurred when smfi_setsymlist()
277		was used.  Based on patch by Dan Lukes.
278	LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters
279		which add, insert, or replace headers.  From Benjamin
280		Pineau.
281	LIBMILTER: Fix error messages which refer to "select()" to be
282		correct if SM_CONF_POLL is used.  Based on patch from
283		John Nemeth.
284	LIBSM: Fix handling of LDAP search failures where the error is
285		carried in the search result itself, such as seen with
286		OpenLDAP proxy servers.
287	VACATION: Do not refer to a local variable outside its scope.
288		Based on patch from Mark Costlow of Southwest Cyberport.
289	Portability:
290		Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from
291		John Beck of Sun Microsystems.
292		Drop NISPLUS from default SunOS 5.11 map definitions.
293		Patch from John Beck of Sun Microsystems.
294
2958.14.3/8.14.3	2008/05/03
296	During ruleset processing the generation of a key for a map
297		lookup and the parsing of the default value was broken
298		for some macros, e.g., $|, which caused the BlankSub
299		character to be inserted into the workspace and thus
300		failures, e.g., rules that should have matched did not.
301	8.14.2 caused a regression: it accessed (macro) storage which was
302		freed before. First instance of the problem reported by
303		Matthew Dillon of DragonFlyBSD; variations of the same
304		bug reported by Todd C. Miller of OpenBSD, Moritz
305		Jodeit, and Dave Hayes.
306	Improve pathname length checks for persistent host status.  Patch
307		from Joerg Sonnenberger of DragonFlyBSD.
308	Reword misleading SMTP reply text for FEATURE(`badmx').  Problem
309		noted by Beth Halsema.
310	The read timeout was fixed to be Timeout.datablock if STARTTLS
311		was activated. This may cause problems if that value
312		is lowered from its default. Problem noted by Jens Elkner.
313	CONFIG: Using LOCAL_TLS_CLIENT caused the tls_client ruleset
314		to operate incorrectly.  Problem found by Werner Wiethege.
315	LIBMILTER: Omitting some protocol steps via the xxfi_negotiate()
316		callback did not work properly. The patchlevel of
317		libmilter has been set to 1 so a milter can determine
318		whether libmilter contains this fix.
319	MAKEMAP: If a delimiter is specified (-t) use that also when
320		dumping a map.  Patch from Todd C. Miller of OpenBSD.
321	Portability:
322		Add support for Darwin 9.x (Mac OS X 10.5).
323		Support shared libraries in Darwin 8 and 9.  Patch from
324		Chris Behrens of Concentric.
325		Add support for SCO OpenServer 6, patch from Boyd Gerber.
326	DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing slash.
327	Added Files:
328		devtools/OS/Darwin.9.x
329		devtools/OS/OSR.i386
330
3318.14.2/8.14.2	2007/11/01
332	If a message was queued and it contained 8 bit characters in
333		a From: or To: header, then those characters could be
334		"mistaken" for internal control characters during a queue
335		run and trigger various consistency checks.  Problem
336		noted by Neil Rickert of Northern Illinois University.
337	If MaxMimeHeaderLength is set to a value greater than 0 (which
338		it is by default) then even if the Linelimit parameter
339		is 0, sendmail corrupted in the non-transfer-encoding
340		case every MAXLINE-1 characters.  Patch from John Gardiner
341		Myers of Proofpoint.
342	Setting the suboption DeliveryMode for DaemonPortOptions did not
343		work in earlier 8.14 versions.
344	Note: DeliveryMode=interactive is silently converted to
345		background if a milter can reject or delete a recipient.
346		Prior to 8.14 this happened only if milter could delete
347		recipients.
348	ClientRate should trigger when the limit was exceeded (as
349		documented), not when it was reached.  Patch from
350		John Beck of Sun Microsystems.
351	Force a queue run for -qGqueuegroup even if no runners are
352		specified (R=0) and forking (F=f) is requested.
353	When multiple results are requested for a DNS map lookup
354		(-z and -Z), return only those that are relevant for
355		the query (not also those in the "additional section".)
356	If the message transfer time to sendmail (when acting as server)
357		exceeds Timeout.queuewarn or Timeout.queuereturn and
358		the message is refused (by a milter), sendmail previously
359		created a delivery status notification (DSN).  Patch
360		from Doug Heath of The Hertz Corporation.
361	A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires
362		the MTA to deal with some input (i.e., "=") itself.
363		Problem noted by Eliot Lear.
364	sendmail counted a delivery as successful if PIPELINING is
365		compiled in but not offered by the server and the
366		delivery failed temporarily.  Patch from Werner Wiethege.
367	If getting the result of an LDAP query times out then close the
368		map so it will be reopened on the next lookup.  This
369		should help "failover" configurations that specify more
370		than one LDAP server.
371	If check_compat returns $#discard then a "savemail panic" could
372		be triggered under some circumstances (e.g., requiring
373		a system which does not have the compile time flag
374		HASFLOCK set). Based on patch by Motonori Nakamura
375		of National Institute of Informatics, Japan.
376	If a milter rejected a recipient, the count for nrcpts= in the
377		logfile entry might have been wrong.  Problem found by
378		Petra Humann of TU Dresden.
379	If a milter invoked smfi_chgfrom() where ESMTP arguments are not
380		NULL, the message body was lost.  Patch from Motonori
381		Nakamura of National Institute of Informatics, Japan.
382	sendmail(8) had a bogus space in -qGname.  Patch from Peng Haitao.
383	CONTRIB: buildvirtuser: Preserve ownership and permissions when
384		replacing files.
385	CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
386		reading the /etc/mail/virtusers/ directory.
387	CONTRIB: buildvirtuser: Emit warnings instead of exiting where
388		appropriate.
389	LIBMILTER: Fix ABI backwards compatibility so milters compiled
390		against an older libmilter.so shared library can use an
391		8.14 libmilter.so shared library.
392	LIBMILTER: smfi_version() did not properly extract the patchlevel
393		from the version number, however, the returned value was
394		correct for the current libmilter version.
395
3968.14.1/8.14.1	2007/04/03
397	Even though a milter rejects a recipient the MTA will still keep
398		it in its list of recipients and deliver to it if the
399		transaction is accepted. This is a regression introduced
400		in 8.14.0 due to the change for SMFIP_RCPT_REJ.  Bug
401		found by Andy Fiddaman.
402	The new DaemonPortOptions which begin with a lower case character
403		could not be set in 8.14.0.
404	If a server shut down the connection in response to a STARTTLS
405		command, sendmail would log a misleading error message
406		due to an internal inconsistency.  Problem found by
407		Werner Wiethege.
408	Document how some sendmail.cf options change the behavior of mailq.
409		Noted by Paul Menchini of the North Carolina School of
410		Science and Mathematics.
411	CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
412	CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
413		of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
414		m4 options for setting MaxNOOPCommands and
415		SharedMemoryKeyFile.
416	CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
417		options for setting Milter.macros.eoh and Milter.macros.data.
418	CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
419		Patch from Daniel Carroll of Mesa State College.
420	LIBMILTER: Make sure an unknown command does not affect the
421		currently available macros.  Problem found by Andy Fiddaman.
422	LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
423		negotiation.  Problem reported by Bryan Costales.
424	LIBMILTER: Fix several minor errors in the documentation.
425		Patches from Bryan Costales.
426	PORTABILITY FIXES:
427		AIX 5.{1,2}: libsm/util.c failed to compile due to
428			redefinition of several macros, e.g., SIG_ERR.
429			Patch from Jim Pirzyk with assistance by Bob
430			Booth, University of Illinois at Urbana-Champaign.
431		Add support for QNX.6.  Patch from Sean Boudreau of QNX
432			Software Systems.
433	New Files:
434		devtools/M4/depend/QNX6.m4
435		devtools/OS/QNX.6.x
436		include/sm/os/sm_os_qnx.h
437
438	New Files added in 8.14.0, but not shown in the release notes entry:
439		libmilter/docs/smfi_chgfrom.html
440		libmilter/docs/smfi_version.html
441
4428.14.0/8.14.0	2007/01/31
443	Header field values are now 8 bit clean.  Notes:
444		- header field names are still restricted to 7 bit.
445		- RFC 2822 allows only 7 bit (US-ASCII) characters in
446		  headers.
447	Preserve spaces after the colon in a header.  Previously, any
448		number of spaces after the colon would be changed to
449		exactly one space.
450	In some cases of deeply nested aliases/forwarding, mail can
451		be silently lost.  Moreover, the MaxAliasRecursion
452		limit may be reached too early, e.g., the counter
453		may be off by a factor of 4 in case of a sequence of
454		.forward files that refer to others.  Patch from
455		Motonori Nakamura of Kyoto University.
456	Fix a regression in 8.13.8: if InputMailFilters is set then
457		"sendmail -bs" can trigger an assertion because the
458		hostname of the client is undefined.  It is now set
459		to "localhost" for the xxfi_connect() callback.
460	Avoid referencing a freed variable during cleanup when terminating.
461		Problem reported and diagnosed by Joe Maimon.
462	New option HeloName to set the name for the HELO/EHLO command.
463		Patch from Nik Clayton.
464	New option SoftBounce to issue temporary errors (4xy) instead of
465		permanent errors (5xy).  This can be useful for testing.
466	New suboptions for DaemonPortOptions to set them individually
467		per daemon socket:
468			DeliveryMode	DeliveryMode
469			refuseLA	RefuseLA
470			delayLA		DelayLA
471			queueLA		QueueLA
472			children	MaxDaemonChildren
473	New option -K for LDAP maps to replace %1 through %9 in the
474		lookup key with the LDAP escaped contents of the
475		arguments specified in the map lookup.  Loosely based
476		on patch from Wolfgang Hottgenroth.
477	Log the time after which a greet_pause delay triggered.  Patch
478		from Nik Clayton.
479	If a client is rejected via TCP wrapper or some other check
480		performed by validate_connection() (in conf.c) then do
481		not also invoke greet_pause.  Problem noted by Jim Pirzyk
482		of the University of Illinois at Urbana-Champaign.
483	If a client terminates the SMTP connection during a pause
484		introduced by greet_pause, then a misleading message
485		was logged previously.  Problem noted by Vernon Schryver
486		et.al., patch from Matej Vela.
487	New command "mstat" for control socket to provide "machine
488		readable" status.
489	New named config file rule check_eom which is called at the end
490		of a message, its parameter is the size of the message.
491	If the macro {addr_type} indicates that the current address
492		is a header address it also distinguishes between
493		recipient and sender addresses (as it is done for
494		envelope addresses).
495	When a macro is set in check_relay, then its value is accessible
496		by all transactions in the same SMTP session.
497	Increase size of key for ldap lookups to 1024 (MAXKEY).
498	New option MaxNOOPCommands to override default of 20 for the
499		number of "useless" commands before the SMTP server will
500		slow down responding.
501	New option SharedMemoryKeyFile: if shared memory support is
502		enabled, the MTA can be asked to select a shared memory
503		key itself by setting SharedMemoryKey to -1 and specifying
504		a file where to store the selected key.
505	Try to deal with open HTTP proxies that are used to send spam
506		by recognizing some commands from them. If the first command
507		from the client is GET, POST, CONNECT, or USER, then the
508		connection is terminated immediately.
509	New PrivacyOptions noactualrecipient to avoid putting
510		X-Actual-Recipient lines in DSNs revealing the actual
511		account that addresses map to.  Patch from Dan Harkless.
512	New options B, z, and Z for DNS maps:
513		-B: specify a domain that is always appended to queries.
514		-z: specify the delimiter at which to cut off the result of
515			a query if it is too long.
516		-Z: specify the maximum number of entries to be concatenated
517			to form the result of a lookup.
518	New target "check" in the Makefile of libsm: instead of running tests
519		implicitly while building libsm, they must be explicitly
520		started by using "make check".
521	Fixed some inconsistent checks for NULL pointers that have been
522		reported by the SATURN tool which has been developed by
523		Isil Dillig and Thomas Dillig of Stanford University.
524	Fix a potential race condition caused by a signal handler for
525		terminated child processes.  Problem noted by David F. Skoll.
526	When a milter deleted a recipient, that recipient could cause a
527		queue group selection. This has been disabled as it was not
528		intended.
529	New operator 'r' for the arith map to return a random number.
530		Patch from Motonori Nakamura of Kyoto University.
531	New compile time option MILTER_NO_NAGLE to turn off the Nagle
532		algorithm for communication with libmilter ("cork" on Linux),
533		which may improve the communication performance on some
534		operating systems.  Patch from John Gardiner Myers of
535		Proofpoint.
536	If sendmail received input that contained a CR without subsequent LF
537		(thus violating RFC 2821 (2.3.7)), it could previously
538		generate an additional blank line in the output as the last
539		line.
540	Restarting persistent queue runners by sending a HUP signal to
541		the "queue control process" (QCP) works now.
542	Increase the length of an input line to 12288 to deal with
543		really long lines during SMTP AUTH negotiations.
544		Problem noted by Werner Wiethege.
545	If ARPANET mode (-ba) was selected STARTTLS would fail (due to
546		a missing initialization call for that case).  Problem
547		noted by Neil Rickert of Northern Illinois University.
548	If sendmail is linked against a library that initializes Cyrus-SASL
549		before sendmail did it (such as libnss-ldap), then SMTP AUTH
550		could fail for the sendmail client.  A patch by Moritz Both
551		works around the API design flaw of Cyrus-SASLv2.
552	CONFIG: Make it possible to unset the StatusFile option by
553		undefining STATUS_FILE.  By not setting StatusFile,
554		the MTA will not attempt to open a statistics file on
555		each delivery.
556	CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
557		clients whose IP address does not have proper reverse DNS.
558		Contributed by Neil Rickert of Northern Illinois University
559		and John Beck of Sun Microsystems.
560	CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
561		clients which provide a HELO/EHLO argument which is either
562		unqualified, or is one of our own names (i.e., the server
563		name instead of the client name).  Contributed by Neil
564		Rickert of Northern Illinois University and John Beck of
565		Sun Microsystems.
566	CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
567		(MAIL) whose domain part resolves to a "bad" MX record.
568		Based on contribution from William Dell Wisner.
569	CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
570		the maximum line length of the smtp mailers.
571	CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
572		to allow entries in the access map to be of the form
573			To:user@example.com	RELAY
574	CONFIG: New subsuboptions eoh and data to specify the list of
575		macros a milter should receive at those stages in the
576		SMTP dialogue.
577	CONFIG: New option confHELO_NAME for HeloName to set the name
578		for the HELO/EHLO command.
579	CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
580		messages by using those values as second argument.
581		Patches from Nelson Fung.
582	CONTRIB: cidrexpand uses a hash symbol as comment character and
583		ignores everything after it unless it is in quotes or
584		preceeded by a backslash.
585	DEVTOOLS: New macro confMKDIR: if set to a program that creates
586		directories, then it used for "make install" to create
587		the required installation directories.
588	DEVTOOLS: New macro confCCLINK to specify the linker to use for
589		executables (defaults to confCC).
590	LIBMILTER: A new version of the milter API has been created that
591		has several changes which are listed below and documented
592		in the webpages reachable via libmilter/docs/index.html.
593	LIBMILTER: The meaning of the version macro SMFI_VERSION has been
594		changed.  It now refers only to the version of libmilter,
595		not to the protocol version (which is used only internally,
596		it is not user/milter-programmer visible).  Additionally,
597		a version function smfi_version() has been introduced such
598		that a milter program can check the libmilter version also
599		at runtime which is useful if a shared library is used.
600	LIBMILTER: A new callback xxfi_negotiate() can be used to
601		dynamically (i.e., at runtime) determine the available
602		protocol actions and features of the MTA and also to
603		specify which of these a milter wants to use.  This allows
604		for more flexibility than hardcoding these flags in the
605		xxfi_flags field of the smfiDesc structure.
606	LIBMILTER: A new callback xxfi_data() is available so milters
607		can act on the DATA command.
608	LIBMILTER: A new callback xxfi_unknown() is available so milters
609		can receive also unknown SMTP commands.
610	LIBMILTER: A new return code SMFIS_NOREPLY has been added which
611		can be used by the xxfi_header() callback provided the
612		milter requested the SMFIP_NOHREPL protocol action.
613	LIBMILTER: The new return code SMFIS_SKIP can be used in the
614		xxfi_body() callback to skip over further body chunks
615		and directly advance to the xxfi_eom() callback.  This
616		is useful if a milter can make a decision based on the
617		body chunks it already received without reading the entire
618		rest of the body and the milter wants to invoke functions
619		that are only available from the xxfi_eom() callback.
620	LIBMILTER: A new function smfi_addrcpt_par() can be used to add
621		new recipients including ESMTP parameters.
622	LIBMILTER: A new function smfi_chgfrom() can be used to change the
623		envelope sender including ESMTP parameters.
624	LIBMILTER: A milter can now request to be informed about rejected
625		recipients (RCPT) too.  This requires to set the protocol
626		flag SMFIP_RCPT_REJ during option negotiation.  Whether
627		a RCPT has been rejected can be checked by comparing the
628		value of the macro {rcpt_mailer} with "error".
629	LIBMILTER: A milter can now override the list of macros that it
630		wants to receive from the MTA for each protocol step
631		by invoking the function smfi_setsymlist() during option
632		negotiation.
633	LIBMILTER: A milter can receive header field values with all
634		leading spaces by requesting the SMFIP_HDR_LEADSPC
635		protocol action.  Also, if the flag is set then the MTA
636		does not add a leading space to headers that are added,
637		inserted, or replaced.
638	LIBMILTER: If a milter sets the reply code to "421" for the HELO
639		callback, the SMTP server will terminate the SMTP session
640		with that error to match the behavior of all other callbacks.
641	New Files:
642		cf/feature/badmx.m4
643		cf/feature/block_bad_helo.m4
644		cf/feature/require_rdns.m4
645		devtools/M4/UNIX/check.m4
646		include/sm/misc.h
647		include/sm/sendmail.h
648		include/sm/tailq.h
649		libmilter/docs/smfi_addrcpt_par.html
650		libmilter/docs/smfi_setsymlist.html
651		libmilter/docs/xxfi_data.html
652		libmilter/docs/xxfi_negotiate.html
653		libmilter/docs/xxfi_unknown.html
654		libmilter/example.c
655		libmilter/monitor.c
656		libmilter/worker.c
657		libsm/memstat.c
658		libsm/t-memstat.c
659		libsm/t-qic.c
660		libsm/util.c
661		sendmail/daemon.h
662		sendmail/map.h
663
6648.13.8/8.13.8	2006/08/09
665	Fix a regression in 8.13.7: if shared memory is activated, then
666		the server can erroneously report that there is
667		insufficient disk space.  Additionally make sure that
668		an internal variable is set properly to avoid those
669		misleading errors.  Based on patch from Steve Hubert
670		of University of Washington.
671	Fix a regression in 8.13.7: the PidFile could be removed after
672		the process that forks the daemon exited, i.e., if
673		sendmail -bd is invoked.  Problem reported by Kan Sasaki
674		of Fusion Communications Corp. and Werner Wiethege.
675	Avoid opening qf files if QueueSortOrder is "none".  Patch from
676		David F. Skoll.
677	Avoid a crash when finishing due to referencing a freed variable.
678		Problem reported and diagnosed by Moritz Jodeit.
679	CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4
680		range (0..255).
681	LIBMILTER: The "hostname" argument of the xxfi_connect() callback
682		previously was the equivalent of {client_ptr}.  However,
683		this did not match the documentation of the function, hence
684		it has been changed to {client_name}.  See doc/op/op.*
685		about these macros.
686
6878.13.7/8.13.7	2006/06/14
688	A malformed MIME structure with many parts can cause sendmail to
689		crash while trying to send a mail due to a stack overflow,
690		e.g., if the stack size is limited (ulimit -s).  This
691		happens because the recursion of the function mime8to7()
692		was not restricted.  The function is called for MIME 8 to
693		7 bit conversion and also to enforce MaxMimeHeaderLength.
694		To work around this problem, recursive calls are limited to
695		a depth of MAXMIMENESTING (20); message content after this
696		limit is treated as opaque and is not checked further.
697		Problem noted by Frank Sheiness.
698	The changes to the I/O layer in 8.13.6 caused a regression for
699		SASL mechanisms that use the security layer, e.g.,
700		DIGEST-MD5.  Problem noted by Robert Stampfli.
701	If a timeout occurs while reading a message (during the DATA phase)
702		a df file might have been left behind in the queue.
703		This was another side effect of the changes to the I/O
704		layer made in 8.13.6.
705	Several minor problems have been fixed that were found by a
706		Coverity scan of sendmail 8 as part of the NetBSD
707		distribution. See http://scan.coverity.com/
708		Note: the scan generated also a lot of "false positives",
709		e.g., "error" reports about situations that cannot happen.
710		Most of those code places are marked with lint(1) comments
711		like NOTREACHED, but Coverity does not understand those.
712		Hence an explicit assertion has been added in some cases
713		to avoid those false positives.
714	If the start of the sendmail daemon fails due to a configuration
715		error then in some cases shared memory segments or pid
716		files were not removed.
717	If DSN support is disabled via access_db, then related ESMTP
718		parameters for MAIL and RCPT should be rejected.  Problem
719		reported by Akihiro Sagawa.
720	Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
721		bug work-around.  Hence if sendmail is linked against
722		either of these versions and compression is available,
723		the padding bug work-around is turned off.  Based on
724		patch from Victor Duchovni of Morgan Stanley.
725	CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
726		blackholes.mail-abuse.org as default domain for lookups,
727		however, that list is no longer available.  To avoid
728		further problems, no default value is available anymore,
729		but an argument must be specified.
730	Portability:
731		Fix compilation on OSF/1 for sfsasl.c.  Patch from
732		Pieter Bowman of the University of Utah.
733
7348.13.6/8.13.6	2006/03/22
735	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
736		and client side of sendmail with timeouts in the libsm I/O
737		layer and fix problems in that code.  Also fix handling of
738		a buffer in sm_syslog() which could have been used as an
739		attack vector to exploit the unsafe handling of
740		setjmp(3)/longjmp(3) in combination with signals.
741		Problem detected by Mark Dowd of ISS X-Force.
742	Handle theoretical integer overflows that could triggered if
743		the server accepted headers larger than the maximum
744		(signed) integer value.  This is prevented in the default
745		configuration by restricting the size of a header, and on
746		most machines memory allocations would fail before reaching
747		those values.  Problems found by Phil Brass of ISS.
748	If a server returns 421 for an RSET command when trying to start
749		another transaction in a session while sending mail, do
750		not trigger an internal consistency check.  Problem found
751		by Allan E Johannesen of Worcester Polytechnic Institute.
752	If a server returns a 5xy error code (other than 501) in response
753		to a STARTTLS command despite the fact that it advertised
754		STARTTLS and that the code is not valid according to RFC
755		2487 treat it nevertheless as a permanent failure instead
756		of a protocol error (which has been changed to a
757		temporary error in 8.13.5).  Problem reported by Jeff
758		A. Earickson of Colby College.
759	Clear SMTP state after a HELO/EHLO command.  Patch from John
760		Myers of Proofpoint.
761	Observe MinQueueAge option when gathering entries from the queue
762		for sorting etc instead of waiting until the entries are
763		processed.  Patch from Brian Fundakowski Feldman.
764	Set up TLS session cache to properly handle clients that try to
765		resume a stored TLS session.
766	Properly count the number of (direct) child processes such that
767		a configured value (MaxDaemonChildren) is not exceeded.
768		Based on patch from Attila Bruncsak.
769	LIBMILTER: Remove superfluous backslash in macro definition
770		(libmilter.h).  Based on patch from Mike Kupfer of
771		Sun Microsystems.
772	LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
773		This generates an error message from libmilter on
774		Solaris, though other systems appear to just discard the
775		request silently.
776	LIBMILTER: Deal with sigwait(2) implementations that return
777		-1 and set errno instead of returning an error code
778		directly.  Patch from Chris Adams of HiWAAY Informations
779		Services.
780	Portability:
781		Fix compilation checks for closefrom(3) and statvfs(2)
782		in NetBSD.  Problem noted by S. Moonesamy, patch from
783		Andrew Brown.
784
7858.13.5/8.13.5	2005/09/16
786	Store the filesystem identifier of the df/ subdirectory (if it
787		exists) in an internal structure instead of the base
788		directory.  This structure is used decide whether there
789		is enough free disk space when selecting a queue, hence
790		without this change queue selection could fail if a df/
791		subdirectory exists and is on a different filesystem
792		than the base directory.
793	Use the queue index of the df file (instead of the qf file) for
794		checking whether a link(2) operation can be used to split
795		an envelope across queue groups.  Problem found by
796		Werner Wiethege.
797	If the list of items in the queue is larger than the maximum
798		number of items to process, sort the queue first and
799		then cut the list off instead of the other way around.
800		Patch from Matej Vela of Rudjer Boskovic Institute.
801	Fix helpfile to show full entry for ETRN.  Problem noted by
802		Penelope Fudd, patch from Neil Rickert of Northern Illinois
803		University.
804	FallbackSmartHost should also be tried on temporary errors.
805		From John Beck of Sun Microsystems.
806	When a server responds with 421 to the STARTTLS command then treat
807		it as a temporary error, not as protocol error.  Problem
808		noted by Andrey J. Melnikoff.
809	Properly define two functions in libsm as static because their
810		prototype used static too.  Patch from Peter Klein.
811	Fix syntax errors in helpfile for MAIL and RCPT commands.
812	LIBMILTER: When smfi_replacebody() is called with bodylen equals
813		zero then do not silently ignore that call.  Patch from
814		Gurusamy Sarathy of Active State.
815	LIBMILTER: Recognize "421" also in a multi-line reply to terminate
816		the SMTP session with that error.  Fix from Brian Kantor.
817	Portability: New option HASSNPRINTF which can be set if the OS
818			has a properly working snprintf(3) to get rid
819			of the last two (safe) sprintf(3) calls in the
820			source code.
821		Add support for AIX 5.3.
822		Add support for SunOS 5.11 (aka Solaris 11).
823		Add support for Darwin 8.x.  Patch from Lyndon Nerenberg.
824		OpenBSD 3.7 has removed support for NETISO.
825	CONFIG: Add OSTYPE(freebsd6) for FreeBSD 6.X.
826		Set DontBlameSendmail to AssumeSafeChown and
827			GroupWritableDirPathSafe for OSTYPE(darwin).
828			Patch from Lyndon Nerenberg.
829		Some features still used 4.7.1 as enhanced status code which
830			was supposed to be eliminated in 8.13.0 because some
831			broken systems misinterpret it as a permanent error.
832			Patch from Matej Vela of Rudjer Boskovic Institute.
833		Some default values in a generated cf file did not match
834			the defaults in the sendmail binary.  Problem noted
835			by Mike Pechkin.
836	New Files:
837		cf/ostype/freebsd6.m4
838		devtools/OS/AIX.5.3
839		devtools/OS/Darwin.8.x
840		devtools/OS/SunOS.5.11
841		include/sm/time.h
842
8438.13.4/8.13.4	2005/03/27
844	The bug fixes in 8.13.3 for connection handling uncovered a
845		different error which could result in connections that
846		stay in CLOSE_WAIT state due to a variable that was not
847		properly initialized.  Problem noted by Michael Sims.
848	Deal with empty hostnames in hostsignature().  This bug could lead
849		to an endless loop when doing LMTP deliveries to another
850		host.  Problem first reported by Martin Lathoud and
851		tracked down by Gael Roualland.
852	Make sure return parameters are initialized in getmxrr().  Problem
853		found by Gael Roualland using valgrind.
854	If shared memory is used and the RunAsUser option is set, then the
855		owner and group of the shared memory segment is set to
856		the ids specified RunAsUser and the access mode is set
857		to 0660 to allow for updates by sendmail processes.
858	The number of queue entries that is (optionally) kept in shared
859		memory was wrong in some cases, e.g., envelope splitting
860		and bounce generation.
861	Undo a change made in 8.13.0 to silently truncate long strings
862		in address rewriting because the message can be triggered
863		for header checks where long strings are legitimate.
864		Problem reported by Mary Verge DeSisto, and tracked
865		down with the help of John Beck of Sun Microsystems.
866	The internal stab map did not obey the -m flag.  Patch from
867		Rob McMahon of Warwick University, England.
868	The socket map did not obey the -f flag.  Problem noted by
869		Dan Ringdahl, forwarded by Andrzej Filip.
870	The addition of LDAP recursion in 8.13.0 broke enforcement of
871		the LDAP map -1 argument which tells the MTA to only
872		return success if and only if a single LDAP match is found.
873	Add additional error checks in the MTA for milter communication
874		to avoid a possible segmentation fault.  Based on patch
875		by Joe Maimon.
876	Do not trigger an assertion if X509_digest() returns success but
877		does not assign a value to its output parameter.  Based
878		on patch by Brian Kantor.
879	Add more checks when resetting internal AUTH data (applies only
880		to Cyrus SASL version 2).  Otherwise an SMTP session might
881		be dropped after an AUTH failure.
882	Portability:
883		Add LA_LONGLONG as valid LA_TYPE type for systems that use
884			"long long" to read load average data, e.g.,
885			AIX 5.1 in 32 bit mode.  Note: this has to be set
886			"by hand", it is not (yet) automatically detected.
887			Problem noted by Burak Bilen.
888		Use socklen_t for accept(), etc. on AIX 5.x.  This should
889			fix problems when compiling in 64 bit mode.
890			Problem first reported by Harry Meiert of
891			University of Bremen.
892	New Files:
893		include/sm/sem.h
894		libsm/sem.c
895		libsm/t-sem.c
896
8978.13.3/8.13.3	2005/01/11
898	Enhance handling of I/O errors, especially EOF, when STARTTLS
899		is active.
900	Make sure a connection is not reused after it has been closed
901		due to a 421 error.  Problem found by Allan E Johannesen
902		of Worcester Polytechnic Institute.
903	Avoid triggering an assertion when sendmail is interrupted while
904		closing a connection.  Problem found by Allan E Johannesen
905		of Worcester Polytechnic Institute.
906	Regression: a change in 8.13.2 caused sendmail not to try the
907		next MX host (or FallbackMXhost if configured) when, at
908		connection open, the current server returns a 4xy or 5xy
909		SMTP reply code.  Problem noted by Mark Tranchant.
910
9118.13.2/8.13.2	2004/12/15
912	Do not split the first header even if it exceeds the internal
913		buffer size.  Previously a part of such a header would
914		end up in the body of the message.  Problem noted by
915		Simple Nomad of BindView.
916	Do not complain about "cataddr: string too long" when checking
917		headers that do not contain RFC 2822 addresses.
918		Problem noted by Rich Graves of Brandeis University.
919	If a server returns a 421 reply to the RSET command between
920		message deliveries, do not attempt to deliver any more
921		messages on that connection.  This prevents bogus "Bad
922		file number" recipient status.  Problem noted by
923		Allan E Johannesen of Worcester Polytechnic Institute.
924	Allow trailing white space in EHLO command as recommended by RFC
925		2821.  Problem noted by Ralph Santagato of SBC Services.
926	Deal with clients which use AUTH but negotiate a smaller buffer size
927		for data exchanges than the value used by sendmail, e.g.,
928		Cyrus IMAP lmtp server.  Based on patch by Jamie Clark.
929	When passing ESMTP arguments for RCPT to a milter, do not cut
930		them off at a comma.  Problem noted by Krzysztof Oledzki.
931	Add more logging to milter change header functions to
932		complement existing logging.  Based on patch from
933		Gurusamy Sarathy of Active State.
934	Include <lber.h> in include/sm/config.h when LDAPMAP is defined.
935		Patch from Edgar Hoch of the University of Stuttgart.
936	Fix DNS lookup if IPv6 is enabled when converting an IP address
937		to a hostname for use with SASL.  Problem noted by Ken Jones;
938		patch from Hajimu UMEMOTO.
939	CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog
940		mailer.  Patch from John Beck of Sun Microsystems.
941	LIBMILTER: It was possible that xxfi_abort() was called after
942		xxfi_eom() for a message if some timeouts were triggered.
943		Patch from Alexey Kravchuk.
944	LIBMILTER: Slightly rearrange mutex use in listener.c to allow
945		different threads to call smfi_opensocket() and smfi_main().
946		Patch from Jordan Ritter of Cloudmark.
947	MAIL.LOCAL: Properly terminate MBDB before exiting.  Problem
948		noted by Nelson Fung.
949	MAIL.LOCAL: make strip-mail.local used a wrong path to access
950		mail.local.  Problem noted by William Park.
951	VACATION: Properly terminate MBDB before exiting.  Problem noted
952		by Nelson Fung.
953	Portability:
954		Add support for DragonFly BSD.
955	New Files:
956		cf/ostype/dragonfly.m4
957		devtools/OS/DragonFly
958		include/sm/os/sm_os_dragonfly.h
959	Deleted Files:
960		libsm/vsscanf.c
961
9628.13.1/8.13.1	2004/07/30
963	Using the default AliasFile ldap: specification would cause the
964		objectClasses of the LDAP response to be included in the
965		alias expansion.  Problem noted by Brenden Conte of
966		Rensselaer Polytechnic Institute.
967	Fix support for a fallback smart host for system where DNS is
968		(partially) available. From John Beck of Sun Microsystems.
969	Fix SuperSafe=PostMilter behavior when a milter replaces a body
970		but the data file is not yet stored on disk because it is
971		smaller than the size of the memory buffer.  Problem noted
972		by David Russell.
973	Fix certificate revocation list support; if a CRL was specified
974		but the other side presented a cert that was signed by
975		a different (trusted) CA than the one which issued the CRL,
976		verification would always fail.  Problem noted by Al Smith.
977	Run mailer programs as the RunAsUser when RunAsUser is set and
978		the F=S mailer flag is set without a U= mailer equate.
979		Problem noted by John Gardiner Myers of Proofpoint.
980	${nbadrcpts} was off by one if BadRcptThrottle is zero.
981		Patch from Sung-hoon Choi of DreamWiz Inc.
982	CONFIG: Emit a warning if FEATURE(`access_db') is used after
983		FEATURE(`greet_pause') because then the latter will not
984		use the access map.  Note: if no default value is given
985		for FEATURE(`greet_pause') then it issues an error if
986		FEATURE(`access_db') is not specified before it.
987		Problem noted by Alexander Dalloz of University of
988		Bielefeld.
989	CONFIG: Invoke ruleset Local_greet_pause if FEATURE(`greet_pause')
990		is used to give more flexibility for local changes.
991	Portability:
992		Fix a 64 bit problem in the socket map code.  Problem
993			noted by Geoff Adams.
994		NetBSD 2.0F has closefrom(3).  Patch from Andrew Brown.
995		NetBSD can use sysctl(3) to get the number of CPUs in
996			a system.  Patch from Andrew Brown.
997		Add a README file in doc/op/ to explain potential
998			incompatibilities with various *roff related
999			tools.  Problem tracked down by Per Hedeland.
1000	New Files:
1001		doc/op/README
1002
10038.13.0/8.13.0	2004/06/20
1004	Do not include AUTH data in a bounce to avoid leaking confidential
1005		information.  See also cf/README about MSP and the section
1006		"Providing SMTP AUTH Data when sendmail acts as Client".
1007		Problem noted by Neil Rickert of Northern Illinois
1008		University.
1009	Fix compilation error in libsm/clock.c for -D_FFR_SLEEP_USE_SELECT=n
1010		and -DSM_CONF_SETITIMER=0.  Problem noted by Juergen Georgi
1011		of RUS University of Stuttgart.
1012	Fix bug in conversion from 8bit to quoted-printable. Problem found
1013		by Christof Haerens, patch from Per Hedeland.
1014	Add support for LDAP recursion based on types given to attribute
1015		specifications in an LDAP map definition.  This allows
1016		LDAP queries to return a new query, a DN, or an LDAP
1017		URL which will in turn be queried.  See the ``LDAP
1018		Recursion'' section of doc/op/op.me for more information.
1019		Based on patch from Andrew Baucom.
1020	Extend the default LDAP specifications for AliasFile
1021		(O AliasFile=ldap:) and file classes (F{X}@LDAP) to
1022		include support for LDAP recursion via new attributes.
1023		See ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section
1024		of cf/README for more information.
1025	New option for LDAP maps: the -w option allows you to specify the
1026		LDAP API/protocol version to use.  The default depends on
1027		the LDAP library.
1028	New option for LDAP maps: the -H option allows you to specify an
1029		LDAP URI instead of specifying the LDAP server via -h host
1030		and -p port.  This also allows for the use of LDAP over
1031		SSL and connections via named sockets if your LDAP
1032		library supports it.
1033	New compile time flag SM_CONF_LDAP_INITIALIZE: set this if
1034		ldap_initialize(3) is available (and LDAPMAP is set).
1035	If MaxDaemonChildren is set and a command is repeated too often
1036		during a SMTP session then terminate it just like it is
1037		done for too many bad SMTP commands.
1038	Basic connection rate control support has been added: the daemon
1039		maintains the number of incoming connections per client
1040		IP address and total in the macros {client_rate} and
1041		{total_rate}, respectively.  These macros can be used
1042		in the cf file to impose connection rate limits.
1043		A new option ConnectionRateWindowSize (default: 60s)
1044		determines the length of the interval for which the
1045		number of connections is stored.  Based on patch from
1046		Jose Marcio Martins da Cruz, Ecole des Mines de Paris.
1047	Add optional protection from open proxies and SMTP slammers which
1048		send SMTP traffic without waiting for the SMTP greeting.
1049		If enabled by the new ruleset greet_pause (see
1050		FEATURE(`greet_pause')), sendmail will wait the specified
1051		amount of time before sending the initial 220 SMTP
1052		greeting.  If any traffic is received before then, a 554
1053		SMTP response is sent and all SMTP commands are rejected
1054		during that connection.
1055	If 32 NOOP (or unknown/bad) commands are issued by a client the SMTP
1056		server could sleep for a very long time.  Fix based on
1057		patch from Tadashi Kobayashi of IIJ.
1058	Fix a potential memory leak in persistent queue runners if the
1059		number of entries in the queue exceeds the limit of jobs.
1060		Problem noted by Steve Hubert of University of Washington.
1061	Do not use 4.7.1 as enhanced status code because some broken systems
1062		misinterpret it as a permanent error.
1063	New value for SuperSafe: PostMilter which will delay fsync() until
1064		all milters accepted the mail.  This can increase
1065		performance if many mails are rejected by milters due to
1066		body scans.  Based on patch from David F. Skoll.
1067	New macro {msg_id} which contains the value of the Message-Id:
1068		header, whether provided by the client or generated by
1069		sendmail.
1070	New macro {client_connections} which contains the number of open
1071		connections in the SMTP server for the client IP address.
1072		Based on patch from Jose Marcio Martins da Cruz, Ecole des
1073		Mines de Paris.
1074	sendmail will now remove its pidfile when it exits.  This was done
1075		to prevent confusion caused by running sendmail stop
1076		scripts two or more times, where the second and subsequent
1077		runs would report misleading error messages about sendmail's
1078		pid no longer existing.  See section 1.3.15 of doc/op/op.me
1079		for a discussion of the implications of this, including
1080		how to correct broken scripts which may have depended on
1081		the old behavior.  From John Beck of Sun Microsystems.
1082	Support per-daemon input filter lists which override the default
1083		filter list specified in InputMailFilters.  The filters
1084		can be listed in the I= equate of DaemonPortOptions.
1085	Do not add all domain prefixes of the hostname to class 'w'.  If
1086		your configuration relies on this behavior, you have to
1087		add those names to class 'w' yourself.  Problem noted
1088		by Sander Eerkes.
1089	Support message quarantining in the mail queue.  Quarantined
1090		messages are not run on normal queue displays or runs
1091		unless specifically requested with -qQ.  Quarantined queue
1092		files are named with an hf prefix instead of a qf prefix.
1093	The -q command line option now can specify which queue to display
1094		or run.  -qQ operates on quarantined queue items.  -qL
1095		operates on lost queue items.
1096	Restricted mail queue runs and displays can be done based on the
1097		quarantined reason using -qQtext to run or display
1098		quarantined items if the quarantine reason contains the
1099		given text.  Similarly, -q!Qtext will run or display
1100		quarantined items which do not have the given text in the
1101		quarantine reason.
1102	Items in the queue can be quarantined or unquarantined using the
1103		new -Q option.  See doc/op/op.me for more information.
1104	When displaying the quarantine mailq with 'mailq -qQ', the
1105		quarantine reason is shown in a new line prefixed by
1106		"QUARANTINE:".
1107	A new error code for the $#error mailer, $@ quarantine, can be used
1108		to quarantine messages in check_* (except check_compat) and
1109		header check rulesets.  The $: of the mailer triplet will
1110		be used for the quarantine reason.
1111	Add a new quarantine count to the mailstats collected.
1112	Add a new macro ${quarantine} which is the quarantine reason for a
1113		message if it is quarantined.
1114	New map type "socket" for a trivial query protocol over UNIX domain
1115		or TCP sockets (requires compile time option SOCKETMAP).
1116		See sendmail/README and doc/op/op.me for details as well as
1117		socketmapServer.pl and socketmapClient.pl in contrib.
1118		Code donated by Bastiaan Bakker of LifeLine Networks.
1119	Define new macro ${client_ptr} which holds the result of the PTR
1120		lookup for the client IP address.  Note: this is the same
1121		as ${client_name} if and only if ${client_resolve} is OK.
1122	Add a new macro ${nbadrcpts} which contains the number of bad
1123		recipients received so far in a transaction.
1124	Call check_relay with the value of ${client_name} to deal with bogus
1125		DNS entries.  See also FEATURE(`use_client_ptr').  Problem
1126		noted by Kai Schlichting.
1127	Treat Delivery-Receipt-To: headers the same as Return-Receipt-To:
1128		headers (turn them into DSNs).  Delivery-Receipt-To: is
1129		apparently used by SIMS (Sun Internet Mail System).
1130	Enable connection caching for LPC mailers.  Patch from Christophe
1131		Wolfhugel of France Telecom Oleane.
1132	Do not silently truncate long strings in address rewriting.
1133	Add support for Cyrus SASL version 2.  From Kenneth Murchison of
1134		Oceana Matrix Ltd.
1135	Add a new AuthOption=m flag to require the use of mechanisms which
1136		support mutual authentication.  From Kenneth Murchison of
1137		Oceana Matrix Ltd.
1138	Fix logging of TLS related problems (introduced in 8.12.11).
1139	The macros {auth_author} and {auth_authen} are stored in xtext
1140		format just like the STARTTLS related macros to avoid
1141		problems with parsing them.  Problem noted by Pierangelo
1142		Masarati of SysNet s.n.c.
1143	New option AuthRealm to set the authentication realm that is
1144		passed to the Cyrus SASL library.  Patch from Gary Mills
1145		of the University of Manitoba.
1146	Enable AUTH mechanism EXTERNAL if STARTTLS verification was
1147		successful, otherwise relaying would be allowed if
1148		EXTERNAL is listed in TRUST_AUTH_MECH() and STARTTLS
1149		is active.
1150	Add basic support for certificate revocation lists.  Note: if a
1151		CRLFile is specified but the file is unusable, STARTTLS
1152		is disabled.  Based on patch by Ralf Hornik.
1153	Enable workaround for inconsistent Cyrus SASLv1 API for mechanisms
1154		DIGEST-MD5 and LOGIN.
1155	Write pid to file also if sendmail only acts as persistent queue
1156		runner.  Proposed by Gary Mills of the University of Manitoba.
1157	Keep daemon pid file(s) locked so other daemons don't try to
1158		overwrite each other's pid files.
1159	Increase maximum length of logfile fields for {cert_subject} and
1160		{cert_issuer} from 128 to 256.  Requested by Christophe
1161		Wolfhugel of France Telecom.
1162	Log the TLS verification message on the STARTTLS= log line at
1163		LogLevel 12 or higher.
1164	If the MSP is invoked with the verbose option (-v) then it will
1165		try to use the SMTP command VERB to propagate this option
1166		to the MTA which in turn will show the delivery just like
1167		it was done before the default 8.12 separation of MSP and
1168		MTA.  Based on patch by Per Hedeland.
1169	If a daemon is refusing connections for longer than the time specified
1170		by the new option RejectLogInterval (default: 3 hours) due
1171		to high load, log this information.  Patch from John Beck
1172		of Sun Microsystems.
1173	Remove the ability for non-trusted users to raise the value of
1174		CheckpointInterval on the command line.
1175	New mailer flag 'B' to strip leading backslashes, which is a
1176		subset of the functionality of the 's' flag.
1177	New mailer flag 'W' to ignore long term host status information.
1178		Patch from Juergen Georgi of RUS University of Stuttgart.
1179	Enable generic mail filter API (milter) by default.  To turn
1180		it off, add -DMILTER=0 to the compile time options.
1181	An internal SMTP session discard flag was lost after an RSET/HELO/EHLO
1182		causing subsequent messages to be sent instead of being
1183		discarded.  This also caused milter callbacks to be called
1184		out of order after the SMTP session was reset.
1185	New option RequiresDirfsync to turn off the compile time flag
1186		REQUIRES_DIR_FSYNC at runtime.  See sendmail/README for
1187		further information.
1188	New command line option -D logfile to send debug output to
1189		the indicated log file instead of stdout.
1190	Add Timeout.queuereturn.dsn and Timeout.queuewarn.dsn to control
1191		queue return and warning times for delivery status
1192		notifications.
1193	New queue sort order option: 'n'one for not sorting the queue entries
1194		at all.
1195	Several more return values for ruleset srv_features have been added
1196		to enable/disable certain features in the server per
1197		connection.  See doc/op/op.me for details.
1198	Support for SMTP over SSL (smtps), activated by Modifier=s
1199		for DaemonPortOptions.
1200	Continue with DNS lookups on ECONNREFUSED and TRY_AGAIN when
1201		trying to canonify hostnames.  Suggested by Neil Rickert
1202		of Northern Illinois University.
1203	Add support for a fallback smart host (option FallbackSmartHost) to
1204		be tried as a last resort after all other fallbacks.  This
1205		is designed for sites with partial DNS (e.g., an accurate
1206		view of inside the company, but an incomplete view of
1207		outside).  From John Beck of Sun Microsystems.
1208	Enable timeout for STARTTLS even if client does not start the TLS
1209		handshake.  Based on patch by Andrey J. Melnikoff.
1210	Remove deprecated -v option for PH map, use -k instead.  Patch from
1211		Mark Roth of the University of Illinois at Urbana-Champaign.
1212	libphclient is version 1.2.x by default, if version 1.1.x is required
1213		then compile with -DNPH_VERSION=10100.  Patch from Mark Roth
1214		of the University of Illinois at Urbana-Champaign.
1215	Add Milter.macros.eom, allowing macros to be sent to milter
1216		applications for use in the xxfi_eom() callback.
1217	New macro {time} which contains the output of the time(3) function,
1218		i.e., the number of seconds since 0 hours, 0 minutes,
1219		0 seconds, January 1, 1970, Coordinated Universal Time (UTC).
1220	If check_relay sets the reply code to "421" the SMTP server will
1221		terminate the SMTP session with a 421 error message.
1222	Get rid of dead code that tried to access the environment variable
1223		HOSTALIASES.
1224	Deprecate the use of ErrorMode=write.  To enable this in 8.13
1225		compile with -DUSE_TTYPATH=1.
1226	Header check rulesets using $>+ (do not strip comments) will get
1227		the header value passed in without balancing quotes,
1228		parentheses, and angle brackets.  Based on patch from
1229		Oleg Bulyzhin.
1230	Do not complain and fix up unbalanced quotes, parentheses, and
1231		angle brackets when reading in rulesets.  This allows
1232		rules to be written for header checks to catch strings
1233		that contain quotes, parentheses, and/or angle brackets.
1234		Based on patch from Oleg Bulyzhin.
1235	Do not close socket when accept(2) in the daemon encounters
1236		some temporary errors like ECONNABORTED.
1237	Added list of CA certificates that are used by members of the
1238		sendmail consortium, see CACerts.
1239	Portability:
1240		Two new compile options have been added:
1241			HASCLOSEFROM	System has closefrom(3).
1242			HASFDWALK	System has fdwalk(3).
1243			Based on patch from John Beck of Sun Microsystems.
1244		The Linux kernel version 2.4 series has a broken flock() so
1245			change to using fcntl() locking until they can fix
1246			it.  Be sure to update other sendmail related
1247			programs to match locking techniques.
1248		New compile time option NEEDINTERRNO which should be set
1249			if <errno.h> does not declare errno itself.
1250		Support for UNICOS/mk and UNICOS/mp added, some changes for
1251			UNICOS.  Patches contributed by Aaron Davis and
1252			Brian Ginsbach, Cray Inc., and Manu Mahonen of
1253			Center for Scientific Computing.
1254		Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
1255		Extend support to Darwin 7.x/Mac OS X 10.3 (a.k.a. Panther).
1256		Remove path from compiler definition for Interix because
1257			Interix 3.0 and 3.5 put gcc in different locations.
1258			Also use <sys/mkdev.h> to get the correct
1259			major()/minor() definitions.  Based on feedback
1260			from Mark Funkenhauser.
1261	CONFIG: Add support for LDAP recursion to the default LDAP searches
1262		for maps via new attributes.  See the ``USING LDAP FOR
1263		ALIASES, MAPS, and CLASSES'' section of cf/README and
1264		cf/sendmail.schema for more information.
1265	CONFIG: Make sure confTRUSTED_USER is valid even if confRUN_AS_USER
1266		is of the form "user:group" when used for submit.mc.
1267		Problem noted by Carsten P. Gehrke, patch from Neil Rickert
1268		of Northern Illinois University.
1269	CONFIG: Add a new access DB value of QUARANTINE:reason which
1270		instructs the check_* (except check_compat) to quarantine
1271		the message using the given reason.
1272	CONFIG: Use "dns -R A" as map type for dnsbl (just as for enhdnsbl)
1273		instead of "host" to avoid problem with looking up other
1274		DNS records than just A.
1275	CONFIG: New option confCONNECTION_RATE_WINDOW_SIZE to define the
1276		length of the interval for which the number of incoming
1277		connections is maintained.
1278	CONFIG: New FEATURE(`ratecontrol') to set the limits for connection
1279		rate control for individual hosts or nets.
1280	CONFIG: New FEATURE(`conncontrol') to set the limits for the
1281		number of open SMTP connections for individual hosts or nets.
1282	CONFIG: New FEATURE(`greet_pause') enables open proxy and SMTP
1283		slamming protection described above.  The feature can
1284		take an argument specifying the milliseconds to wait and/or
1285		use the access database to look the pause time based on
1286		client hostname, domain, IP address, or subnet.
1287	CONFIG: New FEATURE(`use_client_ptr') to have check_relay use
1288		$&{client_ptr} as its first argument.  This is useful for
1289		rejections based on the unverified hostname of client,
1290		which turns on the same behavior as in earlier sendmail
1291		versions when delay_checks was not in use.  See also entry
1292		above about check_relay being invoked with ${client_name}.
1293	CONFIG: New option confREJECT_LOG_INTERVAL to specify the log
1294		interval when refusing connections for this long.
1295	CONFIG: Remove quotes around usage of confREJECT_MSG; in some cases
1296		this requires a change in a mc file.  Requested by
1297		Ted Roberts of Electronic Data Systems.
1298	CONFIG: New option confAUTH_REALM to set the authentication realm
1299		that is passed to the Cyrus SASL library.  Patch from
1300		Gary Mills of the University of Manitoba.
1301	CONFIG: Rename the (internal) classes {tls}/{src} to {Tls}/{Src}
1302		to follow the naming conventions.
1303	CONFIG: Add a third optional argument to local_lmtp to specify
1304		the A= argument.
1305	CONFIG: Remove the f flag from the default mailer flags of
1306		local_lmtp.
1307	CONFIG: New option confREQUIRES_DIR_FSYNC to turn off the compile
1308		time flag REQUIRES_DIR_FSYNC at runtime.
1309	CONFIG: New LOCAL_UUCP macro to insert rules into the generated
1310		cf file at the same place where MAILER(`uucp') inserts
1311		its rules.
1312	CONFIG: New options confTO_QUEUERETURN_DSN and confTO_QUEUEWARN_DSN
1313		to control queue return and warning times for delivery
1314		status notifications.
1315	CONFIG: New option confFALLBACK_SMARTHOST to define FallbackSmartHost.
1316	CONFIG: Add the mc file which has been used to create the cf
1317		file to the end of the cf file when using make in cf/cf/.
1318		Patch from Richard Rognlie.
1319	CONFIG: FEATURE(nodns) has been removed, it was a no-op since 8.9.
1320		Use ServiceSwitchFile to turn off DNS lookups, see
1321		doc/op/op.me.
1322	CONFIG: New option confMILTER_MACROS_EOM (sendmail Milter.macros.eom
1323		option) defines macros to be sent to milter applications for
1324		use in the xxfi_eom() callback.
1325	CONFIG: New option confCRL to specify file which contains
1326		certificate revocations lists.
1327	CONFIG: Add a new value (sendertoo) for the third argument to
1328		FEATURE(`ldap_routing') which will reject the SMTP
1329		MAIL From: command if the sender address doesn't exist
1330		in LDAP.  See cf/README for more information.
1331	CONFIG: Add a fifth argument to FEATURE(`ldap_routing') which
1332		instructs the rulesets on whether or not to do a domain
1333		lookup if a full address lookup doesn't match.  See cf/README
1334		for more information.
1335	CONFIG: Add a sixth argument to FEATURE(`ldap_routing') which
1336		instructs the rulesets on whether or not to queue the mail
1337		or give an SMTP temporary error if the LDAP server can't be
1338		reached.  See cf/README for more information.  Based on
1339		patch from Billy Ray Miller of Caterpillar.
1340	CONFIG: Experimental support for MTAMark, see cf/README for details.
1341	CONFIG: New option confMESSAGEID_HEADER to define a different
1342		Message-Id: header format.  Patch from Bastiaan Bakker
1343		of LifeLine Networks.
1344	CONTRIB: New version of cidrexpand which uses Net::CIDR.  From
1345		Derek J. Balling.
1346	CONTRIB: oldbind.compat.c has been removed due to security problems.
1347		Found by code inspection done by Reasoning, Inc.
1348	DEVTOOLS: Add an example file for devtools/Site/, contributed
1349		by Neil Rickert of Northern Illinois University.
1350	LIBMILTER: Add new function smfi_quarantine() which allows the
1351		filter's EOM routine to quarantine the current message.
1352		Filters which use this function must include the
1353		SMFIF_QUARANTINE flag in the registered smfiDesc structure.
1354	LIBMILTER: If a milter sets the reply code to "421", the SMTP server
1355		will terminate the SMTP session with that error.
1356	LIBMILTER: Upon filter shutdown, libmilter will not remove a
1357		named socket in the file system if it is running as root.
1358	LIBMILTER: Add new function smfi_progress() which allows the filter
1359		to notify the MTA that an EOM operation is still in progress,
1360		resetting the timeout.
1361	LIBMILTER: Add new function smfi_opensocket() which allows the filter
1362		to attempt to establish the interface socket, and detect
1363		failure to do so before calling smfi_main().
1364	LIBMILTER: Add new function smfi_setmlreply() which allows the
1365		filter to return a multi-line SMTP reply.
1366	LIBMILTER: Deal with more temporary errors in accept() by ignoring
1367		them instead of stopping after too many occurred.
1368		Suggested by James Carlson of Sun Microsystems.
1369	LIBMILTER: Fix a descriptor leak in the sample program found in
1370		docs/sample.html.  Reported by Dmitry Adamushko.
1371	LIBMILTER: The sample program also needs to use SMFIF_ADDRCPT.
1372		Reported by Carl Byington of 510 Software Group.
1373	LIBMILTER: Document smfi_stop() and smfi_setdbg().  Patches
1374		from Bryan Costales.
1375	LIBMILTER: New compile time option SM_CONF_POLL; define this if
1376		poll(2) should be used instead of select(2).
1377	LIBMILTER: New function smfi_insheader() and related protocol
1378		amendments to support header insertion operations.
1379	MAIL.LOCAL: Add support for hashed mail directories, see
1380		mail.local/README.  Contributed by Chris Adams of HiWAAY
1381		Informations Services.
1382	MAILSTATS: Display quarantine message counts.
1383	MAKEMAP: Add new flag -D to specify the comment character to use
1384		instead of '#'.
1385	VACATION: Add new flag -j to auto-respond to messages regardless of
1386		whether or not the recipient is listed in the To: or Cc:
1387		headers.
1388	VACATION: Add new flag -R to specify the envelope sender address
1389		for the auto-response message.
1390	New Files:
1391		CACerts
1392		cf/feature/conncontrol.m4
1393		cf/feature/greet_pause.m4
1394		cf/feature/mtamark.m4
1395		cf/feature/ratecontrol.m4
1396		cf/feature/use_client_ptr.m4
1397		cf/ostype/unicos.m4
1398		cf/ostype/unicosmk.m4
1399		cf/ostype/unicosmp.m4
1400		contrib/socketmapClient.pl
1401		contrib/socketmapServer.pl
1402		devtools/OS/Darwin.7.0
1403		devtools/OS/UNICOS-mk
1404		devtools/OS/UNICOS-mp
1405		devtools/Site/site.config.m4.sample
1406		include/sm/os/sm_os_unicos.h
1407		include/sm/os/sm_os_unicosmk.h
1408		include/sm/os/sm_os_unicosmp.h
1409		libmilter/docs/smfi_insheader.html
1410		libmilter/docs/smfi_progress.html
1411		libmilter/docs/smfi_quarantine.html
1412		libmilter/docs/smfi_setdbg.html
1413		libmilter/docs/smfi_setmlreply.html
1414		libmilter/docs/smfi_stop.html
1415		sendmail/ratectrl.c
1416	Deleted Files:
1417		cf/feature/nodns.m4
1418		contrib/oldbind.compat.c
1419		devtools/OS/CRAYT3E.2.0.x
1420		devtools/OS/CRAYTS.10.0.x
1421		libsm/vsprintf.c
1422	Renamed Files:
1423		devtools/OS/Darwin.7.0 => devtools/OS/Darwin.7.x
1424
14258.12.11/8.12.11	2004/01/18
1426	Use QueueFileMode when opening qf files.  This error was a
1427		regression in 8.12.10.  Problem detected and diagnosed
1428		Lech Szychowski of the Polish Power Grid Company.
1429	Properly count the number of queue runners in a work group and
1430		make sure the total limit of MaxQueueChildren is not
1431		exceeded.  Based on patch from Takayuki Yoshizawa of
1432		Techfirm, Inc.
1433	Take care of systems that can generate time values where the
1434		seconds can exceed the usual range of 0 to 59.
1435		Problem noted by Randy Diffenderfer of EDS.
1436	Avoid regeneration of identical queue identifiers by processes
1437		whose process id is the same as that of the initial
1438		sendmail process that was used to start the daemon.
1439		Problem noted by Randy Diffenderfer of EDS.
1440	When a milter invokes smfi_delrcpt() compare the supplied
1441		recipient address also against the printable addresses
1442		of the current list to deal with rewritten addresses.
1443		Based on patch from Sean Hanson of The Asylum.
1444	BadRcptThrottle now also works for addresses which return the
1445		error mailer, e.g., virtusertable entries with the
1446		right hand side error:.  Patch from Per Hedeland.
1447	Fix printing of 8 bit characters as octals in log messages.
1448		Based on patch by Andrey J. Melnikoff.
1449	Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit
1450		text that has been introduced in 8.12.3.  There are some
1451		examples where the new code fails, but the old code works.
1452		To get the 8.12.3-8.12.10 version, compile sendmail with
1453		-DMIME7TO8_OLD=0.  If you have an example of improper
1454		7 to 8 bit conversion please send it to us.
1455	Return normal error code for unknown SMTP commands instead of
1456		the one specified by check_relay or a milter for a
1457		connection.  Problem noted by Andrzej Filip.
1458	Some ident responses contain data after the terminating CRLF which
1459		causes sendmail to log "POSSIBLE ATTACK...newline in string".
1460		To avoid this everything after LF is ignored.
1461	If the operating system supports O_EXLOCK and HASFLOCK is set
1462		then a possible race condition for creating qf files
1463		can be avoided.  Note: the race condition does not
1464		exist within sendmail, but between sendmail and an
1465		external application that accesses qf files.
1466	Log the proper options name for TLS related mising files for
1467		the CACertPath, CACertFile, and DHParameters options.
1468	Do not split an envelope if it will be discarded, otherwise df
1469		files could be left behind.  Problem found by Wolfgang
1470		Breyha.
1471	The use of the environment variables HOME and HOSTALIASES has been
1472		deprecated and will be removed in version 8.13.  This only
1473		effects configuration which preserve those variable via the
1474		'E' command in the cf file as sendmail clears out its entire
1475		environment.
1476	Portability:
1477		Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
1478		Solaris 10 has unsetenv(), patch from Craig Mohrman of
1479			Sun Microsystems.
1480	LIBMILTER: Add extra checks in case a broken MTA sends bogus data
1481		to libmilter.  Based on code review by Rob Grzywinski.
1482	SMRSH: Properly assemble commands that contain '&&' or '||'.
1483		Problem noted by Eric Lee of Talking Heads.
1484	New Files:
1485		devtools/OS/Darwin.7.0
1486
14878.12.10/8.12.10	2003/09/24 (Released: 2003/09/17)
1488	SECURITY: Fix a buffer overflow in address parsing.  Problem
1489		detected by Michal Zalewski, patch from Todd C. Miller
1490		of Courtesan Consulting.
1491	Fix a potential buffer overflow in ruleset parsing.  This problem
1492		is not exploitable in the default sendmail configuration;
1493		only if non-standard rulesets recipient (2), final (4), or
1494		mailer-specific envelope recipients rulesets are used then
1495		a problem may occur.  Problem noted by Timo Sirainen.
1496	Accept 0 (and 0/0) as valid input for set MaxMimeHeaderLength.
1497		Problem noted by Thomas Schulz.
1498	Add several checks to avoid (theoretical) buffer over/underflows.
1499	Properly count message size when performing 7->8 or 8->7 bit MIME
1500		conversions.  Problem noted by Werner Wiethege.
1501	Properly compute message priority based on size of entire message,
1502		not just header.  Problem noted by Axel Holscher.
1503	Reset SevenBitInput to its configured value between SMTP
1504		transactions for broken clients which do not properly
1505		announce 8 bit data.  Problem noted by Stefan Roehrich.
1506	Set {addr_type} during queue runs when processing recipients.
1507		Based on patch from Arne Jansen.
1508	Better error handling in case of (very unlikely) queue-id conflicts.
1509	Perform better error recovery for address parsing, e.g., when
1510		encountering a comment that is too long.  Problem noted by
1511		Tanel Kokk, Union Bank of Estonia.
1512	Add ':' to the allowed character list for bogus HELO/EHLO
1513		checking.  It is used for IPv6 domain literals.  Patch from
1514		Iwaizako Takahiro of FreeBit Co., Ltd.
1515	Reset SASL connection context after a failed authentication attempt.
1516		Based on patch from Rob Siemborski of CMU.
1517	Check Berkeley DB compile time version against run time version
1518		to make sure they match.
1519	Do not attempt AAAA (IPv6) DNS lookups if IPv6 is not enabled
1520		in the kernel.
1521	When a milter adds recipients and one of them causes an error,
1522		do not ignore the other recipients.  Problem noted by
1523		Bart Duchesne.
1524	CONFIG: Use specified SMTP error code in mailertable entries which
1525		lack a DSN, i.e., "error:### Text".  Problem noted by
1526		Craig Hunt.
1527	CONFIG: Call Local_trust_auth with the correct argument.  Patch
1528		from Jerome Borsboom.
1529	CONTRIB: Better handling of temporary filenames for doublebounce.pl
1530		and expn.pl to avoid file overwrites, etc.  Patches from
1531		Richard A. Nelson of Debian and Paul Szabo.
1532	MAIL.LOCAL: Fix obscure race condition that could lead to an
1533		improper mailbox truncation if close() fails after the
1534		mailbox is fsync()'ed and a new message is delivered
1535		after the close() and before the truncate().
1536	MAIL.LOCAL: If mail delivery fails, do not leave behind a
1537		stale lockfile (which is ignored after the lock timeout).
1538		Patch from Oleg Bulyzhin of Cronyx Plus LLC.
1539	Portability:
1540		Port for AIX 5.2.  Thanks to Steve Hubert of University
1541			of Washington for providing access to a computer
1542			with AIX 5.2.
1543		setreuid(2) works on OpenBSD 3.3.  Patch from
1544			Todd C. Miller of Courtesan Consulting.
1545		Allow for custom definition of SMRSH_CMDDIR and SMRSH_PATH
1546			on all operating systems.  Patch from Robert Harker
1547			of Harker Systems.
1548		Use strerror(3) on Linux.  If this causes a problem on
1549			your Linux distribution, compile with
1550			-DHASSTRERROR=0 and tell sendmail.org about it.
1551	Added Files:
1552		devtools/OS/AIX.5.2
1553
15548.12.9/8.12.9	2003/03/29
1555	SECURITY: Fix a buffer overflow in address parsing due to
1556		a char to int conversion problem which is potentially
1557		remotely exploitable.  Problem found by Michal Zalewski.
1558		Note: an MTA that is not patched might be vulnerable to
1559		data that it receives from untrusted sources, which
1560		includes DNS.
1561	To provide partial protection to internal, unpatched sendmail MTAs,
1562		8.12.9 changes by default (char)0xff to (char)0x7f in
1563		headers etc.  To turn off this conversion compile with
1564		-DALLOW_255 or use the command line option -d82.101.
1565	To provide partial protection for internal, unpatched MTAs that may be
1566		performing 7->8 or 8->7 bit MIME conversions, the default
1567		for MaxMimeHeaderLength has been changed to 2048/1024.
1568		Note: this does have a performance impact, and it only
1569		protects against frontal attacks from the outside.
1570		To disable the checks and return to pre-8.12.9 defaults,
1571		set MaxMimeHeaderLength to 0/0.
1572	Do not complain about -ba when submitting mail.  Problem noted
1573		by Derek Wueppelmann.
1574	Fix compilation with Berkeley DB 1.85 on systems that do not
1575		have flock(2).  Problem noted by Andy Harper of Kings
1576		College London.
1577	Properly initialize data structure for dns maps to avoid various
1578		errors, e.g., looping processes.  Problem noted by
1579		Maurice Makaay of InterNLnet B.V.
1580	CONFIG: Prevent multiple application of rule to add smart host.
1581		Patch from Andrzej Filip.
1582	CONFIG: Fix queue group declaration in MAILER(`usenet').
1583	CONTRIB: buildvirtuser: New option -t builds the virtusertable
1584		text file instead of the database map.
1585	Portability:
1586		Revert wrong change made in 8.12.7 and actually use the
1587			builtin getopt() version in sendmail on Linux.
