1 SENDMAIL RELEASE NOTES 2 $Id: RELEASE_NOTES,v 8.2043 2014/01/23 20:27:19 ca Exp $ 3 4 5This listing shows the version of the sendmail binary, the version 6of the sendmail configuration files, the date of release, and a 7summary of the changes in that release. 8 98.14.8/8.14.8 2014/01/26 10 Properly initialize all OpenSSL algorithms for versions before 11 OpenSSL 0.9.8o. Without this SHA2 algorithms may not 12 work properly, causing for example failures for certs 13 that use sha256WithRSAEncryption as signature algorithm. 14 When looking up hostnames, ensure only to return those records 15 for the requested family (AF_INET or AF_INET6). 16 On system that have NEEDSGETIPNODE and NETINET6 17 this may have failed and cause delivery problems. 18 Problem noted by Kees Cook. 19 A new mailer flag '!' is available to suppress an MH hack 20 that drops an explicit From: header if it is the 21 same as what sendmail would generate. 22 Add an FFR (for future release) to use uncompressed IPv6 addresses, 23 i.e., they will not contain "::". For example, instead 24 of ::1 it will be 0:0:0:0:0:0:0:1. This means that 25 configuration data (including maps, files, classes, 26 custom ruleset, etc) have to use the same format. 27 This will be turned on in 8.15. It can be enabled in 8.14 28 by compiling with: 29 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_IPV6_FULL') 30 in your devtools/Site/site.config.m4 file. 31 Add an additional case for the WorkAroundBrokenAAAA check when 32 dealing with broken nameservers by ignoring SERVFAIL 33 errors returned on T_AAAA (IPv6) lookups at delivery time. 34 Problem noted by Pavel Timofeev of OCS. 35 If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to 36 setusercontext() on deliveries as a different user. 37 Patch from Edward Tomasz Napierala from FreeBSD. 38 Avoid compiler warnings from a change in Cyrus-SASL 2.1.25. 39 Patch from Hajimu UMEMOTO from FreeBSD. 40 Add support for DHParameters 2048-bit primes. 41 CONFIG: Accept IPv6 literals when evaluating the HELO/EHLO argument 42 in FEATURE(`block_bad_helo'). Suggested by Andrey Chernov. 43 LIBSMDB: Add a missing check for malloc() in libsmdb/smndbm.c. 44 Patch from Bill Parker. 45 LIBSMDB: Fix minor memory leaks in libsmdb/ if allocations 46 fail. Patch from John Beck of Oracle. 47 Portability: 48 Add support for Darwin 12.x and 13.x (Mac OS X 10.8 and 10.9). 49 On Linux use socklen_t as the type for the 3rd argument 50 for getsockname/getpeername if the glibc version is at 51 least 2.1. 52 Added Files: 53 devtools/OS/Darwin.12.x 54 devtools/OS/Darwin.13.x 55 568.14.7/8.14.7 2013/04/21 57 Drop support for IPv4-mapped IPv6 addresses to prevent the MTA 58 from using a mapped address over a legitimate IPv6 address 59 and to enforce the proper semantics over the IPv6 60 connection. Problem noted by Ulrich Sporlein. 61 Fix a regression introduced in 8.14.6: the wrong list of 62 macros was sent to a milter in the EHLO stage. 63 Problem found by Fabrice Bellet, reported via RedHat 64 (Jaroslav Skarvada). 65 Fix handling of ORCPT parameter for DSNs: xtext decoding 66 was not performed and a wrong syntax check was applied 67 to the "addr-type" field. Problem noted by Dan Lukes 68 of Obludarium. 69 Fix handling of NUL characters in the MIME conversion functions 70 so that message bodies containing them will be sent 71 on properly. Note: this usually also affects mails 72 that are not converted as those functions are used 73 for other purposes too. Problem noted by Elchonon 74 Edelson of Lockheed Martin. 75 Do not perform "duplicate" elimination of recipients if they 76 resolve to the error mailer using a temporary failure 77 (4xy) via ruleset 0. Problem noted by Akira Takahashi 78 of IIJ. 79 CONTRIB: Updated version of etrn.pl script from John Beck 80 of Oracle. 81 Portability: 82 Unlike gcc, clang doesn't apply full prototypes to K&R 83 definitions. 84 858.14.6/8.14.6 2012/12/23 86 Fix a regression introduced in 8.14.5: if a server offers 87 two AUTH lines, the MTA would not read them after 88 STARTTLS has been used and hence SMTP AUTH for 89 the client side would fail. Problem noted by Lena. 90 Do not cache hostnames internally in a non case sensitive way 91 as that may cause addresses to change from lower case 92 to upper case or vice versa. These header modifications 93 can cause problems with milters that rely on receiving 94 headers in the same way as they are being sent out such 95 as a DKIM signing milter. 96 If MaxQueueChildren is set then it was possible that new queue 97 runners could not be started anymore because an 98 internal counter was subject to a race condition. 99 If a milter decreases the timeout it waits for a communication 100 with the MTA, the MTA might experience a write() timeout. 101 In some situations, the resulting error might have been 102 ignored. Problem noted by Werner Wiethege. 103 Note: decreasing the communication timeout in a milter 104 should not be done without considering the potential 105 problems. 106 smfi_setsymlist() now properly sets the list of macros for 107 the milter which invoked it, instead of a global 108 list for all milters. Problem reported by 109 David Shrimpton of the University of Queensland. 110 If Timeout.resolver.retrans is set to a value larger than 20, 111 then resolver.retry was temporarily set to 0 for 112 gethostbyaddr() lookups. Now it is set to 1 instead. 113 Patch from Peter. 114 If sendmail could not lock the statistics file due to a system 115 error, and sendmail later sends a DSN for a mail that 116 triggered such an error, then sendmail tried to access 117 memory that was freed before (causing a crash on some 118 systems). Problem reported by Ryan Stone. 119 Do not log negative values for size= nor pri= to avoid confusing 120 log parsers, instead limit the values to LONG_MAX. 121 Account for an API change in newer versions of Cyrus-SASL. 122 Patch from Hajimu UMEMOTO from FreeBSD. 123 Do not try to resolve link-local addresses for IPv4 (just as it 124 is done for IPv6). Patch from John Beck of Oracle. 125 Improve logging of client and server STARTTLS connection failures 126 that may be due to incompatible cipher lists by including 127 the reason for the failure in a single log line. Suggested 128 by James Carey of Boeing. 129 Portability: 130 Add support for Darwin 11.x (Mac OS X 10.7). 131 Add support for SunOS 5.12 (aka Solaris 12). Patch from 132 John Beck of Oracle. 133 Added Files: 134 devtools/OS/Darwin.11.x 135 devtools/OS/SunOS.5.12 136 1378.14.5/8.14.5 2011/05/17 138 Do not cache SMTP extensions across connections as the cache 139 is based on hostname which may not be a unique identifier 140 for a server, i.e., different machines may have the 141 same hostname but provide different SMTP extensions. 142 Problem noted by Jim Hermann. 143 Avoid an out-of-bounds access in case a resolver reply for a DNS 144 map lookup returns a size larger than 1K. Based on a 145 patch from Dr. Werner Fink of SuSE. 146 If a job is aborted using the interrupt signal (e.g., control-C from 147 the keyboard), perform minimal cleanup to avoid invoking 148 functions that are not signal-safe. Note: in previous 149 versions the mail might have been queued up already 150 and would be delivered subsequently, now an interrupt 151 will always remove the queue files and thus prevent 152 delivery. 153 Per RFC 6176, when operating as a TLS client, do not offer SSLv2. 154 Since TLS session resumption is never used as a client, disable 155 use of RFC 4507-style session tickets. 156 Work around gcc4 versions which reverse 25 years of history and 157 no longer align char buffers on the stack, breaking calls 158 to resolver functions on strict alignment platforms. 159 Found by Stuart Henderson of OpenBSD. 160 Read at most two AUTH lines from a server greeting (up to two 161 lines are read because servers may use "AUTH mechs" and 162 "AUTH=mechs"). Otherwise a malicious server may exhaust 163 the memory of the client. Bug report by Nils of MWR 164 InfoSecurity. 165 Avoid triggering an assertion in the OpenLDAP code when the 166 connection to an LDAP server is lost while making a query. 167 Problem noted and patch provided by Andy Fiddaman. 168 If ConnectOnlyTo is set and sendmail is compiled with NETINET6 169 it would try to use an IPv6 address if an IPv4 (or 170 unparseable) address is specified. 171 If SASLv2 is used, make sure that the macro {auth_authen} is 172 stored in xtext format to avoid problems with parsing 173 it. Problem noted by Christophe Wolfhugel. 174 CONFIG: FEATURE(`ldap_routing') in 8.14.4 tried to add a missing 175 -T<TMPF> that is required, but failed for some cases 176 that did not use LDAP. This change has been undone 177 until a better solution can be implemented. Problem 178 found by Andy Fiddaman. 179 CONFIG: Add cf/ostype/solaris11.m4 for Solaris11 support. 180 Contributed by Casper Dik of Oracle. 181 CONTRIB: qtool.pl: Deal with H entries that do not have a 182 letter between the question marks. Patch from 183 Stefan Christensen. 184 DOC: Use a better description for the -i option in sendmail. 185 Patch from Mitchell Berger. 186 Portability: 187 Add support for Darwin 10.x (Mac OS X 10.6). 188 Enable HAVE_NANOSLEEP for FreeBSD 3 and later. Patch 189 from John Marshall. 190 Enable HAVE_NANOSLEEP for OpenBSD 4.3 and later. 191 Use new directory "/system/volatile" for PidFile on 192 Solaris 11. Patch from Casper Dik of Oracle. 193 Fix compilation on Solaris 11 (and maybe some other 194 OSs) when using OpenSSL 1.0. Based on patch from 195 Jan Pechanec of Oracle. 196 Set SOCKADDR_LEN_T and SOCKOPT_LEN_T to socklen_t 197 for Solaris 11. Patch from Roger Faulkner of Oracle. 198 New Files: 199 cf/ostype/solaris11.m4 200 2018.14.4/8.14.4 2009/12/30 202 SECURITY: Handle bogus certificates containing NUL characters 203 in CNs by placing a string indicating a bad certificate 204 in the {cn_subject} or {cn_issuer} macro. Patch inspired 205 by Matthias Andree's changes for fetchmail. 206 During the generation of a queue identifier an integer overflow 207 could occur which might result in bogus characters 208 being used. Based on patch from John Vannoy of 209 Pepperdine University. 210 The value of headers, e.g., Precedence, Content-Type, et.al., 211 was not processed correctly. Patch from Per Hedeland. 212 Between 8.11.7 and 8.12.0 the length limitation on a return 213 path was erroneously reduced from MAXNAME (256) to 214 MAXSHORTSTR (203). Patch from John Gardiner Myers 215 of Proofpoint; the problem was also noted by Steve 216 Hubert of University of Washington. 217 Prevent a crash when a hostname lookup returns a seemingly 218 valid result which contains a NULL pointer (this seems 219 to be happening on some Linux versions). 220 The process title was missing the current load average when 221 the MTA was delaying connections due to DelayLA. 222 Patch from Dick St.Peters of NetHeaven. 223 Do not reset the number of queue entries in shared memory if 224 only some of them are processed. 225 Fix overflow of an internal array when parsing some replies 226 from a milter. Problem found by Scott Rotondo 227 of Sun Microsystems. 228 If STARTTLS is turned off in the server (via M=S) then it 229 would not be initialized for use in the client either. 230 Patch from Kazuteru Okahashi of IIJ. 231 If a Diffie-Hellman cipher is selected for STARTTLS, the 232 handshake could fail with some TLS implementations 233 because the prime used by the server is not long enough. 234 Note: the initialization of the DSA/DH parameters for 235 the server can take a significant amount of time on slow 236 machines. This can be turned off by setting DHParameters 237 to none or a file (see doc/op/op.me). Patch from 238 Petr Lampa of the Brno University of Technology. 239 Fix handling of `b' modifier for DaemonPortOptions on little 240 endian machines for loopback address. Patch from 241 John Beck of Sun Microsystems. 242 Fix a potential memory leak in libsmdb/smdb1.c found by parfait. 243 Based on patch from Jonathan Gray of OpenBSD. 244 If a milter sets the reply code to "421" during the transfer 245 of the body, the SMTP server will terminate the SMTP session 246 with that error to match the behavior of the other callbacks. 247 Return EX_IOERR (instead of 0) if a mail submission fails due to 248 missing disk space in the mail queue. Based on patch 249 from Martin Poole of RedHat. 250 CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would 251 cause addresses not found in LDAP to be misparsed. 252 CONFIG: Using a CN restriction did not work for TLS_Clt as it 253 referred to a wrong macro. Patch from John Gardiner 254 Myers of Proofpoint. 255 CONFIG: The option relaytofulladdress of FEATURE(`access_db') 256 did not work if FEATURE(`relay_hosts_only') is used too. 257 Problem noted by Kristian Shaw. 258 CONFIG: The internal function lower() was broken and hence 259 strcasecmp() did not work either, which could cause 260 problems for some FEATURE()s if upper case arguments 261 were used. Patch from Vesa-Matti J Kari of the 262 University of Helsinki. 263 LIBMILTER: Fix internal check whether a milter application 264 is compiled against the same version of libmilter as 265 it is linked against (especially useful for dynamic 266 libraries). 267 LIBMILTER: Fix memory leak that occurred when smfi_setsymlist() 268 was used. Based on patch by Dan Lukes. 269 LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters 270 which add, insert, or replace headers. From Benjamin 271 Pineau. 272 LIBMILTER: Fix error messages which refer to "select()" to be 273 correct if SM_CONF_POLL is used. Based on patch from 274 John Nemeth. 275 LIBSM: Fix handling of LDAP search failures where the error is 276 carried in the search result itself, such as seen with 277 OpenLDAP proxy servers. 278 VACATION: Do not refer to a local variable outside its scope. 279 Based on patch from Mark Costlow of Southwest Cyberport. 280 Portability: 281 Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from 282 John Beck of Sun Microsystems. 283 Drop NISPLUS from default SunOS 5.11 map definitions. 284 Patch from John Beck of Sun Microsystems. 285 2868.14.3/8.14.3 2008/05/03 287 During ruleset processing the generation of a key for a map 288 lookup and the parsing of the default value was broken 289 for some macros, e.g., $|, which caused the BlankSub 290 character to be inserted into the workspace and thus 291 failures, e.g., rules that should have matched did not. 292 8.14.2 caused a regression: it accessed (macro) storage which was 293 freed before. First instance of the problem reported by 294 Matthew Dillon of DragonFlyBSD; variations of the same 295 bug reported by Todd C. Miller of OpenBSD, Moritz 296 Jodeit, and Dave Hayes. 297 Improve pathname length checks for persistent host status. Patch 298 from Joerg Sonnenberger of DragonFlyBSD. 299 Reword misleading SMTP reply text for FEATURE(`badmx'). Problem 300 noted by Beth Halsema. 301 The read timeout was fixed to be Timeout.datablock if STARTTLS 302 was activated. This may cause problems if that value 303 is lowered from its default. Problem noted by Jens Elkner. 304 CONFIG: Using LOCAL_TLS_CLIENT caused the tls_client ruleset 305 to operate incorrectly. Problem found by Werner Wiethege. 306 LIBMILTER: Omitting some protocol steps via the xxfi_negotiate() 307 callback did not work properly. The patchlevel of 308 libmilter has been set to 1 so a milter can determine 309 whether libmilter contains this fix. 310 MAKEMAP: If a delimiter is specified (-t) use that also when 311 dumping a map. Patch from Todd C. Miller of OpenBSD. 312 Portability: 313 Add support for Darwin 9.x (Mac OS X 10.5). 314 Support shared libraries in Darwin 8 and 9. Patch from 315 Chris Behrens of Concentric. 316 Add support for SCO OpenServer 6, patch from Boyd Gerber. 317 DEVTOOLS: Clarify that confSHAREDLIBDIR requires a trailing slash. 318 Added Files: 319 devtools/OS/Darwin.9.x 320 devtools/OS/OSR.i386 321 3228.14.2/8.14.2 2007/11/01 323 If a message was queued and it contained 8 bit characters in 324 a From: or To: header, then those characters could be 325 "mistaken" for internal control characters during a queue 326 run and trigger various consistency checks. Problem 327 noted by Neil Rickert of Northern Illinois University. 328 If MaxMimeHeaderLength is set to a value greater than 0 (which 329 it is by default) then even if the Linelimit parameter 330 is 0, sendmail corrupted in the non-transfer-encoding 331 case every MAXLINE-1 characters. Patch from John Gardiner 332 Myers of Proofpoint. 333 Setting the suboption DeliveryMode for DaemonPortOptions did not 334 work in earlier 8.14 versions. 335 Note: DeliveryMode=interactive is silently converted to 336 background if a milter can reject or delete a recipient. 337 Prior to 8.14 this happened only if milter could delete 338 recipients. 339 ClientRate should trigger when the limit was exceeded (as 340 documented), not when it was reached. Patch from 341 John Beck of Sun Microsystems. 342 Force a queue run for -qGqueuegroup even if no runners are 343 specified (R=0) and forking (F=f) is requested. 344 When multiple results are requested for a DNS map lookup 345 (-z and -Z), return only those that are relevant for 346 the query (not also those in the "additional section".) 347 If the message transfer time to sendmail (when acting as server) 348 exceeds Timeout.queuewarn or Timeout.queuereturn and 349 the message is refused (by a milter), sendmail previously 350 created a delivery status notification (DSN). Patch 351 from Doug Heath of The Hertz Corporation. 352 A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires 353 the MTA to deal with some input (i.e., "=") itself. 354 Problem noted by Eliot Lear. 355 sendmail counted a delivery as successful if PIPELINING is 356 compiled in but not offered by the server and the 357 delivery failed temporarily. Patch from Werner Wiethege. 358 If getting the result of an LDAP query times out then close the 359 map so it will be reopened on the next lookup. This 360 should help "failover" configurations that specify more 361 than one LDAP server. 362 If check_compat returns $#discard then a "savemail panic" could 363 be triggered under some circumstances (e.g., requiring 364 a system which does not have the compile time flag 365 HASFLOCK set). Based on patch by Motonori Nakamura 366 of National Institute of Informatics, Japan. 367 If a milter rejected a recipient, the count for nrcpts= in the 368 logfile entry might have been wrong. Problem found by 369 Petra Humann of TU Dresden. 370 If a milter invoked smfi_chgfrom() where ESMTP arguments are not 371 NULL, the message body was lost. Patch from Motonori 372 Nakamura of National Institute of Informatics, Japan. 373 sendmail(8) had a bogus space in -qGname. Patch from Peng Haitao. 374 CONTRIB: buildvirtuser: Preserve ownership and permissions when 375 replacing files. 376 CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when 377 reading the /etc/mail/virtusers/ directory. 378 CONTRIB: buildvirtuser: Emit warnings instead of exiting where 379 appropriate. 380 LIBMILTER: Fix ABI backwards compatibility so milters compiled 381 against an older libmilter.so shared library can use an 382 8.14 libmilter.so shared library. 383 LIBMILTER: smfi_version() did not properly extract the patchlevel 384 from the version number, however, the returned value was 385 correct for the current libmilter version. 386 3878.14.1/8.14.1 2007/04/03 388 Even though a milter rejects a recipient the MTA will still keep 389 it in its list of recipients and deliver to it if the 390 transaction is accepted. This is a regression introduced 391 in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug 392 found by Andy Fiddaman. 393 The new DaemonPortOptions which begin with a lower case character 394 could not be set in 8.14.0. 395 If a server shut down the connection in response to a STARTTLS 396 command, sendmail would log a misleading error message 397 due to an internal inconsistency. Problem found by 398 Werner Wiethege. 399 Document how some sendmail.cf options change the behavior of mailq. 400 Noted by Paul Menchini of the North Carolina School of 401 Science and Mathematics. 402 CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce. 403 CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition 404 of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE 405 m4 options for setting MaxNOOPCommands and 406 SharedMemoryKeyFile. 407 CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4 408 options for setting Milter.macros.eoh and Milter.macros.data. 409 CONTRIB: Use flock() and fcntl() in qtool.pl if necessary. 410 Patch from Daniel Carroll of Mesa State College. 411 LIBMILTER: Make sure an unknown command does not affect the 412 currently available macros. Problem found by Andy Fiddaman. 413 LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option 414 negotiation. Problem reported by Bryan Costales. 415 LIBMILTER: Fix several minor errors in the documentation. 416 Patches from Bryan Costales. 417 PORTABILITY FIXES: 418 AIX 5.{1,2}: libsm/util.c failed to compile due to 419 redefinition of several macros, e.g., SIG_ERR. 420 Patch from Jim Pirzyk with assistance by Bob 421 Booth, University of Illinois at Urbana-Champaign. 422 Add support for QNX.6. Patch from Sean Boudreau of QNX 423 Software Systems. 424 New Files: 425 devtools/M4/depend/QNX6.m4 426 devtools/OS/QNX.6.x 427 include/sm/os/sm_os_qnx.h 428 429 New Files added in 8.14.0, but not shown in the release notes entry: 430 libmilter/docs/smfi_chgfrom.html 431 libmilter/docs/smfi_version.html 432 4338.14.0/8.14.0 2007/01/31 434 Header field values are now 8 bit clean. Notes: 435 - header field names are still restricted to 7 bit. 436 - RFC 2822 allows only 7 bit (US-ASCII) characters in 437 headers. 438 Preserve spaces after the colon in a header. Previously, any 439 number of spaces after the colon would be changed to 440 exactly one space. 441 In some cases of deeply nested aliases/forwarding, mail can 442 be silently lost. Moreover, the MaxAliasRecursion 443 limit may be reached too early, e.g., the counter 444 may be off by a factor of 4 in case of a sequence of 445 .forward files that refer to others. Patch from 446 Motonori Nakamura of Kyoto University. 447 Fix a regression in 8.13.8: if InputMailFilters is set then 448 "sendmail -bs" can trigger an assertion because the 449 hostname of the client is undefined. It is now set 450 to "localhost" for the xxfi_connect() callback. 451 Avoid referencing a freed variable during cleanup when terminating. 452 Problem reported and diagnosed by Joe Maimon. 453 New option HeloName to set the name for the HELO/EHLO command. 454 Patch from Nik Clayton. 455 New option SoftBounce to issue temporary errors (4xy) instead of 456 permanent errors (5xy). This can be useful for testing. 457 New suboptions for DaemonPortOptions to set them individually 458 per daemon socket: 459 DeliveryMode DeliveryMode 460 refuseLA RefuseLA 461 delayLA DelayLA 462 queueLA QueueLA 463 children MaxDaemonChildren 464 New option -K for LDAP maps to replace %1 through %9 in the 465 lookup key with the LDAP escaped contents of the 466 arguments specified in the map lookup. Loosely based 467 on patch from Wolfgang Hottgenroth. 468 Log the time after which a greet_pause delay triggered. Patch 469 from Nik Clayton. 470 If a client is rejected via TCP wrapper or some other check 471 performed by validate_connection() (in conf.c) then do 472 not also invoke greet_pause. Problem noted by Jim Pirzyk 473 of the University of Illinois at Urbana-Champaign. 474 If a client terminates the SMTP connection during a pause 475 introduced by greet_pause, then a misleading message 476 was logged previously. Problem noted by Vernon Schryver 477 et.al., patch from Matej Vela. 478 New command "mstat" for control socket to provide "machine 479 readable" status. 480 New named config file rule check_eom which is called at the end 481 of a message, its parameter is the size of the message. 482 If the macro {addr_type} indicates that the current address 483 is a header address it also distinguishes between 484 recipient and sender addresses (as it is done for 485 envelope addresses). 486 When a macro is set in check_relay, then its value is accessible 487 by all transactions in the same SMTP session. 488 Increase size of key for ldap lookups to 1024 (MAXKEY). 489 New option MaxNOOPCommands to override default of 20 for the 490 number of "useless" commands before the SMTP server will 491 slow down responding. 492 New option SharedMemoryKeyFile: if shared memory support is 493 enabled, the MTA can be asked to select a shared memory 494 key itself by setting SharedMemoryKey to -1 and specifying 495 a file where to store the selected key. 496 Try to deal with open HTTP proxies that are used to send spam 497 by recognizing some commands from them. If the first command 498 from the client is GET, POST, CONNECT, or USER, then the 499 connection is terminated immediately. 500 New PrivacyOptions noactualrecipient to avoid putting 501 X-Actual-Recipient lines in DSNs revealing the actual 502 account that addresses map to. Patch from Dan Harkless. 503 New options B, z, and Z for DNS maps: 504 -B: specify a domain that is always appended to queries. 505 -z: specify the delimiter at which to cut off the result of 506 a query if it is too long. 507 -Z: specify the maximum number of entries to be concatenated 508 to form the result of a lookup. 509 New target "check" in the Makefile of libsm: instead of running tests 510 implicitly while building libsm, they must be explicitly 511 started by using "make check". 512 Fixed some inconsistent checks for NULL pointers that have been 513 reported by the SATURN tool which has been developed by 514 Isil Dillig and Thomas Dillig of Stanford University. 515 Fix a potential race condition caused by a signal handler for 516 terminated child processes. Problem noted by David F. Skoll. 517 When a milter deleted a recipient, that recipient could cause a 518 queue group selection. This has been disabled as it was not 519 intended. 520 New operator 'r' for the arith map to return a random number. 521 Patch from Motonori Nakamura of Kyoto University. 522 New compile time option MILTER_NO_NAGLE to turn off the Nagle 523 algorithm for communication with libmilter ("cork" on Linux), 524 which may improve the communication performance on some 525 operating systems. Patch from John Gardiner Myers of 526 Proofpoint. 527 If sendmail received input that contained a CR without subsequent LF 528 (thus violating RFC 2821 (2.3.7)), it could previously 529 generate an additional blank line in the output as the last 530 line. 531 Restarting persistent queue runners by sending a HUP signal to 532 the "queue control process" (QCP) works now. 533 Increase the length of an input line to 12288 to deal with 534 really long lines during SMTP AUTH negotiations. 535 Problem noted by Werner Wiethege. 536 If ARPANET mode (-ba) was selected STARTTLS would fail (due to 537 a missing initialization call for that case). Problem 538 noted by Neil Rickert of Northern Illinois University. 539 If sendmail is linked against a library that initializes Cyrus-SASL 540 before sendmail did it (such as libnss-ldap), then SMTP AUTH 541 could fail for the sendmail client. A patch by Moritz Both 542 works around the API design flaw of Cyrus-SASLv2. 543 CONFIG: Make it possible to unset the StatusFile option by 544 undefining STATUS_FILE. By not setting StatusFile, 545 the MTA will not attempt to open a statistics file on 546 each delivery. 547 CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP 548 clients whose IP address does not have proper reverse DNS. 549 Contributed by Neil Rickert of Northern Illinois University 550 and John Beck of Sun Microsystems. 551 CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP 552 clients which provide a HELO/EHLO argument which is either 553 unqualified, or is one of our own names (i.e., the server 554 name instead of the client name). Contributed by Neil 555 Rickert of Northern Illinois University and John Beck of 556 Sun Microsystems. 557 CONFIG: New FEATURE(`badmx') to reject envelope sender addresses 558 (MAIL) whose domain part resolves to a "bad" MX record. 559 Based on contribution from William Dell Wisner. 560 CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override 561 the maximum line length of the smtp mailers. 562 CONFIG: New option `relaytofulladdress' for FEATURE(`access_db') 563 to allow entries in the access map to be of the form 564 To:user@example.com RELAY 565 CONFIG: New subsuboptions eoh and data to specify the list of 566 macros a milter should receive at those stages in the 567 SMTP dialogue. 568 CONFIG: New option confHELO_NAME for HeloName to set the name 569 for the HELO/EHLO command. 570 CONFIG: dnsbl and enhdnsbl can now also discard or quarantine 571 messages by using those values as second argument. 572 Patches from Nelson Fung. 573 CONTRIB: cidrexpand uses a hash symbol as comment character and 574 ignores everything after it unless it is in quotes or 575 preceeded by a backslash. 576 DEVTOOLS: New macro confMKDIR: if set to a program that creates 577 directories, then it used for "make install" to create 578 the required installation directories. 579 DEVTOOLS: New macro confCCLINK to specify the linker to use for 580 executables (defaults to confCC). 581 LIBMILTER: A new version of the milter API has been created that 582 has several changes which are listed below and documented 583 in the webpages reachable via libmilter/docs/index.html. 584 LIBMILTER: The meaning of the version macro SMFI_VERSION has been 585 changed. It now refers only to the version of libmilter, 586 not to the protocol version (which is used only internally, 587 it is not user/milter-programmer visible). Additionally, 588 a version function smfi_version() has been introduced such 589 that a milter program can check the libmilter version also 590 at runtime which is useful if a shared library is used. 591 LIBMILTER: A new callback xxfi_negotiate() can be used to 592 dynamically (i.e., at runtime) determine the available 593 protocol actions and features of the MTA and also to 594 specify which of these a milter wants to use. This allows 595 for more flexibility than hardcoding these flags in the 596 xxfi_flags field of the smfiDesc structure. 597 LIBMILTER: A new callback xxfi_data() is available so milters 598 can act on the DATA command. 599 LIBMILTER: A new callback xxfi_unknown() is available so milters 600 can receive also unknown SMTP commands. 601 LIBMILTER: A new return code SMFIS_NOREPLY has been added which 602 can be used by the xxfi_header() callback provided the 603 milter requested the SMFIP_NOHREPL protocol action. 604 LIBMILTER: The new return code SMFIS_SKIP can be used in the 605 xxfi_body() callback to skip over further body chunks 606 and directly advance to the xxfi_eom() callback. This 607 is useful if a milter can make a decision based on the 608 body chunks it already received without reading the entire 609 rest of the body and the milter wants to invoke functions 610 that are only available from the xxfi_eom() callback. 611 LIBMILTER: A new function smfi_addrcpt_par() can be used to add 612 new recipients including ESMTP parameters. 613 LIBMILTER: A new function smfi_chgfrom() can be used to change the 614 envelope sender including ESMTP parameters. 615 LIBMILTER: A milter can now request to be informed about rejected 616 recipients (RCPT) too. This requires to set the protocol 617 flag SMFIP_RCPT_REJ during option negotiation. Whether 618 a RCPT has been rejected can be checked by comparing the 619 value of the macro {rcpt_mailer} with "error". 620 LIBMILTER: A milter can now override the list of macros that it 621 wants to receive from the MTA for each protocol step 622 by invoking the function smfi_setsymlist() during option 623 negotiation. 624 LIBMILTER: A milter can receive header field values with all 625 leading spaces by requesting the SMFIP_HDR_LEADSPC 626 protocol action. Also, if the flag is set then the MTA 627 does not add a leading space to headers that are added, 628 inserted, or replaced. 629 LIBMILTER: If a milter sets the reply code to "421" for the HELO 630 callback, the SMTP server will terminate the SMTP session 631 with that error to match the behavior of all other callbacks. 632 New Files: 633 cf/feature/badmx.m4 634 cf/feature/block_bad_helo.m4 635 cf/feature/require_rdns.m4 636 devtools/M4/UNIX/check.m4 637 include/sm/misc.h 638 include/sm/sendmail.h 639 include/sm/tailq.h 640 libmilter/docs/smfi_addrcpt_par.html 641 libmilter/docs/smfi_setsymlist.html 642 libmilter/docs/xxfi_data.html 643 libmilter/docs/xxfi_negotiate.html 644 libmilter/docs/xxfi_unknown.html 645 libmilter/example.c 646 libmilter/monitor.c 647 libmilter/worker.c 648 libsm/memstat.c 649 libsm/t-memstat.c 650 libsm/t-qic.c 651 libsm/util.c 652 sendmail/daemon.h 653 sendmail/map.h 654 6558.13.8/8.13.8 2006/08/09 656 Fix a regression in 8.13.7: if shared memory is activated, then 657 the server can erroneously report that there is 658 insufficient disk space. Additionally make sure that 659 an internal variable is set properly to avoid those 660 misleading errors. Based on patch from Steve Hubert 661 of University of Washington. 662 Fix a regression in 8.13.7: the PidFile could be removed after 663 the process that forks the daemon exited, i.e., if 664 sendmail -bd is invoked. Problem reported by Kan Sasaki 665 of Fusion Communications Corp. and Werner Wiethege. 666 Avoid opening qf files if QueueSortOrder is "none". Patch from 667 David F. Skoll. 668 Avoid a crash when finishing due to referencing a freed variable. 669 Problem reported and diagnosed by Moritz Jodeit. 670 CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4 671 range (0..255). 672 LIBMILTER: The "hostname" argument of the xxfi_connect() callback 673 previously was the equivalent of {client_ptr}. However, 674 this did not match the documentation of the function, hence 675 it has been changed to {client_name}. See doc/op/op.* 676 about these macros. 677 6788.13.7/8.13.7 2006/06/14 679 A malformed MIME structure with many parts can cause sendmail to 680 crash while trying to send a mail due to a stack overflow, 681 e.g., if the stack size is limited (ulimit -s). This 682 happens because the recursion of the function mime8to7() 683 was not restricted. The function is called for MIME 8 to 684 7 bit conversion and also to enforce MaxMimeHeaderLength. 685 To work around this problem, recursive calls are limited to 686 a depth of MAXMIMENESTING (20); message content after this 687 limit is treated as opaque and is not checked further. 688 Problem noted by Frank Sheiness. 689 The changes to the I/O layer in 8.13.6 caused a regression for 690 SASL mechanisms that use the security layer, e.g., 691 DIGEST-MD5. Problem noted by Robert Stampfli. 692 If a timeout occurs while reading a message (during the DATA phase) 693 a df file might have been left behind in the queue. 694 This was another side effect of the changes to the I/O 695 layer made in 8.13.6. 696 Several minor problems have been fixed that were found by a 697 Coverity scan of sendmail 8 as part of the NetBSD 698 distribution. See http://scan.coverity.com/ 699 Note: the scan generated also a lot of "false positives", 700 e.g., "error" reports about situations that cannot happen. 701 Most of those code places are marked with lint(1) comments 702 like NOTREACHED, but Coverity does not understand those. 703 Hence an explicit assertion has been added in some cases 704 to avoid those false positives. 705 If the start of the sendmail daemon fails due to a configuration 706 error then in some cases shared memory segments or pid 707 files were not removed. 708 If DSN support is disabled via access_db, then related ESMTP 709 parameters for MAIL and RCPT should be rejected. Problem 710 reported by Akihiro Sagawa. 711 Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding 712 bug work-around. Hence if sendmail is linked against 713 either of these versions and compression is available, 714 the padding bug work-around is turned off. Based on 715 patch from Victor Duchovni of Morgan Stanley. 716 CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used 717 blackholes.mail-abuse.org as default domain for lookups, 718 however, that list is no longer available. To avoid 719 further problems, no default value is available anymore, 720 but an argument must be specified. 721 Portability: 722 Fix compilation on OSF/1 for sfsasl.c. Patch from 723 Pieter Bowman of the University of Utah. 724 7258.13.6/8.13.6 2006/03/22 726 SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server 727 and client side of sendmail with timeouts in the libsm I/O 728 layer and fix problems in that code. Also fix handling of 729 a buffer in sm_syslog() which could have been used as an 730 attack vector to exploit the unsafe handling of 731 setjmp(3)/longjmp(3) in combination with signals. 732 Problem detected by Mark Dowd of ISS X-Force. 733 Handle theoretical integer overflows that could triggered if 734 the server accepted headers larger than the maximum 735 (signed) integer value. This is prevented in the default 736 configuration by restricting the size of a header, and on 737 most machines memory allocations would fail before reaching 738 those values. Problems found by Phil Brass of ISS. 739 If a server returns 421 for an RSET command when trying to start 740 another transaction in a session while sending mail, do 741 not trigger an internal consistency check. Problem found 742 by Allan E Johannesen of Worcester Polytechnic Institute. 743 If a server returns a 5xy error code (other than 501) in response 744 to a STARTTLS command despite the fact that it advertised 745 STARTTLS and that the code is not valid according to RFC 746 2487 treat it nevertheless as a permanent failure instead 747 of a protocol error (which has been changed to a 748 temporary error in 8.13.5). Problem reported by Jeff 749 A. Earickson of Colby College. 750 Clear SMTP state after a HELO/EHLO command. Patch from John 751 Myers of Proofpoint. 752 Observe MinQueueAge option when gathering entries from the queue 753 for sorting etc instead of waiting until the entries are 754 processed. Patch from Brian Fundakowski Feldman. 755 Set up TLS session cache to properly handle clients that try to 756 resume a stored TLS session. 757 Properly count the number of (direct) child processes such that 758 a configured value (MaxDaemonChildren) is not exceeded. 759 Based on patch from Attila Bruncsak. 760 LIBMILTER: Remove superfluous backslash in macro definition 761 (libmilter.h). Based on patch from Mike Kupfer of 762 Sun Microsystems. 763 LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets. 764 This generates an error message from libmilter on 765 Solaris, though other systems appear to just discard the 766 request silently. 767 LIBMILTER: Deal with sigwait(2) implementations that return 768 -1 and set errno instead of returning an error code 769 directly. Patch from Chris Adams of HiWAAY Informations 770 Services. 771 Portability: 772 Fix compilation checks for closefrom(3) and statvfs(2) 773 in NetBSD. Problem noted by S. Moonesamy, patch from 774 Andrew Brown. 775 7768.13.5/8.13.5 2005/09/16 777 Store the filesystem identifier of the df/ subdirectory (if it 778 exists) in an internal structure instead of the base 779 directory. This structure is used decide whether there 780 is enough free disk space when selecting a queue, hence 781 without this change queue selection could fail if a df/ 782 subdirectory exists and is on a different filesystem 783 than the base directory. 784 Use the queue index of the df file (instead of the qf file) for 785 checking whether a link(2) operation can be used to split 786 an envelope across queue groups. Problem found by 787 Werner Wiethege. 788 If the list of items in the queue is larger than the maximum 789 number of items to process, sort the queue first and 790 then cut the list off instead of the other way around. 791 Patch from Matej Vela of Rudjer Boskovic Institute. 792 Fix helpfile to show full entry for ETRN. Problem noted by 793 Penelope Fudd, patch from Neil Rickert of Northern Illinois 794 University. 795 FallbackSmartHost should also be tried on temporary errors. 796 From John Beck of Sun Microsystems. 797 When a server responds with 421 to the STARTTLS command then treat 798 it as a temporary error, not as protocol error. Problem 799 noted by Andrey J. Melnikoff. 800 Properly define two functions in libsm as static because their 801 prototype used static too. Patch from Peter Klein. 802 Fix syntax errors in helpfile for MAIL and RCPT commands. 803 LIBMILTER: When smfi_replacebody() is called with bodylen equals 804 zero then do not silently ignore that call. Patch from 805 Gurusamy Sarathy of Active State. 806 LIBMILTER: Recognize "421" also in a multi-line reply to terminate 807 the SMTP session with that error. Fix from Brian Kantor. 808 Portability: New option HASSNPRINTF which can be set if the OS 809 has a properly working snprintf(3) to get rid 810 of the last two (safe) sprintf(3) calls in the 811 source code. 812 Add support for AIX 5.3. 813 Add support for SunOS 5.11 (aka Solaris 11). 814 Add support for Darwin 8.x. Patch from Lyndon Nerenberg. 815 OpenBSD 3.7 has removed support for NETISO. 816 CONFIG: Add OSTYPE(freebsd6) for FreeBSD 6.X. 817 Set DontBlameSendmail to AssumeSafeChown and 818 GroupWritableDirPathSafe for OSTYPE(darwin). 819 Patch from Lyndon Nerenberg. 820 Some features still used 4.7.1 as enhanced status code which 821 was supposed to be eliminated in 8.13.0 because some 822 broken systems misinterpret it as a permanent error. 823 Patch from Matej Vela of Rudjer Boskovic Institute. 824 Some default values in a generated cf file did not match 825 the defaults in the sendmail binary. Problem noted 826 by Mike Pechkin. 827 New Files: 828 cf/ostype/freebsd6.m4 829 devtools/OS/AIX.5.3 830 devtools/OS/Darwin.8.x 831 devtools/OS/SunOS.5.11 832 include/sm/time.h 833 8348.13.4/8.13.4 2005/03/27 835 The bug fixes in 8.13.3 for connection handling uncovered a 836 different error which could result in connections that 837 stay in CLOSE_WAIT state due to a variable that was not 838 properly initialized. Problem noted by Michael Sims. 839 Deal with empty hostnames in hostsignature(). This bug could lead 840 to an endless loop when doing LMTP deliveries to another 841 host. Problem first reported by Martin Lathoud and 842 tracked down by Gael Roualland. 843 Make sure return parameters are initialized in getmxrr(). Problem 844 found by Gael Roualland using valgrind. 845 If shared memory is used and the RunAsUser option is set, then the 846 owner and group of the shared memory segment is set to 847 the ids specified RunAsUser and the access mode is set 848 to 0660 to allow for updates by sendmail processes. 849 The number of queue entries that is (optionally) kept in shared 850 memory was wrong in some cases, e.g., envelope splitting 851 and bounce generation. 852 Undo a change made in 8.13.0 to silently truncate long strings 853 in address rewriting because the message can be triggered 854 for header checks where long strings are legitimate. 855 Problem reported by Mary Verge DeSisto, and tracked 856 down with the help of John Beck of Sun Microsystems. 857 The internal stab map did not obey the -m flag. Patch from 858 Rob McMahon of Warwick University, England. 859 The socket map did not obey the -f flag. Problem noted by 860 Dan Ringdahl, forwarded by Andrzej Filip. 861 The addition of LDAP recursion in 8.13.0 broke enforcement of 862 the LDAP map -1 argument which tells the MTA to only 863 return success if and only if a single LDAP match is found. 864 Add additional error checks in the MTA for milter communication 865 to avoid a possible segmentation fault. Based on patch 866 by Joe Maimon. 867 Do not trigger an assertion if X509_digest() returns success but 868 does not assign a value to its output parameter. Based 869 on patch by Brian Kantor. 870 Add more checks when resetting internal AUTH data (applies only 871 to Cyrus SASL version 2). Otherwise an SMTP session might 872 be dropped after an AUTH failure. 873 Portability: 874 Add LA_LONGLONG as valid LA_TYPE type for systems that use 875 "long long" to read load average data, e.g., 876 AIX 5.1 in 32 bit mode. Note: this has to be set 877 "by hand", it is not (yet) automatically detected. 878 Problem noted by Burak Bilen. 879 Use socklen_t for accept(), etc. on AIX 5.x. This should 880 fix problems when compiling in 64 bit mode. 881 Problem first reported by Harry Meiert of 882 University of Bremen. 883 New Files: 884 include/sm/sem.h 885 libsm/sem.c 886 libsm/t-sem.c 887 8888.13.3/8.13.3 2005/01/11 889 Enhance handling of I/O errors, especially EOF, when STARTTLS 890 is active. 891 Make sure a connection is not reused after it has been closed 892 due to a 421 error. Problem found by Allan E Johannesen 893 of Worcester Polytechnic Institute. 894 Avoid triggering an assertion when sendmail is interrupted while 895 closing a connection. Problem found by Allan E Johannesen 896 of Worcester Polytechnic Institute. 897 Regression: a change in 8.13.2 caused sendmail not to try the 898 next MX host (or FallbackMXhost if configured) when, at 899 connection open, the current server returns a 4xy or 5xy 900 SMTP reply code. Problem noted by Mark Tranchant. 901 9028.13.2/8.13.2 2004/12/15 903 Do not split the first header even if it exceeds the internal 904 buffer size. Previously a part of such a header would 905 end up in the body of the message. Problem noted by 906 Simple Nomad of BindView. 907 Do not complain about "cataddr: string too long" when checking 908 headers that do not contain RFC 2822 addresses. 909 Problem noted by Rich Graves of Brandeis University. 910 If a server returns a 421 reply to the RSET command between 911 message deliveries, do not attempt to deliver any more 912 messages on that connection. This prevents bogus "Bad 913 file number" recipient status. Problem noted by 914 Allan E Johannesen of Worcester Polytechnic Institute. 915 Allow trailing white space in EHLO command as recommended by RFC 916 2821. Problem noted by Ralph Santagato of SBC Services. 917 Deal with clients which use AUTH but negotiate a smaller buffer size 918 for data exchanges than the value used by sendmail, e.g., 919 Cyrus IMAP lmtp server. Based on patch by Jamie Clark. 920 When passing ESMTP arguments for RCPT to a milter, do not cut 921 them off at a comma. Problem noted by Krzysztof Oledzki. 922 Add more logging to milter change header functions to 923 complement existing logging. Based on patch from 924 Gurusamy Sarathy of Active State. 925 Include <lber.h> in include/sm/config.h when LDAPMAP is defined. 926 Patch from Edgar Hoch of the University of Stuttgart. 927 Fix DNS lookup if IPv6 is enabled when converting an IP address 928 to a hostname for use with SASL. Problem noted by Ken Jones; 929 patch from Hajimu UMEMOTO. 930 CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog 931 mailer. Patch from John Beck of Sun Microsystems. 932 LIBMILTER: It was possible that xxfi_abort() was called after 933 xxfi_eom() for a message if some timeouts were triggered. 934 Patch from Alexey Kravchuk. 935 LIBMILTER: Slightly rearrange mutex use in listener.c to allow 936 different threads to call smfi_opensocket() and smfi_main(). 937 Patch from Jordan Ritter of Cloudmark. 938 MAIL.LOCAL: Properly terminate MBDB before exiting. Problem 939 noted by Nelson Fung. 940 MAIL.LOCAL: make strip-mail.local used a wrong path to access 941 mail.local. Problem noted by William Park. 942 VACATION: Properly terminate MBDB before exiting. Problem noted 943 by Nelson Fung. 944 Portability: 945 Add support for DragonFly BSD. 946 New Files: 947 cf/ostype/dragonfly.m4 948 devtools/OS/DragonFly 949 include/sm/os/sm_os_dragonfly.h 950 Deleted Files: 951 libsm/vsscanf.c 952 9538.13.1/8.13.1 2004/07/30 954 Using the default AliasFile ldap: specification would cause the 955 objectClasses of the LDAP response to be included in the 956 alias expansion. Problem noted by Brenden Conte of 957 Rensselaer Polytechnic Institute. 958 Fix support for a fallback smart host for system where DNS is 959 (partially) available. From John Beck of Sun Microsystems. 960 Fix SuperSafe=PostMilter behavior when a milter replaces a body 961 but the data file is not yet stored on disk because it is 962 smaller than the size of the memory buffer. Problem noted 963 by David Russell. 964 Fix certificate revocation list support; if a CRL was specified 965 but the other side presented a cert that was signed by 966 a different (trusted) CA than the one which issued the CRL, 967 verification would always fail. Problem noted by Al Smith. 968 Run mailer programs as the RunAsUser when RunAsUser is set and 969 the F=S mailer flag is set without a U= mailer equate. 970 Problem noted by John Gardiner Myers of Proofpoint. 971 ${nbadrcpts} was off by one if BadRcptThrottle is zero. 972 Patch from Sung-hoon Choi of DreamWiz Inc. 973 CONFIG: Emit a warning if FEATURE(`access_db') is used after 974 FEATURE(`greet_pause') because then the latter will not 975 use the access map. Note: if no default value is given 976 for FEATURE(`greet_pause') then it issues an error if 977 FEATURE(`access_db') is not specified before it. 978 Problem noted by Alexander Dalloz of University of 979 Bielefeld. 980 CONFIG: Invoke ruleset Local_greet_pause if FEATURE(`greet_pause') 981 is used to give more flexibility for local changes. 982 Portability: 983 Fix a 64 bit problem in the socket map code. Problem 984 noted by Geoff Adams. 985 NetBSD 2.0F has closefrom(3). Patch from Andrew Brown. 986 NetBSD can use sysctl(3) to get the number of CPUs in 987 a system. Patch from Andrew Brown. 988 Add a README file in doc/op/ to explain potential 989 incompatibilities with various *roff related 990 tools. Problem tracked down by Per Hedeland. 991 New Files: 992 doc/op/README 993 9948.13.0/8.13.0 2004/06/20 995 Do not include AUTH data in a bounce to avoid leaking confidential 996 information. See also cf/README about MSP and the section 997 "Providing SMTP AUTH Data when sendmail acts as Client". 998 Problem noted by Neil Rickert of Northern Illinois 999 University. 1000 Fix compilation error in libsm/clock.c for -D_FFR_SLEEP_USE_SELECT=n 1001 and -DSM_CONF_SETITIMER=0. Problem noted by Juergen Georgi 1002 of RUS University of Stuttgart. 1003 Fix bug in conversion from 8bit to quoted-printable. Problem found 1004 by Christof Haerens, patch from Per Hedeland. 1005 Add support for LDAP recursion based on types given to attribute 1006 specifications in an LDAP map definition. This allows 1007 LDAP queries to return a new query, a DN, or an LDAP 1008 URL which will in turn be queried. See the ``LDAP 1009 Recursion'' section of doc/op/op.me for more information. 1010 Based on patch from Andrew Baucom. 1011 Extend the default LDAP specifications for AliasFile 1012 (O AliasFile=ldap:) and file classes (F{X}@LDAP) to 1013 include support for LDAP recursion via new attributes. 1014 See ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section 1015 of cf/README for more information. 1016 New option for LDAP maps: the -w option allows you to specify the 1017 LDAP API/protocol version to use. The default depends on 1018 the LDAP library. 1019 New option for LDAP maps: the -H option allows you to specify an 1020 LDAP URI instead of specifying the LDAP server via -h host 1021 and -p port. This also allows for the use of LDAP over 1022 SSL and connections via named sockets if your LDAP 1023 library supports it. 1024 New compile time flag SM_CONF_LDAP_INITIALIZE: set this if 1025 ldap_initialize(3) is available (and LDAPMAP is set). 1026 If MaxDaemonChildren is set and a command is repeated too often 1027 during a SMTP session then terminate it just like it is 1028 done for too many bad SMTP commands. 1029 Basic connection rate control support has been added: the daemon 1030 maintains the number of incoming connections per client 1031 IP address and total in the macros {client_rate} and 1032 {total_rate}, respectively. These macros can be used 1033 in the cf file to impose connection rate limits. 1034 A new option ConnectionRateWindowSize (default: 60s) 1035 determines the length of the interval for which the 1036 number of connections is stored. Based on patch from 1037 Jose Marcio Martins da Cruz, Ecole des Mines de Paris. 1038 Add optional protection from open proxies and SMTP slammers which 1039 send SMTP traffic without waiting for the SMTP greeting. 1040 If enabled by the new ruleset greet_pause (see 1041 FEATURE(`greet_pause')), sendmail will wait the specified 1042 amount of time before sending the initial 220 SMTP 1043 greeting. If any traffic is received before then, a 554 1044 SMTP response is sent and all SMTP commands are rejected 1045 during that connection. 1046 If 32 NOOP (or unknown/bad) commands are issued by a client the SMTP 1047 server could sleep for a very long time. Fix based on 1048 patch from Tadashi Kobayashi of IIJ. 1049 Fix a potential memory leak in persistent queue runners if the 1050 number of entries in the queue exceeds the limit of jobs. 1051 Problem noted by Steve Hubert of University of Washington. 1052 Do not use 4.7.1 as enhanced status code because some broken systems 1053 misinterpret it as a permanent error. 1054 New value for SuperSafe: PostMilter which will delay fsync() until 1055 all milters accepted the mail. This can increase 1056 performance if many mails are rejected by milters due to 1057 body scans. Based on patch from David F. Skoll. 1058 New macro {msg_id} which contains the value of the Message-Id: 1059 header, whether provided by the client or generated by 1060 sendmail. 1061 New macro {client_connections} which contains the number of open 1062 connections in the SMTP server for the client IP address. 1063 Based on patch from Jose Marcio Martins da Cruz, Ecole des 1064 Mines de Paris. 1065 sendmail will now remove its pidfile when it exits. This was done 1066 to prevent confusion caused by running sendmail stop 1067 scripts two or more times, where the second and subsequent 1068 runs would report misleading error messages about sendmail's 1069 pid no longer existing. See section 1.3.15 of doc/op/op.me 1070 for a discussion of the implications of this, including 1071 how to correct broken scripts which may have depended on 1072 the old behavior. From John Beck of Sun Microsystems. 1073 Support per-daemon input filter lists which override the default 1074 filter list specified in InputMailFilters. The filters 1075 can be listed in the I= equate of DaemonPortOptions. 1076 Do not add all domain prefixes of the hostname to class 'w'. If 1077 your configuration relies on this behavior, you have to 1078 add those names to class 'w' yourself. Problem noted 1079 by Sander Eerkes. 1080 Support message quarantining in the mail queue. Quarantined 1081 messages are not run on normal queue displays or runs 1082 unless specifically requested with -qQ. Quarantined queue 1083 files are named with an hf prefix instead of a qf prefix. 1084 The -q command line option now can specify which queue to display 1085 or run. -qQ operates on quarantined queue items. -qL 1086 operates on lost queue items. 1087 Restricted mail queue runs and displays can be done based on the 1088 quarantined reason using -qQtext to run or display 1089 quarantined items if the quarantine reason contains the 1090 given text. Similarly, -q!Qtext will run or display 1091 quarantined items which do not have the given text in the 1092 quarantine reason. 1093 Items in the queue can be quarantined or unquarantined using the 1094 new -Q option. See doc/op/op.me for more information. 1095 When displaying the quarantine mailq with 'mailq -qQ', the 1096 quarantine reason is shown in a new line prefixed by 1097 "QUARANTINE:". 1098 A new error code for the $#error mailer, $@ quarantine, can be used 1099 to quarantine messages in check_* (except check_compat) and 1100 header check rulesets. The $: of the mailer triplet will 1101 be used for the quarantine reason. 1102 Add a new quarantine count to the mailstats collected. 1103 Add a new macro ${quarantine} which is the quarantine reason for a 1104 message if it is quarantined. 1105 New map type "socket" for a trivial query protocol over UNIX domain 1106 or TCP sockets (requires compile time option SOCKETMAP). 1107 See sendmail/README and doc/op/op.me for details as well as 1108 socketmapServer.pl and socketmapClient.pl in contrib. 1109 Code donated by Bastiaan Bakker of LifeLine Networks. 1110 Define new macro ${client_ptr} which holds the result of the PTR 1111 lookup for the client IP address. Note: this is the same 1112 as ${client_name} if and only if ${client_resolve} is OK. 1113 Add a new macro ${nbadrcpts} which contains the number of bad 1114 recipients received so far in a transaction. 1115 Call check_relay with the value of ${client_name} to deal with bogus 1116 DNS entries. See also FEATURE(`use_client_ptr'). Problem 1117 noted by Kai Schlichting. 1118 Treat Delivery-Receipt-To: headers the same as Return-Receipt-To: 1119 headers (turn them into DSNs). Delivery-Receipt-To: is 1120 apparently used by SIMS (Sun Internet Mail System). 1121 Enable connection caching for LPC mailers. Patch from Christophe 1122 Wolfhugel of France Telecom Oleane. 1123 Do not silently truncate long strings in address rewriting. 1124 Add support for Cyrus SASL version 2. From Kenneth Murchison of 1125 Oceana Matrix Ltd. 1126 Add a new AuthOption=m flag to require the use of mechanisms which 1127 support mutual authentication. From Kenneth Murchison of 1128 Oceana Matrix Ltd. 1129 Fix logging of TLS related problems (introduced in 8.12.11). 1130 The macros {auth_author} and {auth_authen} are stored in xtext 1131 format just like the STARTTLS related macros to avoid 1132 problems with parsing them. Problem noted by Pierangelo 1133 Masarati of SysNet s.n.c. 1134 New option AuthRealm to set the authentication realm that is 1135 passed to the Cyrus SASL library. Patch from Gary Mills 1136 of the University of Manitoba. 1137 Enable AUTH mechanism EXTERNAL if STARTTLS verification was 1138 successful, otherwise relaying would be allowed if 1139 EXTERNAL is listed in TRUST_AUTH_MECH() and STARTTLS 1140 is active. 1141 Add basic support for certificate revocation lists. Note: if a 1142 CRLFile is specified but the file is unusable, STARTTLS 1143 is disabled. Based on patch by Ralf Hornik. 1144 Enable workaround for inconsistent Cyrus SASLv1 API for mechanisms 1145 DIGEST-MD5 and LOGIN. 1146 Write pid to file also if sendmail only acts as persistent queue 1147 runner. Proposed by Gary Mills of the University of Manitoba. 1148 Keep daemon pid file(s) locked so other daemons don't try to 1149 overwrite each other's pid files. 1150 Increase maximum length of logfile fields for {cert_subject} and 1151 {cert_issuer} from 128 to 256. Requested by Christophe 1152 Wolfhugel of France Telecom. 1153 Log the TLS verification message on the STARTTLS= log line at 1154 LogLevel 12 or higher. 1155 If the MSP is invoked with the verbose option (-v) then it will 1156 try to use the SMTP command VERB to propagate this option 1157 to the MTA which in turn will show the delivery just like 1158 it was done before the default 8.12 separation of MSP and 1159 MTA. Based on patch by Per Hedeland. 1160 If a daemon is refusing connections for longer than the time specified 1161 by the new option RejectLogInterval (default: 3 hours) due 1162 to high load, log this information. Patch from John Beck 1163 of Sun Microsystems. 1164 Remove the ability for non-trusted users to raise the value of 1165 CheckpointInterval on the command line. 1166 New mailer flag 'B' to strip leading backslashes, which is a 1167 subset of the functionality of the 's' flag. 1168 New mailer flag 'W' to ignore long term host status information. 1169 Patch from Juergen Georgi of RUS University of Stuttgart. 1170 Enable generic mail filter API (milter) by default. To turn 1171 it off, add -DMILTER=0 to the compile time options. 1172 An internal SMTP session discard flag was lost after an RSET/HELO/EHLO 1173 causing subsequent messages to be sent instead of being 1174 discarded. This also caused milter callbacks to be called 1175 out of order after the SMTP session was reset. 1176 New option RequiresDirfsync to turn off the compile time flag 1177 REQUIRES_DIR_FSYNC at runtime. See sendmail/README for 1178 further information. 1179 New command line option -D logfile to send debug output to 1180 the indicated log file instead of stdout. 1181 Add Timeout.queuereturn.dsn and Timeout.queuewarn.dsn to control 1182 queue return and warning times for delivery status 1183 notifications. 1184 New queue sort order option: 'n'one for not sorting the queue entries 1185 at all. 1186 Several more return values for ruleset srv_features have been added 1187 to enable/disable certain features in the server per 1188 connection. See doc/op/op.me for details. 1189 Support for SMTP over SSL (smtps), activated by Modifier=s 1190 for DaemonPortOptions. 1191 Continue with DNS lookups on ECONNREFUSED and TRY_AGAIN when 1192 trying to canonify hostnames. Suggested by Neil Rickert 1193 of Northern Illinois University. 1194 Add support for a fallback smart host (option FallbackSmartHost) to 1195 be tried as a last resort after all other fallbacks. This 1196 is designed for sites with partial DNS (e.g., an accurate 1197 view of inside the company, but an incomplete view of 1198 outside). From John Beck of Sun Microsystems. 1199 Enable timeout for STARTTLS even if client does not start the TLS 1200 handshake. Based on patch by Andrey J. Melnikoff. 1201 Remove deprecated -v option for PH map, use -k instead. Patch from 1202 Mark Roth of the University of Illinois at Urbana-Champaign. 1203 libphclient is version 1.2.x by default, if version 1.1.x is required 1204 then compile with -DNPH_VERSION=10100. Patch from Mark Roth 1205 of the University of Illinois at Urbana-Champaign. 1206 Add Milter.macros.eom, allowing macros to be sent to milter 1207 applications for use in the xxfi_eom() callback. 1208 New macro {time} which contains the output of the time(3) function, 1209 i.e., the number of seconds since 0 hours, 0 minutes, 1210 0 seconds, January 1, 1970, Coordinated Universal Time (UTC). 1211 If check_relay sets the reply code to "421" the SMTP server will 1212 terminate the SMTP session with a 421 error message. 1213 Get rid of dead code that tried to access the environment variable 1214 HOSTALIASES. 1215 Deprecate the use of ErrorMode=write. To enable this in 8.13 1216 compile with -DUSE_TTYPATH=1. 1217 Header check rulesets using $>+ (do not strip comments) will get 1218 the header value passed in without balancing quotes, 1219 parentheses, and angle brackets. Based on patch from 1220 Oleg Bulyzhin. 1221 Do not complain and fix up unbalanced quotes, parentheses, and 1222 angle brackets when reading in rulesets. This allows 1223 rules to be written for header checks to catch strings 1224 that contain quotes, parentheses, and/or angle brackets. 1225 Based on patch from Oleg Bulyzhin. 1226 Do not close socket when accept(2) in the daemon encounters 1227 some temporary errors like ECONNABORTED. 1228 Added list of CA certificates that are used by members of the 1229 sendmail consortium, see CACerts. 1230 Portability: 1231 Two new compile options have been added: 1232 HASCLOSEFROM System has closefrom(3). 1233 HASFDWALK System has fdwalk(3). 1234 Based on patch from John Beck of Sun Microsystems. 1235 The Linux kernel version 2.4 series has a broken flock() so 1236 change to using fcntl() locking until they can fix 1237 it. Be sure to update other sendmail related 1238 programs to match locking techniques. 1239 New compile time option NEEDINTERRNO which should be set 1240 if <errno.h> does not declare errno itself. 1241 Support for UNICOS/mk and UNICOS/mp added, some changes for 1242 UNICOS. Patches contributed by Aaron Davis and 1243 Brian Ginsbach, Cray Inc., and Manu Mahonen of 1244 Center for Scientific Computing. 1245 Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther). 1246 Extend support to Darwin 7.x/Mac OS X 10.3 (a.k.a. Panther). 1247 Remove path from compiler definition for Interix because 1248 Interix 3.0 and 3.5 put gcc in different locations. 1249 Also use <sys/mkdev.h> to get the correct 1250 major()/minor() definitions. Based on feedback 1251 from Mark Funkenhauser. 1252 CONFIG: Add support for LDAP recursion to the default LDAP searches 1253 for maps via new attributes. See the ``USING LDAP FOR 1254 ALIASES, MAPS, and CLASSES'' section of cf/README and 1255 cf/sendmail.schema for more information. 1256 CONFIG: Make sure confTRUSTED_USER is valid even if confRUN_AS_USER 1257 is of the form "user:group" when used for submit.mc. 1258 Problem noted by Carsten P. Gehrke, patch from Neil Rickert 1259 of Northern Illinois University. 1260 CONFIG: Add a new access DB value of QUARANTINE:reason which 1261 instructs the check_* (except check_compat) to quarantine 1262 the message using the given reason. 1263 CONFIG: Use "dns -R A" as map type for dnsbl (just as for enhdnsbl) 1264 instead of "host" to avoid problem with looking up other 1265 DNS records than just A. 1266 CONFIG: New option confCONNECTION_RATE_WINDOW_SIZE to define the 1267 length of the interval for which the number of incoming 1268 connections is maintained. 1269 CONFIG: New FEATURE(`ratecontrol') to set the limits for connection 1270 rate control for individual hosts or nets. 1271 CONFIG: New FEATURE(`conncontrol') to set the limits for the 1272 number of open SMTP connections for individual hosts or nets. 1273 CONFIG: New FEATURE(`greet_pause') enables open proxy and SMTP 1274 slamming protection described above. The feature can 1275 take an argument specifying the milliseconds to wait and/or 1276 use the access database to look the pause time based on 1277 client hostname, domain, IP address, or subnet. 1278 CONFIG: New FEATURE(`use_client_ptr') to have check_relay use 1279 $&{client_ptr} as its first argument. This is useful for 1280 rejections based on the unverified hostname of client, 1281 which turns on the same behavior as in earlier sendmail 1282 versions when delay_checks was not in use. See also entry 1283 above about check_relay being invoked with ${client_name}. 1284 CONFIG: New option confREJECT_LOG_INTERVAL to specify the log 1285 interval when refusing connections for this long. 1286 CONFIG: Remove quotes around usage of confREJECT_MSG; in some cases 1287 this requires a change in a mc file. Requested by 1288 Ted Roberts of Electronic Data Systems. 1289 CONFIG: New option confAUTH_REALM to set the authentication realm 1290 that is passed to the Cyrus SASL library. Patch from 1291 Gary Mills of the University of Manitoba. 1292 CONFIG: Rename the (internal) classes {tls}/{src} to {Tls}/{Src} 1293 to follow the naming conventions. 1294 CONFIG: Add a third optional argument to local_lmtp to specify 1295 the A= argument. 1296 CONFIG: Remove the f flag from the default mailer flags of 1297 local_lmtp. 1298 CONFIG: New option confREQUIRES_DIR_FSYNC to turn off the compile 1299 time flag REQUIRES_DIR_FSYNC at runtime. 1300 CONFIG: New LOCAL_UUCP macro to insert rules into the generated 1301 cf file at the same place where MAILER(`uucp') inserts 1302 its rules. 1303 CONFIG: New options confTO_QUEUERETURN_DSN and confTO_QUEUEWARN_DSN 1304 to control queue return and warning times for delivery 1305 status notifications. 1306 CONFIG: New option confFALLBACK_SMARTHOST to define FallbackSmartHost. 1307 CONFIG: Add the mc file which has been used to create the cf 1308 file to the end of the cf file when using make in cf/cf/. 1309 Patch from Richard Rognlie. 1310 CONFIG: FEATURE(nodns) has been removed, it was a no-op since 8.9. 1311 Use ServiceSwitchFile to turn off DNS lookups, see 1312 doc/op/op.me. 1313 CONFIG: New option confMILTER_MACROS_EOM (sendmail Milter.macros.eom 1314 option) defines macros to be sent to milter applications for 1315 use in the xxfi_eom() callback. 1316 CONFIG: New option confCRL to specify file which contains 1317 certificate revocations lists. 1318 CONFIG: Add a new value (sendertoo) for the third argument to 1319 FEATURE(`ldap_routing') which will reject the SMTP 1320 MAIL From: command if the sender address doesn't exist 1321 in LDAP. See cf/README for more information. 1322 CONFIG: Add a fifth argument to FEATURE(`ldap_routing') which 1323 instructs the rulesets on whether or not to do a domain 1324 lookup if a full address lookup doesn't match. See cf/README 1325 for more information. 1326 CONFIG: Add a sixth argument to FEATURE(`ldap_routing') which 1327 instructs the rulesets on whether or not to queue the mail 1328 or give an SMTP temporary error if the LDAP server can't be 1329 reached. See cf/README for more information. Based on 1330 patch from Billy Ray Miller of Caterpillar. 1331 CONFIG: Experimental support for MTAMark, see cf/README for details. 1332 CONFIG: New option confMESSAGEID_HEADER to define a different 1333 Message-Id: header format. Patch from Bastiaan Bakker 1334 of LifeLine Networks. 1335 CONTRIB: New version of cidrexpand which uses Net::CIDR. From 1336 Derek J. Balling. 1337 CONTRIB: oldbind.compat.c has been removed due to security problems. 1338 Found by code inspection done by Reasoning, Inc. 1339 DEVTOOLS: Add an example file for devtools/Site/, contributed 1340 by Neil Rickert of Northern Illinois University. 1341 LIBMILTER: Add new function smfi_quarantine() which allows the 1342 filter's EOM routine to quarantine the current message. 1343 Filters which use this function must include the 1344 SMFIF_QUARANTINE flag in the registered smfiDesc structure. 1345 LIBMILTER: If a milter sets the reply code to "421", the SMTP server 1346 will terminate the SMTP session with that error. 1347 LIBMILTER: Upon filter shutdown, libmilter will not remove a 1348 named socket in the file system if it is running as root. 1349 LIBMILTER: Add new function smfi_progress() which allows the filter 1350 to notify the MTA that an EOM operation is still in progress, 1351 resetting the timeout. 