1588			This can be overridden by using -DSM_CONF_GETOPT=0
1589			in which case the OS supplied version will be used.
1590
15918.12.8/8.12.8	2003/02/11
1592	SECURITY: Fix a remote buffer overflow in header parsing by
1593		dropping sender and recipient header comments if the
1594		comments are too long.  Problem noted by Mark Dowd
1595		of ISS X-Force.
1596	Fix a potential non-exploitable buffer overflow in parsing the
1597		.cf queue settings and potential buffer underflow in
1598		parsing ident responses.  Problem noted by Yichen Xie of
1599		Stanford University Compilation Group.
1600	Fix ETRN #queuegroup command: actually start a queue run for
1601		the selected queue group.  Problem noted by Jos Vos.
1602	If MaxMimeHeaderLength is set and a malformed MIME header is fixed,
1603		log the fixup as "Fixed MIME header" instead of "Truncated
1604		MIME header".  Problem noted by Ian J Hart.
1605	CONFIG: Fix regression bug in proto.m4 that caused a bogus
1606		error message: "FEATURE() should be before MAILER()".
1607	MAIL.LOCAL: Be more explicit in some error cases, i.e., whether
1608		a mailbox has more than one link or whether it is not
1609		a regular file.  Patch from John Beck of Sun Microsystems.
1610
16118.12.7/8.12.7	2002/12/29
1612	Properly clean up macros to avoid persistence of session data
1613		across various connections.  This could cause session
1614		oriented restrictions, e.g., STARTTLS requirements,
1615		to erroneously allow a connection.  Problem noted
1616		by Tim Maletic of Priority Health.
1617	Do not lookup MX records when sorting the MSP queue.  The MSP
1618		only needs to relay all mail to the MTA.  Problem found
1619		by Gary Mills of the University of Manitoba.
1620	Do not restrict the length of connection information to 100
1621		characters in some logging statements.  Problem noted by
1622		Erik Parker.
1623	When converting an enhanced status code to an exit status, use
1624		EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
1625		is used.
1626	Reset macro $x when receiving another MAIL command.  Problem
1627		noted by Vlado Potisk of Wigro s.r.o.
1628	Don't bother setting the permissions on the build area statistics
1629		file, the proper permissions will be put on the file at
1630		install time.  This fixes installation over NFS for some
1631		users.  Problem noted by Martin J. Dellwo of 3-Dimensional
1632		Pharmaceuticals, Inc.
1633	Fix problem of decoding SASLv2 encrypted data.  Problem noted by
1634		Alex Deiter of Mobile TeleSystems, Komi Republic.
1635	Log milter socket open errors at MilterLogLevel 1 or higher instead
1636		of 11 or higher.
1637	Print early system errors to the console instead of silently
1638		exiting.  Problem noted by James Jong of IBM.
1639	Do not process a queue group if Runners is set to 0, regardless
1640		of whether F=f or sendmail is run in verbose mode (-v).
1641		The use of -qGname will still force queue group "name"
1642		to be run even if Runners=0.
1643	Change the level for logging the fact that a daemon is refusing
1644		connections due to high load from LOG_INFO to LOG_NOTICE.
1645		Patch from John Beck of Sun Microsystems.
1646	Use location information for submit.cf from NetInfo
1647		(/locations/sendmail/submit.cf) if available.
1648	Re-enable ForkEachJob which was lost in 8.12.0.  Problem noted by
1649		Neil Rickert of Northern Illinois University.
1650	Make behavior of /canon in debug mode consistent with usage in
1651		rulesets.  Patch from Shigeno Kazutaka of IIJ.
1652	Fix a potential memory leak in envelope splitting.  Problem noted
1653		by John Majikes of IBM.
1654	Do not try to share an mailbox database LDAP connection across
1655		different processes.  Problem noted by Randy Kunkee.
1656	Fix logging for undelivered recipients when the SMTP connection
1657		times out during message collection.  Problem noted by Neil
1658		Rickert of Northern Illinois University.
1659	Avoid problems with QueueSortOrder=random due to problems with
1660		qsort() on Solaris (and maybe some other operating systems).
1661		Problem noted by Stephan Schulz of Gruner+Jahr..
1662	If -f "" is specified, set the sender address to "<>".  Problem
1663		noted by Matthias Andree.
1664	Fix formatting problem of footnotes for plain text output on some
1665		versions of tmac.  Patch from Per Hedeland.
1666	Portability:
1667		Berkeley DB 4.1 support (requires at least 4.1.25).
1668		Some getopt(3) implementations in GNU/Linux are broken
1669			and pass a NULL pointer to an option which requires
1670			an argument, hence the builtin version of
1671			sendmail is used instead.  This can be overridden
1672			by using -DSM_CONF_GETOPT=0.  Problem noted by
1673			Vlado Potisk of Wigro s.r.o.
1674		Support for nph-1.2.0 from Mark D. Roth of the University
1675			of Illinois at Urbana-Champaign.
1676		Support for FreeBSD 5.0's MAC labeling from Robert Watson
1677			of the TrustedBSD Project.
1678		Support for reading the number of processors on an IRIX
1679			system from Michel Bourget of SGI.
1680		Support for UnixWare 7.1 based on input from Larry Rosenman.
1681		Interix support from Nedelcho Stanev of Atlantic Sky
1682			Corporation.
1683		Update Mac OS X/Darwin portability from Wilfredo Sanchez.
1684	CONFIG: Enforce tls_client restrictions even if delay_checks
1685		is used.  Problem noted by Malte Starostik.
1686	CONFIG: Deal with an empty hostname created via bogus
1687		DNS entries to get around access restrictions.
1688		Problem noted by Kai Schlichting.
1689	CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
1690		to avoid problems with hostname resolution for localhost
1691		which on many systems does not resolve to 127.0.0.1 (or
1692		::1 for IPv6).  If you do not use IPv4 but only IPv6 then
1693		you need to change submit.mc accordingly, see the comment
1694		in the file itself.
1695	CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
1696		error messages from initgroups(3) on AIX 4.3 when sending
1697		mail to non-existing users. Problem noted by Mark Roth of
1698		the University of Illinois at Urbana-Champaign.
1699	CONFIG: Allow local_procmail to override local_lmtp settings.
1700	CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
1701		relay.
1702	CONTRIB: cidrexpand: Deal with the prefix tags that may be included
1703		in access_db.
1704	CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
1705	LIBMILTER: On Solaris libmilter may get into an endless loop if
1706		an error in the communication from/to the MTA occurs.
1707		Patch from Gurusamy Sarathy of Active State.
1708	LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
1709		Patch from from Jose Marcio Martins da Cruz of Ecole
1710		Nationale Superieure des Mines de Paris.
1711	MAIL.LOCAL: Fix a truncation race condition if the close() on
1712		the mailbox fails.  Problem noted by Tomoko Fukuzawa of
1713		Sun Microsystems.
1714	MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
1715		fails.  Patch from John Beck of Sun Microsystems.
1716	SMRSH: SECURITY: Only allow regular files or symbolic links to be
1717		used for a command.  Problem noted by David Endler of
1718		iDEFENSE, Inc.
1719	New Files:
1720		devtools/OS/Interix
1721		include/sm/bdb.h
1722
17238.12.6/8.12.6	2002/08/26
1724	Do not add the FallbackMXhost (or its MX records) to the list
1725		returned by the bestmx map when -z is used as option.
1726		Otherwise sendmail may act as an open relay if FallbackMXhost
1727		and FEATURE(`relay_based_on_MX') are used together.
1728		Problem noted by Alexander Ignatyev.
1729	Properly split owner- mailing list messages when SuperSafe is set
1730		to interactive.  Problem noted by Todd C. Miller of
1731		Courtesan Consulting.
1732	Make sure that an envelope is queued in the selected queue group
1733		even if some recipients are deleted or invalid.  Problem
1734		found by Chris Adams of HiWAAY Informations Services.
1735	Do not send a bounce message if a message is completely collected
1736		from the SMTP client.  Problem noted by Kari Hurtta of the
1737		Finnish Meteorological Institute.
1738	Provide an 'install-submit-st' target for sendmail/Makefile to
1739		install the MSP statistics file using the file named in the
1740		confMSP_STFILE devtools variable.  Requested by Jeff
1741		Earickson of Colby College.
1742	Queue up mail with a temporary error if setusercontext() fails
1743		during a delivery attempt.  Patch from Todd C. Miller of
1744		Courtesan Consulting.
1745	Fix handling of base64 encoded client authentication data for
1746		SMTP AUTH.  Patch from Elena Slobodnik of life medien GmbH.
1747	Set the OpenLDAP option LDAP_OPT_RESTART so the client libraries
1748		restart interrupted system calls.  Problem noted by Luiz
1749		Henrique Duma of BSIOne.
1750	Prevent a segmentation fault if a program passed a NULL envp using
1751		execve().
1752	Document a problem with the counting of queue runners that may
1753		cause delays if MaxQueueChildren is set too low. Problem
1754		noted by Ian Duplisse of Cable Television Laboratories, Inc.
1755	If discarding a message based on a recipient, don't try to look up
1756		the recipient in the mailbox database if F=w is set.  This
1757		allows users to discard bogus recipients when dealing with
1758		spammers without tipping them off.  Problem noted by Neil
1759		Rickert of Northern Illinois University.
1760	If applying a header check to a header with unstructured data,
1761		e.g., Subject:, then do not run syntax checks that are
1762		supposed for addresses on the header content.
1763	Count messages rejected/discarded via the check_data ruleset.
1764	Portability:
1765		Fix compilation on systems which do not allow simple
1766			copying of the variable argument va_list.  Based on
1767			fix from Scott Walters.
1768		Fix NSD map open bug.  From Michel Bourget of SGI.
1769		Add some additional IRIX shells to the default shell
1770			list.  From Michel Bourget of SGI.
1771		Fix compilation issues on Mac OS X 10.2 (Darwin 6.0).
1772			NETISO support has been dropped.
1773	CONFIG: There was a seemingly minor change in 8.12.4 with respect
1774		to handling entries of IP nets/addresses with RHS REJECT.
1775		These would be rejected in check_rcpt instead of only
1776		being activated in check_relay.  This change has been made to
1777		avoid potential bogus temporary rejection of relay attempts
1778		"450 4.7.1 Relaying temporarily denied. Cannot resolve PTR
1779		record for ..." if delay_checks is enabled.  However, this
1780		modification causes a change of behavior if an IP net/address
1781		is listed in the access map with REJECT and a host/domain
1782		name is listed with OK or RELAY, hence it has been reversed
1783		such that the behavior of 8.12.3 is restored.  The original
1784		change was made on request of Neil Rickert of Northern
1785		Illinois University, the side effect has been found by
1786		Stefaan Van Hoornick.
1787	CONFIG: Make sure delay_checks works even for sender addresses
1788		using the local hostname ($j) or domains in class {P}.
1789		Based on patch from Neil Rickert of Northern Illinois
1790		University.
1791	CONFIG: Fix temporary error handling for LDAP Routing lookups.
1792		Fix from Andrzej Filip.
1793	CONTRIB: New version of etrn.pl script and external man page
1794		(etrn.0) from John Beck of Sun Microsystems.
1795	LIBMILTER: Protect a free(3) operation from being called with a
1796		NULL pointer.  Problem noted by Andrey J. Melnikoff.
1797	LIBMILTER: Protect against more interrupted select() calls.  Based
1798		on patch from Jose Marcio Martins da Cruz of Ecole Nationale
1799		Superieure des Mines de Paris.
1800	New Files:
1801		contrib/etrn.0
1802
18038.12.5/8.12.5	2002/06/25
1804	SECURITY: The DNS map can cause a buffer overflow if the user
1805		specifies a dns map using TXT records in the configuration
1806		file and a rogue DNS server is queried.  None of the
1807		sendmail supplied configuration files use this option hence
1808		they are not vulnerable.  Problem noted independently by
1809		Joost Pol of PINE Internet and Anton Rang of Sun Microsystems.
1810	Unprintable characters in responses from DNS servers for the DNS
1811		map type are changed to 'X' to avoid potential problems
1812		with rogue DNS servers.
1813	Require a suboption when setting the Milter option.  Problem noted
1814		by Bryan Costales.
1815	Do not silently overwrite command line settings for
1816		DirectSubmissionModifiers.  Problem noted by Bryan
1817		Costales.
1818	Prevent a segmentation fault when clearing the event list by
1819		turning off alarms before checking if event list is
1820		empty.  Problem noted by Allan E Johannesen of Worcester
1821		Polytechnic Institute.
1822	Close a potential race condition in transitioning a memory buffered
1823		file onto disk.  From Janani Devarajan of Sun Microsystems.
1824	Portability:
1825		Include paths.h on Linux systems running glibc 2.0 or later
1826			to get the definition for _PATH_SENDMAIL, used by
1827			rmail and vacation.  Problem noted by Kevin
1828			A. McGrail of Peregrine Hardware.
1829		NOTE: Linux appears to have broken flock() again.  Unless
1830			the bug is fixed before sendmail 8.13 is shipped,
1831			8.13 will change the default locking method to
1832			fcntl() for Linux kernel 2.4 and later.  You may
1833			want to do this in 8.12 by compiling with
1834			-DHASFLOCK=0.  Be sure to update other sendmail
1835			related programs to match locking techniques.
1836
18378.12.4/8.12.4	2002/06/03
1838	SECURITY: Inherent limitations in the UNIX file locking model
1839		can leave systems open to a local denial of service
1840		attack.  Be sure to read the "FILE AND MAP PERMISSIONS"
1841		section of the top level README for more information.
1842		Problem noted by lumpy.
1843	Use TempFileMode (defaults to 0600) for the permissions of PidFile
1844		instead of 0644.
1845	Change the default file permissions for new alias database files
1846		from 0644 to 0640.  This can be overridden at compile time
1847		by setting the DBMMODE macro.
1848	Fix a potential core dump problem if the environment variable
1849		NAME is set.  Problem noted by Beth A. Chaney of
1850		Purdue University.
1851	Expand macros before passing them to libmilter.  Problem noted
1852		by Jose Marcio Martins da Cruz of Ecole Nationale
1853		Superieure des Mines de Paris.
1854	Rewind the df (message body) before truncating it when libmilter
1855		replaces the body of a message.  Problem noted by Gisle Aas
1856		of Active State.
1857	Change SMTP reply code for AUTH failure from 500 to 535 and the
1858		initial zero-length response to "=" per RFC 2554.  Patches
1859		from Kenneth Murchison of Oceana Matrix Ltd.
1860	Do not try to fix broken message/rfc822 MIME attachments by
1861		inserting a MIME-Version: header when MaxMimeHeaderLength
1862		is set and no 8 to 7 bit conversion is needed.  Based on
1863		patch from Rehor Petr of ICZ (Czech Republic).
1864	Do not log "did not issue MAIL/EXPN/VRFY/ETRN" if the connection
1865		is rejected anyway.  Noted by Chris Loelke.
1866	Mention the submission mail queue in the mailq man page.  Requested
1867		by Bill Fenner of AT&T.
1868	Set ${msg_size} macro when reading a message from the command line
1869		or the queue.
1870	Detach from shared memory before dropping privileges back to
1871		user who started sendmail.
1872	If AllowBogusHELO is set to false (default) then also complain if
1873		the argument to HELO/EHLO contains white space.  Suggested
1874		by Seva Gluschenko of Cronyx Plus.
1875	Allow symbolicly linked forward files in writable directory paths
1876		if both ForwardFileInUnsafeDirPath and
1877		LinkedForwardFileInWritableDir DontBlameSendmail options
1878		are set.  Problem noted by Werner Spirk of
1879		Leibniz-Rechenzentrum Munich.
1880	Portability:
1881		Operating systems that lack the ftruncate() call will not
1882			be able to use Milter's body replacement feature.
1883			This only affects Altos, Maxion, and MPE/iX.
1884		Digital UNIX 5.0 has changed flock() semantics to be
1885			non-compliant.  Problem noted by Martin Mokrejs of
1886			Charles University in Prague.
1887		The sparc64 port of FreeBSD 5.0 now supports shared
1888			memory.
1889	CONFIG: FEATURE(`preserve_luser_host') needs the macro map.
1890		Problem noted by Andrzej Filip.
1891	CONFIG: Using 'local:' as a mailertable value with
1892		FEATURE(`preserve_luser_host') and LUSER_RELAY caused mail
1893		to be misaddressed.  Problem noted by Andrzej Filip.
1894	CONFIG: Provide a workaround for DNS based rejection lists that
1895		fail for AAAA queries.  Problem noted by Chris Boyd.
1896	CONFIG: Accept the machine's hostname as resolvable when checking
1897		the sender address.  This allows locally submitted mail to
1898		be accepted if the machine isn't connected to a nameserver
1899		and doesn't have an /etc/hosts entry for itself.  Problem
1900		noted by Robert Watson of the TrustedBSD Project.
1901	CONFIG: Use deferred expansion for checking the ${deliveryMode}
1902		macro in case the SMTP VERB command is used.  Problem
1903		noted by Bryan Costales.
1904	CONFIG: Avoid a duplicate '@domain' virtusertable lookup if no
1905		matches are found.  Fix from Andrzej Filip.
1906	CONFIG: Fix wording in default dnsbl rejection message.  Suggested
1907		by Lou Katz of Metron Computerware, Ltd.
1908	CONFIG: Add mailer cyrusv2 for Cyrus V2.  Contributed by
1909		Kenneth Murchison of Oceana Matrix Ltd.
1910	CONTRIB: Fix wording in default dnsblaccess rejection message to
1911		match dnsbl change.
1912	DEVTOOLS: Add new option for access mode of statistics file,
1913		confSTMODE, which specifies the permissions when initially
1914		installing the sendmail statistics file.
1915	LIBMILTER: Mark the listening socket as close-on-exec in case
1916		a user's filter starts other applications.
1917	LIBSM: Allow the MBDB initialize, lookup, and/or terminate
1918		functions in SmMbdbTypes to be set to NULL.
1919	MAKEMAP: Change the default file permissions for new databases from
1920		0644 to 0640.  This can be overridden at compile time
1921		by setting the DBMMODE macro.
1922	SMRSH: Fix man page bug: replace SMRSH_CMDBIN with SMRSH_CMDDIR.
1923		Problem noted by Dave Alden of Ohio State University.
1924	VACATION: When listing the vacation database (-l), don't show
1925		bogus timestamps for excluded (-x) addresses.  Problem
1926		noted by Bryan Costales.
1927	New Files:
1928		cf/mailer/cyrusv2.m4
1929
19308.12.3/8.12.3	2002/04/05
1931	NOTICE: In general queue files should not be moved if queue groups
1932		are used.  In previous versions this could cause mail
1933		not to be delivered if a queue file is repeatedly moved
1934		by an external process whenever sendmail moved it back
1935		into the right place.  Some precautions have been taken
1936		to avoid moving queue files if not really necessary.
1937		sendmail may use links to refer to queue files and it
1938		may store the path of data files in queue files.  Hence
1939		queue files should not be moved unless those internals
1940		are understood and the integrity of the files is not
1941		compromised.  Problem noted by Anne Bennett of Concordia
1942		University.
1943	If an error mail is created, and the mail is split across different
1944		queue directories, and SuperSafe is off, then write the mail
1945		to disk before splitting it, otherwise an assertion is
1946		triggered.  Problem tracked down by Henning Schmiedehausen
1947		of INTERMETA.
1948	Fix possible race condition that could cause sendmail to forget
1949		running queues.  Problem noted by Jeff Wasilko of smoe.org.
1950	Handle bogus qf files better without triggering assertions.
1951		Problem noted by Guy Feltin.
1952	Protect against interrupted select() call when enforcing Milter
1953		read and write timeouts.  Patch from Gurusamy Sarathy of
1954		ActiveState.
1955	Matching queue IDs with -qI should be case sensitive.  Problem
1956		noted by Anne Bennett of Concordia University.
1957	If privileges have been dropped, don't try to change group ID to
1958		the RunAsUser group.  Problem noted by Neil Rickert of
1959		Northern Illinois University.
1960	Fix SafeFileEnvironment path munging when the specified path
1961		contains a trailing slash.  Based on patch from Dirk Meyer
1962		of Dinoex.
1963	Do not limit sendmail command line length to SM_ARG_MAX (usually
1964		4096).  Problem noted by Allan E Johannesen of Worcester
1965		Polytechnic Institute.
1966	Clear full name of sender for each new envelope to avoid bogus data
1967		if several mails are sent in one session and some of them
1968		do not have a From: header.  Problem noted by Bas Haakman.
1969	Change timeout check such that cached information about a connection
1970		will be immediately invalid if ConnectionCacheTimeout is zero.
1971		Based on patch from David Burns of Portland State University.
1972	Properly count message size for mailstats during mail collection.
1973		Problem noted by Werner Wiethege.
1974	Log complete response from LMTP delivery agent on failure.  Based on
1975		patch from Motonori Nakamura of Kyoto University.
1976	Provide workaround for getopt() implementations that do not catch
1977		missing arguments.
1978	Fix the message size calculation if the message body is replaced by
1979		a milter filter and buffered file I/O is being used.
1980		Problem noted by Sergey Akhapkin of Dr.Web.
1981	Do not honor SIGUSR1 requests if running with extra privileges.
1982		Problem noted by Werner Wiethege.
1983	Prevent a file descriptor leak on mail delivery if the initial
1984		connect fails and DialDelay is set.  Patch from Servaas
1985		Vandenberghe of Katholieke Universiteit Leuven.
1986	Properly deal with a case where sendmail is called by root running
1987		a set-user-ID (non-root) program.  Problem noted by Jon
1988		Lusky of ISS Atlanta.
1989	Avoid leaving behind stray transcript (xf) files if multiple queue
1990		directories are used and mail is sent to a mailing list
1991		which has an owner- alias.  Problem noted by Anne Bennett
1992		of Concordia University.
1993	Fix class map parsing code if optional key is specified.  Problem
1994		found by Mario Nigrovic.
1995	The SMTP daemon no longer tries to fix up improperly dot-stuffed
1996		incoming messages.  A leading dot is always stripped by the
1997		SMTP receiver regardless of whether or not it is followed by
1998		another dot.  Problem noted by Jordan Ritter of darkridge.com.
1999	Fix corruption when doing automatic MIME 7-bit quoted-printable or
2000		base64 encoding to 8-bit text.  Problem noted by Mark
2001		Elvers.
2002	Correct the statistics gathered for total number of connections.
2003		Instead of being the exact same number as the total number
2004		of messages (T line in mailstats) it now represents the
2005		total number of TCP connections.
2006	Be more explicit about syntax errors in addresses, especially
2007		non-ASCII characters, and properly create DSNs if necessary.
2008		Problem noted by Leena Heino of the University of Tampere.
2009	Prevent small timeouts from being lost on slow machines if itimers
2010		are used.  Problem noted by Suresh Ramasubramanian.
2011	Prevent a race condition on child cleanup for delivery to files.
2012		Problem noted by Fletcher Mattox of the University of
2013		Texas.
2014	Change the SMTP error code for temporary map failures from 421
2015		to 451.
2016	Do not assume that realloc(NULL, size) works on all OS (this was
2017		only done in one place: queue group creation).  Based on
2018		patch by Bryan Costales.
2019	Initialize Timeout.iconnect in the code to prevent randomly short
2020		timeouts.  Problem noted by Bradley Watts of AT&T Canada.
2021	Do not try to send a second SMTP QUIT command if the remote
2022		responds to a MAIL command with a 421 reply or on I/O
2023		errors.  By doing so, the host was marked as having a
2024		temporary problem and other mail destined for that host was
2025		queued for the next queue run.  Problem noted by Fletcher
2026		Mattox of the University of Texas, Allan E Johannesen of
2027		Worcester Polytechnic Institute, Larry Greenfield of CMU,
2028		and Neil Rickert of Northern Illinois University.
2029	Ignore error replies from the SMTP QUIT command (including servers
2030		which drop the connection instead of responding to the
2031		command).
2032	Portability:
2033		Check LDAP_API_VERSION to determine if ldap_memfree() is
2034			available.
2035		Define HPUX10 when building on HP-UX 10.X.  That platform
2036			now gets the proper _PATH_SENDMAIL and SMRSH_CMDDIR
2037			settings.  Patch from Elias Halldor Agustsson of
2038			Skyrr.
2039		Fix dependency building on Mac OS X and Darwin.  Problem
2040			noted by John Beck.
2041		Preliminary support for the sparc64 port of FreeBSD 5.0.
2042		Add /sbin/sh as an acceptable user shell on HP-UX.  From
2043			Rajesh Somasund of Hewlett-Packard.
2044	CONFIG: Add FEATURE(`authinfo') to allow a separate database for
2045		SMTP AUTH information.  This feature was actually added in
2046		8.12.0 but a release note was not included.
2047	CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce
2048		parameter is set and the LDAP lookup returns a temporary
2049		error.
2050	CONFIG: Honor FEATURE(`relay_hosts_only') when using
2051		FEATURE(`relay_mail_from', `domain').  Problem noted by
2052		Krzysztof Oledzki.
2053	CONFIG: FEATURE(`msp') now disables any type of alias
2054		initialization as aliases are not needed for the MSP.
2055	CONFIG: Allow users to override RELAY_MAILER_ARGS when FEATURE(`msp')
2056		is in use.  Patch from Andrzej Filip.
2057	CONFIG: FEATURE(`msp') uses `[localhost]' as default instead of
2058		`localhost' and turns on MX lookups for the SMTP mailers.
2059		This will only have an effect if a parameter is specified,
2060		i.e., an MX lookup will be performed on the hostname unless
2061		it is embedded in square brackets.  Problem noted by
2062		Theo Van Dinter of Collective Technologies.
2063	CONFIG: Set confTIME_ZONE to USE_TZ in submit.mc (TimeZoneSpec= in
2064		submit.cf) to use $TZ for time stamps.  This is a compromise
2065		to allow for the proper time zone on systems where the
2066		default results in misleading time stamps. That is, syslog
2067		time stamps and Date headers on submitted mail will use the
2068		user's $TZ setting.  Problem noted by Mark Roth of the
2069		University of Illinois at Urbana-Champaign, solution proposed
2070		by Neil Rickert of Northern Illinois University.
2071	CONFIG: Mac OS X (Darwin) ships with mail.local as non-set-user-ID
2072		binary.  Adjust local mailer flags accordingly.  Problem
2073		noted by John Beck.
2074	CONTRIB: Add a warning to qtool.pl to not move queue files around
2075		if queue groups are used.
2076	CONTRIB: buildvirtuser: Add -f option to force rebuild.
2077	CONTRIB: smcontrol.pl: Add -f option to specify control socket.
2078	CONTRIB: smcontrol.pl: Add support for 'memdump' command.
2079		Suggested by Bryan Costales.
2080	DEVTOOLS: Add dependency generation for test programs.
2081	LIBMILTER: Remove conversion of port number for the socket
2082		structure that is passed to xxfi_connect().  Notice:
2083		this fix requires that sendmail and libmilter both have
2084		this change; mixing versions may lead to wrong port
2085		values depending on the endianness of the involved systems.
2086		Problem noted by Gisle Aas of ActiveState.
2087	LIBMILTER: If smfi_setreply() sets a custom reply code of '4XX' but
2088		SMFI_REJECT is returned, ignore the custom reply.  Do the
2089		same if '5XX' is used and SMFI_TEMPFAIL is returned.
2090	LIBMILTER: Install include files in ${INCLUDEDIR}/libmilter/ as
2091		required by mfapi.h.  Problem noted by Jose Marcio Martins
2092		da Cruz of Ecole Nationale Superieure des Mines de Paris.
2093	LIBSM: Add SM_CONF_LDAP_MEMFREE as a configuration define.  Set
2094		this to 1 if your LDAP client libraries include
2095		ldap_memfree().
2096	LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X
2097		and NDBM on systems with the O_EXLOCK open(2) flag.
2098	SMRSH: Fix compilation problem on some operating systems.  Problem
2099		noted by Christian Krackowizer of schuler technodat GmbH.
2100	VACATION: Allow root to operate on user vacation databases.  Based
2101		on patch from Greg Couch of the University of California,
2102		San Francisco.
2103	VACATION: Don't ignore -C option.  Based on patch by Bryan Costales.
2104	VACATION: Clarify option usage in the man page.  Problem noted by
2105		Joe Barbish.
2106	New Files:
2107		libmilter/docs/smfi_setbacklog.html
2108
21098.12.2/8.12.2	2002/01/13
2110	Don't complain too much if stdin, stdout, or stderr are missing
2111		at startup, only log an error message.
2112	Fix potential problem if an unknown operation mode (character
2113		following -b) has been specified.
2114	Prevent purgestat from looping even if someone changes the
2115		permissions or owner of hoststatus files.  Problem noted
2116		by Kari Hurtta of the Finnish Meteorological Institute.
2117	Properly record dropped connections in persistent host status.
2118		Problem noted by Ulrich Windl of the Universitat
2119		Regensburg.
2120	Remove newlines from recipients read via sendmail -t to prevent
2121		SMTP protocol errors when sending the RCPT command.
2122		Problem noted by William D. Colburn of the New Mexico
2123		Institute of Mining and Technology.
2124	Only log milter body replacements once instead of for each body
2125		chunk sent by a filter.  Problem noted by Kari Hurtta of
2126		the Finnish Meteorological Institute.
2127	In 8.12.0 and 8.12.1, the headers were mistakenly not included in
2128		the message size calculation.  Problem noted by Kari Hurtta
2129		of the Finnish Meteorological Institute.
2130	Since 8.12 no longer forks at the SMTP MAIL command, the daemon
2131		needs to collect children status to avoid zombie processes.
2132		Problem noted by Chris Adams of HiWAAY Informations Services.
2133	Shut down "nullserver" and ETRN-only connections after 25 bad
2134		commands are issued.  This makes it consistent with normal
2135		SMTP connections.
2136	Avoid duplicate logging of milter rejections.  Problem noted by
2137		William D. Colburn of the New Mexico Institute of Mining
2138		and Technology.
2139	Error and delay DSNs were being sent to postmaster instead of the
2140		message sender if the sender had used a deprecated RFC822
2141		source route.  Problem noted by Kari Hurtta of the Finnish
2142		Meteorological Institute.
2143	Fix FallbackMXhost behavior for temporary errors during address
2144		parsing.  Problem noted by Jorg Bielak from Coastal Web
2145		Online.
2146	For systems on which stat(2) does not return a value for st_blksize
2147		that is the "optimal blocksize for I/O" three new compile
2148		time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF,
2149		and SM_IO_MAX_BUF, which define an upper limit for
2150		regular files, and a lower and upper limit for other file
2151		types, respectively.
2152	Fix a potential deadlock if two events are supposed to occur at
2153		exactly the same time.  Problem noted by Valdis Kletnieks
2154		of Virginia Tech.
2155	Perform envelope splitting for aliases listed directly in the
2156		alias file, not just for include/.forward files.
2157		Problem noted by John Beck of Sun Microsystems.
2158	Allow selection of queue group for mailq using -qGgroup.
2159		Based on patch by John Beck of Sun Microsystems.
2160	Make sure cached LDAP connections used my multiple maps in the same
2161		process are closed.  Patch from Taso N. Devetzis.
2162	If running as root, allow reading of class files in protected
2163		directories.  Patch from Alexander Talos of the University
2164		of Vienna.
2165	Correct a few LDAP related memory leaks.  Patch from David Powell
2166		of Sun Microsystems.
2167	Allow specification of an empty realm via the authinfo ruleset.
2168		This is necessary to interoperate as an SMTP AUTH client
2169		with servers that do not support realms when using
2170		CRAM-MD5.  Problem noted by Bjoern Voigt of TU Berlin.
2171	Avoid a potential information leak if AUTH PLAIN is used and the
2172		server gets stuck while processing that command.  Problem
2173		noted by Chris Adams from HiWAAY Informations Services.
2174	In addition to printing errors when parsing recipients during
2175		command line invocations log them to make it simpler
2176		to understand possible DSNs to postmaster.
2177	Do not use FallbackMXhost on mailers which have the F=0 flag set.
2178	Allow local mailers (F=l) to specify a host for TCP connections
2179		instead of forcing localhost.
2180	Obey ${DESTDIR} for installation of the client mail queue and
2181		submit.cf.  Patch from Peter 'Luna' Runestig.
2182	Re-enable support for -M option which was broken in 8.12.1.  Problem
2183		noted by Neil Rickert of Northern Illinois University.
2184	If a remote server violates the SMTP standard by unexpectedly
2185		dropping the connection during an SMTP transaction, stop
2186		sending commands.  This prevents bogus "Bad file number"
2187		recipient status.  Problem noted by Allan E Johannesen of
2188		Worcester Polytechnic Institute.
2189	Do not use a size estimate of 100 for postmaster bounces, it's
2190		almost always too small; do not guess the size at all.
2191	New VENDOR_DEC for Compaq/DEC.  Requested by James Seagraves of
2192		Compaq Computer Corp.
2193	Fix DaemonPortOptions IPv6 address parsing such that ::1 works
2194		properly.  Problem noted by Valdis Kletnieks of Virginia
2195		Tech.
2196	Portability:
2197		Fix IPv6 network interface probing on HP-UX 11.X.  Based on
2198			patch provided by HP.
2199		Mac OS X (aka Darwin) has a broken setreuid() call, but a
2200			working seteuid() call.  From Daniel J. Luke.
2201		Use proper type for a 32-bit integer on SINIX.  From Ganu
2202			Sachin of Siemens.
2203		Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX.
2204		Reduce optimization from +O3 to +O2 on HP-UX 11.  This
2205			fixes a problem that caused additional bogus
2206			characters to be written to the qf file.  Problem
2207			noted by Tapani Tarvainen.
2208		Set LDA_USE_LOCKF by default for UnixWare.  Problem noted
2209			by Boyd Lynn Gerber.
2210		Add support for HP MPE/iX.  See sendmail/README for port
2211			information.  From Mark Bixby of Hewlett-Packard.
2212		New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON,
2213			USE_DOUBLE_FORK, and NEEDLINK.  See sendmail/README
2214			for more information.  From Mark Bixby of
2215			Hewlett-Packard.
2216		If an OS doesn't have a method of finding free disk space
2217			(SFS_NONE), lie and say there is plenty of space.
2218			From Mark Bixby of Hewlett-Packard.
2219		Add support for AIX 5.1.  From Valdis Kletnieks of
2220			Virginia Tech.
2221		Fix man page location for NeXTSTEP.  From Hisanori Gogota
2222			of the NTT/InterCommunication Center.
2223		Do not assume that strerror() always returns a string.
2224			Problem noted by John Beck of Sun Microsystems.
2225	CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed
2226		UUCP from the base operating system.  From Mark Murray of
2227		FreeBSD Services, Ltd.
2228	CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX
2229		systems.  From Mark Bixby of Hewlett-Packard.
2230	CONFIG: Add support for selecting a queue group for all mailers.
2231		Based on proposal by Stephen L. Ulmer of the University of
2232		Florida.
2233	CONFIG: Fix error reporting for compat_check.m4.  Problem noted by
2234		Altin Waldmann.
2235	CONFIG: Do not override user selections for confRUN_AS_USER and
2236		confTRUSTED_USER in FEATURE(msp).  From Mark Bixby of
2237		Hewlett-Packard.
2238	LIBMILTER: Fix bug that prevented the removal of a socket after
2239		libmilter terminated.  Problem reported by Andrey V. Pevnev
2240		of MSFU.
2241	LIBMILTER: Fix configuration error that required libsm for linking.
2242		Problem noted by Kari Hurtta of the Finnish Meteorological
2243		Institute.
2244	LIBMILTER: Portability fix for OpenUNIX.  Patch from Larry Rosenman.
2245	LIBMILTER: Fix a theoretical memory leak and a possible attempt
2246		to free memory twice.
2247	LIBSM: Fix a potential segmentation violation in the I/O library.
2248		Problem found and analyzed by John Beck and Tim Haley
2249		of Sun Microsystems.
2250	LIBSM: Do not clear the LDAP configuration information when
2251		terminating the mailbox database connection in the LDAP
2252		example code.  Problem noted by Nikos Voutsinas of the
2253		University of Athens.
2254	New Files:
2255		cf/cf/generic-mpeix.cf
2256		cf/cf/generic-mpeix.mc
2257		cf/ostype/freebsd5.m4
2258		cf/ostype/mpeix.m4
2259		devtools/OS/AIX.5.1
2260		devtools/OS/MPE-iX
2261		include/sm/os/sm_os_mpeix.h
2262		libsm/mpeix.c
2263
22648.12.1/8.12.1	2001/10/01
2265	SECURITY: Check whether dropping group privileges actually succeeded
2266		to avoid possible compromises of the mail system by
2267		supplying bogus data.  Add configuration options for
2268		different set*gid() calls to reset saved gid.  Problem
2269		found by Michal Zalewski.
2270	PRIVACY: Prevent information leakage when sendmail has extra
2271		privileges by disabling debugging (command line -d flag)
2272		during queue runs and disabling ETRN when sendmail -bs is
2273		used.  Suggested by Michal Zalewski.
2274	Avoid memory corruption problems resulting from bogus .cf files.
2275		Problem found by Michal Zalewski.
2276	Set the ${server_addr} macro to name of mailer when doing LMTP
2277		delivery.  LMTP systems may offer SMTP Authentication or
2278		STARTTLS causing sendmail to use this macro in rulesets.
2279	If debugging is turned on (-d0.10) print not just the default
2280		values for configuration file and pid file but also the
2281		selected values.  Problem noted by Brad Chapman.
2282	Continue dealing with broken nameservers by ignoring SERVFAIL
2283		errors returned on T_AAAA (IPv6) lookups at delivery time
2284		if ResolverOptions=WorkAroundBrokenAAAA is set.  Previously
2285		this only applied to hostname canonification.  Problem
2286		noted by Bill Fenner of AT&T Research.
2287	Ignore comments in NIS host records when trying to find the
2288		canonical name for a host.
2289	When sendmail has extra privileges, limit mail submission command
2290		line flags (i.e., -G, -h, -F, etc.)  to mail submission
2291		operating modes (i.e., -bm, -bs, -bv, etc.).  Idea based on
2292		suggestion from Michal Zalewski.
2293	Portability:
2294		AIX: Use `oslevel` if available to determine OS version.
2295			`uname` does not given complete information.
2296			Problem noted by Keith Neufeld of the Cessna
2297			Aircraft Company.
2298		OpenUNIX: Use lockf() for LDA delivery (affects mail.local).
2299			Problem noticed by Boyd Lynn Gerber of ZENEX.
2300		Avoid compiler warnings by not using pointers to pass
2301			integers.  Problem noted by Todd C. Miller of
2302			Courtesan Consulting.
2303	CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize
2304		problems with potential misconfigurations.
2305	CONFIG: Fix comment showing default value of MaxHopCount.  Problem
2306		noted by Greg Robinson of the Defence Science and
2307		Technology Organisation of Australia.
2308	CONFIG: dnsbl: If an argument specifies an error message in case
2309		of temporary lookup failures for DNS based blacklists
2310		then use it.
2311	LIBMILTER: Install mfdef.h, required by mfapi.h.  Problem noted by
2312		Richard A. Nelson of Debian.
2313	LIBMILTER: Add __P definition for OS that lack it.  Problem noted
2314		by Chris Adams from HiWAAY Informations Services.
2315	LIBSMDB: Fix a lock race condition that affects makemap, praliases,
2316		and vacation.
2317	MAKEMAP: Avoid going beyond the end of an input line if it does
2318		not contain a value for a key.  Based on patch from
2319		Mark Bixby from Hewlett-Packard.
2320	New Files:
2321		test/Build
2322		test/Makefile
2323		test/Makefile.m4
2324		test/README
2325		test/t_dropgid.c
2326		test/t_setgid.c
2327	Deleted Files:
2328		include/sm/stdio.h
2329		include/sm/sysstat.h
2330
23318.12.0/8.12.0	2001/09/08
2332	*NOTICE*: The default installation of sendmail does not use
2333		set-user-ID root anymore.  You need to create a new user and
2334		a new group before installing sendmail (both called smmsp by
2335		default).  The installation process tries to install
2336		/etc/mail/submit.cf and creates /var/spool/clientmqueue by
2337		default.  Please see sendmail/SECURITY for details.
2338	SECURITY: Check for group and world writable forward and :include:
2339		files.  These checks can be turned off if absolutely
2340		necessary using the DontBlameSendmail option and the new
2341		flags:
2342			GroupWritableForwardFile
2343			WorldWritableForwardFile
2344			GroupWritableIncludeFile
2345			WorldWritableIncludeFile
2346		Problem noted by Slawek Zak of Politechnika Warszawska,
2347	SECURITY: Drop privileges when using address test mode.  Suggested
2348		by Michal Zalewski of the "Internet for Schools" project
2349		(IdS).
2350	Fixed problem of a global variable being used for a timeout jump
2351		point where the variable could become overused for more than
2352		one timeout concurrently.  This erroneous behavior resulted in
2353		a corrupted stack causing a core dump.  The timeout is now
2354		handled via libsm.  Problem noted by Michael Shapiro,
2355		John Beck, and Carl Smith of Sun Microsystems.
2356	If sendmail is set-group-ID then that group ID is used for permission
2357		checks (group ID of RunAsUser).  This allows use of a
2358		set-group-ID sendmail binary for initial message submission
2359		and no set-user-ID root sendmail is needed.  For details
2360		see sendmail/SECURITY.
2361	Log a warning if a non-trusted user changes the syslog label.
2362		Based on notice from Bryan Costales of SL3D, Inc.
2363	If sendmail is called for initial delivery, try to use submit.cf
2364		with a fallback of sendmail.cf as configuration file.  See
2365		sendmail/SECURITY.
2366	New configuration file option UseMSP to allow group writable queue
2367		files if the group is the same as that of a set-group-ID
2368		sendmail binary.  See sendmail/SECURITY.
2369	The .cf file is chosen based on the operation mode. For -bm (default),
2370		-bs, and -t it is submit.cf if it exists for all others it
2371		is sendmail.cf (to be backward compatible).  This selection
2372		can be changed by the new option -Ac or -Am (alternative .cf
2373		file: client or mta).  See sendmail/SECURITY.
2374	The SMTP server no longer forks on each MAIL command.  The ONEX
2375		command has been removed.
2376	Implement SMTP PIPELINING per RFC 2920.  It can be turned off
2377		at compile time or per host (ruleset).
2378	New option MailboxDatabase specifies the type of mailbox database
2379		used to look up local mail recipients; the default value
2380		is "pw", which means to use getpwnam().  New mailbox database
2381		types can be added by adding custom code to libsm/mbdb.c.
2382	Queue file names are now 15 characters long, rather than 14 characters
2383		long, to accomodate envelope splitting.  File systems with
2384		a 14 character file name length limit are no longer
2385		supported.
2386	Recipient list used for delivery now gets internally ordered by
2387		hostsignature (character string version of MX RR).  This orders
2388		recipients for the same MX RR's together meaning smaller
2389		portions of the list need to be scanned (instead of the whole
2390		list) each delivery() pass to determine piggybacking.  The
2391		significance of the change is better the larger the recipient
2392		list.  Hostsignature is now created during recipient list
2393		creation rather than just before delivery.
2394	Enhancements for more opportunistic piggybacking.  Previous
2395		piggybacking (called coincidental) extended to coattail
2396		piggybacking.  Rather than complete MX RR matching
2397		(coincidental) piggybacking is done if just the lowest value
2398		preference matches (coattail).
2399	If sendmail receives a temporary error on a RCPT TO: command, it will
2400		try other MX hosts if available.
2401	DefaultAuthInfo can contain a list of mechanisms to be used for
2402		outgoing (client-side) SMTP Authentication.
2403	New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable
2404		AUTH (overrides 'a' modifier in DaemonPortOptions).  Based
2405		on patch from Lyndon Nerenberg of Messaging Direct.
2406	Enable AUTH mechanism EXTERNAL if STARTTLS is used.
2407	A new ruleset authinfo can be used to return client side
2408		authentication information for AUTH instead of DefaultAuthInfo.
2409		Therefore the DefaultAuthInfo option is deprecated and will be
2410		removed in future versions.
2411	Accept any SMTP continuation code 3xy for AUTH even though RFC 2554
2412		requires 334.  Mercury 1.48 is a known offender.
2413	Add new option AuthMaxBits to limit the overall encryption strength
2414		for the security layer in SMTP AUTH (SASL).  See
2415		doc/op/op.me for details.
2416	Introduce new STARTTLS related macros {cn_issuer}, {cn_subject},
2417		{cert_md5} which hold the CN (common name) of the CA that
2418		signed the presented certificate, the CN and the MD5 hash
2419		of the presented certificate, respectively.
2420	New ruleset try_tls to decide whether to try (as client) STARTTLS.
2421	New ruleset srv_features to enable/disable certain features in the
2422		server per connection.  See doc/op/op.me for details.
2423	New ruleset tls_rcpt to decide whether to send e-mail to a particular
2424		recipient; useful to decide whether a conection is secure
2425		enough on a per recipient basis.
2426	New option TLSSrvOptions to modify some aspects of the server
2427		for STARTTLS.
2428	If no certificate has been requested, the macro {verify} has the
2429		value "NOT".
2430	New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off
2431		using/offering STARTTLS when delivering/receiving e-mail.
2432	Macro expand filenames/directories for certs and keys in the .cf file.
2433		Proposed by Neil Rickert of Northern Illinois University.
2434	Generate an ephemeral RSA key for a STARTTLS connection only if
2435		really required.  This change results in a noticable
2436		performance gains on most machines.  Moreover, if shared
2437		memory is in use, reuse the key several times.
2438	Add queue groups which can be used to group queue directories with
2439		the same behavior together.  See doc/op/op.me for details.
2440	If the new option FastSplit (defaults to one) has a value greater
2441		than zero, it suppresses the MX lookups on addresses when they
2442		are initially sorted which may result in faster envelope
2443		splitting.  If the mail is submitted directly from the
2444		command line, then the value also limits the number of
2445		processes to deliver the envelopes; if more envelopes are
2446		created they are only queued up and must be taken care of
2447		by a queue run.
2448	The check for 'enough disk space' now pays attention to which file
2449		system each queue directory resides in.
2450	All queue runners can be cleanly terminated via SIGTERM to parent.
2451	New option QueueFileMode for the default permissions of queue files.
2452	Add parallel queue runner code.  Allows multiple queue runners per work
2453		group (one or more queues in a multi-queue environment
2454		collected together) to process the same work list at the
2455		same time.
2456	Option MaxQueueChildren added to limit the number of concurrently
2457		active queue runner processes.
2458	New option MaxRunnersPerQueue to specify the maximum number of queue
2459		runners per queue group.
2460	Queue member selection by substring pattern matching now allows
2461		the pattern to be negated.  For -qI, -qR and -qS it is
2462		permissible for -q!I, -q!R and -q!S to mean remove members
2463		of the queue that match during processing.
2464	New -qp[time] option is similar to -qtime, except that instead of
2465		periodically forking a child to process the queue, a single
2466		child is forked for each queue that sleeps between queue
2467		runs.  A SIGHUP signal can be sent to restart this
2468		persistent queue runner.
2469	The SIGHUP signal now restarts a timed queue run process (i.e., a
2470		sendmail process which only runs the queue at an interval:
2471		sendmail -q15m).
2472	New option NiceQueueRun	to set the priority of queue runners.
2473		Proposed by Thom O'Connor.
2474	sendmail will run the queue(s) in the background when invoked with -q
2475		unless the new -qf option or -v is used.
2476	QueueSortOrder=Random sorts the queue randomly, which is useful if
2477		several queue runners are started by hand to avoid contention.
2478	QueueSortOrder=Modification sorts the queue by the modification time
2479		of the qf file (older entries first).
2480	Support Deliver By SMTP Service Extension (RFC 2852) which allows
2481		a client to specify an amount of time within which an e-mail
2482		should be delivered.  New option DeliverByMin added to set the
2483		minimum amount of time or disable the extension.
2484	Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are
2485		not allowed unless escaped or quoted.
2486	Add support for a generic DNS map.  Based on a patch contributed
2487		by Leif Johansson of Stockholm University, which was based on
2488		work by Assar Westerlund of Swedish Institute of Computer
2489		Science, Kista, and Johan Danielsson of Royal Institute of
2490		Technology, Stockholm, Sweden.
2491	MX records will be looked up for FallBackMXhost.  To use the old
2492		behavior (no MX lookups), put the name in square brackets.
2493		Proposed by Thom O'Connor.
2494	Use shared memory to store free space of filesystems that are used
2495		for queues, if shared memory is available and if a key is set
2496		via SharedMemoryKey.  This minimizes the number of system
2497		calls to check the available space.  See doc/op/op.me for
2498		details.
2499	If shared memory is compiled in the option -bP can be used to print
2500		the number of entries in the queue(s).
2501	Enable generic mail filter API (milter).  See libmilter/README
2502		and the usual documentation for details.
2503	Remove AutoRebuildAliases option, deprecated since 8.10.
2504	Remove '-U' (initial user submission) command line option as
2505		announced in 8.10.
2506	Remove support for non-standard SMTP command XUSR.  Use an MSA instead.
2507	New macro {addr_type} which contains whether the current address is
2508		an envelope sender or recipient address.  Suggested by
2509		Neil Rickert of Northern Illinois University.
2510	Two new options for host maps: -d (retransmission timeout),
2511		-r (number of retries).
2512	New option for LDAP maps: the -V<sep> allows you to specify a
2513		separator such that a lookup can return both an attribute
2514		and value separated by the given separator.
2515	Add new operators '%', '|', '&' (modulo, binary or, binary and)
2516		to map class arith.
2517	If DoubleBounceAddress expands to an empty string, ``double bounces''
2518		(errors that occur when sending an error message) are dropped.
2519	New DontBlameSendmail options GroupReadableSASLDBFile and
2520		GroupWritableSASLDBFile to relax requirements for sasldb files.
2521	New DontBlameSendmail options GroupReadableKeyFile to relax
2522		requirements for files containing secret keys.  This is
2523		necessary for the MSP if client authentification is used.
2524	Properly handle quoted filenames for class files (to allow for
2525		filenames with spaces).
2526	Honor the resolver option RES_NOALIASES when canonifying hostnames.
2527	Add macros to avoid the reuse of {if_addr} etc:
2528		{if_name_out}	hostname of interface of outgoing connection.
2529		{if_addr_out}	address of interface of outgoing connection.
2530		{if_family_out}	family of interface of outgoing connection.
2531		The latter two are only set if the interface does not belong
2532		to the loopback net.
2533	Add macro {nrcpts} which holds the number of (validated) recipients.
2534	DialDelay option applies only to mailers with flag 'Z'.  Patch from
2535		Juergen Georgi of RUS University of Stuttgart.
2536	New Timeout.lhlo,auth,starttls options to limit the time waiting for
2537		an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command.
2538	New Timeout.aconnect option to limit the overall waiting time for
2539		all connections for a single delivery attempt to succeed.
2540	Limit the rate recipients in the SMTP envelope are accepted once
2541		a threshold number of recipients has been rejected (option
2542		BadRcptThrottle).  From Gregory A Lundberg of the WU-FTPD
2543		Development Group.
2544	New option DelayLA to delay connections if the load averages
2545		exceeds the specified value.  The default of 0 does not
2546		change the previous behavior.  A value greater than 0
2547		will cause sendmail to sleep for one second on most
2548		SMTP commands and before accepting connections if that
2549		load average is exceeded.
2550	Use a dynamic (instead of fixed-size) buffer for the list of
2551		recipients that are sent during a connection to a mailer.
2552		This also introduces a new mailer field 'r' which defines
2553		the maximum number of recipients (defaults to 100).
2554		Based on patch by Motonori Nakamura of Kyoto University.
2555	Add new F=1 mailer flag to disable sending of null characters ('\0').
2556	Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead.
2557	The deprecated [TCP] builtin mailer pathname (P=) is gone.  Use [IPC]
2558		instead.
2559	IPC is no longer available as first mailer argument (A=) for [IPC]
2560		builtin mailer pathnames.  Use TCP instead.
2561	PH map code updated to use the new libphclient API instead of the
2562		old libqiapi library.  Contributed by Mark Roth of the
2563		University of Illinois at Urbana-Champaign.
2564	New option DirectSubmissionModifiers to define {daemon_flags}
2565		for direct (command line) submissions.
2566	New M=O modifier for DaemonPortOptions to ignore the socket in
2567		case of failures.  Based on patch by Jun-ichiro itojun
2568		Hagino of the KAME Project.
2569	Add Disposition-Notification-To: (RFC 2298) to the list of headers
2570		whose content is rewritten similar to Reply-To:.
2571		Proposed by Andrzej Filip.
2572	Use STARTTLS/AUTH=server/client for logging incoming/outgoing
2573		STARTTLS/AUTH connections; log incoming connections at level
2574		9 or higher.  Use AUTH/STARTTLS instead of SASL/TLS for SMTP
2575		AUTH/STARTTLS related logfile entries.
2576	Convert unprintable characters (and backslash) into octal or C format
2577		before logging.
2578	Log recipients if no message is transferred but QUIT/RSET is given
2579		(at LogLevel 9/10 or higher).
2580	Log discarded recipients at LogLevel 10 or higher.
2581	Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections
2582		in which most commands are rejected due to check_relay or
2583		TCP Wrappers if the host tries one of those commands anyway.
2584	Change logging format for cloned envelopes to be similar to that for
2585		DSNs ("old id: new id: clone").  Suggested by Ulrich Windl
2586		of the Universitat Regensburg.
2587	Added libsm, a C library of general purpose abstractions including
2588		assertions, tracing and debugging with named debug categories,
2589		exception handling, malloc debugging, resource pools,
2590		portability abstractions, and an extensible buffered I/O
2591		package.  It will at some point replace libsmutil.
2592		See libsm/index.html for details.
2593	Fixed most memory leaks in sendmail which were previously taken
2594		care of by fork() and exit().
2595	Use new sm_io*() functions in place of stdio calls.  Allows for
2596		more consistent portablity amongst different platforms
2597		new and old (from new libsm).
2598	Common I/O pkg means just one buffering method needed instead of two
2599		('bf_portable' and 'bf_torek' now just 'bf').
2600	Sfio no longer needed as SASL/TLS code uses sm_io*() API's.
2601	New possible value 'interactive' for SuperSafe which can be used
2602		together with DeliveryMode=interactive is to avoid some disk
2603		synchronizations calls.
2604	Add per-recipient status information to mailq -v output.
2605	T_ANY queries are no longer used by sendmail.
2606	When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS"
2607		too (see include/sm/cdefs.h for more info).
2608	sendmail -d now has general support for named debug categories.
2609		See libsm/debug.html and section 3.4 of doc/op/op.me
2610		for details.
2611	Eliminate the "postmaster warning" DSNs on address parsing errors
2612		such as unbalanced angle brackets or parentheses.  The DSNs
2613		generated by this condition were illegal (not RFC conform).
2614		Problem noted by Ulrich Windl of the Universitaet Regensburg.
2615	Do not issue a DSN if the ruleset localaddr resolves to the $#error
2616		mailer and the recipient has hence been rejected during the
2617		SMTP dialogue.  Problem reported by Larry Greenfield of CMU.
2618	Deal with a case of multiple deliveries on misconfigured systems
2619		that do not have postmaster defined.  If an email was sent
2620		from an address to which a DSN cannot be returned and
2621		in which at least one recipient address is non-deliverable,
2622		then that email had been delivered in each queue run.
2623		Problem reported by Matteo HCE Valsasna of Universita
2624		degli Studi dell'Insubria.
2625	The compilation options SMTP, DAEMON, and QUEUE have been removed,
2626		i.e., the corresponding code is always compiled in now.
2627	Log the command line in daemon/queue-run mode at LogLevel 10 and
2628		higher.  Suggested by Robert Harker of Harker Systems.
2629	New ResolverOptions setting: WorkAroundBrokenAAAA.  When
2630		attempting to canonify a hostname, some broken nameservers
2631		will return SERVFAIL (a temporary failure) on T_AAAA (IPv6)
2632		lookups.  If you want to excuse this behavior, use this new
2633		flag.  Suggested by Chris Foote of SE Network Access and
2634		Mark Roth of the University of Illinois at
2635		Urbana-Champaign.
2636	Free the memory allocated by getipnodeby{addr,name}().  Problem
2637		noted by Joy Latten of IBM.
2638	ConnectionRateThrottle limits the number of connections per second
2639		to each daemon individually, not the overall number of
2640		connections.
2641	Specifying only "ldap:" as an AliasFile specification will force
2642		sendmail to use a default alias schema as outlined in the
2643		``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of
2644		cf/README.
2645	Add a new syntax for the 'F' (file class) sendmail.cf command.  If
2646		the first character after the class name is not a '/' or a
2647		'|' and it contains an '@' (e.g., F{X}key@class:spec), the
2648		rest of the line will be parsed as a map lookup.  This
2649		allows classes to be filled via a map lookup.  See op.me
2650		for more syntax information.  Specifically, this can be
2651		used for commands such as VIRTUSER_DOMAIN_FILE() to read
2652		the list of domains via LDAP (see the ``USING LDAP FOR
2653		ALIASES, MAPS, and CLASSES'' section of cf/README for an
2654		example).
2655	The new macro ${sendmailMTACluster} determines the LDAP cluster for
2656		the default schema used in the above two items.
2657	Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a
2658		warning if a program being run from a mailer or file class
2659		(e.g., F|/path/to/prog) is in an unsafe directory path.
2660	Unless DontBlameSendmail=RunWritableProgram is set, log a warning
2661		if a program being run from a mailer or file class
2662		(e.g., F|/path/to/prog) is group or world writable.
2663	Loopback interfaces (e.g., "lo0") are now probed for class {w}
2664		hostnames.  Setting DontProbeInterfaces to "loopback"
2665		(without quotes) will disable this and return to the
2666		pre-8.12 behavior of only probing non-loopback interfaces.
2667		Suggested by Bryan Stansell of GNAC.
2668	In accordance with RFC 2821 section 4.1.4, accept multiple
2669		HELO/EHLO commands.
2670	Multiple ClientPortOptions settings are now allowed, one for each
2671		possible protocol family which may be used for outgoing
2672		connections.  Restrictions placed on one family only affect
2673		outgoing connections on that particular family.  Because of
2674		this change, the ${client_flags} macro is not set until the
2675		connection is established.  Based on patch from Motonori
2676		Nakamura of Kyoto University.
2677	PrivacyOptions=restrictexpand instructs sendmail to drop privileges
2678		when the -bv option is given by users who are neither root
2679		nor the TrustedUser so users can not read private aliases,
2680		forwards, or :include: files.  It also will override the -v
2681		(verbose) command line option.
2682	If the M=b modifier is set in DaemonPortOptions and the interface
2683		address can't be used for the outgoing connection, fall
2684		back to the settings in ClientPortOptions (if set).
2685		Problem noted by John Beck of Sun Microsystems.
2686	New named config file rule check_data for DATA command (input:
2687		number of recipients).  Based on patch from Mark Roth of
2688		the University of Illinois at Urbana-Champaign.
2689	Add support for ETRN queue selection per RFC 1985.  The queue group
2690		can be specified using the '#' option character.  For
2691		example, 'ETRN #queuegroup'.
2692	If an LDAP server times out or becomes unavailable, close the
2693		current connection and reopen to get to one of the fallback
2694		servers.  Patch from Paul Hilchey of the University of
2695		British Columbia.
2696	Make default error number on $#error messages 550 instead of 501
2697		because 501 is not allowed on all commands.
2698	The .cf file option UnsafeGroupWrites is deprecated, it should be
2699		replaced with the settings GroupWritableForwardFileSafe
2700		and GroupWritableIncludeFileSafe in DontBlameSendmail
2701		if required.
2702	The deprecated ldapx map class has been removed.  Use the ldap map
2703		class instead.
2704	Any IPv6 addresses used in configuration should be prefixed by the
2705		"IPv6:" tag to identify the address properly.  For example,
2706		if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to
2707		class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4].
2708	Change the $&{opMode} macro if the operation mode changes while the
2709		MTA is running.  For example, during a queue run.
2710	Add "use_inet6" as a new ResolverOptions flag to control the
2711		RES_USE_INET6 resolver option.  Based on patch from Rick
2712		Nelson of IBM.
2713	The maximum number of commands before the MTA slows down when too
2714		many "light weight" commands have been received are now
2715		configurable during compile time.  The current values and
2716		their defaults are:
2717		    MAXBADCOMMANDS	25	unknown commands
2718		    MAXNOOPCOMMANDS	20	NOOP, VERB, ONEX, XUSR
2719		    MAXHELOCOMMANDS	3	HELO, EHLO
2720		    MAXVRFYCOMMANDS	6	VRFY, EXPN
2721		    MAXETRNCOMMANDS	8	ETRN
2722		Setting a value to 0 disables the check.  Patch from Bryan
2723		Costales of SL3D, Inc.
2724	The header syntax H?${MyMacro}?X-My-Header: now not only checks if
2725		${MyMacro} is defined but also that it is not empty.
2726	Properly quote usernames with special characters if they are used
2727		in headers.  Problem noted by Kari Hurtta of the Finnish
2728		Meteorological Institute.
2729	Be sure to include the proper Final-Recipient: DSN header in bounce
2730		messages for messages for mailing list expanded addresses
2731		which are not delivered on the initial attempt.
2732	Do not treat errors as sticky when doing delivery via LMTP after
2733		the final dot has been sent to avoid affecting future
2734		deliveries.  Problem reported by Larry Greenfield of CMU.
2735	New compile time flag REQUIRES_DIR_FSYNC which turns on support for
2736		file systems that require to call fsync() for a directory
2737		if the meta-data in it has been changed.  This should be
2738		set at least for ReiserFS; it is enabled by default for Linux.
2739		See sendmail/README for further information.
2740	Avoid file locking deadlock when updating the statistics file if
2741		sendmail is signaled to terminate.  Problem noted by
2742		Christophe Wolfhugel of France Telecom.
2743	Set the $c macro (hop count) as it is being set instead of when the
2744		envelope is initialized.  Problem noted by Kari Hurtta of
2745		the Finnish Meteorological Institute.
2746	Properly count recipients for DeliveryMode defer and queue.  Fix
2747		from Peter A. Friend of EarthLink.
2748	Treat invalid hesiod lookups as permanent errors instead of
2749		temporary errors.  Problem noted by Russell McOrmond of
2750		flora.ca.
2751	Portability:
2752		Remove support for AIX 2, which supports only 14 character
2753			filenames and is outdated anyway.  Suggested by
2754			Valdis Kletnieks of Virginia Tech.
2755		Change several settings for Irix 6: remove confSBINDIR,
2756			i.e., use default /usr/sbin, change owner/group
2757			of man pages and user-executable to root/sys, set
2758			optimization limit to 0 (unlimited).  Based on patch
2759			from Ayamura Kikuchi, M.D, and proposal from Kari
2760			Hurtta of the Finnish Meteorological Institute.
2761		Do not assume LDAP support is installed by default under
2762			Solaris 8 and later.
2763		Add support for OpenUNIX.
2764	CONFIG: Increment version number of config file to 10.
2765	CONFIG: Add an install target and a README file in cf/cf.
2766	CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc.
2767	CONFIG: Reject empty recipient addresses (in check_rcpt).
2768	CONFIG: The access map uses an option of -T<TMPF> to deal with
2769		temporary lookup failures.
2770	CONFIG: New value for access map: SKIP, which causes the default
2771		action to be taken by aborting the search for domain names
2772		or IP nets.
2773	CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or
2774		relay address as long as the other part allows the email
2775		to get through.
2776	CONFIG: Entries for virtusertable can make use of a third parameter
2777		"%3" which contains "+detail" of a wildcard match, i.e., an
2778		entry like user+*@domain.  This allows handling of details by
2779		using %1%3 as the RHS.  Additionally, a "+" wildcard has been
2780		introduced to match only non-empty details of addresses.
2781	CONFIG: Numbers for rulesets used by MAILERs have been removed
2782		and hence there is no required order within the MAILER
2783		section anymore except for MAILER(`uucp') which must come
2784		after MAILER(`smtp') if uucp-dom and uucp-uudom are used.
2785	CONFIG: Hosts listed in the generics domain class {G}
2786		(GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated
2787		as canonical.  Suggested by Per Hedeland of Ericsson.
2788	CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup
2789		in the access map which returns OK or RELAY actually
2790		terminates check_* ruleset checking.
2791	CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset
2792		tls_rcpt, see cf/README for details.
2793	CONFIG: Change format of Received: header line which reveals whether
2794		STARTTLS has been used to "(version=${tls_version}
2795		cipher=${cipher} bits=${cipher_bits} verify=${verify})".
2796	CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks')
2797		options friends/haters instead of "To:" and enable
2798		specification of whole domains instead of just users.
2799		Notice: this change is not backward compatible.
2800		Suggested by Chris Adams from HiWAAY Informations Services.
2801	CONFIG: Allow for local extensions for most new rulesets, see
2802		cf/README for details.
2803	CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in
2804		the access map.  Proposed by Randall Winchester of the
2805		University of Maryland.
2806	CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for
2807		the local mailer.  Proposed by Ingo Brueckl of Wupper Online.
2808	CONFIG: confRELAY_MSG/confREJECT_MSG can override the default
2809		messages for an unauthorized relaying attempt/for access
2810		map entries with RHS REJECT, respectively.
2811	CONFIG: FEATURE(`always_add_domain') takes an optional argument
2812		to specify another domain to be added instead of the local one.
2813		Suggested by Richard H. Gumpertz of Computer Problem
2814		Solving.
2815	CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific
2816		options, see doc/op/op.me for details.
2817	CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for
2818		the security layer in SMTP AUTH (SASL).
2819	CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated
2820		immediately.
2821	CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which
2822		allows checking of the return values of the DNS lookups.
2823		See cf/README for details.
2824	CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for
2825		temporary lookup failures.
2826	CONFIG: New option confDELIVER_BY_MIN to specify minimum time for
2827		Deliver By (RFC 2852) or to turn off the extension.
2828	CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared
2829		memory use.
2830	CONFIG: New FEATURE(`compat_check') to look up a key consisting
2831		of the sender and the recipient address delimited by the
2832		string "<@>", e.g., sender@sdomain<@>recipient@rdomain,
2833		in the access map.  Based on code contributed by Mathias
2834		Koerber of Singapore Telecommunications Ltd.
2835	CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user
2836		file.  Suggested by John Beck of Sun Microsystems.
2837	CONFIG: Don't use MAILER-DAEMON for error messages delivered
2838		via LMTP.  Problem reported by Larry Greenfield of CMU.
2839	CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of
2840		the recipient host if LUSER_RELAY is used.