1352 LIBMILTER: Add new function smfi_opensocket() which allows the filter 1353 to attempt to establish the interface socket, and detect 1354 failure to do so before calling smfi_main(). 1355 LIBMILTER: Add new function smfi_setmlreply() which allows the 1356 filter to return a multi-line SMTP reply. 1357 LIBMILTER: Deal with more temporary errors in accept() by ignoring 1358 them instead of stopping after too many occurred. 1359 Suggested by James Carlson of Sun Microsystems. 1360 LIBMILTER: Fix a descriptor leak in the sample program found in 1361 docs/sample.html. Reported by Dmitry Adamushko. 1362 LIBMILTER: The sample program also needs to use SMFIF_ADDRCPT. 1363 Reported by Carl Byington of 510 Software Group. 1364 LIBMILTER: Document smfi_stop() and smfi_setdbg(). Patches 1365 from Bryan Costales. 1366 LIBMILTER: New compile time option SM_CONF_POLL; define this if 1367 poll(2) should be used instead of select(2). 1368 LIBMILTER: New function smfi_insheader() and related protocol 1369 amendments to support header insertion operations. 1370 MAIL.LOCAL: Add support for hashed mail directories, see 1371 mail.local/README. Contributed by Chris Adams of HiWAAY 1372 Informations Services. 1373 MAILSTATS: Display quarantine message counts. 1374 MAKEMAP: Add new flag -D to specify the comment character to use 1375 instead of '#'. 1376 VACATION: Add new flag -j to auto-respond to messages regardless of 1377 whether or not the recipient is listed in the To: or Cc: 1378 headers. 1379 VACATION: Add new flag -R to specify the envelope sender address 1380 for the auto-response message. 1381 New Files: 1382 CACerts 1383 cf/feature/conncontrol.m4 1384 cf/feature/greet_pause.m4 1385 cf/feature/mtamark.m4 1386 cf/feature/ratecontrol.m4 1387 cf/feature/use_client_ptr.m4 1388 cf/ostype/unicos.m4 1389 cf/ostype/unicosmk.m4 1390 cf/ostype/unicosmp.m4 1391 contrib/socketmapClient.pl 1392 contrib/socketmapServer.pl 1393 devtools/OS/Darwin.7.0 1394 devtools/OS/UNICOS-mk 1395 devtools/OS/UNICOS-mp 1396 devtools/Site/site.config.m4.sample 1397 include/sm/os/sm_os_unicos.h 1398 include/sm/os/sm_os_unicosmk.h 1399 include/sm/os/sm_os_unicosmp.h 1400 libmilter/docs/smfi_insheader.html 1401 libmilter/docs/smfi_progress.html 1402 libmilter/docs/smfi_quarantine.html 1403 libmilter/docs/smfi_setdbg.html 1404 libmilter/docs/smfi_setmlreply.html 1405 libmilter/docs/smfi_stop.html 1406 sendmail/ratectrl.c 1407 Deleted Files: 1408 cf/feature/nodns.m4 1409 contrib/oldbind.compat.c 1410 devtools/OS/CRAYT3E.2.0.x 1411 devtools/OS/CRAYTS.10.0.x 1412 libsm/vsprintf.c 1413 Renamed Files: 1414 devtools/OS/Darwin.7.0 => devtools/OS/Darwin.7.x 1415 14168.12.11/8.12.11 2004/01/18 1417 Use QueueFileMode when opening qf files. This error was a 1418 regression in 8.12.10. Problem detected and diagnosed 1419 Lech Szychowski of the Polish Power Grid Company. 1420 Properly count the number of queue runners in a work group and 1421 make sure the total limit of MaxQueueChildren is not 1422 exceeded. Based on patch from Takayuki Yoshizawa of 1423 Techfirm, Inc. 1424 Take care of systems that can generate time values where the 1425 seconds can exceed the usual range of 0 to 59. 1426 Problem noted by Randy Diffenderfer of EDS. 1427 Avoid regeneration of identical queue identifiers by processes 1428 whose process id is the same as that of the initial 1429 sendmail process that was used to start the daemon. 1430 Problem noted by Randy Diffenderfer of EDS. 1431 When a milter invokes smfi_delrcpt() compare the supplied 1432 recipient address also against the printable addresses 1433 of the current list to deal with rewritten addresses. 1434 Based on patch from Sean Hanson of The Asylum. 1435 BadRcptThrottle now also works for addresses which return the 1436 error mailer, e.g., virtusertable entries with the 1437 right hand side error:. Patch from Per Hedeland. 1438 Fix printing of 8 bit characters as octals in log messages. 1439 Based on patch by Andrey J. Melnikoff. 1440 Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit 1441 text that has been introduced in 8.12.3. There are some 1442 examples where the new code fails, but the old code works. 1443 To get the 8.12.3-8.12.10 version, compile sendmail with 1444 -DMIME7TO8_OLD=0. If you have an example of improper 1445 7 to 8 bit conversion please send it to us. 1446 Return normal error code for unknown SMTP commands instead of 1447 the one specified by check_relay or a milter for a 1448 connection. Problem noted by Andrzej Filip. 1449 Some ident responses contain data after the terminating CRLF which 1450 causes sendmail to log "POSSIBLE ATTACK...newline in string". 1451 To avoid this everything after LF is ignored. 1452 If the operating system supports O_EXLOCK and HASFLOCK is set 1453 then a possible race condition for creating qf files 1454 can be avoided. Note: the race condition does not 1455 exist within sendmail, but between sendmail and an 1456 external application that accesses qf files. 1457 Log the proper options name for TLS related mising files for 1458 the CACertPath, CACertFile, and DHParameters options. 1459 Do not split an envelope if it will be discarded, otherwise df 1460 files could be left behind. Problem found by Wolfgang 1461 Breyha. 1462 The use of the environment variables HOME and HOSTALIASES has been 1463 deprecated and will be removed in version 8.13. This only 1464 effects configuration which preserve those variable via the 1465 'E' command in the cf file as sendmail clears out its entire 1466 environment. 1467 Portability: 1468 Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther). 1469 Solaris 10 has unsetenv(), patch from Craig Mohrman of 1470 Sun Microsystems. 1471 LIBMILTER: Add extra checks in case a broken MTA sends bogus data 1472 to libmilter. Based on code review by Rob Grzywinski. 1473 SMRSH: Properly assemble commands that contain '&&' or '||'. 1474 Problem noted by Eric Lee of Talking Heads. 1475 New Files: 1476 devtools/OS/Darwin.7.0 1477 14788.12.10/8.12.10 2003/09/24 (Released: 2003/09/17) 1479 SECURITY: Fix a buffer overflow in address parsing. Problem 1480 detected by Michal Zalewski, patch from Todd C. Miller 1481 of Courtesan Consulting. 1482 Fix a potential buffer overflow in ruleset parsing. This problem 1483 is not exploitable in the default sendmail configuration; 1484 only if non-standard rulesets recipient (2), final (4), or 1485 mailer-specific envelope recipients rulesets are used then 1486 a problem may occur. Problem noted by Timo Sirainen. 1487 Accept 0 (and 0/0) as valid input for set MaxMimeHeaderLength. 1488 Problem noted by Thomas Schulz. 1489 Add several checks to avoid (theoretical) buffer over/underflows. 1490 Properly count message size when performing 7->8 or 8->7 bit MIME 1491 conversions. Problem noted by Werner Wiethege. 1492 Properly compute message priority based on size of entire message, 1493 not just header. Problem noted by Axel Holscher. 1494 Reset SevenBitInput to its configured value between SMTP 1495 transactions for broken clients which do not properly 1496 announce 8 bit data. Problem noted by Stefan Roehrich. 1497 Set {addr_type} during queue runs when processing recipients. 1498 Based on patch from Arne Jansen. 1499 Better error handling in case of (very unlikely) queue-id conflicts. 1500 Perform better error recovery for address parsing, e.g., when 1501 encountering a comment that is too long. Problem noted by 1502 Tanel Kokk, Union Bank of Estonia. 1503 Add ':' to the allowed character list for bogus HELO/EHLO 1504 checking. It is used for IPv6 domain literals. Patch from 1505 Iwaizako Takahiro of FreeBit Co., Ltd. 1506 Reset SASL connection context after a failed authentication attempt. 1507 Based on patch from Rob Siemborski of CMU. 1508 Check Berkeley DB compile time version against run time version 1509 to make sure they match. 1510 Do not attempt AAAA (IPv6) DNS lookups if IPv6 is not enabled 1511 in the kernel. 1512 When a milter adds recipients and one of them causes an error, 1513 do not ignore the other recipients. Problem noted by 1514 Bart Duchesne. 1515 CONFIG: Use specified SMTP error code in mailertable entries which 1516 lack a DSN, i.e., "error:### Text". Problem noted by 1517 Craig Hunt. 1518 CONFIG: Call Local_trust_auth with the correct argument. Patch 1519 from Jerome Borsboom. 1520 CONTRIB: Better handling of temporary filenames for doublebounce.pl 1521 and expn.pl to avoid file overwrites, etc. Patches from 1522 Richard A. Nelson of Debian and Paul Szabo. 1523 MAIL.LOCAL: Fix obscure race condition that could lead to an 1524 improper mailbox truncation if close() fails after the 1525 mailbox is fsync()'ed and a new message is delivered 1526 after the close() and before the truncate(). 1527 MAIL.LOCAL: If mail delivery fails, do not leave behind a 1528 stale lockfile (which is ignored after the lock timeout). 1529 Patch from Oleg Bulyzhin of Cronyx Plus LLC. 1530 Portability: 1531 Port for AIX 5.2. Thanks to Steve Hubert of University 1532 of Washington for providing access to a computer 1533 with AIX 5.2. 1534 setreuid(2) works on OpenBSD 3.3. Patch from 1535 Todd C. Miller of Courtesan Consulting. 1536 Allow for custom definition of SMRSH_CMDDIR and SMRSH_PATH 1537 on all operating systems. Patch from Robert Harker 1538 of Harker Systems. 1539 Use strerror(3) on Linux. If this causes a problem on 1540 your Linux distribution, compile with 1541 -DHASSTRERROR=0 and tell sendmail.org about it. 1542 Added Files: 1543 devtools/OS/AIX.5.2 1544 15458.12.9/8.12.9 2003/03/29 1546 SECURITY: Fix a buffer overflow in address parsing due to 1547 a char to int conversion problem which is potentially 1548 remotely exploitable. Problem found by Michal Zalewski. 1549 Note: an MTA that is not patched might be vulnerable to 1550 data that it receives from untrusted sources, which 1551 includes DNS. 1552 To provide partial protection to internal, unpatched sendmail MTAs, 1553 8.12.9 changes by default (char)0xff to (char)0x7f in 1554 headers etc. To turn off this conversion compile with 1555 -DALLOW_255 or use the command line option -d82.101. 1556 To provide partial protection for internal, unpatched MTAs that may be 1557 performing 7->8 or 8->7 bit MIME conversions, the default 1558 for MaxMimeHeaderLength has been changed to 2048/1024. 1559 Note: this does have a performance impact, and it only 1560 protects against frontal attacks from the outside. 1561 To disable the checks and return to pre-8.12.9 defaults, 1562 set MaxMimeHeaderLength to 0/0. 1563 Do not complain about -ba when submitting mail. Problem noted 1564 by Derek Wueppelmann. 1565 Fix compilation with Berkeley DB 1.85 on systems that do not 1566 have flock(2). Problem noted by Andy Harper of Kings 1567 College London. 1568 Properly initialize data structure for dns maps to avoid various 1569 errors, e.g., looping processes. Problem noted by 1570 Maurice Makaay of InterNLnet B.V. 1571 CONFIG: Prevent multiple application of rule to add smart host. 1572 Patch from Andrzej Filip. 1573 CONFIG: Fix queue group declaration in MAILER(`usenet'). 1574 CONTRIB: buildvirtuser: New option -t builds the virtusertable 1575 text file instead of the database map. 1576 Portability: 1577 Revert wrong change made in 8.12.7 and actually use the 1578 builtin getopt() version in sendmail on Linux. 1579 This can be overridden by using -DSM_CONF_GETOPT=0 1580 in which case the OS supplied version will be used. 1581 15828.12.8/8.12.8 2003/02/11 1583 SECURITY: Fix a remote buffer overflow in header parsing by 1584 dropping sender and recipient header comments if the 1585 comments are too long. Problem noted by Mark Dowd 1586 of ISS X-Force. 1587 Fix a potential non-exploitable buffer overflow in parsing the 1588 .cf queue settings and potential buffer underflow in 1589 parsing ident responses. Problem noted by Yichen Xie of 1590 Stanford University Compilation Group. 1591 Fix ETRN #queuegroup command: actually start a queue run for 1592 the selected queue group. Problem noted by Jos Vos. 1593 If MaxMimeHeaderLength is set and a malformed MIME header is fixed, 1594 log the fixup as "Fixed MIME header" instead of "Truncated 1595 MIME header". Problem noted by Ian J Hart. 1596 CONFIG: Fix regression bug in proto.m4 that caused a bogus 1597 error message: "FEATURE() should be before MAILER()". 1598 MAIL.LOCAL: Be more explicit in some error cases, i.e., whether 1599 a mailbox has more than one link or whether it is not 1600 a regular file. Patch from John Beck of Sun Microsystems. 1601 16028.12.7/8.12.7 2002/12/29 1603 Properly clean up macros to avoid persistence of session data 1604 across various connections. This could cause session 1605 oriented restrictions, e.g., STARTTLS requirements, 1606 to erroneously allow a connection. Problem noted 1607 by Tim Maletic of Priority Health. 1608 Do not lookup MX records when sorting the MSP queue. The MSP 1609 only needs to relay all mail to the MTA. Problem found 1610 by Gary Mills of the University of Manitoba. 1611 Do not restrict the length of connection information to 100 1612 characters in some logging statements. Problem noted by 1613 Erik Parker. 1614 When converting an enhanced status code to an exit status, use 1615 EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5 1616 is used. 1617 Reset macro $x when receiving another MAIL command. Problem 1618 noted by Vlado Potisk of Wigro s.r.o. 1619 Don't bother setting the permissions on the build area statistics 1620 file, the proper permissions will be put on the file at 1621 install time. This fixes installation over NFS for some 1622 users. Problem noted by Martin J. Dellwo of 3-Dimensional 1623 Pharmaceuticals, Inc. 1624 Fix problem of decoding SASLv2 encrypted data. Problem noted by 1625 Alex Deiter of Mobile TeleSystems, Komi Republic. 1626 Log milter socket open errors at MilterLogLevel 1 or higher instead 1627 of 11 or higher. 1628 Print early system errors to the console instead of silently 1629 exiting. Problem noted by James Jong of IBM. 1630 Do not process a queue group if Runners is set to 0, regardless 1631 of whether F=f or sendmail is run in verbose mode (-v). 1632 The use of -qGname will still force queue group "name" 1633 to be run even if Runners=0. 1634 Change the level for logging the fact that a daemon is refusing 1635 connections due to high load from LOG_INFO to LOG_NOTICE. 1636 Patch from John Beck of Sun Microsystems. 1637 Use location information for submit.cf from NetInfo 1638 (/locations/sendmail/submit.cf) if available. 1639 Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by 1640 Neil Rickert of Northern Illinois University. 1641 Make behavior of /canon in debug mode consistent with usage in 1642 rulesets. Patch from Shigeno Kazutaka of IIJ. 1643 Fix a potential memory leak in envelope splitting. Problem noted 1644 by John Majikes of IBM. 1645 Do not try to share an mailbox database LDAP connection across 1646 different processes. Problem noted by Randy Kunkee. 1647 Fix logging for undelivered recipients when the SMTP connection 1648 times out during message collection. Problem noted by Neil 1649 Rickert of Northern Illinois University. 1650 Avoid problems with QueueSortOrder=random due to problems with 1651 qsort() on Solaris (and maybe some other operating systems). 1652 Problem noted by Stephan Schulz of Gruner+Jahr.. 1653 If -f "" is specified, set the sender address to "<>". Problem 1654 noted by Matthias Andree. 1655 Fix formatting problem of footnotes for plain text output on some 1656 versions of tmac. Patch from Per Hedeland. 1657 Portability: 1658 Berkeley DB 4.1 support (requires at least 4.1.25). 1659 Some getopt(3) implementations in GNU/Linux are broken 1660 and pass a NULL pointer to an option which requires 1661 an argument, hence the builtin version of 1662 sendmail is used instead. This can be overridden 1663 by using -DSM_CONF_GETOPT=0. Problem noted by 1664 Vlado Potisk of Wigro s.r.o. 1665 Support for nph-1.2.0 from Mark D. Roth of the University 1666 of Illinois at Urbana-Champaign. 1667 Support for FreeBSD 5.0's MAC labeling from Robert Watson 1668 of the TrustedBSD Project. 1669 Support for reading the number of processors on an IRIX 1670 system from Michel Bourget of SGI. 1671 Support for UnixWare 7.1 based on input from Larry Rosenman. 1672 Interix support from Nedelcho Stanev of Atlantic Sky 1673 Corporation. 1674 Update Mac OS X/Darwin portability from Wilfredo Sanchez. 1675 CONFIG: Enforce tls_client restrictions even if delay_checks 1676 is used. Problem noted by Malte Starostik. 1677 CONFIG: Deal with an empty hostname created via bogus 1678 DNS entries to get around access restrictions. 1679 Problem noted by Kai Schlichting. 1680 CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default 1681 to avoid problems with hostname resolution for localhost 1682 which on many systems does not resolve to 127.0.0.1 (or 1683 ::1 for IPv6). If you do not use IPv4 but only IPv6 then 1684 you need to change submit.mc accordingly, see the comment 1685 in the file itself. 1686 CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid 1687 error messages from initgroups(3) on AIX 4.3 when sending 1688 mail to non-existing users. Problem noted by Mark Roth of 1689 the University of Illinois at Urbana-Champaign. 1690 CONFIG: Allow local_procmail to override local_lmtp settings. 1691 CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to 1692 relay. 1693 CONTRIB: cidrexpand: Deal with the prefix tags that may be included 1694 in access_db. 1695 CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell. 1696 LIBMILTER: On Solaris libmilter may get into an endless loop if 1697 an error in the communication from/to the MTA occurs. 1698 Patch from Gurusamy Sarathy of Active State. 1699 LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64. 1700 Patch from from Jose Marcio Martins da Cruz of Ecole 1701 Nationale Superieure des Mines de Paris. 1702 MAIL.LOCAL: Fix a truncation race condition if the close() on 1703 the mailbox fails. Problem noted by Tomoko Fukuzawa of 1704 Sun Microsystems. 1705 MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3) 1706 fails. Patch from John Beck of Sun Microsystems. 1707 SMRSH: SECURITY: Only allow regular files or symbolic links to be 1708 used for a command. Problem noted by David Endler of 1709 iDEFENSE, Inc. 1710 New Files: 1711 devtools/OS/Interix 1712 include/sm/bdb.h 1713 17148.12.6/8.12.6 2002/08/26 1715 Do not add the FallbackMXhost (or its MX records) to the list 1716 returned by the bestmx map when -z is used as option. 1717 Otherwise sendmail may act as an open relay if FallbackMXhost 1718 and FEATURE(`relay_based_on_MX') are used together. 1719 Problem noted by Alexander Ignatyev. 1720 Properly split owner- mailing list messages when SuperSafe is set 1721 to interactive. Problem noted by Todd C. Miller of 1722 Courtesan Consulting. 1723 Make sure that an envelope is queued in the selected queue group 1724 even if some recipients are deleted or invalid. Problem 1725 found by Chris Adams of HiWAAY Informations Services. 1726 Do not send a bounce message if a message is completely collected 1727 from the SMTP client. Problem noted by Kari Hurtta of the 1728 Finnish Meteorological Institute. 1729 Provide an 'install-submit-st' target for sendmail/Makefile to 1730 install the MSP statistics file using the file named in the 1731 confMSP_STFILE devtools variable. Requested by Jeff 1732 Earickson of Colby College. 1733 Queue up mail with a temporary error if setusercontext() fails 1734 during a delivery attempt. Patch from Todd C. Miller of 1735 Courtesan Consulting. 1736 Fix handling of base64 encoded client authentication data for 1737 SMTP AUTH. Patch from Elena Slobodnik of life medien GmbH. 1738 Set the OpenLDAP option LDAP_OPT_RESTART so the client libraries 1739 restart interrupted system calls. Problem noted by Luiz 1740 Henrique Duma of BSIOne. 1741 Prevent a segmentation fault if a program passed a NULL envp using 1742 execve(). 1743 Document a problem with the counting of queue runners that may 1744 cause delays if MaxQueueChildren is set too low. Problem 1745 noted by Ian Duplisse of Cable Television Laboratories, Inc. 1746 If discarding a message based on a recipient, don't try to look up 1747 the recipient in the mailbox database if F=w is set. This 1748 allows users to discard bogus recipients when dealing with 1749 spammers without tipping them off. Problem noted by Neil 1750 Rickert of Northern Illinois University. 1751 If applying a header check to a header with unstructured data, 1752 e.g., Subject:, then do not run syntax checks that are 1753 supposed for addresses on the header content. 1754 Count messages rejected/discarded via the check_data ruleset. 1755 Portability: 1756 Fix compilation on systems which do not allow simple 1757 copying of the variable argument va_list. Based on 1758 fix from Scott Walters. 1759 Fix NSD map open bug. From Michel Bourget of SGI. 1760 Add some additional IRIX shells to the default shell 1761 list. From Michel Bourget of SGI. 1762 Fix compilation issues on Mac OS X 10.2 (Darwin 6.0). 1763 NETISO support has been dropped. 1764 CONFIG: There was a seemingly minor change in 8.12.4 with respect 1765 to handling entries of IP nets/addresses with RHS REJECT. 1766 These would be rejected in check_rcpt instead of only 1767 being activated in check_relay. This change has been made to 1768 avoid potential bogus temporary rejection of relay attempts 1769 "450 4.7.1 Relaying temporarily denied. Cannot resolve PTR 1770 record for ..." if delay_checks is enabled. However, this 1771 modification causes a change of behavior if an IP net/address 1772 is listed in the access map with REJECT and a host/domain 1773 name is listed with OK or RELAY, hence it has been reversed 1774 such that the behavior of 8.12.3 is restored. The original 1775 change was made on request of Neil Rickert of Northern 1776 Illinois University, the side effect has been found by 1777 Stefaan Van Hoornick. 1778 CONFIG: Make sure delay_checks works even for sender addresses 1779 using the local hostname ($j) or domains in class {P}. 1780 Based on patch from Neil Rickert of Northern Illinois 1781 University. 1782 CONFIG: Fix temporary error handling for LDAP Routing lookups. 1783 Fix from Andrzej Filip. 1784 CONTRIB: New version of etrn.pl script and external man page 1785 (etrn.0) from John Beck of Sun Microsystems. 1786 LIBMILTER: Protect a free(3) operation from being called with a 1787 NULL pointer. Problem noted by Andrey J. Melnikoff. 1788 LIBMILTER: Protect against more interrupted select() calls. Based 1789 on patch from Jose Marcio Martins da Cruz of Ecole Nationale 1790 Superieure des Mines de Paris. 1791 New Files: 1792 contrib/etrn.0 1793 17948.12.5/8.12.5 2002/06/25 1795 SECURITY: The DNS map can cause a buffer overflow if the user 1796 specifies a dns map using TXT records in the configuration 1797 file and a rogue DNS server is queried. None of the 1798 sendmail supplied configuration files use this option hence 1799 they are not vulnerable. Problem noted independently by 1800 Joost Pol of PINE Internet and Anton Rang of Sun Microsystems. 1801 Unprintable characters in responses from DNS servers for the DNS 1802 map type are changed to 'X' to avoid potential problems 1803 with rogue DNS servers. 1804 Require a suboption when setting the Milter option. Problem noted 1805 by Bryan Costales. 1806 Do not silently overwrite command line settings for 1807 DirectSubmissionModifiers. Problem noted by Bryan 1808 Costales. 1809 Prevent a segmentation fault when clearing the event list by 1810 turning off alarms before checking if event list is 1811 empty. Problem noted by Allan E Johannesen of Worcester 1812 Polytechnic Institute. 1813 Close a potential race condition in transitioning a memory buffered 1814 file onto disk. From Janani Devarajan of Sun Microsystems. 1815 Portability: 1816 Include paths.h on Linux systems running glibc 2.0 or later 1817 to get the definition for _PATH_SENDMAIL, used by 1818 rmail and vacation. Problem noted by Kevin 1819 A. McGrail of Peregrine Hardware. 1820 NOTE: Linux appears to have broken flock() again. Unless 1821 the bug is fixed before sendmail 8.13 is shipped, 1822 8.13 will change the default locking method to 1823 fcntl() for Linux kernel 2.4 and later. You may 1824 want to do this in 8.12 by compiling with 1825 -DHASFLOCK=0. Be sure to update other sendmail 1826 related programs to match locking techniques. 1827 18288.12.4/8.12.4 2002/06/03 1829 SECURITY: Inherent limitations in the UNIX file locking model 1830 can leave systems open to a local denial of service 1831 attack. Be sure to read the "FILE AND MAP PERMISSIONS" 1832 section of the top level README for more information. 1833 Problem noted by lumpy. 1834 Use TempFileMode (defaults to 0600) for the permissions of PidFile 1835 instead of 0644. 1836 Change the default file permissions for new alias database files 1837 from 0644 to 0640. This can be overridden at compile time 1838 by setting the DBMMODE macro. 1839 Fix a potential core dump problem if the environment variable 1840 NAME is set. Problem noted by Beth A. Chaney of 1841 Purdue University. 1842 Expand macros before passing them to libmilter. Problem noted 1843 by Jose Marcio Martins da Cruz of Ecole Nationale 1844 Superieure des Mines de Paris. 1845 Rewind the df (message body) before truncating it when libmilter 1846 replaces the body of a message. Problem noted by Gisle Aas 1847 of Active State. 1848 Change SMTP reply code for AUTH failure from 500 to 535 and the 1849 initial zero-length response to "=" per RFC 2554. Patches 1850 from Kenneth Murchison of Oceana Matrix Ltd. 1851 Do not try to fix broken message/rfc822 MIME attachments by 1852 inserting a MIME-Version: header when MaxMimeHeaderLength 1853 is set and no 8 to 7 bit conversion is needed. Based on 1854 patch from Rehor Petr of ICZ (Czech Republic). 1855 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" if the connection 1856 is rejected anyway. Noted by Chris Loelke. 1857 Mention the submission mail queue in the mailq man page. Requested 1858 by Bill Fenner of AT&T. 1859 Set ${msg_size} macro when reading a message from the command line 1860 or the queue. 1861 Detach from shared memory before dropping privileges back to 1862 user who started sendmail. 1863 If AllowBogusHELO is set to false (default) then also complain if 1864 the argument to HELO/EHLO contains white space. Suggested 1865 by Seva Gluschenko of Cronyx Plus. 1866 Allow symbolicly linked forward files in writable directory paths 1867 if both ForwardFileInUnsafeDirPath and 1868 LinkedForwardFileInWritableDir DontBlameSendmail options 1869 are set. Problem noted by Werner Spirk of 1870 Leibniz-Rechenzentrum Munich. 1871 Portability: 1872 Operating systems that lack the ftruncate() call will not 1873 be able to use Milter's body replacement feature. 1874 This only affects Altos, Maxion, and MPE/iX. 1875 Digital UNIX 5.0 has changed flock() semantics to be 1876 non-compliant. Problem noted by Martin Mokrejs of 1877 Charles University in Prague. 1878 The sparc64 port of FreeBSD 5.0 now supports shared 1879 memory. 1880 CONFIG: FEATURE(`preserve_luser_host') needs the macro map. 1881 Problem noted by Andrzej Filip. 1882 CONFIG: Using 'local:' as a mailertable value with 1883 FEATURE(`preserve_luser_host') and LUSER_RELAY caused mail 1884 to be misaddressed. Problem noted by Andrzej Filip. 1885 CONFIG: Provide a workaround for DNS based rejection lists that 1886 fail for AAAA queries. Problem noted by Chris Boyd. 1887 CONFIG: Accept the machine's hostname as resolvable when checking 1888 the sender address. This allows locally submitted mail to 1889 be accepted if the machine isn't connected to a nameserver 1890 and doesn't have an /etc/hosts entry for itself. Problem 1891 noted by Robert Watson of the TrustedBSD Project. 1892 CONFIG: Use deferred expansion for checking the ${deliveryMode} 1893 macro in case the SMTP VERB command is used. Problem 1894 noted by Bryan Costales. 1895 CONFIG: Avoid a duplicate '@domain' virtusertable lookup if no 1896 matches are found. Fix from Andrzej Filip. 1897 CONFIG: Fix wording in default dnsbl rejection message. Suggested 1898 by Lou Katz of Metron Computerware, Ltd. 1899 CONFIG: Add mailer cyrusv2 for Cyrus V2. Contributed by 1900 Kenneth Murchison of Oceana Matrix Ltd. 1901 CONTRIB: Fix wording in default dnsblaccess rejection message to 1902 match dnsbl change. 1903 DEVTOOLS: Add new option for access mode of statistics file, 1904 confSTMODE, which specifies the permissions when initially 1905 installing the sendmail statistics file. 1906 LIBMILTER: Mark the listening socket as close-on-exec in case 1907 a user's filter starts other applications. 1908 LIBSM: Allow the MBDB initialize, lookup, and/or terminate 1909 functions in SmMbdbTypes to be set to NULL. 1910 MAKEMAP: Change the default file permissions for new databases from 1911 0644 to 0640. This can be overridden at compile time 1912 by setting the DBMMODE macro. 1913 SMRSH: Fix man page bug: replace SMRSH_CMDBIN with SMRSH_CMDDIR. 1914 Problem noted by Dave Alden of Ohio State University. 1915 VACATION: When listing the vacation database (-l), don't show 1916 bogus timestamps for excluded (-x) addresses. Problem 1917 noted by Bryan Costales. 1918 New Files: 1919 cf/mailer/cyrusv2.m4 1920 19218.12.3/8.12.3 2002/04/05 1922 NOTICE: In general queue files should not be moved if queue groups 1923 are used. In previous versions this could cause mail 1924 not to be delivered if a queue file is repeatedly moved 1925 by an external process whenever sendmail moved it back 1926 into the right place. Some precautions have been taken 1927 to avoid moving queue files if not really necessary. 1928 sendmail may use links to refer to queue files and it 1929 may store the path of data files in queue files. Hence 1930 queue files should not be moved unless those internals 1931 are understood and the integrity of the files is not 1932 compromised. Problem noted by Anne Bennett of Concordia 1933 University. 1934 If an error mail is created, and the mail is split across different 1935 queue directories, and SuperSafe is off, then write the mail 1936 to disk before splitting it, otherwise an assertion is 1937 triggered. Problem tracked down by Henning Schmiedehausen 1938 of INTERMETA. 1939 Fix possible race condition that could cause sendmail to forget 1940 running queues. Problem noted by Jeff Wasilko of smoe.org. 1941 Handle bogus qf files better without triggering assertions. 1942 Problem noted by Guy Feltin. 1943 Protect against interrupted select() call when enforcing Milter 1944 read and write timeouts. Patch from Gurusamy Sarathy of 1945 ActiveState. 1946 Matching queue IDs with -qI should be case sensitive. Problem 1947 noted by Anne Bennett of Concordia University. 1948 If privileges have been dropped, don't try to change group ID to 1949 the RunAsUser group. Problem noted by Neil Rickert of 1950 Northern Illinois University. 1951 Fix SafeFileEnvironment path munging when the specified path 1952 contains a trailing slash. Based on patch from Dirk Meyer 1953 of Dinoex. 1954 Do not limit sendmail command line length to SM_ARG_MAX (usually 1955 4096). Problem noted by Allan E Johannesen of Worcester 1956 Polytechnic Institute. 1957 Clear full name of sender for each new envelope to avoid bogus data 1958 if several mails are sent in one session and some of them 1959 do not have a From: header. Problem noted by Bas Haakman. 1960 Change timeout check such that cached information about a connection 1961 will be immediately invalid if ConnectionCacheTimeout is zero. 1962 Based on patch from David Burns of Portland State University. 1963 Properly count message size for mailstats during mail collection. 1964 Problem noted by Werner Wiethege. 1965 Log complete response from LMTP delivery agent on failure. Based on 1966 patch from Motonori Nakamura of Kyoto University. 1967 Provide workaround for getopt() implementations that do not catch 1968 missing arguments. 1969 Fix the message size calculation if the message body is replaced by 1970 a milter filter and buffered file I/O is being used. 1971 Problem noted by Sergey Akhapkin of Dr.Web. 1972 Do not honor SIGUSR1 requests if running with extra privileges. 1973 Problem noted by Werner Wiethege. 1974 Prevent a file descriptor leak on mail delivery if the initial 1975 connect fails and DialDelay is set. Patch from Servaas 1976 Vandenberghe of Katholieke Universiteit Leuven. 1977 Properly deal with a case where sendmail is called by root running 1978 a set-user-ID (non-root) program. Problem noted by Jon 1979 Lusky of ISS Atlanta. 1980 Avoid leaving behind stray transcript (xf) files if multiple queue 1981 directories are used and mail is sent to a mailing list 1982 which has an owner- alias. Problem noted by Anne Bennett 1983 of Concordia University. 1984 Fix class map parsing code if optional key is specified. Problem 1985 found by Mario Nigrovic. 1986 The SMTP daemon no longer tries to fix up improperly dot-stuffed 1987 incoming messages. A leading dot is always stripped by the 1988 SMTP receiver regardless of whether or not it is followed by 1989 another dot. Problem noted by Jordan Ritter of darkridge.com. 1990 Fix corruption when doing automatic MIME 7-bit quoted-printable or 1991 base64 encoding to 8-bit text. Problem noted by Mark 1992 Elvers. 1993 Correct the statistics gathered for total number of connections. 1994 Instead of being the exact same number as the total number 1995 of messages (T line in mailstats) it now represents the 1996 total number of TCP connections. 1997 Be more explicit about syntax errors in addresses, especially 1998 non-ASCII characters, and properly create DSNs if necessary. 1999 Problem noted by Leena Heino of the University of Tampere. 2000 Prevent small timeouts from being lost on slow machines if itimers 2001 are used. Problem noted by Suresh Ramasubramanian. 2002 Prevent a race condition on child cleanup for delivery to files. 2003 Problem noted by Fletcher Mattox of the University of 2004 Texas. 2005 Change the SMTP error code for temporary map failures from 421 2006 to 451. 2007 Do not assume that realloc(NULL, size) works on all OS (this was 2008 only done in one place: queue group creation). Based on 2009 patch by Bryan Costales. 2010 Initialize Timeout.iconnect in the code to prevent randomly short 2011 timeouts. Problem noted by Bradley Watts of AT&T Canada. 2012 Do not try to send a second SMTP QUIT command if the remote 2013 responds to a MAIL command with a 421 reply or on I/O 2014 errors. By doing so, the host was marked as having a 2015 temporary problem and other mail destined for that host was 2016 queued for the next queue run. Problem noted by Fletcher 2017 Mattox of the University of Texas, Allan E Johannesen of 2018 Worcester Polytechnic Institute, Larry Greenfield of CMU, 2019 and Neil Rickert of Northern Illinois University. 2020 Ignore error replies from the SMTP QUIT command (including servers 2021 which drop the connection instead of responding to the 2022 command). 2023 Portability: 2024 Check LDAP_API_VERSION to determine if ldap_memfree() is 2025 available. 2026 Define HPUX10 when building on HP-UX 10.X. That platform 2027 now gets the proper _PATH_SENDMAIL and SMRSH_CMDDIR 2028 settings. Patch from Elias Halldor Agustsson of 2029 Skyrr. 2030 Fix dependency building on Mac OS X and Darwin. Problem 2031 noted by John Beck. 2032 Preliminary support for the sparc64 port of FreeBSD 5.0. 2033 Add /sbin/sh as an acceptable user shell on HP-UX. From 2034 Rajesh Somasund of Hewlett-Packard. 2035 CONFIG: Add FEATURE(`authinfo') to allow a separate database for 2036 SMTP AUTH information. This feature was actually added in 2037 8.12.0 but a release note was not included. 2038 CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce 2039 parameter is set and the LDAP lookup returns a temporary 2040 error. 2041 CONFIG: Honor FEATURE(`relay_hosts_only') when using 2042 FEATURE(`relay_mail_from', `domain'). Problem noted by 2043 Krzysztof Oledzki. 2044 CONFIG: FEATURE(`msp') now disables any type of alias 2045 initialization as aliases are not needed for the MSP. 2046 CONFIG: Allow users to override RELAY_MAILER_ARGS when FEATURE(`msp') 2047 is in use. Patch from Andrzej Filip. 2048 CONFIG: FEATURE(`msp') uses `[localhost]' as default instead of 2049 `localhost' and turns on MX lookups for the SMTP mailers. 2050 This will only have an effect if a parameter is specified, 2051 i.e., an MX lookup will be performed on the hostname unless 2052 it is embedded in square brackets. Problem noted by 2053 Theo Van Dinter of Collective Technologies. 2054 CONFIG: Set confTIME_ZONE to USE_TZ in submit.mc (TimeZoneSpec= in 2055 submit.cf) to use $TZ for time stamps. This is a compromise 2056 to allow for the proper time zone on systems where the 2057 default results in misleading time stamps. That is, syslog 2058 time stamps and Date headers on submitted mail will use the 2059 user's $TZ setting. Problem noted by Mark Roth of the 2060 University of Illinois at Urbana-Champaign, solution proposed 2061 by Neil Rickert of Northern Illinois University. 2062 CONFIG: Mac OS X (Darwin) ships with mail.local as non-set-user-ID 2063 binary. Adjust local mailer flags accordingly. Problem 2064 noted by John Beck. 2065 CONTRIB: Add a warning to qtool.pl to not move queue files around 2066 if queue groups are used. 2067 CONTRIB: buildvirtuser: Add -f option to force rebuild. 2068 CONTRIB: smcontrol.pl: Add -f option to specify control socket. 2069 CONTRIB: smcontrol.pl: Add support for 'memdump' command. 2070 Suggested by Bryan Costales. 2071 DEVTOOLS: Add dependency generation for test programs. 2072 LIBMILTER: Remove conversion of port number for the socket 2073 structure that is passed to xxfi_connect(). Notice: 2074 this fix requires that sendmail and libmilter both have 2075 this change; mixing versions may lead to wrong port 2076 values depending on the endianness of the involved systems. 2077 Problem noted by Gisle Aas of ActiveState. 2078 LIBMILTER: If smfi_setreply() sets a custom reply code of '4XX' but 2079 SMFI_REJECT is returned, ignore the custom reply. Do the 2080 same if '5XX' is used and SMFI_TEMPFAIL is returned. 2081 LIBMILTER: Install include files in ${INCLUDEDIR}/libmilter/ as 2082 required by mfapi.h. Problem noted by Jose Marcio Martins 2083 da Cruz of Ecole Nationale Superieure des Mines de Paris. 2084 LIBSM: Add SM_CONF_LDAP_MEMFREE as a configuration define. Set 2085 this to 1 if your LDAP client libraries include 2086 ldap_memfree(). 2087 LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X 2088 and NDBM on systems with the O_EXLOCK open(2) flag. 2089 SMRSH: Fix compilation problem on some operating systems. Problem 2090 noted by Christian Krackowizer of schuler technodat GmbH. 2091 VACATION: Allow root to operate on user vacation databases. Based 2092 on patch from Greg Couch of the University of California, 2093 San Francisco. 2094 VACATION: Don't ignore -C option. Based on patch by Bryan Costales. 2095 VACATION: Clarify option usage in the man page. Problem noted by 2096 Joe Barbish. 2097 New Files: 2098 libmilter/docs/smfi_setbacklog.html 2099 21008.12.2/8.12.2 2002/01/13 2101 Don't complain too much if stdin, stdout, or stderr are missing 2102 at startup, only log an error message. 2103 Fix potential problem if an unknown operation mode (character 2104 following -b) has been specified. 2105 Prevent purgestat from looping even if someone changes the 2106 permissions or owner of hoststatus files. Problem noted 2107 by Kari Hurtta of the Finnish Meteorological Institute. 2108 Properly record dropped connections in persistent host status. 2109 Problem noted by Ulrich Windl of the Universitat 2110 Regensburg. 2111 Remove newlines from recipients read via sendmail -t to prevent 2112 SMTP protocol errors when sending the RCPT command. 2113 Problem noted by William D. Colburn of the New Mexico 2114 Institute of Mining and Technology. 2115 Only log milter body replacements once instead of for each body 2116 chunk sent by a filter. Problem noted by Kari Hurtta of 2117 the Finnish Meteorological Institute. 2118 In 8.12.0 and 8.12.1, the headers were mistakenly not included in 2119 the message size calculation. Problem noted by Kari Hurtta 2120 of the Finnish Meteorological Institute. 2121 Since 8.12 no longer forks at the SMTP MAIL command, the daemon 2122 needs to collect children status to avoid zombie processes. 2123 Problem noted by Chris Adams of HiWAAY Informations Services. 2124 Shut down "nullserver" and ETRN-only connections after 25 bad 2125 commands are issued. This makes it consistent with normal 2126 SMTP connections. 2127 Avoid duplicate logging of milter rejections. Problem noted by 2128 William D. Colburn of the New Mexico Institute of Mining 2129 and Technology. 2130 Error and delay DSNs were being sent to postmaster instead of the 2131 message sender if the sender had used a deprecated RFC822 2132 source route. Problem noted by Kari Hurtta of the Finnish 2133 Meteorological Institute. 2134 Fix FallbackMXhost behavior for temporary errors during address 2135 parsing. Problem noted by Jorg Bielak from Coastal Web 2136 Online. 2137 For systems on which stat(2) does not return a value for st_blksize 2138 that is the "optimal blocksize for I/O" three new compile 2139 time flags are available: SM_IO_MAX_BUF_FILE, SM_IO_MIN_BUF, 2140 and SM_IO_MAX_BUF, which define an upper limit for 2141 regular files, and a lower and upper limit for other file 2142 types, respectively. 2143 Fix a potential deadlock if two events are supposed to occur at 2144 exactly the same time. Problem noted by Valdis Kletnieks 2145 of Virginia Tech. 2146 Perform envelope splitting for aliases listed directly in the 2147 alias file, not just for include/.forward files. 2148 Problem noted by John Beck of Sun Microsystems. 2149 Allow selection of queue group for mailq using -qGgroup. 2150 Based on patch by John Beck of Sun Microsystems. 2151 Make sure cached LDAP connections used my multiple maps in the same 2152 process are closed. Patch from Taso N. Devetzis. 2153 If running as root, allow reading of class files in protected 2154 directories. Patch from Alexander Talos of the University 2155 of Vienna. 2156 Correct a few LDAP related memory leaks. Patch from David Powell 2157 of Sun Microsystems. 2158 Allow specification of an empty realm via the authinfo ruleset. 2159 This is necessary to interoperate as an SMTP AUTH client 2160 with servers that do not support realms when using 2161 CRAM-MD5. Problem noted by Bjoern Voigt of TU Berlin. 2162 Avoid a potential information leak if AUTH PLAIN is used and the 2163 server gets stuck while processing that command. Problem 2164 noted by Chris Adams from HiWAAY Informations Services. 2165 In addition to printing errors when parsing recipients during 2166 command line invocations log them to make it simpler 2167 to understand possible DSNs to postmaster. 2168 Do not use FallbackMXhost on mailers which have the F=0 flag set. 2169 Allow local mailers (F=l) to specify a host for TCP connections 2170 instead of forcing localhost. 2171 Obey ${DESTDIR} for installation of the client mail queue and 2172 submit.cf. Patch from Peter 'Luna' Runestig. 2173 Re-enable support for -M option which was broken in 8.12.1. Problem 2174 noted by Neil Rickert of Northern Illinois University. 2175 If a remote server violates the SMTP standard by unexpectedly 2176 dropping the connection during an SMTP transaction, stop 2177 sending commands. This prevents bogus "Bad file number" 2178 recipient status. Problem noted by Allan E Johannesen of 2179 Worcester Polytechnic Institute. 2180 Do not use a size estimate of 100 for postmaster bounces, it's 2181 almost always too small; do not guess the size at all. 2182 New VENDOR_DEC for Compaq/DEC. Requested by James Seagraves of 2183 Compaq Computer Corp. 2184 Fix DaemonPortOptions IPv6 address parsing such that ::1 works 2185 properly. Problem noted by Valdis Kletnieks of Virginia 2186 Tech. 2187 Portability: 2188 Fix IPv6 network interface probing on HP-UX 11.X. Based on 2189 patch provided by HP. 2190 Mac OS X (aka Darwin) has a broken setreuid() call, but a 2191 working seteuid() call. From Daniel J. Luke. 2192 Use proper type for a 32-bit integer on SINIX. From Ganu 2193 Sachin of Siemens. 2194 Set SM_IO_MIN_BUF (4K) and SM_IO_MAX_BUF (8K) for HP-UX. 2195 Reduce optimization from +O3 to +O2 on HP-UX 11. This 2196 fixes a problem that caused additional bogus 2197 characters to be written to the qf file. Problem 2198 noted by Tapani Tarvainen. 2199 Set LDA_USE_LOCKF by default for UnixWare. Problem noted 2200 by Boyd Lynn Gerber. 2201 Add support for HP MPE/iX. See sendmail/README for port 2202 information. From Mark Bixby of Hewlett-Packard. 2203 New portability defines HASNICE, HASRRESVPORT, USE_ENVIRON, 2204 USE_DOUBLE_FORK, and NEEDLINK. See sendmail/README 2205 for more information. From Mark Bixby of 2206 Hewlett-Packard. 2207 If an OS doesn't have a method of finding free disk space 2208 (SFS_NONE), lie and say there is plenty of space. 2209 From Mark Bixby of Hewlett-Packard. 2210 Add support for AIX 5.1. From Valdis Kletnieks of 2211 Virginia Tech. 2212 Fix man page location for NeXTSTEP. From Hisanori Gogota 2213 of the NTT/InterCommunication Center. 2214 Do not assume that strerror() always returns a string. 2215 Problem noted by John Beck of Sun Microsystems. 2216 CONFIG: Add OSTYPE(freebsd5) for FreeBSD 5.X, which has removed 2217 UUCP from the base operating system. From Mark Murray of 2218 FreeBSD Services, Ltd. 2219 CONFIG: Add OSTYPE(mpeix) and a generic .mc file for HP MPE/iX 2220 systems. From Mark Bixby of Hewlett-Packard. 2221 CONFIG: Add support for selecting a queue group for all mailers. 2222 Based on proposal by Stephen L. Ulmer of the University of 2223 Florida. 2224 CONFIG: Fix error reporting for compat_check.m4. Problem noted by 2225 Altin Waldmann. 2226 CONFIG: Do not override user selections for confRUN_AS_USER and 2227 confTRUSTED_USER in FEATURE(msp). From Mark Bixby of 2228 Hewlett-Packard. 2229 LIBMILTER: Fix bug that prevented the removal of a socket after 2230 libmilter terminated. Problem reported by Andrey V. Pevnev 2231 of MSFU. 2232 LIBMILTER: Fix configuration error that required libsm for linking. 2233 Problem noted by Kari Hurtta of the Finnish Meteorological 2234 Institute. 2235 LIBMILTER: Portability fix for OpenUNIX. Patch from Larry Rosenman. 2236 LIBMILTER: Fix a theoretical memory leak and a possible attempt 2237 to free memory twice. 2238 LIBSM: Fix a potential segmentation violation in the I/O library. 2239 Problem found and analyzed by John Beck and Tim Haley 2240 of Sun Microsystems. 2241 LIBSM: Do not clear the LDAP configuration information when 2242 terminating the mailbox database connection in the LDAP 2243 example code. Problem noted by Nikos Voutsinas of the 2244 University of Athens. 2245 New Files: 2246 cf/cf/generic-mpeix.cf 2247 cf/cf/generic-mpeix.mc 2248 cf/ostype/freebsd5.m4 2249 cf/ostype/mpeix.m4 2250 devtools/OS/AIX.5.1 2251 devtools/OS/MPE-iX 2252 include/sm/os/sm_os_mpeix.h 2253 libsm/mpeix.c 2254 22558.12.1/8.12.1 2001/10/01 2256 SECURITY: Check whether dropping group privileges actually succeeded 2257 to avoid possible compromises of the mail system by 2258 supplying bogus data. Add configuration options for 2259 different set*gid() calls to reset saved gid. Problem 2260 found by Michal Zalewski. 2261 PRIVACY: Prevent information leakage when sendmail has extra 2262 privileges by disabling debugging (command line -d flag) 2263 during queue runs and disabling ETRN when sendmail -bs is 2264 used. Suggested by Michal Zalewski. 2265 Avoid memory corruption problems resulting from bogus .cf files. 2266 Problem found by Michal Zalewski. 2267 Set the ${server_addr} macro to name of mailer when doing LMTP 2268 delivery. LMTP systems may offer SMTP Authentication or 2269 STARTTLS causing sendmail to use this macro in rulesets. 2270 If debugging is turned on (-d0.10) print not just the default 2271 values for configuration file and pid file but also the 2272 selected values. Problem noted by Brad Chapman. 2273 Continue dealing with broken nameservers by ignoring SERVFAIL 2274 errors returned on T_AAAA (IPv6) lookups at delivery time 2275 if ResolverOptions=WorkAroundBrokenAAAA is set. Previously 2276 this only applied to hostname canonification. Problem 2277 noted by Bill Fenner of AT&T Research. 2278 Ignore comments in NIS host records when trying to find the 2279 canonical name for a host. 2280 When sendmail has extra privileges, limit mail submission command 2281 line flags (i.e., -G, -h, -F, etc.) to mail submission 2282 operating modes (i.e., -bm, -bs, -bv, etc.). Idea based on 2283 suggestion from Michal Zalewski. 2284 Portability: 2285 AIX: Use `oslevel` if available to determine OS version. 2286 `uname` does not given complete information. 2287 Problem noted by Keith Neufeld of the Cessna 2288 Aircraft Company. 2289 OpenUNIX: Use lockf() for LDA delivery (affects mail.local). 2290 Problem noticed by Boyd Lynn Gerber of ZENEX. 2291 Avoid compiler warnings by not using pointers to pass 2292 integers. Problem noted by Todd C. Miller of 2293 Courtesan Consulting. 2294 CONFIG: Add restrictqrun to PrivacyOptions for the MSP to minimize 2295 problems with potential misconfigurations. 2296 CONFIG: Fix comment showing default value of MaxHopCount. Problem 2297 noted by Greg Robinson of the Defence Science and 2298 Technology Organisation of Australia. 2299 CONFIG: dnsbl: If an argument specifies an error message in case 2300 of temporary lookup failures for DNS based blacklists 2301 then use it. 2302 LIBMILTER: Install mfdef.h, required by mfapi.h. Problem noted by 2303 Richard A. Nelson of Debian. 2304 LIBMILTER: Add __P definition for OS that lack it. Problem noted 2305 by Chris Adams from HiWAAY Informations Services. 2306 LIBSMDB: Fix a lock race condition that affects makemap, praliases, 2307 and vacation. 2308 MAKEMAP: Avoid going beyond the end of an input line if it does 2309 not contain a value for a key. Based on patch from 2310 Mark Bixby from Hewlett-Packard. 2311 New Files: 2312 test/Build 2313 test/Makefile 2314 test/Makefile.m4 2315 test/README 2316 test/t_dropgid.c 2317 test/t_setgid.c 2318 Deleted Files: 2319 include/sm/stdio.h 2320 include/sm/sysstat.h 2321 23228.12.0/8.12.0 2001/09/08 2323 *NOTICE*: The default installation of sendmail does not use 2324 set-user-ID root anymore. You need to create a new user and 2325 a new group before installing sendmail (both called smmsp by 2326 default). The installation process tries to install 2327 /etc/mail/submit.cf and creates /var/spool/clientmqueue by 2328 default. Please see sendmail/SECURITY for details. 2329 SECURITY: Check for group and world writable forward and :include: 2330 files. These checks can be turned off if absolutely 2331 necessary using the DontBlameSendmail option and the new 2332 flags: 2333 GroupWritableForwardFile 2334 WorldWritableForwardFile 2335 GroupWritableIncludeFile 2336 WorldWritableIncludeFile 2337 Problem noted by Slawek Zak of Politechnika Warszawska, 2338 SECURITY: Drop privileges when using address test mode. Suggested 2339 by Michal Zalewski of the "Internet for Schools" project 2340 (IdS). 2341 Fixed problem of a global variable being used for a timeout jump 2342 point where the variable could become overused for more than 2343 one timeout concurrently. This erroneous behavior resulted in 2344 a corrupted stack causing a core dump. The timeout is now 2345 handled via libsm. Problem noted by Michael Shapiro, 2346 John Beck, and Carl Smith of Sun Microsystems. 2347 If sendmail is set-group-ID then that group ID is used for permission 2348 checks (group ID of RunAsUser). This allows use of a 2349 set-group-ID sendmail binary for initial message submission 2350 and no set-user-ID root sendmail is needed. For details 2351 see sendmail/SECURITY. 2352 Log a warning if a non-trusted user changes the syslog label. 2353 Based on notice from Bryan Costales of SL3D, Inc. 2354 If sendmail is called for initial delivery, try to use submit.cf 2355 with a fallback of sendmail.cf as configuration file. See 2356 sendmail/SECURITY. 2357 New configuration file option UseMSP to allow group writable queue 2358 files if the group is the same as that of a set-group-ID 2359 sendmail binary. See sendmail/SECURITY. 2360 The .cf file is chosen based on the operation mode. For -bm (default), 2361 -bs, and -t it is submit.cf if it exists for all others it 2362 is sendmail.cf (to be backward compatible). This selection 2363 can be changed by the new option -Ac or -Am (alternative .cf 2364 file: client or mta). See sendmail/SECURITY. 2365 The SMTP server no longer forks on each MAIL command. The ONEX 2366 command has been removed. 2367 Implement SMTP PIPELINING per RFC 2920. It can be turned off 2368 at compile time or per host (ruleset). 2369 New option MailboxDatabase specifies the type of mailbox database 2370 used to look up local mail recipients; the default value 2371 is "pw", which means to use getpwnam(). New mailbox database 2372 types can be added by adding custom code to libsm/mbdb.c. 2373 Queue file names are now 15 characters long, rather than 14 characters 2374 long, to accomodate envelope splitting. File systems with 2375 a 14 character file name length limit are no longer 2376 supported. 2377 Recipient list used for delivery now gets internally ordered by 2378 hostsignature (character string version of MX RR). This orders 2379 recipients for the same MX RR's together meaning smaller 2380 portions of the list need to be scanned (instead of the whole 2381 list) each delivery() pass to determine piggybacking. The 2382 significance of the change is better the larger the recipient 2383 list. Hostsignature is now created during recipient list 2384 creation rather than just before delivery. 2385 Enhancements for more opportunistic piggybacking. Previous 2386 piggybacking (called coincidental) extended to coattail 2387 piggybacking. Rather than complete MX RR matching 2388 (coincidental) piggybacking is done if just the lowest value 2389 preference matches (coattail). 2390 If sendmail receives a temporary error on a RCPT TO: command, it will 2391 try other MX hosts if available. 2392 DefaultAuthInfo can contain a list of mechanisms to be used for 2393 outgoing (client-side) SMTP Authentication. 2394 New modifier 'A' for DaemonPortOptions/ClientPortOptions to disable 2395 AUTH (overrides 'a' modifier in DaemonPortOptions). Based 2396 on patch from Lyndon Nerenberg of Messaging Direct. 2397 Enable AUTH mechanism EXTERNAL if STARTTLS is used. 2398 A new ruleset authinfo can be used to return client side 2399 authentication information for AUTH instead of DefaultAuthInfo. 2400 Therefore the DefaultAuthInfo option is deprecated and will be 2401 removed in future versions. 2402 Accept any SMTP continuation code 3xy for AUTH even though RFC 2554 2403 requires 334. Mercury 1.48 is a known offender. 2404 Add new option AuthMaxBits to limit the overall encryption strength 2405 for the security layer in SMTP AUTH (SASL). See 2406 doc/op/op.me for details. 2407 Introduce new STARTTLS related macros {cn_issuer}, {cn_subject}, 2408 {cert_md5} which hold the CN (common name) of the CA that 2409 signed the presented certificate, the CN and the MD5 hash 2410 of the presented certificate, respectively. 2411 New ruleset try_tls to decide whether to try (as client) STARTTLS. 2412 New ruleset srv_features to enable/disable certain features in the 2413 server per connection. See doc/op/op.me for details. 2414 New ruleset tls_rcpt to decide whether to send e-mail to a particular 2415 recipient; useful to decide whether a conection is secure 2416 enough on a per recipient basis. 2417 New option TLSSrvOptions to modify some aspects of the server 2418 for STARTTLS. 2419 If no certificate has been requested, the macro {verify} has the 2420 value "NOT". 2421 New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off 2422 using/offering STARTTLS when delivering/receiving e-mail. 2423 Macro expand filenames/directories for certs and keys in the .cf file. 2424 Proposed by Neil Rickert of Northern Illinois University. 2425 Generate an ephemeral RSA key for a STARTTLS connection only if 2426 really required. This change results in a noticable 2427 performance gains on most machines. Moreover, if shared 2428 memory is in use, reuse the key several times. 2429 Add queue groups which can be used to group queue directories with 2430 the same behavior together. See doc/op/op.me for details. 2431 If the new option FastSplit (defaults to one) has a value greater 2432 than zero, it suppresses the MX lookups on addresses when they 2433 are initially sorted which may result in faster envelope 2434 splitting. If the mail is submitted directly from the 2435 command line, then the value also limits the number of 2436 processes to deliver the envelopes; if more envelopes are 2437 created they are only queued up and must be taken care of 2438 by a queue run. 2439 The check for 'enough disk space' now pays attention to which file 2440 system each queue directory resides in. 2441 All queue runners can be cleanly terminated via SIGTERM to parent. 2442 New option QueueFileMode for the default permissions of queue files. 2443 Add parallel queue runner code. Allows multiple queue runners per work 2444 group (one or more queues in a multi-queue environment 2445 collected together) to process the same work list at the 2446 same time. 2447 Option MaxQueueChildren added to limit the number of concurrently 2448 active queue runner processes. 2449 New option MaxRunnersPerQueue to specify the maximum number of queue 2450 runners per queue group. 2451 Queue member selection by substring pattern matching now allows 2452 the pattern to be negated. For -qI, -qR and -qS it is 2453 permissible for -q!I, -q!R and -q!S to mean remove members 2454 of the queue that match during processing. 2455 New -qp[time] option is similar to -qtime, except that instead of 2456 periodically forking a child to process the queue, a single 2457 child is forked for each queue that sleeps between queue 2458 runs. A SIGHUP signal can be sent to restart this 2459 persistent queue runner. 2460 The SIGHUP signal now restarts a timed queue run process (i.e., a 2461 sendmail process which only runs the queue at an interval: 2462 sendmail -q15m). 2463 New option NiceQueueRun to set the priority of queue runners. 2464 Proposed by Thom O'Connor. 2465 sendmail will run the queue(s) in the background when invoked with -q 2466 unless the new -qf option or -v is used. 2467 QueueSortOrder=Random sorts the queue randomly, which is useful if 2468 several queue runners are started by hand to avoid contention. 2469 QueueSortOrder=Modification sorts the queue by the modification time 2470 of the qf file (older entries first). 2471 Support Deliver By SMTP Service Extension (RFC 2852) which allows 2472 a client to specify an amount of time within which an e-mail 2473 should be delivered. New option DeliverByMin added to set the 2474 minimum amount of time or disable the extension. 2475 Non-printable characters (ASCII: 0-31, 127) in mailbox addresses are 2476 not allowed unless escaped or quoted. 2477 Add support for a generic DNS map. Based on a patch contributed 2478 by Leif Johansson of Stockholm University, which was based on 2479 work by Assar Westerlund of Swedish Institute of Computer 2480 Science, Kista, and Johan Danielsson of Royal Institute of 2481 Technology, Stockholm, Sweden. 2482 MX records will be looked up for FallBackMXhost. To use the old 2483 behavior (no MX lookups), put the name in square brackets. 2484 Proposed by Thom O'Connor. 2485 Use shared memory to store free space of filesystems that are used 2486 for queues, if shared memory is available and if a key is set 2487 via SharedMemoryKey. This minimizes the number of system 2488 calls to check the available space. See doc/op/op.me for 2489 details. 2490 If shared memory is compiled in the option -bP can be used to print 2491 the number of entries in the queue(s). 2492 Enable generic mail filter API (milter). See libmilter/README 2493 and the usual documentation for details. 2494 Remove AutoRebuildAliases option, deprecated since 8.10. 2495 Remove '-U' (initial user submission) command line option as 2496 announced in 8.10. 2497 Remove support for non-standard SMTP command XUSR. Use an MSA instead. 2498 New macro {addr_type} which contains whether the current address is 2499 an envelope sender or recipient address. Suggested by 2500 Neil Rickert of Northern Illinois University. 2501 Two new options for host maps: -d (retransmission timeout), 2502 -r (number of retries). 2503 New option for LDAP maps: the -V<sep> allows you to specify a 2504 separator such that a lookup can return both an attribute 2505 and value separated by the given separator. 2506 Add new operators '%', '|', '&' (modulo, binary or, binary and) 2507 to map class arith. 2508 If DoubleBounceAddress expands to an empty string, ``double bounces'' 2509 (errors that occur when sending an error message) are dropped. 2510 New DontBlameSendmail options GroupReadableSASLDBFile and 2511 GroupWritableSASLDBFile to relax requirements for sasldb files. 2512 New DontBlameSendmail options GroupReadableKeyFile to relax 2513 requirements for files containing secret keys. This is 2514 necessary for the MSP if client authentification is used. 2515 Properly handle quoted filenames for class files (to allow for 2516 filenames with spaces). 2517 Honor the resolver option RES_NOALIASES when canonifying hostnames. 2518 Add macros to avoid the reuse of {if_addr} etc: 2519 {if_name_out} hostname of interface of outgoing connection. 2520 {if_addr_out} address of interface of outgoing connection. 2521 {if_family_out} family of interface of outgoing connection. 2522 The latter two are only set if the interface does not belong 2523 to the loopback net. 2524 Add macro {nrcpts} which holds the number of (validated) recipients. 2525 DialDelay option applies only to mailers with flag 'Z'. Patch from 2526 Juergen Georgi of RUS University of Stuttgart. 2527 New Timeout.lhlo,auth,starttls options to limit the time waiting for 2528 an answer to the LMTP LHLO, SMTP AUTH or STARTTLS command. 2529 New Timeout.aconnect option to limit the overall waiting time for 2530 all connections for a single delivery attempt to succeed. 2531 Limit the rate recipients in the SMTP envelope are accepted once 2532 a threshold number of recipients has been rejected (option 2533 BadRcptThrottle). From Gregory A Lundberg of the WU-FTPD 2534 Development Group. 2535 New option DelayLA to delay connections if the load averages 2536 exceeds the specified value. The default of 0 does not 2537 change the previous behavior. A value greater than 0 2538 will cause sendmail to sleep for one second on most 2539 SMTP commands and before accepting connections if that 2540 load average is exceeded. 2541 Use a dynamic (instead of fixed-size) buffer for the list of 2542 recipients that are sent during a connection to a mailer. 2543 This also introduces a new mailer field 'r' which defines 2544 the maximum number of recipients (defaults to 100). 2545 Based on patch by Motonori Nakamura of Kyoto University. 2546 Add new F=1 mailer flag to disable sending of null characters ('\0'). 2547 Add new F=2 mailer flag to disable use of ESMTP, using SMTP instead. 2548 The deprecated [TCP] builtin mailer pathname (P=) is gone. Use [IPC] 2549 instead. 2550 IPC is no longer available as first mailer argument (A=) for [IPC] 2551 builtin mailer pathnames. Use TCP instead. 2552 PH map code updated to use the new libphclient API instead of the 2553 old libqiapi library. Contributed by Mark Roth of the 2554 University of Illinois at Urbana-Champaign. 2555 New option DirectSubmissionModifiers to define {daemon_flags} 2556 for direct (command line) submissions. 2557 New M=O modifier for DaemonPortOptions to ignore the socket in 2558 case of failures. Based on patch by Jun-ichiro itojun 2559 Hagino of the KAME Project. 2560 Add Disposition-Notification-To: (RFC 2298) to the list of headers 2561 whose content is rewritten similar to Reply-To:. 2562 Proposed by Andrzej Filip. 2563 Use STARTTLS/AUTH=server/client for logging incoming/outgoing 2564 STARTTLS/AUTH connections; log incoming connections at level 2565 9 or higher. Use AUTH/STARTTLS instead of SASL/TLS for SMTP 2566 AUTH/STARTTLS related logfile entries. 2567 Convert unprintable characters (and backslash) into octal or C format 2568 before logging. 2569 Log recipients if no message is transferred but QUIT/RSET is given 2570 (at LogLevel 9/10 or higher). 2571 Log discarded recipients at LogLevel 10 or higher. 2572 Do not log "did not issue MAIL/EXPN/VRFY/ETRN" for connections 2573 in which most commands are rejected due to check_relay or 2574 TCP Wrappers if the host tries one of those commands anyway. 2575 Change logging format for cloned envelopes to be similar to that for 2576 DSNs ("old id: new id: clone"). Suggested by Ulrich Windl 2577 of the Universitat Regensburg. 2578 Added libsm, a C library of general purpose abstractions including 2579 assertions, tracing and debugging with named debug categories, 2580 exception handling, malloc debugging, resource pools, 2581 portability abstractions, and an extensible buffered I/O 2582 package. It will at some point replace libsmutil. 2583 See libsm/index.html for details. 2584 Fixed most memory leaks in sendmail which were previously taken 2585 care of by fork() and exit(). 2586 Use new sm_io*() functions in place of stdio calls. Allows for 2587 more consistent portablity amongst different platforms 2588 new and old (from new libsm). 2589 Common I/O pkg means just one buffering method needed instead of two 2590 ('bf_portable' and 'bf_torek' now just 'bf'). 2591 Sfio no longer needed as SASL/TLS code uses sm_io*() API's. 2592 New possible value 'interactive' for SuperSafe which can be used 2593 together with DeliveryMode=interactive is to avoid some disk 2594 synchronizations calls. 2595 Add per-recipient status information to mailq -v output. 2596 T_ANY queries are no longer used by sendmail. 2597 When compiling with "gcc -O -Wall" specify "-DSM_OMIT_BOGUS_WARNINGS" 2598 too (see include/sm/cdefs.h for more info). 2599 sendmail -d now has general support for named debug categories. 2600 See libsm/debug.html and section 3.4 of doc/op/op.me 2601 for details. 2602 Eliminate the "postmaster warning" DSNs on address parsing errors 2603 such as unbalanced angle brackets or parentheses. The DSNs 2604 generated by this condition were illegal (not RFC conform). 2605 Problem noted by Ulrich Windl of the Universitaet Regensburg. 2606 Do not issue a DSN if the ruleset localaddr resolves to the $#error 2607 mailer and the recipient has hence been rejected during the 2608 SMTP dialogue. Problem reported by Larry Greenfield of CMU. 2609 Deal with a case of multiple deliveries on misconfigured systems 2610 that do not have postmaster defined. If an email was sent 2611 from an address to which a DSN cannot be returned and 2612 in which at least one recipient address is non-deliverable, 2613 then that email had been delivered in each queue run. 2614 Problem reported by Matteo HCE Valsasna of Universita 2615 degli Studi dell'Insubria. 2616 The compilation options SMTP, DAEMON, and QUEUE have been removed, 2617 i.e., the corresponding code is always compiled in now. 2618 Log the command line in daemon/queue-run mode at LogLevel 10 and 2619 higher. Suggested by Robert Harker of Harker Systems. 2620 New ResolverOptions setting: WorkAroundBrokenAAAA. When 2621 attempting to canonify a hostname, some broken nameservers 2622 will return SERVFAIL (a temporary failure) on T_AAAA (IPv6) 2623 lookups. If you want to excuse this behavior, use this new 2624 flag. Suggested by Chris Foote of SE Network Access and 2625 Mark Roth of the University of Illinois at 2626 Urbana-Champaign. 2627 Free the memory allocated by getipnodeby{addr,name}(). Problem 2628 noted by Joy Latten of IBM. 2629 ConnectionRateThrottle limits the number of connections per second 2630 to each daemon individually, not the overall number of 2631 connections. 2632 Specifying only "ldap:" as an AliasFile specification will force 2633 sendmail to use a default alias schema as outlined in the 2634 ``USING LDAP FOR ALIASES, MAPS, and CLASSES'' section of 2635 cf/README. 2636 Add a new syntax for the 'F' (file class) sendmail.cf command. If 2637 the first character after the class name is not a '/' or a 2638 '|' and it contains an '@' (e.g., F{X}key@class:spec), the 2639 rest of the line will be parsed as a map lookup. This 2640 allows classes to be filled via a map lookup. See op.me 2641 for more syntax information. Specifically, this can be 2642 used for commands such as VIRTUSER_DOMAIN_FILE() to read 2643 the list of domains via LDAP (see the ``USING LDAP FOR 2644 ALIASES, MAPS, and CLASSES'' section of cf/README for an 2645 example). 2646 The new macro ${sendmailMTACluster} determines the LDAP cluster for 2647 the default schema used in the above two items. 2648 Unless DontBlameSendmail=RunProgramInUnsafeDirPath is set, log a 2649 warning if a program being run from a mailer or file class 2650 (e.g., F|/path/to/prog) is in an unsafe directory path. 2651 Unless DontBlameSendmail=RunWritableProgram is set, log a warning 2652 if a program being run from a mailer or file class 2653 (e.g., F|/path/to/prog) is group or world writable. 2654 Loopback interfaces (e.g., "lo0") are now probed for class {w} 2655 hostnames. Setting DontProbeInterfaces to "loopback" 2656 (without quotes) will disable this and return to the 2657 pre-8.12 behavior of only probing non-loopback interfaces. 2658 Suggested by Bryan Stansell of GNAC. 2659 In accordance with RFC 2821 section 4.1.4, accept multiple 2660 HELO/EHLO commands. 