2841	CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the
2842		+detail portion of the address when passing address to
2843		local delivery agent.  Disables alias and .forward +detail
2844		stripping.  Only use if LDA supports this.
2845	CONFIG: Removed deprecated FEATURE(`rbl').
2846	CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE()
2847		which allow you to specify 'equivalent' hosts for LDAP
2848		Routing lookups.  Equivalent hostnames are replaced by the
2849		masquerade domain name for lookups.  See cf/README for
2850		additional details.
2851	CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which
2852		instructs the rulesets on what to do if the address being
2853		looked up has +detail information.  See cf/README for more
2854		information.
2855	CONFIG: When chosing a new destination via LDAP Routing, also look
2856		up the new routing address/host in the mailertable.  Based
2857		on patch from Don Badrak of the United States Census Bureau.
2858	CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing
2859		is in use and the bounce option is enabled.  Only reject
2860		recipients as user unknown.
2861	CONFIG: Provide LDAP support for the remaining database map
2862		features.  See the ``USING LDAP FOR ALIASES AND MAPS''
2863		section of cf/README for more information.
2864	CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster}
2865		macro used for LDAP searches as described above in ``USING
2866		LDAP FOR ALIASES, MAPS, AND CLASSES''.
2867	CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(),
2868		which takes the options as argument and can be used
2869		multiple times; see cf/README for details.
2870	CONFIG: Add configuration macros for new options:
2871		confBAD_RCPT_THROTTLE		BadRcptThrottle
2872		confDIRECT_SUBMISSION_MODIFIERS	DirectSubmissionModifiers
2873		confMAILBOX_DATABASE		MailboxDatabase
2874		confMAX_QUEUE_CHILDREN		MaxQueueChildren
2875		confMAX_RUNNERS_PER_QUEUE	MaxRunnersPerQueue
2876		confNICE_QUEUE_RUN		NiceQueueRun
2877		confQUEUE_FILE_MODE		QueueFileMode
2878		confFAST_SPLIT			FastSplit
2879		confTLS_SRV_OPTIONS		TLSSrvOptions
2880		See above (and related documentation) for further information.
2881	CONFIG: Add configuration variables for new timeout options:
2882		confTO_ACONNECT		Timeout.aconnect
2883		confTO_AUTH		Timeout.auth
2884		confTO_LHLO		Timeout.lhlo
2885		confTO_STARTTLS		Timeout.starttls
2886	CONFIG: Add configuration macros for mail filter API:
2887		confINPUT_MAIL_FILTERS		InputMailFilters
2888		confMILTER_LOG_LEVEL		Milter.LogLevel
2889		confMILTER_MACROS_CONNECT	Milter.macros.connect
2890		confMILTER_MACROS_HELO		Milter.macros.helo
2891		confMILTER_MACROS_ENVFROM	Milter.macros.envfrom
2892		confMILTER_MACROS_ENVRCPT	Milter.macros.envrcpt
2893		Mail filters can be defined via INPUT_MAIL_FILTER() and
2894		MAIL_FILTER().  See libmilter/README, cf/README, and
2895		doc/op/op.me for details.
2896	CONFIG: Add support for accepting temporarily unresolvable domains.
2897		See cf/README for details.  Based on patch by Motonori
2898		Nakamura of Kyoto University.
2899	CONFIG: confDEQUOTE_OPTS can be used to specify options for the
2900		dequote map.
2901	CONFIG: New macro QUEUE_GROUP() to define queue groups.
2902	CONFIG: New FEATURE(`queuegroup') to select a queue group based
2903		on the full e-mail address or the domain of the recipient.
2904	CONFIG: Any IPv6 addresses used in configuration should be prefixed
2905		by the "IPv6:" tag to identify the address properly.  For
2906		example, if you want to use the IPv6 address
2907		2002:c0a8:51d2::23f4 in the access database, you would need
2908		to use IPv6:2002:c0a8:51d2::23f4 on the left hand side.
2909		This affects the access database as well as the
2910		relay-domains and local-host-names files.
2911	CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux).
2912	CONFIG: Avoid expansion of m4 keywords in SMART_HOST.
2913	CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading
2914		exceptions from a file.  Suggested by Trey Breckenridge of
2915		Mississippi State University.
2916	CONFIG: Add LOCAL_USER_FILE() for reading local users
2917		(LOCAL_USER() -- $={L}) entries from a file.
2918	CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4
2919		which allows to lookup error codes in the access map.
2920		Contributed by Neil Rickert of Northern Illinois University.
2921	DEVTOOLS: Add new options for installation of include and library
2922		files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP,
2923		confLIBMODE, confLIBOWN.
2924	DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off
2925		installation of the the formatted man pages on operating
2926		systems which don't include cat directories.
2927	EDITMAP: New program for editing maps as supplement to makemap.
2928	MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up
2929		local mail recipients.  New option -D mbdb specifies the
2930		mailbox database type.
2931	MAIL.LOCAL: New option "-h filename" which instructs mail.local to
2932		deliver the mail to the named file in the user's home
2933		directory instead of the system mail spool area.  Based on
2934		patch from Doug Hardie of the Los Angeles Free-Net.
2935	MAILSTATS: New command line option -P which acts the same as -p but
2936		doesn't truncate the statistics file.
2937	MAKEMAP: Add new option -t to specify a different delimiter
2938		instead of white space.
2939	RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
2940		submission.  Problem noted by Kari Hurtta of the Finnish
2941		Meteorological Institute.
2942	SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later.
2943	VACATION: Change Auto-Submitted: header value from auto-generated to
2944		auto-replied.  From Kenneth Murchison of Oceana Matrix Ltd.
2945	VACATION: New option -d to send error/debug messages to stdout
2946		instead of syslog.
2947	VACATION: New option -U which prevents the attempt to lookup login
2948		in the password file.  The -f and -m options must be used
2949		to specify the database and message file since there is no
2950		home directory for the default settings for these options.
2951	VACATION: Vacation now uses the libsm mbdb package to look up
2952		local mail recipients; it reads the MailboxDatabase option
2953		from the sendmail.cf file.  New option -C cffile which
2954		specifies the path of the sendmail.cf file.
2955	New Directories:
2956		libmilter/docs
2957	New Files:
2958		cf/cf/README
2959		cf/cf/submit.cf
2960		cf/cf/submit.mc
2961		cf/feature/authinfo.m4
2962		cf/feature/compat_check.m4
2963		cf/feature/enhdnsbl.m4
2964		cf/feature/msp.m4
2965		cf/feature/local_no_masquerade.m4
2966		cf/feature/lookupdotdomain.m4
2967		cf/feature/preserve_luser_host.m4
2968		cf/feature/preserve_local_plus_detail.m4
2969		cf/feature/queuegroup.m4
2970		cf/sendmail.schema
2971		contrib/dnsblaccess.m4
2972		devtools/M4/UNIX/sm-test.m4
2973		devtools/OS/OpenUNIX.5.i386
2974		editmap/*
2975		include/sm/*
2976		libsm/*
2977		libsmutil/cf.c
2978		libsmutil/err.c
2979		sendmail/SECURITY
2980		sendmail/TUNING
2981		sendmail/bf.c
2982		sendmail/bf.h
2983		sendmail/sasl.c
2984		sendmail/sm_resolve.c
2985		sendmail/sm_resolve.h
2986		sendmail/tls.c
2987	Deleted Files:
2988		cf/feature/rbl.m4
2989		cf/ostype/aix2.m4
2990		devtools/OS/AIX.2
2991		include/sendmail/cdefs.h
2992		include/sendmail/errstring.h
2993		include/sendmail/useful.h
2994		libsmutil/errstring.c
2995		sendmail/bf_portable.c
2996		sendmail/bf_portable.h
2997		sendmail/bf_torek.c
2998		sendmail/bf_torek.h
2999		sendmail/clock.c
3000	Renamed Files:
3001		cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc
3002		cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf
3003		cf/ostype/aux.m4 => cf/ostype/a-ux.m4
3004
30058.11.7/8.11.7	2003/03/29
3006	SECURITY: Fix a remote buffer overflow in header parsing by
3007		dropping sender and recipient header comments if the
3008		comments are too long.  Problem noted by Mark Dowd
3009		of ISS X-Force.
3010	SECURITY: Fix a buffer overflow in address parsing due to
3011		a char to int conversion problem which is potentially
3012		remotely exploitable.  Problem found by Michal Zalewski.
3013		Note: an MTA that is not patched might be vulnerable to
3014		data that it receives from untrusted sources, which
3015		includes DNS.
3016	To provide partial protection to internal, unpatched sendmail MTAs,
3017		8.11.7 changes by default (char)0xff to (char)0x7f in
3018		headers etc.  To turn off this conversion compile with
3019		-DALLOW_255 or use the command line option -d82.101.
3020	To provide partial protection for internal, unpatched MTAs that may be
3021		performing 7->8 or 8->7 bit MIME conversions, the default
3022		for MaxMimeHeaderLength has been changed to 2048/1024.
3023		Note: this does have a performance impact, and it only
3024		protects against frontal attacks from the outside.
3025		To disable the checks and return to pre-8.11.7 defaults,
3026		set MaxMimeHeaderLength to 0/0.
3027	Properly clean up macros to avoid persistence of session data
3028		across various connections.  This could cause session
3029		oriented restrictions, e.g., STARTTLS requirements,
3030		to erroneously allow a connection.  Problem noted
3031		by Tim Maletic of Priority Health.
3032	Ignore comments in NIS host records when trying to find the
3033		canonical name for a host.
3034	Fix a memory leak when closing Hesiod maps.
3035	Set ${msg_size} macro when reading a message from the command line
3036		or the queue.
3037	Prevent a segmentation fault when clearing the event list by
3038		turning off alarms before checking if event list is
3039		empty.  Problem noted by Allan E Johannesen of Worcester
3040		Polytechnic Institute.
3041	Fix a potential core dump problem if the environment variable
3042		NAME is set.  Problem noted by Beth A. Chaney of
3043		Purdue University.
3044	Prevent a race condition on child cleanup for delivery to files.
3045		Problem noted by Fletcher Mattox of the University of
3046		Texas.
3047	CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce
3048		parameter is set and the LDAP lookup returns a temporary
3049		error.
3050	CONFIG: Fix a syntax error in the try_tls ruleset if
3051		FEATURE(`access_db') is not enabled.
3052	LIBSMDB: Fix a lock race condition that affects makemap, praliases,
3053		and vacation.
3054	LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X
3055		and NDBM on systems with the O_EXLOCK open(2) flag.
3056	MAKEMAP: Avoid going beyond the end of an input line if it does
3057		not contain a value for a key.  Based on patch from
3058		Mark Bixby from Hewlett-Packard.
3059	MAIL.LOCAL: Fix a truncation race condition if the close() on
3060		the mailbox fails.  Problem noted by Tomoko Fukuzawa of
3061		Sun Microsystems.
3062	SMRSH: SECURITY: Only allow regular files or symbolic links to be
3063		used for a command.  Problem noted by David Endler of
3064		iDEFENSE, Inc.
3065
30668.11.6/8.11.6	2001/08/20
3067	SECURITY: Fix a possible memory access violation when specifying
3068		out-of-bounds debug parameters.  Problem detected by
3069		Cade Cairns of SecurityFocus.
3070	Avoid leaking recipient information in unrelated DSNs.  This could
3071		happen if a connection is aborted, several mails had been
3072		scheduled for delivery via that connection, and the timeout
3073		is reached such that several DSNs are sent next.  Problem
3074		noted by Dileepan Moorkanat of Hewlett-Packard.
3075	Fix a possible segmentation violation when specifying too many
3076		wildcard operators in a rule.  Problem detected by
3077		Werner Wiethege.
3078	Avoid a segmentation fault on non-matching Hesiod lookups.  Problem
3079		noted by Russell McOrmond of flora.ca
3080
30818.11.5/8.11.5	2001/07/31
3082	Fix a possible race condition when sending a HUP signal to restart
3083		the daemon.  This could terminate the current process without
3084		starting a new daemon.  Problem reported by Wolfgang Breyha
3085		of SE Netway Communications.
3086	Only apply MaxHeadersLength when receiving a message via SMTP or
3087		the command line.  Problem noted by Andrey J. Melnikoff.
3088	When finding the system's local hostname on an IPv6-enabled system
3089		which doesn't have any IPv6 interface addresses, fall back
3090		to looking up only IPv4 addresses.  Problem noted by Tim
3091		Bosserman of EarthLink.
3092	When commands were being rejected due to check_relay or TCP
3093		Wrappers, the ETRN command was not giving a response.
3094	Incoming IPv4 connections on a Family=inet6 daemon (using
3095		IPv4-mapped addresses) were incorrectly labeled as "may be
3096		forged".  Problem noted by Per Steinar Iversen of Oslo
3097		University College.
3098	Shutdown address test mode cleanly on SIGTERM.  Problem noted by
3099		Greg King of the OAO Corporation.
3100	Restore the original real uid (changed in main() to prevent
3101		out of band signals) before invoking a delivery agent.
3102		Some delivery agents use this for the "From " envelope
3103		"header".  Problem noted by Leslie Carroll of the
3104		University at Albany.
3105	Mark closed file descriptors properly to avoid reuse. Problem
3106		noted by Jeff Bronson of J.D. Bronson, Inc.
3107	Setting Timeout options on the command line will also override
3108		their sub-suboptions in the .cf file, e.g., -O
3109		Timeout.queuereturn=2d will set all queuereturn timeouts
3110		to 2 days.  Problem noted by Roger B.A. Klorese.
3111	Portability:
3112		BSD/OS has a broken setreuid() implementation.  Problem
3113			noted by Vernon Schryver of Rhyolite Software.
3114		BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?).
3115			Noted by Vernon Schryver of Rhyolite Software.
3116		BSD/OS has fchown(2).  Noted by Dave Yadallee of Netline
3117			2000 Internet Solutions Inc.
3118		Solaris 2.X and later have strerror(3).  From Sebastian
3119			Hagedorn of Cologne University.
3120	CONFIG: Fix parsing for IPv6 domain literals in addresses
3121		(user@[IPv6:address]).  Problem noted by Liyuan Zhou.
3122
31238.11.4/8.11.4	2001/05/28
3124	Clean up signal handling routines to reduce the chances of heap
3125		corruption and other potential race conditions.
3126		Terminating and restarting the daemon may not be
3127		instantaneous due to this change.  Also, non-root users can
3128		no longer send out-of-band signals.  Problem reported by
3129		Michal Zalewski of BindView.
3130	If LogLevel is greater than 9 and SASL fails to negotiate an
3131		encryption layer, avoid core dump logging the encryption
3132		strength.  Problem noted by Miroslav Zubcic of Crol.
3133	If a server offers "AUTH=" and "AUTH " and the list of mechanisms is
3134		different in those two lines, sendmail might not have
3135		recognized (and used) all of the offered mechanisms.
3136	Fix an IP address lookup problem on Solaris 2.0 - 2.3.  Patch
3137		from Kenji Miyake.
3138	This time, really don't use the .. directory when expanding
3139		QueueDirectory wildcards.
3140	If a process is interrupted while closing a map, don't try to close
3141		the same map again while exiting.
3142	Allow local mailers (F=l) to contact remote hosts (e.g., via
3143		LMTP).  Problem noted by Norbert Klasen of the University
3144		of Tuebingen.
3145	If Timeout.QueueReturn was set to a value less the time it took
3146		to write a new queue file (e.g., 0 seconds), the bounce
3147		message would be lost.  Problem noted by Lorraine L Goff of
3148		Oklahoma State University.
3149	Pass map argument vector into map rewriting engine for the regex
3150		and prog map types.  Problem noted by Stephen Gildea of
3151		InTouch Systems, Inc.
3152	When closing an LDAP map due to a temporary error, close all of the
3153		other LDAP maps which share the original map's connection
3154		to the LDAP server.  Patch from Victor Duchovni of
3155		Morgan Stanley.
3156	To detect changes of NDBM aliases files check the timestamp of the
3157		.pag file instead of the .dir file.  Problem noted by Neil
3158		Rickert of Northern Illinois University.
3159	Don't treat temporary hesiod lookup failures as permanent.  Patch
3160		from Werner Wiethege.
3161	If ClientPortOptions is set, make sure to create the outgoing socket
3162		with the family set in that option.  Patch from Sean Farley.
3163	Avoid a segmentation fault trying to dereference a NULL pointer
3164		when logging a MaxHopCount exceeded error with an empty
3165		recipient list.  Problem noted by Chris Adams of HiWAAY
3166		Internet Services.
3167	Fix DSN for "Too many hops" bounces.  Problem noticed by Ulrich
3168		Windl of the Universitaet Regensburg.
3169	Fix DSN for "mail loops back to me" bounces.  Problem noticed by
3170		Kari Hurtta of the Finnish Meteorological Institute.
3171	Portability:
3172		OpenBSD has a broken setreuid() implementation.
3173	CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back
3174		to 553 since it is allowed by DRUMS.
3175	CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X.
3176	DEVTOOLS: install.sh did not properly handle paths in the source
3177		file name argument.  Noted by Kari Hurtta of the Finnish
3178		Meteorological Institute.
3179	DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD
3180		since it generates random process ids.
3181	PRALIASES: Add back adaptive algorithm to deal with different endings
3182		of entries in the database (with/without trailing '\0').
3183		Patch from John Beck of Sun Microsystems.
3184	New Files:
3185		cf/ostype/freebsd4.m4
3186
31878.11.3/8.11.3	2001/02/27
3188	Prevent a segmentation fault when a bogus value was used in the
3189		LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus
3190		option was used.  Problem noted by Allan E Johannesen of
3191		Worcester Polytechnic Institute.
3192	Prevent "token too long" message by shortening {currHeader} which
3193		could be too long if the last copied character was a quote.
3194		Problem detected by Jan Krueger of digitalanswers
3195		communications consulting gmbh.
3196	Additional IPv6 check for unspecified addresses.  Patch from
3197		Jun-ichiro itojun Hagino of the KAME Project.
3198	Do not ignore the ClientPortOptions setting if DaemonPortOptions
3199		Modifier=b (bind to same interface) is set and the
3200		connection came in from the command line.
3201	Do not bind to the loopback address if DaemonPortOptions
3202		Modifier=b (bind to same interface) is set.  Patch from
3203		John Beck of Sun Microsystems.
3204	Properly deal with open failures on non-optional maps used in
3205		check_* rulesets by returning a temporary failure.
3206	Buffered file I/O files were not being properly fsync'ed to disk
3207		when they were committed.
3208	Properly encode '=' for the AUTH= parameter of the MAIL command.
3209		Problem noted by Hadmut Danisch.
3210	Under certain circumstances the macro {server_name} could be set
3211		to the wrong hostname (of a previous connection), which may
3212		cause some rulesets to return wrong results.  This would
3213		usually cause mail to be queued up and delivered later on.
3214	Ignore F=z (LMTP) mailer flag if $u is given in the mailer A=
3215		equate.  Problem noted by Motonori Nakamura of Kyoto
3216		University.
3217	Work around broken accept() implementations which only partially
3218		fill in the peer address if the socket is closed before
3219		accept() completes.
3220	Return an SMTP "421" temporary failure if the data file can't be
3221		opened where the "354" reply would normally be given.
3222	Prevent a CPU loop in trying to expand a macro which doesn't exist
3223		in a queue run.  Problem noted by Gordon Lack of Glaxo
3224		Wellcome.
3225	If delivering via a program and that program exits with EX_TEMPFAIL,
3226		note that fact for the mailq display instead of just showing
3227		"Deferred".  Problem noted by Motonori Nakamura of Kyoto
3228		University.
3229	If doing canonification via /etc/hosts, try both the fully
3230		qualified hostname as well as the first portion of the
3231		hostname.  Problem noted by David Bremner of the
3232		University of New Brunswick.
3233	Portability:
3234		Fix a compilation problem for mail.local and rmail if SFIO
3235			is in use.  Problem noted by Auteria Wally
3236			Winzer Jr. of Champion Nutrition.
3237		IPv6 changes for platforms using KAME.  Patch from
3238			Jun-ichiro itojun Hagino of the KAME Project.
3239		OpenBSD 2.7 and higher has srandomdev(3).  OpenBSD 2.8 and
3240			higher has BSDI-style login classes.  Patch from
3241			Todd C.  Miller of Courtesan Consulting.
3242		Unixware 7.1.1 doesn't allow h_errno to be set directly if
3243			sendmail is being compiled with -kthread.  Problem
3244			noted by Orion Poplawski of CQG, Inc.
3245	CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and
3246		current left hand side for $LHS in virtuser files.
3247	DEVTOOLS: Do not pass make targets to recursive Build invocations.
3248		Problem noted by Jeff Bronson of J.D. Bronson, Inc.
3249	MAIL.LOCAL: In LMTP mode, do not return errors regarding problems
3250		storing the temporary message file until after the remote
3251		side has sent the final DATA termination dot.  Problem
3252		noted by Allan E Johannesen of Worcester Polytechnic
3253		Institute.
3254	MAIL.LOCAL: If LMTP mode is set, give a temporary error if users
3255		are also specified on the command line.  Patch from
3256		Motonori Nakamura of Kyoto University.
3257	PRALIASES: Skip over AliasFile specifications which aren't based on
3258		database files (i.e., only show dbm, hash, and btree).
3259	Renamed Files:
3260		devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x
3261
32628.11.2/8.11.2	2000/12/29
3263	Prevent a segmentation fault when trying to set a class in
3264		address test mode due to a negative array index.  Audit
3265		other array indexing.  This bug is not believed to be
3266		exploitable.  Noted by Michal Zalewski of the "Internet for
3267		Schools" project (IdS).
3268	Add an FFR (for future release) to drop privileges when using
3269		address test mode.  This will be turned on in 8.12. It can
3270		be enabled by compiling with:
3271		APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS')
3272		in your devtools/Site/site.config.m4 file.  Suggested by
3273		Michal Zalewski of the "Internet for Schools" project (IdS).
3274	Fix potential problem with Cyrus-SASL security layer which may have
3275		caused I/O errors, especially for mechanism DIGEST-MD5.
3276	When QueueSortOrder was set to host, sendmail might not read
3277		enough of the queue file to determine the host, making the
3278		sort sub-optimal.  Problem noted by Jeff Earickson of
3279		Colby College.
3280	Don't issue DSNs for addresses which use the NOTIFY parameter (per
3281		RFC 1891) but don't have FAILURE as value.
3282	Initialize Cyrus-SASL library before the SMTP daemon is started.
3283		This implies that every change to SASL related files requires
3284		a restart of the daemon, e.g., Sendmail.conf, new SASL
3285		mechanisms (in form of shared libraries).
3286	Properly set the STARTTLS related macros during a queue run for
3287		a cached connection.  Bug reported by Michael Kellen of
3288		NxNetworks, Inc.
3289	Log the server name in relay= for ruleset tls_server instead of the
3290		client name.
3291	Include original length of bad field/header when reporting
3292		MaxMimeHeaderLength problems.  Requested by Ulrich Windl of
3293		the Universitat Regensburg.
3294	Fix delivery to set-user-ID files that are expanded from aliases in
3295		DeliveryMode queue.  Problem noted by Ric Anderson of the
3296		University of Arizona.
3297	Fix LDAP map -m (match only) flag.  Problem noted by Jeff Giuliano
3298		of Collective Technologies.
3299	Avoid using a negative argument for sleep() calls when delaying answers
3300		to EXPN/VRFY commands on systems which respond very slowly.
3301		Problem noted by Mikolaj J. Habryn of Optus Internet
3302		Engineering.
3303	Make sure the F=u flag is set in the default prog mailer
3304		definition.  Problem noted by Kari Hurtta of the Finnish
3305		Meteorological Institute.
3306	Fix IPv6 check for unspecified addresses.  Patch from
3307		Jun-ichiro itojun Hagino of the KAME Project.
3308	Fix return values for IRIX nsd map.  From Kari Hurtta of the Finnish
3309		Meteorological Institute.
3310	Fix parsing of DaemonPortOptions and ClientPortOptions.  Read all
3311		of the parameters to find Family= setting before trying to
3312		interpret Addr= and Port=.  Problem noted by Valdis
3313		Kletnieks of Virginia Tech.
3314	When delivering to a file directly from an alias, do not call
3315		initgroups(); instead use the DefaultUser group information.
3316		Problem noted by Marc Schaefer of ALPHANET NF.
3317	RunAsUser now overrides the ownership of the control socket, if
3318		created.  Otherwise, sendmail can not remove it upon
3319		close.  Problem noted by Werner Wiethege.
3320	Fix ConnectionRateThrottle counting as the option is the number of
3321		overall connections, not the number of connections per
3322		socket.  A future version may change this to per socket
3323		counting.
3324	Portability:
3325		Clean up libsmdb so it functions properly on platforms
3326			where sizeof(u_int32_t) != sizeof(size_t).  Problem
3327			noted by Rein Tollevik of Basefarm AS.
3328		Fix man page formatting for compatibility with Solaris'
3329			whatis.  From Stephen Gildea of InTouch Systems, Inc.
3330		UnixWare 7 includes snprintf() support.  From Larry
3331			Rosenman.
3332		IPv6 changes for platforms using KAME.  Patch from
3333			Jun-ichiro itojun Hagino of the KAME Project.
3334		Avoid a typedef compile conflict with Berkeley DB 3.X and
3335			Solaris 2.5 or earlier.  Problem noted by Bob Hughes
3336			of Pacific Access.
3337		Add preliminary support for AIX 5.  Contributed by
3338			Valdis Kletnieks of Virginia Tech.
3339		Solaris 9 load average support from Andrew Tucker of Sun
3340			Microsystems.
3341	CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
3342		is used.  Problem noted by Phil Homewood of Asia Online,
3343		patch from Neil Rickert of Northern Illinois University.
3344	CONFIG: Change the default DNS based blacklist server for
3345		FEATURE(`dnsbl') to blackholes.mail-abuse.org.
3346	CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
3347		implicitly assume canonical host names.
3348	CONFIG: Deal with "::" in IPv6 addresses for access_db.  Based on
3349		patch by Motonori Nakamura of Kyoto University.
3350	CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of
3351		Virginia Tech.
3352	CONFIG: Pass the illegal header form <list:;> through untouched
3353		instead of making it worse.  Problem noted by Motonori
3354		Nakamura of Kyoto University.
3355	CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`).
3356	CONTRIB: qtool.pl: An empty queue is not an error.  Problem noted
3357		by Jan Krueger of digitalanswers communications consulting
3358		gmbh.
3359	CONTRIB: domainmap.m4: Handle domains with '-' in them.  From Mark
3360		Roth of the University of Illinois at Urbana-Champaign.
3361	DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4
3362		variables into bldOS, bldREL, and bldARCH to prevent
3363		namespace collisions.  Problem noted by Motonori Nakamura
3364		of Kyoto University.
3365	RMAIL: Undo the 8.11.1 change to use -G when calling sendmail.  It
3366		causes some changes in behavior and may break rmail for
3367		installations where sendmail is actually a wrapper to
3368		another MTA.  The change will re-appear in a future
3369		version.
3370	SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X,
3371		and SunOS 5.8.  Requested by Jeff A. Earickson of Colby
3372		College and John Beck of Sun Microsystems.
3373	VACATION: Fix pattern matching for addresses to ignore.
3374	VACATION: Don't reply to addresses of the form owner-*
3375		or *-owner.
3376	New Files:
3377		cf/ostype/aix5.m4
3378		contrib/buildvirtuser
3379		devtools/OS/AIX.5.0
3380
33818.11.1/8.11.1	2000/09/27
3382	Fix SMTP EXPN command output if the address expands to a single
3383		name.  Fix from John Beck of Sun Microsystems.
3384	Don't try STARTTLS in the client if the PRNG has not been properly
3385		seeded.  This problem only occurs on systems without
3386		/dev/urandom.  Problem detected by Jan Krueger of
3387		digitalanswers communications consulting gmbh and
3388		Neil Rickert of Northern Illinois University.
3389	Don't use the . and .. directories when expanding QueueDirectory
3390		wildcards.
3391	Do not try to cache LDAP connections across processes as a parent
3392		process may close the connection before the child process
3393		has completed.  Problem noted by Lai Yiu Fai of the Hong
3394		Kong University of Science and Technology and Wolfgang
3395		Hottgenroth of UUNET.
3396	Use Timeout.fileopen to limit the amount of time spent trying to
3397		read the LDAP secret from a file.
3398	Prevent SIGTERM from removing a command line submitted item after
3399		the user submits the message and before the first delivery
3400		attempt completes.  Problem noted by Max France of AlphaNet.
3401		Fix from Neil Rickert of Northern Illinois University.
3402	Deal correctly with MaxMessageSize restriction if message size is
3403		greater than 2^31.  Problem noted by Tim "Darth Dice" Bosserman
3404		of EarthLink.
3405	Turn off queue checkpointing if CheckpointInterval is set to zero.
3406	Treat an empty home directory (from getpw*() or $HOME) as
3407		non-existent instead of treating it as /.  Problem noted by
3408		Todd C. Miller of Courtesan Consulting.
3409	Don't drop duplicate headers when reading a queued item.  Problem
3410		noted by Motonori Nakamura of Kyoto University.
3411	Avoid bogus error text when logging the savemail panic "cannot
3412		save rejected email anywhere".  Problem noted by Marc G.
3413		Fournier of Acadia University.
3414	If an LDAP search fails because the LDAP server went down, close
3415		the map so subsequent searches reopen the map.  If there are
3416		multiple LDAP servers, the down server will be skipped and
3417		one of the others may be able to take over.
3418	Set the ${load_avg} macro to the current load average, not the
3419		previous load average query result.
3420	If a non-optional map used in a check_* ruleset can't be opened,
3421		return a temporary failure to the remote SMTP client
3422		instead of ignoring the map.  Problem noted by Allan E
3423		Johannesen of Worcester Polytechnic Institute.
3424	Avoid a race condition when queuing up split envelopes by saving
3425		the split envelopes before the original envelope.
3426	Fix a bug in the PH_MAP code which caused mail to bounce instead of
3427		defer if the PH server could not be contacted.  From Mark
3428		Roth of the University of Illinois at Urbana-Champaign.
3429	Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and
3430		ETRN.  Problem noted by Erik R. Leo of SoVerNet.
3431	Change error code for unrecognized parameters to the SMTP MAIL and
3432		RCPT commands from 501 to 555 per RFC 1869.  Problem
3433		reported to Postfix by Robert Norris of Monash University.
3434	Prevent overwriting the argument of -B on certain OS.  Problem
3435		noted by Matteo Gelosa of I.NET S.p.A.
3436	Use the proper routine for freeing memory with Netscape's LDAP
3437		client libraries.  Patch from Paul Hilchey of the
3438		University of British Columbia.
3439	Portability:
3440		Move the NETINET6 define to devtools/OS/SunOS.5.{8,9}
3441			instead of defining it in conf.h so users can
3442			override the setting.  Suggested by
3443			Henrik Nordstrom of Ericsson.
3444		On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of
3445			/usr/lib/sendmail for rmail and vacation.  From
3446			Jeff A. Earickson of Colby College.
3447		On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which
3448			does not exist).  From Jeff A. Earickson of Colby
3449			College.
3450		Avoid using the UCB subsystem on NCR MP-RAS 3.x.  From
3451			Tom Moore of NCR.
3452		NeXT 3.X and 4.X installs man pages in /usr/man.  From
3453			Hisanori Gogota of NTT/InterCommunicationCenter.
3454		Solaris 8 and later include /var/run.  The default PID file
3455			location is now /var/run/sendmail.pid.  From John
3456			Beck of Sun Microsystems.
3457		SFIO includes snprintf() for those operating systems
3458			which do not.  From Todd C. Miller of Courtesan
3459			Consulting.
3460	CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}.
3461		Problem noted by Kaspar Brand of futureLab AG.
3462	CONFIG: Change 553 SMTP reply code to 501 to avoid problems with
3463		errors in the MAIL address.
3464	CONFIG: Fix FEATURE(nouucp) usage in example .mc files.  Problem
3465		noted by Ron Jarrell of Virginia Tech.
3466	CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8).
3467		Contributed by John Beck of Sun Microsystems.
3468	CONFIG: Set confFROM_HEADER such that the mail hub can possibly add
3469		GECOS information for an address.  This more closely
3470		matches pre-8.10 nullclient behavior.  From Per Hedeland of
3471		Ericsson.
3472	CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for
3473		SMTP to all *smtp* mailers and those for RELAY to the relay
3474		mailer as described in cf/README.
3475	MAIL.LOCAL: Open the mailbox as the recipient not root so quotas
3476		are obeyed.  Problem noted by Damian Kuczynski of NIK.
3477	MAKEMAP: Do not change a map's owner to the TrustedUser if using
3478		makemap to 'unmake' the map.
3479	RMAIL: Avoid overflowing the list of recipients being passed to
3480		sendmail.
3481	RMAIL: Invoke sendmail with '-G' to indicate this is a gateway
3482		submission.  Problem noted by Kari Hurtta of the Finnish
3483		Meteorological Institute.
3484	VACATION: Read the complete message to avoid "broken pipe" signals.
3485	VACATION: Do not cut off vacation.msg files which have a single
3486		dot as the only character on the line.
3487	New Files:
3488		cf/ostype/solaris8.m4
3489
34908.11.0/8.11.0	2000/07/19
3491	SECURITY: If sendmail is installed as a non-root set-user-ID binary
3492		(not the normal case), some operating systems will still
3493		keep a saved-uid of the effective-uid when sendmail tries
3494		to drop all of its privileges.  If sendmail needs to drop
3495		these privileges and the operating system doesn't set the
3496		saved-uid as well, exit with an error.  Problem noted by
3497		Kari Hurtta of the Finnish Meteorological Institute.
3498	SECURITY: sendmail depends on snprintf() NUL terminating the string
3499		it populates.  It is possible that some broken
3500		implementations of snprintf() exist that do not do this.
3501		Systems in this category should compile with
3502		-DSNPRINTF_IS_BROKEN=1.  Use test/t_snprintf.c to test your
3503		system and report broken implementations to
3504		sendmail-bugs@sendmail.org and your OS vendor.  Problem
3505		noted by Slawomir Piotrowski of TELSAT GP.
3506	Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
3507		Implementation influenced by the example programs of
3508		OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
3509	Add new STARTTLS related options CACERTPath, CACERTFile,
3510		ClientCertFile, ClientKeyFile, DHParameters, RandFile,
3511		ServerCertFile, and ServerKeyFile.  These are documented in
3512		cf/README and doc/op/op.*.
3513	New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
3514		${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
3515		${server_name}, and ${server_addr}.  These are documented
3516		in cf/README and doc/op/op.*.
3517	Add support for the Entropy Gathering Daemon (EGD) for better
3518		random data.
3519	New DontBlameSendmail option InsufficientEntropy for systems which
3520		don't properly seed the PRNG for OpenSSL but want to
3521		try to use STARTTLS despite the security problems.
3522	Support the security layer in SMTP AUTH for mechanisms which
3523		support encryption.  Based on code contributed by Tim
3524		Martin of CMU.
3525	Add new macro ${auth_ssf} to reflect the SMTP AUTH security
3526		strength factor.
3527	LDAP's -1 (single match only) flag was not honored if the -z
3528		(delimiter) flag was not given.  Problem noted by ST Wong of
3529		the Chinese University of Hong Kong.  Fix from Mark Adamson
3530		of CMU.
3531	Add more protection from accidentally tripping OpenLDAP 1.X's
3532		ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
3533		Suggested by Kurt Zeilenga of OpenLDAP.
3534	Fix the default family selection for DaemonPortOptions.  As
3535		documented, unless a family is specified in a
3536		DaemonPortOptions option, "inet" is the default.  It is
3537		also the default if no DaemonPortOptions value is set.
3538		Therefore, IPv6 users should configure additional sockets
3539		by adding DaemonPortOptions settings with Family=inet6 if
3540		they wish to also listen on IPv6 interfaces.  Problem noted
3541		by Jun-ichiro itojun Hagino of the KAME Project.
3542	Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
3543		the interface information for an outgoing connection.
3544		Not doing so was creating a mismatch between the socket
3545		family and address used in subsequent connections if the
3546		M=b modifier was set in DaemonPortOptions.  Problem noted
3547		by John Beck of Sun Microsystems.
3548	If DaemonPortOptions modifier M=b is used, determine the socket
3549		family based on the IP address.  ${if_family} is no longer
3550		persistent (i.e., saved in qf files).  Patch from John Beck
3551		of Sun Microsystems.
3552	sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
3553		macros for both the incoming interface address/family and
3554		the outgoing interface address/family.  In order for M=b
3555		modifier in DaemonPortOptions to work properly, preserve
3556		the incoming information in the queue file for later
3557		delivery attempts.
3558	Use SMTP error code and enhanced status code from check_relay in
3559		responses to commands.  Problem noted by Jeff Wasilko of
3560		smoe.org.
3561	Add more vigilance in checking for putc() errors on output streams
3562		to protect from a bug in Solaris 2.6's putc().  Problem
3563		noted by Graeme Hewson of Oracle.
3564	The LDAP map -n option (return attribute names only) wasn't working.
3565		Problem noted by Ajay Matia.
3566	Under certain circumstances, an address could be listed as deferred
3567		but would be bounced back to the sender as failed to be
3568		delivered when it really should have been queued.  Problem
3569		noted by Allan E Johannesen of Worcester Polytechnic Institute.
3570	Prevent a segmentation fault in a child SMTP process from getting
3571		the SMTP transaction out of sync.  Problem noted by Per
3572		Hedeland of Ericsson.
3573	Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
3574		is defined to avoid a core dump due to incompatibilities
3575		between sfio and stdio.  Problem noted by Neil Rickert
3576		of Northern Illinois University.
3577	Don't log useless envelope ID on initial connection log.  Problem
3578		noted by Kari Hurtta of the Finnish Meteorological Institute.
3579	Convert the free disk space shown in a control socket status query
3580		to kilobyte units.
3581	If TryNullMXList is True and there is a temporary DNS failure
3582		looking up the hostname, requeue the message for a later
3583		attempt.  Problem noted by Ari Heikkinen of Pohjois-Savo
3584		Polytechnic.
3585	Under the proper circumstances, failed connections would be recorded
3586		as "Bad file number" instead of "Connection failed" in the
3587		queue file and persistent host status.  Problem noted by
3588		Graeme Hewson of Oracle.
3589	Avoid getting into an endless loop if a non-hoststat directory exists
3590		within the hoststatus directory (e.g., lost+found).
3591		Patch from Valdis Kletnieks of Virginia Tech.
3592	Make sure Timeout.queuereturn=now returns a bounce message to the
3593		sender.  Problem noted by Per Hedeland of Ericsson.
3594	If a message data file can't be opened at delivery time, panic and
3595		abort the attempt instead of delivering a message that
3596		states "<<< No Message Collected >>>".
3597	Fixup the GID checking code from 8.10.2 as it was overly
3598		restrictive.  Problem noted by Mark G. Thomas of Mark
3599		G. Thomas Consulting.
3600	Preserve source port number instead of replacing it with the ident
3601		port number (113).
3602	Document the queue status characters in the mailq man page.
3603		Suggested by Ulrich Windl of the Universitat Regensburg.
3604	Process queued items in which none of the recipient addresses have
3605		host portions (or there are no recipients).  Problem noted
3606		by Valdis Kletnieks of Virginia Tech.
3607	If a cached LDAP connection is used for multiple maps, make sure
3608		only the first to open the connection is allowed to close
3609		it so a later map close doesn't break the connection for
3610		other maps.  Problem noted by Wolfgang Hottgenroth of UUNET.
3611	Netscape's LDAP libraries do not support Kerberos V4
3612		authentication.  Patch from Rainer Schoepf of the
3613		University of Mainz.
3614	Provide workaround for inconsistent handling of data passed
3615		via callbacks to Cyrus SASL prior to version 1.5.23.
3616	Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile.  Omission
3617		noted by Ulrich Windl of the Universitat Regensburg.
3618	Portability:
3619		Add the ability to read IPv6 interface addresses into class
3620			'w' under FreeBSD (and possibly others).  From Jun
3621			Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
3622		Replace code for finding the number of CPUs on HPUX.
3623		NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
3624			work properly causing problems if the accept()
3625			fails and the socket needs to be reopened.  Patch
3626			from Tom Moore of NCR.
3627		NetBSD uses a .0 extension of formatted man pages.  From
3628			Andrew Brown of Crossbar Security.
3629		Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
3630			for calls to getipnodebyname().  The Linux
3631			implementation is broken so AI_ADDRCONFIG is stripped
3632			under Linux.  From John Beck of Sun Microsystems and
3633			John Kennedy of Cal State University, Chico.
3634	CONFIG: Catch invalid addresses containing a ',' at the wrong place.
3635		Patch from Neil Rickert of Northern Illinois University.
3636	CONFIG: New variables for the new sendmail options:
3637		confCACERT_PATH			CACERTPath
3638		confCACERT			CACERTFile
3639		confCLIENT_CERT			ClientCertFile
3640		confCLIENT_KEY			ClientKeyFile
3641		confDH_PARAMETERS		DHParameters
3642		confRAND_FILE			RandFile
3643		confSERVER_CERT			ServerCertFile
3644		confSERVER_KEY			ServerKeyFile
3645	CONFIG: Provide basic rulesets for TLS policy control and add new
3646		tags to the access database to support these policies.  See
3647		cf/README for more information.
3648	CONFIG: Add TLS information to the Received: header.
3649	CONFIG: Call tls_client ruleset from check_mail in case it wasn't
3650		called due to a STARTTLS command.
3651	CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
3652		instead of temporary.
3653	CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
3654		the access map and relaying to a domain without using a To:
3655		tag.  Problem noted by Mark G. Thomas of Mark G. Thomas
3656		Consulting.
3657	CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
3658		OSTYPE(`linux') and OSTYPE(`mklinux').  From Tim Pierce of
3659		RootsWeb.com.
3660	CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
3661		forwarding to make it as close to the old behavior as
3662		possible.  Problem noted by George W. Baltz of the
3663		University of Maryland.
3664	CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users.  From
3665		Wilfredo Sanchez of Apple Computer, Inc.
3666	CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
3667		ldap_mailhost and ldap_mailroutingaddress to ldapmh and
3668		ldapmra as underscores in map names cause problems if
3669		underscore is in OperatorChars.  Problem noted by Bob Zeitz
3670		of the University of Alberta.
3671	CONFIG: Apply blacklist_recipients also to hosts in class {w}.
3672		Patch from Michael Tratz of Esosoft Corporation.
3673	CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
3674	CONTRIB: Add link_hash.sh to create symbolic links to the hash
3675		of X.509 certificates.
3676	CONTRIB: passwd-to-alias.pl:  More protection from special characters;
3677		treat special shells as root aliases; skip entries where the
3678		GECOS full name and username match.  From Ulrich Windl of the
3679		Universitat Regensburg.
3680	CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
3681		typo.  Patch from Graeme Hewson of Oracle.
3682	CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
3683		and sendmail.  Patch from Graeme Hewson of Oracle.
3684	CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
3685		subroutine Patch from Graeme Hewson of Oracle.
3686	CONTRIB: Add movemail.pl (move old mail messages between queues by
3687		calling re-mqueue.pl) and movemail.conf (configuration
3688		script for movemail.pl).  From Graeme Hewson of Oracle.
3689	CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
3690		makemap).  From Derek J. Balling of Yahoo,Inc.
3691	DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
3692		extension modifications (e.g., MAN8EXT) to the installation
3693		target.  Patch from James Ralston of Carnegie Mellon
3694		University.
3695	DEVTOOLS: Add support for SunOS 5.9.
3696	DEVTOOLS: New option confLN contains the command used to create
3697		links.
3698	LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
3699		reported.
3700	MAIL.LOCAL: DG/UX portability.  Problem noted by Tim Boyer of
3701		Denman Tire Corporation.
3702	MAIL.LOCAL: Prevent a possible DoS attack when compiled with
3703		-DCONTENTLENGTH.  Based on patch from 3APA3A@SECURITY.NNOV.RU.
3704	MAILSTATS: Fix usage statement (-p and -o are optional).
3705	MAKEMAP: Change man page layout as workaround for problem with nroff
3706		and -man on Solaris 7.  Patch from Larry Williamson.
3707	RMAIL: AIX 4.3 has snprintf().  Problem noted by David Hayes of
3708		Black Diamond Equipment, Limited.
3709	RMAIL: Prevent a segmentation fault if the incoming message does not
3710		have a From line.
3711	VACATION: Read all of the headers before deciding whether or not
3712		to respond instead of stopping after finding recipient.
3713	Added Files:
3714		cf/ostype/darwin.m4
3715		contrib/cidrexpand
3716		contrib/link_hash.sh
3717		contrib/movemail.conf
3718		contrib/movemail.pl
3719		devtools/OS/SunOS.5.9
3720		test/t_snprintf.c
3721
37228.10.2/8.10.2	2000/06/07
3723	SECURITY: Work around broken Linux setuid() implementation.
3724		On Linux, a normal user process has the ability to subvert
3725		the setuid() call such that it is impossible for a root
3726		process to drop its privileges.  Problem noted by Wojciech
3727		Purczynski of elzabsoft.pl.
3728	SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(),
3729		initgroups(), and chroot() calls.
3730	Added Files:
3731		test/t_setuid.c
3732
37338.10.1/8.10.1	2000/04/06
3734	SECURITY: Limit the choice of outgoing (client-side) SMTP
3735		Authentication mechanisms to those specified in
3736		AuthMechanisms to prevent information leakage.  We do not
3737		recommend use of PLAIN for outgoing mail as it sends the
3738		password in clear text to possibly untrusted servers.  See
3739		cf/README's DefaultAuthInfo section for additional information.
3740	Copy the ident argument for openlog() to avoid problems on some
3741		OSs.  Based on patch from Rob Bajorek from Webhelp.com.
3742	Avoid bogus error message when reporting an alias line as too long.
3743	Avoid bogus socket error message if sendmail.cf version level is
3744		greater than sendmail binary supported version.  Patch
3745		from John Beck of Sun Microsystems.
3746	Prevent a malformed ruleset (missing right hand side) from causing
3747		a segmentation fault when using address test mode.  Based on
3748		patch from John Beck of Sun Microsystems.
3749	Prevent memory leak from use of NIS maps and yp_match(3).  Problem
3750		noted by Gil Kloepfer of the University of Texas at Austin.
3751	Fix queue file permission checks to allow for TrustedUser ownership.
3752	Change logging of errors from the trust_auth ruleset to LogLevel 10
3753		or higher.
3754	Avoid simple password cracking attacks against SMTP AUTH by using
3755		exponential delay after too many tries within one connection.
3756	Encode an initial empty AUTH challenge as '=', not as empty string.
3757	Avoid segmentation fault on EX_SOFTWARE internal error logs.
3758		Problem noted by Allan E Johannesen of Worcester
3759		Polytechnic Institute.
3760	Ensure that a header check which resolves to $#discard actually
3761		discards the message.
3762	Emit missing value warnings for aliases with no right hand side
3763		when newaliases is run instead of only when delivery is
3764		attempted to the alias.
3765	Remove AuthOptions missing value warning for consistency with other
3766		flag options.
3767	Portability:
3768		SECURITY: Specify a run-time shared library search path for
3769			AIX 4.X instead of using the dangerous AIX 4.X
3770			linker semantics.  AIX 4.X users should consult
3771			sendmail/README for further information.  Problem
3772			noted by Valdis Kletnieks of Virginia Tech.
3773		Avoid use of strerror(3) call.  Problem noted by Charles
3774			Levert of Ecole Polytechnique de Montreal.
3775		DGUX requires -lsocket -lnsl and has a non-standard install
3776			program.  From Tim Boyer of Denman Tire Corporation.
3777		HPUX 11.0 has a broken res_search() function.
3778		Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X
3779			from J. P. McCann of E I A.
3780		Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3).
3781			Problem noted by Michael Long of Info Avenue Internet
3782			Services, LLC.
3783		Modern (post-199912) OpenBSD versions include working
3784			strlc{at,py}(3) functions.  From Todd C. Miller of
3785			Courtesan Consulting.
3786		SINIX doesn't have random(3).  From Gerald Rinske of
3787			Siemens Business Services.
3788	CONFIG: Change error message about unresolvable sender domain to
3789		include the sender address.  Proposed by Wolfgang Rupprecht
3790		of WSRCC.
3791	CONFIG: Fix usenet mailer calls.
3792	CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS
3793		to be backward compatible with 8.9.
3794	CONFIG: Change handling of default case @domain for virtusertable
3795		to allow for +*@domain to deal with +detail.
3796	CONTRIB: Remove converting.sun.configs -- it is obsolete.
3797	DEVTOOLS: confUBINMODE was being ignored.  Fix from KITAZIMA, Tuneki
3798		of NEC.
3799	DEVTOOLS: Add to NCR platform list and include the architecture
3800		(i486).  From Tom J. Moore of NCR.
3801	DEVTOOLS: SECURITY: Change method of linking with sendmail utility
3802		libraries to work around the AIX 4.X and SunOS 4.X linker's
3803		overloaded -L option.  Problem noted by Valdis Kletnieks of
3804		Virginia Tech.
3805	DEVTOOLS: configure.sh was overriding the user's choice for
3806		confNROFF.  Problem noted by Glenn A. Malling of Syracuse
3807		University.
3808	DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added
3809		for other internal projects but included in the open source
3810		release.
3811	LIBSMDB: Check for ".db" instead of simply "db" at the end of the
3812		map name to determine whether or not to add the extension.
3813		This fixes makemap when building the userdb file.  Problem
3814		noted by Andrew J Cole of the University of Leeds.
3815	LIBSMDB: Allow a database to be opened for updating and created if
3816		it doesn't already exist.  Problem noted by Rand Wacker of
3817		Sendmail.
3818	LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are
3819		available, fall back to NDBM if NEWDB open fails.  This
3820		fixes praliases.  Patch	from John Beck of Sun Microsystems.
3821	LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted
3822		as SFF_NOWRFILES.
3823	OP.ME: Clarify some issues regarding mailer flags.  Suggested by
3824		Martin Mokrejs of The Charles University and Neil Rickert of
3825		Northern Illinois University.
3826	PRALIASES: Restore 8.9.X functionality of being able to search for
3827		particular keys in a database by specifying the keys on the
3828		command line.  Man page updated accordingly.  Patch from
3829		John Beck of Sun Microsystems.
3830	VACATION: SunOS 4.X portability from Charles Levert of Ecole
3831		Polytechnique de Montreal.
3832	VACATION: Fix -t option which is ignored but available for
3833		compatibility with Sun's version, based on patch from
3834		Volker Dobler of Infratest Burke.
3835	Added Files:
3836		devtools/M4/UNIX/smlib.m4
3837		devtools/OS/OSF1.V5.0
3838	Deleted Files:
3839		contrib/converting.sun.configs
3840	Deleted Directories (already done in 8.10.0 but not listed):
3841		doc/intro
3842		doc/usenix
3843		doc/changes
3844
38458.10.0/8.10.0	2000/03/01
3846	    *************************************************************
3847	    * The engineering department at Sendmail, Inc. has suffered	*
3848	    * the tragic loss of a key member of our engineering team.	*
3849	    * Julie Van Bourg was the Vice President of Engineering	*
3850	    * at Sendmail, Inc. during the development and deployment	*
3851	    * of this release.  It was her vision, dedication, and	*
3852	    * support that has made this release a success.  Julie died	*
3853	    * on October 26, 1999 of cancer.  We have lost a leader, a	*
3854	    * coach, and a friend.					*
3855	    *								*
3856	    * This release is dedicated to her memory and to the joy,	*
3857	    * strength, ideals, and hope that she brought to all of us.	*
3858	    * Julie, we miss you!					*
3859	    *************************************************************
3860	SECURITY: The safe file checks now back track through symbolic
3861		links to make sure the files can't be compromised due
3862		to poor permissions on the parent directories of the
3863		symbolic link target.
3864	SECURITY: Only root, TrustedUser, and users in class t can rebuild
3865		the alias map.  Problem noted by Michal Zalewski of the
3866		"Internet for Schools" project (IdS).
3867	SECURITY: There is a potential for a denial of service attack if
3868		the AutoRebuildAliases option is set as a user can kill the
3869		sendmail process while it is rebuilding the aliases file
3870		(leaving it in an inconsistent state).  This option and
3871		its use is deprecated and will be removed from a future
3872		version of sendmail.
3873	SECURITY: Make sure all file descriptors (besides stdin, stdout, and
3874		stderr) are closed before restarting sendmail.  Problem noted
3875		by Michal Zalewski of the "Internet for Schools" project
3876		(IdS).
3877	Begin using /etc/mail/ for sendmail related files.  This affects
3878		a large number of files.  See cf/README for more details.
3879	The directory structure of the distribution has changed slightly
3880		for easier code sharing among the programs.
3881	Support SMTP AUTH (see RFC 2554).  New macros for this purpose
3882		are ${auth_authen}, ${auth_type}, and ${auth_author}
3883		which hold the client's authentication credentials,
3884		the mechanism used for authentication, and the
3885		authorization identity (i.e., the AUTH= parameter if
3886		supplied).  Based on code contributed by Tim Martin of CMU.
3887	On systems which use the Torek stdio library (all of the BSD
3888		distributions), use memory-buffered files to reduce
3889		file system overhead by not creating temporary files on
3890		disk.  Contributed by Exactis.com, Inc.
3891	New option DataFileBufferSize to control the maximum size of a
3892		memory-buffered data (df) file before a disk-based file is
3893		used.  Contributed by Exactis.com, Inc.
3894	New option XscriptFileBufferSize to control the maximum size of a
3895		memory-buffered transcript (xf) file before a disk-based
3896		file is used.  Contributed by Exactis.com, Inc.
3897	sendmail implements RFC 2476 (Message Submission), e.g., it can
3898		now listen on several different ports.  Use:
3899		O DaemonPortOptions=Name=MSA, Port=587, M=E
3900		to run a Message Submission Agent (MSA); this is turned
3901		on by default in m4-generated .cf files; it can be turned
3902		off with FEATURE(`no_default_msa').
3903	The 'XUSR' SMTP command is deprecated.  Mail user agents should
3904		begin using RFC 2476 Message Submission for initial user
3905		message submission.  XUSR may disappear from a future release.
3906	The new '-G' (relay (gateway) submission) command line option
3907		indicates that the message being submitted from the command
3908		line is for relaying, not initial submission.  This means
3909		the message will be rejected if the addresses are not fully
3910		qualified and no canonicalization will be done.  Future
3911		releases may even reject improperly formed messages.
3912	The '-U' (initial user submission) command line option is
3913		deprecated and may be removed from a future release.
3914		Mail user agents should begin using '-G' to indicate that
3915		this is a relay submission (the inverse of -U).
3916	The next release of sendmail will assume that any message submitted
3917		from the command line is an initial user submission and act
3918		accordingly.
3919	If sendmail doesn't have enough privileges to run a .forward
3920		program or deliver to file as the owner of that file, the
3921		address is marked as unsafe.  This means if RunAsUser is
3922		set, users won't be able to use programs or delivery to
3923		files in their .forward files.  Administrators can override
3924		this by setting the DontBlameSendmail option to the new
3925		setting NonRootSafeAddr.
3926	Allow group or world writable directories if the sticky bit is set
3927		on the directory and DontBlameSendmail is set to
3928		TrustStickyBit.  Based on patch from Chris Metcalf of
3929		InCert Software.
3930	Prevent logging of unsafe directory paths for non-existent forward
3931		files if the new DontWarnForwardFileInUnsafeDirPath bit is
3932		set in the DontBlameSendmail option.  Requested by many.
3933	New Timeout.control option to limit the total time spent satisfying
3934		a control socket request.
3935	New Timeout.resolver options for controlling BIND resolver
3936		settings:
3937		Timeout.resolver.retrans
3938			Sets the resolver's retransmission time interval (in
3939			seconds).  Sets both Timeout.resolver.retrans.first
3940			and Timeout.resolver.retrans.normal.
3941		Timeout.resolver.retrans.first
3942			Sets the resolver's retransmission time interval (in
3943			seconds) for the first attempt to deliver a message.
3944		Timeout.resolver.retrans.normal
3945			Sets the resolver's retransmission time interval (in
3946			seconds) for all resolver lookups except the first
3947			delivery attempt.
3948		Timeout.resolver.retry
3949			Sets the number of times to retransmit a resolver
3950			query.  Sets both Timeout.resolver.retry.first
3951			and Timeout.resolver.retry.normal.
3952		Timeout.resolver.retry.first
3953			Sets the number of times to retransmit a resolver
3954			query for the first attempt to deliver a message.
3955		Timeout.resolver.retry.normal
3956			Sets the number of times to retransmit a resolver
3957			query for all resolver lookups except the first
3958			delivery attempt.
3959		Contributed by Exactis.com, Inc.
3960	Support multiple queue directories.  To use multiple queues, supply
3961		a QueueDirectory option value ending with an asterisk.  For
3962		example, /var/spool/mqueue/q* will use all of the
3963		directories or symbolic links to directories beginning with
3964		'q' in /var/spool/mqueue as queue directories.  Keep in
3965		mind, the queue directory structure should not be changed
3966		while sendmail is running.  Queue runs create a separate
3967		process for running each queue unless the verbose flag is
3968		given on a non-daemon queue run.  New items are randomly
3969		assigned to a queue.  Contributed by Exactis.com, Inc.
3970	Support different directories for qf, df, and xf queue files; if
3971		subdirectories or symbolic links to directories of those names
3972		exist in the queue directories, they are used for the
3973		corresponding queue files.  Keep in mind, the queue
3974		directory structure should not be changed while sendmail is
3975		running.  Proposed by Mathias Koerber of Singapore
3976		Telecommunications Ltd.
3977	New queue file naming system which uses a filename guaranteed to be
3978		unique for 60 years.  This allows queue IDs to be assigned
3979		without fancy file system locking.  Queued items can be
3980		moved between queues easily.  Contributed by Exactis.com,
3981		Inc.
3982	Messages which are undeliverable due to temporary address failures
3983		(e.g., DNS failure) will now go to the FallBackMX host, if
3984		set.  Contributed by Exactis.com, Inc.
3985	New command line option '-L tag' which sets the identifier used for
3986		syslog.  Contributed by Exactis.com, Inc.
3987	QueueSortOrder=Filename will sort the queue by filename.  This
3988		avoids opening and reading each queue file when preparing
3989		to run the queue.  Contributed by Exactis.com, Inc.
3990	Shared memory counters and microtimers functionality has been
3991		donated by Exactis.com, Inc.
3992	The SCCS ID tags have been replaced with RCS ID tags.
3993	Allow trusted users (those on a T line or in $=t) to set the
3994		QueueDirectory (Q) option without an X-Authentication-Warning:
3995		being added.  Suggested by Michael K. Sanders.
3996	IPv6 support based on patches from John Kennedy of Cal State
3997		University, Chico, Motonori Nakamura of Kyoto University,
3998		and John Beck of Sun Microsystems.
3999	In low-disk space situations, where sendmail would previously refuse
4000		connections, still accept them, but only allow ETRN commands.
4001		Suggested by Mathias Koerber of Singapore Telecommunications
4002		Ltd.
4003	The [IPC] builtin mailer now allows delivery to a UNIX domain socket
4004		on systems which support them.  This can be used with LMTP
4005		local delivery agents which listen on a named socket.  An
4006		example mailer might be:
4007			Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n,
4008				S=10, R=20/40, T=DNS/RFC822/X-Unix,
4009				A=FILE /var/run/lmtpd
4010		Code contributed by Lyndon Nerenberg of Messaging Direct.
4011	The [TCP] builtin mailer name is now deprecated.  Use [IPC]
4012		instead.
4013	The first mailer argument in the [IPC] mailer is now checked for a
4014		legitimate value.  Possible values are TCP (for TCP/IP
4015		connections), IPC (which will be deprecated in a future
4016		version), and FILE (for UNIX domain socket delivery).
4017	PrivacyOptions=goaway no longer includes the noetrn and the noreceipts
4018		flags.
4019	PrivacyOptions=nobodyreturn instructs sendmail not to include the
4020		body of the original message on delivery status
4021		notifications.
4022	Don't announce DSN if PrivacyOptions=noreceipts is set.  Problem noted
4023		by Dan Bernstein, fix from Robert Harker of Harker Systems.
4024	Accept the SMTP RSET command even when rejecting commands due to TCP
4025		Wrappers or the check_relay ruleset.  Problem noted by
4026		Steve Schweinhart of America Online.
4027	Warn if OperatorChars is set multiple times.  OperatorChars should
4028		not be set after rulesets are defined.  Suggested by
4029		Mitchell Blank Jr of Exec-PC.
4030	Do not report temporary failure on delivery to files.  In
4031		interactive delivery mode, this would result in two SMTP
4032		responses after the DATA command.  Problem noted by
4033		Nik Conwell of Boston University.
4034	Check file close when mailing to files.  Problem noted by Nik
4035		Conwell of Boston University.
4036	Avoid a segmentation fault when using the LDAP map.  Patch from
4037		Curtis W. Hillegas of Princeton University.
4038	Always bind to the LDAP server regardless of whether you are using
4039		ldap_open() or ldap_init().  Fix from Raj Kunjithapadam of
4040		@Home Network.
4041	New ruleset trust_auth to determine whether a given AUTH=
4042		parameter of the MAIL command should be trusted.  See SMTP
4043		AUTH, cf/README, and doc/op/op.ps.
4044	Allow new named config file rules check_vrfy, check_expn, and
4045		check_etrn for VRFY, EXPN, and ETRN commands, respectively,
4046		similar to check_rcpt etc.
4047	Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr},
4048		${mail_mailer}, ${mail_host}, ${mail_addr} that hold
4049		the results of parsing the RCPT and MAIL arguments, i.e.
4050		the resolved triplet from $#mailer $@host $:addr.
4051		From Kari Hurtta of the Finnish Meteorological Institute.
4052	New macro ${client_resolve} which holds the result of the resolve
4053		call for ${client_name}: OK, FAIL, FORGED, TEMP.  Proposed
4054		by Kari Hurtta of the Finnish Meteorological Institute.
4055	New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold
4056		the corresponding DSN parameter values.  Proposed by
4057		Mathias Herberts.
4058	New macro ${msg_size} which holds the value of the SIZE= parameter,
4059		i.e., usually the size of the message (in an ESMTP dialogue),
4060		before the message has been collected, thereafter it holds
4061		the message size as computed by sendmail (and can be used
4062		in check_compat).
4063	The macro ${deliveryMode} now specifies the current delivery mode
4064		sendmail is using instead of the value of the DeliveryMode
4065		option.
4066	New macro ${ntries} holds the number of delivery attempts.
4067	Drop explicit From: if same as what would be generated only if it is
4068		a local address.  From Motonori Nakamura of Kyoto University.
4069	Write pid to file also if sendmail only processes the queue.
4070		Proposed by Roy J. Mongiovi of Georgia Tech.
4071	Log "low on disk space" only when necessary.
4072	New macro ${load_avg} can be used to check the current load average.
4073		Suggested by Scott Gifford of The Internet Ramp.
4074	Return-Receipt-To: header implies DSN request if option RrtImpliesDsn
4075		is set.
4076	Flag -S for maps to specify the character which is substituted
4077		for spaces (instead of the default given by O BlankSub).
4078	Flag -D for maps: perform no lookup in deferred delivery mode.
4079		This flag is set by default for the host map.  Based on a
4080		proposal from Ian MacPhedran of the University of Saskatchewan.
4081	Open maps only on demand, not at startup.
4082	Log warning about unsupported IP address families.
4083	New option MaxHeadersLength allows to specify a maximum length
4084		of the sum of all headers.  This can be used to prevent
4085		a denial-of-service attack.
4086	New option MaxMimeHeaderLength which limits the size of MIME
4087		headers and parameters within those headers.  This option
4088		is intended to protect mail user agents from buffer
4089		overflow attacks.
4090	Added option MaxAliasRecursion to specify the maximum depth of
4091		alias recursion.
4092	New flag F=6 for mailers to strip headers to seven bit.
4093	Map type syslog to log the key via syslogd.
4094	Entries in the alias file can be continued by putting a backslash
4095		directly before the newline.
4096	New option DeadLetterDrop to define the location of the system-wide
4097		dead.letter file, formerly hardcoded to
4098		/usr/tmp/dead.letter.  If this option is not set (the
4099		default), sendmail will not attempt to save to a
4100		system-wide dead.letter file if it can not bounce the mail
4101		to the user nor postmaster.  Instead, it will rename the qf
4102		file as it has in the past when the dead.letter file
4103		could not be opened.
4104	New option PidFile to define the location of the pid file.  The
4105		value of this option is macro expanded.
4106	New option ProcessTitlePrefix specifies a prefix string for the
4107		process title shown in 'ps' listings.
4108	New macros for use with the PidFile and ProcessTitlePrefix options
4109		(along with the already existing macros):
4110		${daemon_info}      Daemon information, e.g.
4111		                    SMTP+queueing@00:30:00
4112		${daemon_addr}	    Daemon address, e.g., 0.0.0.0
4113		${daemon_family}    Daemon family, e.g., inet, inet6, etc.
4114		${daemon_name}      Daemon name, e.g., MSA.
4115		${daemon_port}	    Daemon port, e.g., 25
4116		${queue_interval}   Queue run interval, e.g., 00:30:00
4117	New macros especially for virtual hosting:
4118		${if_name}	hostname of interface of incoming connection.
4119		${if_addr}	address of interface of incoming connection.
4120		The latter is only set if the interface does not belong to the
4121		loopback net.
4122	If a message being accepted via a method other than SMTP and
4123		would be rejected by a header check, do not send the message.
4124		Suggested by Phil Homewood of Mincom Pty Ltd.
4125	Don't strip comments for header checks if $>+ is used instead of $>.
4126		Provide header value as quoted string in the macro
4127		${currHeader} (possibly truncated to MAXNAME).  Suggested by
4128		Jan Krueger of Unix-AG of University of Hannover.
4129		The length of the header value is stored in ${hdrlen}.
4130	H*: allows to specify a default ruleset for header checks.  This
4131		ruleset will only be called if the individual header does
4132		not have its own ruleset assigned.  Suggested by Jan
4133		Krueger of Unix-AG of University of Hannover.
4134		The name of the header field stored in ${hdr_name}.
4135	Comments (i.e., text within parentheses) in rulesets are not
4136		removed if the config file version is greater than or equal
4137		to 9.  For example, "R$+ ( 1 )		$@ 1" matches the
4138		input "token (1)" but does not match "token".
4139	Avoid removing the Content-Transfer-Encoding MIME header on
4140		MIME messages.  Problem noted by Sigurbjorn B. Larusson of
4141		Multimedia Consumer Services.  Fix from Per Hedeland of
4142		Ericsson.
4143	Avoid duplicate Content-Transfer-Encoding MIME header on
4144		messages with 8-bit text in headers.  Problem noted by
4145		Per Steinar Iversen of Oslo College.  Fix from Per Hedeland
4146		of Ericsson.
4147	Avoid keeping maps locked longer than necessary when re-opening a
4148		modified database map file.  Problem noted by Chris Adams
4149		of Renaissance Internet Services.
4150	Resolving to the $#error mailer with a temporary failure code (e.g.,
4151		$#error $@ tempfail $: "400 Temporary failure") will now
4152		queue up the message instead of bouncing it.
4153	Be more liberal in acceptable responses to an SMTP RSET command as
4154		standard does not provide any indication of what to do when
4155		something other than 250 is received.  Based on a patch
4156		from Steve Schweinhart of America Online.
4157	New option TrustedUser allows to specify a user who can own
4158		important files instead of root.  This requires HASFCHOWN.
4159	Fix USERDB conditional so compiling with NEWDB or HESIOD and
4160		setting USERDB=0 works.  Fix from Jorg Zanger of Schock.
4161	Fix another instance (similar to one in 8.9.3) of a network failure
4162		being mis-logged as "Illegal Seek" instead of whatever
4163		really went wrong.  From John Beck of Sun Microsystems.
4164	$? tests also whether the macro is non-null.
4165	Print an error message if a mailer definition contains an invalid
4166		equate name.
4167	New mailer equate /= to specify a directory to chroot() into before
4168		executing the mailer program.  Suggested by Igor Vinokurov.
4169	New mailer equate W= to specify the maximum time to wait for the
4170		mailer to return after sending all data to it.
4171	Only free memory from the process list when adding a new process
4172		into a previously filled slot.  Previously, the memory was
4173		freed at removal time.  Since removal can happen in a
4174		signal handler, this may leave the memory map in an
4175		inconsistent state.  Problem noted by Jeff A. Earickson and
4176		David Cooley of Colby College.
4177	When using the UserDB @hostname catch-all, do not try to lookup
4178		local users in the passwd file.  The UserDB code has
4179		already decided the message will be passed to another host
4180		for processing.  Fix from Tony Landells of Burdett
4181		Buckeridge Young Limited.
4182	Support LDAP authorization via either a file containing the
4183		password or Kerberos V4 using the new map options
4184		'-ddistinguished_name', '-Mmethod', and '-Pfilename'.  The
4185		distinguished_name is who to login as.  The method can be
4186		one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or
4187		LDAP_AUTH_KRBV4.  The filename is the file containing the
4188		secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos
4189		ticket file for LDAP_AUTH_KRBV4.  Patch from Booker Bense
4190		of Stanford University.
4191	The ldapx map has been renamed to ldap.  The use of ldapx is
4192		deprecated and will be removed in a future version.
4193	If the result of an LDAP search returns a multi-valued attribute
4194		and the map has the column delimiter set, it turns that
4195		response into a delimiter separated string.  The LDAP map
4196		will traverse multiple entries as well.  LDAP alias maps
4197		automatically set the column delimiter to the comma.
4198		Based on patch from Booker Bense of Stanford University and
4199		idea from Philip A. Prindeville of Mirapoint, Inc.
4200	Support return of multiple values for a single LDAP lookup.  The
4201		values to be returned should be in a comma separated string.
4202		For example, `-v "email,emailother"'.  Patch from
4203		Curtis W. Hillegas of Princeton University.
4204	Allow the use of LDAP for alias maps.
4205	If no LDAP attributes are specified in an LDAP map declaration, all
4206		attributes found in the match will be returned.
4207	Prevent commas in quoted strings in the AliasFile value from
4208		breaking up a single entry into multiple entries.  This is
4209		needed for LDAP alias file specifications to allow for
4210		comma separated key and value strings.
4211	Keep connections to LDAP server open instead of opening and closing
4212		for each lookup.  To reduce overhead, sendmail will cache
4213		connections such that multiple maps which use the same
4214		host, port, bind DN, and authentication will only result in
4215		a single connection to that host.
4216	Put timeout in the proper place for USE_LDAP_INIT.
4217	Be more careful about checking for errors and freeing memory on
4218		LDAP lookups.
4219	Use asynchronous LDAP searches to save memory and network
4220		resources.
4221	Do not copy LDAP query results if the map's match only flag is set.
4222	Increase portability to the Netscape LDAP libraries.
4223	Change the parsing of the LDAP filter specification.  '%s' is still
4224		replaced with the literal contents of the map lookup key --
4225		note that this means a lookup can be done using the LDAP
4226		special characters.  The new '%0' token can be used instead
4227		of '%s' to encode the key buffer according to RFC 2254.
4228		For example, if the LDAP map specification contains '-k
4229		"(user=%s)"' and a lookup is done on "*", this would be
4230		equivalent to '-k "(user=*)"' -- matching ANY record with a
4231		user attribute.  Instead, if the LDAP map specification
4232		contains '-k "(user=%0)"' and a lookup is done on "*", this
4233		would be equivalent to '-k "(user=\2A)"' -- matching a user
4234		with the name "*".
4235	New LDAP map flags: "-1" requires a single match to be returned, if
4236		more than one is returned, it is equivalent to no records
4237		being found; "-r never|always|search|find" sets the LDAP
4238		alias dereference option; "-Z size" limits the number of
4239		matches to return.
4240	New option LDAPDefaultSpec allows a default map specification for
4241		LDAP maps.  The value should only contain LDAP specific
4242		settings such as "-h host -p port -d bindDN", etc.  The
4243		settings will be used for all LDAP maps unless they are
4244		specified in the individual map specification ('K'
4245		command).  This option should be set before any LDAP maps
4246		are defined.
4247	Prevent an NDBM alias file opening loop when the NDBM open
4248		continually fails.  Fix from Roy J. Mongiovi of Georgia
4249		Tech.
4250	Reduce memory utilization for smaller symbol table entries.  In
4251		particular, class entries get much smaller, which can be
4252		important if you have large classes.
4253	On network-related temporary failures, record the hostname which
4254		gave error in the queued status message.  Requested by
4255		Ulrich Windl of the Universitat Regensburg.
4256	Add new F=% mailer flag to allow for a store and forward
4257		configuration.  Mailers which have this flag will not attempt
4258		delivery on initial receipt of a message or on queue runs
4259		unless the queued message is selected using one of the
4260		-qI/-qR/-qS queue run modifiers or an ETRN request.  Code
4261		provided by Philip Guenther of Gustavus Adolphus College.
4262	New option ControlSocketName which, when set, creates a daemon
4263		control socket.  This socket allows an external program to
4264		control and query status from the running sendmail daemon
4265		via a named socket, similar to the ctlinnd interface to the
4266		INN news server.  Access to this interface is controlled by
4267		the UNIX file permissions on the named socket on most UNIX
4268		systems (see sendmail/README for more information).  An
4269		example control program is provided as contrib/smcontrol.pl.
4270	Change the default values of QueueLA from 8 to (8 * numproc) and
4271		RefuseLA from 12 to (12 * numproc) where numproc is the
4272		number of processors online on the system (if that can be
4273		determined).  For single processor machines, this change
4274		has no effect.
4275	Don't return body of message to postmaster on "Too many hops" bounces.
4276		Based on fix from Motonori Nakamura of Kyoto University.
4277	Give more detailed DSN descriptions for some cases.  Patch from
4278		Motonori Nakamura of Kyoto University.
4279	Logging of alias, forward file, and UserDB expansion now happens
4280		at LogLevel 11 or higher instead of 10 or higher.
4281	Logging of an envelope's complete delivery (the "done" message) now
4282		happens at LogLevel 10 or higher instead of 11 or higher.
4283	Logging of TCP/IP or UNIX standard input connections now happens at
4284		LogLevel 10 or higher.  Previously, only TCP/IP connections
4285		were logged, and on at LogLevel 12 or higher.  Setting
4286		LogLevel to 10 will now assist users in tracking frequent
4287		connection-based denial of service attacks.
4288	Log basic information about authenticated connections at LogLevel
4289		10 or higher.
4290	Log SMTP Authentication mechanism and author when logging the sender
4291		information (from= syslog line).
4292	Log the DSN code for each recipient if one is available as a new
4293		equate (dsn=).
4294	Macro expand PostmasterCopy and DoubleBounceAddress options.
4295	New "ph" map for performing ph queries in rulesets, see
4296		sendmail/README for details.  Contributed by Mark Roth
4297		of the University of Illinois at Urbana-Champaign.
4298	Detect temporary lookup failures in the host map if looking up a
4299		bracketed IP address.  Problem noted by Kari Hurtta of the
4300		Finnish Meteorological Institute.
4301	Do not report a Remote-MTA on local deliveries.  Problem noted by
4302		Kari Hurtta of the Finnish Meteorological Institute.
4303	When a forward file points to an alias which runs a program, run
4304		the program as the default user and the default group, not
4305		the forward file user.  This change also assures the
4306		:include: directives in aliases are also processed using
4307		the default user and group.  Problem noted by Sergiu
4308		Popovici of DNT Romania.
4309	Prevent attempts to save a dead.letter file for a user with
4310		no home directory (/no/such/directory).  Problem noted by
4311		Michael Brown of Finnigan FT/MS.
4312	Include message delay and number of tries when logging that a
4313		message has been completely delivered (LogLevel of 10 or
4314		above).  Suggested by Nick Hilliard of Ireland Online.
4315	Log the sender of a message even if none of the recipients were
4316		accepted.  If some of the recipients were rejected, it is
4317		helpful to know the sender of the message.
4318	Check the root directory (/) when checking a path for safety.
4319		Problem noted by John Beck of Sun Microsystems.
4320	Prevent multiple responses to the DATA command if DeliveryMode is
4321		interactive and delivering to an alias which resolves to
4322		multiple files.
4323	Macros in the helpfile are expanded if the helpfile version is 2 or
4324		greater (see below); the help function doesn't print the
4325		version of sendmail any longer, instead it is placed in
4326		the helpfile ($v).  Suggested by Chuck Foster of UUNET
4327		PIPEX.  Additionally, comment lines (starting with #) are
4328		skipped and a version line (#vers) is introduced.  The
4329		helpfile version for 8.10.0 is 2, if no version or an older
4330		version is found, a warning is logged.  The '#vers'
4331		directive should be placed at the top of the help file.
4332	Use fsync() when delivering to a file to guarantee the delivery to
4333		disk succeeded.  Suggested by Nick Christenson.
4334	If delivery to a file is unsuccessful, truncate the file back to its
4335		length before the attempt.
4336	If a forward points to a filename for delivery, change to the
4337		user's uid before checking permissions on the file.  This
4338		allows delivery to files on NFS mounted directories where
4339		root is remapped to nobody.  Problem noted by Harald
4340		Daeubler of Universitaet Ulm.
4341	purgestat and sendmail -bH purge only expired (Timeout.hoststatus)
4342		host status files, not all files.
4343	Any macros stored in the class $={persistentMacros} will be saved
4344		in the queue file for the message and set when delivery
4345		is attempted on the queued item.  Suggested by Kyle Jones of
4346		Wonderworks Inc.
4347	Add support for storing information between rulesets using the new
4348		macro map class.  This can be used to store information
4349		between queue runs as well using $={persistentMacros}.
4350		Based on an idea from Jan Krueger of Unix-AG of University
4351		of Hannover.
4352	New map class arith to allow for computations in rules.  The
4353		operation (+, -, *, /, l (for less than), and =) is given
4354		as key.  The two operands are specified as arguments; the
4355		lookup returns the result of the computation.  For example,
4356		"$(arith l $@ 4 $@ 2 $)" will return "FALSE" and
4357		"$(arith + $@ 4 $@ 2 $)" will return "6".
4358	Add new syntax for header declarations which decide whether to
4359		include the header based on a macro rather than a mailer
4360		flag:
4361			H?${MyMacro}?X-My-Header: ${MyMacro}
4362		This should be used along with $={persistentMacros}.
4363		It can be used for adding headers to a message based on
4364		the results of check_* and header check rulesets.
4365	Allow new named config file rule check_eoh which is called after
4366		all of the headers have been collected.  The input to the
4367		ruleset the number of headers and the size of all of the
4368		headers in bytes separated by $|.  This ruleset along with
4369		the macro storage map can be used to correlate information
4370		gathered between headers and to check for missing headers.
4371		See cf/README or doc/op/op.ps for an example.
4372	Change the default for the MeToo option to True to correspond
4373		to the clarification in the DRUMS SMTP Update spec.  This
4374		option is deprecated and will be removed from a future
4375		version.
4376	Change the sendmail binary default for SendMimeErrors to True.
4377	Change the sendmail binary default for SuperSafe to True.
4378	Display ruleset names in debug and address test mode output
4379		if referencing a named ruleset.
4380	New mailer equate m= which will limit the number of messages
4381		delivered per connection on an SMTP or LMTP mailer.
4382	Improve QueueSortOrder=Host by reversing the hostname before
4383		using it to sort.  Now all the same domains are really run
4384		through the queue together.  If they have the same MX host,
4385		then they will have a much better opportunity to use the
4386		connection cache if available.  This should be a reasonable
4387		performance improvement.  Patch from Randall Winchester of
4388		the University of Maryland.
4389	If a message is rejected by a header check ruleset, log who would
4390		have received the message if it had not been rejected.
4391	New "now" value for Timeout.queuereturn to bounce entries from the
4392		queue immediately.  No delivery attempt is made.
4393	Increase sleeping time exponentially after too many "bad" commands
4394		up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}-
4395		COMMANDS).
4396	New option ClientPortOptions similar to DaemonPortOptions
4397		but for outgoing connections.
4398	New suboptions for DaemonPortOptions: Name (a name used for
4399		error messages and logging) and Modifiers, i.e.
4400			a	require authentication
4401			b	bind to interface through which mail has
4402				been received
4403			c	perform hostname canonification
4404			f	require fully qualified hostname
4405			h	use name of interface for outgoing HELO
4406				command
4407			C	don't perform hostname canonification
4408			E	disallow ETRN (see RFC 2476)
4409	New suboption for ClientPortOptions: Modifiers, i.e.
4410			h	use name of interface for HELO command
4411	The version number for queue files (qf) has been incremented to 4.
4412	Log unacceptable HELO/EHLO domain name attempts if LogLevel is set
4413		to 10 or higher.  Suggested by Rick Troxel of the National
4414		Institutes of Health.
4415	If a mailer dies, print the status in decimal instead of octal
4416		format.  Suggested by Michael Shapiro of Sun Microsystems.
4417	Limit the length of all MX records considered for delivery to 8k.
4418	Move message priority from sender to recipient logging.  Suggested by
4419		Ulrich Windl of the Universitat Regensburg.
4420	Add support for Berkeley DB 3.X.
4421	Add fix for Berkeley DB 2.X fcntl() locking race condition.
4422		Requires a post-2.7.5 version of Berkeley DB.
4423	Support writing traffic log (sendmail -X option) to a FIFO.
4424		Patch submitted by Rick Heaton of Network Associates, Inc.
4425	Do not ignore Timeout settings in the .cf file when a Timeout
4426		sub-options is set on the command line.  Problem noted by
4427		Graeme Hewson of Oracle.
4428	Randomize equal preference MX records each time delivery is
4429		attempted via a new connection to a host instead of once per
4430		session.  Suggested by Scott Salvidio of Compaq.
4431	Implement enhanced status codes as defined by RFC 2034.
4432	Add [hostname] to class w for the names of all interfaces unless
4433		DontProbeInterfaces is set. This is useful for sending mails
4434		to hosts which have dynamically assigned names.
4435	If a message is bounced due to bad MIME conformance, avoid bouncing
4436		the bounce for the same reason.  If the body is not 8-bit
4437		clean, and EightBitMode isn't set to pass8, the body will
4438		not be included in the bounce.  Problem noted by Valdis
4439		Kletnieks of Virginia Tech.
4440	The timeout for sending a message via SMTP has been changed from
4441		'${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which
4442		simply checks for progress on sending data every 5 minutes.
4443		This will detect the inability to send information quicker
4444		and reduce the number of processes simply waiting to
4445		timeout.
4446	Prevent a segmentation fault on systems which give a partial filled
4447		interface address structure when loading the system network
4448		interface addresses.  Fix from Reinier Bezuidenhout of
4449		Nanoteq.
4450	Add a compile-time configuration macro, MAXINTERFACES, which
4451		indicates the number of interfaces to read when probing
4452		for hostnames and IP addresses for class w ($=w).  The
4453		default value is 512.  Based on idea from Reinier
4454		Bezuidenhout of Nanoteq.
4455	If the RefuseLA option is set to 0, do not reject connections based
4456		on load average.
4457	Allow ruleset 0 to have a name.  Problem noted by Neil Rickert of
4458		Northern Illinois University.
4459	Expand the Return-Path: header at delivery time, after "owner-"
4460		envelope splitting has occurred.
4461	Don't try to sort the queue if there are no entries. Patch from
4462		Luke Mewburn from RMIT University.
4463	Add a "/quit" command to address test mode.
4464	Include the proper sender in the UNIX "From " line and Return-Path:
4465		header when undeliverable mail is saved to ~/dead.letter.
4466		Problem noted by Kari Hurtta of the Finnish Meteorological
4467		Institute.
4468	The contents of a class can now be copied to another class using
4469		the syntax: "C{Dest} $={Source}".  This would copy all of
4470		the items in class $={Source} into the class $={Dest}.
4471	Include original envelope's error transcript in bounces created for
4472		split (owner-) envelopes to see the original errors when
4473		the recipients were added.  Based on fix from Motonori
4474		Nakamura of Kyoto University.
4475	Show reason for permanent delivery errors directly after the
4476		addresses.  From Motonori Nakamura of Kyoto University.
4477	Prevent a segmentation fault when bouncing a split-envelope
4478		message.  Patch from Motonori Nakamura of Kyoto University.
4479	If the specification for the queue run interval (-q###) has a
4480		syntax error, consider the error fatal and exit.
4481	Pay attention to CheckpointInterval during LMTP delivery.  Problem
4482		noted by Motonori Nakamura of Kyoto University.
4483	On operating systems which have setlogin(2), use it to set the
4484		login name to the RunAsUserName when starting as a daemon.
4485		This is for delivery to programs which use getlogin().
4486		Based on fix from Motonori Nakamura of Kyoto University.
4487	Differentiate between "command not implemented" and "command
4488		unrecognized" in the SMTP dialogue.
4489	Strip returns from forward and include files.  Problem noted by
4490		Allan E Johannesen of Worcester Polytechnic Institute.
4491	Prevent a core dump when using 'sendmail -bv' on an address which
4492		resolves to the $#error mailer with a temporary failure.
4493		Based on fix from Neil Rickert of Northern Illinois
4494		University.
4495	Prevent multiple deliveries of a message with a "non-local alias"
4496		pointing to a local user, if canonicalization fails
4497		the message was requeued *and* delivered to the alias.
4498	If an invalid ruleset is declared, the ruleset name could be
4499		ignored and its rules added to S0.  Instead, ignore the
4500		ruleset lines as well.
4501	Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient
4502		success DSN fields as well as duplicate entries for a
4503		single address due to S5 and UserDB processing.  Problems
4504		noted by Kari Hurtta of the Finnish Meteorological
4505		Institute.
4506	Turn off timeouts when exiting sendmail due to an interrupt signal
4507		to prevent the timeout from firing during the exit process.
4508		Problem noted by Michael Shapiro of Sun Microsystems.
4509	Do not append @MyHostName to non-RFC822 addresses output by the EXPN
4510		command or on Final-Recipient: and X-Actual-Recipient: DSN
4511		headers.  Non-RFC822 addresses include deliveries to
4512		programs, file, DECnet, etc.
4513	Fix logic for determining if a local user is using -f or -bs to
4514		spoof their return address.  Based on idea from Neil Rickert
4515		of Northern Illinois University and patch from Per Hedeland
4516		of Ericsson.
4517	Report the proper UID in the bounce message if an :include: file is
4518		owned by a uid that doesn't map to a username and the
4519		:include: file contains delivery to a file or program.
4520		Problem noted by John Beck of Sun Microsystems.
4521	Avoid the attempt of trying to send a second SMTP QUIT command if
4522		the remote server responds to the first QUIT with a 4xx
4523		response code and drops the connection.  This behavior was
4524		noted by Ulrich Windl of the Universitat Regensburg when
4525		sendmail was talking to the Mercury 1.43 MTA.
4526	If a hostname lookup times out and ServiceSwitchFile is set but the
4527		file is not present, the lookup failure would be marked as
4528		a permanent failure instead of a temporary failure.  Fix
4529		from Russell King of the ARM Linux Project.
4530	Handle aliases or forwards which deliver to programs using tabs
4531		instead of spaces between arguments.  Problem noted by Randy
4532		Wormser.  Fix from Neil Rickert of Northern Illinois
4533		University.
4534	Allow MaxRecipientsPerMessage option to be set on the command line
4535		by normal users (e.g., sendmail won't drop its root
4536		privileges) to allow overrides for message submission via
4537		'sendmail -bs'.
4538	Set the names for help file and statistics file to "helpfile" and
4539		"statistics", respectively, if no parameters are given for
4540		them in the .cf file.
4541	Avoid bogus 'errbody: I/O Error -7' log messages when sending
4542		success DSN messages for messages relayed to non-DSN aware
4543		systems.  Problem noted by Juergen Georgi of RUS University
4544		of Stuttgart and Kyle Tucker of Parexel International.
4545	Prevent +detail information from interfering with local delivery to
4546		multiple users in the same transaction (F=m).
4547	Add H_FORCE flag for the X-Authentication-Warning: header, so it
4548		will be added even if one already exists.  Problem noted
4549		by Michal Zalewski of Marchew Industries.
4550	Stop processing SMTP commands if the SMTP connection is dropped.
4551		This prevents a remote system from flooding the connection
4552		with commands and then disconnecting.  Previously, the
4553		server would process all of the buffered commands.  Problem
4554		noted by Michal Zalewski of Marchew Industries.
4555	Properly process user-supplied headers beginning with '?'.  Problem
4556		noted by Michal Zalewski of Marchew Industries.
4557	If multiple header checks resolve to the $#error mailer, use the
4558		last permanent (5XX) failure if any exist.  Otherwise, use
4559		the last temporary (4XX) failure.
4560	RFC 1891 requires "hexchar" in a "xtext" to be upper case.  Patch
4561		from Ronald F. Guilmette of Infinite Monkeys & Co.
4562	Timeout.ident now defaults to 5 seconds instead of 30 seconds to
4563		prevent the now common delays associated with mailing to a
4564		site which drops IDENT packets.  Suggested by many.
4565	Persistent host status data is not reloaded disk when current data
4566		is available in the in-memory cache.  Problem noted by Per
4567		Hedeland of Ericsson.
4568	mailq displays unprintable characters in addresses as their octal
4569		representation and a leading backslash.  This avoids problems
4570		with "unprintable" characters.  Problem noted by Michal
4571		Zalewski of the "Internet for Schools" project (IdS).
4572	The mail line length limit (L= equate) was adding the '!' indicator
4573		one character past the limit.  This would cause subsequent
4574		hops to break the line again.  The '!' is now placed in
4575		the last column of the limit if the line needs to be broken.
4576		Problem noted by Joe Pruett of Q7 Enterprises.  Based on fix
4577		from Per Hedeland of Ericsson.
4578	If a resolver ANY query is larger than the UDP packet size, the
4579		resolver will fall back to TCP.  However, some
4580		misconfigured firewalls black 53/TCP so the ANY lookup
4581		fails whereas an MX or A record might succeed.  Therefore,
4582		don't fail on ANY queries.
4583	If an SMTP recipient is rejected due to syntax errors in the
4584		address, do not send an empty postmaster notification DSN
4585		to the postmaster.  Problem noted by Neil Rickert of
4586		Northern Illinois University.
4587	Allow '_' and '.' in map names when parsing a sequence map
4588		specification.  Patch from William Setzer of North Carolina
4589		State University.
4590	Fix hostname in logging of read timeouts for the QUIT command on
4591		cached connections.  Problem noted by Neil Rickert of
4592		Northern Illinois University.
4593	Use a more descriptive entry to log "null" connections, i.e.,
4594		"host did not issue MAIL/EXPN/VRFY/ETRN during connection".
4595	Fix a file descriptor leak in ONEX mode.
4596	Portability:
4597		Reverse signal handling logic such that sigaction(2) with
4598			the SA_RESTART flag is the preferred method and the
4599			other signal methods are only tried if SA_RESTART
4600			is not available.  Problem noted by Allan E
4601			Johannesen of Worcester Polytechnic Institute.
4602		AIX 4.x supports the sa_len member of struct sockaddr.
4603			This allows network interface probing to work
4604			properly.  Fix from David Bronder of the
4605			University of Iowa.
4606		AIX 4.3 has snprintf() support.
4607		Use "PPC" as the architecture name when building under
4608			AIX.  This will be reflected in the obj.* directory
4609			name.
4610		Apple Darwin support based on Apple Rhapsody port.
4611		Fixed AIX 'make depend' method from Valdis Kletnieks of
4612			Virginia Tech.
4613		Digital UNIX has uname(2).
4614		GNU Hurd updates from Mark Kettenis of the University of
4615			Amsterdam.
4616		Improved HPUX 11.0 portability.
4617		Properly determine the number of CPUs on FreeBSD 2.X,
4618			FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X.
4619		Remove special IRIX ABI cases from Build script and the OS
4620			files.  Use the standard 'cc' options used by SGI
4621			in building the operating system.  Users can
4622			override the defaults by setting confCC and
4623			confLIBSEARCHPATH appropriately.
4624		IRIX nsd map support from Bob Mende of SGI.
4625		Minor devtools fixes for IRIX from Bob Mende of SGI.
4626		Linux patch for IP_SRCROUTE support from Joerg Dorchain
4627			of MW EDV & ELECTRONIC.
4628		Linux now uses /usr/sbin for confEBINDIR in the build
4629			system.  From MATSUURA Takanori of Osaka University.
4630		Remove special treatment for Linux PPC in the build
4631			system.  From MATSUURA Takanori of Osaka University.
4632		Motorolla UNIX SYSTEM V/88 Release 4.0 support from
4633			Sergey Rusanov of the Republic of Udmurtia.
4634		NCR MP-RAS 3.x includes regular expression support.  From
4635			Tom J. Moore of NCR.
4636		NEC EWS-UX/V series settings for _PATH_VENDOR_CF and
4637			_PATH_SENDMAILPID from Oota Toshiya of
4638			NEC Computers Group Planning Division.
4639		Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D.
4640		NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and
4641			1024 in conf.h.  Since confENVDEF would be used,
4642			use that value in conf.h.
4643		Use NeXT's NETINFO to get domain name.  From Gerd Knops of
4644			BITart Consulting.
4645		Use NeXT's NETINFO for alias and hostname resolution if
4646			AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are
4647			defined.  Patch from Wilfredo Sanchez of Apple
4648			Computer, Inc.
4649		NeXT portability tweaks.  Problems reported by Dragan
4650			Milicic of the University of Utah and J. P. McCann
4651			of E I A.
4652		New compile flag FAST_PID_RECYCLE: set this if your system
4653			can reuse the same PID in the same second.
4654		New compile flag HASFCHOWN: set this if your OS has
4655			fchown(2).
4656		New compile flag HASRANDOM: set this to 0 if your OS does
4657			not have random(3).  rand() will be used instead.
4658		New compile flag HASSRANDOMDEV: set this if your OS has
4659			srandomdev(3).
4660		New compile flag HASSETLOGIN: set this if your OS has
4661			setlogin(2).
4662		Replace SINIX and ReliantUNIX support with version
4663			specific SINIX files.  From Gerald Rinske of
4664			Siemens Business Services.
4665		Use the 60-second load average instead of the 5 second load
4666			average on Compaq Tru64 UNIX (formerly Digital
4667			UNIX).  From Chris Teakle of the University of Qld.
4668		Use ANSI C by default for Compaq Tru64 UNIX.  Suggested by
4669			Randall Winchester of Swales Aerospace.
4670		Correct setgroups() prototype for Compaq Tru64 UNIX.
4671			Problem noted by Randall Winchester of Swales
4672			Aerospace.
4673		Hitachi 3050R/3050RX and 3500 Workstations running
4674			HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori
4675			NAKAMURA of Kyoto University.
4676		New compile flag NO_GETSERVBYNAME: set this to disable
4677			use of getservbyname() on systems which can
4678			not lookup a service by name over NIS, such as
4679			HI-UX.  Patch from Motonori NAKAMURA of Kyoto
4680			University.
4681		Use devtools/bin/install.sh on SCO 5.x.  Problem noted
4682			by Sun Wenbing of the China Engineering and
4683			Technology Information Network.
4684		make depend didn't work properly on UNIXWARE 4.2.  Problem
4685			noted by Ariel Malik of Netology, Ltd.
4686		Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
4687		Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD,
4688			and OpenBSD.
4689		A recent Compaq Ultrix 4.5 Y2K patch has broken detection
4690			of local_hostname_length().  See sendmail/README
4691			for more details.  Problem noted by Allan E
4692			Johannesen of Worcester Polytechnic Institute.
4693	CONFIG: Begin using /etc/mail/ for sendmail related files.  This
4694		affects a large number of files.  See cf/README for more
4695		details.
4696	CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including
4697		trailing slash) for the mail settings directory.
4698	CONFIG: Increment version number of config file to 9.
4699	CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been
4700		deprecated and may be removed from a future release.
4701		BSD/OS users should begin using OSTYPE(`bsdi').
4702	CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root.  This
4703		requires a new OSTYPE(`openbsd').  From Todd C. Miller of
4704		Courtesan Consulting.
4705	CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X.
4706	CONFIG: A syntax error in check_mail would cause fake top-level
4707		domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to
4708		be improperly rejected as unresolvable.
4709	CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of
4710		DNS server, rejection message) and can be included
4711		multiple times.
4712	CONFIG: New FEATURE(`relay_mail_from') allows relaying if the
4713		mail sender is listed as RELAY in the access map (and tagged
4714		with From:).
4715	CONFIG: Optional tagging of LHS in the access map (Connect:,
4716		From:, To:) to enable finer control.
4717	CONFIG: New FEATURE(`ldap_routing') implements LDAP address
4718		routing.  See cf/README for a complete description of the
4719		new functionality.
4720	CONFIG: New variables for the new sendmail options:
4721		confAUTH_MECHANISMS		AuthMechanisms
4722		confAUTH_OPTIONS		AuthOptions
4723		confCLIENT_OPTIONS		ClientPortOptions
4724		confCONTROL_SOCKET_NAME		ControlSocketName
4725		confDEAD_LETTER_DROP		DeadLetterDrop
4726		confDEF_AUTH_INFO		DefaultAuthInfo
4727		confDF_BUFFER_SIZE		DataFileBufferSize
4728		confLDAP_DEFAULT_SPEC		LDAPDefaultSpec
4729		confMAX_ALIAS_RECURSION		MaxAliasRecursion
4730		confMAX_HEADERS_LENGTH		MaxHeadersLength
4731		confMAX_MIME_HEADER_LENGTH	MaxMimeHeaderLength
4732		confPID_FILE			PidFile
4733		confPROCESS_TITLE_PREFIX	ProcessTitlePrefix
4734		confRRT_IMPLIES_DSN		RrtImpliesDsn
4735		confTO_CONTROL			Timeout.control
4736		confTO_RESOLVER_RETRANS		Timeout.resolver.retrans
4737		confTO_RESOLVER_RETRANS_FIRST	Timeout.resolver.retrans.first
4738		confTO_RESOLVER_RETRANS_NORMAL	Timeout.resolver.retrans.normal
4739		confTO_RESOLVER_RETRY		Timeout.resolver.retry
4740		confTO_RESOLVER_RETRY_FIRST	Timeout.resolver.retry.first
4741		confTO_RESOLVER_RETRY_NORMAL	Timeout.resolver.retry.normal
4742		confTRUSTED_USER		TrustedUser
4743		confXF_BUFFER_SIZE		XscriptFileBufferSize
4744	CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(),
4745		which takes the options as argument and can be used
4746		multiple times; see cf/README for details.
4747	CONFIG: Add a fifth mailer definition to MAILER(`smtp') called
4748		"dsmtp".  This mail provides on-demand delivery using the
4749		F=% mailer flag described above.  The "dsmtp" mailer
4750		definition uses the new DSMTP_MAILER_ARGS which defaults
4751		to "IPC $h".
4752	CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS,
4753		and RELAY_MAILER_MAXMSGS for setting the m= equate for the
4754		local, smtp, and relay mailers respectively.
4755	CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting
4756		the DSN Diagnostic-Code type for the local mailer.  The
4757		value should be changed with care.
4758	CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type
4759		for the local mailer to the proper value of "SMTP".
4760	CONFIG: All included maps are no longer optional by default; if
4761		there there is a problem with a map, sendmail will
4762		complain.
4763	CONFIG: Removed root from class E; use EXPOSED_USER(`root')
4764		to get the old behavior.  Suggested by Joe Pruett
4765		of Q7 Enterprises.
4766	CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which
4767		will not be masqueraded.  Proposed by Arne Wichmann
4768		of MPI Saarbruecken, Griff Miller of PGS Tensor,
4769		Jayme Cox of Broderbund Software Inc.
4770	CONFIG: A list of exceptions for FEATURE(`nocanonify') can be
4771		specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE,
4772		i.e., a list of domains which are passed to $[ ... $]
4773		for canonification. Based on an idea from Neil Rickert
4774		of Northern Illinois University.
4775	CONFIG: If `canonify_hosts' is specified as parameter for
4776		FEATURE(`nocanonify') then addresses which have only
4777		a hostname, e.g., <user@host>, will be canonified.
4778	CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is
4779		nevertheless added to addresses with more than one component
4780		in it.
4781	CONFIG: Canonification is no longer attempted for any host or domain
4782		in class 'P' ($=P).
4783	CONFIG: New class for matching virtusertable entries $={VirtHost} that
4784		can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE.
4785		FEATURE(`virtuser_entire_domain') can be used to apply this
4786		class also to entire subdomains.  Hosts in this class are
4787		treated as canonical in SCanonify2, i.e., a trailing dot
4788		is added.
4789	CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used,
4790		include $={VirtHost} in $=R (hosts allowed to relay).
4791	CONFIG: FEATURE(`generics_entire_domain') can be used to apply the
4792		genericstable also to subdomains of $=G.
4793	CONFIG: Pass "+detail" as %2 for virtusertable lookups.
4794		Patch from Noam Freedman from University of Chicago.
4795	CONFIG: Pass "+detail" as %1 for genericstable lookups.  Suggested
4796		by Raymond S Brand of rsbx.net.
4797	CONFIG: Allow @domain in genericstable to override masquerading.
4798		Suggested by Owen Duffy from Owen Duffy & Associates.
4799	CONFIG: LOCAL_DOMAIN() adds entries to class w.  Suggested by Steve
4800		Hubert of University of Washington.
4801	CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as
4802		GNU is now the canonical system name.  From Mark
4803		Kettenis of the University of Amsterdam.
4804	CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman.
4805	CONFIG: Do not include '=' in option expansion if there is no value
4806		associated with the option.  From Andrew Brown of
4807		Graffiti World Wide, Inc.
4808	CONFIG: Add MAILER(`qpage') to define a new pager mailer.  Contributed
4809		by Philip A. Prindeville of Enteka Enterprise Technology
4810		Services.
4811	CONFIG: MAILER(`cyrus') was not preserving case for mail folder
4812		names.  Problem noted by Randall Winchester of Swales
4813		Aerospace.
4814	CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags
4815		for the relay mailer.  Suggested by Doug Hughes of Auburn
4816		University and Brian Candler.
4817	CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path:
4818		header) by default.  Suggested by Per Hedeland of Ericsson.
4819	CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host].
4820		Suggested by Kari Hurtta of the Finnish Meteorological
4821		Institute.
4822	CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS;
4823		i.e., to set, add, or delete flags.
4824	CONFIG: If SMTP AUTH is used then relaying is allowed for any user
4825		who authenticated via a "trusted" mechanism, i.e., one that
4826		is defined via TRUST_AUTH_MECH(`list of mechanisms').
4827	CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay
4828		after check_rcpt and allows for exceptions from the checks.
4829	CONFIG: Map declarations have been moved into their associated
4830		feature files to allow greater flexibility in use of
4831		sequence maps.  Suggested by Per Hedeland of Ericsson.
4832	CONFIG: New macro LOCAL_MAILER_EOL to override the default end of
4833		line string for the local mailer.  Requested by Il Oh of
4834		Willamette Industries, Inc.
4835	CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is
4836		converted to <user@d>
4837	CONFIG: Reject bogus return address of <@@hostname>, generated by
4838		Sun's older, broken configuration files.
4839	CONFIG: FEATURE(`nullclient') now provides the full rulesets of a
4840		normal configuration, allowing anti-spam checks to be
4841		performed.
4842	CONFIG: Don't return a permanent error (Relaying denied) if
4843		${client_name} can't be resolved just temporarily.
4844		Suggested by Kari Hurtta of the Finnish Meteorological
4845		Institute.
4846	CONFIG: Change numbered rulesets into named (which still can
4847		be accessed by their numbers).
4848	CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial
4849		which describes whether to disallow "!" in the local part
4850		of an address.
4851	CONFIG: Call Local_localaddr from localaddr (S5) which can be used
4852		to rewrite an address from a mailer which has the F=5 flag
4853		set.  If the ruleset returns a mailer, the appropriate
4854		action is taken, otherwise the returned tokens are ignored.
4855	CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4
4856		and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4.
4857		The latter is kept around for backward compatibility.
4858	CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries,
4859		where "D.S.N" is an RFC 1893 compliant error code.
4860	CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX).
4861	CONFIG: Remove second space between username and date in UNIX From_
4862		line.  Noted by Allan E Johannesen of Worcester Polytechnic
4863		Institute.
4864	CONFIG: Make sure all of the mailers have complete T= equates.
4865	CONFIG: Extend FEATURE(`local_procmail') so it can now take
4866		arguments overriding the mailer program, arguments, and
4867		mailer definition flags.  This makes it possible to use
4868		other programs such as maildrop for local delivery.
4869	CONFIG: Emit warning if FEATURE(`local_lmtp') or
4870		FEATURE(`local_procmail') is given after MAILER(`local').
4871		Patch from Richard A. Nelson of IBM.
4872	CONFIG: Add SMTP Authentication information to Received: header
4873		default value (confRECEIVED_HEADER).
4874	CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a
4875		local mailer.  Problem noted by Per Hedeland of Ericsson.
4876	CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the
4877		University of California at Berkeley.
4878	CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of
4879		Illinois at Urbana-Champaign.
4880	CONTRIB: etrn.pl now recognizes bogus host names.  Patch from
4881		Bruce Barnett of GE's R&D Lab.
4882	CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle
4883		Corporation UK.
4884	CONTRIB: Added qtool.pl to assist in managing the queues.
4885	DEVTOOLS: Prevent user environment variables from interfering with
4886		the Build scripts.  Problem noted by Ezequiel H. Panepucci of
4887		Yale University.
4888	DEVTOOLS: 'Build -M' will display the obj.* directory which will
4889		be used for building.
4890	DEVTOOLS: 'Build -A' will display the architecture that would be
4891		used for a fresh build.
4892	DEVTOOLS: New variable confRANLIB, set automatically by configure.sh.
4893	DEVTOOLS: New variable confRANLIBOPTS for the options to send to
4894		ranlib.
4895	DEVTOOLS: 'Build -O <path>' will have the object files build in
4896		<path>/obj.*.  Suggested by Bryan Costales of Exactis.
4897	DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the
4898		building of the man pages when defined.  Suggested by Bryan
4899		Costales.
4900	DEVTOOLS: New variables confNO_HELPFILE_INSTALL and
4901		confNO_STATISTICS_INSTALL which will prevent the
4902		installation of the sendmail helpfile and statistics file
4903		respectively.  Suggested by Bryan Costales.
4904	DEVTOOLS: Recognize ReliantUNIX as SINIX.  Patch from Gerald Rinske
4905		of Siemens Business Services.
4906	DEVTOOLS: New variable confSTDIO_TYPE which defines the type of
4907		stdio library.  The new buffered file I/O depends on the
4908		Torek stdio library.  This option can be either portable or
4909		torek.
4910	DEVTOOLS: New variables confSRCADD and confSMSRCADD which
4911		correspond to confOBJADD and confSMOBJADD respectively.
4912		They should contain the C source files for the object files
4913		listed in confOBJADD and confSMOBJADD.  These file names
4914		will be passed to the 'make depend' stage of compilation.
4915	DEVTOOLS: New program specific variables for each of the programs
4916		in the sendmail distribution.  Each has the form
4917		`conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'.
4918		The new variables are conf_prog_ENVDEF, conf_prog_LIBS,
4919		conf_prog_SRCADD, and conf_prog_OBJADD.
4920	DEVTOOLS: Build system redesign.  This should have little affect on
4921		building the distribution, but documentation on the changes
4922		are in devtools/README.
4923	DEVTOOLS: Don't allow 'Build -f file' if an object directory already
4924		exists.  Suggested by Valdis Kletnieks of Virginia Tech.
4925	DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies
4926		the path to the sendmail source directory.  confSRCDIR is a
4927		new variable which identifies the root of the source
4928		directories for all of the programs in the distribution.
4929	DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build
4930		time.  They can both still be overridden by setting the m4
4931		macro.
4932	DEVTOOLS: confSBINGRP now defaults to bin instead of kmem.
4933	DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for
4934		build configurations, and places objects in obj.prefix.*/.
4935		Complains as 'Build -f file' does for existing object
4936		directories.  Suggested by Tom Smith of Digital Equipment
4937		Corporation.
4938	DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted
4939		manual pages in the directory tree specified by
4940		confMANROOTMAN.
4941	DEVTOOLS: If formatting the manual pages fails, copy in the
4942		preformatted pages from the distribution.  The new variable
4943		confCOPY specifies the copying program.
4944	DEVTOOLS: Defining confFORCE_RMAIL will install rmail without
4945		question.  Suggested by Terry Lambert of Whistle
4946		Communications.
4947	DEVTOOLS: confSTFILE and confHFFILE can be used to change the names
4948		of the installed statistics and help files, respectively.
4949	DEVTOOLS: Remove spaces in `uname -r` output when determining
4950		operating system identity.  Problem noted by Erik
4951		Wachtenheim of Dartmouth College.
4952	DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that
4953		will be search for the libraries specified in confLIBSEARCH.
4954		Defaults to "/lib /usr/lib /usr/shlib".
4955	DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying
4956		how to strip binaries.  These are used by the new
4957		install-strip target.
4958	DEVTOOLS: New config file site.post.m4 which is included after
4959		the others (if it exists).
4960	DEVTOOLS: Change order of LIBS: first product specific libraries
4961		then the default ones.
4962	MAIL.LOCAL: Will not be installed set-user-ID root.  To use mail.local
4963		as local delivery agent without LMTP mode, use
4964		MODIFY_MAILER_FLAGS(`LOCAL', `+S')
4965		to set the S flag.
4966	MAIL.LOCAL: Do not reject addresses which would otherwise be
4967		accepted by sendmail.  Suggested by Neil Rickert of
4968		Northern Illinois University.
4969	MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise
4970		8BITMIME in the LHLO response.  Suggested by Kari Hurtta of
4971		the Finnish Meteorological Institute.
4972	MAIL.LOCAL: Add support for the maillock() routines by defining
4973		MAILLOCK when compiling.  Also requires linking with
4974		-lmail.  Patch from Neil Rickert of Northern Illinois
4975		University.
4976	MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is
4977		defined when compiling.  Automatically set for Solaris 2.3
4978		and later.  Patch from Neil Rickert of Northern Illinois
4979		University.
4980	MAIL.LOCAL: Move the initialization of the 'notifybiff' address
4981		structure to the beginning of the program.  This ensures that
4982		the getservbyname() is done before any seteuid to a possibly
4983		unauthenticated user.  If you are using NIS+ and secure RPC
4984		on a Solaris system, this avoids syslog messages such as,
4985		"authdes_refresh: keyserv(1m) is unable to encrypt session
4986		key."  Patch from Neil Rickert of Northern Illinois
4987		University.
4988	MAIL.LOCAL: Support group writable mail spool files when MAILGID is
4989		set to the gid to use (-DMAILGID=6) when compiling.
4990		Patch from Neil Rickert of Northern Illinois University.
4991	MAIL.LOCAL: When a mail message included lines longer than 2046
4992		characters (in LMTP mode), mail.local split the incoming
4993		line up into 2046-character output lines (excluding the
4994		newline).  If an input line was 2047 characters long
4995		(excluding CR-LF) and the last character was a '.',
4996		mail.local saw it as the end of input, transfered it to the
4997		user mailbox and tried to write an `ok' back to sendmail.
4998		If the message was much longer, both sendmail and
4999		mail.local would deadlock waiting for each other to read
5000		what they have written.  Problem noted by Peter Jeremy of
5001		Alcatel Australia Limited.
5002	MAIL.LOCAL: New option -b to return a permanent error instead of a
5003		temporary error if a mailbox exceeds quota.  Suggested by
5004		Neil Rickert of Northern Illinois University.
5005	MAIL.LOCAL: The creation of a lockfile is subject to a global
5006		timeout to avoid starvation.
5007	MAIL.LOCAL: Properly parse addresses with multiple quoted
5008		local-parts.  Problem noted by Ronald F. Guilmette of
5009		Infinite Monkeys & Co.
5010	MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR.
5011	MAILSTATS: New -p option to invoke program mode in which stats are
5012		printed in a machine readable fashion and the stats file
5013		is reset.  Patch from Kevin Hildebrand of the University
5014		of Maryland.
5015	MAKEMAP: If running as root, automatically change the ownership of
5016		generated maps to the TrustedUser as specified in the
5017		sendmail configuration file.
5018	MAKEMAP: New -C option to accept an alternate sendmail
5019		configuration file to use for finding the TrustedUser
5020		option.
5021	MAKEMAP: New -u option to dump (unmap) a database.  Based on
5022		code contributed by Roy Mongiovi of Georgia Tech.
5023	MAKEMAP: New -e option to allow empty values.  Suggested by Philip
5024		A. Prindeville of Enteka Enterprise Technology Services.
5025	MAKEMAP: Compile cleanly on 64-bit operating systems.  Problem
5026		noted by Gerald Rinske of Siemens Business Services.
5027	OP.ME: Correctly document interaction between F=S and U= mailer
5028		equates.  Problem noted by Bob Halley of Internet Engines.
5029	OP.ME: Fixup Timeout documentation.  From Graeme Hewson of Oracle
5030		Corporation UK.
5031	OP.ME: The Timeout [r] option was incorrectly listed as "safe"
5032		(e.g., sendmail would not drop root privileges if the
5033		option was specified on the command line).  Problem noted
5034		by Todd C. Miller of Courtesan Consulting.
5035	PRALIASES: Handle the hash and btree map specifications for
5036		Berkeley DB.  Patch from Brian J. Coan of the
5037		Institute for Global Communications.
5038	PRALIASES: Read the sendmail.cf file for the location(s) of the
5039		alias file(s) if the -f option is not used.  Patch from
5040		John Beck of Sun Microsystems.
5041	PRALIASES: New -C option to specify an alternate sendmail
5042		configuration file to use for finding alias file(s).  Patch
5043		from John Beck of Sun Microsystems.
5044	SMRSH: allow shell commands echo, exec, and exit.  Allow command
5045		lists using || and &&.  Based on patch from Brian J. Coan
5046		of the Institute for Global Communications.
5047	SMRSH: Update README for the new Build system.  From Tim Pierce
5048		of RootsWeb Genealogical Data Cooperative.
5049	VACATION: Added vacation auto-responder to sendmail distribution.
5050	LIBSMDB: Added abstracted database library.  Works with Berkeley
5051		DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM.
5052	Changed Files:
5053		The Build script in the various program subdirectories are
5054			no longer symbolic links.  They are now scripts
5055			which execute the actual Build script in
5056			devtools/bin.
5057		All the manual pages are now written against -man and not
5058			-mandoc as they were previously.
5059		Add a simple Makefile to every directory so make instead
5060			of Build will work (unless parameters are
5061			required for Build).
5062	New Directories:
5063		devtools/M4/UNIX
5064		include
5065		libmilter
5066		libsmdb
5067		libsmutil
5068		vacation
5069	Renamed Directories:
5070		BuildTools => devtools
5071		src => sendmail
5072	Deleted Files:
5073		cf/m4/nullrelay.m4
5074		devtools/OS/Linux.ppc
5075		devtools/OS/ReliantUNIX
5076		devtools/OS/SINIX
5077		sendmail/ldap_map.h
5078	New Files:
5079		INSTALL
5080		PGPKEYS
5081		cf/cf/generic-linux.cf
5082		cf/cf/generic-linux.mc
5083		cf/feature/delay_checks.m4
5084		cf/feature/dnsbl.m4
5085		cf/feature/generics_entire_domain.m4
5086		cf/feature/no_default_msa.m4
5087		cf/feature/relay_mail_from.m4
5088		cf/feature/virtuser_entire_domain.m4
5089		cf/mailer/qpage.m4
5090		cf/ostype/bsdi.m4
5091		cf/ostype/hpux11.m4
5092		cf/ostype/openbsd.m4
5093		contrib/bounce-resender.pl
5094		contrib/domainmap.m4
5095		contrib/qtool.8
5096		contrib/qtool.pl
5097		devtools/M4/depend/AIX.m4
5098		devtools/M4/list.m4
5099		devtools/M4/string.m4
5100		devtools/M4/subst_ext.m4
5101		devtools/M4/switch.m4
5102		devtools/OS/Darwin
5103		devtools/OS/GNU
5104		devtools/OS/SINIX.5.43
5105		devtools/OS/SINIX.5.44
5106		devtools/OS/m88k
5107		devtools/bin/find_in_path.sh
5108		mail.local/Makefile
5109		mailstats/Makefile
5110		makemap/Makefile
5111		praliases/Makefile
5112		rmail/Makefile
5113		sendmail/Makefile
5114		sendmail/bf.h
5115		sendmail/bf_portable.c
5116		sendmail/bf_portable.h
5117		sendmail/bf_torek.c
5118		sendmail/bf_torek.h
5119		sendmail/shmticklib.c
5120		sendmail/statusd_shm.h
5121		sendmail/timers.c
5122		sendmail/timers.h
5123		smrsh/Makefile
5124		vacation/Makefile
5125	Renamed Files:
5126		cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4
5127		sendmail/cdefs.h => include/sendmail/cdefs.h
5128		sendmail/sendmail.hf => sendmail/helpfile
5129		sendmail/mailstats.h => include/sendmail/mailstats.h
5130		sendmail/pathnames.h => include/sendmail/pathnames.h
5131		sendmail/safefile.c => libsmutil/safefile.c
5132		sendmail/snprintf.c => libsmutil/snprintf.c
5133		sendmail/useful.h => include/sendmail/useful.h
5134		cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4
5135	Copied Files:
5136		cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4
5137
51388.9.3/8.9.3	1999/02/04
5139	SECURITY: Limit message headers to a maximum of 32K bytes (total
5140		of all headers in a single message) to prevent a denial of
5141		service attack.  This limit will be configurable in 8.10.
5142		Problem noted by Michal Zalewski of the "Internet for
5143		Schools" project (IdS).
5144	Prevent segmentation fault on an LDAP lookup if the LDAP map
5145		was closed due to an earlier failure.  Problem noted by
5146		Jeff Wasilko of smoe.org.  Fix from Booker Bense of
5147		Stanford University and Per Hedeland of Ericsson.
5148	Preserve the order of the MIME headers in multipart messages
5149		when performing the MIME header length check.  This
5150		will allow PGP signatures to function properly.  Problem
5151		noted by Lars Hecking of University College, Cork, Ireland.
5152	If ruleset 5 rewrote the local address to an :include: directive,
5153		the delivery would fail with an "aliasing/forwarding loop
5154		broken" error.  Problem noted by Eric C Hagberg of Morgan
5155		Stanley.  Fix from Per Hedeland of Ericsson.
5156	Allow -T to work for bestmx maps.  Fix from Aaron Schrab of
5157		ExecPC Internet Systems.
5158	During the transfer of a message in an SMTP transaction, if a
5159		TCP timeout occurs, the message would be properly queued
5160		for later retry but the failure would be logged as
5161		"Illegal Seek" instead of a timeout.  Problem noted by
5162		Piotr Kucharski of the Warsaw School of Economics (SGH)
5163		and Carles Xavier Munyoz Baldo of CTV Internet.
5164	Prevent multiple deliveries on a self-referencing alias if the
5165		F=w mailer flag is not set.  Problem noted by Murray S.
5166		Kucherawy of Concentric Network Corporation and Per
5167		Hedeland of Ericsson.
5168	Do not strip empty headers but if there is no value and a
5169		default is defined in sendmail.cf, use the default.
5170		Problem noted by Philip Guenther of Gustavus Adolphus
5171		College and Christopher McCrory of Netus, Inc.
5172	Don't inherit information about the sender (notably the full name)
5173		in SMTP (-bs) mode, since this might be called from inetd.
5174	Accept any 3xx reply code in response to DATA command instead of
5175		requiring 354.  This change will match the wording to be
5176		published in the updated SMTP specification from the DRUMS
5177		group of the IETF.
5178	Portability:
5179		AIX 4.2.0 or 4.2.1 may become updated by the fileset
5180			bos.rte.net level 4.2.0.2.  This introduces the
5181			softlink /usr/lib/libbind.a which should
5182			not be used.  It conflicts with the resolver
5183			built into libc.a.  "bind" has been removed
5184			from the confLIBSEARCH BuildTools variable.
5185			Users who have installed BIND 8.X will have
5186			to add it back in their site.config.m4 file.
5187			Problem noted by Ole Holm Nielsen of the
5188			Technical University of Denmark.
5189		CRAY TS 10.0.x from Sven Nielsen of San Diego
5190			Supercomputer Center.
5191		Improved LDAP version 3 integration based on input
5192			from Kurt D. Zeilenga of the OpenLDAP Foundation,
5193			John Beck of Sun Microsystems, and Booker Bense
5194			of Stanford University.
5195		Linux doesn't have a standard way to get the timezone
5196			between different releases.  Back out the
5197			change in 8.9.2 and don't attempt to derive
5198			a timezone.  Problem reported by Igor S. Livshits
5199			of the University of Illinois at Urbana-Champaign
5200			and Michael Dickens of Tetranet Communications.
5201		Reliant UNIX, the new name for SINIX, from Gert-Jan Looy
5202			of Siemens/SNI.
5203		SunOS 5.8 from John Beck of Sun Microsystems.
5204	CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper
5205		timezone.  Problem noted by Petr Lampa of Technical
5206		University of Brno.
5207	CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly
5208		when using FEATURE(bestmx_is_local).  Patch from Neil W.
5209		Rickert of Northern Illinois University.
5210	CONFIG: Properly handle source routed and %-hack addresses on
5211		hosts which the mailertable remaps to local:.  Patch from
5212		Neil W. Rickert of Northern Illinois University.
5213	CONFIG: Internal fixup of mailertable local: map value.  Patch from
5214		Larry Parmelee of Cornell University.
5215	CONFIG: Only add back +detail from host portion of mailer triplet
5216		on local mailer triplets if it was originally +detail.
5217		Patch from Neil W. Rickert of Northern Illinois University.
5218	CONFIG: The bestmx_is_local checking done in check_rcpt would
5219		cause later checks to fail.  Patch from Paul J Murphy of
5220		MIDS Europe.
5221	New Files:
5222		BuildTools/OS/CRAYTS.10.0.x
5223		BuildTools/OS/ReliantUNIX
5224		BuildTools/OS/SunOS.5.8
5225
52268.9.2/8.9.2	1998/12/30
5227	SECURITY: Remove five second sleep on accepting daemon connections
5228		due to an accept() failure.  This sleep could be used
5229		for a denial of service attack.
5230	Do not silently ignore queue files with names which are too long.
5231		Patch from Bryan Costales of InfoBeat, Inc.
5232	Do not store failures closing an SMTP session in persistent
5233		host status.  Reported by Graeme Hewson of Oracle
5234		Corporation UK.
5235	Allow symbolic link forward files if they are in safe directories.
5236		Problem noted by Andreas Schott of the Max Planck Society.
5237	Missing columns in a text map could cause a segmentation fault.
5238		Fix from David Lee of the University of Durham.
5239	Note that for 8.9.X, PrivacyOptions=goaway also includes the
5240		noetrn flag.  This is scheduled to change in a future
5241		version of sendmail.  Problem noted by Theo Van Dinter of
5242		Chrysalis Symbolic Designa and Alan Brown of Manawatu
5243		Internet Services.
5244	When trying to do host canonification in a Wildcard MX
5245		environment, try an MX lookup of the hostname without the
5246		default domain appended.  Problem noted by Olaf Seibert of
5247		Polderland Language & Speech Technology.
5248	Reject SMTP RCPT To: commands with only comments (i.e.
5249		'RCPT TO: (comment)'.  Problem noted by Earle Ake of
5250		Hassler Communication Systems Technology, Inc.
5251	Handle any number of %s in the LDAP filter spec.  Patch from
5252		Per Hedeland of Ericsson.
5253	Clear ldapx open timeouts even if the map open failed to prevent
5254		a segmentation fault.  Patch from Wayne Knowles of the
5255		National Institute of Water & Atmospheric Research Ltd.
5256	Do not syslog envelope clone messages when using address
5257		verification (-bv).  Problem noted by Kari Hurtta of the
5258		Finnish Meteorological Institute.
5259	Continue to perform queue runs while in daemon mode even if the
5260		daemon is rejecting connections due to a disk full
5261		condition.  Problem noted by JR Oldroyd of TerraNet
5262		Internet Services.
5263	Include full filename on installation of the sendmail.hf file
5264		in case the $HFDIR directory does not exist.  Problem
5265		noted by Josef Svitak of Montana State University.
5266	Close all maps when exiting the process with one exception.
5267		Berkeley DB can use internal shared memory locking for
5268		its memory pool.  Closing a map opened by another process
5269		will interfere with the shared memory and locks of the
5270		parent process leaving things in a bad state.  For
5271		Berkeley DB, only close the map if the current process
5272		is also the one that opened the map, otherwise only close
5273		the map file descriptor.  Thanks to Yoseff Francus of
5274		Collective Technologies for volunteering his system for
5275		extended testing.
5276	Avoid null pointer dereference on XDEBUG output for SMTP reply
5277		failures.  Problem noted by Carlos Canau of EUnet Portugal.
5278	On mailq and hoststat listings being piped to another program, such
5279		as more, if the pipe closes (i.e., the user quits more),
5280		stop sending output and exit.  Patch from Allan E Johannesen
5281		of Worcester Polytechnic Institute.
5282	In accordance with the documentation, LDAP map lookup failures
5283		are now considered temporary failures instead of permanent
5284		failures unless the -t flag is used in the map definition.
5285		Problem noted by Booker Bense of Stanford University and
5286		Eric C. Hagberg of Morgan Stanley.
5287	Fix by one error reporting on long alias names.  Problem noted by
5288		H. Paul Hammann of the Missouri Research and Education
5289		Network.
5290	Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior.  Problem
5291		noted by Barry S. Finkel of Argonne National Laboratory.
5292	When automatically converting from 8 bit to quoted printable MIME,
5293		be careful not to miss a multi-part boundary if that
5294		boundary is preceded by a boundary-like line.  Problem
5295		noted by Andreas Raschle of Ansid Inc.  Fix from
5296		Kari Hurtta of the Finnish Meteorological Institute.
5297	Avoid bogus reporting of "LMTP tobuf overflow" when the buffer
5298		has enough space for the additional address.  Problem
5299		noted by Steve Cliffe of the University of Wollongong.
5300	Fix DontBlameSendmail=FileDeliveryToSymlink behavior.  Problem
5301		noted by Alex Vorobiev of Swarthmore College.
5302	If the check_compat ruleset resolves to the $#discard mailer,
5303		discard the current recipient.  Unlike check_relay,
5304		check_mail, and check_rcpt, the entire envelope is not
5305		discarded.  Problem noted by RZ D. Rahlfs.  Fix from
5306		Claus Assmann of Christian-Albrechts-University of Kiel.
5307	Avoid segmentation fault when reading ServiceSwitchFile files with
5308		bogus formatting.  Patch from Kari Hurtta of the Finnish
5309		Meteorological Institute.
5310	Support Berkeley DB 2.6.4 API change.
5311	OP.ME: Pages weren't properly output on duplexed printers.  Fix
5312		from Matthew Black of CSU Long Beach.
5313	Portability:
5314		Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc.
5315		Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase
5316			option structure.  Problem noted by Ashley M.
5317			Kirchner of Photo Craft Laboratories, Inc.
5318		Break out IP address to hostname translation for
5319			reading network interface addresses into
5320			class 'w'.  Patch from John Kennedy of
5321			Cal State University, Chico.
5322		AIX 4.x use -qstrict with -O3 to prevent the optimized
5323			from changing the semantics of the compiled
5324			program.  From Simon Travaglia of the
5325			University of Waikato, New Zealand.
5326		FreeBSD 2.2.2 and later support setusercontext().  From
5327			Peter Wemm of DIALix.
5328		FreeBSD 3.x fix from Peter Wemm of DIALix.
5329		IRIX 5.x has a syslog buffer size of 512 bytes.  From
5330			Nao NINOMIYA of Utsunomiya University.
5331		IRIX 6.5 64-bit Build support.
5332		LDAP Version 3 support from John Beck and Ravi Iyer
5333			of Sun Microsystems.
5334		Linux does not implement seteuid() properly.  From
5335			John Kennedy of Cal State University, Chico.
5336		Linux timezone type was set improperly.  From Takeshi Itoh
5337			of Bits Co., Ltd.
5338		NCR MP-RAS 3.x needs -lresolv for confLIBS.  From
5339			Tom J. Moore of NCR.
5340		NeXT 4.x correction to man page path.  From J. P. McCann
5341			of E I A.
5342		System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs)
5343			from Paul Gampe of the Asia Pacific Network
5344			Information Center.
5345		ULTRIX now requires an optimization limit of 970 from
5346			Allan E Johannesen of Worcester Polytechnic
5347			Institute.
5348		Fix extern declaration for sm_dopr().  Fix from Henk
5349			van Oers of Algemeen Nederlands Persbureau.
5350	CONFIG: Catch @hostname,user@anotherhost.domain as relaying.
5351		Problem noted by Mark Rogov of AirMedia, Inc.  Fix from
5352		Claus Assmann of Christian-Albrechts-University of Kiel.
5353	CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as
5354		there are multiple RBL's available and the MAPS RBL may
5355		not be the one in use.  Suggested by Alan Brown of
5356		Manawatu Internet Services.
5357	CONFIG: Properly strip route addresses (i.e., @host1:user@host2)
5358		when stripping down a recipient address to check for
5359		relaying.  Patch from Claus Assmann of
5360		Christian-Albrechts-University of Kiel and Neil W Rickert
5361		of Northern Illinois University.
5362	CONFIG: Allow the access database to override RBL lookups.  Patch
5363		from Claus Assmann of Christian-Albrechts-University of
5364		Kiel.
5365	CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch
5366		Dot Com.
5367	CONFIG: Fixed check for deferred delivery mode warning.  Patch
5368		from Claus Assmann of Christian-Albrechts-University of
5369		Kiel and Per Hedeland of Ericsson.
5370	CONFIG: If a recipient using % addressing is used, e.g.
5371		user%site@othersite, and othersite's MX records are now
5372		checked for local hosts if FEATURE(relay_based_on_MX) is
5373		used.  Problem noted by Alexander Litvin of Lucky Net Ltd.
5374		Patch from Alexander Litvin of Lucky Net Ltd and
5375		Claus Assmann of Christian-Albrechts-University of Kiel.
5376	MAIL.LOCAL: Prevent warning messages from appearing in the LMTP
5377		stream.  Do not allow more than one response per recipient.
5378	MAIL.LOCAL: Handle routed addresses properly when using LMTP.  Fix
5379		from John Beck of Sun Microsystems.
5380	MAIL.LOCAL: Properly check for CRLF when using LMTP.  Fix from
5381		John Beck of Sun Microsystems.
5382	MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in
5383		the envelope From header.
5384	MAIL.LOCAL: Accept underscores in hostnames in LMTP mode.
5385		Problem noted by Glenn A. Malling of Syracuse University.
5386	MAILSTATS: Document msgsrej and msgsdis fields in the man page.
5387		Problem noted by Richard Wong of Princeton University.
5388	MAKEMAP: Build group list so group writable files are allowed with
5389		the -s flag.  Problem noted by Curt Sampson of Internet
5390		Portal Services, Inc.
5391	PRALIASES: Automatically handle alias files created without the
5392		NULL byte at the end of the key.  Patch from John Beck of
5393		Sun Microsystems.
5394	PRALIASES: Support Berkeley DB 2.6.4 API change.
5395	New Files:
5396		BuildTools/OS/IRIX64.6.5
5397		BuildTools/OS/UnixWare.5.i386
5398		cf/ostype/unixware7.m4
5399		contrib/smcontrol.pl
5400		src/control.c
5401
54028.9.1/8.9.1	1998/07/02
5403	If both an OS specific site configuration file and a generic
5404		site.config.m4 file existed, only the latter was used
5405		instead of both.  Problem noted by Geir Johannessen of
5406		the Norwegian University of Science and Technology.
5407	Fix segmentation fault while converting 8 bit to 7 bit MIME
5408		multipart messages by trying to write to an unopened
5409		file descriptor.  Fix from Kari Hurtta of the Finnish
5410		Meteorological Institute.
5411	Do not assume Message: and Text: headers indicate the end of
5412		the header area when parsing MIME headers.  Problem noted
5413		by Kari Hurtta of the Finnish Meteorological Institute.
5414	Setting the confMAN#SRC Build variable would only effect the
5415		installation commands.  The man pages would still be
5416		built with .0 extensions.  Problem noted by Bryan
5417		Costales of InfoBeat, Inc.
5418	Installation of manual pages didn't honor the DESTDIR environment
5419		variable.  Problem noted by Bryan Costales of InfoBeat, Inc.
5420	If the check_relay ruleset resolved to the discard mailer, messages
5421		were still delivered.  Problem noted by Mirek Luc of NASK.
5422	Mail delivery to files would fail with an Operating System Error
5423		if sendmail was not running as root, i.e., RunAsUser was set.