2661 Multiple ClientPortOptions settings are now allowed, one for each 2662 possible protocol family which may be used for outgoing 2663 connections. Restrictions placed on one family only affect 2664 outgoing connections on that particular family. Because of 2665 this change, the ${client_flags} macro is not set until the 2666 connection is established. Based on patch from Motonori 2667 Nakamura of Kyoto University. 2668 PrivacyOptions=restrictexpand instructs sendmail to drop privileges 2669 when the -bv option is given by users who are neither root 2670 nor the TrustedUser so users can not read private aliases, 2671 forwards, or :include: files. It also will override the -v 2672 (verbose) command line option. 2673 If the M=b modifier is set in DaemonPortOptions and the interface 2674 address can't be used for the outgoing connection, fall 2675 back to the settings in ClientPortOptions (if set). 2676 Problem noted by John Beck of Sun Microsystems. 2677 New named config file rule check_data for DATA command (input: 2678 number of recipients). Based on patch from Mark Roth of 2679 the University of Illinois at Urbana-Champaign. 2680 Add support for ETRN queue selection per RFC 1985. The queue group 2681 can be specified using the '#' option character. For 2682 example, 'ETRN #queuegroup'. 2683 If an LDAP server times out or becomes unavailable, close the 2684 current connection and reopen to get to one of the fallback 2685 servers. Patch from Paul Hilchey of the University of 2686 British Columbia. 2687 Make default error number on $#error messages 550 instead of 501 2688 because 501 is not allowed on all commands. 2689 The .cf file option UnsafeGroupWrites is deprecated, it should be 2690 replaced with the settings GroupWritableForwardFileSafe 2691 and GroupWritableIncludeFileSafe in DontBlameSendmail 2692 if required. 2693 The deprecated ldapx map class has been removed. Use the ldap map 2694 class instead. 2695 Any IPv6 addresses used in configuration should be prefixed by the 2696 "IPv6:" tag to identify the address properly. For example, 2697 if you want to add the IPv6 address [2002:c0a8:51d2::23f4] to 2698 class {w}, you would need to add [IPv6:2002:c0a8:51d2::23f4]. 2699 Change the $&{opMode} macro if the operation mode changes while the 2700 MTA is running. For example, during a queue run. 2701 Add "use_inet6" as a new ResolverOptions flag to control the 2702 RES_USE_INET6 resolver option. Based on patch from Rick 2703 Nelson of IBM. 2704 The maximum number of commands before the MTA slows down when too 2705 many "light weight" commands have been received are now 2706 configurable during compile time. The current values and 2707 their defaults are: 2708 MAXBADCOMMANDS 25 unknown commands 2709 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 2710 MAXHELOCOMMANDS 3 HELO, EHLO 2711 MAXVRFYCOMMANDS 6 VRFY, EXPN 2712 MAXETRNCOMMANDS 8 ETRN 2713 Setting a value to 0 disables the check. Patch from Bryan 2714 Costales of SL3D, Inc. 2715 The header syntax H?${MyMacro}?X-My-Header: now not only checks if 2716 ${MyMacro} is defined but also that it is not empty. 2717 Properly quote usernames with special characters if they are used 2718 in headers. Problem noted by Kari Hurtta of the Finnish 2719 Meteorological Institute. 2720 Be sure to include the proper Final-Recipient: DSN header in bounce 2721 messages for messages for mailing list expanded addresses 2722 which are not delivered on the initial attempt. 2723 Do not treat errors as sticky when doing delivery via LMTP after 2724 the final dot has been sent to avoid affecting future 2725 deliveries. Problem reported by Larry Greenfield of CMU. 2726 New compile time flag REQUIRES_DIR_FSYNC which turns on support for 2727 file systems that require to call fsync() for a directory 2728 if the meta-data in it has been changed. This should be 2729 set at least for ReiserFS; it is enabled by default for Linux. 2730 See sendmail/README for further information. 2731 Avoid file locking deadlock when updating the statistics file if 2732 sendmail is signaled to terminate. Problem noted by 2733 Christophe Wolfhugel of France Telecom. 2734 Set the $c macro (hop count) as it is being set instead of when the 2735 envelope is initialized. Problem noted by Kari Hurtta of 2736 the Finnish Meteorological Institute. 2737 Properly count recipients for DeliveryMode defer and queue. Fix 2738 from Peter A. Friend of EarthLink. 2739 Treat invalid hesiod lookups as permanent errors instead of 2740 temporary errors. Problem noted by Russell McOrmond of 2741 flora.ca. 2742 Portability: 2743 Remove support for AIX 2, which supports only 14 character 2744 filenames and is outdated anyway. Suggested by 2745 Valdis Kletnieks of Virginia Tech. 2746 Change several settings for Irix 6: remove confSBINDIR, 2747 i.e., use default /usr/sbin, change owner/group 2748 of man pages and user-executable to root/sys, set 2749 optimization limit to 0 (unlimited). Based on patch 2750 from Ayamura Kikuchi, M.D, and proposal from Kari 2751 Hurtta of the Finnish Meteorological Institute. 2752 Do not assume LDAP support is installed by default under 2753 Solaris 8 and later. 2754 Add support for OpenUNIX. 2755 CONFIG: Increment version number of config file to 10. 2756 CONFIG: Add an install target and a README file in cf/cf. 2757 CONFIG: Don't accept addresses of the form a@b@, a@b@c, a@[b]c, etc. 2758 CONFIG: Reject empty recipient addresses (in check_rcpt). 2759 CONFIG: The access map uses an option of -T<TMPF> to deal with 2760 temporary lookup failures. 2761 CONFIG: New value for access map: SKIP, which causes the default 2762 action to be taken by aborting the search for domain names 2763 or IP nets. 2764 CONFIG: check_rcpt can deal with TEMPFAIL for either recipient or 2765 relay address as long as the other part allows the email 2766 to get through. 2767 CONFIG: Entries for virtusertable can make use of a third parameter 2768 "%3" which contains "+detail" of a wildcard match, i.e., an 2769 entry like user+*@domain. This allows handling of details by 2770 using %1%3 as the RHS. Additionally, a "+" wildcard has been 2771 introduced to match only non-empty details of addresses. 2772 CONFIG: Numbers for rulesets used by MAILERs have been removed 2773 and hence there is no required order within the MAILER 2774 section anymore except for MAILER(`uucp') which must come 2775 after MAILER(`smtp') if uucp-dom and uucp-uudom are used. 2776 CONFIG: Hosts listed in the generics domain class {G} 2777 (GENERICS_DOMAIN() and GENERICS_DOMAIN_FILE()) are treated 2778 as canonical. Suggested by Per Hedeland of Ericsson. 2779 CONFIG: If FEATURE(`delay_checks') is used, make sure that a lookup 2780 in the access map which returns OK or RELAY actually 2781 terminates check_* ruleset checking. 2782 CONFIG: New tag TLS_Rcpt: for access map to be used by ruleset 2783 tls_rcpt, see cf/README for details. 2784 CONFIG: Change format of Received: header line which reveals whether 2785 STARTTLS has been used to "(version=${tls_version} 2786 cipher=${cipher} bits=${cipher_bits} verify=${verify})". 2787 CONFIG: Use "Spam:" as tag for lookups for FEATURE(`delay_checks') 2788 options friends/haters instead of "To:" and enable 2789 specification of whole domains instead of just users. 2790 Notice: this change is not backward compatible. 2791 Suggested by Chris Adams from HiWAAY Informations Services. 2792 CONFIG: Allow for local extensions for most new rulesets, see 2793 cf/README for details. 2794 CONFIG: New FEATURE(`lookupdotdomain') to lookup also .domain in 2795 the access map. Proposed by Randall Winchester of the 2796 University of Maryland. 2797 CONFIG: New FEATURE(`local_no_masquerade') to avoid masquerading for 2798 the local mailer. Proposed by Ingo Brueckl of Wupper Online. 2799 CONFIG: confRELAY_MSG/confREJECT_MSG can override the default 2800 messages for an unauthorized relaying attempt/for access 2801 map entries with RHS REJECT, respectively. 2802 CONFIG: FEATURE(`always_add_domain') takes an optional argument 2803 to specify another domain to be added instead of the local one. 2804 Suggested by Richard H. Gumpertz of Computer Problem 2805 Solving. 2806 CONFIG: confAUTH_OPTIONS allows setting of Cyrus-SASL specific 2807 options, see doc/op/op.me for details. 2808 CONFIG: confAUTH_MAX_BITS sets the maximum encryption strength for 2809 the security layer in SMTP AUTH (SASL). 2810 CONFIG: If Local_localaddr resolves to $#ok, localaddr is terminated 2811 immediately. 2812 CONFIG: FEATURE(`enhdnsbl') is an enhanced version of dnsbl which 2813 allows checking of the return values of the DNS lookups. 2814 See cf/README for details. 2815 CONFIG: FEATURE(`dnsbl') allows now to specify the behavior for 2816 temporary lookup failures. 2817 CONFIG: New option confDELIVER_BY_MIN to specify minimum time for 2818 Deliver By (RFC 2852) or to turn off the extension. 2819 CONFIG: New option confSHARED_MEMORY_KEY to set the key for shared 2820 memory use. 2821 CONFIG: New FEATURE(`compat_check') to look up a key consisting 2822 of the sender and the recipient address delimited by the 2823 string "<@>", e.g., sender@sdomain<@>recipient@rdomain, 2824 in the access map. Based on code contributed by Mathias 2825 Koerber of Singapore Telecommunications Ltd. 2826 CONFIG: Add EXPOSED_USER_FILE() command to allow an exposed user 2827 file. Suggested by John Beck of Sun Microsystems. 2828 CONFIG: Don't use MAILER-DAEMON for error messages delivered 2829 via LMTP. Problem reported by Larry Greenfield of CMU. 2830 CONFIG: New FEATURE(`preserve_luser_host') to preserve the name of 2831 the recipient host if LUSER_RELAY is used. 2832 CONFIG: New FEATURE(`preserve_local_plus_detail') to preserve the 2833 +detail portion of the address when passing address to 2834 local delivery agent. Disables alias and .forward +detail 2835 stripping. Only use if LDA supports this. 2836 CONFIG: Removed deprecated FEATURE(`rbl'). 2837 CONFIG: Add LDAPROUTE_EQUIVALENT() and LDAPROUTE_EQUIVALENT_FILE() 2838 which allow you to specify 'equivalent' hosts for LDAP 2839 Routing lookups. Equivalent hostnames are replaced by the 2840 masquerade domain name for lookups. See cf/README for 2841 additional details. 2842 CONFIG: Add a fourth argument to FEATURE(`ldap_routing') which 2843 instructs the rulesets on what to do if the address being 2844 looked up has +detail information. See cf/README for more 2845 information. 2846 CONFIG: When chosing a new destination via LDAP Routing, also look 2847 up the new routing address/host in the mailertable. Based 2848 on patch from Don Badrak of the United States Census Bureau. 2849 CONFIG: Do not reject the SMTP Mail from: command if LDAP Routing 2850 is in use and the bounce option is enabled. Only reject 2851 recipients as user unknown. 2852 CONFIG: Provide LDAP support for the remaining database map 2853 features. See the ``USING LDAP FOR ALIASES AND MAPS'' 2854 section of cf/README for more information. 2855 CONFIG: Add confLDAP_CLUSTER which defines the ${sendmailMTACluster} 2856 macro used for LDAP searches as described above in ``USING 2857 LDAP FOR ALIASES, MAPS, AND CLASSES''. 2858 CONFIG: confCLIENT_OPTIONS has been replaced by CLIENT_OPTIONS(), 2859 which takes the options as argument and can be used 2860 multiple times; see cf/README for details. 2861 CONFIG: Add configuration macros for new options: 2862 confBAD_RCPT_THROTTLE BadRcptThrottle 2863 confDIRECT_SUBMISSION_MODIFIERS DirectSubmissionModifiers 2864 confMAILBOX_DATABASE MailboxDatabase 2865 confMAX_QUEUE_CHILDREN MaxQueueChildren 2866 confMAX_RUNNERS_PER_QUEUE MaxRunnersPerQueue 2867 confNICE_QUEUE_RUN NiceQueueRun 2868 confQUEUE_FILE_MODE QueueFileMode 2869 confFAST_SPLIT FastSplit 2870 confTLS_SRV_OPTIONS TLSSrvOptions 2871 See above (and related documentation) for further information. 2872 CONFIG: Add configuration variables for new timeout options: 2873 confTO_ACONNECT Timeout.aconnect 2874 confTO_AUTH Timeout.auth 2875 confTO_LHLO Timeout.lhlo 2876 confTO_STARTTLS Timeout.starttls 2877 CONFIG: Add configuration macros for mail filter API: 2878 confINPUT_MAIL_FILTERS InputMailFilters 2879 confMILTER_LOG_LEVEL Milter.LogLevel 2880 confMILTER_MACROS_CONNECT Milter.macros.connect 2881 confMILTER_MACROS_HELO Milter.macros.helo 2882 confMILTER_MACROS_ENVFROM Milter.macros.envfrom 2883 confMILTER_MACROS_ENVRCPT Milter.macros.envrcpt 2884 Mail filters can be defined via INPUT_MAIL_FILTER() and 2885 MAIL_FILTER(). See libmilter/README, cf/README, and 2886 doc/op/op.me for details. 2887 CONFIG: Add support for accepting temporarily unresolvable domains. 2888 See cf/README for details. Based on patch by Motonori 2889 Nakamura of Kyoto University. 2890 CONFIG: confDEQUOTE_OPTS can be used to specify options for the 2891 dequote map. 2892 CONFIG: New macro QUEUE_GROUP() to define queue groups. 2893 CONFIG: New FEATURE(`queuegroup') to select a queue group based 2894 on the full e-mail address or the domain of the recipient. 2895 CONFIG: Any IPv6 addresses used in configuration should be prefixed 2896 by the "IPv6:" tag to identify the address properly. For 2897 example, if you want to use the IPv6 address 2898 2002:c0a8:51d2::23f4 in the access database, you would need 2899 to use IPv6:2002:c0a8:51d2::23f4 on the left hand side. 2900 This affects the access database as well as the 2901 relay-domains and local-host-names files. 2902 CONFIG: OSTYPE(aux) has been renamed to OSTYPE(a-ux). 2903 CONFIG: Avoid expansion of m4 keywords in SMART_HOST. 2904 CONFIG: Add MASQUERADE_EXCEPTION_FILE() for reading masquerading 2905 exceptions from a file. Suggested by Trey Breckenridge of 2906 Mississippi State University. 2907 CONFIG: Add LOCAL_USER_FILE() for reading local users 2908 (LOCAL_USER() -- $={L}) entries from a file. 2909 CONTRIB: dnsblaccess.m4 is a further enhanced version of enhdnsbl.m4 2910 which allows to lookup error codes in the access map. 2911 Contributed by Neil Rickert of Northern Illinois University. 2912 DEVTOOLS: Add new options for installation of include and library 2913 files: confINCGRP, confINCMODE, confINCOWN, confLIBGRP, 2914 confLIBMODE, confLIBOWN. 2915 DEVTOOLS: Add new option confDONT_INSTALL_CATMAN to turn off 2916 installation of the the formatted man pages on operating 2917 systems which don't include cat directories. 2918 EDITMAP: New program for editing maps as supplement to makemap. 2919 MAIL.LOCAL: Mail.local now uses the libsm mbdb package to look up 2920 local mail recipients. New option -D mbdb specifies the 2921 mailbox database type. 2922 MAIL.LOCAL: New option "-h filename" which instructs mail.local to 2923 deliver the mail to the named file in the user's home 2924 directory instead of the system mail spool area. Based on 2925 patch from Doug Hardie of the Los Angeles Free-Net. 2926 MAILSTATS: New command line option -P which acts the same as -p but 2927 doesn't truncate the statistics file. 2928 MAKEMAP: Add new option -t to specify a different delimiter 2929 instead of white space. 2930 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway 2931 submission. Problem noted by Kari Hurtta of the Finnish 2932 Meteorological Institute. 2933 SMRSH: Use the vendor supplied directory on FreeBSD 3.3 and later. 2934 VACATION: Change Auto-Submitted: header value from auto-generated to 2935 auto-replied. From Kenneth Murchison of Oceana Matrix Ltd. 2936 VACATION: New option -d to send error/debug messages to stdout 2937 instead of syslog. 2938 VACATION: New option -U which prevents the attempt to lookup login 2939 in the password file. The -f and -m options must be used 2940 to specify the database and message file since there is no 2941 home directory for the default settings for these options. 2942 VACATION: Vacation now uses the libsm mbdb package to look up 2943 local mail recipients; it reads the MailboxDatabase option 2944 from the sendmail.cf file. New option -C cffile which 2945 specifies the path of the sendmail.cf file. 2946 New Directories: 2947 libmilter/docs 2948 New Files: 2949 cf/cf/README 2950 cf/cf/submit.cf 2951 cf/cf/submit.mc 2952 cf/feature/authinfo.m4 2953 cf/feature/compat_check.m4 2954 cf/feature/enhdnsbl.m4 2955 cf/feature/msp.m4 2956 cf/feature/local_no_masquerade.m4 2957 cf/feature/lookupdotdomain.m4 2958 cf/feature/preserve_luser_host.m4 2959 cf/feature/preserve_local_plus_detail.m4 2960 cf/feature/queuegroup.m4 2961 cf/sendmail.schema 2962 contrib/dnsblaccess.m4 2963 devtools/M4/UNIX/sm-test.m4 2964 devtools/OS/OpenUNIX.5.i386 2965 editmap/* 2966 include/sm/* 2967 libsm/* 2968 libsmutil/cf.c 2969 libsmutil/err.c 2970 sendmail/SECURITY 2971 sendmail/TUNING 2972 sendmail/bf.c 2973 sendmail/bf.h 2974 sendmail/sasl.c 2975 sendmail/sm_resolve.c 2976 sendmail/sm_resolve.h 2977 sendmail/tls.c 2978 Deleted Files: 2979 cf/feature/rbl.m4 2980 cf/ostype/aix2.m4 2981 devtools/OS/AIX.2 2982 include/sendmail/cdefs.h 2983 include/sendmail/errstring.h 2984 include/sendmail/useful.h 2985 libsmutil/errstring.c 2986 sendmail/bf_portable.c 2987 sendmail/bf_portable.h 2988 sendmail/bf_torek.c 2989 sendmail/bf_torek.h 2990 sendmail/clock.c 2991 Renamed Files: 2992 cf/cf/generic-solaris2.mc => cf/cf/generic-solaris.mc 2993 cf/cf/generic-solaris2.cf => cf/cf/generic-solaris.cf 2994 cf/ostype/aux.m4 => cf/ostype/a-ux.m4 2995 29968.11.7/8.11.7 2003/03/29 2997 SECURITY: Fix a remote buffer overflow in header parsing by 2998 dropping sender and recipient header comments if the 2999 comments are too long. Problem noted by Mark Dowd 3000 of ISS X-Force. 3001 SECURITY: Fix a buffer overflow in address parsing due to 3002 a char to int conversion problem which is potentially 3003 remotely exploitable. Problem found by Michal Zalewski. 3004 Note: an MTA that is not patched might be vulnerable to 3005 data that it receives from untrusted sources, which 3006 includes DNS. 3007 To provide partial protection to internal, unpatched sendmail MTAs, 3008 8.11.7 changes by default (char)0xff to (char)0x7f in 3009 headers etc. To turn off this conversion compile with 3010 -DALLOW_255 or use the command line option -d82.101. 3011 To provide partial protection for internal, unpatched MTAs that may be 3012 performing 7->8 or 8->7 bit MIME conversions, the default 3013 for MaxMimeHeaderLength has been changed to 2048/1024. 3014 Note: this does have a performance impact, and it only 3015 protects against frontal attacks from the outside. 3016 To disable the checks and return to pre-8.11.7 defaults, 3017 set MaxMimeHeaderLength to 0/0. 3018 Properly clean up macros to avoid persistence of session data 3019 across various connections. This could cause session 3020 oriented restrictions, e.g., STARTTLS requirements, 3021 to erroneously allow a connection. Problem noted 3022 by Tim Maletic of Priority Health. 3023 Ignore comments in NIS host records when trying to find the 3024 canonical name for a host. 3025 Fix a memory leak when closing Hesiod maps. 3026 Set ${msg_size} macro when reading a message from the command line 3027 or the queue. 3028 Prevent a segmentation fault when clearing the event list by 3029 turning off alarms before checking if event list is 3030 empty. Problem noted by Allan E Johannesen of Worcester 3031 Polytechnic Institute. 3032 Fix a potential core dump problem if the environment variable 3033 NAME is set. Problem noted by Beth A. Chaney of 3034 Purdue University. 3035 Prevent a race condition on child cleanup for delivery to files. 3036 Problem noted by Fletcher Mattox of the University of 3037 Texas. 3038 CONFIG: Do not bounce mail if FEATURE(`ldap_routing')'s bounce 3039 parameter is set and the LDAP lookup returns a temporary 3040 error. 3041 CONFIG: Fix a syntax error in the try_tls ruleset if 3042 FEATURE(`access_db') is not enabled. 3043 LIBSMDB: Fix a lock race condition that affects makemap, praliases, 3044 and vacation. 3045 LIBSMDB: Avoid a file creation race condition for Berkeley DB 1.X 3046 and NDBM on systems with the O_EXLOCK open(2) flag. 3047 MAKEMAP: Avoid going beyond the end of an input line if it does 3048 not contain a value for a key. Based on patch from 3049 Mark Bixby from Hewlett-Packard. 3050 MAIL.LOCAL: Fix a truncation race condition if the close() on 3051 the mailbox fails. Problem noted by Tomoko Fukuzawa of 3052 Sun Microsystems. 3053 SMRSH: SECURITY: Only allow regular files or symbolic links to be 3054 used for a command. Problem noted by David Endler of 3055 iDEFENSE, Inc. 3056 30578.11.6/8.11.6 2001/08/20 3058 SECURITY: Fix a possible memory access violation when specifying 3059 out-of-bounds debug parameters. Problem detected by 3060 Cade Cairns of SecurityFocus. 3061 Avoid leaking recipient information in unrelated DSNs. This could 3062 happen if a connection is aborted, several mails had been 3063 scheduled for delivery via that connection, and the timeout 3064 is reached such that several DSNs are sent next. Problem 3065 noted by Dileepan Moorkanat of Hewlett-Packard. 3066 Fix a possible segmentation violation when specifying too many 3067 wildcard operators in a rule. Problem detected by 3068 Werner Wiethege. 3069 Avoid a segmentation fault on non-matching Hesiod lookups. Problem 3070 noted by Russell McOrmond of flora.ca 3071 30728.11.5/8.11.5 2001/07/31 3073 Fix a possible race condition when sending a HUP signal to restart 3074 the daemon. This could terminate the current process without 3075 starting a new daemon. Problem reported by Wolfgang Breyha 3076 of SE Netway Communications. 3077 Only apply MaxHeadersLength when receiving a message via SMTP or 3078 the command line. Problem noted by Andrey J. Melnikoff. 3079 When finding the system's local hostname on an IPv6-enabled system 3080 which doesn't have any IPv6 interface addresses, fall back 3081 to looking up only IPv4 addresses. Problem noted by Tim 3082 Bosserman of EarthLink. 3083 When commands were being rejected due to check_relay or TCP 3084 Wrappers, the ETRN command was not giving a response. 3085 Incoming IPv4 connections on a Family=inet6 daemon (using 3086 IPv4-mapped addresses) were incorrectly labeled as "may be 3087 forged". Problem noted by Per Steinar Iversen of Oslo 3088 University College. 3089 Shutdown address test mode cleanly on SIGTERM. Problem noted by 3090 Greg King of the OAO Corporation. 3091 Restore the original real uid (changed in main() to prevent 3092 out of band signals) before invoking a delivery agent. 3093 Some delivery agents use this for the "From " envelope 3094 "header". Problem noted by Leslie Carroll of the 3095 University at Albany. 3096 Mark closed file descriptors properly to avoid reuse. Problem 3097 noted by Jeff Bronson of J.D. Bronson, Inc. 3098 Setting Timeout options on the command line will also override 3099 their sub-suboptions in the .cf file, e.g., -O 3100 Timeout.queuereturn=2d will set all queuereturn timeouts 3101 to 2 days. Problem noted by Roger B.A. Klorese. 3102 Portability: 3103 BSD/OS has a broken setreuid() implementation. Problem 3104 noted by Vernon Schryver of Rhyolite Software. 3105 BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?). 3106 Noted by Vernon Schryver of Rhyolite Software. 3107 BSD/OS has fchown(2). Noted by Dave Yadallee of Netline 3108 2000 Internet Solutions Inc. 3109 Solaris 2.X and later have strerror(3). From Sebastian 3110 Hagedorn of Cologne University. 3111 CONFIG: Fix parsing for IPv6 domain literals in addresses 3112 (user@[IPv6:address]). Problem noted by Liyuan Zhou. 3113 31148.11.4/8.11.4 2001/05/28 3115 Clean up signal handling routines to reduce the chances of heap 3116 corruption and other potential race conditions. 3117 Terminating and restarting the daemon may not be 3118 instantaneous due to this change. Also, non-root users can 3119 no longer send out-of-band signals. Problem reported by 3120 Michal Zalewski of BindView. 3121 If LogLevel is greater than 9 and SASL fails to negotiate an 3122 encryption layer, avoid core dump logging the encryption 3123 strength. Problem noted by Miroslav Zubcic of Crol. 3124 If a server offers "AUTH=" and "AUTH " and the list of mechanisms is 3125 different in those two lines, sendmail might not have 3126 recognized (and used) all of the offered mechanisms. 3127 Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch 3128 from Kenji Miyake. 3129 This time, really don't use the .. directory when expanding 3130 QueueDirectory wildcards. 3131 If a process is interrupted while closing a map, don't try to close 3132 the same map again while exiting. 3133 Allow local mailers (F=l) to contact remote hosts (e.g., via 3134 LMTP). Problem noted by Norbert Klasen of the University 3135 of Tuebingen. 3136 If Timeout.QueueReturn was set to a value less the time it took 3137 to write a new queue file (e.g., 0 seconds), the bounce 3138 message would be lost. Problem noted by Lorraine L Goff of 3139 Oklahoma State University. 3140 Pass map argument vector into map rewriting engine for the regex 3141 and prog map types. Problem noted by Stephen Gildea of 3142 InTouch Systems, Inc. 3143 When closing an LDAP map due to a temporary error, close all of the 3144 other LDAP maps which share the original map's connection 3145 to the LDAP server. Patch from Victor Duchovni of 3146 Morgan Stanley. 3147 To detect changes of NDBM aliases files check the timestamp of the 3148 .pag file instead of the .dir file. Problem noted by Neil 3149 Rickert of Northern Illinois University. 3150 Don't treat temporary hesiod lookup failures as permanent. Patch 3151 from Werner Wiethege. 3152 If ClientPortOptions is set, make sure to create the outgoing socket 3153 with the family set in that option. Patch from Sean Farley. 3154 Avoid a segmentation fault trying to dereference a NULL pointer 3155 when logging a MaxHopCount exceeded error with an empty 3156 recipient list. Problem noted by Chris Adams of HiWAAY 3157 Internet Services. 3158 Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich 3159 Windl of the Universitaet Regensburg. 3160 Fix DSN for "mail loops back to me" bounces. Problem noticed by 3161 Kari Hurtta of the Finnish Meteorological Institute. 3162 Portability: 3163 OpenBSD has a broken setreuid() implementation. 3164 CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back 3165 to 553 since it is allowed by DRUMS. 3166 CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X. 3167 DEVTOOLS: install.sh did not properly handle paths in the source 3168 file name argument. Noted by Kari Hurtta of the Finnish 3169 Meteorological Institute. 3170 DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD 3171 since it generates random process ids. 3172 PRALIASES: Add back adaptive algorithm to deal with different endings 3173 of entries in the database (with/without trailing '\0'). 3174 Patch from John Beck of Sun Microsystems. 3175 New Files: 3176 cf/ostype/freebsd4.m4 3177 31788.11.3/8.11.3 2001/02/27 3179 Prevent a segmentation fault when a bogus value was used in the 3180 LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus 3181 option was used. Problem noted by Allan E Johannesen of 3182 Worcester Polytechnic Institute. 3183 Prevent "token too long" message by shortening {currHeader} which 3184 could be too long if the last copied character was a quote. 3185 Problem detected by Jan Krueger of digitalanswers 3186 communications consulting gmbh. 3187 Additional IPv6 check for unspecified addresses. Patch from 3188 Jun-ichiro itojun Hagino of the KAME Project. 3189 Do not ignore the ClientPortOptions setting if DaemonPortOptions 3190 Modifier=b (bind to same interface) is set and the 3191 connection came in from the command line. 3192 Do not bind to the loopback address if DaemonPortOptions 3193 Modifier=b (bind to same interface) is set. Patch from 3194 John Beck of Sun Microsystems. 3195 Properly deal with open failures on non-optional maps used in 3196 check_* rulesets by returning a temporary failure. 3197 Buffered file I/O files were not being properly fsync'ed to disk 3198 when they were committed. 3199 Properly encode '=' for the AUTH= parameter of the MAIL command. 3200 Problem noted by Hadmut Danisch. 3201 Under certain circumstances the macro {server_name} could be set 3202 to the wrong hostname (of a previous connection), which may 3203 cause some rulesets to return wrong results. This would 3204 usually cause mail to be queued up and delivered later on. 3205 Ignore F=z (LMTP) mailer flag if $u is given in the mailer A= 3206 equate. Problem noted by Motonori Nakamura of Kyoto 3207 University. 3208 Work around broken accept() implementations which only partially 3209 fill in the peer address if the socket is closed before 3210 accept() completes. 3211 Return an SMTP "421" temporary failure if the data file can't be 3212 opened where the "354" reply would normally be given. 3213 Prevent a CPU loop in trying to expand a macro which doesn't exist 3214 in a queue run. Problem noted by Gordon Lack of Glaxo 3215 Wellcome. 3216 If delivering via a program and that program exits with EX_TEMPFAIL, 3217 note that fact for the mailq display instead of just showing 3218 "Deferred". Problem noted by Motonori Nakamura of Kyoto 3219 University. 3220 If doing canonification via /etc/hosts, try both the fully 3221 qualified hostname as well as the first portion of the 3222 hostname. Problem noted by David Bremner of the 3223 University of New Brunswick. 3224 Portability: 3225 Fix a compilation problem for mail.local and rmail if SFIO 3226 is in use. Problem noted by Auteria Wally 3227 Winzer Jr. of Champion Nutrition. 3228 IPv6 changes for platforms using KAME. Patch from 3229 Jun-ichiro itojun Hagino of the KAME Project. 3230 OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and 3231 higher has BSDI-style login classes. Patch from 3232 Todd C. Miller of Courtesan Consulting. 3233 Unixware 7.1.1 doesn't allow h_errno to be set directly if 3234 sendmail is being compiled with -kthread. Problem 3235 noted by Orion Poplawski of CQG, Inc. 3236 CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and 3237 current left hand side for $LHS in virtuser files. 3238 DEVTOOLS: Do not pass make targets to recursive Build invocations. 3239 Problem noted by Jeff Bronson of J.D. Bronson, Inc. 3240 MAIL.LOCAL: In LMTP mode, do not return errors regarding problems 3241 storing the temporary message file until after the remote 3242 side has sent the final DATA termination dot. Problem 3243 noted by Allan E Johannesen of Worcester Polytechnic 3244 Institute. 3245 MAIL.LOCAL: If LMTP mode is set, give a temporary error if users 3246 are also specified on the command line. Patch from 3247 Motonori Nakamura of Kyoto University. 3248 PRALIASES: Skip over AliasFile specifications which aren't based on 3249 database files (i.e., only show dbm, hash, and btree). 3250 Renamed Files: 3251 devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x 3252 32538.11.2/8.11.2 2000/12/29 3254 Prevent a segmentation fault when trying to set a class in 3255 address test mode due to a negative array index. Audit 3256 other array indexing. This bug is not believed to be 3257 exploitable. Noted by Michal Zalewski of the "Internet for 3258 Schools" project (IdS). 3259 Add an FFR (for future release) to drop privileges when using 3260 address test mode. This will be turned on in 8.12. It can 3261 be enabled by compiling with: 3262 APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS') 3263 in your devtools/Site/site.config.m4 file. Suggested by 3264 Michal Zalewski of the "Internet for Schools" project (IdS). 3265 Fix potential problem with Cyrus-SASL security layer which may have 3266 caused I/O errors, especially for mechanism DIGEST-MD5. 3267 When QueueSortOrder was set to host, sendmail might not read 3268 enough of the queue file to determine the host, making the 3269 sort sub-optimal. Problem noted by Jeff Earickson of 3270 Colby College. 3271 Don't issue DSNs for addresses which use the NOTIFY parameter (per 3272 RFC 1891) but don't have FAILURE as value. 3273 Initialize Cyrus-SASL library before the SMTP daemon is started. 3274 This implies that every change to SASL related files requires 3275 a restart of the daemon, e.g., Sendmail.conf, new SASL 3276 mechanisms (in form of shared libraries). 3277 Properly set the STARTTLS related macros during a queue run for 3278 a cached connection. Bug reported by Michael Kellen of 3279 NxNetworks, Inc. 3280 Log the server name in relay= for ruleset tls_server instead of the 3281 client name. 3282 Include original length of bad field/header when reporting 3283 MaxMimeHeaderLength problems. Requested by Ulrich Windl of 3284 the Universitat Regensburg. 3285 Fix delivery to set-user-ID files that are expanded from aliases in 3286 DeliveryMode queue. Problem noted by Ric Anderson of the 3287 University of Arizona. 3288 Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano 3289 of Collective Technologies. 3290 Avoid using a negative argument for sleep() calls when delaying answers 3291 to EXPN/VRFY commands on systems which respond very slowly. 3292 Problem noted by Mikolaj J. Habryn of Optus Internet 3293 Engineering. 3294 Make sure the F=u flag is set in the default prog mailer 3295 definition. Problem noted by Kari Hurtta of the Finnish 3296 Meteorological Institute. 3297 Fix IPv6 check for unspecified addresses. Patch from 3298 Jun-ichiro itojun Hagino of the KAME Project. 3299 Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish 3300 Meteorological Institute. 3301 Fix parsing of DaemonPortOptions and ClientPortOptions. Read all 3302 of the parameters to find Family= setting before trying to 3303 interpret Addr= and Port=. Problem noted by Valdis 3304 Kletnieks of Virginia Tech. 3305 When delivering to a file directly from an alias, do not call 3306 initgroups(); instead use the DefaultUser group information. 3307 Problem noted by Marc Schaefer of ALPHANET NF. 3308 RunAsUser now overrides the ownership of the control socket, if 3309 created. Otherwise, sendmail can not remove it upon 3310 close. Problem noted by Werner Wiethege. 3311 Fix ConnectionRateThrottle counting as the option is the number of 3312 overall connections, not the number of connections per 3313 socket. A future version may change this to per socket 3314 counting. 3315 Portability: 3316 Clean up libsmdb so it functions properly on platforms 3317 where sizeof(u_int32_t) != sizeof(size_t). Problem 3318 noted by Rein Tollevik of Basefarm AS. 3319 Fix man page formatting for compatibility with Solaris' 3320 whatis. From Stephen Gildea of InTouch Systems, Inc. 3321 UnixWare 7 includes snprintf() support. From Larry 3322 Rosenman. 3323 IPv6 changes for platforms using KAME. Patch from 3324 Jun-ichiro itojun Hagino of the KAME Project. 3325 Avoid a typedef compile conflict with Berkeley DB 3.X and 3326 Solaris 2.5 or earlier. Problem noted by Bob Hughes 3327 of Pacific Access. 3328 Add preliminary support for AIX 5. Contributed by 3329 Valdis Kletnieks of Virginia Tech. 3330 Solaris 9 load average support from Andrew Tucker of Sun 3331 Microsystems. 3332 CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r') 3333 is used. Problem noted by Phil Homewood of Asia Online, 3334 patch from Neil Rickert of Northern Illinois University. 3335 CONFIG: Change the default DNS based blacklist server for 3336 FEATURE(`dnsbl') to blackholes.mail-abuse.org. 3337 CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e., 3338 implicitly assume canonical host names. 3339 CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on 3340 patch by Motonori Nakamura of Kyoto University. 3341 CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of 3342 Virginia Tech. 3343 CONFIG: Pass the illegal header form <list:;> through untouched 3344 instead of making it worse. Problem noted by Motonori 3345 Nakamura of Kyoto University. 3346 CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`). 3347 CONTRIB: qtool.pl: An empty queue is not an error. Problem noted 3348 by Jan Krueger of digitalanswers communications consulting 3349 gmbh. 3350 CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark 3351 Roth of the University of Illinois at Urbana-Champaign. 3352 DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4 3353 variables into bldOS, bldREL, and bldARCH to prevent 3354 namespace collisions. Problem noted by Motonori Nakamura 3355 of Kyoto University. 3356 RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It 3357 causes some changes in behavior and may break rmail for 3358 installations where sendmail is actually a wrapper to 3359 another MTA. The change will re-appear in a future 3360 version. 3361 SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X, 3362 and SunOS 5.8. Requested by Jeff A. Earickson of Colby 3363 College and John Beck of Sun Microsystems. 3364 VACATION: Fix pattern matching for addresses to ignore. 3365 VACATION: Don't reply to addresses of the form owner-* 3366 or *-owner. 3367 New Files: 3368 cf/ostype/aix5.m4 3369 contrib/buildvirtuser 3370 devtools/OS/AIX.5.0 3371 33728.11.1/8.11.1 2000/09/27 3373 Fix SMTP EXPN command output if the address expands to a single 3374 name. Fix from John Beck of Sun Microsystems. 3375 Don't try STARTTLS in the client if the PRNG has not been properly 3376 seeded. This problem only occurs on systems without 3377 /dev/urandom. Problem detected by Jan Krueger of 3378 digitalanswers communications consulting gmbh and 3379 Neil Rickert of Northern Illinois University. 3380 Don't use the . and .. directories when expanding QueueDirectory 3381 wildcards. 3382 Do not try to cache LDAP connections across processes as a parent 3383 process may close the connection before the child process 3384 has completed. Problem noted by Lai Yiu Fai of the Hong 3385 Kong University of Science and Technology and Wolfgang 3386 Hottgenroth of UUNET. 3387 Use Timeout.fileopen to limit the amount of time spent trying to 3388 read the LDAP secret from a file. 3389 Prevent SIGTERM from removing a command line submitted item after 3390 the user submits the message and before the first delivery 3391 attempt completes. Problem noted by Max France of AlphaNet. 3392 Fix from Neil Rickert of Northern Illinois University. 3393 Deal correctly with MaxMessageSize restriction if message size is 3394 greater than 2^31. Problem noted by Tim "Darth Dice" Bosserman 3395 of EarthLink. 3396 Turn off queue checkpointing if CheckpointInterval is set to zero. 3397 Treat an empty home directory (from getpw*() or $HOME) as 3398 non-existent instead of treating it as /. Problem noted by 3399 Todd C. Miller of Courtesan Consulting. 3400 Don't drop duplicate headers when reading a queued item. Problem 3401 noted by Motonori Nakamura of Kyoto University. 3402 Avoid bogus error text when logging the savemail panic "cannot 3403 save rejected email anywhere". Problem noted by Marc G. 3404 Fournier of Acadia University. 3405 If an LDAP search fails because the LDAP server went down, close 3406 the map so subsequent searches reopen the map. If there are 3407 multiple LDAP servers, the down server will be skipped and 3408 one of the others may be able to take over. 3409 Set the ${load_avg} macro to the current load average, not the 3410 previous load average query result. 3411 If a non-optional map used in a check_* ruleset can't be opened, 3412 return a temporary failure to the remote SMTP client 3413 instead of ignoring the map. Problem noted by Allan E 3414 Johannesen of Worcester Polytechnic Institute. 3415 Avoid a race condition when queuing up split envelopes by saving 3416 the split envelopes before the original envelope. 3417 Fix a bug in the PH_MAP code which caused mail to bounce instead of 3418 defer if the PH server could not be contacted. From Mark 3419 Roth of the University of Illinois at Urbana-Champaign. 3420 Prevent QueueSortOrder=Filename from interfering with -qR, -qS, and 3421 ETRN. Problem noted by Erik R. Leo of SoVerNet. 3422 Change error code for unrecognized parameters to the SMTP MAIL and 3423 RCPT commands from 501 to 555 per RFC 1869. Problem 3424 reported to Postfix by Robert Norris of Monash University. 3425 Prevent overwriting the argument of -B on certain OS. Problem 3426 noted by Matteo Gelosa of I.NET S.p.A. 3427 Use the proper routine for freeing memory with Netscape's LDAP 3428 client libraries. Patch from Paul Hilchey of the 3429 University of British Columbia. 3430 Portability: 3431 Move the NETINET6 define to devtools/OS/SunOS.5.{8,9} 3432 instead of defining it in conf.h so users can 3433 override the setting. Suggested by 3434 Henrik Nordstrom of Ericsson. 3435 On HP-UX 10.X and 11.X, use /usr/sbin/sendmail instead of 3436 /usr/lib/sendmail for rmail and vacation. From 3437 Jeff A. Earickson of Colby College. 3438 On HP-UX 11.X, use /usr/sbin instead of /usr/libexec (which 3439 does not exist). From Jeff A. Earickson of Colby 3440 College. 3441 Avoid using the UCB subsystem on NCR MP-RAS 3.x. From 3442 Tom Moore of NCR. 3443 NeXT 3.X and 4.X installs man pages in /usr/man. From 3444 Hisanori Gogota of NTT/InterCommunicationCenter. 3445 Solaris 8 and later include /var/run. The default PID file 3446 location is now /var/run/sendmail.pid. From John 3447 Beck of Sun Microsystems. 3448 SFIO includes snprintf() for those operating systems 3449 which do not. From Todd C. Miller of Courtesan 3450 Consulting. 3451 CONFIG: Use the result of _CERT_REGEX_SUBJECT_ not {cert_subject}. 3452 Problem noted by Kaspar Brand of futureLab AG. 3453 CONFIG: Change 553 SMTP reply code to 501 to avoid problems with 3454 errors in the MAIL address. 3455 CONFIG: Fix FEATURE(nouucp) usage in example .mc files. Problem 3456 noted by Ron Jarrell of Virginia Tech. 3457 CONFIG: Add support for Solaris 8 (and later) as OSTYPE(solaris8). 3458 Contributed by John Beck of Sun Microsystems. 3459 CONFIG: Set confFROM_HEADER such that the mail hub can possibly add 3460 GECOS information for an address. This more closely 3461 matches pre-8.10 nullclient behavior. From Per Hedeland of 3462 Ericsson. 3463 CONFIG: Fix MODIFY_MAILER_FLAGS(): apply the flag modifications for 3464 SMTP to all *smtp* mailers and those for RELAY to the relay 3465 mailer as described in cf/README. 3466 MAIL.LOCAL: Open the mailbox as the recipient not root so quotas 3467 are obeyed. Problem noted by Damian Kuczynski of NIK. 3468 MAKEMAP: Do not change a map's owner to the TrustedUser if using 3469 makemap to 'unmake' the map. 3470 RMAIL: Avoid overflowing the list of recipients being passed to 3471 sendmail. 3472 RMAIL: Invoke sendmail with '-G' to indicate this is a gateway 3473 submission. Problem noted by Kari Hurtta of the Finnish 3474 Meteorological Institute. 3475 VACATION: Read the complete message to avoid "broken pipe" signals. 3476 VACATION: Do not cut off vacation.msg files which have a single 3477 dot as the only character on the line. 3478 New Files: 3479 cf/ostype/solaris8.m4 3480 34818.11.0/8.11.0 2000/07/19 3482 SECURITY: If sendmail is installed as a non-root set-user-ID binary 3483 (not the normal case), some operating systems will still 3484 keep a saved-uid of the effective-uid when sendmail tries 3485 to drop all of its privileges. If sendmail needs to drop 3486 these privileges and the operating system doesn't set the 3487 saved-uid as well, exit with an error. Problem noted by 3488 Kari Hurtta of the Finnish Meteorological Institute. 3489 SECURITY: sendmail depends on snprintf() NUL terminating the string 3490 it populates. It is possible that some broken 3491 implementations of snprintf() exist that do not do this. 3492 Systems in this category should compile with 3493 -DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your 3494 system and report broken implementations to 3495 sendmail-bugs@sendmail.org and your OS vendor. Problem 3496 noted by Slawomir Piotrowski of TELSAT GP. 3497 Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS). 3498 Implementation influenced by the example programs of 3499 OpenSSL and the work of Lutz Jaenicke of TU Cottbus. 3500 Add new STARTTLS related options CACERTPath, CACERTFile, 3501 ClientCertFile, ClientKeyFile, DHParameters, RandFile, 3502 ServerCertFile, and ServerKeyFile. These are documented in 3503 cf/README and doc/op/op.*. 3504 New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, 3505 ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, 3506 ${server_name}, and ${server_addr}. These are documented 3507 in cf/README and doc/op/op.*. 3508 Add support for the Entropy Gathering Daemon (EGD) for better 3509 random data. 3510 New DontBlameSendmail option InsufficientEntropy for systems which 3511 don't properly seed the PRNG for OpenSSL but want to 3512 try to use STARTTLS despite the security problems. 3513 Support the security layer in SMTP AUTH for mechanisms which 3514 support encryption. Based on code contributed by Tim 3515 Martin of CMU. 3516 Add new macro ${auth_ssf} to reflect the SMTP AUTH security 3517 strength factor. 3518 LDAP's -1 (single match only) flag was not honored if the -z 3519 (delimiter) flag was not given. Problem noted by ST Wong of 3520 the Chinese University of Hong Kong. Fix from Mark Adamson 3521 of CMU. 3522 Add more protection from accidentally tripping OpenLDAP 1.X's 3523 ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute(). 3524 Suggested by Kurt Zeilenga of OpenLDAP. 3525 Fix the default family selection for DaemonPortOptions. As 3526 documented, unless a family is specified in a 3527 DaemonPortOptions option, "inet" is the default. It is 3528 also the default if no DaemonPortOptions value is set. 3529 Therefore, IPv6 users should configure additional sockets 3530 by adding DaemonPortOptions settings with Family=inet6 if 3531 they wish to also listen on IPv6 interfaces. Problem noted 3532 by Jun-ichiro itojun Hagino of the KAME Project. 3533 Set ${if_family} when setting ${if_addr} and ${if_name} to reflect 3534 the interface information for an outgoing connection. 3535 Not doing so was creating a mismatch between the socket 3536 family and address used in subsequent connections if the 3537 M=b modifier was set in DaemonPortOptions. Problem noted 3538 by John Beck of Sun Microsystems. 3539 If DaemonPortOptions modifier M=b is used, determine the socket 3540 family based on the IP address. ${if_family} is no longer 3541 persistent (i.e., saved in qf files). Patch from John Beck 3542 of Sun Microsystems. 3543 sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family} 3544 macros for both the incoming interface address/family and 3545 the outgoing interface address/family. In order for M=b 3546 modifier in DaemonPortOptions to work properly, preserve 3547 the incoming information in the queue file for later 3548 delivery attempts. 3549 Use SMTP error code and enhanced status code from check_relay in 3550 responses to commands. Problem noted by Jeff Wasilko of 3551 smoe.org. 3552 Add more vigilance in checking for putc() errors on output streams 3553 to protect from a bug in Solaris 2.6's putc(). Problem 3554 noted by Graeme Hewson of Oracle. 3555 The LDAP map -n option (return attribute names only) wasn't working. 3556 Problem noted by Ajay Matia. 3557 Under certain circumstances, an address could be listed as deferred 3558 but would be bounced back to the sender as failed to be 3559 delivered when it really should have been queued. Problem 3560 noted by Allan E Johannesen of Worcester Polytechnic Institute. 3561 Prevent a segmentation fault in a child SMTP process from getting 3562 the SMTP transaction out of sync. Problem noted by Per 3563 Hedeland of Ericsson. 3564 Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT 3565 is defined to avoid a core dump due to incompatibilities 3566 between sfio and stdio. Problem noted by Neil Rickert 3567 of Northern Illinois University. 3568 Don't log useless envelope ID on initial connection log. Problem 3569 noted by Kari Hurtta of the Finnish Meteorological Institute. 3570 Convert the free disk space shown in a control socket status query 3571 to kilobyte units. 3572 If TryNullMXList is True and there is a temporary DNS failure 3573 looking up the hostname, requeue the message for a later 3574 attempt. Problem noted by Ari Heikkinen of Pohjois-Savo 3575 Polytechnic. 3576 Under the proper circumstances, failed connections would be recorded 3577 as "Bad file number" instead of "Connection failed" in the 3578 queue file and persistent host status. Problem noted by 3579 Graeme Hewson of Oracle. 3580 Avoid getting into an endless loop if a non-hoststat directory exists 3581 within the hoststatus directory (e.g., lost+found). 3582 Patch from Valdis Kletnieks of Virginia Tech. 3583 Make sure Timeout.queuereturn=now returns a bounce message to the 3584 sender. Problem noted by Per Hedeland of Ericsson. 3585 If a message data file can't be opened at delivery time, panic and 3586 abort the attempt instead of delivering a message that 3587 states "<<< No Message Collected >>>". 3588 Fixup the GID checking code from 8.10.2 as it was overly 3589 restrictive. Problem noted by Mark G. Thomas of Mark 3590 G. Thomas Consulting. 3591 Preserve source port number instead of replacing it with the ident 3592 port number (113). 3593 Document the queue status characters in the mailq man page. 3594 Suggested by Ulrich Windl of the Universitat Regensburg. 3595 Process queued items in which none of the recipient addresses have 3596 host portions (or there are no recipients). Problem noted 3597 by Valdis Kletnieks of Virginia Tech. 3598 If a cached LDAP connection is used for multiple maps, make sure 3599 only the first to open the connection is allowed to close 3600 it so a later map close doesn't break the connection for 3601 other maps. Problem noted by Wolfgang Hottgenroth of UUNET. 3602 Netscape's LDAP libraries do not support Kerberos V4 3603 authentication. Patch from Rainer Schoepf of the 3604 University of Mainz. 3605 Provide workaround for inconsistent handling of data passed 3606 via callbacks to Cyrus SASL prior to version 1.5.23. 3607 Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission 3608 noted by Ulrich Windl of the Universitat Regensburg. 3609 Portability: 3610 Add the ability to read IPv6 interface addresses into class 3611 'w' under FreeBSD (and possibly others). From Jun 3612 Kuriyama of IMG SRC, Inc. and the FreeBSD Project. 3613 Replace code for finding the number of CPUs on HPUX. 3614 NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not 3615 work properly causing problems if the accept() 3616 fails and the socket needs to be reopened. Patch 3617 from Tom Moore of NCR. 3618 NetBSD uses a .0 extension of formatted man pages. From 3619 Andrew Brown of Crossbar Security. 3620 Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED 3621 for calls to getipnodebyname(). The Linux 3622 implementation is broken so AI_ADDRCONFIG is stripped 3623 under Linux. From John Beck of Sun Microsystems and 3624 John Kennedy of Cal State University, Chico. 3625 CONFIG: Catch invalid addresses containing a ',' at the wrong place. 3626 Patch from Neil Rickert of Northern Illinois University. 3627 CONFIG: New variables for the new sendmail options: 3628 confCACERT_PATH CACERTPath 3629 confCACERT CACERTFile 3630 confCLIENT_CERT ClientCertFile 3631 confCLIENT_KEY ClientKeyFile 3632 confDH_PARAMETERS DHParameters 3633 confRAND_FILE RandFile 3634 confSERVER_CERT ServerCertFile 3635 confSERVER_KEY ServerKeyFile 3636 CONFIG: Provide basic rulesets for TLS policy control and add new 3637 tags to the access database to support these policies. See 3638 cf/README for more information. 3639 CONFIG: Add TLS information to the Received: header. 3640 CONFIG: Call tls_client ruleset from check_mail in case it wasn't 3641 called due to a STARTTLS command. 3642 CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent 3643 instead of temporary. 3644 CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with 3645 the access map and relaying to a domain without using a To: 3646 tag. Problem noted by Mark G. Thomas of Mark G. Thomas 3647 Consulting. 3648 CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in 3649 OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of 3650 RootsWeb.com. 3651 CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and 3652 forwarding to make it as close to the old behavior as 3653 possible. Problem noted by George W. Baltz of the 3654 University of Maryland. 3655 CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From 3656 Wilfredo Sanchez of Apple Computer, Inc. 3657 CONFIG: Changed the map names used by FEATURE(`ldap_routing') from 3658 ldap_mailhost and ldap_mailroutingaddress to ldapmh and 3659 ldapmra as underscores in map names cause problems if 3660 underscore is in OperatorChars. Problem noted by Bob Zeitz 3661 of the University of Alberta. 3662 CONFIG: Apply blacklist_recipients also to hosts in class {w}. 3663 Patch from Michael Tratz of Esosoft Corporation. 3664 CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers. 3665 CONTRIB: Add link_hash.sh to create symbolic links to the hash 3666 of X.509 certificates. 3667 CONTRIB: passwd-to-alias.pl: More protection from special characters; 3668 treat special shells as root aliases; skip entries where the 3669 GECOS full name and username match. From Ulrich Windl of the 3670 Universitat Regensburg. 3671 CONTRIB: qtool.pl: Add missing last_modified_time method and fix a 3672 typo. Patch from Graeme Hewson of Oracle. 3673 CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue 3674 and sendmail. Patch from Graeme Hewson of Oracle. 3675 CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as 3676 subroutine Patch from Graeme Hewson of Oracle. 3677 CONTRIB: Add movemail.pl (move old mail messages between queues by 3678 calling re-mqueue.pl) and movemail.conf (configuration 3679 script for movemail.pl). From Graeme Hewson of Oracle. 3680 CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to 3681 makemap). From Derek J. Balling of Yahoo,Inc. 3682 DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any 3683 extension modifications (e.g., MAN8EXT) to the installation 3684 target. Patch from James Ralston of Carnegie Mellon 3685 University. 3686 DEVTOOLS: Add support for SunOS 5.9. 3687 DEVTOOLS: New option confLN contains the command used to create 3688 links. 3689 LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not 3690 reported. 3691 MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of 3692 Denman Tire Corporation. 3693 MAIL.LOCAL: Prevent a possible DoS attack when compiled with 3694 -DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU. 3695 MAILSTATS: Fix usage statement (-p and -o are optional). 3696 MAKEMAP: Change man page layout as workaround for problem with nroff 3697 and -man on Solaris 7. Patch from Larry Williamson. 3698 RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of 3699 Black Diamond Equipment, Limited. 3700 RMAIL: Prevent a segmentation fault if the incoming message does not 3701 have a From line. 3702 VACATION: Read all of the headers before deciding whether or not 3703 to respond instead of stopping after finding recipient. 3704 Added Files: 3705 cf/ostype/darwin.m4 3706 contrib/cidrexpand 3707 contrib/link_hash.sh 3708 contrib/movemail.conf 3709 contrib/movemail.pl 3710 devtools/OS/SunOS.5.9 3711 test/t_snprintf.c 3712 37138.10.2/8.10.2 2000/06/07 3714 SECURITY: Work around broken Linux setuid() implementation. 3715 On Linux, a normal user process has the ability to subvert 3716 the setuid() call such that it is impossible for a root 3717 process to drop its privileges. Problem noted by Wojciech 3718 Purczynski of elzabsoft.pl. 3719 SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(), 3720 initgroups(), and chroot() calls. 3721 Added Files: 3722 test/t_setuid.c 3723 37248.10.1/8.10.1 2000/04/06 3725 SECURITY: Limit the choice of outgoing (client-side) SMTP 3726 Authentication mechanisms to those specified in 3727 AuthMechanisms to prevent information leakage. We do not 3728 recommend use of PLAIN for outgoing mail as it sends the 3729 password in clear text to possibly untrusted servers. See 3730 cf/README's DefaultAuthInfo section for additional information. 3731 Copy the ident argument for openlog() to avoid problems on some 3732 OSs. Based on patch from Rob Bajorek from Webhelp.com. 3733 Avoid bogus error message when reporting an alias line as too long. 3734 Avoid bogus socket error message if sendmail.cf version level is 3735 greater than sendmail binary supported version. Patch 3736 from John Beck of Sun Microsystems. 3737 Prevent a malformed ruleset (missing right hand side) from causing 3738 a segmentation fault when using address test mode. Based on 3739 patch from John Beck of Sun Microsystems. 3740 Prevent memory leak from use of NIS maps and yp_match(3). Problem 3741 noted by Gil Kloepfer of the University of Texas at Austin. 3742 Fix queue file permission checks to allow for TrustedUser ownership. 3743 Change logging of errors from the trust_auth ruleset to LogLevel 10 3744 or higher. 3745 Avoid simple password cracking attacks against SMTP AUTH by using 3746 exponential delay after too many tries within one connection. 3747 Encode an initial empty AUTH challenge as '=', not as empty string. 3748 Avoid segmentation fault on EX_SOFTWARE internal error logs. 3749 Problem noted by Allan E Johannesen of Worcester 3750 Polytechnic Institute. 3751 Ensure that a header check which resolves to $#discard actually 3752 discards the message. 3753 Emit missing value warnings for aliases with no right hand side 3754 when newaliases is run instead of only when delivery is 3755 attempted to the alias. 3756 Remove AuthOptions missing value warning for consistency with other 3757 flag options. 3758 Portability: 3759 SECURITY: Specify a run-time shared library search path for 3760 AIX 4.X instead of using the dangerous AIX 4.X 3761 linker semantics. AIX 4.X users should consult 3762 sendmail/README for further information. Problem 3763 noted by Valdis Kletnieks of Virginia Tech. 3764 Avoid use of strerror(3) call. Problem noted by Charles 3765 Levert of Ecole Polytechnique de Montreal. 3766 DGUX requires -lsocket -lnsl and has a non-standard install 3767 program. From Tim Boyer of Denman Tire Corporation. 3768 HPUX 11.0 has a broken res_search() function. 3769 Updates to devtools/OS/NeXT.3.X, NeXT.4.X, and NEXTSTEP.4.X 3770 from J. P. McCann of E I A. 3771 Digital UNIX/Compaq Tru64 5.0 now includes snprintf(3). 3772 Problem noted by Michael Long of Info Avenue Internet 3773 Services, LLC. 3774 Modern (post-199912) OpenBSD versions include working 3775 strlc{at,py}(3) functions. From Todd C. Miller of 3776 Courtesan Consulting. 3777 SINIX doesn't have random(3). From Gerald Rinske of 3778 Siemens Business Services. 3779 CONFIG: Change error message about unresolvable sender domain to 3780 include the sender address. Proposed by Wolfgang Rupprecht 3781 of WSRCC. 3782 CONFIG: Fix usenet mailer calls. 3783 CONFIG: If RELAY_MAILER_FLAGS is not defined, use SMTP_MAILER_FLAGS 3784 to be backward compatible with 8.9. 3785 CONFIG: Change handling of default case @domain for virtusertable 3786 to allow for +*@domain to deal with +detail. 3787 CONTRIB: Remove converting.sun.configs -- it is obsolete. 3788 DEVTOOLS: confUBINMODE was being ignored. Fix from KITAZIMA, Tuneki 3789 of NEC. 3790 DEVTOOLS: Add to NCR platform list and include the architecture 3791 (i486). From Tom J. Moore of NCR. 3792 DEVTOOLS: SECURITY: Change method of linking with sendmail utility 3793 libraries to work around the AIX 4.X and SunOS 4.X linker's 3794 overloaded -L option. Problem noted by Valdis Kletnieks of 3795 Virginia Tech. 3796 DEVTOOLS: configure.sh was overriding the user's choice for 3797 confNROFF. Problem noted by Glenn A. Malling of Syracuse 3798 University. 3799 DEVTOOLS: New variables conf_prog_LIB_POST and confBLDVARIANT added 3800 for other internal projects but included in the open source 3801 release. 3802 LIBSMDB: Check for ".db" instead of simply "db" at the end of the 3803 map name to determine whether or not to add the extension. 3804 This fixes makemap when building the userdb file. Problem 3805 noted by Andrew J Cole of the University of Leeds. 3806 LIBSMDB: Allow a database to be opened for updating and created if 3807 it doesn't already exist. Problem noted by Rand Wacker of 3808 Sendmail. 3809 LIBSMDB: If type is SMDB_TYPE_DEFAULT and both NEWDB and NDBM are 3810 available, fall back to NDBM if NEWDB open fails. This 3811 fixes praliases. Patch from John Beck of Sun Microsystems. 3812 LIBSMUTIL: safefile()'s SFF_NOTEXCL check was being misinterpreted 3813 as SFF_NOWRFILES. 3814 OP.ME: Clarify some issues regarding mailer flags. Suggested by 3815 Martin Mokrejs of The Charles University and Neil Rickert of 3816 Northern Illinois University. 3817 PRALIASES: Restore 8.9.X functionality of being able to search for 3818 particular keys in a database by specifying the keys on the 3819 command line. Man page updated accordingly. Patch from 3820 John Beck of Sun Microsystems. 3821 VACATION: SunOS 4.X portability from Charles Levert of Ecole 3822 Polytechnique de Montreal. 3823 VACATION: Fix -t option which is ignored but available for 3824 compatibility with Sun's version, based on patch from 3825 Volker Dobler of Infratest Burke. 3826 Added Files: 3827 devtools/M4/UNIX/smlib.m4 3828 devtools/OS/OSF1.V5.0 3829 Deleted Files: 3830 contrib/converting.sun.configs 3831 Deleted Directories (already done in 8.10.0 but not listed): 3832 doc/intro 3833 doc/usenix 3834 doc/changes 3835 38368.10.0/8.10.0 2000/03/01 3837 ************************************************************* 3838 * The engineering department at Sendmail, Inc. has suffered * 3839 * the tragic loss of a key member of our engineering team. * 3840 * Julie Van Bourg was the Vice President of Engineering * 3841 * at Sendmail, Inc. during the development and deployment * 3842 * of this release. It was her vision, dedication, and * 3843 * support that has made this release a success. Julie died * 3844 * on October 26, 1999 of cancer. We have lost a leader, a * 3845 * coach, and a friend. * 3846 * * 3847 * This release is dedicated to her memory and to the joy, * 3848 * strength, ideals, and hope that she brought to all of us. * 3849 * Julie, we miss you! * 3850 ************************************************************* 3851 SECURITY: The safe file checks now back track through symbolic 3852 links to make sure the files can't be compromised due 3853 to poor permissions on the parent directories of the 3854 symbolic link target. 3855 SECURITY: Only root, TrustedUser, and users in class t can rebuild 3856 the alias map. Problem noted by Michal Zalewski of the 3857 "Internet for Schools" project (IdS). 3858 SECURITY: There is a potential for a denial of service attack if 3859 the AutoRebuildAliases option is set as a user can kill the 3860 sendmail process while it is rebuilding the aliases file 3861 (leaving it in an inconsistent state). This option and 3862 its use is deprecated and will be removed from a future 3863 version of sendmail. 3864 SECURITY: Make sure all file descriptors (besides stdin, stdout, and 3865 stderr) are closed before restarting sendmail. Problem noted 3866 by Michal Zalewski of the "Internet for Schools" project 3867 (IdS). 3868 Begin using /etc/mail/ for sendmail related files. This affects 3869 a large number of files. See cf/README for more details. 3870 The directory structure of the distribution has changed slightly 3871 for easier code sharing among the programs. 3872 Support SMTP AUTH (see RFC 2554). New macros for this purpose 3873 are ${auth_authen}, ${auth_type}, and ${auth_author} 3874 which hold the client's authentication credentials, 3875 the mechanism used for authentication, and the 3876 authorization identity (i.e., the AUTH= parameter if 3877 supplied). Based on code contributed by Tim Martin of CMU. 3878 On systems which use the Torek stdio library (all of the BSD 3879 distributions), use memory-buffered files to reduce 3880 file system overhead by not creating temporary files on 3881 disk. Contributed by Exactis.com, Inc. 3882 New option DataFileBufferSize to control the maximum size of a 3883 memory-buffered data (df) file before a disk-based file is 3884 used. Contributed by Exactis.com, Inc. 3885 New option XscriptFileBufferSize to control the maximum size of a 3886 memory-buffered transcript (xf) file before a disk-based 3887 file is used. Contributed by Exactis.com, Inc. 3888 sendmail implements RFC 2476 (Message Submission), e.g., it can 3889 now listen on several different ports. Use: 3890 O DaemonPortOptions=Name=MSA, Port=587, M=E 3891 to run a Message Submission Agent (MSA); this is turned 3892 on by default in m4-generated .cf files; it can be turned 3893 off with FEATURE(`no_default_msa'). 3894 The 'XUSR' SMTP command is deprecated. Mail user agents should 3895 begin using RFC 2476 Message Submission for initial user 3896 message submission. XUSR may disappear from a future release. 3897 The new '-G' (relay (gateway) submission) command line option 3898 indicates that the message being submitted from the command 3899 line is for relaying, not initial submission. This means 3900 the message will be rejected if the addresses are not fully 3901 qualified and no canonicalization will be done. Future 3902 releases may even reject improperly formed messages. 3903 The '-U' (initial user submission) command line option is 3904 deprecated and may be removed from a future release. 3905 Mail user agents should begin using '-G' to indicate that 3906 this is a relay submission (the inverse of -U). 3907 The next release of sendmail will assume that any message submitted 3908 from the command line is an initial user submission and act 3909 accordingly. 3910 If sendmail doesn't have enough privileges to run a .forward 3911 program or deliver to file as the owner of that file, the 3912 address is marked as unsafe. This means if RunAsUser is 3913 set, users won't be able to use programs or delivery to 3914 files in their .forward files. Administrators can override 3915 this by setting the DontBlameSendmail option to the new 3916 setting NonRootSafeAddr. 3917 Allow group or world writable directories if the sticky bit is set 3918 on the directory and DontBlameSendmail is set to 3919 TrustStickyBit. Based on patch from Chris Metcalf of 3920 InCert Software. 3921 Prevent logging of unsafe directory paths for non-existent forward 3922 files if the new DontWarnForwardFileInUnsafeDirPath bit is 3923 set in the DontBlameSendmail option. Requested by many. 3924 New Timeout.control option to limit the total time spent satisfying 3925 a control socket request. 3926 New Timeout.resolver options for controlling BIND resolver 3927 settings: 3928 Timeout.resolver.retrans 3929 Sets the resolver's retransmission time interval (in 3930 seconds). Sets both Timeout.resolver.retrans.first 3931 and Timeout.resolver.retrans.normal. 3932 Timeout.resolver.retrans.first 3933 Sets the resolver's retransmission time interval (in 3934 seconds) for the first attempt to deliver a message. 3935 Timeout.resolver.retrans.normal 3936 Sets the resolver's retransmission time interval (in 3937 seconds) for all resolver lookups except the first 3938 delivery attempt. 3939 Timeout.resolver.retry 3940 Sets the number of times to retransmit a resolver 3941 query. Sets both Timeout.resolver.retry.first 3942 and Timeout.resolver.retry.normal. 3943 Timeout.resolver.retry.first 3944 Sets the number of times to retransmit a resolver 3945 query for the first attempt to deliver a message. 3946 Timeout.resolver.retry.normal 3947 Sets the number of times to retransmit a resolver 3948 query for all resolver lookups except the first 3949 delivery attempt. 3950 Contributed by Exactis.com, Inc. 3951 Support multiple queue directories. To use multiple queues, supply 3952 a QueueDirectory option value ending with an asterisk. For 3953 example, /var/spool/mqueue/q* will use all of the 3954 directories or symbolic links to directories beginning with 3955 'q' in /var/spool/mqueue as queue directories. Keep in 3956 mind, the queue directory structure should not be changed 3957 while sendmail is running. Queue runs create a separate 3958 process for running each queue unless the verbose flag is 3959 given on a non-daemon queue run. New items are randomly 3960 assigned to a queue. Contributed by Exactis.com, Inc. 3961 Support different directories for qf, df, and xf queue files; if 3962 subdirectories or symbolic links to directories of those names 3963 exist in the queue directories, they are used for the 3964 corresponding queue files. Keep in mind, the queue 3965 directory structure should not be changed while sendmail is 3966 running. Proposed by Mathias Koerber of Singapore 3967 Telecommunications Ltd. 3968 New queue file naming system which uses a filename guaranteed to be 3969 unique for 60 years. This allows queue IDs to be assigned 3970 without fancy file system locking. Queued items can be 3971 moved between queues easily. Contributed by Exactis.com, 3972 Inc. 3973 Messages which are undeliverable due to temporary address failures 3974 (e.g., DNS failure) will now go to the FallBackMX host, if 3975 set. Contributed by Exactis.com, Inc. 3976 New command line option '-L tag' which sets the identifier used for 3977 syslog. Contributed by Exactis.com, Inc. 3978 QueueSortOrder=Filename will sort the queue by filename. This 3979 avoids opening and reading each queue file when preparing 3980 to run the queue. Contributed by Exactis.com, Inc. 3981 Shared memory counters and microtimers functionality has been 3982 donated by Exactis.com, Inc. 3983 The SCCS ID tags have been replaced with RCS ID tags. 3984 Allow trusted users (those on a T line or in $=t) to set the 3985 QueueDirectory (Q) option without an X-Authentication-Warning: 3986 being added. Suggested by Michael K. Sanders. 3987 IPv6 support based on patches from John Kennedy of Cal State 3988 University, Chico, Motonori Nakamura of Kyoto University, 3989 and John Beck of Sun Microsystems. 3990 In low-disk space situations, where sendmail would previously refuse 3991 connections, still accept them, but only allow ETRN commands. 3992 Suggested by Mathias Koerber of Singapore Telecommunications 3993 Ltd. 3994 The [IPC] builtin mailer now allows delivery to a UNIX domain socket 3995 on systems which support them. This can be used with LMTP 3996 local delivery agents which listen on a named socket. An 3997 example mailer might be: 3998 Mexecmail, P=[IPC], F=lsDFMmnqSXzA5@/:|, E=\r\n, 3999 S=10, R=20/40, T=DNS/RFC822/X-Unix, 4000 A=FILE /var/run/lmtpd 4001 Code contributed by Lyndon Nerenberg of Messaging Direct. 