5424		Problem noted by Leonard N. Zubkoff of Dandelion Digital.
5425	Prevent MinQueueAge from interfering from queued items created
5426		in the future, i.e., if the system clock was set ahead
5427		and then back.  Problem noted by Michael Miller of the
5428		University of Natal, Pietermaritzburg.
5429	Do not advertise ETRN support in ESTMP EHLO reply if noetrn is
5430		set in the PrivacyOptions option.  Fix from Ted Rule of
5431		Flextech TV.
5432	Log invalid persistent host status file lines instead of
5433		bouncing the message.  Problem noted by David Lindes of
5434		DaveLtd Enterprises.
5435	Move creation of empty sendmail.st file from installation to
5436		compilation.  Installation may be done from a read-only
5437		mount.  Fix from Bryan Costales of InfoBeat, Inc. and Ric
5438		Anderson of the Oasis Research Center, Inc.
5439	Enforce the maximum number of User Database entries limit.  Problem
5440		noted by Gary Buchanan of Credence Systems Inc.
5441	Allow dead.letter files in root's home directory.  Problem noted
5442		by Anna Ullman of Sun Microsystems.
5443	Program deliveries in forward files could be marked unsafe if
5444		any directory listed in the ForwardPath option did not
5445		exist.  Problem noted by Jorg Bielak of Coastal Web Online.
5446	Do not trust the length of the address structure returned by
5447		gethostbyname().  Problem noted by Chris Evans of Oxford
5448		University.
5449	If the SIZE= MAIL From: ESMTP parameter is too large, use the
5450		5.3.4 DSN status code instead of 5.2.2.  Similarly, for
5451		non-local deliveries, if the message is larger than the
5452		mailer maximum message size, use 5.3.4 instead of 5.2.3.
5453		Suggested by Antony Bowesman of
5454		Fujitsu/TeaWARE Mail/MIME System.
5455	Portability:
5456		Fix the check for an IP address reverse lookup for
5457			use in $&{client_name} on 64 bit platforms.
5458			From Gilles Gallot of Institut for Development
5459			and Resources in Intensive Scientific computing.
5460		BSD-OS uses .0 for man page extensions.  From Jeff Polk
5461			of BSDI.
5462		DomainOS detection for Build.  Also, version 10.4 and later
5463			ship a unistd.h.  Fixes from Takanobu Ishimura of
5464			PICT Inc.
5465		NeXT 4.x uses /usr/lib/man/cat for its man pages.  From
5466			J. P. McCann of E I A.
5467		SCO 4.X and 5.X include NDBM support.  From Vlado Potisk
5468			of TEMPEST, Ltd.
5469	CONFIG: Do not pass spoofed PTR results through resolver for
5470		qualification.  Problem noted by Michiel Boland of
5471		Digital Valley Internet Professionals; fix from
5472		Kari Hurtta of the Finnish Meteorological Institute.
5473	CONFIG: Do not try to resolve non-DNS hostnames such as UUCP,
5474		BITNET, and DECNET addresses for resolvable senders.
5475		Problem noted by Alexander Litvin of Lucky Net Ltd.
5476	CONFIG: Work around Sun's broken configuration which sends bounce
5477		messages as coming from @@hostname instead of <>.  LMTP
5478		would not accept @@hostname.
5479	OP.ME: Corrections to complex sendmail startup script from Rick
5480		Troxel of the National Institutes of Health.
5481	RMAIL: Do not install rmail by default, require 'make force-install'
5482		as this rmail isn't the same as others.  Suggested by
5483		Kari Hurtta of the Finnish Meteorological Institute.
5484	New Files:
5485		BuildTools/OS/DomainOS.10.4
5486
54878.9.0/8.9.0	1998/05/19
5488	SECURITY: To prevent users from reading files not normally
5489		readable, sendmail will no longer open forward, :include:,
5490		class, ErrorHeader, or HelpFile files located in unsafe
5491		(i.e., group or world writable) directory paths.  Sites
5492		which need the ability to override security can use the
5493		DontBlameSendmail option.  See the README file for more
5494		information.
5495	SECURITY: Problems can occur on poorly managed systems, specifically,
5496		if maps or alias files are in world writable directories.
5497		This fixes the change added to 8.8.6 to prevent links in these
5498		world writable directories.
5499	SECURITY: Make sure ServiceSwitchFile option file is not a link if
5500		it is in a world writable directory.
5501	SECURITY: Never pass a tty to a mailer -- if a mailer can get at the
5502		tty it may be able to push bytes back to the senders input.
5503		Unfortunately this breaks -v mode.  Problem noted by
5504		Wietse Venema of the Global Security Analysis Lab at
5505		IBM T.J. Watson Research.
5506	SECURITY: Empty group list if DontInitGroups is set to true to
5507		prevent program deliveries from picking up extra group
5508		privileges.  Problem reported by Wolfgang Ley of DFN-CERT.
5509	SECURITY: The default value for DefaultUser is now set to the uid and
5510		gid of the first existing user mailnull, sendmail, or daemon
5511		that has a non-zero uid.  If none of these exist, sendmail
5512		reverts back to the old behavior of using uid 1 and gid 1.
5513		This is a security problem for Linux which has chosen that
5514		uid and gid for user bin instead of daemon.  If DefaultUser
5515		is set in the configuration file, that value overrides this
5516		default.
5517	SECURITY: Since 8.8.7, the check for non-set-user-ID binaries
5518		interfered with setting an alternate group id for the
5519		RunAsUser option.  Problem noted by Randall Winchester of
5520		the University of Maryland.
5521	Add support for Berkeley DB 2.X.  Based on patch from John Kennedy
5522		of Cal State University, Chico.
5523	Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB).  Users
5524		which previously defined OLD_NEWDB=1 must now upgrade to the
5525		current version of Berkeley DB.
5526	Added support for regular expressions using the new map class regex.
5527		From Jan Krueger of Unix-AG of University of Hannover.
5528	Support for BIND 8.1.1's hesiod for hesiod maps and hesiod
5529		UserDatabases from Randall Winchester of the University
5530		of Maryland.
5531	Allow any shell for user shell on program deliveries on V1
5532		configurations for backwards compatibility on machines which
5533		do not have getusershell().  Fix from John Beck of Sun
5534		Microsystems.
5535	On operating systems which change the process title by reusing the
5536		argument vector memory, sendmail could corrupt memory if the
5537		last argument was either "-q" or "-d".  Problem noted by
5538		Frank Langbein of the University of Stuttgart.
5539	Support Local Mail Transfer Protocol (LMTP) between sendmail and
5540		mail.local on the F=z flag.
5541	Macro-expand the contents of the ErrMsgFile.  Previously this was
5542		only done if you had magic characters (0x81) to indicate
5543		macro expansion.  Now $x will be expanded.  This means that
5544		real dollar signs have to be backslash escaped.
5545	TCP Wrappers expects "unknown" in the hostname argument if the
5546		reverse DNS lookup for the incoming connection fails.
5547		Problem noted by Randy Grimshaw of Syracuse University and
5548		Wietse Venema of the Global Security Analysis Lab at
5549		IBM T.J. Watson Research.
5550	DSN success bounces generated from an invocation of sendmail -t
5551		would be sent to both the sender and MAILER-DAEMON.
5552		Problem noted by Claus Assmann of
5553		Christian-Albrechts-University of Kiel.
5554	Avoid "Error 0" messages on delivery mailers which exit with a
5555		valid exit value such as EX_NOPERM.  Fix from Andreas Luik
5556		of ISA Informationssysteme GmbH.
5557	Tokenize $&x expansions on right hand side of rules.  This eliminates
5558		the need to use tricks like $(dequote "" $&{client_name} $)
5559		to cause the ${client_name} macro to be properly tokenized.
5560	Add the MaxRecipientsPerMessage option: this limits the number of
5561		recipients that will be accepted in a single SMTP
5562		transaction.  After this number is reached, sendmail
5563		starts returning "452 Too many recipients" to all RCPT
5564		commands.  This can be used to limit the number of recipients
5565		per envelope (in particular, to discourage use of the server
5566		for spamming).  Note: a better approach is to restrict
5567		relaying entirely.
5568	Fixed pointer initialization for LDAP lmap struct, fixed -s option
5569		to ldapx map and added timeout for ldap_open call to
5570		avoid hanging sendmail in the event of hung LDAP servers.
5571		Patch from Booker Bense of Stanford University.
5572	Allow multiple -qI, -qR, or -qS queue run limiters.  For example,
5573		'-qRfoo -qRbar' would deliver mail to recipients with foo or
5574		bar in their address.  Patch from Allan E Johannesen of
5575		Worcester Polytechnic Institute.
5576	The bestmx map will now return a list of the MX servers for a host if
5577		passed a column delimiter via the -z map flag.  This can be
5578		used to check if the server is an MX server for the recipient
5579		of a message.  This can be used to help prevent relaying.
5580		Patch from Mitchell Blank Jr of Exec-PC.
5581	Mark failures for the *file* mailer and return bounce messages to the
5582		sender for those failures.
5583	Prevent bogus syslog timestamps on errors in sendmail.cf by
5584		preserving the TZ environment variable until TimeZoneSpec
5585		has been determined.  Problem noted by Ralf Hildebrandt of
5586		Technical University of Braunschweig.  Patch from Per Hedeland
5587		of Ericsson.
5588	Print test input in address test mode when input is not from the tty
5589		when the -v flag is given (i.e., sendmail -bt -v) to make
5590		output easier to decipher.  Problem noted by Aidan Nichol
5591		of Procter & Gamble.
5592	The LDAP map -s flag was not properly parsed and the error message
5593		given included the remainder of the arguments instead of
5594		solely the argument in error.  Problem noted by Aidan Nichol
5595		of Procter & Gamble.
5596	New DontBlameSendmail option.  This option allows administrators to
5597		bypass some of sendmail's file security checks at the expense
5598		of system security.  This should only be used if you are
5599		absolutely sure you know the consequences.  The available
5600		DontBlameSendmail options are:
5601			Safe
5602			AssumeSafeChown
5603			ClassFileInUnsafeDirPath
5604			ErrorHeaderInUnsafeDirPath
5605			GroupWritableDirPathSafe
5606			GroupWritableForwardFileSafe
5607			GroupWritableIncludeFileSafe
5608			GroupWritableAliasFile
5609			HelpFileinUnsafeDirPath
5610			WorldWritableAliasFile
5611			ForwardFileInGroupWritableDirPath
5612			IncludeFileInGroupWritableDirPath
5613			ForwardFileInUnsafeDirPath
5614			IncludeFileInUnsafeDirPath
5615			ForwardFileInUnsafeDirPathSafe
5616			IncludeFileInUnsafeDirPathSafe
5617			MapInUnsafeDirPath
5618			LinkedAliasFileInWritableDir
5619			LinkedClassFileInWritableDir
5620			LinkedForwardFileInWritableDir
5621			LinkedIncludeFileInWritableDir
5622			LinkedMapInWritableDir
5623			LinkedServiceSwitchFileInWritableDir
5624			FileDeliveryToHardLink
5625			FileDeliveryToSymLink
5626			WriteMapToHardLink
5627			WriteMapToSymLink
5628			WriteStatsToHardLink
5629			WriteStatsToSymLink
5630			RunProgramInUnsafeDirPath
5631			RunWritableProgram
5632	New DontProbeInterfaces option to turn off the inclusion of all the
5633		interface names in $=w on startup.  In particular, if you
5634		have lots of virtual interfaces, this option will speed up
5635		startup.  However, unless you make other arrangements, mail
5636		sent to those addresses will be bounced.
5637	Automatically create alias databases if they don't exist and
5638		AutoRebuildAliases is set.
5639	Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command.
5640		Suggested by Christophe Wolfhugel of the Institut Pasteur.
5641	Add PrivacyOptions=noverb flag to disable the SMTP VERB command.
5642	When determining the client host name ($&{client_name} macro), do
5643		a forward (A) DNS lookup on the result of the PTR lookup
5644		and compare results.  If they differ or if the PTR lookup
5645		fails, &{client_name} will contain the IP address
5646		surrounded by square brackets (e.g., [127.0.0.1]).
5647	New map flag: -Tx appends "x" to lookups that return temporary failure
5648		(i.e, it is like -ax for the temporary failure case, in
5649		contrast to the success case).
5650	New syntax to do limited checking of header syntax.  A config line
5651		of the form:
5652			HHeader: $>Ruleset
5653		causes the indicated Ruleset to be invoked on the Header
5654		when read.  This ruleset works like the check_* rulesets --
5655		that is, it can reject mail on the basis of the contents.
5656	Limit the size of the HELO/EHLO parameter to prevent spammers
5657		from hiding their connection information in Received:
5658		headers.
5659	When SingleThreadDelivery is active, deliveries to locked hosts
5660		are skipped.  This will cause the delivering process to
5661		try the next MX host or queue the message if no other MX
5662		hosts are available.  Suggested by Alexander Litvin.
5663	The [FILE] mailer type now delivers to the file specified in the
5664		A= equate of the mailer definition instead of $u.  It also
5665		obeys all of the F= mailer flags such as the MIME
5666		7/8 bit conversion flags.  This is useful for defining
5667		a mailer which delivers to the same file regardless of the
5668		recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail).
5669	Do not assume the identity of a remote connection is root@localhost
5670		if the remote connection closes the socket before the
5671		remote identity can be queried.
5672	Change semantics of the F=S mailer flag back to 8.7.5 behavior.
5673		Some mailers, including procmail, require that the real
5674		uid is left unchanged by sendmail.  Problem noted by Per
5675		Hedeland of Ericsson.
5676	No longer is the src/obj*/Makefile selected from a large list -- it
5677		is now generated using the information in BuildTools/OS/ --
5678		some of the details are determined dynamically via
5679		BuildTools/bin/configure.sh.
5680	The other programs in the sendmail distribution -- mail.local,
5681		mailstats, makemap, praliases, rmail, and smrsh -- now use
5682		the new Build method which creates an operating system
5683		specific Makefile using the information in BuildTools.
5684	Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e.,
5685		a failure on one message won't affect future messages to the
5686		same host).  This is necessary if the remote host sends
5687		a 451 error if the domain of the sender does not resolve
5688		as is common in anti-spam configurations.  Problem noted
5689		by Mitchell Blank Jr of Exec-PC.
5690	New "discard" mailer for check_* rulesets and header checking
5691		rulesets.  If one of the above rulesets resolves to the
5692		$#discard mailer, the commands will be accepted but the
5693		message will be completely discarded after it is accepting.
5694		This means that even if only one of the recipients
5695		resolves to the $#discard mailer, none of the recipients
5696		will receive the mail.  Suggested by Brian Kantor.
5697	All but the last cloned envelope of a split envelope were queued
5698		instead of being delivered.  Problem noted by John Caruso
5699		of CNET: The Computer Network.
5700	Fix deadlock situation in persistent host status file locking.
5701	Syslog an error if a user forward file could not be read due to
5702		an error.  Patch from John Beck of Sun Microsystems.
5703	Use the first name returned on machine lookups when canonifying a
5704		hostname via NetInfo.  Patch from Timm Wetzel of GWDG.
5705	Clear the $&{client_addr}, $&{client_name}, and $&{client_port}
5706		macros when delivering a bounce message to prevent
5707		rejection by a check_compat ruleset which uses these macros.
5708		Problem noted by Jens Hamisch of AgiX Internetservices GmbH.
5709	If the check_relay ruleset resolves to the the error mailer, the
5710		error in the $: portion of the resolved triplet is used
5711		in the rejection message given to the remote machine.
5712		Suggested by Scott Gifford of The Internet Ramp.
5713	Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros
5714		before calling the check_relay ruleset.  Suggested by Scott
5715		Gifford of The Internet Ramp.
5716	Sendmail would get a segmentation fault if a mailer exited with an
5717		exit code of 79.  Problem noted by Aaron Schrab of ExecPC
5718		Internet.  Fix from Christophe Wolfhugel of the Pasteur
5719		Institute.
5720	Separate snprintf/vsnprintf routines into separate file for use by
5721		mail.local.
5722	Allow multiple map lookups on right hand side, e.g.,
5723		R$*	$( host $1 $) $| $( passwd $1 $).  Patch from
5724		Christophe Wolfhugel of the Pasteur Institute.
5725	Properly generate success DSN messages if requested for aliases
5726		which have owner- aliases.  Problem noted by Kari Hurtta
5727		of the Finnish Meteorological Institute.
5728	Properly display delayed-expansion macros ($&{macroname}) in
5729		address test mode (-bt).  Problem noted by Bryan Costales
5730		of InfoBeat, Inc.
5731	-qR could sometimes match names incorrectly.  Problem noted by
5732		Lutz Euler of Lavielle EDV Systemberatung GmbH & Co.
5733	Include a magic number and version in the StatusFile for the
5734		mailstats command.
5735	Record the number of rejected and discarded messages in the
5736		StatusFile for display by the mailstats command.  Patch
5737		from Randall Winchester of the University of Maryland.
5738	IDENT returns where the OSTYPE field equals "OTHER" now list the
5739		user portion as IDENT:username@site instead of
5740		username@site to differentiate the two.  Suggested by
5741		Kari Hurtta of the Finnish Meteorological Institute.
5742	Enforce timeout for LDAP queries.  Patch from Per Hedeland of
5743		Ericsson.
5744	Change persistent host status filename substitution so '/' is
5745		replaced by ':' instead of '|' to avoid clashes.  Also
5746		avoid clashes with hostnames with leading dots.  Fix from
5747		Mitchell Blank Jr. of Exec-PC.
5748	If the system lock table is full, only attempt to create a new
5749		queue entry five times before giving up.  Previously, it
5750		was attempted indefinitely which could cause the partition
5751		to run out of inodes.  Problem noted by Suzie Weigand of
5752		Stratus Computer, Inc.
5753	In verbose mode, warn if the sendmail.cf version is less than the
5754		currently supported version.
5755	Sorting for QueueSortOrder=host is now case insensitive.  Patch
5756		from Randall S. Winchester of the University of Maryland.
5757	Properly quote a full name passed via the -F command line option,
5758		the Full-Name: header, or the NAME environment variable if
5759		it contains characters which must be quoted.  Problem noted
5760		by Kari Hurtta of the Finnish Meteorological Institute.
5761	Avoid possible race condition that unlocked a mail job before
5762		releasing the transcript file on systems that use flock(2).
5763		In some cases, this might result in a "Transcript Unavailable"
5764		message in error bounces.
5765	Accept SMTP replies which contain only a reply code and no
5766		accompanying text.  Problem noted by Fernando Fraticelli of
5767		Digital Equipment Corporation.
5768	Portability:
5769		AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura
5770			of Kyoto University.
5771		AIX 4.2 requires <userpw.h> before <usersec.h>.  Patch from
5772			Randall S. Winchester of the University of
5773			Maryland.
5774		AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS.
5775		CRAY T3E from Manu Mahonen of Center for Scientific Computing
5776			in Finland.
5777		Digital UNIX now uses statvfs for determining free
5778			disk space.  Patch from Randall S. Winchester of
5779			the University of Maryland.
5780		HP-UX 11.x from Richard Allen of Opin Kerfi HF and
5781			Regis McEwen of Progress Software Corporation.
5782		IRIX 64 bit fixes from Kari Hurtta of the Finnish
5783			Meteorological Institute.
5784		IRIX 6.2 configuration fix for mail.local from Michael Kyle
5785			of CIC/Advanced Computing Laboratory.
5786		IRIX 6.5 from Thomas H Jones II of SGI.
5787		IRIX 6.X load average code from Bob Mende of SGI.
5788		QNX from Glen McCready <glen@qnx.com>.
5789		SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links
5790			to sendmail.  Install with group bin instead of kmem
5791			as kmem does not exist.  From Guillermo Freige of
5792			Gobernacion de la Pcia de Buenos Aires and Paul
5793			Fischer of BTG, Inc.
5794		SunOS 4.X does not include memmove().  Patch from
5795			Per Hedeland of Ericsson.
5796		SunOS 5.7 includes getloadavg() function for determining
5797			load average.  Patch from John Beck of Sun
5798			Microsystems.
5799	CONFIG: Increment version number of config file.
5800	CONFIG: add DATABASE_MAP_TYPE to set the default type of database
5801		map for the various maps.  The default is hash.  Patch from
5802		Robert Harker of Harker Systems.
5803	CONFIG: new confEBINDIR m4 variable for defining the executable
5804		directory for certain programs.
5805	CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for
5806		local mail delivery.  By the default, /usr/libexec/mail.local
5807		is used.  This is expected to be the mail.local shipped
5808		with 8.9 which is LMTP capable.  The path is based on the
5809		new confEBINDIR m4 variable.
5810	CONFIG: Use confEBINDIR in determining path to smrsh for
5811		FEATURE(smrsh).  Note that this changes the default from
5812		/usr/local/etc/smrsh to /usr/libexec/smrsh.  To obtain the
5813		old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh).
5814	CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to
5815		include $z/.forward.$w+$h and $z/.forward+$h which allow
5816		the user to setup different .forward files for
5817		user+detail addressing.
5818	CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES,
5819		and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage,
5820		DontProbeInterfaces, and DontBlameSendmail options.
5821	CONFIG: by default do not allow relaying (that is, accepting mail
5822		from outside your domain and sending it to another host
5823		outside your domain).
5824	CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from
5825		any site to any site.
5826	CONFIG: new FEATURE(relay_entire_domain) allows any host in your
5827		domain as defined by the 'm' class ($=m) to relay.
5828	CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on
5829		the MX records of the host portion of an incoming recipient.
5830	CONFIG: new FEATURE(access_db) which turns on the access database
5831		feature.  This database gives you the ability to allow
5832		or refuse to accept mail from specified domains for
5833		administrative reasons.  By default, names that are listed
5834		as "OK" in the access db are domain names, not host names.
5835	CONFIG: new confCR_FILE m4 variable for defining the name of the file
5836		used for class 'R'.  Defaults to /etc/mail/relay-domains.
5837	CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file)
5838		to add items to class 'R' ($=R) for hosts allowed to relay.
5839	CONFIG: new FEATURE(relay_hosts_only) to change the behavior
5840		of FEATURE(access_db) and class 'R' to lookup individual
5841		host names only.
5842	CONFIG: new FEATURE(loose_relay_check).  Normally, if a recipient
5843		using % addressing is used, e.g.  user%site@othersite,
5844		and othersite is in class 'R', the check_rcpt ruleset
5845		will strip @othersite and recheck user@site for relaying.
5846		This feature changes that behavior.  It should not be
5847		needed for most installations.
5848	CONFIG: new FEATURE(relay_local_from) to allow relaying if the
5849		domain portion of the mail sender is a local host.  This
5850		should only be used if absolutely necessary as it opens
5851		a window for spammers.  Patch from Randall S. Winchester of
5852		the University of Maryland.
5853	CONFIG: new FEATURE(blacklist_recipients) turns on the ability to
5854		block incoming mail destined for certain recipient
5855		usernames, hostnames, or addresses.
5856	CONFIG: By default, MAIL FROM: commands in the SMTP session will be
5857		refused if the host part of the argument to MAIL FROM: cannot
5858		be located in the host name service (e.g., DNS).
5859	CONFIG: new FEATURE(accept_unresolvable_domains) accepts
5860		unresolvable hostnames in MAIL FROM: SMTP commands.
5861	CONFIG: new FEATURE(accept_unqualified_senders) accepts
5862		MAIL FROM: senders which do not include a domain.
5863	CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the
5864		Realtime Blackhole List.  You can specify the RBL name
5865		server to contact by specifying it as an optional argument.
5866		The default is rbl.maps.vix.com.  For details, see
5867		http://maps.vix.com/rbl/.
5868	CONFIG: Call Local_check_relay, Local_check_mail, and
5869		Local_check_rcpt from check_relay, check_mail, and
5870		check_rcpt.  Users with local rulesets should place the
5871		rules using LOCAL_RULESETS.  If a Local_check_* ruleset
5872		returns $#OK, the message is accepted.  If the ruleset
5873		returns a mailer, the appropriate action is taken, else
5874		the return of the ruleset is ignored.
5875	CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by
5876		default to support file, :include:, and program deliveries.
5877	CONFIG: Remove the default for confDEF_USER_ID so the binary can
5878		pick the proper default value.  See the SECURITY note
5879		above for more information.
5880	CONFIG: FEATURE(nodns) now warns the user that the feature is a
5881		no-op.  Patch from Kari Hurtta of the Finnish
5882		Meteorological Institute.
5883	CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to
5884		daemon since DEC's /bin/mail will drop the envelope
5885		sender if run as mailnull.  See the Digital UNIX section
5886		of src/README for more information.  Problem noted by
5887		Kari Hurtta of the Finnish Meteorological Institute.
5888	CONFIG: .cf files are now stored in the same directory with the
5889		.mc files instead of in the obj directory.
5890	CONFIG: New options confSINGLE_LINE_FROM_HEADER,
5891		confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for
5892		setting SingleLineFromHeader, AllowBogusHELO, and
5893		MustQuoteChars respectively.
5894	MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout.  This
5895		SMTP-like protocol allows detailed reporting of delivery
5896		status on a per-user basis.  Code donated by John Myers of
5897		CMU (now of Netscape).
5898	MAIL.LOCAL: HP-UX support from Randall S. Winchester of the
5899		University of Maryland.  NOTE: mail.local is not
5900		compatible with the stock HP-UX mail format.  Be sure to
5901		read mail.local/README.
5902	MAIL.LOCAL: Prevent other mail delivery agents from stealing a
5903		mailbox lock.  Patch from Randall S. Winchester of the
5904		University of Maryland.
5905	MAIL.LOCAL: glibc portability from John Kennedy of Cal State
5906		University, Chico.
5907	MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish
5908		Meteorological Institute.
5909	MAILSTATS: Display the number of rejected and discarded messages
5910		in the StatusFile.  Patch from Randall Winchester of the
5911		University of Maryland.
5912	MAKEMAP: New -s flag to ignore safety checks on database map files
5913		such as linked files in world writable directories.
5914	MAKEMAP: Add support for Berkeley DB 2.X.  Remove OLD_NEWDB support.
5915	PRALIASES: Add support for Berkeley DB 2.X.
5916	PRALIASES: Do not automatically include NDBM support.  Problem
5917		noted by Ralf Hildebrandt of the Technical University of
5918		Braunschweig.
5919	RMAIL: Improve portability for other platforms.  Patches from
5920		Randall S. Winchester of the University of Maryland and
5921		Kari Hurtta of the Finnish Meteorological Institute.
5922	Changed Files:
5923		src/Makefiles/Makefile.* files have been modified to use
5924			the new build mechanism and are now BuildTools/OS/*.
5925		src/makesendmail changed to symbolic link to src/Build.
5926	New Files:
5927		BuildTools/M4/header.m4
5928		BuildTools/M4/depend/BSD.m4
5929		BuildTools/M4/depend/CC-M.m4
5930		BuildTools/M4/depend/NCR.m4
5931		BuildTools/M4/depend/Solaris.m4
5932		BuildTools/M4/depend/X11.m4
5933		BuildTools/M4/depend/generic.m4
5934		BuildTools/OS/AIX.4.2
5935		BuildTools/OS/AIX.4.x
5936		BuildTools/OS/CRAYT3E.2.0.x
5937		BuildTools/OS/HP-UX.11.x
5938		BuildTools/OS/IRIX.6.5
5939		BuildTools/OS/NEXTSTEP.4.x
5940		BuildTools/OS/NeXT.4.x
5941		BuildTools/OS/NetBSD.8.3
5942		BuildTools/OS/QNX
5943		BuildTools/OS/SunOS.5.7
5944		BuildTools/OS/dcosx.1.x.NILE
5945		BuildTools/README
5946		BuildTools/Site/README
5947		BuildTools/bin/Build
5948		BuildTools/bin/configure.sh
5949		BuildTools/bin/find_m4.sh
5950		BuildTools/bin/install.sh
5951		Makefile
5952		cf/cf/Build
5953		cf/cf/generic-hpux10.cf
5954		cf/feature/accept_unqualified_senders.m4
5955		cf/feature/accept_unresolvable_domains.m4
5956		cf/feature/access_db.m4
5957		cf/feature/blacklist_recipients.m4
5958		cf/feature/loose_relay_check.m4
5959		cf/feature/local_lmtp.m4
5960		cf/feature/promiscuous_relay.m4
5961		cf/feature/rbl.m4
5962		cf/feature/relay_based_on_MX.m4
5963		cf/feature/relay_entire_domain.m4
5964		cf/feature/relay_hosts_only.m4
5965		cf/feature/relay_local_from.m4
5966		cf/ostype/qnx.m4
5967		contrib/doublebounce.pl
5968		mail.local/Build
5969		mail.local/Makefile.m4
5970		mail.local/README
5971		mailstats/Build
5972		mailstats/Makefile.m4
5973		makemap/Build
5974		makemap/Makefile.m4
5975		praliases/Build
5976		praliases/Makefile.m4
5977		rmail/Build
5978		rmail/Makefile.m4
5979		rmail/rmail.0
5980		smrsh/Build
5981		smrsh/Makefile.m4
5982		src/Build
5983		src/Makefile.m4
5984		src/snprintf.c
5985	Deleted Files:
5986		cf/cf/Makefile (replaced by Makefile.dist)
5987		mail.local/Makefile
5988		mail.local/Makefile.dist
5989		mailstats/Makefile
5990		mailstats/Makefile.dist
5991		makemap/Makefile
5992		makemap/Makefile.dist
5993		praliases/Makefile
5994		praliases/Makefile.dist
5995		rmail/Makefile
5996		smrsh/Makefile
5997		smrsh/Makefile.dist
5998		src/Makefile
5999		src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2)
6000		src/Makefiles/Makefile.SMP_DC.OSx.NILE
6001			(renamed BuildTools/OS/dcosx.1.x.NILE)
6002		src/Makefiles/Makefile.Utah (obsolete platform)
6003	Renamed Files:
6004		READ_ME => README
6005		cf/cf/Makefile.dist => Makefile
6006		cf/cf/obj/* => cf/cf/*
6007		src/READ_ME => src/README
6008
60098.8.8/8.8.8	1997/10/24
6010	If the check_relay ruleset failed, the relay= field was logged
6011		incorrectly.  Problem noted by Kari Hurtta of the Finnish
6012		Meteorological Institute.
6013	If /usr/tmp/dead.letter already existed, sendmail could not
6014		add additional bounces to it.  Problem noted by Thomas J.
6015		Arseneault of SRI International.
6016	If an SMTP mailer used a non-standard port number for the outgoing
6017		connection, it would be displayed incorrectly in verbose mode.
6018		Problem noted by John Kennedy of Cal State University, Chico.
6019	Log the ETRN parameter specified by the client before altering them
6020		to internal form.  Suggested by Bob Kupiec of GES-Verio.
6021	EXPN and VRFY SMTP commands on malformed addresses were logging as
6022		User unknown with bogus delay= values.  Change them to log
6023		the same as compliant addresses.  Problem noted by Kari E.
6024		Hurtta of the Finnish Meteorological Institute.
6025	Ignore the debug resolver option unless using sendmail debug trace
6026		option for resolver.  Problem noted by Greg Nichols of Wind
6027		River Systems.
6028	If SingleThreadDelivery was enabled and the remote server returned a
6029		protocol error on the DATA command, the connection would be
6030		closed but the persistent host status file would not be
6031		unlocked so other sendmail processes could not deliver to
6032		that host.  Problem noted by Peter Wemm of DIALix.
6033	If queueing up a message due to an expensive mailer, don't increment
6034		the number of delivery attempts or set the last delivery
6035		attempt time so the message will be delivered on the next
6036		queue run regardless of MinQueueAge.  Problem noted by
6037		Brian J. Coan of the Institute for Global Communications.
6038	Authentication warnings of "Processed from queue _directory_" and
6039		"Processed by _username_ with -C _filename_" would be logged
6040		with the incorrect timestamp.  Problem noted by Kari E. Hurtta
6041		of the Finnish Meteorological Institute.
6042	Use a better heuristic for detecting GDBM.
6043	Log null connections on dropped connections.  Problem noted by
6044		Jon Lewis of Florida Digital Turnpike.
6045	If class dbm maps are rebuilt, sendmail will now detect this and
6046		reopen the map.  Previously, they could give stale
6047		results during a single message processing (but would
6048		recover when the next message was received).  Fix from
6049		Joe Pruett of Q7 Enterprises.
6050	Do not log failures such as "User unknown" on -bv or SMTP VRFY
6051		requests.  Problem noted by Kari E. Hurtta of the
6052		Finnish Meteorological Institute.
6053	Do not send a bounce message back to the sender regarding bad
6054		recipients if the SMTP connection is dropped before the
6055		message is accepted.  Problem noted by Kari E. Hurtta of the
6056		Finnish Meteorological Institute.
6057	Use "localhost" instead of "[UNIX: localhost]" when connecting to
6058		sendmail via a UNIX pipe.  This will allow rulesets using
6059		$&{client_name} to process without sending the string through
6060		dequote.  Problem noted by Alan Barrett of Internet Africa.
6061	A combination of deferred delivery mode, a double bounce situation,
6062		and the inability to save a bounce message to
6063		/var/tmp/dead.letter would cause sendmail to send a bounce
6064		to postmaster but not remove the offending envelope from the
6065		queue causing it to create a new bounce message each time the
6066		queue was run.  Problem noted by Brad Doctor of Net Daemons
6067		Associates.
6068	Remove newlines from hostname information returned via DNS.  There are
6069		no known security implications of newlines in hostnames as
6070		sendmail filters newlines in all vital areas; however, this
6071		could cause confusing error messages.
6072	Starting with sendmail 8.8.6, mail sent with the '-t' option would be
6073		rejected if any of the specified addresses were bad.  This
6074		behavior was modified to only reject the bad addresses and not
6075		the entire message.  Problem noted by Jozsef Hollosi of
6076		SuperNet, Inc.
6077	Use Timeout.fileopen when delivering mail to a file.  Suggested by
6078		Bryan Costales of InfoBeat, Inc.
6079	Display the proper Final-Recipient on DSN messages for non-SMTP
6080		mailers.  Problem noted by Kari E. Hurtta of the
6081		Finnish Meteorological Institute.
6082	An error in calculating the available space in the list of addresses
6083		for logging deliveries could cause an address to be silently
6084		dropped.
6085	Include the initial user environment if sendmail is restarted via
6086		a HUP signal.  This will give room for the process title.
6087		Problem noted by Jon Lewis of Florida Digital Turnpike.
6088	Mail could be delivered without a body if the machine does not
6089		support flock locking and runs out of processes during
6090		delivery.  Fix from Chuck Lever of the University of Michigan.
6091	Drop recipient address from 251 and 551 SMTP responses per RFC 821.
6092		Problem noted by Kari E. Hurtta of the Finnish Meteorological
6093		Institute.
6094	Make sure non-rebuildable database maps are opened before the
6095		rebuildable maps (i.e., alias files) in case the database maps
6096		are needed for verifying the left hand side of the aliases.
6097		Problem noted by Lloyd Parkes of Victoria University.
6098	Make sure sender RFC822 source route addresses are alias expanded for
6099		bounce messages.  Problem noted by Juergen Georgi of
6100		RUS University of Stuttgart.
6101	Minor lint fixes.
6102	Return a temporary error instead of a permanent error if an LDAP map
6103		search returns an error.  This will allow sequenced maps which
6104		use other LDAP servers to be checked.  Fix from Booker Bense
6105		of Stanford University.
6106	When automatically converting from quoted printable to 8bit text do
6107		not pad bare linefeeds with a space.  Problem noted by Theo
6108		Nolte of the University of Technology Aachen, Germany.
6109	Portability:
6110		Non-standard C compilers may have had a problem compiling
6111			conf.c due to a standard C external declaration of
6112			setproctitle().  Problem noted by Ted Roberts of
6113			Electronic Data Systems.
6114		AUX: has a broken O_EXCL implementation.  Reported by Jim
6115			Jagielski of jaguNET Access Services.
6116		BSD/OS: didn't compile if HASSETUSERCONTEXT was defined.
6117		Digital UNIX: Digital UNIX (and possibly others) moves
6118			loader environment variables into the loader memory
6119			area.  If one of these environment variables (such as
6120			LD_LIBRARY_PATH) was the last environment variable,
6121			an invalid memory address would be used by the process
6122			title routine causing memory corruption.  Problem
6123			noted by Sam Hartman of Mesa Internet Systems.
6124		GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused
6125			chownsafe() to always return 0 even if the OS does
6126			not permit file giveaways.  Problem noted by
6127			Yasutaka Sumi of The University of Tokyo.
6128		IRIX6: Syslog buffer size set to 512 bytes.  Reported by
6129			Gerald Rinske of Siemens Business Services VAS.
6130		Linux: Pad process title with NULLs.  Problem noted by
6131			Jon Lewis of Florida Digital Turnpike.
6132		SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an
6133			incorrect value for the number of interfaces.
6134			Problem noted by Chris Loelke of JetStream Internet
6135			Services.
6136		SINIX: Update for Makefile and syslog buffer size from Gerald
6137			Rinske of Siemens Business Services VAS.
6138		Solaris: Make sure HASGETUSERSHELL setting for SunOS is not
6139			used on a Solaris machine.  Problem noted by
6140			Stephen Ma of Jtec Pty Limited.
6141		CONFIG: SINIX: Update from Gerald Rinske of Siemens Business
6142			Services VAS.
6143	MAKEMAP: Use a better heuristic for detecting GDBM.
6144	CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff.
6145	OP.ME: Document the F=i mailer flag.  Problem noted by Per Hedeland of
6146			Ericsson.
6147
61488.8.7/8.8.7	1997/08/03
6149	If using Berkeley DB on systems without O_EXLOCK (open a file with
6150		an exclusive lock already set -- i.e., almost all systems
6151		except 4.4-BSD derived systems), the initial attempt at
6152		rebuilding aliases file if the database didn't already
6153		exist would fail.  Patch from Raymund Will of LST Software
6154		GmbH.
6155	Bogus incoming SMTP commands would reset the SMTP conversation.
6156		Problem noted by Fredrik J�nsson of the Royal Institute
6157		of Technology, Stockholm.
6158	Since TCP Wrappers includes setenv(), unsetenv(), and putenv(),
6159		some environments could give "multiple definitions" for these
6160		routines during compilation.  If using TCP Wrappers, assume
6161		that these routines are included as though they were in the
6162		C library.  Patch from Robert La Ferla.
6163	When a NEWDB database map was rebuilt at the same time it was being
6164		used by a queue run, the maps could be left locked for the
6165		duration of the queue run, causing other processes to hang.
6166		Problem noted by Kendall Libby of Shore.NET.
6167	In some cases, NoRecipientAction=add-bcc was being ignored, so the
6168		mail was passed on without any recipient header.  This could
6169		cause problems downstream.  Problem noted by Xander Jansen
6170		of SURFnet ExpertiseCentrum.
6171	Give error when GDBM is used with sendmail.  GDBM's locking and
6172		linking of the .dir and .pag files interferes with sendmail's
6173		locking and security checks.  Problems noted by Fyodor
6174		Yarochkin of the Kyrgyz Republic FreeNet.
6175	Don't fsync qf files if SuperSafe option is not set.
6176	Avoid extra calls to gethostbyname for addresses for which a
6177		gethostbyaddr found no value.  Also, ignore any returns
6178		from gethostbyaddr that look like a dotted quad.
6179	If PTR lookup fails when looking up an SMTP peer, don't tag it as
6180		"may be forged", since at the network level we pretty much
6181		have to assume that the information is good.
6182	In some cases, errors during an SMTP session could leave files
6183		open or locked.
6184	Better handling of missing file descriptors (0, 1, 2) on startup.
6185	Better handling of non-set-user-ID binaries -- avoids certain obnoxious
6186		errors during testing.
6187	Errors in file locking of NEWDB maps had the incorrect file name
6188		printed in the error message.
6189	If the AllowBogusHELO option were set and an EHLO with a bad or
6190		missing parameter were issued, the EHLO behaved like a HELO.
6191	Load limiting never kicked in for incoming SMTP transactions if the
6192		DeliveryMode=background and any recipient was an alias or
6193		had a .forward file.  From Nik Conwell of Boston University.
6194	On some non-Posix systems, the decision of whether chown(2) permits
6195		file giveaway was undefined.  From Tetsu Ushijima of the
6196		Tokyo Institute of Technology.
6197	Fix race condition that could cause the body of a message to be
6198		lost (so only the header was delivered).  This only occurs
6199		on systems that do not use flock(2), and only when a queue
6200		runner runs during a critical section in another message
6201		delivery.  Based on a patch from Steve Schweinhart of
6202		Results Computing.
6203	If a qf file was found in a mail queue directory that had a problem
6204		(wrong ownership, bad format, etc.) and the file name was
6205		exactly MAXQFNAME bytes long, then instead of being tried
6206		once, it would be tried on every queue run.  Problem noted
6207		by Bryan Costales of Mercury Mail.
6208	If the system supports an st_gen field in the status structure,
6209		include it when reporting that a file has changed after open.
6210		This adds a new compile flag, HAS_ST_GEN (0/1 option).
6211		This out to be checked as well as reported, since it is
6212		theoretically possible for an attacker to remove a file after
6213		it is opened and replace it with another file that has the
6214		same i-number, but some filesystems (notably AFS) return
6215		garbage in this field, and hence always look like the file
6216		has changed.  As a practical matter this is not a security
6217		problem, since the files can be neither hard nor soft links,
6218		and on no filesystem (that I am aware of) is it possible to
6219		have two files on the same filesystem with the same i-number
6220		simultaneously.
6221	Delete the root Makefile from the distribution -- it is only for
6222		use internally, and does not work at customer sites.
6223	Fix botch that caused the second MAIL FROM: command in a single
6224		transaction to clear the entire transaction.  Problem
6225		noted by John Kennedy of Cal State University, Chico.
6226	Work properly on machines that have _PATH_VARTMP defined without
6227		a trailing slash.  (And a pox on vendors that decide to
6228		ignore the established conventions!)  Problem noted by
6229		Gregory Neil Shapiro of WPI.
6230	Internal changes to make it easier to add another protocol family
6231		(intended for IPv6).  Patches are from John Kennedy of
6232		CSU Chico.
6233	In certain cases, 7->8 bit MIME decoding of Base64 text could leave
6234		an extra space at the beginning of some lines.  Problem
6235		noted by Charles Karney of Princeton University; fix based
6236		on a patch from Christophe Wolfhugel.
6237	Portability:
6238		Allow _PATH_VENDOR_CF to be set in Makefile for consistency
6239			with the _Sendmail_ book, 2nd edition.  Note that
6240			the book is actually wrong: _PATH_SENDMAILCF should
6241			be used instead.
6242		AIX 3.x: Include <sys/select.h>.  Patch from Gene Rackow
6243			of Argonne National Laboratory.
6244		OpenBSD from from Paul DuBois of the University of Wisconsin.
6245		RISC/os 4.0 from Paul DuBois of the University of Wisconsin.
6246		SunOS: Include <memory.h> to fix warning from util.c.  From
6247			James Aldridge of EUnet Ltd.
6248		Solaris: Change STDIR (location of status file) to /etc/mail
6249			in Makefiles.
6250		Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from
6251			Makefiles.  Use NEWDB on Linux instead.
6252		NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl
6253			exists but behaves differently than other OSes.
6254			Add SIOCGIFNUM_IS_BROKEN compile flag to get
6255			around the problem.  Problem noted by Tom Moore of
6256			NCR Corp.
6257		HP-UX 9.x: fix compile warnings for old select API.  Problem
6258			noted by Tom Smith of Digital Equipment Corp.
6259		UnixWare 2.x: compile warnings on offsetof macro.  Problem
6260			noted by Tom Good of the Community Access Information
6261			Resource Network
6262		SCO 4.2: compile problems caused by a change in the type of
6263			the "length" parameters passed to accept, getpeername,
6264			getsockname, and getsockopt.  Adds new compile flags
6265			SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.  Problem reported
6266			by Tom Good of St. Vincent's North Richmond Community
6267			Mental Health Center Residential Services.
6268		AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T.
6269			Suggested by Brett Hogden of Rochester Gas & Electric
6270			Corp.
6271		Linux: avoid compile problem for versions of <setjmp.h> that
6272			#define both setjmp and longjmp.  Problem pointed out
6273			by J.R. Oldroyd of TerraNet.
6274		CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1)
6275			from Christopher Durham of SCO.
6276		CONFIG: NEXTSTEP: define confCW_FILE to
6277			/etc/sendmail/sendmail.cw to match the usual
6278			configuration.  Patch from Dennis Glatting of
6279			PlainTalk.
6280	CONFIG: MAILER(fax) called a program that hasn't existed for a long
6281		time.  Convert to use the HylaFAX 4.0 conventions.  Suggested
6282		by Harry Styron.
6283	CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc.  These
6284		are the rulesets in use on sendmail.org.
6285	MAKEMAP: give error on GDBM files.
6286	MAIL.LOCAL: Make error messages a bit more explicit, for example,
6287		telling more details on what actually changed when "file
6288		changed after open".
6289	CONTRIB: etrn.pl: Ignore comments in Fw files.  Support multiple Fw
6290		files.
6291	CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'.
6292	NEW FILES:
6293		src/Makefiles/Makefile.OpenBSD
6294		src/Makefiles/Makefile.RISCos.4_0
6295		test/t_exclopen.c
6296		cf/ostype/sco-uw-2.1.m4
6297	DELETED FILES:
6298		Makefile
6299
63008.8.6/8.8.6	1997/06/14
6301	    *************************************************************
6302	    * The extensive assistance of Gregory Neil Shapiro of WPI	*
6303	    * in preparing this release is gratefully appreciated.	*
6304	    * Sun Microsystems has also provided resources toward	*
6305	    * continued sendmail development.				*
6306	    *************************************************************
6307	SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open
6308		mode bits set to create a file that is a symbolic link that
6309		points nowhere.  This makes it possible to create a root
6310		owned file in an arbitrary directory by inserting the symlink
6311		into a writable directory after the initial lstat(2) check
6312		determined that the file did not exist.  The only verified
6313		example of a system having these odd semantics for O_EXCL
6314		and symbolic links was HP-UX prior to version 9.07.  Most
6315		systems do not have the problem, since a exclusive create
6316		of a file disallows symbolic links.  Systems that have been
6317		verified to NOT have the problem include AIX 3.x, *BSD,
6318		DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris,
6319		and Ultrix.  This is a potential exposure on systems that
6320		have this bug and which do not have a MAILER-DAEMON alias
6321		pointing at a legitimate account, since this will cause old
6322		mail to be dropped in /var/tmp/dead.letter.
6323	SECURITY: Problems can occur on poorly managed systems, specifically,
6324		if maps or alias files are in world writable directories.
6325		If your system has alias maps in writable directories, it
6326		is potentially possible for an attacker to replace the .db
6327		(or .dir and .pag) files by symbolic links pointing at
6328		another database; this can be used either to expose
6329		information (e.g., by pointing an alias file at /etc/spwd.db
6330		and probing for accounts), or as a denial-of-service attack
6331		(by trashing the password database).  The fix disallows
6332		symbolic links entirely when rebuilding alias files or on
6333		maps that are in writable directories, and always warns on
6334		writable directories; 8.9 will probably consider writable
6335		directories to be fatal errors.  This does not represent an
6336		exposure on systems that have alias files in unwritable
6337		system directories.
6338	SECURITY: disallow .forward or :include: files that are links (hard
6339		or soft) if the parent directory (or any directory in the
6340		path) is writable by anyone other than the owner.  This is
6341		similar to the previous case for user files.  This change
6342		should not affect most systems, but is necessary to prevent
6343		an attacker who can write the directory from pointing such
6344		files at other files that are readable only by the owner.
6345	SECURITY: Tighten safechown rules: many systems will say that they
6346		have a safe (restricted to root) chown even on files that
6347		are mounted from another system that allows owners to give
6348		away files.  The new rules are very strict, trusting file
6349		ownership only in those few cases where the system has
6350		been verified to be at least as paranoid as necessary.
6351		However, it is possible to relax the rules to partially
6352		trust the ownership if the directory path is not world or
6353		group writable.  This might allow someone who has a legitimate
6354		:include: file (referenced directly from /etc/aliases) to
6355		become another non-root user if the :include: file is in a
6356		non-writable directory on an NFS-mounted filesystem where
6357		the local system says that giveaway is denied but it is
6358		actually permitted.  I believe this to be a very small set
6359		of cases.  If in doubt, do not point :include: aliases at
6360		NFS-mounted filesystems.
6361	SECURITY: When setting a numeric group id using the RunAsUser option
6362		(e.g., "O RunAsUser=10:20", the group id would not be set.
6363		Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha
6364		group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine.
6365		The user id was still set properly.  Problem noted by Uli
6366		Pralle of the Technical University of Berlin.
6367	Save the initial gid set for use when checking for if the
6368		PrivacyOptions=restrictmailq option is set.  Problem reported
6369		by Wolfgang Ley of DFN-CERT.
6370	Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a
6371		failure on one message won't affect future messages to the
6372		same host).
6373	IP source route printing had an "off by one" error that would
6374		affect any options that came after the route option.  Patch
6375		from Theo de Raadt.
6376	The "Message is too large" error didn't successfully bounce the error
6377		back to the sender.  Problem reported by Stephen More of
6378		PSI; patch from Gregory Neil Shapiro of WPI.
6379	Change SMTP status code 553 to map into Extended code 5.1.0 (instead
6380		of 5.1.3); it apparently gets used in multiple ways.
6381		Suggested by John Myers of Portola Communications.
6382	Fix possible extra null byte generated during collection if errors
6383		occur at the beginning of the stream.  Patch contributed by
6384		Andrey A. Chernov and Gregory Neil Shapiro.
6385	Code changes to avoid possible reentrant call of malloc/free within
6386		a signal handler.  Problem noted by John Beck of Sun
6387		Microsystems.
6388	Move map initialization to be earlier so that check_relay ruleset
6389		will have the latest version of the map data.  Problem noted
6390		by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro.
6391	If there are fatal errors during the collection phase (e.g., message
6392		too large) don't send the bogus message.
6393	Avoid "cannot open xfAAA00000" messages when sending to aliases that
6394		have errors and have owner- aliases.  Problem noted by Michael
6395		Barber of MTU; fix from Gregory Neil Shapiro of WPI.
6396	Avoid null pointer dereference on illegal Boundary= parameters in
6397		multipart/mixed Content-Type: header.  Problem noted by
6398		Richard Muirden of RMIT University.
6399	Always print error messages during newaliases (-bi) even if the
6400		ErrorMode is not set to "print".  Fix from Gregory Neil
6401		Shapiro.
6402	Test mode could core dump if you did a /map lookup in an optional map
6403		that could not be opened.  Based on a fix from John Beck of
6404		Sun Microsystems.
6405	If DNS is misconfigured so that the last MX record tried points to
6406		a host that does not have an A record, but other MX records
6407		pointed to something reasonable, don't bounce the message
6408		with a "host unknown" error.  Note that this should really
6409		be fixed in the zone file for the domain.  Problem noted by
6410		Joe Rhett of Navigist, Inc.
6411	If a map fails (e.g., DNS times out) on all recipient addresses, mark
6412		the message as having been tried; otherwise the next queue
6413		run will not realize that this is a second attempt and will
6414		retry immediately.  Problem noted by Bryan Costales of
6415		Mercury Mail.
6416	If the clock is set backwards, and a MinQueueAge is set, no jobs
6417		will be run until the later setting of the clock is reached.
6418		"Problem" (I use the term loosely) noted by Eric Hagberg of
6419		Morgan Stanley.
6420	If the load average rises above the cutoff threshold (above which
6421		sendmail will not process the queue at all) during a queue
6422		run, abort the queue run immediately.  Problem noted by
6423		Bryan Costales of Mercury Mail.
6424	The variable queue processing algorithm (based on the message size,
6425		number of recipients, message precedence, and job age) was
6426		non-functional -- either the entire queue was processed or
6427		none of the queue was processed.  The updated algorithm
6428		does no queue run if a single recipient zero size job will
6429		not be run.
6430	If there is a fatal ("panic") message that will cause sendmail to
6431		die immediately, never hold the error message for future
6432		printing.
6433	Force ErrorMode=print in -bt mode so that all errors are printed
6434		regardless of the setting of the ErrorMode option in the
6435		configuration file.  Patch from Gregory Neil Shapiro.
6436	New compile flag HASSTRERROR says that this OS has the strerror(3)
6437		routine available in one of the libraries.  Use it in conf.h.
6438	The -m (match only) flag now works on host class maps.
6439	If class hash or btree maps are rebuilt, sendmail will now detect
6440		this and reopen the map.  Previously, they could give
6441		erroneous results during a single message processing
6442		(but would recover when the next message was received).
6443	Don't delete zero length queue files when doing queue runs until the
6444		files are at least ten minutes old.  This avoids a potential
6445		race condition: the creator creates the qf file, getting back
6446		a file descriptor.  The queue runner locks it and deletes it
6447		because it is zero length.  The creator then writes the
6448		descriptor that is now for a disconnected file, and the
6449		job goes away.  Based on a suggestion by Bryan Costales.
6450	When determining the "validated" host name ($_ macro), do a forward
6451		(A) DNS lookup on the result of the PTR lookup and compare
6452		results.  If they differ or if the PTR lookup fails, tag the
6453		address as "may be forged".
6454	Log null connections (i.e., hosts that connect but do not do any
6455		substantive activity on the connection before disconnecting;
6456		"substantive" is defined to be MAIL, EXPN, VRFY, or ETRN.
6457	Always permit "writes" to /dev/null regardless of the link count.
6458		This is safe because /dev/null is special cased, and no open
6459		or write is ever actually attempted.  Patch from Villy Kruse
6460		of TwinCom.
6461	If a message cannot be sent because of a 552 (exceeded storage
6462		allocation) response to the MAIL FROM:<>, and a SIZE= parameter
6463		was given, don't return the body in the bounce, since there
6464		is a very good chance that the message will double-bounce.
6465	Fix possible line truncation if a quoted-printable had an =00 escape
6466		in the body.  Problem noted by Charles Karney of the Princeton
6467		Plasma Physics Laboratory.
6468	Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses.
6469		Problem noted by Kari Hurtta of the Finnish Meteorological
6470		Institute.
6471	The MaxDaemonChildren option wasn't applying to queue runs as
6472		documented.  Note that this increases the potential denial
6473		of service problems with this option: an attacker can
6474		connect many times, and thereby lock out queue runs as well
6475		as incoming connections.  If you use this option, you should
6476		run the "sendmail -bd" and "sendmail -q30m" jobs separately
6477		to avoid this attack.  Failure to limit noted by Matthew
6478		Dillon of BEST Internet Communications.
6479	Always give a message in newaliases if alias files cannot be
6480		opened instead of failing silently.  Suggested by Gregory
6481		Neil Shapiro.  This change makes the code match the O'Reilly
6482		book (2nd edition).
6483	Some older versions of the resolver could return with h_errno == -1
6484		if no name server could be reached, causing mail to bounce
6485		instead of queueing.  Treat this like TRY_AGAIN.  Fix from
6486		John Beck of SunSoft.
6487	If a :include: file is owned by a user that does not have an entry
6488		in the passwd file, sendmail could dereference a null pointer.
6489		Problem noted by Satish Mynam of Sun Microsystems.
6490	Take precautions to make sure that the SMTP protocol cannot get out
6491		of sync if (for example) an alias file cannot be opened.
6492	Fix a possible race condition that can cause a SIGALRM to come in
6493		immediately after a SIGHUP, causing the new sendmail to die.
6494	Avoid possible hang on SVr3 systems when doing child reaping.  Patch
6495		from Villy Kruse of TwinCom.
6496	Ignore improperly formatted SMTP reply codes.  Previously these were
6497		partially processed, which could cause confusing error
6498		returns.
6499	Fix possible bogus pointer dereference when doing ldapx map lookups
6500		on some architectures.
6501	Portability:
6502		A/UX: from Jim Jagielski of NASA/GSFC.
6503		glibc: SOCK_STREAM was changed from a #define to an enum,
6504			thus breaking #ifdef SOCK_STREAM.  Only option seems
6505			to be to assume SOCK_STREAM if __GNU_LIBRARY__ is
6506			defined.  Problem reported by A Sun of the University
6507			of Washington.
6508		Solaris: use SIOCGIFNUM to get the number of interfaces on
6509			the system rather than guessing at compile time.
6510			Patch contributed by John Beck of Sun Microsystems.
6511		Intel Paragon: from Wendy Lin of Purdue University.
6512		GNU Hurd: from Miles Bader of the GNU project.
6513		RISC/os 4.50 from Harlan Stenn of PFCS Corporation.
6514		ISC Unix: wait never returns if SIGCLD signals are blocked.
6515			Unfortunately releasing them opens a race condition,
6516			but there appears to be no fix for this.  Patch from
6517			Gregory Neil Shapiro.
6518		BIND 8.1 for IPv6 compatibility from John Kennedy.
6519		Solaris: a bug in strcasecmp caused characters with the
6520			high order bit set to apparently randomly match
6521			letters -- for example, $| (0233) matches "i" and "I".
6522			Problem noted by John Gregson of the University of
6523			Cambridge.
6524		IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x.  From
6525			Kari Hurtta.
6526		IRIX 6.x: Create Makefiles for systems that claim to be
6527			IRIX64 but are 6.2 or higher (so use the regular
6528			IRIX Makefile).
6529		IRIX 6.x: Fix load average computation on 64 bit kernels.
6530			Problem noted by Eric Hagberg of Morgan Stanley.
6531	CONFIG: Some canonification was still done for UUCP-like addresses
6532		even if FEATURE(nocanonify) was set.  Problem pointed out by
6533		Brian Candler.
6534	CONFIG: In some cases UUCP mailers wouldn't properly recognize all
6535		local names as local.  Problem noted by Jeff Polk of BSDI;
6536		fix provided by Gregory Neil Shapiro.
6537	CONFIG: The "local:user" syntax entries in mailertables and other
6538		"mailer:user" syntax locations returned an incorrect value
6539		for the $h macro.  Problem noted by Gregory Neil Shapiro.
6540	CONFIG: Retain "+detail" information when forwarding mail to a
6541		MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY.  Patch from Philip
6542		Guenther of Gustavus Adolphus College.
6543	CONFIG: Make sure user+detail works for FEATURE(virtusertable);
6544		rules are the same as for aliasing.  Based on a patch from
6545		Gregory Neil Shapiro.
6546	CONFIG: Break up parsing rules into several pieces; this should
6547		have no functional change in this release, but makes it
6548		possible to have better anti-spam rulesets in the future.
6549	CONFIG: Disallow double dots in host names to avoid having the
6550		HostStatusDirectory store status under the wrong name.
6551		In some cases this can be used as a denial-of-service attack.
6552		Problem noted by Ron Jarrell of Virginia Tech, patch from
6553		Gregory Neil Shapiro.
6554	CONFIG: Don't use F=m (multiple recipients per invocation) for
6555		MAILER(procmail), but do pass F=Pn9 (include Return-Path:,
6556		don't include From_, and convert to 8-bit).  Suggestions
6557		from Kimmo Suominen and Roderick Schertler.
6558	CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were
6559		being masqueraded as though FEATURE(masquerade_entire_domain)
6560		was specified, even when it wasn't.
6561	MAIL.LOCAL: Solaris 2.6 has snprintf.  From John Beck of SunSoft.
6562	MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't
6563		"slip in" a symbolic link between the lstat(2) call and the
6564		exclusive open.  This is only a problem on System V derived
6565		systems that allow an exclusive create on files that are
6566		symbolic links pointing nowhere.
6567	MAIL.LOCAL: If the final mailbox close() failed, the user id was
6568		not reset back to root, which on some systems would cause
6569		later mailboxes to fail.  Also, any partial message would
6570		not be truncated, which could result in repeated deliveries.
6571		Problem noted by Bruce Evans via Peter Wemm (FreeBSD
6572		developers).
6573	MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0.  A similar
6574		change to the sendmail map code was made in 8.8.3.  Problem
6575		noted by Gregory Neil Shapiro.
6576	MAKEMAP: Give warnings on file problems such as map files that are
6577		symbolic links; although makemap is not set-user-ID root, it is
6578		often run as root and hence has the potential for the same
6579		sorts of problems as alias rebuilds.
6580	MAKEMAP: Change compilation so that it will link properly on
6581		NEXTSTEP.
6582	CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf.
6583		Accept an optional list of arguments following the server
6584		name for the ETRN arguments to use (instead of $=w).  Other
6585		miscellaneous bug fixes.  From Christian von Roques via
6586		John Beck of Sun Microsystems.
6587	CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta.  This
6588		Perl script converts GECOS information in the /etc/passwd
6589		file into aliases, allowing for faster access to full name
6590		lookups; it is also clever about adding aliases (to root)
6591		for system accounts.
6592	NEW FILES:
6593		src/safefile.c
6594		cf/ostype/gnuhurd.m4
6595		cf/ostype/irix6.m4
6596		contrib/passwd-to-alias.pl
6597		src/Makefiles/Makefile.IRIX64.6.1
6598		src/Makefiles/Makefile.IRIX64.6.x
6599	RENAMED FILES:
6600		src/Makefiles/Makefile.IRIX.6.2 =>	Makefile.IRIX.6.x
6601		src/Makefiles/Makefile.IRIX64 =>	Makefile.IRIX64.6.0
6602
66038.8.5/8.8.5	1997/01/21
6604	SECURITY: Clear out group list during startup.  Without this, sendmail
6605		will continue to run with the group permissions of the caller,
6606		even if RunAsUser is specified.
6607	SECURITY: Make purgestat (-bH) be root-only.  This is not in response
6608		to any known attack, but it's best to be conservative.
6609		Suggested by Peter Wemm of DIALix.
6610	SECURITY: Fix buffer overrun problem in MIME code that has possible
6611		security implications.  Patch from Alex Garthwaite of the
6612		University of Pennsylvania.
6613	Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'")
6614		would truncate the address after "Full".  Although the -f
6615		syntax is incorrect (since it is in the envelope, it
6616		shouldn't have comments and full names), the failure mode
6617		was unnecessarily awful.
6618	Fix a possible null pointer dereference when converting 8-bit data
6619		to a 7-bit format.  Problem noted by Jim Hutchins of
6620		Sandia National Labs and David James of British Telecom.
6621	Clear out stale state that affected F=9 on SMTP mailers in queue
6622		runs.  Although this really shouldn't be used (F=9 is for
6623		final delivery only, and using it on an SMTP mailer makes
6624		it possible for a message to be converted from 8->7->8->7
6625		bits several times), it shouldn't have failed with a syserr.
6626		Problem noted by Eric Hagberg of Morgan Stanley.
6627	_Really_ fix the multiple :maildrop code in the user database
6628		module.  Patch from Roy Mongiovi of Georgia Tech.
6629	Let F lines in the configuration file actually read root-only
6630		files if the configuration file is safe.  Based on a
6631		patch from Keith Reynolds of SCO.
6632	ETRN followed by QUIT would hold the connection open until the queue
6633		run completed.  Problem noted by Truck Lewis of TDK
6634		Semiconductor Corp.
6635	It turns out that despite the documentation, the TCP wrappers library
6636		does _not_ log rejected connections.  Do the logging ourselves.
6637		Problem noted by Fletcher Mattox of the University of Texas
6638		at Austin.
6639	If sendmail finds a qf file in its queue directory that is an unknown
6640		version (e.g., when backing out to an old version), the
6641		error is reported on every queue run.  Change it to only
6642		give the error once (and rename the qf => Qf).  Patch from
6643		William A. Gianopoulos of Raytheon Company.
6644	Start a new session when doing background delivery; currently it
6645		ignored signals but didn't start a new signal, that caused
6646		some problems if a background process tried to send mail
6647		under certain circumstances.  Problem noted by Eric Hagberg
6648		of Morgan Stanley; fix from Kari Hurtta.
6649	Simplify test for skipping a queue run to just check if the current
6650		load average is >= the queueing load average.  Previously
6651		the check factored in some other parameters that caused it
6652		to essentially never skip the queue run.  Patch from Bryan
6653		Costales.
6654	If the SMTP server is running in "nullserver" mode (that is, it is
6655		rejecting all commands), start sleeping after MAXBADCOMMAND
6656		(25) commands; this helps prevent a bad guy from putting
6657		you into a tight loop as a denial-of-service attack.  Based
6658		on an e-mail conversation with Brad Knowles of AOL.
6659	Slow down when too many "light weight" commands have been issued;
6660		this helps prevent a class of denial-of-service attacks.
6661		The current values and defaults are:
6662		    MAXNOOPCOMMANDS	20	NOOP, VERB, ONEX, XUSR
6663		    MAXHELOCOMMANDS	3	HELO, EHLO
6664		    MAXVRFYCOMMANDS	6	VRFY, EXPN
6665		    MAXETRNCOMMANDS	8	ETRN
6666		These will probably be configurable in a future release.
6667	On systems that have uid_t typedefed to be an unsigned short, programs
6668		that had the F=S flag and no U= equate would be invoked with
6669		the real uid set to 65535 rather than being left unchanged.
6670	In some cases, NOTIFY=NEVER was not being honored.  Problem noted
6671		by Steve Hubert of the University of Washington, Seattle.
6672	Mail that was Quoted-Printable encoded and had a soft line break on
6673		the last line (i.e., an incomplete continuation) had the last
6674		line dropped.  Since this appears to be illegal it isn't
6675		clear what to do with it, but flushing the last line seems
6676		to be a better "fail soft" approach.  Based on a patch from
6677		Eric Hagberg.
6678	If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a
6679		bogus HELO command still causes the "Polite people say HELO
6680		first" error message.  Problem pointed out by Chris Thomas
6681		of UCLA; patch from John Beck of SunSoft.
6682	Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set
6683		in PrivacyOptions.  The -q shouldn't turn this command off.
6684		Problem noted by Murray Kucherawy of Pacific Bell Internet;
6685		based on a patch from Gregory Neil Shapiro of WPI.
6686	Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation)
6687		in a DATA transaction to be sticky; these can occur because
6688		a message is too large, and smaller messages should still go
6689		through.  Problem noted by Matt Dillon of Best Internet
6690		Communications.
6691	In some cases bounces were saved in /var/tmp/dead.letter even if they
6692		had been successfully delivered to the envelope sender.
6693		Problem noted Eric Hagberg of Morgan Stanley; solution from
6694		Gregory Neil Shapiro of WPI.
6695	Give better diagnostics on long alias lines.  Based on code contributed
6696		by Patrick Gosling of the University of Cambridge.
6697	Increase the number of virtual interfaces that will be probed for
6698		alternate names.  Problem noted by Amy Rich of Shore.Net.
6699	PORTABILITY:
6700		UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from
6701			Toshiaki Nomura of Fujitsu Limited.
6702		SunOS with LDAP support: compile problems with struct timeval.
6703			Patch from Nick Cuccia of TCSI Corporation.
6704		SCO: from Keith Reynolds of SCO.
6705		Solaris: kstat load average computation wasn't being used.
6706			Fixes from Michael Ju. Tokarev of Telecom Service, JSC
6707			(Moscow).