4002 The [TCP] builtin mailer name is now deprecated. Use [IPC] 4003 instead. 4004 The first mailer argument in the [IPC] mailer is now checked for a 4005 legitimate value. Possible values are TCP (for TCP/IP 4006 connections), IPC (which will be deprecated in a future 4007 version), and FILE (for UNIX domain socket delivery). 4008 PrivacyOptions=goaway no longer includes the noetrn and the noreceipts 4009 flags. 4010 PrivacyOptions=nobodyreturn instructs sendmail not to include the 4011 body of the original message on delivery status 4012 notifications. 4013 Don't announce DSN if PrivacyOptions=noreceipts is set. Problem noted 4014 by Dan Bernstein, fix from Robert Harker of Harker Systems. 4015 Accept the SMTP RSET command even when rejecting commands due to TCP 4016 Wrappers or the check_relay ruleset. Problem noted by 4017 Steve Schweinhart of America Online. 4018 Warn if OperatorChars is set multiple times. OperatorChars should 4019 not be set after rulesets are defined. Suggested by 4020 Mitchell Blank Jr of Exec-PC. 4021 Do not report temporary failure on delivery to files. In 4022 interactive delivery mode, this would result in two SMTP 4023 responses after the DATA command. Problem noted by 4024 Nik Conwell of Boston University. 4025 Check file close when mailing to files. Problem noted by Nik 4026 Conwell of Boston University. 4027 Avoid a segmentation fault when using the LDAP map. Patch from 4028 Curtis W. Hillegas of Princeton University. 4029 Always bind to the LDAP server regardless of whether you are using 4030 ldap_open() or ldap_init(). Fix from Raj Kunjithapadam of 4031 @Home Network. 4032 New ruleset trust_auth to determine whether a given AUTH= 4033 parameter of the MAIL command should be trusted. See SMTP 4034 AUTH, cf/README, and doc/op/op.ps. 4035 Allow new named config file rules check_vrfy, check_expn, and 4036 check_etrn for VRFY, EXPN, and ETRN commands, respectively, 4037 similar to check_rcpt etc. 4038 Introduce new macros ${rcpt_mailer}, ${rcpt_host}, ${rcpt_addr}, 4039 ${mail_mailer}, ${mail_host}, ${mail_addr} that hold 4040 the results of parsing the RCPT and MAIL arguments, i.e. 4041 the resolved triplet from $#mailer $@host $:addr. 4042 From Kari Hurtta of the Finnish Meteorological Institute. 4043 New macro ${client_resolve} which holds the result of the resolve 4044 call for ${client_name}: OK, FAIL, FORGED, TEMP. Proposed 4045 by Kari Hurtta of the Finnish Meteorological Institute. 4046 New macros ${dsn_notify}, ${dsn_envid}, and ${dsn_ret} that hold 4047 the corresponding DSN parameter values. Proposed by 4048 Mathias Herberts. 4049 New macro ${msg_size} which holds the value of the SIZE= parameter, 4050 i.e., usually the size of the message (in an ESMTP dialogue), 4051 before the message has been collected, thereafter it holds 4052 the message size as computed by sendmail (and can be used 4053 in check_compat). 4054 The macro ${deliveryMode} now specifies the current delivery mode 4055 sendmail is using instead of the value of the DeliveryMode 4056 option. 4057 New macro ${ntries} holds the number of delivery attempts. 4058 Drop explicit From: if same as what would be generated only if it is 4059 a local address. From Motonori Nakamura of Kyoto University. 4060 Write pid to file also if sendmail only processes the queue. 4061 Proposed by Roy J. Mongiovi of Georgia Tech. 4062 Log "low on disk space" only when necessary. 4063 New macro ${load_avg} can be used to check the current load average. 4064 Suggested by Scott Gifford of The Internet Ramp. 4065 Return-Receipt-To: header implies DSN request if option RrtImpliesDsn 4066 is set. 4067 Flag -S for maps to specify the character which is substituted 4068 for spaces (instead of the default given by O BlankSub). 4069 Flag -D for maps: perform no lookup in deferred delivery mode. 4070 This flag is set by default for the host map. Based on a 4071 proposal from Ian MacPhedran of the University of Saskatchewan. 4072 Open maps only on demand, not at startup. 4073 Log warning about unsupported IP address families. 4074 New option MaxHeadersLength allows to specify a maximum length 4075 of the sum of all headers. This can be used to prevent 4076 a denial-of-service attack. 4077 New option MaxMimeHeaderLength which limits the size of MIME 4078 headers and parameters within those headers. This option 4079 is intended to protect mail user agents from buffer 4080 overflow attacks. 4081 Added option MaxAliasRecursion to specify the maximum depth of 4082 alias recursion. 4083 New flag F=6 for mailers to strip headers to seven bit. 4084 Map type syslog to log the key via syslogd. 4085 Entries in the alias file can be continued by putting a backslash 4086 directly before the newline. 4087 New option DeadLetterDrop to define the location of the system-wide 4088 dead.letter file, formerly hardcoded to 4089 /usr/tmp/dead.letter. If this option is not set (the 4090 default), sendmail will not attempt to save to a 4091 system-wide dead.letter file if it can not bounce the mail 4092 to the user nor postmaster. Instead, it will rename the qf 4093 file as it has in the past when the dead.letter file 4094 could not be opened. 4095 New option PidFile to define the location of the pid file. The 4096 value of this option is macro expanded. 4097 New option ProcessTitlePrefix specifies a prefix string for the 4098 process title shown in 'ps' listings. 4099 New macros for use with the PidFile and ProcessTitlePrefix options 4100 (along with the already existing macros): 4101 ${daemon_info} Daemon information, e.g. 4102 SMTP+queueing@00:30:00 4103 ${daemon_addr} Daemon address, e.g., 0.0.0.0 4104 ${daemon_family} Daemon family, e.g., inet, inet6, etc. 4105 ${daemon_name} Daemon name, e.g., MSA. 4106 ${daemon_port} Daemon port, e.g., 25 4107 ${queue_interval} Queue run interval, e.g., 00:30:00 4108 New macros especially for virtual hosting: 4109 ${if_name} hostname of interface of incoming connection. 4110 ${if_addr} address of interface of incoming connection. 4111 The latter is only set if the interface does not belong to the 4112 loopback net. 4113 If a message being accepted via a method other than SMTP and 4114 would be rejected by a header check, do not send the message. 4115 Suggested by Phil Homewood of Mincom Pty Ltd. 4116 Don't strip comments for header checks if $>+ is used instead of $>. 4117 Provide header value as quoted string in the macro 4118 ${currHeader} (possibly truncated to MAXNAME). Suggested by 4119 Jan Krueger of Unix-AG of University of Hannover. 4120 The length of the header value is stored in ${hdrlen}. 4121 H*: allows to specify a default ruleset for header checks. This 4122 ruleset will only be called if the individual header does 4123 not have its own ruleset assigned. Suggested by Jan 4124 Krueger of Unix-AG of University of Hannover. 4125 The name of the header field stored in ${hdr_name}. 4126 Comments (i.e., text within parentheses) in rulesets are not 4127 removed if the config file version is greater than or equal 4128 to 9. For example, "R$+ ( 1 ) $@ 1" matches the 4129 input "token (1)" but does not match "token". 4130 Avoid removing the Content-Transfer-Encoding MIME header on 4131 MIME messages. Problem noted by Sigurbjorn B. Larusson of 4132 Multimedia Consumer Services. Fix from Per Hedeland of 4133 Ericsson. 4134 Avoid duplicate Content-Transfer-Encoding MIME header on 4135 messages with 8-bit text in headers. Problem noted by 4136 Per Steinar Iversen of Oslo College. Fix from Per Hedeland 4137 of Ericsson. 4138 Avoid keeping maps locked longer than necessary when re-opening a 4139 modified database map file. Problem noted by Chris Adams 4140 of Renaissance Internet Services. 4141 Resolving to the $#error mailer with a temporary failure code (e.g., 4142 $#error $@ tempfail $: "400 Temporary failure") will now 4143 queue up the message instead of bouncing it. 4144 Be more liberal in acceptable responses to an SMTP RSET command as 4145 standard does not provide any indication of what to do when 4146 something other than 250 is received. Based on a patch 4147 from Steve Schweinhart of America Online. 4148 New option TrustedUser allows to specify a user who can own 4149 important files instead of root. This requires HASFCHOWN. 4150 Fix USERDB conditional so compiling with NEWDB or HESIOD and 4151 setting USERDB=0 works. Fix from Jorg Zanger of Schock. 4152 Fix another instance (similar to one in 8.9.3) of a network failure 4153 being mis-logged as "Illegal Seek" instead of whatever 4154 really went wrong. From John Beck of Sun Microsystems. 4155 $? tests also whether the macro is non-null. 4156 Print an error message if a mailer definition contains an invalid 4157 equate name. 4158 New mailer equate /= to specify a directory to chroot() into before 4159 executing the mailer program. Suggested by Igor Vinokurov. 4160 New mailer equate W= to specify the maximum time to wait for the 4161 mailer to return after sending all data to it. 4162 Only free memory from the process list when adding a new process 4163 into a previously filled slot. Previously, the memory was 4164 freed at removal time. Since removal can happen in a 4165 signal handler, this may leave the memory map in an 4166 inconsistent state. Problem noted by Jeff A. Earickson and 4167 David Cooley of Colby College. 4168 When using the UserDB @hostname catch-all, do not try to lookup 4169 local users in the passwd file. The UserDB code has 4170 already decided the message will be passed to another host 4171 for processing. Fix from Tony Landells of Burdett 4172 Buckeridge Young Limited. 4173 Support LDAP authorization via either a file containing the 4174 password or Kerberos V4 using the new map options 4175 '-ddistinguished_name', '-Mmethod', and '-Pfilename'. The 4176 distinguished_name is who to login as. The method can be 4177 one of LDAP_AUTH_NONE, LDAP_AUTH_SIMPLE, or 4178 LDAP_AUTH_KRBV4. The filename is the file containing the 4179 secret key for LDAP_AUTH_SIMPLE or the name of the Kerberos 4180 ticket file for LDAP_AUTH_KRBV4. Patch from Booker Bense 4181 of Stanford University. 4182 The ldapx map has been renamed to ldap. The use of ldapx is 4183 deprecated and will be removed in a future version. 4184 If the result of an LDAP search returns a multi-valued attribute 4185 and the map has the column delimiter set, it turns that 4186 response into a delimiter separated string. The LDAP map 4187 will traverse multiple entries as well. LDAP alias maps 4188 automatically set the column delimiter to the comma. 4189 Based on patch from Booker Bense of Stanford University and 4190 idea from Philip A. Prindeville of Mirapoint, Inc. 4191 Support return of multiple values for a single LDAP lookup. The 4192 values to be returned should be in a comma separated string. 4193 For example, `-v "email,emailother"'. Patch from 4194 Curtis W. Hillegas of Princeton University. 4195 Allow the use of LDAP for alias maps. 4196 If no LDAP attributes are specified in an LDAP map declaration, all 4197 attributes found in the match will be returned. 4198 Prevent commas in quoted strings in the AliasFile value from 4199 breaking up a single entry into multiple entries. This is 4200 needed for LDAP alias file specifications to allow for 4201 comma separated key and value strings. 4202 Keep connections to LDAP server open instead of opening and closing 4203 for each lookup. To reduce overhead, sendmail will cache 4204 connections such that multiple maps which use the same 4205 host, port, bind DN, and authentication will only result in 4206 a single connection to that host. 4207 Put timeout in the proper place for USE_LDAP_INIT. 4208 Be more careful about checking for errors and freeing memory on 4209 LDAP lookups. 4210 Use asynchronous LDAP searches to save memory and network 4211 resources. 4212 Do not copy LDAP query results if the map's match only flag is set. 4213 Increase portability to the Netscape LDAP libraries. 4214 Change the parsing of the LDAP filter specification. '%s' is still 4215 replaced with the literal contents of the map lookup key -- 4216 note that this means a lookup can be done using the LDAP 4217 special characters. The new '%0' token can be used instead 4218 of '%s' to encode the key buffer according to RFC 2254. 4219 For example, if the LDAP map specification contains '-k 4220 "(user=%s)"' and a lookup is done on "*", this would be 4221 equivalent to '-k "(user=*)"' -- matching ANY record with a 4222 user attribute. Instead, if the LDAP map specification 4223 contains '-k "(user=%0)"' and a lookup is done on "*", this 4224 would be equivalent to '-k "(user=\2A)"' -- matching a user 4225 with the name "*". 4226 New LDAP map flags: "-1" requires a single match to be returned, if 4227 more than one is returned, it is equivalent to no records 4228 being found; "-r never|always|search|find" sets the LDAP 4229 alias dereference option; "-Z size" limits the number of 4230 matches to return. 4231 New option LDAPDefaultSpec allows a default map specification for 4232 LDAP maps. The value should only contain LDAP specific 4233 settings such as "-h host -p port -d bindDN", etc. The 4234 settings will be used for all LDAP maps unless they are 4235 specified in the individual map specification ('K' 4236 command). This option should be set before any LDAP maps 4237 are defined. 4238 Prevent an NDBM alias file opening loop when the NDBM open 4239 continually fails. Fix from Roy J. Mongiovi of Georgia 4240 Tech. 4241 Reduce memory utilization for smaller symbol table entries. In 4242 particular, class entries get much smaller, which can be 4243 important if you have large classes. 4244 On network-related temporary failures, record the hostname which 4245 gave error in the queued status message. Requested by 4246 Ulrich Windl of the Universitat Regensburg. 4247 Add new F=% mailer flag to allow for a store and forward 4248 configuration. Mailers which have this flag will not attempt 4249 delivery on initial receipt of a message or on queue runs 4250 unless the queued message is selected using one of the 4251 -qI/-qR/-qS queue run modifiers or an ETRN request. Code 4252 provided by Philip Guenther of Gustavus Adolphus College. 4253 New option ControlSocketName which, when set, creates a daemon 4254 control socket. This socket allows an external program to 4255 control and query status from the running sendmail daemon 4256 via a named socket, similar to the ctlinnd interface to the 4257 INN news server. Access to this interface is controlled by 4258 the UNIX file permissions on the named socket on most UNIX 4259 systems (see sendmail/README for more information). An 4260 example control program is provided as contrib/smcontrol.pl. 4261 Change the default values of QueueLA from 8 to (8 * numproc) and 4262 RefuseLA from 12 to (12 * numproc) where numproc is the 4263 number of processors online on the system (if that can be 4264 determined). For single processor machines, this change 4265 has no effect. 4266 Don't return body of message to postmaster on "Too many hops" bounces. 4267 Based on fix from Motonori Nakamura of Kyoto University. 4268 Give more detailed DSN descriptions for some cases. Patch from 4269 Motonori Nakamura of Kyoto University. 4270 Logging of alias, forward file, and UserDB expansion now happens 4271 at LogLevel 11 or higher instead of 10 or higher. 4272 Logging of an envelope's complete delivery (the "done" message) now 4273 happens at LogLevel 10 or higher instead of 11 or higher. 4274 Logging of TCP/IP or UNIX standard input connections now happens at 4275 LogLevel 10 or higher. Previously, only TCP/IP connections 4276 were logged, and on at LogLevel 12 or higher. Setting 4277 LogLevel to 10 will now assist users in tracking frequent 4278 connection-based denial of service attacks. 4279 Log basic information about authenticated connections at LogLevel 4280 10 or higher. 4281 Log SMTP Authentication mechanism and author when logging the sender 4282 information (from= syslog line). 4283 Log the DSN code for each recipient if one is available as a new 4284 equate (dsn=). 4285 Macro expand PostmasterCopy and DoubleBounceAddress options. 4286 New "ph" map for performing ph queries in rulesets, see 4287 sendmail/README for details. Contributed by Mark Roth 4288 of the University of Illinois at Urbana-Champaign. 4289 Detect temporary lookup failures in the host map if looking up a 4290 bracketed IP address. Problem noted by Kari Hurtta of the 4291 Finnish Meteorological Institute. 4292 Do not report a Remote-MTA on local deliveries. Problem noted by 4293 Kari Hurtta of the Finnish Meteorological Institute. 4294 When a forward file points to an alias which runs a program, run 4295 the program as the default user and the default group, not 4296 the forward file user. This change also assures the 4297 :include: directives in aliases are also processed using 4298 the default user and group. Problem noted by Sergiu 4299 Popovici of DNT Romania. 4300 Prevent attempts to save a dead.letter file for a user with 4301 no home directory (/no/such/directory). Problem noted by 4302 Michael Brown of Finnigan FT/MS. 4303 Include message delay and number of tries when logging that a 4304 message has been completely delivered (LogLevel of 10 or 4305 above). Suggested by Nick Hilliard of Ireland Online. 4306 Log the sender of a message even if none of the recipients were 4307 accepted. If some of the recipients were rejected, it is 4308 helpful to know the sender of the message. 4309 Check the root directory (/) when checking a path for safety. 4310 Problem noted by John Beck of Sun Microsystems. 4311 Prevent multiple responses to the DATA command if DeliveryMode is 4312 interactive and delivering to an alias which resolves to 4313 multiple files. 4314 Macros in the helpfile are expanded if the helpfile version is 2 or 4315 greater (see below); the help function doesn't print the 4316 version of sendmail any longer, instead it is placed in 4317 the helpfile ($v). Suggested by Chuck Foster of UUNET 4318 PIPEX. Additionally, comment lines (starting with #) are 4319 skipped and a version line (#vers) is introduced. The 4320 helpfile version for 8.10.0 is 2, if no version or an older 4321 version is found, a warning is logged. The '#vers' 4322 directive should be placed at the top of the help file. 4323 Use fsync() when delivering to a file to guarantee the delivery to 4324 disk succeeded. Suggested by Nick Christenson. 4325 If delivery to a file is unsuccessful, truncate the file back to its 4326 length before the attempt. 4327 If a forward points to a filename for delivery, change to the 4328 user's uid before checking permissions on the file. This 4329 allows delivery to files on NFS mounted directories where 4330 root is remapped to nobody. Problem noted by Harald 4331 Daeubler of Universitaet Ulm. 4332 purgestat and sendmail -bH purge only expired (Timeout.hoststatus) 4333 host status files, not all files. 4334 Any macros stored in the class $={persistentMacros} will be saved 4335 in the queue file for the message and set when delivery 4336 is attempted on the queued item. Suggested by Kyle Jones of 4337 Wonderworks Inc. 4338 Add support for storing information between rulesets using the new 4339 macro map class. This can be used to store information 4340 between queue runs as well using $={persistentMacros}. 4341 Based on an idea from Jan Krueger of Unix-AG of University 4342 of Hannover. 4343 New map class arith to allow for computations in rules. The 4344 operation (+, -, *, /, l (for less than), and =) is given 4345 as key. The two operands are specified as arguments; the 4346 lookup returns the result of the computation. For example, 4347 "$(arith l $@ 4 $@ 2 $)" will return "FALSE" and 4348 "$(arith + $@ 4 $@ 2 $)" will return "6". 4349 Add new syntax for header declarations which decide whether to 4350 include the header based on a macro rather than a mailer 4351 flag: 4352 H?${MyMacro}?X-My-Header: ${MyMacro} 4353 This should be used along with $={persistentMacros}. 4354 It can be used for adding headers to a message based on 4355 the results of check_* and header check rulesets. 4356 Allow new named config file rule check_eoh which is called after 4357 all of the headers have been collected. The input to the 4358 ruleset the number of headers and the size of all of the 4359 headers in bytes separated by $|. This ruleset along with 4360 the macro storage map can be used to correlate information 4361 gathered between headers and to check for missing headers. 4362 See cf/README or doc/op/op.ps for an example. 4363 Change the default for the MeToo option to True to correspond 4364 to the clarification in the DRUMS SMTP Update spec. This 4365 option is deprecated and will be removed from a future 4366 version. 4367 Change the sendmail binary default for SendMimeErrors to True. 4368 Change the sendmail binary default for SuperSafe to True. 4369 Display ruleset names in debug and address test mode output 4370 if referencing a named ruleset. 4371 New mailer equate m= which will limit the number of messages 4372 delivered per connection on an SMTP or LMTP mailer. 4373 Improve QueueSortOrder=Host by reversing the hostname before 4374 using it to sort. Now all the same domains are really run 4375 through the queue together. If they have the same MX host, 4376 then they will have a much better opportunity to use the 4377 connection cache if available. This should be a reasonable 4378 performance improvement. Patch from Randall Winchester of 4379 the University of Maryland. 4380 If a message is rejected by a header check ruleset, log who would 4381 have received the message if it had not been rejected. 4382 New "now" value for Timeout.queuereturn to bounce entries from the 4383 queue immediately. No delivery attempt is made. 4384 Increase sleeping time exponentially after too many "bad" commands 4385 up to 4 minutes delay (compare MAX{BAD,NOOP,HELO,VRFY,ETRN}- 4386 COMMANDS). 4387 New option ClientPortOptions similar to DaemonPortOptions 4388 but for outgoing connections. 4389 New suboptions for DaemonPortOptions: Name (a name used for 4390 error messages and logging) and Modifiers, i.e. 4391 a require authentication 4392 b bind to interface through which mail has 4393 been received 4394 c perform hostname canonification 4395 f require fully qualified hostname 4396 h use name of interface for outgoing HELO 4397 command 4398 C don't perform hostname canonification 4399 E disallow ETRN (see RFC 2476) 4400 New suboption for ClientPortOptions: Modifiers, i.e. 4401 h use name of interface for HELO command 4402 The version number for queue files (qf) has been incremented to 4. 4403 Log unacceptable HELO/EHLO domain name attempts if LogLevel is set 4404 to 10 or higher. Suggested by Rick Troxel of the National 4405 Institutes of Health. 4406 If a mailer dies, print the status in decimal instead of octal 4407 format. Suggested by Michael Shapiro of Sun Microsystems. 4408 Limit the length of all MX records considered for delivery to 8k. 4409 Move message priority from sender to recipient logging. Suggested by 4410 Ulrich Windl of the Universitat Regensburg. 4411 Add support for Berkeley DB 3.X. 4412 Add fix for Berkeley DB 2.X fcntl() locking race condition. 4413 Requires a post-2.7.5 version of Berkeley DB. 4414 Support writing traffic log (sendmail -X option) to a FIFO. 4415 Patch submitted by Rick Heaton of Network Associates, Inc. 4416 Do not ignore Timeout settings in the .cf file when a Timeout 4417 sub-options is set on the command line. Problem noted by 4418 Graeme Hewson of Oracle. 4419 Randomize equal preference MX records each time delivery is 4420 attempted via a new connection to a host instead of once per 4421 session. Suggested by Scott Salvidio of Compaq. 4422 Implement enhanced status codes as defined by RFC 2034. 4423 Add [hostname] to class w for the names of all interfaces unless 4424 DontProbeInterfaces is set. This is useful for sending mails 4425 to hosts which have dynamically assigned names. 4426 If a message is bounced due to bad MIME conformance, avoid bouncing 4427 the bounce for the same reason. If the body is not 8-bit 4428 clean, and EightBitMode isn't set to pass8, the body will 4429 not be included in the bounce. Problem noted by Valdis 4430 Kletnieks of Virginia Tech. 4431 The timeout for sending a message via SMTP has been changed from 4432 '${msgsize} / 16 + (${nrcpts} * 300)' to a timeout which 4433 simply checks for progress on sending data every 5 minutes. 4434 This will detect the inability to send information quicker 4435 and reduce the number of processes simply waiting to 4436 timeout. 4437 Prevent a segmentation fault on systems which give a partial filled 4438 interface address structure when loading the system network 4439 interface addresses. Fix from Reinier Bezuidenhout of 4440 Nanoteq. 4441 Add a compile-time configuration macro, MAXINTERFACES, which 4442 indicates the number of interfaces to read when probing 4443 for hostnames and IP addresses for class w ($=w). The 4444 default value is 512. Based on idea from Reinier 4445 Bezuidenhout of Nanoteq. 4446 If the RefuseLA option is set to 0, do not reject connections based 4447 on load average. 4448 Allow ruleset 0 to have a name. Problem noted by Neil Rickert of 4449 Northern Illinois University. 4450 Expand the Return-Path: header at delivery time, after "owner-" 4451 envelope splitting has occurred. 4452 Don't try to sort the queue if there are no entries. Patch from 4453 Luke Mewburn from RMIT University. 4454 Add a "/quit" command to address test mode. 4455 Include the proper sender in the UNIX "From " line and Return-Path: 4456 header when undeliverable mail is saved to ~/dead.letter. 4457 Problem noted by Kari Hurtta of the Finnish Meteorological 4458 Institute. 4459 The contents of a class can now be copied to another class using 4460 the syntax: "C{Dest} $={Source}". This would copy all of 4461 the items in class $={Source} into the class $={Dest}. 4462 Include original envelope's error transcript in bounces created for 4463 split (owner-) envelopes to see the original errors when 4464 the recipients were added. Based on fix from Motonori 4465 Nakamura of Kyoto University. 4466 Show reason for permanent delivery errors directly after the 4467 addresses. From Motonori Nakamura of Kyoto University. 4468 Prevent a segmentation fault when bouncing a split-envelope 4469 message. Patch from Motonori Nakamura of Kyoto University. 4470 If the specification for the queue run interval (-q###) has a 4471 syntax error, consider the error fatal and exit. 4472 Pay attention to CheckpointInterval during LMTP delivery. Problem 4473 noted by Motonori Nakamura of Kyoto University. 4474 On operating systems which have setlogin(2), use it to set the 4475 login name to the RunAsUserName when starting as a daemon. 4476 This is for delivery to programs which use getlogin(). 4477 Based on fix from Motonori Nakamura of Kyoto University. 4478 Differentiate between "command not implemented" and "command 4479 unrecognized" in the SMTP dialogue. 4480 Strip returns from forward and include files. Problem noted by 4481 Allan E Johannesen of Worcester Polytechnic Institute. 4482 Prevent a core dump when using 'sendmail -bv' on an address which 4483 resolves to the $#error mailer with a temporary failure. 4484 Based on fix from Neil Rickert of Northern Illinois 4485 University. 4486 Prevent multiple deliveries of a message with a "non-local alias" 4487 pointing to a local user, if canonicalization fails 4488 the message was requeued *and* delivered to the alias. 4489 If an invalid ruleset is declared, the ruleset name could be 4490 ignored and its rules added to S0. Instead, ignore the 4491 ruleset lines as well. 4492 Avoid incorrect Final-Recipient, Action, and X-Actual-Recipient 4493 success DSN fields as well as duplicate entries for a 4494 single address due to S5 and UserDB processing. Problems 4495 noted by Kari Hurtta of the Finnish Meteorological 4496 Institute. 4497 Turn off timeouts when exiting sendmail due to an interrupt signal 4498 to prevent the timeout from firing during the exit process. 4499 Problem noted by Michael Shapiro of Sun Microsystems. 4500 Do not append @MyHostName to non-RFC822 addresses output by the EXPN 4501 command or on Final-Recipient: and X-Actual-Recipient: DSN 4502 headers. Non-RFC822 addresses include deliveries to 4503 programs, file, DECnet, etc. 4504 Fix logic for determining if a local user is using -f or -bs to 4505 spoof their return address. Based on idea from Neil Rickert 4506 of Northern Illinois University and patch from Per Hedeland 4507 of Ericsson. 4508 Report the proper UID in the bounce message if an :include: file is 4509 owned by a uid that doesn't map to a username and the 4510 :include: file contains delivery to a file or program. 4511 Problem noted by John Beck of Sun Microsystems. 4512 Avoid the attempt of trying to send a second SMTP QUIT command if 4513 the remote server responds to the first QUIT with a 4xx 4514 response code and drops the connection. This behavior was 4515 noted by Ulrich Windl of the Universitat Regensburg when 4516 sendmail was talking to the Mercury 1.43 MTA. 4517 If a hostname lookup times out and ServiceSwitchFile is set but the 4518 file is not present, the lookup failure would be marked as 4519 a permanent failure instead of a temporary failure. Fix 4520 from Russell King of the ARM Linux Project. 4521 Handle aliases or forwards which deliver to programs using tabs 4522 instead of spaces between arguments. Problem noted by Randy 4523 Wormser. Fix from Neil Rickert of Northern Illinois 4524 University. 4525 Allow MaxRecipientsPerMessage option to be set on the command line 4526 by normal users (e.g., sendmail won't drop its root 4527 privileges) to allow overrides for message submission via 4528 'sendmail -bs'. 4529 Set the names for help file and statistics file to "helpfile" and 4530 "statistics", respectively, if no parameters are given for 4531 them in the .cf file. 4532 Avoid bogus 'errbody: I/O Error -7' log messages when sending 4533 success DSN messages for messages relayed to non-DSN aware 4534 systems. Problem noted by Juergen Georgi of RUS University 4535 of Stuttgart and Kyle Tucker of Parexel International. 4536 Prevent +detail information from interfering with local delivery to 4537 multiple users in the same transaction (F=m). 4538 Add H_FORCE flag for the X-Authentication-Warning: header, so it 4539 will be added even if one already exists. Problem noted 4540 by Michal Zalewski of Marchew Industries. 4541 Stop processing SMTP commands if the SMTP connection is dropped. 4542 This prevents a remote system from flooding the connection 4543 with commands and then disconnecting. Previously, the 4544 server would process all of the buffered commands. Problem 4545 noted by Michal Zalewski of Marchew Industries. 4546 Properly process user-supplied headers beginning with '?'. Problem 4547 noted by Michal Zalewski of Marchew Industries. 4548 If multiple header checks resolve to the $#error mailer, use the 4549 last permanent (5XX) failure if any exist. Otherwise, use 4550 the last temporary (4XX) failure. 4551 RFC 1891 requires "hexchar" in a "xtext" to be upper case. Patch 4552 from Ronald F. Guilmette of Infinite Monkeys & Co. 4553 Timeout.ident now defaults to 5 seconds instead of 30 seconds to 4554 prevent the now common delays associated with mailing to a 4555 site which drops IDENT packets. Suggested by many. 4556 Persistent host status data is not reloaded disk when current data 4557 is available in the in-memory cache. Problem noted by Per 4558 Hedeland of Ericsson. 4559 mailq displays unprintable characters in addresses as their octal 4560 representation and a leading backslash. This avoids problems 4561 with "unprintable" characters. Problem noted by Michal 4562 Zalewski of the "Internet for Schools" project (IdS). 4563 The mail line length limit (L= equate) was adding the '!' indicator 4564 one character past the limit. This would cause subsequent 4565 hops to break the line again. The '!' is now placed in 4566 the last column of the limit if the line needs to be broken. 4567 Problem noted by Joe Pruett of Q7 Enterprises. Based on fix 4568 from Per Hedeland of Ericsson. 4569 If a resolver ANY query is larger than the UDP packet size, the 4570 resolver will fall back to TCP. However, some 4571 misconfigured firewalls black 53/TCP so the ANY lookup 4572 fails whereas an MX or A record might succeed. Therefore, 4573 don't fail on ANY queries. 4574 If an SMTP recipient is rejected due to syntax errors in the 4575 address, do not send an empty postmaster notification DSN 4576 to the postmaster. Problem noted by Neil Rickert of 4577 Northern Illinois University. 4578 Allow '_' and '.' in map names when parsing a sequence map 4579 specification. Patch from William Setzer of North Carolina 4580 State University. 4581 Fix hostname in logging of read timeouts for the QUIT command on 4582 cached connections. Problem noted by Neil Rickert of 4583 Northern Illinois University. 4584 Use a more descriptive entry to log "null" connections, i.e., 4585 "host did not issue MAIL/EXPN/VRFY/ETRN during connection". 4586 Fix a file descriptor leak in ONEX mode. 4587 Portability: 4588 Reverse signal handling logic such that sigaction(2) with 4589 the SA_RESTART flag is the preferred method and the 4590 other signal methods are only tried if SA_RESTART 4591 is not available. Problem noted by Allan E 4592 Johannesen of Worcester Polytechnic Institute. 4593 AIX 4.x supports the sa_len member of struct sockaddr. 4594 This allows network interface probing to work 4595 properly. Fix from David Bronder of the 4596 University of Iowa. 4597 AIX 4.3 has snprintf() support. 4598 Use "PPC" as the architecture name when building under 4599 AIX. This will be reflected in the obj.* directory 4600 name. 4601 Apple Darwin support based on Apple Rhapsody port. 4602 Fixed AIX 'make depend' method from Valdis Kletnieks of 4603 Virginia Tech. 4604 Digital UNIX has uname(2). 4605 GNU Hurd updates from Mark Kettenis of the University of 4606 Amsterdam. 4607 Improved HPUX 11.0 portability. 4608 Properly determine the number of CPUs on FreeBSD 2.X, 4609 FreeBSD 3.X, HP/UX 10.X and HP/UX 11.X. 4610 Remove special IRIX ABI cases from Build script and the OS 4611 files. Use the standard 'cc' options used by SGI 4612 in building the operating system. Users can 4613 override the defaults by setting confCC and 4614 confLIBSEARCHPATH appropriately. 4615 IRIX nsd map support from Bob Mende of SGI. 4616 Minor devtools fixes for IRIX from Bob Mende of SGI. 4617 Linux patch for IP_SRCROUTE support from Joerg Dorchain 4618 of MW EDV & ELECTRONIC. 4619 Linux now uses /usr/sbin for confEBINDIR in the build 4620 system. From MATSUURA Takanori of Osaka University. 4621 Remove special treatment for Linux PPC in the build 4622 system. From MATSUURA Takanori of Osaka University. 4623 Motorolla UNIX SYSTEM V/88 Release 4.0 support from 4624 Sergey Rusanov of the Republic of Udmurtia. 4625 NCR MP-RAS 3.x includes regular expression support. From 4626 Tom J. Moore of NCR. 4627 NEC EWS-UX/V series settings for _PATH_VENDOR_CF and 4628 _PATH_SENDMAILPID from Oota Toshiya of 4629 NEC Computers Group Planning Division. 4630 Minor NetBSD owner/group tweaks from Ayamura Kikuchi, M.D. 4631 NEWS-OS 6.X listed SYSLOG_BUFSIZE as 256 in confENVDEF and 4632 1024 in conf.h. Since confENVDEF would be used, 4633 use that value in conf.h. 4634 Use NeXT's NETINFO to get domain name. From Gerd Knops of 4635 BITart Consulting. 4636 Use NeXT's NETINFO for alias and hostname resolution if 4637 AUTO_NETINFO_ALIASES and AUTO_NETINFO_HOSTS are 4638 defined. Patch from Wilfredo Sanchez of Apple 4639 Computer, Inc. 4640 NeXT portability tweaks. Problems reported by Dragan 4641 Milicic of the University of Utah and J. P. McCann 4642 of E I A. 4643 New compile flag FAST_PID_RECYCLE: set this if your system 4644 can reuse the same PID in the same second. 4645 New compile flag HASFCHOWN: set this if your OS has 4646 fchown(2). 4647 New compile flag HASRANDOM: set this to 0 if your OS does 4648 not have random(3). rand() will be used instead. 4649 New compile flag HASSRANDOMDEV: set this if your OS has 4650 srandomdev(3). 4651 New compile flag HASSETLOGIN: set this if your OS has 4652 setlogin(2). 4653 Replace SINIX and ReliantUNIX support with version 4654 specific SINIX files. From Gerald Rinske of 4655 Siemens Business Services. 4656 Use the 60-second load average instead of the 5 second load 4657 average on Compaq Tru64 UNIX (formerly Digital 4658 UNIX). From Chris Teakle of the University of Qld. 4659 Use ANSI C by default for Compaq Tru64 UNIX. Suggested by 4660 Randall Winchester of Swales Aerospace. 4661 Correct setgroups() prototype for Compaq Tru64 UNIX. 4662 Problem noted by Randall Winchester of Swales 4663 Aerospace. 4664 Hitachi 3050R/3050RX and 3500 Workstations running 4665 HI-UX/WE2 4.02, 6.10 and 7.10 from Motonori 4666 NAKAMURA of Kyoto University. 4667 New compile flag NO_GETSERVBYNAME: set this to disable 4668 use of getservbyname() on systems which can 4669 not lookup a service by name over NIS, such as 4670 HI-UX. Patch from Motonori NAKAMURA of Kyoto 4671 University. 4672 Use devtools/bin/install.sh on SCO 5.x. Problem noted 4673 by Sun Wenbing of the China Engineering and 4674 Technology Information Network. 4675 make depend didn't work properly on UNIXWARE 4.2. Problem 4676 noted by Ariel Malik of Netology, Ltd. 4677 Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 4678 Set confSTDIO_TYPE to torek for BSD-OS, FreeBSD, NetBSD, 4679 and OpenBSD. 4680 A recent Compaq Ultrix 4.5 Y2K patch has broken detection 4681 of local_hostname_length(). See sendmail/README 4682 for more details. Problem noted by Allan E 4683 Johannesen of Worcester Polytechnic Institute. 4684 CONFIG: Begin using /etc/mail/ for sendmail related files. This 4685 affects a large number of files. See cf/README for more 4686 details. 4687 CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including 4688 trailing slash) for the mail settings directory. 4689 CONFIG: Increment version number of config file to 9. 4690 CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been 4691 deprecated and may be removed from a future release. 4692 BSD/OS users should begin using OSTYPE(`bsdi'). 4693 CONFIG: OpenBSD 2.4 installs mail.local non-set-user-ID root. This 4694 requires a new OSTYPE(`openbsd'). From Todd C. Miller of 4695 Courtesan Consulting. 4696 CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X. 4697 CONFIG: A syntax error in check_mail would cause fake top-level 4698 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to 4699 be improperly rejected as unresolvable. 4700 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of 4701 DNS server, rejection message) and can be included 4702 multiple times. 4703 CONFIG: New FEATURE(`relay_mail_from') allows relaying if the 4704 mail sender is listed as RELAY in the access map (and tagged 4705 with From:). 4706 CONFIG: Optional tagging of LHS in the access map (Connect:, 4707 From:, To:) to enable finer control. 4708 CONFIG: New FEATURE(`ldap_routing') implements LDAP address 4709 routing. See cf/README for a complete description of the 4710 new functionality. 4711 CONFIG: New variables for the new sendmail options: 4712 confAUTH_MECHANISMS AuthMechanisms 4713 confAUTH_OPTIONS AuthOptions 4714 confCLIENT_OPTIONS ClientPortOptions 4715 confCONTROL_SOCKET_NAME ControlSocketName 4716 confDEAD_LETTER_DROP DeadLetterDrop 4717 confDEF_AUTH_INFO DefaultAuthInfo 4718 confDF_BUFFER_SIZE DataFileBufferSize 4719 confLDAP_DEFAULT_SPEC LDAPDefaultSpec 4720 confMAX_ALIAS_RECURSION MaxAliasRecursion 4721 confMAX_HEADERS_LENGTH MaxHeadersLength 4722 confMAX_MIME_HEADER_LENGTH MaxMimeHeaderLength 4723 confPID_FILE PidFile 4724 confPROCESS_TITLE_PREFIX ProcessTitlePrefix 4725 confRRT_IMPLIES_DSN RrtImpliesDsn 4726 confTO_CONTROL Timeout.control 4727 confTO_RESOLVER_RETRANS Timeout.resolver.retrans 4728 confTO_RESOLVER_RETRANS_FIRST Timeout.resolver.retrans.first 4729 confTO_RESOLVER_RETRANS_NORMAL Timeout.resolver.retrans.normal 4730 confTO_RESOLVER_RETRY Timeout.resolver.retry 4731 confTO_RESOLVER_RETRY_FIRST Timeout.resolver.retry.first 4732 confTO_RESOLVER_RETRY_NORMAL Timeout.resolver.retry.normal 4733 confTRUSTED_USER TrustedUser 4734 confXF_BUFFER_SIZE XscriptFileBufferSize 4735 CONFIG: confDAEMON_OPTIONS has been replaced by DAEMON_OPTIONS(), 4736 which takes the options as argument and can be used 4737 multiple times; see cf/README for details. 4738 CONFIG: Add a fifth mailer definition to MAILER(`smtp') called 4739 "dsmtp". This mail provides on-demand delivery using the 4740 F=% mailer flag described above. The "dsmtp" mailer 4741 definition uses the new DSMTP_MAILER_ARGS which defaults 4742 to "IPC $h". 4743 CONFIG: New variables LOCAL_MAILER_MAXMSGS, SMTP_MAILER_MAXMSGS, 4744 and RELAY_MAILER_MAXMSGS for setting the m= equate for the 4745 local, smtp, and relay mailers respectively. 4746 CONFIG: New variable LOCAL_MAILER_DSN_DIAGNOSTIC_CODE for setting 4747 the DSN Diagnostic-Code type for the local mailer. The 4748 value should be changed with care. 4749 CONFIG: FEATURE(`local_lmtp') now sets the DSN Diagnostic-Code type 4750 for the local mailer to the proper value of "SMTP". 4751 CONFIG: All included maps are no longer optional by default; if 4752 there there is a problem with a map, sendmail will 4753 complain. 4754 CONFIG: Removed root from class E; use EXPOSED_USER(`root') 4755 to get the old behavior. Suggested by Joe Pruett 4756 of Q7 Enterprises. 4757 CONFIG: MASQUERADE_EXCEPTION() defines hosts/subdomains which 4758 will not be masqueraded. Proposed by Arne Wichmann 4759 of MPI Saarbruecken, Griff Miller of PGS Tensor, 4760 Jayme Cox of Broderbund Software Inc. 4761 CONFIG: A list of exceptions for FEATURE(`nocanonify') can be 4762 specified by CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, 4763 i.e., a list of domains which are passed to $[ ... $] 4764 for canonification. Based on an idea from Neil Rickert 4765 of Northern Illinois University. 4766 CONFIG: If `canonify_hosts' is specified as parameter for 4767 FEATURE(`nocanonify') then addresses which have only 4768 a hostname, e.g., <user@host>, will be canonified. 4769 CONFIG: If FEATURE(`nocanonify') is turned on, a trailing dot is 4770 nevertheless added to addresses with more than one component 4771 in it. 4772 CONFIG: Canonification is no longer attempted for any host or domain 4773 in class 'P' ($=P). 4774 CONFIG: New class for matching virtusertable entries $={VirtHost} that 4775 can be populated by VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE. 4776 FEATURE(`virtuser_entire_domain') can be used to apply this 4777 class also to entire subdomains. Hosts in this class are 4778 treated as canonical in SCanonify2, i.e., a trailing dot 4779 is added. 4780 CONFIG: If VIRTUSER_DOMAIN() or VIRTUSER_DOMAIN_FILE() are used, 4781 include $={VirtHost} in $=R (hosts allowed to relay). 4782 CONFIG: FEATURE(`generics_entire_domain') can be used to apply the 4783 genericstable also to subdomains of $=G. 4784 CONFIG: Pass "+detail" as %2 for virtusertable lookups. 4785 Patch from Noam Freedman from University of Chicago. 4786 CONFIG: Pass "+detail" as %1 for genericstable lookups. Suggested 4787 by Raymond S Brand of rsbx.net. 4788 CONFIG: Allow @domain in genericstable to override masquerading. 4789 Suggested by Owen Duffy from Owen Duffy & Associates. 4790 CONFIG: LOCAL_DOMAIN() adds entries to class w. Suggested by Steve 4791 Hubert of University of Washington. 4792 CONFIG: OSTYPE(`gnuhurd') has been replaced by OSTYPE(`gnu') as 4793 GNU is now the canonical system name. From Mark 4794 Kettenis of the University of Amsterdam. 4795 CONFIG: OSTYPE(`unixware7') updates from Larry Rosenman. 4796 CONFIG: Do not include '=' in option expansion if there is no value 4797 associated with the option. From Andrew Brown of 4798 Graffiti World Wide, Inc. 4799 CONFIG: Add MAILER(`qpage') to define a new pager mailer. Contributed 4800 by Philip A. Prindeville of Enteka Enterprise Technology 4801 Services. 4802 CONFIG: MAILER(`cyrus') was not preserving case for mail folder 4803 names. Problem noted by Randall Winchester of Swales 4804 Aerospace. 4805 CONFIG: RELAY_MAILER_FLAGS can be used to define additional flags 4806 for the relay mailer. Suggested by Doug Hughes of Auburn 4807 University and Brian Candler. 4808 CONFIG: LOCAL_MAILER_FLAGS now includes 'P' (Add Return-Path: 4809 header) by default. Suggested by Per Hedeland of Ericsson. 4810 CONFIG: Use SMART_HOST for bracketed addresses, e.g., user@[host]. 4811 Suggested by Kari Hurtta of the Finnish Meteorological 4812 Institute. 4813 CONFIG: New macro MODIFY_MAILER_FLAGS to tweak *_MAILER_FLAGS; 4814 i.e., to set, add, or delete flags. 4815 CONFIG: If SMTP AUTH is used then relaying is allowed for any user 4816 who authenticated via a "trusted" mechanism, i.e., one that 4817 is defined via TRUST_AUTH_MECH(`list of mechanisms'). 4818 CONFIG: FEATURE(`delay_checks') delays check_mail and check_relay 4819 after check_rcpt and allows for exceptions from the checks. 4820 CONFIG: Map declarations have been moved into their associated 4821 feature files to allow greater flexibility in use of 4822 sequence maps. Suggested by Per Hedeland of Ericsson. 4823 CONFIG: New macro LOCAL_MAILER_EOL to override the default end of 4824 line string for the local mailer. Requested by Il Oh of 4825 Willamette Industries, Inc. 4826 CONFIG: Route addresses are stripped, i.e., <@a,@b,@c:user@d> is 4827 converted to <user@d> 4828 CONFIG: Reject bogus return address of <@@hostname>, generated by 4829 Sun's older, broken configuration files. 4830 CONFIG: FEATURE(`nullclient') now provides the full rulesets of a 4831 normal configuration, allowing anti-spam checks to be 4832 performed. 4833 CONFIG: Don't return a permanent error (Relaying denied) if 4834 ${client_name} can't be resolved just temporarily. 4835 Suggested by Kari Hurtta of the Finnish Meteorological 4836 Institute. 4837 CONFIG: Change numbered rulesets into named (which still can 4838 be accessed by their numbers). 4839 CONFIG: FEATURE(`nouucp') takes one parameter: reject or nospecial 4840 which describes whether to disallow "!" in the local part 4841 of an address. 4842 CONFIG: Call Local_localaddr from localaddr (S5) which can be used 4843 to rewrite an address from a mailer which has the F=5 flag 4844 set. If the ruleset returns a mailer, the appropriate 4845 action is taken, otherwise the returned tokens are ignored. 4846 CONFIG: cf/ostype/solaris.m4 has been renamed to solaris2.pre5.m4 4847 and cf/ostype/solaris2.m4 is now a copy of solaris2.ml.m4. 4848 The latter is kept around for backward compatibility. 4849 CONFIG: Allow ":D.S.N:" for mailer/virtusertable "error:" entries, 4850 where "D.S.N" is an RFC 1893 compliant error code. 4851 CONFIG: Use /usr/lbin as confEBINDIR for Compaq Tru64 (Digital UNIX). 4852 CONFIG: Remove second space between username and date in UNIX From_ 4853 line. Noted by Allan E Johannesen of Worcester Polytechnic 4854 Institute. 4855 CONFIG: Make sure all of the mailers have complete T= equates. 4856 CONFIG: Extend FEATURE(`local_procmail') so it can now take 4857 arguments overriding the mailer program, arguments, and 4858 mailer definition flags. This makes it possible to use 4859 other programs such as maildrop for local delivery. 4860 CONFIG: Emit warning if FEATURE(`local_lmtp') or 4861 FEATURE(`local_procmail') is given after MAILER(`local'). 4862 Patch from Richard A. Nelson of IBM. 4863 CONFIG: Add SMTP Authentication information to Received: header 4864 default value (confRECEIVED_HEADER). 4865 CONFIG: Remove `l' flag from USENET_MAILER_FLAGS as it is not a 4866 local mailer. Problem noted by Per Hedeland of Ericsson. 4867 CONTRIB: Added bounce-resender.pl from Brian R. Gaeke of the 4868 University of California at Berkeley. 4869 CONTRIB: Added domainmap.m4 from Mark D. Roth of the University of 4870 Illinois at Urbana-Champaign. 4871 CONTRIB: etrn.pl now recognizes bogus host names. Patch from 4872 Bruce Barnett of GE's R&D Lab. 4873 CONTRIB: Patches for re-mqueue.pl by Graeme Hewson of Oracle 4874 Corporation UK. 4875 CONTRIB: Added qtool.pl to assist in managing the queues. 4876 DEVTOOLS: Prevent user environment variables from interfering with 4877 the Build scripts. Problem noted by Ezequiel H. Panepucci of 4878 Yale University. 4879 DEVTOOLS: 'Build -M' will display the obj.* directory which will 4880 be used for building. 4881 DEVTOOLS: 'Build -A' will display the architecture that would be 4882 used for a fresh build. 4883 DEVTOOLS: New variable confRANLIB, set automatically by configure.sh. 4884 DEVTOOLS: New variable confRANLIBOPTS for the options to send to 4885 ranlib. 4886 DEVTOOLS: 'Build -O <path>' will have the object files build in 4887 <path>/obj.*. Suggested by Bryan Costales of Exactis. 4888 DEVTOOLS: New variable confNO_MAN_BUILD which will prevent the 4889 building of the man pages when defined. Suggested by Bryan 4890 Costales. 4891 DEVTOOLS: New variables confNO_HELPFILE_INSTALL and 4892 confNO_STATISTICS_INSTALL which will prevent the 4893 installation of the sendmail helpfile and statistics file 4894 respectively. Suggested by Bryan Costales. 4895 DEVTOOLS: Recognize ReliantUNIX as SINIX. Patch from Gerald Rinske 4896 of Siemens Business Services. 4897 DEVTOOLS: New variable confSTDIO_TYPE which defines the type of 4898 stdio library. The new buffered file I/O depends on the 4899 Torek stdio library. This option can be either portable or 4900 torek. 4901 DEVTOOLS: New variables confSRCADD and confSMSRCADD which 4902 correspond to confOBJADD and confSMOBJADD respectively. 4903 They should contain the C source files for the object files 4904 listed in confOBJADD and confSMOBJADD. These file names 4905 will be passed to the 'make depend' stage of compilation. 4906 DEVTOOLS: New program specific variables for each of the programs 4907 in the sendmail distribution. Each has the form 4908 `conf_prog_ENVDEF', for example, `conf_sendmail_ENVDEF'. 4909 The new variables are conf_prog_ENVDEF, conf_prog_LIBS, 4910 conf_prog_SRCADD, and conf_prog_OBJADD. 4911 DEVTOOLS: Build system redesign. This should have little affect on 4912 building the distribution, but documentation on the changes 4913 are in devtools/README. 4914 DEVTOOLS: Don't allow 'Build -f file' if an object directory already 4915 exists. Suggested by Valdis Kletnieks of Virginia Tech. 4916 DEVTOOLS: Rename confSRCDIR to confSMSRCDIR since it only identifies 4917 the path to the sendmail source directory. confSRCDIR is a 4918 new variable which identifies the root of the source 4919 directories for all of the programs in the distribution. 4920 DEVTOOLS: confSRCDIR and confSMSRCDIR are now determined at Build 4921 time. They can both still be overridden by setting the m4 4922 macro. 4923 DEVTOOLS: confSBINGRP now defaults to bin instead of kmem. 4924 DEVTOOLS: 'Build -Q prefix' uses devtools/Site/prefix.*.m4 for 4925 build configurations, and places objects in obj.prefix.*/. 4926 Complains as 'Build -f file' does for existing object 4927 directories. Suggested by Tom Smith of Digital Equipment 4928 Corporation. 4929 DEVTOOLS: Setting confINSTALL_RAWMAN will install unformatted 4930 manual pages in the directory tree specified by 4931 confMANROOTMAN. 4932 DEVTOOLS: If formatting the manual pages fails, copy in the 4933 preformatted pages from the distribution. The new variable 4934 confCOPY specifies the copying program. 4935 DEVTOOLS: Defining confFORCE_RMAIL will install rmail without 4936 question. Suggested by Terry Lambert of Whistle 4937 Communications. 4938 DEVTOOLS: confSTFILE and confHFFILE can be used to change the names 4939 of the installed statistics and help files, respectively. 4940 DEVTOOLS: Remove spaces in `uname -r` output when determining 4941 operating system identity. Problem noted by Erik 4942 Wachtenheim of Dartmouth College. 4943 DEVTOOLS: New variable confLIBSEARCHPATH to specify the paths that 4944 will be search for the libraries specified in confLIBSEARCH. 4945 Defaults to "/lib /usr/lib /usr/shlib". 4946 DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying 4947 how to strip binaries. These are used by the new 4948 install-strip target. 4949 DEVTOOLS: New config file site.post.m4 which is included after 4950 the others (if it exists). 4951 DEVTOOLS: Change order of LIBS: first product specific libraries 4952 then the default ones. 4953 MAIL.LOCAL: Will not be installed set-user-ID root. To use mail.local 4954 as local delivery agent without LMTP mode, use 4955 MODIFY_MAILER_FLAGS(`LOCAL', `+S') 4956 to set the S flag. 4957 MAIL.LOCAL: Do not reject addresses which would otherwise be 4958 accepted by sendmail. Suggested by Neil Rickert of 4959 Northern Illinois University. 4960 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise 4961 8BITMIME in the LHLO response. Suggested by Kari Hurtta of 4962 the Finnish Meteorological Institute. 4963 MAIL.LOCAL: Add support for the maillock() routines by defining 4964 MAILLOCK when compiling. Also requires linking with 4965 -lmail. Patch from Neil Rickert of Northern Illinois 4966 University. 4967 MAIL.LOCAL: Create a Content-Length: header if CONTENTLENGTH is 4968 defined when compiling. Automatically set for Solaris 2.3 4969 and later. Patch from Neil Rickert of Northern Illinois 4970 University. 4971 MAIL.LOCAL: Move the initialization of the 'notifybiff' address 4972 structure to the beginning of the program. This ensures that 4973 the getservbyname() is done before any seteuid to a possibly 4974 unauthenticated user. If you are using NIS+ and secure RPC 4975 on a Solaris system, this avoids syslog messages such as, 4976 "authdes_refresh: keyserv(1m) is unable to encrypt session 4977 key." Patch from Neil Rickert of Northern Illinois 4978 University. 4979 MAIL.LOCAL: Support group writable mail spool files when MAILGID is 4980 set to the gid to use (-DMAILGID=6) when compiling. 4981 Patch from Neil Rickert of Northern Illinois University. 4982 MAIL.LOCAL: When a mail message included lines longer than 2046 4983 characters (in LMTP mode), mail.local split the incoming 4984 line up into 2046-character output lines (excluding the 4985 newline). If an input line was 2047 characters long 4986 (excluding CR-LF) and the last character was a '.', 4987 mail.local saw it as the end of input, transfered it to the 4988 user mailbox and tried to write an `ok' back to sendmail. 4989 If the message was much longer, both sendmail and 4990 mail.local would deadlock waiting for each other to read 4991 what they have written. Problem noted by Peter Jeremy of 4992 Alcatel Australia Limited. 4993 MAIL.LOCAL: New option -b to return a permanent error instead of a 4994 temporary error if a mailbox exceeds quota. Suggested by 4995 Neil Rickert of Northern Illinois University. 4996 MAIL.LOCAL: The creation of a lockfile is subject to a global 4997 timeout to avoid starvation. 4998 MAIL.LOCAL: Properly parse addresses with multiple quoted 4999 local-parts. Problem noted by Ronald F. Guilmette of 5000 Infinite Monkeys & Co. 5001 MAIL.LOCAL: NCR MP/RAS 3.X portability from Tom J. Moore of NCR. 5002 MAILSTATS: New -p option to invoke program mode in which stats are 5003 printed in a machine readable fashion and the stats file 5004 is reset. Patch from Kevin Hildebrand of the University 5005 of Maryland. 5006 MAKEMAP: If running as root, automatically change the ownership of 5007 generated maps to the TrustedUser as specified in the 5008 sendmail configuration file. 5009 MAKEMAP: New -C option to accept an alternate sendmail 5010 configuration file to use for finding the TrustedUser 5011 option. 5012 MAKEMAP: New -u option to dump (unmap) a database. Based on 5013 code contributed by Roy Mongiovi of Georgia Tech. 5014 MAKEMAP: New -e option to allow empty values. Suggested by Philip 5015 A. Prindeville of Enteka Enterprise Technology Services. 5016 MAKEMAP: Compile cleanly on 64-bit operating systems. Problem 5017 noted by Gerald Rinske of Siemens Business Services. 5018 OP.ME: Correctly document interaction between F=S and U= mailer 5019 equates. Problem noted by Bob Halley of Internet Engines. 5020 OP.ME: Fixup Timeout documentation. From Graeme Hewson of Oracle 5021 Corporation UK. 5022 OP.ME: The Timeout [r] option was incorrectly listed as "safe" 5023 (e.g., sendmail would not drop root privileges if the 5024 option was specified on the command line). Problem noted 5025 by Todd C. Miller of Courtesan Consulting. 5026 PRALIASES: Handle the hash and btree map specifications for 5027 Berkeley DB. Patch from Brian J. Coan of the 5028 Institute for Global Communications. 5029 PRALIASES: Read the sendmail.cf file for the location(s) of the 5030 alias file(s) if the -f option is not used. Patch from 5031 John Beck of Sun Microsystems. 5032 PRALIASES: New -C option to specify an alternate sendmail 5033 configuration file to use for finding alias file(s). Patch 5034 from John Beck of Sun Microsystems. 5035 SMRSH: allow shell commands echo, exec, and exit. Allow command 5036 lists using || and &&. Based on patch from Brian J. Coan 5037 of the Institute for Global Communications. 5038 SMRSH: Update README for the new Build system. From Tim Pierce 5039 of RootsWeb Genealogical Data Cooperative. 5040 VACATION: Added vacation auto-responder to sendmail distribution. 5041 LIBSMDB: Added abstracted database library. Works with Berkeley 5042 DB 1.85, Berkeley DB 2.X, Berkeley DB 3.X, and NDBM. 5043 Changed Files: 5044 The Build script in the various program subdirectories are 5045 no longer symbolic links. They are now scripts 5046 which execute the actual Build script in 5047 devtools/bin. 5048 All the manual pages are now written against -man and not 5049 -mandoc as they were previously. 5050 Add a simple Makefile to every directory so make instead 5051 of Build will work (unless parameters are 5052 required for Build). 5053 New Directories: 5054 devtools/M4/UNIX 5055 include 5056 libmilter 5057 libsmdb 5058 libsmutil 5059 vacation 5060 Renamed Directories: 5061 BuildTools => devtools 5062 src => sendmail 5063 Deleted Files: 5064 cf/m4/nullrelay.m4 5065 devtools/OS/Linux.ppc 5066 devtools/OS/ReliantUNIX 5067 devtools/OS/SINIX 5068 sendmail/ldap_map.h 5069 New Files: 5070 INSTALL 5071 PGPKEYS 5072 cf/cf/generic-linux.cf 5073 cf/cf/generic-linux.mc 5074 cf/feature/delay_checks.m4 5075 cf/feature/dnsbl.m4 5076 cf/feature/generics_entire_domain.m4 5077 cf/feature/no_default_msa.m4 5078 cf/feature/relay_mail_from.m4 5079 cf/feature/virtuser_entire_domain.m4 5080 cf/mailer/qpage.m4 5081 cf/ostype/bsdi.m4 5082 cf/ostype/hpux11.m4 5083 cf/ostype/openbsd.m4 5084 contrib/bounce-resender.pl 5085 contrib/domainmap.m4 5086 contrib/qtool.8 5087 contrib/qtool.pl 5088 devtools/M4/depend/AIX.m4 5089 devtools/M4/list.m4 5090 devtools/M4/string.m4 5091 devtools/M4/subst_ext.m4 5092 devtools/M4/switch.m4 5093 devtools/OS/Darwin 5094 devtools/OS/GNU 5095 devtools/OS/SINIX.5.43 5096 devtools/OS/SINIX.5.44 5097 devtools/OS/m88k 5098 devtools/bin/find_in_path.sh 5099 mail.local/Makefile 5100 mailstats/Makefile 5101 makemap/Makefile 5102 praliases/Makefile 5103 rmail/Makefile 5104 sendmail/Makefile 5105 sendmail/bf.h 5106 sendmail/bf_portable.c 5107 sendmail/bf_portable.h 5108 sendmail/bf_torek.c 5109 sendmail/bf_torek.h 5110 sendmail/shmticklib.c 5111 sendmail/statusd_shm.h 5112 sendmail/timers.c 5113 sendmail/timers.h 5114 smrsh/Makefile 5115 vacation/Makefile 5116 Renamed Files: 5117 cf/ostype/gnuhurd.m4 => cf/ostype/gnu.m4 5118 sendmail/cdefs.h => include/sendmail/cdefs.h 5119 sendmail/sendmail.hf => sendmail/helpfile 5120 sendmail/mailstats.h => include/sendmail/mailstats.h 5121 sendmail/pathnames.h => include/sendmail/pathnames.h 5122 sendmail/safefile.c => libsmutil/safefile.c 5123 sendmail/snprintf.c => libsmutil/snprintf.c 5124 sendmail/useful.h => include/sendmail/useful.h 5125 cf/ostype/solaris2.m4 => cf/ostype/solaris2.pre5.m4 5126 Copied Files: 5127 cf/ostype/solaris2.ml.m4 => cf/ostype/solaris2.m4 5128 51298.9.3/8.9.3 1999/02/04 5130 SECURITY: Limit message headers to a maximum of 32K bytes (total 5131 of all headers in a single message) to prevent a denial of 5132 service attack. This limit will be configurable in 8.10. 5133 Problem noted by Michal Zalewski of the "Internet for 5134 Schools" project (IdS). 5135 Prevent segmentation fault on an LDAP lookup if the LDAP map 5136 was closed due to an earlier failure. Problem noted by 5137 Jeff Wasilko of smoe.org. Fix from Booker Bense of 5138 Stanford University and Per Hedeland of Ericsson. 5139 Preserve the order of the MIME headers in multipart messages 5140 when performing the MIME header length check. This 5141 will allow PGP signatures to function properly. Problem 5142 noted by Lars Hecking of University College, Cork, Ireland. 5143 If ruleset 5 rewrote the local address to an :include: directive, 5144 the delivery would fail with an "aliasing/forwarding loop 5145 broken" error. Problem noted by Eric C Hagberg of Morgan 5146 Stanley. Fix from Per Hedeland of Ericsson. 5147 Allow -T to work for bestmx maps. Fix from Aaron Schrab of 5148 ExecPC Internet Systems. 5149 During the transfer of a message in an SMTP transaction, if a 5150 TCP timeout occurs, the message would be properly queued 5151 for later retry but the failure would be logged as 5152 "Illegal Seek" instead of a timeout. Problem noted by 5153 Piotr Kucharski of the Warsaw School of Economics (SGH) 5154 and Carles Xavier Munyoz Baldo of CTV Internet. 5155 Prevent multiple deliveries on a self-referencing alias if the 5156 F=w mailer flag is not set. Problem noted by Murray S. 5157 Kucherawy of Concentric Network Corporation and Per 5158 Hedeland of Ericsson. 5159 Do not strip empty headers but if there is no value and a 5160 default is defined in sendmail.cf, use the default. 5161 Problem noted by Philip Guenther of Gustavus Adolphus 5162 College and Christopher McCrory of Netus, Inc. 5163 Don't inherit information about the sender (notably the full name) 5164 in SMTP (-bs) mode, since this might be called from inetd. 5165 Accept any 3xx reply code in response to DATA command instead of 5166 requiring 354. This change will match the wording to be 5167 published in the updated SMTP specification from the DRUMS 5168 group of the IETF. 5169 Portability: 5170 AIX 4.2.0 or 4.2.1 may become updated by the fileset 5171 bos.rte.net level 4.2.0.2. This introduces the 5172 softlink /usr/lib/libbind.a which should 5173 not be used. It conflicts with the resolver 5174 built into libc.a. "bind" has been removed 5175 from the confLIBSEARCH BuildTools variable. 5176 Users who have installed BIND 8.X will have 5177 to add it back in their site.config.m4 file. 5178 Problem noted by Ole Holm Nielsen of the 5179 Technical University of Denmark. 5180 CRAY TS 10.0.x from Sven Nielsen of San Diego 5181 Supercomputer Center. 5182 Improved LDAP version 3 integration based on input 5183 from Kurt D. Zeilenga of the OpenLDAP Foundation, 5184 John Beck of Sun Microsystems, and Booker Bense 5185 of Stanford University. 5186 Linux doesn't have a standard way to get the timezone 5187 between different releases. Back out the 5188 change in 8.9.2 and don't attempt to derive 5189 a timezone. Problem reported by Igor S. Livshits 5190 of the University of Illinois at Urbana-Champaign 5191 and Michael Dickens of Tetranet Communications. 5192 Reliant UNIX, the new name for SINIX, from Gert-Jan Looy 5193 of Siemens/SNI. 5194 SunOS 5.8 from John Beck of Sun Microsystems. 5195 CONFIG: SCO UnixWare 2.1 and 7.0 need TZ to get the proper 5196 timezone. Problem noted by Petr Lampa of Technical 5197 University of Brno. 5198 CONFIG: Handle <@bestmx-host:user@otherhost> addressing properly 5199 when using FEATURE(bestmx_is_local). Patch from Neil W. 5200 Rickert of Northern Illinois University. 5201 CONFIG: Properly handle source routed and %-hack addresses on 5202 hosts which the mailertable remaps to local:. Patch from 5203 Neil W. Rickert of Northern Illinois University. 5204 CONFIG: Internal fixup of mailertable local: map value. Patch from 5205 Larry Parmelee of Cornell University. 5206 CONFIG: Only add back +detail from host portion of mailer triplet 5207 on local mailer triplets if it was originally +detail. 5208 Patch from Neil W. Rickert of Northern Illinois University. 5209 CONFIG: The bestmx_is_local checking done in check_rcpt would 5210 cause later checks to fail. Patch from Paul J Murphy of 5211 MIDS Europe. 5212 New Files: 5213 BuildTools/OS/CRAYTS.10.0.x 5214 BuildTools/OS/ReliantUNIX 5215 BuildTools/OS/SunOS.5.8 5216 52178.9.2/8.9.2 1998/12/30 5218 SECURITY: Remove five second sleep on accepting daemon connections 5219 due to an accept() failure. This sleep could be used 5220 for a denial of service attack. 5221 Do not silently ignore queue files with names which are too long. 5222 Patch from Bryan Costales of InfoBeat, Inc. 5223 Do not store failures closing an SMTP session in persistent 5224 host status. Reported by Graeme Hewson of Oracle 5225 Corporation UK. 5226 Allow symbolic link forward files if they are in safe directories. 5227 Problem noted by Andreas Schott of the Max Planck Society. 5228 Missing columns in a text map could cause a segmentation fault. 5229 Fix from David Lee of the University of Durham. 5230 Note that for 8.9.X, PrivacyOptions=goaway also includes the 5231 noetrn flag. This is scheduled to change in a future 5232 version of sendmail. Problem noted by Theo Van Dinter of 5233 Chrysalis Symbolic Designa and Alan Brown of Manawatu 5234 Internet Services. 5235 When trying to do host canonification in a Wildcard MX 5236 environment, try an MX lookup of the hostname without the 5237 default domain appended. Problem noted by Olaf Seibert of 5238 Polderland Language & Speech Technology. 5239 Reject SMTP RCPT To: commands with only comments (i.e. 5240 'RCPT TO: (comment)'. Problem noted by Earle Ake of 5241 Hassler Communication Systems Technology, Inc. 5242 Handle any number of %s in the LDAP filter spec. Patch from 5243 Per Hedeland of Ericsson. 5244 Clear ldapx open timeouts even if the map open failed to prevent 5245 a segmentation fault. Patch from Wayne Knowles of the 5246 National Institute of Water & Atmospheric Research Ltd. 5247 Do not syslog envelope clone messages when using address 5248 verification (-bv). Problem noted by Kari Hurtta of the 5249 Finnish Meteorological Institute. 5250 Continue to perform queue runs while in daemon mode even if the 5251 daemon is rejecting connections due to a disk full 5252 condition. Problem noted by JR Oldroyd of TerraNet 5253 Internet Services. 5254 Include full filename on installation of the sendmail.hf file 5255 in case the $HFDIR directory does not exist. Problem 5256 noted by Josef Svitak of Montana State University. 5257 Close all maps when exiting the process with one exception. 5258 Berkeley DB can use internal shared memory locking for 5259 its memory pool. Closing a map opened by another process 5260 will interfere with the shared memory and locks of the 5261 parent process leaving things in a bad state. For 5262 Berkeley DB, only close the map if the current process 5263 is also the one that opened the map, otherwise only close 5264 the map file descriptor. Thanks to Yoseff Francus of 5265 Collective Technologies for volunteering his system for 5266 extended testing. 5267 Avoid null pointer dereference on XDEBUG output for SMTP reply 5268 failures. Problem noted by Carlos Canau of EUnet Portugal. 5269 On mailq and hoststat listings being piped to another program, such 5270 as more, if the pipe closes (i.e., the user quits more), 5271 stop sending output and exit. Patch from Allan E Johannesen 5272 of Worcester Polytechnic Institute. 5273 In accordance with the documentation, LDAP map lookup failures 5274 are now considered temporary failures instead of permanent 5275 failures unless the -t flag is used in the map definition. 5276 Problem noted by Booker Bense of Stanford University and 5277 Eric C. Hagberg of Morgan Stanley. 5278 Fix by one error reporting on long alias names. Problem noted by 5279 H. Paul Hammann of the Missouri Research and Education 5280 Network. 5281 Fix DontBlameSendmail=IncludeFileInUnsafeDirPath behavior. Problem 5282 noted by Barry S. Finkel of Argonne National Laboratory. 5283 When automatically converting from 8 bit to quoted printable MIME, 5284 be careful not to miss a multi-part boundary if that 5285 boundary is preceded by a boundary-like line. Problem 5286 noted by Andreas Raschle of Ansid Inc. Fix from 5287 Kari Hurtta of the Finnish Meteorological Institute. 5288 Avoid bogus reporting of "LMTP tobuf overflow" when the buffer 5289 has enough space for the additional address. Problem 5290 noted by Steve Cliffe of the University of Wollongong. 5291 Fix DontBlameSendmail=FileDeliveryToSymlink behavior. Problem 5292 noted by Alex Vorobiev of Swarthmore College. 5293 If the check_compat ruleset resolves to the $#discard mailer, 5294 discard the current recipient. Unlike check_relay, 5295 check_mail, and check_rcpt, the entire envelope is not 5296 discarded. Problem noted by RZ D. Rahlfs. Fix from 5297 Claus Assmann of Christian-Albrechts-University of Kiel. 5298 Avoid segmentation fault when reading ServiceSwitchFile files with 5299 bogus formatting. Patch from Kari Hurtta of the Finnish 5300 Meteorological Institute. 5301 Support Berkeley DB 2.6.4 API change. 5302 OP.ME: Pages weren't properly output on duplexed printers. Fix 5303 from Matthew Black of CSU Long Beach. 5304 Portability: 5305 Apple Rhapsody from Wilfredo Sanchez of Apple Computer, Inc. 5306 Avoid a clash with IRIX 6.2 getopt.h and the UserDatabase 5307 option structure. Problem noted by Ashley M. 5308 Kirchner of Photo Craft Laboratories, Inc. 5309 Break out IP address to hostname translation for 5310 reading network interface addresses into 5311 class 'w'. Patch from John Kennedy of 5312 Cal State University, Chico. 5313 AIX 4.x use -qstrict with -O3 to prevent the optimized 5314 from changing the semantics of the compiled 5315 program. From Simon Travaglia of the 5316 University of Waikato, New Zealand. 5317 FreeBSD 2.2.2 and later support setusercontext(). From 5318 Peter Wemm of DIALix. 5319 FreeBSD 3.x fix from Peter Wemm of DIALix. 5320 IRIX 5.x has a syslog buffer size of 512 bytes. From 5321 Nao NINOMIYA of Utsunomiya University. 5322 IRIX 6.5 64-bit Build support. 5323 LDAP Version 3 support from John Beck and Ravi Iyer 5324 of Sun Microsystems. 5325 Linux does not implement seteuid() properly. From 5326 John Kennedy of Cal State University, Chico. 5327 Linux timezone type was set improperly. From Takeshi Itoh 5328 of Bits Co., Ltd. 5329 NCR MP-RAS 3.x needs -lresolv for confLIBS. From 5330 Tom J. Moore of NCR. 5331 NeXT 4.x correction to man page path. From J. P. McCann 5332 of E I A. 5333 System V Rel 5.x (a.k.a UnixWare7 w/o BSD-Compatibility Libs) 5334 from Paul Gampe of the Asia Pacific Network 5335 Information Center. 5336 ULTRIX now requires an optimization limit of 970 from 5337 Allan E Johannesen of Worcester Polytechnic 5338 Institute. 5339 Fix extern declaration for sm_dopr(). Fix from Henk 5340 van Oers of Algemeen Nederlands Persbureau. 5341 CONFIG: Catch @hostname,user@anotherhost.domain as relaying. 5342 Problem noted by Mark Rogov of AirMedia, Inc. Fix from 5343 Claus Assmann of Christian-Albrechts-University of Kiel. 5344 CONFIG: Do not refer to http://maps.vix.com/ on RBL rejections as 5345 there are multiple RBL's available and the MAPS RBL may 5346 not be the one in use. Suggested by Alan Brown of 5347 Manawatu Internet Services. 5348 CONFIG: Properly strip route addresses (i.e., @host1:user@host2) 5349 when stripping down a recipient address to check for 5350 relaying. Patch from Claus Assmann of 5351 Christian-Albrechts-University of Kiel and Neil W Rickert 5352 of Northern Illinois University. 5353 CONFIG: Allow the access database to override RBL lookups. Patch 5354 from Claus Assmann of Christian-Albrechts-University of 5355 Kiel. 5356 CONFIG: UnixWare 7 support from Phillip P. Porch of The Porch 5357 Dot Com. 5358 CONFIG: Fixed check for deferred delivery mode warning. Patch 5359 from Claus Assmann of Christian-Albrechts-University of 5360 Kiel and Per Hedeland of Ericsson. 5361 CONFIG: If a recipient using % addressing is used, e.g. 5362 user%site@othersite, and othersite's MX records are now 5363 checked for local hosts if FEATURE(relay_based_on_MX) is 5364 used. Problem noted by Alexander Litvin of Lucky Net Ltd. 5365 Patch from Alexander Litvin of Lucky Net Ltd and 5366 Claus Assmann of Christian-Albrechts-University of Kiel. 5367 MAIL.LOCAL: Prevent warning messages from appearing in the LMTP 5368 stream. Do not allow more than one response per recipient. 5369 MAIL.LOCAL: Handle routed addresses properly when using LMTP. Fix 5370 from John Beck of Sun Microsystems. 5371 MAIL.LOCAL: Properly check for CRLF when using LMTP. Fix from 5372 John Beck of Sun Microsystems. 5373 MAIL.LOCAL: Substitute MAILER-DAEMON for the LMTP empty sender in 5374 the envelope From header. 5375 MAIL.LOCAL: Accept underscores in hostnames in LMTP mode. 5376 Problem noted by Glenn A. Malling of Syracuse University. 5377 MAILSTATS: Document msgsrej and msgsdis fields in the man page. 5378 Problem noted by Richard Wong of Princeton University. 5379 MAKEMAP: Build group list so group writable files are allowed with 5380 the -s flag. Problem noted by Curt Sampson of Internet 5381 Portal Services, Inc. 5382 PRALIASES: Automatically handle alias files created without the 5383 NULL byte at the end of the key. Patch from John Beck of 5384 Sun Microsystems. 5385 PRALIASES: Support Berkeley DB 2.6.4 API change. 5386 New Files: 5387 BuildTools/OS/IRIX64.6.5 5388 BuildTools/OS/UnixWare.5.i386 5389 cf/ostype/unixware7.m4 5390 contrib/smcontrol.pl 5391 src/control.c 5392 53938.9.1/8.9.1 1998/07/02 5394 If both an OS specific site configuration file and a generic 5395 site.config.m4 file existed, only the latter was used 5396 instead of both. Problem noted by Geir Johannessen of 5397 the Norwegian University of Science and Technology. 5398 Fix segmentation fault while converting 8 bit to 7 bit MIME 5399 multipart messages by trying to write to an unopened 5400 file descriptor. Fix from Kari Hurtta of the Finnish 5401 Meteorological Institute. 5402 Do not assume Message: and Text: headers indicate the end of 5403 the header area when parsing MIME headers. Problem noted 5404 by Kari Hurtta of the Finnish Meteorological Institute. 5405 Setting the confMAN#SRC Build variable would only effect the 5406 installation commands. The man pages would still be 5407 built with .0 extensions. Problem noted by Bryan 5408 Costales of InfoBeat, Inc. 5409 Installation of manual pages didn't honor the DESTDIR environment 5410 variable. Problem noted by Bryan Costales of InfoBeat, Inc. 5411 If the check_relay ruleset resolved to the discard mailer, messages 5412 were still delivered. Problem noted by Mirek Luc of NASK. 5413 Mail delivery to files would fail with an Operating System Error 5414 if sendmail was not running as root, i.e., RunAsUser was set. 5415 Problem noted by Leonard N. Zubkoff of Dandelion Digital. 5416 Prevent MinQueueAge from interfering from queued items created 5417 in the future, i.e., if the system clock was set ahead 5418 and then back. Problem noted by Michael Miller of the 5419 University of Natal, Pietermaritzburg. 5420 Do not advertise ETRN support in ESTMP EHLO reply if noetrn is 5421 set in the PrivacyOptions option. Fix from Ted Rule of 5422 Flextech TV. 5423 Log invalid persistent host status file lines instead of 5424 bouncing the message. Problem noted by David Lindes of 5425 DaveLtd Enterprises. 5426 Move creation of empty sendmail.st file from installation to 5427 compilation. Installation may be done from a read-only 5428 mount. Fix from Bryan Costales of InfoBeat, Inc. and Ric 5429 Anderson of the Oasis Research Center, Inc. 5430 Enforce the maximum number of User Database entries limit. Problem 5431 noted by Gary Buchanan of Credence Systems Inc. 5432 Allow dead.letter files in root's home directory. Problem noted 5433 by Anna Ullman of Sun Microsystems. 5434 Program deliveries in forward files could be marked unsafe if 5435 any directory listed in the ForwardPath option did not 5436 exist. Problem noted by Jorg Bielak of Coastal Web Online. 5437 Do not trust the length of the address structure returned by 5438 gethostbyname(). Problem noted by Chris Evans of Oxford 5439 University. 5440 If the SIZE= MAIL From: ESMTP parameter is too large, use the 5441 5.3.4 DSN status code instead of 5.2.2. Similarly, for 5442 non-local deliveries, if the message is larger than the 5443 mailer maximum message size, use 5.3.4 instead of 5.2.3. 5444 Suggested by Antony Bowesman of 5445 Fujitsu/TeaWARE Mail/MIME System. 5446 Portability: 5447 Fix the check for an IP address reverse lookup for 5448 use in $&{client_name} on 64 bit platforms. 5449 From Gilles Gallot of Institut for Development 5450 and Resources in Intensive Scientific computing. 5451 BSD-OS uses .0 for man page extensions. From Jeff Polk 5452 of BSDI. 5453 DomainOS detection for Build. Also, version 10.4 and later 5454 ship a unistd.h. Fixes from Takanobu Ishimura of 5455 PICT Inc. 5456 NeXT 4.x uses /usr/lib/man/cat for its man pages. From 5457 J. P. McCann of E I A. 5458 SCO 4.X and 5.X include NDBM support. From Vlado Potisk 5459 of TEMPEST, Ltd. 5460 CONFIG: Do not pass spoofed PTR results through resolver for 5461 qualification. Problem noted by Michiel Boland of 5462 Digital Valley Internet Professionals; fix from 5463 Kari Hurtta of the Finnish Meteorological Institute. 5464 CONFIG: Do not try to resolve non-DNS hostnames such as UUCP, 5465 BITNET, and DECNET addresses for resolvable senders. 5466 Problem noted by Alexander Litvin of Lucky Net Ltd. 5467 CONFIG: Work around Sun's broken configuration which sends bounce 5468 messages as coming from @@hostname instead of <>. LMTP 5469 would not accept @@hostname. 5470 OP.ME: Corrections to complex sendmail startup script from Rick 5471 Troxel of the National Institutes of Health. 5472 RMAIL: Do not install rmail by default, require 'make force-install' 5473 as this rmail isn't the same as others. Suggested by 5474 Kari Hurtta of the Finnish Meteorological Institute. 5475 New Files: 5476 BuildTools/OS/DomainOS.10.4 5477 54788.9.0/8.9.0 1998/05/19 5479 SECURITY: To prevent users from reading files not normally 5480 readable, sendmail will no longer open forward, :include:, 5481 class, ErrorHeader, or HelpFile files located in unsafe 5482 (i.e., group or world writable) directory paths. Sites 5483 which need the ability to override security can use the 5484 DontBlameSendmail option. See the README file for more 5485 information. 5486 SECURITY: Problems can occur on poorly managed systems, specifically, 5487 if maps or alias files are in world writable directories. 5488 This fixes the change added to 8.8.6 to prevent links in these 5489 world writable directories. 5490 SECURITY: Make sure ServiceSwitchFile option file is not a link if 5491 it is in a world writable directory. 5492 SECURITY: Never pass a tty to a mailer -- if a mailer can get at the 5493 tty it may be able to push bytes back to the senders input. 5494 Unfortunately this breaks -v mode. Problem noted by 5495 Wietse Venema of the Global Security Analysis Lab at 5496 IBM T.J. Watson Research. 5497 SECURITY: Empty group list if DontInitGroups is set to true to 5498 prevent program deliveries from picking up extra group 5499 privileges. Problem reported by Wolfgang Ley of DFN-CERT. 5500 SECURITY: The default value for DefaultUser is now set to the uid and 5501 gid of the first existing user mailnull, sendmail, or daemon 5502 that has a non-zero uid. If none of these exist, sendmail 5503 reverts back to the old behavior of using uid 1 and gid 1. 5504 This is a security problem for Linux which has chosen that 5505 uid and gid for user bin instead of daemon. If DefaultUser 5506 is set in the configuration file, that value overrides this 5507 default. 5508 SECURITY: Since 8.8.7, the check for non-set-user-ID binaries 5509 interfered with setting an alternate group id for the 5510 RunAsUser option. Problem noted by Randall Winchester of 5511 the University of Maryland. 5512 Add support for Berkeley DB 2.X. Based on patch from John Kennedy 5513 of Cal State University, Chico. 5514 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users 5515 which previously defined OLD_NEWDB=1 must now upgrade to the 5516 current version of Berkeley DB. 5517 Added support for regular expressions using the new map class regex. 5518 From Jan Krueger of Unix-AG of University of Hannover. 5519 Support for BIND 8.1.1's hesiod for hesiod maps and hesiod 5520 UserDatabases from Randall Winchester of the University 5521 of Maryland. 5522 Allow any shell for user shell on program deliveries on V1 5523 configurations for backwards compatibility on machines which 5524 do not have getusershell(). Fix from John Beck of Sun 5525 Microsystems. 5526 On operating systems which change the process title by reusing the 5527 argument vector memory, sendmail could corrupt memory if the 5528 last argument was either "-q" or "-d". Problem noted by 5529 Frank Langbein of the University of Stuttgart. 5530 Support Local Mail Transfer Protocol (LMTP) between sendmail and 5531 mail.local on the F=z flag. 5532 Macro-expand the contents of the ErrMsgFile. Previously this was 5533 only done if you had magic characters (0x81) to indicate 5534 macro expansion. Now $x will be expanded. This means that 5535 real dollar signs have to be backslash escaped. 5536 TCP Wrappers expects "unknown" in the hostname argument if the 5537 reverse DNS lookup for the incoming connection fails. 5538 Problem noted by Randy Grimshaw of Syracuse University and 5539 Wietse Venema of the Global Security Analysis Lab at 5540 IBM T.J. Watson Research. 5541 DSN success bounces generated from an invocation of sendmail -t 5542 would be sent to both the sender and MAILER-DAEMON. 5543 Problem noted by Claus Assmann of 5544 Christian-Albrechts-University of Kiel. 5545 Avoid "Error 0" messages on delivery mailers which exit with a 5546 valid exit value such as EX_NOPERM. Fix from Andreas Luik 5547 of ISA Informationssysteme GmbH. 5548 Tokenize $&x expansions on right hand side of rules. This eliminates 5549 the need to use tricks like $(dequote "" $&{client_name} $) 5550 to cause the ${client_name} macro to be properly tokenized. 5551 Add the MaxRecipientsPerMessage option: this limits the number of 5552 recipients that will be accepted in a single SMTP 5553 transaction. After this number is reached, sendmail 5554 starts returning "452 Too many recipients" to all RCPT 5555 commands. This can be used to limit the number of recipients 5556 per envelope (in particular, to discourage use of the server 5557 for spamming). Note: a better approach is to restrict 5558 relaying entirely. 5559 Fixed pointer initialization for LDAP lmap struct, fixed -s option 5560 to ldapx map and added timeout for ldap_open call to 5561 avoid hanging sendmail in the event of hung LDAP servers. 5562 Patch from Booker Bense of Stanford University. 5563 Allow multiple -qI, -qR, or -qS queue run limiters. For example, 5564 '-qRfoo -qRbar' would deliver mail to recipients with foo or 5565 bar in their address. Patch from Allan E Johannesen of 5566 Worcester Polytechnic Institute. 5567 The bestmx map will now return a list of the MX servers for a host if 5568 passed a column delimiter via the -z map flag. This can be 5569 used to check if the server is an MX server for the recipient 5570 of a message. This can be used to help prevent relaying. 5571 Patch from Mitchell Blank Jr of Exec-PC. 5572 Mark failures for the *file* mailer and return bounce messages to the 5573 sender for those failures. 5574 Prevent bogus syslog timestamps on errors in sendmail.cf by 5575 preserving the TZ environment variable until TimeZoneSpec 5576 has been determined. Problem noted by Ralf Hildebrandt of 5577 Technical University of Braunschweig. Patch from Per Hedeland 5578 of Ericsson. 5579 Print test input in address test mode when input is not from the tty 5580 when the -v flag is given (i.e., sendmail -bt -v) to make 5581 output easier to decipher. Problem noted by Aidan Nichol 5582 of Procter & Gamble. 5583 The LDAP map -s flag was not properly parsed and the error message 5584 given included the remainder of the arguments instead of 5585 solely the argument in error. Problem noted by Aidan Nichol 5586 of Procter & Gamble. 5587 New DontBlameSendmail option. This option allows administrators to 5588 bypass some of sendmail's file security checks at the expense 5589 of system security. This should only be used if you are 5590 absolutely sure you know the consequences. The available 5591 DontBlameSendmail options are: 5592 Safe 5593 AssumeSafeChown 5594 ClassFileInUnsafeDirPath 5595 ErrorHeaderInUnsafeDirPath 5596 GroupWritableDirPathSafe 5597 GroupWritableForwardFileSafe 5598 GroupWritableIncludeFileSafe 5599 GroupWritableAliasFile 5600 HelpFileinUnsafeDirPath 5601 WorldWritableAliasFile 5602 ForwardFileInGroupWritableDirPath 5603 IncludeFileInGroupWritableDirPath 5604 ForwardFileInUnsafeDirPath 5605 IncludeFileInUnsafeDirPath 5606 ForwardFileInUnsafeDirPathSafe 5607 IncludeFileInUnsafeDirPathSafe 5608 MapInUnsafeDirPath 5609 LinkedAliasFileInWritableDir 5610 LinkedClassFileInWritableDir 5611 LinkedForwardFileInWritableDir 5612 LinkedIncludeFileInWritableDir 5613 LinkedMapInWritableDir 5614 LinkedServiceSwitchFileInWritableDir 5615 FileDeliveryToHardLink 5616 FileDeliveryToSymLink 5617 WriteMapToHardLink 5618 WriteMapToSymLink 5619 WriteStatsToHardLink 5620 WriteStatsToSymLink 5621 RunProgramInUnsafeDirPath 5622 RunWritableProgram 5623 New DontProbeInterfaces option to turn off the inclusion of all the 5624 interface names in $=w on startup. In particular, if you 5625 have lots of virtual interfaces, this option will speed up 5626 startup. However, unless you make other arrangements, mail 5627 sent to those addresses will be bounced. 5628 Automatically create alias databases if they don't exist and 5629 AutoRebuildAliases is set. 5630 Add PrivacyOptions=noetrn flag to disable the SMTP ETRN command. 5631 Suggested by Christophe Wolfhugel of the Institut Pasteur. 5632 Add PrivacyOptions=noverb flag to disable the SMTP VERB command. 5633 When determining the client host name ($&{client_name} macro), do 5634 a forward (A) DNS lookup on the result of the PTR lookup 5635 and compare results. If they differ or if the PTR lookup 5636 fails, &{client_name} will contain the IP address 5637 surrounded by square brackets (e.g., [127.0.0.1]). 5638 New map flag: -Tx appends "x" to lookups that return temporary failure 5639 (i.e, it is like -ax for the temporary failure case, in 5640 contrast to the success case). 5641 New syntax to do limited checking of header syntax. A config line 5642 of the form: 5643 HHeader: $>Ruleset 5644 causes the indicated Ruleset to be invoked on the Header 5645 when read. This ruleset works like the check_* rulesets -- 5646 that is, it can reject mail on the basis of the contents. 5647 Limit the size of the HELO/EHLO parameter to prevent spammers 5648 from hiding their connection information in Received: 5649 headers. 5650 When SingleThreadDelivery is active, deliveries to locked hosts 5651 are skipped. This will cause the delivering process to 5652 try the next MX host or queue the message if no other MX 5653 hosts are available. Suggested by Alexander Litvin. 5654 The [FILE] mailer type now delivers to the file specified in the 5655 A= equate of the mailer definition instead of $u. It also 5656 obeys all of the F= mailer flags such as the MIME 5657 7/8 bit conversion flags. This is useful for defining 5658 a mailer which delivers to the same file regardless of the 5659 recipient (e.g., 'A=FILE /dev/null' to discard unwanted mail). 5660 Do not assume the identity of a remote connection is root@localhost 5661 if the remote connection closes the socket before the 5662 remote identity can be queried. 5663 Change semantics of the F=S mailer flag back to 8.7.5 behavior. 5664 Some mailers, including procmail, require that the real 5665 uid is left unchanged by sendmail. Problem noted by Per 5666 Hedeland of Ericsson. 5667 No longer is the src/obj*/Makefile selected from a large list -- it 5668 is now generated using the information in BuildTools/OS/ -- 5669 some of the details are determined dynamically via 5670 BuildTools/bin/configure.sh. 5671 The other programs in the sendmail distribution -- mail.local, 5672 mailstats, makemap, praliases, rmail, and smrsh -- now use 5673 the new Build method which creates an operating system 5674 specific Makefile using the information in BuildTools. 5675 Make 4xx reply codes to the SMTP MAIL command be non-sticky (i.e., 5676 a failure on one message won't affect future messages to the 5677 same host). This is necessary if the remote host sends 5678 a 451 error if the domain of the sender does not resolve 5679 as is common in anti-spam configurations. Problem noted 5680 by Mitchell Blank Jr of Exec-PC. 5681 New "discard" mailer for check_* rulesets and header checking 5682 rulesets. If one of the above rulesets resolves to the 5683 $#discard mailer, the commands will be accepted but the 5684 message will be completely discarded after it is accepting. 5685 This means that even if only one of the recipients 5686 resolves to the $#discard mailer, none of the recipients 5687 will receive the mail. Suggested by Brian Kantor. 5688 All but the last cloned envelope of a split envelope were queued 5689 instead of being delivered. Problem noted by John Caruso 5690 of CNET: The Computer Network. 5691 Fix deadlock situation in persistent host status file locking. 5692 Syslog an error if a user forward file could not be read due to 5693 an error. Patch from John Beck of Sun Microsystems. 5694 Use the first name returned on machine lookups when canonifying a 5695 hostname via NetInfo. Patch from Timm Wetzel of GWDG. 5696 Clear the $&{client_addr}, $&{client_name}, and $&{client_port} 5697 macros when delivering a bounce message to prevent 5698 rejection by a check_compat ruleset which uses these macros. 5699 Problem noted by Jens Hamisch of AgiX Internetservices GmbH. 5700 If the check_relay ruleset resolves to the the error mailer, the 5701 error in the $: portion of the resolved triplet is used 5702 in the rejection message given to the remote machine. 5703 Suggested by Scott Gifford of The Internet Ramp. 5704 Set the $&{client_addr}, $&{client_name}, and $&{client_port} macros 5705 before calling the check_relay ruleset. Suggested by Scott 5706 Gifford of The Internet Ramp. 5707 Sendmail would get a segmentation fault if a mailer exited with an 5708 exit code of 79. Problem noted by Aaron Schrab of ExecPC 5709 Internet. Fix from Christophe Wolfhugel of the Pasteur 5710 Institute. 5711 Separate snprintf/vsnprintf routines into separate file for use by 5712 mail.local. 5713 Allow multiple map lookups on right hand side, e.g., 5714 R$* $( host $1 $) $| $( passwd $1 $). Patch from 5715 Christophe Wolfhugel of the Pasteur Institute. 5716 Properly generate success DSN messages if requested for aliases 5717 which have owner- aliases. Problem noted by Kari Hurtta 5718 of the Finnish Meteorological Institute. 5719 Properly display delayed-expansion macros ($&{macroname}) in 5720 address test mode (-bt). Problem noted by Bryan Costales 5721 of InfoBeat, Inc. 5722 -qR could sometimes match names incorrectly. Problem noted by 5723 Lutz Euler of Lavielle EDV Systemberatung GmbH & Co. 5724 Include a magic number and version in the StatusFile for the 5725 mailstats command. 5726 Record the number of rejected and discarded messages in the 5727 StatusFile for display by the mailstats command. Patch 5728 from Randall Winchester of the University of Maryland. 5729 IDENT returns where the OSTYPE field equals "OTHER" now list the 5730 user portion as IDENT:username@site instead of 5731 username@site to differentiate the two. Suggested by 5732 Kari Hurtta of the Finnish Meteorological Institute. 5733 Enforce timeout for LDAP queries. Patch from Per Hedeland of 5734 Ericsson. 5735 Change persistent host status filename substitution so '/' is 5736 replaced by ':' instead of '|' to avoid clashes. Also 5737 avoid clashes with hostnames with leading dots. Fix from 5738 Mitchell Blank Jr. of Exec-PC. 5739 If the system lock table is full, only attempt to create a new 5740 queue entry five times before giving up. Previously, it 5741 was attempted indefinitely which could cause the partition 5742 to run out of inodes. Problem noted by Suzie Weigand of 5743 Stratus Computer, Inc. 5744 In verbose mode, warn if the sendmail.cf version is less than the 5745 currently supported version. 5746 Sorting for QueueSortOrder=host is now case insensitive. Patch 5747 from Randall S. Winchester of the University of Maryland. 5748 Properly quote a full name passed via the -F command line option, 5749 the Full-Name: header, or the NAME environment variable if 5750 it contains characters which must be quoted. Problem noted 5751 by Kari Hurtta of the Finnish Meteorological Institute. 5752 Avoid possible race condition that unlocked a mail job before 5753 releasing the transcript file on systems that use flock(2). 5754 In some cases, this might result in a "Transcript Unavailable" 5755 message in error bounces. 5756 Accept SMTP replies which contain only a reply code and no 5757 accompanying text. Problem noted by Fernando Fraticelli of 5758 Digital Equipment Corporation. 5759 Portability: 5760 AIX 4.1 uses int for SOCKADDR_LEN_T from Motonori Nakamura 5761 of Kyoto University. 5762 AIX 4.2 requires <userpw.h> before <usersec.h>. Patch from 5763 Randall S. Winchester of the University of 5764 Maryland. 5765 AIX 4.3 from Valdis Kletnieks of Virginia Tech CNS. 5766 CRAY T3E from Manu Mahonen of Center for Scientific Computing 5767 in Finland. 5768 Digital UNIX now uses statvfs for determining free 5769 disk space. Patch from Randall S. Winchester of 5770 the University of Maryland. 5771 HP-UX 11.x from Richard Allen of Opin Kerfi HF and 5772 Regis McEwen of Progress Software Corporation. 5773 IRIX 64 bit fixes from Kari Hurtta of the Finnish 5774 Meteorological Institute. 5775 IRIX 6.2 configuration fix for mail.local from Michael Kyle 5776 of CIC/Advanced Computing Laboratory. 5777 IRIX 6.5 from Thomas H Jones II of SGI. 5778 IRIX 6.X load average code from Bob Mende of SGI. 5779 QNX from Glen McCready <glen@qnx.com>. 5780 SCO 4.2 and 5.x use /usr/bin instead of /usr/ucb for links 5781 to sendmail. Install with group bin instead of kmem 5782 as kmem does not exist. From Guillermo Freige of 5783 Gobernacion de la Pcia de Buenos Aires and Paul 5784 Fischer of BTG, Inc. 5785 SunOS 4.X does not include memmove(). Patch from 5786 Per Hedeland of Ericsson. 5787 SunOS 5.7 includes getloadavg() function for determining 5788 load average. Patch from John Beck of Sun 5789 Microsystems. 5790 CONFIG: Increment version number of config file. 5791 CONFIG: add DATABASE_MAP_TYPE to set the default type of database 5792 map for the various maps. The default is hash. Patch from 5793 Robert Harker of Harker Systems. 5794 CONFIG: new confEBINDIR m4 variable for defining the executable 5795 directory for certain programs. 5796 CONFIG: new FEATURE(local_lmtp) to use the new LMTP support for 5797 local mail delivery. By the default, /usr/libexec/mail.local 5798 is used. This is expected to be the mail.local shipped 5799 with 8.9 which is LMTP capable. The path is based on the 5800 new confEBINDIR m4 variable. 5801 CONFIG: Use confEBINDIR in determining path to smrsh for 5802 FEATURE(smrsh). Note that this changes the default from 5803 /usr/local/etc/smrsh to /usr/libexec/smrsh. To obtain the 5804 old path for smrsh, use FEATURE(smrsh, /usr/local/etc/smrsh). 5805 CONFIG: DOMAIN(generic) changes the default confFORWARD_PATH to 5806 include $z/.forward.$w+$h and $z/.forward+$h which allow 5807 the user to setup different .forward files for 5808 user+detail addressing. 5809 CONFIG: add confMAX_RCPTS_PER_MESSAGE, confDONT_PROBE_INTERFACES, 5810 and confDONT_BLAME_SENDMAIL to set MaxRecipientsPerMessage, 5811 DontProbeInterfaces, and DontBlameSendmail options. 5812 CONFIG: by default do not allow relaying (that is, accepting mail 5813 from outside your domain and sending it to another host 5814 outside your domain). 5815 CONFIG: new FEATURE(promiscuous_relay) to allow mail relaying from 5816 any site to any site. 5817 CONFIG: new FEATURE(relay_entire_domain) allows any host in your 5818 domain as defined by the 'm' class ($=m) to relay. 5819 CONFIG: new FEATURE(relay_based_on_MX) to allow relaying based on 5820 the MX records of the host portion of an incoming recipient. 5821 CONFIG: new FEATURE(access_db) which turns on the access database 5822 feature. This database gives you the ability to allow 5823 or refuse to accept mail from specified domains for 5824 administrative reasons. By default, names that are listed 5825 as "OK" in the access db are domain names, not host names. 5826 CONFIG: new confCR_FILE m4 variable for defining the name of the file 5827 used for class 'R'. Defaults to /etc/mail/relay-domains. 5828 CONFIG: new command RELAY_DOMAIN(domain) and RELAY_DOMAIN_FILE(file) 5829 to add items to class 'R' ($=R) for hosts allowed to relay. 5830 CONFIG: new FEATURE(relay_hosts_only) to change the behavior 5831 of FEATURE(access_db) and class 'R' to lookup individual 5832 host names only. 5833 CONFIG: new FEATURE(loose_relay_check). Normally, if a recipient 5834 using % addressing is used, e.g. user%site@othersite, 5835 and othersite is in class 'R', the check_rcpt ruleset 5836 will strip @othersite and recheck user@site for relaying. 5837 This feature changes that behavior. It should not be 5838 needed for most installations. 5839 CONFIG: new FEATURE(relay_local_from) to allow relaying if the 5840 domain portion of the mail sender is a local host. This 5841 should only be used if absolutely necessary as it opens 5842 a window for spammers. Patch from Randall S. Winchester of 5843 the University of Maryland. 5844 CONFIG: new FEATURE(blacklist_recipients) turns on the ability to 5845 block incoming mail destined for certain recipient 5846 usernames, hostnames, or addresses. 5847 CONFIG: By default, MAIL FROM: commands in the SMTP session will be 5848 refused if the host part of the argument to MAIL FROM: cannot 5849 be located in the host name service (e.g., DNS). 5850 CONFIG: new FEATURE(accept_unresolvable_domains) accepts 5851 unresolvable hostnames in MAIL FROM: SMTP commands. 5852 CONFIG: new FEATURE(accept_unqualified_senders) accepts 5853 MAIL FROM: senders which do not include a domain. 5854 CONFIG: new FEATURE(rbl) Turns on rejection of hosts found in the 5855 Realtime Blackhole List. You can specify the RBL name 5856 server to contact by specifying it as an optional argument. 5857 The default is rbl.maps.vix.com. For details, see 5858 http://maps.vix.com/rbl/. 5859 CONFIG: Call Local_check_relay, Local_check_mail, and 5860 Local_check_rcpt from check_relay, check_mail, and 5861 check_rcpt. Users with local rulesets should place the 5862 rules using LOCAL_RULESETS. If a Local_check_* ruleset 5863 returns $#OK, the message is accepted. If the ruleset 5864 returns a mailer, the appropriate action is taken, else 5865 the return of the ruleset is ignored. 5866 CONFIG: CYRUS_MAILER_FLAGS now includes the /:| mailer flags by 5867 default to support file, :include:, and program deliveries. 5868 CONFIG: Remove the default for confDEF_USER_ID so the binary can 5869 pick the proper default value. See the SECURITY note 5870 above for more information. 5871 CONFIG: FEATURE(nodns) now warns the user that the feature is a 5872 no-op. Patch from Kari Hurtta of the Finnish 5873 Meteorological Institute. 5874 CONFIG: OSTYPE(osf1) now sets DefaultUserID (confDEF_USER_ID) to 5875 daemon since DEC's /bin/mail will drop the envelope 5876 sender if run as mailnull. See the Digital UNIX section 5877 of src/README for more information. Problem noted by 5878 Kari Hurtta of the Finnish Meteorological Institute. 5879 CONFIG: .cf files are now stored in the same directory with the 5880 .mc files instead of in the obj directory. 5881 CONFIG: New options confSINGLE_LINE_FROM_HEADER, 5882 confALLOW_BOGUS_HELO, and confMUST_QUOTE_CHARS for 5883 setting SingleLineFromHeader, AllowBogusHELO, and 5884 MustQuoteChars respectively. 5885 MAIL.LOCAL: support -l flag to run LMTP on stdin/stdout. This 5886 SMTP-like protocol allows detailed reporting of delivery 5887 status on a per-user basis. Code donated by John Myers of 5888 CMU (now of Netscape). 5889 MAIL.LOCAL: HP-UX support from Randall S. Winchester of the 5890 University of Maryland. NOTE: mail.local is not 5891 compatible with the stock HP-UX mail format. Be sure to 5892 read mail.local/README. 5893 MAIL.LOCAL: Prevent other mail delivery agents from stealing a 5894 mailbox lock. Patch from Randall S. Winchester of the 5895 University of Maryland. 5896 MAIL.LOCAL: glibc portability from John Kennedy of Cal State 5897 University, Chico. 5898 MAIL.LOCAL: IRIX portability from Kari Hurtta of the Finnish 5899 Meteorological Institute. 5900 MAILSTATS: Display the number of rejected and discarded messages 5901 in the StatusFile. Patch from Randall Winchester of the 5902 University of Maryland. 5903 MAKEMAP: New -s flag to ignore safety checks on database map files 5904 such as linked files in world writable directories. 5905 MAKEMAP: Add support for Berkeley DB 2.X. Remove OLD_NEWDB support. 5906 PRALIASES: Add support for Berkeley DB 2.X. 5907 PRALIASES: Do not automatically include NDBM support. Problem 5908 noted by Ralf Hildebrandt of the Technical University of 5909 Braunschweig. 5910 RMAIL: Improve portability for other platforms. Patches from 5911 Randall S. Winchester of the University of Maryland and 5912 Kari Hurtta of the Finnish Meteorological Institute. 5913 Changed Files: 5914 src/Makefiles/Makefile.* files have been modified to use 5915 the new build mechanism and are now BuildTools/OS/*. 5916 src/makesendmail changed to symbolic link to src/Build. 5917 New Files: 5918 BuildTools/M4/header.m4 5919 BuildTools/M4/depend/BSD.m4 5920 BuildTools/M4/depend/CC-M.m4 5921 BuildTools/M4/depend/NCR.m4 5922 BuildTools/M4/depend/Solaris.m4 5923 BuildTools/M4/depend/X11.m4 5924 BuildTools/M4/depend/generic.m4 5925 BuildTools/OS/AIX.4.2 5926 BuildTools/OS/AIX.4.x 5927 BuildTools/OS/CRAYT3E.2.0.x 5928 BuildTools/OS/HP-UX.11.x 5929 BuildTools/OS/IRIX.6.5 5930 BuildTools/OS/NEXTSTEP.4.x 5931 BuildTools/OS/NeXT.4.x 5932 BuildTools/OS/NetBSD.8.3 5933 BuildTools/OS/QNX 5934 BuildTools/OS/SunOS.5.7 5935 BuildTools/OS/dcosx.1.x.NILE 5936 BuildTools/README 5937 BuildTools/Site/README 5938 BuildTools/bin/Build 5939 BuildTools/bin/configure.sh 5940 BuildTools/bin/find_m4.sh 5941 BuildTools/bin/install.sh 5942 Makefile 5943 cf/cf/Build 5944 cf/cf/generic-hpux10.cf 5945 cf/feature/accept_unqualified_senders.m4 5946 cf/feature/accept_unresolvable_domains.m4 5947 cf/feature/access_db.m4 5948 cf/feature/blacklist_recipients.m4 5949 cf/feature/loose_relay_check.m4 5950 cf/feature/local_lmtp.m4 5951 cf/feature/promiscuous_relay.m4 5952 cf/feature/rbl.m4 5953 cf/feature/relay_based_on_MX.m4 5954 cf/feature/relay_entire_domain.m4 5955 cf/feature/relay_hosts_only.m4 5956 cf/feature/relay_local_from.m4 5957 cf/ostype/qnx.m4 5958 contrib/doublebounce.pl 5959 mail.local/Build 5960 mail.local/Makefile.m4 5961 mail.local/README 5962 mailstats/Build 5963 mailstats/Makefile.m4 5964 makemap/Build 5965 makemap/Makefile.m4 5966 praliases/Build 5967 praliases/Makefile.m4 5968 rmail/Build 5969 rmail/Makefile.m4 5970 rmail/rmail.0 5971 smrsh/Build 5972 smrsh/Makefile.m4 5973 src/Build 5974 src/Makefile.m4 5975 src/snprintf.c 5976 Deleted Files: 5977 cf/cf/Makefile (replaced by Makefile.dist) 5978 mail.local/Makefile 5979 mail.local/Makefile.dist 5980 mailstats/Makefile 5981 mailstats/Makefile.dist 5982 makemap/Makefile 5983 makemap/Makefile.dist 5984 praliases/Makefile 5985 praliases/Makefile.dist 5986 rmail/Makefile 5987 smrsh/Makefile 5988 smrsh/Makefile.dist 5989 src/Makefile 5990 src/Makefiles/Makefile.AIX.4 (split into AIX.4.x and AIX.4.2) 5991 src/Makefiles/Makefile.SMP_DC.OSx.NILE 5992 (renamed BuildTools/OS/dcosx.1.x.NILE) 5993 src/Makefiles/Makefile.Utah (obsolete platform) 5994 Renamed Files: 5995 READ_ME => README 5996 cf/cf/Makefile.dist => Makefile 5997 cf/cf/obj/* => cf/cf/* 5998 src/READ_ME => src/README 5999 60008.8.8/8.8.8 1997/10/24 6001 If the check_relay ruleset failed, the relay= field was logged 6002 incorrectly. Problem noted by Kari Hurtta of the Finnish 6003 Meteorological Institute. 6004 If /usr/tmp/dead.letter already existed, sendmail could not 6005 add additional bounces to it. Problem noted by Thomas J. 6006 Arseneault of SRI International. 6007 If an SMTP mailer used a non-standard port number for the outgoing 6008 connection, it would be displayed incorrectly in verbose mode. 6009 Problem noted by John Kennedy of Cal State University, Chico. 6010 Log the ETRN parameter specified by the client before altering them 6011 to internal form. Suggested by Bob Kupiec of GES-Verio. 6012 EXPN and VRFY SMTP commands on malformed addresses were logging as 6013 User unknown with bogus delay= values. Change them to log 6014 the same as compliant addresses. Problem noted by Kari E. 6015 Hurtta of the Finnish Meteorological Institute. 6016 Ignore the debug resolver option unless using sendmail debug trace 6017 option for resolver. Problem noted by Greg Nichols of Wind 6018 River Systems. 6019 If SingleThreadDelivery was enabled and the remote server returned a 6020 protocol error on the DATA command, the connection would be 6021 closed but the persistent host status file would not be 6022 unlocked so other sendmail processes could not deliver to 6023 that host. Problem noted by Peter Wemm of DIALix. 6024 If queueing up a message due to an expensive mailer, don't increment 6025 the number of delivery attempts or set the last delivery 6026 attempt time so the message will be delivered on the next 6027 queue run regardless of MinQueueAge. Problem noted by 6028 Brian J. Coan of the Institute for Global Communications. 6029 Authentication warnings of "Processed from queue _directory_" and 6030 "Processed by _username_ with -C _filename_" would be logged 6031 with the incorrect timestamp. Problem noted by Kari E. Hurtta 6032 of the Finnish Meteorological Institute. 6033 Use a better heuristic for detecting GDBM. 6034 Log null connections on dropped connections. Problem noted by 6035 Jon Lewis of Florida Digital Turnpike. 6036 If class dbm maps are rebuilt, sendmail will now detect this and 6037 reopen the map. Previously, they could give stale 6038 results during a single message processing (but would 6039 recover when the next message was received). Fix from 6040 Joe Pruett of Q7 Enterprises. 6041 Do not log failures such as "User unknown" on -bv or SMTP VRFY 6042 requests. Problem noted by Kari E. Hurtta of the 6043 Finnish Meteorological Institute. 6044 Do not send a bounce message back to the sender regarding bad 6045 recipients if the SMTP connection is dropped before the 6046 message is accepted. Problem noted by Kari E. Hurtta of the 6047 Finnish Meteorological Institute. 6048 Use "localhost" instead of "[UNIX: localhost]" when connecting to 6049 sendmail via a UNIX pipe. This will allow rulesets using 6050 $&{client_name} to process without sending the string through 6051 dequote. Problem noted by Alan Barrett of Internet Africa. 6052 A combination of deferred delivery mode, a double bounce situation, 6053 and the inability to save a bounce message to 6054 /var/tmp/dead.letter would cause sendmail to send a bounce 6055 to postmaster but not remove the offending envelope from the 6056 queue causing it to create a new bounce message each time the 6057 queue was run. Problem noted by Brad Doctor of Net Daemons 6058 Associates. 6059 Remove newlines from hostname information returned via DNS. There are 6060 no known security implications of newlines in hostnames as 6061 sendmail filters newlines in all vital areas; however, this 6062 could cause confusing error messages. 6063 Starting with sendmail 8.8.6, mail sent with the '-t' option would be 6064 rejected if any of the specified addresses were bad. This 6065 behavior was modified to only reject the bad addresses and not 6066 the entire message. Problem noted by Jozsef Hollosi of 6067 SuperNet, Inc. 6068 Use Timeout.fileopen when delivering mail to a file. Suggested by 6069 Bryan Costales of InfoBeat, Inc. 6070 Display the proper Final-Recipient on DSN messages for non-SMTP 6071 mailers. Problem noted by Kari E. Hurtta of the 6072 Finnish Meteorological Institute. 6073 An error in calculating the available space in the list of addresses 6074 for logging deliveries could cause an address to be silently 6075 dropped. 6076 Include the initial user environment if sendmail is restarted via 6077 a HUP signal. This will give room for the process title. 6078 Problem noted by Jon Lewis of Florida Digital Turnpike. 6079 Mail could be delivered without a body if the machine does not 6080 support flock locking and runs out of processes during 6081 delivery. Fix from Chuck Lever of the University of Michigan. 6082 Drop recipient address from 251 and 551 SMTP responses per RFC 821. 6083 Problem noted by Kari E. Hurtta of the Finnish Meteorological 6084 Institute. 6085 Make sure non-rebuildable database maps are opened before the 6086 rebuildable maps (i.e., alias files) in case the database maps 6087 are needed for verifying the left hand side of the aliases. 6088 Problem noted by Lloyd Parkes of Victoria University. 6089 Make sure sender RFC822 source route addresses are alias expanded for 6090 bounce messages. Problem noted by Juergen Georgi of 6091 RUS University of Stuttgart. 6092 Minor lint fixes. 6093 Return a temporary error instead of a permanent error if an LDAP map 6094 search returns an error. This will allow sequenced maps which 6095 use other LDAP servers to be checked. Fix from Booker Bense 6096 of Stanford University. 6097 When automatically converting from quoted printable to 8bit text do 6098 not pad bare linefeeds with a space. Problem noted by Theo 6099 Nolte of the University of Technology Aachen, Germany. 6100 Portability: 6101 Non-standard C compilers may have had a problem compiling 6102 conf.c due to a standard C external declaration of 6103 setproctitle(). Problem noted by Ted Roberts of 6104 Electronic Data Systems. 6105 AUX: has a broken O_EXCL implementation. Reported by Jim 6106 Jagielski of jaguNET Access Services. 6107 BSD/OS: didn't compile if HASSETUSERCONTEXT was defined. 6108 Digital UNIX: Digital UNIX (and possibly others) moves 6109 loader environment variables into the loader memory 6110 area. If one of these environment variables (such as 6111 LD_LIBRARY_PATH) was the last environment variable, 6112 an invalid memory address would be used by the process 6113 title routine causing memory corruption. Problem 6114 noted by Sam Hartman of Mesa Internet Systems. 6115 GNU libc: uses an enum for _PC_CHOWN_RESTRICTED which caused 6116 chownsafe() to always return 0 even if the OS does 6117 not permit file giveaways. Problem noted by 6118 Yasutaka Sumi of The University of Tokyo. 6119 IRIX6: Syslog buffer size set to 512 bytes. Reported by 6120 Gerald Rinske of Siemens Business Services VAS. 6121 Linux: Pad process title with NULLs. Problem noted by 6122 Jon Lewis of Florida Digital Turnpike. 6123 SCO OpenServer 5.0: SIOCGIFCONF ioctl call returns an 6124 incorrect value for the number of interfaces. 6125 Problem noted by Chris Loelke of JetStream Internet 6126 Services. 6127 SINIX: Update for Makefile and syslog buffer size from Gerald 6128 Rinske of Siemens Business Services VAS. 6129 Solaris: Make sure HASGETUSERSHELL setting for SunOS is not 6130 used on a Solaris machine. Problem noted by 6131 Stephen Ma of Jtec Pty Limited. 6132 CONFIG: SINIX: Update from Gerald Rinske of Siemens Business 6133 Services VAS. 6134 MAKEMAP: Use a better heuristic for detecting GDBM. 6135 CONTRIB: expn.pl: Updated version from the author, David Muir Sharnoff. 6136 OP.ME: Document the F=i mailer flag. Problem noted by Per Hedeland of 6137 Ericsson. 6138 61398.8.7/8.8.7 1997/08/03 6140 If using Berkeley DB on systems without O_EXLOCK (open a file with 6141 an exclusive lock already set -- i.e., almost all systems 6142 except 4.4-BSD derived systems), the initial attempt at 6143 rebuilding aliases file if the database didn't already 6144 exist would fail. Patch from Raymund Will of LST Software 6145 GmbH. 6146 Bogus incoming SMTP commands would reset the SMTP conversation. 6147 Problem noted by Fredrik J�nsson of the Royal Institute 6148 of Technology, Stockholm. 6149 Since TCP Wrappers includes setenv(), unsetenv(), and putenv(), 6150 some environments could give "multiple definitions" for these 6151 routines during compilation. If using TCP Wrappers, assume 6152 that these routines are included as though they were in the 6153 C library. Patch from Robert La Ferla. 6154 When a NEWDB database map was rebuilt at the same time it was being 6155 used by a queue run, the maps could be left locked for the 6156 duration of the queue run, causing other processes to hang. 6157 Problem noted by Kendall Libby of Shore.NET. 6158 In some cases, NoRecipientAction=add-bcc was being ignored, so the 6159 mail was passed on without any recipient header. This could 6160 cause problems downstream. Problem noted by Xander Jansen 6161 of SURFnet ExpertiseCentrum. 6162 Give error when GDBM is used with sendmail. GDBM's locking and 6163 linking of the .dir and .pag files interferes with sendmail's 6164 locking and security checks. Problems noted by Fyodor 6165 Yarochkin of the Kyrgyz Republic FreeNet. 6166 Don't fsync qf files if SuperSafe option is not set. 6167 Avoid extra calls to gethostbyname for addresses for which a 6168 gethostbyaddr found no value. Also, ignore any returns 6169 from gethostbyaddr that look like a dotted quad. 6170 If PTR lookup fails when looking up an SMTP peer, don't tag it as 6171 "may be forged", since at the network level we pretty much 6172 have to assume that the information is good. 6173 In some cases, errors during an SMTP session could leave files 6174 open or locked. 6175 Better handling of missing file descriptors (0, 1, 2) on startup. 6176 Better handling of non-set-user-ID binaries -- avoids certain obnoxious 6177 errors during testing. 6178 Errors in file locking of NEWDB maps had the incorrect file name 6179 printed in the error message. 6180 If the AllowBogusHELO option were set and an EHLO with a bad or 6181 missing parameter were issued, the EHLO behaved like a HELO. 6182 Load limiting never kicked in for incoming SMTP transactions if the 6183 DeliveryMode=background and any recipient was an alias or 6184 had a .forward file. From Nik Conwell of Boston University. 6185 On some non-Posix systems, the decision of whether chown(2) permits 6186 file giveaway was undefined. From Tetsu Ushijima of the 6187 Tokyo Institute of Technology. 6188 Fix race condition that could cause the body of a message to be 6189 lost (so only the header was delivered). This only occurs 6190 on systems that do not use flock(2), and only when a queue 6191 runner runs during a critical section in another message 6192 delivery. Based on a patch from Steve Schweinhart of 6193 Results Computing. 6194 If a qf file was found in a mail queue directory that had a problem 6195 (wrong ownership, bad format, etc.) and the file name was 6196 exactly MAXQFNAME bytes long, then instead of being tried 6197 once, it would be tried on every queue run. Problem noted 6198 by Bryan Costales of Mercury Mail. 6199 If the system supports an st_gen field in the status structure, 6200 include it when reporting that a file has changed after open. 6201 This adds a new compile flag, HAS_ST_GEN (0/1 option). 6202 This out to be checked as well as reported, since it is 6203 theoretically possible for an attacker to remove a file after 6204 it is opened and replace it with another file that has the 6205 same i-number, but some filesystems (notably AFS) return 6206 garbage in this field, and hence always look like the file 6207 has changed. As a practical matter this is not a security 6208 problem, since the files can be neither hard nor soft links, 6209 and on no filesystem (that I am aware of) is it possible to 6210 have two files on the same filesystem with the same i-number 6211 simultaneously. 6212 Delete the root Makefile from the distribution -- it is only for 6213 use internally, and does not work at customer sites. 6214 Fix botch that caused the second MAIL FROM: command in a single 6215 transaction to clear the entire transaction. Problem 6216 noted by John Kennedy of Cal State University, Chico. 6217 Work properly on machines that have _PATH_VARTMP defined without 6218 a trailing slash. (And a pox on vendors that decide to 6219 ignore the established conventions!) Problem noted by 6220 Gregory Neil Shapiro of WPI. 6221 Internal changes to make it easier to add another protocol family 6222 (intended for IPv6). Patches are from John Kennedy of 6223 CSU Chico. 6224 In certain cases, 7->8 bit MIME decoding of Base64 text could leave 6225 an extra space at the beginning of some lines. Problem 6226 noted by Charles Karney of Princeton University; fix based 6227 on a patch from Christophe Wolfhugel. 6228 Portability: 6229 Allow _PATH_VENDOR_CF to be set in Makefile for consistency 6230 with the _Sendmail_ book, 2nd edition. Note that 6231 the book is actually wrong: _PATH_SENDMAILCF should 6232 be used instead. 6233 AIX 3.x: Include <sys/select.h>. Patch from Gene Rackow 6234 of Argonne National Laboratory. 6235 OpenBSD from from Paul DuBois of the University of Wisconsin. 6236 RISC/os 4.0 from Paul DuBois of the University of Wisconsin. 6237 SunOS: Include <memory.h> to fix warning from util.c. From 6238 James Aldridge of EUnet Ltd. 6239 Solaris: Change STDIR (location of status file) to /etc/mail 6240 in Makefiles. 6241 Linux, Dynix, UNICOS: Remove -DNDBM and -lgdbm from 6242 Makefiles. Use NEWDB on Linux instead. 6243 NCR MP-RAS 3.x with STREAMware TCP/IP: SIOCGIFNUM ioctl 6244 exists but behaves differently than other OSes. 6245 Add SIOCGIFNUM_IS_BROKEN compile flag to get 6246 around the problem. Problem noted by Tom Moore of 6247 NCR Corp. 6248 HP-UX 9.x: fix compile warnings for old select API. Problem 6249 noted by Tom Smith of Digital Equipment Corp. 6250 UnixWare 2.x: compile warnings on offsetof macro. Problem 6251 noted by Tom Good of the Community Access Information 6252 Resource Network 6253 SCO 4.2: compile problems caused by a change in the type of 6254 the "length" parameters passed to accept, getpeername, 6255 getsockname, and getsockopt. Adds new compile flags 6256 SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. Problem reported 6257 by Tom Good of St. Vincent's North Richmond Community 6258 Mental Health Center Residential Services. 6259 AIX 4: Use size_t for SOCKADDR_SIZE_T and SOCKOPT_SIZE_T. 6260 Suggested by Brett Hogden of Rochester Gas & Electric 6261 Corp. 6262 Linux: avoid compile problem for versions of <setjmp.h> that 6263 #define both setjmp and longjmp. Problem pointed out 6264 by J.R. Oldroyd of TerraNet. 6265 CONFIG: SCO UnixWare 2.1: Support for OSTYPE(sco-uw-2.1) 6266 from Christopher Durham of SCO. 6267 CONFIG: NEXTSTEP: define confCW_FILE to 6268 /etc/sendmail/sendmail.cw to match the usual 6269 configuration. Patch from Dennis Glatting of 6270 PlainTalk. 6271 CONFIG: MAILER(fax) called a program that hasn't existed for a long 6272 time. Convert to use the HylaFAX 4.0 conventions. Suggested 6273 by Harry Styron. 6274 CONFIG: Improve sample anti-spam rulesets in cf/cf/knecht.mc. These 6275 are the rulesets in use on sendmail.org. 6276 MAKEMAP: give error on GDBM files. 6277 MAIL.LOCAL: Make error messages a bit more explicit, for example, 6278 telling more details on what actually changed when "file 6279 changed after open". 6280 CONTRIB: etrn.pl: Ignore comments in Fw files. Support multiple Fw 6281 files. 6282 CONTRIB: passwd-to-alias.pl: Handle 8 bit characters and '-'. 6283 NEW FILES: 6284 src/Makefiles/Makefile.OpenBSD 6285 src/Makefiles/Makefile.RISCos.4_0 6286 test/t_exclopen.c 6287 cf/ostype/sco-uw-2.1.m4 6288 DELETED FILES: 6289 Makefile 6290 62918.8.6/8.8.6 1997/06/14 6292 ************************************************************* 6293 * The extensive assistance of Gregory Neil Shapiro of WPI * 6294 * in preparing this release is gratefully appreciated. * 6295 * Sun Microsystems has also provided resources toward * 6296 * continued sendmail development. * 6297 ************************************************************* 6298 SECURITY: A few systems allow an open with the O_EXCL|O_CREAT open 6299 mode bits set to create a file that is a symbolic link that 6300 points nowhere. This makes it possible to create a root 6301 owned file in an arbitrary directory by inserting the symlink 6302 into a writable directory after the initial lstat(2) check 6303 determined that the file did not exist. The only verified 6304 example of a system having these odd semantics for O_EXCL 6305 and symbolic links was HP-UX prior to version 9.07. Most 6306 systems do not have the problem, since a exclusive create 6307 of a file disallows symbolic links. Systems that have been 6308 verified to NOT have the problem include AIX 3.x, *BSD, 6309 DEC OSF/1, HP-UX 9.07 and higher, Linux, SunOS, Solaris, 6310 and Ultrix. This is a potential exposure on systems that 6311 have this bug and which do not have a MAILER-DAEMON alias 6312 pointing at a legitimate account, since this will cause old 6313 mail to be dropped in /var/tmp/dead.letter. 6314 SECURITY: Problems can occur on poorly managed systems, specifically, 6315 if maps or alias files are in world writable directories. 6316 If your system has alias maps in writable directories, it 6317 is potentially possible for an attacker to replace the .db 6318 (or .dir and .pag) files by symbolic links pointing at 6319 another database; this can be used either to expose 6320 information (e.g., by pointing an alias file at /etc/spwd.db 6321 and probing for accounts), or as a denial-of-service attack 6322 (by trashing the password database). The fix disallows 6323 symbolic links entirely when rebuilding alias files or on 6324 maps that are in writable directories, and always warns on 6325 writable directories; 8.9 will probably consider writable 6326 directories to be fatal errors. This does not represent an 6327 exposure on systems that have alias files in unwritable 6328 system directories. 6329 SECURITY: disallow .forward or :include: files that are links (hard 6330 or soft) if the parent directory (or any directory in the 6331 path) is writable by anyone other than the owner. This is 6332 similar to the previous case for user files. This change 6333 should not affect most systems, but is necessary to prevent 6334 an attacker who can write the directory from pointing such 6335 files at other files that are readable only by the owner. 6336 SECURITY: Tighten safechown rules: many systems will say that they 6337 have a safe (restricted to root) chown even on files that 6338 are mounted from another system that allows owners to give 6339 away files. The new rules are very strict, trusting file 6340 ownership only in those few cases where the system has 6341 been verified to be at least as paranoid as necessary. 6342 However, it is possible to relax the rules to partially 6343 trust the ownership if the directory path is not world or 6344 group writable. This might allow someone who has a legitimate 6345 :include: file (referenced directly from /etc/aliases) to 6346 become another non-root user if the :include: file is in a 6347 non-writable directory on an NFS-mounted filesystem where 6348 the local system says that giveaway is denied but it is 6349 actually permitted. I believe this to be a very small set 6350 of cases. If in doubt, do not point :include: aliases at 6351 NFS-mounted filesystems. 6352 SECURITY: When setting a numeric group id using the RunAsUser option 6353 (e.g., "O RunAsUser=10:20", the group id would not be set. 6354 Implicit group ids (e.g., "O RunAsUser=mailnull") or alpha 6355 group ids (e.g., "O RunAsUser=mailuser:mailgrp") worked fine. 6356 The user id was still set properly. Problem noted by Uli 6357 Pralle of the Technical University of Berlin. 6358 Save the initial gid set for use when checking for if the 6359 PrivacyOptions=restrictmailq option is set. Problem reported 6360 by Wolfgang Ley of DFN-CERT. 6361 Make 55x reply codes to the SMTP DATA-"." be non-sticky (i.e., a 6362 failure on one message won't affect future messages to the 6363 same host). 6364 IP source route printing had an "off by one" error that would 6365 affect any options that came after the route option. Patch 6366 from Theo de Raadt. 6367 The "Message is too large" error didn't successfully bounce the error 6368 back to the sender. Problem reported by Stephen More of 6369 PSI; patch from Gregory Neil Shapiro of WPI. 6370 Change SMTP status code 553 to map into Extended code 5.1.0 (instead 6371 of 5.1.3); it apparently gets used in multiple ways. 6372 Suggested by John Myers of Portola Communications. 6373 Fix possible extra null byte generated during collection if errors 6374 occur at the beginning of the stream. Patch contributed by 6375 Andrey A. Chernov and Gregory Neil Shapiro. 6376 Code changes to avoid possible reentrant call of malloc/free within 6377 a signal handler. Problem noted by John Beck of Sun 6378 Microsystems. 6379 Move map initialization to be earlier so that check_relay ruleset 6380 will have the latest version of the map data. Problem noted 6381 by Paul Forgey of Metainfo; patch from Gregory Neil Shapiro. 6382 If there are fatal errors during the collection phase (e.g., message 6383 too large) don't send the bogus message. 6384 Avoid "cannot open xfAAA00000" messages when sending to aliases that 6385 have errors and have owner- aliases. Problem noted by Michael 6386 Barber of MTU; fix from Gregory Neil Shapiro of WPI. 6387 Avoid null pointer dereference on illegal Boundary= parameters in 6388 multipart/mixed Content-Type: header. Problem noted by 6389 Richard Muirden of RMIT University. 6390 Always print error messages during newaliases (-bi) even if the 6391 ErrorMode is not set to "print". Fix from Gregory Neil 6392 Shapiro. 6393 Test mode could core dump if you did a /map lookup in an optional map 6394 that could not be opened. Based on a fix from John Beck of 6395 Sun Microsystems. 6396 If DNS is misconfigured so that the last MX record tried points to 6397 a host that does not have an A record, but other MX records 6398 pointed to something reasonable, don't bounce the message 6399 with a "host unknown" error. Note that this should really 6400 be fixed in the zone file for the domain. Problem noted by 6401 Joe Rhett of Navigist, Inc. 6402 If a map fails (e.g., DNS times out) on all recipient addresses, mark 6403 the message as having been tried; otherwise the next queue 6404 run will not realize that this is a second attempt and will 6405 retry immediately. Problem noted by Bryan Costales of 6406 Mercury Mail. 6407 If the clock is set backwards, and a MinQueueAge is set, no jobs 6408 will be run until the later setting of the clock is reached. 6409 "Problem" (I use the term loosely) noted by Eric Hagberg of 6410 Morgan Stanley. 6411 If the load average rises above the cutoff threshold (above which 6412 sendmail will not process the queue at all) during a queue 6413 run, abort the queue run immediately. Problem noted by 6414 Bryan Costales of Mercury Mail. 6415 The variable queue processing algorithm (based on the message size, 6416 number of recipients, message precedence, and job age) was 6417 non-functional -- either the entire queue was processed or 6418 none of the queue was processed. The updated algorithm 6419 does no queue run if a single recipient zero size job will 6420 not be run. 6421 If there is a fatal ("panic") message that will cause sendmail to 6422 die immediately, never hold the error message for future 6423 printing. 6424 Force ErrorMode=print in -bt mode so that all errors are printed 6425 regardless of the setting of the ErrorMode option in the 6426 configuration file. Patch from Gregory Neil Shapiro. 6427 New compile flag HASSTRERROR says that this OS has the strerror(3) 6428 routine available in one of the libraries. Use it in conf.h. 6429 The -m (match only) flag now works on host class maps. 6430 If class hash or btree maps are rebuilt, sendmail will now detect 6431 this and reopen the map. Previously, they could give 6432 erroneous results during a single message processing 6433 (but would recover when the next message was received). 6434 Don't delete zero length queue files when doing queue runs until the 6435 files are at least ten minutes old. This avoids a potential 6436 race condition: the creator creates the qf file, getting back 6437 a file descriptor. The queue runner locks it and deletes it 6438 because it is zero length. The creator then writes the 6439 descriptor that is now for a disconnected file, and the 6440 job goes away. Based on a suggestion by Bryan Costales. 6441 When determining the "validated" host name ($_ macro), do a forward 6442 (A) DNS lookup on the result of the PTR lookup and compare 6443 results. If they differ or if the PTR lookup fails, tag the 6444 address as "may be forged". 6445 Log null connections (i.e., hosts that connect but do not do any 6446 substantive activity on the connection before disconnecting; 6447 "substantive" is defined to be MAIL, EXPN, VRFY, or ETRN. 6448 Always permit "writes" to /dev/null regardless of the link count. 6449 This is safe because /dev/null is special cased, and no open 6450 or write is ever actually attempted. Patch from Villy Kruse 6451 of TwinCom. 6452 If a message cannot be sent because of a 552 (exceeded storage 6453 allocation) response to the MAIL FROM:<>, and a SIZE= parameter 6454 was given, don't return the body in the bounce, since there 6455 is a very good chance that the message will double-bounce. 6456 Fix possible line truncation if a quoted-printable had an =00 escape 6457 in the body. Problem noted by Charles Karney of the Princeton 6458 Plasma Physics Laboratory. 6459 Notify flags (e.g., -NSUCCESS) were lost on user+detail addresses. 6460 Problem noted by Kari Hurtta of the Finnish Meteorological 6461 Institute. 6462 The MaxDaemonChildren option wasn't applying to queue runs as 6463 documented. Note that this increases the potential denial 6464 of service problems with this option: an attacker can 6465 connect many times, and thereby lock out queue runs as well 6466 as incoming connections. If you use this option, you should 6467 run the "sendmail -bd" and "sendmail -q30m" jobs separately 6468 to avoid this attack. Failure to limit noted by Matthew 6469 Dillon of BEST Internet Communications. 6470 Always give a message in newaliases if alias files cannot be 6471 opened instead of failing silently. Suggested by Gregory 6472 Neil Shapiro. This change makes the code match the O'Reilly 6473 book (2nd edition). 6474 Some older versions of the resolver could return with h_errno == -1 6475 if no name server could be reached, causing mail to bounce 6476 instead of queueing. Treat this like TRY_AGAIN. Fix from 6477 John Beck of SunSoft. 6478 If a :include: file is owned by a user that does not have an entry 6479 in the passwd file, sendmail could dereference a null pointer. 6480 Problem noted by Satish Mynam of Sun Microsystems. 6481 Take precautions to make sure that the SMTP protocol cannot get out 6482 of sync if (for example) an alias file cannot be opened. 6483 Fix a possible race condition that can cause a SIGALRM to come in 6484 immediately after a SIGHUP, causing the new sendmail to die. 6485 Avoid possible hang on SVr3 systems when doing child reaping. Patch 6486 from Villy Kruse of TwinCom. 6487 Ignore improperly formatted SMTP reply codes. Previously these were 6488 partially processed, which could cause confusing error 6489 returns. 6490 Fix possible bogus pointer dereference when doing ldapx map lookups 6491 on some architectures. 6492 Portability: 6493 A/UX: from Jim Jagielski of NASA/GSFC. 6494 glibc: SOCK_STREAM was changed from a #define to an enum, 6495 thus breaking #ifdef SOCK_STREAM. Only option seems 6496 to be to assume SOCK_STREAM if __GNU_LIBRARY__ is 6497 defined. Problem reported by A Sun of the University 6498 of Washington. 6499 Solaris: use SIOCGIFNUM to get the number of interfaces on 6500 the system rather than guessing at compile time. 6501 Patch contributed by John Beck of Sun Microsystems. 6502 Intel Paragon: from Wendy Lin of Purdue University. 6503 GNU Hurd: from Miles Bader of the GNU project. 6504 RISC/os 4.50 from Harlan Stenn of PFCS Corporation. 6505 ISC Unix: wait never returns if SIGCLD signals are blocked. 6506 Unfortunately releasing them opens a race condition, 6507 but there appears to be no fix for this. Patch from 6508 Gregory Neil Shapiro. 6509 BIND 8.1 for IPv6 compatibility from John Kennedy. 6510 Solaris: a bug in strcasecmp caused characters with the 6511 high order bit set to apparently randomly match 6512 letters -- for example, $| (0233) matches "i" and "I". 6513 Problem noted by John Gregson of the University of 6514 Cambridge. 6515 IRIX 6.x: make Makefile.IRIX.6.2 apply to all 6.x. From 6516 Kari Hurtta. 6517 IRIX 6.x: Create Makefiles for systems that claim to be 6518 IRIX64 but are 6.2 or higher (so use the regular 6519 IRIX Makefile). 6520 IRIX 6.x: Fix load average computation on 64 bit kernels. 6521 Problem noted by Eric Hagberg of Morgan Stanley. 6522 CONFIG: Some canonification was still done for UUCP-like addresses 6523 even if FEATURE(nocanonify) was set. Problem pointed out by 6524 Brian Candler. 6525 CONFIG: In some cases UUCP mailers wouldn't properly recognize all 6526 local names as local. Problem noted by Jeff Polk of BSDI; 6527 fix provided by Gregory Neil Shapiro. 6528 CONFIG: The "local:user" syntax entries in mailertables and other 6529 "mailer:user" syntax locations returned an incorrect value 6530 for the $h macro. Problem noted by Gregory Neil Shapiro. 6531 CONFIG: Retain "+detail" information when forwarding mail to a 6532 MAIL_HUB, LUSER_RELAY, or LOCAL_RELAY. Patch from Philip 6533 Guenther of Gustavus Adolphus College. 6534 CONFIG: Make sure user+detail works for FEATURE(virtusertable); 6535 rules are the same as for aliasing. Based on a patch from 6536 Gregory Neil Shapiro. 6537 CONFIG: Break up parsing rules into several pieces; this should 6538 have no functional change in this release, but makes it 6539 possible to have better anti-spam rulesets in the future. 6540 CONFIG: Disallow double dots in host names to avoid having the 6541 HostStatusDirectory store status under the wrong name. 6542 In some cases this can be used as a denial-of-service attack. 6543 Problem noted by Ron Jarrell of Virginia Tech, patch from 6544 Gregory Neil Shapiro. 6545 CONFIG: Don't use F=m (multiple recipients per invocation) for 6546 MAILER(procmail), but do pass F=Pn9 (include Return-Path:, 6547 don't include From_, and convert to 8-bit). Suggestions 6548 from Kimmo Suominen and Roderick Schertler. 6549 CONFIG: Domains under $=M (specified with MASQUERADE_DOMAIN) were 6550 being masqueraded as though FEATURE(masquerade_entire_domain) 6551 was specified, even when it wasn't. 6552 MAIL.LOCAL: Solaris 2.6 has snprintf. From John Beck of SunSoft. 6553 MAIL.LOCAL: SECURITY: check to make sure that an attacker doesn't 6554 "slip in" a symbolic link between the lstat(2) call and the 6555 exclusive open. This is only a problem on System V derived 6556 systems that allow an exclusive create on files that are 6557 symbolic links pointing nowhere. 6558 MAIL.LOCAL: If the final mailbox close() failed, the user id was 6559 not reset back to root, which on some systems would cause 6560 later mailboxes to fail. Also, any partial message would 6561 not be truncated, which could result in repeated deliveries. 6562 Problem noted by Bruce Evans via Peter Wemm (FreeBSD 6563 developers). 6564 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar 6565 change to the sendmail map code was made in 8.8.3. Problem 6566 noted by Gregory Neil Shapiro. 6567 MAKEMAP: Give warnings on file problems such as map files that are 6568 symbolic links; although makemap is not set-user-ID root, it is 6569 often run as root and hence has the potential for the same 6570 sorts of problems as alias rebuilds. 6571 MAKEMAP: Change compilation so that it will link properly on 6572 NEXTSTEP. 6573 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. 6574 Accept an optional list of arguments following the server 6575 name for the ETRN arguments to use (instead of $=w). Other 6576 miscellaneous bug fixes. From Christian von Roques via 6577 John Beck of Sun Microsystems. 6578 CONTRIB: Add passwd-to-alias.pl, contributed by Kari Hurtta. This 6579 Perl script converts GECOS information in the /etc/passwd 6580 file into aliases, allowing for faster access to full name 6581 lookups; it is also clever about adding aliases (to root) 6582 for system accounts. 6583 NEW FILES: 6584 src/safefile.c 6585 cf/ostype/gnuhurd.m4 6586 cf/ostype/irix6.m4 6587 contrib/passwd-to-alias.pl 6588 src/Makefiles/Makefile.IRIX64.6.1 6589 src/Makefiles/Makefile.IRIX64.6.x 6590 RENAMED FILES: 6591 src/Makefiles/Makefile.IRIX.6.2 => Makefile.IRIX.6.x 6592 src/Makefiles/Makefile.IRIX64 => Makefile.IRIX64.6.0 6593 65948.8.5/8.8.5 1997/01/21 6595 SECURITY: Clear out group list during startup. Without this, sendmail 6596 will continue to run with the group permissions of the caller, 6597 even if RunAsUser is specified. 6598 SECURITY: Make purgestat (-bH) be root-only. This is not in response 6599 to any known attack, but it's best to be conservative. 6600 Suggested by Peter Wemm of DIALix. 6601 SECURITY: Fix buffer overrun problem in MIME code that has possible 6602 security implications. Patch from Alex Garthwaite of the 6603 University of Pennsylvania. 6604 Use of a -f flag with a phrase attached (e.g., "-f 'Full Name <addr>'") 6605 would truncate the address after "Full". Although the -f 6606 syntax is incorrect (since it is in the envelope, it 6607 shouldn't have comments and full names), the failure mode 6608 was unnecessarily awful. 6609 Fix a possible null pointer dereference when converting 8-bit data 6610 to a 7-bit format. Problem noted by Jim Hutchins of 6611 Sandia National Labs and David James of British Telecom. 6612 Clear out stale state that affected F=9 on SMTP mailers in queue 6613 runs. Although this really shouldn't be used (F=9 is for 6614 final delivery only, and using it on an SMTP mailer makes 6615 it possible for a message to be converted from 8->7->8->7 6616 bits several times), it shouldn't have failed with a syserr. 6617 Problem noted by Eric Hagberg of Morgan Stanley. 6618 _Really_ fix the multiple :maildrop code in the user database 6619 module. Patch from Roy Mongiovi of Georgia Tech. 6620 Let F lines in the configuration file actually read root-only 6621 files if the configuration file is safe. Based on a 6622 patch from Keith Reynolds of SCO. 6623 ETRN followed by QUIT would hold the connection open until the queue 6624 run completed. Problem noted by Truck Lewis of TDK 6625 Semiconductor Corp. 6626 It turns out that despite the documentation, the TCP wrappers library 6627 does _not_ log rejected connections. Do the logging ourselves. 6628 Problem noted by Fletcher Mattox of the University of Texas 6629 at Austin. 6630 If sendmail finds a qf file in its queue directory that is an unknown 6631 version (e.g., when backing out to an old version), the 6632 error is reported on every queue run. Change it to only 6633 give the error once (and rename the qf => Qf). Patch from 6634 William A. Gianopoulos of Raytheon Company. 