6708		OpenBSD: from Jason Downs of teeny.org.
6709		Altos System V: from Tim Rice.
6710		Solaris 2.5: from Alan Perry of SunSoft.
6711		Solaris 2.6: from John Beck of SunSoft.
6712		Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli
6713			of Pratt & Whitney <miorelli@pweh.com>.
6714	CONFIG: It seems that I hadn't gotten the Received: line syntax
6715		_just_right_ yet.  Tweak it again.  I'll omit the names
6716		of the "contributors" (quantity two) in this one case.
6717		As of now, NO MORE DISCUSSION about the syntax of the
6718		Received: line.
6719	CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E),
6720		it never inserts that class into the output file.  Fix it
6721		so it will honor EXPOSED_USER but will _not_ include root
6722		automatically in this class.  Problem noted by Ronan KERYELL
6723		of Centre de Recherche en Informatique de l'�cole Nationale
6724		Sup�rieure des Mines de Paris (CRI-ENSMP).
6725	CONFIG: Clean up handling of "local:" syntax in relay specifications
6726		such as LUSER_RELAY.  This change permits the following
6727		syntaxes:  ``local:'' will send to the same user on the
6728		local machine (e.g., in a mailertable entry for "host",
6729		``local:'' will cause an address addressed to user@host to
6730		go to user on the local machone).  ``local:user'' will send
6731		to the named user on the local machine.  ``local:user@host''
6732		is equivalent to ``local:user'' (the host is ignored).  In
6733		all cases, the original user@host is passed in $@ (i.e., the
6734		detail information).  Inspired by a report from Michael Fuhr.
6735	CONFIG: Strip quotes from the first word of an "error:" host
6736		indication.  This lets you set (for example) the LUSER_RELAY
6737		to be ``error:\"5.1.1\" Your Message Here''.  Note the use
6738		of the \" so that the resulting string is properly quoted.
6739		Problem noted by Gregory Neil Shapiro of WPI.
6740	OP.ME: documentation was inconsistent about whether sendmail did a
6741		NOOP or a RSET to probe the connection (it does a RSET).
6742		Inconsistency noted by Deeran Peethamparam.
6743	OP.ME: insert additional blank pages so it will print properly on
6744		a duplex printer.  From Matthew Black of Cal State University,
6745		Long Beach.
6746
67478.8.4/8.8.4	1996/12/02
6748	SECURITY: under some circumstances, an attacker could get additional
6749		permissions by hard linking to files that were group
6750		writable by the attacker.  The solution is to disallow any
6751		files that have hard links -- this will affect .forward,
6752		:include:, and output files.  Problem noted by Terry
6753		Kyriacopoulos of Interlog Internet Services.  As a
6754		workaround, set UnsafeGroupWrites -- always a good idea.
6755	SECURITY: the TryNullMXList (w) option should not be safe -- if it
6756		is, it is possible to do a denial-of-service attack on
6757		MX hosts that rely on the use of the null MX list.  There
6758		is no danger if you have this option turned off (the default).
6759		Problem noted by Dan Bernstein.  Also, make the DontInitGroups
6760		unsafe.  I know of no specific attack against this, although
6761		a denial-of-service attack is probably possible, but in theory
6762		you should not be able to safely tweak anything that affects
6763		the permissions that are used when mail is delivered.
6764	Purgestat could go into an infinite loop if one of the host status
6765		directories somehow became empty.  Problem noted by Roy
6766		Mongiovi of Georgia Tech.
6767	Processes got "lost" when counting children due to a race condition.
6768		This caused "proc_list_probe: lost pid" messages to be logged.
6769		Problem noted by several people.
6770	On systems with System V SIGCLD child signal semantics (notably AIX
6771		and HP-UX), mail transactions would print the message "451
6772		SMTP-MAIL: lost child: No child processes".  Problem noted
6773		by several people.
6774	Miscellaneous compiler warnings on picky compilers (or when setting
6775		gcc to high warning levels).  From Tom Moore of NCR Corp.
6776	SMTP protocol errors, and most errors on MAIL FROM: lines should
6777		not be persistent between runs, since they are based on the
6778		message rather than the host.  Problem noted by Matt Dillon
6779		of Best Internet Communications.
6780	The F=7 flag was ignored on SMTP mailers.  Problem noted by Tom Moore
6781		of NCR (a.k.a., AT&T Global Information Solutions).
6782	Avoid the possibility of having a child daemon run to completion
6783		(including closing the SMTP socket) before the parent has
6784		had a chance to close the socket; this can cause the parent
6785		to hang for a long time waiting for the socket to drain.
6786		Patch from Don Lewis of TDK Semiconductor.
6787	If the fork() failed in a queue run, the queue runners would not be
6788		rescheduled (so queue runs would stop).  Patch from Don Lewis.
6789	Some error conditions in ETRN could cause output without an SMTP
6790		status code.  Problem noted by Don Lewis.
6791	Multiple :maildrop addresses in the user database didn't work properly.
6792		Patch from Roy Mongiovi of Georgia Tech.
6793	Add ".db" automatically onto any user database spec that does not
6794		already have it; this is for consistency with makemap, the
6795		K line, and the documentation.  Inconsistency pointed out
6796		by Roy Mongiovi.
6797	Allow sendmail to be properly called in nohup mode.  Patch from
6798		Kyle Jones of UUNET.
6799	Change ETRN to ignore but still update host status files; previously
6800		it would ignore them and not save the updated status, which
6801		caused stale information to be maintained.  Based on a patch
6802		from Christopher Davis of Kapor Enterprises Inc.  Also, have
6803		ETRN ignore the MinQueueAge option.
6804	Patch long term host status to recover more gracefully from an empty
6805		host status file condition.  Patch from NAKAMURA Motonori
6806		of Kyoto University.
6807	Several patches to signal handling code to fix potential race
6808		conditions from Don Lewis.
6809	Make it possible to compile with -DDAEMON=0 (previously it had some
6810		compile errors).  This turns DAEMON, QUEUE, and SMTP into
6811		0/1 compilation flags.  Note that DAEMON is an obsolete
6812		compile flag; use NETINET instead.  Solution based on a
6813		patch from Bryan Costales.
6814	PORTABILITY FIXES:
6815		AIX4: getpwnam() and getpwuid() do a sequential scan of the
6816			/etc/security/passwd file when called as root.  This
6817			is very slow on some systems.  To speed it up, use the
6818			(undocumented) _getpw{nam,uid}_shadow() routines.
6819			Patch from Chris Thomas of UCLA/OAC Systems Group.
6820		SCO 5.x: include -lprot in the Makefile.  Patch from Bill
6821			Glicker of Burrelle's Information Service.
6822		NEWS-OS 4.x: need a definition for MODE_T to compile.  Patch
6823			from Makoto MATSUSHITA of Osaka University.
6824		SunOS 4.0.3: compile problems.  Patches from Andrew Cole of
6825			Leeds University and SASABE Tetsuro of the University
6826			of Tokyo.
6827		DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support
6828			Services, Inc.
6829		Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp.
6830			I believe this to have only been a problem if you
6831			compiled with -DUSE_VENDOR_CF_PATH -- another reason
6832			to stick with /etc/sendmail.cf as your One True Path.
6833		Digital UNIX (OSF/1 on Alpha) load average computation from
6834			Martin Laubach of the Technischen Universit�t Wien.
6835	CONFIG: change default Received: line to be multiple lines rather
6836		than one long one.  By popular demand.
6837	MAIL.LOCAL: warnings weren't being logged on some systems.  Patch
6838		from Jerome Berkman of U.C. Berkeley.
6839	MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs
6840		to take a very long time.  Problem noted by Yoshiro YONEYA
6841		of NTT Software Corporation.
6842	CONTRIB: add etrn.pl, contributed by John Beck.
6843	NEW FILES:
6844		contrib/etrn.pl
6845
68468.8.3/8.8.3	1996/11/17
6847	SECURITY: it was possible to get a root shell by lying to sendmail
6848		about argv[0] and then sending it a signal.  Problem noted
6849		by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the
6850		best-of-security list.
6851	Log sendmail binary version number in "Warning: .cf version level
6852		(%d) exceeds program functionality (%d) message" -- this
6853		should make it clearer to people that they are running
6854		the wrong binary.
6855	Fix a problem that occurs when you open an SMTP connection and then
6856		do one or more ETRN commands followed by a MAIL command; at
6857		the end of the DATA phase sendmail would incorrectly report
6858		"451 SMTP-MAIL: lost child: No child processes".  Problem
6859		noted by Eric Bishop of Virginia Tech.
6860	When doing text-based host canonification (typically /etc/hosts
6861		lookup), a null host name would match any /etc/hosts entry
6862		with space at the end of the line.  Problem noted by Steve
6863		Hubert of the University of Washington, Seattle.
6864	7 to 8 bit BASE64 MIME conversions could duplicate bits of text.
6865		Problem reported by Tom Smith of Digital Equipment Corp.
6866	Increase the size of the DNS answer buffer -- the standard UDP packet
6867		size PACKETSZ (512) is not sufficient for some nameserver
6868		answers containing very many resource records.  The resolver
6869		may also switch to TCP and retry if it detects UDP packet
6870		overflow.  Also, allow for the fact that the resolver
6871		routines res_query and res_search return the size of the
6872		*un*truncated answer in case the supplied answer buffer it
6873		not big enough to accommodate the entire answer.  Patch from
6874		Eric Wassenaar.
6875	Improvements to MaxDaemonChildren code.  If you think you have too
6876		many children, probe the ones you have to verify that they
6877		are still around.  Suggested by Jared Mauch of CICnet, Inc.
6878		Also, do this probe before growing the vector of children
6879		pids; this previously caused the vector to grow indefinitely
6880		due to a race condition.  Problem reported by Kyle Jones of
6881		UUNET.
6882	On some architectures, <db.h> (from the Berkeley DB library) defines
6883		O_EXLOCK to zero; this fools the map compilation code into
6884		thinking that it can avoid race conditions by locking on open.
6885		Change it to check for O_EXLOCK non-zero.  Problem noted by
6886		Leif Erlingsson of Data Lege.
6887	Always call res_init() on startup (if compiled in, of course) to
6888		allow the sendmail.cf file to tweak resolver flags; without
6889		it, flag tweaks in ResolverOptions are ignored.  Patch from
6890		Andrew Sun of Merrill Lynch.
6891	Improvements to host status printing code.  Suggested by Steve Hubert
6892		of the University of Washington, Seattle.
6893	Change MinQueueAge option processing to do the check for the job age
6894		when reading the queue file, rather than at the end; this
6895		avoids parsing the addresses, which can do DNS lookups.
6896		Problem noted by John Beck of InReference, Inc.
6897	When MIME was being 7->8 bit decoded, "From " lines weren't being
6898		properly escaped.  Problem noted by Peter Nilsson of the
6899		University of Linkoping.
6900	In some cases, sendmail would retain root permissions during queue
6901		runs even if RunAsUser was set.  Problem noted by Mark
6902		Thomas of Mark G. Thomas Consulting.
6903	If the F=l flag was set on an SMTP mailer to indicate that it is
6904		actually local delivery, and NOTIFY=SUCCESS is specified in
6905		the envelope, and the receiving SMTP server speaks DSN, then
6906		the DSN would be both generated locally and propagated to the
6907		other end.
6908	The U= mailer field didn't correctly extract the group id if the
6909		user id was numeric.  Problem noted by Kenneth Herron of
6910		MCI Telecommunications Communications.
6911	If a message exceeded the fixed maximum size on input, the body of
6912		the message was included in the bounce.  Note that this did
6913		not occur if it exceeded the maximum _output_ size.  Problem
6914		reported by Kyle Jones of UUNET.
6915	PORTABILITY FIXES:
6916		AIX4: 4.1 doesn't have a working setreuid(2); change the
6917			AIX4 defines to use seteuid(2) instead, which
6918			works on 4.1 as well as 4.2.  Problem noted by
6919			H�kan Lindholm of interAF, Sweden.
6920		AIX4: use tzname[] vector to determine time zone name.
6921			Patch from NAKAMURA Motonori of Kyoto University.
6922		MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support.
6923			Contributed by Paul DuBois <dubois@primate.wisc.edu>.
6924		Solaris: kstat(3k) support for retrieving the load average.
6925			This adds the LA_KSTAT definition for LA_TYPE.
6926			The outline of the implementation was contributed
6927			by Michael Tokarev of Telecom Service, JSC, Moscow.
6928		HP-UX 10.0 gripes about the (perfectly legal!) forward
6929			declaration of struct rusage at the top of conf.h;
6930			change it to only be included if you are using gcc,
6931			which is apparently the only compiler that requires
6932			it in the first place.  Problem noted by Jeff
6933			Earickson of Colby College.
6934		IRIX: don't default to using gcc.  IRIX is a civilized
6935			operating system that comes with a decent compiler
6936			by default.  Problem noted by Barry Bouwsma and
6937			Kari Hurtta.
6938	CONFIG: specify F=9 as default in FEATURE(local_procmail) for
6939		consistency with other local mailers.  Inconsistency
6940		pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>.
6941	CONFIG: if the "limited best mx" feature is used (to reduce DNS
6942		overhead) as part of the bestmx_is_local feature, the
6943		domain part was dropped from the name.  Patch from Steve
6944		Hubert of the University of Washington, Seattle.
6945	CONFIG: catch addresses of the form "user@.dom.ain"; these could
6946		end up being translated to the null host name, which would
6947		return any entry in /etc/hosts that had a space at the end
6948		of the line.  Problem noted by Steve Hubert of the
6949		University of Washington, Seattle.
6950	CONFIG: add OSTYPE(aix4).  From Michael Sofka of Rensselaer
6951		Polytechnic Institute.
6952	MAKEMAP: tweak hash and btree parameters for better performance.
6953		Patch from Matt Dillon of Best Internet Communications.
6954	NEW FILES:
6955		src/Makefiles/Makefile.Linux.ppc
6956		cf/ostype/aix4.m4
6957		cf/ostype/mklinux.m4
6958
69598.8.2/8.8.2	1996/10/18
6960	SECURITY: fix a botch in the 7-bit MIME patch; the previous patch
6961		changed the code but didn't fix the problem.
6962	PORTABILITY FIXES:
6963		Solaris: Don't use the system getusershell(3); it can
6964			apparently corrupt the heap in some circumstances.
6965			Problem found by Ken Pizzini of Spry, Inc.
6966	OP.ME: document several mailer flags that were accidentally omitted
6967		from this document.  These flags were F=d, F=j, F=R, and F=9.
6968	CONFIG: no changes.
6969
69708.8.1/8.8.1	1996/10/17
6971	SECURITY: unset all environment variables that the resolver will
6972		examine during queue runs and daemon mode.  Problem noted
6973		by Dan Bernstein of the University of Illinois at Chicago.
6974	SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain
6975		message could overflow a buffer if it was converted back
6976		to 8 bits.  This caused core dumps and has the potential
6977		for a remote attack.  Problem first noted by Gregory Shapiro
6978		of WPI.
6979	Avoid duplicate deliveries of error messages on systems that don't
6980		have flock(2) support.  Patch from Motonori Nakamura of
6981		Kyoto University.
6982	Ignore null FallBackMX (V) options.  If this option is null (as
6983		opposed to undefined) it can cause "null signature" syserrs
6984		on illegal host names.
6985	If a Base64 encoded text/plain message has no trailing newline in
6986		the encoded text, conversion back to 8 bits will drop the
6987		final line.  Problem noted by Pierre David.
6988	If running with a RunAsUser, sendmail would give bogus "cannot
6989		setuid" (or seteuid, or setreuid) messages on some systems.
6990		Problem pointed out by Jordan Mendelson of Web Services, Inc.
6991	Always print error messages in -bv mode -- previously, -bv would
6992		be absolutely silent on errors if the error mode was sent
6993		to (say) mail-back.  Problem noted by Kyle Jones of UUNET.
6994	If -qI/R/S is set (or the ETRN command is used), ignore all long
6995		term host status.  This is necessary because it is common
6996		to do this when you know a host has just come back up.
6997	Disallow duplicate HELO/EHLO commands as required by RFC 1651 section
6998		4.2.  Excessive permissiveness noted by Lee Flight of the
6999		University of Leicester.
7000	If a service (such as NIS) is specified as the last entry in the
7001		service switch, but that service is not compiled in, sendmail
7002		would return a temporary failure when an entry was not found
7003		in the map.  This caused the message to be queued instead of
7004		bouncing immediately.  Problem noted by Harry Edmon of the
7005		University of Washington.
7006	PORTABILITY FIXES:
7007		Solaris 2.3 had compilation problems in conf.c.  Several
7008			people pointed this out.
7009		NetBSD from Charles Hannum of MIT.
7010		AIX4 improvements based on info from Steve Bauer of South
7011			Dakota School of Mines & Technology.
7012	CONFIG: ``error:code message'' syntax was broken in virtusertable.
7013		Patch from Gil Kloepfer Jr.
7014	CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set
7015		using MASQUERADE_DOMAIN) were not masqueraded unless they
7016		were also in $=w.  Problem noted by Zoltan Basti of
7017		Softec.
7018	MAIL.LOCAL: patches to compile and link cleanly on AIX.  Based
7019		on a patch from Eric Hagberg of Morgan Stanley.
7020	MAIL.LOCAL: patches to compile on NEXTSTEP.  From Patrick Nolan
7021		of Stanford via Robert La Ferla.
7022
70238.8.0/8.8.0	1996/09/26
7024	Under some circumstances, Bcc: headers would not be properly
7025		deleted.  Pointed out by Jonathan Kamens of OpenVision.
7026	Log a warning if the sendmail daemon is invoked without a full
7027		pathname, which prevents "kill -1" from working.  I was
7028		urged to put this in by Andrey A. Chernov of DEMOS (Russia).
7029	Fix small buffer overflow.  Since the data in this buffer was not
7030		read externally, there was no security problem (and in fact
7031		probably wouldn't really overflow on most compilers).  Pointed
7032		out by KIZU takashi of Osaka University.
7033	Fix problem causing domain literals such as [1.2.3.4] to be ignored
7034		if a FallbackMXHost was specified in the configuration file
7035		-- all mail would be sent to the fallback even if the original
7036		host was accessible.  Pointed out by Munenari Hirayama of
7037		NSC (Japan).
7038	A message that didn't terminate with a newline would (sometimes) not
7039		have the trailing "." added properly in the SMTP dialogue,
7040		causing SMTP to hang.  Patch from Per Hedeland of Ericsson.
7041	The DaemonPortOptions suboption to bind to a particular address was
7042		incorrect and nonfunctional due to a misunderstanding of the
7043		semantics of binding on a passive socket.  Patch from
7044		NIIBE Yutaka of Mitsubishi Research Institute.
7045	Increase the number of MX hosts for a single name to 100 to better
7046		handle the truly huge service providers such as AOL, which
7047		has 13 at the moment (and climbing).  In order to avoid
7048		trashing memory, the buffer for all names has only been
7049		slightly increased in size, to 12.8K from 10.2K -- this means
7050		that if a single name had 100 MX records, the average size
7051		of those records could not exceed 128 bytes.  Requested by
7052		Brad Knowles of America On Line.
7053	Restore use of IDENT returns where the OSTYPE field equals "OTHER".
7054		Urged by Dan Bernstein of U.C. Berkeley.
7055	Print q_statdate and q_specificity in address structure debugging
7056		printout.
7057	Expand MCI structure flag bits for debugging output.
7058	Support IPv6-style domain literals, which can have colons between
7059		square braces.
7060	Log open file descriptors for the "cannot dup" messages in deliver();
7061		this is an attempt to track down a bug that one person seems
7062		to be having (it may be a Solaris bug!).
7063	DSN NOTIFY parameters were not properly propagated across queue runs;
7064		this caused the NOTIFY info to sometimes be lost.  Problem
7065		pointed out by Claus Assmann of the
7066		Christian-Albrechts-University of Kiel.
7067	The statistics gathered in the sendmail.st file were too high; in
7068		some cases failures (e.g., user unknown or temporary failure)
7069		would count as a delivery as far as the statistics were
7070		concerned.  Problem noted by Tom Moore of AT&T GIS.
7071	Systems that don't have flock() would not send split envelopes in
7072		the initial run.  Problem pointed out by Leonard Zubkoff of
7073		Dandelion Digital.
7074	Move buffer overflow checking -- these primarily involve distrusting
7075		results that may come from NIS and DNS.
7076	4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't
7077		include <paths.h> and hence had the wrong pathnames for a few
7078		things like /var/tmp.  Reported by Matthew Green.
7079	Conditions were reversed for the Priority: header, resulting in all
7080		values being interpreted as non-urgent except for non-urgent,
7081		which was interpreted as normal.  Patch from Bryan Costales.
7082	The -o (optional) flag was being ignored on hash and btree maps
7083		since 8.7.2.  Fix from Bryan Costales.
7084	Content-Types listed in class "q" will always be encoded as
7085		Quoted-Printable (or more accurately, will never be encoded
7086		as base64).  The class can have primary types (e.g., "text")
7087		or full types (e.g., "text/plain").  Based on a suggestion by
7088		Marius Olafsson of the University of Iceland.
7089	Define ${envid} to be the original envelope id (from the ESMTP DSN
7090		dialogue) so it can be passed to programs in mailers.
7091	Define ${bodytype} to be the body type (from the -B flag or the
7092		BODY= ESMTP parameter) so it can be passed to programs in
7093		mailers.
7094	Cause the VRFY command to return 252 instead of 250 unless the F=q
7095		flag is set in the mailer descriptor.  Suggested by John
7096		Myers of CMU.
7097	Implement ESMTP ETRN command to flush the queue for a specific host.
7098		The command takes a host name; data for that host is
7099		immediately (and asynchronously) flushed.  Because this shares
7100		the -qR implementation, other hosts may be attempted, but
7101		there should be no security implications.  Implementation
7102		from John Beck of InReference, Inc.  See RFC 1985 for details.
7103	Add three new command line flags to pass in DSN parameters: -V envid
7104		(equivalent to ENVID=envid on the MAIL command), -R ret
7105		(equivalent to RET=ret on the MAIL command), and -Nnotify
7106		(equivalent to NOTIFY=notify on the RCPT command).  Note
7107		that the -N flag applies to all recipients; there is no way
7108		to specify per-address notifications on the command line,
7109		nor is there an equivalent for the ORCPT= per-address
7110		parameter.
7111	Restore LogLevel option to be safe (it can only be increased);
7112		apparently I went into paranoid mode between 8.6 and 8.7
7113		and made it unsafe.  Pointed out by Dabe Murphy of the
7114		University of Maryland.
7115	New logging on log level 15:  all SMTP traffic.  Patches from
7116		Andrew Gross of San Diego Supercomputer Center.
7117	NetInfo property value searching code wasn't stopping when it found
7118		a match.  This was causing the wrong values to be found (and
7119		had a memory leak).  Found by Bastian Schleuter of TU-Berlin.
7120	Add new F=0 (zero) mailer flag to turn off MX lookups.  It was pointed
7121		out by Bill Wisner of Electronics for Imaging that you can't
7122		use the bracket address form for the MAIL_HUB macro, since
7123		that causes the brackets to remain in the envelope recipient
7124		address used for delivery.  The simple fix (stripping off the
7125		brackets in the config file) breaks the use of IP literal
7126		addresses.  This flag will solve that problem.
7127	Add MustQuoteChars option.  This is a list of characters that must
7128		be quoted if they are found in the phrase part of an address
7129		(that is, the full name part).  The characters @,;:\()[] are
7130		always in this list and cannot be removed.  The default is
7131		this list plus . and ' to match RFC 822.
7132	Add AllowBogusHELO option; if set, sendmail will allow HELO commands
7133		that do not include a host name for back compatibility with
7134		some stupid SMTP clients.  Setting this violates RFC 1123
7135		section 5.2.5.
7136	Add MaxDaemonChildren option; if this is set, sendmail will start
7137		rejecting connections if it has more than this many
7138		outstanding children accepting mail.  Note that you may
7139		see more processes than this because of outgoing mail; this
7140		is for incoming connections only.
7141	Add ConnectionRateThrottle option.  If set to a positive value, the
7142		number of incoming SMTP connections that will be permitted
7143		in a single second is limited to this number.  Connections are
7144		not refused during this time, just deferred.  The intent is to
7145		flatten out demand so that load average limiting can kick in.
7146		It is less radical than MaxDaemonChildren, which will stop
7147		accepting connections even if all the connections are idle
7148		(e.g., due to connection caching).
7149	Add Timeout.hoststatus option.  This interval (defaulting to 30m)
7150		specifies how long cached information about the state of a
7151		host will be kept before they are considered stale and the
7152		host is retried.  If you are using persistent host status
7153		(i.e., the HostStatusDirectory option is set) this will apply
7154		between runs; otherwise, it applies only within a single queue
7155		run and hence is useful only for hosts that have large queues
7156		that take a very long time to run.
7157	Add SingleLineFromHeader option.  If set, From: headers are coerced
7158		into being a single line even if they had newlines in them
7159		when read.  This is to get around a botch in Lotus Notes.
7160	Text class maps were totally broken -- if you ever retrieved the last
7161		item in a table it would be truncated.  Problem noted by
7162		Gregory Neil Shapiro of WPI.
7163	Extend the lines printed by the mailq command (== the -bp flag) when
7164		-v is given to 120 characters; this allows more information
7165		to be displayed.  Suggested by Gregory Neil Shapiro of WPI.
7166	Allow macro definitions (`D' lines) with unquoted commas; previously
7167		this was treated as end-of-input.  Problem noted by Bryan
7168		Costales.
7169	The RET= envelope parameter (used for DSNs) wasn't properly written
7170		to the queue file.  Fix from John Hughes of Atlantic
7171		Technologies, Inc.
7172	Close /var/tmp/dead.letter after a successful write -- otherwise
7173		if this happens in a queue run it can cause nasty delays.
7174		Problem noted by Mark Horton of AT&T.
7175	If userdb entries pointed to userdb entries, and there were multiple
7176		values for a given key, the database cursor would get
7177		trashed by the recursive call.  Problem noted by Roy Mongiovi
7178		of Georgia Tech.  Fixed by reading all the values and creating
7179		a comma-separated list; thus, the -v output will be somewhat
7180		different for this case.
7181	Fix buffer allocation problem with Hesiod-based userdb maps when
7182		HES_GETMAILHOST is defined.  Based on a patch by Betty Lee
7183		of Stanford University.
7184	When envelopes were split due to aliases with owner- aliases, and
7185		there was some error on one of the lists, more than one of
7186		the owners would get the message.  Problem pointed out by
7187		Roy Mongiovi of Georgia Tech.
7188	Detect excessive recursion in macro expansions, e.g., $X defined
7189		in terms of $Y which is defined in terms of $X.  Problem
7190		noted by Bryan Costales; patch from Eric Wassenaar.
7191	When using F=U to get "ugly UUCP" From_ lines, a buffer could in
7192		some cases get trashed causing bogus From_ lines.  Fix from
7193		Kyle Jones of UUNET.
7194	When doing load average initialization, if the nlist call for avenrun
7195		failed, the second and subsequent lookups wouldn't notice
7196		that fact causing bogus load averages to be returned.  Noted
7197		by Casper Dik of Sun Holland.
7198	Fix problem with incompatibility with some versions of inet_aton that
7199		have changed the return value to unsigned, so a check for an
7200		error return of -1 doesn't work.  Use INADDR_NONE instead.
7201		This could cause mail to addresses such as [foo.com] to bounce
7202		or get dropped.  Problem noted by Christophe Wolfhugel of the
7203		Pasteur Institute.
7204	DSNs were inconsistent if a failure occurred during the DATA phase
7205		rather than the RCPT phase: the Action: would be correct, but
7206		the detailed status information would be wrong.  Problem noted
7207		by Bob Snyder of General Electric Company.
7208	Add -U command line flag and the XUSR ESMTP extension, both indicating
7209		that this is the initial MUA->MTA submission.  The flag current
7210		does nothing, but in future releases (when MUAs start using
7211		these flags) it will probably turn on things like DNS
7212		canonification.
7213	Default end-of-line string (E= specification on mailer [M] lines)
7214		to \r\n on SMTP mailers.  Default remains \n on non-SMTP
7215		mailers.
7216	Change the internal definition for the *file* and *include* mailers
7217		to have $u in the argument vectors so that they aren't
7218		misinterpreted as SMTP mailers and thus use \r\n line
7219		termination.  This will affect anyone who has redefined
7220		either of these in their configuration file.
7221	Don't assume that IDENT servers close the connection after a query;
7222		responses can be newline terminated.  From Terry Kennedy of
7223		St. Peter's College.
7224	Avoid core dumps on erroneous configuration files that have
7225		$#mailer with nothing following.  From Bryan Costales.
7226	Avoid null pointer dereference with high debug values in unlockqueue.
7227		Fix from Randy Martin of Clemson University.
7228	Fix possible buffer overrun when expanding very large macros.  Fix
7229		from Kyle Jones of UUNET.
7230	After 25 EXPN or VRFY commands, start pausing for a second before
7231		processing each one.  This avoids a certain form of denial
7232		of service attack.  Potential attack pointed out by Bryan
7233		Costales.
7234	Allow new named (not numbered!) config file rules to do validity
7235		checking on SMTP arguments: check_mail for MAIL commands and
7236		check_rcpt for RCPT commands.  These rulesets can do anything
7237		they want; their result is ignored unless they resolve to the
7238		$#error mailer, in which case the indicated message is printed
7239		and the command is rejected.  Similarly, the check_compat
7240		ruleset is called before delivery with "from_addr $| to_addr"
7241		(the $| is a meta-symbol used to separate the two addresses);
7242		it can give a "this sender can't send to this recipient"
7243		notification.  Note that this patch allows $| to stand alone
7244		in rulesets.
7245	Define new macros ${client_name}, ${client_addr}, and ${client_port}
7246		that have the name, IP address, and port number (respectively)
7247		of the SMTP client (that is, the entity at the other end of
7248		the connection.  These can be used in (e.g.) check_rcpt to
7249		verify that someone isn't trying to relay mail through your
7250		host inappropriately.  Be sure to use the deferred evaluation
7251		form, for example $&{client_name}, to avoid having these bound
7252		when sendmail reads the configuration file.
7253	Add new config file rule check_relay to check the incoming connection
7254		information.  Like check_compat, it is passed the host name
7255		and host address separated by $| and can reject connections
7256		on that basis.
7257	Allow IDA-style recursive function calls.  Code contributed by Mark
7258		Lovell and Paul Vixie.
7259	Eliminate the "No ! in UUCP From address!" message" -- instead, create
7260		a virtual UUCP address using either a domain address or the $k
7261		macro.  Based on code contributed by Mark Lovell and Paul
7262		Vixie.
7263	Add Stanford LDAP map.  Requires special libraries that are not
7264		included with sendmail.  Contributed by Booker C. Bense
7265		<bbense@networking.stanford.edu>; contact him for support.
7266		See also the src/READ_ME file.
7267	Allow -dANSI to turn on ANSI escape sequences in debug output; this
7268		puts metasymbols (e.g., $+) in reverse video.  Really useful
7269		only for debugging deep bits of code where it is important to
7270		distinguish between the single-character metasymbol $+ and the
7271		two characters $, +.
7272	Changed ruleset 89 (executed in dumpstate()) to a named ruleset,
7273		debug_dumpstate.
7274	Add new UnsafeGroupWrites option; if set, .forward and :include:
7275		files that are group writable are considered "unsafe" -- that
7276		is, programs and files referenced from such files are not
7277		valid recipients.
7278	Delete bogosity test for FallBackMX host; this prevented it to be a
7279		name that was not in DNS or was a domain-literal.  Problem
7280		noted by Tom May.
7281	Change the introduction to error messages to more clearly delineate
7282		permanent from temporary failures; if both existed in a
7283		single message it could be confusing.  Suggested by John
7284		Beck of InReference, Inc.
7285	The IngoreDot (i) option didn't work for lines that were terminated
7286		with CRLF.  Problem noted by Ted Stockwell of Secure
7287		Computing Corporation.
7288	Add a heuristic to improve the handling of unbalanced `<' signs in
7289		message headers.  Problem reported by Matt Dillon of Best
7290		Internet Communications.
7291	Check for bogus characters in the 0200-0237 range; since these are
7292		used internally, very strange errors can occur if those
7293		characters appear in headers.  Problem noted by Anders Gertz
7294		of Lysator.
7295	Implement 7 -> 8 bit MIME conversions.  This only takes place if the
7296		recipient mailer has the F=9 flag set, and only works on
7297		text/plain body types.  Code contributed by Marius Olafsson
7298		of the University of Iceland.
7299	Special case "postmaster" name so that it is always treated as lower
7300		case in alias files regardless of configuration settings;
7301		this prevents some potential problems where "Postmaster" or
7302		"POSTMASTER" might not match "postmaster".  In most cases
7303		this change is a no-op.
7304	The -o map flag was ignored for text maps.  Problem noted by Bryan
7305		Costales.
7306	The -a map flag was ignored for dequote maps.  Problem noted by
7307		Bryan Costales.
7308	Fix core dump when a lookup of a class "prog" map returns no
7309		response.  Patch from Bryan Costales.
7310	Log instances where sendmail is deferring or rejecting connections
7311		on LogLevel 14.  Suggested by Kyle Jones of UUNET.
7312	Include port number in process title for network daemons.  Suggested
7313		by Kyle Jones of UUNET.
7314	Send ``double bounces'' (errors that occur when sending an error
7315		message) to the address indicated in the DoubleBounceAddress
7316		option (default: postmaster).  Previously they were always
7317		sent to postmaster.  Suggested by Kyle Jones of UUNET.
7318	Add new mode, -bD, that acts like -bd in all respects except that
7319		it runs in foreground.  This is useful for using with a
7320		wrapper that "watches" system services.  Suggested by Kyle
7321		Jones of UUNET.
7322	Fix botch in spacing around (parenthesized) comments in addresses
7323		when the comment comes before the address.  Patch from
7324		Motonori Nakamura of Kyoto University.
7325	Use the prefix "Postmaster notify" on the Subject: lines of messages
7326		that are being bounced to postmaster, rather than "Returned
7327		mail".  This permits the person who is postmaster more
7328		easily determine what messages are to their role as
7329		postmaster versus bounces to mail they actually sent.  Based
7330		on a suggestion by Motonori Nakamura.
7331	Add new value "time" for QueueSortOrder option; this causes the queue
7332		to be sorted strictly by the time of submission.  Note that
7333		this can cause very bad behavior over slow lines (because
7334		large jobs will tend to delay small jobs) and on nodes with
7335		heavy traffic (because old things in the queue for hosts that
7336		are down delay processing of new jobs).  Also, this does not
7337		guarantee that jobs will be delivered in submission order
7338		unless you also set DeliveryMode=queue.  In general, it should
7339		probably only be used on the command line, and only in
7340		conjunction with -qRhost.domain.  In fact, there are very few
7341		cases where it should be used at all.  Based on an
7342		implementation by Motonori Nakamura.
7343	If a map lookup in ruleset 5 returns tempfail, queue the message in
7344		the same manner as other rulesets.  Previously a temporary
7345		failure in ruleset 5 was ignored.  Patch from Booker Bense
7346		of Stanford University.
7347	Don't proceed to the next MX host if an SMTP MAIL command returns a
7348		5yz (permanent failure) code.  The next MX host will still be
7349		tried if the connection cannot be opened in the first place
7350		or if the MAIL command returns a 4yz (temporary failure) code.
7351		(It's hard to know what to do here, since neither RFC 974 nor
7352		RFC 1123 specify when to proceed to the next MX host.)
7353		Suggested by Jonathan Kamens of OpenVision, Inc.
7354	Add new "-t" flag for map definitions (the "K" line in the .cf file).
7355		This causes map lookups that get a temporary failure (e.g.,
7356		name server failure) to _not_ defer the delivery of the
7357		message.  This should only be used if your configuration file
7358		is prepared to do something sensible in this case.  Based on
7359		an idea by Gregory Shapiro of WPI.
7360	Fix problem finding network interface addresses.  Patch from
7361		Motonori Nakamura.
7362	Don't reject qf entries that are not owned by your effective uid if
7363		you are not running set-user-ID; this makes management of
7364		certain kinds of firewall setups difficult.  Patch
7365		suggested by Eamonn Coleman of Qualcomm.
7366	Add persistent host status.  This keeps the information normally
7367		maintained within a single queue run in disk files that are
7368		shared between sendmail instances.  The HostStatusDirectory
7369		is the directory in which the information is maintained.  If
7370		not set, persistent host status is turned off.  If not a full
7371		pathname, it is relative to the queue directory.  A common
7372		value is ".hoststat".
7373		There are also two new operation modes:
7374		  * -bh prints the status of hosts that have had recent
7375		    connections.
7376		  * -bH purges the host statuses.  No attempt is made to save
7377		    recent status information.
7378		This feature was originally written by Paul Vixie of Vixie
7379		Enterprises for KJS and adapted for V8 by Mark Lovell of
7380		Bigrock Consulting.  Paul's funding of Mark and Mark's patience
7381		with my insistence that things fit cleanly into the V8
7382		framework is gratefully appreciated.
7383	New SingleThreadDelivery option (requires HostStatusDirectory to
7384		operate).  Avoids letting two sendmails on the local machine
7385		open connections to the same remote host at the same time.
7386		This reduces load on the other machine, but can cause mail to
7387		be delayed (for example, if one sendmail is delivering a huge
7388		message, other sendmails won't be able to send even small
7389		messages).  Also, it requires another file descriptor (for the
7390		lock file) per connection, so you may have to reduce
7391		ConnectionCacheSize to avoid running out of per-process
7392		file descriptors.  Based on the persistent host status code
7393		contributed by Paul Vixie and Mark Lovell.
7394	Allow sending to non-simple files (e.g., /dev/null) even if the
7395		SafeFileEnvironment option is set.  Problem noted by Bryan
7396		Costales.
7397	The -qR flag mistakenly matched flags in the "R" line of the queue
7398		file.  Problem noted by Bryan Costales.
7399	If a job was aborted using the interrupt signal (e.g., control-C from
7400		the keyboard), on some occasions an empty df file would be
7401		left around; these would collect in the queue directory.
7402		Problem noted by Bryan Costales.
7403	Change the makesendmail script to enhance the search for Makefiles
7404		based on release number.  For example, on SunOS 5.5.1, it will
7405		search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then
7406		Makefile.SunOS.5.x (in addition to the other rules, e.g.,
7407		adding $arch).  Problem noted by Jason Mastaler of Atlanta
7408		Webmasters.
7409	When creating maps using "newaliases", always map the keys to lower
7410		case when creating the map unless the -f flag is specified on
7411		the map itself.  Previously this was done based on the F=u
7412		flag in the local mailer, which meant you could create aliases
7413		that you could never access.  Problem noted by Bob Wu of DEC.
7414	When a job was read from the queue, the bits causing notification on
7415		failure or delay were always set.  This caused those
7416		notifications to be sent even if NOTIFY=NEVER had been
7417		specified.  Problem noted by Steve Hubert of the University
7418		of Washington, Seattle.
7419	Add new configurable routine validate_connection (in conf.c).  This
7420		lets you decide if you are willing to accept traffic from
7421		this host.  If it returns FALSE, all SMTP commands will return
7422		"550 Access denied".  -DTCPWRAPPERS will include support for
7423		TCP wrappers; you will need to add -lwrap to the link line.
7424		(See src/READ_ME for details.)
7425	Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster
7426		bounces.  Some people seemed to think that this could be
7427		confusing (even though it is true).  Suggested by Motonori
7428		Nakamura.
7429	Add new RunAsUser option; this causes sendmail to do a setuid to that
7430		user early in processing to avoid potential security problems.
7431		However, this means that all .forward and :include: files must
7432		be readable by that user, and all files to be written must be
7433		writable by that user and all programs will be executed by that
7434		user.  It is also incompatible with the SafeFileEnvironment
7435		option.  In other words, it may not actually add much to
7436		security.  However, it should be useful on firewalls and other
7437		places where users don't have accounts and the aliases file is
7438		well constrained.
7439	Add Timeout.iconnect.  This is like Timeout.connect except it is used
7440		only on the first attempt to delivery to an address.  It could
7441		be set to be lower than Timeout.connect on the principle that
7442		the mail should go through quickly to responsive hosts; less
7443		responsive hosts get to wait for the next queue run.
7444	Fix a problem on Solaris that occasionally causes programs
7445		(such as vacation) to hang with their standard input connected
7446		to a UDP port.  It also created some signal handling problems.
7447		The problems turned out to be an interaction between vfork(2)
7448		and some of the libraries, particularly NIS/NIS+.  I am
7449		indebted to Tor Egge <tegge@idt.ntnu.no> for this fix.
7450	Change user class map to do the same matching that actual delivery
7451		will do instead of just a /etc/passwd lookup.  This adds
7452		fuzzy matching to the user map.  Patch from Dan Oscarsson.
7453	The Timeout.* options are not safe -- they can be used to create a
7454		denial-of-service attack.  Problem noted by Christophe
7455		Wolfhugel.
7456	Don't send PostmasterCopy messages in the event of a "delayed"
7457		notification.  Suggested by Barry Bouwsma.
7458	Don't advertise "VERB" ESMTP extension if the "noexpn" privacy
7459		option is set, since this disables VERB mode.  Suggested
7460		by John Hawkinson of MIT.
7461	Complain if the QueueDirectory (Q) option is not set.  Problem noted
7462		by Motonori Nakamura of Kyoto University.
7463	Only queue messages on transient .forward open failures if there
7464		were no successful opens.  The previous behavior caused it
7465		to queue even if a "fall back" .forward was found.  Problem
7466		noted by Ann-Kian Yeo of the Dept. of Information Systems
7467		and Computer Science (DISCS), NUS, Singapore.
7468	Don't do 8->7 bit conversions when bouncing a MIME message that
7469		is bouncing because of a MIME error during 8->7 bit conversion;
7470		the encapsulated message will bounce again, causing a loop.
7471		Problem noted by Steve Hubert of the University of Washington.
7472	Create xf (transcript) files using the TempFileMode option value
7473		instead of 0644.  Suggested by Ann-Kian Yeo of the
7474		National University of Singapore.
7475	Print errors if setgid/setuid/etc. fail during delivery.  This helps
7476		detect cases where DefaultUid is set to something that the
7477		system can't cope with.
7478	PORTABILITY FIXES:
7479		Support for AIX/RS 2.2.1 from Mark Whetzel of Western
7480			Atlas International.
7481		Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell
7482			<bicknell@ufp.org>.
7483		On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only
7484			work on the first recipient of a message due to a
7485			bug in the getpwent family.  If this is something you
7486			use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a
7487			workaround.  From Maximum Entropy of Sanford C.
7488			Bernstein and Associates.
7489		FreeBSD 1.1.5.1 uname -r returns a string containing
7490			parentheses, which breaks makesendmail.  Reported
7491			by Piero Serini <piero@strider.ibenet.it>.
7492		Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of
7493			Systems and Computer Technology Corporation.
7494		Solaris 2.x: omit the UUCP grade parameter (-g flag) because
7495			it is system-dependent.  Problem noted by J.J. Bailey
7496			of Bailey Computer Consulting.
7497		Pyramid NILE running DC/OSx support from Earle F. Ake of
7498			Hassler Communication Systems Technology, Inc.
7499		HP-UX 10.x compile glitches, reported by Anne Brink of the
7500			U.S. Army and James Byrne of Harte & Lyne Limited.
7501		NetBSD from Matthew Green of the NetBSD crew.
7502		SCO 5.x from Keith Reynolds of SCO.
7503		IRIX 6.2 from Robert Tarrall of the University of
7504			Colorado and Kari Hurtta of the Finnish Meteorological
7505			Institute.
7506		UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R.
7507			Lopez, CICA (Seville).
7508		NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR.
7509		PTX 3.2.0 from Kenneth Stailey of the US Department of Labor
7510			Employment Standards Administration.
7511		Altos System V (5.3.1) from Tim Rice of Multitalents.
7512		Concurrent Systems Corporation Maxion from Donald R. Laster
7513			Jr.
7514		NetInfo maps (improved debugging and multi-valued aliases)
7515			from Adrian Steinmann of Steinmann Consulting.
7516		ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler)
7517			from Eric Schnoebelen of Convex.
7518		Linux 2.0 mail.local patches from Horst von Brand.
7519		NEXTSTEP 3.x compilation from Robert La Ferla.
7520		NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT.
7521		Solaris 2.5 configuration fixes for mail.local by Jim Davis
7522			of the University of Arizona.
7523		Solaris 2.5 has a working setreuid.  Noted by David Linn of
7524			Vanderbilt University.
7525		Solaris changes for praliases, makemap, mailstats, and smrsh.
7526			Previously you had to add -DSOLARIS in Makefile.dist;
7527			this auto-detects.  Based on a patch from Randall
7528			Winchester of the University of Maryland.
7529	CONFIG: add generic-nextstep3.3.mc file.  Contributed by
7530		Robert La Ferla of Hot Software.
7531	CONFIG: allow mailertables to resolve to ``error:code message''
7532		(where "code" is an exit status) on domains (previously
7533		worked only on hosts).  Patch from Cor Bosman of Xs4all
7534		Foundation.
7535	CONFIG: hooks for IPv6-style domain literals.
7536	CONFIG: predefine ALIAS_FILE and change the prototype file so that
7537		if it is undefined the AliasFile option is never set; this
7538		should be transparent for most everyone.  Suggested by John
7539		Myers of CMU.
7540	CONFIG: add FEATURE(limited_masquerade).  Without this feature, any
7541		domain listed in $=w is masqueraded.  With it, only those
7542		domains listed in a MASQUERADE_DOMAIN macro are masqueraded.
7543	CONFIG: add FEATURE(masquerade_entire_domain).  This causes
7544		masquerading specified by MASQUERADE_DOMAIN to apply to all
7545		hosts under those domains as well as the domain headers
7546		themselves.  For example, if a configuration had
7547		MASQUERADE_DOMAIN(foo.com), then without this feature only
7548		foo.com would be masqueraded; with it, *.foo.com would be
7549		masqueraded as well.  Based on an implementation by Richard
7550		(Pug) Bainter of U. Texas.
7551	CONFIG: add FEATURE(genericstable) to do a more general rewriting of
7552		outgoing addresses.  Defaults to ``hash -o /etc/genericstable''.
7553		Keys are user names; values are outgoing mail addresses.  Yes,
7554		this does overlap with the user database, and figuring out
7555		just when to use which one may be tricky.  Based on code
7556		contributed by Richard (Pug) Bainter of U. Texas with updates
7557		from Per Hedeland of Ericsson.
7558	CONFIG: add FEATURE(virtusertable) to do generalized rewriting of
7559		incoming addresses.  Defaults to ``hash -o /etc/virtusertable''.
7560		Keys are either fully qualified addresses or just the host
7561		part (with the @ sign).  For example, a table containing:
7562			info@foo.com	foo-info
7563			info@bar.com	bar-info
7564			@baz.org	jane@elsewhere.net
7565		would send all mail destined for info@foo.com to foo-info
7566		(which is presumably an alias), mail addressed to info@bar.com
7567		to bar-info, and anything addressed to anyone at baz.org will
7568		be sent to jane@elsewhere.net.  The names foo.com, bar.com,
7569		and baz.org must all be in $=w.  Based on discussions with
7570		a great many people.
7571	CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS.
7572		Suggested by Richard Bainter.
7573	CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the
7574		"fax" mailer.
7575	CONFIG: allow mailertable entries to resolve to local:user; this
7576		passes the original user@host in to procmail-style local
7577		mailers as the "detail" information to allow them to do
7578		additional clever processing.  From Joe Pruett of
7579		Teleport Corporation.  Delivery to the original user can
7580		be done by specifying "local:" (with nothing after the colon).
7581	CONFIG: allow any context that takes "mailer:domain" to also take
7582		"mailer:user@domain" to force mailing to the given user;
7583		"local:user" can also be used to do local delivery.  This
7584		applies on *_RELAY and in the mailertable entries.  Based
7585		on a suggestion by Ribert Kiessling of Easynet.
7586	CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that
7587		limits the possible domains; this reduces the number of DNS
7588		lookups required to support this feature.  For example,
7589		FEATURE(bestmx_is_local, my.site.com) limits the lookups
7590		to domains under my.site.com.  Code contributed by Anthony
7591		Thyssen <anthony@cit.gu.edu.au>.
7592	CONFIG: LOCAL_RULESETS introduces any locally defined rulesets,
7593		such as the check_rcpt ruleset.  Suggested by Gregory Shapiro
7594		of WPI.
7595	CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the
7596		event you have to define local mailers.  Suggested by
7597		Gregory Shapiro of WPI.
7598	CONFIG: fix cases where a three- (or more-) stage route-addr could
7599		be misinterpreted as a list:...; syntax.  Based on a patch by
7600		Vlado Potisk <Vlado_Potisk@tempest.sk>.
7601	CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is
7602		remotely connected.  The address host!user was being
7603		converted to host!user@thishost instead of host!user@uurelay.
7604		Problem noted by William Gianopoulos of Raytheon Company.
7605	CONFIG: add confTO_ICONNECT to set Timeout.iconnect.
7606	CONFIG: change FEATURE(redirect) message from "User not local" to
7607		"User has moved"; the former wording was confusing if the
7608		new address is still on the local host.  Based on a suggestion
7609		by Andreas Luik.
7610	CONFIG: add support in FEATURE(nullclient) for $=E (exposed users).
7611		However, the class is not pre-initialized to contain root.
7612		Suggested by Gregory Neil Shapiro.
7613	CONTRIB: Remove XLA code at the request of the author, Christophe
7614		Wolfhugel.
7615	CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm.
7616	MAIL.LOCAL: make it possible to compile mail.local on Solaris.  Note
7617		well: this produces a slightly different mailbox format (no
7618		Content-Length: headers), file ownerships and modes are
7619		different (not owned by group mail; mode 600 instead of 660),
7620		and the local mailer flags will have to be tweaked (make them
7621		match bsd4.4) in order to use this mailer.  Patches from Paul
7622		Hammann of the Missouri Research and Education Network.
7623	MAIL.LOCAL: in some cases it could return EX_OK even though there
7624		was a delivery error, such as if the ownership on the file
7625		was wrong or the mode changed between the initial stat and
7626		the open.  Problem reported by William Colburn of the New
7627		Mexico Institute of Mining and Technology.
7628	MAILSTATS: handle zero length files more reliably.  Patch from Bryan
7629		Costales.
7630	MAILSTATS: add man page contributed by Keith Bostic of BSDI.
7631	MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't
7632		honored.  Fix from Michael Scott Shappe.
7633	PRALIASES: add man page contributed by Keith Bostic of BSDI.
7634	NEW FILES:
7635		src/Makefiles/Makefile.AIX.2
7636		src/Makefiles/Makefile.IRIX.6.2
7637		src/Makefiles/Makefile.maxion
7638		src/Makefiles/Makefile.NCR.MP-RAS.3.x
7639		src/Makefiles/Makefile.SCO.5.x
7640		src/Makefiles/Makefile.UXPDSV20
7641		mailstats/mailstats.8
7642		praliases/praliases.8
7643		cf/cf/generic-nextstep3.3.mc
7644		cf/feature/genericstable.m4
7645		cf/feature/limited_masquerade.m4
7646		cf/feature/masquerade_entire_domain.m4
7647		cf/feature/virtusertable.m4
7648		cf/ostype/aix2.m4
7649		cf/ostype/altos.m4
7650		cf/ostype/maxion.m4
7651		cf/ostype/solaris2.ml.m4
7652		cf/ostype/uxpds.m4
7653		contrib/re-mqueue.pl
7654	DELETED FILES:
7655		src/Makefiles/Makefile.Solaris
7656		contrib/xla/README
7657		contrib/xla/xla.c
7658	RENAMED FILES:
7659		src/Makefiles/Makefile.NCR3000 =>	Makefile.NCR.MP-RAS.2.x
7660		src/Makefiles/Makefile.SCO.3.2v4.2 =>	Makefile.SCO.4.2
7661		src/Makefiles/Makefile.UXPDS =>		Makefile.UXPDSV10
7662		src/Makefiles/Makefile.NeXT =>		Makefile.NeXT.2.x
7663		src/Makefiles/Makefile.NEXTSTEP =>	Makefile.NeXT.3.x
7664
76658.7.6/8.7.3	1996/09/17
7666	SECURITY: It is possible to force getpwuid to fail when writing the
7667		queue file, causing sendmail to fall back to running programs
7668		as the default user.  This is not exploitable from off-site.
7669		Workarounds include using a unique user for the DefaultUser
7670		(old u & g options) and using smrsh as the local shell.
7671	SECURITY: fix some buffer overruns; in at least one case this allows
7672		a local user to get root.  This is not known to be exploitable
7673		from off-site.  The workaround is to disable chfn(1) commands.
7674
76758.7.5/8.7.3	1996/03/04
7676	Fix glitch in 8.7.4 when putting certain internal lines; this can
7677		in some case cause connections to hang or messages to have
7678		extra spaces in odd places.  Patch from Eric Wassenaar;
7679		reports from Eric Hall of Chiron Corporation, Stephen
7680		Hansen of Stanford University, Dean Gaudet of HotWired,
7681		and others.
7682
76838.7.4/8.7.3	1996/02/18
7684	SECURITY: In some cases it was still possible for an attacker to
7685		insert newlines into a queue file, thus allowing access to
7686		any user (except root).
7687	CONFIG: no changes -- it is not a bug that the configuration
7688		version number is unchanged.
7689
76908.7.3/8.7.3	1995/12/03
7691	Fix botch in name server timeout in RCPT code; this problem caused
7692		two responses in SMTP, which breaks things horribly.  Fix
7693		from Gregory Neil Shapiro of WPI.
7694	Verify that L= value on M lines cannot be negative, which could cause
7695		negative array subscripting.  Not a security problem since
7696		this has to be in the config file, but it could have caused
7697		core dumps.  Pointed out by Bryan Costales.
7698	Fix -d21 debug output for long macro names.  Pointed out by Bryan
7699		Costales.
7700	PORTABILITY FIXES:
7701		SCO doesn't have ftruncate.  From Bill Aten of Computerizers.
7702		IBM's version of arpa/nameser.h defaults to the wrong byte
7703			order.  Tweak it to work properly.  Based on fixes
7704			from Fletcher Mattox of UTexas and Betty Lee of
7705			Stanford University.
7706	CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option.
7707		Deficiency pointed out by Bryan Costales of ICSI.
7708
77098.7.2/8.7.2	1995/11/19
7710	REALLY fix the backslash escapes in SmtpGreetingMessage,
7711		OperatorChars, and UnixFromLine options.  They were not
7712		properly repaired in 8.7.1.
7713	Completely delete the Bcc: header if and only if there are other
7714		valid recipient headers (To:, Cc: or Apparently-To:, the
7715		last being a historic botch, of course).  If Bcc: is the
7716		only recipient header in the message, its value is tossed,
7717		but the header name is kept.  The old behavior (always keep
7718		the header name and toss the value) allowed primary recipients
7719		to see that a Bcc: went to _someone_.
7720	Include queue id on ``Authentication-Warning: <host>: <user> set
7721		sender to <address> using -f'' syslog messages.  Suggested
7722		by Kari Hurtta.
7723	If a sequence or switch map lookup entry gets a tempfail but then
7724		continues on to another map type, but the name is not found,
7725		return a temporary failure from the sequence or switch map.
7726		For example, if hosts search ``dns files'' and DNS fails
7727		with a tempfail, the hosts map will go on and search files,
7728		but if it fails the whole thing should be a tempfail, not
7729		a permanent (host unknown) failure, even though that is the
7730		failure in the hosts.files map.  This error caused hard
7731		bounces when it should have requeued.
7732	Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo
7733		owned by bar mode 700 and inbox being set-user-ID bar stopped
7734		working properly due to excessive paranoia.  Pointed out by
7735		John Hawkinson of Panix.
7736	An SMTP RCPT command referencing a host that gave a nameserver
7737		timeout would return a 451 command (8.6 accepted it and
7738		queued it locally).  Revert to the 8.6 behavior in order
7739		to simplify queue management for clustered systems.  Suggested
7740		by Gregory Neil Shapiro of WPI.  The same problem could break
7741		MH, which assumes that the SMTP session will succeed (tsk, tsk
7742		-- mail gets lost!); this was pointed out by Stuart Pook of
7743		Infobiogen.
7744	Fix possible buffer overflow in munchstring().  This was not a security
7745		problem because you couldn't specify any argument to this
7746		without first giving up root privileges, but it is still a
7747		good idea to avoid future problems.  Problem noted by John
7748		Hawkinson and Sam Hartman of MIT.
7749	``452 Out of disk space for temp file'' messages weren't being
7750		printed.  Fix from David Perlin of Nanosoft.
7751	Don't advertise the ESMTP DSN extension if the SendMimeErrors option
7752		is not set, since this is required to get the actual DSNs
7753		created.  Problem pointed out by John Gardiner Myers of CMU.
7754	Log permission problems that cause .forward and :include: files to
7755		be untrusted or ignored on log level 12 and higher.  Suggested
7756		by Randy Martin of Clemson University.
7757	Allow user ids in U= clauses of M lines to have hyphens and
7758		underscores.
7759	Fix overcounting of recipients -- only happened when sending to an
7760		alias.  Pointed out by Mark Andrews of SGI and Jack Woolley
7761		of Systems and Computer Technology Corporation.
7762	If a message is sent to an address that fails, the error message that
7763		is returned could show some extraneous "success" information
7764		included even if the user did not request success notification,
7765		which was confusing.  Pointed out by Allan Johannesen of WPI.
7766	Config files that had no AliasFile definition were defaulting to
7767		using /etc/aliases; this caused problems with nullclient
7768		configurations.  Change it back to the 8.6 semantics of
7769		having no local alias file unless it is declared.  Problem
7770		noted by Charles Karney of Princeton University.
7771	Fix compile problem if NOTUNIX is defined.  Pointed out by Bryan
7772		Costales of ICSI.
7773	Map lookups of class "userdb" maps were always case sensitive; they
7774		should be controlled by the -f flag like other maps.  Pointed
7775		out by Bjart Kvarme <bjart.kvarme@usit.uio.no>.
7776	Fix problem that caused some addresses to be passed through ruleset 5
7777		even when they were tagged as "sticky" by prefixing the
7778		address with an "@".  Patch from Thomas Dwyer III of Michigan
7779		Technological University.
7780	When converting a message to Quoted-Printable, prevent any lines with
7781		dots alone on a line by themselves.  This is because of the
7782		preponderance of broken mailers that still get this wrong.
7783		Code contributed by Per Hedeland of Ericsson.
7784	Fix F{macro}/file construct -- it previously did nothing.  Pointed
7785		out by Bjart Kvarme of USIT/UiO (Norway).
7786	Announce whether a cached connection is SMTP or ESMTP (in -v mode).
7787		Requested by Allan Johannesen.
7788	Delete check for text format of alias files -- it should be legal
7789		to have the database format of the alias files without the
7790		text version.  Problem pointed out by Joe Rhett of Navigist,
7791		Inc.
7792	If "Ot" was specified with no value, the TZ variable was not properly
7793		imported from the environment.  Pointed out by Frank Crawford
7794		<frank@ansto.gov.au>.
7795	Some architectures core dumped on "program" maps that didn't have
7796		extra arguments.  Patch from Booker C. Bense of Stanford
7797		University.
7798	Queue run processes would re-spawn daemons when given a SIGHUP; only
7799		the parent should do this.  Fix from Brian Coan of the
7800		Association for Progressive Communications.
7801	If MinQueueAge was set and a message was considered but not run
7802		during a queue run and the Timeout.queuereturn interval was
7803		reached, a "timed out" error message would be returned that
7804		didn't include the failed address (and claimed to be a warning
7805		even though it was fatal).  The fix is to not return such
7806		messages until they are actually tried, i.e., in the next
7807		MinQueueAge interval.  Problem noted by Rein Tollevik of
7808		SINTEF RUNIT, Oslo.
7809	Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions
7810		that have the hes_getmailhost() routine.  DEC Hesiod
7811		distributions do not have this routine.  Based on a patch
7812		from Betty Lee of Stanford University.
7813	Extensive cleanups to map open code to handle a locking race condition
7814		in ndbm, hash, and btree format database files on some (most
7815		non-4.4-BSD based) OS architectures.  This should solve the
7816		occasional "user unknown" problem during alias rebuilds that
7817		has plagued me for quite some time.  Based on a patch from
7818		Thomas Dwyer III of Michigan Technological University.
7819	PORTABILITY FIXES:
7820		Solaris: Change location of newaliases and mailq from
7821			/usr/ucb to /usr/bin to match Sun settings.  From
7822			James B. Davis of TCI.
7823		DomainOS: Makefile.DomainOS doesn't require -ldbm.  From
7824			Don Lewis of Silicon Systems.
7825		HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x
7826			so that the makesendmail script will find it.  Pointed
7827			out by Richard Allen of the University of Iceland.
7828			Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which
7829			isn't supported on all compilers.
7830		UXPDS: compilation fixes from Diego R. Lopez.
7831	CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless
7832		you also had a FAX_RELAY.  From Thomas.Tornblom@Hax.SE.
7833	CONFIG: Minor glitch in S21 -- attachment of local domain name
7834		didn't have trailing dot.  From Jim Hickstein of Teradyne.
7835	CONFIG: Fix best_mx_is_local feature to allow nested addresses such as
7836		user%host@thishost.  From Claude Scarpelli of Infobiogen
7837		(France).
7838	CONFIG: OSTYPE(hpux10) failed to define the location of the help file.
7839		Pointed out by Hannu Martikka of Nokia Telecommunications.
7840	CONFIG: Diagnose some inappropriate ordering in configuration files,
7841		such as FEATURE(smrsh) listed after MAILER(local).  Based on
7842		a bug report submitted by Paul Hoffman of Proper Publishing.
7843	CONFIG: Make OSTYPE files consistently not override settings that
7844		have already been set.  Previously it worked differently
7845		for different files.
7846	CONFIG: Change relay mailer to do masquerading like 8.6 did.  My take
7847		is that this is wrong, but the change was causing problems
7848		for some people.  From Per Hedeland of Ericsson.
7849	CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>;
7850		portability changes for Posix environments (no functional
7851		changes).
7852
78538.7.1/8.7.1	1995/10/01
7854	Old macros that have become options (SmtpGreetingMessage,
7855		OperatorChars, and UnixFromLine) didn't allow backslash
7856		escapes in the options, where they previously had.  Bug
7857		pointed out by John Hawkinson of MIT.
7858	Fix strange case of an executable called by a program map that
7859		returns a value but also a non-zero exit status; this
7860		would give contradictory results in the higher level; in
7861		particular, the default clause in the map lookup would be
7862		ignored.  Change to ignore the value if the program returns
7863		non-zero exit status.  From Tom Moore of AT&T GIS.
7864	Shorten parameters passed to syslog() in some contexts to avoid a
7865		bug in many vendors' implementations of that routine.  Although
7866		this isn't really a bug in sendmail per se, and my solution
7867		has to assume that syslog() has at least a 1K buffer size
7868		internally (I know some vendors have shortened this
7869		dramatically -- they're on their own), sendmail is a popular
7870		target.  Also, limit the size of %s arguments in sprintf.
7871		These both have possible security implications.  Solutions
7872		suggested by Casper Dik of Sun's Network Security Group
7873		(Holland), Mark Seiden, and others.
7874	Fix a problem that might cause a non-standard -B (body type)
7875		parameter to be passed to the next server with undefined
7876		results.  This could have security implications.
7877	If a filesystem was at > 100% utilization, the freediskspace()
7878		routine incorrectly returned an error rather than zero.
7879		Problem noted by G. Paul Ziemba of Alantec.
7880	Change MX sort order so that local hostnames (those in $=w) always
7881		sort first within a given preference.  This forces the bestmx
7882		map to always return the local host first, if it is included
7883		in the list of highest priority MX records.  From K. Robert
7884		Elz.
7885	Avoid some possible null pointer dereferences.  Fixes from Randy
7886		Martin <WOLF@CLEMSON.EDU>
7887	When sendmail starts up on systems that have no fully qualified
7888		domain name (FQDN) anywhere in the first matching host map
7889		(e.g., /etc/hosts if the hosts service searches "files dns"),
7890		sendmail would sleep to try to find a FQDN, which it really
7891		really needs.  This has been changed to fall through to the
7892		next map type if it can't find a FQDN -- i.e., if the hosts
7893		file doesn't have a FQDN, it will try dns even though the
7894		short name was found in /etc/hosts.  This is probably a crock,
7895		but many people have hosts files without FQDNs.  Remember:
7896		domain names are your friends.
7897	Log a high-priority message if you can't find your FQDN during startup.
7898		Suggested by Simon Barnes of Schlumberger Limited.
7899	When using Hesiod, initialize it early to improve error reporting.
7900		Patch from Don Lewis of Silicon Systems, Inc.
7901	Apparently at least some versions of Linux have a 90 !minute! TCP
7902		connection timeout in the kernel.  Add a new "connect" timeout
7903		to limit this time.  Defaults to zero (use whatever the
7904		kernel provides).  Based on code contributed by J.R. Oldroyd
7905		of TerraNet.
7906	Under some circumstances, a failed message would not be properly
7907		removed from the queue, causing tons of bogus error messages.
7908		(This fix eliminates the problematic EF_KEEPQUEUE flag.)
7909		Problem noted by Allan E Johannesen and Gregory Neil Shapiro
7910		of WPI.
7911	PORTABILITY FIXES:
7912		On IRIX 5.x, there was an inconsistency in the setting
7913			of sendmail.st location.  Change the Makefile to
7914			install it in /var/sendmail.st to match the OSTYPE
7915			file and SGI standards.  From Andre
7916			<andre@curry.zfe.siemens.de>.
7917		Support for Fujitsu/ICL UXP/DS (For the DS/90 Series)
7918			from Diego R. Lopez <drlopez@cica.es>.
7919		Linux compilation patches from J.R. Oldroyd of TerraNet, Inc.
7920		LUNA 2 Mach patches from Motonori Nakamura.
7921		SunOS Makefile was including -ldbm, which is for the old
7922			dbm library.  The ndbm library is part of libc.
7923	CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with
7924		``local configuration error'' in nullclient configuration.
7925		Patch from Gregory Neil Shapiro of WPI.
7926	CONFIG: don't allow an alias file in nullclient configurations --
7927		since all addresses are relayed, they give errors during
7928		rebuild.  Suggested by Per Hedeland of Ericsson.
7929	CONFIG: local mailer on Solaris 2 should always get a -f flag because
7930		otherwise the F=S causes the From_ line to imply that root is
7931		the sender.  Problem pointed out by Claude Scarpelli of
7932		Infobiogen (France).
7933	NEW FILES:
7934		cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake)
7935		src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake)
7936		src/Makefiles/Makefile.UXPDS
7937
79388.7/8.7		1995/09/16
7939	Fix a problem that could cause sendmail to run out of file
7940		descriptors due to a trashed data structure after a
7941		vfork.  Fix from Brian Coan of the Institute for
7942		Global Communications.
7943	Change the VRFY response if you have disabled VRFY -- some
7944		people seemed to think that it was too rude.