6635 Start a new session when doing background delivery; currently it 6636 ignored signals but didn't start a new signal, that caused 6637 some problems if a background process tried to send mail 6638 under certain circumstances. Problem noted by Eric Hagberg 6639 of Morgan Stanley; fix from Kari Hurtta. 6640 Simplify test for skipping a queue run to just check if the current 6641 load average is >= the queueing load average. Previously 6642 the check factored in some other parameters that caused it 6643 to essentially never skip the queue run. Patch from Bryan 6644 Costales. 6645 If the SMTP server is running in "nullserver" mode (that is, it is 6646 rejecting all commands), start sleeping after MAXBADCOMMAND 6647 (25) commands; this helps prevent a bad guy from putting 6648 you into a tight loop as a denial-of-service attack. Based 6649 on an e-mail conversation with Brad Knowles of AOL. 6650 Slow down when too many "light weight" commands have been issued; 6651 this helps prevent a class of denial-of-service attacks. 6652 The current values and defaults are: 6653 MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR 6654 MAXHELOCOMMANDS 3 HELO, EHLO 6655 MAXVRFYCOMMANDS 6 VRFY, EXPN 6656 MAXETRNCOMMANDS 8 ETRN 6657 These will probably be configurable in a future release. 6658 On systems that have uid_t typedefed to be an unsigned short, programs 6659 that had the F=S flag and no U= equate would be invoked with 6660 the real uid set to 65535 rather than being left unchanged. 6661 In some cases, NOTIFY=NEVER was not being honored. Problem noted 6662 by Steve Hubert of the University of Washington, Seattle. 6663 Mail that was Quoted-Printable encoded and had a soft line break on 6664 the last line (i.e., an incomplete continuation) had the last 6665 line dropped. Since this appears to be illegal it isn't 6666 clear what to do with it, but flushing the last line seems 6667 to be a better "fail soft" approach. Based on a patch from 6668 Eric Hagberg. 6669 If AllowBogusHELO and PrivacyOptions=needmailhelo are both set, a 6670 bogus HELO command still causes the "Polite people say HELO 6671 first" error message. Problem pointed out by Chris Thomas 6672 of UCLA; patch from John Beck of SunSoft. 6673 Handle "sendmail -bp -qSfoobar" properly if restrictqrun is set 6674 in PrivacyOptions. The -q shouldn't turn this command off. 6675 Problem noted by Murray Kucherawy of Pacific Bell Internet; 6676 based on a patch from Gregory Neil Shapiro of WPI. 6677 Don't consider SMTP reply codes 452 or 552 (exceeded storage allocation) 6678 in a DATA transaction to be sticky; these can occur because 6679 a message is too large, and smaller messages should still go 6680 through. Problem noted by Matt Dillon of Best Internet 6681 Communications. 6682 In some cases bounces were saved in /var/tmp/dead.letter even if they 6683 had been successfully delivered to the envelope sender. 6684 Problem noted Eric Hagberg of Morgan Stanley; solution from 6685 Gregory Neil Shapiro of WPI. 6686 Give better diagnostics on long alias lines. Based on code contributed 6687 by Patrick Gosling of the University of Cambridge. 6688 Increase the number of virtual interfaces that will be probed for 6689 alternate names. Problem noted by Amy Rich of Shore.Net. 6690 PORTABILITY: 6691 UXP/DS V20L10 for Fujitsu DS/90: Makefile patches from 6692 Toshiaki Nomura of Fujitsu Limited. 6693 SunOS with LDAP support: compile problems with struct timeval. 6694 Patch from Nick Cuccia of TCSI Corporation. 6695 SCO: from Keith Reynolds of SCO. 6696 Solaris: kstat load average computation wasn't being used. 6697 Fixes from Michael Ju. Tokarev of Telecom Service, JSC 6698 (Moscow). 6699 OpenBSD: from Jason Downs of teeny.org. 6700 Altos System V: from Tim Rice. 6701 Solaris 2.5: from Alan Perry of SunSoft. 6702 Solaris 2.6: from John Beck of SunSoft. 6703 Harris Nighthawk PowerUX (mh6000 box): from Bob Miorelli 6704 of Pratt & Whitney <miorelli@pweh.com>. 6705 CONFIG: It seems that I hadn't gotten the Received: line syntax 6706 _just_right_ yet. Tweak it again. I'll omit the names 6707 of the "contributors" (quantity two) in this one case. 6708 As of now, NO MORE DISCUSSION about the syntax of the 6709 Received: line. 6710 CONFIG: Although FEATURE(nullclient) uses EXPOSED_USER (class $=E), 6711 it never inserts that class into the output file. Fix it 6712 so it will honor EXPOSED_USER but will _not_ include root 6713 automatically in this class. Problem noted by Ronan KERYELL 6714 of Centre de Recherche en Informatique de l'�cole Nationale 6715 Sup�rieure des Mines de Paris (CRI-ENSMP). 6716 CONFIG: Clean up handling of "local:" syntax in relay specifications 6717 such as LUSER_RELAY. This change permits the following 6718 syntaxes: ``local:'' will send to the same user on the 6719 local machine (e.g., in a mailertable entry for "host", 6720 ``local:'' will cause an address addressed to user@host to 6721 go to user on the local machone). ``local:user'' will send 6722 to the named user on the local machine. ``local:user@host'' 6723 is equivalent to ``local:user'' (the host is ignored). In 6724 all cases, the original user@host is passed in $@ (i.e., the 6725 detail information). Inspired by a report from Michael Fuhr. 6726 CONFIG: Strip quotes from the first word of an "error:" host 6727 indication. This lets you set (for example) the LUSER_RELAY 6728 to be ``error:\"5.1.1\" Your Message Here''. Note the use 6729 of the \" so that the resulting string is properly quoted. 6730 Problem noted by Gregory Neil Shapiro of WPI. 6731 OP.ME: documentation was inconsistent about whether sendmail did a 6732 NOOP or a RSET to probe the connection (it does a RSET). 6733 Inconsistency noted by Deeran Peethamparam. 6734 OP.ME: insert additional blank pages so it will print properly on 6735 a duplex printer. From Matthew Black of Cal State University, 6736 Long Beach. 6737 67388.8.4/8.8.4 1996/12/02 6739 SECURITY: under some circumstances, an attacker could get additional 6740 permissions by hard linking to files that were group 6741 writable by the attacker. The solution is to disallow any 6742 files that have hard links -- this will affect .forward, 6743 :include:, and output files. Problem noted by Terry 6744 Kyriacopoulos of Interlog Internet Services. As a 6745 workaround, set UnsafeGroupWrites -- always a good idea. 6746 SECURITY: the TryNullMXList (w) option should not be safe -- if it 6747 is, it is possible to do a denial-of-service attack on 6748 MX hosts that rely on the use of the null MX list. There 6749 is no danger if you have this option turned off (the default). 6750 Problem noted by Dan Bernstein. Also, make the DontInitGroups 6751 unsafe. I know of no specific attack against this, although 6752 a denial-of-service attack is probably possible, but in theory 6753 you should not be able to safely tweak anything that affects 6754 the permissions that are used when mail is delivered. 6755 Purgestat could go into an infinite loop if one of the host status 6756 directories somehow became empty. Problem noted by Roy 6757 Mongiovi of Georgia Tech. 6758 Processes got "lost" when counting children due to a race condition. 6759 This caused "proc_list_probe: lost pid" messages to be logged. 6760 Problem noted by several people. 6761 On systems with System V SIGCLD child signal semantics (notably AIX 6762 and HP-UX), mail transactions would print the message "451 6763 SMTP-MAIL: lost child: No child processes". Problem noted 6764 by several people. 6765 Miscellaneous compiler warnings on picky compilers (or when setting 6766 gcc to high warning levels). From Tom Moore of NCR Corp. 6767 SMTP protocol errors, and most errors on MAIL FROM: lines should 6768 not be persistent between runs, since they are based on the 6769 message rather than the host. Problem noted by Matt Dillon 6770 of Best Internet Communications. 6771 The F=7 flag was ignored on SMTP mailers. Problem noted by Tom Moore 6772 of NCR (a.k.a., AT&T Global Information Solutions). 6773 Avoid the possibility of having a child daemon run to completion 6774 (including closing the SMTP socket) before the parent has 6775 had a chance to close the socket; this can cause the parent 6776 to hang for a long time waiting for the socket to drain. 6777 Patch from Don Lewis of TDK Semiconductor. 6778 If the fork() failed in a queue run, the queue runners would not be 6779 rescheduled (so queue runs would stop). Patch from Don Lewis. 6780 Some error conditions in ETRN could cause output without an SMTP 6781 status code. Problem noted by Don Lewis. 6782 Multiple :maildrop addresses in the user database didn't work properly. 6783 Patch from Roy Mongiovi of Georgia Tech. 6784 Add ".db" automatically onto any user database spec that does not 6785 already have it; this is for consistency with makemap, the 6786 K line, and the documentation. Inconsistency pointed out 6787 by Roy Mongiovi. 6788 Allow sendmail to be properly called in nohup mode. Patch from 6789 Kyle Jones of UUNET. 6790 Change ETRN to ignore but still update host status files; previously 6791 it would ignore them and not save the updated status, which 6792 caused stale information to be maintained. Based on a patch 6793 from Christopher Davis of Kapor Enterprises Inc. Also, have 6794 ETRN ignore the MinQueueAge option. 6795 Patch long term host status to recover more gracefully from an empty 6796 host status file condition. Patch from NAKAMURA Motonori 6797 of Kyoto University. 6798 Several patches to signal handling code to fix potential race 6799 conditions from Don Lewis. 6800 Make it possible to compile with -DDAEMON=0 (previously it had some 6801 compile errors). This turns DAEMON, QUEUE, and SMTP into 6802 0/1 compilation flags. Note that DAEMON is an obsolete 6803 compile flag; use NETINET instead. Solution based on a 6804 patch from Bryan Costales. 6805 PORTABILITY FIXES: 6806 AIX4: getpwnam() and getpwuid() do a sequential scan of the 6807 /etc/security/passwd file when called as root. This 6808 is very slow on some systems. To speed it up, use the 6809 (undocumented) _getpw{nam,uid}_shadow() routines. 6810 Patch from Chris Thomas of UCLA/OAC Systems Group. 6811 SCO 5.x: include -lprot in the Makefile. Patch from Bill 6812 Glicker of Burrelle's Information Service. 6813 NEWS-OS 4.x: need a definition for MODE_T to compile. Patch 6814 from Makoto MATSUSHITA of Osaka University. 6815 SunOS 4.0.3: compile problems. Patches from Andrew Cole of 6816 Leeds University and SASABE Tetsuro of the University 6817 of Tokyo. 6818 DG/UX 5.4.4.11 from Brian J. Murrell of InterLinx Support 6819 Services, Inc. 6820 Domain/OS from Don (Truck) Lewis of TDK Semiconductor Corp. 6821 I believe this to have only been a problem if you 6822 compiled with -DUSE_VENDOR_CF_PATH -- another reason 6823 to stick with /etc/sendmail.cf as your One True Path. 6824 Digital UNIX (OSF/1 on Alpha) load average computation from 6825 Martin Laubach of the Technischen Universit�t Wien. 6826 CONFIG: change default Received: line to be multiple lines rather 6827 than one long one. By popular demand. 6828 MAIL.LOCAL: warnings weren't being logged on some systems. Patch 6829 from Jerome Berkman of U.C. Berkeley. 6830 MAKEMAP: be sure to zero hinfo to avoid cruft that can cause runs 6831 to take a very long time. Problem noted by Yoshiro YONEYA 6832 of NTT Software Corporation. 6833 CONTRIB: add etrn.pl, contributed by John Beck. 6834 NEW FILES: 6835 contrib/etrn.pl 6836 68378.8.3/8.8.3 1996/11/17 6838 SECURITY: it was possible to get a root shell by lying to sendmail 6839 about argv[0] and then sending it a signal. Problem noted 6840 by Leshka Zakharoff <leshka@leshka.chuvashia.su> on the 6841 best-of-security list. 6842 Log sendmail binary version number in "Warning: .cf version level 6843 (%d) exceeds program functionality (%d) message" -- this 6844 should make it clearer to people that they are running 6845 the wrong binary. 6846 Fix a problem that occurs when you open an SMTP connection and then 6847 do one or more ETRN commands followed by a MAIL command; at 6848 the end of the DATA phase sendmail would incorrectly report 6849 "451 SMTP-MAIL: lost child: No child processes". Problem 6850 noted by Eric Bishop of Virginia Tech. 6851 When doing text-based host canonification (typically /etc/hosts 6852 lookup), a null host name would match any /etc/hosts entry 6853 with space at the end of the line. Problem noted by Steve 6854 Hubert of the University of Washington, Seattle. 6855 7 to 8 bit BASE64 MIME conversions could duplicate bits of text. 6856 Problem reported by Tom Smith of Digital Equipment Corp. 6857 Increase the size of the DNS answer buffer -- the standard UDP packet 6858 size PACKETSZ (512) is not sufficient for some nameserver 6859 answers containing very many resource records. The resolver 6860 may also switch to TCP and retry if it detects UDP packet 6861 overflow. Also, allow for the fact that the resolver 6862 routines res_query and res_search return the size of the 6863 *un*truncated answer in case the supplied answer buffer it 6864 not big enough to accommodate the entire answer. Patch from 6865 Eric Wassenaar. 6866 Improvements to MaxDaemonChildren code. If you think you have too 6867 many children, probe the ones you have to verify that they 6868 are still around. Suggested by Jared Mauch of CICnet, Inc. 6869 Also, do this probe before growing the vector of children 6870 pids; this previously caused the vector to grow indefinitely 6871 due to a race condition. Problem reported by Kyle Jones of 6872 UUNET. 6873 On some architectures, <db.h> (from the Berkeley DB library) defines 6874 O_EXLOCK to zero; this fools the map compilation code into 6875 thinking that it can avoid race conditions by locking on open. 6876 Change it to check for O_EXLOCK non-zero. Problem noted by 6877 Leif Erlingsson of Data Lege. 6878 Always call res_init() on startup (if compiled in, of course) to 6879 allow the sendmail.cf file to tweak resolver flags; without 6880 it, flag tweaks in ResolverOptions are ignored. Patch from 6881 Andrew Sun of Merrill Lynch. 6882 Improvements to host status printing code. Suggested by Steve Hubert 6883 of the University of Washington, Seattle. 6884 Change MinQueueAge option processing to do the check for the job age 6885 when reading the queue file, rather than at the end; this 6886 avoids parsing the addresses, which can do DNS lookups. 6887 Problem noted by John Beck of InReference, Inc. 6888 When MIME was being 7->8 bit decoded, "From " lines weren't being 6889 properly escaped. Problem noted by Peter Nilsson of the 6890 University of Linkoping. 6891 In some cases, sendmail would retain root permissions during queue 6892 runs even if RunAsUser was set. Problem noted by Mark 6893 Thomas of Mark G. Thomas Consulting. 6894 If the F=l flag was set on an SMTP mailer to indicate that it is 6895 actually local delivery, and NOTIFY=SUCCESS is specified in 6896 the envelope, and the receiving SMTP server speaks DSN, then 6897 the DSN would be both generated locally and propagated to the 6898 other end. 6899 The U= mailer field didn't correctly extract the group id if the 6900 user id was numeric. Problem noted by Kenneth Herron of 6901 MCI Telecommunications Communications. 6902 If a message exceeded the fixed maximum size on input, the body of 6903 the message was included in the bounce. Note that this did 6904 not occur if it exceeded the maximum _output_ size. Problem 6905 reported by Kyle Jones of UUNET. 6906 PORTABILITY FIXES: 6907 AIX4: 4.1 doesn't have a working setreuid(2); change the 6908 AIX4 defines to use seteuid(2) instead, which 6909 works on 4.1 as well as 4.2. Problem noted by 6910 H�kan Lindholm of interAF, Sweden. 6911 AIX4: use tzname[] vector to determine time zone name. 6912 Patch from NAKAMURA Motonori of Kyoto University. 6913 MkLinux: add Makefile.Linux.ppc and OSTYPE(mklinux) support. 6914 Contributed by Paul DuBois <dubois@primate.wisc.edu>. 6915 Solaris: kstat(3k) support for retrieving the load average. 6916 This adds the LA_KSTAT definition for LA_TYPE. 6917 The outline of the implementation was contributed 6918 by Michael Tokarev of Telecom Service, JSC, Moscow. 6919 HP-UX 10.0 gripes about the (perfectly legal!) forward 6920 declaration of struct rusage at the top of conf.h; 6921 change it to only be included if you are using gcc, 6922 which is apparently the only compiler that requires 6923 it in the first place. Problem noted by Jeff 6924 Earickson of Colby College. 6925 IRIX: don't default to using gcc. IRIX is a civilized 6926 operating system that comes with a decent compiler 6927 by default. Problem noted by Barry Bouwsma and 6928 Kari Hurtta. 6929 CONFIG: specify F=9 as default in FEATURE(local_procmail) for 6930 consistency with other local mailers. Inconsistency 6931 pointed out by Teddy Hogeborn <teddy@fukt.hk-r.se>. 6932 CONFIG: if the "limited best mx" feature is used (to reduce DNS 6933 overhead) as part of the bestmx_is_local feature, the 6934 domain part was dropped from the name. Patch from Steve 6935 Hubert of the University of Washington, Seattle. 6936 CONFIG: catch addresses of the form "user@.dom.ain"; these could 6937 end up being translated to the null host name, which would 6938 return any entry in /etc/hosts that had a space at the end 6939 of the line. Problem noted by Steve Hubert of the 6940 University of Washington, Seattle. 6941 CONFIG: add OSTYPE(aix4). From Michael Sofka of Rensselaer 6942 Polytechnic Institute. 6943 MAKEMAP: tweak hash and btree parameters for better performance. 6944 Patch from Matt Dillon of Best Internet Communications. 6945 NEW FILES: 6946 src/Makefiles/Makefile.Linux.ppc 6947 cf/ostype/aix4.m4 6948 cf/ostype/mklinux.m4 6949 69508.8.2/8.8.2 1996/10/18 6951 SECURITY: fix a botch in the 7-bit MIME patch; the previous patch 6952 changed the code but didn't fix the problem. 6953 PORTABILITY FIXES: 6954 Solaris: Don't use the system getusershell(3); it can 6955 apparently corrupt the heap in some circumstances. 6956 Problem found by Ken Pizzini of Spry, Inc. 6957 OP.ME: document several mailer flags that were accidentally omitted 6958 from this document. These flags were F=d, F=j, F=R, and F=9. 6959 CONFIG: no changes. 6960 69618.8.1/8.8.1 1996/10/17 6962 SECURITY: unset all environment variables that the resolver will 6963 examine during queue runs and daemon mode. Problem noted 6964 by Dan Bernstein of the University of Illinois at Chicago. 6965 SECURITY: in some cases an illegal 7-bit MIME-encoded text/plain 6966 message could overflow a buffer if it was converted back 6967 to 8 bits. This caused core dumps and has the potential 6968 for a remote attack. Problem first noted by Gregory Shapiro 6969 of WPI. 6970 Avoid duplicate deliveries of error messages on systems that don't 6971 have flock(2) support. Patch from Motonori Nakamura of 6972 Kyoto University. 6973 Ignore null FallBackMX (V) options. If this option is null (as 6974 opposed to undefined) it can cause "null signature" syserrs 6975 on illegal host names. 6976 If a Base64 encoded text/plain message has no trailing newline in 6977 the encoded text, conversion back to 8 bits will drop the 6978 final line. Problem noted by Pierre David. 6979 If running with a RunAsUser, sendmail would give bogus "cannot 6980 setuid" (or seteuid, or setreuid) messages on some systems. 6981 Problem pointed out by Jordan Mendelson of Web Services, Inc. 6982 Always print error messages in -bv mode -- previously, -bv would 6983 be absolutely silent on errors if the error mode was sent 6984 to (say) mail-back. Problem noted by Kyle Jones of UUNET. 6985 If -qI/R/S is set (or the ETRN command is used), ignore all long 6986 term host status. This is necessary because it is common 6987 to do this when you know a host has just come back up. 6988 Disallow duplicate HELO/EHLO commands as required by RFC 1651 section 6989 4.2. Excessive permissiveness noted by Lee Flight of the 6990 University of Leicester. 6991 If a service (such as NIS) is specified as the last entry in the 6992 service switch, but that service is not compiled in, sendmail 6993 would return a temporary failure when an entry was not found 6994 in the map. This caused the message to be queued instead of 6995 bouncing immediately. Problem noted by Harry Edmon of the 6996 University of Washington. 6997 PORTABILITY FIXES: 6998 Solaris 2.3 had compilation problems in conf.c. Several 6999 people pointed this out. 7000 NetBSD from Charles Hannum of MIT. 7001 AIX4 improvements based on info from Steve Bauer of South 7002 Dakota School of Mines & Technology. 7003 CONFIG: ``error:code message'' syntax was broken in virtusertable. 7004 Patch from Gil Kloepfer Jr. 7005 CONFIG: if FEATURE(nocanonify) was specified, hosts in $=M (set 7006 using MASQUERADE_DOMAIN) were not masqueraded unless they 7007 were also in $=w. Problem noted by Zoltan Basti of 7008 Softec. 7009 MAIL.LOCAL: patches to compile and link cleanly on AIX. Based 7010 on a patch from Eric Hagberg of Morgan Stanley. 7011 MAIL.LOCAL: patches to compile on NEXTSTEP. From Patrick Nolan 7012 of Stanford via Robert La Ferla. 7013 70148.8.0/8.8.0 1996/09/26 7015 Under some circumstances, Bcc: headers would not be properly 7016 deleted. Pointed out by Jonathan Kamens of OpenVision. 7017 Log a warning if the sendmail daemon is invoked without a full 7018 pathname, which prevents "kill -1" from working. I was 7019 urged to put this in by Andrey A. Chernov of DEMOS (Russia). 7020 Fix small buffer overflow. Since the data in this buffer was not 7021 read externally, there was no security problem (and in fact 7022 probably wouldn't really overflow on most compilers). Pointed 7023 out by KIZU takashi of Osaka University. 7024 Fix problem causing domain literals such as [1.2.3.4] to be ignored 7025 if a FallbackMXHost was specified in the configuration file 7026 -- all mail would be sent to the fallback even if the original 7027 host was accessible. Pointed out by Munenari Hirayama of 7028 NSC (Japan). 7029 A message that didn't terminate with a newline would (sometimes) not 7030 have the trailing "." added properly in the SMTP dialogue, 7031 causing SMTP to hang. Patch from Per Hedeland of Ericsson. 7032 The DaemonPortOptions suboption to bind to a particular address was 7033 incorrect and nonfunctional due to a misunderstanding of the 7034 semantics of binding on a passive socket. Patch from 7035 NIIBE Yutaka of Mitsubishi Research Institute. 7036 Increase the number of MX hosts for a single name to 100 to better 7037 handle the truly huge service providers such as AOL, which 7038 has 13 at the moment (and climbing). In order to avoid 7039 trashing memory, the buffer for all names has only been 7040 slightly increased in size, to 12.8K from 10.2K -- this means 7041 that if a single name had 100 MX records, the average size 7042 of those records could not exceed 128 bytes. Requested by 7043 Brad Knowles of America On Line. 7044 Restore use of IDENT returns where the OSTYPE field equals "OTHER". 7045 Urged by Dan Bernstein of U.C. Berkeley. 7046 Print q_statdate and q_specificity in address structure debugging 7047 printout. 7048 Expand MCI structure flag bits for debugging output. 7049 Support IPv6-style domain literals, which can have colons between 7050 square braces. 7051 Log open file descriptors for the "cannot dup" messages in deliver(); 7052 this is an attempt to track down a bug that one person seems 7053 to be having (it may be a Solaris bug!). 7054 DSN NOTIFY parameters were not properly propagated across queue runs; 7055 this caused the NOTIFY info to sometimes be lost. Problem 7056 pointed out by Claus Assmann of the 7057 Christian-Albrechts-University of Kiel. 7058 The statistics gathered in the sendmail.st file were too high; in 7059 some cases failures (e.g., user unknown or temporary failure) 7060 would count as a delivery as far as the statistics were 7061 concerned. Problem noted by Tom Moore of AT&T GIS. 7062 Systems that don't have flock() would not send split envelopes in 7063 the initial run. Problem pointed out by Leonard Zubkoff of 7064 Dandelion Digital. 7065 Move buffer overflow checking -- these primarily involve distrusting 7066 results that may come from NIS and DNS. 7067 4.4-BSD-derived systems, including FreeBSD, NetBSD, and BSD/OS didn't 7068 include <paths.h> and hence had the wrong pathnames for a few 7069 things like /var/tmp. Reported by Matthew Green. 7070 Conditions were reversed for the Priority: header, resulting in all 7071 values being interpreted as non-urgent except for non-urgent, 7072 which was interpreted as normal. Patch from Bryan Costales. 7073 The -o (optional) flag was being ignored on hash and btree maps 7074 since 8.7.2. Fix from Bryan Costales. 7075 Content-Types listed in class "q" will always be encoded as 7076 Quoted-Printable (or more accurately, will never be encoded 7077 as base64). The class can have primary types (e.g., "text") 7078 or full types (e.g., "text/plain"). Based on a suggestion by 7079 Marius Olafsson of the University of Iceland. 7080 Define ${envid} to be the original envelope id (from the ESMTP DSN 7081 dialogue) so it can be passed to programs in mailers. 7082 Define ${bodytype} to be the body type (from the -B flag or the 7083 BODY= ESMTP parameter) so it can be passed to programs in 7084 mailers. 7085 Cause the VRFY command to return 252 instead of 250 unless the F=q 7086 flag is set in the mailer descriptor. Suggested by John 7087 Myers of CMU. 7088 Implement ESMTP ETRN command to flush the queue for a specific host. 7089 The command takes a host name; data for that host is 7090 immediately (and asynchronously) flushed. Because this shares 7091 the -qR implementation, other hosts may be attempted, but 7092 there should be no security implications. Implementation 7093 from John Beck of InReference, Inc. See RFC 1985 for details. 7094 Add three new command line flags to pass in DSN parameters: -V envid 7095 (equivalent to ENVID=envid on the MAIL command), -R ret 7096 (equivalent to RET=ret on the MAIL command), and -Nnotify 7097 (equivalent to NOTIFY=notify on the RCPT command). Note 7098 that the -N flag applies to all recipients; there is no way 7099 to specify per-address notifications on the command line, 7100 nor is there an equivalent for the ORCPT= per-address 7101 parameter. 7102 Restore LogLevel option to be safe (it can only be increased); 7103 apparently I went into paranoid mode between 8.6 and 8.7 7104 and made it unsafe. Pointed out by Dabe Murphy of the 7105 University of Maryland. 7106 New logging on log level 15: all SMTP traffic. Patches from 7107 Andrew Gross of San Diego Supercomputer Center. 7108 NetInfo property value searching code wasn't stopping when it found 7109 a match. This was causing the wrong values to be found (and 7110 had a memory leak). Found by Bastian Schleuter of TU-Berlin. 7111 Add new F=0 (zero) mailer flag to turn off MX lookups. It was pointed 7112 out by Bill Wisner of Electronics for Imaging that you can't 7113 use the bracket address form for the MAIL_HUB macro, since 7114 that causes the brackets to remain in the envelope recipient 7115 address used for delivery. The simple fix (stripping off the 7116 brackets in the config file) breaks the use of IP literal 7117 addresses. This flag will solve that problem. 7118 Add MustQuoteChars option. This is a list of characters that must 7119 be quoted if they are found in the phrase part of an address 7120 (that is, the full name part). The characters @,;:\()[] are 7121 always in this list and cannot be removed. The default is 7122 this list plus . and ' to match RFC 822. 7123 Add AllowBogusHELO option; if set, sendmail will allow HELO commands 7124 that do not include a host name for back compatibility with 7125 some stupid SMTP clients. Setting this violates RFC 1123 7126 section 5.2.5. 7127 Add MaxDaemonChildren option; if this is set, sendmail will start 7128 rejecting connections if it has more than this many 7129 outstanding children accepting mail. Note that you may 7130 see more processes than this because of outgoing mail; this 7131 is for incoming connections only. 7132 Add ConnectionRateThrottle option. If set to a positive value, the 7133 number of incoming SMTP connections that will be permitted 7134 in a single second is limited to this number. Connections are 7135 not refused during this time, just deferred. The intent is to 7136 flatten out demand so that load average limiting can kick in. 7137 It is less radical than MaxDaemonChildren, which will stop 7138 accepting connections even if all the connections are idle 7139 (e.g., due to connection caching). 7140 Add Timeout.hoststatus option. This interval (defaulting to 30m) 7141 specifies how long cached information about the state of a 7142 host will be kept before they are considered stale and the 7143 host is retried. If you are using persistent host status 7144 (i.e., the HostStatusDirectory option is set) this will apply 7145 between runs; otherwise, it applies only within a single queue 7146 run and hence is useful only for hosts that have large queues 7147 that take a very long time to run. 7148 Add SingleLineFromHeader option. If set, From: headers are coerced 7149 into being a single line even if they had newlines in them 7150 when read. This is to get around a botch in Lotus Notes. 7151 Text class maps were totally broken -- if you ever retrieved the last 7152 item in a table it would be truncated. Problem noted by 7153 Gregory Neil Shapiro of WPI. 7154 Extend the lines printed by the mailq command (== the -bp flag) when 7155 -v is given to 120 characters; this allows more information 7156 to be displayed. Suggested by Gregory Neil Shapiro of WPI. 7157 Allow macro definitions (`D' lines) with unquoted commas; previously 7158 this was treated as end-of-input. Problem noted by Bryan 7159 Costales. 7160 The RET= envelope parameter (used for DSNs) wasn't properly written 7161 to the queue file. Fix from John Hughes of Atlantic 7162 Technologies, Inc. 7163 Close /var/tmp/dead.letter after a successful write -- otherwise 7164 if this happens in a queue run it can cause nasty delays. 7165 Problem noted by Mark Horton of AT&T. 7166 If userdb entries pointed to userdb entries, and there were multiple 7167 values for a given key, the database cursor would get 7168 trashed by the recursive call. Problem noted by Roy Mongiovi 7169 of Georgia Tech. Fixed by reading all the values and creating 7170 a comma-separated list; thus, the -v output will be somewhat 7171 different for this case. 7172 Fix buffer allocation problem with Hesiod-based userdb maps when 7173 HES_GETMAILHOST is defined. Based on a patch by Betty Lee 7174 of Stanford University. 7175 When envelopes were split due to aliases with owner- aliases, and 7176 there was some error on one of the lists, more than one of 7177 the owners would get the message. Problem pointed out by 7178 Roy Mongiovi of Georgia Tech. 7179 Detect excessive recursion in macro expansions, e.g., $X defined 7180 in terms of $Y which is defined in terms of $X. Problem 7181 noted by Bryan Costales; patch from Eric Wassenaar. 7182 When using F=U to get "ugly UUCP" From_ lines, a buffer could in 7183 some cases get trashed causing bogus From_ lines. Fix from 7184 Kyle Jones of UUNET. 7185 When doing load average initialization, if the nlist call for avenrun 7186 failed, the second and subsequent lookups wouldn't notice 7187 that fact causing bogus load averages to be returned. Noted 7188 by Casper Dik of Sun Holland. 7189 Fix problem with incompatibility with some versions of inet_aton that 7190 have changed the return value to unsigned, so a check for an 7191 error return of -1 doesn't work. Use INADDR_NONE instead. 7192 This could cause mail to addresses such as [foo.com] to bounce 7193 or get dropped. Problem noted by Christophe Wolfhugel of the 7194 Pasteur Institute. 7195 DSNs were inconsistent if a failure occurred during the DATA phase 7196 rather than the RCPT phase: the Action: would be correct, but 7197 the detailed status information would be wrong. Problem noted 7198 by Bob Snyder of General Electric Company. 7199 Add -U command line flag and the XUSR ESMTP extension, both indicating 7200 that this is the initial MUA->MTA submission. The flag current 7201 does nothing, but in future releases (when MUAs start using 7202 these flags) it will probably turn on things like DNS 7203 canonification. 7204 Default end-of-line string (E= specification on mailer [M] lines) 7205 to \r\n on SMTP mailers. Default remains \n on non-SMTP 7206 mailers. 7207 Change the internal definition for the *file* and *include* mailers 7208 to have $u in the argument vectors so that they aren't 7209 misinterpreted as SMTP mailers and thus use \r\n line 7210 termination. This will affect anyone who has redefined 7211 either of these in their configuration file. 7212 Don't assume that IDENT servers close the connection after a query; 7213 responses can be newline terminated. From Terry Kennedy of 7214 St. Peter's College. 7215 Avoid core dumps on erroneous configuration files that have 7216 $#mailer with nothing following. From Bryan Costales. 7217 Avoid null pointer dereference with high debug values in unlockqueue. 7218 Fix from Randy Martin of Clemson University. 7219 Fix possible buffer overrun when expanding very large macros. Fix 7220 from Kyle Jones of UUNET. 7221 After 25 EXPN or VRFY commands, start pausing for a second before 7222 processing each one. This avoids a certain form of denial 7223 of service attack. Potential attack pointed out by Bryan 7224 Costales. 7225 Allow new named (not numbered!) config file rules to do validity 7226 checking on SMTP arguments: check_mail for MAIL commands and 7227 check_rcpt for RCPT commands. These rulesets can do anything 7228 they want; their result is ignored unless they resolve to the 7229 $#error mailer, in which case the indicated message is printed 7230 and the command is rejected. Similarly, the check_compat 7231 ruleset is called before delivery with "from_addr $| to_addr" 7232 (the $| is a meta-symbol used to separate the two addresses); 7233 it can give a "this sender can't send to this recipient" 7234 notification. Note that this patch allows $| to stand alone 7235 in rulesets. 7236 Define new macros ${client_name}, ${client_addr}, and ${client_port} 7237 that have the name, IP address, and port number (respectively) 7238 of the SMTP client (that is, the entity at the other end of 7239 the connection. These can be used in (e.g.) check_rcpt to 7240 verify that someone isn't trying to relay mail through your 7241 host inappropriately. Be sure to use the deferred evaluation 7242 form, for example $&{client_name}, to avoid having these bound 7243 when sendmail reads the configuration file. 7244 Add new config file rule check_relay to check the incoming connection 7245 information. Like check_compat, it is passed the host name 7246 and host address separated by $| and can reject connections 7247 on that basis. 7248 Allow IDA-style recursive function calls. Code contributed by Mark 7249 Lovell and Paul Vixie. 7250 Eliminate the "No ! in UUCP From address!" message" -- instead, create 7251 a virtual UUCP address using either a domain address or the $k 7252 macro. Based on code contributed by Mark Lovell and Paul 7253 Vixie. 7254 Add Stanford LDAP map. Requires special libraries that are not 7255 included with sendmail. Contributed by Booker C. Bense 7256 <bbense@networking.stanford.edu>; contact him for support. 7257 See also the src/READ_ME file. 7258 Allow -dANSI to turn on ANSI escape sequences in debug output; this 7259 puts metasymbols (e.g., $+) in reverse video. Really useful 7260 only for debugging deep bits of code where it is important to 7261 distinguish between the single-character metasymbol $+ and the 7262 two characters $, +. 7263 Changed ruleset 89 (executed in dumpstate()) to a named ruleset, 7264 debug_dumpstate. 7265 Add new UnsafeGroupWrites option; if set, .forward and :include: 7266 files that are group writable are considered "unsafe" -- that 7267 is, programs and files referenced from such files are not 7268 valid recipients. 7269 Delete bogosity test for FallBackMX host; this prevented it to be a 7270 name that was not in DNS or was a domain-literal. Problem 7271 noted by Tom May. 7272 Change the introduction to error messages to more clearly delineate 7273 permanent from temporary failures; if both existed in a 7274 single message it could be confusing. Suggested by John 7275 Beck of InReference, Inc. 7276 The IngoreDot (i) option didn't work for lines that were terminated 7277 with CRLF. Problem noted by Ted Stockwell of Secure 7278 Computing Corporation. 7279 Add a heuristic to improve the handling of unbalanced `<' signs in 7280 message headers. Problem reported by Matt Dillon of Best 7281 Internet Communications. 7282 Check for bogus characters in the 0200-0237 range; since these are 7283 used internally, very strange errors can occur if those 7284 characters appear in headers. Problem noted by Anders Gertz 7285 of Lysator. 7286 Implement 7 -> 8 bit MIME conversions. This only takes place if the 7287 recipient mailer has the F=9 flag set, and only works on 7288 text/plain body types. Code contributed by Marius Olafsson 7289 of the University of Iceland. 7290 Special case "postmaster" name so that it is always treated as lower 7291 case in alias files regardless of configuration settings; 7292 this prevents some potential problems where "Postmaster" or 7293 "POSTMASTER" might not match "postmaster". In most cases 7294 this change is a no-op. 7295 The -o map flag was ignored for text maps. Problem noted by Bryan 7296 Costales. 7297 The -a map flag was ignored for dequote maps. Problem noted by 7298 Bryan Costales. 7299 Fix core dump when a lookup of a class "prog" map returns no 7300 response. Patch from Bryan Costales. 7301 Log instances where sendmail is deferring or rejecting connections 7302 on LogLevel 14. Suggested by Kyle Jones of UUNET. 7303 Include port number in process title for network daemons. Suggested 7304 by Kyle Jones of UUNET. 7305 Send ``double bounces'' (errors that occur when sending an error 7306 message) to the address indicated in the DoubleBounceAddress 7307 option (default: postmaster). Previously they were always 7308 sent to postmaster. Suggested by Kyle Jones of UUNET. 7309 Add new mode, -bD, that acts like -bd in all respects except that 7310 it runs in foreground. This is useful for using with a 7311 wrapper that "watches" system services. Suggested by Kyle 7312 Jones of UUNET. 7313 Fix botch in spacing around (parenthesized) comments in addresses 7314 when the comment comes before the address. Patch from 7315 Motonori Nakamura of Kyoto University. 7316 Use the prefix "Postmaster notify" on the Subject: lines of messages 7317 that are being bounced to postmaster, rather than "Returned 7318 mail". This permits the person who is postmaster more 7319 easily determine what messages are to their role as 7320 postmaster versus bounces to mail they actually sent. Based 7321 on a suggestion by Motonori Nakamura. 7322 Add new value "time" for QueueSortOrder option; this causes the queue 7323 to be sorted strictly by the time of submission. Note that 7324 this can cause very bad behavior over slow lines (because 7325 large jobs will tend to delay small jobs) and on nodes with 7326 heavy traffic (because old things in the queue for hosts that 7327 are down delay processing of new jobs). Also, this does not 7328 guarantee that jobs will be delivered in submission order 7329 unless you also set DeliveryMode=queue. In general, it should 7330 probably only be used on the command line, and only in 7331 conjunction with -qRhost.domain. In fact, there are very few 7332 cases where it should be used at all. Based on an 7333 implementation by Motonori Nakamura. 7334 If a map lookup in ruleset 5 returns tempfail, queue the message in 7335 the same manner as other rulesets. Previously a temporary 7336 failure in ruleset 5 was ignored. Patch from Booker Bense 7337 of Stanford University. 7338 Don't proceed to the next MX host if an SMTP MAIL command returns a 7339 5yz (permanent failure) code. The next MX host will still be 7340 tried if the connection cannot be opened in the first place 7341 or if the MAIL command returns a 4yz (temporary failure) code. 7342 (It's hard to know what to do here, since neither RFC 974 nor 7343 RFC 1123 specify when to proceed to the next MX host.) 7344 Suggested by Jonathan Kamens of OpenVision, Inc. 7345 Add new "-t" flag for map definitions (the "K" line in the .cf file). 7346 This causes map lookups that get a temporary failure (e.g., 7347 name server failure) to _not_ defer the delivery of the 7348 message. This should only be used if your configuration file 7349 is prepared to do something sensible in this case. Based on 7350 an idea by Gregory Shapiro of WPI. 7351 Fix problem finding network interface addresses. Patch from 7352 Motonori Nakamura. 7353 Don't reject qf entries that are not owned by your effective uid if 7354 you are not running set-user-ID; this makes management of 7355 certain kinds of firewall setups difficult. Patch 7356 suggested by Eamonn Coleman of Qualcomm. 7357 Add persistent host status. This keeps the information normally 7358 maintained within a single queue run in disk files that are 7359 shared between sendmail instances. The HostStatusDirectory 7360 is the directory in which the information is maintained. If 7361 not set, persistent host status is turned off. If not a full 7362 pathname, it is relative to the queue directory. A common 7363 value is ".hoststat". 7364 There are also two new operation modes: 7365 * -bh prints the status of hosts that have had recent 7366 connections. 7367 * -bH purges the host statuses. No attempt is made to save 7368 recent status information. 7369 This feature was originally written by Paul Vixie of Vixie 7370 Enterprises for KJS and adapted for V8 by Mark Lovell of 7371 Bigrock Consulting. Paul's funding of Mark and Mark's patience 7372 with my insistence that things fit cleanly into the V8 7373 framework is gratefully appreciated. 7374 New SingleThreadDelivery option (requires HostStatusDirectory to 7375 operate). Avoids letting two sendmails on the local machine 7376 open connections to the same remote host at the same time. 7377 This reduces load on the other machine, but can cause mail to 7378 be delayed (for example, if one sendmail is delivering a huge 7379 message, other sendmails won't be able to send even small 7380 messages). Also, it requires another file descriptor (for the 7381 lock file) per connection, so you may have to reduce 7382 ConnectionCacheSize to avoid running out of per-process 7383 file descriptors. Based on the persistent host status code 7384 contributed by Paul Vixie and Mark Lovell. 7385 Allow sending to non-simple files (e.g., /dev/null) even if the 7386 SafeFileEnvironment option is set. Problem noted by Bryan 7387 Costales. 7388 The -qR flag mistakenly matched flags in the "R" line of the queue 7389 file. Problem noted by Bryan Costales. 7390 If a job was aborted using the interrupt signal (e.g., control-C from 7391 the keyboard), on some occasions an empty df file would be 7392 left around; these would collect in the queue directory. 7393 Problem noted by Bryan Costales. 7394 Change the makesendmail script to enhance the search for Makefiles 7395 based on release number. For example, on SunOS 5.5.1, it will 7396 search for Makefile.SunOS.5.5.1, Makefile.SunOS.5.5, and then 7397 Makefile.SunOS.5.x (in addition to the other rules, e.g., 7398 adding $arch). Problem noted by Jason Mastaler of Atlanta 7399 Webmasters. 7400 When creating maps using "newaliases", always map the keys to lower 7401 case when creating the map unless the -f flag is specified on 7402 the map itself. Previously this was done based on the F=u 7403 flag in the local mailer, which meant you could create aliases 7404 that you could never access. Problem noted by Bob Wu of DEC. 7405 When a job was read from the queue, the bits causing notification on 7406 failure or delay were always set. This caused those 7407 notifications to be sent even if NOTIFY=NEVER had been 7408 specified. Problem noted by Steve Hubert of the University 7409 of Washington, Seattle. 7410 Add new configurable routine validate_connection (in conf.c). This 7411 lets you decide if you are willing to accept traffic from 7412 this host. If it returns FALSE, all SMTP commands will return 7413 "550 Access denied". -DTCPWRAPPERS will include support for 7414 TCP wrappers; you will need to add -lwrap to the link line. 7415 (See src/READ_ME for details.) 7416 Don't include the "THIS IS A WARNING MESSAGE ONLY" banner on postmaster 7417 bounces. Some people seemed to think that this could be 7418 confusing (even though it is true). Suggested by Motonori 7419 Nakamura. 7420 Add new RunAsUser option; this causes sendmail to do a setuid to that 7421 user early in processing to avoid potential security problems. 7422 However, this means that all .forward and :include: files must 7423 be readable by that user, and all files to be written must be 7424 writable by that user and all programs will be executed by that 7425 user. It is also incompatible with the SafeFileEnvironment 7426 option. In other words, it may not actually add much to 7427 security. However, it should be useful on firewalls and other 7428 places where users don't have accounts and the aliases file is 7429 well constrained. 7430 Add Timeout.iconnect. This is like Timeout.connect except it is used 7431 only on the first attempt to delivery to an address. It could 7432 be set to be lower than Timeout.connect on the principle that 7433 the mail should go through quickly to responsive hosts; less 7434 responsive hosts get to wait for the next queue run. 7435 Fix a problem on Solaris that occasionally causes programs 7436 (such as vacation) to hang with their standard input connected 7437 to a UDP port. It also created some signal handling problems. 7438 The problems turned out to be an interaction between vfork(2) 7439 and some of the libraries, particularly NIS/NIS+. I am 7440 indebted to Tor Egge <tegge@idt.ntnu.no> for this fix. 7441 Change user class map to do the same matching that actual delivery 7442 will do instead of just a /etc/passwd lookup. This adds 7443 fuzzy matching to the user map. Patch from Dan Oscarsson. 7444 The Timeout.* options are not safe -- they can be used to create a 7445 denial-of-service attack. Problem noted by Christophe 7446 Wolfhugel. 7447 Don't send PostmasterCopy messages in the event of a "delayed" 7448 notification. Suggested by Barry Bouwsma. 7449 Don't advertise "VERB" ESMTP extension if the "noexpn" privacy 7450 option is set, since this disables VERB mode. Suggested 7451 by John Hawkinson of MIT. 7452 Complain if the QueueDirectory (Q) option is not set. Problem noted 7453 by Motonori Nakamura of Kyoto University. 7454 Only queue messages on transient .forward open failures if there 7455 were no successful opens. The previous behavior caused it 7456 to queue even if a "fall back" .forward was found. Problem 7457 noted by Ann-Kian Yeo of the Dept. of Information Systems 7458 and Computer Science (DISCS), NUS, Singapore. 7459 Don't do 8->7 bit conversions when bouncing a MIME message that 7460 is bouncing because of a MIME error during 8->7 bit conversion; 7461 the encapsulated message will bounce again, causing a loop. 7462 Problem noted by Steve Hubert of the University of Washington. 7463 Create xf (transcript) files using the TempFileMode option value 7464 instead of 0644. Suggested by Ann-Kian Yeo of the 7465 National University of Singapore. 7466 Print errors if setgid/setuid/etc. fail during delivery. This helps 7467 detect cases where DefaultUid is set to something that the 7468 system can't cope with. 7469 PORTABILITY FIXES: 7470 Support for AIX/RS 2.2.1 from Mark Whetzel of Western 7471 Atlas International. 7472 Patches for Intel Paragon OSF/1 1.3 from Leo Bicknell 7473 <bicknell@ufp.org>. 7474 On DEC OSF/1 3.2 and earlier, the MatchGECOS code would only 7475 work on the first recipient of a message due to a 7476 bug in the getpwent family. If this is something you 7477 use, you can define DEC_OSF_BROKEN_GETPWENT=1 for a 7478 workaround. From Maximum Entropy of Sanford C. 7479 Bernstein and Associates. 7480 FreeBSD 1.1.5.1 uname -r returns a string containing 7481 parentheses, which breaks makesendmail. Reported 7482 by Piero Serini <piero@strider.ibenet.it>. 7483 Sequent DYNIX/ptx 4.0.2 patches from Jack Woolley of 7484 Systems and Computer Technology Corporation. 7485 Solaris 2.x: omit the UUCP grade parameter (-g flag) because 7486 it is system-dependent. Problem noted by J.J. Bailey 7487 of Bailey Computer Consulting. 7488 Pyramid NILE running DC/OSx support from Earle F. Ake of 7489 Hassler Communication Systems Technology, Inc. 7490 HP-UX 10.x compile glitches, reported by Anne Brink of the 7491 U.S. Army and James Byrne of Harte & Lyne Limited. 7492 NetBSD from Matthew Green of the NetBSD crew. 7493 SCO 5.x from Keith Reynolds of SCO. 7494 IRIX 6.2 from Robert Tarrall of the University of 7495 Colorado and Kari Hurtta of the Finnish Meteorological 7496 Institute. 7497 UXP/DS (Fujitsu/ICL DS/90 series) support from Diego R. 7498 Lopez, CICA (Seville). 7499 NCR SVR4 MP-RAS 3.x support from Tom Moore of NCR. 7500 PTX 3.2.0 from Kenneth Stailey of the US Department of Labor 7501 Employment Standards Administration. 7502 Altos System V (5.3.1) from Tim Rice of Multitalents. 7503 Concurrent Systems Corporation Maxion from Donald R. Laster 7504 Jr. 7505 NetInfo maps (improved debugging and multi-valued aliases) 7506 from Adrian Steinmann of Steinmann Consulting. 7507 ConvexOS 11.5 (including SecureWare C2 and the Share Scheduler) 7508 from Eric Schnoebelen of Convex. 7509 Linux 2.0 mail.local patches from Horst von Brand. 7510 NEXTSTEP 3.x compilation from Robert La Ferla. 7511 NEXTSTEP 3.x code changes from Allan J. Nathanson of NeXT. 7512 Solaris 2.5 configuration fixes for mail.local by Jim Davis 7513 of the University of Arizona. 7514 Solaris 2.5 has a working setreuid. Noted by David Linn of 7515 Vanderbilt University. 7516 Solaris changes for praliases, makemap, mailstats, and smrsh. 7517 Previously you had to add -DSOLARIS in Makefile.dist; 7518 this auto-detects. Based on a patch from Randall 7519 Winchester of the University of Maryland. 7520 CONFIG: add generic-nextstep3.3.mc file. Contributed by 7521 Robert La Ferla of Hot Software. 7522 CONFIG: allow mailertables to resolve to ``error:code message'' 7523 (where "code" is an exit status) on domains (previously 7524 worked only on hosts). Patch from Cor Bosman of Xs4all 7525 Foundation. 7526 CONFIG: hooks for IPv6-style domain literals. 7527 CONFIG: predefine ALIAS_FILE and change the prototype file so that 7528 if it is undefined the AliasFile option is never set; this 7529 should be transparent for most everyone. Suggested by John 7530 Myers of CMU. 7531 CONFIG: add FEATURE(limited_masquerade). Without this feature, any 7532 domain listed in $=w is masqueraded. With it, only those 7533 domains listed in a MASQUERADE_DOMAIN macro are masqueraded. 7534 CONFIG: add FEATURE(masquerade_entire_domain). This causes 7535 masquerading specified by MASQUERADE_DOMAIN to apply to all 7536 hosts under those domains as well as the domain headers 7537 themselves. For example, if a configuration had 7538 MASQUERADE_DOMAIN(foo.com), then without this feature only 7539 foo.com would be masqueraded; with it, *.foo.com would be 7540 masqueraded as well. Based on an implementation by Richard 7541 (Pug) Bainter of U. Texas. 7542 CONFIG: add FEATURE(genericstable) to do a more general rewriting of 7543 outgoing addresses. Defaults to ``hash -o /etc/genericstable''. 7544 Keys are user names; values are outgoing mail addresses. Yes, 7545 this does overlap with the user database, and figuring out 7546 just when to use which one may be tricky. Based on code 7547 contributed by Richard (Pug) Bainter of U. Texas with updates 7548 from Per Hedeland of Ericsson. 7549 CONFIG: add FEATURE(virtusertable) to do generalized rewriting of 7550 incoming addresses. Defaults to ``hash -o /etc/virtusertable''. 7551 Keys are either fully qualified addresses or just the host 7552 part (with the @ sign). For example, a table containing: 7553 info@foo.com foo-info 7554 info@bar.com bar-info 7555 @baz.org jane@elsewhere.net 7556 would send all mail destined for info@foo.com to foo-info 7557 (which is presumably an alias), mail addressed to info@bar.com 7558 to bar-info, and anything addressed to anyone at baz.org will 7559 be sent to jane@elsewhere.net. The names foo.com, bar.com, 7560 and baz.org must all be in $=w. Based on discussions with 7561 a great many people. 7562 CONFIG: add nullclient configurations to define SMTP_MAILER_FLAGS. 7563 Suggested by Richard Bainter. 7564 CONFIG: add FAX_MAILER_ARGS to tweak the arguments passed to the 7565 "fax" mailer. 7566 CONFIG: allow mailertable entries to resolve to local:user; this 7567 passes the original user@host in to procmail-style local 7568 mailers as the "detail" information to allow them to do 7569 additional clever processing. From Joe Pruett of 7570 Teleport Corporation. Delivery to the original user can 7571 be done by specifying "local:" (with nothing after the colon). 7572 CONFIG: allow any context that takes "mailer:domain" to also take 7573 "mailer:user@domain" to force mailing to the given user; 7574 "local:user" can also be used to do local delivery. This 7575 applies on *_RELAY and in the mailertable entries. Based 7576 on a suggestion by Ribert Kiessling of Easynet. 7577 CONFIG: Allow FEATURE(bestmx_is_local) to take an argument that 7578 limits the possible domains; this reduces the number of DNS 7579 lookups required to support this feature. For example, 7580 FEATURE(bestmx_is_local, my.site.com) limits the lookups 7581 to domains under my.site.com. Code contributed by Anthony 7582 Thyssen <anthony@cit.gu.edu.au>. 7583 CONFIG: LOCAL_RULESETS introduces any locally defined rulesets, 7584 such as the check_rcpt ruleset. Suggested by Gregory Shapiro 7585 of WPI. 7586 CONFIG: MAILER_DEFINITIONS introduces any mailer definitions, in the 7587 event you have to define local mailers. Suggested by 7588 Gregory Shapiro of WPI. 7589 CONFIG: fix cases where a three- (or more-) stage route-addr could 7590 be misinterpreted as a list:...; syntax. Based on a patch by 7591 Vlado Potisk <Vlado_Potisk@tempest.sk>. 7592 CONFIG: Fix masquerading of UUCP addresses when the UUCP relay is 7593 remotely connected. The address host!user was being 7594 converted to host!user@thishost instead of host!user@uurelay. 7595 Problem noted by William Gianopoulos of Raytheon Company. 7596 CONFIG: add confTO_ICONNECT to set Timeout.iconnect. 7597 CONFIG: change FEATURE(redirect) message from "User not local" to 7598 "User has moved"; the former wording was confusing if the 7599 new address is still on the local host. Based on a suggestion 7600 by Andreas Luik. 7601 CONFIG: add support in FEATURE(nullclient) for $=E (exposed users). 7602 However, the class is not pre-initialized to contain root. 7603 Suggested by Gregory Neil Shapiro. 7604 CONTRIB: Remove XLA code at the request of the author, Christophe 7605 Wolfhugel. 7606 CONTRIB: Add re-mqueue.pl, contributed by Paul Pomes of Qualcomm. 7607 MAIL.LOCAL: make it possible to compile mail.local on Solaris. Note 7608 well: this produces a slightly different mailbox format (no 7609 Content-Length: headers), file ownerships and modes are 7610 different (not owned by group mail; mode 600 instead of 660), 7611 and the local mailer flags will have to be tweaked (make them 7612 match bsd4.4) in order to use this mailer. Patches from Paul 7613 Hammann of the Missouri Research and Education Network. 7614 MAIL.LOCAL: in some cases it could return EX_OK even though there 7615 was a delivery error, such as if the ownership on the file 7616 was wrong or the mode changed between the initial stat and 7617 the open. Problem reported by William Colburn of the New 7618 Mexico Institute of Mining and Technology. 7619 MAILSTATS: handle zero length files more reliably. Patch from Bryan 7620 Costales. 7621 MAILSTATS: add man page contributed by Keith Bostic of BSDI. 7622 MAKEMAP: The -d flag (to allow duplicate keys) to a btree map wasn't 7623 honored. Fix from Michael Scott Shappe. 7624 PRALIASES: add man page contributed by Keith Bostic of BSDI. 7625 NEW FILES: 7626 src/Makefiles/Makefile.AIX.2 7627 src/Makefiles/Makefile.IRIX.6.2 7628 src/Makefiles/Makefile.maxion 7629 src/Makefiles/Makefile.NCR.MP-RAS.3.x 7630 src/Makefiles/Makefile.SCO.5.x 7631 src/Makefiles/Makefile.UXPDSV20 7632 mailstats/mailstats.8 7633 praliases/praliases.8 7634 cf/cf/generic-nextstep3.3.mc 7635 cf/feature/genericstable.m4 7636 cf/feature/limited_masquerade.m4 7637 cf/feature/masquerade_entire_domain.m4 7638 cf/feature/virtusertable.m4 7639 cf/ostype/aix2.m4 7640 cf/ostype/altos.m4 7641 cf/ostype/maxion.m4 7642 cf/ostype/solaris2.ml.m4 7643 cf/ostype/uxpds.m4 7644 contrib/re-mqueue.pl 7645 DELETED FILES: 7646 src/Makefiles/Makefile.Solaris 7647 contrib/xla/README 7648 contrib/xla/xla.c 7649 RENAMED FILES: 7650 src/Makefiles/Makefile.NCR3000 => Makefile.NCR.MP-RAS.2.x 7651 src/Makefiles/Makefile.SCO.3.2v4.2 => Makefile.SCO.4.2 7652 src/Makefiles/Makefile.UXPDS => Makefile.UXPDSV10 7653 src/Makefiles/Makefile.NeXT => Makefile.NeXT.2.x 7654 src/Makefiles/Makefile.NEXTSTEP => Makefile.NeXT.3.x 7655 76568.7.6/8.7.3 1996/09/17 7657 SECURITY: It is possible to force getpwuid to fail when writing the 7658 queue file, causing sendmail to fall back to running programs 7659 as the default user. This is not exploitable from off-site. 7660 Workarounds include using a unique user for the DefaultUser 7661 (old u & g options) and using smrsh as the local shell. 7662 SECURITY: fix some buffer overruns; in at least one case this allows 7663 a local user to get root. This is not known to be exploitable 7664 from off-site. The workaround is to disable chfn(1) commands. 7665 76668.7.5/8.7.3 1996/03/04 7667 Fix glitch in 8.7.4 when putting certain internal lines; this can 7668 in some case cause connections to hang or messages to have 7669 extra spaces in odd places. Patch from Eric Wassenaar; 7670 reports from Eric Hall of Chiron Corporation, Stephen 7671 Hansen of Stanford University, Dean Gaudet of HotWired, 7672 and others. 7673 76748.7.4/8.7.3 1996/02/18 7675 SECURITY: In some cases it was still possible for an attacker to 7676 insert newlines into a queue file, thus allowing access to 7677 any user (except root). 7678 CONFIG: no changes -- it is not a bug that the configuration 7679 version number is unchanged. 7680 76818.7.3/8.7.3 1995/12/03 7682 Fix botch in name server timeout in RCPT code; this problem caused 7683 two responses in SMTP, which breaks things horribly. Fix 7684 from Gregory Neil Shapiro of WPI. 7685 Verify that L= value on M lines cannot be negative, which could cause 7686 negative array subscripting. Not a security problem since 7687 this has to be in the config file, but it could have caused 7688 core dumps. Pointed out by Bryan Costales. 7689 Fix -d21 debug output for long macro names. Pointed out by Bryan 7690 Costales. 7691 PORTABILITY FIXES: 7692 SCO doesn't have ftruncate. From Bill Aten of Computerizers. 7693 IBM's version of arpa/nameser.h defaults to the wrong byte 7694 order. Tweak it to work properly. Based on fixes 7695 from Fletcher Mattox of UTexas and Betty Lee of 7696 Stanford University. 7697 CONFIG: add confHOSTS_FILE m4 variable to set HostsFile option. 7698 Deficiency pointed out by Bryan Costales of ICSI. 7699 77008.7.2/8.7.2 1995/11/19 7701 REALLY fix the backslash escapes in SmtpGreetingMessage, 7702 OperatorChars, and UnixFromLine options. They were not 7703 properly repaired in 8.7.1. 7704 Completely delete the Bcc: header if and only if there are other 7705 valid recipient headers (To:, Cc: or Apparently-To:, the 7706 last being a historic botch, of course). If Bcc: is the 7707 only recipient header in the message, its value is tossed, 7708 but the header name is kept. The old behavior (always keep 7709 the header name and toss the value) allowed primary recipients 7710 to see that a Bcc: went to _someone_. 7711 Include queue id on ``Authentication-Warning: <host>: <user> set 7712 sender to <address> using -f'' syslog messages. Suggested 7713 by Kari Hurtta. 7714 If a sequence or switch map lookup entry gets a tempfail but then 7715 continues on to another map type, but the name is not found, 7716 return a temporary failure from the sequence or switch map. 7717 For example, if hosts search ``dns files'' and DNS fails 7718 with a tempfail, the hosts map will go on and search files, 7719 but if it fails the whole thing should be a tempfail, not 7720 a permanent (host unknown) failure, even though that is the 7721 failure in the hosts.files map. This error caused hard 7722 bounces when it should have requeued. 7723 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo 7724 owned by bar mode 700 and inbox being set-user-ID bar stopped 7725 working properly due to excessive paranoia. Pointed out by 7726 John Hawkinson of Panix. 7727 An SMTP RCPT command referencing a host that gave a nameserver 7728 timeout would return a 451 command (8.6 accepted it and 7729 queued it locally). Revert to the 8.6 behavior in order 7730 to simplify queue management for clustered systems. Suggested 7731 by Gregory Neil Shapiro of WPI. The same problem could break 7732 MH, which assumes that the SMTP session will succeed (tsk, tsk 7733 -- mail gets lost!); this was pointed out by Stuart Pook of 7734 Infobiogen. 7735 Fix possible buffer overflow in munchstring(). This was not a security 7736 problem because you couldn't specify any argument to this 7737 without first giving up root privileges, but it is still a 7738 good idea to avoid future problems. Problem noted by John 7739 Hawkinson and Sam Hartman of MIT. 7740 ``452 Out of disk space for temp file'' messages weren't being 7741 printed. Fix from David Perlin of Nanosoft. 7742 Don't advertise the ESMTP DSN extension if the SendMimeErrors option 7743 is not set, since this is required to get the actual DSNs 7744 created. Problem pointed out by John Gardiner Myers of CMU. 7745 Log permission problems that cause .forward and :include: files to 7746 be untrusted or ignored on log level 12 and higher. Suggested 7747 by Randy Martin of Clemson University. 7748 Allow user ids in U= clauses of M lines to have hyphens and 7749 underscores. 7750 Fix overcounting of recipients -- only happened when sending to an 7751 alias. Pointed out by Mark Andrews of SGI and Jack Woolley 7752 of Systems and Computer Technology Corporation. 7753 If a message is sent to an address that fails, the error message that 7754 is returned could show some extraneous "success" information 7755 included even if the user did not request success notification, 7756 which was confusing. Pointed out by Allan Johannesen of WPI. 7757 Config files that had no AliasFile definition were defaulting to 7758 using /etc/aliases; this caused problems with nullclient 7759 configurations. Change it back to the 8.6 semantics of 7760 having no local alias file unless it is declared. Problem 7761 noted by Charles Karney of Princeton University. 7762 Fix compile problem if NOTUNIX is defined. Pointed out by Bryan 7763 Costales of ICSI. 7764 Map lookups of class "userdb" maps were always case sensitive; they 7765 should be controlled by the -f flag like other maps. Pointed 7766 out by Bjart Kvarme <bjart.kvarme@usit.uio.no>. 7767 Fix problem that caused some addresses to be passed through ruleset 5 7768 even when they were tagged as "sticky" by prefixing the 7769 address with an "@". Patch from Thomas Dwyer III of Michigan 7770 Technological University. 7771 When converting a message to Quoted-Printable, prevent any lines with 7772 dots alone on a line by themselves. This is because of the 7773 preponderance of broken mailers that still get this wrong. 7774 Code contributed by Per Hedeland of Ericsson. 7775 Fix F{macro}/file construct -- it previously did nothing. Pointed 7776 out by Bjart Kvarme of USIT/UiO (Norway). 7777 Announce whether a cached connection is SMTP or ESMTP (in -v mode). 7778 Requested by Allan Johannesen. 7779 Delete check for text format of alias files -- it should be legal 7780 to have the database format of the alias files without the 7781 text version. Problem pointed out by Joe Rhett of Navigist, 7782 Inc. 7783 If "Ot" was specified with no value, the TZ variable was not properly 7784 imported from the environment. Pointed out by Frank Crawford 7785 <frank@ansto.gov.au>. 7786 Some architectures core dumped on "program" maps that didn't have 7787 extra arguments. Patch from Booker C. Bense of Stanford 7788 University. 7789 Queue run processes would re-spawn daemons when given a SIGHUP; only 7790 the parent should do this. Fix from Brian Coan of the 7791 Association for Progressive Communications. 7792 If MinQueueAge was set and a message was considered but not run 7793 during a queue run and the Timeout.queuereturn interval was 7794 reached, a "timed out" error message would be returned that 7795 didn't include the failed address (and claimed to be a warning 7796 even though it was fatal). The fix is to not return such 7797 messages until they are actually tried, i.e., in the next 7798 MinQueueAge interval. Problem noted by Rein Tollevik of 7799 SINTEF RUNIT, Oslo. 7800 Add HES_GETMAILHOST compile flag to support MIT Hesiod distributions 7801 that have the hes_getmailhost() routine. DEC Hesiod 7802 distributions do not have this routine. Based on a patch 7803 from Betty Lee of Stanford University. 7804 Extensive cleanups to map open code to handle a locking race condition 7805 in ndbm, hash, and btree format database files on some (most 7806 non-4.4-BSD based) OS architectures. This should solve the 7807 occasional "user unknown" problem during alias rebuilds that 7808 has plagued me for quite some time. Based on a patch from 7809 Thomas Dwyer III of Michigan Technological University. 7810 PORTABILITY FIXES: 7811 Solaris: Change location of newaliases and mailq from 7812 /usr/ucb to /usr/bin to match Sun settings. From 7813 James B. Davis of TCI. 7814 DomainOS: Makefile.DomainOS doesn't require -ldbm. From 7815 Don Lewis of Silicon Systems. 7816 HP-UX 10: rename Makefile.HP-UX.10 => Makefile.HP-UX.10.x 7817 so that the makesendmail script will find it. Pointed 7818 out by Richard Allen of the University of Iceland. 7819 Also, use -Aa -D_HPUX_SOURCE instead of -Ae, which 7820 isn't supported on all compilers. 7821 UXPDS: compilation fixes from Diego R. Lopez. 7822 CONFIG: FAX mailer wasn't setting .FAX as a pseudo-domain unless 7823 you also had a FAX_RELAY. From Thomas.Tornblom@Hax.SE. 7824 CONFIG: Minor glitch in S21 -- attachment of local domain name 7825 didn't have trailing dot. From Jim Hickstein of Teradyne. 7826 CONFIG: Fix best_mx_is_local feature to allow nested addresses such as 7827 user%host@thishost. From Claude Scarpelli of Infobiogen 7828 (France). 7829 CONFIG: OSTYPE(hpux10) failed to define the location of the help file. 7830 Pointed out by Hannu Martikka of Nokia Telecommunications. 7831 CONFIG: Diagnose some inappropriate ordering in configuration files, 7832 such as FEATURE(smrsh) listed after MAILER(local). Based on 7833 a bug report submitted by Paul Hoffman of Proper Publishing. 7834 CONFIG: Make OSTYPE files consistently not override settings that 7835 have already been set. Previously it worked differently 7836 for different files. 7837 CONFIG: Change relay mailer to do masquerading like 8.6 did. My take 7838 is that this is wrong, but the change was causing problems 7839 for some people. From Per Hedeland of Ericsson. 7840 CONTRIB: bitdomain.c patch from John Gardiner Myers <jgm+@CMU.EDU>; 7841 portability changes for Posix environments (no functional 7842 changes). 7843 78448.7.1/8.7.1 1995/10/01 7845 Old macros that have become options (SmtpGreetingMessage, 7846 OperatorChars, and UnixFromLine) didn't allow backslash 7847 escapes in the options, where they previously had. Bug 7848 pointed out by John Hawkinson of MIT. 7849 Fix strange case of an executable called by a program map that 7850 returns a value but also a non-zero exit status; this 7851 would give contradictory results in the higher level; in 7852 particular, the default clause in the map lookup would be 7853 ignored. Change to ignore the value if the program returns 7854 non-zero exit status. From Tom Moore of AT&T GIS. 7855 Shorten parameters passed to syslog() in some contexts to avoid a 7856 bug in many vendors' implementations of that routine. Although 7857 this isn't really a bug in sendmail per se, and my solution 7858 has to assume that syslog() has at least a 1K buffer size 7859 internally (I know some vendors have shortened this 7860 dramatically -- they're on their own), sendmail is a popular 7861 target. Also, limit the size of %s arguments in sprintf. 7862 These both have possible security implications. Solutions 7863 suggested by Casper Dik of Sun's Network Security Group 7864 (Holland), Mark Seiden, and others. 7865 Fix a problem that might cause a non-standard -B (body type) 7866 parameter to be passed to the next server with undefined 7867 results. This could have security implications. 7868 If a filesystem was at > 100% utilization, the freediskspace() 7869 routine incorrectly returned an error rather than zero. 7870 Problem noted by G. Paul Ziemba of Alantec. 7871 Change MX sort order so that local hostnames (those in $=w) always 7872 sort first within a given preference. This forces the bestmx 7873 map to always return the local host first, if it is included 7874 in the list of highest priority MX records. From K. Robert 7875 Elz. 7876 Avoid some possible null pointer dereferences. Fixes from Randy 7877 Martin <WOLF@CLEMSON.EDU> 7878 When sendmail starts up on systems that have no fully qualified 7879 domain name (FQDN) anywhere in the first matching host map 7880 (e.g., /etc/hosts if the hosts service searches "files dns"), 7881 sendmail would sleep to try to find a FQDN, which it really 7882 really needs. This has been changed to fall through to the 7883 next map type if it can't find a FQDN -- i.e., if the hosts 7884 file doesn't have a FQDN, it will try dns even though the 7885 short name was found in /etc/hosts. This is probably a crock, 7886 but many people have hosts files without FQDNs. Remember: 7887 domain names are your friends. 