7945	Avoid reference to uninitialized file descriptor if HASFLOCK
7946		was not defined.  This was used "safely" in the sense
7947		that it only did a stat, but it would have set the
7948		map modification time improperly.  Problem pointed out
7949		by Roy Mongiovi of Georgia Tech.
7950	Clean up the Subject: line on warning messages and return
7951		receipts so that they don't say "Returned mail:"; this
7952		can be confusing.
7953	Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is
7954		useful enough to make it worthwhile printing on "-d".
7955	Avoid logging alias statistics every time you read the alias
7956		file on systems with no database method compiled in.
7957	If you have a name with a trailing dot, and you try looking it
7958		up using gethostbyname without the dot (for /etc/hosts
7959		compatibility), be sure to turn off RES_DEFNAMES and
7960		RES_DNSRCH to avoid finding the wrong name accidentally.
7961		Problem noted by Charles Amos of the University of
7962		Maryland.
7963	Don't do timeouts in collect if you are not running SMTP.
7964		There is nothing that says you can't have a long
7965		running program piped into sendmail (possibly via
7966		/bin/mail, which just execs sendmail).  Problem reported
7967		by Don "Truck" Lewis of Silicon Systems.
7968	Try gethostbyname() even if the DNS lookup fails iff option I
7969		is not set.  This allows you to have hosts listed in
7970		NIS or /etc/hosts that are not known to DNS.  It's normally
7971		a bad idea, but can be useful on firewall machines.  This
7972		should really be broken out on a separate flag, I suppose.
7973	Avoid compile warnings against BIND 4.9.3, which uses function
7974		prototypes.  From Don Lewis of Silicon Systems.
7975	Avoid possible incorrect diagnosis of DNS-related errors caused
7976		by things like attempts to resolve uucp names using
7977		$[ ... $] -- the fix is to clear h_errno at appropriate
7978		times.  From Kyle Jones of UUNET.
7979	SECURITY: avoid denial-of-service attacks possible by destroying
7980		the alias database file by setting resource limits low.
7981		This involves adding two new compile-time options:
7982		HASSETRLIMIT (indicating that setrlimit(2) support is
7983		available) and HASULIMIT (indicating that ulimit(2) support
7984		is available -- the Release 3 form is used).  The former
7985		is assumed on BSD-based systems, the latter on System
7986		V-based systems.  Attack noted by Phil Brandenberger of
7987		Swarthmore University.
7988	New syntaxes in test (-bt) mode:
7989		``.Dmvalue'' will define macro "m" to "value".
7990		``.Ccvalue'' will add "value" to class "c".
7991		``=Sruleset'' will dump the contents of the indicated
7992			ruleset.
7993		``=M'' will display the known mailers.
7994		``-ddebug-spec'' is equivalent to the command-line
7995			-d debug flag.
7996		``$m'' will print the value of macro $m.
7997		``$=c'' will print the contents of class $=c.
7998		``/mx host'' returns the MX records for ``host''.
7999		``/parse address'' will parse address, returning the value of
8000			crackaddr (essentially, the comment information)
8001			and the parsed address.
8002		``/try mailer address'' will rewrite address into the form
8003			it will have when presented to the indicated mailer.
8004		``/tryflags flags'' will set flags used by parsing.  The
8005			flags can be `H' for header or `E' for envelope,
8006			and `S' for sender or `R' for recipient.  These
8007			can be combined, so `HR' sets flags for header
8008			recipients.
8009		``/canon hostname'' will try to canonify hostname and
8010			return the result.
8011		``/map mapname key'' will look up `key' in the indicated
8012			`mapname' and return the result.
8013	Somewhat better handling of UNIX-domain socket addresses -- it
8014		should show the pathname rather than hex bytes.
8015	Restore ``-ba'' mode -- this reads a file from stdin and parses
8016		the header for envelope sender information and uses
8017		CR-LF as message terminators.  It was thought to be
8018		obsolete (used only for Arpanet NCP protocols), but it
8019		turns out that the UK ``Grey Book'' protocols require
8020		that functionality.
8021	Fix a fix in previous release -- if gethostname and gethostbyname
8022		return a name without dots, and if an attempt to canonify
8023		that name fails, wait one minute and try again.  This can
8024		result in an extra 60 second delay on startup if your system
8025		hostname (as returned by hostname(1)) has no dot and no names
8026		listed in /etc/hosts or your NIS map have a dot.
8027	Check for proper domain name on HELO and EHLO commands per
8028		RFC 1123 section 5.2.5.  Problem noted by Thomas Dwyer III
8029		of Michigan Technological University.
8030	Relax chownsafe rules slightly -- old version said that if you
8031		can't tell if _POSIX_CHOWN_RESTRICTED is set (that is,
8032		if fpathconf returned EINVAL or ENOSYS), assume that
8033		chown is not safe.  The new version falls back to whether
8034		you are on a BSD system or not.  This is important for
8035		SunOS, which apparently always returns one of those
8036		error codes.  This impacts whether you can mail to files
8037		or not.
8038	Syntax errors such as unbalanced parentheses in the configuration
8039		file could be omitted if you had "Oem" prior to the
8040		syntax error in the config file.  Change to always print
8041		the error message.  It was especially weird because it
8042		would cause a "warning" message to be sent to the Postmaster
8043		for every message sent (but with no transcript).  Problem
8044		noted by Gregory Paris of Motorola.
8045	Rewrite collect and putbody to handle full 8-bit data, including
8046		zero bytes.  These changes are internally extensive, but
8047		should have minimal impact on external function.
8048	Allow full words for option names -- if the option letter is
8049		(apparently) a space, then take the word following -- e.g.,
8050			O MatchGECOS=TRUE
8051		The full list of old and new names is as follows:
8052			7	SevenBitInput
8053			8	EightBitMode
8054			A	AliasFile
8055			a	AliasWait
8056			B	BlankSub
8057			b	MinFreeBlocks/MaxMessageSize
8058			C	CheckpointInterval
8059			c	HoldExpensive
8060			D	AutoRebuildAliases
8061			d	DeliveryMode
8062			E	ErrorHeader
8063			e	ErrorMode
8064			f	SaveFromLine
8065			F	TempFileMode
8066			G	MatchGECOS
8067			H	HelpFile
8068			h	MaxHopCount
8069			i	IgnoreDots
8070			I	ResolverOptions
8071			J	ForwardPath
8072			j	SendMimeErrors
8073			k	ConnectionCacheSize
8074			K	ConnectionCacheTimeout
8075			L	LogLevel
8076			l	UseErrorsTo
8077			m	MeToo
8078			n	CheckAliases
8079			O	DaemonPortOptions
8080			o	OldStyleHeaders
8081			P	PostmasterCopy
8082			p	PrivacyOptions
8083			Q	QueueDirectory
8084			q	QueueFactor
8085			R	DontPruneRoutes
8086			r, T	Timeout
8087			S	StatusFile
8088			s	SuperSafe
8089			t	TimeZoneSpec
8090			u	DefaultUser
8091			U	UserDatabaseSpec
8092			V	FallbackMXHost
8093			v	Verbose
8094			w	TryNullMXList
8095			x	QueueLA
8096			X	RefuseLA
8097			Y	ForkEachJob
8098			y	RecipientFactor
8099			z	ClassFactor
8100			Z	RetryFactor
8101		The old macros that passed information into sendmail have
8102		been changed to options; those correspondences are:
8103			$e	SmtpGreetingMessage
8104			$l	UnixFromLine
8105			$o	OperatorChars
8106			$q	(deleted -- not necessary)
8107		To avoid possible problems with an older sendmail,
8108		configuration level 6 is accepted by this version of
8109		sendmail; any config file using the new names should
8110		specify "V6" in the configuration.
8111	Change address parsing to properly note that a phrase before a
8112		colon and a trailing semicolon are essentially the same
8113		as text outside of angle brackets (i.e., sendmail should
8114		treat them as comments).  This is to handle the
8115		``group name: addr1, addr2, ..., addrN;'' syntax (it will
8116		assume that ``group name:'' is a comment on the first
8117		address and the ``;'' is a comment on the last address).
8118		This requires config file support to get right.  It does
8119		understand that :: is NOT this syntax, and can be turned
8120		off completely by setting the ColonOkInAddresses option.
8121	Level 6 config files added with new mailer flags:
8122		    A	Addresses are aliasable.
8123		    i	Do udb rewriting on envelope as well as header
8124			sender lines.  Applies to the from address mailer
8125			flags rather than the recipient mailer flags.
8126		    j	Do udb rewriting on header recipient addresses.
8127			Applies to the sender mailer flags rather than the
8128			recipient mailer flags.
8129		    k	Disable check for loops when doing HELO command.
8130		    o	Always run as the mail recipient, even on local
8131			delivery.
8132		    w	Check for an /etc/passwd entry for this user.
8133		    5	Pass addresses through ruleset 5.
8134		    :	Check for :include: on this address.
8135		    |	Check for |program on this address.
8136		    /	Check for /file on this address.
8137		    @	Look up sender header addresses in the user
8138			database.  Applies to the mailer flags for the
8139			mailer corresponding to the envelope sender
8140			address, rather than to recipient mailer flags.
8141		Pre-level 6 configuration files set A, w, 5, :, |, /, and @
8142		on the "local" mailer, the o flag on the "prog" and "*file*"
8143		mailers, and the ColonOkInAddresses option.
8144	Eight-to-seven bit MIME conversions.  This borrows ideas from
8145		John Beck of Hewlett-Packard, who generously contributed
8146		their implementation to me, which I then didn't use (see
8147		mime.c for an explanation of why).  This adds the
8148		EightBitMode option (a.k.a. `8') and an F=8 mailer flag
8149		to control handling of 8-bit data.  These have to cope with
8150		two types of 8-bit data: unlabelled 8-bit data (that is,
8151		8-bit data that is entered without declaring it as 8-bit
8152		MIME -- technically this is illegal according to the
8153		specs) and labelled 8-bit data (that is, it was declared
8154		as 8BITMIME in the ESMTP session or by using the
8155		-B8BITMIME command line flag).  If the F=8 mailer flag is
8156		set then 8-bit data is sent to non-8BITMIME machines
8157		instead of converting to 7 bit (essentially using
8158		just-send-8 semantics).  The values for EightBitMode are:
8159		    m	convert unlabelled 8-bit input to 8BITMIME, and do
8160			any necessary conversion of 8BITMIME to 7BIT
8161			(essentially, the full MIME option).
8162		    p	pass unlabelled 8-bit input, but convert labelled
8163			8BITMIME input to 7BIT as required (default).
8164		    s	strict adherence: reject unlabelled 8-bit input,
8165			convert 8BITMIME to 7BIT as required.  The F=8
8166			flag is ignored.
8167		Unlabelled 8-bit data is rejected in mode `s' regardless of
8168			the setting of F=8.
8169	Add new internal class 'n', which is the set of MIME Content-Types
8170		which can not be 8 to 7 bit encoded because of other
8171		considerations.  Types "multipart/*" and "message/*" are
8172		never directly encoded (although their components can be).
8173	Add new internal class 's', which is the set of subtypes of the
8174		MIME message/* content type that can be treated as though
8175		they are an RFC822 message.  It is predefined to have
8176		"rfc822".  Suggested By Kari Hurtta.
8177	Add new internal class 'e'.  This is the set of MIME
8178		Content-Transfer-Encodings that can be converted to
8179		a seven bit format (Quoted-Printable or Base64).  It is
8180		preinitialized to contain "7bit", "8bit", and "binary".
8181	Add C=charset mailer parameter and the the DefaultCharSet option (no
8182		short name) to set the default character set to use in the
8183		Content-Type: header when doing encoding of an 8-bit message
8184		which isn't marked as MIME into MIME format.  If the C=
8185		parameter is set on the Envelope From address, use that as
8186		the default encoding; else use the DefaultCharSet option.
8187		If neither is set, it defaults to "unknown-8bit" as
8188		suggested by RFC 1428 section 3.
8189	Allow ``U=user:group'' field in mailer definition to set a default
8190		user and group that a mailer will be executed as.  This
8191		overrides the 'u' and 'g' options, and if the `F=S' flag is
8192		also set, it is the uid/gid that will always be used (that
8193		is, the controlling address is ignored).  The values may be
8194		numeric or symbolic; if only a symbolic user is given (no
8195		group) that user's default group in the passwd file is used
8196		as the group.  Based on code donated by Chip Rosenthal of
8197		Unicom.
8198	Allow `u' option to also accept user:group as a value, in the same
8199		fashion as the U= mailer option.
8200	Add the symbolic time zone name in the Arpanet format dates (as
8201		a comment).  This adds a new compile-time configuration
8202		flag: TZ_TYPE can be set to TZ_TM_NAME (use the value
8203		of (struct tm *)->tm_name), TZ_TM_ZONE (use the value
8204		of (struct tm *)->tm_zone), TZ_TZNAME (use extern char
8205		*tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use
8206		timezone()), or TZ_NONE (don't include the comment).  Code
8207		from Chip Rosenthal.
8208	The "Timeout" option (formerly "r") is extended to allow suboptions.
8209		For example,
8210		    O Timeout.helo = 2m
8211		There are also two new suboptions "queuereturn" and
8212		"queuewarn"; these subsume the old T option.  Thus, to
8213		set them both the preferred new syntax is
8214		    O Timeout.queuereturn = 5d
8215		    O Timeout.queuewarn = 4h
8216	Sort queue by host name instead of by message priority if the
8217		QueueSortOrder option (no short name) is set is set to
8218		``host''.  This makes better use of the connection cache,
8219		but may delay more ``interactive'' messages behind large
8220		backlogs under some circumstances.  This is probably a
8221		good option if you have high speed links or don't do lots
8222		of ``batch'' messages, but less good if you are using
8223		something like PPP on a 14.4 modem.  Based on code
8224		contributed by Roy Mongiovi of Georgia Tech (my main
8225		contribution was to make it configurable).
8226	Save i-number of df file in qf file to simplify rebuilding of queue
8227		after disastrous disk crash.  Suggested by Kyle Jones of
8228		UUNET; closely based on code from KJS DECWRL code written
8229		by Paul Vixie.  NOTA BENE: The qf files produced by 8.7
8230		are NOT back compatible with 8.6 -- that is, you can convert
8231		from 8.6 to 8.7, but not the other direction.
8232	Add ``F=d'' mailer flag to disable all use of angle brackets in
8233		route-addrs in envelopes; this is because in some cases
8234		they can be sent to the shell, which interprets them as
8235		I/O redirection.
8236	Don't include error file (option E) with return-receipts; this
8237		can be confusing.
8238	Don't send "Warning: cannot send" messages to owner-* or
8239		*-request addresses.  Suggested by Christophe Wolfhugel
8240		of the Institut Pasteur, Paris.
8241	Allow -O command line flag to set long form options.
8242	Add "MinQueueAge" option to set the minimum time between attempts
8243		to run the queue.  For example, if the queue interval
8244		(-q value) is five minutes, but the minimum queue age
8245		is fifteen minutes, jobs won't be tried more often than
8246		once every fifteen minutes.  This can be used to give
8247		you more responsiveness if your delivery mode is set to
8248		queue-only.
8249	Allow "fileopen" timeout (default: 60 seconds) for opening
8250		:include: and .forward files.
8251	Add "-k", "-v", and "-z" flags to map definitions; these set the
8252		key field name, the value field name, and the field
8253		delimiter.  The field delimiter can be a single character
8254		or the sequence "\t" or "\n" for tab or newline.
8255		These are for use by NIS+ and similar access methods.
8256	Change maps to always strip quotes before lookups; the -q flag
8257		turns off this behavior.  Suggested by Motonori Nakamura.
8258	Add "nisplus" map class.  Takes -k and -v flags to choose the
8259		key and value field names respectively.  Code donated by
8260		Sun Microsystems.
8261	Add "hesiod" map class.  The "file name" is used as the
8262		"HesiodNameType" parameter to hes_resolve(3).  Returns the
8263		first value found for the match.  Code donated by Scott
8264		Hutton of Indiana University.
8265	Add "netinfo" (NeXT NetInfo) map class.  Maps can have a -k flag to
8266		specify the name of the property that is searched as the
8267		key and a -v flag to specify the name of the property that
8268		is returned as the value (defaults to "members").  The
8269		default map is "/aliases".  Some code based on code
8270		contributed by Robert La Ferla of Hot Software.
8271	Add "text" map class.  This does slow, linear searches through
8272		text files.  The -z flag specifies a column delimiter
8273		(defaults to any sequence of white space), the -k flag
8274		sets the key column number, and the -v flag sets the
8275		value column number.  Lines beginning with `#' are treated
8276		as comments.
8277	Add "program" map class to execute arbitrary programs.  The search
8278		key is presented as the last argument; the output is one
8279		line read from the programs standard output.  Exit statuses
8280		are from sysexits.h.
8281	Add "sequence" map class -- searches maps in sequence until it
8282		finds a match.  For example, the declarations:
8283		    Kmap1 ...
8284		    Kmap2 ...
8285		    Kmapseq sequence map1 map2
8286		defines a map "mapseq" that first searches map1; if the
8287		value is found it is returned immediately, otherwise
8288		map2 is searched and the value returned.
8289	Add "switch" map class.  This is much like "sequence" except that
8290		the ordering is fetched from an external file, usually
8291		the system service switch.  The parameter is the name of
8292		the service to switch on, and the maps that it will use
8293		are the name of the switch map followed by ".service_type".
8294		For example, if the declaration of the map is
8295		    Ksample switch hosts
8296		and the system service switch specifies that hosts are
8297		looked up using dns and nis in that order, then this is
8298		equivalent to
8299		    Ksample sequence sample.dns sample.nis
8300		The subordinate maps (sample.*) must already be defined.
8301	Add "user" map class -- looks up users using getpwnam.  Takes a
8302		"-v field" flag on the definition that tells what passwd
8303		entry to return -- legal values are name, passwd, uid, gid,
8304		gecos, dir, and shell.  Generally expected to be used with
8305		the -m (matchonly) flag.
8306	Add "bestmx" map class -- returns the best MX value for the host
8307		listed as the value.  If there are several "best" MX records
8308		for this host, one will be chosen at random.
8309	Add "userdb" map class -- looks up entries in the user database.
8310		The "file name" is actually the tag that will be used,
8311		typically "mailname".  If there are multiple entries
8312		matching the name, the one chosen is undefined.
8313	Add multiple queue timeouts (both return and warning).  These are
8314		set by the Precedence: or Priority: header fields to one of
8315		three values.  If a Priority: is set and has value "normal",
8316		"urgent", or "non-urgent" the corresponding timeouts are
8317		used.  If no priority is set, the Precedence: is consulted;
8318		if negative, non-urgent timeouts are used; if greater than
8319		zero, urgent timeouts are used.  Otherwise, normal timeouts
8320		are used.  The timeouts are set by setting the six timeouts
8321		queue{warn,return}.{urgent,normal,non-urgent}.
8322	Fix problem when a mail address is resolved to a $#error mailer
8323		with a temporary failure indication; it works in SMTP,
8324		but when delivering locally the mail is silently discarded.
8325		This patch, from Kyle Jones of UUNET, bounces it instead
8326		of queueing it (queueing is very hard).
8327	When using /etc/hosts or NIS-style lookups, don't assume that
8328		the first name in the list is the best one -- instead,
8329		search for the first one with a dot.  For example, if
8330		an /etc/hosts entry reads
8331		    128.32.149.68	mammoth mammoth.CS.Berkeley.EDU
8332		this change will use the second name as the canonical
8333		machine name instead of the initial, unqualified name.
8334	Change dequote map to replace spaces in quoted text with a value
8335		indicated by the -s flag on the dequote map definition.
8336		For example, ``Mdequote dequote -s_'' will change
8337		"Foo Bar" into an unquoted Foo_Bar instead of leaving it
8338		quoted (because of the space character).  Suggested by Dan
8339		Oscarsson for use in X.400 addresses.
8340	Implement long macro names as ${name}; long class names can
8341		be similarly referenced as $={name} and $~{name}.
8342		Definitions are (e.g.) ``D{name}value''.  Names that have
8343		a leading lower case letter or punctuation characters are
8344		reserved for internal use by sendmail; i.e., config files
8345		should use names that begin with a capital letter.  Based
8346		on code contributed by Dan Oscarsson.
8347	Fix core dump if getgrgid returns a null group list (as opposed
8348		to an empty group list, that is, a pointer to a list
8349		with no members).  Fix from Andrew Chang of Sun Microsystems.
8350	Fix possible core dump if malloc fails -- if the malloc in xalloc
8351		failed, it called syserr which called newstr which called
8352		xalloc....  The newstr is now avoided for "panic" messages.
8353		Reported by Stuart Kemp of James Cook University.
8354	Improve connection cache timeouts; previously, they were not even
8355		checked if you were delivering to anything other than an
8356		IPC-connected host, so a series of (say) local mail
8357		deliveries could cause cached connections to be open
8358		much longer than the specified timeout.
8359	If an incoming message exceeds the maximum message size, stop
8360		writing the incoming bytes to the queue data file, since
8361		this can fill your mqueue partition -- this is a possible
8362		denial-of-service attack.
8363	Don't reject all numeric local user names unless HESIOD is
8364		defined.  It turns out that Posix allows all-numeric
8365		user names.  Fix from Tony Sanders of BSDI.
8366	Add service switch support.  If the local OS has a service
8367		switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf
8368		on DEC systems) that will be used; otherwise, it falls back
8369		to using a local mechanism based on the ServiceSwitchFile
8370		option (default: /etc/service.switch).  For example, if the
8371		service switch lists "files" and "nis" for the aliases
8372		service, that will be the default lookup order.  the "files"
8373		("local" on DEC) service type expands to any alias files
8374		you listed in the configuration file, even if they aren't
8375		actually file lookups.
8376	Option I (NameServerOptions) no longer sets the "UseNameServer"
8377		variable which tells whether or not DNS should be considered
8378		canonical.  This is now determined based on whether or not
8379		"dns" is in the service list for "hosts".
8380	Add preliminary support for the ESMTP "DSN" extension (Delivery
8381		Status Notifications).  DSN notifications override
8382		Return-Receipt-To: headers, which are bogus anyhow --
8383		support for them has been removed.
8384	Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer
8385		definitions to define the types used in DSN returns for
8386		MTA names, addresses, and diagnostics respectively.
8387	Extend heuristic to force running in ESMTP mode to look for the
8388		five-character string "ESMTP" anywhere in the 220 greeting
8389		message (not just the second line).  This is to provide
8390		better compatibility with other ESMTP servers.
8391	Print sequence number of job when running the queue so you can
8392		easily see how much progress you have made.  Suggested
8393		by Peter Wemm of DIALix.
8394	Map newlines to spaces in logged message-ids; some versions of
8395		syslog truncate the rest of the line after newlines.
8396		Suggested by Fletcher Mattox of U. Texas.
8397	Move up forking for job runs so that if a message is split into
8398		multiple envelopes you don't get "fork storms" -- this
8399		also improves the connection cache utilization.
8400	Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for
8401		the purposes of refusing to send error returns.  Suggested
8402		by Motonori Nakamura of Ritsumeikan University.
8403	Relax rules on when a file can be written when referenced from
8404		the aliases file: use the default uid/gid instead of the
8405		real uid/gid.  This allows you to create a file owned by
8406		and writable only by the default uid/gid that will work
8407		all the time (without having the set-user-ID bit set).  Change
8408		suggested by Shau-Ping Lo and Andrew Cheng of Sun
8409		Microsystems.
8410	Add "DialDelay" option (no short name) to provide an "extra"
8411		delay for dial on demand systems.  If this is non-zero
8412		and a connect fails, sendmail will wait this long and
8413		then try again.  If it takes longer than the kernel
8414		timeout interval to establish the connection, this
8415		option can give the network software time to establish
8416		the link.  The default units are seconds.
8417	Move logging of sender information to be as early as possible;
8418		previously, it could be delayed a while for SMTP mail
8419		sent to aliases.  Suggested by Brad Knowles of the
8420		Defense Information Systems Agency.
8421	Call res_init() before setting RES_DEBUG; this is required by
8422		BIND 4.9.3, or so I'm told.  From Douglas Anderson of
8423		the National Computer Security Center.
8424	Add xdelay= field in logs -- this is a transaction delay, telling
8425		you how long it took to deliver to this address on the
8426		last try.  It is intended to be used for sorting mailing
8427		lists to favor "quick" addresses.  Provided for use by
8428		the mailprio scripts (see below).
8429	If a map cannot be opened, and that map is non-optional, and
8430		an address requires that map for resolution, queue the
8431		map instead of bouncing it.  This involves creating a
8432		pseudo-class of maps called "bogus-map" -- if a required
8433		map cannot be opened, the class is changed to bogus-map;
8434		all queries against bogus-map return "tempfail".  The
8435		bogus-map class is not directly accessible.  A sample
8436		implementation was donated by Jem Taylor of Glasgow
8437		University Computing Service.
8438	Fix a possible core dump when mailing to a program that talks
8439		SMTP on its standard input.  Fix from Keith Moore of
8440		the University of Kentucky.
8441	Make it possible to resolve filenames to $#local $: @ /filename;
8442		previously, the "@" would cause it to not be recognized
8443		as a file.  Problem noted by Brian Hill of U.C. Davis.
8444	Accept a -1 signal to re-exec the daemon.  This only works if
8445		argv[0] is a full path to sendmail.
8446	Fix bug in "addr=..." field in O option on little-endian machines
8447		-- the network number wasn't being converted to network
8448		byte order.  Patch from Kurt Lidl of Pix Technologies
8449		Corporation.
8450	Pre-initialize the resolver early on; this is to avoid a bug with
8451		BIND 4.9.3 that can cause the _res.retry field to get
8452		reset to zero, causing all name server lookups to time
8453		out.  Fix from Matt Day of Artisoft.
8454	Restore T line (trusted users) in config file -- but instead of
8455		locking out the -f flag, they just tell whether or not
8456		an X-Authentication-Warning: will be added.  This really
8457		just creates new entries in class 't', so "Ft/file/name"
8458		can be used to read trusted user names from a file.
8459		Trusted users are also allowed to execute programs even
8460		if they have a shell that isn't in /etc/shells.
8461	Improve NEWDB alias file rebuilding so it will create them
8462		properly if they do not already exist.  This had been
8463		a MAYBENEXTRELEASE feature in 8.6.9.
8464	Check for @:@ entry in NIS maps before starting up to avoid
8465		(but not prevent, sigh) race conditions.  This ought to
8466		be handled properly in ypserv, but isn't.  Suggested by
8467		Michael Beirne of Motorola.
8468	Refuse connections if there isn't enough space on the filesystem
8469		holding the queue.  Contributed by Robert Dana of Wolf
8470		Communications.
8471	Skip checking for directory permissions in the path to a file
8472		when checking for file permissions iff setreuid()
8473		succeeded -- it is unnecessary in that case.  This avoids
8474		significant performance problems when looking for .forward
8475		files.  Based on a suggestion by Win Bent of USC.
8476	Allow symbolic ruleset names.  Syntax can be "Sname" to get an
8477		arbitrary ruleset number assigned or "Sname = integer"
8478		to assign a specific ruleset number.  Reference is
8479		$>name_or_number.  Names can be composed of alphas, digits,
8480		underscore, or hyphen (first character must be non-numeric).
8481	Allow -o flag on AliasFile lines to make the alias file optional.
8482		From Bryan Costales of ICSI.
8483	Add NoRecipientAction option to handle the case where there is
8484		no legal recipient header in the message.  It can take
8485		on values:
8486		  None			Leave the message as is.  The
8487					message will be passed on even
8488					though it is in technically
8489					illegal syntax.
8490		  Add-To		Add a To: header with any
8491					recipients that it can find from
8492					the envelope.  This risks exposing
8493					Bcc: recipients.
8494		  Add-Apparently-To	Add an Apparently-To: header.  This
8495					has almost no redeeming social value,
8496					and is provided only for back
8497					compatibility.
8498		  Add-To-Undisclosed	Add a header reading
8499					To: undisclosed-recipients:;
8500					which will have the effect of
8501					making the message legal without
8502					exposing Bcc: recipients.
8503		  Add-Bcc		To add an empty Bcc: header.
8504					There is a chance that mailers down
8505					the line will delete this header,
8506					which could cause exposure of Bcc:
8507					recipients.
8508		The default is NoRecipientAction=None.
8509	Truncate (rather than delete) Bcc: lines in the header.  This
8510		should prevent later sendmails (at least, those that don't
8511		themselves delete Bcc:) from considering this message to
8512		be non-conforming -- although it does imply that non-blind
8513		recipients can see that a Bcc: was sent, albeit not to whom.
8514	Add SafeFileEnvironment option.  If declared, files named as delivery
8515		targets must be regular files in addition to the regular
8516		checks.  Also, if the option is non-null then it is used as
8517		the name of a directory that is used as a chroot(2)
8518		environment for the delivery; the file names listed in an
8519		alias or forward should include the name of this root.
8520		For example, if you run with
8521			O SafeFileEnvironment=/arch
8522		then aliases should reference "/arch/rest/of/path".  If a
8523		value is given, sendmail also won't try to save to
8524		/usr/tmp/dead.letter (instead it just leaves the job in the
8525		queue as Qfxxxxxx).  Inspired by *Hobbit*'s sendmail patch kit.
8526	Support -A flag for alias files; this will comma concatenate like
8527		entries.  For example, given the aliases:
8528			list: member1
8529			list: member2
8530		and an alias file declared as:
8531			OAhash:-A /etc/aliases
8532		the final alias inserted will be "list: member1,member2";
8533		without -A you will get an error on the second and subsequent
8534		alias for "list".  Contributed by Bryan Costales of ICSI.
8535	Line-buffer transcript file.  Suggested by Liudvikas Bukys.
8536	Fix a problem that could cause very long addresses to core dump in
8537		some special circumstances.  Problem pointed out by Allan
8538		Johannesen.
8539	(Internal change.)  Change interface to expand() (macro expansion)
8540		to be simpler and more consistent.
8541	Delete check for funny qf file names.  This didn't really give
8542		any extra security and caused some people some problems.
8543		(If you -really- want this, define PICKY_QF_NAME_CHECK
8544		at compile time.)  Suggested by Kyle Jones of UUNET.
8545	(Internal change.)  Change EF_NORETURN to EF_NO_BODY_RETN and
8546		merge with DSN code; this is simpler and more consistent.
8547		This may affect some people who have written their own
8548		checkcompat() routine.
8549	(Internal change.)  Eliminate `D' line in qf file.  The df file
8550		is now assumed to be the same name as the qf file (with
8551		the `q' changed to a `d', of course).
8552	Avoid forking for delivery if all recipient mailers are marked as
8553		"expensive" -- this can be a major cost on some systems.
8554		Essentially, this forces sendmail into "queue only" mode
8555		if all it is going to do is queue anyway.
8556	Avoid sending a null message in some rather unusual circumstances
8557		(specifically, the RCPT command returns a temporary
8558		failure but the connection is lost before the DATA
8559		command).  Fix from Scott Hammond of Secure Computing
8560		Corporation.
8561	Change makesendmail to use a somewhat more rational naming scheme:
8562		Makefiles and obj directories are named $os.$rel.$arch,
8563		where $os is the operating system (e.g., SunOS), $rel is
8564		the release number (e.g., 5.3), and $arch is the machine
8565		architecture (e.g., sun4).  Any of these can be omitted,
8566		and anything after the first dot in a release number can
8567		be replaced with "x" (e.g., SunOS.4.x.sun4).  The previous
8568		version used $os.$arch.$rel and was rather less general.
8569	Change makesendmail to do a "make depend" in the target directory
8570		when it is being created.  This involves adding an empty
8571		"depend:" entry in most Makefiles.
8572	Ignore IDENT return value if the OSTYPE field returns "OTHER",
8573		as indicated by RFC 1413.  Pointed out by Kari Hurtta
8574		of the Finnish Meteorological Institute.
8575	Fix problem that could cause multiple responses to DATA command
8576		on header syntax errors (e.g., lines beginning with colons).
8577		Problem noted by Jens Thomassen of the University of Oslo.
8578	Don't let null bytes in headers cause truncation of the rest of
8579		the header.
8580	Log Authentication-Warning:s.  Suggested by Motonori Nakamura.
8581	Increase timeouts on message data puts to allow time for receivers
8582		to canonify addresses in headers on the fly.  This is still
8583		a rather ugly heuristic.  From Motonori Nakamura.
8584	Add "HasWildcardMX" suboption to ResolverOptions; if set, MX
8585		records are not used when canonifying names, and when MX
8586		lookups are done for addressing they must be fully
8587		qualified.  This is useful if you have a wildcard MX record,
8588		although it may cause other problems.  In general, don't use
8589		wildcard MX records.  Patch from Motonori Nakamura.
8590	Eliminate default two-line SMTP greeting message.  Instead of
8591		adding an extra "ESMTP spoken here" line, the word "ESMTP"
8592		is added between the first and second word of the first
8593		line of the greeting message (i.e., immediately after the
8594		host name).  This eliminates the need for the BROKEN_SMTP_PEERS
8595		compile flag.  Old sendmails won't see the ESMTP, but that's
8596		acceptable because SIZE was the only useful extension that
8597		old sendmails understand.
8598	Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1
8599		invoked state dumps.  From Masaharu Onishi.
8600	Allow on-line comments in .forward and :include: files; they are
8601		introduced by the string "<LWSP>#@#<LWSP>", where <LWSP>
8602		is a space or a tab.  This is intended for native
8603		representation of non-ASCII sets such as Japanese, where
8604		existing encodings would be unreadable or would lose
8605		data -- for example,
8606		 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori
8607					(romanized/less information)
8608		 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?=
8609					      =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?=
8610					(with MIME encoding, not human readable)
8611		 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B
8612					(native encoding with ISO-2022-JP)
8613		The last form is human readable in the Japanese environment.
8614		Based on a fix from (surprise!) Motonori Nakamura.
8615	Don't make SMTP error returns on MAIL FROM: line be "sticky" for all
8616		messages to that host; these are most frequently associated
8617		with addresses rather than the host, with the exception of
8618		421 (service shutting down).  The effect was to cause queues
8619		to sometimes take an excessive time to flush.  Reported by
8620		Robert Sargent of Southern Geographics Technologies and
8621		Eric Prestemon of American University.
8622	Add Nice=N mailer option to set the niceness at which a mailer will
8623		run.  This is actually a relative niceness (that is, an
8624		increment on the background value).
8625	Log queue runs that are skipped due to high loads.  They are logged
8626		at LOG_INFO priority iff the log level is > 8.  Contributed
8627		by Bruce Nagel of Data General.
8628	Allow the error mailer to accept a DSN-style error status code
8629		instead of an sysexits status code in the host part.
8630		Anything with a dot will be interpreted as a DSN-style code.
8631	Add new mailer flag: F=3 will tell translations to Quoted-Printable
8632		to encode characters that might be munged by an EBCDIC system
8633		in addition to the set required by RFC 1521.  The additional
8634		characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~.
8635		(Think of "IBM 360" as the mnemonic for this flag.)
8636	Change check for mailing to files to look for a pathname of [FILE]
8637		rather than looking for the mailer named *file*.  The mapping
8638		of leading slashes still goes to the *file* mailer.  This
8639		allows you to implement the *file* mailer as a separate
8640		program, for example, to insert a Content-Length: header
8641		or do special security policy.  However, note that the usual
8642		initial checking for the file permissions is still done, and
8643		the program in question needs to be very careful about how
8644		it does the file write to avoid security problems.
8645	Be able to read ~root/.forward even if the path isn't accessible to
8646		regular users.  This is disrecommended because sendmail
8647		sometimes does not run as root (e.g., when an unsafe option
8648		is specified on the command line), but should otherwise be
8649		safe because .forward files must be owned by the user for
8650		whom mail is being forwarded, and cannot be a symbolic link.
8651		Suggested by Forrest Aldrich of Wang Laboratories.
8652	Add new "HostsFile" option that is the pathname to the /etc/hosts
8653		file.  This is used for canonifying hostnames when the
8654		service type is "files".
8655	Implement programs on F (read class from file) line.  The syntax is
8656		Fc|/path/to/program to read the output from the program
8657		into class "c".
8658	Probe the network interfaces to find alternate names for this
8659		host.  Requires the SIOCGIFCONF ioctl call.  Code
8660		contributed by SunSoft.
8661	Add "E" configuration line to set or propagate environment
8662		variables into children.  "E<envar>" will propagate
8663		the named variable from the environment when sendmail
8664		was invoked into any children it calls; "E<envar>=<value>"
8665		sets the named variable to the indicated value.  Any
8666		variables not explicitly named will not be in the child
8667		environment.  However, sendmail still forces an
8668		"AGENT=sendmail" environment variable, in part to enforce
8669		at least one environment variable, since many programs and
8670		libraries die horribly if this is not guaranteed.
8671	Change heuristic for rebuilding both NEWDB and NDBM versions of
8672		alias databases -- new algorithm looks for the substring
8673		"/yp/" in the file name.  This is more portable and involves
8674		less overhead.  Suggested by Motonori Nakamura.
8675	Dynamically allocate the queue work list so that you don't lose
8676		jobs in large queue runs.  The old QUEUESIZE compile parameter
8677		is replaced by QUEUESEGSIZE (the unit of allocation, which
8678		should not need to be changed) and the MaxQueueRunSize option,
8679		which is the absolute maximum number of jobs that will ever
8680		be handled in a single queue run.  Based on code contributed
8681		by Brian Coan of the Institute for Global Communications.
8682	Log message when a message is dropped because it exceeds the maximum
8683		message size.  Suggested by Leo Bicknell of Virginia Tech.
8684	Allow trusted users (those on a T line or in $=t) to use -bs without
8685		an X-Authentication-Warning: added.  Suggested by Mark Thomas
8686		of Mark G. Thomas Consulting.
8687	Announce state of compile flags on -d0.1 (-d0.10 throws in the
8688		OS-dependent defines).  The old semantic of -d0.1 to not
8689		run the daemon in background has been moved to -d99.100,
8690		and the old 52.5 flag (to avoid disconnect() from closing
8691		all output files) has been moved to 52.100.  This makes
8692		things more consistent (flags below .100 don't change
8693		semantics) and separates out the backgrounding so that
8694		it doesn't happen automatically on other unrelated debugging
8695		flags.
8696	If -t is used but no addresses are found in the header, give an
8697		error message rather than just doing nothing.  Fix from
8698		Motonori Nakamura.
8699	On systems (like SunOS) where the effective gid is not necessarily
8700		included in the group list returned by getgroups(), the
8701		`restrictmailq' option could sometimes cause an authorized
8702		user to not be able to use `mailq'.  Fix from Charles Hannum
8703		of MIT.
8704	Allow symbolic service names for [IPC] mailers.  Suggested by
8705		Gerry Magennis of Logica International.
8706	Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs
8707		when running DNS.  For example, if the name FTP.Foo.ORG is
8708		a CNAME for Cruft.Foo.ORG, then when sitting on a machine in
8709		the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG"
8710		if this option is not set, or "FTP.Foo.ORG" if it is set.
8711		This is technically illegal under RFC 822 and 1123, but the
8712		IETF is moving toward legalizing it.  Note that turning on
8713		this option is not sufficient to guarantee that a downstream
8714		neighbor won't rewrite the address for you.
8715	Add "-m" flag to makesendmail script -- this tells you what object
8716		directory and Makefile it will use, but doesn't actually do
8717		the make.
8718	Do some additional checking on the contents of the qf file to try
8719		to detect attacks against the qf file.  In particular,
8720		abort on any line beginning "From ", and add an "end of
8721		file" line -- any data after that line is prohibited.
8722	Always use /etc/sendmail.cf, regardless of the arbitrary vendor
8723		choices.  This can be overridden in the Makefile by using
8724		either -DUSE_VENDOR_CF_PATH to get the vendor location
8725		(to the extent that we know it) or by defining
8726		_PATH_SENDMAILCF (which is a "hard override").  This allows
8727		sendmail 8 to have more consistent installation instructions.
8728	Allow macros on `K' line in config file.  Suggested by Andrew Chang
8729		of Sun Microsystems.
8730	Improved symbol table hash function from Eric Wassenaar.  This one
8731		is at least 50% faster.
8732	Fix problem that didn't notice that timeout on file open was a
8733		transient error.  Fix from Larry Parmelee of Cornell
8734		University.
8735	Allow comments (lines beginning with a `#') in files read for
8736		classes.  Suggested by Motonori Nakamura.
8737	Make SIGINT (usually ^C) in test mode return to the prompt instead
8738		of dropping out entirely.  This makes testing some of the
8739		name server lookups easier to deal with when there are
8740		hung servers.  From Motonori Nakamura.
8741	Add new ${opMode} macro that is set to the current operation mode
8742		(e.g., `s' for -bs, `t' for -bt, etc.).  Suggested by
8743		Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>.
8744	Add new delivery mode (Odd) that defers all map lookups to queue runs.
8745		Kind of like queue-only mode (Odq) except it tries to avoid
8746		any external service requests; for dial-on-demand hosts that
8747		want to minimize DNS lookups when mail is being queued.  For
8748		this to work you will also have to make sure that gethostbyname
8749		of your local host name does not do a DNS lookup.
8750	Improved handling of "out of space" conditions from John Myers of
8751		Carnegie Mellon.
8752	Improved security for mailing to files on systems that have fchmod(2)
8753		support.
8754	Improve "cannot send message for N days" message -- now says "could
8755		not send for past N days".  Suggested by Tom Moore of AT&T
8756		Global Information Solutions.
8757	Less misleading Subject: line on messages sent to postmaster only.
8758		From Motonori Nakamura.
8759	Avoid duplicate error messages on bad command line flags.  From
8760		Motonori Nakamura.
8761	Better error message for case where ruleset 0 falls off the end
8762		or otherwise does not resolve to a canonical triple.
8763	Fix a problem that could cause multiple bounce messages if a bad
8764		address was sent along with a good address to an SMTP
8765		site where that SMTP site returned a 4yz code in response
8766		to the final dot of the data.  Problem reported by David
8767		James of British Telecom.
8768	Add "volatile" declarations so that gcc -O2 will work.  Patches
8769		from Alexander Dupuy of System Management ARTS.
8770	Delete duplicates in MX lists -- believe it or not, there are sites
8771		that list the same host twice in an MX list.  This deletion
8772		only works on adjacent preferences, so an MX list that
8773		had A=5, B=10, A=15 would leave both As, but one that had
8774		A=5, A=10, B=15 would reduce to A, B.  This is intentional,
8775		just in case there is something weird I haven't thought of.
8776		Suggested by Barry Shein of Software Tool & Die.
8777	SECURITY: .forward files cannot be symbolic links.  If they are,
8778		a bad guy can read your private files.
8779	PORTABILITY FIXES:
8780		Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>.
8781		System V Release 4 from Motonori Nakamura of Ritsumeikan
8782			University.  This expands the disk size
8783			checking to include all (?) SVR4 configurations.
8784		System V Release 4 from Kimmo Suominen -- initgroups(3)
8785			and setrlimit(2) are both available.
8786		System V Release 4 from sob@sculley.ffg.com -- some versions
8787			apparently "have EX_OK defined in other headerfiles."
8788		Linux Makefile typo.
8789		Linux getusershell(3) is broken in Slackware 2.0 --
8790			from Andrew Pam of Xanadu Australia.
8791		More Linux tweaking from John Kennedy of California State
8792			University, Chico.
8793		Cray changes from Eric Wassenaar:  ``On Cray, shorts,
8794			ints, and longs are all 64 bits, and all structs
8795			are multiples of 64 bits.  This means that the
8796			sizeof operator returns only multiples of 8.
8797			This requires adaptation of code that really
8798			deals with 32 bit or 16 bit fields, such as IP
8799			addresses or nameserver fields.''
8800		DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>.  To
8801			get the old behavior, use -DDGUX_5_4_2.
8802		DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment
8803			variable to fix bogus /bin/mail behavior.
8804		Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>.
8805			This also cleans up some System V Release 4 compile
8806			problems.
8807		Solaris 2: sendmail.cw file should be in /etc/mail to
8808			match all the other configuration files.  Fix
8809			from Glenn Barry of Emory University.
8810		Solaris 2.3: compile problem in conf.c.  Fix from Alain
8811			Nissen of the University of Liege, Belgium.
8812		Ultrix: freespace calculation was incorrect.  Fix from
8813			Takashi Kizu of Osaka University.
8814		SVR4: running in background gets a SIGTTOU because the
8815			emulation code doesn't realize that "getpeername"
8816			doesn't require reading the file.  Fix from Peter
8817			Wemm of DIALix.
8818		Solaris 2.3: due to an apparent bug in the socket emulation
8819			library, sockets can get into a "wedged" state where
8820			they just return EPROTO; closing and re-opening the
8821			socket clears the problem.  Fix from Bob Manson
8822			of Ohio State University.
8823		Hitachi 3050R & 3050RX running HI-UX/WE2: portability
8824			fixes from Akihiro Hashimoto ("Hash") of Chiba
8825			University.
8826		AIX changes to allow setproctitle to work from Rainer Sch�pf
8827			of Zentrum f�r Datenverarbeitung der Universit�t
8828			Mainz.
8829		AIX changes for load average from Ed Ravin of NASA/Goddard.
8830		SCO Unix from Chip Rosenthal of Unicom (code was using the
8831			wrong statfs call).
8832		ANSI C fixes from Adam Glass (NetBSD project).
8833		Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers
8834			University.
8835		DG-UX fixes from Bruce Nagel of Data General.
8836		IRIX64 updates from Mark Levinson of the University of
8837			Rochester Medical Center.
8838		Altos System V (``the first UNIX/XENIX merge the Altos
8839			did for their Series 1000 & Series 2000 line;
8840			their merged code was licensed back to AT&T and
8841			Microsoft and became System V release 3.2'') from
8842			Tim Rice <timr@crl.com>.
8843		OSF/1 running on Intel Paragon from Jeff A. Earickson
8844			<jeff@ssd.intel.com> of Intel Scalable Systems
8845			Division.
8846		Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson
8847			<janet@dialix.oz.au>.
8848		System V Release 4 (statvfs semantic fix) from Alain
8849			Durand of I.M.A.G.
8850		HP-UX 10.x multiprocessor load average changes from
8851			Scott Hutton and Jeff Sumler of Indiana University.
8852		Cray CSOS from Scott Bolte of Cray Computer Corporation.
8853		Unicos 8.0 from Douglas K. Rand of the University of North
8854			Dakota, Scientific Computing Center.
8855		Solaris 2.4 fixes from Sanjay Dani of Dani Communications.
8856		ConvexOS 11.0 from Christophe Wolfhugel.
8857		IRIX 4.0.5 from David Ashton-Reader of CADcentre.
8858		ISC UNIX from J. J. Bailey.
8859		HP-UX 9.xx on the 8xx series machines from Remy Giraud
8860			of Meteo France.
8861		HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>.
8862		IRIX 5.2 and 5.3 from Kari E. Hurtta.
8863		FreeBSD 2.0 from Mike Hickey of Federal Data Corporation.
8864		Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura.
8865		Omron LUNA unios-b, mach from Motonori Nakamura.
8866		NEC EWS-UX/V 4.2 from Motonori Nakamura.
8867		NeXT 2.1 from Bryan Costales.
8868		AUX patch thanks to Mike Erwin of Apple Computer.
8869		HP-UX 10.0 from John Beck of Hewlett-Packard.
8870		Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a
8871			non-DEC resolver.  Suggested by Allan Johannesen.
8872		UnixWare 2.0 fixes from Petr Lampa of the Technical
8873			University of Brno (Czech Republic).
8874		KSR OS 1.2.2 support from Todd Miller of the University
8875			of Colorado.
8876		UX4800 support from Kazuhisa Shimizu of NEC.
8877	MAKEMAP: allow -d flag to allow insertion of duplicate aliases
8878		in type ``btree'' maps.  The semantics of this are undefined
8879		for regular maps, but it can be useful for the user database.
8880	MAKEMAP: lock database file while rebuilding to avoid sendmail
8881		lookups while the rebuild is going on.  There is a race
8882		condition between the open(... O_TRUNC ...) and the lock
8883		on the file, but it should be quite small.
8884	SMRSH: sendmail restricted shell added to the release.  This can
8885		be used as an alternative to /bin/sh for the "prog" mailer,
8886		giving the local administrator more control over what
8887		programs can be run from sendmail.
8888	MAIL.LOCAL: add this local mailer to the tape.  It is not really
8889		part of the release proper, and isn't fully supported; in
8890		particular, it does not run on System V based systems and
8891		never will.
8892	CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon
8893		to allow rmail to compile on systems that don't have
8894		function prototypes and systems that don't have snprintf.
8895	CONTRIB: add the "mailprio" scripts that will help you sort mailing
8896		lists by transaction delay times so that addresses that
8897		respond quickly get sent first.  This is to prevent very
8898		sluggish servers from delaying other peoples' mail.
8899		Contributed by Tony Sanders of BSDI.
8900	CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders
8901		of BSDI.  This has a lot of comments to help people out.
8902	CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead,
8903		put this on the m4 command line.  On GNU m4 (which
8904		supports the __file__ primitive) you can run m4 in an
8905		arbitrary directory -- use either:
8906			m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf
8907		or
8908			m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf
8909		On other versions of m4 that don't support __file__, you
8910		can use:
8911			m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ...
8912		(Note the trailing slash on the _CF_DIR_ definition.)
8913		Old versions of m4 will default to _CF_DIR_=.. for back
8914		compatibility.
8915	CONFIG: fix mail from <> so it will properly convert to
8916		MAILER-DAEMON on local addresses.
8917	CONFIG: fix code that was supposed to catch colons in host
8918		names.  Problem noted by John Gardiner Myers of CMU.
8919	CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration.
8920		From Paul Riddle of the University of Maryland, Baltimore
8921		County.
8922	CONFIG: Catch and reject "." as a host address.
8923	CONFIG: Generalize domaintable to look up all domains, not
8924		just unqualified ones.
8925	CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it
8926		was never used and didn't work anyway.
8927	CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer
8928		and d on all mailers in the UUCP class.
8929	CONFIG: Allow "user+detail" to be aliased specially: it will first
8930		look for an alias for "user+detail", then for "user+*", and
8931		finally for "user".  This is intended for forwarding mail
8932		for system aliases such as root and postmaster to a
8933		centralized hub.
8934	CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above).
8935	CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set.
8936		The F=8 flag is also set on the "relay" mailer, since
8937		this is expected to be another sendmail.
8938	CONFIG: avoid qualifying all UUCP addresses sent via SMTP with
8939		the name of the UUCP_RELAY -- in some cases, this is the
8940		wrong value (e.g., when we have local UUCP connections),
8941		and this can create unreplyable addresses.  From Chip
8942		Rosenthal of Unicom.
8943	CONFIG: add confRECEIVED_HEADER to change the format of the
8944		Received: header inserted into all messages.  Suggested by
8945		Gary Mills of the University of Manitoba.
8946	CONFIG: Make "notsticky" the default; use FEATURE(stickyhost)
8947		to get the old behavior.  I did this upon observing
8948		that almost everyone needed this feature, and that the
8949		concept I was trying to make happen didn't work with
8950		some user agents anyway.  FEATURE(notsticky) still works,
8951		but it is a no-op.
8952	CONFIG: Add LUSER_RELAY -- the host to which unrecognized user
8953		names are sent, rather than immediately diagnosing them
8954		as User Unknown.
8955	CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS,
8956		and RELAY_MAILER_ARGS to set the arguments for the
8957		indicated mailers.  All default to "IPC $h".  Patch from
8958		Larry Parmelee of Cornell University.
8959	CONFIG: pop mailer needs F=n flag to avoid "annoying side effects
8960		on the client side" and F=P to get an appropriate
8961		return-path.  From Kimmo Suominen.
8962	CONFIG: add FEATURE(local_procmail) to use the procmail program
8963		as the local mailer.  For addresses of the form "user+detail"
8964		the "detail" part is passed to procmail via the -a flag.
8965		Contributed by Kimmo Suominen.
8966	CONFIG: add MAILER(procmail) to add an interface to procmail for
8967		use from mailertables.  This lets you execute arbitrary
8968		procmail scripts.  Contributed by Kimmo Suominen.
8969	CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers.
8970	CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent.  From
8971		Paul Southworth of CICNet Systems Support.
8972	CONFIG: use -a$g as default to UUCP mailers, instead of -a$f.
8973		This causes the null return path to be rewritten as
8974		MAILER-DAEMON; otherwise UUCP gets horribly confused.
8975		From Michael Hohmuth of Technische Universitat Dresden.
8976	CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that
8977		list us as the best possible MX record to be treated as
8978		though they were local (essentially, assume that they
8979		are included in $=w).  This can cause additional DNS
8980		traffic, but is easier to administer if this fits your
8981		local model.  It does not work reliably if there are
8982		multiple hosts that share the best MX preference.
8983		Code contributed by John Oleynick of Rutgers.
8984	CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted
8985		SHell) instead of /bin/sh as the program used for delivery
8986		to programs.  If an argument is included, it is used as
8987		the path to smrsh; otherwise, /usr/local/etc/smrsh is
8988		assumed.
8989	CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the
8990		size of messages to the local and procmail mailers
8991		respectively.  Contributed by Brad Knowles of the Defense
8992		Information Systems Agency.
8993	CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments
8994		(just like text outside of angle brackets) in order to
8995		properly deal with ``group: addr1, ... addrN;'' syntax.
8996	CONFIG: Require OSTYPE macro (the defaults really don't apply to
8997		any real systems any more) and tweak the DOMAIN macro
8998		so that it is less likely that users will accidentally use
8999		the Berkeley defaults.  Also, create some generic files
9000		that really can be used in the real world.
9001	CONFIG: Add new configuration macros to set character sets for
9002		messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET,
9003		SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET.
9004	CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency.
9005		The old name will still be accepted for a while at least.
9006	CONFIG: Implement DECNET_RELAY as spec for host to which DECNET
9007		mail (.DECNET pseudo-domain or node::user) will be sent.
9008		As with all relays, it can be ``mailer:hostname''.  Suggested
9009		by Scott Hutton.
9010	CONFIG: Add MAILER(mail11) to get DECnet support.  Code contributed
9011		by Barb Dijker of Labyrinth Computer Services.
9012	CONFIG: change confCHECK_ALIASES to default to False -- it has poor
9013		performance for large alias files, and this confused many
9014		people.
9015	CONFIG: Add confCF_VERSION to append local information to the
9016		configuration version number displayed during SMTP startup.
9017	CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it
9018		would only work when locally addressed.  Fix from
9019		Edvard Tuinder of Cistron Internet Services.
9020	CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option
9021		"n" (CheckAliases) is set when rebuilding alias database.
9022		Based on code contributed by Claude Marinier.
9023	CONFIG: Allow mailertable to have values of the form
9024		``error:code message''.  The ``code'' is a status code
9025		derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE.
9026		Contributed by David James <dwj@agw.bt.co.uk>.
9027	CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of
9028		sender domains that will be replaced with the masquerade name.
9029		These domains will not be treated as local, but if mail passes
9030		through with sender addresses in those domains they will be
9031		replaced by the masquerade name.  These can also be specified
9032		in a file using MASQUERADE_DOMAIN_FILE(filename).
9033	CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope
9034		as well as the header.  Substantial improvements to this
9035		code were contributed by Per Hedeland.
9036	CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be
9037		accessed from a mailertable to do CCSO ph lookups.  Contributed
9038		by Kimmo Suominen.
9039	CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be
9040		used to define cyrus and cyrusbb mailers (for IMAP support).
9041		Contributed by John Gardiner Myers of Carnegie Mellon.
9042	CONFIG: add confUUCP_MAILER to select default mailer to use for
9043		UUCP addressing.  Suggested by Tom Moore of AT&T GIS.
9044	NEW FILES:
9045		cf/cf/cs-hpux10.mc
9046		cf/cf/cs-solaris2.mc
9047		cf/cf/cyrusproto.mc
9048		cf/cf/generic-bsd4.4.mc
9049		cf/cf/generic-hpux10.mc
9050		cf/cf/generic-hpux9.mc
9051		cf/cf/generic-osf1.mc
9052		cf/cf/generic-solaris2.mc
9053		cf/cf/generic-sunos4.1.mc
9054		cf/cf/generic-ultrix4.mc
9055		cf/cf/huginn.cs.mc
9056		cf/domain/berkeley-only.m4
9057		cf/domain/generic.m4
9058		cf/feature/bestmx_is_local.m4
9059		cf/feature/local_procmail.m4
9060		cf/feature/masquerade_envelope.m4
9061		cf/feature/smrsh.m4
9062		cf/feature/stickyhost.m4
9063		cf/feature/use_ct_file.m4
9064		cf/m4/cfhead.m4
9065		cf/mailer/cyrus.m4
9066		cf/mailer/mail11.m4
9067		cf/mailer/phquery.m4
9068		cf/mailer/procmail.m4
9069		cf/ostype/amdahl-uts.m4
9070		cf/ostype/bsdi2.0.m4
9071		cf/ostype/hpux10.m4
9072		cf/ostype/irix5.m4
9073		cf/ostype/isc4.1.m4
9074		cf/ostype/ptx2.m4
9075		cf/ostype/unknown.m4
9076		contrib/bsdi.mc
9077		contrib/mailprio
9078		contrib/rmail.oldsys.patch
9079		mail.local/mail.local.0
9080		makemap/makemap.0
9081		smrsh/README
9082		smrsh/smrsh.0
9083		smrsh/smrsh.8
9084		smrsh/smrsh.c
9085		src/Makefiles/Makefile.CSOS
9086		src/Makefiles/Makefile.EWS-UX_V
9087		src/Makefiles/Makefile.HP-UX.10
9088		src/Makefiles/Makefile.IRIX.5.x
9089		src/Makefiles/Makefile.IRIX64
9090		src/Makefiles/Makefile.ISC
9091		src/Makefiles/Makefile.KSR
9092		src/Makefiles/Makefile.NEWS-OS.4.x
9093		src/Makefiles/Makefile.NEWS-OS.6.x
9094		src/Makefiles/Makefile.NEXTSTEP
9095		src/Makefiles/Makefile.NonStop-UX
9096		src/Makefiles/Makefile.Paragon
9097		src/Makefiles/Makefile.SCO.3.2v4.2
9098		src/Makefiles/Makefile.SunOS.5.3
9099		src/Makefiles/Makefile.SunOS.5.4
9100		src/Makefiles/Makefile.SunOS.5.5
9101		src/Makefiles/Makefile.UNIX_SV.4.x.i386
9102		src/Makefiles/Makefile.uts.systemV
9103		src/Makefiles/Makefile.UX4800
9104		src/aliases.0
9105		src/mailq.0
9106		src/mime.c
9107		src/newaliases.0
9108		src/sendmail.0
9109		test/t_seteuid.c
9110	RENAMED FILES:
9111		cf/cf/alpha.mc =>		cf/cf/s2k-osf1.mc
9112		cf/cf/chez.mc =>		cf/cf/chez.cs.mc
9113		cf/cf/hpux-cs-exposed.mc =>	cf/cf/cs-hpux9.mc
9114		cf/cf/osf1-cs-exposed.mc =>	cf/cf/cs-osf1.mc
9115		cf/cf/s2k.mc =>			cf/cf/s2k-ultrix4.mc
9116		cf/cf/sunos4.1-cs-exposed.mc =>	cf/cf/cs-sunos4.1.mc
9117		cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc
9118		cf/cf/vangogh.mc =>		cf/cf/vangogh.cs.mc
9119		cf/domain/Berkeley.m4 =>	cf/domain/Berkeley.EDU.m4
9120		cf/domain/cs-exposed.m4 =>	cf/domain/CS.Berkeley.EDU.m4
9121		cf/domain/eecs-hidden.m4 =>	cf/domain/EECS.Berkeley.EDU.m4
9122		cf/domain/s2k.m4 =>		cf/domain/S2K.Berkeley.EDU.m4
9123		cf/ostype/hpux.m4 =>		cf/ostype/hpux9.m4
9124		cf/ostype/irix.m4 =>		cf/ostype/irix4.m4
9125		cf/ostype/ultrix4.1.m4 =>	cf/ostype/ultrix4.m4
9126		src/Makefile.* =>		src/Makefiles/Makefile.*
9127		src/Makefile.AUX =>		src/Makefiles/Makefile.A-UX
9128		src/Makefile.BSDI =>		src/Makefiles/Makefile.BSD-OS
9129		src/Makefile.DGUX =>		src/Makefiles/Makefile.dgux
9130		src/Makefile.RISCos =>		src/Makefiles/Makefile.UMIPS
9131		src/Makefile.SunOS.4.0.3 =>	src/Makefiles/Makefile.SunOS.4.0
9132	OBSOLETED FILES:
9133		cf/cf/cogsci.mc
9134		cf/cf/cs-exposed.mc
9135		cf/cf/cs-hidden.mc
9136		cf/cf/hpux-cs-hidden.mc
9137		cf/cf/knecht.mc
9138		cf/cf/osf1-cs-hidden.mc
9139		cf/cf/sunos3.5-cs-exposed.mc
9140		cf/cf/sunos3.5-cs-hidden.mc
9141		cf/cf/sunos4.1-cs-hidden.mc
9142		cf/cf/ultrix4.1-cs-hidden.mc
9143		cf/domain/cs-hidden.m4
9144		contrib/rcpt-streaming
9145		src/Makefiles/Makefile.SunOS.5.x
9146
91478.6.13/8.6.12	1996/01/25
9148	SECURITY: In some cases it was still possible for an attacker to
9149		insert newlines into a queue file, thus allowing access to
9150		any user (except root).
9151	CONFIG: no changes -- it is not a bug that the configuration
9152		version number is unchanged.
9153
91548.6.12/8.6.12	1995/03/28
9155	Fix to IDENT code (it was getting the size of the reply buffer
9156		too small, so nothing was ever accepted).  Fix from several
9157		people, including Allan Johannesen, Shane Castle of the
9158		Boulder County Information Services, and Jeff Smith of
9159		Warwick University (all arrived within a few hours of
9160		each other!).
9161	Fix a problem that could cause large jobs to run out of
9162		file descriptors on systems that use vfork() rather
9163		than fork().
9164
91658.6.11/8.6.11	1995/03/08
9166	The ``possible attack'' message would be logged more often
9167		than necessary if you are using Pine as a user agent.
9168	The wrong host would be reported in the ``possible attack''
9169		message when attempted from IDENT.
9170	In some cases the syslog buffer could be overflowed when
9171		reporting the ``possible attack'' message.  This can
9172		cause denial of service attacks.  Truncate the message
9173		to 80 characters to prevent this problem.
9174	When reading the IDENT response a loop is needed around the
9175		read from the network to ensure that you don't get
9176		partial lines.
9177	Password entries without any shell listed (that is, a null
9178		shell) wouldn't match as "ok".  Problem noted by
9179		Rob McMahon.
9180	When running BIND 4.9.x a problem could occur because the
9181		_res.options field is initialized differently than it
9182		was historically -- this requires that sendmail call
9183		res_init before it tweaks any bits.
9184	Fix an incompatibility in openxscript() between the file open mode
9185		and the stdio mode passed to fdopen.  This caused UnixWare
9186		2.0 to have conniptions.  Fix from Martin Sohnius of
9187		Novell Labs Europe.
9188	Fix problem with static linking of local getopt routine when
9189		using GNU's ld command.  Fix from John Kennedy of
9190		Cal State Chico.
9191	It was possible to turn off privacy flags.  Problem noted by
9192		*Hobbit*.
9193	Be more paranoid about writing files.  Suggestions by *Hobbit*
9194		and Liudvikas Bukys.
9195	MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular)
9196		from Spider Boardman.
9197	CONFIG: No changes (version number only, to keep it in sync
9198		with the binaries).
9199
92008.6.10/8.6.10	1995/02/10
9201	SECURITY: Diagnose bogus values to some command line flags that
9202		could allow trash to get into headers and qf files.
9203	Validate the name of the user returned by the IDENT protocol.
9204		Some systems that really dislike IDENT send intentionally
9205		bogus information.  Problem pointed out by Michael Bushnell
9206		of the Free Software Foundation.  Has some security
9207		implications.
9208	Fix a problem causing error messages about DNS problems when
9209		the host name contained a percent sign to act oddly
9210		because it was passed as a printf-style format string.
9211		In some cases this could cause core dumps.
9212	Avoid possible buffer overrun in returntosender() if error
9213		message is quite long.  From Fletcher Mattox of the
9214		University of Texas.
9215	Fix a problem that would silently drop "too many hops" error
9216		messages if and only if you were sending to an alias.
9217		From Jon Giltner of the University of Colorado and
9218		Dan Harton of Oak Ridge National Laboratory.
9219	Fix a bug that caused core dumps on some systems if -d11.2 was
9220		set and e->e_message was null.  Fix from Bruce Nagel of
9221		Data General.
9222	Fix problem that can still cause df files to be left around
9223		after "hop count exceeded" messages.  Fix from Andrew
9224		Chang and Shau-Ping Lo of SunSoft.
9225	Fix a problem that can cause buffer overflows on very long
9226		user names (as might occur if you piped to a program
9227		with a lot of arguments).
9228	Avoid returning an error and re-queueing if the host signature
9229		is null; this can occur on addresses like ``user@.''.
9230		Problem noted by Wesley Craig and the University of
9231		Michigan.
9232	Avoid possible calls to malloc(0) if MCI caching is turned
9233		off.  Bug fix from Pierre David of the Laboratoire
9234		Parallelisme, Reseaux, Systemes et Modelisation (PRiSM),
9235		Universite de Versailles - St Quentin, and Jacky
9236		Thibault.
9237	Make a local copy of the line being sent via senttolist() -- in
9238		some cases, buffers could get trashed by map lookups
9239		causing it to do unexpected things.  This also simplifies
9240		some of the map code.
9241	CONFIG: No changes (version number only, to keep it in sync
9242		with the binaries).
9243
92448.6.9/8.6.9	1994/04/19
9245	Do all mail delivery completely disconnected from any terminal.
9246		This provides consistency with daemon delivery and
9247		may have some security implications.
9248	Make sure that malloc doesn't get called with zero size,
9249		since that fails on some systems.  Reported by Ed
9250		Hill of the University of Iowa.
9251	Fix multi-line values for $e (SMTP greeting message).  Reported
9252		by Mike O'Connor of Ford Motor Company.
9253	Avoid syserr if no NIS domain name is defined, but the map it
9254		is trying to open is optional.  From Win Bent of USC.
9255	Changes for picky compilers from Ed Gould of Digital Equipment.
9256	Hesiod support for UDB from Todd Miller of the University of
9257		Colorado.  Use "hesiod" as the service name in the U
9258		option.
9259	Fix a problem that failed to set the "authentic" host name (that
9260		is, the one derived from the socket info) if you called
9261		sendmail -bs from inetd.  Based on code contributed by
9262		Todd Miller (this problem was also reported by Guy Helmer
9263		of Dakota State University).  This also fixes a related
9264		problem reported by Liudvikas Bukys of the University of
9265		Rochester.
9266	Parameterize "nroff -h" in all the Makefiles so people with
9267		variant versions can use them easily.  Suggested by
9268		Peter Collinson of Hillside Systems.
9269	SMTP "MAIL" commands with multiple ESMTP parameters required two
9270		spaces between parameters instead of one.  Reported by
9271		Valdis Kletnieks of Virginia Tech.
9272	Reduce the number of system calls during message collection by
9273		using global timeouts around the collect() loop.  This
9274		code was contributed by Eric Wassenaar.
9275	If the initial hostname name gathering results in a name
9276		without a dot (usually caused by NIS misconfiguration)
9277		and BIND is compiled in, directly access DNS to get
9278		the canonical name.  This should make life easier for
9279		Solaris systems.  If it still can't be resolved, and
9280		if the name server is listed as "required", try again
9281		in 30 seconds.  If that also fails, exit immediately to
9282		avoid bogus "config error: mail loops back to myself"
9283		messages.
9284	Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error
9285		message to explain how much space was available and
9286		sound a bit less threatening.  Suggested by Stan Janet
9287		of the National Institute of Standards and Technology.
9288	If mail is delivered to an alias that has an owner, deliver any
9289		requested return-receipt immediately, and strip the
9290		Return-Receipt-To: header from the subsequent message.
9291		This prevents a certain class of denial of service
9292		attack, arguably gives more reasonable semantics, and
9293		moves things more towards what will probably become a
9294		network standard.  Suggested by Christopher Davis of
9295		Kapor Enterprises.
9296	Add a "noreceipts" privacy flag to turn off all return receipts
9297		without recompiling.
9298	Avoid printing ESMTP parameters as part of the error message
9299		if there are errors during parsing.  This change is
9300		purely cosmetic.
9301	Avoid sending out error messages during the collect phase of
9302		SMTP; there is an MVS mailer from UCLA that gets
9303		confused by this.  Of course, I think it's their bug....
9304	Check for the $j macro getting undefined, losing a dot, or getting
9305		lost from $=w in the daemon before accepting a connection;
9306		if it is, it dumps state, prints a LOG_ALERT message,
9307		and drops core for debugging.  This is an attempt to
9308		track down a bug that I thought was long since gone.
9309		If you see this, please forward the log fragment to
9310		sendmail@sendmail.ORG.
9311	Change OLD_NEWDB from a #ifdef to a #if so it can be turned off
9312		with -DOLD_NEWDB=0 on the command line.  From Christophe
9313		Wolfhugel.
9314	Instead of trying to truncate the listen queue for the server
9315		SMTP port when the load average is too high, just close
9316		the port completely and reopen it later as needed.
9317		This ensures that the other end gets a quick "connection
9318		refused" response, and that the connection can be
9319		recovered later.  In particular, some socket emulations
9320		seem to get confused if you tweak the listen queue
9321		size around and can never start listening to connections
9322		again.  The down side is that someone could start up
9323		another daemon process in the interim, so you could
9324		have multiple daemons all not listening to connections;
9325		this could in turn cause the sendmail.pid file to be
9326		incorrect.  A better approach might be to accept the
9327		connection and give a 421 code, but that could break
9328		other mailers in mysterious ways and have paging behavior
9329		implications.
9330	Fix a glitch in TCP-level debugging that caused flag 16.101 to
9331		set debugging on the wrong socket.  From Eric Wassenaar.
9332	When creating a df* temporary file, be sure you truncate any
9333		existing data in the file -- otherwise system crashes
9334		and the like could result in extra data being sent.
9335	DOC: Replace the CHANGES-R5-R8 readme file with a paper in the
9336		doc directory.  This includes some additional
9337		information.
9338	CONFIG: change UUCP rules to never add $U! or $k! on the front
9339		of recipient envelope addresses.  This should have been
9340		handled by the $&h trick, but broke if people were
9341		mixing domainized and UUCP addresses.  They should
9342		probably have converted all the way over to uucp-uudom
9343		instead of uucp-{new,old}, but the failure mode was to
9344		loop the mail, which was bad news.
9345	Portability fixes:
9346		Newer BSDI systems (several people).
9347		Older BSDI systems from Christophe Wolfhugel.
9348		Intergraph CLIX, from Paul Southworth of CICNet.
9349		UnixWare, from Evan Champion.
9350		NetBSD from Adam Glass.
9351		Solaris from Quentin Campbell of the University of
9352			Newcastle upon Tyne.
9353		IRIX from Dean Cookson and Bill Driscoll of Mitre
9354			Corporation.
9355		NCR 3000 from Kevin Darcy of Chrysler Financial Corporation.
9356		SunOS (it has setsid() and setvbuf() calls) from
9357			Jonathan Kamens of OpenVision Technologies.
9358		HP-UX from Tor Lillqvist.
9359	New Files:
9360		src/Makefile.CLIX
9361		src/Makefile.NCR3000
9362		doc/changes/Makefile
9363		doc/changes/changes.me
9364		doc/changes/changes.ps
9365
93668.6.8/8.6.6	1994/03/21
9367	SECURITY: it was possible to read any file as root using the
9368		E (error message) option.  Reported by Richard Jones;
9369		fixed by Michael Corrigan and Christophe Wolfhugel.
9370
93718.6.7/8.6.6	1994/03/14
9372	SECURITY: it was possible to get root access by using weird
9373		values to the -d flag.  Thanks to Alain Durand of
9374		INRIA for forwarding me the notice from the bugtraq
9375		list.
9376
93778.6.6/8.6.6	1994/03/13
9378	SECURITY: the ability to give files away on System V-based
9379		systems proved dangerous -- don't run as the owner
9380		of a :include: file on a system that allows giveaways.
9381		Unfortunately, this also applies to determining a
9382		valid shell.
9383	IMPORTANT: Previous versions weren't expiring old connections
9384		in the connection cache for a long time under some
9385		circumstances.  This could result in resource exhaustion,
9386		both at your end and at the other end.  This checks the
9387		connections for timeouts much more frequently.  From
9388		Doug Anderson of NCSC.
9389	Fix a glitch that snuck in that caused programs to be run as
9390		the sender instead of the recipient if the mail was
9391		from a local user to another local user.  From
9392		Motonori Nakamura of Kyoto University.
9393	Fix "wildcard" on /etc/shells matching -- instead of looking
9394		for "*", look for "/SENDMAIL/ANY/SHELL/".  From
9395		Bryan Costales of ICSI.
9396	Change the method used to declare the "statfs" availability;
9397		instead of HASSTATFS and/or HASUSTAT with a ton of
9398		tweaking in conf.c, there is a single #define called
9399		SFS_TYPE which takes on one of six values (SFS_NONE
9400		for no statfs availability, SFS_USTAT for the ustat(2)
9401		syscall, SFS_4ARGS for a four argument statfs(2) call,
9402		and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument
9403		statfs(2) call with the declarations in <sys/vfs.h>,
9404		<sys/mount.h>, or <sys/statfs.h> respectively).
9405	Fix glitch in NetInfo support that could return garbage if
9406		there was no "/locations/sendmail" property.  From
9407		David Meyer of the University of Virginia.
9408	Change HASFLOCK from defined/not-defined to a 0/1 definition
9409		to allow Linux to turn it off even though it is a
9410		BSD-like system.
9411	Allow setting of "ident" timeout to zero to turn off the ident
9412		protocol entirely.
9413	Make 7-bit stripping local to a connection (instead of to a
9414		mailer); this allows you to specify that SMTP is a
9415		7-bit channel, but revert to 8-bit should it advertise
9416		that it supports 8BITMIME.  You still have to specify
9417		mailer flag 7 to get this stripping at all.
9418	Improve makesendmail script so it handles more cases automatically.
9419	Tighten up restrictions on taking ownership of :include: files
9420		to avoid problems on systems that allow you to give away
9421		files.
9422	Fix a problem that made it impossible to rebuild the alias
9423		file if it was on a read-only file system.  From
9424		Harry Edmon of the University of Washington.
9425	Improve MX randomization function.  From John Gardiner Myers
9426		of CMU.
9427	Fix a minor glitch causing a bogus message to be printed (used
9428		%s instead of %d in a printf string for the line number)
9429		when a bad queue file was read.  From Harry Edmon.
9430	Allow $s to remain NULL on locally generated mail.  I'm not
9431		sure this is necessary, but a lot of people have complained
9432		about it, and there is a legitimate question as to whether
9433		"localhost" is legal as an 822-style domain.
9434	Fix a problem with very short line lengths (mailer L= flag) in
9435		headers.  This causes a leading space to be added onto
9436		continuation lines (including in the body!), and also
9437		tries to wrap headers containing addresses (From:, To:,
9438		etc) intelligently at the shorter line lengths.  Problem
9439		Reported by Lars-Johan Liman of SUNET Operations Center.
9440	Log the real user name when logging syserrs, since these can have
9441		security implications.  Suggested by several people.
9442	Fix address logging of cached connections -- it used to always
9443		log the numeric address as zero.  This is a somewhat
9444		bogus implementation in that it does an extra system
9445		call, but it should be an inexpensive one.  Fix from
9446		Motonori Nakamura.
9447	Tighten up handling of short syslog buffers even more -- there
9448		were cases where the outgoing relay= name was too long
9449		to share a line with delay= and mailer= logging.
9450	Limit the overhead on split envelopes to one open file descriptor
9451		per envelope -- previously the overhead was three
9452		descriptors.  This was in response to a problem reported
9453		by P{r (Pell) Emanuelsson.
9454	Fixes to better handle the case of unexpected connection closes;
9455		this redirects the output to the transcript so the info
9456		is not lost.  From Eric Wassenaar.
9457	Fix potential string overrun if you macro evaluate a string that
9458		has a naked $ at the end.  Problem noted by James Matheson
9459		<jmrm@eng.cam.ac.uk>.
9460	Make default error number on $#error messages 553 (``Requested
9461		action not taken: mailbox name not allowed'') instead of
9462		501 (``Syntax error in parameters or arguments'') to
9463		avoid bogus "protocol error" messages.
9464	Strip off any existing trailing dot on names during $[ ... $]
9465		lookup.  This prevents it from ending up with two dots
9466		on the end of dot terminated names.  From Wesley Craig
9467		of the University of Michigan and Bryan Costales of ICSI.
9468	Clean up file class reading so that the debugging information is
9469		more informative.  It hadn't been using setclass, so you
9470		didn't see the class items being added.
9471	Avoid core dump if you are running a version of sendmail where
9472		NIS is compiled in, and you specify an NIS map, but
9473		NIS is not running.  Fix from John Oleynick of
9474		Rutgers.
9475	Diagnose bizarre case where res_search returns a failure value,
9476		but sets h_errno to a success value.
9477	Make sure that "too many hops" messages are considered important
9478		enough to send an error to the Postmaster (that is, the
9479		address specified in the P option).  This fix should
9480		help problems that cause the df file to be left around
9481		sometimes -- unfortunately, I can't seem to reproduce
9482		the problem myself.
9483	Avoid core dump (null pointer reference) on EXPN command; this
9484		only occurred if your log level was set to 10 or higher
9485		and the target account was an alias or had a .forward file.
9486		Problem noted by Janne Himanka.
9487	Avoid "denial of service" attacks by someone who is flooding your
9488		SMTP port with bad commands by shutting the connection
9489		after 25 bad commands are issued.  From Kyle Jones of
9490		UUNET.
9491	Fix core dump on error messages with very long "to" buffers;
9492		fmtmsg overflows the message buffer.  Fixed by trimming
9493		the to address to 203 characters.  Problem reported by
9494		John Oleynick.
9495	Fix configuration for HASFLOCK -- there were some spots where
9496		a #ifndef was incorrectly #ifdef.  Pointed out by
9497		George Baltz of the University of Maryland.
9498	Fix a typo in savemail() that could cause the error message To:
9499		lists to be incorrect in some places.  From Motonori
9500		Nakamura.
9501	Fix a glitch that can cause duplicate error messages on split
9502		envelopes where an address on one of the lists has a
9503		name server failure.  Fix from Voradesh Yenbut of the
9504		University of Washington.
9505	Fix possible bogus pointer reference on ESMTP parameters that
9506		don't have an ``=value'' part.
9507	CNAME loops caused an error message to be generated, but also
9508		re-queued the message.  Changed to just re-queue the
9509		message (it's really hard to just bounce it because
9510		of the weird way the name server works in the presence
9511		of CNAME loops).  Problem noted by James M.R.Matheson
9512		of Cambridge University.
9513	Avoid giving ``warning: foo owned process doing -bs'' messages
9514		if they use ``MAIL FROM:<foo>'' where foo is their true
9515		user name.  Suggested by Andreas Stolcke of ICSI.
9516	Change the NAMED_BIND compile flag to be a 0/1 flag so you can
9517		override it easily in the Makefile -- that is, you can
9518		turn it off using -DNAMED_BIND=0.
9519	If a gethostbyname(...) of an address with a trailing dot fails,
9520		try it without the trailing dot.  This is because if
9521		you have a version of gethostbyname() that falls back
9522		to NIS or the /etc/hosts file it will fail to find
9523		perfectly reasonable names that just don't happen to
9524		be dot terminated in the hosts file.  You don't want to
9525		strip the dot first though because we're trying to ensure
9526		that country names that match one of your subdomains get
9527		a chance.
9528	PRALIASES: fix bogus output on non-null-terminated strings.
9529		From Bill Gianopoulos of Raytheon.
9530	CONFIG: Avoid rewriting anything that matches $w to be $j.
9531		This was in code intended to only catch the self-literal
9532		address (that is, [1.2.3.4], where 1.2.3.4 is your
9533		IP address), but the code was broken.  However, it will
9534		still do this if $M is defined; this is necessary to
9535		get client configurations to work (sigh).  Note that this
9536		means that $M overrides :mailname entries in the user
9537		database!  Problem noted by Paul Southworth.
9538	CONFIG: Fix definition of Solaris help file location.  From
9539		Steve Cliffe <steve@gorgon.cs.uow.edu.au>.
9540	CONFIG: Fix bug that broke news.group.USENET mappings.
9541	CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX,
9542		and USENET_MAILER_MAX to tweak the maximum message
9543		size for various mailers.
9544	CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0]
9545		instead of assuming that it is "inews" for consistency
9546		with other mailers.  From Michael Corrigan of UC San Diego.
9547	CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB,
9548		qualify the address in the SMTP envelope as user@{relay|hub}
9549		instead of user@$j.  From Bill Wisner of The Well.
9550	CONFIG: Fix route-addr syntax in nullrelay configuration set.
9551	CONFIG: Don't turn off case mapping of user names in the local
9552		mailer for IRIX.  This was different than most every other
9553		system.
9554	CONFIG: Avoid infinite loops on certainly list:; syntaxes in
9555		envelope.  Noted by Thierry Besancon
9556		<besancon@excalibur.ens.fr>.
9557	CONFIG: Don't include -z by default on uux line -- most systems
9558		don't want it set by default.  Pointed out by Philippe
9559		Michel of Thomson CSF.
9560	CONFIG: Fix some bugs with mailertables -- for example, if your
9561		host name was foo.bar.ray.com and you matched against
9562		".ray.com", the old implementation bound %1 to "bar"
9563		instead of "foo.bar".  Also, allow "." in the mailertable
9564		to match anything -- essentially, take over SMART_HOST.
9565		This also moves matching of explicit local host names
9566		before the mailertable so they don't have to be special
9567		cased in the mailertable data.  Reported by Bill
9568		Gianopoulos of Raytheon; the fix for the %1 binding
9569		problem was contributed by Nicholas Comanos of the
9570		University of Sydney.
9571	CONFIG: Don't include "root" in class $=L (users to deliver
9572		locally, even if a hub or relay exists) by default.
9573		This is because of the known bug where definition of
9574		both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore
9575		both and deliver into the local mailbox.
9576	CONFIG: Move up bitdomain and uudomain handling so that they
9577		are done before .UUCP class matching; uudomain was
9578		reported as ineffective before.  This also frees up
9579		diversion 8 for future use.  Problem reported by Kimmo
9580		Suominen.
9581	CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4])
9582		into host names.  As pointed out by Jonathan Kamens,
9583		these are often used because either the forward or reverse
9584		mapping is broken; this translation makes it broken again.
9585	DOC: Clarify $@ and $: in the Install & Op Guide.  From Kimmo
9586		Suominen.
9587	Portability fixes:
9588		Unicos from David L. Kensiski of Sterling Software.
9589		DomainOS from Don Lewis of Silicon Systems.
9590		GNU m4 1.0.3 from Karst Koymans of Utrecht University.
9591		Convex from Kimmo Suominen <kim@tac.nyc.ny.us>.
9592		NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>.
9593		BSD/386 from Tony Sanders of BSDI.
9594		Apollo from Eric Wassenaar.
9595		DGUX from Doug Anderson.
9596		Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent.
9597	NEW FILES:
9598		src/Makefile.DomainOS
9599		src/Makefile.PTX
9600		src/Makefile.SunOS.5.1
9601		src/Makefile.SunOS.5.2
9602		src/Makefile.SunOS.5.x
9603		src/mailq.1
9604		cf/ostype/domainos.m4
9605		doc/op/Makefile
9606		doc/intro/Makefile
9607		doc/usenix/Makefile
9608
96098.6.5/8.6.5	1994/01/13
9610	Security fix:  /.forward could be owned by anyone (the test
9611		to allow root to own any file was backwards).  From
9612		Bob Campbell at U.C. Berkeley.
9613	Security fix: group ids were not completely set when programs
9614		were invoked.  This caused programs to have group
9615		permissions they should not have had (usually group
9616		daemon instead of their own group).  In particular,
9617		Perl scripts would refuse to run.
9618	Security: check to make sure files that are written are not
9619		symbolic links (at least under some circumstances).
9620		Although this does not respond to a specific known
9621		attack, it's just a good idea.  Suggested by
9622		Christian Wettergren.
9623	Security fix: if a user had an NFS mounted home directory on
9624		a system with a restricted shell listed in their
9625		/etc/passwd entry, they could still execute any
9626		program by putting that in their .forward file.
9627		This fix prevents that by insisting that their shell
9628		appear in /etc/shells before allowing a .forward to
9629		execute a program or write a file.  You can disable
9630		this by putting "*" in /etc/shells.  It also won't
9631		permit world-writable :include: files to reference
9632		programs or files (there's no way to disable this).
9633		These behaviors are only one level deep -- for
9634		example, it is legal for a world-writable :include:
9635		file to reference an alias that writes a file, on
9636		the assumption that the alias file is well controlled.
9637	Security fix: root was not treated suspiciously enough when
9638		looking into subdirectories.  This would potentially
9639		allow a cracker to examine files that were publicly
9640		readable but in a non-publicly searchable directory.
9641	Fix a problem that causes an error on QUIT on a cached
9642		connection to create problems on the current job.
9643		These are typically unrelated, so errors occur in
9644		the wrong place.
9645	Reset CurrentLA in sendall() -- this makes sendmail queue
9646		runs more responsive to load average, and fixes a
9647		problem that ignored the load average in locally
9648		generated mail.  From Eric Wassenaar.
9649	Fix possible core dump on aliases with null LHS.  From
9650		John Orthoefer of BB&N.
9651	Revert to using flock() whenever possible -- there are just
9652		too many bugs in fcntl() locking, particularly over
9653		NFS, that cause sendmail to fail in perverse ways.
9654	Fix a bug that causes the connection cache to get confused
9655		when sending error messages.  This resulted in
9656		"unexpected close" messages.  It should fix itself
9657		on the following queue run.  Problem noted by
9658		Liudvikas Bukys of the University of Rochester.
9659	Include $k in $=k as documented in the Install & Op Guide.
9660		This seems odd, but it was documented....  From
9661		Michael Corrigan of UCSD.
9662	Fix problem that caused :include:s from alias files to be
9663		forced to be owned by root instead of daemon
9664		(actually DefUid).  From Tim Irvin.
9665	Diagnose unrecognized I option values -- from Mortin Forssen
9666		of the Chalmers University of Technology.
9667	Make "error" mailer work consistently when there is no error
9668		code associated with it -- previously it returned OK
9669		even though there was a real problem.  Now it assumes
9670		EX_UNAVAILABLE.
9671	Fix bug that caused the last header line of messages that had
9672		no body and which were terminated with EOF instead of
9673		"." to be discarded.  Problem noted by Liudvikas Bukys.
9674	Fix core dump on SMTP mail to programs that failed -- it tried
9675		to go to a "next MX host" when none existed, causing
9676		a core dump.  From der Mouse at McGill University.
9677	Change IDENTPROTO from a defined/not defined to a 0/1 switch;
9678		this makes it easier to turn it off (using
9679		-DIDENTPROTO=0 in the Makefile).  From der Mouse.
9680	Fix YP_MASTER_NAME store to use the unupdated result of
9681		gethostname() (instead of myhostname(), which tries
9682		to fully qualify the name) to be consistent with
9683		SunOS.  If your hostname is unqualified, this fixes
9684		transfers to slave servers.  Bug noted by Keith
9685		McMillan of Ameritech Services, Inc.
9686	Fix Ultrix problem: gethostbyname() can return a very large
9687		(> 500) h_length field, which causes the sockaddr
9688		to be trashed.  Use the size of the sockaddr instead.
9689		Fix from Bob Manson of Ohio State.
9690	Don't assume "-a." on host lookups if NAMED_BIND is not
9691		defined -- this confuses gethostbyname on hosts
9692		file lookups, which doesn't understand the trailing
9693		dot convention.
9694	Log SMTP server subprocesses that die with a signal instead
9695		of from a clean exit.
9696	If you don't have option "I" set, don't assume that a DNS
9697		"host unknown" message is authoritative -- it
9698		might still be found in /etc/hosts.
9699	Fix a problem that would cause Deferred: messages to be sent
9700		as the subject of an error message, even though the
9701		actual cause of a message was more severe than that.
9702		Problem noted by Chris Seabrook of OSSI.
9703	Fix race condition in DBM alias file locking.  From Kyle
9704		Jones of UUNET.
9705	Limit delivery syslog line length to avoid bugs in some
9706		versions of syslog(3).  This adds a new compile time
9707		variable SYSLOG_BUFSIZE.  From Jay Plett of Princeton
9708		University, which is in turn derived from IDA.
9709	Fix quotes inside of comments in addresses -- previously
9710		it insisted that they be balanced, but the 822 spec
9711		says that they should be ignored.
9712	Dump open file state to syslog upon receiving SIGUSR1 (for
9713		debugging).  This also evaluates ruleset 89, if set
9714		(with the null input), and logs the result.  This
9715		should be used sparingly, since the rewrite process
9716		is not reentrant.
9717	Change -qI, -qR, and -qS flags to be case-insensitive as
9718		documented in the Bat Book.
9719	If the mailer returned EX_IOERR or EX_OSERR, sendmail did not
9720		return an error message and did not requeue the message.
9721		Fix based on code from Roland Dirlewanger of
9722		Reseau Regional Aquarel, Bordeaux, France.
9723	Fix a problem that caused a seg fault if you got a 421 error
9724		code during some parts of connection initialization.
9725		I've only seen this when talking to buggy mailers on
9726		the other end, but it shouldn't give a seg fault in
9727		any case.  From Amir Plivatsky.
9728	Fix core dump caused by a ruleset call that returns null.
9729		Fix from Bryan Costales of ICSI.
9730	Full-Name: field was being ignored.  Fix from Motonori Nakamura
9731		of Kyoto University.
9732	Fix a possible problem with very long input lines in setproctitle.
9733		From P{r Emanuelsson.
9734	Avoid putting "This is a warning message" out on return receipts.
9735		Suggested by Douglas Anderson.
9736	Detect loops caused by recursive ruleset calls.  Suggested by
9737		Bryan Costales.
9738	Initialize non-alias maps during alias rebuilds -- they may be
9739		needed for parsing.  Problem noted by Douglas Anderson.
9740	Log sender address even if no message was collected in SMTP
9741		(e.g., if all RCPTs failed).  Suggested by Motonori
9742		Nakamura.
9743	Don't reflect the owner-list contents into the envelope sender
9744		address if the value contains ", :, /, or | (to avoid
9745		illegal addresses appearing there).
9746	Efficiency hack for toktype macro -- from Craig Partridge of
9747		BB&N.
9748	Clean up DNS error printing so that a host name is always
9749		included.
9750	Remember to set $i during queue runs.  Reported by Stephen
9751		Campbell of Dartmouth University.
9752	If the environment variable HOSTALIASES is set, use it during
9753		canonification as the name of a file with per-user host
9754		translations so that headers are properly mapped.  Reported
9755		by Anne Bennett of Concordia University.
9756	Avoid printing misleading error message if SMTP mailer (not
9757		using [IPC]) should die on a core dump.
9758	Avoid incorrect diagnosis of "file 1 closed" when it is caused
9759		by the other end closing the connection.  From
9760		Dave Morrison of Oracle.
9761	Improve several of the error messages printed by "mailq"
9762		to include a host name or other useful information.
9763	Add NetInfo preliminary support for NeXT systems.  From Vince
9764		DeMarco.
9765	Fix a glitch that sometimes caused :include:s that pointed to
9766		NFS filesystems that were down to give an "aliasing/
9767		forwarding loop broken" message instead of queueing
9768		the message for retry.  Noted by William C Fenner of
9769		the NRL Connection Machine Facility.
9770	Fix a problem that could cause a core dump if the input sequence
9771		had (or somehow acquired) a \231 character.
9772	Make sure that route-addrs always have <angle brackets> around
9773		them in non-SMTP envelopes (SMTP envelopes already do
9774		this properly).
9775	Avoid weird headers on unbalanced punctuation of the form:
9776		``Joe User <user)'' -- this caused reference to the
9777		null macro.  Fix from Rick McCarty of IO.COM.
9778	Fix a problem that caused an alias "user: user@local.host" to
9779		not have the QNOTREMOTE bit set; this caused configs
9780		to act as if FEATURE(notsticky) was defined even when
9781		it was not.  The effect of the problem was to make it
9782		very hard to to set up satellite sites that had a few
9783		local accounts, with everything else forwarded to a
9784		corporate hub.  Reported by Detlef Drewanz of the
9785		University of Rostock and Mark Frost of NCD.
9786	Change queuing to not call rulesets 3, {1 or 2}, 4 on header
9787		addresses.  This is more efficient (fewer name server
9788		calls) and fixes certain unusual configurations, such
9789		as those that have ruleset 4 do something that is
9790		non-idempotent unless a mailer-specific ruleset did
9791		something else.  Problem reported by Brian J. Coan
9792		of the Institute for Global Communications.
9793	Fix the "obsolete argument" routine in main to better understand
9794		new arguments.  For example, if you used ``sendmail
9795		-C config -v -q'' it would choke on the -q because
9796		the -C would stop looking for old-format arguments.
9797	Fix the code that was intended to allow two users to forward their
9798		mail to the same program and have them appear unique.
9799	Portability fixes for:
9800		SCO UNIX from Murray Kucherawy.
9801		SCO Open Server 3.2v4 from Philippe Brand.
9802		System V Release 4 from Rick Ellis and others.
9803		OSF/1 from Steve Campbell.
9804		DG/UX from Ben Mesander of the USGS and Bryan Curnutt
9805			of Stoner Associates.
9806		Motorola SysV88 from Kevin Johnson of Motorola.
9807		Solaris 2.3 from Casper H.S. Dik of the University
9808			of Amsterdam and John Caruso of University
9809			of Maryland.
9810		FreeBSD from Ollivier Robert.
9811		NetBSD from Adam Glass.
9812		TitanOS from Kate Hedstrom of Rutgers University.
9813		Irix from Bryan Curnutt.
9814		Dynix from Jim Davis of the University of Arizona.
9815		RISC/os.
9816		Linux from John Kennedy of California State University
9817			at Chico.
9818		Solaris 2.x from Tony Boner of the U.S. Air Force.
9819		NEXTSTEP 3.x from Vince DeMarco.
9820		HP-UX from various people.  NOTA BENE:  the location
9821			of the config file has moved to /usr/lib
9822			to match the HP-UX version of sendmail.
9823	CONFIG: Don't do any recipient rewriting on relay mailer;
9824		since this is intended only for internal use, the
9825		usual RFC 821/822/1123 rules can be relaxed.  The
9826		main point of this is to avoid munging (ugh) UUCP
9827		addresses when relaying internally.
9828	CONFIG: fix typo in mailer/uucp.m4 that mutilates list:;
9829		syntax addresses delivered via UUCP.  Solution
9830		provided by Peter Wemm.
9831	CONFIG: fix thumb-fumble in default UUCP relaying in ruleset
9832		zero; it caused double @ signs in addresses.  From
9833		Irving Reid of the University of Toronto.
9834	CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1
9835		from Markku Toijala of ICL Personal Systems Oy.
9836	CONFIG: Add trailing "." on pseudo-domains for consistency;
9837		this fixes a problem (noted by Al Whaley of Sunnyside)
9838		that made it hard to recognize your own pseudodomain
9839		names.
9840	CONFIG: catch "@host" syntax errors (i.e., null local-parts)
9841		rather than letting them get "local configuration
9842		error"s.  Problem noted by John Gardiner Myers.
9843	CONFIG: add uucp-uudom mailer variant, based on code posted
9844		by Spider Boardman <spider@Orb.Nashua.NH.US>; this
9845		has uucp-dom semantics but old UUCP syntax.  This
9846		also permits "uucp-old" as an alias for "uucp" and
9847		"uucp-new" as a synonym for "suucp" for consistency.
9848	CONFIG: add POP mailer support (from Kimmo Suominen
9849		<kim@grendel.lut.fi>).
9850	CONFIG: drop CSNET_RELAY support -- CSNET is long gone.
9851	CONFIG: fix bug caused with domain literal addresses (e.g.,
9852		``[128.32.131.12]'') when FEATURE(allmasquerade)
9853		was set; it would get an additional @masquerade.host
9854		added to the address.  Problem noted by Peter Wan
9855		of Georgia Tech.
9856	CONFIG: make sure that the local UUCP name is in $=w.  From
9857		Jim Murray of Stratus.
9858	CONFIG: changes to UUCP rewriting to simulate IDA-style "V"
9859		mailer flag.  Briefly, if you are sending to host
9860		"foo", then it rewrites "foo!...!baz" to "...!baz",
9861		"foo!baz" remains "foo!baz", and anything else has
9862		the local name prepended.
9863	CONFIG: portability fixes for HP-UX.
9864	DOC: several minor problems fixed in the Install & Op Guide.
9865	MAKEMAP: fix core dump problem on lines that are too long or
9866		which lack newline.  From Mark Delany.
9867	MAILSTATS: print sums of columns (total messages & kbytes
9868		in and out of the system).  From Tom Ferrin of UC
9869		San Francisco Computer Graphics Lab.
9870	SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES:
9871		On HP-UX, /etc/sendmail.cf has been moved to
9872			/usr/lib/sendmail.cf to match HP sendmail.
9873		Permissions have been tightened up on world-writable
9874			:include: files and accounts that have shells
9875			that are not listed in /etc/shells.  This may
9876			cause some .forward files that have worked
9877			before to start failing.
9878		SIGUSR1 dumps some state to the log.
9879	NEW FILES:
9880		src/Makefile.DGUX
9881		src/Makefile.Dynix
9882		src/Makefile.FreeBSD
9883		src/Makefile.Mach386
9884		src/Makefile.NetBSD
9885		src/Makefile.RISCos
9886		src/Makefile.SCO
9887		src/Makefile.SVR4
9888		src/Makefile.Titan
9889		cf/mailer/pop.m4
9890		cf/ostype/bsdi1.0.m4
9891		cf/ostype/dgux.m4
9892		cf/ostype/dynix3.2.m4
9893		cf/ostype/sco3.2.m4
9894		makemap/Makefile.dist
9895		praliases/Makefile.dist
9896
98978.6.4/8.6.4	1993/10/31
9898	Repair core-dump problem (write to read-only memory segment)
9899		if you fall back to the return-to-Postmaster case in
9900		savemail.  Problem reported by Richard Liu.
9901	Immediately diagnose bogus sender addresses in SMTP.  This
9902		makes quite certain that crackers can't use this
9903		class of attack.
9904	Reliability Fix:  check return value from fclose() and fsync()
9905		in a few critical places.
9906	Minor problem in initsys() that reversed a condition for
9907		redirecting the output channel on queue runs.  It's
9908		not clear this code even does anything.  From Eric
9909		Wassenaar of the Dutch National Institute for Nuclear
9910		and High-Energy Physics.
9911	Fix some problems that caused queue runs to do "too much work",
9912		such as double-reading the Errors-To: header.  From
9913		Eric Wassenaar.
9914	Error messages on writing the temporary file (including the
9915		data file) were getting suppressed in SMTP -- this
9916		fix causes them to be properly reported.  From Eric
9917		Wassenaar.
9918	Some changes to support AF_UNIX sockets -- this will only
9919		really become relevant in the next release, but some
9920		people need it for local patches.  From Michael
9921		Corrigan of UC San Diego.
9922	Use dynamically allocated memory (instead of static buffers)
9923		for macros defined in initsys() and settime(); since
9924		these can have different values depending on which
9925		envelope they are in.  From Eric Wassenaar.
9926	Improve logging to show ctladdr on to= logging; this tells you
9927		what uid/gid processes ran as.
9928	Fix a problem that caused error messages to be discarded if
9929		the sender address was unparseable for some reason;
9930		this was supposed to fall back to the "return to
9931		postmaster" case.
9932	Improve aliaswait backoff algorithm.
9933	Portability patches for Linux (8.6.3 required another header
9934		file) (from Karl London) and SCO UNIX.
9935	CONFIG: patch prog mailer to not strip host name off of envelope
9936		addresses (so that it matches local again).  From
9937		Christopher Davis.
9938	CONFIG: change uucp-dom mailer so that "<>" translates to $n;
9939		this prevents uux from seeing lines with null names like
9940		``From   Sat Oct 30 14:55:31 1993''.  From Motonori
9941		Nakamura of Kyoto University.
9942	CONFIG: handle <list:;> syntax correctly.  This isn't legal, but
9943		it shouldn't fail miserably.  From Motonori Nakamura.
9944
99458.6.2/8.6.2	1993/10/15
9946	Put a "successful delivery" message in the transcript for
9947		addresses that get return-receipts.
9948	Put a prominent "this is only a warning" message in warning
9949		messages -- some people don't read carefully enough
9950		and end up sending the message several times.
9951	Include reason for temporary failure in the "warning" return
9952		message.  Currently, it just says "cannot send for
9953		four hours".
9954	Fix the "Original message received" time generated for
9955		returntosender messages.  It was previously listed as
9956		the current time.  Bug reported by Eric Hagberg of
9957		Cornell University Medical College.
9958	If there is an error when writing the body of a message,
9959		don't send the trailing dot and wait for a response
9960		in sender SMTP, as this could cause the connection to
9961		hang up under some bizarre circumstances.  From Eric
9962		Wassenaar.
9963	Fix some server SMTP synchronization problems caused when
9964		connections fail during message collection.  From
9965		Eric Wassenaar.
9966	Fix a problem that can cause srvrsmtp to reject mail if the
9967		name server is down -- it accepts the RCPT but rejects
9968		the DATA command.  Problem reported by Jim Murray of
9969		Stratus.
9970	Fix a problem that can cause core dumps if the config file
9971		incorrectly resolves to a null hostname.  Reported by
9972		Allan Johannesen of WPI.
9973	Non-root use of -C flag, dangerous -f flags, and use of -oQ
9974		by non-root users were not put into
9975		X-Authentication-Warning:s as intended because the
9976		config file hadn't set the PrivacyOptions yet.  Fix
9977		from Sven-Ove Westberg of the University of Lulea.
9978	Under very odd circumstances, the alias file rebuild code
9979		could get confused as to whether a database was
9980		open or not.
9981	Check "vendor code" on the end of V lines -- this is
9982		intended to provide a hook for vendor-specific
9983		configuration syntax.  (This is a "new feature",
9984		but I've made an exception to my rule in a belief
9985		that this is a highly exceptional case.)
9986	Portability fixes for DG/UX (from Douglas Anderson of NCSC),
9987		SCO Unix (from Murray Kucherawy), A/UX, and OSF/1
9988		(from Jon Forrest of UC Berkeley)
9989	CONFIG: fix ``mailer:host'' form of UUCP relay naming.
9990
99918.6.1/8.6	1993/10/08
9992	Portability fixes for A/UX and Encore UMAX V.
9993	Fix error message handling -- if you had a name server down
9994		causing an error during parsing, that message was never
9995		propagated to the queue file.
9996
99978.6/8.6		1993/10/05
9998	Configuration cleanup: make it easier to undo IDENTPROTO in
9999		conf.h (other systems have the same bug).
10000	If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume
10001		getdtablesize() instead of sysconf(); a disturbingly
10002		large number of systems defined _SC_OPEN_MAX in the
10003		header files but don't have the syscall.
10004	Another patch to really truly ignore MX records in getcanonname
10005		if trymx == FALSE.
10006	Fix problem that caused the "250 IAA25499 Message accepted for
10007		delivery" message to be omitted if there was an error
10008		in the header of the message (e.g., a bad Errors-To:
10009		line).  Pointed out by Michael Corrigan of UCSD.
10010	Announce name of host we are chatting when we get errors; this
10011		is an IDA-ism suggested by Christophe Wolfhugel.
10012	Portability fixes for Alpha OSF/1 (from Anthony Baxter of the
10013		Australian Artificial Intelligence Institute), SCO Unix
10014		(from Murray Kucherawy of Hookup Communication Corp.),
10015		NeXT (from Vince DeMarco and myself), Linux (from
10016		Karl London <karl@borg.demon.co.uk>), BSDI (from
10017		Christophe Wolfhugel, and SVR4 on Dell (from Kimmo
10018		Suominen), AUX 3.0 on Macintosh, and ANSI C compilers.
10019	Some changes to get around gcc optimizer bugs.  From Takahiro
10020		Kanbe.
10021	Fix error recovery in queueup if another tf file of the same
10022		name already exists.  Problem stumbled over by Bill
10023		Wisner of The Well.
10024	Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes.
10025		Problem noted by Keith McMillan of Ameritech Services.
10026	Deal with group permissions properly when opening .forward and
10027		:include: files.  This relaxes the 8.1C restrictions
10028		slightly more.  This includes proper setting of groups
10029		when reading :include: files, allowing you to read some
10030		files that you should be able to read but have previously
10031		been denied unless you owned them or they had "other"
10032		read permission.
10033	Make certain that $j is in $=w (after the .cf is read) so that
10034		if the user is forced to override some silly system,
10035		MX suppression will still work.
10036	Fix a couple of efficiency problems where newstr was double-
10037		calling expensive routines.  In at least one case, it
10038		wasn't guaranteed that they would always return the
10039		same result.  Problem noted by Christophe Wolfhugel.
10040	Fix null pointer dereference in putoutmsg -- only on an error
10041		condition from a non-SMTP mailer.  From Motonori
10042		Nakamura.
10043	Macro expand "C" line class definitions before scanning so that
10044		"CX $Z" works.
10045	Fix problem that caused error message to be sent while still
10046		trying to send the original message if the connection
10047		is closed during a DATA command after getting an error
10048		on an RCPT command (pretty obscure).  Problem reported
10049		by John Myers of CMU.
10050	Fix reply to NOOP to be 250 instead of 200 -- this is a long
10051		term bug.
10052	Fix a nasty bug causing core dumps when returning the "warning:
10053		cannot deliver for N hours -- will keep trying" message;
10054		it only occurred if you had PostmasterCopy set and
10055		only on some architectures.  Although sendmail would
10056		keep trying, it would send error messages on each
10057		queue interval.  This is an important fix.
10058	Allow u and g options to take user and group names respectively.
10059	Don't do a chdir into the queue directory in -bt mode to make
10060		ruleset testing a bit easier.
10061	Don't allow users to turn off logging (using -oL) on the command
10062		line -- command line can only raise, not lower, logging
10063		level.
10064	Set $u to the original recipient on the SMTP transaction or on
10065		the command line.  This is only done if there is exactly
10066		one recipient.  Technically, this does not meet the
10067		specs, because it does not guarantee a domain on the
10068		address.
10069	Fix a problem that dumped error messages on bad addresses if
10070		you used the -t flag.  Problem noted by Josh Smith of
10071		Harvey Mudd College.
10072	Given an address such as ``<foo> <bar>'', auto-quote the first
10073		``<foo>'' part, giving ``"<foo>" <bar>''.  This is to
10074		avoid the problem of people who use angle brackets in
10075		their full name information.
10076	Fix a null pointer dereference if you set option "l", have
10077		an Errors-To: header in the message, and have Errors-To:
10078		defined in the config file H lines.  From J.R. Oldroyd.
10079	Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get
10080		wrong when compiling.  Suggested by Rick McCarty of TI.
10081	Fix a problem that could pass negative SIZE parameter if the
10082		df file got lost; this would cause servers to always
10083		give a temporary failure, making the problem even worse.
10084		Problem noted by Allan Johannesen of WPI.
10085	Add "ident" timeout (one of the "r" option selectors) for IDENT
10086		protocol timeouts (30s default).  Requested by Murray
10087		Kucherawy of HookUp Communication Corp. to handle bogus
10088		PC TCP/IP implementations.
10089	Change $w default definition to be just the first component of
10090		the domain name on config level 5.  The $j macro defaults
10091		to the FQDN; $m remains as before.  This lets well-behaved
10092		config files use any of the short, long, or subdomain
10093		names.
10094	Add makesendmail script in src to try to automate multi-architecture
10095		builds.  I know, this is sub-optimal, but it is still
10096		helpful.
10097	Fix very obscure race condition that can cause a queue run to
10098		get a queue file for an already completed job.  This
10099		problem has existed for years.  Problem noted by the
10100		long suffering Allan Johannesen of WPI.
10101	Fix a problem that caused the raw sender name to be passed to
10102		udbsender instead of the canonified name -- this caused
10103		it to sometimes miss records that it should have found.
10104	Relax check of name on HELO packet so that a program using -bs
10105		that claims to be itself works properly.
10106	Restore rewriting of $: part of address through 2, R, 4 in
10107		buildaddr -- this requires passing a lot of flags to get
10108		it right.  Unlike old versions, this ONLY rewrites
10109		recipient addresses, not sender addresses.
10110	Fix a bug that caused core dumps in config files that cannot
10111		resolve /file/name style addresses.  Fix from Jonathan
10112		Kamens of OpenVision Technologies.
10113	Fix problem with fcntl locking that can cause error returns to
10114		be lost if the lock is lost; this required fully
10115		queueing everything, dropping the envelope (so errors
10116		would get returned), and then re-reading the queue from
10117		scratch.
10118	Fix a problem that caused aliases that redefine an otherwise
10119		true address to still send to the original address
10120		if and only if the alias failed in certain bizarre
10121		ways (e.g, if they pointed at a list:; syntax address).
10122		Problem pointed out by Jonathan Kamens.
10123	Remove support for frozen configuration files.  They caused
10124		more trouble than it was worth.
10125	Fix problem that can cause error messages to get ignored when
10126		using both -odb and -t flags.  Problem noted by Rob
10127		McNicholas at U.C. Berkeley.
10128	Include all "normal" variations on hostname in $=w.  For example,
10129		if the host name is vangogh.cs.berkeley.edu, $=w will
10130		contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu.
10131	Add "restrictqrun" privacy flag -- without this, anyone can run
10132		the queue.
10133	Reset SmtpPhase global on initial connection creation so that
10134		messages don't come out with stale information.
10135	Pass an "ext" argument to lockfile so that error/log messages
10136		will properly reflect the true filename being locked.
10137	Put all [...] address forms into $=w -- this eliminates the need
10138		for MAXIPADDR in conf.h.  Suggested by John Gardiner
10139		Myers of CMU.
10140	Fix a bug that can cause qf files to be left around even after
10141		an SMTP RSET command.  Problem and fix from Michael
10142		Corrigan.
10143	Don't send a PostmasterCopy to errors when the Precedence: is
10144		negative.  Error reports still go to the envelope
10145		sender address.
10146	Add LA_SHORT for load averages.
10147	Lock sendmail.st file when posting statistics.
10148	Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to
10149		set the size of the TCP send and receive buffers; if you
10150		run over a slow slip line you may need to set these down
10151		(although it would be better to fix the SLIP implementation
10152		so that it's not necessary to recompile every program
10153		that does bulk data transfer).
10154	Allow null defaults on $( ... $) lookups.  Problem reported by
10155		Amir Plivatsky.
10156	Diagnose crufty S and V config lines.  This resulted from an
10157		observation that some people were using the SITE macro
10158		without the SITECONFIG macro first, which was causing
10159		bogus config files that were not caught.
10160	Fix makemap -f flag to turn off case folding (it was turning it
10161		on instead).  THIS IS A USER VISIBLE CHANGE!!!
10162	Fix a problem that caused multiple error messages to be sent if
10163		you used "sendmail -t -oem -odb", your system uses fcntl
10164		locking, and one of the recipient addresses is unknown.
10165	Reset uid earlier in include() so that recursive .forwards or
10166		:include:s don't use the wrong uid.
10167	If file descriptor 0, 1, or 2 was closed when sendmail was
10168		called, the code to recover the descriptor was broken.
10169		This sometimes (only sometimes) caused problems with the
10170		alias file.  Fix from Motonori Nakamura.
10171	Fix a problem that caused aliaswait to go into infinite recursion
10172		if the @:@ metasymbol wasn't found in the alias file.
10173	Improve error message on newaliases if database files cannot be
10174		opened or if running with no database format defined.
10175	Do a better estimation of the size of error messages when NoReturn
10176		is set.  Problem noted by P{r (Pell) Emanuelsson.
10177	Fix a problem causing the "c" option (don't connect to expensive
10178		mailers) to be ignored in SMTP.  Problem noted and the
10179		solution suggested by Robert Elz of The University of
10180		Melbourne.
10181	Improve connection caching algorithm by passing "[host]" to
10182		hostsignature, which strips the square brackets and
10183		returns the real name.  This allows mailertable entries
10184		to match regular entries.
10185	Re-enable Return-Receipt-To: -- people seem to want this stupid
10186		feature, even if it doesn't work right.
10187	Catch and log attempts to try the "wiz" command in server SMTP.
10188		This also ups the log level from LOG_NOTICE to LOG_CRIT.
10189	Be more generous at assigning $z to the home directory -- do this
10190		for programs that are specified through a .forward file.
10191		Fix from Andrew Chang of Sun Microsystems.
10192	Always save a fatal error message in preference to a non-fatal
10193		error message so that the "subject" line of return
10194		messages is the best possible.
10195	CONFIG: reduce the number of quotes needed to quote configuration
10196		parameters with commas: two quotes should work now, e.g.,
10197		define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local'').
10198	CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom
10199		connections (domain-ized UUCP).
10200	CONFIG: fix bug in default maps (-o must be before database file
10201		name).  Pointed out by Christophe Wolfhugel.
10202	CONFIG: add FEATURE(nodns) to state that we are not relying on
10203		DNS.  This would presumably be used in UUCP islands.
10204	CONFIG: add OSTYPE(nextstep) and OSTYPE(linux).
10205	CONFIG: log $u in Received: line.  This is in technical violation
10206		of the standards, since it doesn't guarantee a domain
10207		on the address.
10208	CONFIG: don't assume "m" in local mailer flags -- this means that
10209		if you redefine LOCAL_MAILER_FLAGS you will have to include
10210		the "m" flag should you want it.  Apparently some Solaris 2.2
10211		installations can't handle multiple local recipients.
10212		Problem noted by Josh Smith.
10213	CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults).
10214	CONFIG: change default version level from 4 to 5.
10215	CONFIG: add FEATURE(nullclient) to create a config file that
10216		forwards all mail to a hub without ever looking at the
10217		addresses in any detail.
10218	CONFIG: properly strip mailer: information off of relays when
10219		used to change .BITNET form into %-hack form.
10220	CONFIG: fix a problem that caused infinite loops if presented
10221		with an address such as "!foo".
10222	CONFIG: check for self literal (e.g., [128.32.131.12]) even if
10223		the reverse "PTR" mapping is broken.  There's a better
10224		way to do this, but the change is fairly major and I
10225		want to hold it for another release.  Problem noted by
10226		Bret Marquis.
10227
102288.5/8.5		1993/07/23
10229	Serious bug: if you used a command line recipient that was unknown
10230		sendmail would not send a return message (it was treating
10231		everything as though it had an SMTP-style client that
10232		would do the return itself).  Problem noted by Josh Smith.
10233	Change "trymx" option in getcanonname() to ignore all MX data,
10234		even during a T_ANY query.  This actually didn't break
10235		anything, because the only time you called getcanonname
10236		with !trymx was if you already knew there were no MX
10237		records, but it is somewhat cleaner.  From Motonori
10238		Nakamura.
10239	Don't call getcanonname from getmxrr if you already know there
10240		are no DNS records matching the name.
10241	Fix a problem causing error messages to always include "The
10242		original message was received ... from localhost".
10243		The correct original host information is now included.
10244	Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their
10245		version of "test" doesn't have the -x flag).  Change it
10246		to use -f instead.  From John Myers.
10247	CONFIG: 8.4 mistakenly set the default SMTP-style mailer to
10248		esmtp -- it should be smtp.
10249	CONFIG: send all relayed mail using confRELAY_MAILER (defaults
10250		to "relay" (a variant of "smtp") if MAILER(smtp) is used,
10251		else "suucp" if MAILER(uucp) is used, else "unknown");
10252		this cleans up the configs somewhat.  This fixes a serious
10253		problem that caused route-addrs to get mistaken as relays,
10254		pointed out by John Myers.  WARNING: this also causes
10255		the default on SMART_HOST to change from "suucp" to
10256		"relay" if you have MAILER(smtp) specified.
10257
102588.4/8.4		1993/07/22
10259	Add option `w'.  If you receive a message that comes to you because
10260		you are the best (lowest preference) target of an MX, and
10261		you haven't explicitly recognized the source MX host in
10262		your .cf file, this option will cause you to try the target
10263		host directly (as if there were no MX for it at all).  If
10264		`w' is not set, this case is a configuration error.
10265		Beware: if `w' is set, senders may get bogus errors like
10266		"message timed out" or "host unknown" for problems that
10267		are really configuration errors.  This option is
10268		disrecommended, provided only for compatibility with
10269		UIUC sendmail.
10270	Fix a problem that caused the incoming socket to be left open
10271		when sendmail forks after the DATA command.  This caused
10272		calling systems to wait in FIN_WAIT_2 state until the
10273		entire list was processed and the child closed -- a
10274		potentially prodigious amount of time.  Problem noted
10275		by Neil Rickert.
10276	Fix problem (created in 6.64) that caused mail sent to multiple
10277		addresses, one of which was a bad address, to completely
10278		suppress the sending of the message.  This changes
10279		handling of EF_FATALERRS somewhat, and adds an
10280		EF_GLOBALERRS flag.  This also fixes a potential problem
10281		with duplicate error messages if there is a syntax error
10282		in the header of a message that isn't noticed until late
10283		in processing.  Original problem pointed out by Josh Smith
10284		of Harvey Mudd College.  This release includes quite a bit
10285		of dickering with error handling (see below).
10286	Back out SMTP transaction if MAIL gets nested 501 error.  This
10287		will only hurt already-broken software and should help
10288		humans.
10289	Fix a problem that broke aliases when neither NDBM nor NEWDB were
10290		compiled in.  It would never read the alias file.
10291	Repair unbalanced `)' and `>' (the "open" versions are already
10292		repaired).
10293	Logging of "done" in dropenvelope() was incorrect: it would
10294		log this even when the queue file still existed.  Change
10295		this to only log "done" (at log level 11) when the
10296		queue file is actually removed.  From John Myers.
10297	Log "lost connection" in server SMTP at log level 20 if there
10298		is no pending transaction.  Some senders just close the
10299		connection rather than sending QUIT.
10300	Fix a bug causing getmxrr to add a dot to the end of unqualified
10301		domains that do not have MX records -- this would cause
10302		the subsequent host name lookup to fail.  The problem
10303		only occurred if you had FEATURE(nocanonify) set.
10304		Problem noted by Rick McCarty of Texas Instruments.
10305	Fix invocation of setvbuf when passed a -X flag -- I had
10306		unwittingly used an ANSI C extension, and this caused
10307		core dumps on some machines.
10308	Diagnose self-destructive alias loops on RCPT as well as EXPN.
10309		Previously it just gave an empty send queue, which
10310		then gave either "Need RCPT (recipient)" at the DATA
10311		(confusing, since you had given an RCPT command which
10312		returned 250) or just dropped the email, depending on
10313		whether you were running VERBose mode.  Now it usually
10314		diagnoses this case as "aliasing/forwarding loop broken".
10315		Unfortunately, it still doesn't adequately diagnose
10316		some true error conditions.
10317	Add internal concept of "warning messages" using 6xx codes.
10318		These are not reported only to Postmaster.  Unbalanced
10319		parens, brackets, and quotes are printed as 653 codes.
10320		They are always mapped to 5xx codes before use in SMTP.
10321	Clean up error messages to tell both the actual address that
10322		failed and the alias they arose from.  This makes it
10323		somewhat easier to diagnose problems.  Difficulty noted
10324		by Motonori Nakamura.
10325	Fix a problem that inappropriately added a ctladdr to addresses
10326		that shouldn't have had one during a queue run.  This
10327		caused error messages to be handled differently during
10328		a queue run than a direct run.
10329	Don't print the qf name and line number if you get errors during
10330		the direct run of the queue from srvrsmtp -- this was
10331		just extra stuff for users to crawl through.
10332	Put command line flags on second line of pid file so you can
10333		auto-restart the daemon with all appropriate arguments.
10334		Use "kill `head -1 /etc/sendmail.pid`" to stop the
10335		daemon, and "eval `tail -1 /etc/sendmail.pid`" to
10336		restart it.
10337	Remove the ``setuid(getuid())'' in main -- this caused the
10338		IDENT daemon to screw up.  This required that I change
10339		HASSETEUID to HASSETREUID and complicate the mode
10340		changing somewhat because both Ultrix and SunOS seem
10341		to have a bug causing seteuid() to set the saved uid
10342		as well as the effective.  The program test/t_setreuid.c
10343		will test to see if your implementation of setreuid(2)
10344		is appropriately functional.
10345	The FallBackMX (option V) handling failed to properly identify
10346		fallback to yourself -- most of the code was there,
10347		but it wasn't being enabled.  Problem noted by Murray
10348		Kucherawy of the University of Waterloo.
10349	Change :include: open timeout from ETIMEDOUT to an internal
10350		code EOPENTIMEOUT; this avoids adding "during SmtpPhase
10351		with CurHostName" in error messages, which can be
10352		confusing.  Reported by Jonathan Kamens of OpenVision
10353		Technologies.
10354	Back out setpgrp (setpgid on POSIX systems) call to reset the
10355		process group id.  The original fix was to get around
10356		some problems with recalcitrant MUAs, but it breaks
10357		any call from a shell that creates a process group id
10358		different from the process id.  I could try to fix
10359		this by diddling the tty owner (using tcsetpgrp or
10360		equivalent) but this is too likely to break other
10361		things.
10362	Portability changes:
10363		Support -M as equivalent to -oM on Ultrix -- apparently
10364			DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs
10365			instead of using standard flags.  Oh joy.  This
10366			behavior reported by Jon Giltner of University
10367			of Colorado.
10368		SGI IRIX  -- this includes several changes that should
10369			help other strict ANSI compilers.
10370		SCO Unix -- from Murray Kucherawy of HookUp Communication
10371			Corporation.
10372		Solaris running the Sun C compiler (which despite the
10373			documentation apparently doesn't define
10374			__STDC__ by default).
10375		ConvexOS from Eric Schnoebelen of Convex.
10376		Sony NEWS workstations and Omron LUNA workstations from
10377			Motonori Nakamura.
10378	CONFIG: add confTRY_NULL_MX_LIST to set option `w'.
10379	CONFIG: delete `C' and `e' from default SMTP mailers flags;
10380		several people have made a good argument that this
10381		creates more problems than it solves (although this
10382		may prove painful in the short run).
10383	CONFIG: generalize all the relays to accept a "mailer:host"
10384		format.
10385	CONFIG: move local processing in ruleset 0 into a new ruleset
10386		98 (8 on old sendmail).  Domain literal [a.b.c.d]
10387		addresses are also passed through this ruleset.
10388	CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined,
10389		internet-style addresses would "fall off the end" of
10390		ruleset zero and be interpreted as local -- however,
10391		the angle brackets confused the recursive call.
10392		These are now diagnosed as "Unrecognized host name".
10393	CONFIG: USENET rules weren't included in S0 because of a mistaken
10394		ifdef(`_MAILER_USENET_') instead of
10395		ifdef(`_MAILER_usenet_').  Problem found by Rein Tollevik
10396		of SINTEF RUNIT, Oslo.
10397	CONFIG: move up LOCAL_RULE_0 processing so that it happens very
10398		early in ruleset 0; this allows .mc authors to bypass
10399		things like the "short circuit" code for local addresses.
10400		Prompted by a comment by Bill Wisner of The Well.
10401	CONFIG: add confSMTP_MAILER to define the mailer used (smtp or
10402		esmtp) to send SMTP mail.  This allows you to default
10403		to esmtp but use a mailertable or other override to
10404		deal with broken servers.  This logic was pointed out
10405		to me by Bill Wisner.  Ditto for confLOCAL_MAILER.
10406	Changes to cf/sh/makeinfo.sh to make it portable to SVR4
10407		environments.  Ugly as sin.
10408
104098.3/8.3		1993/07/13
10410	Fix setuid problems introduced in 8.2 that caused messages
10411		like "Cannot create qfXXXXXX: Invalid argument"
10412		or "Cannot reopen dfXXXXXX: Permission denied".  This
10413		involved a new compile flag "HASSETEUID" that takes
10414		the place of the old _POSIX_SAVED_IDS -- it turns out
10415		that the POSIX interface is broken enough to break
10416		some systems badly.  This includes some fixes for
10417		HP-UX.  Also fixes problems where the real uid is
10418		not reset properly on startup (from Neil Rickert).
10419	Fix a problem that caused timed out messages to not report the
10420		addresses that timed out.  Error messages are also more
10421		"user friendly".
10422	Drop required bandwidth on connections from 64 bytes/sec to
10423		16 bytes/sec.
10424	Further Solaris portability changes -- doesn't require the BSD
10425		compatibility library.  This also adds a new
10426		"HASGETDTABLESIZE" compile flag which can be used if
10427		you want to use getdtablesize(2) instead of sysconf(2).
10428		These are loosely based on changes from David Meyer at
10429		University of Oregon.  This now seems to work, at least
10430		for quick test cases.
10431	Fix a problem that can cause duplicate error messages to be
10432		sent if you are in SMTP, you send to multiple addresses,
10433		and at least one of those addresses is good and points
10434		to an account that has a .forward file (whew!).
10435	Fix a problem causing messages to be discarded if checkcompat()
10436		returned EX_TEMPFAIL (because it didn't properly mark
10437		the "to" address).  Problem noted by John Myers.
10438	Fix dfopen to return NULL if the open failed; I was depending
10439		on fdopen(-1) returning NULL, which isn't the case.  This
10440		isn't serious, but does result in weird error diagnoses.
10441		From Michael Corrigan.
10442	CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of
10443		messages sent through UUCP-family mailers.  Suggested
10444		by Bill Wisner of The Well.
10445	CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified,
10446		include a "uucp-dom" mailer that uses domain-style
10447		addressing.  Suggested by Bill Wisner.
10448	CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match
10449		LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS.  Suggested by
10450		Christophe Wolfhugel.
10451	CONFIG: Add OSTYPE(aix3).  From Christophe Wolfhugel.
10452
104538.2/8.2		1993/07/11
10454	Don't drop out on config file parse errors in -bt mode.
10455	On older configuration files, assume option "l" (use Errors-To
10456		header) for back compatibility.  NOTE:  this DOES NOT
10457		imply an endorsement of the Errors-To: header in any way.
10458	Accept -x flag on AIX-3 as well as OSF/1.  Why, why, why???
10459	Don't log errors on EHLO -- it isn't a "real" error for an old
10460		SMTP server to give an error on this command, and
10461		logging it in the transcript can be confusing.  Fix
10462		from Bill Wisner.
10463	IRIX compatibility changes provided by Dan Rich
10464		<drich@sandman.lerc.nasa.gov>.
10465	Solaris 2 compatibility changes.  Provided by Bob Cunningham
10466		<bob@kahala.soest.hawaii.edu>, John Oleynick
10467		<juo@klinzhai.rutgers.edu>
10468	Debugging: -d17 was overloaded (hostsignature and usersmtp.c);
10469		move usersmtp (smtpinit and smtpmailfrom) to -d18 to
10470		match the other flags in that file.
10471	Flush transcript before fork in mailfile().  From Eric Wassenaar.
10472	Save h_errno in mci struct and improve error message display.
10473		Changes from Eric Wassenaar.
10474	Open /dev/null for the transcript if the create of the xf file
10475		failed; this avoids at least one possible null pointer
10476		reference in very weird cases.  From Eric Wassenaar.
10477	Clean up statistics gathering; it was over-reporting because of
10478		forks.  From Eric Wassenaar.
10479	Fix problem that causes old Return-Path: line to override new
10480		Return-Path: line (conf.c needs H_FORCE to avoid
10481		re-using old value).  From Motonori Nakamura.
10482	Fix broken -m flag in K definition -- even if -m (match only)
10483		was specified, it would still replace the key with the
10484		value.  Noted by Rick McCarty of Texas Instruments.
10485	If the name server timed out over several days, no "timed out"
10486		message would ever be sent back.  The timeout code
10487		has been moved from markfailure() to dropenvelope()
10488		so that all such failures should be diagnosed.  Pointed
10489		out by Christophe Wolfhugel and others.
10490	Relax safefile() constraints: directories in an include or
10491		forward path must be readable by self if the controlling
10492		user owns the entry, readable by all otherwise (e.g.,
10493		when reading your .forward file, you have to own and
10494		have X permission in it; everyone needs X permission in
10495		the root and directories leading up to your home);
10496		include files must be readable by anyone, but need not
10497		be owned by you.
10498	If _POSIX_SAVED_IDS is defined, setuid to the owner before
10499		reading a .forward file; this gets around some problems
10500		on NFS mounts if root permission is not exported and
10501		the user's home directory isn't x'able.
10502	Additional NeXT portability enhancements from Axel Zinser.
10503	Additional HP-UX portability enhancements from Brian Bullen.
10504	Add a timeout around SMTP message writes; this assumes you can
10505		get throughput of at least 64 bytes/second.  Note that
10506		this does not impact the "datafinal" default, which
10507		is separate; this is just intended to work around
10508		network clogs that will occur before the final dot
10509		is sent.  From Eric Wassenaar.
10510	Change map code to set the "include null" flag adaptively --
10511		it initially tries both, but if it finds anything
10512		matching without a null it never tries again with a
10513		null and vice versa.  If -N is specified, it never
10514		tries without the null and creates new maps with a
10515		null byte.  If -O is specified, it never tries with
10516		the null (for efficiency).  If -N and -O are specified,
10517		you get -NO (get it?) lookup at all, so this would
10518		be a bad idea.  If you don't specify either -N or -O,
10519		it adapts.
10520	Fix recognition of "same from address" so that MH submissions
10521		will insert the appropriate full name information;
10522		this used to work and got broken somewhere along the
10523		way.
10524	Some changes to eliminate some unnecessary SYSERRs in the
10525		log.  For example, if you lost a connection, don't
10526		bother reporting that fact on the connection you lost.
10527	Add some "extended debugging" flags to try to track down
10528		why we get occasional problems with file descriptor
10529		one being closed when execing a mailer; it seems to
10530		only happen when there has been another error in the
10531		same transaction.  This requires XDEBUG, defined
10532		by default in conf.h.
10533	Add "-X filename" command line flag, which logs both sides of
10534		all SMTP transactions.  This is intended ONLY for
10535		debugging bad implementations of other mailers; start
10536		it up, send a message from a mailer that is failing,
10537		and then kill it off and examine the indicated log.
10538		This output is not intended to be particularly human
10539		readable.  This also adds the HASSETVBUF compile
10540		flag, defaulted on if your compiler defines __STDC__.
10541	CONFIG: change SMART_HOST to override an SMTP mailer.  If you
10542		have a local net that should get direct connects, you
10543		will need to use LOCAL_NET_CONFIG to catch these hosts.
10544		See cf/README for an example.
10545	CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle
10546		sites that don't use the -d flag.
10547	CONFIG: hide recipient addresses as well as sender addresses
10548		behind $M if FEATURE(allmasquerade) is specified; this
10549		has been requested by several people, but can break
10550		local aliases.  For example, if you mail to "localalias"
10551		this will be rewritten as "localalias@masqueradehost";
10552		although initial delivery will work, replies will be
10553		broken.  Use it sparingly.
10554	CONFIG: add FEATURE(domaintable).  This maps unqualified domains
10555		to qualified domains in headers.  I believe this is
10556		largely equivalent to the IDA feature of the same name.
10557	CONFIG: use $U as UUCP name instead of $k.  This permits you
10558		to override the "system name" as your UUCP name --
10559		in particular, to use domain-ized UUCP names.  From
10560		Bill Wisner of The Well.
10561	CONFIG: create new mailer "esmtp" that always tries EHLO
10562		first.  This is currently unused in the config files,
10563		but could be used in a mailertable entry.
10564
105658.1C/8.1B	1993/06/27
10566	Serious security bug fix: it was possible to read any file on
10567		the system, regardless of ownership and permissions.
10568	If a subroutine returns a fully qualified address, return it
10569		immediately instead of feeding it back into rewriting.
10570		This fixes a problem with mailertable lookups.
10571	CONFIG: fix some M4 frotz (concat => CONCAT)
10572
105738.1B/8.1A	1993/06/12
10574	Serious bug fix: pattern matching backup algorithm stepped by
10575		two tokens in classes instead of one.  Found by Claus
10576		Assmann at University of Kiel, Germany.
10577
105788.1A/8.1A	1993/06/08
10579	Another mailertable fix....
10580
105818.1/8.1		1993/06/07
10582	4.4BSD freeze.  No semantic changes.
10583