7888 Log a high-priority message if you can't find your FQDN during startup. 7889 Suggested by Simon Barnes of Schlumberger Limited. 7890 When using Hesiod, initialize it early to improve error reporting. 7891 Patch from Don Lewis of Silicon Systems, Inc. 7892 Apparently at least some versions of Linux have a 90 !minute! TCP 7893 connection timeout in the kernel. Add a new "connect" timeout 7894 to limit this time. Defaults to zero (use whatever the 7895 kernel provides). Based on code contributed by J.R. Oldroyd 7896 of TerraNet. 7897 Under some circumstances, a failed message would not be properly 7898 removed from the queue, causing tons of bogus error messages. 7899 (This fix eliminates the problematic EF_KEEPQUEUE flag.) 7900 Problem noted by Allan E Johannesen and Gregory Neil Shapiro 7901 of WPI. 7902 PORTABILITY FIXES: 7903 On IRIX 5.x, there was an inconsistency in the setting 7904 of sendmail.st location. Change the Makefile to 7905 install it in /var/sendmail.st to match the OSTYPE 7906 file and SGI standards. From Andre 7907 <andre@curry.zfe.siemens.de>. 7908 Support for Fujitsu/ICL UXP/DS (For the DS/90 Series) 7909 from Diego R. Lopez <drlopez@cica.es>. 7910 Linux compilation patches from J.R. Oldroyd of TerraNet, Inc. 7911 LUNA 2 Mach patches from Motonori Nakamura. 7912 SunOS Makefile was including -ldbm, which is for the old 7913 dbm library. The ndbm library is part of libc. 7914 CONFIG: avoid bouncing ``user@host.'' (note trailing dot) with 7915 ``local configuration error'' in nullclient configuration. 7916 Patch from Gregory Neil Shapiro of WPI. 7917 CONFIG: don't allow an alias file in nullclient configurations -- 7918 since all addresses are relayed, they give errors during 7919 rebuild. Suggested by Per Hedeland of Ericsson. 7920 CONFIG: local mailer on Solaris 2 should always get a -f flag because 7921 otherwise the F=S causes the From_ line to imply that root is 7922 the sender. Problem pointed out by Claude Scarpelli of 7923 Infobiogen (France). 7924 NEW FILES: 7925 cf/feature/use_ct_file.m4 (omitted from 8.7 by mistake) 7926 src/Makefiles/Makefile.KSR (omitted from 8.7 by mistake) 7927 src/Makefiles/Makefile.UXPDS 7928 79298.7/8.7 1995/09/16 7930 Fix a problem that could cause sendmail to run out of file 7931 descriptors due to a trashed data structure after a 7932 vfork. Fix from Brian Coan of the Institute for 7933 Global Communications. 7934 Change the VRFY response if you have disabled VRFY -- some 7935 people seemed to think that it was too rude. 7936 Avoid reference to uninitialized file descriptor if HASFLOCK 7937 was not defined. This was used "safely" in the sense 7938 that it only did a stat, but it would have set the 7939 map modification time improperly. Problem pointed out 7940 by Roy Mongiovi of Georgia Tech. 7941 Clean up the Subject: line on warning messages and return 7942 receipts so that they don't say "Returned mail:"; this 7943 can be confusing. 7944 Move ruleset entry/exit debugging from 21.2 to 21.1 -- this is 7945 useful enough to make it worthwhile printing on "-d". 7946 Avoid logging alias statistics every time you read the alias 7947 file on systems with no database method compiled in. 7948 If you have a name with a trailing dot, and you try looking it 7949 up using gethostbyname without the dot (for /etc/hosts 7950 compatibility), be sure to turn off RES_DEFNAMES and 7951 RES_DNSRCH to avoid finding the wrong name accidentally. 7952 Problem noted by Charles Amos of the University of 7953 Maryland. 7954 Don't do timeouts in collect if you are not running SMTP. 7955 There is nothing that says you can't have a long 7956 running program piped into sendmail (possibly via 7957 /bin/mail, which just execs sendmail). Problem reported 7958 by Don "Truck" Lewis of Silicon Systems. 7959 Try gethostbyname() even if the DNS lookup fails iff option I 7960 is not set. This allows you to have hosts listed in 7961 NIS or /etc/hosts that are not known to DNS. It's normally 7962 a bad idea, but can be useful on firewall machines. This 7963 should really be broken out on a separate flag, I suppose. 7964 Avoid compile warnings against BIND 4.9.3, which uses function 7965 prototypes. From Don Lewis of Silicon Systems. 7966 Avoid possible incorrect diagnosis of DNS-related errors caused 7967 by things like attempts to resolve uucp names using 7968 $[ ... $] -- the fix is to clear h_errno at appropriate 7969 times. From Kyle Jones of UUNET. 7970 SECURITY: avoid denial-of-service attacks possible by destroying 7971 the alias database file by setting resource limits low. 7972 This involves adding two new compile-time options: 7973 HASSETRLIMIT (indicating that setrlimit(2) support is 7974 available) and HASULIMIT (indicating that ulimit(2) support 7975 is available -- the Release 3 form is used). The former 7976 is assumed on BSD-based systems, the latter on System 7977 V-based systems. Attack noted by Phil Brandenberger of 7978 Swarthmore University. 7979 New syntaxes in test (-bt) mode: 7980 ``.Dmvalue'' will define macro "m" to "value". 7981 ``.Ccvalue'' will add "value" to class "c". 7982 ``=Sruleset'' will dump the contents of the indicated 7983 ruleset. 7984 ``=M'' will display the known mailers. 7985 ``-ddebug-spec'' is equivalent to the command-line 7986 -d debug flag. 7987 ``$m'' will print the value of macro $m. 7988 ``$=c'' will print the contents of class $=c. 7989 ``/mx host'' returns the MX records for ``host''. 7990 ``/parse address'' will parse address, returning the value of 7991 crackaddr (essentially, the comment information) 7992 and the parsed address. 7993 ``/try mailer address'' will rewrite address into the form 7994 it will have when presented to the indicated mailer. 7995 ``/tryflags flags'' will set flags used by parsing. The 7996 flags can be `H' for header or `E' for envelope, 7997 and `S' for sender or `R' for recipient. These 7998 can be combined, so `HR' sets flags for header 7999 recipients. 8000 ``/canon hostname'' will try to canonify hostname and 8001 return the result. 8002 ``/map mapname key'' will look up `key' in the indicated 8003 `mapname' and return the result. 8004 Somewhat better handling of UNIX-domain socket addresses -- it 8005 should show the pathname rather than hex bytes. 8006 Restore ``-ba'' mode -- this reads a file from stdin and parses 8007 the header for envelope sender information and uses 8008 CR-LF as message terminators. It was thought to be 8009 obsolete (used only for Arpanet NCP protocols), but it 8010 turns out that the UK ``Grey Book'' protocols require 8011 that functionality. 8012 Fix a fix in previous release -- if gethostname and gethostbyname 8013 return a name without dots, and if an attempt to canonify 8014 that name fails, wait one minute and try again. This can 8015 result in an extra 60 second delay on startup if your system 8016 hostname (as returned by hostname(1)) has no dot and no names 8017 listed in /etc/hosts or your NIS map have a dot. 8018 Check for proper domain name on HELO and EHLO commands per 8019 RFC 1123 section 5.2.5. Problem noted by Thomas Dwyer III 8020 of Michigan Technological University. 8021 Relax chownsafe rules slightly -- old version said that if you 8022 can't tell if _POSIX_CHOWN_RESTRICTED is set (that is, 8023 if fpathconf returned EINVAL or ENOSYS), assume that 8024 chown is not safe. The new version falls back to whether 8025 you are on a BSD system or not. This is important for 8026 SunOS, which apparently always returns one of those 8027 error codes. This impacts whether you can mail to files 8028 or not. 8029 Syntax errors such as unbalanced parentheses in the configuration 8030 file could be omitted if you had "Oem" prior to the 8031 syntax error in the config file. Change to always print 8032 the error message. It was especially weird because it 8033 would cause a "warning" message to be sent to the Postmaster 8034 for every message sent (but with no transcript). Problem 8035 noted by Gregory Paris of Motorola. 8036 Rewrite collect and putbody to handle full 8-bit data, including 8037 zero bytes. These changes are internally extensive, but 8038 should have minimal impact on external function. 8039 Allow full words for option names -- if the option letter is 8040 (apparently) a space, then take the word following -- e.g., 8041 O MatchGECOS=TRUE 8042 The full list of old and new names is as follows: 8043 7 SevenBitInput 8044 8 EightBitMode 8045 A AliasFile 8046 a AliasWait 8047 B BlankSub 8048 b MinFreeBlocks/MaxMessageSize 8049 C CheckpointInterval 8050 c HoldExpensive 8051 D AutoRebuildAliases 8052 d DeliveryMode 8053 E ErrorHeader 8054 e ErrorMode 8055 f SaveFromLine 8056 F TempFileMode 8057 G MatchGECOS 8058 H HelpFile 8059 h MaxHopCount 8060 i IgnoreDots 8061 I ResolverOptions 8062 J ForwardPath 8063 j SendMimeErrors 8064 k ConnectionCacheSize 8065 K ConnectionCacheTimeout 8066 L LogLevel 8067 l UseErrorsTo 8068 m MeToo 8069 n CheckAliases 8070 O DaemonPortOptions 8071 o OldStyleHeaders 8072 P PostmasterCopy 8073 p PrivacyOptions 8074 Q QueueDirectory 8075 q QueueFactor 8076 R DontPruneRoutes 8077 r, T Timeout 8078 S StatusFile 8079 s SuperSafe 8080 t TimeZoneSpec 8081 u DefaultUser 8082 U UserDatabaseSpec 8083 V FallbackMXHost 8084 v Verbose 8085 w TryNullMXList 8086 x QueueLA 8087 X RefuseLA 8088 Y ForkEachJob 8089 y RecipientFactor 8090 z ClassFactor 8091 Z RetryFactor 8092 The old macros that passed information into sendmail have 8093 been changed to options; those correspondences are: 8094 $e SmtpGreetingMessage 8095 $l UnixFromLine 8096 $o OperatorChars 8097 $q (deleted -- not necessary) 8098 To avoid possible problems with an older sendmail, 8099 configuration level 6 is accepted by this version of 8100 sendmail; any config file using the new names should 8101 specify "V6" in the configuration. 8102 Change address parsing to properly note that a phrase before a 8103 colon and a trailing semicolon are essentially the same 8104 as text outside of angle brackets (i.e., sendmail should 8105 treat them as comments). This is to handle the 8106 ``group name: addr1, addr2, ..., addrN;'' syntax (it will 8107 assume that ``group name:'' is a comment on the first 8108 address and the ``;'' is a comment on the last address). 8109 This requires config file support to get right. It does 8110 understand that :: is NOT this syntax, and can be turned 8111 off completely by setting the ColonOkInAddresses option. 8112 Level 6 config files added with new mailer flags: 8113 A Addresses are aliasable. 8114 i Do udb rewriting on envelope as well as header 8115 sender lines. Applies to the from address mailer 8116 flags rather than the recipient mailer flags. 8117 j Do udb rewriting on header recipient addresses. 8118 Applies to the sender mailer flags rather than the 8119 recipient mailer flags. 8120 k Disable check for loops when doing HELO command. 8121 o Always run as the mail recipient, even on local 8122 delivery. 8123 w Check for an /etc/passwd entry for this user. 8124 5 Pass addresses through ruleset 5. 8125 : Check for :include: on this address. 8126 | Check for |program on this address. 8127 / Check for /file on this address. 8128 @ Look up sender header addresses in the user 8129 database. Applies to the mailer flags for the 8130 mailer corresponding to the envelope sender 8131 address, rather than to recipient mailer flags. 8132 Pre-level 6 configuration files set A, w, 5, :, |, /, and @ 8133 on the "local" mailer, the o flag on the "prog" and "*file*" 8134 mailers, and the ColonOkInAddresses option. 8135 Eight-to-seven bit MIME conversions. This borrows ideas from 8136 John Beck of Hewlett-Packard, who generously contributed 8137 their implementation to me, which I then didn't use (see 8138 mime.c for an explanation of why). This adds the 8139 EightBitMode option (a.k.a. `8') and an F=8 mailer flag 8140 to control handling of 8-bit data. These have to cope with 8141 two types of 8-bit data: unlabelled 8-bit data (that is, 8142 8-bit data that is entered without declaring it as 8-bit 8143 MIME -- technically this is illegal according to the 8144 specs) and labelled 8-bit data (that is, it was declared 8145 as 8BITMIME in the ESMTP session or by using the 8146 -B8BITMIME command line flag). If the F=8 mailer flag is 8147 set then 8-bit data is sent to non-8BITMIME machines 8148 instead of converting to 7 bit (essentially using 8149 just-send-8 semantics). The values for EightBitMode are: 8150 m convert unlabelled 8-bit input to 8BITMIME, and do 8151 any necessary conversion of 8BITMIME to 7BIT 8152 (essentially, the full MIME option). 8153 p pass unlabelled 8-bit input, but convert labelled 8154 8BITMIME input to 7BIT as required (default). 8155 s strict adherence: reject unlabelled 8-bit input, 8156 convert 8BITMIME to 7BIT as required. The F=8 8157 flag is ignored. 8158 Unlabelled 8-bit data is rejected in mode `s' regardless of 8159 the setting of F=8. 8160 Add new internal class 'n', which is the set of MIME Content-Types 8161 which can not be 8 to 7 bit encoded because of other 8162 considerations. Types "multipart/*" and "message/*" are 8163 never directly encoded (although their components can be). 8164 Add new internal class 's', which is the set of subtypes of the 8165 MIME message/* content type that can be treated as though 8166 they are an RFC822 message. It is predefined to have 8167 "rfc822". Suggested By Kari Hurtta. 8168 Add new internal class 'e'. This is the set of MIME 8169 Content-Transfer-Encodings that can be converted to 8170 a seven bit format (Quoted-Printable or Base64). It is 8171 preinitialized to contain "7bit", "8bit", and "binary". 8172 Add C=charset mailer parameter and the the DefaultCharSet option (no 8173 short name) to set the default character set to use in the 8174 Content-Type: header when doing encoding of an 8-bit message 8175 which isn't marked as MIME into MIME format. If the C= 8176 parameter is set on the Envelope From address, use that as 8177 the default encoding; else use the DefaultCharSet option. 8178 If neither is set, it defaults to "unknown-8bit" as 8179 suggested by RFC 1428 section 3. 8180 Allow ``U=user:group'' field in mailer definition to set a default 8181 user and group that a mailer will be executed as. This 8182 overrides the 'u' and 'g' options, and if the `F=S' flag is 8183 also set, it is the uid/gid that will always be used (that 8184 is, the controlling address is ignored). The values may be 8185 numeric or symbolic; if only a symbolic user is given (no 8186 group) that user's default group in the passwd file is used 8187 as the group. Based on code donated by Chip Rosenthal of 8188 Unicom. 8189 Allow `u' option to also accept user:group as a value, in the same 8190 fashion as the U= mailer option. 8191 Add the symbolic time zone name in the Arpanet format dates (as 8192 a comment). This adds a new compile-time configuration 8193 flag: TZ_TYPE can be set to TZ_TM_NAME (use the value 8194 of (struct tm *)->tm_name), TZ_TM_ZONE (use the value 8195 of (struct tm *)->tm_zone), TZ_TZNAME (use extern char 8196 *tzname[(struct tm *)->tm_isdst]), TZ_TIMEZONE (use 8197 timezone()), or TZ_NONE (don't include the comment). Code 8198 from Chip Rosenthal. 8199 The "Timeout" option (formerly "r") is extended to allow suboptions. 8200 For example, 8201 O Timeout.helo = 2m 8202 There are also two new suboptions "queuereturn" and 8203 "queuewarn"; these subsume the old T option. Thus, to 8204 set them both the preferred new syntax is 8205 O Timeout.queuereturn = 5d 8206 O Timeout.queuewarn = 4h 8207 Sort queue by host name instead of by message priority if the 8208 QueueSortOrder option (no short name) is set is set to 8209 ``host''. This makes better use of the connection cache, 8210 but may delay more ``interactive'' messages behind large 8211 backlogs under some circumstances. This is probably a 8212 good option if you have high speed links or don't do lots 8213 of ``batch'' messages, but less good if you are using 8214 something like PPP on a 14.4 modem. Based on code 8215 contributed by Roy Mongiovi of Georgia Tech (my main 8216 contribution was to make it configurable). 8217 Save i-number of df file in qf file to simplify rebuilding of queue 8218 after disastrous disk crash. Suggested by Kyle Jones of 8219 UUNET; closely based on code from KJS DECWRL code written 8220 by Paul Vixie. NOTA BENE: The qf files produced by 8.7 8221 are NOT back compatible with 8.6 -- that is, you can convert 8222 from 8.6 to 8.7, but not the other direction. 8223 Add ``F=d'' mailer flag to disable all use of angle brackets in 8224 route-addrs in envelopes; this is because in some cases 8225 they can be sent to the shell, which interprets them as 8226 I/O redirection. 8227 Don't include error file (option E) with return-receipts; this 8228 can be confusing. 8229 Don't send "Warning: cannot send" messages to owner-* or 8230 *-request addresses. Suggested by Christophe Wolfhugel 8231 of the Institut Pasteur, Paris. 8232 Allow -O command line flag to set long form options. 8233 Add "MinQueueAge" option to set the minimum time between attempts 8234 to run the queue. For example, if the queue interval 8235 (-q value) is five minutes, but the minimum queue age 8236 is fifteen minutes, jobs won't be tried more often than 8237 once every fifteen minutes. This can be used to give 8238 you more responsiveness if your delivery mode is set to 8239 queue-only. 8240 Allow "fileopen" timeout (default: 60 seconds) for opening 8241 :include: and .forward files. 8242 Add "-k", "-v", and "-z" flags to map definitions; these set the 8243 key field name, the value field name, and the field 8244 delimiter. The field delimiter can be a single character 8245 or the sequence "\t" or "\n" for tab or newline. 8246 These are for use by NIS+ and similar access methods. 8247 Change maps to always strip quotes before lookups; the -q flag 8248 turns off this behavior. Suggested by Motonori Nakamura. 8249 Add "nisplus" map class. Takes -k and -v flags to choose the 8250 key and value field names respectively. Code donated by 8251 Sun Microsystems. 8252 Add "hesiod" map class. The "file name" is used as the 8253 "HesiodNameType" parameter to hes_resolve(3). Returns the 8254 first value found for the match. Code donated by Scott 8255 Hutton of Indiana University. 8256 Add "netinfo" (NeXT NetInfo) map class. Maps can have a -k flag to 8257 specify the name of the property that is searched as the 8258 key and a -v flag to specify the name of the property that 8259 is returned as the value (defaults to "members"). The 8260 default map is "/aliases". Some code based on code 8261 contributed by Robert La Ferla of Hot Software. 8262 Add "text" map class. This does slow, linear searches through 8263 text files. The -z flag specifies a column delimiter 8264 (defaults to any sequence of white space), the -k flag 8265 sets the key column number, and the -v flag sets the 8266 value column number. Lines beginning with `#' are treated 8267 as comments. 8268 Add "program" map class to execute arbitrary programs. The search 8269 key is presented as the last argument; the output is one 8270 line read from the programs standard output. Exit statuses 8271 are from sysexits.h. 8272 Add "sequence" map class -- searches maps in sequence until it 8273 finds a match. For example, the declarations: 8274 Kmap1 ... 8275 Kmap2 ... 8276 Kmapseq sequence map1 map2 8277 defines a map "mapseq" that first searches map1; if the 8278 value is found it is returned immediately, otherwise 8279 map2 is searched and the value returned. 8280 Add "switch" map class. This is much like "sequence" except that 8281 the ordering is fetched from an external file, usually 8282 the system service switch. The parameter is the name of 8283 the service to switch on, and the maps that it will use 8284 are the name of the switch map followed by ".service_type". 8285 For example, if the declaration of the map is 8286 Ksample switch hosts 8287 and the system service switch specifies that hosts are 8288 looked up using dns and nis in that order, then this is 8289 equivalent to 8290 Ksample sequence sample.dns sample.nis 8291 The subordinate maps (sample.*) must already be defined. 8292 Add "user" map class -- looks up users using getpwnam. Takes a 8293 "-v field" flag on the definition that tells what passwd 8294 entry to return -- legal values are name, passwd, uid, gid, 8295 gecos, dir, and shell. Generally expected to be used with 8296 the -m (matchonly) flag. 8297 Add "bestmx" map class -- returns the best MX value for the host 8298 listed as the value. If there are several "best" MX records 8299 for this host, one will be chosen at random. 8300 Add "userdb" map class -- looks up entries in the user database. 8301 The "file name" is actually the tag that will be used, 8302 typically "mailname". If there are multiple entries 8303 matching the name, the one chosen is undefined. 8304 Add multiple queue timeouts (both return and warning). These are 8305 set by the Precedence: or Priority: header fields to one of 8306 three values. If a Priority: is set and has value "normal", 8307 "urgent", or "non-urgent" the corresponding timeouts are 8308 used. If no priority is set, the Precedence: is consulted; 8309 if negative, non-urgent timeouts are used; if greater than 8310 zero, urgent timeouts are used. Otherwise, normal timeouts 8311 are used. The timeouts are set by setting the six timeouts 8312 queue{warn,return}.{urgent,normal,non-urgent}. 8313 Fix problem when a mail address is resolved to a $#error mailer 8314 with a temporary failure indication; it works in SMTP, 8315 but when delivering locally the mail is silently discarded. 8316 This patch, from Kyle Jones of UUNET, bounces it instead 8317 of queueing it (queueing is very hard). 8318 When using /etc/hosts or NIS-style lookups, don't assume that 8319 the first name in the list is the best one -- instead, 8320 search for the first one with a dot. For example, if 8321 an /etc/hosts entry reads 8322 128.32.149.68 mammoth mammoth.CS.Berkeley.EDU 8323 this change will use the second name as the canonical 8324 machine name instead of the initial, unqualified name. 8325 Change dequote map to replace spaces in quoted text with a value 8326 indicated by the -s flag on the dequote map definition. 8327 For example, ``Mdequote dequote -s_'' will change 8328 "Foo Bar" into an unquoted Foo_Bar instead of leaving it 8329 quoted (because of the space character). Suggested by Dan 8330 Oscarsson for use in X.400 addresses. 8331 Implement long macro names as ${name}; long class names can 8332 be similarly referenced as $={name} and $~{name}. 8333 Definitions are (e.g.) ``D{name}value''. Names that have 8334 a leading lower case letter or punctuation characters are 8335 reserved for internal use by sendmail; i.e., config files 8336 should use names that begin with a capital letter. Based 8337 on code contributed by Dan Oscarsson. 8338 Fix core dump if getgrgid returns a null group list (as opposed 8339 to an empty group list, that is, a pointer to a list 8340 with no members). Fix from Andrew Chang of Sun Microsystems. 8341 Fix possible core dump if malloc fails -- if the malloc in xalloc 8342 failed, it called syserr which called newstr which called 8343 xalloc.... The newstr is now avoided for "panic" messages. 8344 Reported by Stuart Kemp of James Cook University. 8345 Improve connection cache timeouts; previously, they were not even 8346 checked if you were delivering to anything other than an 8347 IPC-connected host, so a series of (say) local mail 8348 deliveries could cause cached connections to be open 8349 much longer than the specified timeout. 8350 If an incoming message exceeds the maximum message size, stop 8351 writing the incoming bytes to the queue data file, since 8352 this can fill your mqueue partition -- this is a possible 8353 denial-of-service attack. 8354 Don't reject all numeric local user names unless HESIOD is 8355 defined. It turns out that Posix allows all-numeric 8356 user names. Fix from Tony Sanders of BSDI. 8357 Add service switch support. If the local OS has a service 8358 switch (e.g., /etc/nsswitch.conf on Solaris or /etc/svc.conf 8359 on DEC systems) that will be used; otherwise, it falls back 8360 to using a local mechanism based on the ServiceSwitchFile 8361 option (default: /etc/service.switch). For example, if the 8362 service switch lists "files" and "nis" for the aliases 8363 service, that will be the default lookup order. the "files" 8364 ("local" on DEC) service type expands to any alias files 8365 you listed in the configuration file, even if they aren't 8366 actually file lookups. 8367 Option I (NameServerOptions) no longer sets the "UseNameServer" 8368 variable which tells whether or not DNS should be considered 8369 canonical. This is now determined based on whether or not 8370 "dns" is in the service list for "hosts". 8371 Add preliminary support for the ESMTP "DSN" extension (Delivery 8372 Status Notifications). DSN notifications override 8373 Return-Receipt-To: headers, which are bogus anyhow -- 8374 support for them has been removed. 8375 Add T=mts-name-type/address-type/diagnostic-type keyletter to mailer 8376 definitions to define the types used in DSN returns for 8377 MTA names, addresses, and diagnostics respectively. 8378 Extend heuristic to force running in ESMTP mode to look for the 8379 five-character string "ESMTP" anywhere in the 220 greeting 8380 message (not just the second line). This is to provide 8381 better compatibility with other ESMTP servers. 8382 Print sequence number of job when running the queue so you can 8383 easily see how much progress you have made. Suggested 8384 by Peter Wemm of DIALix. 8385 Map newlines to spaces in logged message-ids; some versions of 8386 syslog truncate the rest of the line after newlines. 8387 Suggested by Fletcher Mattox of U. Texas. 8388 Move up forking for job runs so that if a message is split into 8389 multiple envelopes you don't get "fork storms" -- this 8390 also improves the connection cache utilization. 8391 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 8392 the purposes of refusing to send error returns. Suggested 8393 by Motonori Nakamura of Ritsumeikan University. 8394 Relax rules on when a file can be written when referenced from 8395 the aliases file: use the default uid/gid instead of the 8396 real uid/gid. This allows you to create a file owned by 8397 and writable only by the default uid/gid that will work 8398 all the time (without having the set-user-ID bit set). Change 8399 suggested by Shau-Ping Lo and Andrew Cheng of Sun 8400 Microsystems. 8401 Add "DialDelay" option (no short name) to provide an "extra" 8402 delay for dial on demand systems. If this is non-zero 8403 and a connect fails, sendmail will wait this long and 8404 then try again. If it takes longer than the kernel 8405 timeout interval to establish the connection, this 8406 option can give the network software time to establish 8407 the link. The default units are seconds. 8408 Move logging of sender information to be as early as possible; 8409 previously, it could be delayed a while for SMTP mail 8410 sent to aliases. Suggested by Brad Knowles of the 8411 Defense Information Systems Agency. 8412 Call res_init() before setting RES_DEBUG; this is required by 8413 BIND 4.9.3, or so I'm told. From Douglas Anderson of 8414 the National Computer Security Center. 8415 Add xdelay= field in logs -- this is a transaction delay, telling 8416 you how long it took to deliver to this address on the 8417 last try. It is intended to be used for sorting mailing 8418 lists to favor "quick" addresses. Provided for use by 8419 the mailprio scripts (see below). 8420 If a map cannot be opened, and that map is non-optional, and 8421 an address requires that map for resolution, queue the 8422 map instead of bouncing it. This involves creating a 8423 pseudo-class of maps called "bogus-map" -- if a required 8424 map cannot be opened, the class is changed to bogus-map; 8425 all queries against bogus-map return "tempfail". The 8426 bogus-map class is not directly accessible. A sample 8427 implementation was donated by Jem Taylor of Glasgow 8428 University Computing Service. 8429 Fix a possible core dump when mailing to a program that talks 8430 SMTP on its standard input. Fix from Keith Moore of 8431 the University of Kentucky. 8432 Make it possible to resolve filenames to $#local $: @ /filename; 8433 previously, the "@" would cause it to not be recognized 8434 as a file. Problem noted by Brian Hill of U.C. Davis. 8435 Accept a -1 signal to re-exec the daemon. This only works if 8436 argv[0] is a full path to sendmail. 8437 Fix bug in "addr=..." field in O option on little-endian machines 8438 -- the network number wasn't being converted to network 8439 byte order. Patch from Kurt Lidl of Pix Technologies 8440 Corporation. 8441 Pre-initialize the resolver early on; this is to avoid a bug with 8442 BIND 4.9.3 that can cause the _res.retry field to get 8443 reset to zero, causing all name server lookups to time 8444 out. Fix from Matt Day of Artisoft. 8445 Restore T line (trusted users) in config file -- but instead of 8446 locking out the -f flag, they just tell whether or not 8447 an X-Authentication-Warning: will be added. This really 8448 just creates new entries in class 't', so "Ft/file/name" 8449 can be used to read trusted user names from a file. 8450 Trusted users are also allowed to execute programs even 8451 if they have a shell that isn't in /etc/shells. 8452 Improve NEWDB alias file rebuilding so it will create them 8453 properly if they do not already exist. This had been 8454 a MAYBENEXTRELEASE feature in 8.6.9. 8455 Check for @:@ entry in NIS maps before starting up to avoid 8456 (but not prevent, sigh) race conditions. This ought to 8457 be handled properly in ypserv, but isn't. Suggested by 8458 Michael Beirne of Motorola. 8459 Refuse connections if there isn't enough space on the filesystem 8460 holding the queue. Contributed by Robert Dana of Wolf 8461 Communications. 8462 Skip checking for directory permissions in the path to a file 8463 when checking for file permissions iff setreuid() 8464 succeeded -- it is unnecessary in that case. This avoids 8465 significant performance problems when looking for .forward 8466 files. Based on a suggestion by Win Bent of USC. 8467 Allow symbolic ruleset names. Syntax can be "Sname" to get an 8468 arbitrary ruleset number assigned or "Sname = integer" 8469 to assign a specific ruleset number. Reference is 8470 $>name_or_number. Names can be composed of alphas, digits, 8471 underscore, or hyphen (first character must be non-numeric). 8472 Allow -o flag on AliasFile lines to make the alias file optional. 8473 From Bryan Costales of ICSI. 8474 Add NoRecipientAction option to handle the case where there is 8475 no legal recipient header in the message. It can take 8476 on values: 8477 None Leave the message as is. The 8478 message will be passed on even 8479 though it is in technically 8480 illegal syntax. 8481 Add-To Add a To: header with any 8482 recipients that it can find from 8483 the envelope. This risks exposing 8484 Bcc: recipients. 8485 Add-Apparently-To Add an Apparently-To: header. This 8486 has almost no redeeming social value, 8487 and is provided only for back 8488 compatibility. 8489 Add-To-Undisclosed Add a header reading 8490 To: undisclosed-recipients:; 8491 which will have the effect of 8492 making the message legal without 8493 exposing Bcc: recipients. 8494 Add-Bcc To add an empty Bcc: header. 8495 There is a chance that mailers down 8496 the line will delete this header, 8497 which could cause exposure of Bcc: 8498 recipients. 8499 The default is NoRecipientAction=None. 8500 Truncate (rather than delete) Bcc: lines in the header. This 8501 should prevent later sendmails (at least, those that don't 8502 themselves delete Bcc:) from considering this message to 8503 be non-conforming -- although it does imply that non-blind 8504 recipients can see that a Bcc: was sent, albeit not to whom. 8505 Add SafeFileEnvironment option. If declared, files named as delivery 8506 targets must be regular files in addition to the regular 8507 checks. Also, if the option is non-null then it is used as 8508 the name of a directory that is used as a chroot(2) 8509 environment for the delivery; the file names listed in an 8510 alias or forward should include the name of this root. 8511 For example, if you run with 8512 O SafeFileEnvironment=/arch 8513 then aliases should reference "/arch/rest/of/path". If a 8514 value is given, sendmail also won't try to save to 8515 /usr/tmp/dead.letter (instead it just leaves the job in the 8516 queue as Qfxxxxxx). Inspired by *Hobbit*'s sendmail patch kit. 8517 Support -A flag for alias files; this will comma concatenate like 8518 entries. For example, given the aliases: 8519 list: member1 8520 list: member2 8521 and an alias file declared as: 8522 OAhash:-A /etc/aliases 8523 the final alias inserted will be "list: member1,member2"; 8524 without -A you will get an error on the second and subsequent 8525 alias for "list". Contributed by Bryan Costales of ICSI. 8526 Line-buffer transcript file. Suggested by Liudvikas Bukys. 8527 Fix a problem that could cause very long addresses to core dump in 8528 some special circumstances. Problem pointed out by Allan 8529 Johannesen. 8530 (Internal change.) Change interface to expand() (macro expansion) 8531 to be simpler and more consistent. 8532 Delete check for funny qf file names. This didn't really give 8533 any extra security and caused some people some problems. 8534 (If you -really- want this, define PICKY_QF_NAME_CHECK 8535 at compile time.) Suggested by Kyle Jones of UUNET. 8536 (Internal change.) Change EF_NORETURN to EF_NO_BODY_RETN and 8537 merge with DSN code; this is simpler and more consistent. 8538 This may affect some people who have written their own 8539 checkcompat() routine. 8540 (Internal change.) Eliminate `D' line in qf file. The df file 8541 is now assumed to be the same name as the qf file (with 8542 the `q' changed to a `d', of course). 8543 Avoid forking for delivery if all recipient mailers are marked as 8544 "expensive" -- this can be a major cost on some systems. 8545 Essentially, this forces sendmail into "queue only" mode 8546 if all it is going to do is queue anyway. 8547 Avoid sending a null message in some rather unusual circumstances 8548 (specifically, the RCPT command returns a temporary 8549 failure but the connection is lost before the DATA 8550 command). Fix from Scott Hammond of Secure Computing 8551 Corporation. 8552 Change makesendmail to use a somewhat more rational naming scheme: 8553 Makefiles and obj directories are named $os.$rel.$arch, 8554 where $os is the operating system (e.g., SunOS), $rel is 8555 the release number (e.g., 5.3), and $arch is the machine 8556 architecture (e.g., sun4). Any of these can be omitted, 8557 and anything after the first dot in a release number can 8558 be replaced with "x" (e.g., SunOS.4.x.sun4). The previous 8559 version used $os.$arch.$rel and was rather less general. 8560 Change makesendmail to do a "make depend" in the target directory 8561 when it is being created. This involves adding an empty 8562 "depend:" entry in most Makefiles. 8563 Ignore IDENT return value if the OSTYPE field returns "OTHER", 8564 as indicated by RFC 1413. Pointed out by Kari Hurtta 8565 of the Finnish Meteorological Institute. 8566 Fix problem that could cause multiple responses to DATA command 8567 on header syntax errors (e.g., lines beginning with colons). 8568 Problem noted by Jens Thomassen of the University of Oslo. 8569 Don't let null bytes in headers cause truncation of the rest of 8570 the header. 8571 Log Authentication-Warning:s. Suggested by Motonori Nakamura. 8572 Increase timeouts on message data puts to allow time for receivers 8573 to canonify addresses in headers on the fly. This is still 8574 a rather ugly heuristic. From Motonori Nakamura. 8575 Add "HasWildcardMX" suboption to ResolverOptions; if set, MX 8576 records are not used when canonifying names, and when MX 8577 lookups are done for addressing they must be fully 8578 qualified. This is useful if you have a wildcard MX record, 8579 although it may cause other problems. In general, don't use 8580 wildcard MX records. Patch from Motonori Nakamura. 8581 Eliminate default two-line SMTP greeting message. Instead of 8582 adding an extra "ESMTP spoken here" line, the word "ESMTP" 8583 is added between the first and second word of the first 8584 line of the greeting message (i.e., immediately after the 8585 host name). This eliminates the need for the BROKEN_SMTP_PEERS 8586 compile flag. Old sendmails won't see the ESMTP, but that's 8587 acceptable because SIZE was the only useful extension that 8588 old sendmails understand. 8589 Avoid gethostbyname calls on UNIX domain sockets during SIGUSR1 8590 invoked state dumps. From Masaharu Onishi. 8591 Allow on-line comments in .forward and :include: files; they are 8592 introduced by the string "<LWSP>#@#<LWSP>", where <LWSP> 8593 is a space or a tab. This is intended for native 8594 representation of non-ASCII sets such as Japanese, where 8595 existing encodings would be unreadable or would lose 8596 data -- for example, 8597 <motonori@cs.ritsumei.ac.jp> NAKAMURA Motonori 8598 (romanized/less information) 8599 <motonori@cs.ritsumei.ac.jp> =?ISO-2022-JP?B?GyRCQ2ZCPBsoQg==?= 8600 =?ISO-2022-JP?B?GyRCQUdFNRsoQg==?= 8601 (with MIME encoding, not human readable) 8602 <motonori@cs.ritsumei.ac.jp> #@# ^[$BCfB<^[(B ^[$BAGE5^[(B 8603 (native encoding with ISO-2022-JP) 8604 The last form is human readable in the Japanese environment. 8605 Based on a fix from (surprise!) Motonori Nakamura. 8606 Don't make SMTP error returns on MAIL FROM: line be "sticky" for all 8607 messages to that host; these are most frequently associated 8608 with addresses rather than the host, with the exception of 8609 421 (service shutting down). The effect was to cause queues 8610 to sometimes take an excessive time to flush. Reported by 8611 Robert Sargent of Southern Geographics Technologies and 8612 Eric Prestemon of American University. 8613 Add Nice=N mailer option to set the niceness at which a mailer will 8614 run. This is actually a relative niceness (that is, an 8615 increment on the background value). 8616 Log queue runs that are skipped due to high loads. They are logged 8617 at LOG_INFO priority iff the log level is > 8. Contributed 8618 by Bruce Nagel of Data General. 8619 Allow the error mailer to accept a DSN-style error status code 8620 instead of an sysexits status code in the host part. 8621 Anything with a dot will be interpreted as a DSN-style code. 8622 Add new mailer flag: F=3 will tell translations to Quoted-Printable 8623 to encode characters that might be munged by an EBCDIC system 8624 in addition to the set required by RFC 1521. The additional 8625 characters are !, ", #, $, @, [, \, ], ^, `, {, |, }, and ~. 8626 (Think of "IBM 360" as the mnemonic for this flag.) 8627 Change check for mailing to files to look for a pathname of [FILE] 8628 rather than looking for the mailer named *file*. The mapping 8629 of leading slashes still goes to the *file* mailer. This 8630 allows you to implement the *file* mailer as a separate 8631 program, for example, to insert a Content-Length: header 8632 or do special security policy. However, note that the usual 8633 initial checking for the file permissions is still done, and 8634 the program in question needs to be very careful about how 8635 it does the file write to avoid security problems. 8636 Be able to read ~root/.forward even if the path isn't accessible to 8637 regular users. This is disrecommended because sendmail 8638 sometimes does not run as root (e.g., when an unsafe option 8639 is specified on the command line), but should otherwise be 8640 safe because .forward files must be owned by the user for 8641 whom mail is being forwarded, and cannot be a symbolic link. 8642 Suggested by Forrest Aldrich of Wang Laboratories. 8643 Add new "HostsFile" option that is the pathname to the /etc/hosts 8644 file. This is used for canonifying hostnames when the 8645 service type is "files". 8646 Implement programs on F (read class from file) line. The syntax is 8647 Fc|/path/to/program to read the output from the program 8648 into class "c". 8649 Probe the network interfaces to find alternate names for this 8650 host. Requires the SIOCGIFCONF ioctl call. Code 8651 contributed by SunSoft. 8652 Add "E" configuration line to set or propagate environment 8653 variables into children. "E<envar>" will propagate 8654 the named variable from the environment when sendmail 8655 was invoked into any children it calls; "E<envar>=<value>" 8656 sets the named variable to the indicated value. Any 8657 variables not explicitly named will not be in the child 8658 environment. However, sendmail still forces an 8659 "AGENT=sendmail" environment variable, in part to enforce 8660 at least one environment variable, since many programs and 8661 libraries die horribly if this is not guaranteed. 8662 Change heuristic for rebuilding both NEWDB and NDBM versions of 8663 alias databases -- new algorithm looks for the substring 8664 "/yp/" in the file name. This is more portable and involves 8665 less overhead. Suggested by Motonori Nakamura. 8666 Dynamically allocate the queue work list so that you don't lose 8667 jobs in large queue runs. The old QUEUESIZE compile parameter 8668 is replaced by QUEUESEGSIZE (the unit of allocation, which 8669 should not need to be changed) and the MaxQueueRunSize option, 8670 which is the absolute maximum number of jobs that will ever 8671 be handled in a single queue run. Based on code contributed 8672 by Brian Coan of the Institute for Global Communications. 8673 Log message when a message is dropped because it exceeds the maximum 8674 message size. Suggested by Leo Bicknell of Virginia Tech. 8675 Allow trusted users (those on a T line or in $=t) to use -bs without 8676 an X-Authentication-Warning: added. Suggested by Mark Thomas 8677 of Mark G. Thomas Consulting. 8678 Announce state of compile flags on -d0.1 (-d0.10 throws in the 8679 OS-dependent defines). The old semantic of -d0.1 to not 8680 run the daemon in background has been moved to -d99.100, 8681 and the old 52.5 flag (to avoid disconnect() from closing 8682 all output files) has been moved to 52.100. This makes 8683 things more consistent (flags below .100 don't change 8684 semantics) and separates out the backgrounding so that 8685 it doesn't happen automatically on other unrelated debugging 8686 flags. 8687 If -t is used but no addresses are found in the header, give an 8688 error message rather than just doing nothing. Fix from 8689 Motonori Nakamura. 8690 On systems (like SunOS) where the effective gid is not necessarily 8691 included in the group list returned by getgroups(), the 8692 `restrictmailq' option could sometimes cause an authorized 8693 user to not be able to use `mailq'. Fix from Charles Hannum 8694 of MIT. 8695 Allow symbolic service names for [IPC] mailers. Suggested by 8696 Gerry Magennis of Logica International. 8697 Add DontExpandCnames option to prevent $[ ... $] from expanding CNAMEs 8698 when running DNS. For example, if the name FTP.Foo.ORG is 8699 a CNAME for Cruft.Foo.ORG, then when sitting on a machine in 8700 the Foo.ORG domain a lookup of "FTP" returns "Cruft.Foo.ORG" 8701 if this option is not set, or "FTP.Foo.ORG" if it is set. 8702 This is technically illegal under RFC 822 and 1123, but the 8703 IETF is moving toward legalizing it. Note that turning on 8704 this option is not sufficient to guarantee that a downstream 8705 neighbor won't rewrite the address for you. 8706 Add "-m" flag to makesendmail script -- this tells you what object 8707 directory and Makefile it will use, but doesn't actually do 8708 the make. 8709 Do some additional checking on the contents of the qf file to try 8710 to detect attacks against the qf file. In particular, 8711 abort on any line beginning "From ", and add an "end of 8712 file" line -- any data after that line is prohibited. 8713 Always use /etc/sendmail.cf, regardless of the arbitrary vendor 8714 choices. This can be overridden in the Makefile by using 8715 either -DUSE_VENDOR_CF_PATH to get the vendor location 8716 (to the extent that we know it) or by defining 8717 _PATH_SENDMAILCF (which is a "hard override"). This allows 8718 sendmail 8 to have more consistent installation instructions. 8719 Allow macros on `K' line in config file. Suggested by Andrew Chang 8720 of Sun Microsystems. 8721 Improved symbol table hash function from Eric Wassenaar. This one 8722 is at least 50% faster. 8723 Fix problem that didn't notice that timeout on file open was a 8724 transient error. Fix from Larry Parmelee of Cornell 8725 University. 8726 Allow comments (lines beginning with a `#') in files read for 8727 classes. Suggested by Motonori Nakamura. 8728 Make SIGINT (usually ^C) in test mode return to the prompt instead 8729 of dropping out entirely. This makes testing some of the 8730 name server lookups easier to deal with when there are 8731 hung servers. From Motonori Nakamura. 8732 Add new ${opMode} macro that is set to the current operation mode 8733 (e.g., `s' for -bs, `t' for -bt, etc.). Suggested by 8734 Claude Marinier <MARINIER@emp.ewd.dreo.dnd.ca>. 8735 Add new delivery mode (Odd) that defers all map lookups to queue runs. 8736 Kind of like queue-only mode (Odq) except it tries to avoid 8737 any external service requests; for dial-on-demand hosts that 8738 want to minimize DNS lookups when mail is being queued. For 8739 this to work you will also have to make sure that gethostbyname 8740 of your local host name does not do a DNS lookup. 8741 Improved handling of "out of space" conditions from John Myers of 8742 Carnegie Mellon. 8743 Improved security for mailing to files on systems that have fchmod(2) 8744 support. 8745 Improve "cannot send message for N days" message -- now says "could 8746 not send for past N days". Suggested by Tom Moore of AT&T 8747 Global Information Solutions. 8748 Less misleading Subject: line on messages sent to postmaster only. 8749 From Motonori Nakamura. 8750 Avoid duplicate error messages on bad command line flags. From 8751 Motonori Nakamura. 8752 Better error message for case where ruleset 0 falls off the end 8753 or otherwise does not resolve to a canonical triple. 8754 Fix a problem that could cause multiple bounce messages if a bad 8755 address was sent along with a good address to an SMTP 8756 site where that SMTP site returned a 4yz code in response 8757 to the final dot of the data. Problem reported by David 8758 James of British Telecom. 8759 Add "volatile" declarations so that gcc -O2 will work. Patches 8760 from Alexander Dupuy of System Management ARTS. 8761 Delete duplicates in MX lists -- believe it or not, there are sites 8762 that list the same host twice in an MX list. This deletion 8763 only works on adjacent preferences, so an MX list that 8764 had A=5, B=10, A=15 would leave both As, but one that had 8765 A=5, A=10, B=15 would reduce to A, B. This is intentional, 8766 just in case there is something weird I haven't thought of. 8767 Suggested by Barry Shein of Software Tool & Die. 8768 SECURITY: .forward files cannot be symbolic links. If they are, 8769 a bad guy can read your private files. 8770 PORTABILITY FIXES: 8771 Solaris 2 from Rob McMahon <cudcv@csv.warwick.ac.uk>. 8772 System V Release 4 from Motonori Nakamura of Ritsumeikan 8773 University. This expands the disk size 8774 checking to include all (?) SVR4 configurations. 8775 System V Release 4 from Kimmo Suominen -- initgroups(3) 8776 and setrlimit(2) are both available. 8777 System V Release 4 from sob@sculley.ffg.com -- some versions 8778 apparently "have EX_OK defined in other headerfiles." 8779 Linux Makefile typo. 8780 Linux getusershell(3) is broken in Slackware 2.0 -- 8781 from Andrew Pam of Xanadu Australia. 8782 More Linux tweaking from John Kennedy of California State 8783 University, Chico. 8784 Cray changes from Eric Wassenaar: ``On Cray, shorts, 8785 ints, and longs are all 64 bits, and all structs 8786 are multiples of 64 bits. This means that the 8787 sizeof operator returns only multiples of 8. 8788 This requires adaptation of code that really 8789 deals with 32 bit or 16 bit fields, such as IP 8790 addresses or nameserver fields.'' 8791 DG/UX 5.4.3 from Mark T. Robinson <mtr@ornl.gov>. To 8792 get the old behavior, use -DDGUX_5_4_2. 8793 DG/UX hack: add _FORCE_MAIL_LOCAL_=yes environment 8794 variable to fix bogus /bin/mail behavior. 8795 Tandem NonStop-UX from Rick McCarty <mccarty@mpd.tandem.com>. 8796 This also cleans up some System V Release 4 compile 8797 problems. 8798 Solaris 2: sendmail.cw file should be in /etc/mail to 8799 match all the other configuration files. Fix 8800 from Glenn Barry of Emory University. 8801 Solaris 2.3: compile problem in conf.c. Fix from Alain 8802 Nissen of the University of Liege, Belgium. 8803 Ultrix: freespace calculation was incorrect. Fix from 8804 Takashi Kizu of Osaka University. 8805 SVR4: running in background gets a SIGTTOU because the 8806 emulation code doesn't realize that "getpeername" 8807 doesn't require reading the file. Fix from Peter 8808 Wemm of DIALix. 8809 Solaris 2.3: due to an apparent bug in the socket emulation 8810 library, sockets can get into a "wedged" state where 8811 they just return EPROTO; closing and re-opening the 8812 socket clears the problem. Fix from Bob Manson 8813 of Ohio State University. 8814 Hitachi 3050R & 3050RX running HI-UX/WE2: portability 8815 fixes from Akihiro Hashimoto ("Hash") of Chiba 8816 University. 8817 AIX changes to allow setproctitle to work from Rainer Sch�pf 8818 of Zentrum f�r Datenverarbeitung der Universit�t 8819 Mainz. 8820 AIX changes for load average from Ed Ravin of NASA/Goddard. 8821 SCO Unix from Chip Rosenthal of Unicom (code was using the 8822 wrong statfs call). 8823 ANSI C fixes from Adam Glass (NetBSD project). 8824 Stardent Titan/ANSI C fixes from Kate Hedstrom of Rutgers 8825 University. 8826 DG-UX fixes from Bruce Nagel of Data General. 8827 IRIX64 updates from Mark Levinson of the University of 8828 Rochester Medical Center. 8829 Altos System V (``the first UNIX/XENIX merge the Altos 8830 did for their Series 1000 & Series 2000 line; 8831 their merged code was licensed back to AT&T and 8832 Microsoft and became System V release 3.2'') from 8833 Tim Rice <timr@crl.com>. 8834 OSF/1 running on Intel Paragon from Jeff A. Earickson 8835 <jeff@ssd.intel.com> of Intel Scalable Systems 8836 Division. 8837 Amdahl UTS System V 2.1.5 (SVr3-based) from Janet Jackson 8838 <janet@dialix.oz.au>. 8839 System V Release 4 (statvfs semantic fix) from Alain 8840 Durand of I.M.A.G. 8841 HP-UX 10.x multiprocessor load average changes from 8842 Scott Hutton and Jeff Sumler of Indiana University. 8843 Cray CSOS from Scott Bolte of Cray Computer Corporation. 8844 Unicos 8.0 from Douglas K. Rand of the University of North 8845 Dakota, Scientific Computing Center. 8846 Solaris 2.4 fixes from Sanjay Dani of Dani Communications. 8847 ConvexOS 11.0 from Christophe Wolfhugel. 8848 IRIX 4.0.5 from David Ashton-Reader of CADcentre. 8849 ISC UNIX from J. J. Bailey. 8850 HP-UX 9.xx on the 8xx series machines from Remy Giraud 8851 of Meteo France. 8852 HP-UX configuration from Tom Lane <tgl@sss.pgh.pa.us>. 8853 IRIX 5.2 and 5.3 from Kari E. Hurtta. 8854 FreeBSD 2.0 from Mike Hickey of Federal Data Corporation. 8855 Sony NEWS-OS 4.2.1R and 6.0.3 from Motonori Nakamura. 8856 Omron LUNA unios-b, mach from Motonori Nakamura. 8857 NEC EWS-UX/V 4.2 from Motonori Nakamura. 8858 NeXT 2.1 from Bryan Costales. 8859 AUX patch thanks to Mike Erwin of Apple Computer. 8860 HP-UX 10.0 from John Beck of Hewlett-Packard. 8861 Ultrix: allow -DBROKEN_RES_SEARCH=0 if you are using a 8862 non-DEC resolver. Suggested by Allan Johannesen. 8863 UnixWare 2.0 fixes from Petr Lampa of the Technical 8864 University of Brno (Czech Republic). 8865 KSR OS 1.2.2 support from Todd Miller of the University 8866 of Colorado. 8867 UX4800 support from Kazuhisa Shimizu of NEC. 8868 MAKEMAP: allow -d flag to allow insertion of duplicate aliases 8869 in type ``btree'' maps. The semantics of this are undefined 8870 for regular maps, but it can be useful for the user database. 8871 MAKEMAP: lock database file while rebuilding to avoid sendmail 8872 lookups while the rebuild is going on. There is a race 8873 condition between the open(... O_TRUNC ...) and the lock 8874 on the file, but it should be quite small. 8875 SMRSH: sendmail restricted shell added to the release. This can 8876 be used as an alternative to /bin/sh for the "prog" mailer, 8877 giving the local administrator more control over what 8878 programs can be run from sendmail. 8879 MAIL.LOCAL: add this local mailer to the tape. It is not really 8880 part of the release proper, and isn't fully supported; in 8881 particular, it does not run on System V based systems and 8882 never will. 8883 CONTRIB: a patch to rmail.c from Bill Gianopoulos of Raytheon 8884 to allow rmail to compile on systems that don't have 8885 function prototypes and systems that don't have snprintf. 8886 CONTRIB: add the "mailprio" scripts that will help you sort mailing 8887 lists by transaction delay times so that addresses that 8888 respond quickly get sent first. This is to prevent very 8889 sluggish servers from delaying other peoples' mail. 8890 Contributed by Tony Sanders of BSDI. 8891 CONTRIB: add the "bsdi.mc" file as contributed by Tony Sanders 8892 of BSDI. This has a lot of comments to help people out. 8893 CONFIG: Don't have .mc files include(../m4/cf.m4) -- instead, 8894 put this on the m4 command line. On GNU m4 (which 8895 supports the __file__ primitive) you can run m4 in an 8896 arbitrary directory -- use either: 8897 m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf 8898 or 8899 m4 -I${CFDIR} m4/cf.m4 config.mc > config.cf 8900 On other versions of m4 that don't support __file__, you 8901 can use: 8902 m4 -D_CF_DIR_=${CFDIR}/ ${CFDIR}/m4/cf.m4 ... 8903 (Note the trailing slash on the _CF_DIR_ definition.) 8904 Old versions of m4 will default to _CF_DIR_=.. for back 8905 compatibility. 8906 CONFIG: fix mail from <> so it will properly convert to 8907 MAILER-DAEMON on local addresses. 8908 CONFIG: fix code that was supposed to catch colons in host 8909 names. Problem noted by John Gardiner Myers of CMU. 8910 CONFIG: allow use of SMTP_MAILER_MAX in nullclient configuration. 8911 From Paul Riddle of the University of Maryland, Baltimore 8912 County. 8913 CONFIG: Catch and reject "." as a host address. 8914 CONFIG: Generalize domaintable to look up all domains, not 8915 just unqualified ones. 8916 CONFIG: Delete OLD_SENDMAIL support -- as near as I can tell, it 8917 was never used and didn't work anyway. 8918 CONFIG: Set flags A, w, 5, :, /, |, and @ on the "local" mailer 8919 and d on all mailers in the UUCP class. 8920 CONFIG: Allow "user+detail" to be aliased specially: it will first 8921 look for an alias for "user+detail", then for "user+*", and 8922 finally for "user". This is intended for forwarding mail 8923 for system aliases such as root and postmaster to a 8924 centralized hub. 8925 CONFIG: add confEIGHT_BIT_HANDLING to set option 8 (see above). 8926 CONFIG: add smtp8 mailer; this has the F=8 (just-send-8) flag set. 8927 The F=8 flag is also set on the "relay" mailer, since 8928 this is expected to be another sendmail. 8929 CONFIG: avoid qualifying all UUCP addresses sent via SMTP with 8930 the name of the UUCP_RELAY -- in some cases, this is the 8931 wrong value (e.g., when we have local UUCP connections), 8932 and this can create unreplyable addresses. From Chip 8933 Rosenthal of Unicom. 8934 CONFIG: add confRECEIVED_HEADER to change the format of the 8935 Received: header inserted into all messages. Suggested by 8936 Gary Mills of the University of Manitoba. 8937 CONFIG: Make "notsticky" the default; use FEATURE(stickyhost) 8938 to get the old behavior. I did this upon observing 8939 that almost everyone needed this feature, and that the 8940 concept I was trying to make happen didn't work with 8941 some user agents anyway. FEATURE(notsticky) still works, 8942 but it is a no-op. 8943 CONFIG: Add LUSER_RELAY -- the host to which unrecognized user 8944 names are sent, rather than immediately diagnosing them 8945 as User Unknown. 8946 CONFIG: Add SMTP_MAILER_ARGS, ESMTP_MAILER_ARGS, SMTP8_MAILER_ARGS, 8947 and RELAY_MAILER_ARGS to set the arguments for the 8948 indicated mailers. All default to "IPC $h". Patch from 8949 Larry Parmelee of Cornell University. 8950 CONFIG: pop mailer needs F=n flag to avoid "annoying side effects 8951 on the client side" and F=P to get an appropriate 8952 return-path. From Kimmo Suominen. 8953 CONFIG: add FEATURE(local_procmail) to use the procmail program 8954 as the local mailer. For addresses of the form "user+detail" 8955 the "detail" part is passed to procmail via the -a flag. 8956 Contributed by Kimmo Suominen. 8957 CONFIG: add MAILER(procmail) to add an interface to procmail for 8958 use from mailertables. This lets you execute arbitrary 8959 procmail scripts. Contributed by Kimmo Suominen. 8960 CONFIG: add T= fields (MTS type) to local, smtp, and uucp mailers. 8961 CONFIG: add OSTYPE(ptx2) for DYNIX/ptx 2.x from Sequent. From 8962 Paul Southworth of CICNet Systems Support. 8963 CONFIG: use -a$g as default to UUCP mailers, instead of -a$f. 8964 This causes the null return path to be rewritten as 8965 MAILER-DAEMON; otherwise UUCP gets horribly confused. 8966 From Michael Hohmuth of Technische Universitat Dresden. 8967 CONFIG: Add FEATURE(bestmx_is_local) to cause any hosts that 8968 list us as the best possible MX record to be treated as 8969 though they were local (essentially, assume that they 8970 are included in $=w). This can cause additional DNS 8971 traffic, but is easier to administer if this fits your 8972 local model. It does not work reliably if there are 8973 multiple hosts that share the best MX preference. 8974 Code contributed by John Oleynick of Rutgers. 8975 CONFIG: Add FEATURE(smrsh) to use smrsh (the SendMail Restricted 8976 SHell) instead of /bin/sh as the program used for delivery 8977 to programs. If an argument is included, it is used as 8978 the path to smrsh; otherwise, /usr/local/etc/smrsh is 8979 assumed. 8980 CONFIG: Add LOCAL_MAILER_MAX and PROCMAILER_MAILER_MAX to limit the 8981 size of messages to the local and procmail mailers 8982 respectively. Contributed by Brad Knowles of the Defense 8983 Information Systems Agency. 8984 CONFIG: Handle leading ``phrase:'' and trailing ``;'' as comments 8985 (just like text outside of angle brackets) in order to 8986 properly deal with ``group: addr1, ... addrN;'' syntax. 8987 CONFIG: Require OSTYPE macro (the defaults really don't apply to 8988 any real systems any more) and tweak the DOMAIN macro 8989 so that it is less likely that users will accidentally use 8990 the Berkeley defaults. Also, create some generic files 8991 that really can be used in the real world. 8992 CONFIG: Add new configuration macros to set character sets for 8993 messages _arriving from_ various mailers: LOCAL_MAILER_CHARSET, 8994 SMTP_MAILER_CHARSET, and UUCP_MAILER_CHARSET. 8995 CONFIG: Change UUCP_MAX_SIZE to UUCP_MAILER_MAX for consistency. 8996 The old name will still be accepted for a while at least. 8997 CONFIG: Implement DECNET_RELAY as spec for host to which DECNET 8998 mail (.DECNET pseudo-domain or node::user) will be sent. 8999 As with all relays, it can be ``mailer:hostname''. Suggested 9000 by Scott Hutton. 9001 CONFIG: Add MAILER(mail11) to get DECnet support. Code contributed 9002 by Barb Dijker of Labyrinth Computer Services. 9003 CONFIG: change confCHECK_ALIASES to default to False -- it has poor 9004 performance for large alias files, and this confused many 9005 people. 9006 CONFIG: Add confCF_VERSION to append local information to the 9007 configuration version number displayed during SMTP startup. 9008 CONFIG: fix some.newsgroup.usenet@local.host syntax (previously it 9009 would only work when locally addressed. Fix from 9010 Edvard Tuinder of Cistron Internet Services. 9011 CONFIG: use ${opMode} to avoid error on .REDIRECT addresses if option 9012 "n" (CheckAliases) is set when rebuilding alias database. 9013 Based on code contributed by Claude Marinier. 9014 CONFIG: Allow mailertable to have values of the form 9015 ``error:code message''. The ``code'' is a status code 9016 derived from the sysexits codes -- e.g., NOHOST or UNAVAILABLE. 9017 Contributed by David James <dwj@agw.bt.co.uk>. 9018 CONFIG: add MASQUERADE_DOMAIN(domain list) to extend the list of 9019 sender domains that will be replaced with the masquerade name. 9020 These domains will not be treated as local, but if mail passes 9021 through with sender addresses in those domains they will be 9022 replaced by the masquerade name. These can also be specified 9023 in a file using MASQUERADE_DOMAIN_FILE(filename). 9024 CONFIG: add FEATURE(masquerade_envelope) to masquerade the envelope 9025 as well as the header. Substantial improvements to this 9026 code were contributed by Per Hedeland. 9027 CONFIG: add MAILER(phquery) to define a new "ph" mailer; this can be 9028 accessed from a mailertable to do CCSO ph lookups. Contributed 9029 by Kimmo Suominen. 9030 CONFIG: add MAILER(cyrus) to define a new Cyrus mailer; this can be 9031 used to define cyrus and cyrusbb mailers (for IMAP support). 9032 Contributed by John Gardiner Myers of Carnegie Mellon. 9033 CONFIG: add confUUCP_MAILER to select default mailer to use for 9034 UUCP addressing. Suggested by Tom Moore of AT&T GIS. 9035 NEW FILES: 9036 cf/cf/cs-hpux10.mc 9037 cf/cf/cs-solaris2.mc 9038 cf/cf/cyrusproto.mc 9039 cf/cf/generic-bsd4.4.mc 9040 cf/cf/generic-hpux10.mc 9041 cf/cf/generic-hpux9.mc 9042 cf/cf/generic-osf1.mc 9043 cf/cf/generic-solaris2.mc 9044 cf/cf/generic-sunos4.1.mc 9045 cf/cf/generic-ultrix4.mc 9046 cf/cf/huginn.cs.mc 9047 cf/domain/berkeley-only.m4 9048 cf/domain/generic.m4 9049 cf/feature/bestmx_is_local.m4 9050 cf/feature/local_procmail.m4 9051 cf/feature/masquerade_envelope.m4 9052 cf/feature/smrsh.m4 9053 cf/feature/stickyhost.m4 9054 cf/feature/use_ct_file.m4 9055 cf/m4/cfhead.m4 9056 cf/mailer/cyrus.m4 9057 cf/mailer/mail11.m4 9058 cf/mailer/phquery.m4 9059 cf/mailer/procmail.m4 9060 cf/ostype/amdahl-uts.m4 9061 cf/ostype/bsdi2.0.m4 9062 cf/ostype/hpux10.m4 9063 cf/ostype/irix5.m4 9064 cf/ostype/isc4.1.m4 9065 cf/ostype/ptx2.m4 9066 cf/ostype/unknown.m4 9067 contrib/bsdi.mc 9068 contrib/mailprio 9069 contrib/rmail.oldsys.patch 9070 mail.local/mail.local.0 9071 makemap/makemap.0 9072 smrsh/README 9073 smrsh/smrsh.0 9074 smrsh/smrsh.8 9075 smrsh/smrsh.c 9076 src/Makefiles/Makefile.CSOS 9077 src/Makefiles/Makefile.EWS-UX_V 9078 src/Makefiles/Makefile.HP-UX.10 9079 src/Makefiles/Makefile.IRIX.5.x 9080 src/Makefiles/Makefile.IRIX64 9081 src/Makefiles/Makefile.ISC 9082 src/Makefiles/Makefile.KSR 9083 src/Makefiles/Makefile.NEWS-OS.4.x 9084 src/Makefiles/Makefile.NEWS-OS.6.x 9085 src/Makefiles/Makefile.NEXTSTEP 9086 src/Makefiles/Makefile.NonStop-UX 9087 src/Makefiles/Makefile.Paragon 9088 src/Makefiles/Makefile.SCO.3.2v4.2 9089 src/Makefiles/Makefile.SunOS.5.3 9090 src/Makefiles/Makefile.SunOS.5.4 9091 src/Makefiles/Makefile.SunOS.5.5 9092 src/Makefiles/Makefile.UNIX_SV.4.x.i386 9093 src/Makefiles/Makefile.uts.systemV 9094 src/Makefiles/Makefile.UX4800 9095 src/aliases.0 9096 src/mailq.0 9097 src/mime.c 9098 src/newaliases.0 9099 src/sendmail.0 9100 test/t_seteuid.c 9101 RENAMED FILES: 9102 cf/cf/alpha.mc => cf/cf/s2k-osf1.mc 9103 cf/cf/chez.mc => cf/cf/chez.cs.mc 9104 cf/cf/hpux-cs-exposed.mc => cf/cf/cs-hpux9.mc 9105 cf/cf/osf1-cs-exposed.mc => cf/cf/cs-osf1.mc 9106 cf/cf/s2k.mc => cf/cf/s2k-ultrix4.mc 9107 cf/cf/sunos4.1-cs-exposed.mc => cf/cf/cs-sunos4.1.mc 9108 cf/cf/ultrix4.1-cs-exposed.mc => cf/cf/cs-ultrix4.mc 9109 cf/cf/vangogh.mc => cf/cf/vangogh.cs.mc 9110 cf/domain/Berkeley.m4 => cf/domain/Berkeley.EDU.m4 9111 cf/domain/cs-exposed.m4 => cf/domain/CS.Berkeley.EDU.m4 9112 cf/domain/eecs-hidden.m4 => cf/domain/EECS.Berkeley.EDU.m4 9113 cf/domain/s2k.m4 => cf/domain/S2K.Berkeley.EDU.m4 9114 cf/ostype/hpux.m4 => cf/ostype/hpux9.m4 9115 cf/ostype/irix.m4 => cf/ostype/irix4.m4 9116 cf/ostype/ultrix4.1.m4 => cf/ostype/ultrix4.m4 9117 src/Makefile.* => src/Makefiles/Makefile.* 9118 src/Makefile.AUX => src/Makefiles/Makefile.A-UX 9119 src/Makefile.BSDI => src/Makefiles/Makefile.BSD-OS 9120 src/Makefile.DGUX => src/Makefiles/Makefile.dgux 9121 src/Makefile.RISCos => src/Makefiles/Makefile.UMIPS 9122 src/Makefile.SunOS.4.0.3 => src/Makefiles/Makefile.SunOS.4.0 9123 OBSOLETED FILES: 9124 cf/cf/cogsci.mc 9125 cf/cf/cs-exposed.mc 9126 cf/cf/cs-hidden.mc 9127 cf/cf/hpux-cs-hidden.mc 9128 cf/cf/knecht.mc 9129 cf/cf/osf1-cs-hidden.mc 9130 cf/cf/sunos3.5-cs-exposed.mc 9131 cf/cf/sunos3.5-cs-hidden.mc 9132 cf/cf/sunos4.1-cs-hidden.mc 9133 cf/cf/ultrix4.1-cs-hidden.mc 9134 cf/domain/cs-hidden.m4 9135 contrib/rcpt-streaming 9136 src/Makefiles/Makefile.SunOS.5.x 9137 91388.6.13/8.6.12 1996/01/25 9139 SECURITY: In some cases it was still possible for an attacker to 9140 insert newlines into a queue file, thus allowing access to 9141 any user (except root). 9142 CONFIG: no changes -- it is not a bug that the configuration 9143 version number is unchanged. 9144 91458.6.12/8.6.12 1995/03/28 9146 Fix to IDENT code (it was getting the size of the reply buffer 9147 too small, so nothing was ever accepted). Fix from several 9148 people, including Allan Johannesen, Shane Castle of the 9149 Boulder County Information Services, and Jeff Smith of 9150 Warwick University (all arrived within a few hours of 9151 each other!). 9152 Fix a problem that could cause large jobs to run out of 9153 file descriptors on systems that use vfork() rather 9154 than fork(). 9155 91568.6.11/8.6.11 1995/03/08 9157 The ``possible attack'' message would be logged more often 9158 than necessary if you are using Pine as a user agent. 9159 The wrong host would be reported in the ``possible attack'' 9160 message when attempted from IDENT. 9161 In some cases the syslog buffer could be overflowed when 9162 reporting the ``possible attack'' message. This can 9163 cause denial of service attacks. Truncate the message 9164 to 80 characters to prevent this problem. 9165 When reading the IDENT response a loop is needed around the 9166 read from the network to ensure that you don't get 9167 partial lines. 9168 Password entries without any shell listed (that is, a null 9169 shell) wouldn't match as "ok". Problem noted by 9170 Rob McMahon. 9171 When running BIND 4.9.x a problem could occur because the 9172 _res.options field is initialized differently than it 9173 was historically -- this requires that sendmail call 9174 res_init before it tweaks any bits. 9175 Fix an incompatibility in openxscript() between the file open mode 9176 and the stdio mode passed to fdopen. This caused UnixWare 9177 2.0 to have conniptions. Fix from Martin Sohnius of 9178 Novell Labs Europe. 9179 Fix problem with static linking of local getopt routine when 9180 using GNU's ld command. Fix from John Kennedy of 9181 Cal State Chico. 9182 It was possible to turn off privacy flags. Problem noted by 9183 *Hobbit*. 9184 Be more paranoid about writing files. Suggestions by *Hobbit* 9185 and Liudvikas Bukys. 9186 MAKEMAP: fixes for 64 bit machines (DEC Alphas in particular) 9187 from Spider Boardman. 9188 CONFIG: No changes (version number only, to keep it in sync 9189 with the binaries). 9190 91918.6.10/8.6.10 1995/02/10 9192 SECURITY: Diagnose bogus values to some command line flags that 9193 could allow trash to get into headers and qf files. 9194 Validate the name of the user returned by the IDENT protocol. 9195 Some systems that really dislike IDENT send intentionally 9196 bogus information. Problem pointed out by Michael Bushnell 9197 of the Free Software Foundation. Has some security 9198 implications. 9199 Fix a problem causing error messages about DNS problems when 9200 the host name contained a percent sign to act oddly 9201 because it was passed as a printf-style format string. 9202 In some cases this could cause core dumps. 9203 Avoid possible buffer overrun in returntosender() if error 9204 message is quite long. From Fletcher Mattox of the 9205 University of Texas. 9206 Fix a problem that would silently drop "too many hops" error 9207 messages if and only if you were sending to an alias. 9208 From Jon Giltner of the University of Colorado and 9209 Dan Harton of Oak Ridge National Laboratory. 9210 Fix a bug that caused core dumps on some systems if -d11.2 was 9211 set and e->e_message was null. Fix from Bruce Nagel of 9212 Data General. 9213 Fix problem that can still cause df files to be left around 9214 after "hop count exceeded" messages. Fix from Andrew 9215 Chang and Shau-Ping Lo of SunSoft. 9216 Fix a problem that can cause buffer overflows on very long 9217 user names (as might occur if you piped to a program 9218 with a lot of arguments). 9219 Avoid returning an error and re-queueing if the host signature 9220 is null; this can occur on addresses like ``user@.''. 9221 Problem noted by Wesley Craig and the University of 9222 Michigan. 9223 Avoid possible calls to malloc(0) if MCI caching is turned 9224 off. Bug fix from Pierre David of the Laboratoire 9225 Parallelisme, Reseaux, Systemes et Modelisation (PRiSM), 9226 Universite de Versailles - St Quentin, and Jacky 9227 Thibault. 9228 Make a local copy of the line being sent via senttolist() -- in 9229 some cases, buffers could get trashed by map lookups 9230 causing it to do unexpected things. This also simplifies 9231 some of the map code. 9232 CONFIG: No changes (version number only, to keep it in sync 9233 with the binaries). 9234 92358.6.9/8.6.9 1994/04/19 9236 Do all mail delivery completely disconnected from any terminal. 9237 This provides consistency with daemon delivery and 9238 may have some security implications. 9239 Make sure that malloc doesn't get called with zero size, 9240 since that fails on some systems. Reported by Ed 9241 Hill of the University of Iowa. 9242 Fix multi-line values for $e (SMTP greeting message). Reported 9243 by Mike O'Connor of Ford Motor Company. 9244 Avoid syserr if no NIS domain name is defined, but the map it 9245 is trying to open is optional. From Win Bent of USC. 9246 Changes for picky compilers from Ed Gould of Digital Equipment. 9247 Hesiod support for UDB from Todd Miller of the University of 9248 Colorado. Use "hesiod" as the service name in the U 9249 option. 9250 Fix a problem that failed to set the "authentic" host name (that 9251 is, the one derived from the socket info) if you called 9252 sendmail -bs from inetd. Based on code contributed by 9253 Todd Miller (this problem was also reported by Guy Helmer 9254 of Dakota State University). This also fixes a related 9255 problem reported by Liudvikas Bukys of the University of 9256 Rochester. 9257 Parameterize "nroff -h" in all the Makefiles so people with 9258 variant versions can use them easily. Suggested by 9259 Peter Collinson of Hillside Systems. 9260 SMTP "MAIL" commands with multiple ESMTP parameters required two 9261 spaces between parameters instead of one. Reported by 9262 Valdis Kletnieks of Virginia Tech. 9263 Reduce the number of system calls during message collection by 9264 using global timeouts around the collect() loop. This 9265 code was contributed by Eric Wassenaar. 9266 If the initial hostname name gathering results in a name 9267 without a dot (usually caused by NIS misconfiguration) 9268 and BIND is compiled in, directly access DNS to get 9269 the canonical name. This should make life easier for 9270 Solaris systems. If it still can't be resolved, and 9271 if the name server is listed as "required", try again 9272 in 30 seconds. If that also fails, exit immediately to 9273 avoid bogus "config error: mail loops back to myself" 9274 messages. 9275 Improve the "MAIL DELETED BECAUSE OF LACK OF DISK SPACE" error 9276 message to explain how much space was available and 9277 sound a bit less threatening. Suggested by Stan Janet 9278 of the National Institute of Standards and Technology. 9279 If mail is delivered to an alias that has an owner, deliver any 9280 requested return-receipt immediately, and strip the 9281 Return-Receipt-To: header from the subsequent message. 9282 This prevents a certain class of denial of service 9283 attack, arguably gives more reasonable semantics, and 9284 moves things more towards what will probably become a 9285 network standard. Suggested by Christopher Davis of 9286 Kapor Enterprises. 9287 Add a "noreceipts" privacy flag to turn off all return receipts 9288 without recompiling. 9289 Avoid printing ESMTP parameters as part of the error message 9290 if there are errors during parsing. This change is 9291 purely cosmetic. 9292 Avoid sending out error messages during the collect phase of 9293 SMTP; there is an MVS mailer from UCLA that gets 9294 confused by this. Of course, I think it's their bug.... 9295 Check for the $j macro getting undefined, losing a dot, or getting 9296 lost from $=w in the daemon before accepting a connection; 9297 if it is, it dumps state, prints a LOG_ALERT message, 9298 and drops core for debugging. This is an attempt to 9299 track down a bug that I thought was long since gone. 9300 If you see this, please forward the log fragment to 9301 sendmail@sendmail.ORG. 9302 Change OLD_NEWDB from a #ifdef to a #if so it can be turned off 9303 with -DOLD_NEWDB=0 on the command line. From Christophe 9304 Wolfhugel. 9305 Instead of trying to truncate the listen queue for the server 9306 SMTP port when the load average is too high, just close 9307 the port completely and reopen it later as needed. 9308 This ensures that the other end gets a quick "connection 9309 refused" response, and that the connection can be 9310 recovered later. In particular, some socket emulations 9311 seem to get confused if you tweak the listen queue 9312 size around and can never start listening to connections 9313 again. The down side is that someone could start up 9314 another daemon process in the interim, so you could 9315 have multiple daemons all not listening to connections; 9316 this could in turn cause the sendmail.pid file to be 9317 incorrect. A better approach might be to accept the 9318 connection and give a 421 code, but that could break 9319 other mailers in mysterious ways and have paging behavior 9320 implications. 9321 Fix a glitch in TCP-level debugging that caused flag 16.101 to 9322 set debugging on the wrong socket. From Eric Wassenaar. 9323 When creating a df* temporary file, be sure you truncate any 9324 existing data in the file -- otherwise system crashes 9325 and the like could result in extra data being sent. 9326 DOC: Replace the CHANGES-R5-R8 readme file with a paper in the 9327 doc directory. This includes some additional 9328 information. 9329 CONFIG: change UUCP rules to never add $U! or $k! on the front 9330 of recipient envelope addresses. This should have been 9331 handled by the $&h trick, but broke if people were 9332 mixing domainized and UUCP addresses. They should 9333 probably have converted all the way over to uucp-uudom 9334 instead of uucp-{new,old}, but the failure mode was to 9335 loop the mail, which was bad news. 9336 Portability fixes: 9337 Newer BSDI systems (several people). 9338 Older BSDI systems from Christophe Wolfhugel. 9339 Intergraph CLIX, from Paul Southworth of CICNet. 9340 UnixWare, from Evan Champion. 9341 NetBSD from Adam Glass. 9342 Solaris from Quentin Campbell of the University of 9343 Newcastle upon Tyne. 9344 IRIX from Dean Cookson and Bill Driscoll of Mitre 9345 Corporation. 9346 NCR 3000 from Kevin Darcy of Chrysler Financial Corporation. 9347 SunOS (it has setsid() and setvbuf() calls) from 9348 Jonathan Kamens of OpenVision Technologies. 9349 HP-UX from Tor Lillqvist. 9350 New Files: 9351 src/Makefile.CLIX 9352 src/Makefile.NCR3000 9353 doc/changes/Makefile 9354 doc/changes/changes.me 9355 doc/changes/changes.ps 9356 93578.6.8/8.6.6 1994/03/21 9358 SECURITY: it was possible to read any file as root using the 9359 E (error message) option. Reported by Richard Jones; 9360 fixed by Michael Corrigan and Christophe Wolfhugel. 9361 93628.6.7/8.6.6 1994/03/14 9363 SECURITY: it was possible to get root access by using weird 9364 values to the -d flag. Thanks to Alain Durand of 9365 INRIA for forwarding me the notice from the bugtraq 9366 list. 9367 93688.6.6/8.6.6 1994/03/13 9369 SECURITY: the ability to give files away on System V-based 9370 systems proved dangerous -- don't run as the owner 9371 of a :include: file on a system that allows giveaways. 9372 Unfortunately, this also applies to determining a 9373 valid shell. 9374 IMPORTANT: Previous versions weren't expiring old connections 9375 in the connection cache for a long time under some 9376 circumstances. This could result in resource exhaustion, 9377 both at your end and at the other end. This checks the 9378 connections for timeouts much more frequently. From 9379 Doug Anderson of NCSC. 9380 Fix a glitch that snuck in that caused programs to be run as 9381 the sender instead of the recipient if the mail was 9382 from a local user to another local user. From 9383 Motonori Nakamura of Kyoto University. 9384 Fix "wildcard" on /etc/shells matching -- instead of looking 9385 for "*", look for "/SENDMAIL/ANY/SHELL/". From 9386 Bryan Costales of ICSI. 9387 Change the method used to declare the "statfs" availability; 9388 instead of HASSTATFS and/or HASUSTAT with a ton of 9389 tweaking in conf.c, there is a single #define called 9390 SFS_TYPE which takes on one of six values (SFS_NONE 9391 for no statfs availability, SFS_USTAT for the ustat(2) 9392 syscall, SFS_4ARGS for a four argument statfs(2) call, 9393 and SFS_VFS, SFS_MOUNT, or SFS_STATFS for a two argument 9394 statfs(2) call with the declarations in <sys/vfs.h>, 9395 <sys/mount.h>, or <sys/statfs.h> respectively). 9396 Fix glitch in NetInfo support that could return garbage if 9397 there was no "/locations/sendmail" property. From 9398 David Meyer of the University of Virginia. 9399 Change HASFLOCK from defined/not-defined to a 0/1 definition 9400 to allow Linux to turn it off even though it is a 9401 BSD-like system. 9402 Allow setting of "ident" timeout to zero to turn off the ident 9403 protocol entirely. 9404 Make 7-bit stripping local to a connection (instead of to a 9405 mailer); this allows you to specify that SMTP is a 9406 7-bit channel, but revert to 8-bit should it advertise 9407 that it supports 8BITMIME. You still have to specify 9408 mailer flag 7 to get this stripping at all. 9409 Improve makesendmail script so it handles more cases automatically. 9410 Tighten up restrictions on taking ownership of :include: files 9411 to avoid problems on systems that allow you to give away 9412 files. 9413 Fix a problem that made it impossible to rebuild the alias 9414 file if it was on a read-only file system. From 9415 Harry Edmon of the University of Washington. 9416 Improve MX randomization function. From John Gardiner Myers 9417 of CMU. 9418 Fix a minor glitch causing a bogus message to be printed (used 9419 %s instead of %d in a printf string for the line number) 9420 when a bad queue file was read. From Harry Edmon. 9421 Allow $s to remain NULL on locally generated mail. I'm not 9422 sure this is necessary, but a lot of people have complained 9423 about it, and there is a legitimate question as to whether 9424 "localhost" is legal as an 822-style domain. 9425 Fix a problem with very short line lengths (mailer L= flag) in 9426 headers. This causes a leading space to be added onto 9427 continuation lines (including in the body!), and also 9428 tries to wrap headers containing addresses (From:, To:, 9429 etc) intelligently at the shorter line lengths. Problem 9430 Reported by Lars-Johan Liman of SUNET Operations Center. 9431 Log the real user name when logging syserrs, since these can have 9432 security implications. Suggested by several people. 9433 Fix address logging of cached connections -- it used to always 9434 log the numeric address as zero. This is a somewhat 9435 bogus implementation in that it does an extra system 9436 call, but it should be an inexpensive one. Fix from 9437 Motonori Nakamura. 9438 Tighten up handling of short syslog buffers even more -- there 9439 were cases where the outgoing relay= name was too long 9440 to share a line with delay= and mailer= logging. 9441 Limit the overhead on split envelopes to one open file descriptor 9442 per envelope -- previously the overhead was three 9443 descriptors. This was in response to a problem reported 9444 by P{r (Pell) Emanuelsson. 9445 Fixes to better handle the case of unexpected connection closes; 9446 this redirects the output to the transcript so the info 9447 is not lost. From Eric Wassenaar. 9448 Fix potential string overrun if you macro evaluate a string that 9449 has a naked $ at the end. Problem noted by James Matheson 9450 <jmrm@eng.cam.ac.uk>. 9451 Make default error number on $#error messages 553 (``Requested 9452 action not taken: mailbox name not allowed'') instead of 9453 501 (``Syntax error in parameters or arguments'') to 9454 avoid bogus "protocol error" messages. 9455 Strip off any existing trailing dot on names during $[ ... $] 9456 lookup. This prevents it from ending up with two dots 9457 on the end of dot terminated names. From Wesley Craig 9458 of the University of Michigan and Bryan Costales of ICSI. 9459 Clean up file class reading so that the debugging information is 9460 more informative. It hadn't been using setclass, so you 9461 didn't see the class items being added. 9462 Avoid core dump if you are running a version of sendmail where 9463 NIS is compiled in, and you specify an NIS map, but 9464 NIS is not running. Fix from John Oleynick of 9465 Rutgers. 9466 Diagnose bizarre case where res_search returns a failure value, 9467 but sets h_errno to a success value. 9468 Make sure that "too many hops" messages are considered important 9469 enough to send an error to the Postmaster (that is, the 9470 address specified in the P option). This fix should 9471 help problems that cause the df file to be left around 9472 sometimes -- unfortunately, I can't seem to reproduce 9473 the problem myself. 9474 Avoid core dump (null pointer reference) on EXPN command; this 9475 only occurred if your log level was set to 10 or higher 9476 and the target account was an alias or had a .forward file. 9477 Problem noted by Janne Himanka. 9478 Avoid "denial of service" attacks by someone who is flooding your 9479 SMTP port with bad commands by shutting the connection 9480 after 25 bad commands are issued. From Kyle Jones of 9481 UUNET. 9482 Fix core dump on error messages with very long "to" buffers; 9483 fmtmsg overflows the message buffer. Fixed by trimming 9484 the to address to 203 characters. Problem reported by 9485 John Oleynick. 9486 Fix configuration for HASFLOCK -- there were some spots where 9487 a #ifndef was incorrectly #ifdef. Pointed out by 9488 George Baltz of the University of Maryland. 9489 Fix a typo in savemail() that could cause the error message To: 9490 lists to be incorrect in some places. From Motonori 9491 Nakamura. 9492 Fix a glitch that can cause duplicate error messages on split 9493 envelopes where an address on one of the lists has a 9494 name server failure. Fix from Voradesh Yenbut of the 9495 University of Washington. 9496 Fix possible bogus pointer reference on ESMTP parameters that 9497 don't have an ``=value'' part. 9498 CNAME loops caused an error message to be generated, but also 9499 re-queued the message. Changed to just re-queue the 9500 message (it's really hard to just bounce it because 9501 of the weird way the name server works in the presence 9502 of CNAME loops). Problem noted by James M.R.Matheson 9503 of Cambridge University. 9504 Avoid giving ``warning: foo owned process doing -bs'' messages 9505 if they use ``MAIL FROM:<foo>'' where foo is their true 9506 user name. Suggested by Andreas Stolcke of ICSI. 9507 Change the NAMED_BIND compile flag to be a 0/1 flag so you can 9508 override it easily in the Makefile -- that is, you can 9509 turn it off using -DNAMED_BIND=0. 9510 If a gethostbyname(...) of an address with a trailing dot fails, 9511 try it without the trailing dot. This is because if 9512 you have a version of gethostbyname() that falls back 9513 to NIS or the /etc/hosts file it will fail to find 9514 perfectly reasonable names that just don't happen to 9515 be dot terminated in the hosts file. You don't want to 9516 strip the dot first though because we're trying to ensure 9517 that country names that match one of your subdomains get 9518 a chance. 9519 PRALIASES: fix bogus output on non-null-terminated strings. 9520 From Bill Gianopoulos of Raytheon. 9521 CONFIG: Avoid rewriting anything that matches $w to be $j. 9522 This was in code intended to only catch the self-literal 9523 address (that is, [1.2.3.4], where 1.2.3.4 is your 9524 IP address), but the code was broken. However, it will 9525 still do this if $M is defined; this is necessary to 9526 get client configurations to work (sigh). Note that this 9527 means that $M overrides :mailname entries in the user 9528 database! Problem noted by Paul Southworth. 9529 CONFIG: Fix definition of Solaris help file location. From 9530 Steve Cliffe <steve@gorgon.cs.uow.edu.au>. 9531 CONFIG: Fix bug that broke news.group.USENET mappings. 9532 CONFIG: Allow declaration of SMTP_MAILER_MAX, FAX_MAILER_MAX, 9533 and USENET_MAILER_MAX to tweak the maximum message 9534 size for various mailers. 9535 CONFIG: Change definition of USENET_MAILER_ARGS to include argv[0] 9536 instead of assuming that it is "inews" for consistency 9537 with other mailers. From Michael Corrigan of UC San Diego. 9538 CONFIG: When mail is forwarded to a LOCAL_RELAY or a MAIL_HUB, 9539 qualify the address in the SMTP envelope as user@{relay|hub} 9540 instead of user@$j. From Bill Wisner of The Well. 9541 CONFIG: Fix route-addr syntax in nullrelay configuration set. 9542 CONFIG: Don't turn off case mapping of user names in the local 9543 mailer for IRIX. This was different than most every other 9544 system. 9545 CONFIG: Avoid infinite loops on certainly list:; syntaxes in 9546 envelope. Noted by Thierry Besancon 9547 <besancon@excalibur.ens.fr>. 9548 CONFIG: Don't include -z by default on uux line -- most systems 9549 don't want it set by default. Pointed out by Philippe 9550 Michel of Thomson CSF. 9551 CONFIG: Fix some bugs with mailertables -- for example, if your 9552 host name was foo.bar.ray.com and you matched against 9553 ".ray.com", the old implementation bound %1 to "bar" 9554 instead of "foo.bar". Also, allow "." in the mailertable 9555 to match anything -- essentially, take over SMART_HOST. 9556 This also moves matching of explicit local host names 9557 before the mailertable so they don't have to be special 9558 cased in the mailertable data. Reported by Bill 9559 Gianopoulos of Raytheon; the fix for the %1 binding 9560 problem was contributed by Nicholas Comanos of the 9561 University of Sydney. 9562 CONFIG: Don't include "root" in class $=L (users to deliver 9563 locally, even if a hub or relay exists) by default. 9564 This is because of the known bug where definition of 9565 both a LOCAL_RELAY and a MAIL_HUB causes $=L to ignore 9566 both and deliver into the local mailbox. 9567 CONFIG: Move up bitdomain and uudomain handling so that they 9568 are done before .UUCP class matching; uudomain was 9569 reported as ineffective before. This also frees up 9570 diversion 8 for future use. Problem reported by Kimmo 9571 Suominen. 9572 CONFIG: Don't try to convert dotted IP address (e.g., [1.2.3.4]) 9573 into host names. As pointed out by Jonathan Kamens, 9574 these are often used because either the forward or reverse 9575 mapping is broken; this translation makes it broken again. 9576 DOC: Clarify $@ and $: in the Install & Op Guide. From Kimmo 9577 Suominen. 9578 Portability fixes: 9579 Unicos from David L. Kensiski of Sterling Software. 9580 DomainOS from Don Lewis of Silicon Systems. 9581 GNU m4 1.0.3 from Karst Koymans of Utrecht University. 9582 Convex from Kimmo Suominen <kim@tac.nyc.ny.us>. 9583 NetBSD from Adam Glass <glass@sun-lamp.cs.berkeley.edu>. 9584 BSD/386 from Tony Sanders of BSDI. 9585 Apollo from Eric Wassenaar. 9586 DGUX from Doug Anderson. 9587 Sequent DYNIX/ptx 2.0 from Tim Wright of Sequent. 9588 NEW FILES: 9589 src/Makefile.DomainOS 9590 src/Makefile.PTX 9591 src/Makefile.SunOS.5.1 9592 src/Makefile.SunOS.5.2 9593 src/Makefile.SunOS.5.x 9594 src/mailq.1 9595 cf/ostype/domainos.m4 9596 doc/op/Makefile 9597 doc/intro/Makefile 9598 doc/usenix/Makefile 9599 96008.6.5/8.6.5 1994/01/13 9601 Security fix: /.forward could be owned by anyone (the test 9602 to allow root to own any file was backwards). From 9603 Bob Campbell at U.C. Berkeley. 9604 Security fix: group ids were not completely set when programs 9605 were invoked. This caused programs to have group 9606 permissions they should not have had (usually group 9607 daemon instead of their own group). In particular, 9608 Perl scripts would refuse to run. 9609 Security: check to make sure files that are written are not 9610 symbolic links (at least under some circumstances). 9611 Although this does not respond to a specific known 9612 attack, it's just a good idea. Suggested by 9613 Christian Wettergren. 9614 Security fix: if a user had an NFS mounted home directory on 9615 a system with a restricted shell listed in their 9616 /etc/passwd entry, they could still execute any 9617 program by putting that in their .forward file. 9618 This fix prevents that by insisting that their shell 9619 appear in /etc/shells before allowing a .forward to 9620 execute a program or write a file. You can disable 9621 this by putting "*" in /etc/shells. It also won't 9622 permit world-writable :include: files to reference 9623 programs or files (there's no way to disable this). 9624 These behaviors are only one level deep -- for 9625 example, it is legal for a world-writable :include: 9626 file to reference an alias that writes a file, on 9627 the assumption that the alias file is well controlled. 9628 Security fix: root was not treated suspiciously enough when 9629 looking into subdirectories. This would potentially 9630 allow a cracker to examine files that were publicly 9631 readable but in a non-publicly searchable directory. 9632 Fix a problem that causes an error on QUIT on a cached 9633 connection to create problems on the current job. 9634 These are typically unrelated, so errors occur in 9635 the wrong place. 9636 Reset CurrentLA in sendall() -- this makes sendmail queue 9637 runs more responsive to load average, and fixes a 9638 problem that ignored the load average in locally 9639 generated mail. From Eric Wassenaar. 9640 Fix possible core dump on aliases with null LHS. From 9641 John Orthoefer of BB&N. 9642 Revert to using flock() whenever possible -- there are just 9643 too many bugs in fcntl() locking, particularly over 9644 NFS, that cause sendmail to fail in perverse ways. 9645 Fix a bug that causes the connection cache to get confused 9646 when sending error messages. This resulted in 9647 "unexpected close" messages. It should fix itself 9648 on the following queue run. Problem noted by 9649 Liudvikas Bukys of the University of Rochester. 9650 Include $k in $=k as documented in the Install & Op Guide. 9651 This seems odd, but it was documented.... From 9652 Michael Corrigan of UCSD. 9653 Fix problem that caused :include:s from alias files to be 9654 forced to be owned by root instead of daemon 9655 (actually DefUid). From Tim Irvin. 9656 Diagnose unrecognized I option values -- from Mortin Forssen 9657 of the Chalmers University of Technology. 9658 Make "error" mailer work consistently when there is no error 9659 code associated with it -- previously it returned OK 9660 even though there was a real problem. Now it assumes 9661 EX_UNAVAILABLE. 9662 Fix bug that caused the last header line of messages that had 9663 no body and which were terminated with EOF instead of 9664 "." to be discarded. Problem noted by Liudvikas Bukys. 9665 Fix core dump on SMTP mail to programs that failed -- it tried 9666 to go to a "next MX host" when none existed, causing 9667 a core dump. From der Mouse at McGill University. 9668 Change IDENTPROTO from a defined/not defined to a 0/1 switch; 9669 this makes it easier to turn it off (using 9670 -DIDENTPROTO=0 in the Makefile). From der Mouse. 9671 Fix YP_MASTER_NAME store to use the unupdated result of 9672 gethostname() (instead of myhostname(), which tries 9673 to fully qualify the name) to be consistent with 9674 SunOS. If your hostname is unqualified, this fixes 9675 transfers to slave servers. Bug noted by Keith 9676 McMillan of Ameritech Services, Inc. 9677 Fix Ultrix problem: gethostbyname() can return a very large 9678 (> 500) h_length field, which causes the sockaddr 9679 to be trashed. Use the size of the sockaddr instead. 9680 Fix from Bob Manson of Ohio State. 9681 Don't assume "-a." on host lookups if NAMED_BIND is not 9682 defined -- this confuses gethostbyname on hosts 9683 file lookups, which doesn't understand the trailing 9684 dot convention. 9685 Log SMTP server subprocesses that die with a signal instead 9686 of from a clean exit. 9687 If you don't have option "I" set, don't assume that a DNS 9688 "host unknown" message is authoritative -- it 9689 might still be found in /etc/hosts. 9690 Fix a problem that would cause Deferred: messages to be sent 9691 as the subject of an error message, even though the 9692 actual cause of a message was more severe than that. 9693 Problem noted by Chris Seabrook of OSSI. 9694 Fix race condition in DBM alias file locking. From Kyle 9695 Jones of UUNET. 9696 Limit delivery syslog line length to avoid bugs in some 9697 versions of syslog(3). This adds a new compile time 9698 variable SYSLOG_BUFSIZE. From Jay Plett of Princeton 9699 University, which is in turn derived from IDA. 9700 Fix quotes inside of comments in addresses -- previously 9701 it insisted that they be balanced, but the 822 spec 9702 says that they should be ignored. 9703 Dump open file state to syslog upon receiving SIGUSR1 (for 9704 debugging). This also evaluates ruleset 89, if set 9705 (with the null input), and logs the result. This 9706 should be used sparingly, since the rewrite process 9707 is not reentrant. 9708 Change -qI, -qR, and -qS flags to be case-insensitive as 9709 documented in the Bat Book. 9710 If the mailer returned EX_IOERR or EX_OSERR, sendmail did not 9711 return an error message and did not requeue the message. 9712 Fix based on code from Roland Dirlewanger of 9713 Reseau Regional Aquarel, Bordeaux, France. 9714 Fix a problem that caused a seg fault if you got a 421 error 9715 code during some parts of connection initialization. 9716 I've only seen this when talking to buggy mailers on 9717 the other end, but it shouldn't give a seg fault in 9718 any case. From Amir Plivatsky. 9719 Fix core dump caused by a ruleset call that returns null. 9720 Fix from Bryan Costales of ICSI. 9721 Full-Name: field was being ignored. Fix from Motonori Nakamura 9722 of Kyoto University. 9723 Fix a possible problem with very long input lines in setproctitle. 9724 From P{r Emanuelsson. 9725 Avoid putting "This is a warning message" out on return receipts. 9726 Suggested by Douglas Anderson. 9727 Detect loops caused by recursive ruleset calls. Suggested by 9728 Bryan Costales. 9729 Initialize non-alias maps during alias rebuilds -- they may be 9730 needed for parsing. Problem noted by Douglas Anderson. 9731 Log sender address even if no message was collected in SMTP 9732 (e.g., if all RCPTs failed). Suggested by Motonori 9733 Nakamura. 9734 Don't reflect the owner-list contents into the envelope sender 9735 address if the value contains ", :, /, or | (to avoid 9736 illegal addresses appearing there). 9737 Efficiency hack for toktype macro -- from Craig Partridge of 9738 BB&N. 9739 Clean up DNS error printing so that a host name is always 9740 included. 9741 Remember to set $i during queue runs. Reported by Stephen 9742 Campbell of Dartmouth University. 9743 If the environment variable HOSTALIASES is set, use it during 9744 canonification as the name of a file with per-user host 9745 translations so that headers are properly mapped. Reported 9746 by Anne Bennett of Concordia University. 9747 Avoid printing misleading error message if SMTP mailer (not 9748 using [IPC]) should die on a core dump. 9749 Avoid incorrect diagnosis of "file 1 closed" when it is caused 9750 by the other end closing the connection. From 9751 Dave Morrison of Oracle. 9752 Improve several of the error messages printed by "mailq" 9753 to include a host name or other useful information. 9754 Add NetInfo preliminary support for NeXT systems. From Vince 9755 DeMarco. 9756 Fix a glitch that sometimes caused :include:s that pointed to 9757 NFS filesystems that were down to give an "aliasing/ 9758 forwarding loop broken" message instead of queueing 9759 the message for retry. Noted by William C Fenner of 9760 the NRL Connection Machine Facility. 9761 Fix a problem that could cause a core dump if the input sequence 9762 had (or somehow acquired) a \231 character. 9763 Make sure that route-addrs always have <angle brackets> around 9764 them in non-SMTP envelopes (SMTP envelopes already do 9765 this properly). 9766 Avoid weird headers on unbalanced punctuation of the form: 9767 ``Joe User <user)'' -- this caused reference to the 9768 null macro. Fix from Rick McCarty of IO.COM. 9769 Fix a problem that caused an alias "user: user@local.host" to 9770 not have the QNOTREMOTE bit set; this caused configs 9771 to act as if FEATURE(notsticky) was defined even when 9772 it was not. The effect of the problem was to make it 9773 very hard to to set up satellite sites that had a few 9774 local accounts, with everything else forwarded to a 9775 corporate hub. Reported by Detlef Drewanz of the 9776 University of Rostock and Mark Frost of NCD. 9777 Change queuing to not call rulesets 3, {1 or 2}, 4 on header 9778 addresses. This is more efficient (fewer name server 9779 calls) and fixes certain unusual configurations, such 9780 as those that have ruleset 4 do something that is 9781 non-idempotent unless a mailer-specific ruleset did 9782 something else. Problem reported by Brian J. Coan 9783 of the Institute for Global Communications. 9784 Fix the "obsolete argument" routine in main to better understand 9785 new arguments. For example, if you used ``sendmail 9786 -C config -v -q'' it would choke on the -q because 9787 the -C would stop looking for old-format arguments. 9788 Fix the code that was intended to allow two users to forward their 9789 mail to the same program and have them appear unique. 9790 Portability fixes for: 9791 SCO UNIX from Murray Kucherawy. 9792 SCO Open Server 3.2v4 from Philippe Brand. 9793 System V Release 4 from Rick Ellis and others. 9794 OSF/1 from Steve Campbell. 9795 DG/UX from Ben Mesander of the USGS and Bryan Curnutt 9796 of Stoner Associates. 9797 Motorola SysV88 from Kevin Johnson of Motorola. 9798 Solaris 2.3 from Casper H.S. Dik of the University 9799 of Amsterdam and John Caruso of University 9800 of Maryland. 9801 FreeBSD from Ollivier Robert. 9802 NetBSD from Adam Glass. 9803 TitanOS from Kate Hedstrom of Rutgers University. 9804 Irix from Bryan Curnutt. 9805 Dynix from Jim Davis of the University of Arizona. 9806 RISC/os. 9807 Linux from John Kennedy of California State University 9808 at Chico. 9809 Solaris 2.x from Tony Boner of the U.S. Air Force. 9810 NEXTSTEP 3.x from Vince DeMarco. 9811 HP-UX from various people. NOTA BENE: the location 9812 of the config file has moved to /usr/lib 9813 to match the HP-UX version of sendmail. 9814 CONFIG: Don't do any recipient rewriting on relay mailer; 9815 since this is intended only for internal use, the 9816 usual RFC 821/822/1123 rules can be relaxed. The 9817 main point of this is to avoid munging (ugh) UUCP 9818 addresses when relaying internally. 9819 CONFIG: fix typo in mailer/uucp.m4 that mutilates list:; 9820 syntax addresses delivered via UUCP. Solution 9821 provided by Peter Wemm. 9822 CONFIG: fix thumb-fumble in default UUCP relaying in ruleset 9823 zero; it caused double @ signs in addresses. From 9824 Irving Reid of the University of Toronto. 9825 CONFIG: Portability fixes for SCO Unix 3.2 with TCP/IP 1.2.1 9826 from Markku Toijala of ICL Personal Systems Oy. 9827 CONFIG: Add trailing "." on pseudo-domains for consistency; 9828 this fixes a problem (noted by Al Whaley of Sunnyside) 9829 that made it hard to recognize your own pseudodomain 9830 names. 9831 CONFIG: catch "@host" syntax errors (i.e., null local-parts) 9832 rather than letting them get "local configuration 9833 error"s. Problem noted by John Gardiner Myers. 9834 CONFIG: add uucp-uudom mailer variant, based on code posted 9835 by Spider Boardman <spider@Orb.Nashua.NH.US>; this 9836 has uucp-dom semantics but old UUCP syntax. This 9837 also permits "uucp-old" as an alias for "uucp" and 9838 "uucp-new" as a synonym for "suucp" for consistency. 9839 CONFIG: add POP mailer support (from Kimmo Suominen 9840 <kim@grendel.lut.fi>). 9841 CONFIG: drop CSNET_RELAY support -- CSNET is long gone. 9842 CONFIG: fix bug caused with domain literal addresses (e.g., 9843 ``[128.32.131.12]'') when FEATURE(allmasquerade) 9844 was set; it would get an additional @masquerade.host 9845 added to the address. Problem noted by Peter Wan 9846 of Georgia Tech. 9847 CONFIG: make sure that the local UUCP name is in $=w. From 9848 Jim Murray of Stratus. 9849 CONFIG: changes to UUCP rewriting to simulate IDA-style "V" 9850 mailer flag. Briefly, if you are sending to host 9851 "foo", then it rewrites "foo!...!baz" to "...!baz", 9852 "foo!baz" remains "foo!baz", and anything else has 9853 the local name prepended. 9854 CONFIG: portability fixes for HP-UX. 9855 DOC: several minor problems fixed in the Install & Op Guide. 9856 MAKEMAP: fix core dump problem on lines that are too long or 9857 which lack newline. From Mark Delany. 9858 MAILSTATS: print sums of columns (total messages & kbytes 9859 in and out of the system). From Tom Ferrin of UC 9860 San Francisco Computer Graphics Lab. 9861 SIGNIFICANT USER- OR SYSAD-VISIBLE CHANGES: 9862 On HP-UX, /etc/sendmail.cf has been moved to 9863 /usr/lib/sendmail.cf to match HP sendmail. 9864 Permissions have been tightened up on world-writable 9865 :include: files and accounts that have shells 9866 that are not listed in /etc/shells. This may 9867 cause some .forward files that have worked 9868 before to start failing. 9869 SIGUSR1 dumps some state to the log. 9870 NEW FILES: 9871 src/Makefile.DGUX 9872 src/Makefile.Dynix 9873 src/Makefile.FreeBSD 9874 src/Makefile.Mach386 9875 src/Makefile.NetBSD 9876 src/Makefile.RISCos 9877 src/Makefile.SCO 9878 src/Makefile.SVR4 9879 src/Makefile.Titan 9880 cf/mailer/pop.m4 9881 cf/ostype/bsdi1.0.m4 9882 cf/ostype/dgux.m4 9883 cf/ostype/dynix3.2.m4 9884 cf/ostype/sco3.2.m4 9885 makemap/Makefile.dist 9886 praliases/Makefile.dist 9887 98888.6.4/8.6.4 1993/10/31 9889 Repair core-dump problem (write to read-only memory segment) 9890 if you fall back to the return-to-Postmaster case in 9891 savemail. Problem reported by Richard Liu. 9892 Immediately diagnose bogus sender addresses in SMTP. This 9893 makes quite certain that crackers can't use this 9894 class of attack. 9895 Reliability Fix: check return value from fclose() and fsync() 9896 in a few critical places. 9897 Minor problem in initsys() that reversed a condition for 9898 redirecting the output channel on queue runs. It's 9899 not clear this code even does anything. From Eric 9900 Wassenaar of the Dutch National Institute for Nuclear 9901 and High-Energy Physics. 9902 Fix some problems that caused queue runs to do "too much work", 9903 such as double-reading the Errors-To: header. From 9904 Eric Wassenaar. 9905 Error messages on writing the temporary file (including the 9906 data file) were getting suppressed in SMTP -- this 9907 fix causes them to be properly reported. From Eric 9908 Wassenaar. 9909 Some changes to support AF_UNIX sockets -- this will only 9910 really become relevant in the next release, but some 9911 people need it for local patches. From Michael 9912 Corrigan of UC San Diego. 9913 Use dynamically allocated memory (instead of static buffers) 9914 for macros defined in initsys() and settime(); since 9915 these can have different values depending on which 9916 envelope they are in. From Eric Wassenaar. 9917 Improve logging to show ctladdr on to= logging; this tells you 9918 what uid/gid processes ran as. 9919 Fix a problem that caused error messages to be discarded if 9920 the sender address was unparseable for some reason; 9921 this was supposed to fall back to the "return to 9922 postmaster" case. 9923 Improve aliaswait backoff algorithm. 9924 Portability patches for Linux (8.6.3 required another header 9925 file) (from Karl London) and SCO UNIX. 9926 CONFIG: patch prog mailer to not strip host name off of envelope 9927 addresses (so that it matches local again). From 9928 Christopher Davis. 9929 CONFIG: change uucp-dom mailer so that "<>" translates to $n; 9930 this prevents uux from seeing lines with null names like 9931 ``From Sat Oct 30 14:55:31 1993''. From Motonori 9932 Nakamura of Kyoto University. 9933 CONFIG: handle <list:;> syntax correctly. This isn't legal, but 9934 it shouldn't fail miserably. From Motonori Nakamura. 9935 99368.6.2/8.6.2 1993/10/15 9937 Put a "successful delivery" message in the transcript for 9938 addresses that get return-receipts. 9939 Put a prominent "this is only a warning" message in warning 9940 messages -- some people don't read carefully enough 9941 and end up sending the message several times. 9942 Include reason for temporary failure in the "warning" return 9943 message. Currently, it just says "cannot send for 9944 four hours". 9945 Fix the "Original message received" time generated for 9946 returntosender messages. It was previously listed as 9947 the current time. Bug reported by Eric Hagberg of 9948 Cornell University Medical College. 9949 If there is an error when writing the body of a message, 9950 don't send the trailing dot and wait for a response 9951 in sender SMTP, as this could cause the connection to 9952 hang up under some bizarre circumstances. From Eric 9953 Wassenaar. 9954 Fix some server SMTP synchronization problems caused when 9955 connections fail during message collection. From 9956 Eric Wassenaar. 9957 Fix a problem that can cause srvrsmtp to reject mail if the 9958 name server is down -- it accepts the RCPT but rejects 9959 the DATA command. Problem reported by Jim Murray of 9960 Stratus. 9961 Fix a problem that can cause core dumps if the config file 9962 incorrectly resolves to a null hostname. Reported by 9963 Allan Johannesen of WPI. 9964 Non-root use of -C flag, dangerous -f flags, and use of -oQ 9965 by non-root users were not put into 9966 X-Authentication-Warning:s as intended because the 9967 config file hadn't set the PrivacyOptions yet. Fix 9968 from Sven-Ove Westberg of the University of Lulea. 9969 Under very odd circumstances, the alias file rebuild code 9970 could get confused as to whether a database was 9971 open or not. 9972 Check "vendor code" on the end of V lines -- this is 9973 intended to provide a hook for vendor-specific 9974 configuration syntax. (This is a "new feature", 9975 but I've made an exception to my rule in a belief 9976 that this is a highly exceptional case.) 9977 Portability fixes for DG/UX (from Douglas Anderson of NCSC), 9978 SCO Unix (from Murray Kucherawy), A/UX, and OSF/1 9979 (from Jon Forrest of UC Berkeley) 9980 CONFIG: fix ``mailer:host'' form of UUCP relay naming. 9981 99828.6.1/8.6 1993/10/08 9983 Portability fixes for A/UX and Encore UMAX V. 9984 Fix error message handling -- if you had a name server down 9985 causing an error during parsing, that message was never 9986 propagated to the queue file. 9987 99888.6/8.6 1993/10/05 9989 Configuration cleanup: make it easier to undo IDENTPROTO in 9990 conf.h (other systems have the same bug). 9991 If HASGETDTABLESIZE and _SC_OPEN_MAX are both defined, assume 9992 getdtablesize() instead of sysconf(); a disturbingly 9993 large number of systems defined _SC_OPEN_MAX in the 9994 header files but don't have the syscall. 9995 Another patch to really truly ignore MX records in getcanonname 9996 if trymx == FALSE. 9997 Fix problem that caused the "250 IAA25499 Message accepted for 9998 delivery" message to be omitted if there was an error 9999 in the header of the message (e.g., a bad Errors-To: 10000 line). Pointed out by Michael Corrigan of UCSD. 10001 Announce name of host we are chatting when we get errors; this 10002 is an IDA-ism suggested by Christophe Wolfhugel. 10003 Portability fixes for Alpha OSF/1 (from Anthony Baxter of the 10004 Australian Artificial Intelligence Institute), SCO Unix 10005 (from Murray Kucherawy of Hookup Communication Corp.), 10006 NeXT (from Vince DeMarco and myself), Linux (from 10007 Karl London <karl@borg.demon.co.uk>), BSDI (from 10008 Christophe Wolfhugel, and SVR4 on Dell (from Kimmo 10009 Suominen), AUX 3.0 on Macintosh, and ANSI C compilers. 10010 Some changes to get around gcc optimizer bugs. From Takahiro 10011 Kanbe. 10012 Fix error recovery in queueup if another tf file of the same 10013 name already exists. Problem stumbled over by Bill 10014 Wisner of The Well. 10015 Output YP_MASTER_NAME and YP_LAST_MODIFIED without null bytes. 10016 Problem noted by Keith McMillan of Ameritech Services. 10017 Deal with group permissions properly when opening .forward and 10018 :include: files. This relaxes the 8.1C restrictions 10019 slightly more. This includes proper setting of groups 10020 when reading :include: files, allowing you to read some 10021 files that you should be able to read but have previously 10022 been denied unless you owned them or they had "other" 10023 read permission. 10024 Make certain that $j is in $=w (after the .cf is read) so that 10025 if the user is forced to override some silly system, 10026 MX suppression will still work. 10027 Fix a couple of efficiency problems where newstr was double- 10028 calling expensive routines. In at least one case, it 10029 wasn't guaranteed that they would always return the 10030 same result. Problem noted by Christophe Wolfhugel. 10031 Fix null pointer dereference in putoutmsg -- only on an error 10032 condition from a non-SMTP mailer. From Motonori 10033 Nakamura. 10034 Macro expand "C" line class definitions before scanning so that 10035 "CX $Z" works. 10036 Fix problem that caused error message to be sent while still 10037 trying to send the original message if the connection 10038 is closed during a DATA command after getting an error 10039 on an RCPT command (pretty obscure). Problem reported 10040 by John Myers of CMU. 10041 Fix reply to NOOP to be 250 instead of 200 -- this is a long 10042 term bug. 10043 Fix a nasty bug causing core dumps when returning the "warning: 10044 cannot deliver for N hours -- will keep trying" message; 10045 it only occurred if you had PostmasterCopy set and 10046 only on some architectures. Although sendmail would 10047 keep trying, it would send error messages on each 10048 queue interval. This is an important fix. 10049 Allow u and g options to take user and group names respectively. 10050 Don't do a chdir into the queue directory in -bt mode to make 10051 ruleset testing a bit easier. 10052 Don't allow users to turn off logging (using -oL) on the command 10053 line -- command line can only raise, not lower, logging 10054 level. 10055 Set $u to the original recipient on the SMTP transaction or on 10056 the command line. This is only done if there is exactly 10057 one recipient. Technically, this does not meet the 10058 specs, because it does not guarantee a domain on the 10059 address. 10060 Fix a problem that dumped error messages on bad addresses if 10061 you used the -t flag. Problem noted by Josh Smith of 10062 Harvey Mudd College. 10063 Given an address such as ``<foo> <bar>'', auto-quote the first 10064 ``<foo>'' part, giving ``"<foo>" <bar>''. This is to 10065 avoid the problem of people who use angle brackets in 10066 their full name information. 10067 Fix a null pointer dereference if you set option "l", have 10068 an Errors-To: header in the message, and have Errors-To: 10069 defined in the config file H lines. From J.R. Oldroyd. 10070 Put YPCOMPAT on #ifdef NIS instead -- it's one less thing to get 10071 wrong when compiling. Suggested by Rick McCarty of TI. 10072 Fix a problem that could pass negative SIZE parameter if the 10073 df file got lost; this would cause servers to always 10074 give a temporary failure, making the problem even worse. 10075 Problem noted by Allan Johannesen of WPI. 10076 Add "ident" timeout (one of the "r" option selectors) for IDENT 10077 protocol timeouts (30s default). Requested by Murray 10078 Kucherawy of HookUp Communication Corp. to handle bogus 10079 PC TCP/IP implementations. 10080 Change $w default definition to be just the first component of 10081 the domain name on config level 5. The $j macro defaults 10082 to the FQDN; $m remains as before. This lets well-behaved 10083 config files use any of the short, long, or subdomain 10084 names. 10085 Add makesendmail script in src to try to automate multi-architecture 10086 builds. I know, this is sub-optimal, but it is still 10087 helpful. 10088 Fix very obscure race condition that can cause a queue run to 10089 get a queue file for an already completed job. This 10090 problem has existed for years. Problem noted by the 10091 long suffering Allan Johannesen of WPI. 10092 Fix a problem that caused the raw sender name to be passed to 10093 udbsender instead of the canonified name -- this caused 10094 it to sometimes miss records that it should have found. 10095 Relax check of name on HELO packet so that a program using -bs 10096 that claims to be itself works properly. 10097 Restore rewriting of $: part of address through 2, R, 4 in 10098 buildaddr -- this requires passing a lot of flags to get 10099 it right. Unlike old versions, this ONLY rewrites 10100 recipient addresses, not sender addresses. 10101 Fix a bug that caused core dumps in config files that cannot 10102 resolve /file/name style addresses. Fix from Jonathan 10103 Kamens of OpenVision Technologies. 10104 Fix problem with fcntl locking that can cause error returns to 10105 be lost if the lock is lost; this required fully 10106 queueing everything, dropping the envelope (so errors 10107 would get returned), and then re-reading the queue from 10108 scratch. 10109 Fix a problem that caused aliases that redefine an otherwise 10110 true address to still send to the original address 10111 if and only if the alias failed in certain bizarre 10112 ways (e.g, if they pointed at a list:; syntax address). 10113 Problem pointed out by Jonathan Kamens. 10114 Remove support for frozen configuration files. They caused 10115 more trouble than it was worth. 10116 Fix problem that can cause error messages to get ignored when 10117 using both -odb and -t flags. Problem noted by Rob 10118 McNicholas at U.C. Berkeley. 10119 Include all "normal" variations on hostname in $=w. For example, 10120 if the host name is vangogh.cs.berkeley.edu, $=w will 10121 contain vangogh, vangogh.cs, and vangogh.cs.berkeley.edu. 10122 Add "restrictqrun" privacy flag -- without this, anyone can run 10123 the queue. 10124 Reset SmtpPhase global on initial connection creation so that 10125 messages don't come out with stale information. 10126 Pass an "ext" argument to lockfile so that error/log messages 10127 will properly reflect the true filename being locked. 10128 Put all [...] address forms into $=w -- this eliminates the need 10129 for MAXIPADDR in conf.h. Suggested by John Gardiner 10130 Myers of CMU. 10131 Fix a bug that can cause qf files to be left around even after 10132 an SMTP RSET command. Problem and fix from Michael 10133 Corrigan. 10134 Don't send a PostmasterCopy to errors when the Precedence: is 10135 negative. Error reports still go to the envelope 10136 sender address. 10137 Add LA_SHORT for load averages. 10138 Lock sendmail.st file when posting statistics. 10139 Add "SendBufSize" and "RcvBufSize" suboptions to "O" option to 10140 set the size of the TCP send and receive buffers; if you 10141 run over a slow slip line you may need to set these down 10142 (although it would be better to fix the SLIP implementation 10143 so that it's not necessary to recompile every program 10144 that does bulk data transfer). 10145 Allow null defaults on $( ... $) lookups. Problem reported by 10146 Amir Plivatsky. 10147 Diagnose crufty S and V config lines. This resulted from an 10148 observation that some people were using the SITE macro 10149 without the SITECONFIG macro first, which was causing 10150 bogus config files that were not caught. 10151 Fix makemap -f flag to turn off case folding (it was turning it 10152 on instead). THIS IS A USER VISIBLE CHANGE!!! 10153 Fix a problem that caused multiple error messages to be sent if 10154 you used "sendmail -t -oem -odb", your system uses fcntl 10155 locking, and one of the recipient addresses is unknown. 10156 Reset uid earlier in include() so that recursive .forwards or 10157 :include:s don't use the wrong uid. 10158 If file descriptor 0, 1, or 2 was closed when sendmail was 10159 called, the code to recover the descriptor was broken. 10160 This sometimes (only sometimes) caused problems with the 10161 alias file. Fix from Motonori Nakamura. 10162 Fix a problem that caused aliaswait to go into infinite recursion 10163 if the @:@ metasymbol wasn't found in the alias file. 10164 Improve error message on newaliases if database files cannot be 10165 opened or if running with no database format defined. 10166 Do a better estimation of the size of error messages when NoReturn 10167 is set. Problem noted by P{r (Pell) Emanuelsson. 10168 Fix a problem causing the "c" option (don't connect to expensive 10169 mailers) to be ignored in SMTP. Problem noted and the 10170 solution suggested by Robert Elz of The University of 10171 Melbourne. 10172 Improve connection caching algorithm by passing "[host]" to 10173 hostsignature, which strips the square brackets and 10174 returns the real name. This allows mailertable entries 10175 to match regular entries. 10176 Re-enable Return-Receipt-To: -- people seem to want this stupid 10177 feature, even if it doesn't work right. 10178 Catch and log attempts to try the "wiz" command in server SMTP. 10179 This also ups the log level from LOG_NOTICE to LOG_CRIT. 10180 Be more generous at assigning $z to the home directory -- do this 10181 for programs that are specified through a .forward file. 10182 Fix from Andrew Chang of Sun Microsystems. 10183 Always save a fatal error message in preference to a non-fatal 10184 error message so that the "subject" line of return 10185 messages is the best possible. 10186 CONFIG: reduce the number of quotes needed to quote configuration 10187 parameters with commas: two quotes should work now, e.g., 10188 define(ALIAS_FILE, ``/etc/aliases,/etc/aliases.local''). 10189 CONFIG: class $=Z is a set of UUCP hosts that use uucp-dom 10190 connections (domain-ized UUCP). 10191 CONFIG: fix bug in default maps (-o must be before database file 10192 name). Pointed out by Christophe Wolfhugel. 10193 CONFIG: add FEATURE(nodns) to state that we are not relying on 10194 DNS. This would presumably be used in UUCP islands. 10195 CONFIG: add OSTYPE(nextstep) and OSTYPE(linux). 10196 CONFIG: log $u in Received: line. This is in technical violation 10197 of the standards, since it doesn't guarantee a domain 10198 on the address. 10199 CONFIG: don't assume "m" in local mailer flags -- this means that 10200 if you redefine LOCAL_MAILER_FLAGS you will have to include 10201 the "m" flag should you want it. Apparently some Solaris 2.2 10202 installations can't handle multiple local recipients. 10203 Problem noted by Josh Smith. 10204 CONFIG: add confDOMAIN_NAME to set $j (if undefined, $j defaults). 10205 CONFIG: change default version level from 4 to 5. 10206 CONFIG: add FEATURE(nullclient) to create a config file that 10207 forwards all mail to a hub without ever looking at the 10208 addresses in any detail. 10209 CONFIG: properly strip mailer: information off of relays when 10210 used to change .BITNET form into %-hack form. 10211 CONFIG: fix a problem that caused infinite loops if presented 10212 with an address such as "!foo". 10213 CONFIG: check for self literal (e.g., [128.32.131.12]) even if 10214 the reverse "PTR" mapping is broken. There's a better 10215 way to do this, but the change is fairly major and I 10216 want to hold it for another release. Problem noted by 10217 Bret Marquis. 10218 102198.5/8.5 1993/07/23 10220 Serious bug: if you used a command line recipient that was unknown 10221 sendmail would not send a return message (it was treating 10222 everything as though it had an SMTP-style client that 10223 would do the return itself). Problem noted by Josh Smith. 10224 Change "trymx" option in getcanonname() to ignore all MX data, 10225 even during a T_ANY query. This actually didn't break 10226 anything, because the only time you called getcanonname 10227 with !trymx was if you already knew there were no MX 10228 records, but it is somewhat cleaner. From Motonori 10229 Nakamura. 10230 Don't call getcanonname from getmxrr if you already know there 10231 are no DNS records matching the name. 10232 Fix a problem causing error messages to always include "The 10233 original message was received ... from localhost". 10234 The correct original host information is now included. 10235 Previous change to cf/sh/makeinfo.sh doesn't port to Ultrix (their 10236 version of "test" doesn't have the -x flag). Change it 10237 to use -f instead. From John Myers. 10238 CONFIG: 8.4 mistakenly set the default SMTP-style mailer to 10239 esmtp -- it should be smtp. 10240 CONFIG: send all relayed mail using confRELAY_MAILER (defaults 10241 to "relay" (a variant of "smtp") if MAILER(smtp) is used, 10242 else "suucp" if MAILER(uucp) is used, else "unknown"); 10243 this cleans up the configs somewhat. This fixes a serious 10244 problem that caused route-addrs to get mistaken as relays, 10245 pointed out by John Myers. WARNING: this also causes 10246 the default on SMART_HOST to change from "suucp" to 10247 "relay" if you have MAILER(smtp) specified. 10248 102498.4/8.4 1993/07/22 10250 Add option `w'. If you receive a message that comes to you because 10251 you are the best (lowest preference) target of an MX, and 10252 you haven't explicitly recognized the source MX host in 10253 your .cf file, this option will cause you to try the target 10254 host directly (as if there were no MX for it at all). If 10255 `w' is not set, this case is a configuration error. 10256 Beware: if `w' is set, senders may get bogus errors like 10257 "message timed out" or "host unknown" for problems that 10258 are really configuration errors. This option is 10259 disrecommended, provided only for compatibility with 10260 UIUC sendmail. 10261 Fix a problem that caused the incoming socket to be left open 10262 when sendmail forks after the DATA command. This caused 10263 calling systems to wait in FIN_WAIT_2 state until the 10264 entire list was processed and the child closed -- a 10265 potentially prodigious amount of time. Problem noted 10266 by Neil Rickert. 10267 Fix problem (created in 6.64) that caused mail sent to multiple 10268 addresses, one of which was a bad address, to completely 10269 suppress the sending of the message. This changes 10270 handling of EF_FATALERRS somewhat, and adds an 10271 EF_GLOBALERRS flag. This also fixes a potential problem 10272 with duplicate error messages if there is a syntax error 10273 in the header of a message that isn't noticed until late 10274 in processing. Original problem pointed out by Josh Smith 10275 of Harvey Mudd College. This release includes quite a bit 10276 of dickering with error handling (see below). 10277 Back out SMTP transaction if MAIL gets nested 501 error. This 10278 will only hurt already-broken software and should help 10279 humans. 10280 Fix a problem that broke aliases when neither NDBM nor NEWDB were 10281 compiled in. It would never read the alias file. 10282 Repair unbalanced `)' and `>' (the "open" versions are already 10283 repaired). 10284 Logging of "done" in dropenvelope() was incorrect: it would 10285 log this even when the queue file still existed. Change 10286 this to only log "done" (at log level 11) when the 10287 queue file is actually removed. From John Myers. 10288 Log "lost connection" in server SMTP at log level 20 if there 10289 is no pending transaction. Some senders just close the 10290 connection rather than sending QUIT. 10291 Fix a bug causing getmxrr to add a dot to the end of unqualified 10292 domains that do not have MX records -- this would cause 10293 the subsequent host name lookup to fail. The problem 10294 only occurred if you had FEATURE(nocanonify) set. 10295 Problem noted by Rick McCarty of Texas Instruments. 10296 Fix invocation of setvbuf when passed a -X flag -- I had 10297 unwittingly used an ANSI C extension, and this caused 10298 core dumps on some machines. 10299 Diagnose self-destructive alias loops on RCPT as well as EXPN. 10300 Previously it just gave an empty send queue, which 10301 then gave either "Need RCPT (recipient)" at the DATA 10302 (confusing, since you had given an RCPT command which 10303 returned 250) or just dropped the email, depending on 10304 whether you were running VERBose mode. Now it usually 10305 diagnoses this case as "aliasing/forwarding loop broken". 10306 Unfortunately, it still doesn't adequately diagnose 10307 some true error conditions. 10308 Add internal concept of "warning messages" using 6xx codes. 10309 These are not reported only to Postmaster. Unbalanced 10310 parens, brackets, and quotes are printed as 653 codes. 10311 They are always mapped to 5xx codes before use in SMTP. 10312 Clean up error messages to tell both the actual address that 10313 failed and the alias they arose from. This makes it 10314 somewhat easier to diagnose problems. Difficulty noted 10315 by Motonori Nakamura. 10316 Fix a problem that inappropriately added a ctladdr to addresses 10317 that shouldn't have had one during a queue run. This 10318 caused error messages to be handled differently during 10319 a queue run than a direct run. 10320 Don't print the qf name and line number if you get errors during 10321 the direct run of the queue from srvrsmtp -- this was 10322 just extra stuff for users to crawl through. 10323 Put command line flags on second line of pid file so you can 10324 auto-restart the daemon with all appropriate arguments. 10325 Use "kill `head -1 /etc/sendmail.pid`" to stop the 10326 daemon, and "eval `tail -1 /etc/sendmail.pid`" to 10327 restart it. 10328 Remove the ``setuid(getuid())'' in main -- this caused the 10329 IDENT daemon to screw up. This required that I change 10330 HASSETEUID to HASSETREUID and complicate the mode 10331 changing somewhat because both Ultrix and SunOS seem 10332 to have a bug causing seteuid() to set the saved uid 10333 as well as the effective. The program test/t_setreuid.c 10334 will test to see if your implementation of setreuid(2) 10335 is appropriately functional. 10336 The FallBackMX (option V) handling failed to properly identify 10337 fallback to yourself -- most of the code was there, 10338 but it wasn't being enabled. Problem noted by Murray 10339 Kucherawy of the University of Waterloo. 10340 Change :include: open timeout from ETIMEDOUT to an internal 10341 code EOPENTIMEOUT; this avoids adding "during SmtpPhase 10342 with CurHostName" in error messages, which can be 10343 confusing. Reported by Jonathan Kamens of OpenVision 10344 Technologies. 10345 Back out setpgrp (setpgid on POSIX systems) call to reset the 10346 process group id. The original fix was to get around 10347 some problems with recalcitrant MUAs, but it breaks 10348 any call from a shell that creates a process group id 10349 different from the process id. I could try to fix 10350 this by diddling the tty owner (using tcsetpgrp or 10351 equivalent) but this is too likely to break other 10352 things. 10353 Portability changes: 10354 Support -M as equivalent to -oM on Ultrix -- apparently 10355 DECnet calls sendmail with -MrDECnet -Ms<HOST> -bs 10356 instead of using standard flags. Oh joy. This 10357 behavior reported by Jon Giltner of University 10358 of Colorado. 10359 SGI IRIX -- this includes several changes that should 10360 help other strict ANSI compilers. 10361 SCO Unix -- from Murray Kucherawy of HookUp Communication 10362 Corporation. 10363 Solaris running the Sun C compiler (which despite the 10364 documentation apparently doesn't define 10365 __STDC__ by default). 10366 ConvexOS from Eric Schnoebelen of Convex. 10367 Sony NEWS workstations and Omron LUNA workstations from 10368 Motonori Nakamura. 10369 CONFIG: add confTRY_NULL_MX_LIST to set option `w'. 10370 CONFIG: delete `C' and `e' from default SMTP mailers flags; 10371 several people have made a good argument that this 10372 creates more problems than it solves (although this 10373 may prove painful in the short run). 10374 CONFIG: generalize all the relays to accept a "mailer:host" 10375 format. 10376 CONFIG: move local processing in ruleset 0 into a new ruleset 10377 98 (8 on old sendmail). Domain literal [a.b.c.d] 10378 addresses are also passed through this ruleset. 10379 CONFIG: if neither SMART_HOST nor MAILER(smtp) were defined, 10380 internet-style addresses would "fall off the end" of 10381 ruleset zero and be interpreted as local -- however, 10382 the angle brackets confused the recursive call. 10383 These are now diagnosed as "Unrecognized host name". 10384 CONFIG: USENET rules weren't included in S0 because of a mistaken 10385 ifdef(`_MAILER_USENET_') instead of 10386 ifdef(`_MAILER_usenet_'). Problem found by Rein Tollevik 10387 of SINTEF RUNIT, Oslo. 10388 CONFIG: move up LOCAL_RULE_0 processing so that it happens very 10389 early in ruleset 0; this allows .mc authors to bypass 10390 things like the "short circuit" code for local addresses. 10391 Prompted by a comment by Bill Wisner of The Well. 10392 CONFIG: add confSMTP_MAILER to define the mailer used (smtp or 10393 esmtp) to send SMTP mail. This allows you to default 10394 to esmtp but use a mailertable or other override to 10395 deal with broken servers. This logic was pointed out 10396 to me by Bill Wisner. Ditto for confLOCAL_MAILER. 10397 Changes to cf/sh/makeinfo.sh to make it portable to SVR4 10398 environments. Ugly as sin. 10399 104008.3/8.3 1993/07/13 10401 Fix setuid problems introduced in 8.2 that caused messages 10402 like "Cannot create qfXXXXXX: Invalid argument" 10403 or "Cannot reopen dfXXXXXX: Permission denied". This 10404 involved a new compile flag "HASSETEUID" that takes 10405 the place of the old _POSIX_SAVED_IDS -- it turns out 10406 that the POSIX interface is broken enough to break 10407 some systems badly. This includes some fixes for 10408 HP-UX. Also fixes problems where the real uid is 10409 not reset properly on startup (from Neil Rickert). 10410 Fix a problem that caused timed out messages to not report the 10411 addresses that timed out. Error messages are also more 10412 "user friendly". 10413 Drop required bandwidth on connections from 64 bytes/sec to 10414 16 bytes/sec. 10415 Further Solaris portability changes -- doesn't require the BSD 10416 compatibility library. This also adds a new 10417 "HASGETDTABLESIZE" compile flag which can be used if 10418 you want to use getdtablesize(2) instead of sysconf(2). 10419 These are loosely based on changes from David Meyer at 10420 University of Oregon. This now seems to work, at least 10421 for quick test cases. 10422 Fix a problem that can cause duplicate error messages to be 10423 sent if you are in SMTP, you send to multiple addresses, 10424 and at least one of those addresses is good and points 10425 to an account that has a .forward file (whew!). 10426 Fix a problem causing messages to be discarded if checkcompat() 10427 returned EX_TEMPFAIL (because it didn't properly mark 10428 the "to" address). Problem noted by John Myers. 10429 Fix dfopen to return NULL if the open failed; I was depending 10430 on fdopen(-1) returning NULL, which isn't the case. This 10431 isn't serious, but does result in weird error diagnoses. 10432 From Michael Corrigan. 10433 CONFIG: add UUCP_MAX_SIZE M4 macro to set the maximum size of 10434 messages sent through UUCP-family mailers. Suggested 10435 by Bill Wisner of The Well. 10436 CONFIG: if both MAILER(uucp) and MAILER(smtp) are specified, 10437 include a "uucp-dom" mailer that uses domain-style 10438 addressing. Suggested by Bill Wisner. 10439 CONFIG: Add LOCAL_SHELL_FLAGS and LOCAL_SHELL_ARGS to match 10440 LOCAL_MAILER_FLAGS and LOCAL_MAILER_ARGS. Suggested by 10441 Christophe Wolfhugel. 10442 CONFIG: Add OSTYPE(aix3). From Christophe Wolfhugel. 10443 104448.2/8.2 1993/07/11 10445 Don't drop out on config file parse errors in -bt mode. 10446 On older configuration files, assume option "l" (use Errors-To 10447 header) for back compatibility. NOTE: this DOES NOT 10448 imply an endorsement of the Errors-To: header in any way. 10449 Accept -x flag on AIX-3 as well as OSF/1. Why, why, why??? 10450 Don't log errors on EHLO -- it isn't a "real" error for an old 10451 SMTP server to give an error on this command, and 10452 logging it in the transcript can be confusing. Fix 10453 from Bill Wisner. 10454 IRIX compatibility changes provided by Dan Rich 10455 <drich@sandman.lerc.nasa.gov>. 10456 Solaris 2 compatibility changes. Provided by Bob Cunningham 10457 <bob@kahala.soest.hawaii.edu>, John Oleynick 10458 <juo@klinzhai.rutgers.edu> 10459 Debugging: -d17 was overloaded (hostsignature and usersmtp.c); 10460 move usersmtp (smtpinit and smtpmailfrom) to -d18 to 10461 match the other flags in that file. 10462 Flush transcript before fork in mailfile(). From Eric Wassenaar. 10463 Save h_errno in mci struct and improve error message display. 10464 Changes from Eric Wassenaar. 10465 Open /dev/null for the transcript if the create of the xf file 10466 failed; this avoids at least one possible null pointer 10467 reference in very weird cases. From Eric Wassenaar. 10468 Clean up statistics gathering; it was over-reporting because of 10469 forks. From Eric Wassenaar. 10470 Fix problem that causes old Return-Path: line to override new 10471 Return-Path: line (conf.c needs H_FORCE to avoid 10472 re-using old value). From Motonori Nakamura. 10473 Fix broken -m flag in K definition -- even if -m (match only) 10474 was specified, it would still replace the key with the 10475 value. Noted by Rick McCarty of Texas Instruments. 10476 If the name server timed out over several days, no "timed out" 10477 message would ever be sent back. The timeout code 10478 has been moved from markfailure() to dropenvelope() 10479 so that all such failures should be diagnosed. Pointed 10480 out by Christophe Wolfhugel and others. 10481 Relax safefile() constraints: directories in an include or 10482 forward path must be readable by self if the controlling 10483 user owns the entry, readable by all otherwise (e.g., 10484 when reading your .forward file, you have to own and 10485 have X permission in it; everyone needs X permission in 10486 the root and directories leading up to your home); 10487 include files must be readable by anyone, but need not 10488 be owned by you. 10489 If _POSIX_SAVED_IDS is defined, setuid to the owner before 10490 reading a .forward file; this gets around some problems 10491 on NFS mounts if root permission is not exported and 10492 the user's home directory isn't x'able. 10493 Additional NeXT portability enhancements from Axel Zinser. 10494 Additional HP-UX portability enhancements from Brian Bullen. 10495 Add a timeout around SMTP message writes; this assumes you can 10496 get throughput of at least 64 bytes/second. Note that 10497 this does not impact the "datafinal" default, which 10498 is separate; this is just intended to work around 10499 network clogs that will occur before the final dot 10500 is sent. From Eric Wassenaar. 10501 Change map code to set the "include null" flag adaptively -- 10502 it initially tries both, but if it finds anything 10503 matching without a null it never tries again with a 10504 null and vice versa. If -N is specified, it never 10505 tries without the null and creates new maps with a 10506 null byte. If -O is specified, it never tries with 10507 the null (for efficiency). If -N and -O are specified, 10508 you get -NO (get it?) lookup at all, so this would 10509 be a bad idea. If you don't specify either -N or -O, 10510 it adapts. 10511 Fix recognition of "same from address" so that MH submissions 10512 will insert the appropriate full name information; 10513 this used to work and got broken somewhere along the 10514 way. 10515 Some changes to eliminate some unnecessary SYSERRs in the 10516 log. For example, if you lost a connection, don't 10517 bother reporting that fact on the connection you lost. 10518 Add some "extended debugging" flags to try to track down 10519 why we get occasional problems with file descriptor 10520 one being closed when execing a mailer; it seems to 10521 only happen when there has been another error in the 10522 same transaction. This requires XDEBUG, defined 10523 by default in conf.h. 10524 Add "-X filename" command line flag, which logs both sides of 10525 all SMTP transactions. This is intended ONLY for 10526 debugging bad implementations of other mailers; start 10527 it up, send a message from a mailer that is failing, 10528 and then kill it off and examine the indicated log. 10529 This output is not intended to be particularly human 10530 readable. This also adds the HASSETVBUF compile 10531 flag, defaulted on if your compiler defines __STDC__. 10532 CONFIG: change SMART_HOST to override an SMTP mailer. If you 10533 have a local net that should get direct connects, you 10534 will need to use LOCAL_NET_CONFIG to catch these hosts. 10535 See cf/README for an example. 10536 CONFIG: add LOCAL_MAILER_ARGS (default: `mail -d $u') to handle 10537 sites that don't use the -d flag. 10538 CONFIG: hide recipient addresses as well as sender addresses 10539 behind $M if FEATURE(allmasquerade) is specified; this 10540 has been requested by several people, but can break 10541 local aliases. For example, if you mail to "localalias" 10542 this will be rewritten as "localalias@masqueradehost"; 10543 although initial delivery will work, replies will be 10544 broken. Use it sparingly. 10545 CONFIG: add FEATURE(domaintable). This maps unqualified domains 10546 to qualified domains in headers. I believe this is 10547 largely equivalent to the IDA feature of the same name. 10548 CONFIG: use $U as UUCP name instead of $k. This permits you 10549 to override the "system name" as your UUCP name -- 10550 in particular, to use domain-ized UUCP names. From 10551 Bill Wisner of The Well. 10552 CONFIG: create new mailer "esmtp" that always tries EHLO 10553 first. This is currently unused in the config files, 10554 but could be used in a mailertable entry. 10555 105568.1C/8.1B 1993/06/27 10557 Serious security bug fix: it was possible to read any file on 10558 the system, regardless of ownership and permissions. 10559 If a subroutine returns a fully qualified address, return it 10560 immediately instead of feeding it back into rewriting. 10561 This fixes a problem with mailertable lookups. 10562 CONFIG: fix some M4 frotz (concat => CONCAT) 10563 105648.1B/8.1A 1993/06/12 10565 Serious bug fix: pattern matching backup algorithm stepped by 10566 two tokens in classes instead of one. Found by Claus 10567 Assmann at University of Kiel, Germany. 10568 105698.1A/8.1A 1993/06/08 10570 Another mailertable fix.... 10571 105728.1/8.1 1993/06/07 10573 4.4BSD freeze. No semantic changes. 10574